@timeback/sdk 0.1.4

package/dist/server/lib/index.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Server Library
+ *
+ * Internal utilities for the server SDK.
+ */
+export { getIssuer, buildAuthorizationUrl, exchangeCodeForTokens, getUserInfo } from './oidc';
+export { jsonResponse, redirectResponse, encodeBase64Url, decodeBase64Url, mapEnvForApi, } from './utils';
+export { ssoLog, oidcLog, createScopedLogger } from './logger';
+export { resolveTimebackUserByEmail, TimebackUserResolutionError } from './resolve-timeback-user';
+export { buildActivityContext, buildActivityMetrics, buildTimeSpentMetrics, sendCaliperEnvelope, } from './build-activity-events';
+export { resolveActivityCourse, ActivityCourseResolutionError } from './resolve-activity-course';
+export { resolveStatusForUserResolutionError, resolveTimebackIdForActivity, } from './resolve-timeback-id';
+export { buildCourseLookup, getUtcDayRange, mapEnrollmentsToCourses, pickGoalsFromEnrollments, sumXp, } from './build-user-profile';
+//# sourceMappingURL=index.d.ts.map

package/dist/server/lib/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/server/lib/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,SAAS,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAA;AAC7F,OAAO,EACN,YAAY,EACZ,gBAAgB,EAChB,eAAe,EACf,eAAe,EACf,YAAY,GACZ,MAAM,SAAS,CAAA;AAChB,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAA;AAC9D,OAAO,EAAE,0BAA0B,EAAE,2BAA2B,EAAE,MAAM,yBAAyB,CAAA;AACjG,OAAO,EACN,oBAAoB,EACpB,oBAAoB,EACpB,qBAAqB,EACrB,mBAAmB,GACnB,MAAM,yBAAyB,CAAA;AAChC,OAAO,EAAE,qBAAqB,EAAE,6BAA6B,EAAE,MAAM,2BAA2B,CAAA;AAChG,OAAO,EACN,mCAAmC,EACnC,4BAA4B,GAC5B,MAAM,uBAAuB,CAAA;AAC9B,OAAO,EACN,iBAAiB,EACjB,cAAc,EACd,uBAAuB,EACvB,wBAAwB,EACxB,KAAK,GACL,MAAM,sBAAsB,CAAA"}

package/dist/server/lib/logger.d.ts

@@ -0,0 +1,21 @@
+/**
+ * SDK Logger
+ *
+ * Debug logging for the Timeback SDK server components.
+ * Only logs when DEBUG=1 or DEBUG=true is set.
+ */
+import type { Logger } from '@timeback/internal-logger';
+/**
+ * Create a scoped logger for SDK components.
+ *
+ * Only logs debug/info when DEBUG=1 or DEBUG=true.
+ *
+ * @param scope - Logger scope name (e.g., 'sso', 'oidc')
+ * @returns Configured logger instance
+ */
+export declare function createScopedLogger(scope: string): Logger;
+/** Logger for SSO/identity operations */
+export declare const ssoLog: Logger;
+/** Logger for OIDC protocol operations */
+export declare const oidcLog: Logger;
+//# sourceMappingURL=logger.d.ts.map

package/dist/server/lib/logger.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../../../src/server/lib/logger.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,2BAA2B,CAAA;AAgBvD;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAKxD;AAED,yCAAyC;AACzC,eAAO,MAAM,MAAM,QAA4B,CAAA;AAE/C,0CAA0C;AAC1C,eAAO,MAAM,OAAO,QAA6B,CAAA"}

package/dist/server/lib/oidc.d.ts

@@ -0,0 +1,76 @@
+/**
+ * OIDC Helpers
+ *
+ * Helpers for Timeback SSO via OIDC with automatic endpoint discovery.
+ */
+import type { Environment, OIDCTokens, OIDCUserInfo } from '../types';
+/**
+ * OIDC Discovery document structure.
+ */
+interface OIDCDiscoveryDocument {
+    issuer: string;
+    authorization_endpoint: string;
+    token_endpoint: string;
+    userinfo_endpoint: string;
+    jwks_uri: string;
+    end_session_endpoint?: string;
+}
+/** Parameters for building an authorization URL. */
+interface BuildAuthorizationUrlParams {
+    issuer: string;
+    clientId: string;
+    redirectUri: string;
+    state: string;
+}
+/** Parameters for exchanging an authorization code for tokens. */
+interface ExchangeCodeParams {
+    issuer: string;
+    clientId: string;
+    clientSecret: string;
+    code: string;
+    redirectUri: string;
+}
+/** Parameters for fetching user info. */
+interface GetUserInfoParams {
+    issuer: string;
+    accessToken: string;
+}
+/**
+ * Fetch the OIDC discovery document for an issuer.
+ *
+ * @param issuer - The OIDC issuer URL
+ * @returns The discovery document
+ */
+export declare function fetchDiscoveryDocument(issuer: string): Promise<OIDCDiscoveryDocument>;
+/**
+ * Get the Timeback IdP issuer URL for the given environment.
+ *
+ * Uses AWS Cognito User Pools as the identity provider.
+ *
+ * @param env - The environment
+ * @returns The issuer URL
+ */
+export declare function getIssuer(env: Environment): string;
+/**
+ * Build the authorization URL for OIDC.
+ *
+ * @param params - Authorization parameters
+ * @returns The authorization URL
+ */
+export declare function buildAuthorizationUrl(params: BuildAuthorizationUrlParams): Promise<string>;
+/**
+ * Exchange authorization code for tokens.
+ *
+ * @param params - Token exchange parameters
+ * @returns The token response
+ */
+export declare function exchangeCodeForTokens(params: ExchangeCodeParams): Promise<OIDCTokens>;
+/**
+ * Get user info from the IdP.
+ *
+ * @param params - User info request parameters
+ * @returns The user info claims
+ */
+export declare function getUserInfo(params: GetUserInfoParams): Promise<OIDCUserInfo>;
+export {};
+//# sourceMappingURL=oidc.d.ts.map

package/dist/server/lib/oidc.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../../../src/server/lib/oidc.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAAE,WAAW,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,UAAU,CAAA;AAErE;;GAEG;AACH,UAAU,qBAAqB;IAC9B,MAAM,EAAE,MAAM,CAAA;IACd,sBAAsB,EAAE,MAAM,CAAA;IAC9B,cAAc,EAAE,MAAM,CAAA;IACtB,iBAAiB,EAAE,MAAM,CAAA;IACzB,QAAQ,EAAE,MAAM,CAAA;IAChB,oBAAoB,CAAC,EAAE,MAAM,CAAA;CAC7B;AAED,oDAAoD;AACpD,UAAU,2BAA2B;IACpC,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,WAAW,EAAE,MAAM,CAAA;IACnB,KAAK,EAAE,MAAM,CAAA;CACb;AAED,kEAAkE;AAClE,UAAU,kBAAkB;IAC3B,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,YAAY,EAAE,MAAM,CAAA;IACpB,IAAI,EAAE,MAAM,CAAA;IACZ,WAAW,EAAE,MAAM,CAAA;CACnB;AAED,yCAAyC;AACzC,UAAU,iBAAiB;IAC1B,MAAM,EAAE,MAAM,CAAA;IACd,WAAW,EAAE,MAAM,CAAA;CACnB;AAKD;;;;;GAKG;AACH,wBAAsB,sBAAsB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,CAAC,CAuB3F;AAED;;;;;;;GAOG;AACH,wBAAgB,SAAS,CAAC,GAAG,EAAE,WAAW,GAAG,MAAM,CASlD;AAED;;;;;GAKG;AACH,wBAAsB,qBAAqB,CAAC,MAAM,EAAE,2BAA2B,GAAG,OAAO,CAAC,MAAM,CAAC,CAWhG;AAED;;;;;GAKG;AACH,wBAAsB,qBAAqB,CAAC,MAAM,EAAE,kBAAkB,GAAG,OAAO,CAAC,UAAU,CAAC,CA4B3F;AAED;;;;;GAKG;AACH,wBAAsB,WAAW,CAAC,MAAM,EAAE,iBAAiB,GAAG,OAAO,CAAC,YAAY,CAAC,CAclF"}

package/dist/server/lib/resolve-activity-course.d.ts

@@ -0,0 +1,22 @@
+import type { ActivityCourseRef } from '../../shared/types';
+import type { AppConfig } from '../types';
+/**
+ * Resolve a course config entry from an activity course selector.
+ *
+ * @param courses - Configured courses from `timeback.config.ts`
+ * @param courseRef - Course selector sent from the client
+ * @returns Matched course config entry
+ * @throws {ActivityCourseResolutionError} When selector is unknown or ambiguous
+ */
+export declare function resolveActivityCourse(courses: AppConfig['courses'], courseRef: ActivityCourseRef): AppConfig['courses'][number];
+/**
+ * Error thrown when a client-provided course selector cannot be resolved against config.
+ */
+export declare class ActivityCourseResolutionError extends Error {
+    readonly code: 'unknown_course' | 'ambiguous_course';
+    readonly subject: ActivityCourseRef['subject'];
+    readonly grade: ActivityCourseRef['grade'];
+    readonly count?: number;
+    constructor(code: ActivityCourseResolutionError['code'], courseRef: ActivityCourseRef, count?: number);
+}
+//# sourceMappingURL=resolve-activity-course.d.ts.map

package/dist/server/lib/resolve-activity-course.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolve-activity-course.d.ts","sourceRoot":"","sources":["../../../src/server/lib/resolve-activity-course.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAA;AAC3D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,UAAU,CAAA;AAEzC;;;;;;;GAOG;AACH,wBAAgB,qBAAqB,CACpC,OAAO,EAAE,SAAS,CAAC,SAAS,CAAC,EAC7B,SAAS,EAAE,iBAAiB,GAC1B,SAAS,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,CAc9B;AAED;;GAEG;AACH,qBAAa,6BAA8B,SAAQ,KAAK;IACvD,QAAQ,CAAC,IAAI,EAAE,gBAAgB,GAAG,kBAAkB,CAAA;IACpD,QAAQ,CAAC,OAAO,EAAE,iBAAiB,CAAC,SAAS,CAAC,CAAA;IAC9C,QAAQ,CAAC,KAAK,EAAE,iBAAiB,CAAC,OAAO,CAAC,CAAA;IAC1C,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAA;IAEvB,YACC,IAAI,EAAE,6BAA6B,CAAC,MAAM,CAAC,EAC3C,SAAS,EAAE,iBAAiB,EAC5B,KAAK,CAAC,EAAE,MAAM,EAOd;CACD"}

package/dist/server/lib/resolve-timeback-id.d.ts

@@ -0,0 +1,28 @@
+import { TimebackUserResolutionError } from './resolve-timeback-user';
+import type { TimebackClient } from '@timeback/core';
+import type { ApiCredentials, Environment, IdentityConfig } from '../types';
+/**
+ * Map a Timeback user resolution error code to an HTTP status for handlers.
+ *
+ * @param err - Timeback user resolution error
+ * @returns HTTP status code
+ */
+export declare function resolveStatusForUserResolutionError(err: TimebackUserResolutionError): number;
+/**
+ * Resolve the canonical Timeback user ID for server-side activity submission.
+ *
+ * @param params - Resolution parameters
+ * @returns Timeback user ID
+ * @throws {TimebackUserResolutionError} When resolution fails
+ */
+export declare function resolveTimebackIdForActivity(params: {
+    env: Environment;
+    api: ApiCredentials;
+    identity: IdentityConfig;
+    user: {
+        id: string;
+        email: string;
+    };
+    client: TimebackClient;
+}): Promise<string>;
+//# sourceMappingURL=resolve-timeback-id.d.ts.map

package/dist/server/lib/resolve-timeback-id.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolve-timeback-id.d.ts","sourceRoot":"","sources":["../../../src/server/lib/resolve-timeback-id.ts"],"names":[],"mappings":"AAAA,OAAO,EAA8B,2BAA2B,EAAE,MAAM,yBAAyB,CAAA;AAEjG,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAA;AACpD,OAAO,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,UAAU,CAAA;AAE3E;;;;;GAKG;AACH,wBAAgB,mCAAmC,CAAC,GAAG,EAAE,2BAA2B,GAAG,MAAM,CAE5F;AAED;;;;;;GAMG;AACH,wBAAsB,4BAA4B,CAAC,MAAM,EAAE;IAC1D,GAAG,EAAE,WAAW,CAAA;IAChB,GAAG,EAAE,cAAc,CAAA;IACnB,QAAQ,EAAE,cAAc,CAAA;IACxB,IAAI,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAA;IACnC,MAAM,EAAE,cAAc,CAAA;CACtB,GAAG,OAAO,CAAC,MAAM,CAAC,CAkBlB"}

package/dist/server/lib/resolve-timeback-user.d.ts

@@ -0,0 +1,42 @@
+/**
+ * Timeback User Resolution
+ *
+ * Resolves the Timeback user by email using server credentials.
+ */
+import { TimebackClient } from '@timeback/core';
+import type { TimebackAuthUser } from '../../shared/types';
+import type { ApiCredentials, Environment, OIDCUserInfo, TimebackUserResolutionErrorCode } from '../types';
+/**
+ * Error thrown when Timeback user resolution fails.
+ */
+export declare class TimebackUserResolutionError extends Error {
+    readonly code: TimebackUserResolutionErrorCode;
+    constructor(message: string, code: TimebackUserResolutionErrorCode);
+}
+interface ResolveTimebackUserByEmailParams {
+    /** Environment (staging/production) */
+    env: Environment;
+    /** API credentials for Timeback API */
+    apiCredentials: ApiCredentials;
+    /** OIDC user info from the IdP */
+    userInfo: OIDCUserInfo;
+    /**
+     * Optional pre-configured Timeback client to use (e.g. `timeback.api`).
+     *
+     * When provided, this function will use it and will NOT close it.
+     */
+    client?: TimebackClient;
+}
+/**
+ * Resolve a TimebackAuthUser by looking up the Timeback user via email.
+ *
+ * Uses server API credentials to query OneRoster for a user matching the IdP email.
+ * Strict mode: fails if no user found or if multiple users match (ambiguous).
+ *
+ * @param params - Resolution parameters
+ * @returns Resolved TimebackAuthUser with Timeback profile and IdP claims
+ * @throws {TimebackUserResolutionError} If resolution fails
+ */
+export declare function resolveTimebackUserByEmail(params: ResolveTimebackUserByEmailParams): Promise<TimebackAuthUser>;
+export {};
+//# sourceMappingURL=resolve-timeback-user.d.ts.map

package/dist/server/lib/resolve-timeback-user.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolve-timeback-user.d.ts","sourceRoot":"","sources":["../../../src/server/lib/resolve-timeback-user.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAA;AAM/C,OAAO,KAAK,EAAkB,gBAAgB,EAAmB,MAAM,oBAAoB,CAAA;AAC3F,OAAO,KAAK,EACX,cAAc,EACd,WAAW,EACX,YAAY,EACZ,+BAA+B,EAC/B,MAAM,UAAU,CAAA;AAIjB;;GAEG;AACH,qBAAa,2BAA4B,SAAQ,KAAK;aAGpC,IAAI,EAAE,+BAA+B;IAFtD,YACC,OAAO,EAAE,MAAM,EACC,IAAI,EAAE,+BAA+B,EAIrD;CACD;AAED,UAAU,gCAAgC;IACzC,uCAAuC;IACvC,GAAG,EAAE,WAAW,CAAA;IAChB,uCAAuC;IACvC,cAAc,EAAE,cAAc,CAAA;IAC9B,kCAAkC;IAClC,QAAQ,EAAE,YAAY,CAAA;IACtB;;;;OAIG;IACH,MAAM,CAAC,EAAE,cAAc,CAAA;CACvB;AAkBD;;;;;;;;;GASG;AACH,wBAAsB,0BAA0B,CAC/C,MAAM,EAAE,gCAAgC,GACtC,OAAO,CAAC,gBAAgB,CAAC,CAuG3B"}

package/dist/server/lib/utils.d.ts

@@ -0,0 +1,54 @@
+/**
+ * Server Utilities
+ *
+ * Internal utility functions for the server SDK.
+ */
+import type { Environment } from '../types';
+/**
+ * Map SDK environment to the environment used for outbound Timeback API calls.
+ *
+ * The SDK's `env` config controls runtime mode, but for outbound service calls
+ * (OneRoster, Caliper, etc.) we need a real Timeback environment:
+ *
+ *   - `local`      → `staging` (local dev uses staging services)
+ *   - `staging`    → `staging`
+ *   - `production` → `production`
+ *
+ * @param env - SDK environment setting
+ * @returns Environment to use for TimebackClient
+ */
+export declare function mapEnvForApi(env: Environment): 'staging' | 'production';
+/**
+ * Create a JSON response.
+ *
+ * @param data - Response data
+ * @param status - HTTP status code
+ * @param headers - Additional headers
+ * @returns JSON response
+ */
+export declare function jsonResponse<T>(data: T, status?: number, headers?: HeadersInit): Response;
+/**
+ * Create a redirect response.
+ *
+ * @param url - URL to redirect to
+ * @param headers - Additional headers (e.g., Set-Cookie)
+ * @returns Redirect response
+ */
+export declare function redirectResponse(url: string, headers?: HeadersInit): Response;
+/**
+ * Encode an object to a base64url-safe string.
+ *
+ * Used for OIDC state parameter.
+ *
+ * @param data - Data to encode
+ * @returns Base64url encoded string
+ */
+export declare function encodeBase64Url(data: unknown): string;
+/**
+ * Decode a base64url string back to an object.
+ *
+ * @param encoded - Base64url encoded string
+ * @returns Decoded object
+ */
+export declare function decodeBase64Url<T>(encoded: string): T;
+//# sourceMappingURL=utils.d.ts.map

package/dist/server/lib/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/server/lib/utils.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,UAAU,CAAA;AAE3C;;;;;;;;;;;;GAYG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,WAAW,GAAG,SAAS,GAAG,YAAY,CAMvE;AAED;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,SAAM,EAAE,OAAO,CAAC,EAAE,WAAW,GAAG,QAAQ,CAItF;AAED;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,WAAW,GAAG,QAAQ,CAI7E;AAED;;;;;;;GAOG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,OAAO,GAAG,MAAM,CAIrD;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,GAAG,CAAC,CAKrD"}

package/dist/server/timeback-identity.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Timeback Server SDK (Identity-only)
+ *
+ * This file is intentionally Node-free so it can be used in edge runtimes
+ * (e.g. Cloudflare Workers / workerd) without pulling in Node-only deps
+ * like `jiti`, `fs`, etc.
+ */
+import type { IdentityOnlyConfig, IdentityOnlyInstance } from './types';
+/**
+ * Create an identity-only Timeback server instance.
+ *
+ * Use this when you only need SSO authentication without activity tracking
+ * or Timeback API integration. Does not require `timeback.config.ts`.
+ *
+ * @param config - Identity-only configuration
+ * @returns Identity-only Timeback server instance
+ */
+export declare function createTimebackIdentity<TState = unknown>(config: IdentityOnlyConfig<TState>): IdentityOnlyInstance<TState>;
+//# sourceMappingURL=timeback-identity.d.ts.map

package/dist/server/timeback-identity.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"timeback-identity.d.ts","sourceRoot":"","sources":["../../src/server/timeback-identity.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,KAAK,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,SAAS,CAAA;AAEvE;;;;;;;;GAQG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,GAAG,OAAO,EACtD,MAAM,EAAE,kBAAkB,CAAC,MAAM,CAAC,GAChC,oBAAoB,CAAC,MAAM,CAAC,CAY9B"}

package/dist/server/timeback.d.ts

@@ -0,0 +1,68 @@
+/**
+ * Timeback Server SDK
+ *
+ * Factory functions to create Timeback server instances.
+ */
+import type { TimebackConfig, TimebackInstance } from './types';
+/**
+ * Create a Timeback server instance.
+ *
+ * Returns a framework-agnostic instance with raw handlers.
+ *
+ * Use an adapter to integrate with your framework:
+ * - `toNextjsHandler()` for Next.js App Router
+ * - `toHonoApp()` / `toHonoMiddleware()` for Hono
+ * - `toExpressMiddleware()` / `mountExpressRoutes()` for Express
+ *
+ * When using SSO mode, the callback receives an enriched `TimebackAuthUser` with
+ * `user.id` being the canonical Timeback user ID (timebackId).
+ *
+ * @param config - Server configuration
+ * @returns Timeback instance with handlers
+ *
+ * @example SSO mode
+ * ```typescript
+ * import { createTimeback } from '@timeback/sdk'
+ * import { toNextjsHandler } from '@timeback/sdk/nextjs'
+ *
+ * const timeback = await createTimeback({
+ *   env: 'production',
+ *   api: {
+ *     clientId: process.env.TIMEBACK_API_CLIENT_ID!,
+ *     clientSecret: process.env.TIMEBACK_API_CLIENT_SECRET!,
+ *   },
+ *   identity: {
+ *     mode: 'sso',
+ *     clientId: process.env.AWS_COGNITO_CLIENT_ID!,
+ *     clientSecret: process.env.AWS_COGNITO_CLIENT_SECRET!,
+ *     onCallbackSuccess: async ({ user, state, redirect }) => {
+ *       // user.id is the timebackId (canonical stable identifier)
+ *       await setSession({ id: user.id, email: user.email })
+ *       return redirect(state.returnTo ?? '/')
+ *     },
+ *     onCallbackError: ({ error, redirect }) => redirect('/?error=sso_failed'),
+ *     getUser: (req) => getSessionUser(req),
+ *   },
+ * })
+ *
+ * // For Next.js App Router
+ * export const { GET, POST } = toNextjsHandler(timeback)
+ * ```
+ *
+ * @example Custom identity mode (bring your own auth)
+ * ```typescript
+ * const timeback = await createTimeback({
+ *   env: 'production',
+ *   api: { ... },
+ *   identity: {
+ *     mode: 'custom',
+ *     getUser: async (req) => {
+ *       const session = await getSession(req)
+ *       return session ? { id: session.userId, email: session.email } : undefined
+ *     },
+ *   },
+ * })
+ * ```
+ */
+export declare function createTimeback<TState = unknown>(config: TimebackConfig<TState>): Promise<TimebackInstance<TState>>;
+//# sourceMappingURL=timeback.d.ts.map

package/dist/server/timeback.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"timeback.d.ts","sourceRoot":"","sources":["../../src/server/timeback.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAQH,OAAO,KAAK,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAA;AAE/D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2DG;AACH,wBAAsB,cAAc,CAAC,MAAM,GAAG,OAAO,EACpD,MAAM,EAAE,cAAc,CAAC,MAAM,CAAC,GAC5B,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAsEnC"}