@juspay/neurolink 9.31.2 → 9.32.0

package/dist/auth/authContext.d.ts

@@ -0,0 +1,198 @@
+import type { AuthUser, AuthSession, AuthenticatedContext, AuthProviderType, AuthRequestContext } from "../types/authTypes.js";
+/**
+ * Run a function with authentication context
+ *
+ * Sets up async local storage so getAuthContext() can be called
+ * from anywhere within the callback's execution.
+ *
+ * @param context - The authenticated context
+ * @param callback - Function to run with context available
+ * @returns Result of the callback
+ *
+ * @example
+ * ```typescript
+ * await runWithAuthContext(authContext, async () => {
+ *   // Inside here, getAuthContext() returns the context
+ *   const user = getCurrentUser();
+ *   await processRequest();
+ * });
+ * ```
+ */
+export declare function runWithAuthContext<T>(context: AuthenticatedContext, callback: () => T | Promise<T>): T | Promise<T>;
+/**
+ * Get the current authentication context
+ *
+ * Returns the authenticated context for the current request,
+ * or undefined if no context is set.
+ *
+ * @returns Current auth context or undefined
+ *
+ * @example
+ * ```typescript
+ * const context = getAuthContext();
+ * if (context) {
+ *   console.log("Current user:", context.user.email);
+ * }
+ * ```
+ */
+export declare function getAuthContext(): AuthenticatedContext | undefined;
+/**
+ * Get the current authenticated user
+ *
+ * Convenience function to get just the user from context.
+ *
+ * @returns Current user or undefined
+ *
+ * @example
+ * ```typescript
+ * const user = getCurrentUser();
+ * if (user) {
+ *   console.log("Hello,", user.name);
+ * }
+ * ```
+ */
+export declare function getCurrentUser(): AuthUser | undefined;
+/**
+ * Get the current session
+ *
+ * Convenience function to get just the session from context.
+ *
+ * @returns Current session or undefined
+ */
+export declare function getCurrentSession(): AuthSession | undefined;
+/**
+ * Check if the current request is authenticated
+ *
+ * @returns True if authenticated, false otherwise
+ */
+export declare function isAuthenticated(): boolean;
+/**
+ * Require authentication
+ *
+ * Throws if no auth context is available.
+ *
+ * @returns The authenticated context
+ * @throws Error if not authenticated
+ *
+ * @example
+ * ```typescript
+ * const context = requireAuth();
+ * // Safe to use context.user here
+ * ```
+ */
+export declare function requireAuth(): AuthenticatedContext;
+/**
+ * Require a specific user
+ *
+ * Throws if no auth context or user doesn't match.
+ *
+ * @param userId - Expected user ID
+ * @returns The authenticated context
+ * @throws Error if not authenticated or wrong user
+ */
+export declare function requireUser(userId: string): AuthenticatedContext;
+/**
+ * Check if current user has a permission
+ *
+ * @param permission - Permission to check
+ * @returns True if user has permission
+ */
+export declare function hasPermission(permission: string): boolean;
+/**
+ * Check if current user has a role
+ *
+ * @param role - Role to check
+ * @returns True if user has role
+ */
+export declare function hasRole(role: string): boolean;
+/**
+ * Check if current user has any of the roles
+ *
+ * @param roles - Roles to check (any of)
+ * @returns True if user has at least one role
+ */
+export declare function hasAnyRole(roles: string[]): boolean;
+/**
+ * Check if current user has all permissions
+ *
+ * @param permissions - Permissions to check (all of)
+ * @returns True if user has all permissions
+ */
+export declare function hasAllPermissions(permissions: string[]): boolean;
+/**
+ * Require a permission
+ *
+ * Throws if user doesn't have the permission.
+ *
+ * @param permission - Required permission
+ * @throws Error if user lacks permission
+ *
+ * @example
+ * ```typescript
+ * requirePermission("admin:write");
+ * // Safe to proceed with admin write operation
+ * ```
+ */
+export declare function requirePermission(permission: string): void;
+/**
+ * Require a role
+ *
+ * Throws if user doesn't have the role.
+ *
+ * @param role - Required role
+ * @throws Error if user lacks role
+ */
+export declare function requireRole(role: string): void;
+/**
+ * Create an authenticated context
+ *
+ * Helper to build an AuthenticatedContext object.
+ *
+ * @param user - The authenticated user
+ * @param session - The user's session
+ * @param request - The original request context
+ * @param provider - The auth provider type
+ * @returns Complete authenticated context
+ */
+export declare function createAuthenticatedContext(user: AuthUser, session: AuthSession, request: AuthRequestContext, provider: AuthProviderType): AuthenticatedContext;
+/**
+ * Context holder for non-async-local-storage environments
+ *
+ * Use this when async local storage is not available.
+ */
+export declare class AuthContextHolder {
+    private context;
+    /**
+     * Set the auth context
+     */
+    set(context: AuthenticatedContext): void;
+    /**
+     * Get the auth context
+     */
+    get(): AuthenticatedContext | undefined;
+    /**
+     * Clear the auth context
+     */
+    clear(): void;
+    /**
+     * Get the current user
+     */
+    getUser(): AuthUser | undefined;
+    /**
+     * Get the current session
+     */
+    getSession(): AuthSession | undefined;
+    /**
+     * Check if authenticated
+     */
+    isAuthenticated(): boolean;
+    /**
+     * Check if user has permission
+     */
+    hasPermission(permission: string): boolean;
+    /**
+     * Check if user has role
+     */
+    hasRole(role: string): boolean;
+}
+export declare const globalAuthContext: AuthContextHolder;

package/dist/auth/authContext.js

@@ -0,0 +1,314 @@
+// src/lib/auth/authContext.ts
+import { AsyncLocalStorage } from "async_hooks";
+import { AuthError } from "./errors.js";
+/**
+ * Async local storage for auth context
+ *
+ * Enables access to authentication context throughout the request lifecycle
+ * without explicitly passing it through every function call.
+ */
+const authContextStorage = new AsyncLocalStorage();
+/**
+ * Run a function with authentication context
+ *
+ * Sets up async local storage so getAuthContext() can be called
+ * from anywhere within the callback's execution.
+ *
+ * @param context - The authenticated context
+ * @param callback - Function to run with context available
+ * @returns Result of the callback
+ *
+ * @example
+ * ```typescript
+ * await runWithAuthContext(authContext, async () => {
+ *   // Inside here, getAuthContext() returns the context
+ *   const user = getCurrentUser();
+ *   await processRequest();
+ * });
+ * ```
+ */
+export function runWithAuthContext(context, callback) {
+    return authContextStorage.run(context, callback);
+}
+/**
+ * Get the current authentication context
+ *
+ * Returns the authenticated context for the current request,
+ * or undefined if no context is set.
+ *
+ * @returns Current auth context or undefined
+ *
+ * @example
+ * ```typescript
+ * const context = getAuthContext();
+ * if (context) {
+ *   console.log("Current user:", context.user.email);
+ * }
+ * ```
+ */
+export function getAuthContext() {
+    return authContextStorage.getStore() ?? globalAuthContext.get();
+}
+/**
+ * Get the current authenticated user
+ *
+ * Convenience function to get just the user from context.
+ *
+ * @returns Current user or undefined
+ *
+ * @example
+ * ```typescript
+ * const user = getCurrentUser();
+ * if (user) {
+ *   console.log("Hello,", user.name);
+ * }
+ * ```
+ */
+export function getCurrentUser() {
+    return (authContextStorage.getStore() ?? globalAuthContext.get())?.user;
+}
+/**
+ * Get the current session
+ *
+ * Convenience function to get just the session from context.
+ *
+ * @returns Current session or undefined
+ */
+export function getCurrentSession() {
+    return (authContextStorage.getStore() ?? globalAuthContext.get())?.session;
+}
+/**
+ * Check if the current request is authenticated
+ *
+ * @returns True if authenticated, false otherwise
+ */
+export function isAuthenticated() {
+    return (authContextStorage.getStore() !== undefined ||
+        globalAuthContext.isAuthenticated());
+}
+/**
+ * Require authentication
+ *
+ * Throws if no auth context is available.
+ *
+ * @returns The authenticated context
+ * @throws Error if not authenticated
+ *
+ * @example
+ * ```typescript
+ * const context = requireAuth();
+ * // Safe to use context.user here
+ * ```
+ */
+export function requireAuth() {
+    const context = getAuthContext();
+    if (!context) {
+        throw AuthError.create("MISSING_TOKEN", "Authentication required");
+    }
+    return context;
+}
+/**
+ * Require a specific user
+ *
+ * Throws if no auth context or user doesn't match.
+ *
+ * @param userId - Expected user ID
+ * @returns The authenticated context
+ * @throws Error if not authenticated or wrong user
+ */
+export function requireUser(userId) {
+    const context = requireAuth();
+    if (context.user.id !== userId) {
+        throw AuthError.create("ACCESS_DENIED", "User mismatch");
+    }
+    return context;
+}
+/**
+ * Check if current user has a permission
+ *
+ * @param permission - Permission to check
+ * @returns True if user has permission
+ */
+export function hasPermission(permission) {
+    const user = getCurrentUser();
+    if (!user) {
+        return false;
+    }
+    // Check direct permission
+    if (user.permissions.includes(permission)) {
+        return true;
+    }
+    // Check wildcard
+    if (user.permissions.includes("*")) {
+        return true;
+    }
+    // Check permission hierarchy
+    const parts = permission.split(":");
+    for (let i = parts.length - 1; i > 0; i--) {
+        const wildcardPerm = [...parts.slice(0, i), "*"].join(":");
+        if (user.permissions.includes(wildcardPerm)) {
+            return true;
+        }
+    }
+    return false;
+}
+/**
+ * Check if current user has a role
+ *
+ * @param role - Role to check
+ * @returns True if user has role
+ */
+export function hasRole(role) {
+    const user = getCurrentUser();
+    return user?.roles.includes(role) ?? false;
+}
+/**
+ * Check if current user has any of the roles
+ *
+ * @param roles - Roles to check (any of)
+ * @returns True if user has at least one role
+ */
+export function hasAnyRole(roles) {
+    const user = getCurrentUser();
+    if (!user) {
+        return false;
+    }
+    return roles.some((role) => user.roles.includes(role));
+}
+/**
+ * Check if current user has all permissions
+ *
+ * @param permissions - Permissions to check (all of)
+ * @returns True if user has all permissions
+ */
+export function hasAllPermissions(permissions) {
+    return permissions.every((perm) => hasPermission(perm));
+}
+/**
+ * Require a permission
+ *
+ * Throws if user doesn't have the permission.
+ *
+ * @param permission - Required permission
+ * @throws Error if user lacks permission
+ *
+ * @example
+ * ```typescript
+ * requirePermission("admin:write");
+ * // Safe to proceed with admin write operation
+ * ```
+ */
+export function requirePermission(permission) {
+    if (!hasPermission(permission)) {
+        throw AuthError.create("INSUFFICIENT_PERMISSIONS", `Permission denied: ${permission}`);
+    }
+}
+/**
+ * Require a role
+ *
+ * Throws if user doesn't have the role.
+ *
+ * @param role - Required role
+ * @throws Error if user lacks role
+ */
+export function requireRole(role) {
+    if (!hasRole(role)) {
+        throw AuthError.create("INSUFFICIENT_ROLES", `Role required: ${role}`);
+    }
+}
+/**
+ * Create an authenticated context
+ *
+ * Helper to build an AuthenticatedContext object.
+ *
+ * @param user - The authenticated user
+ * @param session - The user's session
+ * @param request - The original request context
+ * @param provider - The auth provider type
+ * @returns Complete authenticated context
+ */
+export function createAuthenticatedContext(user, session, request, provider) {
+    return {
+        ...request,
+        user,
+        session,
+        request,
+        authenticatedAt: new Date(),
+        provider,
+    };
+}
+/**
+ * Context holder for non-async-local-storage environments
+ *
+ * Use this when async local storage is not available.
+ */
+export class AuthContextHolder {
+    context;
+    /**
+     * Set the auth context
+     */
+    set(context) {
+        this.context = context;
+    }
+    /**
+     * Get the auth context
+     */
+    get() {
+        return this.context;
+    }
+    /**
+     * Clear the auth context
+     */
+    clear() {
+        this.context = undefined;
+    }
+    /**
+     * Get the current user
+     */
+    getUser() {
+        return this.context?.user;
+    }
+    /**
+     * Get the current session
+     */
+    getSession() {
+        return this.context?.session;
+    }
+    /**
+     * Check if authenticated
+     */
+    isAuthenticated() {
+        return this.context !== undefined;
+    }
+    /**
+     * Check if user has permission
+     */
+    hasPermission(permission) {
+        const user = this.context?.user;
+        if (!user) {
+            return false;
+        }
+        if (user.permissions.includes(permission) ||
+            user.permissions.includes("*")) {
+            return true;
+        }
+        // Check hierarchy
+        const parts = permission.split(":");
+        for (let i = parts.length - 1; i > 0; i--) {
+            const wildcardPerm = [...parts.slice(0, i), "*"].join(":");
+            if (user.permissions.includes(wildcardPerm)) {
+                return true;
+            }
+        }
+        return false;
+    }
+    /**
+     * Check if user has role
+     */
+    hasRole(role) {
+        return this.context?.user.roles.includes(role) ?? false;
+    }
+}
+// Internal: global context holder for non-async environments.
+// Exported for use by neurolink.ts; not part of the public API contract.
+export const globalAuthContext = new AuthContextHolder();

package/dist/auth/errors.d.ts

@@ -0,0 +1,63 @@
+export declare const AuthErrorCodes: {
+    readonly INVALID_TOKEN: "AUTH-001";
+    readonly EXPIRED_TOKEN: "AUTH-002";
+    readonly MISSING_TOKEN: "AUTH-003";
+    readonly TOKEN_DECODE_FAILED: "AUTH-004";
+    readonly INVALID_SIGNATURE: "AUTH-005";
+    readonly SESSION_NOT_FOUND: "AUTH-010";
+    readonly SESSION_EXPIRED: "AUTH-011";
+    readonly SESSION_REVOKED: "AUTH-012";
+    readonly INSUFFICIENT_PERMISSIONS: "AUTH-020";
+    readonly INSUFFICIENT_ROLES: "AUTH-021";
+    readonly ACCESS_DENIED: "AUTH-022";
+    readonly USER_NOT_FOUND: "AUTH-030";
+    readonly USER_DISABLED: "AUTH-031";
+    readonly EMAIL_NOT_VERIFIED: "AUTH-032";
+    readonly MFA_REQUIRED: "AUTH-033";
+    readonly PROVIDER_ERROR: "AUTH-040";
+    readonly PROVIDER_NOT_FOUND: "AUTH-041";
+    readonly PROVIDER_INIT_FAILED: "AUTH-042";
+    readonly CONFIGURATION_ERROR: "AUTH-043";
+    readonly CREATION_FAILED: "AUTH-050";
+    readonly REGISTRATION_FAILED: "AUTH-051";
+    readonly DUPLICATE_REGISTRATION: "AUTH-052";
+    readonly MIDDLEWARE_ERROR: "AUTH-060";
+    readonly RATE_LIMITED: "AUTH-061";
+    readonly JWKS_FETCH_FAILED: "AUTH-070";
+    readonly JWKS_KEY_NOT_FOUND: "AUTH-071";
+};
+export declare const AuthError: {
+    codes: {
+        readonly INVALID_TOKEN: "AUTH-001";
+        readonly EXPIRED_TOKEN: "AUTH-002";
+        readonly MISSING_TOKEN: "AUTH-003";
+        readonly TOKEN_DECODE_FAILED: "AUTH-004";
+        readonly INVALID_SIGNATURE: "AUTH-005";
+        readonly SESSION_NOT_FOUND: "AUTH-010";
+        readonly SESSION_EXPIRED: "AUTH-011";
+        readonly SESSION_REVOKED: "AUTH-012";
+        readonly INSUFFICIENT_PERMISSIONS: "AUTH-020";
+        readonly INSUFFICIENT_ROLES: "AUTH-021";
+        readonly ACCESS_DENIED: "AUTH-022";
+        readonly USER_NOT_FOUND: "AUTH-030";
+        readonly USER_DISABLED: "AUTH-031";
+        readonly EMAIL_NOT_VERIFIED: "AUTH-032";
+        readonly MFA_REQUIRED: "AUTH-033";
+        readonly PROVIDER_ERROR: "AUTH-040";
+        readonly PROVIDER_NOT_FOUND: "AUTH-041";
+        readonly PROVIDER_INIT_FAILED: "AUTH-042";
+        readonly CONFIGURATION_ERROR: "AUTH-043";
+        readonly CREATION_FAILED: "AUTH-050";
+        readonly REGISTRATION_FAILED: "AUTH-051";
+        readonly DUPLICATE_REGISTRATION: "AUTH-052";
+        readonly MIDDLEWARE_ERROR: "AUTH-060";
+        readonly RATE_LIMITED: "AUTH-061";
+        readonly JWKS_FETCH_FAILED: "AUTH-070";
+        readonly JWKS_KEY_NOT_FOUND: "AUTH-071";
+    };
+    create: (code: "SESSION_NOT_FOUND" | "INVALID_TOKEN" | "EXPIRED_TOKEN" | "MISSING_TOKEN" | "TOKEN_DECODE_FAILED" | "INVALID_SIGNATURE" | "SESSION_EXPIRED" | "SESSION_REVOKED" | "INSUFFICIENT_PERMISSIONS" | "INSUFFICIENT_ROLES" | "ACCESS_DENIED" | "USER_NOT_FOUND" | "USER_DISABLED" | "EMAIL_NOT_VERIFIED" | "MFA_REQUIRED" | "PROVIDER_ERROR" | "PROVIDER_NOT_FOUND" | "PROVIDER_INIT_FAILED" | "CONFIGURATION_ERROR" | "CREATION_FAILED" | "REGISTRATION_FAILED" | "DUPLICATE_REGISTRATION" | "MIDDLEWARE_ERROR" | "RATE_LIMITED" | "JWKS_FETCH_FAILED" | "JWKS_KEY_NOT_FOUND", message: string, options?: {
+        retryable?: boolean;
+        details?: Record<string, unknown>;
+        cause?: Error;
+    } | undefined) => import("../core/infrastructure/baseError.js").NeuroLinkFeatureError;
+};

package/dist/auth/errors.js

@@ -0,0 +1,39 @@
+// src/lib/auth/errors.ts — Unified auth error codes (Phase 1 of auth error redesign)
+import { createErrorFactory } from "../core/infrastructure/baseError.js";
+export const AuthErrorCodes = {
+    // Token errors
+    INVALID_TOKEN: "AUTH-001",
+    EXPIRED_TOKEN: "AUTH-002",
+    MISSING_TOKEN: "AUTH-003",
+    TOKEN_DECODE_FAILED: "AUTH-004",
+    INVALID_SIGNATURE: "AUTH-005",
+    // Session errors
+    SESSION_NOT_FOUND: "AUTH-010",
+    SESSION_EXPIRED: "AUTH-011",
+    SESSION_REVOKED: "AUTH-012",
+    // Authorization errors
+    INSUFFICIENT_PERMISSIONS: "AUTH-020",
+    INSUFFICIENT_ROLES: "AUTH-021",
+    ACCESS_DENIED: "AUTH-022",
+    // User errors
+    USER_NOT_FOUND: "AUTH-030",
+    USER_DISABLED: "AUTH-031",
+    EMAIL_NOT_VERIFIED: "AUTH-032",
+    MFA_REQUIRED: "AUTH-033",
+    // Provider errors
+    PROVIDER_ERROR: "AUTH-040",
+    PROVIDER_NOT_FOUND: "AUTH-041",
+    PROVIDER_INIT_FAILED: "AUTH-042",
+    CONFIGURATION_ERROR: "AUTH-043",
+    // Factory/Registry errors
+    CREATION_FAILED: "AUTH-050",
+    REGISTRATION_FAILED: "AUTH-051",
+    DUPLICATE_REGISTRATION: "AUTH-052",
+    // Middleware errors
+    MIDDLEWARE_ERROR: "AUTH-060",
+    RATE_LIMITED: "AUTH-061",
+    // JWKS errors
+    JWKS_FETCH_FAILED: "AUTH-070",
+    JWKS_KEY_NOT_FOUND: "AUTH-071",
+};
+export const AuthError = createErrorFactory("Auth", AuthErrorCodes);

package/dist/auth/index.d.ts

@@ -1,22 +1,34 @@
 /**
  * NeuroLink Authentication Module
  *
- * Provides OAuth 2.0 authentication support for Claude Pro/Max subscriptions
- * and secure token storage.
- *
- * Key components:
- * - AnthropicOAuth: OAuth 2.0 flow implementation with PKCE support
- * - TokenStore: Secure local storage for OAuth tokens
- * - Callback Server: Local HTTP server for OAuth redirects
+ * Exports the full multi-provider authentication system including:
+ * - Anthropic OAuth 2.0 flow (PKCE, token storage, callback server)
+ * - Multi-provider auth (Auth0, Clerk, Firebase, Supabase, Cognito,
+ *   Keycloak, Better Auth, WorkOS, JWT, OAuth2, Custom)
+ * - AuthProviderFactory / AuthProviderRegistry for lazy-loaded provider creation
+ * - Auth middleware (token extraction, RBAC, rate limiting)
+ * - Session management (memory, Redis)
+ * - Auth context (AsyncLocalStorage-based request scoping)
  */
 export { ANTHROPIC_OAUTH_BASE_URL, DEFAULT_SCOPES, DEFAULT_REDIRECT_URI, DEFAULT_CALLBACK_PORT, } from "./anthropicOAuth.js";
 export { AnthropicOAuth } from "./anthropicOAuth.js";
 export { OAuthError, OAuthConfigurationError, OAuthTokenExchangeError, OAuthTokenRefreshError, OAuthTokenValidationError, OAuthTokenRevocationError, OAuthCallbackServerError, } from "../types/errors.js";
 export { createAnthropicOAuth, createAnthropicOAuthConfig, hasAnthropicOAuthCredentials, startCallbackServer, stopCallbackServer, performOAuthFlow, } from "./anthropicOAuth.js";
-export type { OAuthTokenResponse, OAuthFlowTokens, OAuthFlowTokens as OAuthTokens, TokenValidationResult, AnthropicOAuthConfig, PKCEParams, CallbackResult, } from "../types/index.js";
+export type { OAuthTokenResponse, OAuthFlowTokens, OAuthFlowTokens as OAuthTokens, TokenValidationResult as OAuthTokenValidationResult, AnthropicOAuthConfig, PKCEParams, CallbackResult, } from "../types/index.js";
 export { TokenStore, tokenStore, defaultTokenStore } from "./tokenStore.js";
 export { TokenStoreError } from "../types/errors.js";
 export type { StoredOAuthTokens, TokenRefresher } from "../types/authTypes.js";
 export type { NeuroLinkAuthOptions, AuthStatus } from "../types/index.js";
 export { AccountPool } from "./accountPool.js";
 export type { ProxyAccount, AccountPoolConfig } from "../types/index.js";
+export { AuthProviderFactory, createAuthProvider, } from "./AuthProviderFactory.js";
+export { AuthProviderRegistry } from "./AuthProviderRegistry.js";
+export { AuthError, AuthErrorCodes } from "./errors.js";
+export { AuthProviderError, BaseAuthProvider, InMemorySessionStorage, } from "./providers/BaseAuthProvider.js";
+export { AuthMiddlewareError, AuthMiddlewareErrorCodes, createAuthMiddleware, createExpressAuthMiddleware, createProtectedMiddleware, createRBACMiddleware, createRequestContext, type ExpressMiddleware, extractToken, type MiddlewareHandler, type MiddlewareResult, type NextFunction, } from "./middleware/AuthMiddleware.js";
+export { createAuthenticatedRateLimitMiddleware, createRateLimitByUserMiddleware, createRateLimitStorage, MemoryRateLimitStorage, type RateLimitConfig, type RateLimitMiddlewareResult, type RateLimitResult, type RateLimitStorage, RedisRateLimitStorage, UserRateLimiter, } from "./middleware/rateLimitByUser.js";
+export { createSessionStorage, MemorySessionStorage, RedisSessionStorage, SessionManager, type SessionManagerStorage as SessionStorageInterface, } from "./sessionManager.js";
+export { AuthContextHolder, createAuthenticatedContext, getAuthContext, getCurrentSession, getCurrentUser, globalAuthContext, hasAllPermissions, hasAnyRole, hasPermission, hasRole, isAuthenticated, requireAuth, requirePermission, requireRole, requireUser, runWithAuthContext, } from "./authContext.js";
+export { RequestContext, NEUROLINK_RESOURCE_ID_KEY, NEUROLINK_THREAD_ID_KEY, } from "./RequestContext.js";
+export type { Auth0Config, AuthCacheConfig, AuthErrorInfo as AuthErrorType, AuthErrorCode, AuthEventData, AuthEventHandler, AuthEventType, AuthenticatedContext, AuthMiddlewareConfig, AuthorizationResult, AuthProviderConfig, AuthProviderFactoryFn, AuthProviderHealthCheck, AuthProviderRegistration, AuthProviderType, AuthRequestContext, AuthSession, AuthUser, BaseAuthProviderConfig, BetterAuthConfig, ClerkConfig, CognitoConfig, CustomAuthConfig, FirebaseConfig, JWK, JWKS, JWTConfig, KeycloakConfig, MastraAuthProvider, OAuth2Config, RBACConfig, RBACMiddlewareConfig, SessionConfig, SessionStorage, SessionValidationResult, SupabaseConfig, TokenClaims, TokenExtractionConfig, TokenValidationConfig, TokenValidationResult as AuthTokenValidationResult, WorkOSConfig, } from "../types/authTypes.js";
+export { createAuthValidatorFromProvider } from "./serverBridge.js";