hazo_auth 8.0.1 → 9.0.0

package/dist/lib/services/relationship_service.js

@@ -1,4 +1,5 @@
 import { createCrudService } from "hazo_connect/server";
+import { generateRequestId } from "hazo_core";
 import argon2 from "argon2";
 import { create_app_logger } from "../app_logger.js";
 import { get_relationships_config, get_allowed_relationship_types } from "../relationships_config.server.js";
@@ -16,7 +17,7 @@ export function get_display_email(email) {
     return is_sentinel_email(email) ? null : email;
 }
 function generate_sentinel_email() {
-    return `${SENTINEL_PREFIX}${crypto.randomUUID()}${SENTINEL_DOMAIN}`;
+    return `${SENTINEL_PREFIX}${generateRequestId().slice(4)}${SENTINEL_DOMAIN}`;
 }
 // section: helpers
 /**
@@ -66,8 +67,8 @@ export async function create_managed_child(adapter, data) {
             pin_hash = await argon2.hash(data.pin);
         }
         // Generate IDs
-        const child_user_id = crypto.randomUUID();
-        const relationship_id = crypto.randomUUID();
+        const child_user_id = generateRequestId().slice(4);
+        const relationship_id = generateRequestId().slice(4);
         const now = new Date().toISOString();
         // Insert managed child user
         await users_service.insert({
@@ -276,7 +277,7 @@ export async function create_self_relationship(adapter, parent_user_id) {
             };
         }
         const config = get_relationships_config();
-        const relationship_id = crypto.randomUUID();
+        const relationship_id = generateRequestId().slice(4);
         const now = new Date().toISOString();
         await relationships_service.insert({
             id: relationship_id,

package/dist/lib/services/session_token_service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"session_token_service.d.ts","sourceRoot":"","sources":["../../../src/lib/services/session_token_service.ts"],"names":[],"mappings":"AAQA,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb,CAAC;AAEF,MAAM,MAAM,0BAA0B,GAAG;IACvC,KAAK,EAAE,OAAO,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B,CAAC;AAuCF;;;;;;GAMG;AACH,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,EACb,kBAAkB,CAAC,EAAE,MAAM,EAC3B,WAAW,CAAC,EAAE,MAAM,GACnB,OAAO,CAAC,MAAM,CAAC,CA4CjB;AAED;;;;;GAKG;AACH,wBAAsB,sBAAsB,CAC1C,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,0BAA0B,CAAC,CAkDrC"}
+{"version":3,"file":"session_token_service.d.ts","sourceRoot":"","sources":["../../../src/lib/services/session_token_service.ts"],"names":[],"mappings":"AASA,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb,CAAC;AAEF,MAAM,MAAM,0BAA0B,GAAG;IACvC,KAAK,EAAE,OAAO,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B,CAAC;AAuCF;;;;;;GAMG;AACH,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,EACb,kBAAkB,CAAC,EAAE,MAAM,EAC3B,WAAW,CAAC,EAAE,MAAM,GACnB,OAAO,CAAC,MAAM,CAAC,CA4CjB;AAED;;;;;GAKG;AACH,wBAAsB,sBAAsB,CAC1C,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,0BAA0B,CAAC,CAkDrC"}

package/dist/lib/services/session_token_service.js

@@ -2,6 +2,7 @@
 // Uses jose library for Edge-compatible JWT operations
 // section: imports
 import { SignJWT, jwtVerify } from "jose";
+import { HazoConfigError, HazoAuthError } from "hazo_core";
 import { create_app_logger } from "../app_logger.js";
 import { get_filename, get_line_number } from "../utils/api_route_helpers.js";
 // section: helpers
@@ -19,7 +20,7 @@ function get_jwt_secret() {
             line_number: get_line_number(),
             error: "JWT_SECRET environment variable is required",
         });
-        throw new Error("JWT_SECRET environment variable is required");
+        throw new HazoConfigError({ code: 'HAZO_AUTH_CONFIG', pkg: 'hazo_auth', message: 'JWT_SECRET environment variable is required' });
     }
     // Convert string secret to Uint8Array for jose
     return new TextEncoder().encode(jwt_secret);
@@ -79,7 +80,7 @@ export async function create_session_token(user_id, email, managed_by_user_id, t
             error_message,
             error_stack,
         });
-        throw new Error("Failed to create session token");
+        throw new HazoAuthError({ code: 'HAZO_AUTH_INVALID_TOKEN', pkg: 'hazo_auth', message: 'Failed to create session token' });
     }
 }
 /**

package/dist/lib/utils/api_route_helpers.d.ts

@@ -1,13 +1,2 @@
-/**
- * Gets the filename from the call stack
- * This is a simplified version that extracts the filename from the error stack
- * @returns Filename or "route.ts" as default
- */
-export declare function get_filename(): string;
-/**
- * Gets the line number from the call stack
- * This is a simplified version that extracts the line number from the error stack
- * @returns Line number or 0
- */
-export declare function get_line_number(): number;
+export { get_filename, get_line_number } from 'hazo_logs';
 //# sourceMappingURL=api_route_helpers.d.ts.map

package/dist/lib/utils/api_route_helpers.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"api_route_helpers.d.ts","sourceRoot":"","sources":["../../../src/lib/utils/api_route_helpers.ts"],"names":[],"mappings":"AAEA;;;;GAIG;AACH,wBAAgB,YAAY,IAAI,MAAM,CAsBrC;AAED;;;;GAIG;AACH,wBAAgB,eAAe,IAAI,MAAM,CAsBxC"}
+{"version":3,"file":"api_route_helpers.d.ts","sourceRoot":"","sources":["../../../src/lib/utils/api_route_helpers.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC"}

package/dist/lib/utils/api_route_helpers.js

@@ -1,58 +1,5 @@
 // file_description: shared helper functions for API routes to get filename and line number
-// section: helpers
-/**
- * Gets the filename from the call stack
- * This is a simplified version that extracts the filename from the error stack
- * @returns Filename or "route.ts" as default
- */
-export function get_filename() {
-    try {
-        const stack = new Error().stack;
-        if (!stack) {
-            return "route.ts";
-        }
-        // Parse stack trace to find the caller's file
-        const lines = stack.split("\n");
-        // Skip Error line and get_filename line, get the actual caller
-        for (let i = 2; i < lines.length; i++) {
-            const line = lines[i];
-            // Match file paths in stack trace (e.g., "at /path/to/file.ts:123:45")
-            const match = line.match(/([^/\\]+\.tsx?):(\d+):(\d+)/);
-            if (match) {
-                return match[1];
-            }
-        }
-        return "route.ts";
-    }
-    catch (_a) {
-        return "route.ts";
-    }
-}
-/**
- * Gets the line number from the call stack
- * This is a simplified version that extracts the line number from the error stack
- * @returns Line number or 0
- */
-export function get_line_number() {
-    try {
-        const stack = new Error().stack;
-        if (!stack) {
-            return 0;
-        }
-        // Parse stack trace to find the caller's line number
-        const lines = stack.split("\n");
-        // Skip Error line and get_line_number line, get the actual caller
-        for (let i = 2; i < lines.length; i++) {
-            const line = lines[i];
-            // Match line numbers in stack trace (e.g., "at /path/to/file.ts:123:45")
-            const match = line.match(/([^/\\]+\.tsx?):(\d+):(\d+)/);
-            if (match) {
-                return parseInt(match[2], 10) || 0;
-            }
-        }
-        return 0;
-    }
-    catch (_a) {
-        return 0;
-    }
-}
+// Canonical location moved to hazo_logs/src/lib/utils/caller_info.ts.
+// This re-export maintains backward compatibility for hazo_auth consumers.
+// Will be removed in hazo_auth v9 — import from 'hazo_logs' directly.
+export { get_filename, get_line_number } from 'hazo_logs';

package/dist/lib/utils/get_origin_url.d.ts

@@ -1,23 +1,2 @@
-/**
- * Gets the public-facing origin URL for redirect construction.
- *
- * Behind reverse proxies (Cloudflare, nginx, etc.), `request.url` contains the
- * internal address (e.g. `http://localhost:3000`), not the public domain.
- * This function returns the correct origin from environment variables.
- *
- * Priority: NEXTAUTH_URL > APP_DOMAIN_NAME > NEXT_PUBLIC_APP_URL > APP_URL > request.url
- *
- * @param request_url - The request.url to use as fallback
- * @returns The origin URL (e.g. "https://gotimer.org")
- */
-export declare function get_origin_url(request_url: string): string;
-/**
- * Creates a URL using the public-facing origin instead of request.url.
- * Drop-in replacement for `new URL(path, request.url)` in route handlers.
- *
- * @param path - The path or relative URL (e.g. "/hazo_auth/login")
- * @param request_url - The request.url (used as fallback only)
- * @returns A URL object with the correct public origin
- */
-export declare function create_redirect_url(path: string, request_url: string): URL;
+export { get_origin_url, create_redirect_url } from 'hazo_core';
 //# sourceMappingURL=get_origin_url.d.ts.map

package/dist/lib/utils/get_origin_url.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"get_origin_url.d.ts","sourceRoot":"","sources":["../../../src/lib/utils/get_origin_url.ts"],"names":[],"mappings":"AAKA;;;;;;;;;;;GAWG;AACH,wBAAgB,cAAc,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,CA8B1D;AAED;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,GAAG,CAG1E"}
+{"version":3,"file":"get_origin_url.d.ts","sourceRoot":"","sources":["../../../src/lib/utils/get_origin_url.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,cAAc,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC"}

package/dist/lib/utils/get_origin_url.js

@@ -1,57 +1,5 @@
-// file_description: Resolves the public-facing origin URL for constructing redirects
-// When running behind a reverse proxy (Cloudflare, nginx), request.url resolves to
-// the internal address (e.g. http://localhost:3000). This utility returns the correct
-// public origin using NEXTAUTH_URL, falling back to request.url.
-/**
- * Gets the public-facing origin URL for redirect construction.
- *
- * Behind reverse proxies (Cloudflare, nginx, etc.), `request.url` contains the
- * internal address (e.g. `http://localhost:3000`), not the public domain.
- * This function returns the correct origin from environment variables.
- *
- * Priority: NEXTAUTH_URL > APP_DOMAIN_NAME > NEXT_PUBLIC_APP_URL > APP_URL > request.url
- *
- * @param request_url - The request.url to use as fallback
- * @returns The origin URL (e.g. "https://gotimer.org")
- */
-export function get_origin_url(request_url) {
-    // NEXTAUTH_URL is the standard for NextAuth.js apps
-    const nextauth_url = process.env.NEXTAUTH_URL;
-    if (nextauth_url) {
-        return nextauth_url.replace(/\/$/, "");
-    }
-    // APP_DOMAIN_NAME (with protocol handling)
-    const app_domain = process.env.APP_DOMAIN_NAME;
-    if (app_domain) {
-        const domain = app_domain.trim();
-        if (domain.startsWith("http://") || domain.startsWith("https://")) {
-            return domain.replace(/\/$/, "");
-        }
-        return `https://${domain}`;
-    }
-    // Other common env vars
-    const env_url = process.env.NEXT_PUBLIC_APP_URL || process.env.APP_URL;
-    if (env_url) {
-        return env_url.replace(/\/$/, "");
-    }
-    // Fallback to request.url (works in development without a proxy)
-    try {
-        const url = new URL(request_url);
-        return url.origin;
-    }
-    catch (_a) {
-        return request_url;
-    }
-}
-/**
- * Creates a URL using the public-facing origin instead of request.url.
- * Drop-in replacement for `new URL(path, request.url)` in route handlers.
- *
- * @param path - The path or relative URL (e.g. "/hazo_auth/login")
- * @param request_url - The request.url (used as fallback only)
- * @returns A URL object with the correct public origin
- */
-export function create_redirect_url(path, request_url) {
-    const origin = get_origin_url(request_url);
-    return new URL(path, origin);
-}
+// file_description: Re-exports get_origin_url and create_redirect_url from hazo_core.
+// Canonical location moved to hazo_core/http in hazo_core v1.
+// This re-export maintains backward compatibility for hazo_auth consumers.
+// Will be removed in hazo_auth v9 — import from 'hazo_core' directly.
+export { get_origin_url, create_redirect_url } from 'hazo_core';

package/dist/lib/utils.d.ts

@@ -1,4 +1,3 @@
-import { type ClassValue } from "clsx";
-export declare function merge_class_names(...inputs: ClassValue[]): string;
-export declare const cn: (...inputs: ClassValue[]) => string;
+export { cn } from "hazo_ui";
+export { cn as merge_class_names } from "hazo_ui";
 //# sourceMappingURL=utils.d.ts.map

package/dist/lib/utils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/lib/utils.ts"],"names":[],"mappings":"AACA,OAAO,EAAQ,KAAK,UAAU,EAAE,MAAM,MAAM,CAAC;AAI7C,wBAAgB,iBAAiB,CAAC,GAAG,MAAM,EAAE,UAAU,EAAE,UAExD;AAGD,eAAO,MAAM,EAAE,GAAI,GAAG,QAAQ,UAAU,EAAE,WAAiC,CAAC"}
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/lib/utils.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,EAAE,EAAE,MAAM,SAAS,CAAC;AAG7B,OAAO,EAAE,EAAE,IAAI,iBAAiB,EAAE,MAAM,SAAS,CAAC"}

package/dist/lib/utils.js

@@ -1,9 +1,4 @@
-// file_description: provide shared utility helpers for the hazo_auth project
-import { clsx } from "clsx";
-import { twMerge } from "tailwind-merge";
-// section: tailwind_merge_helper
-export function merge_class_names(...inputs) {
-    return twMerge(clsx(inputs));
-}
-// section: shadcn_compatibility_helper
-export const cn = (...inputs) => merge_class_names(...inputs);
+// file_description: re-exports cn and merge_class_names from hazo_ui (canonical source)
+export { cn } from "hazo_ui";
+// merge_class_names alias — kept for backward compatibility
+export { cn as merge_class_names } from "hazo_ui";

package/dist/server/config/config_loader.js

@@ -4,7 +4,7 @@ import fs from "fs";
 import path from "path";
 import axios from "axios";
 import { HazoConfig } from "hazo_config/server";
-import { createLogger } from "hazo_logs";
+import { createLogger } from "hazo_core";
 const is_string_record = (value) => !!value &&
     typeof value === "object" &&
     !Array.isArray(value) &&
@@ -268,7 +268,7 @@ export const load_runtime_configuration = (options) => {
     const fallback_logger = createLogger("hazo_auth_config");
     const parsed_options = sanitize_configuration_options(options, fallback_logger);
     const direct_configuration = parsed_options.direct_configuration;
-    const logger = (_a = direct_configuration === null || direct_configuration === void 0 ? void 0 : direct_configuration.logger) !== null && _a !== void 0 ? _a : fallback_logger;
+    const logger = ((_a = direct_configuration === null || direct_configuration === void 0 ? void 0 : direct_configuration.logger) !== null && _a !== void 0 ? _a : fallback_logger);
     let hazo_config;
     try {
         const config_file_path = (_b = parsed_options === null || parsed_options === void 0 ? void 0 : parsed_options.config_file_path) !== null && _b !== void 0 ? _b : default_config_path;

package/dist/server/index.js

@@ -3,7 +3,7 @@ var _a;
 // section: imports
 import http from "http";
 import { create_server_app } from "./server.js";
-import { createLogger } from "hazo_logs";
+import { createLogger } from "hazo_core";
 // section: constants
 const default_port = Number((_a = process.env.PORT) !== null && _a !== void 0 ? _a : 4100);
 // section: bootstrap_runner

package/dist/server/routes/remove_profile_picture.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"remove_profile_picture.d.ts","sourceRoot":"","sources":["../../../src/server/routes/remove_profile_picture.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAOxD,wBAAsB,MAAM,CAAC,OAAO,EAAE,WAAW;;;;;IAkGhD"}
+{"version":3,"file":"remove_profile_picture.d.ts","sourceRoot":"","sources":["../../../src/server/routes/remove_profile_picture.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAQxD,wBAAsB,MAAM,CAAC,OAAO,EAAE,WAAW;;;;;IAsGhD"}

package/dist/server/routes/remove_profile_picture.js

@@ -5,6 +5,7 @@ import { get_hazo_connect_instance } from "../../lib/hazo_connect_instance.serve
 import { create_app_logger } from "../../lib/app_logger.js";
 import { remove_user_profile_picture } from "../../lib/services/profile_picture_remove_service.js";
 import { get_filename, get_line_number } from "../../lib/utils/api_route_helpers.js";
+import { optional_import } from "hazo_core";
 // section: api_handler
 export async function DELETE(request) {
     const logger = create_app_logger();
@@ -36,7 +37,11 @@ export async function DELETE(request) {
                 return NextResponse.json({ error: "Relationship accounts not enabled" }, { status: 403 });
             }
             const hazoConnect_rel = get_hazo_connect_instance();
-            const { createCrudService } = await import("hazo_connect/server");
+            const hazo_connect_module = await optional_import("hazo_connect/server");
+            if (!hazo_connect_module) {
+                return NextResponse.json({ error: "hazo_connect not available" }, { status: 503 });
+            }
+            const { createCrudService } = hazo_connect_module;
             const rel_service = createCrudService(hazoConnect_rel, "hazo_user_relationships");
             const rels = await rel_service.findBy({ parent_user_id: user_id, child_user_id: target_user_id });
             if (!rels || rels.length === 0) {

package/dist/server/routes/upload_profile_picture.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"upload_profile_picture.d.ts","sourceRoot":"","sources":["../../../src/server/routes/upload_profile_picture.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAaxD,wBAAsB,IAAI,CAAC,OAAO,EAAE,WAAW;;;;;;IAkR9C"}
+{"version":3,"file":"upload_profile_picture.d.ts","sourceRoot":"","sources":["../../../src/server/routes/upload_profile_picture.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAcxD,wBAAsB,IAAI,CAAC,OAAO,EAAE,WAAW;;;;;;IAsR9C"}

package/dist/server/routes/upload_profile_picture.js

@@ -9,6 +9,7 @@ import { update_user_profile_picture } from "../../lib/services/profile_picture_
 import { createCrudService } from "hazo_connect/server";
 import { map_db_source_to_ui } from "../../lib/services/profile_picture_source_mapper.js";
 import { get_filename, get_line_number } from "../../lib/utils/api_route_helpers.js";
+import { optional_import } from "hazo_core";
 import fs from "fs";
 import path from "path";
 // section: api_handler
@@ -42,7 +43,11 @@ export async function POST(request) {
                 return NextResponse.json({ error: "Relationship accounts not enabled" }, { status: 403 });
             }
             const hazoConnect = get_hazo_connect_instance();
-            const { createCrudService: createRelCrudService } = await import("hazo_connect/server");
+            const hazo_connect_module = await optional_import("hazo_connect/server");
+            if (!hazo_connect_module) {
+                return NextResponse.json({ error: "hazo_connect not available" }, { status: 503 });
+            }
+            const { createCrudService: createRelCrudService } = hazo_connect_module;
             const rel_service = createRelCrudService(hazoConnect, "hazo_user_relationships");
             const rels = await rel_service.findBy({ parent_user_id: user_id, child_user_id: target_user_id });
             if (!rels || rels.length === 0) {

package/dist/server/routes/user_management_users.d.ts

@@ -26,7 +26,7 @@ export declare function GET(request: NextRequest): Promise<NextResponse<{
         profile_source: {} | null;
         user_type: string | null;
         app_user_data: Record<string, unknown> | null;
-        legal_acceptance_status: "current" | "outdated" | "none";
+        legal_acceptance_status: "current" | "none" | "outdated";
     }[];
 }>>;
 /**

package/dist/server/server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/server/server.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAK3C,eAAO,MAAM,iBAAiB,QAAO,WAcpC,CAAC"}
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/server/server.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAM3C,eAAO,MAAM,iBAAiB,QAAO,WAoBpC,CAAC"}

package/dist/server/server.js

@@ -7,6 +7,7 @@ import cookie_parser from "cookie-parser";
 import compression from "compression";
 import { create_root_router } from "./routes/root_router.js";
 import { create_app_context } from "./config/config_loader.js";
+import { withContext, generateRequestId, REQUEST_ID_HEADER } from "hazo_core";
 // section: app_factory
 export const create_server_app = () => {
     const server_app = express();
@@ -15,6 +16,12 @@ export const create_server_app = () => {
     server_app.use(express.json({ limit: "1mb" }));
     server_app.use(express.urlencoded({ extended: true }));
     server_app.use(cookie_parser());
+    server_app.use((request, response, next) => {
+        var _a;
+        const correlationId = (_a = request.headers[REQUEST_ID_HEADER]) !== null && _a !== void 0 ? _a : generateRequestId();
+        response.setHeader(REQUEST_ID_HEADER, correlationId);
+        withContext({ correlationId }, () => next());
+    });
     server_app.use(compression());
     server_app.use((request, _response, next) => {
         request.context = create_app_context();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hazo_auth",
-  "version": "8.0.1",
+  "version": "9.0.0",
   "description": "Zero-config authentication UI components for Next.js with RBAC, OAuth, scope-based multi-tenancy, and invitations",
   "keywords": [
     "authentication",
@@ -206,8 +206,8 @@
     "dev:server": "tsx src/server/index.ts",
     "migrate": "tsx scripts/apply_migration.ts",
     "init-users": "tsx scripts/init_users.ts init_users",
-    "test": "cross-env NODE_ENV=test POSTGREST_URL=http://209.38.26.241:4402 POSTGREST_API_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiYXBpX3VzZXIifQ.zBoUGymrxTUk1DNYIGUCtQU4HFaWEHlbE9_8Y3hUaTw jest --runInBand",
-    "test:watch": "cross-env NODE_ENV=test POSTGREST_URL=http://209.38.26.241:4402 POSTGREST_API_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiYXBpX3VzZXIifQ.zBoUGymrxTUk1DNYIGUCtQU4HFaWEHlbE9_8Y3hUaTw jest --watch"
+    "test": "cross-env NODE_ENV=test jest --runInBand",
+    "test:watch": "cross-env NODE_ENV=test jest --watch"
   },
   "dependencies": {
     "axios": "^1.13.2",
@@ -252,13 +252,16 @@
     "@radix-ui/react-switch": "^1.2.0",
     "@radix-ui/react-tabs": "^1.1.0",
     "@radix-ui/react-tooltip": "^1.2.0",
-    "hazo_config": "^2.1.0",
-    "hazo_connect": "^2.4.0",
-    "hazo_logs": "^1.0.13",
-    "hazo_notify": "^3.0.0",
-    "hazo_ui": "^2.17.0",
+    "hazo_api": "^2.1.0",
+    "hazo_config": "^2.1.5",
+    "hazo_connect": "^3.0.0",
+    "hazo_core": "^1.0.0",
+    "hazo_logs": "^2.0.0",
+    "hazo_notify": "^6.0.0",
+    "hazo_ui": "^3.1.0",
+    "input-otp": "^1.4.0",
     "lucide-react": "^0.553.0",
-    "next": ">=14.0.0",
+    "next": "^14.0.0",
     "next-auth": "^4.24.0",
     "next-themes": "^0.4.0",
     "react": "^18.0.0 || ^19.0.0",
@@ -266,12 +269,18 @@
     "sonner": "^2.0.7"
   },
   "peerDependenciesMeta": {
+    "hazo_api": {
+      "optional": true
+    },
     "hazo_config": {
       "optional": false
     },
     "hazo_connect": {
       "optional": false
     },
+    "hazo_core": {
+      "optional": false
+    },
     "hazo_logs": {
       "optional": false
     },
@@ -331,6 +340,9 @@
     },
     "lucide-react": {
       "optional": true
+    },
+    "input-otp": {
+      "optional": true
     }
   },
   "devDependencies": {
@@ -376,11 +388,14 @@
     "eslint": "^9.39.1",
     "eslint-config-next": "^16.0.4",
     "eslint-plugin-storybook": "^10.0.6",
-    "hazo_config": "^2.1.0",
-    "hazo_connect": "^2.4.0",
-    "hazo_logs": "^1.0.13",
-    "hazo_notify": "^3.0.0",
-    "hazo_ui": "^2.17.0",
+    "hazo_api": "^2.1.0",
+    "hazo_config": "^2.1.6",
+    "hazo_connect": "^3.0.0",
+    "hazo_core": "^1.0.0",
+    "hazo_logs": "^2.0.1",
+    "hazo_notify": "^6.0.0",
+    "hazo_ui": "^3.1.0",
+    "input-otp": "^1.4.0",
     "jest": "^30.2.0",
     "jest-environment-jsdom": "^30.0.0",
     "lucide-react": "^0.553.0",