@oakbun/auth 0.1.0 → 0.1.1

package/dist/index.d.ts

@@ -0,0 +1,69 @@
+import * as better_auth from 'better-auth';
+import { betterAuth, Where } from 'better-auth';
+import { VelnAdapter, Plugin, BaseCtx, AuthAdapter, BindingValue } from 'oakbun';
+import * as better_auth_adapters from 'better-auth/adapters';
+
+interface BetterAuthPluginOptions {
+    secret: string;
+    baseUrl?: string;
+    trustedOrigins?: string[];
+}
+type BetterAuthInstance = ReturnType<typeof betterAuth>;
+type BetterAuthUser = BetterAuthInstance['$Infer']['Session']['user'];
+type BetterAuthSession = BetterAuthInstance['$Infer']['Session']['session'];
+interface AuthCtxAdd {
+    betterUser: BetterAuthUser | null;
+    session: BetterAuthSession | null;
+    auth: BetterAuthInstance;
+}
+declare function betterAuthPlugin(options: BetterAuthPluginOptions, velnAdapter: VelnAdapter): Plugin<BaseCtx, AuthCtxAdd>;
+/**
+ * Create an onRequest hook that intercepts requests to the auth base path
+ * and delegates them to better-auth's handler.
+ *
+ * Usage:
+ * ```ts
+ * const auth = betterAuth({ ... })
+ * app.onRequest(createOnRequest(createAuthRequestHook(auth)))
+ * ```
+ */
+declare function createAuthRequestHook(auth: BetterAuthInstance, basePath?: string): (ctx: BaseCtx) => Promise<Response | void>;
+
+/**
+ * betterAuthAdapter — wraps a Better Auth instance as an OakBun AuthAdapter.
+ *
+ * Usage:
+ *   import { betterAuth } from 'better-auth'
+ *   import { betterAuthAdapter } from '@oakbun/auth'
+ *
+ *   const auth = betterAuth({ ... })
+ *
+ *   createApp({
+ *     auth: betterAuthAdapter(auth),
+ *   })
+ *
+ * Permissions:
+ *   Better Auth does not ship a built-in permissions array on the session user.
+ *   This adapter maps `user.role` (if present) to a single permission string
+ *   using the pattern "role:<value>" — e.g. role "admin" → ["role:admin"].
+ *
+ *   For fine-grained permissions, extend the Better Auth session schema with a
+ *   `permissions` field and this adapter will pick it up automatically.
+ *
+ *   Priority:
+ *     1. user.permissions (string[]) — if Better Auth session has this field
+ *     2. user.role (string)          — mapped to ["role:<value>"]
+ *     3. []                          — no permissions
+ */
+declare function betterAuthAdapter(auth: BetterAuthInstance): AuthAdapter;
+
+declare function createVelnDbAdapter(velnAdapter: VelnAdapter): better_auth_adapters.AdapterFactory<better_auth.BetterAuthOptions>;
+
+declare function createAuthTables(adapter: VelnAdapter): Promise<void>;
+
+declare function convertWhere(where: Where[]): {
+    sql: string;
+    params: BindingValue[];
+};
+
+export { type AuthCtxAdd, type BetterAuthInstance, type BetterAuthPluginOptions, type BetterAuthSession, type BetterAuthUser, betterAuthAdapter, betterAuthPlugin, convertWhere, createAuthRequestHook, createAuthTables, createVelnDbAdapter };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@oakbun/auth",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "description": "Better Auth integration plugin for the OakBun framework.",
   "author": "René (SchildW3rk)",
   "license": "MIT",
@@ -35,16 +35,16 @@
     "LICENSE"
   ],
   "scripts": {
-    "build": "tsup && tsc -p tsconfig.build.json",
+    "build": "tsup",
     "build:watch": "tsup --watch",
-    "typecheck": "tsc --noEmit",
-    "prepublishOnly": "bun run build && bun run typecheck"
+    "typecheck": "bunx tsc --noEmit",
+    "prepublishOnly": "bun run build && bunx tsc --noEmit"
   },
   "dependencies": {
     "better-auth": "^1.5.5"
   },
   "peerDependencies": {
-    "oakbun": ">=0.1.0"
+    "oakbun": ">=0.1.1"
   },
   "devDependencies": {
     "oakbun": "workspace:*"

package/dist/auth/src/adapter.d.ts

@@ -1,3 +0,0 @@
-import type { VelnAdapter } from 'oakbun';
-export declare function createVelnDbAdapter(velnAdapter: VelnAdapter): import("better-auth/adapters").AdapterFactory<import("better-auth").BetterAuthOptions>;
-//# sourceMappingURL=adapter.d.ts.map

package/dist/auth/src/adapter.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"adapter.d.ts","sourceRoot":"","sources":["../../../src/adapter.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAgB,MAAM,QAAQ,CAAA;AAcvD,wBAAgB,mBAAmB,CAAC,WAAW,EAAE,WAAW,0FAwL3D"}

package/dist/auth/src/auth-adapter.d.ts

@@ -1,30 +0,0 @@
-import type { AuthAdapter } from 'oakbun';
-import type { BetterAuthInstance } from './plugin.js';
-/**
- * betterAuthAdapter — wraps a Better Auth instance as an OakBun AuthAdapter.
- *
- * Usage:
- *   import { betterAuth } from 'better-auth'
- *   import { betterAuthAdapter } from '@oakbun/auth'
- *
- *   const auth = betterAuth({ ... })
- *
- *   createApp({
- *     auth: betterAuthAdapter(auth),
- *   })
- *
- * Permissions:
- *   Better Auth does not ship a built-in permissions array on the session user.
- *   This adapter maps `user.role` (if present) to a single permission string
- *   using the pattern "role:<value>" — e.g. role "admin" → ["role:admin"].
- *
- *   For fine-grained permissions, extend the Better Auth session schema with a
- *   `permissions` field and this adapter will pick it up automatically.
- *
- *   Priority:
- *     1. user.permissions (string[]) — if Better Auth session has this field
- *     2. user.role (string)          — mapped to ["role:<value>"]
- *     3. []                          — no permissions
- */
-export declare function betterAuthAdapter(auth: BetterAuthInstance): AuthAdapter;
-//# sourceMappingURL=auth-adapter.d.ts.map

package/dist/auth/src/auth-adapter.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"auth-adapter.d.ts","sourceRoot":"","sources":["../../../src/auth-adapter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAqB,MAAM,QAAQ,CAAA;AAC5D,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAA;AAErD;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,kBAAkB,GAAG,WAAW,CA+BvE"}

package/dist/auth/src/index.d.ts

@@ -1,7 +0,0 @@
-export { betterAuthPlugin, createAuthRequestHook } from './plugin.js';
-export { betterAuthAdapter } from './auth-adapter.js';
-export { createVelnDbAdapter } from './adapter.js';
-export { createAuthTables } from './migrate.js';
-export { convertWhere } from './where.js';
-export type { BetterAuthPluginOptions, AuthCtxAdd, BetterAuthInstance, BetterAuthUser, BetterAuthSession } from './plugin.js';
-//# sourceMappingURL=index.d.ts.map

package/dist/auth/src/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAA;AACrE,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAA;AACrD,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAA;AAClD,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAA;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAA;AACzC,YAAY,EAAE,uBAAuB,EAAE,UAAU,EAAE,kBAAkB,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAA"}

package/dist/auth/src/migrate.d.ts

@@ -1,3 +0,0 @@
-import type { VelnAdapter } from 'oakbun';
-export declare function createAuthTables(adapter: VelnAdapter): Promise<void>;
-//# sourceMappingURL=migrate.d.ts.map

package/dist/auth/src/migrate.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"migrate.d.ts","sourceRoot":"","sources":["../../../src/migrate.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAA;AAEzC,wBAAsB,gBAAgB,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAsD1E"}

package/dist/auth/src/plugin.d.ts

@@ -1,28 +0,0 @@
-import { betterAuth } from 'better-auth';
-import type { VelnAdapter, BaseCtx, Plugin } from 'oakbun';
-export interface BetterAuthPluginOptions {
-    secret: string;
-    baseUrl?: string;
-    trustedOrigins?: string[];
-}
-export type BetterAuthInstance = ReturnType<typeof betterAuth>;
-export type BetterAuthUser = BetterAuthInstance['$Infer']['Session']['user'];
-export type BetterAuthSession = BetterAuthInstance['$Infer']['Session']['session'];
-export interface AuthCtxAdd {
-    betterUser: BetterAuthUser | null;
-    session: BetterAuthSession | null;
-    auth: BetterAuthInstance;
-}
-export declare function betterAuthPlugin(options: BetterAuthPluginOptions, velnAdapter: VelnAdapter): Plugin<BaseCtx, AuthCtxAdd>;
-/**
- * Create an onRequest hook that intercepts requests to the auth base path
- * and delegates them to better-auth's handler.
- *
- * Usage:
- * ```ts
- * const auth = betterAuth({ ... })
- * app.onRequest(createOnRequest(createAuthRequestHook(auth)))
- * ```
- */
-export declare function createAuthRequestHook(auth: BetterAuthInstance, basePath?: string): (ctx: BaseCtx) => Promise<Response | void>;
-//# sourceMappingURL=plugin.d.ts.map

package/dist/auth/src/plugin.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../../../src/plugin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,OAAO,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAG1D,MAAM,WAAW,uBAAuB;IACtC,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAA;CAC1B;AAED,MAAM,MAAM,kBAAkB,GAAG,UAAU,CAAC,OAAO,UAAU,CAAC,CAAA;AAE9D,MAAM,MAAM,cAAc,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,CAAA;AAC5E,MAAM,MAAM,iBAAiB,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,CAAA;AAElF,MAAM,WAAW,UAAU;IAGzB,UAAU,EAAE,cAAc,GAAG,IAAI,CAAA;IACjC,OAAO,EAAE,iBAAiB,GAAG,IAAI,CAAA;IACjC,IAAI,EAAE,kBAAkB,CAAA;CACzB;AAED,wBAAgB,gBAAgB,CAC9B,OAAO,EAAE,uBAAuB,EAChC,WAAW,EAAE,WAAW,GACvB,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,CA+B7B;AAED;;;;;;;;;GASG;AACH,wBAAgB,qBAAqB,CACnC,IAAI,EAAE,kBAAkB,EACxB,QAAQ,SAAc,IAER,KAAK,OAAO,KAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAMtD"}

package/dist/auth/src/where.d.ts

@@ -1,7 +0,0 @@
-import type { BindingValue } from 'oakbun';
-import type { Where } from 'better-auth';
-export declare function convertWhere(where: Where[]): {
-    sql: string;
-    params: BindingValue[];
-};
-//# sourceMappingURL=where.d.ts.map

package/dist/auth/src/where.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"where.d.ts","sourceRoot":"","sources":["../../../src/where.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAA;AAC1C,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,aAAa,CAAA;AAExC,wBAAgB,YAAY,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,YAAY,EAAE,CAAA;CAAE,CA4EpF"}

package/dist/core/src/adapter/mysql.d.ts

@@ -1,21 +0,0 @@
-import type { VelnAdapter, BindingValue, ExecuteResult, QueryLogEntry } from './types';
-export interface MySQLConfig {
-    url?: string;
-    hostname?: string;
-    port?: number;
-    database?: string;
-    username?: string;
-    password?: string;
-    max?: number;
-    idleTimeout?: number;
-}
-export declare class MySQLAdapter implements VelnAdapter {
-    private readonly sql;
-    onQuery?: (entry: QueryLogEntry) => void;
-    constructor(config: MySQLConfig);
-    query<T>(sql: string, params?: BindingValue[]): Promise<T[]>;
-    execute(sql: string, params?: BindingValue[]): Promise<ExecuteResult>;
-    transaction<T>(fn: (tx: VelnAdapter) => Promise<T>): Promise<T>;
-    close(): Promise<void>;
-}
-//# sourceMappingURL=mysql.d.ts.map

package/dist/core/src/adapter/mysql.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"mysql.d.ts","sourceRoot":"","sources":["../../../../../core/src/adapter/mysql.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,SAAS,CAAA;AAEtF,MAAM,WAAW,WAAW;IAC1B,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB;AAED,qBAAa,YAAa,YAAW,WAAW;IAI9C,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAK;IACzB,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,CAAA;gBAE5B,MAAM,EAAE,WAAW;IAiBzB,KAAK,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,GAAE,YAAY,EAAO,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC;IAQhE,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,GAAE,YAAY,EAAO,GAAG,OAAO,CAAC,aAAa,CAAC;IAQzE,WAAW,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,WAAW,KAAK,OAAO,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC;IAgB/D,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;CAG7B"}

package/dist/core/src/adapter/postgres.d.ts

@@ -1,16 +0,0 @@
-import type { VelnAdapter, BindingValue, ExecuteResult, QueryLogEntry } from './types';
-export interface PostgresConfig {
-    url: string;
-    max?: number;
-    idleTimeout?: number;
-}
-export declare class PostgresAdapter implements VelnAdapter {
-    private readonly sql;
-    onQuery?: (entry: QueryLogEntry) => void;
-    constructor(config: PostgresConfig);
-    query<T>(sql: string, params?: BindingValue[]): Promise<T[]>;
-    execute(sql: string, params?: BindingValue[]): Promise<ExecuteResult>;
-    transaction<T>(fn: (tx: VelnAdapter) => Promise<T>): Promise<T>;
-    close(): Promise<void>;
-}
-//# sourceMappingURL=postgres.d.ts.map

package/dist/core/src/adapter/postgres.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"postgres.d.ts","sourceRoot":"","sources":["../../../../../core/src/adapter/postgres.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,SAAS,CAAA;AAEtF,MAAM,WAAW,cAAc;IAC7B,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB;AAED,qBAAa,eAAgB,YAAW,WAAW;IAIjD,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAK;IACzB,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,CAAA;gBAE5B,MAAM,EAAE,cAAc;IAe5B,KAAK,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,GAAE,YAAY,EAAO,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC;IAQhE,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,GAAE,YAAY,EAAO,GAAG,OAAO,CAAC,aAAa,CAAC;IASzE,WAAW,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,WAAW,KAAK,OAAO,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC;IAgB/D,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;CAG7B"}

package/dist/core/src/adapter/resolve.d.ts

@@ -1,16 +0,0 @@
-import type { VelnAdapter } from './types';
-export type AdapterConfig = {
-    adapter: 'sqlite';
-    path?: string;
-} | {
-    adapter: 'postgres';
-    connectionString: string;
-    maxConnections?: number;
-} | {
-    adapter: 'mysql';
-    connectionString: string;
-    maxConnections?: number;
-};
-export declare function isVelnAdapter(value: unknown): value is VelnAdapter;
-export declare function resolveAdapter(config: AdapterConfig | VelnAdapter): VelnAdapter;
-//# sourceMappingURL=resolve.d.ts.map

package/dist/core/src/adapter/resolve.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"resolve.d.ts","sourceRoot":"","sources":["../../../../../core/src/adapter/resolve.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,SAAS,CAAA;AAE1C,MAAM,MAAM,aAAa,GACrB;IAAE,OAAO,EAAE,QAAQ,CAAC;IAAG,IAAI,CAAC,EAAE,MAAM,CAAA;CAAE,GACtC;IAAE,OAAO,EAAE,UAAU,CAAC;IAAC,gBAAgB,EAAE,MAAM,CAAC;IAAC,cAAc,CAAC,EAAE,MAAM,CAAA;CAAE,GAC1E;IAAE,OAAO,EAAE,OAAO,CAAC;IAAI,gBAAgB,EAAE,MAAM,CAAC;IAAC,cAAc,CAAC,EAAE,MAAM,CAAA;CAAE,CAAA;AAE9E,wBAAgB,aAAa,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,WAAW,CAOlE;AAED,wBAAgB,cAAc,CAAC,MAAM,EAAE,aAAa,GAAG,WAAW,GAAG,WAAW,CAwB/E"}

package/dist/core/src/adapter/sqlite.d.ts

@@ -1,17 +0,0 @@
-import type { VelnAdapter, BindingValue, ExecuteResult, QueryLogEntry } from './types';
-export interface SQLiteConfig {
-    path?: string;
-    wal?: boolean;
-}
-export declare class SQLiteAdapter implements VelnAdapter {
-    private readonly db;
-    private readonly _stmtCache;
-    onQuery?: (entry: QueryLogEntry) => void;
-    constructor(config?: SQLiteConfig | string);
-    private _prepare;
-    query<T>(sql: string, params?: BindingValue[]): Promise<T[]>;
-    execute(sql: string, params?: BindingValue[]): Promise<ExecuteResult>;
-    transaction<T>(fn: (tx: VelnAdapter) => Promise<T>): Promise<T>;
-    close(): Promise<void>;
-}
-//# sourceMappingURL=sqlite.d.ts.map

package/dist/core/src/adapter/sqlite.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"sqlite.d.ts","sourceRoot":"","sources":["../../../../../core/src/adapter/sqlite.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,SAAS,CAAA;AAEtF,MAAM,WAAW,YAAY;IAC3B,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,GAAG,CAAC,EAAE,OAAO,CAAA;CACd;AAMD,qBAAa,aAAc,YAAW,WAAW;IAC/C,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAU;IAI7B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAqD;IAChF,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,CAAA;gBAE5B,MAAM,GAAE,YAAY,GAAG,MAAW;IAS9C,OAAO,CAAC,QAAQ;IAkBV,KAAK,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,GAAE,YAAY,EAAO,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC;IAQhE,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,GAAE,YAAY,EAAO,GAAG,OAAO,CAAC,aAAa,CAAC;IAezE,WAAW,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,WAAW,KAAK,OAAO,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC;IAc/D,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;CAG7B"}

package/dist/core/src/adapter/types.d.ts

@@ -1,29 +0,0 @@
-export type BindingValue = string | number | bigint | boolean | null | Uint8Array;
-export interface ExecuteResult {
-    rowsAffected: number;
-    lastInsertId?: number | bigint;
-}
-/** Emitted by the adapter after every query() or execute() call. */
-export interface QueryLogEntry {
-    /** The SQL string that was executed. */
-    sql: string;
-    /** The bound parameter values. */
-    params: BindingValue[];
-    /** Wall-clock duration in milliseconds (performance.now() resolution). */
-    durationMs: number;
-    /** Whether the call was query() (returns rows) or execute() (DML/DDL). */
-    type: 'query' | 'execute';
-}
-export interface VelnAdapter {
-    query<T = Record<string, unknown>>(sql: string, params?: BindingValue[]): Promise<T[]>;
-    execute(sql: string, params?: BindingValue[]): Promise<ExecuteResult>;
-    transaction<T>(fn: (tx: VelnAdapter) => Promise<T>): Promise<T>;
-    close(): Promise<void>;
-    /**
-     * Optional query observer. When set, the adapter calls this after every
-     * query() and execute() with timing and SQL details.
-     * Set by dbPlugin when query logging is enabled — do not call directly.
-     */
-    onQuery?: (entry: QueryLogEntry) => void;
-}
-//# sourceMappingURL=types.d.ts.map

package/dist/core/src/adapter/types.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../../core/src/adapter/types.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,YAAY,GACpB,MAAM,GACN,MAAM,GACN,MAAM,GACN,OAAO,GACP,IAAI,GACJ,UAAU,CAAA;AAEd,MAAM,WAAW,aAAa;IAC5B,YAAY,EAAE,MAAM,CAAA;IAGpB,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,CAAA;CAC/B;AAED,oEAAoE;AACpE,MAAM,WAAW,aAAa;IAC5B,wCAAwC;IACxC,GAAG,EAAS,MAAM,CAAA;IAClB,kCAAkC;IAClC,MAAM,EAAM,YAAY,EAAE,CAAA;IAC1B,0EAA0E;IAC1E,UAAU,EAAE,MAAM,CAAA;IAClB,0EAA0E;IAC1E,IAAI,EAAQ,OAAO,GAAG,SAAS,CAAA;CAChC;AAED,MAAM,WAAW,WAAW;IAC1B,KAAK,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC,CAAA;IACtF,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,aAAa,CAAC,CAAA;IACrE,WAAW,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,WAAW,KAAK,OAAO,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAA;IAC/D,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;IACtB;;;;OAIG;IACH,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,CAAA;CACzC"}

package/dist/core/src/app/audit-wiring.d.ts

@@ -1,6 +0,0 @@
-import type { VelnAdapter } from '../adapter/types';
-import type { SchemaMap } from '../schema/table';
-import type { ModuleHookHandlers } from '../hooks/types';
-import type { AuditDeclaration } from './module';
-export declare function buildAuditHooks<T extends Record<string, unknown>, TCtx, S extends SchemaMap>(decl: AuditDeclaration<T, TCtx, S>, adapter: VelnAdapter): ModuleHookHandlers<T, unknown>;
-//# sourceMappingURL=audit-wiring.d.ts.map

package/dist/core/src/app/audit-wiring.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"audit-wiring.d.ts","sourceRoot":"","sources":["../../../../../core/src/app/audit-wiring.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAA;AACnD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAA;AAChD,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAA;AACxD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAA;AAkBhD,wBAAgB,eAAe,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,SAAS,SAAS,EAC1F,IAAI,EAAE,gBAAgB,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,EAClC,OAAO,EAAE,WAAW,GACnB,kBAAkB,CAAC,CAAC,EAAE,OAAO,CAAC,CAoEhC"}

package/dist/core/src/app/body-size-limit.d.ts

@@ -1,29 +0,0 @@
-import type { OnRequestHook } from './types';
-export interface BodySizeLimitOptions {
-    /**
-     * Maximum allowed body size in bytes.
-     * Default: 1_048_576 (1 MB)
-     */
-    maxSize?: number;
-    /** Response message when limit is exceeded. Default: 'Payload too large' */
-    message?: string;
-}
-/**
- * bodySizeLimitPlugin — rejects requests whose Content-Length exceeds maxSize.
- *
- * Returns an OnRequestHook — pass it to app.onRequest():
- *   app.onRequest(bodySizeLimitPlugin())                      // 1MB default
- *   app.onRequest(bodySizeLimitPlugin({ maxSize: 512_000 }))  // 512KB
- *
- * Checks the Content-Length header only — does not buffer or read the body.
- * Requests without Content-Length are passed through (streaming / chunked).
- * Returns 413 Payload Too Large on violation.
- *
- * @remarks
- * This plugin enforces limits based on the Content-Length header only.
- * Chunked transfer-encoding bypasses this check entirely.
- * For production deployments, configure body size limits at the reverse proxy level:
- * nginx: `client_max_body_size`, Caddy: `request_body { max_size }`.
- */
-export declare function bodySizeLimitPlugin(options?: BodySizeLimitOptions): OnRequestHook;
-//# sourceMappingURL=body-size-limit.d.ts.map

package/dist/core/src/app/body-size-limit.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"body-size-limit.d.ts","sourceRoot":"","sources":["../../../../../core/src/app/body-size-limit.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,SAAS,CAAA;AAG5C,MAAM,WAAW,oBAAoB;IACnC;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,4EAA4E;IAC5E,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,GAAE,oBAAyB,GAAG,aAAa,CAqBrF"}

package/dist/core/src/app/compression.d.ts

@@ -1,25 +0,0 @@
-import type { OnResponseHook } from './types';
-export interface CompressionOptions {
-    /**
-     * Compression algorithms to offer, in preference order.
-     * Default: `['gzip', 'deflate']`
-     *
-     * Bun 1.x provides `Bun.gzipSync` and `Bun.deflateSync` natively.
-     */
-    encodings?: Array<'gzip' | 'deflate'>;
-    /**
-     * Minimum response body size in bytes before compression is applied.
-     * Responses smaller than this are sent uncompressed.
-     * Default: `1024` (1 KB)
-     */
-    threshold?: number;
-    /**
-     * Maximum response body size in bytes to attempt compression.
-     * Responses larger than this are passed through uncompressed to avoid
-     * excessive memory usage when buffering very large responses.
-     * Default: `10485760` (10 MB)
-     */
-    maxSize?: number;
-}
-export declare function compressionPlugin(options?: CompressionOptions): OnResponseHook;
-//# sourceMappingURL=compression.d.ts.map

package/dist/core/src/app/compression.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"compression.d.ts","sourceRoot":"","sources":["../../../../../core/src/app/compression.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,SAAS,CAAA;AAK7C,MAAM,WAAW,kBAAkB;IACjC;;;;;OAKG;IACH,SAAS,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,SAAS,CAAC,CAAA;IAErC;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,CAAA;IAElB;;;;;OAKG;IACH,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB;AAmDD,wBAAgB,iBAAiB,CAAC,OAAO,GAAE,kBAAuB,GAAG,cAAc,CA4ClF"}

package/dist/core/src/app/cookies.d.ts

@@ -1,17 +0,0 @@
-export interface CookieOptions {
-    httpOnly?: boolean;
-    secure?: boolean;
-    sameSite?: 'Strict' | 'Lax' | 'None';
-    maxAge?: number;
-    path?: string;
-    domain?: string;
-}
-export interface CookieJar {
-    get(name: string): string | undefined;
-    set(name: string, value: string, options?: CookieOptions): void;
-    delete(name: string): void;
-    /** Framework-internal: returns all pending Set-Cookie header values */
-    _pending(): string[];
-}
-export declare function createCookieJar(req: Request): CookieJar;
-//# sourceMappingURL=cookies.d.ts.map

package/dist/core/src/app/cookies.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"cookies.d.ts","sourceRoot":"","sources":["../../../../../core/src/app/cookies.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,EAAE,OAAO,CAAA;IAClB,MAAM,CAAC,EAAI,OAAO,CAAA;IAClB,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAA;IACpC,MAAM,CAAC,EAAI,MAAM,CAAA;IACjB,IAAI,CAAC,EAAM,MAAM,CAAA;IACjB,MAAM,CAAC,EAAI,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,SAAS;IACxB,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAA;IACrC,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,aAAa,GAAG,IAAI,CAAA;IAC/D,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,uEAAuE;IACvE,QAAQ,IAAI,MAAM,EAAE,CAAA;CACrB;AAED,wBAAgB,eAAe,CAAC,GAAG,EAAE,OAAO,GAAG,SAAS,CAqDvD"}

package/dist/core/src/app/cors.d.ts

@@ -1,65 +0,0 @@
-import type { OnRequestHook, OnResponseHook } from './types';
-export interface CorsOptions {
-    /**
-     * Allowed origins. Can be:
-     * - `'*'`                  → any origin (not usable with credentials)
-     * - `string`               → single allowed origin
-     * - `string[]`             → list of allowed origins (matched against request Origin header)
-     * - `(origin: string) => boolean` → custom predicate
-     *
-     * Default: `'*'`
-     */
-    origin?: '*' | string | string[] | ((origin: string) => boolean);
-    /**
-     * HTTP methods allowed in CORS requests.
-     * Default: `['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS']`
-     */
-    methods?: string[];
-    /**
-     * Request headers the client is allowed to send.
-     * Default: `['Content-Type', 'Authorization', 'x-csrf-token']`
-     */
-    allowHeaders?: string[];
-    /**
-     * Response headers that the browser may expose to the client-side script.
-     * Default: `[]` (none exposed beyond the CORS-safelisted headers)
-     */
-    exposeHeaders?: string[];
-    /**
-     * Whether cross-origin requests may include credentials (cookies, auth headers).
-     * When true, `origin` must not be `'*'`.
-     * Default: `false`
-     */
-    credentials?: boolean;
-    /**
-     * How long (in seconds) the preflight result may be cached.
-     * Default: `86400` (24h)
-     */
-    maxAge?: number;
-}
-export interface CorsPlugin {
-    /**
-     * Register on `app.onRequest()`.
-     * Handles OPTIONS preflight requests — returns a 204 with CORS headers directly,
-     * short-circuiting the pipeline (no route handler runs for OPTIONS).
-     */
-    onRequest: OnRequestHook;
-    /**
-     * Register on `app.onResponse()`.
-     * Appends CORS headers to every response.
-     */
-    onResponse: OnResponseHook;
-}
-/**
- * corsPlugin — adds CORS headers to responses and handles preflight OPTIONS requests.
- *
- * Usage:
- *   const cors = corsPlugin({ origin: 'https://app.example.com', credentials: true })
- *   app.onRequest(cors.onRequest)
- *   app.onResponse(cors.onResponse)
- *
- * Preflight (OPTIONS) requests are short-circuited with a 204 — no route handler
- * runs. All other requests receive CORS headers in onResponse.
- */
-export declare function corsPlugin(options?: CorsOptions): CorsPlugin;
-//# sourceMappingURL=cors.d.ts.map

package/dist/core/src/app/cors.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"cors.d.ts","sourceRoot":"","sources":["../../../../../core/src/app/cors.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,SAAS,CAAA;AAK5D,MAAM,WAAW,WAAW;IAC1B;;;;;;;;OAQG;IACH,MAAM,CAAC,EAAE,GAAG,GAAG,MAAM,GAAG,MAAM,EAAE,GAAG,CAAC,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,CAAA;IAEhE;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,EAAE,CAAA;IAElB;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,EAAE,CAAA;IAEvB;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,EAAE,CAAA;IAExB;;;;OAIG;IACH,WAAW,CAAC,EAAE,OAAO,CAAA;IAErB;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAID,MAAM,WAAW,UAAU;IACzB;;;;OAIG;IACH,SAAS,EAAE,aAAa,CAAA;IACxB;;;OAGG;IACH,UAAU,EAAE,cAAc,CAAA;CAC3B;AAyBD;;;;;;;;;;GAUG;AACH,wBAAgB,UAAU,CAAC,OAAO,GAAE,WAAgB,GAAG,UAAU,CAsEhE"}

package/dist/core/src/app/csrf.d.ts

@@ -1,52 +0,0 @@
-import type { OnRequestHook, OnResponseHook } from './types';
-/**
- * Constant-time string comparison to prevent timing attacks.
- * Returns false immediately on length mismatch (length is not secret).
- * XORs all character codes and accumulates into a single result so the
- * comparison time is proportional to the string length, not the first mismatch.
- */
-export declare function timingSafeEqual(a: string, b: string): boolean;
-export interface CsrfOptions {
-    /** Cookie name that holds the CSRF token. Default: 'csrf_token' */
-    cookieName?: string;
-    /** Request header that must carry the token on state-changing requests. Default: 'x-csrf-token' */
-    headerName?: string;
-    /** Cookie Max-Age in seconds. Default: 86400 (24h) */
-    maxAge?: number;
-    /** Restrict cookie to HTTPS. Default: true (set false for local development) */
-    secure?: boolean;
-}
-export interface CsrfPlugin {
-    /**
-     * Register on app.onRequest() or module.onRequest().
-     * Validates the CSRF token on state-changing methods (POST/PUT/PATCH/DELETE).
-     * Returns a 403 response on mismatch — short-circuits the request lifecycle.
-     */
-    onRequest: OnRequestHook;
-    /**
-     * Register on app.onResponse() or module.onResponse().
-     * Sets a new CSRF token cookie on responses to safe methods (GET/HEAD/OPTIONS)
-     * when no valid token cookie exists yet.
-     */
-    onResponse: OnResponseHook;
-}
-/**
- * csrfPlugin — Double-Submit Cookie pattern. Stateless, no store required.
- *
- * Usage:
- *   const csrf = csrfPlugin()
- *   app.onRequest(csrf.onRequest)
- *   app.onResponse(csrf.onResponse)
- *
- * How it works:
- *   1. On GET/HEAD/OPTIONS — onResponse sets a readable cookie (httpOnly: false)
- *      so the client-side JS can read the token.
- *   2. On POST/PUT/PATCH/DELETE — onRequest reads the cookie value and compares
- *      it to the x-csrf-token request header. Mismatch or missing → 403.
- *
- * The Double-Submit Cookie pattern is stateless: the server never stores tokens.
- * Security relies on the same-origin policy: a cross-origin attacker can read
- * neither the cookie nor the custom header value.
- */
-export declare function csrfPlugin(options?: CsrfOptions): CsrfPlugin;
-//# sourceMappingURL=csrf.d.ts.map

package/dist/core/src/app/csrf.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"csrf.d.ts","sourceRoot":"","sources":["../../../../../core/src/app/csrf.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAW,aAAa,EAAE,cAAc,EAAE,MAAM,SAAS,CAAA;AAUrE;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAO7D;AAaD,MAAM,WAAW,WAAW;IAC1B,mEAAmE;IACnE,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,mGAAmG;IACnG,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,sDAAsD;IACtD,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,gFAAgF;IAChF,MAAM,CAAC,EAAE,OAAO,CAAA;CACjB;AAID,MAAM,WAAW,UAAU;IACzB;;;;OAIG;IACH,SAAS,EAAE,aAAa,CAAA;IACxB;;;;OAIG;IACH,UAAU,EAAE,cAAc,CAAA;CAC3B;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,UAAU,CAAC,OAAO,GAAE,WAAgB,GAAG,UAAU,CAiDhE"}

package/dist/core/src/app/health.d.ts

@@ -1,36 +0,0 @@
-import type { OnRequestHook } from './types';
-export interface HealthCheck {
-    (): Promise<{
-        ok: boolean;
-        details?: Record<string, unknown>;
-    }>;
-}
-export interface HealthPluginOptions {
-    /** Path for the liveness endpoint. Default: '/health' */
-    path?: string;
-    /** Path for the readiness endpoint. Default: '/ready' */
-    readyPath?: string;
-    /** Named checks to run for the readiness endpoint. */
-    checks?: Record<string, HealthCheck>;
-}
-/**
- * healthPlugin — adds /health and /ready endpoints for Kubernetes/load balancers.
- *
- * Usage:
- *   const health = healthPlugin({ checks: { db: async () => ({ ok: true }) } })
- *   app.onRequest(health.onRequest)
- *
- * GET /health  → 200 { status: 'ok', uptime: number }
- *   Always returns 200. Use for liveness probes (is the process alive?).
- *
- * GET /ready   → 200 { status: 'ready', checks: { db: { ok: true } } }
- *               → 503 { status: 'not_ready', checks: { db: { ok: false, error: '...' } } }
- *   Runs all checks. Use for readiness probes (is the service ready to serve traffic?).
- *
- * The health endpoints are intercepted in the onRequest phase — before auth plugins run.
- */
-export interface HealthPlugin {
-    onRequest: OnRequestHook;
-}
-export declare function healthPlugin(options?: HealthPluginOptions): HealthPlugin;
-//# sourceMappingURL=health.d.ts.map

package/dist/core/src/app/health.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"health.d.ts","sourceRoot":"","sources":["../../../../../core/src/app/health.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,SAAS,CAAA;AAK5C,MAAM,WAAW,WAAW;IAC1B,IAAI,OAAO,CAAC;QAAE,EAAE,EAAE,OAAO,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAE,CAAC,CAAA;CAChE;AAED,MAAM,WAAW,mBAAmB;IAClC,yDAAyD;IACzD,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,yDAAyD;IACzD,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,sDAAsD;IACtD,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAA;CACrC;AAID;;;;;;;;;;;;;;;GAeG;AACH,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,aAAa,CAAA;CACzB;AAED,wBAAgB,YAAY,CAAC,OAAO,GAAE,mBAAwB,GAAG,YAAY,CA4C5E"}