@kyro-cms/core 0.1.4 → 0.1.6

package/dist/index.cjs

@@ -1,30 +1,29 @@
 'use strict';
 
 var chunkF5B64H5S_cjs = require('./chunk-F5B64H5S.cjs');
-var chunkI4BORBXT_cjs = require('./chunk-I4BORBXT.cjs');
+var chunkA3RQWHKD_cjs = require('./chunk-A3RQWHKD.cjs');
+var chunk3EVLFWH2_cjs = require('./chunk-3EVLFWH2.cjs');
 var chunk3VZCX4DF_cjs = require('./chunk-3VZCX4DF.cjs');
 var chunkK7QF2QCM_cjs = require('./chunk-K7QF2QCM.cjs');
 var chunkUEG7KMKC_cjs = require('./chunk-UEG7KMKC.cjs');
 var chunkR3XIBBAW_cjs = require('./chunk-R3XIBBAW.cjs');
 var chunkDVD5P72E_cjs = require('./chunk-DVD5P72E.cjs');
 var chunkV3B25QOK_cjs = require('./chunk-V3B25QOK.cjs');
-var chunkKWTKEBHM_cjs = require('./chunk-KWTKEBHM.cjs');
-var chunkU4CHJTWX_cjs = require('./chunk-U4CHJTWX.cjs');
-require('./chunk-5AOILNGY.cjs');
+var chunkYD7Y25W7_cjs = require('./chunk-YD7Y25W7.cjs');
+var chunk7G6EVYCU_cjs = require('./chunk-7G6EVYCU.cjs');
+require('./chunk-TZFJMPCH.cjs');
 var chunkHT6VE4NW_cjs = require('./chunk-HT6VE4NW.cjs');
 var chunkRLTG4YZM_cjs = require('./chunk-RLTG4YZM.cjs');
-require('./chunk-Q7SFCCGT.cjs');
+var chunk5BLDMQED_cjs = require('./chunk-5BLDMQED.cjs');
 var zod = require('zod');
-var bcrypt2 = require('bcrypt');
+var bcrypt = require('bcrypt');
 var jwt2 = require('jsonwebtoken');
-var bcrypt = require('bcryptjs');
 var crypto = require('crypto');
 
 function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
 
-var bcrypt2__default = /*#__PURE__*/_interopDefault(bcrypt2);
-var jwt2__default = /*#__PURE__*/_interopDefault(jwt2);
 var bcrypt__default = /*#__PURE__*/_interopDefault(bcrypt);
+var jwt2__default = /*#__PURE__*/_interopDefault(jwt2);
 
 // src/registry/validator.ts
 var ConfigValidationError = class extends Error {
@@ -2001,277 +2000,6 @@ var defaultFieldStyling = {
     }
   }
 };
-var SQLiteAuthAdapter = class {
-  db = null;
-  path;
-  saltRounds;
-  externalDb;
-  constructor(options = {}) {
-    this.path = options.path || "./data.db";
-    this.saltRounds = options.saltRounds || 12;
-    this.externalDb = !!options.db;
-    if (options.db) {
-      this.db = options.db;
-    }
-  }
-  async connect() {
-    if (this.db) return;
-    const Database = (await import('better-sqlite3')).default;
-    this.db = new Database(this.path);
-    this.db.pragma("journal_mode = WAL");
-    this.db.pragma("foreign_keys = ON");
-    this.ensureTables();
-  }
-  async disconnect() {
-    if (this.db && !this.externalDb) {
-      this.db.close();
-      this.db = null;
-    }
-  }
-  ensureTables() {
-    if (!this.db) return;
-    this.db.exec(`
-      CREATE TABLE IF NOT EXISTS kyro_users (
-        id TEXT PRIMARY KEY,
-        email TEXT UNIQUE NOT NULL,
-        password_hash TEXT NOT NULL,
-        role TEXT NOT NULL DEFAULT 'customer',
-        tenant_id TEXT,
-        email_verified INTEGER DEFAULT 0,
-        locked INTEGER DEFAULT 0,
-        last_login TEXT,
-        failed_login_attempts INTEGER DEFAULT 0,
-        locked_until TEXT,
-        created_at TEXT NOT NULL,
-        updated_at TEXT NOT NULL
-      );
-
-      CREATE TABLE IF NOT EXISTS kyro_sessions (
-        id TEXT PRIMARY KEY,
-        user_id TEXT NOT NULL,
-        token TEXT NOT NULL,
-        refresh_token TEXT,
-        expires_at TEXT NOT NULL,
-        created_at TEXT NOT NULL,
-        ip_address TEXT,
-        user_agent TEXT,
-        FOREIGN KEY (user_id) REFERENCES kyro_users(id) ON DELETE CASCADE
-      );
-
-      CREATE TABLE IF NOT EXISTS kyro_password_history (
-        id INTEGER PRIMARY KEY AUTOINCREMENT,
-        user_id TEXT NOT NULL,
-        password_hash TEXT NOT NULL,
-        created_at TEXT NOT NULL,
-        FOREIGN KEY (user_id) REFERENCES kyro_users(id) ON DELETE CASCADE
-      );
-
-      CREATE INDEX IF NOT EXISTS idx_kyro_users_email ON kyro_users(email);
-      CREATE INDEX IF NOT EXISTS idx_kyro_sessions_user_id ON kyro_sessions(user_id);
-      CREATE INDEX IF NOT EXISTS idx_kyro_sessions_token ON kyro_sessions(token);
-      CREATE INDEX IF NOT EXISTS idx_kyro_sessions_refresh_token ON kyro_sessions(refresh_token);
-      CREATE INDEX IF NOT EXISTS idx_kyro_password_history_user_id ON kyro_password_history(user_id);
-    `);
-  }
-  async createUser(data) {
-    if (!this.db) throw new Error("Not connected");
-    const id = crypto.randomBytes(16).toString("hex");
-    const now = (/* @__PURE__ */ new Date()).toISOString();
-    const user = {
-      id,
-      email: data.email.toLowerCase(),
-      passwordHash: data.passwordHash,
-      role: data.role || "customer",
-      tenantId: data.tenantId,
-      createdAt: now,
-      updatedAt: now
-    };
-    this.db.prepare(
-      `INSERT INTO kyro_users (id, email, password_hash, role, tenant_id, created_at, updated_at)
-         VALUES (?, ?, ?, ?, ?, ?, ?)`
-    ).run(
-      id,
-      user.email,
-      user.passwordHash,
-      user.role,
-      user.tenantId,
-      now,
-      now
-    );
-    return user;
-  }
-  async findUserByEmail(email) {
-    if (!this.db) throw new Error("Not connected");
-    const row = this.db.prepare("SELECT * FROM kyro_users WHERE email = ?").get(email.toLowerCase());
-    if (!row) return null;
-    return this.rowToUser(row);
-  }
-  async findUserById(userId) {
-    if (!this.db) throw new Error("Not connected");
-    const row = this.db.prepare("SELECT * FROM kyro_users WHERE id = ?").get(userId);
-    if (!row) return null;
-    return this.rowToUser(row);
-  }
-  async updateUser(userId, data) {
-    if (!this.db) throw new Error("Not connected");
-    const existing = await this.findUserById(userId);
-    if (!existing) return null;
-    const updates = [];
-    const values = [];
-    if (data.email !== void 0) {
-      updates.push("email = ?");
-      values.push(data.email.toLowerCase());
-    }
-    if (data.passwordHash !== void 0) {
-      updates.push("password_hash = ?");
-      values.push(data.passwordHash);
-    }
-    if (data.role !== void 0) {
-      updates.push("role = ?");
-      values.push(data.role);
-    }
-    if (data.tenantId !== void 0) {
-      updates.push("tenant_id = ?");
-      values.push(data.tenantId);
-    }
-    if (data.emailVerified !== void 0) {
-      updates.push("email_verified = ?");
-      values.push(data.emailVerified ? 1 : 0);
-    }
-    if (data.locked !== void 0) {
-      updates.push("locked = ?");
-      values.push(data.locked ? 1 : 0);
-    }
-    if (data.lastLogin !== void 0) {
-      updates.push("last_login = ?");
-      values.push(data.lastLogin);
-    }
-    if (data.failedLoginAttempts !== void 0) {
-      updates.push("failed_login_attempts = ?");
-      values.push(data.failedLoginAttempts);
-    }
-    updates.push("updated_at = ?");
-    values.push((/* @__PURE__ */ new Date()).toISOString());
-    values.push(userId);
-    this.db.prepare(`UPDATE kyro_users SET ${updates.join(", ")} WHERE id = ?`).run(...values);
-    return this.findUserById(userId);
-  }
-  async deleteUser(userId) {
-    if (!this.db) throw new Error("Not connected");
-    const result = this.db.prepare("DELETE FROM kyro_users WHERE id = ?").run(userId);
-    return result.changes > 0;
-  }
-  async hashPassword(password) {
-    return bcrypt__default.default.hash(password, this.saltRounds);
-  }
-  async verifyPassword(password, hash) {
-    return bcrypt__default.default.compare(password, hash);
-  }
-  async createSession(userId, data = {}) {
-    if (!this.db) throw new Error("Not connected");
-    const id = crypto.randomBytes(32).toString("hex");
-    const token = crypto.randomBytes(32).toString("base64url");
-    const refreshToken = crypto.randomBytes(32).toString("base64url");
-    const now = /* @__PURE__ */ new Date();
-    const expiresAt = new Date(now.getTime() + 864e5).toISOString();
-    const session = {
-      id,
-      userId,
-      token,
-      refreshToken,
-      expiresAt,
-      createdAt: now.toISOString(),
-      ipAddress: data.ipAddress,
-      userAgent: data.userAgent
-    };
-    this.db.prepare(
-      `INSERT INTO kyro_sessions (id, user_id, token, refresh_token, expires_at, created_at, ip_address, user_agent)
-         VALUES (?, ?, ?, ?, ?, ?, ?, ?)`
-    ).run(
-      session.id,
-      session.userId,
-      session.token,
-      session.refreshToken,
-      session.expiresAt,
-      session.createdAt,
-      session.ipAddress,
-      session.userAgent
-    );
-    return session;
-  }
-  async findSessionByToken(token) {
-    if (!this.db) throw new Error("Not connected");
-    const row = this.db.prepare("SELECT * FROM kyro_sessions WHERE token = ?").get(token);
-    if (!row) return null;
-    return this.rowToSession(row);
-  }
-  async findSessionByRefreshToken(refreshToken) {
-    if (!this.db) throw new Error("Not connected");
-    const row = this.db.prepare("SELECT * FROM kyro_sessions WHERE refresh_token = ?").get(refreshToken);
-    if (!row) return null;
-    return this.rowToSession(row);
-  }
-  async deleteSession(sessionId) {
-    if (!this.db) throw new Error("Not connected");
-    const result = this.db.prepare("DELETE FROM kyro_sessions WHERE id = ? OR token = ?").run(sessionId, sessionId);
-    return result.changes > 0;
-  }
-  async deleteUserSessions(userId) {
-    if (!this.db) throw new Error("Not connected");
-    const result = this.db.prepare("DELETE FROM kyro_sessions WHERE user_id = ?").run(userId);
-    return result.changes;
-  }
-  async hasAnyUsers() {
-    if (!this.db) throw new Error("Not connected");
-    const row = this.db.prepare("SELECT COUNT(*) as count FROM kyro_users").get();
-    return row.count > 0;
-  }
-  async addPasswordToHistory(userId, passwordHash) {
-    if (!this.db) throw new Error("Not connected");
-    this.db.prepare(
-      "INSERT INTO kyro_password_history (user_id, password_hash, created_at) VALUES (?, ?, ?)"
-    ).run(userId, passwordHash, (/* @__PURE__ */ new Date()).toISOString());
-    this.db.prepare(
-      `DELETE FROM kyro_password_history WHERE id IN (
-          SELECT id FROM kyro_password_history WHERE user_id = ? ORDER BY created_at DESC LIMIT -1 OFFSET 5
-        )`
-    ).run(userId);
-  }
-  async getPasswordHistory(userId, count = 5) {
-    if (!this.db) throw new Error("Not connected");
-    const rows = this.db.prepare(
-      "SELECT password_hash FROM kyro_password_history WHERE user_id = ? ORDER BY created_at DESC LIMIT ?"
-    ).all(userId, count);
-    return rows.map((r) => r.password_hash);
-  }
-  rowToUser(row) {
-    return {
-      id: row.id,
-      email: row.email,
-      passwordHash: row.password_hash,
-      role: row.role,
-      tenantId: row.tenant_id,
-      emailVerified: row.email_verified === 1,
-      locked: row.locked === 1,
-      lastLogin: row.last_login,
-      failedLoginAttempts: row.failed_login_attempts || 0,
-      createdAt: row.created_at,
-      updatedAt: row.updated_at
-    };
-  }
-  rowToSession(row) {
-    return {
-      id: row.id,
-      userId: row.user_id,
-      token: row.token,
-      refreshToken: row.refresh_token,
-      expiresAt: row.expires_at,
-      createdAt: row.created_at,
-      ipAddress: row.ip_address,
-      userAgent: row.user_agent
-    };
-  }
-};
 
 // src/auth/security/lockout.ts
 var DEFAULT_LOCKOUT_CONFIG = {
@@ -2538,6 +2266,8 @@ var RateLimiter = class {
     this.userLimits[type] = config;
   }
 };
+var DEFAULT_RETENTION_CONFIG = {
+  retentionDays: 30};
 var AuditLogger = class {
   redis;
   prefix;
@@ -2768,6 +2498,572 @@ function createAuditContext(req) {
     userAgent: req.headers.get("user-agent") || "unknown"
   };
 }
+var InMemoryAuthAdapter = class {
+  users = /* @__PURE__ */ new Map();
+  sessions = /* @__PURE__ */ new Map();
+  refreshTokens = /* @__PURE__ */ new Map();
+  // refreshToken -> sessionId
+  emailToUserId = /* @__PURE__ */ new Map();
+  passwordHistory = /* @__PURE__ */ new Map();
+  // userId -> passwordHash[]
+  externalDb = false;
+  constructor() {
+  }
+  async connect() {
+  }
+  async disconnect() {
+    this.users.clear();
+    this.sessions.clear();
+    this.refreshTokens.clear();
+    this.emailToUserId.clear();
+    this.passwordHistory.clear();
+  }
+  async createUser(data) {
+    const userId = crypto.randomBytes(16).toString("hex");
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const user = {
+      id: userId,
+      email: data.email.toLowerCase(),
+      passwordHash: data.passwordHash,
+      role: data.role || "customer",
+      tenantId: data.tenantId,
+      createdAt: now,
+      updatedAt: now
+    };
+    this.users.set(userId, user);
+    this.emailToUserId.set(data.email.toLowerCase(), userId);
+    this.passwordHistory.set(userId, []);
+    return user;
+  }
+  async findUserByEmail(email) {
+    const userId = this.emailToUserId.get(email.toLowerCase());
+    if (!userId) return null;
+    return this.findUserById(userId);
+  }
+  async findUserById(userId) {
+    return this.users.get(userId) || null;
+  }
+  async updateUser(userId, data) {
+    const existing = await this.findUserById(userId);
+    if (!existing) return null;
+    const updated = {
+      ...existing,
+      ...data,
+      id: userId,
+      updatedAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    if (data.email && data.email !== existing.email) {
+      this.emailToUserId.delete(existing.email.toLowerCase());
+      this.emailToUserId.set(data.email.toLowerCase(), userId);
+    }
+    this.users.set(userId, updated);
+    return updated;
+  }
+  async deleteUser(userId) {
+    const user = await this.findUserById(userId);
+    if (!user) return false;
+    this.users.delete(userId);
+    this.emailToUserId.delete(user.email.toLowerCase());
+    this.refreshTokens.forEach((sessionId, refreshToken) => {
+      if (this.sessions.get(sessionId)?.userId === userId) {
+        this.refreshTokens.delete(refreshToken);
+        this.sessions.delete(sessionId);
+      }
+    });
+    this.passwordHistory.delete(userId);
+    this.sessions.forEach((session, sessionId) => {
+      if (session.userId === userId) {
+        this.sessions.delete(sessionId);
+      }
+    });
+    return true;
+  }
+  async hashPassword(password) {
+    const bcrypt2 = (await import('bcryptjs')).default;
+    return bcrypt2.hash(password, 12);
+  }
+  async verifyPassword(password, hash) {
+    const bcrypt2 = (await import('bcryptjs')).default;
+    return bcrypt2.compare(password, hash);
+  }
+  async createSession(userId, data = {}) {
+    const sessionId = crypto.randomBytes(32).toString("hex");
+    const token = crypto.randomBytes(32).toString("base64url");
+    const refreshToken = crypto.randomBytes(32).toString("base64url");
+    const now = /* @__PURE__ */ new Date();
+    const session = {
+      id: sessionId,
+      userId,
+      token,
+      refreshToken,
+      expiresAt: new Date(now.getTime() + 86400 * 1e3).toISOString(),
+      // 24 hours
+      createdAt: now.toISOString(),
+      ipAddress: data.ipAddress,
+      userAgent: data.userAgent
+    };
+    this.sessions.set(sessionId, session);
+    this.refreshTokens.set(refreshToken, sessionId);
+    return session;
+  }
+  async findSessionByToken(token) {
+    return this.sessions.get(token) || null;
+  }
+  async deleteSession(sessionId) {
+    const session = this.sessions.get(sessionId);
+    if (!session) return false;
+    if (session.refreshToken) {
+      this.refreshTokens.delete(session.refreshToken);
+    }
+    this.sessions.delete(sessionId);
+    return true;
+  }
+  async deleteUserSessions(userId) {
+    let deleted = 0;
+    this.sessions.forEach((session, sessionId) => {
+      if (session.userId === userId) {
+        if (session.refreshToken) {
+          this.refreshTokens.delete(session.refreshToken);
+        }
+        this.sessions.delete(sessionId);
+        deleted++;
+      }
+    });
+    return deleted;
+  }
+  async addPasswordToHistory(userId, passwordHash) {
+    const history = this.passwordHistory.get(userId) || [];
+    history.push(passwordHash);
+    if (history.length > 5) {
+      history.splice(0, history.length - 5);
+    }
+    this.passwordHistory.set(userId, history);
+  }
+  async getPasswordHistory(userId, count = 5) {
+    return this.passwordHistory.get(userId) || [];
+  }
+  async isPasswordInHistory(password, userId, historyCount = 5) {
+    const history = await this.getPasswordHistory(userId, historyCount);
+    const bcrypt2 = (await import('bcryptjs')).default;
+    for (const hash of history) {
+      if (await bcrypt2.compare(password, hash)) {
+        return true;
+      }
+    }
+    return false;
+  }
+  async hasAnyUsers() {
+    return this.users.size > 0;
+  }
+};
+
+// src/auth/security/in-memory-rate-limit.ts
+var InMemoryRateLimiter = class {
+  storage = /* @__PURE__ */ new Map();
+  userStorage = /* @__PURE__ */ new Map();
+  limits;
+  userLimits;
+  constructor(limits, userLimits) {
+    this.limits = { ...DEFAULT_RATE_LIMITS2, ...limits };
+    this.userLimits = userLimits || {
+      "user:api": { window: 6e4, max: 500 },
+      "user:write": { window: 36e5, max: 100 }
+    };
+  }
+  getKey(type, identifier) {
+    return `${type}:${identifier}`;
+  }
+  getUserKey(type, userId, identifier) {
+    return `user:${type}:${userId}:${identifier}`;
+  }
+  cleanupOldEntries(entries, window) {
+    const now = Date.now();
+    const windowStart = now - window;
+    while (entries.length > 0 && entries[0].timestamp < windowStart) {
+      entries.shift();
+    }
+  }
+  async check(type, identifier) {
+    const config = this.limits[type] || this.limits["api:general"];
+    const key = this.getKey(type, identifier);
+    let entries = this.storage.get(key);
+    if (!entries) {
+      entries = [];
+      this.storage.set(key, entries);
+    }
+    this.cleanupOldEntries(entries, config.window);
+    const now = Date.now();
+    const count = entries.reduce((sum, entry) => sum + entry.count, 0);
+    entries.push({ timestamp: now, count: 1 });
+    if (count >= config.max) {
+      const oldestEntry = entries.reduce(
+        (oldest, current) => oldest.timestamp < current.timestamp ? oldest : current,
+        entries[0]
+      );
+      const resetAt = oldestEntry.timestamp + config.window;
+      return {
+        allowed: false,
+        remaining: 0,
+        resetAt,
+        retryAfter: Math.ceil((resetAt - now) / 1e3)
+      };
+    }
+    return {
+      allowed: true,
+      remaining: config.max - count - 1,
+      resetAt: now + config.window
+    };
+  }
+  async checkUser(type, userId, identifier) {
+    const config = this.userLimits[type] || this.userLimits["user:api"];
+    const userMap = this.userStorage.get(userId);
+    let entries = [];
+    if (userMap) {
+      entries = userMap.get(this.getKey(type, identifier)) || [];
+    } else {
+      if (!this.userStorage.has(userId)) {
+        this.userStorage.set(userId, /* @__PURE__ */ new Map());
+      }
+      this.userStorage.get(userId).set(this.getKey(type, identifier), entries);
+    }
+    this.cleanupOldEntries(entries, config.window);
+    const now = Date.now();
+    const count = entries.reduce((sum, entry) => sum + entry.count, 0);
+    entries.push({ timestamp: now, count: 1 });
+    if (count >= config.max) {
+      const oldestEntry = entries.reduce(
+        (oldest, current) => oldest.timestamp < current.timestamp ? oldest : current,
+        entries[0]
+      );
+      const resetAt = oldestEntry.timestamp + config.window;
+      return {
+        allowed: false,
+        remaining: 0,
+        resetAt,
+        retryAfter: Math.ceil((resetAt - now) / 1e3)
+      };
+    }
+    return {
+      allowed: true,
+      remaining: config.max - count - 1,
+      resetAt: now + config.window
+    };
+  }
+  async reset(type, identifier) {
+    const key = this.getKey(type, identifier);
+    this.storage.delete(key);
+  }
+  async resetUser(type, userId, identifier) {
+    const userMap = this.userStorage.get(userId);
+    if (userMap) {
+      const key = this.getKey(type, identifier);
+      userMap.delete(key);
+    }
+  }
+  async getStatus(type, identifier) {
+    const config = this.limits[type] || this.limits["api:general"];
+    const key = this.getKey(type, identifier);
+    let entries = this.storage.get(key);
+    if (!entries) {
+      entries = [];
+      this.storage.set(key, entries);
+    }
+    this.cleanupOldEntries(entries, config.window);
+    const now = Date.now();
+    const count = entries.reduce((sum, entry) => sum + entry.count, 0);
+    return {
+      count,
+      limit: config.max,
+      remaining: Math.max(0, config.max - count),
+      resetAt: now + config.window
+    };
+  }
+  setLimit(type, config) {
+    this.limits[type] = config;
+  }
+  setUserLimit(type, config) {
+    this.userLimits[type] = config;
+  }
+};
+var DEFAULT_RATE_LIMITS2 = {
+  "auth:login": { window: 9e5, max: 5 },
+  "auth:register": { window: 36e5, max: 3 },
+  "auth:forgot": { window: 36e5, max: 3 },
+  "auth:reset": { window: 36e5, max: 5 },
+  "auth:verify": { window: 36e5, max: 5 },
+  "api:general": { window: 6e4, max: 100 },
+  "api:authenticated": { window: 6e4, max: 200 }
+};
+
+// src/auth/security/in-memory-lockout.ts
+var InMemoryAccountLockout = class {
+  storage = /* @__PURE__ */ new Map();
+  history = /* @__PURE__ */ new Map();
+  // userId -> attempt timestamps
+  config;
+  constructor(config = {}) {
+    this.config = {
+      maxAttempts: 5,
+      lockDuration: 9e5,
+      // 15 minutes
+      notifyUser: true,
+      notifyAdmin: true,
+      adminNotifyAfter: 3,
+      ...config
+    };
+  }
+  async checkLockout(userId) {
+    const now = Date.now();
+    const record = this.storage.get(userId);
+    if (record && record.lockedUntil !== null && record.lockedUntil <= now) {
+      await this.resetAttempts(userId);
+      return {
+        locked: false,
+        attemptsRemaining: this.config.maxAttempts,
+        totalAttempts: 0
+      };
+    }
+    if (!record) {
+      return {
+        locked: false,
+        attemptsRemaining: this.config.maxAttempts,
+        totalAttempts: 0
+      };
+    }
+    const { attempts, lockedUntil } = record;
+    if (lockedUntil !== null && lockedUntil > now) {
+      return {
+        locked: true,
+        attemptsRemaining: 0,
+        lockedUntil: new Date(lockedUntil),
+        totalAttempts: attempts
+      };
+    }
+    return {
+      locked: false,
+      attemptsRemaining: Math.max(0, this.config.maxAttempts - attempts),
+      totalAttempts: attempts
+    };
+  }
+  async recordFailedAttempt(userId) {
+    const now = Date.now();
+    const record = this.storage.get(userId) || {
+      attempts: 0,
+      lastAttempt: null,
+      lockedAt: null,
+      lockedUntil: null
+    };
+    record.attempts += 1;
+    record.lastAttempt = now;
+    let history = this.history.get(userId) || [];
+    history.push(now);
+    if (history.length > 100) {
+      history.splice(0, history.length - 100);
+    }
+    this.history.set(userId, history);
+    this.storage.set(userId, record);
+    if (record.attempts >= this.config.maxAttempts) {
+      const lockedUntil = new Date(now + this.config.lockDuration);
+      record.lockedAt = now;
+      record.lockedUntil = lockedUntil.getTime();
+      this.storage.set(userId, record);
+      return {
+        locked: true,
+        attemptsRemaining: 0,
+        lockedUntil,
+        totalAttempts: record.attempts
+      };
+    }
+    return {
+      locked: false,
+      attemptsRemaining: Math.max(0, this.config.maxAttempts - record.attempts),
+      totalAttempts: record.attempts
+    };
+  }
+  async lockAccount(userId, duration) {
+    const now = Date.now();
+    const lockDuration = duration || this.config.lockDuration;
+    const lockedUntil = new Date(now + lockDuration);
+    const record = this.storage.get(userId) || {
+      attempts: 0,
+      lastAttempt: null,
+      lockedAt: null,
+      lockedUntil: null
+    };
+    record.attempts = this.config.maxAttempts;
+    record.lockedAt = now;
+    record.lockedUntil = lockedUntil.getTime();
+    this.storage.set(userId, record);
+  }
+  async unlockAccount(userId) {
+    await this.resetAttempts(userId);
+  }
+  async resetAttempts(userId) {
+    const record = this.storage.get(userId);
+    if (record) {
+      record.attempts = 0;
+      record.lockedAt = null;
+      record.lockedUntil = null;
+      this.storage.set(userId, record);
+    }
+    this.history.delete(userId);
+  }
+  async getLockoutHistory(userId, limit = 10) {
+    const history = this.history.get(userId) || [];
+    return history.slice(-limit).reverse().map((timestamp) => new Date(timestamp));
+  }
+  async getLockoutStats(userId) {
+    const history = this.history.get(userId) || [];
+    const totalFailedAttempts = history.length;
+    const lockoutCount = Math.floor(
+      totalFailedAttempts / this.config.maxAttempts
+    );
+    let lastLockout = null;
+    const record = this.storage.get(userId);
+    if (record && record.lockedAt !== null) {
+      lastLockout = new Date(record.lockedAt);
+    }
+    const averageAttemptsBeforeLockout = lockoutCount > 0 ? this.config.maxAttempts : 0;
+    return {
+      totalFailedAttempts,
+      lockoutCount,
+      lastLockout,
+      averageAttemptsBeforeLockout
+    };
+  }
+  shouldNotifyAdmin(currentAttempts) {
+    return this.config.notifyAdmin && currentAttempts >= this.config.adminNotifyAfter;
+  }
+  getConfig() {
+    return { ...this.config };
+  }
+  setConfig(config) {
+    this.config = { ...this.config, ...config };
+  }
+};
+var InMemoryAuditLogger = class {
+  logs = [];
+  retentionDays;
+  constructor(retentionDays = DEFAULT_RETENTION_CONFIG.retentionDays) {
+    this.retentionDays = retentionDays;
+  }
+  async log(data) {
+    const id = crypto.randomBytes(16).toString("hex");
+    const timestamp = /* @__PURE__ */ new Date();
+    const log = {
+      ...data,
+      id,
+      timestamp
+    };
+    this.logs.push(log);
+    this.cleanupOldLogs();
+    return id;
+  }
+  async get(id) {
+    return this.logs.find((log) => log.id === id) || null;
+  }
+  async query(filter = {}) {
+    const { limit = 50, offset = 0 } = filter;
+    let filteredLogs = [...this.logs];
+    if (filter.userId) {
+      filteredLogs = filteredLogs.filter((log) => log.userId === filter.userId);
+    }
+    if (filter.action) {
+      const actions = Array.isArray(filter.action) ? filter.action : [filter.action];
+      filteredLogs = filteredLogs.filter((log) => actions.includes(log.action));
+    }
+    if (filter.resource) {
+      filteredLogs = filteredLogs.filter(
+        (log) => log.resource === filter.resource
+      );
+    }
+    if (filter.resourceId) {
+      filteredLogs = filteredLogs.filter(
+        (log) => log.resourceId === filter.resourceId
+      );
+    }
+    if (filter.success !== void 0) {
+      filteredLogs = filteredLogs.filter(
+        (log) => log.success === filter.success
+      );
+    }
+    const startDate = filter.startDate;
+    const endDate = filter.endDate;
+    if (startDate !== void 0) {
+      filteredLogs = filteredLogs.filter((log) => log.timestamp >= startDate);
+    }
+    if (endDate !== void 0) {
+      filteredLogs = filteredLogs.filter((log) => log.timestamp <= endDate);
+    }
+    filteredLogs.sort((a, b) => b.timestamp.getTime() - a.timestamp.getTime());
+    const total = filteredLogs.length;
+    const paginatedLogs = filteredLogs.slice(offset, offset + limit);
+    return { logs: paginatedLogs, total };
+  }
+  async getRecent(limit = 50) {
+    const cutoffDate = new Date(Date.now() - 7 * 24 * 60 * 60 * 1e3);
+    const recentLogs = this.logs.filter((log) => log.timestamp >= cutoffDate).sort((a, b) => b.timestamp.getTime() - a.timestamp.getTime()).slice(0, limit);
+    return recentLogs;
+  }
+  async getUserActivity(userId, limit = 50) {
+    const userLogs = this.logs.filter((log) => log.userId === userId).sort((a, b) => b.timestamp.getTime() - a.timestamp.getTime()).slice(0, limit);
+    return userLogs;
+  }
+  async getStats(startDate, endDate) {
+    const start = startDate || new Date(Date.now() - 30 * 24 * 60 * 60 * 1e3);
+    const end = endDate || /* @__PURE__ */ new Date();
+    const filteredLogs = this.logs.filter(
+      (log) => log.timestamp >= start && log.timestamp <= end
+    );
+    const byAction = {};
+    let totalEvents = 0;
+    let failedLogins = 0;
+    let successCount = 0;
+    const uniqueUsers = /* @__PURE__ */ new Set();
+    for (const log of filteredLogs) {
+      totalEvents++;
+      const action = log.action;
+      byAction[action] = (byAction[action] || 0) + 1;
+      if (log.success) {
+        successCount++;
+      }
+      if (log.action === "login_failed") {
+        failedLogins++;
+      }
+      if (log.userId) {
+        uniqueUsers.add(log.userId);
+      }
+    }
+    return {
+      totalEvents,
+      byAction,
+      successRate: totalEvents > 0 ? successCount / totalEvents : 1,
+      failedLogins,
+      uniqueUsers
+    };
+  }
+  async cleanup() {
+    const cutoffDate = new Date(
+      Date.now() - this.retentionDays * 24 * 60 * 60 * 1e3
+    );
+    const initialCount = this.logs.length;
+    this.logs = this.logs.filter((log) => log.timestamp >= cutoffDate);
+    return initialCount - this.logs.length;
+  }
+  cleanupOldLogs() {
+    const cutoffDate = new Date(
+      Date.now() - this.retentionDays * 24 * 60 * 60 * 1e3
+    );
+    this.logs.length;
+    this.logs = this.logs.filter((log) => log.timestamp >= cutoffDate);
+  }
+};
+function createAuditContext2(req) {
+  return {
+    ipAddress: req.headers.get("x-forwarded-for")?.split(",")[0]?.trim() || req.headers.get("x-real-ip") || "unknown",
+    userAgent: req.headers.get("user-agent") || "unknown"
+  };
+}
 function defaultExtractToken(req) {
   const authHeader = req.headers.get("Authorization");
   if (authHeader?.startsWith("Bearer ")) {
@@ -2795,7 +3091,7 @@ function generateToken(payload, secret, options = {}) {
 
 // src/api/rest/auth-routes.ts
 var AuthRoutes = class {
-  redis;
+  authAdapter;
   email;
   jwtSecret;
   jwtExpiresIn;
@@ -2808,13 +3104,13 @@ var AuthRoutes = class {
   baseUrl;
   emailVerificationRequired;
   constructor(config) {
-    this.redis = config.redis;
+    this.authAdapter = config.redis;
     this.email = config.email;
     this.jwtSecret = config.jwtSecret;
     this.jwtExpiresIn = config.jwtExpiresIn || "24h";
     this.jwtIssuer = config.jwtIssuer;
     this.jwtAudience = config.jwtAudience;
-    this.passwordPolicy = config.passwordPolicy || new chunkI4BORBXT_cjs.PasswordPolicy();
+    this.passwordPolicy = config.passwordPolicy || new chunk3EVLFWH2_cjs.PasswordPolicy();
     this.lockout = config.lockout;
     this.rateLimiter = config.rateLimiter;
     this.auditLogger = config.auditLogger;
@@ -2822,7 +3118,7 @@ var AuthRoutes = class {
     this.emailVerificationRequired = config.emailVerificationRequired ?? true;
   }
   async register(req) {
-    const { ipAddress, userAgent } = createAuditContext(req);
+    const { ipAddress, userAgent } = createAuditContext2(req);
     if (this.rateLimiter) {
       const limit = await this.rateLimiter.check("auth:register", ipAddress);
       if (!limit.allowed) {
@@ -2841,12 +3137,12 @@ var AuthRoutes = class {
       if (!passwordValidation.valid) {
         return this.errorResponse(passwordValidation.errors.join(". "), 400);
       }
-      const existingUser = await this.redis.findUserByEmail(body.email);
+      const existingUser = await this.authAdapter.findUserByEmail(body.email);
       if (existingUser) {
         return this.errorResponse("Email already registered", 400);
       }
-      const passwordHash = await this.redis.hashPassword(body.password);
-      const user = await this.redis.createUser({
+      const passwordHash = await this.authAdapter.hashPassword(body.password);
+      const user = await this.authAdapter.createUser({
         email: body.email,
         passwordHash,
         role: body.role || "customer",
@@ -2855,7 +3151,7 @@ var AuthRoutes = class {
       if (this.emailVerificationRequired && this.email) {
         const verificationToken = crypto.randomBytes(32).toString("hex");
         const verificationUrl = `${this.baseUrl}/api/auth/verify?token=${verificationToken}`;
-        await this.redis.createSession(user.id, { ipAddress, userAgent });
+        await this.authAdapter.createSession(user.id, { ipAddress, userAgent });
         const template = this.email.getTemplates().verifyEmail(verificationUrl, body.email);
         await this.email.send({ to: body.email, ...template });
       }
@@ -2884,7 +3180,7 @@ var AuthRoutes = class {
     }
   }
   async login(req) {
-    const { ipAddress, userAgent } = createAuditContext(req);
+    const { ipAddress, userAgent } = createAuditContext2(req);
     if (this.rateLimiter) {
       const limit = await this.rateLimiter.check("auth:login", ipAddress);
       if (!limit.allowed) {
@@ -2896,7 +3192,7 @@ var AuthRoutes = class {
       if (!body.email || !body.password) {
         return this.errorResponse("Email and password are required", 400);
       }
-      const user = await this.redis.findUserByEmail(body.email);
+      const user = await this.authAdapter.findUserByEmail(body.email);
       if (!user) {
         await this.recordFailedLogin(ipAddress, userAgent);
         return this.errorResponse("Invalid credentials", 401);
@@ -2922,7 +3218,10 @@ var AuthRoutes = class {
           );
         }
       }
-      const validPassword = user.passwordHash ? await this.redis.verifyPassword(body.password, user.passwordHash) : false;
+      const validPassword = user.passwordHash ? await this.authAdapter.verifyPassword(
+        body.password,
+        user.passwordHash
+      ) : false;
       if (!validPassword) {
         await this.recordFailedLogin(ipAddress, userAgent, user.id, user.email);
         return this.errorResponse("Invalid credentials", 401);
@@ -2930,7 +3229,7 @@ var AuthRoutes = class {
       if (this.lockout) {
         await this.lockout.resetAttempts(user.id);
       }
-      const session = await this.redis.createSession(user.id, {
+      const session = await this.authAdapter.createSession(user.id, {
         ipAddress,
         userAgent
       });
@@ -2959,7 +3258,7 @@ var AuthRoutes = class {
           success: true
         });
       }
-      await this.redis.updateUser(user.id, {
+      await this.authAdapter.updateUser(user.id, {
         lastLogin: (/* @__PURE__ */ new Date()).toISOString()
       });
       return this.jsonResponse({
@@ -2978,11 +3277,11 @@ var AuthRoutes = class {
     if (!token) {
       return this.errorResponse("No session to logout", 401);
     }
-    const { ipAddress, userAgent } = createAuditContext(req);
+    const { ipAddress, userAgent } = createAuditContext2(req);
     try {
       const payload = jwt2__default.default.decode(token);
       if (payload && payload.sub) {
-        await this.redis.deleteUserSessions(payload.sub);
+        await this.authAdapter.deleteUserSessions(payload.sub);
         if (this.auditLogger) {
           await this.auditLogger.log({
             action: "logout",
@@ -3025,7 +3324,7 @@ var AuthRoutes = class {
         issuer: this.jwtIssuer,
         audience: this.jwtAudience
       });
-      const user = await this.redis.findUserById(payload.sub);
+      const user = await this.authAdapter.findUserById(payload.sub);
       if (!user) {
         return this.errorResponse("User not found", 404);
       }
@@ -3042,7 +3341,7 @@ var AuthRoutes = class {
     if (!token) {
       return this.errorResponse("Not authenticated", 401);
     }
-    const { ipAddress, userAgent } = createAuditContext(req);
+    const { ipAddress, userAgent } = createAuditContext2(req);
     try {
       const payload = jwt2__default.default.verify(token, this.jwtSecret);
       const body = await req.json();
@@ -3057,16 +3356,22 @@ var AuthRoutes = class {
       if (!passwordValidation.valid) {
         return this.errorResponse(passwordValidation.errors.join(". "), 400);
       }
-      const user = await this.redis.findUserById(payload.sub);
+      const user = await this.authAdapter.findUserById(payload.sub);
       if (!user) {
         return this.errorResponse("User not found", 404);
       }
-      const validPassword = user.passwordHash ? await this.redis.verifyPassword(currentPassword, user.passwordHash) : false;
+      const validPassword = user.passwordHash ? await this.authAdapter.verifyPassword(
+        currentPassword,
+        user.passwordHash
+      ) : false;
       if (!validPassword) {
         return this.errorResponse("Current password is incorrect", 401);
       }
-      const passwordHistory = await this.redis.getPasswordHistory(user.id, 5);
-      const isReused = await this.redis.isPasswordInHistory(
+      const passwordHistory = await this.authAdapter.getPasswordHistory?.(
+        user.id,
+        5
+      );
+      const isReused = await this.authAdapter.isPasswordInHistory?.(
         newPassword,
         user.id,
         5
@@ -3077,12 +3382,17 @@ var AuthRoutes = class {
           400
         );
       }
-      const newPasswordHash = await this.redis.hashPassword(newPassword);
+      const newPasswordHash = await this.authAdapter.hashPassword(newPassword);
       if (user.passwordHash) {
-        await this.redis.addPasswordToHistory(user.id, user.passwordHash);
+        await this.authAdapter.addPasswordToHistory?.(
+          user.id,
+          user.passwordHash
+        );
       }
-      await this.redis.updateUser(user.id, { passwordHash: newPasswordHash });
-      await this.redis.deleteUserSessions(user.id);
+      await this.authAdapter.updateUser(user.id, {
+        passwordHash: newPasswordHash
+      });
+      await this.authAdapter.deleteUserSessions(user.id);
       if (this.email && this.email.getTemplates) {
         const template = this.email.getTemplates().passwordChanged(user.email);
         await this.email.send({ to: user.email, ...template });
@@ -3107,7 +3417,7 @@ var AuthRoutes = class {
     }
   }
   async forgotPassword(req) {
-    const { ipAddress, userAgent } = createAuditContext(req);
+    const { ipAddress, userAgent } = createAuditContext2(req);
     if (this.rateLimiter) {
       const limit = await this.rateLimiter.check("auth:forgot", ipAddress);
       if (!limit.allowed) {
@@ -3120,7 +3430,7 @@ var AuthRoutes = class {
       if (!email) {
         return this.errorResponse("Email required", 400);
       }
-      const user = await this.redis.findUserByEmail(email);
+      const user = await this.authAdapter.findUserByEmail(email);
       if (!user) {
         return this.jsonResponse({
           success: true,
@@ -3233,23 +3543,72 @@ function getEnvNum(key, fallback = 0) {
   if (!val) return fallback;
   return parseInt(val, 10);
 }
-async function createAuthConfig() {
-  const redisUrl = getEnv("REDIS_URL", "redis://localhost:6379");
-  const redisKeyPrefix = getEnv("REDIS_KEY_PREFIX", "kyro:auth:");
-  const redisSessionTTL = getEnvNum("REDIS_SESSION_TTL", 86400);
-  const redisRefreshTTL = getEnvNum("REDIS_REFRESH_TOKEN_TTL", 604800);
-  const redisAdapter = new chunkI4BORBXT_cjs.RedisAuthAdapter({
-    url: redisUrl,
-    keyPrefix: redisKeyPrefix,
-    tokenExpiration: redisSessionTTL,
-    refreshTokenExpiration: redisRefreshTTL,
-    tls: getEnvBool("REDIS_TLS", false)
-  });
-  await redisAdapter.connect();
-  const redisClient = redisAdapter.redis;
+function detectDatabaseType() {
+  const envDb = process.env.KYRO_AUTH_DATABASE?.toLowerCase();
+  if (envDb && ["sqlite", "postgres", "mysql", "mongodb", "memory"].includes(envDb)) {
+    return envDb;
+  }
+  try {
+    const { readFileSync } = chunk5BLDMQED_cjs.__require("fs");
+    const { join } = chunk5BLDMQED_cjs.__require("path");
+    const configPath = join(process.cwd(), "kyro.config.ts");
+    const configContent = readFileSync(configPath, "utf8");
+    if (configContent.includes("createLocalAdapter")) {
+      return "sqlite";
+    } else if (configContent.includes("createDrizzleAdapter")) {
+      if (configContent.includes("postgres") || configContent.includes("postgresql")) {
+        return "postgres";
+      } else if (configContent.includes("mysql")) {
+        return "mysql";
+      }
+      return "postgres";
+    } else if (configContent.includes("createMongoDBAdapter")) {
+      return "mongodb";
+    }
+  } catch {
+  }
+  return "memory";
+}
+async function createAuthAdapter(databaseType) {
+  switch (databaseType) {
+    case "sqlite":
+      return new chunk3EVLFWH2_cjs.SQLiteAuthAdapter({
+        path: getEnv("KYRO_AUTH_DB_PATH", "./data/auth.db")
+      });
+    case "postgres":
+    case "mysql":
+      return new chunk3EVLFWH2_cjs.SQLiteAuthAdapter({
+        path: getEnv("KYRO_AUTH_DB_PATH", "./data/auth.db")
+      });
+    case "mongodb":
+      return new chunk3EVLFWH2_cjs.SQLiteAuthAdapter({
+        path: getEnv("KYRO_AUTH_DB_PATH", "./data/auth.db")
+      });
+    case "memory":
+    default:
+      return new InMemoryAuthAdapter();
+  }
+}
+async function createAuthConfig(databaseType) {
+  const distributed = getEnvBool("KYRO_DISTRIBUTED", false);
+  let authAdapter;
+  if (distributed) {
+    const { RedisAuthAdapter: RedisAuthAdapter2 } = await import('./redis-adapter-LBLNKGNS.cjs');
+    const redisUrl = getEnv("REDIS_URL", "redis://localhost:6379");
+    const redisTls = getEnvBool("REDIS_TLS", false);
+    const redisAdapter = new RedisAuthAdapter2({ url: redisUrl, tls: redisTls });
+    await redisAdapter.connect?.();
+    authAdapter = redisAdapter;
+  } else {
+    const initialDbType = databaseType || detectDatabaseType();
+    authAdapter = await createAuthAdapter(initialDbType);
+    if (authAdapter.connect) {
+      await authAdapter.connect();
+    }
+  }
   const emailConfig = getEmailConfig();
-  const email = emailConfig ? new chunkI4BORBXT_cjs.EmailTransport(emailConfig) : void 0;
-  const passwordPolicy = new chunkI4BORBXT_cjs.PasswordPolicy({
+  const email = emailConfig ? new chunk3EVLFWH2_cjs.EmailTransport(emailConfig) : void 0;
+  const passwordPolicy = new chunk3EVLFWH2_cjs.PasswordPolicy({
     minLength: getEnvNum("PASSWORD_MIN_LENGTH", 12),
     requireUppercase: getEnvBool("PASSWORD_REQUIRE_UPPERCASE", true),
     requireLowercase: getEnvBool("PASSWORD_REQUIRE_LOWERCASE", true),
@@ -3259,14 +3618,15 @@ async function createAuthConfig() {
     maxLength: getEnvNum("PASSWORD_MAX_LENGTH", 128)
   });
   let lockout;
-  if (getEnvBool("LOCKOUT_ENABLED", true)) {
+  let rateLimiter;
+  let auditLogger;
+  if (distributed) {
+    const redis = authAdapter;
+    const redisClient = redis.redis;
     lockout = new AccountLockout(redisClient, {
       maxAttempts: getEnvNum("LOCKOUT_MAX_ATTEMPTS", 5),
       lockDuration: getEnvNum("LOCKOUT_DURATION_MINUTES", 15) * 60 * 1e3
     });
-  }
-  let rateLimiter;
-  if (getEnvBool("RATE_LIMIT_ENABLED", true)) {
     rateLimiter = new RateLimiter(redisClient, {
       "auth:login": {
         window: getEnvNum("RATE_LIMIT_AUTH_WINDOW_MS", 9e5),
@@ -3277,16 +3637,29 @@ async function createAuthConfig() {
         max: getEnvNum("RATE_LIMIT_MAX_REQUESTS", 100)
       }
     });
-  }
-  let auditLogger;
-  if (getEnvBool("AUDIT_LOG_ENABLED", true)) {
     auditLogger = new AuditLogger(
       redisClient,
       getEnvNum("AUDIT_LOG_RETENTION_DAYS", 30)
     );
+  } else {
+    lockout = new InMemoryAccountLockout({
+      maxAttempts: getEnvNum("LOCKOUT_MAX_ATTEMPTS", 5),
+      lockDuration: getEnvNum("LOCKOUT_DURATION_MINUTES", 15) * 60 * 1e3
+    });
+    rateLimiter = new InMemoryRateLimiter({
+      "auth:login": {
+        window: getEnvNum("RATE_LIMIT_AUTH_WINDOW_MS", 9e5),
+        max: getEnvNum("RATE_LIMIT_AUTH_MAX_REQUESTS", 10)
+      },
+      "api:general": {
+        window: getEnvNum("RATE_LIMIT_WINDOW_MS", 6e4),
+        max: getEnvNum("RATE_LIMIT_MAX_REQUESTS", 100)
+      }
+    });
+    auditLogger = getEnvBool("AUDIT_LOG_ENABLED", true) ? new InMemoryAuditLogger(getEnvNum("AUDIT_LOG_RETENTION_DAYS", 30)) : void 0;
   }
   const routes = new AuthRoutes({
-    redis: redisAdapter,
+    redis: authAdapter,
     email,
     jwtSecret: getEnv("JWT_SECRET", "change-me"),
     jwtExpiresIn: getEnv("JWT_EXPIRES_IN", "24h"),
@@ -3299,9 +3672,10 @@ async function createAuthConfig() {
     baseUrl: getEnv("EMAIL_BASE_URL", "http://localhost:4321"),
     emailVerificationRequired: getEnvBool("EMAIL_VERIFICATION_REQUIRED", true)
   });
+  const actualDbType = distributed ? "distributed" : databaseType || detectDatabaseType();
   return {
-    redis: redisAdapter,
-    redisClient,
+    authAdapter,
+    databaseType: actualDbType,
     email,
     passwordPolicy,
     lockout,
@@ -3491,7 +3865,7 @@ var Auth = class {
     return jwt2__default.default.sign(payload, this.config.secret, signOptions);
   }
   async hashPassword(password) {
-    return bcrypt2__default.default.hash(password, this.config.saltRounds);
+    return bcrypt__default.default.hash(password, this.config.saltRounds);
   }
   parseExpiresIn(value) {
     if (typeof value === "number") return value;
@@ -3736,29 +4110,33 @@ Object.defineProperty(exports, "minimalCollections", {
   enumerable: true,
   get: function () { return chunkF5B64H5S_cjs.minimalCollections; }
 });
+Object.defineProperty(exports, "RedisAuthAdapter", {
+  enumerable: true,
+  get: function () { return chunkA3RQWHKD_cjs.RedisAuthAdapter; }
+});
 Object.defineProperty(exports, "EmailTransport", {
   enumerable: true,
-  get: function () { return chunkI4BORBXT_cjs.EmailTransport; }
+  get: function () { return chunk3EVLFWH2_cjs.EmailTransport; }
 });
 Object.defineProperty(exports, "PasswordPolicy", {
   enumerable: true,
-  get: function () { return chunkI4BORBXT_cjs.PasswordPolicy; }
+  get: function () { return chunk3EVLFWH2_cjs.PasswordPolicy; }
 });
-Object.defineProperty(exports, "RedisAuthAdapter", {
+Object.defineProperty(exports, "SQLiteAuthAdapter", {
   enumerable: true,
-  get: function () { return chunkI4BORBXT_cjs.RedisAuthAdapter; }
+  get: function () { return chunk3EVLFWH2_cjs.SQLiteAuthAdapter; }
 });
 Object.defineProperty(exports, "autoBootstrap", {
   enumerable: true,
-  get: function () { return chunkI4BORBXT_cjs.autoBootstrap; }
+  get: function () { return chunk3EVLFWH2_cjs.autoBootstrap; }
 });
 Object.defineProperty(exports, "bootstrapAdmin", {
   enumerable: true,
-  get: function () { return chunkI4BORBXT_cjs.bootstrapAdmin; }
+  get: function () { return chunk3EVLFWH2_cjs.bootstrapAdmin; }
 });
 Object.defineProperty(exports, "getBootstrapFromEnv", {
   enumerable: true,
-  get: function () { return chunkI4BORBXT_cjs.getBootstrapFromEnv; }
+  get: function () { return chunk3EVLFWH2_cjs.getBootstrapFromEnv; }
 });
 Object.defineProperty(exports, "createContext", {
   enumerable: true,
@@ -3858,19 +4236,19 @@ Object.defineProperty(exports, "fieldToDrizzleType", {
 });
 Object.defineProperty(exports, "PostgresAuthAdapter", {
   enumerable: true,
-  get: function () { return chunkKWTKEBHM_cjs.PostgresAuthAdapter; }
+  get: function () { return chunkYD7Y25W7_cjs.PostgresAuthAdapter; }
 });
 Object.defineProperty(exports, "createDatabase", {
   enumerable: true,
-  get: function () { return chunkU4CHJTWX_cjs.createDatabase; }
+  get: function () { return chunk7G6EVYCU_cjs.createDatabase; }
 });
 Object.defineProperty(exports, "runMigrations", {
   enumerable: true,
-  get: function () { return chunkU4CHJTWX_cjs.runMigrations; }
+  get: function () { return chunk7G6EVYCU_cjs.runMigrations; }
 });
 Object.defineProperty(exports, "seedDefaultRoles", {
   enumerable: true,
-  get: function () { return chunkU4CHJTWX_cjs.seedDefaultRoles; }
+  get: function () { return chunk7G6EVYCU_cjs.seedDefaultRoles; }
 });
 Object.defineProperty(exports, "MongoDBAdapter", {
   enumerable: true,
@@ -3897,6 +4275,10 @@ exports.COMPLEX_FIELD_TYPES = COMPLEX_FIELD_TYPES;
 exports.CSSGenerator = CSSGenerator;
 exports.CommentsPlugin = CommentsPlugin;
 exports.ConfigValidationError = ConfigValidationError;
+exports.InMemoryAccountLockout = InMemoryAccountLockout;
+exports.InMemoryAuditLogger = InMemoryAuditLogger;
+exports.InMemoryAuthAdapter = InMemoryAuthAdapter;
+exports.InMemoryRateLimiter = InMemoryRateLimiter;
 exports.Kyro = Kyro;
 exports.KyroPlugin = KyroPlugin;
 exports.LAYOUT_FIELD_TYPES = LAYOUT_FIELD_TYPES;
@@ -3908,7 +4290,6 @@ exports.RateLimiter = RateLimiter;
 exports.Registry = Registry;
 exports.ReviewsPlugin = ReviewsPlugin;
 exports.SEOPLugin = SEOPLugin;
-exports.SQLiteAuthAdapter = SQLiteAuthAdapter;
 exports.VersionManager = VersionManager;
 exports.WishlistPlugin = WishlistPlugin;
 exports.authConfig = authConfig;