@byline/admin 2.3.3 → 2.4.1

package/dist/modules/admin-users/repository.js

@@ -1,8 +1 @@
-/**
- * This Source Code is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * Copyright (c) Infonomic Company Limited
- */
-export {};
+export { };

package/dist/modules/admin-users/schemas.js

@@ -1,65 +1,36 @@
-/**
- * This Source Code is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * Copyright (c) Infonomic Company Limited
- */
-import { passwordSchema, uuidSchema } from '@byline/core/validation';
-import { z } from 'zod';
-/**
- * Zod request/response schemas for the admin-users commands.
- *
- * Both input and output are validated — response validation keeps the
- * admin surface honest about what it promises downstream clients. The
- * DTO shaper in `dto.ts` produces values that match `adminUserResponseSchema`
- * exactly; if the schema or the DTO drifts, tests catch it at the
- * command boundary.
- *
- * `vid` is the optimistic-concurrency version — every write that touches
- * content content takes the client-held `vid` and the adapter gates the
- * write on it, throwing `ADMIN_USER_VERSION_CONFLICT` on mismatch.
- *
- * Password and uuid helpers come from `@byline/core/validation` — the
- * shared primitives ported from the organisation's `@infonomic/shared`
- * schemas so rules stay consistent across projects.
- */
-// ---------------------------------------------------------------------------
-// Field-level schemas (re-used across requests)
-// ---------------------------------------------------------------------------
+import { passwordSchema, uuidSchema } from "@byline/core/validation";
+import { z } from "zod";
 const idSchema = uuidSchema;
-const vidSchema = z
-    .number({ message: 'vid is required' })
-    .int({ message: 'vid must be an integer' })
-    .positive({ message: 'vid must be positive' });
-const emailSchema = z
-    .email({ message: 'email must be a valid address' })
-    .min(3)
-    .max(254)
-    .transform((v) => v.toLowerCase());
+const vidSchema = z.number({
+    message: 'vid is required'
+}).int({
+    message: 'vid must be an integer'
+}).positive({
+    message: 'vid must be positive'
+});
+const emailSchema = z.email({
+    message: 'email must be a valid address'
+}).min(3).max(254).transform((v)=>v.toLowerCase());
 const nameSchema = z.string().min(1).max(100);
-const orderSchema = z.enum([
+const orderSchema = z["enum"]([
     'given_name',
     'family_name',
     'email',
     'username',
     'created_at',
-    'updated_at',
+    'updated_at'
 ]);
-// ---------------------------------------------------------------------------
-// Requests
-// ---------------------------------------------------------------------------
-export const listAdminUsersRequestSchema = z.object({
+const listAdminUsersRequestSchema = z.object({
     page: z.number().int().min(1).optional().default(1),
     pageSize: z.number().int().min(1).max(100).optional().default(20),
     query: z.string().max(128).optional(),
     order: orderSchema.optional().default('created_at'),
-    desc: z.boolean().optional().default(true),
+    desc: z.boolean().optional().default(true)
 });
-export const getAdminUserRequestSchema = z.object({
-    id: idSchema,
+const getAdminUserRequestSchema = z.object({
+    id: idSchema
 });
-export const createAdminUserRequestSchema = z.object({
+const createAdminUserRequestSchema = z.object({
     email: emailSchema,
     password: passwordSchema,
     given_name: nameSchema.nullish(),
@@ -67,43 +38,39 @@ export const createAdminUserRequestSchema = z.object({
     username: z.string().min(1).max(100).nullish(),
     is_super_admin: z.boolean().optional(),
     is_enabled: z.boolean().optional(),
-    is_email_verified: z.boolean().optional(),
+    is_email_verified: z.boolean().optional()
 });
-export const updateAdminUserRequestSchema = z.object({
+const updateAdminUserRequestSchema = z.object({
     id: idSchema,
     vid: vidSchema,
-    patch: z
-        .object({
+    patch: z.object({
         email: emailSchema.optional(),
         given_name: nameSchema.nullish(),
         family_name: nameSchema.nullish(),
         username: z.string().min(1).max(100).nullish(),
         is_super_admin: z.boolean().optional(),
         is_enabled: z.boolean().optional(),
-        is_email_verified: z.boolean().optional(),
+        is_email_verified: z.boolean().optional()
+    }).refine((p)=>Object.keys(p).length > 0, {
+        message: 'patch cannot be empty'
     })
-        .refine((p) => Object.keys(p).length > 0, { message: 'patch cannot be empty' }),
 });
-export const setAdminUserPasswordRequestSchema = z.object({
+const setAdminUserPasswordRequestSchema = z.object({
     id: idSchema,
     vid: vidSchema,
-    password: passwordSchema,
+    password: passwordSchema
+});
+const enableAdminUserRequestSchema = z.object({
+    id: idSchema
 });
-export const enableAdminUserRequestSchema = z.object({ id: idSchema });
-export const disableAdminUserRequestSchema = z.object({ id: idSchema });
-export const deleteAdminUserRequestSchema = z.object({
+const disableAdminUserRequestSchema = z.object({
+    id: idSchema
+});
+const deleteAdminUserRequestSchema = z.object({
     id: idSchema,
-    vid: vidSchema,
+    vid: vidSchema
 });
-// ---------------------------------------------------------------------------
-// Responses
-// ---------------------------------------------------------------------------
-/**
- * Public shape of an admin user. Deliberately excludes `password_hash` —
- * the DTO in `dto.ts` is responsible for producing exactly this shape
- * from an `AdminUserRow`, so the schema acts as a contract check.
- */
-export const adminUserResponseSchema = z.object({
+const adminUserResponseSchema = z.object({
     id: z.string(),
     vid: z.number().int(),
     email: z.string(),
@@ -118,9 +85,9 @@ export const adminUserResponseSchema = z.object({
     is_enabled: z.boolean(),
     is_email_verified: z.boolean(),
     created_at: z.date(),
-    updated_at: z.date(),
+    updated_at: z.date()
 });
-export const adminUserListResponseSchema = z.object({
+const adminUserListResponseSchema = z.object({
     users: z.array(adminUserResponseSchema),
     meta: z.object({
         total: z.number().int().min(0),
@@ -129,8 +96,10 @@ export const adminUserListResponseSchema = z.object({
         page_size: z.number().int().min(1),
         query: z.string(),
         order: orderSchema,
-        desc: z.boolean(),
-    }),
+        desc: z.boolean()
+    })
+});
+const okResponseSchema = z.object({
+    ok: z.literal(true)
 });
-/** Empty response for void-returning mutations (set-password, enable, disable, delete). */
-export const okResponseSchema = z.object({ ok: z.literal(true) });
+export { adminUserListResponseSchema, adminUserResponseSchema, createAdminUserRequestSchema, deleteAdminUserRequestSchema, disableAdminUserRequestSchema, enableAdminUserRequestSchema, getAdminUserRequestSchema, listAdminUsersRequestSchema, okResponseSchema, setAdminUserPasswordRequestSchema, updateAdminUserRequestSchema };

package/dist/modules/admin-users/seed-super-admin.js

@@ -1,29 +1,7 @@
-/**
- * This Source Code is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * Copyright (c) Infonomic Company Limited
- */
-import { hashPassword } from '../auth/password.js';
-/**
- * Idempotently create the super-admin role + user and assign them to each
- * other. Safe to re-run against an existing database — reports what was
- * newly created via the `created` flags so scripts can log meaningfully.
- *
- * This is the only built-in seed we ship for auth. Everything else is
- * configured through the admin UI (or directly via the repositories) once
- * the super-admin is in.
- *
- * The user row has `is_super_admin: true` and `is_enabled: true` set
- * explicitly — the default for `is_enabled` is false so UI-created
- * accounts require deliberate enablement, but the seed always produces a
- * usable account.
- */
-export async function seedSuperAdmin(store, input) {
+import { hashPassword } from "../auth/password.js";
+async function seedSuperAdmin(store, input) {
     const roleMachineName = input.roleMachineName ?? 'super-admin';
     const roleName = input.roleName ?? 'Super Admin';
-    // 1. Role
     let role = await store.adminRoles.getByMachineName(roleMachineName);
     let roleCreated = false;
     if (!role) {
@@ -31,11 +9,10 @@ export async function seedSuperAdmin(store, input) {
             name: roleName,
             machine_name: roleMachineName,
             description: 'Built-in role held by the initial super-admin. Individual users also carry the is_super_admin flag.',
-            order: 0,
+            order: 0
         });
         roleCreated = true;
     }
-    // 2. User
     let user = await store.adminUsers.getByEmail(input.email);
     let userCreated = false;
     if (!user) {
@@ -47,23 +24,21 @@ export async function seedSuperAdmin(store, input) {
             family_name: input.family_name ?? null,
             is_super_admin: true,
             is_enabled: true,
-            is_email_verified: true,
+            is_email_verified: true
         });
         userCreated = true;
     }
-    // 3. Assignment (idempotent)
     const existingRoles = await store.adminRoles.listRolesForUser(user.id);
-    const alreadyAssigned = existingRoles.some((r) => r.id === role.id);
-    if (!alreadyAssigned) {
-        await store.adminRoles.assignToUser(role.id, user.id);
-    }
+    const alreadyAssigned = existingRoles.some((r)=>r.id === role.id);
+    if (!alreadyAssigned) await store.adminRoles.assignToUser(role.id, user.id);
     return {
         userId: user.id,
         roleId: role.id,
         created: {
             user: userCreated,
             role: roleCreated,
-            assignment: !alreadyAssigned,
-        },
+            assignment: !alreadyAssigned
+        }
     };
 }
+export { seedSuperAdmin };

package/dist/modules/admin-users/service.js

@@ -1,58 +1,51 @@
-/**
- * This Source Code is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * Copyright (c) Infonomic Company Limited
- */
-import { hashPassword } from '../auth/password.js';
-import { toAdminUser } from './dto.js';
-import { ERR_ADMIN_USER_EMAIL_IN_USE, ERR_ADMIN_USER_NOT_FOUND, ERR_ADMIN_USER_SELF_DELETE, ERR_ADMIN_USER_SELF_DISABLE, } from './errors.js';
-/**
- * Business logic for administering admin users.
- *
- * The service owns four concerns the repository deliberately avoids:
- *
- *   1. **Password hashing.** `hashPassword` from `@byline/admin/auth`
- *      runs here so every write path (create, setPassword, future
- *      password-reset flows) hashes consistently.
- *   2. **Domain invariants.** Email conflict detection on create/update,
- *      self-delete / self-disable prevention — rules the database
- *      cannot enforce on its own.
- *   3. **DTO shaping.** Raw rows are shaped through `toAdminUser` so
- *      the response contract is owned in one place.
- *   4. **Optimistic-concurrency plumbing.** The repo gates writes on
- *      `expectedVid`; the service just threads it from the validated
- *      request shape. Version conflicts surface as
- *      `AdminUsersError(VERSION_CONFLICT)` from the adapter; the service
- *      does not catch them.
- *
- * Commands call service methods after Zod-validating input and asserting
- * abilities; internal callers (seeds, other services) can call service
- * methods directly. Either way, the service is transport-agnostic.
- *
- * Service methods take the acting `AdminAuth` as an explicit first
- * argument when they need it for invariants (self-delete checks). Reads
- * do not need the actor — the ability check at the command boundary is
- * sufficient.
- */
-export class AdminUsersService {
-    #repo;
-    constructor(deps) {
-        this.#repo = deps.repo;
+import { hashPassword } from "../auth/password.js";
+import { toAdminUser } from "./dto.js";
+import { ERR_ADMIN_USER_EMAIL_IN_USE, ERR_ADMIN_USER_NOT_FOUND, ERR_ADMIN_USER_SELF_DELETE, ERR_ADMIN_USER_SELF_DISABLE } from "./errors.js";
+function _check_private_redeclaration(obj, privateCollection) {
+    if (privateCollection.has(obj)) throw new TypeError("Cannot initialize the same private elements twice on an object");
+}
+function _class_apply_descriptor_get(receiver, descriptor) {
+    if (descriptor.get) return descriptor.get.call(receiver);
+    return descriptor.value;
+}
+function _class_apply_descriptor_set(receiver, descriptor, value) {
+    if (descriptor.set) descriptor.set.call(receiver, value);
+    else {
+        if (!descriptor.writable) throw new TypeError("attempted to set read only private field");
+        descriptor.value = value;
     }
+}
+function _class_extract_field_descriptor(receiver, privateMap, action) {
+    if (!privateMap.has(receiver)) throw new TypeError("attempted to " + action + " private field on non-instance");
+    return privateMap.get(receiver);
+}
+function _class_private_field_get(receiver, privateMap) {
+    var descriptor = _class_extract_field_descriptor(receiver, privateMap, "get");
+    return _class_apply_descriptor_get(receiver, descriptor);
+}
+function _class_private_field_init(obj, privateMap, value) {
+    _check_private_redeclaration(obj, privateMap);
+    privateMap.set(obj, value);
+}
+function _class_private_field_set(receiver, privateMap, value) {
+    var descriptor = _class_extract_field_descriptor(receiver, privateMap, "set");
+    _class_apply_descriptor_set(receiver, descriptor, value);
+    return value;
+}
+var _repo = /*#__PURE__*/ new WeakMap();
+class AdminUsersService {
     async listUsers(request) {
-        // Run list + count in parallel — they hit the same indexes but
-        // there's no reason to serialise them.
         const [rows, total] = await Promise.all([
-            this.#repo.list({
+            _class_private_field_get(this, _repo).list({
                 page: request.page,
                 pageSize: request.pageSize,
                 query: request.query,
                 order: request.order,
-                desc: request.desc,
+                desc: request.desc
             }),
-            this.#repo.count({ query: request.query }),
+            _class_private_field_get(this, _repo).count({
+                query: request.query
+            })
         ]);
         const total_pages = Math.max(1, Math.ceil(total / request.pageSize));
         return {
@@ -64,26 +57,20 @@ export class AdminUsersService {
                 page_size: request.pageSize,
                 query: request.query ?? '',
                 order: request.order,
-                desc: request.desc,
-            },
+                desc: request.desc
+            }
         };
     }
     async getUser(request) {
-        const row = await this.#repo.getById(request.id);
-        if (!row)
-            throw ERR_ADMIN_USER_NOT_FOUND();
+        const row = await _class_private_field_get(this, _repo).getById(request.id);
+        if (!row) throw ERR_ADMIN_USER_NOT_FOUND();
         return toAdminUser(row);
     }
     async createUser(request) {
-        // Pre-check for email conflict. The unique index on `email` is the
-        // ultimate backstop if a race beats this check; the pre-check exists
-        // so the common case returns a clean domain-specific error rather
-        // than a raw Postgres code.
-        const existing = await this.#repo.getByEmail(request.email);
-        if (existing)
-            throw ERR_ADMIN_USER_EMAIL_IN_USE();
+        const existing = await _class_private_field_get(this, _repo).getByEmail(request.email);
+        if (existing) throw ERR_ADMIN_USER_EMAIL_IN_USE();
         const password_hash = await hashPassword(request.password);
-        const row = await this.#repo.create({
+        const row = await _class_private_field_get(this, _repo).create({
             email: request.email,
             password_hash,
             given_name: request.given_name ?? null,
@@ -91,52 +78,50 @@ export class AdminUsersService {
             username: request.username ?? null,
             is_super_admin: request.is_super_admin,
             is_enabled: request.is_enabled,
-            is_email_verified: request.is_email_verified,
+            is_email_verified: request.is_email_verified
         });
         return toAdminUser(row);
     }
     async updateUser(request) {
-        const current = await this.#repo.getById(request.id);
-        if (!current)
-            throw ERR_ADMIN_USER_NOT_FOUND();
-        // If email is being changed, check that the new address is not taken
-        // by another user.
-        if (request.patch.email != null && request.patch.email !== current.email) {
-            const owner = await this.#repo.getByEmail(request.patch.email);
-            if (owner && owner.id !== request.id)
-                throw ERR_ADMIN_USER_EMAIL_IN_USE();
+        const current = await _class_private_field_get(this, _repo).getById(request.id);
+        if (!current) throw ERR_ADMIN_USER_NOT_FOUND();
+        if (null != request.patch.email && request.patch.email !== current.email) {
+            const owner = await _class_private_field_get(this, _repo).getByEmail(request.patch.email);
+            if (owner && owner.id !== request.id) throw ERR_ADMIN_USER_EMAIL_IN_USE();
         }
-        const row = await this.#repo.update(request.id, request.vid, request.patch);
+        const row = await _class_private_field_get(this, _repo).update(request.id, request.vid, request.patch);
         return toAdminUser(row);
     }
     async setPassword(request) {
-        const exists = await this.#repo.getById(request.id);
-        if (!exists)
-            throw ERR_ADMIN_USER_NOT_FOUND();
+        const exists = await _class_private_field_get(this, _repo).getById(request.id);
+        if (!exists) throw ERR_ADMIN_USER_NOT_FOUND();
         const password_hash = await hashPassword(request.password);
-        const row = await this.#repo.setPasswordHash(request.id, request.vid, password_hash);
+        const row = await _class_private_field_get(this, _repo).setPasswordHash(request.id, request.vid, password_hash);
         return toAdminUser(row);
     }
     async enableUser(request) {
-        const exists = await this.#repo.getById(request.id);
-        if (!exists)
-            throw ERR_ADMIN_USER_NOT_FOUND();
-        await this.#repo.setEnabled(request.id, true);
+        const exists = await _class_private_field_get(this, _repo).getById(request.id);
+        if (!exists) throw ERR_ADMIN_USER_NOT_FOUND();
+        await _class_private_field_get(this, _repo).setEnabled(request.id, true);
     }
     async disableUser(actor, request) {
-        if (actor.id === request.id)
-            throw ERR_ADMIN_USER_SELF_DISABLE();
-        const exists = await this.#repo.getById(request.id);
-        if (!exists)
-            throw ERR_ADMIN_USER_NOT_FOUND();
-        await this.#repo.setEnabled(request.id, false);
+        if (actor.id === request.id) throw ERR_ADMIN_USER_SELF_DISABLE();
+        const exists = await _class_private_field_get(this, _repo).getById(request.id);
+        if (!exists) throw ERR_ADMIN_USER_NOT_FOUND();
+        await _class_private_field_get(this, _repo).setEnabled(request.id, false);
     }
     async deleteUser(actor, request) {
-        if (actor.id === request.id)
-            throw ERR_ADMIN_USER_SELF_DELETE();
-        const exists = await this.#repo.getById(request.id);
-        if (!exists)
-            throw ERR_ADMIN_USER_NOT_FOUND();
-        await this.#repo.delete(request.id, request.vid);
+        if (actor.id === request.id) throw ERR_ADMIN_USER_SELF_DELETE();
+        const exists = await _class_private_field_get(this, _repo).getById(request.id);
+        if (!exists) throw ERR_ADMIN_USER_NOT_FOUND();
+        await _class_private_field_get(this, _repo).delete(request.id, request.vid);
+    }
+    constructor(deps){
+        _class_private_field_init(this, _repo, {
+            writable: true,
+            value: void 0
+        });
+        _class_private_field_set(this, _repo, deps.repo);
     }
 }
+export { AdminUsersService };

package/dist/modules/auth/components/sign-in-form.d.ts

@@ -0,0 +1,12 @@
+interface SignInFormProps {
+    /** Destination after successful sign-in. Defaults to `/admin`. */
+    callbackUrl?: string;
+    /**
+     * Optional plain "Home" link rendered on the left of the action row.
+     * Typically the host's configured `serverURL` so signed-out admins can
+     * navigate back to the public site without typing the URL.
+     */
+    homeUrl?: string;
+}
+export declare function SignInForm({ callbackUrl, homeUrl }: SignInFormProps): import("react").JSX.Element;
+export {};

package/dist/modules/auth/components/sign-in-form.js

@@ -0,0 +1,115 @@
+"use client";
+import { jsx, jsxs } from "react/jsx-runtime";
+import { useState } from "react";
+import { Alert, Button, Card, Input, LoaderEllipsis } from "@byline/ui/react";
+import classnames from "classnames";
+import { useBylineAdminServices } from "../../../services/admin-services-context.js";
+import sign_in_form_module from "./sign-in-form.module.js";
+function SignInForm({ callbackUrl, homeUrl }) {
+    const { adminSignIn } = useBylineAdminServices();
+    const [email, setEmail] = useState('');
+    const [password, setPassword] = useState('');
+    const [pending, setPending] = useState(false);
+    const [error, setError] = useState(null);
+    async function handleSubmit(event) {
+        event.preventDefault();
+        if (pending) return;
+        if (0 === email.trim().length || 0 === password.length) return void setError('Enter your email and password.');
+        setPending(true);
+        setError(null);
+        try {
+            await adminSignIn({
+                data: {
+                    email: email.trim(),
+                    password
+                }
+            });
+            const target = callbackUrl && callbackUrl.length > 0 ? callbackUrl : '/admin';
+            window.location.assign(target);
+        } catch (err) {
+            console.warn('sign-in failed', err);
+            setError('Invalid credentials.');
+            setPending(false);
+        }
+    }
+    return /*#__PURE__*/ jsxs(Card, {
+        className: classnames('byline-sign-in-card', sign_in_form_module.card),
+        children: [
+            /*#__PURE__*/ jsxs(Card.Header, {
+                children: [
+                    /*#__PURE__*/ jsx(Card.Title, {
+                        children: /*#__PURE__*/ jsx("h2", {
+                            children: "Sign in"
+                        })
+                    }),
+                    /*#__PURE__*/ jsx(Card.Description, {
+                        children: "Sign in to the Byline admin."
+                    }),
+                    error && /*#__PURE__*/ jsx(Alert, {
+                        intent: "danger",
+                        className: classnames('byline-sign-in-alert', sign_in_form_module.alert),
+                        children: error
+                    })
+                ]
+            }),
+            /*#__PURE__*/ jsx(Card.Content, {
+                children: /*#__PURE__*/ jsxs("form", {
+                    onSubmit: handleSubmit,
+                    noValidate: true,
+                    className: classnames('byline-sign-in-form', sign_in_form_module.form),
+                    children: [
+                        /*#__PURE__*/ jsxs("div", {
+                            className: classnames('byline-sign-in-fields', sign_in_form_module.fields),
+                            children: [
+                                /*#__PURE__*/ jsx(Input, {
+                                    label: "Email",
+                                    id: "email",
+                                    name: "email",
+                                    type: "email",
+                                    autoComplete: "email",
+                                    required: true,
+                                    value: email,
+                                    onChange: (event)=>setEmail(event.currentTarget.value),
+                                    disabled: pending
+                                }),
+                                /*#__PURE__*/ jsx(Input, {
+                                    label: "Password",
+                                    id: "password",
+                                    name: "password",
+                                    type: "password",
+                                    autoComplete: "current-password",
+                                    required: true,
+                                    value: password,
+                                    onChange: (event)=>setPassword(event.currentTarget.value),
+                                    disabled: pending
+                                })
+                            ]
+                        }),
+                        /*#__PURE__*/ jsxs("div", {
+                            className: classnames('byline-sign-in-actions', sign_in_form_module.actions),
+                            children: [
+                                homeUrl && /*#__PURE__*/ jsx("a", {
+                                    href: homeUrl,
+                                    className: classnames('byline-sign-in-home-link', sign_in_form_module["home-link"]),
+                                    children: "Home"
+                                }),
+                                /*#__PURE__*/ jsx(Button, {
+                                    type: "submit",
+                                    disabled: pending,
+                                    className: classnames('byline-sign-in-button', sign_in_form_module.button),
+                                    children: pending ? /*#__PURE__*/ jsx(LoaderEllipsis, {
+                                        size: 30,
+                                        color: "#aaaaaa"
+                                    }) : /*#__PURE__*/ jsx("span", {
+                                        children: "Sign In"
+                                    })
+                                })
+                            ]
+                        })
+                    ]
+                })
+            })
+        ]
+    });
+}
+export { SignInForm };

package/dist/modules/auth/components/sign-in-form.module.js

@@ -0,0 +1,12 @@
+import "./sign-in-form_module.css";
+const sign_in_form_module = {
+    card: "card-axRrQg",
+    alert: "alert-sncM8f",
+    form: "form-Tz7oZ2",
+    fields: "fields-EVuby_",
+    actions: "actions-bVKfoJ",
+    "home-link": "home-link-YfGVyd",
+    homeLink: "home-link-YfGVyd",
+    button: "button-paNjW_"
+};
+export default sign_in_form_module;

package/dist/modules/auth/components/sign-in-form_module.css

@@ -0,0 +1,41 @@
+:is(.card-axRrQg, .byline-sign-in-card) {
+  width: 100%;
+}
+
+@media (min-width: 40rem) {
+  :is(.card-axRrQg, .byline-sign-in-card) {
+    max-width: 380px;
+  }
+}
+
+:is(.alert-sncM8f, .byline-sign-in-alert) {
+  margin-top: var(--spacing-12);
+}
+
+:is(.form-Tz7oZ2, .byline-sign-in-form) {
+  padding-top: var(--spacing-8);
+  margin-bottom: var(--spacing-8);
+}
+
+:is(.fields-EVuby_, .byline-sign-in-fields) {
+  gap: var(--spacing-16);
+  flex-direction: column;
+  display: flex;
+}
+
+:is(.actions-bVKfoJ, .byline-sign-in-actions) {
+  margin-top: var(--spacing-24);
+  align-items: center;
+  display: flex;
+}
+
+:is(.home-link-YfGVyd, .byline-sign-in-home-link) {
+  font-size: .9rem;
+  text-decoration: underline;
+}
+
+:is(.button-paNjW_, .byline-sign-in-button) {
+  min-width: 5rem;
+  margin-left: auto;
+}
+