@prmichaelsen/agentbase-core 0.1.0

package/dist/lib/logger.d.ts

@@ -0,0 +1,42 @@
+interface LogContext {
+    [key: string]: any;
+}
+/**
+ * Sanitization utilities for secure logging
+ */
+/**
+ * Sanitize tokens by returning only a hash prefix
+ * Prevents token exposure while maintaining debuggability
+ */
+export declare function sanitizeToken(token: string | undefined | null): string;
+/**
+ * Sanitize email addresses
+ * Shows first 2 chars of local part + domain
+ */
+export declare function sanitizeEmail(email: string | undefined | null): string;
+/**
+ * Sanitize user IDs
+ * Shows only first 8 characters with prefix
+ */
+export declare function sanitizeUserId(userId: string | undefined | null): string;
+/**
+ * Sanitize objects by redacting sensitive fields
+ * Automatically redacts fields containing: token, password, secret, key, authorization
+ */
+export declare function sanitizeObject(obj: any): any;
+declare class Logger {
+    private context;
+    constructor(context: string);
+    private log;
+    debug(message: string, data?: LogContext): void;
+    info(message: string, data?: LogContext): void;
+    warn(message: string, data?: LogContext): void;
+    error(message: string, error?: Error | any, data?: LogContext): void;
+}
+export declare function createLogger(context: string): Logger;
+export declare const authLogger: Logger;
+export declare const apiLogger: Logger;
+export declare const dbLogger: Logger;
+export declare const chatLogger: Logger;
+export {};
+//# sourceMappingURL=logger.d.ts.map

package/dist/lib/logger.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../../src/lib/logger.ts"],"names":[],"mappings":"AAIA,UAAU,UAAU;IAClB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB;AAED;;GAEG;AAEH;;;GAGG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,GAAG,MAAM,CAItE;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,GAAG,MAAM,CAKtE;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,GAAG,MAAM,CAGxE;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,GAAG,GAAG,GAAG,CAqB5C;AAED,cAAM,MAAM;IACV,OAAO,CAAC,OAAO,CAAS;gBAEZ,OAAO,EAAE,MAAM;IAI3B,OAAO,CAAC,GAAG;IAsBX,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,UAAU;IAIxC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,UAAU;IAIvC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,UAAU;IAIvC,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK,GAAG,GAAG,EAAE,IAAI,CAAC,EAAE,UAAU;CAS9D;AAED,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAEpD;AAGD,eAAO,MAAM,UAAU,QAAuB,CAAC;AAC/C,eAAO,MAAM,SAAS,QAAsB,CAAC;AAC7C,eAAO,MAAM,QAAQ,QAA2B,CAAC;AACjD,eAAO,MAAM,UAAU,QAAuB,CAAC"}

package/dist/lib/logger.js

@@ -0,0 +1,112 @@
+import { createHash } from 'crypto';
+/**
+ * Sanitization utilities for secure logging
+ */
+/**
+ * Sanitize tokens by returning only a hash prefix
+ * Prevents token exposure while maintaining debuggability
+ */
+export function sanitizeToken(token) {
+    if (!token)
+        return '[empty]';
+    const hash = createHash('sha256').update(token).digest('hex');
+    return `${hash.substring(0, 8)}...`;
+}
+/**
+ * Sanitize email addresses
+ * Shows first 2 chars of local part + domain
+ */
+export function sanitizeEmail(email) {
+    if (!email)
+        return '[empty]';
+    const [local, domain] = email.split('@');
+    if (!domain)
+        return '[invalid]';
+    return `${local.substring(0, 2)}***@${domain}`;
+}
+/**
+ * Sanitize user IDs
+ * Shows only first 8 characters with prefix
+ */
+export function sanitizeUserId(userId) {
+    if (!userId)
+        return '[empty]';
+    return `user_${userId.substring(0, 8)}`;
+}
+/**
+ * Sanitize objects by redacting sensitive fields
+ * Automatically redacts fields containing: token, password, secret, key, authorization
+ */
+export function sanitizeObject(obj) {
+    if (!obj || typeof obj !== 'object')
+        return obj;
+    const sensitive = ['token', 'password', 'secret', 'key', 'authorization', 'credential'];
+    const result = Array.isArray(obj) ? [] : {};
+    for (const key in obj) {
+        const lowerKey = key.toLowerCase();
+        // Check if key contains sensitive terms
+        if (sensitive.some(s => lowerKey.includes(s))) {
+            result[key] = '[REDACTED]';
+        }
+        else if (typeof obj[key] === 'object' && obj[key] !== null) {
+            // Recursively sanitize nested objects
+            result[key] = sanitizeObject(obj[key]);
+        }
+        else {
+            result[key] = obj[key];
+        }
+    }
+    return result;
+}
+class Logger {
+    context;
+    constructor(context) {
+        this.context = context;
+    }
+    log(level, message, data) {
+        // Sanitize data before logging
+        const sanitizedData = data ? sanitizeObject(data) : undefined;
+        const isDevelopment = typeof process !== 'undefined' && process.env?.NODE_ENV === 'development';
+        switch (level) {
+            case 'debug':
+                if (isDevelopment)
+                    console.debug(`[${this.context}]`, message, sanitizedData || '');
+                break;
+            case 'info':
+                console.log(`[${this.context}]`, message, sanitizedData || '');
+                break;
+            case 'warn':
+                console.warn(`[${this.context}]`, message, sanitizedData || '');
+                break;
+            case 'error':
+                console.error(`[${this.context}]`, message, sanitizedData || '');
+                break;
+        }
+    }
+    debug(message, data) {
+        this.log('debug', message, data);
+    }
+    info(message, data) {
+        this.log('info', message, data);
+    }
+    warn(message, data) {
+        this.log('warn', message, data);
+    }
+    error(message, error, data) {
+        const isDevelopment = typeof process !== 'undefined' && process.env?.NODE_ENV === 'development';
+        this.log('error', message, {
+            ...data,
+            error: error?.message || error,
+            stack: isDevelopment ? error?.stack : undefined,
+        });
+    }
+}
+export function createLogger(context) {
+    return new Logger(context);
+}
+// Pre-configured loggers for common contexts
+export const authLogger = createLogger('Auth');
+export const apiLogger = createLogger('API');
+export const dbLogger = createLogger('Database');
+export const chatLogger = createLogger('Chat');
+//# sourceMappingURL=logger.js.map

package/dist/lib/logger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.js","sourceRoot":"","sources":["../../src/lib/logger.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAQpC;;GAEG;AAEH;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,KAAgC;IAC5D,IAAI,CAAC,KAAK;QAAE,OAAO,SAAS,CAAC;IAC7B,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC9D,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC;AACtC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,KAAgC;IAC5D,IAAI,CAAC,KAAK;QAAE,OAAO,SAAS,CAAC;IAC7B,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACzC,IAAI,CAAC,MAAM;QAAE,OAAO,WAAW,CAAC;IAChC,OAAO,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,OAAO,MAAM,EAAE,CAAC;AACjD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,MAAiC;IAC9D,IAAI,CAAC,MAAM;QAAE,OAAO,SAAS,CAAC;IAC9B,OAAO,QAAQ,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;AAC1C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,GAAQ;IACrC,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC;IAEhD,MAAM,SAAS,GAAG,CAAC,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,EAAE,eAAe,EAAE,YAAY,CAAC,CAAC;IACxF,MAAM,MAAM,GAAQ,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAEjD,KAAK,MAAM,GAAG,IAAI,GAAG,EAAE,CAAC;QACtB,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QAEnC,wCAAwC;QACxC,IAAI,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC9C,MAAM,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC;QAC7B,CAAC;aAAM,IAAI,OAAO,GAAG,CAAC,GAAG,CAAC,KAAK,QAAQ,IAAI,GAAG,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC;YAC7D,sCAAsC;YACtC,MAAM,CAAC,GAAG,CAAC,GAAG,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;QACzC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,MAAM;IACF,OAAO,CAAS;IAExB,YAAY,OAAe;QACzB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAEO,GAAG,CAAC,KAAe,EAAE,OAAe,EAAE,IAAiB;QAC7D,+BAA+B;QAC/B,MAAM,aAAa,GAAG,IAAI,CAAC,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAE9D,MAAM,aAAa,GAAG,OAAO,OAAO,KAAK,WAAW,IAAI,OAAO,CAAC,GAAG,EAAE,QAAQ,KAAK,aAAa,CAAC;QAEhG,QAAQ,KAAK,EAAE,CAAC;YACd,KAAK,OAAO;gBACV,IAAI,aAAa;oBAAE,OAAO,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,OAAO,GAAG,EAAE,OAAO,EAAE,aAAa,IAAI,EAAE,CAAC,CAAC;gBACpF,MAAM;YACR,KAAK,MAAM;gBACT,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,OAAO,GAAG,EAAE,OAAO,EAAE,aAAa,IAAI,EAAE,CAAC,CAAC;gBAC/D,MAAM;YACR,KAAK,MAAM;gBACT,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,OAAO,GAAG,EAAE,OAAO,EAAE,aAAa,IAAI,EAAE,CAAC,CAAC;gBAChE,MAAM;YACR,KAAK,OAAO;gBACV,OAAO,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,OAAO,GAAG,EAAE,OAAO,EAAE,aAAa,IAAI,EAAE,CAAC,CAAC;gBACjE,MAAM;QACV,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAe,EAAE,IAAiB;QACtC,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;IACnC,CAAC;IAED,IAAI,CAAC,OAAe,EAAE,IAAiB;QACrC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;IAClC,CAAC;IAED,IAAI,CAAC,OAAe,EAAE,IAAiB;QACrC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;IAClC,CAAC;IAED,KAAK,CAAC,OAAe,EAAE,KAAmB,EAAE,IAAiB;QAC3D,MAAM,aAAa,GAAG,OAAO,OAAO,KAAK,WAAW,IAAI,OAAO,CAAC,GAAG,EAAE,QAAQ,KAAK,aAAa,CAAC;QAEhG,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE;YACzB,GAAG,IAAI;YACP,KAAK,EAAE,KAAK,EAAE,OAAO,IAAI,KAAK;YAC9B,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,SAAS;SAChD,CAAC,CAAC;IACL,CAAC;CACF;AAED,MAAM,UAAU,YAAY,CAAC,OAAe;IAC1C,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC;AAC7B,CAAC;AAED,6CAA6C;AAC7C,MAAM,CAAC,MAAM,UAAU,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;AAC/C,MAAM,CAAC,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;AAC7C,MAAM,CAAC,MAAM,QAAQ,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC;AACjD,MAAM,CAAC,MAAM,UAAU,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC"}

package/dist/lib/rate-limiter.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Rate Limiting Utility
+ *
+ * Provides rate limiting functionality using Cloudflare Workers Rate Limiting API
+ */
+export interface RateLimitConfig {
+    limit: number;
+    period: number;
+    keyPrefix: string;
+}
+export interface RateLimitResult {
+    success: boolean;
+    limit: number;
+    remaining: number;
+    retryAfter?: number;
+}
+/**
+ * Check rate limit for a request
+ */
+export declare function checkRateLimit(rateLimiter: any, // Cloudflare Rate Limiter binding
+identifier: string, config: RateLimitConfig): Promise<RateLimitResult>;
+/**
+ * Create rate limit error response
+ */
+export declare function createRateLimitResponse(result: RateLimitResult): Response;
+/**
+ * Get rate limit identifier from request
+ * Uses IP address, falling back to user ID if authenticated
+ */
+export declare function getRateLimitIdentifier(request: Request, userId?: string): string;
+//# sourceMappingURL=rate-limiter.d.ts.map

package/dist/lib/rate-limiter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rate-limiter.d.ts","sourceRoot":"","sources":["../../src/lib/rate-limiter.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,EAAE,MAAM,CAAA;IACd,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAA;IAChB,KAAK,EAAE,MAAM,CAAA;IACb,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,CAAC,EAAE,MAAM,CAAA;CACpB;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,WAAW,EAAE,GAAG,EAAG,kCAAkC;AACrD,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,eAAe,GACtB,OAAO,CAAC,eAAe,CAAC,CAqB1B;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,eAAe,GAAG,QAAQ,CAqBzE;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,CAUhF"}

package/dist/lib/rate-limiter.js

@@ -0,0 +1,65 @@
+/**
+ * Rate Limiting Utility
+ *
+ * Provides rate limiting functionality using Cloudflare Workers Rate Limiting API
+ */
+/**
+ * Check rate limit for a request
+ */
+export async function checkRateLimit(rateLimiter, // Cloudflare Rate Limiter binding
+identifier, config) {
+    const key = `${config.keyPrefix}:${identifier}`;
+    try {
+        const { success, limit, remaining, retryAfter } = await rateLimiter.limit({ key });
+        return {
+            success,
+            limit,
+            remaining,
+            retryAfter
+        };
+    }
+    catch (error) {
+        console.error('[RateLimit] Error checking rate limit:', error);
+        // Fail open - allow request if rate limiter fails
+        return {
+            success: true,
+            limit: config.limit,
+            remaining: config.limit
+        };
+    }
+}
+/**
+ * Create rate limit error response
+ */
+export function createRateLimitResponse(result) {
+    const retryAfter = result.retryAfter ?? 60;
+    const limit = result.limit ?? 100;
+    const remaining = result.remaining ?? 0;
+    return new Response(JSON.stringify({
+        error: 'Too many requests',
+        message: 'Rate limit exceeded. Please try again later.',
+        retryAfter
+    }), {
+        status: 429,
+        headers: {
+            'Content-Type': 'application/json',
+            'Retry-After': retryAfter.toString(),
+            'X-RateLimit-Limit': limit.toString(),
+            'X-RateLimit-Remaining': remaining.toString()
+        }
+    });
+}
+/**
+ * Get rate limit identifier from request
+ * Uses IP address, falling back to user ID if authenticated
+ */
+export function getRateLimitIdentifier(request, userId) {
+    if (userId) {
+        return `user:${userId}`;
+    }
+    const ip = request.headers.get('cf-connecting-ip') ||
+        request.headers.get('x-forwarded-for') ||
+        'unknown';
+    return `ip:${ip}`;
+}
+//# sourceMappingURL=rate-limiter.js.map

package/dist/lib/rate-limiter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rate-limiter.js","sourceRoot":"","sources":["../../src/lib/rate-limiter.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAeH;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,WAAgB,EAAG,kCAAkC;AACrD,UAAkB,EAClB,MAAuB;IAEvB,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC,SAAS,IAAI,UAAU,EAAE,CAAA;IAE/C,IAAI,CAAC;QACH,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,WAAW,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,CAAC,CAAA;QAElF,OAAO;YACL,OAAO;YACP,KAAK;YACL,SAAS;YACT,UAAU;SACX,CAAA;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,wCAAwC,EAAE,KAAK,CAAC,CAAA;QAC9D,kDAAkD;QAClD,OAAO;YACL,OAAO,EAAE,IAAI;YACb,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,SAAS,EAAE,MAAM,CAAC,KAAK;SACxB,CAAA;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB,CAAC,MAAuB;IAC7D,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,EAAE,CAAA;IAC1C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,GAAG,CAAA;IACjC,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,CAAC,CAAA;IAEvC,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;QACb,KAAK,EAAE,mBAAmB;QAC1B,OAAO,EAAE,8CAA8C;QACvD,UAAU;KACX,CAAC,EACF;QACE,MAAM,EAAE,GAAG;QACX,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,aAAa,EAAE,UAAU,CAAC,QAAQ,EAAE;YACpC,mBAAmB,EAAE,KAAK,CAAC,QAAQ,EAAE;YACrC,uBAAuB,EAAE,SAAS,CAAC,QAAQ,EAAE;SAC9C;KACF,CACF,CAAA;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAAgB,EAAE,MAAe;IACtE,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,QAAQ,MAAM,EAAE,CAAA;IACzB,CAAC;IAED,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;QACtC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;QACtC,SAAS,CAAA;IAErB,OAAO,MAAM,EAAE,EAAE,CAAA;AACnB,CAAC"}

package/dist/lib/uuid.d.ts

@@ -0,0 +1,12 @@
+/**
+ * UUID Generator Utility
+ *
+ * Browser-compatible UUID generation.
+ * Uses Web Crypto API if available, falls back to simple implementation.
+ */
+/**
+ * Generate a UUID v4
+ * Uses crypto.randomUUID() if available, otherwise uses a fallback
+ */
+export declare function generateUUID(): string;
+//# sourceMappingURL=uuid.d.ts.map

package/dist/lib/uuid.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"uuid.d.ts","sourceRoot":"","sources":["../../src/lib/uuid.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;GAGG;AACH,wBAAgB,YAAY,IAAI,MAAM,CAYrC"}

package/dist/lib/uuid.js

@@ -0,0 +1,23 @@
+/**
+ * UUID Generator Utility
+ *
+ * Browser-compatible UUID generation.
+ * Uses Web Crypto API if available, falls back to simple implementation.
+ */
+/**
+ * Generate a UUID v4
+ * Uses crypto.randomUUID() if available, otherwise uses a fallback
+ */
+export function generateUUID() {
+    // Try Web Crypto API first
+    if (typeof crypto !== 'undefined' && crypto.randomUUID) {
+        return crypto.randomUUID();
+    }
+    // Fallback implementation
+    return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, (c) => {
+        const r = (Math.random() * 16) | 0;
+        const v = c === 'x' ? r : (r & 0x3) | 0x8;
+        return v.toString(16);
+    });
+}
+//# sourceMappingURL=uuid.js.map

package/dist/lib/uuid.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"uuid.js","sourceRoot":"","sources":["../../src/lib/uuid.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;GAGG;AACH,MAAM,UAAU,YAAY;IAC1B,2BAA2B;IAC3B,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QACvD,OAAO,MAAM,CAAC,UAAU,EAAE,CAAC;IAC7B,CAAC;IAED,0BAA0B;IAC1B,OAAO,sCAAsC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE;QACnE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QACnC,MAAM,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC;QAC1C,OAAO,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IACxB,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/services/base.service.d.ts

@@ -0,0 +1,46 @@
+/**
+ * Minimal structured logger interface.
+ * Wire in winston, pino, or any other logger at the container level.
+ */
+export interface Logger {
+    debug(message: string, context?: Record<string, unknown>): void;
+    info(message: string, context?: Record<string, unknown>): void;
+    warn(message: string, context?: Record<string, unknown>): void;
+    error(message: string, context?: Record<string, unknown>): void;
+}
+/**
+ * Abstract base class for all services.
+ *
+ * Provides:
+ * - Constructor injection of config and logger
+ * - Optional initialize/shutdown lifecycle hooks
+ * - Consistent naming (className from constructor.name)
+ *
+ * @example
+ * class UserService extends BaseService<ServiceConfig> {
+ *   constructor(config: ServiceConfig, logger: Logger) {
+ *     super(config, logger);
+ *   }
+ *
+ *   async initialize(): Promise<void> {
+ *     // connect to DB, warm up caches, etc.
+ *   }
+ * }
+ */
+export declare abstract class BaseService<TConfig = unknown> {
+    protected readonly config: TConfig;
+    protected readonly logger: Logger;
+    protected readonly name: string;
+    constructor(config: TConfig, logger: Logger);
+    /**
+     * Called once when the application starts.
+     * Override to connect to databases, warm up caches, or validate config.
+     */
+    initialize(): Promise<void>;
+    /**
+     * Called once when the application shuts down.
+     * Override to close connections, flush buffers, or clean up resources.
+     */
+    shutdown(): Promise<void>;
+}
+//# sourceMappingURL=base.service.d.ts.map

package/dist/services/base.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"base.service.d.ts","sourceRoot":"","sources":["../../src/services/base.service.ts"],"names":[],"mappings":"AAGA;;;GAGG;AACH,MAAM,WAAW,MAAM;IACrB,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAChE,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC/D,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC/D,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;CACjE;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,8BAAsB,WAAW,CAAC,OAAO,GAAG,OAAO;IAI/C,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO;IAClC,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM;IAJnC,SAAS,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;gBAGX,MAAM,EAAE,OAAO,EACf,MAAM,EAAE,MAAM;IAKnC;;;OAGG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAIjC;;;OAGG;IACG,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;CAGhC"}

package/dist/services/base.service.js

@@ -0,0 +1,46 @@
+// src/services/base.service.ts
+// Pattern: Service Base (core-sdk.service-base.md)
+/**
+ * Abstract base class for all services.
+ *
+ * Provides:
+ * - Constructor injection of config and logger
+ * - Optional initialize/shutdown lifecycle hooks
+ * - Consistent naming (className from constructor.name)
+ *
+ * @example
+ * class UserService extends BaseService<ServiceConfig> {
+ *   constructor(config: ServiceConfig, logger: Logger) {
+ *     super(config, logger);
+ *   }
+ *
+ *   async initialize(): Promise<void> {
+ *     // connect to DB, warm up caches, etc.
+ *   }
+ * }
+ */
+export class BaseService {
+    config;
+    logger;
+    name;
+    constructor(config, logger) {
+        this.config = config;
+        this.logger = logger;
+        this.name = this.constructor.name;
+    }
+    /**
+     * Called once when the application starts.
+     * Override to connect to databases, warm up caches, or validate config.
+     */
+    async initialize() {
+        // No-op by default
+    }
+    /**
+     * Called once when the application shuts down.
+     * Override to close connections, flush buffers, or clean up resources.
+     */
+    async shutdown() {
+        // No-op by default
+    }
+}
+//# sourceMappingURL=base.service.js.map

package/dist/services/base.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"base.service.js","sourceRoot":"","sources":["../../src/services/base.service.ts"],"names":[],"mappings":"AAAA,+BAA+B;AAC/B,mDAAmD;AAanD;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,OAAgB,WAAW;IAIV;IACA;IAJF,IAAI,CAAS;IAEhC,YACqB,MAAe,EACf,MAAc;QADd,WAAM,GAAN,MAAM,CAAS;QACf,WAAM,GAAN,MAAM,CAAQ;QAEjC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC;IACpC,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,UAAU;QACd,mBAAmB;IACrB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,QAAQ;QACZ,mBAAmB;IACrB,CAAC;CACF"}

package/dist/services/confirmation-token.service.d.ts

@@ -0,0 +1,40 @@
+/**
+ * A pending action stored against a confirmation token.
+ * Encodes the exact operation parameters to prevent tampering.
+ */
+export interface PendingAction {
+    type: string;
+    userId: string;
+    params: Record<string, unknown>;
+    summary: string;
+    createdAt: number;
+}
+/**
+ * Confirmation Token Service
+ *
+ * In-memory token store for two-step confirmation flows.
+ * Mutating tools generate a preview + token; a confirm step consumes the token to execute.
+ * Tokens are single-use, user-scoped, and expire after TTL.
+ */
+export declare class ConfirmationTokenService {
+    private pending;
+    private ttlMs;
+    constructor(ttlMs?: number);
+    /**
+     * Generate a confirmation token for a pending action.
+     * Returns a 32-char hex string.
+     */
+    generateToken(action: PendingAction): string;
+    /**
+     * Consume a confirmation token.
+     * Returns the pending action if valid, null otherwise.
+     * Tokens are single-use — consumed on retrieval.
+     * Validates userId matches the original initiator.
+     */
+    consumeToken(token: string, userId: string): PendingAction | null;
+    /**
+     * Lazy cleanup of expired tokens.
+     */
+    private cleanup;
+}
+//# sourceMappingURL=confirmation-token.service.d.ts.map

package/dist/services/confirmation-token.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"confirmation-token.service.d.ts","sourceRoot":"","sources":["../../src/services/confirmation-token.service.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC/B,OAAO,EAAE,MAAM,CAAA;IACf,SAAS,EAAE,MAAM,CAAA;CAClB;AAID;;;;;;GAMG;AACH,qBAAa,wBAAwB;IACnC,OAAO,CAAC,OAAO,CAAmC;IAClD,OAAO,CAAC,KAAK,CAAQ;gBAET,KAAK,GAAE,MAAuB;IAI1C;;;OAGG;IACH,aAAa,CAAC,MAAM,EAAE,aAAa,GAAG,MAAM;IAO5C;;;;;OAKG;IACH,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI;IAoBjE;;OAEG;IACH,OAAO,CAAC,OAAO;CAQhB"}

package/dist/services/confirmation-token.service.js

@@ -0,0 +1,60 @@
+import { randomBytes } from 'node:crypto';
+const DEFAULT_TTL_MS = 5 * 60 * 1000; // 5 minutes
+/**
+ * Confirmation Token Service
+ *
+ * In-memory token store for two-step confirmation flows.
+ * Mutating tools generate a preview + token; a confirm step consumes the token to execute.
+ * Tokens are single-use, user-scoped, and expire after TTL.
+ */
+export class ConfirmationTokenService {
+    pending = new Map();
+    ttlMs;
+    constructor(ttlMs = DEFAULT_TTL_MS) {
+        this.ttlMs = ttlMs;
+    }
+    /**
+     * Generate a confirmation token for a pending action.
+     * Returns a 32-char hex string.
+     */
+    generateToken(action) {
+        this.cleanup();
+        const token = randomBytes(16).toString('hex');
+        this.pending.set(token, action);
+        return token;
+    }
+    /**
+     * Consume a confirmation token.
+     * Returns the pending action if valid, null otherwise.
+     * Tokens are single-use — consumed on retrieval.
+     * Validates userId matches the original initiator.
+     */
+    consumeToken(token, userId) {
+        const action = this.pending.get(token);
+        if (!action)
+            return null;
+        // Always delete — single use
+        this.pending.delete(token);
+        // Check TTL
+        if (Date.now() - action.createdAt > this.ttlMs) {
+            return null;
+        }
+        // Validate userId matches
+        if (action.userId !== userId) {
+            return null;
+        }
+        return action;
+    }
+    /**
+     * Lazy cleanup of expired tokens.
+     */
+    cleanup() {
+        const now = Date.now();
+        for (const [token, action] of this.pending) {
+            if (now - action.createdAt > this.ttlMs) {
+                this.pending.delete(token);
+            }
+        }
+    }
+}
+//# sourceMappingURL=confirmation-token.service.js.map

package/dist/services/confirmation-token.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"confirmation-token.service.js","sourceRoot":"","sources":["../../src/services/confirmation-token.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAczC,MAAM,cAAc,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAA,CAAC,YAAY;AAEjD;;;;;;GAMG;AACH,MAAM,OAAO,wBAAwB;IAC3B,OAAO,GAAG,IAAI,GAAG,EAAyB,CAAA;IAC1C,KAAK,CAAQ;IAErB,YAAY,QAAgB,cAAc;QACxC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAA;IACpB,CAAC;IAED;;;OAGG;IACH,aAAa,CAAC,MAAqB;QACjC,IAAI,CAAC,OAAO,EAAE,CAAA;QACd,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;QAC7C,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,CAAA;QAC/B,OAAO,KAAK,CAAA;IACd,CAAC;IAED;;;;;OAKG;IACH,YAAY,CAAC,KAAa,EAAE,MAAc;QACxC,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;QACtC,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAA;QAExB,6BAA6B;QAC7B,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QAE1B,YAAY;QACZ,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;YAC/C,OAAO,IAAI,CAAA;QACb,CAAC;QAED,0BAA0B;QAC1B,IAAI,MAAM,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YAC7B,OAAO,IAAI,CAAA;QACb,CAAC;QAED,OAAO,MAAM,CAAA;IACf,CAAC;IAED;;OAEG;IACK,OAAO;QACb,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QACtB,KAAK,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YAC3C,IAAI,GAAG,GAAG,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;gBACxC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;YAC5B,CAAC;QACH,CAAC;IACH,CAAC;CACF"}

package/dist/services/index.d.ts

@@ -0,0 +1,5 @@
+export { BaseService } from './base.service.js';
+export type { Logger } from './base.service.js';
+export { ConfirmationTokenService } from './confirmation-token.service.js';
+export type { PendingAction } from './confirmation-token.service.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/services/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAC/C,YAAY,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAA;AAC/C,OAAO,EAAE,wBAAwB,EAAE,MAAM,iCAAiC,CAAA;AAC1E,YAAY,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAA"}

package/dist/services/index.js

@@ -0,0 +1,3 @@
+export { BaseService } from './base.service.js';
+export { ConfirmationTokenService } from './confirmation-token.service.js';
+//# sourceMappingURL=index.js.map

package/dist/services/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAE/C,OAAO,EAAE,wBAAwB,EAAE,MAAM,iCAAiC,CAAA"}

package/dist/types/index.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Core auth types used across agentbase projects.
+ */
+export interface AuthUser {
+    uid: string;
+    email: string | null;
+    displayName: string | null;
+    photoURL: string | null;
+    emailVerified: boolean;
+    isAnonymous: boolean;
+}
+export interface ServerSession {
+    user: AuthUser;
+}
+export interface AuthResult {
+    success: boolean;
+    error?: string;
+}
+//# sourceMappingURL=index.d.ts.map

package/dist/types/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,QAAQ;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,aAAa,EAAE,OAAO,CAAC;IACvB,WAAW,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,QAAQ,CAAC;CAChB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB"}

package/dist/types/index.js

@@ -0,0 +1,5 @@
+/**
+ * Core auth types used across agentbase projects.
+ */
+export {};
+//# sourceMappingURL=index.js.map

package/dist/types/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA;;GAEG"}

package/package.json

@@ -0,0 +1,70 @@
+{
+  "name": "@prmichaelsen/agentbase-core",
+  "version": "0.1.0",
+  "description": "Shared service infrastructure for agentbase projects — BaseService, auth, Firebase wrappers, logging, and common utilities",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    },
+    "./services": {
+      "import": "./dist/services/index.js",
+      "types": "./dist/services/index.d.ts"
+    },
+    "./lib": {
+      "import": "./dist/lib/index.js",
+      "types": "./dist/lib/index.d.ts"
+    },
+    "./lib/auth": {
+      "import": "./dist/lib/auth/index.js",
+      "types": "./dist/lib/auth/index.d.ts"
+    },
+    "./types": {
+      "import": "./dist/types/index.js",
+      "types": "./dist/types/index.d.ts"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "typecheck": "tsc --noEmit",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": [
+    "agentbase",
+    "service",
+    "firebase",
+    "auth"
+  ],
+  "author": "prmichaelsen",
+  "license": "MIT",
+  "peerDependencies": {
+    "@prmichaelsen/firebase-admin-sdk-v8": ">=2.0.0",
+    "firebase": ">=10.0.0",
+    "jsonwebtoken": ">=9.0.0"
+  },
+  "peerDependenciesMeta": {
+    "@prmichaelsen/firebase-admin-sdk-v8": {
+      "optional": true
+    },
+    "firebase": {
+      "optional": true
+    },
+    "jsonwebtoken": {
+      "optional": true
+    }
+  },
+  "devDependencies": {
+    "@prmichaelsen/firebase-admin-sdk-v8": "^2.8.0",
+    "firebase": "^10.14.1",
+    "jsonwebtoken": "^9.0.3",
+    "@types/jsonwebtoken": "^9.0.0",
+    "typescript": "^5.5.0"
+  }
+}