appos 0.6.0-0 → 0.6.1-0

package/dist/alert-BdX0Zt8k.js

@@ -0,0 +1,103 @@
+import { t as cn } from "./utils-4n921m5r.js";
+import { jsx } from "react/jsx-runtime";
+import { cva } from "class-variance-authority";
+
+//#region src/web/ui/alert.tsx
+/** Alert variant styles for different semantic meanings. */
+const alertVariants = cva("grid gap-0.5 rounded-lg border px-4 py-3 text-left text-sm has-data-[slot=alert-action]:relative has-data-[slot=alert-action]:pr-18 has-[>svg]:grid-cols-[auto_1fr] has-[>svg]:gap-x-2.5 *:[svg]:row-span-2 *:[svg]:translate-y-0.5 *:[svg]:text-current *:[svg:not([class*='size-'])]:size-4 w-full relative group/alert", {
+	variants: { variant: {
+		default: "bg-card text-card-foreground border-border",
+		info: "bg-blue-50 dark:bg-blue-950/20 text-blue-900 dark:text-blue-100 border-blue-200 dark:border-blue-800 *:data-[slot=alert-description]:text-blue-800 dark:*:data-[slot=alert-description]:text-blue-200 *:[svg]:text-blue-600 dark:*:[svg]:text-blue-400",
+		success: "bg-green-50 dark:bg-green-950/20 text-green-900 dark:text-green-100 border-green-200 dark:border-green-800 *:data-[slot=alert-description]:text-green-800 dark:*:data-[slot=alert-description]:text-green-200 *:[svg]:text-green-600 dark:*:[svg]:text-green-400",
+		warning: "bg-amber-50 dark:bg-amber-950/20 text-amber-900 dark:text-amber-100 border-amber-200 dark:border-amber-800 *:data-[slot=alert-description]:text-amber-800 dark:*:data-[slot=alert-description]:text-amber-200 *:[svg]:text-amber-600 dark:*:[svg]:text-amber-400",
+		destructive: "bg-destructive/10 text-destructive border-destructive/50 *:data-[slot=alert-description]:text-destructive/90 *:[svg]:text-current"
+	} },
+	defaultVariants: { variant: "default" }
+});
+/**
+* A contextual feedback message for user actions or system status.
+*
+* Supports semantic variants (info, success, warning, destructive) with
+* appropriate color coding. Use with AlertTitle and AlertDescription for
+* structured content, and AlertAction for dismissal or action buttons.
+*
+* @example
+* ```tsx
+* <Alert variant="info">
+*   <InfoIcon />
+*   <AlertTitle>Heads up!</AlertTitle>
+*   <AlertDescription>This is an informational alert.</AlertDescription>
+* </Alert>
+* ```
+*/
+function Alert({ className, variant, ...props }) {
+	return /* @__PURE__ */ jsx("div", {
+		"data-slot": "alert",
+		role: "alert",
+		className: cn(alertVariants({ variant }), className),
+		...props
+	});
+}
+/**
+* The title heading for an Alert component.
+*
+* Displays prominently with medium font weight. Automatically positioned
+* after any icon in the alert.
+*
+* @example
+* ```tsx
+* <AlertTitle>Success!</AlertTitle>
+* ```
+*/
+function AlertTitle({ className, ...props }) {
+	return /* @__PURE__ */ jsx("div", {
+		"data-slot": "alert-title",
+		className: cn("font-medium group-has-[>svg]/alert:col-start-2 [&_a]:hover:text-foreground [&_a]:underline [&_a]:underline-offset-3", className),
+		...props
+	});
+}
+/**
+* The descriptive text content for an Alert component.
+*
+* Displays in muted foreground color with proper text wrapping. Supports
+* multiple paragraphs with automatic spacing.
+*
+* @example
+* ```tsx
+* <AlertDescription>
+*   Your changes have been saved successfully.
+* </AlertDescription>
+* ```
+*/
+function AlertDescription({ className, ...props }) {
+	return /* @__PURE__ */ jsx("div", {
+		"data-slot": "alert-description",
+		className: cn("text-muted-foreground text-sm text-balance md:text-pretty [&_p:not(:last-child)]:mb-4 [&_a]:hover:text-foreground [&_a]:underline [&_a]:underline-offset-3", className),
+		...props
+	});
+}
+/**
+* An action slot positioned in the top-right corner of an Alert.
+*
+* Use for dismiss buttons or quick actions. Absolutely positioned to not
+* interfere with the alert content flow.
+*
+* @example
+* ```tsx
+* <AlertAction>
+*   <Button variant="ghost" size="icon-sm" aria-label="Dismiss">
+*     <XIcon />
+*   </Button>
+* </AlertAction>
+* ```
+*/
+function AlertAction({ className, ...props }) {
+	return /* @__PURE__ */ jsx("div", {
+		"data-slot": "alert-action",
+		className: cn("absolute top-2.5 right-3", className),
+		...props
+	});
+}
+
+//#endregion
+export { AlertTitle as i, AlertAction as n, AlertDescription as r, Alert as t };

package/dist/animated-check-CKu20goQ.js

@@ -0,0 +1,68 @@
+import { t as cn } from "./utils-4n921m5r.js";
+import { Fragment, jsx, jsxs } from "react/jsx-runtime";
+
+//#region src/web/ui/animated-check.tsx
+/**
+* Animated checkmark with draw-in animation (Apple-style).
+* Uses inline keyframes for self-contained animation without Tailwind config.
+*
+* @example
+* ```tsx
+* // Success state in auth forms
+* <AnimatedCheck size="lg" color="green" />
+*
+* // Primary color variant
+* <AnimatedCheck size="default" color="primary" />
+* ```
+*/
+function AnimatedCheck({ className, size = "default", color = "green" }) {
+	return /* @__PURE__ */ jsxs(Fragment, { children: [/* @__PURE__ */ jsx("style", { children: `
+				@keyframes ac-scale-in {
+					from { transform: scale(0); opacity: 0; }
+					to { transform: scale(1); opacity: 1; }
+				}
+				@keyframes ac-draw-check {
+					to { stroke-dashoffset: 0; }
+				}
+			` }), /* @__PURE__ */ jsxs("svg", {
+		className: cn({
+			xs: "size-6",
+			sm: "size-8",
+			default: "size-12",
+			lg: "size-16",
+			xl: "size-20"
+		}[size], {
+			green: "text-green-600 dark:text-green-400",
+			primary: "text-primary"
+		}[color], className),
+		viewBox: "0 0 52 52",
+		fill: "none",
+		xmlns: "http://www.w3.org/2000/svg",
+		role: "img",
+		"aria-label": "Success",
+		children: [/* @__PURE__ */ jsx("circle", {
+			cx: "26",
+			cy: "26",
+			r: "25",
+			fill: "currentColor",
+			fillOpacity: "0.1",
+			style: {
+				transformOrigin: "center",
+				animation: "ac-scale-in 0.3s ease-out forwards"
+			}
+		}), /* @__PURE__ */ jsx("path", {
+			d: "M14 27l8 8 16-16",
+			stroke: "currentColor",
+			strokeWidth: "3",
+			strokeLinecap: "round",
+			strokeLinejoin: "round",
+			fill: "none",
+			strokeDasharray: "40",
+			strokeDashoffset: "40",
+			style: { animation: "ac-draw-check 0.3s ease-out 0.2s forwards" }
+		})]
+	})] });
+}
+
+//#endregion
+export { AnimatedCheck as t };

package/dist/api/auth.d.mts

@@ -0,0 +1,4 @@
+import "../logger-BJ2PCtBR.mjs";
+import "../database-ltnXGvKZ.mjs";
+import { a as AuthCaptchaConfig, c as AuthSessionConfig, d as defineAuth, f as defineEndpointRateLimits, i as Auth, l as DefineAuthOptions, n as AccessController, o as AuthConfig, p as defineAuthSchema, r as AuditAction, s as AuthPasskeyConfig, t as AccessControlRoles, u as auditActionSchema } from "../auth-BzQ2oAZ8.mjs";
+export { AccessControlRoles, AccessController, AuditAction, Auth, AuthCaptchaConfig, AuthConfig, AuthPasskeyConfig, AuthSessionConfig, DefineAuthOptions, auditActionSchema, defineAuth, defineAuthSchema, defineEndpointRateLimits };

package/dist/api/auth.mjs

@@ -0,0 +1,276 @@
+import { n as AUTH_BASE_URL, t as AUTH_BASE_PATH } from "../auth-BBivVOI9.mjs";
+import { t as defineAuthSchema } from "../auth-schema-OUnjUQlj.mjs";
+import { passkey } from "@better-auth/passkey";
+import { sso } from "@better-auth/sso";
+import { betterAuth } from "better-auth";
+import { drizzleAdapter } from "better-auth/adapters/drizzle";
+import { admin, anonymous, apiKey, captcha, emailOTP, lastLoginMethod, magicLink, multiSession, phoneNumber, twoFactor, username } from "better-auth/plugins";
+import { z } from "zod";
+
+//#region src/api/auth.ts
+/**
+* Standard audit log actions following OCSF/CADF standards. Zod enum provides
+* both runtime validation and TypeScript type.
+*
+* Actions:
+* - Data ops: INSERT, UPDATE, DELETE, TRUNCATE, SELECT
+* - Auth ops: LOGIN, LOGOUT, LOGIN_FAILED, PASSWORD_CHANGE
+* - Custom: CUSTOM (use customAction field for app-specific events)
+*/
+const auditActionSchema = z.enum([
+	"DELETE",
+	"LOGIN",
+	"LOGOUT",
+	"INSERT",
+	"PASSWORD_CHANGE",
+	"TRUNCATE",
+	"UPDATE"
+]);
+/**
+* Default rate limits for endpoints that trigger costly 3rd party services.
+* 3 requests per 60 seconds to prevent excessive email/SMS costs.
+*/
+const DEFAULT_COSTLY_RATE_LIMITS = {
+	"/send-verification-email": {
+		window: 60,
+		max: 3
+	},
+	"/request-password-reset": {
+		window: 60,
+		max: 3
+	},
+	"/sign-in/magic-link": {
+		window: 60,
+		max: 3
+	},
+	"/email-otp/send-verification-otp": {
+		window: 60,
+		max: 3
+	},
+	"/two-factor/send-otp": {
+		window: 60,
+		max: 3
+	},
+	"/phone-number/send-otp": {
+		window: 60,
+		max: 3
+	}
+};
+/**
+* Creates endpoint-specific rate limit rules by merging user overrides with defaults.
+* User overrides take precedence over defaults.
+*
+* @param overrides - Custom rate limits to override defaults (type-safe for default endpoints).
+* @returns Merged rate limit rules.
+*
+* @see https://www.better-auth.com/docs/concepts/rate-limit
+*
+* @example
+* ```typescript
+* // Use defaults
+* defineEndpointRateLimits()
+*
+* // Override specific endpoint (type-safe)
+* defineEndpointRateLimits({
+*   "/send-verification-email": { window: 120, max: 5 },
+* })
+*
+* // Add custom endpoint
+* defineEndpointRateLimits({
+*   "/custom-endpoint": { window: 30, max: 10 },
+* })
+* ```
+*/
+function defineEndpointRateLimits(overrides) {
+	if (!overrides) return { ...DEFAULT_COSTLY_RATE_LIMITS };
+	return {
+		...DEFAULT_COSTLY_RATE_LIMITS,
+		...overrides
+	};
+}
+/**
+* Defines Better Auth instance from neutral config + server dependencies.
+*/
+function defineAuth(opts) {
+	const { auditLog, config, appName, database, errorURL, hooks, oauth, passkey: passkeyConfig, secret, session } = opts;
+	const plugins = [];
+	if (config.plugins?.admin) plugins.push(admin({
+		defaultRole: config.plugins.admin.defaultRole,
+		adminRoles: config.plugins.admin.adminRoles
+	}));
+	if (config.plugins?.apiKey) plugins.push(apiKey({
+		defaultPrefix: config.plugins.apiKey.defaultPrefix,
+		defaultKeyLength: config.plugins.apiKey.defaultKeyLength,
+		rateLimit: config.plugins.apiKey.rateLimit ? {
+			enabled: true,
+			maxRequests: config.plugins.apiKey.rateLimit.maxRequests,
+			timeWindow: config.plugins.apiKey.rateLimit.timeWindow
+		} : void 0
+	}));
+	if (config.plugins?.twoFactor) plugins.push(twoFactor({
+		issuer: config.plugins.twoFactor.issuer ?? appName,
+		totpOptions: config.plugins.twoFactor.totp ? {
+			digits: config.plugins.twoFactor.totp.digits,
+			period: config.plugins.twoFactor.totp.period
+		} : void 0,
+		backupCodeOptions: config.plugins.twoFactor.backupCodes ? {
+			amount: config.plugins.twoFactor.backupCodes.amount,
+			length: config.plugins.twoFactor.backupCodes.length
+		} : void 0,
+		otpOptions: config.plugins.twoFactor.otp && hooks.send2FAOTP ? { sendOTP: async ({ user, otp }) => hooks.send2FAOTP({
+			email: user.email,
+			otp
+		}) } : void 0
+	}));
+	if (config.methods?.passkey && passkeyConfig) plugins.push(passkey({
+		rpName: appName,
+		rpID: passkeyConfig.rpID,
+		origin: passkeyConfig.origin
+	}));
+	if (config.methods?.magicLink && hooks.sendMagicLink) plugins.push(magicLink({
+		expiresIn: config.methods.magicLink.expiresIn,
+		sendMagicLink: async ({ email, url, token }) => {
+			await hooks.sendMagicLink({
+				email,
+				url,
+				token
+			});
+		}
+	}));
+	if (config.methods?.phoneOtp && hooks.sendPhoneOTP) plugins.push(phoneNumber({
+		otpLength: config.methods.phoneOtp.otpLength,
+		expiresIn: config.methods.phoneOtp.expiresIn,
+		sendOTP: async ({ phoneNumber: phone, code }) => {
+			await hooks.sendPhoneOTP({
+				phoneNumber: phone,
+				otp: code
+			});
+		}
+	}));
+	if (config.methods?.emailOtp && hooks.sendEmailOTP) plugins.push(emailOTP({
+		otpLength: config.methods.emailOtp.otpLength,
+		expiresIn: config.methods.emailOtp.expiresIn,
+		sendVerificationOTP: async ({ email, otp }) => {
+			await hooks.sendEmailOTP({
+				email,
+				otp
+			});
+		}
+	}));
+	if (config.plugins?.username) plugins.push(username({
+		minUsernameLength: config.plugins.username.minUsernameLength,
+		maxUsernameLength: config.plugins.username.maxUsernameLength
+	}));
+	if (config.plugins?.anonymous) plugins.push(anonymous({ emailDomainName: config.plugins.anonymous.emailDomainName }));
+	if (config.plugins?.multiSession) plugins.push(multiSession({ maximumSessions: config.plugins.multiSession.maximumSessions }));
+	if (config.plugins?.sso) plugins.push(sso({
+		providersLimit: config.plugins.sso.providersLimit,
+		trustEmailVerified: config.plugins.sso.trustEmailVerified,
+		domainVerification: config.plugins.sso.domainVerification ? { enabled: true } : void 0
+	}));
+	if (config.plugins?.lastUsedMethod) plugins.push(lastLoginMethod({ storeInDatabase: config.plugins.lastUsedMethod.storeInDatabase }));
+	if (config.plugins?.captcha) {
+		const captchaConfig = opts.captcha;
+		plugins.push(captcha({
+			provider: config.plugins.captcha.provider,
+			secretKey: captchaConfig?.secretKey ?? "",
+			endpoints: config.plugins.captcha.endpoints,
+			minScore: captchaConfig?.minScore
+		}));
+	}
+	const socialProviders = {};
+	if (config.methods?.oauth?.google) socialProviders.google = {
+		clientId: oauth?.google?.clientId ?? process.env.GOOGLE_CLIENT_ID ?? "",
+		clientSecret: oauth?.google?.clientSecret ?? process.env.GOOGLE_CLIENT_SECRET ?? ""
+	};
+	if (config.methods?.oauth?.github) socialProviders.github = {
+		clientId: oauth?.github?.clientId ?? process.env.GITHUB_CLIENT_ID ?? "",
+		clientSecret: oauth?.github?.clientSecret ?? process.env.GITHUB_CLIENT_SECRET ?? ""
+	};
+	if (config.methods?.oauth?.apple) socialProviders.apple = {
+		clientId: oauth?.apple?.clientId ?? process.env.APPLE_CLIENT_ID ?? "",
+		clientSecret: oauth?.apple?.clientSecret ?? process.env.APPLE_CLIENT_SECRET ?? ""
+	};
+	if (config.methods?.oauth?.facebook) socialProviders.facebook = {
+		clientId: oauth?.facebook?.clientId ?? process.env.FACEBOOK_CLIENT_ID ?? "",
+		clientSecret: oauth?.facebook?.clientSecret ?? process.env.FACEBOOK_CLIENT_SECRET ?? ""
+	};
+	const basePath = config.basePath ?? AUTH_BASE_PATH;
+	const baseURL = config.baseURL ?? AUTH_BASE_URL;
+	const auth = betterAuth({
+		onAPIError: { errorURL: errorURL ?? "/login" },
+		account: { accountLinking: {
+			enabled: true,
+			trustedProviders: ["email-password", "google"]
+		} },
+		advanced: {
+			cookiePrefix: appName.replace(/\s+/g, "_").toLowerCase(),
+			database: { generateId: false },
+			ipAddress: {
+				disableIpTracking: false,
+				ipAddressHeaders: [
+					"cf-connecting-ip",
+					"x-client-ip",
+					"x-forwarded-for",
+					"x-real-ip"
+				]
+			}
+		},
+		appName,
+		baseURL: baseURL || void 0,
+		basePath,
+		database: drizzleAdapter(database, {
+			provider: "pg",
+			usePlural: true
+		}),
+		emailAndPassword: config.methods?.emailPassword ? {
+			enabled: true,
+			requireEmailVerification: config.methods.emailPassword.requireEmailVerification,
+			minPasswordLength: config.methods.emailPassword.minPasswordLength,
+			maxPasswordLength: config.methods.emailPassword.maxPasswordLength,
+			sendVerificationEmail: hooks.sendVerificationEmail ? async ({ user, url, token }) => hooks.sendVerificationEmail({
+				email: user.email,
+				url,
+				token
+			}) : void 0,
+			sendResetPassword: hooks.sendResetPasswordEmail ? async ({ user, url, token }) => hooks.sendResetPasswordEmail({
+				email: user.email,
+				url,
+				token
+			}) : void 0
+		} : { enabled: false },
+		emailVerification: hooks.sendVerificationEmail ? {
+			sendVerificationEmail: async ({ user, url, token }) => hooks.sendVerificationEmail({
+				email: user.email,
+				url,
+				token
+			}),
+			sendOnSignUp: config.methods?.emailPassword?.requireEmailVerification ?? false
+		} : void 0,
+		plugins,
+		secret,
+		session: session ? {
+			expiresIn: session.expiresIn,
+			updateAge: session.updateAge,
+			freshAge: session.freshAge
+		} : void 0,
+		socialProviders: Object.keys(socialProviders).length > 0 ? socialProviders : void 0,
+		rateLimit: config.rateLimit === false ? { enabled: false } : {
+			enabled: config.rateLimit?.enabled ?? true,
+			window: config.rateLimit?.window ?? 60,
+			max: config.rateLimit?.max ?? 100,
+			storage: "database",
+			customRules: defineEndpointRateLimits(config.rateLimit?.customRules)
+		}
+	});
+	const excludeTablesSet = new Set(auditLog?.excludeTables ?? []);
+	return Object.assign(auth, {
+		auditLog,
+		shouldAudit(tableName) {
+			return !excludeTablesSet.has(tableName);
+		}
+	});
+}
+
+//#endregion
+export { auditActionSchema, defineAuth, defineAuthSchema, defineEndpointRateLimits };

package/dist/api/cache.d.mts

@@ -0,0 +1,3 @@
+import "../logger-BJ2PCtBR.mjs";
+import { a as RedisClient, i as DefineRedisClientOptions, n as DefineCacheOptions, o as defineRedisClient, r as defineCache, t as Cache } from "../cache-B-TvutDL.mjs";
+export { Cache, DefineCacheOptions, DefineRedisClientOptions, RedisClient, defineCache, defineRedisClient };

package/dist/api/cache.mjs

@@ -0,0 +1,28 @@
+import { t as defineRedisClient } from "../redis-a5sw5J3L.mjs";
+import { createKeyv } from "@keyv/redis";
+
+//#region src/api/cache.ts
+/**
+* Define the cache instance using shared Redis client.
+* Connection is lazy - only connects when first cache operation is performed.
+*
+* Algorithm:
+* 1. Create Redis client using defineRedisClient() (lazy connection)
+* 2. Pass client to createKeyv() - connection happens on first use
+*
+* @param opts - The options for defining the cache.
+* @returns The cache instance.
+*/
+function defineCache({ url, logger, options }) {
+	const cache = createKeyv(defineRedisClient({
+		logger,
+		url
+	}), options);
+	cache.on("error", (err) => {
+		logger.error({ err }, "Cache Keyv error");
+	});
+	return cache;
+}
+
+//#endregion
+export { defineCache, defineRedisClient };

package/dist/{exports/cli/index.d.mts → api/cli.d.mts}

@@ -1,12 +1,13 @@
-import "../auth-BCOIpGDO.mjs";
-import { B as Container } from "../index-Di4PdhuL.mjs";
-import "../orm-D-7F2n1J.mjs";
-import "../instrumentation-CFIspF8-.mjs";
+import "../logger-BJ2PCtBR.mjs";
+import "../database-ltnXGvKZ.mjs";
+import "../auth-BzQ2oAZ8.mjs";
+import "../cache-B-TvutDL.mjs";
+import { n as Container } from "../container-C00pnItg.mjs";
 import { z } from "zod";
 import { ChildProcess } from "node:child_process";
 import * as p from "@clack/prompts";
 
-//#region src/cli/context.d.ts
+//#region src/api/cli/context.d.ts
 /**
  * Command context providing beautiful output, prompts, and utilities.
  * Uses @clack/prompts for consistent, professional CLI formatting.
@@ -182,7 +183,7 @@ interface CommandContext<C extends Container = Container, A = readonly unknown[]
   warn(message: string): void;
 }
 //#endregion
-//#region src/cli/command.d.ts
+//#region src/api/cli/command.d.ts
 /**
  * The command interface.
  */
@@ -232,7 +233,7 @@ declare function defineCommand<C extends Container = Container, ASchema extends
   run: (ctx: CommandContext<C, ASchema extends z.ZodSchema<infer A> ? A : readonly unknown[], OSchema extends z.ZodSchema<infer O> ? O : Record<string, unknown>>) => Promise<void>;
 }): Command<C, ASchema extends z.ZodSchema<infer A> ? A : readonly unknown[], OSchema extends z.ZodSchema<infer O> ? O : Record<string, unknown>>;
 //#endregion
-//#region src/cli/index.d.ts
+//#region src/api/cli/index.d.ts
 /**
  * Bootstraps the application.
  *