@krutai/auth 0.2.3 → 0.4.1

package/dist/index.d.ts

@@ -1,150 +1,280 @@
-import * as better_auth from 'better-auth';
-import { BetterAuthOptions, Auth } from 'better-auth';
-export { BetterAuthOptions } from 'better-auth';
-export { ApiKeyValidationError, validateApiKeyFormat, validateApiKeyWithService } from 'krutai';
+export { ApiKeyValidationError as KrutAuthKeyValidationError, validateApiKeyWithService as validateApiKey, validateApiKeyFormat } from 'krutai';
 
+/**
+ * Types for @krutai/auth
+ *
+ * Pure fetch-based auth client — no local better-auth dependency.
+ */
+/**
+ * Default base URL for the KrutAI server.
+ * Used when no serverUrl is provided in the config.
+ */
+declare const DEFAULT_SERVER_URL: "http://localhost:8000";
+/**
+ * Default path prefix for the auth routes on the server.
+ * The server mounts better-auth under this prefix.
+ */
+declare const DEFAULT_AUTH_PREFIX: "/lib-auth";
 /**
  * Configuration options for KrutAuth
  */
 interface KrutAuthConfig {
     /**
-     * API key for authentication with KrutAI services
+     * KrutAI API key.
+     * Validated against the server before use.
      * Optional: defaults to process.env.KRUTAI_API_KEY
      */
     apiKey?: string;
     /**
-     * Better Auth configuration options
-     * @see https://www.better-auth.com/docs
-     */
-    betterAuthOptions?: Partial<BetterAuthOptions>;
-    /**
-     * Whether to validate the API key on initialization
-     * @default true
-     */
-    validateOnInit?: boolean;
-    /**
-     * Base URL of your deployed LangChain backend/validation server
+     * Base URL of your deployed KrutAI server.
      * @default "http://localhost:8000"
+     * @example "https://krut.ai"
      */
     serverUrl?: string;
     /**
-     * Custom API validation endpoint
+     * Path prefix for the auth routes on the server.
+     * @default "/lib-auth"
      */
-    validationEndpoint?: string;
+    authPrefix?: string;
+    /**
+     * Whether to validate the API key against the server on initialization.
+     * Set to false to skip the validation round-trip (e.g. in tests).
+     * @default true
+     */
+    validateOnInit?: boolean;
 }
 /**
- * Authentication session interface
+ * Parameters for email/password sign-up
+ */
+interface SignUpEmailParams {
+    /** User email */
+    email: string;
+    /** User password */
+    password: string;
+    /** Display name */
+    name: string;
+}
+/**
+ * Parameters for email/password sign-in
+ */
+interface SignInEmailParams {
+    /** User email */
+    email: string;
+    /** User password */
+    password: string;
+}
+/**
+ * A user record returned by the auth server
+ */
+interface AuthUser {
+    id: string;
+    email: string;
+    name?: string;
+    emailVerified: boolean;
+    createdAt: string;
+    updatedAt: string;
+    [key: string]: unknown;
+}
+/**
+ * A session record returned by the auth server
+ */
+interface AuthSessionRecord {
+    id: string;
+    userId: string;
+    token: string;
+    expiresAt: string;
+    [key: string]: unknown;
+}
+/**
+ * Combined session + user response
  */
 interface AuthSession {
-    user: {
-        id: string;
-        email: string;
-        name?: string;
-        [key: string]: unknown;
-    };
-    session: {
-        id: string;
-        expiresAt: Date;
-        [key: string]: unknown;
-    };
+    user: AuthUser;
+    session: AuthSessionRecord;
+}
+/**
+ * Sign-up / sign-in response (contains token + user)
+ */
+interface AuthResponse {
+    token: string;
+    user: AuthUser;
+    [key: string]: unknown;
 }
 
 /**
- * KrutAuth - Authentication client for KrutAI
+ * KrutAuth — fetch-based authentication client for KrutAI
  *
- * This class wraps Better Auth and adds API key validation
- * to ensure only authorized users can access authentication features.
+ * Calls your deployed server's `/lib-auth` routes for all auth operations.
+ * The API key is validated against the server before use.
  *
  * @example
  * ```typescript
  * import { KrutAuth } from '@krutai/auth';
  *
  * const auth = new KrutAuth({
- *   apiKey: 'your-api-key-here',
- *   betterAuthOptions: {
- *     // Better Auth configuration
- *   }
+ *   apiKey: process.env.KRUTAI_API_KEY!,
+ *   serverUrl: 'https://krut.ai',
  * });
  *
- * // Initialize the client (validates API key)
- * await auth.initialize();
+ * await auth.initialize(); // validates key against server
  *
- * // Use authentication features
- * const betterAuth = auth.getBetterAuth();
+ * // Sign up
+ * const { token, user } = await auth.signUpEmail({
+ *   email: 'user@example.com',
+ *   password: 'secret123',
+ *   name: 'Alice',
+ * });
+ *
+ * // Sign in
+ * const result = await auth.signInEmail({
+ *   email: 'user@example.com',
+ *   password: 'secret123',
+ * });
+ *
+ * // Get session
+ * const session = await auth.getSession(result.token);
  * ```
  */
 declare class KrutAuth {
-    private config;
-    private apiKey;
-    private betterAuthInstance;
+    private readonly apiKey;
+    private readonly serverUrl;
+    private readonly authPrefix;
+    private readonly config;
     private initialized;
-    /**
-     * Creates a new KrutAuth instance
-     * @param config - Configuration options
-     * @throws {ApiKeyValidationError} If API key is invalid
-     */
     constructor(config: KrutAuthConfig);
     /**
-     * Initialize the authentication client
-     * Validates the API key and sets up Better Auth
-     * @throws {ApiKeyValidationError} If API key validation fails
+     * Initialize the auth client.
+     * Validates the API key against the server, then marks client as ready.
+     *
+     * @throws {KrutAuthKeyValidationError} if the key is rejected or the server is unreachable
      */
     initialize(): Promise<void>;
     /**
-     * Initialize Better Auth instance
-     * @private
+     * Returns whether the client has been initialized.
      */
-    private initializeBetterAuth;
+    isInitialized(): boolean;
+    private assertInitialized;
+    /** Common request headers sent to the server on every auth call. */
+    private authHeaders;
     /**
-     * Get the Better Auth instance
-     * @throws {Error} If not initialized
+     * Build the full URL for an auth endpoint.
+     * @param path - The better-auth sub-path, e.g. `/api/auth/sign-up/email`
      */
-    getBetterAuth(): Auth;
+    private url;
     /**
-     * Check if the client is initialized
+     * Generic request helper for any better-auth endpoint.
+     *
+     * Use this to call endpoints not covered by the convenience methods.
+     *
+     * @param method - HTTP method (GET, POST, etc.)
+     * @param path - The better-auth endpoint path (e.g. `/api/auth/sign-up/email`)
+     * @param body - Optional JSON body
+     * @returns The parsed JSON response
      */
-    isInitialized(): boolean;
+    request<T = unknown>(method: string, path: string, body?: Record<string, unknown> | object): Promise<T>;
     /**
-     * Get the API key (useful for making authenticated requests)
-     * @returns The API key
+     * Sign up a new user with email and password.
+     *
+     * Calls: POST {serverUrl}/lib-auth/api/auth/sign-up/email
+     *
+     * @param params - Sign-up parameters (email, password, name)
+     * @returns The auth response containing token and user
      */
-    getApiKey(): string;
+    signUpEmail(params: SignUpEmailParams): Promise<AuthResponse>;
     /**
-     * Sign in a user
-     * This is a convenience method that wraps Better Auth
-     * You can access the full Better Auth API via getBetterAuth()
+     * Sign in with email and password.
+     *
+     * Calls: POST {serverUrl}/lib-auth/api/auth/sign-in/email
+     *
+     * @param params - Sign-in parameters (email, password)
+     * @returns The auth response containing token and user
      */
-    signIn(): Promise<Auth>;
+    signInEmail(params: SignInEmailParams): Promise<AuthResponse>;
     /**
-     * Sign out the current user
-     * You can access the full Better Auth API via getBetterAuth()
+     * Get the current session for a user.
+     *
+     * Calls: GET {serverUrl}/lib-auth/api/auth/get-session
+     *
+     * @param sessionToken - The session token (Bearer token from sign-in)
+     * @returns The session containing user and session data
      */
-    signOut(): Promise<Auth>;
+    getSession(sessionToken: string): Promise<AuthSession>;
     /**
-     * Get the current session
-     * You can access the full Better Auth API via getBetterAuth()
+     * Sign out the current user.
+     *
+     * Calls: POST {serverUrl}/lib-auth/api/auth/sign-out
+     *
+     * @param sessionToken - The session token to invalidate
      */
-    getSession(): Promise<Auth>;
+    signOut(sessionToken: string): Promise<void>;
 }
 
 /**
- * krutAuth — drop-in replacement for betterAuth.
+ * @krutai/auth — Authentication package for KrutAI
  *
- * Use this instead of importing betterAuth directly.
+ * A fetch-based wrapper that calls your deployed server's `/lib-auth` routes.
+ * The user's API key is validated against the server before any auth call is made.
  *
- * @example
+ * @example Basic usage
  * ```typescript
- * import { krutAuth } from "@krutai/auth";
- * import Database from "better-sqlite3";
+ * import { krutAuth } from '@krutai/auth';
  *
- * export const auth = krutAuth({
- *   database: new Database("./sqlite.db"),
- *   emailAndPassword: { enabled: true },
+ * const auth = krutAuth({
+ *   apiKey: process.env.KRUTAI_API_KEY!,
+ *   serverUrl: 'https://krut.ai',
+ * });
+ *
+ * await auth.initialize(); // validates key with server
+ *
+ * const { token, user } = await auth.signUpEmail({
+ *   email: 'user@example.com',
+ *   password: 'secret123',
+ *   name: 'Alice',
  * });
  * ```
+ *
+ * @example Sign in
+ * ```typescript
+ * const auth = krutAuth({
+ *   apiKey: process.env.KRUTAI_API_KEY!,
+ *   serverUrl: 'https://krut.ai',
+ * });
+ * await auth.initialize();
+ *
+ * const { token, user } = await auth.signInEmail({
+ *   email: 'user@example.com',
+ *   password: 'secret123',
+ * });
+ * ```
+ *
+ * @packageDocumentation
  */
-declare function krutAuth(options: BetterAuthOptions): better_auth.Auth<BetterAuthOptions>;
 
-declare const VERSION = "0.1.9";
+/**
+ * krutAuth — convenience factory.
+ *
+ * Creates a `KrutAuth` instance configured to call your server's `/lib-auth` routes.
+ *
+ * @param config - Auth configuration (`apiKey` and `serverUrl` are required)
+ * @returns A `KrutAuth` instance — call `.initialize()` before use
+ *
+ * @example
+ * ```typescript
+ * import { krutAuth } from '@krutai/auth';
+ *
+ * const auth = krutAuth({
+ *   apiKey: process.env.KRUTAI_API_KEY!,
+ *   serverUrl: 'https://krut.ai',
+ * });
+ *
+ * await auth.initialize();
+ * const { token, user } = await auth.signInEmail({
+ *   email: 'user@example.com',
+ *   password: 'secret123',
+ * });
+ * ```
+ */
+declare function krutAuth(config: KrutAuthConfig): KrutAuth;
+declare const VERSION = "0.4.0";
 
-export { type AuthSession, KrutAuth, type KrutAuthConfig, VERSION, krutAuth };
+export { type AuthResponse, type AuthSession, type AuthSessionRecord, type AuthUser, DEFAULT_AUTH_PREFIX, DEFAULT_SERVER_URL, KrutAuth, type KrutAuthConfig, type SignInEmailParams, type SignUpEmailParams, VERSION, krutAuth };

package/dist/index.js

@@ -1,116 +1,204 @@
 'use strict';
 
-var betterAuth = require('better-auth');
 var krutai = require('krutai');
 
-// src/index.ts
+// src/types.ts
+var DEFAULT_SERVER_URL = "http://localhost:8000";
+var DEFAULT_AUTH_PREFIX = "/lib-auth";
 var KrutAuth = class {
-  /**
-   * Creates a new KrutAuth instance
-   * @param config - Configuration options
-   * @throws {ApiKeyValidationError} If API key is invalid
-   */
+  apiKey;
+  serverUrl;
+  authPrefix;
+  config;
+  initialized = false;
   constructor(config) {
     this.config = config;
-    const key = config.apiKey || process.env.KRUTAI_API_KEY || "";
-    krutai.validateApiKeyFormat(key);
-    this.apiKey = key;
+    this.apiKey = config.apiKey || process.env.KRUTAI_API_KEY || "";
+    this.serverUrl = (config.serverUrl ?? DEFAULT_SERVER_URL).replace(/\/$/, "");
+    this.authPrefix = (config.authPrefix ?? DEFAULT_AUTH_PREFIX).replace(/\/$/, "");
+    krutai.validateApiKeyFormat(this.apiKey);
     if (config.validateOnInit === false) {
-      this.initializeBetterAuth();
+      this.initialized = true;
     }
   }
-  apiKey;
-  betterAuthInstance = null;
-  initialized = false;
   /**
-   * Initialize the authentication client
-   * Validates the API key and sets up Better Auth
-   * @throws {ApiKeyValidationError} If API key validation fails
+   * Initialize the auth client.
+   * Validates the API key against the server, then marks client as ready.
+   *
+   * @throws {KrutAuthKeyValidationError} if the key is rejected or the server is unreachable
    */
   async initialize() {
-    if (this.initialized) {
-      return;
-    }
+    if (this.initialized) return;
     if (this.config.validateOnInit !== false) {
-      await krutai.validateApiKeyWithService(this.apiKey, this.config.serverUrl);
+      await krutai.validateApiKeyWithService(this.apiKey, this.serverUrl);
     }
-    this.initializeBetterAuth();
     this.initialized = true;
   }
   /**
-   * Initialize Better Auth instance
-   * @private
+   * Returns whether the client has been initialized.
    */
-  initializeBetterAuth() {
-    this.betterAuthInstance = betterAuth.betterAuth({
-      ...this.config.betterAuthOptions
-    });
+  isInitialized() {
+    return this.initialized;
   }
-  /**
-   * Get the Better Auth instance
-   * @throws {Error} If not initialized
-   */
-  getBetterAuth() {
-    if (!this.betterAuthInstance) {
+  // ---------------------------------------------------------------------------
+  // Private helpers
+  // ---------------------------------------------------------------------------
+  assertInitialized() {
+    if (!this.initialized) {
       throw new Error(
         "KrutAuth not initialized. Call initialize() first or set validateOnInit to false."
       );
     }
-    return this.betterAuthInstance;
+  }
+  /** Common request headers sent to the server on every auth call. */
+  authHeaders() {
+    return {
+      "Content-Type": "application/json",
+      Authorization: `Bearer ${this.apiKey}`,
+      "x-api-key": this.apiKey
+    };
   }
   /**
-   * Check if the client is initialized
+   * Build the full URL for an auth endpoint.
+   * @param path - The better-auth sub-path, e.g. `/api/auth/sign-up/email`
    */
-  isInitialized() {
-    return this.initialized;
+  url(path) {
+    const cleanPath = path.startsWith("/") ? path : `/${path}`;
+    return `${this.serverUrl}${this.authPrefix}${cleanPath}`;
   }
+  // ---------------------------------------------------------------------------
+  // Public Auth Methods
+  // ---------------------------------------------------------------------------
   /**
-   * Get the API key (useful for making authenticated requests)
-   * @returns The API key
+   * Generic request helper for any better-auth endpoint.
+   *
+   * Use this to call endpoints not covered by the convenience methods.
+   *
+   * @param method - HTTP method (GET, POST, etc.)
+   * @param path - The better-auth endpoint path (e.g. `/api/auth/sign-up/email`)
+   * @param body - Optional JSON body
+   * @returns The parsed JSON response
    */
-  getApiKey() {
-    return this.apiKey;
+  async request(method, path, body) {
+    this.assertInitialized();
+    const options = {
+      method,
+      headers: this.authHeaders()
+    };
+    if (body && method !== "GET") {
+      options.body = JSON.stringify(body);
+    }
+    const response = await fetch(this.url(path), options);
+    if (!response.ok) {
+      let errorMessage = `Auth server returned HTTP ${response.status} for ${path}`;
+      try {
+        const errorData = await response.json();
+        if (errorData?.error) errorMessage = errorData.error;
+        else if (errorData?.message) errorMessage = errorData.message;
+      } catch {
+      }
+      throw new Error(errorMessage);
+    }
+    return await response.json();
   }
   /**
-   * Sign in a user
-   * This is a convenience method that wraps Better Auth
-   * You can access the full Better Auth API via getBetterAuth()
+   * Sign up a new user with email and password.
+   *
+   * Calls: POST {serverUrl}/lib-auth/api/auth/sign-up/email
+   *
+   * @param params - Sign-up parameters (email, password, name)
+   * @returns The auth response containing token and user
    */
-  async signIn() {
-    return this.getBetterAuth();
+  async signUpEmail(params) {
+    return this.request("POST", "/api/auth/sign-up/email", params);
   }
   /**
-   * Sign out the current user
-   * You can access the full Better Auth API via getBetterAuth()
+   * Sign in with email and password.
+   *
+   * Calls: POST {serverUrl}/lib-auth/api/auth/sign-in/email
+   *
+   * @param params - Sign-in parameters (email, password)
+   * @returns The auth response containing token and user
    */
-  async signOut() {
-    return this.getBetterAuth();
+  async signInEmail(params) {
+    return this.request("POST", "/api/auth/sign-in/email", params);
   }
   /**
-   * Get the current session
-   * You can access the full Better Auth API via getBetterAuth()
+   * Get the current session for a user.
+   *
+   * Calls: GET {serverUrl}/lib-auth/api/auth/get-session
+   *
+   * @param sessionToken - The session token (Bearer token from sign-in)
+   * @returns The session containing user and session data
    */
-  async getSession() {
-    return this.getBetterAuth();
+  async getSession(sessionToken) {
+    this.assertInitialized();
+    const response = await fetch(this.url("/api/auth/get-session"), {
+      method: "GET",
+      headers: {
+        ...this.authHeaders(),
+        Cookie: `better-auth.session_token=${sessionToken}`
+      }
+    });
+    if (!response.ok) {
+      let errorMessage = `Auth server returned HTTP ${response.status} for /api/auth/get-session`;
+      try {
+        const errorData = await response.json();
+        if (errorData?.error) errorMessage = errorData.error;
+        else if (errorData?.message) errorMessage = errorData.message;
+      } catch {
+      }
+      throw new Error(errorMessage);
+    }
+    return await response.json();
+  }
+  /**
+   * Sign out the current user.
+   *
+   * Calls: POST {serverUrl}/lib-auth/api/auth/sign-out
+   *
+   * @param sessionToken - The session token to invalidate
+   */
+  async signOut(sessionToken) {
+    this.assertInitialized();
+    const response = await fetch(this.url("/api/auth/sign-out"), {
+      method: "POST",
+      headers: {
+        ...this.authHeaders(),
+        Cookie: `better-auth.session_token=${sessionToken}`
+      }
+    });
+    if (!response.ok) {
+      let errorMessage = `Auth server returned HTTP ${response.status} for /api/auth/sign-out`;
+      try {
+        const errorData = await response.json();
+        if (errorData?.error) errorMessage = errorData.error;
+        else if (errorData?.message) errorMessage = errorData.message;
+      } catch {
+      }
+      throw new Error(errorMessage);
+    }
   }
 };
-function krutAuth(options) {
-  return betterAuth.betterAuth(options);
+function krutAuth(config) {
+  return new KrutAuth(config);
 }
-var VERSION = "0.1.9";
+var VERSION = "0.4.0";
 
-Object.defineProperty(exports, "ApiKeyValidationError", {
+Object.defineProperty(exports, "KrutAuthKeyValidationError", {
   enumerable: true,
   get: function () { return krutai.ApiKeyValidationError; }
 });
-Object.defineProperty(exports, "validateApiKeyFormat", {
+Object.defineProperty(exports, "validateApiKey", {
   enumerable: true,
-  get: function () { return krutai.validateApiKeyFormat; }
+  get: function () { return krutai.validateApiKeyWithService; }
 });
-Object.defineProperty(exports, "validateApiKeyWithService", {
+Object.defineProperty(exports, "validateApiKeyFormat", {
   enumerable: true,
-  get: function () { return krutai.validateApiKeyWithService; }
+  get: function () { return krutai.validateApiKeyFormat; }
 });
+exports.DEFAULT_AUTH_PREFIX = DEFAULT_AUTH_PREFIX;
+exports.DEFAULT_SERVER_URL = DEFAULT_SERVER_URL;
 exports.KrutAuth = KrutAuth;
 exports.VERSION = VERSION;
 exports.krutAuth = krutAuth;