@draftlab/auth 0.15.0 → 0.15.1

package/dist/provider/twitch.d.mts

@@ -2,50 +2,49 @@ import { Provider } from "./provider.mjs";
 import { Oauth2UserData, Oauth2WrappedConfig } from "./oauth2.mjs";
 
 //#region src/provider/twitch.d.ts
-
 /**
  * Configuration options for Twitch OAuth 2.0 provider.
  * Extends the base OAuth 2.0 configuration with Twitch-specific documentation.
  */
 interface TwitchConfig extends Oauth2WrappedConfig {
   /**
-   * Twitch application client ID.
-   * Get this from your Twitch Console at https://dev.twitch.tv/console
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientID: "abcdef123456"
-   * }
-   * ```
-   */
+       * Twitch application client ID.
+       * Get this from your Twitch Console at https://dev.twitch.tv/console
+       *
+       * @example
+       * ```ts
+       * {
+       *   clientID: "abcdef123456"
+       * }
+       * ```
+       */
   readonly clientID: string;
   /**
-   * Twitch application client secret.
-   * Keep this secure and never expose it to client-side code.
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientSecret: process.env.TWITCH_CLIENT_SECRET
-   * }
-   * ```
-   */
+       * Twitch application client secret.
+       * Keep this secure and never expose it to client-side code.
+       *
+       * @example
+       * ```ts
+       * {
+       *   clientSecret: process.env.TWITCH_CLIENT_SECRET
+       * }
+       * ```
+       */
   readonly clientSecret: string;
   /**
-   * Twitch OAuth scopes to request access for.
-   * Determines what data and actions your app can access.
-   *
-   * @example
-   * ```ts
-   * {
-   *   scopes: [
-   *     "user:read:email",           // Access user email
-   *     "user:read:subscriptions"    // View subscriptions
-   *   ]
-   * }
-   * ```
-   */
+       * Twitch OAuth scopes to request access for.
+       * Determines what data and actions your app can access.
+       *
+       * @example
+       * ```ts
+       * {
+       *   scopes: [
+       *     "user:read:email",           // Access user email
+       *     "user:read:subscriptions"    // View subscriptions
+       *   ]
+       * }
+       * ```
+       */
   readonly scopes: string[];
 }
 /**

package/dist/provider/vercel.d.mts

@@ -2,84 +2,83 @@ import { Provider } from "./provider.mjs";
 import { Oauth2UserData, Oauth2WrappedConfig } from "./oauth2.mjs";
 
 //#region src/provider/vercel.d.ts
-
 /**
  * Configuration options for Vercel OAuth 2.0 + OpenID Connect provider.
  * Extends the base OAuth 2.0 configuration with Vercel-specific documentation.
  */
 interface VercelConfig extends Oauth2WrappedConfig {
   /**
-   * Vercel OAuth App client ID.
-   * Found in your Vercel App settings under the Authentication tab.
-   *
-   * To create an app:
-   * 1. Go to Team Settings → Apps → Create
-   * 2. Configure app details and callback URLs
-   * 3. Copy the Client ID from the Authentication tab
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientID: "oac_abc123xyz789" // Vercel OAuth App Client ID
-   * }
-   * ```
-   */
+       * Vercel OAuth App client ID.
+       * Found in your Vercel App settings under the Authentication tab.
+       *
+       * To create an app:
+       * 1. Go to Team Settings → Apps → Create
+       * 2. Configure app details and callback URLs
+       * 3. Copy the Client ID from the Authentication tab
+       *
+       * @example
+       * ```ts
+       * {
+       *   clientID: "oac_abc123xyz789" // Vercel OAuth App Client ID
+       * }
+       * ```
+       */
   readonly clientID: string;
   /**
-   * Vercel OAuth App client secret.
-   * Generated in your Vercel App settings under the Authentication tab.
-   * Keep this secure and never expose it to client-side code.
-   *
-   * To generate:
-   * 1. Go to your app's Authentication tab
-   * 2. Click "Generate Client Secret"
-   * 3. Copy and store securely (shown only once)
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientSecret: process.env.VERCEL_CLIENT_SECRET
-   * }
-   * ```
-   */
+       * Vercel OAuth App client secret.
+       * Generated in your Vercel App settings under the Authentication tab.
+       * Keep this secure and never expose it to client-side code.
+       *
+       * To generate:
+       * 1. Go to your app's Authentication tab
+       * 2. Click "Generate Client Secret"
+       * 3. Copy and store securely (shown only once)
+       *
+       * @example
+       * ```ts
+       * {
+       *   clientSecret: process.env.VERCEL_CLIENT_SECRET
+       * }
+       * ```
+       */
   readonly clientSecret: string;
   /**
-   * OpenID Connect scopes to request.
-   * Controls what user information is included in the ID Token.
-   *
-   * Available scopes (must be enabled in Vercel App dashboard first):
-   * - `openid`: Required for ID Token issuance
-   * - `email`: User's email address
-   * - `profile`: Name, username, and avatar
-   * - `offline_access`: Refresh token for long-lived access (optional)
-   *
-   * **Important**: Enable scopes in: Vercel App → Permissions page
-   *
-   * @example
-   * ```ts
-   * {
-   *   // Basic scopes (usually sufficient)
-   *   scopes: ["openid", "email", "profile"]
-   *
-   *   // With refresh token support (enable offline_access in dashboard first)
-   *   scopes: ["openid", "email", "profile", "offline_access"]
-   * }
-   * ```
-   */
+       * OpenID Connect scopes to request.
+       * Controls what user information is included in the ID Token.
+       *
+       * Available scopes (must be enabled in Vercel App dashboard first):
+       * - `openid`: Required for ID Token issuance
+       * - `email`: User's email address
+       * - `profile`: Name, username, and avatar
+       * - `offline_access`: Refresh token for long-lived access (optional)
+       *
+       * **Important**: Enable scopes in: Vercel App → Permissions page
+       *
+       * @example
+       * ```ts
+       * {
+       *   // Basic scopes (usually sufficient)
+       *   scopes: ["openid", "email", "profile"]
+       *
+       *   // With refresh token support (enable offline_access in dashboard first)
+       *   scopes: ["openid", "email", "profile", "offline_access"]
+       * }
+       * ```
+       */
   readonly scopes: string[];
   /**
-   * Additional query parameters for Vercel OAuth authorization.
-   * Useful for customizing the authorization flow.
-   *
-   * @example
-   * ```ts
-   * {
-   *   query: {
-   *     prompt: "consent"  // Force consent screen every time
-   *   }
-   * }
-   * ```
-   */
+       * Additional query parameters for Vercel OAuth authorization.
+       * Useful for customizing the authorization flow.
+       *
+       * @example
+       * ```ts
+       * {
+       *   query: {
+       *     prompt: "consent"  // Force consent screen every time
+       *   }
+       * }
+       * ```
+       */
   readonly query?: Record<string, string>;
 }
 /**

package/dist/revocation.d.mts

@@ -1,7 +1,6 @@
 import { StorageAdapter } from "./storage/storage.mjs";
 
 //#region src/revocation.d.ts
-
 /**
  * Data stored for a revoked token.
  * Tracks when the token was revoked and when it naturally expires.
@@ -18,37 +17,37 @@ interface RevocationRecord {
  */
 declare const Revocation: {
   /**
-   * Revokes a token, preventing it from being used even if not yet expired.
-   *
-   * @param storage - Storage adapter to use
-   * @param token - The token to revoke (access or refresh token)
-   * @param expiresAt - When the token naturally expires (milliseconds since epoch)
-   * @returns Promise that resolves when revocation is stored
-   *
-   * @example
-   * ```ts
-   * // Revoke a refresh token on logout
-   * await Revocation.revoke(storage, refreshToken, expiresAt)
-   * ```
-   */
+       * Revokes a token, preventing it from being used even if not yet expired.
+       *
+       * @param storage - Storage adapter to use
+       * @param token - The token to revoke (access or refresh token)
+       * @param expiresAt - When the token naturally expires (milliseconds since epoch)
+       * @returns Promise that resolves when revocation is stored
+       *
+       * @example
+       * ```ts
+       * // Revoke a refresh token on logout
+       * await Revocation.revoke(storage, refreshToken, expiresAt)
+       * ```
+       */
   readonly revoke: (storage: StorageAdapter, token: string, expiresAt: number) => Promise<void>;
   /**
-   * Checks if a token has been revoked.
-   * Returns false if token is not in revocation list (never revoked or already expired).
-   *
-   * @param storage - Storage adapter to use
-   * @param token - The token to check
-   * @returns Promise resolving to true if token is revoked, false otherwise
-   *
-   * @example
-   * ```ts
-   * // Check if token was revoked before using it
-   * const isRevoked = await Revocation.isRevoked(storage, accessToken)
-   * if (isRevoked) {
-   *   throw new InvalidAccessTokenError()
-   * }
-   * ```
-   */
+       * Checks if a token has been revoked.
+       * Returns false if token is not in revocation list (never revoked or already expired).
+       *
+       * @param storage - Storage adapter to use
+       * @param token - The token to check
+       * @returns Promise resolving to true if token is revoked, false otherwise
+       *
+       * @example
+       * ```ts
+       * // Check if token was revoked before using it
+       * const isRevoked = await Revocation.isRevoked(storage, accessToken)
+       * if (isRevoked) {
+       *   throw new InvalidAccessTokenError()
+       * }
+       * ```
+       */
   readonly isRevoked: (storage: StorageAdapter, token: string) => Promise<boolean>;
 };
 //#endregion

package/dist/storage/memory.d.mts

@@ -1,7 +1,6 @@
 import { StorageAdapter } from "./storage.mjs";
 
 //#region src/storage/memory.d.ts
-
 /**
  * In-memory storage adapter for Draft Auth with optional file persistence.
  *
@@ -40,17 +39,17 @@ import { StorageAdapter } from "./storage.mjs";
  */
 interface MemoryStorageOptions {
   /**
-   * File path for persisting the in-memory store to disk.
-   * When specified, the store will be saved to this file on changes
-   * and loaded from it on startup if it exists.
-   *
-   * @example
-   * ```ts
-   * {
-   *   persist: "./data/auth-storage.json"
-   * }
-   * ```
-   */
+       * File path for persisting the in-memory store to disk.
+       * When specified, the store will be saved to this file on changes
+       * and loaded from it on startup if it exists.
+       *
+       * @example
+       * ```ts
+       * {
+       *   persist: "./data/auth-storage.json"
+       * }
+       * ```
+       */
   readonly persist?: string;
 }
 /**

package/dist/storage/storage.d.mts

@@ -10,34 +10,34 @@
  */
 interface StorageAdapter {
   /**
-   * Retrieves a value by its key path.
-   *
-   * @param key - Array of key segments forming the storage path
-   * @returns Promise resolving to the stored value or undefined if not found
-   */
+       * Retrieves a value by its key path.
+       *
+       * @param key - Array of key segments forming the storage path
+       * @returns Promise resolving to the stored value or undefined if not found
+       */
   get(key: string[]): Promise<Record<string, unknown> | undefined>;
   /**
-   * Removes a value by its key path.
-   *
-   * @param key - Array of key segments forming the storage path
-   * @returns Promise that resolves when removal is complete
-   */
+       * Removes a value by its key path.
+       *
+       * @param key - Array of key segments forming the storage path
+       * @returns Promise that resolves when removal is complete
+       */
   remove(key: string[]): Promise<void>;
   /**
-   * Stores a value with an optional expiration date.
-   *
-   * @param key - Array of key segments forming the storage path
-   * @param value - The value to store
-   * @param expiry - Optional expiration date for automatic cleanup
-   * @returns Promise that resolves when storage is complete
-   */
+       * Stores a value with an optional expiration date.
+       *
+       * @param key - Array of key segments forming the storage path
+       * @param value - The value to store
+       * @param expiry - Optional expiration date for automatic cleanup
+       * @returns Promise that resolves when storage is complete
+       */
   set(key: string[], value: unknown, expiry?: Date): Promise<void>;
   /**
-   * Scans for keys matching a prefix pattern.
-   *
-   * @param prefix - Array of key segments to use as prefix filter
-   * @returns Async iterable of key-value pairs matching the prefix
-   */
+       * Scans for keys matching a prefix pattern.
+       *
+       * @param prefix - Array of key segments to use as prefix filter
+       * @returns Async iterable of key-value pairs matching the prefix
+       */
   scan(prefix: string[]): AsyncIterable<readonly [string[], unknown]>;
 }
 /**
@@ -75,104 +75,104 @@ declare const splitKey: (key: string) => string[];
  */
 declare const Storage: {
   /**
-   * Encodes key segments by escaping special characters.
-   * Ensures storage keys don't contain unescaped separator characters that could cause collisions.
-   *
-   * @param key - Array of key segments to encode
-   * @returns Array of properly escaped key segments
-   *
-   * @throws {Error} If any segment is empty or whitespace-only
-   *
-   * @example
-   * ```ts
-   * Storage.encode(['user', 'data\x1fwith\x1fseparators'])
-   * // Returns: ['user', 'data\\x1fwith\\x1fseparators']
-   * ```
-   */
+       * Encodes key segments by escaping special characters.
+       * Ensures storage keys don't contain unescaped separator characters that could cause collisions.
+       *
+       * @param key - Array of key segments to encode
+       * @returns Array of properly escaped key segments
+       *
+       * @throws {Error} If any segment is empty or whitespace-only
+       *
+       * @example
+       * ```ts
+       * Storage.encode(['user', 'data\x1fwith\x1fseparators'])
+       * // Returns: ['user', 'data\\x1fwith\\x1fseparators']
+       * ```
+       */
   readonly encode: (key: string[]) => string[];
   /**
-   * Decodes key segments by unescaping special characters.
-   * Reverse operation of encode().
-   *
-   * @param key - Array of encoded key segments
-   * @returns Array of decoded key segments
-   *
-   * @internal
-   */
+       * Decodes key segments by unescaping special characters.
+       * Reverse operation of encode().
+       *
+       * @param key - Array of encoded key segments
+       * @returns Array of decoded key segments
+       *
+       * @internal
+       */
   readonly decode: (key: string[]) => string[];
   /**
-   * Retrieves a typed value from storage.
-   *
-   * @template T - Expected type of the stored value
-   * @param adapter - Storage adapter to use
-   * @param key - Array of key segments identifying the value
-   * @returns Promise resolving to the typed value or null if not found
-   *
-   * @example
-   * ```ts
-   * interface UserSession {
-   *   userId: string
-   *   expiresAt: number
-   * }
-   *
-   * const session = await Storage.get<UserSession>(adapter, ['sessions', sessionId])
-   * if (session) {
-   *   // Fully typed: session.userId
-   * }
-   * ```
-   */
+       * Retrieves a typed value from storage.
+       *
+       * @template T - Expected type of the stored value
+       * @param adapter - Storage adapter to use
+       * @param key - Array of key segments identifying the value
+       * @returns Promise resolving to the typed value or null if not found
+       *
+       * @example
+       * ```ts
+       * interface UserSession {
+       *   userId: string
+       *   expiresAt: number
+       * }
+       *
+       * const session = await Storage.get<UserSession>(adapter, ['sessions', sessionId])
+       * if (session) {
+       *   // Fully typed: session.userId
+       * }
+       * ```
+       */
   readonly get: <T = Record<string, unknown>>(adapter: StorageAdapter, key: string[]) => Promise<T | null>;
   /**
-   * Stores a value with optional time-to-live in seconds.
-   * Validates that TTL is a positive integer to prevent edge cases like negative or overflow values.
-   *
-   * @param adapter - Storage adapter to use
-   * @param key - Array of key segments identifying where to store
-   * @param value - The value to store
-   * @param ttlSeconds - Optional TTL in seconds for automatic expiration
-   * @returns Promise that resolves when storage is complete
-   *
-   * @throws {RangeError} If TTL is invalid (negative, non-integer, or exceeds maximum)
-   *
-   * @example
-   * ```ts
-   * // Store with 1 hour TTL
-   * await Storage.set(adapter, ['sessions', sessionId], sessionData, 3600)
-   *
-   * // Store permanently (no expiration)
-   * await Storage.set(adapter, ['users', userId], userData)
-   * ```
-   */
+       * Stores a value with optional time-to-live in seconds.
+       * Validates that TTL is a positive integer to prevent edge cases like negative or overflow values.
+       *
+       * @param adapter - Storage adapter to use
+       * @param key - Array of key segments identifying where to store
+       * @param value - The value to store
+       * @param ttlSeconds - Optional TTL in seconds for automatic expiration
+       * @returns Promise that resolves when storage is complete
+       *
+       * @throws {RangeError} If TTL is invalid (negative, non-integer, or exceeds maximum)
+       *
+       * @example
+       * ```ts
+       * // Store with 1 hour TTL
+       * await Storage.set(adapter, ['sessions', sessionId], sessionData, 3600)
+       *
+       * // Store permanently (no expiration)
+       * await Storage.set(adapter, ['users', userId], userData)
+       * ```
+       */
   readonly set: (adapter: StorageAdapter, key: string[], value: unknown, ttlSeconds?: number) => Promise<void>;
   /**
-   * Removes a value from storage.
-   *
-   * @param adapter - Storage adapter to use
-   * @param key - Array of key segments identifying the value to remove
-   * @returns Promise that resolves when removal is complete
-   *
-   * @example
-   * ```ts
-   * await Storage.remove(adapter, ['sessions', expiredSessionId])
-   * ```
-   */
+       * Removes a value from storage.
+       *
+       * @param adapter - Storage adapter to use
+       * @param key - Array of key segments identifying the value to remove
+       * @returns Promise that resolves when removal is complete
+       *
+       * @example
+       * ```ts
+       * await Storage.remove(adapter, ['sessions', expiredSessionId])
+       * ```
+       */
   readonly remove: (adapter: StorageAdapter, key: string[]) => Promise<void>;
   /**
-   * Scans for entries matching a key prefix with type safety.
-   *
-   * @template T - Expected type of the stored values
-   * @param adapter - Storage adapter to use
-   * @param prefix - Array of key segments to use as prefix filter
-   * @returns Async iterable of typed key-value pairs
-   *
-   * @example
-   * ```ts
-   * // Find all user sessions
-   * for await (const [key, session] of Storage.scan<UserSession>(adapter, ['sessions'])) {
-   *   // Session: `${key.join('/')} expires at ${session.expiresAt}`
-   * }
-   * ```
-   */
+       * Scans for entries matching a key prefix with type safety.
+       *
+       * @template T - Expected type of the stored values
+       * @param adapter - Storage adapter to use
+       * @param prefix - Array of key segments to use as prefix filter
+       * @returns Async iterable of typed key-value pairs
+       *
+       * @example
+       * ```ts
+       * // Find all user sessions
+       * for await (const [key, session] of Storage.scan<UserSession>(adapter, ['sessions'])) {
+       *   // Session: `${key.join('/')} expires at ${session.expiresAt}`
+       * }
+       * ```
+       */
   readonly scan: <T = Record<string, unknown>>(adapter: StorageAdapter, prefix: string[]) => AsyncIterable<readonly [string[], T]>;
 };
 //#endregion

package/dist/storage/turso.d.mts

@@ -2,7 +2,6 @@ import { StorageAdapter } from "./storage.mjs";
 import { Client } from "@libsql/client";
 
 //#region src/storage/turso.d.ts
-
 /**
  * Creates a Turso storage adapter using the provided LibSQL client.
  * Automatically initializes the required database table and implements

package/dist/storage/unstorage.d.mts

@@ -2,7 +2,6 @@ import { StorageAdapter } from "./storage.mjs";
 import { Driver } from "unstorage";
 
 //#region src/storage/unstorage.d.ts
-
 /**
  * Creates a Draft Auth storage adapter using Unstorage drivers.
  * Supports automatic expiration, error handling, and any Unstorage driver.

package/dist/subject.d.mts

@@ -2,7 +2,6 @@ import { Prettify } from "./util.mjs";
 import { StandardSchemaV1 } from "@standard-schema/spec";
 
 //#region src/subject.d.ts
-
 /**
  * Schema definition for subjects, mapping subject type names to their validation schemas.
  * Each key represents a subject type, and each value is a schema that validates