@rudderjs/auth 0.2.0 → 0.2.1

package/README.md

@@ -29,51 +29,93 @@ export default {
 // bootstrap/providers.ts
 import { session } from '@rudderjs/session'
 import { hash } from '@rudderjs/hash'
-import { auth } from '@rudderjs/auth'
+import { authProvider } from '@rudderjs/auth'
 
 export default [
   session(configs.session),
   hash(configs.hash),
-  auth(configs.auth),
+  authProvider(configs.auth),
 ]
 ```
 
+> `authProvider()` is the service-provider factory.
+> `auth()` (lowercase) is the per-request helper — see below.
+
 ## Usage
 
-### Auth Facade
+### Reading the current user
+
+Three equivalent shapes, pick whichever reads best at the call site:
 
 ```ts
-import { Auth } from '@rudderjs/auth'
+import { auth, Auth } from '@rudderjs/auth'
+
+// 1. `auth()` helper — Laravel's `auth()->user()`
+const user = await auth().user()
+const ok   = await auth().check()
+const user = await auth().guard('api').user()  // non-default guard
+
+// 2. `Auth` facade — same thing, static methods
+const user = await Auth.user()
+const ok   = await Auth.check()
+
+// 3. `req.user` — populated on every request, zero await
+Route.get('/profile', async (req) => {
+  return { user: req.user ?? null }
+})
+```
+
+None of these require attaching any middleware per-route. The `authProvider()`
+service provider installs `AuthMiddleware` as a global router middleware at
+boot, so every request has the auth context ready before your handler runs.
+
+### Login / logout
 
-// Attempt login
+```ts
+// Attempt with credentials
 const success = await Auth.attempt({ email, password })
 
-// Manual login/logout
-Auth.login(user)
-Auth.logout()
+// Manual login (after a sign-up flow, social login, etc.)
+await Auth.login(user)
 
-// Current user
-const user = await Auth.user()    // Authenticatable | null
-const id = await Auth.id()        // string | null
-const ok = await Auth.check()     // boolean
-const no = await Auth.guest()     // boolean
+// Logout
+await Auth.logout()
+```
 
-// Switch guard
-Auth.guard('api').user()
+### Route protection
+
+```ts
+import { RequireAuth, RequireGuest } from '@rudderjs/auth'
+
+// 401 if not logged in
+Route.post('/posts', handler, [RequireAuth()])
+
+// Bounce already-logged-in users away (e.g. /login, /register)
+Route.get('/login', showLoginPage, [RequireGuest('/')])
 ```
 
-### Middleware
+### `AuthMiddleware` — advanced only
 
 ```ts
-import { AuthMiddleware, RequireAuth } from '@rudderjs/auth'
+import { AuthMiddleware } from '@rudderjs/auth'
+```
 
-// Attach user to request (non-blocking)
-Route.get('/profile', handler, [AuthMiddleware()])
+**You don't normally attach this.** The `authProvider()` service provider
+already installs `AuthMiddleware()` globally, so `req.user` and `auth()` work
+on every route without wiring. The only time to reach for it manually is to
+run a **non-default guard** on a specific route — the RudderJS equivalent of
+Laravel's `->middleware('auth:api')`:
 
-// Require authentication (returns 401 if not logged in)
-Route.post('/posts', handler, [RequireAuth()])
+```ts
+Route.get('/api/admin/stats', handler, [
+  AuthMiddleware('api'),   // populate req.user using the 'api' guard
+  RequireAuth('api'),      // 401 if not authenticated against 'api'
+])
 ```
 
+In normal app code you can forget `AuthMiddleware` exists — use `auth()`,
+`Auth`, or `req.user` directly.
+
 ### Authenticatable Contract
 
 Your User model must implement:

package/boost/skills/auth-setup/SKILL.md

@@ -0,0 +1,273 @@
+---
+name: auth-setup
+description: Setting up authentication with guards, sessions, registration, password reset, gates/policies, and vendor views in RudderJS
+---
+
+# Auth Setup
+
+## When to use this skill
+
+Load this skill when you need to set up authentication, configure guards, add login/register views, implement authorization gates/policies, or work with password reset and email verification.
+
+## Key concepts
+
+- **AuthManager**: Process-wide DI singleton that creates fresh `SessionGuard` instances per call (never cached -- prevents ghost user leaks across requests).
+- **Guard contract**: `user()`, `check()`, `guest()`, `attempt()`, `login()`, `logout()` -- all async.
+- **`auth()` helper**: Returns the current request's `AuthManager` via AsyncLocalStorage. Mirrors Laravel's `auth()->user()`.
+- **Auth facade**: `Auth.user()`, `Auth.check()` etc. -- static class that proxies to `currentAuth()`.
+- **AuthMiddleware**: Sets up the auth ALS context and populates `req.user` for every request.
+- **RequireAuth**: Returns 401 if not authenticated.
+- **RequireGuest**: Redirects authenticated users away from guest-only pages (login, register).
+- **Gate/Policy**: Authorization system for checking abilities and model-level policies.
+
+## Step-by-step
+
+### 1. Install dependencies
+
+Auth requires `@rudderjs/session` and `@rudderjs/hash` as peer dependencies:
+
+```bash
+pnpm add @rudderjs/auth @rudderjs/session @rudderjs/hash
+```
+
+### 2. Configure auth (config/auth.ts)
+
+```ts
+import { User } from '../app/Models/User.js'
+import type { AuthConfig } from '@rudderjs/auth'
+
+export default {
+  defaults: {
+    guard: 'web',
+  },
+  guards: {
+    web: {
+      driver: 'session',
+      provider: 'users',
+    },
+  },
+  providers: {
+    users: {
+      driver: 'eloquent',
+      model: User,
+    },
+  },
+} satisfies AuthConfig
+```
+
+### 3. Register the provider (bootstrap/providers.ts)
+
+```ts
+import { defaultProviders } from '@rudderjs/core'
+// AuthProvider is auto-discovered via defaultProviders() if @rudderjs/auth is installed.
+// It requires HashProvider and SessionProvider to boot before it.
+export default [
+  ...(await defaultProviders()),
+  // ... your app providers
+]
+```
+
+### 4. Make the User model authenticatable
+
+```ts
+import { Model, Hidden } from '@rudderjs/orm'
+import type { Authenticatable } from '@rudderjs/auth'
+
+export class User extends Model implements Authenticatable {
+  static fillable = ['name', 'email', 'password']
+
+  @Hidden password = ''
+
+  getAuthIdentifier(): string { return String(this.id) }
+  getAuthPassword(): string { return this.password }
+  getRememberToken(): string | null { return null }
+  setRememberToken(_token: string): void {}
+}
+```
+
+### 5. Use auth in route handlers
+
+```ts
+import { auth, Auth, RequireAuth } from '@rudderjs/auth'
+
+// Using the auth() helper (Laravel-style)
+router.get('/api/me', async (req, res) => {
+  const user = await auth().user()
+  if (!user) return res.status(401).json({ message: 'Unauthorized' })
+  res.json({ user })
+})
+
+// Using the Auth facade
+router.get('/api/profile', async (req, res) => {
+  if (await Auth.guest()) return res.status(401).json({ message: 'Unauthorized' })
+  const user = await Auth.user()
+  res.json({ user })
+})
+
+// Using RequireAuth middleware
+router.get('/api/dashboard', RequireAuth(), async (req, res) => {
+  // req.user is guaranteed to exist here
+  res.json({ user: req.user })
+})
+```
+
+### 6. Login / logout endpoints
+
+```ts
+router.post('/api/auth/login', async (req, res) => {
+  const { email, password } = req.body
+  const success = await auth().attempt({ email, password })
+  if (!success) {
+    return res.status(422).json({ message: 'Invalid credentials.' })
+  }
+  const user = await auth().user()
+  res.json({ user })
+})
+
+router.post('/api/auth/register', async (req, res) => {
+  const user = await User.create({
+    name: req.body.name,
+    email: req.body.email,
+    password: req.body.password,  // hashed by Attribute mutator
+  })
+  await auth().login(user)
+  res.json({ user })
+})
+
+router.post('/api/auth/logout', RequireAuth(), async (req, res) => {
+  await auth().logout()
+  res.json({ message: 'Logged out.' })
+})
+```
+
+### 7. Set up auth views (login/register pages)
+
+Vendor the view files into your app:
+
+```bash
+pnpm rudder vendor:publish --tag=auth-views
+```
+
+This copies `@rudderjs/auth/views/react/` into `app/Views/Auth/`. Then register routes:
+
+```ts
+// routes/web.ts
+import { Route } from '@rudderjs/router'
+import { registerAuthRoutes } from '@rudderjs/auth/routes'
+
+registerAuthRoutes(Route)
+// Registers: GET /login, GET /register, GET /forgot-password, GET /reset-password
+```
+
+Customize paths and view ids:
+
+```ts
+registerAuthRoutes(Route, {
+  paths: {
+    login: '/sign-in',
+    register: '/sign-up',
+  },
+  views: {
+    login: 'auth.sign-in',       // maps to app/Views/Auth/SignIn.tsx
+    register: 'auth.sign-up',
+  },
+  homeUrl: '/dashboard',          // redirect destination for authenticated users
+})
+```
+
+### 8. Authorization with Gates
+
+```ts
+import { Gate, Policy, AuthorizationError } from '@rudderjs/auth'
+
+// Define abilities
+Gate.define('manage-settings', (user) => user.role === 'admin')
+Gate.define('edit-post', (user, post) => post.authorId === user.getAuthIdentifier())
+
+// Check in handlers
+if (await Gate.allows('manage-settings')) { /* ... */ }
+if (await Gate.denies('edit-post', post)) { /* ... */ }
+
+// Throw 403 if denied
+await Gate.authorize('edit-post', post)
+
+// Before callback -- runs before all checks
+Gate.before((user, ability) => {
+  if (user.role === 'super-admin') return true  // allow everything
+  return null  // fall through to normal checks
+})
+```
+
+### 9. Model policies
+
+```ts
+import { Policy } from '@rudderjs/auth'
+import type { Authenticatable } from '@rudderjs/auth'
+
+class PostPolicy extends Policy {
+  before(user: Authenticatable) {
+    if ((user as any).role === 'admin') return true
+    return null  // fall through
+  }
+
+  view(user: Authenticatable, post: Post) {
+    return post.isPublished || post.authorId === user.getAuthIdentifier()
+  }
+
+  update(user: Authenticatable, post: Post) {
+    return post.authorId === user.getAuthIdentifier()
+  }
+
+  delete(user: Authenticatable, post: Post) {
+    return post.authorId === user.getAuthIdentifier()
+  }
+}
+
+// Register the policy
+Gate.policy(Post, PostPolicy)
+
+// Use it
+await Gate.authorize('update', post)  // auto-finds PostPolicy.update()
+```
+
+### 10. Email verification
+
+```ts
+import { EnsureEmailIsVerified, verificationUrl, handleEmailVerification } from '@rudderjs/auth'
+import type { MustVerifyEmail } from '@rudderjs/auth'
+
+// Make user implement MustVerifyEmail
+class User extends Model implements Authenticatable, MustVerifyEmail {
+  hasVerifiedEmail() { return this.emailVerifiedAt !== null }
+  async markEmailAsVerified() { await User.update(this.id, { emailVerifiedAt: new Date() }) }
+  getEmailForVerification() { return this.email }
+}
+
+// Protect routes
+router.get('/dashboard', RequireAuth(), EnsureEmailIsVerified(), handler)
+
+// Generate verification URL (for sending in emails)
+const url = verificationUrl(user)
+```
+
+### 11. Password reset
+
+```ts
+import { PasswordBroker, MemoryTokenRepository } from '@rudderjs/auth'
+
+const broker = new PasswordBroker(new MemoryTokenRepository())
+// In production, implement TokenRepository backed by your database
+```
+
+## Examples
+
+See `playground/config/auth.ts` for configuration, `playground/app/Models/User.ts` for the model, `playground/routes/web.ts` for route registration, and `playground/app/Views/Auth/` for vendored view files.
+
+## Common pitfalls
+
+- **Ghost signed-in user**: `AuthManager` must NOT cache `SessionGuard` instances. The manager is a DI singleton; cached guards leak `_user` across requests.
+- **Provider boot order**: `HashProvider` and `SessionProvider` must boot before `AuthProvider`. With `defaultProviders()`, this is handled automatically.
+- **Session middleware required**: Auth views require session middleware. Ensure `@rudderjs/session` is installed and its provider is registered.
+- **View route override**: Auth view files need `export const route = '/login'` etc. so SPA navigation works correctly (URL must match Vike's route table).
+- **POST handlers not included**: `registerAuthRoutes()` only registers GET routes for the UI pages. POST endpoints for login/register/logout are your responsibility in `routes/api.ts`.
+- **Guard driver**: Currently only `'session'` is supported as a guard driver. API token guards are planned.

package/dist/auth-manager.d.ts

@@ -19,13 +19,43 @@ export declare class AuthManager {
     private readonly config;
     private readonly hashCheck;
     private readonly getSession;
-    private readonly _guards;
     constructor(config: AuthConfig, hashCheck: (plain: string, hashed: string) => Promise<boolean>, getSession: () => SessionStore);
+    /**
+     * Build a fresh Guard each call. We deliberately do NOT cache guards on
+     * the manager: AuthManager is a process-wide DI singleton, and a cached
+     * SessionGuard would keep `_user` populated across requests — once any
+     * request signs in, every subsequent request would see that user as
+     * "still logged in" even with an empty session. A new instance per call
+     * scopes `_user` to the local that the handler stores, which is the
+     * request-natural lifetime.
+     */
     guard(name?: string): Guard;
+    attempt(credentials: Record<string, unknown>, remember?: boolean): Promise<boolean>;
+    login(user: Authenticatable, remember?: boolean): Promise<void>;
+    logout(): Promise<void>;
+    user(): Promise<Authenticatable | null>;
+    id(): Promise<string | null>;
+    check(): Promise<boolean>;
+    guest(): Promise<boolean>;
     private createProvider;
 }
 export declare function runWithAuth<T>(manager: AuthManager, fn: () => T): T;
 export declare function currentAuth(): AuthManager;
+/**
+ * Laravel-style helper — returns the current request's AuthManager.
+ *
+ * Mirrors Laravel's `auth()->user()`, `auth()->check()`, `auth()->guard('api')`.
+ * Inside an HTTP handler (after AuthMiddleware has run) you can call:
+ *
+ *   await auth().user()
+ *   await auth().check()
+ *   await auth().guard('api').user()
+ *
+ * In non-HTTP contexts (CLI, queue, scheduler) you must still wrap the call
+ * in `runWithAuth(manager, …)` yourself — there is no request pipeline to
+ * populate the ALS context for you.
+ */
+export declare function auth(): AuthManager;
 export declare class Auth {
     private static g;
     static guard(name: string): Guard;

package/dist/auth-manager.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth-manager.d.ts","sourceRoot":"","sources":["../src/auth-manager.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAE,KAAK,EAAgB,MAAM,gBAAgB,CAAA;AAC1E,OAAO,EAAgB,KAAK,YAAY,EAAE,MAAM,oBAAoB,CAAA;AAKpE,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,SAAS,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,UAAU,CAAA;IAClB,KAAK,EAAE,OAAO,CAAA;CACf;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE;QACR,KAAK,EAAE,MAAM,CAAA;KACd,CAAA;IACD,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAA;IACvC,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAA;CAC9C;AAID,qBAAa,WAAW;IAIpB,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAL7B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAA2B;gBAGhC,MAAM,EAAE,UAAU,EAClB,SAAS,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,EAC9D,UAAU,EAAE,MAAM,YAAY;IAGjD,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,KAAK;IAqB3B,OAAO,CAAC,cAAc;CAavB;AAMD,wBAAgB,WAAW,CAAC,CAAC,EAAE,OAAO,EAAE,WAAW,EAAE,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,CAEnE;AAED,wBAAgB,WAAW,IAAI,WAAW,CAIzC;AAID,qBAAa,IAAI;IACf,OAAO,CAAC,MAAM,CAAC,CAAC;IAIhB,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,MAAM,GAAG,KAAK;IAIjC,MAAM,CAAC,OAAO,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IAI1F,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,eAAe,EAAE,QAAQ,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAItE,MAAM,CAAC,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAI9B,MAAM,CAAC,IAAI,IAAI,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAI9C,MAAM,CAAC,EAAE,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAInC,MAAM,CAAC,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC;IAIhC,MAAM,CAAC,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC;CAGjC"}
+{"version":3,"file":"auth-manager.d.ts","sourceRoot":"","sources":["../src/auth-manager.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAE,KAAK,EAAgB,MAAM,gBAAgB,CAAA;AAC1E,OAAO,EAAgB,KAAK,YAAY,EAAE,MAAM,oBAAoB,CAAA;AAKpE,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,SAAS,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,UAAU,CAAA;IAClB,KAAK,EAAE,OAAO,CAAA;CACf;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE;QACR,KAAK,EAAE,MAAM,CAAA;KACd,CAAA;IACD,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAA;IACvC,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAA;CAC9C;AAID,qBAAa,WAAW;IAEpB,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,UAAU;gBAFV,MAAM,EAAE,UAAU,EAClB,SAAS,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,EAC9D,UAAU,EAAE,MAAM,YAAY;IAGjD;;;;;;;;OAQG;IACH,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,KAAK;IAkB3B,OAAO,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IAInF,KAAK,CAAC,IAAI,EAAE,eAAe,EAAE,QAAQ,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAI/D,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAIvB,IAAI,IAAI,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAIvC,EAAE,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAI5B,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC;IAIzB,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC;IAIzB,OAAO,CAAC,cAAc;CAavB;AAMD,wBAAgB,WAAW,CAAC,CAAC,EAAE,OAAO,EAAE,WAAW,EAAE,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,CAEnE;AAED,wBAAgB,WAAW,IAAI,WAAW,CAIzC;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,IAAI,IAAI,WAAW,CAElC;AAID,qBAAa,IAAI;IACf,OAAO,CAAC,MAAM,CAAC,CAAC;IAIhB,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,MAAM,GAAG,KAAK;IAIjC,MAAM,CAAC,OAAO,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IAI1F,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,eAAe,EAAE,QAAQ,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAItE,MAAM,CAAC,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAI9B,MAAM,CAAC,IAAI,IAAI,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAI9C,MAAM,CAAC,EAAE,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAInC,MAAM,CAAC,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC;IAIhC,MAAM,CAAC,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC;CAGjC"}

package/dist/auth-manager.js

@@ -6,30 +6,54 @@ export class AuthManager {
     config;
     hashCheck;
     getSession;
-    _guards = new Map();
     constructor(config, hashCheck, getSession) {
         this.config = config;
         this.hashCheck = hashCheck;
         this.getSession = getSession;
     }
+    /**
+     * Build a fresh Guard each call. We deliberately do NOT cache guards on
+     * the manager: AuthManager is a process-wide DI singleton, and a cached
+     * SessionGuard would keep `_user` populated across requests — once any
+     * request signs in, every subsequent request would see that user as
+     * "still logged in" even with an empty session. A new instance per call
+     * scopes `_user` to the local that the handler stores, which is the
+     * request-natural lifetime.
+     */
     guard(name) {
         const guardName = name ?? this.config.defaults.guard;
-        const existing = this._guards.get(guardName);
-        if (existing)
-            return existing;
         const guardConfig = this.config.guards[guardName];
         if (!guardConfig)
             throw new Error(`[RudderJS Auth] Guard "${guardName}" is not defined.`);
-        const provider = this.createProvider(guardConfig.provider);
-        let guard;
         if (guardConfig.driver === 'session') {
-            guard = new SessionGuard(provider, this.getSession());
+            const provider = this.createProvider(guardConfig.provider);
+            return new SessionGuard(provider, this.getSession());
         }
-        else {
-            throw new Error(`[RudderJS Auth] Guard driver "${guardConfig.driver}" is not supported.`);
-        }
-        this._guards.set(guardName, guard);
-        return guard;
+        throw new Error(`[RudderJS Auth] Guard driver "${guardConfig.driver}" is not supported.`);
+    }
+    // Default-guard convenience methods — match Laravel's AuthManager, which
+    // proxies these through to the default guard so `auth()->user()` works
+    // without an explicit `->guard()` call.
+    attempt(credentials, remember) {
+        return this.guard().attempt(credentials, remember);
+    }
+    login(user, remember) {
+        return this.guard().login(user, remember);
+    }
+    logout() {
+        return this.guard().logout();
+    }
+    user() {
+        return this.guard().user();
+    }
+    id() {
+        return this.guard().id();
+    }
+    check() {
+        return this.guard().check();
+    }
+    guest() {
+        return this.guard().guest();
     }
     createProvider(name) {
         const providerConfig = this.config.providers[name];
@@ -52,6 +76,23 @@ export function currentAuth() {
         throw new Error('[RudderJS Auth] No auth context. Use AuthMiddleware.');
     return m;
 }
+/**
+ * Laravel-style helper — returns the current request's AuthManager.
+ *
+ * Mirrors Laravel's `auth()->user()`, `auth()->check()`, `auth()->guard('api')`.
+ * Inside an HTTP handler (after AuthMiddleware has run) you can call:
+ *
+ *   await auth().user()
+ *   await auth().check()
+ *   await auth().guard('api').user()
+ *
+ * In non-HTTP contexts (CLI, queue, scheduler) you must still wrap the call
+ * in `runWithAuth(manager, …)` yourself — there is no request pipeline to
+ * populate the ALS context for you.
+ */
+export function auth() {
+    return currentAuth();
+}
 // ─── Auth Facade ──────────────────────────────────────────
 export class Auth {
     static g(name) {

package/dist/auth-manager.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth-manager.js","sourceRoot":"","sources":["../src/auth-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAA;AAEpD,OAAO,EAAE,YAAY,EAAqB,MAAM,oBAAoB,CAAA;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAA;AAsBrD,6DAA6D;AAE7D,MAAM,OAAO,WAAW;IAIH;IACA;IACA;IALF,OAAO,GAAG,IAAI,GAAG,EAAiB,CAAA;IAEnD,YACmB,MAAkB,EAClB,SAA8D,EAC9D,UAA8B;QAF9B,WAAM,GAAN,MAAM,CAAY;QAClB,cAAS,GAAT,SAAS,CAAqD;QAC9D,eAAU,GAAV,UAAU,CAAoB;IAC9C,CAAC;IAEJ,KAAK,CAAC,IAAa;QACjB,MAAM,SAAS,GAAG,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAA;QACpD,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;QAC5C,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAA;QAE7B,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QACjD,IAAI,CAAC,WAAW;YAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,SAAS,mBAAmB,CAAC,CAAA;QAEzF,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAA;QAC1D,IAAI,KAAY,CAAA;QAEhB,IAAI,WAAW,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YACrC,KAAK,GAAG,IAAI,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC,CAAA;QACvD,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CAAC,iCAAiC,WAAW,CAAC,MAAM,qBAAqB,CAAC,CAAA;QAC3F,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA;QAClC,OAAO,KAAK,CAAA;IACd,CAAC;IAEO,cAAc,CAAC,IAAY;QACjC,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAA;QAClD,IAAI,CAAC,cAAc;YAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,IAAI,mBAAmB,CAAC,CAAA;QAE/F,IAAI,cAAc,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YACzC,OAAO,IAAI,oBAAoB,CAC7B,cAAc,CAAC,KAA6J,EAC5K,IAAI,CAAC,SAAS,CACf,CAAA;QACH,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,oCAAoC,cAAc,CAAC,MAAM,qBAAqB,CAAC,CAAA;IACjG,CAAC;CACF;AAED,6DAA6D;AAE7D,MAAM,IAAI,GAAG,IAAI,iBAAiB,EAAe,CAAA;AAEjD,MAAM,UAAU,WAAW,CAAI,OAAoB,EAAE,EAAW;IAC9D,OAAO,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAA;AAC9B,CAAC;AAED,MAAM,UAAU,WAAW;IACzB,MAAM,CAAC,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAA;IACzB,IAAI,CAAC,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAA;IAC/E,OAAO,CAAC,CAAA;AACV,CAAC;AAED,6DAA6D;AAE7D,MAAM,OAAO,IAAI;IACP,MAAM,CAAC,CAAC,CAAC,IAAa;QAC5B,OAAO,WAAW,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAClC,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,IAAY;QACvB,OAAO,WAAW,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAClC,CAAC;IAED,MAAM,CAAC,OAAO,CAAC,WAAoC,EAAE,QAAkB;QACrE,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAA;IAChD,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,IAAqB,EAAE,QAAkB;QACpD,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAA;IACvC,CAAC;IAED,MAAM,CAAC,MAAM;QACX,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,MAAM,EAAE,CAAA;IAC1B,CAAC;IAED,MAAM,CAAC,IAAI;QACT,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,IAAI,EAAE,CAAA;IACxB,CAAC;IAED,MAAM,CAAC,EAAE;QACP,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAA;IACtB,CAAC;IAED,MAAM,CAAC,KAAK;QACV,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,CAAA;IACzB,CAAC;IAED,MAAM,CAAC,KAAK;QACV,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,CAAA;IACzB,CAAC;CACF"}
+{"version":3,"file":"auth-manager.js","sourceRoot":"","sources":["../src/auth-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAA;AAEpD,OAAO,EAAE,YAAY,EAAqB,MAAM,oBAAoB,CAAA;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAA;AAsBrD,6DAA6D;AAE7D,MAAM,OAAO,WAAW;IAEH;IACA;IACA;IAHnB,YACmB,MAAkB,EAClB,SAA8D,EAC9D,UAA8B;QAF9B,WAAM,GAAN,MAAM,CAAY;QAClB,cAAS,GAAT,SAAS,CAAqD;QAC9D,eAAU,GAAV,UAAU,CAAoB;IAC9C,CAAC;IAEJ;;;;;;;;OAQG;IACH,KAAK,CAAC,IAAa;QACjB,MAAM,SAAS,GAAG,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAA;QAEpD,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QACjD,IAAI,CAAC,WAAW;YAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,SAAS,mBAAmB,CAAC,CAAA;QAEzF,IAAI,WAAW,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAA;YAC1D,OAAO,IAAI,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC,CAAA;QACtD,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,iCAAiC,WAAW,CAAC,MAAM,qBAAqB,CAAC,CAAA;IAC3F,CAAC;IAED,yEAAyE;IACzE,uEAAuE;IACvE,wCAAwC;IAExC,OAAO,CAAC,WAAoC,EAAE,QAAkB;QAC9D,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,OAAO,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAA;IACpD,CAAC;IAED,KAAK,CAAC,IAAqB,EAAE,QAAkB;QAC7C,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAA;IAC3C,CAAC;IAED,MAAM;QACJ,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,MAAM,EAAE,CAAA;IAC9B,CAAC;IAED,IAAI;QACF,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAA;IAC5B,CAAC;IAED,EAAE;QACA,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE,CAAA;IAC1B,CAAC;IAED,KAAK;QACH,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,EAAE,CAAA;IAC7B,CAAC;IAED,KAAK;QACH,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,EAAE,CAAA;IAC7B,CAAC;IAEO,cAAc,CAAC,IAAY;QACjC,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAA;QAClD,IAAI,CAAC,cAAc;YAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,IAAI,mBAAmB,CAAC,CAAA;QAE/F,IAAI,cAAc,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YACzC,OAAO,IAAI,oBAAoB,CAC7B,cAAc,CAAC,KAA6J,EAC5K,IAAI,CAAC,SAAS,CACf,CAAA;QACH,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,oCAAoC,cAAc,CAAC,MAAM,qBAAqB,CAAC,CAAA;IACjG,CAAC;CACF;AAED,6DAA6D;AAE7D,MAAM,IAAI,GAAG,IAAI,iBAAiB,EAAe,CAAA;AAEjD,MAAM,UAAU,WAAW,CAAI,OAAoB,EAAE,EAAW;IAC9D,OAAO,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAA;AAC9B,CAAC;AAED,MAAM,UAAU,WAAW;IACzB,MAAM,CAAC,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAA;IACzB,IAAI,CAAC,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAA;IAC/E,OAAO,CAAC,CAAA;AACV,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,IAAI;IAClB,OAAO,WAAW,EAAE,CAAA;AACtB,CAAC;AAED,6DAA6D;AAE7D,MAAM,OAAO,IAAI;IACP,MAAM,CAAC,CAAC,CAAC,IAAa;QAC5B,OAAO,WAAW,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAClC,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,IAAY;QACvB,OAAO,WAAW,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAClC,CAAC;IAED,MAAM,CAAC,OAAO,CAAC,WAAoC,EAAE,QAAkB;QACrE,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAA;IAChD,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,IAAqB,EAAE,QAAkB;QACpD,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAA;IACvC,CAAC;IAED,MAAM,CAAC,MAAM;QACX,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,MAAM,EAAE,CAAA;IAC1B,CAAC;IAED,MAAM,CAAC,IAAI;QACT,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,IAAI,EAAE,CAAA;IACxB,CAAC;IAED,MAAM,CAAC,EAAE;QACP,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAA;IACtB,CAAC;IAED,MAAM,CAAC,KAAK;QACV,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,CAAA;IACzB,CAAC;IAED,MAAM,CAAC,KAAK;QACV,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,CAAA;IACzB,CAAC;CACF"}

package/dist/gate-observers.d.ts

@@ -0,0 +1,37 @@
+/**
+ * Gate event observers — process-wide pub/sub for authorization
+ * decisions made through `Gate.allows()`, `Gate.denies()`, and
+ * `Gate.authorize()`.
+ *
+ * Used today by `@rudderjs/telescope`'s GateCollector to record
+ * authorization checks into the dashboard.
+ */
+export interface GateEvent {
+    ability: string;
+    userId: string | null;
+    allowed: boolean;
+    /** What resolved the decision */
+    resolvedVia: 'ability' | 'policy' | 'before' | 'default';
+    /** Policy class name (if resolved via policy) */
+    policy?: string | undefined;
+    /** Model class name (if a model was passed) */
+    model?: string | undefined;
+    /** Duration of the check in ms */
+    duration: number;
+}
+export type GateObserver = (event: GateEvent) => void;
+export declare class GateObserverRegistry {
+    private observers;
+    /** Subscribe; returns an unsubscribe function. */
+    subscribe(fn: GateObserver): () => void;
+    /**
+     * Called by `Gate.allows()` after each authorization check.
+     * Errors thrown by observers are swallowed — observability must never
+     * break authorization.
+     */
+    emit(event: GateEvent): void;
+    /** @internal — used in tests */
+    reset(): void;
+}
+export declare const gateObservers: GateObserverRegistry;
+//# sourceMappingURL=gate-observers.d.ts.map

package/dist/gate-observers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"gate-observers.d.ts","sourceRoot":"","sources":["../src/gate-observers.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,MAAM,WAAW,SAAS;IACxB,OAAO,EAAM,MAAM,CAAA;IACnB,MAAM,EAAO,MAAM,GAAG,IAAI,CAAA;IAC1B,OAAO,EAAM,OAAO,CAAA;IACpB,iCAAiC;IACjC,WAAW,EAAE,SAAS,GAAG,QAAQ,GAAG,QAAQ,GAAG,SAAS,CAAA;IACxD,iDAAiD;IACjD,MAAM,CAAC,EAAM,MAAM,GAAG,SAAS,CAAA;IAC/B,+CAA+C;IAC/C,KAAK,CAAC,EAAO,MAAM,GAAG,SAAS,CAAA;IAC/B,kCAAkC;IAClC,QAAQ,EAAK,MAAM,CAAA;CACpB;AAED,MAAM,MAAM,YAAY,GAAG,CAAC,KAAK,EAAE,SAAS,KAAK,IAAI,CAAA;AAErD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,SAAS,CAAqB;IAEtC,kDAAkD;IAClD,SAAS,CAAC,EAAE,EAAE,YAAY,GAAG,MAAM,IAAI;IAKvC;;;;OAIG;IACH,IAAI,CAAC,KAAK,EAAE,SAAS,GAAG,IAAI;IAM5B,gCAAgC;IAChC,KAAK,IAAI,IAAI;CACd;AAQD,eAAO,MAAM,aAAa,EAAwC,oBAAoB,CAAA"}

package/dist/gate-observers.js

@@ -0,0 +1,38 @@
+/**
+ * Gate event observers — process-wide pub/sub for authorization
+ * decisions made through `Gate.allows()`, `Gate.denies()`, and
+ * `Gate.authorize()`.
+ *
+ * Used today by `@rudderjs/telescope`'s GateCollector to record
+ * authorization checks into the dashboard.
+ */
+export class GateObserverRegistry {
+    observers = [];
+    /** Subscribe; returns an unsubscribe function. */
+    subscribe(fn) {
+        this.observers.push(fn);
+        return () => { this.observers = this.observers.filter(o => o !== fn); };
+    }
+    /**
+     * Called by `Gate.allows()` after each authorization check.
+     * Errors thrown by observers are swallowed — observability must never
+     * break authorization.
+     */
+    emit(event) {
+        for (const o of this.observers) {
+            try {
+                o(event);
+            }
+            catch { /* observer errors must not break auth */ }
+        }
+    }
+    /** @internal — used in tests */
+    reset() { this.observers = []; }
+}
+// Process-wide singleton, like `broadcastObservers` in `@rudderjs/broadcast`.
+const _g = globalThis;
+if (!_g['__rudderjs_gate_observers__']) {
+    _g['__rudderjs_gate_observers__'] = new GateObserverRegistry();
+}
+export const gateObservers = _g['__rudderjs_gate_observers__'];
+//# sourceMappingURL=gate-observers.js.map

package/dist/gate-observers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"gate-observers.js","sourceRoot":"","sources":["../src/gate-observers.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAkBH,MAAM,OAAO,oBAAoB;IACvB,SAAS,GAAmB,EAAE,CAAA;IAEtC,kDAAkD;IAClD,SAAS,CAAC,EAAgB;QACxB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACvB,OAAO,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,CAAA,CAAC,CAAC,CAAA;IACxE,CAAC;IAED;;;;OAIG;IACH,IAAI,CAAC,KAAgB;QACnB,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YAC/B,IAAI,CAAC;gBAAC,CAAC,CAAC,KAAK,CAAC,CAAA;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,yCAAyC,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;IAED,gCAAgC;IAChC,KAAK,KAAW,IAAI,CAAC,SAAS,GAAG,EAAE,CAAA,CAAC,CAAC;CACtC;AAED,8EAA8E;AAC9E,MAAM,EAAE,GAAG,UAAqC,CAAA;AAChD,IAAI,CAAC,EAAE,CAAC,6BAA6B,CAAC,EAAE,CAAC;IACvC,EAAE,CAAC,6BAA6B,CAAC,GAAG,IAAI,oBAAoB,EAAE,CAAA;AAChE,CAAC;AAED,MAAM,CAAC,MAAM,aAAa,GAAG,EAAE,CAAC,6BAA6B,CAAyB,CAAA"}

package/dist/gate.d.ts

@@ -28,6 +28,8 @@ export declare class Gate {
     private static _check;
     private static findPolicy;
     private static callPolicy;
+    /** Emit an observation event to the gate observer registry (if present). */
+    private static _emitObservation;
     /** @internal — reset all definitions. Used for testing. */
     static reset(): void;
 }
@@ -38,6 +40,7 @@ declare class GateForUser {
     private readonly beforeCallbacks;
     constructor(user: Authenticatable, abilities: Map<string, AbilityCallback>, policies: Map<ModelClass, PolicyClass>, beforeCallbacks: BeforeCallback[]);
     allows(ability: string, ...args: unknown[]): Promise<boolean>;
+    private _check;
     denies(ability: string, ...args: unknown[]): Promise<boolean>;
     authorize(ability: string, ...args: unknown[]): Promise<void>;
 }

package/dist/gate.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"gate.d.ts","sourceRoot":"","sources":["../src/gate.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAA;AAKrD,KAAK,eAAe,GAAG,CAAC,IAAI,EAAE,eAAe,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;AAChG,KAAK,cAAc,GAAG,CAAC,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,KAAK,OAAO,GAAG,IAAI,GAAG,SAAS,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,GAAG,SAAS,CAAC,CAAA;AAIlI,8BAAsB,MAAM;IAC1B;;;OAGG;IACH,MAAM,CAAC,CAAC,KAAK,EAAE,eAAe,GAAG,OAAO,GAAG,IAAI,GAAG,SAAS,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,GAAG,SAAS,CAAC;CAClG;AAED,KAAK,WAAW,GAAG,UAAU,MAAM,CAAA;AAEnC,KAAK,UAAU,GAAG,QAAQ,MAAM,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,OAAO,CAAA;AAI1D,qBAAa,IAAI;IACf,OAAO,CAAC,MAAM,CAAC,UAAU,CAAqC;IAC9D,OAAO,CAAC,MAAM,CAAC,SAAS,CAAqC;IAC7D,OAAO,CAAC,MAAM,CAAC,gBAAgB,CAAuB;IAItD,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,eAAe,GAAG,IAAI;IAI/D,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,cAAc,GAAG,IAAI;IAI7C,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,WAAW,GAAG,IAAI;WAM9C,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;WAM7D,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAI1E;;OAEG;WACU,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAQ1E,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,eAAe,GAAG,WAAW;mBAM7B,WAAW;mBASX,MAAM;IAuB3B,OAAO,CAAC,MAAM,CAAC,UAAU;mBAiBJ,UAAU;IAqB/B,2DAA2D;IAC3D,MAAM,CAAC,KAAK,IAAI,IAAI;CAKrB;AAID,cAAM,WAAW;IAEb,OAAO,CAAC,QAAQ,CAAC,IAAI;IACrB,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,QAAQ;IACzB,OAAO,CAAC,QAAQ,CAAC,eAAe;gBAHf,IAAI,EAAE,eAAe,EACrB,SAAS,EAAE,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,EACvC,QAAQ,EAAE,GAAG,CAAC,UAAU,EAAE,WAAW,CAAC,EACtC,eAAe,EAAE,cAAc,EAAE;IAG9C,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAkC7D,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAI7D,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;CAKpE;AAID,qBAAa,kBAAmB,SAAQ,KAAK;IAC3C,QAAQ,CAAC,MAAM,OAAM;gBAET,OAAO,SAAiC;CAIrD"}
+{"version":3,"file":"gate.d.ts","sourceRoot":"","sources":["../src/gate.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAA;AAerD,KAAK,eAAe,GAAG,CAAC,IAAI,EAAE,eAAe,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;AAChG,KAAK,cAAc,GAAG,CAAC,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,KAAK,OAAO,GAAG,IAAI,GAAG,SAAS,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,GAAG,SAAS,CAAC,CAAA;AAWlI,8BAAsB,MAAM;IAC1B;;;OAGG;IACH,MAAM,CAAC,CAAC,KAAK,EAAE,eAAe,GAAG,OAAO,GAAG,IAAI,GAAG,SAAS,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,GAAG,SAAS,CAAC;CAClG;AAED,KAAK,WAAW,GAAG,UAAU,MAAM,CAAA;AAEnC,KAAK,UAAU,GAAG,QAAQ,MAAM,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,OAAO,CAAA;AAI1D,qBAAa,IAAI;IACf,OAAO,CAAC,MAAM,CAAC,UAAU,CAAqC;IAC9D,OAAO,CAAC,MAAM,CAAC,SAAS,CAAqC;IAC7D,OAAO,CAAC,MAAM,CAAC,gBAAgB,CAAuB;IAItD,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,eAAe,GAAG,IAAI;IAI/D,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,cAAc,GAAG,IAAI;IAI7C,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,WAAW,GAAG,IAAI;WAM9C,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;WAa7D,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAI1E;;OAEG;WACU,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAQ1E,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,eAAe,GAAG,WAAW;mBAM7B,WAAW;mBASX,MAAM;IAwB3B,OAAO,CAAC,MAAM,CAAC,UAAU;mBAiBJ,UAAU;IAqB/B,4EAA4E;IAC5E,OAAO,CAAC,MAAM,CAAC,gBAAgB;IA0B/B,2DAA2D;IAC3D,MAAM,CAAC,KAAK,IAAI,IAAI;CAKrB;AAID,cAAM,WAAW;IAEb,OAAO,CAAC,QAAQ,CAAC,IAAI;IACrB,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,QAAQ;IACzB,OAAO,CAAC,QAAQ,CAAC,eAAe;gBAHf,IAAI,EAAE,eAAe,EACrB,SAAS,EAAE,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,EACvC,QAAQ,EAAE,GAAG,CAAC,UAAU,EAAE,WAAW,CAAC,EACtC,eAAe,EAAE,cAAc,EAAE;IAG9C,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;YAwBrD,MAAM;IAmCd,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAI7D,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;CAKpE;AAID,qBAAa,kBAAmB,SAAQ,KAAK;IAC3C,QAAQ,CAAC,MAAM,OAAM;gBAET,OAAO,SAAiC;CAIrD"}