@schemavaults/trpc-backend-init 0.8.1

package/README.md

@@ -0,0 +1,52 @@
+# @schemavaults/trpc-backend-init
+
+Repository for easily initializing a tRPC server with SchemaVaults Auth access token validation.
+
+## What This Package Does
+
+`@schemavaults/trpc-backend-init` is a tRPC server-side router factory for the SchemaVaults ecosystem. It provides an abstract base class that microservices extend to get type-safe tRPC routers with built-in JWT authentication middleware. The "virtual backend" pattern lets client SDKs target a single router interface that routes to the correct microservice (registry server, regional vault filesystem servers).
+
+## Commands
+
+- **Build**: `bun run build` (runs `tsc` then `tsc-alias` to resolve `@/*` path aliases, then removes test files from dist)
+- **Test**: `bun run test` (sets `SCHEMAVAULTS_APP_ENVIRONMENT=test NODE_ENV=test`)
+- **Run single test**: `SCHEMAVAULTS_APP_ENVIRONMENT=test NODE_ENV=test bun test src/context/load_auth_context.test.ts`
+
+## Architecture
+
+### Core Components
+
+- **`SchemaVaults_tRPC_Backend<R>`** (`src/schemavaults-trpc-backend.ts`) — Abstract class that consuming services extend. Generic over `R extends Base_SchemaVaults_tRPC_Resources` to allow each service to inject its own resources into the tRPC context. Initializes tRPC once via `initTRPC` and exposes `router` and `lazy` builders.
+
+- **Context** (`src/context/`) — `createContext()` factory builds the tRPC context per-request. Calls `loadAuthContext()` which extracts the Bearer token, validates the JWT via `RemoteJwtKeyManager` from `@schemavaults/auth-server-sdk`, and populates `user` and `user_organizations` (or null if unauthenticated).
+
+- **Procedures** (`src/procedures/`) — `createProcedures()` factory builds three procedure levels using tRPC middleware:
+  - `publicProcedure` — no auth required
+  - `authorizedProcedure` — requires authenticated user (throws UNAUTHORIZED)
+  - `adminProcedure` — requires authenticated admin user (throws FORBIDDEN)
+
+### Key Types (exported from `src/index.ts`)
+
+- `SchemaVaults_tRPC_Context<R>` — The context shape including `user`, `user_organizations`, `connected_server_resources`, `jwt_audience`, `environment`, `debug`
+- `SchemaVaults_tRPC_Runtime` — The initialized tRPC instance type
+- `SchemaVaults_tRPC_Procedures` — The procedure set type
+
+### Dependencies
+
+- `@trpc/server` (v11) — tRPC framework
+- `@schemavaults/auth-server-sdk` — JWT validation and remote key management
+- `@schemavaults/app-definitions` — Environment types, auth server URIs, app config
+
+## Environment Variables
+
+- `SCHEMAVAULTS_APP_ENVIRONMENT` — App environment (development/test/staging/production)
+- `SCHEMAVAULTS_API_SERVER_ID` — JWT audience identifier (required for auth context)
+- `SCHEMAVAULTS_GITHUB_PACKAGE_REGISTRY_TOKEN` — For installing/publishing to GitHub Packages
+
+## Conventions
+
+- Path alias `@/*` maps to `./src/*` — resolved at build time by `tsc-alias`
+- Tests use Bun's built-in test runner (`import { describe, expect, test } from "bun:test"`)
+- Test files (`*.test.ts`) live alongside source files and are excluded from dist by the postbuild cleanup
+- Published to GitHub Packages NPM registry (`@schemavaults` scope)
+- CI runs on push to main: build → test → publish via GitHub Actions

package/dist/context/context.d.ts

@@ -0,0 +1,23 @@
+import { type AuthContext } from "./load_auth_context";
+import { type SchemaVaultsAppEnvironment } from "@schemavaults/app-definitions";
+import { type OrganizationID, type UserData, type OrganizationMembershipRoleType } from "@schemavaults/auth-server-sdk";
+export interface Base_SchemaVaults_tRPC_Resources {
+}
+export interface SchemaVaults_tRPC_Context<R extends Base_SchemaVaults_tRPC_Resources> {
+    user: AuthContext["user"] | null;
+    isUserInOrganization: (user: UserData, org_id: OrganizationID) => Promise<OrganizationMembershipRoleType | false>;
+    connected_server_resources: R;
+    jwt_audience: string;
+    environment: SchemaVaultsAppEnvironment;
+    debug: boolean;
+}
+export interface ICreateContextFnOptions<R extends Base_SchemaVaults_tRPC_Resources> {
+    getAuthHeader(): string | null;
+    connected_server_resources: R;
+    environment?: SchemaVaultsAppEnvironment;
+    debug?: boolean;
+}
+export type CreateContextFn<R extends Base_SchemaVaults_tRPC_Resources> = ({ getAuthHeader, connected_server_resources, }: ICreateContextFnOptions<R>) => Promise<SchemaVaults_tRPC_Context<R>>;
+export declare function createContext<R extends Base_SchemaVaults_tRPC_Resources = Base_SchemaVaults_tRPC_Resources>({ getAuthHeader, connected_server_resources, ...opts }: ICreateContextFnOptions<R>): Promise<SchemaVaults_tRPC_Context<R>>;
+declare const _default: typeof createContext;
+export default _default;

package/dist/context/context.js

@@ -0,0 +1,94 @@
+import { loadAuthContext } from "./load_auth_context";
+import { TRPCError } from "@trpc/server";
+import { getAppEnvironment, getAuthServerUri, schemaVaultsAppEnvironmentSchema, } from "@schemavaults/app-definitions";
+import { getSchemavaultsApiServerId, isUserInOrganization, loadJwksAccessPrivateKey, } from "@schemavaults/auth-server-sdk";
+export async function createContext({ getAuthHeader, connected_server_resources, ...opts }) {
+    let environment;
+    if (typeof opts.environment === "string") {
+        environment = opts.environment;
+    }
+    else {
+        environment = getAppEnvironment();
+    }
+    if (!schemaVaultsAppEnvironmentSchema.safeParse(environment).success) {
+        throw new Error("Invalid app environment!");
+    }
+    let debug;
+    if (typeof opts.debug === "boolean") {
+        debug = opts.debug;
+    }
+    else {
+        debug =
+            environment === "development" ||
+                environment === "test" ||
+                environment === "staging";
+    }
+    if (debug) {
+        console.log("[createContext] Creating tRPC context...");
+    }
+    let authHeader;
+    try {
+        authHeader = getAuthHeader();
+    }
+    catch (e) {
+        throw new TRPCError({
+            code: "INTERNAL_SERVER_ERROR",
+            message: "There was an error parsing authentication details from request headers",
+        });
+    }
+    let jwt_audience;
+    try {
+        jwt_audience = getSchemavaultsApiServerId();
+    }
+    catch (e) {
+        console.error("[createContext] Failed to load API server ID from environment variables: ", e);
+        throw new TRPCError({
+            code: "INTERNAL_SERVER_ERROR",
+            message: "Internal server error",
+        });
+    }
+    let jwks_access_private_key;
+    try {
+        jwks_access_private_key = await loadJwksAccessPrivateKey(process.env);
+    }
+    catch (e) {
+        console.error("[createContext] Failed to load JWKS access private key from environment variables: ", e);
+        throw new TRPCError({
+            code: "INTERNAL_SERVER_ERROR",
+            message: "Internal server error",
+        });
+    }
+    try {
+        if (debug) {
+            console.log("[createContext] Attempting to load auth context...");
+        }
+        const authContextPromise = loadAuthContext(authHeader);
+        if (debug) {
+            console.log("[createContext] Attempting to load DB context...");
+        }
+        const authContext = await authContextPromise;
+        if (debug) {
+            console.log("[createContext] Loaded auth context: ", authContext);
+        }
+        const finalContext = {
+            user: authContext.user,
+            isUserInOrganization: async (user, org_id) => {
+                return await isUserInOrganization(getAuthServerUri(environment), jwt_audience, jwks_access_private_key, user["uid"], org_id);
+            },
+            connected_server_resources,
+            jwt_audience,
+            environment,
+            debug,
+        };
+        return finalContext;
+    }
+    catch (error) {
+        console.error("[createContext] Error creating tRPC context", error);
+        throw new TRPCError({
+            code: "INTERNAL_SERVER_ERROR",
+            message: "Failed to create tRPC context",
+        });
+    }
+}
+export default createContext;
+//# sourceMappingURL=context.js.map

package/dist/context/context.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"context.js","sourceRoot":"","sources":["../../src/context/context.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAoB,MAAM,qBAAqB,CAAC;AACxE,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAEL,iBAAiB,EACjB,gBAAgB,EAChB,gCAAgC,GAEjC,MAAM,+BAA+B,CAAC;AACvC,OAAO,EACL,0BAA0B,EAC1B,oBAAoB,EAGpB,wBAAwB,GAEzB,MAAM,+BAA+B,CAAC;AAgCvC,MAAM,CAAC,KAAK,UAAU,aAAa,CAEjC,EACA,aAAa,EACb,0BAA0B,EAC1B,GAAG,IAAI,EACoB;IAC3B,IAAI,WAAuC,CAAC;IAC5C,IAAI,OAAO,IAAI,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;QACzC,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC;IACjC,CAAC;SAAM,CAAC;QACN,WAAW,GAAG,iBAAiB,EAAE,CAAC;IACpC,CAAC;IAED,IAAI,CAAC,gCAAgC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,OAAO,EAAE,CAAC;QACrE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAC9C,CAAC;IAED,IAAI,KAAc,CAAC;IACnB,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QACpC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;IACrB,CAAC;SAAM,CAAC;QACN,KAAK;YACH,WAAW,KAAK,aAAa;gBAC7B,WAAW,KAAK,MAAM;gBACtB,WAAW,KAAK,SAAS,CAAC;IAC9B,CAAC;IAED,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;IAC1D,CAAC;IAED,IAAI,UAAyB,CAAC;IAC9B,IAAI,CAAC;QACH,UAAU,GAAG,aAAa,EAAE,CAAC;IAC/B,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,MAAM,IAAI,SAAS,CAAC;YAClB,IAAI,EAAE,uBAAuB;YAC7B,OAAO,EACL,wEAAwE;SAC3E,CAAC,CAAC;IACL,CAAC;IAED,IAAI,YAAyB,CAAC;IAC9B,IAAI,CAAC;QACH,YAAY,GAAG,0BAA0B,EAAE,CAAC;IAC9C,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,OAAO,CAAC,KAAK,CACX,2EAA2E,EAC3E,CAAC,CACF,CAAC;QACF,MAAM,IAAI,SAAS,CAAC;YAClB,IAAI,EAAE,uBAAuB;YAC7B,OAAO,EAAE,uBAAuB;SACjC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,uBAAkC,CAAC;IACvC,IAAI,CAAC;QACH,uBAAuB,GAAG,MAAM,wBAAwB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACxE,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,OAAO,CAAC,KAAK,CACX,qFAAqF,EACrF,CAAC,CACF,CAAC;QACF,MAAM,IAAI,SAAS,CAAC;YAClB,IAAI,EAAE,uBAAuB;YAC7B,OAAO,EAAE,uBAAuB;SACjC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC;QACH,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAC;QACpE,CAAC;QACD,MAAM,kBAAkB,GACtB,eAAe,CAAC,UAAU,CAAC,CAAC;QAC9B,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAC;QAClE,CAAC;QACD,MAAM,WAAW,GAAgB,MAAM,kBAAkB,CAAC;QAE1D,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,uCAAuC,EAAE,WAAW,CAAC,CAAC;QACpE,CAAC;QAED,MAAM,YAAY,GAAiC;YACjD,IAAI,EAAE,WAAW,CAAC,IAAI;YACtB,oBAAoB,EAAE,KAAK,EACzB,IAAc,EACd,MAAsB,EAC2B,EAAE;gBACnD,OAAO,MAAM,oBAAoB,CAC/B,gBAAgB,CAAC,WAAW,CAAC,EAC7B,YAAY,EACZ,uBAAuB,EACvB,IAAI,CAAC,KAAK,CAAC,EACX,MAAM,CACP,CAAC;YACJ,CAAC;YACD,0BAA0B;YAC1B,YAAY;YACZ,WAAW;YACX,KAAK;SAC0C,CAAC;QAElD,OAAO,YAAY,CAAC;IACtB,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,OAAO,CAAC,KAAK,CAAC,6CAA6C,EAAE,KAAK,CAAC,CAAC;QACpE,MAAM,IAAI,SAAS,CAAC;YAClB,IAAI,EAAE,uBAAuB;YAC7B,OAAO,EAAE,+BAA+B;SACzC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,eAAe,aAAyE,CAAC"}

package/dist/context/index.d.ts

@@ -0,0 +1,2 @@
+export { createContext } from "./context";
+export type { SchemaVaults_tRPC_Context, ICreateContextFnOptions, CreateContextFn, Base_SchemaVaults_tRPC_Resources, } from "./context";

package/dist/context/index.js

@@ -0,0 +1,2 @@
+export { createContext } from "./context";
+//# sourceMappingURL=index.js.map

package/dist/context/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/context/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC"}

package/dist/context/load_auth_context.d.ts

@@ -0,0 +1,5 @@
+import { decodeJWTsWithKeyManager } from "@schemavaults/auth-server-sdk";
+export type AuthContext = Awaited<ReturnType<typeof decodeJWTsWithKeyManager>>;
+import { type SchemaVaultsAppEnvironment } from "@schemavaults/app-definitions";
+export declare function loadAuthContext(authHeader: string | null, environment?: SchemaVaultsAppEnvironment): Promise<AuthContext>;
+export default loadAuthContext;

package/dist/context/load_auth_context.js

@@ -0,0 +1,60 @@
+// load_auth_context.ts
+import { getSchemavaultsApiServerId, RemoteJwtKeyManager, decodeJWTsWithKeyManager, } from "@schemavaults/auth-server-sdk";
+import { getAppEnvironment, getAuthServerUri, } from "@schemavaults/app-definitions";
+const bearerPrefix = "Bearer ";
+export async function loadAuthContext(authHeader, environment = getAppEnvironment()) {
+    if (!authHeader) {
+        if (environment === "development") {
+            console.log("[loadAuthContext] No authorization header found");
+        }
+        return {
+            user: null,
+        };
+    }
+    const token = authHeader.startsWith(bearerPrefix)
+        ? authHeader.slice(bearerPrefix.length)
+        : authHeader;
+    // token parsed from header now
+    if (!token) {
+        if (environment === "development") {
+            console.log("[loadAuthContext] No auth token found");
+        }
+        return {
+            user: null,
+        };
+    }
+    const audience = getSchemavaultsApiServerId();
+    if (typeof audience !== "string")
+        throw new Error("Environment variable 'SCHEMAVAULTS_API_SERVER_ID' not set or passed to auth context loader");
+    const remote_jwt_key_manager = new RemoteJwtKeyManager({
+        auth_server_uri: getAuthServerUri(),
+        debug: environment === "development",
+    });
+    // Proceed to validate the token
+    try {
+        if (environment === "development") {
+            console.log(`[loadAuthContext] Attempting to verify auth token '${token}'...`);
+        }
+        const result = await decodeJWTsWithKeyManager(remote_jwt_key_manager, [
+            {
+                token,
+                sourceHint: "tRPC Authorization Bearer Header",
+                type: "access",
+            },
+        ]);
+        if (environment === "development" && result.user) {
+            console.log(`[loadAuthContext] Successfully verified auth token for user '${result.user.email}'`);
+        }
+        return result;
+    }
+    catch (error) {
+        if (environment === "development") {
+            console.warn("[loadAuthContext] Could not verify the token: ", error);
+        }
+        return {
+            user: null,
+        };
+    }
+}
+export default loadAuthContext;
+//# sourceMappingURL=load_auth_context.js.map

package/dist/context/load_auth_context.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"load_auth_context.js","sourceRoot":"","sources":["../../src/context/load_auth_context.ts"],"names":[],"mappings":"AAAA,uBAAuB;AAEvB,OAAO,EACL,0BAA0B,EAC1B,mBAAmB,EACnB,wBAAwB,GAEzB,MAAM,+BAA+B,CAAC;AAIvC,OAAO,EAEL,iBAAiB,EACjB,gBAAgB,GAEjB,MAAM,+BAA+B,CAAC;AAEvC,MAAM,YAAY,GAAc,SAAkB,CAAC;AAEnD,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,UAAyB,EACzB,cAA0C,iBAAiB,EAAE;IAE7D,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,IAAI,WAAW,KAAK,aAAa,EAAE,CAAC;YAClC,OAAO,CAAC,GAAG,CAAC,iDAAiD,CAAC,CAAC;QACjE,CAAC;QACD,OAAO;YACL,IAAI,EAAE,IAAI;SACX,CAAC;IACJ,CAAC;IACD,MAAM,KAAK,GAAuB,UAAU,CAAC,UAAU,CAAC,YAAY,CAAC;QACnE,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC;QACvC,CAAC,CAAC,UAAU,CAAC;IACf,+BAA+B;IAE/B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,IAAI,WAAW,KAAK,aAAa,EAAE,CAAC;YAClC,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;QACvD,CAAC;QACD,OAAO;YACL,IAAI,EAAE,IAAI;SACX,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAgB,0BAA0B,EAAE,CAAC;IAC3D,IAAI,OAAO,QAAQ,KAAK,QAAQ;QAC9B,MAAM,IAAI,KAAK,CACb,4FAA4F,CAC7F,CAAC;IAEJ,MAAM,sBAAsB,GAAmB,IAAI,mBAAmB,CAAC;QACrE,eAAe,EAAE,gBAAgB,EAAE;QACnC,KAAK,EAAE,WAAW,KAAK,aAAa;KACrC,CAAC,CAAC;IAEH,gCAAgC;IAChC,IAAI,CAAC;QACH,IAAI,WAAW,KAAK,aAAa,EAAE,CAAC;YAClC,OAAO,CAAC,GAAG,CACT,sDAAsD,KAAK,MAAM,CAClE,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,wBAAwB,CAAC,sBAAsB,EAAE;YACpE;gBACE,KAAK;gBACL,UAAU,EAAE,kCAAkC;gBAC9C,IAAI,EAAE,QAAQ;aACf;SACF,CAAC,CAAC;QAEH,IAAI,WAAW,KAAK,aAAa,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;YACjD,OAAO,CAAC,GAAG,CACT,gEAAgE,MAAM,CAAC,IAAI,CAAC,KAAK,GAAG,CACrF,CAAC;QACJ,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,IAAI,WAAW,KAAK,aAAa,EAAE,CAAC;YAClC,OAAO,CAAC,IAAI,CAAC,gDAAgD,EAAE,KAAK,CAAC,CAAC;QACxE,CAAC;QACD,OAAO;YACL,IAAI,EAAE,IAAI;SACX,CAAC;IACJ,CAAC;AACH,CAAC;AAED,eAAe,eAAe,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,12 @@
+import type { SchemaVaultsAppEnvironment } from "@schemavaults/app-definitions";
+declare global {
+    namespace NodeJS {
+        interface ProcessEnv {
+            NODE_ENV: SchemaVaultsAppEnvironment;
+        }
+    }
+}
+export { SchemaVaults_tRPC_Backend } from "./schemavaults-trpc-backend";
+export type { SchemaVaults_tRPC_Context, ICreateContextFnOptions, CreateContextFn, Base_SchemaVaults_tRPC_Resources, } from "./context";
+export type { SchemaVaults_tRPC_Runtime } from "./schemavaults-trpc-runtime";
+export type { SchemaVaults_tRPC_Procedures } from "./procedures";

package/dist/index.js

@@ -0,0 +1,2 @@
+export { SchemaVaults_tRPC_Backend } from "./schemavaults-trpc-backend";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC"}

package/dist/procedures/create_procedures.d.ts

@@ -0,0 +1,44 @@
+import type { Base_SchemaVaults_tRPC_Resources } from "../context";
+import type { SchemaVaults_tRPC_Runtime } from "../schemavaults-trpc-runtime";
+import type { UserData } from "@schemavaults/auth-server-sdk";
+export declare function createProcedures<R extends Base_SchemaVaults_tRPC_Resources>(middleware: SchemaVaults_tRPC_Runtime<R>["middleware"], procedure: SchemaVaults_tRPC_Runtime<R>["procedure"]): {
+    readonly public: import("@trpc/server").TRPCProcedureBuilder<import("../context").SchemaVaults_tRPC_Context<R>, object, object, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, false>;
+    readonly authorized: import("@trpc/server").TRPCProcedureBuilder<import("../context").SchemaVaults_tRPC_Context<R>, object, {
+        user: {
+            uid: string;
+            sub: string;
+            email: string;
+            created_at: number;
+            email_verified?: boolean | undefined;
+            admin?: boolean | undefined;
+            phone_number?: string | undefined;
+            phone_verified?: boolean | undefined;
+            disabled?: boolean | undefined;
+            invite_code?: string | undefined;
+        };
+        connected_server_resources: R;
+        environment: "development" | "staging" | "test" | "production";
+        debug: boolean;
+        isUserInOrganization: (user: UserData, org_id: import("@schemavaults/auth-common").OrganizationID) => Promise<import("@schemavaults/auth-common").OrganizationMembershipRoleType | false>;
+        jwt_audience: string;
+    }, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, false>;
+    readonly admin: import("@trpc/server").TRPCProcedureBuilder<import("../context").SchemaVaults_tRPC_Context<R>, object, {
+        user: {
+            uid: string;
+            sub: string;
+            email: string;
+            created_at: number;
+            email_verified?: boolean | undefined;
+            admin?: boolean | undefined;
+            phone_number?: string | undefined;
+            phone_verified?: boolean | undefined;
+            disabled?: boolean | undefined;
+            invite_code?: string | undefined;
+        } | null;
+        connected_server_resources: R;
+        environment: "development" | "staging" | "test" | "production";
+        debug: boolean;
+        isUserInOrganization: (user: UserData, org_id: import("@schemavaults/auth-common").OrganizationID) => Promise<import("@schemavaults/auth-common").OrganizationMembershipRoleType | false>;
+        jwt_audience: string;
+    }, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, false>;
+};

package/dist/procedures/create_procedures.js

@@ -0,0 +1,44 @@
+import { TRPCError } from "@trpc/server";
+export function createProcedures(middleware, procedure) {
+    // "Base Procedure" -- most procedures should be behind authentication middleware (instead of importing here)
+    const publicProcedure = procedure;
+    const isAuthed = middleware((opts) => {
+        const { ctx } = opts;
+        if (!ctx) {
+            throw new TRPCError({
+                code: "INTERNAL_SERVER_ERROR",
+                message: "No context found",
+            });
+        }
+        if (!ctx.user) {
+            throw new TRPCError({
+                code: "UNAUTHORIZED",
+                message: "You must be logged in to perform this action",
+            });
+        }
+        const user = ctx.user;
+        return opts.next({
+            ctx: {
+                ...ctx,
+                user,
+            },
+        });
+    });
+    const authorizedProcedure = publicProcedure.use(isAuthed);
+    const isAdmin = middleware((opts) => {
+        if (!opts.ctx.user?.admin) {
+            throw new TRPCError({
+                code: "FORBIDDEN",
+                message: "You must be an admin user to perform this action",
+            });
+        }
+        return opts.next(opts);
+    });
+    const adminProcedure = authorizedProcedure.use(isAdmin);
+    return {
+        public: publicProcedure,
+        authorized: authorizedProcedure,
+        admin: adminProcedure,
+    };
+}
+//# sourceMappingURL=create_procedures.js.map

package/dist/procedures/create_procedures.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"create_procedures.js","sourceRoot":"","sources":["../../src/procedures/create_procedures.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,MAAM,UAAU,gBAAgB,CAC9B,UAAsD,EACtD,SAAoD;IAEpD,6GAA6G;IAC7G,MAAM,eAAe,GAA8C,SAAS,CAAC;IAE7E,MAAM,QAAQ,GAAG,UAAU,CAAC,CAAC,IAAI,EAAE,EAAE;QACnC,MAAM,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QACrB,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,IAAI,SAAS,CAAC;gBAClB,IAAI,EAAE,uBAAuB;gBAC7B,OAAO,EAAE,kBAAkB;aAC5B,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;YACd,MAAM,IAAI,SAAS,CAAC;gBAClB,IAAI,EAAE,cAAc;gBACpB,OAAO,EAAE,8CAA8C;aACxD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,IAAI,GAAa,GAAG,CAAC,IAAI,CAAC;QAEhC,OAAO,IAAI,CAAC,IAAI,CAAC;YACf,GAAG,EAAE;gBACH,GAAG,GAAG;gBACN,IAAI;aACL;SACF,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,MAAM,mBAAmB,GAAG,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAE1D,MAAM,OAAO,GAAG,UAAU,CAAC,CAAC,IAAI,EAAE,EAAE;QAClC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC;YAC1B,MAAM,IAAI,SAAS,CAAC;gBAClB,IAAI,EAAE,WAAW;gBACjB,OAAO,EAAE,kDAAkD;aAC5D,CAAC,CAAC;QACL,CAAC;QAED,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzB,CAAC,CAAC,CAAC;IAEH,MAAM,cAAc,GAAG,mBAAmB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAExD,OAAO;QACL,MAAM,EAAE,eAAe;QACvB,UAAU,EAAE,mBAAmB;QAC/B,KAAK,EAAE,cAAc;KACb,CAAC;AACb,CAAC"}

package/dist/procedures/index.d.ts

@@ -0,0 +1,2 @@
+export type { SchemaVaults_tRPC_Procedures } from "./schemavaults-trpc-procedures";
+export { createProcedures } from "./create_procedures";

package/dist/procedures/index.js

@@ -0,0 +1,2 @@
+export { createProcedures } from "./create_procedures";
+//# sourceMappingURL=index.js.map

package/dist/procedures/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/procedures/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC"}

package/dist/procedures/schemavaults-trpc-procedures.d.ts

@@ -0,0 +1,3 @@
+import type { Base_SchemaVaults_tRPC_Resources } from "../context";
+import type { createProcedures } from "./create_procedures";
+export type SchemaVaults_tRPC_Procedures<R extends Base_SchemaVaults_tRPC_Resources> = ReturnType<typeof createProcedures<R>>;

package/dist/procedures/schemavaults-trpc-procedures.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=schemavaults-trpc-procedures.js.map

package/dist/procedures/schemavaults-trpc-procedures.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"schemavaults-trpc-procedures.js","sourceRoot":"","sources":["../../src/procedures/schemavaults-trpc-procedures.ts"],"names":[],"mappings":""}

package/dist/schemavaults-trpc-backend.d.ts

@@ -0,0 +1,22 @@
+import { lazy } from "@trpc/server";
+import { type ICreateContextFnOptions, type Base_SchemaVaults_tRPC_Resources, type SchemaVaults_tRPC_Context } from "./context";
+import type { SchemaVaults_tRPC_Runtime } from "./schemavaults-trpc-runtime";
+import { createProcedures, type SchemaVaults_tRPC_Procedures } from "./procedures";
+export declare abstract class SchemaVaults_tRPC_Backend<R extends Base_SchemaVaults_tRPC_Resources> {
+    protected _trpc: SchemaVaults_tRPC_Runtime<R>;
+    protected _trpc_procedures: ReturnType<typeof createProcedures<R>>;
+    constructor();
+    abstract get trpc(): SchemaVaults_tRPC_Runtime<R>;
+    abstract get procedures(): SchemaVaults_tRPC_Procedures<R>;
+    get router(): SchemaVaults_tRPC_Runtime<R>["router"];
+    /**
+     * @name lazy
+     * @description Lazy load a tRPC backend router
+     */
+    get lazy(): typeof lazy;
+    /**
+     * @name createContext
+     * @description Initialize tRPC context accessible to procedures
+     */
+    createContext(opts: ICreateContextFnOptions<R>): Promise<SchemaVaults_tRPC_Context<R>>;
+}

package/dist/schemavaults-trpc-backend.js

@@ -0,0 +1,31 @@
+// schemavaults-trpc-backend.ts
+import { initTRPC, lazy } from "@trpc/server";
+import { createContext, } from "./context";
+import { createProcedures, } from "./procedures";
+export class SchemaVaults_tRPC_Backend {
+    _trpc;
+    _trpc_procedures;
+    constructor() {
+        // tRPC should only be initialized ONCE per server, so we initialize it here.
+        this._trpc = initTRPC.context().create();
+        this._trpc_procedures = createProcedures(this._trpc.middleware, this._trpc.procedure);
+    }
+    get router() {
+        return this.trpc.router;
+    }
+    /**
+     * @name lazy
+     * @description Lazy load a tRPC backend router
+     */
+    get lazy() {
+        return lazy;
+    }
+    /**
+     * @name createContext
+     * @description Initialize tRPC context accessible to procedures
+     */
+    async createContext(opts) {
+        return await createContext(opts);
+    }
+}
+//# sourceMappingURL=schemavaults-trpc-backend.js.map

package/dist/schemavaults-trpc-backend.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"schemavaults-trpc-backend.js","sourceRoot":"","sources":["../src/schemavaults-trpc-backend.ts"],"names":[],"mappings":"AAAA,+BAA+B;AAE/B,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EACL,aAAa,GAId,MAAM,WAAW,CAAC;AAEnB,OAAO,EACL,gBAAgB,GAEjB,MAAM,cAAc,CAAC;AAEtB,MAAM,OAAgB,yBAAyB;IAGnC,KAAK,CAA+B;IACpC,gBAAgB,CAAyC;IAEnE;QACE,6EAA6E;QAC7E,IAAI,CAAC,KAAK,GAAG,QAAQ,CAAC,OAAO,EAAgC,CAAC,MAAM,EAAE,CAAC;QACvE,IAAI,CAAC,gBAAgB,GAAG,gBAAgB,CACtC,IAAI,CAAC,KAAK,CAAC,UAAU,EACrB,IAAI,CAAC,KAAK,CAAC,SAAS,CACrB,CAAC;IACJ,CAAC;IAMD,IAAW,MAAM;QACf,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC;IAC1B,CAAC;IAED;;;OAGG;IACH,IAAW,IAAI;QACb,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,aAAa,CACxB,IAAgC;QAEhC,OAAO,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC;IACnC,CAAC;CACF"}

package/dist/schemavaults-trpc-runtime.d.ts

@@ -0,0 +1,5 @@
+import type { initTRPC } from "@trpc/server";
+import type { Base_SchemaVaults_tRPC_Resources, SchemaVaults_tRPC_Context } from "./context";
+type BuilderContext<R extends Base_SchemaVaults_tRPC_Resources> = ReturnType<typeof initTRPC.context<SchemaVaults_tRPC_Context<R>>>;
+export type SchemaVaults_tRPC_Runtime<R extends Base_SchemaVaults_tRPC_Resources> = ReturnType<BuilderContext<R>["create"]>;
+export {};

package/dist/schemavaults-trpc-runtime.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=schemavaults-trpc-runtime.js.map

package/dist/schemavaults-trpc-runtime.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"schemavaults-trpc-runtime.js","sourceRoot":"","sources":["../src/schemavaults-trpc-runtime.ts"],"names":[],"mappings":""}

package/package.json

@@ -0,0 +1,39 @@
+{
+  "name": "@schemavaults/trpc-backend-init",
+  "description": "tRPC Server-side Router Factory",
+  "version": "0.8.1",
+  "private": false,
+  "license": "UNLICENSED",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/schemavaults/trpc-backend-init.git"
+  },
+  "dependencies": {},
+  "devDependencies": {
+    "typescript": "5.9.3",
+    "bun-types": "1.3.11",
+    "tsc-alias": "1.8.16"
+  },
+  "peerDependencies": {
+    "@trpc/server": "11.16.0",
+    "@schemavaults/auth-server-sdk": "0.22.18",
+    "@schemavaults/app-definitions": "0.6.23"
+  },
+  "scripts": {
+    "build": "tsc --project ./tsconfig.json && tsc-alias --project ./tsconfig.json",
+    "postbuild": "bun run cleanup",
+    "cleanup:compiled_tests_in_dist_directory": "find ./dist -type f \\( -name \"*.test.js\" -o -name \"*.test.js.map\" -o -name \"*.test.d.ts\" \\) -delete",
+    "cleanup": "bun run cleanup:compiled_tests_in_dist_directory",
+    "test": "SCHEMAVAULTS_APP_ENVIRONMENT=test NODE_ENV=test bun test"
+  },
+  "files": [
+    "dist"
+  ],
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "module": "dist/index.js",
+  "publishConfig": {
+    "access": "public"
+  },
+  "packageManager": "bun@1.3.11"
+}