npm - myaidev-method - Versions diffs - 0.2.7 → 0.2.9 - Mend

myaidev-method 0.2.7 → 0.2.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (163) hide show

package/.claude/agents/wordpress-admin.md +271 -0
package/.env.example +0 -1
package/COOLIFY_DEPLOYMENT.md +1 -1
package/DEV_WORKFLOW_GUIDE.md +1 -1
package/PACKAGE_FIXES_SUMMARY.md +319 -0
package/PAYLOADCMS_AUTH_UPDATE.md +248 -0
package/PUBLISHING_GUIDE.md +1 -1
package/README.md +7 -7
package/USER_GUIDE.md +261 -1
package/WORDPRESS_ADMIN_SCRIPTS.md +1 -1
package/bin/cli.js +36 -0
package/dist/server/.tsbuildinfo +1 -0
package/dist/server/auth/controllers/AuthController.d.ts +34 -0
package/dist/server/auth/controllers/AuthController.d.ts.map +1 -0
package/dist/server/auth/controllers/AuthController.js +43 -0
package/dist/server/auth/controllers/AuthController.js.map +1 -0
package/dist/server/auth/example-usage.d.ts +53 -0
package/dist/server/auth/example-usage.d.ts.map +1 -0
package/dist/server/auth/example-usage.js +129 -0
package/dist/server/auth/example-usage.js.map +1 -0
package/dist/server/auth/index.d.ts +11 -0
package/dist/server/auth/index.d.ts.map +1 -0
package/dist/server/auth/index.js +15 -0
package/dist/server/auth/index.js.map +1 -0
package/dist/server/auth/layers.d.ts +19 -0
package/dist/server/auth/layers.d.ts.map +1 -0
package/dist/server/auth/layers.js +33 -0
package/dist/server/auth/layers.js.map +1 -0
package/dist/server/auth/middleware/authMiddleware.d.ts +24 -0
package/dist/server/auth/middleware/authMiddleware.d.ts.map +1 -0
package/dist/server/auth/middleware/authMiddleware.js +65 -0
package/dist/server/auth/middleware/authMiddleware.js.map +1 -0
package/dist/server/auth/routes/authRoutes.d.ts +11 -0
package/dist/server/auth/routes/authRoutes.d.ts.map +1 -0
package/dist/server/auth/routes/authRoutes.js +213 -0
package/dist/server/auth/routes/authRoutes.js.map +1 -0
package/dist/server/auth/services/AuditLogService.d.ts +21 -0
package/dist/server/auth/services/AuditLogService.d.ts.map +1 -0
package/dist/server/auth/services/AuditLogService.js +28 -0
package/dist/server/auth/services/AuditLogService.js.map +1 -0
package/dist/server/auth/services/AuthService.d.ts +27 -0
package/dist/server/auth/services/AuthService.d.ts.map +1 -0
package/dist/server/auth/services/AuthService.js +246 -0
package/dist/server/auth/services/AuthService.js.map +1 -0
package/dist/server/auth/services/PasswordService.d.ts +12 -0
package/dist/server/auth/services/PasswordService.d.ts.map +1 -0
package/dist/server/auth/services/PasswordService.js +31 -0
package/dist/server/auth/services/PasswordService.js.map +1 -0
package/dist/server/auth/services/SessionRepository.d.ts +24 -0
package/dist/server/auth/services/SessionRepository.d.ts.map +1 -0
package/dist/server/auth/services/SessionRepository.js +101 -0
package/dist/server/auth/services/SessionRepository.js.map +1 -0
package/dist/server/auth/services/TokenService.d.ts +12 -0
package/dist/server/auth/services/TokenService.d.ts.map +1 -0
package/dist/server/auth/services/TokenService.js +86 -0
package/dist/server/auth/services/TokenService.js.map +1 -0
package/dist/server/auth/services/UserRepository.d.ts +23 -0
package/dist/server/auth/services/UserRepository.d.ts.map +1 -0
package/dist/server/auth/services/UserRepository.js +168 -0
package/dist/server/auth/services/UserRepository.js.map +1 -0
package/dist/server/auth/services/example.d.ts +26 -0
package/dist/server/auth/services/example.d.ts.map +1 -0
package/dist/server/auth/services/example.js +221 -0
package/dist/server/auth/services/example.js.map +1 -0
package/dist/server/auth/services/index.d.ts +6 -0
package/dist/server/auth/services/index.d.ts.map +1 -0
package/dist/server/auth/services/index.js +7 -0
package/dist/server/auth/services/index.js.map +1 -0
package/dist/server/database/db.d.ts +28 -0
package/dist/server/database/db.d.ts.map +1 -0
package/dist/server/database/db.js +91 -0
package/dist/server/database/db.js.map +1 -0
package/dist/server/database/schema.sql +95 -0
package/dist/server/hono/app.d.ts +10 -0
package/dist/server/hono/app.d.ts.map +1 -0
package/dist/server/hono/app.js +26 -0
package/dist/server/hono/app.js.map +1 -0
package/dist/server/hono/routes.d.ts +12 -0
package/dist/server/hono/routes.d.ts.map +1 -0
package/dist/server/hono/routes.js +40 -0
package/dist/server/hono/routes.js.map +1 -0
package/dist/server/main.d.ts +2 -0
package/dist/server/main.d.ts.map +1 -0
package/dist/server/main.js +94 -0
package/dist/server/main.js.map +1 -0
package/dist/server/user-management/DirectoryService.d.ts +62 -0
package/dist/server/user-management/DirectoryService.d.ts.map +1 -0
package/dist/server/user-management/DirectoryService.js +201 -0
package/dist/server/user-management/DirectoryService.js.map +1 -0
package/dist/server/user-management/LinuxUserService.d.ts +71 -0
package/dist/server/user-management/LinuxUserService.d.ts.map +1 -0
package/dist/server/user-management/LinuxUserService.js +192 -0
package/dist/server/user-management/LinuxUserService.js.map +1 -0
package/dist/server/user-management/QuotaService.d.ts +59 -0
package/dist/server/user-management/QuotaService.d.ts.map +1 -0
package/dist/server/user-management/QuotaService.js +148 -0
package/dist/server/user-management/QuotaService.js.map +1 -0
package/dist/server/user-management/UserManagementService.d.ts +74 -0
package/dist/server/user-management/UserManagementService.d.ts.map +1 -0
package/dist/server/user-management/UserManagementService.js +122 -0
package/dist/server/user-management/UserManagementService.js.map +1 -0
package/dist/server/user-management/index.d.ts +26 -0
package/dist/server/user-management/index.d.ts.map +1 -0
package/dist/server/user-management/index.js +26 -0
package/dist/server/user-management/index.js.map +1 -0
package/dist/server/user-management/layers.d.ts +27 -0
package/dist/server/user-management/layers.d.ts.map +1 -0
package/dist/server/user-management/layers.js +37 -0
package/dist/server/user-management/layers.js.map +1 -0
package/dist/shared/types.d.ts +94 -0
package/dist/shared/types.d.ts.map +1 -0
package/dist/shared/types.js +32 -0
package/dist/shared/types.js.map +1 -0
package/package.json +26 -6
package/src/lib/payloadcms-utils.js +5 -12
package/src/server/auth/ARCHITECTURE.md +575 -0
package/src/server/auth/IMPLEMENTATION_SUMMARY.md +287 -0
package/src/server/auth/QUICK_START.md +283 -0
package/src/server/auth/README.md +290 -0
package/src/server/auth/controllers/AuthController.ts +129 -0
package/src/server/auth/example-usage.ts +159 -0
package/src/server/auth/index.ts +19 -0
package/src/server/auth/layers.ts +57 -0
package/src/server/auth/middleware/authMiddleware.ts +118 -0
package/src/server/auth/routes/authRoutes.ts +319 -0
package/src/server/auth/services/AuditLogService.ts +81 -0
package/src/server/auth/services/AuthService.ts +408 -0
package/src/server/auth/services/IMPLEMENTATION_SUMMARY.md +404 -0
package/src/server/auth/services/PasswordService.ts +85 -0
package/src/server/auth/services/README.md +361 -0
package/src/server/auth/services/SessionRepository.ts +227 -0
package/src/server/auth/services/TokenService.ts +174 -0
package/src/server/auth/services/UserRepository.ts +318 -0
package/src/server/auth/services/example.ts +346 -0
package/src/server/auth/services/index.ts +6 -0
package/src/server/database/db.ts +161 -0
package/src/server/database/schema.sql +95 -0
package/src/server/hono/app.ts +41 -0
package/src/server/main.ts +115 -0
package/src/server/user-management/DirectoryService.ts +348 -0
package/src/server/user-management/LinuxUserService.ts +338 -0
package/src/server/user-management/QuotaService.ts +256 -0
package/src/server/user-management/README.md +333 -0
package/src/server/user-management/UserManagementService.ts +335 -0
package/src/server/user-management/index.ts +26 -0
package/src/server/user-management/layers.ts +51 -0
package/src/shared/types.ts +111 -0
package/src/templates/claude/agents/payloadcms-publish.md +34 -14
package/src/templates/codex/commands/myai-astro-publish.md +8 -2
package/src/templates/codex/commands/myai-content-writer.md +8 -2
package/src/templates/codex/commands/myai-coolify-deploy.md +8 -2
package/src/templates/codex/commands/myai-dev-architect.md +8 -2
package/src/templates/codex/commands/myai-dev-code.md +8 -2
package/src/templates/codex/commands/myai-dev-docs.md +8 -2
package/src/templates/codex/commands/myai-dev-review.md +8 -2
package/src/templates/codex/commands/myai-dev-test.md +8 -2
package/src/templates/codex/commands/myai-docusaurus-publish.md +8 -2
package/src/templates/codex/commands/myai-mintlify-publish.md +8 -2
package/src/templates/codex/commands/myai-payloadcms-publish.md +17 -3
package/src/templates/codex/commands/myai-sparc-workflow.md +8 -2
package/src/templates/codex/commands/myai-wordpress-admin.md +8 -2
package/src/templates/codex/commands/myai-wordpress-publish.md +8 -2
package/src/templates/docs/wordpress-troubleshoot.js +2 -2

package/src/server/auth/IMPLEMENTATION_SUMMARY.md ADDED Viewed

@@ -0,0 +1,287 @@
+# Authentication Implementation Summary
+## Completed Components
+### 1. AuthService (/src/server/auth/services/AuthService.ts)
+**High-level authentication orchestration service**
+✅ **register(username, email, password, ipAddress?, userAgent?)**
+- Validates username (3-32 chars, alphanumeric + underscore)
+- Validates email format
+- Validates password strength (8+ chars, uppercase, lowercase, number)
+- Checks for duplicate email/username
+- Hashes password with bcrypt
+- Generates unique Linux username (sanitized, lowercase, unique)
+- Creates user in database
+- Logs USER_REGISTERED audit event
+✅ **login(email, password, ipAddress?, userAgent?)**
+- Finds user by email
+- Checks account lockout status (5 failed attempts = 15 min lockout)
+- Verifies password
+- Increments failed attempts on failure
+- Resets failed attempts on success
+- Updates last login timestamp
+- Creates session with token hash
+- Generates JWT token (RS256, 7 day expiry)
+- Logs USER_LOGIN or LOGIN_FAILED audit event
+✅ **logout(sessionId, userId)**
+- Revokes session in database
+- Logs USER_LOGOUT audit event
+✅ **verifyToken(token)**
+- Verifies JWT signature and expiry
+- Hashes token to find session
+- Checks session not expired or revoked
+- Finds and validates user (active status)
+- Returns user and session objects
+### 2. authMiddleware (/src/server/auth/middleware/authMiddleware.ts)
+**Hono middleware for authentication**
+✅ **Token Extraction**
+- Supports `Authorization: Bearer <token>` header
+- Supports `auth_token` httpOnly cookie
+- Returns 401 if no token found
+✅ **Token Verification**
+- Calls AuthService.verifyToken()
+- Handles all error types (AuthError, DatabaseError)
+- Uses Effect.runPromise with AppLayer
+✅ **Context Injection**
+- Injects `user` into Hono context (c.set('user', user))
+- Injects `session` into Hono context (c.set('session', session))
+- TypeScript declaration extends ContextVariableMap
+✅ **Error Handling**
+- AuthError → 401 Unauthorized
+- DatabaseError → 500 Internal Server Error
+- Unknown errors → 500 Internal Server Error
+### 3. authRoutes (/src/server/auth/routes/authRoutes.ts)
+**Hono router with authentication endpoints**
+✅ **POST /api/auth/register**
+- Validates required fields (username, email, password)
+- Extracts IP address (x-forwarded-for, x-real-ip headers)
+- Extracts user agent
+- Calls AuthService.register()
+- Returns user object (201 Created)
+- Error handling: ValidationError → 400, AuthError → 400, DatabaseError → 500
+✅ **POST /api/auth/login**
+- Validates required fields (email, password)
+- Extracts IP address and user agent
+- Calls AuthService.login()
+- Sets httpOnly cookie with token
+- Returns user object + token (200 OK)
+- Error handling: AuthError → 401, DatabaseError → 500
+✅ **POST /api/auth/logout** (protected)
+- Requires authMiddleware
+- Gets user and session from context
+- Calls AuthService.logout()
+- Clears auth_token cookie
+- Returns success message (200 OK)
+- Error handling: DatabaseError → 500
+✅ **GET /api/auth/me** (protected)
+- Requires authMiddleware
+- Gets user from context
+- Returns user profile data
+- Includes: id, username, email, emailVerified, createdAt, lastLoginAt
+- Error handling: Generic 500 for unexpected errors
+### 4. AuthController (/src/server/auth/controllers/AuthController.ts)
+**Optional Effect-TS controller for clean architecture**
+✅ **register(data, ipAddress?, userAgent?)**
+- Wraps AuthService.register()
+- Returns formatted user object
+- Effect-TS service pattern
+✅ **login(data, ipAddress?, userAgent?)**
+- Wraps AuthService.login()
+- Returns formatted response with user + token
+- Effect-TS service pattern
+✅ **logout(sessionId, userId)**
+- Wraps AuthService.logout()
+- Effect-TS service pattern
+✅ **me(user)**
+- Returns formatted user profile
+- Synchronous Effect.succeed
+- Effect-TS service pattern
+### 5. AppLayer (middleware/authMiddleware.ts)
+**Complete dependency layer composition**
+✅ **Layer Structure**
+```typescript
+Layer.mergeAll(
+  DatabaseService.Live,
+  PasswordService.Live,
+  TokenService.Live
+).pipe(
+  Layer.provideMerge(UserRepository.Live),
+  Layer.provideMerge(SessionRepository.Live),
+  Layer.provideMerge(AuditLogService.Live),
+  Layer.provideMerge(AuthService.Live)
+)
+```
+### 6. Supporting Files
+✅ **/src/server/auth/index.ts**
+- Barrel export for all auth modules
+- Clean public API
+✅ **/src/server/auth/README.md**
+- Comprehensive documentation
+- Architecture overview
+- Security features
+- Usage examples
+- API reference
+- Testing guide
+✅ **/src/server/auth/example-usage.ts**
+- Complete Hono integration example
+- Protected route examples
+- Admin route example
+- curl command examples
+- Setup instructions
+## Security Features Implemented
+### Password Security
+✅ Minimum 8 characters
+✅ Uppercase + lowercase + number requirements
+✅ bcrypt hashing (12 rounds)
+✅ Password strength validation
+### Account Lockout
+✅ 5 failed attempts trigger
+✅ 15 minute lockout duration
+✅ Automatic unlock after duration
+✅ Failed attempts reset on success
+### Session Management
+✅ JWT with RS256 signing
+✅ 7 day token expiration
+✅ Session stored with SHA-256 token hash
+✅ Session validation on every request
+✅ Revocable sessions
+### Cookie Security
+✅ httpOnly flag
+✅ secure flag (production only)
+✅ sameSite=strict
+✅ 7 day maxAge
+✅ path=/
+### Linux Username Generation
+✅ Sanitized from username
+✅ Lowercase alphanumeric + underscores
+✅ Must start with letter
+✅ Max 32 characters
+✅ Guaranteed uniqueness with counter suffix
+### Audit Logging
+✅ USER_REGISTERED events
+✅ USER_LOGIN events
+✅ USER_LOGOUT events
+✅ LOGIN_FAILED events
+✅ IP address tracking
+✅ User agent tracking
+## Effect-TS Patterns Used
+### Context.Tag Pattern
+✅ All services extend Context.Tag
+✅ Type-safe dependency injection
+✅ Service interface definitions
+### Layer Pattern
+✅ All services provide Layer.Live
+✅ Layer composition with provideMerge
+✅ Complete dependency graph
+### Effect.gen Pattern
+✅ All async operations use Effect.gen
+✅ yield* for Effect composition
+✅ Type-safe error handling
+### Typed Errors
+✅ AuthError for authentication failures
+✅ ValidationError for input validation
+✅ DatabaseError for persistence failures
+✅ No `as` type casting used
+## Integration Points
+### Hono Framework
+✅ Hono router for routes
+✅ Hono middleware pattern
+✅ Context variable injection
+✅ Cookie utilities (getCookie, setCookie)
+### Effect Runtime
+✅ Effect.runPromise for HTTP handlers
+✅ Effect.provide with AppLayer
+✅ Proper error handling in async context
+### Database
+✅ DatabaseService dependency
+✅ UserRepository for user operations
+✅ SessionRepository for session operations
+✅ AuditLogService for logging
+## Files Created
+1. `/src/server/auth/services/AuthService.ts` - Main auth orchestration
+2. `/src/server/auth/middleware/authMiddleware.ts` - Hono middleware
+3. `/src/server/auth/routes/authRoutes.ts` - HTTP routes
+4. `/src/server/auth/controllers/AuthController.ts` - Optional controller
+5. `/src/server/auth/index.ts` - Barrel exports
+6. `/src/server/auth/README.md` - Documentation
+7. `/src/server/auth/example-usage.ts` - Usage examples
+8. `/src/server/auth/IMPLEMENTATION_SUMMARY.md` - This file
+## Testing Checklist
+- [ ] Test user registration with valid data
+- [ ] Test registration with duplicate email
+- [ ] Test registration with duplicate username
+- [ ] Test registration with weak password
+- [ ] Test registration with invalid email
+- [ ] Test login with correct credentials
+- [ ] Test login with wrong password
+- [ ] Test account lockout after 5 failed attempts
+- [ ] Test lockout expiry after 15 minutes
+- [ ] Test successful login resets failed attempts
+- [ ] Test logout revokes session
+- [ ] Test protected route with valid token
+- [ ] Test protected route with expired token
+- [ ] Test protected route with revoked session
+- [ ] Test protected route with no token
+- [ ] Test token from Authorization header
+- [ ] Test token from cookie
+- [ ] Test Linux username generation
+- [ ] Test Linux username uniqueness
+- [ ] Test audit log entries
+## Next Steps
+1. **Write Tests**: Create comprehensive test suite using vitest
+2. **Environment Variables**: Add JWT secret configuration (optional, currently using generated keys)
+3. **Rate Limiting**: Add rate limiting middleware for login endpoint
+4. **Email Verification**: Implement email verification flow
+5. **Password Reset**: Add password reset functionality
+6. **OAuth Integration**: Add OAuth2 providers (Google, GitHub, Microsoft)
+7. **Two-Factor Auth**: Implement TOTP-based 2FA
+8. **Session Management UI**: Add user session management endpoints
+9. **Admin API**: Add admin endpoints for user management
+10. **Monitoring**: Add Prometheus metrics for auth operations

package/src/server/auth/QUICK_START.md ADDED Viewed

@@ -0,0 +1,283 @@
+# Authentication Quick Start Guide
+## 🚀 5-Minute Integration
+### 1. Install Dependencies
+```bash
+npm install hono effect bcrypt jose
+npm install -D @types/bcrypt
+```
+### 2. Initialize Database
+```bash
+node --import tsx/esm src/server/database/init-db.ts
+```
+### 3. Create Your Server
+```typescript
+// src/server/index.ts
+import { Hono } from "hono";
+import { authRouter, authMiddleware } from "./auth/index.js";
+const app = new Hono();
+// Public routes
+app.route("/api/auth", authRouter);
+// Protected routes
+app.get("/api/protected", authMiddleware, (c) => {
+  const user = c.get("user");
+  return c.json({ message: `Hello ${user.username}` });
+});
+export default app;
+```
+### 4. Test It
+```bash
+# Register
+curl -X POST http://localhost:3000/api/auth/register \
+  -H "Content-Type: application/json" \
+  -d '{"username":"john","email":"john@example.com","password":"SecurePass123"}'
+# Login
+curl -X POST http://localhost:3000/api/auth/login \
+  -H "Content-Type: application/json" \
+  -d '{"email":"john@example.com","password":"SecurePass123"}' \
+  -c cookies.txt
+# Access protected route
+curl http://localhost:3000/api/protected \
+  -b cookies.txt
+```
+## 📚 Key Endpoints
+| Method | Endpoint | Auth | Description |
+|--------|----------|------|-------------|
+| POST | `/api/auth/register` | No | Create new account |
+| POST | `/api/auth/login` | No | Login and get token |
+| POST | `/api/auth/logout` | Yes | Revoke session |
+| GET | `/api/auth/me` | Yes | Get current user |
+## 🔐 Security Features
+✅ **Password**: bcrypt (12 rounds), min 8 chars, uppercase + lowercase + number
+✅ **Tokens**: JWT with RS256, 7-day expiry, httpOnly cookies
+✅ **Lockout**: 5 failed attempts = 15 minute lockout
+✅ **Sessions**: Revocable, tracked with IP/user agent
+✅ **Audit**: All auth events logged
+## 🛡️ Protected Routes
+```typescript
+// Single route
+app.get("/api/secret", authMiddleware, (c) => {
+  const user = c.get("user");
+  const session = c.get("session");
+  // Your logic here
+});
+// Route group
+const protectedRoutes = new Hono();
+protectedRoutes.use("*", authMiddleware);
+protectedRoutes.get("/profile", (c) => { /* ... */ });
+protectedRoutes.get("/settings", (c) => { /* ... */ });
+app.route("/api/protected", protectedRoutes);
+```
+## 📝 Response Formats
+### Success: Register
+```json
+{
+  "user": {
+    "id": "uuid",
+    "username": "john",
+    "email": "john@example.com",
+    "emailVerified": false
+  }
+}
+```
+### Success: Login
+```json
+{
+  "user": {
+    "id": "uuid",
+    "username": "john",
+    "email": "john@example.com",
+    "emailVerified": false
+  },
+  "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..."
+}
+```
+### Error: Validation
+```json
+{
+  "error": "VALIDATION_ERROR",
+  "field": "password",
+  "message": "Password must be at least 8 characters long"
+}
+```
+### Error: Authentication
+```json
+{
+  "error": "AuthError",
+  "message": "Invalid email or password"
+}
+```
+## 🔧 Environment Variables
+```bash
+# Optional - defaults to development settings
+NODE_ENV=production  # Enables secure cookies
+PORT=3000           # Server port
+```
+## 🎯 Common Patterns
+### Custom Error Handling
+```typescript
+app.post("/api/auth/login", async (c) => {
+  try {
+    const loginEffect = Effect.gen(function* () {
+      const authService = yield* AuthService;
+      return yield* authService.login(email, password, ip, ua);
+    });
+    const result = await Effect.runPromise(
+      Effect.provide(loginEffect, AppLayer)
+    );
+    return c.json(result, 200);
+  } catch (error) {
+    // Your custom error handling
+    if (error._tag === "AuthError") {
+      logSecurityEvent(error);
+    }
+    return handleError(error);
+  }
+});
+```
+### Admin Check
+```typescript
+const adminMiddleware: MiddlewareHandler = async (c, next) => {
+  const user = c.get("user");
+  // Add your admin check logic
+  const isAdmin = user.email.endsWith("@admin.com");
+  if (!isAdmin) {
+    return c.json({ error: "FORBIDDEN" }, 403);
+  }
+  await next();
+};
+app.get("/api/admin/*", authMiddleware, adminMiddleware, (c) => {
+  // Admin-only logic
+});
+```
+### Token from Request
+```typescript
+import { getCookie } from "hono/cookie";
+const token = c.req.header("Authorization")?.substring(7)
+  || getCookie(c, "auth_token");
+```
+### Manual Token Verification
+```typescript
+import { Effect } from "effect";
+import { AppLayer } from "./auth/middleware/authMiddleware.js";
+import { AuthService } from "./auth/services/AuthService.js";
+const verifyEffect = Effect.gen(function* () {
+  const authService = yield* AuthService;
+  return yield* authService.verifyToken(token);
+});
+const { user, session } = await Effect.runPromise(
+  Effect.provide(verifyEffect, AppLayer)
+);
+```
+## 🐛 Debugging
+### Enable Verbose Logging
+```typescript
+// Add to service methods
+Effect.tap(() =>
+  Effect.sync(() => console.log("Debug info here"))
+)
+```
+### Check Session Status
+```typescript
+const session = c.get("session");
+console.log({
+  id: session.id,
+  expires: new Date(session.expiresAt),
+  isRevoked: session.isRevoked,
+});
+```
+### View Audit Logs
+```sql
+-- Check recent auth events
+SELECT * FROM audit_logs
+WHERE action LIKE 'USER_%'
+ORDER BY created_at DESC
+LIMIT 10;
+```
+## 🔍 Troubleshooting
+**401 Unauthorized**
+- Token missing or malformed
+- Token expired (>7 days)
+- Session revoked
+- User account inactive
+**400 Bad Request**
+- Validation failed
+- Email/username already exists
+- Password too weak
+**Account Locked**
+- 5+ failed login attempts
+- Wait 15 minutes or contact admin
+**TypeScript Errors**
+- Ensure `tsconfig.json` has `"target": "ES2022"` or higher
+- Check Effect-TS version compatibility
+## 📖 Full Documentation
+- **README.md** - Complete API reference and security details
+- **ARCHITECTURE.md** - System design and data flow diagrams
+- **IMPLEMENTATION_SUMMARY.md** - Implementation checklist and features
+- **example-usage.ts** - Complete Hono integration example
+## 💡 Next Steps
+1. Add rate limiting to login endpoint
+2. Implement email verification
+3. Add password reset flow
+4. Set up OAuth2 providers
+5. Enable two-factor authentication
+6. Add session management UI
+## 🤝 Support
+For issues or questions:
+1. Check existing documentation
+2. Review example-usage.ts
+3. Inspect audit logs for security events
+4. Verify database schema is initialized