@heavybit/pendoadmin-shared-lib 1.0.0

package/dist/common/index.d.ts

@@ -0,0 +1,6 @@
+export * from './jwt.utils.js';
+export * from './phone.utils.js';
+export * from './password.utils.js';
+export * from './uuid.utils.js';
+export * from './response.utils.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/common/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/common/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,kBAAkB,CAAC;AACjC,cAAc,qBAAqB,CAAC;AACpC,cAAc,iBAAiB,CAAC;AAChC,cAAc,qBAAqB,CAAC"}

package/dist/common/index.js

@@ -0,0 +1,6 @@
+export * from './jwt.utils.js';
+export * from './phone.utils.js';
+export * from './password.utils.js';
+export * from './uuid.utils.js';
+export * from './response.utils.js';
+//# sourceMappingURL=index.js.map

package/dist/common/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/common/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,kBAAkB,CAAC;AACjC,cAAc,qBAAqB,CAAC;AACpC,cAAc,iBAAiB,CAAC;AAChC,cAAc,qBAAqB,CAAC"}

package/dist/common/jwt.utils.d.ts

@@ -0,0 +1,7 @@
+import type { IJwtPayload } from '../types/index.js';
+export declare function signAccessToken(payload: Omit<IJwtPayload, 'iat' | 'exp' | 'iss'>, secret: string, expiresIn?: string): string;
+export declare function signRefreshToken(userId: string, secret: string, expiresIn?: string): string;
+export declare function verifyToken(token: string, secret: string): IJwtPayload;
+export declare function decodeToken(token: string): IJwtPayload | null;
+export declare function extractBearerToken(authHeader?: string): string | null;
+//# sourceMappingURL=jwt.utils.d.ts.map

package/dist/common/jwt.utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.utils.d.ts","sourceRoot":"","sources":["../../src/common/jwt.utils.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAIrD,wBAAgB,eAAe,CAC7B,OAAO,EAAE,IAAI,CAAC,WAAW,EAAE,KAAK,GAAG,KAAK,GAAG,KAAK,CAAC,EACjD,MAAM,EAAE,MAAM,EACd,SAAS,GAAE,MAAa,GACvB,MAAM,CAKR;AAED,wBAAgB,gBAAgB,CAC9B,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,SAAS,GAAE,MAAa,GACvB,MAAM,CAKR;AAED,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,WAAW,CAEtE;AAED,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI,CAM7D;AAED,wBAAgB,kBAAkB,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAGrE"}

package/dist/common/jwt.utils.js

@@ -0,0 +1,31 @@
+import jwt from 'jsonwebtoken';
+const JWT_ISSUER = 'pendoadmin-auth';
+export function signAccessToken(payload, secret, expiresIn = '1h') {
+    return jwt.sign(payload, secret, {
+        expiresIn: expiresIn,
+        issuer: JWT_ISSUER,
+    });
+}
+export function signRefreshToken(userId, secret, expiresIn = '7d') {
+    return jwt.sign({ sub: userId, type: 'refresh' }, secret, {
+        expiresIn: expiresIn,
+        issuer: JWT_ISSUER,
+    });
+}
+export function verifyToken(token, secret) {
+    return jwt.verify(token, secret, { issuer: JWT_ISSUER });
+}
+export function decodeToken(token) {
+    try {
+        return jwt.decode(token);
+    }
+    catch {
+        return null;
+    }
+}
+export function extractBearerToken(authHeader) {
+    if (!authHeader?.startsWith('Bearer '))
+        return null;
+    return authHeader.slice(7);
+}
+//# sourceMappingURL=jwt.utils.js.map

package/dist/common/jwt.utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.utils.js","sourceRoot":"","sources":["../../src/common/jwt.utils.ts"],"names":[],"mappings":"AAAA,OAAO,GAAG,MAAM,cAAc,CAAC;AAG/B,MAAM,UAAU,GAAG,iBAAiB,CAAC;AAErC,MAAM,UAAU,eAAe,CAC7B,OAAiD,EACjD,MAAc,EACd,YAAoB,IAAI;IAExB,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE;QAC/B,SAAS,EAAE,SAAoD;QAC/D,MAAM,EAAE,UAAU;KACnB,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,MAAc,EACd,MAAc,EACd,YAAoB,IAAI;IAExB,OAAO,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,MAAM,EAAE;QACxD,SAAS,EAAE,SAAoD;QAC/D,MAAM,EAAE,UAAU;KACnB,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,KAAa,EAAE,MAAc;IACvD,OAAO,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,CAAgB,CAAC;AAC1E,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,KAAa;IACvC,IAAI,CAAC;QACH,OAAO,GAAG,CAAC,MAAM,CAAC,KAAK,CAAgB,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,UAAmB;IACpD,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IACpD,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AAC7B,CAAC"}

package/dist/common/password.utils.d.ts

@@ -0,0 +1,4 @@
+export declare function hashPassword(password: string): Promise<string>;
+export declare function verifyPassword(password: string, hash: string): Promise<boolean>;
+export declare function generateRandomPassword(length?: number): string;
+//# sourceMappingURL=password.utils.d.ts.map

package/dist/common/password.utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"password.utils.d.ts","sourceRoot":"","sources":["../../src/common/password.utils.ts"],"names":[],"mappings":"AAIA,wBAAsB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAEpE;AAED,wBAAsB,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAErF;AAED,wBAAgB,sBAAsB,CAAC,MAAM,GAAE,MAAW,GAAG,MAAM,CAOlE"}

package/dist/common/password.utils.js

@@ -0,0 +1,17 @@
+import bcrypt from 'bcrypt';
+const SALT_ROUNDS = 12;
+export async function hashPassword(password) {
+    return bcrypt.hash(password, SALT_ROUNDS);
+}
+export async function verifyPassword(password, hash) {
+    return bcrypt.compare(password, hash);
+}
+export function generateRandomPassword(length = 16) {
+    const chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*';
+    let password = '';
+    for (let i = 0; i < length; i++) {
+        password += chars.charAt(Math.floor(Math.random() * chars.length));
+    }
+    return password;
+}
+//# sourceMappingURL=password.utils.js.map

package/dist/common/password.utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"password.utils.js","sourceRoot":"","sources":["../../src/common/password.utils.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,QAAQ,CAAC;AAE5B,MAAM,WAAW,GAAG,EAAE,CAAC;AAEvB,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,QAAgB;IACjD,OAAO,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;AAC5C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,QAAgB,EAAE,IAAY;IACjE,OAAO,MAAM,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;AACxC,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,SAAiB,EAAE;IACxD,MAAM,KAAK,GAAG,wEAAwE,CAAC;IACvF,IAAI,QAAQ,GAAG,EAAE,CAAC;IAClB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAChC,QAAQ,IAAI,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;IACrE,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/common/phone.utils.d.ts

@@ -0,0 +1,4 @@
+export declare function normalizePhoneNumber(phone: string, defaultCountry?: string): string;
+export declare function isValidPhoneNumber(phone: string, defaultCountry?: string): boolean;
+export declare function formatPhoneNumber(phone: string, format?: 'e164' | 'international' | 'national', defaultCountry?: string): string;
+//# sourceMappingURL=phone.utils.d.ts.map

package/dist/common/phone.utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"phone.utils.d.ts","sourceRoot":"","sources":["../../src/common/phone.utils.ts"],"names":[],"mappings":"AAKA,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,cAAc,GAAE,MAAa,GAAG,MAAM,CAOzF;AAED,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,MAAM,EAAE,cAAc,GAAE,MAAa,GAAG,OAAO,CAOxF;AAED,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,GAAE,MAAM,GAAG,eAAe,GAAG,UAAmB,EAAE,cAAc,GAAE,MAAa,GAAG,MAAM,CAY9I"}

package/dist/common/phone.utils.js

@@ -0,0 +1,36 @@
+import pkg from 'google-libphonenumber';
+const { PhoneNumberUtil, PhoneNumberFormat } = pkg;
+const phoneUtil = PhoneNumberUtil.getInstance();
+export function normalizePhoneNumber(phone, defaultCountry = 'KE') {
+    try {
+        const parsed = phoneUtil.parse(phone, defaultCountry);
+        return phoneUtil.format(parsed, PhoneNumberFormat.E164);
+    }
+    catch {
+        return phone;
+    }
+}
+export function isValidPhoneNumber(phone, defaultCountry = 'KE') {
+    try {
+        const parsed = phoneUtil.parse(phone, defaultCountry);
+        return phoneUtil.isValidNumber(parsed);
+    }
+    catch {
+        return false;
+    }
+}
+export function formatPhoneNumber(phone, format = 'e164', defaultCountry = 'KE') {
+    try {
+        const parsed = phoneUtil.parse(phone, defaultCountry);
+        const formatMap = {
+            e164: PhoneNumberFormat.E164,
+            international: PhoneNumberFormat.INTERNATIONAL,
+            national: PhoneNumberFormat.NATIONAL,
+        };
+        return phoneUtil.format(parsed, formatMap[format]);
+    }
+    catch {
+        return phone;
+    }
+}
+//# sourceMappingURL=phone.utils.js.map

package/dist/common/phone.utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"phone.utils.js","sourceRoot":"","sources":["../../src/common/phone.utils.ts"],"names":[],"mappings":"AAAA,OAAO,GAAG,MAAM,uBAAuB,CAAC;AACxC,MAAM,EAAE,eAAe,EAAE,iBAAiB,EAAE,GAAG,GAAG,CAAC;AAEnD,MAAM,SAAS,GAAG,eAAe,CAAC,WAAW,EAAE,CAAC;AAEhD,MAAM,UAAU,oBAAoB,CAAC,KAAa,EAAE,iBAAyB,IAAI;IAC/E,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,KAAK,EAAE,cAAc,CAAC,CAAC;QACtD,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAAC,IAAI,CAAC,CAAC;IAC1D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,KAAa,EAAE,iBAAyB,IAAI;IAC7E,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,KAAK,EAAE,cAAc,CAAC,CAAC;QACtD,OAAO,SAAS,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,KAAa,EAAE,SAAgD,MAAM,EAAE,iBAAyB,IAAI;IACpI,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,KAAK,EAAE,cAAc,CAAC,CAAC;QACtD,MAAM,SAAS,GAAG;YAChB,IAAI,EAAE,iBAAiB,CAAC,IAAI;YAC5B,aAAa,EAAE,iBAAiB,CAAC,aAAa;YAC9C,QAAQ,EAAE,iBAAiB,CAAC,QAAQ;SACrC,CAAC;QACF,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IACrD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}

package/dist/common/response.utils.d.ts

@@ -0,0 +1,6 @@
+import type { IApiResponse, IPaginatedResult } from '../types/index.js';
+export declare function successResponse<T>(data: T, message?: string): IApiResponse<T>;
+export declare function errorResponse(message: string, errors?: Record<string, string[]>): IApiResponse;
+export declare function paginatedResponse<T>(data: T[], total: number, page: number, limit: number, message?: string): IApiResponse<T[]>;
+export declare function buildPaginatedResult<T>(data: T[], total: number, page: number, limit: number): IPaginatedResult<T>;
+//# sourceMappingURL=response.utils.d.ts.map

package/dist/common/response.utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"response.utils.d.ts","sourceRoot":"","sources":["../../src/common/response.utils.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAmB,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAEzF,wBAAgB,eAAe,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,GAAE,MAAkB,GAAG,YAAY,CAAC,CAAC,CAAC,CAExF;AAED,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,GAAG,YAAY,CAE9F;AAED,wBAAgB,iBAAiB,CAAC,CAAC,EACjC,IAAI,EAAE,CAAC,EAAE,EACT,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,EACb,OAAO,GAAE,MAAkB,GAC1B,YAAY,CAAC,CAAC,EAAE,CAAC,CAWnB;AAED,wBAAgB,oBAAoB,CAAC,CAAC,EACpC,IAAI,EAAE,CAAC,EAAE,EACT,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,GACZ,gBAAgB,CAAC,CAAC,CAAC,CAarB"}

package/dist/common/response.utils.js

@@ -0,0 +1,33 @@
+export function successResponse(data, message = 'Success') {
+    return { success: true, message, data };
+}
+export function errorResponse(message, errors) {
+    return { success: false, message, errors };
+}
+export function paginatedResponse(data, total, page, limit, message = 'Success') {
+    const totalPages = Math.ceil(total / limit);
+    const meta = {
+        page,
+        limit,
+        total,
+        totalPages,
+        hasNext: page < totalPages,
+        hasPrev: page > 1,
+    };
+    return { success: true, message, data, meta };
+}
+export function buildPaginatedResult(data, total, page, limit) {
+    const totalPages = Math.ceil(total / limit);
+    return {
+        data,
+        meta: {
+            page,
+            limit,
+            total,
+            totalPages,
+            hasNext: page < totalPages,
+            hasPrev: page > 1,
+        },
+    };
+}
+//# sourceMappingURL=response.utils.js.map

package/dist/common/response.utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"response.utils.js","sourceRoot":"","sources":["../../src/common/response.utils.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,eAAe,CAAI,IAAO,EAAE,UAAkB,SAAS;IACrE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC1C,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,OAAe,EAAE,MAAiC;IAC9E,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;AAC7C,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,IAAS,EACT,KAAa,EACb,IAAY,EACZ,KAAa,EACb,UAAkB,SAAS;IAE3B,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC;IAC5C,MAAM,IAAI,GAAoB;QAC5B,IAAI;QACJ,KAAK;QACL,KAAK;QACL,UAAU;QACV,OAAO,EAAE,IAAI,GAAG,UAAU;QAC1B,OAAO,EAAE,IAAI,GAAG,CAAC;KAClB,CAAC;IACF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;AAChD,CAAC;AAED,MAAM,UAAU,oBAAoB,CAClC,IAAS,EACT,KAAa,EACb,IAAY,EACZ,KAAa;IAEb,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC;IAC5C,OAAO;QACL,IAAI;QACJ,IAAI,EAAE;YACJ,IAAI;YACJ,KAAK;YACL,KAAK;YACL,UAAU;YACV,OAAO,EAAE,IAAI,GAAG,UAAU;YAC1B,OAAO,EAAE,IAAI,GAAG,CAAC;SAClB;KACF,CAAC;AACJ,CAAC"}

package/dist/common/uuid.utils.d.ts

@@ -0,0 +1,5 @@
+/** Generate a UUID v7 (time-ordered, recommended for primary keys) */
+export declare function generateId(): string;
+/** Generate a UUID v4 (random, for tokens/secrets) */
+export declare function generateRandomId(): string;
+//# sourceMappingURL=uuid.utils.d.ts.map

package/dist/common/uuid.utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"uuid.utils.d.ts","sourceRoot":"","sources":["../../src/common/uuid.utils.ts"],"names":[],"mappings":"AAEA,sEAAsE;AACtE,wBAAgB,UAAU,IAAI,MAAM,CAEnC;AAED,sDAAsD;AACtD,wBAAgB,gBAAgB,IAAI,MAAM,CAEzC"}

package/dist/common/uuid.utils.js

@@ -0,0 +1,10 @@
+import { v7 as uuidv7, v4 as uuidv4 } from 'uuid';
+/** Generate a UUID v7 (time-ordered, recommended for primary keys) */
+export function generateId() {
+    return uuidv7();
+}
+/** Generate a UUID v4 (random, for tokens/secrets) */
+export function generateRandomId() {
+    return uuidv4();
+}
+//# sourceMappingURL=uuid.utils.js.map

package/dist/common/uuid.utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"uuid.utils.js","sourceRoot":"","sources":["../../src/common/uuid.utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,MAAM,CAAC;AAElD,sEAAsE;AACtE,MAAM,UAAU,UAAU;IACxB,OAAO,MAAM,EAAE,CAAC;AAClB,CAAC;AAED,sDAAsD;AACtD,MAAM,UAAU,gBAAgB;IAC9B,OAAO,MAAM,EAAE,CAAC;AAClB,CAAC"}

package/dist/config/index.d.ts

@@ -0,0 +1,95 @@
+import { z } from 'zod';
+/**
+ * Base environment schema shared across all services.
+ */
+export declare const baseEnvSchema: z.ZodObject<{
+    NODE_ENV: z.ZodDefault<z.ZodEnum<["development", "staging", "production"]>>;
+    PORT: z.ZodDefault<z.ZodNumber>;
+    DB_HOST: z.ZodDefault<z.ZodString>;
+    DB_PORT: z.ZodDefault<z.ZodNumber>;
+    DB_USER: z.ZodDefault<z.ZodString>;
+    DB_PASSWORD: z.ZodDefault<z.ZodString>;
+    DB_NAME: z.ZodString;
+    JWT_SECRET: z.ZodString;
+    JWT_ACCESS_EXPIRY: z.ZodDefault<z.ZodString>;
+    JWT_REFRESH_EXPIRY: z.ZodDefault<z.ZodString>;
+    RABBITMQ_URL: z.ZodDefault<z.ZodString>;
+    REDIS_URL: z.ZodDefault<z.ZodString>;
+    LOG_LEVEL: z.ZodDefault<z.ZodEnum<["error", "warn", "info", "debug"]>>;
+    CORS_ORIGINS: z.ZodDefault<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    NODE_ENV: "production" | "development" | "staging";
+    LOG_LEVEL: "info" | "debug" | "error" | "warn";
+    PORT: number;
+    DB_HOST: string;
+    DB_PORT: number;
+    DB_USER: string;
+    DB_PASSWORD: string;
+    DB_NAME: string;
+    JWT_SECRET: string;
+    JWT_ACCESS_EXPIRY: string;
+    JWT_REFRESH_EXPIRY: string;
+    RABBITMQ_URL: string;
+    REDIS_URL: string;
+    CORS_ORIGINS: string;
+}, {
+    DB_NAME: string;
+    JWT_SECRET: string;
+    NODE_ENV?: "production" | "development" | "staging" | undefined;
+    LOG_LEVEL?: "info" | "debug" | "error" | "warn" | undefined;
+    PORT?: number | undefined;
+    DB_HOST?: string | undefined;
+    DB_PORT?: number | undefined;
+    DB_USER?: string | undefined;
+    DB_PASSWORD?: string | undefined;
+    JWT_ACCESS_EXPIRY?: string | undefined;
+    JWT_REFRESH_EXPIRY?: string | undefined;
+    RABBITMQ_URL?: string | undefined;
+    REDIS_URL?: string | undefined;
+    CORS_ORIGINS?: string | undefined;
+}>;
+export type BaseEnv = z.infer<typeof baseEnvSchema>;
+/**
+ * Load and validate environment variables using a Zod schema.
+ * Reads .env file from cwd if present (manual parse, no dotenv dependency needed).
+ */
+export declare function loadEnv<T extends z.ZodObject<any>>(schema: T): z.infer<T>;
+/**
+ * Service registry: central list of service names and default ports.
+ */
+export declare const SERVICE_REGISTRY: {
+    readonly 'auth-admin': {
+        readonly port: 3000;
+        readonly prefix: "/api/v1/auth";
+    };
+    readonly sms: {
+        readonly port: 3001;
+        readonly prefix: "/api/v1/sms";
+    };
+    readonly mpesa: {
+        readonly port: 3002;
+        readonly prefix: "/api/v1/mpesa";
+    };
+    readonly ussd: {
+        readonly port: 3003;
+        readonly prefix: "/api/v1/ussd";
+    };
+    readonly whatsapp: {
+        readonly port: 3004;
+        readonly prefix: "/api/v1/whatsapp";
+    };
+    readonly notification: {
+        readonly port: 3005;
+        readonly prefix: "/api/v1/notifications";
+    };
+    readonly analytics: {
+        readonly port: 3006;
+        readonly prefix: "/api/v1/analytics";
+    };
+    readonly ai: {
+        readonly port: 3007;
+        readonly prefix: "/api/v1/ai";
+    };
+};
+export type ServiceName = keyof typeof SERVICE_REGISTRY;
+//# sourceMappingURL=index.d.ts.map

package/dist/config/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/config/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAIxB;;GAEG;AACH,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAexB,CAAC;AAEH,MAAM,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAEpD;;;GAGG;AACH,wBAAgB,OAAO,CAAC,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CA0BzE;AAED;;GAEG;AACH,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CASnB,CAAC;AAEX,MAAM,MAAM,WAAW,GAAG,MAAM,OAAO,gBAAgB,CAAC"}

package/dist/config/index.js

@@ -0,0 +1,71 @@
+import { z } from 'zod';
+import { readFileSync, existsSync } from 'fs';
+import { resolve } from 'path';
+/**
+ * Base environment schema shared across all services.
+ */
+export const baseEnvSchema = z.object({
+    NODE_ENV: z.enum(['development', 'staging', 'production']).default('development'),
+    PORT: z.coerce.number().int().positive().default(3000),
+    DB_HOST: z.string().default('localhost'),
+    DB_PORT: z.coerce.number().int().positive().default(3306),
+    DB_USER: z.string().default('root'),
+    DB_PASSWORD: z.string().default(''),
+    DB_NAME: z.string(),
+    JWT_SECRET: z.string().min(16),
+    JWT_ACCESS_EXPIRY: z.string().default('15m'),
+    JWT_REFRESH_EXPIRY: z.string().default('7d'),
+    RABBITMQ_URL: z.string().url().default('amqp://localhost:5672'),
+    REDIS_URL: z.string().default('redis://localhost:6379'),
+    LOG_LEVEL: z.enum(['error', 'warn', 'info', 'debug']).default('info'),
+    CORS_ORIGINS: z.string().default('*'),
+});
+/**
+ * Load and validate environment variables using a Zod schema.
+ * Reads .env file from cwd if present (manual parse, no dotenv dependency needed).
+ */
+export function loadEnv(schema) {
+    // Parse .env file from cwd if it exists
+    try {
+        const envPath = resolve(process.cwd(), '.env');
+        if (existsSync(envPath)) {
+            const content = readFileSync(envPath, 'utf-8');
+            for (const line of content.split('\n')) {
+                const trimmed = line.trim();
+                if (!trimmed || trimmed.startsWith('#'))
+                    continue;
+                const eqIdx = trimmed.indexOf('=');
+                if (eqIdx === -1)
+                    continue;
+                const key = trimmed.slice(0, eqIdx).trim();
+                const val = trimmed.slice(eqIdx + 1).trim();
+                if (!process.env[key])
+                    process.env[key] = val;
+            }
+        }
+    }
+    catch { /* ignore */ }
+    const result = schema.safeParse(process.env);
+    if (!result.success) {
+        const formatted = result.error.issues
+            .map((i) => `  ${i.path.join('.')}: ${i.message}`)
+            .join('\n');
+        console.error(`❌ Environment validation failed:\n${formatted}`);
+        process.exit(1);
+    }
+    return result.data;
+}
+/**
+ * Service registry: central list of service names and default ports.
+ */
+export const SERVICE_REGISTRY = {
+    'auth-admin': { port: 3000, prefix: '/api/v1/auth' },
+    sms: { port: 3001, prefix: '/api/v1/sms' },
+    mpesa: { port: 3002, prefix: '/api/v1/mpesa' },
+    ussd: { port: 3003, prefix: '/api/v1/ussd' },
+    whatsapp: { port: 3004, prefix: '/api/v1/whatsapp' },
+    notification: { port: 3005, prefix: '/api/v1/notifications' },
+    analytics: { port: 3006, prefix: '/api/v1/analytics' },
+    ai: { port: 3007, prefix: '/api/v1/ai' },
+};
+//# sourceMappingURL=index.js.map

package/dist/config/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/config/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAC9C,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAE/B;;GAEG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IACpC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC;IACjF,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IACtD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,WAAW,CAAC;IACxC,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IACzD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC;IACnC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IACnC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC;IAC9B,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAC5C,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAC5C,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,uBAAuB,CAAC;IAC/D,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,wBAAwB,CAAC;IACvD,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;IACrE,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC;CACtC,CAAC,CAAC;AAIH;;;GAGG;AACH,MAAM,UAAU,OAAO,CAA6B,MAAS;IAC3D,wCAAwC;IACxC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC,CAAC;QAC/C,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YACxB,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC/C,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;oBAAE,SAAS;gBAClD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBACnC,IAAI,KAAK,KAAK,CAAC,CAAC;oBAAE,SAAS;gBAC3B,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC3C,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC5C,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC;oBAAE,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;YAChD,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;IACxB,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC7C,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM;aAClC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;aACjD,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,OAAO,CAAC,KAAK,CAAC,qCAAqC,SAAS,EAAE,CAAC,CAAC;QAChE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC;AACrB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,cAAc,EAAE;IACpD,GAAG,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,aAAa,EAAE;IAC1C,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,eAAe,EAAE;IAC9C,IAAI,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,cAAc,EAAE;IAC5C,QAAQ,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,kBAAkB,EAAE;IACpD,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,uBAAuB,EAAE;IAC7D,SAAS,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,mBAAmB,EAAE;IACtD,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE;CAChC,CAAC"}

package/dist/database/index.d.ts

@@ -0,0 +1,25 @@
+import { Knex } from 'knex';
+export interface DatabaseConfig {
+    host: string;
+    port: number;
+    user: string;
+    password: string;
+    database: string;
+}
+/**
+ * Create a Knex instance for MySQL 8.0.
+ * Used for migrations, seeds, and as a fallback query builder.
+ */
+export declare function createKnexInstance(config: DatabaseConfig): Knex;
+/**
+ * Standard Knex config for migrations/seeds.
+ */
+export declare function createKnexConfig(config: DatabaseConfig): Knex.Config;
+/**
+ * Helper: build paginated query with Knex.
+ */
+export declare function paginateQuery<T>(query: Knex.QueryBuilder, countQuery: Knex.QueryBuilder, page: number, limit: number): Promise<{
+    data: T[];
+    total: number;
+}>;
+//# sourceMappingURL=index.d.ts.map

package/dist/database/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/database/index.ts"],"names":[],"mappings":"AAAA,OAAa,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAElC,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,cAAc,GAAG,IAAI,CAqB/D;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,cAAc,GAAG,IAAI,CAAC,MAAM,CAoBpE;AAED;;GAEG;AACH,wBAAsB,aAAa,CAAC,CAAC,EACnC,KAAK,EAAE,IAAI,CAAC,YAAY,EACxB,UAAU,EAAE,IAAI,CAAC,YAAY,EAC7B,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC;IAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC,CAMvC"}

package/dist/database/index.js

@@ -0,0 +1,62 @@
+import knex from 'knex';
+/**
+ * Create a Knex instance for MySQL 8.0.
+ * Used for migrations, seeds, and as a fallback query builder.
+ */
+export function createKnexInstance(config) {
+    return knex({
+        client: 'mysql2',
+        connection: {
+            host: config.host,
+            port: config.port,
+            user: config.user,
+            password: config.password,
+            database: config.database,
+            charset: 'utf8mb4',
+            timezone: '+00:00',
+        },
+        pool: {
+            min: 2,
+            max: 10,
+            acquireTimeoutMillis: 30000,
+        },
+        migrations: {
+            tableName: 'knex_migrations',
+        },
+    });
+}
+/**
+ * Standard Knex config for migrations/seeds.
+ */
+export function createKnexConfig(config) {
+    return {
+        client: 'mysql2',
+        connection: {
+            host: config.host,
+            port: config.port,
+            user: config.user,
+            password: config.password,
+            database: config.database,
+            charset: 'utf8mb4',
+        },
+        migrations: {
+            directory: './migrations',
+            extension: 'cjs',
+        },
+        seeds: {
+            directory: './seeds',
+            extension: 'cjs',
+        },
+    };
+}
+/**
+ * Helper: build paginated query with Knex.
+ */
+export async function paginateQuery(query, countQuery, page, limit) {
+    const offset = (page - 1) * limit;
+    const [countResult] = await countQuery.count('* as total');
+    const total = countResult.total;
+    const data = await query.limit(limit).offset(offset);
+    return { data, total };
+}
+//# sourceMappingURL=index.js.map

package/dist/database/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/database/index.ts"],"names":[],"mappings":"AAAA,OAAO,IAAc,MAAM,MAAM,CAAC;AAUlC;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAAsB;IACvD,OAAO,IAAI,CAAC;QACV,MAAM,EAAE,QAAQ;QAChB,UAAU,EAAE;YACV,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,OAAO,EAAE,SAAS;YAClB,QAAQ,EAAE,QAAQ;SACnB;QACD,IAAI,EAAE;YACJ,GAAG,EAAE,CAAC;YACN,GAAG,EAAE,EAAE;YACP,oBAAoB,EAAE,KAAK;SAC5B;QACD,UAAU,EAAE;YACV,SAAS,EAAE,iBAAiB;SAC7B;KACF,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAsB;IACrD,OAAO;QACL,MAAM,EAAE,QAAQ;QAChB,UAAU,EAAE;YACV,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,OAAO,EAAE,SAAS;SACnB;QACD,UAAU,EAAE;YACV,SAAS,EAAE,cAAc;YACzB,SAAS,EAAE,KAAK;SACjB;QACD,KAAK,EAAE;YACL,SAAS,EAAE,SAAS;YACpB,SAAS,EAAE,KAAK;SACjB;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,KAAwB,EACxB,UAA6B,EAC7B,IAAY,EACZ,KAAa;IAEb,MAAM,MAAM,GAAG,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,KAAK,CAAC;IAClC,MAAM,CAAC,WAAW,CAAC,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IAC3D,MAAM,KAAK,GAAI,WAAmB,CAAC,KAAe,CAAC;IACnD,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,MAAM,CAAQ,CAAC;IAC5D,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AACzB,CAAC"}

package/dist/express/auth.middleware.d.ts

@@ -0,0 +1,20 @@
+import type { Request, Response, NextFunction } from 'express';
+import { type IAuthUser } from '../types/index.js';
+declare global {
+    namespace Express {
+        interface Request {
+            user?: IAuthUser;
+        }
+    }
+}
+/**
+ * Auth middleware for downstream services (behind API gateway).
+ * Reads user context from gateway-injected headers.
+ * Falls back to JWT validation if headers are missing (direct access).
+ */
+export declare function authenticateFromGateway(jwtSecret?: string): (req: Request, _res: Response, next: NextFunction) => void;
+/**
+ * Optional auth — attaches user if present, continues if not.
+ */
+export declare function optionalAuthFromGateway(jwtSecret?: string): (req: Request, _res: Response, next: NextFunction) => void;
+//# sourceMappingURL=auth.middleware.d.ts.map

package/dist/express/auth.middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.middleware.d.ts","sourceRoot":"","sources":["../../src/express/auth.middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE/D,OAAO,EAAmB,KAAK,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAGpE,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,OAAO,CAAC;QAChB,UAAU,OAAO;YACf,IAAI,CAAC,EAAE,SAAS,CAAC;SAClB;KACF;CACF;AAED;;;;GAIG;AACH,wBAAgB,uBAAuB,CAAC,SAAS,CAAC,EAAE,MAAM,IAChD,KAAK,OAAO,EAAE,MAAM,QAAQ,EAAE,MAAM,YAAY,KAAG,IAAI,CAsChE;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,SAAS,CAAC,EAAE,MAAM,IAChD,KAAK,OAAO,EAAE,MAAM,QAAQ,EAAE,MAAM,YAAY,KAAG,IAAI,CA6BhE"}

package/dist/express/auth.middleware.js

@@ -0,0 +1,83 @@
+import { verifyToken, extractBearerToken } from '../common/jwt.utils.js';
+import { GATEWAY_HEADERS } from '../types/index.js';
+/**
+ * Auth middleware for downstream services (behind API gateway).
+ * Reads user context from gateway-injected headers.
+ * Falls back to JWT validation if headers are missing (direct access).
+ */
+export function authenticateFromGateway(jwtSecret) {
+    return (req, _res, next) => {
+        // Method 1: Read gateway-injected headers
+        const userId = req.headers[GATEWAY_HEADERS.USER_ID];
+        if (userId) {
+            req.user = {
+                id: userId,
+                email: req.headers[GATEWAY_HEADERS.USER_EMAIL] || '',
+                companyId: req.headers[GATEWAY_HEADERS.COMPANY_ID] || '',
+                roles: (req.headers[GATEWAY_HEADERS.USER_ROLES] || '').split(',').filter(Boolean),
+                permissions: (req.headers[GATEWAY_HEADERS.USER_PERMISSIONS] || '').split(',').filter(Boolean),
+                isSuperAdmin: req.headers[GATEWAY_HEADERS.IS_SUPERADMIN] === 'true',
+            };
+            return next();
+        }
+        // Method 2: Direct JWT validation (for development / direct access)
+        if (jwtSecret) {
+            const token = extractBearerToken(req.headers.authorization);
+            if (token) {
+                try {
+                    const payload = verifyToken(token, jwtSecret);
+                    req.user = {
+                        id: payload.sub,
+                        email: payload.email,
+                        companyId: payload.companyId,
+                        roles: payload.roles || [],
+                        permissions: payload.permissions || [],
+                        isSuperAdmin: payload.isSuperAdmin || false,
+                    };
+                    return next();
+                }
+                catch {
+                    // Fall through to 401
+                }
+            }
+        }
+        _res.status(401).json({ success: false, message: 'Authentication required' });
+    };
+}
+/**
+ * Optional auth — attaches user if present, continues if not.
+ */
+export function optionalAuthFromGateway(jwtSecret) {
+    return (req, _res, next) => {
+        const userId = req.headers[GATEWAY_HEADERS.USER_ID];
+        if (userId) {
+            req.user = {
+                id: userId,
+                email: req.headers[GATEWAY_HEADERS.USER_EMAIL] || '',
+                companyId: req.headers[GATEWAY_HEADERS.COMPANY_ID] || '',
+                roles: (req.headers[GATEWAY_HEADERS.USER_ROLES] || '').split(',').filter(Boolean),
+                permissions: (req.headers[GATEWAY_HEADERS.USER_PERMISSIONS] || '').split(',').filter(Boolean),
+                isSuperAdmin: req.headers[GATEWAY_HEADERS.IS_SUPERADMIN] === 'true',
+            };
+        }
+        else if (jwtSecret) {
+            const token = extractBearerToken(req.headers.authorization);
+            if (token) {
+                try {
+                    const payload = verifyToken(token, jwtSecret);
+                    req.user = {
+                        id: payload.sub,
+                        email: payload.email,
+                        companyId: payload.companyId,
+                        roles: payload.roles || [],
+                        permissions: payload.permissions || [],
+                        isSuperAdmin: payload.isSuperAdmin || false,
+                    };
+                }
+                catch { /* ignore */ }
+            }
+        }
+        next();
+    };
+}
+//# sourceMappingURL=auth.middleware.js.map

package/dist/express/auth.middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.middleware.js","sourceRoot":"","sources":["../../src/express/auth.middleware.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AACzE,OAAO,EAAE,eAAe,EAAkB,MAAM,mBAAmB,CAAC;AAWpE;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CAAC,SAAkB;IACxD,OAAO,CAAC,GAAY,EAAE,IAAc,EAAE,IAAkB,EAAQ,EAAE;QAChE,0CAA0C;QAC1C,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,OAAO,CAAW,CAAC;QAC9D,IAAI,MAAM,EAAE,CAAC;YACX,GAAG,CAAC,IAAI,GAAG;gBACT,EAAE,EAAE,MAAM;gBACV,KAAK,EAAE,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,UAAU,CAAW,IAAI,EAAE;gBAC9D,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,UAAU,CAAW,IAAI,EAAE;gBAClE,KAAK,EAAE,CAAE,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,UAAU,CAAY,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;gBAC7F,WAAW,EAAE,CAAE,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,gBAAgB,CAAY,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;gBACzG,YAAY,EAAE,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,aAAa,CAAC,KAAK,MAAM;aACpE,CAAC;YACF,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QAED,oEAAoE;QACpE,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,KAAK,GAAG,kBAAkB,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;YAC5D,IAAI,KAAK,EAAE,CAAC;gBACV,IAAI,CAAC;oBACH,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;oBAC9C,GAAG,CAAC,IAAI,GAAG;wBACT,EAAE,EAAE,OAAO,CAAC,GAAG;wBACf,KAAK,EAAE,OAAO,CAAC,KAAK;wBACpB,SAAS,EAAE,OAAO,CAAC,SAAS;wBAC5B,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,EAAE;wBAC1B,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,EAAE;wBACtC,YAAY,EAAE,OAAO,CAAC,YAAY,IAAI,KAAK;qBAC5C,CAAC;oBACF,OAAO,IAAI,EAAE,CAAC;gBAChB,CAAC;gBAAC,MAAM,CAAC;oBACP,sBAAsB;gBACxB,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,yBAAyB,EAAE,CAAC,CAAC;IAChF,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB,CAAC,SAAkB;IACxD,OAAO,CAAC,GAAY,EAAE,IAAc,EAAE,IAAkB,EAAQ,EAAE;QAChE,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,OAAO,CAAW,CAAC;QAC9D,IAAI,MAAM,EAAE,CAAC;YACX,GAAG,CAAC,IAAI,GAAG;gBACT,EAAE,EAAE,MAAM;gBACV,KAAK,EAAE,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,UAAU,CAAW,IAAI,EAAE;gBAC9D,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,UAAU,CAAW,IAAI,EAAE;gBAClE,KAAK,EAAE,CAAE,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,UAAU,CAAY,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;gBAC7F,WAAW,EAAE,CAAE,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,gBAAgB,CAAY,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;gBACzG,YAAY,EAAE,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,aAAa,CAAC,KAAK,MAAM;aACpE,CAAC;QACJ,CAAC;aAAM,IAAI,SAAS,EAAE,CAAC;YACrB,MAAM,KAAK,GAAG,kBAAkB,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;YAC5D,IAAI,KAAK,EAAE,CAAC;gBACV,IAAI,CAAC;oBACH,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;oBAC9C,GAAG,CAAC,IAAI,GAAG;wBACT,EAAE,EAAE,OAAO,CAAC,GAAG;wBACf,KAAK,EAAE,OAAO,CAAC,KAAK;wBACpB,SAAS,EAAE,OAAO,CAAC,SAAS;wBAC5B,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,EAAE;wBAC1B,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,EAAE;wBACtC,YAAY,EAAE,OAAO,CAAC,YAAY,IAAI,KAAK;qBAC5C,CAAC;gBACJ,CAAC;gBAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;QACD,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;AACJ,CAAC"}

package/dist/express/correlation.middleware.d.ts

@@ -0,0 +1,6 @@
+import type { Request, Response, NextFunction } from 'express';
+/**
+ * Ensures every request has a correlation ID for distributed tracing.
+ */
+export declare function correlationMiddleware(serviceName: string): (req: Request, res: Response, next: NextFunction) => void;
+//# sourceMappingURL=correlation.middleware.d.ts.map