@pureq/auth 0.2.0

package/dist/framework/index.js

@@ -0,0 +1,68 @@
+import { createAuthRequestAdapter } from "../adapters";
+export { createAuthRouteHandlerRecipe, createAuthServerActionRecipe, mapAuthErrorToHttp } from "./recipes";
+export { createExpressAuthKitPack, createFastifyAuthKitPack, createNextAuthKitPack, createReactAuthKitBootstrapPack, } from "./packs";
+function emptyState() {
+    return { accessToken: null, refreshToken: null };
+}
+function buildSessionTransferPayload(state, setCookieHeaders) {
+    return {
+        format: "pureq-auth-session-transfer/v1",
+        issuedAt: Date.now(),
+        state,
+        setCookieHeaders,
+    };
+}
+/**
+ * Create a framework context that bootstraps auth from a request.
+ * ARCH-3: Catches bootstrap errors and falls back to empty session.
+ */
+export async function createAuthFrameworkContext(options = {}) {
+    const adapter = createAuthRequestAdapter(options);
+    let state;
+    if (options.request) {
+        try {
+            state = await adapter.bootstrap(options.request);
+        }
+        catch (error) {
+            options.onBootstrapError?.(error);
+            state = emptyState();
+        }
+    }
+    else {
+        state = await adapter.session.getState();
+    }
+    const syncState = async () => {
+        state = await adapter.session.getState();
+        return state;
+    };
+    return {
+        adapter,
+        getState() {
+            return state;
+        },
+        refreshState() {
+            return syncState();
+        },
+        async setTokens(tokens) {
+            await adapter.session.setTokens(tokens);
+            return syncState();
+        },
+        async clearSession() {
+            await adapter.session.clear();
+            return syncState();
+        },
+        toResponseHeaders(headers) {
+            return adapter.buildResponseHeaders(state, headers);
+        },
+        toResponseInit(init) {
+            return adapter.buildResponseInit(state, init);
+        },
+        toSessionTransferPayload() {
+            return buildSessionTransferPayload(state, adapter.buildSetCookieHeaders(state));
+        },
+        dispose() {
+            adapter.session.dispose();
+        },
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/framework/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/framework/index.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,wBAAwB,EAAE,MAAM,aAAa,CAAC;AACvD,OAAO,EAAE,4BAA4B,EAAE,4BAA4B,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAC;AAC3G,OAAO,EACL,wBAAwB,EACxB,wBAAwB,EACxB,qBAAqB,EACrB,+BAA+B,GAChC,MAAM,SAAS,CAAC;AAEjB,SAAS,UAAU;IACjB,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;AACnD,CAAC;AAED,SAAS,2BAA2B,CAClC,KAAuB,EACvB,gBAAmC;IAEnC,OAAO;QACL,MAAM,EAAE,gCAAgC;QACxC,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE;QACpB,KAAK;QACL,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAC9C,UAAuC,EAAE;IAEzC,MAAM,OAAO,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAC;IAClD,IAAI,KAAuB,CAAC;IAE5B,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,IAAI,CAAC;YACH,KAAK,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACnD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,gBAAgB,EAAE,CAAC,KAAK,CAAC,CAAC;YAClC,KAAK,GAAG,UAAU,EAAE,CAAC;QACvB,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;IAC3C,CAAC;IAED,MAAM,SAAS,GAAG,KAAK,IAA+B,EAAE;QACtD,KAAK,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;QACzC,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;IAEF,OAAO;QACL,OAAO;QAEP,QAAQ;YACN,OAAO,KAAK,CAAC;QACf,CAAC;QAED,YAAY;YACV,OAAO,SAAS,EAAE,CAAC;QACrB,CAAC;QAED,KAAK,CAAC,SAAS,CAAC,MAAkB;YAChC,MAAM,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YACxC,OAAO,SAAS,EAAE,CAAC;QACrB,CAAC;QAED,KAAK,CAAC,YAAY;YAChB,MAAM,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YAC9B,OAAO,SAAS,EAAE,CAAC;QACrB,CAAC;QAED,iBAAiB,CAAC,OAAqB;YACrC,OAAO,OAAO,CAAC,oBAAoB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QACtD,CAAC;QAED,cAAc,CAAC,IAAmB;YAChC,OAAO,OAAO,CAAC,iBAAiB,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAChD,CAAC;QAED,wBAAwB;YACtB,OAAO,2BAA2B,CAAC,KAAK,EAAE,OAAO,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC,CAAC;QAClF,CAAC;QAED,OAAO;YACL,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;QAC5B,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/framework/packs.d.ts

@@ -0,0 +1,54 @@
+import type { AuthKit, ReactAuthHooks, ReactUseSyncExternalStore } from "../shared";
+type RouteRequestLike = {
+    readonly method?: string;
+    readonly url?: string;
+    readonly headers?: Headers | Readonly<Record<string, string | null | undefined>>;
+    readonly body?: unknown;
+};
+type ExpressLikeRequest = {
+    readonly method?: string;
+    readonly originalUrl?: string;
+    readonly url?: string;
+    readonly headers?: Readonly<Record<string, string | null | undefined>>;
+    readonly body?: unknown;
+};
+type ExpressLikeResponse = {
+    status(code: number): ExpressLikeResponse;
+    setHeader(name: string, value: string | readonly string[]): void;
+    json(value: unknown): void;
+};
+type FastifyLikeRequest = {
+    readonly method?: string;
+    readonly url?: string;
+    readonly headers?: Readonly<Record<string, string | null | undefined>>;
+    readonly body?: unknown;
+};
+type FastifyLikeReply = {
+    code(statusCode: number): FastifyLikeReply;
+    header(name: string, value: string | readonly string[]): FastifyLikeReply;
+    send(payload: unknown): void;
+};
+export declare function createNextAuthKitPack(kit: AuthKit): {
+    providers: (request?: RouteRequestLike) => Promise<Response>;
+    signIn: (request: RouteRequestLike) => Promise<Response>;
+    callback: (request: RouteRequestLike) => Promise<Response>;
+    session: (request: RouteRequestLike) => Promise<Response>;
+    signOut: (request: RouteRequestLike) => Promise<Response>;
+};
+export declare function createExpressAuthKitPack(kit: AuthKit): {
+    providers: (req: ExpressLikeRequest, res: ExpressLikeResponse) => Promise<void>;
+    signIn: (req: ExpressLikeRequest, res: ExpressLikeResponse) => Promise<void>;
+    callback: (req: ExpressLikeRequest, res: ExpressLikeResponse) => Promise<void>;
+    session: (req: ExpressLikeRequest, res: ExpressLikeResponse) => Promise<void>;
+    signOut: (req: ExpressLikeRequest, res: ExpressLikeResponse) => Promise<void>;
+};
+export declare function createFastifyAuthKitPack(kit: AuthKit): {
+    providers: (req: FastifyLikeRequest, reply: FastifyLikeReply) => Promise<void>;
+    signIn: (req: FastifyLikeRequest, reply: FastifyLikeReply) => Promise<void>;
+    callback: (req: FastifyLikeRequest, reply: FastifyLikeReply) => Promise<void>;
+    session: (req: FastifyLikeRequest, reply: FastifyLikeReply) => Promise<void>;
+    signOut: (req: FastifyLikeRequest, reply: FastifyLikeReply) => Promise<void>;
+};
+export declare function createReactAuthKitBootstrapPack(kit: AuthKit, useSyncExternalStore: ReactUseSyncExternalStore): ReactAuthHooks;
+export {};
+//# sourceMappingURL=packs.d.ts.map

package/dist/framework/packs.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"packs.d.ts","sourceRoot":"","sources":["../../src/framework/packs.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,cAAc,EAAE,yBAAyB,EAAE,MAAM,WAAW,CAAC;AAEpF,KAAK,gBAAgB,GAAG;IACtB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC;IACjF,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC;CACzB,CAAC;AAEF,KAAK,kBAAkB,GAAG;IACxB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,OAAO,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC;IACvE,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC;CACzB,CAAC;AAEF,KAAK,mBAAmB,GAAG;IACzB,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,mBAAmB,CAAC;IAC1C,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,SAAS,MAAM,EAAE,GAAG,IAAI,CAAC;IACjE,IAAI,CAAC,KAAK,EAAE,OAAO,GAAG,IAAI,CAAC;CAC5B,CAAC;AAEF,KAAK,kBAAkB,GAAG;IACxB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,OAAO,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC;IACvE,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC;CACzB,CAAC;AAEF,KAAK,gBAAgB,GAAG;IACtB,IAAI,CAAC,UAAU,EAAE,MAAM,GAAG,gBAAgB,CAAC;IAC3C,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,SAAS,MAAM,EAAE,GAAG,gBAAgB,CAAC;IAC1E,IAAI,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAAC;CAC9B,CAAC;AAsCF,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,OAAO;0BAEzB,gBAAgB;sBACnB,gBAAgB;wBACd,gBAAgB;uBACjB,gBAAgB;uBAChB,gBAAgB;EAEtC;AAED,wBAAgB,wBAAwB,CAAC,GAAG,EAAE,OAAO;qBAE1B,kBAAkB,OAAO,mBAAmB;kBAa/C,kBAAkB,OAAO,mBAAmB;oBAc1C,kBAAkB,OAAO,mBAAmB;mBAU7C,kBAAkB,OAAO,mBAAmB;mBAK5C,kBAAkB,OAAO,mBAAmB;EAMpE;AAED,wBAAgB,wBAAwB,CAAC,GAAG,EAAE,OAAO;qBAE1B,kBAAkB,SAAS,gBAAgB;kBAa9C,kBAAkB,SAAS,gBAAgB;oBAczC,kBAAkB,SAAS,gBAAgB;mBAU5C,kBAAkB,SAAS,gBAAgB;mBAK3C,kBAAkB,SAAS,gBAAgB;EAMnE;AAED,wBAAgB,+BAA+B,CAC7C,GAAG,EAAE,OAAO,EACZ,oBAAoB,EAAE,yBAAyB,GAC9C,cAAc,CAEhB"}

package/dist/framework/packs.js

@@ -0,0 +1,124 @@
+async function responseToJson(response) {
+    const text = await response.text();
+    if (!text) {
+        return null;
+    }
+    try {
+        return JSON.parse(text);
+    }
+    catch {
+        return text;
+    }
+}
+function setSetCookieToExpress(response, res) {
+    const setCookie = response.headers.get("set-cookie");
+    if (setCookie) {
+        res.setHeader("Set-Cookie", setCookie);
+    }
+}
+function setSetCookieToFastify(response, reply) {
+    const setCookie = response.headers.get("set-cookie");
+    if (setCookie) {
+        reply.header("Set-Cookie", setCookie);
+    }
+}
+function toRouteRequestLike(request, fallbackMethod) {
+    return {
+        ...(fallbackMethod ? { method: fallbackMethod } : {}),
+        ...(request.method ? { method: request.method } : {}),
+        ...(request.url ? { url: request.url } : {}),
+        ...(request.headers ? { headers: request.headers } : {}),
+        ...(request.body !== undefined ? { body: request.body } : {}),
+    };
+}
+export function createNextAuthKitPack(kit) {
+    return {
+        providers: (request = {}) => kit.handlers.handleSignIn(toRouteRequestLike(request, "GET")),
+        signIn: (request) => kit.handlers.handleSignIn(toRouteRequestLike(request, "POST")),
+        callback: (request) => kit.handlers.handleCallback(toRouteRequestLike(request)),
+        session: (request) => kit.handlers.handleSession(toRouteRequestLike(request)),
+        signOut: (request) => kit.handlers.handleSignOut(toRouteRequestLike(request)),
+    };
+}
+export function createExpressAuthKitPack(kit) {
+    return {
+        providers: async (req, res) => {
+            const response = await kit.handlers.handleSignIn(toRouteRequestLike({
+                ...((req.originalUrl ?? req.url) ? { url: req.originalUrl ?? req.url } : {}),
+                ...(req.headers ? { headers: req.headers } : {}),
+            }, "GET"));
+            setSetCookieToExpress(response, res);
+            res.status(response.status).json(await responseToJson(response));
+        },
+        signIn: async (req, res) => {
+            const response = await kit.handlers.handleSignIn(toRouteRequestLike({
+                ...((req.originalUrl ?? req.url) ? { url: req.originalUrl ?? req.url } : {}),
+                ...(req.headers ? { headers: req.headers } : {}),
+                ...(req.body !== undefined ? { body: req.body } : {}),
+            }, "POST"));
+            setSetCookieToExpress(response, res);
+            res.status(response.status).json(await responseToJson(response));
+        },
+        callback: async (req, res) => {
+            const response = await kit.handlers.handleCallback(toRouteRequestLike({
+                ...((req.originalUrl ?? req.url) ? { url: req.originalUrl ?? req.url } : {}),
+                ...(req.headers ? { headers: req.headers } : {}),
+            }));
+            setSetCookieToExpress(response, res);
+            res.status(response.status).json(await responseToJson(response));
+        },
+        session: async (req, res) => {
+            const response = await kit.handlers.handleSession(toRouteRequestLike(req.headers ? { headers: req.headers } : {}));
+            setSetCookieToExpress(response, res);
+            res.status(response.status).json(await responseToJson(response));
+        },
+        signOut: async (req, res) => {
+            const response = await kit.handlers.handleSignOut(toRouteRequestLike(req.headers ? { headers: req.headers } : {}));
+            setSetCookieToExpress(response, res);
+            res.status(response.status).json(await responseToJson(response));
+        },
+    };
+}
+export function createFastifyAuthKitPack(kit) {
+    return {
+        providers: async (req, reply) => {
+            const response = await kit.handlers.handleSignIn(toRouteRequestLike({
+                ...(req.url ? { url: req.url } : {}),
+                ...(req.headers ? { headers: req.headers } : {}),
+            }, "GET"));
+            setSetCookieToFastify(response, reply);
+            reply.code(response.status).send(await responseToJson(response));
+        },
+        signIn: async (req, reply) => {
+            const response = await kit.handlers.handleSignIn(toRouteRequestLike({
+                ...(req.url ? { url: req.url } : {}),
+                ...(req.headers ? { headers: req.headers } : {}),
+                ...(req.body !== undefined ? { body: req.body } : {}),
+            }, "POST"));
+            setSetCookieToFastify(response, reply);
+            reply.code(response.status).send(await responseToJson(response));
+        },
+        callback: async (req, reply) => {
+            const response = await kit.handlers.handleCallback(toRouteRequestLike({
+                ...(req.url ? { url: req.url } : {}),
+                ...(req.headers ? { headers: req.headers } : {}),
+            }));
+            setSetCookieToFastify(response, reply);
+            reply.code(response.status).send(await responseToJson(response));
+        },
+        session: async (req, reply) => {
+            const response = await kit.handlers.handleSession(toRouteRequestLike(req.headers ? { headers: req.headers } : {}));
+            setSetCookieToFastify(response, reply);
+            reply.code(response.status).send(await responseToJson(response));
+        },
+        signOut: async (req, reply) => {
+            const response = await kit.handlers.handleSignOut(toRouteRequestLike(req.headers ? { headers: req.headers } : {}));
+            setSetCookieToFastify(response, reply);
+            reply.code(response.status).send(await responseToJson(response));
+        },
+    };
+}
+export function createReactAuthKitBootstrapPack(kit, useSyncExternalStore) {
+    return kit.createReactHooks(useSyncExternalStore);
+}
+//# sourceMappingURL=packs.js.map

package/dist/framework/packs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"packs.js","sourceRoot":"","sources":["../../src/framework/packs.ts"],"names":[],"mappings":"AAoCA,KAAK,UAAU,cAAc,CAAC,QAAkB;IAC9C,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACnC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,QAAkB,EAAE,GAAwB;IACzE,MAAM,SAAS,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACrD,IAAI,SAAS,EAAE,CAAC;QACd,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;IACzC,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,QAAkB,EAAE,KAAuB;IACxE,MAAM,SAAS,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACrD,IAAI,SAAS,EAAE,CAAC;QACd,KAAK,CAAC,MAAM,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;IACxC,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB,CAAC,OAAyB,EAAE,cAAuB;IAC5E,OAAO;QACL,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACrD,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACrD,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC5C,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACxD,GAAG,CAAC,OAAO,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC9D,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,GAAY;IAChD,OAAO;QACL,SAAS,EAAE,CAAC,UAA4B,EAAE,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,YAAY,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAC5G,MAAM,EAAE,CAAC,OAAyB,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,YAAY,CAAC,kBAAkB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACrG,QAAQ,EAAE,CAAC,OAAyB,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QACjG,OAAO,EAAE,CAAC,OAAyB,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAC/F,OAAO,EAAE,CAAC,OAAyB,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;KAChG,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,wBAAwB,CAAC,GAAY;IACnD,OAAO;QACL,SAAS,EAAE,KAAK,EAAE,GAAuB,EAAE,GAAwB,EAAE,EAAE;YACrE,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,YAAY,CAC9C,kBAAkB,CAChB;gBACE,GAAG,CAAC,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC5E,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACjD,EACD,KAAK,CACN,CACF,CAAC;YACF,qBAAqB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;YACrC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC;QACnE,CAAC;QACD,MAAM,EAAE,KAAK,EAAE,GAAuB,EAAE,GAAwB,EAAE,EAAE;YAClE,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,YAAY,CAC9C,kBAAkB,CAChB;gBACE,GAAG,CAAC,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC5E,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAChD,GAAG,CAAC,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACtD,EACD,MAAM,CACP,CACF,CAAC;YACF,qBAAqB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;YACrC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC;QACnE,CAAC;QACD,QAAQ,EAAE,KAAK,EAAE,GAAuB,EAAE,GAAwB,EAAE,EAAE;YACpE,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,cAAc,CAChD,kBAAkB,CAAC;gBACjB,GAAG,CAAC,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC5E,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACjD,CAAC,CACH,CAAC;YACF,qBAAqB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;YACrC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC;QACnE,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,GAAuB,EAAE,GAAwB,EAAE,EAAE;YACnE,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,kBAAkB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACnH,qBAAqB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;YACrC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC;QACnE,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,GAAuB,EAAE,GAAwB,EAAE,EAAE;YACnE,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,kBAAkB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACnH,qBAAqB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;YACrC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC;QACnE,CAAC;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,wBAAwB,CAAC,GAAY;IACnD,OAAO;QACL,SAAS,EAAE,KAAK,EAAE,GAAuB,EAAE,KAAuB,EAAE,EAAE;YACpE,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,YAAY,CAC9C,kBAAkB,CAChB;gBACE,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACpC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACjD,EACD,KAAK,CACN,CACF,CAAC;YACF,qBAAqB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;YACvC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC;QACnE,CAAC;QACD,MAAM,EAAE,KAAK,EAAE,GAAuB,EAAE,KAAuB,EAAE,EAAE;YACjE,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,YAAY,CAC9C,kBAAkB,CAChB;gBACE,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACpC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAChD,GAAG,CAAC,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACtD,EACD,MAAM,CACP,CACF,CAAC;YACF,qBAAqB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;YACvC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC;QACnE,CAAC;QACD,QAAQ,EAAE,KAAK,EAAE,GAAuB,EAAE,KAAuB,EAAE,EAAE;YACnE,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,cAAc,CAChD,kBAAkB,CAAC;gBACjB,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACpC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACjD,CAAC,CACH,CAAC;YACF,qBAAqB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;YACvC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC;QACnE,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,GAAuB,EAAE,KAAuB,EAAE,EAAE;YAClE,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,kBAAkB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACnH,qBAAqB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;YACvC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC;QACnE,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,GAAuB,EAAE,KAAuB,EAAE,EAAE;YAClE,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,kBAAkB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACnH,qBAAqB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;YACvC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC;QACnE,CAAC;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,+BAA+B,CAC7C,GAAY,EACZ,oBAA+C;IAE/C,OAAO,GAAG,CAAC,gBAAgB,CAAC,oBAAoB,CAAC,CAAC;AACpD,CAAC"}

package/dist/framework/recipes.d.ts

@@ -0,0 +1,6 @@
+import type { AuthFrameworkContext, AuthMappedHttpError, AuthRouteHandlerRecipe, AuthRouteHandlerRecipeOptions, AuthServerActionRecipe } from "../shared";
+export declare function mapAuthErrorToHttp(error: unknown, sanitize?: boolean): AuthMappedHttpError;
+export declare function createAuthRouteHandlerRecipe(context: AuthFrameworkContext, recipeOptions?: AuthRouteHandlerRecipeOptions): AuthRouteHandlerRecipe;
+export declare function createAuthServerActionRecipe(context: AuthFrameworkContext): AuthServerActionRecipe;
+export type { AuthMappedHttpError, AuthRouteHandlerRecipe, AuthRouteHandlerRecipeOptions, AuthServerActionFailure, AuthServerActionRecipe, AuthServerActionResult, AuthServerActionSuccess, } from "../shared";
+//# sourceMappingURL=recipes.d.ts.map

package/dist/framework/recipes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"recipes.d.ts","sourceRoot":"","sources":["../../src/framework/recipes.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,oBAAoB,EACpB,mBAAmB,EACnB,sBAAsB,EACtB,6BAA6B,EAC7B,sBAAsB,EAEvB,MAAM,WAAW,CAAC;AAoBnB,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,OAAO,EAAE,QAAQ,UAAQ,GAAG,mBAAmB,CA2CxF;AAED,wBAAgB,4BAA4B,CAC1C,OAAO,EAAE,oBAAoB,EAC7B,aAAa,GAAE,6BAAkC,GAChD,sBAAsB,CAwCxB;AAED,wBAAgB,4BAA4B,CAAC,OAAO,EAAE,oBAAoB,GAAG,sBAAsB,CAwBlG;AAED,YAAY,EACV,mBAAmB,EACnB,sBAAsB,EACtB,6BAA6B,EAC7B,uBAAuB,EACvB,sBAAsB,EACtB,sBAAsB,EACtB,uBAAuB,GACxB,MAAM,WAAW,CAAC"}

package/dist/framework/recipes.js

@@ -0,0 +1,108 @@
+function isErrorWithCode(value) {
+    return typeof value === "object" && value !== null && typeof value.code === "string";
+}
+/** SEC-M6: Generic user-facing messages for production. */
+const SANITIZED_MESSAGES = {
+    PUREQ_AUTH_MISSING_TOKEN: "Authentication required",
+    PUREQ_AUTH_UNAUTHORIZED: "Authentication required",
+    PUREQ_AUTH_EXPIRED: "Session expired",
+    PUREQ_AUTH_INVALID_TOKEN: "Invalid credentials",
+    PUREQ_AUTH_REFRESH_FAILED: "Session expired",
+    PUREQ_AUTH_CSRF_INVALID: "Request validation failed",
+    PUREQ_AUTH_CSRF_FAILED: "Request validation failed",
+    PUREQ_AUTH_CSRF_INVALID_TOKEN: "Request validation failed",
+    PUREQ_AUTH_REVOKED: "Session has been revoked",
+    PUREQ_AUTH_INVALID_CREDENTIALS: "Invalid credentials",
+};
+export function mapAuthErrorToHttp(error, sanitize = false) {
+    if (!isErrorWithCode(error)) {
+        const message = sanitize ? "Internal server error" : (error instanceof Error ? error.message : "internal auth error");
+        return {
+            status: 500,
+            message,
+        };
+    }
+    const code = error.code;
+    const rawMessage = typeof error.message === "string" && error.message.trim() ? error.message : "auth error";
+    const message = sanitize ? (SANITIZED_MESSAGES[code] ?? "Authentication error") : rawMessage;
+    if (code === "PUREQ_AUTH_MISSING_TOKEN" || code === "PUREQ_AUTH_UNAUTHORIZED") {
+        return { status: 401, code, message };
+    }
+    if (code === "PUREQ_AUTH_EXPIRED" || code === "PUREQ_AUTH_INVALID_TOKEN") {
+        return { status: 401, code, message };
+    }
+    if (code === "PUREQ_AUTH_REFRESH_FAILED") {
+        return { status: 401, code, message };
+    }
+    if (code === "PUREQ_AUTH_CSRF_INVALID" ||
+        code === "PUREQ_AUTH_CSRF_FAILED" ||
+        code === "PUREQ_AUTH_CSRF_INVALID_TOKEN") {
+        return { status: 403, code, message };
+    }
+    if (code === "PUREQ_AUTH_REVOKED") {
+        return { status: 401, code, message };
+    }
+    if (code.startsWith("PUREQ_OIDC_")) {
+        return { status: 400, code, message };
+    }
+    return { status: 500, code, message };
+}
+export function createAuthRouteHandlerRecipe(context, recipeOptions = {}) {
+    const sanitize = recipeOptions.sanitizeErrors ?? true;
+    return {
+        context,
+        ok(body = null, init = {}) {
+            return new Response(body, context.toResponseInit(init));
+        },
+        json(value, init = {}) {
+            const headers = new Headers(init.headers);
+            if (!headers.has("content-type")) {
+                headers.set("content-type", "application/json; charset=utf-8");
+            }
+            return new Response(JSON.stringify(value), context.toResponseInit({ ...init, headers }));
+        },
+        error(error, init = {}) {
+            const mapped = mapAuthErrorToHttp(error, sanitize);
+            const headers = new Headers(init.headers);
+            if (!headers.has("content-type")) {
+                headers.set("content-type", "application/json; charset=utf-8");
+            }
+            return new Response(JSON.stringify({
+                error: {
+                    code: mapped.code,
+                    message: mapped.message,
+                },
+            }), context.toResponseInit({
+                ...init,
+                status: init.status ?? mapped.status,
+                headers,
+            }));
+        },
+    };
+}
+export function createAuthServerActionRecipe(context) {
+    return {
+        context,
+        async run(action) {
+            try {
+                const data = await action();
+                return {
+                    ok: true,
+                    data,
+                    transferPayload: context.toSessionTransferPayload(),
+                    responseInit: context.toResponseInit({ status: 200 }),
+                };
+            }
+            catch (error) {
+                const mapped = mapAuthErrorToHttp(error, true);
+                return {
+                    ok: false,
+                    error: mapped,
+                    transferPayload: context.toSessionTransferPayload(),
+                    responseInit: context.toResponseInit({ status: mapped.status }),
+                };
+            }
+        },
+    };
+}
+//# sourceMappingURL=recipes.js.map

package/dist/framework/recipes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"recipes.js","sourceRoot":"","sources":["../../src/framework/recipes.ts"],"names":[],"mappings":"AASA,SAAS,eAAe,CAAC,KAAc;IACrC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,OAAQ,KAAqC,CAAC,IAAI,KAAK,QAAQ,CAAC;AACxH,CAAC;AAED,2DAA2D;AAC3D,MAAM,kBAAkB,GAAqC;IAC3D,wBAAwB,EAAE,yBAAyB;IACnD,uBAAuB,EAAE,yBAAyB;IAClD,kBAAkB,EAAE,iBAAiB;IACrC,wBAAwB,EAAE,qBAAqB;IAC/C,yBAAyB,EAAE,iBAAiB;IAC5C,uBAAuB,EAAE,2BAA2B;IACpD,sBAAsB,EAAE,2BAA2B;IACnD,6BAA6B,EAAE,2BAA2B;IAC1D,kBAAkB,EAAE,0BAA0B;IAC9C,8BAA8B,EAAE,qBAAqB;CACtD,CAAC;AAEF,MAAM,UAAU,kBAAkB,CAAC,KAAc,EAAE,QAAQ,GAAG,KAAK;IACjE,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5B,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC;QACtH,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO;SACR,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;IACxB,MAAM,UAAU,GACd,OAAO,KAAK,CAAC,OAAO,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC;IAC3F,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,sBAAsB,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC;IAE7F,IAAI,IAAI,KAAK,0BAA0B,IAAI,IAAI,KAAK,yBAAyB,EAAE,CAAC;QAC9E,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;IACxC,CAAC;IAED,IAAI,IAAI,KAAK,oBAAoB,IAAI,IAAI,KAAK,0BAA0B,EAAE,CAAC;QACzE,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;IACxC,CAAC;IAED,IAAI,IAAI,KAAK,2BAA2B,EAAE,CAAC;QACzC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;IACxC,CAAC;IAED,IACE,IAAI,KAAK,yBAAyB;QAClC,IAAI,KAAK,wBAAwB;QACjC,IAAI,KAAK,+BAA+B,EACxC,CAAC;QACD,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;IACxC,CAAC;IAED,IAAI,IAAI,KAAK,oBAAoB,EAAE,CAAC;QAClC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;IACxC,CAAC;IAED,IAAI,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QACnC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;IACxC,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;AACxC,CAAC;AAED,MAAM,UAAU,4BAA4B,CAC1C,OAA6B,EAC7B,gBAA+C,EAAE;IAEjD,MAAM,QAAQ,GAAG,aAAa,CAAC,cAAc,IAAI,IAAI,CAAC;IAEtD,OAAO;QACL,OAAO;QAEP,EAAE,CAAC,OAAwB,IAAI,EAAE,OAAqB,EAAE;YACtD,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC;QAC1D,CAAC;QAED,IAAI,CAAC,KAAc,EAAE,OAAqB,EAAE;YAC1C,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC1C,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,CAAC;gBACjC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,iCAAiC,CAAC,CAAC;YACjE,CAAC;YACD,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC,cAAc,CAAC,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;QAC3F,CAAC;QAED,KAAK,CAAC,KAAc,EAAE,OAAqB,EAAE;YAC3C,MAAM,MAAM,GAAG,kBAAkB,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;YACnD,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC1C,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,CAAC;gBACjC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,iCAAiC,CAAC,CAAC;YACjE,CAAC;YAED,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;gBACb,KAAK,EAAE;oBACL,IAAI,EAAE,MAAM,CAAC,IAAI;oBACjB,OAAO,EAAE,MAAM,CAAC,OAAO;iBACxB;aACF,CAAC,EACF,OAAO,CAAC,cAAc,CAAC;gBACrB,GAAG,IAAI;gBACP,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM;gBACpC,OAAO;aACR,CAAC,CACH,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,4BAA4B,CAAC,OAA6B;IACxE,OAAO;QACL,OAAO;QAEP,KAAK,CAAC,GAAG,CAAI,MAA4B;YACvC,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,MAAM,MAAM,EAAE,CAAC;gBAC5B,OAAO;oBACL,EAAE,EAAE,IAAI;oBACR,IAAI;oBACJ,eAAe,EAAE,OAAO,CAAC,wBAAwB,EAAE;oBACnD,YAAY,EAAE,OAAO,CAAC,cAAc,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;iBACtD,CAAC;YACJ,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,MAAM,GAAG,kBAAkB,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;gBAC/C,OAAO;oBACL,EAAE,EAAE,KAAK;oBACT,KAAK,EAAE,MAAM;oBACb,eAAe,EAAE,OAAO,CAAC,wBAAwB,EAAE;oBACnD,YAAY,EAAE,OAAO,CAAC,cAAc,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC;iBAChE,CAAC;YACJ,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/hooks/index.d.ts

@@ -0,0 +1,11 @@
+import type { AuthSessionManager, AuthSessionStore, AuthSessionStoreOptions } from "../shared";
+export { createReactAuthHooks } from "./react";
+export { createVueAuthSessionComposable } from "./vue";
+/**
+ * Create a subscribable session store that bridges session manager events to UI frameworks.
+ * FEAT-M2: Tracks loading/authenticated/unauthenticated status.
+ * FEAT-M3: Provides update() method for server-round-trip session updates.
+ */
+export declare function createAuthSessionStore(session: AuthSessionManager, options?: AuthSessionStoreOptions): AuthSessionStore;
+export type { AuthSessionStore, AuthSessionStoreOptions } from "../shared";
+//# sourceMappingURL=index.d.ts.map

package/dist/hooks/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/hooks/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAuC,gBAAgB,EAAE,uBAAuB,EAAE,MAAM,WAAW,CAAC;AACpI,OAAO,EAAE,oBAAoB,EAAE,MAAM,SAAS,CAAC;AAC/C,OAAO,EAAE,8BAA8B,EAAE,MAAM,OAAO,CAAC;AASvD;;;;GAIG;AACH,wBAAgB,sBAAsB,CACpC,OAAO,EAAE,kBAAkB,EAC3B,OAAO,GAAE,uBAA4B,GACpC,gBAAgB,CAkGlB;AAED,YAAY,EAAE,gBAAgB,EAAE,uBAAuB,EAAE,MAAM,WAAW,CAAC"}

package/dist/hooks/index.js

@@ -0,0 +1,95 @@
+export { createReactAuthHooks } from "./react";
+export { createVueAuthSessionComposable } from "./vue";
+function emptyState() {
+    return {
+        accessToken: null,
+        refreshToken: null,
+    };
+}
+/**
+ * Create a subscribable session store that bridges session manager events to UI frameworks.
+ * FEAT-M2: Tracks loading/authenticated/unauthenticated status.
+ * FEAT-M3: Provides update() method for server-round-trip session updates.
+ */
+export function createAuthSessionStore(session, options = {}) {
+    let disposed = false;
+    let snapshot = options.transferPayload?.state ?? options.initialState ?? emptyState();
+    let status = "loading";
+    const listeners = new Set();
+    const notify = () => {
+        for (const listener of listeners) {
+            listener();
+        }
+    };
+    const setSnapshot = (next) => {
+        snapshot = next;
+        status = next.accessToken ? "authenticated" : "unauthenticated";
+        notify();
+    };
+    const normalizeEventState = (eventType, eventState) => {
+        if (eventState) {
+            return eventState;
+        }
+        if (eventType === "tokens-cleared" || eventType === "session-logout") {
+            return emptyState();
+        }
+        return null;
+    };
+    const unsubscribeSession = session.onEvent((event) => {
+        if (disposed) {
+            return;
+        }
+        const next = normalizeEventState(event.type, event.state);
+        if (next) {
+            setSnapshot(next);
+        }
+    });
+    void session.getState().then((state) => {
+        if (!disposed) {
+            setSnapshot(state);
+        }
+    });
+    return {
+        getSnapshot() {
+            return snapshot;
+        },
+        getStatus() {
+            return status;
+        },
+        subscribe(listener) {
+            if (disposed) {
+                return () => { };
+            }
+            listeners.add(listener);
+            return () => {
+                listeners.delete(listener);
+            };
+        },
+        async refresh() {
+            if (disposed) {
+                return snapshot;
+            }
+            const state = await session.getState();
+            setSnapshot(state);
+            return state;
+        },
+        /** FEAT-M3: Trigger a server-round-trip session update. */
+        async update() {
+            if (disposed) {
+                return snapshot;
+            }
+            const state = await session.getState();
+            setSnapshot(state);
+            return state;
+        },
+        dispose() {
+            if (disposed) {
+                return;
+            }
+            disposed = true;
+            unsubscribeSession();
+            listeners.clear();
+        },
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/hooks/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/hooks/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,SAAS,CAAC;AAC/C,OAAO,EAAE,8BAA8B,EAAE,MAAM,OAAO,CAAC;AAEvD,SAAS,UAAU;IACjB,OAAO;QACL,WAAW,EAAE,IAAI;QACjB,YAAY,EAAE,IAAI;KACnB,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,sBAAsB,CACpC,OAA2B,EAC3B,UAAmC,EAAE;IAErC,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,IAAI,QAAQ,GAAG,OAAO,CAAC,eAAe,EAAE,KAAK,IAAI,OAAO,CAAC,YAAY,IAAI,UAAU,EAAE,CAAC;IACtF,IAAI,MAAM,GAAsB,SAAS,CAAC;IAC1C,MAAM,SAAS,GAAG,IAAI,GAAG,EAAc,CAAC;IAExC,MAAM,MAAM,GAAG,GAAS,EAAE;QACxB,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;YACjC,QAAQ,EAAE,CAAC;QACb,CAAC;IACH,CAAC,CAAC;IAEF,MAAM,WAAW,GAAG,CAAC,IAAsB,EAAQ,EAAE;QACnD,QAAQ,GAAG,IAAI,CAAC;QAChB,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,iBAAiB,CAAC;QAChE,MAAM,EAAE,CAAC;IACX,CAAC,CAAC;IAEF,MAAM,mBAAmB,GAAG,CAAC,SAAiB,EAAE,UAA6B,EAA2B,EAAE;QACxG,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,UAAU,CAAC;QACpB,CAAC;QAED,IAAI,SAAS,KAAK,gBAAgB,IAAI,SAAS,KAAK,gBAAgB,EAAE,CAAC;YACrE,OAAO,UAAU,EAAE,CAAC;QACtB,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;IAEF,MAAM,kBAAkB,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;QACnD,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,MAAM,IAAI,GAAG,mBAAmB,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;QAC1D,IAAI,IAAI,EAAE,CAAC;YACT,WAAW,CAAC,IAAI,CAAC,CAAC;QACpB,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,KAAK,OAAO,CAAC,QAAQ,EAAE,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE;QACrC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,WAAW,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,WAAW;YACT,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,SAAS;YACP,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,SAAS,CAAC,QAAoB;YAC5B,IAAI,QAAQ,EAAE,CAAC;gBACb,OAAO,GAAG,EAAE,GAAE,CAAC,CAAC;YAClB,CAAC;YAED,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACxB,OAAO,GAAG,EAAE;gBACV,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC7B,CAAC,CAAC;QACJ,CAAC;QAED,KAAK,CAAC,OAAO;YACX,IAAI,QAAQ,EAAE,CAAC;gBACb,OAAO,QAAQ,CAAC;YAClB,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,QAAQ,EAAE,CAAC;YACvC,WAAW,CAAC,KAAK,CAAC,CAAC;YACnB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,2DAA2D;QAC3D,KAAK,CAAC,MAAM;YACV,IAAI,QAAQ,EAAE,CAAC;gBACb,OAAO,QAAQ,CAAC;YAClB,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,QAAQ,EAAE,CAAC;YACvC,WAAW,CAAC,KAAK,CAAC,CAAC;YACnB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO;YACL,IAAI,QAAQ,EAAE,CAAC;gBACb,OAAO;YACT,CAAC;YAED,QAAQ,GAAG,IAAI,CAAC;YAChB,kBAAkB,EAAE,CAAC;YACrB,SAAS,CAAC,KAAK,EAAE,CAAC;QACpB,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/hooks/react.d.ts

@@ -0,0 +1,9 @@
+import type { AuthSessionStore, ReactAuthHooks, ReactUseSyncExternalStore } from "../shared";
+/**
+ * Create React hooks for auth session state.
+ * FEAT-M2: Returns { data, status, update } instead of just AuthSessionState.
+ * DX-M2: Can be used with React context for SessionProvider pattern.
+ */
+export declare function createReactAuthHooks(sessionStore: AuthSessionStore, useSyncExternalStore: ReactUseSyncExternalStore): ReactAuthHooks;
+export type { ReactAuthHooks, ReactUseSyncExternalStore } from "../shared";
+//# sourceMappingURL=react.d.ts.map

package/dist/hooks/react.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"react.d.ts","sourceRoot":"","sources":["../../src/hooks/react.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAyB,gBAAgB,EAAE,cAAc,EAAE,yBAAyB,EAAE,MAAM,WAAW,CAAC;AAEpH;;;;GAIG;AACH,wBAAgB,oBAAoB,CAClC,YAAY,EAAE,gBAAgB,EAC9B,oBAAoB,EAAE,yBAAyB,GAC9C,cAAc,CAwBhB;AAED,YAAY,EAAE,cAAc,EAAE,yBAAyB,EAAE,MAAM,WAAW,CAAC"}

package/dist/hooks/react.js

@@ -0,0 +1,24 @@
+/**
+ * Create React hooks for auth session state.
+ * FEAT-M2: Returns { data, status, update } instead of just AuthSessionState.
+ * DX-M2: Can be used with React context for SessionProvider pattern.
+ */
+export function createReactAuthHooks(sessionStore, useSyncExternalStore) {
+    return {
+        useAuthSession() {
+            const data = useSyncExternalStore(sessionStore.subscribe, sessionStore.getSnapshot, sessionStore.getSnapshot);
+            return {
+                data,
+                status: sessionStore.getStatus(),
+                update: () => sessionStore.update(),
+            };
+        },
+        refreshAuthSession() {
+            return sessionStore.refresh();
+        },
+        disposeAuthSessionStore() {
+            sessionStore.dispose();
+        },
+    };
+}
+//# sourceMappingURL=react.js.map

package/dist/hooks/react.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"react.js","sourceRoot":"","sources":["../../src/hooks/react.ts"],"names":[],"mappings":"AAEA;;;;GAIG;AACH,MAAM,UAAU,oBAAoB,CAClC,YAA8B,EAC9B,oBAA+C;IAE/C,OAAO;QACL,cAAc;YACZ,MAAM,IAAI,GAAG,oBAAoB,CAC/B,YAAY,CAAC,SAAS,EACtB,YAAY,CAAC,WAAW,EACxB,YAAY,CAAC,WAAW,CACzB,CAAC;YAEF,OAAO;gBACL,IAAI;gBACJ,MAAM,EAAE,YAAY,CAAC,SAAS,EAAE;gBAChC,MAAM,EAAE,GAAG,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE;aACpC,CAAC;QACJ,CAAC;QAED,kBAAkB;YAChB,OAAO,YAAY,CAAC,OAAO,EAAE,CAAC;QAChC,CAAC;QAED,uBAAuB;YACrB,YAAY,CAAC,OAAO,EAAE,CAAC;QACzB,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/hooks/vue.d.ts

@@ -0,0 +1,4 @@
+import type { AuthSessionStore, VueAuthSessionComposable, VueRuntimeBindings } from "../shared";
+export declare function createVueAuthSessionComposable(sessionStore: AuthSessionStore, runtime: VueRuntimeBindings): () => VueAuthSessionComposable;
+export type { VueAuthSessionComposable, VueRuntimeBindings } from "../shared";
+//# sourceMappingURL=vue.d.ts.map

package/dist/hooks/vue.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"vue.d.ts","sourceRoot":"","sources":["../../src/hooks/vue.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,gBAAgB,EAChB,wBAAwB,EAExB,kBAAkB,EACnB,MAAM,WAAW,CAAC;AAEnB,wBAAgB,8BAA8B,CAC5C,YAAY,EAAE,gBAAgB,EAC9B,OAAO,EAAE,kBAAkB,GAC1B,MAAM,wBAAwB,CAqChC;AAED,YAAY,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAC"}

package/dist/hooks/vue.js

@@ -0,0 +1,32 @@
+export function createVueAuthSessionComposable(sessionStore, runtime) {
+    return () => {
+        const sessionRef = runtime.ref(sessionStore.getSnapshot());
+        const syncFromStore = () => {
+            sessionRef.value = sessionStore.getSnapshot();
+        };
+        const subscribe = () => {
+            return sessionStore.subscribe(syncFromStore);
+        };
+        let unsubscribe = subscribe();
+        if (runtime.onMounted) {
+            runtime.onMounted(() => {
+                unsubscribe();
+                unsubscribe = subscribe();
+            });
+        }
+        if (runtime.onBeforeUnmount) {
+            runtime.onBeforeUnmount(() => {
+                unsubscribe();
+            });
+        }
+        const session = (runtime.readonly
+            ? runtime.readonly(sessionRef)
+            : sessionRef);
+        return {
+            session,
+            refreshAuthSession: () => sessionStore.refresh(),
+            disposeAuthSessionStore: () => sessionStore.dispose(),
+        };
+    };
+}
+//# sourceMappingURL=vue.js.map

package/dist/hooks/vue.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"vue.js","sourceRoot":"","sources":["../../src/hooks/vue.ts"],"names":[],"mappings":"AAOA,MAAM,UAAU,8BAA8B,CAC5C,YAA8B,EAC9B,OAA2B;IAE3B,OAAO,GAAG,EAAE;QACV,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,WAAW,EAAE,CAAC,CAAC;QAE3D,MAAM,aAAa,GAAG,GAAS,EAAE;YAC/B,UAAU,CAAC,KAAK,GAAG,YAAY,CAAC,WAAW,EAAE,CAAC;QAChD,CAAC,CAAC;QAEF,MAAM,SAAS,GAAG,GAAiB,EAAE;YACnC,OAAO,YAAY,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;QAC/C,CAAC,CAAC;QAEF,IAAI,WAAW,GAAG,SAAS,EAAE,CAAC;QAE9B,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;YACtB,OAAO,CAAC,SAAS,CAAC,GAAG,EAAE;gBACrB,WAAW,EAAE,CAAC;gBACd,WAAW,GAAG,SAAS,EAAE,CAAC;YAC5B,CAAC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;YAC5B,OAAO,CAAC,eAAe,CAAC,GAAG,EAAE;gBAC3B,WAAW,EAAE,CAAC;YAChB,CAAC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,OAAO,GAAG,CAAC,OAAO,CAAC,QAAQ;YAC/B,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC;YAC9B,CAAC,CAAC,UAAU,CAA4D,CAAC;QAE3E,OAAO;YACL,OAAO;YACP,kBAAkB,EAAE,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE;YAChD,uBAAuB,EAAE,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE;SACtD,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC"}