npm - alepha - Versions diffs - 0.14.3 → 0.15.0 - Mend

alepha 0.14.3 → 0.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (317) hide show

package/README.md +2 -5
package/dist/api/audits/index.d.ts +620 -811
package/dist/api/audits/index.d.ts.map +1 -1
package/dist/api/files/index.d.ts +185 -377
package/dist/api/files/index.d.ts.map +1 -1
package/dist/api/files/index.js +0 -1
package/dist/api/files/index.js.map +1 -1
package/dist/api/jobs/index.d.ts +245 -435
package/dist/api/jobs/index.d.ts.map +1 -1
package/dist/api/notifications/index.d.ts +238 -429
package/dist/api/notifications/index.d.ts.map +1 -1
package/dist/api/parameters/index.d.ts +236 -427
package/dist/api/parameters/index.d.ts.map +1 -1
package/dist/api/users/index.browser.js +1 -2
package/dist/api/users/index.browser.js.map +1 -1
package/dist/api/users/index.d.ts +1010 -1196
package/dist/api/users/index.d.ts.map +1 -1
package/dist/api/users/index.js +178 -151
package/dist/api/users/index.js.map +1 -1
package/dist/api/verifications/index.d.ts +17 -17
package/dist/api/verifications/index.d.ts.map +1 -1
package/dist/batch/index.d.ts +122 -122
package/dist/batch/index.d.ts.map +1 -1
package/dist/batch/index.js +1 -2
package/dist/batch/index.js.map +1 -1
package/dist/bucket/index.d.ts +163 -163
package/dist/bucket/index.d.ts.map +1 -1
package/dist/cache/core/index.d.ts +46 -46
package/dist/cache/core/index.d.ts.map +1 -1
package/dist/cache/redis/index.d.ts.map +1 -1
package/dist/cli/index.d.ts +384 -285
package/dist/cli/index.d.ts.map +1 -1
package/dist/cli/index.js +1113 -623
package/dist/cli/index.js.map +1 -1
package/dist/command/index.d.ts +299 -300
package/dist/command/index.d.ts.map +1 -1
package/dist/command/index.js +13 -9
package/dist/command/index.js.map +1 -1
package/dist/core/index.browser.js +445 -103
package/dist/core/index.browser.js.map +1 -1
package/dist/core/index.d.ts +733 -625
package/dist/core/index.d.ts.map +1 -1
package/dist/core/index.js +446 -103
package/dist/core/index.js.map +1 -1
package/dist/core/index.native.js +445 -103
package/dist/core/index.native.js.map +1 -1
package/dist/datetime/index.d.ts +44 -44
package/dist/datetime/index.d.ts.map +1 -1
package/dist/datetime/index.js +4 -4
package/dist/datetime/index.js.map +1 -1
package/dist/email/index.d.ts +97 -50
package/dist/email/index.d.ts.map +1 -1
package/dist/email/index.js +129 -33
package/dist/email/index.js.map +1 -1
package/dist/fake/index.d.ts +7981 -14
package/dist/fake/index.d.ts.map +1 -1
package/dist/file/index.d.ts +523 -390
package/dist/file/index.d.ts.map +1 -1
package/dist/file/index.js +253 -1
package/dist/file/index.js.map +1 -1
package/dist/lock/core/index.d.ts +208 -208
package/dist/lock/core/index.d.ts.map +1 -1
package/dist/lock/redis/index.d.ts.map +1 -1
package/dist/logger/index.d.ts +25 -26
package/dist/logger/index.d.ts.map +1 -1
package/dist/logger/index.js +12 -2
package/dist/logger/index.js.map +1 -1
package/dist/mcp/index.d.ts +197 -197
package/dist/mcp/index.d.ts.map +1 -1
package/dist/mcp/index.js +1 -1
package/dist/mcp/index.js.map +1 -1
package/dist/orm/chunk-DtkW-qnP.js +38 -0
package/dist/orm/index.browser.js.map +1 -1
package/dist/orm/index.bun.js +2814 -0
package/dist/orm/index.bun.js.map +1 -0
package/dist/orm/index.d.ts +1228 -1216
package/dist/orm/index.d.ts.map +1 -1
package/dist/orm/index.js +2041 -1967
package/dist/orm/index.js.map +1 -1
package/dist/queue/core/index.d.ts +248 -248
package/dist/queue/core/index.d.ts.map +1 -1
package/dist/queue/redis/index.d.ts.map +1 -1
package/dist/redis/index.bun.js +285 -0
package/dist/redis/index.bun.js.map +1 -0
package/dist/redis/index.d.ts +118 -136
package/dist/redis/index.d.ts.map +1 -1
package/dist/redis/index.js +18 -38
package/dist/redis/index.js.map +1 -1
package/dist/retry/index.d.ts +69 -69
package/dist/retry/index.d.ts.map +1 -1
package/dist/router/index.d.ts +6 -6
package/dist/router/index.d.ts.map +1 -1
package/dist/scheduler/index.d.ts +25 -25
package/dist/scheduler/index.d.ts.map +1 -1
package/dist/security/index.browser.js +5 -1
package/dist/security/index.browser.js.map +1 -1
package/dist/security/index.d.ts +417 -254
package/dist/security/index.d.ts.map +1 -1
package/dist/security/index.js +386 -86
package/dist/security/index.js.map +1 -1
package/dist/server/auth/index.d.ts +110 -110
package/dist/server/auth/index.d.ts.map +1 -1
package/dist/server/auth/index.js +20 -20
package/dist/server/auth/index.js.map +1 -1
package/dist/server/cache/index.d.ts +62 -47
package/dist/server/cache/index.d.ts.map +1 -1
package/dist/server/cache/index.js +56 -3
package/dist/server/cache/index.js.map +1 -1
package/dist/server/compress/index.d.ts +6 -0
package/dist/server/compress/index.d.ts.map +1 -1
package/dist/server/compress/index.js +36 -1
package/dist/server/compress/index.js.map +1 -1
package/dist/server/cookies/index.d.ts +6 -6
package/dist/server/cookies/index.d.ts.map +1 -1
package/dist/server/cookies/index.js +3 -3
package/dist/server/cookies/index.js.map +1 -1
package/dist/server/core/index.browser.js +2 -2
package/dist/server/core/index.browser.js.map +1 -1
package/dist/server/core/index.d.ts +242 -150
package/dist/server/core/index.d.ts.map +1 -1
package/dist/server/core/index.js +294 -125
package/dist/server/core/index.js.map +1 -1
package/dist/server/cors/index.d.ts +11 -12
package/dist/server/cors/index.d.ts.map +1 -1
package/dist/server/health/index.d.ts +0 -1
package/dist/server/health/index.d.ts.map +1 -1
package/dist/server/helmet/index.d.ts +2 -2
package/dist/server/helmet/index.d.ts.map +1 -1
package/dist/server/links/index.browser.js.map +1 -1
package/dist/server/links/index.d.ts +123 -124
package/dist/server/links/index.d.ts.map +1 -1
package/dist/server/links/index.js +1 -2
package/dist/server/links/index.js.map +1 -1
package/dist/server/metrics/index.d.ts.map +1 -1
package/dist/server/multipart/index.d.ts +6 -6
package/dist/server/multipart/index.d.ts.map +1 -1
package/dist/server/proxy/index.d.ts +102 -103
package/dist/server/proxy/index.d.ts.map +1 -1
package/dist/server/rate-limit/index.d.ts +16 -16
package/dist/server/rate-limit/index.d.ts.map +1 -1
package/dist/server/static/index.d.ts +44 -44
package/dist/server/static/index.d.ts.map +1 -1
package/dist/server/static/index.js +4 -0
package/dist/server/static/index.js.map +1 -1
package/dist/server/swagger/index.d.ts +48 -49
package/dist/server/swagger/index.d.ts.map +1 -1
package/dist/server/swagger/index.js +3 -5
package/dist/server/swagger/index.js.map +1 -1
package/dist/sms/index.d.ts +13 -11
package/dist/sms/index.d.ts.map +1 -1
package/dist/sms/index.js +7 -7
package/dist/sms/index.js.map +1 -1
package/dist/thread/index.d.ts +71 -72
package/dist/thread/index.d.ts.map +1 -1
package/dist/topic/core/index.d.ts +318 -318
package/dist/topic/core/index.d.ts.map +1 -1
package/dist/topic/redis/index.d.ts +6 -6
package/dist/topic/redis/index.d.ts.map +1 -1
package/dist/vite/index.d.ts +5805 -249
package/dist/vite/index.d.ts.map +1 -1
package/dist/vite/index.js +599 -513
package/dist/vite/index.js.map +1 -1
package/dist/websocket/index.browser.js +6 -6
package/dist/websocket/index.browser.js.map +1 -1
package/dist/websocket/index.d.ts +247 -247
package/dist/websocket/index.d.ts.map +1 -1
package/dist/websocket/index.js +6 -6
package/dist/websocket/index.js.map +1 -1
package/package.json +9 -14
package/src/api/files/controllers/AdminFileStatsController.ts +0 -1
package/src/api/users/atoms/realmAuthSettingsAtom.ts +5 -0
package/src/api/users/controllers/{UserRealmController.ts → RealmController.ts} +11 -11
package/src/api/users/entities/users.ts +1 -1
package/src/api/users/index.ts +8 -8
package/src/api/users/primitives/{$userRealm.ts → $realm.ts} +17 -19
package/src/api/users/providers/{UserRealmProvider.ts → RealmProvider.ts} +26 -30
package/src/api/users/schemas/{userRealmConfigSchema.ts → realmConfigSchema.ts} +2 -2
package/src/api/users/services/CredentialService.ts +7 -7
package/src/api/users/services/IdentityService.ts +4 -4
package/src/api/users/services/RegistrationService.spec.ts +25 -27
package/src/api/users/services/RegistrationService.ts +38 -27
package/src/api/users/services/SessionCrudService.ts +3 -3
package/src/api/users/services/SessionService.spec.ts +3 -3
package/src/api/users/services/SessionService.ts +28 -9
package/src/api/users/services/UserService.ts +7 -7
package/src/batch/providers/BatchProvider.ts +1 -2
package/src/cli/apps/AlephaCli.ts +0 -2
package/src/cli/apps/AlephaPackageBuilderCli.ts +38 -19
package/src/cli/assets/apiHelloControllerTs.ts +18 -0
package/src/cli/assets/apiIndexTs.ts +16 -0
package/src/cli/assets/claudeMd.ts +303 -0
package/src/cli/assets/mainBrowserTs.ts +2 -2
package/src/cli/assets/mainServerTs.ts +24 -0
package/src/cli/assets/webAppRouterTs.ts +15 -0
package/src/cli/assets/webHelloComponentTsx.ts +16 -0
package/src/cli/assets/webIndexTs.ts +16 -0
package/src/cli/atoms/buildOptions.ts +88 -0
package/src/cli/commands/build.ts +70 -87
package/src/cli/commands/db.ts +21 -22
package/src/cli/commands/deploy.ts +17 -5
package/src/cli/commands/dev.ts +22 -14
package/src/cli/commands/format.ts +8 -2
package/src/cli/commands/gen/env.ts +53 -0
package/src/cli/commands/gen/openapi.ts +1 -1
package/src/cli/commands/gen/resource.ts +15 -0
package/src/cli/commands/gen.ts +7 -1
package/src/cli/commands/init.ts +74 -30
package/src/cli/commands/lint.ts +8 -2
package/src/cli/commands/test.ts +8 -3
package/src/cli/commands/typecheck.ts +5 -1
package/src/cli/commands/verify.ts +5 -3
package/src/cli/defineConfig.ts +49 -7
package/src/cli/index.ts +0 -1
package/src/cli/services/AlephaCliUtils.ts +39 -589
package/src/cli/services/PackageManagerUtils.ts +301 -0
package/src/cli/services/ProjectScaffolder.ts +306 -0
package/src/command/helpers/Runner.spec.ts +2 -2
package/src/command/helpers/Runner.ts +16 -4
package/src/command/primitives/$command.ts +0 -6
package/src/command/providers/CliProvider.ts +1 -3
package/src/core/Alepha.ts +42 -0
package/src/core/__tests__/Alepha-graph.spec.ts +4 -0
package/src/core/index.shared.ts +1 -0
package/src/core/index.ts +2 -0
package/src/core/primitives/$hook.ts +6 -2
package/src/core/primitives/$module.spec.ts +4 -0
package/src/core/providers/AlsProvider.ts +1 -1
package/src/core/providers/CodecManager.spec.ts +12 -6
package/src/core/providers/CodecManager.ts +26 -6
package/src/core/providers/EventManager.ts +169 -13
package/src/core/providers/KeylessJsonSchemaCodec.spec.ts +621 -0
package/src/core/providers/KeylessJsonSchemaCodec.ts +407 -0
package/src/core/providers/StateManager.spec.ts +27 -16
package/src/email/providers/LocalEmailProvider.spec.ts +111 -87
package/src/email/providers/LocalEmailProvider.ts +52 -15
package/src/email/providers/NodemailerEmailProvider.ts +167 -56
package/src/file/errors/FileError.ts +7 -0
package/src/file/index.ts +9 -1
package/src/file/providers/MemoryFileSystemProvider.ts +393 -0
package/src/logger/index.ts +15 -3
package/src/mcp/transports/StdioMcpTransport.ts +1 -1
package/src/orm/index.browser.ts +1 -19
package/src/orm/index.bun.ts +77 -0
package/src/orm/index.shared-server.ts +22 -0
package/src/orm/index.shared.ts +15 -0
package/src/orm/index.ts +13 -39
package/src/orm/providers/drivers/BunPostgresProvider.ts +3 -5
package/src/orm/providers/drivers/BunSqliteProvider.ts +1 -1
package/src/orm/providers/drivers/CloudflareD1Provider.ts +4 -0
package/src/orm/providers/drivers/DatabaseProvider.ts +4 -0
package/src/orm/providers/drivers/PglitePostgresProvider.ts +4 -0
package/src/orm/services/Repository.ts +8 -0
package/src/queue/core/providers/WorkerProvider.spec.ts +48 -32
package/src/redis/index.bun.ts +35 -0
package/src/redis/providers/BunRedisProvider.ts +12 -43
package/src/redis/providers/BunRedisSubscriberProvider.ts +2 -3
package/src/redis/providers/NodeRedisProvider.ts +16 -34
package/src/{server/security → security}/__tests__/BasicAuth.spec.ts +11 -11
package/src/{server/security → security}/__tests__/ServerSecurityProvider-realm.spec.ts +21 -16
package/src/{server/security/providers → security/__tests__}/ServerSecurityProvider.spec.ts +5 -5
package/src/security/index.browser.ts +5 -0
package/src/security/index.ts +90 -7
package/src/security/primitives/{$realm.spec.ts → $issuer.spec.ts} +11 -11
package/src/security/primitives/{$realm.ts → $issuer.ts} +20 -17
package/src/security/primitives/$role.ts +5 -5
package/src/security/primitives/$serviceAccount.spec.ts +5 -5
package/src/security/primitives/$serviceAccount.ts +3 -3
package/src/{server/security → security}/providers/ServerSecurityProvider.ts +5 -7
package/src/server/auth/primitives/$auth.ts +10 -10
package/src/server/auth/primitives/$authCredentials.ts +3 -3
package/src/server/auth/primitives/$authGithub.ts +3 -3
package/src/server/auth/primitives/$authGoogle.ts +3 -3
package/src/server/auth/providers/ServerAuthProvider.ts +13 -13
package/src/server/cache/providers/ServerCacheProvider.spec.ts +183 -0
package/src/server/cache/providers/ServerCacheProvider.ts +95 -10
package/src/server/compress/providers/ServerCompressProvider.ts +61 -2
package/src/server/cookies/providers/ServerCookiesProvider.ts +3 -3
package/src/server/core/helpers/ServerReply.ts +2 -2
package/src/server/core/providers/NodeHttpServerProvider.ts +25 -6
package/src/server/core/providers/ServerBodyParserProvider.ts +19 -23
package/src/server/core/providers/ServerLoggerProvider.ts +23 -19
package/src/server/core/providers/ServerProvider.ts +155 -22
package/src/server/core/providers/ServerRouterProvider.ts +259 -115
package/src/server/core/providers/ServerTimingProvider.ts +2 -2
package/src/server/links/index.ts +1 -1
package/src/server/links/providers/LinkProvider.ts +1 -1
package/src/server/static/providers/ServerStaticProvider.ts +10 -0
package/src/server/swagger/index.ts +1 -1
package/src/server/swagger/providers/ServerSwaggerProvider.ts +5 -8
package/src/sms/providers/LocalSmsProvider.spec.ts +153 -111
package/src/sms/providers/LocalSmsProvider.ts +8 -7
package/src/vite/helpers/boot.ts +28 -17
package/src/vite/helpers/importViteReact.ts +13 -0
package/src/vite/index.ts +1 -21
package/src/vite/plugins/viteAlephaDev.ts +16 -1
package/src/vite/plugins/viteAlephaSsrPreload.ts +222 -0
package/src/vite/tasks/buildClient.ts +11 -0
package/src/vite/tasks/buildServer.ts +59 -4
package/src/vite/tasks/devServer.ts +71 -0
package/src/vite/tasks/generateCloudflare.ts +7 -0
package/src/vite/tasks/index.ts +2 -1
package/dist/server/security/index.browser.js +0 -13
package/dist/server/security/index.browser.js.map +0 -1
package/dist/server/security/index.d.ts +0 -173
package/dist/server/security/index.d.ts.map +0 -1
package/dist/server/security/index.js +0 -311
package/dist/server/security/index.js.map +0 -1
package/src/cli/assets/appRouterTs.ts +0 -9
package/src/cli/assets/mainTs.ts +0 -13
package/src/cli/assets/viteConfigTs.ts +0 -14
package/src/cli/commands/run.ts +0 -24
package/src/server/security/index.browser.ts +0 -10
package/src/server/security/index.ts +0 -94
package/src/vite/plugins/viteAlepha.ts +0 -37
package/src/vite/plugins/viteAlephaBuild.ts +0 -281
/package/src/{server/security → security}/primitives/$basicAuth.ts +0 -0
/package/src/{server/security → security}/providers/ServerBasicAuthProvider.ts +0 -0

package/dist/api/users/index.js CHANGED Viewed

@@ -10,11 +10,11 @@ import { AlephaApiAudits, AuditService } from "alepha/api/audits";
 import { $logger } from "alepha/logger";
 import { $bucket } from "alepha/bucket";
 import { $client } from "alepha/server/links";
+import { $authCredentials, $authGithub, $authGoogle, ServerAuthProvider, authenticationProviderSchema } from "alepha/server/auth";
 import { randomInt, randomUUID } from "node:crypto";
 import { $cache } from "alepha/cache";
 import { DateTimeProvider } from "alepha/datetime";
-import { $realm, CryptoProvider, InvalidCredentialsError, SecurityProvider } from "alepha/security";
-import { $authCredentials, $authGithub, $authGoogle, ServerAuthProvider, authenticationProviderSchema } from "alepha/server/auth";
+import { $issuer, CryptoProvider, InvalidCredentialsError, SecurityProvider } from "alepha/security";
 import { FileSystemProvider } from "alepha/file";
 import { AlephaApiFiles } from "alepha/api/files";
@@ -37,8 +37,7 @@ const users = $entity({
 		realm: db.default(t.text(), DEFAULT_USER_REALM_NAME),
 		username: t.optional(t.shortText({
 			minLength: 3,
-			maxLength: 50,
-			pattern: "^[a-zA-Z0-9._-]+$"
+			maxLength: 50
 		})),
 		email: t.optional(t.string({ format: "email" })),
 		phoneNumber: t.optional(t.e164()),
@@ -99,6 +98,7 @@ const realmAuthSettingsAtom = $atom({
 		emailRequired: t.boolean({ description: "Require email address for user accounts" }),
 		usernameEnabled: t.boolean({ description: "Enable username as a login/registration credential" }),
 		usernameRequired: t.boolean({ description: "Require username for user accounts" }),
+		usernameRegExp: t.string({ description: "Regular expression that usernames must match (if username is enabled)" }),
 		phoneEnabled: t.boolean({ description: "Enable phone number as a login/registration credential" }),
 		phoneRequired: t.boolean({ description: "Require phone number for user accounts" }),
 		verifyEmailRequired: t.boolean({ description: "Require email verification for user accounts" }),
@@ -124,6 +124,7 @@ const realmAuthSettingsAtom = $atom({
 		emailRequired: true,
 		usernameEnabled: false,
 		usernameRequired: false,
+		usernameRegExp: "^[a-zA-Z0-9_]{3,30}$",
 		phoneEnabled: false,
 		phoneRequired: false,
 		verifyEmailRequired: false,
@@ -167,8 +168,8 @@ const sessions = $entity({
 });
 //#endregion
-//#region ../../src/api/users/providers/UserRealmProvider.ts
-var UserRealmProvider = class {
+//#region ../../src/api/users/providers/RealmProvider.ts
+var RealmProvider = class {
 	alepha = $inject(Alepha);
 	defaultIdentities = $repository(identities);
 	defaultSessions = $repository(sessions);
@@ -193,46 +194,46 @@ var UserRealmProvider = class {
 			});
 		}
 	});
-	register(userRealmName, userRealmOptions = {}) {
-		this.realms.set(userRealmName, {
-			name: userRealmName,
+	register(realmName, realmOptions = {}) {
+		this.realms.set(realmName, {
+			name: realmName,
 			repositories: {
-				identities: userRealmOptions.entities?.identities ?? this.defaultIdentities,
-				sessions: userRealmOptions.entities?.sessions ?? this.defaultSessions,
-				users: userRealmOptions.entities?.users ?? this.defaultUsers
+				identities: realmOptions.entities?.identities ?? this.defaultIdentities,
+				sessions: realmOptions.entities?.sessions ?? this.defaultSessions,
+				users: realmOptions.entities?.users ?? this.defaultUsers
 			},
 			settings: {
 				...realmAuthSettingsAtom.options.default,
-				...userRealmOptions.settings,
+				...realmOptions.settings,
 				passwordPolicy: {
 					...realmAuthSettingsAtom.options.default.passwordPolicy,
-					...userRealmOptions.settings?.passwordPolicy
+					...realmOptions.settings?.passwordPolicy
 				}
 			}
 		});
-		return this.getRealm(userRealmName);
+		return this.getRealm(realmName);
 	}
 	/**
 	* Gets a registered realm by name, auto-creating default if needed.
 	*/
-	getRealm(userRealmName = DEFAULT_USER_REALM_NAME) {
-		let realm = this.realms.get(userRealmName);
+	getRealm(realmName = DEFAULT_USER_REALM_NAME) {
+		let realm = this.realms.get(realmName);
 		if (!realm) {
 			const firstRealm = Array.from(this.realms.values())[0];
-			if (userRealmName === DEFAULT_USER_REALM_NAME && firstRealm) realm = firstRealm;
-			else if (this.alepha.isTest()) realm = this.register(userRealmName);
-			else throw new AlephaError(`Missing user realm '${userRealmName}', please declare $userRealm in your application.`);
+			if (realmName === DEFAULT_USER_REALM_NAME && firstRealm) realm = firstRealm;
+			else if (this.alepha.isTest()) realm = this.register(realmName);
+			else throw new AlephaError(`Missing realm '${realmName}', please declare $realm in your application.`);
 		}
 		return realm;
 	}
-	identityRepository(userRealmName = DEFAULT_USER_REALM_NAME) {
-		return this.getRealm(userRealmName).repositories.identities;
+	identityRepository(realmName = DEFAULT_USER_REALM_NAME) {
+		return this.getRealm(realmName).repositories.identities;
 	}
-	sessionRepository(userRealmName = DEFAULT_USER_REALM_NAME) {
-		return this.getRealm(userRealmName).repositories.sessions;
+	sessionRepository(realmName = DEFAULT_USER_REALM_NAME) {
+		return this.getRealm(realmName).repositories.sessions;
 	}
-	userRepository(userRealmName = DEFAULT_USER_REALM_NAME) {
-		return this.getRealm(userRealmName).repositories.users;
+	userRepository(realmName = DEFAULT_USER_REALM_NAME) {
+		return this.getRealm(realmName).repositories.users;
 	}
 };
@@ -240,10 +241,10 @@ var UserRealmProvider = class {
 //#region ../../src/api/users/services/IdentityService.ts
 var IdentityService = class {
 	log = $logger();
-	userRealmProvider = $inject(UserRealmProvider);
+	realmProvider = $inject(RealmProvider);
 	auditService = $inject(AuditService);
 	identities(userRealmName) {
-		return this.userRealmProvider.identityRepository(userRealmName);
+		return this.realmProvider.identityRepository(userRealmName);
 	}
 	/**
 	* Find identities with pagination and filtering.
@@ -295,7 +296,7 @@ var IdentityService = class {
 			provider: identity.provider,
 			userId: identity.userId
 		});
-		const realm = this.userRealmProvider.getRealm(userRealmName);
+		const realm = this.realmProvider.getRealm(userRealmName);
 		await this.auditService.recordUser("update", {
 			userRealm: realm.name,
 			resourceId: identity.userId,
@@ -398,9 +399,9 @@ const sessionResourceSchema = t.object({
 //#region ../../src/api/users/services/SessionCrudService.ts
 var SessionCrudService = class {
 	log = $logger();
-	userRealmProvider = $inject(UserRealmProvider);
+	realmProvider = $inject(RealmProvider);
 	sessions(userRealmName) {
-		return this.userRealmProvider.sessionRepository(userRealmName);
+		return this.realmProvider.sessionRepository(userRealmName);
 	}
 	/**
 	* Find sessions with pagination and filtering.
@@ -672,10 +673,10 @@ var UserService = class {
 	log = $logger();
 	verificationController = $client();
 	userNotifications = $inject(UserNotifications);
-	userRealmProvider = $inject(UserRealmProvider);
+	realmProvider = $inject(RealmProvider);
 	auditService = $inject(AuditService);
 	users(userRealmName) {
-		return this.userRealmProvider.userRepository(userRealmName);
+		return this.realmProvider.userRepository(userRealmName);
 	}
 	/**
 	* Request email verification for a user.
@@ -779,7 +780,7 @@ var UserService = class {
 			userId: user.id,
 			type
 		});
-		const realm = this.userRealmProvider.getRealm(userRealmName);
+		const realm = this.realmProvider.getRealm(userRealmName);
 		await this.auditService.recordUser("update", {
 			userId: user.id,
 			userEmail: email,
@@ -843,7 +844,7 @@ var UserService = class {
 			email: data.email,
 			userRealmName
 		});
-		const realm = this.userRealmProvider.getRealm(userRealmName);
+		const realm = this.realmProvider.getRealm(userRealmName);
 		if (data.username) {
 			if (await this.users(userRealmName).findOne({ where: { username: { eq: data.username } } }).catch(() => void 0)) {
 				this.log.debug("Username already taken", { username: data.username });
@@ -895,7 +896,7 @@ var UserService = class {
 		const before = await this.getUserById(id, userRealmName);
 		const user = await this.users(userRealmName).updateById(id, data);
 		this.log.debug("User updated", { userId: id });
-		const realm = this.userRealmProvider.getRealm(userRealmName);
+		const realm = this.realmProvider.getRealm(userRealmName);
 		const changes = {};
 		for (const key of Object.keys(data)) if (data[key] !== void 0 && before[key] !== data[key]) changes[key] = {
 			from: before[key],
@@ -921,7 +922,7 @@ var UserService = class {
 		const user = await this.getUserById(id, userRealmName);
 		await this.users(userRealmName).deleteById(id);
 		this.log.info("User deleted", { userId: id });
-		const realm = this.userRealmProvider.getRealm(userRealmName);
+		const realm = this.realmProvider.getRealm(userRealmName);
 		await this.auditService.recordUser("delete", {
 			userRealm: realm.name,
 			resourceId: id,
@@ -1025,6 +1026,67 @@ var AdminUserController = class {
 	});
 };
+//#endregion
+//#region ../../src/api/users/schemas/realmConfigSchema.ts
+const realmConfigSchema = t.object({
+	settings: realmAuthSettingsAtom.schema,
+	realmName: t.string(),
+	authenticationMethods: t.array(authenticationProviderSchema)
+});
+//#endregion
+//#region ../../src/api/users/controllers/RealmController.ts
+/**
+* Controller for exposing realm configuration.
+* Uses $route instead of $action to keep endpoints hidden from API documentation.
+*/
+var RealmController = class {
+	url = "/realms";
+	group = "realms";
+	realmProvider = $inject(RealmProvider);
+	serverAuthProvider = $inject(ServerAuthProvider);
+	/**
+	* Get realm configuration settings.
+	* This endpoint is not exposed in the API documentation.
+	*/
+	getRealmConfig = $action({
+		group: this.group,
+		method: "GET",
+		path: `${this.url}/config`,
+		secure: false,
+		cache: {
+			etag: true,
+			control: { maxAge: [24, "hours"] }
+		},
+		schema: {
+			query: t.object({ realmName: t.optional(t.string()) }),
+			response: realmConfigSchema
+		},
+		handler: ({ query }) => {
+			const { name: realmName, settings } = this.realmProvider.getRealm(query.realmName);
+			return {
+				settings,
+				realmName,
+				authenticationMethods: this.serverAuthProvider.getAuthenticationProviders({ realmName })
+			};
+		}
+	});
+	checkUsernameAvailability = $action({
+		group: this.group,
+		path: `${this.url}/check-username`,
+		secure: false,
+		schema: {
+			query: t.object({ realmName: t.optional(t.text()) }),
+			body: t.object({ username: t.text() }),
+			response: t.object({ available: t.boolean() })
+		},
+		handler: async ({ query, body }) => {
+			const realmName = query.realmName;
+			return { available: !await this.realmProvider.userRepository(realmName).findOne({ where: { username: { eq: body.username } } }).catch(() => void 0) };
+		}
+	});
+};
 //#endregion
 //#region ../../src/api/users/schemas/completePasswordResetRequestSchema.ts
 /**
@@ -1116,20 +1178,20 @@ var CredentialService = class {
 	dateTimeProvider = $inject(DateTimeProvider);
 	verificationController = $client();
 	userNotifications = $inject(UserNotifications);
-	userRealmProvider = $inject(UserRealmProvider);
+	realmProvider = $inject(RealmProvider);
 	auditService = $inject(AuditService);
 	intentCache = $cache({
 		name: "password-reset-intents",
 		ttl: [INTENT_TTL_MINUTES$1, "minutes"]
 	});
 	users(userRealmName) {
-		return this.userRealmProvider.userRepository(userRealmName);
+		return this.realmProvider.userRepository(userRealmName);
 	}
 	sessions(userRealmName) {
-		return this.userRealmProvider.sessionRepository(userRealmName);
+		return this.realmProvider.sessionRepository(userRealmName);
 	}
 	identities(userRealmName) {
-		return this.userRealmProvider.identityRepository(userRealmName);
+		return this.realmProvider.identityRepository(userRealmName);
 	}
 	/**
 	* Phase 1: Create a password reset intent.
@@ -1246,7 +1308,7 @@ var CredentialService = class {
 			userId: intent.userId,
 			email: intent.email
 		});
-		const realm = this.userRealmProvider.getRealm(intent.realmName);
+		const realm = this.realmProvider.getRealm(intent.realmName);
 		await this.auditService.recordUser("update", {
 			userId: intent.userId,
 			userEmail: intent.email,
@@ -1305,7 +1367,7 @@ var CredentialService = class {
 		const hashedPassword = await this.cryptoProvider.hashPassword(newPassword);
 		await this.identities(userRealmName).updateById(identity.id, { password: hashedPassword });
 		await this.sessions(userRealmName).deleteMany({ userId: { eq: user.id } });
-		const realm = this.userRealmProvider.getRealm(userRealmName);
+		const realm = this.realmProvider.getRealm(userRealmName);
 		await this.auditService.recordUser("update", {
 			userId: user.id,
 			userEmail: email,
@@ -1334,7 +1396,7 @@ var RegistrationService = class {
 	cryptoProvider = $inject(CryptoProvider);
 	verificationController = $client();
 	userNotifications = $inject(UserNotifications);
-	userRealmProvider = $inject(UserRealmProvider);
+	realmProvider = $inject(RealmProvider);
 	auditService = $inject(AuditService);
 	intentCache = $cache({
 		name: "registration-intents",
@@ -1352,8 +1414,7 @@ var RegistrationService = class {
 			username: body.username,
 			userRealmName
 		});
-		const realmSettings = this.userRealmProvider.getRealm(userRealmName).settings;
-		this.userRealmProvider.userRepository(userRealmName);
+		const realmSettings = this.realmProvider.getRealm(userRealmName).settings;
 		if (realmSettings?.registrationAllowed === false) {
 			this.log.warn("Registration not allowed for realm", { userRealmName });
 			throw new BadRequestError("Registration is not allowed");
@@ -1362,6 +1423,18 @@ var RegistrationService = class {
 			this.log.debug("Registration rejected: username required", { userRealmName });
 			throw new BadRequestError("Username is required");
 		}
+		if (body.username) {
+			const usernameRegExp = realmSettings?.usernameRegExp;
+			if (usernameRegExp) {
+				if (!new RegExp(usernameRegExp).test(body.username)) {
+					this.log.debug("Registration rejected: username regex mismatch", {
+						userRealmName,
+						username: body.username
+					});
+					throw new BadRequestError("Username does not meet the required format");
+				}
+			}
+		}
 		if (realmSettings?.emailRequired !== false && !body.email) {
 			this.log.debug("Registration rejected: email required", { userRealmName });
 			throw new BadRequestError("Email is required");
@@ -1428,8 +1501,8 @@ var RegistrationService = class {
 			});
 		}
 		const userRealmName = intent.realmName;
-		const userRepository = this.userRealmProvider.userRepository(userRealmName);
-		const identityRepository = this.userRealmProvider.identityRepository(userRealmName);
+		const userRepository = this.realmProvider.userRepository(userRealmName);
+		const identityRepository = this.realmProvider.identityRepository(userRealmName);
 		if (intent.requirements.email) {
 			if (!body.emailCode) {
 				this.log.debug("Registration completion missing email code", { intentId: body.intentId });
@@ -1477,7 +1550,7 @@ var RegistrationService = class {
 			email: user.email,
 			username: user.username
 		});
-		const realm = this.userRealmProvider.getRealm(userRealmName);
+		const realm = this.realmProvider.getRealm(userRealmName);
 		await this.auditService.recordUser("create", {
 			userId: user.id,
 			userEmail: user.email ?? void 0,
@@ -1497,7 +1570,7 @@ var RegistrationService = class {
 	* Check if username, email, and phone are available.
 	*/
 	async checkUserAvailability(body, userRealmName) {
-		const userRepository = this.userRealmProvider.userRepository(userRealmName);
+		const userRepository = this.realmProvider.userRepository(userRealmName);
 		if (body.username) {
 			if (await userRepository.findOne({ where: { username: { eq: body.username } } }).catch(() => void 0)) {
 				this.log.debug("Username already taken", { username: body.username });
@@ -1522,23 +1595,19 @@ var RegistrationService = class {
 	*/
 	async sendEmailVerification(email) {
 		this.log.debug("Sending email verification code", { email });
-		try {
-			const verification = await this.verificationController.requestVerificationCode({
-				params: { type: "code" },
-				body: { target: email }
-			});
-			await this.userNotifications.emailVerification.push({
-				contact: email,
-				variables: {
-					email,
-					code: verification.token,
-					expiresInMinutes: Math.floor(verification.codeExpiration / 60)
-				}
-			});
-			this.log.debug("Email verification code sent", { email });
-		} catch (error) {
-			this.log.warn("Failed to send email verification code", error);
-		}
+		const verification = await this.verificationController.requestVerificationCode({
+			params: { type: "code" },
+			body: { target: email }
+		});
+		await this.userNotifications.emailVerification.push({
+			contact: email,
+			variables: {
+				email,
+				code: verification.token,
+				expiresInMinutes: Math.floor(verification.codeExpiration / 60)
+			}
+		});
+		this.log.debug("Email verification code sent", { email });
 	}
 	/**
 	* Send phone verification code.
@@ -1831,67 +1900,6 @@ var UserController = class {
 	});
 };
-//#endregion
-//#region ../../src/api/users/schemas/userRealmConfigSchema.ts
-const userRealmConfigSchema = t.object({
-	settings: realmAuthSettingsAtom.schema,
-	realmName: t.string(),
-	authenticationMethods: t.array(authenticationProviderSchema)
-});
-//#endregion
-//#region ../../src/api/users/controllers/UserRealmController.ts
-/**
-* Controller for exposing realm configuration.
-* Uses $route instead of $action to keep endpoints hidden from API documentation.
-*/
-var UserRealmController = class {
-	url = "/realms";
-	group = "realms";
-	userRealmProvider = $inject(UserRealmProvider);
-	serverAuthProvider = $inject(ServerAuthProvider);
-	/**
-	* Get realm configuration settings.
-	* This endpoint is not exposed in the API documentation.
-	*/
-	getRealmConfig = $action({
-		group: this.group,
-		method: "GET",
-		path: `${this.url}/config`,
-		secure: false,
-		cache: {
-			etag: true,
-			control: { maxAge: [24, "hours"] }
-		},
-		schema: {
-			query: t.object({ userRealmName: t.optional(t.string()) }),
-			response: userRealmConfigSchema
-		},
-		handler: ({ query }) => {
-			const { name: realmName, settings } = this.userRealmProvider.getRealm(query.userRealmName);
-			return {
-				settings,
-				realmName,
-				authenticationMethods: this.serverAuthProvider.getAuthenticationProviders({ realmName })
-			};
-		}
-	});
-	checkUsernameAvailability = $action({
-		group: this.group,
-		path: `${this.url}/check-username`,
-		secure: false,
-		schema: {
-			query: t.object({ userRealmName: t.optional(t.text()) }),
-			body: t.object({ username: t.text() }),
-			response: t.object({ available: t.boolean() })
-		},
-		handler: async ({ query, body }) => {
-			const realmName = query.userRealmName;
-			return { available: !await this.userRealmProvider.userRepository(realmName).findOne({ where: { username: { eq: body.username } } }).catch(() => void 0) };
-		}
-	});
-};
 //#endregion
 //#region ../../src/api/users/services/SessionService.ts
 var SessionService = class {
@@ -1900,17 +1908,17 @@ var SessionService = class {
 	dateTimeProvider = $inject(DateTimeProvider);
 	cryptoProvider = $inject(CryptoProvider);
 	log = $logger();
-	userRealmProvider = $inject(UserRealmProvider);
+	realmProvider = $inject(RealmProvider);
 	fileController = $client();
 	auditService = $inject(AuditService);
 	users(userRealmName) {
-		return this.userRealmProvider.userRepository(userRealmName);
+		return this.realmProvider.userRepository(userRealmName);
 	}
 	sessions(userRealmName) {
-		return this.userRealmProvider.sessionRepository(userRealmName);
+		return this.realmProvider.sessionRepository(userRealmName);
 	}
 	identities(userRealmName) {
-		return this.userRealmProvider.identityRepository(userRealmName);
+		return this.realmProvider.identityRepository(userRealmName);
 	}
 	/**
 	* Random delay to prevent timing attacks (50-200ms)
@@ -1923,7 +1931,7 @@ var SessionService = class {
 	* Validate user credentials and return the user if valid.
 	*/
 	async login(provider, username, password, userRealmName) {
-		const { settings, name } = this.userRealmProvider.getRealm(userRealmName);
+		const { settings, name } = this.realmProvider.getRealm(userRealmName);
 		const isEmail = username.includes("@");
 		const isPhone = /^[+\d][\d\s()-]+$/.test(username);
 		const isUsername = !isEmail && !isPhone;
@@ -1933,8 +1941,27 @@ var SessionService = class {
 		try {
 			const where = users$1.createQueryWhere();
 			where.realm = name;
-			if (settings.usernameEnabled !== false && isUsername) where.username = username;
-			else if (settings.emailEnabled !== false && isEmail) where.email = username;
+			if (settings.usernameEnabled !== false && isUsername) {
+				if (settings.usernameRegExp) {
+					if (!new RegExp(settings.usernameRegExp).test(username)) {
+						this.log.warn("Username does not match required format", {
+							provider,
+							username,
+							realm: name
+						});
+						await this.auditService.recordAuth("login_failed", {
+							userRealm: name,
+							description: "Username does not match required format",
+							metadata: {
+								provider,
+								username
+							}
+						});
+						throw new InvalidCredentialsError();
+					}
+				}
+				where.username = username;
+			} else if (settings.emailEnabled !== false && isEmail) where.email = username;
 			else if (settings.phoneEnabled === true && isPhone) where.phoneNumber = username;
 			else {
 				this.log.warn("Invalid login identifier format", {
@@ -2061,7 +2088,7 @@ var SessionService = class {
 			sessionId: session.id,
 			userId: session.userId
 		});
-		const { name } = this.userRealmProvider.getRealm(userRealmName);
+		const { name } = this.realmProvider.getRealm(userRealmName);
 		await this.auditService.recordAuth("token_refresh", {
 			userId: user.id,
 			userEmail: user.email ?? void 0,
@@ -2081,7 +2108,7 @@ var SessionService = class {
 		await this.sessions(userRealmName).deleteOne({ refreshToken });
 		this.log.debug("Session deleted");
 		if (session) {
-			const { name } = this.userRealmProvider.getRealm(userRealmName);
+			const { name } = this.realmProvider.getRealm(userRealmName);
 			await this.auditService.recordAuth("logout", {
 				userId: session.userId,
 				userRealm: name,
@@ -2096,7 +2123,7 @@ var SessionService = class {
 			profileSub: profile.sub,
 			email: profile.email
 		});
-		const realm = this.userRealmProvider.getRealm(userRealmName);
+		const realm = this.realmProvider.getRealm(userRealmName);
 		const identities$1 = this.identities(userRealmName);
 		const users$1 = this.users(userRealmName);
 		const identity = await identities$1.findOne({ where: {
@@ -2224,7 +2251,7 @@ var SessionService = class {
 };
 //#endregion
-//#region ../../src/api/users/primitives/$userRealm.ts
+//#region ../../src/api/users/primitives/$realm.ts
 /**
 * Already configured realm for user management.
 *
@@ -2238,24 +2265,24 @@ var SessionService = class {
 * Environment Variables:
 * - `APP_SECRET`: Secret key for signing tokens (if not provided in options).
 */
-const $userRealm = (options = {}) => {
+const $realm = (options = {}) => {
 	const { alepha } = $context();
 	const sessionService = alepha.inject(SessionService);
 	const securityProvider = alepha.inject(SecurityProvider);
-	const userRealmProvider = alepha.inject(UserRealmProvider);
-	const name = options.realm?.name ?? DEFAULT_USER_REALM_NAME;
+	const realmProvider = alepha.inject(RealmProvider);
+	const name = options.issuer?.name ?? DEFAULT_USER_REALM_NAME;
 	options.settings ??= {};
 	if (options.settings.emailRequired) options.settings.emailEnabled = true;
 	if (options.settings.usernameRequired) options.settings.usernameEnabled = true;
 	if (options.settings.phoneRequired) options.settings.phoneEnabled = true;
-	const userRealm = userRealmProvider.register(name, options);
+	const realmRegistration = realmProvider.register(name, options);
 	alepha.with(AlephaApiFiles);
 	alepha.with(AlephaApiAudits);
-	const realm = $realm({
-		...options.realm,
+	const realm = $issuer({
+		...options.issuer,
 		name,
 		secret: options.secret ?? securityProvider.secretKey,
-		roles: options.realm?.roles ?? [{
+		roles: options.issuer?.roles ?? [{
 			name: "admin",
 			permissions: [{ name: "*" }]
 		}, {
@@ -2278,7 +2305,7 @@ const $userRealm = (options = {}) => {
 			onDeleteSession: async (refreshToken) => {
 				await sessionService.deleteSession(refreshToken);
 			},
-			...options.realm?.settings
+			...options.issuer?.settings
 		}
 	});
 	realm.link = (name$1) => {
@@ -2293,7 +2320,7 @@ const $userRealm = (options = {}) => {
 	if (identities$1) {
 		const auth = {};
 		if (identities$1.credentials) auth.credentials = $authCredentials(realm);
-		else userRealm.settings.registrationAllowed = false;
+		else realmRegistration.settings.registrationAllowed = false;
 		if (identities$1.google) auth.google = $authGoogle(realm);
 		if (identities$1.github) auth.github = $authGithub(realm);
 		alepha.with(() => auth);
@@ -2376,7 +2403,7 @@ const AlephaApiUsers = $module({
 		AlephaServerHelmet,
 		AlephaServerCompress,
 		AlephaEmail,
-		UserRealmProvider,
+		RealmProvider,
 		SessionService,
 		SessionCrudService,
 		CredentialService,
@@ -2387,11 +2414,11 @@ const AlephaApiUsers = $module({
 		AdminUserController,
 		AdminSessionController,
 		AdminIdentityController,
-		UserRealmController,
+		RealmController,
 		UserNotifications
 	]
 });
 //#endregion
-export { $userRealm, AdminIdentityController, AdminSessionController, AdminUserController, AlephaApiUsers, CredentialService, DEFAULT_USER_REALM_NAME, IdentityService, RegistrationService, SessionCrudService, SessionService, UserController, UserRealmController, UserRealmProvider, UserService, completePasswordResetRequestSchema, completeRegistrationRequestSchema, createUserSchema, identities, identityQuerySchema, identityResourceSchema, loginSchema, passwordResetIntentResponseSchema, realmAuthSettingsAtom, registerSchema, registrationIntentResponseSchema, resetPasswordRequestSchema, resetPasswordSchema, sessionQuerySchema, sessionResourceSchema, sessions, updateUserSchema, userQuerySchema, userRealmConfigSchema, userResourceSchema, users };
+export { $realm, AdminIdentityController, AdminSessionController, AdminUserController, AlephaApiUsers, CredentialService, DEFAULT_USER_REALM_NAME, IdentityService, RealmController, RealmProvider, RegistrationService, SessionCrudService, SessionService, UserController, UserService, completePasswordResetRequestSchema, completeRegistrationRequestSchema, createUserSchema, identities, identityQuerySchema, identityResourceSchema, loginSchema, passwordResetIntentResponseSchema, realmAuthSettingsAtom, realmConfigSchema, registerSchema, registrationIntentResponseSchema, resetPasswordRequestSchema, resetPasswordSchema, sessionQuerySchema, sessionResourceSchema, sessions, updateUserSchema, userQuerySchema, userResourceSchema, users };
 //# sourceMappingURL=index.js.map