@krutai/auth 0.4.1 → 0.4.2

package/dist/index.d.mts

@@ -1,4 +1,4 @@
-export { ApiKeyValidationError as KrutAuthKeyValidationError, validateApiKeyWithService as validateApiKey, validateApiKeyFormat } from 'krutai';
+export { KrutAIKeyValidationError, validateApiKey, validateApiKeyFormat } from 'krutai';
 
 /**
  * Types for @krutai/auth

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-export { ApiKeyValidationError as KrutAuthKeyValidationError, validateApiKeyWithService as validateApiKey, validateApiKeyFormat } from 'krutai';
+export { KrutAIKeyValidationError, validateApiKey, validateApiKeyFormat } from 'krutai';
 
 /**
  * Types for @krutai/auth

package/dist/index.js

@@ -30,7 +30,7 @@ var KrutAuth = class {
   async initialize() {
     if (this.initialized) return;
     if (this.config.validateOnInit !== false) {
-      await krutai.validateApiKeyWithService(this.apiKey, this.serverUrl);
+      await krutai.validateApiKey(this.apiKey, this.serverUrl);
     }
     this.initialized = true;
   }
@@ -185,13 +185,13 @@ function krutAuth(config) {
 }
 var VERSION = "0.4.0";
 
-Object.defineProperty(exports, "KrutAuthKeyValidationError", {
+Object.defineProperty(exports, "KrutAIKeyValidationError", {
   enumerable: true,
-  get: function () { return krutai.ApiKeyValidationError; }
+  get: function () { return krutai.KrutAIKeyValidationError; }
 });
 Object.defineProperty(exports, "validateApiKey", {
   enumerable: true,
-  get: function () { return krutai.validateApiKeyWithService; }
+  get: function () { return krutai.validateApiKey; }
 });
 Object.defineProperty(exports, "validateApiKeyFormat", {
   enumerable: true,

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/types.ts","../src/client.ts","../src/index.ts"],"names":["validateApiKeyFormat","validateApiKey"],"mappings":";;;;;AAUO,IAAM,kBAAA,GAAqB;AAM3B,IAAM,mBAAA,GAAsB;ACkC5B,IAAM,WAAN,MAAe;AAAA,EACD,MAAA;AAAA,EACA,SAAA;AAAA,EACA,UAAA;AAAA,EACA,MAAA;AAAA,EAET,WAAA,GAAc,KAAA;AAAA,EAEtB,YAAY,MAAA,EAAwB;AAChC,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA,CAAO,MAAA,IAAU,OAAA,CAAQ,IAAI,cAAA,IAAkB,EAAA;AAC7D,IAAA,IAAA,CAAK,aAAa,MAAA,CAAO,SAAA,IAAa,kBAAA,EAAoB,OAAA,CAAQ,OAAO,EAAE,CAAA;AAC3E,IAAA,IAAA,CAAK,cAAc,MAAA,CAAO,UAAA,IAAc,mBAAA,EAAqB,OAAA,CAAQ,OAAO,EAAE,CAAA;AAG9E,IAAAA,2BAAA,CAAqB,KAAK,MAAM,CAAA;AAGhC,IAAA,IAAI,MAAA,CAAO,mBAAmB,KAAA,EAAO;AACjC,MAAA,IAAA,CAAK,WAAA,GAAc,IAAA;AAAA,IACvB;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,UAAA,GAA4B;AAC9B,IAAA,IAAI,KAAK,WAAA,EAAa;AAEtB,IAAA,IAAI,IAAA,CAAK,MAAA,CAAO,cAAA,KAAmB,KAAA,EAAO;AACtC,MAAA,MAAMC,gCAAA,CAAe,IAAA,CAAK,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA;AAAA,IACpD;AAEA,IAAA,IAAA,CAAK,WAAA,GAAc,IAAA;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA,EAKA,aAAA,GAAyB;AACrB,IAAA,OAAO,IAAA,CAAK,WAAA;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA,EAMQ,iBAAA,GAA0B;AAC9B,IAAA,IAAI,CAAC,KAAK,WAAA,EAAa;AACnB,MAAA,MAAM,IAAI,KAAA;AAAA,QACN;AAAA,OACJ;AAAA,IACJ;AAAA,EACJ;AAAA;AAAA,EAGQ,WAAA,GAAsC;AAC1C,IAAA,OAAO;AAAA,MACH,cAAA,EAAgB,kBAAA;AAAA,MAChB,aAAA,EAAe,CAAA,OAAA,EAAU,IAAA,CAAK,MAAM,CAAA,CAAA;AAAA,MACpC,aAAa,IAAA,CAAK;AAAA,KACtB;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAMQ,IAAI,IAAA,EAAsB;AAC9B,IAAA,MAAM,YAAY,IAAA,CAAK,UAAA,CAAW,GAAG,CAAA,GAAI,IAAA,GAAO,IAAI,IAAI,CAAA,CAAA;AACxD,IAAA,OAAO,GAAG,IAAA,CAAK,SAAS,GAAG,IAAA,CAAK,UAAU,GAAG,SAAS,CAAA,CAAA;AAAA,EAC1D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,MAAM,OAAA,CACF,MAAA,EACA,IAAA,EACA,IAAA,EACU;AACV,IAAA,IAAA,CAAK,iBAAA,EAAkB;AAEvB,IAAA,MAAM,OAAA,GAAuB;AAAA,MACzB,MAAA;AAAA,MACA,OAAA,EAAS,KAAK,WAAA;AAAY,KAC9B;AAEA,IAAA,IAAI,IAAA,IAAQ,WAAW,KAAA,EAAO;AAC1B,MAAA,OAAA,CAAQ,IAAA,GAAO,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA;AAAA,IACtC;AAEA,IAAA,MAAM,WAAW,MAAM,KAAA,CAAM,KAAK,GAAA,CAAI,IAAI,GAAG,OAAO,CAAA;AAEpD,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACd,MAAA,IAAI,YAAA,GAAe,CAAA,0BAAA,EAA6B,QAAA,CAAS,MAAM,QAAQ,IAAI,CAAA,CAAA;AAC3E,MAAA,IAAI;AACA,QAAA,MAAM,SAAA,GAAa,MAAM,QAAA,CAAS,IAAA,EAAK;AACvC,QAAA,IAAI,SAAA,EAAW,KAAA,EAAO,YAAA,GAAe,SAAA,CAAU,KAAA;AAAA,aAAA,IACtC,SAAA,EAAW,OAAA,EAAS,YAAA,GAAe,SAAA,CAAU,OAAA;AAAA,MAC1D,CAAA,CAAA,MAAQ;AAAA,MAAE;AACV,MAAA,MAAM,IAAI,MAAM,YAAY,CAAA;AAAA,IAChC;AAEA,IAAA,OAAQ,MAAM,SAAS,IAAA,EAAK;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,YAAY,MAAA,EAAkD;AAChE,IAAA,OAAO,IAAA,CAAK,OAAA,CAAsB,MAAA,EAAQ,yBAAA,EAA2B,MAAM,CAAA;AAAA,EAC/E;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,YAAY,MAAA,EAAkD;AAChE,IAAA,OAAO,IAAA,CAAK,OAAA,CAAsB,MAAA,EAAQ,yBAAA,EAA2B,MAAM,CAAA;AAAA,EAC/E;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,WAAW,YAAA,EAA4C;AACzD,IAAA,IAAA,CAAK,iBAAA,EAAkB;AAEvB,IAAA,MAAM,WAAW,MAAM,KAAA,CAAM,IAAA,CAAK,GAAA,CAAI,uBAAuB,CAAA,EAAG;AAAA,MAC5D,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACL,GAAG,KAAK,WAAA,EAAY;AAAA,QACpB,MAAA,EAAQ,6BAA6B,YAAY,CAAA;AAAA;AACrD,KACH,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACd,MAAA,IAAI,YAAA,GAAe,CAAA,0BAAA,EAA6B,QAAA,CAAS,MAAM,CAAA,0BAAA,CAAA;AAC/D,MAAA,IAAI;AACA,QAAA,MAAM,SAAA,GAAa,MAAM,QAAA,CAAS,IAAA,EAAK;AACvC,QAAA,IAAI,SAAA,EAAW,KAAA,EAAO,YAAA,GAAe,SAAA,CAAU,KAAA;AAAA,aAAA,IACtC,SAAA,EAAW,OAAA,EAAS,YAAA,GAAe,SAAA,CAAU,OAAA;AAAA,MAC1D,CAAA,CAAA,MAAQ;AAAA,MAAE;AACV,MAAA,MAAM,IAAI,MAAM,YAAY,CAAA;AAAA,IAChC;AAEA,IAAA,OAAQ,MAAM,SAAS,IAAA,EAAK;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,QAAQ,YAAA,EAAqC;AAC/C,IAAA,IAAA,CAAK,iBAAA,EAAkB;AAEvB,IAAA,MAAM,WAAW,MAAM,KAAA,CAAM,IAAA,CAAK,GAAA,CAAI,oBAAoB,CAAA,EAAG;AAAA,MACzD,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACL,GAAG,KAAK,WAAA,EAAY;AAAA,QACpB,MAAA,EAAQ,6BAA6B,YAAY,CAAA;AAAA;AACrD,KACH,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACd,MAAA,IAAI,YAAA,GAAe,CAAA,0BAAA,EAA6B,QAAA,CAAS,MAAM,CAAA,uBAAA,CAAA;AAC/D,MAAA,IAAI;AACA,QAAA,MAAM,SAAA,GAAa,MAAM,QAAA,CAAS,IAAA,EAAK;AACvC,QAAA,IAAI,SAAA,EAAW,KAAA,EAAO,YAAA,GAAe,SAAA,CAAU,KAAA;AAAA,aAAA,IACtC,SAAA,EAAW,OAAA,EAAS,YAAA,GAAe,SAAA,CAAU,OAAA;AAAA,MAC1D,CAAA,CAAA,MAAQ;AAAA,MAAE;AACV,MAAA,MAAM,IAAI,MAAM,YAAY,CAAA;AAAA,IAChC;AAAA,EACJ;AACJ;AC1KO,SAAS,SAAS,MAAA,EAAkC;AACvD,EAAA,OAAO,IAAI,SAAS,MAAM,CAAA;AAC9B;AAGO,IAAM,OAAA,GAAU","file":"index.js","sourcesContent":["/**\n * Types for @krutai/auth\n *\n * Pure fetch-based auth client — no local better-auth dependency.\n */\n\n/**\n * Default base URL for the KrutAI server.\n * Used when no serverUrl is provided in the config.\n */\nexport const DEFAULT_SERVER_URL = 'http://localhost:8000' as const;\n\n/**\n * Default path prefix for the auth routes on the server.\n * The server mounts better-auth under this prefix.\n */\nexport const DEFAULT_AUTH_PREFIX = '/lib-auth' as const;\n\n/**\n * Configuration options for KrutAuth\n */\nexport interface KrutAuthConfig {\n    /**\n     * KrutAI API key.\n     * Validated against the server before use.\n     * Optional: defaults to process.env.KRUTAI_API_KEY\n     */\n    apiKey?: string;\n\n    /**\n     * Base URL of your deployed KrutAI server.\n     * @default \"http://localhost:8000\"\n     * @example \"https://krut.ai\"\n     */\n    serverUrl?: string;\n\n    /**\n     * Path prefix for the auth routes on the server.\n     * @default \"/lib-auth\"\n     */\n    authPrefix?: string;\n\n    /**\n     * Whether to validate the API key against the server on initialization.\n     * Set to false to skip the validation round-trip (e.g. in tests).\n     * @default true\n     */\n    validateOnInit?: boolean;\n}\n\n// ---------------------------------------------------------------------------\n// Auth method parameter types\n// ---------------------------------------------------------------------------\n\n/**\n * Parameters for email/password sign-up\n */\nexport interface SignUpEmailParams {\n    /** User email */\n    email: string;\n    /** User password */\n    password: string;\n    /** Display name */\n    name: string;\n}\n\n/**\n * Parameters for email/password sign-in\n */\nexport interface SignInEmailParams {\n    /** User email */\n    email: string;\n    /** User password */\n    password: string;\n}\n\n// ---------------------------------------------------------------------------\n// Auth response types\n// ---------------------------------------------------------------------------\n\n/**\n * A user record returned by the auth server\n */\nexport interface AuthUser {\n    id: string;\n    email: string;\n    name?: string;\n    emailVerified: boolean;\n    createdAt: string;\n    updatedAt: string;\n    [key: string]: unknown;\n}\n\n/**\n * A session record returned by the auth server\n */\nexport interface AuthSessionRecord {\n    id: string;\n    userId: string;\n    token: string;\n    expiresAt: string;\n    [key: string]: unknown;\n}\n\n/**\n * Combined session + user response\n */\nexport interface AuthSession {\n    user: AuthUser;\n    session: AuthSessionRecord;\n}\n\n/**\n * Sign-up / sign-in response (contains token + user)\n */\nexport interface AuthResponse {\n    token: string;\n    user: AuthUser;\n    [key: string]: unknown;\n}\n","import type {\n    KrutAuthConfig,\n    SignUpEmailParams,\n    SignInEmailParams,\n    AuthSession,\n    AuthResponse,\n} from './types';\nimport { DEFAULT_SERVER_URL, DEFAULT_AUTH_PREFIX } from './types';\nimport {\n    validateApiKeyWithService as validateApiKey,\n    validateApiKeyFormat,\n    ApiKeyValidationError as KrutAuthKeyValidationError,\n} from 'krutai';\n\nexport { KrutAuthKeyValidationError };\n\n/**\n * KrutAuth — fetch-based authentication client for KrutAI\n *\n * Calls your deployed server's `/lib-auth` routes for all auth operations.\n * The API key is validated against the server before use.\n *\n * @example\n * ```typescript\n * import { KrutAuth } from '@krutai/auth';\n *\n * const auth = new KrutAuth({\n *   apiKey: process.env.KRUTAI_API_KEY!,\n *   serverUrl: 'https://krut.ai',\n * });\n *\n * await auth.initialize(); // validates key against server\n *\n * // Sign up\n * const { token, user } = await auth.signUpEmail({\n *   email: 'user@example.com',\n *   password: 'secret123',\n *   name: 'Alice',\n * });\n *\n * // Sign in\n * const result = await auth.signInEmail({\n *   email: 'user@example.com',\n *   password: 'secret123',\n * });\n *\n * // Get session\n * const session = await auth.getSession(result.token);\n * ```\n */\nexport class KrutAuth {\n    private readonly apiKey: string;\n    private readonly serverUrl: string;\n    private readonly authPrefix: string;\n    private readonly config: KrutAuthConfig;\n\n    private initialized = false;\n\n    constructor(config: KrutAuthConfig) {\n        this.config = config;\n        this.apiKey = config.apiKey || process.env.KRUTAI_API_KEY || '';\n        this.serverUrl = (config.serverUrl ?? DEFAULT_SERVER_URL).replace(/\\/$/, '');\n        this.authPrefix = (config.authPrefix ?? DEFAULT_AUTH_PREFIX).replace(/\\/$/, '');\n\n        // Basic format check immediately on construction\n        validateApiKeyFormat(this.apiKey);\n\n        // If validation is disabled, mark as ready immediately\n        if (config.validateOnInit === false) {\n            this.initialized = true;\n        }\n    }\n\n    /**\n     * Initialize the auth client.\n     * Validates the API key against the server, then marks client as ready.\n     *\n     * @throws {KrutAuthKeyValidationError} if the key is rejected or the server is unreachable\n     */\n    async initialize(): Promise<void> {\n        if (this.initialized) return;\n\n        if (this.config.validateOnInit !== false) {\n            await validateApiKey(this.apiKey, this.serverUrl);\n        }\n\n        this.initialized = true;\n    }\n\n    /**\n     * Returns whether the client has been initialized.\n     */\n    isInitialized(): boolean {\n        return this.initialized;\n    }\n\n    // ---------------------------------------------------------------------------\n    // Private helpers\n    // ---------------------------------------------------------------------------\n\n    private assertInitialized(): void {\n        if (!this.initialized) {\n            throw new Error(\n                'KrutAuth not initialized. Call initialize() first or set validateOnInit to false.'\n            );\n        }\n    }\n\n    /** Common request headers sent to the server on every auth call. */\n    private authHeaders(): Record<string, string> {\n        return {\n            'Content-Type': 'application/json',\n            Authorization: `Bearer ${this.apiKey}`,\n            'x-api-key': this.apiKey,\n        };\n    }\n\n    /**\n     * Build the full URL for an auth endpoint.\n     * @param path - The better-auth sub-path, e.g. `/api/auth/sign-up/email`\n     */\n    private url(path: string): string {\n        const cleanPath = path.startsWith('/') ? path : `/${path}`;\n        return `${this.serverUrl}${this.authPrefix}${cleanPath}`;\n    }\n\n    // ---------------------------------------------------------------------------\n    // Public Auth Methods\n    // ---------------------------------------------------------------------------\n\n    /**\n     * Generic request helper for any better-auth endpoint.\n     *\n     * Use this to call endpoints not covered by the convenience methods.\n     *\n     * @param method - HTTP method (GET, POST, etc.)\n     * @param path - The better-auth endpoint path (e.g. `/api/auth/sign-up/email`)\n     * @param body - Optional JSON body\n     * @returns The parsed JSON response\n     */\n    async request<T = unknown>(\n        method: string,\n        path: string,\n        body?: Record<string, unknown> | object\n    ): Promise<T> {\n        this.assertInitialized();\n\n        const options: RequestInit = {\n            method,\n            headers: this.authHeaders(),\n        };\n\n        if (body && method !== 'GET') {\n            options.body = JSON.stringify(body);\n        }\n\n        const response = await fetch(this.url(path), options);\n\n        if (!response.ok) {\n            let errorMessage = `Auth server returned HTTP ${response.status} for ${path}`;\n            try {\n                const errorData = (await response.json()) as { message?: string; error?: string };\n                if (errorData?.error) errorMessage = errorData.error;\n                else if (errorData?.message) errorMessage = errorData.message;\n            } catch { }\n            throw new Error(errorMessage);\n        }\n\n        return (await response.json()) as T;\n    }\n\n    /**\n     * Sign up a new user with email and password.\n     *\n     * Calls: POST {serverUrl}/lib-auth/api/auth/sign-up/email\n     *\n     * @param params - Sign-up parameters (email, password, name)\n     * @returns The auth response containing token and user\n     */\n    async signUpEmail(params: SignUpEmailParams): Promise<AuthResponse> {\n        return this.request<AuthResponse>('POST', '/api/auth/sign-up/email', params);\n    }\n\n    /**\n     * Sign in with email and password.\n     *\n     * Calls: POST {serverUrl}/lib-auth/api/auth/sign-in/email\n     *\n     * @param params - Sign-in parameters (email, password)\n     * @returns The auth response containing token and user\n     */\n    async signInEmail(params: SignInEmailParams): Promise<AuthResponse> {\n        return this.request<AuthResponse>('POST', '/api/auth/sign-in/email', params);\n    }\n\n    /**\n     * Get the current session for a user.\n     *\n     * Calls: GET {serverUrl}/lib-auth/api/auth/get-session\n     *\n     * @param sessionToken - The session token (Bearer token from sign-in)\n     * @returns The session containing user and session data\n     */\n    async getSession(sessionToken: string): Promise<AuthSession> {\n        this.assertInitialized();\n\n        const response = await fetch(this.url('/api/auth/get-session'), {\n            method: 'GET',\n            headers: {\n                ...this.authHeaders(),\n                Cookie: `better-auth.session_token=${sessionToken}`,\n            },\n        });\n\n        if (!response.ok) {\n            let errorMessage = `Auth server returned HTTP ${response.status} for /api/auth/get-session`;\n            try {\n                const errorData = (await response.json()) as { message?: string; error?: string };\n                if (errorData?.error) errorMessage = errorData.error;\n                else if (errorData?.message) errorMessage = errorData.message;\n            } catch { }\n            throw new Error(errorMessage);\n        }\n\n        return (await response.json()) as AuthSession;\n    }\n\n    /**\n     * Sign out the current user.\n     *\n     * Calls: POST {serverUrl}/lib-auth/api/auth/sign-out\n     *\n     * @param sessionToken - The session token to invalidate\n     */\n    async signOut(sessionToken: string): Promise<void> {\n        this.assertInitialized();\n\n        const response = await fetch(this.url('/api/auth/sign-out'), {\n            method: 'POST',\n            headers: {\n                ...this.authHeaders(),\n                Cookie: `better-auth.session_token=${sessionToken}`,\n            },\n        });\n\n        if (!response.ok) {\n            let errorMessage = `Auth server returned HTTP ${response.status} for /api/auth/sign-out`;\n            try {\n                const errorData = (await response.json()) as { message?: string; error?: string };\n                if (errorData?.error) errorMessage = errorData.error;\n                else if (errorData?.message) errorMessage = errorData.message;\n            } catch { }\n            throw new Error(errorMessage);\n        }\n    }\n}\n","/**\n * @krutai/auth — Authentication package for KrutAI\n *\n * A fetch-based wrapper that calls your deployed server's `/lib-auth` routes.\n * The user's API key is validated against the server before any auth call is made.\n *\n * @example Basic usage\n * ```typescript\n * import { krutAuth } from '@krutai/auth';\n *\n * const auth = krutAuth({\n *   apiKey: process.env.KRUTAI_API_KEY!,\n *   serverUrl: 'https://krut.ai',\n * });\n *\n * await auth.initialize(); // validates key with server\n *\n * const { token, user } = await auth.signUpEmail({\n *   email: 'user@example.com',\n *   password: 'secret123',\n *   name: 'Alice',\n * });\n * ```\n *\n * @example Sign in\n * ```typescript\n * const auth = krutAuth({\n *   apiKey: process.env.KRUTAI_API_KEY!,\n *   serverUrl: 'https://krut.ai',\n * });\n * await auth.initialize();\n *\n * const { token, user } = await auth.signInEmail({\n *   email: 'user@example.com',\n *   password: 'secret123',\n * });\n * ```\n *\n * @packageDocumentation\n */\n\nimport type { KrutAuthConfig } from './types';\nimport { KrutAuth } from './client';\n\nexport { KrutAuth } from './client';\nexport { KrutAuthKeyValidationError } from './client';\nexport {\n    validateApiKeyWithService as validateApiKey,\n    validateApiKeyFormat,\n} from 'krutai';\nexport type {\n    KrutAuthConfig,\n    SignUpEmailParams,\n    SignInEmailParams,\n    AuthSession,\n    AuthSessionRecord,\n    AuthUser,\n    AuthResponse,\n} from './types';\nexport { DEFAULT_SERVER_URL, DEFAULT_AUTH_PREFIX } from './types';\n\n/**\n * krutAuth — convenience factory.\n *\n * Creates a `KrutAuth` instance configured to call your server's `/lib-auth` routes.\n *\n * @param config - Auth configuration (`apiKey` and `serverUrl` are required)\n * @returns A `KrutAuth` instance — call `.initialize()` before use\n *\n * @example\n * ```typescript\n * import { krutAuth } from '@krutai/auth';\n *\n * const auth = krutAuth({\n *   apiKey: process.env.KRUTAI_API_KEY!,\n *   serverUrl: 'https://krut.ai',\n * });\n *\n * await auth.initialize();\n * const { token, user } = await auth.signInEmail({\n *   email: 'user@example.com',\n *   password: 'secret123',\n * });\n * ```\n */\nexport function krutAuth(config: KrutAuthConfig): KrutAuth {\n    return new KrutAuth(config);\n}\n\n// Package metadata\nexport const VERSION = '0.4.0';\n"]}
+{"version":3,"sources":["../src/types.ts","../src/client.ts","../src/index.ts"],"names":["validateApiKeyFormat","validateApiKey"],"mappings":";;;;;AAUO,IAAM,kBAAA,GAAqB;AAM3B,IAAM,mBAAA,GAAsB;ACkC5B,IAAM,WAAN,MAAe;AAAA,EACD,MAAA;AAAA,EACA,SAAA;AAAA,EACA,UAAA;AAAA,EACA,MAAA;AAAA,EAET,WAAA,GAAc,KAAA;AAAA,EAEtB,YAAY,MAAA,EAAwB;AAChC,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA,CAAO,MAAA,IAAU,OAAA,CAAQ,IAAI,cAAA,IAAkB,EAAA;AAC7D,IAAA,IAAA,CAAK,aAAa,MAAA,CAAO,SAAA,IAAa,kBAAA,EAAoB,OAAA,CAAQ,OAAO,EAAE,CAAA;AAC3E,IAAA,IAAA,CAAK,cAAc,MAAA,CAAO,UAAA,IAAc,mBAAA,EAAqB,OAAA,CAAQ,OAAO,EAAE,CAAA;AAG9E,IAAAA,2BAAA,CAAqB,KAAK,MAAM,CAAA;AAGhC,IAAA,IAAI,MAAA,CAAO,mBAAmB,KAAA,EAAO;AACjC,MAAA,IAAA,CAAK,WAAA,GAAc,IAAA;AAAA,IACvB;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,UAAA,GAA4B;AAC9B,IAAA,IAAI,KAAK,WAAA,EAAa;AAEtB,IAAA,IAAI,IAAA,CAAK,MAAA,CAAO,cAAA,KAAmB,KAAA,EAAO;AACtC,MAAA,MAAMC,qBAAA,CAAe,IAAA,CAAK,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA;AAAA,IACpD;AAEA,IAAA,IAAA,CAAK,WAAA,GAAc,IAAA;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA,EAKA,aAAA,GAAyB;AACrB,IAAA,OAAO,IAAA,CAAK,WAAA;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA,EAMQ,iBAAA,GAA0B;AAC9B,IAAA,IAAI,CAAC,KAAK,WAAA,EAAa;AACnB,MAAA,MAAM,IAAI,KAAA;AAAA,QACN;AAAA,OACJ;AAAA,IACJ;AAAA,EACJ;AAAA;AAAA,EAGQ,WAAA,GAAsC;AAC1C,IAAA,OAAO;AAAA,MACH,cAAA,EAAgB,kBAAA;AAAA,MAChB,aAAA,EAAe,CAAA,OAAA,EAAU,IAAA,CAAK,MAAM,CAAA,CAAA;AAAA,MACpC,aAAa,IAAA,CAAK;AAAA,KACtB;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAMQ,IAAI,IAAA,EAAsB;AAC9B,IAAA,MAAM,YAAY,IAAA,CAAK,UAAA,CAAW,GAAG,CAAA,GAAI,IAAA,GAAO,IAAI,IAAI,CAAA,CAAA;AACxD,IAAA,OAAO,GAAG,IAAA,CAAK,SAAS,GAAG,IAAA,CAAK,UAAU,GAAG,SAAS,CAAA,CAAA;AAAA,EAC1D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,MAAM,OAAA,CACF,MAAA,EACA,IAAA,EACA,IAAA,EACU;AACV,IAAA,IAAA,CAAK,iBAAA,EAAkB;AAEvB,IAAA,MAAM,OAAA,GAAuB;AAAA,MACzB,MAAA;AAAA,MACA,OAAA,EAAS,KAAK,WAAA;AAAY,KAC9B;AAEA,IAAA,IAAI,IAAA,IAAQ,WAAW,KAAA,EAAO;AAC1B,MAAA,OAAA,CAAQ,IAAA,GAAO,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA;AAAA,IACtC;AAEA,IAAA,MAAM,WAAW,MAAM,KAAA,CAAM,KAAK,GAAA,CAAI,IAAI,GAAG,OAAO,CAAA;AAEpD,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACd,MAAA,IAAI,YAAA,GAAe,CAAA,0BAAA,EAA6B,QAAA,CAAS,MAAM,QAAQ,IAAI,CAAA,CAAA;AAC3E,MAAA,IAAI;AACA,QAAA,MAAM,SAAA,GAAa,MAAM,QAAA,CAAS,IAAA,EAAK;AACvC,QAAA,IAAI,SAAA,EAAW,KAAA,EAAO,YAAA,GAAe,SAAA,CAAU,KAAA;AAAA,aAAA,IACtC,SAAA,EAAW,OAAA,EAAS,YAAA,GAAe,SAAA,CAAU,OAAA;AAAA,MAC1D,CAAA,CAAA,MAAQ;AAAA,MAAE;AACV,MAAA,MAAM,IAAI,MAAM,YAAY,CAAA;AAAA,IAChC;AAEA,IAAA,OAAQ,MAAM,SAAS,IAAA,EAAK;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,YAAY,MAAA,EAAkD;AAChE,IAAA,OAAO,IAAA,CAAK,OAAA,CAAsB,MAAA,EAAQ,yBAAA,EAA2B,MAAM,CAAA;AAAA,EAC/E;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,YAAY,MAAA,EAAkD;AAChE,IAAA,OAAO,IAAA,CAAK,OAAA,CAAsB,MAAA,EAAQ,yBAAA,EAA2B,MAAM,CAAA;AAAA,EAC/E;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,WAAW,YAAA,EAA4C;AACzD,IAAA,IAAA,CAAK,iBAAA,EAAkB;AAEvB,IAAA,MAAM,WAAW,MAAM,KAAA,CAAM,IAAA,CAAK,GAAA,CAAI,uBAAuB,CAAA,EAAG;AAAA,MAC5D,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACL,GAAG,KAAK,WAAA,EAAY;AAAA,QACpB,MAAA,EAAQ,6BAA6B,YAAY,CAAA;AAAA;AACrD,KACH,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACd,MAAA,IAAI,YAAA,GAAe,CAAA,0BAAA,EAA6B,QAAA,CAAS,MAAM,CAAA,0BAAA,CAAA;AAC/D,MAAA,IAAI;AACA,QAAA,MAAM,SAAA,GAAa,MAAM,QAAA,CAAS,IAAA,EAAK;AACvC,QAAA,IAAI,SAAA,EAAW,KAAA,EAAO,YAAA,GAAe,SAAA,CAAU,KAAA;AAAA,aAAA,IACtC,SAAA,EAAW,OAAA,EAAS,YAAA,GAAe,SAAA,CAAU,OAAA;AAAA,MAC1D,CAAA,CAAA,MAAQ;AAAA,MAAE;AACV,MAAA,MAAM,IAAI,MAAM,YAAY,CAAA;AAAA,IAChC;AAEA,IAAA,OAAQ,MAAM,SAAS,IAAA,EAAK;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,QAAQ,YAAA,EAAqC;AAC/C,IAAA,IAAA,CAAK,iBAAA,EAAkB;AAEvB,IAAA,MAAM,WAAW,MAAM,KAAA,CAAM,IAAA,CAAK,GAAA,CAAI,oBAAoB,CAAA,EAAG;AAAA,MACzD,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACL,GAAG,KAAK,WAAA,EAAY;AAAA,QACpB,MAAA,EAAQ,6BAA6B,YAAY,CAAA;AAAA;AACrD,KACH,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACd,MAAA,IAAI,YAAA,GAAe,CAAA,0BAAA,EAA6B,QAAA,CAAS,MAAM,CAAA,uBAAA,CAAA;AAC/D,MAAA,IAAI;AACA,QAAA,MAAM,SAAA,GAAa,MAAM,QAAA,CAAS,IAAA,EAAK;AACvC,QAAA,IAAI,SAAA,EAAW,KAAA,EAAO,YAAA,GAAe,SAAA,CAAU,KAAA;AAAA,aAAA,IACtC,SAAA,EAAW,OAAA,EAAS,YAAA,GAAe,SAAA,CAAU,OAAA;AAAA,MAC1D,CAAA,CAAA,MAAQ;AAAA,MAAE;AACV,MAAA,MAAM,IAAI,MAAM,YAAY,CAAA;AAAA,IAChC;AAAA,EACJ;AACJ;AC1KO,SAAS,SAAS,MAAA,EAAkC;AACvD,EAAA,OAAO,IAAI,SAAS,MAAM,CAAA;AAC9B;AAGO,IAAM,OAAA,GAAU","file":"index.js","sourcesContent":["/**\n * Types for @krutai/auth\n *\n * Pure fetch-based auth client — no local better-auth dependency.\n */\n\n/**\n * Default base URL for the KrutAI server.\n * Used when no serverUrl is provided in the config.\n */\nexport const DEFAULT_SERVER_URL = 'http://localhost:8000' as const;\n\n/**\n * Default path prefix for the auth routes on the server.\n * The server mounts better-auth under this prefix.\n */\nexport const DEFAULT_AUTH_PREFIX = '/lib-auth' as const;\n\n/**\n * Configuration options for KrutAuth\n */\nexport interface KrutAuthConfig {\n    /**\n     * KrutAI API key.\n     * Validated against the server before use.\n     * Optional: defaults to process.env.KRUTAI_API_KEY\n     */\n    apiKey?: string;\n\n    /**\n     * Base URL of your deployed KrutAI server.\n     * @default \"http://localhost:8000\"\n     * @example \"https://krut.ai\"\n     */\n    serverUrl?: string;\n\n    /**\n     * Path prefix for the auth routes on the server.\n     * @default \"/lib-auth\"\n     */\n    authPrefix?: string;\n\n    /**\n     * Whether to validate the API key against the server on initialization.\n     * Set to false to skip the validation round-trip (e.g. in tests).\n     * @default true\n     */\n    validateOnInit?: boolean;\n}\n\n// ---------------------------------------------------------------------------\n// Auth method parameter types\n// ---------------------------------------------------------------------------\n\n/**\n * Parameters for email/password sign-up\n */\nexport interface SignUpEmailParams {\n    /** User email */\n    email: string;\n    /** User password */\n    password: string;\n    /** Display name */\n    name: string;\n}\n\n/**\n * Parameters for email/password sign-in\n */\nexport interface SignInEmailParams {\n    /** User email */\n    email: string;\n    /** User password */\n    password: string;\n}\n\n// ---------------------------------------------------------------------------\n// Auth response types\n// ---------------------------------------------------------------------------\n\n/**\n * A user record returned by the auth server\n */\nexport interface AuthUser {\n    id: string;\n    email: string;\n    name?: string;\n    emailVerified: boolean;\n    createdAt: string;\n    updatedAt: string;\n    [key: string]: unknown;\n}\n\n/**\n * A session record returned by the auth server\n */\nexport interface AuthSessionRecord {\n    id: string;\n    userId: string;\n    token: string;\n    expiresAt: string;\n    [key: string]: unknown;\n}\n\n/**\n * Combined session + user response\n */\nexport interface AuthSession {\n    user: AuthUser;\n    session: AuthSessionRecord;\n}\n\n/**\n * Sign-up / sign-in response (contains token + user)\n */\nexport interface AuthResponse {\n    token: string;\n    user: AuthUser;\n    [key: string]: unknown;\n}\n","import type {\n    KrutAuthConfig,\n    SignUpEmailParams,\n    SignInEmailParams,\n    AuthSession,\n    AuthResponse,\n} from './types';\nimport { DEFAULT_SERVER_URL, DEFAULT_AUTH_PREFIX } from './types';\nimport {\n    validateApiKey,\n    validateApiKeyFormat,\n    KrutAIKeyValidationError,\n} from 'krutai';\n\nexport { KrutAIKeyValidationError };\n\n/**\n * KrutAuth — fetch-based authentication client for KrutAI\n *\n * Calls your deployed server's `/lib-auth` routes for all auth operations.\n * The API key is validated against the server before use.\n *\n * @example\n * ```typescript\n * import { KrutAuth } from '@krutai/auth';\n *\n * const auth = new KrutAuth({\n *   apiKey: process.env.KRUTAI_API_KEY!,\n *   serverUrl: 'https://krut.ai',\n * });\n *\n * await auth.initialize(); // validates key against server\n *\n * // Sign up\n * const { token, user } = await auth.signUpEmail({\n *   email: 'user@example.com',\n *   password: 'secret123',\n *   name: 'Alice',\n * });\n *\n * // Sign in\n * const result = await auth.signInEmail({\n *   email: 'user@example.com',\n *   password: 'secret123',\n * });\n *\n * // Get session\n * const session = await auth.getSession(result.token);\n * ```\n */\nexport class KrutAuth {\n    private readonly apiKey: string;\n    private readonly serverUrl: string;\n    private readonly authPrefix: string;\n    private readonly config: KrutAuthConfig;\n\n    private initialized = false;\n\n    constructor(config: KrutAuthConfig) {\n        this.config = config;\n        this.apiKey = config.apiKey || process.env.KRUTAI_API_KEY || '';\n        this.serverUrl = (config.serverUrl ?? DEFAULT_SERVER_URL).replace(/\\/$/, '');\n        this.authPrefix = (config.authPrefix ?? DEFAULT_AUTH_PREFIX).replace(/\\/$/, '');\n\n        // Basic format check immediately on construction\n        validateApiKeyFormat(this.apiKey);\n\n        // If validation is disabled, mark as ready immediately\n        if (config.validateOnInit === false) {\n            this.initialized = true;\n        }\n    }\n\n    /**\n     * Initialize the auth client.\n     * Validates the API key against the server, then marks client as ready.\n     *\n     * @throws {KrutAuthKeyValidationError} if the key is rejected or the server is unreachable\n     */\n    async initialize(): Promise<void> {\n        if (this.initialized) return;\n\n        if (this.config.validateOnInit !== false) {\n            await validateApiKey(this.apiKey, this.serverUrl);\n        }\n\n        this.initialized = true;\n    }\n\n    /**\n     * Returns whether the client has been initialized.\n     */\n    isInitialized(): boolean {\n        return this.initialized;\n    }\n\n    // ---------------------------------------------------------------------------\n    // Private helpers\n    // ---------------------------------------------------------------------------\n\n    private assertInitialized(): void {\n        if (!this.initialized) {\n            throw new Error(\n                'KrutAuth not initialized. Call initialize() first or set validateOnInit to false.'\n            );\n        }\n    }\n\n    /** Common request headers sent to the server on every auth call. */\n    private authHeaders(): Record<string, string> {\n        return {\n            'Content-Type': 'application/json',\n            Authorization: `Bearer ${this.apiKey}`,\n            'x-api-key': this.apiKey,\n        };\n    }\n\n    /**\n     * Build the full URL for an auth endpoint.\n     * @param path - The better-auth sub-path, e.g. `/api/auth/sign-up/email`\n     */\n    private url(path: string): string {\n        const cleanPath = path.startsWith('/') ? path : `/${path}`;\n        return `${this.serverUrl}${this.authPrefix}${cleanPath}`;\n    }\n\n    // ---------------------------------------------------------------------------\n    // Public Auth Methods\n    // ---------------------------------------------------------------------------\n\n    /**\n     * Generic request helper for any better-auth endpoint.\n     *\n     * Use this to call endpoints not covered by the convenience methods.\n     *\n     * @param method - HTTP method (GET, POST, etc.)\n     * @param path - The better-auth endpoint path (e.g. `/api/auth/sign-up/email`)\n     * @param body - Optional JSON body\n     * @returns The parsed JSON response\n     */\n    async request<T = unknown>(\n        method: string,\n        path: string,\n        body?: Record<string, unknown> | object\n    ): Promise<T> {\n        this.assertInitialized();\n\n        const options: RequestInit = {\n            method,\n            headers: this.authHeaders(),\n        };\n\n        if (body && method !== 'GET') {\n            options.body = JSON.stringify(body);\n        }\n\n        const response = await fetch(this.url(path), options);\n\n        if (!response.ok) {\n            let errorMessage = `Auth server returned HTTP ${response.status} for ${path}`;\n            try {\n                const errorData = (await response.json()) as { message?: string; error?: string };\n                if (errorData?.error) errorMessage = errorData.error;\n                else if (errorData?.message) errorMessage = errorData.message;\n            } catch { }\n            throw new Error(errorMessage);\n        }\n\n        return (await response.json()) as T;\n    }\n\n    /**\n     * Sign up a new user with email and password.\n     *\n     * Calls: POST {serverUrl}/lib-auth/api/auth/sign-up/email\n     *\n     * @param params - Sign-up parameters (email, password, name)\n     * @returns The auth response containing token and user\n     */\n    async signUpEmail(params: SignUpEmailParams): Promise<AuthResponse> {\n        return this.request<AuthResponse>('POST', '/api/auth/sign-up/email', params);\n    }\n\n    /**\n     * Sign in with email and password.\n     *\n     * Calls: POST {serverUrl}/lib-auth/api/auth/sign-in/email\n     *\n     * @param params - Sign-in parameters (email, password)\n     * @returns The auth response containing token and user\n     */\n    async signInEmail(params: SignInEmailParams): Promise<AuthResponse> {\n        return this.request<AuthResponse>('POST', '/api/auth/sign-in/email', params);\n    }\n\n    /**\n     * Get the current session for a user.\n     *\n     * Calls: GET {serverUrl}/lib-auth/api/auth/get-session\n     *\n     * @param sessionToken - The session token (Bearer token from sign-in)\n     * @returns The session containing user and session data\n     */\n    async getSession(sessionToken: string): Promise<AuthSession> {\n        this.assertInitialized();\n\n        const response = await fetch(this.url('/api/auth/get-session'), {\n            method: 'GET',\n            headers: {\n                ...this.authHeaders(),\n                Cookie: `better-auth.session_token=${sessionToken}`,\n            },\n        });\n\n        if (!response.ok) {\n            let errorMessage = `Auth server returned HTTP ${response.status} for /api/auth/get-session`;\n            try {\n                const errorData = (await response.json()) as { message?: string; error?: string };\n                if (errorData?.error) errorMessage = errorData.error;\n                else if (errorData?.message) errorMessage = errorData.message;\n            } catch { }\n            throw new Error(errorMessage);\n        }\n\n        return (await response.json()) as AuthSession;\n    }\n\n    /**\n     * Sign out the current user.\n     *\n     * Calls: POST {serverUrl}/lib-auth/api/auth/sign-out\n     *\n     * @param sessionToken - The session token to invalidate\n     */\n    async signOut(sessionToken: string): Promise<void> {\n        this.assertInitialized();\n\n        const response = await fetch(this.url('/api/auth/sign-out'), {\n            method: 'POST',\n            headers: {\n                ...this.authHeaders(),\n                Cookie: `better-auth.session_token=${sessionToken}`,\n            },\n        });\n\n        if (!response.ok) {\n            let errorMessage = `Auth server returned HTTP ${response.status} for /api/auth/sign-out`;\n            try {\n                const errorData = (await response.json()) as { message?: string; error?: string };\n                if (errorData?.error) errorMessage = errorData.error;\n                else if (errorData?.message) errorMessage = errorData.message;\n            } catch { }\n            throw new Error(errorMessage);\n        }\n    }\n}\n","/**\n * @krutai/auth — Authentication package for KrutAI\n *\n * A fetch-based wrapper that calls your deployed server's `/lib-auth` routes.\n * The user's API key is validated against the server before any auth call is made.\n *\n * @example Basic usage\n * ```typescript\n * import { krutAuth } from '@krutai/auth';\n *\n * const auth = krutAuth({\n *   apiKey: process.env.KRUTAI_API_KEY!,\n *   serverUrl: 'https://krut.ai',\n * });\n *\n * await auth.initialize(); // validates key with server\n *\n * const { token, user } = await auth.signUpEmail({\n *   email: 'user@example.com',\n *   password: 'secret123',\n *   name: 'Alice',\n * });\n * ```\n *\n * @example Sign in\n * ```typescript\n * const auth = krutAuth({\n *   apiKey: process.env.KRUTAI_API_KEY!,\n *   serverUrl: 'https://krut.ai',\n * });\n * await auth.initialize();\n *\n * const { token, user } = await auth.signInEmail({\n *   email: 'user@example.com',\n *   password: 'secret123',\n * });\n * ```\n *\n * @packageDocumentation\n */\n\nimport type { KrutAuthConfig } from './types';\nimport { KrutAuth } from './client';\n\nexport { KrutAuth } from './client';\nexport { KrutAIKeyValidationError } from './client';\nexport {\n    validateApiKey,\n    validateApiKeyFormat,\n} from 'krutai';\nexport type {\n    KrutAuthConfig,\n    SignUpEmailParams,\n    SignInEmailParams,\n    AuthSession,\n    AuthSessionRecord,\n    AuthUser,\n    AuthResponse,\n} from './types';\nexport { DEFAULT_SERVER_URL, DEFAULT_AUTH_PREFIX } from './types';\n\n/**\n * krutAuth — convenience factory.\n *\n * Creates a `KrutAuth` instance configured to call your server's `/lib-auth` routes.\n *\n * @param config - Auth configuration (`apiKey` and `serverUrl` are required)\n * @returns A `KrutAuth` instance — call `.initialize()` before use\n *\n * @example\n * ```typescript\n * import { krutAuth } from '@krutai/auth';\n *\n * const auth = krutAuth({\n *   apiKey: process.env.KRUTAI_API_KEY!,\n *   serverUrl: 'https://krut.ai',\n * });\n *\n * await auth.initialize();\n * const { token, user } = await auth.signInEmail({\n *   email: 'user@example.com',\n *   password: 'secret123',\n * });\n * ```\n */\nexport function krutAuth(config: KrutAuthConfig): KrutAuth {\n    return new KrutAuth(config);\n}\n\n// Package metadata\nexport const VERSION = '0.4.0';\n"]}

package/dist/index.mjs

@@ -1,5 +1,5 @@
-import { validateApiKeyFormat, validateApiKeyWithService } from 'krutai';
-export { ApiKeyValidationError as KrutAuthKeyValidationError, validateApiKeyWithService as validateApiKey, validateApiKeyFormat } from 'krutai';
+import { validateApiKeyFormat, validateApiKey } from 'krutai';
+export { KrutAIKeyValidationError, validateApiKey, validateApiKeyFormat } from 'krutai';
 
 // src/types.ts
 var DEFAULT_SERVER_URL = "http://localhost:8000";
@@ -29,7 +29,7 @@ var KrutAuth = class {
   async initialize() {
     if (this.initialized) return;
     if (this.config.validateOnInit !== false) {
-      await validateApiKeyWithService(this.apiKey, this.serverUrl);
+      await validateApiKey(this.apiKey, this.serverUrl);
     }
     this.initialized = true;
   }

package/dist/index.mjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/types.ts","../src/client.ts","../src/index.ts"],"names":["validateApiKey"],"mappings":";;;;AAUO,IAAM,kBAAA,GAAqB;AAM3B,IAAM,mBAAA,GAAsB;ACkC5B,IAAM,WAAN,MAAe;AAAA,EACD,MAAA;AAAA,EACA,SAAA;AAAA,EACA,UAAA;AAAA,EACA,MAAA;AAAA,EAET,WAAA,GAAc,KAAA;AAAA,EAEtB,YAAY,MAAA,EAAwB;AAChC,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA,CAAO,MAAA,IAAU,OAAA,CAAQ,IAAI,cAAA,IAAkB,EAAA;AAC7D,IAAA,IAAA,CAAK,aAAa,MAAA,CAAO,SAAA,IAAa,kBAAA,EAAoB,OAAA,CAAQ,OAAO,EAAE,CAAA;AAC3E,IAAA,IAAA,CAAK,cAAc,MAAA,CAAO,UAAA,IAAc,mBAAA,EAAqB,OAAA,CAAQ,OAAO,EAAE,CAAA;AAG9E,IAAA,oBAAA,CAAqB,KAAK,MAAM,CAAA;AAGhC,IAAA,IAAI,MAAA,CAAO,mBAAmB,KAAA,EAAO;AACjC,MAAA,IAAA,CAAK,WAAA,GAAc,IAAA;AAAA,IACvB;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,UAAA,GAA4B;AAC9B,IAAA,IAAI,KAAK,WAAA,EAAa;AAEtB,IAAA,IAAI,IAAA,CAAK,MAAA,CAAO,cAAA,KAAmB,KAAA,EAAO;AACtC,MAAA,MAAMA,yBAAA,CAAe,IAAA,CAAK,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA;AAAA,IACpD;AAEA,IAAA,IAAA,CAAK,WAAA,GAAc,IAAA;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA,EAKA,aAAA,GAAyB;AACrB,IAAA,OAAO,IAAA,CAAK,WAAA;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA,EAMQ,iBAAA,GAA0B;AAC9B,IAAA,IAAI,CAAC,KAAK,WAAA,EAAa;AACnB,MAAA,MAAM,IAAI,KAAA;AAAA,QACN;AAAA,OACJ;AAAA,IACJ;AAAA,EACJ;AAAA;AAAA,EAGQ,WAAA,GAAsC;AAC1C,IAAA,OAAO;AAAA,MACH,cAAA,EAAgB,kBAAA;AAAA,MAChB,aAAA,EAAe,CAAA,OAAA,EAAU,IAAA,CAAK,MAAM,CAAA,CAAA;AAAA,MACpC,aAAa,IAAA,CAAK;AAAA,KACtB;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAMQ,IAAI,IAAA,EAAsB;AAC9B,IAAA,MAAM,YAAY,IAAA,CAAK,UAAA,CAAW,GAAG,CAAA,GAAI,IAAA,GAAO,IAAI,IAAI,CAAA,CAAA;AACxD,IAAA,OAAO,GAAG,IAAA,CAAK,SAAS,GAAG,IAAA,CAAK,UAAU,GAAG,SAAS,CAAA,CAAA;AAAA,EAC1D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,MAAM,OAAA,CACF,MAAA,EACA,IAAA,EACA,IAAA,EACU;AACV,IAAA,IAAA,CAAK,iBAAA,EAAkB;AAEvB,IAAA,MAAM,OAAA,GAAuB;AAAA,MACzB,MAAA;AAAA,MACA,OAAA,EAAS,KAAK,WAAA;AAAY,KAC9B;AAEA,IAAA,IAAI,IAAA,IAAQ,WAAW,KAAA,EAAO;AAC1B,MAAA,OAAA,CAAQ,IAAA,GAAO,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA;AAAA,IACtC;AAEA,IAAA,MAAM,WAAW,MAAM,KAAA,CAAM,KAAK,GAAA,CAAI,IAAI,GAAG,OAAO,CAAA;AAEpD,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACd,MAAA,IAAI,YAAA,GAAe,CAAA,0BAAA,EAA6B,QAAA,CAAS,MAAM,QAAQ,IAAI,CAAA,CAAA;AAC3E,MAAA,IAAI;AACA,QAAA,MAAM,SAAA,GAAa,MAAM,QAAA,CAAS,IAAA,EAAK;AACvC,QAAA,IAAI,SAAA,EAAW,KAAA,EAAO,YAAA,GAAe,SAAA,CAAU,KAAA;AAAA,aAAA,IACtC,SAAA,EAAW,OAAA,EAAS,YAAA,GAAe,SAAA,CAAU,OAAA;AAAA,MAC1D,CAAA,CAAA,MAAQ;AAAA,MAAE;AACV,MAAA,MAAM,IAAI,MAAM,YAAY,CAAA;AAAA,IAChC;AAEA,IAAA,OAAQ,MAAM,SAAS,IAAA,EAAK;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,YAAY,MAAA,EAAkD;AAChE,IAAA,OAAO,IAAA,CAAK,OAAA,CAAsB,MAAA,EAAQ,yBAAA,EAA2B,MAAM,CAAA;AAAA,EAC/E;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,YAAY,MAAA,EAAkD;AAChE,IAAA,OAAO,IAAA,CAAK,OAAA,CAAsB,MAAA,EAAQ,yBAAA,EAA2B,MAAM,CAAA;AAAA,EAC/E;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,WAAW,YAAA,EAA4C;AACzD,IAAA,IAAA,CAAK,iBAAA,EAAkB;AAEvB,IAAA,MAAM,WAAW,MAAM,KAAA,CAAM,IAAA,CAAK,GAAA,CAAI,uBAAuB,CAAA,EAAG;AAAA,MAC5D,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACL,GAAG,KAAK,WAAA,EAAY;AAAA,QACpB,MAAA,EAAQ,6BAA6B,YAAY,CAAA;AAAA;AACrD,KACH,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACd,MAAA,IAAI,YAAA,GAAe,CAAA,0BAAA,EAA6B,QAAA,CAAS,MAAM,CAAA,0BAAA,CAAA;AAC/D,MAAA,IAAI;AACA,QAAA,MAAM,SAAA,GAAa,MAAM,QAAA,CAAS,IAAA,EAAK;AACvC,QAAA,IAAI,SAAA,EAAW,KAAA,EAAO,YAAA,GAAe,SAAA,CAAU,KAAA;AAAA,aAAA,IACtC,SAAA,EAAW,OAAA,EAAS,YAAA,GAAe,SAAA,CAAU,OAAA;AAAA,MAC1D,CAAA,CAAA,MAAQ;AAAA,MAAE;AACV,MAAA,MAAM,IAAI,MAAM,YAAY,CAAA;AAAA,IAChC;AAEA,IAAA,OAAQ,MAAM,SAAS,IAAA,EAAK;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,QAAQ,YAAA,EAAqC;AAC/C,IAAA,IAAA,CAAK,iBAAA,EAAkB;AAEvB,IAAA,MAAM,WAAW,MAAM,KAAA,CAAM,IAAA,CAAK,GAAA,CAAI,oBAAoB,CAAA,EAAG;AAAA,MACzD,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACL,GAAG,KAAK,WAAA,EAAY;AAAA,QACpB,MAAA,EAAQ,6BAA6B,YAAY,CAAA;AAAA;AACrD,KACH,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACd,MAAA,IAAI,YAAA,GAAe,CAAA,0BAAA,EAA6B,QAAA,CAAS,MAAM,CAAA,uBAAA,CAAA;AAC/D,MAAA,IAAI;AACA,QAAA,MAAM,SAAA,GAAa,MAAM,QAAA,CAAS,IAAA,EAAK;AACvC,QAAA,IAAI,SAAA,EAAW,KAAA,EAAO,YAAA,GAAe,SAAA,CAAU,KAAA;AAAA,aAAA,IACtC,SAAA,EAAW,OAAA,EAAS,YAAA,GAAe,SAAA,CAAU,OAAA;AAAA,MAC1D,CAAA,CAAA,MAAQ;AAAA,MAAE;AACV,MAAA,MAAM,IAAI,MAAM,YAAY,CAAA;AAAA,IAChC;AAAA,EACJ;AACJ;AC1KO,SAAS,SAAS,MAAA,EAAkC;AACvD,EAAA,OAAO,IAAI,SAAS,MAAM,CAAA;AAC9B;AAGO,IAAM,OAAA,GAAU","file":"index.mjs","sourcesContent":["/**\n * Types for @krutai/auth\n *\n * Pure fetch-based auth client — no local better-auth dependency.\n */\n\n/**\n * Default base URL for the KrutAI server.\n * Used when no serverUrl is provided in the config.\n */\nexport const DEFAULT_SERVER_URL = 'http://localhost:8000' as const;\n\n/**\n * Default path prefix for the auth routes on the server.\n * The server mounts better-auth under this prefix.\n */\nexport const DEFAULT_AUTH_PREFIX = '/lib-auth' as const;\n\n/**\n * Configuration options for KrutAuth\n */\nexport interface KrutAuthConfig {\n    /**\n     * KrutAI API key.\n     * Validated against the server before use.\n     * Optional: defaults to process.env.KRUTAI_API_KEY\n     */\n    apiKey?: string;\n\n    /**\n     * Base URL of your deployed KrutAI server.\n     * @default \"http://localhost:8000\"\n     * @example \"https://krut.ai\"\n     */\n    serverUrl?: string;\n\n    /**\n     * Path prefix for the auth routes on the server.\n     * @default \"/lib-auth\"\n     */\n    authPrefix?: string;\n\n    /**\n     * Whether to validate the API key against the server on initialization.\n     * Set to false to skip the validation round-trip (e.g. in tests).\n     * @default true\n     */\n    validateOnInit?: boolean;\n}\n\n// ---------------------------------------------------------------------------\n// Auth method parameter types\n// ---------------------------------------------------------------------------\n\n/**\n * Parameters for email/password sign-up\n */\nexport interface SignUpEmailParams {\n    /** User email */\n    email: string;\n    /** User password */\n    password: string;\n    /** Display name */\n    name: string;\n}\n\n/**\n * Parameters for email/password sign-in\n */\nexport interface SignInEmailParams {\n    /** User email */\n    email: string;\n    /** User password */\n    password: string;\n}\n\n// ---------------------------------------------------------------------------\n// Auth response types\n// ---------------------------------------------------------------------------\n\n/**\n * A user record returned by the auth server\n */\nexport interface AuthUser {\n    id: string;\n    email: string;\n    name?: string;\n    emailVerified: boolean;\n    createdAt: string;\n    updatedAt: string;\n    [key: string]: unknown;\n}\n\n/**\n * A session record returned by the auth server\n */\nexport interface AuthSessionRecord {\n    id: string;\n    userId: string;\n    token: string;\n    expiresAt: string;\n    [key: string]: unknown;\n}\n\n/**\n * Combined session + user response\n */\nexport interface AuthSession {\n    user: AuthUser;\n    session: AuthSessionRecord;\n}\n\n/**\n * Sign-up / sign-in response (contains token + user)\n */\nexport interface AuthResponse {\n    token: string;\n    user: AuthUser;\n    [key: string]: unknown;\n}\n","import type {\n    KrutAuthConfig,\n    SignUpEmailParams,\n    SignInEmailParams,\n    AuthSession,\n    AuthResponse,\n} from './types';\nimport { DEFAULT_SERVER_URL, DEFAULT_AUTH_PREFIX } from './types';\nimport {\n    validateApiKeyWithService as validateApiKey,\n    validateApiKeyFormat,\n    ApiKeyValidationError as KrutAuthKeyValidationError,\n} from 'krutai';\n\nexport { KrutAuthKeyValidationError };\n\n/**\n * KrutAuth — fetch-based authentication client for KrutAI\n *\n * Calls your deployed server's `/lib-auth` routes for all auth operations.\n * The API key is validated against the server before use.\n *\n * @example\n * ```typescript\n * import { KrutAuth } from '@krutai/auth';\n *\n * const auth = new KrutAuth({\n *   apiKey: process.env.KRUTAI_API_KEY!,\n *   serverUrl: 'https://krut.ai',\n * });\n *\n * await auth.initialize(); // validates key against server\n *\n * // Sign up\n * const { token, user } = await auth.signUpEmail({\n *   email: 'user@example.com',\n *   password: 'secret123',\n *   name: 'Alice',\n * });\n *\n * // Sign in\n * const result = await auth.signInEmail({\n *   email: 'user@example.com',\n *   password: 'secret123',\n * });\n *\n * // Get session\n * const session = await auth.getSession(result.token);\n * ```\n */\nexport class KrutAuth {\n    private readonly apiKey: string;\n    private readonly serverUrl: string;\n    private readonly authPrefix: string;\n    private readonly config: KrutAuthConfig;\n\n    private initialized = false;\n\n    constructor(config: KrutAuthConfig) {\n        this.config = config;\n        this.apiKey = config.apiKey || process.env.KRUTAI_API_KEY || '';\n        this.serverUrl = (config.serverUrl ?? DEFAULT_SERVER_URL).replace(/\\/$/, '');\n        this.authPrefix = (config.authPrefix ?? DEFAULT_AUTH_PREFIX).replace(/\\/$/, '');\n\n        // Basic format check immediately on construction\n        validateApiKeyFormat(this.apiKey);\n\n        // If validation is disabled, mark as ready immediately\n        if (config.validateOnInit === false) {\n            this.initialized = true;\n        }\n    }\n\n    /**\n     * Initialize the auth client.\n     * Validates the API key against the server, then marks client as ready.\n     *\n     * @throws {KrutAuthKeyValidationError} if the key is rejected or the server is unreachable\n     */\n    async initialize(): Promise<void> {\n        if (this.initialized) return;\n\n        if (this.config.validateOnInit !== false) {\n            await validateApiKey(this.apiKey, this.serverUrl);\n        }\n\n        this.initialized = true;\n    }\n\n    /**\n     * Returns whether the client has been initialized.\n     */\n    isInitialized(): boolean {\n        return this.initialized;\n    }\n\n    // ---------------------------------------------------------------------------\n    // Private helpers\n    // ---------------------------------------------------------------------------\n\n    private assertInitialized(): void {\n        if (!this.initialized) {\n            throw new Error(\n                'KrutAuth not initialized. Call initialize() first or set validateOnInit to false.'\n            );\n        }\n    }\n\n    /** Common request headers sent to the server on every auth call. */\n    private authHeaders(): Record<string, string> {\n        return {\n            'Content-Type': 'application/json',\n            Authorization: `Bearer ${this.apiKey}`,\n            'x-api-key': this.apiKey,\n        };\n    }\n\n    /**\n     * Build the full URL for an auth endpoint.\n     * @param path - The better-auth sub-path, e.g. `/api/auth/sign-up/email`\n     */\n    private url(path: string): string {\n        const cleanPath = path.startsWith('/') ? path : `/${path}`;\n        return `${this.serverUrl}${this.authPrefix}${cleanPath}`;\n    }\n\n    // ---------------------------------------------------------------------------\n    // Public Auth Methods\n    // ---------------------------------------------------------------------------\n\n    /**\n     * Generic request helper for any better-auth endpoint.\n     *\n     * Use this to call endpoints not covered by the convenience methods.\n     *\n     * @param method - HTTP method (GET, POST, etc.)\n     * @param path - The better-auth endpoint path (e.g. `/api/auth/sign-up/email`)\n     * @param body - Optional JSON body\n     * @returns The parsed JSON response\n     */\n    async request<T = unknown>(\n        method: string,\n        path: string,\n        body?: Record<string, unknown> | object\n    ): Promise<T> {\n        this.assertInitialized();\n\n        const options: RequestInit = {\n            method,\n            headers: this.authHeaders(),\n        };\n\n        if (body && method !== 'GET') {\n            options.body = JSON.stringify(body);\n        }\n\n        const response = await fetch(this.url(path), options);\n\n        if (!response.ok) {\n            let errorMessage = `Auth server returned HTTP ${response.status} for ${path}`;\n            try {\n                const errorData = (await response.json()) as { message?: string; error?: string };\n                if (errorData?.error) errorMessage = errorData.error;\n                else if (errorData?.message) errorMessage = errorData.message;\n            } catch { }\n            throw new Error(errorMessage);\n        }\n\n        return (await response.json()) as T;\n    }\n\n    /**\n     * Sign up a new user with email and password.\n     *\n     * Calls: POST {serverUrl}/lib-auth/api/auth/sign-up/email\n     *\n     * @param params - Sign-up parameters (email, password, name)\n     * @returns The auth response containing token and user\n     */\n    async signUpEmail(params: SignUpEmailParams): Promise<AuthResponse> {\n        return this.request<AuthResponse>('POST', '/api/auth/sign-up/email', params);\n    }\n\n    /**\n     * Sign in with email and password.\n     *\n     * Calls: POST {serverUrl}/lib-auth/api/auth/sign-in/email\n     *\n     * @param params - Sign-in parameters (email, password)\n     * @returns The auth response containing token and user\n     */\n    async signInEmail(params: SignInEmailParams): Promise<AuthResponse> {\n        return this.request<AuthResponse>('POST', '/api/auth/sign-in/email', params);\n    }\n\n    /**\n     * Get the current session for a user.\n     *\n     * Calls: GET {serverUrl}/lib-auth/api/auth/get-session\n     *\n     * @param sessionToken - The session token (Bearer token from sign-in)\n     * @returns The session containing user and session data\n     */\n    async getSession(sessionToken: string): Promise<AuthSession> {\n        this.assertInitialized();\n\n        const response = await fetch(this.url('/api/auth/get-session'), {\n            method: 'GET',\n            headers: {\n                ...this.authHeaders(),\n                Cookie: `better-auth.session_token=${sessionToken}`,\n            },\n        });\n\n        if (!response.ok) {\n            let errorMessage = `Auth server returned HTTP ${response.status} for /api/auth/get-session`;\n            try {\n                const errorData = (await response.json()) as { message?: string; error?: string };\n                if (errorData?.error) errorMessage = errorData.error;\n                else if (errorData?.message) errorMessage = errorData.message;\n            } catch { }\n            throw new Error(errorMessage);\n        }\n\n        return (await response.json()) as AuthSession;\n    }\n\n    /**\n     * Sign out the current user.\n     *\n     * Calls: POST {serverUrl}/lib-auth/api/auth/sign-out\n     *\n     * @param sessionToken - The session token to invalidate\n     */\n    async signOut(sessionToken: string): Promise<void> {\n        this.assertInitialized();\n\n        const response = await fetch(this.url('/api/auth/sign-out'), {\n            method: 'POST',\n            headers: {\n                ...this.authHeaders(),\n                Cookie: `better-auth.session_token=${sessionToken}`,\n            },\n        });\n\n        if (!response.ok) {\n            let errorMessage = `Auth server returned HTTP ${response.status} for /api/auth/sign-out`;\n            try {\n                const errorData = (await response.json()) as { message?: string; error?: string };\n                if (errorData?.error) errorMessage = errorData.error;\n                else if (errorData?.message) errorMessage = errorData.message;\n            } catch { }\n            throw new Error(errorMessage);\n        }\n    }\n}\n","/**\n * @krutai/auth — Authentication package for KrutAI\n *\n * A fetch-based wrapper that calls your deployed server's `/lib-auth` routes.\n * The user's API key is validated against the server before any auth call is made.\n *\n * @example Basic usage\n * ```typescript\n * import { krutAuth } from '@krutai/auth';\n *\n * const auth = krutAuth({\n *   apiKey: process.env.KRUTAI_API_KEY!,\n *   serverUrl: 'https://krut.ai',\n * });\n *\n * await auth.initialize(); // validates key with server\n *\n * const { token, user } = await auth.signUpEmail({\n *   email: 'user@example.com',\n *   password: 'secret123',\n *   name: 'Alice',\n * });\n * ```\n *\n * @example Sign in\n * ```typescript\n * const auth = krutAuth({\n *   apiKey: process.env.KRUTAI_API_KEY!,\n *   serverUrl: 'https://krut.ai',\n * });\n * await auth.initialize();\n *\n * const { token, user } = await auth.signInEmail({\n *   email: 'user@example.com',\n *   password: 'secret123',\n * });\n * ```\n *\n * @packageDocumentation\n */\n\nimport type { KrutAuthConfig } from './types';\nimport { KrutAuth } from './client';\n\nexport { KrutAuth } from './client';\nexport { KrutAuthKeyValidationError } from './client';\nexport {\n    validateApiKeyWithService as validateApiKey,\n    validateApiKeyFormat,\n} from 'krutai';\nexport type {\n    KrutAuthConfig,\n    SignUpEmailParams,\n    SignInEmailParams,\n    AuthSession,\n    AuthSessionRecord,\n    AuthUser,\n    AuthResponse,\n} from './types';\nexport { DEFAULT_SERVER_URL, DEFAULT_AUTH_PREFIX } from './types';\n\n/**\n * krutAuth — convenience factory.\n *\n * Creates a `KrutAuth` instance configured to call your server's `/lib-auth` routes.\n *\n * @param config - Auth configuration (`apiKey` and `serverUrl` are required)\n * @returns A `KrutAuth` instance — call `.initialize()` before use\n *\n * @example\n * ```typescript\n * import { krutAuth } from '@krutai/auth';\n *\n * const auth = krutAuth({\n *   apiKey: process.env.KRUTAI_API_KEY!,\n *   serverUrl: 'https://krut.ai',\n * });\n *\n * await auth.initialize();\n * const { token, user } = await auth.signInEmail({\n *   email: 'user@example.com',\n *   password: 'secret123',\n * });\n * ```\n */\nexport function krutAuth(config: KrutAuthConfig): KrutAuth {\n    return new KrutAuth(config);\n}\n\n// Package metadata\nexport const VERSION = '0.4.0';\n"]}
+{"version":3,"sources":["../src/types.ts","../src/client.ts","../src/index.ts"],"names":[],"mappings":";;;;AAUO,IAAM,kBAAA,GAAqB;AAM3B,IAAM,mBAAA,GAAsB;ACkC5B,IAAM,WAAN,MAAe;AAAA,EACD,MAAA;AAAA,EACA,SAAA;AAAA,EACA,UAAA;AAAA,EACA,MAAA;AAAA,EAET,WAAA,GAAc,KAAA;AAAA,EAEtB,YAAY,MAAA,EAAwB;AAChC,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA,CAAO,MAAA,IAAU,OAAA,CAAQ,IAAI,cAAA,IAAkB,EAAA;AAC7D,IAAA,IAAA,CAAK,aAAa,MAAA,CAAO,SAAA,IAAa,kBAAA,EAAoB,OAAA,CAAQ,OAAO,EAAE,CAAA;AAC3E,IAAA,IAAA,CAAK,cAAc,MAAA,CAAO,UAAA,IAAc,mBAAA,EAAqB,OAAA,CAAQ,OAAO,EAAE,CAAA;AAG9E,IAAA,oBAAA,CAAqB,KAAK,MAAM,CAAA;AAGhC,IAAA,IAAI,MAAA,CAAO,mBAAmB,KAAA,EAAO;AACjC,MAAA,IAAA,CAAK,WAAA,GAAc,IAAA;AAAA,IACvB;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,UAAA,GAA4B;AAC9B,IAAA,IAAI,KAAK,WAAA,EAAa;AAEtB,IAAA,IAAI,IAAA,CAAK,MAAA,CAAO,cAAA,KAAmB,KAAA,EAAO;AACtC,MAAA,MAAM,cAAA,CAAe,IAAA,CAAK,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA;AAAA,IACpD;AAEA,IAAA,IAAA,CAAK,WAAA,GAAc,IAAA;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA,EAKA,aAAA,GAAyB;AACrB,IAAA,OAAO,IAAA,CAAK,WAAA;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA,EAMQ,iBAAA,GAA0B;AAC9B,IAAA,IAAI,CAAC,KAAK,WAAA,EAAa;AACnB,MAAA,MAAM,IAAI,KAAA;AAAA,QACN;AAAA,OACJ;AAAA,IACJ;AAAA,EACJ;AAAA;AAAA,EAGQ,WAAA,GAAsC;AAC1C,IAAA,OAAO;AAAA,MACH,cAAA,EAAgB,kBAAA;AAAA,MAChB,aAAA,EAAe,CAAA,OAAA,EAAU,IAAA,CAAK,MAAM,CAAA,CAAA;AAAA,MACpC,aAAa,IAAA,CAAK;AAAA,KACtB;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAMQ,IAAI,IAAA,EAAsB;AAC9B,IAAA,MAAM,YAAY,IAAA,CAAK,UAAA,CAAW,GAAG,CAAA,GAAI,IAAA,GAAO,IAAI,IAAI,CAAA,CAAA;AACxD,IAAA,OAAO,GAAG,IAAA,CAAK,SAAS,GAAG,IAAA,CAAK,UAAU,GAAG,SAAS,CAAA,CAAA;AAAA,EAC1D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,MAAM,OAAA,CACF,MAAA,EACA,IAAA,EACA,IAAA,EACU;AACV,IAAA,IAAA,CAAK,iBAAA,EAAkB;AAEvB,IAAA,MAAM,OAAA,GAAuB;AAAA,MACzB,MAAA;AAAA,MACA,OAAA,EAAS,KAAK,WAAA;AAAY,KAC9B;AAEA,IAAA,IAAI,IAAA,IAAQ,WAAW,KAAA,EAAO;AAC1B,MAAA,OAAA,CAAQ,IAAA,GAAO,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA;AAAA,IACtC;AAEA,IAAA,MAAM,WAAW,MAAM,KAAA,CAAM,KAAK,GAAA,CAAI,IAAI,GAAG,OAAO,CAAA;AAEpD,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACd,MAAA,IAAI,YAAA,GAAe,CAAA,0BAAA,EAA6B,QAAA,CAAS,MAAM,QAAQ,IAAI,CAAA,CAAA;AAC3E,MAAA,IAAI;AACA,QAAA,MAAM,SAAA,GAAa,MAAM,QAAA,CAAS,IAAA,EAAK;AACvC,QAAA,IAAI,SAAA,EAAW,KAAA,EAAO,YAAA,GAAe,SAAA,CAAU,KAAA;AAAA,aAAA,IACtC,SAAA,EAAW,OAAA,EAAS,YAAA,GAAe,SAAA,CAAU,OAAA;AAAA,MAC1D,CAAA,CAAA,MAAQ;AAAA,MAAE;AACV,MAAA,MAAM,IAAI,MAAM,YAAY,CAAA;AAAA,IAChC;AAEA,IAAA,OAAQ,MAAM,SAAS,IAAA,EAAK;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,YAAY,MAAA,EAAkD;AAChE,IAAA,OAAO,IAAA,CAAK,OAAA,CAAsB,MAAA,EAAQ,yBAAA,EAA2B,MAAM,CAAA;AAAA,EAC/E;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,YAAY,MAAA,EAAkD;AAChE,IAAA,OAAO,IAAA,CAAK,OAAA,CAAsB,MAAA,EAAQ,yBAAA,EAA2B,MAAM,CAAA;AAAA,EAC/E;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,WAAW,YAAA,EAA4C;AACzD,IAAA,IAAA,CAAK,iBAAA,EAAkB;AAEvB,IAAA,MAAM,WAAW,MAAM,KAAA,CAAM,IAAA,CAAK,GAAA,CAAI,uBAAuB,CAAA,EAAG;AAAA,MAC5D,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACL,GAAG,KAAK,WAAA,EAAY;AAAA,QACpB,MAAA,EAAQ,6BAA6B,YAAY,CAAA;AAAA;AACrD,KACH,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACd,MAAA,IAAI,YAAA,GAAe,CAAA,0BAAA,EAA6B,QAAA,CAAS,MAAM,CAAA,0BAAA,CAAA;AAC/D,MAAA,IAAI;AACA,QAAA,MAAM,SAAA,GAAa,MAAM,QAAA,CAAS,IAAA,EAAK;AACvC,QAAA,IAAI,SAAA,EAAW,KAAA,EAAO,YAAA,GAAe,SAAA,CAAU,KAAA;AAAA,aAAA,IACtC,SAAA,EAAW,OAAA,EAAS,YAAA,GAAe,SAAA,CAAU,OAAA;AAAA,MAC1D,CAAA,CAAA,MAAQ;AAAA,MAAE;AACV,MAAA,MAAM,IAAI,MAAM,YAAY,CAAA;AAAA,IAChC;AAEA,IAAA,OAAQ,MAAM,SAAS,IAAA,EAAK;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,QAAQ,YAAA,EAAqC;AAC/C,IAAA,IAAA,CAAK,iBAAA,EAAkB;AAEvB,IAAA,MAAM,WAAW,MAAM,KAAA,CAAM,IAAA,CAAK,GAAA,CAAI,oBAAoB,CAAA,EAAG;AAAA,MACzD,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACL,GAAG,KAAK,WAAA,EAAY;AAAA,QACpB,MAAA,EAAQ,6BAA6B,YAAY,CAAA;AAAA;AACrD,KACH,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACd,MAAA,IAAI,YAAA,GAAe,CAAA,0BAAA,EAA6B,QAAA,CAAS,MAAM,CAAA,uBAAA,CAAA;AAC/D,MAAA,IAAI;AACA,QAAA,MAAM,SAAA,GAAa,MAAM,QAAA,CAAS,IAAA,EAAK;AACvC,QAAA,IAAI,SAAA,EAAW,KAAA,EAAO,YAAA,GAAe,SAAA,CAAU,KAAA;AAAA,aAAA,IACtC,SAAA,EAAW,OAAA,EAAS,YAAA,GAAe,SAAA,CAAU,OAAA;AAAA,MAC1D,CAAA,CAAA,MAAQ;AAAA,MAAE;AACV,MAAA,MAAM,IAAI,MAAM,YAAY,CAAA;AAAA,IAChC;AAAA,EACJ;AACJ;AC1KO,SAAS,SAAS,MAAA,EAAkC;AACvD,EAAA,OAAO,IAAI,SAAS,MAAM,CAAA;AAC9B;AAGO,IAAM,OAAA,GAAU","file":"index.mjs","sourcesContent":["/**\n * Types for @krutai/auth\n *\n * Pure fetch-based auth client — no local better-auth dependency.\n */\n\n/**\n * Default base URL for the KrutAI server.\n * Used when no serverUrl is provided in the config.\n */\nexport const DEFAULT_SERVER_URL = 'http://localhost:8000' as const;\n\n/**\n * Default path prefix for the auth routes on the server.\n * The server mounts better-auth under this prefix.\n */\nexport const DEFAULT_AUTH_PREFIX = '/lib-auth' as const;\n\n/**\n * Configuration options for KrutAuth\n */\nexport interface KrutAuthConfig {\n    /**\n     * KrutAI API key.\n     * Validated against the server before use.\n     * Optional: defaults to process.env.KRUTAI_API_KEY\n     */\n    apiKey?: string;\n\n    /**\n     * Base URL of your deployed KrutAI server.\n     * @default \"http://localhost:8000\"\n     * @example \"https://krut.ai\"\n     */\n    serverUrl?: string;\n\n    /**\n     * Path prefix for the auth routes on the server.\n     * @default \"/lib-auth\"\n     */\n    authPrefix?: string;\n\n    /**\n     * Whether to validate the API key against the server on initialization.\n     * Set to false to skip the validation round-trip (e.g. in tests).\n     * @default true\n     */\n    validateOnInit?: boolean;\n}\n\n// ---------------------------------------------------------------------------\n// Auth method parameter types\n// ---------------------------------------------------------------------------\n\n/**\n * Parameters for email/password sign-up\n */\nexport interface SignUpEmailParams {\n    /** User email */\n    email: string;\n    /** User password */\n    password: string;\n    /** Display name */\n    name: string;\n}\n\n/**\n * Parameters for email/password sign-in\n */\nexport interface SignInEmailParams {\n    /** User email */\n    email: string;\n    /** User password */\n    password: string;\n}\n\n// ---------------------------------------------------------------------------\n// Auth response types\n// ---------------------------------------------------------------------------\n\n/**\n * A user record returned by the auth server\n */\nexport interface AuthUser {\n    id: string;\n    email: string;\n    name?: string;\n    emailVerified: boolean;\n    createdAt: string;\n    updatedAt: string;\n    [key: string]: unknown;\n}\n\n/**\n * A session record returned by the auth server\n */\nexport interface AuthSessionRecord {\n    id: string;\n    userId: string;\n    token: string;\n    expiresAt: string;\n    [key: string]: unknown;\n}\n\n/**\n * Combined session + user response\n */\nexport interface AuthSession {\n    user: AuthUser;\n    session: AuthSessionRecord;\n}\n\n/**\n * Sign-up / sign-in response (contains token + user)\n */\nexport interface AuthResponse {\n    token: string;\n    user: AuthUser;\n    [key: string]: unknown;\n}\n","import type {\n    KrutAuthConfig,\n    SignUpEmailParams,\n    SignInEmailParams,\n    AuthSession,\n    AuthResponse,\n} from './types';\nimport { DEFAULT_SERVER_URL, DEFAULT_AUTH_PREFIX } from './types';\nimport {\n    validateApiKey,\n    validateApiKeyFormat,\n    KrutAIKeyValidationError,\n} from 'krutai';\n\nexport { KrutAIKeyValidationError };\n\n/**\n * KrutAuth — fetch-based authentication client for KrutAI\n *\n * Calls your deployed server's `/lib-auth` routes for all auth operations.\n * The API key is validated against the server before use.\n *\n * @example\n * ```typescript\n * import { KrutAuth } from '@krutai/auth';\n *\n * const auth = new KrutAuth({\n *   apiKey: process.env.KRUTAI_API_KEY!,\n *   serverUrl: 'https://krut.ai',\n * });\n *\n * await auth.initialize(); // validates key against server\n *\n * // Sign up\n * const { token, user } = await auth.signUpEmail({\n *   email: 'user@example.com',\n *   password: 'secret123',\n *   name: 'Alice',\n * });\n *\n * // Sign in\n * const result = await auth.signInEmail({\n *   email: 'user@example.com',\n *   password: 'secret123',\n * });\n *\n * // Get session\n * const session = await auth.getSession(result.token);\n * ```\n */\nexport class KrutAuth {\n    private readonly apiKey: string;\n    private readonly serverUrl: string;\n    private readonly authPrefix: string;\n    private readonly config: KrutAuthConfig;\n\n    private initialized = false;\n\n    constructor(config: KrutAuthConfig) {\n        this.config = config;\n        this.apiKey = config.apiKey || process.env.KRUTAI_API_KEY || '';\n        this.serverUrl = (config.serverUrl ?? DEFAULT_SERVER_URL).replace(/\\/$/, '');\n        this.authPrefix = (config.authPrefix ?? DEFAULT_AUTH_PREFIX).replace(/\\/$/, '');\n\n        // Basic format check immediately on construction\n        validateApiKeyFormat(this.apiKey);\n\n        // If validation is disabled, mark as ready immediately\n        if (config.validateOnInit === false) {\n            this.initialized = true;\n        }\n    }\n\n    /**\n     * Initialize the auth client.\n     * Validates the API key against the server, then marks client as ready.\n     *\n     * @throws {KrutAuthKeyValidationError} if the key is rejected or the server is unreachable\n     */\n    async initialize(): Promise<void> {\n        if (this.initialized) return;\n\n        if (this.config.validateOnInit !== false) {\n            await validateApiKey(this.apiKey, this.serverUrl);\n        }\n\n        this.initialized = true;\n    }\n\n    /**\n     * Returns whether the client has been initialized.\n     */\n    isInitialized(): boolean {\n        return this.initialized;\n    }\n\n    // ---------------------------------------------------------------------------\n    // Private helpers\n    // ---------------------------------------------------------------------------\n\n    private assertInitialized(): void {\n        if (!this.initialized) {\n            throw new Error(\n                'KrutAuth not initialized. Call initialize() first or set validateOnInit to false.'\n            );\n        }\n    }\n\n    /** Common request headers sent to the server on every auth call. */\n    private authHeaders(): Record<string, string> {\n        return {\n            'Content-Type': 'application/json',\n            Authorization: `Bearer ${this.apiKey}`,\n            'x-api-key': this.apiKey,\n        };\n    }\n\n    /**\n     * Build the full URL for an auth endpoint.\n     * @param path - The better-auth sub-path, e.g. `/api/auth/sign-up/email`\n     */\n    private url(path: string): string {\n        const cleanPath = path.startsWith('/') ? path : `/${path}`;\n        return `${this.serverUrl}${this.authPrefix}${cleanPath}`;\n    }\n\n    // ---------------------------------------------------------------------------\n    // Public Auth Methods\n    // ---------------------------------------------------------------------------\n\n    /**\n     * Generic request helper for any better-auth endpoint.\n     *\n     * Use this to call endpoints not covered by the convenience methods.\n     *\n     * @param method - HTTP method (GET, POST, etc.)\n     * @param path - The better-auth endpoint path (e.g. `/api/auth/sign-up/email`)\n     * @param body - Optional JSON body\n     * @returns The parsed JSON response\n     */\n    async request<T = unknown>(\n        method: string,\n        path: string,\n        body?: Record<string, unknown> | object\n    ): Promise<T> {\n        this.assertInitialized();\n\n        const options: RequestInit = {\n            method,\n            headers: this.authHeaders(),\n        };\n\n        if (body && method !== 'GET') {\n            options.body = JSON.stringify(body);\n        }\n\n        const response = await fetch(this.url(path), options);\n\n        if (!response.ok) {\n            let errorMessage = `Auth server returned HTTP ${response.status} for ${path}`;\n            try {\n                const errorData = (await response.json()) as { message?: string; error?: string };\n                if (errorData?.error) errorMessage = errorData.error;\n                else if (errorData?.message) errorMessage = errorData.message;\n            } catch { }\n            throw new Error(errorMessage);\n        }\n\n        return (await response.json()) as T;\n    }\n\n    /**\n     * Sign up a new user with email and password.\n     *\n     * Calls: POST {serverUrl}/lib-auth/api/auth/sign-up/email\n     *\n     * @param params - Sign-up parameters (email, password, name)\n     * @returns The auth response containing token and user\n     */\n    async signUpEmail(params: SignUpEmailParams): Promise<AuthResponse> {\n        return this.request<AuthResponse>('POST', '/api/auth/sign-up/email', params);\n    }\n\n    /**\n     * Sign in with email and password.\n     *\n     * Calls: POST {serverUrl}/lib-auth/api/auth/sign-in/email\n     *\n     * @param params - Sign-in parameters (email, password)\n     * @returns The auth response containing token and user\n     */\n    async signInEmail(params: SignInEmailParams): Promise<AuthResponse> {\n        return this.request<AuthResponse>('POST', '/api/auth/sign-in/email', params);\n    }\n\n    /**\n     * Get the current session for a user.\n     *\n     * Calls: GET {serverUrl}/lib-auth/api/auth/get-session\n     *\n     * @param sessionToken - The session token (Bearer token from sign-in)\n     * @returns The session containing user and session data\n     */\n    async getSession(sessionToken: string): Promise<AuthSession> {\n        this.assertInitialized();\n\n        const response = await fetch(this.url('/api/auth/get-session'), {\n            method: 'GET',\n            headers: {\n                ...this.authHeaders(),\n                Cookie: `better-auth.session_token=${sessionToken}`,\n            },\n        });\n\n        if (!response.ok) {\n            let errorMessage = `Auth server returned HTTP ${response.status} for /api/auth/get-session`;\n            try {\n                const errorData = (await response.json()) as { message?: string; error?: string };\n                if (errorData?.error) errorMessage = errorData.error;\n                else if (errorData?.message) errorMessage = errorData.message;\n            } catch { }\n            throw new Error(errorMessage);\n        }\n\n        return (await response.json()) as AuthSession;\n    }\n\n    /**\n     * Sign out the current user.\n     *\n     * Calls: POST {serverUrl}/lib-auth/api/auth/sign-out\n     *\n     * @param sessionToken - The session token to invalidate\n     */\n    async signOut(sessionToken: string): Promise<void> {\n        this.assertInitialized();\n\n        const response = await fetch(this.url('/api/auth/sign-out'), {\n            method: 'POST',\n            headers: {\n                ...this.authHeaders(),\n                Cookie: `better-auth.session_token=${sessionToken}`,\n            },\n        });\n\n        if (!response.ok) {\n            let errorMessage = `Auth server returned HTTP ${response.status} for /api/auth/sign-out`;\n            try {\n                const errorData = (await response.json()) as { message?: string; error?: string };\n                if (errorData?.error) errorMessage = errorData.error;\n                else if (errorData?.message) errorMessage = errorData.message;\n            } catch { }\n            throw new Error(errorMessage);\n        }\n    }\n}\n","/**\n * @krutai/auth — Authentication package for KrutAI\n *\n * A fetch-based wrapper that calls your deployed server's `/lib-auth` routes.\n * The user's API key is validated against the server before any auth call is made.\n *\n * @example Basic usage\n * ```typescript\n * import { krutAuth } from '@krutai/auth';\n *\n * const auth = krutAuth({\n *   apiKey: process.env.KRUTAI_API_KEY!,\n *   serverUrl: 'https://krut.ai',\n * });\n *\n * await auth.initialize(); // validates key with server\n *\n * const { token, user } = await auth.signUpEmail({\n *   email: 'user@example.com',\n *   password: 'secret123',\n *   name: 'Alice',\n * });\n * ```\n *\n * @example Sign in\n * ```typescript\n * const auth = krutAuth({\n *   apiKey: process.env.KRUTAI_API_KEY!,\n *   serverUrl: 'https://krut.ai',\n * });\n * await auth.initialize();\n *\n * const { token, user } = await auth.signInEmail({\n *   email: 'user@example.com',\n *   password: 'secret123',\n * });\n * ```\n *\n * @packageDocumentation\n */\n\nimport type { KrutAuthConfig } from './types';\nimport { KrutAuth } from './client';\n\nexport { KrutAuth } from './client';\nexport { KrutAIKeyValidationError } from './client';\nexport {\n    validateApiKey,\n    validateApiKeyFormat,\n} from 'krutai';\nexport type {\n    KrutAuthConfig,\n    SignUpEmailParams,\n    SignInEmailParams,\n    AuthSession,\n    AuthSessionRecord,\n    AuthUser,\n    AuthResponse,\n} from './types';\nexport { DEFAULT_SERVER_URL, DEFAULT_AUTH_PREFIX } from './types';\n\n/**\n * krutAuth — convenience factory.\n *\n * Creates a `KrutAuth` instance configured to call your server's `/lib-auth` routes.\n *\n * @param config - Auth configuration (`apiKey` and `serverUrl` are required)\n * @returns A `KrutAuth` instance — call `.initialize()` before use\n *\n * @example\n * ```typescript\n * import { krutAuth } from '@krutai/auth';\n *\n * const auth = krutAuth({\n *   apiKey: process.env.KRUTAI_API_KEY!,\n *   serverUrl: 'https://krut.ai',\n * });\n *\n * await auth.initialize();\n * const { token, user } = await auth.signInEmail({\n *   email: 'user@example.com',\n *   password: 'secret123',\n * });\n * ```\n */\nexport function krutAuth(config: KrutAuthConfig): KrutAuth {\n    return new KrutAuth(config);\n}\n\n// Package metadata\nexport const VERSION = '0.4.0';\n"]}

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@krutai/auth",
-    "version": "0.4.1",
+    "version": "0.4.2",
     "description": "Authentication package for KrutAI — fetch-based client for your server's auth routes with API key validation",
     "main": "./dist/index.js",
     "module": "./dist/index.mjs",
@@ -48,4 +48,4 @@
         "url": "git+https://github.com/AccountantAIOrg/krut_packages.git",
         "directory": "packages/auth"
     }
-}
+}