@auth-gate/testing 0.7.1

package/dist/chunk-VFBHRWNY.mjs

@@ -0,0 +1,67 @@
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+
+// src/constants.ts
+var TEST_EMAIL_DOMAIN = "test.authgate.dev";
+var TEST_OTP_CODE = "424242";
+
+// src/client.ts
+var AuthGateTest = class {
+  constructor(config) {
+    if (!config.apiKey) throw new Error("apiKey is required");
+    if (!config.baseUrl) throw new Error("baseUrl is required");
+    this.apiKey = config.apiKey;
+    this.baseUrl = config.baseUrl.replace(/\/$/, "");
+  }
+  async request(method, path, body) {
+    var _a;
+    const url = `${this.baseUrl}/api/v1/testing${path}`;
+    const res = await fetch(url, {
+      method,
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${this.apiKey}`
+      },
+      body: body ? JSON.stringify(body) : void 0
+    });
+    if (!res.ok) {
+      const error = await res.json().catch(() => ({ error: res.statusText }));
+      throw new Error(
+        `AuthGate Testing API error (${res.status}): ${(_a = error.error) != null ? _a : res.statusText}`
+      );
+    }
+    return res.json();
+  }
+  async createUser(options) {
+    var _a;
+    if (!options.email.endsWith(`@${TEST_EMAIL_DOMAIN}`)) {
+      throw new Error(`Email must end with @${TEST_EMAIL_DOMAIN}`);
+    }
+    return this.request("POST", "/users", {
+      email: options.email,
+      password: options.password,
+      name: options.name,
+      emailVerified: (_a = options.emailVerified) != null ? _a : true
+    });
+  }
+  async createSession(userId) {
+    return this.request("POST", "/sessions", { userId });
+  }
+  async deleteUser(userId) {
+    return this.request("DELETE", `/users/${userId}`);
+  }
+  async cleanup() {
+    return this.request("DELETE", "/users");
+  }
+};
+
+export {
+  __require,
+  TEST_EMAIL_DOMAIN,
+  TEST_OTP_CODE,
+  AuthGateTest
+};

package/dist/client-DdLppI95.d.cts

@@ -0,0 +1,41 @@
+interface AuthGateTestConfig {
+    apiKey: string;
+    baseUrl: string;
+}
+interface CreateTestUserOptions {
+    email: string;
+    password: string;
+    name?: string;
+    emailVerified?: boolean;
+}
+interface TestUser {
+    id: string;
+    email: string;
+    name: string | null;
+    token: string;
+    refreshToken: string;
+    expiresAt: string;
+}
+interface TestSession {
+    token: string;
+    refreshToken: string;
+    expiresAt: string;
+}
+interface CleanupResult {
+    deleted: number;
+}
+
+declare class AuthGateTest {
+    private apiKey;
+    private baseUrl;
+    constructor(config: AuthGateTestConfig);
+    private request;
+    createUser(options: CreateTestUserOptions): Promise<TestUser>;
+    createSession(userId: string): Promise<TestSession>;
+    deleteUser(userId: string): Promise<{
+        deleted: boolean;
+    }>;
+    cleanup(): Promise<CleanupResult>;
+}
+
+export { type AuthGateTestConfig as A, type CreateTestUserOptions as C, type TestUser as T, type CleanupResult as a, AuthGateTest as b, type TestSession as c };

package/dist/client-DdLppI95.d.ts

@@ -0,0 +1,41 @@
+interface AuthGateTestConfig {
+    apiKey: string;
+    baseUrl: string;
+}
+interface CreateTestUserOptions {
+    email: string;
+    password: string;
+    name?: string;
+    emailVerified?: boolean;
+}
+interface TestUser {
+    id: string;
+    email: string;
+    name: string | null;
+    token: string;
+    refreshToken: string;
+    expiresAt: string;
+}
+interface TestSession {
+    token: string;
+    refreshToken: string;
+    expiresAt: string;
+}
+interface CleanupResult {
+    deleted: number;
+}
+
+declare class AuthGateTest {
+    private apiKey;
+    private baseUrl;
+    constructor(config: AuthGateTestConfig);
+    private request;
+    createUser(options: CreateTestUserOptions): Promise<TestUser>;
+    createSession(userId: string): Promise<TestSession>;
+    deleteUser(userId: string): Promise<{
+        deleted: boolean;
+    }>;
+    cleanup(): Promise<CleanupResult>;
+}
+
+export { type AuthGateTestConfig as A, type CreateTestUserOptions as C, type TestUser as T, type CleanupResult as a, AuthGateTest as b, type TestSession as c };

package/dist/cypress.cjs

@@ -0,0 +1,172 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/cypress.ts
+var cypress_exports = {};
+__export(cypress_exports, {
+  AuthGateTest: () => AuthGateTest,
+  authgateSetup: () => authgateSetup,
+  registerAuthGateCommands: () => registerAuthGateCommands
+});
+module.exports = __toCommonJS(cypress_exports);
+var import_core = require("@auth-gate/core");
+
+// src/constants.ts
+var TEST_EMAIL_DOMAIN = "test.authgate.dev";
+
+// src/client.ts
+var AuthGateTest = class {
+  constructor(config) {
+    if (!config.apiKey) throw new Error("apiKey is required");
+    if (!config.baseUrl) throw new Error("baseUrl is required");
+    this.apiKey = config.apiKey;
+    this.baseUrl = config.baseUrl.replace(/\/$/, "");
+  }
+  async request(method, path, body) {
+    var _a;
+    const url = `${this.baseUrl}/api/v1/testing${path}`;
+    const res = await fetch(url, {
+      method,
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${this.apiKey}`
+      },
+      body: body ? JSON.stringify(body) : void 0
+    });
+    if (!res.ok) {
+      const error = await res.json().catch(() => ({ error: res.statusText }));
+      throw new Error(
+        `AuthGate Testing API error (${res.status}): ${(_a = error.error) != null ? _a : res.statusText}`
+      );
+    }
+    return res.json();
+  }
+  async createUser(options) {
+    var _a;
+    if (!options.email.endsWith(`@${TEST_EMAIL_DOMAIN}`)) {
+      throw new Error(`Email must end with @${TEST_EMAIL_DOMAIN}`);
+    }
+    return this.request("POST", "/users", {
+      email: options.email,
+      password: options.password,
+      name: options.name,
+      emailVerified: (_a = options.emailVerified) != null ? _a : true
+    });
+  }
+  async createSession(userId) {
+    return this.request("POST", "/sessions", { userId });
+  }
+  async deleteUser(userId) {
+    return this.request("DELETE", `/users/${userId}`);
+  }
+  async cleanup() {
+    return this.request("DELETE", "/users");
+  }
+};
+
+// src/cypress.ts
+function authgateSetup(options) {
+  const client = new AuthGateTest({
+    apiKey: options.apiKey,
+    baseUrl: options.baseUrl
+  });
+  const coreClient = (0, import_core.createAuthGateClient)({
+    apiKey: options.apiKey,
+    baseUrl: options.baseUrl
+  });
+  options.config.env = options.config.env || {};
+  options.config.env.AUTHGATE_COOKIE_NAME = coreClient.cookieName;
+  options.config.env.AUTHGATE_REFRESH_COOKIE_NAME = coreClient.refreshTokenCookieName;
+  options.on("task", {
+    "authgate:createUser": async (opts) => {
+      return client.createUser(opts);
+    },
+    "authgate:createSession": async (userId) => {
+      return client.createSession(userId);
+    },
+    "authgate:cleanup": async () => {
+      return client.cleanup();
+    },
+    "authgate:deleteUser": async (userId) => {
+      return client.deleteUser(userId);
+    },
+    "authgate:encryptSession": async (user) => {
+      return coreClient.encryptSession({
+        id: user.id,
+        email: user.email,
+        phone: null,
+        name: user.name,
+        picture: null,
+        provider: "email"
+      });
+    }
+  });
+  if (options.cleanupOnStart) {
+    options.on("before:run", async () => {
+      await client.cleanup();
+    });
+  }
+  return options.config;
+}
+function registerAuthGateCommands() {
+  Cypress.Commands.add("authgateCreateUser", (options) => {
+    return cy.task("authgate:createUser", options);
+  });
+  Cypress.Commands.add("authgateSignIn", (options) => {
+    return cy.task("authgate:createUser", options).then((user) => {
+      return cy.task("authgate:encryptSession", {
+        id: user.id,
+        email: user.email,
+        name: user.name
+      }).then((encryptedSession) => {
+        const cookieName = Cypress.env(
+          "AUTHGATE_COOKIE_NAME"
+        );
+        const refreshCookieName = Cypress.env(
+          "AUTHGATE_REFRESH_COOKIE_NAME"
+        );
+        cy.setCookie(cookieName, encryptedSession, {
+          httpOnly: true,
+          secure: false,
+          sameSite: "lax",
+          path: "/"
+        });
+        cy.setCookie(refreshCookieName, user.refreshToken, {
+          httpOnly: true,
+          secure: false,
+          sameSite: "lax",
+          path: "/"
+        });
+        return cy.wrap(user);
+      });
+    });
+  });
+  Cypress.Commands.add("authgateCleanup", () => {
+    return cy.task("authgate:cleanup");
+  });
+  Cypress.Commands.add("authgateDeleteUser", (userId) => {
+    return cy.task("authgate:deleteUser", userId);
+  });
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AuthGateTest,
+  authgateSetup,
+  registerAuthGateCommands
+});

package/dist/cypress.d.cts

@@ -0,0 +1,130 @@
+import { C as CreateTestUserOptions, T as TestUser, a as CleanupResult, A as AuthGateTestConfig } from './client-DdLppI95.cjs';
+export { b as AuthGateTest, c as TestSession } from './client-DdLppI95.cjs';
+
+/**
+ * Options for setting up the AuthGate Cypress plugin.
+ *
+ * Pass these in your `cypress.config.ts` `setupNodeEvents` callback:
+ *
+ * ```ts
+ * import { authgateSetup } from "@auth-gate/testing/cypress";
+ *
+ * export default defineConfig({
+ *   e2e: {
+ *     setupNodeEvents(on, config) {
+ *       return authgateSetup({
+ *         on,
+ *         config,
+ *         apiKey: process.env.AUTHGATE_API_KEY!,
+ *         baseUrl: process.env.AUTHGATE_BASE_URL!,
+ *         cleanupOnStart: true,
+ *       });
+ *     },
+ *   },
+ * });
+ * ```
+ */
+interface CypressSetupOptions extends AuthGateTestConfig {
+    /** The `on` callback provided by Cypress `setupNodeEvents`. */
+    on: Cypress.PluginEvents;
+    /** The `config` object provided by Cypress `setupNodeEvents`. */
+    config: Cypress.PluginConfigOptions;
+    /** If `true`, delete all test users before the Cypress run starts. */
+    cleanupOnStart?: boolean;
+}
+/**
+ * Register AuthGate Cypress tasks and environment variables.
+ *
+ * Call this inside `setupNodeEvents` in your `cypress.config.ts`. It:
+ *
+ * 1. Creates an {@link AuthGateTest} client (for the Testing API) and an
+ *    {@link AuthGateClient} (for session encryption).
+ * 2. Stores cookie names in `config.env` so browser-side commands can read them.
+ * 3. Registers Cypress tasks: `authgate:createUser`, `authgate:createSession`,
+ *    `authgate:cleanup`, `authgate:deleteUser`, `authgate:encryptSession`.
+ * 4. Optionally registers a `before:run` hook to clean up leftover test users.
+ *
+ * @param options - API key, base URL, Cypress `on`/`config`, and flags.
+ * @returns The mutated `config` object (return this from `setupNodeEvents`).
+ */
+declare function authgateSetup(options: CypressSetupOptions): Cypress.PluginConfigOptions;
+/**
+ * Register AuthGate custom commands on the global `Cypress` object.
+ *
+ * Call this once in your `cypress/support/e2e.ts` (or `commands.ts`):
+ *
+ * ```ts
+ * import { registerAuthGateCommands } from "@auth-gate/testing/cypress";
+ * registerAuthGateCommands();
+ * ```
+ *
+ * This adds:
+ * - `cy.authgateCreateUser(options)` — create a test user via the Testing API.
+ * - `cy.authgateSignIn(options)` — create a user, encrypt a session, and set
+ *   the session + refresh-token cookies so the browser is fully authenticated.
+ * - `cy.authgateCleanup()` — bulk-delete all test users created during the run.
+ * - `cy.authgateDeleteUser(userId)` — delete a specific test user.
+ */
+declare function registerAuthGateCommands(): void;
+declare global {
+    namespace Cypress {
+        interface Chainable {
+            /**
+             * Create a test user via the AuthGate Testing API.
+             *
+             * @example
+             * ```ts
+             * cy.authgateCreateUser({
+             *   email: "alice@test.authgate.dev",
+             *   password: "password123",
+             * }).then((user) => {
+             *   expect(user.id).to.be.a("string");
+             * });
+             * ```
+             */
+            authgateCreateUser(options: CreateTestUserOptions): Chainable<TestUser>;
+            /**
+             * Create a test user and inject an authenticated session.
+             *
+             * This creates the user, encrypts a session cookie, and sets both the
+             * session and refresh-token cookies on the current domain so subsequent
+             * page visits are fully authenticated.
+             *
+             * @example
+             * ```ts
+             * cy.authgateSignIn({
+             *   email: "alice@test.authgate.dev",
+             *   password: "password123",
+             * }).then((user) => {
+             *   cy.visit("/dashboard");
+             * });
+             * ```
+             */
+            authgateSignIn(options: CreateTestUserOptions): Chainable<TestUser>;
+            /**
+             * Bulk-delete all test users created during this run.
+             *
+             * @example
+             * ```ts
+             * afterEach(() => {
+             *   cy.authgateCleanup();
+             * });
+             * ```
+             */
+            authgateCleanup(): Chainable<CleanupResult>;
+            /**
+             * Delete a specific test user by ID.
+             *
+             * @example
+             * ```ts
+             * cy.authgateDeleteUser(user.id);
+             * ```
+             */
+            authgateDeleteUser(userId: string): Chainable<{
+                deleted: boolean;
+            }>;
+        }
+    }
+}
+
+export { CreateTestUserOptions, type CypressSetupOptions, TestUser, authgateSetup, registerAuthGateCommands };

package/dist/cypress.d.ts

@@ -0,0 +1,130 @@
+import { C as CreateTestUserOptions, T as TestUser, a as CleanupResult, A as AuthGateTestConfig } from './client-DdLppI95.js';
+export { b as AuthGateTest, c as TestSession } from './client-DdLppI95.js';
+
+/**
+ * Options for setting up the AuthGate Cypress plugin.
+ *
+ * Pass these in your `cypress.config.ts` `setupNodeEvents` callback:
+ *
+ * ```ts
+ * import { authgateSetup } from "@auth-gate/testing/cypress";
+ *
+ * export default defineConfig({
+ *   e2e: {
+ *     setupNodeEvents(on, config) {
+ *       return authgateSetup({
+ *         on,
+ *         config,
+ *         apiKey: process.env.AUTHGATE_API_KEY!,
+ *         baseUrl: process.env.AUTHGATE_BASE_URL!,
+ *         cleanupOnStart: true,
+ *       });
+ *     },
+ *   },
+ * });
+ * ```
+ */
+interface CypressSetupOptions extends AuthGateTestConfig {
+    /** The `on` callback provided by Cypress `setupNodeEvents`. */
+    on: Cypress.PluginEvents;
+    /** The `config` object provided by Cypress `setupNodeEvents`. */
+    config: Cypress.PluginConfigOptions;
+    /** If `true`, delete all test users before the Cypress run starts. */
+    cleanupOnStart?: boolean;
+}
+/**
+ * Register AuthGate Cypress tasks and environment variables.
+ *
+ * Call this inside `setupNodeEvents` in your `cypress.config.ts`. It:
+ *
+ * 1. Creates an {@link AuthGateTest} client (for the Testing API) and an
+ *    {@link AuthGateClient} (for session encryption).
+ * 2. Stores cookie names in `config.env` so browser-side commands can read them.
+ * 3. Registers Cypress tasks: `authgate:createUser`, `authgate:createSession`,
+ *    `authgate:cleanup`, `authgate:deleteUser`, `authgate:encryptSession`.
+ * 4. Optionally registers a `before:run` hook to clean up leftover test users.
+ *
+ * @param options - API key, base URL, Cypress `on`/`config`, and flags.
+ * @returns The mutated `config` object (return this from `setupNodeEvents`).
+ */
+declare function authgateSetup(options: CypressSetupOptions): Cypress.PluginConfigOptions;
+/**
+ * Register AuthGate custom commands on the global `Cypress` object.
+ *
+ * Call this once in your `cypress/support/e2e.ts` (or `commands.ts`):
+ *
+ * ```ts
+ * import { registerAuthGateCommands } from "@auth-gate/testing/cypress";
+ * registerAuthGateCommands();
+ * ```
+ *
+ * This adds:
+ * - `cy.authgateCreateUser(options)` — create a test user via the Testing API.
+ * - `cy.authgateSignIn(options)` — create a user, encrypt a session, and set
+ *   the session + refresh-token cookies so the browser is fully authenticated.
+ * - `cy.authgateCleanup()` — bulk-delete all test users created during the run.
+ * - `cy.authgateDeleteUser(userId)` — delete a specific test user.
+ */
+declare function registerAuthGateCommands(): void;
+declare global {
+    namespace Cypress {
+        interface Chainable {
+            /**
+             * Create a test user via the AuthGate Testing API.
+             *
+             * @example
+             * ```ts
+             * cy.authgateCreateUser({
+             *   email: "alice@test.authgate.dev",
+             *   password: "password123",
+             * }).then((user) => {
+             *   expect(user.id).to.be.a("string");
+             * });
+             * ```
+             */
+            authgateCreateUser(options: CreateTestUserOptions): Chainable<TestUser>;
+            /**
+             * Create a test user and inject an authenticated session.
+             *
+             * This creates the user, encrypts a session cookie, and sets both the
+             * session and refresh-token cookies on the current domain so subsequent
+             * page visits are fully authenticated.
+             *
+             * @example
+             * ```ts
+             * cy.authgateSignIn({
+             *   email: "alice@test.authgate.dev",
+             *   password: "password123",
+             * }).then((user) => {
+             *   cy.visit("/dashboard");
+             * });
+             * ```
+             */
+            authgateSignIn(options: CreateTestUserOptions): Chainable<TestUser>;
+            /**
+             * Bulk-delete all test users created during this run.
+             *
+             * @example
+             * ```ts
+             * afterEach(() => {
+             *   cy.authgateCleanup();
+             * });
+             * ```
+             */
+            authgateCleanup(): Chainable<CleanupResult>;
+            /**
+             * Delete a specific test user by ID.
+             *
+             * @example
+             * ```ts
+             * cy.authgateDeleteUser(user.id);
+             * ```
+             */
+            authgateDeleteUser(userId: string): Chainable<{
+                deleted: boolean;
+            }>;
+        }
+    }
+}
+
+export { CreateTestUserOptions, type CypressSetupOptions, TestUser, authgateSetup, registerAuthGateCommands };

package/dist/cypress.mjs

@@ -0,0 +1,94 @@
+import {
+  AuthGateTest
+} from "./chunk-VFBHRWNY.mjs";
+
+// src/cypress.ts
+import { createAuthGateClient } from "@auth-gate/core";
+function authgateSetup(options) {
+  const client = new AuthGateTest({
+    apiKey: options.apiKey,
+    baseUrl: options.baseUrl
+  });
+  const coreClient = createAuthGateClient({
+    apiKey: options.apiKey,
+    baseUrl: options.baseUrl
+  });
+  options.config.env = options.config.env || {};
+  options.config.env.AUTHGATE_COOKIE_NAME = coreClient.cookieName;
+  options.config.env.AUTHGATE_REFRESH_COOKIE_NAME = coreClient.refreshTokenCookieName;
+  options.on("task", {
+    "authgate:createUser": async (opts) => {
+      return client.createUser(opts);
+    },
+    "authgate:createSession": async (userId) => {
+      return client.createSession(userId);
+    },
+    "authgate:cleanup": async () => {
+      return client.cleanup();
+    },
+    "authgate:deleteUser": async (userId) => {
+      return client.deleteUser(userId);
+    },
+    "authgate:encryptSession": async (user) => {
+      return coreClient.encryptSession({
+        id: user.id,
+        email: user.email,
+        phone: null,
+        name: user.name,
+        picture: null,
+        provider: "email"
+      });
+    }
+  });
+  if (options.cleanupOnStart) {
+    options.on("before:run", async () => {
+      await client.cleanup();
+    });
+  }
+  return options.config;
+}
+function registerAuthGateCommands() {
+  Cypress.Commands.add("authgateCreateUser", (options) => {
+    return cy.task("authgate:createUser", options);
+  });
+  Cypress.Commands.add("authgateSignIn", (options) => {
+    return cy.task("authgate:createUser", options).then((user) => {
+      return cy.task("authgate:encryptSession", {
+        id: user.id,
+        email: user.email,
+        name: user.name
+      }).then((encryptedSession) => {
+        const cookieName = Cypress.env(
+          "AUTHGATE_COOKIE_NAME"
+        );
+        const refreshCookieName = Cypress.env(
+          "AUTHGATE_REFRESH_COOKIE_NAME"
+        );
+        cy.setCookie(cookieName, encryptedSession, {
+          httpOnly: true,
+          secure: false,
+          sameSite: "lax",
+          path: "/"
+        });
+        cy.setCookie(refreshCookieName, user.refreshToken, {
+          httpOnly: true,
+          secure: false,
+          sameSite: "lax",
+          path: "/"
+        });
+        return cy.wrap(user);
+      });
+    });
+  });
+  Cypress.Commands.add("authgateCleanup", () => {
+    return cy.task("authgate:cleanup");
+  });
+  Cypress.Commands.add("authgateDeleteUser", (userId) => {
+    return cy.task("authgate:deleteUser", userId);
+  });
+}
+export {
+  AuthGateTest,
+  authgateSetup,
+  registerAuthGateCommands
+};

package/dist/index.cjs

@@ -0,0 +1,87 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  AuthGateTest: () => AuthGateTest,
+  TEST_EMAIL_DOMAIN: () => TEST_EMAIL_DOMAIN,
+  TEST_OTP_CODE: () => TEST_OTP_CODE
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/constants.ts
+var TEST_EMAIL_DOMAIN = "test.authgate.dev";
+var TEST_OTP_CODE = "424242";
+
+// src/client.ts
+var AuthGateTest = class {
+  constructor(config) {
+    if (!config.apiKey) throw new Error("apiKey is required");
+    if (!config.baseUrl) throw new Error("baseUrl is required");
+    this.apiKey = config.apiKey;
+    this.baseUrl = config.baseUrl.replace(/\/$/, "");
+  }
+  async request(method, path, body) {
+    var _a;
+    const url = `${this.baseUrl}/api/v1/testing${path}`;
+    const res = await fetch(url, {
+      method,
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${this.apiKey}`
+      },
+      body: body ? JSON.stringify(body) : void 0
+    });
+    if (!res.ok) {
+      const error = await res.json().catch(() => ({ error: res.statusText }));
+      throw new Error(
+        `AuthGate Testing API error (${res.status}): ${(_a = error.error) != null ? _a : res.statusText}`
+      );
+    }
+    return res.json();
+  }
+  async createUser(options) {
+    var _a;
+    if (!options.email.endsWith(`@${TEST_EMAIL_DOMAIN}`)) {
+      throw new Error(`Email must end with @${TEST_EMAIL_DOMAIN}`);
+    }
+    return this.request("POST", "/users", {
+      email: options.email,
+      password: options.password,
+      name: options.name,
+      emailVerified: (_a = options.emailVerified) != null ? _a : true
+    });
+  }
+  async createSession(userId) {
+    return this.request("POST", "/sessions", { userId });
+  }
+  async deleteUser(userId) {
+    return this.request("DELETE", `/users/${userId}`);
+  }
+  async cleanup() {
+    return this.request("DELETE", "/users");
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AuthGateTest,
+  TEST_EMAIL_DOMAIN,
+  TEST_OTP_CODE
+});

package/dist/index.d.cts

@@ -0,0 +1,6 @@
+export { b as AuthGateTest, A as AuthGateTestConfig, a as CleanupResult, C as CreateTestUserOptions, c as TestSession, T as TestUser } from './client-DdLppI95.cjs';
+
+declare const TEST_EMAIL_DOMAIN = "test.authgate.dev";
+declare const TEST_OTP_CODE = "424242";
+
+export { TEST_EMAIL_DOMAIN, TEST_OTP_CODE };

package/dist/index.d.ts

@@ -0,0 +1,6 @@
+export { b as AuthGateTest, A as AuthGateTestConfig, a as CleanupResult, C as CreateTestUserOptions, c as TestSession, T as TestUser } from './client-DdLppI95.js';
+
+declare const TEST_EMAIL_DOMAIN = "test.authgate.dev";
+declare const TEST_OTP_CODE = "424242";
+
+export { TEST_EMAIL_DOMAIN, TEST_OTP_CODE };

package/dist/index.mjs

@@ -0,0 +1,10 @@
+import {
+  AuthGateTest,
+  TEST_EMAIL_DOMAIN,
+  TEST_OTP_CODE
+} from "./chunk-VFBHRWNY.mjs";
+export {
+  AuthGateTest,
+  TEST_EMAIL_DOMAIN,
+  TEST_OTP_CODE
+};

package/dist/playwright.cjs

@@ -0,0 +1,209 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/playwright.ts
+var playwright_exports = {};
+__export(playwright_exports, {
+  AuthGateTest: () => AuthGateTest,
+  authgateSetup: () => authgateSetup,
+  authgateTeardown: () => authgateTeardown,
+  cleanup: () => cleanup,
+  createTestUser: () => createTestUser,
+  injectSession: () => injectSession
+});
+module.exports = __toCommonJS(playwright_exports);
+var import_core = require("@auth-gate/core");
+
+// src/constants.ts
+var TEST_EMAIL_DOMAIN = "test.authgate.dev";
+
+// src/client.ts
+var AuthGateTest = class {
+  constructor(config) {
+    if (!config.apiKey) throw new Error("apiKey is required");
+    if (!config.baseUrl) throw new Error("baseUrl is required");
+    this.apiKey = config.apiKey;
+    this.baseUrl = config.baseUrl.replace(/\/$/, "");
+  }
+  async request(method, path, body) {
+    var _a;
+    const url = `${this.baseUrl}/api/v1/testing${path}`;
+    const res = await fetch(url, {
+      method,
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${this.apiKey}`
+      },
+      body: body ? JSON.stringify(body) : void 0
+    });
+    if (!res.ok) {
+      const error = await res.json().catch(() => ({ error: res.statusText }));
+      throw new Error(
+        `AuthGate Testing API error (${res.status}): ${(_a = error.error) != null ? _a : res.statusText}`
+      );
+    }
+    return res.json();
+  }
+  async createUser(options) {
+    var _a;
+    if (!options.email.endsWith(`@${TEST_EMAIL_DOMAIN}`)) {
+      throw new Error(`Email must end with @${TEST_EMAIL_DOMAIN}`);
+    }
+    return this.request("POST", "/users", {
+      email: options.email,
+      password: options.password,
+      name: options.name,
+      emailVerified: (_a = options.emailVerified) != null ? _a : true
+    });
+  }
+  async createSession(userId) {
+    return this.request("POST", "/sessions", { userId });
+  }
+  async deleteUser(userId) {
+    return this.request("DELETE", `/users/${userId}`);
+  }
+  async cleanup() {
+    return this.request("DELETE", "/users");
+  }
+};
+
+// src/playwright.ts
+var STATE_FILE = ".authgate-test-state.json";
+var _client = null;
+var _coreClient = null;
+var _config = null;
+function getClient() {
+  if (!_client) {
+    throw new Error(
+      "AuthGate testing not initialized. Call authgateSetup() in your global setup first."
+    );
+  }
+  return _client;
+}
+function getCoreClient() {
+  if (!_coreClient) {
+    throw new Error(
+      "AuthGate testing not initialized. Call authgateSetup() in your global setup first."
+    );
+  }
+  return _coreClient;
+}
+async function authgateSetup(options) {
+  _config = { apiKey: options.apiKey, baseUrl: options.baseUrl };
+  _client = new AuthGateTest(_config);
+  _coreClient = (0, import_core.createAuthGateClient)({
+    apiKey: options.apiKey,
+    baseUrl: options.baseUrl
+  });
+  if (options.cleanupOnStart) {
+    await _client.cleanup();
+  }
+  const fs = await import("fs");
+  fs.writeFileSync(STATE_FILE, JSON.stringify(_config), "utf-8");
+}
+async function authgateTeardown() {
+  if (_client) {
+    await _client.cleanup();
+  }
+  const fs = await import("fs");
+  if (fs.existsSync(STATE_FILE)) {
+    fs.unlinkSync(STATE_FILE);
+  }
+  _client = null;
+  _coreClient = null;
+  _config = null;
+}
+function ensureInitialized() {
+  if (_client) return;
+  const fs = require("fs");
+  if (fs.existsSync(STATE_FILE)) {
+    const config = JSON.parse(
+      fs.readFileSync(STATE_FILE, "utf-8")
+    );
+    _config = config;
+    _client = new AuthGateTest(config);
+    _coreClient = (0, import_core.createAuthGateClient)({
+      apiKey: config.apiKey,
+      baseUrl: config.baseUrl
+    });
+  }
+}
+async function createTestUser(options) {
+  ensureInitialized();
+  return getClient().createUser(options);
+}
+async function injectSession({
+  context,
+  user,
+  domain = "localhost"
+}) {
+  ensureInitialized();
+  const client = getCoreClient();
+  const encryptedSession = await client.encryptSession({
+    id: user.id,
+    email: user.email,
+    phone: null,
+    name: user.name,
+    picture: null,
+    provider: "email"
+  });
+  await context.addCookies([
+    {
+      name: client.cookieName,
+      value: encryptedSession,
+      domain,
+      path: "/",
+      httpOnly: true,
+      secure: false,
+      sameSite: "Lax"
+    },
+    {
+      name: client.refreshTokenCookieName,
+      value: user.refreshToken,
+      domain,
+      path: "/",
+      httpOnly: true,
+      secure: false,
+      sameSite: "Lax"
+    }
+  ]);
+}
+async function cleanup() {
+  ensureInitialized();
+  return getClient().cleanup();
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AuthGateTest,
+  authgateSetup,
+  authgateTeardown,
+  cleanup,
+  createTestUser,
+  injectSession
+});

package/dist/playwright.d.cts

@@ -0,0 +1,59 @@
+import { A as AuthGateTestConfig, C as CreateTestUserOptions, T as TestUser } from './client-DdLppI95.cjs';
+export { b as AuthGateTest, c as TestSession } from './client-DdLppI95.cjs';
+
+interface AuthGateSetupOptions extends AuthGateTestConfig {
+    cleanupOnStart?: boolean;
+}
+/**
+ * Initialise the AuthGate testing helpers.
+ *
+ * Call this once in your Playwright **global setup** file.
+ * It persists the config to a temporary JSON file so that worker processes
+ * spawned by Playwright can pick it up via {@link ensureInitialized}.
+ *
+ * @param options - API key, base URL, and optional `cleanupOnStart` flag.
+ */
+declare function authgateSetup(options: AuthGateSetupOptions): Promise<void>;
+/**
+ * Tear down the AuthGate testing helpers.
+ *
+ * Call this in your Playwright **global teardown** file.
+ * It deletes all test users created during the run and removes the
+ * temporary state file.
+ */
+declare function authgateTeardown(): Promise<void>;
+/**
+ * Create a test user via the AuthGate Testing API.
+ *
+ * Returns a {@link TestUser} with valid `token` and `refreshToken` that can
+ * be passed to {@link injectSession}.
+ */
+declare function createTestUser(options: CreateTestUserOptions): Promise<TestUser>;
+/**
+ * Inject an authenticated session into a Playwright {@link BrowserContext}.
+ *
+ * Sets the encrypted session cookie and refresh-token cookie so that the
+ * browser context appears fully logged-in without going through the UI
+ * sign-in flow.
+ *
+ * @param params.context - A Playwright `BrowserContext` (or anything with `addCookies`).
+ * @param params.user    - The {@link TestUser} returned by {@link createTestUser}.
+ * @param params.domain  - Cookie domain (defaults to `"localhost"`).
+ */
+declare function injectSession({ context, user, domain, }: {
+    context: {
+        addCookies: (cookies: Array<Record<string, unknown>>) => Promise<void>;
+    };
+    user: TestUser;
+    domain?: string;
+}): Promise<void>;
+/**
+ * Delete all test users created during this run.
+ *
+ * Useful for mid-test cleanup or in `afterAll` hooks.
+ */
+declare function cleanup(): Promise<{
+    deleted: number;
+}>;
+
+export { type AuthGateSetupOptions, CreateTestUserOptions, TestUser, authgateSetup, authgateTeardown, cleanup, createTestUser, injectSession };

package/dist/playwright.d.ts

@@ -0,0 +1,59 @@
+import { A as AuthGateTestConfig, C as CreateTestUserOptions, T as TestUser } from './client-DdLppI95.js';
+export { b as AuthGateTest, c as TestSession } from './client-DdLppI95.js';
+
+interface AuthGateSetupOptions extends AuthGateTestConfig {
+    cleanupOnStart?: boolean;
+}
+/**
+ * Initialise the AuthGate testing helpers.
+ *
+ * Call this once in your Playwright **global setup** file.
+ * It persists the config to a temporary JSON file so that worker processes
+ * spawned by Playwright can pick it up via {@link ensureInitialized}.
+ *
+ * @param options - API key, base URL, and optional `cleanupOnStart` flag.
+ */
+declare function authgateSetup(options: AuthGateSetupOptions): Promise<void>;
+/**
+ * Tear down the AuthGate testing helpers.
+ *
+ * Call this in your Playwright **global teardown** file.
+ * It deletes all test users created during the run and removes the
+ * temporary state file.
+ */
+declare function authgateTeardown(): Promise<void>;
+/**
+ * Create a test user via the AuthGate Testing API.
+ *
+ * Returns a {@link TestUser} with valid `token` and `refreshToken` that can
+ * be passed to {@link injectSession}.
+ */
+declare function createTestUser(options: CreateTestUserOptions): Promise<TestUser>;
+/**
+ * Inject an authenticated session into a Playwright {@link BrowserContext}.
+ *
+ * Sets the encrypted session cookie and refresh-token cookie so that the
+ * browser context appears fully logged-in without going through the UI
+ * sign-in flow.
+ *
+ * @param params.context - A Playwright `BrowserContext` (or anything with `addCookies`).
+ * @param params.user    - The {@link TestUser} returned by {@link createTestUser}.
+ * @param params.domain  - Cookie domain (defaults to `"localhost"`).
+ */
+declare function injectSession({ context, user, domain, }: {
+    context: {
+        addCookies: (cookies: Array<Record<string, unknown>>) => Promise<void>;
+    };
+    user: TestUser;
+    domain?: string;
+}): Promise<void>;
+/**
+ * Delete all test users created during this run.
+ *
+ * Useful for mid-test cleanup or in `afterAll` hooks.
+ */
+declare function cleanup(): Promise<{
+    deleted: number;
+}>;
+
+export { type AuthGateSetupOptions, CreateTestUserOptions, TestUser, authgateSetup, authgateTeardown, cleanup, createTestUser, injectSession };

package/dist/playwright.mjs

@@ -0,0 +1,119 @@
+import {
+  AuthGateTest,
+  __require
+} from "./chunk-VFBHRWNY.mjs";
+
+// src/playwright.ts
+import { createAuthGateClient } from "@auth-gate/core";
+var STATE_FILE = ".authgate-test-state.json";
+var _client = null;
+var _coreClient = null;
+var _config = null;
+function getClient() {
+  if (!_client) {
+    throw new Error(
+      "AuthGate testing not initialized. Call authgateSetup() in your global setup first."
+    );
+  }
+  return _client;
+}
+function getCoreClient() {
+  if (!_coreClient) {
+    throw new Error(
+      "AuthGate testing not initialized. Call authgateSetup() in your global setup first."
+    );
+  }
+  return _coreClient;
+}
+async function authgateSetup(options) {
+  _config = { apiKey: options.apiKey, baseUrl: options.baseUrl };
+  _client = new AuthGateTest(_config);
+  _coreClient = createAuthGateClient({
+    apiKey: options.apiKey,
+    baseUrl: options.baseUrl
+  });
+  if (options.cleanupOnStart) {
+    await _client.cleanup();
+  }
+  const fs = await import("fs");
+  fs.writeFileSync(STATE_FILE, JSON.stringify(_config), "utf-8");
+}
+async function authgateTeardown() {
+  if (_client) {
+    await _client.cleanup();
+  }
+  const fs = await import("fs");
+  if (fs.existsSync(STATE_FILE)) {
+    fs.unlinkSync(STATE_FILE);
+  }
+  _client = null;
+  _coreClient = null;
+  _config = null;
+}
+function ensureInitialized() {
+  if (_client) return;
+  const fs = __require("fs");
+  if (fs.existsSync(STATE_FILE)) {
+    const config = JSON.parse(
+      fs.readFileSync(STATE_FILE, "utf-8")
+    );
+    _config = config;
+    _client = new AuthGateTest(config);
+    _coreClient = createAuthGateClient({
+      apiKey: config.apiKey,
+      baseUrl: config.baseUrl
+    });
+  }
+}
+async function createTestUser(options) {
+  ensureInitialized();
+  return getClient().createUser(options);
+}
+async function injectSession({
+  context,
+  user,
+  domain = "localhost"
+}) {
+  ensureInitialized();
+  const client = getCoreClient();
+  const encryptedSession = await client.encryptSession({
+    id: user.id,
+    email: user.email,
+    phone: null,
+    name: user.name,
+    picture: null,
+    provider: "email"
+  });
+  await context.addCookies([
+    {
+      name: client.cookieName,
+      value: encryptedSession,
+      domain,
+      path: "/",
+      httpOnly: true,
+      secure: false,
+      sameSite: "Lax"
+    },
+    {
+      name: client.refreshTokenCookieName,
+      value: user.refreshToken,
+      domain,
+      path: "/",
+      httpOnly: true,
+      secure: false,
+      sameSite: "Lax"
+    }
+  ]);
+}
+async function cleanup() {
+  ensureInitialized();
+  return getClient().cleanup();
+}
+export {
+  AuthGateTest,
+  authgateSetup,
+  authgateTeardown,
+  cleanup,
+  createTestUser,
+  injectSession
+};

package/package.json

@@ -0,0 +1,53 @@
+{
+  "name": "@auth-gate/testing",
+  "version": "0.7.1",
+  "type": "module",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.cjs"
+    },
+    "./playwright": {
+      "types": "./dist/playwright.d.ts",
+      "import": "./dist/playwright.mjs",
+      "require": "./dist/playwright.cjs"
+    },
+    "./cypress": {
+      "types": "./dist/cypress.d.ts",
+      "import": "./dist/cypress.mjs",
+      "require": "./dist/cypress.cjs"
+    }
+  },
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.mjs",
+  "types": "./dist/index.d.ts",
+  "files": [
+    "dist"
+  ],
+  "dependencies": {
+    "@auth-gate/core": "0.7.1"
+  },
+  "peerDependencies": {
+    "@playwright/test": ">=1.40",
+    "cypress": ">=12"
+  },
+  "peerDependenciesMeta": {
+    "@playwright/test": {
+      "optional": true
+    },
+    "cypress": {
+      "optional": true
+    }
+  },
+  "devDependencies": {
+    "@playwright/test": "^1.50.0",
+    "cypress": "^13.0.0",
+    "tsup": "^8.0.0",
+    "typescript": "^5"
+  },
+  "scripts": {
+    "build": "tsup",
+    "typecheck": "tsc --noEmit"
+  }
+}