@soulcraft/sdk 3.0.0 → 3.0.1

package/dist/server/index.d.ts

@@ -59,7 +59,7 @@ export type { NamespaceRouterConfig, NamespaceRouter, NamespaceProvider, Namespa
 export { createNamespaceWsHandler } from './ws-handler.js';
 export type { NamespaceWsHandlerConfig, NamespaceWsHandler, WsSession, } from './ws-handler.js';
 export { createRpcHandler } from './rpc-handler.js';
-export type { RpcHandlerConfig } from './rpc-handler.js';
+export type { RpcHandlerConfig, RpcRequestContext } from './rpc-handler.js';
 export { createAnnotationsHandler, createAuthHandler, createChatHandler, createCertificationHandler, createCollectionsHandler, createCommerceHandler, createConfigHandler, createExportHandler, createFormatsHandler, createGraphHandler, createImportHandler, createMediaHandler, createProjectHandler, createPublishHandler, createPulseHandler, createRealtimeHandler, createSearchHandler, createSessionHandler, createSettingsHandler, createWorkspaceHandler, } from './handlers/index.js';
 export type { AnnotationAiClient, AnnotationsHandlerOptions, ChatHandlerOptions, ChatAIClient, AnthropicStreamEvent, ToolDefinition, ToolExecutor, ToolExecutionContext, SystemPromptBuilder, SystemPromptContext, ChatBillingCheck, ChatEventEmitter, ModelSelector, TieredRouting, RetrievedMemory, UserExpertiseProfile, AIPlan, PlanStep, StepProgress, PlanExecutionResult, AIClientResolverOptions, ResolvedAIClient, CapabilityTokenFactory, AuthHandlerOptions, SampleDataProvider, CollectionsHandlerOptions, PaymentProvider, CommerceHandlerOptions, ConfigService, ConfigBillingService, ConfigHandlerOptions, ExportPipeline, ExportHandlerOptions, FormatConverter, FormatsHandlerOptions, ImportPipeline, ImportHandlerOptions, MediaBackend, MediaHandlerOptions, KitLoader, ProjectHandlerOptions, PublishBackend, VenueDeployService, AcademyPublishService, PublishHandlerOptions, PulseHandlerOptions, RealtimeBackend, RealtimeHandlerOptions, SessionEventEmitter, SessionHandlerOptions, ApiKeyService, SettingsBillingService, StorageTracker, StorageLimitResolver, SettingsHandlerOptions, WorkspaceManager, WorkspaceHandlerOptions, } from './handlers/index.js';
 export { analyzeComplexity, calculateComplexityScore, selectTieredRouting, createDefaultModelSelector, estimateCost, formatCost, DEFAULT_MODELS, DEFAULT_MODEL_TIERS, streamMessage, sendMessage, createAIClientResolver, } from './handlers/index.js';

package/dist/server/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAGH,OAAO,EACL,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,oBAAoB,CAAA;AAC3B,YAAY,EACV,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,oBAAoB,CAAA;AAG3B,OAAO,EAAE,WAAW,EAAE,MAAM,mCAAmC,CAAA;AAG/D,OAAO,EACL,gBAAgB,EAChB,qBAAqB,EACrB,uBAAuB,EACvB,UAAU,EACV,eAAe,GAChB,MAAM,oBAAoB,CAAA;AAC3B,YAAY,EACV,qBAAqB,EACrB,UAAU,EACV,sBAAsB,EACtB,kBAAkB,EAClB,iBAAiB,EACjB,qBAAqB,EACrB,eAAe,GAChB,MAAM,oBAAoB,CAAA;AAC3B,YAAY,EACV,QAAQ,EACR,cAAc,EACd,gBAAgB,EAChB,WAAW,EACX,YAAY,EACZ,iBAAiB,EACjB,YAAY,EACZ,eAAe,EACf,eAAe,EACf,mBAAmB,EACnB,qBAAqB,EACrB,mBAAmB,EACnB,eAAe,EACf,aAAa,EACb,iBAAiB,EACjB,gBAAgB,EAChB,gBAAgB,EAChB,yBAAyB,EACzB,WAAW,EACX,gBAAgB,EAChB,SAAS,EACT,eAAe,EACf,eAAe,EACf,eAAe,EACf,WAAW,EACX,oBAAoB,EACpB,sBAAsB,EACtB,iBAAiB,EACjB,mBAAmB,EACnB,aAAa,EACb,qBAAqB,GACtB,MAAM,0BAA0B,CAAA;AAGjC,OAAO,EACL,2BAA2B,EAC3B,4BAA4B,EAC5B,gCAAgC,EAChC,2BAA2B,EAC3B,wBAAwB,EACxB,uBAAuB,EACvB,yBAAyB,EACzB,OAAO,GACR,MAAM,uCAAuC,CAAA;AAC9C,YAAY,EACV,iBAAiB,EACjB,qBAAqB,EACrB,qBAAqB,EACrB,cAAc,EACd,eAAe,EACf,4BAA4B,EAC5B,yBAAyB,EACzB,sBAAsB,EACtB,0BAA0B,GAC3B,MAAM,uCAAuC,CAAA;AAG9C,OAAO,EAAE,qCAAqC,EAAE,MAAM,wCAAwC,CAAA;AAC9F,YAAY,EACV,uBAAuB,EACvB,mBAAmB,GACpB,MAAM,wCAAwC,CAAA;AAG/C,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAA;AAClE,YAAY,EACV,oBAAoB,EACpB,aAAa,EACb,eAAe,EACf,cAAc,EACd,uBAAuB,GACxB,MAAM,8BAA8B,CAAA;AAGrC,OAAO,EACL,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,kCAAkC,CAAA;AAGzC,OAAO,EACL,qBAAqB,EACrB,wBAAwB,EACxB,WAAW,EACX,mBAAmB,GACpB,MAAM,2BAA2B,CAAA;AAGlC,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,kBAAkB,GACnB,MAAM,6BAA6B,CAAA;AACpC,YAAY,EACV,mBAAmB,EACnB,gBAAgB,GACjB,MAAM,6BAA6B,CAAA;AAGpC,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AACjE,YAAY,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAA;AAC7E,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AACjE,YAAY,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAA;AAC7E,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAA;AAC3D,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAA;AAG7E,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAA;AACjE,YAAY,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAA;AAC3D,OAAO,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAA;AACxF,YAAY,EAAE,4BAA4B,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAA;AACpG,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAA;AAGvD,OAAO,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,yBAAyB,EAAE,MAAM,gBAAgB,CAAA;AAClG,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAA;AAGlG,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAA;AAC7D,YAAY,EACV,qBAAqB,EACrB,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,cAAc,EACd,WAAW,EACX,cAAc,EACd,uBAAuB,EACvB,cAAc,GACf,MAAM,uBAAuB,CAAA;AAG9B,OAAO,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAA;AAC1D,YAAY,EACV,wBAAwB,EACxB,kBAAkB,EAClB,SAAS,GACV,MAAM,iBAAiB,CAAA;AAGxB,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAA;AACnD,YAAY,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAA;AAIxD,OAAO,EACL,wBAAwB,EACxB,iBAAiB,EACjB,iBAAiB,EACjB,0BAA0B,EAC1B,wBAAwB,EACxB,qBAAqB,EACrB,mBAAmB,EACnB,mBAAmB,EACnB,oBAAoB,EACpB,kBAAkB,EAClB,mBAAmB,EACnB,kBAAkB,EAClB,oBAAoB,EACpB,oBAAoB,EACpB,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,oBAAoB,EACpB,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,qBAAqB,CAAA;AAC5B,YAAY,EACV,kBAAkB,EAClB,yBAAyB,EACzB,kBAAkB,EAClB,YAAY,EACZ,oBAAoB,EACpB,cAAc,EACd,YAAY,EACZ,oBAAoB,EACpB,mBAAmB,EACnB,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,EAChB,aAAa,EACb,aAAa,EACb,eAAe,EACf,oBAAoB,EACpB,MAAM,EACN,QAAQ,EACR,YAAY,EACZ,mBAAmB,EACnB,uBAAuB,EACvB,gBAAgB,EAChB,sBAAsB,EACtB,kBAAkB,EAClB,kBAAkB,EAClB,yBAAyB,EACzB,eAAe,EACf,sBAAsB,EACtB,aAAa,EACb,oBAAoB,EACpB,oBAAoB,EACpB,cAAc,EACd,oBAAoB,EACpB,eAAe,EACf,qBAAqB,EACrB,cAAc,EACd,oBAAoB,EACpB,YAAY,EACZ,mBAAmB,EACnB,SAAS,EACT,qBAAqB,EACrB,cAAc,EACd,kBAAkB,EAClB,qBAAqB,EACrB,qBAAqB,EACrB,mBAAmB,EACnB,eAAe,EACf,sBAAsB,EACtB,mBAAmB,EACnB,qBAAqB,EACrB,aAAa,EACb,sBAAsB,EACtB,cAAc,EACd,oBAAoB,EACpB,sBAAsB,EACtB,gBAAgB,EAChB,uBAAuB,GACxB,MAAM,qBAAqB,CAAA;AAC5B,OAAO,EACL,iBAAiB,EACjB,wBAAwB,EACxB,mBAAmB,EACnB,0BAA0B,EAC1B,YAAY,EACZ,UAAU,EACV,cAAc,EACd,mBAAmB,EACnB,aAAa,EACb,WAAW,EACX,sBAAsB,GACvB,MAAM,qBAAqB,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAGH,OAAO,EACL,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,oBAAoB,CAAA;AAC3B,YAAY,EACV,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,oBAAoB,CAAA;AAG3B,OAAO,EAAE,WAAW,EAAE,MAAM,mCAAmC,CAAA;AAG/D,OAAO,EACL,gBAAgB,EAChB,qBAAqB,EACrB,uBAAuB,EACvB,UAAU,EACV,eAAe,GAChB,MAAM,oBAAoB,CAAA;AAC3B,YAAY,EACV,qBAAqB,EACrB,UAAU,EACV,sBAAsB,EACtB,kBAAkB,EAClB,iBAAiB,EACjB,qBAAqB,EACrB,eAAe,GAChB,MAAM,oBAAoB,CAAA;AAC3B,YAAY,EACV,QAAQ,EACR,cAAc,EACd,gBAAgB,EAChB,WAAW,EACX,YAAY,EACZ,iBAAiB,EACjB,YAAY,EACZ,eAAe,EACf,eAAe,EACf,mBAAmB,EACnB,qBAAqB,EACrB,mBAAmB,EACnB,eAAe,EACf,aAAa,EACb,iBAAiB,EACjB,gBAAgB,EAChB,gBAAgB,EAChB,yBAAyB,EACzB,WAAW,EACX,gBAAgB,EAChB,SAAS,EACT,eAAe,EACf,eAAe,EACf,eAAe,EACf,WAAW,EACX,oBAAoB,EACpB,sBAAsB,EACtB,iBAAiB,EACjB,mBAAmB,EACnB,aAAa,EACb,qBAAqB,GACtB,MAAM,0BAA0B,CAAA;AAGjC,OAAO,EACL,2BAA2B,EAC3B,4BAA4B,EAC5B,gCAAgC,EAChC,2BAA2B,EAC3B,wBAAwB,EACxB,uBAAuB,EACvB,yBAAyB,EACzB,OAAO,GACR,MAAM,uCAAuC,CAAA;AAC9C,YAAY,EACV,iBAAiB,EACjB,qBAAqB,EACrB,qBAAqB,EACrB,cAAc,EACd,eAAe,EACf,4BAA4B,EAC5B,yBAAyB,EACzB,sBAAsB,EACtB,0BAA0B,GAC3B,MAAM,uCAAuC,CAAA;AAG9C,OAAO,EAAE,qCAAqC,EAAE,MAAM,wCAAwC,CAAA;AAC9F,YAAY,EACV,uBAAuB,EACvB,mBAAmB,GACpB,MAAM,wCAAwC,CAAA;AAG/C,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAA;AAClE,YAAY,EACV,oBAAoB,EACpB,aAAa,EACb,eAAe,EACf,cAAc,EACd,uBAAuB,GACxB,MAAM,8BAA8B,CAAA;AAGrC,OAAO,EACL,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,kCAAkC,CAAA;AAGzC,OAAO,EACL,qBAAqB,EACrB,wBAAwB,EACxB,WAAW,EACX,mBAAmB,GACpB,MAAM,2BAA2B,CAAA;AAGlC,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,kBAAkB,GACnB,MAAM,6BAA6B,CAAA;AACpC,YAAY,EACV,mBAAmB,EACnB,gBAAgB,GACjB,MAAM,6BAA6B,CAAA;AAGpC,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AACjE,YAAY,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAA;AAC7E,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AACjE,YAAY,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAA;AAC7E,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAA;AAC3D,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAA;AAG7E,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAA;AACjE,YAAY,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAA;AAC3D,OAAO,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAA;AACxF,YAAY,EAAE,4BAA4B,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAA;AACpG,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAA;AAGvD,OAAO,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,yBAAyB,EAAE,MAAM,gBAAgB,CAAA;AAClG,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAA;AAGlG,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAA;AAC7D,YAAY,EACV,qBAAqB,EACrB,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,cAAc,EACd,WAAW,EACX,cAAc,EACd,uBAAuB,EACvB,cAAc,GACf,MAAM,uBAAuB,CAAA;AAG9B,OAAO,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAA;AAC1D,YAAY,EACV,wBAAwB,EACxB,kBAAkB,EAClB,SAAS,GACV,MAAM,iBAAiB,CAAA;AAGxB,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAA;AACnD,YAAY,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAA;AAI3E,OAAO,EACL,wBAAwB,EACxB,iBAAiB,EACjB,iBAAiB,EACjB,0BAA0B,EAC1B,wBAAwB,EACxB,qBAAqB,EACrB,mBAAmB,EACnB,mBAAmB,EACnB,oBAAoB,EACpB,kBAAkB,EAClB,mBAAmB,EACnB,kBAAkB,EAClB,oBAAoB,EACpB,oBAAoB,EACpB,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,oBAAoB,EACpB,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,qBAAqB,CAAA;AAC5B,YAAY,EACV,kBAAkB,EAClB,yBAAyB,EACzB,kBAAkB,EAClB,YAAY,EACZ,oBAAoB,EACpB,cAAc,EACd,YAAY,EACZ,oBAAoB,EACpB,mBAAmB,EACnB,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,EAChB,aAAa,EACb,aAAa,EACb,eAAe,EACf,oBAAoB,EACpB,MAAM,EACN,QAAQ,EACR,YAAY,EACZ,mBAAmB,EACnB,uBAAuB,EACvB,gBAAgB,EAChB,sBAAsB,EACtB,kBAAkB,EAClB,kBAAkB,EAClB,yBAAyB,EACzB,eAAe,EACf,sBAAsB,EACtB,aAAa,EACb,oBAAoB,EACpB,oBAAoB,EACpB,cAAc,EACd,oBAAoB,EACpB,eAAe,EACf,qBAAqB,EACrB,cAAc,EACd,oBAAoB,EACpB,YAAY,EACZ,mBAAmB,EACnB,SAAS,EACT,qBAAqB,EACrB,cAAc,EACd,kBAAkB,EAClB,qBAAqB,EACrB,qBAAqB,EACrB,mBAAmB,EACnB,eAAe,EACf,sBAAsB,EACtB,mBAAmB,EACnB,qBAAqB,EACrB,aAAa,EACb,sBAAsB,EACtB,cAAc,EACd,oBAAoB,EACpB,sBAAsB,EACtB,gBAAgB,EAChB,uBAAuB,GACxB,MAAM,qBAAqB,CAAA;AAC5B,OAAO,EACL,iBAAiB,EACjB,wBAAwB,EACxB,mBAAmB,EACnB,0BAA0B,EAC1B,YAAY,EACZ,UAAU,EACV,cAAc,EACd,mBAAmB,EACnB,aAAa,EACb,WAAW,EACX,sBAAsB,GACvB,MAAM,qBAAqB,CAAA"}

package/dist/server/rpc-handler.d.ts

@@ -30,8 +30,20 @@
  * })
  * ```
  */
-import type { NamespaceRouterConfig } from './namespace-router.js';
+import type { NamespaceRouterConfig, UserContext } from './namespace-router.js';
 import type { RpcCacheConfig } from './rpc-cache.js';
+/**
+ * @description Optional pre-authenticated context for RPC requests.
+ * When provided, the handler skips the `authenticate()` callback and uses
+ * the given user directly. This is the recommended pattern when auth is
+ * already handled by framework middleware (e.g., SvelteKit hooks).
+ */
+export interface RpcRequestContext {
+    /** The authenticated user — skips the router's authenticate() callback. */
+    user: UserContext;
+    /** The active workspace ID (from headers, cookies, or framework locals). */
+    workspaceId?: string;
+}
 /**
  * @description Configuration for {@link createRpcHandler}.
  * Extends {@link NamespaceRouterConfig} with optional RPC response caching.
@@ -54,19 +66,21 @@ export interface RpcHandlerConfig extends NamespaceRouterConfig {
  * Streaming results are delivered as SSE (`text/event-stream`).
  *
  * @param config - Namespace router configuration (auth, brain resolution, providers).
- * @returns An async function: `(request: Request) => Promise<Response>`.
+ * @returns An async function: `(request, ctx?) => Promise<Response>`.
  *
- * @example
+ * @example Without pre-auth (handler calls authenticate itself):
  * ```typescript
- * const handleRpc = createRpcHandler({
- *   resolveBrain: async (ctx) => pool.forUser(ctx.user!.emailHash, ctx.workspaceId),
- *   authenticate: async (ctx) => verifySession(ctx.request),
- *   providers: { graph: graphHandler, search: searchHandler },
- * })
- *
- * // Use in any server framework:
+ * const handleRpc = createRpcHandler({ authenticate, resolveBrain, providers })
  * const response = await handleRpc(request)
  * ```
+ *
+ * @example With pre-auth (SvelteKit — auth handled by hooks):
+ * ```typescript
+ * const handleRpc = createRpcHandler({ resolveBrain, providers })
+ *
+ * export const POST: RequestHandler = ({ request, locals }) =>
+ *   handleRpc(request, { user: locals.user, workspaceId: locals.workspaceId })
+ * ```
  */
-export declare function createRpcHandler(config: RpcHandlerConfig): (request: Request) => Promise<Response>;
+export declare function createRpcHandler(config: RpcHandlerConfig): (request: Request, ctx?: RpcRequestContext) => Promise<Response>;
 //# sourceMappingURL=rpc-handler.d.ts.map

package/dist/server/rpc-handler.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"rpc-handler.d.ts","sourceRoot":"","sources":["../../src/server/rpc-handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAIH,OAAO,KAAK,EAAE,qBAAqB,EAAkB,MAAM,uBAAuB,CAAA;AAClF,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAA;AAGpD;;;GAGG;AACH,MAAM,WAAW,gBAAiB,SAAQ,qBAAqB;IAC7D;;;;;;OAMG;IACH,KAAK,CAAC,EAAE,cAAc,CAAA;CACvB;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,gBAAgB,GAAG,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CAsClG"}
+{"version":3,"file":"rpc-handler.d.ts","sourceRoot":"","sources":["../../src/server/rpc-handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAIH,OAAO,KAAK,EAAE,qBAAqB,EAAkB,WAAW,EAAE,MAAM,uBAAuB,CAAA;AAC/F,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAA;AAGpD;;;;;GAKG;AACH,MAAM,WAAW,iBAAiB;IAChC,2EAA2E;IAC3E,IAAI,EAAE,WAAW,CAAA;IACjB,4EAA4E;IAC5E,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAiB,SAAQ,qBAAqB;IAC7D;;;;;;OAMG;IACH,KAAK,CAAC,EAAE,cAAc,CAAA;CACvB;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,wBAAgB,gBAAgB,CAC9B,MAAM,EAAE,gBAAgB,GACvB,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,CAAC,EAAE,iBAAiB,KAAK,OAAO,CAAC,QAAQ,CAAC,CA2ClE"}

package/dist/server/rpc-handler.js

@@ -40,26 +40,28 @@ import { createCachedDispatch } from './rpc-cache.js';
  * Streaming results are delivered as SSE (`text/event-stream`).
  *
  * @param config - Namespace router configuration (auth, brain resolution, providers).
- * @returns An async function: `(request: Request) => Promise<Response>`.
+ * @returns An async function: `(request, ctx?) => Promise<Response>`.
  *
- * @example
+ * @example Without pre-auth (handler calls authenticate itself):
  * ```typescript
- * const handleRpc = createRpcHandler({
- *   resolveBrain: async (ctx) => pool.forUser(ctx.user!.emailHash, ctx.workspaceId),
- *   authenticate: async (ctx) => verifySession(ctx.request),
- *   providers: { graph: graphHandler, search: searchHandler },
- * })
- *
- * // Use in any server framework:
+ * const handleRpc = createRpcHandler({ authenticate, resolveBrain, providers })
  * const response = await handleRpc(request)
  * ```
+ *
+ * @example With pre-auth (SvelteKit — auth handled by hooks):
+ * ```typescript
+ * const handleRpc = createRpcHandler({ resolveBrain, providers })
+ *
+ * export const POST: RequestHandler = ({ request, locals }) =>
+ *   handleRpc(request, { user: locals.user, workspaceId: locals.workspaceId })
+ * ```
  */
 export function createRpcHandler(config) {
     const baseRouter = createNamespaceRouter(config);
     const router = config.cache
         ? createCachedDispatch(baseRouter, config.cache)
         : baseRouter;
-    return async (request) => {
+    return async (request, ctx) => {
         // ── Parse JSON body ────────────────────────────────────────────────────
         let body;
         try {
@@ -80,7 +82,12 @@ export function createRpcHandler(config) {
             stream: body.stream ?? false,
         };
         // ── Dispatch ──────────────────────────────────────────────────────────
-        const result = await router.dispatch(rpc, request);
+        // When a pre-authenticated context is provided, pass it to the router so
+        // it skips the authenticate() callback. Otherwise pass the raw request.
+        const dispatchCtx = ctx
+            ? { user: ctx.user, workspaceId: ctx.workspaceId ?? '', request }
+            : request;
+        const result = await router.dispatch(rpc, dispatchCtx);
         return _toResponse(result);
     };
 }

package/dist/server/rpc-handler.js.map

@@ -1 +1 @@
-{"version":3,"file":"rpc-handler.js","sourceRoot":"","sources":["../../src/server/rpc-handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAA;AAC7D,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAA;AAoBrD;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAwB;IACvD,MAAM,UAAU,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAA;IAChD,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK;QACzB,CAAC,CAAC,oBAAoB,CAAC,UAAU,EAAE,MAAM,CAAC,KAAK,CAAC;QAChD,CAAC,CAAC,UAAU,CAAA;IAEd,OAAO,KAAK,EAAE,OAAgB,EAAqB,EAAE;QACnD,0EAA0E;QAC1E,IAAI,IAAuF,CAAA;QAC3F,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAA;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,aAAa,CAClB,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,iCAAiC,EAAE,EAAE,EAC9E,GAAG,CACJ,CAAA;QACH,CAAC;QAED,0EAA0E;QAC1E,IAAI,OAAO,IAAI,CAAC,EAAE,KAAK,QAAQ,IAAI,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAChG,OAAO,aAAa,CAClB,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,0DAA0D,EAAE,EAAE,EACvG,GAAG,CACJ,CAAA;QACH,CAAC;QAED,MAAM,GAAG,GAAiB;YACxB,EAAE,EAAE,OAAO,IAAI,CAAC,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,EAAE;YAC/D,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,KAAK;SAC7B,CAAA;QAED,yEAAyE;QACzE,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;QAClD,OAAO,WAAW,CAAC,MAAM,CAAC,CAAA;IAC5B,CAAC,CAAA;AACH,CAAC;AAED,gFAAgF;AAChF,2DAA2D;AAC3D,gFAAgF;AAEhF;;;;;GAKG;AACH,SAAS,WAAW,CAAC,MAAsB;IACzC,IAAI,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAC/B,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAA;QAC3B,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAA;QAC3E,MAAM,OAAO,GAA2B,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAA;QAE9E,mEAAmE;QACnE,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1D,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAA;YACtB,CAAC;QACH,CAAC;QAED,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAA;IACpE,CAAC;IAED,qCAAqC;IACrC,MAAM,EAAE,EAAE,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAA;IAE/B,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC;QAChC,KAAK,CAAC,KAAK,CAAC,UAAU;YACpB,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAA;YAEjC,IAAI,CAAC;gBACH,IAAI,KAAK,EAAE,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;oBACnC,MAAM,KAAK,GAAuB,EAAE,EAAE,EAAE,KAAK,EAAE,CAAA;oBAC/C,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAA;gBAC1E,CAAC;gBAED,MAAM,SAAS,GAAuB,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAA;gBACxD,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAA;YAC9E,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;gBAChE,MAAM,UAAU,GAAuB,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAA;gBAC7D,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAA;YAC/E,CAAC;oBAAS,CAAC;gBACT,UAAU,CAAC,KAAK,EAAE,CAAA;YACpB,CAAC;QACH,CAAC;KACF,CAAC,CAAA;IAEF,OAAO,IAAI,QAAQ,CAAC,MAAM,EAAE;QAC1B,MAAM,EAAE,GAAG;QACX,OAAO,EAAE;YACP,cAAc,EAAE,mBAAmB;YACnC,eAAe,EAAE,UAAU;YAC3B,YAAY,EAAE,YAAY;SAC3B;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;;GAMG;AACH,SAAS,aAAa,CAAC,IAAa,EAAE,MAAc;IAClD,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QACxC,MAAM;QACN,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;KAChD,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAS,gBAAgB,CAAC,IAAY;IACpC,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,cAAc,CAAC;QACpB,KAAK,YAAY;YACf,OAAO,GAAG,CAAA;QACZ,KAAK,WAAW;YACd,OAAO,GAAG,CAAA;QACZ,KAAK,qBAAqB,CAAC;QAC3B,KAAK,kBAAkB;YACrB,OAAO,GAAG,CAAA;QACZ,KAAK,mBAAmB;YACtB,OAAO,GAAG,CAAA;QACZ,KAAK,aAAa;YAChB,OAAO,GAAG,CAAA;QACZ;YACE,OAAO,GAAG,CAAA;IACd,CAAC;AACH,CAAC"}
+{"version":3,"file":"rpc-handler.js","sourceRoot":"","sources":["../../src/server/rpc-handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAA;AAC7D,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAA;AAiCrD;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,UAAU,gBAAgB,CAC9B,MAAwB;IAExB,MAAM,UAAU,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAA;IAChD,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK;QACzB,CAAC,CAAC,oBAAoB,CAAC,UAAU,EAAE,MAAM,CAAC,KAAK,CAAC;QAChD,CAAC,CAAC,UAAU,CAAA;IAEd,OAAO,KAAK,EAAE,OAAgB,EAAE,GAAuB,EAAqB,EAAE;QAC5E,0EAA0E;QAC1E,IAAI,IAAuF,CAAA;QAC3F,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAA;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,aAAa,CAClB,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,iCAAiC,EAAE,EAAE,EAC9E,GAAG,CACJ,CAAA;QACH,CAAC;QAED,0EAA0E;QAC1E,IAAI,OAAO,IAAI,CAAC,EAAE,KAAK,QAAQ,IAAI,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAChG,OAAO,aAAa,CAClB,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,0DAA0D,EAAE,EAAE,EACvG,GAAG,CACJ,CAAA;QACH,CAAC;QAED,MAAM,GAAG,GAAiB;YACxB,EAAE,EAAE,OAAO,IAAI,CAAC,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,EAAE;YAC/D,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,KAAK;SAC7B,CAAA;QAED,yEAAyE;QACzE,yEAAyE;QACzE,wEAAwE;QACxE,MAAM,WAAW,GAAG,GAAG;YACrB,CAAC,CAAC,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,WAAW,EAAE,GAAG,CAAC,WAAW,IAAI,EAAE,EAAE,OAAO,EAAE;YACjE,CAAC,CAAC,OAAO,CAAA;QACX,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,GAAG,EAAE,WAAW,CAAC,CAAA;QACtD,OAAO,WAAW,CAAC,MAAM,CAAC,CAAA;IAC5B,CAAC,CAAA;AACH,CAAC;AAED,gFAAgF;AAChF,2DAA2D;AAC3D,gFAAgF;AAEhF;;;;;GAKG;AACH,SAAS,WAAW,CAAC,MAAsB;IACzC,IAAI,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAC/B,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAA;QAC3B,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAA;QAC3E,MAAM,OAAO,GAA2B,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAA;QAE9E,mEAAmE;QACnE,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1D,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAA;YACtB,CAAC;QACH,CAAC;QAED,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAA;IACpE,CAAC;IAED,qCAAqC;IACrC,MAAM,EAAE,EAAE,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAA;IAE/B,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC;QAChC,KAAK,CAAC,KAAK,CAAC,UAAU;YACpB,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAA;YAEjC,IAAI,CAAC;gBACH,IAAI,KAAK,EAAE,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;oBACnC,MAAM,KAAK,GAAuB,EAAE,EAAE,EAAE,KAAK,EAAE,CAAA;oBAC/C,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAA;gBAC1E,CAAC;gBAED,MAAM,SAAS,GAAuB,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAA;gBACxD,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAA;YAC9E,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;gBAChE,MAAM,UAAU,GAAuB,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAA;gBAC7D,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAA;YAC/E,CAAC;oBAAS,CAAC;gBACT,UAAU,CAAC,KAAK,EAAE,CAAA;YACpB,CAAC;QACH,CAAC;KACF,CAAC,CAAA;IAEF,OAAO,IAAI,QAAQ,CAAC,MAAM,EAAE;QAC1B,MAAM,EAAE,GAAG;QACX,OAAO,EAAE;YACP,cAAc,EAAE,mBAAmB;YACnC,eAAe,EAAE,UAAU;YAC3B,YAAY,EAAE,YAAY;SAC3B;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;;;;GAMG;AACH,SAAS,aAAa,CAAC,IAAa,EAAE,MAAc;IAClD,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QACxC,MAAM;QACN,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;KAChD,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAS,gBAAgB,CAAC,IAAY;IACpC,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,cAAc,CAAC;QACpB,KAAK,YAAY;YACf,OAAO,GAAG,CAAA;QACZ,KAAK,WAAW;YACd,OAAO,GAAG,CAAA;QACZ,KAAK,qBAAqB,CAAC;QAC3B,KAAK,kBAAkB;YACrB,OAAO,GAAG,CAAA;QACZ,KAAK,mBAAmB;YACtB,OAAO,GAAG,CAAA;QACZ,KAAK,aAAa;YAChB,OAAO,GAAG,CAAA;QACZ;YACE,OAAO,GAAG,CAAA;IACd,CAAC;AACH,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@soulcraft/sdk",
-  "version": "3.0.0",
+  "version": "3.0.1",
   "description": "The unified Soulcraft platform SDK — data, auth, AI, billing, and notifications",
   "type": "module",
   "publishConfig": {

package/dist/modules/auth/backchannel.d.ts

@@ -1,59 +0,0 @@
-/**
- * @module modules/auth/backchannel
- * @description Shared types for OIDC back-channel logout handlers.
- *
- * The framework-agnostic handler (`createRequestBackchannelLogoutHandler`) lives in
- * `request-backchannel.ts` and imports these types. This module provides the shared
- * configuration interface and the minimal better-auth API surface needed for session
- * revocation.
- *
- * ## Protocol
- *
- * 1. IdP POSTs `application/x-www-form-urlencoded` body with `logout_token` field
- * 2. Handler verifies HS256 JWT signature using the OIDC client secret
- * 3. Handler validates standard claims: `iss`, `aud`, `events` (must contain
- *    `http://schemas.openid.net/event/backchannel-logout`)
- * 4. Handler deletes all better-auth sessions for the `sub` (user ID) claim
- * 5. Returns 200 on success, 400 for malformed tokens, 401 for bad signatures
- *
- * ## Usage
- *
- * ```typescript
- * import { createRequestBackchannelLogoutHandler } from '@soulcraft/sdk/server'
- *
- * const handleLogout = createRequestBackchannelLogoutHandler({
- *   auth,
- *   clientSecret: process.env.SOULCRAFT_OIDC_CLIENT_SECRET!,
- *   idpUrl: process.env.SOULCRAFT_IDP_URL!,
- *   clientId: process.env.SOULCRAFT_OIDC_CLIENT_ID!,
- * })
- *
- * // SvelteKit: export const POST = ({ request }) => handleLogout(request)
- * // Bun:       if (url.pathname === '/api/auth/backchannel-logout') return handleLogout(req)
- * ```
- */
-/** Minimal better-auth API surface needed for session deletion. */
-export interface BackchannelAuthLike {
-    api: {
-        revokeUserSessions(opts: {
-            body: {
-                userId: string;
-            };
-            headers?: Headers;
-        }): Promise<unknown>;
-    };
-}
-/**
- * @description Configuration for `createRequestBackchannelLogoutHandler()`.
- */
-export interface BackchannelLogoutConfig {
-    /** The product's better-auth instance (used to delete sessions). */
-    auth: BackchannelAuthLike;
-    /** This product's OIDC client secret — used to verify the logout_token signature. */
-    clientSecret: string;
-    /** The central IdP base URL — used to validate the `iss` claim. */
-    idpUrl: string;
-    /** This product's OIDC client ID — used to validate the `aud` claim. */
-    clientId: string;
-}
-//# sourceMappingURL=backchannel.d.ts.map

package/dist/modules/auth/backchannel.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"backchannel.d.ts","sourceRoot":"","sources":["../../../src/modules/auth/backchannel.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AAMH,mEAAmE;AACnE,MAAM,WAAW,mBAAmB;IAClC,GAAG,EAAE;QACH,kBAAkB,CAAC,IAAI,EAAE;YAAE,IAAI,EAAE;gBAAE,MAAM,EAAE,MAAM,CAAA;aAAE,CAAC;YAAC,OAAO,CAAC,EAAE,OAAO,CAAA;SAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;KAC5F,CAAA;CACF;AAED;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,oEAAoE;IACpE,IAAI,EAAE,mBAAmB,CAAA;IACzB,qFAAqF;IACrF,YAAY,EAAE,MAAM,CAAA;IACpB,mEAAmE;IACnE,MAAM,EAAE,MAAM,CAAA;IACd,wEAAwE;IACxE,QAAQ,EAAE,MAAM,CAAA;CACjB"}

package/dist/modules/auth/backchannel.js

@@ -1,36 +0,0 @@
-/**
- * @module modules/auth/backchannel
- * @description Shared types for OIDC back-channel logout handlers.
- *
- * The framework-agnostic handler (`createRequestBackchannelLogoutHandler`) lives in
- * `request-backchannel.ts` and imports these types. This module provides the shared
- * configuration interface and the minimal better-auth API surface needed for session
- * revocation.
- *
- * ## Protocol
- *
- * 1. IdP POSTs `application/x-www-form-urlencoded` body with `logout_token` field
- * 2. Handler verifies HS256 JWT signature using the OIDC client secret
- * 3. Handler validates standard claims: `iss`, `aud`, `events` (must contain
- *    `http://schemas.openid.net/event/backchannel-logout`)
- * 4. Handler deletes all better-auth sessions for the `sub` (user ID) claim
- * 5. Returns 200 on success, 400 for malformed tokens, 401 for bad signatures
- *
- * ## Usage
- *
- * ```typescript
- * import { createRequestBackchannelLogoutHandler } from '@soulcraft/sdk/server'
- *
- * const handleLogout = createRequestBackchannelLogoutHandler({
- *   auth,
- *   clientSecret: process.env.SOULCRAFT_OIDC_CLIENT_SECRET!,
- *   idpUrl: process.env.SOULCRAFT_IDP_URL!,
- *   clientId: process.env.SOULCRAFT_OIDC_CLIENT_ID!,
- * })
- *
- * // SvelteKit: export const POST = ({ request }) => handleLogout(request)
- * // Bun:       if (url.pathname === '/api/auth/backchannel-logout') return handleLogout(req)
- * ```
- */
-export {};
-//# sourceMappingURL=backchannel.js.map

package/dist/modules/auth/backchannel.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"backchannel.js","sourceRoot":"","sources":["../../../src/modules/auth/backchannel.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG"}

package/dist/modules/auth/middleware.d.ts

@@ -1,272 +0,0 @@
-/**
- * @module modules/auth/middleware
- * @description Session verification factories and shared auth types for Soulcraft
- * product backends.
- *
- * ## Session verification strategies
- *
- * All products select the right session verifier for their deployment context:
- *
- * ```
- * Production (all products):
- *   createRemoteSessionVerifier({ idpUrl: 'https://auth.soulcraft.com' })
- *
- * Development (all products):
- *   createDevSessionVerifier({ role: 'owner' })   // auto-login, no OAuth needed
- * ```
- *
- * ## Dev and guest cookie verifiers
- *
- * - `createDevCookieVerifier` — reads the dev session cookie issued by
- *   `createRequestDevLoginHandler` (from `request-middleware.ts`).
- * - `createGuestCookieVerifier` — reads the guest session cookie issued by
- *   `createRequestGuestSessionHandler` (from `request-middleware.ts`).
- *
- * ## Framework-agnostic middleware
- *
- * Use `createRequestAuthMiddleware` from `request-middleware.ts` for the
- * framework-agnostic middleware that works with any Web Standard Request/Response
- * server (SvelteKit, Bun, Deno, Cloudflare Workers, etc.).
- *
- * @example Production setup (Venue / Academy)
- * ```typescript
- * import {
- *   createRequestAuthMiddleware,
- *   createRemoteSessionVerifier,
- *   getUser,
- * } from '@soulcraft/sdk/server'
- *
- * const verifySession = createRemoteSessionVerifier({ idpUrl: process.env.SOULCRAFT_IDP_URL! })
- * const { requireAuth } = createRequestAuthMiddleware(verifySession)
- *
- * // SvelteKit hooks:
- * export const handle = async ({ event, resolve }) => {
- *   const response = await requireAuth(event.request, () => resolve(event))
- *   event.locals.user = getUser(event.request)
- *   return response
- * }
- * ```
- */
-import type { SoulcraftSessionUser, SoulcraftSession } from './types.js';
-/** Minimal better-auth API surface the middleware depends on. */
-export interface BetterAuthLike {
-    api: {
-        getSession(opts: {
-            headers: Headers;
-        }): Promise<{
-            user: Record<string, unknown>;
-            session: {
-                id: string;
-                expiresAt: Date | string | number;
-            };
-        } | null>;
-    };
-}
-/**
- * A session verifier function — the common abstraction for session resolution
- * across all products.
- *
- * Returned by `createRemoteSessionVerifier` and `createDevSessionVerifier`.
- * Pass to `createRequestAuthMiddleware` for the framework-agnostic middleware.
- */
-export type SessionVerifier = (cookieHeader: string) => Promise<SoulcraftSession | null>;
-/**
- * Options for `createRequestAuthMiddleware()` and legacy middleware.
- */
-export interface AuthMiddlewareOptions {
-    /**
-     * If true, a synthetic dev user is injected in non-production environments
-     * when a `BetterAuthLike` auth instance is provided and session lookup fails.
-     * Not used when a `SessionVerifier` function is provided — use
-     * `createDevSessionVerifier` instead for full dev auto-login in that mode.
-     * @default true
-     */
-    devAutoLogin?: boolean;
-}
-/**
- * Options for `createRemoteSessionVerifier()`.
- */
-export interface RemoteSessionVerifierOptions {
-    /** The central IdP base URL, e.g. `"https://auth.soulcraft.com"`. */
-    idpUrl: string;
-    /** Session cache TTL in milliseconds. Default: 30 000 (30 seconds). */
-    cacheTtlMs?: number;
-    /** Maximum cached sessions. Default: 500. */
-    cacheMax?: number;
-}
-/**
- * Options for `createDevSessionVerifier()`.
- */
-export interface DevSessionVerifierOptions {
-    /**
-     * The platform role to assign to the synthetic dev session.
-     * @default 'owner'
-     */
-    role?: SoulcraftSessionUser['platformRole'];
-    /**
-     * Email address for the synthetic dev user.
-     * @default 'dev@soulcraft.com'
-     */
-    email?: string;
-    /**
-     * Display name for the synthetic dev user.
-     * @default 'Dev User'
-     */
-    name?: string;
-}
-/**
- * Options for `createRequestDevLoginHandler()`.
- */
-export interface DevLoginHandlerOptions {
-    /**
-     * Allowed platform roles. The role must be in this list for the handler to
-     * issue a session cookie. Defaults to all non-guest platform roles.
-     * @default ['creator','viewer','customer','staff','manager','owner','learner','instructor']
-     */
-    allowedRoles?: SoulcraftSessionUser['platformRole'][];
-    /**
-     * Cookie name for the issued dev session.
-     * @default 'soulcraft_dev_session'
-     */
-    cookieName?: string;
-    /**
-     * Session cookie max-age in seconds.
-     * @default 86400 (24 hours)
-     */
-    maxAgeSeconds?: number;
-}
-/**
- * Options for `createRequestGuestSessionHandler()`.
- */
-export interface GuestSessionHandlerOptions {
-    /**
-     * Cookie name for the issued guest session.
-     * @default 'soulcraft_guest_session'
-     */
-    cookieName?: string;
-    /**
-     * Guest session max-age in seconds.
-     * @default 3600 (1 hour)
-     */
-    maxAgeSeconds?: number;
-    /**
-     * An optional callback invoked when a new guest session is created.
-     * Receives the generated guest ID. Useful for analytics or initializing
-     * a guest cart/basket in the product's store.
-     *
-     * @param guestId - The newly generated unique guest ID.
-     */
-    onGuestCreated?: (guestId: string) => Promise<void> | void;
-}
-/**
- * Creates a cached remote session verifier that proxies session lookups to
- * the central IdP at `auth.soulcraft.com`.
- *
- * Used by products that operate as OIDC clients (Venue, Academy, and Workshop
- * in production). Caches successful lookups in an LRU cache to avoid per-request
- * HTTP round-trips to the IdP.
- *
- * The verifier sends the cookie header to the IdP's `/api/auth/get-session` endpoint
- * and returns the resolved `SoulcraftSession` or `null` if the session is invalid.
- *
- * Pass the returned function to `createRequestAuthMiddleware`:
- * ```typescript
- * const verifySession = createRemoteSessionVerifier({ idpUrl: process.env.SOULCRAFT_IDP_URL! })
- * const { requireAuth } = createRequestAuthMiddleware(verifySession)
- * ```
- *
- * @param options - IdP URL, cache TTL, and max cache size.
- * @returns A `SessionVerifier` — async function that accepts a cookie header string.
- *
- * @example
- * ```typescript
- * const verifySession = createRemoteSessionVerifier({
- *   idpUrl: 'https://auth.soulcraft.com',
- *   cacheTtlMs: 30_000,
- * })
- *
- * const session = await verifySession(request.headers.get('cookie') ?? '')
- * if (!session) return new Response('Unauthorized', { status: 401 })
- * ```
- */
-export declare function createRemoteSessionVerifier(options: RemoteSessionVerifierOptions): SessionVerifier;
-/**
- * Creates a session verifier that always resolves to a synthetic dev session.
- *
- * Intended for products that run as OIDC clients but need local development auth
- * without OAuth, network calls, SQLite, or real cookies. The returned verifier always
- * succeeds — any request resolves to the configured synthetic user.
- *
- * Designed as a drop-in replacement for `createRemoteSessionVerifier` in local dev:
- *
- * ```typescript
- * const verifySession = process.env.SOULCRAFT_IDP_URL
- *   ? createRemoteSessionVerifier({ idpUrl: process.env.SOULCRAFT_IDP_URL })
- *   : createDevSessionVerifier({ role: 'owner' })
- *
- * const { requireAuth } = createRequestAuthMiddleware(verifySession)
- * ```
- *
- * **Never use in production.** The verifier performs no validation whatsoever.
- *
- * @param options - Optional synthetic user configuration.
- * @returns A `SessionVerifier` with the same signature as `createRemoteSessionVerifier`.
- *
- * @example
- * ```typescript
- * const verifySession = process.env.SOULCRAFT_IDP_URL
- *   ? createRemoteSessionVerifier({ idpUrl: process.env.SOULCRAFT_IDP_URL })
- *   : createDevSessionVerifier({ role: 'owner' })
- *
- * export const handle = async ({ event, resolve }) => {
- *   const session = await verifySession(event.request.headers.get('cookie') ?? '')
- *   event.locals.session = session
- *   return resolve(event)
- * }
- * ```
- */
-export declare function createDevSessionVerifier(options?: DevSessionVerifierOptions): SessionVerifier;
-/**
- * Creates a session verifier that reads the cookie issued by `createRequestDevLoginHandler`.
- *
- * Use this together with `createRequestDevLoginHandler` when you want dev role-switching
- * (e.g. clicking "Login as Staff" in a dev UI) rather than a fixed synthetic user.
- *
- * The verifier decodes the base64url cookie value and returns the embedded session.
- * Falls back to `null` (unauthenticated) if the cookie is absent or expired.
- *
- * ```typescript
- * // Only one of these in dev — pick what fits your workflow:
- *
- * // Option A: Fixed dev user, no login UI needed
- * const verifySession = createDevSessionVerifier({ role: 'owner' })
- *
- * // Option B: Role-switching dev login UI
- * const loginHandler = createRequestDevLoginHandler({ allowedRoles: ['owner', 'staff', 'customer'] })
- * const verifySession = createDevCookieVerifier()
- * ```
- *
- * @param cookieName - Must match the `cookieName` passed to `createRequestDevLoginHandler`. Default: `'soulcraft_dev_session'`.
- * @returns A `SessionVerifier` compatible with `createRequestAuthMiddleware`.
- */
-export declare function createDevCookieVerifier(cookieName?: string): SessionVerifier;
-/**
- * Creates a session verifier that reads the cookie issued by `createRequestGuestSessionHandler`.
- *
- * Returns the guest `SoulcraftSession` or `null` if no valid guest cookie is present.
- * Compose with `createRemoteSessionVerifier` to allow both authenticated and guest access:
- *
- * ```typescript
- * const verifyReal = createRemoteSessionVerifier({ idpUrl: process.env.SOULCRAFT_IDP_URL! })
- * const verifyGuest = createGuestCookieVerifier()
- *
- * const { optionalAuth } = createRequestAuthMiddleware(async (cookie) =>
- *   await verifyReal(cookie) ?? await verifyGuest(cookie)
- * )
- * ```
- *
- * @param cookieName - Must match the `cookieName` passed to `createRequestGuestSessionHandler`. Default: `'soulcraft_guest_session'`.
- * @returns A `SessionVerifier` compatible with `createRequestAuthMiddleware`.
- */
-export declare function createGuestCookieVerifier(cookieName?: string): SessionVerifier;
-//# sourceMappingURL=middleware.d.ts.map

package/dist/modules/auth/middleware.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../../src/modules/auth/middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgDG;AAIH,OAAO,KAAK,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAA;AAMxE,iEAAiE;AACjE,MAAM,WAAW,cAAc;IAC7B,GAAG,EAAE;QACH,UAAU,CAAC,IAAI,EAAE;YAAE,OAAO,EAAE,OAAO,CAAA;SAAE,GAAG,OAAO,CAAC;YAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAAC,OAAO,EAAE;gBAAE,EAAE,EAAE,MAAM,CAAC;gBAAC,SAAS,EAAE,IAAI,GAAG,MAAM,GAAG,MAAM,CAAA;aAAE,CAAA;SAAE,GAAG,IAAI,CAAC,CAAA;KACtJ,CAAA;CACF;AAED;;;;;;GAMG;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,YAAY,EAAE,MAAM,KAAK,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAAA;AAExF;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC;;;;;;OAMG;IACH,YAAY,CAAC,EAAE,OAAO,CAAA;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,4BAA4B;IAC3C,qEAAqE;IACrE,MAAM,EAAE,MAAM,CAAA;IACd,uEAAuE;IACvE,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,6CAA6C;IAC7C,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC;;;OAGG;IACH,IAAI,CAAC,EAAE,oBAAoB,CAAC,cAAc,CAAC,CAAA;IAC3C;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAA;IACd;;;OAGG;IACH,IAAI,CAAC,EAAE,MAAM,CAAA;CACd;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC;;;;OAIG;IACH,YAAY,CAAC,EAAE,oBAAoB,CAAC,cAAc,CAAC,EAAE,CAAA;IACrD;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,0BAA0B;IACzC;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB;;;;;;OAMG;IACH,cAAc,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAA;CAC3D;AA+BD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,wBAAgB,2BAA2B,CACzC,OAAO,EAAE,4BAA4B,GACpC,eAAe,CAkEjB;AAMD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AACH,wBAAgB,wBAAwB,CACtC,OAAO,GAAE,yBAA8B,GACtC,eAAe,CAsBjB;AAMD;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,uBAAuB,CACrC,UAAU,SAA0B,GACnC,eAAe,CAMjB;AAMD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,yBAAyB,CACvC,UAAU,SAA4B,GACrC,eAAe,CAMjB"}

package/dist/modules/auth/middleware.js

@@ -1,295 +0,0 @@
-/**
- * @module modules/auth/middleware
- * @description Session verification factories and shared auth types for Soulcraft
- * product backends.
- *
- * ## Session verification strategies
- *
- * All products select the right session verifier for their deployment context:
- *
- * ```
- * Production (all products):
- *   createRemoteSessionVerifier({ idpUrl: 'https://auth.soulcraft.com' })
- *
- * Development (all products):
- *   createDevSessionVerifier({ role: 'owner' })   // auto-login, no OAuth needed
- * ```
- *
- * ## Dev and guest cookie verifiers
- *
- * - `createDevCookieVerifier` — reads the dev session cookie issued by
- *   `createRequestDevLoginHandler` (from `request-middleware.ts`).
- * - `createGuestCookieVerifier` — reads the guest session cookie issued by
- *   `createRequestGuestSessionHandler` (from `request-middleware.ts`).
- *
- * ## Framework-agnostic middleware
- *
- * Use `createRequestAuthMiddleware` from `request-middleware.ts` for the
- * framework-agnostic middleware that works with any Web Standard Request/Response
- * server (SvelteKit, Bun, Deno, Cloudflare Workers, etc.).
- *
- * @example Production setup (Venue / Academy)
- * ```typescript
- * import {
- *   createRequestAuthMiddleware,
- *   createRemoteSessionVerifier,
- *   getUser,
- * } from '@soulcraft/sdk/server'
- *
- * const verifySession = createRemoteSessionVerifier({ idpUrl: process.env.SOULCRAFT_IDP_URL! })
- * const { requireAuth } = createRequestAuthMiddleware(verifySession)
- *
- * // SvelteKit hooks:
- * export const handle = async ({ event, resolve }) => {
- *   const response = await requireAuth(event.request, () => resolve(event))
- *   event.locals.user = getUser(event.request)
- *   return response
- * }
- * ```
- */
-import { LRUCache } from 'lru-cache';
-import { computeEmailHash } from './config.js';
-// ─────────────────────────────────────────────────────────────────────────────
-// Shared internal helpers
-// ─────────────────────────────────────────────────────────────────────────────
-/** Parse a simple `name=value` cookie from a raw cookie header string. */
-function _parseCookie(cookieHeader, name) {
-    for (const part of cookieHeader.split(';')) {
-        const [k, ...rest] = part.trim().split('=');
-        if (k?.trim() === name)
-            return rest.join('=').trim();
-    }
-    return undefined;
-}
-/** Decode a session payload encoded by `_encodeSessionCookie`. Returns null on any error. */
-function _decodeSessionCookie(value) {
-    try {
-        const raw = JSON.parse(Buffer.from(value, 'base64url').toString('utf-8'));
-        if (!raw.user || !raw.sessionId || !raw.expiresAt)
-            return null;
-        if (raw.expiresAt < Date.now())
-            return null;
-        return raw;
-    }
-    catch {
-        return null;
-    }
-}
-// ─────────────────────────────────────────────────────────────────────────────
-// createRemoteSessionVerifier
-// ─────────────────────────────────────────────────────────────────────────────
-/**
- * Creates a cached remote session verifier that proxies session lookups to
- * the central IdP at `auth.soulcraft.com`.
- *
- * Used by products that operate as OIDC clients (Venue, Academy, and Workshop
- * in production). Caches successful lookups in an LRU cache to avoid per-request
- * HTTP round-trips to the IdP.
- *
- * The verifier sends the cookie header to the IdP's `/api/auth/get-session` endpoint
- * and returns the resolved `SoulcraftSession` or `null` if the session is invalid.
- *
- * Pass the returned function to `createRequestAuthMiddleware`:
- * ```typescript
- * const verifySession = createRemoteSessionVerifier({ idpUrl: process.env.SOULCRAFT_IDP_URL! })
- * const { requireAuth } = createRequestAuthMiddleware(verifySession)
- * ```
- *
- * @param options - IdP URL, cache TTL, and max cache size.
- * @returns A `SessionVerifier` — async function that accepts a cookie header string.
- *
- * @example
- * ```typescript
- * const verifySession = createRemoteSessionVerifier({
- *   idpUrl: 'https://auth.soulcraft.com',
- *   cacheTtlMs: 30_000,
- * })
- *
- * const session = await verifySession(request.headers.get('cookie') ?? '')
- * if (!session) return new Response('Unauthorized', { status: 401 })
- * ```
- */
-export function createRemoteSessionVerifier(options) {
-    const cacheTtl = options.cacheTtlMs ?? 30_000;
-    const cacheMax = options.cacheMax ?? 500;
-    const sessionUrl = `${options.idpUrl.replace(/\/$/, '')}/api/auth/get-session`;
-    const cache = new LRUCache({
-        max: cacheMax,
-        ttl: cacheTtl,
-    });
-    return async function verifyRemoteSession(cookieHeader) {
-        if (!cookieHeader)
-            return null;
-        // Use cookie header as cache key — it contains the session token
-        const cached = cache.get(cookieHeader);
-        if (cached !== undefined)
-            return cached;
-        let response;
-        try {
-            response = await fetch(sessionUrl, {
-                headers: { cookie: cookieHeader },
-                credentials: 'include',
-            });
-        }
-        catch {
-            return null;
-        }
-        if (!response.ok)
-            return null;
-        let data;
-        try {
-            data = await response.json();
-        }
-        catch {
-            return null;
-        }
-        // `get-session` returns the JSON literal `null` when no session is active.
-        // The fetch succeeds (200 OK) and `response.json()` parses it without error,
-        // but `data` is null — not an object. Guard before any property access.
-        if (!data || typeof data !== 'object')
-            return null;
-        const rawUser = data['user'];
-        const rawSession = data['session'];
-        if (!rawUser || !rawSession)
-            return null;
-        const email = String(rawUser['email'] ?? '');
-        const session = {
-            user: {
-                id: String(rawUser['id'] ?? ''),
-                email,
-                name: String(rawUser['name'] ?? ''),
-                image: rawUser['image'] ?? null,
-                platformRole: rawUser['platformRole'] ?? 'creator',
-                emailHash: rawUser['emailHash'] ? String(rawUser['emailHash']) : computeEmailHash(email),
-                ...(rawUser['handle'] ? { handle: String(rawUser['handle']) } : {}),
-            },
-            sessionId: String(rawSession['id'] ?? ''),
-            expiresAt: Number(rawSession['expiresAt'] ?? 0),
-        };
-        cache.set(cookieHeader, session);
-        return session;
-    };
-}
-// ─────────────────────────────────────────────────────────────────────────────
-// createDevSessionVerifier
-// ─────────────────────────────────────────────────────────────────────────────
-/**
- * Creates a session verifier that always resolves to a synthetic dev session.
- *
- * Intended for products that run as OIDC clients but need local development auth
- * without OAuth, network calls, SQLite, or real cookies. The returned verifier always
- * succeeds — any request resolves to the configured synthetic user.
- *
- * Designed as a drop-in replacement for `createRemoteSessionVerifier` in local dev:
- *
- * ```typescript
- * const verifySession = process.env.SOULCRAFT_IDP_URL
- *   ? createRemoteSessionVerifier({ idpUrl: process.env.SOULCRAFT_IDP_URL })
- *   : createDevSessionVerifier({ role: 'owner' })
- *
- * const { requireAuth } = createRequestAuthMiddleware(verifySession)
- * ```
- *
- * **Never use in production.** The verifier performs no validation whatsoever.
- *
- * @param options - Optional synthetic user configuration.
- * @returns A `SessionVerifier` with the same signature as `createRemoteSessionVerifier`.
- *
- * @example
- * ```typescript
- * const verifySession = process.env.SOULCRAFT_IDP_URL
- *   ? createRemoteSessionVerifier({ idpUrl: process.env.SOULCRAFT_IDP_URL })
- *   : createDevSessionVerifier({ role: 'owner' })
- *
- * export const handle = async ({ event, resolve }) => {
- *   const session = await verifySession(event.request.headers.get('cookie') ?? '')
- *   event.locals.session = session
- *   return resolve(event)
- * }
- * ```
- */
-export function createDevSessionVerifier(options = {}) {
-    const role = options.role ?? 'owner';
-    const email = options.email ?? 'dev@soulcraft.com';
-    const name = options.name ?? 'Dev User';
-    const session = {
-        user: {
-            id: 'dev-user-001',
-            email,
-            name,
-            image: null,
-            platformRole: role,
-            emailHash: computeEmailHash(email),
-            handle: 'dev',
-        },
-        sessionId: 'dev-session-001',
-        expiresAt: Date.now() + 30 * 24 * 60 * 60 * 1000,
-    };
-    return async function verifyDevSession() {
-        return session;
-    };
-}
-// ─────────────────────────────────────────────────────────────────────────────
-// createDevCookieVerifier
-// ─────────────────────────────────────────────────────────────────────────────
-/**
- * Creates a session verifier that reads the cookie issued by `createRequestDevLoginHandler`.
- *
- * Use this together with `createRequestDevLoginHandler` when you want dev role-switching
- * (e.g. clicking "Login as Staff" in a dev UI) rather than a fixed synthetic user.
- *
- * The verifier decodes the base64url cookie value and returns the embedded session.
- * Falls back to `null` (unauthenticated) if the cookie is absent or expired.
- *
- * ```typescript
- * // Only one of these in dev — pick what fits your workflow:
- *
- * // Option A: Fixed dev user, no login UI needed
- * const verifySession = createDevSessionVerifier({ role: 'owner' })
- *
- * // Option B: Role-switching dev login UI
- * const loginHandler = createRequestDevLoginHandler({ allowedRoles: ['owner', 'staff', 'customer'] })
- * const verifySession = createDevCookieVerifier()
- * ```
- *
- * @param cookieName - Must match the `cookieName` passed to `createRequestDevLoginHandler`. Default: `'soulcraft_dev_session'`.
- * @returns A `SessionVerifier` compatible with `createRequestAuthMiddleware`.
- */
-export function createDevCookieVerifier(cookieName = 'soulcraft_dev_session') {
-    return async function verifyDevCookie(cookieHeader) {
-        const value = _parseCookie(cookieHeader, cookieName);
-        if (!value)
-            return null;
-        return _decodeSessionCookie(value);
-    };
-}
-// ─────────────────────────────────────────────────────────────────────────────
-// createGuestCookieVerifier
-// ─────────────────────────────────────────────────────────────────────────────
-/**
- * Creates a session verifier that reads the cookie issued by `createRequestGuestSessionHandler`.
- *
- * Returns the guest `SoulcraftSession` or `null` if no valid guest cookie is present.
- * Compose with `createRemoteSessionVerifier` to allow both authenticated and guest access:
- *
- * ```typescript
- * const verifyReal = createRemoteSessionVerifier({ idpUrl: process.env.SOULCRAFT_IDP_URL! })
- * const verifyGuest = createGuestCookieVerifier()
- *
- * const { optionalAuth } = createRequestAuthMiddleware(async (cookie) =>
- *   await verifyReal(cookie) ?? await verifyGuest(cookie)
- * )
- * ```
- *
- * @param cookieName - Must match the `cookieName` passed to `createRequestGuestSessionHandler`. Default: `'soulcraft_guest_session'`.
- * @returns A `SessionVerifier` compatible with `createRequestAuthMiddleware`.
- */
-export function createGuestCookieVerifier(cookieName = 'soulcraft_guest_session') {
-    return async function verifyGuestCookie(cookieHeader) {
-        const value = _parseCookie(cookieHeader, cookieName);
-        if (!value)
-            return null;
-        return _decodeSessionCookie(value);
-    };
-}
-//# sourceMappingURL=middleware.js.map

package/dist/modules/auth/middleware.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../../src/modules/auth/middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgDG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAA;AACpC,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAA;AAoH9C,gFAAgF;AAChF,0BAA0B;AAC1B,gFAAgF;AAEhF,0EAA0E;AAC1E,SAAS,YAAY,CAAC,YAAoB,EAAE,IAAY;IACtD,KAAK,MAAM,IAAI,IAAI,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAC3C,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAA;IACtD,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,6FAA6F;AAC7F,SAAS,oBAAoB,CAAC,KAAa;IACzC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAqB,CAAA;QAC7F,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,IAAI,CAAC,GAAG,CAAC,SAAS;YAAE,OAAO,IAAI,CAAA;QAC9D,IAAI,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE;YAAE,OAAO,IAAI,CAAA;QAC3C,OAAO,GAAG,CAAA;IACZ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED,gFAAgF;AAChF,8BAA8B;AAC9B,gFAAgF;AAEhF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,MAAM,UAAU,2BAA2B,CACzC,OAAqC;IAErC,MAAM,QAAQ,GAAG,OAAO,CAAC,UAAU,IAAI,MAAM,CAAA;IAC7C,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,GAAG,CAAA;IACxC,MAAM,UAAU,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,uBAAuB,CAAA;IAE9E,MAAM,KAAK,GAAG,IAAI,QAAQ,CAA2B;QACnD,GAAG,EAAE,QAAQ;QACb,GAAG,EAAE,QAAQ;KACd,CAAC,CAAA;IAEF,OAAO,KAAK,UAAU,mBAAmB,CACvC,YAAoB;QAEpB,IAAI,CAAC,YAAY;YAAE,OAAO,IAAI,CAAA;QAE9B,iEAAiE;QACjE,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,CAAA;QACtC,IAAI,MAAM,KAAK,SAAS;YAAE,OAAO,MAAM,CAAA;QAEvC,IAAI,QAAkB,CAAA;QACtB,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,KAAK,CAAC,UAAU,EAAE;gBACjC,OAAO,EAAE,EAAE,MAAM,EAAE,YAAY,EAAE;gBACjC,WAAW,EAAE,SAAS;aACvB,CAAC,CAAA;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAA;QACb,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,EAAE;YAAE,OAAO,IAAI,CAAA;QAE7B,IAAI,IAA6B,CAAA;QACjC,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA6B,CAAA;QACzD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAA;QACb,CAAC;QAED,2EAA2E;QAC3E,6EAA6E;QAC7E,wEAAwE;QACxE,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAA;QAElD,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAwC,CAAA;QACnE,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAwC,CAAA;QAEzE,IAAI,CAAC,OAAO,IAAI,CAAC,UAAU;YAAE,OAAO,IAAI,CAAA;QAExC,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAA;QAC5C,MAAM,OAAO,GAAqB;YAChC,IAAI,EAAE;gBACJ,EAAE,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC/B,KAAK;gBACL,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;gBACnC,KAAK,EAAG,OAAO,CAAC,OAAO,CAA+B,IAAI,IAAI;gBAC9D,YAAY,EAAG,OAAO,CAAC,cAAc,CAA0C,IAAI,SAAS;gBAC5F,SAAS,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,KAAK,CAAC;gBACxF,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACpE;YACD,SAAS,EAAE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YACzC,SAAS,EAAE,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;SAChD,CAAA;QAED,KAAK,CAAC,GAAG,CAAC,YAAY,EAAE,OAAO,CAAC,CAAA;QAChC,OAAO,OAAO,CAAA;IAChB,CAAC,CAAA;AACH,CAAC;AAED,gFAAgF;AAChF,2BAA2B;AAC3B,gFAAgF;AAEhF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AACH,MAAM,UAAU,wBAAwB,CACtC,UAAqC,EAAE;IAEvC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,OAAO,CAAA;IACpC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,mBAAmB,CAAA;IAClD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,UAAU,CAAA;IAEvC,MAAM,OAAO,GAAqB;QAChC,IAAI,EAAE;YACJ,EAAE,EAAE,cAAc;YAClB,KAAK;YACL,IAAI;YACJ,KAAK,EAAE,IAAI;YACX,YAAY,EAAE,IAAI;YAClB,SAAS,EAAE,gBAAgB,CAAC,KAAK,CAAC;YAClC,MAAM,EAAE,KAAK;SACd;QACD,SAAS,EAAE,iBAAiB;QAC5B,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;KACjD,CAAA;IAED,OAAO,KAAK,UAAU,gBAAgB;QACpC,OAAO,OAAO,CAAA;IAChB,CAAC,CAAA;AACH,CAAC;AAED,gFAAgF;AAChF,0BAA0B;AAC1B,gFAAgF;AAEhF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,UAAU,uBAAuB,CACrC,UAAU,GAAG,uBAAuB;IAEpC,OAAO,KAAK,UAAU,eAAe,CAAC,YAAoB;QACxD,MAAM,KAAK,GAAG,YAAY,CAAC,YAAY,EAAE,UAAU,CAAC,CAAA;QACpD,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAA;QACvB,OAAO,oBAAoB,CAAC,KAAK,CAAC,CAAA;IACpC,CAAC,CAAA;AACH,CAAC;AAED,gFAAgF;AAChF,4BAA4B;AAC5B,gFAAgF;AAEhF;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,yBAAyB,CACvC,UAAU,GAAG,yBAAyB;IAEtC,OAAO,KAAK,UAAU,iBAAiB,CAAC,YAAoB;QAC1D,MAAM,KAAK,GAAG,YAAY,CAAC,YAAY,EAAE,UAAU,CAAC,CAAA;QACpD,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAA;QACvB,OAAO,oBAAoB,CAAC,KAAK,CAAC,CAAA;IACpC,CAAC,CAAA;AACH,CAAC"}