@makroz/web 1.0.1

package/LICENSE

@@ -0,0 +1,33 @@
+# LICENSE
+
+**Proprietary License - MK-Director**
+
+Copyright (c) 2026 Condaty. All rights reserved.
+
+This software and associated documentation files (the "Software") are the proprietary property of Condaty ("Owner"). The Software may not be copied, modified, merged, published, distributed, sublicensed, and/or sold without the express written permission of the Owner.
+
+## Terms of Use
+
+1. **Authorization**: Access to this software is granted only to authorized users who have purchased a valid license from Condaty.
+
+2. **Restrictions**: Without prior written permission from the Owner, you may not:
+   - Copy, modify, or create derivative works
+   - Distribute, sublicense, or sell copies of the Software
+   - Reverse engineer, decompile, or disassemble the Software
+   - Use the Software for commercial purposes without a valid license
+
+3. **No Warranty**: THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+
+4. **Liability**: IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+5. **Termination**: This license is effective until terminated. Your rights under this license will terminate automatically without notice if you fail to comply with any of its terms and conditions.
+
+## Contact
+
+For licensing inquiries, please contact:
+- **Email**: licensing@condaty.com
+- **Website**: https://www.conday.com
+
+---
+
+*Last updated: April 2026*

package/README.md

@@ -0,0 +1,22 @@
+# @makroz/web
+
+Librería de componentes UI para proyectos Web (React). Enfocada en performance y personalización extrema.
+
+## Características Core
+- **Native CSS Theming**: Todo el look se controla via variables CSS (`--mk-primary`, etc.). Sin Tailwind.
+- **Micro-Animations**: Transiciones fluidas y estados activos integrados.
+- **useApi Hook**: Comunicación estandarizada con backend MK-Director, manejando loading/error/success automáticamente.
+
+## Instalación & Tematización
+Importa los estilos en tu root:
+```typescript
+import '@makroz/web/styles/index.css';
+```
+
+Personaliza el tema redefiniendo variables en tu CSS global:
+```css
+:root {
+  --mk-primary: #your-color;
+  --mk-radius: 4px;
+}
+```

package/dist/auth/MkAuthContext.d.ts

@@ -0,0 +1,43 @@
+import type { AdminDto } from './types';
+/**
+ * Shape of the value exposed by `<MkAuthProvider>`.
+ *
+ * The provider is intentionally minimal: it only knows about the
+ * current scope, the cached `user`, and the auth lifecycle (`login`,
+ * `logout`, `refresh`, `hasAbility`). Token persistence is internal —
+ * callers never see the raw tokens, only the boolean/typed results.
+ */
+export interface MkAuthContextValue {
+    /** The currently authenticated admin, or `null` if signed out. */
+    user: AdminDto | null;
+    /** True once the provider has completed its initial bootstrap (me/refresh). */
+    isLoading: boolean;
+    /** True iff `user !== null`. */
+    isAuthenticated: boolean;
+    /** Last error from login/refresh, cleared on the next successful call. */
+    error: Error | null;
+    /**
+     * Exchange email + password for tokens, persist them, and set `user`.
+     * On failure throws — the form catches and renders the error inline.
+     */
+    login: (email: string, password: string) => Promise<AdminDto>;
+    /**
+     * Hit the logout endpoint, clear the local cache, drop `user`.
+     * Best-effort: even if the network call fails, the local state is cleared.
+     */
+    logout: () => Promise<void>;
+    /**
+     * Manually trigger a token refresh and re-fetch the current user.
+     * Mostly used internally on mount, but exposed so consumers can
+     * force-refresh after a permission change, for example.
+     */
+    refresh: () => Promise<AdminDto | null>;
+    /**
+     * True iff the current user's `abilities` array contains `ability`
+     * (exact match). The backend may return wildcard scopes in the
+     * future; for now it's a plain array of strings.
+     */
+    hasAbility: (ability: string) => boolean;
+}
+export declare const MkAuthContext: import("react").Context<MkAuthContextValue | undefined>;
+//# sourceMappingURL=MkAuthContext.d.ts.map

package/dist/auth/MkAuthContext.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"MkAuthContext.d.ts","sourceRoot":"","sources":["../../src/auth/MkAuthContext.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAExC;;;;;;;GAOG;AACH,MAAM,WAAW,kBAAkB;IAC/B,kEAAkE;IAClE,IAAI,EAAE,QAAQ,GAAG,IAAI,CAAC;IACtB,+EAA+E;IAC/E,SAAS,EAAE,OAAO,CAAC;IACnB,gCAAgC;IAChC,eAAe,EAAE,OAAO,CAAC;IACzB,0EAA0E;IAC1E,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IAEpB;;;OAGG;IACH,KAAK,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;IAE9D;;;OAGG;IACH,MAAM,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAE5B;;;;OAIG;IACH,OAAO,EAAE,MAAM,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAC;IAExC;;;;OAIG;IACH,UAAU,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC;CAC5C;AAED,eAAO,MAAM,aAAa,yDAA2D,CAAC"}

package/dist/auth/MkAuthContext.js

@@ -0,0 +1,3 @@
+import { createContext } from 'react';
+export const MkAuthContext = createContext(undefined);
+//# sourceMappingURL=MkAuthContext.js.map

package/dist/auth/MkAuthContext.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"MkAuthContext.js","sourceRoot":"","sources":["../../src/auth/MkAuthContext.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,OAAO,CAAC;AAgDtC,MAAM,CAAC,MAAM,aAAa,GAAG,aAAa,CAAiC,SAAS,CAAC,CAAC"}

package/dist/auth/MkAuthForm.d.ts

@@ -0,0 +1,42 @@
+export interface MkAuthFormProps {
+    /** Auth scope to use, e.g. "admin", "member", "guard". */
+    scope: string;
+    /**
+     * Path to navigate to after a successful login. Defaults to
+     * `/{scope}/dashboard`. Use a fully qualified path or a relative one
+     * — this component only triggers a callback.
+     */
+    redirectAfterLogin?: string;
+    /**
+     * Show a "¿Olvidaste tu contraseña?" link below the submit button.
+     * Defaults to `true`.
+     */
+    showForgotPassword?: boolean;
+    /**
+     * Optional: invoked after a successful login. Receives the resolved
+     * `AdminDto` and the `redirectAfterLogin` value so the host can do
+     * `router.push(...)` with its own router. When omitted, the
+     * component only logs the success.
+     */
+    onLoginSuccess?: (admin: {
+        id: string;
+        email: string;
+    }, redirectTo: string) => void;
+    /**
+     * Optional: invoked when the user clicks the forgot-password link.
+     * When omitted, the link is rendered as a plain `<a href="/{scope}/forgot">`
+     * — sufficient for any routing setup.
+     */
+    onForgotPassword?: () => void;
+}
+/**
+ * Minimal, dependency-free login form. Renders email + password fields,
+ * a submit button, an inline error region, and an optional
+ * "¿Olvidaste tu contraseña?" link.
+ *
+ * Validation is intentionally simple (non-empty + email shape) — the
+ * server is the source of truth, and this keeps the component focused
+ * on the auth lifecycle.
+ */
+export declare function MkAuthForm({ scope, redirectAfterLogin, showForgotPassword, onLoginSuccess, onForgotPassword, }: MkAuthFormProps): React.JSX.Element;
+//# sourceMappingURL=MkAuthForm.d.ts.map

package/dist/auth/MkAuthForm.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"MkAuthForm.d.ts","sourceRoot":"","sources":["../../src/auth/MkAuthForm.tsx"],"names":[],"mappings":"AAQA,MAAM,WAAW,eAAe;IAC5B,0DAA0D;IAC1D,KAAK,EAAE,MAAM,CAAC;IACd;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B;;;OAGG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B;;;;;OAKG;IACH,cAAc,CAAC,EAAE,CAAC,KAAK,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,EAAE,UAAU,EAAE,MAAM,KAAK,IAAI,CAAC;IACpF;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,MAAM,IAAI,CAAC;CACjC;AAOD;;;;;;;;GAQG;AACH,wBAAgB,UAAU,CAAC,EACvB,KAAK,EACL,kBAAkB,EAClB,kBAAyB,EACzB,cAAc,EACd,gBAAgB,GACnB,EAAE,eAAe,GAAG,KAAK,CAAC,GAAG,CAAC,OAAO,CAqIrC"}

package/dist/auth/MkAuthForm.js

@@ -0,0 +1,53 @@
+'use client';
+import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
+import { useState, useCallback, useMemo } from 'react';
+import { useMkAuth } from './useMkAuth';
+import { MkInput } from '../components/MkInput';
+import { MkButton } from '../components/MkButton';
+/**
+ * Minimal, dependency-free login form. Renders email + password fields,
+ * a submit button, an inline error region, and an optional
+ * "¿Olvidaste tu contraseña?" link.
+ *
+ * Validation is intentionally simple (non-empty + email shape) — the
+ * server is the source of truth, and this keeps the component focused
+ * on the auth lifecycle.
+ */
+export function MkAuthForm({ scope, redirectAfterLogin, showForgotPassword = true, onLoginSuccess, onForgotPassword, }) {
+    const { login, error, isLoading } = useMkAuth();
+    const [state, setState] = useState({ email: '', password: '' });
+    const [submitting, setSubmitting] = useState(false);
+    const target = useMemo(() => redirectAfterLogin !== null && redirectAfterLogin !== void 0 ? redirectAfterLogin : `/${scope}/dashboard`, [redirectAfterLogin, scope]);
+    const handleChange = useCallback((field) => (value) => {
+        setState((prev) => (Object.assign(Object.assign({}, prev), { [field]: value })));
+    }, []);
+    const handleSubmit = useCallback((e) => {
+        e.preventDefault();
+        if (submitting || isLoading)
+            return;
+        setSubmitting(true);
+        // Error is surfaced via `error` from `useMkAuth`; we just need to
+        // reset submitting on completion.
+        void login(state.email.trim(), state.password)
+            .then((admin) => onLoginSuccess === null || onLoginSuccess === void 0 ? void 0 : onLoginSuccess({ id: admin.id, email: admin.email }, target))
+            .finally(() => setSubmitting(false));
+    }, [submitting, isLoading, login, state.email, state.password, onLoginSuccess, target]);
+    // `MkInput` calls `onChange(value: string)`; we forward to our state
+    // setter. We don't pass the native event through because the existing
+    // `MkInput` signature strips it.
+    const onEmailChange = useCallback((v) => handleChange('email')(v), [handleChange]);
+    const onPasswordChange = useCallback((v) => handleChange('password')(v), [handleChange]);
+    const errorMessage = error ? error.message : null;
+    return (_jsxs("form", { "data-mk-auth-scope": scope, onSubmit: handleSubmit, noValidate: true, "aria-busy": submitting || isLoading, style: { display: 'flex', flexDirection: 'column', gap: 12 }, children: [_jsxs("div", { children: [_jsx("label", { htmlFor: `${scope}-email`, children: "Email" }), _jsx(MkInput, { id: `${scope}-email`, name: "email", type: "email", autoComplete: "email", required: true, value: state.email, onChange: onEmailChange, disabled: submitting || isLoading, placeholder: "admin@example.com" })] }), _jsxs("div", { children: [_jsx("label", { htmlFor: `${scope}-password`, children: "Contrase\u00F1a" }), _jsx(MkInput, { id: `${scope}-password`, name: "password", type: "password", autoComplete: "current-password", required: true, value: state.password, onChange: onPasswordChange, disabled: submitting || isLoading })] }), errorMessage ? (_jsx("div", { role: "alert", "data-mk-auth-error": true, style: {
+                    color: 'var(--mk-color-error, #d32f2f)',
+                    fontSize: 14,
+                }, children: errorMessage })) : null, _jsx(MkButton, { type: "submit", variant: "primary", loading: submitting || isLoading, disabled: submitting || isLoading || !state.email || !state.password, children: "Iniciar sesi\u00F3n" }), showForgotPassword ? (_jsx("div", { style: { fontSize: 14, textAlign: 'center' }, children: onForgotPassword ? (_jsx("button", { type: "button", onClick: onForgotPassword, style: {
+                        background: 'none',
+                        border: 'none',
+                        color: 'var(--mk-color-primary, #1976d2)',
+                        cursor: 'pointer',
+                        padding: 0,
+                        textDecoration: 'underline',
+                    }, children: "\u00BFOlvidaste tu contrase\u00F1a?" })) : (_jsx("a", { href: `/${scope}/forgot`, style: { color: 'var(--mk-color-primary, #1976d2)' }, children: "\u00BFOlvidaste tu contrase\u00F1a?" })) })) : null] }));
+}
+//# sourceMappingURL=MkAuthForm.js.map

package/dist/auth/MkAuthForm.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"MkAuthForm.js","sourceRoot":"","sources":["../../src/auth/MkAuthForm.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;;AAEb,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,OAAO,CAAC;AAEvD,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAoClD;;;;;;;;GAQG;AACH,MAAM,UAAU,UAAU,CAAC,EACvB,KAAK,EACL,kBAAkB,EAClB,kBAAkB,GAAG,IAAI,EACzB,cAAc,EACd,gBAAgB,GACF;IACd,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,SAAS,EAAE,CAAC;IAChD,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,QAAQ,CAAY,EAAE,KAAK,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;IAC3E,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAEpD,MAAM,MAAM,GAAG,OAAO,CAClB,GAAG,EAAE,CAAC,kBAAkB,aAAlB,kBAAkB,cAAlB,kBAAkB,GAAI,IAAI,KAAK,YAAY,EACjD,CAAC,kBAAkB,EAAE,KAAK,CAAC,CAC9B,CAAC;IAEF,MAAM,YAAY,GAAG,WAAW,CAC5B,CAAC,KAAsB,EAAE,EAAE,CAAC,CAAC,KAAa,EAAE,EAAE;QAC1C,QAAQ,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,iCAAM,IAAI,KAAE,CAAC,KAAK,CAAC,EAAE,KAAK,IAAG,CAAC,CAAC;IACtD,CAAC,EACD,EAAE,CACL,CAAC;IAEF,MAAM,YAAY,GAAG,WAAW,CAC5B,CAAC,CAA6B,EAAE,EAAE;QAC9B,CAAC,CAAC,cAAc,EAAE,CAAC;QACnB,IAAI,UAAU,IAAI,SAAS;YAAE,OAAO;QACpC,aAAa,CAAC,IAAI,CAAC,CAAC;QACpB,kEAAkE;QAClE,kCAAkC;QAClC,KAAK,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,KAAK,CAAC,QAAQ,CAAC;aACzC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAG,EAAE,EAAE,EAAE,KAAK,CAAC,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,EAAE,MAAM,CAAC,CAAC;aAC/E,OAAO,CAAC,GAAG,EAAE,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC;IAC7C,CAAC,EACD,CAAC,UAAU,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,QAAQ,EAAE,cAAc,EAAE,MAAM,CAAC,CACtF,CAAC;IAEF,qEAAqE;IACrE,sEAAsE;IACtE,iCAAiC;IACjC,MAAM,aAAa,GAAG,WAAW,CAC7B,CAAC,CAAS,EAAE,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EACvC,CAAC,YAAY,CAAC,CACjB,CAAC;IACF,MAAM,gBAAgB,GAAG,WAAW,CAChC,CAAC,CAAS,EAAE,EAAE,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAC1C,CAAC,YAAY,CAAC,CACjB,CAAC;IAEF,MAAM,YAAY,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC;IAElD,OAAO,CACH,sCACwB,KAAK,EACzB,QAAQ,EAAE,YAAY,EACtB,UAAU,qBACC,UAAU,IAAI,SAAS,EAClC,KAAK,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,GAAG,EAAE,EAAE,EAAE,aAE5D,0BACI,gBAAO,OAAO,EAAE,GAAG,KAAK,QAAQ,sBAAe,EAC/C,KAAC,OAAO,IACJ,EAAE,EAAE,GAAG,KAAK,QAAQ,EACpB,IAAI,EAAC,OAAO,EACZ,IAAI,EAAC,OAAO,EACZ,YAAY,EAAC,OAAO,EACpB,QAAQ,QACR,KAAK,EAAE,KAAK,CAAC,KAAK,EAClB,QAAQ,EAAE,aAAa,EACvB,QAAQ,EAAE,UAAU,IAAI,SAAS,EACjC,WAAW,EAAC,mBAAmB,GACjC,IACA,EAEN,0BACI,gBAAO,OAAO,EAAE,GAAG,KAAK,WAAW,gCAAoB,EACvD,KAAC,OAAO,IACJ,EAAE,EAAE,GAAG,KAAK,WAAW,EACvB,IAAI,EAAC,UAAU,EACf,IAAI,EAAC,UAAU,EACf,YAAY,EAAC,kBAAkB,EAC/B,QAAQ,QACR,KAAK,EAAE,KAAK,CAAC,QAAQ,EACrB,QAAQ,EAAE,gBAAgB,EAC1B,QAAQ,EAAE,UAAU,IAAI,SAAS,GACnC,IACA,EAEL,YAAY,CAAC,CAAC,CAAC,CACZ,cACI,IAAI,EAAC,OAAO,8BAEZ,KAAK,EAAE;oBACH,KAAK,EAAE,gCAAgC;oBACvC,QAAQ,EAAE,EAAE;iBACf,YAEA,YAAY,GACX,CACT,CAAC,CAAC,CAAC,IAAI,EAER,KAAC,QAAQ,IACL,IAAI,EAAC,QAAQ,EACb,OAAO,EAAC,SAAS,EACjB,OAAO,EAAE,UAAU,IAAI,SAAS,EAChC,QAAQ,EAAE,UAAU,IAAI,SAAS,IAAI,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,QAAQ,oCAG7D,EAEV,kBAAkB,CAAC,CAAC,CAAC,CAClB,cAAK,KAAK,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,YAC5C,gBAAgB,CAAC,CAAC,CAAC,CAChB,iBACI,IAAI,EAAC,QAAQ,EACb,OAAO,EAAE,gBAAgB,EACzB,KAAK,EAAE;wBACH,UAAU,EAAE,MAAM;wBAClB,MAAM,EAAE,MAAM;wBACd,KAAK,EAAE,kCAAkC;wBACzC,MAAM,EAAE,SAAS;wBACjB,OAAO,EAAE,CAAC;wBACV,cAAc,EAAE,WAAW;qBAC9B,oDAGI,CACZ,CAAC,CAAC,CAAC,CACA,YACI,IAAI,EAAE,IAAI,KAAK,SAAS,EACxB,KAAK,EAAE,EAAE,KAAK,EAAE,kCAAkC,EAAE,oDAGpD,CACP,GACC,CACT,CAAC,CAAC,CAAC,IAAI,IACL,CACV,CAAC;AACN,CAAC"}

package/dist/auth/MkAuthProvider.d.ts

@@ -0,0 +1,30 @@
+import type { ReactNode } from 'react';
+import type { AuthStorageAdapter } from './types';
+export interface MkAuthProviderProps {
+    /** Logical scope of this provider, e.g. "admin", "member", "guard". */
+    scope: string;
+    /**
+     * Base URL of the API. The provider appends `/api/${scope}/auth/...`
+     * to it. Trailing slashes are tolerated.
+     */
+    apiBaseUrl: string;
+    /** Children wrapped by the provider. */
+    children: ReactNode;
+    /**
+     * Optional storage adapter. Defaults to `window.localStorage` when
+     * available. Tests pass an in-memory adapter.
+     */
+    storage?: AuthStorageAdapter;
+    /**
+     * Optional: inject a custom `fetch` implementation (e.g. for tests
+     * that polyfill `global.fetch` differently). Defaults to `globalThis.fetch`.
+     */
+    fetcher?: typeof fetch;
+}
+/**
+ * `<QueryClientProvider>` + `<MkAuthProviderInner>`. The outer wrapper
+ * exists so consumers don't have to remember to also mount a
+ * `QueryClient` — the auth provider is self-contained.
+ */
+export declare function MkAuthProvider(props: MkAuthProviderProps): React.JSX.Element;
+//# sourceMappingURL=MkAuthProvider.d.ts.map

package/dist/auth/MkAuthProvider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"MkAuthProvider.d.ts","sourceRoot":"","sources":["../../src/auth/MkAuthProvider.tsx"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AAUvC,OAAO,KAAK,EAER,kBAAkB,EAKrB,MAAM,SAAS,CAAC;AAmBjB,MAAM,WAAW,mBAAmB;IAChC,uEAAuE;IACvE,KAAK,EAAE,MAAM,CAAC;IACd;;;OAGG;IACH,UAAU,EAAE,MAAM,CAAC;IACnB,wCAAwC;IACxC,QAAQ,EAAE,SAAS,CAAC;IACpB;;;OAGG;IACH,OAAO,CAAC,EAAE,kBAAkB,CAAC;IAC7B;;;OAGG;IACH,OAAO,CAAC,EAAE,OAAO,KAAK,CAAC;CAC1B;AAwSD;;;;GAIG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,mBAAmB,GAAG,KAAK,CAAC,GAAG,CAAC,OAAO,CAkB5E"}

package/dist/auth/MkAuthProvider.js

@@ -0,0 +1,319 @@
+'use client';
+import { jsx as _jsx } from "react/jsx-runtime";
+import { useEffect, useMemo, useRef, useState, useCallback } from 'react';
+import { QueryClient, QueryClientProvider, useQuery, useMutation, useQueryClient, } from '@tanstack/react-query';
+import { MkAuthContext } from './MkAuthContext';
+const DEFAULT_STORAGE = typeof window !== 'undefined' && typeof window.localStorage !== 'undefined'
+    ? {
+        getItem: (key) => window.localStorage.getItem(key),
+        setItem: (key, value) => window.localStorage.setItem(key, value),
+        removeItem: (key) => window.localStorage.removeItem(key),
+    }
+    : undefined;
+function tokenKey(scope, kind) {
+    return `mk_auth_${scope}_${kind}_token`;
+}
+function userKey(scope) {
+    return `mk_auth_${scope}_user`;
+}
+/**
+ * Internal provider — owns the React Query client and the auth state.
+ * Exported only as `<MkAuthProvider>`, which wraps it in
+ * `<QueryClientProvider>`.
+ */
+function MkAuthProviderInner({ scope, apiBaseUrl, children, storage = DEFAULT_STORAGE, fetcher, }) {
+    var _a, _b, _c;
+    const normalizedBase = apiBaseUrl.replace(/\/+$/, '');
+    const queryClient = useQueryClient();
+    const fetchImpl = fetcher !== null && fetcher !== void 0 ? fetcher : (_a = globalThis.fetch) === null || _a === void 0 ? void 0 : _a.bind(globalThis);
+    // Persisted token + user snapshots (read on first render only, to keep
+    // `useState` initializer cheap; we still write back on every change).
+    const initialAccess = (_b = storage === null || storage === void 0 ? void 0 : storage.getItem(tokenKey(scope, 'access'))) !== null && _b !== void 0 ? _b : null;
+    const initialRefresh = (_c = storage === null || storage === void 0 ? void 0 : storage.getItem(tokenKey(scope, 'refresh'))) !== null && _c !== void 0 ? _c : null;
+    const initialUserJson = storage === null || storage === void 0 ? void 0 : storage.getItem(userKey(scope));
+    const initialUser = useRef(initialUserJson ? safeParse(initialUserJson) : null).current;
+    const [user, setUserState] = useState(initialUser);
+    const [error, setError] = useState(null);
+    const persistUser = useCallback((next) => {
+        if (!storage)
+            return;
+        if (next) {
+            storage.setItem(userKey(scope), JSON.stringify(next));
+        }
+        else {
+            storage.removeItem(userKey(scope));
+        }
+    }, [scope, storage]);
+    const persistTokens = useCallback((access, refresh) => {
+        if (!storage)
+            return;
+        if (access) {
+            storage.setItem(tokenKey(scope, 'access'), access);
+        }
+        else {
+            storage.removeItem(tokenKey(scope, 'access'));
+        }
+        if (refresh) {
+            storage.setItem(tokenKey(scope, 'refresh'), refresh);
+        }
+        else {
+            storage.removeItem(tokenKey(scope, 'refresh'));
+        }
+    }, [scope, storage]);
+    const clearAll = useCallback(() => {
+        persistTokens(null, null);
+        persistUser(null);
+    }, [persistTokens, persistUser]);
+    const setUser = useCallback((next) => {
+        setUserState(next);
+        persistUser(next);
+    }, [persistUser]);
+    // ---- /me query ---------------------------------------------------------
+    // Re-runs whenever the mutation cache is invalidated (after login/logout/
+    // refresh) via the `refetchType: 'all'` policy below.
+    const meQuery = useQuery({
+        queryKey: ['mk-auth', scope, 'me'],
+        queryFn: async ({ signal }) => {
+            var _a;
+            const access = (_a = storage === null || storage === void 0 ? void 0 : storage.getItem(tokenKey(scope, 'access'))) !== null && _a !== void 0 ? _a : null;
+            if (!access) {
+                throw new Error('No access token available');
+            }
+            const res = await fetchImpl(`${normalizedBase}/api/${scope}/auth/me`, {
+                method: 'GET',
+                headers: {
+                    Accept: 'application/json',
+                    Authorization: `Bearer ${access}`,
+                },
+                signal,
+            });
+            if (res.status === 401) {
+                throw unauthorized();
+            }
+            if (!res.ok) {
+                throw new Error(`Failed to fetch user (${res.status})`);
+            }
+            const json = (await res.json());
+            const dto = json && typeof json === 'object' && 'data' in json
+                ? json.data
+                : json;
+            return dto;
+        },
+        enabled: Boolean(initialAccess) && Boolean(fetchImpl),
+        staleTime: 60000,
+        retry: false,
+        refetchOnWindowFocus: false,
+    });
+    // Keep `user` in sync with the latest successful /me response.
+    useEffect(() => {
+        if (meQuery.data) {
+            setUser(meQuery.data);
+        }
+    }, [meQuery.data, setUser]);
+    // ---- refresh mutation (also used on mount when /me 401s) ---------------
+    const refreshMutation = useMutation({
+        mutationFn: async () => {
+            var _a;
+            const refresh = (_a = storage === null || storage === void 0 ? void 0 : storage.getItem(tokenKey(scope, 'refresh'))) !== null && _a !== void 0 ? _a : null;
+            if (!refresh) {
+                throw new Error('No refresh token available');
+            }
+            const res = await fetchImpl(`${normalizedBase}/api/${scope}/auth/refresh`, {
+                method: 'POST',
+                headers: {
+                    Accept: 'application/json',
+                    'Content-Type': 'application/json',
+                },
+                body: JSON.stringify({ refresh_token: refresh }),
+            });
+            if (!res.ok) {
+                throw unauthorized();
+            }
+            return (await res.json());
+        },
+    });
+    // ---- login mutation ----------------------------------------------------
+    const loginMutation = useMutation({
+        mutationFn: async (input) => {
+            const res = await fetchImpl(`${normalizedBase}/api/${scope}/auth/login`, {
+                method: 'POST',
+                headers: {
+                    Accept: 'application/json',
+                    'Content-Type': 'application/json',
+                },
+                body: JSON.stringify(input),
+            });
+            if (!res.ok) {
+                const body = await safeReadError(res);
+                throw new Error(body !== null && body !== void 0 ? body : 'Invalid credentials');
+            }
+            return (await res.json());
+        },
+        onSuccess: (data) => {
+            persistTokens(data.access_token, data.refresh_token);
+            setUser(data.admin);
+        },
+    });
+    // ---- logout mutation ---------------------------------------------------
+    const logoutMutation = useMutation({
+        mutationFn: async () => {
+            const access = storage === null || storage === void 0 ? void 0 : storage.getItem(tokenKey(scope, 'access'));
+            if (!access)
+                return;
+            const res = await fetchImpl(`${normalizedBase}/api/${scope}/auth/logout`, {
+                method: 'POST',
+                headers: {
+                    Accept: 'application/json',
+                    Authorization: `Bearer ${access}`,
+                },
+            });
+            // 204 No Content is the documented success. Anything else is logged
+            // but does not block local cleanup.
+            if (!res.ok && res.status !== 204) {
+                // eslint-disable-next-line no-console
+                console.warn(`Logout returned ${res.status}; clearing local state anyway.`);
+            }
+        },
+        onSettled: () => {
+            // Cancel any in-flight /me request and drop its cache so it
+            // cannot race the local state clear and re-populate `user`.
+            queryClient.cancelQueries({ queryKey: ['mk-auth', scope, 'me'] });
+            queryClient.removeQueries({ queryKey: ['mk-auth', scope, 'me'] });
+            clearAll();
+            setUser(null);
+        },
+    });
+    // ---- bootstrap ---------------------------------------------------------
+    // On mount: if we have tokens, /me runs. If /me 401s, try /refresh.
+    // If refresh fails, drop tokens and user.
+    const bootstrapped = useRef(false);
+    useEffect(() => {
+        if (bootstrapped.current)
+            return;
+        bootstrapped.current = true;
+        const access = initialAccess;
+        const refresh = initialRefresh;
+        if (!access) {
+            setUser(null);
+            return;
+        }
+        // /me will run automatically (enabled: true since we have access).
+        // We hook into its result via subscription below.
+        const unsubscribe = meQuery.refetch().then((result) => {
+            if (result.isError && refresh) {
+                // Try to refresh, then re-run /me.
+                refreshMutation
+                    .mutateAsync()
+                    .then((data) => {
+                    persistTokens(data.access_token, data.refresh_token);
+                    setUser(data.admin);
+                })
+                    .catch(() => {
+                    clearAll();
+                    setUser(null);
+                });
+            }
+            else if (result.isError) {
+                clearAll();
+                setUser(null);
+            }
+        });
+        return () => {
+            unsubscribe.catch(() => {
+                /* swallow */
+            });
+        };
+        // We intentionally only run this once on mount.
+        // eslint-disable-next-line react-hooks/exhaustive-deps
+    }, []);
+    // ---- exposed API -------------------------------------------------------
+    const refresh = useCallback(async () => {
+        try {
+            const data = await refreshMutation.mutateAsync();
+            persistTokens(data.access_token, data.refresh_token);
+            setUser(data.admin);
+            return data.admin;
+        }
+        catch (_a) {
+            clearAll();
+            setUser(null);
+            return null;
+        }
+    }, [refreshMutation, persistTokens, setUser, clearAll]);
+    const login = useCallback(async (email, password) => {
+        setError(null);
+        try {
+            const data = await loginMutation.mutateAsync({ email, password });
+            return data.admin;
+        }
+        catch (err) {
+            const e = err instanceof Error ? err : new Error('Login failed');
+            setError(e);
+            throw e;
+        }
+    }, [loginMutation]);
+    const logout = useCallback(async () => {
+        // Even on network failure, local state has already been cleared by
+        // onSettled. Re-throw so callers can decide what to do.
+        await logoutMutation.mutateAsync();
+    }, [logoutMutation]);
+    const hasAbility = useCallback((ability) => {
+        if (!user)
+            return false;
+        return Array.isArray(user.abilities) && user.abilities.includes(ability);
+    }, [user]);
+    const isLoading = meQuery.isLoading || meQuery.isFetching || loginMutation.isPending;
+    const value = useMemo(() => ({
+        user,
+        isLoading,
+        isAuthenticated: user !== null,
+        error,
+        login,
+        logout,
+        refresh,
+        hasAbility,
+    }), [user, isLoading, error, login, logout, refresh, hasAbility]);
+    return _jsx(MkAuthContext.Provider, { value: value, children: children });
+}
+/**
+ * `<QueryClientProvider>` + `<MkAuthProviderInner>`. The outer wrapper
+ * exists so consumers don't have to remember to also mount a
+ * `QueryClient` — the auth provider is self-contained.
+ */
+export function MkAuthProvider(props) {
+    const [client] = useState(() => new QueryClient({
+        defaultOptions: {
+            queries: {
+                retry: false,
+                refetchOnWindowFocus: false,
+            },
+        },
+    }));
+    return (_jsx(QueryClientProvider, { client: client, children: _jsx(MkAuthProviderInner, Object.assign({}, props)) }));
+}
+// ---- helpers --------------------------------------------------------------
+function unauthorized() {
+    const e = new Error('Unauthorized');
+    e.name = 'UnauthorizedError';
+    return e;
+}
+function safeParse(json) {
+    try {
+        return JSON.parse(json);
+    }
+    catch (_a) {
+        return null;
+    }
+}
+async function safeReadError(res) {
+    try {
+        const body = (await res.json());
+        if (body && typeof body.message === 'string')
+            return body.message;
+    }
+    catch (_a) {
+        /* fallthrough */
+    }
+    return `Request failed (${res.status})`;
+}
+//# sourceMappingURL=MkAuthProvider.js.map

package/dist/auth/MkAuthProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"MkAuthProvider.js","sourceRoot":"","sources":["../../src/auth/MkAuthProvider.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;;AAEb,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,OAAO,CAAC;AAE1E,OAAO,EACH,WAAW,EACX,mBAAmB,EACnB,QAAQ,EACR,WAAW,EACX,cAAc,GACjB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAWhD,MAAM,eAAe,GACjB,OAAO,MAAM,KAAK,WAAW,IAAI,OAAO,MAAM,CAAC,YAAY,KAAK,WAAW;IACvE,CAAC,CAAC;QACI,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC;QAClD,OAAO,EAAE,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC;QAChE,UAAU,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC;KAC3D;IACH,CAAC,CAAC,SAAS,CAAC;AAEpB,SAAS,QAAQ,CAAC,KAAa,EAAE,IAA0B;IACvD,OAAO,WAAW,KAAK,IAAI,IAAI,QAAQ,CAAC;AAC5C,CAAC;AAED,SAAS,OAAO,CAAC,KAAa;IAC1B,OAAO,WAAW,KAAK,OAAO,CAAC;AACnC,CAAC;AAwBD;;;;GAIG;AACH,SAAS,mBAAmB,CAAC,EACzB,KAAK,EACL,UAAU,EACV,QAAQ,EACR,OAAO,GAAG,eAAe,EACzB,OAAO,GACW;;IAClB,MAAM,cAAc,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACtD,MAAM,WAAW,GAAG,cAAc,EAAE,CAAC;IACrC,MAAM,SAAS,GAAiB,OAAO,aAAP,OAAO,cAAP,OAAO,GAAI,MAAA,UAAU,CAAC,KAAK,0CAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IAE9E,uEAAuE;IACvE,sEAAsE;IACtE,MAAM,aAAa,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,mCAAI,IAAI,CAAC;IAC1E,MAAM,cAAc,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC,QAAQ,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC,mCAAI,IAAI,CAAC;IAC5E,MAAM,eAAe,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;IACzD,MAAM,WAAW,GAAG,MAAM,CACtB,eAAe,CAAC,CAAC,CAAC,SAAS,CAAW,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,CAChE,CAAC,OAAO,CAAC;IAEV,MAAM,CAAC,IAAI,EAAE,YAAY,CAAC,GAAG,QAAQ,CAAkB,WAAW,CAAC,CAAC;IACpE,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,QAAQ,CAAe,IAAI,CAAC,CAAC;IAEvD,MAAM,WAAW,GAAG,WAAW,CAC3B,CAAC,IAAqB,EAAE,EAAE;QACtB,IAAI,CAAC,OAAO;YAAE,OAAO;QACrB,IAAI,IAAI,EAAE,CAAC;YACP,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;QAC1D,CAAC;aAAM,CAAC;YACJ,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;QACvC,CAAC;IACL,CAAC,EACD,CAAC,KAAK,EAAE,OAAO,CAAC,CACnB,CAAC;IAEF,MAAM,aAAa,GAAG,WAAW,CAC7B,CAAC,MAAqB,EAAE,OAAsB,EAAE,EAAE;QAC9C,IAAI,CAAC,OAAO;YAAE,OAAO;QACrB,IAAI,MAAM,EAAE,CAAC;YACT,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,EAAE,MAAM,CAAC,CAAC;QACvD,CAAC;aAAM,CAAC;YACJ,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC;QAClD,CAAC;QACD,IAAI,OAAO,EAAE,CAAC;YACV,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,EAAE,SAAS,CAAC,EAAE,OAAO,CAAC,CAAC;QACzD,CAAC;aAAM,CAAC;YACJ,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC,CAAC;QACnD,CAAC;IACL,CAAC,EACD,CAAC,KAAK,EAAE,OAAO,CAAC,CACnB,CAAC;IAEF,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,EAAE;QAC9B,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC1B,WAAW,CAAC,IAAI,CAAC,CAAC;IACtB,CAAC,EAAE,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC,CAAC;IAEjC,MAAM,OAAO,GAAG,WAAW,CACvB,CAAC,IAAqB,EAAE,EAAE;QACtB,YAAY,CAAC,IAAI,CAAC,CAAC;QACnB,WAAW,CAAC,IAAI,CAAC,CAAC;IACtB,CAAC,EACD,CAAC,WAAW,CAAC,CAChB,CAAC;IAEF,2EAA2E;IAC3E,0EAA0E;IAC1E,sDAAsD;IACtD,MAAM,OAAO,GAAG,QAAQ,CAAkB;QACtC,QAAQ,EAAE,CAAC,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC;QAClC,OAAO,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;;YAC1B,MAAM,MAAM,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,mCAAI,IAAI,CAAC;YACnE,IAAI,CAAC,MAAM,EAAE,CAAC;gBACV,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;YACjD,CAAC;YACD,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,GAAG,cAAc,QAAQ,KAAK,UAAU,EAAE;gBAClE,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE;oBACL,MAAM,EAAE,kBAAkB;oBAC1B,aAAa,EAAE,UAAU,MAAM,EAAE;iBACpC;gBACD,MAAM;aACT,CAAC,CAAC;YACH,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBACrB,MAAM,YAAY,EAAE,CAAC;YACzB,CAAC;YACD,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACV,MAAM,IAAI,KAAK,CAAC,yBAAyB,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC;YAC5D,CAAC;YACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA0B,CAAC;YACzD,MAAM,GAAG,GACL,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,MAAM,IAAI,IAAI;gBAC9C,CAAC,CAAE,IAAmB,CAAC,IAAI;gBAC3B,CAAC,CAAE,IAAiB,CAAC;YAC7B,OAAO,GAAG,CAAC;QACf,CAAC;QACD,OAAO,EAAE,OAAO,CAAC,aAAa,CAAC,IAAI,OAAO,CAAC,SAAS,CAAC;QACrD,SAAS,EAAE,KAAM;QACjB,KAAK,EAAE,KAAK;QACZ,oBAAoB,EAAE,KAAK;KAC9B,CAAC,CAAC;IAEH,+DAA+D;IAC/D,SAAS,CAAC,GAAG,EAAE;QACX,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACf,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;IACL,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;IAE5B,2EAA2E;IAC3E,MAAM,eAAe,GAAG,WAAW,CAAyB;QACxD,UAAU,EAAE,KAAK,IAAI,EAAE;;YACnB,MAAM,OAAO,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC,QAAQ,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC,mCAAI,IAAI,CAAC;YACrE,IAAI,CAAC,OAAO,EAAE,CAAC;gBACX,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;YAClD,CAAC;YACD,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,GAAG,cAAc,QAAQ,KAAK,eAAe,EAAE;gBACvE,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACL,MAAM,EAAE,kBAAkB;oBAC1B,cAAc,EAAE,kBAAkB;iBACrC;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,aAAa,EAAE,OAAO,EAAE,CAAC;aACnD,CAAC,CAAC;YACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACV,MAAM,YAAY,EAAE,CAAC;YACzB,CAAC;YACD,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAoB,CAAC;QACjD,CAAC;KACJ,CAAC,CAAC;IAEH,2EAA2E;IAC3E,MAAM,aAAa,GAAG,WAAW,CAAmC;QAChE,UAAU,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;YACxB,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,GAAG,cAAc,QAAQ,KAAK,aAAa,EAAE;gBACrE,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACL,MAAM,EAAE,kBAAkB;oBAC1B,cAAc,EAAE,kBAAkB;iBACrC;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;aAC9B,CAAC,CAAC;YACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACV,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,GAAG,CAAC,CAAC;gBACtC,MAAM,IAAI,KAAK,CAAC,IAAI,aAAJ,IAAI,cAAJ,IAAI,GAAI,qBAAqB,CAAC,CAAC;YACnD,CAAC;YACD,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAkB,CAAC;QAC/C,CAAC;QACD,SAAS,EAAE,CAAC,IAAI,EAAE,EAAE;YAChB,aAAa,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;YACrD,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxB,CAAC;KACJ,CAAC,CAAC;IAEH,2EAA2E;IAC3E,MAAM,cAAc,GAAG,WAAW,CAAoB;QAClD,UAAU,EAAE,KAAK,IAAI,EAAE;YACnB,MAAM,MAAM,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC3D,IAAI,CAAC,MAAM;gBAAE,OAAO;YACpB,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,GAAG,cAAc,QAAQ,KAAK,cAAc,EAAE;gBACtE,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACL,MAAM,EAAE,kBAAkB;oBAC1B,aAAa,EAAE,UAAU,MAAM,EAAE;iBACpC;aACJ,CAAC,CAAC;YACH,oEAAoE;YACpE,oCAAoC;YACpC,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAChC,sCAAsC;gBACtC,OAAO,CAAC,IAAI,CAAC,mBAAmB,GAAG,CAAC,MAAM,gCAAgC,CAAC,CAAC;YAChF,CAAC;QACL,CAAC;QACD,SAAS,EAAE,GAAG,EAAE;YACZ,4DAA4D;YAC5D,4DAA4D;YAC5D,WAAW,CAAC,aAAa,CAAC,EAAE,QAAQ,EAAE,CAAC,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;YAClE,WAAW,CAAC,aAAa,CAAC,EAAE,QAAQ,EAAE,CAAC,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;YAClE,QAAQ,EAAE,CAAC;YACX,OAAO,CAAC,IAAI,CAAC,CAAC;QAClB,CAAC;KACJ,CAAC,CAAC;IAEH,2EAA2E;IAC3E,oEAAoE;IACpE,0CAA0C;IAC1C,MAAM,YAAY,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IACnC,SAAS,CAAC,GAAG,EAAE;QACX,IAAI,YAAY,CAAC,OAAO;YAAE,OAAO;QACjC,YAAY,CAAC,OAAO,GAAG,IAAI,CAAC;QAE5B,MAAM,MAAM,GAAG,aAAa,CAAC;QAC7B,MAAM,OAAO,GAAG,cAAc,CAAC;QAC/B,IAAI,CAAC,MAAM,EAAE,CAAC;YACV,OAAO,CAAC,IAAI,CAAC,CAAC;YACd,OAAO;QACX,CAAC;QAED,mEAAmE;QACnE,kDAAkD;QAClD,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;YAClD,IAAI,MAAM,CAAC,OAAO,IAAI,OAAO,EAAE,CAAC;gBAC5B,mCAAmC;gBACnC,eAAe;qBACV,WAAW,EAAE;qBACb,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE;oBACX,aAAa,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;oBACrD,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBACxB,CAAC,CAAC;qBACD,KAAK,CAAC,GAAG,EAAE;oBACR,QAAQ,EAAE,CAAC;oBACX,OAAO,CAAC,IAAI,CAAC,CAAC;gBAClB,CAAC,CAAC,CAAC;YACX,CAAC;iBAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACxB,QAAQ,EAAE,CAAC;gBACX,OAAO,CAAC,IAAI,CAAC,CAAC;YAClB,CAAC;QACL,CAAC,CAAC,CAAC;QACH,OAAO,GAAG,EAAE;YACR,WAAW,CAAC,KAAK,CAAC,GAAG,EAAE;gBACnB,aAAa;YACjB,CAAC,CAAC,CAAC;QACP,CAAC,CAAC;QACF,gDAAgD;QAChD,uDAAuD;IAC3D,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,2EAA2E;IAC3E,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,IAA8B,EAAE;QAC7D,IAAI,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,eAAe,CAAC,WAAW,EAAE,CAAC;YACjD,aAAa,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;YACrD,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACpB,OAAO,IAAI,CAAC,KAAK,CAAC;QACtB,CAAC;QAAC,WAAM,CAAC;YACL,QAAQ,EAAE,CAAC;YACX,OAAO,CAAC,IAAI,CAAC,CAAC;YACd,OAAO,IAAI,CAAC;QAChB,CAAC;IACL,CAAC,EAAE,CAAC,eAAe,EAAE,aAAa,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;IAExD,MAAM,KAAK,GAAG,WAAW,CACrB,KAAK,EAAE,KAAa,EAAE,QAAgB,EAAqB,EAAE;QACzD,QAAQ,CAAC,IAAI,CAAC,CAAC;QACf,IAAI,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,WAAW,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;YAClE,OAAO,IAAI,CAAC,KAAK,CAAC;QACtB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,MAAM,CAAC,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC;YACjE,QAAQ,CAAC,CAAC,CAAC,CAAC;YACZ,MAAM,CAAC,CAAC;QACZ,CAAC;IACL,CAAC,EACD,CAAC,aAAa,CAAC,CAClB,CAAC;IAEF,MAAM,MAAM,GAAG,WAAW,CAAC,KAAK,IAAmB,EAAE;QACjD,mEAAmE;QACnE,wDAAwD;QACxD,MAAM,cAAc,CAAC,WAAW,EAAE,CAAC;IACvC,CAAC,EAAE,CAAC,cAAc,CAAC,CAAC,CAAC;IAErB,MAAM,UAAU,GAAG,WAAW,CAC1B,CAAC,OAAe,EAAW,EAAE;QACzB,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QACxB,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC7E,CAAC,EACD,CAAC,IAAI,CAAC,CACT,CAAC;IAEF,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,UAAU,IAAI,aAAa,CAAC,SAAS,CAAC;IAErF,MAAM,KAAK,GAAG,OAAO,CACjB,GAAG,EAAE,CAAC,CAAC;QACH,IAAI;QACJ,SAAS;QACT,eAAe,EAAE,IAAI,KAAK,IAAI;QAC9B,KAAK;QACL,KAAK;QACL,MAAM;QACN,OAAO;QACP,UAAU;KACb,CAAC,EACF,CAAC,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,CAAC,CAC/D,CAAC;IAEF,OAAO,KAAC,aAAa,CAAC,QAAQ,IAAC,KAAK,EAAE,KAAK,YAAG,QAAQ,GAA0B,CAAC;AACrF,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,cAAc,CAAC,KAA0B;IACrD,MAAM,CAAC,MAAM,CAAC,GAAG,QAAQ,CACrB,GAAG,EAAE,CACD,IAAI,WAAW,CAAC;QACZ,cAAc,EAAE;YACZ,OAAO,EAAE;gBACL,KAAK,EAAE,KAAK;gBACZ,oBAAoB,EAAE,KAAK;aAC9B;SACJ;KACJ,CAAC,CACT,CAAC;IAEF,OAAO,CACH,KAAC,mBAAmB,IAAC,MAAM,EAAE,MAAM,YAC/B,KAAC,mBAAmB,oBAAK,KAAK,EAAI,GAChB,CACzB,CAAC;AACN,CAAC;AAED,8EAA8E;AAE9E,SAAS,YAAY;IACjB,MAAM,CAAC,GAAG,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC;IACpC,CAAC,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAC7B,OAAO,CAAC,CAAC;AACb,CAAC;AAED,SAAS,SAAS,CAAI,IAAY;IAC9B,IAAI,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAM,CAAC;IACjC,CAAC;IAAC,WAAM,CAAC;QACL,OAAO,IAAI,CAAC;IAChB,CAAC;AACL,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,GAAa;IACtC,IAAI,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAyB,CAAC;QACxD,IAAI,IAAI,IAAI,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC,OAAO,CAAC;IACtE,CAAC;IAAC,WAAM,CAAC;QACL,iBAAiB;IACrB,CAAC;IACD,OAAO,mBAAmB,GAAG,CAAC,MAAM,GAAG,CAAC;AAC5C,CAAC"}

package/dist/auth/auth/MkAuthContext.d.ts

@@ -0,0 +1,42 @@
+import type { AdminDto } from './types';
+/**
+ * Shape of the value exposed by `<MkAuthProvider>`.
+ *
+ * The provider is intentionally minimal: it only knows about the
+ * current scope, the cached `user`, and the auth lifecycle (`login`,
+ * `logout`, `refresh`, `hasAbility`). Token persistence is internal —
+ * callers never see the raw tokens, only the boolean/typed results.
+ */
+export interface MkAuthContextValue {
+    /** The currently authenticated admin, or `null` if signed out. */
+    user: AdminDto | null;
+    /** True once the provider has completed its initial bootstrap (me/refresh). */
+    isLoading: boolean;
+    /** True iff `user !== null`. */
+    isAuthenticated: boolean;
+    /** Last error from login/refresh, cleared on the next successful call. */
+    error: Error | null;
+    /**
+     * Exchange email + password for tokens, persist them, and set `user`.
+     * On failure throws — the form catches and renders the error inline.
+     */
+    login: (email: string, password: string) => Promise<AdminDto>;
+    /**
+     * Hit the logout endpoint, clear the local cache, drop `user`.
+     * Best-effort: even if the network call fails, the local state is cleared.
+     */
+    logout: () => Promise<void>;
+    /**
+     * Manually trigger a token refresh and re-fetch the current user.
+     * Mostly used internally on mount, but exposed so consumers can
+     * force-refresh after a permission change, for example.
+     */
+    refresh: () => Promise<AdminDto | null>;
+    /**
+     * True iff the current user's `abilities` array contains `ability`
+     * (exact match). The backend may return wildcard scopes in the
+     * future; for now it's a plain array of strings.
+     */
+    hasAbility: (ability: string) => boolean;
+}
+export declare const MkAuthContext: import("react").Context<MkAuthContextValue | undefined>;