@githat/nextjs 0.2.0 → 0.2.2

package/dist/githat.css

@@ -332,3 +332,44 @@
   color: #a1a1aa;
   font-size: 0.875rem;
 }
+
+/* Dev Mode Banner */
+.githat-dev-banner {
+  position: fixed;
+  top: 0;
+  left: 0;
+  right: 0;
+  z-index: 99999;
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  padding: 0.5rem 1rem;
+  background: #fef3c7;
+  border-bottom: 1px solid #f59e0b;
+  font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+  font-size: 0.8125rem;
+  color: #92400e;
+}
+
+.githat-dev-banner a {
+  color: #d97706;
+  font-weight: 600;
+  text-decoration: underline;
+}
+
+.githat-dev-banner button {
+  background: none;
+  border: none;
+  color: #92400e;
+  font-size: 1.25rem;
+  cursor: pointer;
+  padding: 0 0.25rem;
+  line-height: 1;
+}
+
+/* Success Alert */
+.githat-alert-success {
+  background: rgba(16, 185, 129, 0.1);
+  border: 1px solid rgba(16, 185, 129, 0.3);
+  color: #6ee7b7;
+}

package/dist/index.d.mts

@@ -22,6 +22,17 @@ interface GitHatConfig {
     signUpUrl?: string;
     afterSignInUrl?: string;
     afterSignOutUrl?: string;
+    /**
+     * Token storage mode:
+     * - 'localStorage' (default): Tokens stored in browser localStorage
+     * - 'cookie': Tokens stored in httpOnly cookies (more secure, XSS-resistant)
+     *
+     * When using 'cookie' mode:
+     * - Login/refresh automatically set httpOnly cookies
+     * - SDK reads auth state from cookies (server-side)
+     * - Better for apps with server-side rendering
+     */
+    tokenStorage?: 'localStorage' | 'cookie';
 }
 interface AuthState {
     user: GitHatUser | null;
@@ -49,6 +60,12 @@ interface SignUpResult {
 interface GitHatContextValue extends AuthState, AuthActions {
     config: GitHatConfig;
 }
+interface PasswordResetResult {
+    success: boolean;
+}
+interface EmailVerificationResult {
+    success: boolean;
+}
 
 interface GitHatProviderProps {
     config: GitHatConfig;
@@ -56,9 +73,12 @@ interface GitHatProviderProps {
 }
 declare function GitHatProvider({ config: rawConfig, children }: GitHatProviderProps): react_jsx_runtime.JSX.Element;
 
+interface OrgMetadata$1 {
+    [key: string]: unknown;
+}
 declare function useAuth(): GitHatContextValue;
 declare function useGitHat(): {
-    fetch: <T = any>(endpoint: string, options?: RequestInit) => Promise<T>;
+    fetch: <T = unknown>(endpoint: string, fetchOptions?: RequestInit) => Promise<T>;
     getUserOrgs: () => Promise<{
         orgs: GitHatOrg[];
     }>;
@@ -68,6 +88,116 @@ declare function useGitHat(): {
     verifyAgent: (wallet: string) => Promise<{
         verified: boolean;
     }>;
+    getOrgMetadata: () => Promise<OrgMetadata$1>;
+    updateOrgMetadata: (updates: OrgMetadata$1) => Promise<OrgMetadata$1>;
+    forgotPassword: (email: string) => Promise<{
+        success: boolean;
+    }>;
+    resetPassword: (token: string, newPassword: string) => Promise<{
+        success: boolean;
+    }>;
+    changePassword: (currentPassword: string, newPassword: string) => Promise<{
+        success: boolean;
+    }>;
+    verifyEmail: (token: string) => Promise<{
+        success: boolean;
+    }>;
+    resendVerificationEmail: (email: string) => Promise<{
+        success: boolean;
+    }>;
+};
+
+interface DataItem {
+    id: string;
+    [key: string]: unknown;
+    _createdAt?: string;
+    _updatedAt?: string;
+}
+interface QueryOptions {
+    limit?: number;
+    cursor?: string;
+    filter?: Record<string, unknown>;
+}
+interface QueryResult<T = DataItem> {
+    items: T[];
+    collection: string;
+    nextCursor: string | null;
+    count: number;
+}
+interface PutResult<T = DataItem> {
+    item: T;
+    collection: string;
+    created: boolean;
+}
+interface DeleteResult {
+    deleted: boolean;
+    id: string;
+    collection: string;
+}
+interface BatchOperation {
+    type: 'put' | 'delete';
+    id: string;
+    data?: Record<string, unknown>;
+}
+interface BatchResult {
+    processed: number;
+    put: number;
+    deleted: number;
+    collection: string;
+}
+/**
+ * Hook for interacting with GitHat's Customer Data API.
+ * Provides CRUD operations for storing app data in GitHat's managed DynamoDB.
+ *
+ * @example
+ * ```tsx
+ * const { put, get, query, remove, batch } = useData();
+ *
+ * // Store data
+ * await put('orders', { id: 'order_123', amount: 99.99, status: 'pending' });
+ *
+ * // Get single item
+ * const order = await get('orders', 'order_123');
+ *
+ * // Query collection
+ * const { items } = await query('orders', { filter: { status: 'pending' } });
+ *
+ * // Delete item
+ * await remove('orders', 'order_123');
+ * ```
+ */
+declare function useData(): {
+    /**
+     * Store an item in a collection. If the item exists, it will be updated.
+     * @param collection - Collection name (e.g., 'orders', 'users')
+     * @param data - Data object with required `id` field
+     */
+    put: <T extends DataItem>(collection: string, data: T) => Promise<PutResult<T>>;
+    /**
+     * Get a single item from a collection.
+     * @param collection - Collection name
+     * @param id - Item ID
+     */
+    get: <T extends DataItem>(collection: string, id: string) => Promise<T | null>;
+    /**
+     * Query items from a collection with optional filters and pagination.
+     * @param collection - Collection name
+     * @param options - Query options (limit, cursor, filter)
+     */
+    query: <T extends DataItem>(collection: string, options?: QueryOptions) => Promise<QueryResult<T>>;
+    /**
+     * Delete an item from a collection.
+     * @param collection - Collection name
+     * @param id - Item ID
+     */
+    remove: (collection: string, id: string) => Promise<DeleteResult>;
+    /**
+     * Batch operations (put/delete) on a collection.
+     * Maximum 100 operations per request.
+     * @param collection - Collection name
+     * @param operations - Array of operations
+     */
+    batch: (collection: string, operations: BatchOperation[]) => Promise<BatchResult>;
 };
 
 interface SignInFormProps {
@@ -117,4 +247,85 @@ interface ProtectedRouteProps {
 }
 declare function ProtectedRoute({ children, fallback }: ProtectedRouteProps): react_jsx_runtime.JSX.Element | null;
 
-export { type AuthActions, type AuthState, type GitHatConfig, type GitHatContextValue, type GitHatOrg, GitHatProvider, type GitHatUser, OrgSwitcher, ProtectedRoute, SignInButton, SignInForm, SignUpButton, type SignUpData, SignUpForm, type SignUpResult, UserButton, VerifiedBadge, useAuth, useGitHat };
+interface ForgotPasswordFormProps {
+    onSuccess?: (email: string) => void;
+    onError?: (error: Error) => void;
+    signInUrl?: string;
+}
+declare function ForgotPasswordForm({ onSuccess, onError, signInUrl, }: ForgotPasswordFormProps): react_jsx_runtime.JSX.Element;
+
+interface ResetPasswordFormProps {
+    token: string;
+    onSuccess?: () => void;
+    onError?: (error: Error) => void;
+    signInUrl?: string;
+    minPasswordLength?: number;
+}
+declare function ResetPasswordForm({ token, onSuccess, onError, signInUrl, minPasswordLength, }: ResetPasswordFormProps): react_jsx_runtime.JSX.Element;
+
+interface VerifyEmailStatusProps {
+    token: string;
+    onSuccess?: () => void;
+    onError?: (error: Error) => void;
+    signInUrl?: string;
+    redirectDelay?: number;
+}
+declare function VerifyEmailStatus({ token, onSuccess, onError, signInUrl, redirectDelay, }: VerifyEmailStatusProps): react_jsx_runtime.JSX.Element;
+
+interface ChangePasswordFormProps {
+    onSuccess?: () => void;
+    onError?: (error: Error) => void;
+    minPasswordLength?: number;
+}
+declare function ChangePasswordForm({ onSuccess, onError, minPasswordLength, }: ChangePasswordFormProps): react_jsx_runtime.JSX.Element;
+
+/**
+ * @githat/nextjs/server
+ *
+ * Server-side utilities for token verification in Next.js API routes and middleware.
+ * This module runs on the server only — do not import in client components.
+ */
+interface AuthPayload {
+    userId: string;
+    email: string;
+    orgId: string | null;
+    orgSlug: string | null;
+    role: 'owner' | 'admin' | 'member' | null;
+    tier: 'free' | 'basic' | 'pro' | 'enterprise' | null;
+}
+interface VerifyOptions {
+    /**
+     * Secret key for local JWT verification. If provided, tokens are verified
+     * locally without making an API call (~1ms vs ~50-100ms).
+     * Must match the JWT_SECRET used by the GitHat backend.
+     */
+    secretKey?: string;
+    /**
+     * API URL for remote token verification. Defaults to https://api.githat.io
+     */
+    apiUrl?: string;
+}
+interface OrgMetadata {
+    [key: string]: unknown;
+}
+/**
+ * Handler function that receives the request and verified auth payload.
+ */
+type AuthenticatedHandler = (request: Request, auth: AuthPayload) => Promise<Response> | Response;
+/**
+ * Options for the withAuth wrapper.
+ */
+interface WithAuthOptions {
+    /**
+     * Secret key for local JWT verification.
+     * Defaults to process.env.GITHAT_SECRET_KEY if not provided.
+     */
+    secretKey?: string;
+    /**
+     * Custom response to return when authentication fails.
+     * Defaults to JSON { error: 'Unauthorized' } with status 401.
+     */
+    onUnauthorized?: () => Response;
+}
+
+export { type AuthActions, type AuthPayload, type AuthState, type AuthenticatedHandler, type BatchOperation, type BatchResult, ChangePasswordForm, type DataItem, type DeleteResult, type EmailVerificationResult, ForgotPasswordForm, type GitHatConfig, type GitHatContextValue, type GitHatOrg, GitHatProvider, type GitHatUser, type OrgMetadata, OrgSwitcher, type PasswordResetResult, ProtectedRoute, type PutResult, type QueryOptions, type QueryResult, ResetPasswordForm, SignInButton, SignInForm, SignUpButton, type SignUpData, SignUpForm, type SignUpResult, UserButton, VerifiedBadge, VerifyEmailStatus, type VerifyOptions, type WithAuthOptions, useAuth, useData, useGitHat };

package/dist/index.d.ts

@@ -22,6 +22,17 @@ interface GitHatConfig {
     signUpUrl?: string;
     afterSignInUrl?: string;
     afterSignOutUrl?: string;
+    /**
+     * Token storage mode:
+     * - 'localStorage' (default): Tokens stored in browser localStorage
+     * - 'cookie': Tokens stored in httpOnly cookies (more secure, XSS-resistant)
+     *
+     * When using 'cookie' mode:
+     * - Login/refresh automatically set httpOnly cookies
+     * - SDK reads auth state from cookies (server-side)
+     * - Better for apps with server-side rendering
+     */
+    tokenStorage?: 'localStorage' | 'cookie';
 }
 interface AuthState {
     user: GitHatUser | null;
@@ -49,6 +60,12 @@ interface SignUpResult {
 interface GitHatContextValue extends AuthState, AuthActions {
     config: GitHatConfig;
 }
+interface PasswordResetResult {
+    success: boolean;
+}
+interface EmailVerificationResult {
+    success: boolean;
+}
 
 interface GitHatProviderProps {
     config: GitHatConfig;
@@ -56,9 +73,12 @@ interface GitHatProviderProps {
 }
 declare function GitHatProvider({ config: rawConfig, children }: GitHatProviderProps): react_jsx_runtime.JSX.Element;
 
+interface OrgMetadata$1 {
+    [key: string]: unknown;
+}
 declare function useAuth(): GitHatContextValue;
 declare function useGitHat(): {
-    fetch: <T = any>(endpoint: string, options?: RequestInit) => Promise<T>;
+    fetch: <T = unknown>(endpoint: string, fetchOptions?: RequestInit) => Promise<T>;
     getUserOrgs: () => Promise<{
         orgs: GitHatOrg[];
     }>;
@@ -68,6 +88,116 @@ declare function useGitHat(): {
     verifyAgent: (wallet: string) => Promise<{
         verified: boolean;
     }>;
+    getOrgMetadata: () => Promise<OrgMetadata$1>;
+    updateOrgMetadata: (updates: OrgMetadata$1) => Promise<OrgMetadata$1>;
+    forgotPassword: (email: string) => Promise<{
+        success: boolean;
+    }>;
+    resetPassword: (token: string, newPassword: string) => Promise<{
+        success: boolean;
+    }>;
+    changePassword: (currentPassword: string, newPassword: string) => Promise<{
+        success: boolean;
+    }>;
+    verifyEmail: (token: string) => Promise<{
+        success: boolean;
+    }>;
+    resendVerificationEmail: (email: string) => Promise<{
+        success: boolean;
+    }>;
+};
+
+interface DataItem {
+    id: string;
+    [key: string]: unknown;
+    _createdAt?: string;
+    _updatedAt?: string;
+}
+interface QueryOptions {
+    limit?: number;
+    cursor?: string;
+    filter?: Record<string, unknown>;
+}
+interface QueryResult<T = DataItem> {
+    items: T[];
+    collection: string;
+    nextCursor: string | null;
+    count: number;
+}
+interface PutResult<T = DataItem> {
+    item: T;
+    collection: string;
+    created: boolean;
+}
+interface DeleteResult {
+    deleted: boolean;
+    id: string;
+    collection: string;
+}
+interface BatchOperation {
+    type: 'put' | 'delete';
+    id: string;
+    data?: Record<string, unknown>;
+}
+interface BatchResult {
+    processed: number;
+    put: number;
+    deleted: number;
+    collection: string;
+}
+/**
+ * Hook for interacting with GitHat's Customer Data API.
+ * Provides CRUD operations for storing app data in GitHat's managed DynamoDB.
+ *
+ * @example
+ * ```tsx
+ * const { put, get, query, remove, batch } = useData();
+ *
+ * // Store data
+ * await put('orders', { id: 'order_123', amount: 99.99, status: 'pending' });
+ *
+ * // Get single item
+ * const order = await get('orders', 'order_123');
+ *
+ * // Query collection
+ * const { items } = await query('orders', { filter: { status: 'pending' } });
+ *
+ * // Delete item
+ * await remove('orders', 'order_123');
+ * ```
+ */
+declare function useData(): {
+    /**
+     * Store an item in a collection. If the item exists, it will be updated.
+     * @param collection - Collection name (e.g., 'orders', 'users')
+     * @param data - Data object with required `id` field
+     */
+    put: <T extends DataItem>(collection: string, data: T) => Promise<PutResult<T>>;
+    /**
+     * Get a single item from a collection.
+     * @param collection - Collection name
+     * @param id - Item ID
+     */
+    get: <T extends DataItem>(collection: string, id: string) => Promise<T | null>;
+    /**
+     * Query items from a collection with optional filters and pagination.
+     * @param collection - Collection name
+     * @param options - Query options (limit, cursor, filter)
+     */
+    query: <T extends DataItem>(collection: string, options?: QueryOptions) => Promise<QueryResult<T>>;
+    /**
+     * Delete an item from a collection.
+     * @param collection - Collection name
+     * @param id - Item ID
+     */
+    remove: (collection: string, id: string) => Promise<DeleteResult>;
+    /**
+     * Batch operations (put/delete) on a collection.
+     * Maximum 100 operations per request.
+     * @param collection - Collection name
+     * @param operations - Array of operations
+     */
+    batch: (collection: string, operations: BatchOperation[]) => Promise<BatchResult>;
 };
 
 interface SignInFormProps {
@@ -117,4 +247,85 @@ interface ProtectedRouteProps {
 }
 declare function ProtectedRoute({ children, fallback }: ProtectedRouteProps): react_jsx_runtime.JSX.Element | null;
 
-export { type AuthActions, type AuthState, type GitHatConfig, type GitHatContextValue, type GitHatOrg, GitHatProvider, type GitHatUser, OrgSwitcher, ProtectedRoute, SignInButton, SignInForm, SignUpButton, type SignUpData, SignUpForm, type SignUpResult, UserButton, VerifiedBadge, useAuth, useGitHat };
+interface ForgotPasswordFormProps {
+    onSuccess?: (email: string) => void;
+    onError?: (error: Error) => void;
+    signInUrl?: string;
+}
+declare function ForgotPasswordForm({ onSuccess, onError, signInUrl, }: ForgotPasswordFormProps): react_jsx_runtime.JSX.Element;
+
+interface ResetPasswordFormProps {
+    token: string;
+    onSuccess?: () => void;
+    onError?: (error: Error) => void;
+    signInUrl?: string;
+    minPasswordLength?: number;
+}
+declare function ResetPasswordForm({ token, onSuccess, onError, signInUrl, minPasswordLength, }: ResetPasswordFormProps): react_jsx_runtime.JSX.Element;
+
+interface VerifyEmailStatusProps {
+    token: string;
+    onSuccess?: () => void;
+    onError?: (error: Error) => void;
+    signInUrl?: string;
+    redirectDelay?: number;
+}
+declare function VerifyEmailStatus({ token, onSuccess, onError, signInUrl, redirectDelay, }: VerifyEmailStatusProps): react_jsx_runtime.JSX.Element;
+
+interface ChangePasswordFormProps {
+    onSuccess?: () => void;
+    onError?: (error: Error) => void;
+    minPasswordLength?: number;
+}
+declare function ChangePasswordForm({ onSuccess, onError, minPasswordLength, }: ChangePasswordFormProps): react_jsx_runtime.JSX.Element;
+
+/**
+ * @githat/nextjs/server
+ *
+ * Server-side utilities for token verification in Next.js API routes and middleware.
+ * This module runs on the server only — do not import in client components.
+ */
+interface AuthPayload {
+    userId: string;
+    email: string;
+    orgId: string | null;
+    orgSlug: string | null;
+    role: 'owner' | 'admin' | 'member' | null;
+    tier: 'free' | 'basic' | 'pro' | 'enterprise' | null;
+}
+interface VerifyOptions {
+    /**
+     * Secret key for local JWT verification. If provided, tokens are verified
+     * locally without making an API call (~1ms vs ~50-100ms).
+     * Must match the JWT_SECRET used by the GitHat backend.
+     */
+    secretKey?: string;
+    /**
+     * API URL for remote token verification. Defaults to https://api.githat.io
+     */
+    apiUrl?: string;
+}
+interface OrgMetadata {
+    [key: string]: unknown;
+}
+/**
+ * Handler function that receives the request and verified auth payload.
+ */
+type AuthenticatedHandler = (request: Request, auth: AuthPayload) => Promise<Response> | Response;
+/**
+ * Options for the withAuth wrapper.
+ */
+interface WithAuthOptions {
+    /**
+     * Secret key for local JWT verification.
+     * Defaults to process.env.GITHAT_SECRET_KEY if not provided.
+     */
+    secretKey?: string;
+    /**
+     * Custom response to return when authentication fails.
+     * Defaults to JSON { error: 'Unauthorized' } with status 401.
+     */
+    onUnauthorized?: () => Response;
+}
+
+export { type AuthActions, type AuthPayload, type AuthState, type AuthenticatedHandler, type BatchOperation, type BatchResult, ChangePasswordForm, type DataItem, type DeleteResult, type EmailVerificationResult, ForgotPasswordForm, type GitHatConfig, type GitHatContextValue, type GitHatOrg, GitHatProvider, type GitHatUser, type OrgMetadata, OrgSwitcher, type PasswordResetResult, ProtectedRoute, type PutResult, type QueryOptions, type QueryResult, ResetPasswordForm, SignInButton, SignInForm, SignUpButton, type SignUpData, SignUpForm, type SignUpResult, UserButton, VerifiedBadge, VerifyEmailStatus, type VerifyOptions, type WithAuthOptions, useAuth, useData, useGitHat };