signet-auth 1.0.0-beta.0

package/dist/core/errors.d.ts

@@ -0,0 +1,57 @@
+/**
+ * Error hierarchy for signet.
+ * These are used as Result.err values, NOT thrown for control flow.
+ * Only truly unexpected errors (programmer bugs, I/O failures) are thrown.
+ */
+export type AuthErrorCode = 'PROVIDER_NOT_FOUND' | 'CREDENTIAL_NOT_FOUND' | 'CREDENTIAL_EXPIRED' | 'CREDENTIAL_TYPE_MISMATCH' | 'REFRESH_FAILED' | 'BROWSER_ERROR' | 'BROWSER_LAUNCH_ERROR' | 'BROWSER_TIMEOUT' | 'BROWSER_NAVIGATION_ERROR' | 'STORAGE_ERROR' | 'CONFIG_ERROR' | 'MANUAL_SETUP_REQUIRED' | 'SYNC_ERROR' | 'REMOTE_NOT_FOUND' | 'SYNC_CONFLICT';
+export declare class AuthError extends Error {
+    readonly code: AuthErrorCode;
+    readonly providerId?: string | undefined;
+    constructor(message: string, code: AuthErrorCode, providerId?: string | undefined);
+}
+export declare class ProviderNotFoundError extends AuthError {
+    constructor(urlOrId: string);
+}
+export declare class CredentialNotFoundError extends AuthError {
+    constructor(providerId: string);
+}
+export declare class CredentialExpiredError extends AuthError {
+    constructor(providerId: string);
+}
+export declare class CredentialTypeError extends AuthError {
+    constructor(providerId: string, expected: string[], actual: string);
+}
+export declare class RefreshError extends AuthError {
+    constructor(providerId: string, reason: string);
+}
+export declare class BrowserError extends AuthError {
+    constructor(message: string, providerId?: string);
+}
+export declare class BrowserLaunchError extends AuthError {
+    constructor(reason: string);
+}
+export declare class BrowserTimeoutError extends AuthError {
+    constructor(operation: string, timeoutMs: number, providerId?: string);
+}
+export declare class BrowserNavigationError extends AuthError {
+    constructor(url: string, reason: string, providerId?: string);
+}
+export declare class StorageError extends AuthError {
+    constructor(operation: string, reason: string);
+}
+export declare class ConfigError extends AuthError {
+    constructor(message: string);
+}
+export declare class ManualSetupRequired extends AuthError {
+    readonly instructions: string;
+    constructor(providerId: string, instructions: string);
+}
+export declare class SyncError extends AuthError {
+    constructor(message: string, providerId?: string);
+}
+export declare class RemoteNotFoundError extends AuthError {
+    constructor(remoteName: string);
+}
+export declare class SyncConflictError extends AuthError {
+    constructor(providerId: string, localUpdated: string, remoteUpdated: string);
+}

package/dist/core/errors.js

@@ -0,0 +1,107 @@
+/**
+ * Error hierarchy for signet.
+ * These are used as Result.err values, NOT thrown for control flow.
+ * Only truly unexpected errors (programmer bugs, I/O failures) are thrown.
+ */
+export class AuthError extends Error {
+    code;
+    providerId;
+    constructor(message, code, providerId) {
+        super(message);
+        this.code = code;
+        this.providerId = providerId;
+        this.name = 'AuthError';
+    }
+}
+export class ProviderNotFoundError extends AuthError {
+    constructor(urlOrId) {
+        super(`No provider matches "${urlOrId}". Check your config.yaml or run "sig providers" to see configured ones.`, 'PROVIDER_NOT_FOUND');
+        this.name = 'ProviderNotFoundError';
+    }
+}
+export class CredentialNotFoundError extends AuthError {
+    constructor(providerId) {
+        super(`No stored credentials for provider "${providerId}". Run "sig login" first.`, 'CREDENTIAL_NOT_FOUND', providerId);
+        this.name = 'CredentialNotFoundError';
+    }
+}
+export class CredentialExpiredError extends AuthError {
+    constructor(providerId) {
+        super(`Credentials for "${providerId}" have expired and could not be refreshed.`, 'CREDENTIAL_EXPIRED', providerId);
+        this.name = 'CredentialExpiredError';
+    }
+}
+export class CredentialTypeError extends AuthError {
+    constructor(providerId, expected, actual) {
+        super(`Provider "${providerId}" expects credential type [${expected.join(', ')}] but got "${actual}".`, 'CREDENTIAL_TYPE_MISMATCH', providerId);
+        this.name = 'CredentialTypeError';
+    }
+}
+export class RefreshError extends AuthError {
+    constructor(providerId, reason) {
+        super(`Token refresh failed for "${providerId}": ${reason}`, 'REFRESH_FAILED', providerId);
+        this.name = 'RefreshError';
+    }
+}
+export class BrowserError extends AuthError {
+    constructor(message, providerId) {
+        super(message, 'BROWSER_ERROR', providerId);
+        this.name = 'BrowserError';
+    }
+}
+export class BrowserLaunchError extends AuthError {
+    constructor(reason) {
+        super(`Failed to launch browser: ${reason}`, 'BROWSER_LAUNCH_ERROR');
+        this.name = 'BrowserLaunchError';
+    }
+}
+export class BrowserTimeoutError extends AuthError {
+    constructor(operation, timeoutMs, providerId) {
+        super(`Browser operation "${operation}" timed out after ${timeoutMs}ms`, 'BROWSER_TIMEOUT', providerId);
+        this.name = 'BrowserTimeoutError';
+    }
+}
+export class BrowserNavigationError extends AuthError {
+    constructor(url, reason, providerId) {
+        super(`Failed to navigate to ${url}: ${reason}`, 'BROWSER_NAVIGATION_ERROR', providerId);
+        this.name = 'BrowserNavigationError';
+    }
+}
+export class StorageError extends AuthError {
+    constructor(operation, reason) {
+        super(`Storage ${operation} failed: ${reason}`, 'STORAGE_ERROR');
+        this.name = 'StorageError';
+    }
+}
+export class ConfigError extends AuthError {
+    constructor(message) {
+        super(message, 'CONFIG_ERROR');
+        this.name = 'ConfigError';
+    }
+}
+export class ManualSetupRequired extends AuthError {
+    instructions;
+    constructor(providerId, instructions) {
+        super(`Provider "${providerId}" requires manual setup. ${instructions}`, 'MANUAL_SETUP_REQUIRED', providerId);
+        this.instructions = instructions;
+        this.name = 'ManualSetupRequired';
+    }
+}
+export class SyncError extends AuthError {
+    constructor(message, providerId) {
+        super(message, 'SYNC_ERROR', providerId);
+        this.name = 'SyncError';
+    }
+}
+export class RemoteNotFoundError extends AuthError {
+    constructor(remoteName) {
+        super(`Remote "${remoteName}" not found. Run "sig remote add ${remoteName} <host>" first.`, 'REMOTE_NOT_FOUND');
+        this.name = 'RemoteNotFoundError';
+    }
+}
+export class SyncConflictError extends AuthError {
+    constructor(providerId, localUpdated, remoteUpdated) {
+        super(`Conflict for "${providerId}": local updated ${localUpdated}, remote updated ${remoteUpdated}. Use --force to overwrite.`, 'SYNC_CONFLICT', providerId);
+        this.name = 'SyncConflictError';
+    }
+}

package/dist/core/interfaces/auth-strategy.d.ts

@@ -0,0 +1,48 @@
+import type { Result } from '../result.js';
+import type { AuthError } from '../errors.js';
+import type { Credential, ProviderConfig, StrategyConfig } from '../types.js';
+import type { IBrowserAdapter } from './browser-adapter.js';
+import type { ILogger } from '../types.js';
+import type { BrowserConfig } from '../../config/schema.js';
+/**
+ * Context provided to strategies during authentication.
+ * Browser adapter is optional — strategies that don't need a browser (api-token, basic)
+ * simply ignore it.
+ */
+export interface AuthContext {
+    browserAdapter: IBrowserAdapter;
+    browserConfig: BrowserConfig;
+    logger?: ILogger;
+}
+/**
+ * Core strategy interface — implements a specific authentication method.
+ *
+ * Each method returns Result<T, AuthError> instead of throwing.
+ * This ensures expected failures (expired tokens, manual setup needed)
+ * are handled through types, not catch blocks.
+ */
+export interface IAuthStrategy {
+    /** Check if a credential is still valid (not expired, not revoked). */
+    validate(credential: Credential, config: StrategyConfig): Result<boolean, AuthError>;
+    /** Perform fresh authentication. May launch a browser. */
+    authenticate(provider: ProviderConfig, context: AuthContext): Promise<Result<Credential, AuthError>>;
+    /**
+     * Try to refresh an expired credential without full re-authentication.
+     * Returns ok(null) if refresh is not supported by this strategy.
+     * Returns ok(credential) if refresh succeeded.
+     * Returns err() if refresh was attempted but failed.
+     */
+    refresh(credential: Credential, config: StrategyConfig): Promise<Result<Credential | null, AuthError>>;
+    /** Convert a credential into HTTP headers for an outgoing request. */
+    applyToRequest(credential: Credential): Record<string, string>;
+}
+/**
+ * Factory for creating strategy instances from YAML config.
+ * Each factory is registered in the StrategyRegistry by name.
+ */
+export interface IAuthStrategyFactory {
+    /** Strategy name as used in provider config (e.g. "cookie", "oauth2") */
+    readonly name: string;
+    /** Create a strategy instance with the given config */
+    create(config: StrategyConfig): IAuthStrategy;
+}

package/dist/core/interfaces/auth-strategy.js

@@ -0,0 +1 @@
+export {};

package/dist/core/interfaces/browser-adapter.d.ts

@@ -0,0 +1,73 @@
+import type { Cookie, BrowserLaunchOptions } from '../types.js';
+/**
+ * Pluggable browser automation adapter.
+ *
+ * Ships with PlaywrightAdapter. Users can implement this interface
+ * for Puppeteer, raw CDP, or any other browser automation tool.
+ *
+ * Example:
+ *   class PuppeteerAdapter implements IBrowserAdapter {
+ *     readonly name = 'puppeteer';
+ *     async launch(options) { ... }
+ *   }
+ */
+export interface IBrowserAdapter {
+    readonly name: string;
+    launch(options: BrowserLaunchOptions): Promise<IBrowserSession>;
+}
+export interface IBrowserSession {
+    newPage(): Promise<IBrowserPage>;
+    pages(): Promise<IBrowserPage[]>;
+    close(): Promise<void>;
+    isConnected(): boolean;
+}
+export interface IBrowserPage {
+    goto(url: string, options?: NavigateOptions): Promise<void>;
+    url(): string;
+    waitForUrl(pattern: string | RegExp, options?: {
+        timeout?: number;
+    }): Promise<void>;
+    waitForNavigation(options?: {
+        timeout?: number;
+    }): Promise<void>;
+    waitForLoadState(state?: 'load' | 'networkidle' | 'domcontentloaded'): Promise<void>;
+    fill(selector: string, value: string): Promise<void>;
+    click(selector: string, options?: {
+        timeout?: number;
+    }): Promise<void>;
+    type(selector: string, text: string, options?: {
+        delay?: number;
+    }): Promise<void>;
+    waitForSelector(selector: string, options?: {
+        timeout?: number;
+        state?: 'visible' | 'hidden' | 'attached';
+    }): Promise<void>;
+    cookies(urls?: string[]): Promise<Cookie[]>;
+    evaluate<T>(fn: (() => T) | string): Promise<T>;
+    evaluateWithArg<T, A>(fn: ((arg: A) => T), arg: A): Promise<T>;
+    screenshot(options?: {
+        path?: string;
+        fullPage?: boolean;
+    }): Promise<Buffer>;
+    content(): Promise<string>;
+    title(): Promise<string>;
+    close(): Promise<void>;
+    isClosed(): boolean;
+    onClose(handler: () => void): void;
+    onRequest?(handler: (request: PageRequest) => void): () => void;
+    onResponse?(handler: (response: PageResponse) => void): () => void;
+}
+export interface PageRequest {
+    url: string;
+    method: string;
+    headers: Record<string, string>;
+}
+export interface PageResponse {
+    url: string;
+    status: number;
+    headers: Record<string, string>;
+}
+export interface NavigateOptions {
+    waitUntil?: 'load' | 'networkidle' | 'domcontentloaded' | 'commit';
+    timeout?: number;
+}

package/dist/core/interfaces/browser-adapter.js

@@ -0,0 +1 @@
+export {};

package/dist/core/interfaces/provider.d.ts

@@ -0,0 +1,15 @@
+import type { ProviderConfig } from '../types.js';
+/**
+ * Registry for provider configurations.
+ * Providers are loaded from YAML config files and can be registered at runtime.
+ */
+export interface IProviderRegistry {
+    /** Resolve a provider by matching a URL against registered domains. */
+    resolve(url: string): ProviderConfig | null;
+    /** Get a provider by its ID. */
+    get(id: string): ProviderConfig | null;
+    /** List all registered providers. */
+    list(): ProviderConfig[];
+    /** Register a new provider at runtime. Overwrites if ID already exists. */
+    register(provider: ProviderConfig): void;
+}

package/dist/core/interfaces/provider.js

@@ -0,0 +1 @@
+export {};

package/dist/core/interfaces/storage.d.ts

@@ -0,0 +1,21 @@
+import type { StoredCredential, StoredEntry } from '../types.js';
+/**
+ * Credential persistence interface.
+ *
+ * Implementations:
+ * - DirectoryStorage: one JSON file per provider in a directory (production)
+ * - CachedStorage: TTL cache decorator wrapping any IStorage
+ * - MemoryStorage: in-memory (testing)
+ */
+export interface IStorage {
+    /** Get stored credential for a provider. Returns null if not found. */
+    get(providerId: string): Promise<StoredCredential | null>;
+    /** Store (or overwrite) credential for a provider. */
+    set(providerId: string, credential: StoredCredential): Promise<void>;
+    /** Delete stored credential for a provider. No-op if not found. */
+    delete(providerId: string): Promise<void>;
+    /** List all stored entries (summary, not full credentials). */
+    list(): Promise<StoredEntry[]>;
+    /** Delete all stored credentials. */
+    clear(): Promise<void>;
+}

package/dist/core/interfaces/storage.js

@@ -0,0 +1 @@
+export {};

package/dist/core/result.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Result type for operations that can fail without throwing exceptions.
+ * Used instead of try/catch for expected failure modes like "manual setup required".
+ */
+export type Result<T, E = Error> = {
+    ok: true;
+    value: T;
+} | {
+    ok: false;
+    error: E;
+};
+export declare function ok<T>(value: T): Result<T, never>;
+export declare function err<E>(error: E): Result<never, E>;
+export declare function isOk<T, E>(result: Result<T, E>): result is {
+    ok: true;
+    value: T;
+};
+export declare function isErr<T, E>(result: Result<T, E>): result is {
+    ok: false;
+    error: E;
+};

package/dist/core/result.js

@@ -0,0 +1,16 @@
+/**
+ * Result type for operations that can fail without throwing exceptions.
+ * Used instead of try/catch for expected failure modes like "manual setup required".
+ */
+export function ok(value) {
+    return { ok: true, value };
+}
+export function err(error) {
+    return { ok: false, error };
+}
+export function isOk(result) {
+    return result.ok;
+}
+export function isErr(result) {
+    return !result.ok;
+}

package/dist/core/types.d.ts

@@ -0,0 +1,128 @@
+/**
+ * Core type definitions for signet.
+ * These types have zero external dependencies — they are the shared vocabulary
+ * used across all layers (strategies, storage, providers, handlers).
+ */
+export interface CookieStrategyConfig {
+    strategy: 'cookie';
+    ttl?: string;
+    requiredCookies?: string[];
+}
+export interface OAuth2StrategyConfig {
+    strategy: 'oauth2';
+    audiences?: string[];
+    tokenEndpoint?: string;
+    clientId?: string;
+    scopes?: string[];
+}
+export interface ApiTokenStrategyConfig {
+    strategy: 'api-token';
+    headerName?: string;
+    headerPrefix?: string;
+    setupInstructions?: string;
+}
+export interface BasicStrategyConfig {
+    strategy: 'basic';
+    setupInstructions?: string;
+}
+export type StrategyConfig = CookieStrategyConfig | OAuth2StrategyConfig | ApiTokenStrategyConfig | BasicStrategyConfig;
+export type StrategyName = StrategyConfig['strategy'];
+export type CredentialType = 'cookie' | 'bearer' | 'api-key' | 'basic';
+export interface Cookie {
+    name: string;
+    value: string;
+    domain: string;
+    path: string;
+    expires: number;
+    httpOnly: boolean;
+    secure: boolean;
+    sameSite?: 'Strict' | 'Lax' | 'None';
+}
+export interface CookieCredential {
+    type: 'cookie';
+    cookies: Cookie[];
+    obtainedAt: string;
+    xHeaders?: Record<string, string>;
+}
+export interface BearerCredential {
+    type: 'bearer';
+    accessToken: string;
+    refreshToken?: string;
+    expiresAt?: string;
+    scopes?: string[];
+    tokenEndpoint?: string;
+    xHeaders?: Record<string, string>;
+}
+export interface ApiKeyCredential {
+    type: 'api-key';
+    key: string;
+    headerName: string;
+    headerPrefix?: string;
+}
+export interface BasicCredential {
+    type: 'basic';
+    username: string;
+    password: string;
+}
+export type Credential = CookieCredential | BearerCredential | ApiKeyCredential | BasicCredential;
+export interface XHeaderConfig {
+    name: string;
+    source?: 'request' | 'response';
+    urlPattern?: string;
+    staticValue?: string;
+}
+export interface ProviderConfig {
+    id: string;
+    name: string;
+    domains: string[];
+    entryUrl?: string;
+    strategy: string;
+    strategyConfig: StrategyConfig;
+    acceptedCredentialTypes?: CredentialType[];
+    setupInstructions?: string;
+    credentialFile?: string;
+    xHeaders?: XHeaderConfig[];
+    autoProvisioned?: boolean;
+    forceVisible?: boolean;
+}
+export interface StoredCredential {
+    credential: Credential;
+    providerId: string;
+    strategy: string;
+    updatedAt: string;
+    metadata?: Record<string, unknown>;
+}
+export interface StoredEntry {
+    providerId: string;
+    strategy: string;
+    updatedAt: string;
+    credentialType: CredentialType;
+}
+export interface BrowserLaunchOptions {
+    headless?: boolean;
+    timeout?: number;
+    args?: string[];
+}
+export interface ProviderStatus {
+    id: string;
+    name: string;
+    configured: boolean;
+    valid: boolean;
+    credentialType?: CredentialType;
+    strategy: string;
+    expiresAt?: string;
+    expiresInMinutes?: number;
+}
+export interface ILogger {
+    debug(message: string, ...args: unknown[]): void;
+    info(message: string, ...args: unknown[]): void;
+    warn(message: string, ...args: unknown[]): void;
+    error(message: string, ...args: unknown[]): void;
+}
+export interface AuthDiagnostics {
+    authDetectedImmediately: boolean;
+    oauthTokensDetected: boolean;
+    cookiesExtracted: number;
+    testRequestStatus?: number;
+    suggestions: string[];
+}

package/dist/core/types.js

@@ -0,0 +1,6 @@
+/**
+ * Core type definitions for signet.
+ * These types have zero external dependencies — they are the shared vocabulary
+ * used across all layers (strategies, storage, providers, handlers).
+ */
+export {};

package/dist/deps.d.ts

@@ -0,0 +1,20 @@
+import type { IStorage } from './core/interfaces/storage.js';
+import type { SignetConfig } from './config/schema.js';
+import { AuthManager } from './auth-manager.js';
+import { StrategyRegistry } from './strategies/registry.js';
+import { ProviderRegistry } from './providers/provider-registry.js';
+/**
+ * Shared dependency graph used by the CLI and programmatic API.
+ */
+export interface AuthDeps {
+    authManager: AuthManager;
+    storage: IStorage;
+    providerRegistry: ProviderRegistry;
+    strategyRegistry: StrategyRegistry;
+    config: SignetConfig;
+}
+/**
+ * Create the auth dependency graph from a validated SignetConfig.
+ * No env vars, no cascade — config is the single source of truth.
+ */
+export declare function createAuthDeps(config: SignetConfig): AuthDeps;

package/dist/deps.js

@@ -0,0 +1,54 @@
+import os from 'node:os';
+import { AuthManager } from './auth-manager.js';
+import { StrategyRegistry } from './strategies/registry.js';
+import { CookieStrategyFactory } from './strategies/cookie.strategy.js';
+import { OAuth2StrategyFactory } from './strategies/oauth2.strategy.js';
+import { ApiTokenStrategyFactory } from './strategies/api-token.strategy.js';
+import { BasicAuthStrategyFactory } from './strategies/basic-auth.strategy.js';
+import { ProviderRegistry } from './providers/provider-registry.js';
+import { DirectoryStorage } from './storage/directory-storage.js';
+import { CachedStorage } from './storage/cached-storage.js';
+import { PlaywrightAdapter } from './browser/adapters/playwright.adapter.js';
+import { buildStrategyConfig } from './config/validator.js';
+/**
+ * Create the auth dependency graph from a validated SignetConfig.
+ * No env vars, no cascade — config is the single source of truth.
+ */
+export function createAuthDeps(config) {
+    // 1. Convert config providers to ProviderConfig[]
+    const providerConfigs = Object.entries(config.providers).map(([id, entry]) => ({
+        id,
+        name: entry.name ?? id,
+        domains: entry.domains,
+        entryUrl: entry.entryUrl,
+        strategy: entry.strategy,
+        strategyConfig: buildStrategyConfig(entry.strategy, entry.config),
+        acceptedCredentialTypes: entry.acceptedCredentialTypes,
+        setupInstructions: entry.setupInstructions,
+        credentialFile: entry.credentialFile,
+        xHeaders: entry.xHeaders,
+        ...(entry.forceVisible !== undefined ? { forceVisible: entry.forceVisible } : {}),
+    }));
+    const providerRegistry = new ProviderRegistry(providerConfigs);
+    // 2. Build strategy registry with built-in strategies
+    const strategyRegistry = new StrategyRegistry();
+    strategyRegistry.register(new CookieStrategyFactory());
+    strategyRegistry.register(new OAuth2StrategyFactory());
+    strategyRegistry.register(new ApiTokenStrategyFactory());
+    strategyRegistry.register(new BasicAuthStrategyFactory());
+    // 3. Build storage (CachedStorage wrapping DirectoryStorage)
+    const credDir = config.storage.credentialsDir.replace(/^~/, os.homedir());
+    const storage = new CachedStorage(new DirectoryStorage(credDir), { ttlMs: 5000 });
+    // 4. Build browser adapter factory using config.browser
+    const browserConfig = config.browser;
+    const browserAdapterFactory = () => new PlaywrightAdapter(browserConfig);
+    // 5. Build AuthManager
+    const authManager = new AuthManager({
+        storage,
+        strategyRegistry,
+        providerRegistry,
+        browserAdapterFactory,
+        browserConfig,
+    });
+    return { authManager, storage, providerRegistry, strategyRegistry, config };
+}

package/dist/index.d.ts

@@ -0,0 +1,35 @@
+export type { SignetConfig, BrowserConfig, StorageConfig, ProviderEntry, RemoteEntry, } from './config/schema.js';
+export { loadConfig, saveConfig, getConfigPath } from './config/loader.js';
+export { validateConfig, buildStrategyConfig } from './config/validator.js';
+export { generateConfigYaml } from './config/generator.js';
+export type { InitOptions } from './config/generator.js';
+export { createAuthDeps } from './deps.js';
+export type { AuthDeps } from './deps.js';
+export type { Credential, CookieCredential, BearerCredential, ApiKeyCredential, BasicCredential, CredentialType, Cookie, ProviderConfig, StrategyConfig, StrategyName, CookieStrategyConfig, OAuth2StrategyConfig, ApiTokenStrategyConfig, BasicStrategyConfig, StoredCredential, StoredEntry, ProviderStatus, BrowserLaunchOptions, ILogger, XHeaderConfig, AuthDiagnostics, } from './core/types.js';
+export { ok, err, isOk, isErr } from './core/result.js';
+export type { Result } from './core/result.js';
+export { AuthError, ProviderNotFoundError, CredentialNotFoundError, CredentialExpiredError, CredentialTypeError, RefreshError, BrowserError, BrowserLaunchError, BrowserTimeoutError, BrowserNavigationError, StorageError, ConfigError, ManualSetupRequired, SyncError, RemoteNotFoundError, SyncConflictError, } from './core/errors.js';
+export type { IAuthStrategy, IAuthStrategyFactory, AuthContext } from './core/interfaces/auth-strategy.js';
+export type { IBrowserAdapter, IBrowserSession, IBrowserPage, NavigateOptions, PageRequest, PageResponse } from './core/interfaces/browser-adapter.js';
+export type { IStorage } from './core/interfaces/storage.js';
+export type { IProviderRegistry } from './core/interfaces/provider.js';
+export { AuthManager } from './auth-manager.js';
+export { CookieStrategyFactory } from './strategies/cookie.strategy.js';
+export { OAuth2StrategyFactory } from './strategies/oauth2.strategy.js';
+export { ApiTokenStrategyFactory } from './strategies/api-token.strategy.js';
+export { BasicAuthStrategyFactory } from './strategies/basic-auth.strategy.js';
+export { StrategyRegistry } from './strategies/registry.js';
+export { DirectoryStorage } from './storage/directory-storage.js';
+export { CachedStorage } from './storage/cached-storage.js';
+export { MemoryStorage } from './storage/memory-storage.js';
+export { ProviderRegistry } from './providers/provider-registry.js';
+export { createDefaultProvider } from './providers/auto-provision.js';
+export { PlaywrightAdapter } from './browser/adapters/playwright.adapter.js';
+export { run as runCli, parseArgs } from './cli/main.js';
+export { SyncEngine } from './sync/sync-engine.js';
+export { SshTransport } from './sync/transports/ssh.js';
+export { getRemotes, getRemote, addRemote, removeRemote } from './sync/remote-config.js';
+export type { RemoteConfig, SyncResult } from './sync/types.js';
+export { decodeJwt, isJwtExpired, getJwtExpiresAt } from './utils/jwt.js';
+export { parseDuration, formatDuration } from './utils/duration.js';
+export { buildUserAgent } from './utils/http.js';

package/dist/index.js

@@ -0,0 +1,37 @@
+// Public API exports for signet
+export { loadConfig, saveConfig, getConfigPath } from './config/loader.js';
+export { validateConfig, buildStrategyConfig } from './config/validator.js';
+export { generateConfigYaml } from './config/generator.js';
+// Dependency wiring
+export { createAuthDeps } from './deps.js';
+// Result type
+export { ok, err, isOk, isErr } from './core/result.js';
+// Errors
+export { AuthError, ProviderNotFoundError, CredentialNotFoundError, CredentialExpiredError, CredentialTypeError, RefreshError, BrowserError, BrowserLaunchError, BrowserTimeoutError, BrowserNavigationError, StorageError, ConfigError, ManualSetupRequired, SyncError, RemoteNotFoundError, SyncConflictError, } from './core/errors.js';
+// AuthManager
+export { AuthManager } from './auth-manager.js';
+// Strategy factories (for custom registration)
+export { CookieStrategyFactory } from './strategies/cookie.strategy.js';
+export { OAuth2StrategyFactory } from './strategies/oauth2.strategy.js';
+export { ApiTokenStrategyFactory } from './strategies/api-token.strategy.js';
+export { BasicAuthStrategyFactory } from './strategies/basic-auth.strategy.js';
+export { StrategyRegistry } from './strategies/registry.js';
+// Storage implementations
+export { DirectoryStorage } from './storage/directory-storage.js';
+export { CachedStorage } from './storage/cached-storage.js';
+export { MemoryStorage } from './storage/memory-storage.js';
+// Provider system
+export { ProviderRegistry } from './providers/provider-registry.js';
+export { createDefaultProvider } from './providers/auto-provision.js';
+// Browser adapters
+export { PlaywrightAdapter } from './browser/adapters/playwright.adapter.js';
+// CLI
+export { run as runCli, parseArgs } from './cli/main.js';
+// Sync
+export { SyncEngine } from './sync/sync-engine.js';
+export { SshTransport } from './sync/transports/ssh.js';
+export { getRemotes, getRemote, addRemote, removeRemote } from './sync/remote-config.js';
+// Utilities
+export { decodeJwt, isJwtExpired, getJwtExpiresAt } from './utils/jwt.js';
+export { parseDuration, formatDuration } from './utils/duration.js';
+export { buildUserAgent } from './utils/http.js';