@serialsubscriptions/platform-integration 0.0.79

package/lib/cache/SSICache.js

@@ -0,0 +1,134 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SSICache = void 0;
+const MemoryCacheBackend_1 = require("./backends/MemoryCacheBackend");
+const RedisCacheBackend_1 = require("./backends/RedisCacheBackend");
+function envBool(v) {
+    if (v === undefined)
+        return undefined;
+    return ['1', 'true', 'yes', 'on'].includes(v.toLowerCase());
+}
+/**
+ * Creates a namespaced key according to the required format:
+ * container:prefix:key
+ */
+function keyFor(container, prefix, key) {
+    const safePrefix = (prefix && prefix.length > 0) ? prefix : '_';
+    return `${container}:${safePrefix}:${key}`;
+}
+class SSICache {
+    constructor(backend, container, prefix) {
+        this.backend = backend;
+        this.container = container;
+        this.prefix = prefix;
+    }
+    static fromEnv() {
+        if (SSICache.__shared)
+            return SSICache.__shared;
+        const backend = process.env.SSI_CACHE_BACKEND || 'memory';
+        const container = process.env.SSI_CACHE_CONTAINER || 'ssi';
+        SSICache.__shared = SSICache.init({
+            backend,
+            container,
+            url: process.env.SSI_CACHE_URL,
+            host: process.env.SSI_CACHE_HOST,
+            port: process.env.SSI_CACHE_PORT ? Number(process.env.SSI_CACHE_PORT) : undefined,
+            user: process.env.SSI_CACHE_USER,
+            password: process.env.SSI_CACHE_PASSWORD,
+            tls: envBool(process.env.SSI_CACHE_SSL),
+        });
+        return SSICache.__shared;
+    }
+    static init(opts) {
+        const t = opts.backend || 'memory';
+        const container = opts.container;
+        let backend;
+        if (t === 'memory') {
+            backend = new MemoryCacheBackend_1.MemoryCacheBackend();
+        }
+        else if (t === 'redis') {
+            backend = new RedisCacheBackend_1.RedisCacheBackend({
+                url: opts.url,
+                host: opts.host,
+                port: opts.port,
+                user: opts.user,
+                password: opts.password,
+                tls: opts.tls,
+            });
+        }
+        else {
+            throw new Error(`Unsupported cache backend: ${t}`);
+        }
+        return new SSICache(backend, container);
+    }
+    /**
+     * Returns a cache instance pinned to a prefix ("jwks", "oidc", "rl", etc.).
+     */
+    withPrefix(prefix) {
+        return new SSICache(this.backend, this.container, prefix);
+        // shares the same backend connection; creates a new namespacer
+    }
+    k(key) {
+        return keyFor(this.container, this.prefix, key);
+    }
+    async get(key) {
+        return this.backend.get(this.k(key));
+    }
+    async set(key, value, ttlSec) {
+        await this.backend.set(this.k(key), value, ttlSec);
+    }
+    async del(key) {
+        await this.backend.del(this.k(key));
+    }
+    async mget(keys) {
+        return this.backend.mget(keys.map((k) => this.k(k)));
+    }
+    async mset(entries) {
+        return this.backend.mset(entries.map((e) => ({ key: this.k(e.key), value: e.value, ttlSec: e.ttlSec })));
+    }
+    async incrby(key, by, ttlSec) {
+        return this.backend.incrby(this.k(key), by, ttlSec);
+    }
+    async ttl(key) {
+        return this.backend.ttl(this.k(key));
+    }
+    /**
+     * compute-if-absent: get from cache or compute and cache the value
+     */
+    async remember(key, ttlSec, loader) {
+        const cached = await this.get(key);
+        if (cached !== null)
+            return cached;
+        const value = await loader();
+        await this.set(key, value, ttlSec);
+        return value;
+    }
+    /**
+     * Simple distributed lock (best-effort): returns lock token if acquired
+     * Only works properly with Redis backend; memory backend returns a naive token
+     */
+    async acquireLock(key, ttlMs) {
+        const token = Math.random().toString(36).slice(2);
+        if (typeof this.backend.tryLock === 'function') {
+            const ok = await this.backend.tryLock(this.k(`lock:${key}`), ttlMs, token);
+            return ok ? token : null;
+        }
+        return token; // naive fallback for memory backend
+    }
+    /**
+     * Release a lock acquired via acquireLock
+     */
+    async releaseLock(key, token) {
+        if (typeof this.backend.unlock === 'function') {
+            await this.backend.unlock(this.k(`lock:${key}`), token);
+        }
+    }
+    async close() {
+        if (this.prefix)
+            return; // only root closes the connection
+        if (this.backend.close)
+            await this.backend.close();
+        SSICache.__shared = undefined;
+    }
+}
+exports.SSICache = SSICache;

package/lib/cache/backends/MemoryCacheBackend.d.ts

@@ -0,0 +1,15 @@
+import type { CacheBackend } from '../types';
+export declare class MemoryCacheBackend implements CacheBackend {
+    private store;
+    get<T = unknown>(key: string): Promise<T | null>;
+    set<T = unknown>(key: string, value: T, ttlSec: number): Promise<void>;
+    del(key: string): Promise<void>;
+    mget<T = unknown>(keys: string[]): Promise<(T | null)[]>;
+    mset<T = unknown>(entries: Array<{
+        key: string;
+        value: T;
+        ttlSec: number;
+    }>): Promise<void>;
+    incrby(key: string, by?: number, ttlSec?: number): Promise<number>;
+    ttl(key: string): Promise<number | null>;
+}

package/lib/cache/backends/MemoryCacheBackend.js

@@ -0,0 +1,46 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MemoryCacheBackend = void 0;
+class MemoryCacheBackend {
+    constructor() {
+        this.store = new Map();
+    }
+    async get(key) {
+        const it = this.store.get(key);
+        if (!it)
+            return null;
+        if (Date.now() > it.exp) {
+            this.store.delete(key);
+            return null;
+        }
+        return it.v;
+    }
+    async set(key, value, ttlSec) {
+        this.store.set(key, { v: value, exp: Date.now() + ttlSec * 1000 });
+    }
+    async del(key) {
+        this.store.delete(key);
+    }
+    async mget(keys) {
+        return Promise.all(keys.map((k) => this.get(k)));
+    }
+    async mset(entries) {
+        for (const e of entries) {
+            await this.set(e.key, e.value, e.ttlSec);
+        }
+    }
+    async incrby(key, by = 1, ttlSec) {
+        const cur = (await this.get(key)) ?? 0;
+        const next = cur + by;
+        await this.set(key, next, ttlSec ?? 60);
+        return next;
+    }
+    async ttl(key) {
+        const it = this.store.get(key);
+        if (!it)
+            return null;
+        const ms = it.exp - Date.now();
+        return ms > 0 ? Math.ceil(ms / 1000) : null;
+    }
+}
+exports.MemoryCacheBackend = MemoryCacheBackend;

package/lib/cache/backends/RedisCacheBackend.d.ts

@@ -0,0 +1,27 @@
+import type { CacheBackend } from '../types';
+export declare class RedisCacheBackend implements CacheBackend {
+    private client;
+    constructor(opts: {
+        url?: string;
+        host?: string;
+        port?: number;
+        user?: string;
+        password?: string;
+        tls?: boolean;
+    });
+    private ensure;
+    get<T = unknown>(key: string): Promise<T | null>;
+    set<T = unknown>(key: string, value: T, ttlSec: number): Promise<void>;
+    del(key: string): Promise<void>;
+    mget<T = unknown>(keys: string[]): Promise<(T | null)[]>;
+    mset<T = unknown>(entries: Array<{
+        key: string;
+        value: T;
+        ttlSec: number;
+    }>): Promise<void>;
+    incrby(key: string, by?: number, ttlSec?: number): Promise<number>;
+    ttl(key: string): Promise<number | null>;
+    close(): Promise<void>;
+    tryLock(key: string, ttlMs: number, token: string): Promise<boolean>;
+    unlock(key: string, token: string): Promise<void>;
+}

package/lib/cache/backends/RedisCacheBackend.js

@@ -0,0 +1,95 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RedisCacheBackend = void 0;
+const ioredis_1 = require("ioredis");
+class RedisCacheBackend {
+    constructor(opts) {
+        if (opts.url) {
+            this.client = new ioredis_1.Redis(opts.url, { lazyConnect: true });
+        }
+        else {
+            this.client = new ioredis_1.Redis({
+                host: opts.host ?? 'localhost',
+                port: opts.port ?? 6379,
+                username: opts.user,
+                password: opts.password,
+                tls: opts.tls ? {} : undefined,
+                lazyConnect: true,
+            });
+        }
+    }
+    async ensure() {
+        if (this.client.status === 'wait')
+            await this.client.connect();
+    }
+    async get(key) {
+        await this.ensure();
+        const s = await this.client.get(key);
+        return s ? JSON.parse(s) : null;
+    }
+    async set(key, value, ttlSec) {
+        await this.ensure();
+        await this.client.set(key, JSON.stringify(value), 'EX', ttlSec);
+    }
+    async del(key) {
+        await this.ensure();
+        await this.client.del(key);
+    }
+    async mget(keys) {
+        await this.ensure();
+        if (!keys.length)
+            return [];
+        const res = await this.client.mget(...keys);
+        return res.map((s) => (s ? JSON.parse(s) : null));
+    }
+    async mset(entries) {
+        await this.ensure();
+        // Use pipeline to preserve per-key TTLs
+        const p = this.client.pipeline();
+        for (const e of entries) {
+            p.set(e.key, JSON.stringify(e.value), 'EX', e.ttlSec);
+        }
+        await p.exec();
+    }
+    async incrby(key, by = 1, ttlSec) {
+        await this.ensure();
+        const p = this.client.pipeline();
+        p.incrby(key, by);
+        if (ttlSec)
+            p.expire(key, ttlSec);
+        const results = await p.exec();
+        if (!results || results.length === 0) {
+            throw new Error('Pipeline exec failed');
+        }
+        const [error, val] = results[0];
+        if (error) {
+            throw error;
+        }
+        return val;
+    }
+    async ttl(key) {
+        await this.ensure();
+        const t = await this.client.ttl(key);
+        return t >= 0 ? t : null;
+    }
+    async close() {
+        await this.client.quit();
+    }
+    // Simple locks (SET NX PX)
+    async tryLock(key, ttlMs, token) {
+        await this.ensure();
+        const r = await this.client.set(key, token, 'PX', ttlMs, 'NX');
+        return r === 'OK';
+    }
+    async unlock(key, token) {
+        await this.ensure();
+        // Lua compare-and-del
+        const lua = `
+      if redis.call("get", KEYS[1]) == ARGV[1] then
+        return redis.call("del", KEYS[1])
+      else return 0 end
+    `;
+        await this.client.eval(lua, 1, key, token);
+    }
+}
+exports.RedisCacheBackend = RedisCacheBackend;

package/lib/cache/constants.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Recommended default TTLs for cache operations
+ */
+export declare const TTL_SHORT = 60;
+export declare const TTL_DEFAULT = 300;
+export declare const TTL_LONG = 3600;
+export declare const TTL_JWKS = 43200;

package/lib/cache/constants.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TTL_JWKS = exports.TTL_LONG = exports.TTL_DEFAULT = exports.TTL_SHORT = void 0;
+/**
+ * Recommended default TTLs for cache operations
+ */
+exports.TTL_SHORT = 60; // rate-limit buckets, nonces
+exports.TTL_DEFAULT = 300; // API responses
+exports.TTL_LONG = 3600; // discovery docs
+exports.TTL_JWKS = 43200; // 12h; rotate if kid miss

package/lib/cache/types.d.ts

@@ -0,0 +1,27 @@
+export type CacheBackendType = 'memory' | 'redis';
+export interface CacheInitOpts {
+    backend?: CacheBackendType;
+    container: string;
+    url?: string;
+    host?: string;
+    port?: number;
+    user?: string;
+    password?: string;
+    tls?: boolean;
+}
+export interface CacheBackend {
+    get<T = unknown>(key: string): Promise<T | null>;
+    set<T = unknown>(key: string, value: T, ttlSec: number): Promise<void>;
+    del(key: string): Promise<void>;
+    mget<T = unknown>(keys: string[]): Promise<(T | null)[]>;
+    mset<T = unknown>(entries: Array<{
+        key: string;
+        value: T;
+        ttlSec: number;
+    }>): Promise<void>;
+    incrby(key: string, by?: number, ttlSec?: number): Promise<number>;
+    ttl(key: string): Promise<number | null>;
+    close?(): Promise<void>;
+    tryLock?(key: string, ttlMs: number, token: string): Promise<boolean>;
+    unlock?(key: string, token: string): Promise<void>;
+}

package/lib/cache/types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/frontend/index.d.ts

@@ -0,0 +1 @@
+export { SessionClient } from './session/SessionClient';

package/lib/frontend/index.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SessionClient = void 0;
+// Browser/middleware-safe exports only
+var SessionClient_1 = require("./session/SessionClient");
+Object.defineProperty(exports, "SessionClient", { enumerable: true, get: function () { return SessionClient_1.SessionClient; } });

package/lib/frontend/session/SessionClient.d.ts

@@ -0,0 +1,24 @@
+export declare class SessionClient {
+    private readonly cookieHeader?;
+    private static readonly instances;
+    private readonly baseUrl;
+    private claims;
+    private ttl;
+    private initPromise;
+    private static normalizeBaseUrl;
+    constructor(baseUrl?: string, cookieHeader?: string | null | undefined);
+    static getSessionClient(baseUrl?: string): SessionClient;
+    isLoggedIn(): Promise<boolean>;
+    warmup(): void;
+    getTtl(): Promise<number | null>;
+    get(claimName: string): Promise<unknown>;
+    /**
+     * Get a specific claim from the session.
+     * Alias for `get()` method for consistency with SessionManager.
+     */
+    getClaim(claimName: string): Promise<unknown>;
+    getAll(): Promise<unknown | null>;
+    private withSession;
+    private loadClaims;
+}
+export default SessionClient;

package/lib/frontend/session/SessionClient.js

@@ -0,0 +1,145 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SessionClient = void 0;
+class SessionClient {
+    static normalizeBaseUrl(baseUrl) {
+        if (!baseUrl) {
+            return "";
+        }
+        try {
+            const url = new URL(baseUrl);
+            // Remove trailing slash and default ports
+            url.pathname = url.pathname.replace(/\/$/, "");
+            if ((url.protocol === "https:" && url.port === "443") || (url.protocol === "http:" && url.port === "80")) {
+                url.port = "";
+            }
+            return url.toString().replace(/\/$/, "");
+        }
+        catch {
+            return baseUrl;
+        }
+    }
+    constructor(baseUrl, cookieHeader) {
+        this.cookieHeader = cookieHeader;
+        this.claims = null;
+        this.ttl = null;
+        const resolvedBaseUrl = baseUrl ?? process.env.NEXT_PUBLIC_BASE_URL ?? "";
+        this.baseUrl = SessionClient.normalizeBaseUrl(resolvedBaseUrl);
+        if (!this.baseUrl || !this.baseUrl.startsWith("http://") && !this.baseUrl.startsWith("https://")) {
+            console.error(`You must set baseUrl to SessionClient or you must set env variable NEXT_PUBLIC_BASE_URL. Incorrect value \`${resolvedBaseUrl}\``);
+        }
+        this.initPromise = this.loadClaims();
+    }
+    static getSessionClient(baseUrl) {
+        const resolvedBaseUrl = baseUrl ?? process.env.NEXT_PUBLIC_BASE_URL ?? "";
+        const normalizedBaseUrl = SessionClient.normalizeBaseUrl(resolvedBaseUrl);
+        if (!normalizedBaseUrl || !normalizedBaseUrl.startsWith("http://") && !normalizedBaseUrl.startsWith("https://")) {
+            console.error(`You must set baseUrl to SessionClient or you must set env variable NEXT_PUBLIC_BASE_URL. Incorrect value \`${resolvedBaseUrl}\``);
+        }
+        if (!SessionClient.instances.has(normalizedBaseUrl)) {
+            SessionClient.instances.set(normalizedBaseUrl, new SessionClient(baseUrl));
+        }
+        return SessionClient.instances.get(normalizedBaseUrl);
+    }
+    async isLoggedIn() {
+        await this.initPromise;
+        return this.claims != null;
+    }
+    // Non-awaiting stub to ensure initialization happens without blocking
+    warmup() {
+        void this.initPromise;
+    }
+    async getTtl() {
+        await this.initPromise;
+        return this.ttl;
+    }
+    async get(claimName) {
+        await this.initPromise;
+        if (this.claims && typeof this.claims === "object") {
+            const record = this.claims;
+            return record[claimName];
+        }
+        return undefined;
+    }
+    /**
+     * Get a specific claim from the session.
+     * Alias for `get()` method for consistency with SessionManager.
+     */
+    async getClaim(claimName) {
+        return this.get(claimName);
+    }
+    async getAll() {
+        await this.initPromise;
+        return this.claims;
+    }
+    async withSession(init = {}) {
+        if (this.cookieHeader) {
+            const headers = new Headers(init.headers ?? {});
+            if (!headers.has("Cookie")) {
+                headers.set("Cookie", this.cookieHeader);
+            }
+            return {
+                ...init,
+                headers,
+            };
+        }
+        if (typeof window !== "undefined") {
+            return init;
+        }
+        try {
+            // Dynamic import of next/headers - only available in Next.js server context
+            // @ts-expect-error - next/headers types are available at runtime but TypeScript can't resolve them during package build
+            const { cookies } = await import("next/headers");
+            const cookieStore = await cookies();
+            const serializedCookies = cookieStore
+                .getAll()
+                .map((cookie) => `${cookie.name}=${cookie.value}`)
+                .join("; ");
+            if (!serializedCookies) {
+                return init;
+            }
+            const headers = new Headers(init.headers ?? {});
+            if (!headers.has("Cookie")) {
+                headers.set("Cookie", serializedCookies);
+            }
+            return {
+                ...init,
+                headers,
+            };
+        }
+        catch {
+            return init;
+        }
+    }
+    async loadClaims() {
+        try {
+            const url = new URL("/api/v1/auth/session", this.baseUrl).toString();
+            const response = await fetch(url, await this.withSession({
+                method: "GET",
+                headers: { accept: "application/json" },
+                credentials: "include",
+            }));
+            if (!response.ok) {
+                this.claims = null;
+                this.ttl = null;
+                return;
+            }
+            const data = (await response.json());
+            if (data.ok) {
+                this.claims = data.claims ?? null;
+                this.ttl = typeof data.ttl_seconds === "number" ? data.ttl_seconds : null;
+            }
+            else {
+                this.claims = null;
+                this.ttl = null;
+            }
+        }
+        catch (_err) {
+            this.claims = null;
+            this.ttl = null;
+        }
+    }
+}
+exports.SessionClient = SessionClient;
+SessionClient.instances = new Map();
+exports.default = SessionClient;

package/lib/index.d.ts

@@ -0,0 +1,15 @@
+export * from './auth.server';
+export * from './stateStore';
+export * from './storage/SSIStorage';
+export * from './storage/types';
+export * from './session/SessionManager';
+export { SessionClient } from './frontend/session/SessionClient';
+export * from './cache/SSICache';
+export * from './cache/types';
+export * from './cache/constants';
+export * from './SSIProjectApi';
+export { SSISubscribedFeatureApi } from './SSISubscribedFeatureApi';
+export { SSISubscribedLimitApi } from './SSISubscribedLimitApi';
+export { SSISubscribedPlanApi } from './SSISubscribedPlanApi';
+export * from './SubscribedPlanManager';
+export * from './UsageApi';

package/lib/index.js

@@ -0,0 +1,38 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SSISubscribedPlanApi = exports.SSISubscribedLimitApi = exports.SSISubscribedFeatureApi = exports.SessionClient = void 0;
+__exportStar(require("./auth.server"), exports);
+__exportStar(require("./stateStore"), exports);
+__exportStar(require("./storage/SSIStorage"), exports);
+__exportStar(require("./storage/types"), exports);
+__exportStar(require("./session/SessionManager"), exports);
+var SessionClient_1 = require("./frontend/session/SessionClient");
+Object.defineProperty(exports, "SessionClient", { enumerable: true, get: function () { return SessionClient_1.SessionClient; } });
+__exportStar(require("./cache/SSICache"), exports);
+__exportStar(require("./cache/types"), exports);
+__exportStar(require("./cache/constants"), exports);
+// Export all types and classes from SSIProjectApi (includes shared JSON:API types)
+__exportStar(require("./SSIProjectApi"), exports);
+// Export only the unique classes from subscribed APIs (types are already exported from SSIProjectApi)
+var SSISubscribedFeatureApi_1 = require("./SSISubscribedFeatureApi");
+Object.defineProperty(exports, "SSISubscribedFeatureApi", { enumerable: true, get: function () { return SSISubscribedFeatureApi_1.SSISubscribedFeatureApi; } });
+var SSISubscribedLimitApi_1 = require("./SSISubscribedLimitApi");
+Object.defineProperty(exports, "SSISubscribedLimitApi", { enumerable: true, get: function () { return SSISubscribedLimitApi_1.SSISubscribedLimitApi; } });
+var SSISubscribedPlanApi_1 = require("./SSISubscribedPlanApi");
+Object.defineProperty(exports, "SSISubscribedPlanApi", { enumerable: true, get: function () { return SSISubscribedPlanApi_1.SSISubscribedPlanApi; } });
+__exportStar(require("./SubscribedPlanManager"), exports);
+__exportStar(require("./UsageApi"), exports);

package/lib/lib/session/SessionClient.d.ts

@@ -0,0 +1,11 @@
+import type { SessionClientInit, SessionSnapshot, TokenBundle } from './types';
+export declare class SessionClient {
+    private readonly init;
+    constructor(init: SessionClientInit);
+    private k;
+    getAll(sessionId: string): Promise<SessionSnapshot>;
+    setTokens(sessionId: string, t: TokenBundle): Promise<void>;
+    getTtl(_sessionId: string): Promise<number | null>;
+    clear(sessionId: string): Promise<void>;
+    maybeRefresh(_sessionId: string): Promise<boolean>;
+}

package/lib/lib/session/SessionClient.js

@@ -0,0 +1,47 @@
+const ACCESS = 'access';
+const ID = 'id';
+const REFRESH = 'refresh';
+const CLAIMS = 'claims';
+const DEFAULT_REFRESH_TTL_SEC = 7 * 24 * 60 * 60;
+export class SessionClient {
+    constructor(init) {
+        this.init = init;
+    }
+    k(sessionId, suffix) {
+        return `${sessionId}:${suffix}`;
+    }
+    async getAll(sessionId) {
+        const claims = await this.init.store.get(this.k(sessionId, CLAIMS));
+        const access_token = await this.init.store.get(this.k(sessionId, ACCESS));
+        const id_token = await this.init.store.get(this.k(sessionId, ID));
+        const refresh_token = await this.init.store.get(this.k(sessionId, REFRESH));
+        return { claims, access_token, id_token, refresh_token };
+    }
+    async setTokens(sessionId, t) {
+        const { store } = this.init;
+        await store.set(this.k(sessionId, ACCESS), t.access_token, t.ttlSec);
+        await store.set(this.k(sessionId, ID), t.id_token, t.ttlSec);
+        if (t.refresh_token) {
+            const refreshTtl = this.init.refresh?.defaultTtlSec ?? DEFAULT_REFRESH_TTL_SEC;
+            await store.set(this.k(sessionId, REFRESH), t.refresh_token, refreshTtl);
+        }
+        // No JWT verification. Clear cached claims to force re-derive later (future step).
+        await store.del(this.k(sessionId, CLAIMS));
+    }
+    async getTtl(_sessionId) {
+        // Will compute from JWT exp later; parity with original means null for now.
+        return null;
+    }
+    async clear(sessionId) {
+        await Promise.all([
+            this.init.store.del(this.k(sessionId, ACCESS)),
+            this.init.store.del(this.k(sessionId, ID)),
+            this.init.store.del(this.k(sessionId, REFRESH)),
+            this.init.store.del(this.k(sessionId, CLAIMS)),
+        ]);
+    }
+    async maybeRefresh(_sessionId) {
+        // Stub; parity with original (no auto-refresh yet).
+        return false;
+    }
+}

package/lib/lib/session/index.d.ts

@@ -0,0 +1,3 @@
+export * from './types';
+export * from './SessionClient';
+export * from './stores';