@mindfulauth/core 2.0.0-beta.9 → 2.0.1

package/dist/core/auth-handler.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth-handler.d.ts","sourceRoot":"","sources":["../../src/core/auth-handler.ts"],"names":[],"mappings":"AAwEA,2EAA2E;AAC3E,wBAAsB,aAAa,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CA6BpH;AAED,gEAAgE;AAChE,wBAAsB,cAAc,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAyDrH"}
+{"version":3,"file":"auth-handler.d.ts","sourceRoot":"","sources":["../../src/core/auth-handler.ts"],"names":[],"mappings":"AAoEA,2EAA2E;AAC3E,wBAAsB,aAAa,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CA6BpH;AAED,gEAAgE;AAChE,wBAAsB,cAAc,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAyDrH"}

package/dist/core/auth-handler.js

@@ -1,12 +1,8 @@
 // Auth proxy handler for Mindful Auth
 // Forwards authentication requests to the central Mindful Auth service
-//
-// ASTRO 6 MIGRATION:
-// - Astro v6 removed context.locals.runtime.env. Env vars now import from 'cloudflare:workers'.
-// - Note: @cloudflare/workers-types must be installed and referenced in env.d.ts.
 import { env } from 'cloudflare:workers';
-import { CENTRAL_AUTH_ORIGIN, ALLOWED_AUTH_METHODS, MAX_BODY_SIZE_BYTES, AUTH_PROXY_TIMEOUT_MS } from './config';
-import { sanitizeEndpoint } from './security';
+import { CENTRAL_AUTH_ORIGIN, ALLOWED_AUTH_METHODS, MAX_BODY_SIZE_BYTES, AUTH_PROXY_TIMEOUT_MS } from './config.js';
+import { sanitizeEndpoint } from './security.js';
 const JSON_HEADERS = { 'Content-Type': 'application/json' };
 const jsonError = (error, status) => new Response(JSON.stringify({ error }), { status, headers: JSON_HEADERS });
 /** Build proxy headers from incoming request */

package/dist/core/auth.d.ts

@@ -1,4 +1,4 @@
-import type { SessionValidationResult } from './types';
+import type { SessionValidationResult } from './types.js';
 /** Validate session with Mindful Auth central service */
 export declare function validateSession(request: Request, tenantDomain: string, pathname: string, internalApiKey: string): Promise<SessionValidationResult>;
 /** Validate memberid in URL matches session (or just check structure if sessionRecordId is null) */

package/dist/core/auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/core/auth.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,SAAS,CAAC;AAEvD,yDAAyD;AACzD,wBAAsB,eAAe,CACjC,OAAO,EAAE,OAAO,EAChB,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAE,MAAM,EAChB,cAAc,EAAE,MAAM,GACvB,OAAO,CAAC,uBAAuB,CAAC,CAsClC;AAED,oGAAoG;AACpG,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,GAAG,IAAI,GAAG;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,gBAAgB,CAAC,EAAE,MAAM,CAAA;CAAE,CAerI"}
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/core/auth.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAE1D,yDAAyD;AACzD,wBAAsB,eAAe,CACjC,OAAO,EAAE,OAAO,EAChB,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAE,MAAM,EAChB,cAAc,EAAE,MAAM,GACvB,OAAO,CAAC,uBAAuB,CAAC,CAsClC;AAED,oGAAoG;AACpG,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,GAAG,IAAI,GAAG;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,gBAAgB,CAAC,EAAE,MAAM,CAAA;CAAE,CAerI"}

package/dist/core/auth.js

@@ -1,5 +1,5 @@
 // Authentication and session validation for Mindful Auth
-import { CENTRAL_AUTH_ORIGIN, SESSION_VALIDATION_TIMEOUT_MS } from './config';
+import { CENTRAL_AUTH_ORIGIN, SESSION_VALIDATION_TIMEOUT_MS } from './config.js';
 /** Validate session with Mindful Auth central service */
 export async function validateSession(request, tenantDomain, pathname, internalApiKey) {
     const sessionId = request.headers.get('Cookie')?.match(/session_id=([^;]+)/)?.[1];

package/dist/core/config.d.ts

@@ -41,8 +41,7 @@ export declare const PUBLIC_PREFIXES: string[];
  * Astro 6's native security.csp in astro.config.mjs using hashes.
  * The remaining headers here cover transport security, framing, and permissions.
  *
- * Note: X-Frame-Options: SAMEORIGIN covers clickjacking protection
- * (equivalent to CSP frame-ancestors 'self', which cannot be set via meta tag).
+ * Note: X-Frame-Options: DENY prevents this portal from being embedded in iframes on any domain, protecting against clickjacking attacks.
  */
 export declare function GET_SECURITY_HEADERS(): Record<string, string>;
 //# sourceMappingURL=config.d.ts.map

package/dist/core/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/core/config.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,mBAAmB,gCAAgC,CAAC;AAGjE,eAAO,MAAM,oBAAoB,UAAkB,CAAC;AACpD,eAAO,MAAM,mBAAmB,UAAU,CAAC;AAC3C,eAAO,MAAM,qBAAqB,QAAQ,CAAC;AAC3C,eAAO,MAAM,6BAA6B,QAAQ,CAAC;AAenD;;;GAGG;AACH,wBAAgB,eAAe,IAAI,MAAM,EAAE,CAE1C;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,CAAC,EAAE;IAC1C,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB,GAAG,OAAO,OAAO,CAEjB;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,CAAC,EAAE;IAC1C,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAIzB;AAID,eAAO,MAAM,aAAa,UAQzB,CAAC;AAIF,eAAO,MAAM,eAAe,UAO3B,CAAC;AAMF;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAQ7D"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/core/config.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,mBAAmB,gCAAgC,CAAC;AAGjE,eAAO,MAAM,oBAAoB,UAAkB,CAAC;AACpD,eAAO,MAAM,mBAAmB,UAAU,CAAC;AAC3C,eAAO,MAAM,qBAAqB,QAAQ,CAAC;AAC3C,eAAO,MAAM,6BAA6B,QAAQ,CAAC;AAenD;;;GAGG;AACH,wBAAgB,eAAe,IAAI,MAAM,EAAE,CAE1C;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,CAAC,EAAE;IAC1C,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB,GAAG,OAAO,OAAO,CAEjB;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,CAAC,EAAE;IAC1C,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAIzB;AAID,eAAO,MAAM,aAAa,UAQzB,CAAC;AAIF,eAAO,MAAM,eAAe,UAO3B,CAAC;AAMF;;;;;;;GAOG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAU7D"}

package/dist/core/config.js

@@ -80,15 +80,16 @@ export const PUBLIC_PREFIXES = [
  * Astro 6's native security.csp in astro.config.mjs using hashes.
  * The remaining headers here cover transport security, framing, and permissions.
  *
- * Note: X-Frame-Options: SAMEORIGIN covers clickjacking protection
- * (equivalent to CSP frame-ancestors 'self', which cannot be set via meta tag).
+ * Note: X-Frame-Options: DENY prevents this portal from being embedded in iframes on any domain, protecting against clickjacking attacks.
  */
 export function GET_SECURITY_HEADERS() {
     return {
         'X-Content-Type-Options': 'nosniff',
-        'X-Frame-Options': 'SAMEORIGIN',
+        'X-Frame-Options': 'DENY',
         'Referrer-Policy': 'strict-origin-when-cross-origin',
-        'Strict-Transport-Security': 'max-age=31536000; includeSubDomains',
-        'Permissions-Policy': 'geolocation=(), microphone=(), camera=()',
+        'Strict-Transport-Security': 'max-age=31536000; includeSubDomains; preload',
+        'Permissions-Policy': 'geolocation=(), microphone=(), camera=(), payment=(), usb=(), magnetometer=(), gyroscope=(), accelerometer=()',
+        'Cross-Origin-Opener-Policy': 'same-origin',
+        'Cross-Origin-Resource-Policy': 'same-origin',
     };
 }

package/dist/core/index.d.ts

@@ -1,8 +1,6 @@
-export * from './types';
-export * from './config';
-export * from './auth';
-export * from './auth-handler';
-export * from './security';
-export * from './middleware';
-export * from './csp';
+export * from './types.js';
+export * from './config.js';
+export * from './auth.js';
+export * from './security.js';
+export * from './csp.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/core/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAGA,cAAc,SAAS,CAAC;AAGxB,cAAc,UAAU,CAAC;AAGzB,cAAc,QAAQ,CAAC;AAGvB,cAAc,gBAAgB,CAAC;AAG/B,cAAc,YAAY,CAAC;AAG3B,cAAc,cAAc,CAAC;AAG7B,cAAc,OAAO,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAGA,cAAc,YAAY,CAAC;AAG3B,cAAc,aAAa,CAAC;AAG5B,cAAc,WAAW,CAAC;AAM1B,cAAc,eAAe,CAAC;AAQ9B,cAAc,UAAU,CAAC"}

package/dist/core/index.js

@@ -1,15 +1,17 @@
 // Mindful Auth Core - Main exports
 // Types
-export * from './types';
+export * from './types.js';
 // Configuration
-export * from './config';
+export * from './config.js';
 // Authentication
-export * from './auth';
-// Auth handler for API routes
-export * from './auth-handler';
+export * from './auth.js';
+// Auth handler for API routes — NOT re-exported here.
+// auth-handler.ts imports 'cloudflare:workers' which is only available at runtime (SSR), not at config-load time. Import it directly where needed: import { handleAuthProxy } from './auth-handler.js';
 // Security utilities
-export * from './security';
-// Middleware  
-export * from './middleware';
+export * from './security.js';
+// Middleware — NOT re-exported here.
+// middleware.ts imports 'astro:middleware' and 'cloudflare:workers' which are
+// only available at runtime (SSR), not at config-load time.
+// Import it directly: import { onRequest } from './middleware.js';
 // Build-time CSP utilities
-export * from './csp';
+export * from './csp.js';

package/dist/core/middleware.js

@@ -7,9 +7,9 @@
 // - Dev mode bypass uses import.meta.env.DEV (build-time constant: true in dev, false in prod).
 import { defineMiddleware } from 'astro:middleware';
 import { env } from 'cloudflare:workers';
-import { PUBLIC_ROUTES, PUBLIC_PREFIXES, GET_SECURITY_HEADERS, GET_SKIP_ASSETS } from './config';
-import { sanitizePath } from './security';
-import { validateSession, validateMemberIdInUrl } from './auth';
+import { PUBLIC_ROUTES, PUBLIC_PREFIXES, GET_SECURITY_HEADERS, GET_SKIP_ASSETS } from './config.js';
+import { sanitizePath } from './security.js';
+import { validateSession, validateMemberIdInUrl } from './auth.js';
 /** Check if a path is a public route (no auth required) */
 function isPublicRoute(pathname) {
     return PUBLIC_ROUTES.includes(pathname) ||

package/dist/core/types.d.ts

@@ -1,11 +1,6 @@
 import type { MiddlewareHandler } from 'astro';
 export interface MindfulAuthLocals {
     recordId: string | null;
-    runtime?: {
-        env?: {
-            INTERNAL_API_KEY?: string;
-        };
-    };
 }
 declare global {
     namespace App {

package/dist/core/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,OAAO,CAAC;AAG/C,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,OAAO,CAAC,EAAE;QACR,GAAG,CAAC,EAAE;YACJ,gBAAgB,CAAC,EAAE,MAAM,CAAC;SAC3B,CAAC;KACH,CAAC;CACH;AAGD,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,GAAG,CAAC;QACZ,UAAU,MAAO,SAAQ,iBAAiB;SAAG;KAC9C;CACF;AAED,MAAM,WAAW,uBAAuB;IACtC,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,MAAM,qBAAqB,GAAG,iBAAiB,CAAC"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,OAAO,CAAC;AAG/C,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB;AAGD,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,GAAG,CAAC;QACZ,UAAU,MAAO,SAAQ,iBAAiB;SAAG;KAC9C;CACF;AAED,MAAM,WAAW,uBAAuB;IACtC,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,MAAM,qBAAqB,GAAG,iBAAiB,CAAC"}

package/package.json

@@ -1,10 +1,9 @@
 {
   "name": "@mindfulauth/core",
-  "version": "2.0.0-beta.9",
+  "version": "2.0.1",
   "description": "Mindful Auth core authentication library for Astro 6",
   "type": "module",
-  "main": "./dist/core/index.js",
-  "types": "./dist/core/index.d.ts",
+  "sideEffects": false,
   "exports": {
     ".": {
       "types": "./dist/core/index.d.ts",
@@ -51,12 +50,12 @@
   "author": "Mindful Auth",
   "license": "MIT",
   "peerDependencies": {
-    "astro": "^6.0.0-beta.20"
+    "astro": "^6.0.1"
   },
   "devDependencies": {
-    "@cloudflare/workers-types": "^4.20260307.1",
-    "@types/node": "^25.3.5",
-    "astro": "^6.0.0-beta.20",
+    "@cloudflare/workers-types": "^4.20260310.1",
+    "@types/node": "^25.4.0",
+    "astro": "^6.0.1",
     "typescript": "^5.9.3"
   }
 }