fix: commit vendored @kuns/zitadel-auth dist (was excluded by dist/ gitignore)

.gitignore

@@ -2,7 +2,6 @@ node_modules/
 .nuxt/
 .output/
 .data/
-dist/
 *.log
 .env
 .env.*

vendor/zitadel-auth/dist/angular.cjs

@@ -0,0 +1,230 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/adapters/angular.ts
+var angular_exports = {};
+__export(angular_exports, {
+  provideZitadelAuth: () => provideZitadelAuth,
+  zitadelGuard: () => zitadelGuard
+});
+module.exports = __toCommonJS(angular_exports);
+
+// src/client.ts
+var import_oidc_client_ts = require("oidc-client-ts");
+
+// src/guards.ts
+var RedirectGuard = class {
+  constructor(maxRedirects, windowSeconds, prefix) {
+    this.maxRedirects = maxRedirects;
+    this.windowSeconds = windowSeconds;
+    this.countKey = `${prefix}redirect_count`;
+    this.tsKey = `${prefix}redirect_ts`;
+  }
+  isLooping() {
+    const count = parseInt(sessionStorage.getItem(this.countKey) ?? "0", 10);
+    const ts = parseInt(sessionStorage.getItem(this.tsKey) ?? "0", 10);
+    if (ts > 0 && Date.now() - ts > this.windowSeconds * 1e3) {
+      this.clear();
+      return false;
+    }
+    return count > this.maxRedirects;
+  }
+  recordRedirect() {
+    const count = parseInt(sessionStorage.getItem(this.countKey) ?? "0", 10);
+    if (count === 0) {
+      sessionStorage.setItem(this.tsKey, String(Date.now()));
+    }
+    sessionStorage.setItem(this.countKey, String(count + 1));
+  }
+  clear() {
+    sessionStorage.removeItem(this.countKey);
+    sessionStorage.removeItem(this.tsKey);
+  }
+};
+
+// src/client.ts
+var ZitadelAuth = class {
+  constructor(config) {
+    this.currentUser = null;
+    this._isLoading = true;
+    this._error = null;
+    this.listeners = /* @__PURE__ */ new Set();
+    this.prefix = config.storagePrefix ?? "kuns_auth_";
+    this.redirectGuard = new RedirectGuard(
+      config.maxRedirects ?? 3,
+      config.redirectWindowSeconds ?? 30,
+      this.prefix
+    );
+    this.manager = new import_oidc_client_ts.UserManager({
+      authority: config.issuer ?? "https://auth.kuns.dev",
+      client_id: config.clientId,
+      redirect_uri: config.redirectUri ?? `${window.location.origin}/auth/callback`,
+      post_logout_redirect_uri: config.postLogoutUri ?? window.location.origin,
+      scope: (config.scopes ?? ["openid", "profile", "email"]).join(" "),
+      automaticSilentRenew: config.silentRenew ?? true,
+      userStore: new import_oidc_client_ts.WebStorageStateStore({ store: window.localStorage })
+    });
+    this.manager.events.addUserLoaded((user) => {
+      this.currentUser = user;
+      this.notify();
+    });
+    this.manager.events.addUserUnloaded(() => {
+      this.currentUser = null;
+      this.notify();
+    });
+    this.manager.events.addSilentRenewError(() => {
+    });
+  }
+  get isAuthenticated() {
+    return this.currentUser != null && !this.currentUser.expired;
+  }
+  get isLoading() {
+    return this._isLoading;
+  }
+  get user() {
+    if (!this.currentUser) return null;
+    return {
+      sub: this.currentUser.profile.sub,
+      name: this.currentUser.profile.name ?? "",
+      email: this.currentUser.profile.email ?? ""
+    };
+  }
+  get accessToken() {
+    if (!this.currentUser || this.currentUser.expired) return null;
+    return this.currentUser.access_token;
+  }
+  get error() {
+    return this._error;
+  }
+  async init() {
+    this._isLoading = true;
+    this.notify();
+    try {
+      if (window.location.pathname.endsWith("/auth/callback")) {
+        const user = await this.manager.signinRedirectCallback();
+        this.currentUser = user;
+        this.redirectGuard.clear();
+        const returnUrl = sessionStorage.getItem(`${this.prefix}return_url`) ?? "/";
+        sessionStorage.removeItem(`${this.prefix}return_url`);
+        window.history.replaceState({}, "", returnUrl);
+      } else {
+        const user = await this.manager.getUser();
+        if (user?.expired) {
+          await this.manager.removeUser();
+          this.currentUser = null;
+        } else {
+          this.currentUser = user;
+        }
+      }
+    } catch (e) {
+      this._error = `Auth initialization failed: ${e instanceof Error ? e.message : String(e)}`;
+      await this.manager.removeUser().catch(() => {
+      });
+      this.currentUser = null;
+      if (window.location.pathname.endsWith("/auth/callback")) {
+        window.history.replaceState({}, "", "/");
+      }
+    } finally {
+      this._isLoading = false;
+      this.notify();
+    }
+  }
+  login() {
+    if (this.redirectGuard.isLooping()) {
+      this._error = "Redirect loop detected. Please clear your browser cache and cookies, then try again.";
+      this.notify();
+      return;
+    }
+    this.redirectGuard.recordRedirect();
+    sessionStorage.setItem(
+      `${this.prefix}return_url`,
+      window.location.pathname + window.location.search
+    );
+    this.manager.signinRedirect();
+  }
+  async logout() {
+    this.redirectGuard.clear();
+    await this.manager.signoutRedirect();
+  }
+  requireAuth() {
+    if (this._isLoading) return false;
+    if (!this.isAuthenticated) {
+      this.login();
+      return false;
+    }
+    return true;
+  }
+  async fetch(url, init) {
+    const token = this.accessToken;
+    if (!token) {
+      this.login();
+      return new Response(null, { status: 401 });
+    }
+    const headers = new Headers(init?.headers);
+    headers.set("Authorization", `Bearer ${token}`);
+    return window.fetch(url, { ...init, headers });
+  }
+  onAuthChange(cb) {
+    this.listeners.add(cb);
+    return () => this.listeners.delete(cb);
+  }
+  notify() {
+    const state = {
+      isAuthenticated: this.isAuthenticated,
+      isLoading: this._isLoading,
+      user: this.user,
+      error: this._error
+    };
+    this.listeners.forEach((cb) => cb(state));
+  }
+};
+
+// src/adapters/angular.ts
+var AUTH_INSTANCE_KEY = "__kuns_zitadel_auth__";
+function provideZitadelAuth(config) {
+  const auth = new ZitadelAuth(config);
+  globalThis[AUTH_INSTANCE_KEY] = auth;
+  return {
+    provide: "KUNS_ZITADEL_AUTH",
+    useValue: auth
+  };
+}
+function getAuthInstance() {
+  const auth = globalThis[AUTH_INSTANCE_KEY];
+  if (!auth) throw new Error("Call provideZitadelAuth() before using zitadelGuard()");
+  return auth;
+}
+function zitadelGuard() {
+  let initPromise = null;
+  return async () => {
+    const auth = getAuthInstance();
+    if (!initPromise) {
+      initPromise = auth.init();
+    }
+    await initPromise;
+    if (auth.isAuthenticated) return true;
+    auth.login();
+    return false;
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  provideZitadelAuth,
+  zitadelGuard
+});

vendor/zitadel-auth/dist/angular.d.cts

@@ -0,0 +1,10 @@
+import { ZitadelAuth } from './index.cjs';
+import { Z as ZitadelAuthConfig } from './types-C5b7Bv-t.cjs';
+
+declare function provideZitadelAuth(config: ZitadelAuthConfig): {
+    provide: string;
+    useValue: ZitadelAuth;
+};
+declare function zitadelGuard(): () => Promise<boolean>;
+
+export { provideZitadelAuth, zitadelGuard };

vendor/zitadel-auth/dist/angular.d.ts

@@ -0,0 +1,10 @@
+import { ZitadelAuth } from './index.js';
+import { Z as ZitadelAuthConfig } from './types-C5b7Bv-t.js';
+
+declare function provideZitadelAuth(config: ZitadelAuthConfig): {
+    provide: string;
+    useValue: ZitadelAuth;
+};
+declare function zitadelGuard(): () => Promise<boolean>;
+
+export { provideZitadelAuth, zitadelGuard };

vendor/zitadel-auth/dist/angular.js

@@ -0,0 +1,36 @@
+import {
+  ZitadelAuth
+} from "./chunk-NFH7JLJM.js";
+
+// src/adapters/angular.ts
+var AUTH_INSTANCE_KEY = "__kuns_zitadel_auth__";
+function provideZitadelAuth(config) {
+  const auth = new ZitadelAuth(config);
+  globalThis[AUTH_INSTANCE_KEY] = auth;
+  return {
+    provide: "KUNS_ZITADEL_AUTH",
+    useValue: auth
+  };
+}
+function getAuthInstance() {
+  const auth = globalThis[AUTH_INSTANCE_KEY];
+  if (!auth) throw new Error("Call provideZitadelAuth() before using zitadelGuard()");
+  return auth;
+}
+function zitadelGuard() {
+  let initPromise = null;
+  return async () => {
+    const auth = getAuthInstance();
+    if (!initPromise) {
+      initPromise = auth.init();
+    }
+    await initPromise;
+    if (auth.isAuthenticated) return true;
+    auth.login();
+    return false;
+  };
+}
+export {
+  provideZitadelAuth,
+  zitadelGuard
+};

vendor/zitadel-auth/dist/chunk-NFH7JLJM.js

@@ -0,0 +1,173 @@
+// src/client.ts
+import { UserManager, WebStorageStateStore } from "oidc-client-ts";
+
+// src/guards.ts
+var RedirectGuard = class {
+  constructor(maxRedirects, windowSeconds, prefix) {
+    this.maxRedirects = maxRedirects;
+    this.windowSeconds = windowSeconds;
+    this.countKey = `${prefix}redirect_count`;
+    this.tsKey = `${prefix}redirect_ts`;
+  }
+  isLooping() {
+    const count = parseInt(sessionStorage.getItem(this.countKey) ?? "0", 10);
+    const ts = parseInt(sessionStorage.getItem(this.tsKey) ?? "0", 10);
+    if (ts > 0 && Date.now() - ts > this.windowSeconds * 1e3) {
+      this.clear();
+      return false;
+    }
+    return count > this.maxRedirects;
+  }
+  recordRedirect() {
+    const count = parseInt(sessionStorage.getItem(this.countKey) ?? "0", 10);
+    if (count === 0) {
+      sessionStorage.setItem(this.tsKey, String(Date.now()));
+    }
+    sessionStorage.setItem(this.countKey, String(count + 1));
+  }
+  clear() {
+    sessionStorage.removeItem(this.countKey);
+    sessionStorage.removeItem(this.tsKey);
+  }
+};
+
+// src/client.ts
+var ZitadelAuth = class {
+  constructor(config) {
+    this.currentUser = null;
+    this._isLoading = true;
+    this._error = null;
+    this.listeners = /* @__PURE__ */ new Set();
+    this.prefix = config.storagePrefix ?? "kuns_auth_";
+    this.redirectGuard = new RedirectGuard(
+      config.maxRedirects ?? 3,
+      config.redirectWindowSeconds ?? 30,
+      this.prefix
+    );
+    this.manager = new UserManager({
+      authority: config.issuer ?? "https://auth.kuns.dev",
+      client_id: config.clientId,
+      redirect_uri: config.redirectUri ?? `${window.location.origin}/auth/callback`,
+      post_logout_redirect_uri: config.postLogoutUri ?? window.location.origin,
+      scope: (config.scopes ?? ["openid", "profile", "email"]).join(" "),
+      automaticSilentRenew: config.silentRenew ?? true,
+      userStore: new WebStorageStateStore({ store: window.localStorage })
+    });
+    this.manager.events.addUserLoaded((user) => {
+      this.currentUser = user;
+      this.notify();
+    });
+    this.manager.events.addUserUnloaded(() => {
+      this.currentUser = null;
+      this.notify();
+    });
+    this.manager.events.addSilentRenewError(() => {
+    });
+  }
+  get isAuthenticated() {
+    return this.currentUser != null && !this.currentUser.expired;
+  }
+  get isLoading() {
+    return this._isLoading;
+  }
+  get user() {
+    if (!this.currentUser) return null;
+    return {
+      sub: this.currentUser.profile.sub,
+      name: this.currentUser.profile.name ?? "",
+      email: this.currentUser.profile.email ?? ""
+    };
+  }
+  get accessToken() {
+    if (!this.currentUser || this.currentUser.expired) return null;
+    return this.currentUser.access_token;
+  }
+  get error() {
+    return this._error;
+  }
+  async init() {
+    this._isLoading = true;
+    this.notify();
+    try {
+      if (window.location.pathname.endsWith("/auth/callback")) {
+        const user = await this.manager.signinRedirectCallback();
+        this.currentUser = user;
+        this.redirectGuard.clear();
+        const returnUrl = sessionStorage.getItem(`${this.prefix}return_url`) ?? "/";
+        sessionStorage.removeItem(`${this.prefix}return_url`);
+        window.history.replaceState({}, "", returnUrl);
+      } else {
+        const user = await this.manager.getUser();
+        if (user?.expired) {
+          await this.manager.removeUser();
+          this.currentUser = null;
+        } else {
+          this.currentUser = user;
+        }
+      }
+    } catch (e) {
+      this._error = `Auth initialization failed: ${e instanceof Error ? e.message : String(e)}`;
+      await this.manager.removeUser().catch(() => {
+      });
+      this.currentUser = null;
+      if (window.location.pathname.endsWith("/auth/callback")) {
+        window.history.replaceState({}, "", "/");
+      }
+    } finally {
+      this._isLoading = false;
+      this.notify();
+    }
+  }
+  login() {
+    if (this.redirectGuard.isLooping()) {
+      this._error = "Redirect loop detected. Please clear your browser cache and cookies, then try again.";
+      this.notify();
+      return;
+    }
+    this.redirectGuard.recordRedirect();
+    sessionStorage.setItem(
+      `${this.prefix}return_url`,
+      window.location.pathname + window.location.search
+    );
+    this.manager.signinRedirect();
+  }
+  async logout() {
+    this.redirectGuard.clear();
+    await this.manager.signoutRedirect();
+  }
+  requireAuth() {
+    if (this._isLoading) return false;
+    if (!this.isAuthenticated) {
+      this.login();
+      return false;
+    }
+    return true;
+  }
+  async fetch(url, init) {
+    const token = this.accessToken;
+    if (!token) {
+      this.login();
+      return new Response(null, { status: 401 });
+    }
+    const headers = new Headers(init?.headers);
+    headers.set("Authorization", `Bearer ${token}`);
+    return window.fetch(url, { ...init, headers });
+  }
+  onAuthChange(cb) {
+    this.listeners.add(cb);
+    return () => this.listeners.delete(cb);
+  }
+  notify() {
+    const state = {
+      isAuthenticated: this.isAuthenticated,
+      isLoading: this._isLoading,
+      user: this.user,
+      error: this._error
+    };
+    this.listeners.forEach((cb) => cb(state));
+  }
+};
+
+export {
+  ZitadelAuth
+};

vendor/zitadel-auth/dist/index.cjs

@@ -0,0 +1,199 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var src_exports = {};
+__export(src_exports, {
+  ZitadelAuth: () => ZitadelAuth
+});
+module.exports = __toCommonJS(src_exports);
+
+// src/client.ts
+var import_oidc_client_ts = require("oidc-client-ts");
+
+// src/guards.ts
+var RedirectGuard = class {
+  constructor(maxRedirects, windowSeconds, prefix) {
+    this.maxRedirects = maxRedirects;
+    this.windowSeconds = windowSeconds;
+    this.countKey = `${prefix}redirect_count`;
+    this.tsKey = `${prefix}redirect_ts`;
+  }
+  isLooping() {
+    const count = parseInt(sessionStorage.getItem(this.countKey) ?? "0", 10);
+    const ts = parseInt(sessionStorage.getItem(this.tsKey) ?? "0", 10);
+    if (ts > 0 && Date.now() - ts > this.windowSeconds * 1e3) {
+      this.clear();
+      return false;
+    }
+    return count > this.maxRedirects;
+  }
+  recordRedirect() {
+    const count = parseInt(sessionStorage.getItem(this.countKey) ?? "0", 10);
+    if (count === 0) {
+      sessionStorage.setItem(this.tsKey, String(Date.now()));
+    }
+    sessionStorage.setItem(this.countKey, String(count + 1));
+  }
+  clear() {
+    sessionStorage.removeItem(this.countKey);
+    sessionStorage.removeItem(this.tsKey);
+  }
+};
+
+// src/client.ts
+var ZitadelAuth = class {
+  constructor(config) {
+    this.currentUser = null;
+    this._isLoading = true;
+    this._error = null;
+    this.listeners = /* @__PURE__ */ new Set();
+    this.prefix = config.storagePrefix ?? "kuns_auth_";
+    this.redirectGuard = new RedirectGuard(
+      config.maxRedirects ?? 3,
+      config.redirectWindowSeconds ?? 30,
+      this.prefix
+    );
+    this.manager = new import_oidc_client_ts.UserManager({
+      authority: config.issuer ?? "https://auth.kuns.dev",
+      client_id: config.clientId,
+      redirect_uri: config.redirectUri ?? `${window.location.origin}/auth/callback`,
+      post_logout_redirect_uri: config.postLogoutUri ?? window.location.origin,
+      scope: (config.scopes ?? ["openid", "profile", "email"]).join(" "),
+      automaticSilentRenew: config.silentRenew ?? true,
+      userStore: new import_oidc_client_ts.WebStorageStateStore({ store: window.localStorage })
+    });
+    this.manager.events.addUserLoaded((user) => {
+      this.currentUser = user;
+      this.notify();
+    });
+    this.manager.events.addUserUnloaded(() => {
+      this.currentUser = null;
+      this.notify();
+    });
+    this.manager.events.addSilentRenewError(() => {
+    });
+  }
+  get isAuthenticated() {
+    return this.currentUser != null && !this.currentUser.expired;
+  }
+  get isLoading() {
+    return this._isLoading;
+  }
+  get user() {
+    if (!this.currentUser) return null;
+    return {
+      sub: this.currentUser.profile.sub,
+      name: this.currentUser.profile.name ?? "",
+      email: this.currentUser.profile.email ?? ""
+    };
+  }
+  get accessToken() {
+    if (!this.currentUser || this.currentUser.expired) return null;
+    return this.currentUser.access_token;
+  }
+  get error() {
+    return this._error;
+  }
+  async init() {
+    this._isLoading = true;
+    this.notify();
+    try {
+      if (window.location.pathname.endsWith("/auth/callback")) {
+        const user = await this.manager.signinRedirectCallback();
+        this.currentUser = user;
+        this.redirectGuard.clear();
+        const returnUrl = sessionStorage.getItem(`${this.prefix}return_url`) ?? "/";
+        sessionStorage.removeItem(`${this.prefix}return_url`);
+        window.history.replaceState({}, "", returnUrl);
+      } else {
+        const user = await this.manager.getUser();
+        if (user?.expired) {
+          await this.manager.removeUser();
+          this.currentUser = null;
+        } else {
+          this.currentUser = user;
+        }
+      }
+    } catch (e) {
+      this._error = `Auth initialization failed: ${e instanceof Error ? e.message : String(e)}`;
+      await this.manager.removeUser().catch(() => {
+      });
+      this.currentUser = null;
+      if (window.location.pathname.endsWith("/auth/callback")) {
+        window.history.replaceState({}, "", "/");
+      }
+    } finally {
+      this._isLoading = false;
+      this.notify();
+    }
+  }
+  login() {
+    if (this.redirectGuard.isLooping()) {
+      this._error = "Redirect loop detected. Please clear your browser cache and cookies, then try again.";
+      this.notify();
+      return;
+    }
+    this.redirectGuard.recordRedirect();
+    sessionStorage.setItem(
+      `${this.prefix}return_url`,
+      window.location.pathname + window.location.search
+    );
+    this.manager.signinRedirect();
+  }
+  async logout() {
+    this.redirectGuard.clear();
+    await this.manager.signoutRedirect();
+  }
+  requireAuth() {
+    if (this._isLoading) return false;
+    if (!this.isAuthenticated) {
+      this.login();
+      return false;
+    }
+    return true;
+  }
+  async fetch(url, init) {
+    const token = this.accessToken;
+    if (!token) {
+      this.login();
+      return new Response(null, { status: 401 });
+    }
+    const headers = new Headers(init?.headers);
+    headers.set("Authorization", `Bearer ${token}`);
+    return window.fetch(url, { ...init, headers });
+  }
+  onAuthChange(cb) {
+    this.listeners.add(cb);
+    return () => this.listeners.delete(cb);
+  }
+  notify() {
+    const state = {
+      isAuthenticated: this.isAuthenticated,
+      isLoading: this._isLoading,
+      user: this.user,
+      error: this._error
+    };
+    this.listeners.forEach((cb) => cb(state));
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  ZitadelAuth
+});

vendor/zitadel-auth/dist/index.d.cts

@@ -0,0 +1,26 @@
+import { Z as ZitadelAuthConfig, a as ZitadelUser, A as AuthState } from './types-C5b7Bv-t.cjs';
+
+declare class ZitadelAuth {
+    private manager;
+    private currentUser;
+    private _isLoading;
+    private _error;
+    private listeners;
+    private redirectGuard;
+    private prefix;
+    constructor(config: ZitadelAuthConfig);
+    get isAuthenticated(): boolean;
+    get isLoading(): boolean;
+    get user(): ZitadelUser | null;
+    get accessToken(): string | null;
+    get error(): string | null;
+    init(): Promise<void>;
+    login(): void;
+    logout(): Promise<void>;
+    requireAuth(): boolean;
+    fetch(url: string, init?: RequestInit): Promise<Response>;
+    onAuthChange(cb: (state: AuthState) => void): () => void;
+    private notify;
+}
+
+export { AuthState, ZitadelAuth, ZitadelAuthConfig, ZitadelUser };

vendor/zitadel-auth/dist/index.d.ts

@@ -0,0 +1,26 @@
+import { Z as ZitadelAuthConfig, a as ZitadelUser, A as AuthState } from './types-C5b7Bv-t.js';
+
+declare class ZitadelAuth {
+    private manager;
+    private currentUser;
+    private _isLoading;
+    private _error;
+    private listeners;
+    private redirectGuard;
+    private prefix;
+    constructor(config: ZitadelAuthConfig);
+    get isAuthenticated(): boolean;
+    get isLoading(): boolean;
+    get user(): ZitadelUser | null;
+    get accessToken(): string | null;
+    get error(): string | null;
+    init(): Promise<void>;
+    login(): void;
+    logout(): Promise<void>;
+    requireAuth(): boolean;
+    fetch(url: string, init?: RequestInit): Promise<Response>;
+    onAuthChange(cb: (state: AuthState) => void): () => void;
+    private notify;
+}
+
+export { AuthState, ZitadelAuth, ZitadelAuthConfig, ZitadelUser };

vendor/zitadel-auth/dist/index.js

@@ -0,0 +1,6 @@
+import {
+  ZitadelAuth
+} from "./chunk-NFH7JLJM.js";
+export {
+  ZitadelAuth
+};

vendor/zitadel-auth/dist/react.cjs

@@ -0,0 +1,239 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/adapters/react.tsx
+var react_exports = {};
+__export(react_exports, {
+  ZitadelProvider: () => ZitadelProvider,
+  useAuth: () => useAuth
+});
+module.exports = __toCommonJS(react_exports);
+var import_react = require("react");
+
+// src/client.ts
+var import_oidc_client_ts = require("oidc-client-ts");
+
+// src/guards.ts
+var RedirectGuard = class {
+  constructor(maxRedirects, windowSeconds, prefix) {
+    this.maxRedirects = maxRedirects;
+    this.windowSeconds = windowSeconds;
+    this.countKey = `${prefix}redirect_count`;
+    this.tsKey = `${prefix}redirect_ts`;
+  }
+  isLooping() {
+    const count = parseInt(sessionStorage.getItem(this.countKey) ?? "0", 10);
+    const ts = parseInt(sessionStorage.getItem(this.tsKey) ?? "0", 10);
+    if (ts > 0 && Date.now() - ts > this.windowSeconds * 1e3) {
+      this.clear();
+      return false;
+    }
+    return count > this.maxRedirects;
+  }
+  recordRedirect() {
+    const count = parseInt(sessionStorage.getItem(this.countKey) ?? "0", 10);
+    if (count === 0) {
+      sessionStorage.setItem(this.tsKey, String(Date.now()));
+    }
+    sessionStorage.setItem(this.countKey, String(count + 1));
+  }
+  clear() {
+    sessionStorage.removeItem(this.countKey);
+    sessionStorage.removeItem(this.tsKey);
+  }
+};
+
+// src/client.ts
+var ZitadelAuth = class {
+  constructor(config) {
+    this.currentUser = null;
+    this._isLoading = true;
+    this._error = null;
+    this.listeners = /* @__PURE__ */ new Set();
+    this.prefix = config.storagePrefix ?? "kuns_auth_";
+    this.redirectGuard = new RedirectGuard(
+      config.maxRedirects ?? 3,
+      config.redirectWindowSeconds ?? 30,
+      this.prefix
+    );
+    this.manager = new import_oidc_client_ts.UserManager({
+      authority: config.issuer ?? "https://auth.kuns.dev",
+      client_id: config.clientId,
+      redirect_uri: config.redirectUri ?? `${window.location.origin}/auth/callback`,
+      post_logout_redirect_uri: config.postLogoutUri ?? window.location.origin,
+      scope: (config.scopes ?? ["openid", "profile", "email"]).join(" "),
+      automaticSilentRenew: config.silentRenew ?? true,
+      userStore: new import_oidc_client_ts.WebStorageStateStore({ store: window.localStorage })
+    });
+    this.manager.events.addUserLoaded((user) => {
+      this.currentUser = user;
+      this.notify();
+    });
+    this.manager.events.addUserUnloaded(() => {
+      this.currentUser = null;
+      this.notify();
+    });
+    this.manager.events.addSilentRenewError(() => {
+    });
+  }
+  get isAuthenticated() {
+    return this.currentUser != null && !this.currentUser.expired;
+  }
+  get isLoading() {
+    return this._isLoading;
+  }
+  get user() {
+    if (!this.currentUser) return null;
+    return {
+      sub: this.currentUser.profile.sub,
+      name: this.currentUser.profile.name ?? "",
+      email: this.currentUser.profile.email ?? ""
+    };
+  }
+  get accessToken() {
+    if (!this.currentUser || this.currentUser.expired) return null;
+    return this.currentUser.access_token;
+  }
+  get error() {
+    return this._error;
+  }
+  async init() {
+    this._isLoading = true;
+    this.notify();
+    try {
+      if (window.location.pathname.endsWith("/auth/callback")) {
+        const user = await this.manager.signinRedirectCallback();
+        this.currentUser = user;
+        this.redirectGuard.clear();
+        const returnUrl = sessionStorage.getItem(`${this.prefix}return_url`) ?? "/";
+        sessionStorage.removeItem(`${this.prefix}return_url`);
+        window.history.replaceState({}, "", returnUrl);
+      } else {
+        const user = await this.manager.getUser();
+        if (user?.expired) {
+          await this.manager.removeUser();
+          this.currentUser = null;
+        } else {
+          this.currentUser = user;
+        }
+      }
+    } catch (e) {
+      this._error = `Auth initialization failed: ${e instanceof Error ? e.message : String(e)}`;
+      await this.manager.removeUser().catch(() => {
+      });
+      this.currentUser = null;
+      if (window.location.pathname.endsWith("/auth/callback")) {
+        window.history.replaceState({}, "", "/");
+      }
+    } finally {
+      this._isLoading = false;
+      this.notify();
+    }
+  }
+  login() {
+    if (this.redirectGuard.isLooping()) {
+      this._error = "Redirect loop detected. Please clear your browser cache and cookies, then try again.";
+      this.notify();
+      return;
+    }
+    this.redirectGuard.recordRedirect();
+    sessionStorage.setItem(
+      `${this.prefix}return_url`,
+      window.location.pathname + window.location.search
+    );
+    this.manager.signinRedirect();
+  }
+  async logout() {
+    this.redirectGuard.clear();
+    await this.manager.signoutRedirect();
+  }
+  requireAuth() {
+    if (this._isLoading) return false;
+    if (!this.isAuthenticated) {
+      this.login();
+      return false;
+    }
+    return true;
+  }
+  async fetch(url, init) {
+    const token = this.accessToken;
+    if (!token) {
+      this.login();
+      return new Response(null, { status: 401 });
+    }
+    const headers = new Headers(init?.headers);
+    headers.set("Authorization", `Bearer ${token}`);
+    return window.fetch(url, { ...init, headers });
+  }
+  onAuthChange(cb) {
+    this.listeners.add(cb);
+    return () => this.listeners.delete(cb);
+  }
+  notify() {
+    const state = {
+      isAuthenticated: this.isAuthenticated,
+      isLoading: this._isLoading,
+      user: this.user,
+      error: this._error
+    };
+    this.listeners.forEach((cb) => cb(state));
+  }
+};
+
+// src/adapters/react.tsx
+var import_jsx_runtime = require("react/jsx-runtime");
+var AuthContext = (0, import_react.createContext)(null);
+function ZitadelProvider({ children, ...config }) {
+  const [auth] = (0, import_react.useState)(() => new ZitadelAuth(config));
+  const [ready, setReady] = (0, import_react.useState)(false);
+  (0, import_react.useEffect)(() => {
+    auth.init().then(() => {
+      setReady(true);
+      if (!auth.isAuthenticated && !auth.error) {
+        auth.login();
+      }
+    });
+  }, [auth]);
+  if (!ready) return null;
+  return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(AuthContext.Provider, { value: auth, children });
+}
+function useAuth() {
+  const auth = (0, import_react.useContext)(AuthContext);
+  if (!auth) throw new Error("useAuth must be used within a ZitadelProvider");
+  const state = (0, import_react.useSyncExternalStore)(
+    (cb) => auth.onAuthChange(cb),
+    () => ({
+      isAuthenticated: auth.isAuthenticated,
+      isLoading: auth.isLoading,
+      user: auth.user,
+      error: auth.error
+    })
+  );
+  return {
+    ...state,
+    login: () => auth.login(),
+    logout: () => auth.logout(),
+    fetch: (url, init) => auth.fetch(url, init)
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  ZitadelProvider,
+  useAuth
+});

vendor/zitadel-auth/dist/react.d.cts

@@ -0,0 +1,19 @@
+import * as react_jsx_runtime from 'react/jsx-runtime';
+import { ReactNode } from 'react';
+import { Z as ZitadelAuthConfig, a as ZitadelUser } from './types-C5b7Bv-t.cjs';
+
+interface ZitadelProviderProps extends ZitadelAuthConfig {
+    children: ReactNode;
+}
+declare function ZitadelProvider({ children, ...config }: ZitadelProviderProps): react_jsx_runtime.JSX.Element | null;
+declare function useAuth(): {
+    login: () => void;
+    logout: () => Promise<void>;
+    fetch: (url: string, init?: RequestInit) => Promise<Response>;
+    isAuthenticated: boolean;
+    isLoading: boolean;
+    user: ZitadelUser | null;
+    error: string | null;
+};
+
+export { ZitadelProvider, useAuth };

vendor/zitadel-auth/dist/react.d.ts

@@ -0,0 +1,19 @@
+import * as react_jsx_runtime from 'react/jsx-runtime';
+import { ReactNode } from 'react';
+import { Z as ZitadelAuthConfig, a as ZitadelUser } from './types-C5b7Bv-t.js';
+
+interface ZitadelProviderProps extends ZitadelAuthConfig {
+    children: ReactNode;
+}
+declare function ZitadelProvider({ children, ...config }: ZitadelProviderProps): react_jsx_runtime.JSX.Element | null;
+declare function useAuth(): {
+    login: () => void;
+    logout: () => Promise<void>;
+    fetch: (url: string, init?: RequestInit) => Promise<Response>;
+    isAuthenticated: boolean;
+    isLoading: boolean;
+    user: ZitadelUser | null;
+    error: string | null;
+};
+
+export { ZitadelProvider, useAuth };

vendor/zitadel-auth/dist/react.js

@@ -0,0 +1,51 @@
+import {
+  ZitadelAuth
+} from "./chunk-NFH7JLJM.js";
+
+// src/adapters/react.tsx
+import {
+  createContext,
+  useContext,
+  useEffect,
+  useState,
+  useSyncExternalStore
+} from "react";
+import { jsx } from "react/jsx-runtime";
+var AuthContext = createContext(null);
+function ZitadelProvider({ children, ...config }) {
+  const [auth] = useState(() => new ZitadelAuth(config));
+  const [ready, setReady] = useState(false);
+  useEffect(() => {
+    auth.init().then(() => {
+      setReady(true);
+      if (!auth.isAuthenticated && !auth.error) {
+        auth.login();
+      }
+    });
+  }, [auth]);
+  if (!ready) return null;
+  return /* @__PURE__ */ jsx(AuthContext.Provider, { value: auth, children });
+}
+function useAuth() {
+  const auth = useContext(AuthContext);
+  if (!auth) throw new Error("useAuth must be used within a ZitadelProvider");
+  const state = useSyncExternalStore(
+    (cb) => auth.onAuthChange(cb),
+    () => ({
+      isAuthenticated: auth.isAuthenticated,
+      isLoading: auth.isLoading,
+      user: auth.user,
+      error: auth.error
+    })
+  );
+  return {
+    ...state,
+    login: () => auth.login(),
+    logout: () => auth.logout(),
+    fetch: (url, init) => auth.fetch(url, init)
+  };
+}
+export {
+  ZitadelProvider,
+  useAuth
+};

vendor/zitadel-auth/dist/svelte.cjs

@@ -0,0 +1,231 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/adapters/svelte.ts
+var svelte_exports = {};
+__export(svelte_exports, {
+  createZitadelHandle: () => createZitadelHandle,
+  getAuth: () => getAuth
+});
+module.exports = __toCommonJS(svelte_exports);
+
+// src/client.ts
+var import_oidc_client_ts = require("oidc-client-ts");
+
+// src/guards.ts
+var RedirectGuard = class {
+  constructor(maxRedirects, windowSeconds, prefix) {
+    this.maxRedirects = maxRedirects;
+    this.windowSeconds = windowSeconds;
+    this.countKey = `${prefix}redirect_count`;
+    this.tsKey = `${prefix}redirect_ts`;
+  }
+  isLooping() {
+    const count = parseInt(sessionStorage.getItem(this.countKey) ?? "0", 10);
+    const ts = parseInt(sessionStorage.getItem(this.tsKey) ?? "0", 10);
+    if (ts > 0 && Date.now() - ts > this.windowSeconds * 1e3) {
+      this.clear();
+      return false;
+    }
+    return count > this.maxRedirects;
+  }
+  recordRedirect() {
+    const count = parseInt(sessionStorage.getItem(this.countKey) ?? "0", 10);
+    if (count === 0) {
+      sessionStorage.setItem(this.tsKey, String(Date.now()));
+    }
+    sessionStorage.setItem(this.countKey, String(count + 1));
+  }
+  clear() {
+    sessionStorage.removeItem(this.countKey);
+    sessionStorage.removeItem(this.tsKey);
+  }
+};
+
+// src/client.ts
+var ZitadelAuth = class {
+  constructor(config) {
+    this.currentUser = null;
+    this._isLoading = true;
+    this._error = null;
+    this.listeners = /* @__PURE__ */ new Set();
+    this.prefix = config.storagePrefix ?? "kuns_auth_";
+    this.redirectGuard = new RedirectGuard(
+      config.maxRedirects ?? 3,
+      config.redirectWindowSeconds ?? 30,
+      this.prefix
+    );
+    this.manager = new import_oidc_client_ts.UserManager({
+      authority: config.issuer ?? "https://auth.kuns.dev",
+      client_id: config.clientId,
+      redirect_uri: config.redirectUri ?? `${window.location.origin}/auth/callback`,
+      post_logout_redirect_uri: config.postLogoutUri ?? window.location.origin,
+      scope: (config.scopes ?? ["openid", "profile", "email"]).join(" "),
+      automaticSilentRenew: config.silentRenew ?? true,
+      userStore: new import_oidc_client_ts.WebStorageStateStore({ store: window.localStorage })
+    });
+    this.manager.events.addUserLoaded((user) => {
+      this.currentUser = user;
+      this.notify();
+    });
+    this.manager.events.addUserUnloaded(() => {
+      this.currentUser = null;
+      this.notify();
+    });
+    this.manager.events.addSilentRenewError(() => {
+    });
+  }
+  get isAuthenticated() {
+    return this.currentUser != null && !this.currentUser.expired;
+  }
+  get isLoading() {
+    return this._isLoading;
+  }
+  get user() {
+    if (!this.currentUser) return null;
+    return {
+      sub: this.currentUser.profile.sub,
+      name: this.currentUser.profile.name ?? "",
+      email: this.currentUser.profile.email ?? ""
+    };
+  }
+  get accessToken() {
+    if (!this.currentUser || this.currentUser.expired) return null;
+    return this.currentUser.access_token;
+  }
+  get error() {
+    return this._error;
+  }
+  async init() {
+    this._isLoading = true;
+    this.notify();
+    try {
+      if (window.location.pathname.endsWith("/auth/callback")) {
+        const user = await this.manager.signinRedirectCallback();
+        this.currentUser = user;
+        this.redirectGuard.clear();
+        const returnUrl = sessionStorage.getItem(`${this.prefix}return_url`) ?? "/";
+        sessionStorage.removeItem(`${this.prefix}return_url`);
+        window.history.replaceState({}, "", returnUrl);
+      } else {
+        const user = await this.manager.getUser();
+        if (user?.expired) {
+          await this.manager.removeUser();
+          this.currentUser = null;
+        } else {
+          this.currentUser = user;
+        }
+      }
+    } catch (e) {
+      this._error = `Auth initialization failed: ${e instanceof Error ? e.message : String(e)}`;
+      await this.manager.removeUser().catch(() => {
+      });
+      this.currentUser = null;
+      if (window.location.pathname.endsWith("/auth/callback")) {
+        window.history.replaceState({}, "", "/");
+      }
+    } finally {
+      this._isLoading = false;
+      this.notify();
+    }
+  }
+  login() {
+    if (this.redirectGuard.isLooping()) {
+      this._error = "Redirect loop detected. Please clear your browser cache and cookies, then try again.";
+      this.notify();
+      return;
+    }
+    this.redirectGuard.recordRedirect();
+    sessionStorage.setItem(
+      `${this.prefix}return_url`,
+      window.location.pathname + window.location.search
+    );
+    this.manager.signinRedirect();
+  }
+  async logout() {
+    this.redirectGuard.clear();
+    await this.manager.signoutRedirect();
+  }
+  requireAuth() {
+    if (this._isLoading) return false;
+    if (!this.isAuthenticated) {
+      this.login();
+      return false;
+    }
+    return true;
+  }
+  async fetch(url, init) {
+    const token = this.accessToken;
+    if (!token) {
+      this.login();
+      return new Response(null, { status: 401 });
+    }
+    const headers = new Headers(init?.headers);
+    headers.set("Authorization", `Bearer ${token}`);
+    return window.fetch(url, { ...init, headers });
+  }
+  onAuthChange(cb) {
+    this.listeners.add(cb);
+    return () => this.listeners.delete(cb);
+  }
+  notify() {
+    const state = {
+      isAuthenticated: this.isAuthenticated,
+      isLoading: this._isLoading,
+      user: this.user,
+      error: this._error
+    };
+    this.listeners.forEach((cb) => cb(state));
+  }
+};
+
+// src/adapters/svelte.ts
+var authInstance = null;
+function createZitadelHandle(config) {
+  const auth = new ZitadelAuth(config);
+  authInstance = auth;
+  auth.init().then(() => {
+    if (!auth.isAuthenticated && !auth.error) {
+      auth.login();
+    }
+  });
+  return {
+    subscribe: (cb) => {
+      cb({
+        isAuthenticated: auth.isAuthenticated,
+        isLoading: auth.isLoading,
+        user: auth.user,
+        error: auth.error
+      });
+      return auth.onAuthChange(cb);
+    },
+    login: () => auth.login(),
+    logout: () => auth.logout(),
+    fetch: (url, init) => auth.fetch(url, init)
+  };
+}
+function getAuth() {
+  if (!authInstance) throw new Error("Call createZitadelHandle() before getAuth()");
+  return authInstance;
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createZitadelHandle,
+  getAuth
+});

vendor/zitadel-auth/dist/svelte.d.cts

@@ -0,0 +1,13 @@
+import { ZitadelAuth } from './index.cjs';
+import { Z as ZitadelAuthConfig, A as AuthState } from './types-C5b7Bv-t.cjs';
+
+interface ZitadelSvelteAuth {
+    subscribe: (cb: (state: AuthState) => void) => () => void;
+    login: () => void;
+    logout: () => Promise<void>;
+    fetch: (url: string, init?: RequestInit) => Promise<Response>;
+}
+declare function createZitadelHandle(config: ZitadelAuthConfig): ZitadelSvelteAuth;
+declare function getAuth(): ZitadelAuth;
+
+export { createZitadelHandle, getAuth };

vendor/zitadel-auth/dist/svelte.d.ts

@@ -0,0 +1,13 @@
+import { ZitadelAuth } from './index.js';
+import { Z as ZitadelAuthConfig, A as AuthState } from './types-C5b7Bv-t.js';
+
+interface ZitadelSvelteAuth {
+    subscribe: (cb: (state: AuthState) => void) => () => void;
+    login: () => void;
+    logout: () => Promise<void>;
+    fetch: (url: string, init?: RequestInit) => Promise<Response>;
+}
+declare function createZitadelHandle(config: ZitadelAuthConfig): ZitadelSvelteAuth;
+declare function getAuth(): ZitadelAuth;
+
+export { createZitadelHandle, getAuth };

vendor/zitadel-auth/dist/svelte.js

@@ -0,0 +1,37 @@
+import {
+  ZitadelAuth
+} from "./chunk-NFH7JLJM.js";
+
+// src/adapters/svelte.ts
+var authInstance = null;
+function createZitadelHandle(config) {
+  const auth = new ZitadelAuth(config);
+  authInstance = auth;
+  auth.init().then(() => {
+    if (!auth.isAuthenticated && !auth.error) {
+      auth.login();
+    }
+  });
+  return {
+    subscribe: (cb) => {
+      cb({
+        isAuthenticated: auth.isAuthenticated,
+        isLoading: auth.isLoading,
+        user: auth.user,
+        error: auth.error
+      });
+      return auth.onAuthChange(cb);
+    },
+    login: () => auth.login(),
+    logout: () => auth.logout(),
+    fetch: (url, init) => auth.fetch(url, init)
+  };
+}
+function getAuth() {
+  if (!authInstance) throw new Error("Call createZitadelHandle() before getAuth()");
+  return authInstance;
+}
+export {
+  createZitadelHandle,
+  getAuth
+};

vendor/zitadel-auth/dist/types-C5b7Bv-t.d.cts

@@ -0,0 +1,34 @@
+interface ZitadelAuthConfig {
+    /** Zitadel application client ID (required). */
+    clientId: string;
+    /** Zitadel issuer URL. Defaults to "https://auth.kuns.dev". */
+    issuer?: string;
+    /** OAuth callback URL. Defaults to `${location.origin}/auth/callback`. */
+    redirectUri?: string;
+    /** Post-logout redirect URL. Defaults to `location.origin`. */
+    postLogoutUri?: string;
+    /** OIDC scopes. Defaults to ["openid", "profile", "email"]. */
+    scopes?: string[];
+    /** Prefix for sessionStorage keys used by redirect loop guard. Defaults to "kuns_auth_". */
+    storagePrefix?: string;
+    /** Enable automatic silent token renewal. Defaults to true. */
+    silentRenew?: boolean;
+    /** Max redirects before loop detection triggers. Defaults to 3. */
+    maxRedirects?: number;
+    /** Time window in seconds for redirect loop detection. Defaults to 30. */
+    redirectWindowSeconds?: number;
+}
+interface ZitadelUser {
+    sub: string;
+    name: string;
+    email: string;
+    [key: string]: unknown;
+}
+interface AuthState {
+    isAuthenticated: boolean;
+    isLoading: boolean;
+    user: ZitadelUser | null;
+    error: string | null;
+}
+
+export type { AuthState as A, ZitadelAuthConfig as Z, ZitadelUser as a };

vendor/zitadel-auth/dist/types-C5b7Bv-t.d.ts

@@ -0,0 +1,34 @@
+interface ZitadelAuthConfig {
+    /** Zitadel application client ID (required). */
+    clientId: string;
+    /** Zitadel issuer URL. Defaults to "https://auth.kuns.dev". */
+    issuer?: string;
+    /** OAuth callback URL. Defaults to `${location.origin}/auth/callback`. */
+    redirectUri?: string;
+    /** Post-logout redirect URL. Defaults to `location.origin`. */
+    postLogoutUri?: string;
+    /** OIDC scopes. Defaults to ["openid", "profile", "email"]. */
+    scopes?: string[];
+    /** Prefix for sessionStorage keys used by redirect loop guard. Defaults to "kuns_auth_". */
+    storagePrefix?: string;
+    /** Enable automatic silent token renewal. Defaults to true. */
+    silentRenew?: boolean;
+    /** Max redirects before loop detection triggers. Defaults to 3. */
+    maxRedirects?: number;
+    /** Time window in seconds for redirect loop detection. Defaults to 30. */
+    redirectWindowSeconds?: number;
+}
+interface ZitadelUser {
+    sub: string;
+    name: string;
+    email: string;
+    [key: string]: unknown;
+}
+interface AuthState {
+    isAuthenticated: boolean;
+    isLoading: boolean;
+    user: ZitadelUser | null;
+    error: string | null;
+}
+
+export type { AuthState as A, ZitadelAuthConfig as Z, ZitadelUser as a };

vendor/zitadel-auth/dist/vue.cjs

@@ -0,0 +1,231 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/adapters/vue.ts
+var vue_exports = {};
+__export(vue_exports, {
+  useZitadelAuth: () => useZitadelAuth
+});
+module.exports = __toCommonJS(vue_exports);
+var import_vue = require("vue");
+
+// src/client.ts
+var import_oidc_client_ts = require("oidc-client-ts");
+
+// src/guards.ts
+var RedirectGuard = class {
+  constructor(maxRedirects, windowSeconds, prefix) {
+    this.maxRedirects = maxRedirects;
+    this.windowSeconds = windowSeconds;
+    this.countKey = `${prefix}redirect_count`;
+    this.tsKey = `${prefix}redirect_ts`;
+  }
+  isLooping() {
+    const count = parseInt(sessionStorage.getItem(this.countKey) ?? "0", 10);
+    const ts = parseInt(sessionStorage.getItem(this.tsKey) ?? "0", 10);
+    if (ts > 0 && Date.now() - ts > this.windowSeconds * 1e3) {
+      this.clear();
+      return false;
+    }
+    return count > this.maxRedirects;
+  }
+  recordRedirect() {
+    const count = parseInt(sessionStorage.getItem(this.countKey) ?? "0", 10);
+    if (count === 0) {
+      sessionStorage.setItem(this.tsKey, String(Date.now()));
+    }
+    sessionStorage.setItem(this.countKey, String(count + 1));
+  }
+  clear() {
+    sessionStorage.removeItem(this.countKey);
+    sessionStorage.removeItem(this.tsKey);
+  }
+};
+
+// src/client.ts
+var ZitadelAuth = class {
+  constructor(config) {
+    this.currentUser = null;
+    this._isLoading = true;
+    this._error = null;
+    this.listeners = /* @__PURE__ */ new Set();
+    this.prefix = config.storagePrefix ?? "kuns_auth_";
+    this.redirectGuard = new RedirectGuard(
+      config.maxRedirects ?? 3,
+      config.redirectWindowSeconds ?? 30,
+      this.prefix
+    );
+    this.manager = new import_oidc_client_ts.UserManager({
+      authority: config.issuer ?? "https://auth.kuns.dev",
+      client_id: config.clientId,
+      redirect_uri: config.redirectUri ?? `${window.location.origin}/auth/callback`,
+      post_logout_redirect_uri: config.postLogoutUri ?? window.location.origin,
+      scope: (config.scopes ?? ["openid", "profile", "email"]).join(" "),
+      automaticSilentRenew: config.silentRenew ?? true,
+      userStore: new import_oidc_client_ts.WebStorageStateStore({ store: window.localStorage })
+    });
+    this.manager.events.addUserLoaded((user) => {
+      this.currentUser = user;
+      this.notify();
+    });
+    this.manager.events.addUserUnloaded(() => {
+      this.currentUser = null;
+      this.notify();
+    });
+    this.manager.events.addSilentRenewError(() => {
+    });
+  }
+  get isAuthenticated() {
+    return this.currentUser != null && !this.currentUser.expired;
+  }
+  get isLoading() {
+    return this._isLoading;
+  }
+  get user() {
+    if (!this.currentUser) return null;
+    return {
+      sub: this.currentUser.profile.sub,
+      name: this.currentUser.profile.name ?? "",
+      email: this.currentUser.profile.email ?? ""
+    };
+  }
+  get accessToken() {
+    if (!this.currentUser || this.currentUser.expired) return null;
+    return this.currentUser.access_token;
+  }
+  get error() {
+    return this._error;
+  }
+  async init() {
+    this._isLoading = true;
+    this.notify();
+    try {
+      if (window.location.pathname.endsWith("/auth/callback")) {
+        const user = await this.manager.signinRedirectCallback();
+        this.currentUser = user;
+        this.redirectGuard.clear();
+        const returnUrl = sessionStorage.getItem(`${this.prefix}return_url`) ?? "/";
+        sessionStorage.removeItem(`${this.prefix}return_url`);
+        window.history.replaceState({}, "", returnUrl);
+      } else {
+        const user = await this.manager.getUser();
+        if (user?.expired) {
+          await this.manager.removeUser();
+          this.currentUser = null;
+        } else {
+          this.currentUser = user;
+        }
+      }
+    } catch (e) {
+      this._error = `Auth initialization failed: ${e instanceof Error ? e.message : String(e)}`;
+      await this.manager.removeUser().catch(() => {
+      });
+      this.currentUser = null;
+      if (window.location.pathname.endsWith("/auth/callback")) {
+        window.history.replaceState({}, "", "/");
+      }
+    } finally {
+      this._isLoading = false;
+      this.notify();
+    }
+  }
+  login() {
+    if (this.redirectGuard.isLooping()) {
+      this._error = "Redirect loop detected. Please clear your browser cache and cookies, then try again.";
+      this.notify();
+      return;
+    }
+    this.redirectGuard.recordRedirect();
+    sessionStorage.setItem(
+      `${this.prefix}return_url`,
+      window.location.pathname + window.location.search
+    );
+    this.manager.signinRedirect();
+  }
+  async logout() {
+    this.redirectGuard.clear();
+    await this.manager.signoutRedirect();
+  }
+  requireAuth() {
+    if (this._isLoading) return false;
+    if (!this.isAuthenticated) {
+      this.login();
+      return false;
+    }
+    return true;
+  }
+  async fetch(url, init) {
+    const token = this.accessToken;
+    if (!token) {
+      this.login();
+      return new Response(null, { status: 401 });
+    }
+    const headers = new Headers(init?.headers);
+    headers.set("Authorization", `Bearer ${token}`);
+    return window.fetch(url, { ...init, headers });
+  }
+  onAuthChange(cb) {
+    this.listeners.add(cb);
+    return () => this.listeners.delete(cb);
+  }
+  notify() {
+    const state = {
+      isAuthenticated: this.isAuthenticated,
+      isLoading: this._isLoading,
+      user: this.user,
+      error: this._error
+    };
+    this.listeners.forEach((cb) => cb(state));
+  }
+};
+
+// src/adapters/vue.ts
+function useZitadelAuth(router, config) {
+  const auth = new ZitadelAuth(config);
+  const state = (0, import_vue.reactive)({
+    isAuthenticated: false,
+    isLoading: true,
+    user: null,
+    error: null
+  });
+  auth.onAuthChange((s) => {
+    state.isAuthenticated = s.isAuthenticated;
+    state.isLoading = s.isLoading;
+    state.user = s.user;
+    state.error = s.error;
+  });
+  const initPromise = auth.init();
+  router.beforeEach(async (to) => {
+    if (to.path.includes("/auth/callback")) return true;
+    await initPromise;
+    if (auth.isAuthenticated) return true;
+    auth.login();
+    return false;
+  });
+  return {
+    ...(0, import_vue.toRefs)(state),
+    login: () => auth.login(),
+    logout: () => auth.logout(),
+    fetch: (url, init) => auth.fetch(url, init)
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  useZitadelAuth
+});

vendor/zitadel-auth/dist/vue.d.cts

@@ -0,0 +1,16 @@
+import { Ref } from 'vue';
+import { Router } from 'vue-router';
+import { Z as ZitadelAuthConfig, a as ZitadelUser } from './types-C5b7Bv-t.cjs';
+
+interface ZitadelAuthReturn {
+    isAuthenticated: Ref<boolean>;
+    isLoading: Ref<boolean>;
+    user: Ref<ZitadelUser | null>;
+    error: Ref<string | null>;
+    login: () => void;
+    logout: () => Promise<void>;
+    fetch: (url: string, init?: RequestInit) => Promise<Response>;
+}
+declare function useZitadelAuth(router: Router, config: ZitadelAuthConfig): ZitadelAuthReturn;
+
+export { useZitadelAuth };

vendor/zitadel-auth/dist/vue.d.ts

@@ -0,0 +1,16 @@
+import { Ref } from 'vue';
+import { Router } from 'vue-router';
+import { Z as ZitadelAuthConfig, a as ZitadelUser } from './types-C5b7Bv-t.js';
+
+interface ZitadelAuthReturn {
+    isAuthenticated: Ref<boolean>;
+    isLoading: Ref<boolean>;
+    user: Ref<ZitadelUser | null>;
+    error: Ref<string | null>;
+    login: () => void;
+    logout: () => Promise<void>;
+    fetch: (url: string, init?: RequestInit) => Promise<Response>;
+}
+declare function useZitadelAuth(router: Router, config: ZitadelAuthConfig): ZitadelAuthReturn;
+
+export { useZitadelAuth };

vendor/zitadel-auth/dist/vue.js

@@ -0,0 +1,38 @@
+import {
+  ZitadelAuth
+} from "./chunk-NFH7JLJM.js";
+
+// src/adapters/vue.ts
+import { reactive, toRefs } from "vue";
+function useZitadelAuth(router, config) {
+  const auth = new ZitadelAuth(config);
+  const state = reactive({
+    isAuthenticated: false,
+    isLoading: true,
+    user: null,
+    error: null
+  });
+  auth.onAuthChange((s) => {
+    state.isAuthenticated = s.isAuthenticated;
+    state.isLoading = s.isLoading;
+    state.user = s.user;
+    state.error = s.error;
+  });
+  const initPromise = auth.init();
+  router.beforeEach(async (to) => {
+    if (to.path.includes("/auth/callback")) return true;
+    await initPromise;
+    if (auth.isAuthenticated) return true;
+    auth.login();
+    return false;
+  });
+  return {
+    ...toRefs(state),
+    login: () => auth.login(),
+    logout: () => auth.logout(),
+    fetch: (url, init) => auth.fetch(url, init)
+  };
+}
+export {
+  useZitadelAuth
+};