@soulcraft/sdk 2.6.0 → 2.8.0

package/dist/modules/auth/request-middleware.d.ts

@@ -0,0 +1,195 @@
+/**
+ * @module modules/auth/request-middleware
+ * @description Framework-agnostic auth middleware using Web Standard Request/Response.
+ *
+ * Drop-in replacements for the Hono-based middleware in `middleware.ts`. These
+ * functions use a `WeakMap<Request, SoulcraftSessionUser | null>` to attach the
+ * resolved user to the request object, instead of Hono's `c.set()` / `c.get()`.
+ *
+ * ## Middleware signature
+ *
+ * All middleware follows the universal pattern:
+ * ```
+ * (req: Request, next: () => Promise<Response>) => Promise<Response>
+ * ```
+ *
+ * Compatible with any server framework that exposes Web Standard `Request`/`Response`
+ * (SvelteKit, Bun.serve, Deno, Cloudflare Workers, etc.).
+ *
+ * ## User retrieval
+ *
+ * After middleware runs, retrieve the resolved user with `getUser(req)`:
+ * ```typescript
+ * const user = getUser(req) // SoulcraftSessionUser | null
+ * ```
+ *
+ * @example SvelteKit hooks
+ * ```typescript
+ * import { createRequestAuthMiddleware, getUser, createRemoteSessionVerifier } from '@soulcraft/sdk/server'
+ *
+ * const verifier = createRemoteSessionVerifier({ idpUrl: process.env.SOULCRAFT_IDP_URL! })
+ * const { requireAuth } = createRequestAuthMiddleware(verifier)
+ *
+ * export const handle = async ({ event, resolve }) => {
+ *   const response = await requireAuth(event.request, () => resolve(event))
+ *   event.locals.user = getUser(event.request)
+ *   return response
+ * }
+ * ```
+ *
+ * @example Bun.serve
+ * ```typescript
+ * import { createRequestAuthMiddleware, getUser, createRemoteSessionVerifier } from '@soulcraft/sdk/server'
+ *
+ * const verifier = createRemoteSessionVerifier({ idpUrl: process.env.SOULCRAFT_IDP_URL! })
+ * const { optionalAuth } = createRequestAuthMiddleware(verifier)
+ *
+ * Bun.serve({
+ *   fetch: (req) => optionalAuth(req, async () => {
+ *     const user = getUser(req)
+ *     return new Response(JSON.stringify({ user: user?.email ?? 'anonymous' }))
+ *   }),
+ * })
+ * ```
+ */
+import type { SoulcraftSessionUser } from './types.js';
+import type { BetterAuthLike, SessionVerifier, AuthMiddlewareOptions, DevLoginHandlerOptions, GuestSessionHandlerOptions } from './middleware.js';
+/**
+ * @description A framework-agnostic middleware function that processes a Web Standard
+ * Request and either calls the next handler or short-circuits with its own Response.
+ */
+export type RequestMiddleware = (req: Request, next: () => Promise<Response>) => Promise<Response>;
+/**
+ * @description The object returned by `createRequestAuthMiddleware()`.
+ * Provides `requireAuth` and `optionalAuth` middleware using pure Request/Response.
+ */
+export interface RequestAuthMiddleware {
+    /**
+     * Require authentication. Resolves the session from request cookies. If the
+     * session is valid, attaches the typed user to the request via WeakMap and
+     * calls `next()`. Returns HTTP 401 JSON response if unauthenticated.
+     */
+    requireAuth: RequestMiddleware;
+    /**
+     * Optional authentication. Resolves the session if one exists, but does not
+     * reject unauthenticated requests. User will be `null` for anonymous requests.
+     */
+    optionalAuth: RequestMiddleware;
+}
+/**
+ * @description Retrieves the resolved Soulcraft user attached to a Request by
+ * the request auth middleware.
+ *
+ * Returns the `SoulcraftSessionUser` if the request was authenticated, `null` if
+ * the request passed through `optionalAuth` without a session, or `null` if no
+ * middleware has processed this request.
+ *
+ * @param req - The Web Standard Request that was processed by middleware.
+ * @returns The resolved user, or null if unauthenticated or not yet processed.
+ *
+ * @example
+ * ```typescript
+ * const response = await requireAuth(request, async () => {
+ *   const user = getUser(request)!
+ *   return new Response(`Hello ${user.name}`)
+ * })
+ * ```
+ */
+export declare function getUser(req: Request): SoulcraftSessionUser | null;
+/**
+ * @description Creates framework-agnostic auth middleware from a `SessionVerifier`
+ * function or a `BetterAuthLike` instance.
+ *
+ * This is the Web Standard equivalent of `createAuthMiddleware` — same session
+ * resolution logic, but uses `WeakMap<Request, User>` instead of Hono context
+ * variables. Retrieve the resolved user after middleware with `getUser(req)`.
+ *
+ * **Preferred form (all products in OIDC-client mode):**
+ * Pass a `SessionVerifier` returned by `createRemoteSessionVerifier` or
+ * `createDevSessionVerifier`. The middleware reads the request cookie header and
+ * passes it to the verifier.
+ *
+ * **Legacy form (Workshop standalone mode):**
+ * Pass a `better-auth` instance directly. The middleware calls `auth.api.getSession`.
+ * In non-production environments and when `devAutoLogin` is enabled, a synthetic dev
+ * user is injected on failed lookups so local dev works without OAuth.
+ *
+ * @param authOrVerifier - A `better-auth` instance or a `SessionVerifier` function.
+ * @param options - Optional middleware configuration (only applies to `BetterAuthLike` form).
+ * @returns Middleware pair: `{ requireAuth, optionalAuth }`.
+ *
+ * @example Verifier form (Venue / Academy / Workshop in OIDC mode)
+ * ```typescript
+ * const verifySession = createRemoteSessionVerifier({ idpUrl: process.env.SOULCRAFT_IDP_URL! })
+ * const { requireAuth } = createRequestAuthMiddleware(verifySession)
+ *
+ * // Use in any server:
+ * const response = await requireAuth(request, () => handler(request))
+ * const user = getUser(request)!
+ * ```
+ *
+ * @example BetterAuth form (Workshop dev standalone)
+ * ```typescript
+ * import { auth } from './better-auth.js'
+ * const { requireAuth } = createRequestAuthMiddleware(auth)
+ * ```
+ */
+export declare function createRequestAuthMiddleware(authOrVerifier: BetterAuthLike | SessionVerifier, options?: AuthMiddlewareOptions): RequestAuthMiddleware;
+/**
+ * @description Creates a framework-agnostic request handler for a dev login endpoint.
+ *
+ * Web Standard equivalent of `createDevLoginHandler`. Mount at `/api/dev/login`
+ * to get a role-switching endpoint for local development. Accepts `?role=<platformRole>`
+ * and optional `?email=` / `?name=` / `?redirect=` query params. Issues a base64url
+ * session cookie and returns an HTTP 302 redirect.
+ *
+ * **Guards against production use:** the handler returns HTTP 404 when
+ * `NODE_ENV === 'production'` — safe to leave mounted in all environments.
+ *
+ * @param options - Allowed roles, cookie name, and max-age.
+ * @returns A request handler function `(req: Request) => Response`.
+ *
+ * @example
+ * ```typescript
+ * import { createRequestDevLoginHandler } from '@soulcraft/sdk/server'
+ *
+ * const devLogin = createRequestDevLoginHandler({ allowedRoles: ['owner', 'staff', 'customer'] })
+ *
+ * // SvelteKit: export const GET = ({ request }) => devLogin(request)
+ * // Bun:       if (url.pathname === '/api/dev/login') return devLogin(req)
+ *
+ * // Usage: GET /api/dev/login?role=staff → sets cookie + redirects to /
+ * ```
+ */
+export declare function createRequestDevLoginHandler(options?: DevLoginHandlerOptions): (req: Request) => Response;
+/**
+ * @description Creates a framework-agnostic request handler that issues a guest
+ * session cookie.
+ *
+ * Web Standard equivalent of `createGuestSessionHandler`. Venue visitors can browse
+ * and initiate bookings without creating an account. Mount at e.g. `/api/guest/session`
+ * to issue a session cookie with `platformRole: 'guest'` and a unique guest ID on
+ * each call (if no valid guest session already exists).
+ *
+ * The guest session cookie can be verified using `createGuestCookieVerifier`,
+ * which returns a `SessionVerifier` compatible with `createRequestAuthMiddleware`.
+ *
+ * @param options - Cookie name, max-age, and optional `onGuestCreated` callback.
+ * @returns An async request handler function `(req: Request) => Promise<Response>`.
+ *
+ * @example
+ * ```typescript
+ * import { createRequestGuestSessionHandler, createGuestCookieVerifier } from '@soulcraft/sdk/server'
+ *
+ * const guestSession = createRequestGuestSessionHandler({
+ *   onGuestCreated: async (guestId) => {
+ *     await db.guests.insert({ id: guestId, createdAt: new Date() })
+ *   },
+ * })
+ *
+ * // SvelteKit: export const POST = ({ request }) => guestSession(request)
+ * // Bun:       if (url.pathname === '/api/guest/session') return guestSession(req)
+ * ```
+ */
+export declare function createRequestGuestSessionHandler(options?: GuestSessionHandlerOptions): (req: Request) => Promise<Response>;
+//# sourceMappingURL=request-middleware.d.ts.map

package/dist/modules/auth/request-middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"request-middleware.d.ts","sourceRoot":"","sources":["../../../src/modules/auth/request-middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqDG;AAGH,OAAO,KAAK,EAAE,oBAAoB,EAAoB,MAAM,YAAY,CAAA;AACxE,OAAO,KAAK,EACV,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,sBAAsB,EACtB,0BAA0B,EAC3B,MAAM,iBAAiB,CAAA;AAMxB;;;GAGG;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,OAAO,CAAC,QAAQ,CAAC,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAA;AAElG;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC;;;;OAIG;IACH,WAAW,EAAE,iBAAiB,CAAA;IAE9B;;;OAGG;IACH,YAAY,EAAE,iBAAiB,CAAA;CAChC;AASD;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,OAAO,CAAC,GAAG,EAAE,OAAO,GAAG,oBAAoB,GAAG,IAAI,CAEjE;AAsDD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,wBAAgB,2BAA2B,CACzC,cAAc,EAAE,cAAc,GAAG,eAAe,EAChD,OAAO,GAAE,qBAA0B,GAClC,qBAAqB,CA8EvB;AAMD;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,wBAAgB,4BAA4B,CAC1C,OAAO,GAAE,sBAA2B,GACnC,CAAC,GAAG,EAAE,OAAO,KAAK,QAAQ,CAiE5B;AAMD;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,wBAAgB,gCAAgC,CAC9C,OAAO,GAAE,0BAA+B,GACvC,CAAC,GAAG,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CAuDrC"}

package/dist/modules/auth/request-middleware.js

@@ -0,0 +1,409 @@
+/**
+ * @module modules/auth/request-middleware
+ * @description Framework-agnostic auth middleware using Web Standard Request/Response.
+ *
+ * Drop-in replacements for the Hono-based middleware in `middleware.ts`. These
+ * functions use a `WeakMap<Request, SoulcraftSessionUser | null>` to attach the
+ * resolved user to the request object, instead of Hono's `c.set()` / `c.get()`.
+ *
+ * ## Middleware signature
+ *
+ * All middleware follows the universal pattern:
+ * ```
+ * (req: Request, next: () => Promise<Response>) => Promise<Response>
+ * ```
+ *
+ * Compatible with any server framework that exposes Web Standard `Request`/`Response`
+ * (SvelteKit, Bun.serve, Deno, Cloudflare Workers, etc.).
+ *
+ * ## User retrieval
+ *
+ * After middleware runs, retrieve the resolved user with `getUser(req)`:
+ * ```typescript
+ * const user = getUser(req) // SoulcraftSessionUser | null
+ * ```
+ *
+ * @example SvelteKit hooks
+ * ```typescript
+ * import { createRequestAuthMiddleware, getUser, createRemoteSessionVerifier } from '@soulcraft/sdk/server'
+ *
+ * const verifier = createRemoteSessionVerifier({ idpUrl: process.env.SOULCRAFT_IDP_URL! })
+ * const { requireAuth } = createRequestAuthMiddleware(verifier)
+ *
+ * export const handle = async ({ event, resolve }) => {
+ *   const response = await requireAuth(event.request, () => resolve(event))
+ *   event.locals.user = getUser(event.request)
+ *   return response
+ * }
+ * ```
+ *
+ * @example Bun.serve
+ * ```typescript
+ * import { createRequestAuthMiddleware, getUser, createRemoteSessionVerifier } from '@soulcraft/sdk/server'
+ *
+ * const verifier = createRemoteSessionVerifier({ idpUrl: process.env.SOULCRAFT_IDP_URL! })
+ * const { optionalAuth } = createRequestAuthMiddleware(verifier)
+ *
+ * Bun.serve({
+ *   fetch: (req) => optionalAuth(req, async () => {
+ *     const user = getUser(req)
+ *     return new Response(JSON.stringify({ user: user?.email ?? 'anonymous' }))
+ *   }),
+ * })
+ * ```
+ */
+import { computeEmailHash } from './config.js';
+// ─────────────────────────────────────────────────────────────────────────────
+// WeakMap user storage
+// ─────────────────────────────────────────────────────────────────────────────
+/** Internal WeakMap that associates a Request with its resolved user. */
+const userMap = new WeakMap();
+/**
+ * @description Retrieves the resolved Soulcraft user attached to a Request by
+ * the request auth middleware.
+ *
+ * Returns the `SoulcraftSessionUser` if the request was authenticated, `null` if
+ * the request passed through `optionalAuth` without a session, or `null` if no
+ * middleware has processed this request.
+ *
+ * @param req - The Web Standard Request that was processed by middleware.
+ * @returns The resolved user, or null if unauthenticated or not yet processed.
+ *
+ * @example
+ * ```typescript
+ * const response = await requireAuth(request, async () => {
+ *   const user = getUser(request)!
+ *   return new Response(`Hello ${user.name}`)
+ * })
+ * ```
+ */
+export function getUser(req) {
+    return userMap.get(req) ?? null;
+}
+// ─────────────────────────────────────────────────────────────────────────────
+// Shared internal helpers (duplicated from middleware.ts to avoid coupling)
+// ─────────────────────────────────────────────────────────────────────────────
+/** Resolve a raw user record from a better-auth session into a `SoulcraftSessionUser`. */
+function _resolveUser(raw) {
+    const email = String(raw['email'] ?? '');
+    const emailHash = raw['emailHash']
+        ? String(raw['emailHash'])
+        : computeEmailHash(email);
+    return {
+        id: String(raw['id'] ?? ''),
+        email,
+        name: String(raw['name'] ?? ''),
+        image: raw['image'] ?? null,
+        platformRole: raw['platformRole'] ?? 'creator',
+        emailHash,
+        ...(raw['handle'] ? { handle: String(raw['handle']) } : {}),
+    };
+}
+/** Parse a simple `name=value` cookie from a raw cookie header string. */
+function _parseCookie(cookieHeader, name) {
+    for (const part of cookieHeader.split(';')) {
+        const [k, ...rest] = part.trim().split('=');
+        if (k?.trim() === name)
+            return rest.join('=').trim();
+    }
+    return undefined;
+}
+/** Encode a dev/guest session payload as a compact JSON+base64url string (unsigned). */
+function _encodeSessionCookie(session) {
+    return Buffer.from(JSON.stringify(session)).toString('base64url');
+}
+/** Decode a session payload encoded by `_encodeSessionCookie`. Returns null on any error. */
+function _decodeSessionCookie(value) {
+    try {
+        const raw = JSON.parse(Buffer.from(value, 'base64url').toString('utf-8'));
+        if (!raw.user || !raw.sessionId || !raw.expiresAt)
+            return null;
+        if (raw.expiresAt < Date.now())
+            return null;
+        return raw;
+    }
+    catch {
+        return null;
+    }
+}
+// ─────────────────────────────────────────────────────────────────────────────
+// createRequestAuthMiddleware
+// ─────────────────────────────────────────────────────────────────────────────
+/**
+ * @description Creates framework-agnostic auth middleware from a `SessionVerifier`
+ * function or a `BetterAuthLike` instance.
+ *
+ * This is the Web Standard equivalent of `createAuthMiddleware` — same session
+ * resolution logic, but uses `WeakMap<Request, User>` instead of Hono context
+ * variables. Retrieve the resolved user after middleware with `getUser(req)`.
+ *
+ * **Preferred form (all products in OIDC-client mode):**
+ * Pass a `SessionVerifier` returned by `createRemoteSessionVerifier` or
+ * `createDevSessionVerifier`. The middleware reads the request cookie header and
+ * passes it to the verifier.
+ *
+ * **Legacy form (Workshop standalone mode):**
+ * Pass a `better-auth` instance directly. The middleware calls `auth.api.getSession`.
+ * In non-production environments and when `devAutoLogin` is enabled, a synthetic dev
+ * user is injected on failed lookups so local dev works without OAuth.
+ *
+ * @param authOrVerifier - A `better-auth` instance or a `SessionVerifier` function.
+ * @param options - Optional middleware configuration (only applies to `BetterAuthLike` form).
+ * @returns Middleware pair: `{ requireAuth, optionalAuth }`.
+ *
+ * @example Verifier form (Venue / Academy / Workshop in OIDC mode)
+ * ```typescript
+ * const verifySession = createRemoteSessionVerifier({ idpUrl: process.env.SOULCRAFT_IDP_URL! })
+ * const { requireAuth } = createRequestAuthMiddleware(verifySession)
+ *
+ * // Use in any server:
+ * const response = await requireAuth(request, () => handler(request))
+ * const user = getUser(request)!
+ * ```
+ *
+ * @example BetterAuth form (Workshop dev standalone)
+ * ```typescript
+ * import { auth } from './better-auth.js'
+ * const { requireAuth } = createRequestAuthMiddleware(auth)
+ * ```
+ */
+export function createRequestAuthMiddleware(authOrVerifier, options = {}) {
+    const isVerifier = typeof authOrVerifier === 'function';
+    if (isVerifier) {
+        const verify = authOrVerifier;
+        const requireAuth = async (req, next) => {
+            const cookieHeader = req.headers.get('cookie') ?? '';
+            const session = await verify(cookieHeader);
+            if (!session) {
+                return new Response(JSON.stringify({ error: 'Authentication required' }), {
+                    status: 401,
+                    headers: { 'Content-Type': 'application/json' },
+                });
+            }
+            userMap.set(req, session.user);
+            return next();
+        };
+        const optionalAuth = async (req, next) => {
+            const cookieHeader = req.headers.get('cookie') ?? '';
+            const session = await verify(cookieHeader);
+            userMap.set(req, session?.user ?? null);
+            return next();
+        };
+        return { requireAuth, optionalAuth };
+    }
+    // BetterAuthLike form (Workshop standalone)
+    const auth = authOrVerifier;
+    const devAutoLogin = options.devAutoLogin ?? true;
+    const isDev = process.env['NODE_ENV'] !== 'production';
+    const DEV_USER = {
+        id: 'dev-user-001',
+        email: 'dev@localhost',
+        name: 'Dev User',
+        image: null,
+        emailHash: computeEmailHash('dev@localhost'),
+        platformRole: 'creator',
+        handle: 'dev',
+    };
+    const requireAuth = async (req, next) => {
+        if (isDev && devAutoLogin) {
+            if (!userMap.has(req))
+                userMap.set(req, DEV_USER);
+            return next();
+        }
+        const session = await auth.api.getSession({ headers: req.headers });
+        if (!session?.user) {
+            return new Response(JSON.stringify({ error: 'Authentication required' }), {
+                status: 401,
+                headers: { 'Content-Type': 'application/json' },
+            });
+        }
+        userMap.set(req, _resolveUser(session.user));
+        return next();
+    };
+    const optionalAuth = async (req, next) => {
+        if (isDev && devAutoLogin) {
+            if (!userMap.has(req))
+                userMap.set(req, DEV_USER);
+            return next();
+        }
+        const session = await auth.api.getSession({ headers: req.headers });
+        if (session?.user) {
+            userMap.set(req, _resolveUser(session.user));
+        }
+        else {
+            userMap.set(req, null);
+        }
+        return next();
+    };
+    return { requireAuth, optionalAuth };
+}
+// ─────────────────────────────────────────────────────────────────────────────
+// createRequestDevLoginHandler
+// ─────────────────────────────────────────────────────────────────────────────
+/**
+ * @description Creates a framework-agnostic request handler for a dev login endpoint.
+ *
+ * Web Standard equivalent of `createDevLoginHandler`. Mount at `/api/dev/login`
+ * to get a role-switching endpoint for local development. Accepts `?role=<platformRole>`
+ * and optional `?email=` / `?name=` / `?redirect=` query params. Issues a base64url
+ * session cookie and returns an HTTP 302 redirect.
+ *
+ * **Guards against production use:** the handler returns HTTP 404 when
+ * `NODE_ENV === 'production'` — safe to leave mounted in all environments.
+ *
+ * @param options - Allowed roles, cookie name, and max-age.
+ * @returns A request handler function `(req: Request) => Response`.
+ *
+ * @example
+ * ```typescript
+ * import { createRequestDevLoginHandler } from '@soulcraft/sdk/server'
+ *
+ * const devLogin = createRequestDevLoginHandler({ allowedRoles: ['owner', 'staff', 'customer'] })
+ *
+ * // SvelteKit: export const GET = ({ request }) => devLogin(request)
+ * // Bun:       if (url.pathname === '/api/dev/login') return devLogin(req)
+ *
+ * // Usage: GET /api/dev/login?role=staff → sets cookie + redirects to /
+ * ```
+ */
+export function createRequestDevLoginHandler(options = {}) {
+    const DEFAULT_ROLES = [
+        'creator', 'viewer', 'customer', 'staff', 'manager', 'owner', 'learner', 'instructor',
+    ];
+    const allowedRoles = options.allowedRoles ?? DEFAULT_ROLES;
+    const cookieName = options.cookieName ?? 'soulcraft_dev_session';
+    const maxAgeSeconds = options.maxAgeSeconds ?? 86_400;
+    return function requestDevLoginHandler(req) {
+        if (process.env['NODE_ENV'] === 'production') {
+            return new Response(JSON.stringify({ error: 'Not found' }), {
+                status: 404,
+                headers: { 'Content-Type': 'application/json' },
+            });
+        }
+        const url = new URL(req.url);
+        const role = url.searchParams.get('role');
+        if (!role || !allowedRoles.includes(role)) {
+            return new Response(JSON.stringify({
+                error: `Invalid role. Allowed: ${allowedRoles.join(', ')}`,
+                allowedRoles,
+            }), {
+                status: 400,
+                headers: { 'Content-Type': 'application/json' },
+            });
+        }
+        const email = url.searchParams.get('email') ?? `dev-${role}@soulcraft.com`;
+        const name = url.searchParams.get('name') ?? `Dev ${role.charAt(0).toUpperCase() + role.slice(1)}`;
+        const redirect = url.searchParams.get('redirect') ?? '/';
+        const session = {
+            user: {
+                id: `dev-user-${role}`,
+                email,
+                name,
+                image: null,
+                platformRole: role,
+                emailHash: computeEmailHash(email),
+            },
+            sessionId: `dev-session-${Date.now()}`,
+            expiresAt: Date.now() + maxAgeSeconds * 1000,
+        };
+        const cookieValue = _encodeSessionCookie(session);
+        const cookieHeader = [
+            `${cookieName}=${cookieValue}`,
+            `Path=/`,
+            `HttpOnly`,
+            `SameSite=Lax`,
+            `Max-Age=${maxAgeSeconds}`,
+        ].join('; ');
+        return new Response(null, {
+            status: 302,
+            headers: {
+                Location: redirect,
+                'Set-Cookie': cookieHeader,
+            },
+        });
+    };
+}
+// ─────────────────────────────────────────────────────────────────────────────
+// createRequestGuestSessionHandler
+// ─────────────────────────────────────────────────────────────────────────────
+/**
+ * @description Creates a framework-agnostic request handler that issues a guest
+ * session cookie.
+ *
+ * Web Standard equivalent of `createGuestSessionHandler`. Venue visitors can browse
+ * and initiate bookings without creating an account. Mount at e.g. `/api/guest/session`
+ * to issue a session cookie with `platformRole: 'guest'` and a unique guest ID on
+ * each call (if no valid guest session already exists).
+ *
+ * The guest session cookie can be verified using `createGuestCookieVerifier`,
+ * which returns a `SessionVerifier` compatible with `createRequestAuthMiddleware`.
+ *
+ * @param options - Cookie name, max-age, and optional `onGuestCreated` callback.
+ * @returns An async request handler function `(req: Request) => Promise<Response>`.
+ *
+ * @example
+ * ```typescript
+ * import { createRequestGuestSessionHandler, createGuestCookieVerifier } from '@soulcraft/sdk/server'
+ *
+ * const guestSession = createRequestGuestSessionHandler({
+ *   onGuestCreated: async (guestId) => {
+ *     await db.guests.insert({ id: guestId, createdAt: new Date() })
+ *   },
+ * })
+ *
+ * // SvelteKit: export const POST = ({ request }) => guestSession(request)
+ * // Bun:       if (url.pathname === '/api/guest/session') return guestSession(req)
+ * ```
+ */
+export function createRequestGuestSessionHandler(options = {}) {
+    const cookieName = options.cookieName ?? 'soulcraft_guest_session';
+    const maxAgeSeconds = options.maxAgeSeconds ?? 3_600;
+    const onGuestCreated = options.onGuestCreated;
+    return async function requestGuestSessionHandler(req) {
+        // Return existing guest session if still valid
+        const cookieHeader = req.headers.get('cookie') ?? '';
+        const existingValue = _parseCookie(cookieHeader, cookieName);
+        if (existingValue) {
+            const existing = _decodeSessionCookie(existingValue);
+            if (existing) {
+                return new Response(JSON.stringify({ guestId: existing.user.id, existing: true }), {
+                    status: 200,
+                    headers: { 'Content-Type': 'application/json' },
+                });
+            }
+        }
+        // Create a new guest session
+        const guestId = `guest-${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 8)}`;
+        const email = `${guestId}@guest.soulcraft.com`;
+        const session = {
+            user: {
+                id: guestId,
+                email,
+                name: 'Guest',
+                image: null,
+                platformRole: 'guest',
+                emailHash: computeEmailHash(email),
+            },
+            sessionId: `guest-session-${Date.now()}`,
+            expiresAt: Date.now() + maxAgeSeconds * 1000,
+        };
+        if (onGuestCreated)
+            await onGuestCreated(guestId);
+        const cookieValue = _encodeSessionCookie(session);
+        const setCookieHeader = [
+            `${cookieName}=${cookieValue}`,
+            `Path=/`,
+            `HttpOnly`,
+            `SameSite=Lax`,
+            `Max-Age=${maxAgeSeconds}`,
+        ].join('; ');
+        return new Response(JSON.stringify({ guestId, existing: false }), {
+            status: 200,
+            headers: {
+                'Content-Type': 'application/json',
+                'Set-Cookie': setCookieHeader,
+            },
+        });
+    };
+}
+//# sourceMappingURL=request-middleware.js.map

package/dist/modules/auth/request-middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"request-middleware.js","sourceRoot":"","sources":["../../../src/modules/auth/request-middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqDG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAA;AAuC9C,gFAAgF;AAChF,uBAAuB;AACvB,gFAAgF;AAEhF,yEAAyE;AACzE,MAAM,OAAO,GAAG,IAAI,OAAO,EAAwC,CAAA;AAEnE;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,OAAO,CAAC,GAAY;IAClC,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,CAAA;AACjC,CAAC;AAED,gFAAgF;AAChF,4EAA4E;AAC5E,gFAAgF;AAEhF,0FAA0F;AAC1F,SAAS,YAAY,CAAC,GAA4B;IAChD,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAA;IACxC,MAAM,SAAS,GAAG,GAAG,CAAC,WAAW,CAAC;QAChC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAC1B,CAAC,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAA;IAE3B,OAAO;QACL,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC3B,KAAK;QACL,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QAC/B,KAAK,EAAG,GAAG,CAAC,OAAO,CAA+B,IAAI,IAAI;QAC1D,YAAY,EAAG,GAAG,CAAC,cAAc,CAA0C,IAAI,SAAS;QACxF,SAAS;QACT,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC5D,CAAA;AACH,CAAC;AAED,0EAA0E;AAC1E,SAAS,YAAY,CAAC,YAAoB,EAAE,IAAY;IACtD,KAAK,MAAM,IAAI,IAAI,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAC3C,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAA;IACtD,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,wFAAwF;AACxF,SAAS,oBAAoB,CAAC,OAAyB;IACrD,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAA;AACnE,CAAC;AAED,6FAA6F;AAC7F,SAAS,oBAAoB,CAAC,KAAa;IACzC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAqB,CAAA;QAC7F,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,IAAI,CAAC,GAAG,CAAC,SAAS;YAAE,OAAO,IAAI,CAAA;QAC9D,IAAI,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE;YAAE,OAAO,IAAI,CAAA;QAC3C,OAAO,GAAG,CAAA;IACZ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED,gFAAgF;AAChF,8BAA8B;AAC9B,gFAAgF;AAEhF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,MAAM,UAAU,2BAA2B,CACzC,cAAgD,EAChD,UAAiC,EAAE;IAEnC,MAAM,UAAU,GAAG,OAAO,cAAc,KAAK,UAAU,CAAA;IAEvD,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,MAAM,GAAG,cAAiC,CAAA;QAEhD,MAAM,WAAW,GAAsB,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;YACzD,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAA;YACpD,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAA;YAC1C,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,EAAE;oBACxE,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;iBAChD,CAAC,CAAA;YACJ,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,IAAI,CAAC,CAAA;YAC9B,OAAO,IAAI,EAAE,CAAA;QACf,CAAC,CAAA;QAED,MAAM,YAAY,GAAsB,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;YAC1D,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAA;YACpD,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAA;YAC1C,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,EAAE,IAAI,IAAI,IAAI,CAAC,CAAA;YACvC,OAAO,IAAI,EAAE,CAAA;QACf,CAAC,CAAA;QAED,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,CAAA;IACtC,CAAC;IAED,4CAA4C;IAC5C,MAAM,IAAI,GAAG,cAAgC,CAAA;IAC7C,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,IAAI,CAAA;IACjD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,YAAY,CAAA;IAEtD,MAAM,QAAQ,GAAyB;QACrC,EAAE,EAAE,cAAc;QAClB,KAAK,EAAE,eAAe;QACtB,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,IAAI;QACX,SAAS,EAAE,gBAAgB,CAAC,eAAe,CAAC;QAC5C,YAAY,EAAE,SAAS;QACvB,MAAM,EAAE,KAAK;KACd,CAAA;IAED,MAAM,WAAW,GAAsB,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACzD,IAAI,KAAK,IAAI,YAAY,EAAE,CAAC;YAC1B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;YACjD,OAAO,IAAI,EAAE,CAAA;QACf,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAA;QACnE,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC;YACnB,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,EAAE;gBACxE,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;aAChD,CAAC,CAAA;QACJ,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAA;QAC5C,OAAO,IAAI,EAAE,CAAA;IACf,CAAC,CAAA;IAED,MAAM,YAAY,GAAsB,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QAC1D,IAAI,KAAK,IAAI,YAAY,EAAE,CAAC;YAC1B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;YACjD,OAAO,IAAI,EAAE,CAAA;QACf,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAA;QACnE,IAAI,OAAO,EAAE,IAAI,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAA;QAC9C,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;QACxB,CAAC;QACD,OAAO,IAAI,EAAE,CAAA;IACf,CAAC,CAAA;IAED,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,CAAA;AACtC,CAAC;AAED,gFAAgF;AAChF,+BAA+B;AAC/B,gFAAgF;AAEhF;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,MAAM,UAAU,4BAA4B,CAC1C,UAAkC,EAAE;IAEpC,MAAM,aAAa,GAA2C;QAC5D,SAAS,EAAE,QAAQ,EAAE,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,YAAY;KACtF,CAAA;IACD,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,aAAa,CAAA;IAC1D,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,uBAAuB,CAAA;IAChE,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,MAAM,CAAA;IAErD,OAAO,SAAS,sBAAsB,CAAC,GAAY;QACjD,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,YAAY,EAAE,CAAC;YAC7C,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,EAAE;gBAC1D,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;aAChD,CAAC,CAAA;QACJ,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;QAC5B,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAgD,CAAA;QACxF,IAAI,CAAC,IAAI,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1C,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;gBACb,KAAK,EAAE,0BAA0B,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBAC1D,YAAY;aACb,CAAC,EACF;gBACE,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;aAChD,CACF,CAAA;QACH,CAAC;QAED,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,OAAO,IAAI,gBAAgB,CAAA;QAC1E,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAA;QAClG,MAAM,QAAQ,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,GAAG,CAAA;QAExD,MAAM,OAAO,GAAqB;YAChC,IAAI,EAAE;gBACJ,EAAE,EAAE,YAAY,IAAI,EAAE;gBACtB,KAAK;gBACL,IAAI;gBACJ,KAAK,EAAE,IAAI;gBACX,YAAY,EAAE,IAAI;gBAClB,SAAS,EAAE,gBAAgB,CAAC,KAAK,CAAC;aACnC;YACD,SAAS,EAAE,eAAe,IAAI,CAAC,GAAG,EAAE,EAAE;YACtC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,aAAa,GAAG,IAAI;SAC7C,CAAA;QAED,MAAM,WAAW,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAA;QACjD,MAAM,YAAY,GAAG;YACnB,GAAG,UAAU,IAAI,WAAW,EAAE;YAC9B,QAAQ;YACR,UAAU;YACV,cAAc;YACd,WAAW,aAAa,EAAE;SAC3B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAEZ,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE;YACxB,MAAM,EAAE,GAAG;YACX,OAAO,EAAE;gBACP,QAAQ,EAAE,QAAQ;gBAClB,YAAY,EAAE,YAAY;aAC3B;SACF,CAAC,CAAA;IACJ,CAAC,CAAA;AACH,CAAC;AAED,gFAAgF;AAChF,mCAAmC;AACnC,gFAAgF;AAEhF;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,MAAM,UAAU,gCAAgC,CAC9C,UAAsC,EAAE;IAExC,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,yBAAyB,CAAA;IAClE,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,KAAK,CAAA;IACpD,MAAM,cAAc,GAAG,OAAO,CAAC,cAAc,CAAA;IAE7C,OAAO,KAAK,UAAU,0BAA0B,CAAC,GAAY;QAC3D,+CAA+C;QAC/C,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAA;QACpD,MAAM,aAAa,GAAG,YAAY,CAAC,YAAY,EAAE,UAAU,CAAC,CAAA;QAC5D,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,QAAQ,GAAG,oBAAoB,CAAC,aAAa,CAAC,CAAA;YACpD,IAAI,QAAQ,EAAE,CAAC;gBACb,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,EAAE;oBACjF,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;iBAChD,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;QAED,6BAA6B;QAC7B,MAAM,OAAO,GAAG,SAAS,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAA;QAC5F,MAAM,KAAK,GAAG,GAAG,OAAO,sBAAsB,CAAA;QAE9C,MAAM,OAAO,GAAqB;YAChC,IAAI,EAAE;gBACJ,EAAE,EAAE,OAAO;gBACX,KAAK;gBACL,IAAI,EAAE,OAAO;gBACb,KAAK,EAAE,IAAI;gBACX,YAAY,EAAE,OAAO;gBACrB,SAAS,EAAE,gBAAgB,CAAC,KAAK,CAAC;aACnC;YACD,SAAS,EAAE,iBAAiB,IAAI,CAAC,GAAG,EAAE,EAAE;YACxC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,aAAa,GAAG,IAAI;SAC7C,CAAA;QAED,IAAI,cAAc;YAAE,MAAM,cAAc,CAAC,OAAO,CAAC,CAAA;QAEjD,MAAM,WAAW,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAA;QACjD,MAAM,eAAe,GAAG;YACtB,GAAG,UAAU,IAAI,WAAW,EAAE;YAC9B,QAAQ;YACR,UAAU;YACV,cAAc;YACd,WAAW,aAAa,EAAE;SAC3B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAEZ,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,EAAE;YAChE,MAAM,EAAE,GAAG;YACX,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,YAAY,EAAE,eAAe;aAC9B;SACF,CAAC,CAAA;IACJ,CAAC,CAAA;AACH,CAAC"}

package/dist/server/index.d.ts

@@ -41,6 +41,9 @@ export { createAuthMiddleware, createRemoteSessionVerifier, createDevSessionVeri
 export type { AuthMiddlewareOptions, AuthMiddleware, AuthContext, BetterAuthLike, SessionVerifier, RemoteSessionVerifierOptions, DevSessionVerifierOptions, DevLoginHandlerOptions, GuestSessionHandlerOptions, } from '../modules/auth/middleware.js';
 export { createBackchannelLogoutHandler } from '../modules/auth/backchannel.js';
 export type { BackchannelLogoutConfig, BackchannelAuthLike, } from '../modules/auth/backchannel.js';
+export { createRequestAuthMiddleware, createRequestDevLoginHandler, createRequestGuestSessionHandler, getUser, } from '../modules/auth/request-middleware.js';
+export type { RequestMiddleware, RequestAuthMiddleware, } from '../modules/auth/request-middleware.js';
+export { createRequestBackchannelLogoutHandler } from '../modules/auth/request-backchannel.js';
 export { createSoulcraftAuth } from '../modules/auth/sveltekit.js';
 export type { SoulcraftAuthOptions, SoulcraftAuth, SvelteKitHandle, SvelteKitEvent, SvelteKitRequestHandler, } from '../modules/auth/sveltekit.js';
 export { verifyServiceToken, extractBearerToken, } from '../modules/auth/service-token.js';
@@ -66,8 +69,6 @@ export { createNamespaceWsHandler } from './ws-handler.js';
 export type { NamespaceWsHandlerConfig, NamespaceWsHandler, WsSession, } from './ws-handler.js';
 export { createRpcHandler } from './rpc-handler.js';
 export type { RpcHandlerConfig } from './rpc-handler.js';
-export { createSoulcraftRouter } from './hono-router.js';
-export type { SoulcraftRouterConfig } from './hono-router.js';
 export { createAnnotationsHandler, createAuthHandler, createChatHandler, createCertificationHandler, createCollectionsHandler, createCommerceHandler, createConfigHandler, createExportHandler, createFormatsHandler, createGraphHandler, createImportHandler, createMediaHandler, createProjectHandler, createPublishHandler, createPulseHandler, createRealtimeHandler, createSearchHandler, createSessionHandler, createSettingsHandler, createWorkspaceHandler, } from './handlers/index.js';
 export type { AnnotationAiClient, AnnotationsHandlerOptions, ChatHandlerOptions, ChatAIClient, AnthropicStreamEvent, ToolDefinition, ToolExecutor, ToolExecutionContext, SystemPromptBuilder, SystemPromptContext, ChatBillingCheck, ChatEventEmitter, ModelSelector, TieredRouting, RetrievedMemory, UserExpertiseProfile, AIPlan, PlanStep, StepProgress, PlanExecutionResult, AIClientResolverOptions, ResolvedAIClient, CapabilityTokenFactory, AuthHandlerOptions, SampleDataProvider, CollectionsHandlerOptions, PaymentProvider, CommerceHandlerOptions, ConfigService, ConfigBillingService, ConfigHandlerOptions, ExportPipeline, ExportHandlerOptions, FormatConverter, FormatsHandlerOptions, ImportPipeline, ImportHandlerOptions, MediaBackend, MediaHandlerOptions, KitLoader, ProjectHandlerOptions, PublishBackend, VenueDeployService, AcademyPublishService, PublishHandlerOptions, PulseHandlerOptions, RealtimeBackend, RealtimeHandlerOptions, SessionEventEmitter, SessionHandlerOptions, ApiKeyService, SettingsBillingService, StorageTracker, StorageLimitResolver, SettingsHandlerOptions, WorkspaceManager, WorkspaceHandlerOptions, } from './handlers/index.js';
 export { analyzeComplexity, calculateComplexityScore, selectTieredRouting, createDefaultModelSelector, estimateCost, formatCost, DEFAULT_MODELS, DEFAULT_MODEL_TIERS, streamMessage, sendMessage, createAIClientResolver, } from './handlers/index.js';