@passlock/server 2.1.0 → 2.2.1

package/dist/schemas/principal.d.ts

@@ -1,4 +1,9 @@
 import { Schema } from "effect";
+/**
+ * Schema for the principal payload produced after verifying an `id_token`.
+ *
+ * @category Principal
+ */
 export declare const PrincipalSchema: Schema.TaggedStruct<"Principal", {
     id: typeof Schema.String;
     authenticatorId: typeof Schema.String;
@@ -11,6 +16,12 @@ export declare const PrincipalSchema: Schema.TaggedStruct<"Principal", {
     }>>;
     userId: typeof Schema.String;
 }>;
+/**
+ * Principal payload describing a completed authentication or registration
+ * operation.
+ *
+ * @category Principal
+ */
 export type Principal = {
     readonly _tag: "Principal";
     readonly id: string;
@@ -24,7 +35,17 @@ export type Principal = {
     } | undefined;
     readonly expiresAt: number;
 };
+/**
+ * Type guard for {@link Principal}.
+ *
+ * @category Principal
+ */
 export declare const isPrincipal: (payload: unknown) => payload is Principal;
+/**
+ * Schema for the richer principal payload returned by `exchangeCode`.
+ *
+ * @category Principal
+ */
 export declare const ExtendedPrincipalSchema: Schema.TaggedStruct<"ExtendedPrincipal", {
     id: typeof Schema.String;
     authenticatorId: typeof Schema.String;
@@ -42,6 +63,14 @@ export declare const ExtendedPrincipalSchema: Schema.TaggedStruct<"ExtendedPrinc
         userAgent: Schema.optional<typeof Schema.String>;
     }>;
 }>;
+/**
+ * Extended principal payload returned by `exchangeCode`.
+ *
+ * In addition to the base principal fields it includes request metadata such as
+ * IP address and user agent when available.
+ *
+ * @category Principal
+ */
 export type ExtendedPrincipal = {
     readonly _tag: "ExtendedPrincipal";
     readonly id: string;
@@ -60,7 +89,17 @@ export type ExtendedPrincipal = {
         readonly userAgent?: string | undefined;
     };
 };
+/**
+ * Type guard for {@link ExtendedPrincipal}.
+ *
+ * @category Principal
+ */
 export declare const isExtendedPrincipal: (payload: unknown) => payload is ExtendedPrincipal;
+/**
+ * Schema for the Passlock JWT claims used by {@link PrincipalSchema}.
+ *
+ * @category Principal
+ */
 export declare const IdTokenSchema: Schema.TaggedStruct<"IdToken", {
     "a:id": typeof Schema.String;
     "a:typ": typeof Schema.String;
@@ -72,6 +111,12 @@ export declare const IdTokenSchema: Schema.TaggedStruct<"IdToken", {
     "pk:uv": typeof Schema.Boolean;
     sub: typeof Schema.String;
 }>;
+/**
+ * Decoded Passlock JWT claims used internally when verifying `id_token`
+ * payloads.
+ *
+ * @category Principal
+ */
 export type IdToken = {
     readonly "a:id": string;
     readonly "a:typ": string;
@@ -84,5 +129,10 @@ export type IdToken = {
     readonly sub: string;
     readonly _tag: "IdToken";
 };
+/**
+ * Type guard for {@link IdToken}.
+ *
+ * @category Principal
+ */
 export declare const isIdToken: (payload: unknown) => payload is IdToken;
 //# sourceMappingURL=principal.d.ts.map

package/dist/schemas/principal.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"principal.d.ts","sourceRoot":"","sources":["../../src/schemas/principal.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAK/B,eAAO,MAAM,eAAe;;;;;;;;;;;EAa1B,CAAA;AAEF,MAAM,MAAM,SAAS,GAAG;IACtB,QAAQ,CAAC,IAAI,EAAE,WAAW,CAAA;IAC1B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAA;IACnB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAA;IAChC,QAAQ,CAAC,iBAAiB,EAAE,SAAS,CAAA;IACrC,QAAQ,CAAC,OAAO,CAAC,EACb;QACE,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAA;QAC9B,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAA;KAC3B,GACD,SAAS,CAAA;IACb,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;CAC3B,CAAA;AAED,eAAO,MAAM,WAAW,GAAI,SAAS,OAAO,KAAG,OAAO,IAAI,SACrB,CAAA;AAIrC,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;EAqBnC,CAAA;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,QAAQ,CAAC,IAAI,EAAE,mBAAmB,CAAA;IAClC,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAA;IACnB,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAA;IAChC,QAAQ,CAAC,iBAAiB,EAAE,SAAS,CAAA;IACrC,QAAQ,CAAC,OAAO,CAAC,EACb;QACE,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAA;QAC9B,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAA;QAC1B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;KAC3C,GACD,SAAS,CAAA;IACb,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,QAAQ,EAAE;QACjB,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;QACvC,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;KACxC,CAAA;CACF,CAAA;AAED,eAAO,MAAM,mBAAmB,GAC9B,SAAS,OAAO,KACf,OAAO,IAAI,iBAAgE,CAAA;AAO9E,eAAO,MAAM,aAAa;;;;;;;;;;EAUxB,CAAA;AAEF,MAAM,MAAM,OAAO,GAAG;IACpB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;IACxB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAA;IACpB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAA;IACpB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAA;IACpB,QAAQ,CAAC,GAAG,EAAE,cAAc,CAAA;IAC5B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAA;IACpB,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAA;IACzB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAA;IACpB,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAA;CACzB,CAAA;AAED,eAAO,MAAM,SAAS,GAAI,SAAS,OAAO,KAAG,OAAO,IAAI,OACrB,CAAA"}
+{"version":3,"file":"principal.d.ts","sourceRoot":"","sources":["../../src/schemas/principal.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAK/B;;;;GAIG;AACH,eAAO,MAAM,eAAe;;;;;;;;;;;EAa1B,CAAA;AAEF;;;;;GAKG;AACH,MAAM,MAAM,SAAS,GAAG;IACtB,QAAQ,CAAC,IAAI,EAAE,WAAW,CAAA;IAC1B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAA;IACnB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAA;IAChC,QAAQ,CAAC,iBAAiB,EAAE,SAAS,CAAA;IACrC,QAAQ,CAAC,OAAO,CAAC,EACb;QACE,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAA;QAC9B,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAA;KAC3B,GACD,SAAS,CAAA;IACb,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;CAC3B,CAAA;AAED;;;;GAIG;AACH,eAAO,MAAM,WAAW,GAAI,SAAS,OAAO,KAAG,OAAO,IAAI,SACrB,CAAA;AAIrC;;;;GAIG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;EAqBnC,CAAA;AAED;;;;;;;GAOG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B,QAAQ,CAAC,IAAI,EAAE,mBAAmB,CAAA;IAClC,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAA;IACnB,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAA;IAChC,QAAQ,CAAC,iBAAiB,EAAE,SAAS,CAAA;IACrC,QAAQ,CAAC,OAAO,CAAC,EACb;QACE,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAA;QAC9B,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAA;QAC1B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;KAC3C,GACD,SAAS,CAAA;IACb,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,QAAQ,EAAE;QACjB,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;QACvC,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;KACxC,CAAA;CACF,CAAA;AAED;;;;GAIG;AACH,eAAO,MAAM,mBAAmB,GAC9B,SAAS,OAAO,KACf,OAAO,IAAI,iBAAgE,CAAA;AAO9E;;;;GAIG;AACH,eAAO,MAAM,aAAa;;;;;;;;;;EAUxB,CAAA;AAEF;;;;;GAKG;AACH,MAAM,MAAM,OAAO,GAAG;IACpB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;IACxB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAA;IACpB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAA;IACpB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAA;IACpB,QAAQ,CAAC,GAAG,EAAE,cAAc,CAAA;IAC5B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAA;IACpB,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAA;IACzB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAA;IACpB,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAA;CACzB,CAAA;AAED;;;;GAIG;AACH,eAAO,MAAM,SAAS,GAAI,SAAS,OAAO,KAAG,OAAO,IAAI,OACrB,CAAA"}

package/dist/schemas/principal.js

@@ -1,5 +1,10 @@
 import { Schema } from "effect";
 /* Principal */
+/**
+ * Schema for the principal payload produced after verifying an `id_token`.
+ *
+ * @category Principal
+ */
 export const PrincipalSchema = Schema.TaggedStruct("Principal", {
     id: Schema.String,
     authenticatorId: Schema.String,
@@ -12,7 +17,17 @@ export const PrincipalSchema = Schema.TaggedStruct("Principal", {
     })),
     userId: Schema.String,
 });
+/**
+ * Type guard for {@link Principal}.
+ *
+ * @category Principal
+ */
 export const isPrincipal = (payload) => Schema.is(PrincipalSchema)(payload);
+/**
+ * Schema for the richer principal payload returned by `exchangeCode`.
+ *
+ * @category Principal
+ */
 export const ExtendedPrincipalSchema = Schema.TaggedStruct("ExtendedPrincipal", {
     id: Schema.String,
     authenticatorId: Schema.String,
@@ -30,7 +45,17 @@ export const ExtendedPrincipalSchema = Schema.TaggedStruct("ExtendedPrincipal",
         userAgent: Schema.optional(Schema.String),
     }),
 });
+/**
+ * Type guard for {@link ExtendedPrincipal}.
+ *
+ * @category Principal
+ */
 export const isExtendedPrincipal = (payload) => Schema.is(ExtendedPrincipalSchema)(payload);
+/**
+ * Schema for the Passlock JWT claims used by {@link PrincipalSchema}.
+ *
+ * @category Principal
+ */
 export const IdTokenSchema = Schema.TaggedStruct("IdToken", {
     "a:id": Schema.String,
     "a:typ": Schema.String,
@@ -42,5 +67,10 @@ export const IdTokenSchema = Schema.TaggedStruct("IdToken", {
     "pk:uv": Schema.Boolean,
     sub: Schema.String,
 });
+/**
+ * Type guard for {@link IdToken}.
+ *
+ * @category Principal
+ */
 export const isIdToken = (payload) => Schema.is(IdTokenSchema)(payload);
 //# sourceMappingURL=principal.js.map

package/dist/schemas/principal.js.map

@@ -1 +1 @@
-{"version":3,"file":"principal.js","sourceRoot":"","sources":["../../src/schemas/principal.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAG/B,eAAe;AAEf,MAAM,CAAC,MAAM,eAAe,GAAG,MAAM,CAAC,YAAY,CAAC,WAAW,EAAE;IAC9D,EAAE,EAAE,MAAM,CAAC,MAAM;IACjB,eAAe,EAAE,MAAM,CAAC,MAAM;IAC9B,iBAAiB,EAAE,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC;IAC5C,SAAS,EAAE,MAAM,CAAC,MAAM;IACxB,SAAS,EAAE,MAAM,CAAC,MAAM;IACxB,OAAO,EAAE,MAAM,CAAC,QAAQ,CACtB,MAAM,CAAC,MAAM,CAAC;QACZ,YAAY,EAAE,MAAM,CAAC,OAAO;QAC5B,QAAQ,EAAE,MAAM,CAAC,OAAO;KACzB,CAAC,CACH;IACD,MAAM,EAAE,MAAM,CAAC,MAAM;CACtB,CAAC,CAAA;AAkBF,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,OAAgB,EAAwB,EAAE,CACpE,MAAM,CAAC,EAAE,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,CAAA;AAIrC,MAAM,CAAC,MAAM,uBAAuB,GAAG,MAAM,CAAC,YAAY,CACxD,mBAAmB,EACnB;IACE,EAAE,EAAE,MAAM,CAAC,MAAM;IACjB,eAAe,EAAE,MAAM,CAAC,MAAM;IAC9B,iBAAiB,EAAE,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC;IAC5C,SAAS,EAAE,MAAM,CAAC,MAAM;IACxB,SAAS,EAAE,MAAM,CAAC,MAAM;IACxB,OAAO,EAAE,MAAM,CAAC,QAAQ,CACtB,MAAM,CAAC,MAAM,CAAC;QACZ,YAAY,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;QAC5C,YAAY,EAAE,MAAM,CAAC,OAAO;QAC5B,QAAQ,EAAE,MAAM,CAAC,OAAO;KACzB,CAAC,CACH;IACD,MAAM,EAAE,MAAM,CAAC,MAAM;IACrB,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC;QACtB,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;QACzC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;KAC1C,CAAC;CACH,CACF,CAAA;AAuBD,MAAM,CAAC,MAAM,mBAAmB,GAAG,CACjC,OAAgB,EACc,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,uBAAuB,CAAC,CAAC,OAAO,CAAC,CAAA;AAO9E,MAAM,CAAC,MAAM,aAAa,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,EAAE;IAC1D,MAAM,EAAE,MAAM,CAAC,MAAM;IACrB,OAAO,EAAE,MAAM,CAAC,MAAM;IACtB,GAAG,EAAE,MAAM,CAAC,MAAM;IAClB,GAAG,EAAE,MAAM,CAAC,MAAM;IAClB,GAAG,EAAE,MAAM,CAAC,MAAM;IAClB,GAAG,EAAE,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC;IACnC,GAAG,EAAE,MAAM,CAAC,MAAM;IAClB,OAAO,EAAE,MAAM,CAAC,OAAO;IACvB,GAAG,EAAE,MAAM,CAAC,MAAM;CACnB,CAAC,CAAA;AAeF,MAAM,CAAC,MAAM,SAAS,GAAG,CAAC,OAAgB,EAAsB,EAAE,CAChE,MAAM,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,OAAO,CAAC,CAAA","sourcesContent":["import { Schema } from \"effect\"\nimport type { satisfy } from \"./satisfy.js\"\n\n/* Principal */\n\nexport const PrincipalSchema = Schema.TaggedStruct(\"Principal\", {\n  id: Schema.String,\n  authenticatorId: Schema.String,\n  authenticatorType: Schema.Literal(\"passkey\"),\n  createdAt: Schema.Number,\n  expiresAt: Schema.Number,\n  passkey: Schema.optional(\n    Schema.Struct({\n      userVerified: Schema.Boolean,\n      verified: Schema.Boolean,\n    })\n  ),\n  userId: Schema.String,\n})\n\nexport type Principal = {\n  readonly _tag: \"Principal\"\n  readonly id: string\n  readonly userId: string\n  readonly createdAt: number\n  readonly authenticatorId: string\n  readonly authenticatorType: \"passkey\"\n  readonly passkey?:\n    | {\n        readonly userVerified: boolean\n        readonly verified: boolean\n      }\n    | undefined\n  readonly expiresAt: number\n}\n\nexport const isPrincipal = (payload: unknown): payload is Principal =>\n  Schema.is(PrincipalSchema)(payload)\n\ntype _Principal = satisfy<typeof PrincipalSchema.Type, Principal>\n\nexport const ExtendedPrincipalSchema = Schema.TaggedStruct(\n  \"ExtendedPrincipal\",\n  {\n    id: Schema.String,\n    authenticatorId: Schema.String,\n    authenticatorType: Schema.Literal(\"passkey\"),\n    createdAt: Schema.Number,\n    expiresAt: Schema.Number,\n    passkey: Schema.optional(\n      Schema.Struct({\n        platformName: Schema.optional(Schema.String),\n        userVerified: Schema.Boolean,\n        verified: Schema.Boolean,\n      })\n    ),\n    userId: Schema.String,\n    metadata: Schema.Struct({\n      ipAddress: Schema.optional(Schema.String),\n      userAgent: Schema.optional(Schema.String),\n    }),\n  }\n)\n\nexport type ExtendedPrincipal = {\n  readonly _tag: \"ExtendedPrincipal\"\n  readonly id: string\n  readonly authenticatorId: string\n  readonly authenticatorType: \"passkey\"\n  readonly passkey?:\n    | {\n        readonly userVerified: boolean\n        readonly verified: boolean\n        readonly platformName?: string | undefined\n      }\n    | undefined\n  readonly createdAt: number\n  readonly expiresAt: number\n  readonly userId: string\n  readonly metadata: {\n    readonly ipAddress?: string | undefined\n    readonly userAgent?: string | undefined\n  }\n}\n\nexport const isExtendedPrincipal = (\n  payload: unknown\n): payload is ExtendedPrincipal => Schema.is(ExtendedPrincipalSchema)(payload)\n\ntype _ExtendedPrincipal = satisfy<\n  typeof ExtendedPrincipalSchema.Type,\n  ExtendedPrincipal\n>\n\nexport const IdTokenSchema = Schema.TaggedStruct(\"IdToken\", {\n  \"a:id\": Schema.String,\n  \"a:typ\": Schema.String,\n  aud: Schema.String,\n  exp: Schema.Number,\n  iat: Schema.Number,\n  iss: Schema.Literal(\"passlock.dev\"),\n  jti: Schema.String,\n  \"pk:uv\": Schema.Boolean,\n  sub: Schema.String,\n})\n\nexport type IdToken = {\n  readonly \"a:id\": string\n  readonly \"a:typ\": string\n  readonly aud: string\n  readonly exp: number\n  readonly iat: number\n  readonly iss: \"passlock.dev\"\n  readonly jti: string\n  readonly \"pk:uv\": boolean\n  readonly sub: string\n  readonly _tag: \"IdToken\"\n}\n\nexport const isIdToken = (payload: unknown): payload is IdToken =>\n  Schema.is(IdTokenSchema)(payload)\n\ntype _IdToken = satisfy<typeof IdTokenSchema.Type, IdToken>\n"]}
+{"version":3,"file":"principal.js","sourceRoot":"","sources":["../../src/schemas/principal.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAG/B,eAAe;AAEf;;;;GAIG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,MAAM,CAAC,YAAY,CAAC,WAAW,EAAE;IAC9D,EAAE,EAAE,MAAM,CAAC,MAAM;IACjB,eAAe,EAAE,MAAM,CAAC,MAAM;IAC9B,iBAAiB,EAAE,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC;IAC5C,SAAS,EAAE,MAAM,CAAC,MAAM;IACxB,SAAS,EAAE,MAAM,CAAC,MAAM;IACxB,OAAO,EAAE,MAAM,CAAC,QAAQ,CACtB,MAAM,CAAC,MAAM,CAAC;QACZ,YAAY,EAAE,MAAM,CAAC,OAAO;QAC5B,QAAQ,EAAE,MAAM,CAAC,OAAO;KACzB,CAAC,CACH;IACD,MAAM,EAAE,MAAM,CAAC,MAAM;CACtB,CAAC,CAAA;AAwBF;;;;GAIG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,OAAgB,EAAwB,EAAE,CACpE,MAAM,CAAC,EAAE,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,CAAA;AAIrC;;;;GAIG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,MAAM,CAAC,YAAY,CACxD,mBAAmB,EACnB;IACE,EAAE,EAAE,MAAM,CAAC,MAAM;IACjB,eAAe,EAAE,MAAM,CAAC,MAAM;IAC9B,iBAAiB,EAAE,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC;IAC5C,SAAS,EAAE,MAAM,CAAC,MAAM;IACxB,SAAS,EAAE,MAAM,CAAC,MAAM;IACxB,OAAO,EAAE,MAAM,CAAC,QAAQ,CACtB,MAAM,CAAC,MAAM,CAAC;QACZ,YAAY,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;QAC5C,YAAY,EAAE,MAAM,CAAC,OAAO;QAC5B,QAAQ,EAAE,MAAM,CAAC,OAAO;KACzB,CAAC,CACH;IACD,MAAM,EAAE,MAAM,CAAC,MAAM;IACrB,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC;QACtB,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;QACzC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;KAC1C,CAAC;CACH,CACF,CAAA;AA+BD;;;;GAIG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CACjC,OAAgB,EACc,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,uBAAuB,CAAC,CAAC,OAAO,CAAC,CAAA;AAO9E;;;;GAIG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,EAAE;IAC1D,MAAM,EAAE,MAAM,CAAC,MAAM;IACrB,OAAO,EAAE,MAAM,CAAC,MAAM;IACtB,GAAG,EAAE,MAAM,CAAC,MAAM;IAClB,GAAG,EAAE,MAAM,CAAC,MAAM;IAClB,GAAG,EAAE,MAAM,CAAC,MAAM;IAClB,GAAG,EAAE,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC;IACnC,GAAG,EAAE,MAAM,CAAC,MAAM;IAClB,OAAO,EAAE,MAAM,CAAC,OAAO;IACvB,GAAG,EAAE,MAAM,CAAC,MAAM;CACnB,CAAC,CAAA;AAqBF;;;;GAIG;AACH,MAAM,CAAC,MAAM,SAAS,GAAG,CAAC,OAAgB,EAAsB,EAAE,CAChE,MAAM,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,OAAO,CAAC,CAAA","sourcesContent":["import { Schema } from \"effect\"\nimport type { satisfy } from \"./satisfy.js\"\n\n/* Principal */\n\n/**\n * Schema for the principal payload produced after verifying an `id_token`.\n *\n * @category Principal\n */\nexport const PrincipalSchema = Schema.TaggedStruct(\"Principal\", {\n  id: Schema.String,\n  authenticatorId: Schema.String,\n  authenticatorType: Schema.Literal(\"passkey\"),\n  createdAt: Schema.Number,\n  expiresAt: Schema.Number,\n  passkey: Schema.optional(\n    Schema.Struct({\n      userVerified: Schema.Boolean,\n      verified: Schema.Boolean,\n    })\n  ),\n  userId: Schema.String,\n})\n\n/**\n * Principal payload describing a completed authentication or registration\n * operation.\n *\n * @category Principal\n */\nexport type Principal = {\n  readonly _tag: \"Principal\"\n  readonly id: string\n  readonly userId: string\n  readonly createdAt: number\n  readonly authenticatorId: string\n  readonly authenticatorType: \"passkey\"\n  readonly passkey?:\n    | {\n        readonly userVerified: boolean\n        readonly verified: boolean\n      }\n    | undefined\n  readonly expiresAt: number\n}\n\n/**\n * Type guard for {@link Principal}.\n *\n * @category Principal\n */\nexport const isPrincipal = (payload: unknown): payload is Principal =>\n  Schema.is(PrincipalSchema)(payload)\n\ntype _Principal = satisfy<typeof PrincipalSchema.Type, Principal>\n\n/**\n * Schema for the richer principal payload returned by `exchangeCode`.\n *\n * @category Principal\n */\nexport const ExtendedPrincipalSchema = Schema.TaggedStruct(\n  \"ExtendedPrincipal\",\n  {\n    id: Schema.String,\n    authenticatorId: Schema.String,\n    authenticatorType: Schema.Literal(\"passkey\"),\n    createdAt: Schema.Number,\n    expiresAt: Schema.Number,\n    passkey: Schema.optional(\n      Schema.Struct({\n        platformName: Schema.optional(Schema.String),\n        userVerified: Schema.Boolean,\n        verified: Schema.Boolean,\n      })\n    ),\n    userId: Schema.String,\n    metadata: Schema.Struct({\n      ipAddress: Schema.optional(Schema.String),\n      userAgent: Schema.optional(Schema.String),\n    }),\n  }\n)\n\n/**\n * Extended principal payload returned by `exchangeCode`.\n *\n * In addition to the base principal fields it includes request metadata such as\n * IP address and user agent when available.\n *\n * @category Principal\n */\nexport type ExtendedPrincipal = {\n  readonly _tag: \"ExtendedPrincipal\"\n  readonly id: string\n  readonly authenticatorId: string\n  readonly authenticatorType: \"passkey\"\n  readonly passkey?:\n    | {\n        readonly userVerified: boolean\n        readonly verified: boolean\n        readonly platformName?: string | undefined\n      }\n    | undefined\n  readonly createdAt: number\n  readonly expiresAt: number\n  readonly userId: string\n  readonly metadata: {\n    readonly ipAddress?: string | undefined\n    readonly userAgent?: string | undefined\n  }\n}\n\n/**\n * Type guard for {@link ExtendedPrincipal}.\n *\n * @category Principal\n */\nexport const isExtendedPrincipal = (\n  payload: unknown\n): payload is ExtendedPrincipal => Schema.is(ExtendedPrincipalSchema)(payload)\n\ntype _ExtendedPrincipal = satisfy<\n  typeof ExtendedPrincipalSchema.Type,\n  ExtendedPrincipal\n>\n\n/**\n * Schema for the Passlock JWT claims used by {@link PrincipalSchema}.\n *\n * @category Principal\n */\nexport const IdTokenSchema = Schema.TaggedStruct(\"IdToken\", {\n  \"a:id\": Schema.String,\n  \"a:typ\": Schema.String,\n  aud: Schema.String,\n  exp: Schema.Number,\n  iat: Schema.Number,\n  iss: Schema.Literal(\"passlock.dev\"),\n  jti: Schema.String,\n  \"pk:uv\": Schema.Boolean,\n  sub: Schema.String,\n})\n\n/**\n * Decoded Passlock JWT claims used internally when verifying `id_token`\n * payloads.\n *\n * @category Principal\n */\nexport type IdToken = {\n  readonly \"a:id\": string\n  readonly \"a:typ\": string\n  readonly aud: string\n  readonly exp: number\n  readonly iat: number\n  readonly iss: \"passlock.dev\"\n  readonly jti: string\n  readonly \"pk:uv\": boolean\n  readonly sub: string\n  readonly _tag: \"IdToken\"\n}\n\n/**\n * Type guard for {@link IdToken}.\n *\n * @category Principal\n */\nexport const isIdToken = (payload: unknown): payload is IdToken =>\n  Schema.is(IdTokenSchema)(payload)\n\ntype _IdToken = satisfy<typeof IdTokenSchema.Type, IdToken>\n"]}

package/dist/schemas/signup.d.ts

@@ -1,13 +1,33 @@
 import { Schema } from "effect";
+/**
+ * Schema for the signup payload accepted by Passlock signup flows.
+ *
+ * @category Signup
+ */
 export declare const SignupPayload: Schema.Struct<{
     email: typeof Schema.String;
     firstName: typeof Schema.String;
     lastName: typeof Schema.String;
 }>;
+/**
+ * Type produced by {@link SignupPayload}.
+ *
+ * @category Signup
+ */
 export type SignupPayload = typeof SignupPayload.Type;
+/**
+ * Schema for tenancy credentials returned after signup.
+ *
+ * @category Signup
+ */
 export declare const TenancyData: Schema.TaggedStruct<"TenancyData", {
     apiKey: Schema.Redacted<typeof Schema.String>;
     tenancyId: typeof Schema.String;
 }>;
+/**
+ * Type produced by {@link TenancyData}.
+ *
+ * @category Signup
+ */
 export type TenancyData = typeof TenancyData.Type;
 //# sourceMappingURL=signup.d.ts.map

package/dist/schemas/signup.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"signup.d.ts","sourceRoot":"","sources":["../../src/schemas/signup.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAE/B,eAAO,MAAM,aAAa;;;;EAIxB,CAAA;AAEF,MAAM,MAAM,aAAa,GAAG,OAAO,aAAa,CAAC,IAAI,CAAA;AAErD,eAAO,MAAM,WAAW;;;EAGtB,CAAA;AAEF,MAAM,MAAM,WAAW,GAAG,OAAO,WAAW,CAAC,IAAI,CAAA"}
+{"version":3,"file":"signup.d.ts","sourceRoot":"","sources":["../../src/schemas/signup.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAE/B;;;;GAIG;AACH,eAAO,MAAM,aAAa;;;;EAIxB,CAAA;AAEF;;;;GAIG;AACH,MAAM,MAAM,aAAa,GAAG,OAAO,aAAa,CAAC,IAAI,CAAA;AAErD;;;;GAIG;AACH,eAAO,MAAM,WAAW;;;EAGtB,CAAA;AAEF;;;;GAIG;AACH,MAAM,MAAM,WAAW,GAAG,OAAO,WAAW,CAAC,IAAI,CAAA"}

package/dist/schemas/signup.js

@@ -1,9 +1,19 @@
 import { Schema } from "effect";
+/**
+ * Schema for the signup payload accepted by Passlock signup flows.
+ *
+ * @category Signup
+ */
 export const SignupPayload = Schema.Struct({
     email: Schema.String,
     firstName: Schema.String,
     lastName: Schema.String,
 });
+/**
+ * Schema for tenancy credentials returned after signup.
+ *
+ * @category Signup
+ */
 export const TenancyData = Schema.TaggedStruct("TenancyData", {
     apiKey: Schema.Redacted(Schema.String),
     tenancyId: Schema.String,

package/dist/schemas/signup.js.map

@@ -1 +1 @@
-{"version":3,"file":"signup.js","sourceRoot":"","sources":["../../src/schemas/signup.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAE/B,MAAM,CAAC,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC;IACzC,KAAK,EAAE,MAAM,CAAC,MAAM;IACpB,SAAS,EAAE,MAAM,CAAC,MAAM;IACxB,QAAQ,EAAE,MAAM,CAAC,MAAM;CACxB,CAAC,CAAA;AAIF,MAAM,CAAC,MAAM,WAAW,GAAG,MAAM,CAAC,YAAY,CAAC,aAAa,EAAE;IAC5D,MAAM,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;IACtC,SAAS,EAAE,MAAM,CAAC,MAAM;CACzB,CAAC,CAAA","sourcesContent":["import { Schema } from \"effect\"\n\nexport const SignupPayload = Schema.Struct({\n  email: Schema.String,\n  firstName: Schema.String,\n  lastName: Schema.String,\n})\n\nexport type SignupPayload = typeof SignupPayload.Type\n\nexport const TenancyData = Schema.TaggedStruct(\"TenancyData\", {\n  apiKey: Schema.Redacted(Schema.String),\n  tenancyId: Schema.String,\n})\n\nexport type TenancyData = typeof TenancyData.Type\n"]}
+{"version":3,"file":"signup.js","sourceRoot":"","sources":["../../src/schemas/signup.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAE/B;;;;GAIG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC;IACzC,KAAK,EAAE,MAAM,CAAC,MAAM;IACpB,SAAS,EAAE,MAAM,CAAC,MAAM;IACxB,QAAQ,EAAE,MAAM,CAAC,MAAM;CACxB,CAAC,CAAA;AASF;;;;GAIG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,MAAM,CAAC,YAAY,CAAC,aAAa,EAAE;IAC5D,MAAM,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;IACtC,SAAS,EAAE,MAAM,CAAC,MAAM;CACzB,CAAC,CAAA","sourcesContent":["import { Schema } from \"effect\"\n\n/**\n * Schema for the signup payload accepted by Passlock signup flows.\n *\n * @category Signup\n */\nexport const SignupPayload = Schema.Struct({\n  email: Schema.String,\n  firstName: Schema.String,\n  lastName: Schema.String,\n})\n\n/**\n * Type produced by {@link SignupPayload}.\n *\n * @category Signup\n */\nexport type SignupPayload = typeof SignupPayload.Type\n\n/**\n * Schema for tenancy credentials returned after signup.\n *\n * @category Signup\n */\nexport const TenancyData = Schema.TaggedStruct(\"TenancyData\", {\n  apiKey: Schema.Redacted(Schema.String),\n  tenancyId: Schema.String,\n})\n\n/**\n * Type produced by {@link TenancyData}.\n *\n * @category Signup\n */\nexport type TenancyData = typeof TenancyData.Type\n"]}

package/dist/shared.d.ts

@@ -1,11 +1,29 @@
+/**
+ * Base options accepted by most `@passlock/server` operations.
+ *
+ * @category Configuration
+ */
 export type PasslockOptions = {
+    /**
+     * Identifier of the Passlock tenancy the request is scoped to.
+     */
     tenancyId: string;
     /**
+     * Override the default Passlock API base URL.
+     *
      * @default https://api.passlock.dev
      */
     endpoint?: string;
 };
+/**
+ * Request options for operations that call authenticated Passlock REST APIs.
+ *
+ * @category Configuration
+ */
 export interface AuthenticatedOptions extends PasslockOptions {
+    /**
+     * Secret API key used to authenticate the request.
+     */
     apiKey: string;
 }
 export declare class UnexpectedError extends Error {

package/dist/shared.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"shared.d.ts","sourceRoot":"","sources":["../src/shared.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,eAAe,GAAG;IAC5B,SAAS,EAAE,MAAM,CAAA;IAEjB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB,CAAA;AAED,MAAM,WAAW,oBAAqB,SAAQ,eAAe;IAC3D,MAAM,EAAE,MAAM,CAAA;CACf;AAED,qBAAa,eAAgB,SAAQ,KAAK;IACxC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;gBAET,IAAI,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE;IAKnD,SAAkB,QAAQ,QAAO,MAAM,CACC;CACzC"}
+{"version":3,"file":"shared.d.ts","sourceRoot":"","sources":["../src/shared.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,MAAM,MAAM,eAAe,GAAG;IAC5B;;OAEG;IACH,SAAS,EAAE,MAAM,CAAA;IAEjB;;;;OAIG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB,CAAA;AAED;;;;GAIG;AACH,MAAM,WAAW,oBAAqB,SAAQ,eAAe;IAC3D;;OAEG;IACH,MAAM,EAAE,MAAM,CAAA;CACf;AAED,qBAAa,eAAgB,SAAQ,KAAK;IACxC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;gBAET,IAAI,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE;IAKnD,SAAkB,QAAQ,QAAO,MAAM,CACC;CACzC"}

package/dist/shared.js.map

@@ -1 +1 @@
-{"version":3,"file":"shared.js","sourceRoot":"","sources":["../src/shared.ts"],"names":[],"mappings":"AAaA,MAAM,OAAO,eAAgB,SAAQ,KAAK;IAC/B,IAAI,CAAQ;IAErB,YAAY,IAAuC;QACjD,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QACnB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAA;IACvB,CAAC;IAEiB,QAAQ,GAAG,GAAW,EAAE,CACxC,GAAG,IAAI,CAAC,OAAO,WAAW,IAAI,CAAC,IAAI,GAAG,CAAA;CACzC","sourcesContent":["export type PasslockOptions = {\n  tenancyId: string\n\n  /**\n   * @default https://api.passlock.dev\n   */\n  endpoint?: string\n}\n\nexport interface AuthenticatedOptions extends PasslockOptions {\n  apiKey: string\n}\n\nexport class UnexpectedError extends Error {\n  readonly _tag: string\n\n  constructor(data: { _tag: string; message: string }) {\n    super(data.message)\n    this._tag = data._tag\n  }\n\n  override readonly toString = (): string =>\n    `${this.message} (_tag: ${this._tag})`\n}\n"]}
+{"version":3,"file":"shared.js","sourceRoot":"","sources":["../src/shared.ts"],"names":[],"mappings":"AA+BA,MAAM,OAAO,eAAgB,SAAQ,KAAK;IAC/B,IAAI,CAAQ;IAErB,YAAY,IAAuC;QACjD,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QACnB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAA;IACvB,CAAC;IAEiB,QAAQ,GAAG,GAAW,EAAE,CACxC,GAAG,IAAI,CAAC,OAAO,WAAW,IAAI,CAAC,IAAI,GAAG,CAAA;CACzC","sourcesContent":["/**\n * Base options accepted by most `@passlock/server` operations.\n *\n * @category Configuration\n */\nexport type PasslockOptions = {\n  /**\n   * Identifier of the Passlock tenancy the request is scoped to.\n   */\n  tenancyId: string\n\n  /**\n   * Override the default Passlock API base URL.\n   *\n   * @default https://api.passlock.dev\n   */\n  endpoint?: string\n}\n\n/**\n * Request options for operations that call authenticated Passlock REST APIs.\n *\n * @category Configuration\n */\nexport interface AuthenticatedOptions extends PasslockOptions {\n  /**\n   * Secret API key used to authenticate the request.\n   */\n  apiKey: string\n}\n\nexport class UnexpectedError extends Error {\n  readonly _tag: string\n\n  constructor(data: { _tag: string; message: string }) {\n    super(data.message)\n    this._tag = data._tag\n  }\n\n  override readonly toString = (): string =>\n    `${this.message} (_tag: ${this._tag})`\n}\n"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@passlock/server",
-  "version": "2.1.0",
+  "version": "2.2.1",
   "description": "Passkey authentication library for Fetch capable backends (Node, Bun, Vercel, Cloudflare workers etc.)",
   "keywords": [
     "passkey",
@@ -51,14 +51,14 @@
     "!dist/**/*.spec.*"
   ],
   "dependencies": {
-    "effect": "3.19.19",
-    "jose": "^6.2.0"
+    "effect": "3.20.0",
+    "jose": "^6.2.2"
   },
   "devDependencies": {
-    "@biomejs/biome": "^2.4.6",
-    "@effect/vitest": "^0.27.0",
+    "@biomejs/biome": "^2.4.8",
+    "@effect/vitest": "^0.28.0",
     "globals": "^17.4.0",
-    "npm-check-updates": "^19.6.3",
+    "npm-check-updates": "^19.6.5",
     "publint": "0.3.18",
     "rimraf": "^6.1.3",
     "tsx": "4.21.0",