@workjournal/shared 0.1.0

package/README.md

@@ -0,0 +1,19 @@
+# @workjournal/shared
+
+Shared types, constants, and credential helpers used by [@workjournal/cli](https://www.npmjs.com/package/@workjournal/cli) and [@workjournal/mcp-server](https://www.npmjs.com/package/@workjournal/mcp-server).
+
+This package isn't intended for direct consumption — it's a workspace dependency of the published Workjournal client packages. It's published to npm only so that those packages can resolve their own dependencies.
+
+## Exports
+
+| Subpath | Contents |
+|---|---|
+| `@workjournal/shared` | Types (`Entry`, `Journal`, `JournalMember`, `Invitation`, …), API path builders, error codes, opaque-token codec |
+| `@workjournal/shared/credentials` | Node-only credential file I/O + `/v1/auth/refresh` client (used by CLI + MCP server) |
+
+The default entry has zero runtime dependencies and works in any JavaScript runtime (Node, Cloudflare Workers, browsers). The `credentials` subpath imports `node:fs` / `node:os` and is Node-only.
+
+## Links
+
+- [Workjournal](https://workjournal.pro)
+- [GitHub](https://github.com/workjournal-pro/workjournal)

package/dist/constants.d.ts

@@ -0,0 +1,55 @@
+export declare const API_VERSION: "v1";
+export declare const TIER_LIMITS: {
+    readonly PERSONAL: {
+        readonly journals: 5;
+        readonly entriesPerJournal: 500;
+    };
+    readonly PRO: {
+        readonly journals: 20;
+        readonly entriesPerJournal: 2000;
+    };
+    readonly ADMIN: {
+        readonly journals: 100;
+        readonly entriesPerJournal: 10000;
+    };
+};
+export declare const API_PATHS: {
+    readonly health: "/v1/health";
+    readonly accounts: "/v1/accounts";
+    readonly account: (id: string) => string;
+    readonly journals: "/v1/journals";
+    readonly journal: (id: string) => string;
+    readonly entries: (journalId: string) => string;
+    readonly entry: (journalId: string, index: number | string) => string;
+    readonly searchEntries: (journalId: string) => string;
+    readonly members: (journalId: string) => string;
+    readonly member: (journalId: string, userId: string) => string;
+    readonly invitations: (journalId: string) => string;
+    readonly invitation: (journalId: string, invitationId: string) => string;
+    readonly acceptInvitation: "/v1/invitations/accept";
+    readonly exportJournal: (journalId: string) => string;
+    readonly publicJournal: (slug: string) => string;
+    readonly publicEntries: (slug: string) => string;
+};
+export declare const ERROR_CODES: {
+    readonly BAD_REQUEST: "BAD_REQUEST";
+    readonly UNAUTHORIZED: "UNAUTHORIZED";
+    readonly FORBIDDEN: "FORBIDDEN";
+    readonly NOT_FOUND: "NOT_FOUND";
+    readonly CONFLICT: "CONFLICT";
+    readonly VALIDATION_ERROR: "VALIDATION_ERROR";
+    readonly INTERNAL_ERROR: "INTERNAL_ERROR";
+    readonly EMAIL_MISMATCH: "EMAIL_MISMATCH";
+    readonly INVITATION_EXPIRED: "INVITATION_EXPIRED";
+    readonly INVITATION_REVOKED: "INVITATION_REVOKED";
+    readonly INVITATION_ALREADY_ACCEPTED: "INVITATION_ALREADY_ACCEPTED";
+    readonly TIER_LIMIT_REACHED: "TIER_LIMIT_REACHED";
+};
+export type ErrorCode = (typeof ERROR_CODES)[keyof typeof ERROR_CODES];
+export declare const MAX_SUMMARY_LENGTH = 500;
+export declare const MAX_JOURNAL_NAME_LENGTH = 255;
+export declare const MAX_EMAIL_LENGTH = 320;
+export declare const DEFAULT_PAGE_LIMIT = 50;
+export declare const MAX_PAGE_LIMIT = 100;
+export declare const PUBLIC_SLUG_LENGTH = 12;
+//# sourceMappingURL=constants.d.ts.map

package/dist/constants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,WAAW,EAAG,IAAa,CAAC;AAEzC,eAAO,MAAM,WAAW;;;;;;;;;;;;;CAId,CAAC;AAEX,eAAO,MAAM,SAAS;;;2BAGP,MAAM;;2BAEN,MAAM;kCACC,MAAM;gCACR,MAAM,SAAS,MAAM,GAAG,MAAM;wCAEtB,MAAM;kCACZ,MAAM;iCACP,MAAM,UAAU,MAAM;sCAEjB,MAAM;qCACP,MAAM,gBAAgB,MAAM;;wCAGzB,MAAM;mCACX,MAAM;mCACN,MAAM;CACnB,CAAC;AAEX,eAAO,MAAM,WAAW;;;;;;;;;;;;;CAad,CAAC;AAEX,MAAM,MAAM,SAAS,GAAG,CAAC,OAAO,WAAW,CAAC,CAAC,MAAM,OAAO,WAAW,CAAC,CAAC;AAEvE,eAAO,MAAM,kBAAkB,MAAM,CAAC;AACtC,eAAO,MAAM,uBAAuB,MAAM,CAAC;AAC3C,eAAO,MAAM,gBAAgB,MAAM,CAAC;AAEpC,eAAO,MAAM,kBAAkB,KAAK,CAAC;AACrC,eAAO,MAAM,cAAc,MAAM,CAAC;AAElC,eAAO,MAAM,kBAAkB,KAAK,CAAC"}

package/dist/constants.js

@@ -0,0 +1,45 @@
+export const API_VERSION = 'v1';
+export const TIER_LIMITS = {
+    PERSONAL: { journals: 5, entriesPerJournal: 500 },
+    PRO: { journals: 20, entriesPerJournal: 2000 },
+    ADMIN: { journals: 100, entriesPerJournal: 10000 },
+};
+export const API_PATHS = {
+    health: `/${API_VERSION}/health`,
+    accounts: `/${API_VERSION}/accounts`,
+    account: (id) => `/${API_VERSION}/accounts/${id}`,
+    journals: `/${API_VERSION}/journals`,
+    journal: (id) => `/${API_VERSION}/journals/${id}`,
+    entries: (journalId) => `/${API_VERSION}/journals/${journalId}/entries`,
+    entry: (journalId, index) => `/${API_VERSION}/journals/${encodeURIComponent(journalId)}/entries/${encodeURIComponent(String(index))}`,
+    searchEntries: (journalId) => `/${API_VERSION}/journals/${journalId}/entries/search`,
+    members: (journalId) => `/${API_VERSION}/journals/${journalId}/members`,
+    member: (journalId, userId) => `/${API_VERSION}/journals/${journalId}/members/${userId}`,
+    invitations: (journalId) => `/${API_VERSION}/journals/${journalId}/invitations`,
+    invitation: (journalId, invitationId) => `/${API_VERSION}/journals/${journalId}/invitations/${invitationId}`,
+    acceptInvitation: `/${API_VERSION}/invitations/accept`,
+    exportJournal: (journalId) => `/${API_VERSION}/journals/${journalId}/export`,
+    publicJournal: (slug) => `/${API_VERSION}/public/${slug}`,
+    publicEntries: (slug) => `/${API_VERSION}/public/${slug}/entries`,
+};
+export const ERROR_CODES = {
+    BAD_REQUEST: 'BAD_REQUEST',
+    UNAUTHORIZED: 'UNAUTHORIZED',
+    FORBIDDEN: 'FORBIDDEN',
+    NOT_FOUND: 'NOT_FOUND',
+    CONFLICT: 'CONFLICT',
+    VALIDATION_ERROR: 'VALIDATION_ERROR',
+    INTERNAL_ERROR: 'INTERNAL_ERROR',
+    EMAIL_MISMATCH: 'EMAIL_MISMATCH',
+    INVITATION_EXPIRED: 'INVITATION_EXPIRED',
+    INVITATION_REVOKED: 'INVITATION_REVOKED',
+    INVITATION_ALREADY_ACCEPTED: 'INVITATION_ALREADY_ACCEPTED',
+    TIER_LIMIT_REACHED: 'TIER_LIMIT_REACHED',
+};
+export const MAX_SUMMARY_LENGTH = 500;
+export const MAX_JOURNAL_NAME_LENGTH = 255;
+export const MAX_EMAIL_LENGTH = 320;
+export const DEFAULT_PAGE_LIMIT = 50;
+export const MAX_PAGE_LIMIT = 100;
+export const PUBLIC_SLUG_LENGTH = 12;
+//# sourceMappingURL=constants.js.map

package/dist/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,WAAW,GAAG,IAAa,CAAC;AAEzC,MAAM,CAAC,MAAM,WAAW,GAAG;IAC1B,QAAQ,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,iBAAiB,EAAE,GAAG,EAAE;IACjD,GAAG,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,iBAAiB,EAAE,IAAI,EAAE;IAC9C,KAAK,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE,iBAAiB,EAAE,KAAK,EAAE;CACzC,CAAC;AAEX,MAAM,CAAC,MAAM,SAAS,GAAG;IACxB,MAAM,EAAE,IAAI,WAAW,SAAS;IAChC,QAAQ,EAAE,IAAI,WAAW,WAAW;IACpC,OAAO,EAAE,CAAC,EAAU,EAAE,EAAE,CAAC,IAAI,WAAW,aAAa,EAAE,EAAE;IACzD,QAAQ,EAAE,IAAI,WAAW,WAAW;IACpC,OAAO,EAAE,CAAC,EAAU,EAAE,EAAE,CAAC,IAAI,WAAW,aAAa,EAAE,EAAE;IACzD,OAAO,EAAE,CAAC,SAAiB,EAAE,EAAE,CAAC,IAAI,WAAW,aAAa,SAAS,UAAU;IAC/E,KAAK,EAAE,CAAC,SAAiB,EAAE,KAAsB,EAAE,EAAE,CACpD,IAAI,WAAW,aAAa,kBAAkB,CAAC,SAAS,CAAC,YAAY,kBAAkB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE;IACzG,aAAa,EAAE,CAAC,SAAiB,EAAE,EAAE,CAAC,IAAI,WAAW,aAAa,SAAS,iBAAiB;IAC5F,OAAO,EAAE,CAAC,SAAiB,EAAE,EAAE,CAAC,IAAI,WAAW,aAAa,SAAS,UAAU;IAC/E,MAAM,EAAE,CAAC,SAAiB,EAAE,MAAc,EAAE,EAAE,CAC7C,IAAI,WAAW,aAAa,SAAS,YAAY,MAAM,EAAE;IAC1D,WAAW,EAAE,CAAC,SAAiB,EAAE,EAAE,CAAC,IAAI,WAAW,aAAa,SAAS,cAAc;IACvF,UAAU,EAAE,CAAC,SAAiB,EAAE,YAAoB,EAAE,EAAE,CACvD,IAAI,WAAW,aAAa,SAAS,gBAAgB,YAAY,EAAE;IACpE,gBAAgB,EAAE,IAAI,WAAW,qBAAqB;IACtD,aAAa,EAAE,CAAC,SAAiB,EAAE,EAAE,CAAC,IAAI,WAAW,aAAa,SAAS,SAAS;IACpF,aAAa,EAAE,CAAC,IAAY,EAAE,EAAE,CAAC,IAAI,WAAW,WAAW,IAAI,EAAE;IACjE,aAAa,EAAE,CAAC,IAAY,EAAE,EAAE,CAAC,IAAI,WAAW,WAAW,IAAI,UAAU;CAChE,CAAC;AAEX,MAAM,CAAC,MAAM,WAAW,GAAG;IAC1B,WAAW,EAAE,aAAa;IAC1B,YAAY,EAAE,cAAc;IAC5B,SAAS,EAAE,WAAW;IACtB,SAAS,EAAE,WAAW;IACtB,QAAQ,EAAE,UAAU;IACpB,gBAAgB,EAAE,kBAAkB;IACpC,cAAc,EAAE,gBAAgB;IAChC,cAAc,EAAE,gBAAgB;IAChC,kBAAkB,EAAE,oBAAoB;IACxC,kBAAkB,EAAE,oBAAoB;IACxC,2BAA2B,EAAE,6BAA6B;IAC1D,kBAAkB,EAAE,oBAAoB;CAC/B,CAAC;AAIX,MAAM,CAAC,MAAM,kBAAkB,GAAG,GAAG,CAAC;AACtC,MAAM,CAAC,MAAM,uBAAuB,GAAG,GAAG,CAAC;AAC3C,MAAM,CAAC,MAAM,gBAAgB,GAAG,GAAG,CAAC;AAEpC,MAAM,CAAC,MAAM,kBAAkB,GAAG,EAAE,CAAC;AACrC,MAAM,CAAC,MAAM,cAAc,GAAG,GAAG,CAAC;AAElC,MAAM,CAAC,MAAM,kBAAkB,GAAG,EAAE,CAAC"}

package/dist/credentials.d.ts

@@ -0,0 +1,30 @@
+export interface StoredCredentials {
+    access_token: string;
+    refresh_token?: string;
+    expires_at: string;
+}
+export declare const CONFIG_DIR: string;
+export interface LoginState {
+    verifier: string;
+    challenge: string;
+    created_at: string;
+}
+export declare function readCredentials(): StoredCredentials | null;
+export declare function writeCredentials(creds: StoredCredentials): void;
+export declare function clearCredentials(): void;
+export declare function writeLoginState(state: LoginState): void;
+/**
+ * Read the in-progress login state file. Returns null if missing or unreadable.
+ * Does NOT enforce TTL — callers should check `created_at` against `LOGIN_STATE_TTL_MS`.
+ */
+export declare function readLoginState(): LoginState | null;
+export declare function clearLoginState(): void;
+export declare function isLoginStateExpired(state: LoginState): boolean;
+export declare function isExpired(creds: StoredCredentials): boolean;
+export declare function refreshAccessToken(refreshToken: string): Promise<StoredCredentials>;
+/**
+ * Get a valid access token, refreshing if expired.
+ * Returns null if no credentials are stored.
+ */
+export declare function getAccessToken(): Promise<string | null>;
+//# sourceMappingURL=credentials.d.ts.map

package/dist/credentials.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"credentials.d.ts","sourceRoot":"","sources":["../src/credentials.ts"],"names":[],"mappings":"AAWA,MAAM,WAAW,iBAAiB;IACjC,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;CACnB;AAED,eAAO,MAAM,UAAU,QAA2E,CAAC;AAOnG,MAAM,WAAW,UAAU;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACnB;AAQD,wBAAgB,eAAe,IAAI,iBAAiB,GAAG,IAAI,CAU1D;AAED,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,iBAAiB,GAAG,IAAI,CAI/D;AAED,wBAAgB,gBAAgB,IAAI,IAAI,CAIvC;AAED,wBAAgB,eAAe,CAAC,KAAK,EAAE,UAAU,GAAG,IAAI,CAIvD;AAED;;;GAGG;AACH,wBAAgB,cAAc,IAAI,UAAU,GAAG,IAAI,CA0BlD;AAED,wBAAgB,eAAe,IAAI,IAAI,CAItC;AAED,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAI9D;AAED,wBAAgB,SAAS,CAAC,KAAK,EAAE,iBAAiB,GAAG,OAAO,CAE3D;AAID,wBAAsB,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC,CA0BzF;AAED;;;GAGG;AACH,wBAAsB,cAAc,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAiB7D"}

package/dist/credentials.js

@@ -0,0 +1,125 @@
+import { existsSync, mkdirSync, readFileSync, renameSync, unlinkSync, writeFileSync, } from 'node:fs';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+export const CONFIG_DIR = process.env['WORKJOURNAL_CONFIG_DIR'] ?? join(homedir(), '.workjournal');
+const CREDENTIALS_PATH = join(CONFIG_DIR, 'credentials.json');
+const CREDENTIALS_TMP_PATH = `${CREDENTIALS_PATH}.tmp`;
+const LOGIN_STATE_PATH = join(CONFIG_DIR, 'cli-login-state.json');
+const LOGIN_STATE_TMP_PATH = `${LOGIN_STATE_PATH}.tmp`;
+const LOGIN_STATE_TTL_MS = 10 * 60 * 1000;
+function ensureConfigDir() {
+    if (!existsSync(CONFIG_DIR)) {
+        mkdirSync(CONFIG_DIR, { mode: 0o700, recursive: true });
+    }
+}
+export function readCredentials() {
+    if (!existsSync(CREDENTIALS_PATH)) {
+        return null;
+    }
+    try {
+        const raw = readFileSync(CREDENTIALS_PATH, 'utf-8');
+        return JSON.parse(raw);
+    }
+    catch {
+        return null;
+    }
+}
+export function writeCredentials(creds) {
+    ensureConfigDir();
+    writeFileSync(CREDENTIALS_TMP_PATH, `${JSON.stringify(creds, null, '\t')}\n`, { mode: 0o600 });
+    renameSync(CREDENTIALS_TMP_PATH, CREDENTIALS_PATH);
+}
+export function clearCredentials() {
+    if (existsSync(CREDENTIALS_PATH)) {
+        unlinkSync(CREDENTIALS_PATH);
+    }
+}
+export function writeLoginState(state) {
+    ensureConfigDir();
+    writeFileSync(LOGIN_STATE_TMP_PATH, `${JSON.stringify(state, null, '\t')}\n`, { mode: 0o600 });
+    renameSync(LOGIN_STATE_TMP_PATH, LOGIN_STATE_PATH);
+}
+/**
+ * Read the in-progress login state file. Returns null if missing or unreadable.
+ * Does NOT enforce TTL — callers should check `created_at` against `LOGIN_STATE_TTL_MS`.
+ */
+export function readLoginState() {
+    if (!existsSync(LOGIN_STATE_PATH)) {
+        return null;
+    }
+    try {
+        const raw = readFileSync(LOGIN_STATE_PATH, 'utf-8');
+        const parsed = JSON.parse(raw);
+        if (!parsed ||
+            typeof parsed !== 'object' ||
+            typeof parsed.verifier !== 'string' ||
+            parsed.verifier.length === 0 ||
+            typeof parsed.challenge !== 'string' ||
+            parsed.challenge.length === 0 ||
+            typeof parsed.created_at !== 'string') {
+            return null;
+        }
+        return {
+            verifier: parsed.verifier,
+            challenge: parsed.challenge,
+            created_at: parsed.created_at,
+        };
+    }
+    catch {
+        return null;
+    }
+}
+export function clearLoginState() {
+    if (existsSync(LOGIN_STATE_PATH)) {
+        unlinkSync(LOGIN_STATE_PATH);
+    }
+}
+export function isLoginStateExpired(state) {
+    const created = Date.parse(state.created_at);
+    if (!Number.isFinite(created))
+        return true;
+    return Date.now() - created > LOGIN_STATE_TTL_MS;
+}
+export function isExpired(creds) {
+    return new Date(creds.expires_at) < new Date();
+}
+const API_URL = process.env['WORKJOURNAL_API_URL'] ?? 'https://api.workjournal.pro';
+export async function refreshAccessToken(refreshToken) {
+    const res = await fetch(`${API_URL}/v1/auth/refresh`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ refresh_token: refreshToken }),
+    });
+    if (!res.ok) {
+        const text = await res.text();
+        throw new Error(`Token refresh failed (${res.status}): ${text}`);
+    }
+    const data = (await res.json());
+    const expiresAt = new Date(Date.now() + data.expires_in * 1000).toISOString();
+    const creds = {
+        access_token: data.access_token,
+        refresh_token: data.refresh_token,
+        expires_at: expiresAt,
+    };
+    writeCredentials(creds);
+    return creds;
+}
+/**
+ * Get a valid access token, refreshing if expired.
+ * Returns null if no credentials are stored.
+ */
+export async function getAccessToken() {
+    const creds = readCredentials();
+    if (!creds) {
+        return null;
+    }
+    if (isExpired(creds)) {
+        if (!creds.refresh_token) {
+            throw new Error('Access token expired and no refresh token available. Please run `workjournal login` again.');
+        }
+        const refreshed = await refreshAccessToken(creds.refresh_token);
+        return refreshed.access_token;
+    }
+    return creds.access_token;
+}
+//# sourceMappingURL=credentials.js.map

package/dist/credentials.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"credentials.js","sourceRoot":"","sources":["../src/credentials.ts"],"names":[],"mappings":"AAAA,OAAO,EACN,UAAU,EACV,SAAS,EACT,YAAY,EACZ,UAAU,EACV,UAAU,EACV,aAAa,GACb,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAQjC,MAAM,CAAC,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,EAAE,cAAc,CAAC,CAAC;AACnG,MAAM,gBAAgB,GAAG,IAAI,CAAC,UAAU,EAAE,kBAAkB,CAAC,CAAC;AAC9D,MAAM,oBAAoB,GAAG,GAAG,gBAAgB,MAAM,CAAC;AACvD,MAAM,gBAAgB,GAAG,IAAI,CAAC,UAAU,EAAE,sBAAsB,CAAC,CAAC;AAClE,MAAM,oBAAoB,GAAG,GAAG,gBAAgB,MAAM,CAAC;AACvD,MAAM,kBAAkB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAQ1C,SAAS,eAAe;IACvB,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC7B,SAAS,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzD,CAAC;AACF,CAAC;AAED,MAAM,UAAU,eAAe;IAC9B,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACnC,OAAO,IAAI,CAAC;IACb,CAAC;IACD,IAAI,CAAC;QACJ,MAAM,GAAG,GAAG,YAAY,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;QACpD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAsB,CAAC;IAC7C,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,IAAI,CAAC;IACb,CAAC;AACF,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,KAAwB;IACxD,eAAe,EAAE,CAAC;IAClB,aAAa,CAAC,oBAAoB,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC/F,UAAU,CAAC,oBAAoB,EAAE,gBAAgB,CAAC,CAAC;AACpD,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC/B,IAAI,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAClC,UAAU,CAAC,gBAAgB,CAAC,CAAC;IAC9B,CAAC;AACF,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,KAAiB;IAChD,eAAe,EAAE,CAAC;IAClB,aAAa,CAAC,oBAAoB,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC/F,UAAU,CAAC,oBAAoB,EAAE,gBAAgB,CAAC,CAAC;AACpD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,cAAc;IAC7B,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACnC,OAAO,IAAI,CAAC;IACb,CAAC;IACD,IAAI,CAAC;QACJ,MAAM,GAAG,GAAG,YAAY,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;QACpD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAwB,CAAC;QACtD,IACC,CAAC,MAAM;YACP,OAAO,MAAM,KAAK,QAAQ;YAC1B,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ;YACnC,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC;YAC5B,OAAO,MAAM,CAAC,SAAS,KAAK,QAAQ;YACpC,MAAM,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC;YAC7B,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,EACpC,CAAC;YACF,OAAO,IAAI,CAAC;QACb,CAAC;QACD,OAAO;YACN,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,UAAU,EAAE,MAAM,CAAC,UAAU;SAC7B,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,IAAI,CAAC;IACb,CAAC;AACF,CAAC;AAED,MAAM,UAAU,eAAe;IAC9B,IAAI,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAClC,UAAU,CAAC,gBAAgB,CAAC,CAAC;IAC9B,CAAC;AACF,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,KAAiB;IACpD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAC7C,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IAC3C,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,GAAG,kBAAkB,CAAC;AAClD,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,KAAwB;IACjD,OAAO,IAAI,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,IAAI,IAAI,EAAE,CAAC;AAChD,CAAC;AAED,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,6BAA6B,CAAC;AAEpF,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,YAAoB;IAC5D,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,kBAAkB,EAAE;QACrD,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,aAAa,EAAE,YAAY,EAAE,CAAC;KACrD,CAAC,CAAC;IAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACb,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,yBAAyB,GAAG,CAAC,MAAM,MAAM,IAAI,EAAE,CAAC,CAAC;IAClE,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAI7B,CAAC;IACF,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;IAE9E,MAAM,KAAK,GAAsB;QAChC,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,aAAa,EAAE,IAAI,CAAC,aAAa;QACjC,UAAU,EAAE,SAAS;KACrB,CAAC;IACF,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACxB,OAAO,KAAK,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc;IACnC,MAAM,KAAK,GAAG,eAAe,EAAE,CAAC;IAChC,IAAI,CAAC,KAAK,EAAE,CAAC;QACZ,OAAO,IAAI,CAAC;IACb,CAAC;IAED,IAAI,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;QACtB,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CACd,4FAA4F,CAC5F,CAAC;QACH,CAAC;QACD,MAAM,SAAS,GAAG,MAAM,kBAAkB,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAChE,OAAO,SAAS,CAAC,YAAY,CAAC;IAC/B,CAAC;IAED,OAAO,KAAK,CAAC,YAAY,CAAC;AAC3B,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,6 @@
+export type { ErrorCode } from './constants.js';
+export { API_PATHS, API_VERSION, DEFAULT_PAGE_LIMIT, ERROR_CODES, MAX_EMAIL_LENGTH, MAX_JOURNAL_NAME_LENGTH, MAX_PAGE_LIMIT, MAX_SUMMARY_LENGTH, TIER_LIMITS, } from './constants.js';
+export type { BearerResolution, WrappedPayload } from './opaque-token.js';
+export { AAD_STRING, isOpaqueToken, KEY_LEN, NONCE_LEN, resolveBearer, TAG_LEN, unwrapToken, WJTK_PREFIX, wrapToken, } from './opaque-token.js';
+export type { AcceptInvitationRequest, Account, AccountType, ApiError, CreateAccountRequest, CreateEntryRequest, CreateInvitationRequest, CreateJournalRequest, Entry, EntrySummary, Invitation, Journal, JournalMember, PaginatedResponse, UpdateEntryRequest, UpdateJournalRequest, } from './types.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAEhD,OAAO,EACN,SAAS,EACT,WAAW,EACX,kBAAkB,EAClB,WAAW,EACX,gBAAgB,EAChB,uBAAuB,EACvB,cAAc,EACd,kBAAkB,EAClB,WAAW,GACX,MAAM,gBAAgB,CAAC;AACxB,YAAY,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAC1E,OAAO,EACN,UAAU,EACV,aAAa,EACb,OAAO,EACP,SAAS,EACT,aAAa,EACb,OAAO,EACP,WAAW,EACX,WAAW,EACX,SAAS,GACT,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EACX,uBAAuB,EACvB,OAAO,EACP,WAAW,EACX,QAAQ,EACR,oBAAoB,EACpB,kBAAkB,EAClB,uBAAuB,EACvB,oBAAoB,EACpB,KAAK,EACL,YAAY,EACZ,UAAU,EACV,OAAO,EACP,aAAa,EACb,iBAAiB,EACjB,kBAAkB,EAClB,oBAAoB,GACpB,MAAM,YAAY,CAAC"}

package/dist/index.js

@@ -0,0 +1,3 @@
+export { API_PATHS, API_VERSION, DEFAULT_PAGE_LIMIT, ERROR_CODES, MAX_EMAIL_LENGTH, MAX_JOURNAL_NAME_LENGTH, MAX_PAGE_LIMIT, MAX_SUMMARY_LENGTH, TIER_LIMITS, } from './constants.js';
+export { AAD_STRING, isOpaqueToken, KEY_LEN, NONCE_LEN, resolveBearer, TAG_LEN, unwrapToken, WJTK_PREFIX, wrapToken, } from './opaque-token.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,EACN,SAAS,EACT,WAAW,EACX,kBAAkB,EAClB,WAAW,EACX,gBAAgB,EAChB,uBAAuB,EACvB,cAAc,EACd,kBAAkB,EAClB,WAAW,GACX,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACN,UAAU,EACV,aAAa,EACb,OAAO,EACP,SAAS,EACT,aAAa,EACb,OAAO,EACP,WAAW,EACX,WAAW,EACX,SAAS,GACT,MAAM,mBAAmB,CAAC"}

package/dist/opaque-token.d.ts

@@ -0,0 +1,49 @@
+/**
+ * AEAD-wrapped opaque access tokens.
+ *
+ * Shared between `apps/auth-proxy` (which wraps Supabase JWTs as `wjtk_` tokens
+ * at `/oauth/token`) and `apps/api` (which unwraps on every request before
+ * handing the inner JWT to `supabase-js`). Keeping the wire format in one file
+ * prevents drift between the two sides — a mismatch in AAD, nonce length, or
+ * payload shape silently breaks every MCP-issued session.
+ */
+export declare const WJTK_PREFIX = "wjtk_";
+export declare const AAD_STRING = "workjournal:v1";
+export declare const NONCE_LEN = 12;
+export declare const TAG_LEN = 16;
+export declare const KEY_LEN = 32;
+export interface WrappedPayload {
+    /** Inner Supabase-signed JWT. */
+    j: string;
+    /** Unix expiry seconds — mirrors the inner JWT's exp. */
+    e: number;
+    /** Optional OAuth client_id. */
+    c?: string;
+    /** Wire-format version. */
+    v: 1;
+}
+export declare function isOpaqueToken(token: string | undefined | null): token is string;
+export declare function wrapToken(innerJwt: string, exp: number, clientId: string | undefined, keyB64url: string): Promise<string>;
+export declare function unwrapToken(opaque: string, keyB64url: string): Promise<WrappedPayload | null>;
+/**
+ * Result discriminant for `resolveBearer`:
+ *   - `passthrough` — token was not a `wjtk_` wrapper; caller should use it as-is
+ *     (web-app Supabase JWT path).
+ *   - `unwrapped` — valid wrapper; `.jwt` is the inner Supabase JWT.
+ *   - `invalid` — wrapper was tampered, expired, or encrypted with a different
+ *     key. Callers MUST NOT treat this as equivalent to a missing header — it's
+ *     an explicit authentication failure.
+ */
+export type BearerResolution = {
+    kind: 'passthrough';
+    jwt: string;
+} | {
+    kind: 'unwrapped';
+    jwt: string;
+    payload: WrappedPayload;
+} | {
+    kind: 'invalid';
+    reason: 'tampered' | 'expired';
+};
+export declare function resolveBearer(token: string, keyB64url: string): Promise<BearerResolution>;
+//# sourceMappingURL=opaque-token.d.ts.map

package/dist/opaque-token.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"opaque-token.d.ts","sourceRoot":"","sources":["../src/opaque-token.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,eAAO,MAAM,WAAW,UAAU,CAAC;AACnC,eAAO,MAAM,UAAU,mBAAmB,CAAC;AAC3C,eAAO,MAAM,SAAS,KAAK,CAAC;AAC5B,eAAO,MAAM,OAAO,KAAK,CAAC;AAC1B,eAAO,MAAM,OAAO,KAAK,CAAC;AAI1B,MAAM,WAAW,cAAc;IAC9B,iCAAiC;IACjC,CAAC,EAAE,MAAM,CAAC;IACV,yDAAyD;IACzD,CAAC,EAAE,MAAM,CAAC;IACV,gCAAgC;IAChC,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,2BAA2B;IAC3B,CAAC,EAAE,CAAC,CAAC;CACL;AA0BD,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,GAAG,KAAK,IAAI,MAAM,CAE/E;AAED,wBAAsB,SAAS,CAC9B,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,MAAM,EACX,QAAQ,EAAE,MAAM,GAAG,SAAS,EAC5B,SAAS,EAAE,MAAM,GACf,OAAO,CAAC,MAAM,CAAC,CAiBjB;AAED,wBAAsB,WAAW,CAChC,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,GACf,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CA2ChC;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,gBAAgB,GACzB;IAAE,IAAI,EAAE,aAAa,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,GACpC;IAAE,IAAI,EAAE,WAAW,CAAC;IAAC,GAAG,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,cAAc,CAAA;CAAE,GAC3D;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,MAAM,EAAE,UAAU,GAAG,SAAS,CAAA;CAAE,CAAC;AAEvD,wBAAsB,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAM/F"}

package/dist/opaque-token.js

@@ -0,0 +1,108 @@
+/**
+ * AEAD-wrapped opaque access tokens.
+ *
+ * Shared between `apps/auth-proxy` (which wraps Supabase JWTs as `wjtk_` tokens
+ * at `/oauth/token`) and `apps/api` (which unwraps on every request before
+ * handing the inner JWT to `supabase-js`). Keeping the wire format in one file
+ * prevents drift between the two sides — a mismatch in AAD, nonce length, or
+ * payload shape silently breaks every MCP-issued session.
+ */
+export const WJTK_PREFIX = 'wjtk_';
+export const AAD_STRING = 'workjournal:v1';
+export const NONCE_LEN = 12;
+export const TAG_LEN = 16;
+export const KEY_LEN = 32;
+const AAD = new TextEncoder().encode(AAD_STRING);
+function base64urlEncode(bytes) {
+    let binary = '';
+    for (const byte of bytes)
+        binary += String.fromCharCode(byte);
+    return btoa(binary).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
+}
+function base64urlDecode(s) {
+    const padded = s.replace(/-/g, '+').replace(/_/g, '/') + '==='.slice((s.length + 3) % 4);
+    const binary = atob(padded);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) {
+        bytes[i] = binary.charCodeAt(i);
+    }
+    return bytes;
+}
+async function importKey(keyB64url, usages) {
+    const keyBytes = base64urlDecode(keyB64url);
+    if (keyBytes.length !== KEY_LEN) {
+        throw new Error(`TOKEN_ENC_KEY must be ${KEY_LEN} bytes`);
+    }
+    return crypto.subtle.importKey('raw', keyBytes, 'AES-GCM', false, usages);
+}
+export function isOpaqueToken(token) {
+    return typeof token === 'string' && token.startsWith(WJTK_PREFIX);
+}
+export async function wrapToken(innerJwt, exp, clientId, keyB64url) {
+    const key = await importKey(keyB64url, ['encrypt']);
+    const nonce = crypto.getRandomValues(new Uint8Array(NONCE_LEN));
+    const payload = { j: innerJwt, e: exp, v: 1 };
+    if (clientId)
+        payload.c = clientId;
+    const plaintext = new TextEncoder().encode(JSON.stringify(payload));
+    const ciphertext = new Uint8Array(await crypto.subtle.encrypt({ name: 'AES-GCM', iv: nonce, additionalData: AAD }, key, plaintext));
+    const combined = new Uint8Array(NONCE_LEN + ciphertext.byteLength);
+    combined.set(nonce, 0);
+    combined.set(ciphertext, NONCE_LEN);
+    return WJTK_PREFIX + base64urlEncode(combined);
+}
+export async function unwrapToken(opaque, keyB64url) {
+    if (!opaque.startsWith(WJTK_PREFIX))
+        return null;
+    let combined;
+    try {
+        combined = base64urlDecode(opaque.slice(WJTK_PREFIX.length));
+    }
+    catch {
+        return null;
+    }
+    if (combined.length < NONCE_LEN + TAG_LEN)
+        return null;
+    const nonce = combined.slice(0, NONCE_LEN);
+    const ciphertext = combined.slice(NONCE_LEN);
+    let key;
+    try {
+        key = await importKey(keyB64url, ['decrypt']);
+    }
+    catch {
+        return null;
+    }
+    let plaintext;
+    try {
+        plaintext = await crypto.subtle.decrypt({ name: 'AES-GCM', iv: nonce, additionalData: AAD }, key, ciphertext);
+    }
+    catch {
+        return null;
+    }
+    let payload;
+    try {
+        payload = JSON.parse(new TextDecoder().decode(plaintext));
+    }
+    catch {
+        return null;
+    }
+    if (typeof payload !== 'object' ||
+        payload === null ||
+        typeof payload.j !== 'string' ||
+        typeof payload.e !== 'number' ||
+        payload.v !== 1) {
+        return null;
+    }
+    return payload;
+}
+export async function resolveBearer(token, keyB64url) {
+    if (!isOpaqueToken(token))
+        return { kind: 'passthrough', jwt: token };
+    const payload = await unwrapToken(token, keyB64url);
+    if (!payload)
+        return { kind: 'invalid', reason: 'tampered' };
+    if (payload.e < Math.floor(Date.now() / 1000))
+        return { kind: 'invalid', reason: 'expired' };
+    return { kind: 'unwrapped', jwt: payload.j, payload };
+}
+//# sourceMappingURL=opaque-token.js.map

package/dist/opaque-token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"opaque-token.js","sourceRoot":"","sources":["../src/opaque-token.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,CAAC,MAAM,WAAW,GAAG,OAAO,CAAC;AACnC,MAAM,CAAC,MAAM,UAAU,GAAG,gBAAgB,CAAC;AAC3C,MAAM,CAAC,MAAM,SAAS,GAAG,EAAE,CAAC;AAC5B,MAAM,CAAC,MAAM,OAAO,GAAG,EAAE,CAAC;AAC1B,MAAM,CAAC,MAAM,OAAO,GAAG,EAAE,CAAC;AAE1B,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;AAajD,SAAS,eAAe,CAAC,KAAiB;IACzC,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,KAAK,MAAM,IAAI,IAAI,KAAK;QAAE,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;IAC9D,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AAChF,CAAC;AAED,SAAS,eAAe,CAAC,CAAS;IACjC,MAAM,MAAM,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACzF,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACxC,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IACjC,CAAC;IACD,OAAO,KAAK,CAAC;AACd,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,SAAiB,EAAE,MAAkB;IAC7D,MAAM,QAAQ,GAAG,eAAe,CAAC,SAAS,CAAC,CAAC;IAC5C,IAAI,QAAQ,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,yBAAyB,OAAO,QAAQ,CAAC,CAAC;IAC3D,CAAC;IACD,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;AAC3E,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,KAAgC;IAC7D,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;AACnE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAC9B,QAAgB,EAChB,GAAW,EACX,QAA4B,EAC5B,SAAiB;IAEjB,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,SAAS,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC;IACpD,MAAM,KAAK,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC;IAChE,MAAM,OAAO,GAAmB,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;IAC9D,IAAI,QAAQ;QAAE,OAAO,CAAC,CAAC,GAAG,QAAQ,CAAC;IACnC,MAAM,SAAS,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;IACpE,MAAM,UAAU,GAAG,IAAI,UAAU,CAChC,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAC1B,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE,GAAG,EAAE,EACnD,GAAG,EACH,SAAS,CACT,CACD,CAAC;IACF,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,SAAS,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;IACnE,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACvB,QAAQ,CAAC,GAAG,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;IACpC,OAAO,WAAW,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;AAChD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAChC,MAAc,EACd,SAAiB;IAEjB,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC;QAAE,OAAO,IAAI,CAAC;IACjD,IAAI,QAAoB,CAAC;IACzB,IAAI,CAAC;QACJ,QAAQ,GAAG,eAAe,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;IAC9D,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,IAAI,CAAC;IACb,CAAC;IACD,IAAI,QAAQ,CAAC,MAAM,GAAG,SAAS,GAAG,OAAO;QAAE,OAAO,IAAI,CAAC;IACvD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;IAC3C,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IAC7C,IAAI,GAAc,CAAC;IACnB,IAAI,CAAC;QACJ,GAAG,GAAG,MAAM,SAAS,CAAC,SAAS,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,IAAI,CAAC;IACb,CAAC;IACD,IAAI,SAAsB,CAAC;IAC3B,IAAI,CAAC;QACJ,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CACtC,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,KAAK,EAAE,cAAc,EAAE,GAAG,EAAE,EACnD,GAAG,EACH,UAAU,CACV,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,IAAI,CAAC;IACb,CAAC;IACD,IAAI,OAAgB,CAAC;IACrB,IAAI,CAAC;QACJ,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;IAC3D,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,IAAI,CAAC;IACb,CAAC;IACD,IACC,OAAO,OAAO,KAAK,QAAQ;QAC3B,OAAO,KAAK,IAAI;QAChB,OAAQ,OAA0B,CAAC,CAAC,KAAK,QAAQ;QACjD,OAAQ,OAA0B,CAAC,CAAC,KAAK,QAAQ;QAChD,OAA0B,CAAC,CAAC,KAAK,CAAC,EAClC,CAAC;QACF,OAAO,IAAI,CAAC;IACb,CAAC;IACD,OAAO,OAAyB,CAAC;AAClC,CAAC;AAgBD,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,KAAa,EAAE,SAAiB;IACnE,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC;QAAE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;IACtE,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;IACpD,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;IAC7D,IAAI,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;QAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC7F,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC;AACvD,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,100 @@
+export type AccountType = 'PERSONAL' | 'PRO' | 'ADMIN';
+export interface Account {
+    id: string;
+    owner_id: string;
+    name: string;
+    type: AccountType;
+    created_at: string;
+    updated_at: string;
+}
+/** Top-level organisational unit. A user creates a journal and becomes its owner. */
+export interface Journal {
+    id: string;
+    name: string;
+    description: string | null;
+    account_id: string;
+    is_public: boolean;
+    public_slug: string | null;
+    created_at: string;
+    updated_at: string;
+}
+/** Access control record linking a user to a journal with a role. */
+export interface JournalMember {
+    id: string;
+    journal_id: string;
+    user_id: string;
+    role: 'owner' | 'member';
+    created_at: string;
+}
+/** Journal entry scoped to a journal. Identified user-facing by `index`. */
+export interface Entry {
+    id: string;
+    journal_id: string;
+    index: number;
+    summary: string;
+    what_changed: string;
+    client?: string | null;
+    created_by: string | null;
+    created_at: string;
+    updated_at: string;
+}
+/** Slim entry shape returned by the list endpoint when `include=body` is absent. */
+export interface EntrySummary {
+    id: string;
+    journal_id: string;
+    index: number;
+    summary: string;
+    created_at: string;
+}
+/** Email-based invitation for journal sharing. */
+export interface Invitation {
+    id: string;
+    journal_id: string;
+    invited_by: string;
+    email: string;
+    token: string;
+    created_at: string;
+    accepted_at: string | null;
+    revoked_at: string | null;
+}
+export interface CreateAccountRequest {
+    name?: string | undefined;
+}
+export interface CreateJournalRequest {
+    account_id?: string | undefined;
+    name: string;
+    description?: string | undefined;
+}
+export interface UpdateJournalRequest {
+    name?: string | undefined;
+    description?: string | null | undefined;
+    is_public?: boolean | undefined;
+}
+export interface CreateEntryRequest {
+    summary: string;
+    what_changed: string;
+    client?: string;
+}
+export interface UpdateEntryRequest {
+    summary?: string | undefined;
+    what_changed?: string | undefined;
+}
+export interface CreateInvitationRequest {
+    email: string;
+}
+export interface AcceptInvitationRequest {
+    token: string;
+}
+export interface PaginatedResponse<T> {
+    data: T[];
+    total: number;
+    offset: number;
+    limit: number;
+}
+export interface ApiError {
+    error: {
+        code: string;
+        message: string;
+    };
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,WAAW,GAAG,UAAU,GAAG,KAAK,GAAG,OAAO,CAAC;AAEvD,MAAM,WAAW,OAAO;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,WAAW,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACnB;AAED,qFAAqF;AACrF,MAAM,WAAW,OAAO;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,OAAO,CAAC;IACnB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACnB;AAED,qEAAqE;AACrE,MAAM,WAAW,aAAa;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,OAAO,GAAG,QAAQ,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;CACnB;AAED,4EAA4E;AAC5E,MAAM,WAAW,KAAK;IACrB,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACnB;AAED,oFAAoF;AACpF,MAAM,WAAW,YAAY;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;CACnB;AAED,kDAAkD;AAClD,MAAM,WAAW,UAAU;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED,MAAM,WAAW,oBAAoB;IACpC,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC1B;AAED,MAAM,WAAW,oBAAoB;IACpC,UAAU,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CACjC;AAED,MAAM,WAAW,oBAAoB;IACpC,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,CAAC;IACxC,SAAS,CAAC,EAAE,OAAO,GAAG,SAAS,CAAC;CAChC;AAED,MAAM,WAAW,kBAAkB;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,kBAAkB;IAClC,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC7B,YAAY,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAClC;AAED,MAAM,WAAW,uBAAuB;IACvC,KAAK,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,uBAAuB;IACvC,KAAK,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,iBAAiB,CAAC,CAAC;IACnC,IAAI,EAAE,CAAC,EAAE,CAAC;IACV,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,QAAQ;IACxB,KAAK,EAAE;QACN,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;KAChB,CAAC;CACF"}

package/dist/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}

package/package.json

@@ -0,0 +1,46 @@
+{
+  "name": "@workjournal/shared",
+  "version": "0.1.0",
+  "description": "Shared types, constants, and credential helpers for the Workjournal CLI and MCP server.",
+  "license": "MIT",
+  "type": "module",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    },
+    "./credentials": {
+      "types": "./dist/credentials.d.ts",
+      "import": "./dist/credentials.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/workjournal-pro/workjournal.git",
+    "directory": "packages/shared"
+  },
+  "bugs": {
+    "url": "https://github.com/workjournal-pro/workjournal/issues"
+  },
+  "homepage": "https://workjournal.pro",
+  "keywords": [
+    "workjournal",
+    "shared",
+    "types"
+  ],
+  "devDependencies": {
+    "@types/node": "22.15.29",
+    "typescript": "5.8.3"
+  },
+  "scripts": {
+    "build": "tsc --project tsconfig.json",
+    "check": "tsc --noEmit"
+  }
+}