npm - oauth.do - Versions diffs - 0.2.0 → 0.2.2 - Mend

oauth.do 0.2.0 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/dist/session.js ADDED Viewed

@@ -0,0 +1,114 @@
+// src/session.ts
+var defaultSessionConfig = {
+  cookieName: "session",
+  cookieMaxAge: 60 * 60 * 24 * 7,
+  // 7 days
+  cookieSecure: true,
+  cookieSameSite: "lax",
+  secret: "oauth-do-dev-secret-change-in-production"
+};
+var ALGORITHM = "AES-GCM";
+var IV_LENGTH = 12;
+var TAG_LENGTH = 128;
+async function getEncryptionKey(secret) {
+  const encoder = new TextEncoder();
+  return crypto.subtle.importKey(
+    "raw",
+    encoder.encode(secret.padEnd(32, "0").slice(0, 32)),
+    { name: ALGORITHM },
+    false,
+    ["encrypt", "decrypt"]
+  );
+}
+async function encodeSession(session, secret) {
+  const key = await getEncryptionKey(secret ?? defaultSessionConfig.secret);
+  const iv = crypto.getRandomValues(new Uint8Array(IV_LENGTH));
+  const encoder = new TextEncoder();
+  const data = encoder.encode(JSON.stringify(session));
+  const ciphertext = await crypto.subtle.encrypt(
+    { name: ALGORITHM, iv, tagLength: TAG_LENGTH },
+    key,
+    data
+  );
+  const combined = new Uint8Array(iv.length + ciphertext.byteLength);
+  combined.set(iv, 0);
+  combined.set(new Uint8Array(ciphertext), iv.length);
+  return btoa(String.fromCharCode(...combined));
+}
+async function decodeSession(encoded, secret) {
+  try {
+    const key = await getEncryptionKey(secret ?? defaultSessionConfig.secret);
+    const combined = Uint8Array.from(atob(encoded), (c) => c.charCodeAt(0));
+    const iv = combined.slice(0, IV_LENGTH);
+    const ciphertext = combined.slice(IV_LENGTH);
+    const decrypted = await crypto.subtle.decrypt(
+      { name: ALGORITHM, iv, tagLength: TAG_LENGTH },
+      key,
+      ciphertext
+    );
+    const decoder = new TextDecoder();
+    const parsed = JSON.parse(decoder.decode(decrypted));
+    if (!isValidSessionData(parsed)) {
+      return null;
+    }
+    return parsed;
+  } catch {
+    return null;
+  }
+}
+function isValidSessionData(data) {
+  if (data === null || typeof data !== "object") {
+    return false;
+  }
+  const session = data;
+  if (typeof session.userId !== "string" || session.userId.length === 0) {
+    return false;
+  }
+  if (typeof session.accessToken !== "string" || session.accessToken.length === 0) {
+    return false;
+  }
+  if (session.organizationId !== void 0 && typeof session.organizationId !== "string") {
+    return false;
+  }
+  if (session.email !== void 0 && typeof session.email !== "string") {
+    return false;
+  }
+  if (session.name !== void 0 && typeof session.name !== "string") {
+    return false;
+  }
+  if (session.refreshToken !== void 0 && typeof session.refreshToken !== "string") {
+    return false;
+  }
+  if (session.expiresAt !== void 0 && typeof session.expiresAt !== "number") {
+    return false;
+  }
+  return true;
+}
+function getSessionConfig(env) {
+  const validSameSite = ["strict", "lax", "none"];
+  let cookieSameSite = defaultSessionConfig.cookieSameSite;
+  if (env?.SESSION_COOKIE_SAME_SITE) {
+    const value = env.SESSION_COOKIE_SAME_SITE;
+    if (validSameSite.includes(value)) {
+      cookieSameSite = value;
+    }
+  }
+  let cookieMaxAge = defaultSessionConfig.cookieMaxAge;
+  if (env?.SESSION_COOKIE_MAX_AGE) {
+    const parsed = parseInt(env.SESSION_COOKIE_MAX_AGE, 10);
+    if (!Number.isNaN(parsed) && parsed > 0) {
+      cookieMaxAge = parsed;
+    }
+  }
+  return {
+    secret: env?.SESSION_SECRET ?? defaultSessionConfig.secret,
+    cookieName: env?.SESSION_COOKIE_NAME ?? defaultSessionConfig.cookieName,
+    cookieMaxAge,
+    cookieSecure: env?.SESSION_COOKIE_SECURE !== "false",
+    cookieSameSite
+  };
+}
+export { decodeSession, defaultSessionConfig, encodeSession, getSessionConfig, isValidSessionData };
+//# sourceMappingURL=session.js.map
+//# sourceMappingURL=session.js.map

package/dist/session.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/session.ts"],"names":[],"mappings":";AAsDO,IAAM,oBAAA,GAAsC;AAAA,EACjD,UAAA,EAAY,SAAA;AAAA,EACZ,YAAA,EAAc,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,CAAA;AAAA;AAAA,EAC7B,YAAA,EAAc,IAAA;AAAA,EACd,cAAA,EAAgB,KAAA;AAAA,EAChB,MAAA,EAAQ;AACV;AAMA,IAAM,SAAA,GAAY,SAAA;AAClB,IAAM,SAAA,GAAY,EAAA;AAClB,IAAM,UAAA,GAAa,GAAA;AAKnB,eAAe,iBAAiB,MAAA,EAAoC;AAClE,EAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,EAAA,OAAO,OAAO,MAAA,CAAO,SAAA;AAAA,IACnB,KAAA;AAAA,IACA,OAAA,CAAQ,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,EAAA,EAAI,GAAG,CAAA,CAAE,KAAA,CAAM,CAAA,EAAG,EAAE,CAAC,CAAA;AAAA,IAClD,EAAE,MAAM,SAAA,EAAU;AAAA,IAClB,KAAA;AAAA,IACA,CAAC,WAAW,SAAS;AAAA,GACvB;AACF;AAUA,eAAsB,aAAA,CAAc,SAAsB,MAAA,EAAkC;AAC1F,EAAA,MAAM,GAAA,GAAM,MAAM,gBAAA,CAAiB,MAAA,IAAU,qBAAqB,MAAM,CAAA;AACxE,EAAA,MAAM,KAAK,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,SAAS,CAAC,CAAA;AAC3D,EAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,EAAA,MAAM,OAAO,OAAA,CAAQ,MAAA,CAAO,IAAA,CAAK,SAAA,CAAU,OAAO,CAAC,CAAA;AAEnD,EAAA,MAAM,UAAA,GAAa,MAAM,MAAA,CAAO,MAAA,CAAO,OAAA;AAAA,IACrC,EAAE,IAAA,EAAM,SAAA,EAAW,EAAA,EAAI,WAAW,UAAA,EAAW;AAAA,IAC7C,GAAA;AAAA,IACA;AAAA,GACF;AAGA,EAAA,MAAM,WAAW,IAAI,UAAA,CAAW,EAAA,CAAG,MAAA,GAAS,WAAW,UAAU,CAAA;AACjE,EAAA,QAAA,CAAS,GAAA,CAAI,IAAI,CAAC,CAAA;AAClB,EAAA,QAAA,CAAS,IAAI,IAAI,UAAA,CAAW,UAAU,CAAA,EAAG,GAAG,MAAM,CAAA;AAElD,EAAA,OAAO,IAAA,CAAK,MAAA,CAAO,YAAA,CAAa,GAAG,QAAQ,CAAC,CAAA;AAC9C;AAUA,eAAsB,aAAA,CAAc,SAAiB,MAAA,EAA8C;AACjG,EAAA,IAAI;AACF,IAAA,MAAM,GAAA,GAAM,MAAM,gBAAA,CAAiB,MAAA,IAAU,qBAAqB,MAAM,CAAA;AACxE,IAAA,MAAM,QAAA,GAAW,UAAA,CAAW,IAAA,CAAK,IAAA,CAAK,OAAO,CAAA,EAAG,CAAC,CAAA,KAAM,CAAA,CAAE,UAAA,CAAW,CAAC,CAAC,CAAA;AAEtE,IAAA,MAAM,EAAA,GAAK,QAAA,CAAS,KAAA,CAAM,CAAA,EAAG,SAAS,CAAA;AACtC,IAAA,MAAM,UAAA,GAAa,QAAA,CAAS,KAAA,CAAM,SAAS,CAAA;AAE3C,IAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,MAAA,CAAO,OAAA;AAAA,MACpC,EAAE,IAAA,EAAM,SAAA,EAAW,EAAA,EAAI,WAAW,UAAA,EAAW;AAAA,MAC7C,GAAA;AAAA,MACA;AAAA,KACF;AAEA,IAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,IAAA,MAAM,SAAkB,IAAA,CAAK,KAAA,CAAM,OAAA,CAAQ,MAAA,CAAO,SAAS,CAAC,CAAA;AAE5D,IAAA,IAAI,CAAC,kBAAA,CAAmB,MAAM,CAAA,EAAG;AAC/B,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,OAAO,MAAA;AAAA,EACT,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAKO,SAAS,mBAAmB,IAAA,EAAoC;AACrE,EAAA,IAAI,IAAA,KAAS,IAAA,IAAQ,OAAO,IAAA,KAAS,QAAA,EAAU;AAC7C,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,MAAM,OAAA,GAAU,IAAA;AAGhB,EAAA,IAAI,OAAO,OAAA,CAAQ,MAAA,KAAW,YAAY,OAAA,CAAQ,MAAA,CAAO,WAAW,CAAA,EAAG;AACrE,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,IAAI,OAAO,OAAA,CAAQ,WAAA,KAAgB,YAAY,OAAA,CAAQ,WAAA,CAAY,WAAW,CAAA,EAAG;AAC/E,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,IAAI,QAAQ,cAAA,KAAmB,MAAA,IAAa,OAAO,OAAA,CAAQ,mBAAmB,QAAA,EAAU;AACtF,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,IAAI,QAAQ,KAAA,KAAU,MAAA,IAAa,OAAO,OAAA,CAAQ,UAAU,QAAA,EAAU;AACpE,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,IAAI,QAAQ,IAAA,KAAS,MAAA,IAAa,OAAO,OAAA,CAAQ,SAAS,QAAA,EAAU;AAClE,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,IAAI,QAAQ,YAAA,KAAiB,MAAA,IAAa,OAAO,OAAA,CAAQ,iBAAiB,QAAA,EAAU;AAClF,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,IAAI,QAAQ,SAAA,KAAc,MAAA,IAAa,OAAO,OAAA,CAAQ,cAAc,QAAA,EAAU;AAC5E,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,OAAO,IAAA;AACT;AAYO,SAAS,iBAAiB,GAAA,EAAyD;AACxF,EAAA,MAAM,aAAA,GAAgB,CAAC,QAAA,EAAU,KAAA,EAAO,MAAM,CAAA;AAE9C,EAAA,IAAI,iBAAkD,oBAAA,CAAqB,cAAA;AAC3E,EAAA,IAAI,KAAK,wBAAA,EAA0B;AACjC,IAAA,MAAM,QAAQ,GAAA,CAAI,wBAAA;AAClB,IAAA,IAAI,aAAA,CAAc,QAAA,CAAS,KAAqC,CAAA,EAAG;AACjE,MAAA,cAAA,GAAiB,KAAA;AAAA,IACnB;AAAA,EACF;AAEA,EAAA,IAAI,eAAe,oBAAA,CAAqB,YAAA;AACxC,EAAA,IAAI,KAAK,sBAAA,EAAwB;AAC/B,IAAA,MAAM,MAAA,GAAS,QAAA,CAAS,GAAA,CAAI,sBAAA,EAAwB,EAAE,CAAA;AACtD,IAAA,IAAI,CAAC,MAAA,CAAO,KAAA,CAAM,MAAM,CAAA,IAAK,SAAS,CAAA,EAAG;AACvC,MAAA,YAAA,GAAe,MAAA;AAAA,IACjB;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,GAAA,EAAK,cAAA,IAAkB,oBAAA,CAAqB,MAAA;AAAA,IACpD,UAAA,EAAY,GAAA,EAAK,mBAAA,IAAuB,oBAAA,CAAqB,UAAA;AAAA,IAC7D,YAAA;AAAA,IACA,YAAA,EAAc,KAAK,qBAAA,KAA0B,OAAA;AAAA,IAC7C;AAAA,GACF;AACF","file":"session.js","sourcesContent":["/**\n * oauth.do/session - Cookie-based session management with AES-GCM encryption\n *\n * Secure session encoding/decoding using Web Crypto API.\n * Zero dependencies - works in all environments that support Web Crypto.\n *\n * @example\n * ```ts\n * import { encodeSession, decodeSession } from 'oauth.do/session'\n *\n * const session = { userId: 'user_123', accessToken: 'tok_abc' }\n * const encoded = await encodeSession(session, 'my-secret-key')\n * const decoded = await decodeSession(encoded, 'my-secret-key')\n * ```\n */\n\n// ─────────────────────────────────────────────────────────────────\n// Types\n// ─────────────────────────────────────────────────────────────────\n\n/**\n * Session data stored in encrypted cookie\n */\nexport interface SessionData {\n userId: string\n organizationId?: string\n email?: string\n name?: string\n accessToken: string\n refreshToken?: string\n expiresAt?: number\n /** Extensible: apps can add custom fields */\n [key: string]: unknown\n}\n\n/**\n * Configuration for session management\n */\nexport interface SessionConfig {\n /** Cookie name (default: 'session') */\n cookieName: string\n /** Cookie max age in seconds (default: 604800 = 7 days) */\n cookieMaxAge: number\n /** Cookie secure flag (default: true) */\n cookieSecure: boolean\n /** Cookie SameSite attribute (default: 'lax') */\n cookieSameSite: 'strict' | 'lax' | 'none'\n /** Encryption secret (required in production) */\n secret: string\n}\n\n/**\n * Default session configuration\n */\nexport const defaultSessionConfig: SessionConfig = {\n cookieName: 'session',\n cookieMaxAge: 60 * 60 * 24 * 7, // 7 days\n cookieSecure: true,\n cookieSameSite: 'lax',\n secret: 'oauth-do-dev-secret-change-in-production',\n}\n\n// ─────────────────────────────────────────────────────────────────\n// AES-GCM Encryption\n// ─────────────────────────────────────────────────────────────────\n\nconst ALGORITHM = 'AES-GCM'\nconst IV_LENGTH = 12\nconst TAG_LENGTH = 128\n\n/**\n * Derive an AES-GCM encryption key from a secret string\n */\nasync function getEncryptionKey(secret: string): Promise<CryptoKey> {\n const encoder = new TextEncoder()\n return crypto.subtle.importKey(\n 'raw',\n encoder.encode(secret.padEnd(32, '0').slice(0, 32)),\n { name: ALGORITHM },\n false,\n ['encrypt', 'decrypt']\n )\n}\n\n/**\n * Encode session data with AES-GCM encryption.\n * Format: base64(IV || ciphertext || auth tag)\n *\n * @param session - Session data to encrypt\n * @param secret - Encryption secret (min 16 chars recommended)\n * @returns Base64-encoded encrypted session string\n */\nexport async function encodeSession(session: SessionData, secret?: string): Promise<string> {\n const key = await getEncryptionKey(secret ?? defaultSessionConfig.secret)\n const iv = crypto.getRandomValues(new Uint8Array(IV_LENGTH))\n const encoder = new TextEncoder()\n const data = encoder.encode(JSON.stringify(session))\n\n const ciphertext = await crypto.subtle.encrypt(\n { name: ALGORITHM, iv, tagLength: TAG_LENGTH },\n key,\n data\n )\n\n // Combine IV + ciphertext (ciphertext includes auth tag)\n const combined = new Uint8Array(iv.length + ciphertext.byteLength)\n combined.set(iv, 0)\n combined.set(new Uint8Array(ciphertext), iv.length)\n\n return btoa(String.fromCharCode(...combined))\n}\n\n/**\n * Decode session data with AES-GCM decryption.\n * Returns null if decryption fails or data is invalid.\n *\n * @param encoded - Base64-encoded encrypted session string\n * @param secret - Encryption secret (must match the one used for encoding)\n * @returns Decoded session data or null\n */\nexport async function decodeSession(encoded: string, secret?: string): Promise<SessionData | null> {\n try {\n const key = await getEncryptionKey(secret ?? defaultSessionConfig.secret)\n const combined = Uint8Array.from(atob(encoded), (c) => c.charCodeAt(0))\n\n const iv = combined.slice(0, IV_LENGTH)\n const ciphertext = combined.slice(IV_LENGTH)\n\n const decrypted = await crypto.subtle.decrypt(\n { name: ALGORITHM, iv, tagLength: TAG_LENGTH },\n key,\n ciphertext\n )\n\n const decoder = new TextDecoder()\n const parsed: unknown = JSON.parse(decoder.decode(decrypted))\n\n if (!isValidSessionData(parsed)) {\n return null\n }\n\n return parsed\n } catch {\n return null\n }\n}\n\n/**\n * Validate that session data has the required structure\n */\nexport function isValidSessionData(data: unknown): data is SessionData {\n if (data === null || typeof data !== 'object') {\n return false\n }\n\n const session = data as Record<string, unknown>\n\n // Required fields\n if (typeof session.userId !== 'string' || session.userId.length === 0) {\n return false\n }\n if (typeof session.accessToken !== 'string' || session.accessToken.length === 0) {\n return false\n }\n\n // Optional fields type validation\n if (session.organizationId !== undefined && typeof session.organizationId !== 'string') {\n return false\n }\n if (session.email !== undefined && typeof session.email !== 'string') {\n return false\n }\n if (session.name !== undefined && typeof session.name !== 'string') {\n return false\n }\n if (session.refreshToken !== undefined && typeof session.refreshToken !== 'string') {\n return false\n }\n if (session.expiresAt !== undefined && typeof session.expiresAt !== 'number') {\n return false\n }\n\n return true\n}\n\n/**\n * Get session config from environment variables with defaults.\n *\n * Environment variables:\n * - SESSION_SECRET: Encryption secret\n * - SESSION_COOKIE_NAME: Cookie name\n * - SESSION_COOKIE_MAX_AGE: Cookie max age in seconds\n * - SESSION_COOKIE_SECURE: 'true' or 'false'\n * - SESSION_COOKIE_SAME_SITE: 'strict', 'lax', or 'none'\n */\nexport function getSessionConfig(env?: Record<string, string | undefined>): SessionConfig {\n const validSameSite = ['strict', 'lax', 'none'] as const\n\n let cookieSameSite: SessionConfig['cookieSameSite'] = defaultSessionConfig.cookieSameSite\n if (env?.SESSION_COOKIE_SAME_SITE) {\n const value = env.SESSION_COOKIE_SAME_SITE\n if (validSameSite.includes(value as typeof validSameSite[number])) {\n cookieSameSite = value as SessionConfig['cookieSameSite']\n }\n }\n\n let cookieMaxAge = defaultSessionConfig.cookieMaxAge\n if (env?.SESSION_COOKIE_MAX_AGE) {\n const parsed = parseInt(env.SESSION_COOKIE_MAX_AGE, 10)\n if (!Number.isNaN(parsed) && parsed > 0) {\n cookieMaxAge = parsed\n }\n }\n\n return {\n secret: env?.SESSION_SECRET ?? defaultSessionConfig.secret,\n cookieName: env?.SESSION_COOKIE_NAME ?? defaultSessionConfig.cookieName,\n cookieMaxAge,\n cookieSecure: env?.SESSION_COOKIE_SECURE !== 'false',\n cookieSameSite,\n }\n}\n"]}

package/package.json CHANGED Viewed

@@ -1,150 +1,152 @@
 {
-	"name": "oauth.do",
-	"version": "0.2.0",
-	"description": "OAuth authentication SDK, React components, and Hono middleware for org.ai identity",
-	"type": "module",
-	"main": "./dist/index.js",
-	"types": "./dist/index.d.ts",
-	"bin": {
-		"oauth.do": "./dist/cli.js",
-		"duckdb-auth": "./bin/duckdb-auth"
-	},
-	"exports": {
-		".": {
-			"types": "./dist/index.d.ts",
-			"import": "./dist/index.js",
-			"require": "./dist/index.js",
-			"default": "./dist/index.js"
-		},
-		"./node": {
-			"types": "./dist/node.d.ts",
-			"import": "./dist/node.js",
-			"require": "./dist/node.js",
-			"default": "./dist/node.js"
-		},
-		"./react": {
-			"types": "./dist/react.d.ts",
-			"import": "./dist/react.js",
-			"require": "./dist/react.js",
-			"default": "./dist/react.js"
-		},
-		"./hono": {
-			"types": "./dist/hono.d.ts",
-			"import": "./dist/hono.js",
-			"require": "./dist/hono.js",
-			"default": "./dist/hono.js"
-		},
-		"./types": {
-			"types": "./dist/types-export.d.ts",
-			"import": "./dist/types-export.js"
-		},
-		"./mdx/*": "./src/mdx/*"
-	},
-	"files": [
-		"dist",
-		"bin",
-		"src/mdx",
-		"README.md",
-		"LICENSE"
-	],
-	"scripts": {
-		"build": "tsup",
-		"dev": "tsup --watch",
-		"test": "vitest run",
-		"test:watch": "vitest",
-		"check:publish": "node -e \"const pkg = require('./package.json'); const deps = JSON.stringify(pkg.dependencies || {}); if (deps.includes('workspace:')) { console.error('ERROR: workspace: protocol found in dependencies. Replace with actual versions before publishing.'); process.exit(1); }\"",
-		"prepublishOnly": "pnpm check:publish && pnpm build && pnpm test"
-	},
-	"keywords": [
-		"oauth",
-		"authentication",
-		"auth",
-		"login",
-		"identity",
-		"cli",
-		"sdk",
-		"org-ai",
-		"workos",
-		"authkit",
-		"react",
-		"hono"
-	],
-	"author": {
-		"name": "org.ai",
-		"email": "npm@org.ai",
-		"url": "https://org.ai"
-	},
-	"license": "MIT",
-	"repository": {
-		"type": "git",
-		"url": "git+https://github.com/dot-do/oauth.do.git"
-	},
-	"bugs": {
-		"url": "https://github.com/dot-do/oauth.do/issues"
-	},
-	"homepage": "https://oauth.do",
-	"engines": {
-		"node": ">=18.0.0"
-	},
-	"dependencies": {
-		"open": "^10.1.0"
-	},
-	"optionalDependencies": {
-		"keytar": "^7.9.0"
-	},
-	"peerDependencies": {
-		"@radix-ui/themes": ">=3.0.0",
-		"@tanstack/react-query": ">=5.0.0",
-		"@workos-inc/authkit-react": ">=0.5.0",
-		"@workos-inc/widgets": ">=1.0.0",
-		"hono": ">=4.0.0",
-		"jose": ">=5.0.0",
-		"react": ">=18.0.0",
-		"react-dom": ">=18.0.0"
-	},
-	"peerDependenciesMeta": {
-		"@radix-ui/themes": {
-			"optional": true
-		},
-		"@tanstack/react-query": {
-			"optional": true
-		},
-		"@workos-inc/authkit-react": {
-			"optional": true
-		},
-		"@workos-inc/widgets": {
-			"optional": true
-		},
-		"hono": {
-			"optional": true
-		},
-		"jose": {
-			"optional": true
-		},
-		"react": {
-			"optional": true
-		},
-		"react-dom": {
-			"optional": true
-		}
-	},
-	"devDependencies": {
-		"@radix-ui/themes": "^3.0.0",
-		"@tanstack/react-query": "^5.0.0",
-		"@testing-library/jest-dom": "^6.9.1",
-		"@testing-library/react": "^16.3.2",
-		"@types/node": "^24.10.1",
-		"@types/react": "^18.2.0",
-		"@types/react-dom": "^18.2.0",
-		"@workos-inc/authkit-react": "^0.16.0",
-		"@workos-inc/widgets": "^1.0.0",
-		"hono": "^4.0.0",
-		"jose": "^5.0.0",
-		"jsdom": "^27.4.0",
-		"react": "^18.2.0",
-		"react-dom": "^18.2.0",
-		"tsup": "^8.0.0",
-		"typescript": "^5.5.2",
-		"vitest": "^2.1.8"
-	}
+  "name": "oauth.do",
+  "version": "0.2.2",
+  "description": "OAuth authentication SDK, React components, and Hono middleware for org.ai identity",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "bin": {
+    "oauth.do": "./dist/cli.js",
+    "duckdb-auth": "./bin/duckdb-auth"
+  },
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.js",
+      "default": "./dist/index.js"
+    },
+    "./node": {
+      "types": "./dist/node.d.ts",
+      "import": "./dist/node.js",
+      "require": "./dist/node.js",
+      "default": "./dist/node.js"
+    },
+    "./react": {
+      "types": "./dist/react.d.ts",
+      "import": "./dist/react.js",
+      "require": "./dist/react.js",
+      "default": "./dist/react.js"
+    },
+    "./hono": {
+      "types": "./dist/hono.d.ts",
+      "import": "./dist/hono.js",
+      "require": "./dist/hono.js",
+      "default": "./dist/hono.js"
+    },
+    "./types": {
+      "types": "./dist/types-export.d.ts",
+      "import": "./dist/types-export.js"
+    },
+    "./session": {
+      "types": "./dist/session.d.ts",
+      "import": "./dist/session.js"
+    },
+    "./mdx/*": "./src/mdx/*"
+  },
+  "files": [
+    "dist",
+    "bin",
+    "src/mdx",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsup --watch",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "check:publish": "node -e \"const pkg = require('./package.json'); const deps = JSON.stringify(pkg.dependencies || {}); if (deps.includes('workspace:')) { console.error('ERROR: workspace: protocol found in dependencies. Replace with actual versions before publishing.'); process.exit(1); }\"",
+    "prepublishOnly": "pnpm check:publish && pnpm build && pnpm test"
+  },
+  "keywords": [
+    "oauth",
+    "authentication",
+    "auth",
+    "login",
+    "identity",
+    "cli",
+    "sdk",
+    "org-ai",
+    "workos",
+    "authkit",
+    "react",
+    "hono"
+  ],
+  "author": {
+    "name": "org.ai",
+    "email": "npm@org.ai",
+    "url": "https://org.ai"
+  },
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/dot-do/oauth.do.git"
+  },
+  "bugs": {
+    "url": "https://github.com/dot-do/oauth.do/issues"
+  },
+  "homepage": "https://oauth.do",
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "dependencies": {
+    "open": "^10.1.0",
+    "keytar": "^7.9.0"
+  },
+  "peerDependencies": {
+    "@radix-ui/themes": ">=3.0.0",
+    "@tanstack/react-query": ">=5.0.0",
+    "@workos-inc/authkit-react": ">=0.5.0",
+    "@workos-inc/widgets": ">=1.0.0",
+    "hono": ">=4.0.0",
+    "jose": ">=5.0.0",
+    "react": ">=18.0.0",
+    "react-dom": ">=18.0.0"
+  },
+  "peerDependenciesMeta": {
+    "@radix-ui/themes": {
+      "optional": true
+    },
+    "@tanstack/react-query": {
+      "optional": true
+    },
+    "@workos-inc/authkit-react": {
+      "optional": true
+    },
+    "@workos-inc/widgets": {
+      "optional": true
+    },
+    "hono": {
+      "optional": true
+    },
+    "jose": {
+      "optional": true
+    },
+    "react": {
+      "optional": true
+    },
+    "react-dom": {
+      "optional": true
+    }
+  },
+  "devDependencies": {
+    "@radix-ui/themes": "^3.0.0",
+    "@tanstack/react-query": "^5.0.0",
+    "@testing-library/jest-dom": "^6.9.1",
+    "@testing-library/react": "^16.3.2",
+    "@types/node": "^24.10.1",
+    "@types/react": "^18.2.0",
+    "@types/react-dom": "^18.2.0",
+    "@workos-inc/authkit-react": "^0.16.0",
+    "@workos-inc/widgets": "^1.0.0",
+    "hono": "^4.0.0",
+    "jose": "^5.0.0",
+    "jsdom": "^27.4.0",
+    "react": "^18.2.0",
+    "react-dom": "^18.2.0",
+    "tsup": "^8.0.0",
+    "typescript": "^5.5.2",
+    "vitest": "^2.1.8"
+  }
 }