hazo_auth 5.1.3 → 5.1.6

package/README.md

@@ -2,6 +2,18 @@
 
 A reusable authentication UI component package powered by Next.js, TailwindCSS, and shadcn. It integrates `hazo_config` for configuration management and `hazo_connect` for data access, enabling future components to stay aligned with platform conventions.
 
+### What's New in v5.1.5 🐛
+
+**CRITICAL BUGFIX**: Fixed incomplete migration from v4.x to v5.x - several files were still referencing the deprecated `hazo_user_roles` table instead of `hazo_user_scopes`. This release completes the scope-based role assignment architecture introduced in v5.0.
+
+**Key Fixes:**
+- ✅ **hazo_get_auth** - Now correctly fetches roles from `hazo_user_scopes`
+- ✅ **Role IDs** - Changed from `number[]` to `string[]` (UUIDs) throughout codebase
+- ✅ **User Management** - Updated for scope-based role assignments
+- ✅ **Cache System** - Fixed type inconsistencies with UUID role IDs
+
+If you're on v5.x and experiencing permission/role issues, upgrade to v5.1.5 immediately.
+
 ### What's New in v5.0 🚀
 
 **BREAKING CHANGE: Scope-Based Multi-Tenancy** - Complete architectural redesign for simpler, more flexible multi-tenancy!

package/cli-src/cli/init_users.ts

@@ -22,10 +22,7 @@ type InitSummary = {
     inserted: number;
     existing: number;
   };
-  user_role: {
-    inserted: boolean;
-    existing: boolean;
-  };
+  // v5.x: Removed user_role - roles are now assigned via hazo_user_scopes
   super_admin_scope: {
     inserted: boolean;
     existing: boolean;
@@ -78,15 +75,7 @@ function print_summary(summary: InitSummary): void {
   }
   console.log();
 
-  // User role summary
-  console.log("User-Role Assignment:");
-  if (summary.user_role.inserted) {
-    console.log(`  ✓ Inserted: Super user role assigned to user`);
-  }
-  if (summary.user_role.existing) {
-    console.log(`  ⊙ Already existed: User already has super user role`);
-  }
-  console.log();
+  // v5.x: User-Role assignments are now handled via User-Scope assignments (see below)
 
   // Super admin scope summary
   console.log("Super Admin Scope:");
@@ -141,10 +130,7 @@ export async function handle_init_users(options: InitUsersOptions = {}): Promise
       inserted: 0,
       existing: 0,
     },
-    user_role: {
-      inserted: false,
-      existing: false,
-    },
+    // v5.x: Removed user_role - roles are now assigned via hazo_user_scopes
     super_admin_scope: {
       inserted: false,
       existing: false,
@@ -165,7 +151,7 @@ export async function handle_init_users(options: InitUsersOptions = {}): Promise
     const roles_service = createCrudService(hazoConnect, "hazo_roles");
     const role_permissions_service = createCrudService(hazoConnect, "hazo_role_permissions");
     const users_service = createCrudService(hazoConnect, "hazo_users");
-    const user_roles_service = createCrudService(hazoConnect, "hazo_user_roles");
+    // v5.x: Removed hazo_user_roles - roles are now assigned via hazo_user_scopes
     const scopes_service = createCrudService(hazoConnect, "hazo_scopes");
     // hazo_user_scopes uses composite primary key (user_id, scope_id), no 'id' column
     const user_scopes_service = createCrudService(hazoConnect, "hazo_user_scopes", {
@@ -328,27 +314,7 @@ export async function handle_init_users(options: InitUsersOptions = {}): Promise
     console.log(`✓ Found user: ${super_user_email} (ID: ${user_id})`);
     console.log();
 
-    // 7. Assign role to user
-    const existing_user_roles = await user_roles_service.findBy({
-      user_id,
-      role_id,
-    });
-
-    if (Array.isArray(existing_user_roles) && existing_user_roles.length > 0) {
-      summary.user_role.existing = true;
-      console.log(`✓ User already has role assigned: ${user_id} -> ${role_name}`);
-    } else {
-      await user_roles_service.insert({
-        user_id,
-        role_id,
-        created_at: now,
-        changed_at: now,
-      });
-      summary.user_role.inserted = true;
-      console.log(`✓ Assigned role to user: ${user_id} -> ${role_name}`);
-    }
-
-    console.log();
+    // v5.x: Step 7 removed - role assignment now happens via hazo_user_scopes (see step 9)
 
     // 8. Ensure super admin scope exists
     const existing_scopes = await scopes_service.findBy({ id: SUPER_ADMIN_SCOPE_ID });
@@ -440,9 +406,9 @@ This command reads from hazo_auth_config.ini and:
   2. Creates a 'default_super_user_role' role
   3. Assigns all permissions to the super user role
   4. Finds user by email (from --email parameter or config)
-  5. Assigns the super user role to that user
-  6. Creates the Super Admin scope (${SUPER_ADMIN_SCOPE_ID})
-  7. Assigns the user to the Super Admin scope
+  5. Creates the Super Admin scope (${SUPER_ADMIN_SCOPE_ID})
+  6. Assigns the user to the Super Admin scope with the super user role
+     (v5.x: Roles are assigned per-scope via hazo_user_scopes table)
 
 Options:
   --email=<email>    Email address of the user to assign super user role

package/cli-src/lib/auth/auth_cache.ts

@@ -6,11 +6,12 @@ import type { HazoAuthUser } from "./auth_types";
 
 /**
  * Cache entry structure
+ * v5.x: role_ids are now string UUIDs (from hazo_user_scopes)
  */
 type CacheEntry = {
   user: HazoAuthUser;
   permissions: string[];
-  role_ids: number[];
+  role_ids: string[];
   timestamp: number; // Unix timestamp in milliseconds
   cache_version: number; // Version number for smart invalidation
 };
@@ -24,7 +25,7 @@ class AuthCache {
   private max_size: number;
   private ttl_ms: number;
   private max_age_ms: number;
-  private role_version_map: Map<number, number>; // Track version per role for smart invalidation
+  private role_version_map: Map<string, number>; // Track version per role for smart invalidation (v5.x: string UUIDs)
 
   constructor(
     max_size: number,
@@ -81,13 +82,13 @@ class AuthCache {
    * @param user_id - User ID
    * @param user - User data
    * @param permissions - User permissions
-   * @param role_ids - User role IDs
+   * @param role_ids - User role IDs (v5.x: string UUIDs)
    */
   set(
     user_id: string,
     user: HazoAuthUser,
     permissions: string[],
-    role_ids: number[],
+    role_ids: string[],
   ): void {
     // Evict LRU entries if cache is full
     while (this.cache.size >= this.max_size) {
@@ -124,9 +125,9 @@ class AuthCache {
   /**
    * Invalidates cache for all users with specific roles
    * Uses cache version to determine if invalidation is needed
-   * @param role_ids - Array of role IDs to invalidate
+   * @param role_ids - Array of role IDs to invalidate (v5.x: string UUIDs)
    */
-  invalidate_by_roles(role_ids: number[]): void {
+  invalidate_by_roles(role_ids: string[]): void {
     // Increment version for affected roles
     for (const role_id of role_ids) {
       const current_version = this.role_version_map.get(role_id) || 0;
@@ -157,10 +158,10 @@ class AuthCache {
   /**
    * Gets the maximum cache version for a set of roles
    * Used to determine if cache entry is stale
-   * @param role_ids - Array of role IDs
+   * @param role_ids - Array of role IDs (v5.x: string UUIDs)
    * @returns Maximum version number
    */
-  private get_max_role_version(role_ids: number[]): number {
+  private get_max_role_version(role_ids: string[]): number {
     if (role_ids.length === 0) {
       return 0;
     }

package/cli-src/lib/auth/auth_types.ts

@@ -8,7 +8,7 @@ export type HazoAuthUser = {
   id: string;
   name: string | null;
   email_address: string;
-  is_active: boolean; // Derived from status column: status === 'active'
+  is_active: boolean; // Derived from status column: status === 'ACTIVE'
   profile_picture_url: string | null;
   // App-specific user data (JSON object stored as TEXT in database)
   app_user_data: Record<string, unknown> | null;

package/cli-src/lib/auth/auth_utils.server.ts

@@ -69,8 +69,8 @@ export async function get_authenticated_user(request: NextRequest): Promise<Auth
 
     const user = users[0];
 
-    // Check if user is active (status must be 'active')
-    if (user.status !== "active") {
+    // Check if user is active (status must be 'ACTIVE')
+    if (user.status !== "ACTIVE") {
       return { authenticated: false };
     }
 
@@ -84,7 +84,7 @@ export async function get_authenticated_user(request: NextRequest): Promise<Auth
       email: user.email_address as string,
       name: (user.name as string | null | undefined) || undefined,
       email_verified: user.email_verified === true,
-      is_active: user.status === "active", // Derived from status column
+      is_active: user.status === "ACTIVE", // Derived from status column
       last_logon: (user.last_logon as string | null | undefined) || undefined,
       profile_picture_url: (user.profile_picture_url as string | null | undefined) || undefined,
       profile_source: profile_source_ui,
@@ -159,8 +159,8 @@ export async function get_authenticated_user_with_response(request: NextRequest)
 
     const user = users[0];
 
-    // Check if user is still active (status must be 'active')
-    if (user.status !== "active") {
+    // Check if user is still active (status must be 'ACTIVE')
+    if (user.status !== "ACTIVE") {
       // User is inactive - clear cookies
       const response = NextResponse.json(
         { authenticated: false },
@@ -181,7 +181,7 @@ export async function get_authenticated_user_with_response(request: NextRequest)
         email: user.email_address as string,
         name: (user.name as string | null | undefined) || undefined,
         email_verified: user.email_verified === true,
-        is_active: user.status === "active", // Derived from status column
+        is_active: user.status === "ACTIVE", // Derived from status column
         last_logon: (user.last_logon as string | null | undefined) || undefined,
         profile_picture_url: (user.profile_picture_url as string | null | undefined) || undefined,
         profile_source: profile_source_ui,

package/cli-src/lib/auth/hazo_get_auth.server.ts

@@ -77,14 +77,29 @@ function get_client_ip(request: NextRequest): string {
  * @param user_id - User ID
  * @returns Object with user, permissions, and role_ids
  */
+/**
+ * CRUD service options for hazo_user_scopes table
+ * This table uses a composite primary key (user_id, scope_id) and no 'id' column
+ */
+const USER_SCOPES_CRUD_OPTIONS = {
+  primaryKeys: ["user_id", "scope_id"],
+  autoId: false as const,
+};
+
 async function fetch_user_data_from_db(user_id: string): Promise<{
   user: HazoAuthUser;
   permissions: string[];
-  role_ids: number[];
+  role_ids: string[];
 }> {
   const hazoConnect = get_hazo_connect_instance();
   const users_service = createCrudService(hazoConnect, "hazo_users");
-  const user_roles_service = createCrudService(hazoConnect, "hazo_user_roles");
+  // v5.x: Use hazo_user_scopes instead of hazo_user_roles
+  // Roles are now assigned per-scope via hazo_user_scopes.role_id
+  const user_scopes_service = createCrudService(
+    hazoConnect,
+    "hazo_user_scopes",
+    USER_SCOPES_CRUD_OPTIONS,
+  );
   const role_permissions_service = createCrudService(
     hazoConnect,
     "hazo_role_permissions",
@@ -102,8 +117,8 @@ async function fetch_user_data_from_db(user_id: string): Promise<{
 
   const user_db = users[0];
 
-  // Check if user is active (status must be 'active')
-  if (user_db.status !== "active") {
+  // Check if user is active (status must be 'ACTIVE')
+  if (user_db.status !== "ACTIVE") {
     throw new Error("User is inactive");
   }
 
@@ -112,40 +127,42 @@ async function fetch_user_data_from_db(user_id: string): Promise<{
     id: user_db.id as string,
     name: (user_db.name as string | null) || null,
     email_address: user_db.email_address as string,
-    is_active: user_db.status === "active", // Derived from status column
+    is_active: user_db.status === "ACTIVE", // Derived from status column
     profile_picture_url:
       (user_db.profile_picture_url as string | null) || null,
     app_user_data: parse_app_user_data(user_db.app_user_data),
   };
 
-  // Fetch user roles
-  const user_roles = await user_roles_service.findBy({ user_id });
-  const role_ids: number[] = [];
-  if (Array.isArray(user_roles)) {
-    for (const ur of user_roles) {
-      const role_id = ur.role_id as number | undefined;
-      if (role_id !== undefined) {
-        role_ids.push(role_id);
+  // v5.x: Fetch user's roles from hazo_user_scopes (scope-based role assignments)
+  // Each scope assignment has a role_id (string UUID)
+  const user_scopes = await user_scopes_service.findBy({ user_id });
+  const role_ids_set = new Set<string>();
+  if (Array.isArray(user_scopes)) {
+    for (const us of user_scopes) {
+      const role_id = us.role_id as string | undefined;
+      if (role_id) {
+        role_ids_set.add(role_id);
       }
     }
   }
+  const role_ids = Array.from(role_ids_set);
 
   // Fetch role permissions
   const permissions_set = new Set<string>();
   if (role_ids.length > 0) {
     const role_permissions = await role_permissions_service.findBy({});
     if (Array.isArray(role_permissions)) {
-      // Filter role_permissions for user's roles
+      // Filter role_permissions for user's roles (role_id is string UUID in v5.x)
       const user_role_permissions = role_permissions.filter((rp) =>
-        role_ids.includes(rp.role_id as number),
+        role_ids.includes(rp.role_id as string),
       );
 
-      // Get permission IDs
-      const permission_ids = new Set<number>();
+      // Get permission IDs (can be string or number depending on database)
+      const permission_ids = new Set<string>();
       for (const rp of user_role_permissions) {
-        const perm_id = rp.permission_id as number | undefined;
+        const perm_id = rp.permission_id as string | number | undefined;
         if (perm_id !== undefined) {
-          permission_ids.add(perm_id);
+          permission_ids.add(String(perm_id));
         }
       }
 
@@ -154,8 +171,8 @@ async function fetch_user_data_from_db(user_id: string): Promise<{
         const permissions = await permissions_service.findBy({});
         if (Array.isArray(permissions)) {
           for (const perm of permissions) {
-            const perm_id = perm.id as number | undefined;
-            if (perm_id !== undefined && permission_ids.has(perm_id)) {
+            const perm_id = perm.id as string | number | undefined;
+            if (perm_id !== undefined && permission_ids.has(String(perm_id))) {
               const perm_name = perm.permission_name as string | undefined;
               if (perm_name) {
                 permissions_set.add(perm_name);
@@ -398,7 +415,7 @@ export async function hazo_get_auth(
   let cached_entry = cache.get(user_id);
   let user: HazoAuthUser;
   let permissions: string[];
-  let role_ids: number[];
+  let role_ids: string[]; // v5.x: role_ids are now string UUIDs
 
   if (cached_entry) {
     // Cache hit

package/cli-src/lib/auth/index.ts

@@ -1,6 +1,6 @@
 // file_description: barrel export for auth utilities
 // section: type_exports
-export * from "./auth_types";
+export * from "./auth_types.js";
 
 // section: server_exports
 export { hazo_get_auth } from "./hazo_get_auth.server.js";

package/cli-src/lib/auth/server_auth.ts

@@ -53,8 +53,8 @@ export async function get_server_auth_user(): Promise<ServerAuthResult> {
 
     const user = users[0];
 
-    // Check if user is active (status must be 'active')
-    if (user.status !== "active") {
+    // Check if user is active (status must be 'ACTIVE')
+    if (user.status !== "ACTIVE") {
       return { authenticated: false };
     }
 
@@ -68,7 +68,7 @@ export async function get_server_auth_user(): Promise<ServerAuthResult> {
       email: user.email_address as string,
       name: (user.name as string | null | undefined) || undefined,
       email_verified: user.email_verified === true,
-      is_active: user.status === "active", // Derived from status column
+      is_active: user.status === "ACTIVE", // Derived from status column
       last_logon: (user.last_logon as string | null | undefined) || undefined,
       profile_picture_url: (user.profile_picture_url as string | null | undefined) || undefined,
       profile_source: profile_source_ui,

package/cli-src/lib/index.ts

@@ -1,9 +1,9 @@
 // file_description: barrel export for lib utilities
 // section: auth_exports
-export * from "./auth/index";
+export * from "./auth/index.js";
 
 // section: service_exports
-export * from "./services/index";
+export * from "./services/index.js";
 
 // section: utility_exports
 export { cn, merge_class_names } from "./utils.js";
@@ -44,5 +44,5 @@ export type { FirmBrandingConfig } from "./branding_config.server";
 // section: util_exports
 export { sanitize_error_for_user } from "./utils/error_sanitizer.js";
 export type { ErrorSanitizationOptions } from "./utils/error_sanitizer";
-export * from "./utils/api_route_helpers";
+export * from "./utils/api_route_helpers.js";
 

package/cli-src/lib/services/index.ts

@@ -1,24 +1,24 @@
 // file_description: barrel export for all services
 // section: service_exports
-export * from "./email_service";
-export * from "./email_verification_service";
-export * from "./login_service";
-export * from "./password_change_service";
-export * from "./password_reset_service";
-export * from "./profile_picture_remove_service";
-export * from "./profile_picture_service";
-export * from "./profile_picture_source_mapper";
-export * from "./registration_service";
-export * from "./token_service";
-export * from "./user_profiles_service";
-export * from "./user_update_service";
-export * from "./app_user_data_service";
-export * from "./invitation_service";
-export * from "./firm_service";
-export * from "./post_verification_service";
-export * from "./scope_service";
-export * from "./user_scope_service";
-export * from "./oauth_service";
-export * from "./branding_service";
+export * from "./email_service.js";
+export * from "./email_verification_service.js";
+export * from "./login_service.js";
+export * from "./password_change_service.js";
+export * from "./password_reset_service.js";
+export * from "./profile_picture_remove_service.js";
+export * from "./profile_picture_service.js";
+export * from "./profile_picture_source_mapper.js";
+export * from "./registration_service.js";
+export * from "./token_service.js";
+export * from "./user_profiles_service.js";
+export * from "./user_update_service.js";
+export * from "./app_user_data_service.js";
+export * from "./invitation_service.js";
+export * from "./firm_service.js";
+export * from "./post_verification_service.js";
+export * from "./scope_service.js";
+export * from "./user_scope_service.js";
+export * from "./oauth_service.js";
+export * from "./branding_service.js";
 
 

package/cli-src/lib/services/login_service.ts

@@ -53,8 +53,8 @@ export async function authenticate_user(
 
     const user = users[0];
 
-    // Check if user is active (status must be 'active')
-    if (user.status !== "active") {
+    // Check if user is active (status must be 'ACTIVE')
+    if (user.status !== "ACTIVE") {
       return {
         success: false,
         error: "Account is inactive. Please contact support.",

package/cli-src/lib/services/oauth_service.ts

@@ -179,7 +179,7 @@ export async function handle_google_oauth_login(
       email_address: email,
       password_hash: "", // Empty string for Google-only users
       email_verified: email_verified, // Trust Google's verification
-      status: "active",
+      status: "ACTIVE",
       login_attempts: 0,
       google_id,
       auth_providers: "google",

package/cli-src/lib/services/registration_service.ts

@@ -73,7 +73,7 @@ export async function register_user(
       email_address: email,
       password_hash: password_hash,
       email_verified: false,
-      status: "active",
+      status: "ACTIVE",
       login_attempts: 0,
       auth_providers: "email", // Track that this user registered with email/password
       created_at: now,

package/dist/cli/init_users.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"init_users.d.ts","sourceRoot":"","sources":["../../src/cli/init_users.ts"],"names":[],"mappings":"AAkHA,MAAM,MAAM,gBAAgB,GAAG;IAC7B,6EAA6E;IAC7E,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CAAC,OAAO,GAAE,gBAAqB,GAAG,OAAO,CAAC,IAAI,CAAC,CA0SrF;AAGD;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,IAAI,CAkC3C"}
+{"version":3,"file":"init_users.d.ts","sourceRoot":"","sources":["../../src/cli/init_users.ts"],"names":[],"mappings":"AAuGA,MAAM,MAAM,gBAAgB,GAAG;IAC7B,6EAA6E;IAC7E,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CAAC,OAAO,GAAE,gBAAqB,GAAG,OAAO,CAAC,IAAI,CAAC,CAmRrF;AAGD;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,IAAI,CAkC3C"}

package/dist/cli/init_users.js

@@ -44,15 +44,7 @@ function print_summary(summary) {
         console.log(`  ⊙ Already existed: ${summary.role_permissions.existing} assignment(s)`);
     }
     console.log();
-    // User role summary
-    console.log("User-Role Assignment:");
-    if (summary.user_role.inserted) {
-        console.log(`  ✓ Inserted: Super user role assigned to user`);
-    }
-    if (summary.user_role.existing) {
-        console.log(`  ⊙ Already existed: User already has super user role`);
-    }
-    console.log();
+    // v5.x: User-Role assignments are now handled via User-Scope assignments (see below)
     // Super admin scope summary
     console.log("Super Admin Scope:");
     if (summary.super_admin_scope.inserted) {
@@ -98,10 +90,7 @@ export async function handle_init_users(options = {}) {
             inserted: 0,
             existing: 0,
         },
-        user_role: {
-            inserted: false,
-            existing: false,
-        },
+        // v5.x: Removed user_role - roles are now assigned via hazo_user_scopes
         super_admin_scope: {
             inserted: false,
             existing: false,
@@ -120,7 +109,7 @@ export async function handle_init_users(options = {}) {
         const roles_service = createCrudService(hazoConnect, "hazo_roles");
         const role_permissions_service = createCrudService(hazoConnect, "hazo_role_permissions");
         const users_service = createCrudService(hazoConnect, "hazo_users");
-        const user_roles_service = createCrudService(hazoConnect, "hazo_user_roles");
+        // v5.x: Removed hazo_user_roles - roles are now assigned via hazo_user_scopes
         const scopes_service = createCrudService(hazoConnect, "hazo_scopes");
         // hazo_user_scopes uses composite primary key (user_id, scope_id), no 'id' column
         const user_scopes_service = createCrudService(hazoConnect, "hazo_user_scopes", {
@@ -255,26 +244,7 @@ export async function handle_init_users(options = {}) {
         const user_id = user.id;
         console.log(`✓ Found user: ${super_user_email} (ID: ${user_id})`);
         console.log();
-        // 7. Assign role to user
-        const existing_user_roles = await user_roles_service.findBy({
-            user_id,
-            role_id,
-        });
-        if (Array.isArray(existing_user_roles) && existing_user_roles.length > 0) {
-            summary.user_role.existing = true;
-            console.log(`✓ User already has role assigned: ${user_id} -> ${role_name}`);
-        }
-        else {
-            await user_roles_service.insert({
-                user_id,
-                role_id,
-                created_at: now,
-                changed_at: now,
-            });
-            summary.user_role.inserted = true;
-            console.log(`✓ Assigned role to user: ${user_id} -> ${role_name}`);
-        }
-        console.log();
+        // v5.x: Step 7 removed - role assignment now happens via hazo_user_scopes (see step 9)
         // 8. Ensure super admin scope exists
         const existing_scopes = await scopes_service.findBy({ id: SUPER_ADMIN_SCOPE_ID });
         if (Array.isArray(existing_scopes) && existing_scopes.length > 0) {
@@ -357,9 +327,9 @@ This command reads from hazo_auth_config.ini and:
   2. Creates a 'default_super_user_role' role
   3. Assigns all permissions to the super user role
   4. Finds user by email (from --email parameter or config)
-  5. Assigns the super user role to that user
-  6. Creates the Super Admin scope (${SUPER_ADMIN_SCOPE_ID})
-  7. Assigns the user to the Super Admin scope
+  5. Creates the Super Admin scope (${SUPER_ADMIN_SCOPE_ID})
+  6. Assigns the user to the Super Admin scope with the super user role
+     (v5.x: Roles are assigned per-scope via hazo_user_scopes table)
 
 Options:
   --email=<email>    Email address of the user to assign super user role

package/dist/client.d.ts

@@ -1,10 +1,10 @@
-export * from "./components/index";
-export { cn, merge_class_names } from "./lib/utils";
-export * from "./lib/auth/auth_types";
-export { use_auth_status, trigger_auth_status_refresh } from "./components/layouts/shared/hooks/use_auth_status";
-export { use_hazo_auth, trigger_hazo_auth_refresh } from "./components/layouts/shared/hooks/use_hazo_auth";
+export * from "./components/index.js";
+export { cn, merge_class_names } from "./lib/utils.js";
+export * from "./lib/auth/auth_types.js";
+export { use_auth_status, trigger_auth_status_refresh } from "./components/layouts/shared/hooks/use_auth_status.js";
+export { use_hazo_auth, trigger_hazo_auth_refresh } from "./components/layouts/shared/hooks/use_hazo_auth.js";
 export type { UseHazoAuthOptions, UseHazoAuthResult } from "./components/layouts/shared/hooks/use_hazo_auth";
-export { use_firm_branding, use_current_user_branding } from "./components/layouts/shared/hooks/use_firm_branding";
+export { use_firm_branding, use_current_user_branding } from "./components/layouts/shared/hooks/use_firm_branding.js";
 export type { FirmBranding, UseFirmBrandingOptions, UseFirmBrandingResult } from "./components/layouts/shared/hooks/use_firm_branding";
-export * from "./components/layouts/shared/utils/validation";
+export * from "./components/layouts/shared/utils/validation.js";
 //# sourceMappingURL=client.d.ts.map

package/dist/client.js

@@ -9,18 +9,18 @@
 // import { hazo_get_auth, get_config_value } from "hazo_auth";
 // section: component_exports
 // All UI and layout components are client-safe
-export * from "./components/index";
+export * from "./components/index.js";
 // section: utility_exports
 // CSS utility functions
-export { cn, merge_class_names } from "./lib/utils";
+export { cn, merge_class_names } from "./lib/utils.js";
 // section: type_exports
 // Type definitions are always safe (erased at runtime)
-export * from "./lib/auth/auth_types";
+export * from "./lib/auth/auth_types.js";
 // section: client_hook_exports
 // Re-export from shared hooks (these are already "use client" components)
-export { use_auth_status, trigger_auth_status_refresh } from "./components/layouts/shared/hooks/use_auth_status";
-export { use_hazo_auth, trigger_hazo_auth_refresh } from "./components/layouts/shared/hooks/use_hazo_auth";
-export { use_firm_branding, use_current_user_branding } from "./components/layouts/shared/hooks/use_firm_branding";
+export { use_auth_status, trigger_auth_status_refresh } from "./components/layouts/shared/hooks/use_auth_status.js";
+export { use_hazo_auth, trigger_hazo_auth_refresh } from "./components/layouts/shared/hooks/use_hazo_auth.js";
+export { use_firm_branding, use_current_user_branding } from "./components/layouts/shared/hooks/use_firm_branding.js";
 // section: validation_exports
 // Client-side validation utilities
-export * from "./components/layouts/shared/utils/validation";
+export * from "./components/layouts/shared/utils/validation.js";

package/dist/components/index.d.ts

@@ -1,3 +1,3 @@
-export * from "./ui/index";
-export * from "./layouts/index";
+export * from "./ui/index.js";
+export * from "./layouts/index.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/components/index.js

@@ -1,5 +1,5 @@
 // file_description: barrel export for all components (UI and layouts)
 // section: ui_exports
-export * from "./ui/index";
+export * from "./ui/index.js";
 // section: layout_exports
-export * from "./layouts/index";
+export * from "./layouts/index.js";

package/dist/components/layouts/create_firm/index.d.ts

@@ -1,5 +1,5 @@
 import type { StaticImageData } from "next/image";
-import { type ButtonPaletteOverrides } from "../shared/config/layout_customization";
+import { type ButtonPaletteOverrides } from "../shared/config/layout_customization.js";
 export type CreateFirmLayoutProps = {
     /** Image source for the left panel */
     image_src: string | StaticImageData;