gorsee 0.2.4 → 0.2.5

package/dist-pkg/ai/store.js

@@ -0,0 +1,174 @@
+import { readFile } from "node:fs/promises";
+import { join } from "node:path";
+import { MAX_AI_EVENTS_READ, safeJSONParse } from "./json.js";
+export function resolveAIStorePaths(cwd) {
+  return {
+    eventsPath: join(cwd, ".gorsee", "ai-events.jsonl"),
+    diagnosticsPath: join(cwd, ".gorsee", "ai-diagnostics.json"),
+    reactiveTracePath: join(cwd, ".gorsee", "reactive-trace.json")
+  };
+}
+export async function readAIEvents(path, options = {}) {
+  const content = await safeReadFile(path);
+  if (!content)
+    return [];
+  const parsed = content.split(`
+`).slice(-MAX_AI_EVENTS_READ).map((line) => line.trim()).filter(Boolean).map((line) => {
+    return safeJSONParse(line);
+  }).filter((event) => event !== null);
+  if (options.limit && options.limit > 0)
+    return parsed.slice(-options.limit);
+  return parsed;
+}
+export async function readAIDiagnosticsSnapshot(path) {
+  const content = await safeReadFile(path);
+  if (!content)
+    return null;
+  return safeJSONParse(content);
+}
+export async function readReactiveTraceArtifact(path) {
+  const content = await safeReadFile(path);
+  if (!content)
+    return null;
+  return safeJSONParse(content);
+}
+export async function buildAIHealthReport(paths, options = {}) {
+  const events = await readAIEvents(paths.eventsPath, options), snapshot = await readAIDiagnosticsSnapshot(paths.diagnosticsPath), bySeverity = {}, byKind = {};
+  let errors = 0, warnings = 0;
+  for (const event of events) {
+    bySeverity[event.severity] = (bySeverity[event.severity] ?? 0) + 1;
+    byKind[event.kind] = (byKind[event.kind] ?? 0) + 1;
+    if (event.severity === "error")
+      errors++;
+    if (event.severity === "warn")
+      warnings++;
+  }
+  const incidents = events.filter((event) => event.severity === "error" || event.kind === "diagnostic.issue" || event.kind === "request.error").slice(-10).reverse().map((event) => ({
+    kind: event.kind,
+    message: event.message,
+    ts: event.ts,
+    route: event.route,
+    file: event.file,
+    line: event.line,
+    code: event.code
+  })), incidentClusters = buildIncidentClusters(events), artifactRegressions = buildArtifactRegressions(events);
+  return {
+    events: {
+      total: events.length,
+      bySeverity,
+      byKind,
+      latest: events.at(-1)
+    },
+    diagnostics: {
+      total: snapshot?.latest ? 1 : 0,
+      latest: snapshot?.latest,
+      errors,
+      warnings
+    },
+    incidents,
+    incidentClusters,
+    artifactRegressions
+  };
+}
+function buildIncidentClusters(events) {
+  const clusters = new Map;
+  for (const event of events) {
+    if (!(event.severity === "error" || event.kind === "diagnostic.issue" || event.kind === "request.error"))
+      continue;
+    const key = event.traceId ? `trace:${event.traceId}` : event.requestId ? `request:${event.requestId}` : event.file ? `file:${event.file}` : event.route ? `route:${event.route}` : `kind:${event.kind}`, existing = clusters.get(key);
+    if (existing) {
+      existing.count += 1;
+      existing.latestTs = event.ts > existing.latestTs ? event.ts : existing.latestTs;
+      if (!existing.route && event.route)
+        existing.route = event.route;
+      if (!existing.file && event.file)
+        existing.file = event.file;
+      if (!existing.requestId && event.requestId)
+        existing.requestId = event.requestId;
+      if (!existing.traceId && event.traceId)
+        existing.traceId = event.traceId;
+      if (!existing.codes.includes(event.code ?? "") && event.code)
+        existing.codes.push(event.code);
+      if (!existing.messages.includes(event.message))
+        existing.messages.push(event.message);
+      continue;
+    }
+    clusters.set(key, {
+      key,
+      count: 1,
+      kind: event.kind,
+      latestTs: event.ts,
+      route: event.route,
+      file: event.file,
+      requestId: event.requestId,
+      traceId: event.traceId,
+      messages: [event.message],
+      codes: event.code ? [event.code] : []
+    });
+  }
+  return [...clusters.values()].sort((a, b) => b.count - a.count || (a.latestTs < b.latestTs ? 1 : -1)).slice(0, 10);
+}
+function buildArtifactRegressions(events) {
+  const groups = new Map;
+  for (const event of events) {
+    const phase = getArtifactPhase(event);
+    if (!phase)
+      continue;
+    const path = typeof event.data?.artifact === "string" ? event.data.artifact : void 0, version = typeof event.data?.version === "string" ? event.data.version : void 0, key = `${phase}:${path ?? version ?? "default"}`, status = getArtifactStatus(event), existing = groups.get(key);
+    if (existing) {
+      if (status === "error")
+        existing.errors += 1;
+      if (status === "warn")
+        existing.warnings += 1;
+      if (status === "success")
+        existing.successes += 1;
+      existing.latestTs = event.ts > existing.latestTs ? event.ts : existing.latestTs;
+      existing.latestStatus = event.ts >= existing.latestTs ? status : existing.latestStatus;
+      if (!existing.path && path)
+        existing.path = path;
+      if (!existing.version && version)
+        existing.version = version;
+      if (!existing.messages.includes(event.message))
+        existing.messages.push(event.message);
+      continue;
+    }
+    groups.set(key, {
+      key,
+      phase,
+      path,
+      version,
+      errors: status === "error" ? 1 : 0,
+      warnings: status === "warn" ? 1 : 0,
+      successes: status === "success" ? 1 : 0,
+      latestTs: event.ts,
+      latestStatus: status,
+      messages: [event.message]
+    });
+  }
+  return [...groups.values()].filter((entry) => entry.errors > 0 || entry.warnings > 0).sort((a, b) => b.errors - a.errors || b.warnings - a.warnings || (a.latestTs < b.latestTs ? 1 : -1)).slice(0, 10);
+}
+function getArtifactPhase(event) {
+  if (event.kind.startsWith("release."))
+    return event.kind.split(".").slice(0, 2).join(".");
+  if (event.kind.startsWith("deploy."))
+    return "deploy";
+  if (event.kind.startsWith("build."))
+    return "build";
+  return null;
+}
+function getArtifactStatus(event) {
+  if (event.severity === "error" || event.kind.endsWith(".error"))
+    return "error";
+  if (event.severity === "warn")
+    return "warn";
+  if (event.kind.endsWith(".finish") || event.kind === "build.summary")
+    return "success";
+  return "info";
+}
+async function safeReadFile(path) {
+  try {
+    return await readFile(path, "utf-8");
+  } catch {
+    return null;
+  }
+}

package/dist-pkg/ai/summary.d.ts

@@ -0,0 +1,57 @@
+import type { AIDiagnostic, AIEvent } from "./index.js";
+import type { AIHealthReport } from "./store.js";
+import type { ReactiveTraceArtifact } from "../reactive/diagnostics.js";
+export interface AIContextPacket {
+    schemaVersion: string;
+    generatedAt: string;
+    summary: {
+        headline: string;
+        events: number;
+        errors: number;
+        warnings: number;
+    };
+    latestDiagnostic?: Partial<AIDiagnostic>;
+    recentIncidents: Array<{
+        ts: string;
+        kind: string;
+        message: string;
+        route?: string;
+        file?: string;
+        line?: number;
+        code?: string;
+    }>;
+    incidentClusters: Array<{
+        key: string;
+        count: number;
+        kind: string;
+        route?: string;
+        file?: string;
+        latestTs: string;
+    }>;
+    artifactRegressions: Array<{
+        key: string;
+        phase: string;
+        path?: string;
+        version?: string;
+        errors: number;
+        warnings: number;
+        successes: number;
+        latestTs: string;
+        latestStatus: "error" | "warn" | "success" | "info";
+    }>;
+    hotspots: Array<{
+        key: string;
+        count: number;
+        kind: "route" | "file" | "event";
+    }>;
+    reactiveTrace?: {
+        schemaVersion: number;
+        nodes: number;
+        edges: number;
+        events: number;
+        latestEventKind?: string;
+    };
+    recommendations: string[];
+}
+export declare function createAIContextPacket(report: AIHealthReport, events: AIEvent[], latestDiagnostic?: Partial<AIDiagnostic>, reactiveTrace?: ReactiveTraceArtifact | null): AIContextPacket;
+export declare function renderAIContextMarkdown(packet: AIContextPacket): string;

package/dist-pkg/ai/summary.js

@@ -0,0 +1,148 @@
+import { GORSEE_AI_CONTEXT_SCHEMA_VERSION } from "./contracts.js";
+export function createAIContextPacket(report, events, latestDiagnostic, reactiveTrace) {
+  return {
+    schemaVersion: GORSEE_AI_CONTEXT_SCHEMA_VERSION,
+    generatedAt: new Date().toISOString(),
+    summary: {
+      headline: buildHeadline(report),
+      events: report.events.total,
+      errors: report.diagnostics.errors,
+      warnings: report.diagnostics.warnings
+    },
+    latestDiagnostic,
+    recentIncidents: report.incidents,
+    incidentClusters: report.incidentClusters.map((cluster) => ({
+      key: cluster.key,
+      count: cluster.count,
+      kind: cluster.kind,
+      route: cluster.route,
+      file: cluster.file,
+      latestTs: cluster.latestTs
+    })),
+    artifactRegressions: report.artifactRegressions.map((artifact) => ({
+      key: artifact.key,
+      phase: artifact.phase,
+      path: artifact.path,
+      version: artifact.version,
+      errors: artifact.errors,
+      warnings: artifact.warnings,
+      successes: artifact.successes,
+      latestTs: artifact.latestTs,
+      latestStatus: artifact.latestStatus
+    })),
+    hotspots: buildHotspots(events),
+    reactiveTrace: reactiveTrace ? {
+      schemaVersion: reactiveTrace.schemaVersion,
+      nodes: reactiveTrace.nodes.length,
+      edges: reactiveTrace.edges.length,
+      events: reactiveTrace.events.length,
+      latestEventKind: reactiveTrace.events.at(-1)?.kind
+    } : void 0,
+    recommendations: buildRecommendations(report, latestDiagnostic, events, reactiveTrace)
+  };
+}
+export function renderAIContextMarkdown(packet) {
+  const lines = [
+    "# Gorsee AI Context",
+    "",
+    `Schema: ${packet.schemaVersion}`,
+    "",
+    `Generated: ${packet.generatedAt}`,
+    "",
+    "## Summary",
+    "",
+    `- ${packet.summary.headline}`,
+    `- Events: ${packet.summary.events}`,
+    `- Errors: ${packet.summary.errors}`,
+    `- Warnings: ${packet.summary.warnings}`
+  ];
+  if (packet.latestDiagnostic?.code)
+    lines.push("", "## Latest Diagnostic", "", `- ${packet.latestDiagnostic.code}: ${packet.latestDiagnostic.message ?? ""}`.trim());
+  if (packet.recentIncidents.length > 0) {
+    lines.push("", "## Recent Incidents", "");
+    for (const incident of packet.recentIncidents.slice(0, 10)) {
+      const loc = incident.file ? ` (${incident.file}${incident.line ? `:${incident.line}` : ""})` : incident.route ? ` (${incident.route})` : "";
+      lines.push(`- [${incident.kind}] ${incident.message}${loc}`);
+    }
+  }
+  if (packet.incidentClusters.length > 0) {
+    lines.push("", "## Incident Clusters", "");
+    for (const cluster of packet.incidentClusters.slice(0, 5)) {
+      const loc = cluster.file ? ` (${cluster.file})` : cluster.route ? ` (${cluster.route})` : "";
+      lines.push(`- ${cluster.kind} \xD7 ${cluster.count}${loc}`);
+    }
+  }
+  if (packet.artifactRegressions.length > 0) {
+    lines.push("", "## Artifact Regressions", "");
+    for (const artifact of packet.artifactRegressions.slice(0, 5)) {
+      const details = [artifact.version, artifact.path].filter(Boolean).join(" ");
+      lines.push(`- ${artifact.phase}: errors=${artifact.errors} warnings=${artifact.warnings} successes=${artifact.successes}${details ? ` (${details})` : ""}`);
+    }
+  }
+  if (packet.hotspots.length > 0) {
+    lines.push("", "## Hotspots", "");
+    for (const hotspot of packet.hotspots)
+      lines.push(`- ${hotspot.kind}: ${hotspot.key} (${hotspot.count})`);
+  }
+  if (packet.reactiveTrace) {
+    lines.push("", "## Reactive Trace", "");
+    lines.push(`- Schema: ${packet.reactiveTrace.schemaVersion}`);
+    lines.push(`- Nodes: ${packet.reactiveTrace.nodes}`);
+    lines.push(`- Edges: ${packet.reactiveTrace.edges}`);
+    lines.push(`- Events: ${packet.reactiveTrace.events}`);
+    if (packet.reactiveTrace.latestEventKind)
+      lines.push(`- Latest event: ${packet.reactiveTrace.latestEventKind}`);
+  }
+  if (packet.recommendations.length > 0) {
+    lines.push("", "## Recommendations", "");
+    for (const recommendation of packet.recommendations)
+      lines.push(`- ${recommendation}`);
+  }
+  return lines.join(`
+`);
+}
+function buildHeadline(report) {
+  if (report.diagnostics.errors > 0)
+    return "Project currently has AI-observed errors that need attention.";
+  if (report.diagnostics.warnings > 0)
+    return "Project is stable but has warnings worth reviewing.";
+  if (report.events.total === 0)
+    return "AI observability is enabled but no events were collected yet.";
+  return "Project looks healthy from the current AI event stream.";
+}
+function buildHotspots(events) {
+  const routeCounts = new Map, fileCounts = new Map, kindCounts = new Map;
+  for (const event of events) {
+    if (event.route)
+      routeCounts.set(event.route, (routeCounts.get(event.route) ?? 0) + 1);
+    if (event.file)
+      fileCounts.set(event.file, (fileCounts.get(event.file) ?? 0) + 1);
+    kindCounts.set(event.kind, (kindCounts.get(event.kind) ?? 0) + 1);
+  }
+  return [
+    ...topEntries(routeCounts, "route"),
+    ...topEntries(fileCounts, "file"),
+    ...topEntries(kindCounts, "event")
+  ].slice(0, 8);
+}
+function topEntries(source, kind) {
+  return [...source.entries()].sort((a, b) => b[1] - a[1]).slice(0, 3).map(([key, count]) => ({ key, count, kind }));
+}
+function buildRecommendations(report, latestDiagnostic, events, reactiveTrace) {
+  const recommendations = [], errorEvents = events.filter((event) => event.severity === "error"), requestErrors = events.filter((event) => event.kind === "request.error");
+  if (latestDiagnostic?.code)
+    recommendations.push(`Investigate the latest diagnostic ${latestDiagnostic.code} before relying on this context in automation.`);
+  if (requestErrors.length > 0)
+    recommendations.push("Review request.error events first; they are the strongest signal of user-facing runtime regressions.");
+  if (report.diagnostics.errors > 0 && report.events.total > 0)
+    recommendations.push("Use `gorsee ai tail --limit 50 --json` to inspect correlated runtime/build/check events around the failure.");
+  if (errorEvents.some((event) => event.kind.startsWith("build.")))
+    recommendations.push("Run `gorsee ai doctor` after the next build to verify whether build-phase errors persist.");
+  if (report.artifactRegressions.length > 0)
+    recommendations.push("Review artifact regressions before shipping; release/deploy/build artifacts have recorded failures or warnings.");
+  if (reactiveTrace && reactiveTrace.events.length > 0)
+    recommendations.push("Reactive trace data is available; inspect dependency edges and invalidation events before changing resource or mutation behavior.");
+  if (recommendations.length === 0)
+    recommendations.push("No urgent AI-observed issues. Use `gorsee ai export --format markdown` to share a compact status packet with an agent.");
+  return recommendations;
+}

package/dist-pkg/ai/watch.d.ts

@@ -0,0 +1,15 @@
+import type { AIStorePaths } from "./store.js";
+import type { IDEProjection, IDEProjectionPaths } from "./ide.js";
+export interface IDEProjectionWatcherOptions {
+    storePaths: AIStorePaths;
+    projectionPaths: IDEProjectionPaths;
+    intervalMs?: number;
+    limit?: number;
+    onSync?: (projection: IDEProjection) => void | Promise<void>;
+}
+export interface IDEProjectionWatcher {
+    syncOnce(): Promise<IDEProjection>;
+    start(): void;
+    stop(): void;
+}
+export declare function createIDEProjectionWatcher(options: IDEProjectionWatcherOptions): IDEProjectionWatcher;

package/dist-pkg/ai/watch.js

@@ -0,0 +1,66 @@
+import { watch as watchFS } from "node:fs";
+import { buildIDEProjection, writeIDEProjection } from "./ide.js";
+export function createIDEProjectionWatcher(options) {
+  let timer, watchers = [], lastStamp = "", syncing = !1;
+  return {
+    async syncOnce() {
+      syncing = !0;
+      try {
+        const projection = await buildIDEProjection(options.storePaths, { limit: options.limit ?? 100 });
+        await writeIDEProjection(options.projectionPaths, projection);
+        if (options.onSync)
+          await options.onSync(projection);
+        return projection;
+      } finally {
+        syncing = !1;
+      }
+    },
+    start() {
+      if (timer || watchers.length > 0)
+        return;
+      try {
+        const triggerSync = async () => {
+          if (syncing)
+            return;
+          const stamp = await computeStamp(options.storePaths);
+          if (stamp === lastStamp)
+            return;
+          lastStamp = stamp;
+          await this.syncOnce();
+        };
+        watchers = [
+          watchFS(options.storePaths.eventsPath, () => {
+            triggerSync();
+          }),
+          watchFS(options.storePaths.diagnosticsPath, () => {
+            triggerSync();
+          })
+        ];
+      } catch {
+        timer = setInterval(async () => {
+          const stamp = await computeStamp(options.storePaths);
+          if (stamp === lastStamp || syncing)
+            return;
+          lastStamp = stamp;
+          await this.syncOnce();
+        }, options.intervalMs ?? 1000);
+      }
+    },
+    stop() {
+      for (const watcher of watchers)
+        watcher.close();
+      watchers = [];
+      if (!timer)
+        return;
+      clearInterval(timer);
+      timer = void 0;
+    }
+  };
+}
+async function computeStamp(paths) {
+  const [eventsMtime, diagnosticsMtime] = await Promise.all([
+    Bun.file(paths.eventsPath).exists().then((exists) => exists ? Bun.file(paths.eventsPath).lastModified : 0),
+    Bun.file(paths.diagnosticsPath).exists().then((exists) => exists ? Bun.file(paths.diagnosticsPath).lastModified : 0)
+  ]);
+  return `${eventsMtime}:${diagnosticsMtime}`;
+}

package/dist-pkg/auth/action-tokens.d.ts

@@ -0,0 +1,50 @@
+type Awaitable<T> = T | Promise<T>;
+export type AuthActionTokenPurpose = "magic-link" | "password-reset" | "email-verification";
+export interface AuthActionTokenClaims {
+    id: string;
+    purpose: AuthActionTokenPurpose;
+    subject: string;
+    email?: string;
+    metadata?: Record<string, unknown>;
+    issuedAt: number;
+    expiresAt: number;
+}
+export interface AuthActionTokenReplayStore {
+    consume(id: string, expiresAt: number): Awaitable<boolean>;
+}
+export interface AuthActionTokenManagerOptions {
+    secret: string;
+    store?: AuthActionTokenReplayStore;
+}
+export interface AuthActionTokenIssueOptions {
+    purpose: AuthActionTokenPurpose;
+    subject: string;
+    email?: string;
+    metadata?: Record<string, unknown>;
+    maxAgeSeconds?: number;
+}
+export interface AuthActionTokenVerificationOptions {
+    expectedPurpose?: AuthActionTokenPurpose;
+}
+export declare function createMemoryAuthActionTokenStore(): AuthActionTokenReplayStore;
+export declare function createAuthActionTokenManager(options: AuthActionTokenManagerOptions): {
+    issue(input: AuthActionTokenIssueOptions): Promise<{
+        token: string;
+        claims: AuthActionTokenClaims;
+    }>;
+    issueMagicLink(subject: string, email?: string, metadata?: Record<string, unknown>): Promise<{
+        token: string;
+        claims: AuthActionTokenClaims;
+    }>;
+    issuePasswordReset(subject: string, email?: string, metadata?: Record<string, unknown>): Promise<{
+        token: string;
+        claims: AuthActionTokenClaims;
+    }>;
+    issueEmailVerification(subject: string, email: string, metadata?: Record<string, unknown>): Promise<{
+        token: string;
+        claims: AuthActionTokenClaims;
+    }>;
+    verify(token: string, verification?: AuthActionTokenVerificationOptions): Promise<AuthActionTokenClaims | null>;
+    consume(token: string, verification?: AuthActionTokenVerificationOptions): Promise<AuthActionTokenClaims | null>;
+};
+export {};

package/dist-pkg/auth/action-tokens.js

@@ -0,0 +1,79 @@
+import { decodeBase64Url, encodeBase64Url, signValue, verifySignedValue } from "./signing.js";
+export function createMemoryAuthActionTokenStore() {
+  const consumed = new Map;
+  function prune(now) {
+    for (const [id, expiresAt] of consumed)
+      if (expiresAt <= now)
+        consumed.delete(id);
+  }
+  return {
+    consume(id, expiresAt) {
+      const now = Date.now();
+      prune(now);
+      if (consumed.has(id))
+        return !1;
+      consumed.set(id, expiresAt);
+      return !0;
+    }
+  };
+}
+const defaultReplayStore = createMemoryAuthActionTokenStore();
+export function createAuthActionTokenManager(options) {
+  const store = options.store ?? defaultReplayStore;
+  async function issueToken(input) {
+    const issuedAt = Date.now(), claims = {
+      id: crypto.randomUUID(),
+      purpose: input.purpose,
+      subject: input.subject,
+      email: input.email,
+      metadata: input.metadata,
+      issuedAt,
+      expiresAt: issuedAt + (input.maxAgeSeconds ?? 900) * 1000
+    }, payload = encodeBase64Url(JSON.stringify(claims));
+    return {
+      token: await signValue(payload, options.secret),
+      claims
+    };
+  }
+  async function verifyToken(token, verification = {}) {
+    const payload = await verifySignedValue(token, options.secret);
+    if (!payload)
+      return null;
+    try {
+      const claims = JSON.parse(decodeBase64Url(payload));
+      if (verification.expectedPurpose && claims.purpose !== verification.expectedPurpose)
+        return null;
+      if (claims.expiresAt <= Date.now())
+        return null;
+      return claims;
+    } catch {
+      return null;
+    }
+  }
+  async function consumeToken(token, verification = {}) {
+    const claims = await verifyToken(token, verification);
+    if (!claims)
+      return null;
+    return await store.consume(claims.id, claims.expiresAt) ? claims : null;
+  }
+  return {
+    issue(input) {
+      return issueToken(input);
+    },
+    issueMagicLink(subject, email, metadata) {
+      return issueToken({ purpose: "magic-link", subject, email, metadata, maxAgeSeconds: 900 });
+    },
+    issuePasswordReset(subject, email, metadata) {
+      return issueToken({ purpose: "password-reset", subject, email, metadata, maxAgeSeconds: 3600 });
+    },
+    issueEmailVerification(subject, email, metadata) {
+      return issueToken({ purpose: "email-verification", subject, email, metadata, maxAgeSeconds: 86400 });
+    },
+    verify(token, verification) {
+      return verifyToken(token, verification);
+    },
+    consume(token, verification) {
+      return consumeToken(token, verification);
+    }
+  };
+}

package/dist-pkg/auth/index.d.ts

@@ -0,0 +1,70 @@
+import type { Context, MiddlewareFn } from "../server/middleware.js";
+export { createNamespacedSessionStore } from "./store-utils.js";
+export { createRedisSessionStore } from "./redis-session-store.js";
+export { createSQLiteSessionStore } from "./sqlite-session-store.js";
+export { createAuthActionTokenManager, createMemoryAuthActionTokenStore, type AuthActionTokenClaims, type AuthActionTokenPurpose, type AuthActionTokenReplayStore, } from "./action-tokens.js";
+export interface AuthConfig {
+    secret: string;
+    cookieName?: string;
+    maxAge?: number;
+    loginPath?: string;
+    store?: SessionStore;
+    events?: AuthEventHandler;
+    permissionResolver?: PermissionResolver;
+}
+export interface Session {
+    id: string;
+    userId: string;
+    data: Record<string, unknown>;
+    expiresAt: number;
+}
+type Awaitable<T> = T | Promise<T>;
+export interface SessionStore {
+    get(id: string): Awaitable<Session | undefined>;
+    set(id: string, session: Session): Awaitable<void>;
+    delete(id: string): Awaitable<void>;
+    entries(): Awaitable<Iterable<[string, Session]> | AsyncIterable<[string, Session]>>;
+}
+export type AuthEvent = {
+    type: "login";
+    sessionId: string;
+    userId: string;
+    expiresAt: number;
+} | {
+    type: "logout";
+    sessionId: string;
+    userId: string;
+} | {
+    type: "rotate";
+    previousSessionId: string;
+    sessionId: string;
+    userId: string;
+    expiresAt: number;
+} | {
+    type: "invalid-cookie";
+    cookieName: string;
+} | {
+    type: "expired-session";
+    sessionId: string;
+    userId: string;
+};
+export type AuthEventHandler = (event: AuthEvent) => Awaitable<void>;
+export type PermissionResolver = (session: Session, permission: string) => Awaitable<boolean>;
+export declare function createMemorySessionStore(): SessionStore;
+export declare function sessionHasRole(session: Session | null, role: string): boolean;
+export declare function sessionHasPermission(session: Session | null, permission: string, resolver?: PermissionResolver): Promise<boolean>;
+export declare function createAuth(config: AuthConfig): {
+    middleware: MiddlewareFn;
+    requireAuth: MiddlewareFn;
+    requireRole: (role: string) => MiddlewareFn;
+    requirePermission: (permission: string) => MiddlewareFn;
+    protect: (...middlewares: MiddlewareFn[]) => MiddlewareFn;
+    protectRole: (role: string, ...middlewares: MiddlewareFn[]) => MiddlewareFn;
+    protectPermission: (permission: string, ...middlewares: MiddlewareFn[]) => MiddlewareFn;
+    login: (ctx: Context, userId: string, data?: Record<string, unknown>) => Promise<void>;
+    rotateSession: (ctx: Context, data?: Record<string, unknown>) => Promise<void>;
+    logout: (ctx: Context) => Promise<void>;
+    getSession: (ctx: Context) => Session | null;
+    hasRole: (ctx: Context, role: string) => boolean;
+    hasPermission: (ctx: Context, permission: string) => Promise<boolean>;
+};