authfort-client 0.0.1 → 0.0.2

package/README.md

@@ -0,0 +1,141 @@
+# authfort-client
+
+TypeScript client SDK for AuthFort authentication.
+
+## Install
+
+```bash
+npm install authfort-client
+```
+
+## Quick Start
+
+```typescript
+import { createAuthClient } from 'authfort-client';
+
+const auth = createAuthClient({
+  baseUrl: '/auth',
+  tokenMode: 'cookie', // or 'bearer'
+});
+
+await auth.initialize();
+
+// Sign up / sign in
+await auth.signUp({ email: 'user@example.com', password: 'secret' });
+await auth.signIn({ email: 'user@example.com', password: 'secret' });
+
+// Authenticated fetch (auto-attaches credentials, retries on 401)
+const res = await auth.fetch('/api/profile');
+
+// OAuth
+auth.signInWithProvider('google');
+
+// Listen for auth state changes
+auth.onAuthStateChange((state, user) => {
+  console.log(state, user);
+});
+
+// Sign out
+await auth.signOut();
+```
+
+## React
+
+```tsx
+import { AuthProvider, useAuth } from 'authfort-client/react';
+
+// Wrap your app
+<AuthProvider client={auth}><App /></AuthProvider>
+
+// In components
+function Profile() {
+  const { user, isAuthenticated, client } = useAuth();
+  if (!isAuthenticated) return <p>Not signed in</p>;
+  return <p>Hello {user.email}</p>;
+}
+```
+
+## Vue
+
+```vue
+<script setup>
+import { provideAuth, useAuth } from 'authfort-client/vue';
+
+provideAuth(auth); // in root component
+
+const { user, isAuthenticated } = useAuth(); // in any child
+</script>
+```
+
+## Svelte
+
+```svelte
+<script>
+import { createAuthStore } from 'authfort-client/svelte';
+
+const { user, isAuthenticated, client } = createAuthStore(auth);
+</script>
+
+{#if $isAuthenticated}
+  Hello {$user.email}
+{/if}
+```
+
+## Authenticated Requests
+
+`auth.fetch()` is native `fetch` with auth added — same `RequestInit`, same `Response`. Headers, streaming, AbortController all work as normal.
+
+```typescript
+// JSON POST
+const res = await auth.fetch('/api/data', {
+  method: 'POST',
+  headers: { 'Content-Type': 'application/json' },
+  body: JSON.stringify({ name: 'test' }),
+});
+
+// Streaming
+const stream = await auth.fetch('/api/stream');
+const reader = stream.body.getReader();
+
+// AbortController
+const controller = new AbortController();
+await auth.fetch('/api/slow', { signal: controller.signal });
+```
+
+If a request gets a 401, it automatically refreshes the token and retries once. Multiple concurrent 401s share a single refresh call.
+
+### Using with Axios / TanStack Query (bearer mode)
+
+In cookie mode, any HTTP client works out of the box — the browser sends cookies automatically. In bearer mode, if you prefer your own HTTP client over `auth.fetch()`, use `getToken()` to get a valid token:
+
+```typescript
+// Axios interceptor
+axios.interceptors.request.use(async (config) => {
+  const token = await auth.getToken();
+  if (token) config.headers.Authorization = `Bearer ${token}`;
+  return config;
+});
+
+// TanStack Query
+const { data } = useQuery({
+  queryKey: ['profile'],
+  queryFn: async () => {
+    const token = await auth.getToken();
+    const res = await fetch('/api/profile', {
+      headers: { Authorization: `Bearer ${token}` },
+    });
+    return res.json();
+  },
+});
+```
+
+`getToken()` automatically refreshes if the token is expired, and deduplicates concurrent refresh calls.
+
+## Token Modes
+
+- **cookie** (default) — httponly cookies, JS never touches tokens
+- **bearer** — access token in memory, `Authorization: Bearer` header
+
+## License
+
+[MIT](../LICENSE)

package/dist/client.d.ts

@@ -0,0 +1,7 @@
+/**
+ * AuthFort client — main implementation.
+ */
+import type { AuthClient, AuthClientConfig } from './types';
+/** Create an AuthFort client instance. */
+export declare function createAuthClient(config: AuthClientConfig): AuthClient;
+//# sourceMappingURL=client.d.ts.map

package/dist/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,OAAO,KAAK,EACV,UAAU,EACV,gBAAgB,EAKjB,MAAM,SAAS,CAAC;AAwRjB,0CAA0C;AAC1C,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,gBAAgB,GAAG,UAAU,CAErE"}

package/dist/client.js

@@ -0,0 +1,236 @@
+/**
+ * AuthFort client — main implementation.
+ */
+import { parseErrorResponse } from './errors';
+import { TokenManager } from './token-manager';
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+function mapUser(server) {
+    return {
+        id: server.id,
+        email: server.email,
+        name: server.name ?? undefined,
+        roles: server.roles,
+        emailVerified: server.email_verified,
+        avatarUrl: server.avatar_url ?? undefined,
+        createdAt: server.created_at,
+    };
+}
+// ---------------------------------------------------------------------------
+// Implementation
+// ---------------------------------------------------------------------------
+class AuthClientImpl {
+    constructor(config) {
+        this._state = 'unauthenticated';
+        this._user = null;
+        this._listeners = new Set();
+        this._tokenManager = null;
+        this._baseUrl = config.baseUrl.replace(/\/+$/, '');
+        this._tokenMode = config.tokenMode ?? 'cookie';
+        if (this._tokenMode === 'bearer') {
+            this._tokenManager = new TokenManager(this._baseUrl, config.refreshBuffer ?? 30, (response) => this._setAuthenticated(mapUser(response.user)), () => this._setState('unauthenticated', null));
+        }
+    }
+    async initialize() {
+        this._setState('loading', null);
+        try {
+            if (this._tokenMode === 'bearer') {
+                const result = await this._tokenManager.refresh();
+                if (!result) {
+                    this._setState('unauthenticated', null);
+                }
+                // onRefreshSuccess already called _setAuthenticated
+            }
+            else {
+                // Cookie mode: try /me, then /refresh on 401
+                const meResponse = await fetch(`${this._baseUrl}/me`, {
+                    credentials: 'include',
+                });
+                if (meResponse.ok) {
+                    const serverUser = await meResponse.json();
+                    this._setAuthenticated(mapUser(serverUser));
+                }
+                else if (meResponse.status === 401) {
+                    // Access cookie expired — try refreshing
+                    const refreshResponse = await fetch(`${this._baseUrl}/refresh`, {
+                        method: 'POST',
+                        credentials: 'include',
+                        headers: { 'Content-Type': 'application/json' },
+                        body: JSON.stringify({}),
+                    });
+                    if (refreshResponse.ok) {
+                        const data = await refreshResponse.json();
+                        this._setAuthenticated(mapUser(data.user));
+                    }
+                    else {
+                        this._setState('unauthenticated', null);
+                    }
+                }
+                else {
+                    this._setState('unauthenticated', null);
+                }
+            }
+        }
+        catch {
+            this._setState('unauthenticated', null);
+        }
+    }
+    async getToken() {
+        if (this._tokenMode === 'cookie') {
+            return null;
+        }
+        const token = this._tokenManager.getToken();
+        if (token)
+            return token;
+        // Token expired or absent — try refresh
+        const result = await this._tokenManager.refresh();
+        return result ? result.tokens.access_token : null;
+    }
+    async fetch(url, options = {}) {
+        const doFetch = async () => {
+            const fetchOptions = { ...options };
+            if (this._tokenMode === 'cookie') {
+                fetchOptions.credentials = 'include';
+            }
+            else {
+                const token = await this.getToken();
+                if (token) {
+                    fetchOptions.headers = {
+                        ...fetchOptions.headers,
+                        Authorization: `Bearer ${token}`,
+                    };
+                }
+                fetchOptions.credentials = 'include';
+            }
+            return globalThis.fetch(url, fetchOptions);
+        };
+        let response = await doFetch();
+        // 401 retry: refresh then retry once
+        if (response.status === 401) {
+            let refreshed = false;
+            if (this._tokenMode === 'bearer') {
+                this._tokenManager.clear();
+                const result = await this._tokenManager.refresh();
+                refreshed = result !== null;
+            }
+            else {
+                const refreshResponse = await globalThis.fetch(`${this._baseUrl}/refresh`, {
+                    method: 'POST',
+                    credentials: 'include',
+                    headers: { 'Content-Type': 'application/json' },
+                    body: JSON.stringify({}),
+                });
+                refreshed = refreshResponse.ok;
+            }
+            if (refreshed) {
+                response = await doFetch();
+            }
+            // Still 401 after retry — session is dead
+            if (response.status === 401) {
+                if (this._tokenManager)
+                    this._tokenManager.clear();
+                this._setState('unauthenticated', null);
+            }
+        }
+        return response;
+    }
+    async signUp(data) {
+        const response = await globalThis.fetch(`${this._baseUrl}/signup`, {
+            method: 'POST',
+            credentials: 'include',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify(data),
+        });
+        if (!response.ok) {
+            throw await parseErrorResponse(response);
+        }
+        const result = await response.json();
+        const user = mapUser(result.user);
+        if (this._tokenManager) {
+            this._tokenManager.setTokens(result.tokens.access_token, result.tokens.expires_in);
+        }
+        this._setAuthenticated(user);
+        return user;
+    }
+    async signIn(data) {
+        const response = await globalThis.fetch(`${this._baseUrl}/login`, {
+            method: 'POST',
+            credentials: 'include',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify(data),
+        });
+        if (!response.ok) {
+            throw await parseErrorResponse(response);
+        }
+        const result = await response.json();
+        const user = mapUser(result.user);
+        if (this._tokenManager) {
+            this._tokenManager.setTokens(result.tokens.access_token, result.tokens.expires_in);
+        }
+        this._setAuthenticated(user);
+        return user;
+    }
+    signInWithProvider(provider) {
+        window.location.href = `${this._baseUrl}/oauth/${provider}/authorize`;
+    }
+    async signOut() {
+        try {
+            await globalThis.fetch(`${this._baseUrl}/logout`, {
+                method: 'POST',
+                credentials: 'include',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify({}),
+            });
+        }
+        finally {
+            if (this._tokenManager)
+                this._tokenManager.clear();
+            this._setState('unauthenticated', null);
+        }
+    }
+    async getUser() {
+        const response = await this.fetch(`${this._baseUrl}/me`);
+        if (!response.ok) {
+            throw await parseErrorResponse(response);
+        }
+        const serverUser = await response.json();
+        const user = mapUser(serverUser);
+        this._user = user;
+        return user;
+    }
+    onAuthStateChange(callback) {
+        this._listeners.add(callback);
+        // Fire immediately with current state
+        callback(this._state, this._user);
+        return () => {
+            this._listeners.delete(callback);
+        };
+    }
+    // ---------------------------------------------------------------------------
+    // Private
+    // ---------------------------------------------------------------------------
+    _setAuthenticated(user) {
+        this._setState('authenticated', user);
+    }
+    _setState(state, user) {
+        const changed = this._state !== state || this._user !== user;
+        this._state = state;
+        this._user = user;
+        if (changed) {
+            for (const listener of this._listeners) {
+                try {
+                    listener(state, user);
+                }
+                catch {
+                    // Don't break on listener errors
+                }
+            }
+        }
+    }
+}
+/** Create an AuthFort client instance. */
+export function createAuthClient(config) {
+    return new AuthClientImpl(config);
+}
+//# sourceMappingURL=client.js.map

package/dist/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAmB,kBAAkB,EAAE,MAAM,UAAU,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAU/C,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,SAAS,OAAO,CAAC,MAA0B;IACzC,OAAO;QACL,EAAE,EAAE,MAAM,CAAC,EAAE;QACb,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,IAAI,EAAE,MAAM,CAAC,IAAI,IAAI,SAAS;QAC9B,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,aAAa,EAAE,MAAM,CAAC,cAAc;QACpC,SAAS,EAAE,MAAM,CAAC,UAAU,IAAI,SAAS;QACzC,SAAS,EAAE,MAAM,CAAC,UAAU;KAC7B,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAE9E,MAAM,cAAc;IAWlB,YAAY,MAAwB;QAV5B,WAAM,GAAc,iBAAiB,CAAC;QACtC,UAAK,GAAoB,IAAI,CAAC;QAC9B,eAAU,GAAG,IAAI,GAAG,EAEzB,CAAC;QACI,kBAAa,GAAwB,IAAI,CAAC;QAMhD,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACnD,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,SAAS,IAAI,QAAQ,CAAC;QAE/C,IAAI,IAAI,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;YACjC,IAAI,CAAC,aAAa,GAAG,IAAI,YAAY,CACnC,IAAI,CAAC,QAAQ,EACb,MAAM,CAAC,aAAa,IAAI,EAAE,EAC1B,CAAC,QAAQ,EAAE,EAAE,CAAC,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,EAC5D,GAAG,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAC9C,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,UAAU;QACd,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QAEhC,IAAI,CAAC;YACH,IAAI,IAAI,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;gBACjC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAc,CAAC,OAAO,EAAE,CAAC;gBACnD,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,IAAI,CAAC,SAAS,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC;gBAC1C,CAAC;gBACD,oDAAoD;YACtD,CAAC;iBAAM,CAAC;gBACN,6CAA6C;gBAC7C,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,QAAQ,KAAK,EAAE;oBACpD,WAAW,EAAE,SAAS;iBACvB,CAAC,CAAC;gBAEH,IAAI,UAAU,CAAC,EAAE,EAAE,CAAC;oBAClB,MAAM,UAAU,GAAuB,MAAM,UAAU,CAAC,IAAI,EAAE,CAAC;oBAC/D,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC;gBAC9C,CAAC;qBAAM,IAAI,UAAU,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;oBACrC,yCAAyC;oBACzC,MAAM,eAAe,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,QAAQ,UAAU,EAAE;wBAC9D,MAAM,EAAE,MAAM;wBACd,WAAW,EAAE,SAAS;wBACtB,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;wBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;qBACzB,CAAC,CAAC;oBAEH,IAAI,eAAe,CAAC,EAAE,EAAE,CAAC;wBACvB,MAAM,IAAI,GAAuB,MAAM,eAAe,CAAC,IAAI,EAAE,CAAC;wBAC9D,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;oBAC7C,CAAC;yBAAM,CAAC;wBACN,IAAI,CAAC,SAAS,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC;oBAC1C,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,SAAS,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC;gBAC1C,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,SAAS,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,KAAK,CAAC,QAAQ;QACZ,IAAI,IAAI,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;YACjC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,CAAC,aAAc,CAAC,QAAQ,EAAE,CAAC;QAC7C,IAAI,KAAK;YAAE,OAAO,KAAK,CAAC;QAExB,wCAAwC;QACxC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAc,CAAC,OAAO,EAAE,CAAC;QACnD,OAAO,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC;IACpD,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,GAAW,EAAE,UAAuB,EAAE;QAChD,MAAM,OAAO,GAAG,KAAK,IAAuB,EAAE;YAC5C,MAAM,YAAY,GAAgB,EAAE,GAAG,OAAO,EAAE,CAAC;YAEjD,IAAI,IAAI,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;gBACjC,YAAY,CAAC,WAAW,GAAG,SAAS,CAAC;YACvC,CAAC;iBAAM,CAAC;gBACN,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACpC,IAAI,KAAK,EAAE,CAAC;oBACV,YAAY,CAAC,OAAO,GAAG;wBACrB,GAAG,YAAY,CAAC,OAAO;wBACvB,aAAa,EAAE,UAAU,KAAK,EAAE;qBACjC,CAAC;gBACJ,CAAC;gBACD,YAAY,CAAC,WAAW,GAAG,SAAS,CAAC;YACvC,CAAC;YAED,OAAO,UAAU,CAAC,KAAK,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QAC7C,CAAC,CAAC;QAEF,IAAI,QAAQ,GAAG,MAAM,OAAO,EAAE,CAAC;QAE/B,qCAAqC;QACrC,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,IAAI,SAAS,GAAG,KAAK,CAAC;YAEtB,IAAI,IAAI,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;gBACjC,IAAI,CAAC,aAAc,CAAC,KAAK,EAAE,CAAC;gBAC5B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAc,CAAC,OAAO,EAAE,CAAC;gBACnD,SAAS,GAAG,MAAM,KAAK,IAAI,CAAC;YAC9B,CAAC;iBAAM,CAAC;gBACN,MAAM,eAAe,GAAG,MAAM,UAAU,CAAC,KAAK,CAC5C,GAAG,IAAI,CAAC,QAAQ,UAAU,EAC1B;oBACE,MAAM,EAAE,MAAM;oBACd,WAAW,EAAE,SAAS;oBACtB,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;oBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;iBACzB,CACF,CAAC;gBACF,SAAS,GAAG,eAAe,CAAC,EAAE,CAAC;YACjC,CAAC;YAED,IAAI,SAAS,EAAE,CAAC;gBACd,QAAQ,GAAG,MAAM,OAAO,EAAE,CAAC;YAC7B,CAAC;YAED,0CAA0C;YAC1C,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,IAAI,IAAI,CAAC,aAAa;oBAAE,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,CAAC;gBACnD,IAAI,CAAC,SAAS,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC;YAC1C,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,IAIZ;QACC,MAAM,QAAQ,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,QAAQ,SAAS,EAAE;YACjE,MAAM,EAAE,MAAM;YACd,WAAW,EAAE,SAAS;YACtB,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,MAAM,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,MAAM,GAAuB,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACzD,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAElC,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,IAAI,CAAC,aAAa,CAAC,SAAS,CAC1B,MAAM,CAAC,MAAM,CAAC,YAAY,EAC1B,MAAM,CAAC,MAAM,CAAC,UAAU,CACzB,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;QAC7B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,IAAyC;QACpD,MAAM,QAAQ,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,QAAQ,QAAQ,EAAE;YAChE,MAAM,EAAE,MAAM;YACd,WAAW,EAAE,SAAS;YACtB,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,MAAM,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,MAAM,GAAuB,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACzD,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAElC,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,IAAI,CAAC,aAAa,CAAC,SAAS,CAC1B,MAAM,CAAC,MAAM,CAAC,YAAY,EAC1B,MAAM,CAAC,MAAM,CAAC,UAAU,CACzB,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;QAC7B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,kBAAkB,CAAC,QAAgB;QACjC,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,IAAI,CAAC,QAAQ,UAAU,QAAQ,YAAY,CAAC;IACxE,CAAC;IAED,KAAK,CAAC,OAAO;QACX,IAAI,CAAC;YACH,MAAM,UAAU,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,QAAQ,SAAS,EAAE;gBAChD,MAAM,EAAE,MAAM;gBACd,WAAW,EAAE,SAAS;gBACtB,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;aACzB,CAAC,CAAC;QACL,CAAC;gBAAS,CAAC;YACT,IAAI,IAAI,CAAC,aAAa;gBAAE,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,CAAC;YACnD,IAAI,CAAC,SAAS,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO;QACX,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,QAAQ,KAAK,CAAC,CAAC;QAEzD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,MAAM,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,UAAU,GAAuB,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC7D,MAAM,IAAI,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;QACjC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QAClB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,iBAAiB,CACf,QAA2D;QAE3D,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC9B,sCAAsC;QACtC,QAAQ,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;QAClC,OAAO,GAAG,EAAE;YACV,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACnC,CAAC,CAAC;IACJ,CAAC;IAED,8EAA8E;IAC9E,UAAU;IACV,8EAA8E;IAEtE,iBAAiB,CAAC,IAAc;QACtC,IAAI,CAAC,SAAS,CAAC,eAAe,EAAE,IAAI,CAAC,CAAC;IACxC,CAAC;IAEO,SAAS,CAAC,KAAgB,EAAE,IAAqB;QACvD,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC;QAC7D,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;QACpB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QAClB,IAAI,OAAO,EAAE,CAAC;YACZ,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBACvC,IAAI,CAAC;oBACH,QAAQ,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;gBACxB,CAAC;gBAAC,MAAM,CAAC;oBACP,iCAAiC;gBACnC,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;CACF;AAED,0CAA0C;AAC1C,MAAM,UAAU,gBAAgB,CAAC,MAAwB;IACvD,OAAO,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC;AACpC,CAAC"}

package/dist/errors.d.ts

@@ -0,0 +1,14 @@
+/** Error thrown by AuthFort client operations. */
+export declare class AuthClientError extends Error {
+    /** Server error code (e.g., "invalid_credentials", "user_exists") */
+    readonly code: string;
+    /** HTTP status code from the server response */
+    readonly statusCode: number;
+    constructor(message: string, code: string, statusCode: number);
+}
+/**
+ * Parse an error response from the AuthFort server.
+ * FastAPI wraps errors as { detail: { error, message } }.
+ */
+export declare function parseErrorResponse(response: Response): Promise<AuthClientError>;
+//# sourceMappingURL=errors.d.ts.map

package/dist/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA,kDAAkD;AAClD,qBAAa,eAAgB,SAAQ,KAAK;IACxC,qEAAqE;IACrE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,gDAAgD;IAChD,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;gBAEhB,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM;CAM9D;AAED;;;GAGG;AACH,wBAAsB,kBAAkB,CACtC,QAAQ,EAAE,QAAQ,GACjB,OAAO,CAAC,eAAe,CAAC,CAgB1B"}

package/dist/errors.js

@@ -0,0 +1,24 @@
+/** Error thrown by AuthFort client operations. */
+export class AuthClientError extends Error {
+    constructor(message, code, statusCode) {
+        super(message);
+        this.name = 'AuthClientError';
+        this.code = code;
+        this.statusCode = statusCode;
+    }
+}
+/**
+ * Parse an error response from the AuthFort server.
+ * FastAPI wraps errors as { detail: { error, message } }.
+ */
+export async function parseErrorResponse(response) {
+    try {
+        const body = await response.json();
+        const detail = body.detail ?? body;
+        return new AuthClientError(detail.message ?? response.statusText, detail.error ?? 'unknown_error', response.status);
+    }
+    catch {
+        return new AuthClientError(response.statusText, 'unknown_error', response.status);
+    }
+}
+//# sourceMappingURL=errors.js.map

package/dist/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA,kDAAkD;AAClD,MAAM,OAAO,eAAgB,SAAQ,KAAK;IAMxC,YAAY,OAAe,EAAE,IAAY,EAAE,UAAkB;QAC3D,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;QAC9B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,QAAkB;IAElB,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC;QACnC,OAAO,IAAI,eAAe,CACxB,MAAM,CAAC,OAAO,IAAI,QAAQ,CAAC,UAAU,EACrC,MAAM,CAAC,KAAK,IAAI,eAAe,EAC/B,QAAQ,CAAC,MAAM,CAChB,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,eAAe,CACxB,QAAQ,CAAC,UAAU,EACnB,eAAe,EACf,QAAQ,CAAC,MAAM,CAChB,CAAC;IACJ,CAAC;AACH,CAAC"}

package/{src/index.ts → dist/index.d.ts}

@@ -3,6 +3,7 @@
  *
  * Handles token lifecycle, proactive refresh, and authenticated requests.
  */
-
 export { createAuthClient } from './client';
+export { AuthClientError } from './errors';
 export type { AuthClientConfig, AuthClient, AuthState, AuthUser } from './types';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAC3C,YAAY,EAAE,gBAAgB,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC"}

package/dist/index.js

@@ -0,0 +1,8 @@
+/**
+ * AuthFort Client — TypeScript SDK for AuthFort authentication.
+ *
+ * Handles token lifecycle, proactive refresh, and authenticated requests.
+ */
+export { createAuthClient } from './client';
+export { AuthClientError } from './errors';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC"}

package/dist/react/index.d.ts

@@ -0,0 +1,40 @@
+/**
+ * React hooks for AuthFort.
+ *
+ * Usage:
+ *   import { AuthProvider, useAuth } from 'authfort-client/react';
+ *
+ *   // Wrap your app
+ *   <AuthProvider client={auth}><App /></AuthProvider>
+ *
+ *   // Use in any component
+ *   const { user, isAuthenticated, client } = useAuth();
+ */
+import { type ReactNode } from 'react';
+import type { AuthClient, AuthState, AuthUser } from '../types';
+/** Props for AuthProvider */
+export interface AuthProviderProps {
+    client: AuthClient;
+    children: ReactNode;
+}
+/** Provides the AuthFort client to all child components. */
+export declare function AuthProvider({ client, children }: AuthProviderProps): import("react/jsx-runtime").JSX.Element;
+/** Return type of useAuth() */
+export interface UseAuthReturn {
+    /** Current auth state */
+    state: AuthState;
+    /** Current user (null when not authenticated) */
+    user: AuthUser | null;
+    /** Whether the user is authenticated */
+    isAuthenticated: boolean;
+    /** Whether auth state is being determined */
+    isLoading: boolean;
+    /** The AuthFort client instance (for signIn, signOut, fetch, etc.) */
+    client: AuthClient;
+}
+/**
+ * React hook for AuthFort auth state.
+ * Must be used inside an AuthProvider.
+ */
+export declare function useAuth(): UseAuthReturn;
+//# sourceMappingURL=index.d.ts.map

package/dist/react/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/react/index.tsx"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAKL,KAAK,SAAS,EACf,MAAM,OAAO,CAAC;AACf,OAAO,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AAQhE,6BAA6B;AAC7B,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,UAAU,CAAC;IACnB,QAAQ,EAAE,SAAS,CAAC;CACrB;AAED,4DAA4D;AAC5D,wBAAgB,YAAY,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,iBAAiB,2CAEnE;AAMD,+BAA+B;AAC/B,MAAM,WAAW,aAAa;IAC5B,yBAAyB;IACzB,KAAK,EAAE,SAAS,CAAC;IACjB,iDAAiD;IACjD,IAAI,EAAE,QAAQ,GAAG,IAAI,CAAC;IACtB,wCAAwC;IACxC,eAAe,EAAE,OAAO,CAAC;IACzB,6CAA6C;IAC7C,SAAS,EAAE,OAAO,CAAC;IACnB,sEAAsE;IACtE,MAAM,EAAE,UAAU,CAAC;CACpB;AAED;;;GAGG;AACH,wBAAgB,OAAO,IAAI,aAAa,CAuBvC"}

package/dist/react/index.js

@@ -0,0 +1,48 @@
+import { jsx as _jsx } from "react/jsx-runtime";
+/**
+ * React hooks for AuthFort.
+ *
+ * Usage:
+ *   import { AuthProvider, useAuth } from 'authfort-client/react';
+ *
+ *   // Wrap your app
+ *   <AuthProvider client={auth}><App /></AuthProvider>
+ *
+ *   // Use in any component
+ *   const { user, isAuthenticated, client } = useAuth();
+ */
+import { createContext, useContext, useState, useEffect, } from 'react';
+// ---------------------------------------------------------------------------
+// Context
+// ---------------------------------------------------------------------------
+const AuthContext = createContext(null);
+/** Provides the AuthFort client to all child components. */
+export function AuthProvider({ client, children }) {
+    return _jsx(AuthContext.Provider, { value: client, children: children });
+}
+/**
+ * React hook for AuthFort auth state.
+ * Must be used inside an AuthProvider.
+ */
+export function useAuth() {
+    const client = useContext(AuthContext);
+    if (!client) {
+        throw new Error('useAuth() must be used inside <AuthProvider>');
+    }
+    const [state, setState] = useState('unauthenticated');
+    const [user, setUser] = useState(null);
+    useEffect(() => {
+        return client.onAuthStateChange((s, u) => {
+            setState(s);
+            setUser(u);
+        });
+    }, [client]);
+    return {
+        state,
+        user,
+        isAuthenticated: state === 'authenticated',
+        isLoading: state === 'loading',
+        client,
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/react/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/react/index.tsx"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EACL,aAAa,EACb,UAAU,EACV,QAAQ,EACR,SAAS,GAEV,MAAM,OAAO,CAAC;AAGf,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,MAAM,WAAW,GAAG,aAAa,CAAoB,IAAI,CAAC,CAAC;AAQ3D,4DAA4D;AAC5D,MAAM,UAAU,YAAY,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAqB;IAClE,OAAO,KAAC,WAAW,CAAC,QAAQ,IAAC,KAAK,EAAE,MAAM,YAAG,QAAQ,GAAwB,CAAC;AAChF,CAAC;AAoBD;;;GAGG;AACH,MAAM,UAAU,OAAO;IACrB,MAAM,MAAM,GAAG,UAAU,CAAC,WAAW,CAAC,CAAC;IACvC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IAED,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,QAAQ,CAAY,iBAAiB,CAAC,CAAC;IACjE,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,QAAQ,CAAkB,IAAI,CAAC,CAAC;IAExD,SAAS,CAAC,GAAG,EAAE;QACb,OAAO,MAAM,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YACvC,QAAQ,CAAC,CAAC,CAAC,CAAC;YACZ,OAAO,CAAC,CAAC,CAAC,CAAC;QACb,CAAC,CAAC,CAAC;IACL,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;IAEb,OAAO;QACL,KAAK;QACL,IAAI;QACJ,eAAe,EAAE,KAAK,KAAK,eAAe;QAC1C,SAAS,EAAE,KAAK,KAAK,SAAS;QAC9B,MAAM;KACP,CAAC;AACJ,CAAC"}

package/dist/svelte/index.d.ts

@@ -0,0 +1,34 @@
+/**
+ * Svelte stores for AuthFort.
+ *
+ * Usage:
+ *   import { createAuthStore } from 'authfort-client/svelte';
+ *
+ *   // Create once (e.g., in auth.ts)
+ *   export const authStore = createAuthStore(auth);
+ *
+ *   // Use in components
+ *   const { state, user, isAuthenticated } = authStore;
+ *   {#if $isAuthenticated} Hello {$user.email} {/if}
+ */
+import { type Readable } from 'svelte/store';
+import type { AuthClient, AuthState, AuthUser } from '../types';
+/** Return type of createAuthStore() */
+export interface AuthStore {
+    /** Current auth state (readable store) */
+    state: Readable<AuthState>;
+    /** Current user (readable store, null when not authenticated) */
+    user: Readable<AuthUser | null>;
+    /** Whether the user is authenticated (derived store) */
+    isAuthenticated: Readable<boolean>;
+    /** Whether auth state is being determined (derived store) */
+    isLoading: Readable<boolean>;
+    /** The AuthFort client instance */
+    client: AuthClient;
+}
+/**
+ * Create a Svelte store that tracks AuthFort auth state.
+ * Call once at module level and export for use in components.
+ */
+export declare function createAuthStore(client: AuthClient): AuthStore;
+//# sourceMappingURL=index.d.ts.map

package/dist/svelte/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/svelte/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAqB,KAAK,QAAQ,EAAE,MAAM,cAAc,CAAC;AAChE,OAAO,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AAMhE,uCAAuC;AACvC,MAAM,WAAW,SAAS;IACxB,0CAA0C;IAC1C,KAAK,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC;IAC3B,iEAAiE;IACjE,IAAI,EAAE,QAAQ,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAC;IAChC,wDAAwD;IACxD,eAAe,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC;IACnC,6DAA6D;IAC7D,SAAS,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC7B,mCAAmC;IACnC,MAAM,EAAE,UAAU,CAAC;CACpB;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,UAAU,GAAG,SAAS,CAgB7D"}

package/dist/svelte/index.js

@@ -0,0 +1,34 @@
+/**
+ * Svelte stores for AuthFort.
+ *
+ * Usage:
+ *   import { createAuthStore } from 'authfort-client/svelte';
+ *
+ *   // Create once (e.g., in auth.ts)
+ *   export const authStore = createAuthStore(auth);
+ *
+ *   // Use in components
+ *   const { state, user, isAuthenticated } = authStore;
+ *   {#if $isAuthenticated} Hello {$user.email} {/if}
+ */
+import { writable, derived } from 'svelte/store';
+/**
+ * Create a Svelte store that tracks AuthFort auth state.
+ * Call once at module level and export for use in components.
+ */
+export function createAuthStore(client) {
+    const state = writable('unauthenticated');
+    const user = writable(null);
+    client.onAuthStateChange((s, u) => {
+        state.set(s);
+        user.set(u);
+    });
+    return {
+        state: { subscribe: state.subscribe },
+        user: { subscribe: user.subscribe },
+        isAuthenticated: derived(state, ($s) => $s === 'authenticated'),
+        isLoading: derived(state, ($s) => $s === 'loading'),
+        client,
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/svelte/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/svelte/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAiB,MAAM,cAAc,CAAC;AAqBhE;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,MAAkB;IAChD,MAAM,KAAK,GAAG,QAAQ,CAAY,iBAAiB,CAAC,CAAC;IACrD,MAAM,IAAI,GAAG,QAAQ,CAAkB,IAAI,CAAC,CAAC;IAE7C,MAAM,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAChC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACb,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACd,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,KAAK,EAAE,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAyB;QAC5D,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAA+B;QAChE,eAAe,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,KAAK,eAAe,CAAC;QAC/D,SAAS,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,KAAK,SAAS,CAAC;QACnD,MAAM;KACP,CAAC;AACJ,CAAC"}

package/dist/token-manager.d.ts

@@ -0,0 +1,37 @@
+/**
+ * Token lifecycle manager (bearer mode only).
+ *
+ * Handles:
+ * - In-memory access token storage
+ * - Proactive refresh (before expiry)
+ * - Single refresh promise deduplication
+ */
+import type { ServerAuthResponse } from './types';
+export declare class TokenManager {
+    private readonly _baseUrl;
+    private readonly _refreshBuffer;
+    private readonly _onRefreshSuccess;
+    private readonly _onRefreshFailure;
+    private _accessToken;
+    private _expiresAt;
+    private _refreshTimer;
+    private _refreshPromise;
+    constructor(_baseUrl: string, _refreshBuffer: number, _onRefreshSuccess: (response: ServerAuthResponse) => void, _onRefreshFailure: () => void);
+    /** Returns the current access token, or null if expired/absent. */
+    getToken(): string | null;
+    /** Store a new access token and schedule proactive refresh. */
+    setTokens(accessToken: string, expiresIn: number): void;
+    /** Clear stored token and cancel any scheduled refresh. */
+    clear(): void;
+    /**
+     * Refresh the access token via POST /refresh (using refresh cookie).
+     * Deduplicates concurrent calls — only one fetch in flight at a time.
+     */
+    refresh(): Promise<ServerAuthResponse | null>;
+    /** Cleanup timers. */
+    dispose(): void;
+    private _doRefresh;
+    private _scheduleRefresh;
+    private _cancelRefresh;
+}
+//# sourceMappingURL=token-manager.d.ts.map

package/dist/token-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-manager.d.ts","sourceRoot":"","sources":["../src/token-manager.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAElD,qBAAa,YAAY;IAOrB,OAAO,CAAC,QAAQ,CAAC,QAAQ;IACzB,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAClC,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IATpC,OAAO,CAAC,YAAY,CAAuB;IAC3C,OAAO,CAAC,UAAU,CAAK;IACvB,OAAO,CAAC,aAAa,CAA8C;IACnE,OAAO,CAAC,eAAe,CAAmD;gBAGvD,QAAQ,EAAE,MAAM,EAChB,cAAc,EAAE,MAAM,EACtB,iBAAiB,EAAE,CAAC,QAAQ,EAAE,kBAAkB,KAAK,IAAI,EACzD,iBAAiB,EAAE,MAAM,IAAI;IAGhD,mEAAmE;IACnE,QAAQ,IAAI,MAAM,GAAG,IAAI;IAOzB,+DAA+D;IAC/D,SAAS,CAAC,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI;IAMvD,2DAA2D;IAC3D,KAAK,IAAI,IAAI;IAMb;;;OAGG;IACG,OAAO,IAAI,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;IAanD,sBAAsB;IACtB,OAAO,IAAI,IAAI;YAQD,UAAU;IA0BxB,OAAO,CAAC,gBAAgB;IAUxB,OAAO,CAAC,cAAc;CAMvB"}

package/dist/token-manager.js

@@ -0,0 +1,102 @@
+/**
+ * Token lifecycle manager (bearer mode only).
+ *
+ * Handles:
+ * - In-memory access token storage
+ * - Proactive refresh (before expiry)
+ * - Single refresh promise deduplication
+ */
+export class TokenManager {
+    constructor(_baseUrl, _refreshBuffer, _onRefreshSuccess, _onRefreshFailure) {
+        this._baseUrl = _baseUrl;
+        this._refreshBuffer = _refreshBuffer;
+        this._onRefreshSuccess = _onRefreshSuccess;
+        this._onRefreshFailure = _onRefreshFailure;
+        this._accessToken = null;
+        this._expiresAt = 0;
+        this._refreshTimer = null;
+        this._refreshPromise = null;
+    }
+    /** Returns the current access token, or null if expired/absent. */
+    getToken() {
+        if (this._accessToken && Date.now() < this._expiresAt) {
+            return this._accessToken;
+        }
+        return null;
+    }
+    /** Store a new access token and schedule proactive refresh. */
+    setTokens(accessToken, expiresIn) {
+        this._accessToken = accessToken;
+        this._expiresAt = Date.now() + expiresIn * 1000;
+        this._scheduleRefresh(expiresIn);
+    }
+    /** Clear stored token and cancel any scheduled refresh. */
+    clear() {
+        this._accessToken = null;
+        this._expiresAt = 0;
+        this._cancelRefresh();
+    }
+    /**
+     * Refresh the access token via POST /refresh (using refresh cookie).
+     * Deduplicates concurrent calls — only one fetch in flight at a time.
+     */
+    async refresh() {
+        if (this._refreshPromise) {
+            return this._refreshPromise;
+        }
+        this._refreshPromise = this._doRefresh();
+        try {
+            return await this._refreshPromise;
+        }
+        finally {
+            this._refreshPromise = null;
+        }
+    }
+    /** Cleanup timers. */
+    dispose() {
+        this.clear();
+    }
+    // ---------------------------------------------------------------------------
+    // Private
+    // ---------------------------------------------------------------------------
+    async _doRefresh() {
+        try {
+            const response = await fetch(`${this._baseUrl}/refresh`, {
+                method: 'POST',
+                credentials: 'include',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify({}),
+            });
+            if (!response.ok) {
+                this.clear();
+                this._onRefreshFailure();
+                return null;
+            }
+            const data = await response.json();
+            this.setTokens(data.tokens.access_token, data.tokens.expires_in);
+            this._onRefreshSuccess(data);
+            return data;
+        }
+        catch {
+            this.clear();
+            this._onRefreshFailure();
+            return null;
+        }
+    }
+    _scheduleRefresh(expiresIn) {
+        this._cancelRefresh();
+        const refreshMs = (expiresIn - this._refreshBuffer) * 1000;
+        if (refreshMs > 0) {
+            this._refreshTimer = setTimeout(() => {
+                this.refresh();
+            }, refreshMs);
+        }
+    }
+    _cancelRefresh() {
+        if (this._refreshTimer !== null) {
+            clearTimeout(this._refreshTimer);
+            this._refreshTimer = null;
+        }
+    }
+}
+//# sourceMappingURL=token-manager.js.map

package/dist/token-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-manager.js","sourceRoot":"","sources":["../src/token-manager.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,MAAM,OAAO,YAAY;IAMvB,YACmB,QAAgB,EAChB,cAAsB,EACtB,iBAAyD,EACzD,iBAA6B;QAH7B,aAAQ,GAAR,QAAQ,CAAQ;QAChB,mBAAc,GAAd,cAAc,CAAQ;QACtB,sBAAiB,GAAjB,iBAAiB,CAAwC;QACzD,sBAAiB,GAAjB,iBAAiB,CAAY;QATxC,iBAAY,GAAkB,IAAI,CAAC;QACnC,eAAU,GAAG,CAAC,CAAC;QACf,kBAAa,GAAyC,IAAI,CAAC;QAC3D,oBAAe,GAA8C,IAAI,CAAC;IAOvE,CAAC;IAEJ,mEAAmE;IACnE,QAAQ;QACN,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;YACtD,OAAO,IAAI,CAAC,YAAY,CAAC;QAC3B,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,+DAA+D;IAC/D,SAAS,CAAC,WAAmB,EAAE,SAAiB;QAC9C,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC;QAChC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,IAAI,CAAC;QAChD,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;IACnC,CAAC;IAED,2DAA2D;IAC3D,KAAK;QACH,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;QACzB,IAAI,CAAC,UAAU,GAAG,CAAC,CAAC;QACpB,IAAI,CAAC,cAAc,EAAE,CAAC;IACxB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,OAAO;QACX,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC,eAAe,CAAC;QAC9B,CAAC;QAED,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACzC,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,eAAe,CAAC;QACpC,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,OAAO;QACL,IAAI,CAAC,KAAK,EAAE,CAAC;IACf,CAAC;IAED,8EAA8E;IAC9E,UAAU;IACV,8EAA8E;IAEtE,KAAK,CAAC,UAAU;QACtB,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,QAAQ,UAAU,EAAE;gBACvD,MAAM,EAAE,MAAM;gBACd,WAAW,EAAE,SAAS;gBACtB,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;aACzB,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,IAAI,CAAC,KAAK,EAAE,CAAC;gBACb,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBACzB,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,IAAI,GAAuB,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACvD,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YACjE,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;YAC7B,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,KAAK,EAAE,CAAC;YACb,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAEO,gBAAgB,CAAC,SAAiB;QACxC,IAAI,CAAC,cAAc,EAAE,CAAC;QACtB,MAAM,SAAS,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC;QAC3D,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;YAClB,IAAI,CAAC,aAAa,GAAG,UAAU,CAAC,GAAG,EAAE;gBACnC,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,CAAC,EAAE,SAAS,CAAC,CAAC;QAChB,CAAC;IACH,CAAC;IAEO,cAAc;QACpB,IAAI,IAAI,CAAC,aAAa,KAAK,IAAI,EAAE,CAAC;YAChC,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YACjC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;QAC5B,CAAC;IACH,CAAC;CACF"}

package/dist/types.d.ts

@@ -0,0 +1,75 @@
+/** Configuration for creating an AuthFort client. */
+export interface AuthClientConfig {
+    /** Base URL of the auth server (e.g., "https://myapp.com/auth") */
+    baseUrl: string;
+    /**
+     * Token delivery mode.
+     * - `'cookie'` — server sets httponly cookies, JS never touches tokens (default)
+     * - `'bearer'` — access token stored in memory, sent via Authorization header
+     */
+    tokenMode?: 'cookie' | 'bearer';
+    /** Seconds before expiry to trigger proactive refresh (default: 30) */
+    refreshBuffer?: number;
+}
+/** Authentication state */
+export type AuthState = 'authenticated' | 'unauthenticated' | 'loading';
+/** Authenticated user data (camelCase) */
+export interface AuthUser {
+    id: string;
+    email: string;
+    name?: string;
+    roles: string[];
+    emailVerified: boolean;
+    avatarUrl?: string;
+    createdAt: string;
+}
+/** Auth client interface */
+export interface AuthClient {
+    /** Check for an existing session on app startup or after OAuth redirect. */
+    initialize(): Promise<void>;
+    /** Get a valid access token. Returns null in cookie mode. */
+    getToken(): Promise<string | null>;
+    /** Make an authenticated fetch request (auto-attaches token, handles 401 retry) */
+    fetch(url: string, options?: RequestInit): Promise<Response>;
+    /** Get current user data */
+    getUser(): Promise<AuthUser>;
+    /** Sign up with email and password */
+    signUp(data: {
+        email: string;
+        password: string;
+        name?: string;
+    }): Promise<AuthUser>;
+    /** Sign in with email and password */
+    signIn(data: {
+        email: string;
+        password: string;
+    }): Promise<AuthUser>;
+    /** Sign in with OAuth provider (redirects the browser) */
+    signInWithProvider(provider: string): void;
+    /** Sign out */
+    signOut(): Promise<void>;
+    /** Subscribe to auth state changes. Returns unsubscribe function. */
+    onAuthStateChange(callback: (state: AuthState, user: AuthUser | null) => void): () => void;
+}
+/** Token response from server */
+export interface AuthTokens {
+    access_token: string;
+    refresh_token: string;
+    expires_in: number;
+}
+/** User response from server (snake_case) */
+export interface ServerUserResponse {
+    id: string;
+    email: string;
+    name: string | null;
+    email_verified: boolean;
+    avatar_url: string | null;
+    roles: string[];
+    created_at: string;
+}
+/** Full auth response from server (signup/login/refresh) */
+export interface ServerAuthResponse {
+    user: ServerUserResponse;
+    tokens: AuthTokens;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,qDAAqD;AACrD,MAAM,WAAW,gBAAgB;IAC/B,mEAAmE;IACnE,OAAO,EAAE,MAAM,CAAC;IAEhB;;;;OAIG;IACH,SAAS,CAAC,EAAE,QAAQ,GAAG,QAAQ,CAAC;IAEhC,uEAAuE;IACvE,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,2BAA2B;AAC3B,MAAM,MAAM,SAAS,GAAG,eAAe,GAAG,iBAAiB,GAAG,SAAS,CAAC;AAExE,0CAA0C;AAC1C,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,aAAa,EAAE,OAAO,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,4BAA4B;AAC5B,MAAM,WAAW,UAAU;IACzB,4EAA4E;IAC5E,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAE5B,6DAA6D;IAC7D,QAAQ,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAEnC,mFAAmF;IACnF,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAE7D,4BAA4B;IAC5B,OAAO,IAAI,OAAO,CAAC,QAAQ,CAAC,CAAC;IAE7B,sCAAsC;IACtC,MAAM,CAAC,IAAI,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAEpF,sCAAsC;IACtC,MAAM,CAAC,IAAI,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAErE,0DAA0D;IAC1D,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IAE3C,eAAe;IACf,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAEzB,qEAAqE;IACrE,iBAAiB,CACf,QAAQ,EAAE,CAAC,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,GAAG,IAAI,KAAK,IAAI,GAC1D,MAAM,IAAI,CAAC;CACf;AAMD,iCAAiC;AACjC,MAAM,WAAW,UAAU;IACzB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,6CAA6C;AAC7C,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,4DAA4D;AAC5D,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,kBAAkB,CAAC;IACzB,MAAM,EAAE,UAAU,CAAC;CACpB"}

package/dist/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}

package/dist/vue/index.d.ts

@@ -0,0 +1,35 @@
+/**
+ * Vue composables for AuthFort.
+ *
+ * Usage:
+ *   import { provideAuth, useAuth } from 'authfort-client/vue';
+ *
+ *   // In root component setup
+ *   provideAuth(auth);
+ *
+ *   // In any child component
+ *   const { user, isAuthenticated, client } = useAuth();
+ */
+import { type Ref, type ComputedRef } from 'vue';
+import type { AuthClient, AuthState, AuthUser } from '../types';
+/** Provide the AuthFort client to all descendant components. Call in root component's setup. */
+export declare function provideAuth(client: AuthClient): void;
+/** Return type of useAuth() */
+export interface UseAuthReturn {
+    /** Current auth state (readonly ref) */
+    state: Readonly<Ref<AuthState>>;
+    /** Current user (readonly ref, null when not authenticated) */
+    user: Readonly<Ref<AuthUser | null>>;
+    /** Whether the user is authenticated */
+    isAuthenticated: ComputedRef<boolean>;
+    /** Whether auth state is being determined */
+    isLoading: ComputedRef<boolean>;
+    /** The AuthFort client instance */
+    client: AuthClient;
+}
+/**
+ * Vue composable for AuthFort auth state.
+ * Must be called inside a component whose ancestor called provideAuth().
+ */
+export declare function useAuth(): UseAuthReturn;
+//# sourceMappingURL=index.d.ts.map

package/dist/vue/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/vue/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAOL,KAAK,GAAG,EACR,KAAK,WAAW,EAEjB,MAAM,KAAK,CAAC;AACb,OAAO,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AAYhE,gGAAgG;AAChG,wBAAgB,WAAW,CAAC,MAAM,EAAE,UAAU,GAAG,IAAI,CAEpD;AAMD,+BAA+B;AAC/B,MAAM,WAAW,aAAa;IAC5B,wCAAwC;IACxC,KAAK,EAAE,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC;IAChC,+DAA+D;IAC/D,IAAI,EAAE,QAAQ,CAAC,GAAG,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAC;IACrC,wCAAwC;IACxC,eAAe,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;IACtC,6CAA6C;IAC7C,SAAS,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;IAChC,mCAAmC;IACnC,MAAM,EAAE,UAAU,CAAC;CACpB;AAED;;;GAGG;AACH,wBAAgB,OAAO,IAAI,aAAa,CAuBvC"}

package/dist/vue/index.js

@@ -0,0 +1,49 @@
+/**
+ * Vue composables for AuthFort.
+ *
+ * Usage:
+ *   import { provideAuth, useAuth } from 'authfort-client/vue';
+ *
+ *   // In root component setup
+ *   provideAuth(auth);
+ *
+ *   // In any child component
+ *   const { user, isAuthenticated, client } = useAuth();
+ */
+import { ref, readonly, computed, inject, provide, onUnmounted, } from 'vue';
+// ---------------------------------------------------------------------------
+// Injection key
+// ---------------------------------------------------------------------------
+const AUTH_KEY = Symbol('authfort');
+// ---------------------------------------------------------------------------
+// Provider
+// ---------------------------------------------------------------------------
+/** Provide the AuthFort client to all descendant components. Call in root component's setup. */
+export function provideAuth(client) {
+    provide(AUTH_KEY, client);
+}
+/**
+ * Vue composable for AuthFort auth state.
+ * Must be called inside a component whose ancestor called provideAuth().
+ */
+export function useAuth() {
+    const client = inject(AUTH_KEY);
+    if (!client) {
+        throw new Error('useAuth() requires provideAuth() in a parent component');
+    }
+    const state = ref('unauthenticated');
+    const user = ref(null);
+    const unsubscribe = client.onAuthStateChange((s, u) => {
+        state.value = s;
+        user.value = u;
+    });
+    onUnmounted(unsubscribe);
+    return {
+        state: readonly(state),
+        user: readonly(user),
+        isAuthenticated: computed(() => state.value === 'authenticated'),
+        isLoading: computed(() => state.value === 'loading'),
+        client,
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/vue/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/vue/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EACL,GAAG,EACH,QAAQ,EACR,QAAQ,EACR,MAAM,EACN,OAAO,EACP,WAAW,GAIZ,MAAM,KAAK,CAAC;AAGb,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAE9E,MAAM,QAAQ,GAA6B,MAAM,CAAC,UAAU,CAAC,CAAC;AAE9D,8EAA8E;AAC9E,WAAW;AACX,8EAA8E;AAE9E,gGAAgG;AAChG,MAAM,UAAU,WAAW,CAAC,MAAkB;IAC5C,OAAO,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;AAC5B,CAAC;AAoBD;;;GAGG;AACH,MAAM,UAAU,OAAO;IACrB,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC;IAChC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;IAC5E,CAAC;IAED,MAAM,KAAK,GAAG,GAAG,CAAY,iBAAiB,CAAC,CAAC;IAChD,MAAM,IAAI,GAAG,GAAG,CAAkB,IAAI,CAAC,CAAC;IAExC,MAAM,WAAW,GAAG,MAAM,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACpD,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC;QAChB,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC;IACjB,CAAC,CAAC,CAAC;IAEH,WAAW,CAAC,WAAW,CAAC,CAAC;IAEzB,OAAO;QACL,KAAK,EAAE,QAAQ,CAAC,KAAK,CAAC;QACtB,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAmC;QACtD,eAAe,EAAE,QAAQ,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,KAAK,KAAK,eAAe,CAAC;QAChE,SAAS,EAAE,QAAQ,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,KAAK,KAAK,SAAS,CAAC;QACpD,MAAM;KACP,CAAC;AACJ,CAAC"}

package/package.json

@@ -1,10 +1,11 @@
 {
   "name": "authfort-client",
-  "version": "0.0.1",
+  "version": "0.0.2",
   "description": "TypeScript client SDK for AuthFort authentication",
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
+  "files": ["dist"],
   "exports": {
     ".": {
       "import": "./dist/index.js",
@@ -25,12 +26,37 @@
   },
   "scripts": {
     "build": "tsc",
-    "dev": "tsc --watch"
+    "dev": "tsc --watch",
+    "test": "vitest run",
+    "test:watch": "vitest"
+  },
+  "peerDependencies": {
+    "react": ">=18",
+    "vue": ">=3",
+    "svelte": ">=4"
+  },
+  "peerDependenciesMeta": {
+    "react": { "optional": true },
+    "vue": { "optional": true },
+    "svelte": { "optional": true }
+  },
+  "keywords": ["auth", "authentication", "jwt", "oauth", "typescript"],
+  "author": "Bhagyajit Jagdev",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/bhagyajitjagdev/authfort"
   },
-  "keywords": [],
-  "author": "",
-  "license": "ISC",
   "devDependencies": {
-    "typescript": "^5.9.3"
+    "@testing-library/react": "^16.3.2",
+    "@types/react": "^19.2.14",
+    "@vue/test-utils": "^2.4.6",
+    "jsdom": "^28.1.0",
+    "react": "^19.2.4",
+    "react-dom": "^19.2.4",
+    "svelte": "^5.51.3",
+    "typescript": "^5.9.3",
+    "vitest": "^4.0.18",
+    "vue": "^3.5.28"
   }
 }

package/CLAUDE.md

@@ -1,45 +0,0 @@
-# AuthFort Client — AI Reference
-
-## Commands (User Runs These)
-
-```bash
-# Install dependencies
-npm install
-
-# Build
-npm run build
-
-# Watch mode
-npm run dev
-```
-
-## Structure
-
-```
-client/
-├── package.json
-├── tsconfig.json
-└── src/
-    ├── index.ts              # Public API exports
-    ├── types.ts              # TypeScript interfaces
-    ├── client.ts             # createAuthClient factory
-    ├── token-manager.ts      # Token lifecycle (refresh, dedup)
-    ├── react/index.ts        # React hooks (useAuth)
-    ├── vue/index.ts          # Vue composables
-    └── svelte/index.ts       # Svelte stores
-```
-
-## Purpose
-
-TypeScript SDK for frontend apps. Handles:
-- Token storage and retrieval
-- Proactive refresh (30s before expiry)
-- Refresh promise deduplication (concurrent calls share one refresh)
-- 401 retry (for immediate role invalidation)
-- Auth state management (authenticated/unauthenticated/loading)
-
-## Constraints
-
-- **No server-side code** — this is a client-side SDK
-- **Framework-agnostic core** — React/Vue/Svelte are optional exports
-- **Never store tokens insecurely** — httponly cookies for web, secure storage guidance for mobile

package/src/client.ts

@@ -1,10 +0,0 @@
-/**
- * AuthFort client factory — creates an auth client instance.
- */
-
-import type { AuthClientConfig, AuthClient } from './types';
-
-export function createAuthClient(_config: AuthClientConfig): AuthClient {
-  // TODO: Implement in Phase 4
-  throw new Error('Not yet implemented');
-}

package/src/react/index.ts

@@ -1,5 +0,0 @@
-/**
- * React hooks for AuthFort.
- *
- * Provides useAuth() and useSession() hooks.
- */

package/src/svelte/index.ts

@@ -1,3 +0,0 @@
-/**
- * Svelte stores for AuthFort.
- */

package/src/token-manager.ts

@@ -1,8 +0,0 @@
-/**
- * Token lifecycle manager.
- *
- * Handles:
- * - Proactive refresh (before expiry)
- * - Single refresh promise deduplication
- * - Token storage
- */

package/src/types.ts

@@ -1,51 +0,0 @@
-/** Configuration for creating an AuthFort client. */
-export interface AuthClientConfig {
-  /** Base URL of the auth server (e.g., "https://myapp.com/auth") */
-  baseUrl: string;
-
-  /** Token delivery mode */
-  tokenMode?: 'cookie' | 'bearer' | 'both';
-
-  /** Seconds before expiry to trigger proactive refresh (default: 30) */
-  refreshBuffer?: number;
-}
-
-/** Authentication state */
-export type AuthState = 'authenticated' | 'unauthenticated' | 'loading';
-
-/** Authenticated user data */
-export interface AuthUser {
-  id: string;
-  email: string;
-  name?: string;
-  roles: string[];
-  emailVerified: boolean;
-  avatarUrl?: string;
-}
-
-/** Auth client interface */
-export interface AuthClient {
-  /** Get a valid access token (refreshes if needed) */
-  getToken(): Promise<string>;
-
-  /** Make an authenticated fetch request (auto-attaches token, handles 401 retry) */
-  fetch(url: string, options?: RequestInit): Promise<Response>;
-
-  /** Get current user data */
-  getUser(): Promise<AuthUser>;
-
-  /** Sign up with email and password */
-  signUp(data: { email: string; password: string; name?: string }): Promise<AuthUser>;
-
-  /** Sign in with email and password */
-  signIn(data: { email: string; password: string }): Promise<AuthUser>;
-
-  /** Sign in with OAuth provider (redirects) */
-  signInWithProvider(provider: string): void;
-
-  /** Sign out */
-  signOut(): Promise<void>;
-
-  /** Subscribe to auth state changes */
-  onAuthStateChange(callback: (state: AuthState) => void): () => void;
-}

package/src/vue/index.ts

@@ -1,5 +0,0 @@
-/**
- * Vue composables for AuthFort.
- *
- * Provides useAuth() and useSession() composables.
- */

package/tsconfig.json

@@ -1,21 +0,0 @@
-{
-  "compilerOptions": {
-    "target": "ES2020",
-    "module": "ESNext",
-    "moduleResolution": "bundler",
-    "lib": ["ES2020", "DOM"],
-    "outDir": "dist",
-    "rootDir": "src",
-    "declaration": true,
-    "declarationMap": true,
-    "sourceMap": true,
-    "strict": true,
-    "esModuleInterop": true,
-    "skipLibCheck": true,
-    "forceConsistentCasingInFileNames": true,
-    "isolatedModules": true,
-    "jsx": "react-jsx"
-  },
-  "include": ["src"],
-  "exclude": ["node_modules", "dist"]
-}