npm - @lastshotlabs/bunshot - Versions diffs - 0.0.27 → 0.1.0 - Mend

@lastshotlabs/bunshot 0.0.27 → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (742) hide show

package/.oclif.manifest.json +39 -0
package/README.md +8282 -2147
package/dist/cli/commands/init.js +690 -0
package/dist/cli/index.js +6 -0
package/dist/cli.js +4 -4
package/dist/packages/bunshot-admin/src/index.d.ts +15 -0
package/dist/packages/bunshot-admin/src/index.js +11 -0
package/dist/packages/bunshot-admin/src/lib/resourceTypes.d.ts +8 -0
package/dist/packages/bunshot-admin/src/lib/resourceTypes.js +33 -0
package/dist/packages/bunshot-admin/src/lib/typedRoute.d.ts +14 -0
package/dist/packages/bunshot-admin/src/lib/typedRoute.js +17 -0
package/dist/packages/bunshot-admin/src/plugin.d.ts +4 -0
package/dist/packages/bunshot-admin/src/plugin.js +46 -0
package/dist/packages/bunshot-admin/src/providers/auth0Access.d.ts +6 -0
package/dist/packages/bunshot-admin/src/providers/auth0Access.js +32 -0
package/dist/packages/bunshot-admin/src/routes/admin.d.ts +10 -0
package/dist/packages/bunshot-admin/src/routes/admin.js +923 -0
package/dist/packages/bunshot-admin/src/routes/mail.d.ts +6 -0
package/dist/packages/bunshot-admin/src/routes/mail.js +114 -0
package/dist/packages/bunshot-admin/src/routes/permissions.d.ts +8 -0
package/dist/packages/bunshot-admin/src/routes/permissions.js +315 -0
package/dist/packages/bunshot-admin/src/types/config.d.ts +16 -0
package/dist/packages/bunshot-admin/src/types/config.js +37 -0
package/dist/packages/bunshot-admin/src/types/env.d.ts +14 -0
package/dist/packages/bunshot-admin/src/types/provider.d.ts +1 -0
package/dist/packages/bunshot-admin/src/types/provider.js +4 -0
package/dist/packages/bunshot-auth/src/adapters/memoryAuth.d.ts +66 -0
package/dist/packages/bunshot-auth/src/adapters/memoryAuth.js +1063 -0
package/dist/packages/bunshot-auth/src/adapters/mongoAuth.d.ts +2 -0
package/dist/packages/bunshot-auth/src/adapters/mongoAuth.js +536 -0
package/dist/packages/bunshot-auth/src/adapters/sqliteAuth.d.ts +88 -0
package/dist/packages/bunshot-auth/src/adapters/sqliteAuth.js +1366 -0
package/dist/packages/bunshot-auth/src/admin/bunshotAccess.d.ts +2 -0
package/dist/packages/bunshot-auth/src/admin/bunshotAccess.js +23 -0
package/dist/packages/bunshot-auth/src/admin/bunshotUsers.d.ts +5 -0
package/dist/packages/bunshot-auth/src/admin/bunshotUsers.js +131 -0
package/dist/packages/bunshot-auth/src/bootstrap.d.ts +38 -0
package/dist/packages/bunshot-auth/src/bootstrap.js +384 -0
package/dist/packages/bunshot-auth/src/config/appConfig.d.ts +3 -0
package/dist/packages/bunshot-auth/src/config/appConfig.js +4 -0
package/dist/packages/bunshot-auth/src/config/authConfig.d.ts +478 -0
package/dist/packages/bunshot-auth/src/config/authConfig.js +46 -0
package/dist/packages/bunshot-auth/src/config/configLock.d.ts +2 -0
package/dist/packages/bunshot-auth/src/config/configLock.js +10 -0
package/dist/packages/bunshot-auth/src/index.d.ts +25 -0
package/dist/packages/bunshot-auth/src/index.js +23 -0
package/dist/packages/bunshot-auth/src/infra/mongo.d.ts +15 -0
package/dist/packages/bunshot-auth/src/infra/mongo.js +44 -0
package/dist/packages/bunshot-auth/src/infra/queue.d.ts +14 -0
package/dist/packages/bunshot-auth/src/infra/queue.js +27 -0
package/dist/packages/bunshot-auth/src/infra/redis.d.ts +5 -0
package/dist/packages/bunshot-auth/src/infra/redis.js +15 -0
package/dist/packages/bunshot-auth/src/infra/signing.d.ts +7 -0
package/dist/packages/bunshot-auth/src/infra/signing.js +8 -0
package/dist/packages/bunshot-auth/src/lib/accountLockout.d.ts +34 -0
package/dist/packages/bunshot-auth/src/lib/accountLockout.js +244 -0
package/dist/packages/bunshot-auth/src/lib/adapterTiers.d.ts +1 -0
package/dist/packages/bunshot-auth/src/lib/adapterTiers.js +1 -0
package/dist/packages/bunshot-auth/src/lib/authAdapter.d.ts +1 -0
package/dist/packages/bunshot-auth/src/lib/authAdapter.js +1 -0
package/dist/packages/bunshot-auth/src/lib/authContext.d.ts +15 -0
package/dist/packages/bunshot-auth/src/lib/authContext.js +1 -0
package/dist/packages/bunshot-auth/src/lib/authEventBus.d.ts +4 -0
package/dist/packages/bunshot-auth/src/lib/authEventBus.js +15 -0
package/dist/packages/bunshot-auth/src/lib/authRateLimit.d.ts +28 -0
package/dist/packages/bunshot-auth/src/lib/authRateLimit.js +205 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/breachedPassword.d.ts +8 -2
package/dist/{lib → packages/bunshot-auth/src/lib}/breachedPassword.js +22 -9
package/dist/packages/bunshot-auth/src/lib/cache.d.ts +12 -0
package/dist/packages/bunshot-auth/src/lib/cache.js +120 -0
package/dist/packages/bunshot-auth/src/lib/clientIp.d.ts +4 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/clientIp.js +14 -7
package/dist/packages/bunshot-auth/src/lib/cookieOptions.d.ts +27 -0
package/dist/packages/bunshot-auth/src/lib/cookieOptions.js +33 -0
package/dist/packages/bunshot-auth/src/lib/credentialStuffing.d.ts +40 -0
package/dist/packages/bunshot-auth/src/lib/credentialStuffing.js +211 -0
package/dist/packages/bunshot-auth/src/lib/deletionCancelToken.d.ts +19 -0
package/dist/packages/bunshot-auth/src/lib/deletionCancelToken.js +148 -0
package/dist/packages/bunshot-auth/src/lib/emailTemplates.d.ts +23 -0
package/dist/packages/bunshot-auth/src/lib/emailTemplates.js +265 -0
package/dist/packages/bunshot-auth/src/lib/emailVerification.d.ts +30 -0
package/dist/packages/bunshot-auth/src/lib/emailVerification.js +200 -0
package/dist/packages/bunshot-auth/src/lib/env.d.ts +1 -0
package/dist/packages/bunshot-auth/src/lib/env.js +3 -0
package/dist/packages/bunshot-auth/src/lib/fingerprint.js +36 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/groups.d.ts +15 -16
package/dist/{lib → packages/bunshot-auth/src/lib}/groups.js +22 -34
package/dist/packages/bunshot-auth/src/lib/jwks.d.ts +28 -0
package/dist/packages/bunshot-auth/src/lib/jwks.js +79 -0
package/dist/packages/bunshot-auth/src/lib/jwt.d.ts +12 -0
package/dist/packages/bunshot-auth/src/lib/jwt.js +86 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/logger.js +3 -3
package/dist/{lib → packages/bunshot-auth/src/lib}/m2m.d.ts +5 -4
package/dist/{lib → packages/bunshot-auth/src/lib}/m2m.js +6 -10
package/dist/packages/bunshot-auth/src/lib/magicLink.d.ts +13 -0
package/dist/packages/bunshot-auth/src/lib/magicLink.js +145 -0
package/dist/packages/bunshot-auth/src/lib/mfaChallenge.d.ts +60 -0
package/dist/packages/bunshot-auth/src/lib/mfaChallenge.js +419 -0
package/dist/packages/bunshot-auth/src/lib/oauth.d.ts +82 -0
package/dist/packages/bunshot-auth/src/lib/oauth.js +177 -0
package/dist/packages/bunshot-auth/src/lib/oauthCode.d.ts +19 -0
package/dist/packages/bunshot-auth/src/lib/oauthCode.js +182 -0
package/dist/packages/bunshot-auth/src/lib/oauthReauth.d.ts +19 -0
package/dist/packages/bunshot-auth/src/lib/oauthReauth.js +255 -0
package/dist/packages/bunshot-auth/src/lib/organization.d.ts +66 -0
package/dist/packages/bunshot-auth/src/lib/organization.js +225 -0
package/dist/packages/bunshot-auth/src/lib/passwordHistory.d.ts +12 -0
package/dist/packages/bunshot-auth/src/lib/passwordHistory.js +31 -0
package/dist/packages/bunshot-auth/src/lib/resetPassword.d.ts +20 -0
package/dist/packages/bunshot-auth/src/lib/resetPassword.js +148 -0
package/dist/packages/bunshot-auth/src/lib/roles.d.ts +9 -0
package/dist/packages/bunshot-auth/src/lib/roles.js +93 -0
package/dist/packages/bunshot-auth/src/lib/saml.d.ts +29 -0
package/dist/packages/bunshot-auth/src/lib/saml.js +73 -0
package/dist/packages/bunshot-auth/src/lib/samlRequestId.d.ts +13 -0
package/dist/packages/bunshot-auth/src/lib/samlRequestId.js +129 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/scim.d.ts +7 -7
package/dist/{lib → packages/bunshot-auth/src/lib}/scim.js +15 -13
package/dist/packages/bunshot-auth/src/lib/securityEventWiring.d.ts +22 -0
package/dist/packages/bunshot-auth/src/lib/securityEventWiring.js +65 -0
package/dist/packages/bunshot-auth/src/lib/session.d.ts +45 -0
package/dist/packages/bunshot-auth/src/lib/session.js +1211 -0
package/dist/packages/bunshot-auth/src/lib/storeInfra.d.ts +26 -0
package/dist/packages/bunshot-auth/src/lib/storeInfra.js +18 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/suspension.d.ts +3 -2
package/dist/{lib → packages/bunshot-auth/src/lib}/suspension.js +2 -5
package/dist/packages/bunshot-auth/src/lib/validateAdapter.d.ts +16 -0
package/dist/packages/bunshot-auth/src/lib/validateAdapter.js +161 -0
package/dist/packages/bunshot-auth/src/middleware/bearerAuth.d.ts +13 -0
package/dist/packages/bunshot-auth/src/middleware/bearerAuth.js +58 -0
package/dist/{middleware → packages/bunshot-auth/src/middleware}/csrf.d.ts +5 -4
package/dist/packages/bunshot-auth/src/middleware/csrf.js +138 -0
package/dist/packages/bunshot-auth/src/middleware/identify.d.ts +4 -0
package/dist/packages/bunshot-auth/src/middleware/identify.js +124 -0
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireMfaSetup.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireMfaSetup.js +10 -8
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireRole.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireRole.js +20 -16
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireScope.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireScope.js +6 -6
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireStepUp.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireStepUp.js +8 -7
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireVerifiedEmail.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireVerifiedEmail.js +7 -6
package/dist/packages/bunshot-auth/src/middleware/scimAuth.d.ts +8 -0
package/dist/packages/bunshot-auth/src/middleware/scimAuth.js +29 -0
package/dist/packages/bunshot-auth/src/middleware/userAuth.d.ts +3 -0
package/dist/packages/bunshot-auth/src/middleware/userAuth.js +6 -0
package/dist/{models → packages/bunshot-auth/src/models}/AuthUser.d.ts +12 -8
package/dist/packages/bunshot-auth/src/models/AuthUser.js +53 -0
package/dist/packages/bunshot-auth/src/models/Group.d.ts +19 -0
package/dist/packages/bunshot-auth/src/models/Group.js +22 -0
package/dist/{models → packages/bunshot-auth/src/models}/GroupMembership.d.ts +6 -8
package/dist/packages/bunshot-auth/src/models/GroupMembership.js +19 -0
package/dist/{models → packages/bunshot-auth/src/models}/M2MClient.d.ts +1 -1
package/dist/{models → packages/bunshot-auth/src/models}/M2MClient.js +5 -5
package/dist/packages/bunshot-auth/src/models/TenantRole.d.ts +13 -0
package/dist/packages/bunshot-auth/src/models/TenantRole.js +17 -0
package/dist/packages/bunshot-auth/src/plugin.d.ts +4 -0
package/dist/packages/bunshot-auth/src/plugin.js +277 -0
package/dist/packages/bunshot-auth/src/routes/auth.d.ts +15 -0
package/dist/packages/bunshot-auth/src/routes/auth.js +1624 -0
package/dist/packages/bunshot-auth/src/routes/groups.d.ts +4 -0
package/dist/packages/bunshot-auth/src/routes/groups.js +481 -0
package/dist/packages/bunshot-auth/src/routes/m2m.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/m2m.js +145 -0
package/dist/packages/bunshot-auth/src/routes/mfa.d.ts +6 -0
package/dist/packages/bunshot-auth/src/routes/mfa.js +991 -0
package/dist/packages/bunshot-auth/src/routes/oauth.d.ts +3 -0
package/dist/packages/bunshot-auth/src/routes/oauth.js +1727 -0
package/dist/packages/bunshot-auth/src/routes/oidc.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/oidc.js +84 -0
package/dist/packages/bunshot-auth/src/routes/organizations.d.ts +3 -0
package/dist/packages/bunshot-auth/src/routes/organizations.js +741 -0
package/dist/packages/bunshot-auth/src/routes/passkey.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/passkey.js +199 -0
package/dist/packages/bunshot-auth/src/routes/saml.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/saml.js +226 -0
package/dist/packages/bunshot-auth/src/routes/scim.d.ts +3 -0
package/dist/packages/bunshot-auth/src/routes/scim.js +588 -0
package/dist/packages/bunshot-auth/src/runtime.d.ts +52 -0
package/dist/packages/bunshot-auth/src/runtime.js +11 -0
package/dist/{schemas → packages/bunshot-auth/src/schemas}/auth.d.ts +4 -5
package/dist/packages/bunshot-auth/src/schemas/auth.js +24 -0
package/dist/packages/bunshot-auth/src/schemas/error.d.ts +10 -0
package/dist/packages/bunshot-auth/src/schemas/error.js +10 -0
package/dist/packages/bunshot-auth/src/schemas/success.d.ts +10 -0
package/dist/packages/bunshot-auth/src/schemas/success.js +10 -0
package/dist/packages/bunshot-auth/src/services/auth.d.ts +39 -0
package/dist/packages/bunshot-auth/src/services/auth.js +378 -0
package/dist/{services → packages/bunshot-auth/src/services}/mfa.d.ts +41 -17
package/dist/{services → packages/bunshot-auth/src/services}/mfa.js +259 -183
package/dist/packages/bunshot-auth/src/testing.d.ts +31 -0
package/dist/packages/bunshot-auth/src/testing.js +23 -0
package/dist/packages/bunshot-auth/src/types/adapter.d.ts +1 -0
package/dist/packages/bunshot-auth/src/types/adapter.js +1 -0
package/dist/packages/bunshot-auth/src/types/config.d.ts +152 -0
package/dist/packages/bunshot-auth/src/types/config.js +179 -0
package/dist/{routes → packages/bunshot-auth/src/types}/groups.d.ts +2 -3
package/dist/packages/bunshot-auth/src/types/groups.js +1 -0
package/dist/packages/bunshot-auth/src/types/oauthCode.d.ts +6 -0
package/dist/packages/bunshot-auth/src/types/oauthCode.js +1 -0
package/dist/packages/bunshot-auth/src/types/oauthReauth.d.ts +13 -0
package/dist/packages/bunshot-auth/src/types/oauthReauth.js +1 -0
package/dist/packages/bunshot-auth/src/types/redis.d.ts +1 -0
package/dist/packages/bunshot-auth/src/types/redis.js +1 -0
package/dist/packages/bunshot-auth/src/types/saml.d.ts +10 -0
package/dist/packages/bunshot-auth/src/types/saml.js +1 -0
package/dist/packages/bunshot-auth/src/types/session.d.ts +18 -0
package/dist/packages/bunshot-auth/src/types/session.js +1 -0
package/dist/packages/bunshot-auth/src/types/store.d.ts +1 -0
package/dist/packages/bunshot-auth/src/types/store.js +1 -0
package/dist/packages/bunshot-core/src/adminProvider.d.ts +95 -0
package/dist/packages/bunshot-core/src/adminProvider.js +1 -0
package/dist/packages/bunshot-core/src/auditLog.d.ts +34 -0
package/dist/packages/bunshot-core/src/auditLog.js +1 -0
package/dist/packages/bunshot-core/src/auth-adapter.d.ts +227 -0
package/dist/packages/bunshot-core/src/auth-adapter.js +4 -0
package/dist/packages/bunshot-core/src/authVariables.d.ts +14 -0
package/dist/packages/bunshot-core/src/authVariables.js +4 -0
package/dist/packages/bunshot-core/src/cache.d.ts +12 -0
package/dist/packages/bunshot-core/src/cache.js +21 -0
package/dist/{lib → packages/bunshot-core/src}/captcha.d.ts +1 -10
package/dist/packages/bunshot-core/src/captcha.js +1 -0
package/dist/packages/bunshot-core/src/clearRegistry.d.ts +6 -0
package/dist/packages/bunshot-core/src/clearRegistry.js +17 -0
package/dist/packages/bunshot-core/src/clientIp.d.ts +3 -0
package/dist/packages/bunshot-core/src/clientIp.js +45 -0
package/dist/packages/bunshot-core/src/configLock.d.ts +4 -0
package/dist/packages/bunshot-core/src/configLock.js +7 -0
package/dist/packages/bunshot-core/src/configValidation.d.ts +22 -0
package/dist/packages/bunshot-core/src/configValidation.js +39 -0
package/dist/packages/bunshot-core/src/constants.js +10 -0
package/dist/packages/bunshot-core/src/context/bunshotContext.d.ts +232 -0
package/dist/packages/bunshot-core/src/context/bunshotContext.js +1 -0
package/dist/packages/bunshot-core/src/context/contextAccess.d.ts +3 -0
package/dist/packages/bunshot-core/src/context/contextAccess.js +16 -0
package/dist/packages/bunshot-core/src/context/contextStore.d.ts +16 -0
package/dist/packages/bunshot-core/src/context/contextStore.js +31 -0
package/dist/packages/bunshot-core/src/context/frameworkConfig.d.ts +38 -0
package/dist/packages/bunshot-core/src/context/frameworkConfig.js +1 -0
package/dist/packages/bunshot-core/src/context/index.d.ts +4 -0
package/dist/packages/bunshot-core/src/context/index.js +2 -0
package/dist/packages/bunshot-core/src/context.d.ts +40 -0
package/dist/packages/bunshot-core/src/context.js +35 -0
package/dist/packages/bunshot-core/src/coreContracts.d.ts +47 -0
package/dist/packages/bunshot-core/src/coreContracts.js +1 -0
package/dist/packages/bunshot-core/src/coreRegistrar.d.ts +6 -0
package/dist/packages/bunshot-core/src/coreRegistrar.js +42 -0
package/dist/{lib → packages/bunshot-core/src}/createRoute.d.ts +4 -30
package/dist/{lib → packages/bunshot-core/src}/createRoute.js +39 -88
package/dist/packages/bunshot-core/src/cronRegistry.d.ts +11 -0
package/dist/packages/bunshot-core/src/cronRegistry.js +1 -0
package/dist/packages/bunshot-core/src/crypto.d.ts +43 -0
package/dist/packages/bunshot-core/src/crypto.js +74 -0
package/dist/packages/bunshot-core/src/csrf.d.ts +8 -0
package/dist/packages/bunshot-core/src/csrf.js +1 -0
package/dist/packages/bunshot-core/src/defaults/defaultFingerprint.d.ts +7 -0
package/dist/packages/bunshot-core/src/defaults/defaultFingerprint.js +19 -0
package/dist/packages/bunshot-core/src/defaults/memoryCacheAdapter.d.ts +6 -0
package/dist/packages/bunshot-core/src/defaults/memoryCacheAdapter.js +40 -0
package/dist/packages/bunshot-core/src/defaults/memoryRateLimit.d.ts +6 -0
package/dist/packages/bunshot-core/src/defaults/memoryRateLimit.js +24 -0
package/dist/packages/bunshot-core/src/emailTemplates.d.ts +5 -0
package/dist/packages/bunshot-core/src/emailTemplates.js +10 -0
package/dist/{lib/HttpError.d.ts → packages/bunshot-core/src/errors.d.ts} +4 -1
package/dist/{lib/HttpError.js → packages/bunshot-core/src/errors.js} +7 -1
package/dist/packages/bunshot-core/src/eventBus.d.ts +270 -0
package/dist/packages/bunshot-core/src/eventBus.js +143 -0
package/dist/packages/bunshot-core/src/idempotency.d.ts +18 -0
package/dist/packages/bunshot-core/src/idempotency.js +1 -0
package/dist/packages/bunshot-core/src/index.d.ts +60 -0
package/dist/packages/bunshot-core/src/index.js +34 -0
package/dist/packages/bunshot-core/src/mail.d.ts +14 -0
package/dist/packages/bunshot-core/src/mail.js +8 -0
package/dist/packages/bunshot-core/src/memoryEviction.d.ts +24 -0
package/dist/packages/bunshot-core/src/memoryEviction.js +52 -0
package/dist/packages/bunshot-core/src/pagination.d.ts +45 -0
package/dist/packages/bunshot-core/src/pagination.js +61 -0
package/dist/packages/bunshot-core/src/permissions.d.ts +64 -0
package/dist/packages/bunshot-core/src/permissions.js +27 -0
package/dist/packages/bunshot-core/src/plugin.d.ts +44 -0
package/dist/packages/bunshot-core/src/plugin.js +1 -0
package/dist/packages/bunshot-core/src/rateLimit.d.ts +5 -0
package/dist/packages/bunshot-core/src/rateLimit.js +18 -0
package/dist/packages/bunshot-core/src/redis.d.ts +21 -0
package/dist/packages/bunshot-core/src/redis.js +1 -0
package/dist/packages/bunshot-core/src/routeAuth.d.ts +5 -0
package/dist/packages/bunshot-core/src/routeAuth.js +11 -0
package/dist/packages/bunshot-core/src/routeOverrides.d.ts +24 -0
package/dist/packages/bunshot-core/src/routeOverrides.js +25 -0
package/dist/packages/bunshot-core/src/routerAdapter.d.ts +6 -0
package/dist/packages/bunshot-core/src/routerAdapter.js +56 -0
package/dist/packages/bunshot-core/src/secrets.d.ts +48 -0
package/dist/packages/bunshot-core/src/secrets.js +8 -0
package/dist/packages/bunshot-core/src/signing.d.ts +41 -0
package/dist/packages/bunshot-core/src/signing.js +1 -0
package/dist/packages/bunshot-core/src/sse.d.ts +36 -0
package/dist/packages/bunshot-core/src/sse.js +1 -0
package/dist/packages/bunshot-core/src/storageAdapter.js +1 -0
package/dist/packages/bunshot-core/src/storeInfra.d.ts +44 -0
package/dist/packages/bunshot-core/src/storeInfra.js +18 -0
package/dist/packages/bunshot-core/src/storeType.d.ts +7 -0
package/dist/packages/bunshot-core/src/storeType.js +1 -0
package/dist/packages/bunshot-core/src/testing.d.ts +1 -0
package/dist/packages/bunshot-core/src/testing.js +1 -0
package/dist/packages/bunshot-core/src/uploadRegistry.d.ts +23 -0
package/dist/packages/bunshot-core/src/uploadRegistry.js +4 -0
package/dist/packages/bunshot-core/src/userResolver.d.ts +5 -0
package/dist/packages/bunshot-core/src/userResolver.js +14 -0
package/dist/packages/bunshot-core/src/wsMessages.d.ts +42 -0
package/dist/packages/bunshot-core/src/wsMessages.js +4 -0
package/dist/packages/bunshot-permissions/src/adapters/memory.d.ts +7 -0
package/dist/packages/bunshot-permissions/src/adapters/memory.js +73 -0
package/dist/packages/bunshot-permissions/src/index.d.ts +10 -0
package/dist/packages/bunshot-permissions/src/index.js +5 -0
package/dist/packages/bunshot-permissions/src/lib/bootstrap.d.ts +7 -0
package/dist/packages/bunshot-permissions/src/lib/bootstrap.js +12 -0
package/dist/packages/bunshot-permissions/src/lib/evaluator.d.ts +10 -0
package/dist/packages/bunshot-permissions/src/lib/evaluator.js +165 -0
package/dist/packages/bunshot-permissions/src/lib/registry.d.ts +2 -0
package/dist/packages/bunshot-permissions/src/lib/registry.js +31 -0
package/dist/packages/bunshot-permissions/src/lib/validation.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/lib/validation.js +1 -0
package/dist/packages/bunshot-permissions/src/types/adapter.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/adapter.js +1 -0
package/dist/packages/bunshot-permissions/src/types/evaluator.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/evaluator.js +1 -0
package/dist/packages/bunshot-permissions/src/types/models.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/models.js +1 -0
package/dist/packages/bunshot-permissions/src/types/registry.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/registry.js +1 -0
package/dist/packages/bunshot-postgres/src/adapter.d.ts +6 -0
package/dist/packages/bunshot-postgres/src/adapter.js +794 -0
package/dist/packages/bunshot-postgres/src/connection.d.ts +15 -0
package/dist/packages/bunshot-postgres/src/connection.js +16 -0
package/dist/packages/bunshot-postgres/src/index.d.ts +4 -0
package/dist/packages/bunshot-postgres/src/index.js +2 -0
package/dist/packages/bunshot-postgres/src/schema.d.ts +997 -0
package/dist/packages/bunshot-postgres/src/schema.js +105 -0
package/dist/src/app.d.ts +230 -0
package/dist/src/app.js +182 -0
package/dist/src/cli/commands/init.d.ts +10 -0
package/dist/src/cli/commands/init.js +709 -0
package/dist/src/cli/index.d.ts +1 -0
package/dist/src/cli/index.js +3 -0
package/dist/src/entrypoints/mongo.d.ts +6 -0
package/dist/src/entrypoints/mongo.js +4 -0
package/dist/src/entrypoints/queue.d.ts +2 -0
package/dist/src/entrypoints/queue.js +1 -0
package/dist/src/entrypoints/redis.d.ts +1 -0
package/dist/src/entrypoints/redis.js +1 -0
package/dist/{adapters → src/framework/adapters}/localStorage.d.ts +1 -1
package/dist/{adapters → src/framework/adapters}/localStorage.js +10 -10
package/dist/src/framework/adapters/memoryStorage.d.ts +2 -0
package/dist/src/framework/adapters/memoryStorage.js +45 -0
package/dist/{adapters → src/framework/adapters}/s3Storage.d.ts +1 -1
package/dist/{adapters → src/framework/adapters}/s3Storage.js +12 -12
package/dist/src/framework/admin/bunshotAccess.d.ts +2 -0
package/dist/src/framework/admin/bunshotAccess.js +23 -0
package/dist/src/framework/admin/bunshotUsers.d.ts +2 -0
package/dist/src/framework/admin/bunshotUsers.js +103 -0
package/dist/src/framework/admin/index.d.ts +7 -0
package/dist/src/framework/admin/index.js +21 -0
package/dist/src/framework/boundaryAdapters/cacheFactories.d.ts +13 -0
package/dist/src/framework/boundaryAdapters/cacheFactories.js +86 -0
package/dist/src/framework/boundaryAdapters/index.d.ts +2 -0
package/dist/src/framework/boundaryAdapters/index.js +1 -0
package/dist/src/framework/boundaryAdapters.d.ts +17 -0
package/dist/src/framework/boundaryAdapters.js +62 -0
package/dist/src/framework/buildContext.d.ts +33 -0
package/dist/src/framework/buildContext.js +119 -0
package/dist/src/framework/config/schema.d.ts +447 -0
package/dist/src/framework/config/schema.js +528 -0
package/dist/src/framework/createInfrastructure.d.ts +76 -0
package/dist/src/framework/createInfrastructure.js +221 -0
package/dist/src/framework/lib/auditLog.d.ts +23 -0
package/dist/src/framework/lib/auditLog.js +416 -0
package/dist/src/framework/lib/captcha.d.ts +11 -0
package/dist/{lib → src/framework/lib}/captcha.js +13 -10
package/dist/{lib → src/framework/lib}/createDtoMapper.js +4 -4
package/dist/src/framework/lib/createRoute.d.ts +1 -0
package/dist/src/framework/lib/createRoute.js +2 -0
package/dist/{lib → src/framework/lib}/idempotency.d.ts +2 -6
package/dist/src/framework/lib/idempotency.js +74 -0
package/dist/src/framework/lib/logger.d.ts +3 -0
package/dist/src/framework/lib/logger.js +14 -0
package/dist/src/framework/lib/metrics.d.ts +34 -0
package/dist/{lib → src/framework/lib}/metrics.js +49 -57
package/dist/src/framework/lib/pagination.d.ts +42 -0
package/dist/src/framework/lib/pagination.js +51 -0
package/dist/src/framework/lib/redisTransport.d.ts +38 -0
package/dist/src/framework/lib/redisTransport.js +107 -0
package/dist/src/framework/lib/resolveUserId.d.ts +2 -0
package/dist/src/framework/lib/resolveUserId.js +5 -0
package/dist/src/framework/lib/sseCollision.d.ts +6 -0
package/dist/src/framework/lib/sseCollision.js +26 -0
package/dist/src/framework/lib/storageAdapter.d.ts +1 -0
package/dist/src/framework/lib/storageAdapter.js +1 -0
package/dist/{lib → src/framework/lib}/stripUnreferencedSchemas.js +4 -4
package/dist/src/framework/lib/tenant.d.ts +21 -0
package/dist/src/framework/lib/tenant.js +70 -0
package/dist/{lib → src/framework/lib}/upload.d.ts +11 -10
package/dist/src/framework/lib/upload.js +132 -0
package/dist/src/framework/lib/uploadRegistry.d.ts +23 -0
package/dist/src/framework/lib/uploadRegistry.js +34 -0
package/dist/{lib → src/framework/lib}/validate.d.ts +1 -1
package/dist/{lib → src/framework/lib}/validate.js +2 -2
package/dist/src/framework/lib/ws.d.ts +19 -0
package/dist/src/framework/lib/ws.js +130 -0
package/dist/src/framework/lib/wsHeartbeat.d.ts +12 -0
package/dist/src/framework/lib/wsHeartbeat.js +53 -0
package/dist/src/framework/lib/wsMessages.d.ts +25 -0
package/dist/src/framework/lib/wsMessages.js +45 -0
package/dist/src/framework/lib/wsNamespace.d.ts +17 -0
package/dist/src/framework/lib/wsNamespace.js +19 -0
package/dist/src/framework/lib/wsPresence.d.ts +17 -0
package/dist/src/framework/lib/wsPresence.js +84 -0
package/dist/src/framework/lib/wsTransport.d.ts +38 -0
package/dist/src/framework/lib/wsTransport.js +9 -0
package/dist/{lib → src/framework/lib}/zodToMongoose.d.ts +1 -1
package/dist/{lib → src/framework/lib}/zodToMongoose.js +11 -11
package/dist/{middleware → src/framework/middleware}/auditLog.d.ts +4 -3
package/dist/src/framework/middleware/auditLog.js +42 -0
package/dist/{middleware → src/framework/middleware}/botProtection.d.ts +2 -2
package/dist/{middleware → src/framework/middleware}/botProtection.js +8 -9
package/dist/src/framework/middleware/cacheResponse.d.ts +35 -0
package/dist/src/framework/middleware/cacheResponse.js +126 -0
package/dist/{middleware → src/framework/middleware}/captcha.d.ts +2 -3
package/dist/src/framework/middleware/captcha.js +37 -0
package/dist/{middleware → src/framework/middleware}/errorHandler.d.ts +1 -1
package/dist/{middleware → src/framework/middleware}/errorHandler.js +2 -2
package/dist/src/framework/middleware/index.js +1 -0
package/dist/{middleware → src/framework/middleware}/logger.d.ts +1 -1
package/dist/src/framework/middleware/metrics.d.ts +12 -0
package/dist/src/framework/middleware/metrics.js +26 -0
package/dist/{middleware → src/framework/middleware}/rateLimit.d.ts +2 -2
package/dist/src/framework/middleware/rateLimit.js +22 -0
package/dist/src/framework/middleware/requestId.d.ts +3 -0
package/dist/{middleware → src/framework/middleware}/requestId.js +2 -2
package/dist/{middleware → src/framework/middleware}/requestLogger.d.ts +3 -3
package/dist/{middleware → src/framework/middleware}/requestLogger.js +17 -12
package/dist/{middleware → src/framework/middleware}/requestSigning.d.ts +2 -2
package/dist/{middleware → src/framework/middleware}/requestSigning.js +18 -20
package/dist/src/framework/middleware/tenant.d.ts +14 -0
package/dist/{middleware → src/framework/middleware}/tenant.js +31 -27
package/dist/src/framework/middleware/upload.d.ts +5 -0
package/dist/{middleware → src/framework/middleware}/upload.js +4 -4
package/dist/{middleware → src/framework/middleware}/webhookAuth.d.ts +3 -3
package/dist/{middleware → src/framework/middleware}/webhookAuth.js +11 -12
package/dist/src/framework/models/AuditLog.d.ts +21 -0
package/dist/src/framework/models/AuditLog.js +31 -0
package/dist/src/framework/mountMiddleware.d.ts +91 -0
package/dist/src/framework/mountMiddleware.js +128 -0
package/dist/src/framework/mountOptionalEndpoints.d.ts +103 -0
package/dist/src/framework/mountOptionalEndpoints.js +64 -0
package/dist/src/framework/mountRoutes.d.ts +21 -0
package/dist/src/framework/mountRoutes.js +144 -0
package/dist/src/framework/persistence/cronRegistry.d.ts +28 -0
package/dist/src/framework/persistence/cronRegistry.js +139 -0
package/dist/src/framework/persistence/idempotency.d.ts +26 -0
package/dist/src/framework/persistence/idempotency.js +178 -0
package/dist/src/framework/persistence/index.d.ts +6 -0
package/dist/src/framework/persistence/index.js +8 -0
package/dist/src/framework/persistence/storeInfra.d.ts +9 -0
package/dist/src/framework/persistence/storeInfra.js +1 -0
package/dist/src/framework/persistence/uploadRegistry.d.ts +35 -0
package/dist/src/framework/persistence/uploadRegistry.js +235 -0
package/dist/src/framework/persistence/wsMessages.d.ts +22 -0
package/dist/src/framework/persistence/wsMessages.js +296 -0
package/dist/src/framework/preloadSchemas.d.ts +24 -0
package/dist/src/framework/preloadSchemas.js +42 -0
package/dist/src/framework/registerBoundaryAdapters.d.ts +23 -0
package/dist/src/framework/registerBoundaryAdapters.js +46 -0
package/dist/src/framework/routes/admin.d.ts +9 -0
package/dist/src/framework/routes/admin.js +361 -0
package/dist/src/framework/routes/health.d.ts +1 -0
package/dist/src/framework/routes/health.js +21 -0
package/dist/src/framework/routes/home.d.ts +1 -0
package/dist/src/framework/routes/home.js +18 -0
package/dist/src/framework/routes/jobs.d.ts +3 -0
package/dist/{routes → src/framework/routes}/jobs.js +128 -103
package/dist/src/framework/routes/metrics.d.ts +10 -0
package/dist/src/framework/routes/metrics.js +57 -0
package/dist/{routes → src/framework/routes}/uploads.d.ts +3 -3
package/dist/src/framework/routes/uploads.js +262 -0
package/dist/src/framework/runPluginLifecycle.d.ts +27 -0
package/dist/src/framework/runPluginLifecycle.js +121 -0
package/dist/src/framework/secrets/frameworkSecretSchema.d.ts +58 -0
package/dist/src/framework/secrets/frameworkSecretSchema.js +20 -0
package/dist/src/framework/secrets/index.d.ts +9 -0
package/dist/src/framework/secrets/index.js +7 -0
package/dist/src/framework/secrets/providers/envProvider.d.ts +15 -0
package/dist/src/framework/secrets/providers/envProvider.js +18 -0
package/dist/src/framework/secrets/providers/fileProvider.d.ts +8 -0
package/dist/src/framework/secrets/providers/fileProvider.js +82 -0
package/dist/src/framework/secrets/providers/ssmProvider.d.ts +20 -0
package/dist/src/framework/secrets/providers/ssmProvider.js +127 -0
package/dist/src/framework/secrets/resolveSecretBundle.d.ts +53 -0
package/dist/src/framework/secrets/resolveSecretBundle.js +84 -0
package/dist/src/framework/secrets/resolveSecrets.d.ts +18 -0
package/dist/src/framework/secrets/resolveSecrets.js +34 -0
package/dist/src/framework/sse/index.d.ts +21 -0
package/dist/src/framework/sse/index.js +109 -0
package/dist/src/framework/ws/index.d.ts +11 -0
package/dist/src/framework/ws/index.js +8 -0
package/dist/src/index.d.ts +87 -0
package/dist/src/index.js +58 -0
package/dist/src/lib/appConfig.d.ts +7 -0
package/dist/src/lib/appConfig.js +27 -0
package/dist/src/lib/appMeta.d.ts +7 -0
package/dist/src/lib/appMeta.js +3 -0
package/dist/src/lib/authConfig.d.ts +532 -0
package/dist/{lib/appConfig.js → src/lib/authConfig.js} +75 -17
package/dist/{lib → src/lib}/context.d.ts +6 -12
package/dist/{lib → src/lib}/context.js +5 -5
package/dist/src/lib/logger.d.ts +1 -0
package/dist/src/lib/logger.js +1 -0
package/dist/src/lib/mongo.d.ts +58 -0
package/dist/src/lib/mongo.js +96 -0
package/dist/src/lib/queue.d.ts +72 -0
package/dist/src/lib/queue.js +152 -0
package/dist/src/lib/redis.d.ts +28 -0
package/dist/src/lib/redis.js +72 -0
package/dist/{lib → src/lib}/signing.d.ts +2 -2
package/dist/src/lib/signing.js +210 -0
package/dist/src/lib/signingConfig.d.ts +40 -0
package/dist/src/lib/signingConfig.js +28 -0
package/dist/src/server.d.ts +146 -0
package/dist/src/server.js +469 -0
package/dist/src/shared/lib/HttpError.d.ts +1 -0
package/dist/src/shared/lib/HttpError.js +2 -0
package/dist/src/shared/lib/constants.d.ts +10 -0
package/dist/src/shared/lib/crypto.d.ts +43 -0
package/dist/src/shared/lib/crypto.js +74 -0
package/dist/src/shared/lib/signing.d.ts +52 -0
package/dist/{lib → src/shared/lib}/signing.js +35 -8
package/dist/src/testing.d.ts +34 -0
package/dist/src/testing.js +93 -0
package/package.json +100 -26
package/dist/adapters/memoryAuth.d.ts +0 -52
package/dist/adapters/memoryAuth.js +0 -749
package/dist/adapters/memoryStorage.d.ts +0 -3
package/dist/adapters/memoryStorage.js +0 -44
package/dist/adapters/mongoAuth.d.ts +0 -2
package/dist/adapters/mongoAuth.js +0 -403
package/dist/adapters/sqliteAuth.d.ts +0 -72
package/dist/adapters/sqliteAuth.js +0 -858
package/dist/app.d.ts +0 -559
package/dist/app.js +0 -651
package/dist/entrypoints/mongo.d.ts +0 -5
package/dist/entrypoints/mongo.js +0 -4
package/dist/entrypoints/queue.d.ts +0 -2
package/dist/entrypoints/queue.js +0 -1
package/dist/entrypoints/redis.d.ts +0 -1
package/dist/entrypoints/redis.js +0 -1
package/dist/index.d.ts +0 -117
package/dist/index.js +0 -88
package/dist/lib/appConfig.d.ts +0 -275
package/dist/lib/auditLog.d.ts +0 -58
package/dist/lib/auditLog.js +0 -218
package/dist/lib/authAdapter.d.ts +0 -246
package/dist/lib/authAdapter.js +0 -7
package/dist/lib/authRateLimit.d.ts +0 -13
package/dist/lib/authRateLimit.js +0 -117
package/dist/lib/clientIp.d.ts +0 -14
package/dist/lib/credentialStuffing.d.ts +0 -31
package/dist/lib/credentialStuffing.js +0 -77
package/dist/lib/crypto.d.ts +0 -11
package/dist/lib/crypto.js +0 -22
package/dist/lib/deletionCancelToken.d.ts +0 -12
package/dist/lib/deletionCancelToken.js +0 -88
package/dist/lib/emailVerification.d.ts +0 -19
package/dist/lib/emailVerification.js +0 -129
package/dist/lib/fingerprint.js +0 -36
package/dist/lib/idempotency.js +0 -182
package/dist/lib/jwks.d.ts +0 -25
package/dist/lib/jwks.js +0 -51
package/dist/lib/jwt.d.ts +0 -15
package/dist/lib/jwt.js +0 -111
package/dist/lib/metrics.d.ts +0 -14
package/dist/lib/mfaChallenge.d.ts +0 -55
package/dist/lib/mfaChallenge.js +0 -398
package/dist/lib/mongo.d.ts +0 -39
package/dist/lib/mongo.js +0 -124
package/dist/lib/oauth.d.ts +0 -40
package/dist/lib/oauth.js +0 -101
package/dist/lib/oauthCode.d.ts +0 -15
package/dist/lib/oauthCode.js +0 -95
package/dist/lib/pagination.d.ts +0 -119
package/dist/lib/pagination.js +0 -166
package/dist/lib/queue.d.ts +0 -37
package/dist/lib/queue.js +0 -117
package/dist/lib/redis.d.ts +0 -9
package/dist/lib/redis.js +0 -61
package/dist/lib/resetPassword.d.ts +0 -12
package/dist/lib/resetPassword.js +0 -93
package/dist/lib/roles.d.ts +0 -7
package/dist/lib/roles.js +0 -49
package/dist/lib/saml.d.ts +0 -25
package/dist/lib/saml.js +0 -64
package/dist/lib/securityEvents.d.ts +0 -28
package/dist/lib/securityEvents.js +0 -26
package/dist/lib/session.d.ts +0 -49
package/dist/lib/session.js +0 -597
package/dist/lib/tenant.d.ts +0 -15
package/dist/lib/tenant.js +0 -65
package/dist/lib/upload.js +0 -112
package/dist/lib/uploadRegistry.d.ts +0 -18
package/dist/lib/uploadRegistry.js +0 -83
package/dist/lib/ws.d.ts +0 -22
package/dist/lib/ws.js +0 -96
package/dist/lib/wsHeartbeat.d.ts +0 -12
package/dist/lib/wsHeartbeat.js +0 -57
package/dist/lib/wsMessages.d.ts +0 -40
package/dist/lib/wsMessages.js +0 -330
package/dist/lib/wsPresence.d.ts +0 -25
package/dist/lib/wsPresence.js +0 -99
package/dist/middleware/auditLog.js +0 -39
package/dist/middleware/bearerAuth.d.ts +0 -2
package/dist/middleware/bearerAuth.js +0 -11
package/dist/middleware/cacheResponse.d.ts +0 -15
package/dist/middleware/cacheResponse.js +0 -178
package/dist/middleware/captcha.js +0 -36
package/dist/middleware/csrf.js +0 -129
package/dist/middleware/identify.d.ts +0 -3
package/dist/middleware/identify.js +0 -122
package/dist/middleware/index.js +0 -1
package/dist/middleware/metrics.d.ts +0 -9
package/dist/middleware/metrics.js +0 -26
package/dist/middleware/rateLimit.js +0 -22
package/dist/middleware/requestId.d.ts +0 -3
package/dist/middleware/scimAuth.d.ts +0 -8
package/dist/middleware/scimAuth.js +0 -29
package/dist/middleware/tenant.d.ts +0 -5
package/dist/middleware/upload.d.ts +0 -5
package/dist/middleware/userAuth.d.ts +0 -3
package/dist/middleware/userAuth.js +0 -6
package/dist/models/AuditLog.d.ts +0 -30
package/dist/models/AuditLog.js +0 -39
package/dist/models/AuthUser.js +0 -55
package/dist/models/Group.d.ts +0 -21
package/dist/models/Group.js +0 -28
package/dist/models/GroupMembership.js +0 -25
package/dist/models/TenantRole.d.ts +0 -15
package/dist/models/TenantRole.js +0 -23
package/dist/routes/auth.d.ts +0 -12
package/dist/routes/auth.js +0 -744
package/dist/routes/groups.js +0 -346
package/dist/routes/health.d.ts +0 -1
package/dist/routes/health.js +0 -22
package/dist/routes/home.d.ts +0 -1
package/dist/routes/home.js +0 -16
package/dist/routes/jobs.d.ts +0 -2
package/dist/routes/m2m.d.ts +0 -2
package/dist/routes/m2m.js +0 -72
package/dist/routes/metrics.d.ts +0 -8
package/dist/routes/metrics.js +0 -55
package/dist/routes/mfa.d.ts +0 -5
package/dist/routes/mfa.js +0 -628
package/dist/routes/oauth.d.ts +0 -2
package/dist/routes/oauth.js +0 -520
package/dist/routes/oidc.d.ts +0 -2
package/dist/routes/oidc.js +0 -29
package/dist/routes/passkey.d.ts +0 -1
package/dist/routes/passkey.js +0 -157
package/dist/routes/saml.d.ts +0 -2
package/dist/routes/saml.js +0 -86
package/dist/routes/scim.d.ts +0 -2
package/dist/routes/scim.js +0 -255
package/dist/routes/uploads.js +0 -227
package/dist/schemas/auth.js +0 -30
package/dist/server.d.ts +0 -57
package/dist/server.js +0 -112
package/dist/services/auth.d.ts +0 -29
package/dist/services/auth.js +0 -238
package/dist/ws/index.d.ts +0 -10
package/dist/ws/index.js +0 -39
package/docs/sections/adding-middleware/full.md +0 -35
package/docs/sections/adding-models/full.md +0 -125
package/docs/sections/adding-models/overview.md +0 -13
package/docs/sections/adding-routes/full.md +0 -182
package/docs/sections/adding-routes/overview.md +0 -23
package/docs/sections/auth-flow/full.md +0 -790
package/docs/sections/auth-flow/overview.md +0 -10
package/docs/sections/auth-security-examples/full.md +0 -388
package/docs/sections/authentication/full.md +0 -130
package/docs/sections/authentication/overview.md +0 -5
package/docs/sections/cli/full.md +0 -42
package/docs/sections/configuration/full.md +0 -172
package/docs/sections/configuration/overview.md +0 -18
package/docs/sections/configuration-example/full.md +0 -117
package/docs/sections/configuration-example/overview.md +0 -30
package/docs/sections/documentation/full.md +0 -171
package/docs/sections/environment-variables/full.md +0 -55
package/docs/sections/exports/full.md +0 -123
package/docs/sections/extending-context/full.md +0 -59
package/docs/sections/header.md +0 -3
package/docs/sections/installation/full.md +0 -6
package/docs/sections/jobs/full.md +0 -140
package/docs/sections/jobs/overview.md +0 -15
package/docs/sections/logging/full.md +0 -83
package/docs/sections/metrics/full.md +0 -131
package/docs/sections/mongodb-connections/full.md +0 -45
package/docs/sections/mongodb-connections/overview.md +0 -7
package/docs/sections/multi-tenancy/full.md +0 -66
package/docs/sections/multi-tenancy/overview.md +0 -15
package/docs/sections/oauth/full.md +0 -189
package/docs/sections/oauth/overview.md +0 -16
package/docs/sections/package-development/full.md +0 -7
package/docs/sections/pagination/full.md +0 -93
package/docs/sections/passkey-login/full.md +0 -90
package/docs/sections/passkey-login/overview.md +0 -1
package/docs/sections/peer-dependencies/full.md +0 -47
package/docs/sections/quick-start/full.md +0 -43
package/docs/sections/response-caching/full.md +0 -117
package/docs/sections/response-caching/overview.md +0 -13
package/docs/sections/roles/full.md +0 -225
package/docs/sections/roles/overview.md +0 -14
package/docs/sections/running-without-redis/full.md +0 -16
package/docs/sections/running-without-redis-or-mongodb/full.md +0 -60
package/docs/sections/signing/full.md +0 -203
package/docs/sections/stack/full.md +0 -10
package/docs/sections/uploads/full.md +0 -208
package/docs/sections/versioning/full.md +0 -85
package/docs/sections/webhook-auth/full.md +0 -100
package/docs/sections/websocket/full.md +0 -196
package/docs/sections/websocket/overview.md +0 -5
package/docs/sections/websocket-rooms/full.md +0 -102
package/docs/sections/websocket-rooms/overview.md +0 -5
/package/dist/{lib/storageAdapter.js → packages/bunshot-admin/src/types/env.js} +0 -0
/package/dist/{lib → packages/bunshot-auth/src/lib}/fingerprint.d.ts +0 -0
/package/dist/{lib → packages/bunshot-auth/src/lib}/logger.d.ts +0 -0
/package/dist/{lib → packages/bunshot-core/src}/constants.d.ts +0 -0
/package/dist/{lib → packages/bunshot-core/src}/storageAdapter.d.ts +0 -0
/package/dist/{lib → src/framework/lib}/createDtoMapper.d.ts +0 -0
/package/dist/{lib → src/framework/lib}/stripUnreferencedSchemas.d.ts +0 -0
/package/dist/{middleware → src/framework/middleware}/cors.d.ts +0 -0
/package/dist/{middleware → src/framework/middleware}/cors.js +0 -0
/package/dist/{middleware → src/framework/middleware}/index.d.ts +0 -0
/package/dist/{middleware → src/framework/middleware}/logger.js +0 -0
/package/dist/{lib → src/shared/lib}/constants.js +0 -0

package/dist/packages/bunshot-auth/src/config/authConfig.d.ts ADDED Viewed

@@ -0,0 +1,478 @@
+import type { CaptchaConfig } from '../../../bunshot-core/src/index.js';
+import type { EmailTemplate } from '../lib/emailTemplates';
+import type { SamlProfile } from '../types/saml';
+export type PrimaryField = 'email' | 'username' | 'phone';
+export interface ConcealRegistrationConfig {
+    /**
+     * Called when a registration attempt is made for an email that already exists.
+     * Use to notify the existing user (e.g. "Someone tried to register with your email").
+     * Only valid when primaryField === "email" — startup throws otherwise.
+     */
+    onExistingAccount?: (identifier: string) => Promise<void>;
+}
+export interface EmailVerificationConfig {
+    /** Block login until email is verified. Defaults to false (soft gate — emailVerified returned in login response). */
+    required?: boolean;
+    /** Token time-to-live in seconds. Defaults to 86 400 (24 hours). */
+    tokenExpiry?: number;
+}
+export interface PasswordResetConfig {
+    /** Token time-to-live in seconds. Defaults to 3 600 (1 hour). */
+    tokenExpiry?: number;
+}
+export interface MagicLinkConfig {
+    /** Token time-to-live in seconds. Defaults to 900 (15 min). */
+    ttlSeconds?: number;
+    /** Base URL for the magic link (e.g. "https://app.com/auth/magic"). */
+    linkBaseUrl?: string;
+    /** Store backend for magic link tokens. Defaults to the sessions store. */
+    store?: 'memory' | 'redis' | 'sqlite' | 'mongo';
+}
+export interface PasswordPolicyConfig {
+    /** Minimum password length. Defaults to 8. */
+    minLength?: number;
+    /** Require at least one letter (a-z or A-Z). Defaults to true. */
+    requireLetter?: boolean;
+    /** Require at least one digit (0-9). Defaults to true. */
+    requireDigit?: boolean;
+    /** Require at least one special character. Defaults to false. */
+    requireSpecial?: boolean;
+    /** Number of previous password hashes to remember. Prevents password reuse. Default: disabled (0). */
+    preventReuse?: number;
+}
+export interface AuthCookieConfig {
+    sameSite?: 'Strict' | 'Lax' | 'None';
+    secure?: boolean;
+    domain?: string;
+    path?: string;
+    /** Max age in seconds. Default: 604800 (7 days). */
+    maxAge?: number;
+}
+export interface CsrfCookieConfig {
+    sameSite?: 'Strict' | 'Lax' | 'None';
+    secure?: boolean;
+    domain?: string;
+    path?: string;
+    /** Max age in seconds. Default: 31536000 (1 year). */
+    maxAge?: number;
+}
+/** Minimal session policy shape stored in the config. Matches AuthSessionPolicyConfig in app.ts. */
+export interface SessionPolicySnapshot {
+    maxSessions?: number;
+    persistSessionMetadata?: boolean;
+    includeInactiveSessions?: boolean;
+    trackLastActive?: boolean;
+    absoluteTimeout?: number;
+    idleTimeout?: number;
+    onPasswordChange?: 'revoke_others' | 'revoke_all_and_reissue' | 'none';
+}
+export interface RefreshTokenConfig {
+    /** Access token expiry in seconds. Default: 900 (15 min). */
+    accessTokenExpiry?: number;
+    /** Refresh token expiry in seconds. Default: 2_592_000 (30 days). */
+    refreshTokenExpiry?: number;
+    /** Grace window in seconds where the old refresh token still works after rotation.
+     *  Prevents lockout when the client's network drops mid-refresh. Default: 30. */
+    rotationGraceSeconds?: number;
+}
+export interface MfaEmailOtpConfig {
+    /** OTP code length. Default: 6. */
+    codeLength?: number;
+}
+export interface MfaWebAuthnConfig {
+    /** Relying Party ID - typically the domain (e.g. "example.com"). Required. */
+    rpId: string;
+    /** Relying Party name shown in browser prompts. Defaults to app name. */
+    rpName?: string;
+    /** Expected origin(s) - full origin URL(s) like "https://example.com". Required. */
+    origin: string | string[];
+    /** Supported attestation conveyance preference. Default: "none". */
+    attestationType?: 'none' | 'direct' | 'enterprise';
+    /** Authenticator attachment preference. Default: undefined (allows both platform + cross-platform). */
+    authenticatorAttachment?: 'platform' | 'cross-platform';
+    /** User verification requirement. Default: "preferred". */
+    userVerification?: 'required' | 'preferred' | 'discouraged';
+    /** Timeout for ceremonies in milliseconds. Default: 60000 (60s). */
+    timeout?: number;
+    /** Reject authentication when sign count goes backward (cloned key detection). Default: false (accept + warn). */
+    strictSignCount?: boolean;
+    /** Allow passwordless (first-factor) passkey login. When true, mounts POST /auth/passkey/login-options and POST /auth/passkey/login. Default: false. */
+    allowPasswordlessLogin?: boolean;
+    /** When true (default), a verified passkey login satisfies MFA - no subsequent TOTP/OTP prompt even if the user has MFA enabled. Set false to require MFA after passkey login. */
+    passkeyMfaBypass?: boolean;
+}
+export interface MfaConfig {
+    /** Issuer name shown in authenticator apps. Defaults to app name. */
+    issuer?: string;
+    /** TOTP algorithm. Default: "SHA1" (most compatible). */
+    algorithm?: 'SHA1' | 'SHA256' | 'SHA512';
+    /** TOTP digits. Default: 6. */
+    digits?: number;
+    /** TOTP period in seconds. Default: 30. */
+    period?: number;
+    /** Number of recovery codes to generate. Default: 10. */
+    recoveryCodes?: number;
+    /** MFA challenge window in seconds. Default: 300 (5 min). */
+    challengeTtlSeconds?: number;
+    /** Email OTP configuration. When set, enables email-based MFA as an option. */
+    emailOtp?: MfaEmailOtpConfig;
+    /** WebAuthn/FIDO2 configuration. When set, enables security key MFA routes. */
+    webauthn?: MfaWebAuthnConfig;
+    /** When true, authenticated users must complete MFA setup before accessing non-auth endpoints. Default: false. */
+    required?: boolean;
+}
+export interface JwtConfig {
+    /** JWT issuer claim (`iss`). When set, added to all tokens and validated on verify. */
+    issuer?: string;
+    /** JWT audience claim (`aud`). When set, added to all tokens and validated on verify. */
+    audience?: string | string[];
+    /** JWT signing algorithm. Default: "HS256". Use "RS256" for OIDC. Requires OidcConfig when set to "RS256". */
+    algorithm?: 'HS256' | 'RS256';
+}
+export interface BreachedPasswordConfig {
+    /** Block registration/reset when password is breached. Default: true. */
+    block?: boolean;
+    /** Minimum breach count to consider breached. Default: 1. */
+    minBreachCount?: number;
+    /** Request timeout in ms. Default: 3000. */
+    timeout?: number;
+    /**
+     * What to do when the HIBP API is unavailable (timeout, network error, non-2xx).
+     * Default: `"allow"` (fail-open) — the password is accepted without a breach check.
+     *
+     * **Security note:** `"allow"` means an attacker who can block outbound HTTPS to
+     * api.pwnedpasswords.com can bypass this check entirely. Set to `"block"` for
+     * fail-closed behaviour: the registration or password-reset is rejected until the
+     * API is reachable again. Either way, a `security.breached_password.api_failure`
+     * event is emitted on every outage so you have observability regardless of policy.
+     */
+    onApiFailure?: 'allow' | 'block';
+}
+export interface OAuthReauthConfig {
+    /** Enable OAuth provider re-auth endpoints. Default: false. */
+    enabled?: boolean;
+    /**
+     * How to force re-authentication at the provider.
+     * - "login": force the user to re-enter credentials (default)
+     * - "consent": force a full consent screen (useful for Google/Microsoft)
+     * - "select_account": show account picker
+     */
+    promptType?: 'login' | 'consent' | 'select_account';
+}
+export interface StepUpConfig {
+    /** Max age in seconds since last MFA verification. Default: 300 (5 min). */
+    maxAge?: number;
+}
+export interface M2MConfig {
+    enabled?: boolean;
+    /** Access token expiry in seconds. Default: 3600 (1 hour). */
+    tokenExpiry?: number;
+    /** Allowed scopes for M2M clients. */
+    scopes?: string[];
+}
+export interface SamlConfig {
+    /** Service Provider entity ID (e.g. "https://yourapp.com/auth/saml"). */
+    entityId: string;
+    /** Assertion Consumer Service URL. */
+    acsUrl: string;
+    /** IdP metadata - XML string or URL. */
+    idpMetadata: string;
+    /** SP signing private key PEM. Optional. */
+    signingKey?: string;
+    /** SP signing certificate PEM. Optional. */
+    signingCert?: string;
+    /** Map IdP attribute names to profile fields. */
+    attributeMapping?: {
+        email?: string;
+        firstName?: string;
+        lastName?: string;
+        groups?: string;
+    };
+    /** Custom user lookup/creation. When provided, takes precedence over findOrCreateByProvider. */
+    onLogin?: (profile: SamlProfile) => Promise<{
+        userId: string;
+    }>;
+    /** Where to redirect after successful SAML login. Default: "/". */
+    postLoginRedirect?: string;
+}
+export interface OidcConfig {
+    enabled?: boolean;
+    /** JWT issuer - included in all tokens and OIDC discovery doc. Required. */
+    issuer: string;
+    /** RSA signing key. If not provided, a key pair is auto-generated on startup. */
+    signingKey?: {
+        privateKey: string;
+        publicKey: string;
+        kid?: string;
+    };
+    /** Previous signing keys for rotation (verification only). */
+    previousKeys?: Array<{
+        publicKey: string;
+        kid?: string;
+    }>;
+    /** Scopes advertised in the discovery document. Default: ["openid"]. */
+    scopes?: string[];
+    /** Token endpoint URL. Defaults to `${issuer}/oauth/token`. */
+    tokenEndpoint?: string;
+}
+export interface ScimConfig {
+    enabled?: boolean;
+    /** Bearer token(s) for SCIM endpoint authentication. Required. */
+    bearerTokens: string | string[];
+    /** Username mapping strategy. Default: "email". */
+    userMapping?: {
+        userName?: 'email' | 'username';
+    };
+    /** What to do when a user is deleted via SCIM. Default: "suspend". */
+    onDeprovision?: 'suspend' | 'delete' | ((userId: string) => Promise<void>);
+}
+export interface EmailTemplatesConfig {
+    /** App name used in all templates as {{appName}}. Falls back to the configured app name. */
+    appName?: string;
+    emailVerification?: Partial<EmailTemplate>;
+    passwordReset?: Partial<EmailTemplate>;
+    magicLink?: Partial<EmailTemplate>;
+    emailOtp?: Partial<EmailTemplate>;
+    welcomeEmail?: Partial<EmailTemplate>;
+    accountDeletion?: Partial<EmailTemplate>;
+    orgInvitation?: Partial<EmailTemplate>;
+}
+export interface BearerAuthClient {
+    /** Stable identifier for this API client (set on Hono context as `bearerClientId`). */
+    clientId: string;
+    /** The bearer token value. */
+    token: string;
+    /** Optional human-readable label (e.g. "CI/CD pipeline", "Mobile app"). */
+    description?: string;
+    /** When true, the token is rejected even if it matches. Soft-revoke without deletion. */
+    revoked?: boolean;
+}
+/**
+ * Bearer auth token config.
+ * - string: single token (legacy, env-var driven)
+ * - string[]: multiple tokens, no clientId tracking
+ * - BearerAuthClient[]: named clients with revocation and clientId context
+ */
+export type BearerAuthConfig = string | string[] | BearerAuthClient[];
+export interface HookContext {
+    ip?: string;
+    userAgent?: string;
+    requestId?: string;
+}
+export interface PostLoginResult {
+    customClaims?: Record<string, unknown>;
+}
+export interface AuthHooksConfig {
+    preRegister?: (data: {
+        identifier: string;
+    } & HookContext) => Promise<void>;
+    postRegister?: (data: {
+        userId: string;
+        identifier: string;
+    } & HookContext) => Promise<void>;
+    preLogin?: (data: {
+        identifier: string;
+    } & HookContext) => Promise<void>;
+    postLogin?: (data: {
+        userId: string;
+        sessionId: string;
+    } & HookContext) => Promise<PostLoginResult | void>;
+    prePasswordChange?: (data: {
+        userId: string;
+    } & HookContext) => Promise<void>;
+    postPasswordChange?: (data: {
+        userId: string;
+    } & HookContext) => Promise<void>;
+    preDeleteAccount?: (data: {
+        userId: string;
+    } & HookContext) => Promise<void>;
+    postDeleteAccount?: (data: {
+        userId: string;
+    } & HookContext) => Promise<void>;
+}
+export interface AuthRateLimitConfig {
+    /** Max login failures per window before the account is locked. Default: 10 per 15 min. */
+    login?: {
+        windowMs?: number;
+        max?: number;
+    };
+    /** Max registration attempts per IP per window. Default: 5 per hour. */
+    register?: {
+        windowMs?: number;
+        max?: number;
+    };
+    /** Max email verification attempts per IP per window. Default: 10 per 15 min. */
+    verifyEmail?: {
+        windowMs?: number;
+        max?: number;
+    };
+    /** Max resend-verification attempts per user per window. Default: 3 per hour. */
+    resendVerification?: {
+        windowMs?: number;
+        max?: number;
+    };
+    /** Max forgot-password requests per IP per window. Default: 5 per 15 min. */
+    forgotPassword?: {
+        windowMs?: number;
+        max?: number;
+    };
+    /** Max reset-password attempts per IP per window. Default: 10 per 15 min. */
+    resetPassword?: {
+        windowMs?: number;
+        max?: number;
+    };
+    /** Max account deletion attempts per user per window. Default: 3 per hour. */
+    deleteAccount?: {
+        windowMs?: number;
+        max?: number;
+    };
+    /** Max MFA verification attempts per IP per window. Default: 10 per 15 min. */
+    mfaVerify?: {
+        windowMs?: number;
+        max?: number;
+    };
+    /** Max email OTP initiation attempts per user per window. Default: 3 per 15 min. */
+    mfaEmailOtpInitiate?: {
+        windowMs?: number;
+        max?: number;
+    };
+    /** Max MFA email OTP resend attempts per IP per window. Default: 5 per minute. */
+    mfaResend?: {
+        windowMs?: number;
+        max?: number;
+    };
+    /** Max set-password (change password) attempts per user per window. Default: 5 per 15 min. */
+    setPassword?: {
+        windowMs?: number;
+        max?: number;
+    };
+    /** Max MFA disable attempts per user per window. Default: 5 per 15 min. */
+    mfaDisable?: {
+        windowMs?: number;
+        max?: number;
+    };
+    /** Max OAuth provider unlink attempts per user per window. Default: 5 per hour. */
+    oauthUnlink?: {
+        windowMs?: number;
+        max?: number;
+    };
+    /**
+     * Store backend for auth rate limit counters.
+     * Defaults to "redis" when Redis is enabled, otherwise "memory".
+     * Use "redis" for multi-instance deployments so limits are shared across servers.
+     */
+    store?: 'memory' | 'redis';
+    /** Credential stuffing detection. Tracks distinct accounts per IP and IPs per account. */
+    credentialStuffing?: {
+        maxAccountsPerIp?: {
+            count: number;
+            windowMs: number;
+        };
+        maxIpsPerAccount?: {
+            count: number;
+            windowMs: number;
+        };
+        onDetected?: (signal: {
+            type: 'ip' | 'account';
+            key: string;
+            count: number;
+        }) => void;
+    };
+}
+export interface AccountDeletionConfig {
+    /** Called before deletion. Throw to abort (e.g., active subscription check). */
+    onBeforeDelete?: (userId: string) => Promise<void>;
+    /** Called after auth data is deleted. Runs at execution time — query current state, not a snapshot. */
+    onAfterDelete?: (userId: string) => Promise<void>;
+    /** When true, deletion is queued as a BullMQ job instead of running synchronously. Requires Redis + BullMQ. */
+    queued?: boolean;
+    /** Grace period in seconds before queued deletion executes. Default: 0 (immediate). */
+    gracePeriod?: number;
+    /**
+     * When true, OAuth-only accounts (no password, no MFA) cannot delete their account via DELETE /auth/me
+     * because there is no verifiable factor. They must set a password or enable MFA first.
+     * When false (default), OAuth-only accounts can delete without verification.
+     */
+    requireVerification?: boolean;
+}
+export interface AuthSessionPolicyConfig {
+    /** Max simultaneous active sessions per user. Oldest is evicted when exceeded. Default: 6. */
+    maxSessions?: number;
+    /**
+     * Retain session metadata (IP, user-agent, timestamps) after a session expires or is deleted.
+     * Enables future novel-device/location detection. Default: true.
+     */
+    persistSessionMetadata?: boolean;
+    /**
+     * Include inactive (expired/deleted) sessions in GET /auth/sessions.
+     * Only meaningful when persistSessionMetadata is true. Default: false.
+     */
+    includeInactiveSessions?: boolean;
+    /**
+     * Update lastActiveAt on every authenticated request.
+     * Adds one DB write per auth'd request. Default: false.
+     * Automatically enabled when idleTimeout is set.
+     */
+    trackLastActive?: boolean;
+    /**
+     * Absolute session TTL in seconds. Sessions expire this long after creation regardless of activity.
+     * Default: 604800 (7 days). Also controls the auth cookie maxAge when not overridden by cookieConfig.
+     */
+    absoluteTimeout?: number;
+    /**
+     * Idle timeout in seconds. Sessions are revoked when lastActiveAt is older than this value.
+     * Requires trackLastActive to be meaningful — automatically enables it when set.
+     * Refresh token rotation counts as activity (rotateRefreshToken updates lastActiveAt).
+     */
+    idleTimeout?: number;
+    /**
+     * What to do with sessions after a successful password change via POST /auth/set-password.
+     * - "revoke_others" (default): revoke all sessions except the current one
+     * - "revoke_all_and_reissue": revoke all sessions, create a new session, return new token
+     * - "none": do nothing (not recommended)
+     */
+    onPasswordChange?: 'revoke_others' | 'revoke_all_and_reissue' | 'none';
+}
+/**
+ * Read-only snapshot of all auth config values. Built once during bootstrap,
+ * deep-frozen and attached to the runtime context.
+ */
+export interface AuthResolvedConfig {
+    readonly appName: string;
+    readonly appRoles: readonly string[];
+    readonly defaultRole: string | null;
+    readonly primaryField: PrimaryField;
+    readonly concealRegistration: Readonly<ConcealRegistrationConfig> | null;
+    readonly emailVerification: Readonly<EmailVerificationConfig> | null;
+    readonly passwordReset: Readonly<PasswordResetConfig> | null;
+    readonly magicLink: Readonly<MagicLinkConfig> | null;
+    readonly passwordPolicy: Readonly<PasswordPolicyConfig>;
+    readonly authCookie: Readonly<AuthCookieConfig>;
+    readonly csrfCookie: Readonly<CsrfCookieConfig>;
+    readonly maxSessions: number;
+    readonly persistSessionMetadata: boolean;
+    readonly includeInactiveSessions: boolean;
+    readonly trackLastActive: boolean;
+    readonly sessionPolicy: Readonly<SessionPolicySnapshot>;
+    readonly refreshToken: Readonly<RefreshTokenConfig> | null;
+    readonly mfa: Readonly<MfaConfig> | null;
+    readonly csrfEnabled: boolean;
+    readonly jwt: Readonly<JwtConfig> | null;
+    readonly breachedPassword: Readonly<BreachedPasswordConfig> | null;
+    readonly oauthReauth: Readonly<OAuthReauthConfig> | null;
+    readonly stepUp: Readonly<StepUpConfig> | null;
+    readonly checkSuspensionOnIdentify: boolean;
+    readonly captcha: Readonly<CaptchaConfig> | null;
+    readonly m2m: Readonly<M2MConfig> | null;
+    readonly saml: Readonly<SamlConfig> | null;
+    readonly oidc: Readonly<OidcConfig> | null;
+    readonly scim: Readonly<ScimConfig> | null;
+    readonly emailTemplates: Readonly<EmailTemplatesConfig> | null;
+    readonly hooks: Readonly<AuthHooksConfig>;
+}
+export declare const DEFAULT_AUTH_CONFIG: AuthResolvedConfig;
+/**
+ * Build a resolved auth config by merging partial overrides onto defaults.
+ * The returned config is deep-frozen.
+ */
+export declare function buildAuthResolvedConfig(overrides: Partial<AuthResolvedConfig>): AuthResolvedConfig;

package/dist/packages/bunshot-auth/src/config/authConfig.js ADDED Viewed

@@ -0,0 +1,46 @@
+import { deepFreeze } from './configLock';
+// ---------------------------------------------------------------------------
+// Default config — immutable baseline
+// ---------------------------------------------------------------------------
+export const DEFAULT_AUTH_CONFIG = Object.freeze({
+    appName: 'Core API',
+    appRoles: [],
+    defaultRole: null,
+    primaryField: 'email',
+    concealRegistration: null,
+    emailVerification: null,
+    passwordReset: null,
+    magicLink: null,
+    passwordPolicy: {},
+    authCookie: {},
+    csrfCookie: {},
+    maxSessions: 6,
+    persistSessionMetadata: true,
+    includeInactiveSessions: false,
+    trackLastActive: false,
+    sessionPolicy: {},
+    refreshToken: null,
+    mfa: null,
+    csrfEnabled: false,
+    jwt: null,
+    breachedPassword: null,
+    oauthReauth: null,
+    stepUp: null,
+    checkSuspensionOnIdentify: false,
+    captcha: null,
+    m2m: null,
+    saml: null,
+    oidc: null,
+    scim: null,
+    emailTemplates: null,
+    hooks: {},
+});
+/**
+ * Build a resolved auth config by merging partial overrides onto defaults.
+ * The returned config is deep-frozen.
+ */
+export function buildAuthResolvedConfig(overrides) {
+    const config = { ...DEFAULT_AUTH_CONFIG, ...overrides };
+    deepFreeze(config);
+    return config;
+}

package/dist/packages/bunshot-auth/src/config/configLock.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ /** Deep-freeze an object and all nested objects. */
2	+ export declare function deepFreeze<T extends object>(obj: T): Readonly<T>;

package/dist/packages/bunshot-auth/src/config/configLock.js ADDED Viewed

@@ -0,0 +1,10 @@
+/** Deep-freeze an object and all nested objects. */
+export function deepFreeze(obj) {
+    Object.freeze(obj);
+    for (const value of Object.values(obj)) {
+        if (value !== null && typeof value === 'object' && !Object.isFrozen(value)) {
+            deepFreeze(value);
+        }
+    }
+    return obj;
+}

package/dist/packages/bunshot-auth/src/index.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+export { createAuthPlugin } from './plugin';
+export type { ResolvedStores } from './types/adapter';
+export { authPluginConfigSchema } from './types/config';
+export type { AuthPluginConfig, AuthDbConfig, AuthSecurityConfig, StoreType, AuthConfig, OAuthConfig, } from './types/config';
+export { signToken, verifyToken } from './lib/jwt';
+export { createSession, getSession, deleteSession, getUserSessions, getActiveSessionCount, evictOldestSession, updateSessionLastActive, setRefreshToken, getSessionByRefreshToken, rotateRefreshToken, getSessionFingerprint, setSessionFingerprint, setMfaVerifiedAt, getMfaVerifiedAt, sessionFactories, createSqliteSessionRepository, createRedisSessionRepository, createMongoSessionRepository, } from './lib/session';
+export type { SessionStore } from './lib/session';
+export type { AuthAdapter, IdentityProfile, UserRecord, UserQuery, WebAuthnCredential, } from './lib/authAdapter';
+export type { CoreAuthAdapter, OAuthAdapter, MfaAdapter, WebAuthnAdapter, RolesAdapter, GroupsAdapter, SuspensionAdapter, EnterpriseAdapter, } from './lib/adapterTiers';
+export { validateAdapterCapabilities } from './lib/validateAdapter';
+export type { AdapterValidationConfig } from './lib/validateAdapter';
+export { createMemoryAuthAdapter } from './adapters/memoryAuth';
+export type { MemoryAuthStores } from './adapters/memoryAuth';
+export { createMongoAuthAdapter } from './adapters/mongoAuth';
+export { createSqliteAuthAdapter } from './adapters/sqliteAuth';
+export { renderTemplate, templates } from './lib/emailTemplates';
+export type { EmailTemplate, TemplateVariables } from './lib/emailTemplates';
+export { buildAuthResolvedConfig } from './config/authConfig';
+export type { AuthResolvedConfig } from './config/authConfig';
+export { wireSecurityEventConfig } from './lib/securityEventWiring';
+export type { SecurityEventsConfig, SecurityEvent } from './lib/securityEventWiring';
+export { getAuthRuntimeContext, getAuthRuntimeFromRequest } from './runtime';
+export type { AuthRuntimeContext } from './runtime';
+export { createBunshotAuthAccessProvider } from './admin/bunshotAccess';
+export { createBunshotManagedUserProvider } from './admin/bunshotUsers';

package/dist/packages/bunshot-auth/src/index.js ADDED Viewed

@@ -0,0 +1,23 @@
+// packages/bunshot-auth/src/index.ts — Public API for @lastshotlabs/bunshot-auth
+// Plugin factory
+export { createAuthPlugin } from './plugin';
+export { authPluginConfigSchema } from './types/config';
+// Session / JWT
+export { signToken, verifyToken } from './lib/jwt';
+export { createSession, getSession, deleteSession, getUserSessions, getActiveSessionCount, evictOldestSession, updateSessionLastActive, setRefreshToken, getSessionByRefreshToken, rotateRefreshToken, getSessionFingerprint, setSessionFingerprint, setMfaVerifiedAt, getMfaVerifiedAt, sessionFactories, createSqliteSessionRepository, createRedisSessionRepository, createMongoSessionRepository, } from './lib/session';
+export { validateAdapterCapabilities } from './lib/validateAdapter';
+// Built-in adapters
+export { createMemoryAuthAdapter } from './adapters/memoryAuth';
+export { createMongoAuthAdapter } from './adapters/mongoAuth';
+export { createSqliteAuthAdapter } from './adapters/sqliteAuth';
+// Email templates
+export { renderTemplate, templates } from './lib/emailTemplates';
+// Config
+export { buildAuthResolvedConfig } from './config/authConfig';
+// Event bus utilities
+export { wireSecurityEventConfig } from './lib/securityEventWiring';
+// Runtime context
+export { getAuthRuntimeContext, getAuthRuntimeFromRequest } from './runtime';
+// Admin providers (moved from framework root)
+export { createBunshotAuthAccessProvider } from './admin/bunshotAccess';
+export { createBunshotManagedUserProvider } from './admin/bunshotUsers';

package/dist/packages/bunshot-auth/src/infra/mongo.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+import type { Connection, Mongoose } from 'mongoose';
+/**
+ * Lazily require mongoose if not provided explicitly.
+ */
+export declare function resolveMongoose(mg?: Mongoose): Mongoose;
+/**
+ * Create a proxy-based connection accessor that lazily resolves to the actual connection.
+ * Returns a Proxy that allows model registration at module load time before connections
+ * are established.
+ */
+export declare function makeConnectionProxy(label: string, getConn: () => Connection | null, mongooseInstance?: Mongoose): Connection;
+/**
+ * Create a mongoose proxy that lazily resolves the mongoose instance.
+ */
+export declare function makeMongooseProxy(getMongoose: () => Mongoose): Mongoose;

package/dist/packages/bunshot-auth/src/infra/mongo.js ADDED Viewed

@@ -0,0 +1,44 @@
+/**
+ * Lazily require mongoose if not provided explicitly.
+ */
+export function resolveMongoose(mg) {
+    if (mg)
+        return mg;
+    try {
+        const mod = require('mongoose');
+        return mod.default ?? mod;
+    }
+    catch {
+        throw new Error('mongoose is not installed. Run: bun add mongoose');
+    }
+}
+/**
+ * Create a proxy-based connection accessor that lazily resolves to the actual connection.
+ * Returns a Proxy that allows model registration at module load time before connections
+ * are established.
+ */
+export function makeConnectionProxy(label, getConn, mongooseInstance) {
+    return new Proxy({}, {
+        get(_, prop) {
+            let conn = getConn();
+            if (!conn) {
+                // Lazily create a disconnected connection so .model() works at import time
+                const mg = resolveMongoose(mongooseInstance);
+                conn = mg.createConnection();
+            }
+            const val = conn[prop];
+            return typeof val === 'function' ? val.bind(conn) : val;
+        },
+    });
+}
+/**
+ * Create a mongoose proxy that lazily resolves the mongoose instance.
+ */
+export function makeMongooseProxy(getMongoose) {
+    return new Proxy({}, {
+        get(_, prop) {
+            const mg = getMongoose();
+            return mg[prop];
+        },
+    });
+}

package/dist/packages/bunshot-auth/src/infra/queue.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+import type { ConnectionOptions, Job, Processor, QueueOptions, Queue as QueueType, WorkerOptions, Worker as WorkerType } from 'bullmq';
+import type * as IORedis from 'ioredis';
+export interface AuthQueueFactory {
+    createQueue<T = unknown, R = unknown>(name: string, options?: Omit<QueueOptions, 'connection'>): AuthQueue<T, R>;
+    createWorker<T = unknown, R = unknown>(name: string, processor: Processor<T, R>, options?: Omit<WorkerOptions, 'connection'>): WorkerType<T, R>;
+}
+type BullMQRedisConnection = ConnectionOptions & IORedis.Redis;
+type AuthQueue<T, R> = QueueType<T, R, string, T, R, string>;
+/**
+ * Create a queue factory that captures Redis connection info once.
+ * All queues and workers created from this factory share the same connection.
+ */
+export declare function createQueueFactory(getRedis: () => BullMQRedisConnection): AuthQueueFactory;
+export type { Job };