@mindfulauth/core 2.0.0-beta.2 → 2.0.0-beta.4

package/dist/config.d.ts

@@ -1,32 +1,22 @@
-export declare const CENTRAL_AUTH_ORIGIN = "https://dev-api.mindfulauth.com";
-export declare const CDN_ORIGIN = "https://dev-cdn.mindfulauth.com";
+export declare const CENTRAL_AUTH_ORIGIN = "https://api.mindfulauth.com";
+export declare const CDN_ORIGIN = "https://cdn.mindfulauth.com";
 export declare const ALLOWED_AUTH_METHODS: string[];
 export declare const MAX_BODY_SIZE_BYTES = 1048576;
 export declare const AUTH_PROXY_TIMEOUT_MS = 15000;
 export declare const SESSION_VALIDATION_TIMEOUT_MS = 10000;
 /**
  * Returns the combined list of assets to skip session validation for.
- * Merges defaults with any custom assets configured via mauthSecurityConfig().
+ * Merges defaults with any custom assets configured via mauthSecurityConfig() in astro.config.mjs.
  */
 export declare function GET_SKIP_ASSETS(): string[];
-export declare const PUBLIC_ROUTES: string[];
-export declare const PUBLIC_PREFIXES: string[];
 /**
- * Configure Mindful Auth security settings including CSP sources and static
- * assets to skip. Returns the options to be passed to getMauthViteDefines().
- *
- * Call in astro.config.mjs and pass the result to vite.define:
+ * Configure Mindful Auth security settings including custom skip assets.
+ * Call in astro.config.mjs and pass the result to getMauthViteDefines().
  *
  * @example
  * // astro.config.mjs
  * const mauthCfg = mauthSecurityConfig({
- *   skipAssets: ['/sitemap.xml', '/manifest.webmanifest'],
- *   csp: {
- *     scriptSources: ['https://analytics.example.com'],
- *     connectSources: ['https://api.example.com'],
- *     frameSources: ['https://stripe.com'],
- *     fontSources: ['https://fonts.googleapis.com']
- *   }
+ *   skipAssets: ['/sitemap.xml', '/manifest.webmanifest']
  * });
  *
  * export default defineConfig({
@@ -35,12 +25,6 @@ export declare const PUBLIC_PREFIXES: string[];
  */
 export declare function mauthSecurityConfig(options?: {
     skipAssets?: string[];
-    csp?: {
-        scriptSources?: string[];
-        connectSources?: string[];
-        frameSources?: string[];
-        fontSources?: string[];
-    };
 }): typeof options;
 /**
  * Converts the result of mauthSecurityConfig() into Vite define entries.
@@ -49,16 +33,17 @@ export declare function mauthSecurityConfig(options?: {
  */
 export declare function getMauthViteDefines(options?: {
     skipAssets?: string[];
-    csp?: {
-        scriptSources?: string[];
-        connectSources?: string[];
-        frameSources?: string[];
-        fontSources?: string[];
-    };
 }): Record<string, string>;
+export declare const PUBLIC_ROUTES: string[];
+export declare const PUBLIC_PREFIXES: string[];
 /**
- * Get security headers with CSP sources merged from defaults and build-time
- * custom values injected via vite.define (from getMauthViteDefines()).
+ * Returns security headers to be added to every SSR response.
+ * CSP (Content-Security-Policy) for script-src and style-src is handled by
+ * Astro 6's native security.csp in astro.config.mjs using hashes.
+ * The remaining headers here cover transport security, framing, and permissions.
+ *
+ * Note: X-Frame-Options: SAMEORIGIN covers clickjacking protection
+ * (equivalent to CSP frame-ancestors 'self', which cannot be set via meta tag).
  */
-export declare function GET_SECURITY_HEADERS(nonce?: string): Record<string, string>;
+export declare function GET_SECURITY_HEADERS(): Record<string, string>;
 //# sourceMappingURL=config.d.ts.map

package/dist/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,mBAAmB,oCAAoC,CAAC;AACrE,eAAO,MAAM,UAAU,oCAAoC,CAAC;AAG5D,eAAO,MAAM,oBAAoB,UAAkB,CAAC;AACpD,eAAO,MAAM,mBAAmB,UAAU,CAAC;AAC3C,eAAO,MAAM,qBAAqB,QAAQ,CAAC;AAC3C,eAAO,MAAM,6BAA6B,QAAQ,CAAC;AAenD;;;GAGG;AACH,wBAAgB,eAAe,IAAI,MAAM,EAAE,CAE1C;AAID,eAAO,MAAM,aAAa,UAQzB,CAAC;AAIF,eAAO,MAAM,eAAe,UAO3B,CAAC;AA0CF;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,CAAC,EAAE;IAC1C,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,GAAG,CAAC,EAAE;QACF,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;QACzB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;QAC1B,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;QACxB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;KAC1B,CAAC;CACL,GAAG,OAAO,OAAO,CAEjB;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,CAAC,EAAE;IAC1C,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,GAAG,CAAC,EAAE;QACF,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;QACzB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;QAC1B,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;QACxB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;KAC1B,CAAC;CACL,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAQzB;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAiD3E"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,mBAAmB,gCAAgC,CAAC;AACjE,eAAO,MAAM,UAAU,gCAAgC,CAAC;AAGxD,eAAO,MAAM,oBAAoB,UAAkB,CAAC;AACpD,eAAO,MAAM,mBAAmB,UAAU,CAAC;AAC3C,eAAO,MAAM,qBAAqB,QAAQ,CAAC;AAC3C,eAAO,MAAM,6BAA6B,QAAQ,CAAC;AAenD;;;GAGG;AACH,wBAAgB,eAAe,IAAI,MAAM,EAAE,CAE1C;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,CAAC,EAAE;IAC1C,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB,GAAG,OAAO,OAAO,CAEjB;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,CAAC,EAAE;IAC1C,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAIzB;AAID,eAAO,MAAM,aAAa,UAQzB,CAAC;AAIF,eAAO,MAAM,eAAe,UAO3B,CAAC;AAMF;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAQ7D"}

package/dist/config.js

@@ -2,8 +2,8 @@
 // Configuration for the Astro Portal
 // ============================================================================
 // API Endpoints
-export const CENTRAL_AUTH_ORIGIN = 'https://dev-api.mindfulauth.com';
-export const CDN_ORIGIN = 'https://dev-cdn.mindfulauth.com';
+export const CENTRAL_AUTH_ORIGIN = 'https://api.mindfulauth.com';
+export const CDN_ORIGIN = 'https://cdn.mindfulauth.com';
 // Request & Timeout Configuration
 export const ALLOWED_AUTH_METHODS = ['GET', 'POST'];
 export const MAX_BODY_SIZE_BYTES = 1048576; // 1MB limit
@@ -15,81 +15,23 @@ export const SESSION_VALIDATION_TIMEOUT_MS = 10000;
 // Static assets to skip session validation (favicon, robots.txt, etc.)
 // SECURITY CRITICAL: Only add actual static file requests here.
 // Examples of safe entries: /favicon.ico, /robots.txt, /sitemap.xml
-// NEVER add application routes like /dashboard, /profile, /secure/* - this COMPLETELY bypasses authentication. If you add a route here, unauthenticated users can access it without logging in.
+// NEVER add application routes like [memberid]/dashboard,  [memberid]/profile,  [memberid]/secure/* - this COMPLETELY bypasses authentication. If you add a route here, unauthenticated users can access it without logging in.
 const DEFAULT_SKIP_ASSETS = ['/favicon.ico', '/robots.txt', '/.well-known/security.txt'];
 /**
  * Returns the combined list of assets to skip session validation for.
- * Merges defaults with any custom assets configured via mauthSecurityConfig().
+ * Merges defaults with any custom assets configured via mauthSecurityConfig() in astro.config.mjs.
  */
 export function GET_SKIP_ASSETS() {
     return [...DEFAULT_SKIP_ASSETS, ...__MAUTH_SKIP_ASSETS__];
 }
-// Public routes that do not require authentication
-// ⚠️ DO NOT EDIT - These are critical for the authentication system to work correctly
-export const PUBLIC_ROUTES = [
-    '/',
-    '/login',
-    '/register',
-    '/magic-login',
-    '/magic-register',
-    '/forgot-password',
-    '/resend-verification',
-];
-// Dynamic public routes (prefix matching)
-// ⚠️ DO NOT EDIT - These are critical for the authentication system to work correctly
-export const PUBLIC_PREFIXES = [
-    '/auth/',
-    '/email-verified/',
-    '/reset-password/',
-    '/verify-email/',
-    '/verify-magic-link/',
-    '/api/public/',
-];
-// ============================================================================
-// Security Headers & CSP Configuration
-// ============================================================================
-// Default allowed script sources for CSP
-// ⚠️ IMPORTANT: Do not remove these domains - they are critical for authentication:
-// Removing these will break authentication and user will be unable to log in.
-const DEFAULT_SCRIPT_SOURCES = [
-    "'self'",
-    'https://*.cloudflare.com',
-    'https://*.cloudflareinsights.com',
-    'https://dev-cdn.mindfulauth.com',
-    'https://dev-api.mindfulauth.com'
-];
-// Default allowed connection sources for CSP
-const DEFAULT_CONNECT_SOURCES = [
-    "'self'",
-    'https://*.cloudflare.com',
-    'https://dev-api.mindfulauth.com'
-];
-// Default allowed frame sources for CSP
-const DEFAULT_FRAME_SOURCES = [
-    "'self'",
-    'https://*.cloudflare.com'
-];
-// Default allowed font sources for CSP
-const DEFAULT_FONT_SOURCES = [
-    "'self'",
-    'data:'
-];
 /**
- * Configure Mindful Auth security settings including CSP sources and static
- * assets to skip. Returns the options to be passed to getMauthViteDefines().
- *
- * Call in astro.config.mjs and pass the result to vite.define:
+ * Configure Mindful Auth security settings including custom skip assets.
+ * Call in astro.config.mjs and pass the result to getMauthViteDefines().
  *
  * @example
  * // astro.config.mjs
  * const mauthCfg = mauthSecurityConfig({
- *   skipAssets: ['/sitemap.xml', '/manifest.webmanifest'],
- *   csp: {
- *     scriptSources: ['https://analytics.example.com'],
- *     connectSources: ['https://api.example.com'],
- *     frameSources: ['https://stripe.com'],
- *     fontSources: ['https://fonts.googleapis.com']
- *   }
+ *   skipAssets: ['/sitemap.xml', '/manifest.webmanifest']
  * });
  *
  * export default defineConfig({
@@ -107,54 +49,47 @@ export function mauthSecurityConfig(options) {
 export function getMauthViteDefines(options) {
     return {
         __MAUTH_SKIP_ASSETS__: JSON.stringify(options?.skipAssets ?? []),
-        __MAUTH_SCRIPT_SOURCES__: JSON.stringify(options?.csp?.scriptSources ?? []),
-        __MAUTH_CONNECT_SOURCES__: JSON.stringify(options?.csp?.connectSources ?? []),
-        __MAUTH_FRAME_SOURCES__: JSON.stringify(options?.csp?.frameSources ?? []),
-        __MAUTH_FONT_SOURCES__: JSON.stringify(options?.csp?.fontSources ?? []),
     };
 }
+// Public routes that do not require authentication
+// ⚠️ DO NOT EDIT - These are critical for the authentication system to work correctly
+export const PUBLIC_ROUTES = [
+    '/',
+    '/login',
+    '/register',
+    '/magic-login',
+    '/magic-register',
+    '/forgot-password',
+    '/resend-verification',
+];
+// Dynamic public routes (prefix matching)
+// ⚠️ DO NOT EDIT - These are critical for the authentication system to work correctly
+export const PUBLIC_PREFIXES = [
+    '/auth/',
+    '/email-verified/',
+    '/reset-password/',
+    '/verify-email/',
+    '/verify-magic-link/',
+    '/api/public/',
+];
+// ============================================================================
+// Security Headers
+// ============================================================================
 /**
- * Get security headers with CSP sources merged from defaults and build-time
- * custom values injected via vite.define (from getMauthViteDefines()).
+ * Returns security headers to be added to every SSR response.
+ * CSP (Content-Security-Policy) for script-src and style-src is handled by
+ * Astro 6's native security.csp in astro.config.mjs using hashes.
+ * The remaining headers here cover transport security, framing, and permissions.
+ *
+ * Note: X-Frame-Options: SAMEORIGIN covers clickjacking protection
+ * (equivalent to CSP frame-ancestors 'self', which cannot be set via meta tag).
  */
-export function GET_SECURITY_HEADERS(nonce) {
-    // Custom sources are baked in at build time via vite.define
-    const SCRIPT_SOURCES = [
-        ...DEFAULT_SCRIPT_SOURCES,
-        ...__MAUTH_SCRIPT_SOURCES__,
-        ...(nonce ? [`'nonce-${nonce}'`] : []),
-    ];
-    const CONNECT_SOURCES = [...DEFAULT_CONNECT_SOURCES, ...__MAUTH_CONNECT_SOURCES__];
-    const FRAME_SOURCES = [...DEFAULT_FRAME_SOURCES, ...__MAUTH_FRAME_SOURCES__];
-    const FONT_SOURCES = [...DEFAULT_FONT_SOURCES, ...__MAUTH_FONT_SOURCES__];
+export function GET_SECURITY_HEADERS() {
     return {
         'X-Content-Type-Options': 'nosniff',
         'X-Frame-Options': 'SAMEORIGIN',
         'Referrer-Policy': 'strict-origin-when-cross-origin',
         'Strict-Transport-Security': 'max-age=31536000; includeSubDomains',
         'Permissions-Policy': 'geolocation=(), microphone=(), camera=()',
-        'Content-Security-Policy': [
-            // Default policy
-            "default-src 'self'",
-            // Scripts
-            `script-src ${SCRIPT_SOURCES.join(' ')}`,
-            // Styles
-            "style-src 'self' 'unsafe-inline'",
-            // Images
-            "img-src 'self' data: https:",
-            // Connections
-            `connect-src ${CONNECT_SOURCES.join(' ')}`,
-            // Frames
-            `frame-src ${FRAME_SOURCES.join(' ')}`,
-            // Fonts
-            `font-src ${FONT_SOURCES.join(' ')}`,
-            // Disallow object/embed tags (Flash, Java, etc.)
-            "object-src 'none'",
-            // Security directives
-            "base-uri 'self'",
-            "form-action 'self'",
-            "upgrade-insecure-requests",
-            "block-all-mixed-content"
-        ].join('; ')
     };
 }

package/dist/middleware.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AAoCA,eAAO,MAAM,SAAS,mCAuEpB,CAAC"}
+{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AAqCA,eAAO,MAAM,SAAS,mCAqFpB,CAAC"}

package/dist/middleware.js

@@ -8,19 +8,20 @@
 import { defineMiddleware } from 'astro:middleware';
 import { env } from 'cloudflare:workers';
 import { PUBLIC_ROUTES, PUBLIC_PREFIXES, GET_SECURITY_HEADERS, GET_SKIP_ASSETS } from './config';
-import { sanitizePath, generateNonce } from './security';
+import { sanitizePath } from './security';
 import { validateSession, validateMemberIdInUrl } from './auth';
 /** Check if a path is a public route (no auth required) */
 function isPublicRoute(pathname) {
     return PUBLIC_ROUTES.includes(pathname) ||
-        PUBLIC_PREFIXES.some(prefix => pathname.startsWith(prefix));
+        PUBLIC_PREFIXES.some((prefix) => pathname.startsWith(prefix));
 }
 /** Add security headers to a response */
 // NOTE: In Cloudflare Workers, Response.headers is immutable.
 // We must create a new Response with a fresh Headers object instead of mutating.
-function addSecurityHeaders(response, nonce) {
+// CSP for script-src/style-src is handled by Astro 6's native security.csp (via <meta> tag).
+function addSecurityHeaders(response) {
     const newHeaders = new Headers(response.headers);
-    Object.entries(GET_SECURITY_HEADERS(nonce)).forEach(([key, value]) => {
+    Object.entries(GET_SECURITY_HEADERS()).forEach(([key, value]) => {
         newHeaders.set(key, value);
     });
     return new Response(response.body, {
@@ -33,10 +34,11 @@ function addSecurityHeaders(response, nonce) {
 export const onRequest = defineMiddleware(async (context, next) => {
     const { request, url, redirect, locals } = context;
     const pathname = url.pathname;
-    // Generate a per-request nonce for CSP. Exposed as locals.cspNonce so
-    // layouts can add nonce={Astro.locals.cspNonce} to inline <script> tags.
-    const nonce = generateNonce();
-    locals.cspNonce = nonce;
+    // Redirect HTTP to HTTPS (skip in dev mode and localhost)
+    if (!import.meta.env.DEV && url.protocol === 'http:' && url.hostname !== 'localhost' && url.hostname !== '127.0.0.1') {
+        const httpsUrl = url.toString().replace('http://', 'https://');
+        return redirect(httpsUrl, 307);
+    }
     // Skip middleware for static assets FIRST (before dev mode)
     if (GET_SKIP_ASSETS().includes(pathname)) {
         return next();
@@ -58,6 +60,18 @@ export const onRequest = defineMiddleware(async (context, next) => {
         locals.recordId = match ? match[1] : 'dev-user-123';
         return next();
     }
+    // PREVIEW MODE: Skip auth (for testing without Mindful Auth on localhost)
+    // npm run preview builds the project first, so import.meta.env.DEV is false.
+    // We need a runtime check for localhost to simulate auth in preview.
+    if (url.hostname === 'localhost' || url.hostname === '127.0.0.1') {
+        if (isPublicRoute(pathname)) {
+            locals.recordId = null;
+            return addSecurityHeaders(await next());
+        }
+        const match = pathname.match(/^\/([a-zA-Z0-9-]+)(?:\/|$)/);
+        locals.recordId = match ? match[1] : 'preview-user-123';
+        return addSecurityHeaders(await next());
+    }
     // Sanitize path
     const safePath = sanitizePath(pathname);
     if (!safePath) {
@@ -66,7 +80,7 @@ export const onRequest = defineMiddleware(async (context, next) => {
     // Public routes - no auth needed
     if (isPublicRoute(safePath)) {
         locals.recordId = null;
-        return addSecurityHeaders(await next(), nonce);
+        return addSecurityHeaders(await next());
     }
     // Protected route - validate session
     // ASTRO 6 CHANGE: Environment variables are accessed directly from 'cloudflare:workers' env,
@@ -90,5 +104,5 @@ export const onRequest = defineMiddleware(async (context, next) => {
         return new Response('Forbidden: Invalid user ID in URL', { status: 403 });
     }
     locals.recordId = session.recordId;
-    return addSecurityHeaders(await next(), nonce);
+    return addSecurityHeaders(await next());
 });

package/dist/security.d.ts

@@ -1,9 +1,3 @@
-/**
- * Generate a cryptographically secure random nonce for use in CSP headers.
- * The same nonce must be added as a `nonce` attribute on every inline <script>
- * tag so the browser allows it to execute.
- */
-export declare function generateNonce(): string;
 /** Sanitize endpoint path (prevents ../ traversal and encoded variants) */
 export declare function sanitizeEndpoint(endpoint: string): string | null;
 /** Sanitize URL path (prevents ../ traversal and encoded variants) */

package/dist/security.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../src/security.ts"],"names":[],"mappings":"AAIA;;;;GAIG;AACH,wBAAgB,aAAa,IAAI,MAAM,CAItC;AAgBD,2EAA2E;AAC3E,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAIhE;AAED,sEAAsE;AACtE,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAI5D"}
+{"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../src/security.ts"],"names":[],"mappings":"AAkBA,2EAA2E;AAC3E,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAIhE;AAED,sEAAsE;AACtE,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAI5D"}

package/dist/security.js

@@ -1,15 +1,5 @@
-// Security utilities - path traversal prevention, nonce generation
+// Security utilities - path traversal prevention
 const MAX_PATH_LENGTH = 2048;
-/**
- * Generate a cryptographically secure random nonce for use in CSP headers.
- * The same nonce must be added as a `nonce` attribute on every inline <script>
- * tag so the browser allows it to execute.
- */
-export function generateNonce() {
-    const bytes = new Uint8Array(16);
-    crypto.getRandomValues(bytes);
-    return btoa(String.fromCharCode(...bytes));
-}
 /** Decode and check for traversal attacks */
 function decodeAndValidate(str) {
     if (!str || typeof str !== 'string' || str.length > MAX_PATH_LENGTH)

package/dist/types.d.ts

@@ -1,7 +1,6 @@
 import type { MiddlewareHandler } from 'astro';
 export interface MindfulAuthLocals {
     recordId: string | null;
-    cspNonce: string;
     runtime?: {
         env?: {
             INTERNAL_API_KEY?: string;

package/dist/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,OAAO,CAAC;AAG/C,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE;QACR,GAAG,CAAC,EAAE;YACJ,gBAAgB,CAAC,EAAE,MAAM,CAAC;SAC3B,CAAC;KACH,CAAC;CACH;AAGD,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,GAAG,CAAC;QACZ,UAAU,MAAO,SAAQ,iBAAiB;SAAG;KAC9C;CACF;AAED,MAAM,WAAW,uBAAuB;IACtC,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,MAAM,qBAAqB,GAAG,iBAAiB,CAAC"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,OAAO,CAAC;AAG/C,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,OAAO,CAAC,EAAE;QACR,GAAG,CAAC,EAAE;YACJ,gBAAgB,CAAC,EAAE,MAAM,CAAC;SAC3B,CAAC;KACH,CAAC;CACH;AAGD,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,GAAG,CAAC;QACZ,UAAU,MAAO,SAAQ,iBAAiB;SAAG;KAC9C;CACF;AAED,MAAM,WAAW,uBAAuB;IACtC,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,MAAM,qBAAqB,GAAG,iBAAiB,CAAC"}

package/dist/types.js

@@ -1,3 +1,2 @@
 // Type definitions for Mindful Auth
-/// <reference types="@cloudflare/workers-types" />
 export {};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mindfulauth/core",
-  "version": "2.0.0-beta.2",
+  "version": "2.0.0-beta.4",
   "description": "Mindful Auth core authentication library for Astro 6",
   "type": "module",
   "main": "./dist/index.js",
@@ -45,8 +45,8 @@
     "astro": "^6.0.0-beta.14"
   },
   "devDependencies": {
-    "@cloudflare/workers-types": "^4.20260303.0",
-    "astro": "^6.0.0-beta.14",
+    "@cloudflare/workers-types": "^4.20260304.0",
+    "astro": "^6.0.0-beta.15",
     "typescript": "^5.9.3"
   }
 }