t3code-cli 0.1.0

package/src/application/threads.ts

@@ -0,0 +1,172 @@
+import * as Crypto from "effect/Crypto";
+import * as Effect from "effect/Effect";
+import * as Path from "effect/Path";
+
+import { Environment } from "../environment/service.ts";
+import { T3Orchestration } from "../orchestration/service.ts";
+import { ThreadSessionError } from "../domain/error.ts";
+import { resolveProject } from "../domain/helpers.ts";
+import { type StartThreadInput } from "./service.ts";
+import type { SendThreadInput } from "./service.ts";
+import { mergeModelOptions } from "./model-selection.ts";
+import {
+  makeThreadArchiveCommand,
+  makeThreadStartCommands,
+  makeThreadTurnContinueCommand,
+} from "./thread-commands.ts";
+import {
+  waitForThread as waitForThreadUntilComplete,
+  watchThread as watchThreadEvents,
+} from "./thread-wait.ts";
+import { waitForShellSequence } from "./shell-sequence.ts";
+
+export const makeThreadApplication = Effect.fn("makeThreadApplication")(function* () {
+  const orchestration = yield* T3Orchestration;
+  const crypto = yield* Crypto.Crypto;
+  const path = yield* Path.Path;
+  const environment = yield* Environment;
+  const listThreads = Effect.fn("T3ApplicationLive.listThreads")(function* (projectRef: string) {
+    const snapshot = yield* orchestration.getShellSnapshot();
+    const project = resolveProject(snapshot, projectRef, path, environment.cwd);
+    return {
+      project,
+      threads: snapshot.threads.filter((thread) => thread.projectId === project.id),
+    };
+  });
+  const getThreadMessages = Effect.fn("T3ApplicationLive.getThreadMessages")(function* (
+    threadId: string,
+  ) {
+    return yield* orchestration.getThreadSnapshot(threadId);
+  });
+  const archiveThread = Effect.fn("T3ApplicationLive.archiveThread")(function* (threadId: string) {
+    const command = yield* makeThreadArchiveCommand(threadId).pipe(
+      Effect.provideService(Crypto.Crypto, crypto),
+    );
+    return yield* orchestration.dispatch(command);
+  });
+  const startThread = Effect.fn("T3ApplicationLive.startThread")(function* (
+    startInput: StartThreadInput,
+    policy?: {
+      readonly until: "dispatch" | "visible" | "complete";
+    },
+  ) {
+    const snapshot = yield* orchestration.getShellSnapshot();
+    const project = resolveProject(snapshot, startInput.projectRef, path, environment.cwd);
+    const serverConfig = yield* orchestration.getServerConfig();
+    const commands = yield* makeThreadStartCommands({
+      start: startInput,
+      project,
+      serverConfig,
+    }).pipe(Effect.provideService(Crypto.Crypto, crypto));
+    const createDispatch = yield* orchestration.dispatch(commands.createCommand);
+    yield* waitForShellSequence({
+      orchestration,
+      sequence: createDispatch.sequence,
+    });
+    const dispatch = yield* orchestration.dispatch(commands.turnCommand);
+    const threadId = commands.threadId;
+    const until = policy?.until ?? "dispatch";
+    if (until === "dispatch") {
+      return { dispatch, project, threadId };
+    }
+    yield* waitForShellSequence({
+      orchestration,
+      sequence: dispatch.sequence,
+    });
+    if (until === "visible") {
+      const thread = yield* Effect.scoped(
+        Effect.gen(function* () {
+          const opened = yield* orchestration.openThread(threadId);
+          return opened.snapshot;
+        }),
+      );
+      return { dispatch, project, threadId, thread };
+    }
+    const thread = yield* waitForThreadUntilComplete({
+      orchestration,
+      threadId,
+    });
+    yield* failIfThreadError(thread);
+    return { dispatch, project, threadId, thread };
+  });
+  const sendThread = Effect.fn("T3ApplicationLive.sendThread")(function* (
+    input: SendThreadInput,
+    policy?: {
+      readonly until: "dispatch" | "visible" | "complete";
+    },
+  ) {
+    const modelSelection =
+      input.options !== undefined && input.options.length > 0
+        ? mergeModelOptions(
+            (yield* orchestration.getThreadSnapshot(input.threadId)).modelSelection,
+            input.options,
+          )
+        : undefined;
+    const command = yield* makeThreadTurnContinueCommand({
+      ...input,
+      ...(modelSelection !== undefined ? { modelSelection } : {}),
+    }).pipe(Effect.provideService(Crypto.Crypto, crypto));
+    const dispatch = yield* orchestration.dispatch(command);
+    const until = policy?.until ?? "dispatch";
+    if (until === "dispatch") {
+      return { dispatch, threadId: input.threadId };
+    }
+    yield* waitForShellSequence({
+      orchestration,
+      sequence: dispatch.sequence,
+    });
+    if (until === "visible") {
+      const thread = yield* Effect.scoped(
+        Effect.gen(function* () {
+          const opened = yield* orchestration.openThread(input.threadId);
+          return opened.snapshot;
+        }),
+      );
+      return { dispatch, threadId: input.threadId, thread };
+    }
+    const thread = yield* waitForThreadUntilComplete({
+      orchestration,
+      threadId: input.threadId,
+    });
+    yield* failIfThreadError(thread);
+    return { dispatch, threadId: input.threadId, thread };
+  });
+  const watchThread = (threadId: string) =>
+    watchThreadEvents({
+      orchestration,
+      threadId,
+    });
+  const waitForThread = Effect.fn("T3ApplicationLive.waitForThread")(function* (threadId: string) {
+    const thread = yield* waitForThreadUntilComplete({
+      orchestration,
+      threadId,
+    });
+    yield* failIfThreadError(thread);
+    return thread;
+  });
+
+  return {
+    archiveThread,
+    listThreads,
+    getThreadMessages,
+    sendThread,
+    startThread,
+    watchThread,
+    waitForThread,
+  };
+});
+
+function failIfThreadError(thread: {
+  readonly id: string;
+  readonly session: { readonly status: string; readonly lastError: string | null } | null;
+}) {
+  if (thread.session?.status !== "error") {
+    return Effect.void;
+  }
+  return Effect.fail(
+    new ThreadSessionError({
+      threadId: thread.id,
+      message: thread.session.lastError ?? "thread ended with error",
+    }),
+  );
+}

package/src/auth/error.ts

@@ -0,0 +1,42 @@
+import * as Cause from "effect/Cause";
+import * as Schema from "effect/Schema";
+import { PlatformError } from "effect/PlatformError";
+import { HttpClientError } from "effect/unstable/http";
+
+import { ConfigError, UrlError } from "../config/error.ts";
+
+export class AuthPairingUrlError extends Schema.TaggedErrorClass<AuthPairingUrlError>()(
+  "AuthPairingUrlError",
+  {
+    message: Schema.String,
+    cause: Schema.optionalKey(Schema.instanceOf(Cause.IllegalArgumentError)),
+  },
+) {}
+
+export class AuthConfigError extends Schema.TaggedErrorClass<AuthConfigError>()("AuthConfigError", {
+  message: Schema.String,
+  cause: Schema.optionalKey(Schema.Union([ConfigError, UrlError])),
+}) {}
+
+export class AuthTransportError extends Schema.TaggedErrorClass<AuthTransportError>()(
+  "AuthTransportError",
+  {
+    message: Schema.String,
+    cause: Schema.optionalKey(
+      Schema.Union([HttpClientError.HttpClientErrorSchema, Schema.instanceOf(Schema.SchemaError)]),
+    ),
+  },
+) {}
+
+const AuthLocalErrorCauseSchema = Schema.Union([
+  Schema.instanceOf(PlatformError),
+  Schema.instanceOf(Schema.SchemaError),
+  UrlError,
+]);
+
+export class AuthLocalError extends Schema.TaggedErrorClass<AuthLocalError>()("AuthLocalError", {
+  message: Schema.String,
+  cause: Schema.optionalKey(AuthLocalErrorCauseSchema),
+}) {}
+
+export type AuthError = AuthPairingUrlError | AuthConfigError | AuthTransportError | AuthLocalError;

package/src/auth/layer.ts

@@ -0,0 +1,114 @@
+import * as Effect from "effect/Effect";
+import * as FileSystem from "effect/FileSystem";
+import * as Layer from "effect/Layer";
+import * as Path from "effect/Path";
+import * as Scope from "effect/Scope";
+import { ChildProcessSpawner } from "effect/unstable/process/ChildProcessSpawner";
+
+import { T3Config } from "../config/service.ts";
+import { Environment } from "../environment/service.ts";
+import { AuthConfigError } from "./error.ts";
+import { issueLocalSession, resolveLocalOrigin } from "./local.ts";
+import { parsePairingUrl } from "./pairing.ts";
+import { T3Auth } from "./service.ts";
+import { makeAuthTransport } from "./transport.ts";
+import type { LocalAuthInput } from "./type.ts";
+
+export const makeT3Auth = Effect.fn("makeT3Auth")(function* () {
+  const config = yield* T3Config;
+  const transport = yield* makeAuthTransport();
+  const spawner = yield* ChildProcessSpawner;
+  const fs = yield* FileSystem.FileSystem;
+  const path = yield* Path.Path;
+  const environment = yield* Environment;
+  const scope = yield* Scope.Scope;
+
+  const pair = Effect.fn("T3AuthLive.pair")(function* (pairingUrl: string) {
+    const parsed = yield* parsePairingUrl(pairingUrl);
+    const result = yield* transport.bootstrapBearer(parsed);
+    const existing = yield* config.readStored().pipe(
+      Effect.catchTags({
+        ConfigError: (error) =>
+          Effect.fail(new AuthConfigError({ message: "auth config failed", cause: error })),
+      }),
+    );
+    yield* config
+      .writeStored({ ...existing, url: parsed.baseUrl, token: result.sessionToken })
+      .pipe(
+        Effect.catchTags({
+          ConfigError: (error) =>
+            Effect.fail(new AuthConfigError({ message: "auth config failed", cause: error })),
+        }),
+      );
+    return { url: parsed.baseUrl, role: result.role, expiresAt: result.expiresAt };
+  });
+
+  const local = Effect.fn("T3AuthLive.local")(function* (input: LocalAuthInput) {
+    const issued = yield* issueLocalSession(input).pipe(
+      Effect.provideService(ChildProcessSpawner, spawner),
+      Effect.provideService(FileSystem.FileSystem, fs),
+      Effect.provideService(Path.Path, path),
+      Effect.provideService(Environment, environment),
+      Effect.provideService(Scope.Scope, scope),
+    );
+    const url = yield* resolveLocalOrigin({
+      baseDir: issued.baseDir,
+      ...(input.origin !== undefined ? { origin: input.origin } : {}),
+    }).pipe(
+      Effect.provideService(FileSystem.FileSystem, fs),
+      Effect.provideService(Path.Path, path),
+    );
+    const existing = yield* config.readStored().pipe(
+      Effect.catchTags({
+        ConfigError: (error) =>
+          Effect.fail(new AuthConfigError({ message: "auth config failed", cause: error })),
+      }),
+    );
+    yield* config.writeStored({ ...existing, url, token: issued.session.token }).pipe(
+      Effect.catchTags({
+        ConfigError: (error) =>
+          Effect.fail(new AuthConfigError({ message: "auth config failed", cause: error })),
+      }),
+    );
+    return {
+      url,
+      role: issued.session.role,
+      expiresAt: issued.session.expiresAt,
+      source: "local" as const,
+      baseDir: issued.baseDir,
+    };
+  });
+
+  const status = Effect.fn("T3AuthLive.status")(function* () {
+    const resolved = yield* config.resolve().pipe(
+      Effect.catchTags({
+        ConfigError: (error) =>
+          Effect.fail(new AuthConfigError({ message: "auth config failed", cause: error })),
+        UrlError: (error) =>
+          Effect.fail(new AuthConfigError({ message: "auth config failed", cause: error })),
+      }),
+    );
+    return yield* transport.getSession(resolved);
+  });
+
+  const issueWebSocketToken = Effect.fn("T3AuthLive.issueWebSocketToken")(function* () {
+    const resolved = yield* config.resolve().pipe(
+      Effect.catchTags({
+        ConfigError: (error) =>
+          Effect.fail(new AuthConfigError({ message: "auth config failed", cause: error })),
+        UrlError: (error) =>
+          Effect.fail(new AuthConfigError({ message: "auth config failed", cause: error })),
+      }),
+    );
+    return yield* transport.issueWebSocketToken(resolved);
+  });
+
+  return {
+    pair,
+    local,
+    status,
+    issueWebSocketToken,
+  };
+});
+
+export const T3AuthLive = Layer.effect(T3Auth, makeT3Auth());

package/src/auth/local.ts

@@ -0,0 +1,241 @@
+import * as Effect from "effect/Effect";
+import * as FileSystem from "effect/FileSystem";
+import * as Path from "effect/Path";
+import * as Stream from "effect/Stream";
+import * as ChildProcess from "effect/unstable/process/ChildProcess";
+import { ChildProcessSpawner } from "effect/unstable/process/ChildProcessSpawner";
+
+import { normalizeHttpBaseUrl } from "../config/url.ts";
+import { Environment, type EnvironmentShape } from "../environment/service.ts";
+import { AuthLocalError } from "./error.ts";
+import {
+  decodeAuthLocalRuntimeStateFromJson,
+  decodeAuthLocalSessionIssueResultFromJson,
+  type AuthLocalSessionIssueResult,
+} from "./schema.ts";
+import type { LocalAuthInput } from "./type.ts";
+
+export const issueLocalSession = Effect.fn("issueLocalSession")(function* (
+  input: Pick<LocalAuthInput, "baseDir" | "t3Command" | "role" | "label" | "subject">,
+) {
+  const environment = yield* Environment;
+  const baseDir = yield* resolveLocalBaseDir(input.baseDir, environment);
+  if (input.label.length === 0) {
+    return yield* Effect.fail(new AuthLocalError({ message: "local auth label cannot be empty" }));
+  }
+  if (input.subject.length === 0) {
+    return yield* Effect.fail(
+      new AuthLocalError({ message: "local auth subject cannot be empty" }),
+    );
+  }
+
+  const args = [
+    "auth",
+    "session",
+    "issue",
+    "--base-dir",
+    baseDir,
+    "--json",
+    "--role",
+    input.role,
+    "--label",
+    input.label,
+    "--subject",
+    input.subject,
+  ];
+  const command = resolveLocalT3Command(input.t3Command, environment);
+  const output = yield* runLocalT3Command(command, args);
+  const parsed = yield* parseSessionIssueOutput(output.stdout);
+  return { baseDir, session: parsed } as const;
+});
+
+export const resolveLocalOrigin = Effect.fn("resolveLocalOrigin")(function* (input: {
+  readonly baseDir: string;
+  readonly origin?: string;
+}) {
+  if (input.origin !== undefined) {
+    return yield* normalizeLocalOrigin(input.origin);
+  }
+
+  const path = yield* Path.Path;
+  const runtimeStatePath = path.join(input.baseDir, "userdata", "server-runtime.json");
+  const fs = yield* FileSystem.FileSystem;
+  const raw = yield* fs.readFileString(runtimeStatePath).pipe(
+    Effect.mapError(
+      (error) =>
+        new AuthLocalError({
+          message: `local runtime state not found: ${runtimeStatePath}. Make sure T3 Code is running with Network access enabled, or pass --origin manually.`,
+          cause: error,
+        }),
+    ),
+  );
+  const state = yield* decodeAuthLocalRuntimeStateFromJson(raw).pipe(
+    Effect.mapError(
+      (error) =>
+        new AuthLocalError({ message: "local runtime state has invalid shape", cause: error }),
+    ),
+  );
+  return yield* normalizeLocalOrigin(state.origin);
+});
+
+function parseSessionIssueOutput(
+  stdout: string,
+): Effect.Effect<AuthLocalSessionIssueResult, AuthLocalError> {
+  return decodeAuthLocalSessionIssueResultFromJson(stdout).pipe(
+    Effect.mapError(
+      (error) => new AuthLocalError({ message: "local auth returned invalid shape", cause: error }),
+    ),
+  );
+}
+
+function normalizeLocalOrigin(origin: string) {
+  return normalizeHttpBaseUrl(origin).pipe(
+    Effect.mapError((error) => new AuthLocalError({ message: error.message, cause: error })),
+  );
+}
+
+type LocalT3Command = {
+  readonly command: string;
+  readonly argsPrefix: ReadonlyArray<string>;
+  readonly env?: Readonly<Record<string, string>>;
+};
+
+const defaultLocalT3Command: LocalT3Command = {
+  command: "t3",
+  argsPrefix: [],
+};
+
+const macOsAppNames = ["T3 Code (Dev)", "T3 Code (Alpha)", "T3 Code (Nightly)", "T3 Code"] as const;
+
+function resolveLocalT3Command(
+  input: string | undefined,
+  environment: EnvironmentShape,
+): LocalT3Command {
+  const envCommand = environment.env["T3CLI_T3_COMMAND"];
+  const exactCommand =
+    input ?? (envCommand !== undefined && envCommand.length > 0 ? envCommand : undefined);
+  if (exactCommand !== undefined && exactCommand.length > 0) {
+    return { command: exactCommand, argsPrefix: [] };
+  }
+  return defaultLocalT3Command;
+}
+
+const resolveMacOsAppT3Command = Effect.fn("resolveMacOsAppT3Command")(function* () {
+  const fs = yield* FileSystem.FileSystem;
+  for (const appName of macOsAppNames) {
+    const appPath = `/Applications/${appName}.app`;
+    const command = `${appPath}/Contents/MacOS/${appName}`;
+    if (yield* fs.exists(command)) {
+      return {
+        command,
+        argsPrefix: [`${appPath}/Contents/Resources/app.asar/apps/server/dist/bin.mjs`],
+        env: { ELECTRON_RUN_AS_NODE: "1" },
+      } satisfies LocalT3Command;
+    }
+  }
+  return undefined;
+});
+
+const runLocalT3Command = Effect.fn("runLocalT3Command")(function* (
+  command: LocalT3Command,
+  args: ReadonlyArray<string>,
+) {
+  return yield* runLocalT3CommandOnce(command, args).pipe(
+    Effect.catchTag("PlatformError", (error) =>
+      command === defaultLocalT3Command && process.platform === "darwin"
+        ? Effect.gen(function* () {
+            const fallback = yield* resolveMacOsAppT3Command();
+            if (fallback === undefined) {
+              return yield* Effect.fail(error);
+            }
+            return yield* runLocalT3CommandOnce(fallback, args);
+          })
+        : Effect.fail(error),
+    ),
+    Effect.catchTag("PlatformError", (error) =>
+      Effect.fail(
+        new AuthLocalError({
+          message: `local auth failed: ${error.message}`,
+          cause: error,
+        }),
+      ),
+    ),
+  );
+});
+
+const runLocalT3CommandOnce = Effect.fn("runLocalT3CommandOnce")(function* (
+  command: LocalT3Command,
+  args: ReadonlyArray<string>,
+) {
+  const spawner = yield* ChildProcessSpawner;
+  const processCommand = ChildProcess.make(command.command, [...command.argsPrefix, ...args]).pipe(
+    command.env === undefined ? (self) => self : ChildProcess.setEnv(command.env),
+  );
+  const child = yield* spawner.spawn(processCommand);
+  const [stdout, stderr, exitCode] = yield* Effect.all(
+    [
+      collectProcessOutput(child.stdout),
+      collectProcessOutput(child.stderr),
+      child.exitCode.pipe(Effect.map(Number)),
+    ],
+    { concurrency: "unbounded" },
+  ).pipe(
+    Effect.mapError(
+      (error) =>
+        new AuthLocalError({
+          message: `local auth failed: ${error.message}`,
+          cause: error,
+        }),
+    ),
+  );
+
+  if (exitCode !== 0) {
+    return yield* Effect.fail(
+      new AuthLocalError({
+        message: `local auth failed: ${formatCommandFailure(stderr, stdout, exitCode)}`,
+      }),
+    );
+  }
+
+  return { stdout, stderr };
+});
+
+const collectProcessOutput = <E>(stream: Stream.Stream<Uint8Array, E>): Effect.Effect<string, E> =>
+  stream.pipe(
+    Stream.decodeText(),
+    Stream.runFold(
+      () => "",
+      (acc, chunk) => acc + chunk,
+    ),
+  );
+
+const resolveLocalBaseDir = Effect.fn("resolveLocalBaseDir")(function* (
+  input: string | undefined,
+  environment: EnvironmentShape,
+) {
+  const path = yield* Path.Path;
+  const envBaseDir = environment.env["T3CODE_HOME"];
+  const raw = input ?? envBaseDir;
+  if (raw === undefined || raw.length === 0) {
+    return path.join(environment.homeDir, ".t3");
+  }
+  if (raw === "~") {
+    return environment.homeDir;
+  }
+  if (raw.startsWith("~/") || raw.startsWith("~\\")) {
+    return path.join(environment.homeDir, raw.slice(2));
+  }
+  return path.resolve(environment.cwd, raw);
+});
+
+function formatCommandFailure(stderr: string, stdout: string, exitCode: number) {
+  const stderrDetail = stderr.trim();
+  if (stderrDetail.length > 0) {
+    return stderrDetail;
+  }
+  const stdoutDetail = stdout.trim();
+  if (stdoutDetail.length > 0) {
+    return stdoutDetail;
+  }
+  return `t3 exited with code ${exitCode}`;
+}

package/src/auth/pairing.ts

@@ -0,0 +1,54 @@
+import * as Effect from "effect/Effect";
+import { Url } from "effect/unstable/http";
+
+import { AuthPairingUrlError } from "./error.ts";
+import type { PairingUrl } from "./type.ts";
+
+export function parsePairingUrl(value: string): Effect.Effect<PairingUrl, AuthPairingUrlError> {
+  return Effect.gen(function* () {
+    const url = yield* parseUrl(value);
+    const token = yield* readPairingToken(url);
+    if (token.length === 0) {
+      return yield* Effect.fail(new AuthPairingUrlError({ message: "pairing url missing token" }));
+    }
+
+    const hostedHost = url.searchParams.get("host")?.trim();
+    const baseUrl = normalizeBaseUrl(
+      yield* parseUrl(hostedHost !== undefined && hostedHost.length > 0 ? hostedHost : url.origin),
+    );
+    return { baseUrl, credential: token };
+  });
+}
+
+function parseUrl(value: string): Effect.Effect<URL, AuthPairingUrlError> {
+  return Effect.fromResult(Url.fromString(value)).pipe(
+    Effect.catchTags({
+      IllegalArgumentError: (error) =>
+        Effect.fail(new AuthPairingUrlError({ message: "invalid pairing url", cause: error })),
+    }),
+  );
+}
+
+function normalizeBaseUrl(url: URL) {
+  return Url.mutate(url, (current) => {
+    current.hash = "";
+    current.search = "";
+    current.pathname = "";
+  })
+    .toString()
+    .replace(/\/$/, "");
+}
+
+function readPairingToken(url: URL): Effect.Effect<string, AuthPairingUrlError> {
+  return Effect.gen(function* () {
+    const hash = url.hash.startsWith("#") ? url.hash.slice(1) : url.hash;
+    const hashUrl = yield* parseUrl(`http://t3.local/?${hash}`);
+    const hashToken = hashUrl.searchParams.get("token")?.trim();
+    const token = url.searchParams.get("token")?.trim();
+    return hashToken !== undefined && hashToken.length > 0
+      ? hashToken
+      : token !== undefined && token.length > 0
+        ? token
+        : "";
+  });
+}

package/src/auth/schema.ts

@@ -0,0 +1,55 @@
+import * as Schema from "effect/Schema";
+
+export const AuthBearerBootstrapResultSchema = Schema.Struct({
+  authenticated: Schema.Literal(true),
+  role: Schema.Literals(["owner", "client"]),
+  sessionMethod: Schema.Literal("bearer-session-token"),
+  expiresAt: Schema.String,
+  sessionToken: Schema.String,
+});
+export type AuthBearerBootstrapResult = typeof AuthBearerBootstrapResultSchema.Type;
+
+export const AuthSessionStateSchema = Schema.Struct({
+  authenticated: Schema.Boolean,
+  role: Schema.optionalKey(Schema.Literals(["owner", "client"])),
+  sessionMethod: Schema.optionalKey(Schema.String),
+  expiresAt: Schema.optionalKey(Schema.String),
+});
+export type AuthSessionState = typeof AuthSessionStateSchema.Type;
+
+export const AuthWebSocketTokenResultSchema = Schema.Struct({
+  token: Schema.String,
+  expiresAt: Schema.String,
+});
+export type AuthWebSocketTokenResult = typeof AuthWebSocketTokenResultSchema.Type;
+
+export const AuthLocalSessionIssueResultSchema = Schema.Struct({
+  token: Schema.String,
+  role: Schema.Literals(["owner", "client"]),
+  expiresAt: Schema.String,
+});
+export type AuthLocalSessionIssueResult = typeof AuthLocalSessionIssueResultSchema.Type;
+
+export const AuthLocalRuntimeStateSchema = Schema.Struct({
+  version: Schema.Literal(1),
+  origin: Schema.String,
+});
+export type AuthLocalRuntimeState = typeof AuthLocalRuntimeStateSchema.Type;
+
+export const decodeAuthBearerBootstrapResult = Schema.decodeUnknownEffect(
+  AuthBearerBootstrapResultSchema,
+);
+export const decodeAuthSessionState = Schema.decodeUnknownEffect(AuthSessionStateSchema);
+export const decodeAuthWebSocketTokenResult = Schema.decodeUnknownEffect(
+  AuthWebSocketTokenResultSchema,
+);
+export const decodeAuthLocalSessionIssueResult = Schema.decodeUnknownEffect(
+  AuthLocalSessionIssueResultSchema,
+);
+export const decodeAuthLocalRuntimeState = Schema.decodeUnknownEffect(AuthLocalRuntimeStateSchema);
+export const decodeAuthLocalSessionIssueResultFromJson = Schema.decodeUnknownEffect(
+  Schema.fromJsonString(AuthLocalSessionIssueResultSchema),
+);
+export const decodeAuthLocalRuntimeStateFromJson = Schema.decodeUnknownEffect(
+  Schema.fromJsonString(AuthLocalRuntimeStateSchema),
+);

package/src/auth/service.ts

@@ -0,0 +1,16 @@
+import * as Context from "effect/Context";
+import type * as Effect from "effect/Effect";
+
+import type { AuthSessionState, AuthWebSocketTokenResult } from "./schema.ts";
+import type { AuthError } from "./error.ts";
+import type { LocalAuthInput, LocalAuthResult, PairResult } from "./type.ts";
+
+export class T3Auth extends Context.Service<
+  T3Auth,
+  {
+    readonly pair: (value: string) => Effect.Effect<PairResult, AuthError>;
+    readonly local: (input: LocalAuthInput) => Effect.Effect<LocalAuthResult, AuthError>;
+    readonly status: () => Effect.Effect<AuthSessionState, AuthError>;
+    readonly issueWebSocketToken: () => Effect.Effect<AuthWebSocketTokenResult, AuthError>;
+  }
+>()("t3cli/T3Auth") {}