npm - @juspay/neurolink - Versions diffs - 9.31.2 → 9.32.0 - Mend

@juspay/neurolink 9.31.2 → 9.32.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (161) hide show

package/CHANGELOG.md +6 -0
package/dist/auth/AuthProviderFactory.d.ts +71 -0
package/dist/auth/AuthProviderFactory.js +111 -0
package/dist/auth/AuthProviderRegistry.d.ts +33 -0
package/dist/auth/AuthProviderRegistry.js +190 -0
package/dist/auth/RequestContext.d.ts +23 -0
package/dist/auth/RequestContext.js +78 -0
package/dist/auth/authContext.d.ts +198 -0
package/dist/auth/authContext.js +314 -0
package/dist/auth/errors.d.ts +63 -0
package/dist/auth/errors.js +39 -0
package/dist/auth/index.d.ts +20 -8
package/dist/auth/index.js +35 -7
package/dist/auth/middleware/AuthMiddleware.d.ts +181 -0
package/dist/auth/middleware/AuthMiddleware.js +519 -0
package/dist/auth/middleware/rateLimitByUser.d.ts +282 -0
package/dist/auth/middleware/rateLimitByUser.js +554 -0
package/dist/auth/providers/BaseAuthProvider.d.ts +259 -0
package/dist/auth/providers/BaseAuthProvider.js +723 -0
package/dist/auth/providers/CognitoProvider.d.ts +61 -0
package/dist/auth/providers/CognitoProvider.js +304 -0
package/dist/auth/providers/KeycloakProvider.d.ts +61 -0
package/dist/auth/providers/KeycloakProvider.js +393 -0
package/dist/auth/providers/auth0.d.ts +59 -0
package/dist/auth/providers/auth0.js +274 -0
package/dist/auth/providers/betterAuth.d.ts +51 -0
package/dist/auth/providers/betterAuth.js +182 -0
package/dist/auth/providers/clerk.d.ts +65 -0
package/dist/auth/providers/clerk.js +317 -0
package/dist/auth/providers/custom.d.ts +64 -0
package/dist/auth/providers/custom.js +112 -0
package/dist/auth/providers/firebase.d.ts +63 -0
package/dist/auth/providers/firebase.js +226 -0
package/dist/auth/providers/jwt.d.ts +68 -0
package/dist/auth/providers/jwt.js +212 -0
package/dist/auth/providers/oauth2.d.ts +73 -0
package/dist/auth/providers/oauth2.js +303 -0
package/dist/auth/providers/supabase.d.ts +63 -0
package/dist/auth/providers/supabase.js +259 -0
package/dist/auth/providers/workos.d.ts +61 -0
package/dist/auth/providers/workos.js +284 -0
package/dist/auth/serverBridge.d.ts +14 -0
package/dist/auth/serverBridge.js +25 -0
package/dist/auth/sessionManager.d.ts +142 -0
package/dist/auth/sessionManager.js +437 -0
package/dist/cli/commands/authProviders.d.ts +43 -0
package/dist/cli/commands/authProviders.js +399 -0
package/dist/cli/factories/authCommandFactory.d.ts +23 -5
package/dist/cli/factories/authCommandFactory.js +108 -5
package/dist/cli/parser.js +1 -1
package/dist/client/auth/AuthProviderFactory.js +111 -0
package/dist/client/auth/AuthProviderRegistry.js +190 -0
package/dist/client/auth/RequestContext.js +78 -0
package/dist/client/auth/accountPool.js +178 -0
package/dist/client/auth/authContext.js +314 -0
package/dist/client/auth/errors.js +39 -0
package/dist/client/auth/index.js +61 -0
package/dist/client/auth/middleware/AuthMiddleware.js +519 -0
package/dist/client/auth/middleware/rateLimitByUser.js +554 -0
package/dist/client/auth/providers/BaseAuthProvider.js +723 -0
package/dist/client/auth/providers/CognitoProvider.js +304 -0
package/dist/client/auth/providers/KeycloakProvider.js +393 -0
package/dist/client/auth/providers/auth0.js +274 -0
package/dist/client/auth/providers/betterAuth.js +182 -0
package/dist/client/auth/providers/clerk.js +317 -0
package/dist/client/auth/providers/custom.js +112 -0
package/dist/client/auth/providers/firebase.js +226 -0
package/dist/client/auth/providers/jwt.js +212 -0
package/dist/client/auth/providers/oauth2.js +303 -0
package/dist/client/auth/providers/supabase.js +259 -0
package/dist/client/auth/providers/workos.js +284 -0
package/dist/client/auth/serverBridge.js +25 -0
package/dist/client/auth/sessionManager.js +437 -0
package/dist/client/core/infrastructure/baseRegistry.js +5 -1
package/dist/client/index.js +25 -0
package/dist/client/mcp/toolRegistry.js +11 -1
package/dist/client/neurolink.js +218 -0
package/dist/client/rag/ChunkerRegistry.js +2 -2
package/dist/client/rag/metadata/MetadataExtractorRegistry.js +2 -2
package/dist/client/rag/reranker/RerankerRegistry.js +2 -2
package/dist/client/server/routes/agentRoutes.js +20 -2
package/dist/client/types/authTypes.js +2 -1
package/dist/core/infrastructure/baseRegistry.d.ts +3 -1
package/dist/core/infrastructure/baseRegistry.js +5 -1
package/dist/index.d.ts +1 -0
package/dist/index.js +25 -0
package/dist/lib/auth/AuthProviderFactory.d.ts +71 -0
package/dist/lib/auth/AuthProviderFactory.js +112 -0
package/dist/lib/auth/AuthProviderRegistry.d.ts +33 -0
package/dist/lib/auth/AuthProviderRegistry.js +191 -0
package/dist/lib/auth/RequestContext.d.ts +23 -0
package/dist/lib/auth/RequestContext.js +79 -0
package/dist/lib/auth/authContext.d.ts +198 -0
package/dist/lib/auth/authContext.js +315 -0
package/dist/lib/auth/errors.d.ts +63 -0
package/dist/lib/auth/errors.js +40 -0
package/dist/lib/auth/index.d.ts +20 -8
package/dist/lib/auth/index.js +35 -7
package/dist/lib/auth/middleware/AuthMiddleware.d.ts +181 -0
package/dist/lib/auth/middleware/AuthMiddleware.js +520 -0
package/dist/lib/auth/middleware/rateLimitByUser.d.ts +282 -0
package/dist/lib/auth/middleware/rateLimitByUser.js +555 -0
package/dist/lib/auth/providers/BaseAuthProvider.d.ts +259 -0
package/dist/lib/auth/providers/BaseAuthProvider.js +724 -0
package/dist/lib/auth/providers/CognitoProvider.d.ts +61 -0
package/dist/lib/auth/providers/CognitoProvider.js +305 -0
package/dist/lib/auth/providers/KeycloakProvider.d.ts +61 -0
package/dist/lib/auth/providers/KeycloakProvider.js +394 -0
package/dist/lib/auth/providers/auth0.d.ts +59 -0
package/dist/lib/auth/providers/auth0.js +275 -0
package/dist/lib/auth/providers/betterAuth.d.ts +51 -0
package/dist/lib/auth/providers/betterAuth.js +183 -0
package/dist/lib/auth/providers/clerk.d.ts +65 -0
package/dist/lib/auth/providers/clerk.js +318 -0
package/dist/lib/auth/providers/custom.d.ts +64 -0
package/dist/lib/auth/providers/custom.js +113 -0
package/dist/lib/auth/providers/firebase.d.ts +63 -0
package/dist/lib/auth/providers/firebase.js +227 -0
package/dist/lib/auth/providers/jwt.d.ts +68 -0
package/dist/lib/auth/providers/jwt.js +213 -0
package/dist/lib/auth/providers/oauth2.d.ts +73 -0
package/dist/lib/auth/providers/oauth2.js +304 -0
package/dist/lib/auth/providers/supabase.d.ts +63 -0
package/dist/lib/auth/providers/supabase.js +260 -0
package/dist/lib/auth/providers/workos.d.ts +61 -0
package/dist/lib/auth/providers/workos.js +285 -0
package/dist/lib/auth/serverBridge.d.ts +14 -0
package/dist/lib/auth/serverBridge.js +26 -0
package/dist/lib/auth/sessionManager.d.ts +142 -0
package/dist/lib/auth/sessionManager.js +438 -0
package/dist/lib/core/infrastructure/baseRegistry.d.ts +3 -1
package/dist/lib/core/infrastructure/baseRegistry.js +5 -1
package/dist/lib/index.d.ts +1 -0
package/dist/lib/index.js +25 -0
package/dist/lib/mcp/toolRegistry.js +11 -1
package/dist/lib/neurolink.d.ts +42 -1
package/dist/lib/neurolink.js +218 -0
package/dist/lib/rag/ChunkerRegistry.js +2 -2
package/dist/lib/rag/metadata/MetadataExtractorRegistry.js +2 -2
package/dist/lib/rag/reranker/RerankerRegistry.js +2 -2
package/dist/lib/server/routes/agentRoutes.js +20 -2
package/dist/lib/types/authTypes.d.ts +937 -1
package/dist/lib/types/authTypes.js +2 -1
package/dist/lib/types/configTypes.d.ts +46 -0
package/dist/lib/types/generateTypes.d.ts +6 -0
package/dist/lib/types/index.d.ts +1 -0
package/dist/lib/types/streamTypes.d.ts +6 -0
package/dist/mcp/toolRegistry.js +11 -1
package/dist/neurolink.d.ts +42 -1
package/dist/neurolink.js +218 -0
package/dist/rag/ChunkerRegistry.js +2 -2
package/dist/rag/metadata/MetadataExtractorRegistry.js +2 -2
package/dist/rag/reranker/RerankerRegistry.js +2 -2
package/dist/server/routes/agentRoutes.js +20 -2
package/dist/types/authTypes.d.ts +937 -1
package/dist/types/authTypes.js +2 -1
package/dist/types/configTypes.d.ts +46 -0
package/dist/types/generateTypes.d.ts +6 -0
package/dist/types/index.d.ts +1 -0
package/dist/types/streamTypes.d.ts +6 -0
package/package.json +2 -1

package/dist/auth/index.js CHANGED Viewed

@@ -1,13 +1,14 @@
 /**
  * NeuroLink Authentication Module
  *
- * Provides OAuth 2.0 authentication support for Claude Pro/Max subscriptions
- * and secure token storage.
- *
- * Key components:
- * - AnthropicOAuth: OAuth 2.0 flow implementation with PKCE support
- * - TokenStore: Secure local storage for OAuth tokens
- * - Callback Server: Local HTTP server for OAuth redirects
+ * Exports the full multi-provider authentication system including:
+ * - Anthropic OAuth 2.0 flow (PKCE, token storage, callback server)
+ * - Multi-provider auth (Auth0, Clerk, Firebase, Supabase, Cognito,
+ *   Keycloak, Better Auth, WorkOS, JWT, OAuth2, Custom)
+ * - AuthProviderFactory / AuthProviderRegistry for lazy-loaded provider creation
+ * - Auth middleware (token extraction, RBAC, rate limiting)
+ * - Session management (memory, Redis)
+ * - Auth context (AsyncLocalStorage-based request scoping)
  */
 // =============================================================================
 // ANTHROPIC OAUTH - OAuth 2.0 Authentication
@@ -31,3 +32,30 @@ export { TokenStoreError } from "../types/errors.js";
 // ACCOUNT POOL - Multi-account rotation with cooldowns
 // =============================================================================
 export { AccountPool } from "./accountPool.js";
+// =============================================================================
+// MULTI-PROVIDER AUTH SYSTEM
+// =============================================================================
+// Factory and Registry
+export { AuthProviderFactory, createAuthProvider, } from "./AuthProviderFactory.js";
+export { AuthProviderRegistry } from "./AuthProviderRegistry.js";
+// Unified error factory
+export { AuthError, AuthErrorCodes } from "./errors.js";
+// Base Provider
+export { AuthProviderError, BaseAuthProvider, InMemorySessionStorage, } from "./providers/BaseAuthProvider.js";
+// Provider Implementations
+// NOTE: Concrete provider classes are NOT re-exported here to preserve lazy
+// loading via dynamic imports in AuthProviderFactory.  Obtain provider
+// instances through the factory instead:
+//   const provider = await AuthProviderFactory.create("auth0", config);
+// Auth Middleware
+export { AuthMiddlewareError, AuthMiddlewareErrorCodes, createAuthMiddleware, createExpressAuthMiddleware, createProtectedMiddleware, createRBACMiddleware, createRequestContext, extractToken, } from "./middleware/AuthMiddleware.js";
+// Rate Limiting Middleware
+export { createAuthenticatedRateLimitMiddleware, createRateLimitByUserMiddleware, createRateLimitStorage, MemoryRateLimitStorage, RedisRateLimitStorage, UserRateLimiter, } from "./middleware/rateLimitByUser.js";
+// Session Management
+export { createSessionStorage, MemorySessionStorage, RedisSessionStorage, SessionManager, } from "./sessionManager.js";
+// Auth Context
+export { AuthContextHolder, createAuthenticatedContext, getAuthContext, getCurrentSession, getCurrentUser, globalAuthContext, hasAllPermissions, hasAnyRole, hasPermission, hasRole, isAuthenticated, requireAuth, requirePermission, requireRole, requireUser, runWithAuthContext, } from "./authContext.js";
+// Request Context
+export { RequestContext, NEUROLINK_RESOURCE_ID_KEY, NEUROLINK_THREAD_ID_KEY, } from "./RequestContext.js";
+// Server Bridge
+export { createAuthValidatorFromProvider } from "./serverBridge.js";

package/dist/auth/middleware/AuthMiddleware.d.ts ADDED Viewed

@@ -0,0 +1,181 @@
+/**
+ * AuthMiddleware - Authentication and authorization middleware
+ *
+ * Provides middleware factories for:
+ * - Token extraction and validation
+ * - User context propagation
+ * - RBAC enforcement
+ * - Public route handling
+ */
+import type { AuthenticatedContext, AuthMiddlewareConfig, AuthRequestContext, AuthUser, RBACMiddlewareConfig, TokenExtractionConfig } from "../../types/authTypes.js";
+/**
+ * Auth middleware error codes
+ */
+export declare const AuthMiddlewareErrorCodes: {
+    readonly MISSING_TOKEN: "AUTH_MIDDLEWARE-001";
+    readonly INVALID_TOKEN: "AUTH_MIDDLEWARE-002";
+    readonly UNAUTHORIZED: "AUTH_MIDDLEWARE-003";
+    readonly FORBIDDEN: "AUTH_MIDDLEWARE-004";
+    readonly PROVIDER_ERROR: "AUTH_MIDDLEWARE-005";
+    readonly CONFIGURATION_ERROR: "AUTH_MIDDLEWARE-006";
+};
+/**
+ * Auth middleware error factory
+ */
+export declare const AuthMiddlewareError: {
+    codes: {
+        readonly MISSING_TOKEN: "AUTH_MIDDLEWARE-001";
+        readonly INVALID_TOKEN: "AUTH_MIDDLEWARE-002";
+        readonly UNAUTHORIZED: "AUTH_MIDDLEWARE-003";
+        readonly FORBIDDEN: "AUTH_MIDDLEWARE-004";
+        readonly PROVIDER_ERROR: "AUTH_MIDDLEWARE-005";
+        readonly CONFIGURATION_ERROR: "AUTH_MIDDLEWARE-006";
+    };
+    create: (code: "INVALID_TOKEN" | "MISSING_TOKEN" | "PROVIDER_ERROR" | "CONFIGURATION_ERROR" | "FORBIDDEN" | "UNAUTHORIZED", message: string, options?: {
+        retryable?: boolean;
+        details?: Record<string, unknown>;
+        cause?: Error;
+    } | undefined) => import("../../core/infrastructure/baseError.js").NeuroLinkFeatureError;
+};
+/**
+ * Minimal request object accepted by {@link createRequestContext}.
+ *
+ * Avoids `any` for Express/Koa/Hono request objects while remaining
+ * compatible with any framework that exposes these standard fields.
+ */
+export type IncomingRequest = {
+    method?: string;
+    url?: string;
+    path?: string;
+    headers?: Record<string, string | string[] | undefined>;
+    cookies?: Record<string, string>;
+    query?: Record<string, string | string[] | undefined>;
+    body?: unknown;
+    ip?: string;
+    /** Populated by auth middleware after successful authentication */
+    user?: AuthUser;
+    /** Populated by auth middleware after successful authentication */
+    authContext?: AuthenticatedContext;
+};
+/**
+ * Minimal response object for Express-style middleware.
+ */
+export type OutgoingResponse = {
+    status(code: number): OutgoingResponse;
+    json(body: unknown): void;
+};
+/**
+ * Middleware handler function type
+ */
+export type MiddlewareHandler<TContext = AuthRequestContext> = (context: TContext) => Promise<MiddlewareResult>;
+/**
+ * Middleware result
+ */
+export type MiddlewareResult = {
+    /** Whether to proceed to next handler */
+    proceed: boolean;
+    /** Updated context (if authenticated) */
+    context?: AuthenticatedContext;
+    /** Error response if not proceeding */
+    error?: {
+        statusCode: number;
+        message: string;
+        code?: string;
+    };
+};
+/**
+ * Next function for middleware chaining
+ */
+export type NextFunction = () => Promise<void>;
+/**
+ * Express-style middleware function
+ */
+export type ExpressMiddleware = (req: IncomingRequest, res: OutgoingResponse, next: NextFunction) => Promise<void>;
+/**
+ * Extract token from request context based on configuration
+ */
+export declare function extractToken(context: AuthRequestContext, config?: TokenExtractionConfig): Promise<string | null>;
+/**
+ * Create authentication middleware
+ *
+ * Validates tokens and attaches user context to requests.
+ *
+ * @example
+ * ```typescript
+ * const authMiddleware = await createAuthMiddleware({
+ *   provider: 'auth0',
+ *   providerConfig: {
+ *     type: 'auth0',
+ *     domain: 'your-tenant.auth0.com',
+ *     clientId: 'your-client-id',
+ *   },
+ *   publicRoutes: ['/health', '/public/*'],
+ * });
+ *
+ * // Use in request handler
+ * const result = await authMiddleware(requestContext);
+ * if (result.proceed) {
+ *   // Access authenticated context
+ *   console.log('User:', result.context?.user);
+ * } else {
+ *   // Return error response
+ *   res.status(result.error.statusCode).json({ error: result.error.message });
+ * }
+ * ```
+ */
+export declare function createAuthMiddleware(config: AuthMiddlewareConfig): Promise<MiddlewareHandler<AuthRequestContext>>;
+/**
+ * Create RBAC (Role-Based Access Control) middleware
+ *
+ * Checks if authenticated user has required roles/permissions.
+ *
+ * @example
+ * ```typescript
+ * const rbacMiddleware = createRBACMiddleware({
+ *   roles: ['admin', 'moderator'],
+ *   permissions: ['read:users'],
+ * });
+ *
+ * // Use after auth middleware
+ * const authResult = await authMiddleware(context);
+ * if (authResult.proceed && authResult.context) {
+ *   const rbacResult = await rbacMiddleware(authResult.context);
+ *   if (!rbacResult.proceed) {
+ *     res.status(403).json({ error: rbacResult.error.message });
+ *   }
+ * }
+ * ```
+ */
+export declare function createRBACMiddleware(config: RBACMiddlewareConfig): MiddlewareHandler<AuthenticatedContext>;
+/**
+ * Create combined auth + RBAC middleware
+ *
+ * Convenience function that combines authentication and authorization.
+ *
+ * @example
+ * ```typescript
+ * const protectedMiddleware = await createProtectedMiddleware({
+ *   auth: {
+ *     provider: 'auth0',
+ *     providerConfig: { type: 'auth0', domain: '...', clientId: '...' },
+ *   },
+ *   rbac: {
+ *     roles: ['admin'],
+ *   },
+ * });
+ *
+ * const result = await protectedMiddleware(context);
+ * ```
+ */
+export declare function createProtectedMiddleware(config: {
+    auth: AuthMiddlewareConfig;
+    rbac?: RBACMiddlewareConfig;
+}): Promise<MiddlewareHandler<AuthRequestContext>>;
+/**
+ * Create request context from standard request object
+ */
+export declare function createRequestContext(req: IncomingRequest): AuthRequestContext;
+/**
+ * Create Express-compatible middleware
+ */
+export declare function createExpressAuthMiddleware(config: AuthMiddlewareConfig): Promise<ExpressMiddleware>;