npm - @nexusts/auth - Versions diffs - 0.9.6 → 0.9.8 - Mend

@nexusts/auth 0.9.6 → 0.9.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/auth.controller.d.ts +13 -11
package/dist/auth.service.d.ts +10 -5
package/dist/index.js +54 -82
package/dist/index.js.map +5 -5
package/package.json +2 -2

package/dist/auth.controller.d.ts CHANGED Viewed

@@ -23,17 +23,19 @@
  * Most of the actual logic is delegated to `auth.handler` from
  * better-auth. The controller exists to make the routes visible to
  * `nx route:list` and to add NexusTS-style DI.
+ *
+ * Uses standard decorator patterns: field injection and `ctx.req.*`
+ * methods instead of legacy `@Req()`/`@Body()`/`@Res()` parameter
+ * decorators.
  */
 import type { Context } from "hono";
-import { AuthService } from "./auth.service.js";
 export declare class AuthController {
     private readonly auth;
-    constructor(auth: AuthService);
     /**
      * GET /api/auth/session
      * Returns the current session (or null if unauthenticated).
      */
-    session(c: Context): Promise<Response & import("hono").TypedResponse<{
+    session(ctx: Context): Promise<Response & import("hono").TypedResponse<{
         user: {
             [x: string]: import("hono/utils/types").JSONValue;
             id: string;
@@ -60,34 +62,34 @@ export declare class AuthController {
      * POST /api/auth/sign-up/email
      * Body: { email, password, name, callbackURL? }
      */
-    signUpEmail(c: Context, body: any): Promise<Response & import("hono").TypedResponse<any, 201, "json">>;
+    signUpEmail(ctx: Context): Promise<Response & import("hono").TypedResponse<any, 201, "json">>;
     /**
      * POST /api/auth/sign-in/email
      * Body: { email, password, callbackURL? }
      */
-    signInEmail(c: Context, body: any): Promise<Response & import("hono").TypedResponse<any, import("hono/utils/http-status").ContentfulStatusCode, "json">>;
+    signInEmail(ctx: Context): Promise<Response & import("hono").TypedResponse<any, import("hono/utils/http-status").ContentfulStatusCode, "json">>;
     /**
      * POST /api/auth/sign-out
      */
-    signOut(c: Context, _res: Response): Promise<Response & import("hono").TypedResponse<{
+    signOut(ctx: Context): Promise<Response & import("hono").TypedResponse<{
         ok: true;
     }, import("hono/utils/http-status").ContentfulStatusCode, "json">>;
     /**
      * GET /api/auth/sign-in/:provider
      * Returns a redirect to the social provider's auth page.
      */
-    socialSignIn(c: Context, _body: never): Promise<Response & import("hono").TypedResponse<any, import("hono/utils/http-status").ContentfulStatusCode, "json">>;
+    socialSignIn(ctx: Context): Promise<Response & import("hono").TypedResponse<any, import("hono/utils/http-status").ContentfulStatusCode, "json">>;
     /**
      * GET /api/auth/callback/:provider
      * Social provider redirect target. The better-auth handler does the
      * real work; this is a passthrough for `route:list` visibility.
      */
-    oauthCallback(c: Context): Promise<Response & import("hono").TypedResponse<any, import("hono/utils/http-status").ContentfulStatusCode, "json">>;
+    oauthCallback(ctx: Context): Promise<Response & import("hono").TypedResponse<any, import("hono/utils/http-status").ContentfulStatusCode, "json">>;
     /**
      * POST /api/auth/jwt
      * Issues a JWT for the current user. Requires the JWT plugin.
      */
-    issueJwt(c: Context): Promise<(Response & import("hono").TypedResponse<{
+    issueJwt(ctx: Context): Promise<(Response & import("hono").TypedResponse<{
         error: string;
     }, 401, "json">) | (Response & import("hono").TypedResponse<{
         token: string;
@@ -97,10 +99,10 @@ export declare class AuthController {
      * POST /api/auth/passkey/register
      * Start passkey registration. Requires the passkey plugin.
      */
-    passkeyRegister(c: Context): Promise<Response & import("hono").TypedResponse<import("hono/utils/types").JSONValue, import("hono/utils/http-status").ContentfulStatusCode, "json">>;
+    passkeyRegister(ctx: Context): Promise<Response & import("hono").TypedResponse<import("hono/utils/types").JSONValue, import("hono/utils/http-status").ContentfulStatusCode, "json">>;
     /**
      * POST /api/auth/passkey/authenticate
      * Body: passkey assertion
      */
-    passkeyAuthenticate(c: Context, body: any): Promise<Response & import("hono").TypedResponse<import("hono/utils/types").JSONValue, import("hono/utils/http-status").ContentfulStatusCode, "json">>;
+    passkeyAuthenticate(ctx: Context): Promise<Response & import("hono").TypedResponse<import("hono/utils/types").JSONValue, import("hono/utils/http-status").ContentfulStatusCode, "json">>;
 }

package/dist/auth.service.d.ts CHANGED Viewed

@@ -8,23 +8,28 @@
  *   - Allows tests to swap the implementation via DI.
  *
  * Usage:
- *   constructor(@Inject(AuthService.TOKEN) private auth: AuthService) {}
+ *   @Inject(AuthService.TOKEN) declare private auth: AuthService;
  *
  *   await this.auth.signUp.email({ email, password, name });
  *   const session = await this.auth.getSession({ headers: c.req.raw.headers });
  *   return this.auth.redirect('/dashboard');  // 302
  */
-import type { AuthUser, AuthSessionRecord, AuthSession, AuthConfig } from "./types.js";
+import type { AuthUser, AuthSessionRecord, AuthSession } from "./types.js";
 import { type NexusAuth } from "./auth.js";
 import type { SessionService } from "@nexusts/session";
 export declare class AuthService {
     #private;
-    private readonly config;
     /** DI token — use with `@Inject(AuthService.TOKEN)`. */
     static readonly TOKEN: unique symbol;
+    /** Auth configuration — injected by the DI container. */
+    private readonly config;
     /** The underlying better-auth instance. */
-    readonly instance: NexusAuth;
-    constructor(config: AuthConfig);
+    private _instance;
+    /**
+     * Returns the underlying better-auth instance (lazy-initialized).
+     */
+    get instance(): NexusAuth;
+    constructor();
     /**
      * Bind a SessionService. When bound, `getSession()` consults the
      * SessionService first and falls back to better-auth. Returns `this`

package/dist/index.js CHANGED Viewed

@@ -9,7 +9,6 @@ var __legacyDecorateClassTS = function(decorators, target, key, desc) {
         r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
   return c > 3 && r && Object.defineProperty(target, key, r), r;
 };
-var __legacyDecorateParamTS = (index, decorator) => (target, key) => decorator(target, key, index);
 var __legacyMetadataTS = (k, v) => {
   if (typeof Reflect === "object" && typeof Reflect.metadata === "function")
     return Reflect.metadata(k, v);
@@ -81,14 +80,16 @@ function createAuth(config = {}) {
 // packages/auth/src/auth.service.ts
 import { Inject, Injectable } from "@nexusts/core";
 class AuthService {
-  config;
   static TOKEN = Symbol.for("nexus:AuthService");
-  instance;
-  #sessionService = null;
-  constructor(config) {
-    this.config = config;
-    this.instance = createAuth(this.config);
+  _instance = null;
+  get instance() {
+    if (!this._instance) {
+      this._instance = createAuth(this.config);
+    }
+    return this._instance;
   }
+  #sessionService = null;
+  constructor() {}
   bindSession(sessionService) {
     this.#sessionService = sessionService;
     return this;
@@ -189,12 +190,12 @@ class AuthService {
     return { user: session.user, session: session.session };
   }
 }
+__legacyDecorateClassTS([
+  Inject("AUTH_CONFIG")
+], AuthService.prototype, "config", undefined);
 AuthService = __legacyDecorateClassTS([
   Injectable(),
-  __legacyDecorateParamTS(0, Inject("AUTH_CONFIG")),
-  __legacyMetadataTS("design:paramtypes", [
-    typeof AuthConfig === "undefined" ? Object : AuthConfig
-  ])
+  __legacyMetadataTS("design:paramtypes", [])
 ], AuthService);
 function parseCookie(cookieHeader, name) {
   if (!cookieHeader)
@@ -212,77 +213,70 @@ function parseCookie(cookieHeader, name) {
   return null;
 }
 // packages/auth/src/auth.controller.ts
-import {
-  Body,
-  Controller,
-  Get,
-  Inject as Inject2,
-  Post,
-  Req,
-  Res
-} from "@nexusts/core";
+import { Controller, Get, Inject as Inject2, Post } from "@nexusts/core";
 class AuthController {
-  auth;
-  constructor(auth) {
-    this.auth = auth;
-  }
-  async session(c) {
+  async session(ctx) {
     const session = await this.auth.getSession({
-      headers: c.req.raw.headers
+      headers: ctx.req.raw.headers
     });
-    return c.json(session ?? { user: null, session: null });
+    return ctx.json(session ?? { user: null, session: null });
   }
-  async signUpEmail(c, body) {
+  async signUpEmail(ctx) {
+    const body = await ctx.req.json();
     const result = await this.auth.signUp(body);
-    return c.json(result, 201);
+    return ctx.json(result, 201);
   }
-  async signInEmail(c, body) {
+  async signInEmail(ctx) {
+    const body = await ctx.req.json();
     const result = await this.auth.signIn(body);
-    return c.json(result);
+    return ctx.json(result);
   }
-  async signOut(c, _res) {
-    await this.auth.signOut({ headers: c.req.raw.headers });
-    return c.json({ ok: true });
+  async signOut(ctx) {
+    await this.auth.signOut({ headers: ctx.req.raw.headers });
+    return ctx.json({ ok: true });
   }
-  async socialSignIn(c, _body) {
-    const provider = c.req.param("provider") ?? "";
-    const callbackURL = c.req.query("callbackURL") ?? "/";
+  async socialSignIn(ctx) {
+    const provider = ctx.req.param("provider") ?? "";
+    const callbackURL = ctx.req.query("callbackURL") ?? "/";
     const result = await this.auth.getOAuthUrl({ provider, callbackURL });
-    return c.json(result);
+    return ctx.json(result);
   }
-  async oauthCallback(c) {
+  async oauthCallback(ctx) {
     const result = await this.auth.handleOAuthCallback({
-      headers: c.req.raw.headers,
-      query: c.req.query()
+      headers: ctx.req.raw.headers,
+      query: ctx.req.query()
     });
-    return c.json(result);
+    return ctx.json(result);
   }
-  async issueJwt(c) {
+  async issueJwt(ctx) {
     const session = await this.auth.getSession({
-      headers: c.req.raw.headers
+      headers: ctx.req.raw.headers
     });
     if (!session)
-      return c.json({ error: "Unauthorized" }, 401);
+      return ctx.json({ error: "Unauthorized" }, 401);
     const token = await this.auth.issueJwt({ userId: session.user.id });
-    return c.json(token);
+    return ctx.json(token);
   }
-  async passkeyRegister(c) {
+  async passkeyRegister(ctx) {
     const result = await this.auth.registerPasskey({
-      headers: c.req.raw.headers
+      headers: ctx.req.raw.headers
     });
-    return c.json(result);
+    return ctx.json(result);
   }
-  async passkeyAuthenticate(c, body) {
+  async passkeyAuthenticate(ctx) {
+    const body = await ctx.req.json();
     const result = await this.auth.authenticatePasskey({
-      headers: c.req.raw.headers,
+      headers: ctx.req.raw.headers,
       body
     });
-    return c.json(result);
+    return ctx.json(result);
   }
 }
+__legacyDecorateClassTS([
+  Inject2(AuthService.TOKEN)
+], AuthController.prototype, "auth", undefined);
 __legacyDecorateClassTS([
   Get("/session"),
-  __legacyDecorateParamTS(0, Req()),
   __legacyMetadataTS("design:type", Function),
   __legacyMetadataTS("design:paramtypes", [
     typeof Context === "undefined" ? Object : Context
@@ -291,51 +285,38 @@ __legacyDecorateClassTS([
 ], AuthController.prototype, "session", null);
 __legacyDecorateClassTS([
   Post("/sign-up/email"),
-  __legacyDecorateParamTS(0, Req()),
-  __legacyDecorateParamTS(1, Body()),
   __legacyMetadataTS("design:type", Function),
   __legacyMetadataTS("design:paramtypes", [
-    typeof Context === "undefined" ? Object : Context,
-    Object
+    typeof Context === "undefined" ? Object : Context
   ]),
   __legacyMetadataTS("design:returntype", Promise)
 ], AuthController.prototype, "signUpEmail", null);
 __legacyDecorateClassTS([
   Post("/sign-in/email"),
-  __legacyDecorateParamTS(0, Req()),
-  __legacyDecorateParamTS(1, Body()),
   __legacyMetadataTS("design:type", Function),
   __legacyMetadataTS("design:paramtypes", [
-    typeof Context === "undefined" ? Object : Context,
-    Object
+    typeof Context === "undefined" ? Object : Context
   ]),
   __legacyMetadataTS("design:returntype", Promise)
 ], AuthController.prototype, "signInEmail", null);
 __legacyDecorateClassTS([
   Post("/sign-out"),
-  __legacyDecorateParamTS(0, Req()),
-  __legacyDecorateParamTS(1, Res()),
   __legacyMetadataTS("design:type", Function),
   __legacyMetadataTS("design:paramtypes", [
-    typeof Context === "undefined" ? Object : Context,
-    typeof Response === "undefined" ? Object : Response
+    typeof Context === "undefined" ? Object : Context
   ]),
   __legacyMetadataTS("design:returntype", Promise)
 ], AuthController.prototype, "signOut", null);
 __legacyDecorateClassTS([
   Get("/sign-in/:provider"),
-  __legacyDecorateParamTS(0, Req()),
-  __legacyDecorateParamTS(1, Body()),
   __legacyMetadataTS("design:type", Function),
   __legacyMetadataTS("design:paramtypes", [
-    typeof Context === "undefined" ? Object : Context,
-    undefined
+    typeof Context === "undefined" ? Object : Context
   ]),
   __legacyMetadataTS("design:returntype", Promise)
 ], AuthController.prototype, "socialSignIn", null);
 __legacyDecorateClassTS([
   Get("/callback/:provider"),
-  __legacyDecorateParamTS(0, Req()),
   __legacyMetadataTS("design:type", Function),
   __legacyMetadataTS("design:paramtypes", [
     typeof Context === "undefined" ? Object : Context
@@ -344,7 +325,6 @@ __legacyDecorateClassTS([
 ], AuthController.prototype, "oauthCallback", null);
 __legacyDecorateClassTS([
   Post("/jwt"),
-  __legacyDecorateParamTS(0, Req()),
   __legacyMetadataTS("design:type", Function),
   __legacyMetadataTS("design:paramtypes", [
     typeof Context === "undefined" ? Object : Context
@@ -353,7 +333,6 @@ __legacyDecorateClassTS([
 ], AuthController.prototype, "issueJwt", null);
 __legacyDecorateClassTS([
   Post("/passkey/register"),
-  __legacyDecorateParamTS(0, Req()),
   __legacyMetadataTS("design:type", Function),
   __legacyMetadataTS("design:paramtypes", [
     typeof Context === "undefined" ? Object : Context
@@ -362,21 +341,14 @@ __legacyDecorateClassTS([
 ], AuthController.prototype, "passkeyRegister", null);
 __legacyDecorateClassTS([
   Post("/passkey/authenticate"),
-  __legacyDecorateParamTS(0, Req()),
-  __legacyDecorateParamTS(1, Body()),
   __legacyMetadataTS("design:type", Function),
   __legacyMetadataTS("design:paramtypes", [
-    typeof Context === "undefined" ? Object : Context,
-    Object
+    typeof Context === "undefined" ? Object : Context
   ]),
   __legacyMetadataTS("design:returntype", Promise)
 ], AuthController.prototype, "passkeyAuthenticate", null);
 AuthController = __legacyDecorateClassTS([
-  Controller("/api/auth"),
-  __legacyDecorateParamTS(0, Inject2(AuthService.TOKEN)),
-  __legacyMetadataTS("design:paramtypes", [
-    typeof AuthService === "undefined" ? Object : AuthService
-  ])
+  Controller("/api/auth")
 ], AuthController);
 // packages/auth/src/auth.module.ts
 import { Module } from "@nexusts/core";
@@ -492,5 +464,5 @@ export {
   AuthController
 };
-//# debugId=7EDCCD5DCE9F451764756E2164756E21
+//# debugId=96CFDD82525FD1DA64756E2164756E21
 //# sourceMappingURL=index.js.map

package/dist/index.js.map CHANGED Viewed

@@ -3,13 +3,13 @@
   "sources": ["../src/auth.ts", "../src/auth.service.ts", "../src/auth.controller.ts", "../src/auth.module.ts", "../src/middleware.ts", "../src/decorators/current-user.ts"],
   "sourcesContent": [
     "/**\n * `createAuth()` — wrap better-auth's `betterAuth()` factory with\n * NexusTS-friendly defaults.\n *\n * This is the **only** place that talks to better-auth directly. Every\n * other NexusTS auth module consumes the resulting `Auth` instance via\n * DI or the registered token.\n *\n * Why an adapter layer instead of calling `betterAuth()` directly?\n *   1. NexusTS users write `auth.config.ts`, not raw better-auth options.\n *      The adapter translates between the two.\n *   2. Plugin selection (jwt, passkey) is toggled by boolean flags,\n *      not by importing plugin objects.\n *   3. Cookie / CORS / cross-subdomain defaults match Hono's `cors()`\n *      middleware so the two never conflict.\n *\n * Usage:\n *   // src/auth/auth.ts\n *   import { createAuth } from '@nexusts/auth';\n *   export const auth = createAuth({\n *     basePath: '/api/auth',\n *     emailAndPassword: { enabled: true },\n *     socialProviders: {\n *       github: {\n *         clientId: process.env.GITHUB_CLIENT_ID!,\n *         clientSecret: process.env.GITHUB_CLIENT_SECRET!,\n *       },\n *     },\n *   });\n */\n\nimport { betterAuth } from \"better-auth\";\nimport type { AuthConfig } from \"./types.js\";\n\ntype BetterAuthInstance = ReturnType<typeof betterAuth>;\n\n/**\n * Create a better-auth instance with NexusTS-friendly defaults.\n *\n * @param config NexusTS-shaped config (see types.ts).\n * @returns A `better-auth` Auth instance.\n */\nexport function createAuth(config: AuthConfig = {}): BetterAuthInstance {\n\tconst secret = config.secret ?? process.env.BETTER_AUTH_SECRET;\n\tconst baseURL = config.baseUrl ?? process.env.BETTER_AUTH_URL;\n\n\tif (!secret) {\n\t\tthrow new Error(\n\t\t\t\"[nexus/auth] BETTER_AUTH_SECRET is required. \" +\n\t\t\t\t\"Generate one with `openssl rand -base64 32` and add it to .env.\",\n\t\t);\n\t}\n\tif (!baseURL) {\n\t\tthrow new Error(\n\t\t\t\"[nexus/auth] BETTER_AUTH_URL is required (e.g. http://localhost:3000).\",\n\t\t);\n\t}\n\n\tconst plugins: Array<unknown> = [];\n\n\t// JWT plugin — opt-in.\n\tif (config.jwt?.enabled) {\n\t\t// Lazy import so the plugin's transitive dependencies don't load\n\t\t// when the user hasn't asked for JWT.\n\t\t// eslint-disable-next-line @typescript-eslint/no-require-imports\n\t\tconst { jwt } = require(\"better-auth/plugins\");\n\t\tplugins.push(\n\t\t\tjwt({\n\t\t\t\tjwks: {\n\t\t\t\t\tpath: config.jwt.jwksPath ?? \"/api/auth/jwks\",\n\t\t\t\t},\n\t\t\t\tissuer: config.jwt.issuer ?? baseURL,\n\t\t\t\taudience: config.jwt.audience ?? baseURL,\n\t\t\t\texpiresIn: config.jwt.expiresIn ?? 60 * 15,\n\t\t\t}),\n\t\t);\n\t}\n\n\t// Passkey plugin — opt-in.\n\tif (config.passkey?.enabled) {\n\t\t// eslint-disable-next-line @typescript-eslint/no-require-imports\n\t\tconst { passkey } = require(\"better-auth/plugins\");\n\t\tplugins.push(\n\t\t\tpasskey({\n\t\t\t\trpName: config.passkey.rpName,\n\t\t\t\trpID: config.passkey.rpId,\n\t\t\t\torigin: config.passkey.origin,\n\t\t\t}),\n\t\t);\n\t}\n\n\treturn betterAuth({\n\t\tsecret,\n\t\tbaseURL,\n\t\tbasePath: config.basePath ?? \"/api/auth\",\n\t\temailAndPassword: {\n\t\t\tenabled: config.emailAndPassword?.enabled ?? true,\n\t\t\trequireEmailVerification:\n\t\t\t\tconfig.emailAndPassword?.requireEmailVerification ?? false,\n\t\t\tminPasswordLength: config.emailAndPassword?.minPasswordLength ?? 8,\n\t\t\tmaxPasswordLength: config.emailAndPassword?.maxPasswordLength ?? 128,\n\t\t},\n\t\tsession: {\n\t\t\texpiresIn: config.sessionExpiresInSeconds ?? 60 * 60 * 24 * 7, // 7 days\n\t\t},\n\t\tsocialProviders: config.socialProviders as never,\n\t\tadvanced: {\n\t\t\tcookies: {\n\t\t\t\tsessionToken: {\n\t\t\t\t\tattributes: {\n\t\t\t\t\t\tsameSite: (config.cookieSameSite ?? \"lax\") as\n\t\t\t\t\t\t\t| \"lax\"\n\t\t\t\t\t\t\t| \"strict\"\n\t\t\t\t\t\t\t| \"none\",\n\t\t\t\t\t\tsecure:\n\t\t\t\t\t\t\tconfig.cookieSecure ?? process.env.NODE_ENV === \"production\",\n\t\t\t\t\t\t...(config.cookieDomain ? { domain: config.cookieDomain } : {}),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tcrossSubDomainCookies: config.crossSubDomainCookies?.enabled\n\t\t\t\t? {\n\t\t\t\t\t\tenabled: true,\n\t\t\t\t\t\tdomain: config.crossSubDomainCookies.domain,\n\t\t\t\t\t}\n\t\t\t\t: undefined,\n\t\t},\n\t\tplugins,\n\t} as never) as unknown as BetterAuthInstance;\n}\n\n/**\n * Type alias for the returned auth instance — convenient for DI token\n * typings.\n */\nexport type NexusAuth = ReturnType<typeof createAuth>;\n",
-    "/**\n * `AuthService` — DI-friendly wrapper around a better-auth instance.\n *\n * Why a service wrapper?\n *   - Hides the raw better-auth object behind a stable NexusTS API.\n *   - Exposes the high-level operations controllers need:\n *     signUp, signIn, signOut, getSession, oauthUrl, jwt, passkey.\n *   - Allows tests to swap the implementation via DI.\n *\n * Usage:\n *   constructor(@Inject(AuthService.TOKEN) private auth: AuthService) {}\n *\n *   await this.auth.signUp.email({ email, password, name });\n *   const session = await this.auth.getSession({ headers: c.req.raw.headers });\n *   return this.auth.redirect('/dashboard');  // 302\n */\n\nimport { Inject, Injectable } from \"@nexusts/core\";\nimport type {\n\tAuthUser,\n\tAuthSessionRecord,\n\tAuthSession,\n\tAuthConfig,\n} from \"./types.js\";\nimport { createAuth, type NexusAuth } from \"./auth.js\";\nimport type { SessionService } from \"@nexusts/session\";\n\n@Injectable()\nexport class AuthService {\n\t/** DI token — use with `@Inject(AuthService.TOKEN)`. */\n\tstatic readonly TOKEN = Symbol.for(\"nexus:AuthService\");\n\n\t/** The underlying better-auth instance. */\n\treadonly instance: NexusAuth;\n\n\t/**\n\t * Optional SessionService binding. When set, `getSession()` will\n\t * first check the SessionService's cookie before falling back to\n\t * better-auth. This enables shared session state between the two\n\t * modules (e.g. flash messages, guest cart).\n\t *\n\t * Set via `bindSession()` from a feature module's `onInit`, or via\n\t * DI when both modules are present.\n\t */\n\t#sessionService: SessionService | null = null;\n\n\tconstructor(\n\t\t@Inject(\"AUTH_CONFIG\") private readonly config: AuthConfig,\n\t) {\n\t\t// Lazy: defer construction to the first call so module-load\n\t\t// order doesn't matter.\n\t\tthis.instance = createAuth(this.config);\n\t}\n\n\t// ===========================================================================\n\t// Session integration\n\t// ===========================================================================\n\n\t/**\n\t * Bind a SessionService. When bound, `getSession()` consults the\n\t * SessionService first and falls back to better-auth. Returns `this`\n\t * for chaining.\n\t */\n\tbindSession(sessionService: SessionService): this {\n\t\tthis.#sessionService = sessionService;\n\t\treturn this;\n\t}\n\n\t/**\n\t * Returns true when a SessionService has been bound.\n\t */\n\thasSessionBinding(): boolean {\n\t\treturn this.#sessionService !== null;\n\t}\n\n\t// ===========================================================================\n\t// Session\n\t// ===========================================================================\n\n\t/**\n\t * Get the current session from a request. Returns `null` if not\n\t * authenticated.\n\t *\n\t * When a SessionService is bound, we try it first (cookie-based,\n\t * stateless, edge-friendly); better-auth remains the source of\n\t * truth for `user` / `session` records. The cookie value carries\n\t * `userId` which lets you cross-reference both systems.\n\t */\n\tasync getSession(input: { headers: Headers }): Promise<AuthSession> {\n\t\t// 1) Try SessionService (cookie-based) first.\n\t\tif (this.#sessionService) {\n\t\t\tconst cookieName = this.#sessionService.cookieName;\n\t\t\tif (cookieName) {\n\t\t\t\tconst cookieHeader = input.headers.get(\"cookie\") ?? \"\";\n\t\t\t\tconst value = parseCookie(cookieHeader, cookieName);\n\t\t\t\tif (value) {\n\t\t\t\t\tconst decoded = this.#sessionService.decodeCookie(value);\n\t\t\t\t\tif (decoded?.userId) {\n\t\t\t\t\t\t// Hydrate the user from better-auth (so the returned\n\t\t\t\t\t\t// shape matches what controllers expect).\n\t\t\t\t\t\tconst fromBetterAuth = (await this.instance.api.getSession({\n\t\t\t\t\t\t\theaders: input.headers,\n\t\t\t\t\t\t})) as AuthSession | null;\n\t\t\t\t\t\tif (fromBetterAuth?.user) {\n\t\t\t\t\t\t\treturn fromBetterAuth;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t// 2) Fallback to better-auth.\n\t\tconst result = await this.instance.api.getSession({\n\t\t\theaders: input.headers,\n\t\t});\n\t\treturn result as AuthSession;\n\t}\n\n\t/**\n\t * Read the raw SessionService record from a request (no better-auth\n\t * lookup). Returns null when no SessionService is bound or no\n\t * session is found.\n\t */\n\tasync getRawSession(input: { headers: Headers }) {\n\t\tif (!this.#sessionService) return null;\n\t\tconst cookieName = this.#sessionService.cookieName;\n\t\tif (!cookieName) return null;\n\t\tconst cookieHeader = input.headers.get(\"cookie\") ?? \"\";\n\t\tconst value = parseCookie(cookieHeader, cookieName);\n\t\tif (!value) return null;\n\t\treturn this.#sessionService.decodeCookie(value);\n\t}\n\n\t// ===========================================================================\n\t// Sign up / Sign in / Sign out\n\t// ===========================================================================\n\n\t/**\n\t * Email + password sign-up. Throws if email/password is disabled\n\t * in the auth config.\n\t */\n\tasync signUp(input: {\n\t\temail: string;\n\t\tpassword: string;\n\t\tname: string;\n\t\timage?: string;\n\t\tcallbackURL?: string;\n\t}) {\n\t\treturn this.instance.api.signUpEmail({\n\t\t\tbody: input as never,\n\t\t});\n\t}\n\n\t/** Email + password sign-in. */\n\tasync signIn(input: { email: string; password: string; callbackURL?: string }) {\n\t\treturn this.instance.api.signInEmail({\n\t\t\tbody: input as never,\n\t\t});\n\t}\n\n\t/** Sign out — invalidates the current session. */\n\tasync signOut(input: { headers: Headers }) {\n\t\treturn this.instance.api.signOut({\n\t\t\theaders: input.headers,\n\t\t});\n\t}\n\n\t// ===========================================================================\n\t// Social / OAuth\n\t// ===========================================================================\n\n\t/**\n\t * Get the URL the client should redirect to for a social sign-in.\n\t */\n\tasync getOAuthUrl(input: {\n\t\tprovider: string;\n\t\tcallbackURL?: string;\n\t}) {\n\t\treturn this.instance.api.signInSocial({\n\t\t\tbody: input as never,\n\t\t});\n\t}\n\n\t/**\n\t * Sign in / link a social account and return the user.\n\t */\n\tasync handleOAuthCallback(input: { headers: Headers; query: Record<string, string> }) {\n\t\treturn this.instance.api.signInSocial({\n\t\t\theaders: input.headers,\n\t\t\tquery: input.query,\n\t\t\tbody: {} as never,\n\t\t});\n\t}\n\n\t// ===========================================================================\n\t// JWT\n\t// ===========================================================================\n\n\t/**\n\t * Issue a JWT for the currently-authenticated user. Returns\n\t * `{ token, expiresAt }`. Requires the JWT plugin (`config.jwt.enabled`).\n\t */\n\tasync issueJwt(input: { userId: string }) {\n\t\tconst api = this.instance.api as unknown as {\n\t\t\tsignJWT?: (input: { body: { userId: string } }) => Promise<{\n\t\t\t\ttoken: string;\n\t\t\t\texpiresAt: Date;\n\t\t\t}>;\n\t\t};\n\t\tif (!api.signJWT) {\n\t\t\tthrow new Error(\n\t\t\t\t\"[nexus/auth] JWT plugin not enabled. Set `auth.jwt.enabled: true` in nx.config.ts.\",\n\t\t\t);\n\t\t}\n\t\treturn api.signJWT({ body: { userId: input.userId } });\n\t}\n\n\t// ===========================================================================\n\t// Passkey\n\t// ===========================================================================\n\n\tasync registerPasskey(input: { headers: Headers }) {\n\t\tconst api = this.instance.api as unknown as {\n\t\t\tpasskey?: {\n\t\t\t\tregister: (input: { headers: Headers }) => Promise<unknown>;\n\t\t\t};\n\t\t};\n\t\tif (!api.passkey) {\n\t\t\tthrow new Error(\n\t\t\t\t\"[nexus/auth] Passkey plugin not enabled. Set `auth.passkey.enabled: true` in nx.config.ts.\",\n\t\t\t);\n\t\t}\n\t\treturn api.passkey.register({ headers: input.headers });\n\t}\n\n\tasync authenticatePasskey(input: { headers: Headers; body: unknown }) {\n\t\tconst api = this.instance.api as unknown as {\n\t\t\tpasskey?: {\n\t\t\t\tauthenticate: (input: { headers: Headers; body: unknown }) => Promise<unknown>;\n\t\t\t};\n\t\t};\n\t\tif (!api.passkey) {\n\t\t\tthrow new Error(\"[nexus/auth] Passkey plugin not enabled.\");\n\t\t}\n\t\treturn api.passkey.authenticate({ headers: input.headers, body: input.body });\n\t}\n\n\t// ===========================================================================\n\t// Helpers\n\t// ===========================================================================\n\n\t/**\n\t * Build a redirect Response. Used by controllers that need to send\n\t * the user to a different page after sign-in / sign-up.\n\t */\n\tredirect(to: string, status: 302 | 303 | 307 | 308 = 302): Response {\n\t\treturn new Response(null, { status, headers: { Location: to } });\n\t}\n\n\t/**\n\t * Convert a session into the `AuthVariables` shape Hono expects.\n\t */\n\ttoContextVariables(session: AuthSession): {\n\t\tuser: AuthUser | null;\n\t\tsession: AuthSessionRecord | null;\n\t} {\n\t\tif (!session) return { user: null, session: null };\n\t\treturn { user: session.user, session: session.session };\n\t}\n}\n\n/**\n * Extract a single cookie value from a `Cookie` header string.\n * Tiny helper to avoid pulling in a cookie-parsing dependency.\n */\nfunction parseCookie(cookieHeader: string, name: string): string | null {\n\tif (!cookieHeader) return null;\n\tconst parts = cookieHeader.split(\";\");\n\tfor (const part of parts) {\n\t\tconst eq = part.indexOf(\"=\");\n\t\tif (eq < 0) continue;\n\t\tconst k = part.slice(0, eq).trim();\n\t\tif (k === name) {\n\t\t\treturn decodeURIComponent(part.slice(eq + 1).trim());\n\t\t}\n\t}\n\treturn null;\n}",
-    "/**\n * `AuthController` — built-in controller exposing common auth endpoints.\n *\n * Mount it in any `@Module` to get a working auth API:\n *\n *   @Module({\n *     controllers: [AuthController],\n *     providers: [AuthService],\n *   })\n *   export class AuthModule {}\n *\n * Endpoints (all prefixed with `config.basePath`, default `/api/auth`):\n *   - GET  /session               → current session\n *   - POST /sign-up/email         → email/password registration\n *   - POST /sign-in/email         → email/password login\n *   - POST /sign-out              → invalidate session\n *   - GET  /sign-in/:provider     → start OAuth flow\n *   - GET  /callback/:provider    → OAuth callback\n *   - POST /jwt                   → issue JWT (JWT plugin only)\n *   - POST /passkey/register      → start passkey registration\n *   - POST /passkey/authenticate  → complete passkey auth\n *\n * Most of the actual logic is delegated to `auth.handler` from\n * better-auth. The controller exists to make the routes visible to\n * `nx route:list` and to add NexusTS-style DI.\n */\n\nimport {\n\tBody,\n\tController,\n\tGet,\n\tInject,\n\tPost,\n\tReq,\n\tRes,\n} from \"@nexusts/core\";\nimport type { Context } from \"hono\";\nimport { AuthService } from \"./auth.service.js\";\nimport type { AuthSession } from \"./types.js\";\n\n@Controller(\"/api/auth\")\nexport class AuthController {\n\tconstructor(@Inject(AuthService.TOKEN) private readonly auth: AuthService) {}\n\n\t/**\n\t * GET /api/auth/session\n\t * Returns the current session (or null if unauthenticated).\n\t */\n\t@Get(\"/session\")\n\tasync session(@Req() c: Context) {\n\t\tconst session: AuthSession = await this.auth.getSession({\n\t\t\theaders: c.req.raw.headers,\n\t\t});\n\t\treturn c.json(session ?? { user: null, session: null });\n\t}\n\n\t/**\n\t * POST /api/auth/sign-up/email\n\t * Body: { email, password, name, callbackURL? }\n\t */\n\t@Post(\"/sign-up/email\")\n\tasync signUpEmail(@Req() c: Context, @Body() body: any) {\n\t\tconst result = await this.auth.signUp(body);\n\t\treturn c.json(result, 201);\n\t}\n\n\t/**\n\t * POST /api/auth/sign-in/email\n\t * Body: { email, password, callbackURL? }\n\t */\n\t@Post(\"/sign-in/email\")\n\tasync signInEmail(@Req() c: Context, @Body() body: any) {\n\t\tconst result = await this.auth.signIn(body);\n\t\treturn c.json(result);\n\t}\n\n\t/**\n\t * POST /api/auth/sign-out\n\t */\n\t@Post(\"/sign-out\")\n\tasync signOut(@Req() c: Context, @Res() _res: Response) {\n\t\tawait this.auth.signOut({ headers: c.req.raw.headers });\n\t\treturn c.json({ ok: true });\n\t}\n\n\t/**\n\t * GET /api/auth/sign-in/:provider\n\t * Returns a redirect to the social provider's auth page.\n\t */\n\t@Get(\"/sign-in/:provider\")\n\tasync socialSignIn(\n\t\t@Req() c: Context,\n\t\t@Body() _body: never,\n\t) {\n\t\tconst provider = c.req.param(\"provider\") ?? \"\";\n\t\tconst callbackURL = c.req.query(\"callbackURL\") ?? \"/\";\n\t\tconst result = await this.auth.getOAuthUrl({ provider, callbackURL });\n\t\treturn c.json(result);\n\t}\n\n\t/**\n\t * GET /api/auth/callback/:provider\n\t * Social provider redirect target. The better-auth handler does the\n\t * real work; this is a passthrough for `route:list` visibility.\n\t */\n\t@Get(\"/callback/:provider\")\n\tasync oauthCallback(@Req() c: Context) {\n\t\tconst result = await this.auth.handleOAuthCallback({\n\t\t\theaders: c.req.raw.headers,\n\t\t\tquery: c.req.query() as Record<string, string>,\n\t\t});\n\t\treturn c.json(result);\n\t}\n\n\t/**\n\t * POST /api/auth/jwt\n\t * Issues a JWT for the current user. Requires the JWT plugin.\n\t */\n\t@Post(\"/jwt\")\n\tasync issueJwt(@Req() c: Context) {\n\t\tconst session = await this.auth.getSession({\n\t\t\theaders: c.req.raw.headers,\n\t\t});\n\t\tif (!session) return c.json({ error: \"Unauthorized\" }, 401);\n\t\tconst token = await this.auth.issueJwt({ userId: session.user.id });\n\t\treturn c.json(token);\n\t}\n\n\t/**\n\t * POST /api/auth/passkey/register\n\t * Start passkey registration. Requires the passkey plugin.\n\t */\n\t@Post(\"/passkey/register\")\n\tasync passkeyRegister(@Req() c: Context) {\n\t\tconst result = await this.auth.registerPasskey({\n\t\t\theaders: c.req.raw.headers,\n\t\t});\n\t\treturn c.json(result);\n\t}\n\n\t/**\n\t * POST /api/auth/passkey/authenticate\n\t * Body: passkey assertion\n\t */\n\t@Post(\"/passkey/authenticate\")\n\tasync passkeyAuthenticate(@Req() c: Context, @Body() body: any) {\n\t\tconst result = await this.auth.authenticatePasskey({\n\t\t\theaders: c.req.raw.headers,\n\t\t\tbody,\n\t\t});\n\t\treturn c.json(result);\n\t}\n}",
-    "/**\n * `AuthModule` — drop-in module for adding auth to any NexusTS app.\n *\n * Usage:\n *   // src/app/app.module.ts\n *   @Module({\n *     imports: [AuthModule.forRoot({ ... })],\n *   })\n *   export class AppModule {}\n *\n * The `forRoot` static factory builds a one-off `AuthModule` subclass\n * pre-configured with the user's `auth` config. The provider token\n * `'AUTH_CONFIG'` carries the config to the `AuthService` constructor.\n *\n * AuthService is registered under **both** its class token and\n * `AuthService.TOKEN` (a Symbol). The class token is what the\n * container scans; the Symbol is what `@Inject(AuthService.TOKEN)`\n * looks up. Both resolve to the same instance via `useExisting`.\n */\n\nimport { Module } from \"@nexusts/core\";\nimport { AuthController } from \"./auth.controller.js\";\nimport { AuthService } from \"./auth.service.js\";\nimport type { AuthConfig } from \"./types.js\";\nimport { safeGetMeta, safeDefineMeta, safeHasMeta } from \"@nexusts/core/di/safe-reflect\";\n\n@Module({\n\tcontrollers: [AuthController],\n\tproviders: [\n\t\tAuthService,\n\t\t{ provide: AuthService.TOKEN, useExisting: AuthService },\n\t],\n\texports: [AuthService, AuthService.TOKEN],\n})\nexport class AuthModule {\n\t/**\n\t * Build a configured `AuthModule` class with the given config.\n\t *\n\t * The returned class can be `imports`-ed by any other module and\n\t * will provide the `AuthService` (and a `AUTH_CONFIG` value\n\t * provider) to its container.\n\t */\n\tstatic forRoot(config: AuthConfig) {\n\t\t@Module({\n\t\t\tcontrollers: [AuthController],\n\t\t\tproviders: [\n\t\t\t\tAuthService,\n\t\t\t\t{ provide: AuthService.TOKEN, useExisting: AuthService },\n\t\t\t\t{ provide: \"AUTH_CONFIG\", useValue: config },\n\t\t\t],\n\t\t\texports: [AuthService, AuthService.TOKEN],\n\t\t})\n\t\tclass ConfiguredAuthModule {}\n\n\t\t// Tag the dynamic class so the user can see where it came from.\n\t\tObject.defineProperty(ConfiguredAuthModule, \"name\", {\n\t\t\tvalue: \"ConfiguredAuthModule\",\n\t\t});\n\n\t\treturn ConfiguredAuthModule;\n\t}\n}\n",
+    "/**\n * `AuthService` — DI-friendly wrapper around a better-auth instance.\n *\n * Why a service wrapper?\n *   - Hides the raw better-auth object behind a stable NexusTS API.\n *   - Exposes the high-level operations controllers need:\n *     signUp, signIn, signOut, getSession, oauthUrl, jwt, passkey.\n *   - Allows tests to swap the implementation via DI.\n *\n * Usage:\n *   @Inject(AuthService.TOKEN) declare private auth: AuthService;\n *\n *   await this.auth.signUp.email({ email, password, name });\n *   const session = await this.auth.getSession({ headers: c.req.raw.headers });\n *   return this.auth.redirect('/dashboard');  // 302\n */\n\nimport { Inject, Injectable } from \"@nexusts/core\";\nimport type {\n\tAuthUser,\n\tAuthSessionRecord,\n\tAuthSession,\n\tAuthConfig,\n} from \"./types.js\";\nimport { createAuth, type NexusAuth } from \"./auth.js\";\nimport type { SessionService } from \"@nexusts/session\";\n\n@Injectable()\nexport class AuthService {\n\t/** DI token — use with `@Inject(AuthService.TOKEN)`. */\n\tstatic readonly TOKEN = Symbol.for(\"nexus:AuthService\");\n\n\t/** Auth configuration — injected by the DI container. */\n\t@Inject(\"AUTH_CONFIG\") declare private readonly config: AuthConfig;\n\n\t/** The underlying better-auth instance. */\n\tprivate _instance: NexusAuth | null = null;\n\n\t/**\n\t * Returns the underlying better-auth instance (lazy-initialized).\n\t */\n\tget instance(): NexusAuth {\n\t\tif (!this._instance) {\n\t\t\tthis._instance = createAuth(this.config);\n\t\t}\n\t\treturn this._instance;\n\t}\n\n\t/**\n\t * Optional SessionService binding. When set, `getSession()` will\n\t * first check the SessionService's cookie before falling back to\n\t * better-auth. This enables shared session state between the two\n\t * modules (e.g. flash messages, guest cart).\n\t *\n\t * Set via `bindSession()` from a feature module's `onInit`, or via\n\t * DI when both modules are present.\n\t */\n\t#sessionService: SessionService | null = null;\n\n\tconstructor() {\n\t\t// No constructor logic — DI sets @Inject fields before first use.\n\t}\n\n\t// ===========================================================================\n\t// Session integration\n\t// ===========================================================================\n\n\t/**\n\t * Bind a SessionService. When bound, `getSession()` consults the\n\t * SessionService first and falls back to better-auth. Returns `this`\n\t * for chaining.\n\t */\n\tbindSession(sessionService: SessionService): this {\n\t\tthis.#sessionService = sessionService;\n\t\treturn this;\n\t}\n\n\t/**\n\t * Returns true when a SessionService has been bound.\n\t */\n\thasSessionBinding(): boolean {\n\t\treturn this.#sessionService !== null;\n\t}\n\n\t// ===========================================================================\n\t// Session\n\t// ===========================================================================\n\n\t/**\n\t * Get the current session from a request. Returns `null` if not\n\t * authenticated.\n\t *\n\t * When a SessionService is bound, we try it first (cookie-based,\n\t * stateless, edge-friendly); better-auth remains the source of\n\t * truth for `user` / `session` records. The cookie value carries\n\t * `userId` which lets you cross-reference both systems.\n\t */\n\tasync getSession(input: { headers: Headers }): Promise<AuthSession> {\n\t\t// 1) Try SessionService (cookie-based) first.\n\t\tif (this.#sessionService) {\n\t\t\tconst cookieName = this.#sessionService.cookieName;\n\t\t\tif (cookieName) {\n\t\t\t\tconst cookieHeader = input.headers.get(\"cookie\") ?? \"\";\n\t\t\t\tconst value = parseCookie(cookieHeader, cookieName);\n\t\t\t\tif (value) {\n\t\t\t\t\tconst decoded = this.#sessionService.decodeCookie(value);\n\t\t\t\t\tif (decoded?.userId) {\n\t\t\t\t\t\t// Hydrate the user from better-auth (so the returned\n\t\t\t\t\t\t// shape matches what controllers expect).\n\t\t\t\t\t\tconst fromBetterAuth = (await this.instance.api.getSession({\n\t\t\t\t\t\t\theaders: input.headers,\n\t\t\t\t\t\t})) as AuthSession | null;\n\t\t\t\t\t\tif (fromBetterAuth?.user) {\n\t\t\t\t\t\t\treturn fromBetterAuth;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t// 2) Fallback to better-auth.\n\t\tconst result = await this.instance.api.getSession({\n\t\t\theaders: input.headers,\n\t\t});\n\t\treturn result as AuthSession;\n\t}\n\n\t/**\n\t * Read the raw SessionService record from a request (no better-auth\n\t * lookup). Returns null when no SessionService is bound or no\n\t * session is found.\n\t */\n\tasync getRawSession(input: { headers: Headers }) {\n\t\tif (!this.#sessionService) return null;\n\t\tconst cookieName = this.#sessionService.cookieName;\n\t\tif (!cookieName) return null;\n\t\tconst cookieHeader = input.headers.get(\"cookie\") ?? \"\";\n\t\tconst value = parseCookie(cookieHeader, cookieName);\n\t\tif (!value) return null;\n\t\treturn this.#sessionService.decodeCookie(value);\n\t}\n\n\t// ===========================================================================\n\t// Sign up / Sign in / Sign out\n\t// ===========================================================================\n\n\t/**\n\t * Email + password sign-up. Throws if email/password is disabled\n\t * in the auth config.\n\t */\n\tasync signUp(input: {\n\t\temail: string;\n\t\tpassword: string;\n\t\tname: string;\n\t\timage?: string;\n\t\tcallbackURL?: string;\n\t}) {\n\t\treturn this.instance.api.signUpEmail({\n\t\t\tbody: input as never,\n\t\t});\n\t}\n\n\t/** Email + password sign-in. */\n\tasync signIn(input: { email: string; password: string; callbackURL?: string }) {\n\t\treturn this.instance.api.signInEmail({\n\t\t\tbody: input as never,\n\t\t});\n\t}\n\n\t/** Sign out — invalidates the current session. */\n\tasync signOut(input: { headers: Headers }) {\n\t\treturn this.instance.api.signOut({\n\t\t\theaders: input.headers,\n\t\t});\n\t}\n\n\t// ===========================================================================\n\t// Social / OAuth\n\t// ===========================================================================\n\n\t/**\n\t * Get the URL the client should redirect to for a social sign-in.\n\t */\n\tasync getOAuthUrl(input: {\n\t\tprovider: string;\n\t\tcallbackURL?: string;\n\t}) {\n\t\treturn this.instance.api.signInSocial({\n\t\t\tbody: input as never,\n\t\t});\n\t}\n\n\t/**\n\t * Sign in / link a social account and return the user.\n\t */\n\tasync handleOAuthCallback(input: { headers: Headers; query: Record<string, string> }) {\n\t\treturn this.instance.api.signInSocial({\n\t\t\theaders: input.headers,\n\t\t\tquery: input.query,\n\t\t\tbody: {} as never,\n\t\t});\n\t}\n\n\t// ===========================================================================\n\t// JWT\n\t// ===========================================================================\n\n\t/**\n\t * Issue a JWT for the currently-authenticated user. Returns\n\t * `{ token, expiresAt }`. Requires the JWT plugin (`config.jwt.enabled`).\n\t */\n\tasync issueJwt(input: { userId: string }) {\n\t\tconst api = this.instance.api as unknown as {\n\t\t\tsignJWT?: (input: { body: { userId: string } }) => Promise<{\n\t\t\t\ttoken: string;\n\t\t\t\texpiresAt: Date;\n\t\t\t}>;\n\t\t};\n\t\tif (!api.signJWT) {\n\t\t\tthrow new Error(\n\t\t\t\t\"[nexus/auth] JWT plugin not enabled. Set `auth.jwt.enabled: true` in nx.config.ts.\",\n\t\t\t);\n\t\t}\n\t\treturn api.signJWT({ body: { userId: input.userId } });\n\t}\n\n\t// ===========================================================================\n\t// Passkey\n\t// ===========================================================================\n\n\tasync registerPasskey(input: { headers: Headers }) {\n\t\tconst api = this.instance.api as unknown as {\n\t\t\tpasskey?: {\n\t\t\t\tregister: (input: { headers: Headers }) => Promise<unknown>;\n\t\t\t};\n\t\t};\n\t\tif (!api.passkey) {\n\t\t\tthrow new Error(\n\t\t\t\t\"[nexus/auth] Passkey plugin not enabled. Set `auth.passkey.enabled: true` in nx.config.ts.\",\n\t\t\t);\n\t\t}\n\t\treturn api.passkey.register({ headers: input.headers });\n\t}\n\n\tasync authenticatePasskey(input: { headers: Headers; body: unknown }) {\n\t\tconst api = this.instance.api as unknown as {\n\t\t\tpasskey?: {\n\t\t\t\tauthenticate: (input: { headers: Headers; body: unknown }) => Promise<unknown>;\n\t\t\t};\n\t\t};\n\t\tif (!api.passkey) {\n\t\t\tthrow new Error(\"[nexus/auth] Passkey plugin not enabled.\");\n\t\t}\n\t\treturn api.passkey.authenticate({ headers: input.headers, body: input.body });\n\t}\n\n\t// ===========================================================================\n\t// Helpers\n\t// ===========================================================================\n\n\t/**\n\t * Build a redirect Response. Used by controllers that need to send\n\t * the user to a different page after sign-in / sign-up.\n\t */\n\tredirect(to: string, status: 302 | 303 | 307 | 308 = 302): Response {\n\t\treturn new Response(null, { status, headers: { Location: to } });\n\t}\n\n\t/**\n\t * Convert a session into the `AuthVariables` shape Hono expects.\n\t */\n\ttoContextVariables(session: AuthSession): {\n\t\tuser: AuthUser | null;\n\t\tsession: AuthSessionRecord | null;\n\t} {\n\t\tif (!session) return { user: null, session: null };\n\t\treturn { user: session.user, session: session.session };\n\t}\n}\n\n/**\n * Extract a single cookie value from a `Cookie` header string.\n * Tiny helper to avoid pulling in a cookie-parsing dependency.\n */\nfunction parseCookie(cookieHeader: string, name: string): string | null {\n\tif (!cookieHeader) return null;\n\tconst parts = cookieHeader.split(\";\");\n\tfor (const part of parts) {\n\t\tconst eq = part.indexOf(\"=\");\n\t\tif (eq < 0) continue;\n\t\tconst k = part.slice(0, eq).trim();\n\t\tif (k === name) {\n\t\t\treturn decodeURIComponent(part.slice(eq + 1).trim());\n\t\t}\n\t}\n\treturn null;\n}",
+    "/**\n * `AuthController` — built-in controller exposing common auth endpoints.\n *\n * Mount it in any `@Module` to get a working auth API:\n *\n *   @Module({\n *     controllers: [AuthController],\n *     providers: [AuthService],\n *   })\n *   export class AuthModule {}\n *\n * Endpoints (all prefixed with `config.basePath`, default `/api/auth`):\n *   - GET  /session               → current session\n *   - POST /sign-up/email         → email/password registration\n *   - POST /sign-in/email         → email/password login\n *   - POST /sign-out              → invalidate session\n *   - GET  /sign-in/:provider     → start OAuth flow\n *   - GET  /callback/:provider    → OAuth callback\n *   - POST /jwt                   → issue JWT (JWT plugin only)\n *   - POST /passkey/register      → start passkey registration\n *   - POST /passkey/authenticate  → complete passkey auth\n *\n * Most of the actual logic is delegated to `auth.handler` from\n * better-auth. The controller exists to make the routes visible to\n * `nx route:list` and to add NexusTS-style DI.\n *\n * Uses standard decorator patterns: field injection and `ctx.req.*`\n * methods instead of legacy `@Req()`/`@Body()`/`@Res()` parameter\n * decorators.\n */\n\nimport { Controller, Get, Inject, Post } from \"@nexusts/core\";\nimport type { Context } from \"hono\";\nimport { AuthService } from \"./auth.service.js\";\nimport type { AuthSession } from \"./types.js\";\n\n@Controller(\"/api/auth\")\nexport class AuthController {\n\t@Inject(AuthService.TOKEN) declare private readonly auth: AuthService;\n\n\t/**\n\t * GET /api/auth/session\n\t * Returns the current session (or null if unauthenticated).\n\t */\n\t@Get(\"/session\")\n\tasync session(ctx: Context) {\n\t\tconst session: AuthSession = await this.auth.getSession({\n\t\t\theaders: ctx.req.raw.headers,\n\t\t});\n\t\treturn ctx.json(session ?? { user: null, session: null });\n\t}\n\n\t/**\n\t * POST /api/auth/sign-up/email\n\t * Body: { email, password, name, callbackURL? }\n\t */\n\t@Post(\"/sign-up/email\")\n\tasync signUpEmail(ctx: Context) {\n\t\tconst body = await ctx.req.json<any>();\n\t\tconst result = await this.auth.signUp(body);\n\t\treturn ctx.json(result, 201);\n\t}\n\n\t/**\n\t * POST /api/auth/sign-in/email\n\t * Body: { email, password, callbackURL? }\n\t */\n\t@Post(\"/sign-in/email\")\n\tasync signInEmail(ctx: Context) {\n\t\tconst body = await ctx.req.json<any>();\n\t\tconst result = await this.auth.signIn(body);\n\t\treturn ctx.json(result);\n\t}\n\n\t/**\n\t * POST /api/auth/sign-out\n\t */\n\t@Post(\"/sign-out\")\n\tasync signOut(ctx: Context) {\n\t\tawait this.auth.signOut({ headers: ctx.req.raw.headers });\n\t\treturn ctx.json({ ok: true });\n\t}\n\n\t/**\n\t * GET /api/auth/sign-in/:provider\n\t * Returns a redirect to the social provider's auth page.\n\t */\n\t@Get(\"/sign-in/:provider\")\n\tasync socialSignIn(ctx: Context) {\n\t\tconst provider = ctx.req.param(\"provider\") ?? \"\";\n\t\tconst callbackURL = ctx.req.query(\"callbackURL\") ?? \"/\";\n\t\tconst result = await this.auth.getOAuthUrl({ provider, callbackURL });\n\t\treturn ctx.json(result);\n\t}\n\n\t/**\n\t * GET /api/auth/callback/:provider\n\t * Social provider redirect target. The better-auth handler does the\n\t * real work; this is a passthrough for `route:list` visibility.\n\t */\n\t@Get(\"/callback/:provider\")\n\tasync oauthCallback(ctx: Context) {\n\t\tconst result = await this.auth.handleOAuthCallback({\n\t\t\theaders: ctx.req.raw.headers,\n\t\t\tquery: ctx.req.query() as Record<string, string>,\n\t\t});\n\t\treturn ctx.json(result);\n\t}\n\n\t/**\n\t * POST /api/auth/jwt\n\t * Issues a JWT for the current user. Requires the JWT plugin.\n\t */\n\t@Post(\"/jwt\")\n\tasync issueJwt(ctx: Context) {\n\t\tconst session = await this.auth.getSession({\n\t\t\theaders: ctx.req.raw.headers,\n\t\t});\n\t\tif (!session) return ctx.json({ error: \"Unauthorized\" }, 401);\n\t\tconst token = await this.auth.issueJwt({ userId: session.user.id });\n\t\treturn ctx.json(token);\n\t}\n\n\t/**\n\t * POST /api/auth/passkey/register\n\t * Start passkey registration. Requires the passkey plugin.\n\t */\n\t@Post(\"/passkey/register\")\n\tasync passkeyRegister(ctx: Context) {\n\t\tconst result = await this.auth.registerPasskey({\n\t\t\theaders: ctx.req.raw.headers,\n\t\t});\n\t\treturn ctx.json(result);\n\t}\n\n\t/**\n\t * POST /api/auth/passkey/authenticate\n\t * Body: passkey assertion\n\t */\n\t@Post(\"/passkey/authenticate\")\n\tasync passkeyAuthenticate(ctx: Context) {\n\t\tconst body = await ctx.req.json<any>();\n\t\tconst result = await this.auth.authenticatePasskey({\n\t\t\theaders: ctx.req.raw.headers,\n\t\t\tbody,\n\t\t});\n\t\treturn ctx.json(result);\n\t}\n}\n",
+    "/**\n * `AuthModule` — drop-in module for adding auth to any NexusTS app.\n *\n * Usage:\n *   // src/app/app.module.ts\n *   @Module({\n *     imports: [AuthModule.forRoot({ ... })],\n *   })\n *   export class AppModule {}\n *\n * The `forRoot` static factory builds a one-off `AuthModule` subclass\n * pre-configured with the user's `auth` config. The provider token\n * `'AUTH_CONFIG'` carries the config to the `AuthService` constructor.\n *\n * AuthService is registered under **both** its class token and\n * `AuthService.TOKEN` (a Symbol). The class token is what the\n * container scans; the Symbol is what `@Inject(AuthService.TOKEN)`\n * looks up. Both resolve to the same instance via `useExisting`.\n */\n\nimport { Module } from \"@nexusts/core\";\nimport { AuthController } from \"./auth.controller.js\";\nimport { AuthService } from \"./auth.service.js\";\nimport type { AuthConfig } from \"./types.js\";\n\n\n@Module({\n\tcontrollers: [AuthController],\n\tproviders: [\n\t\tAuthService,\n\t\t{ provide: AuthService.TOKEN, useExisting: AuthService },\n\t],\n\texports: [AuthService, AuthService.TOKEN],\n})\nexport class AuthModule {\n\t/**\n\t * Build a configured `AuthModule` class with the given config.\n\t *\n\t * The returned class can be `imports`-ed by any other module and\n\t * will provide the `AuthService` (and a `AUTH_CONFIG` value\n\t * provider) to its container.\n\t */\n\tstatic forRoot(config: AuthConfig) {\n\t\t@Module({\n\t\t\tcontrollers: [AuthController],\n\t\t\tproviders: [\n\t\t\t\tAuthService,\n\t\t\t\t{ provide: AuthService.TOKEN, useExisting: AuthService },\n\t\t\t\t{ provide: \"AUTH_CONFIG\", useValue: config },\n\t\t\t],\n\t\t\texports: [AuthService, AuthService.TOKEN],\n\t\t})\n\t\tclass ConfiguredAuthModule {}\n\n\t\t// Tag the dynamic class so the user can see where it came from.\n\t\tObject.defineProperty(ConfiguredAuthModule, \"name\", {\n\t\t\tvalue: \"ConfiguredAuthModule\",\n\t\t});\n\n\t\treturn ConfiguredAuthModule;\n\t}\n}\n",
     "/**\n * `authMiddleware` — populate `c.var.user` and `c.var.session` on\n * every request, optionally enforcing a \"must be logged in\" policy.\n *\n * This is a Hono middleware that wraps better-auth's `getSession`.\n * It runs after the better-auth handler has set its own cookies, so\n * subsequent reads are cheap (a single DB lookup).\n *\n * Three modes:\n *   - optional  → always allow; populate user/session if present\n *   - required  → 401 if no user\n *   - scoped    → require user only for paths matching a regex\n *\n * Usage:\n *   import { authMiddleware } from '@nexusts/auth';\n *   app.use('*', authMiddleware(auth, { mode: 'optional' }));\n *   app.use('/api/*', authMiddleware(auth, { mode: 'required' }));\n */\n\nimport type { Auth } from \"better-auth\";\nimport type { Context, MiddlewareHandler, } from \"hono\";\nimport type { AuthVariables } from \"./types.js\";\n\nexport type AuthMiddlewareMode = \"optional\" | \"required\" | \"scoped\";\n\nexport interface AuthMiddlewareOptions {\n\t/** Auth mode. Default: `'optional'`. */\n\tmode?: AuthMiddlewareMode;\n\t/** Path matcher (only used in `'scoped'` mode). */\n\tscope?: RegExp;\n\t/** Path matcher for `'scoped'` mode's protected set. */\n\tprotectedPaths?: RegExp | RegExp[];\n\t/** Path matcher for paths that should be skipped entirely. */\n\tignoredPaths?: RegExp | RegExp[];\n\t/** Customize the 401 response. */\n\tonUnauthenticated?: (c: Context) => Response | Promise<Response>;\n\t/** Customize the 403 response when a scope check fails. */\n\tonForbidden?: (c: Context) => Response | Promise<Response>;\n}\n\nexport function authMiddleware(\n\tauth: Auth,\n\toptions: AuthMiddlewareOptions = {},\n): MiddlewareHandler<{ Variables: AuthVariables }> {\n\tconst {\n\t\tmode = \"optional\",\n\t\tscope,\n\t\tprotectedPaths,\n\t\tignoredPaths,\n\t\tonUnauthenticated = defaultUnauthenticated,\n\t} = options;\n\n\tconst ignored = toMatcher(ignoredPaths);\n\tconst protected_ =\n\t\tmode === \"scoped\"\n\t\t\t? toMatcher(scope ?? protectedPaths ?? /^\\/.+/) // everything\n\t\t\t: null;\n\n\treturn async (c, next) => {\n\t\tconst path = c.req.path;\n\n\t\t// Skip ignored paths entirely (e.g. health checks).\n\t\tif (ignored?.test(path)) {\n\t\t\treturn next();\n\t\t}\n\n\t\t// Populate the session.\n\t\tconst session = await auth.api.getSession({\n\t\t\theaders: c.req.raw.headers,\n\t\t});\n\n\t\tif (session) {\n\t\t\tc.set(\"user\", session.user as never);\n\t\t\tc.set(\"session\", session.session as never);\n\t\t} else {\n\t\t\tc.set(\"user\", null);\n\t\t\tc.set(\"session\", null);\n\t\t}\n\n\t\t// Apply mode.\n\t\tif (mode === \"required\" || (protected_?.test(path) && session === null)) {\n\t\t\tif (session === null) return onUnauthenticated(c);\n\t\t}\n\n\t\t// Scope-based forbidden check (e.g. \"user must have a specific role\").\n\t\t// Skipped here — the route handler can call `requireRole(...)` itself.\n\n\t\treturn next();\n\t};\n}\n\nfunction toMatcher(input?: RegExp | RegExp[]): RegExp | null {\n\tif (!input) return null;\n\tif (Array.isArray(input)) {\n\t\treturn new RegExp(input.map((r) => `(?:${r.source})`).join(\"|\"));\n\t}\n\treturn input;\n}\n\nfunction defaultUnauthenticated(c: Context): Response {\n\treturn c.json(\n\t\t{ error: \"Unauthorized\", message: \"Authentication required.\" },\n\t\t401,\n\t);\n}\n\n/**\n * `authHandler` — mount better-auth's catch-all handler at a path.\n *\n * Use this instead of writing the `app.on(['POST', 'GET'], path, ...)`\n * boilerplate yourself.\n *\n *   app.use('/api/auth/*', cors({ ... }));\n *   app.all('/api/auth/*', authHandler(auth));\n */\nexport function authHandler(auth: Auth): MiddlewareHandler {\n\treturn async (c) => auth.handler(c.req.raw);\n}\n",
     "/**\n * `@CurrentUser()` — controller parameter decorator that injects the\n * authenticated user (and optionally the session) into a handler.\n *\n * Usage:\n *   @Get('/me')\n *   me(@CurrentUser() user: AuthUser) {\n *     return user;\n *   }\n *\n *   @Get('/profile')\n *   profile(@CurrentUser({ session: true }) ctx: { user: AuthUser; session: AuthSessionRecord }) {\n *     return ctx;\n *   }\n *\n *   @Get('/dashboard')\n *   dashboard(@CurrentUser({ required: true }) user: AuthUser) {\n *     // 401 is thrown before the handler if no user is present.\n *     return this.dashboardService.forUser(user.id);\n *   }\n */\n\nimport { createParamDecorator } from \"@nexusts/core\";\nimport { PARAM_TYPES } from \"@nexusts/core\";\nimport type { AuthUser, AuthSessionRecord } from \"../types.js\";\nimport { safeGetMeta, safeDefineMeta, safeHasMeta } from \"@nexusts/core/di/safe-reflect\";\n\nexport interface CurrentUserOptions {\n\t/**\n\t * Include the session in the injected value. Default: `false`.\n\t * When true, the value is `{ user, session }` instead of just the user.\n\t */\n\tsession?: boolean;\n\t/**\n\t * Throw 401 if no user is present. Default: `false`.\n\t * When true, the framework returns a 401 response without invoking\n\t * the handler.\n\t */\n\trequired?: boolean;\n\t/**\n\t * Throw 403 if the user does not satisfy the predicate.\n\t */\n\tassert?: (user: AuthUser) => boolean | Promise<boolean>;\n}\n\n/**\n * Inject the authenticated user (or `{ user, session }` if `session: true`).\n */\nexport function CurrentUser(\n\toptions: CurrentUserOptions = {},\n): ParameterDecorator {\n\treturn createParamDecorator(PARAM_TYPES.USER, options as never);\n}\n\n/**\n * Convenience: throw 401 with a JSON body when no user is present.\n * Exposed for users who want to enforce auth inside the handler.\n */\nexport class UnauthenticatedError extends Error {\n\treadonly status = 401;\n\tconstructor(message = \"Authentication required.\") {\n\t\tsuper(message);\n\t\tthis.name = \"UnauthenticatedError\";\n\t}\n}\n\nexport class ForbiddenError extends Error {\n\treadonly status = 403;\n\tconstructor(message = \"Insufficient permissions.\") {\n\t\tsuper(message);\n\t\tthis.name = \"ForbiddenError\";\n\t}\n}\n\n// Re-export session record type for convenience.\nexport type { AuthSessionRecord as AuthSession };\n"
   ],
-  "mappings": ";;;;;;;;;;;;;;;;;;AA+BA;AAWO,SAAS,UAAU,CAAC,SAAqB,CAAC,GAAuB;AAAA,EACvE,MAAM,SAAS,OAAO,UAAU,QAAQ,IAAI;AAAA,EAC5C,MAAM,UAAU,OAAO,WAAW,QAAQ,IAAI;AAAA,EAE9C,IAAI,CAAC,QAAQ;AAAA,IACZ,MAAM,IAAI,MACT,kDACC,iEACF;AAAA,EACD;AAAA,EACA,IAAI,CAAC,SAAS;AAAA,IACb,MAAM,IAAI,MACT,wEACD;AAAA,EACD;AAAA,EAEA,MAAM,UAA0B,CAAC;AAAA,EAGjC,IAAI,OAAO,KAAK,SAAS;AAAA,IAIxB,QAAQ;AAAA,IACR,QAAQ,KACP,IAAI;AAAA,MACH,MAAM;AAAA,QACL,MAAM,OAAO,IAAI,YAAY;AAAA,MAC9B;AAAA,MACA,QAAQ,OAAO,IAAI,UAAU;AAAA,MAC7B,UAAU,OAAO,IAAI,YAAY;AAAA,MACjC,WAAW,OAAO,IAAI,aAAa,KAAK;AAAA,IACzC,CAAC,CACF;AAAA,EACD;AAAA,EAGA,IAAI,OAAO,SAAS,SAAS;AAAA,IAE5B,QAAQ;AAAA,IACR,QAAQ,KACP,QAAQ;AAAA,MACP,QAAQ,OAAO,QAAQ;AAAA,MACvB,MAAM,OAAO,QAAQ;AAAA,MACrB,QAAQ,OAAO,QAAQ;AAAA,IACxB,CAAC,CACF;AAAA,EACD;AAAA,EAEA,OAAO,WAAW;AAAA,IACjB;AAAA,IACA;AAAA,IACA,UAAU,OAAO,YAAY;AAAA,IAC7B,kBAAkB;AAAA,MACjB,SAAS,OAAO,kBAAkB,WAAW;AAAA,MAC7C,0BACC,OAAO,kBAAkB,4BAA4B;AAAA,MACtD,mBAAmB,OAAO,kBAAkB,qBAAqB;AAAA,MACjE,mBAAmB,OAAO,kBAAkB,qBAAqB;AAAA,IAClE;AAAA,IACA,SAAS;AAAA,MACR,WAAW,OAAO,2BAA2B,KAAK,KAAK,KAAK;AAAA,IAC7D;AAAA,IACA,iBAAiB,OAAO;AAAA,IACxB,UAAU;AAAA,MACT,SAAS;AAAA,QACR,cAAc;AAAA,UACb,YAAY;AAAA,YACX,UAAW,OAAO,kBAAkB;AAAA,YAIpC,QACC,OAAO,gBAAgB;AAAA,eACpB,OAAO,eAAe,EAAE,QAAQ,OAAO,aAAa,IAAI,CAAC;AAAA,UAC9D;AAAA,QACD;AAAA,MACD;AAAA,MACA,uBAAuB,OAAO,uBAAuB,UAClD;AAAA,QACA,SAAS;AAAA,QACT,QAAQ,OAAO,sBAAsB;AAAA,MACtC,IACC;AAAA,IACJ;AAAA,IACA;AAAA,EACD,CAAU;AAAA;;AC/GX;AAWO,MAAM,YAAY;AAAA,EAmBiB;AAAA,SAjBzB,QAAQ,OAAO,IAAI,mBAAmB;AAAA,EAG7C;AAAA,EAWT,kBAAyC;AAAA,EAEzC,WAAW,CAC8B,QACvC;AAAA,IADuC;AAAA,IAIxC,KAAK,WAAW,WAAW,KAAK,MAAM;AAAA;AAAA,EAYvC,WAAW,CAAC,gBAAsC;AAAA,IACjD,KAAK,kBAAkB;AAAA,IACvB,OAAO;AAAA;AAAA,EAMR,iBAAiB,GAAY;AAAA,IAC5B,OAAO,KAAK,oBAAoB;AAAA;AAAA,OAgB3B,WAAU,CAAC,OAAmD;AAAA,IAEnE,IAAI,KAAK,iBAAiB;AAAA,MACzB,MAAM,aAAa,KAAK,gBAAgB;AAAA,MACxC,IAAI,YAAY;AAAA,QACf,MAAM,eAAe,MAAM,QAAQ,IAAI,QAAQ,KAAK;AAAA,QACpD,MAAM,QAAQ,YAAY,cAAc,UAAU;AAAA,QAClD,IAAI,OAAO;AAAA,UACV,MAAM,UAAU,KAAK,gBAAgB,aAAa,KAAK;AAAA,UACvD,IAAI,SAAS,QAAQ;AAAA,YAGpB,MAAM,iBAAkB,MAAM,KAAK,SAAS,IAAI,WAAW;AAAA,cAC1D,SAAS,MAAM;AAAA,YAChB,CAAC;AAAA,YACD,IAAI,gBAAgB,MAAM;AAAA,cACzB,OAAO;AAAA,YACR;AAAA,UACD;AAAA,QACD;AAAA,MACD;AAAA,IACD;AAAA,IAGA,MAAM,SAAS,MAAM,KAAK,SAAS,IAAI,WAAW;AAAA,MACjD,SAAS,MAAM;AAAA,IAChB,CAAC;AAAA,IACD,OAAO;AAAA;AAAA,OAQF,cAAa,CAAC,OAA6B;AAAA,IAChD,IAAI,CAAC,KAAK;AAAA,MAAiB,OAAO;AAAA,IAClC,MAAM,aAAa,KAAK,gBAAgB;AAAA,IACxC,IAAI,CAAC;AAAA,MAAY,OAAO;AAAA,IACxB,MAAM,eAAe,MAAM,QAAQ,IAAI,QAAQ,KAAK;AAAA,IACpD,MAAM,QAAQ,YAAY,cAAc,UAAU;AAAA,IAClD,IAAI,CAAC;AAAA,MAAO,OAAO;AAAA,IACnB,OAAO,KAAK,gBAAgB,aAAa,KAAK;AAAA;AAAA,OAWzC,OAAM,CAAC,OAMV;AAAA,IACF,OAAO,KAAK,SAAS,IAAI,YAAY;AAAA,MACpC,MAAM;AAAA,IACP,CAAC;AAAA;AAAA,OAII,OAAM,CAAC,OAAkE;AAAA,IAC9E,OAAO,KAAK,SAAS,IAAI,YAAY;AAAA,MACpC,MAAM;AAAA,IACP,CAAC;AAAA;AAAA,OAII,QAAO,CAAC,OAA6B;AAAA,IAC1C,OAAO,KAAK,SAAS,IAAI,QAAQ;AAAA,MAChC,SAAS,MAAM;AAAA,IAChB,CAAC;AAAA;AAAA,OAUI,YAAW,CAAC,OAGf;AAAA,IACF,OAAO,KAAK,SAAS,IAAI,aAAa;AAAA,MACrC,MAAM;AAAA,IACP,CAAC;AAAA;AAAA,OAMI,oBAAmB,CAAC,OAA4D;AAAA,IACrF,OAAO,KAAK,SAAS,IAAI,aAAa;AAAA,MACrC,SAAS,MAAM;AAAA,MACf,OAAO,MAAM;AAAA,MACb,MAAM,CAAC;AAAA,IACR,CAAC;AAAA;AAAA,OAWI,SAAQ,CAAC,OAA2B;AAAA,IACzC,MAAM,MAAM,KAAK,SAAS;AAAA,IAM1B,IAAI,CAAC,IAAI,SAAS;AAAA,MACjB,MAAM,IAAI,MACT,oFACD;AAAA,IACD;AAAA,IACA,OAAO,IAAI,QAAQ,EAAE,MAAM,EAAE,QAAQ,MAAM,OAAO,EAAE,CAAC;AAAA;AAAA,OAOhD,gBAAe,CAAC,OAA6B;AAAA,IAClD,MAAM,MAAM,KAAK,SAAS;AAAA,IAK1B,IAAI,CAAC,IAAI,SAAS;AAAA,MACjB,MAAM,IAAI,MACT,4FACD;AAAA,IACD;AAAA,IACA,OAAO,IAAI,QAAQ,SAAS,EAAE,SAAS,MAAM,QAAQ,CAAC;AAAA;AAAA,OAGjD,oBAAmB,CAAC,OAA4C;AAAA,IACrE,MAAM,MAAM,KAAK,SAAS;AAAA,IAK1B,IAAI,CAAC,IAAI,SAAS;AAAA,MACjB,MAAM,IAAI,MAAM,0CAA0C;AAAA,IAC3D;AAAA,IACA,OAAO,IAAI,QAAQ,aAAa,EAAE,SAAS,MAAM,SAAS,MAAM,MAAM,KAAK,CAAC;AAAA;AAAA,EAW7E,QAAQ,CAAC,IAAY,SAAgC,KAAe;AAAA,IACnE,OAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,SAAS,EAAE,UAAU,GAAG,EAAE,CAAC;AAAA;AAAA,EAMhE,kBAAkB,CAAC,SAGjB;AAAA,IACD,IAAI,CAAC;AAAA,MAAS,OAAO,EAAE,MAAM,MAAM,SAAS,KAAK;AAAA,IACjD,OAAO,EAAE,MAAM,QAAQ,MAAM,SAAS,QAAQ,QAAQ;AAAA;AAExD;AAjPa,cAAN;AAAA,EADN,WAAW;AAAA,EAoBT,kCAAO,aAAa;AAAA,EAnBhB;AAAA;AAAA;AAAA,GAAM;AAuPb,SAAS,WAAW,CAAC,cAAsB,MAA6B;AAAA,EACvE,IAAI,CAAC;AAAA,IAAc,OAAO;AAAA,EAC1B,MAAM,QAAQ,aAAa,MAAM,GAAG;AAAA,EACpC,WAAW,QAAQ,OAAO;AAAA,IACzB,MAAM,KAAK,KAAK,QAAQ,GAAG;AAAA,IAC3B,IAAI,KAAK;AAAA,MAAG;AAAA,IACZ,MAAM,IAAI,KAAK,MAAM,GAAG,EAAE,EAAE,KAAK;AAAA,IACjC,IAAI,MAAM,MAAM;AAAA,MACf,OAAO,mBAAmB,KAAK,MAAM,KAAK,CAAC,EAAE,KAAK,CAAC;AAAA,IACpD;AAAA,EACD;AAAA,EACA,OAAO;AAAA;;ACnQR;AAAA;AAAA;AAAA;AAAA,YAIC;AAAA;AAAA;AAAA;AAAA;AAUM,MAAM,eAAe;AAAA,EAC6B;AAAA,EAAxD,WAAW,CAA6C,MAAmB;AAAA,IAAnB;AAAA;AAAA,OAOlD,QAAO,CAAQ,GAAY;AAAA,IAChC,MAAM,UAAuB,MAAM,KAAK,KAAK,WAAW;AAAA,MACvD,SAAS,EAAE,IAAI,IAAI;AAAA,IACpB,CAAC;AAAA,IACD,OAAO,EAAE,KAAK,WAAW,EAAE,MAAM,MAAM,SAAS,KAAK,CAAC;AAAA;AAAA,OAQjD,YAAW,CAAQ,GAAoB,MAAW;AAAA,IACvD,MAAM,SAAS,MAAM,KAAK,KAAK,OAAO,IAAI;AAAA,IAC1C,OAAO,EAAE,KAAK,QAAQ,GAAG;AAAA;AAAA,OAQpB,YAAW,CAAQ,GAAoB,MAAW;AAAA,IACvD,MAAM,SAAS,MAAM,KAAK,KAAK,OAAO,IAAI;AAAA,IAC1C,OAAO,EAAE,KAAK,MAAM;AAAA;AAAA,OAOf,QAAO,CAAQ,GAAmB,MAAgB;AAAA,IACvD,MAAM,KAAK,KAAK,QAAQ,EAAE,SAAS,EAAE,IAAI,IAAI,QAAQ,CAAC;AAAA,IACtD,OAAO,EAAE,KAAK,EAAE,IAAI,KAAK,CAAC;AAAA;AAAA,OAQrB,aAAY,CACV,GACC,OACP;AAAA,IACD,MAAM,WAAW,EAAE,IAAI,MAAM,UAAU,KAAK;AAAA,IAC5C,MAAM,cAAc,EAAE,IAAI,MAAM,aAAa,KAAK;AAAA,IAClD,MAAM,SAAS,MAAM,KAAK,KAAK,YAAY,EAAE,UAAU,YAAY,CAAC;AAAA,IACpE,OAAO,EAAE,KAAK,MAAM;AAAA;AAAA,OASf,cAAa,CAAQ,GAAY;AAAA,IACtC,MAAM,SAAS,MAAM,KAAK,KAAK,oBAAoB;AAAA,MAClD,SAAS,EAAE,IAAI,IAAI;AAAA,MACnB,OAAO,EAAE,IAAI,MAAM;AAAA,IACpB,CAAC;AAAA,IACD,OAAO,EAAE,KAAK,MAAM;AAAA;AAAA,OAQf,SAAQ,CAAQ,GAAY;AAAA,IACjC,MAAM,UAAU,MAAM,KAAK,KAAK,WAAW;AAAA,MAC1C,SAAS,EAAE,IAAI,IAAI;AAAA,IACpB,CAAC;AAAA,IACD,IAAI,CAAC;AAAA,MAAS,OAAO,EAAE,KAAK,EAAE,OAAO,eAAe,GAAG,GAAG;AAAA,IAC1D,MAAM,QAAQ,MAAM,KAAK,KAAK,SAAS,EAAE,QAAQ,QAAQ,KAAK,GAAG,CAAC;AAAA,IAClE,OAAO,EAAE,KAAK,KAAK;AAAA;AAAA,OAQd,gBAAe,CAAQ,GAAY;AAAA,IACxC,MAAM,SAAS,MAAM,KAAK,KAAK,gBAAgB;AAAA,MAC9C,SAAS,EAAE,IAAI,IAAI;AAAA,IACpB,CAAC;AAAA,IACD,OAAO,EAAE,KAAK,MAAM;AAAA;AAAA,OAQf,oBAAmB,CAAQ,GAAoB,MAAW;AAAA,IAC/D,MAAM,SAAS,MAAM,KAAK,KAAK,oBAAoB;AAAA,MAClD,SAAS,EAAE,IAAI,IAAI;AAAA,MACnB;AAAA,IACD,CAAC;AAAA,IACD,OAAO,EAAE,KAAK,MAAM;AAAA;AAEtB;AAvGO;AAAA,EADL,IAAI,UAAU;AAAA,EACA,+BAAI;AAAA,EAAb;AAAA;AAAA;AAAA;AAAA;AAAA,GARM,eAQN;AAYA;AAAA,EADL,KAAK,gBAAgB;AAAA,EACH,+BAAI;AAAA,EAAe,gCAAK;AAAA,EAArC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GApBM,eAoBN;AAUA;AAAA,EADL,KAAK,gBAAgB;AAAA,EACH,+BAAI;AAAA,EAAe,gCAAK;AAAA,EAArC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GA9BM,eA8BN;AASA;AAAA,EADL,KAAK,WAAW;AAAA,EACF,+BAAI;AAAA,EAAe,+BAAI;AAAA,EAAhC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAvCM,eAuCN;AAUA;AAAA,EADL,IAAI,oBAAoB;AAAA,EAEvB,+BAAI;AAAA,EACJ,gCAAK;AAAA,EAFD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAjDM,eAiDN;AAgBA;AAAA,EADL,IAAI,qBAAqB;AAAA,EACL,+BAAI;AAAA,EAAnB;AAAA;AAAA;AAAA;AAAA;AAAA,GAjEM,eAiEN;AAaA;AAAA,EADL,KAAK,MAAM;AAAA,EACI,+BAAI;AAAA,EAAd;AAAA;AAAA;AAAA;AAAA;AAAA,GA9EM,eA8EN;AAcA;AAAA,EADL,KAAK,mBAAmB;AAAA,EACF,+BAAI;AAAA,EAArB;AAAA;AAAA;AAAA;AAAA;AAAA,GA5FM,eA4FN;AAYA;AAAA,EADL,KAAK,uBAAuB;AAAA,EACF,+BAAI;AAAA,EAAe,gCAAK;AAAA,EAA7C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAxGM,eAwGN;AAxGM,iBAAN;AAAA,EADN,WAAW,WAAW;AAAA,EAET,mCAAO,YAAY,KAAK;AAAA,EAD/B;AAAA;AAAA;AAAA,GAAM;;ACrBb;AAcO,MAAM,WAAW;AAAA,SAQhB,OAAO,CAAC,QAAoB;AAAA,IAUlC,MAAM,qBAAqB;AAAA,IAAC;AAAA,IAAtB,uBAAN;AAAA,MATC,OAAO;AAAA,QACP,aAAa,CAAC,cAAc;AAAA,QAC5B,WAAW;AAAA,UACV;AAAA,UACA,EAAE,SAAS,YAAY,OAAO,aAAa,YAAY;AAAA,UACvD,EAAE,SAAS,eAAe,UAAU,OAAO;AAAA,QAC5C;AAAA,QACA,SAAS,CAAC,aAAa,YAAY,KAAK;AAAA,MACzC,CAAC;AAAA,OACK;AAAA,IAGN,OAAO,eAAe,sBAAsB,QAAQ;AAAA,MACnD,OAAO;AAAA,IACR,CAAC;AAAA,IAED,OAAO;AAAA;AAET;AA3Ba,aAAN;AAAA,EARN,OAAO;AAAA,IACP,aAAa,CAAC,cAAc;AAAA,IAC5B,WAAW;AAAA,MACV;AAAA,MACA,EAAE,SAAS,YAAY,OAAO,aAAa,YAAY;AAAA,IACxD;AAAA,IACA,SAAS,CAAC,aAAa,YAAY,KAAK;AAAA,EACzC,CAAC;AAAA,GACY;;ACMN,SAAS,cAAc,CAC7B,MACA,UAAiC,CAAC,GACgB;AAAA,EAClD;AAAA,IACC,OAAO;AAAA,IACP;AAAA,IACA;AAAA,IACA;AAAA,IACA,oBAAoB;AAAA,MACjB;AAAA,EAEJ,MAAM,UAAU,UAAU,YAAY;AAAA,EACtC,MAAM,aACL,SAAS,WACN,UAAU,SAAS,kBAAkB,OAAO,IAC5C;AAAA,EAEJ,OAAO,OAAO,GAAG,SAAS;AAAA,IACzB,MAAM,OAAO,EAAE,IAAI;AAAA,IAGnB,IAAI,SAAS,KAAK,IAAI,GAAG;AAAA,MACxB,OAAO,KAAK;AAAA,IACb;AAAA,IAGA,MAAM,UAAU,MAAM,KAAK,IAAI,WAAW;AAAA,MACzC,SAAS,EAAE,IAAI,IAAI;AAAA,IACpB,CAAC;AAAA,IAED,IAAI,SAAS;AAAA,MACZ,EAAE,IAAI,QAAQ,QAAQ,IAAa;AAAA,MACnC,EAAE,IAAI,WAAW,QAAQ,OAAgB;AAAA,IAC1C,EAAO;AAAA,MACN,EAAE,IAAI,QAAQ,IAAI;AAAA,MAClB,EAAE,IAAI,WAAW,IAAI;AAAA;AAAA,IAItB,IAAI,SAAS,cAAe,YAAY,KAAK,IAAI,KAAK,YAAY,MAAO;AAAA,MACxE,IAAI,YAAY;AAAA,QAAM,OAAO,kBAAkB,CAAC;AAAA,IACjD;AAAA,IAKA,OAAO,KAAK;AAAA;AAAA;AAId,SAAS,SAAS,CAAC,OAA0C;AAAA,EAC5D,IAAI,CAAC;AAAA,IAAO,OAAO;AAAA,EACnB,IAAI,MAAM,QAAQ,KAAK,GAAG;AAAA,IACzB,OAAO,IAAI,OAAO,MAAM,IAAI,CAAC,MAAM,MAAM,EAAE,SAAS,EAAE,KAAK,GAAG,CAAC;AAAA,EAChE;AAAA,EACA,OAAO;AAAA;AAGR,SAAS,sBAAsB,CAAC,GAAsB;AAAA,EACrD,OAAO,EAAE,KACR,EAAE,OAAO,gBAAgB,SAAS,2BAA2B,GAC7D,GACD;AAAA;AAYM,SAAS,WAAW,CAAC,MAA+B;AAAA,EAC1D,OAAO,OAAO,MAAM,KAAK,QAAQ,EAAE,IAAI,GAAG;AAAA;;AC9F3C;AACA;AAyBO,SAAS,WAAW,CAC1B,UAA8B,CAAC,GACV;AAAA,EACrB,OAAO,qBAAqB,YAAY,MAAM,OAAgB;AAAA;AAAA;AAOxD,MAAM,6BAA6B,MAAM;AAAA,EACtC,SAAS;AAAA,EAClB,WAAW,CAAC,UAAU,4BAA4B;AAAA,IACjD,MAAM,OAAO;AAAA,IACb,KAAK,OAAO;AAAA;AAEd;AAAA;AAEO,MAAM,uBAAuB,MAAM;AAAA,EAChC,SAAS;AAAA,EAClB,WAAW,CAAC,UAAU,6BAA6B;AAAA,IAClD,MAAM,OAAO;AAAA,IACb,KAAK,OAAO;AAAA;AAEd;",
-  "debugId": "7EDCCD5DCE9F451764756E2164756E21",
+  "mappings": ";;;;;;;;;;;;;;;;;AA+BA;AAWO,SAAS,UAAU,CAAC,SAAqB,CAAC,GAAuB;AAAA,EACvE,MAAM,SAAS,OAAO,UAAU,QAAQ,IAAI;AAAA,EAC5C,MAAM,UAAU,OAAO,WAAW,QAAQ,IAAI;AAAA,EAE9C,IAAI,CAAC,QAAQ;AAAA,IACZ,MAAM,IAAI,MACT,kDACC,iEACF;AAAA,EACD;AAAA,EACA,IAAI,CAAC,SAAS;AAAA,IACb,MAAM,IAAI,MACT,wEACD;AAAA,EACD;AAAA,EAEA,MAAM,UAA0B,CAAC;AAAA,EAGjC,IAAI,OAAO,KAAK,SAAS;AAAA,IAIxB,QAAQ;AAAA,IACR,QAAQ,KACP,IAAI;AAAA,MACH,MAAM;AAAA,QACL,MAAM,OAAO,IAAI,YAAY;AAAA,MAC9B;AAAA,MACA,QAAQ,OAAO,IAAI,UAAU;AAAA,MAC7B,UAAU,OAAO,IAAI,YAAY;AAAA,MACjC,WAAW,OAAO,IAAI,aAAa,KAAK;AAAA,IACzC,CAAC,CACF;AAAA,EACD;AAAA,EAGA,IAAI,OAAO,SAAS,SAAS;AAAA,IAE5B,QAAQ;AAAA,IACR,QAAQ,KACP,QAAQ;AAAA,MACP,QAAQ,OAAO,QAAQ;AAAA,MACvB,MAAM,OAAO,QAAQ;AAAA,MACrB,QAAQ,OAAO,QAAQ;AAAA,IACxB,CAAC,CACF;AAAA,EACD;AAAA,EAEA,OAAO,WAAW;AAAA,IACjB;AAAA,IACA;AAAA,IACA,UAAU,OAAO,YAAY;AAAA,IAC7B,kBAAkB;AAAA,MACjB,SAAS,OAAO,kBAAkB,WAAW;AAAA,MAC7C,0BACC,OAAO,kBAAkB,4BAA4B;AAAA,MACtD,mBAAmB,OAAO,kBAAkB,qBAAqB;AAAA,MACjE,mBAAmB,OAAO,kBAAkB,qBAAqB;AAAA,IAClE;AAAA,IACA,SAAS;AAAA,MACR,WAAW,OAAO,2BAA2B,KAAK,KAAK,KAAK;AAAA,IAC7D;AAAA,IACA,iBAAiB,OAAO;AAAA,IACxB,UAAU;AAAA,MACT,SAAS;AAAA,QACR,cAAc;AAAA,UACb,YAAY;AAAA,YACX,UAAW,OAAO,kBAAkB;AAAA,YAIpC,QACC,OAAO,gBAAgB;AAAA,eACpB,OAAO,eAAe,EAAE,QAAQ,OAAO,aAAa,IAAI,CAAC;AAAA,UAC9D;AAAA,QACD;AAAA,MACD;AAAA,MACA,uBAAuB,OAAO,uBAAuB,UAClD;AAAA,QACA,SAAS;AAAA,QACT,QAAQ,OAAO,sBAAsB;AAAA,MACtC,IACC;AAAA,IACJ;AAAA,IACA;AAAA,EACD,CAAU;AAAA;;AC/GX;AAWO,MAAM,YAAY;AAAA,SAER,QAAQ,OAAO,IAAI,mBAAmB;AAAA,EAM9C,YAA8B;AAAA,MAKlC,QAAQ,GAAc;AAAA,IACzB,IAAI,CAAC,KAAK,WAAW;AAAA,MACpB,KAAK,YAAY,WAAW,KAAK,MAAM;AAAA,IACxC;AAAA,IACA,OAAO,KAAK;AAAA;AAAA,EAYb,kBAAyC;AAAA,EAEzC,WAAW,GAAG;AAAA,EAad,WAAW,CAAC,gBAAsC;AAAA,IACjD,KAAK,kBAAkB;AAAA,IACvB,OAAO;AAAA;AAAA,EAMR,iBAAiB,GAAY;AAAA,IAC5B,OAAO,KAAK,oBAAoB;AAAA;AAAA,OAgB3B,WAAU,CAAC,OAAmD;AAAA,IAEnE,IAAI,KAAK,iBAAiB;AAAA,MACzB,MAAM,aAAa,KAAK,gBAAgB;AAAA,MACxC,IAAI,YAAY;AAAA,QACf,MAAM,eAAe,MAAM,QAAQ,IAAI,QAAQ,KAAK;AAAA,QACpD,MAAM,QAAQ,YAAY,cAAc,UAAU;AAAA,QAClD,IAAI,OAAO;AAAA,UACV,MAAM,UAAU,KAAK,gBAAgB,aAAa,KAAK;AAAA,UACvD,IAAI,SAAS,QAAQ;AAAA,YAGpB,MAAM,iBAAkB,MAAM,KAAK,SAAS,IAAI,WAAW;AAAA,cAC1D,SAAS,MAAM;AAAA,YAChB,CAAC;AAAA,YACD,IAAI,gBAAgB,MAAM;AAAA,cACzB,OAAO;AAAA,YACR;AAAA,UACD;AAAA,QACD;AAAA,MACD;AAAA,IACD;AAAA,IAGA,MAAM,SAAS,MAAM,KAAK,SAAS,IAAI,WAAW;AAAA,MACjD,SAAS,MAAM;AAAA,IAChB,CAAC;AAAA,IACD,OAAO;AAAA;AAAA,OAQF,cAAa,CAAC,OAA6B;AAAA,IAChD,IAAI,CAAC,KAAK;AAAA,MAAiB,OAAO;AAAA,IAClC,MAAM,aAAa,KAAK,gBAAgB;AAAA,IACxC,IAAI,CAAC;AAAA,MAAY,OAAO;AAAA,IACxB,MAAM,eAAe,MAAM,QAAQ,IAAI,QAAQ,KAAK;AAAA,IACpD,MAAM,QAAQ,YAAY,cAAc,UAAU;AAAA,IAClD,IAAI,CAAC;AAAA,MAAO,OAAO;AAAA,IACnB,OAAO,KAAK,gBAAgB,aAAa,KAAK;AAAA;AAAA,OAWzC,OAAM,CAAC,OAMV;AAAA,IACF,OAAO,KAAK,SAAS,IAAI,YAAY;AAAA,MACpC,MAAM;AAAA,IACP,CAAC;AAAA;AAAA,OAII,OAAM,CAAC,OAAkE;AAAA,IAC9E,OAAO,KAAK,SAAS,IAAI,YAAY;AAAA,MACpC,MAAM;AAAA,IACP,CAAC;AAAA;AAAA,OAII,QAAO,CAAC,OAA6B;AAAA,IAC1C,OAAO,KAAK,SAAS,IAAI,QAAQ;AAAA,MAChC,SAAS,MAAM;AAAA,IAChB,CAAC;AAAA;AAAA,OAUI,YAAW,CAAC,OAGf;AAAA,IACF,OAAO,KAAK,SAAS,IAAI,aAAa;AAAA,MACrC,MAAM;AAAA,IACP,CAAC;AAAA;AAAA,OAMI,oBAAmB,CAAC,OAA4D;AAAA,IACrF,OAAO,KAAK,SAAS,IAAI,aAAa;AAAA,MACrC,SAAS,MAAM;AAAA,MACf,OAAO,MAAM;AAAA,MACb,MAAM,CAAC;AAAA,IACR,CAAC;AAAA;AAAA,OAWI,SAAQ,CAAC,OAA2B;AAAA,IACzC,MAAM,MAAM,KAAK,SAAS;AAAA,IAM1B,IAAI,CAAC,IAAI,SAAS;AAAA,MACjB,MAAM,IAAI,MACT,oFACD;AAAA,IACD;AAAA,IACA,OAAO,IAAI,QAAQ,EAAE,MAAM,EAAE,QAAQ,MAAM,OAAO,EAAE,CAAC;AAAA;AAAA,OAOhD,gBAAe,CAAC,OAA6B;AAAA,IAClD,MAAM,MAAM,KAAK,SAAS;AAAA,IAK1B,IAAI,CAAC,IAAI,SAAS;AAAA,MACjB,MAAM,IAAI,MACT,4FACD;AAAA,IACD;AAAA,IACA,OAAO,IAAI,QAAQ,SAAS,EAAE,SAAS,MAAM,QAAQ,CAAC;AAAA;AAAA,OAGjD,oBAAmB,CAAC,OAA4C;AAAA,IACrE,MAAM,MAAM,KAAK,SAAS;AAAA,IAK1B,IAAI,CAAC,IAAI,SAAS;AAAA,MACjB,MAAM,IAAI,MAAM,0CAA0C;AAAA,IAC3D;AAAA,IACA,OAAO,IAAI,QAAQ,aAAa,EAAE,SAAS,MAAM,SAAS,MAAM,MAAM,KAAK,CAAC;AAAA;AAAA,EAW7E,QAAQ,CAAC,IAAY,SAAgC,KAAe;AAAA,IACnE,OAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,SAAS,EAAE,UAAU,GAAG,EAAE,CAAC;AAAA;AAAA,EAMhE,kBAAkB,CAAC,SAGjB;AAAA,IACD,IAAI,CAAC;AAAA,MAAS,OAAO,EAAE,MAAM,MAAM,SAAS,KAAK;AAAA,IACjD,OAAO,EAAE,MAAM,QAAQ,MAAM,SAAS,QAAQ,QAAQ;AAAA;AAExD;AArPiD;AAAA,EAA/C,OAAO,aAAa;AAAA,GALT,YAKoC;AALpC,cAAN;AAAA,EADN,WAAW;AAAA,EACL;AAAA,GAAM;AAgQb,SAAS,WAAW,CAAC,cAAsB,MAA6B;AAAA,EACvE,IAAI,CAAC;AAAA,IAAc,OAAO;AAAA,EAC1B,MAAM,QAAQ,aAAa,MAAM,GAAG;AAAA,EACpC,WAAW,QAAQ,OAAO;AAAA,IACzB,MAAM,KAAK,KAAK,QAAQ,GAAG;AAAA,IAC3B,IAAI,KAAK;AAAA,MAAG;AAAA,IACZ,MAAM,IAAI,KAAK,MAAM,GAAG,EAAE,EAAE,KAAK;AAAA,IACjC,IAAI,MAAM,MAAM;AAAA,MACf,OAAO,mBAAmB,KAAK,MAAM,KAAK,CAAC,EAAE,KAAK,CAAC;AAAA,IACpD;AAAA,EACD;AAAA,EACA,OAAO;AAAA;;ACxQR,oCAA0B;AAMnB,MAAM,eAAe;AAAA,OAQrB,QAAO,CAAC,KAAc;AAAA,IAC3B,MAAM,UAAuB,MAAM,KAAK,KAAK,WAAW;AAAA,MACvD,SAAS,IAAI,IAAI,IAAI;AAAA,IACtB,CAAC;AAAA,IACD,OAAO,IAAI,KAAK,WAAW,EAAE,MAAM,MAAM,SAAS,KAAK,CAAC;AAAA;AAAA,OAQnD,YAAW,CAAC,KAAc;AAAA,IAC/B,MAAM,OAAO,MAAM,IAAI,IAAI,KAAU;AAAA,IACrC,MAAM,SAAS,MAAM,KAAK,KAAK,OAAO,IAAI;AAAA,IAC1C,OAAO,IAAI,KAAK,QAAQ,GAAG;AAAA;AAAA,OAQtB,YAAW,CAAC,KAAc;AAAA,IAC/B,MAAM,OAAO,MAAM,IAAI,IAAI,KAAU;AAAA,IACrC,MAAM,SAAS,MAAM,KAAK,KAAK,OAAO,IAAI;AAAA,IAC1C,OAAO,IAAI,KAAK,MAAM;AAAA;AAAA,OAOjB,QAAO,CAAC,KAAc;AAAA,IAC3B,MAAM,KAAK,KAAK,QAAQ,EAAE,SAAS,IAAI,IAAI,IAAI,QAAQ,CAAC;AAAA,IACxD,OAAO,IAAI,KAAK,EAAE,IAAI,KAAK,CAAC;AAAA;AAAA,OAQvB,aAAY,CAAC,KAAc;AAAA,IAChC,MAAM,WAAW,IAAI,IAAI,MAAM,UAAU,KAAK;AAAA,IAC9C,MAAM,cAAc,IAAI,IAAI,MAAM,aAAa,KAAK;AAAA,IACpD,MAAM,SAAS,MAAM,KAAK,KAAK,YAAY,EAAE,UAAU,YAAY,CAAC;AAAA,IACpE,OAAO,IAAI,KAAK,MAAM;AAAA;AAAA,OASjB,cAAa,CAAC,KAAc;AAAA,IACjC,MAAM,SAAS,MAAM,KAAK,KAAK,oBAAoB;AAAA,MAClD,SAAS,IAAI,IAAI,IAAI;AAAA,MACrB,OAAO,IAAI,IAAI,MAAM;AAAA,IACtB,CAAC;AAAA,IACD,OAAO,IAAI,KAAK,MAAM;AAAA;AAAA,OAQjB,SAAQ,CAAC,KAAc;AAAA,IAC5B,MAAM,UAAU,MAAM,KAAK,KAAK,WAAW;AAAA,MAC1C,SAAS,IAAI,IAAI,IAAI;AAAA,IACtB,CAAC;AAAA,IACD,IAAI,CAAC;AAAA,MAAS,OAAO,IAAI,KAAK,EAAE,OAAO,eAAe,GAAG,GAAG;AAAA,IAC5D,MAAM,QAAQ,MAAM,KAAK,KAAK,SAAS,EAAE,QAAQ,QAAQ,KAAK,GAAG,CAAC;AAAA,IAClE,OAAO,IAAI,KAAK,KAAK;AAAA;AAAA,OAQhB,gBAAe,CAAC,KAAc;AAAA,IACnC,MAAM,SAAS,MAAM,KAAK,KAAK,gBAAgB;AAAA,MAC9C,SAAS,IAAI,IAAI,IAAI;AAAA,IACtB,CAAC;AAAA,IACD,OAAO,IAAI,KAAK,MAAM;AAAA;AAAA,OAQjB,oBAAmB,CAAC,KAAc;AAAA,IACvC,MAAM,OAAO,MAAM,IAAI,IAAI,KAAU;AAAA,IACrC,MAAM,SAAS,MAAM,KAAK,KAAK,oBAAoB;AAAA,MAClD,SAAS,IAAI,IAAI,IAAI;AAAA,MACrB;AAAA,IACD,CAAC;AAAA,IACD,OAAO,IAAI,KAAK,MAAM;AAAA;AAExB;AA9GqD;AAAA,EAAnD,QAAO,YAAY,KAAK;AAAA,GADb,eACwC;AAO9C;AAAA,EADL,IAAI,UAAU;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,GARM,eAQN;AAYA;AAAA,EADL,KAAK,gBAAgB;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA;AAAA,GApBM,eAoBN;AAWA;AAAA,EADL,KAAK,gBAAgB;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA;AAAA,GA/BM,eA+BN;AAUA;AAAA,EADL,KAAK,WAAW;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA,GAzCM,eAyCN;AAUA;AAAA,EADL,IAAI,oBAAoB;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA,GAnDM,eAmDN;AAaA;AAAA,EADL,IAAI,qBAAqB;AAAA,EACpB;AAAA;AAAA;AAAA;AAAA;AAAA,GAhEM,eAgEN;AAaA;AAAA,EADL,KAAK,MAAM;AAAA,EACN;AAAA;AAAA;AAAA;AAAA;AAAA,GA7EM,eA6EN;AAcA;AAAA,EADL,KAAK,mBAAmB;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA,GA3FM,eA2FN;AAYA;AAAA,EADL,KAAK,uBAAuB;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA;AAAA,GAvGM,eAuGN;AAvGM,iBAAN;AAAA,EADN,WAAW,WAAW;AAAA,GACV;;ACjBb;AAcO,MAAM,WAAW;AAAA,SAQhB,OAAO,CAAC,QAAoB;AAAA,IAUlC,MAAM,qBAAqB;AAAA,IAAC;AAAA,IAAtB,uBAAN;AAAA,MATC,OAAO;AAAA,QACP,aAAa,CAAC,cAAc;AAAA,QAC5B,WAAW;AAAA,UACV;AAAA,UACA,EAAE,SAAS,YAAY,OAAO,aAAa,YAAY;AAAA,UACvD,EAAE,SAAS,eAAe,UAAU,OAAO;AAAA,QAC5C;AAAA,QACA,SAAS,CAAC,aAAa,YAAY,KAAK;AAAA,MACzC,CAAC;AAAA,OACK;AAAA,IAGN,OAAO,eAAe,sBAAsB,QAAQ;AAAA,MACnD,OAAO;AAAA,IACR,CAAC;AAAA,IAED,OAAO;AAAA;AAET;AA3Ba,aAAN;AAAA,EARN,OAAO;AAAA,IACP,aAAa,CAAC,cAAc;AAAA,IAC5B,WAAW;AAAA,MACV;AAAA,MACA,EAAE,SAAS,YAAY,OAAO,aAAa,YAAY;AAAA,IACxD;AAAA,IACA,SAAS,CAAC,aAAa,YAAY,KAAK;AAAA,EACzC,CAAC;AAAA,GACY;;ACMN,SAAS,cAAc,CAC7B,MACA,UAAiC,CAAC,GACgB;AAAA,EAClD;AAAA,IACC,OAAO;AAAA,IACP;AAAA,IACA;AAAA,IACA;AAAA,IACA,oBAAoB;AAAA,MACjB;AAAA,EAEJ,MAAM,UAAU,UAAU,YAAY;AAAA,EACtC,MAAM,aACL,SAAS,WACN,UAAU,SAAS,kBAAkB,OAAO,IAC5C;AAAA,EAEJ,OAAO,OAAO,GAAG,SAAS;AAAA,IACzB,MAAM,OAAO,EAAE,IAAI;AAAA,IAGnB,IAAI,SAAS,KAAK,IAAI,GAAG;AAAA,MACxB,OAAO,KAAK;AAAA,IACb;AAAA,IAGA,MAAM,UAAU,MAAM,KAAK,IAAI,WAAW;AAAA,MACzC,SAAS,EAAE,IAAI,IAAI;AAAA,IACpB,CAAC;AAAA,IAED,IAAI,SAAS;AAAA,MACZ,EAAE,IAAI,QAAQ,QAAQ,IAAa;AAAA,MACnC,EAAE,IAAI,WAAW,QAAQ,OAAgB;AAAA,IAC1C,EAAO;AAAA,MACN,EAAE,IAAI,QAAQ,IAAI;AAAA,MAClB,EAAE,IAAI,WAAW,IAAI;AAAA;AAAA,IAItB,IAAI,SAAS,cAAe,YAAY,KAAK,IAAI,KAAK,YAAY,MAAO;AAAA,MACxE,IAAI,YAAY;AAAA,QAAM,OAAO,kBAAkB,CAAC;AAAA,IACjD;AAAA,IAKA,OAAO,KAAK;AAAA;AAAA;AAId,SAAS,SAAS,CAAC,OAA0C;AAAA,EAC5D,IAAI,CAAC;AAAA,IAAO,OAAO;AAAA,EACnB,IAAI,MAAM,QAAQ,KAAK,GAAG;AAAA,IACzB,OAAO,IAAI,OAAO,MAAM,IAAI,CAAC,MAAM,MAAM,EAAE,SAAS,EAAE,KAAK,GAAG,CAAC;AAAA,EAChE;AAAA,EACA,OAAO;AAAA;AAGR,SAAS,sBAAsB,CAAC,GAAsB;AAAA,EACrD,OAAO,EAAE,KACR,EAAE,OAAO,gBAAgB,SAAS,2BAA2B,GAC7D,GACD;AAAA;AAYM,SAAS,WAAW,CAAC,MAA+B;AAAA,EAC1D,OAAO,OAAO,MAAM,KAAK,QAAQ,EAAE,IAAI,GAAG;AAAA;;AC9F3C;AACA;AAyBO,SAAS,WAAW,CAC1B,UAA8B,CAAC,GACV;AAAA,EACrB,OAAO,qBAAqB,YAAY,MAAM,OAAgB;AAAA;AAAA;AAOxD,MAAM,6BAA6B,MAAM;AAAA,EACtC,SAAS;AAAA,EAClB,WAAW,CAAC,UAAU,4BAA4B;AAAA,IACjD,MAAM,OAAO;AAAA,IACb,KAAK,OAAO;AAAA;AAEd;AAAA;AAEO,MAAM,uBAAuB,MAAM;AAAA,EAChC,SAAS;AAAA,EAClB,WAAW,CAAC,UAAU,6BAA6B;AAAA,IAClD,MAAM,OAAO;AAAA,IACb,KAAK,OAAO;AAAA;AAEd;",
+  "debugId": "96CFDD82525FD1DA64756E2164756E21",
   "names": []
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@nexusts/auth",
-  "version": "0.9.6",
+  "version": "0.9.8",
   "description": "Authentication via better-auth integration",
   "type": "module",
   "main": "./dist/index.js",
@@ -34,7 +34,7 @@
     }
   },
   "dependencies": {
-    "@nexusts/core": "^0.9.6"
+    "@nexusts/core": "^0.9.8"
   },
   "repository": {
     "type": "git",