hazo_auth 5.1.40 → 5.3.0

package/dist/components/layouts/shared/components/profile_pic_menu.js

@@ -34,8 +34,11 @@ export function ProfilePicMenu({ show_single_button = false, sign_up_label = "Si
     const [isLoggingOut, setIsLoggingOut] = useState(false);
     const [shiftKeyHeld, setShiftKeyHeld] = useState(false);
     const [showPermissionsDialog, setShowPermissionsDialog] = useState(false);
-    // Use provided logout_path or default to context-based path
-    const effectiveLogoutPath = logout_path || `${apiBasePath}/logout`;
+    // The logout API endpoint is always derived from apiBasePath. `logout_path`
+    // is a navigation destination for AFTER the logout completes (not the API
+    // URL — earlier versions conflated these and broke when consumers passed
+    // a non-API path like "/").
+    const logoutApiPath = `${apiBasePath}/logout`;
     // Get initials from name or email
     const getInitials = () => {
         var _a, _b;
@@ -55,7 +58,7 @@ export function ProfilePicMenu({ show_single_button = false, sign_up_label = "Si
     const handleLogout = async () => {
         setIsLoggingOut(true);
         try {
-            const response = await fetch(effectiveLogoutPath, {
+            const response = await fetch(logoutApiPath, {
                 method: "POST",
                 headers: {
                     "Content-Type": "application/json",
@@ -68,8 +71,13 @@ export function ProfilePicMenu({ show_single_button = false, sign_up_label = "Si
             toast.success("Logged out successfully");
             // Trigger auth status refresh in all components
             trigger_auth_status_refresh();
-            // Refresh the page to update authentication state
-            router.refresh();
+            // Navigate to the configured post-logout destination, or refresh in place.
+            if (logout_path) {
+                router.push(logout_path);
+            }
+            else {
+                router.refresh();
+            }
         }
         catch (error) {
             const errorMessage = error instanceof Error ? error.message : "Logout failed. Please try again.";
@@ -116,11 +124,13 @@ export function ProfilePicMenu({ show_single_button = false, sign_up_label = "Si
                 order: 1,
                 id: "default_settings",
             });
-            // Logout (link, order: 2)
+            // Logout (link, order: 2). The href is a fallback for accessibility —
+            // `default_logout` items are click-intercepted by `handleLogout` which
+            // POSTs to the API path and then navigates per `logout_path`.
             items.push({
                 type: "link",
                 label: "Logout",
-                href: effectiveLogoutPath,
+                href: logoutApiPath,
                 order: 2,
                 id: "default_logout",
             });
@@ -141,7 +151,7 @@ export function ProfilePicMenu({ show_single_button = false, sign_up_label = "Si
             return a.order - b.order;
         });
         return items;
-    }, [authStatus.authenticated, authStatus.name, authStatus.email, settings_path, effectiveLogoutPath, custom_menu_items]);
+    }, [authStatus.authenticated, authStatus.name, authStatus.email, settings_path, logoutApiPath, custom_menu_items]);
     // Avatar size classes
     const avatarSizeClasses = {
         sm: "h-8 w-8",

package/dist/components/layouts/shared/index.d.ts

@@ -2,6 +2,8 @@ export { AlreadyLoggedInGuard } from "./components/already_logged_in_guard.js";
 export { AuthNavbar } from "./components/auth_navbar.js";
 export type { AuthNavbarProps } from "./components/auth_navbar";
 export { FieldErrorMessage } from "./components/field_error_message.js";
+export { FloatingHomeLink } from "./components/floating_home_link.js";
+export type { FloatingHomeLinkProps } from "./components/floating_home_link";
 export { FormActionButtons } from "./components/form_action_buttons.js";
 export { FormFieldWrapper } from "./components/form_field_wrapper.js";
 export { FormHeader } from "./components/form_header.js";

package/dist/components/layouts/shared/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/components/layouts/shared/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,oBAAoB,EAAE,MAAM,sCAAsC,CAAC;AAC5E,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AACtD,YAAY,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAEhE,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AACrE,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AACrE,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAE5D,OAAO,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC1D,YAAY,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,MAAM,4BAA4B,CAAC;AAE7F,OAAO,EAAE,uBAAuB,EAAE,MAAM,wCAAwC,CAAC;AACjF,OAAO,EAAE,mBAAmB,EAAE,MAAM,qCAAqC,CAAC;AAC1E,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAC;AACpE,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AACxE,YAAY,EAAE,uBAAuB,EAAE,MAAM,oCAAoC,CAAC;AAClF,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC1D,YAAY,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AAGpE,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,yBAAyB,EAAE,MAAM,uBAAuB,CAAC;AACjF,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAGnF,cAAc,+BAA+B,CAAC;AAG9C,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AACnE,YAAY,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAGlE,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,cAAc,oBAAoB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/components/layouts/shared/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,oBAAoB,EAAE,MAAM,sCAAsC,CAAC;AAC5E,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AACtD,YAAY,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAEhE,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AACrE,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,YAAY,EAAE,qBAAqB,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AACrE,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAE5D,OAAO,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC1D,YAAY,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,MAAM,4BAA4B,CAAC;AAE7F,OAAO,EAAE,uBAAuB,EAAE,MAAM,wCAAwC,CAAC;AACjF,OAAO,EAAE,mBAAmB,EAAE,MAAM,qCAAqC,CAAC;AAC1E,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAC;AACpE,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AACxE,YAAY,EAAE,uBAAuB,EAAE,MAAM,oCAAoC,CAAC;AAClF,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC1D,YAAY,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AAGpE,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,yBAAyB,EAAE,MAAM,uBAAuB,CAAC;AACjF,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAGnF,cAAc,+BAA+B,CAAC;AAG9C,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AACnE,YAAY,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAGlE,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,cAAc,oBAAoB,CAAC"}

package/dist/components/layouts/shared/index.js

@@ -4,6 +4,7 @@ export { AlreadyLoggedInGuard } from "./components/already_logged_in_guard.js";
 export { AuthNavbar } from "./components/auth_navbar.js";
 // AuthPageShell - NOT exported (test workspace component only)
 export { FieldErrorMessage } from "./components/field_error_message.js";
+export { FloatingHomeLink } from "./components/floating_home_link.js";
 export { FormActionButtons } from "./components/form_action_buttons.js";
 export { FormFieldWrapper } from "./components/form_field_wrapper.js";
 export { FormHeader } from "./components/form_header.js";

package/dist/lib/auth/ensure_anon_id.server.d.ts

@@ -0,0 +1,21 @@
+import "server-only";
+import { NextRequest } from "next/server";
+/**
+ * Returns a stable opaque anonymous visitor ID for the caller, reading an
+ * existing httpOnly cookie or issuing a fresh UUID v4 if absent.
+ *
+ * - Cookie name: `hazo_auth_anon_id` (prefixed via `[hazo_auth__cookies] cookie_prefix`)
+ * - Cookie attributes: httpOnly, sameSite=lax, path=/, secure in production,
+ *   maxAge = 2 years.
+ * - Idempotent per-request: calling twice with the same NextRequest returns
+ *   the same id and only queues one Set-Cookie.
+ *
+ * Independent from authenticated identity: an authenticated user can still
+ * have an anon id cookie. Whether to consult it for a logged-in caller is up
+ * to the caller (hazo_feedback, for example, doesn't bother).
+ *
+ * @param request - The incoming NextRequest.
+ * @returns The existing or freshly-issued anonymous visitor id (UUID v4 string).
+ */
+export declare function ensure_anon_id(request: NextRequest): Promise<string>;
+//# sourceMappingURL=ensure_anon_id.server.d.ts.map

package/dist/lib/auth/ensure_anon_id.server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ensure_anon_id.server.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/ensure_anon_id.server.ts"],"names":[],"mappings":"AAqBA,OAAO,aAAa,CAAC;AAGrB,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAgB1C;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAsB,cAAc,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,CA8B1E"}

package/dist/lib/auth/ensure_anon_id.server.js

@@ -0,0 +1,73 @@
+// file_description: server-only helper to issue/read a stable opaque anonymous visitor ID via httpOnly cookie
+//
+// Used by hazo_feedback (and any future caller) to group submissions from the
+// same anonymous visitor across page loads / weeks without requiring login.
+//
+// Signature choice (v5.2.0): async, request-only — Option A in the design doc.
+// - Reads the existing cookie from the incoming `request.cookies`.
+// - Writes a freshly-issued cookie via the async `cookies()` API from
+//   `next/headers`, which is the supported write surface in Server Components,
+//   Server Actions, and Route Handlers in Next.js 15+.
+// - Tradeoff: NOT valid in Edge middleware (where `next/headers` throws). If a
+//   middleware caller ever needs this, add a sibling `ensure_anon_id_edge`
+//   that takes (request, response) and writes via `response.cookies.set`.
+//
+// Idempotent per-request: a per-request WeakMap remembers which id was issued
+// for a given NextRequest instance, so calling `ensure_anon_id(request)` twice
+// in the same request returns the same id and queues only one Set-Cookie. This
+// matters because `request.cookies` reflects the *incoming* state and won't
+// see an id that the same request just issued.
+// section: server-only-guard
+import "server-only";
+import { cookies } from "next/headers";
+import { BASE_COOKIE_NAMES, get_cookie_name, get_cookie_options, } from "../cookies_config.server.js";
+// section: constants
+const TWO_YEARS_SECONDS = 60 * 60 * 24 * 365 * 2;
+// section: state
+// WeakMap keyed by NextRequest so entries are GC'd with the request.
+const issued_per_request = new WeakMap();
+// section: main_function
+/**
+ * Returns a stable opaque anonymous visitor ID for the caller, reading an
+ * existing httpOnly cookie or issuing a fresh UUID v4 if absent.
+ *
+ * - Cookie name: `hazo_auth_anon_id` (prefixed via `[hazo_auth__cookies] cookie_prefix`)
+ * - Cookie attributes: httpOnly, sameSite=lax, path=/, secure in production,
+ *   maxAge = 2 years.
+ * - Idempotent per-request: calling twice with the same NextRequest returns
+ *   the same id and only queues one Set-Cookie.
+ *
+ * Independent from authenticated identity: an authenticated user can still
+ * have an anon id cookie. Whether to consult it for a logged-in caller is up
+ * to the caller (hazo_feedback, for example, doesn't bother).
+ *
+ * @param request - The incoming NextRequest.
+ * @returns The existing or freshly-issued anonymous visitor id (UUID v4 string).
+ */
+export async function ensure_anon_id(request) {
+    var _a;
+    const cookie_name = get_cookie_name(BASE_COOKIE_NAMES.ANON_ID);
+    // Per-request idempotency: if we already issued for this NextRequest, reuse it.
+    const already_issued = issued_per_request.get(request);
+    if (already_issued) {
+        return already_issued;
+    }
+    // Read the existing cookie from the incoming request.
+    const existing = (_a = request.cookies.get(cookie_name)) === null || _a === void 0 ? void 0 : _a.value;
+    if (existing) {
+        return existing;
+    }
+    // Issue a new id and queue the Set-Cookie via the next/headers cookie store.
+    const new_id = crypto.randomUUID();
+    const cookie_options = get_cookie_options({
+        httpOnly: true,
+        secure: process.env.NODE_ENV === "production",
+        sameSite: "lax",
+        path: "/",
+        maxAge: TWO_YEARS_SECONDS,
+    });
+    const cookie_store = await cookies();
+    cookie_store.set(cookie_name, new_id, cookie_options);
+    issued_per_request.set(request, new_id);
+    return new_id;
+}

package/dist/lib/auth/index.d.ts

@@ -2,6 +2,7 @@ export * from "./auth_types.js";
 export { hazo_get_auth } from "./hazo_get_auth.server.js";
 export { get_authenticated_user, require_auth, is_authenticated, } from "./auth_utils.server.js";
 export type { AuthResult, AuthUser } from "./auth_utils.server";
+export { ensure_anon_id } from "./ensure_anon_id.server.js";
 export { hazo_get_tenant_auth, require_tenant_auth, extract_scope_id_from_request, } from "./hazo_get_tenant_auth.server.js";
 export type { ScopeDetails, TenantOrganization, TenantAuthOptions, TenantAuthResult, RequiredTenantAuthResult, } from "./auth_types";
 export { HazoAuthError, AuthenticationRequiredError, TenantRequiredError, TenantAccessDeniedError, } from "./auth_types.js";

package/dist/lib/auth/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/index.ts"],"names":[],"mappings":"AAEA,cAAc,cAAc,CAAC;AAG7B,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,EACL,sBAAsB,EACtB,YAAY,EACZ,gBAAgB,GACjB,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAGhE,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,6BAA6B,GAC9B,MAAM,+BAA+B,CAAC;AACvC,YAAY,EACV,YAAY,EACZ,kBAAkB,EAClB,iBAAiB,EACjB,gBAAgB,EAChB,wBAAwB,GACzB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,aAAa,EACb,2BAA2B,EAC3B,mBAAmB,EACnB,uBAAuB,GACxB,MAAM,cAAc,CAAC;AAGtB,OAAO,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AACrD,YAAY,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAGtD,OAAO,EACL,QAAQ,EACR,gBAAgB,EAChB,aAAa,EACb,iBAAiB,EACjB,gBAAgB,EAChB,iBAAiB,EACjB,qBAAqB,GACtB,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EACV,uBAAuB,EACvB,8BAA8B,EAC9B,eAAe,GAChB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGhE,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/index.ts"],"names":[],"mappings":"AAEA,cAAc,cAAc,CAAC;AAG7B,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,EACL,sBAAsB,EACtB,YAAY,EACZ,gBAAgB,GACjB,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAGhE,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAGzD,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,6BAA6B,GAC9B,MAAM,+BAA+B,CAAC;AACvC,YAAY,EACV,YAAY,EACZ,kBAAkB,EAClB,iBAAiB,EACjB,gBAAgB,EAChB,wBAAwB,GACzB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,aAAa,EACb,2BAA2B,EAC3B,mBAAmB,EACnB,uBAAuB,GACxB,MAAM,cAAc,CAAC;AAGtB,OAAO,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AACrD,YAAY,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAGtD,OAAO,EACL,QAAQ,EACR,gBAAgB,EAChB,aAAa,EACb,iBAAiB,EACjB,gBAAgB,EAChB,iBAAiB,EACjB,qBAAqB,GACtB,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EACV,uBAAuB,EACvB,8BAA8B,EAC9B,eAAe,GAChB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGhE,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC"}

package/dist/lib/auth/index.js

@@ -4,6 +4,8 @@ export * from "./auth_types.js";
 // section: server_exports
 export { hazo_get_auth } from "./hazo_get_auth.server.js";
 export { get_authenticated_user, require_auth, is_authenticated, } from "./auth_utils.server.js";
+// section: anon_id_exports (v5.2)
+export { ensure_anon_id } from "./ensure_anon_id.server.js";
 // section: tenant_auth_exports
 export { hazo_get_tenant_auth, require_tenant_auth, extract_scope_id_from_request, } from "./hazo_get_tenant_auth.server.js";
 export { HazoAuthError, AuthenticationRequiredError, TenantRequiredError, TenantAccessDeniedError, } from "./auth_types.js";

package/dist/lib/cookies_config.edge.d.ts

@@ -3,6 +3,7 @@ export declare const BASE_COOKIE_NAMES: {
     readonly USER_EMAIL: "hazo_auth_user_email";
     readonly SESSION: "hazo_auth_session";
     readonly DEV_LOCK: "hazo_auth_dev_lock";
+    readonly ANON_ID: "hazo_auth_anon_id";
 };
 /**
  * Gets the cookie prefix from environment variable

package/dist/lib/cookies_config.edge.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cookies_config.edge.d.ts","sourceRoot":"","sources":["../../src/lib/cookies_config.edge.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,iBAAiB;;;;;CAKpB,CAAC;AAGX;;;;;GAKG;AACH,wBAAgB,sBAAsB,IAAI,MAAM,CAc/C;AAED;;;;GAIG;AACH,wBAAgB,sBAAsB,IAAI,MAAM,CAE/C;AAED;;;;GAIG;AACH,wBAAgB,oBAAoB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAG9D;AAED;;;;GAIG;AACH,wBAAgB,uBAAuB,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC,GAAG,CAAC,GAAG;IAAE,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAQ9G"}
+{"version":3,"file":"cookies_config.edge.d.ts","sourceRoot":"","sources":["../../src/lib/cookies_config.edge.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,iBAAiB;;;;;;CAMpB,CAAC;AAGX;;;;;GAKG;AACH,wBAAgB,sBAAsB,IAAI,MAAM,CAc/C;AAED;;;;GAIG;AACH,wBAAgB,sBAAsB,IAAI,MAAM,CAE/C;AAED;;;;GAIG;AACH,wBAAgB,oBAAoB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAG9D;AAED;;;;GAIG;AACH,wBAAgB,uBAAuB,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC,GAAG,CAAC,GAAG;IAAE,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAQ9G"}

package/dist/lib/cookies_config.edge.js

@@ -7,6 +7,7 @@ export const BASE_COOKIE_NAMES = {
     USER_EMAIL: "hazo_auth_user_email",
     SESSION: "hazo_auth_session",
     DEV_LOCK: "hazo_auth_dev_lock",
+    ANON_ID: "hazo_auth_anon_id", // v5.2: Stable opaque per-visitor ID for anonymous flows (e.g. hazo_feedback). Kept in sync with the server constant.
 };
 // section: main_functions
 /**

package/dist/lib/cookies_config.server.d.ts

@@ -11,6 +11,7 @@ export declare const BASE_COOKIE_NAMES: {
     readonly SESSION: "hazo_auth_session";
     readonly DEV_LOCK: "hazo_auth_dev_lock";
     readonly SCOPE_ID: "hazo_auth_scope_id";
+    readonly ANON_ID: "hazo_auth_anon_id";
 };
 /**
  * Reads cookie configuration from hazo_auth_config.ini file

package/dist/lib/cookies_config.server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cookies_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/cookies_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAMrB,MAAM,MAAM,aAAa,GAAG;IAC1B,6FAA6F;IAC7F,aAAa,EAAE,MAAM,CAAC;IACtB,6EAA6E;IAC7E,aAAa,EAAE,MAAM,CAAC;CACvB,CAAC;AAYF,eAAO,MAAM,iBAAiB;;;;;;CAMpB,CAAC;AAGX;;;;GAIG;AACH,wBAAgB,kBAAkB,IAAI,aAAa,CAoBlD;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAGzD;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC,GAAG,CAAC,GAAG;IAAE,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAQzG;AAKD;;;GAGG;AACH,wBAAgB,yBAAyB,IAAI,aAAa,CAKzD;AAED;;GAEG;AACH,wBAAgB,0BAA0B,IAAI,IAAI,CAEjD"}
+{"version":3,"file":"cookies_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/cookies_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAMrB,MAAM,MAAM,aAAa,GAAG;IAC1B,6FAA6F;IAC7F,aAAa,EAAE,MAAM,CAAC;IACtB,6EAA6E;IAC7E,aAAa,EAAE,MAAM,CAAC;CACvB,CAAC;AAYF,eAAO,MAAM,iBAAiB;;;;;;;CAOpB,CAAC;AAGX;;;;GAIG;AACH,wBAAgB,kBAAkB,IAAI,aAAa,CAoBlD;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAGzD;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC,GAAG,CAAC,GAAG;IAAE,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAQzG;AAKD;;;GAGG;AACH,wBAAgB,yBAAyB,IAAI,aAAa,CAKzD;AAED;;GAEG;AACH,wBAAgB,0BAA0B,IAAI,IAAI,CAEjD"}

package/dist/lib/cookies_config.server.js

@@ -16,6 +16,7 @@ export const BASE_COOKIE_NAMES = {
     SESSION: "hazo_auth_session",
     DEV_LOCK: "hazo_auth_dev_lock",
     SCOPE_ID: "hazo_auth_scope_id", // v5.2: Tenant context cookie for multi-tenancy
+    ANON_ID: "hazo_auth_anon_id", // v5.2: Stable opaque per-visitor ID for anonymous flows (e.g. hazo_feedback)
 };
 // section: main_function
 /**

package/dist/lib/hazo_connect_setup.server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"hazo_connect_setup.server.d.ts","sourceRoot":"","sources":["../../src/lib/hazo_connect_setup.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AA8JrB;;;;GAIG;AACH,wBAAgB,iCAAiC,8CAuBhD;AAED;;;;GAIG;AACH,wBAAgB,+BAA+B,IAAI;IACjD,IAAI,CAAC,EAAE,QAAQ,GAAG,WAAW,CAAC;IAC9B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAsBA"}
+{"version":3,"file":"hazo_connect_setup.server.d.ts","sourceRoot":"","sources":["../../src/lib/hazo_connect_setup.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAsJrB;;;;GAIG;AACH,wBAAgB,iCAAiC,8CAuBhD;AAED;;;;GAIG;AACH,wBAAgB,+BAA+B,IAAI;IACjD,IAAI,CAAC,EAAE,QAAQ,GAAG,WAAW,CAAC;IAC9B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAsBA"}

package/dist/lib/hazo_connect_setup.server.js

@@ -78,14 +78,6 @@ function get_hazo_connect_config() {
                 }
             }
         }
-        // Log the resolved path so consumers can see which DB file is being used
-        logger.info("hazo_connect_sqlite_path_resolved", {
-            filename: "hazo_connect_setup.server.ts",
-            line_number: 0,
-            sqlite_path,
-            process_cwd: process.cwd(),
-            config_source: hazo_connect_section ? "hazo_auth_config.ini" : "environment variables",
-        });
         return {
             type: "sqlite",
             sqlitePath: sqlite_path,

package/dist/lib/services/email_service.d.ts

@@ -1,4 +1,5 @@
 import type { EmailerConfig } from "hazo_notify";
+import type { HazoConnectInstance } from "hazo_notify/template_manager";
 export type EmailOptions = {
     to: string;
     from: string;
@@ -21,6 +22,14 @@ export type EmailTemplateData = {
  * @param config - The hazo_notify emailer configuration instance
  */
 export declare function set_hazo_notify_instance(config: EmailerConfig): void;
+/**
+ * Registers the hazo_notify-compatible hazo_connect instance used by
+ * `send_template_email`. Call this from `instrumentation.ts` with the same
+ * instance you pass to `init_template_manager({ hazo_connect_factory })`.
+ *
+ * @param instance - hazo_notify-shaped database adapter
+ */
+export declare function set_hazo_notify_connect(instance: HazoConnectInstance): void;
 /**
  * Sends an email using hazo_notify
  * @param options - Email options (to, from, subject, html_body, text_body)
@@ -31,11 +40,15 @@ export declare function send_email(options: EmailOptions): Promise<{
     error?: string;
 }>;
 /**
- * Sends an email using a template
- * @param template_type - Type of email template
+ * Sends an email using a template, delegating rendering to hazo_notify's
+ * scope-aware template manager. Templates and per-scope overrides live in
+ * hazo_notify's database; hazo_auth ships the global defaults via
+ * `hazo_auth_template_manifest`.
+ *
+ * @param template_type - System template name (email_verification | forgot_password | password_changed)
  * @param to - Recipient email address
- * @param data - Template data for variable substitution
- * @returns Promise that resolves when email is sent
+ * @param data - Template data; `token` is auto-expanded into verification_url/reset_url
+ * @returns Promise that resolves with success status
  */
 export declare function send_template_email(template_type: EmailTemplateType, to: string, data: EmailTemplateData): Promise<{
     success: boolean;

package/dist/lib/services/email_service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"email_service.d.ts","sourceRoot":"","sources":["../../../src/lib/services/email_service.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,aAAa,EAAoB,MAAM,aAAa,CAAC;AAGnE,MAAM,MAAM,YAAY,GAAG;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG,iBAAiB,GAAG,oBAAoB,GAAG,kBAAkB,CAAC;AAE9F,MAAM,MAAM,iBAAiB,GAAG;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;CACnC,CAAC;AAmBF;;;;GAIG;AACH,wBAAgB,wBAAwB,CAAC,MAAM,EAAE,aAAa,GAAG,IAAI,CAEpE;AA0YD;;;;GAIG;AACH,wBAAsB,UAAU,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAwErG;AAED;;;;;;GAMG;AACH,wBAAsB,mBAAmB,CACvC,aAAa,EAAE,iBAAiB,EAChC,EAAE,EAAE,MAAM,EACV,IAAI,EAAE,iBAAiB,GACtB,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAiD/C"}
+{"version":3,"file":"email_service.d.ts","sourceRoot":"","sources":["../../../src/lib/services/email_service.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,aAAa,EAAoB,MAAM,aAAa,CAAC;AACnE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AAGxE,MAAM,MAAM,YAAY,GAAG;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG,iBAAiB,GAAG,oBAAoB,GAAG,kBAAkB,CAAC;AAE9F,MAAM,MAAM,iBAAiB,GAAG;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;CACnC,CAAC;AAiBF;;;;GAIG;AACH,wBAAgB,wBAAwB,CAAC,MAAM,EAAE,aAAa,GAAG,IAAI,CAEpE;AAED;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,QAAQ,EAAE,mBAAmB,GAAG,IAAI,CAE3E;AA8LD;;;;GAIG;AACH,wBAAsB,UAAU,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAwErG;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,mBAAmB,CACvC,aAAa,EAAE,iBAAiB,EAChC,EAAE,EAAE,MAAM,EACV,IAAI,EAAE,iBAAiB,GACtB,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAyF/C"}