npm - canopycms-auth-dev - Versions diffs - 0.0.0 - Mend

canopycms-auth-dev 0.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (38) hide show

package/README.md +324 -0
package/dist/UserSwitcherButton.d.ts +4 -0
package/dist/UserSwitcherButton.js +23 -0
package/dist/UserSwitcherButton.js.map +1 -0
package/dist/UserSwitcherModal.d.ts +10 -0
package/dist/UserSwitcherModal.js +19 -0
package/dist/UserSwitcherModal.js.map +1 -0
package/dist/cache-writer.d.ts +22 -0
package/dist/cache-writer.js +42 -0
package/dist/cache-writer.js.map +1 -0
package/dist/client.d.ts +18 -0
package/dist/client.js +32 -0
package/dist/client.js.map +1 -0
package/dist/cookie-utils.d.ts +20 -0
package/dist/cookie-utils.js +39 -0
package/dist/cookie-utils.js.map +1 -0
package/dist/dev-plugin.d.ts +71 -0
package/dist/dev-plugin.js +168 -0
package/dist/dev-plugin.js.map +1 -0
package/dist/dev-plugin.test.d.ts +1 -0
package/dist/dev-plugin.test.js +382 -0
package/dist/dev-plugin.test.js.map +1 -0
package/dist/index.d.ts +5 -0
package/dist/index.js +4 -0
package/dist/index.js.map +1 -0
package/dist/jwt-verifier.d.ts +12 -0
package/dist/jwt-verifier.js +41 -0
package/dist/jwt-verifier.js.map +1 -0
package/package.json +62 -0
package/src/UserSwitcherButton.tsx +46 -0
package/src/UserSwitcherModal.tsx +63 -0
package/src/cache-writer.ts +61 -0
package/src/client.ts +34 -0
package/src/cookie-utils.ts +44 -0
package/src/dev-plugin.test.ts +470 -0
package/src/dev-plugin.ts +241 -0
package/src/index.ts +11 -0
package/src/jwt-verifier.ts +46 -0

package/README.md ADDED Viewed

@@ -0,0 +1,324 @@
+# canopycms-auth-dev
+Development-only authentication provider for CanopyCMS that allows testing the CMS without setting up a real auth provider like Clerk.
+**⚠️ Development Only**: This package throws an error if `NODE_ENV === 'production'`. Never use it in production.
+## Features
+- **Zero configuration**: Works out of the box with 5 default users
+- **UI-based user switching**: Click avatar to switch between users in the editor
+- **Test compatibility**: Supports `X-Test-User` header for Playwright tests
+- **Group-based permissions**: Test team-based access control with external groups
+- **Internal groups**: Configure reserved groups (Admins, Reviewers) via `.canopycms/groups.json`
+## Installation
+```bash
+npm install canopycms-auth-dev
+```
+## Quick Start
+### 1. Server-side Setup
+Replace your auth plugin in the API route:
+```ts
+// app/lib/canopy.ts
+import { createNextCanopyContext } from 'canopycms-next'
+import { createDevAuthPlugin } from 'canopycms-auth-dev'
+import configBundle from '../../canopycms.config'
+const { handler } = createNextCanopyContext({
+  config: configBundle.server,
+  authPlugin: createDevAuthPlugin(),
+})
+export { handler }
+```
+### 2. Client-side Setup
+Use the dev auth hook in your edit page:
+```tsx
+// app/edit/page.tsx
+'use client'
+import { useDevAuthConfig } from 'canopycms-auth-dev/client'
+import { NextCanopyEditorPage } from 'canopycms-next/client'
+import config from '../../canopycms.config'
+export default function EditPage() {
+  const devAuth = useDevAuthConfig()
+  const clientConfig = config.client(devAuth)
+  const EditorPage = NextCanopyEditorPage(clientConfig)
+  return <EditorPage />
+}
+```
+### 3. Configure Bootstrap Admins
+Add admin1's user ID to your config:
+```ts
+// canopycms.config.ts
+export default defineCanopyConfig({
+  // ... other config
+  bootstrapAdminIds: ['dev_admin_3xY6zW1qR5'], // admin1
+})
+```
+### 4. Create Internal Groups (Optional)
+For Reviewers and other internal groups, create `.canopycms/groups.json`:
+```json
+{
+  "version": 1,
+  "updatedAt": "2024-01-01T00:00:00.000Z",
+  "updatedBy": "canopycms-system",
+  "groups": [
+    {
+      "id": "Reviewers",
+      "name": "Reviewers",
+      "description": "Users who can review and approve branches",
+      "members": ["dev_reviewer_9aB4cD2eF7"]
+    }
+  ]
+}
+```
+## Default Users
+The plugin comes with 5 pre-configured users:
+| User         | ID                        | Email                   | External Groups        |
+| ------------ | ------------------------- | ----------------------- | ---------------------- |
+| User One     | `dev_user1_2nK8mP4xL9`    | user1@localhost.dev     | team-a, team-b         |
+| User Two     | `dev_user2_7qR3tY6wN2`    | user2@localhost.dev     | team-b                 |
+| User Three   | `dev_user3_5vS1pM8kJ4`    | user3@localhost.dev     | team-c                 |
+| Reviewer One | `dev_reviewer_9aB4cD2eF7` | reviewer1@localhost.dev | team-a                 |
+| Admin One    | `dev_admin_3xY6zW1qR5`    | admin1@localhost.dev    | team-a, team-b, team-c |
+**Note**: admin1 gets the 'Admins' group via `bootstrapAdminIds` config, not from external groups.
+## User Switching
+### In the UI
+1. Open the editor (`/edit`)
+2. Click the avatar button in the top-right
+3. Select a user from the modal
+4. Page reloads with the new user
+### In Tests (Playwright)
+Send the `X-Test-User` header with one of these values:
+```ts
+// In your test
+await page.setExtraHTTPHeaders({
+  'X-Test-User': 'admin', // Maps to admin1 (dev_admin_3xY6zW1qR5)
+})
+```
+Test user mappings:
+- `admin` → admin1 (dev_admin_3xY6zW1qR5)
+- `editor` → user1 (dev_user1_2nK8mP4xL9)
+- `viewer` → user2 (dev_user2_7qR3tY6wN2)
+- `reviewer` → reviewer1 (dev_reviewer_9aB4cD2eF7)
+## Configuration
+Customize users and groups:
+```ts
+import { createDevAuthPlugin } from 'canopycms-auth-dev'
+const authPlugin = createDevAuthPlugin({
+  defaultUserId: 'dev_user1_2nK8mP4xL9', // user1
+  users: [
+    {
+      userId: 'custom_user1',
+      name: 'Custom User',
+      email: 'custom@example.com',
+      externalGroups: ['team-x'],
+    },
+  ],
+  groups: [{ id: 'team-x', name: 'Team X', description: 'Custom team' }],
+})
+```
+## How It Works
+### Authentication Flow
+1. **Request arrives** → Plugin checks for user identifier
+2. **Priority order**:
+   - `X-Test-User` header (for tests)
+   - `x-dev-user-id` header (custom)
+   - `canopy-dev-user` cookie (from UI)
+   - Default user (user1)
+3. **User lookup** → Find user in config
+4. **Groups assigned**:
+   - External groups (from auth plugin)
+   - Bootstrap admin groups (from config)
+   - Internal groups (from `.canopycms/groups.json`)
+### Group Types
+- **External groups**: Returned by auth plugin (e.g., team-a, team-b, team-c)
+- **Bootstrap admins**: Added automatically from `bootstrapAdminIds` config
+- **Internal groups**: Loaded from `.canopycms/groups.json` (managed by admins via UI)
+### Reserved Groups
+- **`Admins`**: Full access to all CMS operations
+- **`Reviewers`**: Can review branches, request changes, approve PRs
+## API
+### `createDevAuthPlugin(config?)`
+Factory function that creates a dev auth plugin.
+**Parameters:**
+- `config.users?` - Custom user list
+- `config.groups?` - Custom group list
+- `config.defaultUserId?` - Default user when none specified
+**Returns:** `AuthPlugin`
+### `useDevAuthConfig()`
+React hook that provides editor configuration with user switcher.
+**Returns:** `Pick<CanopyClientConfig, 'editor'>`
+### Exports
+```ts
+// Server-side
+export { createDevAuthPlugin, DevAuthPlugin, DEFAULT_USERS, DEFAULT_GROUPS }
+export type { DevAuthConfig, DevUser, DevGroup }
+// Client-side (import from 'canopycms-auth-dev/client')
+export { useDevAuthConfig }
+```
+## Switching Between Auth Providers
+You can configure your app to switch between dev auth and production auth (like Clerk) using environment variables:
+### Server-side (app/lib/canopy.ts)
+```ts
+import { createNextCanopyContext } from 'canopycms-next'
+import { createClerkAuthPlugin } from 'canopycms-auth-clerk'
+import { createDevAuthPlugin } from 'canopycms-auth-dev'
+import type { AuthPlugin } from 'canopycms/auth'
+import config from '../../canopycms.config'
+function getAuthPlugin(): AuthPlugin {
+  const authMode = process.env.CANOPY_AUTH_MODE || 'dev'
+  if (authMode === 'dev') {
+    return createDevAuthPlugin()
+  }
+  if (authMode === 'clerk') {
+    return createClerkAuthPlugin({
+      useOrganizationsAsGroups: true,
+    })
+  }
+  throw new Error(`Invalid CANOPY_AUTH_MODE: "${authMode}". Must be "dev" or "clerk".`)
+}
+const canopyContext = createNextCanopyContext({
+  config: config.server,
+  authPlugin: getAuthPlugin(),
+})
+export const getCanopy = canopyContext.getCanopy
+export const handler = canopyContext.handler
+```
+### Client-side (app/edit/page.tsx)
+```tsx
+'use client'
+import { useClerkAuthConfig } from 'canopycms-auth-clerk/client'
+import { useDevAuthConfig } from 'canopycms-auth-dev/client'
+import { NextCanopyEditorPage } from 'canopycms-next/client'
+import config from '../../canopycms.config'
+function useAuthConfig() {
+  const authMode = process.env.NEXT_PUBLIC_CANOPY_AUTH_MODE || 'dev'
+  if (authMode === 'dev') {
+    return useDevAuthConfig()
+  }
+  if (authMode === 'clerk') {
+    return useClerkAuthConfig()
+  }
+  throw new Error(`Invalid NEXT_PUBLIC_CANOPY_AUTH_MODE: "${authMode}". Must be "dev" or "clerk".`)
+}
+export default function EditPage() {
+  const authConfig = useAuthConfig()
+  const clientConfig = config.client(authConfig)
+  const EditorPage = NextCanopyEditorPage(clientConfig)
+  return <EditorPage />
+}
+```
+### Environment Configuration
+**Default: Dev auth is enabled by default** (no configuration needed)
+To switch to Clerk, create `.env.local`:
+```bash
+# Use Clerk authentication
+CANOPY_AUTH_MODE=clerk
+NEXT_PUBLIC_CANOPY_AUTH_MODE=clerk
+# Clerk configuration
+NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=your_key
+CLERK_SECRET_KEY=your_secret
+# Bootstrap admin (use your Clerk user ID)
+CANOPY_BOOTSTRAP_ADMIN_IDS=user_xxxxxxxxxxxxx
+```
+To switch back to dev auth, just remove `.env.local` or set the mode to `dev`.
+**Optional dev auth configuration** (`.env.local`):
+```bash
+# Bootstrap admin for dev mode
+CANOPY_BOOTSTRAP_ADMIN_IDS=dev_admin_3xY6zW1qR5
+```
+### Benefits
+- **No code changes**: Switch auth modes by changing environment variables
+- **Team flexibility**: Developers can use dev auth locally while staging/production uses Clerk
+- **Easy testing**: Quickly test features without auth provider setup
+- **Clean separation**: Same codebase works with multiple auth providers
+## Production Safety
+⚠️ **WARNING**: This plugin is for development and testing only. Do not use in production environments.
+## License
+MIT

package/dist/UserSwitcherButton.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+/**
+ * User switcher button component that shows current user avatar and opens modal
+ */
+export declare function UserSwitcherButton(): import("react/jsx-runtime").JSX.Element;

package/dist/UserSwitcherButton.js ADDED Viewed

@@ -0,0 +1,23 @@
+'use client';
+import { jsx as _jsx, Fragment as _Fragment, jsxs as _jsxs } from "react/jsx-runtime";
+import { useState, useEffect } from 'react';
+import { ActionIcon, Avatar } from '@mantine/core';
+import { UserSwitcherModal } from './UserSwitcherModal';
+import { DEFAULT_USERS } from './dev-plugin';
+import { getDevUserCookie, DEFAULT_USER_ID } from './cookie-utils';
+/**
+ * User switcher button component that shows current user avatar and opens modal
+ */
+export function UserSwitcherButton() {
+    const [opened, setOpened] = useState(false);
+    const [mounted, setMounted] = useState(false);
+    // Only read cookie after mount to avoid hydration mismatch
+    useEffect(() => {
+        setMounted(true);
+    }, []);
+    // Read current user from cookie (only on client)
+    const currentUserId = mounted ? (getDevUserCookie() ?? DEFAULT_USER_ID) : DEFAULT_USER_ID;
+    const currentUser = DEFAULT_USERS.find((u) => u.userId === currentUserId);
+    return (_jsxs(_Fragment, { children: [_jsx(ActionIcon, { variant: "subtle", size: "lg", radius: "md", onClick: () => setOpened(true), "aria-label": "Switch user", children: _jsx(Avatar, { size: "sm", color: "blue", children: currentUser?.name[0] ?? 'U' }) }), _jsx(UserSwitcherModal, { opened: opened, onClose: () => setOpened(false), currentUserId: currentUserId })] }));
+}
+//# sourceMappingURL=UserSwitcherButton.js.map

package/dist/UserSwitcherButton.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"UserSwitcherButton.js","sourceRoot":"","sources":["../src/UserSwitcherButton.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAA;;AAEZ,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,OAAO,CAAA;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,eAAe,CAAA;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAA;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAA;AAC5C,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAA;AAElE;;GAEG;AACH,MAAM,UAAU,kBAAkB;IAChC,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAA;IAC3C,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAA;IAE7C,2DAA2D;IAC3D,SAAS,CAAC,GAAG,EAAE;QACb,UAAU,CAAC,IAAI,CAAC,CAAA;IAClB,CAAC,EAAE,EAAE,CAAC,CAAA;IAEN,iDAAiD;IACjD,MAAM,aAAa,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,gBAAgB,EAAE,IAAI,eAAe,CAAC,CAAC,CAAC,CAAC,eAAe,CAAA;IACzF,MAAM,WAAW,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,aAAa,CAAC,CAAA;IAEzE,OAAO,CACL,8BACE,KAAC,UAAU,IACT,OAAO,EAAC,QAAQ,EAChB,IAAI,EAAC,IAAI,EACT,MAAM,EAAC,IAAI,EACX,OAAO,EAAE,GAAG,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,gBACnB,aAAa,YAExB,KAAC,MAAM,IAAC,IAAI,EAAC,IAAI,EAAC,KAAK,EAAC,MAAM,YAC3B,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,GAAG,GACrB,GACE,EAEb,KAAC,iBAAiB,IAChB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,GAAG,EAAE,CAAC,SAAS,CAAC,KAAK,CAAC,EAC/B,aAAa,EAAE,aAAa,GAC5B,IACD,CACJ,CAAA;AACH,CAAC"}

package/dist/UserSwitcherModal.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+interface Props {
+    opened: boolean;
+    onClose: () => void;
+    currentUserId: string;
+}
+/**
+ * User switcher modal component that displays all available dev users
+ */
+export declare function UserSwitcherModal({ opened, onClose, currentUserId }: Props): import("react/jsx-runtime").JSX.Element;
+export {};

package/dist/UserSwitcherModal.js ADDED Viewed

@@ -0,0 +1,19 @@
+'use client';
+import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
+import { Modal, Stack, Paper, Group, Avatar, Text, Badge } from '@mantine/core';
+import { MdCheck } from 'react-icons/md';
+import { DEFAULT_USERS } from './dev-plugin';
+import { setDevUserCookie } from './cookie-utils';
+/**
+ * User switcher modal component that displays all available dev users
+ */
+export function UserSwitcherModal({ opened, onClose, currentUserId }) {
+    const switchUser = (userId) => {
+        // Set cookie for 7 days
+        setDevUserCookie(userId);
+        // Reload to apply new user
+        window.location.reload();
+    };
+    return (_jsx(Modal, { opened: opened, onClose: onClose, title: "Switch Development User", children: _jsx(Stack, { gap: "sm", children: DEFAULT_USERS.map((user) => (_jsxs(Paper, { p: "md", withBorder: true, style: { cursor: 'pointer' }, onClick: () => switchUser(user.userId), children: [_jsxs(Group, { justify: "space-between", mb: "xs", children: [_jsxs(Group, { children: [_jsx(Avatar, { color: "blue", children: user.name[0] }), _jsxs("div", { children: [_jsx(Text, { fw: 500, children: user.name }), _jsx(Text, { size: "sm", c: "dimmed", children: user.email })] })] }), user.userId === currentUserId && _jsx(MdCheck, { size: 20 })] }), user.externalGroups.length > 0 && (_jsx(Group, { gap: "xs", children: user.externalGroups.map((g) => (_jsx(Badge, { variant: "outline", size: "sm", children: g }, g))) }))] }, user.userId))) }) }));
+}
+//# sourceMappingURL=UserSwitcherModal.js.map

package/dist/UserSwitcherModal.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"UserSwitcherModal.js","sourceRoot":"","sources":["../src/UserSwitcherModal.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAA;;AAEZ,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AAC/E,OAAO,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAA;AACxC,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAA;AAC5C,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AAQjD;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAS;IACzE,MAAM,UAAU,GAAG,CAAC,MAAc,EAAE,EAAE;QACpC,wBAAwB;QACxB,gBAAgB,CAAC,MAAM,CAAC,CAAA;QACxB,2BAA2B;QAC3B,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAA;IAC1B,CAAC,CAAA;IAED,OAAO,CACL,KAAC,KAAK,IAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAC,yBAAyB,YACtE,KAAC,KAAK,IAAC,GAAG,EAAC,IAAI,YACZ,aAAa,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAC3B,MAAC,KAAK,IAEJ,CAAC,EAAC,IAAI,EACN,UAAU,QACV,KAAK,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,EAC5B,OAAO,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,aAEtC,MAAC,KAAK,IAAC,OAAO,EAAC,eAAe,EAAC,EAAE,EAAC,IAAI,aACpC,MAAC,KAAK,eACJ,KAAC,MAAM,IAAC,KAAK,EAAC,MAAM,YAAE,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,GAAU,EAC5C,0BACE,KAAC,IAAI,IAAC,EAAE,EAAE,GAAG,YAAG,IAAI,CAAC,IAAI,GAAQ,EACjC,KAAC,IAAI,IAAC,IAAI,EAAC,IAAI,EAAC,CAAC,EAAC,QAAQ,YACvB,IAAI,CAAC,KAAK,GACN,IACH,IACA,EACP,IAAI,CAAC,MAAM,KAAK,aAAa,IAAI,KAAC,OAAO,IAAC,IAAI,EAAE,EAAE,GAAI,IACjD,EAEP,IAAI,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,IAAI,CACjC,KAAC,KAAK,IAAC,GAAG,EAAC,IAAI,YACZ,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAC9B,KAAC,KAAK,IAAS,OAAO,EAAC,SAAS,EAAC,IAAI,EAAC,IAAI,YACvC,CAAC,IADQ,CAAC,CAEL,CACT,CAAC,GACI,CACT,KA3BI,IAAI,CAAC,MAAM,CA4BV,CACT,CAAC,GACI,GACF,CACT,CAAA;AACH,CAAC"}

package/dist/cache-writer.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import type { DevUser, DevGroup } from './dev-plugin';
+export interface RefreshDevCacheOptions {
+    /** Directory to write cache files to (e.g., .canopy-prod-sim/.cache) */
+    cachePath: string;
+    /** Custom users (defaults to DEFAULT_USERS) */
+    users?: DevUser[];
+    /** Custom groups (defaults to DEFAULT_GROUPS) */
+    groups?: DevGroup[];
+}
+/**
+ * Write dev users/groups to cache files for FileBasedAuthCache.
+ *
+ * This is the dev-auth equivalent of refreshClerkCache() — it populates
+ * the same JSON files that CachingAuthPlugin reads. Since dev users are
+ * hardcoded, no API calls are needed.
+ *
+ * Used by the worker's `run-once` command in prod-sim mode with dev auth.
+ */
+export declare function refreshDevCache(options: RefreshDevCacheOptions): Promise<{
+    userCount: number;
+    groupCount: number;
+}>;

package/dist/cache-writer.js ADDED Viewed

@@ -0,0 +1,42 @@
+import { writeAuthCacheSnapshot } from 'canopycms/auth/cache';
+import { DEFAULT_USERS, DEFAULT_GROUPS } from './dev-plugin';
+/**
+ * Write dev users/groups to cache files for FileBasedAuthCache.
+ *
+ * This is the dev-auth equivalent of refreshClerkCache() — it populates
+ * the same JSON files that CachingAuthPlugin reads. Since dev users are
+ * hardcoded, no API calls are needed.
+ *
+ * Used by the worker's `run-once` command in prod-sim mode with dev auth.
+ */
+export async function refreshDevCache(options) {
+    const { cachePath } = options;
+    const users = options.users ?? DEFAULT_USERS;
+    const groups = options.groups ?? DEFAULT_GROUPS;
+    const usersData = {
+        users: users.map((u) => ({
+            id: u.userId,
+            name: u.name,
+            email: u.email,
+            avatarUrl: u.avatarUrl,
+        })),
+    };
+    const groupsData = {
+        groups: groups.map((g) => ({
+            id: g.id,
+            name: g.name,
+            description: g.description,
+        })),
+    };
+    const membershipsData = {
+        memberships: Object.fromEntries(users.filter((u) => u.externalGroups.length > 0).map((u) => [u.userId, u.externalGroups])),
+    };
+    // Write cache files atomically via snapshot directory + symlink swap
+    await writeAuthCacheSnapshot(cachePath, {
+        'users.json': usersData,
+        'orgs.json': groupsData,
+        'memberships.json': membershipsData,
+    });
+    return { userCount: users.length, groupCount: groups.length };
+}
+//# sourceMappingURL=cache-writer.js.map

package/dist/cache-writer.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"cache-writer.js","sourceRoot":"","sources":["../src/cache-writer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAA;AAC7D,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,cAAc,CAAA;AAY5D;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,OAA+B;IAE/B,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,CAAA;IAC7B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,aAAa,CAAA;IAC5C,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,cAAc,CAAA;IAE/C,MAAM,SAAS,GAAG;QAChB,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACvB,EAAE,EAAE,CAAC,CAAC,MAAM;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,KAAK,EAAE,CAAC,CAAC,KAAK;YACd,SAAS,EAAE,CAAC,CAAC,SAAS;SACvB,CAAC,CAAC;KACJ,CAAA;IAED,MAAM,UAAU,GAAG;QACjB,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACzB,EAAE,EAAE,CAAC,CAAC,EAAE;YACR,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,WAAW,EAAE,CAAC,CAAC,WAAW;SAC3B,CAAC,CAAC;KACJ,CAAA;IAED,MAAM,eAAe,GAAG;QACtB,WAAW,EAAE,MAAM,CAAC,WAAW,CAC7B,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,cAAc,CAAC,CAAC,CAC1F;KACF,CAAA;IAED,qEAAqE;IACrE,MAAM,sBAAsB,CAAC,SAAS,EAAE;QACtC,YAAY,EAAE,SAAS;QACvB,WAAW,EAAE,UAAU;QACvB,kBAAkB,EAAE,eAAe;KACpC,CAAC,CAAA;IAEF,OAAO,EAAE,SAAS,EAAE,KAAK,CAAC,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,CAAA;AAC/D,CAAC"}

package/dist/client.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import type { CanopyClientConfig } from 'canopycms/client';
+/**
+ * Hook that provides dev auth handlers and components for CanopyCMS editor.
+ * Model after: packages/canopycms-auth-clerk/src/client.ts
+ *
+ * @example
+ * ```tsx
+ * import { useDevAuthConfig } from 'canopycms-auth-dev/client'
+ * import config from '../../canopycms.config'
+ *
+ * export default function EditPage() {
+ *   const devAuth = useDevAuthConfig()
+ *   const editorConfig = config.client(devAuth)
+ *   return <CanopyEditorPage config={editorConfig} />
+ * }
+ * ```
+ */
+export declare function useDevAuthConfig(): Pick<CanopyClientConfig, 'editor'>;

package/dist/client.js ADDED Viewed

@@ -0,0 +1,32 @@
+'use client';
+import { UserSwitcherButton } from './UserSwitcherButton';
+import { clearDevUserCookie } from './cookie-utils';
+/**
+ * Hook that provides dev auth handlers and components for CanopyCMS editor.
+ * Model after: packages/canopycms-auth-clerk/src/client.ts
+ *
+ * @example
+ * ```tsx
+ * import { useDevAuthConfig } from 'canopycms-auth-dev/client'
+ * import config from '../../canopycms.config'
+ *
+ * export default function EditPage() {
+ *   const devAuth = useDevAuthConfig()
+ *   const editorConfig = config.client(devAuth)
+ *   return <CanopyEditorPage config={editorConfig} />
+ * }
+ * ```
+ */
+export function useDevAuthConfig() {
+    return {
+        editor: {
+            AccountComponent: UserSwitcherButton,
+            onLogoutClick: () => {
+                // Reset to default user
+                clearDevUserCookie();
+                window.location.reload();
+            },
+        },
+    };
+}
+//# sourceMappingURL=client.js.map

package/dist/client.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA,YAAY,CAAA;AAGZ,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAA;AACzD,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAA;AAEnD;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,gBAAgB;IAC9B,OAAO;QACL,MAAM,EAAE;YACN,gBAAgB,EAAE,kBAAkB;YACpC,aAAa,EAAE,GAAG,EAAE;gBAClB,wBAAwB;gBACxB,kBAAkB,EAAE,CAAA;gBACpB,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAA;YAC1B,CAAC;SACF;KACF,CAAA;AACH,CAAC"}

package/dist/cookie-utils.d.ts ADDED Viewed

@@ -0,0 +1,20 @@
+import type { HeadersLike } from 'canopycms/auth';
+export declare const DEV_USER_COOKIE_NAME = "canopy-dev-user";
+export declare const DEV_USER_COOKIE_MAX_AGE: number;
+export declare const DEFAULT_USER_ID = "dev_user1_2nK8mP4xL9";
+/**
+ * Server-side: Extract cookie value from HTTP headers
+ */
+export declare function getDevUserCookieFromHeaders(headers: HeadersLike): string | null;
+/**
+ * Client-side: Read cookie from document.cookie
+ */
+export declare function getDevUserCookie(): string | null;
+/**
+ * Client-side: Set dev user cookie
+ */
+export declare function setDevUserCookie(userId: string): void;
+/**
+ * Client-side: Clear dev user cookie (logout)
+ */
+export declare function clearDevUserCookie(): void;

package/dist/cookie-utils.js ADDED Viewed

@@ -0,0 +1,39 @@
+export const DEV_USER_COOKIE_NAME = 'canopy-dev-user';
+export const DEV_USER_COOKIE_MAX_AGE = 60 * 60 * 24 * 7; // 7 days
+export const DEFAULT_USER_ID = 'dev_user1_2nK8mP4xL9';
+/**
+ * Server-side: Extract cookie value from HTTP headers
+ */
+export function getDevUserCookieFromHeaders(headers) {
+    const cookie = headers.get('Cookie');
+    if (!cookie)
+        return null;
+    const match = cookie.match(new RegExp(`${DEV_USER_COOKIE_NAME}=([^;]+)`));
+    return match?.[1] ?? null;
+}
+/**
+ * Client-side: Read cookie from document.cookie
+ */
+export function getDevUserCookie() {
+    if (typeof document === 'undefined')
+        return null;
+    const match = document.cookie.match(new RegExp(`${DEV_USER_COOKIE_NAME}=([^;]+)`));
+    return match?.[1] ?? null;
+}
+/**
+ * Client-side: Set dev user cookie
+ */
+export function setDevUserCookie(userId) {
+    if (typeof document === 'undefined')
+        return;
+    document.cookie = `${DEV_USER_COOKIE_NAME}=${userId}; path=/; max-age=${DEV_USER_COOKIE_MAX_AGE}; SameSite=Lax`;
+}
+/**
+ * Client-side: Clear dev user cookie (logout)
+ */
+export function clearDevUserCookie() {
+    if (typeof document === 'undefined')
+        return;
+    document.cookie = `${DEV_USER_COOKIE_NAME}=; path=/; max-age=0`;
+}
+//# sourceMappingURL=cookie-utils.js.map

package/dist/cookie-utils.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"cookie-utils.js","sourceRoot":"","sources":["../src/cookie-utils.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,oBAAoB,GAAG,iBAAiB,CAAA;AACrD,MAAM,CAAC,MAAM,uBAAuB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA,CAAC,SAAS;AACjE,MAAM,CAAC,MAAM,eAAe,GAAG,sBAAsB,CAAA;AAErD;;GAEG;AACH,MAAM,UAAU,2BAA2B,CAAC,OAAoB;IAC9D,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;IACpC,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAA;IAExB,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,GAAG,oBAAoB,UAAU,CAAC,CAAC,CAAA;IACzE,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,CAAA;AAC3B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB;IAC9B,IAAI,OAAO,QAAQ,KAAK,WAAW;QAAE,OAAO,IAAI,CAAA;IAEhD,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,GAAG,oBAAoB,UAAU,CAAC,CAAC,CAAA;IAClF,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,CAAA;AAC3B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAc;IAC7C,IAAI,OAAO,QAAQ,KAAK,WAAW;QAAE,OAAM;IAE3C,QAAQ,CAAC,MAAM,GAAG,GAAG,oBAAoB,IAAI,MAAM,qBAAqB,uBAAuB,gBAAgB,CAAA;AACjH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB;IAChC,IAAI,OAAO,QAAQ,KAAK,WAAW;QAAE,OAAM;IAE3C,QAAQ,CAAC,MAAM,GAAG,GAAG,oBAAoB,sBAAsB,CAAA;AACjE,CAAC"}

package/dist/dev-plugin.d.ts ADDED Viewed

@@ -0,0 +1,71 @@
+import type { AuthPlugin } from 'canopycms/auth';
+import type { UserSearchResult, GroupMetadata, AuthenticationResult } from 'canopycms/auth';
+import type { CanopyUserId, CanopyGroupId } from 'canopycms';
+/**
+ * WARNING: This plugin is for development and testing only!
+ * Do not use in production environments.
+ */
+export interface DevUser {
+    userId: CanopyUserId;
+    name: string;
+    email: string;
+    avatarUrl?: string;
+    externalGroups: CanopyGroupId[];
+}
+export interface DevGroup {
+    id: CanopyGroupId;
+    name: string;
+    description?: string;
+}
+export declare const DEV_ADMIN_USER_ID: CanopyUserId;
+export interface DevAuthConfig {
+    /**
+     * Custom mock users. If not provided, uses default users.
+     */
+    users?: DevUser[];
+    /**
+     * Custom mock groups. If not provided, uses default groups.
+     */
+    groups?: DevGroup[];
+    /**
+     * Default user ID when no user is selected.
+     * @default 'dev_user1_2nK8mP4xL9' (user1)
+     */
+    defaultUserId?: CanopyUserId;
+    /**
+     * Whether to auto-set CANOPY_BOOTSTRAP_ADMIN_IDS for the admin dev user
+     * when the env var is not already set. Defaults to true.
+     */
+    autoBootstrapAdmin?: boolean;
+}
+export declare const DEFAULT_USERS: DevUser[];
+export declare const DEFAULT_GROUPS: DevGroup[];
+/**
+ * Dev authentication plugin implementation for CanopyCMS.
+ * Supports both cookie-based (UI) and header-based (tests) authentication.
+ */
+export declare class DevAuthPlugin implements AuthPlugin {
+    private users;
+    private groups;
+    private defaultUserId;
+    constructor(config?: DevAuthConfig);
+    authenticate(context: unknown): Promise<AuthenticationResult>;
+    /**
+     * Map test-app user keys to dev user IDs for backward compatibility
+     */
+    private mapTestUserKey;
+    searchUsers(query: string, limit?: number): Promise<UserSearchResult[]>;
+    getUserMetadata(userId: CanopyUserId): Promise<UserSearchResult | null>;
+    getGroupMetadata(groupId: CanopyGroupId): Promise<GroupMetadata | null>;
+    listGroups(limit?: number): Promise<GroupMetadata[]>;
+    searchExternalGroups(query: string): Promise<Array<{
+        id: CanopyGroupId;
+        name: string;
+    }>>;
+}
+/**
+ * Factory function for creating dev auth plugin.
+ * By default, auto-sets CANOPY_BOOTSTRAP_ADMIN_IDS to the admin dev user
+ * if the env var is not already set. Disable with { autoBootstrapAdmin: false }.
+ */
+export declare function createDevAuthPlugin(config?: DevAuthConfig): AuthPlugin;