sentri 4.1.0 → 5.0.0

package/dist/cli.js

@@ -1,14 +1,22 @@
 #!/usr/bin/env node
-import {mkdir,writeFile}from'fs/promises';import {existsSync}from'fs';import {join}from'path';var u=`import { createAuthServer } from 'sentri';
+import {mkdir,writeFile}from'fs/promises';import {existsSync}from'fs';import {join}from'path';var y=Object.defineProperty;var s=(e,o)=>y(e,"name",{value:o,configurable:true});var g={server:{express:`import { createAuthExpress } from 'sentri/express';
+import { PostgresDialect } from 'kysely';
+import pg from 'pg';
+
+const { Pool } = pg;
 
 type Role = 'admin' | 'user';
 
-export const sentriAuth = createAuthServer<Role>({
+export const sentriAuth = createAuthExpress<Role>({
+  mode: 'server',
+
   // -- Roles ------------------------------------------------------------------
   validRoles: ['admin', 'user'],
 
   // -- Database ---------------------------------------------------------------
-  db: { connectionString: process.env.DATABASE_URL! },
+  dialect: new PostgresDialect({
+    pool: new Pool({ connectionString: process.env.DATABASE_URL! })
+  }),
 
   // -- Token ------------------------------------------------------------------
   accessExpiresIn: process.env.JWT_ACCESS_EXPIRES_IN ?? '15m',
@@ -19,16 +27,16 @@ export const sentriAuth = createAuthServer<Role>({
   // apiKey: process.env.API_KEY,  // uncomment to restrict POST /register
 
   // -- Redis (optional) -------------------------------------------------------
-  // redisUrl: process.env.REDIS_URL,  // uncomment to enable distributed idempotency cache
+  // redisUrl: process.env.REDIS_URL,
 
   // -- Cookie (optional) ------------------------------------------------------
-  // cookie: { secure: true, sameSite: 'strict' },        // refresh token cookie
-  // accessCookie: { secure: true, sameSite: 'strict' },  // access token cookie (SPA)
+  // cookie: { secure: true, sameSite: 'strict' },
+  // accessCookie: { secure: true, sameSite: 'strict' },
 
   // -- Hooks (optional) -------------------------------------------------------
   // hooks: {
-  //   onLogin: (user) => console.log(\`[\${new Date().toISOString()}] login: \${user.identifier}\`),
-  //   onFailedLogin: (identifier) => console.warn(\`failed login attempt: \${identifier}\`),
+  //   onLogin: (user) => console.log(\`login: \${user.identifier}\`),
+  //   onFailedLogin: (identifier) => console.warn(\`failed login: \${identifier}\`),
   //   onLogout: (userId) => console.log(\`logout: \${userId}\`),
   // },
 
@@ -36,37 +44,243 @@ export const sentriAuth = createAuthServer<Role>({
   // isTokenRevoked: async (sessionId) => false,
 
   // -- Logger (optional) ------------------------------------------------------
-  // Accepts any logger compatible with pino, winston, or console.
-  // When omitted, sentri produces no log output.
   // logger: console,
-  // loggerService: 'sentri',  // default: 'sentri'
+  // loggerService: 'sentri',
 });
-`,d=`# -- Server -------------------------------------------------------------------
-PORT=3000
+`,fastify:`import { createAuthFastify } from 'sentri/fastify';
+import { PostgresDialect } from 'kysely';
+import pg from 'pg';
 
-# -- Database -----------------------------------------------------------------
-DATABASE_URL=postgresql://user:password@localhost:5432/mydb
+const { Pool } = pg;
 
-# -- Token --------------------------------------------------------------------
-JWT_ACCESS_EXPIRES_IN=15m
-JWT_REFRESH_EXPIRES_IN=7d
+type Role = 'admin' | 'user';
 
-# -- Security -----------------------------------------------------------------
-SALT_ROUNDS=12
-# API_KEY=your-register-api-key
+export const sentriAuth = createAuthFastify<Role>({
+  mode: 'server',
 
-# -- Redis (optional) ---------------------------------------------------------
-# REDIS_URL=redis://localhost:6379
-`,m=`import { createAuth } from 'sentri';
+  // -- Roles ------------------------------------------------------------------
+  validRoles: ['admin', 'user'],
+
+  // -- Database ---------------------------------------------------------------
+  dialect: new PostgresDialect({
+    pool: new Pool({ connectionString: process.env.DATABASE_URL! })
+  }),
+
+  // -- Token ------------------------------------------------------------------
+  accessExpiresIn: process.env.JWT_ACCESS_EXPIRES_IN ?? '15m',
+  refreshExpiresIn: process.env.JWT_REFRESH_EXPIRES_IN ?? '7d',
+
+  // -- Security ---------------------------------------------------------------
+  saltRounds: parseInt(process.env.SALT_ROUNDS ?? '12', 10),
+  // apiKey: process.env.API_KEY,
+
+  // -- Redis (optional) -------------------------------------------------------
+  // redisUrl: process.env.REDIS_URL,
+
+  // -- Cookie (optional) ------------------------------------------------------
+  // cookie: { secure: true, sameSite: 'strict' },
+  // accessCookie: { secure: true, sameSite: 'strict' },
+
+  // -- Hooks (optional) -------------------------------------------------------
+  // hooks: {
+  //   onLogin: (user) => console.log(\`login: \${user.identifier}\`),
+  //   onFailedLogin: (identifier) => console.warn(\`failed login: \${identifier}\`),
+  //   onLogout: (userId) => console.log(\`logout: \${userId}\`),
+  // },
+
+  // -- Token revocation (optional) --------------------------------------------
+  // isTokenRevoked: async (sessionId) => false,
+
+  // -- Logger (optional) ------------------------------------------------------
+  // logger: console,
+  // loggerService: 'sentri',
+});
+`,hono:`import { createAuthHono } from 'sentri/hono';
+import { PostgresDialect } from 'kysely';
+import pg from 'pg';
+
+const { Pool } = pg;
+
+type Role = 'admin' | 'user';
+
+export const sentriAuth = createAuthHono<Role>({
+  mode: 'server',
+
+  // -- Roles ------------------------------------------------------------------
+  validRoles: ['admin', 'user'],
+
+  // -- Database ---------------------------------------------------------------
+  dialect: new PostgresDialect({
+    pool: new Pool({ connectionString: process.env.DATABASE_URL! })
+  }),
+
+  // -- Token ------------------------------------------------------------------
+  accessExpiresIn: process.env.JWT_ACCESS_EXPIRES_IN ?? '15m',
+  refreshExpiresIn: process.env.JWT_REFRESH_EXPIRES_IN ?? '7d',
+
+  // -- Security ---------------------------------------------------------------
+  saltRounds: parseInt(process.env.SALT_ROUNDS ?? '12', 10),
+  // apiKey: process.env.API_KEY,
+
+  // -- Redis (optional) -------------------------------------------------------
+  // redisUrl: process.env.REDIS_URL,
+
+  // -- Cookie (optional) ------------------------------------------------------
+  // cookie: { secure: true, sameSite: 'strict' },
+  // accessCookie: { secure: true, sameSite: 'strict' },
+
+  // -- Hooks (optional) -------------------------------------------------------
+  // hooks: {
+  //   onLogin: (user) => console.log(\`login: \${user.identifier}\`),
+  //   onFailedLogin: (identifier) => console.warn(\`failed login: \${identifier}\`),
+  //   onLogout: (userId) => console.log(\`logout: \${userId}\`),
+  // },
+
+  // -- Token revocation (optional) --------------------------------------------
+  // isTokenRevoked: async (sessionId) => false,
+
+  // -- Logger (optional) ------------------------------------------------------
+  // logger: console,
+  // loggerService: 'sentri',
+});
+`,elysia:`import { createAuthElysia } from 'sentri/elysia';
+import { PostgresDialect } from 'kysely';
+import pg from 'pg';
+
+const { Pool } = pg;
+
+type Role = 'admin' | 'user';
+
+export const sentriAuth = createAuthElysia<Role>({
+  mode: 'server',
+
+  // -- Roles ------------------------------------------------------------------
+  validRoles: ['admin', 'user'],
+
+  // -- Database ---------------------------------------------------------------
+  dialect: new PostgresDialect({
+    pool: new Pool({ connectionString: process.env.DATABASE_URL! })
+  }),
+
+  // -- Token ------------------------------------------------------------------
+  accessExpiresIn: process.env.JWT_ACCESS_EXPIRES_IN ?? '15m',
+  refreshExpiresIn: process.env.JWT_REFRESH_EXPIRES_IN ?? '7d',
+
+  // -- Security ---------------------------------------------------------------
+  saltRounds: parseInt(process.env.SALT_ROUNDS ?? '12', 10),
+});
+`,koa:`import { createAuthKoa } from 'sentri/koa';
+import { PostgresDialect } from 'kysely';
+import pg from 'pg';
+
+const { Pool } = pg;
+
+type Role = 'admin' | 'user';
+
+export const sentriAuth = createAuthKoa<Role>({
+  mode: 'server',
+
+  // -- Roles ------------------------------------------------------------------
+  validRoles: ['admin', 'user'],
+
+  // -- Database ---------------------------------------------------------------
+  dialect: new PostgresDialect({
+    pool: new Pool({ connectionString: process.env.DATABASE_URL! })
+  }),
+
+  // -- Token ------------------------------------------------------------------
+  accessExpiresIn: process.env.JWT_ACCESS_EXPIRES_IN ?? '15m',
+  refreshExpiresIn: process.env.JWT_REFRESH_EXPIRES_IN ?? '7d',
+
+  // -- Security ---------------------------------------------------------------
+  saltRounds: parseInt(process.env.SALT_ROUNDS ?? '12', 10),
+});
+`},client:{express:`import { createAuthExpress } from 'sentri/express';
+
+type Role = 'admin' | 'user';
+
+export const sentriAuth = createAuthExpress<Role>({
+  mode: 'client',
+
+  // -- Auth server ------------------------------------------------------------
+  // URL of the auth server's GET /auth/keys endpoint (JWKS).
+  // The server must use RS256 to expose this endpoint.
+  keyUri: process.env.AUTH_KEY_URI!,
+
+  // -- Roles (optional) -------------------------------------------------------
+  // Only used for TypeScript type safety on authorize() \u2014 not validated at runtime.
+  validRoles: ['admin', 'user'],
+
+  // -- Logger (optional) ------------------------------------------------------
+  // logger: console,
+  // loggerService: 'auth-service',
+});
+`,fastify:`import { createAuthFastify } from 'sentri/fastify';
+
+type Role = 'admin' | 'user';
+
+export const sentriAuth = createAuthFastify<Role>({
+  mode: 'client',
+
+  // -- Auth server ------------------------------------------------------------
+  // URL of the auth server's GET /auth/keys endpoint (JWKS).
+  keyUri: process.env.AUTH_KEY_URI!,
+
+  // -- Roles (optional) -------------------------------------------------------
+  validRoles: ['admin', 'user'],
+
+  // -- Logger (optional) ------------------------------------------------------
+  // logger: console,
+  // loggerService: 'auth-service',
+});
+`,hono:`import { createAuthHono } from 'sentri/hono';
+
+type Role = 'admin' | 'user';
+
+export const sentriAuth = createAuthHono<Role>({
+  mode: 'client',
+
+  // -- Auth server ------------------------------------------------------------
+  // URL of the auth server's GET /auth/keys endpoint (JWKS).
+  keyUri: process.env.AUTH_KEY_URI!,
+
+  // -- Roles (optional) -------------------------------------------------------
+  validRoles: ['admin', 'user'],
+
+  // -- Logger (optional) ------------------------------------------------------
+  // logger: console,
+  // loggerService: 'auth-service',
+});
+`,elysia:`import { createAuthElysia } from 'sentri/elysia';
+
+type Role = 'admin' | 'user';
+
+export const sentriAuth = createAuthElysia<Role>({
+  mode: 'client',
+
+  // -- Auth server ------------------------------------------------------------
+  // URL of the auth server's GET /auth/keys endpoint (JWKS).
+  // The server must use RS256 to expose this endpoint.
+  keyUri: process.env.AUTH_KEY_URI!,
+
+  // -- Roles (optional) -------------------------------------------------------
+  // Only used for TypeScript type safety on authorize() \u2014 not validated at runtime.
+  validRoles: ['admin', 'user'],
+
+  // -- Logger (optional) ------------------------------------------------------
+  // logger: console,
+  // loggerService: 'auth-service',
+});
+`,koa:`import { createAuthKoa } from 'sentri/koa';
 
 type Role = 'admin' | 'user';
 
-export const sentriAuth = createAuth<Role>({
+export const sentriAuth = createAuthKoa<Role>({
   mode: 'client',
 
   // -- Auth server ------------------------------------------------------------
   // URL of the auth server's GET /auth/keys endpoint (JWKS).
-  // The server must use RS256/RS384/RS512 to expose this endpoint.
+  // The server must use RS256 to expose this endpoint.
   keyUri: process.env.AUTH_KEY_URI!,
 
   // -- Roles (optional) -------------------------------------------------------
@@ -74,40 +288,42 @@ export const sentriAuth = createAuth<Role>({
   validRoles: ['admin', 'user'],
 
   // -- Logger (optional) ------------------------------------------------------
-  // Accepts any logger compatible with pino, winston, or console.
-  // When omitted, sentri produces no log output.
   // logger: console,
-  // loggerService: 'auth-service',  // default: 'sentri'
+  // loggerService: 'auth-service',
 });
-`,g=`# -- Server -------------------------------------------------------------------
+`}},A=`# -- Server -------------------------------------------------------------------
 PORT=3000
 
-# -- Auth Server --------------------------------------------------------------
-# URL of the auth server's GET /auth/keys endpoint (JWKS).
-AUTH_KEY_URI=http://localhost:3000/auth/keys
-`;function a(){console.log(`
-sentri \u2014 auth/authorization library for Express
+# -- Database -----------------------------------------------------------------
+DATABASE_URL=postgresql://user:password@localhost:5432/mydb
 
-Usage:
-  npx sentri <command>
+# -- Token --------------------------------------------------------------------
+JWT_ACCESS_EXPIRES_IN=15m
+JWT_REFRESH_EXPIRES_IN=7d
 
-Commands:
-  init server   Generate src/lib/sentri.ts for server mode (PostgreSQL + JWT signing)
-  init client   Generate src/lib/sentri.ts for client mode (JWT verification via JWKS)
+# -- Security -----------------------------------------------------------------
+SALT_ROUNDS=12
+# API_KEY=your-register-api-key
 
-Examples:
-  npx sentri init server
-  npx sentri init client
-`);}async function s(e,o,n){if(existsSync(e)){console.log(`  skip   ${n} (already exists)`);return}await writeFile(e,o,"utf8"),console.log(`  create ${n}`);}async function v(){let e=process.cwd(),o=join(e,"src","lib");await mkdir(o,{recursive:true}),console.log(`
-Generating sentri server mode files...
-`),await s(join(o,"sentri.ts"),u,"src/lib/sentri.ts"),await s(join(e,".env.example"),d,".env.example"),console.log(`
+# -- Redis (optional) ---------------------------------------------------------
+# REDIS_URL=redis://localhost:6379
+`,R=`# -- Server -------------------------------------------------------------------
+PORT=3000
+
+# -- Auth Server --------------------------------------------------------------
+# URL of the auth server's GET /auth/keys endpoint (JWKS).
+AUTH_KEY_URI=http://localhost:3000/auth/keys
+`,E={server:{express:`
 Done. Next steps:
 
   1. Copy .env.example to .env and fill in your values
   2. Add to your app entry point:
 
+       import express from 'express';
        import { sentriAuth } from './lib/sentri.js';
 
+       const app = express();
+       app.use(express.json());
        await sentriAuth.migrate();
        app.use('/auth', sentriAuth.router());
        app.use(sentriAuth.errorHandler());
@@ -115,16 +331,184 @@ Done. Next steps:
   3. Protect routes:
 
        app.get('/me', sentriAuth.protect(), (req, res) => res.json(req.user));
-`);}async function h(){let e=process.cwd(),o=join(e,"src","lib");await mkdir(o,{recursive:true}),console.log(`
-Generating sentri client mode files...
-`),await s(join(o,"sentri.ts"),m,"src/lib/sentri.ts"),await s(join(e,".env.example"),g,".env.example"),console.log(`
+`,fastify:`
+Done. Next steps:
+
+  1. Copy .env.example to .env and fill in your values
+  2. Install peer deps: npm install fastify @fastify/cookie
+  3. Add to your app entry point:
+
+       import Fastify from 'fastify';
+       import cookie from '@fastify/cookie';
+       import { sentriAuth } from './lib/sentri.js';
+
+       const app = Fastify();
+       await app.register(cookie);
+       await sentriAuth.migrate();
+       await app.register(sentriAuth.plugin(), { prefix: '/auth' });
+       app.setErrorHandler(sentriAuth.errorHandler());
+
+  4. Protect routes:
+
+       app.get('/me', { preHandler: sentriAuth.protect() }, async (req) => req.user);
+`,hono:`
+Done. Next steps:
+
+  1. Copy .env.example to .env and fill in your values
+  2. Install peer deps: npm install hono
+  3. Add to your app entry point:
+
+       import { Hono } from 'hono';
+       import { sentriAuth } from './lib/sentri.js';
+       import type { SentriHonoEnv } from 'sentri/hono';
+
+       const app = new Hono<SentriHonoEnv>();
+       await sentriAuth.migrate();
+       app.route('/auth', sentriAuth.router());
+       app.onError(sentriAuth.errorHandler());
+
+  4. Protect routes:
+
+       app.get('/me', sentriAuth.protect(), (c) => c.json(c.get('user')));
+`,elysia:`
+Done. Next steps:
+
+  1. Copy .env.example to .env and fill in your values
+  2. Install peer deps: npm install elysia
+  3. Add to your app entry point:
+
+       import { Elysia } from 'elysia';
+       import { sentriAuth } from './lib/sentri.js';
+
+       const app = new Elysia()
+         .onError(sentriAuth.errorHandler())
+         .group('/auth', app => app.use(sentriAuth.router()))
+         .use(sentriAuth.protect())
+         .get('/me', ({ user }) => user);
+
+  4. Protect routes:
+
+       app.use(sentriAuth.protect())
+          .get('/me', ({ user }) => user);
+`,koa:`
+Done. Next steps:
+
+  1. Copy .env.example to .env and fill in your values
+  2. Install peer deps: npm install koa @koa/router koa-bodyparser
+  3. Add to your app entry point:
+
+       import Koa from 'koa';
+       import Router from '@koa/router';
+       import bodyParser from 'koa-bodyparser';
+       import { sentriAuth } from './lib/sentri.js';
+
+       const app = new Koa();
+       app.use(bodyParser());
+       app.use(sentriAuth.errorHandler());
+       await sentriAuth.migrate();
+
+       const rootRouter = new Router();
+       rootRouter.use('/auth', sentriAuth.router().routes());
+       app.use(rootRouter.routes());
+
+  4. Protect routes:
+
+       rootRouter.get('/me', sentriAuth.protect(), (ctx) => {
+         ctx.body = ctx.state.user;
+       });
+`},client:{express:`
 Done. Next steps:
 
   1. Copy .env.example to .env and set AUTH_KEY_URI to your auth server's /auth/keys endpoint
   2. Add to your app entry point:
 
+       import express from 'express';
        import { sentriAuth } from './lib/sentri.js';
 
+       const app = express();
        app.get('/protected', sentriAuth.protect(), (req, res) => res.json(req.user));
        app.use(sentriAuth.errorHandler());
-`);}var E=process.argv.slice(2),[r,i]=E;(!r||r==="--help"||r==="-h")&&(a(),process.exit(0));r==="init"?i==="server"?v().catch(e=>{console.error(e),process.exit(1);}):i==="client"?h().catch(e=>{console.error(e),process.exit(1);}):(console.error("Usage: npx sentri init <server|client>"),process.exit(1)):(console.error(`Unknown command: ${r}`),a(),process.exit(1));
+`,fastify:`
+Done. Next steps:
+
+  1. Copy .env.example to .env and set AUTH_KEY_URI to your auth server's /auth/keys endpoint
+  2. Install peer deps: npm install fastify
+  3. Add to your app entry point:
+
+       import Fastify from 'fastify';
+       import { sentriAuth } from './lib/sentri.js';
+
+       const app = Fastify();
+       app.get('/protected', { preHandler: sentriAuth.protect() }, async (req) => req.user);
+       app.setErrorHandler(sentriAuth.errorHandler());
+`,hono:`
+Done. Next steps:
+
+  1. Copy .env.example to .env and set AUTH_KEY_URI to your auth server's /auth/keys endpoint
+  2. Install peer deps: npm install hono
+  3. Add to your app entry point:
+
+       import { Hono } from 'hono';
+       import { sentriAuth } from './lib/sentri.js';
+       import type { SentriHonoEnv } from 'sentri/hono';
+
+       const app = new Hono<SentriHonoEnv>();
+       app.get('/protected', sentriAuth.protect(), (c) => c.json(c.get('user')));
+       app.onError(sentriAuth.errorHandler());
+`,elysia:`
+Done. Next steps:
+
+  1. Copy .env.example to .env and set AUTH_KEY_URI to your auth server's /auth/keys endpoint
+  2. Install peer deps: npm install elysia
+  3. Add to your app entry point:
+
+       import { Elysia } from 'elysia';
+       import { sentriAuth } from './lib/sentri.js';
+
+       const app = new Elysia()
+         .onError(sentriAuth.errorHandler())
+         .use(sentriAuth.protect())
+         .get('/protected', ({ user }) => user);
+`,koa:`
+Done. Next steps:
+
+  1. Copy .env.example to .env and set AUTH_KEY_URI to your auth server's /auth/keys endpoint
+  2. Install peer deps: npm install koa @koa/router
+  3. Add to your app entry point:
+
+       import Koa from 'koa';
+       import Router from '@koa/router';
+       import { sentriAuth } from './lib/sentri.js';
+
+       const app = new Koa();
+       app.use(sentriAuth.errorHandler());
+
+       const rootRouter = new Router();
+       rootRouter.get('/protected', sentriAuth.protect(), (ctx) => {
+         ctx.body = ctx.state.user;
+       });
+       app.use(rootRouter.routes());
+`}};function c(){console.log(`
+sentri \u2014 auth/authorization library for Express, Fastify, Hono, Elysia, and Koa
+
+Usage:
+  npx sentri <command>
+
+Commands:
+  init [mode] [adapter]   Generate src/lib/sentri.ts
+
+  mode:     server (default) | client
+  adapter:  express (default) | fastify | hono | elysia | koa
+
+Examples:
+  npx sentri init                     \u2192 server mode, express adapter
+  npx sentri init server              \u2192 server mode, express adapter
+  npx sentri init server hono         \u2192 server mode, hono adapter
+  npx sentri init server elysia       \u2192 server mode, elysia adapter
+  npx sentri init server koa          \u2192 server mode, koa adapter
+  npx sentri init client              \u2192 client mode, express adapter
+  npx sentri init client fastify      \u2192 client mode, fastify adapter
+  npx sentri init client hono         \u2192 client mode, hono adapter
+`);}s(c,"help");async function l(e,o,t){if(existsSync(e)){console.log(`  skip   ${t} (already exists)`);return}await writeFile(e,o,"utf8"),console.log(`  create ${t}`);}s(l,"writeIfNotExists");async function S(e,o){let t=["server","client"],i=["express","fastify","hono","elysia","koa"];t.includes(e)||(console.error(`Unknown mode: "${e}". Valid modes: ${t.join(", ")}`),process.exit(1)),i.includes(o)||(console.error(`Unknown adapter: "${o}". Valid adapters: ${i.join(", ")}`),process.exit(1));let a=process.cwd(),p=join(a,"src","lib");await mkdir(p,{recursive:true});let u=g[e][o],d=e==="server"?A:R,m=E[e][o];console.log(`
+Generating sentri ${e} mode files (${o})...
+`),await l(join(p,"sentri.ts"),u,"src/lib/sentri.ts"),await l(join(a,".env.example"),d,".env.example"),console.log(m);}s(S,"init");var x=process.argv.slice(2),[r,k,_]=x;(!r||r==="--help"||r==="-h")&&(c(),process.exit(0));r==="init"?S(k??"server",_??"express").catch(t=>{console.error(t),process.exit(1);}):(console.error(`Unknown command: ${r}`),c(),process.exit(1));

package/dist/core/index.cjs

@@ -0,0 +1 @@
+'use strict';var t=Object.defineProperty;var N=(I,E)=>t(I,"name",{value:E,configurable:true});var O=Object.assign(Object.create(null),{UNAUTHORIZED:401,TOKEN_EXPIRED:401,TOKEN_INVALID:401,INVALID_CREDENTIALS:401,FORBIDDEN:403,USER_NOT_FOUND:404,IDENTIFIER_NOT_FOUND:404,USER_ALREADY_EXISTS:409,IDENTIFIER_ALREADY_EXISTS:409,INVALID_ROLE:400,VALIDATION_ERROR:400,CONFIGURATION_ERROR:500,TOKEN_REUSE:401}),R=class extends Error{static{N(this,"SentriError");}code;statusCode;constructor(E,T,_){super(T),this.name="SentriError",this.code=E,this.statusCode=_??O[E]??500;}};exports.SENTRI_ERROR_STATUS=O;exports.SentriError=R;