hazo_auth 6.1.1 → 7.0.1

package/dist/components/layouts/shared/components/already_logged_in_guard.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"already_logged_in_guard.d.ts","sourceRoot":"","sources":["../../../../../src/components/layouts/shared/components/already_logged_in_guard.tsx"],"names":[],"mappings":"AAWA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAGlD,MAAM,MAAM,yBAAyB,GAAG;IACtC,SAAS,EAAE,MAAM,GAAG,eAAe,CAAC;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;CAC3B,CAAC;AAGF;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,EACnC,SAAS,EACT,SAAS,EACT,sBAAkC,EAClC,OAAqC,EACrC,gBAAuB,EACvB,oBAA4B,EAC5B,qBAAqC,EACrC,cAAoB,EACpB,oBAA4B,EAC5B,QAAQ,GACT,EAAE,yBAAyB,2CAiD3B"}
+{"version":3,"file":"already_logged_in_guard.d.ts","sourceRoot":"","sources":["../../../../../src/components/layouts/shared/components/already_logged_in_guard.tsx"],"names":[],"mappings":"AAWA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AAGnE,MAAM,MAAM,yBAAyB,GAAG;IACtC,KAAK,CAAC,EAAE,aAAa,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;CAC3B,CAAC;AAGF;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,EACnC,KAAK,EACL,OAAqC,EACrC,gBAAuB,EACvB,oBAA4B,EAC5B,qBAAqC,EACrC,cAAoB,EACpB,oBAA4B,EAC5B,QAAQ,GACT,EAAE,yBAAyB,2CA+C3B"}

package/dist/components/layouts/shared/components/already_logged_in_guard.js

@@ -16,7 +16,7 @@ import { Home } from "lucide-react";
  * @param props - Component props including layout config and message customization
  * @returns Either the "already logged in" UI or the children
  */
-export function AlreadyLoggedInGuard({ image_src, image_alt, image_background_color = "#f1f5f9", message = "You're already logged in.", showLogoutButton = true, showReturnHomeButton = false, returnHomeButtonLabel = "Return home", returnHomePath = "/", requireEmailVerified = false, children, }) {
+export function AlreadyLoggedInGuard({ theme, message = "You're already logged in.", showLogoutButton = true, showReturnHomeButton = false, returnHomeButtonLabel = "Return home", returnHomePath = "/", requireEmailVerified = false, children, }) {
     const router = useRouter();
     const authStatus = use_auth_status();
     // Check if user should see "already logged in" message
@@ -26,7 +26,7 @@ export function AlreadyLoggedInGuard({ image_src, image_alt, image_background_co
         !authStatus.loading &&
         (!requireEmailVerified || authStatus.email_verified === true);
     if (shouldShowAlreadyLoggedIn) {
-        return (_jsx(TwoColumnAuthLayout, { imageSrc: image_src, imageAlt: image_alt, imageBackgroundColor: image_background_color, formContent: _jsxs("div", { className: "cls_already_logged_in_guard flex flex-col items-center justify-center gap-4 p-8 text-center", children: [_jsx("p", { className: "cls_already_logged_in_guard_message text-lg font-medium text-slate-900", children: message }), _jsxs("div", { className: "cls_already_logged_in_guard_actions flex flex-col gap-3 items-center mt-4", children: [showLogoutButton && (_jsx(LogoutButton, { className: "cls_already_logged_in_guard_logout_button", variant: "default" })), showReturnHomeButton && (_jsxs(Button, { onClick: () => router.push(returnHomePath), variant: "outline", className: "cls_already_logged_in_guard_return_home_button", "aria-label": returnHomeButtonLabel, children: [_jsx(Home, { className: "h-4 w-4 mr-2", "aria-hidden": "true" }), returnHomeButtonLabel] }))] })] }) }));
+        return (_jsx(TwoColumnAuthLayout, { theme: theme, formContent: _jsxs("div", { className: "cls_already_logged_in_guard flex flex-col items-center justify-center gap-4 p-8 text-center", children: [_jsx("p", { className: "cls_already_logged_in_guard_message text-lg font-medium text-slate-900", children: message }), _jsxs("div", { className: "cls_already_logged_in_guard_actions flex flex-col gap-3 items-center mt-4", children: [showLogoutButton && (_jsx(LogoutButton, { className: "cls_already_logged_in_guard_logout_button", variant: "default" })), showReturnHomeButton && (_jsxs(Button, { onClick: () => router.push(returnHomePath), variant: "outline", className: "cls_already_logged_in_guard_return_home_button", "aria-label": returnHomeButtonLabel, children: [_jsx(Home, { className: "h-4 w-4 mr-2", "aria-hidden": "true" }), returnHomeButtonLabel] }))] })] }) }));
     }
     return _jsx(_Fragment, { children: children });
 }

package/dist/components/layouts/shared/components/facebook_sign_in_button.d.ts

@@ -0,0 +1,25 @@
+export type FacebookSignInButtonProps = {
+    /** Text displayed on the button */
+    label?: string;
+    /** Custom click handler - if not provided, redirects to Facebook OAuth */
+    onClick?: () => void;
+    /** Disable the button */
+    disabled?: boolean;
+    /** Additional CSS classes */
+    className?: string;
+    /** Callback URL after OAuth (default: /api/hazo_auth/oauth/facebook/callback) */
+    callbackUrl?: string;
+    /** Pass enabled={false} to hide when Facebook OAuth is disabled */
+    enabled?: boolean;
+};
+/**
+ * Facebook Sign-In button component
+ * Displays the Facebook icon with configurable text
+ * Initiates the Facebook OAuth flow when clicked
+ * Uses next-auth/react signIn function for proper OAuth flow
+ * Pass `enabled={false}` to hide when Facebook OAuth is disabled.
+ * Returns null when Facebook OAuth is not enabled (enable_facebook=false or env vars absent)
+ */
+export declare function FacebookSignInButton({ label, onClick, disabled, className, callbackUrl, enabled, }: FacebookSignInButtonProps): import("react/jsx-runtime").JSX.Element | null;
+export default FacebookSignInButton;
+//# sourceMappingURL=facebook_sign_in_button.d.ts.map

package/dist/components/layouts/shared/components/facebook_sign_in_button.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"facebook_sign_in_button.d.ts","sourceRoot":"","sources":["../../../../../src/components/layouts/shared/components/facebook_sign_in_button.tsx"],"names":[],"mappings":"AAYA,MAAM,MAAM,yBAAyB,GAAG;IACtC,mCAAmC;IACnC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,0EAA0E;IAC1E,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;IACrB,yBAAyB;IACzB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,6BAA6B;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iFAAiF;IACjF,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,mEAAmE;IACnE,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,CAAC;AAGF;;;;;;;GAOG;AACH,wBAAgB,oBAAoB,CAAC,EACnC,KAAgC,EAChC,OAAO,EACP,QAAgB,EAChB,SAAS,EACT,WAAsD,EACtD,OAAO,GACR,EAAE,yBAAyB,kDAgD3B;AAED,eAAe,oBAAoB,CAAC"}

package/dist/components/layouts/shared/components/facebook_sign_in_button.js

@@ -0,0 +1,49 @@
+// file_description: Facebook Sign-In button component using Facebook brand colors
+// section: client_directive
+"use client";
+import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
+// section: imports
+import { Button } from "../../../ui/button.js";
+import { cn } from "../../../../lib/utils.js";
+import { useState } from "react";
+import { Loader2, Facebook } from "lucide-react";
+import { signIn } from "next-auth/react";
+// section: component
+/**
+ * Facebook Sign-In button component
+ * Displays the Facebook icon with configurable text
+ * Initiates the Facebook OAuth flow when clicked
+ * Uses next-auth/react signIn function for proper OAuth flow
+ * Pass `enabled={false}` to hide when Facebook OAuth is disabled.
+ * Returns null when Facebook OAuth is not enabled (enable_facebook=false or env vars absent)
+ */
+export function FacebookSignInButton({ label = "Continue with Facebook", onClick, disabled = false, className, callbackUrl = "/api/hazo_auth/oauth/facebook/callback", enabled, }) {
+    if (enabled === false)
+        return null;
+    const [isLoading, setIsLoading] = useState(false);
+    const handleClick = async () => {
+        if (disabled || isLoading)
+            return;
+        if (onClick) {
+            onClick();
+        }
+        else {
+            setIsLoading(true);
+            try {
+                console.log("[FacebookSignInButton] Starting Facebook OAuth with callbackUrl:", callbackUrl);
+                await signIn("facebook", {
+                    callbackUrl,
+                    redirect: true,
+                });
+                // Note: redirect: true means this code won't execute after success
+            }
+            catch (error) {
+                console.error("[FacebookSignInButton] Sign-in exception:", error);
+                alert(`Facebook Sign-In Exception: ${error}`);
+                setIsLoading(false);
+            }
+        }
+    };
+    return (_jsxs(Button, { type: "button", onClick: handleClick, disabled: disabled || isLoading, className: cn("cls_facebook_sign_in_button w-full flex items-center justify-center gap-3 h-11 bg-[#1877F2] hover:bg-[#166FE5] text-white transition-colors", className), "aria-label": label, children: [isLoading ? (_jsx(Loader2, { className: "h-5 w-5 animate-spin text-white", "aria-hidden": "true" })) : (_jsx(Facebook, { className: "h-5 w-5 text-white", "aria-hidden": "true" })), _jsx("span", { className: "font-medium", children: isLoading ? "Signing in..." : label })] }));
+}
+export default FacebookSignInButton;

package/dist/components/layouts/shared/components/sidebar_layout_wrapper.js

@@ -16,5 +16,5 @@ export function SidebarLayoutWrapper({ children }) {
     const pathname = usePathname();
     const login_paths = ["/hazo_auth/login", "/hazo_auth/login_variations"];
     const login_submenu_open = login_paths.some((p) => pathname === null || pathname === void 0 ? void 0 : pathname.startsWith(p));
-    return (_jsx(SidebarProvider, { children: _jsxs("div", { className: "cls_sidebar_layout_wrapper flex min-h-screen w-full", children: [_jsxs(Sidebar, { children: [_jsx(SidebarHeader, { className: "cls_sidebar_layout_header", children: _jsx("div", { className: "cls_sidebar_layout_title flex items-center gap-2 px-2 py-4", children: _jsx("h1", { className: "cls_sidebar_layout_title_text text-lg font-semibold text-sidebar-foreground", children: "hazo auth" }) }) }), _jsxs(SidebarContent, { className: "cls_sidebar_layout_content", children: [_jsxs(SidebarGroup, { className: "cls_sidebar_layout_test_group", children: [_jsx(SidebarGroupLabel, { className: "cls_sidebar_layout_group_label", children: "Test components" }), _jsxs(SidebarMenu, { className: "cls_sidebar_layout_test_menu", children: [_jsx(SidebarMenuItem, { className: "cls_sidebar_layout_login_group_item", children: _jsxs(Collapsible, { defaultOpen: login_submenu_open, className: "group/login-collapsible w-full", children: [_jsx(CollapsibleTrigger, { asChild: true, children: _jsxs(SidebarMenuButton, { className: "cls_sidebar_layout_login_trigger flex items-center gap-2 w-full", "aria-label": "Toggle login submenu", children: [_jsx(LogIn, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Login" }), _jsx(ChevronDown, { className: "ml-auto h-4 w-4 transition-transform duration-200 group-data-[state=open]/login-collapsible:rotate-180", "aria-hidden": "true" })] }) }), _jsx(CollapsibleContent, { children: _jsxs(SidebarMenuSub, { className: "cls_sidebar_layout_login_submenu", children: [_jsx(SidebarMenuSubItem, { className: "cls_sidebar_layout_login_test_item", children: _jsx(SidebarMenuSubButton, { asChild: true, children: _jsx(Link, { href: "/hazo_auth/login", className: "cls_sidebar_layout_login_test_link flex items-center gap-2", "aria-label": "Test login layout component", children: _jsx("span", { children: "Test login" }) }) }) }), _jsx(SidebarMenuSubItem, { className: "cls_sidebar_layout_login_variations_item", children: _jsx(SidebarMenuSubButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/login_variations", className: "cls_sidebar_layout_login_variations_link flex items-center gap-2", "aria-label": "View login page variations", children: [_jsx(LayoutGrid, { className: "h-3.5 w-3.5", "aria-hidden": "true" }), _jsx("span", { children: "Variations" })] }) }) })] }) })] }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_test_register_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/register", className: "cls_sidebar_layout_test_register_link flex items-center gap-2", "aria-label": "Test register layout component", children: [_jsx(UserPlus, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Test register" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_test_forgot_password_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/forgot_password", className: "cls_sidebar_layout_test_forgot_password_link flex items-center gap-2", "aria-label": "Test forgot password layout component", children: [_jsx(KeyRound, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Test forgot password" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_test_reset_password_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/reset_password", className: "cls_sidebar_layout_test_reset_password_link flex items-center gap-2", "aria-label": "Test reset password layout component", children: [_jsx(Key, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Test reset password" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_test_email_verification_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/verify_email", className: "cls_sidebar_layout_test_email_verification_link flex items-center gap-2", "aria-label": "Test email verification layout component", children: [_jsx(MailCheck, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Test email verification" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_sqlite_admin_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_connect/sqlite_admin", className: "cls_sidebar_layout_sqlite_admin_link flex items-center gap-2", "aria-label": "Open SQLite admin UI to browse and edit database", children: [_jsx(Database, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "SQLite Admin" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_user_management_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/user_management", className: "cls_sidebar_layout_user_management_link flex items-center gap-2", "aria-label": "Open User Management to manage users, roles, and permissions", children: [_jsx(User, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "User Management" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_rbac_test_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/rbac_test", className: "cls_sidebar_layout_rbac_test_link flex items-center gap-2", "aria-label": "Test RBAC and HRBAC access control", children: [_jsx(ShieldCheck, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "RBAC/HRBAC Test" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_profile_stamp_test_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/profile_stamp_test", className: "cls_sidebar_layout_profile_stamp_test_link flex items-center gap-2", "aria-label": "Test ProfileStamp component", children: [_jsx(CircleUserRound, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "ProfileStamp Test" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_app_user_data_test_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/app_user_data_test", className: "cls_sidebar_layout_app_user_data_test_link flex items-center gap-2", "aria-label": "Test app_user_data JSON storage", children: [_jsx(FileJson, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "App User Data Test" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_create_firm_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/create_firm", className: "cls_sidebar_layout_create_firm_link flex items-center gap-2", "aria-label": "Test create firm flow", children: [_jsx(Building2, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Create Firm" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_edit_firm_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/edit_firm", className: "cls_sidebar_layout_edit_firm_link flex items-center gap-2", "aria-label": "Test branding editor for firm", children: [_jsx(Palette, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Edit Firm" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_relationships_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/relationships", className: "cls_sidebar_layout_relationships_link flex items-center gap-2", "aria-label": "Test relationship accounts", children: [_jsx(User, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Relationships" })] }) }) })] })] }), _jsxs(SidebarGroup, { className: "cls_sidebar_layout_testing_group", children: [_jsx(SidebarGroupLabel, { className: "cls_sidebar_layout_group_label", children: "Testing" }), _jsx(SidebarMenu, { className: "cls_sidebar_layout_testing_menu", children: _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_test_scenarios_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/test_scenarios", className: "cls_sidebar_layout_test_scenarios_link flex items-center gap-2", "aria-label": "Test scenarios", children: [_jsx(Settings2, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Test Scenarios" })] }) }) }) })] }), _jsxs(SidebarGroup, { className: "cls_sidebar_layout_auto_test_group", children: [_jsx(SidebarGroupLabel, { className: "cls_sidebar_layout_group_label", children: "Auto Tests" }), _jsx(SidebarMenu, { className: "cls_sidebar_layout_auto_test_menu", children: _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_auto_test_runner_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/auto_test", className: "cls_sidebar_layout_auto_test_runner_link flex items-center gap-2", "aria-label": "Run automated tests", children: [_jsx(Play, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Auto Test Runner" })] }) }) }) })] }), _jsx(ProfilePicMenu, { variant: "sidebar", avatar_size: "sm", className: "cls_sidebar_layout_profile_menu", sidebar_group_label: "Account" }), _jsxs(SidebarGroup, { className: "cls_sidebar_layout_resources_group", children: [_jsx(SidebarGroupLabel, { className: "cls_sidebar_layout_group_label", children: "Resources" }), _jsxs(SidebarMenu, { className: "cls_sidebar_layout_resources_menu", children: [_jsx(SidebarMenuItem, { className: "cls_sidebar_layout_storybook_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs("a", { href: "http://localhost:6006", target: "_blank", rel: "noopener noreferrer", className: "cls_sidebar_layout_storybook_link flex items-center gap-2", "aria-label": "Open Storybook preview for reusable components", children: [_jsx(BookOpen, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Storybook" }), _jsx(ExternalLink, { className: "ml-auto h-3 w-3", "aria-hidden": "true" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_docs_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs("a", { href: "https://ui.shadcn.com/docs", target: "_blank", rel: "noopener noreferrer", className: "cls_sidebar_layout_docs_link flex items-center gap-2", "aria-label": "Review shadcn documentation for styling guidance", children: [_jsx(BookOpen, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Shadcn docs" }), _jsx(ExternalLink, { className: "ml-auto h-3 w-3", "aria-hidden": "true" })] }) }) })] })] })] })] }), _jsxs(SidebarInset, { className: "cls_sidebar_layout_inset", children: [_jsxs("header", { className: "cls_sidebar_layout_main_header flex h-16 shrink-0 items-center gap-2 border-b px-4", children: [_jsx(SidebarTrigger, { className: "cls_sidebar_layout_trigger" }), _jsx("div", { className: "cls_sidebar_layout_main_header_content flex flex-1 items-center gap-2", children: _jsx("h2", { className: "cls_sidebar_layout_main_title text-lg font-semibold text-foreground", children: "hazo reusable ui library workspace" }) }), _jsx(ProfilePicMenu, { className: "cls_sidebar_layout_auth_status", avatar_size: "sm" })] }), _jsx("main", { className: "cls_sidebar_layout_main_content flex flex-1 items-center justify-center p-6", children: children })] })] }) }));
+    return (_jsx(SidebarProvider, { children: _jsxs("div", { className: "cls_sidebar_layout_wrapper flex min-h-screen w-full", children: [_jsxs(Sidebar, { children: [_jsx(SidebarHeader, { className: "cls_sidebar_layout_header", children: _jsx("div", { className: "cls_sidebar_layout_title flex items-center gap-2 px-2 py-4", children: _jsx("span", { className: "cls_sidebar_layout_title_text text-lg font-semibold text-sidebar-foreground", children: "hazo auth" }) }) }), _jsxs(SidebarContent, { className: "cls_sidebar_layout_content", children: [_jsxs(SidebarGroup, { className: "cls_sidebar_layout_test_group", children: [_jsx(SidebarGroupLabel, { className: "cls_sidebar_layout_group_label", children: "Test components" }), _jsxs(SidebarMenu, { className: "cls_sidebar_layout_test_menu", children: [_jsx(SidebarMenuItem, { className: "cls_sidebar_layout_login_group_item", children: _jsxs(Collapsible, { defaultOpen: login_submenu_open, className: "group/login-collapsible w-full", children: [_jsx(CollapsibleTrigger, { asChild: true, children: _jsxs(SidebarMenuButton, { className: "cls_sidebar_layout_login_trigger flex items-center gap-2 w-full", "aria-label": "Toggle login submenu", children: [_jsx(LogIn, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Login" }), _jsx(ChevronDown, { className: "ml-auto h-4 w-4 transition-transform duration-200 group-data-[state=open]/login-collapsible:rotate-180", "aria-hidden": "true" })] }) }), _jsx(CollapsibleContent, { children: _jsxs(SidebarMenuSub, { className: "cls_sidebar_layout_login_submenu", children: [_jsx(SidebarMenuSubItem, { className: "cls_sidebar_layout_login_test_item", children: _jsx(SidebarMenuSubButton, { asChild: true, children: _jsx(Link, { href: "/hazo_auth/login", className: "cls_sidebar_layout_login_test_link flex items-center gap-2", "aria-label": "Test login layout component", children: _jsx("span", { children: "Test login" }) }) }) }), _jsx(SidebarMenuSubItem, { className: "cls_sidebar_layout_login_variations_item", children: _jsx(SidebarMenuSubButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/login_variations", className: "cls_sidebar_layout_login_variations_link flex items-center gap-2", "aria-label": "View login page variations", children: [_jsx(LayoutGrid, { className: "h-3.5 w-3.5", "aria-hidden": "true" }), _jsx("span", { children: "Variations" })] }) }) })] }) })] }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_test_register_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/register", className: "cls_sidebar_layout_test_register_link flex items-center gap-2", "aria-label": "Test register layout component", children: [_jsx(UserPlus, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Test register" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_test_forgot_password_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/forgot_password", className: "cls_sidebar_layout_test_forgot_password_link flex items-center gap-2", "aria-label": "Test forgot password layout component", children: [_jsx(KeyRound, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Test forgot password" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_test_reset_password_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/reset_password", className: "cls_sidebar_layout_test_reset_password_link flex items-center gap-2", "aria-label": "Test reset password layout component", children: [_jsx(Key, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Test reset password" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_test_email_verification_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/verify_email", className: "cls_sidebar_layout_test_email_verification_link flex items-center gap-2", "aria-label": "Test email verification layout component", children: [_jsx(MailCheck, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Test email verification" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_sqlite_admin_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_connect/sqlite_admin", className: "cls_sidebar_layout_sqlite_admin_link flex items-center gap-2", "aria-label": "Open SQLite admin UI to browse and edit database", children: [_jsx(Database, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "SQLite Admin" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_user_management_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/user_management", className: "cls_sidebar_layout_user_management_link flex items-center gap-2", "aria-label": "Open User Management to manage users, roles, and permissions", children: [_jsx(User, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "User Management" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_rbac_test_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/rbac_test", className: "cls_sidebar_layout_rbac_test_link flex items-center gap-2", "aria-label": "Test RBAC and HRBAC access control", children: [_jsx(ShieldCheck, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "RBAC/HRBAC Test" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_profile_stamp_test_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/profile_stamp_test", className: "cls_sidebar_layout_profile_stamp_test_link flex items-center gap-2", "aria-label": "Test ProfileStamp component", children: [_jsx(CircleUserRound, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "ProfileStamp Test" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_app_user_data_test_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/app_user_data_test", className: "cls_sidebar_layout_app_user_data_test_link flex items-center gap-2", "aria-label": "Test app_user_data JSON storage", children: [_jsx(FileJson, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "App User Data Test" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_create_firm_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/create_firm", className: "cls_sidebar_layout_create_firm_link flex items-center gap-2", "aria-label": "Test create firm flow", children: [_jsx(Building2, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Create Firm" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_edit_firm_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/edit_firm", className: "cls_sidebar_layout_edit_firm_link flex items-center gap-2", "aria-label": "Test branding editor for firm", children: [_jsx(Palette, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Edit Firm" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_relationships_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/relationships", className: "cls_sidebar_layout_relationships_link flex items-center gap-2", "aria-label": "Test relationship accounts", children: [_jsx(User, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Relationships" })] }) }) })] })] }), _jsxs(SidebarGroup, { className: "cls_sidebar_layout_testing_group", children: [_jsx(SidebarGroupLabel, { className: "cls_sidebar_layout_group_label", children: "Testing" }), _jsx(SidebarMenu, { className: "cls_sidebar_layout_testing_menu", children: _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_test_scenarios_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/test_scenarios", className: "cls_sidebar_layout_test_scenarios_link flex items-center gap-2", "aria-label": "Test scenarios", children: [_jsx(Settings2, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Test Scenarios" })] }) }) }) })] }), _jsxs(SidebarGroup, { className: "cls_sidebar_layout_auto_test_group", children: [_jsx(SidebarGroupLabel, { className: "cls_sidebar_layout_group_label", children: "Auto Tests" }), _jsx(SidebarMenu, { className: "cls_sidebar_layout_auto_test_menu", children: _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_auto_test_runner_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/auto_test", className: "cls_sidebar_layout_auto_test_runner_link flex items-center gap-2", "aria-label": "Run automated tests", children: [_jsx(Play, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Auto Test Runner" })] }) }) }) })] }), _jsx(ProfilePicMenu, { variant: "sidebar", avatar_size: "sm", className: "cls_sidebar_layout_profile_menu", sidebar_group_label: "Account" }), _jsxs(SidebarGroup, { className: "cls_sidebar_layout_resources_group", children: [_jsx(SidebarGroupLabel, { className: "cls_sidebar_layout_group_label", children: "Resources" }), _jsxs(SidebarMenu, { className: "cls_sidebar_layout_resources_menu", children: [_jsx(SidebarMenuItem, { className: "cls_sidebar_layout_storybook_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs("a", { href: "http://localhost:6006", target: "_blank", rel: "noopener noreferrer", className: "cls_sidebar_layout_storybook_link flex items-center gap-2", "aria-label": "Open Storybook preview for reusable components", children: [_jsx(BookOpen, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Storybook" }), _jsx(ExternalLink, { className: "ml-auto h-3 w-3", "aria-hidden": "true" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_docs_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs("a", { href: "https://ui.shadcn.com/docs", target: "_blank", rel: "noopener noreferrer", className: "cls_sidebar_layout_docs_link flex items-center gap-2", "aria-label": "Review shadcn documentation for styling guidance", children: [_jsx(BookOpen, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Shadcn docs" }), _jsx(ExternalLink, { className: "ml-auto h-3 w-3", "aria-hidden": "true" })] }) }) })] })] })] })] }), _jsxs(SidebarInset, { className: "cls_sidebar_layout_inset", children: [_jsxs("header", { className: "cls_sidebar_layout_main_header flex h-16 shrink-0 items-center gap-2 border-b px-4", children: [_jsx(SidebarTrigger, { className: "cls_sidebar_layout_trigger" }), _jsx("div", { className: "cls_sidebar_layout_main_header_content flex flex-1 items-center gap-2", children: _jsx("h2", { className: "cls_sidebar_layout_main_title text-lg font-semibold text-foreground", children: "hazo reusable ui library workspace" }) }), _jsx(ProfilePicMenu, { className: "cls_sidebar_layout_auth_status", avatar_size: "sm" })] }), _jsx("main", { className: "cls_sidebar_layout_main_content flex flex-1 items-center justify-center p-6", children: children })] })] }) }));
 }

package/dist/components/layouts/shared/components/two_column_auth_layout.d.ts

@@ -1,13 +1,10 @@
-import type { StaticImageData } from "next/image";
+import type { HazoAuthTheme } from "../../../../theme/theme_types";
 type TwoColumnAuthLayoutProps = {
-    imageSrc: string | StaticImageData;
-    imageAlt: string;
-    imageBackgroundColor?: string;
+    theme?: HazoAuthTheme;
     formContent: React.ReactNode;
     className?: string;
-    visualPanelClassName?: string;
     formContainerClassName?: string;
 };
-export declare function TwoColumnAuthLayout({ imageSrc, imageAlt, imageBackgroundColor, formContent, className, visualPanelClassName, formContainerClassName, }: TwoColumnAuthLayoutProps): import("react/jsx-runtime").JSX.Element;
+export declare function TwoColumnAuthLayout({ theme, formContent, className, formContainerClassName, }: TwoColumnAuthLayoutProps): import("react/jsx-runtime").JSX.Element;
 export {};
 //# sourceMappingURL=two_column_auth_layout.d.ts.map

package/dist/components/layouts/shared/components/two_column_auth_layout.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"two_column_auth_layout.d.ts","sourceRoot":"","sources":["../../../../../src/components/layouts/shared/components/two_column_auth_layout.tsx"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAGlD,KAAK,wBAAwB,GAAG;IAC9B,QAAQ,EAAE,MAAM,GAAG,eAAe,CAAC;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,sBAAsB,CAAC,EAAE,MAAM,CAAC;CACjC,CAAC;AAGF,wBAAgB,mBAAmB,CAAC,EAClC,QAAQ,EACR,QAAQ,EACR,oBAAoB,EACpB,WAAW,EACX,SAAS,EACT,oBAAoB,EACpB,sBAAsB,GACvB,EAAE,wBAAwB,2CAkB1B"}
+{"version":3,"file":"two_column_auth_layout.d.ts","sourceRoot":"","sources":["../../../../../src/components/layouts/shared/components/two_column_auth_layout.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AAGnE,KAAK,wBAAwB,GAAG;IAC9B,KAAK,CAAC,EAAE,aAAa,CAAC;IACtB,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,sBAAsB,CAAC,EAAE,MAAM,CAAC;CACjC,CAAC;AAGF,wBAAgB,mBAAmB,CAAC,EAClC,KAAK,EACL,WAAW,EACX,SAAS,EACT,sBAAsB,GACvB,EAAE,wBAAwB,2CAkD1B"}

package/dist/components/layouts/shared/components/two_column_auth_layout.js

@@ -1,8 +1,11 @@
 import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
-// file_description: reusable two-column authentication layout shell that combines visual panel and form content
-// section: imports
-import { VisualPanel } from "./visual_panel.js";
 // section: component
-export function TwoColumnAuthLayout({ imageSrc, imageAlt, imageBackgroundColor, formContent, className, visualPanelClassName, formContainerClassName, }) {
-    return (_jsxs("div", { className: `cls_two_column_auth_layout grid w-full max-w-5xl grid-cols-1 overflow-hidden rounded-xl border border-slate-200 bg-white shadow-sm md:grid-cols-2 md:min-h-[520px] ${className !== null && className !== void 0 ? className : ""}`, children: [_jsx(VisualPanel, { imageSrc: imageSrc, imageAlt: imageAlt, backgroundColor: imageBackgroundColor, className: visualPanelClassName }), _jsx("div", { className: `cls_two_column_auth_layout_form_container flex flex-col gap-6 p-8 ${formContainerClassName !== null && formContainerClassName !== void 0 ? formContainerClassName : ""}`, children: formContent })] }));
+export function TwoColumnAuthLayout({ theme, formContent, className, formContainerClassName, }) {
+    const isSplit = (theme === null || theme === void 0 ? void 0 : theme.layout) === "split";
+    if (isSplit && (theme === null || theme === void 0 ? void 0 : theme.brandPanel)) {
+        const { backgroundGradient, logoSrc, tagline } = theme.brandPanel;
+        return (_jsxs("div", { className: `cls_two_column_auth_layout grid w-full max-w-5xl grid-cols-1 overflow-hidden rounded-xl border border-slate-200 bg-white shadow-sm md:grid-cols-2 md:min-h-[520px] ${className !== null && className !== void 0 ? className : ""}`, children: [_jsxs("div", { className: "cls_auth_brand_panel hidden md:flex flex-col items-center justify-center gap-6 p-10", style: { background: backgroundGradient !== null && backgroundGradient !== void 0 ? backgroundGradient : "linear-gradient(135deg, #475569, #64748B)" }, children: [logoSrc && (_jsx("img", { src: logoSrc, alt: "Brand logo", className: "cls_auth_brand_panel_logo h-16 w-auto object-contain" })), tagline && (_jsx("p", { className: "cls_auth_brand_panel_tagline text-center text-xl font-semibold text-white", children: tagline }))] }), _jsx("div", { className: `cls_two_column_auth_layout_form_container flex flex-col gap-6 p-8 ${formContainerClassName !== null && formContainerClassName !== void 0 ? formContainerClassName : ""}`, children: formContent })] }));
+    }
+    // Centered layout (default): just the form panel
+    return (_jsx("div", { className: `cls_two_column_auth_layout w-full max-w-md overflow-hidden rounded-xl border border-slate-200 bg-white shadow-sm ${className !== null && className !== void 0 ? className : ""}`, children: _jsx("div", { className: `cls_two_column_auth_layout_form_container flex flex-col gap-6 p-8 ${formContainerClassName !== null && formContainerClassName !== void 0 ? formContainerClassName : ""}`, children: formContent }) }));
 }

package/dist/consent/consent_state.d.ts

@@ -0,0 +1,18 @@
+export interface ConsentState {
+    necessary: true;
+    functional: boolean;
+    analytics: boolean;
+    marketing: boolean;
+    version: 1;
+}
+export declare const HAZO_CONSENT_COOKIE_NAME = "hazo_consent_v1";
+/**
+ * Parse a URL-encoded JSON cookie value into a ConsentState.
+ * Returns null if the value is invalid or has an unexpected shape.
+ */
+export declare function parse_consent(value: string): ConsentState | null;
+/**
+ * Serialize a ConsentState to a URL-encoded JSON string suitable for cookie storage.
+ */
+export declare function serialize_consent(state: ConsentState): string;
+//# sourceMappingURL=consent_state.d.ts.map

package/dist/consent/consent_state.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"consent_state.d.ts","sourceRoot":"","sources":["../../src/consent/consent_state.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,IAAI,CAAC;IAChB,UAAU,EAAE,OAAO,CAAC;IACpB,SAAS,EAAE,OAAO,CAAC;IACnB,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,EAAE,CAAC,CAAC;CACZ;AAED,eAAO,MAAM,wBAAwB,oBAAoB,CAAC;AAE1D;;;GAGG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,YAAY,GAAG,IAAI,CAgBhE;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,YAAY,GAAG,MAAM,CAE7D"}

package/dist/consent/consent_state.js

@@ -0,0 +1,29 @@
+// file_description: isomorphic consent state types, parser, and serializer — no Node.js or browser-specific imports
+export const HAZO_CONSENT_COOKIE_NAME = "hazo_consent_v1";
+/**
+ * Parse a URL-encoded JSON cookie value into a ConsentState.
+ * Returns null if the value is invalid or has an unexpected shape.
+ */
+export function parse_consent(value) {
+    try {
+        const decoded = decodeURIComponent(value);
+        const parsed = JSON.parse(decoded);
+        // Validate shape
+        if (parsed.version !== 1 ||
+            parsed.necessary !== true ||
+            typeof parsed.functional !== "boolean" ||
+            typeof parsed.analytics !== "boolean" ||
+            typeof parsed.marketing !== "boolean")
+            return null;
+        return parsed;
+    }
+    catch (_a) {
+        return null;
+    }
+}
+/**
+ * Serialize a ConsentState to a URL-encoded JSON string suitable for cookie storage.
+ */
+export function serialize_consent(state) {
+    return encodeURIComponent(JSON.stringify(state));
+}

package/dist/consent/cookie_consent_banner.d.ts

@@ -0,0 +1,11 @@
+import { type ConsentState } from "./consent_state.js";
+interface CookieConsentBannerProps {
+    enableGTM?: boolean;
+    gtmContainerId?: string;
+    onChange?: (state: ConsentState) => void;
+    /** Default: "bottom" */
+    position?: "bottom" | "top";
+}
+export declare function CookieConsentBanner({ enableGTM, gtmContainerId, onChange, position, }: CookieConsentBannerProps): import("react/jsx-runtime").JSX.Element;
+export {};
+//# sourceMappingURL=cookie_consent_banner.d.ts.map

package/dist/consent/cookie_consent_banner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cookie_consent_banner.d.ts","sourceRoot":"","sources":["../../src/consent/cookie_consent_banner.tsx"],"names":[],"mappings":"AAIA,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAKpD,UAAU,wBAAwB;IAChC,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,EAAE,CAAC,KAAK,EAAE,YAAY,KAAK,IAAI,CAAC;IACzC,wBAAwB;IACxB,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,CAAC;CAC7B;AAED,wBAAgB,mBAAmB,CAAC,EAClC,SAAS,EACT,cAAc,EACd,QAAQ,EACR,QAAmB,GACpB,EAAE,wBAAwB,2CA4E1B"}

package/dist/consent/cookie_consent_banner.js

@@ -0,0 +1,40 @@
+"use client";
+import { jsx as _jsx, jsxs as _jsxs, Fragment as _Fragment } from "react/jsx-runtime";
+// file_description: cookie consent banner — shown until the user makes a consent choice; renders manage modal afterward
+import { useEffect, useRef } from "react";
+import { useConsent } from "./use_consent.js";
+import { ConsentManageModal } from "./manage_modal.js";
+import { to_gtm_signals, gtm_default_payload } from "./gtm_mapping.js";
+export function CookieConsentBanner({ enableGTM, gtmContainerId, onChange, position = "bottom", }) {
+    const { consent, set_consent, open_manager } = useConsent();
+    const gtm_default_pushed = useRef(false);
+    // Push consent_default to GTM on first mount (before user has consented)
+    useEffect(() => {
+        if (!enableGTM || !gtmContainerId)
+            return;
+        if (gtm_default_pushed.current)
+            return;
+        gtm_default_pushed.current = true;
+        window.dataLayer = window.dataLayer || [];
+        window.dataLayer.push(Object.assign({ event: "consent_default" }, gtm_default_payload()));
+        // eslint-disable-next-line react-hooks/exhaustive-deps
+    }, []); // only on mount
+    // Push consent_update to GTM whenever the user's consent changes
+    useEffect(() => {
+        if (!consent)
+            return; // no state yet — don't push
+        onChange === null || onChange === void 0 ? void 0 : onChange(consent);
+        if (enableGTM && gtmContainerId) {
+            window.dataLayer = window.dataLayer || [];
+            window.dataLayer.push(Object.assign({ event: "consent_update" }, to_gtm_signals(consent)));
+        }
+        // onChange is intentionally excluded to avoid infinite loops with unstable prop refs
+        // eslint-disable-next-line react-hooks/exhaustive-deps
+    }, [consent, enableGTM, gtmContainerId]);
+    // Consent already captured — only render the modal so open_manager() still works
+    if (consent !== null) {
+        return _jsx(ConsentManageModal, {});
+    }
+    const positionClass = position === "top" ? "top-0" : "bottom-0";
+    return (_jsxs(_Fragment, { children: [_jsxs("div", { className: `fixed ${positionClass} left-0 right-0 z-40 bg-primary text-primary-foreground p-4 flex flex-wrap items-center gap-3 justify-between`, children: [_jsx("p", { className: "text-sm flex-1 min-w-[200px]", children: "We use cookies to improve your experience. By continuing, you agree to our use of cookies." }), _jsxs("div", { className: "flex gap-2 flex-wrap", children: [_jsx("button", { onClick: () => set_consent({ functional: false, analytics: false, marketing: false }), className: "px-3 py-1.5 text-xs bg-primary-foreground/20 hover:bg-primary-foreground/30 rounded text-primary-foreground", children: "Decline all" }), _jsx("button", { onClick: () => open_manager(), className: "px-3 py-1.5 text-xs bg-primary-foreground/20 hover:bg-primary-foreground/30 rounded text-primary-foreground", children: "Manage" }), _jsx("button", { onClick: () => set_consent({ functional: true, analytics: true, marketing: true }), className: "px-3 py-1.5 text-xs bg-primary-foreground rounded text-primary font-medium", children: "Accept all" })] })] }), _jsx(ConsentManageModal, {})] }));
+}

package/dist/consent/gtm_mapping.d.ts

@@ -0,0 +1,13 @@
+import type { ConsentState } from "./consent_state";
+export type GtmSignal = "security_storage" | "functionality_storage" | "personalization_storage" | "analytics_storage" | "ad_storage" | "ad_user_data" | "ad_personalization";
+/**
+ * Maps a ConsentState to GTM consent signals.
+ * security_storage is always granted; other signals follow the user's category choices.
+ */
+export declare function to_gtm_signals(state: ConsentState): Record<GtmSignal, "granted" | "denied">;
+/**
+ * Default GTM consent payload before the user has made a choice.
+ * security_storage is granted; all others are denied.
+ */
+export declare function gtm_default_payload(): Record<GtmSignal, "granted" | "denied">;
+//# sourceMappingURL=gtm_mapping.d.ts.map

package/dist/consent/gtm_mapping.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"gtm_mapping.d.ts","sourceRoot":"","sources":["../../src/consent/gtm_mapping.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAEpD,MAAM,MAAM,SAAS,GACjB,kBAAkB,GAClB,uBAAuB,GACvB,yBAAyB,GACzB,mBAAmB,GACnB,YAAY,GACZ,cAAc,GACd,oBAAoB,CAAC;AAEzB;;;GAGG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,YAAY,GAAG,MAAM,CAAC,SAAS,EAAE,SAAS,GAAG,QAAQ,CAAC,CAU3F;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,IAAI,MAAM,CAAC,SAAS,EAAE,SAAS,GAAG,QAAQ,CAAC,CAU7E"}

package/dist/consent/gtm_mapping.js

@@ -0,0 +1,30 @@
+/**
+ * Maps a ConsentState to GTM consent signals.
+ * security_storage is always granted; other signals follow the user's category choices.
+ */
+export function to_gtm_signals(state) {
+    return {
+        security_storage: "granted", // always granted
+        functionality_storage: state.functional ? "granted" : "denied",
+        personalization_storage: state.functional ? "granted" : "denied",
+        analytics_storage: state.analytics ? "granted" : "denied",
+        ad_storage: state.marketing ? "granted" : "denied",
+        ad_user_data: state.marketing ? "granted" : "denied",
+        ad_personalization: state.marketing ? "granted" : "denied",
+    };
+}
+/**
+ * Default GTM consent payload before the user has made a choice.
+ * security_storage is granted; all others are denied.
+ */
+export function gtm_default_payload() {
+    return {
+        security_storage: "granted",
+        functionality_storage: "denied",
+        personalization_storage: "denied",
+        analytics_storage: "denied",
+        ad_storage: "denied",
+        ad_user_data: "denied",
+        ad_personalization: "denied",
+    };
+}

package/dist/consent/index.d.ts

@@ -0,0 +1,7 @@
+export * from "./consent_state.js";
+export * from "./cookie_consent_banner.js";
+export * from "./use_consent.js";
+export * from "./read_consent.js";
+export * from "./gtm_mapping.js";
+export * from "./manage_modal.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/consent/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/consent/index.ts"],"names":[],"mappings":"AACA,cAAc,iBAAiB,CAAC;AAChC,cAAc,yBAAyB,CAAC;AACxC,cAAc,eAAe,CAAC;AAC9B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,eAAe,CAAC;AAC9B,cAAc,gBAAgB,CAAC"}

package/dist/consent/index.js

@@ -0,0 +1,7 @@
+// file_description: barrel export for the hazo_auth consent module
+export * from "./consent_state.js";
+export * from "./cookie_consent_banner.js";
+export * from "./use_consent.js";
+export * from "./read_consent.js";
+export * from "./gtm_mapping.js";
+export * from "./manage_modal.js";

package/dist/consent/manage_modal.d.ts

@@ -0,0 +1,2 @@
+export declare function ConsentManageModal(): import("react/jsx-runtime").JSX.Element;
+//# sourceMappingURL=manage_modal.d.ts.map

package/dist/consent/manage_modal.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"manage_modal.d.ts","sourceRoot":"","sources":["../../src/consent/manage_modal.tsx"],"names":[],"mappings":"AAOA,wBAAgB,kBAAkB,4CA0GjC"}

package/dist/consent/manage_modal.js

@@ -0,0 +1,33 @@
+"use client";
+import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
+// file_description: modal dialog for managing individual cookie consent categories
+import { useEffect, useState } from "react";
+import * as Dialog from "@radix-ui/react-dialog";
+import { useConsent } from "./use_consent.js";
+export function ConsentManageModal() {
+    const { consent, set_consent } = useConsent();
+    const [open, setOpen] = useState(false);
+    const [local, setLocal] = useState({
+        functional: false,
+        analytics: false,
+        marketing: false,
+    });
+    // Listen for the open event dispatched by open_manager()
+    useEffect(() => {
+        const handle = () => {
+            setLocal({
+                functional: !!(consent === null || consent === void 0 ? void 0 : consent.functional),
+                analytics: !!(consent === null || consent === void 0 ? void 0 : consent.analytics),
+                marketing: !!(consent === null || consent === void 0 ? void 0 : consent.marketing),
+            });
+            setOpen(true);
+        };
+        window.addEventListener("hazo_auth:open_consent_manager", handle);
+        return () => window.removeEventListener("hazo_auth:open_consent_manager", handle);
+    }, [consent]);
+    const save = () => {
+        set_consent(Object.assign(Object.assign({}, local), { necessary: true, version: 1 }));
+        setOpen(false);
+    };
+    return (_jsx(Dialog.Root, { open: open, onOpenChange: setOpen, children: _jsxs(Dialog.Portal, { children: [_jsx(Dialog.Overlay, { className: "fixed inset-0 bg-black/50 z-50" }), _jsxs(Dialog.Content, { className: "fixed top-1/2 left-1/2 -translate-x-1/2 -translate-y-1/2 bg-background rounded-lg p-6 z-50 w-full max-w-md shadow-lg", children: [_jsx(Dialog.Title, { className: "text-lg font-semibold mb-4", children: "Cookie preferences" }), _jsxs("div", { className: "flex items-center justify-between py-3 border-b", children: [_jsxs("div", { children: [_jsx("p", { className: "font-medium", children: "Necessary" }), _jsx("p", { className: "text-sm text-muted-foreground", children: "Required for the site to function" })] }), _jsx("input", { type: "checkbox", checked: true, disabled: true, className: "h-4 w-4" })] }), _jsxs("div", { className: "flex items-center justify-between py-3 border-b", children: [_jsxs("div", { children: [_jsx("p", { className: "font-medium", children: "Functional" }), _jsx("p", { className: "text-sm text-muted-foreground", children: "Remembers your preferences" })] }), _jsx("input", { type: "checkbox", checked: local.functional, onChange: (e) => setLocal((p) => (Object.assign(Object.assign({}, p), { functional: e.target.checked }))), className: "h-4 w-4" })] }), _jsxs("div", { className: "flex items-center justify-between py-3 border-b", children: [_jsxs("div", { children: [_jsx("p", { className: "font-medium", children: "Analytics" }), _jsx("p", { className: "text-sm text-muted-foreground", children: "Helps us understand how you use the site" })] }), _jsx("input", { type: "checkbox", checked: local.analytics, onChange: (e) => setLocal((p) => (Object.assign(Object.assign({}, p), { analytics: e.target.checked }))), className: "h-4 w-4" })] }), _jsxs("div", { className: "flex items-center justify-between py-3", children: [_jsxs("div", { children: [_jsx("p", { className: "font-medium", children: "Marketing" }), _jsx("p", { className: "text-sm text-muted-foreground", children: "Used for targeted advertising" })] }), _jsx("input", { type: "checkbox", checked: local.marketing, onChange: (e) => setLocal((p) => (Object.assign(Object.assign({}, p), { marketing: e.target.checked }))), className: "h-4 w-4" })] }), _jsxs("div", { className: "mt-6 flex gap-3 justify-end", children: [_jsx("button", { className: "px-4 py-2 text-sm border rounded-md hover:bg-muted", onClick: () => setOpen(false), children: "Cancel" }), _jsx("button", { className: "px-4 py-2 text-sm bg-primary text-primary-foreground rounded-md hover:opacity-90", onClick: save, children: "Save preferences" })] })] })] }) }));
+}

package/dist/consent/read_consent.d.ts

@@ -0,0 +1,15 @@
+import { type ConsentState } from "./consent_state.js";
+/** Structural type covering both `Headers` and Next.js `ReadonlyHeaders`. */
+type AnyHeaders = {
+    get(name: string): string | null;
+};
+/**
+ * Reads the consent state from request headers (server-side).
+ * Returns null if the consent cookie is absent or contains invalid data.
+ *
+ * Prefix support (Phase 7): when cookie_prefix config is set, the cookie name
+ * is `${prefix}hazo_consent_v1`. Currently uses the base name only.
+ */
+export declare function read_consent(headers: AnyHeaders): ConsentState | null;
+export {};
+//# sourceMappingURL=read_consent.d.ts.map

package/dist/consent/read_consent.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"read_consent.d.ts","sourceRoot":"","sources":["../../src/consent/read_consent.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,YAAY,EAA2C,MAAM,iBAAiB,CAAC;AAE7F,6EAA6E;AAC7E,KAAK,UAAU,GAAG;IAAE,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAA;CAAE,CAAC;AAEvD;;;;;;GAMG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,UAAU,GAAG,YAAY,GAAG,IAAI,CAcrE"}

package/dist/consent/read_consent.js

@@ -0,0 +1,23 @@
+// file_description: server-side helper that reads consent state from request headers
+import { HAZO_CONSENT_COOKIE_NAME, parse_consent } from "./consent_state.js";
+/**
+ * Reads the consent state from request headers (server-side).
+ * Returns null if the consent cookie is absent or contains invalid data.
+ *
+ * Prefix support (Phase 7): when cookie_prefix config is set, the cookie name
+ * is `${prefix}hazo_consent_v1`. Currently uses the base name only.
+ */
+export function read_consent(headers) {
+    const cookie_header = headers.get("cookie");
+    if (!cookie_header)
+        return null;
+    const cookie_name = HAZO_CONSENT_COOKIE_NAME;
+    const match = cookie_header
+        .split(";")
+        .map((c) => c.trim())
+        .find((c) => c.startsWith(`${cookie_name}=`));
+    if (!match)
+        return null;
+    const value = match.slice(cookie_name.length + 1);
+    return parse_consent(value);
+}

package/dist/consent/use_consent.d.ts

@@ -0,0 +1,7 @@
+import { type ConsentState } from "./consent_state.js";
+export declare function useConsent(): {
+    consent: ConsentState | null;
+    set_consent: (patch: Partial<ConsentState>) => void;
+    open_manager: () => void;
+};
+//# sourceMappingURL=use_consent.d.ts.map

package/dist/consent/use_consent.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"use_consent.d.ts","sourceRoot":"","sources":["../../src/consent/use_consent.ts"],"names":[],"mappings":"AAIA,OAAO,EACL,KAAK,YAAY,EAIlB,MAAM,iBAAiB,CAAC;AAmBzB,wBAAgB,UAAU,IAAI;IAC5B,OAAO,EAAE,YAAY,GAAG,IAAI,CAAC;IAC7B,WAAW,EAAE,CAAC,KAAK,EAAE,OAAO,CAAC,YAAY,CAAC,KAAK,IAAI,CAAC;IACpD,YAAY,EAAE,MAAM,IAAI,CAAC;CAC1B,CAyCA"}

package/dist/consent/use_consent.js

@@ -0,0 +1,55 @@
+"use client";
+// file_description: client hook to read and update the user's cookie consent state
+import { useState, useEffect, useCallback } from "react";
+import { HAZO_CONSENT_COOKIE_NAME, parse_consent, serialize_consent, } from "./consent_state.js";
+function read_from_cookie() {
+    if (typeof document === "undefined")
+        return null;
+    const match = document.cookie
+        .split(";")
+        .map((c) => c.trim())
+        .find((c) => c.startsWith(`${HAZO_CONSENT_COOKIE_NAME}=`));
+    if (!match)
+        return null;
+    return parse_consent(match.slice(HAZO_CONSENT_COOKIE_NAME.length + 1));
+}
+function write_cookie(state) {
+    const value = serialize_consent(state);
+    const maxAge = 13 * 30 * 24 * 60 * 60; // ~13 months in seconds
+    const secure = location.protocol === "https:" ? "; Secure" : "";
+    document.cookie = `${HAZO_CONSENT_COOKIE_NAME}=${value}; Max-Age=${maxAge}; SameSite=Lax; Path=/${secure}`;
+}
+export function useConsent() {
+    const [consent, setConsent] = useState(null);
+    useEffect(() => {
+        // Hydrate from cookie on mount
+        setConsent(read_from_cookie());
+        // Subscribe to cross-component updates dispatched by other useConsent instances.
+        // Read state from event.detail to avoid a redundant cookie parse and prevent
+        // a double re-render when the same hook instance dispatches the event itself.
+        const handle_update = (e) => {
+            const detail = e.detail;
+            setConsent(detail);
+        };
+        window.addEventListener("hazo_auth:consent_update", handle_update);
+        return () => window.removeEventListener("hazo_auth:consent_update", handle_update);
+    }, []);
+    const set_consent = useCallback((patch) => {
+        const base = consent !== null && consent !== void 0 ? consent : {
+            necessary: true,
+            functional: false,
+            analytics: false,
+            marketing: false,
+            version: 1,
+        };
+        // necessary and version are always forced to their fixed values
+        const next = Object.assign(Object.assign(Object.assign({}, base), patch), { necessary: true, version: 1 });
+        write_cookie(next);
+        setConsent(next);
+        window.dispatchEvent(new CustomEvent("hazo_auth:consent_update", { detail: next }));
+    }, [consent]);
+    const open_manager = useCallback(() => {
+        window.dispatchEvent(new CustomEvent("hazo_auth:open_consent_manager"));
+    }, []);
+    return { consent, set_consent, open_manager };
+}

package/dist/lib/auth/nextauth_config.d.ts

@@ -20,6 +20,16 @@ export type NextAuthCallbackProfile = {
     picture?: string;
     email_verified?: boolean;
 };
+export type FacebookCallbackProfile = {
+    id?: string;
+    name?: string;
+    email?: string;
+    picture?: {
+        data?: {
+            url: string;
+        };
+    } | string;
+};
 /**
  * Gets NextAuth.js configuration with enabled OAuth providers
  * Providers are dynamically configured based on hazo_auth_config.ini settings

package/dist/lib/auth/nextauth_config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"nextauth_config.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/nextauth_config.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAW,MAAM,WAAW,CAAC;AAWtD,MAAM,MAAM,oBAAoB,GAAG;IACjC,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAAG;IACpC,QAAQ,EAAE,MAAM,CAAC;IACjB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAAG;IACpC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,mBAAmB,IAAI,WAAW,CAwKjD;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,IAAI,OAAO,CAW7C"}
+{"version":3,"file":"nextauth_config.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/nextauth_config.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAW,MAAM,WAAW,CAAC;AAatD,MAAM,MAAM,oBAAoB,GAAG;IACjC,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAAG;IACpC,QAAQ,EAAE,MAAM,CAAC;IACjB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAAG;IACpC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAAG;IACpC,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE;YAAE,GAAG,EAAE,MAAM,CAAA;SAAE,CAAA;KAAE,GAAG,MAAM,CAAC;CAC/C,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,mBAAmB,IAAI,WAAW,CA+PjD;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,IAAI,OAAO,CAe7C"}