arcway 0.1.0

package/server/jobs/drivers/lease.js

@@ -0,0 +1,148 @@
+import pLimit from 'p-limit';
+import { LEASE_HEARTBEAT_INTERVAL_MS, LEASE_EXPIRY_MS } from '../../constants.js';
+import { randomUUID } from 'node:crypto';
+
+class LeaseManager {
+  db;
+  tableName;
+  runnerId;
+  heartbeatTimers = new Map();
+  /** In-memory limiters per job type (used when db is not available) */
+  _limiters = new Map();
+
+  constructor(db, options) {
+    this.db = db ?? null;
+    this.tableName = options?.tableName ?? 'arcway_job_leases';
+    this.runnerId = options?.runnerId ?? randomUUID();
+  }
+
+  /** Create the leases table if it doesn't exist. No-op without a db. */
+  async init() {
+    if (!this.db) return;
+    const exists = await this.db.schema.hasTable(this.tableName);
+    if (!exists) {
+      await this.db.schema.createTable(this.tableName, (table) => {
+        table.increments('id').primary();
+        table.string('qualified_name').notNullable().index();
+        table.integer('job_id').notNullable();
+        table.string('runner_id').notNullable();
+        table.timestamp('acquired_at').notNullable();
+        table.timestamp('heartbeat_at').notNullable();
+      });
+    }
+  }
+
+  /**
+   * Try to acquire a lease for the given job.
+   *
+   * With a DB: cleans up expired leases, checks active count, inserts a row.
+   * Without a DB: uses p-limit for in-memory concurrency tracking.
+   *
+   * @returns true if lease acquired, false if at capacity
+   */
+  async acquire(qualifiedName, jobId, maxConcurrency) {
+    if (!this.db) {
+      return this._acquireInMemory(qualifiedName, maxConcurrency);
+    }
+    return this.db.transaction(async (trx) => {
+      const expiryCutoff = new Date(Date.now() - LEASE_EXPIRY_MS).toISOString();
+      await trx(this.tableName)
+        .where('qualified_name', qualifiedName)
+        .andWhere('heartbeat_at', '<', expiryCutoff)
+        .delete();
+      const result = await trx(this.tableName)
+        .where('qualified_name', qualifiedName)
+        .count('id as count')
+        .first();
+      const activeCount = Number(result?.count ?? 0);
+      if (activeCount >= maxConcurrency) {
+        return false;
+      }
+      const now = new Date().toISOString();
+      await trx(this.tableName).insert({
+        qualified_name: qualifiedName,
+        job_id: jobId,
+        runner_id: this.runnerId,
+        acquired_at: now,
+        heartbeat_at: now,
+      });
+      return true;
+    });
+  }
+
+  _acquireInMemory(qualifiedName, maxConcurrency) {
+    let limiter = this._limiters.get(qualifiedName);
+    if (!limiter) {
+      limiter = { limit: pLimit(maxConcurrency), active: 0 };
+      this._limiters.set(qualifiedName, limiter);
+    }
+    if (limiter.active >= maxConcurrency) {
+      return false;
+    }
+    limiter.active++;
+    return true;
+  }
+
+  /**
+   * Start a heartbeat loop for a job lease.
+   * No-op without a db — in-memory mode doesn't need heartbeats.
+   */
+  startHeartbeat(jobId) {
+    if (!this.db) return;
+    const timer = setInterval(async () => {
+      try {
+        await this.db(this.tableName)
+          .where('job_id', jobId)
+          .andWhere('runner_id', this.runnerId)
+          .update({ heartbeat_at: new Date().toISOString() });
+      } catch {
+        this.stopHeartbeat(jobId);
+      }
+    }, LEASE_HEARTBEAT_INTERVAL_MS);
+    if (timer.unref) timer.unref();
+    this.heartbeatTimers.set(jobId, timer);
+  }
+
+  /** Stop the heartbeat loop for a job. */
+  stopHeartbeat(jobId) {
+    const timer = this.heartbeatTimers.get(jobId);
+    if (timer) {
+      clearInterval(timer);
+      this.heartbeatTimers.delete(jobId);
+    }
+  }
+
+  /** Release a lease after job completion or failure. */
+  async release(jobId, qualifiedName) {
+    this.stopHeartbeat(jobId);
+    if (!this.db) {
+      const limiter = this._limiters.get(qualifiedName);
+      if (limiter && limiter.active > 0) limiter.active--;
+      return;
+    }
+    await this.db(this.tableName)
+      .where('job_id', jobId)
+      .andWhere('runner_id', this.runnerId)
+      .delete();
+  }
+
+  /** Release all leases held by this runner (used during shutdown). */
+  async releaseAll() {
+    for (const [jobId] of this.heartbeatTimers) {
+      this.stopHeartbeat(jobId);
+    }
+    if (this.db) {
+      await this.db(this.tableName).where('runner_id', this.runnerId).delete();
+    }
+    // Reset in-memory limiters
+    for (const limiter of this._limiters.values()) {
+      limiter.active = 0;
+    }
+  }
+
+  /** Get the runner ID for this lease manager instance. */
+  getRunnerId() {
+    return this.runnerId;
+  }
+}
+export default LeaseManager;

package/server/jobs/drivers/memory-queue.js

@@ -0,0 +1,134 @@
+import { buildContext } from '../../context.js';
+import { validateEnqueue, toError, calculateBackoff } from '../queue.js';
+import { MemoryThroughputTracker } from '../throughput.js';
+import LeaseManager from './lease.js';
+
+class JobDispatcher {
+  queue = [];
+  registered = new Map();
+  backoffMs;
+  throughputTracker = new MemoryThroughputTracker();
+  leaseManager;
+
+  constructor(options) {
+    this.backoffMs = options?.backoffMs ?? 1000;
+    this.leaseManager = new LeaseManager(null);
+  }
+
+  register(domain, definition, store) {
+    const qualifiedName = `${domain}/${definition.name}`;
+    this.registered.set(qualifiedName, { domain, definition, store });
+  }
+
+  async enqueue(qualifiedName, payload, options) {
+    const { reg, validatedPayload, maxRetries, delay } = validateEnqueue(
+      qualifiedName,
+      payload,
+      this.registered,
+      options,
+    );
+    const job = {
+      id: `${qualifiedName}:${Date.now()}:${Math.random().toString(36).slice(2, 8)}`,
+      domain: reg.domain,
+      jobName: reg.definition.name,
+      payload: validatedPayload,
+      maxRetries,
+      attempt: 0,
+      runAt: Date.now() + delay,
+      status: 'pending',
+    };
+    this.queue.push(job);
+  }
+
+  async process() {
+    const now = Date.now();
+    const ready = this.queue.filter((j) => j.status === 'pending' && j.runAt <= now);
+    const results = [];
+
+    for (const job of ready) {
+      const qualifiedName = `${job.domain}/${job.jobName}`;
+      const reg = this.registered.get(qualifiedName);
+      if (!reg) {
+        job.status = 'failed';
+        results.push({
+          id: job.id,
+          status: 'failed',
+          error: new Error(`Job definition not found: ${qualifiedName}`),
+          attempts: job.attempt,
+        });
+        continue;
+      }
+
+      if (reg.definition.throughput) {
+        if (!this.throughputTracker.isAllowed(qualifiedName, reg.definition.throughput)) {
+          continue;
+        }
+      }
+
+      if (reg.definition.maxConcurrency !== undefined) {
+        const acquired = this.leaseManager.acquire(
+          qualifiedName,
+          job.id,
+          reg.definition.maxConcurrency,
+        );
+        if (!acquired) continue;
+      }
+
+      const result = await this._executeJob(job, reg, qualifiedName);
+      if (result) results.push(result);
+    }
+
+    this.queue = this.queue.filter((j) => j.status === 'pending');
+    return results;
+  }
+
+  async _executeJob(job, reg, qualifiedName) {
+    job.attempt++;
+    job.status = 'running';
+    const maxAttempts = job.maxRetries + 1;
+
+    try {
+      console.log(`[job] ${qualifiedName} attempt ${job.attempt}/${maxAttempts}`);
+      const ctx = buildContext(reg.store, { payload: job.payload });
+      await reg.definition.handler(ctx);
+      job.status = 'completed';
+      console.log(`[job] ${qualifiedName} completed`);
+      this.throughputTracker.record(qualifiedName);
+      return { id: job.id, status: 'completed', attempts: job.attempt };
+    } catch (err) {
+      const error = toError(err);
+      console.error(
+        `[job] ${qualifiedName} attempt ${job.attempt}/${maxAttempts} failed:`,
+        error.message,
+      );
+
+      if (job.attempt < maxAttempts) {
+        const backoffMs = calculateBackoff(this.backoffMs, job.attempt);
+        job.status = 'pending';
+        job.runAt = Date.now() + backoffMs;
+        console.log(
+          `[job] ${qualifiedName} retrying in ${backoffMs}ms (attempt ${job.attempt + 1}/${maxAttempts})`,
+        );
+        return null;
+      }
+
+      job.status = 'failed';
+      return { id: job.id, status: 'failed', error, attempts: job.attempt };
+    } finally {
+      if (reg.definition.maxConcurrency !== undefined) {
+        await this.leaseManager.release(job.id, qualifiedName);
+      }
+    }
+  }
+
+  get size() {
+    return this.queue.filter((j) => j.status === 'pending').length;
+  }
+
+  async syncSize() {}
+
+  async shutdown() {
+    await this.leaseManager.releaseAll();
+  }
+}
+export default JobDispatcher;

package/server/jobs/queue.js

@@ -0,0 +1,27 @@
+import { validate } from '../validation.js';
+function validateEnqueue(qualifiedName, payload, registered, options) {
+  const reg = registered.get(qualifiedName);
+  if (!reg) {
+    const available = [...registered.keys()];
+    throw new Error(`Unknown job "${qualifiedName}". Registered jobs: [${available.join(', ')}]`);
+  }
+  let validatedPayload = payload;
+  if (reg.definition.schema) {
+    const result = validate(reg.definition.schema, payload);
+    if (!result.success) {
+      const messages = Object.values(result.errors.fieldErrors).flat().join('; ');
+      throw new Error(`Job "${qualifiedName}" payload validation failed: ${messages}`);
+    }
+    validatedPayload = result.data;
+  }
+  const maxRetries = options?.retries ?? reg.definition.retries ?? 0;
+  const delay = options?.delay ?? 0;
+  return { reg, validatedPayload, maxRetries, delay };
+}
+function toError(err) {
+  return err instanceof Error ? err : new Error(String(err));
+}
+function calculateBackoff(baseMs, attempt) {
+  return baseMs * Math.pow(2, attempt - 1);
+}
+export { calculateBackoff, toError, validateEnqueue };

package/server/jobs/runner.js

@@ -0,0 +1,197 @@
+import path from 'node:path';
+import { discoverModules } from '../discovery.js';
+import { buildContext } from '../context.js';
+import { parseCron, matchesCron } from './cron.js';
+import { toError, calculateBackoff } from './queue.js';
+import JobDispatcher from './drivers/memory-queue.js';
+import { SYSTEM_JOB_DOMAIN, registerSystemJobs } from '../system-jobs/index.js';
+
+async function discoverJobs(jobsDir) {
+  const entries = await discoverModules(jobsDir, { recursive: true, label: 'job file' });
+  const jobs = [];
+  for (const { name, filePath, module } of entries) {
+    const job = module.default;
+    if (!job || typeof job !== 'object') {
+      throw new Error(`Job file at ${filePath} must have a default export`);
+    }
+    if (!job.name || typeof job.name !== 'string') {
+      throw new Error(`Job at ${filePath} must export a "name" string`);
+    }
+    if (typeof job.handler !== 'function') {
+      throw new Error(`Job at ${filePath} must export a "handler" function`);
+    }
+    jobs.push({ definition: job, fileName: name });
+  }
+  return jobs;
+}
+
+class JobRunner {
+  _dispatcher;
+  _config;
+  _log;
+  _appContext;
+  _jobs = [];
+  _cronEntries = [];
+  _continuousJobs = [];
+  _timer = null;
+  _started = false;
+  _stopped = false;
+  _lastEnqueuedMinute = new Map();
+
+  constructor(config, { db, queue, cache, files, mail, events, log } = {}) {
+    this._config = config;
+    this._log = log;
+    this._dispatcher = new JobDispatcher({ backoffMs: config?.backoffMs });
+    this._appContext = { db, queue, cache, files, mail, events, log };
+  }
+
+  get dispatcher() {
+    return this._dispatcher;
+  }
+
+  get jobs() {
+    return this._jobs;
+  }
+
+  get running() {
+    return this._started;
+  }
+
+  async init() {
+    const jobsDir = this._config?.jobsDir;
+    if (!jobsDir) return;
+
+    // Discover and register user jobs
+    const discovered = await discoverJobs(jobsDir);
+    for (const { definition, fileName } of discovered) {
+      this._dispatcher.register('app', definition, this._appContext);
+      this._jobs.push({
+        jobName: definition.name,
+        fileName,
+        schedule: definition.schedule,
+        handler: definition.handler,
+      });
+      this._log?.info(`  ${fileName} \u2192 ${definition.name}`);
+    }
+
+    // Register system jobs
+    const systemContext = {
+      db: this._appContext.db,
+      events: { emit: async () => {} },
+      queue: this._appContext.queue?.withNamespace(SYSTEM_JOB_DOMAIN),
+      cache: this._appContext.cache?.withNamespace(SYSTEM_JOB_DOMAIN),
+      files: this._appContext.files?.withNamespace(SYSTEM_JOB_DOMAIN),
+      mail: this._appContext.mail,
+      log: this._log.extend({ logger: SYSTEM_JOB_DOMAIN }),
+    };
+    const systemJobs = registerSystemJobs(this._config, this._dispatcher, systemContext);
+    for (const sj of systemJobs) {
+      this._log?.info(`  ${sj.jobName} (system${sj.schedule ? `, ${sj.schedule}` : ''})`);
+    }
+
+    // Build scheduled and continuous maps
+    for (const job of this._jobs) {
+      if (job.schedule === 'continuous') {
+        this._continuousJobs.push({
+          qualifiedName: `app/${job.jobName}`,
+          handler: job.handler,
+          appContext: this._appContext,
+        });
+      } else if (job.schedule) {
+        this._cronEntries.push({
+          qualifiedName: `app/${job.jobName}`,
+          fields: parseCron(job.schedule),
+        });
+      }
+    }
+    for (const sj of systemJobs) {
+      if (sj.schedule) {
+        this._cronEntries.push({
+          qualifiedName: `${sj.domainName}/${sj.jobName}`,
+          fields: parseCron(sj.schedule),
+        });
+      }
+    }
+  }
+
+  start(intervalMs) {
+    if (this._started) return;
+    this._started = true;
+    this._stopped = false;
+    const pollMs = intervalMs ?? this._config?.pollIntervalMs ?? 60000;
+    this._timer = setInterval(() => {
+      this.tick().catch((err) => {
+        console.error('[job-runner] tick error:', err);
+      });
+    }, pollMs);
+    for (const entry of this._continuousJobs) {
+      this._runContinuousLoop(entry);
+    }
+
+    const parts = [];
+    if (this._cronEntries.length > 0) parts.push(`${this._cronEntries.length} scheduled`);
+    if (this._continuousJobs.length > 0) parts.push(`${this._continuousJobs.length} continuous`);
+    if (parts.length > 0) this._log?.info(`Job runner started (${parts.join(', ')})`);
+  }
+
+  stop() {
+    this._stopped = true;
+    this._started = false;
+    if (this._timer) {
+      clearInterval(this._timer);
+      this._timer = null;
+    }
+  }
+
+  async shutdown() {
+    this.stop();
+    if (this._dispatcher.shutdown) await this._dispatcher.shutdown();
+  }
+
+  async tick(now) {
+    const date = now ?? new Date();
+    const minuteKey = `${date.getFullYear()}-${date.getMonth()}-${date.getDate()}-${date.getHours()}-${date.getMinutes()}`;
+    for (const entry of this._cronEntries) {
+      if (matchesCron(entry.fields, date)) {
+        const lastMinute = this._lastEnqueuedMinute.get(entry.qualifiedName);
+        if (lastMinute === minuteKey) continue;
+        try {
+          await this._dispatcher.enqueue(entry.qualifiedName, void 0);
+          this._lastEnqueuedMinute.set(entry.qualifiedName, minuteKey);
+          console.log(`[job-runner] scheduled: ${entry.qualifiedName}`);
+        } catch (err) {
+          console.error(`[job-runner] failed to enqueue ${entry.qualifiedName}:`, err);
+        }
+      }
+    }
+    await this._dispatcher.process();
+  }
+
+  async _runContinuousLoop(entry) {
+    const backoffMs = this._config?.backoffMs ?? 1000;
+    let consecutiveErrors = 0;
+    console.log(`[job-runner] continuous: ${entry.qualifiedName} started`);
+    while (!this._stopped) {
+      try {
+        const ctx = buildContext(entry.appContext, { payload: void 0 });
+        await entry.handler(ctx);
+        consecutiveErrors = 0;
+      } catch (err) {
+        consecutiveErrors++;
+        const error = toError(err);
+        const delay = calculateBackoff(backoffMs, consecutiveErrors);
+        console.error(
+          `[job-runner] continuous: ${entry.qualifiedName} error (attempt ${consecutiveErrors}), retrying in ${delay}ms:`,
+          error.message,
+        );
+        const deadline = Date.now() + delay;
+        while (!this._stopped && Date.now() < deadline) {
+          await new Promise((r) => setTimeout(r, Math.min(100, deadline - Date.now())));
+        }
+      }
+    }
+    console.log(`[job-runner] continuous: ${entry.qualifiedName} stopped`);
+  }
+}
+
+export { JobRunner, discoverJobs };

package/server/jobs/throughput.js

@@ -0,0 +1,63 @@
+class MemoryThroughputTracker {
+  /** Map of qualifiedName → completion timestamps (epoch ms) */
+  completions = new Map();
+  /**
+   * Record a job completion for throughput tracking.
+   */
+  record(qualifiedName) {
+    const timestamps = this.completions.get(qualifiedName) ?? [];
+    timestamps.push(Date.now());
+    this.completions.set(qualifiedName, timestamps);
+  }
+  /**
+   * Check if a job type is within its throughput budget.
+   *
+   * Returns true if the job can be executed, false if it should be skipped.
+   * When false, the job stays in the queue for the next processing cycle.
+   */
+  isAllowed(qualifiedName, config, now) {
+    const currentTime = now ?? Date.now();
+    const timestamps = this.completions.get(qualifiedName);
+    if (!timestamps || timestamps.length === 0) return true;
+    const cutoff = currentTime - 6e4;
+    const pruned = timestamps.filter((t) => t > cutoff);
+    this.completions.set(qualifiedName, pruned);
+    if (config.maxPerSecond !== void 0) {
+      const secondAgo = currentTime - 1e3;
+      const countInSecond = pruned.filter((t) => t > secondAgo).length;
+      if (countInSecond >= config.maxPerSecond) return false;
+    }
+    if (config.maxPerMinute !== void 0) {
+      const minuteAgo = currentTime - 6e4;
+      const countInMinute = pruned.filter((t) => t > minuteAgo).length;
+      if (countInMinute >= config.maxPerMinute) return false;
+    }
+    return true;
+  }
+}
+async function checkDbThroughput(db, tableName, qualifiedName, config) {
+  if (config.maxPerSecond !== void 0) {
+    const secondAgo = new Date(Date.now() - 1e3).toISOString();
+    const result = await db(tableName)
+      .where('qualified_name', qualifiedName)
+      .where('status', 'completed')
+      .where('updated_at', '>', secondAgo)
+      .count('id as count')
+      .first();
+    const count = Number(result?.count ?? 0);
+    if (count >= config.maxPerSecond) return false;
+  }
+  if (config.maxPerMinute !== void 0) {
+    const minuteAgo = new Date(Date.now() - 6e4).toISOString();
+    const result = await db(tableName)
+      .where('qualified_name', qualifiedName)
+      .where('status', 'completed')
+      .where('updated_at', '>', minuteAgo)
+      .count('id as count')
+      .first();
+    const count = Number(result?.count ?? 0);
+    if (count >= config.maxPerMinute) return false;
+  }
+  return true;
+}
+export { MemoryThroughputTracker, checkDbThroughput };

package/server/lib/vault/encrypt.js

@@ -0,0 +1,40 @@
+import { createCipheriv, createDecipheriv, randomBytes, scryptSync } from 'node:crypto';
+const ALGORITHM = 'aes-256-gcm';
+const IV_LENGTH = 16;
+const AUTH_TAG_LENGTH = 16;
+const SALT_LENGTH = 32;
+const KEY_LENGTH = 32;
+function deriveKey(key, salt) {
+  return scryptSync(key, salt, KEY_LENGTH);
+}
+function encrypt(plaintext, key) {
+  const salt = randomBytes(SALT_LENGTH);
+  const derivedKey = deriveKey(key, salt);
+  const iv = randomBytes(IV_LENGTH);
+  const cipher = createCipheriv(ALGORITHM, derivedKey, iv, { authTagLength: AUTH_TAG_LENGTH });
+  const encrypted = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);
+  const authTag = cipher.getAuthTag();
+  return [
+    salt.toString('hex'),
+    iv.toString('hex'),
+    authTag.toString('hex'),
+    encrypted.toString('hex'),
+  ].join(':');
+}
+function decrypt(ciphertext, key) {
+  const parts = ciphertext.split(':');
+  if (parts.length !== 4) {
+    throw new Error('Invalid ciphertext format');
+  }
+  const [saltHex, ivHex, authTagHex, dataHex] = parts;
+  const salt = Buffer.from(saltHex, 'hex');
+  const iv = Buffer.from(ivHex, 'hex');
+  const authTag = Buffer.from(authTagHex, 'hex');
+  const data = Buffer.from(dataHex, 'hex');
+  const derivedKey = deriveKey(key, salt);
+  const decipher = createDecipheriv(ALGORITHM, derivedKey, iv, { authTagLength: AUTH_TAG_LENGTH });
+  decipher.setAuthTag(authTag);
+  const decrypted = Buffer.concat([decipher.update(data), decipher.final()]);
+  return decrypted.toString('utf8');
+}
+export { decrypt, encrypt };

package/server/lib/vault/ids.js

@@ -0,0 +1,9 @@
+import { randomUUID } from 'node:crypto';
+import { nanoid } from 'nanoid';
+function generateUUID() {
+  return randomUUID();
+}
+function generateNanoId(size) {
+  return nanoid(size);
+}
+export { generateNanoId, generateUUID };

package/server/lib/vault/index.js

@@ -0,0 +1,14 @@
+import { hashPassword, verifyPassword } from './password.js';
+import { generateUUID, generateNanoId } from './ids.js';
+import { encrypt, decrypt } from './encrypt.js';
+import { jwtEncode, jwtDecode } from './jwt.js';
+export {
+  decrypt,
+  encrypt,
+  generateNanoId,
+  generateUUID,
+  hashPassword,
+  jwtDecode,
+  jwtEncode,
+  verifyPassword,
+};

package/server/lib/vault/jwt.js

@@ -0,0 +1,55 @@
+import { SignJWT, jwtVerify, errors } from 'jose';
+function secretToKey(secret) {
+  return new TextEncoder().encode(secret);
+}
+function parseExpiration(expiresIn) {
+  if (typeof expiresIn === 'number') {
+    return `${expiresIn}s`;
+  }
+  return expiresIn;
+}
+async function jwtEncode(payload, secret, options) {
+  if (!secret) {
+    throw new Error('JWT secret is required');
+  }
+  const alg = options?.algorithm ?? 'HS256';
+  const key = secretToKey(secret);
+  let builder = new SignJWT(payload).setProtectedHeader({ alg }).setIssuedAt();
+  if (options?.expiresIn !== void 0) {
+    builder = builder.setExpirationTime(parseExpiration(options.expiresIn));
+  }
+  if (options?.issuer) {
+    builder = builder.setIssuer(options.issuer);
+  }
+  if (options?.audience) {
+    builder = builder.setAudience(options.audience);
+  }
+  return builder.sign(key);
+}
+async function jwtDecode(token, secret, options) {
+  if (!secret) {
+    throw new Error('JWT secret is required');
+  }
+  const key = secretToKey(secret);
+  const algorithms = options?.algorithms ?? ['HS256'];
+  try {
+    const { payload } = await jwtVerify(token, key, {
+      algorithms,
+      issuer: options?.issuer,
+      audience: options?.audience,
+    });
+    return payload;
+  } catch (err) {
+    if (err instanceof errors.JWTExpired) {
+      throw new Error('JWT token has expired');
+    }
+    if (err instanceof errors.JWSSignatureVerificationFailed) {
+      throw new Error('JWT signature verification failed');
+    }
+    if (err instanceof errors.JWTClaimValidationFailed) {
+      throw new Error(`JWT claim validation failed: ${err.message}`);
+    }
+    throw new Error(`JWT verification failed: ${err.message}`);
+  }
+}
+export { jwtDecode, jwtEncode };