alepha 0.7.7 → 0.8.1

package/retry.d.ts

@@ -1,71 +1,92 @@
-import { MaybePromise } from "@alepha/core";
+import { AlephaError, MaybePromise } from "alepha";
+import { DateTimeProvider, DurationLike } from "alepha/datetime";
 
 //#region src/descriptors/$retry.d.ts
 
 /**
- * `$retry` creates a retry descriptor.
- *
- * It will retry the given function up to `max` times with a delay of `delay` milliseconds between attempts.
- *
- * @example
- * ```ts
- * import { $retry } from "@alepha/core";
- *
- * class MyService {
- * 	fetchData = $retry({
- * 		max: 5, // maximum number of attempts
- * 		delay: 1000, // ms
- * 		when: (error) => error.message.includes("Network Error"),
- * 		handler: async (url: string) => {
- * 			const response = await fetch(url);
- * 			if (!response.ok) {
- * 				throw new Error(`Failed to fetch: ${response.statusText}`);
- * 			}
- * 			return response.json();
- * 		},
- * 		onError: (error, attempt, url) => {
- * 	    // error happened, log it or handle it
- * 			console.error(`Attempt ${attempt} failed for ${url}:`, error);
- * 		},
- * 	});
- * }
- * ```
- */
+* Creates a function that automatically retries a handler upon failure,
+* with support for exponential backoff, max duration, and cancellation.
+*/
 declare const $retry: <T extends (...args: any[]) => any>(opts: RetryDescriptorOptions<T>) => RetryDescriptor<T>;
-/**
- * Retry Descriptor options.
- */
+// ---------------------------------------------------------------------------------------------------------------------
+// TODO: move to RetryProvider
+declare const createRetryHandler: <T extends (...args: any[]) => any>(opts: RetryDescriptorOptions<T>, dateTimeProvider: DateTimeProvider, appAbortController?: AbortController) => RetryDescriptor<T>;
+// ---------------------------------------------------------------------------------------------------------------------
+interface RetryBackoffOptions {
+  /**
+  * Initial delay in milliseconds.
+  *
+  * @default 200
+  */
+  initial?: number;
+  /**
+  * Multiplier for each subsequent delay.
+  *
+  * @default 2
+  */
+  factor?: number;
+  /**
+  * Maximum delay in milliseconds.
+  */
+  max?: number;
+  /**
+  * If true, adds a random jitter to the delay to prevent thundering herd.
+  *
+  * @default true
+  */
+  jitter?: boolean;
+}
 interface RetryDescriptorOptions<T extends (...args: any[]) => any> {
   /**
-   * Maximum number of attempts.
-   *
-   * @default 3
-   */
+  * The function to retry.
+  */
+  handler: T;
+  /**
+  * The maximum number of attempts.
+  *
+  * @default 3
+  */
   max?: number;
   /**
-   * Delay in milliseconds.
-   *
-   * @default 0
-   */
-  delay?: number;
+  * The backoff strategy for delays between retries.
+  * Can be a fixed number (in ms) or a configuration object for exponential backoff.
+  *
+  * @default { initial: 200, factor: 2, jitter: true }
+  */
+  backoff?: number | RetryBackoffOptions;
+  /**
+  * An overall time limit for all retry attempts combined.
+  *
+  * e.g., `[5, 'seconds']`
+  */
+  maxDuration?: DurationLike;
   /**
-   * Optional condition to determine when to retry.
-   */
+  * A function that determines if a retry should be attempted based on the error.
+  *
+  * @default (error) => true (retries on any error)
+  */
   when?: (error: Error) => boolean;
   /**
-   * The function to retry.
-   */
-  handler: T;
+  * A custom callback for when a retry attempt fails.
+  * This is called before the delay.
+  */
+  onError?: (error: Error, attempt: number, ...args: Parameters<T>) => void;
   /**
-   * Optional error handler.
-   *
-   * This will be called when an error occurs.
-   *
-   * @default undefined
-   */
-  onError?: (error: Error, attempt: number, ...parameters: Parameters<T>) => void;
+  * An AbortSignal to allow for external cancellation of the retry loop.
+  */
+  signal?: AbortSignal;
 }
 type RetryDescriptor<T extends (...args: any[]) => any> = (...parameters: Parameters<T>) => MaybePromise<ReturnType<T>>;
 //#endregion
-export { $retry, RetryDescriptor, RetryDescriptorOptions };
+//#region src/errors/RetryCancelError.d.ts
+declare class RetryCancelError extends AlephaError {
+  constructor();
+}
+//#endregion
+//#region src/errors/RetryTimeoutError.d.ts
+declare class RetryTimeoutError extends AlephaError {
+  constructor(duration: number);
+}
+//#endregion
+export { $retry, RetryBackoffOptions, RetryCancelError, RetryDescriptor, RetryDescriptorOptions, RetryTimeoutError, createRetryHandler };
 //# sourceMappingURL=index.d.ts.map

package/router.cjs

@@ -0,0 +1,8 @@
+'use strict';
+var m = require('@alepha/router');
+Object.keys(m).forEach(function (k) {
+	if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) Object.defineProperty(exports, k, {
+		enumerable: true,
+		get: function () { return m[k]; }
+	});
+});

package/router.d.ts

@@ -0,0 +1,45 @@
+//#region src/providers/RouterProvider.d.ts
+declare class RouterProvider<T extends Route = Route> {
+  protected routePathRegex: RegExp;
+  protected tree: Tree<T>;
+  readonly routes: T[];
+  push(route: T): void;
+  match(path: string): RouteMatch<T>;
+  protected createRouteMatch(path: string): RouteMatch<T>;
+  protected mapParams(match: RouteMatch<T>): RouteMatch<T>;
+  protected createParts(path: string): string[];
+}
+interface RouteMatch<T extends Route> {
+  route?: T;
+  params?: Record<string, string>;
+}
+interface Route {
+  path: string;
+  /**
+  * Rename a param in the route.
+  * This is automatically filled when you have scenarios like:
+  * `/customers/:id` and `/customers/:userId/payments`
+  *
+  * In this case, `:id` will be renamed to `:userId` in the second route.
+  */
+  mapParams?: Record<string, string>;
+}
+interface Tree<T extends Route> {
+  route?: T;
+  children: {
+    [key: string]: Tree<T>;
+  };
+  param?: {
+    route?: T;
+    name: string;
+    children: {
+      [key: string]: Tree<T>;
+    };
+  };
+  wildcard?: {
+    route: T;
+  };
+}
+//#endregion
+export { Route, RouteMatch, RouterProvider, Tree };
+//# sourceMappingURL=index.d.ts.map

package/router.js

@@ -0,0 +1 @@
+export * from '@alepha/router'

package/scheduler.d.ts

@@ -1,10 +1,9 @@
-import * as _alepha_core9 from "@alepha/core";
-import * as _alepha_core2 from "@alepha/core";
-import { Alepha, Async, KIND, OPTIONS, Static } from "@alepha/core";
-import * as _alepha_lock8 from "@alepha/lock";
-import { DateTime, DateTimeProvider, DurationLike, Interval } from "@alepha/datetime";
+import * as _alepha_core9 from "alepha";
+import * as _alepha_core0 from "alepha";
+import { Alepha, Async, KIND, OPTIONS, Static } from "alepha";
+import * as _alepha_lock8 from "alepha/lock";
+import { DateTime, DateTimeProvider, DurationLike, Interval } from "alepha/datetime";
 import { Cron } from "cron-schedule";
-import * as _sinclair_typebox0 from "@sinclair/typebox";
 import * as dayjs10 from "dayjs";
 
 //#region src/descriptors/$scheduler.d.ts
@@ -16,7 +15,6 @@ declare const $scheduler: {
   (options: SchedulerDescriptorOptions): SchedulerDescriptor;
   [KIND]: string;
 };
-declare const isScheduler: (value: any) => value is SchedulerDescriptor;
 type SchedulerDescriptorOptions = {
   /**
    * Function to run on schedule.
@@ -77,16 +75,17 @@ declare class CronProvider {
   }) => Promise<void>): CronJob;
   run(task: CronJob, now?: dayjs10.Dayjs): void;
 }
+//# sourceMappingURL=CronScheduler.d.ts.map
 //#endregion
 //#region src/providers/SchedulerDescriptorProvider.d.ts
-declare const envSchema: _alepha_core2.TObject<{
-  SCHEDULER_PREFIX: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
+declare const envSchema: _alepha_core0.TObject<{
+  SCHEDULER_PREFIX: _alepha_core0.TOptional<_alepha_core0.TString>;
 }>;
 declare module "alepha" {
   interface Env extends Partial<Static<typeof envSchema>> {}
 }
 declare class SchedulerDescriptorProvider {
-  protected readonly log: _alepha_core2.Logger;
+  protected readonly log: _alepha_core0.Logger;
   protected readonly env: {
     SCHEDULER_PREFIX?: string | undefined;
   };
@@ -94,9 +93,9 @@ declare class SchedulerDescriptorProvider {
   protected readonly dateTimeProvider: DateTimeProvider;
   protected readonly cronProvider: CronProvider;
   protected readonly schedulers: Scheduler[];
-  protected readonly configure: _alepha_core2.HookDescriptor<"configure">;
-  protected readonly start: _alepha_core2.HookDescriptor<"start">;
-  protected readonly stop: _alepha_core2.HookDescriptor<"stop">;
+  protected readonly configure: _alepha_core0.HookDescriptor<"configure">;
+  protected readonly start: _alepha_core0.HookDescriptor<"start">;
+  protected readonly stop: _alepha_core0.HookDescriptor<"stop">;
   /**
    * Get the schedulers.
    */
@@ -143,8 +142,6 @@ interface Scheduler {
 //#endregion
 //#region src/index.d.ts
 /**
- * Alepha Scheduler Module
- *
  * Generic interface for scheduling tasks.
  *
  * @see {@link $scheduler}
@@ -154,6 +151,8 @@ declare class AlephaScheduler {
   readonly name = "alepha.scheduler";
   readonly $services: (alepha: Alepha) => Alepha;
 }
+//# sourceMappingURL=index.d.ts.map
+
 //#endregion
-export { $scheduler, AlephaScheduler, Scheduler, SchedulerDescriptor, SchedulerDescriptorOptions, SchedulerDescriptorProvider, SchedulerHandlerArguments, isScheduler };
+export { $scheduler, AlephaScheduler, Scheduler, SchedulerDescriptor, SchedulerDescriptorOptions, SchedulerDescriptorProvider, SchedulerHandlerArguments };
 //# sourceMappingURL=index.d.ts.map

package/security.d.ts

@@ -1,10 +1,9 @@
-import * as _alepha_core7 from "@alepha/core";
-import * as _alepha_core2 from "@alepha/core";
-import { Alepha, KIND, OPTIONS, Static } from "@alepha/core";
-import { DateTimeProvider } from "@alepha/datetime";
+import * as _alepha_core15 from "alepha";
+import * as _alepha_core16 from "alepha";
+import { Alepha, KIND, OPTIONS, Static } from "alepha";
+import { DateTimeProvider } from "alepha/datetime";
 import { CryptoKey, FlattenedJWSInput, JSONWebKeySet, JWSHeaderParameters, JWTHeaderParameters, JWTPayload, JWTVerifyResult, KeyObject } from "jose";
-import * as _sinclair_typebox8 from "@sinclair/typebox";
-import * as _sinclair_typebox18 from "@sinclair/typebox";
+import * as _sinclair_typebox22 from "@sinclair/typebox";
 import * as _sinclair_typebox1 from "@sinclair/typebox";
 
 //#region src/interfaces/UserAccountInfo.d.ts
@@ -37,19 +36,28 @@ interface UserAccountInfo {
    */
   organization?: string;
 }
+//# sourceMappingURL=UserAccountInfo.d.ts.map
 //#endregion
 //#region src/schemas/permissionSchema.d.ts
-declare const permissionSchema: _sinclair_typebox8.TObject<{
-  name: _sinclair_typebox8.TString;
-  group: _sinclair_typebox8.TOptional<_sinclair_typebox8.TString>;
-  description: _sinclair_typebox8.TOptional<_sinclair_typebox8.TString>;
-  method: _sinclair_typebox8.TOptional<_sinclair_typebox8.TString>;
-  path: _sinclair_typebox8.TOptional<_sinclair_typebox8.TString>;
+declare const permissionSchema: _sinclair_typebox22.TObject<{
+  name: _sinclair_typebox22.TString;
+  group: _sinclair_typebox22.TOptional<_sinclair_typebox22.TString>;
+  description: _sinclair_typebox22.TOptional<_sinclair_typebox22.TString>;
+  method: _sinclair_typebox22.TOptional<_sinclair_typebox22.TString>;
+  path: _sinclair_typebox22.TOptional<_sinclair_typebox22.TString>;
 }>;
 type Permission = Static<typeof permissionSchema>;
+//# sourceMappingURL=permissionSchema.d.ts.map
 //#endregion
 //#region src/descriptors/$permission.d.ts
 declare const KEY$2 = "PERMISSION";
+/**
+ *
+ */
+declare const $permission: {
+  (options?: PermissionDescriptorOptions): PermissionDescriptor;
+  [KIND]: string;
+};
 interface PermissionDescriptorOptions {
   /**
    * Name of the permission. Use Property name is not provided.
@@ -84,10 +92,6 @@ interface PermissionDescriptor {
    */
   can(user: UserAccountInfo): boolean;
 }
-declare const $permission: {
-  (options?: PermissionDescriptorOptions): PermissionDescriptor;
-  [KIND]: string;
-};
 //#endregion
 //#region src/interfaces/UserAccountToken.d.ts
 interface UserAccountToken extends UserAccountInfo {
@@ -102,26 +106,28 @@ interface UserAccountToken extends UserAccountInfo {
    */
   ownership?: string | boolean;
 }
+//# sourceMappingURL=UserAccountToken.d.ts.map
 //#endregion
 //#region src/schemas/roleSchema.d.ts
-declare const roleSchema: _sinclair_typebox18.TObject<{
-  name: _sinclair_typebox18.TString;
-  description: _sinclair_typebox18.TOptional<_sinclair_typebox18.TString>;
-  default: _sinclair_typebox18.TOptional<_sinclair_typebox18.TBoolean>;
-  permissions: _sinclair_typebox18.TArray<_sinclair_typebox18.TObject<{
-    name: _sinclair_typebox18.TString;
-    ownership: _sinclair_typebox18.TOptional<_sinclair_typebox18.TBoolean>;
-    exclude: _sinclair_typebox18.TOptional<_sinclair_typebox18.TArray<_sinclair_typebox18.TString>>;
+declare const roleSchema: _sinclair_typebox1.TObject<{
+  name: _sinclair_typebox1.TString;
+  description: _sinclair_typebox1.TOptional<_sinclair_typebox1.TString>;
+  default: _sinclair_typebox1.TOptional<_sinclair_typebox1.TBoolean>;
+  permissions: _sinclair_typebox1.TArray<_sinclair_typebox1.TObject<{
+    name: _sinclair_typebox1.TString;
+    ownership: _sinclair_typebox1.TOptional<_sinclair_typebox1.TBoolean>;
+    exclude: _sinclair_typebox1.TOptional<_sinclair_typebox1.TArray<_sinclair_typebox1.TString>>;
   }>>;
 }>;
 type Role = Static<typeof roleSchema>;
+//# sourceMappingURL=roleSchema.d.ts.map
 //#endregion
 //#region src/providers/JwtProvider.d.ts
 /**
  * Provides utilities for working with JSON Web Tokens (JWT).
  */
 declare class JwtProvider {
-  protected readonly log: _alepha_core7.Logger;
+  protected readonly log: _alepha_core15.Logger;
   protected readonly keystore: KeyLoaderHolder[];
   protected readonly dateTimeProvider: DateTimeProvider;
   /**
@@ -202,10 +208,11 @@ interface JwtParseResult {
   keyName: string;
   result: JWTVerifyResult<ExtendedJWTPayload>;
 }
+//# sourceMappingURL=JwtProvider.d.ts.map
 //#endregion
 //#region src/providers/SecurityProvider.d.ts
-declare const envSchema: _alepha_core2.TObject<{
-  SECURITY_SECRET_KEY: _sinclair_typebox1.TString;
+declare const envSchema: _alepha_core16.TObject<{
+  SECURITY_SECRET_KEY: _alepha_core16.TString;
 }>;
 declare module "alepha" {
   interface Env extends Partial<Static<typeof envSchema>> {}
@@ -214,7 +221,7 @@ declare class SecurityProvider {
   protected readonly UNKNOWN_USER_NAME = "Unknown User";
   protected readonly PERMISSION_REGEXP: RegExp;
   protected readonly PERMISSION_REGEXP_WILDCARD: RegExp;
-  protected readonly log: _alepha_core2.Logger;
+  protected readonly log: _alepha_core16.Logger;
   protected readonly jwt: JwtProvider;
   protected readonly env: {
     SECURITY_SECRET_KEY: string;
@@ -232,7 +239,7 @@ declare class SecurityProvider {
    * Create realms.
    */
   protected createRealms(): Realm[];
-  protected configure: _alepha_core2.HookDescriptor<"configure">;
+  protected configure: _alepha_core16.HookDescriptor<"configure">;
   /**
    * Processes all $permission descriptors.
    */
@@ -245,7 +252,7 @@ declare class SecurityProvider {
    * Processes all $role descriptors.
    */
   protected processRoleDescriptors(): void;
-  protected ready: _alepha_core2.HookDescriptor<"ready">;
+  protected ready: _alepha_core16.HookDescriptor<"ready">;
   /**
    * Updates the roles for a realm then synchronizes the user account provider if available.
    *
@@ -390,6 +397,14 @@ interface RealmConfig {
 //#endregion
 //#region src/descriptors/$realm.d.ts
 declare const KEY$1 = "REALM";
+/**
+ *
+ * @param options
+ */
+declare const $realm: {
+  (options?: RealmDescriptorOptions): RealmDescriptor;
+  [KIND]: string;
+};
 interface RealmDescriptorOptions {
   /**
    * Define the realm name.
@@ -438,13 +453,16 @@ interface RealmDescriptor {
    */
   createToken(subject: string, roles?: string[]): Promise<string>;
 }
-declare const $realm: {
-  (options?: RealmDescriptorOptions): RealmDescriptor;
-  [KIND]: string;
-};
 //#endregion
 //#region src/descriptors/$role.d.ts
 declare const KEY = "ROLE";
+/**
+ *
+ */
+declare const $role: {
+  (options?: RoleDescriptorOptions): RoleDescriptor;
+  [KIND]: string;
+};
 interface RoleDescriptorOptions {
   /**
    * Name of the role.
@@ -467,10 +485,6 @@ interface RoleDescriptor {
    */
   (): Role;
 }
-declare const $role: {
-  (options?: RoleDescriptorOptions): RoleDescriptor;
-  [KIND]: string;
-};
 //#endregion
 //#region src/descriptors/$serviceAccount.d.ts
 /**
@@ -482,7 +496,7 @@ declare const $role: {
  *
  * @example
  * ```ts
- * import { $serviceAccount } from "@alepha/security";
+ * import { $serviceAccount } from "alepha/security";
  *
  * class MyService {
  *   serviceAccount = $serviceAccount({
@@ -539,20 +553,24 @@ interface AccessTokenResponse {
 interface ServiceAccountStore {
   response?: AccessTokenResponse;
 }
+//# sourceMappingURL=$serviceAccount.d.ts.map
 //#endregion
 //#region src/errors/InvalidPermissionError.d.ts
 declare class InvalidPermissionError extends Error {
   constructor(name: string);
 }
+//# sourceMappingURL=InvalidPermissionError.d.ts.map
 //#endregion
 //#region src/errors/SecurityError.d.ts
 declare class SecurityError extends Error {
   readonly status = 403;
   readonly code = "ERR_SECURITY";
 }
+//# sourceMappingURL=SecurityError.d.ts.map
+
 //#endregion
 //#region src/index.d.ts
-declare module "alepha/core" {
+declare module "alepha" {
   interface Hooks {
     "security:user:created": {
       realm: string;
@@ -560,10 +578,181 @@ declare module "alepha/core" {
     };
   }
 }
+/**
+ * Provides comprehensive authentication and authorization capabilities with JWT tokens, role-based access control, and user management.
+ *
+ * The security module enables building secure applications using descriptors like `$realm`, `$role`, and `$permission`
+ * on class properties. It offers JWT-based authentication, fine-grained permissions, service accounts, and seamless
+ * integration with various authentication providers and user management systems.
+ *
+ * **Key Features:**
+ * - Declarative realm definition with `$realm` descriptor for user authentication
+ * - Role-based access control with `$role` descriptor
+ * - Fine-grained permissions with `$permission` descriptor
+ * - Service account management with `$serviceAccount` descriptor
+ * - JWT token generation and validation
+ * - OAuth integration and external provider support
+ * - User session management and security hooks
+ *
+ * **Basic Usage:**
+ * ```ts
+ * import { Alepha, run, t } from "alepha";
+ * import { AlephaSecurity, $realm, $role, $permission } from "alepha/security";
+ *
+ * // Define user roles
+ * const adminRole = $role({
+ *   name: "admin",
+ *   description: "Administrator with full access",
+ * });
+ *
+ * const userRole = $role({
+ *   name: "user",
+ *   description: "Regular user with limited access",
+ * });
+ *
+ * // Define permissions
+ * const readUsersPermission = $permission({
+ *   name: "users:read",
+ *   description: "Read user information",
+ * });
+ *
+ * const writeUsersPermission = $permission({
+ *   name: "users:write",
+ *   description: "Create and update users",
+ * });
+ *
+ * // Define authentication realm
+ * class AuthSystem {
+ *   userRealm = $realm({
+ *     name: "users",
+ *     roles: [adminRole, userRole],
+ *     permissions: [readUsersPermission, writeUsersPermission],
+ *     authenticate: async (token: string) => {
+ *       // Validate user token and return user info
+ *       const user = await validateUserToken(token);
+ *       return {
+ *         id: user.id,
+ *         email: user.email,
+ *         roles: user.roles,
+ *         permissions: user.permissions,
+ *       };
+ *     },
+ *   });
+ * }
+ *
+ * const alepha = Alepha.create()
+ *   .with(AlephaSecurity)
+ *   .with(AuthSystem);
+ *
+ * run(alepha);
+ * ```
+ *
+ * **OAuth Integration:**
+ * ```ts
+ * import { $serviceAccount } from "alepha/security";
+ *
+ * class OAuthSystem {
+ *   googleAuth = $realm({
+ *     name: "google-oauth",
+ *     provider: "oauth",
+ *     config: {
+ *       clientId: process.env.GOOGLE_CLIENT_ID,
+ *       clientSecret: process.env.GOOGLE_CLIENT_SECRET,
+ *       redirectUri: "https://myapp.com/auth/callback",
+ *       scope: ["email", "profile"],
+ *     },
+ *     authenticate: async (oauthToken: string) => {
+ *       const userInfo = await fetchGoogleUserInfo(oauthToken);
+ *       return {
+ *         id: userInfo.sub,
+ *         email: userInfo.email,
+ *         name: userInfo.name,
+ *         roles: ["user"],
+ *       };
+ *     },
+ *   });
+ *
+ *   serviceAccount = $serviceAccount({
+ *     name: "api-service",
+ *     permissions: ["api:read", "api:write"],
+ *     secret: process.env.SERVICE_ACCOUNT_SECRET,
+ *   });
+ * }
+ * ```
+ *
+ * **Role and Permission Management:**
+ * ```ts
+ * class PermissionSystem {
+ *   // Define hierarchical roles
+ *   superAdminRole = $role({
+ *     name: "super-admin",
+ *     inherits: [adminRole],
+ *     permissions: ["*"], // All permissions
+ *   });
+ *
+ *   moderatorRole = $role({
+ *     name: "moderator",
+ *     inherits: [userRole],
+ *     permissions: ["posts:moderate", "comments:moderate"],
+ *   });
+ *
+ *   // Define resource-specific permissions
+ *   postPermissions = [
+ *     $permission({ name: "posts:create", description: "Create posts" }),
+ *     $permission({ name: "posts:edit", description: "Edit posts" }),
+ *     $permission({ name: "posts:delete", description: "Delete posts" }),
+ *     $permission({ name: "posts:moderate", description: "Moderate posts" }),
+ *   ];
+ *
+ *   // Check permissions in application logic
+ *   async checkUserPermission(userId: string, permission: string) {
+ *     const user = await this.userRealm.getUser(userId);
+ *     return user.permissions.includes(permission);
+ *   }
+ * }
+ * ```
+ *
+ * **JWT Token Management:**
+ * ```ts
+ * class TokenSystem {
+ *   userTokens = $realm({
+ *     name: "jwt-tokens",
+ *     jwtConfig: {
+ *       secret: process.env.JWT_SECRET,
+ *       expiresIn: "24h",
+ *       issuer: "myapp.com",
+ *       audience: "myapp-users",
+ *     },
+ *     authenticate: async (jwtToken: string) => {
+ *       // JWT validation is handled automatically
+ *       // Return user data from token payload
+ *       return jwtToken.payload;
+ *     },
+ *   });
+ *
+ *   async generateUserToken(user: { id: string; email: string; roles: string[] }) {
+ *     return await this.userTokens.generateToken({
+ *       sub: user.id,
+ *       email: user.email,
+ *       roles: user.roles,
+ *       iat: Date.now(),
+ *     });
+ *   }
+ * }
+ * ```
+ *
+ * @see {@link $realm}
+ * @see {@link $role}
+ * @see {@link $permission}
+ * @see {@link $serviceAccount}
+ * @module alepha.security
+ */
 declare class AlephaSecurity {
   readonly name = "alepha.security";
   readonly $services: (alepha: Alepha) => Alepha;
 }
+//# sourceMappingURL=index.d.ts.map
+
 //#endregion
 export { $permission, $realm, $role, $serviceAccount, AccessTokenResponse, AlephaSecurity, ExtendedJWTPayload, InvalidPermissionError, JwtParseResult, JwtProvider, JwtServiceAccountDescriptorOptions, JwtSignOptions, KeyLoader, KeyLoaderHolder, Oauth2ServiceAccountDescriptorOptions, Permission, PermissionDescriptor, PermissionDescriptorOptions, Realm, RealmConfig, RealmDescriptor, RealmDescriptorOptions, Role, RoleDescriptor, RoleDescriptorOptions, SecurityCheckResult, SecurityError, SecurityProvider, SecurityUserAccountProvider, ServiceAccountDescriptor, ServiceAccountDescriptorOptions, ServiceAccountStore, UserAccountInfo, UserAccountToken, permissionSchema, roleSchema };
 //# sourceMappingURL=index.d.ts.map