@every-app/sdk 0.1.9 → 0.1.11

package/dist/core/authenticatedFetch.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authenticatedFetch.d.ts","sourceRoot":"","sources":["../../src/core/authenticatedFetch.ts"],"names":[],"mappings":"AAQA;;GAEG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC,MAAM,CAAC,CAevD;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,KAAK,EAAE,WAAW,GAAG,GAAG,EACxB,IAAI,CAAC,EAAE,WAAW,GACjB,OAAO,CAAC,QAAQ,CAAC,CAUnB"}
+{"version":3,"file":"authenticatedFetch.d.ts","sourceRoot":"","sources":["../../src/core/authenticatedFetch.ts"],"names":[],"mappings":"AAaA;;GAEG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC,MAAM,CAAC,CAmBvD;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,KAAK,EAAE,WAAW,GAAG,GAAG,EACxB,IAAI,CAAC,EAAE,WAAW,GACjB,OAAO,CAAC,QAAQ,CAAC,CAUnB"}

package/dist/core/authenticatedFetch.js

@@ -1,7 +1,11 @@
+import { BYPASS_GATEWAY_LOCAL_ONLY_TOKEN, isBypassGatewayLocalOnlyClient, } from "../shared/bypassGatewayLocalOnly.js";
 /**
  * Gets the current session token from the embedded session manager
  */
 export async function getSessionToken() {
+    if (isBypassGatewayLocalOnlyClient()) {
+        return BYPASS_GATEWAY_LOCAL_ONLY_TOKEN;
+    }
     const windowWithSession = window;
     const sessionManager = windowWithSession.__embeddedSessionManager;
     if (!sessionManager) {

package/dist/core/sessionManager.d.ts

@@ -10,6 +10,9 @@ export declare class SessionManager {
     readonly parentOrigin: string;
     readonly appId: string;
     readonly isInIframe: boolean;
+    readonly isBypassGatewayLocalOnly: boolean;
+    /** @deprecated Use isBypassGatewayLocalOnly instead. */
+    readonly isDemoModeLocalOnly: boolean;
     private token;
     private refreshPromise;
     constructor(config: SessionManagerConfig);

package/dist/core/sessionManager.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sessionManager.d.ts","sourceRoot":"","sources":["../../src/core/sessionManager.ts"],"names":[],"mappings":"AAWA,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,MAAM,CAAC;CACf;AAMD;;;GAGG;AACH,wBAAgB,iBAAiB,IAAI,OAAO,CAQ3C;AAED,qBAAa,cAAc;IACzB,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC;IAE7B,OAAO,CAAC,KAAK,CAA6B;IAC1C,OAAO,CAAC,cAAc,CAAgC;gBAE1C,MAAM,EAAE,oBAAoB;IAqBxC,OAAO,CAAC,mBAAmB;IAO3B,OAAO,CAAC,uBAAuB;IAuCzB,eAAe,IAAI,OAAO,CAAC,MAAM,CAAC;IA8ClC,QAAQ,IAAI,OAAO,CAAC,MAAM,CAAC;IAOjC,aAAa,IAAI;QACf,MAAM,EAAE,UAAU,GAAG,OAAO,GAAG,SAAS,GAAG,YAAY,CAAC;QACxD,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;KACtB;IAgBD;;;OAGG;IACH,OAAO,IAAI;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI;CAwBpD"}
+{"version":3,"file":"sessionManager.d.ts","sourceRoot":"","sources":["../../src/core/sessionManager.ts"],"names":[],"mappings":"AAkBA,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,MAAM,CAAC;CACf;AAMD;;;GAGG;AACH,wBAAgB,iBAAiB,IAAI,OAAO,CAQ3C;AAED,qBAAa,cAAc;IACzB,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC;IAC7B,QAAQ,CAAC,wBAAwB,EAAE,OAAO,CAAC;IAC3C,wDAAwD;IACxD,QAAQ,CAAC,mBAAmB,EAAE,OAAO,CAAC;IAEtC,OAAO,CAAC,KAAK,CAA6B;IAC1C,OAAO,CAAC,cAAc,CAAgC;gBAE1C,MAAM,EAAE,oBAAoB;IAqCxC,OAAO,CAAC,mBAAmB;IAO3B,OAAO,CAAC,uBAAuB;IAuCzB,eAAe,IAAI,OAAO,CAAC,MAAM,CAAC;IAsDlC,QAAQ,IAAI,OAAO,CAAC,MAAM,CAAC;IAcjC,aAAa,IAAI;QACf,MAAM,EAAE,UAAU,GAAG,OAAO,GAAG,SAAS,GAAG,YAAY,CAAC;QACxD,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;KACtB;IAgBD;;;OAGG;IACH,OAAO,IAAI;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI;CA+BpD"}

package/dist/core/sessionManager.js

@@ -1,3 +1,4 @@
+import { BYPASS_GATEWAY_LOCAL_ONLY_EMAIL, BYPASS_GATEWAY_LOCAL_ONLY_TOKEN, BYPASS_GATEWAY_LOCAL_ONLY_USER_ID, isBypassGatewayLocalOnlyClient, } from "../shared/bypassGatewayLocalOnly.js";
 const MESSAGE_TIMEOUT_MS = 5000;
 const TOKEN_EXPIRY_BUFFER_MS = 10000;
 const DEFAULT_TOKEN_LIFETIME_MS = 60000;
@@ -19,25 +20,40 @@ export class SessionManager {
     parentOrigin;
     appId;
     isInIframe;
+    isBypassGatewayLocalOnly;
+    /** @deprecated Use isBypassGatewayLocalOnly instead. */
+    isDemoModeLocalOnly;
     token = null;
     refreshPromise = null;
     constructor(config) {
         if (!config.appId) {
             throw new Error("[SessionManager] appId is required.");
         }
+        this.isBypassGatewayLocalOnly = isBypassGatewayLocalOnlyClient();
+        this.isDemoModeLocalOnly = this.isBypassGatewayLocalOnly;
         const gatewayUrl = import.meta.env.VITE_GATEWAY_URL;
-        if (!gatewayUrl) {
-            throw new Error("[SessionManager] VITE_GATEWAY_URL env var is required.");
-        }
-        try {
-            new URL(gatewayUrl);
-        }
-        catch {
-            throw new Error(`[SessionManager] Invalid gateway URL: ${gatewayUrl}`);
+        if (!this.isBypassGatewayLocalOnly) {
+            if (!gatewayUrl) {
+                throw new Error("[SessionManager] VITE_GATEWAY_URL env var is required.");
+            }
+            try {
+                new URL(gatewayUrl);
+            }
+            catch {
+                throw new Error(`[SessionManager] Invalid gateway URL: ${gatewayUrl}`);
+            }
         }
         this.appId = config.appId;
-        this.parentOrigin = gatewayUrl;
+        this.parentOrigin = this.isBypassGatewayLocalOnly
+            ? window.location.origin
+            : gatewayUrl;
         this.isInIframe = isRunningInIframe();
+        if (this.isBypassGatewayLocalOnly) {
+            this.token = {
+                token: BYPASS_GATEWAY_LOCAL_ONLY_TOKEN,
+                expiresAt: Date.now() + DEFAULT_TOKEN_LIFETIME_MS,
+            };
+        }
     }
     isTokenExpiringSoon(bufferMs = TOKEN_EXPIRY_BUFFER_MS) {
         if (!this.token)
@@ -77,6 +93,13 @@ export class SessionManager {
         });
     }
     async requestNewToken() {
+        if (this.isBypassGatewayLocalOnly) {
+            this.token = {
+                token: BYPASS_GATEWAY_LOCAL_ONLY_TOKEN,
+                expiresAt: Date.now() + DEFAULT_TOKEN_LIFETIME_MS,
+            };
+            return this.token.token;
+        }
         if (this.refreshPromise) {
             return this.refreshPromise;
         }
@@ -112,6 +135,12 @@ export class SessionManager {
         }
     }
     async getToken() {
+        if (this.isBypassGatewayLocalOnly) {
+            if (!this.token || this.isTokenExpiringSoon()) {
+                return this.requestNewToken();
+            }
+            return this.token.token;
+        }
         if (this.isTokenExpiringSoon()) {
             return this.requestNewToken();
         }
@@ -134,6 +163,12 @@ export class SessionManager {
      * Returns null if no valid token is available.
      */
     getUser() {
+        if (this.isBypassGatewayLocalOnly) {
+            return {
+                userId: BYPASS_GATEWAY_LOCAL_ONLY_USER_ID,
+                email: BYPASS_GATEWAY_LOCAL_ONLY_EMAIL,
+            };
+        }
         if (!this.token) {
             return null;
         }

package/dist/shared/bypassGatewayLocalOnly.d.ts

@@ -0,0 +1,14 @@
+export declare const BYPASS_GATEWAY_LOCAL_ONLY_TOKEN = "BYPASS_GATEWAY_LOCAL_ONLY";
+export declare const BYPASS_GATEWAY_LOCAL_ONLY_USER_ID = "demo-local-user";
+export declare const BYPASS_GATEWAY_LOCAL_ONLY_EMAIL = "demo-local-user@local";
+export declare function isBypassGatewayLocalOnlyClient(): boolean;
+export declare function isBypassGatewayLocalOnlyServer(): boolean;
+export declare function createBypassGatewayLocalOnlySessionPayload(audience: string): {
+    sub: string;
+    email: string;
+    iss: string;
+    aud: string;
+    iat: number;
+    exp: number;
+};
+//# sourceMappingURL=bypassGatewayLocalOnly.d.ts.map

package/dist/shared/bypassGatewayLocalOnly.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bypassGatewayLocalOnly.d.ts","sourceRoot":"","sources":["../../src/shared/bypassGatewayLocalOnly.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,+BAA+B,8BAA8B,CAAC;AAC3E,eAAO,MAAM,iCAAiC,oBAAoB,CAAC;AACnE,eAAO,MAAM,+BAA+B,0BAA0B,CAAC;AAEvE,wBAAgB,8BAA8B,IAAI,OAAO,CAYxD;AAED,wBAAgB,8BAA8B,IAAI,OAAO,CAsBxD;AAED,wBAAgB,0CAA0C,CAAC,QAAQ,EAAE,MAAM;;;;;;;EAY1E"}

package/dist/shared/bypassGatewayLocalOnly.js

@@ -0,0 +1,41 @@
+export const BYPASS_GATEWAY_LOCAL_ONLY_TOKEN = "BYPASS_GATEWAY_LOCAL_ONLY";
+export const BYPASS_GATEWAY_LOCAL_ONLY_USER_ID = "demo-local-user";
+export const BYPASS_GATEWAY_LOCAL_ONLY_EMAIL = "demo-local-user@local";
+export function isBypassGatewayLocalOnlyClient() {
+    if (import.meta.env.PROD) {
+        return false;
+    }
+    const metaEnv = import.meta
+        .env;
+    return (metaEnv?.VITE_BYPASS_GATEWAY_LOCAL_ONLY === "true" ||
+        metaEnv?.BYPASS_GATEWAY_LOCAL_ONLY === "true");
+}
+export function isBypassGatewayLocalOnlyServer() {
+    if (import.meta.env.PROD) {
+        return false;
+    }
+    const metaEnv = import.meta
+        .env;
+    const metaValue = metaEnv?.BYPASS_GATEWAY_LOCAL_ONLY ??
+        metaEnv?.VITE_BYPASS_GATEWAY_LOCAL_ONLY;
+    if (metaValue === "true") {
+        return true;
+    }
+    if (typeof process !== "undefined" &&
+        process.env?.BYPASS_GATEWAY_LOCAL_ONLY === "true") {
+        return true;
+    }
+    return false;
+}
+export function createBypassGatewayLocalOnlySessionPayload(audience) {
+    const issuedAt = Math.floor(Date.now() / 1000);
+    const expiresAt = issuedAt + 60 * 60;
+    return {
+        sub: BYPASS_GATEWAY_LOCAL_ONLY_USER_ID,
+        email: BYPASS_GATEWAY_LOCAL_ONLY_EMAIL,
+        iss: "local",
+        aud: audience,
+        iat: issuedAt,
+        exp: expiresAt,
+    };
+}

package/dist/tanstack/EmbeddedAppProvider.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"EmbeddedAppProvider.d.ts","sourceRoot":"","sources":["../../src/tanstack/EmbeddedAppProvider.tsx"],"names":[],"mappings":"AAAA,OAAO,KAA6C,MAAM,OAAO,CAAC;AAClE,OAAO,EAAkB,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AAKjF,UAAU,sBAAuB,SAAQ,oBAAoB;IAC3D,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;CAC3B;AAUD,wBAAgB,mBAAmB,CAAC,EAClC,QAAQ,EACR,GAAG,MAAM,EACV,EAAE,sBAAsB,kDA6BxB;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,cAAc,IAAI;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAmBzE"}
+{"version":3,"file":"EmbeddedAppProvider.d.ts","sourceRoot":"","sources":["../../src/tanstack/EmbeddedAppProvider.tsx"],"names":[],"mappings":"AAAA,OAAO,KAA6C,MAAM,OAAO,CAAC;AAClE,OAAO,EAEL,oBAAoB,EACrB,MAAM,2BAA2B,CAAC;AAKnC,UAAU,sBAAuB,SAAQ,oBAAoB;IAC3D,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;CAC3B;AAUD,wBAAgB,mBAAmB,CAAC,EAClC,QAAQ,EACR,GAAG,MAAM,EACV,EAAE,sBAAsB,kDA6BxB;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,cAAc,IAAI;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAmBzE"}

package/dist/tanstack/EmbeddedAppProvider.js

@@ -11,8 +11,8 @@ export function EmbeddedAppProvider({ children, ...config }) {
     useEveryAppRouter({ sessionManager });
     if (!sessionManager)
         return null;
-    // Check if the app is running outside of the Gateway iframe
-    if (!sessionManager.isInIframe) {
+    // Check if the app is running outside of the Gateway iframe (skip in demo mode)
+    if (!sessionManager.isInIframe && !sessionManager.isBypassGatewayLocalOnly) {
         return (_jsx(GatewayRequiredError, { gatewayOrigin: sessionManager.parentOrigin, appId: config.appId }));
     }
     const value = {

package/dist/tanstack/_internal/useEveryAppSession.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"useEveryAppSession.d.ts","sourceRoot":"","sources":["../../../src/tanstack/_internal/useEveryAppSession.tsx"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAE9D,UAAU,oBAAoB;IAC5B,KAAK,EAAE,MAAM,CAAC;CACf;AAED,UAAU,wBAAwB;IAChC,oBAAoB,EAAE,oBAAoB,CAAC;CAC5C;AAED,wBAAgB,kBAAkB,CAAC,EACjC,oBAAoB,GACrB,EAAE,wBAAwB;;;;;;EA8C1B"}
+{"version":3,"file":"useEveryAppSession.d.ts","sourceRoot":"","sources":["../../../src/tanstack/_internal/useEveryAppSession.tsx"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAE9D,UAAU,oBAAoB;IAC5B,KAAK,EAAE,MAAM,CAAC;CACf;AAED,UAAU,wBAAwB;IAChC,oBAAoB,EAAE,oBAAoB,CAAC;CAC5C;AAED,wBAAgB,kBAAkB,CAAC,EACjC,oBAAoB,GACrB,EAAE,wBAAwB;;;;;;EA+C1B"}

package/dist/tanstack/_internal/useEveryAppSession.js

@@ -13,8 +13,8 @@ export function useEveryAppSession({ sessionManagerConfig, }) {
     useEffect(() => {
         if (!sessionManager)
             return;
-        // Skip token requests when not in iframe - the app will show GatewayRequiredError instead
-        if (!sessionManager.isInIframe)
+        // Skip token requests when not in iframe (unless in demo mode) - the app will show GatewayRequiredError instead
+        if (!sessionManager.isInIframe && !sessionManager.isBypassGatewayLocalOnly)
             return;
         const interval = setInterval(() => {
             setSessionTokenState(sessionManager.getTokenState());

package/dist/tanstack/server/authConfig.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authConfig.d.ts","sourceRoot":"","sources":["../../../src/tanstack/server/authConfig.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAG7C,wBAAgB,aAAa,IAAI,UAAU,CAK1C"}
+{"version":3,"file":"authConfig.d.ts","sourceRoot":"","sources":["../../../src/tanstack/server/authConfig.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAI7C,wBAAgB,aAAa,IAAI,UAAU,CAc1C"}

package/dist/tanstack/server/authConfig.js

@@ -1,7 +1,13 @@
 import { env } from "cloudflare:workers";
+import { isBypassGatewayLocalOnlyServer } from "../../shared/bypassGatewayLocalOnly.js";
 export function getAuthConfig() {
+    const bypassGatewayLocalOnlyEnv = env.BYPASS_GATEWAY_LOCAL_ONLY;
+    const isBypassGatewayLocalOnly = import.meta.env.PROD !== true &&
+        (bypassGatewayLocalOnlyEnv === "true" ||
+            isBypassGatewayLocalOnlyServer() === true);
+    const issuer = env.GATEWAY_URL || (isBypassGatewayLocalOnly ? "local" : "");
     return {
-        issuer: env.GATEWAY_URL,
+        issuer,
         audience: import.meta.env.VITE_APP_ID,
     };
 }

package/dist/tanstack/server/authenticateRequest.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authenticateRequest.d.ts","sourceRoot":"","sources":["../../../src/tanstack/server/authenticateRequest.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAG7C;;;GAGG;AACH,UAAU,mBAAmB;IAC3B,8BAA8B;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,iCAAiC;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,6DAA6D;IAC7D,GAAG,EAAE,MAAM,CAAC;IACZ,2BAA2B;IAC3B,GAAG,EAAE,MAAM,CAAC;IACZ,0BAA0B;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,sDAAsD;IACtD,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,wBAAsB,mBAAmB,CACvC,UAAU,EAAE,UAAU,EACtB,eAAe,CAAC,EAAE,OAAO,GACxB,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC,CA8BrC;AAyCD;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,GAAG,MAAM,GAAG,IAAI,CAK3E"}
+{"version":3,"file":"authenticateRequest.d.ts","sourceRoot":"","sources":["../../../src/tanstack/server/authenticateRequest.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAQ7C;;;GAGG;AACH,UAAU,mBAAmB;IAC3B,8BAA8B;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,iCAAiC;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,6DAA6D;IAC7D,GAAG,EAAE,MAAM,CAAC;IACZ,2BAA2B;IAC3B,GAAG,EAAE,MAAM,CAAC;IACZ,0BAA0B;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,sDAAsD;IACtD,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,wBAAsB,mBAAmB,CACvC,UAAU,EAAE,UAAU,EACtB,eAAe,CAAC,EAAE,OAAO,GACxB,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC,CA8CrC;AAyCD;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,GAAG,MAAM,GAAG,IAAI,CAK3E"}

package/dist/tanstack/server/authenticateRequest.js

@@ -1,9 +1,14 @@
 import { getRequest } from "@tanstack/react-start/server";
 import { createLocalJWKSet, jwtVerify, } from "jose";
 import { env } from "cloudflare:workers";
+import { BYPASS_GATEWAY_LOCAL_ONLY_TOKEN, createBypassGatewayLocalOnlySessionPayload, isBypassGatewayLocalOnlyServer, } from "../../shared/bypassGatewayLocalOnly.js";
 export async function authenticateRequest(authConfig, providedRequest) {
     const request = providedRequest || getRequest();
     const authHeader = request.headers.get("authorization");
+    const bypassGatewayLocalOnlyEnv = env.BYPASS_GATEWAY_LOCAL_ONLY;
+    const isBypassGatewayLocalOnly = import.meta.env.PROD !== true &&
+        (bypassGatewayLocalOnlyEnv === "true" ||
+            isBypassGatewayLocalOnlyServer() === true);
     if (!authHeader) {
         return null;
     }
@@ -11,6 +16,12 @@ export async function authenticateRequest(authConfig, providedRequest) {
     if (!token) {
         return null;
     }
+    if (isBypassGatewayLocalOnly) {
+        if (token !== BYPASS_GATEWAY_LOCAL_ONLY_TOKEN) {
+            return null;
+        }
+        return createBypassGatewayLocalOnlySessionPayload(authConfig.audience);
+    }
     try {
         const session = await verifySessionToken(token, authConfig);
         return session;

package/dist/tanstack/useSessionTokenClientMiddleware.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"useSessionTokenClientMiddleware.d.ts","sourceRoot":"","sources":["../../src/tanstack/useSessionTokenClientMiddleware.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,+BAA+B,6GA2B1C,CAAC"}
+{"version":3,"file":"useSessionTokenClientMiddleware.d.ts","sourceRoot":"","sources":["../../src/tanstack/useSessionTokenClientMiddleware.ts"],"names":[],"mappings":"AAOA,eAAO,MAAM,+BAA+B,6GAmC1C,CAAC"}

package/dist/tanstack/useSessionTokenClientMiddleware.js

@@ -1,7 +1,15 @@
 import { createMiddleware } from "@tanstack/react-start";
+import { BYPASS_GATEWAY_LOCAL_ONLY_TOKEN, isBypassGatewayLocalOnlyClient, } from "../shared/bypassGatewayLocalOnly.js";
 export const useSessionTokenClientMiddleware = createMiddleware({
     type: "function",
 }).client(async ({ next }) => {
+    if (isBypassGatewayLocalOnlyClient()) {
+        return next({
+            headers: {
+                Authorization: `Bearer ${BYPASS_GATEWAY_LOCAL_ONLY_TOKEN}`,
+            },
+        });
+    }
     // Get the global sessionManager - this MUST be available for embedded apps
     const sessionManager = window
         .__embeddedSessionManager;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@every-app/sdk",
-  "version": "0.1.9",
+  "version": "0.1.11",
   "license": "MIT",
   "type": "module",
   "exports": {

package/src/cloudflare/server/gateway.ts

@@ -46,17 +46,16 @@ export async function fetchGateway({
   const resolvedRequest = toRequest(url, init, gatewayBaseUrl);
   const authenticatedRequest = applyAppTokenAuth(resolvedRequest, env);
 
-  // Use service binding in production for zero-latency internal routing.
-  // In local dev wrangler still exposes the binding object, but the target
-  // service usually isn't running locally, so we skip it and use HTTP fetch.
-  if (import.meta.env.PROD && env.EVERY_APP_GATEWAY) {
+  // Use service binding when available for zero-latency internal routing
+  // (available in production Workers, not in local dev)
+  if (env.EVERY_APP_GATEWAY) {
     const url = new URL(authenticatedRequest.url);
     const bindingUrl = `${SERVICE_BINDING_ORIGIN}${url.pathname}${url.search}`;
     const bindingRequest = new Request(bindingUrl, authenticatedRequest);
     return env.EVERY_APP_GATEWAY.fetch(bindingRequest);
   }
 
-  // HTTP fetch – used in local dev, or as a fallback when no binding exists
+  // Fall back to HTTP fetch for local dev
   return fetch(authenticatedRequest);
 }
 

package/src/core/authenticatedFetch.ts

@@ -1,3 +1,8 @@
+import {
+  BYPASS_GATEWAY_LOCAL_ONLY_TOKEN,
+  isBypassGatewayLocalOnlyClient,
+} from "../shared/bypassGatewayLocalOnly.js";
+
 interface SessionManager {
   getToken(): Promise<string>;
 }
@@ -10,6 +15,10 @@ interface WindowWithSessionManager extends Window {
  * Gets the current session token from the embedded session manager
  */
 export async function getSessionToken(): Promise<string> {
+  if (isBypassGatewayLocalOnlyClient()) {
+    return BYPASS_GATEWAY_LOCAL_ONLY_TOKEN;
+  }
+
   const windowWithSession = window as WindowWithSessionManager;
   const sessionManager = windowWithSession.__embeddedSessionManager;
 

package/src/core/sessionManager.ts

@@ -1,3 +1,10 @@
+import {
+  BYPASS_GATEWAY_LOCAL_ONLY_EMAIL,
+  BYPASS_GATEWAY_LOCAL_ONLY_TOKEN,
+  BYPASS_GATEWAY_LOCAL_ONLY_USER_ID,
+  isBypassGatewayLocalOnlyClient,
+} from "../shared/bypassGatewayLocalOnly.js";
+
 interface SessionToken {
   token: string;
   expiresAt: number;
@@ -35,6 +42,9 @@ export class SessionManager {
   readonly parentOrigin: string;
   readonly appId: string;
   readonly isInIframe: boolean;
+  readonly isBypassGatewayLocalOnly: boolean;
+  /** @deprecated Use isBypassGatewayLocalOnly instead. */
+  readonly isDemoModeLocalOnly: boolean;
 
   private token: SessionToken | null = null;
   private refreshPromise: Promise<string> | null = null;
@@ -44,20 +54,36 @@ export class SessionManager {
       throw new Error("[SessionManager] appId is required.");
     }
 
+    this.isBypassGatewayLocalOnly = isBypassGatewayLocalOnlyClient();
+    this.isDemoModeLocalOnly = this.isBypassGatewayLocalOnly;
+
     const gatewayUrl = import.meta.env.VITE_GATEWAY_URL;
-    if (!gatewayUrl) {
-      throw new Error("[SessionManager] VITE_GATEWAY_URL env var is required.");
-    }
+    if (!this.isBypassGatewayLocalOnly) {
+      if (!gatewayUrl) {
+        throw new Error(
+          "[SessionManager] VITE_GATEWAY_URL env var is required.",
+        );
+      }
 
-    try {
-      new URL(gatewayUrl);
-    } catch {
-      throw new Error(`[SessionManager] Invalid gateway URL: ${gatewayUrl}`);
+      try {
+        new URL(gatewayUrl);
+      } catch {
+        throw new Error(`[SessionManager] Invalid gateway URL: ${gatewayUrl}`);
+      }
     }
 
     this.appId = config.appId;
-    this.parentOrigin = gatewayUrl;
+    this.parentOrigin = this.isBypassGatewayLocalOnly
+      ? window.location.origin
+      : gatewayUrl;
     this.isInIframe = isRunningInIframe();
+
+    if (this.isBypassGatewayLocalOnly) {
+      this.token = {
+        token: BYPASS_GATEWAY_LOCAL_ONLY_TOKEN,
+        expiresAt: Date.now() + DEFAULT_TOKEN_LIFETIME_MS,
+      };
+    }
   }
 
   private isTokenExpiringSoon(
@@ -107,6 +133,14 @@ export class SessionManager {
   }
 
   async requestNewToken(): Promise<string> {
+    if (this.isBypassGatewayLocalOnly) {
+      this.token = {
+        token: BYPASS_GATEWAY_LOCAL_ONLY_TOKEN,
+        expiresAt: Date.now() + DEFAULT_TOKEN_LIFETIME_MS,
+      };
+      return this.token.token;
+    }
+
     if (this.refreshPromise) {
       return this.refreshPromise;
     }
@@ -153,6 +187,13 @@ export class SessionManager {
   }
 
   async getToken(): Promise<string> {
+    if (this.isBypassGatewayLocalOnly) {
+      if (!this.token || this.isTokenExpiringSoon()) {
+        return this.requestNewToken();
+      }
+      return this.token.token;
+    }
+
     if (this.isTokenExpiringSoon()) {
       return this.requestNewToken();
     }
@@ -183,6 +224,13 @@ export class SessionManager {
    * Returns null if no valid token is available.
    */
   getUser(): { userId: string; email: string } | null {
+    if (this.isBypassGatewayLocalOnly) {
+      return {
+        userId: BYPASS_GATEWAY_LOCAL_ONLY_USER_ID,
+        email: BYPASS_GATEWAY_LOCAL_ONLY_EMAIL,
+      };
+    }
+
     if (!this.token) {
       return null;
     }

package/src/shared/bypassGatewayLocalOnly.ts

@@ -0,0 +1,55 @@
+export const BYPASS_GATEWAY_LOCAL_ONLY_TOKEN = "BYPASS_GATEWAY_LOCAL_ONLY";
+export const BYPASS_GATEWAY_LOCAL_ONLY_USER_ID = "demo-local-user";
+export const BYPASS_GATEWAY_LOCAL_ONLY_EMAIL = "demo-local-user@local";
+
+export function isBypassGatewayLocalOnlyClient(): boolean {
+  if (import.meta.env.PROD) {
+    return false;
+  }
+
+  const metaEnv = (import.meta as { env?: Record<string, string | undefined> })
+    .env;
+
+  return (
+    metaEnv?.VITE_BYPASS_GATEWAY_LOCAL_ONLY === "true" ||
+    metaEnv?.BYPASS_GATEWAY_LOCAL_ONLY === "true"
+  );
+}
+
+export function isBypassGatewayLocalOnlyServer(): boolean {
+  if (import.meta.env.PROD) {
+    return false;
+  }
+
+  const metaEnv = (import.meta as { env?: Record<string, string | undefined> })
+    .env;
+  const metaValue =
+    metaEnv?.BYPASS_GATEWAY_LOCAL_ONLY ??
+    metaEnv?.VITE_BYPASS_GATEWAY_LOCAL_ONLY;
+  if (metaValue === "true") {
+    return true;
+  }
+
+  if (
+    typeof process !== "undefined" &&
+    process.env?.BYPASS_GATEWAY_LOCAL_ONLY === "true"
+  ) {
+    return true;
+  }
+
+  return false;
+}
+
+export function createBypassGatewayLocalOnlySessionPayload(audience: string) {
+  const issuedAt = Math.floor(Date.now() / 1000);
+  const expiresAt = issuedAt + 60 * 60;
+
+  return {
+    sub: BYPASS_GATEWAY_LOCAL_ONLY_USER_ID,
+    email: BYPASS_GATEWAY_LOCAL_ONLY_EMAIL,
+    iss: "local",
+    aud: audience,
+    iat: issuedAt,
+    exp: expiresAt,
+  };
+}

package/src/tanstack/EmbeddedAppProvider.tsx

@@ -30,8 +30,8 @@ export function EmbeddedAppProvider({
 
   if (!sessionManager) return null;
 
-  // Check if the app is running outside of the Gateway iframe
-  if (!sessionManager.isInIframe) {
+  // Check if the app is running outside of the Gateway iframe (skip in demo mode)
+  if (!sessionManager.isInIframe && !sessionManager.isBypassGatewayLocalOnly) {
     return (
       <GatewayRequiredError
         gatewayOrigin={sessionManager.parentOrigin}

package/src/tanstack/_internal/useEveryAppSession.tsx

@@ -28,8 +28,9 @@ export function useEveryAppSession({
 
   useEffect(() => {
     if (!sessionManager) return;
-    // Skip token requests when not in iframe - the app will show GatewayRequiredError instead
-    if (!sessionManager.isInIframe) return;
+    // Skip token requests when not in iframe (unless in demo mode) - the app will show GatewayRequiredError instead
+    if (!sessionManager.isInIframe && !sessionManager.isBypassGatewayLocalOnly)
+      return;
 
     const interval = setInterval(() => {
       setSessionTokenState(sessionManager.getTokenState());

package/src/tanstack/server/authConfig.ts

@@ -1,9 +1,19 @@
 import type { AuthConfig } from "./types.js";
 import { env } from "cloudflare:workers";
+import { isBypassGatewayLocalOnlyServer } from "../../shared/bypassGatewayLocalOnly.js";
 
 export function getAuthConfig(): AuthConfig {
+  const bypassGatewayLocalOnlyEnv = (
+    env as { BYPASS_GATEWAY_LOCAL_ONLY?: string }
+  ).BYPASS_GATEWAY_LOCAL_ONLY;
+  const isBypassGatewayLocalOnly =
+    import.meta.env.PROD !== true &&
+    (bypassGatewayLocalOnlyEnv === "true" ||
+      isBypassGatewayLocalOnlyServer() === true);
+  const issuer = env.GATEWAY_URL || (isBypassGatewayLocalOnly ? "local" : "");
+
   return {
-    issuer: env.GATEWAY_URL,
+    issuer,
     audience: import.meta.env.VITE_APP_ID,
   };
 }

package/src/tanstack/server/authenticateRequest.test.ts

@@ -16,6 +16,7 @@ vi.mock("@tanstack/react-start/server", () => ({
 
 import { authenticateRequest } from "./authenticateRequest";
 import type { AuthConfig } from "./types";
+import { env } from "cloudflare:workers";
 
 describe("authenticateRequest", () => {
   let keyPair: Awaited<ReturnType<typeof generateKeyPair>>;
@@ -25,6 +26,9 @@ describe("authenticateRequest", () => {
     issuer: "https://gateway.example.com",
     audience: "test-app",
   };
+  const workersEnv = env as unknown as {
+    BYPASS_GATEWAY_LOCAL_ONLY?: string;
+  };
 
   beforeEach(async () => {
     // Generate a fresh key pair for each test
@@ -56,6 +60,7 @@ describe("authenticateRequest", () => {
 
   afterEach(() => {
     vi.restoreAllMocks();
+    delete workersEnv.BYPASS_GATEWAY_LOCAL_ONLY;
   });
 
   async function createValidToken(overrides: Record<string, unknown> = {}) {
@@ -117,6 +122,33 @@ describe("authenticateRequest", () => {
     });
   });
 
+  describe("BYPASS_GATEWAY_LOCAL_ONLY mode", () => {
+    it("accepts the local bypass token when BYPASS_GATEWAY_LOCAL_ONLY is true", async () => {
+      workersEnv.BYPASS_GATEWAY_LOCAL_ONLY = "true";
+      const request = createRequest("Bearer BYPASS_GATEWAY_LOCAL_ONLY");
+
+      const result = await authenticateRequest(authConfig, request);
+
+      expect(result).toMatchObject({
+        sub: "demo-local-user",
+        email: "demo-local-user@local",
+        iss: "local",
+        aud: authConfig.audience,
+      });
+      expect(global.fetch).not.toHaveBeenCalled();
+    });
+
+    it("rejects non-bypass tokens when BYPASS_GATEWAY_LOCAL_ONLY is true", async () => {
+      workersEnv.BYPASS_GATEWAY_LOCAL_ONLY = "true";
+      const request = createRequest("Bearer regular-token");
+
+      const result = await authenticateRequest(authConfig, request);
+
+      expect(result).toBeNull();
+      expect(global.fetch).not.toHaveBeenCalled();
+    });
+  });
+
   describe("valid token verification", () => {
     it("returns payload for valid token with correct issuer and audience", async () => {
       const token = await createValidToken();

package/src/tanstack/server/authenticateRequest.ts

@@ -8,6 +8,11 @@ import {
 
 import type { AuthConfig } from "./types.js";
 import { env } from "cloudflare:workers";
+import {
+  BYPASS_GATEWAY_LOCAL_ONLY_TOKEN,
+  createBypassGatewayLocalOnlySessionPayload,
+  isBypassGatewayLocalOnlyServer,
+} from "../../shared/bypassGatewayLocalOnly.js";
 
 /**
  * JWT payload structure for embedded app session tokens.
@@ -35,6 +40,14 @@ export async function authenticateRequest(
   const request = providedRequest || getRequest();
   const authHeader = request.headers.get("authorization");
 
+  const bypassGatewayLocalOnlyEnv = (
+    env as { BYPASS_GATEWAY_LOCAL_ONLY?: string }
+  ).BYPASS_GATEWAY_LOCAL_ONLY;
+  const isBypassGatewayLocalOnly =
+    import.meta.env.PROD !== true &&
+    (bypassGatewayLocalOnlyEnv === "true" ||
+      isBypassGatewayLocalOnlyServer() === true);
+
   if (!authHeader) {
     return null;
   }
@@ -45,6 +58,14 @@ export async function authenticateRequest(
     return null;
   }
 
+  if (isBypassGatewayLocalOnly) {
+    if (token !== BYPASS_GATEWAY_LOCAL_ONLY_TOKEN) {
+      return null;
+    }
+
+    return createBypassGatewayLocalOnlySessionPayload(authConfig.audience);
+  }
+
   try {
     const session = await verifySessionToken(token, authConfig);
     return session;

package/src/tanstack/useSessionTokenClientMiddleware.ts

@@ -1,9 +1,21 @@
 import { createMiddleware } from "@tanstack/react-start";
 import type { SessionManager } from "../core/sessionManager.js";
+import {
+  BYPASS_GATEWAY_LOCAL_ONLY_TOKEN,
+  isBypassGatewayLocalOnlyClient,
+} from "../shared/bypassGatewayLocalOnly.js";
 
 export const useSessionTokenClientMiddleware = createMiddleware({
   type: "function",
 }).client(async ({ next }) => {
+  if (isBypassGatewayLocalOnlyClient()) {
+    return next({
+      headers: {
+        Authorization: `Bearer ${BYPASS_GATEWAY_LOCAL_ONLY_TOKEN}`,
+      },
+    });
+  }
+
   // Get the global sessionManager - this MUST be available for embedded apps
   const sessionManager = (window as any)
     .__embeddedSessionManager as SessionManager;