@kognitivedev/workspace-auth 0.2.29

package/src/crypto.ts

@@ -0,0 +1,50 @@
+import { createCipheriv, createDecipheriv, createHash, randomBytes } from "node:crypto";
+
+export type EncryptedSecret = {
+  encryptedKey: string;
+  iv: string;
+  authTag: string;
+};
+
+export function createRawApiKey() {
+  return `kog_${randomBytes(16).toString("hex")}`;
+}
+
+export function getApiKeyPrefix(rawKey: string) {
+  return rawKey.slice(0, 8);
+}
+
+export function hashApiKey(rawKey: string) {
+  return createHash("sha256").update(rawKey).digest("hex");
+}
+
+function getEncryptionKey(secret = process.env.KOGNITIVE_MANAGED_CREDENTIAL_SECRET) {
+  if (!secret || Buffer.byteLength(secret, "utf8") < 32) {
+    throw new Error("KOGNITIVE_MANAGED_CREDENTIAL_SECRET must be set to a stable 32+ byte secret");
+  }
+  return createHash("sha256").update(secret).digest();
+}
+
+export function encryptManagedSecret(rawSecret: string, secret?: string): EncryptedSecret {
+  const iv = randomBytes(12);
+  const cipher = createCipheriv("aes-256-gcm", getEncryptionKey(secret), iv);
+  const encrypted = Buffer.concat([cipher.update(rawSecret, "utf8"), cipher.final()]);
+  return {
+    encryptedKey: encrypted.toString("base64"),
+    iv: iv.toString("base64"),
+    authTag: cipher.getAuthTag().toString("base64"),
+  };
+}
+
+export function decryptManagedSecret(encrypted: EncryptedSecret, secret?: string): string {
+  const decipher = createDecipheriv(
+    "aes-256-gcm",
+    getEncryptionKey(secret),
+    Buffer.from(encrypted.iv, "base64"),
+  );
+  decipher.setAuthTag(Buffer.from(encrypted.authTag, "base64"));
+  return Buffer.concat([
+    decipher.update(Buffer.from(encrypted.encryptedKey, "base64")),
+    decipher.final(),
+  ]).toString("utf8");
+}

package/src/db.ts

@@ -0,0 +1,45 @@
+import { drizzle } from "drizzle-orm/postgres-js";
+import postgres from "postgres";
+import * as schema from "./schema";
+
+const globalForWorkspaceAuthDb = globalThis as typeof globalThis & {
+  workspaceAuthDbClient?: ReturnType<typeof postgres>;
+  workspaceAuthDb?: ReturnType<typeof drizzle<typeof schema>>;
+};
+
+function readPositiveInteger(value: string | undefined, fallback: number) {
+  if (!value) return fallback;
+  const parsed = Number.parseInt(value, 10);
+  return Number.isFinite(parsed) && parsed > 0 ? parsed : fallback;
+}
+
+function shouldPrepareStatements(connectionString: string) {
+  const explicit = process.env.DATABASE_PREPARE_STATEMENTS;
+  if (explicit) {
+    return explicit !== "0" && explicit.toLowerCase() !== "false";
+  }
+
+  const poolingMode = process.env.DATABASE_POOL_MODE ?? process.env.PGBOUNCER_POOL_MODE;
+  if (poolingMode?.toLowerCase() === "transaction") return false;
+  return !connectionString.toLowerCase().includes("pgbouncer");
+}
+
+export function getWorkspaceAuthDb() {
+  const connectionString = process.env.DATABASE_URL || "postgres://postgres:password@localhost:5432/cognitive_layer";
+  const client =
+    globalForWorkspaceAuthDb.workspaceAuthDbClient ??
+    postgres(connectionString, {
+      max: readPositiveInteger(process.env.DATABASE_POOL_MAX ?? process.env.POSTGRES_POOL_MAX, 20),
+      idle_timeout: readPositiveInteger(process.env.DATABASE_IDLE_TIMEOUT_SECONDS, 30),
+      connect_timeout: readPositiveInteger(process.env.DATABASE_CONNECT_TIMEOUT_SECONDS, 10),
+      prepare: shouldPrepareStatements(connectionString),
+    });
+  const db = globalForWorkspaceAuthDb.workspaceAuthDb ?? drizzle(client, { schema });
+
+  globalForWorkspaceAuthDb.workspaceAuthDbClient = client;
+  globalForWorkspaceAuthDb.workspaceAuthDb = db;
+
+  return db;
+}
+
+export type WorkspaceAuthDb = ReturnType<typeof getWorkspaceAuthDb>;

package/src/index.ts

@@ -0,0 +1,36 @@
+export {
+  ACTIVE_PROJECT_ID_COOKIE,
+  ACTIVE_PROJECT_SLUG_COOKIE,
+  KOGNITIV_APPOINTMENTS_MANAGED_KEY_NAME,
+  KOGNITIV_APPOINTMENTS_PRODUCT,
+  KOGNITIV_VOICE_MANAGED_KEY_NAME,
+  KOGNITIV_VOICE_PRODUCT,
+  createWorkspaceProject,
+  ensureManagedProjectApiKey,
+  ensureOrganizationForClerk,
+  getOwnedProject,
+  getProductSetupState,
+  hasManagedProjectApiKey,
+  listOrganizationProjects,
+  resolveActiveProject,
+  resolveProductSetupWorkspace,
+  slugifyWorkspaceValue,
+  updateProductSetupState,
+  type ProductSetupStateValue,
+} from "./workspace";
+export {
+  createRawApiKey,
+  decryptManagedSecret,
+  encryptManagedSecret,
+  getApiKeyPrefix,
+  hashApiKey,
+  type EncryptedSecret,
+} from "./crypto";
+export { getWorkspaceAuthDb, type WorkspaceAuthDb } from "./db";
+export {
+  apiKeys,
+  managedProjectApiKeys,
+  organizations,
+  productSetupStates,
+  projects,
+} from "./schema";

package/src/schema.ts

@@ -0,0 +1,82 @@
+import { sql } from "drizzle-orm";
+import { boolean, index, jsonb, pgTable, text, timestamp, uniqueIndex, uuid } from "drizzle-orm/pg-core";
+
+export const organizations = pgTable("organizations", {
+  id: uuid("id").defaultRandom().primaryKey(),
+  clerkOrgId: text("clerk_org_id").notNull(),
+  name: text("name").notNull(),
+  slug: text("slug").notNull(),
+  createdAt: timestamp("created_at").defaultNow().notNull(),
+  updatedAt: timestamp("updated_at").defaultNow().notNull(),
+}, (table) => ({
+  clerkOrgIdIdx: uniqueIndex("organizations_clerk_org_id_idx").on(table.clerkOrgId),
+  slugIdx: uniqueIndex("organizations_slug_idx").on(table.slug),
+}));
+
+export const projects = pgTable("projects", {
+  id: uuid("id").defaultRandom().primaryKey(),
+  organizationId: uuid("organization_id").notNull().references(() => organizations.id),
+  name: text("name").notNull(),
+  slug: text("slug").notNull(),
+  description: text("description"),
+  isActive: boolean("is_active").default(true).notNull(),
+  createdAt: timestamp("created_at").defaultNow().notNull(),
+  updatedAt: timestamp("updated_at").defaultNow().notNull(),
+}, (table) => ({
+  orgSlugIdx: uniqueIndex("projects_org_slug_idx").on(table.organizationId, table.slug),
+  orgIdx: index("projects_org_idx").on(table.organizationId),
+}));
+
+export const apiKeys = pgTable("api_keys", {
+  id: uuid("id").defaultRandom().primaryKey(),
+  projectId: uuid("project_id").notNull().references(() => projects.id),
+  keyHash: text("key_hash").notNull(),
+  keyPrefix: text("key_prefix").notNull(),
+  name: text("name"),
+  lastUsedAt: timestamp("last_used_at"),
+  expiresAt: timestamp("expires_at"),
+  isActive: boolean("is_active").default(true).notNull(),
+  createdAt: timestamp("created_at").defaultNow().notNull(),
+}, (table) => ({
+  keyHashIdx: uniqueIndex("api_keys_key_hash_idx").on(table.keyHash),
+  projectIdx: index("api_keys_project_idx").on(table.projectId),
+}));
+
+export const managedProjectApiKeys = pgTable("managed_project_api_keys", {
+  id: uuid("id").defaultRandom().primaryKey(),
+  projectId: uuid("project_id").notNull().references(() => projects.id),
+  apiKeyId: uuid("api_key_id").notNull().references(() => apiKeys.id),
+  product: text("product").notNull(),
+  encryptedKey: text("encrypted_key").notNull(),
+  iv: text("iv").notNull(),
+  authTag: text("auth_tag").notNull(),
+  keyPrefix: text("key_prefix").notNull(),
+  createdAt: timestamp("created_at").defaultNow().notNull(),
+  updatedAt: timestamp("updated_at").defaultNow().notNull(),
+  lastUsedAt: timestamp("last_used_at"),
+  revokedAt: timestamp("revoked_at"),
+}, (table) => ({
+  projectProductIdx: index("managed_project_api_keys_project_product_idx").on(table.projectId, table.product),
+  apiKeyIdx: uniqueIndex("managed_project_api_keys_api_key_idx").on(table.apiKeyId),
+  activeProjectProductIdx: uniqueIndex("managed_project_api_keys_active_project_product_idx")
+    .on(table.projectId, table.product)
+    .where(sql`${table.revokedAt} IS NULL`),
+}));
+
+export const productSetupStates = pgTable("product_setup_states", {
+  id: uuid("id").defaultRandom().primaryKey(),
+  organizationId: uuid("organization_id").notNull().references(() => organizations.id, { onDelete: "cascade" }),
+  product: text("product").notNull(),
+  state: text("state").default("not_started").notNull(),
+  projectId: uuid("project_id").references(() => projects.id, { onDelete: "set null" }),
+  setupSessionId: text("setup_session_id").notNull(),
+  metadata: jsonb("metadata").default({}).notNull(),
+  startedAt: timestamp("started_at"),
+  completedAt: timestamp("completed_at"),
+  createdAt: timestamp("created_at").defaultNow().notNull(),
+  updatedAt: timestamp("updated_at").defaultNow().notNull(),
+}, (table) => ({
+  orgProductIdx: uniqueIndex("product_setup_states_org_product_idx").on(table.organizationId, table.product),
+  projectIdx: index("product_setup_states_project_idx").on(table.projectId),
+  sessionIdx: uniqueIndex("product_setup_states_setup_session_idx").on(table.setupSessionId),
+}));

package/src/workspace.ts

@@ -0,0 +1,405 @@
+import { randomUUID } from "node:crypto";
+import { and, asc, eq, isNull } from "drizzle-orm";
+import {
+  createRawApiKey,
+  decryptManagedSecret,
+  encryptManagedSecret,
+  getApiKeyPrefix,
+  hashApiKey,
+} from "./crypto";
+import { getWorkspaceAuthDb, type WorkspaceAuthDb } from "./db";
+import { apiKeys, managedProjectApiKeys, organizations, productSetupStates, projects } from "./schema";
+
+export const ACTIVE_PROJECT_ID_COOKIE = "active_project_id";
+export const ACTIVE_PROJECT_SLUG_COOKIE = "active_project_slug";
+export const KOGNITIV_VOICE_PRODUCT = "kognitiv-voice";
+export const KOGNITIV_VOICE_MANAGED_KEY_NAME = "Managed: Kognitiv Voice";
+export const KOGNITIV_APPOINTMENTS_PRODUCT = "kognitiv-appointments";
+export const KOGNITIV_APPOINTMENTS_MANAGED_KEY_NAME = "Managed: Kognitiv Appointments";
+
+type Db = WorkspaceAuthDb;
+export type ProductSetupStateValue = "not_started" | "in_progress" | "completed";
+type ManagedApiKeyRow = {
+  managedId: string;
+  encryptedKey: string;
+  iv: string;
+  authTag: string;
+  apiKeyId: string;
+  isActive: boolean;
+  expiresAt: Date | null;
+  keyPrefix: string;
+};
+
+const productSetupStateValues = new Set<ProductSetupStateValue>(["not_started", "in_progress", "completed"]);
+
+function dbOrDefault(db?: Db) {
+  return db ?? getWorkspaceAuthDb();
+}
+
+function isUniqueConstraintError(error: unknown, constraintName: string) {
+  const candidate = error as {
+    code?: string;
+    constraint?: string;
+    constraint_name?: string;
+    message?: string;
+  } | null;
+  return Boolean(
+    candidate
+      && candidate.code === "23505"
+      && (
+        candidate.constraint === constraintName
+        || candidate.constraint_name === constraintName
+        || candidate.message?.includes(constraintName)
+      ),
+  );
+}
+
+function isManagedKeyUsable(row: ManagedApiKeyRow | null, now = new Date()) {
+  return Boolean(row?.isActive && (!row.expiresAt || row.expiresAt > now));
+}
+
+function normalizeProductSetupState(value: unknown, fallback: ProductSetupStateValue = "not_started"): ProductSetupStateValue {
+  return typeof value === "string" && productSetupStateValues.has(value as ProductSetupStateValue)
+    ? value as ProductSetupStateValue
+    : fallback;
+}
+
+function setupSessionId(product: string, organizationId: string) {
+  return `${slugifyWorkspaceValue(product, "product")}-setup-${organizationId}-${randomUUID()}`;
+}
+
+function setupMetadata(value: unknown) {
+  return value && typeof value === "object" && !Array.isArray(value) ? value as Record<string, unknown> : {};
+}
+
+function toProductSetupState(row: typeof productSetupStates.$inferSelect) {
+  return {
+    ...row,
+    state: normalizeProductSetupState(row.state),
+    metadata: setupMetadata(row.metadata),
+  };
+}
+
+async function findUnrevokedManagedProjectApiKey(db: Db, input: {
+  projectId: string;
+  product: string;
+}): Promise<ManagedApiKeyRow | null> {
+  return db
+    .select({
+      managedId: managedProjectApiKeys.id,
+      encryptedKey: managedProjectApiKeys.encryptedKey,
+      iv: managedProjectApiKeys.iv,
+      authTag: managedProjectApiKeys.authTag,
+      apiKeyId: apiKeys.id,
+      isActive: apiKeys.isActive,
+      expiresAt: apiKeys.expiresAt,
+      keyPrefix: managedProjectApiKeys.keyPrefix,
+    })
+    .from(managedProjectApiKeys)
+    .innerJoin(apiKeys, eq(managedProjectApiKeys.apiKeyId, apiKeys.id))
+    .where(and(
+      eq(managedProjectApiKeys.projectId, input.projectId),
+      eq(managedProjectApiKeys.product, input.product),
+      isNull(managedProjectApiKeys.revokedAt),
+    ))
+    .orderBy(asc(managedProjectApiKeys.createdAt))
+    .limit(1)
+    .then((rows) => rows[0] ?? null);
+}
+
+async function useExistingManagedProjectApiKey(db: Db, existing: ManagedApiKeyRow) {
+  const rawKey = decryptManagedSecret(existing);
+  const now = new Date();
+  await Promise.all([
+    db.update(apiKeys).set({ lastUsedAt: now }).where(eq(apiKeys.id, existing.apiKeyId)),
+    db.update(managedProjectApiKeys).set({ lastUsedAt: now, updatedAt: now }).where(eq(managedProjectApiKeys.id, existing.managedId)),
+  ]);
+  return { key: rawKey, keyPrefix: existing.keyPrefix, action: "used" as const };
+}
+
+async function revokeManagedProjectApiKey(db: Db, managedId: string) {
+  const now = new Date();
+  await db
+    .update(managedProjectApiKeys)
+    .set({ revokedAt: now, updatedAt: now })
+    .where(and(eq(managedProjectApiKeys.id, managedId), isNull(managedProjectApiKeys.revokedAt)));
+}
+
+export function slugifyWorkspaceValue(value: string, fallback = "project") {
+  const slug = String(value || "")
+    .trim()
+    .toLowerCase()
+    .replace(/[^a-z0-9]+/g, "-")
+    .replace(/^-+|-+$/g, "");
+  return slug || fallback;
+}
+
+export async function ensureOrganizationForClerk(input: {
+  clerkOrgId: string;
+  name?: string | null;
+  slug?: string | null;
+  db?: Db;
+}) {
+  const db = dbOrDefault(input.db);
+  const existing = await db
+    .select()
+    .from(organizations)
+    .where(eq(organizations.clerkOrgId, input.clerkOrgId))
+    .limit(1)
+    .then((rows) => rows[0] ?? null);
+  if (existing) return existing;
+
+  const name = input.name?.trim() || input.clerkOrgId;
+  const slug = slugifyWorkspaceValue(input.slug || name || input.clerkOrgId, input.clerkOrgId.toLowerCase());
+  const inserted = await db
+    .insert(organizations)
+    .values({ clerkOrgId: input.clerkOrgId, name, slug })
+    .returning();
+  return inserted[0];
+}
+
+export async function listOrganizationProjects(organizationId: string, db?: Db) {
+  return dbOrDefault(db)
+    .select()
+    .from(projects)
+    .where(eq(projects.organizationId, organizationId))
+    .orderBy(asc(projects.createdAt), asc(projects.name));
+}
+
+export async function getOwnedProject(input: { organizationId: string; projectId: string; db?: Db }) {
+  return dbOrDefault(input.db)
+    .select()
+    .from(projects)
+    .where(and(eq(projects.id, input.projectId), eq(projects.organizationId, input.organizationId)))
+    .limit(1)
+    .then((rows) => rows[0] ?? null);
+}
+
+export async function resolveActiveProject(input: {
+  organizationId: string;
+  activeProjectId?: string | null;
+  db?: Db;
+}) {
+  const orgProjects = await listOrganizationProjects(input.organizationId, input.db);
+  if (orgProjects.length === 0) return { project: null, projects: orgProjects };
+  const activeProject = input.activeProjectId
+    ? orgProjects.find((project) => project.id === input.activeProjectId) ?? null
+    : null;
+  return { project: activeProject ?? orgProjects[0], projects: orgProjects };
+}
+
+export async function getProductSetupState(input: {
+  organizationId: string;
+  product: string;
+  db?: Db;
+}) {
+  const db = dbOrDefault(input.db);
+  const product = input.product.trim();
+  if (!product) throw new Error("Product is required");
+
+  const existing = await db
+    .select()
+    .from(productSetupStates)
+    .where(and(
+      eq(productSetupStates.organizationId, input.organizationId),
+      eq(productSetupStates.product, product),
+    ))
+    .limit(1)
+    .then((rows) => rows[0] ?? null);
+  if (existing) return toProductSetupState(existing);
+
+  try {
+    const inserted = await db
+      .insert(productSetupStates)
+      .values({
+        organizationId: input.organizationId,
+        product,
+        state: "not_started",
+        setupSessionId: setupSessionId(product, input.organizationId),
+      })
+      .returning();
+    return toProductSetupState(inserted[0]);
+  } catch (error) {
+    if (!isUniqueConstraintError(error, "product_setup_states_org_product_idx")) throw error;
+    const row = await db
+      .select()
+      .from(productSetupStates)
+      .where(and(
+        eq(productSetupStates.organizationId, input.organizationId),
+        eq(productSetupStates.product, product),
+      ))
+      .limit(1)
+      .then((rows) => rows[0] ?? null);
+    if (!row) throw error;
+    return toProductSetupState(row);
+  }
+}
+
+export async function updateProductSetupState(input: {
+  organizationId: string;
+  product: string;
+  state?: ProductSetupStateValue | string | null;
+  projectId?: string | null;
+  metadata?: Record<string, unknown> | null;
+  db?: Db;
+}) {
+  const db = dbOrDefault(input.db);
+  const existing = await getProductSetupState(input);
+  const nextState = input.state !== undefined && input.state !== null
+    ? normalizeProductSetupState(input.state, existing.state)
+    : input.projectId !== undefined && existing.state === "not_started"
+      ? "in_progress"
+      : existing.state;
+  const now = new Date();
+  const nextMetadata = input.metadata
+    ? { ...existing.metadata, ...input.metadata }
+    : existing.metadata;
+  const updates = {
+    state: nextState,
+    ...(input.projectId !== undefined ? { projectId: input.projectId } : {}),
+    metadata: nextMetadata,
+    ...(nextState !== "not_started" && !existing.startedAt ? { startedAt: now } : {}),
+    ...(nextState === "completed" && !existing.completedAt ? { completedAt: now } : {}),
+    updatedAt: now,
+  };
+  const updated = await db
+    .update(productSetupStates)
+    .set(updates)
+    .where(and(
+      eq(productSetupStates.organizationId, input.organizationId),
+      eq(productSetupStates.product, input.product),
+    ))
+    .returning();
+  return toProductSetupState(updated[0]);
+}
+
+export async function resolveProductSetupWorkspace(input: {
+  organizationId: string;
+  product: string;
+  db?: Db;
+}) {
+  const db = dbOrDefault(input.db);
+  const [setup, orgProjects] = await Promise.all([
+    getProductSetupState({ organizationId: input.organizationId, product: input.product, db }),
+    listOrganizationProjects(input.organizationId, db),
+  ]);
+  const project = setup.projectId
+    ? orgProjects.find((candidate) => candidate.id === setup.projectId) ?? null
+    : null;
+  return { setup, project, projects: orgProjects };
+}
+
+export async function createWorkspaceProject(input: {
+  organizationId: string;
+  name: string;
+  slug?: string | null;
+  description?: string | null;
+  db?: Db;
+}) {
+  const name = input.name.trim();
+  if (!name) throw new Error("Project name is required");
+  const slug = slugifyWorkspaceValue(input.slug || name);
+  const inserted = await dbOrDefault(input.db)
+    .insert(projects)
+    .values({
+      organizationId: input.organizationId,
+      name,
+      slug,
+      description: input.description?.trim() || null,
+    })
+    .returning();
+  return inserted[0];
+}
+
+export async function hasManagedProjectApiKey(input: {
+  projectId: string;
+  product: string;
+  db?: Db;
+}) {
+  const row = await dbOrDefault(input.db)
+    .select({ id: managedProjectApiKeys.id })
+    .from(managedProjectApiKeys)
+    .innerJoin(apiKeys, eq(managedProjectApiKeys.apiKeyId, apiKeys.id))
+    .where(and(
+      eq(managedProjectApiKeys.projectId, input.projectId),
+      eq(managedProjectApiKeys.product, input.product),
+      isNull(managedProjectApiKeys.revokedAt),
+      eq(apiKeys.isActive, true),
+    ))
+    .limit(1)
+    .then((rows) => rows[0] ?? null);
+  return Boolean(row);
+}
+
+export async function ensureManagedProjectApiKey(input: {
+  projectId: string;
+  product: string;
+  name?: string | null;
+  db?: Db;
+}) {
+  const db = dbOrDefault(input.db);
+  for (let attempt = 0; attempt < 3; attempt += 1) {
+    const existing = await findUnrevokedManagedProjectApiKey(db, input);
+    if (existing && isManagedKeyUsable(existing)) {
+      return useExistingManagedProjectApiKey(db, existing);
+    }
+
+    if (existing) {
+      await revokeManagedProjectApiKey(db, existing.managedId);
+      continue;
+    }
+
+    const rawKey = createRawApiKey();
+    const keyPrefix = getApiKeyPrefix(rawKey);
+    const encrypted = encryptManagedSecret(rawKey);
+
+    try {
+      const inserted = await db.transaction(async (tx) => {
+        const [apiKey] = await tx
+          .insert(apiKeys)
+          .values({
+            projectId: input.projectId,
+            keyHash: hashApiKey(rawKey),
+            keyPrefix,
+            name: input.name?.trim() || null,
+          })
+          .returning();
+
+        const [managed] = await tx
+          .insert(managedProjectApiKeys)
+          .values({
+            projectId: input.projectId,
+            apiKeyId: apiKey.id,
+            product: input.product,
+            encryptedKey: encrypted.encryptedKey,
+            iv: encrypted.iv,
+            authTag: encrypted.authTag,
+            keyPrefix,
+          })
+          .returning();
+
+        return { apiKey, managed };
+      });
+
+      return { key: rawKey, keyPrefix: inserted.managed.keyPrefix, action: "created" as const };
+    } catch (error) {
+      if (!isUniqueConstraintError(error, "managed_project_api_keys_active_project_product_idx")) {
+        throw error;
+      }
+
+      const raced = await findUnrevokedManagedProjectApiKey(db, input);
+      if (raced && isManagedKeyUsable(raced)) {
+        return useExistingManagedProjectApiKey(db, raced);
+      }
+      if (raced) {
+        await revokeManagedProjectApiKey(db, raced.managedId);
+      }
+    }
+  }
+
+  const existing = await findUnrevokedManagedProjectApiKey(db, input);
+  if (existing && isManagedKeyUsable(existing)) {
+    return useExistingManagedProjectApiKey(db, existing);
+  }
+  throw new Error("Unable to ensure managed project API key");
+}

package/tsconfig.json

@@ -0,0 +1,13 @@
+{
+  "extends": "../../tsconfig.json",
+  "compilerOptions": {
+    "module": "commonjs",
+    "rootDir": "src",
+    "outDir": "dist",
+    "declaration": true,
+    "noEmit": false,
+    "incremental": false
+  },
+  "include": ["src"],
+  "exclude": ["src/__tests__"]
+}

package/vitest.config.ts

@@ -0,0 +1,8 @@
+import { defineConfig } from "vitest/config";
+
+export default defineConfig({
+  test: {
+    environment: "node",
+    include: ["src/**/*.test.ts"],
+  },
+});