@voidhash/mimic-effect 0.0.9 → 1.0.0-beta.10

package/dist/MimicAuthService.d.cts

@@ -1,65 +1,78 @@
-import * as Effect from "effect/Effect";
-import * as Layer from "effect/Layer";
-import * as Context from "effect/Context";
+import { AuthContext, Permission } from "./Types.cjs";
+import { AuthenticationError } from "./Errors.cjs";
+import { Context, Effect, Layer } from "effect";
 
 //#region src/MimicAuthService.d.ts
-declare namespace MimicAuthService_d_exports {
-  export { AuthHandler, AuthResult, MimicAuthService, MimicAuthServiceTag, layer, layerEffect, layerService, make, makeEffect };
-}
-/**
- * Result of an authentication attempt.
- */
-type AuthResult = {
-  readonly success: true;
-  readonly userId?: string;
-} | {
-  readonly success: false;
-  readonly error: string;
-};
-/**
- * Authentication handler function type.
- * Can be synchronous or return a Promise.
- */
-type AuthHandler = (token: string) => Promise<AuthResult> | AuthResult;
+
 /**
- * Authentication service interface.
- * Implementations can authenticate connections using various methods (JWT, API keys, etc.)
+ * MimicAuthService interface for authentication and authorization.
+ *
+ * The `authenticate` method receives the token from the client's auth message
+ * and the document ID being accessed. It should return an AuthContext on success
+ * or fail with AuthenticationError on failure.
+ *
+ * The permission in AuthContext determines what the user can do:
+ * - "read": Can subscribe, receive transactions, get snapshots
+ * - "write": All of the above, plus can submit transactions and set presence
  */
 interface MimicAuthService {
   /**
-   * Authenticate a connection using the provided token.
-   * @param token - The authentication token provided by the client
-   * @returns The authentication result
+   * Authenticate a connection and return authorization context.
+   *
+   * @param token - The token provided by the client
+   * @param documentId - The document ID being accessed
+   * @returns AuthContext with userId and permission level
    */
-  readonly authenticate: (token: string) => Effect.Effect<AuthResult>;
+  readonly authenticate: (token: string, documentId: string) => Effect.Effect<AuthContext, AuthenticationError>;
 }
-declare const MimicAuthServiceTag_base: Context.TagClass<MimicAuthServiceTag, "@voidhash/mimic-server-effect/MimicAuthService", MimicAuthService>;
+declare const MimicAuthServiceTag_base: Context.TagClass<MimicAuthServiceTag, "@voidhash/mimic-effect/MimicAuthService", MimicAuthService>;
 /**
- * Context tag for MimicAuthService service.
+ * Context tag for MimicAuthService
  */
 declare class MimicAuthServiceTag extends MimicAuthServiceTag_base {}
 /**
- * Create a MimicAuthService layer from an auth handler function.
- */
-declare const layer: (options: {
-  readonly authHandler: AuthHandler;
-}) => Layer.Layer<MimicAuthServiceTag>;
-/**
- * Create a MimicAuthService layer from an auth service implementation.
- */
-declare const layerService: (service: MimicAuthService) => Layer.Layer<MimicAuthServiceTag>;
-/**
- * Create a MimicAuthService layer from an Effect that produces an auth service.
- */
-declare const layerEffect: <E, R>(effect: Effect.Effect<MimicAuthService, E, R>) => Layer.Layer<MimicAuthServiceTag, E, R>;
-/**
- * Create an auth service from an auth handler function.
+ * No-authentication implementation.
+ *
+ * Everyone gets write access with userId "anonymous".
+ * ONLY USE FOR DEVELOPMENT/TESTING.
  */
-declare const make: (authHandler: AuthHandler) => MimicAuthService;
+declare namespace NoAuth {
+  /**
+   * Create a NoAuth layer.
+   * All connections are authenticated with write permission.
+   */
+  const make: () => Layer.Layer<MimicAuthServiceTag>;
+}
 /**
- * Create an auth service from an Effect-based authenticate function.
+ * Static permissions implementation.
+ *
+ * Permissions are defined at configuration time.
+ * The token is treated as the userId.
  */
-declare const makeEffect: (authenticate: (token: string) => Effect.Effect<AuthResult>) => MimicAuthService;
+declare namespace Static {
+  interface Options {
+    /**
+     * Map of userId (token) to permission level
+     */
+    readonly permissions: Record<string, Permission>;
+    /**
+     * Default permission for users not in the permissions map.
+     * If undefined, unknown users will fail authentication.
+     */
+    readonly defaultPermission?: Permission;
+  }
+  /**
+   * Create a Static auth layer.
+   * The token is treated as the userId, and permissions are looked up from the config.
+   */
+  const make: (options: Options) => Layer.Layer<MimicAuthServiceTag>;
+}
+declare const MimicAuthService: {
+  Tag: typeof MimicAuthServiceTag;
+  make: <E, R>(effect: Effect.Effect<MimicAuthService, E, R>) => Layer.Layer<MimicAuthServiceTag, E, R>;
+  NoAuth: typeof NoAuth;
+  Static: typeof Static;
+};
 //#endregion
-export { MimicAuthServiceTag, MimicAuthService_d_exports };
+export { MimicAuthService, MimicAuthServiceTag };
 //# sourceMappingURL=MimicAuthService.d.cts.map

package/dist/MimicAuthService.d.cts.map

@@ -1 +1 @@
-{"version":3,"file":"MimicAuthService.d.cts","names":[],"sources":["../src/MimicAuthService.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;KAgBY,UAAA;;;;;;AAAZ,CAAA;AAQA;;;;AAA6E,KAAjE,WAAA,GAAiE,CAAA,KAAA,EAAA,MAAA,EAAA,GAAhC,OAAgC,CAAxB,UAAwB,CAAA,GAAV,UAAU;AAU7E;AAOC;;;UAPgB,gBAAA;;AAgBjB;AAWA;;;EAEI,SAAM,YAAA,EAAA,CAAA,KAAA,EAAA,MAAA,EAAA,GAvBkC,MAAA,CAAO,MAuBzC,CAvBgD,UAuBhD,CAAA;;AASV,cA/BC,wBAgC4C,kBAAA,oBAAA,EAAA,gDAAA,kBAAA,CAAA;;;;AADuB,cAtBvD,mBAAA,SAA4B,wBAAA,CAsB2B;;;;AAO1D,cAlBG,KAkBI,EAAA,CAAA,OAAA,EAAA;EACF,SAAA,WAAA,EAlBS,WAkBT;CAAqB,EAAA,GAjBhC,KAAA,CAAM,KAiB0B,CAjBpB,mBAiBoB,CAAA;;;;AAUvB,cAlBA,YAkBqB,EAAA,CAAc,OAAA,EAlBV,gBAqBpC,EAAA,GArBuD,KAAA,CAAM,KAqB7D,CArBmE,mBAqBnE,CAAA;AAKF;;;AAEG,cAtBU,WAsBV,EAAA,CAAA,CAAA,EAAA,CAAA,CAAA,CAAA,MAAA,EArBO,MAAA,CAAO,MAqBd,CArBqB,gBAqBrB,EArBuC,CAqBvC,EArB0C,CAqB1C,CAAA,EAAA,GApBA,KAAA,CAAM,KAoBN,CApBY,mBAoBZ,EApBiC,CAoBjC,EApBoC,CAoBpC,CAAA;;;;cAVU,oBAAqB,gBAAc;;;;cAQnC,8CACsB,MAAA,CAAO,OAAO,gBAC9C"}
+{"version":3,"file":"MimicAuthService.d.cts","names":[],"sources":["../src/MimicAuthService.ts"],"sourcesContent":[],"mappings":";;;;;;;;AAoCC;;;;;AASD;AAmDA;AAyBA;;AAK0B,UAtGT,gBAAA,CAsGS;EAKO;;;;;AA4BjC;;EA7EwB,SAAA,YAAA,EAAA,CAAA,KAAA,EAAA,MAAA,EAAA,UAAA,EAAA,MAAA,EAAA,GA/CjB,MAAA,CAAO,MA+CU,CA/CH,WA+CG,EA/CU,mBA+CV,CAAA;;cA9CvB,wBA8C4C,kBAAA,oBAAA,EAAA,yCAAA,kBAAA,CAAA;;;;AACN,cAtC1B,mBAAA,SAA4B,wBAAA,CAsCF;;;;;;;kBAatB,MAAA;;;;;oBAKS,KAAA,CAAM,MAAM;;;;;;;;kBAoBrB,MAAA;;;;;0BAKS,eAAe;;;;;iCAKR;;;;;;wBAOD,YAAU,KAAA,CAAM,MAAM;;cAqBzC;;uBA7EH,MAAA,CAAO,OAAO,kBAAkB,GAAG,OAC1C,KAAA,CAAM,MAAM,qBAAqB,GAAG"}

package/dist/MimicAuthService.d.mts

@@ -1,65 +1,78 @@
-import * as Effect from "effect/Effect";
-import * as Layer from "effect/Layer";
-import * as Context from "effect/Context";
+import { AuthContext, Permission } from "./Types.mjs";
+import { AuthenticationError } from "./Errors.mjs";
+import { Context, Effect, Layer } from "effect";
 
 //#region src/MimicAuthService.d.ts
-declare namespace MimicAuthService_d_exports {
-  export { AuthHandler, AuthResult, MimicAuthService, MimicAuthServiceTag, layer, layerEffect, layerService, make, makeEffect };
-}
-/**
- * Result of an authentication attempt.
- */
-type AuthResult = {
-  readonly success: true;
-  readonly userId?: string;
-} | {
-  readonly success: false;
-  readonly error: string;
-};
-/**
- * Authentication handler function type.
- * Can be synchronous or return a Promise.
- */
-type AuthHandler = (token: string) => Promise<AuthResult> | AuthResult;
+
 /**
- * Authentication service interface.
- * Implementations can authenticate connections using various methods (JWT, API keys, etc.)
+ * MimicAuthService interface for authentication and authorization.
+ *
+ * The `authenticate` method receives the token from the client's auth message
+ * and the document ID being accessed. It should return an AuthContext on success
+ * or fail with AuthenticationError on failure.
+ *
+ * The permission in AuthContext determines what the user can do:
+ * - "read": Can subscribe, receive transactions, get snapshots
+ * - "write": All of the above, plus can submit transactions and set presence
  */
 interface MimicAuthService {
   /**
-   * Authenticate a connection using the provided token.
-   * @param token - The authentication token provided by the client
-   * @returns The authentication result
+   * Authenticate a connection and return authorization context.
+   *
+   * @param token - The token provided by the client
+   * @param documentId - The document ID being accessed
+   * @returns AuthContext with userId and permission level
    */
-  readonly authenticate: (token: string) => Effect.Effect<AuthResult>;
+  readonly authenticate: (token: string, documentId: string) => Effect.Effect<AuthContext, AuthenticationError>;
 }
-declare const MimicAuthServiceTag_base: Context.TagClass<MimicAuthServiceTag, "@voidhash/mimic-server-effect/MimicAuthService", MimicAuthService>;
+declare const MimicAuthServiceTag_base: Context.TagClass<MimicAuthServiceTag, "@voidhash/mimic-effect/MimicAuthService", MimicAuthService>;
 /**
- * Context tag for MimicAuthService service.
+ * Context tag for MimicAuthService
  */
 declare class MimicAuthServiceTag extends MimicAuthServiceTag_base {}
 /**
- * Create a MimicAuthService layer from an auth handler function.
- */
-declare const layer: (options: {
-  readonly authHandler: AuthHandler;
-}) => Layer.Layer<MimicAuthServiceTag>;
-/**
- * Create a MimicAuthService layer from an auth service implementation.
- */
-declare const layerService: (service: MimicAuthService) => Layer.Layer<MimicAuthServiceTag>;
-/**
- * Create a MimicAuthService layer from an Effect that produces an auth service.
- */
-declare const layerEffect: <E, R>(effect: Effect.Effect<MimicAuthService, E, R>) => Layer.Layer<MimicAuthServiceTag, E, R>;
-/**
- * Create an auth service from an auth handler function.
+ * No-authentication implementation.
+ *
+ * Everyone gets write access with userId "anonymous".
+ * ONLY USE FOR DEVELOPMENT/TESTING.
  */
-declare const make: (authHandler: AuthHandler) => MimicAuthService;
+declare namespace NoAuth {
+  /**
+   * Create a NoAuth layer.
+   * All connections are authenticated with write permission.
+   */
+  const make: () => Layer.Layer<MimicAuthServiceTag>;
+}
 /**
- * Create an auth service from an Effect-based authenticate function.
+ * Static permissions implementation.
+ *
+ * Permissions are defined at configuration time.
+ * The token is treated as the userId.
  */
-declare const makeEffect: (authenticate: (token: string) => Effect.Effect<AuthResult>) => MimicAuthService;
+declare namespace Static {
+  interface Options {
+    /**
+     * Map of userId (token) to permission level
+     */
+    readonly permissions: Record<string, Permission>;
+    /**
+     * Default permission for users not in the permissions map.
+     * If undefined, unknown users will fail authentication.
+     */
+    readonly defaultPermission?: Permission;
+  }
+  /**
+   * Create a Static auth layer.
+   * The token is treated as the userId, and permissions are looked up from the config.
+   */
+  const make: (options: Options) => Layer.Layer<MimicAuthServiceTag>;
+}
+declare const MimicAuthService: {
+  Tag: typeof MimicAuthServiceTag;
+  make: <E, R>(effect: Effect.Effect<MimicAuthService, E, R>) => Layer.Layer<MimicAuthServiceTag, E, R>;
+  NoAuth: typeof NoAuth;
+  Static: typeof Static;
+};
 //#endregion
-export { MimicAuthServiceTag, MimicAuthService_d_exports };
+export { MimicAuthService, MimicAuthServiceTag };
 //# sourceMappingURL=MimicAuthService.d.mts.map

package/dist/MimicAuthService.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"MimicAuthService.d.mts","names":[],"sources":["../src/MimicAuthService.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;KAgBY,UAAA;;;;;;AAAZ,CAAA;AAQA;;;;AAA6E,KAAjE,WAAA,GAAiE,CAAA,KAAA,EAAA,MAAA,EAAA,GAAhC,OAAgC,CAAxB,UAAwB,CAAA,GAAV,UAAU;AAU7E;AAOC;;;UAPgB,gBAAA;;AAgBjB;AAWA;;;EAEI,SAAM,YAAA,EAAA,CAAA,KAAA,EAAA,MAAA,EAAA,GAvBkC,MAAA,CAAO,MAuBzC,CAvBgD,UAuBhD,CAAA;;AASV,cA/BC,wBAgC4C,kBAAA,oBAAA,EAAA,gDAAA,kBAAA,CAAA;;;;AADuB,cAtBvD,mBAAA,SAA4B,wBAAA,CAsB2B;;;;AAO1D,cAlBG,KAkBI,EAAA,CAAA,OAAA,EAAA;EACF,SAAA,WAAA,EAlBS,WAkBT;CAAqB,EAAA,GAjBhC,KAAA,CAAM,KAiB0B,CAjBpB,mBAiBoB,CAAA;;;;AAUvB,cAlBA,YAkBqB,EAAA,CAAc,OAAA,EAlBV,gBAqBpC,EAAA,GArBuD,KAAA,CAAM,KAqB7D,CArBmE,mBAqBnE,CAAA;AAKF;;;AAEG,cAtBU,WAsBV,EAAA,CAAA,CAAA,EAAA,CAAA,CAAA,CAAA,MAAA,EArBO,MAAA,CAAO,MAqBd,CArBqB,gBAqBrB,EArBuC,CAqBvC,EArB0C,CAqB1C,CAAA,EAAA,GApBA,KAAA,CAAM,KAoBN,CApBY,mBAoBZ,EApBiC,CAoBjC,EApBoC,CAoBpC,CAAA;;;;cAVU,oBAAqB,gBAAc;;;;cAQnC,8CACsB,MAAA,CAAO,OAAO,gBAC9C"}
+{"version":3,"file":"MimicAuthService.d.mts","names":[],"sources":["../src/MimicAuthService.ts"],"sourcesContent":[],"mappings":";;;;;;;;AAoCC;;;;;AASD;AAmDA;AAyBA;;AAK0B,UAtGT,gBAAA,CAsGS;EAKO;;;;;AA4BjC;;EA7EwB,SAAA,YAAA,EAAA,CAAA,KAAA,EAAA,MAAA,EAAA,UAAA,EAAA,MAAA,EAAA,GA/CjB,MAAA,CAAO,MA+CU,CA/CH,WA+CG,EA/CU,mBA+CV,CAAA;;cA9CvB,wBA8C4C,kBAAA,oBAAA,EAAA,yCAAA,kBAAA,CAAA;;;;AACN,cAtC1B,mBAAA,SAA4B,wBAAA,CAsCF;;;;;;;kBAatB,MAAA;;;;;oBAKS,KAAA,CAAM,MAAM;;;;;;;;kBAoBrB,MAAA;;;;;0BAKS,eAAe;;;;;iCAKR;;;;;;wBAOD,YAAU,KAAA,CAAM,MAAM;;cAqBzC;;uBA7EH,MAAA,CAAO,OAAO,kBAAkB,GAAG,OAC1C,KAAA,CAAM,MAAM,qBAAqB,GAAG"}

package/dist/MimicAuthService.mjs

@@ -1,47 +1,71 @@
-import { __export } from "./_virtual/rolldown_runtime.mjs";
-import * as Effect from "effect/Effect";
-import * as Layer from "effect/Layer";
-import * as Context from "effect/Context";
+import { AuthenticationError } from "./Errors.mjs";
+import { Context, Effect, Layer } from "effect";
 
 //#region src/MimicAuthService.ts
 /**
-* @since 0.0.1
-* Authentication service interface for Mimic connections.
-* Provides pluggable authentication adapters.
+* @voidhash/mimic-effect - MimicAuthService
+*
+* Authentication and authorization service interface and implementations.
 */
-var MimicAuthService_exports = /* @__PURE__ */ __export({
-	MimicAuthServiceTag: () => MimicAuthServiceTag,
-	layer: () => layer,
-	layerEffect: () => layerEffect,
-	layerService: () => layerService,
-	make: () => make,
-	makeEffect: () => makeEffect
-});
 /**
-* Context tag for MimicAuthService service.
+* Context tag for MimicAuthService
 */
-var MimicAuthServiceTag = class extends Context.Tag("@voidhash/mimic-server-effect/MimicAuthService")() {};
+var MimicAuthServiceTag = class extends Context.Tag("@voidhash/mimic-effect/MimicAuthService")() {};
 /**
-* Create a MimicAuthService layer from an auth handler function.
+* Create a MimicAuthService layer from an Effect that produces the service.
+*
+* This allows you to access other Effect services when implementing authentication.
+*
+* @example
+* ```typescript
+* const Auth = MimicAuthService.make(
+*   Effect.gen(function*() {
+*     const db = yield* DatabaseService
+*     const jwt = yield* JwtService
+*
+*     return {
+*       authenticate: (token, documentId) =>
+*         Effect.gen(function*() {
+*           const payload = yield* jwt.verify(token).pipe(
+*             Effect.mapError(() => new AuthenticationError({ reason: "Invalid token" }))
+*           )
+*
+*           const permission = yield* db.getDocumentPermission(payload.userId, documentId)
+*
+*           return { userId: payload.userId, permission }
+*         })
+*     }
+*   })
+* )
+* ```
 */
-const layer = (options) => Layer.succeed(MimicAuthServiceTag, { authenticate: (token) => Effect.promise(() => Promise.resolve(options.authHandler(token))) });
-/**
-* Create a MimicAuthService layer from an auth service implementation.
-*/
-const layerService = (service) => Layer.succeed(MimicAuthServiceTag, service);
-/**
-* Create a MimicAuthService layer from an Effect that produces an auth service.
-*/
-const layerEffect = (effect) => Layer.effect(MimicAuthServiceTag, effect);
-/**
-* Create an auth service from an auth handler function.
-*/
-const make = (authHandler) => ({ authenticate: (token) => Effect.promise(() => Promise.resolve(authHandler(token))) });
-/**
-* Create an auth service from an Effect-based authenticate function.
-*/
-const makeEffect = (authenticate) => ({ authenticate });
+const make = (effect) => Layer.effect(MimicAuthServiceTag, effect);
+let NoAuth;
+(function(_NoAuth) {
+	_NoAuth.make = () => Layer.succeed(MimicAuthServiceTag, { authenticate: (_token, _documentId) => Effect.succeed({
+		userId: "anonymous",
+		permission: "write"
+	}) });
+})(NoAuth || (NoAuth = {}));
+let Static;
+(function(_Static) {
+	_Static.make = (options) => Layer.succeed(MimicAuthServiceTag, { authenticate: (token, _documentId) => {
+		var _options$permissions$;
+		const permission = (_options$permissions$ = options.permissions[token]) !== null && _options$permissions$ !== void 0 ? _options$permissions$ : options.defaultPermission;
+		if (permission === void 0) return Effect.fail(new AuthenticationError({ reason: "Unknown user" }));
+		return Effect.succeed({
+			userId: token,
+			permission
+		});
+	} });
+})(Static || (Static = {}));
+const MimicAuthService = {
+	Tag: MimicAuthServiceTag,
+	make,
+	NoAuth,
+	Static
+};
 
 //#endregion
-export { MimicAuthServiceTag, MimicAuthService_exports };
+export { MimicAuthService, MimicAuthServiceTag };
 //# sourceMappingURL=MimicAuthService.mjs.map

package/dist/MimicAuthService.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"MimicAuthService.mjs","names":[],"sources":["../src/MimicAuthService.ts"],"sourcesContent":["/**\n * @since 0.0.1\n * Authentication service interface for Mimic connections.\n * Provides pluggable authentication adapters.\n */\nimport * as Effect from \"effect/Effect\";\nimport * as Context from \"effect/Context\";\nimport * as Layer from \"effect/Layer\";\n\n// =============================================================================\n// Authentication Types\n// =============================================================================\n\n/**\n * Result of an authentication attempt.\n */\nexport type AuthResult =\n  | { readonly success: true; readonly userId?: string }\n  | { readonly success: false; readonly error: string };\n\n/**\n * Authentication handler function type.\n * Can be synchronous or return a Promise.\n */\nexport type AuthHandler = (token: string) => Promise<AuthResult> | AuthResult;\n\n// =============================================================================\n// Auth Service Interface\n// =============================================================================\n\n/**\n * Authentication service interface.\n * Implementations can authenticate connections using various methods (JWT, API keys, etc.)\n */\nexport interface MimicAuthService {\n  /**\n   * Authenticate a connection using the provided token.\n   * @param token - The authentication token provided by the client\n   * @returns The authentication result\n   */\n  readonly authenticate: (token: string) => Effect.Effect<AuthResult>;\n}\n\n// =============================================================================\n// Context Tag\n// =============================================================================\n\n/**\n * Context tag for MimicAuthService service.\n */\nexport class MimicAuthServiceTag extends Context.Tag(\n  \"@voidhash/mimic-server-effect/MimicAuthService\"\n)<MimicAuthServiceTag, MimicAuthService>() {}\n\n// =============================================================================\n// Layer Constructors\n// =============================================================================\n\n/**\n * Create a MimicAuthService layer from an auth handler function.\n */\nexport const layer = (options: {\n  readonly authHandler: AuthHandler;\n}): Layer.Layer<MimicAuthServiceTag> =>\n  Layer.succeed(MimicAuthServiceTag, {\n    authenticate: (token: string) =>\n      Effect.promise(() => Promise.resolve(options.authHandler(token))),\n  });\n\n/**\n * Create a MimicAuthService layer from an auth service implementation.\n */\nexport const layerService = (service: MimicAuthService): Layer.Layer<MimicAuthServiceTag> =>\n  Layer.succeed(MimicAuthServiceTag, service);\n\n/**\n * Create a MimicAuthService layer from an Effect that produces an auth service.\n */\nexport const layerEffect = <E, R>(\n  effect: Effect.Effect<MimicAuthService, E, R>\n): Layer.Layer<MimicAuthServiceTag, E, R> =>\n  Layer.effect(MimicAuthServiceTag, effect);\n\n// =============================================================================\n// Helper Functions\n// =============================================================================\n\n/**\n * Create an auth service from an auth handler function.\n */\nexport const make = (authHandler: AuthHandler): MimicAuthService => ({\n  authenticate: (token: string) =>\n    Effect.promise(() => Promise.resolve(authHandler(token))),\n});\n\n/**\n * Create an auth service from an Effect-based authenticate function.\n */\nexport const makeEffect = (\n  authenticate: (token: string) => Effect.Effect<AuthResult>\n): MimicAuthService => ({\n  authenticate,\n});\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAkDA,IAAa,sBAAb,cAAyC,QAAQ,IAC/C,iDACD,EAAyC,CAAC;;;;AAS3C,MAAa,SAAS,YAGpB,MAAM,QAAQ,qBAAqB,EACjC,eAAe,UACb,OAAO,cAAc,QAAQ,QAAQ,QAAQ,YAAY,MAAM,CAAC,CAAC,EACpE,CAAC;;;;AAKJ,MAAa,gBAAgB,YAC3B,MAAM,QAAQ,qBAAqB,QAAQ;;;;AAK7C,MAAa,eACX,WAEA,MAAM,OAAO,qBAAqB,OAAO;;;;AAS3C,MAAa,QAAQ,iBAAgD,EACnE,eAAe,UACb,OAAO,cAAc,QAAQ,QAAQ,YAAY,MAAM,CAAC,CAAC,EAC5D;;;;AAKD,MAAa,cACX,kBACsB,EACtB,cACD"}
+{"version":3,"file":"MimicAuthService.mjs","names":[],"sources":["../src/MimicAuthService.ts"],"sourcesContent":["/**\n * @voidhash/mimic-effect - MimicAuthService\n *\n * Authentication and authorization service interface and implementations.\n */\nimport { Context, Effect, Layer } from \"effect\";\nimport type { AuthContext, Permission } from \"./Types\";\nimport { AuthenticationError } from \"./Errors\";\n\n// =============================================================================\n// MimicAuthService Interface\n// =============================================================================\n\n/**\n * MimicAuthService interface for authentication and authorization.\n *\n * The `authenticate` method receives the token from the client's auth message\n * and the document ID being accessed. It should return an AuthContext on success\n * or fail with AuthenticationError on failure.\n *\n * The permission in AuthContext determines what the user can do:\n * - \"read\": Can subscribe, receive transactions, get snapshots\n * - \"write\": All of the above, plus can submit transactions and set presence\n */\nexport interface MimicAuthService {\n  /**\n   * Authenticate a connection and return authorization context.\n   *\n   * @param token - The token provided by the client\n   * @param documentId - The document ID being accessed\n   * @returns AuthContext with userId and permission level\n   */\n  readonly authenticate: (\n    token: string,\n    documentId: string\n  ) => Effect.Effect<AuthContext, AuthenticationError>;\n}\n\n// =============================================================================\n// Context Tag\n// =============================================================================\n\n/**\n * Context tag for MimicAuthService\n */\nexport class MimicAuthServiceTag extends Context.Tag(\n  \"@voidhash/mimic-effect/MimicAuthService\"\n)<MimicAuthServiceTag, MimicAuthService>() {}\n\n// =============================================================================\n// Factory\n// =============================================================================\n\n/**\n * Create a MimicAuthService layer from an Effect that produces the service.\n *\n * This allows you to access other Effect services when implementing authentication.\n *\n * @example\n * ```typescript\n * const Auth = MimicAuthService.make(\n *   Effect.gen(function*() {\n *     const db = yield* DatabaseService\n *     const jwt = yield* JwtService\n *\n *     return {\n *       authenticate: (token, documentId) =>\n *         Effect.gen(function*() {\n *           const payload = yield* jwt.verify(token).pipe(\n *             Effect.mapError(() => new AuthenticationError({ reason: \"Invalid token\" }))\n *           )\n *\n *           const permission = yield* db.getDocumentPermission(payload.userId, documentId)\n *\n *           return { userId: payload.userId, permission }\n *         })\n *     }\n *   })\n * )\n * ```\n */\nexport const make = <E, R>(\n  effect: Effect.Effect<MimicAuthService, E, R>\n): Layer.Layer<MimicAuthServiceTag, E, R> =>\n  Layer.effect(MimicAuthServiceTag, effect);\n\n// =============================================================================\n// NoAuth Implementation\n// =============================================================================\n\n/**\n * No-authentication implementation.\n *\n * Everyone gets write access with userId \"anonymous\".\n * ONLY USE FOR DEVELOPMENT/TESTING.\n */\nexport namespace NoAuth {\n  /**\n   * Create a NoAuth layer.\n   * All connections are authenticated with write permission.\n   */\n  export const make = (): Layer.Layer<MimicAuthServiceTag> =>\n    Layer.succeed(MimicAuthServiceTag, {\n      authenticate: (_token, _documentId) =>\n        Effect.succeed({\n          userId: \"anonymous\",\n          permission: \"write\" as const,\n        }),\n    });\n}\n\n// =============================================================================\n// Static Implementation\n// =============================================================================\n\n/**\n * Static permissions implementation.\n *\n * Permissions are defined at configuration time.\n * The token is treated as the userId.\n */\nexport namespace Static {\n  export interface Options {\n    /**\n     * Map of userId (token) to permission level\n     */\n    readonly permissions: Record<string, Permission>;\n    /**\n     * Default permission for users not in the permissions map.\n     * If undefined, unknown users will fail authentication.\n     */\n    readonly defaultPermission?: Permission;\n  }\n\n  /**\n   * Create a Static auth layer.\n   * The token is treated as the userId, and permissions are looked up from the config.\n   */\n  export const make = (options: Options): Layer.Layer<MimicAuthServiceTag> =>\n    Layer.succeed(MimicAuthServiceTag, {\n      authenticate: (token, _documentId) => {\n        const permission = options.permissions[token] ?? options.defaultPermission;\n        if (permission === undefined) {\n          return Effect.fail(\n            new AuthenticationError({ reason: \"Unknown user\" })\n          );\n        }\n        return Effect.succeed({\n          userId: token,\n          permission,\n        });\n      },\n    });\n}\n\n// =============================================================================\n// Re-export namespace\n// =============================================================================\n\nexport const MimicAuthService = {\n  Tag: MimicAuthServiceTag,\n  make,\n  NoAuth,\n  Static,\n};\n"],"mappings":";;;;;;;;;;;;AA6CA,IAAa,sBAAb,cAAyC,QAAQ,IAC/C,0CACD,EAAyC,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkC3C,MAAa,QACX,WAEA,MAAM,OAAO,qBAAqB,OAAO;;;sBAkBvC,MAAM,QAAQ,qBAAqB,EACjC,eAAe,QAAQ,gBACrB,OAAO,QAAQ;EACb,QAAQ;EACR,YAAY;EACb,CAAC,EACL,CAAC;;;;iBA8BiB,YACnB,MAAM,QAAQ,qBAAqB,EACjC,eAAe,OAAO,gBAAgB;;EACpC,MAAM,sCAAa,QAAQ,YAAY,+EAAU,QAAQ;AACzD,MAAI,eAAe,OACjB,QAAO,OAAO,KACZ,IAAI,oBAAoB,EAAE,QAAQ,gBAAgB,CAAC,CACpD;AAEH,SAAO,OAAO,QAAQ;GACpB,QAAQ;GACR;GACD,CAAC;IAEL,CAAC;;AAON,MAAa,mBAAmB;CAC9B,KAAK;CACL;CACA;CACA;CACD"}