@qlever-llc/trellis 0.10.18 → 0.10.20

package/src/auth/browser.ts

@@ -19,6 +19,11 @@ export {
   type SentinelCreds,
   startAuthRequest,
 } from "./browser/login.js";
+export {
+  completeSessionLogout,
+  type CompleteSessionLogoutArgs,
+  logoutSession,
+} from "./browser/logout.js";
 export {
   type ApprovalDecision,
   fetchPortalFlowState,
@@ -38,6 +43,7 @@ export {
   getPublicSessionKey,
   hasSessionKey,
   loadSessionKey,
+  logoutSessionSig,
   natsConnectSigForIat,
   type SessionKeyHandle,
   type SessionKeyOptions,
@@ -57,6 +63,12 @@ export {
   approvalCapabilityKeys,
   type ApprovalDecision as ApprovalDecisionData,
   ApprovalDecisionSchema,
+  type AuthLogoutRequest as AuthLogoutRequestData,
+  AuthLogoutRequestSchema,
+  type AuthLogoutResponse as AuthLogoutResponseData,
+  type AuthLogoutResponseMode as AuthLogoutResponseModeData,
+  AuthLogoutResponseModeSchema,
+  AuthLogoutResponseSchema,
   type AuthStartFlowResponse as AuthStartFlowResponseData,
   AuthStartFlowResponseSchema,
   type AuthStartRequest as AuthStartRequestData,
@@ -67,6 +79,7 @@ export {
   BindResponseSchema,
   type BindSuccessResponse as BindSuccessResponseData,
   BindSuccessResponseSchema,
+  buildLogoutSignaturePayload,
   type ClientTransportEndpoints as ClientTransportEndpointsData,
   ClientTransportEndpointsSchema,
   type ClientTransports as ClientTransportsData,
@@ -74,6 +87,7 @@ export {
   type ContractApproval as ContractApprovalData,
   type ContractApprovalCapability as ContractApprovalCapabilityData,
   ContractApprovalSchema,
+  type LogoutSignaturePayloadInput as LogoutSignaturePayloadInputData,
   type NatsAuthTokenV1 as NatsAuthTokenV1Data,
   NatsAuthTokenV1Schema,
   type SentinelCreds as SentinelCredsData,

package/src/auth/mod.ts

@@ -48,6 +48,8 @@ export {
   buildLoginUrl,
   classifyBrowserAuthError,
   clearSessionKey,
+  completeSessionLogout,
+  type CompleteSessionLogoutArgs,
   createRpcProof,
   fetchPortalFlowState,
   generateSessionKey,
@@ -57,6 +59,8 @@ export {
   isBindSuccessResponse,
   isRecoverableBrowserAuthError,
   loadSessionKey,
+  logoutSession,
+  logoutSessionSig,
   natsConnectSigForIat,
   portalFlowIdFromUrl,
   portalProviderLoginUrl,
@@ -321,6 +325,12 @@ export {
   approvalCapabilityKeys,
   type ApprovalDecision,
   ApprovalDecisionSchema,
+  type AuthLogoutRequest,
+  AuthLogoutRequestSchema,
+  type AuthLogoutResponse,
+  type AuthLogoutResponseMode,
+  AuthLogoutResponseModeSchema,
+  AuthLogoutResponseSchema,
   type AuthStartFlowResponse,
   AuthStartFlowResponseSchema,
   type AuthStartRequest,
@@ -331,6 +341,7 @@ export {
   BindResponseSchema,
   type BindSuccessResponse,
   BindSuccessResponseSchema,
+  buildLogoutSignaturePayload,
   type ClientTransportEndpoints,
   ClientTransportEndpointsSchema,
   type ClientTransports,
@@ -338,6 +349,7 @@ export {
   type ContractApproval,
   type ContractApprovalCapability,
   ContractApprovalSchema,
+  type LogoutSignaturePayloadInput,
   type NatsAuthTokenV1,
   NatsAuthTokenV1Schema,
   type SentinelCreds,

package/src/auth/schemas.ts

@@ -1,5 +1,6 @@
 import type { StaticDecode } from "typebox";
 import { Type } from "typebox";
+import { canonicalizeJsonValue } from "./utils.js";
 
 const SessionKeySchema = Type.String({
   pattern: "^[A-Za-z0-9_-]{43}$",
@@ -9,6 +10,43 @@ const SignatureSchema = Type.String({
   pattern: "^[A-Za-z0-9_-]{86}$",
 });
 
+export const AuthLogoutResponseModeSchema = Type.Union([
+  Type.Literal("json"),
+  Type.Literal("redirect"),
+]);
+
+export type AuthLogoutResponseMode = StaticDecode<
+  typeof AuthLogoutResponseModeSchema
+>;
+
+export type LogoutSignaturePayloadInput = {
+  iat: number;
+  providerLogout?: boolean;
+  federatedProviderLogout?: boolean;
+  returnTo?: string;
+  responseMode?: AuthLogoutResponseMode;
+};
+
+/** Builds the canonical value signed for POST-based HTTP logout requests. */
+export function buildLogoutSignaturePayload(
+  input: LogoutSignaturePayloadInput,
+): string {
+  const payload: Record<string, boolean | number | string> = { iat: input.iat };
+  if (input.providerLogout !== undefined) {
+    payload.providerLogout = input.providerLogout;
+  }
+  if (input.federatedProviderLogout !== undefined) {
+    payload.federatedProviderLogout = input.federatedProviderLogout;
+  }
+  if (input.returnTo !== undefined) {
+    payload.returnTo = input.returnTo;
+  }
+  if (input.responseMode !== undefined) {
+    payload.responseMode = input.responseMode;
+  }
+  return canonicalizeJsonValue(payload);
+}
+
 export const ContractDigestSchema = Type.String({
   pattern: "^[A-Za-z0-9_-]+$",
 });
@@ -117,6 +155,26 @@ export const AuthStartRequestSchema = Type.Object({
   context: Type.Optional(OpenObjectSchema),
 });
 
+export const AuthLogoutRequestSchema = Type.Object({
+  sessionKey: SessionKeySchema,
+  iat: Type.Integer(),
+  sig: SignatureSchema,
+  providerLogout: Type.Optional(Type.Boolean()),
+  federatedProviderLogout: Type.Optional(Type.Boolean()),
+  returnTo: Type.Optional(Type.String({ minLength: 1 })),
+  responseMode: Type.Optional(AuthLogoutResponseModeSchema),
+}, { additionalProperties: true });
+
+export const AuthLogoutResponseSchema = Type.Object({
+  success: Type.Literal(true),
+  redirectTo: Type.Optional(
+    Type.String({ format: "uri", pattern: "^https?://", minLength: 1 }),
+  ),
+}, { additionalProperties: false });
+
+export type AuthLogoutRequest = StaticDecode<typeof AuthLogoutRequestSchema>;
+export type AuthLogoutResponse = StaticDecode<typeof AuthLogoutResponseSchema>;
+
 export const AuthStartFlowResponseSchema = Type.Object({
   status: Type.Literal("flow_started"),
   flowId: Type.String({ minLength: 1 }),

package/src/browser.ts

@@ -54,6 +54,7 @@ export {
 export type {
   CursorPage,
   CursorPageInfo,
+  CursorPageResponseSchema,
   CursorQuery,
   CursorQueryOptions,
   ErrorClass,

package/src/contract_support/mod.ts

@@ -89,6 +89,7 @@ export {
   type CursorPage,
   type CursorPageInfo,
   CursorPageInfoSchema,
+  type CursorPageResponseSchema,
   CursorPageSchema,
   type CursorQuery,
   type CursorQueryOptions,

package/src/contract_support/protocol.ts

@@ -1,4 +1,9 @@
-import Type, { type Static, type TSchema } from "typebox";
+import Type, {
+  type Static,
+  type TArray,
+  type TObject,
+  type TSchema,
+} from "typebox";
 
 function parseIsoDate(value: string): Date {
   const parsed = new Date(value);
@@ -356,8 +361,16 @@ export const CursorPageInfoSchema = Type.Object({
 /** Cursor pagination response metadata. */
 export type CursorPageInfo = Static<typeof CursorPageInfoSchema>;
 
+/** TypeBox schema for a cursor page response with typed items. */
+export type CursorPageResponseSchema<TItem extends TSchema> = TObject<{
+  items: TArray<TItem>;
+  page: typeof CursorPageInfoSchema;
+}>;
+
 /** Create a schema for a cursor page response with typed items. */
-export function CursorPageSchema<TItem extends TSchema>(item: TItem) {
+export function CursorPageSchema<TItem extends TSchema>(
+  item: TItem,
+): CursorPageResponseSchema<TItem> {
   return Type.Object({
     items: Type.Array(item, { default: [] }),
     page: CursorPageInfoSchema,

package/src/index.ts

@@ -70,6 +70,7 @@ export {
 export type {
   CursorPage,
   CursorPageInfo,
+  CursorPageResponseSchema,
   CursorQuery,
   CursorQueryOptions,
   ErrorClass,

package/src/models/auth/rpc/Logout.ts

@@ -2,6 +2,7 @@ import Type, { type Static } from "typebox";
 
 export const AuthSessionsLogoutSchema = Type.Object(
   {},
+  { additionalProperties: true },
 );
 export type AuthSessionsLogoutInput = Static<typeof AuthSessionsLogoutSchema>;
 
@@ -9,6 +10,7 @@ export const AuthSessionsLogoutResponseSchema = Type.Object(
   {
     success: Type.Boolean(),
   },
+  { additionalProperties: false },
 );
 export type AuthSessionsLogoutResponse = Static<
   typeof AuthSessionsLogoutResponseSchema

package/src/sdk/_generated/auth/contract.ts

@@ -13,7 +13,7 @@ const CONTRACT_MODULE_METADATA = Symbol.for(
 
 export const CONTRACT_ID = "trellis.auth@v1" as const;
 export const CONTRACT_DIGEST =
-  "U-Y6P1smzJB4MeG6NdhDuZ0CTT2BWOud9iL1zIQktMM" as const;
+  "x-9_MjfSThvbn1yc9jAWbaraniKLZ74oUeUqqtZijXQ" as const;
 export const CONTRACT = {
   "capabilities": {
     "trellis.auth::device.review": {
@@ -7322,8 +7322,13 @@ export const CONTRACT = {
       "required": ["entries", "count", "offset", "limit"],
       "type": "object",
     },
-    "AuthSessionsLogoutRequest": { "properties": {}, "type": "object" },
+    "AuthSessionsLogoutRequest": {
+      "additionalProperties": true,
+      "properties": {},
+      "type": "object",
+    },
     "AuthSessionsLogoutResponse": {
+      "additionalProperties": false,
       "properties": { "success": { "type": "boolean" } },
       "required": ["success"],
       "type": "object",

package/src/sdk/_generated/auth/schemas.ts

@@ -6138,11 +6138,13 @@ export const AuthSessionsListResponseSchema = {
 } as const;
 
 export const AuthSessionsLogoutRequestSchema = {
+  "additionalProperties": true,
   "properties": {},
   "type": "object",
 } as const;
 
 export const AuthSessionsLogoutResponseSchema = {
+  "additionalProperties": false,
   "properties": { "success": { "type": "boolean" } },
   "required": ["success"],
   "type": "object",

package/src/sdk/_generated/auth/types.ts

@@ -4,7 +4,7 @@ import type { API } from "./api.js";
 
 export const CONTRACT_ID = "trellis.auth@v1" as const;
 export const CONTRACT_DIGEST =
-  "U-Y6P1smzJB4MeG6NdhDuZ0CTT2BWOud9iL1zIQktMM" as const;
+  "x-9_MjfSThvbn1yc9jAWbaraniKLZ74oUeUqqtZijXQ" as const;
 
 export type AuthCapabilitiesListInput = { limit: number; offset?: number };
 export type AuthCapabilitiesListOutput = {
@@ -2083,7 +2083,7 @@ export type AuthSessionsListOutput = {
   offset: number;
 };
 
-export type AuthSessionsLogoutInput = {};
+export type AuthSessionsLogoutInput = { [k: string]: unknown };
 export type AuthSessionsLogoutOutput = { success: boolean };
 
 export type AuthSessionsMeInput = {};