@authrim/setup 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (78) hide show
  1. package/README.md +303 -0
  2. package/dist/__tests__/config.test.d.ts +5 -0
  3. package/dist/__tests__/config.test.d.ts.map +1 -0
  4. package/dist/__tests__/config.test.js +115 -0
  5. package/dist/__tests__/config.test.js.map +1 -0
  6. package/dist/__tests__/keys.test.d.ts +5 -0
  7. package/dist/__tests__/keys.test.d.ts.map +1 -0
  8. package/dist/__tests__/keys.test.js +87 -0
  9. package/dist/__tests__/keys.test.js.map +1 -0
  10. package/dist/__tests__/naming.test.d.ts +5 -0
  11. package/dist/__tests__/naming.test.d.ts.map +1 -0
  12. package/dist/__tests__/naming.test.js +84 -0
  13. package/dist/__tests__/naming.test.js.map +1 -0
  14. package/dist/cli/commands/config.d.ts +13 -0
  15. package/dist/cli/commands/config.d.ts.map +1 -0
  16. package/dist/cli/commands/config.js +231 -0
  17. package/dist/cli/commands/config.js.map +1 -0
  18. package/dist/cli/commands/deploy.d.ts +21 -0
  19. package/dist/cli/commands/deploy.d.ts.map +1 -0
  20. package/dist/cli/commands/deploy.js +304 -0
  21. package/dist/cli/commands/deploy.js.map +1 -0
  22. package/dist/cli/commands/init.d.ts +14 -0
  23. package/dist/cli/commands/init.d.ts.map +1 -0
  24. package/dist/cli/commands/init.js +1248 -0
  25. package/dist/cli/commands/init.js.map +1 -0
  26. package/dist/core/admin.d.ts +64 -0
  27. package/dist/core/admin.d.ts.map +1 -0
  28. package/dist/core/admin.js +247 -0
  29. package/dist/core/admin.js.map +1 -0
  30. package/dist/core/cloudflare.d.ts +157 -0
  31. package/dist/core/cloudflare.d.ts.map +1 -0
  32. package/dist/core/cloudflare.js +452 -0
  33. package/dist/core/cloudflare.js.map +1 -0
  34. package/dist/core/config.d.ts +891 -0
  35. package/dist/core/config.d.ts.map +1 -0
  36. package/dist/core/config.js +208 -0
  37. package/dist/core/config.js.map +1 -0
  38. package/dist/core/deploy.d.ts +81 -0
  39. package/dist/core/deploy.d.ts.map +1 -0
  40. package/dist/core/deploy.js +389 -0
  41. package/dist/core/deploy.js.map +1 -0
  42. package/dist/core/keys.d.ts +111 -0
  43. package/dist/core/keys.d.ts.map +1 -0
  44. package/dist/core/keys.js +287 -0
  45. package/dist/core/keys.js.map +1 -0
  46. package/dist/core/lock.d.ts +220 -0
  47. package/dist/core/lock.d.ts.map +1 -0
  48. package/dist/core/lock.js +230 -0
  49. package/dist/core/lock.js.map +1 -0
  50. package/dist/core/naming.d.ts +151 -0
  51. package/dist/core/naming.d.ts.map +1 -0
  52. package/dist/core/naming.js +209 -0
  53. package/dist/core/naming.js.map +1 -0
  54. package/dist/core/source.d.ts +68 -0
  55. package/dist/core/source.d.ts.map +1 -0
  56. package/dist/core/source.js +285 -0
  57. package/dist/core/source.js.map +1 -0
  58. package/dist/core/wrangler.d.ts +87 -0
  59. package/dist/core/wrangler.d.ts.map +1 -0
  60. package/dist/core/wrangler.js +398 -0
  61. package/dist/core/wrangler.js.map +1 -0
  62. package/dist/index.d.ts +11 -0
  63. package/dist/index.d.ts.map +1 -0
  64. package/dist/index.js +117 -0
  65. package/dist/index.js.map +1 -0
  66. package/dist/web/api.d.ts +21 -0
  67. package/dist/web/api.d.ts.map +1 -0
  68. package/dist/web/api.js +423 -0
  69. package/dist/web/api.js.map +1 -0
  70. package/dist/web/server.d.ts +12 -0
  71. package/dist/web/server.d.ts.map +1 -0
  72. package/dist/web/server.js +112 -0
  73. package/dist/web/server.js.map +1 -0
  74. package/dist/web/ui.d.ts +7 -0
  75. package/dist/web/ui.d.ts.map +1 -0
  76. package/dist/web/ui.js +765 -0
  77. package/dist/web/ui.js.map +1 -0
  78. package/package.json +61 -0
package/dist/core/config.d.ts ADDED
@@ -0,0 +1,891 @@
1
+ /**
2
+ * Authrim Configuration Schema
3
+ *
4
+ * This module defines the configuration schema using Zod for type safety
5
+ * and validation. The configuration is stored in authrim-config.json.
6
+ */
7
+ import { z } from 'zod';
8
+ export declare const UrlConfigSchema: z.ZodObject<{
9
+ /** Custom domain (null = use auto-generated URL) */
10
+ custom: z.ZodOptional<z.ZodNullable<z.ZodString>>;
11
+ /** Auto-generated URL (workers.dev or pages.dev) */
12
+ auto: z.ZodOptional<z.ZodString>;
13
+ }, "strip", z.ZodTypeAny, {
14
+ custom?: string | null | undefined;
15
+ auto?: string | undefined;
16
+ }, {
17
+ custom?: string | null | undefined;
18
+ auto?: string | undefined;
19
+ }>;
20
+ export declare const UrlsConfigSchema: z.ZodObject<{
21
+ /** API / OIDC issuer URL */
22
+ api: z.ZodObject<{
23
+ /** Custom domain (null = use auto-generated URL) */
24
+ custom: z.ZodOptional<z.ZodNullable<z.ZodString>>;
25
+ /** Auto-generated URL (workers.dev or pages.dev) */
26
+ auto: z.ZodOptional<z.ZodString>;
27
+ }, "strip", z.ZodTypeAny, {
28
+ custom?: string | null | undefined;
29
+ auto?: string | undefined;
30
+ }, {
31
+ custom?: string | null | undefined;
32
+ auto?: string | undefined;
33
+ }>;
34
+ /** Login UI URL */
35
+ loginUi: z.ZodObject<{
36
+ /** Custom domain (null = use auto-generated URL) */
37
+ custom: z.ZodOptional<z.ZodNullable<z.ZodString>>;
38
+ /** Auto-generated URL (workers.dev or pages.dev) */
39
+ auto: z.ZodOptional<z.ZodString>;
40
+ }, "strip", z.ZodTypeAny, {
41
+ custom?: string | null | undefined;
42
+ auto?: string | undefined;
43
+ }, {
44
+ custom?: string | null | undefined;
45
+ auto?: string | undefined;
46
+ }>;
47
+ /** Admin UI URL */
48
+ adminUi: z.ZodObject<{
49
+ /** Custom domain (null = use auto-generated URL) */
50
+ custom: z.ZodOptional<z.ZodNullable<z.ZodString>>;
51
+ /** Auto-generated URL (workers.dev or pages.dev) */
52
+ auto: z.ZodOptional<z.ZodString>;
53
+ }, "strip", z.ZodTypeAny, {
54
+ custom?: string | null | undefined;
55
+ auto?: string | undefined;
56
+ }, {
57
+ custom?: string | null | undefined;
58
+ auto?: string | undefined;
59
+ }>;
60
+ }, "strip", z.ZodTypeAny, {
61
+ api: {
62
+ custom?: string | null | undefined;
63
+ auto?: string | undefined;
64
+ };
65
+ loginUi: {
66
+ custom?: string | null | undefined;
67
+ auto?: string | undefined;
68
+ };
69
+ adminUi: {
70
+ custom?: string | null | undefined;
71
+ auto?: string | undefined;
72
+ };
73
+ }, {
74
+ api: {
75
+ custom?: string | null | undefined;
76
+ auto?: string | undefined;
77
+ };
78
+ loginUi: {
79
+ custom?: string | null | undefined;
80
+ auto?: string | undefined;
81
+ };
82
+ adminUi: {
83
+ custom?: string | null | undefined;
84
+ auto?: string | undefined;
85
+ };
86
+ }>;
87
+ export declare const SourceInfoSchema: z.ZodObject<{
88
+ /** GitHub repository (e.g., "sgrastar/authrim") */
89
+ repository: z.ZodString;
90
+ /** Git reference (tag or branch) */
91
+ gitRef: z.ZodString;
92
+ /** Full commit hash */
93
+ commitHash: z.ZodString;
94
+ /** SHA256 hash of the source artifact */
95
+ artifactHash: z.ZodOptional<z.ZodString>;
96
+ }, "strip", z.ZodTypeAny, {
97
+ repository: string;
98
+ gitRef: string;
99
+ commitHash: string;
100
+ artifactHash?: string | undefined;
101
+ }, {
102
+ repository: string;
103
+ gitRef: string;
104
+ commitHash: string;
105
+ artifactHash?: string | undefined;
106
+ }>;
107
+ export declare const EnvironmentConfigSchema: z.ZodObject<{
108
+ /** Environment prefix (e.g., "prod", "staging", "dev") */
109
+ prefix: z.ZodString;
110
+ }, "strip", z.ZodTypeAny, {
111
+ prefix: string;
112
+ }, {
113
+ prefix: string;
114
+ }>;
115
+ export declare const TenantConfigSchema: z.ZodObject<{
116
+ /** Tenant identifier */
117
+ name: z.ZodDefault<z.ZodString>;
118
+ /** Human-readable tenant name */
119
+ displayName: z.ZodDefault<z.ZodString>;
120
+ }, "strip", z.ZodTypeAny, {
121
+ name: string;
122
+ displayName: string;
123
+ }, {
124
+ name?: string | undefined;
125
+ displayName?: string | undefined;
126
+ }>;
127
+ export declare const ComponentsConfigSchema: z.ZodObject<{
128
+ /** Core API components (always enabled) */
129
+ api: z.ZodDefault<z.ZodBoolean>;
130
+ /** Login UI component */
131
+ loginUi: z.ZodDefault<z.ZodBoolean>;
132
+ /** Admin UI component */
133
+ adminUi: z.ZodDefault<z.ZodBoolean>;
134
+ /** SAML IdP/SP support */
135
+ saml: z.ZodDefault<z.ZodBoolean>;
136
+ /** Async queue processing */
137
+ async: z.ZodDefault<z.ZodBoolean>;
138
+ /** Verifiable Credentials */
139
+ vc: z.ZodDefault<z.ZodBoolean>;
140
+ /** External IdP Bridge */
141
+ bridge: z.ZodDefault<z.ZodBoolean>;
142
+ /** ReBAC Policy service */
143
+ policy: z.ZodDefault<z.ZodBoolean>;
144
+ }, "strip", z.ZodTypeAny, {
145
+ api: boolean;
146
+ loginUi: boolean;
147
+ adminUi: boolean;
148
+ saml: boolean;
149
+ async: boolean;
150
+ vc: boolean;
151
+ bridge: boolean;
152
+ policy: boolean;
153
+ }, {
154
+ api?: boolean | undefined;
155
+ loginUi?: boolean | undefined;
156
+ adminUi?: boolean | undefined;
157
+ saml?: boolean | undefined;
158
+ async?: boolean | undefined;
159
+ vc?: boolean | undefined;
160
+ bridge?: boolean | undefined;
161
+ policy?: boolean | undefined;
162
+ }>;
163
+ export declare const OidcConfigSchema: z.ZodObject<{
164
+ /** Access token TTL in seconds */
165
+ accessTokenTtl: z.ZodDefault<z.ZodNumber>;
166
+ /** Refresh token TTL in seconds */
167
+ refreshTokenTtl: z.ZodDefault<z.ZodNumber>;
168
+ /** Authorization code TTL in seconds */
169
+ authCodeTtl: z.ZodDefault<z.ZodNumber>;
170
+ /** Require PKCE for all clients */
171
+ pkceRequired: z.ZodDefault<z.ZodBoolean>;
172
+ /** Supported response types */
173
+ responseTypes: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
174
+ /** Supported grant types */
175
+ grantTypes: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
176
+ }, "strip", z.ZodTypeAny, {
177
+ accessTokenTtl: number;
178
+ refreshTokenTtl: number;
179
+ authCodeTtl: number;
180
+ pkceRequired: boolean;
181
+ responseTypes: string[];
182
+ grantTypes: string[];
183
+ }, {
184
+ accessTokenTtl?: number | undefined;
185
+ refreshTokenTtl?: number | undefined;
186
+ authCodeTtl?: number | undefined;
187
+ pkceRequired?: boolean | undefined;
188
+ responseTypes?: string[] | undefined;
189
+ grantTypes?: string[] | undefined;
190
+ }>;
191
+ export declare const ShardingConfigSchema: z.ZodObject<{
192
+ /** Number of authorization code store shards */
193
+ authCodeShards: z.ZodDefault<z.ZodNumber>;
194
+ /** Number of refresh token rotator shards */
195
+ refreshTokenShards: z.ZodDefault<z.ZodNumber>;
196
+ }, "strip", z.ZodTypeAny, {
197
+ authCodeShards: number;
198
+ refreshTokenShards: number;
199
+ }, {
200
+ authCodeShards?: number | undefined;
201
+ refreshTokenShards?: number | undefined;
202
+ }>;
203
+ export declare const QueueFeatureSchema: z.ZodObject<{
204
+ enabled: z.ZodDefault<z.ZodBoolean>;
205
+ }, "strip", z.ZodTypeAny, {
206
+ enabled: boolean;
207
+ }, {
208
+ enabled?: boolean | undefined;
209
+ }>;
210
+ export declare const R2FeatureSchema: z.ZodObject<{
211
+ enabled: z.ZodDefault<z.ZodBoolean>;
212
+ }, "strip", z.ZodTypeAny, {
213
+ enabled: boolean;
214
+ }, {
215
+ enabled?: boolean | undefined;
216
+ }>;
217
+ export declare const EmailFeatureSchema: z.ZodObject<{
218
+ provider: z.ZodDefault<z.ZodEnum<["none", "resend", "sendgrid", "ses"]>>;
219
+ }, "strip", z.ZodTypeAny, {
220
+ provider: "none" | "resend" | "sendgrid" | "ses";
221
+ }, {
222
+ provider?: "none" | "resend" | "sendgrid" | "ses" | undefined;
223
+ }>;
224
+ export declare const FeaturesConfigSchema: z.ZodObject<{
225
+ queue: z.ZodDefault<z.ZodObject<{
226
+ enabled: z.ZodDefault<z.ZodBoolean>;
227
+ }, "strip", z.ZodTypeAny, {
228
+ enabled: boolean;
229
+ }, {
230
+ enabled?: boolean | undefined;
231
+ }>>;
232
+ r2: z.ZodDefault<z.ZodObject<{
233
+ enabled: z.ZodDefault<z.ZodBoolean>;
234
+ }, "strip", z.ZodTypeAny, {
235
+ enabled: boolean;
236
+ }, {
237
+ enabled?: boolean | undefined;
238
+ }>>;
239
+ email: z.ZodDefault<z.ZodObject<{
240
+ provider: z.ZodDefault<z.ZodEnum<["none", "resend", "sendgrid", "ses"]>>;
241
+ }, "strip", z.ZodTypeAny, {
242
+ provider: "none" | "resend" | "sendgrid" | "ses";
243
+ }, {
244
+ provider?: "none" | "resend" | "sendgrid" | "ses" | undefined;
245
+ }>>;
246
+ }, "strip", z.ZodTypeAny, {
247
+ queue: {
248
+ enabled: boolean;
249
+ };
250
+ r2: {
251
+ enabled: boolean;
252
+ };
253
+ email: {
254
+ provider: "none" | "resend" | "sendgrid" | "ses";
255
+ };
256
+ }, {
257
+ queue?: {
258
+ enabled?: boolean | undefined;
259
+ } | undefined;
260
+ r2?: {
261
+ enabled?: boolean | undefined;
262
+ } | undefined;
263
+ email?: {
264
+ provider?: "none" | "resend" | "sendgrid" | "ses" | undefined;
265
+ } | undefined;
266
+ }>;
267
+ export declare const KeysConfigSchema: z.ZodObject<{
268
+ /** Key ID (kid) for JWK */
269
+ keyId: z.ZodOptional<z.ZodString>;
270
+ /** Public key in JWK format */
271
+ publicKeyJwk: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
272
+ /** Path to secrets directory */
273
+ secretsPath: z.ZodDefault<z.ZodString>;
274
+ /** Whether to include secrets in config (not recommended) */
275
+ includeSecrets: z.ZodDefault<z.ZodBoolean>;
276
+ }, "strip", z.ZodTypeAny, {
277
+ secretsPath: string;
278
+ includeSecrets: boolean;
279
+ keyId?: string | undefined;
280
+ publicKeyJwk?: Record<string, unknown> | undefined;
281
+ }, {
282
+ keyId?: string | undefined;
283
+ publicKeyJwk?: Record<string, unknown> | undefined;
284
+ secretsPath?: string | undefined;
285
+ includeSecrets?: boolean | undefined;
286
+ }>;
287
+ export declare const CloudflareConfigSchema: z.ZodObject<{
288
+ /** Cloudflare account ID */
289
+ accountId: z.ZodOptional<z.ZodString>;
290
+ }, "strip", z.ZodTypeAny, {
291
+ accountId?: string | undefined;
292
+ }, {
293
+ accountId?: string | undefined;
294
+ }>;
295
+ export declare const ProfileSchema: z.ZodEnum<["basic-op", "fapi-rw", "fapi2-security"]>;
296
+ export declare const AuthrimConfigSchema: z.ZodObject<{
297
+ /** Configuration schema version */
298
+ version: z.ZodDefault<z.ZodString>;
299
+ /** Creation timestamp */
300
+ createdAt: z.ZodOptional<z.ZodString>;
301
+ /** Last update timestamp */
302
+ updatedAt: z.ZodOptional<z.ZodString>;
303
+ /** Source information */
304
+ source: z.ZodOptional<z.ZodObject<{
305
+ /** GitHub repository (e.g., "sgrastar/authrim") */
306
+ repository: z.ZodString;
307
+ /** Git reference (tag or branch) */
308
+ gitRef: z.ZodString;
309
+ /** Full commit hash */
310
+ commitHash: z.ZodString;
311
+ /** SHA256 hash of the source artifact */
312
+ artifactHash: z.ZodOptional<z.ZodString>;
313
+ }, "strip", z.ZodTypeAny, {
314
+ repository: string;
315
+ gitRef: string;
316
+ commitHash: string;
317
+ artifactHash?: string | undefined;
318
+ }, {
319
+ repository: string;
320
+ gitRef: string;
321
+ commitHash: string;
322
+ artifactHash?: string | undefined;
323
+ }>>;
324
+ /** Environment configuration */
325
+ environment: z.ZodObject<{
326
+ /** Environment prefix (e.g., "prod", "staging", "dev") */
327
+ prefix: z.ZodString;
328
+ }, "strip", z.ZodTypeAny, {
329
+ prefix: string;
330
+ }, {
331
+ prefix: string;
332
+ }>;
333
+ /** URL configuration */
334
+ urls: z.ZodOptional<z.ZodObject<{
335
+ /** API / OIDC issuer URL */
336
+ api: z.ZodObject<{
337
+ /** Custom domain (null = use auto-generated URL) */
338
+ custom: z.ZodOptional<z.ZodNullable<z.ZodString>>;
339
+ /** Auto-generated URL (workers.dev or pages.dev) */
340
+ auto: z.ZodOptional<z.ZodString>;
341
+ }, "strip", z.ZodTypeAny, {
342
+ custom?: string | null | undefined;
343
+ auto?: string | undefined;
344
+ }, {
345
+ custom?: string | null | undefined;
346
+ auto?: string | undefined;
347
+ }>;
348
+ /** Login UI URL */
349
+ loginUi: z.ZodObject<{
350
+ /** Custom domain (null = use auto-generated URL) */
351
+ custom: z.ZodOptional<z.ZodNullable<z.ZodString>>;
352
+ /** Auto-generated URL (workers.dev or pages.dev) */
353
+ auto: z.ZodOptional<z.ZodString>;
354
+ }, "strip", z.ZodTypeAny, {
355
+ custom?: string | null | undefined;
356
+ auto?: string | undefined;
357
+ }, {
358
+ custom?: string | null | undefined;
359
+ auto?: string | undefined;
360
+ }>;
361
+ /** Admin UI URL */
362
+ adminUi: z.ZodObject<{
363
+ /** Custom domain (null = use auto-generated URL) */
364
+ custom: z.ZodOptional<z.ZodNullable<z.ZodString>>;
365
+ /** Auto-generated URL (workers.dev or pages.dev) */
366
+ auto: z.ZodOptional<z.ZodString>;
367
+ }, "strip", z.ZodTypeAny, {
368
+ custom?: string | null | undefined;
369
+ auto?: string | undefined;
370
+ }, {
371
+ custom?: string | null | undefined;
372
+ auto?: string | undefined;
373
+ }>;
374
+ }, "strip", z.ZodTypeAny, {
375
+ api: {
376
+ custom?: string | null | undefined;
377
+ auto?: string | undefined;
378
+ };
379
+ loginUi: {
380
+ custom?: string | null | undefined;
381
+ auto?: string | undefined;
382
+ };
383
+ adminUi: {
384
+ custom?: string | null | undefined;
385
+ auto?: string | undefined;
386
+ };
387
+ }, {
388
+ api: {
389
+ custom?: string | null | undefined;
390
+ auto?: string | undefined;
391
+ };
392
+ loginUi: {
393
+ custom?: string | null | undefined;
394
+ auto?: string | undefined;
395
+ };
396
+ adminUi: {
397
+ custom?: string | null | undefined;
398
+ auto?: string | undefined;
399
+ };
400
+ }>>;
401
+ /** Tenant configuration */
402
+ tenant: z.ZodDefault<z.ZodObject<{
403
+ /** Tenant identifier */
404
+ name: z.ZodDefault<z.ZodString>;
405
+ /** Human-readable tenant name */
406
+ displayName: z.ZodDefault<z.ZodString>;
407
+ }, "strip", z.ZodTypeAny, {
408
+ name: string;
409
+ displayName: string;
410
+ }, {
411
+ name?: string | undefined;
412
+ displayName?: string | undefined;
413
+ }>>;
414
+ /** Enabled components */
415
+ components: z.ZodDefault<z.ZodObject<{
416
+ /** Core API components (always enabled) */
417
+ api: z.ZodDefault<z.ZodBoolean>;
418
+ /** Login UI component */
419
+ loginUi: z.ZodDefault<z.ZodBoolean>;
420
+ /** Admin UI component */
421
+ adminUi: z.ZodDefault<z.ZodBoolean>;
422
+ /** SAML IdP/SP support */
423
+ saml: z.ZodDefault<z.ZodBoolean>;
424
+ /** Async queue processing */
425
+ async: z.ZodDefault<z.ZodBoolean>;
426
+ /** Verifiable Credentials */
427
+ vc: z.ZodDefault<z.ZodBoolean>;
428
+ /** External IdP Bridge */
429
+ bridge: z.ZodDefault<z.ZodBoolean>;
430
+ /** ReBAC Policy service */
431
+ policy: z.ZodDefault<z.ZodBoolean>;
432
+ }, "strip", z.ZodTypeAny, {
433
+ api: boolean;
434
+ loginUi: boolean;
435
+ adminUi: boolean;
436
+ saml: boolean;
437
+ async: boolean;
438
+ vc: boolean;
439
+ bridge: boolean;
440
+ policy: boolean;
441
+ }, {
442
+ api?: boolean | undefined;
443
+ loginUi?: boolean | undefined;
444
+ adminUi?: boolean | undefined;
445
+ saml?: boolean | undefined;
446
+ async?: boolean | undefined;
447
+ vc?: boolean | undefined;
448
+ bridge?: boolean | undefined;
449
+ policy?: boolean | undefined;
450
+ }>>;
451
+ /** OIDC profile */
452
+ profile: z.ZodDefault<z.ZodEnum<["basic-op", "fapi-rw", "fapi2-security"]>>;
453
+ /** OIDC settings */
454
+ oidc: z.ZodDefault<z.ZodObject<{
455
+ /** Access token TTL in seconds */
456
+ accessTokenTtl: z.ZodDefault<z.ZodNumber>;
457
+ /** Refresh token TTL in seconds */
458
+ refreshTokenTtl: z.ZodDefault<z.ZodNumber>;
459
+ /** Authorization code TTL in seconds */
460
+ authCodeTtl: z.ZodDefault<z.ZodNumber>;
461
+ /** Require PKCE for all clients */
462
+ pkceRequired: z.ZodDefault<z.ZodBoolean>;
463
+ /** Supported response types */
464
+ responseTypes: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
465
+ /** Supported grant types */
466
+ grantTypes: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
467
+ }, "strip", z.ZodTypeAny, {
468
+ accessTokenTtl: number;
469
+ refreshTokenTtl: number;
470
+ authCodeTtl: number;
471
+ pkceRequired: boolean;
472
+ responseTypes: string[];
473
+ grantTypes: string[];
474
+ }, {
475
+ accessTokenTtl?: number | undefined;
476
+ refreshTokenTtl?: number | undefined;
477
+ authCodeTtl?: number | undefined;
478
+ pkceRequired?: boolean | undefined;
479
+ responseTypes?: string[] | undefined;
480
+ grantTypes?: string[] | undefined;
481
+ }>>;
482
+ /** Sharding configuration */
483
+ sharding: z.ZodDefault<z.ZodObject<{
484
+ /** Number of authorization code store shards */
485
+ authCodeShards: z.ZodDefault<z.ZodNumber>;
486
+ /** Number of refresh token rotator shards */
487
+ refreshTokenShards: z.ZodDefault<z.ZodNumber>;
488
+ }, "strip", z.ZodTypeAny, {
489
+ authCodeShards: number;
490
+ refreshTokenShards: number;
491
+ }, {
492
+ authCodeShards?: number | undefined;
493
+ refreshTokenShards?: number | undefined;
494
+ }>>;
495
+ /** Feature flags */
496
+ features: z.ZodDefault<z.ZodObject<{
497
+ queue: z.ZodDefault<z.ZodObject<{
498
+ enabled: z.ZodDefault<z.ZodBoolean>;
499
+ }, "strip", z.ZodTypeAny, {
500
+ enabled: boolean;
501
+ }, {
502
+ enabled?: boolean | undefined;
503
+ }>>;
504
+ r2: z.ZodDefault<z.ZodObject<{
505
+ enabled: z.ZodDefault<z.ZodBoolean>;
506
+ }, "strip", z.ZodTypeAny, {
507
+ enabled: boolean;
508
+ }, {
509
+ enabled?: boolean | undefined;
510
+ }>>;
511
+ email: z.ZodDefault<z.ZodObject<{
512
+ provider: z.ZodDefault<z.ZodEnum<["none", "resend", "sendgrid", "ses"]>>;
513
+ }, "strip", z.ZodTypeAny, {
514
+ provider: "none" | "resend" | "sendgrid" | "ses";
515
+ }, {
516
+ provider?: "none" | "resend" | "sendgrid" | "ses" | undefined;
517
+ }>>;
518
+ }, "strip", z.ZodTypeAny, {
519
+ queue: {
520
+ enabled: boolean;
521
+ };
522
+ r2: {
523
+ enabled: boolean;
524
+ };
525
+ email: {
526
+ provider: "none" | "resend" | "sendgrid" | "ses";
527
+ };
528
+ }, {
529
+ queue?: {
530
+ enabled?: boolean | undefined;
531
+ } | undefined;
532
+ r2?: {
533
+ enabled?: boolean | undefined;
534
+ } | undefined;
535
+ email?: {
536
+ provider?: "none" | "resend" | "sendgrid" | "ses" | undefined;
537
+ } | undefined;
538
+ }>>;
539
+ /** Key configuration */
540
+ keys: z.ZodDefault<z.ZodObject<{
541
+ /** Key ID (kid) for JWK */
542
+ keyId: z.ZodOptional<z.ZodString>;
543
+ /** Public key in JWK format */
544
+ publicKeyJwk: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
545
+ /** Path to secrets directory */
546
+ secretsPath: z.ZodDefault<z.ZodString>;
547
+ /** Whether to include secrets in config (not recommended) */
548
+ includeSecrets: z.ZodDefault<z.ZodBoolean>;
549
+ }, "strip", z.ZodTypeAny, {
550
+ secretsPath: string;
551
+ includeSecrets: boolean;
552
+ keyId?: string | undefined;
553
+ publicKeyJwk?: Record<string, unknown> | undefined;
554
+ }, {
555
+ keyId?: string | undefined;
556
+ publicKeyJwk?: Record<string, unknown> | undefined;
557
+ secretsPath?: string | undefined;
558
+ includeSecrets?: boolean | undefined;
559
+ }>>;
560
+ /** Cloudflare configuration */
561
+ cloudflare: z.ZodDefault<z.ZodObject<{
562
+ /** Cloudflare account ID */
563
+ accountId: z.ZodOptional<z.ZodString>;
564
+ }, "strip", z.ZodTypeAny, {
565
+ accountId?: string | undefined;
566
+ }, {
567
+ accountId?: string | undefined;
568
+ }>>;
569
+ }, "strip", z.ZodTypeAny, {
570
+ keys: {
571
+ secretsPath: string;
572
+ includeSecrets: boolean;
573
+ keyId?: string | undefined;
574
+ publicKeyJwk?: Record<string, unknown> | undefined;
575
+ };
576
+ version: string;
577
+ environment: {
578
+ prefix: string;
579
+ };
580
+ tenant: {
581
+ name: string;
582
+ displayName: string;
583
+ };
584
+ components: {
585
+ api: boolean;
586
+ loginUi: boolean;
587
+ adminUi: boolean;
588
+ saml: boolean;
589
+ async: boolean;
590
+ vc: boolean;
591
+ bridge: boolean;
592
+ policy: boolean;
593
+ };
594
+ profile: "basic-op" | "fapi-rw" | "fapi2-security";
595
+ oidc: {
596
+ accessTokenTtl: number;
597
+ refreshTokenTtl: number;
598
+ authCodeTtl: number;
599
+ pkceRequired: boolean;
600
+ responseTypes: string[];
601
+ grantTypes: string[];
602
+ };
603
+ sharding: {
604
+ authCodeShards: number;
605
+ refreshTokenShards: number;
606
+ };
607
+ features: {
608
+ queue: {
609
+ enabled: boolean;
610
+ };
611
+ r2: {
612
+ enabled: boolean;
613
+ };
614
+ email: {
615
+ provider: "none" | "resend" | "sendgrid" | "ses";
616
+ };
617
+ };
618
+ cloudflare: {
619
+ accountId?: string | undefined;
620
+ };
621
+ createdAt?: string | undefined;
622
+ updatedAt?: string | undefined;
623
+ source?: {
624
+ repository: string;
625
+ gitRef: string;
626
+ commitHash: string;
627
+ artifactHash?: string | undefined;
628
+ } | undefined;
629
+ urls?: {
630
+ api: {
631
+ custom?: string | null | undefined;
632
+ auto?: string | undefined;
633
+ };
634
+ loginUi: {
635
+ custom?: string | null | undefined;
636
+ auto?: string | undefined;
637
+ };
638
+ adminUi: {
639
+ custom?: string | null | undefined;
640
+ auto?: string | undefined;
641
+ };
642
+ } | undefined;
643
+ }, {
644
+ environment: {
645
+ prefix: string;
646
+ };
647
+ keys?: {
648
+ keyId?: string | undefined;
649
+ publicKeyJwk?: Record<string, unknown> | undefined;
650
+ secretsPath?: string | undefined;
651
+ includeSecrets?: boolean | undefined;
652
+ } | undefined;
653
+ version?: string | undefined;
654
+ createdAt?: string | undefined;
655
+ updatedAt?: string | undefined;
656
+ source?: {
657
+ repository: string;
658
+ gitRef: string;
659
+ commitHash: string;
660
+ artifactHash?: string | undefined;
661
+ } | undefined;
662
+ urls?: {
663
+ api: {
664
+ custom?: string | null | undefined;
665
+ auto?: string | undefined;
666
+ };
667
+ loginUi: {
668
+ custom?: string | null | undefined;
669
+ auto?: string | undefined;
670
+ };
671
+ adminUi: {
672
+ custom?: string | null | undefined;
673
+ auto?: string | undefined;
674
+ };
675
+ } | undefined;
676
+ tenant?: {
677
+ name?: string | undefined;
678
+ displayName?: string | undefined;
679
+ } | undefined;
680
+ components?: {
681
+ api?: boolean | undefined;
682
+ loginUi?: boolean | undefined;
683
+ adminUi?: boolean | undefined;
684
+ saml?: boolean | undefined;
685
+ async?: boolean | undefined;
686
+ vc?: boolean | undefined;
687
+ bridge?: boolean | undefined;
688
+ policy?: boolean | undefined;
689
+ } | undefined;
690
+ profile?: "basic-op" | "fapi-rw" | "fapi2-security" | undefined;
691
+ oidc?: {
692
+ accessTokenTtl?: number | undefined;
693
+ refreshTokenTtl?: number | undefined;
694
+ authCodeTtl?: number | undefined;
695
+ pkceRequired?: boolean | undefined;
696
+ responseTypes?: string[] | undefined;
697
+ grantTypes?: string[] | undefined;
698
+ } | undefined;
699
+ sharding?: {
700
+ authCodeShards?: number | undefined;
701
+ refreshTokenShards?: number | undefined;
702
+ } | undefined;
703
+ features?: {
704
+ queue?: {
705
+ enabled?: boolean | undefined;
706
+ } | undefined;
707
+ r2?: {
708
+ enabled?: boolean | undefined;
709
+ } | undefined;
710
+ email?: {
711
+ provider?: "none" | "resend" | "sendgrid" | "ses" | undefined;
712
+ } | undefined;
713
+ } | undefined;
714
+ cloudflare?: {
715
+ accountId?: string | undefined;
716
+ } | undefined;
717
+ }>;
718
+ export type AuthrimConfig = z.infer<typeof AuthrimConfigSchema>;
719
+ export type UrlConfig = z.infer<typeof UrlConfigSchema>;
720
+ export type UrlsConfig = z.infer<typeof UrlsConfigSchema>;
721
+ export type SourceInfo = z.infer<typeof SourceInfoSchema>;
722
+ export type EnvironmentConfig = z.infer<typeof EnvironmentConfigSchema>;
723
+ export type TenantConfig = z.infer<typeof TenantConfigSchema>;
724
+ export type ComponentsConfig = z.infer<typeof ComponentsConfigSchema>;
725
+ export type OidcConfig = z.infer<typeof OidcConfigSchema>;
726
+ export type ShardingConfig = z.infer<typeof ShardingConfigSchema>;
727
+ export type FeaturesConfig = z.infer<typeof FeaturesConfigSchema>;
728
+ export type KeysConfig = z.infer<typeof KeysConfigSchema>;
729
+ export type CloudflareConfig = z.infer<typeof CloudflareConfigSchema>;
730
+ export type Profile = z.infer<typeof ProfileSchema>;
731
+ /**
732
+ * Create a default configuration with minimal settings
733
+ */
734
+ export declare function createDefaultConfig(prefix: string): AuthrimConfig;
735
+ /**
736
+ * Validate and parse a configuration object
737
+ */
738
+ export declare function parseConfig(data: unknown): AuthrimConfig;
739
+ /**
740
+ * Safely validate a configuration object (returns result instead of throwing)
741
+ */
742
+ export declare function safeParseConfig(data: unknown): z.SafeParseReturnType<{
743
+ environment: {
744
+ prefix: string;
745
+ };
746
+ keys?: {
747
+ keyId?: string | undefined;
748
+ publicKeyJwk?: Record<string, unknown> | undefined;
749
+ secretsPath?: string | undefined;
750
+ includeSecrets?: boolean | undefined;
751
+ } | undefined;
752
+ version?: string | undefined;
753
+ createdAt?: string | undefined;
754
+ updatedAt?: string | undefined;
755
+ source?: {
756
+ repository: string;
757
+ gitRef: string;
758
+ commitHash: string;
759
+ artifactHash?: string | undefined;
760
+ } | undefined;
761
+ urls?: {
762
+ api: {
763
+ custom?: string | null | undefined;
764
+ auto?: string | undefined;
765
+ };
766
+ loginUi: {
767
+ custom?: string | null | undefined;
768
+ auto?: string | undefined;
769
+ };
770
+ adminUi: {
771
+ custom?: string | null | undefined;
772
+ auto?: string | undefined;
773
+ };
774
+ } | undefined;
775
+ tenant?: {
776
+ name?: string | undefined;
777
+ displayName?: string | undefined;
778
+ } | undefined;
779
+ components?: {
780
+ api?: boolean | undefined;
781
+ loginUi?: boolean | undefined;
782
+ adminUi?: boolean | undefined;
783
+ saml?: boolean | undefined;
784
+ async?: boolean | undefined;
785
+ vc?: boolean | undefined;
786
+ bridge?: boolean | undefined;
787
+ policy?: boolean | undefined;
788
+ } | undefined;
789
+ profile?: "basic-op" | "fapi-rw" | "fapi2-security" | undefined;
790
+ oidc?: {
791
+ accessTokenTtl?: number | undefined;
792
+ refreshTokenTtl?: number | undefined;
793
+ authCodeTtl?: number | undefined;
794
+ pkceRequired?: boolean | undefined;
795
+ responseTypes?: string[] | undefined;
796
+ grantTypes?: string[] | undefined;
797
+ } | undefined;
798
+ sharding?: {
799
+ authCodeShards?: number | undefined;
800
+ refreshTokenShards?: number | undefined;
801
+ } | undefined;
802
+ features?: {
803
+ queue?: {
804
+ enabled?: boolean | undefined;
805
+ } | undefined;
806
+ r2?: {
807
+ enabled?: boolean | undefined;
808
+ } | undefined;
809
+ email?: {
810
+ provider?: "none" | "resend" | "sendgrid" | "ses" | undefined;
811
+ } | undefined;
812
+ } | undefined;
813
+ cloudflare?: {
814
+ accountId?: string | undefined;
815
+ } | undefined;
816
+ }, {
817
+ keys: {
818
+ secretsPath: string;
819
+ includeSecrets: boolean;
820
+ keyId?: string | undefined;
821
+ publicKeyJwk?: Record<string, unknown> | undefined;
822
+ };
823
+ version: string;
824
+ environment: {
825
+ prefix: string;
826
+ };
827
+ tenant: {
828
+ name: string;
829
+ displayName: string;
830
+ };
831
+ components: {
832
+ api: boolean;
833
+ loginUi: boolean;
834
+ adminUi: boolean;
835
+ saml: boolean;
836
+ async: boolean;
837
+ vc: boolean;
838
+ bridge: boolean;
839
+ policy: boolean;
840
+ };
841
+ profile: "basic-op" | "fapi-rw" | "fapi2-security";
842
+ oidc: {
843
+ accessTokenTtl: number;
844
+ refreshTokenTtl: number;
845
+ authCodeTtl: number;
846
+ pkceRequired: boolean;
847
+ responseTypes: string[];
848
+ grantTypes: string[];
849
+ };
850
+ sharding: {
851
+ authCodeShards: number;
852
+ refreshTokenShards: number;
853
+ };
854
+ features: {
855
+ queue: {
856
+ enabled: boolean;
857
+ };
858
+ r2: {
859
+ enabled: boolean;
860
+ };
861
+ email: {
862
+ provider: "none" | "resend" | "sendgrid" | "ses";
863
+ };
864
+ };
865
+ cloudflare: {
866
+ accountId?: string | undefined;
867
+ };
868
+ createdAt?: string | undefined;
869
+ updatedAt?: string | undefined;
870
+ source?: {
871
+ repository: string;
872
+ gitRef: string;
873
+ commitHash: string;
874
+ artifactHash?: string | undefined;
875
+ } | undefined;
876
+ urls?: {
877
+ api: {
878
+ custom?: string | null | undefined;
879
+ auto?: string | undefined;
880
+ };
881
+ loginUi: {
882
+ custom?: string | null | undefined;
883
+ auto?: string | undefined;
884
+ };
885
+ adminUi: {
886
+ custom?: string | null | undefined;
887
+ auto?: string | undefined;
888
+ };
889
+ } | undefined;
890
+ }>;
891
+ //# sourceMappingURL=config.d.ts.map