0.1.0

.github/workflows/release.yml

@@ -0,0 +1,152 @@
+name: CI & Release
+
+on:
+  pull_request:
+  push:
+    branches:
+      - dev
+      - main
+    tags:
+      - "core-v*"
+      - "express-v*"
+
+jobs:
+  test:
+    name: Run Tests
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+
+      - name: Install express dependencies
+        working-directory: packages/express
+        run: npm install
+
+      - name: Install core dependencies
+        working-directory: packages/core
+        run: npm install
+
+      - name: Test Core
+        working-directory: packages/core
+        run: npm test
+
+      - name: Test Express
+        working-directory: packages/express
+        run: npm test
+
+  publish-express-beta:
+    name: Publish Express Beta
+    runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/dev'
+    permissions:
+      contents: write
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          registry-url: https://registry.npmjs.org/
+
+      - name: Install dependencies
+        working-directory: packages/express
+        run: npm ci
+
+      - name: Build
+        working-directory: packages/express
+        run: npm run build
+
+      - name: Bump beta version
+        working-directory: packages/express
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          npm version prerelease --preid=beta
+          git push --follow-tags origin dev
+
+      - name: Publish beta
+        working-directory: packages/express
+        run: npm publish --tag beta --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+  publish-core-beta:
+    name: Publish Core Beta
+    runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/dev'
+    permissions:
+      contents: write
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          registry-url: https://registry.npmjs.org/
+
+      - name: Install dependencies
+        working-directory: packages/core
+        run: npm ci
+
+      - name: Build
+        working-directory: packages/core
+        run: npm run build
+
+      - name: Bump beta version
+        working-directory: packages/core
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          npm version prerelease --preid=beta
+          git push --follow-tags origin dev
+
+      - name: Publish beta
+        working-directory: packages/core
+        run: npm publish --tag beta --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+  publish-stable:
+    name: Publish Stable Release
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/tags/')
+    permissions:
+      contents: write
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          registry-url: https://registry.npmjs.org/
+
+      - name: Determine package
+        id: pkg
+        run: |
+          if [[ "${GITHUB_REF}" == refs/tags/core-* ]]; then
+            echo "package=core" >> $GITHUB_OUTPUT
+          elif [[ "${GITHUB_REF}" == refs/tags/express-* ]]; then
+            echo "package=express" >> $GITHUB_OUTPUT
+          else
+            exit 1
+          fi
+
+      - name: Install dependencies
+        working-directory: packages/${{ steps.pkg.outputs.package }}
+        run: npm ci
+
+      - name: Build
+        working-directory: packages/${{ steps.pkg.outputs.package }}
+        run: npm run build
+
+      - name: Publish stable
+        working-directory: packages/${{ steps.pkg.outputs.package }}
+        run: npm publish --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

packages/core/.gitignore

@@ -0,0 +1,5 @@
+node_modules/
+dist/
+DS_Store
+
+.npmrc

packages/core/CONTRIBUTING.md

@@ -0,0 +1,127 @@
+# Contributing to Seamless Auth
+
+Thanks for your interest in contributing to Seamless Auth.
+Contributions of all kinds are welcome — bug reports, documentation improvements, tests, and code.
+
+---
+
+## Project Philosophy
+
+Seamless Auth is built around a few core principles:
+
+- **Security first** — explicit trust boundaries and auditable logic
+- **Framework-agnostic core** — adapters should be thin
+- **Minimal magic** — clear inputs and outputs
+- **Predictable behavior** — changes should not surprise users
+
+Please keep these principles in mind when contributing.
+
+---
+
+## Ways to Contribute
+
+You can help by:
+
+- Reporting bugs
+- Improving documentation
+- Adding tests
+- Refactoring for clarity
+- Building new adapters (Fastify, Next.js, etc.)
+
+If you’re unsure where to start, open a discussion or issue.
+
+---
+
+## Development Setup
+
+Clone the repository:
+
+    git clone https://github.com/fells-code/seamless-auth-server.git
+    cd seamless-auth-server
+
+Install dependencies:
+
+    npm install
+
+Build packages:
+
+    npm run build
+
+Run tests:
+
+    npm test
+
+Some packages may require additional environment variables. Refer to their individual README files for details.
+
+---
+
+## Code Style
+
+- TypeScript is used throughout
+- ESM modules (`"type": "module"`)
+- Prefer explicit types over `any`
+- Avoid hidden side effects and implicit globals
+- Keep adapters thin; put logic in `@seamless-auth/core`
+
+Formatting and linting tools are provided — please run them before submitting a PR.
+
+---
+
+## Testing Requirements
+
+All changes that affect behavior should include tests.
+
+Guidelines:
+
+- Core logic should be tested in `@seamless-auth/core`
+- Adapters should use smoke or integration tests
+- Tests should run against compiled output where applicable
+
+Pull requests with failing tests will not be merged.
+
+---
+
+## Commit Guidelines
+
+Please use clear, descriptive commit messages.
+
+Examples:
+
+- feat: add role-based authorization middleware
+- fix: prevent refresh loop on expired cookie
+- docs: clarify express adapter setup
+- test: add coverage for ensureCookies refresh path
+
+---
+
+## Submitting a Pull Request
+
+1. Fork the repository
+2. Create a feature branch
+3. Make your changes
+4. Add or update tests as needed
+5. Ensure all checks pass
+6. Open a pull request with a clear description
+
+Large or breaking changes should be discussed before implementation.
+
+---
+
+## Security Issues
+
+If you discover a security vulnerability, **do not** open a public issue.
+
+Instead, see `SECURITY.md` for responsible disclosure instructions.
+
+---
+
+## License
+
+By contributing, you agree that your contributions will be licensed under the same license as the project (AGPL-3.0-only unless otherwise stated).
+
+---
+
+Thank you for helping improve Seamless Auth.
+
+— Fells Code, LLC
+https://seamlessauth.com

packages/core/LICENSE

@@ -0,0 +1,79 @@
+GNU AFFERO GENERAL PUBLIC LICENSE
+Version 3, 19 November 2007
+
+Copyright (C) 2007 Free Software Foundation, Inc.
+<https://fsf.org/>
+Everyone is permitted to copy and distribute verbatim copies
+of this license document, but changing it is not allowed.
+
+This license is identical to the GNU General Public License, except that it also
+ensures that software running as a network service makes its source code
+available to users.
+
+---
+
+TERMS AND CONDITIONS
+
+0. Definitions.
+
+“This License” refers to version 3 of the GNU Affero General Public License.
+
+“Copyright” also means copyright-like laws that apply to other kinds of works,
+such as semiconductor masks.
+
+The “Program” refers to any copyrightable work licensed under this License.
+Each licensee is addressed as “you”.
+
+To “modify” a work means to copy from or adapt all or part of the work in a
+fashion requiring copyright permission, other than the making of an exact copy.
+
+To “propagate” a work means to do anything with it that, without permission,
+would make you directly or secondarily liable for infringement under applicable
+copyright law, except executing it on a computer or modifying a private copy.
+
+To “convey” a work means any kind of propagation that enables other parties to
+make or receive copies.
+
+An interactive user interface displays “Appropriate Legal Notices” to the extent
+that it includes a convenient and prominently visible feature that displays an
+appropriate copyright notice, and tells the user that there is no warranty for
+the work (except to the extent that warranties are provided), that licensees may
+convey the work under this License, and how to view a copy of this License.
+
+---
+
+13. Remote Network Interaction; Use with the GNU General Public License.
+
+Notwithstanding any other provision of this License, if you modify the Program,
+your modified version must prominently offer all users interacting with it
+remotely through a computer network an opportunity to receive the Corresponding
+Source of your version by providing access to the Corresponding Source from a
+network server at no charge, through some standard or customary means of
+facilitating copying of software.
+
+---
+
+15. Disclaimer of Warranty.
+
+THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
+EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER
+PARTIES PROVIDE THE PROGRAM “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER
+EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+
+---
+
+16. Limitation of Liability.
+
+IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY
+COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS
+PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL,
+INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE
+THE PROGRAM.
+
+---
+
+END OF TERMS AND CONDITIONS
+
+You should have received a copy of the GNU Affero General Public License along
+with this program. If not, see <https://www.gnu.org/licenses/>.

packages/core/LICENSE.md

@@ -0,0 +1,26 @@
+# License
+
+Seamless Auth Server - Core ("@seamless-auth/core") is licensed under the **GNU Affero General Public License v3.0 (AGPL-3.0-only)**.
+
+- SPDX: `AGPL-3.0-only`
+
+## What this means (high level)
+
+- You are free to **use**, **modify**, and **self-host** this software.
+- If you **modify** this software and **run it as a network service** (for example, hosting it for others to use), you must **make the complete corresponding source code of your modified version available** to users of that service, under the AGPL.
+
+This summary is not legal advice and does not replace the license text.
+
+## Full license text
+
+The full license text is available here:
+
+- https://www.gnu.org/licenses/agpl-3.0.html
+
+You should include a copy of the AGPLv3 license in your distribution. If this repository does not contain the full license text yet, add it as `LICENSE` or `LICENSE.txt` (recommended), and keep this `LICENSE.md` as the human-friendly summary.
+
+## Commercial licensing
+
+If you would like to embed Seamless Auth API into a proprietary product, redistribute it under different terms, or offer it as a managed service without AGPL obligations, commercial licensing may be available.
+
+Contact: support@seamlessauth.com