@kidd-cli/core 0.1.2 → 0.3.0

package/dist/lib/logger.d.ts

@@ -1,2 +1,2 @@
-import { i as createCliLogger, n as CliLoggerOptions, r as cliLogger, t as CliLogger } from "../logger-BkQQej8h.js";
+import { i as createCliLogger, n as CliLoggerOptions, r as cliLogger, t as CliLogger } from "../logger-9j49T5da.js";
 export { CliLogger, CliLoggerOptions, cliLogger, createCliLogger };

package/dist/lib/logger.js

@@ -1,5 +1,4 @@
 import * as clack from "@clack/prompts";
-
 //#region src/lib/logger.ts
 /**
 * Create a new {@link CliLogger} instance.
@@ -49,7 +48,7 @@ function createCliLogger(options = {}) {
 * Default logger instance writing to stderr.
 */
 const cliLogger = createCliLogger();
-
 //#endregion
 export { cliLogger, createCliLogger };
+
 //# sourceMappingURL=logger.js.map

package/dist/lib/logger.js.map

@@ -1 +1 @@
-{"version":3,"file":"logger.js","names":[],"sources":["../../src/lib/logger.ts"],"sourcesContent":["import * as clack from '@clack/prompts'\n\n/**\n * Options for creating a logger instance.\n */\nexport interface CliLoggerOptions {\n  /**\n   * Writable stream for raw output methods like {@link CliLogger.print} and {@link CliLogger.newline}.\n   * Defaults to `process.stderr`.\n   */\n  readonly output?: NodeJS.WriteStream\n}\n\n/**\n * Structured logger backed by @clack/prompts for terminal UI output.\n */\nexport interface CliLogger {\n  /**\n   * Log an informational message.\n   */\n  info(message: string): void\n  /**\n   * Log a success message.\n   */\n  success(message: string): void\n  /**\n   * Log an error message.\n   */\n  error(message: string): void\n  /**\n   * Log a warning message.\n   */\n  warn(message: string): void\n  /**\n   * Log a step indicator message.\n   */\n  step(message: string): void\n  /**\n   * Log a message with an optional custom symbol prefix.\n   */\n  message(message: string, opts?: { symbol?: string }): void\n  /**\n   * Print an intro banner with an optional title.\n   */\n  intro(title?: string): void\n  /**\n   * Print an outro banner with an optional closing message.\n   */\n  outro(message?: string): void\n  /**\n   * Display a boxed note with an optional title.\n   */\n  note(message?: string, title?: string): void\n  /**\n   * Write a blank line to the output stream.\n   */\n  newline(): void\n  /**\n   * Write raw text followed by a newline to the output stream.\n   */\n  print(text: string): void\n}\n\n/**\n * Create a new {@link CliLogger} instance.\n *\n * @param options - Logger configuration.\n * @returns A CliLogger wired to the given output stream.\n */\nexport function createCliLogger(options: CliLoggerOptions = {}): CliLogger {\n  const output = options.output ?? process.stderr\n\n  return {\n    error(message: string): void {\n      clack.log.error(message)\n    },\n    info(message: string): void {\n      clack.log.info(message)\n    },\n    intro(title?: string): void {\n      clack.intro(title)\n    },\n    message(message: string, opts?: { symbol?: string }): void {\n      clack.log.message(message, opts)\n    },\n    newline(): void {\n      output.write('\\n')\n    },\n    note(message?: string, title?: string): void {\n      clack.note(message, title)\n    },\n    outro(message?: string): void {\n      clack.outro(message)\n    },\n    print(text: string): void {\n      output.write(`${text}\\n`)\n    },\n    step(message: string): void {\n      clack.log.step(message)\n    },\n    success(message: string): void {\n      clack.log.success(message)\n    },\n    warn(message: string): void {\n      clack.log.warn(message)\n    },\n  }\n}\n\n/**\n * Default logger instance writing to stderr.\n */\nexport const cliLogger: CliLogger = createCliLogger()\n"],"mappings":";;;;;;;;;AAqEA,SAAgB,gBAAgB,UAA4B,EAAE,EAAa;CACzE,MAAM,SAAS,QAAQ,UAAU,QAAQ;AAEzC,QAAO;EACL,MAAM,SAAuB;AAC3B,SAAM,IAAI,MAAM,QAAQ;;EAE1B,KAAK,SAAuB;AAC1B,SAAM,IAAI,KAAK,QAAQ;;EAEzB,MAAM,OAAsB;AAC1B,SAAM,MAAM,MAAM;;EAEpB,QAAQ,SAAiB,MAAkC;AACzD,SAAM,IAAI,QAAQ,SAAS,KAAK;;EAElC,UAAgB;AACd,UAAO,MAAM,KAAK;;EAEpB,KAAK,SAAkB,OAAsB;AAC3C,SAAM,KAAK,SAAS,MAAM;;EAE5B,MAAM,SAAwB;AAC5B,SAAM,MAAM,QAAQ;;EAEtB,MAAM,MAAoB;AACxB,UAAO,MAAM,GAAG,KAAK,IAAI;;EAE3B,KAAK,SAAuB;AAC1B,SAAM,IAAI,KAAK,QAAQ;;EAEzB,QAAQ,SAAuB;AAC7B,SAAM,IAAI,QAAQ,QAAQ;;EAE5B,KAAK,SAAuB;AAC1B,SAAM,IAAI,KAAK,QAAQ;;EAE1B;;;;;AAMH,MAAa,YAAuB,iBAAiB"}
+{"version":3,"file":"logger.js","names":[],"sources":["../../src/lib/logger.ts"],"sourcesContent":["import * as clack from '@clack/prompts'\n\n/**\n * Options for creating a logger instance.\n */\nexport interface CliLoggerOptions {\n  /**\n   * Writable stream for raw output methods like {@link CliLogger.print} and {@link CliLogger.newline}.\n   * Defaults to `process.stderr`.\n   */\n  readonly output?: NodeJS.WriteStream\n}\n\n/**\n * Structured logger backed by @clack/prompts for terminal UI output.\n */\nexport interface CliLogger {\n  /**\n   * Log an informational message.\n   */\n  info(message: string): void\n  /**\n   * Log a success message.\n   */\n  success(message: string): void\n  /**\n   * Log an error message.\n   */\n  error(message: string): void\n  /**\n   * Log a warning message.\n   */\n  warn(message: string): void\n  /**\n   * Log a step indicator message.\n   */\n  step(message: string): void\n  /**\n   * Log a message with an optional custom symbol prefix.\n   */\n  message(message: string, opts?: { symbol?: string }): void\n  /**\n   * Print an intro banner with an optional title.\n   */\n  intro(title?: string): void\n  /**\n   * Print an outro banner with an optional closing message.\n   */\n  outro(message?: string): void\n  /**\n   * Display a boxed note with an optional title.\n   */\n  note(message?: string, title?: string): void\n  /**\n   * Write a blank line to the output stream.\n   */\n  newline(): void\n  /**\n   * Write raw text followed by a newline to the output stream.\n   */\n  print(text: string): void\n}\n\n/**\n * Create a new {@link CliLogger} instance.\n *\n * @param options - Logger configuration.\n * @returns A CliLogger wired to the given output stream.\n */\nexport function createCliLogger(options: CliLoggerOptions = {}): CliLogger {\n  const output = options.output ?? process.stderr\n\n  return {\n    error(message: string): void {\n      clack.log.error(message)\n    },\n    info(message: string): void {\n      clack.log.info(message)\n    },\n    intro(title?: string): void {\n      clack.intro(title)\n    },\n    message(message: string, opts?: { symbol?: string }): void {\n      clack.log.message(message, opts)\n    },\n    newline(): void {\n      output.write('\\n')\n    },\n    note(message?: string, title?: string): void {\n      clack.note(message, title)\n    },\n    outro(message?: string): void {\n      clack.outro(message)\n    },\n    print(text: string): void {\n      output.write(`${text}\\n`)\n    },\n    step(message: string): void {\n      clack.log.step(message)\n    },\n    success(message: string): void {\n      clack.log.success(message)\n    },\n    warn(message: string): void {\n      clack.log.warn(message)\n    },\n  }\n}\n\n/**\n * Default logger instance writing to stderr.\n */\nexport const cliLogger: CliLogger = createCliLogger()\n"],"mappings":";;;;;;;;AAqEA,SAAgB,gBAAgB,UAA4B,EAAE,EAAa;CACzE,MAAM,SAAS,QAAQ,UAAU,QAAQ;AAEzC,QAAO;EACL,MAAM,SAAuB;AAC3B,SAAM,IAAI,MAAM,QAAQ;;EAE1B,KAAK,SAAuB;AAC1B,SAAM,IAAI,KAAK,QAAQ;;EAEzB,MAAM,OAAsB;AAC1B,SAAM,MAAM,MAAM;;EAEpB,QAAQ,SAAiB,MAAkC;AACzD,SAAM,IAAI,QAAQ,SAAS,KAAK;;EAElC,UAAgB;AACd,UAAO,MAAM,KAAK;;EAEpB,KAAK,SAAkB,OAAsB;AAC3C,SAAM,KAAK,SAAS,MAAM;;EAE5B,MAAM,SAAwB;AAC5B,SAAM,MAAM,QAAQ;;EAEtB,MAAM,MAAoB;AACxB,UAAO,MAAM,GAAG,KAAK,IAAI;;EAE3B,KAAK,SAAuB;AAC1B,SAAM,IAAI,KAAK,QAAQ;;EAEzB,QAAQ,SAAuB;AAC7B,SAAM,IAAI,QAAQ,QAAQ;;EAE5B,KAAK,SAAuB;AAC1B,SAAM,IAAI,KAAK,QAAQ;;EAE1B;;;;;AAMH,MAAa,YAAuB,iBAAiB"}

package/dist/lib/project.d.ts

@@ -1,4 +1,4 @@
-import { n as ProjectRoot, r as ResolvePathOptions, t as PathSource } from "../types-Cz9h927W.js";
+import { n as ProjectRoot, r as ResolvePathOptions, t as PathSource } from "../types-D-BxshYM.js";
 
 //#region src/lib/project/paths.d.ts
 /**

package/dist/lib/project.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"project.d.ts","names":[],"sources":["../../src/lib/project/paths.ts","../../src/lib/project/root.ts"],"mappings":";;;;;AAcA;;;;iBAAgB,gBAAA,CAAiB,OAAA;EAAA,SACtB,OAAA;EAAA,SACA,QAAA;AAAA;;AAeX;;;;;iBAAgB,iBAAA,CAAkB,OAAA;EAAA,SAAoB,OAAA;AAAA;;;;;;AChBtD;;;;;iBD8BgB,WAAA,CAAY,OAAA,EAAS,kBAAA;;;;;AA/BrC;;;;iBCCgB,eAAA,CAAgB,QAAA,YAAmC,WAAA;;;;;ADgBnE;;iBCsBgB,aAAA,CAAc,QAAA;;;ADR9B;;;;iBCsBgB,iBAAA,CAAkB,QAAA"}
+{"version":3,"file":"project.d.ts","names":[],"sources":["../../src/lib/project/paths.ts","../../src/lib/project/root.ts"],"mappings":";;;;;AAcA;;;;iBAAgB,gBAAA,CAAiB,OAAA;EAAA,SACtB,OAAA;EAAA,SACA,QAAA;AAAA;;AAeX;;;;;iBAAgB,iBAAA,CAAkB,OAAA;EAAA,SAAoB,OAAA;AAAA;;;;;;ACftD;;;;;iBD6BgB,WAAA,CAAY,OAAA,EAAS,kBAAA;;;;;AA/BrC;;;;iBCEgB,eAAA,CAAgB,QAAA,YAAmC,WAAA;;;;;ADenE;;iBCqBgB,aAAA,CAAc,QAAA;;;ADP9B;;;;iBCqBgB,iBAAA,CAAkB,QAAA"}

package/dist/lib/project.js

@@ -1,3 +1,2 @@
-import { a as getParentRepoRoot, i as findProjectRoot, n as resolveLocalPath, o as isInSubmodule, r as resolvePath, t as resolveGlobalPath } from "../project-NPtYX2ZX.js";
-
-export { findProjectRoot, getParentRepoRoot, isInSubmodule, resolveGlobalPath, resolveLocalPath, resolvePath };
+import { a as getParentRepoRoot, i as findProjectRoot, n as resolveLocalPath, o as isInSubmodule, r as resolvePath, t as resolveGlobalPath } from "../project-D0g84bZY.js";
+export { findProjectRoot, getParentRepoRoot, isInSubmodule, resolveGlobalPath, resolveLocalPath, resolvePath };

package/dist/lib/store.d.ts

@@ -1,4 +1,4 @@
-import { t as PathSource } from "../types-Cz9h927W.js";
+import { t as PathSource } from "../types-D-BxshYM.js";
 import { Result } from "@kidd-cli/utils/fp";
 
 //#region src/lib/store/types.d.ts
@@ -40,6 +40,7 @@ interface FileStore<TData> {
   loadRaw(filename: string, options?: LoadOptions): string | null;
   getFilePath(filename: string, options?: LoadOptions): string | null;
   save(filename: string, data: unknown, options?: SaveOptions): Result<string>;
+  remove(filename: string, options?: SaveOptions): Result<string>;
 }
 //#endregion
 //#region src/lib/store/create-store.d.ts

package/dist/lib/store.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"store.d.ts","names":[],"sources":["../../src/lib/store/types.ts","../../src/lib/store/create-store.ts"],"mappings":";;;;;;AAUA;;;;KAAY,UAAA;AAKZ;;;AAAA,UAAiB,YAAA;EACf,OAAA;EACA,QAAA,GAAW,KAAA;AAAA;;;;UAMI,WAAA;EACf,MAAA,GAAS,UAAA;EACT,QAAA;AAAA;;;;UAMe,WAAA;EACf,MAAA,GAAS,UAAA;EACT,QAAA;AAAA;;;;UAMe,SAAA;EACf,WAAA,CAAY,QAAA;EACZ,YAAA;EACA,IAAA,CAAK,QAAA,UAAkB,OAAA,GAAU,WAAA,GAAc,KAAA;EAC/C,OAAA,CAAQ,QAAA,UAAkB,OAAA,GAAU,WAAA;EACpC,WAAA,CAAY,QAAA,UAAkB,OAAA,GAAU,WAAA;EACxC,IAAA,CAAK,QAAA,UAAkB,IAAA,WAAe,OAAA,GAAU,WAAA,GAAc,MAAA;AAAA;;;;;;AAnChE;;;;iBCSgB,WAAA,iBAAA,CAA6B,OAAA,EAAS,YAAA,CAAa,KAAA,IAAS,SAAA,CAAU,KAAA"}
+{"version":3,"file":"store.d.ts","names":[],"sources":["../../src/lib/store/types.ts","../../src/lib/store/create-store.ts"],"mappings":";;;;;;AAUA;;;;KAAY,UAAA;AAKZ;;;AAAA,UAAiB,YAAA;EACf,OAAA;EACA,QAAA,GAAW,KAAA;AAAA;;;;UAMI,WAAA;EACf,MAAA,GAAS,UAAA;EACT,QAAA;AAAA;;;;UAMe,WAAA;EACf,MAAA,GAAS,UAAA;EACT,QAAA;AAAA;;;;UAMe,SAAA;EACf,WAAA,CAAY,QAAA;EACZ,YAAA;EACA,IAAA,CAAK,QAAA,UAAkB,OAAA,GAAU,WAAA,GAAc,KAAA;EAC/C,OAAA,CAAQ,QAAA,UAAkB,OAAA,GAAU,WAAA;EACpC,WAAA,CAAY,QAAA,UAAkB,OAAA,GAAU,WAAA;EACxC,IAAA,CAAK,QAAA,UAAkB,IAAA,WAAe,OAAA,GAAU,WAAA,GAAc,MAAA;EAC9D,MAAA,CAAO,QAAA,UAAkB,OAAA,GAAU,WAAA,GAAc,MAAA;AAAA;;;;;;AApCnD;;;;iBCSgB,WAAA,iBAAA,CAA6B,OAAA,EAAS,YAAA,CAAa,KAAA,IAAS,SAAA,CAAU,KAAA"}

package/dist/lib/store.js

@@ -1,4 +1,3 @@
-import "../project-NPtYX2ZX.js";
-import { t as createStore } from "../create-store-BQUX0tAn.js";
-
-export { createStore };
+import "../project-D0g84bZY.js";
+import { t as createStore } from "../create-store-OHdkm_Yt.js";
+export { createStore };

package/dist/{logger-BkQQej8h.d.ts → logger-9j49T5da.d.ts}

@@ -73,4 +73,4 @@ declare function createCliLogger(options?: CliLoggerOptions): CliLogger;
 declare const cliLogger: CliLogger;
 //#endregion
 export { createCliLogger as i, CliLoggerOptions as n, cliLogger as r, CliLogger as t };
-//# sourceMappingURL=logger-BkQQej8h.d.ts.map
+//# sourceMappingURL=logger-9j49T5da.d.ts.map

package/dist/{logger-BkQQej8h.d.ts.map → logger-9j49T5da.d.ts.map}

@@ -1 +1 @@
-{"version":3,"file":"logger-BkQQej8h.d.ts","names":[],"sources":["../src/lib/logger.ts"],"mappings":";;AAKA;;UAAiB,gBAAA;EAKU;;;;EAAA,SAAhB,MAAA,GAAS,MAAA,CAAO,WAAA;AAAA;AAM3B;;;AAAA,UAAiB,SAAA;;;;EAIf,IAAA,CAAK,OAAA;;;;EAIL,OAAA,CAAQ,OAAA;;;;EAIR,KAAA,CAAM,OAAA;;;;EAIN,IAAA,CAAK,OAAA;;;;EAIL,IAAA,CAAK,OAAA;;;;EAIL,OAAA,CAAQ,OAAA,UAAiB,IAAA;IAAS,MAAA;EAAA;EA6BpC;;;EAzBE,KAAA,CAAM,KAAA;;;;EAIN,KAAA,CAAM,OAAA;EAqByD;AA2CjE;;EA5DE,IAAA,CAAK,OAAA,WAAkB,KAAA;EA4DD;;;EAxDtB,OAAA;;;;EAIA,KAAA,CAAM,IAAA;AAAA;;;;;;;iBASQ,eAAA,CAAgB,OAAA,GAAS,gBAAA,GAAwB,SAAA;;;;cA2CpD,SAAA,EAAW,SAAA"}
+{"version":3,"file":"logger-9j49T5da.d.ts","names":[],"sources":["../src/lib/logger.ts"],"mappings":";;AAKA;;UAAiB,gBAAA;EAKU;;;;EAAA,SAAhB,MAAA,GAAS,MAAA,CAAO,WAAA;AAAA;AAM3B;;;AAAA,UAAiB,SAAA;;;;EAIf,IAAA,CAAK,OAAA;;;;EAIL,OAAA,CAAQ,OAAA;;;;EAIR,KAAA,CAAM,OAAA;;;;EAIN,IAAA,CAAK,OAAA;;;;EAIL,IAAA,CAAK,OAAA;;;;EAIL,OAAA,CAAQ,OAAA,UAAiB,IAAA;IAAS,MAAA;EAAA;EA6BpC;;;EAzBE,KAAA,CAAM,KAAA;;;;EAIN,KAAA,CAAM,OAAA;EAqByD;AA2CjE;;EA5DE,IAAA,CAAK,OAAA,WAAkB,KAAA;EA4DD;;;EAxDtB,OAAA;;;;EAIA,KAAA,CAAM,IAAA;AAAA;;;;;;;iBASQ,eAAA,CAAgB,OAAA,GAAS,gBAAA,GAAwB,SAAA;;;;cA2CpD,SAAA,EAAW,SAAA"}

package/dist/middleware/auth.d.ts

@@ -1,22 +1,259 @@
-import { s as Middleware } from "../types-kjpRau0U.js";
-import { a as ResolverConfig, i as LoginError, n as AuthCredential, r as AuthOptions, t as AuthContext } from "../types-CqKJhsYk.js";
+import { c as Middleware, d as Context } from "../types-CTvrsrnD.js";
+import { AsyncResult } from "@kidd-cli/utils/fp";
 
+//#region src/middleware/auth/require.d.ts
+/**
+* Options for {@link createAuthRequire}.
+*/
+interface AuthRequireOptions {
+  readonly message?: string;
+}
+/**
+* Create an enforcement middleware that gates on authentication.
+*
+* When `ctx.auth.authenticated()` returns true, the middleware calls
+* `next()`. When not authenticated, it calls `ctx.fail()` with the
+* provided (or default) message. When `ctx.auth` is absent (auth
+* middleware not configured), it calls `ctx.fail()` with an
+* `AUTH_MIDDLEWARE_MISSING` code.
+*
+* @param options - Optional configuration for the require gate.
+* @returns A Middleware that enforces authentication.
+*/
+declare function createAuthRequire(options?: AuthRequireOptions): Middleware;
+//#endregion
+//#region src/middleware/auth/types.d.ts
+/**
+* Bearer token credential — sends `Authorization: Bearer <token>`.
+*/
+interface BearerCredential {
+  readonly type: "bearer";
+  readonly token: string;
+}
+/**
+* Basic auth credential — sends `Authorization: Basic base64(user:pass)`.
+*/
+interface BasicCredential {
+  readonly type: "basic";
+  readonly username: string;
+  readonly password: string;
+}
+/**
+* API key credential — sends the key in a custom header.
+*/
+interface ApiKeyCredential {
+  readonly type: "api-key";
+  readonly headerName: string;
+  readonly key: string;
+}
+/**
+* Custom credential — sends arbitrary headers.
+*/
+interface CustomCredential {
+  readonly type: "custom";
+  readonly headers: Readonly<Record<string, string>>;
+}
+/**
+* Discriminated union of all supported auth credential formats.
+* The `type` field acts as the discriminator.
+*/
+type AuthCredential = BearerCredential | BasicCredential | ApiKeyCredential | CustomCredential;
+/**
+* Resolve credentials from environment variables.
+*/
+interface EnvSourceConfig {
+  readonly source: "env";
+  readonly tokenVar?: string;
+}
+/**
+* Resolve credentials from a `.env` file parsed with dotenv.
+*/
+interface DotenvSourceConfig {
+  readonly source: "dotenv";
+  readonly tokenVar?: string;
+  readonly path?: string;
+}
+/**
+* Resolve credentials from a JSON file on disk.
+*/
+interface FileSourceConfig {
+  readonly source: "file";
+  readonly filename?: string;
+  readonly dirName?: string;
+}
+/**
+* Resolve credentials via OAuth 2.0 Authorization Code + PKCE (RFC 7636 + RFC 8252).
+*
+* Opens the user's browser to the authorization URL, receives an auth code
+* via GET redirect to a local server, and exchanges it at the token endpoint
+* with a PKCE code verifier.
+*/
+interface OAuthSourceConfig {
+  readonly source: "oauth";
+  readonly clientId: string;
+  readonly authUrl: string;
+  readonly tokenUrl: string;
+  readonly scopes?: readonly string[];
+  readonly port?: number;
+  readonly callbackPath?: string;
+  readonly timeout?: number;
+}
+/**
+* Resolve credentials via OAuth 2.0 Device Authorization Grant (RFC 8628).
+*
+* Requests a device code from the authorization server, displays a
+* verification URL and user code, and polls the token endpoint until
+* the user completes authorization.
+*/
+interface DeviceCodeSourceConfig {
+  readonly source: "device-code";
+  readonly clientId: string;
+  readonly deviceAuthUrl: string;
+  readonly tokenUrl: string;
+  readonly scopes?: readonly string[];
+  readonly pollInterval?: number;
+  readonly timeout?: number;
+  readonly openBrowser?: boolean;
+}
+/**
+* Resolve credentials by prompting the user interactively.
+*/
+interface TokenSourceConfig {
+  readonly source: "token";
+  readonly message?: string;
+}
+/**
+* Resolve credentials via a user-supplied function.
+*/
+interface CustomSourceConfig {
+  readonly source: "custom";
+  readonly resolver: () => Promise<AuthCredential | null> | AuthCredential | null;
+}
+/**
+* Discriminated union of all supported credential source configurations.
+* The `source` field acts as the discriminator.
+*/
+type StrategyConfig = EnvSourceConfig | DotenvSourceConfig | FileSourceConfig | OAuthSourceConfig | DeviceCodeSourceConfig | TokenSourceConfig | CustomSourceConfig;
+/**
+* Error returned by {@link AuthContext.login} or {@link AuthContext.logout}
+* when the operation fails.
+*/
+interface AuthError {
+  readonly type: "no_credential" | "save_failed" | "remove_failed";
+  readonly message: string;
+}
+/**
+* Options accepted by {@link AuthContext.login} to override the default
+* strategy list for a single login attempt.
+*/
+interface LoginOptions {
+  readonly strategies?: readonly StrategyConfig[];
+}
+/**
+* Auth context decorated onto `ctx.auth` by the auth middleware.
+*
+* No credential data is stored directly on the context. Instead, callers
+* use `credential()` to read saved credentials on demand and
+* `authenticated()` to check whether a credential exists without exposing it.
+*
+* `login()` runs the configured interactive strategies (OAuth, prompt,
+* etc.), persists the resulting credential to disk, and returns a
+* {@link AsyncResult}.
+*
+* `logout()` removes the stored credential from disk.
+*/
+interface AuthContext {
+  readonly credential: () => AuthCredential | null;
+  readonly authenticated: () => boolean;
+  readonly login: (options?: LoginOptions) => AsyncResult<AuthCredential, AuthError>;
+  readonly logout: () => AsyncResult<string, AuthError>;
+}
+/**
+* Options for the `auth.env()` builder. Omits the `source` discriminator.
+*/
+type EnvStrategyOptions = Omit<EnvSourceConfig, "source">;
+/**
+* Options for the `auth.dotenv()` builder. Omits the `source` discriminator.
+*/
+type DotenvStrategyOptions = Omit<DotenvSourceConfig, "source">;
+/**
+* Options for the `auth.file()` builder. Omits the `source` discriminator.
+*/
+type FileStrategyOptions = Omit<FileSourceConfig, "source">;
+/**
+* Options for the `auth.oauth()` builder. Omits the `source` discriminator.
+*/
+type OAuthStrategyOptions = Omit<OAuthSourceConfig, "source">;
+/**
+* Options for the `auth.deviceCode()` builder. Omits the `source` discriminator.
+*/
+type DeviceCodeStrategyOptions = Omit<DeviceCodeSourceConfig, "source">;
+/**
+* Options for the `auth.token()` builder. Omits the `source` discriminator.
+*/
+type TokenStrategyOptions = Omit<TokenSourceConfig, "source">;
+/**
+* Function signature accepted by `auth.custom()`.
+*/
+type CustomStrategyFn = () => Promise<AuthCredential | null> | AuthCredential | null;
+/**
+* Options accepted by the `auth()` middleware factory.
+*
+* @property strategies - Ordered list of credential sources to try via `login()`.
+*/
+interface AuthOptions {
+  readonly strategies: readonly StrategyConfig[];
+}
+/**
+* Augments the base {@link Context} with an optional `auth` property.
+*
+* When a consumer imports `kidd/auth`, this declaration merges `auth`
+* onto `Context` so that `ctx.auth` is typed without manual casting.
+*/
+declare module "@kidd-cli/core" {
+  interface Context {
+    readonly auth: AuthContext;
+  }
+}
+//#endregion
 //#region src/middleware/auth/auth.d.ts
 /**
-* Create an auth middleware that decorates `ctx.auth`.
+* Auth factory interface — callable as a middleware factory and as a
+* namespace for strategy builder functions.
+*/
+interface AuthFactory {
+  (options: AuthOptions): Middleware;
+  readonly env: (options?: EnvStrategyOptions) => EnvSourceConfig;
+  readonly dotenv: (options?: DotenvStrategyOptions) => DotenvSourceConfig;
+  readonly file: (options?: FileStrategyOptions) => FileSourceConfig;
+  readonly oauth: (options: OAuthStrategyOptions) => OAuthSourceConfig;
+  readonly deviceCode: (options: DeviceCodeStrategyOptions) => DeviceCodeSourceConfig;
+  readonly token: (options?: TokenStrategyOptions) => TokenSourceConfig;
+  readonly apiKey: (options?: TokenStrategyOptions) => TokenSourceConfig;
+  readonly custom: (fn: CustomStrategyFn) => CustomSourceConfig;
+  readonly headers: () => (ctx: Context) => Readonly<Record<string, string>>;
+  readonly require: (options?: AuthRequireOptions) => Middleware;
+}
+/**
+* Auth middleware factory with strategy builder methods.
 *
-* No credential data is stored on the context. `ctx.auth.credential()`
-* resolves passively from two sources on every call:
-* 1. File — `~/.cli-name/auth.json`
-* 2. Env — `CLI_NAME_TOKEN`
+* Use as `auth({ strategies: [...] })` to create middleware, or use
+* the builder methods (`auth.env()`, `auth.oauth()`, etc.) to construct
+* strategy configs with a cleaner API.
+*/
+declare const auth: AuthFactory;
+//#endregion
+//#region src/middleware/auth/headers.d.ts
+/**
+* Create a function that resolves auth credentials from `ctx.auth` into HTTP headers.
 *
-* Interactive resolvers (OAuth, prompt, custom) only run when the
-* command handler explicitly calls `ctx.auth.authenticate()`.
+* The returned function reads `ctx.auth.credential()` and converts the credential
+* into the appropriate header format using `buildAuthHeaders()`. Returns an empty
+* record when no auth middleware is present or no credential exists.
 *
-* @param options - Auth middleware configuration.
-* @returns A Middleware that decorates ctx.auth.
+* @returns A function that takes a Context and returns auth headers.
 */
-declare function auth(options: AuthOptions): Middleware;
+declare function createAuthHeaders(): (ctx: Context) => Readonly<Record<string, string>>;
 //#endregion
-export { type AuthContext, type AuthCredential, type AuthOptions, type LoginError, type ResolverConfig, auth };
+export { type AuthContext, type AuthCredential, type AuthError, type AuthFactory, type AuthOptions, type AuthRequireOptions, type CustomSourceConfig, type CustomStrategyFn, type DeviceCodeSourceConfig, type DeviceCodeStrategyOptions, type DotenvSourceConfig, type DotenvStrategyOptions, type EnvSourceConfig, type EnvStrategyOptions, type FileSourceConfig, type FileStrategyOptions, type LoginOptions, type OAuthSourceConfig, type OAuthStrategyOptions, type StrategyConfig, type TokenSourceConfig, type TokenStrategyOptions, auth, createAuthHeaders, createAuthRequire };
 //# sourceMappingURL=auth.d.ts.map

package/dist/middleware/auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.d.ts","names":[],"sources":["../../src/middleware/auth/auth.ts"],"mappings":";;;;;;;AAiCA;;;;;;;;;;;iBAAgB,IAAA,CAAK,OAAA,EAAS,WAAA,GAAc,UAAA"}
+{"version":3,"file":"auth.d.ts","names":[],"sources":["../../src/middleware/auth/require.ts","../../src/middleware/auth/types.ts","../../src/middleware/auth/auth.ts","../../src/middleware/auth/headers.ts"],"mappings":";;;;;;;UAciB,kBAAA;EAAA,SACN,OAAA;AAAA;;;AAeX;;;;;;;;;;iBAAgB,iBAAA,CAAkB,OAAA,GAAU,kBAAA,GAAqB,UAAA;;;;;;UCXhD,gBAAA;EAAA,SACN,IAAA;EAAA,SACA,KAAA;AAAA;;;;UAMM,eAAA;EAAA,SACN,IAAA;EAAA,SACA,QAAA;EAAA,SACA,QAAA;AAAA;;AAHX;;UASiB,gBAAA;EAAA,SACN,IAAA;EAAA,SACA,UAAA;EAAA,SACA,GAAA;AAAA;;;AAHX;UASiB,gBAAA;EAAA,SACN,IAAA;EAAA,SACA,OAAA,EAAS,QAAA,CAAS,MAAA;AAAA;;;;;KAOjB,cAAA,GACR,gBAAA,GACA,eAAA,GACA,gBAAA,GACA,gBAAA;;;;UASa,eAAA;EAAA,SACN,MAAA;EAAA,SACA,QAAA;AAAA;;;AAfX;UAqBiB,kBAAA;EAAA,SACN,MAAA;EAAA,SACA,QAAA;EAAA,SACA,IAAA;AAAA;;;;UAMM,gBAAA;EAAA,SACN,MAAA;EAAA,SACA,QAAA;EAAA,SACA,OAAA;AAAA;;AApBX;;;;;AAQA;UAsBiB,iBAAA;EAAA,SACN,MAAA;EAAA,SACA,QAAA;EAAA,SACA,OAAA;EAAA,SACA,QAAA;EAAA,SACA,MAAA;EAAA,SACA,IAAA;EAAA,SACA,YAAA;EAAA,SACA,OAAA;AAAA;;;;;;;;UAUM,sBAAA;EAAA,SACN,MAAA;EAAA,SACA,QAAA;EAAA,SACA,aAAA;EAAA,SACA,QAAA;EAAA,SACA,MAAA;EAAA,SACA,YAAA;EAAA,SACA,OAAA;EAAA,SACA,WAAA;AAAA;;;;UAMM,iBAAA;EAAA,SACN,MAAA;EAAA,SACA,OAAA;AAAA;;;;UAMM,kBAAA;EAAA,SACN,MAAA;EAAA,SACA,QAAA,QAAgB,OAAA,CAAQ,cAAA,WAAyB,cAAA;AAAA;;;;;KAOhD,cAAA,GACR,eAAA,GACA,kBAAA,GACA,gBAAA,GACA,iBAAA,GACA,sBAAA,GACA,iBAAA,GACA,kBAAA;;;;;UAUa,SAAA;EAAA,SACN,IAAA;EAAA,SACA,OAAA;AAAA;;;;;UAWM,YAAA;EAAA,SACN,UAAA,YAAsB,cAAA;AAAA;;;;;AA/BjC;;;;;;;;;UAmDiB,WAAA;EAAA,SACN,UAAA,QAAkB,cAAA;EAAA,SAClB,aAAA;EAAA,SACA,KAAA,GAAQ,OAAA,GAAU,YAAA,KAAiB,WAAA,CAAY,cAAA,EAAgB,SAAA;EAAA,SAC/D,MAAA,QAAc,WAAA,SAAoB,SAAA;AAAA;;;;KAUjC,kBAAA,GAAqB,IAAA,CAAK,eAAA;;;AAhDtC;KAqDY,qBAAA,GAAwB,IAAA,CAAK,kBAAA;;;;KAK7B,mBAAA,GAAsB,IAAA,CAAK,gBAAA;;;;KAK3B,oBAAA,GAAuB,IAAA,CAAK,iBAAA;AA7BxC;;;AAAA,KAkCY,yBAAA,GAA4B,IAAA,CAAK,sBAAA;;;;KAKjC,oBAAA,GAAuB,IAAA,CAAK,iBAAA;;;;KAK5B,gBAAA,SAAyB,OAAA,CAAQ,cAAA,WAAyB,cAAA;;;;;;UAWrD,WAAA;EAAA,SACN,UAAA,WAAqB,cAAA;AAAA;;;;;;;;YAcpB,OAAA;IAAA,SACC,IAAA,EAAM,WAAA;EAAA;AAAA;;;AD9PnB;;;;AAAA,UEmCiB,WAAA;EAAA,CACd,OAAA,EAAS,WAAA,GAAc,UAAA;EAAA,SACf,GAAA,GAAM,OAAA,GAAU,kBAAA,KAAuB,eAAA;EAAA,SACvC,MAAA,GAAS,OAAA,GAAU,qBAAA,KAA0B,kBAAA;EAAA,SAC7C,IAAA,GAAO,OAAA,GAAU,mBAAA,KAAwB,gBAAA;EAAA,SACzC,KAAA,GAAQ,OAAA,EAAS,oBAAA,KAAyB,iBAAA;EAAA,SAC1C,UAAA,GAAa,OAAA,EAAS,yBAAA,KAA8B,sBAAA;EAAA,SACpD,KAAA,GAAQ,OAAA,GAAU,oBAAA,KAAyB,iBAAA;EAAA,SAC3C,MAAA,GAAS,OAAA,GAAU,oBAAA,KAAyB,iBAAA;EAAA,SAC5C,MAAA,GAAS,EAAA,EAAI,gBAAA,KAAqB,kBAAA;EAAA,SAClC,OAAA,SAAgB,GAAA,EAAK,OAAA,KAAY,QAAA,CAAS,MAAA;EAAA,SAC1C,OAAA,GAAU,OAAA,GAAU,kBAAA,KAAuB,UAAA;AAAA;ADzCtD;;;;;AAQA;;AARA,cCqFa,IAAA,EAAM,WAAA;;;;;;AF1EnB;;;;;;iBGVgB,iBAAA,CAAA,IAAsB,GAAA,EAAK,OAAA,KAAY,QAAA,CAAS,MAAA"}