mates-fullstack 1.0.0-beta.1

package/dist/head.js

@@ -0,0 +1,245 @@
+/**
+ * mates-fullstack — head.ts
+ *
+ * Builds the final HTML page by reading client/index.html as a template and
+ * replacing three markers:
+ *   - <!-- mates:css -->     → CSS bundle link
+ *   - <!-- mates:ssr -->     → SSR-rendered app HTML
+ *   - <!-- mates:scripts --> → dev helpers + client bundle script
+ */
+import fs from "node:fs";
+import path from "node:path";
+import { CRASH_OVERLAY_MODULE, RELOAD_ENDPOINT } from "./internal-prefixes.js";
+export const MARKER_CSS = "<!-- mates:css -->";
+export const MARKER_SSR = "<!-- mates:ssr -->";
+export const MARKER_SCRIPTS = "<!-- mates:scripts -->";
+/**
+ * Dev-only HMR runtime, injected inline into the page <body>.
+ *
+ * Connects to the SSE reload endpoint and reacts to structured update
+ * messages:
+ *   - { kind: "css", css } → swap the single linked stylesheet.
+ *   - anything else        → full page reload.
+ *
+ * The first message after (re)connecting only establishes a baseline
+ * generation, so a fresh page load never triggers a spurious reload.
+ */
+const HMR_CLIENT = `(function () {
+  var ENDPOINT = ${JSON.stringify(RELOAD_ENDPOINT)};
+  var lastGen = null;
+  var accepted = Object.create(null);
+  var components = Object.create(null);
+
+  window.__mates_hmr = {
+    components: components,
+    createHotContext: function (id) {
+      return {
+        accept: function (cb) {
+          accepted[id] = cb || function (mod) { window.__mates_hmr.updateModule(id, mod); };
+        },
+        invalidate: function () {
+          location.reload();
+        }
+      };
+    },
+    registerComponent: function (id, impl, meta) {
+      components[id] = impl;
+      if (meta) {
+        try { Object.defineProperty(impl, '__mates_hmr_file', { value: normalizeModuleId(meta.file), configurable: true }); } catch (e) {}
+        try { Object.defineProperty(impl, '__mates_hmr_export', { value: meta.exportName, configurable: true }); } catch (e) {}
+      }
+    },
+    updateModule: function (path, mod) {
+      var file = normalizeModuleId(path);
+      var records = [];
+      Object.keys(mod || {}).forEach(function (name) {
+        var value = mod[name];
+        if (typeof value !== 'function') return;
+        var id = file + '::' + name;
+        try { Object.defineProperty(value, '__mates_hmr_id', { value: id, configurable: true }); } catch (e) {}
+        try { Object.defineProperty(value, '__mates_hmr_file', { value: file, configurable: true }); } catch (e) {}
+        try { Object.defineProperty(value, '__mates_hmr_export', { value: name, configurable: true }); } catch (e) {}
+        components[id] = value;
+        records.push({ id: id, file: file, exportName: name });
+      });
+      if (records.length) refreshComponents(records);
+    }
+  };
+
+  function refreshComponents(records) {
+    var byId = Object.create(null);
+    var byFileExport = Object.create(null);
+    records.forEach(function (record) {
+      byId[record.id] = record;
+      byFileExport[record.file + '::' + record.exportName] = record;
+    });
+    var refreshed = 0;
+    document.querySelectorAll('x-view').forEach(function (node) {
+      var view = node.view;
+      if (typeof view !== 'function') return;
+      var record = byId[view.__mates_hmr_id];
+      if (!record && view.__mates_hmr_file && view.__mates_hmr_export) {
+        record = byFileExport[normalizeModuleId(view.__mates_hmr_file) + '::' + view.__mates_hmr_export];
+      }
+      if (!record) return;
+      var next = components[record.id];
+      if (!next) return;
+      if (typeof node._hotRefresh === 'function') {
+        node._hotRefresh();
+      } else {
+        // Fallback for apps still running an older built mates package:
+        // swap the x-view's view function directly. The setter schedules a
+        // render and performs existing view-change cleanup.
+        try { node.oldView = undefined; } catch (e) {}
+        node.view = next;
+      }
+      refreshed++;
+    });
+    console.info('[mates] js hot-update', records.map(function (r) { return r.id; }), 'refreshed:', refreshed);
+    if (refreshed === 0) location.reload();
+  }
+
+  function normalizeModuleId(url) {
+    try {
+      var u = new URL(url, location.href);
+      return u.pathname;
+    } catch (e) {
+      return url.split('?')[0];
+    }
+  }
+
+  function swapCss(href, token) {
+    var url = href + (href.indexOf("?") >= 0 ? "&" : "?") + "t=" + token;
+    var links = document.querySelectorAll(
+      'link[data-mates-css], link[rel="stylesheet"]'
+    );
+    var swapped = false;
+    for (var i = 0; i < links.length; i++) {
+      var old = links[i];
+      var current = old.getAttribute("href") || "";
+      if (current.split("?")[0] !== href.split("?")[0]) continue;
+      var next = old.cloneNode(false);
+      next.setAttribute("href", url);
+      next.onload = next.onerror = function () {
+        if (old.parentNode) old.parentNode.removeChild(old);
+      };
+      old.parentNode.insertBefore(next, old.nextSibling);
+      swapped = true;
+    }
+    if (!swapped) location.reload();
+  }
+
+  function handle(data) {
+    var msg;
+    try {
+      msg = JSON.parse(data);
+    } catch (e) {
+      msg = { t: data, kind: "reload" };
+    }
+    if (lastGen === null) {
+      lastGen = msg.t;
+      return;
+    }
+    if (msg.t === lastGen) return;
+    lastGen = msg.t;
+    if (msg.kind === "css" && msg.css) {
+      console.info("[mates] css link hot-update");
+      swapCss(msg.css, msg.t);
+      return;
+    }
+    if (msg.kind === "js" && msg.path) {
+      var id = normalizeModuleId(msg.path);
+      var cb = accepted[id];
+      if (!cb) {
+        location.reload();
+        return;
+      }
+      import(msg.path + (msg.path.indexOf('?') >= 0 ? '&' : '?') + 't=' + msg.t)
+        .then(function (mod) { cb(mod); })
+        .catch(function () { location.reload(); });
+      return;
+    }
+    location.reload();
+  }
+
+  function connect() {
+    var es = new EventSource(ENDPOINT);
+    es.onmessage = function (e) {
+      handle(e.data);
+    };
+    es.onerror = function () {
+      es.close();
+      setTimeout(connect, 500);
+    };
+  }
+  connect();
+})();`;
+const DEFAULT_INDEX_HTML = `<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1" />
+    <!-- mates:css -->
+  </head>
+  <body>
+    <div id="app"><!-- mates:ssr --></div>
+    <!-- mates:scripts -->
+  </body>
+</html>
+`;
+export function buildShell({ projectRoot, bodyHtml, dev = false, clientEntry, cssUrl, ssrStyles, importMap = null, }) {
+    const template = readIndexHtml(projectRoot);
+    const cssHtml = cssUrl
+        ? `<link rel="stylesheet"${dev ? " data-mates-css" : ""} href="${_escapeAttr(cssUrl)}">`
+        : "";
+    // CSS-in-JS styles collected during SSR — inject into <head>
+    const ssrStylesHtml = ssrStyles
+        ? `<style id="mates-ssr-styles">${_escapeAttr(ssrStyles)}</style>`
+        : "";
+    const scripts = [];
+    if (dev && importMap && Object.keys(importMap).length > 0) {
+        scripts.push(`<script type="importmap">${JSON.stringify({ imports: importMap })}</script>`);
+    }
+    if (dev) {
+        scripts.push(`<script>${HMR_CLIENT}</script>`);
+        scripts.push(`<script type="module" src="${CRASH_OVERLAY_MODULE}"></script>`);
+    }
+    scripts.push(`<script type="module" src="${_escapeAttr(clientEntry)}"></script>`);
+    let html = template;
+    html = _injectOrFallback(html, MARKER_CSS, cssHtml + "\n    " + ssrStylesHtml, /<\/head>/i);
+    html = _injectSsr(html, bodyHtml);
+    html = _injectOrFallback(html, MARKER_SCRIPTS, scripts.join("\n    "), /<\/body>/i);
+    return html;
+}
+export function readIndexHtml(projectRoot) {
+    const indexPath = path.join(projectRoot, "client", "index.html");
+    return fs.existsSync(indexPath)
+        ? fs.readFileSync(indexPath, "utf-8")
+        : DEFAULT_INDEX_HTML;
+}
+function _injectOrFallback(html, marker, content, fallbackBefore) {
+    if (html.includes(marker))
+        return html.replace(marker, content);
+    if (!content)
+        return html;
+    return html.replace(fallbackBefore, `${content}\n$&`);
+}
+function _injectSsr(html, bodyHtml) {
+    if (html.includes(MARKER_SSR))
+        return html.replace(MARKER_SSR, bodyHtml);
+    // Marker-free fallback: support a normal <div id="app"></div> shell.
+    // This keeps index.html ergonomic while still allowing explicit markers.
+    const appDivRe = /<div\s+([^>]*\bid=["']app["'][^>]*)>[\s\S]*?<\/div>/i;
+    if (appDivRe.test(html)) {
+        return html.replace(appDivRe, `<div $1>${bodyHtml}</div>`);
+    }
+    // Last resort: inject at top of body.
+    return html.replace(/<body([^>]*)>/i, `<body$1>\n<div id="app">${bodyHtml}</div>`);
+}
+function _escapeAttr(str) {
+    return str
+        .replace(/&/g, "&amp;")
+        .replace(/"/g, "&quot;")
+        .replace(/'/g, "&#39;");
+}
+//# sourceMappingURL=head.js.map

package/dist/head.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"head.js","sourceRoot":"","sources":["../src/head.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAE/E,MAAM,CAAC,MAAM,UAAU,GAAG,oBAAoB,CAAC;AAC/C,MAAM,CAAC,MAAM,UAAU,GAAG,oBAAoB,CAAC;AAC/C,MAAM,CAAC,MAAM,cAAc,GAAG,wBAAwB,CAAC;AAEvD;;;;;;;;;;GAUG;AACH,MAAM,UAAU,GAAG;mBACA,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAoJ5C,CAAC;AAEP,MAAM,kBAAkB,GAAG;;;;;;;;;;;;CAY1B,CAAC;AAmBF,MAAM,UAAU,UAAU,CAAC,EACzB,WAAW,EACX,QAAQ,EACR,GAAG,GAAG,KAAK,EACX,WAAW,EACX,MAAM,EACN,SAAS,EACT,SAAS,GAAG,IAAI,GACE;IAClB,MAAM,QAAQ,GAAG,aAAa,CAAC,WAAW,CAAC,CAAC;IAE5C,MAAM,OAAO,GAAG,MAAM;QACpB,CAAC,CAAC,yBAAyB,GAAG,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,UAAU,WAAW,CAAC,MAAM,CAAC,IAAI;QACxF,CAAC,CAAC,EAAE,CAAC;IAEP,6DAA6D;IAC7D,MAAM,aAAa,GAAG,SAAS;QAC7B,CAAC,CAAC,gCAAgC,WAAW,CAAC,SAAS,CAAC,UAAU;QAClE,CAAC,CAAC,EAAE,CAAC;IAEP,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,IAAI,GAAG,IAAI,SAAS,IAAI,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,OAAO,CAAC,IAAI,CACV,4BAA4B,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC,WAAW,CAC9E,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,EAAE,CAAC;QACR,OAAO,CAAC,IAAI,CAAC,WAAW,UAAU,WAAW,CAAC,CAAC;QAC/C,OAAO,CAAC,IAAI,CACV,8BAA8B,oBAAoB,aAAa,CAChE,CAAC;IACJ,CAAC;IACD,OAAO,CAAC,IAAI,CACV,8BAA8B,WAAW,CAAC,WAAW,CAAC,aAAa,CACpE,CAAC;IAEF,IAAI,IAAI,GAAG,QAAQ,CAAC;IAEpB,IAAI,GAAG,iBAAiB,CACtB,IAAI,EACJ,UAAU,EACV,OAAO,GAAG,QAAQ,GAAG,aAAa,EAClC,WAAW,CACZ,CAAC;IACF,IAAI,GAAG,UAAU,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAClC,IAAI,GAAG,iBAAiB,CACtB,IAAI,EACJ,cAAc,EACd,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EACtB,WAAW,CACZ,CAAC;IAEF,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,WAAmB;IAC/C,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;IACjE,OAAO,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC;QAC7B,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC;QACrC,CAAC,CAAC,kBAAkB,CAAC;AACzB,CAAC;AAED,SAAS,iBAAiB,CACxB,IAAY,EACZ,MAAc,EACd,OAAe,EACf,cAAsB;IAEtB,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChE,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAC1B,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,GAAG,OAAO,MAAM,CAAC,CAAC;AACxD,CAAC;AAED,SAAS,UAAU,CAAC,IAAY,EAAE,QAAgB;IAChD,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC;QAAE,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IAEzE,qEAAqE;IACrE,yEAAyE;IACzE,MAAM,QAAQ,GAAG,sDAAsD,CAAC;IACxE,IAAI,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,WAAW,QAAQ,QAAQ,CAAC,CAAC;IAC7D,CAAC;IAED,sCAAsC;IACtC,OAAO,IAAI,CAAC,OAAO,CACjB,gBAAgB,EAChB,2BAA2B,QAAQ,QAAQ,CAC5C,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,OAAO,GAAG;SACP,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAC5B,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,30 @@
+/**
+ * mates-fullstack — public API barrel.
+ *
+ * Keep this entry intentionally small. App code should import framework-facing
+ * primitives from here; build/scanner/server internals live in
+ * `mates-fullstack/internal`.
+ */
+export { isDev } from "./log.js";
+export { type Context, type CookieOptions, type CookieHelper, parseCookieHeader, buildSetCookieHeader, } from "./ctx.js";
+export { ServerError, AppError, NotFoundError, AuthError, ForbiddenError, ValidationError, RateLimitError, registerErrorClass, serializeError, reconstructError, isMatesError, getErrorStatus, type SerializedError, } from "./errors.js";
+export { Redirect, redirect, isRedirect, serializeRedirect, isMatesRedirect, isExternalUrl, type SerializedRedirect, } from "./redirect.js";
+export { StreamResponse, stream, readSseStream, isStreamResponse, } from "./stream.js";
+export { Download, triggerBrowserDownload, isDownload, buildContentDisposition, } from "./download.js";
+export { onRequest, onResponse, onBeforeRPC, onAfterRPC, type RequestHook, type ResponseHook, type BeforeRPCHook, type AfterRPCHook, type AfterRPCInfo, } from "./middleware.js";
+export { jwt, type JwtPayload, type JwtSignOptions, type JwtVerifyOptions, type JwtInstance, } from "./jwt.js";
+export { matesAuth, auth, hashPassword, verifyPassword, type AuthDuration, type MatesAuthClaims, type MatesAuthContext, type MatesAuthOptions, type AuthLoginOptions, } from "./mates-auth.js";
+export { useArctic, arcticProvider, listArcticProviders, type ArcticBuiltInProvider, type ArcticTokenSet, type ArcticProfile, type ArcticProviderConfig, type ArcticProvidersConfig, type ArcticSuccessHandler, type ArcticUseOptions, type ArcticProviderHandler, type ArcticCustomProvider, type ArcticProfileLoader, } from "./arctic-auth.js";
+export { rateLimit, type RateLimitOptions } from "./rate-limit.js";
+export { useSecurityHeaders, type SecurityHeadersOptions, } from "./security-headers.js";
+export { useCors, type CorsOptions } from "./cors.js";
+export { requestLogger, type RequestLoggerOptions } from "./request-logger.js";
+export { type SocketCtx, onSocketConnect, clearSocketConnectHooks, } from "./socket-router.js";
+export { setServerTimeout } from "./server-timeout.js";
+export { rest, type RestHandler, type RestMethod } from "./rest.js";
+export { useSsoProvider, useSsoClient, type SsoProviderOptions, type SsoClientOptions, } from "./sso.js";
+export { logger, configureLogger, generateRequestId, type Logger, type LogLevel, type LogFormat, type LoggerConfig, } from "./logger.js";
+export { sanitizeBody, sanitizeString, SanitizeError, type SanitizeMode, type SanitizeConfig, } from "./sanitize.js";
+export { validate, validateAll, type ValidatorFn } from "./validate.js";
+export { parseUpload, UploadError, type UploadOptions, type ParsedUpload, } from "./upload.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,UAAU,CAAC;AAEjC,OAAO,EACL,KAAK,OAAO,EACZ,KAAK,aAAa,EAClB,KAAK,YAAY,EACjB,iBAAiB,EACjB,oBAAoB,GACrB,MAAM,UAAU,CAAC;AAElB,OAAO,EACL,WAAW,EACX,QAAQ,EACR,aAAa,EACb,SAAS,EACT,cAAc,EACd,eAAe,EACf,cAAc,EACd,kBAAkB,EAClB,cAAc,EACd,gBAAgB,EAChB,YAAY,EACZ,cAAc,EACd,KAAK,eAAe,GACrB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,QAAQ,EACR,QAAQ,EACR,UAAU,EACV,iBAAiB,EACjB,eAAe,EACf,aAAa,EACb,KAAK,kBAAkB,GACxB,MAAM,eAAe,CAAC;AAEvB,OAAO,EACL,cAAc,EACd,MAAM,EACN,aAAa,EACb,gBAAgB,GACjB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,QAAQ,EACR,sBAAsB,EACtB,UAAU,EACV,uBAAuB,GACxB,MAAM,eAAe,CAAC;AAEvB,OAAO,EACL,SAAS,EACT,UAAU,EACV,WAAW,EACX,UAAU,EACV,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,KAAK,aAAa,EAClB,KAAK,YAAY,EACjB,KAAK,YAAY,GAClB,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EACL,GAAG,EACH,KAAK,UAAU,EACf,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACrB,KAAK,WAAW,GACjB,MAAM,UAAU,CAAC;AAElB,OAAO,EACL,SAAS,EACT,IAAI,EACJ,YAAY,EACZ,cAAc,EACd,KAAK,YAAY,EACjB,KAAK,eAAe,EACpB,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,GACtB,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EACL,SAAS,EACT,cAAc,EACd,mBAAmB,EACnB,KAAK,qBAAqB,EAC1B,KAAK,cAAc,EACnB,KAAK,aAAa,EAClB,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,EAC1B,KAAK,oBAAoB,EACzB,KAAK,gBAAgB,EACrB,KAAK,qBAAqB,EAC1B,KAAK,oBAAoB,EACzB,KAAK,mBAAmB,GACzB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EAAE,SAAS,EAAE,KAAK,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAEnE,OAAO,EACL,kBAAkB,EAClB,KAAK,sBAAsB,GAC5B,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,OAAO,EAAE,KAAK,WAAW,EAAE,MAAM,WAAW,CAAC;AAEtD,OAAO,EAAE,aAAa,EAAE,KAAK,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAE/E,OAAO,EACL,KAAK,SAAS,EACd,eAAe,EACf,uBAAuB,GACxB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAEvD,OAAO,EAAE,IAAI,EAAE,KAAK,WAAW,EAAE,KAAK,UAAU,EAAE,MAAM,WAAW,CAAC;AAEpE,OAAO,EACL,cAAc,EACd,YAAY,EACZ,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,GACtB,MAAM,UAAU,CAAC;AAElB,OAAO,EACL,MAAM,EACN,eAAe,EACf,iBAAiB,EACjB,KAAK,MAAM,EACX,KAAK,QAAQ,EACb,KAAK,SAAS,EACd,KAAK,YAAY,GAClB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,YAAY,EACZ,cAAc,EACd,aAAa,EACb,KAAK,YAAY,EACjB,KAAK,cAAc,GACpB,MAAM,eAAe,CAAC;AAEvB,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,KAAK,WAAW,EAAE,MAAM,eAAe,CAAC;AAExE,OAAO,EACL,WAAW,EACX,WAAW,EACX,KAAK,aAAa,EAClB,KAAK,YAAY,GAClB,MAAM,aAAa,CAAC"}

package/dist/index.js

@@ -0,0 +1,30 @@
+/**
+ * mates-fullstack — public API barrel.
+ *
+ * Keep this entry intentionally small. App code should import framework-facing
+ * primitives from here; build/scanner/server internals live in
+ * `mates-fullstack/internal`.
+ */
+export { isDev } from "./log.js";
+export { parseCookieHeader, buildSetCookieHeader, } from "./ctx.js";
+export { ServerError, AppError, NotFoundError, AuthError, ForbiddenError, ValidationError, RateLimitError, registerErrorClass, serializeError, reconstructError, isMatesError, getErrorStatus, } from "./errors.js";
+export { Redirect, redirect, isRedirect, serializeRedirect, isMatesRedirect, isExternalUrl, } from "./redirect.js";
+export { StreamResponse, stream, readSseStream, isStreamResponse, } from "./stream.js";
+export { Download, triggerBrowserDownload, isDownload, buildContentDisposition, } from "./download.js";
+export { onRequest, onResponse, onBeforeRPC, onAfterRPC, } from "./middleware.js";
+export { jwt, } from "./jwt.js";
+export { matesAuth, auth, hashPassword, verifyPassword, } from "./mates-auth.js";
+export { useArctic, arcticProvider, listArcticProviders, } from "./arctic-auth.js";
+export { rateLimit } from "./rate-limit.js";
+export { useSecurityHeaders, } from "./security-headers.js";
+export { useCors } from "./cors.js";
+export { requestLogger } from "./request-logger.js";
+export { onSocketConnect, clearSocketConnectHooks, } from "./socket-router.js";
+export { setServerTimeout } from "./server-timeout.js";
+export { rest } from "./rest.js";
+export { useSsoProvider, useSsoClient, } from "./sso.js";
+export { logger, configureLogger, generateRequestId, } from "./logger.js";
+export { sanitizeBody, sanitizeString, SanitizeError, } from "./sanitize.js";
+export { validate, validateAll } from "./validate.js";
+export { parseUpload, UploadError, } from "./upload.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,UAAU,CAAC;AAEjC,OAAO,EAIL,iBAAiB,EACjB,oBAAoB,GACrB,MAAM,UAAU,CAAC;AAElB,OAAO,EACL,WAAW,EACX,QAAQ,EACR,aAAa,EACb,SAAS,EACT,cAAc,EACd,eAAe,EACf,cAAc,EACd,kBAAkB,EAClB,cAAc,EACd,gBAAgB,EAChB,YAAY,EACZ,cAAc,GAEf,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,QAAQ,EACR,QAAQ,EACR,UAAU,EACV,iBAAiB,EACjB,eAAe,EACf,aAAa,GAEd,MAAM,eAAe,CAAC;AAEvB,OAAO,EACL,cAAc,EACd,MAAM,EACN,aAAa,EACb,gBAAgB,GACjB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,QAAQ,EACR,sBAAsB,EACtB,UAAU,EACV,uBAAuB,GACxB,MAAM,eAAe,CAAC;AAEvB,OAAO,EACL,SAAS,EACT,UAAU,EACV,WAAW,EACX,UAAU,GAMX,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EACL,GAAG,GAKJ,MAAM,UAAU,CAAC;AAElB,OAAO,EACL,SAAS,EACT,IAAI,EACJ,YAAY,EACZ,cAAc,GAMf,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EACL,SAAS,EACT,cAAc,EACd,mBAAmB,GAWpB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EAAE,SAAS,EAAyB,MAAM,iBAAiB,CAAC;AAEnE,OAAO,EACL,kBAAkB,GAEnB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,OAAO,EAAoB,MAAM,WAAW,CAAC;AAEtD,OAAO,EAAE,aAAa,EAA6B,MAAM,qBAAqB,CAAC;AAE/E,OAAO,EAEL,eAAe,EACf,uBAAuB,GACxB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAEvD,OAAO,EAAE,IAAI,EAAqC,MAAM,WAAW,CAAC;AAEpE,OAAO,EACL,cAAc,EACd,YAAY,GAGb,MAAM,UAAU,CAAC;AAElB,OAAO,EACL,MAAM,EACN,eAAe,EACf,iBAAiB,GAKlB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,YAAY,EACZ,cAAc,EACd,aAAa,GAGd,MAAM,eAAe,CAAC;AAEvB,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAoB,MAAM,eAAe,CAAC;AAExE,OAAO,EACL,WAAW,EACX,WAAW,GAGZ,MAAM,aAAa,CAAC"}

package/dist/internal-prefixes.d.ts

@@ -0,0 +1,16 @@
+export declare const INTERNAL_SRC_PREFIX = "/_src";
+export declare const INTERNAL_PKG_PREFIX = "/_pkg";
+export declare const INTERNAL_ASSET_PREFIX = "/_asset";
+export declare const INTERNAL_MATES_PREFIX = "/_mates";
+export declare const RELOAD_ENDPOINT = "/__mates_reload";
+export declare const RUNTIME_RELOAD_ENDPOINT = "/__mates_runtime_reload";
+export declare const BROWSER_LOG_ENDPOINT = "/__mates_log";
+export declare const RPC_CLIENT_MODULE = "/_mates/rpc-client.js";
+export declare const ERRORS_MODULE = "/_mates/errors.js";
+export declare const STREAM_MODULE = "/_mates/stream.js";
+export declare const DOWNLOAD_MODULE = "/_mates/download.js";
+export declare const NAV_MODULE = "/_mates/nav.js";
+export declare const STACK_MAP_MODULE = "/_mates/stack-map.js";
+export declare const CRASH_OVERLAY_MODULE = "/_mates/crash-overlay.js";
+export declare const EMPTY_STYLE_MODULE = "/_mates/empty-style.js";
+//# sourceMappingURL=internal-prefixes.d.ts.map

package/dist/internal-prefixes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"internal-prefixes.d.ts","sourceRoot":"","sources":["../src/internal-prefixes.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,mBAAmB,UAAU,CAAC;AAC3C,eAAO,MAAM,mBAAmB,UAAU,CAAC;AAC3C,eAAO,MAAM,qBAAqB,YAAY,CAAC;AAC/C,eAAO,MAAM,qBAAqB,YAAY,CAAC;AAE/C,eAAO,MAAM,eAAe,oBAAoB,CAAC;AACjD,eAAO,MAAM,uBAAuB,4BAA4B,CAAC;AACjE,eAAO,MAAM,oBAAoB,iBAAiB,CAAC;AAEnD,eAAO,MAAM,iBAAiB,0BAA2C,CAAC;AAC1E,eAAO,MAAM,aAAa,sBAAuC,CAAC;AAClE,eAAO,MAAM,aAAa,sBAAuC,CAAC;AAClE,eAAO,MAAM,eAAe,wBAAyC,CAAC;AACtE,eAAO,MAAM,UAAU,mBAAoC,CAAC;AAC5D,eAAO,MAAM,gBAAgB,yBAA0C,CAAC;AACxE,eAAO,MAAM,oBAAoB,6BAA8C,CAAC;AAChF,eAAO,MAAM,kBAAkB,2BAA4C,CAAC"}

package/dist/internal-prefixes.js

@@ -0,0 +1,16 @@
+export const INTERNAL_SRC_PREFIX = "/_src";
+export const INTERNAL_PKG_PREFIX = "/_pkg";
+export const INTERNAL_ASSET_PREFIX = "/_asset";
+export const INTERNAL_MATES_PREFIX = "/_mates";
+export const RELOAD_ENDPOINT = "/__mates_reload";
+export const RUNTIME_RELOAD_ENDPOINT = "/__mates_runtime_reload";
+export const BROWSER_LOG_ENDPOINT = "/__mates_log";
+export const RPC_CLIENT_MODULE = `${INTERNAL_MATES_PREFIX}/rpc-client.js`;
+export const ERRORS_MODULE = `${INTERNAL_MATES_PREFIX}/errors.js`;
+export const STREAM_MODULE = `${INTERNAL_MATES_PREFIX}/stream.js`;
+export const DOWNLOAD_MODULE = `${INTERNAL_MATES_PREFIX}/download.js`;
+export const NAV_MODULE = `${INTERNAL_MATES_PREFIX}/nav.js`;
+export const STACK_MAP_MODULE = `${INTERNAL_MATES_PREFIX}/stack-map.js`;
+export const CRASH_OVERLAY_MODULE = `${INTERNAL_MATES_PREFIX}/crash-overlay.js`;
+export const EMPTY_STYLE_MODULE = `${INTERNAL_MATES_PREFIX}/empty-style.js`;
+//# sourceMappingURL=internal-prefixes.js.map

package/dist/internal-prefixes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"internal-prefixes.js","sourceRoot":"","sources":["../src/internal-prefixes.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,mBAAmB,GAAG,OAAO,CAAC;AAC3C,MAAM,CAAC,MAAM,mBAAmB,GAAG,OAAO,CAAC;AAC3C,MAAM,CAAC,MAAM,qBAAqB,GAAG,SAAS,CAAC;AAC/C,MAAM,CAAC,MAAM,qBAAqB,GAAG,SAAS,CAAC;AAE/C,MAAM,CAAC,MAAM,eAAe,GAAG,iBAAiB,CAAC;AACjD,MAAM,CAAC,MAAM,uBAAuB,GAAG,yBAAyB,CAAC;AACjE,MAAM,CAAC,MAAM,oBAAoB,GAAG,cAAc,CAAC;AAEnD,MAAM,CAAC,MAAM,iBAAiB,GAAG,GAAG,qBAAqB,gBAAgB,CAAC;AAC1E,MAAM,CAAC,MAAM,aAAa,GAAG,GAAG,qBAAqB,YAAY,CAAC;AAClE,MAAM,CAAC,MAAM,aAAa,GAAG,GAAG,qBAAqB,YAAY,CAAC;AAClE,MAAM,CAAC,MAAM,eAAe,GAAG,GAAG,qBAAqB,cAAc,CAAC;AACtE,MAAM,CAAC,MAAM,UAAU,GAAG,GAAG,qBAAqB,SAAS,CAAC;AAC5D,MAAM,CAAC,MAAM,gBAAgB,GAAG,GAAG,qBAAqB,eAAe,CAAC;AACxE,MAAM,CAAC,MAAM,oBAAoB,GAAG,GAAG,qBAAqB,mBAAmB,CAAC;AAChF,MAAM,CAAC,MAAM,kBAAkB,GAAG,GAAG,qBAAqB,iBAAiB,CAAC"}

package/dist/internal.d.ts

@@ -0,0 +1,25 @@
+/**
+ * mates-fullstack/internal — unstable framework internals.
+ *
+ * These exports are for the CLI, tests, and advanced tooling. They are not part
+ * of the stable application author API and may change between releases.
+ */
+export * from "./server-public.js";
+export { resolveProjectPaths, resolveProductionRuntimePaths, findProjectRoot, findMatesPath, warnMissingPaths, formatPaths, isPathInside, type ResolvedPaths, } from "./project-resolver.js";
+export { loadEnv, getPublicEnv, getBundlerDefines, parseEnvFile, } from "./env-loader.js";
+export { scanRpcFunctions, lookupRpcFn, listRpcFunctions, rpcRegistrySize, clearRpcRegistry, watchRpcFunctions, deriveRpcUrl, type RpcEntry, } from "./rpc-registry.js";
+export { runRpcRequest, parseRpcBody, DEFAULT_TIMEOUT_MS, configureRpcRunner, type RpcRunnerConfig, } from "./rpc-runner.js";
+export { importMainFile, reloadMainFile, watchMainFile, } from "./main-runner.js";
+export { startServer, notifyReload, getActiveRequests, getClientIp, buildDevImportMap, type ServerOptions, type HmrUpdate, } from "./server.js";
+export { scanSocketHandlers, matchSocketRoute, listSocketRoutes, clearSocketRoutes, watchSocketRoutes, attachSocketServer, deriveSocketPattern, type SocketServerOptions, } from "./socket-router.js";
+export { getSSRContext } from "./ssr-context.js";
+export { bootRenderer, renderApp, renderToString, shutdownRenderer, getSSRStyles, DEFAULT_SSR_TIMEOUT_MS, type ComponentFn, type RenderOptions, type RenderResult, } from "./renderer.js";
+export { scanRoutes, matchRoute, watchRoutes, type RouteEntry, type MatchResult, } from "./router.js";
+export { buildShell, type BuildShellOptions } from "./head.js";
+export { buildProduction, buildServerRuntime, buildStyles, copyPublicDir, contentHash, generateRpcStub, extractExportNames, type BuildOptions, type BuildResult, type ServerRuntimeBuildResult, } from "./build-prod.js";
+export { transformFile, isVirtualFile, serveVirtualFile, extractRpcStub, buildDefines, clearTransformCache, } from "./build-esbuild.js";
+export { generateDocs, clearDocsCache, isTsMorphAvailable, type RouteDoc, type TypeShape, type FieldDoc, } from "./docs-generator.js";
+export { buildDocsHtml, serveDocsPage } from "./docs-page.js";
+export { createDevWatcher, getDevWatchPaths, shouldIgnoreWatchPath, classifyDevChange, type DevWatchAction, type DevWatchEvent, type DevWatcherOptions, } from "./dev-watcher.js";
+export { logRequest, logResponse } from "./logger.js";
+//# sourceMappingURL=internal.d.ts.map

package/dist/internal.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"internal.d.ts","sourceRoot":"","sources":["../src/internal.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,cAAc,oBAAoB,CAAC;AAEnC,OAAO,EACL,mBAAmB,EACnB,6BAA6B,EAC7B,eAAe,EACf,aAAa,EACb,gBAAgB,EAChB,WAAW,EACX,YAAY,EACZ,KAAK,aAAa,GACnB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EACL,OAAO,EACP,YAAY,EACZ,iBAAiB,EACjB,YAAY,GACb,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EACL,gBAAgB,EAChB,WAAW,EACX,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,YAAY,EACZ,KAAK,QAAQ,GACd,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,aAAa,EACb,YAAY,EACZ,kBAAkB,EAClB,kBAAkB,EAClB,KAAK,eAAe,GACrB,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EACL,cAAc,EACd,cAAc,EACd,aAAa,GACd,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EACL,WAAW,EACX,YAAY,EACZ,iBAAiB,EACjB,WAAW,EACX,iBAAiB,EACjB,KAAK,aAAa,EAClB,KAAK,SAAS,GACf,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,kBAAkB,EAClB,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,kBAAkB,EAClB,mBAAmB,EACnB,KAAK,mBAAmB,GACzB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEjD,OAAO,EACL,YAAY,EACZ,SAAS,EACT,cAAc,EACd,gBAAgB,EAChB,YAAY,EACZ,sBAAsB,EACtB,KAAK,WAAW,EAChB,KAAK,aAAa,EAClB,KAAK,YAAY,GAClB,MAAM,eAAe,CAAC;AAEvB,OAAO,EACL,UAAU,EACV,UAAU,EACV,WAAW,EACX,KAAK,UAAU,EACf,KAAK,WAAW,GACjB,MAAM,aAAa,CAAC;AAErB,OAAO,EAAE,UAAU,EAAE,KAAK,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAE/D,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,WAAW,EACX,aAAa,EACb,WAAW,EACX,eAAe,EACf,kBAAkB,EAClB,KAAK,YAAY,EACjB,KAAK,WAAW,EAChB,KAAK,wBAAwB,GAC9B,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EACL,aAAa,EACb,aAAa,EACb,gBAAgB,EAChB,cAAc,EACd,YAAY,EACZ,mBAAmB,GACpB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,YAAY,EACZ,cAAc,EACd,kBAAkB,EAClB,KAAK,QAAQ,EACb,KAAK,SAAS,EACd,KAAK,QAAQ,GACd,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAE9D,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,qBAAqB,EACrB,iBAAiB,EACjB,KAAK,cAAc,EACnB,KAAK,aAAa,EAClB,KAAK,iBAAiB,GACvB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC"}

package/dist/internal.js

@@ -0,0 +1,25 @@
+/**
+ * mates-fullstack/internal — unstable framework internals.
+ *
+ * These exports are for the CLI, tests, and advanced tooling. They are not part
+ * of the stable application author API and may change between releases.
+ */
+export * from "./server-public.js";
+export { resolveProjectPaths, resolveProductionRuntimePaths, findProjectRoot, findMatesPath, warnMissingPaths, formatPaths, isPathInside, } from "./project-resolver.js";
+export { loadEnv, getPublicEnv, getBundlerDefines, parseEnvFile, } from "./env-loader.js";
+export { scanRpcFunctions, lookupRpcFn, listRpcFunctions, rpcRegistrySize, clearRpcRegistry, watchRpcFunctions, deriveRpcUrl, } from "./rpc-registry.js";
+export { runRpcRequest, parseRpcBody, DEFAULT_TIMEOUT_MS, configureRpcRunner, } from "./rpc-runner.js";
+export { importMainFile, reloadMainFile, watchMainFile, } from "./main-runner.js";
+export { startServer, notifyReload, getActiveRequests, getClientIp, buildDevImportMap, } from "./server.js";
+export { scanSocketHandlers, matchSocketRoute, listSocketRoutes, clearSocketRoutes, watchSocketRoutes, attachSocketServer, deriveSocketPattern, } from "./socket-router.js";
+export { getSSRContext } from "./ssr-context.js";
+export { bootRenderer, renderApp, renderToString, shutdownRenderer, getSSRStyles, DEFAULT_SSR_TIMEOUT_MS, } from "./renderer.js";
+export { scanRoutes, matchRoute, watchRoutes, } from "./router.js";
+export { buildShell } from "./head.js";
+export { buildProduction, buildServerRuntime, buildStyles, copyPublicDir, contentHash, generateRpcStub, extractExportNames, } from "./build-prod.js";
+export { transformFile, isVirtualFile, serveVirtualFile, extractRpcStub, buildDefines, clearTransformCache, } from "./build-esbuild.js";
+export { generateDocs, clearDocsCache, isTsMorphAvailable, } from "./docs-generator.js";
+export { buildDocsHtml, serveDocsPage } from "./docs-page.js";
+export { createDevWatcher, getDevWatchPaths, shouldIgnoreWatchPath, classifyDevChange, } from "./dev-watcher.js";
+export { logRequest, logResponse } from "./logger.js";
+//# sourceMappingURL=internal.js.map

package/dist/internal.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"internal.js","sourceRoot":"","sources":["../src/internal.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,cAAc,oBAAoB,CAAC;AAEnC,OAAO,EACL,mBAAmB,EACnB,6BAA6B,EAC7B,eAAe,EACf,aAAa,EACb,gBAAgB,EAChB,WAAW,EACX,YAAY,GAEb,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EACL,OAAO,EACP,YAAY,EACZ,iBAAiB,EACjB,YAAY,GACb,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EACL,gBAAgB,EAChB,WAAW,EACX,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,YAAY,GAEb,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,aAAa,EACb,YAAY,EACZ,kBAAkB,EAClB,kBAAkB,GAEnB,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EACL,cAAc,EACd,cAAc,EACd,aAAa,GACd,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EACL,WAAW,EACX,YAAY,EACZ,iBAAiB,EACjB,WAAW,EACX,iBAAiB,GAGlB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,kBAAkB,EAClB,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,kBAAkB,EAClB,mBAAmB,GAEpB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEjD,OAAO,EACL,YAAY,EACZ,SAAS,EACT,cAAc,EACd,gBAAgB,EAChB,YAAY,EACZ,sBAAsB,GAIvB,MAAM,eAAe,CAAC;AAEvB,OAAO,EACL,UAAU,EACV,UAAU,EACV,WAAW,GAGZ,MAAM,aAAa,CAAC;AAErB,OAAO,EAAE,UAAU,EAA0B,MAAM,WAAW,CAAC;AAE/D,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,WAAW,EACX,aAAa,EACb,WAAW,EACX,eAAe,EACf,kBAAkB,GAInB,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EACL,aAAa,EACb,aAAa,EACb,gBAAgB,EAChB,cAAc,EACd,YAAY,EACZ,mBAAmB,GACpB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,YAAY,EACZ,cAAc,EACd,kBAAkB,GAInB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAE9D,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,qBAAqB,EACrB,iBAAiB,GAIlB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC"}

package/dist/jwt.d.ts

@@ -0,0 +1,166 @@
+/**
+ * mates-fullstack — jwt.ts
+ *
+ * Zero-dependency JWT implementation using Node.js built-in crypto.
+ * Supports HS256 (HMAC-SHA256) — the right choice for tokens you
+ * both sign and verify yourself.
+ *
+ * For asymmetric algorithms (RS256, ES256) or third-party JWKS verification
+ * (Google, Auth0, GitHub), use the `jose` package instead.
+ *
+ * Usage in server/main.ts or server/helpers/auth.ts:
+ *
+ *   import { jwt } from "mates-fullstack";
+ *
+ *   const tokens = jwt(process.env.JWT_SECRET!);
+ *
+ *   // Sign
+ *   const token = await tokens.sign({ sub: "user_123", role: "admin" });
+ *
+ *   // Verify
+ *   const payload = await tokens.verify(token);
+ *   if (!payload) throw new AuthError("Invalid token");
+ *
+ *   // Decode without verifying (e.g. to read sub before re-validating)
+ *   const claims = jwt.decode(token);
+ *
+ * API:
+ *   jwt(secret, options?)     → bound instance for sign/verify/refresh
+ *   jwt.decode(token)         → decode payload without verifying
+ *   jwt.isExpired(token)      → check expiry without verifying signature
+ *
+ * Bound instance:
+ *   .sign(payload, options?)  → Promise<string>
+ *   .verify(token)            → Promise<JwtPayload | null>
+ *   .refresh(token, options?) → Promise<string | null>  (rotate with same claims)
+ *   .decode(token)            → JwtPayload | null       (no signature check)
+ */
+export interface JwtPayload {
+    /** Subject — typically the user ID */
+    sub?: string;
+    /** Issued at (Unix seconds) */
+    iat?: number;
+    /** Expiry (Unix seconds) */
+    exp?: number;
+    /** Not before (Unix seconds) */
+    nbf?: number;
+    /** JWT ID — unique token identifier */
+    jti?: string;
+    /** Issuer */
+    iss?: string;
+    /** Audience */
+    aud?: string | string[];
+    /** Any custom claims */
+    [key: string]: unknown;
+}
+export interface JwtSignOptions {
+    /**
+     * Token lifetime. Accepts seconds (number) or a duration string.
+     * Supported units: s, m, h, d, w
+     * Examples: 3600, "1h", "7d", "15m"
+     * Pass `false` to issue a token with no expiry (`exp` claim is omitted).
+     * @default "1h"
+     */
+    expiresIn?: number | string | false;
+    /**
+     * Not-before offset. Token is invalid before now + nbf.
+     * Same format as expiresIn.
+     * @default undefined (no nbf claim)
+     */
+    notBefore?: number | string;
+    /**
+     * Issuer claim (iss).
+     */
+    issuer?: string;
+    /**
+     * Audience claim (aud).
+     */
+    audience?: string | string[];
+    /**
+     * Include a unique jti (JWT ID) claim.
+     * Useful for token revocation tracking.
+     * @default false
+     */
+    includeJti?: boolean;
+}
+export interface JwtVerifyOptions {
+    /**
+     * Expected issuer. If set, tokens with a different iss are rejected.
+     */
+    issuer?: string;
+    /**
+     * Expected audience. If set, tokens without this aud are rejected.
+     */
+    audience?: string;
+    /**
+     * Clock skew tolerance in seconds.
+     * Allows tokens that are slightly expired or slightly not-yet-valid.
+     * @default 0
+     */
+    clockSkew?: number;
+}
+export interface JwtInstance {
+    /**
+     * Sign a payload and return a JWT string.
+     *
+     * @example
+     * const token = await tokens.sign({ sub: "user_123", role: "admin" });
+     * const token = await tokens.sign({ sub: "user_123" }, { expiresIn: "7d" });
+     */
+    sign(payload: JwtPayload, options?: JwtSignOptions): Promise<string>;
+    /**
+     * Verify a JWT and return its payload.
+     * Returns null if the token is invalid, expired, or tampered.
+     * Never throws.
+     *
+     * @example
+     * const payload = await tokens.verify(token);
+     * if (!payload) throw new AuthError("Invalid token");
+     * console.log(payload.sub);
+     */
+    verify(token: string, options?: JwtVerifyOptions): Promise<JwtPayload | null>;
+    /**
+     * Rotate a token — verify it, then issue a new one with the same claims
+     * but a fresh iat and exp. Returns null if the original token is invalid.
+     *
+     * @example
+     * const newToken = await tokens.refresh(oldToken, { expiresIn: "7d" });
+     * if (!newToken) throw new AuthError("Cannot refresh invalid token");
+     */
+    refresh(token: string, options?: JwtSignOptions & JwtVerifyOptions): Promise<string | null>;
+    /**
+     * Decode a JWT without verifying the signature.
+     * Useful for reading claims before full verification,
+     * or for logging/debugging purposes.
+     * Returns null if the token is malformed.
+     */
+    decode(token: string): JwtPayload | null;
+}
+/**
+ * Decode a JWT without verifying the signature.
+ * Safe to call on untrusted tokens — never throws.
+ */
+declare function decodeToken(token: string): JwtPayload | null;
+/**
+ * Check if a token is expired without verifying the signature.
+ * Returns true if expired or malformed.
+ */
+declare function isTokenExpired(token: string, clockSkewSeconds?: number): boolean;
+/**
+ * Create a bound JWT instance for signing and verifying tokens.
+ *
+ * @param secret  - The secret key string. Use a long random string in production.
+ *                  Minimum 32 characters recommended.
+ * @param defaults - Default options applied to all sign() calls.
+ *
+ * @example
+ * const tokens = jwt(process.env.JWT_SECRET!);
+ * const tokens = jwt(process.env.JWT_SECRET!, { expiresIn: "7d" });
+ */
+export declare function jwt(secret: string, defaults?: JwtSignOptions): JwtInstance;
+export declare namespace jwt {
+    var decode: typeof decodeToken;
+    var isExpired: typeof isTokenExpired;
+}
+export {};
+//# sourceMappingURL=jwt.d.ts.map

package/dist/jwt.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../src/jwt.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AAMH,MAAM,WAAW,UAAU;IACzB,sCAAsC;IACtC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,+BAA+B;IAC/B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,4BAA4B;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,gCAAgC;IAChC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,uCAAuC;IACvC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,aAAa;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,eAAe;IACf,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACxB,wBAAwB;IACxB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,cAAc;IAC7B;;;;;;OAMG;IACH,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,KAAK,CAAC;IAEpC;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAE5B;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAE7B;;;;OAIG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,gBAAgB;IAC/B;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B;;;;;;OAMG;IACH,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAErE;;;;;;;;;OASG;IACH,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IAE9E;;;;;;;OAOG;IACH,OAAO,CACL,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE,cAAc,GAAG,gBAAgB,GAC1C,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAE1B;;;;;OAKG;IACH,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,GAAG,IAAI,CAAC;CAC1C;AAID;;;GAGG;AACH,iBAAS,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,GAAG,IAAI,CAcrD;AAED;;;GAGG;AACH,iBAAS,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,gBAAgB,SAAI,GAAG,OAAO,CAKpE;AAID;;;;;;;;;;GAUG;AACH,wBAAgB,GAAG,CACjB,MAAM,EAAE,MAAM,EACd,QAAQ,GAAE,cAAmB,GAC5B,WAAW,CAiKb;yBApKe,GAAG"}