@enbox/auth 0.3.1

package/dist/esm/auth-manager.js

@@ -0,0 +1,496 @@
+/**
+ * AuthManager — the primary entry point for `@enbox/auth`.
+ *
+ * Replaces `Enbox.connect()` (formerly `Web5.connect()`) with a composable,
+ * multi-identity-aware auth system that works in both browser and CLI environments.
+ * @module
+ */
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { EnboxUserAgent } from '@enbox/agent';
+import { AuthEventEmitter } from './events.js';
+import { AuthSession } from './identity-session.js';
+import { createDefaultStorage } from './storage/storage.js';
+import { localConnect } from './flows/local-connect.js';
+import { restoreSession } from './flows/session-restore.js';
+import { STORAGE_KEYS } from './types.js';
+import { VaultManager } from './vault/vault-manager.js';
+import { walletConnect } from './flows/wallet-connect.js';
+import { importFromPhrase, importFromPortable } from './flows/import-identity.js';
+/**
+ * The primary entry point for authentication and identity management.
+ *
+ * `AuthManager` replaces `Enbox.connect()` (formerly `Web5.connect()`) with a composable, multi-identity-aware
+ * system. It manages vault lifecycle, identity CRUD, session persistence,
+ * and all connection flows (local DID, wallet connect, import, restore).
+ *
+ * @example Basic usage
+ * ```ts
+ * import { AuthManager } from '@enbox/auth';
+ *
+ * const auth = await AuthManager.create({ sync: '15s' });
+ *
+ * // First time: creates a new identity
+ * // Subsequent times: restores the previous session
+ * const session = await auth.restoreSession() ?? await auth.connect();
+ *
+ * // session.agent  — the authenticated Enbox agent
+ * // session.did    — the connected DID URI
+ * // session.identity — metadata about the connected identity
+ * ```
+ *
+ * @example Wallet connect
+ * ```ts
+ * const session = await auth.walletConnect({
+ *   displayName: 'My App',
+ *   connectServerUrl: 'https://enbox-dwn.fly.dev/connect',
+ *   permissionRequests: [{ protocolDefinition: MyProtocol.definition }],
+ *   onWalletUriReady: (uri) => showQRCode(uri),
+ *   validatePin: () => promptUserForPin(),
+ * });
+ * ```
+ */
+export class AuthManager {
+    constructor(params) {
+        this._state = 'uninitialized';
+        this._isConnecting = false;
+        this._userAgent = params.userAgent;
+        this._emitter = params.emitter;
+        this._storage = params.storage;
+        this._vault = params.vault;
+        this._defaultPassword = params.defaultPassword;
+        this._defaultSync = params.defaultSync;
+        this._defaultDwnEndpoints = params.defaultDwnEndpoints;
+        this._registration = params.registration;
+    }
+    /**
+     * Create a new AuthManager instance.
+     *
+     * When a pre-built `agent` is provided, it is used as-is and
+     * `dataPath`, `agentVault`, and `localDwnStrategy` are ignored.
+     * Otherwise, a new `EnboxUserAgent` is created with the given options.
+     *
+     * @param options - Configuration options for the auth manager.
+     * @returns A ready-to-use AuthManager instance.
+     */
+    static create() {
+        return __awaiter(this, arguments, void 0, function* (options = {}) {
+            var _a, _b;
+            const emitter = new AuthEventEmitter();
+            const storage = (_a = options.storage) !== null && _a !== void 0 ? _a : createDefaultStorage();
+            // Use a pre-built agent or create one with the given options.
+            const userAgent = (_b = options.agent) !== null && _b !== void 0 ? _b : yield EnboxUserAgent.create({
+                dataPath: options.dataPath,
+                agentVault: options.agentVault,
+                localDwnStrategy: options.localDwnStrategy,
+            });
+            const vault = new VaultManager(userAgent.vault, emitter);
+            const manager = new AuthManager({
+                userAgent,
+                emitter,
+                storage,
+                vault,
+                defaultPassword: options.password,
+                defaultSync: options.sync,
+                defaultDwnEndpoints: options.dwnEndpoints,
+                registration: options.registration,
+            });
+            // Determine initial state.
+            if (yield vault.isInitialized()) {
+                manager._setState(vault.isLocked ? 'locked' : 'unlocked');
+            }
+            else {
+                manager._setState('uninitialized');
+            }
+            return manager;
+        });
+    }
+    // ─── Connection flows ──────────────────────────────────────────
+    /**
+     * Create or reconnect a local identity.
+     *
+     * On first use, this creates a new vault, agent DID, and user identity.
+     * On subsequent uses, it unlocks the vault and reconnects.
+     *
+     * @param options - Optional overrides for password, sync, DWN endpoints.
+     * @returns An active AuthSession.
+     * @throws If a connection attempt is already in progress.
+     */
+    connect(options) {
+        return __awaiter(this, void 0, void 0, function* () {
+            this._guardConcurrency();
+            this._isConnecting = true;
+            try {
+                const session = yield localConnect({
+                    userAgent: this._userAgent,
+                    emitter: this._emitter,
+                    storage: this._storage,
+                    defaultPassword: this._defaultPassword,
+                    defaultSync: this._defaultSync,
+                    defaultDwnEndpoints: this._defaultDwnEndpoints,
+                    registration: this._registration,
+                }, options);
+                this._session = session;
+                this._setState('connected');
+                return session;
+            }
+            finally {
+                this._isConnecting = false;
+            }
+        });
+    }
+    /**
+     * Connect to an external wallet via the OIDC/QR relay protocol.
+     *
+     * This runs the full WalletConnect flow: generates a URI for QR display,
+     * validates the PIN, imports the delegated DID, and processes grants.
+     *
+     * @param options - Wallet connect configuration.
+     * @returns An active AuthSession with delegated permissions.
+     * @throws If sync is disabled (required for wallet connect).
+     * @throws If a connection attempt is already in progress.
+     */
+    walletConnect(options) {
+        return __awaiter(this, void 0, void 0, function* () {
+            var _a;
+            this._guardConcurrency();
+            this._isConnecting = true;
+            try {
+                // Ensure the agent is initialized and started before wallet connect.
+                const password = (_a = this._defaultPassword) !== null && _a !== void 0 ? _a : 'insecure-static-phrase';
+                if (yield this._userAgent.firstLaunch()) {
+                    yield this._userAgent.initialize({ password });
+                }
+                yield this._userAgent.start({ password });
+                this._emitter.emit('vault-unlocked', {});
+                const session = yield walletConnect({
+                    userAgent: this._userAgent,
+                    emitter: this._emitter,
+                    storage: this._storage,
+                    defaultSync: this._defaultSync,
+                    defaultDwnEndpoints: this._defaultDwnEndpoints,
+                    registration: this._registration,
+                }, options);
+                this._session = session;
+                this._setState('connected');
+                return session;
+            }
+            finally {
+                this._isConnecting = false;
+            }
+        });
+    }
+    /**
+     * Import an identity from a BIP-39 recovery phrase.
+     *
+     * This re-derives the vault and agent DID from the mnemonic,
+     * recovering the identity on this device.
+     */
+    importFromPhrase(options) {
+        return __awaiter(this, void 0, void 0, function* () {
+            this._guardConcurrency();
+            this._isConnecting = true;
+            try {
+                const session = yield importFromPhrase({
+                    userAgent: this._userAgent,
+                    emitter: this._emitter,
+                    storage: this._storage,
+                    defaultSync: this._defaultSync,
+                    defaultDwnEndpoints: this._defaultDwnEndpoints,
+                    registration: this._registration,
+                }, options);
+                this._session = session;
+                this._setState('connected');
+                return session;
+            }
+            finally {
+                this._isConnecting = false;
+            }
+        });
+    }
+    /**
+     * Import an identity from a PortableIdentity JSON object.
+     *
+     * The portable identity contains the DID's private keys and metadata.
+     */
+    importFromPortable(options) {
+        return __awaiter(this, void 0, void 0, function* () {
+            this._guardConcurrency();
+            this._isConnecting = true;
+            try {
+                const session = yield importFromPortable({
+                    userAgent: this._userAgent,
+                    emitter: this._emitter,
+                    storage: this._storage,
+                    defaultSync: this._defaultSync,
+                    defaultDwnEndpoints: this._defaultDwnEndpoints,
+                    registration: this._registration,
+                }, options);
+                this._session = session;
+                this._setState('connected');
+                return session;
+            }
+            finally {
+                this._isConnecting = false;
+            }
+        });
+    }
+    /**
+     * Restore a previous session from persisted storage.
+     *
+     * Returns `undefined` if no previous session exists.
+     * This replaces the manual `previouslyConnected` localStorage pattern.
+     */
+    restoreSession(options) {
+        return __awaiter(this, void 0, void 0, function* () {
+            this._guardConcurrency();
+            this._isConnecting = true;
+            try {
+                const session = yield restoreSession({
+                    userAgent: this._userAgent,
+                    emitter: this._emitter,
+                    storage: this._storage,
+                    defaultPassword: this._defaultPassword,
+                    defaultSync: this._defaultSync,
+                }, options);
+                if (session) {
+                    this._session = session;
+                    this._setState('connected');
+                }
+                return session;
+            }
+            finally {
+                this._isConnecting = false;
+            }
+        });
+    }
+    // ─── Session management ────────────────────────────────────────
+    /** The current active session, or `undefined` if not connected. */
+    get session() {
+        return this._session;
+    }
+    /**
+     * Disconnect the current session.
+     *
+     * @param options - Disconnect options.
+     * @param options.clearStorage - If `true`, performs a nuclear wipe:
+     *   clears all persisted data (localStorage + IndexedDB). Default: `false`.
+     * @param options.timeout - Milliseconds to wait for sync to complete.
+     */
+    disconnect() {
+        return __awaiter(this, arguments, void 0, function* (options = {}) {
+            var _a, _b;
+            const { clearStorage = false, timeout = 2000 } = options;
+            const did = (_a = this._session) === null || _a === void 0 ? void 0 : _a.did;
+            // Stop sync.
+            if (this._session) {
+                if ('sync' in this._userAgent && typeof ((_b = this._userAgent.sync) === null || _b === void 0 ? void 0 : _b.stopSync) === 'function') {
+                    yield this._userAgent.sync.stopSync(timeout);
+                }
+            }
+            this._session = undefined;
+            if (clearStorage) {
+                // Nuclear wipe: clear all persisted auth data.
+                yield this._storage.clear();
+                // Also clear non-prefixed localStorage and IndexedDB (browser).
+                if (typeof globalThis.localStorage !== 'undefined') {
+                    globalThis.localStorage.clear();
+                }
+                if (typeof globalThis.indexedDB !== 'undefined') {
+                    try {
+                        const databases = yield globalThis.indexedDB.databases();
+                        for (const db of databases) {
+                            if (db.name) {
+                                globalThis.indexedDB.deleteDatabase(db.name);
+                            }
+                        }
+                    }
+                    catch (_c) {
+                        // indexedDB.databases() not available in all browsers.
+                    }
+                }
+            }
+            else {
+                // Clean disconnect: remove session markers but keep vault/identities.
+                yield this._storage.remove(STORAGE_KEYS.PREVIOUSLY_CONNECTED);
+                yield this._storage.remove(STORAGE_KEYS.ACTIVE_IDENTITY);
+                yield this._storage.remove(STORAGE_KEYS.DELEGATE_DID);
+                yield this._storage.remove(STORAGE_KEYS.CONNECTED_DID);
+            }
+            this._setState('unlocked');
+            if (did) {
+                this._emitter.emit('session-end', { did });
+            }
+        });
+    }
+    // ─── Multi-identity ────────────────────────────────────────────
+    /**
+     * List all stored identities.
+     *
+     * Each identity has a DID URI, name, and optional connected DID
+     * (for wallet-connected/delegated identities).
+     */
+    listIdentities() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const identities = yield this._userAgent.identity.list();
+            return identities.map((identity) => ({
+                didUri: identity.did.uri,
+                name: identity.metadata.name,
+                connectedDid: identity.metadata.connectedDid,
+            }));
+        });
+    }
+    /**
+     * Switch the active identity.
+     *
+     * Disconnects the current session (if any) and creates a new session
+     * for the specified identity.
+     */
+    switchIdentity(didUri) {
+        return __awaiter(this, void 0, void 0, function* () {
+            var _a;
+            // Disconnect current session cleanly (keep data).
+            if (this._session) {
+                yield this.disconnect();
+            }
+            const identity = yield this._userAgent.identity.get({ didUri });
+            if (!identity) {
+                throw new Error(`[@enbox/auth] Identity not found: ${didUri}`);
+            }
+            const connectedDid = (_a = identity.metadata.connectedDid) !== null && _a !== void 0 ? _a : identity.did.uri;
+            const delegateDid = identity.metadata.connectedDid ? identity.did.uri : undefined;
+            // Persist the switch.
+            yield this._storage.set(STORAGE_KEYS.PREVIOUSLY_CONNECTED, 'true');
+            yield this._storage.set(STORAGE_KEYS.ACTIVE_IDENTITY, connectedDid);
+            const identityInfo = {
+                didUri: connectedDid,
+                name: identity.metadata.name,
+                connectedDid: identity.metadata.connectedDid,
+            };
+            // Restart sync.
+            const sync = this._defaultSync;
+            if (sync !== 'off') {
+                const syncMode = sync === undefined ? 'live' : 'poll';
+                const syncInterval = sync !== null && sync !== void 0 ? sync : (syncMode === 'live' ? '5m' : '2m');
+                this._userAgent.sync.startSync({ mode: syncMode, interval: syncInterval })
+                    .catch((err) => console.error('[@enbox/auth] Sync failed:', err));
+            }
+            this._session = new AuthSession({
+                agent: this._userAgent,
+                did: connectedDid,
+                delegateDid,
+                identity: identityInfo,
+            });
+            this._setState('connected');
+            this._emitter.emit('session-start', {
+                session: { did: connectedDid, delegateDid, identity: identityInfo },
+            });
+            return this._session;
+        });
+    }
+    /**
+     * Delete a stored identity.
+     *
+     * If the identity is currently active, it will be disconnected first.
+     *
+     * @throws If the identity is not found.
+     */
+    deleteIdentity(didUri) {
+        return __awaiter(this, void 0, void 0, function* () {
+            var _a;
+            // Disconnect if this is the active identity.
+            if (((_a = this._session) === null || _a === void 0 ? void 0 : _a.did) === didUri) {
+                yield this.disconnect();
+            }
+            const identity = yield this._userAgent.identity.get({ didUri });
+            if (!identity) {
+                throw new Error(`[@enbox/auth] Identity not found: ${didUri}`);
+            }
+            // Delete the DID and keys.
+            try {
+                yield this._userAgent.did.delete({
+                    didUri: identity.did.uri,
+                    tenant: identity.metadata.tenant,
+                    deleteKey: true,
+                });
+            }
+            catch (err) {
+                console.error(`[@enbox/auth] Failed to delete DID ${didUri}:`, err);
+            }
+            // Delete the identity record.
+            yield this._userAgent.identity.delete({ didUri });
+            this._emitter.emit('identity-removed', { didUri });
+        });
+    }
+    /**
+     * Export an identity as a PortableIdentity JSON object.
+     *
+     * This can be used for backup or transferring the identity
+     * to another device.
+     */
+    exportIdentity(didUri) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return this._userAgent.identity.export({ didUri });
+        });
+    }
+    // ─── Vault ─────────────────────────────────────────────────────
+    /** Access the vault manager for lock/unlock/backup operations. */
+    get vault() {
+        return this._vault;
+    }
+    // ─── Events ────────────────────────────────────────────────────
+    /**
+     * Subscribe to an auth lifecycle event.
+     *
+     * @param event - The event name.
+     * @param handler - The event handler.
+     * @returns An unsubscribe function.
+     */
+    on(event, handler) {
+        return this._emitter.on(event, handler);
+    }
+    // ─── State ─────────────────────────────────────────────────────
+    /** The current auth state. */
+    get state() {
+        return this._state;
+    }
+    /** Whether an active session exists. */
+    get isConnected() {
+        return this._state === 'connected';
+    }
+    /** Whether the vault is currently locked. */
+    get isLocked() {
+        return this._vault.isLocked;
+    }
+    /** Whether a connection attempt is in progress. */
+    get isConnecting() {
+        return this._isConnecting;
+    }
+    /** The underlying EnboxUserAgent (for advanced usage). */
+    get agent() {
+        return this._userAgent;
+    }
+    // ─── Private helpers ───────────────────────────────────────────
+    _setState(state) {
+        if (state === this._state) {
+            return;
+        }
+        const previous = this._state;
+        this._state = state;
+        this._emitter.emit('state-change', { previous, current: state });
+    }
+    _guardConcurrency() {
+        if (this._isConnecting) {
+            throw new Error('[@enbox/auth] A connection attempt is already in progress. ' +
+                'Wait for it to complete before starting another.');
+        }
+    }
+}
+//# sourceMappingURL=auth-manager.js.map

package/dist/esm/auth-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-manager.js","sourceRoot":"","sources":["../../src/auth-manager.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;;;;;;;;;;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAG9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC1C,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAiB1D,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAElF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AACH,MAAM,OAAO,WAAW;IAetB,YAAoB,MASnB;QAlBO,WAAM,GAAc,eAAe,CAAC;QACpC,kBAAa,GAAG,KAAK,CAAC;QAkB5B,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,SAAS,CAAC;QACnC,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC;QAC/B,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC;QAC/B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC;QAC3B,IAAI,CAAC,gBAAgB,GAAG,MAAM,CAAC,eAAe,CAAC;QAC/C,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,WAAW,CAAC;QACvC,IAAI,CAAC,oBAAoB,GAAG,MAAM,CAAC,mBAAmB,CAAC;QACvD,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,YAAY,CAAC;IAC3C,CAAC;IAED;;;;;;;;;OASG;IACH,MAAM,CAAO,MAAM;6DAAC,UAA8B,EAAE;;YAClD,MAAM,OAAO,GAAG,IAAI,gBAAgB,EAAE,CAAC;YACvC,MAAM,OAAO,GAAG,MAAA,OAAO,CAAC,OAAO,mCAAI,oBAAoB,EAAE,CAAC;YAE1D,8DAA8D;YAC9D,MAAM,SAAS,GAAG,MAAA,OAAO,CAAC,KAAK,mCAAI,MAAM,cAAc,CAAC,MAAM,CAAC;gBAC7D,QAAQ,EAAW,OAAO,CAAC,QAAQ;gBACnC,UAAU,EAAS,OAAO,CAAC,UAAU;gBACrC,gBAAgB,EAAG,OAAO,CAAC,gBAAgB;aAC5C,CAAC,CAAC;YAEH,MAAM,KAAK,GAAG,IAAI,YAAY,CAAC,SAAS,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YAEzD,MAAM,OAAO,GAAG,IAAI,WAAW,CAAC;gBAC9B,SAAS;gBACT,OAAO;gBACP,OAAO;gBACP,KAAK;gBACL,eAAe,EAAO,OAAO,CAAC,QAAQ;gBACtC,WAAW,EAAW,OAAO,CAAC,IAAI;gBAClC,mBAAmB,EAAG,OAAO,CAAC,YAAY;gBAC1C,YAAY,EAAU,OAAO,CAAC,YAAY;aAC3C,CAAC,CAAC;YAEH,2BAA2B;YAC3B,IAAI,MAAM,KAAK,CAAC,aAAa,EAAE,EAAE,CAAC;gBAChC,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;YAC5D,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;YACrC,CAAC;YAED,OAAO,OAAO,CAAC;QACjB,CAAC;KAAA;IAED,kEAAkE;IAElE;;;;;;;;;OASG;IACG,OAAO,CAAC,OAA6B;;YACzC,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACzB,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;YAE1B,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,YAAY,CAChC;oBACE,SAAS,EAAa,IAAI,CAAC,UAAU;oBACrC,OAAO,EAAe,IAAI,CAAC,QAAQ;oBACnC,OAAO,EAAe,IAAI,CAAC,QAAQ;oBACnC,eAAe,EAAO,IAAI,CAAC,gBAAgB;oBAC3C,WAAW,EAAW,IAAI,CAAC,YAAY;oBACvC,mBAAmB,EAAG,IAAI,CAAC,oBAAoB;oBAC/C,YAAY,EAAU,IAAI,CAAC,aAAa;iBACzC,EACD,OAAO,CACR,CAAC;gBAEF,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;gBACxB,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;gBAC5B,OAAO,OAAO,CAAC;YACjB,CAAC;oBAAS,CAAC;gBACT,IAAI,CAAC,aAAa,GAAG,KAAK,CAAC;YAC7B,CAAC;QACH,CAAC;KAAA;IAED;;;;;;;;;;OAUG;IACG,aAAa,CAAC,OAA6B;;;YAC/C,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACzB,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;YAE1B,IAAI,CAAC;gBACH,qEAAqE;gBACrE,MAAM,QAAQ,GAAG,MAAA,IAAI,CAAC,gBAAgB,mCAAI,wBAAwB,CAAC;gBACnE,IAAI,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,EAAE,CAAC;oBACxC,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;gBACjD,CAAC;gBACD,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;gBAC1C,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC;gBAEzC,MAAM,OAAO,GAAG,MAAM,aAAa,CACjC;oBACE,SAAS,EAAa,IAAI,CAAC,UAAU;oBACrC,OAAO,EAAe,IAAI,CAAC,QAAQ;oBACnC,OAAO,EAAe,IAAI,CAAC,QAAQ;oBACnC,WAAW,EAAW,IAAI,CAAC,YAAY;oBACvC,mBAAmB,EAAG,IAAI,CAAC,oBAAoB;oBAC/C,YAAY,EAAU,IAAI,CAAC,aAAa;iBACzC,EACD,OAAO,CACR,CAAC;gBAEF,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;gBACxB,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;gBAC5B,OAAO,OAAO,CAAC;YACjB,CAAC;oBAAS,CAAC;gBACT,IAAI,CAAC,aAAa,GAAG,KAAK,CAAC;YAC7B,CAAC;QACH,CAAC;KAAA;IAED;;;;;OAKG;IACG,gBAAgB,CAAC,OAAgC;;YACrD,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACzB,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;YAE1B,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,gBAAgB,CACpC;oBACE,SAAS,EAAa,IAAI,CAAC,UAAU;oBACrC,OAAO,EAAe,IAAI,CAAC,QAAQ;oBACnC,OAAO,EAAe,IAAI,CAAC,QAAQ;oBACnC,WAAW,EAAW,IAAI,CAAC,YAAY;oBACvC,mBAAmB,EAAG,IAAI,CAAC,oBAAoB;oBAC/C,YAAY,EAAU,IAAI,CAAC,aAAa;iBACzC,EACD,OAAO,CACR,CAAC;gBAEF,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;gBACxB,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;gBAC5B,OAAO,OAAO,CAAC;YACjB,CAAC;oBAAS,CAAC;gBACT,IAAI,CAAC,aAAa,GAAG,KAAK,CAAC;YAC7B,CAAC;QACH,CAAC;KAAA;IAED;;;;OAIG;IACG,kBAAkB,CAAC,OAAkC;;YACzD,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACzB,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;YAE1B,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,kBAAkB,CACtC;oBACE,SAAS,EAAa,IAAI,CAAC,UAAU;oBACrC,OAAO,EAAe,IAAI,CAAC,QAAQ;oBACnC,OAAO,EAAe,IAAI,CAAC,QAAQ;oBACnC,WAAW,EAAW,IAAI,CAAC,YAAY;oBACvC,mBAAmB,EAAG,IAAI,CAAC,oBAAoB;oBAC/C,YAAY,EAAU,IAAI,CAAC,aAAa;iBACzC,EACD,OAAO,CACR,CAAC;gBAEF,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;gBACxB,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;gBAC5B,OAAO,OAAO,CAAC;YACjB,CAAC;oBAAS,CAAC;gBACT,IAAI,CAAC,aAAa,GAAG,KAAK,CAAC;YAC7B,CAAC;QACH,CAAC;KAAA;IAED;;;;;OAKG;IACG,cAAc,CAAC,OAA+B;;YAClD,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACzB,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;YAE1B,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,cAAc,CAClC;oBACE,SAAS,EAAS,IAAI,CAAC,UAAU;oBACjC,OAAO,EAAW,IAAI,CAAC,QAAQ;oBAC/B,OAAO,EAAW,IAAI,CAAC,QAAQ;oBAC/B,eAAe,EAAG,IAAI,CAAC,gBAAgB;oBACvC,WAAW,EAAO,IAAI,CAAC,YAAY;iBACpC,EACD,OAAO,CACR,CAAC;gBAEF,IAAI,OAAO,EAAE,CAAC;oBACZ,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;oBACxB,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;gBAC9B,CAAC;gBACD,OAAO,OAAO,CAAC;YACjB,CAAC;oBAAS,CAAC;gBACT,IAAI,CAAC,aAAa,GAAG,KAAK,CAAC;YAC7B,CAAC;QACH,CAAC;KAAA;IAED,kEAAkE;IAElE,mEAAmE;IACnE,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED;;;;;;;OAOG;IACG,UAAU;6DAAC,UAA6B,EAAE;;YAC9C,MAAM,EAAE,YAAY,GAAG,KAAK,EAAE,OAAO,GAAG,IAAI,EAAE,GAAG,OAAO,CAAC;YACzD,MAAM,GAAG,GAAG,MAAA,IAAI,CAAC,QAAQ,0CAAE,GAAG,CAAC;YAE/B,aAAa;YACb,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAClB,IAAI,MAAM,IAAI,IAAI,CAAC,UAAU,IAAI,OAAO,CAAA,MAAC,IAAI,CAAC,UAAkB,CAAC,IAAI,0CAAE,QAAQ,CAAA,KAAK,UAAU,EAAE,CAAC;oBAC/F,MAAO,IAAI,CAAC,UAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;gBACxD,CAAC;YACH,CAAC;YAED,IAAI,CAAC,QAAQ,GAAG,SAAS,CAAC;YAE1B,IAAI,YAAY,EAAE,CAAC;gBACjB,+CAA+C;gBAC/C,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;gBAE5B,gEAAgE;gBAChE,IAAI,OAAO,UAAU,CAAC,YAAY,KAAK,WAAW,EAAE,CAAC;oBACnD,UAAU,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;gBAClC,CAAC;gBACD,IAAI,OAAO,UAAU,CAAC,SAAS,KAAK,WAAW,EAAE,CAAC;oBAChD,IAAI,CAAC;wBACH,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;wBACzD,KAAK,MAAM,EAAE,IAAI,SAAS,EAAE,CAAC;4BAC3B,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC;gCACZ,UAAU,CAAC,SAAS,CAAC,cAAc,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;4BAC/C,CAAC;wBACH,CAAC;oBACH,CAAC;oBAAC,WAAM,CAAC;wBACP,uDAAuD;oBACzD,CAAC;gBACH,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,sEAAsE;gBACtE,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,YAAY,CAAC,oBAAoB,CAAC,CAAC;gBAC9D,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;gBACzD,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;gBACtD,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;YACzD,CAAC;YAED,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;YAE3B,IAAI,GAAG,EAAE,CAAC;gBACR,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC;KAAA;IAED,kEAAkE;IAElE;;;;;OAKG;IACG,cAAc;;YAClB,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;YACzD,OAAO,UAAU,CAAC,GAAG,CAAC,CAAC,QAAwB,EAAE,EAAE,CAAC,CAAC;gBACnD,MAAM,EAAS,QAAQ,CAAC,GAAG,CAAC,GAAG;gBAC/B,IAAI,EAAW,QAAQ,CAAC,QAAQ,CAAC,IAAI;gBACrC,YAAY,EAAG,QAAQ,CAAC,QAAQ,CAAC,YAAY;aAC9C,CAAC,CAAC,CAAC;QACN,CAAC;KAAA;IAED;;;;;OAKG;IACG,cAAc,CAAC,MAAc;;;YACjC,kDAAkD;YAClD,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAClB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;YAC1B,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;YAChE,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,IAAI,KAAK,CAAC,qCAAqC,MAAM,EAAE,CAAC,CAAC;YACjE,CAAC;YAED,MAAM,YAAY,GAAG,MAAA,QAAQ,CAAC,QAAQ,CAAC,YAAY,mCAAI,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC;YACxE,MAAM,WAAW,GAAG,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;YAElF,sBAAsB;YACtB,MAAM,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,YAAY,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;YACnE,MAAM,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;YAEpE,MAAM,YAAY,GAAiB;gBACjC,MAAM,EAAS,YAAY;gBAC3B,IAAI,EAAW,QAAQ,CAAC,QAAQ,CAAC,IAAI;gBACrC,YAAY,EAAG,QAAQ,CAAC,QAAQ,CAAC,YAAY;aAC9C,CAAC;YAEF,gBAAgB;YAChB,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,CAAC;YAC/B,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;gBACnB,MAAM,QAAQ,GAAG,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;gBACtD,MAAM,YAAY,GAAG,IAAI,aAAJ,IAAI,cAAJ,IAAI,GAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;gBACjE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;qBACvE,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,GAAG,CAAC,CAAC,CAAC;YAC/E,CAAC;YAED,IAAI,CAAC,QAAQ,GAAG,IAAI,WAAW,CAAC;gBAC9B,KAAK,EAAM,IAAI,CAAC,UAAU;gBAC1B,GAAG,EAAQ,YAAY;gBACvB,WAAW;gBACX,QAAQ,EAAG,YAAY;aACxB,CAAC,CAAC;YAEH,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;YAE5B,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,eAAe,EAAE;gBAClC,OAAO,EAAE,EAAE,GAAG,EAAE,YAAY,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE;aACpE,CAAC,CAAC;YAEH,OAAO,IAAI,CAAC,QAAQ,CAAC;QACvB,CAAC;KAAA;IAED;;;;;;OAMG;IACG,cAAc,CAAC,MAAc;;;YACjC,6CAA6C;YAC7C,IAAI,CAAA,MAAA,IAAI,CAAC,QAAQ,0CAAE,GAAG,MAAK,MAAM,EAAE,CAAC;gBAClC,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;YAC1B,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;YAChE,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,IAAI,KAAK,CAAC,qCAAqC,MAAM,EAAE,CAAC,CAAC;YACjE,CAAC;YAED,2BAA2B;YAC3B,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC;oBAC/B,MAAM,EAAM,QAAQ,CAAC,GAAG,CAAC,GAAG;oBAC5B,MAAM,EAAM,QAAQ,CAAC,QAAQ,CAAC,MAAM;oBACpC,SAAS,EAAG,IAAI;iBACjB,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,GAAY,EAAE,CAAC;gBACtB,OAAO,CAAC,KAAK,CAAC,sCAAsC,MAAM,GAAG,EAAE,GAAG,CAAC,CAAC;YACtE,CAAC;YAED,8BAA8B;YAC9B,MAAM,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;YAElD,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QACrD,CAAC;KAAA;IAED;;;;;OAKG;IACG,cAAc,CAAC,MAAc;;YACjC,OAAO,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QACrD,CAAC;KAAA;IAED,kEAAkE;IAElE,kEAAkE;IAClE,IAAI,KAAK;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,kEAAkE;IAElE;;;;;;OAMG;IACH,EAAE,CAAsB,KAAQ,EAAE,OAA4B;QAC5D,OAAO,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAC1C,CAAC;IAED,kEAAkE;IAElE,8BAA8B;IAC9B,IAAI,KAAK;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,wCAAwC;IACxC,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,MAAM,KAAK,WAAW,CAAC;IACrC,CAAC;IAED,6CAA6C;IAC7C,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC;IAC9B,CAAC;IAED,mDAAmD;IACnD,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;IAED,0DAA0D;IAC1D,IAAI,KAAK;QACP,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED,kEAAkE;IAE1D,SAAS,CAAC,KAAgB;QAChC,IAAI,KAAK,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC;YAAA,OAAO;QAAA,CAAC;QACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;QACpB,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;IACnE,CAAC;IAEO,iBAAiB;QACvB,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CACb,6DAA6D;gBAC7D,kDAAkD,CACnD,CAAC;QACJ,CAAC;IACH,CAAC;CACF"}

package/dist/esm/events.js

@@ -0,0 +1,65 @@
+/**
+ * Typed event emitter for auth state changes.
+ * @module
+ */
+/**
+ * A minimal, type-safe event emitter for auth lifecycle events.
+ *
+ * Usage:
+ * ```ts
+ * const emitter = new AuthEventEmitter();
+ * const unsub = emitter.on('state-change', ({ previous, current }) => {
+ *   console.log(`State: ${previous} → ${current}`);
+ * });
+ * emitter.emit('state-change', { previous: 'locked', current: 'unlocked' });
+ * unsub(); // stop listening
+ * ```
+ */
+export class AuthEventEmitter {
+    constructor() {
+        this._listeners = new Map();
+    }
+    /**
+     * Subscribe to an event. Returns an unsubscribe function.
+     */
+    on(event, handler) {
+        let set = this._listeners.get(event);
+        if (!set) {
+            set = new Set();
+            this._listeners.set(event, set);
+        }
+        set.add(handler);
+        return () => {
+            set.delete(handler);
+            if (set.size === 0) {
+                this._listeners.delete(event);
+            }
+        };
+    }
+    /**
+     * Emit an event to all registered listeners.
+     * @internal
+     */
+    emit(event, payload) {
+        const set = this._listeners.get(event);
+        if (!set) {
+            return;
+        }
+        for (const handler of set) {
+            try {
+                handler(payload);
+            }
+            catch (err) {
+                console.error(`[AuthEventEmitter] Error in '${event}' handler:`, err);
+            }
+        }
+    }
+    /**
+     * Remove all listeners for all events.
+     * @internal
+     */
+    removeAllListeners() {
+        this._listeners.clear();
+    }
+}
+//# sourceMappingURL=events.js.map

package/dist/esm/events.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"events.js","sourceRoot":"","sources":["../../src/events.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH;;;;;;;;;;;;GAYG;AACH,MAAM,OAAO,gBAAgB;IAA7B;QACU,eAAU,GAAG,IAAI,GAAG,EAA+C,CAAC;IA4C9E,CAAC;IA1CC;;OAEG;IACH,EAAE,CAAsB,KAAQ,EAAE,OAA4B;QAC5D,IAAI,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACrC,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,GAAG,GAAG,IAAI,GAAG,EAAE,CAAC;YAChB,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAClC,CAAC;QACD,GAAG,CAAC,GAAG,CAAC,OAAsC,CAAC,CAAC;QAEhD,OAAO,GAAG,EAAE;YACV,GAAI,CAAC,MAAM,CAAC,OAAsC,CAAC,CAAC;YACpD,IAAI,GAAI,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;gBACpB,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAChC,CAAC;QACH,CAAC,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,IAAI,CAAsB,KAAQ,EAAE,OAAwB;QAC1D,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACvC,IAAI,CAAC,GAAG,EAAE,CAAC;YAAC,OAAO;QAAC,CAAC;QACrB,KAAK,MAAM,OAAO,IAAI,GAAG,EAAE,CAAC;YAC1B,IAAI,CAAC;gBACH,OAAO,CAAC,OAAO,CAAC,CAAC;YACnB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CAAC,gCAAgC,KAAK,YAAY,EAAE,GAAG,CAAC,CAAC;YACxE,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,kBAAkB;QAChB,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;IAC1B,CAAC;CACF"}