npm - veryfront - Versions diffs - 0.0.56 → 0.0.58 - Mend

veryfront 0.0.56 → 0.0.58

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (59) hide show

package/dist/integrations/_base/files/app/api/integrations/status/route.ts CHANGED Viewed

@@ -5,7 +5,7 @@
  * Used by the setup guide to show which services are connected.
  */
-import { tokenStore } from "../../../../lib/token-store";
+import { tokenStore } from "../../../../lib/token-store.ts";
 // Define available integrations - will be populated based on project config
 const INTEGRATIONS = [

package/dist/integrations/_base/files/app/api/integrations/token-storage/route.ts CHANGED Viewed

@@ -18,9 +18,13 @@ export async function GET() {
     mode = "redis";
   }
-  // Check if encryption is enabled
+  // Check if encryption key is explicitly set
   const encryptionKey = env.TOKEN_ENCRYPTION_KEY;
-  const encrypted = typeof encryptionKey === "string" && encryptionKey.length === 64;
+  const hasExplicitKey = typeof encryptionKey === "string" && encryptionKey.length === 64;
-  return Response.json({ mode, encrypted });
+  // Encryption is always enabled (auto-generated in dev if not set)
+  const encrypted = true;
+  const autoGenerated = !hasExplicitKey;
+  return Response.json({ mode, encrypted, autoGenerated });
 }

package/dist/integrations/_base/files/app/setup/page.tsx CHANGED Viewed

@@ -30,6 +30,7 @@ interface SetupGuide {
 interface TokenStorageStatus {
   mode: "memory" | "database" | "kv" | "redis" | "custom";
   encrypted: boolean;
+  autoGenerated?: boolean;
 }
 // Categories for organizing integrations
@@ -871,34 +872,91 @@ export default function SetupPage() {
                     : "text-green-700 dark:text-green-300"
                 }`}>
                   {tokenStorage.mode === "memory" ? (
-                    <>Tokens are stored in memory and will be lost on restart. Set <code className="px-1 py-0.5 bg-amber-100 dark:bg-amber-900 rounded text-xs">DATABASE_URL</code>, <code className="px-1 py-0.5 bg-amber-100 dark:bg-amber-900 rounded text-xs">KV_REST_API_URL</code>, or <code className="px-1 py-0.5 bg-amber-100 dark:bg-amber-900 rounded text-xs">REDIS_URL</code> for production.</>
+                    <>Tokens are stored in memory and will be lost on restart.</>
                   ) : (
                     <>Tokens are persisted to {tokenStorage.mode} storage.</>
                   )}
                 </p>
-                <div className="mt-2 flex items-center gap-4 text-sm">
-                  <span className={`inline-flex items-center gap-1.5 ${
-                    tokenStorage.encrypted
-                      ? "text-green-600 dark:text-green-400"
-                      : "text-amber-600 dark:text-amber-400"
-                  }`}>
-                    {tokenStorage.encrypted ? (
-                      <>
-                        <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                          <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 15v2m-6 4h12a2 2 0 002-2v-6a2 2 0 00-2-2H6a2 2 0 00-2 2v6a2 2 0 002 2zm10-10V7a4 4 0 00-8 0v4h8z" />
-                        </svg>
-                        Encryption enabled
-                      </>
-                    ) : (
-                      <>
-                        <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                          <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M8 11V7a4 4 0 118 0m-4 8v2m-6 4h12a2 2 0 002-2v-6a2 2 0 00-2-2H6a2 2 0 00-2 2v6a2 2 0 002 2z" />
-                        </svg>
-                        Set <code className="px-1 py-0.5 bg-amber-100 dark:bg-amber-900 rounded text-xs">TOKEN_ENCRYPTION_KEY</code> for encryption
-                      </>
-                    )}
-                  </span>
+                {/* Encryption Status */}
+                <div className="mt-2 flex items-center gap-1.5 text-sm text-green-600 dark:text-green-400">
+                  <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                    <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 15v2m-6 4h12a2 2 0 002-2v-6a2 2 0 00-2-2H6a2 2 0 00-2 2v6a2 2 0 002 2zm10-10V7a4 4 0 00-8 0v4h8z" />
+                  </svg>
+                  <span>Encryption enabled {tokenStorage.autoGenerated && "(auto-generated key)"}</span>
                 </div>
+                {/* Production Storage Options */}
+                {tokenStorage.mode === "memory" && (
+                  <div className="mt-4 pt-4 border-t border-amber-200 dark:border-amber-800">
+                    <p className="text-sm font-medium text-amber-800 dark:text-amber-200 mb-3">
+                      For production, add one of these to your <code className="px-1 py-0.5 bg-amber-100 dark:bg-amber-900 rounded text-xs">.env</code>:
+                    </p>
+                    <div className="grid gap-2">
+                      <a
+                        href="https://upstash.com/docs/redis/overall/getstarted"
+                        target="_blank"
+                        rel="noopener noreferrer"
+                        className="flex items-center justify-between p-3 bg-white dark:bg-neutral-800 rounded-lg border border-green-200 dark:border-green-700 hover:border-green-400 dark:hover:border-green-500 transition-colors group"
+                      >
+                        <div>
+                          <span className="font-medium text-neutral-900 dark:text-white">Upstash</span>
+                          <span className="text-green-600 dark:text-green-400 text-xs ml-2 font-medium">Recommended</span>
+                          <span className="text-neutral-500 dark:text-neutral-400 text-sm ml-2">Serverless Redis, scales horizontally</span>
+                        </div>
+                        <code className="text-xs bg-neutral-100 dark:bg-neutral-700 px-2 py-1 rounded text-neutral-600 dark:text-neutral-300">REDIS_URL</code>
+                      </a>
+                      <a
+                        href="https://docs.turso.tech/quickstart"
+                        target="_blank"
+                        rel="noopener noreferrer"
+                        className="flex items-center justify-between p-3 bg-white dark:bg-neutral-800 rounded-lg border border-amber-200 dark:border-amber-700 hover:border-amber-400 dark:hover:border-amber-500 transition-colors group"
+                      >
+                        <div>
+                          <span className="font-medium text-neutral-900 dark:text-white">Turso / libSQL</span>
+                          <span className="text-neutral-500 dark:text-neutral-400 text-sm ml-2">Edge SQLite, fast reads globally</span>
+                        </div>
+                        <code className="text-xs bg-neutral-100 dark:bg-neutral-700 px-2 py-1 rounded text-neutral-600 dark:text-neutral-300">DATABASE_URL</code>
+                      </a>
+                      <a
+                        href="https://vercel.com/docs/storage/vercel-kv/quickstart"
+                        target="_blank"
+                        rel="noopener noreferrer"
+                        className="flex items-center justify-between p-3 bg-white dark:bg-neutral-800 rounded-lg border border-amber-200 dark:border-amber-700 hover:border-amber-400 dark:hover:border-amber-500 transition-colors group"
+                      >
+                        <div>
+                          <span className="font-medium text-neutral-900 dark:text-white">Vercel KV</span>
+                          <span className="text-neutral-500 dark:text-neutral-400 text-sm ml-2">Built-in if using Vercel</span>
+                        </div>
+                        <code className="text-xs bg-neutral-100 dark:bg-neutral-700 px-2 py-1 rounded text-neutral-600 dark:text-neutral-300">KV_REST_API_URL</code>
+                      </a>
+                      <a
+                        href="https://neon.tech/docs/get-started-with-neon/connect-neon"
+                        target="_blank"
+                        rel="noopener noreferrer"
+                        className="flex items-center justify-between p-3 bg-white dark:bg-neutral-800 rounded-lg border border-amber-200 dark:border-amber-700 hover:border-amber-400 dark:hover:border-amber-500 transition-colors group"
+                      >
+                        <div>
+                          <span className="font-medium text-neutral-900 dark:text-white">Neon</span>
+                          <span className="text-neutral-500 dark:text-neutral-400 text-sm ml-2">Serverless Postgres</span>
+                        </div>
+                        <code className="text-xs bg-neutral-100 dark:bg-neutral-700 px-2 py-1 rounded text-neutral-600 dark:text-neutral-300">DATABASE_URL</code>
+                      </a>
+                      <a
+                        href="https://www.sqlite.org/index.html"
+                        target="_blank"
+                        rel="noopener noreferrer"
+                        className="flex items-center justify-between p-3 bg-white dark:bg-neutral-800 rounded-lg border border-amber-200 dark:border-amber-700 hover:border-amber-400 dark:hover:border-amber-500 transition-colors group"
+                      >
+                        <div>
+                          <span className="font-medium text-neutral-900 dark:text-white">SQLite</span>
+                          <span className="text-neutral-500 dark:text-neutral-400 text-sm ml-2">Local file, single instance only</span>
+                        </div>
+                        <code className="text-xs bg-neutral-100 dark:bg-neutral-700 px-2 py-1 rounded text-neutral-600 dark:text-neutral-300">DATABASE_URL=file:./data.db</code>
+                      </a>
+                    </div>
+                  </div>
+                )}
               </div>
             </div>
           </div>

package/dist/integrations/_base/files/lib/token-store-examples.ts CHANGED Viewed

@@ -13,7 +13,7 @@ import {
   decryptToken,
   type TokenStore,
   type OAuthToken,
-} from "./token-store";
+} from "./token-store.ts";
 // ============================================================================
 // Vercel KV Store

package/dist/integrations/_base/files/lib/token-store.ts CHANGED Viewed

@@ -172,24 +172,52 @@ export async function decryptToken(encrypted: string): Promise<OAuthToken | null
   }
 }
-/** Get encryption key from environment */
+// Auto-generated encryption key storage (persists for the session)
+const AUTO_KEY_STORAGE = "__veryfront_auto_encryption_key__";
+// deno-lint-ignore no-explicit-any
+const globalStore = globalThis as any;
+/**
+ * Generate a cryptographically secure encryption key
+ * Returns a 64-character hex string (32 bytes)
+ */
+export function generateEncryptionKey(): string {
+  const bytes = crypto.getRandomValues(new Uint8Array(32));
+  return Array.from(bytes).map(b => b.toString(16).padStart(2, '0')).join('');
+}
+/** Get encryption key from environment or auto-generate for development */
 function getEncryptionKey(): Uint8Array | null {
   const keyHex = typeof process !== "undefined"
     ? process.env?.TOKEN_ENCRYPTION_KEY
     // deno-lint-ignore no-explicit-any
     : (globalThis as any).Deno?.env?.get("TOKEN_ENCRYPTION_KEY");
-  if (!keyHex) return null;
+  if (keyHex) {
+    // Convert hex string to Uint8Array (32 bytes = 64 hex chars)
+    if (keyHex.length !== 64) {
+      console.error("[Token Store] TOKEN_ENCRYPTION_KEY must be 64 hex characters (32 bytes)");
+      return null;
+    }
-  // Convert hex string to Uint8Array (32 bytes = 64 hex chars)
-  if (keyHex.length !== 64) {
-    console.error("[Token Store] TOKEN_ENCRYPTION_KEY must be 64 hex characters (32 bytes)");
-    return null;
+    const key = new Uint8Array(32);
+    for (let i = 0; i < 32; i++) {
+      key[i] = parseInt(keyHex.slice(i * 2, i * 2 + 2), 16);
+    }
+    return key;
   }
+  // Auto-generate key for development (persists in memory for the session)
+  // This ensures tokens remain encrypted even in dev mode
+  if (!globalStore[AUTO_KEY_STORAGE]) {
+    globalStore[AUTO_KEY_STORAGE] = generateEncryptionKey();
+    console.log("[Token Store] Auto-generated encryption key for this session");
+  }
+  const autoKey = globalStore[AUTO_KEY_STORAGE] as string;
   const key = new Uint8Array(32);
   for (let i = 0; i < 32; i++) {
-    key[i] = parseInt(keyHex.slice(i * 2, i * 2 + 2), 16);
+    key[i] = parseInt(autoKey.slice(i * 2, i * 2 + 2), 16);
   }
   return key;
 }
@@ -225,8 +253,6 @@ export function isEncryptionEnabled(): boolean {
 // Use globalThis to share across esbuild bundles (each API route is bundled separately)
 const TOKENS_KEY = "__veryfront_oauth_tokens__";
-// deno-lint-ignore no-explicit-any
-const globalStore = globalThis as any;
 const tokens: Map<string, OAuthToken> = globalStore[TOKENS_KEY] ||= new Map<string, OAuthToken>();
 function getKey(userId: string, service: string): string {

package/dist/integrations/airtable/files/app/api/auth/airtable/callback/route.ts CHANGED Viewed

@@ -1,11 +1,31 @@
 /**
  * Airtable OAuth Callback
+ *
+ * Handles the OAuth callback from Airtable and stores the tokens.
  */
 import { airtableConfig, createOAuthCallbackHandler, memoryTokenStore } from "veryfront/oauth";
+import { tokenStore } from "../../../../../lib/token-store.ts";
+// Hybrid adapter: uses framework's memoryTokenStore for state (PKCE),
+// but user's tokenStore for actual token storage
+const hybridTokenStore = {
+  // Token methods - delegate to user's tokenStore
+  async getTokens(serviceId: string) {
+    return tokenStore.getToken("current-user", serviceId);
+  },
+  async setTokens(serviceId: string, tokens: { accessToken: string; refreshToken?: string; expiresAt?: number }) {
+    await tokenStore.setToken("current-user", serviceId, tokens);
+  },
+  async clearTokens(serviceId: string) {
+    await tokenStore.revokeToken("current-user", serviceId);
+  },
+  // State methods - delegate to framework's memoryTokenStore (shared with init route)
+  getState: (state: string) => memoryTokenStore.getState(state),
+  setState: (state: { state: string; codeVerifier?: string; createdAt: number }) => memoryTokenStore.setState(state),
+  clearState: (state: string) => memoryTokenStore.clearState(state),
+};
 export const GET = createOAuthCallbackHandler(airtableConfig, {
-  tokenStore: memoryTokenStore,
-  onSuccess: () => "/",
-  onError: () => "/",
+  tokenStore: hybridTokenStore,
 });

package/dist/integrations/asana/files/app/api/auth/asana/callback/route.ts CHANGED Viewed

@@ -1,11 +1,31 @@
 /**
  * Asana OAuth Callback
+ *
+ * Handles the OAuth callback from Asana and stores the tokens.
  */
 import { asanaConfig, createOAuthCallbackHandler, memoryTokenStore } from "veryfront/oauth";
+import { tokenStore } from "../../../../../lib/token-store.ts";
+// Hybrid adapter: uses framework's memoryTokenStore for state (PKCE),
+// but user's tokenStore for actual token storage
+const hybridTokenStore = {
+  // Token methods - delegate to user's tokenStore
+  async getTokens(serviceId: string) {
+    return tokenStore.getToken("current-user", serviceId);
+  },
+  async setTokens(serviceId: string, tokens: { accessToken: string; refreshToken?: string; expiresAt?: number }) {
+    await tokenStore.setToken("current-user", serviceId, tokens);
+  },
+  async clearTokens(serviceId: string) {
+    await tokenStore.revokeToken("current-user", serviceId);
+  },
+  // State methods - delegate to framework's memoryTokenStore (shared with init route)
+  getState: (state: string) => memoryTokenStore.getState(state),
+  setState: (state: { state: string; codeVerifier?: string; createdAt: number }) => memoryTokenStore.setState(state),
+  clearState: (state: string) => memoryTokenStore.clearState(state),
+};
 export const GET = createOAuthCallbackHandler(asanaConfig, {
-  tokenStore: memoryTokenStore,
-  onSuccess: () => "/",
-  onError: () => "/",
+  tokenStore: hybridTokenStore,
 });

package/dist/integrations/bitbucket/files/app/api/auth/bitbucket/callback/route.ts CHANGED Viewed

@@ -1,11 +1,31 @@
 /**
  * Bitbucket OAuth Callback
+ *
+ * Handles the OAuth callback from Atlassian and stores the tokens.
  */
 import { bitbucketConfig, createOAuthCallbackHandler, memoryTokenStore } from "veryfront/oauth";
+import { tokenStore } from "../../../../../lib/token-store.ts";
+// Hybrid adapter: uses framework's memoryTokenStore for state (PKCE),
+// but user's tokenStore for actual token storage
+const hybridTokenStore = {
+  // Token methods - delegate to user's tokenStore
+  async getTokens(serviceId: string) {
+    return tokenStore.getToken("current-user", serviceId);
+  },
+  async setTokens(serviceId: string, tokens: { accessToken: string; refreshToken?: string; expiresAt?: number }) {
+    await tokenStore.setToken("current-user", serviceId, tokens);
+  },
+  async clearTokens(serviceId: string) {
+    await tokenStore.revokeToken("current-user", serviceId);
+  },
+  // State methods - delegate to framework's memoryTokenStore (shared with init route)
+  getState: (state: string) => memoryTokenStore.getState(state),
+  setState: (state: { state: string; codeVerifier?: string; createdAt: number }) => memoryTokenStore.setState(state),
+  clearState: (state: string) => memoryTokenStore.clearState(state),
+};
 export const GET = createOAuthCallbackHandler(bitbucketConfig, {
-  tokenStore: memoryTokenStore,
-  onSuccess: () => "/",
-  onError: () => "/",
+  tokenStore: hybridTokenStore,
 });

package/dist/integrations/box/files/app/api/auth/box/callback/route.ts CHANGED Viewed

@@ -1,11 +1,31 @@
 /**
  * Box OAuth Callback
+ *
+ * Handles the OAuth callback from Box and stores the tokens.
  */
 import { boxConfig, createOAuthCallbackHandler, memoryTokenStore } from "veryfront/oauth";
+import { tokenStore } from "../../../../../lib/token-store.ts";
+// Hybrid adapter: uses framework's memoryTokenStore for state (PKCE),
+// but user's tokenStore for actual token storage
+const hybridTokenStore = {
+  // Token methods - delegate to user's tokenStore
+  async getTokens(serviceId: string) {
+    return tokenStore.getToken("current-user", serviceId);
+  },
+  async setTokens(serviceId: string, tokens: { accessToken: string; refreshToken?: string; expiresAt?: number }) {
+    await tokenStore.setToken("current-user", serviceId, tokens);
+  },
+  async clearTokens(serviceId: string) {
+    await tokenStore.revokeToken("current-user", serviceId);
+  },
+  // State methods - delegate to framework's memoryTokenStore (shared with init route)
+  getState: (state: string) => memoryTokenStore.getState(state),
+  setState: (state: { state: string; codeVerifier?: string; createdAt: number }) => memoryTokenStore.setState(state),
+  clearState: (state: string) => memoryTokenStore.clearState(state),
+};
 export const GET = createOAuthCallbackHandler(boxConfig, {
-  tokenStore: memoryTokenStore,
-  onSuccess: () => "/",
-  onError: () => "/",
+  tokenStore: hybridTokenStore,
 });

package/dist/integrations/calendar/files/app/api/auth/calendar/callback/route.ts CHANGED Viewed

@@ -1,11 +1,31 @@
 /**
  * Calendar OAuth Callback
+ *
+ * Handles the OAuth callback from Google and stores the tokens.
  */
 import { calendarConfig, createOAuthCallbackHandler, memoryTokenStore } from "veryfront/oauth";
+import { tokenStore } from "../../../../../lib/token-store.ts";
+// Hybrid adapter: uses framework's memoryTokenStore for state (PKCE),
+// but user's tokenStore for actual token storage
+const hybridTokenStore = {
+  // Token methods - delegate to user's tokenStore
+  async getTokens(serviceId: string) {
+    return tokenStore.getToken("current-user", serviceId);
+  },
+  async setTokens(serviceId: string, tokens: { accessToken: string; refreshToken?: string; expiresAt?: number }) {
+    await tokenStore.setToken("current-user", serviceId, tokens);
+  },
+  async clearTokens(serviceId: string) {
+    await tokenStore.revokeToken("current-user", serviceId);
+  },
+  // State methods - delegate to framework's memoryTokenStore (shared with init route)
+  getState: (state: string) => memoryTokenStore.getState(state),
+  setState: (state: { state: string; codeVerifier?: string; createdAt: number }) => memoryTokenStore.setState(state),
+  clearState: (state: string) => memoryTokenStore.clearState(state),
+};
 export const GET = createOAuthCallbackHandler(calendarConfig, {
-  tokenStore: memoryTokenStore,
-  onSuccess: () => "/",
-  onError: () => "/",
+  tokenStore: hybridTokenStore,
 });

package/dist/integrations/clickup/files/app/api/auth/clickup/callback/route.ts CHANGED Viewed

@@ -1,11 +1,31 @@
 /**
  * ClickUp OAuth Callback
+ *
+ * Handles the OAuth callback from ClickUp and stores the tokens.
  */
 import { clickupConfig, createOAuthCallbackHandler, memoryTokenStore } from "veryfront/oauth";
+import { tokenStore } from "../../../../../lib/token-store.ts";
+// Hybrid adapter: uses framework's memoryTokenStore for state (PKCE),
+// but user's tokenStore for actual token storage
+const hybridTokenStore = {
+  // Token methods - delegate to user's tokenStore
+  async getTokens(serviceId: string) {
+    return tokenStore.getToken("current-user", serviceId);
+  },
+  async setTokens(serviceId: string, tokens: { accessToken: string; refreshToken?: string; expiresAt?: number }) {
+    await tokenStore.setToken("current-user", serviceId, tokens);
+  },
+  async clearTokens(serviceId: string) {
+    await tokenStore.revokeToken("current-user", serviceId);
+  },
+  // State methods - delegate to framework's memoryTokenStore (shared with init route)
+  getState: (state: string) => memoryTokenStore.getState(state),
+  setState: (state: { state: string; codeVerifier?: string; createdAt: number }) => memoryTokenStore.setState(state),
+  clearState: (state: string) => memoryTokenStore.clearState(state),
+};
 export const GET = createOAuthCallbackHandler(clickupConfig, {
-  tokenStore: memoryTokenStore,
-  onSuccess: () => "/",
-  onError: () => "/",
+  tokenStore: hybridTokenStore,
 });

package/dist/integrations/confluence/files/app/api/auth/confluence/callback/route.ts CHANGED Viewed

@@ -1,11 +1,31 @@
 /**
  * Confluence OAuth Callback
+ *
+ * Handles the OAuth callback from Atlassian and stores the tokens.
  */
 import { confluenceConfig, createOAuthCallbackHandler, memoryTokenStore } from "veryfront/oauth";
+import { tokenStore } from "../../../../../lib/token-store.ts";
+// Hybrid adapter: uses framework's memoryTokenStore for state (PKCE),
+// but user's tokenStore for actual token storage
+const hybridTokenStore = {
+  // Token methods - delegate to user's tokenStore
+  async getTokens(serviceId: string) {
+    return tokenStore.getToken("current-user", serviceId);
+  },
+  async setTokens(serviceId: string, tokens: { accessToken: string; refreshToken?: string; expiresAt?: number }) {
+    await tokenStore.setToken("current-user", serviceId, tokens);
+  },
+  async clearTokens(serviceId: string) {
+    await tokenStore.revokeToken("current-user", serviceId);
+  },
+  // State methods - delegate to framework's memoryTokenStore (shared with init route)
+  getState: (state: string) => memoryTokenStore.getState(state),
+  setState: (state: { state: string; codeVerifier?: string; createdAt: number }) => memoryTokenStore.setState(state),
+  clearState: (state: string) => memoryTokenStore.clearState(state),
+};
 export const GET = createOAuthCallbackHandler(confluenceConfig, {
-  tokenStore: memoryTokenStore,
-  onSuccess: () => "/",
-  onError: () => "/",
+  tokenStore: hybridTokenStore,
 });

package/dist/integrations/discord/files/app/api/auth/discord/callback/route.ts CHANGED Viewed

@@ -1,11 +1,31 @@
 /**
  * Discord OAuth Callback
+ *
+ * Handles the OAuth callback from Discord and stores the tokens.
  */
 import { createOAuthCallbackHandler, discordConfig, memoryTokenStore } from "veryfront/oauth";
+import { tokenStore } from "../../../../../lib/token-store.ts";
+// Hybrid adapter: uses framework's memoryTokenStore for state (PKCE),
+// but user's tokenStore for actual token storage
+const hybridTokenStore = {
+  // Token methods - delegate to user's tokenStore
+  async getTokens(serviceId: string) {
+    return tokenStore.getToken("current-user", serviceId);
+  },
+  async setTokens(serviceId: string, tokens: { accessToken: string; refreshToken?: string; expiresAt?: number }) {
+    await tokenStore.setToken("current-user", serviceId, tokens);
+  },
+  async clearTokens(serviceId: string) {
+    await tokenStore.revokeToken("current-user", serviceId);
+  },
+  // State methods - delegate to framework's memoryTokenStore (shared with init route)
+  getState: (state: string) => memoryTokenStore.getState(state),
+  setState: (state: { state: string; codeVerifier?: string; createdAt: number }) => memoryTokenStore.setState(state),
+  clearState: (state: string) => memoryTokenStore.clearState(state),
+};
 export const GET = createOAuthCallbackHandler(discordConfig, {
-  tokenStore: memoryTokenStore,
-  onSuccess: () => "/",
-  onError: () => "/",
+  tokenStore: hybridTokenStore,
 });

package/dist/integrations/docs-google/files/app/api/auth/docs-google/callback/route.ts CHANGED Viewed

@@ -1,11 +1,31 @@
 /**
  * Google Docs OAuth Callback
+ *
+ * Handles the OAuth callback from Google and stores the tokens.
  */
-import { createOAuthCallbackHandler, memoryTokenStore, docsGoogleConfig } from "veryfront/oauth";
+import { createOAuthCallbackHandler, docsGoogleConfig, memoryTokenStore } from "veryfront/oauth";
+import { tokenStore } from "../../../../../lib/token-store.ts";
+// Hybrid adapter: uses framework's memoryTokenStore for state (PKCE),
+// but user's tokenStore for actual token storage
+const hybridTokenStore = {
+  // Token methods - delegate to user's tokenStore
+  async getTokens(serviceId: string) {
+    return tokenStore.getToken("current-user", serviceId);
+  },
+  async setTokens(serviceId: string, tokens: { accessToken: string; refreshToken?: string; expiresAt?: number }) {
+    await tokenStore.setToken("current-user", serviceId, tokens);
+  },
+  async clearTokens(serviceId: string) {
+    await tokenStore.revokeToken("current-user", serviceId);
+  },
+  // State methods - delegate to framework's memoryTokenStore (shared with init route)
+  getState: (state: string) => memoryTokenStore.getState(state),
+  setState: (state: { state: string; codeVerifier?: string; createdAt: number }) => memoryTokenStore.setState(state),
+  clearState: (state: string) => memoryTokenStore.clearState(state),
+};
 export const GET = createOAuthCallbackHandler(docsGoogleConfig, {
-  tokenStore: memoryTokenStore,
-  onSuccess: () => "/",
-  onError: () => "/",
+  tokenStore: hybridTokenStore,
 });

package/dist/integrations/drive/files/app/api/auth/drive/callback/route.ts CHANGED Viewed

@@ -1,11 +1,31 @@
 /**
  * Google Drive OAuth Callback
+ *
+ * Handles the OAuth callback from Google and stores the tokens.
  */
-import { createOAuthCallbackHandler, memoryTokenStore, driveConfig } from "veryfront/oauth";
+import { createOAuthCallbackHandler, driveConfig, memoryTokenStore } from "veryfront/oauth";
+import { tokenStore } from "../../../../../lib/token-store.ts";
+// Hybrid adapter: uses framework's memoryTokenStore for state (PKCE),
+// but user's tokenStore for actual token storage
+const hybridTokenStore = {
+  // Token methods - delegate to user's tokenStore
+  async getTokens(serviceId: string) {
+    return tokenStore.getToken("current-user", serviceId);
+  },
+  async setTokens(serviceId: string, tokens: { accessToken: string; refreshToken?: string; expiresAt?: number }) {
+    await tokenStore.setToken("current-user", serviceId, tokens);
+  },
+  async clearTokens(serviceId: string) {
+    await tokenStore.revokeToken("current-user", serviceId);
+  },
+  // State methods - delegate to framework's memoryTokenStore (shared with init route)
+  getState: (state: string) => memoryTokenStore.getState(state),
+  setState: (state: { state: string; codeVerifier?: string; createdAt: number }) => memoryTokenStore.setState(state),
+  clearState: (state: string) => memoryTokenStore.clearState(state),
+};
 export const GET = createOAuthCallbackHandler(driveConfig, {
-  tokenStore: memoryTokenStore,
-  onSuccess: () => "/",
-  onError: () => "/",
+  tokenStore: hybridTokenStore,
 });

package/dist/integrations/dropbox/files/app/api/auth/dropbox/callback/route.ts CHANGED Viewed

@@ -1,11 +1,31 @@
 /**
  * Dropbox OAuth Callback
+ *
+ * Handles the OAuth callback from Dropbox and stores the tokens.
  */
 import { createOAuthCallbackHandler, dropboxConfig, memoryTokenStore } from "veryfront/oauth";
+import { tokenStore } from "../../../../../lib/token-store.ts";
+// Hybrid adapter: uses framework's memoryTokenStore for state (PKCE),
+// but user's tokenStore for actual token storage
+const hybridTokenStore = {
+  // Token methods - delegate to user's tokenStore
+  async getTokens(serviceId: string) {
+    return tokenStore.getToken("current-user", serviceId);
+  },
+  async setTokens(serviceId: string, tokens: { accessToken: string; refreshToken?: string; expiresAt?: number }) {
+    await tokenStore.setToken("current-user", serviceId, tokens);
+  },
+  async clearTokens(serviceId: string) {
+    await tokenStore.revokeToken("current-user", serviceId);
+  },
+  // State methods - delegate to framework's memoryTokenStore (shared with init route)
+  getState: (state: string) => memoryTokenStore.getState(state),
+  setState: (state: { state: string; codeVerifier?: string; createdAt: number }) => memoryTokenStore.setState(state),
+  clearState: (state: string) => memoryTokenStore.clearState(state),
+};
 export const GET = createOAuthCallbackHandler(dropboxConfig, {
-  tokenStore: memoryTokenStore,
-  onSuccess: () => "/",
-  onError: () => "/",
+  tokenStore: hybridTokenStore,
 });