@marianmeres/ownsuite 1.0.3 → 2.1.0

package/dist/ownsuite.d.ts

@@ -11,10 +11,14 @@
  * hook and `@marianmeres/stack-common`'s `ownsuiteOptions()` helper.
  */
 import { type Subscriber, type Unsubscriber } from "@marianmeres/pubsub";
-import type { OwnsuiteContext } from "./types/state.js";
+import type { DomainError, OwnsuiteContext } from "./types/state.js";
 import type { OwnedCollectionAdapter } from "./types/adapter.js";
 import type { OwnsuiteEventType } from "./types/events.js";
+import type { AuthAdapter, ProfileAdapter, SessionStorageType } from "./types/auth.js";
 import { OwnedCollectionManager } from "./domains/owned-collection.js";
+import { AuthManager } from "./domains/auth.js";
+import { ProfileManager } from "./domains/profile.js";
+import { SessionManager } from "./domains/session.js";
 /**
  * Configuration for a single domain at construction time. The caller
  * provides a unique name and an adapter. A custom `getRowId` is optional
@@ -32,6 +36,25 @@ export interface OwnsuiteConfig {
     domains?: Record<string, OwnsuiteDomainConfig>;
     /** Auto-initialize all registered domains on creation (default: false). */
     autoInitialize?: boolean;
+    /** Auth / profile adapters. When present, ownsuite builds the
+     *  SessionManager / AuthManager / ProfileManager trio and exposes them
+     *  as `suite.auth`, `suite.profile`, `suite.session`. */
+    adapters?: {
+        auth?: AuthAdapter;
+        profile?: ProfileAdapter;
+    };
+    /** Session persistence config. Ignored when no auth adapter is provided. */
+    session?: {
+        storage?: SessionStorageType;
+        storageKey?: string;
+    };
+}
+/** Options for {@link Ownsuite.setContext}. */
+export interface SetContextOptions {
+    /** If true, replace the context entirely instead of merging. Default: false (merge). */
+    replace?: boolean;
+    /** If true, fire `refresh()` on every domain after the context change. Default: false. */
+    refresh?: boolean;
 }
 /**
  * Main Ownsuite class — coordinates owner-scoped domain managers.
@@ -53,7 +76,14 @@ export interface OwnsuiteConfig {
  */
 export declare class Ownsuite {
     #private;
+    /** Optional auth/session/profile managers. Present iff `adapters.auth`
+     *  was supplied at construction. */
+    readonly session: SessionManager | null;
+    readonly auth: AuthManager | null;
+    readonly profile: ProfileManager | null;
     constructor(config?: OwnsuiteConfig);
+    /** True after `destroy()` has been called. */
+    get isDestroyed(): boolean;
     /** Register a new domain after construction. */
     registerDomain<TRow = any, TCreate = any, TUpdate = any>(name: string, cfg: OwnsuiteDomainConfig<TRow, TCreate, TUpdate>): OwnedCollectionManager<TRow, TCreate, TUpdate>;
     /** Look up a domain manager by name. Throws if unknown. */
@@ -65,11 +95,20 @@ export declare class Ownsuite {
     /**
      * Initialize all registered domains (or a subset). Runs in parallel.
      * Individual domain errors land in that domain's error state — they
-     * do not reject the overall promise.
+     * do not reject the overall promise. Use `hasErrors()` / `errors()` to
+     * inspect the result. Unknown domain names in `names` are logged and
+     * skipped.
      */
     initialize(names?: string[]): Promise<void>;
-    /** Update shared context and propagate to all domain managers. */
-    setContext(ctx: OwnsuiteContext): void;
+    /**
+     * Update shared context and propagate to every domain manager.
+     *
+     * - `options.replace: true` — replace the context wholesale (no merge).
+     * - `options.refresh: true` — fire-and-forget `refresh()` on every
+     *   domain after the context change (so stale per-subject caches don't
+     *   linger when, e.g., `subjectId` changes).
+     */
+    setContext(ctx: OwnsuiteContext, options?: SetContextOptions): void;
     getContext(): OwnsuiteContext;
     /** Subscribe to a specific event type. */
     on(type: OwnsuiteEventType, subscriber: Subscriber): Unsubscriber;
@@ -78,8 +117,22 @@ export declare class Ownsuite {
      * `{ event: string, data: OwnsuiteEvent }` — see `@marianmeres/pubsub`.
      */
     onAny(subscriber: Subscriber): Unsubscriber;
-    /** Reset all domains to initializing state. */
+    /** Map of currently-errored domains to their error, empty if none. */
+    errors(): Record<string, DomainError>;
+    /** True if any domain is currently in `error` state. */
+    hasErrors(): boolean;
+    /** Reset all domains to initializing state. Aborts in-flight ops. */
     reset(): void;
+    /**
+     * Dispose of the suite: destroys every registered domain (aborting
+     * in-flight requests), drops the domain map, and unsubscribes every
+     * listener this suite owns on its pubsub. Safe to call multiple times.
+     *
+     * Note: if the pubsub was constructed internally (the default), all
+     * subscribers are unsubscribed. If consumers passed an external pubsub
+     * to managers directly, that shared pubsub is not cleared — they own it.
+     */
+    destroy(): void;
 }
 /** Convenience factory matching the ecsuite `createECSuite` convention. */
 export declare function createOwnsuite(config?: OwnsuiteConfig): Ownsuite;

package/dist/ownsuite.js

@@ -13,6 +13,9 @@
 import { createClog } from "@marianmeres/clog";
 import { createPubSub, } from "@marianmeres/pubsub";
 import { OwnedCollectionManager } from "./domains/owned-collection.js";
+import { AuthManager } from "./domains/auth.js";
+import { ProfileManager } from "./domains/profile.js";
+import { SessionManager } from "./domains/session.js";
 /**
  * Main Ownsuite class — coordinates owner-scoped domain managers.
  *
@@ -37,20 +40,111 @@ export class Ownsuite {
     #context;
     // deno-lint-ignore no-explicit-any
     #domains = new Map();
+    #destroyed = false;
+    /** Optional auth/session/profile managers. Present iff `adapters.auth`
+     *  was supplied at construction. */
+    session = null;
+    auth = null;
+    profile = null;
     constructor(config = {}) {
         this.#pubsub = createPubSub();
         this.#context = { ...(config.context ?? {}) };
+        // Build session / auth / profile managers if the auth adapter is wired.
+        if (config.adapters?.auth) {
+            const session = new SessionManager({
+                storage: config.session?.storage,
+                storageKey: config.session?.storageKey,
+                pubsub: this.#pubsub,
+            });
+            this.session = session;
+            // Profile adapter is optional but strongly encouraged. Without it
+            // login still works — we just don't hydrate roles/isVerified from
+            // /me after auth and consumers must call auth-result-based state
+            // themselves.
+            const profileAdapter = config.adapters.profile;
+            if (profileAdapter) {
+                this.profile = new ProfileManager({
+                    adapter: profileAdapter,
+                    session,
+                    pubsub: this.#pubsub,
+                    context: this.#context,
+                });
+            }
+            // AuthManager requires a profile manager to hydrate the subject
+            // after login. If none was provided, build a stub that throws —
+            // AuthManager will still call it inside a try/catch and recover.
+            const profileForAuth = this.profile ?? new ProfileManager({
+                adapter: {
+                    get: () => Promise.reject(new Error("no profile adapter configured")),
+                    update: () => Promise.reject(new Error("no profile adapter configured")),
+                    listOAuth: () => Promise.resolve([]),
+                    unlinkOAuth: () => Promise.reject(new Error("no profile adapter configured")),
+                },
+                session,
+                pubsub: this.#pubsub,
+                context: this.#context,
+            });
+            this.auth = new AuthManager({
+                adapter: config.adapters.auth,
+                session,
+                profile: profileForAuth,
+                pubsub: this.#pubsub,
+                context: this.#context,
+                onIdentityChanged: (ctx) => this.#onIdentityChanged(ctx),
+            });
+            // Listen for session changes to keep the suite-wide context
+            // `jwt` / `subjectId` in sync with the authenticated session.
+            session.subscribe((s) => {
+                const patch = {
+                    jwt: s.jwt ?? undefined,
+                    subjectId: s.subject?.id || undefined,
+                };
+                this.#context = { ...this.#context, ...patch };
+                for (const m of this.#domains.values()) {
+                    m.setContext(patch);
+                }
+            });
+        }
         for (const [name, cfg] of Object.entries(config.domains ?? {})) {
             this.registerDomain(name, cfg);
         }
         if (config.autoInitialize) {
-            // fire-and-forget; consumers who care should await initialize() explicitly
-            this.initialize().catch((e) => this.#clog.error("autoInitialize", e));
+            // `initialize()` is non-rejecting by contract; per-domain errors
+            // land in that domain's error state. See `hasErrors()` / `errors()`
+            // to detect them after boot.
+            void this.initialize();
+        }
+    }
+    /** Identity-change hook fired by the AuthManager after a successful
+     *  login / register / logout / OAuth login. Reset every owner-scoped
+     *  domain so their subscribed state reflects the new subject (or the
+     *  anonymous state). Subsequent fetches pick up the new ctx.jwt. */
+    async #onIdentityChanged(ctx) {
+        for (const m of this.#domains.values())
+            m.setContext(ctx);
+        for (const m of this.#domains.values())
+            m.reset();
+        // Re-init for authenticated state; stay at "initializing" for logout
+        // (so stale data doesn't flash while consumers unmount).
+        if (ctx.jwt) {
+            try {
+                await this.initialize();
+            }
+            catch {
+                // initialize() doesn't reject on domain errors, but guard anyway.
+            }
         }
     }
+    /** True after `destroy()` has been called. */
+    get isDestroyed() {
+        return this.#destroyed;
+    }
     /** Register a new domain after construction. */
     // deno-lint-ignore no-explicit-any
     registerDomain(name, cfg) {
+        if (this.#destroyed) {
+            throw new Error("Ownsuite: cannot register on a destroyed suite");
+        }
         if (this.#domains.has(name)) {
             throw new Error(`Ownsuite: domain "${name}" already registered`);
         }
@@ -82,17 +176,50 @@ export class Ownsuite {
     /**
      * Initialize all registered domains (or a subset). Runs in parallel.
      * Individual domain errors land in that domain's error state — they
-     * do not reject the overall promise.
+     * do not reject the overall promise. Use `hasErrors()` / `errors()` to
+     * inspect the result. Unknown domain names in `names` are logged and
+     * skipped.
      */
     async initialize(names) {
+        if (this.#destroyed)
+            return;
         const targets = names ?? this.domainNames();
-        await Promise.all(targets.map((n) => this.#domains.get(n)?.initialize() ?? Promise.resolve()));
+        await Promise.all(targets.map((n) => {
+            const m = this.#domains.get(n);
+            if (!m) {
+                this.#clog.warn(`initialize: unknown domain "${n}", skipping`);
+                return Promise.resolve();
+            }
+            return m.initialize();
+        }));
     }
-    /** Update shared context and propagate to all domain managers. */
-    setContext(ctx) {
-        this.#context = { ...this.#context, ...ctx };
-        for (const m of this.#domains.values())
-            m.setContext(this.#context);
+    /**
+     * Update shared context and propagate to every domain manager.
+     *
+     * - `options.replace: true` — replace the context wholesale (no merge).
+     * - `options.refresh: true` — fire-and-forget `refresh()` on every
+     *   domain after the context change (so stale per-subject caches don't
+     *   linger when, e.g., `subjectId` changes).
+     */
+    setContext(ctx, options = {}) {
+        if (this.#destroyed)
+            return;
+        this.#context = options.replace
+            ? { ...ctx }
+            : { ...this.#context, ...ctx };
+        for (const m of this.#domains.values()) {
+            if (options.replace)
+                m.replaceContext(this.#context);
+            else
+                m.setContext(this.#context);
+        }
+        if (options.refresh) {
+            for (const m of this.#domains.values()) {
+                // Fire-and-forget. refresh() is non-rejecting (lands in error state
+                // on failure), but we defensively swallow anything unexpected.
+                void m.refresh().catch((e) => this.#clog.error("setContext: refresh failed", e));
+            }
+        }
     }
     getContext() {
         return { ...this.#context };
@@ -108,11 +235,52 @@ export class Ownsuite {
     onAny(subscriber) {
         return this.#pubsub.subscribe("*", subscriber);
     }
-    /** Reset all domains to initializing state. */
+    /** Map of currently-errored domains to their error, empty if none. */
+    errors() {
+        const out = {};
+        for (const [name, m] of this.#domains) {
+            const s = m.get();
+            if (s.state === "error" && s.error)
+                out[name] = s.error;
+        }
+        return out;
+    }
+    /** True if any domain is currently in `error` state. */
+    hasErrors() {
+        for (const m of this.#domains.values()) {
+            if (m.get().state === "error")
+                return true;
+        }
+        return false;
+    }
+    /** Reset all domains to initializing state. Aborts in-flight ops. */
     reset() {
         for (const m of this.#domains.values())
             m.reset();
     }
+    /**
+     * Dispose of the suite: destroys every registered domain (aborting
+     * in-flight requests), drops the domain map, and unsubscribes every
+     * listener this suite owns on its pubsub. Safe to call multiple times.
+     *
+     * Note: if the pubsub was constructed internally (the default), all
+     * subscribers are unsubscribed. If consumers passed an external pubsub
+     * to managers directly, that shared pubsub is not cleared — they own it.
+     */
+    destroy() {
+        if (this.#destroyed)
+            return;
+        this.#destroyed = true;
+        for (const m of this.#domains.values())
+            m.destroy();
+        this.#domains.clear();
+        this.profile?.destroy();
+        this.session?.destroy();
+        // Our internal pubsub: clear all subscribers. Best-effort — if a custom
+        // pubsub implementation doesn't expose `unsubscribeAll`, skip it.
+        const ps = this.#pubsub;
+        ps.unsubscribeAll?.();
+    }
 }
 /** Convenience factory matching the ecsuite `createECSuite` convention. */
 export function createOwnsuite(config = {}) {

package/dist/types/adapter.d.ts

@@ -34,6 +34,10 @@ export interface OwnedRowResult<TRow> {
  *   client. The client can only act on rows it owns.
  * - Errors should throw (ideally `HTTP_ERROR` from `@marianmeres/http-utils`);
  *   the manager handles rollback and error state.
+ * - `ctx.signal` is populated by the manager on every call — forward it to
+ *   `fetch(url, { signal: ctx.signal })` to support route-change and
+ *   destroy cancellation. Ignoring the signal is safe but leaves abandoned
+ *   requests running to completion (wasted bandwidth; no state corruption).
  */
 export interface OwnedCollectionAdapter<TRow, TCreate = unknown, TUpdate = unknown> {
     /** List rows owned by the current subject. Query params are implementation-defined. */

package/dist/types/auth.d.ts

@@ -0,0 +1,162 @@
+/**
+ * @module types/auth
+ *
+ * Types for the auth / profile / session managers that extend ownsuite with
+ * a first-class identity lifecycle (register, login, logout, OAuth link/
+ * unlink, email verification, password reset, delete account, profile edit).
+ *
+ * Design notes:
+ *  - The adapter pattern mirrors `OwnedCollectionAdapter` — consumers plug in
+ *    an implementation; no HTTP code lives in managers.
+ *  - The `SessionManager` is the single source of truth for the JWT and the
+ *    current subject. Adapters never hold auth state.
+ *  - OAuth initiation returns a URL — the popup / redirect dance is handled
+ *    by the `openOAuthPopup` helper (see `oauth/popup.ts`) rather than the
+ *    adapter itself.
+ */
+import type { OwnsuiteContext } from "./state.js";
+/** Lifecycle state of the current session. */
+export type SessionStatus = 
+/** No JWT. Either never logged in or explicitly logged out. */
+"anonymous"
+/** JWT present, subject loaded, login succeeded. */
+ | "authenticated"
+/**
+ * Account exists and credentials were correct BUT the server is blocking
+ * login because the email is not yet verified. UI should surface "check
+ * your email" without a second round-trip. Emitted when `auth.login()`
+ * or `auth.register()` hits the verification gate.
+ */
+ | "unverified";
+/**
+ * Minimal subject shape exposed to consumers. Matches what stack-account's
+ * `/me` returns plus the fields needed for role-gating.
+ */
+export interface SessionSubject {
+    id: string;
+    email: string;
+    roles: string[];
+    isVerified: boolean;
+    /** Whether the account has a password (OAuth-only accounts do not). */
+    hasPassword: boolean;
+}
+/** Observable session state — stored by the SessionManager. */
+export interface SessionState {
+    status: SessionStatus;
+    subject: SessionSubject | null;
+    jwt: string | null;
+    /** Unix-seconds expiry (optional — not every server shape returns one). */
+    expiresAt: number | null;
+}
+/**
+ * Pluggable storage for persisting session state across reloads. Consumers
+ * can pass "local" / "session" / "memory" or supply their own object
+ * matching this interface (useful for Tauri, WebExtensions, SSR guards).
+ */
+export interface SessionStorage {
+    get(key: string): string | null;
+    set(key: string, value: string): void;
+    del(key: string): void;
+}
+export type SessionStorageType = "local" | "session" | "memory" | SessionStorage;
+export type OAuthProvider = "google" | "facebook" | "apple" | "twitter";
+export interface OAuthConnection {
+    provider: OAuthProvider;
+    display_name?: string;
+    avatar_url?: string;
+    email?: string;
+}
+/** Action verb for the OAuth init URL — `login` creates/looks-up an account,
+ *  `link` attaches the provider to the currently authenticated subject. */
+export type OAuthAction = "login" | "link";
+export interface OAuthInitOptions {
+    action: OAuthAction;
+    /** Where to redirect after the provider callback (server honours this). */
+    redirect?: string;
+    /** Language code forwarded to the server for error-page localization. */
+    lang?: string;
+    /** `"popup"` (default) or `"redirect"` — the manager uses this to decide
+     *  whether to open a popup and wait for a postMessage, or redirect the
+     *  top window. */
+    mode?: "popup" | "redirect";
+}
+/**
+ * Uniform result shape for `register` / `login` / OAuth success. When the
+ * server returns `requiresVerification: true` (i.e. the verification gate is
+ * on and the email is not yet verified), the JWT will be absent and the
+ * manager flips session.status to "unverified".
+ */
+export interface AuthTokenResult {
+    jwt?: string;
+    email: string;
+    roles: string[];
+    isVerified?: boolean;
+    validFrom?: number;
+    validUntil?: number;
+    /** Set by the server when login auto-login is declined for a not-yet-
+     *  verified account. Mutually exclusive with jwt in practice. */
+    requiresVerification?: boolean;
+}
+export interface ProfileResult {
+    email: string;
+    roles: string[];
+    isVerified: boolean;
+    hasPassword: boolean;
+    oauthConnections: OAuthConnection[];
+}
+export interface AuthAdapter {
+    register(input: {
+        email: string;
+        password: string;
+        password_confirm: string;
+        roles?: string[];
+        /** Optional extras — consumer forwards any configured
+         *  registrationFields the server expects. */
+        extras?: Record<string, unknown>;
+    }, ctx: OwnsuiteContext): Promise<AuthTokenResult>;
+    login(input: {
+        email: string;
+        password: string;
+    }, ctx: OwnsuiteContext): Promise<AuthTokenResult>;
+    /** Best-effort server-side revocation. Must not throw on
+     *  already-anonymous state. */
+    logout(ctx: OwnsuiteContext): Promise<void>;
+    /** Sync URL builder. The manager opens this URL in a popup (default) or
+     *  redirects the top window depending on mode. */
+    oauthInitUrl(provider: OAuthProvider, opts: OAuthInitOptions, ctx: OwnsuiteContext): string;
+    /** For the redirect-mode callback path: extract result from the current
+     *  URL (or a server-rendered payload) and return it. Popup-mode uses the
+     *  `openOAuthPopup` helper directly and does not call this. */
+    handleOAuthCallback?(ctx: OwnsuiteContext): Promise<AuthTokenResult>;
+    resendVerification(input: {
+        email: string;
+        lang?: string;
+    }, ctx: OwnsuiteContext): Promise<void>;
+    requestPasswordReset(input: {
+        email: string;
+        lang?: string;
+    }, ctx: OwnsuiteContext): Promise<void>;
+    changePassword(input: {
+        /** Required for authenticated self-change. */
+        current_password?: string;
+        new_password: string;
+        confirm_password: string;
+        /** Required for token-based reset. */
+        token?: string;
+    }, ctx: OwnsuiteContext): Promise<void>;
+    deleteAccount(input: {
+        password?: string;
+        confirm?: boolean;
+    }, ctx: OwnsuiteContext): Promise<{
+        deleted: true;
+    }>;
+}
+export interface ProfileAdapter {
+    get(ctx: OwnsuiteContext): Promise<ProfileResult>;
+    update(input: {
+        email?: string;
+        current_password?: string;
+    }, ctx: OwnsuiteContext): Promise<ProfileResult>;
+    listOAuth(ctx: OwnsuiteContext): Promise<OAuthConnection[]>;
+    unlinkOAuth(provider: OAuthProvider, ctx: OwnsuiteContext): Promise<void>;
+}

package/dist/types/auth.js

@@ -0,0 +1,17 @@
+/**
+ * @module types/auth
+ *
+ * Types for the auth / profile / session managers that extend ownsuite with
+ * a first-class identity lifecycle (register, login, logout, OAuth link/
+ * unlink, email verification, password reset, delete account, profile edit).
+ *
+ * Design notes:
+ *  - The adapter pattern mirrors `OwnedCollectionAdapter` — consumers plug in
+ *    an implementation; no HTTP code lives in managers.
+ *  - The `SessionManager` is the single source of truth for the JWT and the
+ *    current subject. Adapters never hold auth state.
+ *  - OAuth initiation returns a URL — the popup / redirect dance is handled
+ *    by the `openOAuthPopup` helper (see `oauth/popup.ts`) rather than the
+ *    adapter itself.
+ */
+export {};

package/dist/types/events.d.ts

@@ -4,6 +4,7 @@
  * Event type definitions for the ownsuite event system.
  */
 import type { DomainError, DomainState } from "./state.js";
+import type { OAuthConnection, OAuthProvider, SessionState } from "./auth.js";
 /**
  * Domain identifier in ownsuite is an arbitrary string (the collection name
  * or any label the consumer chose), unlike ecsuite's fixed enum of six
@@ -11,7 +12,7 @@ import type { DomainError, DomainState } from "./state.js";
  */
 export type DomainName = string;
 /** Event types emitted by the suite. */
-export type OwnsuiteEventType = "domain:state:changed" | "domain:error" | "domain:synced" | "own:list:fetched" | "own:row:fetched" | "own:row:created" | "own:row:updated" | "own:row:deleted";
+export type OwnsuiteEventType = "domain:state:changed" | "domain:error" | "domain:synced" | "own:list:fetched" | "own:row:fetched" | "own:row:created" | "own:row:updated" | "own:row:deleted" | "auth:register" | "auth:login" | "auth:logout" | "auth:session:changed" | "auth:verification:required" | "profile:updated" | "oauth:linked" | "oauth:unlinked";
 /** Base event data. */
 export interface OwnsuiteEventBase {
     /** Event timestamp */
@@ -59,5 +60,43 @@ export interface RowDeletedEvent extends OwnsuiteEventBase {
     type: "own:row:deleted";
     rowId: string;
 }
+export interface AuthEventBase {
+    timestamp: number;
+}
+export interface AuthRegisterEvent extends AuthEventBase {
+    type: "auth:register";
+    email: string;
+    /** True when the server requires email verification (no auto-login). */
+    requiresVerification: boolean;
+}
+export interface AuthLoginEvent extends AuthEventBase {
+    type: "auth:login";
+    email: string;
+}
+export interface AuthLogoutEvent extends AuthEventBase {
+    type: "auth:logout";
+    /** Id of the subject that just logged out, if known. */
+    subjectId?: string;
+}
+export interface AuthSessionChangedEvent extends AuthEventBase {
+    type: "auth:session:changed";
+    session: SessionState;
+}
+export interface AuthVerificationRequiredEvent extends AuthEventBase {
+    type: "auth:verification:required";
+    email: string;
+}
+export interface ProfileUpdatedEvent extends AuthEventBase {
+    type: "profile:updated";
+    email: string;
+}
+export interface OAuthLinkedEvent extends AuthEventBase {
+    type: "oauth:linked";
+    connection: OAuthConnection;
+}
+export interface OAuthUnlinkedEvent extends AuthEventBase {
+    type: "oauth:unlinked";
+    provider: OAuthProvider;
+}
 /** All event types union. */
-export type OwnsuiteEvent = StateChangedEvent | ErrorEvent | SyncedEvent | ListFetchedEvent | RowFetchedEvent | RowCreatedEvent | RowUpdatedEvent | RowDeletedEvent;
+export type OwnsuiteEvent = StateChangedEvent | ErrorEvent | SyncedEvent | ListFetchedEvent | RowFetchedEvent | RowCreatedEvent | RowUpdatedEvent | RowDeletedEvent | AuthRegisterEvent | AuthLoginEvent | AuthLogoutEvent | AuthSessionChangedEvent | AuthVerificationRequiredEvent | ProfileUpdatedEvent | OAuthLinkedEvent | OAuthUnlinkedEvent;

package/dist/types/mod.d.ts

@@ -1,3 +1,4 @@
 export * from "./state.js";
 export * from "./events.js";
 export * from "./adapter.js";
+export * from "./auth.js";

package/dist/types/mod.js

@@ -1,3 +1,4 @@
 export * from "./state.js";
 export * from "./events.js";
 export * from "./adapter.js";
+export * from "./auth.js";

package/dist/types/state.d.ts

@@ -34,10 +34,27 @@ export interface DomainStateWrapper<T> {
  * its own `ownerId` — the server resolves it from the authenticated subject
  * via the `/me/*` mount. The context is still provided so adapters can pass
  * arbitrary host-app data (correlation ids, feature flags, etc.) through.
+ *
+ * The manager also injects a per-operation `signal` into `ctx` for every
+ * adapter call. Adapters that care about cancellation should forward it
+ * to `fetch()`; adapters that don't can ignore it.
  */
 export interface OwnsuiteContext {
     /** Hint — not used for authorization. The server is authoritative. */
     subjectId?: string;
+    /**
+     * JWT to pass through to adapters as the `Authorization: Bearer <jwt>`
+     * credential. Managed by the `SessionManager` — consumers don't set this
+     * directly. When present, adapters must forward it. When absent, the
+     * server will treat the request as anonymous.
+     */
+    jwt?: string;
+    /**
+     * Per-operation abort signal injected by the manager. Adapters should
+     * forward this to `fetch(url, { signal: ctx.signal })`. Aborts fire on
+     * `reset()`, `destroy()`, and when a newer read supersedes an older one.
+     */
+    signal?: AbortSignal;
     /** Additional context properties for adapter-specific needs. */
     [key: string]: unknown;
 }