@invect/user-auth 0.0.1 → 0.0.3

package/dist/frontend/index.d.cts

@@ -0,0 +1,317 @@
+import { AuthError, AuthSession, AuthUser, CreateUserInput, SignInCredentials, SignUpCredentials, UpdateUserRoleInput } from "../shared/types.cjs";
+import * as react_jsx_runtime0 from "react/jsx-runtime";
+import { ComponentType, MemoExoticComponent, ReactNode } from "react";
+import { QueryClient } from "@tanstack/react-query";
+import { InvectFrontendPlugin } from "@invect/ui";
+
+//#region src/frontend/providers/AuthProvider.d.ts
+interface AuthContextValue {
+  /** Current authenticated user, null if not signed in */
+  user: AuthUser | null;
+  /** Whether the user is authenticated */
+  isAuthenticated: boolean;
+  /** Whether the session query is still loading */
+  isLoading: boolean;
+  /** Sign in with email/password */
+  signIn: (credentials: SignInCredentials) => Promise<void>;
+  /** Sign up with email/password */
+  signUp: (credentials: SignUpCredentials) => Promise<void>;
+  /** Sign out the current session */
+  signOut: () => Promise<void>;
+  /** Whether a sign-in is in progress */
+  isSigningIn: boolean;
+  /** Whether a sign-up is in progress */
+  isSigningUp: boolean;
+  /** Last auth error, if any */
+  error: string | null;
+}
+interface AuthProviderProps {
+  children: ReactNode;
+  /**
+   * Base URL for the Invect API (e.g. 'http://localhost:3000/invect').
+   * Auth endpoints are at `${baseUrl}/plugins/auth/api/auth/*`.
+   */
+  baseUrl: string;
+}
+declare function AuthProvider({
+  children,
+  baseUrl
+}: AuthProviderProps): react_jsx_runtime0.JSX.Element;
+/**
+ * Access auth context — current user, sign-in/sign-up/sign-out actions.
+ *
+ * Must be used within an `<AuthProvider>`.
+ * Returns a safe fallback (unauthenticated) if provider is missing.
+ */
+declare function useAuth(): AuthContextValue;
+//#endregion
+//#region src/frontend/components/SignInForm.d.ts
+/**
+ * SignInForm — Email/password sign-in form component.
+ *
+ * Uses the AuthProvider's signIn action. Styled to match the Invect
+ * design system with grouped fields, clean labels, and themed inputs.
+ */
+interface SignInFormProps {
+  /** Called after successful sign-in */
+  onSuccess?: () => void;
+  /** Additional CSS class names */
+  className?: string;
+}
+declare function SignInForm({
+  onSuccess,
+  className
+}: SignInFormProps): react_jsx_runtime0.JSX.Element;
+//#endregion
+//#region src/frontend/components/SignInPage.d.ts
+/**
+ * SignInPage — Full-page sign-in component with layout.
+ *
+ * Renders the SignInForm centered on the page with a logo, title,
+ * and grouped fields matching the Invect design system.
+ * Sign-up is not offered — new users are created by admins.
+ */
+interface SignInPageProps {
+  /** Called after successful sign-in */
+  onSuccess?: () => void;
+  /** Called when user clicks "Sign Up" link (optional — hidden if omitted) */
+  onNavigateToSignUp?: () => void;
+  /** Page title */
+  title?: string;
+  /** Page subtitle */
+  subtitle?: string;
+}
+declare function SignInPage({
+  onSuccess,
+  onNavigateToSignUp,
+  title,
+  subtitle
+}: SignInPageProps): react_jsx_runtime0.JSX.Element;
+//#endregion
+//#region src/frontend/components/UserButton.d.ts
+/**
+ * UserButton — Compact user avatar + dropdown for the authenticated user.
+ *
+ * Shows the user's avatar/initials when signed in, with a dropdown
+ * containing their name, email, and sign-out button.
+ * Shows a "Sign In" button when not authenticated.
+ */
+interface UserButtonProps {
+  /** Called when the sign-in button is clicked (unauthenticated state) */
+  onSignInClick?: () => void;
+  /** Additional CSS class names */
+  className?: string;
+}
+declare function UserButton({
+  onSignInClick,
+  className
+}: UserButtonProps): react_jsx_runtime0.JSX.Element;
+//#endregion
+//#region src/frontend/components/AuthGate.d.ts
+interface AuthGateProps {
+  /** Content to show when authenticated */
+  children: ReactNode;
+  /** Content to show when NOT authenticated (defaults to null) */
+  fallback?: ReactNode;
+  /** Content to show while loading (defaults to null) */
+  loading?: ReactNode;
+}
+declare function AuthGate({
+  children,
+  fallback,
+  loading
+}: AuthGateProps): react_jsx_runtime0.JSX.Element;
+//#endregion
+//#region src/frontend/components/UserManagement.d.ts
+/**
+ * UserManagement — Admin panel for managing users.
+ *
+ * Displays a list of users with the ability to:
+ * - Create new users (email/password/role)
+ * - Change user roles
+ * - Delete users
+ *
+ * Only visible to admin users. Uses the auth plugin's
+ * `/plugins/auth/users` endpoints.
+ */
+interface UserManagementProps {
+  /** Base URL for the Invect API (same as AuthProvider's baseUrl) */
+  apiBaseUrl: string;
+  /** Additional CSS class names */
+  className?: string;
+}
+declare function UserManagement({
+  apiBaseUrl,
+  className
+}: UserManagementProps): react_jsx_runtime0.JSX.Element | null;
+//#endregion
+//#region src/frontend/components/ApiKeysDialog.d.ts
+/**
+ * ApiKeysDialog — Admin dialog for managing API keys.
+ *
+ * Displays a list of API keys with the ability to:
+ * - Create new API keys (name, optional expiry)
+ * - Copy newly created keys
+ * - Delete existing keys
+ *
+ * Only functional when the auth plugin has API keys enabled.
+ */
+interface ApiKeysDialogProps {
+  open: boolean;
+  onOpenChange: (open: boolean) => void;
+  apiBaseUrl: string;
+}
+declare function ApiKeysDialog({
+  open,
+  onOpenChange,
+  apiBaseUrl
+}: ApiKeysDialogProps): react_jsx_runtime0.JSX.Element;
+//#endregion
+//#region src/frontend/components/AuthenticatedInvect.d.ts
+/**
+ * Accepts both a plain component and a React.memo-wrapped component.
+ * React.memo returns MemoExoticComponent which isn't directly assignable
+ * to ComponentType in TypeScript, but is valid in JSX.
+ */
+type ComponentOrMemo<P> = ComponentType<P> | MemoExoticComponent<ComponentType<P>>;
+/**
+ * Generic over TPlugin so that passing a typed InvectComponent (e.g. one that
+ * expects `plugins?: InvectFrontendPlugin[]`) causes TypeScript to infer the
+ * correct element type for the `plugins` prop on AuthenticatedInvect itself.
+ * Defaults to `unknown` for the no-plugins case.
+ */
+interface AuthenticatedInvectProps<TPlugin = unknown> {
+  /**
+   * Base URL for the Invect API.
+   * Used for both auth endpoints and the Invect component.
+   * @example '/api/invect' or 'http://localhost:3000/invect'
+   */
+  apiBaseUrl?: string;
+  /**
+   * Base path where Invect is mounted in the browser.
+   * @default '/invect'
+   */
+  basePath?: string;
+  /**
+   * The Invect component to render when authenticated.
+   * Pass this to avoid a direct dependency on @invect/ui.
+   * Accepts both plain and React.memo-wrapped components.
+   *
+   * @example
+   * ```tsx
+   * import { Invect } from '@invect/ui';
+   * <AuthenticatedInvect InvectComponent={Invect} />
+   * ```
+   */
+  InvectComponent: ComponentOrMemo<{
+    apiBaseUrl?: string;
+    basePath?: string;
+    reactQueryClient?: QueryClient;
+    plugins?: TPlugin[];
+  }>;
+  /**
+   * The InvectShell component that provides the `.invect` CSS scope.
+   * This ensures theme tokens work for both the sign-in page and the
+   * Invect editor. Import from `@invect/ui`.
+   *
+   * `children` is typed as `unknown` rather than `ReactNode` to avoid a
+   * structural incompatibility between `@types/react@18` (used here) and
+   * `@types/react@19` (used by `@invect/ui`) where `ReactPortal`
+   * changed between versions.
+   *
+   * If not provided, the auth UI renders without the Invect CSS scope
+   * and must rely on the host app's styling.
+   *
+   * @example
+   * ```tsx
+   * import { InvectShell } from '@invect/ui';
+   * <AuthenticatedInvect ShellComponent={InvectShell} />
+   * ```
+   */
+  ShellComponent?: ComponentOrMemo<{
+    children: ReactNode;
+    theme?: 'light' | 'dark' | 'system';
+    className?: string;
+  }>;
+  /**
+   * Optional React Query client. If provided, it's shared between
+   * the auth provider and the Invect component.
+   */
+  reactQueryClient?: QueryClient;
+  /**
+   * Content to display while checking session status.
+   */
+  loading?: ReactNode;
+  /**
+   * Theme for the shell wrapper.
+   * @default 'system'
+   */
+  theme?: 'light' | 'dark' | 'system';
+  /**
+   * Frontend plugins forwarded to InvectComponent.
+   * The element type is inferred from InvectComponent's `plugins` prop type,
+   * so this stays consistent with whatever component you pass.
+   *
+   * @example
+   * ```tsx
+   * import { rbacFrontend } from '@invect/rbac/ui';
+   * <AuthenticatedInvect plugins={[rbacFrontend]} />
+   * ```
+   */
+  plugins?: TPlugin[];
+}
+declare function AuthenticatedInvect<TPlugin = unknown>({
+  apiBaseUrl,
+  basePath,
+  InvectComponent,
+  ShellComponent,
+  reactQueryClient,
+  loading,
+  theme,
+  plugins
+}: AuthenticatedInvectProps<TPlugin>): react_jsx_runtime0.JSX.Element;
+//#endregion
+//#region src/frontend/components/UserManagementPage.d.ts
+/**
+ * UserManagementPage — Standalone page for user management.
+ *
+ * Wraps the existing UserManagement component in a page layout
+ * consistent with the Access Control page style. Registered as a
+ * plugin route contribution at '/users'.
+ */
+declare function UserManagementPage(): react_jsx_runtime0.JSX.Element;
+//#endregion
+//#region src/frontend/components/ProfilePage.d.ts
+/**
+ * ProfilePage — Standalone page for the current authenticated user.
+ *
+ * Shows basic account information and provides a sign-out action.
+ */
+interface ProfilePageProps {
+  basePath: string;
+}
+declare function ProfilePage({
+  basePath
+}: ProfilePageProps): react_jsx_runtime0.JSX.Element;
+//#endregion
+//#region src/frontend/components/SidebarUserMenu.d.ts
+/**
+ * SidebarUserMenu — User avatar link in the sidebar footer.
+ *
+ * Clicking navigates directly to the profile page.
+ * Sign-out is available on the profile page itself.
+ */
+interface SidebarUserMenuProps {
+  collapsed?: boolean;
+  basePath?: string;
+}
+declare function SidebarUserMenu({
+  collapsed,
+  basePath
+}: SidebarUserMenuProps): react_jsx_runtime0.JSX.Element | null;
+//#endregion
+//#region src/frontend/plugins/authFrontendPlugin.d.ts
+declare const authFrontend: InvectFrontendPlugin;
+//#endregion
+export { ApiKeysDialog, type ApiKeysDialogProps, type AuthContextValue, type AuthError, AuthGate, type AuthGateProps, AuthProvider, type AuthProviderProps, type AuthSession, type AuthUser, AuthenticatedInvect, type AuthenticatedInvectProps, type CreateUserInput, ProfilePage, SidebarUserMenu, type SidebarUserMenuProps, type SignInCredentials, SignInForm, type SignInFormProps, SignInPage, type SignInPageProps, type UpdateUserRoleInput, UserButton, type UserButtonProps, UserManagement, UserManagementPage, type UserManagementProps, authFrontend, useAuth };
+//# sourceMappingURL=index.d.cts.map

package/dist/frontend/index.d.cts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.cts","names":[],"sources":["../../src/frontend/providers/AuthProvider.tsx","../../src/frontend/components/SignInForm.tsx","../../src/frontend/components/SignInPage.tsx","../../src/frontend/components/UserButton.tsx","../../src/frontend/components/AuthGate.tsx","../../src/frontend/components/UserManagement.tsx","../../src/frontend/components/ApiKeysDialog.tsx","../../src/frontend/components/AuthenticatedInvect.tsx","../../src/frontend/components/UserManagementPage.tsx","../../src/frontend/components/ProfilePage.tsx","../../src/frontend/components/SidebarUserMenu.tsx","../../src/frontend/plugins/authFrontendPlugin.ts"],"mappings":";;;;;;;UAqBiB,gBAAA;EAET;EAAN,IAAA,EAAM,QAAA;EAMsC;EAJ5C,eAAA;EAM4C;EAJ5C,SAAA;EAMsB;EAJtB,MAAA,GAAS,WAAA,EAAa,iBAAA,KAAsB,OAAA;EAN5C;EAQA,MAAA,GAAS,WAAA,EAAa,iBAAA,KAAsB,OAAA;EAN5C;EAQA,OAAA,QAAe,OAAA;EAJf;EAMA,WAAA;EANS;EAQT,WAAA;EANA;EAQA,KAAA;AAAA;AAAA,UAae,iBAAA;EACf,QAAA,EAAU,SAAA;EApBK;;;;EAyBf,OAAA;AAAA;AAAA,iBAGc,YAAA,CAAA;EAAe,QAAA;EAAU;AAAA,GAAW,iBAAA,GAAiB,kBAAA,CAAA,GAAA,CAAA,OAAA;;;;;;;iBAuKrD,OAAA,CAAA,GAAW,gBAAA;;;;;;;;;UCzNV,eAAA;EDUA;ECRf,SAAA;;EAEA,SAAA;AAAA;AAAA,iBAGc,UAAA,CAAA;EAAa,SAAA;EAAW;AAAA,GAAa,eAAA,GAAe,kBAAA,CAAA,GAAA,CAAA,OAAA;;;;;;;;;;UCRnD,eAAA;EFWgB;EET/B,SAAA;EFWM;EETN,kBAAA;EFe4C;EEb5C,KAAA;EFe4C;EEb5C,QAAA;AAAA;AAAA,iBAGc,UAAA,CAAA;EACd,SAAA;EACA,kBAAA;EACA,KAAA;EACA;AAAA,GACC,eAAA,GAAe,kBAAA,CAAA,GAAA,CAAA,OAAA;;;;;;;;;;UCbD,eAAA;EHQgB;EGN/B,aAAA;EHQM;EGNN,SAAA;AAAA;AAAA,iBAGc,UAAA,CAAA;EAAa,aAAA;EAAe;AAAA,GAAa,eAAA,GAAe,kBAAA,CAAA,GAAA,CAAA,OAAA;;;UCVvD,aAAA;EJWgB;EIT/B,QAAA,EAAU,SAAA;EJWJ;EITN,QAAA,GAAW,SAAA;EJeiC;EIb5C,OAAA,GAAU,SAAA;AAAA;AAAA,iBAGI,QAAA,CAAA;EAAW,QAAA;EAAU,QAAA;EAAiB;AAAA,GAAkB,aAAA,GAAa,kBAAA,CAAA,GAAA,CAAA,OAAA;;;;;;;;;;AJErF;;;;UKqCiB,mBAAA;EL7B6B;EK+B5C,UAAA;EL7B4C;EK+B5C,SAAA;AAAA;AAAA,iBAmIc,cAAA,CAAA;EAAiB,UAAA;EAAY;AAAA,GAAa,mBAAA,GAAmB,kBAAA,CAAA,GAAA,CAAA,OAAA;;;;;;;;;;AL5K7E;;;UMUiB,kBAAA;EACf,IAAA;EACA,YAAA,GAAe,IAAA;EACf,UAAA;AAAA;AAAA,iBA6Bc,aAAA,CAAA;EAAgB,IAAA;EAAM,YAAA;EAAc;AAAA,GAAc,kBAAA,GAAkB,kBAAA,CAAA,GAAA,CAAA,OAAA;;;;;;ANXpF;;KORK,eAAA,MAAqB,aAAA,CAAc,CAAA,IAAK,mBAAA,CAAoB,aAAA,CAAc,CAAA;;;;;;;UAY9D,wBAAA;EPKW;;;;;EOC1B,UAAA;EPDmE;;;;EOMnE,QAAA;EPNuC;;;;;;AAuKzC;;;;;EOrJE,eAAA,EAAiB,eAAA;IACf,UAAA;IACA,QAAA;IACA,gBAAA,GAAmB,WAAA;IACnB,OAAA,GAAU,OAAA;EAAA;ENtEZ;;AAKF;;;;;;;;;;;;;;;;;EMsFE,cAAA,GAAiB,eAAA;IACf,QAAA,EAAU,SAAA;IACV,KAAA;IACA,SAAA;EAAA;ELjG4B;;;;EKuG9B,gBAAA,GAAmB,WAAA;ELjGnB;;;EKqGA,OAAA,GAAU,SAAA;ELhGI;;;;EKqGd,KAAA;ELlGA;;;;;;;;;;;EK8GA,OAAA,GAAU,OAAA;AAAA;AAAA,iBAaI,mBAAA,mBAAA,CAAA;EACd,UAAA;EACA,QAAA;EACA,eAAA;EACA,cAAA;EACA,gBAAA;EACA,OAAA;EACA,KAAA;EACA;AAAA,GACC,wBAAA,CAAyB,OAAA,IAAQ,kBAAA,CAAA,GAAA,CAAA,OAAA;;;;;;;;;;iBC/IpB,kBAAA,CAAA,GAAkB,kBAAA,CAAA,GAAA,CAAA,OAAA;;;;;;;;UCFjB,gBAAA;EACf,QAAA;AAAA;AAAA,iBAGc,WAAA,CAAA;EAAc;AAAA,GAAY,gBAAA,GAAgB,kBAAA,CAAA,GAAA,CAAA,OAAA;;;;;;;;;UCLzC,oBAAA;EACf,SAAA;EACA,QAAA;AAAA;AAAA,iBAGc,eAAA,CAAA;EAAkB,SAAA;EAAmB;AAAA,GAAiB,oBAAA,GAAoB,kBAAA,CAAA,GAAA,CAAA,OAAA;;;cCG7E,YAAA,EAAc,oBAAA"}

package/dist/frontend/index.d.mts

@@ -0,0 +1,317 @@
+import { AuthError, AuthSession, AuthUser, CreateUserInput, SignInCredentials, SignUpCredentials, UpdateUserRoleInput } from "../shared/types.mjs";
+import { ComponentType, MemoExoticComponent, ReactNode } from "react";
+import { QueryClient } from "@tanstack/react-query";
+import * as react_jsx_runtime0 from "react/jsx-runtime";
+import { InvectFrontendPlugin } from "@invect/ui";
+
+//#region src/frontend/providers/AuthProvider.d.ts
+interface AuthContextValue {
+  /** Current authenticated user, null if not signed in */
+  user: AuthUser | null;
+  /** Whether the user is authenticated */
+  isAuthenticated: boolean;
+  /** Whether the session query is still loading */
+  isLoading: boolean;
+  /** Sign in with email/password */
+  signIn: (credentials: SignInCredentials) => Promise<void>;
+  /** Sign up with email/password */
+  signUp: (credentials: SignUpCredentials) => Promise<void>;
+  /** Sign out the current session */
+  signOut: () => Promise<void>;
+  /** Whether a sign-in is in progress */
+  isSigningIn: boolean;
+  /** Whether a sign-up is in progress */
+  isSigningUp: boolean;
+  /** Last auth error, if any */
+  error: string | null;
+}
+interface AuthProviderProps {
+  children: ReactNode;
+  /**
+   * Base URL for the Invect API (e.g. 'http://localhost:3000/invect').
+   * Auth endpoints are at `${baseUrl}/plugins/auth/api/auth/*`.
+   */
+  baseUrl: string;
+}
+declare function AuthProvider({
+  children,
+  baseUrl
+}: AuthProviderProps): react_jsx_runtime0.JSX.Element;
+/**
+ * Access auth context — current user, sign-in/sign-up/sign-out actions.
+ *
+ * Must be used within an `<AuthProvider>`.
+ * Returns a safe fallback (unauthenticated) if provider is missing.
+ */
+declare function useAuth(): AuthContextValue;
+//#endregion
+//#region src/frontend/components/SignInForm.d.ts
+/**
+ * SignInForm — Email/password sign-in form component.
+ *
+ * Uses the AuthProvider's signIn action. Styled to match the Invect
+ * design system with grouped fields, clean labels, and themed inputs.
+ */
+interface SignInFormProps {
+  /** Called after successful sign-in */
+  onSuccess?: () => void;
+  /** Additional CSS class names */
+  className?: string;
+}
+declare function SignInForm({
+  onSuccess,
+  className
+}: SignInFormProps): react_jsx_runtime0.JSX.Element;
+//#endregion
+//#region src/frontend/components/SignInPage.d.ts
+/**
+ * SignInPage — Full-page sign-in component with layout.
+ *
+ * Renders the SignInForm centered on the page with a logo, title,
+ * and grouped fields matching the Invect design system.
+ * Sign-up is not offered — new users are created by admins.
+ */
+interface SignInPageProps {
+  /** Called after successful sign-in */
+  onSuccess?: () => void;
+  /** Called when user clicks "Sign Up" link (optional — hidden if omitted) */
+  onNavigateToSignUp?: () => void;
+  /** Page title */
+  title?: string;
+  /** Page subtitle */
+  subtitle?: string;
+}
+declare function SignInPage({
+  onSuccess,
+  onNavigateToSignUp,
+  title,
+  subtitle
+}: SignInPageProps): react_jsx_runtime0.JSX.Element;
+//#endregion
+//#region src/frontend/components/UserButton.d.ts
+/**
+ * UserButton — Compact user avatar + dropdown for the authenticated user.
+ *
+ * Shows the user's avatar/initials when signed in, with a dropdown
+ * containing their name, email, and sign-out button.
+ * Shows a "Sign In" button when not authenticated.
+ */
+interface UserButtonProps {
+  /** Called when the sign-in button is clicked (unauthenticated state) */
+  onSignInClick?: () => void;
+  /** Additional CSS class names */
+  className?: string;
+}
+declare function UserButton({
+  onSignInClick,
+  className
+}: UserButtonProps): react_jsx_runtime0.JSX.Element;
+//#endregion
+//#region src/frontend/components/AuthGate.d.ts
+interface AuthGateProps {
+  /** Content to show when authenticated */
+  children: ReactNode;
+  /** Content to show when NOT authenticated (defaults to null) */
+  fallback?: ReactNode;
+  /** Content to show while loading (defaults to null) */
+  loading?: ReactNode;
+}
+declare function AuthGate({
+  children,
+  fallback,
+  loading
+}: AuthGateProps): react_jsx_runtime0.JSX.Element;
+//#endregion
+//#region src/frontend/components/UserManagement.d.ts
+/**
+ * UserManagement — Admin panel for managing users.
+ *
+ * Displays a list of users with the ability to:
+ * - Create new users (email/password/role)
+ * - Change user roles
+ * - Delete users
+ *
+ * Only visible to admin users. Uses the auth plugin's
+ * `/plugins/auth/users` endpoints.
+ */
+interface UserManagementProps {
+  /** Base URL for the Invect API (same as AuthProvider's baseUrl) */
+  apiBaseUrl: string;
+  /** Additional CSS class names */
+  className?: string;
+}
+declare function UserManagement({
+  apiBaseUrl,
+  className
+}: UserManagementProps): react_jsx_runtime0.JSX.Element | null;
+//#endregion
+//#region src/frontend/components/ApiKeysDialog.d.ts
+/**
+ * ApiKeysDialog — Admin dialog for managing API keys.
+ *
+ * Displays a list of API keys with the ability to:
+ * - Create new API keys (name, optional expiry)
+ * - Copy newly created keys
+ * - Delete existing keys
+ *
+ * Only functional when the auth plugin has API keys enabled.
+ */
+interface ApiKeysDialogProps {
+  open: boolean;
+  onOpenChange: (open: boolean) => void;
+  apiBaseUrl: string;
+}
+declare function ApiKeysDialog({
+  open,
+  onOpenChange,
+  apiBaseUrl
+}: ApiKeysDialogProps): react_jsx_runtime0.JSX.Element;
+//#endregion
+//#region src/frontend/components/AuthenticatedInvect.d.ts
+/**
+ * Accepts both a plain component and a React.memo-wrapped component.
+ * React.memo returns MemoExoticComponent which isn't directly assignable
+ * to ComponentType in TypeScript, but is valid in JSX.
+ */
+type ComponentOrMemo<P> = ComponentType<P> | MemoExoticComponent<ComponentType<P>>;
+/**
+ * Generic over TPlugin so that passing a typed InvectComponent (e.g. one that
+ * expects `plugins?: InvectFrontendPlugin[]`) causes TypeScript to infer the
+ * correct element type for the `plugins` prop on AuthenticatedInvect itself.
+ * Defaults to `unknown` for the no-plugins case.
+ */
+interface AuthenticatedInvectProps<TPlugin = unknown> {
+  /**
+   * Base URL for the Invect API.
+   * Used for both auth endpoints and the Invect component.
+   * @example '/api/invect' or 'http://localhost:3000/invect'
+   */
+  apiBaseUrl?: string;
+  /**
+   * Base path where Invect is mounted in the browser.
+   * @default '/invect'
+   */
+  basePath?: string;
+  /**
+   * The Invect component to render when authenticated.
+   * Pass this to avoid a direct dependency on @invect/ui.
+   * Accepts both plain and React.memo-wrapped components.
+   *
+   * @example
+   * ```tsx
+   * import { Invect } from '@invect/ui';
+   * <AuthenticatedInvect InvectComponent={Invect} />
+   * ```
+   */
+  InvectComponent: ComponentOrMemo<{
+    apiBaseUrl?: string;
+    basePath?: string;
+    reactQueryClient?: QueryClient;
+    plugins?: TPlugin[];
+  }>;
+  /**
+   * The InvectShell component that provides the `.invect` CSS scope.
+   * This ensures theme tokens work for both the sign-in page and the
+   * Invect editor. Import from `@invect/ui`.
+   *
+   * `children` is typed as `unknown` rather than `ReactNode` to avoid a
+   * structural incompatibility between `@types/react@18` (used here) and
+   * `@types/react@19` (used by `@invect/ui`) where `ReactPortal`
+   * changed between versions.
+   *
+   * If not provided, the auth UI renders without the Invect CSS scope
+   * and must rely on the host app's styling.
+   *
+   * @example
+   * ```tsx
+   * import { InvectShell } from '@invect/ui';
+   * <AuthenticatedInvect ShellComponent={InvectShell} />
+   * ```
+   */
+  ShellComponent?: ComponentOrMemo<{
+    children: ReactNode;
+    theme?: 'light' | 'dark' | 'system';
+    className?: string;
+  }>;
+  /**
+   * Optional React Query client. If provided, it's shared between
+   * the auth provider and the Invect component.
+   */
+  reactQueryClient?: QueryClient;
+  /**
+   * Content to display while checking session status.
+   */
+  loading?: ReactNode;
+  /**
+   * Theme for the shell wrapper.
+   * @default 'system'
+   */
+  theme?: 'light' | 'dark' | 'system';
+  /**
+   * Frontend plugins forwarded to InvectComponent.
+   * The element type is inferred from InvectComponent's `plugins` prop type,
+   * so this stays consistent with whatever component you pass.
+   *
+   * @example
+   * ```tsx
+   * import { rbacFrontend } from '@invect/rbac/ui';
+   * <AuthenticatedInvect plugins={[rbacFrontend]} />
+   * ```
+   */
+  plugins?: TPlugin[];
+}
+declare function AuthenticatedInvect<TPlugin = unknown>({
+  apiBaseUrl,
+  basePath,
+  InvectComponent,
+  ShellComponent,
+  reactQueryClient,
+  loading,
+  theme,
+  plugins
+}: AuthenticatedInvectProps<TPlugin>): react_jsx_runtime0.JSX.Element;
+//#endregion
+//#region src/frontend/components/UserManagementPage.d.ts
+/**
+ * UserManagementPage — Standalone page for user management.
+ *
+ * Wraps the existing UserManagement component in a page layout
+ * consistent with the Access Control page style. Registered as a
+ * plugin route contribution at '/users'.
+ */
+declare function UserManagementPage(): react_jsx_runtime0.JSX.Element;
+//#endregion
+//#region src/frontend/components/ProfilePage.d.ts
+/**
+ * ProfilePage — Standalone page for the current authenticated user.
+ *
+ * Shows basic account information and provides a sign-out action.
+ */
+interface ProfilePageProps {
+  basePath: string;
+}
+declare function ProfilePage({
+  basePath
+}: ProfilePageProps): react_jsx_runtime0.JSX.Element;
+//#endregion
+//#region src/frontend/components/SidebarUserMenu.d.ts
+/**
+ * SidebarUserMenu — User avatar link in the sidebar footer.
+ *
+ * Clicking navigates directly to the profile page.
+ * Sign-out is available on the profile page itself.
+ */
+interface SidebarUserMenuProps {
+  collapsed?: boolean;
+  basePath?: string;
+}
+declare function SidebarUserMenu({
+  collapsed,
+  basePath
+}: SidebarUserMenuProps): react_jsx_runtime0.JSX.Element | null;
+//#endregion
+//#region src/frontend/plugins/authFrontendPlugin.d.ts
+declare const authFrontend: InvectFrontendPlugin;
+//#endregion
+export { ApiKeysDialog, type ApiKeysDialogProps, type AuthContextValue, type AuthError, AuthGate, type AuthGateProps, AuthProvider, type AuthProviderProps, type AuthSession, type AuthUser, AuthenticatedInvect, type AuthenticatedInvectProps, type CreateUserInput, ProfilePage, SidebarUserMenu, type SidebarUserMenuProps, type SignInCredentials, SignInForm, type SignInFormProps, SignInPage, type SignInPageProps, type UpdateUserRoleInput, UserButton, type UserButtonProps, UserManagement, UserManagementPage, type UserManagementProps, authFrontend, useAuth };
+//# sourceMappingURL=index.d.mts.map

package/dist/frontend/index.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.mts","names":[],"sources":["../../src/frontend/providers/AuthProvider.tsx","../../src/frontend/components/SignInForm.tsx","../../src/frontend/components/SignInPage.tsx","../../src/frontend/components/UserButton.tsx","../../src/frontend/components/AuthGate.tsx","../../src/frontend/components/UserManagement.tsx","../../src/frontend/components/ApiKeysDialog.tsx","../../src/frontend/components/AuthenticatedInvect.tsx","../../src/frontend/components/UserManagementPage.tsx","../../src/frontend/components/ProfilePage.tsx","../../src/frontend/components/SidebarUserMenu.tsx","../../src/frontend/plugins/authFrontendPlugin.ts"],"mappings":";;;;;;;UAqBiB,gBAAA;EAET;EAAN,IAAA,EAAM,QAAA;EAMsC;EAJ5C,eAAA;EAM4C;EAJ5C,SAAA;EAMsB;EAJtB,MAAA,GAAS,WAAA,EAAa,iBAAA,KAAsB,OAAA;EAN5C;EAQA,MAAA,GAAS,WAAA,EAAa,iBAAA,KAAsB,OAAA;EAN5C;EAQA,OAAA,QAAe,OAAA;EAJf;EAMA,WAAA;EANS;EAQT,WAAA;EANA;EAQA,KAAA;AAAA;AAAA,UAae,iBAAA;EACf,QAAA,EAAU,SAAA;EApBK;;;;EAyBf,OAAA;AAAA;AAAA,iBAGc,YAAA,CAAA;EAAe,QAAA;EAAU;AAAA,GAAW,iBAAA,GAAiB,kBAAA,CAAA,GAAA,CAAA,OAAA;;;;;;;iBAuKrD,OAAA,CAAA,GAAW,gBAAA;;;;;;;;;UCzNV,eAAA;EDUA;ECRf,SAAA;;EAEA,SAAA;AAAA;AAAA,iBAGc,UAAA,CAAA;EAAa,SAAA;EAAW;AAAA,GAAa,eAAA,GAAe,kBAAA,CAAA,GAAA,CAAA,OAAA;;;;;;;;;;UCRnD,eAAA;EFWgB;EET/B,SAAA;EFWM;EETN,kBAAA;EFe4C;EEb5C,KAAA;EFe4C;EEb5C,QAAA;AAAA;AAAA,iBAGc,UAAA,CAAA;EACd,SAAA;EACA,kBAAA;EACA,KAAA;EACA;AAAA,GACC,eAAA,GAAe,kBAAA,CAAA,GAAA,CAAA,OAAA;;;;;;;;;;UCbD,eAAA;EHQgB;EGN/B,aAAA;EHQM;EGNN,SAAA;AAAA;AAAA,iBAGc,UAAA,CAAA;EAAa,aAAA;EAAe;AAAA,GAAa,eAAA,GAAe,kBAAA,CAAA,GAAA,CAAA,OAAA;;;UCVvD,aAAA;EJWgB;EIT/B,QAAA,EAAU,SAAA;EJWJ;EITN,QAAA,GAAW,SAAA;EJeiC;EIb5C,OAAA,GAAU,SAAA;AAAA;AAAA,iBAGI,QAAA,CAAA;EAAW,QAAA;EAAU,QAAA;EAAiB;AAAA,GAAkB,aAAA,GAAa,kBAAA,CAAA,GAAA,CAAA,OAAA;;;;;;;;;;AJErF;;;;UKqCiB,mBAAA;EL7B6B;EK+B5C,UAAA;EL7B4C;EK+B5C,SAAA;AAAA;AAAA,iBAmIc,cAAA,CAAA;EAAiB,UAAA;EAAY;AAAA,GAAa,mBAAA,GAAmB,kBAAA,CAAA,GAAA,CAAA,OAAA;;;;;;;;;;AL5K7E;;;UMUiB,kBAAA;EACf,IAAA;EACA,YAAA,GAAe,IAAA;EACf,UAAA;AAAA;AAAA,iBA6Bc,aAAA,CAAA;EAAgB,IAAA;EAAM,YAAA;EAAc;AAAA,GAAc,kBAAA,GAAkB,kBAAA,CAAA,GAAA,CAAA,OAAA;;;;;;ANXpF;;KORK,eAAA,MAAqB,aAAA,CAAc,CAAA,IAAK,mBAAA,CAAoB,aAAA,CAAc,CAAA;;;;;;;UAY9D,wBAAA;EPKW;;;;;EOC1B,UAAA;EPDmE;;;;EOMnE,QAAA;EPNuC;;;;;;AAuKzC;;;;;EOrJE,eAAA,EAAiB,eAAA;IACf,UAAA;IACA,QAAA;IACA,gBAAA,GAAmB,WAAA;IACnB,OAAA,GAAU,OAAA;EAAA;ENtEZ;;AAKF;;;;;;;;;;;;;;;;;EMsFE,cAAA,GAAiB,eAAA;IACf,QAAA,EAAU,SAAA;IACV,KAAA;IACA,SAAA;EAAA;ELjG4B;;;;EKuG9B,gBAAA,GAAmB,WAAA;ELjGnB;;;EKqGA,OAAA,GAAU,SAAA;ELhGI;;;;EKqGd,KAAA;ELlGA;;;;;;;;;;;EK8GA,OAAA,GAAU,OAAA;AAAA;AAAA,iBAaI,mBAAA,mBAAA,CAAA;EACd,UAAA;EACA,QAAA;EACA,eAAA;EACA,cAAA;EACA,gBAAA;EACA,OAAA;EACA,KAAA;EACA;AAAA,GACC,wBAAA,CAAyB,OAAA,IAAQ,kBAAA,CAAA,GAAA,CAAA,OAAA;;;;;;;;;;iBC/IpB,kBAAA,CAAA,GAAkB,kBAAA,CAAA,GAAA,CAAA,OAAA;;;;;;;;UCFjB,gBAAA;EACf,QAAA;AAAA;AAAA,iBAGc,WAAA,CAAA;EAAc;AAAA,GAAY,gBAAA,GAAgB,kBAAA,CAAA,GAAA,CAAA,OAAA;;;;;;;;;UCLzC,oBAAA;EACf,SAAA;EACA,QAAA;AAAA;AAAA,iBAGc,eAAA,CAAA;EAAkB,SAAA;EAAmB;AAAA,GAAiB,oBAAA,GAAoB,kBAAA,CAAA,GAAA,CAAA,OAAA;;;cCG7E,YAAA,EAAc,oBAAA"}

package/dist/frontend/index.d.ts

@@ -18,12 +18,14 @@ export { AuthGate } from './components/AuthGate';
 export type { AuthGateProps } from './components/AuthGate';
 export { UserManagement } from './components/UserManagement';
 export type { UserManagementProps } from './components/UserManagement';
+export { ApiKeysDialog } from './components/ApiKeysDialog';
+export type { ApiKeysDialogProps } from './components/ApiKeysDialog';
 export { AuthenticatedInvect } from './components/AuthenticatedInvect';
 export type { AuthenticatedInvectProps } from './components/AuthenticatedInvect';
 export { UserManagementPage } from './components/UserManagementPage';
 export { ProfilePage } from './components/ProfilePage';
 export { SidebarUserMenu } from './components/SidebarUserMenu';
 export type { SidebarUserMenuProps } from './components/SidebarUserMenu';
-export { authFrontendPlugin } from './plugins/authFrontendPlugin';
+export { authFrontend } from './plugins/authFrontendPlugin';
 export type { AuthSession, AuthUser, SignInCredentials, CreateUserInput, UpdateUserRoleInput, AuthError, } from '../shared/types';
 //# sourceMappingURL=index.d.ts.map

package/dist/frontend/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/frontend/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AACjE,YAAY,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAGpF,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AACrD,YAAY,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAG/D,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AACrD,YAAY,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAG/D,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AACrD,YAAY,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AACjD,YAAY,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAG3D,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC7D,YAAY,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AAGvE,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AACvE,YAAY,EAAE,wBAAwB,EAAE,MAAM,kCAAkC,CAAC;AAGjF,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAGvD,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,YAAY,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AAGzE,OAAO,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAGlE,YAAY,EACV,WAAW,EACX,QAAQ,EACR,iBAAiB,EACjB,eAAe,EACf,mBAAmB,EACnB,SAAS,GACV,MAAM,iBAAiB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/frontend/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AACjE,YAAY,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAGpF,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AACrD,YAAY,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAG/D,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AACrD,YAAY,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAG/D,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AACrD,YAAY,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AACjD,YAAY,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAG3D,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC7D,YAAY,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AAGvE,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAC3D,YAAY,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAGrE,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AACvE,YAAY,EAAE,wBAAwB,EAAE,MAAM,kCAAkC,CAAC;AAGjF,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAGvD,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,YAAY,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AAGzE,OAAO,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAC;AAG5D,YAAY,EACV,WAAW,EACX,QAAQ,EACR,iBAAiB,EACjB,eAAe,EACf,mBAAmB,EACnB,SAAS,GACV,MAAM,iBAAiB,CAAC"}