+
+
+{#if selectedApp !== null}
+ + Part of the Mana Ecosystem +
+ +
+
+
+ e.key === 'Escape' && closeModal()}
+ role="dialog"
+ aria-modal="true"
+ tabindex="-1"
+ >
+
+
+
+{/if}
+
+
diff --git a/manacore/apps/web/src/lib/components/Icon.svelte b/manacore/apps/web/src/lib/components/Icon.svelte
new file mode 100644
index 000000000..a29f16636
--- /dev/null
+++ b/manacore/apps/web/src/lib/components/Icon.svelte
@@ -0,0 +1,34 @@
+
+
+{#if path}
+
+{:else}
+ ⚠
+{/if}
diff --git a/manacore/apps/web/src/lib/components/ManaCoreLogo.svelte b/manacore/apps/web/src/lib/components/ManaCoreLogo.svelte
new file mode 100644
index 000000000..d8f6ee83a
--- /dev/null
+++ b/manacore/apps/web/src/lib/components/ManaCoreLogo.svelte
@@ -0,0 +1,29 @@
+
+
+
diff --git a/manacore/apps/web/src/lib/components/ThemeToggle.svelte b/manacore/apps/web/src/lib/components/ThemeToggle.svelte
new file mode 100644
index 000000000..0039644f7
--- /dev/null
+++ b/manacore/apps/web/src/lib/components/ThemeToggle.svelte
@@ -0,0 +1,40 @@
+
+
+
diff --git a/manacore/apps/web/src/lib/components/ui/Input.svelte b/manacore/apps/web/src/lib/components/ui/Input.svelte
index 2d3f42b5a..0ce01daf5 100644
--- a/manacore/apps/web/src/lib/components/ui/Input.svelte
+++ b/manacore/apps/web/src/lib/components/ui/Input.svelte
@@ -10,6 +10,8 @@
class?: string;
autocomplete?: 'email' | 'current-password' | 'new-password' | 'username' | 'off' | string;
oninput?: (event: Event) => void;
+ minlength?: number;
+ maxlength?: number;
}
let {
@@ -22,7 +24,9 @@
disabled = false,
class: className = '',
autocomplete,
- oninput
+ oninput,
+ minlength,
+ maxlength
}: Props = $props();
@@ -33,6 +37,8 @@
{placeholder}
{required}
{disabled}
+ {minlength}
+ {maxlength}
autocomplete={autocomplete as any}
bind:value
oninput={oninput}
diff --git a/manacore/apps/web/src/lib/stores/authStore.svelte.ts b/manacore/apps/web/src/lib/stores/authStore.svelte.ts
new file mode 100644
index 000000000..1c1a1920e
--- /dev/null
+++ b/manacore/apps/web/src/lib/stores/authStore.svelte.ts
@@ -0,0 +1,82 @@
+import { createBrowserClient } from '@supabase/ssr';
+import { PUBLIC_SUPABASE_URL, PUBLIC_SUPABASE_ANON_KEY } from '$env/static/public';
+
+// Create browser Supabase client
+function getSupabaseClient() {
+ return createBrowserClient(PUBLIC_SUPABASE_URL, PUBLIC_SUPABASE_ANON_KEY);
+}
+
+export const authStore = {
+ /**
+ * Sign in with email and password
+ */
+ async signIn(email: string, password: string) {
+ const supabase = getSupabaseClient();
+ const { error } = await supabase.auth.signInWithPassword({
+ email,
+ password
+ });
+
+ if (error) {
+ return {
+ success: false,
+ error: error.message
+ };
+ }
+
+ return { success: true };
+ },
+
+ /**
+ * Sign up with email and password
+ */
+ async signUp(email: string, password: string) {
+ const supabase = getSupabaseClient();
+ const { data, error } = await supabase.auth.signUp({
+ email,
+ password
+ });
+
+ if (error) {
+ return {
+ success: false,
+ error: error.message
+ };
+ }
+
+ // Check if email confirmation is required
+ const needsVerification = !data.session;
+
+ return {
+ success: true,
+ needsVerification
+ };
+ },
+
+ /**
+ * Send password reset email
+ */
+ async forgotPassword(email: string) {
+ const supabase = getSupabaseClient();
+ const { error } = await supabase.auth.resetPasswordForEmail(email, {
+ redirectTo: `${window.location.origin}/reset-password`
+ });
+
+ if (error) {
+ return {
+ success: false,
+ error: error.message
+ };
+ }
+
+ return { success: true };
+ },
+
+ /**
+ * Sign out
+ */
+ async signOut() {
+ const supabase = getSupabaseClient();
+ await supabase.auth.signOut();
+ }
+};
diff --git a/manacore/apps/web/src/lib/stores/theme.ts b/manacore/apps/web/src/lib/stores/theme.ts
new file mode 100644
index 000000000..27c2fb90d
--- /dev/null
+++ b/manacore/apps/web/src/lib/stores/theme.ts
@@ -0,0 +1,79 @@
+import { writable, derived } from 'svelte/store';
+import { browser } from '$app/environment';
+
+type ThemeMode = 'light' | 'dark' | 'system';
+
+interface ThemeState {
+ mode: ThemeMode;
+ effectiveMode: 'light' | 'dark';
+}
+
+function createThemeStore() {
+ const getInitialMode = (): ThemeMode => {
+ if (browser) {
+ const stored = localStorage.getItem('theme-mode');
+ if (stored === 'light' || stored === 'dark' || stored === 'system') {
+ return stored;
+ }
+ }
+ return 'system';
+ };
+
+ const getSystemPreference = (): 'light' | 'dark' => {
+ if (browser && window.matchMedia('(prefers-color-scheme: dark)').matches) {
+ return 'dark';
+ }
+ return 'light';
+ };
+
+ const mode = writable
+
+
+ {#each apps as app, index}
+
+ { e.stopPropagation(); selectedApp = index; }}
+ onmouseenter={() => hoveredApp = index}
+ onmousemove={(e) => handleCardMouseMove(e, index, e.currentTarget)}
+ onmouseleave={() => { handleCardMouseLeave(index); hoveredApp = null; }}
+ onkeydown={() => {}}
+ role="button"
+ tabindex="0"
+ >
+ 
+
+
+ {/each}
+
+
+ {getStatusLabel(app.status)}
+
+
+
+
+ + {app.name} +
+ ++ {app.description} +
+ ++ {app.longDescription} +
+ +
+ {#if app.comingSoon}
+
+
+ Coming Soon
+
+ {:else}
+
+ {/if}
+
-
+{@render children()}
diff --git a/manacore/apps/web/src/routes/(auth)/login/+page.server.ts b/manacore/apps/web/src/routes/(auth)/login/+page.server.ts
deleted file mode 100644
index 479aec505..000000000
--- a/manacore/apps/web/src/routes/(auth)/login/+page.server.ts
+++ /dev/null
@@ -1,32 +0,0 @@
-import { redirect, fail } from '@sveltejs/kit';
-import type { Actions } from './$types';
-
-export const actions: Actions = {
- default: async ({ request, locals: { supabase } }) => {
- const formData = await request.formData();
- const email = formData.get('email') as string;
- const password = formData.get('password') as string;
-
- if (!email || !password) {
- return fail(400, {
- error: 'Email and password are required',
- email
- });
- }
-
- const { error } = await supabase.auth.signInWithPassword({
- email,
- password
- });
-
- if (error) {
- console.error('Login error:', error);
- return fail(400, {
- error: error.message,
- email
- });
- }
-
- throw redirect(303, '/dashboard');
- }
-};
diff --git a/manacore/apps/web/src/routes/(auth)/login/+page.svelte b/manacore/apps/web/src/routes/(auth)/login/+page.svelte
index 04952fe34..38f1901f2 100644
--- a/manacore/apps/web/src/routes/(auth)/login/+page.svelte
+++ b/manacore/apps/web/src/routes/(auth)/login/+page.svelte
@@ -1,86 +1,29 @@
-
- {@render children()}
-
-
-
-
-
-
-
+
-
-
- ManaCore
-Sign in to your account
-
-
- - Don't have an account? - - Sign up - -
-
-
-
-
-
-
+
-
-
- Create Account
-Sign up for ManaCore
-
-
- - Already have an account? - - Sign in - -
-
- Password updated successfully! Redirecting to dashboard...
-
- {/if}
-
- Password updated successfully! Redirecting to dashboard...
-
- {/if}
-
-
+
-
-
-
-
-
-
-
-
- Welcome back
-Sign in to your Manadeck account
-
- Don't have an account?
-
- Sign up
-
-
-
-
+
-
-
-
-
-
-
-
-
- Create your account
-Start building your knowledge decks
-
- Already have an account?
-
- Sign in
-
-
-
-
- showManaInfoModal = false}
- title="Mana Login"
- maxWidth="lg"
- >
- {#snippet icon()}
-
- {/snippet}
-
- {#snippet children()}
-
-
+
-
-
-
-
-
-
-
-
-
- - Memoro -
-
-
-
-
- {#if mode === 'initial'}
-
-
-
-
-
-
-
- {#if error}
- - {#if mode === 'initial'} - - {$t('auth.mana_login')} - {:else if mode === 'login'} - {$t('auth.sign_in')} - {:else if mode === 'forgot-password'} - {$t('auth.reset_password')} - {:else if mode === 'password-reset-success'} - {$t('auth.reset_email_sent_title')} - {/if} -
- {#if mode === 'initial'} -
-
- {/if}
- - {$t('auth.mana_login_description')} -
- -
-
- {/if}
-
- {#if oauthError}
- {error}
-
-
- {/if}
-
-
- {#if mode === 'initial'}
- {oauthError}
-
-
-
-
-
-
-
-
-
-
-
- {:else if mode === 'login'}
-
-
-
- - {@html $t('auth.terms_agreement')} -
-
-
-
-
-
- {$t('common.or')}
- -
-
-
-
-
-
-
-
-
- {:else if mode === 'forgot-password'}
-
-
-
- {:else if mode === 'password-reset-success'}
-
-
- {/if}
-
-
-
-
-
-
-
- - {$t('auth.reset_email_sent_description').replace('{email}', resetEmail)} -
-
-
-
-
-
-
-
- {/if}
-
-
-
-
- {/snippet}
-
- {#snippet footer()}
-
- {/snippet}
- - Mana Login ist dein zentraler Zugang zu allen Apps im Mana-Ökosystem. Mit einem - einzigen Account kannst du dich bei allen Mana-Anwendungen anmelden. -
- -
-
-
- Vorteile:
- -
-
- {$t('auth.mana_login_benefit_0')}
-
-
-
-
-
-
-
-
-
-
-
-
-
- - Weitere Mana Apps werden in Zukunft hinzugefügt und können dann ebenfalls mit deinem - Mana Login genutzt werden. -
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- - Memoro -
-
-
-
-
-
-
- - {$t('auth.create_account')} -
- - - {#if error} -
-
- {/if}
-
- {#if success && needsVerification}
- {error}
-
-
- {/if}
-
- {#if oauthError}
- - {$t('auth.registration_success')} -
-
-
- {/if}
-
-
-
-
-
- {oauthError}
-
-
-
-
- - {$t('auth.email_only_info')} -
- -
-
-
-
-
-
- {/snippet}
-
- {#snippet footer()}
-
- {/snippet}
-- {$t('auth.email_only_intro')} -
- -
-
-
-
-
-
-
-
-
-
- {$t('auth.email_only_benefit_1_title')}
-{$t('auth.email_only_benefit_1_desc')}
-
-
-
-
-
-
-
- {$t('auth.email_only_benefit_2_title')}
-{$t('auth.email_only_benefit_2_desc')}
-
-
-
-
-
-
-
- {$t('auth.email_only_benefit_3_title')}
-{$t('auth.email_only_benefit_3_desc')}
-
-
-
-
-
-
- {$t('auth.email_only_benefit_4_title')}
-{$t('auth.email_only_benefit_4_desc')}
-- {$t('auth.email_only_modal_footer')} -
-
{#if error}
@@ -60,7 +49,6 @@
{/if}
-
{#if isLoading}
-
@@ -100,10 +74,3 @@
border-radius: 0.75rem !important;
}
-
-
-
diff --git a/packages/shared-auth-ui/src/components/Icon.svelte b/packages/shared-auth-ui/src/components/Icon.svelte
new file mode 100644
index 000000000..808ea0a04
--- /dev/null
+++ b/packages/shared-auth-ui/src/components/Icon.svelte
@@ -0,0 +1,30 @@
+
+
+{#if path}
+
+{:else}
+ ⚠
+{/if}
diff --git a/packages/shared-auth-ui/src/icons/iconPaths.ts b/packages/shared-auth-ui/src/icons/iconPaths.ts
new file mode 100644
index 000000000..9d060a982
--- /dev/null
+++ b/packages/shared-auth-ui/src/icons/iconPaths.ts
@@ -0,0 +1,37 @@
+/**
+ * Phosphor Icons (Bold weight) SVG paths
+ * Only includes icons used in auth UI
+ */
+export const iconPaths = {
+ 'user-plus': '
+ Login - {appName}
+
+
+
+ Create Account - {appName}
+
+
+;
+ signUp(email: string, password: string): Promise;
+ signInWithGoogle?(idToken: string): Promise;
+ signInWithApple?(identityToken: string): Promise;
+ forgotPassword(email: string): Promise;
+}
+
+/**
+ * Result from auth operations
+ */
+export interface AuthResult {
+ success: boolean;
+ error?: string;
+ needsVerification?: boolean;
+}
+
+/**
+ * Icon names available in the icon set
+ */
+export type IconName =
+ | 'user-plus'
+ | 'sign-in'
+ | 'eye'
+ | 'eye-off'
+ | 'key'
+ | 'arrow-left'
+ | 'info'
+ | 'mail-open'
+ | 'lock'
+ | 'shield-check'
+ | 'arrows-left-right'
+ | 'envelope'
+ | 'folder';
diff --git a/packages/shared-auth-ui/src/utils/appleAuth.ts b/packages/shared-auth-ui/src/utils/appleAuth.ts
new file mode 100644
index 000000000..e2f0f0904
--- /dev/null
+++ b/packages/shared-auth-ui/src/utils/appleAuth.ts
@@ -0,0 +1,216 @@
+/**
+ * Apple Sign-In integration for web
+ * Uses redirect flow (not popup)
+ */
+
+// TypeScript definitions for Apple ID SDK
+declare global {
+ interface Window {
+ AppleID?: {
+ auth: {
+ init: (config: AppleIDInitConfig) => void;
+ signIn: () => Promise;
+ };
+ };
+ }
+}
+
+interface AppleIDInitConfig {
+ clientId: string;
+ scope: string;
+ redirectURI: string;
+ state?: string;
+ nonce?: string;
+ usePopup?: boolean;
+ responseType?: string;
+ responseMode?: string;
+}
+
+interface AppleIDSignInResponse {
+ authorization: {
+ code: string;
+ id_token?: string;
+ state?: string;
+ };
+ user?: {
+ email?: string;
+ name?: {
+ firstName?: string;
+ lastName?: string;
+ };
+ };
+}
+
+export interface AppleAuthorizationResponse {
+ code: string;
+ id_token?: string;
+ state?: string;
+ user?: string;
+}
+
+let appleClientId: string | null = null;
+let appleRedirectUri: string | null = null;
+
+/**
+ * Set Apple Sign-In configuration
+ */
+export function setAppleConfig(clientId: string, redirectUri: string) {
+ appleClientId = clientId;
+ appleRedirectUri = redirectUri;
+}
+
+/**
+ * Check if running in browser
+ */
+function isBrowser(): boolean {
+ return typeof window !== 'undefined';
+}
+
+/**
+ * Initialize Apple ID SDK
+ */
+export function initializeAppleAuth(): boolean {
+ if (!isBrowser() || !window.AppleID) {
+ console.warn('Apple ID SDK not loaded');
+ return false;
+ }
+
+ if (!appleClientId || !appleRedirectUri) {
+ console.error('Apple Sign-In not configured. Call setAppleConfig() first.');
+ return false;
+ }
+
+ try {
+ window.AppleID.auth.init({
+ clientId: appleClientId,
+ scope: 'name email',
+ redirectURI: appleRedirectUri,
+ state: generateState(),
+ usePopup: false,
+ responseType: 'code id_token',
+ responseMode: 'form_post'
+ });
+
+ console.log('Apple ID SDK initialized successfully');
+ return true;
+ } catch (error) {
+ console.error('Error initializing Apple ID SDK:', error);
+ return false;
+ }
+}
+
+/**
+ * Initiate Apple Sign-In (redirect flow)
+ */
+export async function signInWithApple(): Promise {
+ if (!isBrowser()) {
+ throw new Error('Apple Sign-In only available in browser');
+ }
+
+ if (!window.AppleID) {
+ throw new Error('Apple ID SDK not loaded');
+ }
+
+ try {
+ const returnTo = window.location.pathname + window.location.search;
+ sessionStorage.setItem('apple_signin_return_to', returnTo);
+ await window.AppleID.auth.signIn();
+ } catch (error) {
+ console.error('Error initiating Apple Sign-In:', error);
+ throw error;
+ }
+}
+
+/**
+ * Parse Apple authorization response from URL
+ */
+export function parseAppleAuthorizationResponse(
+ urlParams: URLSearchParams
+): AppleAuthorizationResponse | null {
+ const code = urlParams.get('code');
+ const id_token = urlParams.get('id_token');
+ const state = urlParams.get('state');
+ const user = urlParams.get('user');
+ const error = urlParams.get('error');
+
+ if (error) {
+ console.error('Apple Sign-In error:', error);
+ return null;
+ }
+
+ const storedState = sessionStorage.getItem('apple_signin_state');
+ if (state !== storedState) {
+ console.error('State mismatch - possible CSRF attack');
+ return null;
+ }
+
+ if (!id_token && !code) {
+ console.error('No id_token or authorization code in Apple response');
+ return null;
+ }
+
+ return {
+ code: code || '',
+ id_token: id_token || undefined,
+ state: state || undefined,
+ user: user || undefined
+ };
+}
+
+/**
+ * Generate random state for CSRF protection
+ */
+function generateState(): string {
+ const state = Math.random().toString(36).substring(2, 15);
+ if (isBrowser()) {
+ sessionStorage.setItem('apple_signin_state', state);
+ }
+ return state;
+}
+
+/**
+ * Get stored return URL
+ */
+export function getStoredReturnUrl(): string {
+ if (!isBrowser()) return '/dashboard';
+ return sessionStorage.getItem('apple_signin_return_to') || '/dashboard';
+}
+
+/**
+ * Clear Apple Sign-In session data
+ */
+export function clearAppleSignInSession() {
+ if (!isBrowser()) return;
+ sessionStorage.removeItem('apple_signin_state');
+ sessionStorage.removeItem('apple_signin_return_to');
+}
+
+/**
+ * Check if Apple ID SDK is loaded
+ */
+export function isAppleAuthLoaded(): boolean {
+ return isBrowser() && !!window.AppleID?.auth;
+}
+
+/**
+ * Wait for Apple ID SDK to load
+ */
+export function waitForAppleAuth(timeout = 10000): Promise {
+ return new Promise((resolve, reject) => {
+ if (isAppleAuthLoaded()) {
+ resolve();
+ return;
+ }
+
+ const startTime = Date.now();
+ const interval = setInterval(() => {
+ if (isAppleAuthLoaded()) {
+ clearInterval(interval);
+ resolve();
+ } else if (Date.now() - startTime > timeout) {
+ clearInterval(interval);
+ reject(new Error('Apple ID SDK failed to load'));
+ }
+ }, 100);
+ });
+}
diff --git a/packages/shared-auth-ui/src/utils/googleAuth.ts b/packages/shared-auth-ui/src/utils/googleAuth.ts
new file mode 100644
index 000000000..8e21cdb53
--- /dev/null
+++ b/packages/shared-auth-ui/src/utils/googleAuth.ts
@@ -0,0 +1,174 @@
+/**
+ * Google Identity Services integration
+ * Provides helper functions for Google Sign-In on web
+ */
+
+// TypeScript definitions for Google Identity Services
+declare global {
+ interface Window {
+ google?: {
+ accounts: {
+ id: {
+ initialize: (config: GoogleIdConfiguration) => void;
+ prompt: (momentListener?: (notification: PromptMomentNotification) => void) => void;
+ renderButton: (parent: HTMLElement, options: GsiButtonConfiguration) => void;
+ disableAutoSelect: () => void;
+ storeCredential: (credential: { id: string; password: string }) => void;
+ cancel: () => void;
+ onGoogleLibraryLoad: () => void;
+ revoke: (hint: string, callback: (done: RevocationResponse) => void) => void;
+ };
+ };
+ };
+ }
+}
+
+interface GoogleIdConfiguration {
+ client_id: string;
+ callback: (response: CredentialResponse) => void;
+ auto_select?: boolean;
+ cancel_on_tap_outside?: boolean;
+ context?: 'signin' | 'signup' | 'use';
+ ux_mode?: 'popup' | 'redirect';
+ login_uri?: string;
+ native_callback?: (response: { id: string; password: string }) => void;
+ itp_support?: boolean;
+}
+
+interface CredentialResponse {
+ credential: string;
+ select_by: string;
+ clientId?: string;
+}
+
+interface GsiButtonConfiguration {
+ type?: 'standard' | 'icon';
+ theme?: 'outline' | 'filled_blue' | 'filled_black';
+ size?: 'large' | 'medium' | 'small';
+ text?: 'signin_with' | 'signup_with' | 'continue_with' | 'signin';
+ shape?: 'rectangular' | 'pill' | 'circle' | 'square';
+ logo_alignment?: 'left' | 'center';
+ width?: string;
+ locale?: string;
+}
+
+interface PromptMomentNotification {
+ isDisplayMoment: () => boolean;
+ isDisplayed: () => boolean;
+ isNotDisplayed: () => boolean;
+ getNotDisplayedReason: () => string;
+ isSkippedMoment: () => boolean;
+ getSkippedReason: () => string;
+ isDismissedMoment: () => boolean;
+ getDismissedReason: () => string;
+ getMomentType: () => 'display' | 'skipped' | 'dismissed';
+}
+
+interface RevocationResponse {
+ successful: boolean;
+ error?: string;
+}
+
+let googleClientId: string | null = null;
+
+/**
+ * Set Google Client ID for initialization
+ */
+export function setGoogleClientId(clientId: string) {
+ googleClientId = clientId;
+}
+
+/**
+ * Initialize Google Identity Services
+ */
+export function initializeGoogleAuth(callback: (idToken: string) => void) {
+ if (typeof window === 'undefined') {
+ console.warn('Google Auth: Cannot initialize on server-side');
+ return;
+ }
+
+ if (!window.google) {
+ console.warn('Google Identity Services not loaded yet');
+ return;
+ }
+
+ if (!googleClientId) {
+ console.error('Google Client ID not configured. Call setGoogleClientId() first.');
+ return;
+ }
+
+ try {
+ window.google.accounts.id.initialize({
+ client_id: googleClientId,
+ callback: (response: CredentialResponse) => {
+ callback(response.credential);
+ },
+ auto_select: false,
+ cancel_on_tap_outside: true,
+ ux_mode: 'popup'
+ });
+ } catch (error) {
+ console.error('Error initializing Google Auth:', error);
+ }
+}
+
+/**
+ * Render Google Sign-In button
+ */
+export function renderGoogleButton(
+ element: HTMLElement,
+ options?: Partial
+) {
+ if (typeof window === 'undefined' || !window.google) {
+ console.warn('Google Identity Services not available');
+ return;
+ }
+
+ const defaultOptions: GsiButtonConfiguration = {
+ type: 'standard',
+ theme: 'outline',
+ size: 'large',
+ text: 'signin_with',
+ shape: 'rectangular',
+ logo_alignment: 'left'
+ };
+
+ try {
+ window.google.accounts.id.renderButton(element, {
+ ...defaultOptions,
+ ...options
+ });
+ } catch (error) {
+ console.error('Error rendering Google button:', error);
+ }
+}
+
+/**
+ * Check if Google Identity Services is loaded
+ */
+export function isGoogleAuthLoaded(): boolean {
+ return typeof window !== 'undefined' && !!window.google?.accounts?.id;
+}
+
+/**
+ * Wait for Google Identity Services to load
+ */
+export function waitForGoogleAuth(timeout = 10000): Promise {
+ return new Promise((resolve, reject) => {
+ if (isGoogleAuthLoaded()) {
+ resolve();
+ return;
+ }
+
+ const startTime = Date.now();
+ const interval = setInterval(() => {
+ if (isGoogleAuthLoaded()) {
+ clearInterval(interval);
+ resolve();
+ } else if (Date.now() - startTime > timeout) {
+ clearInterval(interval);
+ reject(new Error('Google Identity Services failed to load'));
+ }
+ }, 100);
+ });
+}
diff --git a/packages/shared-auth-ui/tsconfig.json b/packages/shared-auth-ui/tsconfig.json
new file mode 100644
index 000000000..0d1efc56c
--- /dev/null
+++ b/packages/shared-auth-ui/tsconfig.json
@@ -0,0 +1,21 @@
+{
+ "compilerOptions": {
+ "target": "ES2020",
+ "module": "ESNext",
+ "moduleResolution": "bundler",
+ "lib": ["ES2020", "DOM", "DOM.Iterable"],
+ "strict": true,
+ "declaration": true,
+ "declarationMap": true,
+ "skipLibCheck": true,
+ "esModuleInterop": true,
+ "allowSyntheticDefaultImports": true,
+ "forceConsistentCasingInFileNames": true,
+ "resolveJsonModule": true,
+ "isolatedModules": true,
+ "noEmit": true,
+ "verbatimModuleSyntax": true
+ },
+ "include": ["src/**/*"],
+ "exclude": ["node_modules"]
+}
diff --git a/packages/shared-auth/README.md b/packages/shared-auth/README.md
new file mode 100644
index 000000000..049fe46dd
--- /dev/null
+++ b/packages/shared-auth/README.md
@@ -0,0 +1,210 @@
+# @manacore/shared-auth
+
+Shared authentication utilities for Manacore apps. This package provides a configurable authentication service that can be used across React Native (Expo) and web apps.
+
+## Features
+
+- **Configurable Auth Service**: Create auth services with custom base URLs and endpoints
+- **Token Manager**: Handle token refresh, queueing, and state management
+- **JWT Utilities**: Decode tokens, check expiration, extract user data
+- **Fetch Interceptor**: Automatically attach tokens and handle 401 responses
+- **Platform Adapters**: Pluggable storage, device, and network adapters
+
+## Installation
+
+```bash
+pnpm add @manacore/shared-auth
+```
+
+## Quick Start
+
+### Web (SvelteKit, React, etc.)
+
+```typescript
+import { initializeWebAuth } from '@manacore/shared-auth';
+
+const { authService, tokenManager } = initializeWebAuth({
+ baseUrl: 'https://api.example.com',
+});
+
+// Sign in
+const result = await authService.signIn('user@example.com', 'password');
+if (result.success) {
+ console.log('Signed in!');
+}
+
+// Get current user
+const user = await authService.getUserFromToken();
+console.log(user?.email);
+
+// Sign out
+await authService.signOut();
+```
+
+### React Native (Expo)
+
+```typescript
+import {
+ createAuthService,
+ createTokenManager,
+ setStorageAdapter,
+ setDeviceAdapter,
+ setNetworkAdapter,
+ setupFetchInterceptor,
+} from '@manacore/shared-auth';
+import * as SecureStore from 'expo-secure-store';
+
+// Create storage adapter for Expo
+const expoStorageAdapter = {
+ async getItem(key: string): Promise {
+ const value = await SecureStore.getItemAsync(key);
+ if (!value) return null;
+ try {
+ return JSON.parse(value) as T;
+ } catch {
+ return value as T;
+ }
+ },
+ async setItem(key: string, value: string): Promise {
+ await SecureStore.setItemAsync(key, value);
+ },
+ async removeItem(key: string): Promise {
+ await SecureStore.deleteItemAsync(key);
+ },
+};
+
+// Set up adapters
+setStorageAdapter(expoStorageAdapter);
+setDeviceAdapter(yourDeviceAdapter);
+setNetworkAdapter(yourNetworkAdapter);
+
+// Create services
+const authService = createAuthService({
+ baseUrl: process.env.EXPO_PUBLIC_API_URL,
+});
+const tokenManager = createTokenManager(authService);
+
+// Set up fetch interceptor
+setupFetchInterceptor(authService, tokenManager);
+```
+
+## API Reference
+
+### createAuthService(config)
+
+Creates an authentication service instance.
+
+```typescript
+const authService = createAuthService({
+ baseUrl: 'https://api.example.com',
+ storageKeys: {
+ APP_TOKEN: '@auth/appToken',
+ REFRESH_TOKEN: '@auth/refreshToken',
+ USER_EMAIL: '@auth/userEmail',
+ },
+ endpoints: {
+ signIn: '/auth/signin',
+ signUp: '/auth/signup',
+ // ... other endpoints
+ },
+});
+```
+
+### createTokenManager(authService, config?)
+
+Creates a token manager for handling token refresh and state.
+
+```typescript
+const tokenManager = createTokenManager(authService, {
+ maxQueueSize: 50,
+ queueTimeoutMs: 30000,
+ maxRefreshAttempts: 3,
+ refreshCooldownMs: 5000,
+});
+
+// Subscribe to state changes
+const unsubscribe = tokenManager.subscribe((state, token) => {
+ console.log('Token state:', state);
+});
+
+// Get valid token (refreshes if needed)
+const token = await tokenManager.getValidToken();
+```
+
+### JWT Utilities
+
+```typescript
+import {
+ decodeToken,
+ isTokenValidLocally,
+ getUserFromToken,
+ isB2BUser,
+ getB2BInfo,
+} from '@manacore/shared-auth';
+
+const payload = decodeToken(token);
+const isValid = isTokenValidLocally(token);
+const user = getUserFromToken(token);
+const isB2B = isB2BUser(token);
+```
+
+### Adapters
+
+The package uses adapters for platform-specific functionality:
+
+- **StorageAdapter**: For storing tokens securely
+- **DeviceAdapter**: For getting device information
+- **NetworkAdapter**: For checking network connectivity
+
+```typescript
+import {
+ setStorageAdapter,
+ setDeviceAdapter,
+ setNetworkAdapter,
+} from '@manacore/shared-auth';
+
+setStorageAdapter(myStorageAdapter);
+setDeviceAdapter(myDeviceAdapter);
+setNetworkAdapter(myNetworkAdapter);
+```
+
+## Migration from Existing Auth
+
+To migrate from existing auth implementations:
+
+1. Install the package
+2. Set up the adapters for your platform
+3. Replace direct authService calls with the shared service
+4. Update token manager usage
+
+### Before
+
+```typescript
+// memoro/apps/mobile/features/auth/services/authService.ts
+import { authService } from './authService';
+await authService.signIn(email, password);
+```
+
+### After
+
+```typescript
+// Use the shared auth service
+import { authService } from '@/services/auth'; // Your configured instance
+await authService.signIn(email, password);
+```
+
+## Token States
+
+The token manager tracks these states:
+
+- `IDLE`: Initial state
+- `VALID`: Token is valid
+- `REFRESHING`: Token refresh in progress
+- `EXPIRED`: Token has expired
+- `EXPIRED_OFFLINE`: Token expired while offline (preserves auth)
+
+## Contributing
+
+1. Make changes to the source files in `src/`
+2. Run `pnpm run type-check` to validate TypeScript
+3. Run `pnpm run build` to compile
diff --git a/packages/shared-auth/package.json b/packages/shared-auth/package.json
new file mode 100644
index 000000000..9d82107d7
--- /dev/null
+++ b/packages/shared-auth/package.json
@@ -0,0 +1,37 @@
+{
+ "name": "@manacore/shared-auth",
+ "version": "0.1.0",
+ "description": "Shared authentication utilities for Manacore apps",
+ "main": "dist/index.js",
+ "types": "dist/index.d.ts",
+ "type": "module",
+ "files": [
+ "dist"
+ ],
+ "scripts": {
+ "build": "tsc",
+ "clean": "rm -rf dist",
+ "type-check": "tsc --noEmit"
+ },
+ "dependencies": {
+ "base64-js": "^1.5.1"
+ },
+ "devDependencies": {
+ "typescript": "^5.9.3"
+ },
+ "peerDependencies": {
+ "react-native": ">=0.70.0"
+ },
+ "peerDependenciesMeta": {
+ "react-native": {
+ "optional": true
+ }
+ },
+ "keywords": [
+ "manacore",
+ "auth",
+ "jwt",
+ "token"
+ ],
+ "license": "MIT"
+}
diff --git a/packages/shared-auth/src/adapters/device.ts b/packages/shared-auth/src/adapters/device.ts
new file mode 100644
index 000000000..12959c463
--- /dev/null
+++ b/packages/shared-auth/src/adapters/device.ts
@@ -0,0 +1,81 @@
+import type { DeviceManagerAdapter, DeviceInfo } from '../types';
+
+let deviceAdapter: DeviceManagerAdapter | null = null;
+
+/**
+ * Set the device manager adapter for the auth service
+ */
+export function setDeviceAdapter(adapter: DeviceManagerAdapter): void {
+ deviceAdapter = adapter;
+}
+
+/**
+ * Get the current device adapter
+ */
+export function getDeviceAdapter(): DeviceManagerAdapter {
+ if (!deviceAdapter) {
+ throw new Error(
+ 'Device adapter not initialized. Call setDeviceAdapter() before using auth services.'
+ );
+ }
+ return deviceAdapter;
+}
+
+/**
+ * Check if device adapter is initialized
+ */
+export function isDeviceInitialized(): boolean {
+ return deviceAdapter !== null;
+}
+
+/**
+ * Create a web-based device manager adapter
+ */
+export function createWebDeviceAdapter(): DeviceManagerAdapter {
+ // Generate a persistent device ID for web
+ const getOrCreateDeviceId = (): string => {
+ const storageKey = '@manacore/deviceId';
+ let deviceId = localStorage.getItem(storageKey);
+ if (!deviceId) {
+ deviceId = crypto.randomUUID();
+ localStorage.setItem(storageKey, deviceId);
+ }
+ return deviceId;
+ };
+
+ return {
+ async getDeviceInfo(): Promise {
+ const userAgent = navigator.userAgent;
+ let deviceName = 'Web Browser';
+ let deviceType = 'web';
+
+ // Try to extract browser name
+ if (userAgent.includes('Chrome')) {
+ deviceName = 'Chrome Browser';
+ } else if (userAgent.includes('Safari')) {
+ deviceName = 'Safari Browser';
+ } else if (userAgent.includes('Firefox')) {
+ deviceName = 'Firefox Browser';
+ } else if (userAgent.includes('Edge')) {
+ deviceName = 'Edge Browser';
+ }
+
+ // Detect device type
+ if (/Mobi|Android/i.test(userAgent)) {
+ deviceType = 'mobile_web';
+ } else if (/Tablet|iPad/i.test(userAgent)) {
+ deviceType = 'tablet_web';
+ }
+
+ return {
+ deviceId: getOrCreateDeviceId(),
+ deviceName,
+ deviceType,
+ platform: 'web',
+ };
+ },
+ async getStoredDeviceId(): Promise {
+ return localStorage.getItem('@manacore/deviceId');
+ },
+ };
+}
diff --git a/packages/shared-auth/src/adapters/network.ts b/packages/shared-auth/src/adapters/network.ts
new file mode 100644
index 000000000..7898655a1
--- /dev/null
+++ b/packages/shared-auth/src/adapters/network.ts
@@ -0,0 +1,55 @@
+import type { NetworkAdapter } from '../types';
+
+let networkAdapter: NetworkAdapter | null = null;
+
+/**
+ * Set the network adapter for the auth service
+ */
+export function setNetworkAdapter(adapter: NetworkAdapter): void {
+ networkAdapter = adapter;
+}
+
+/**
+ * Get the current network adapter
+ */
+export function getNetworkAdapter(): NetworkAdapter | null {
+ return networkAdapter;
+}
+
+/**
+ * Check if device is connected to the network
+ */
+export async function isDeviceConnected(): Promise {
+ if (!networkAdapter) {
+ // Default to true if no adapter is set
+ return true;
+ }
+ return networkAdapter.isDeviceConnected();
+}
+
+/**
+ * Check if device has a stable connection
+ */
+export async function hasStableConnection(): Promise {
+ if (!networkAdapter || !networkAdapter.hasStableConnection) {
+ // Default to basic connectivity check
+ return isDeviceConnected();
+ }
+ return networkAdapter.hasStableConnection();
+}
+
+/**
+ * Create a web-based network adapter
+ */
+export function createWebNetworkAdapter(): NetworkAdapter {
+ return {
+ async isDeviceConnected(): Promise {
+ return navigator.onLine;
+ },
+ async hasStableConnection(): Promise {
+ // For web, we just check online status
+ // More sophisticated checks could be added
+ return navigator.onLine;
+ },
+ };
+}
diff --git a/packages/shared-auth/src/adapters/storage.ts b/packages/shared-auth/src/adapters/storage.ts
new file mode 100644
index 000000000..2b3e415fb
--- /dev/null
+++ b/packages/shared-auth/src/adapters/storage.ts
@@ -0,0 +1,89 @@
+import type { StorageAdapter } from '../types';
+
+/**
+ * Storage adapter that must be implemented by the consuming app.
+ *
+ * For React Native (Expo):
+ * - Use expo-secure-store for sensitive data
+ * - Use @react-native-async-storage/async-storage for non-sensitive data
+ *
+ * For Web:
+ * - Use localStorage or sessionStorage
+ * - Consider using encrypted storage for sensitive data
+ */
+
+let storageAdapter: StorageAdapter | null = null;
+
+/**
+ * Set the storage adapter for the auth service
+ */
+export function setStorageAdapter(adapter: StorageAdapter): void {
+ storageAdapter = adapter;
+}
+
+/**
+ * Get the current storage adapter
+ */
+export function getStorageAdapter(): StorageAdapter {
+ if (!storageAdapter) {
+ throw new Error(
+ 'Storage adapter not initialized. Call setStorageAdapter() before using auth services.'
+ );
+ }
+ return storageAdapter;
+}
+
+/**
+ * Check if storage adapter is initialized
+ */
+export function isStorageInitialized(): boolean {
+ return storageAdapter !== null;
+}
+
+/**
+ * Create a localStorage-based storage adapter (for web)
+ */
+export function createLocalStorageAdapter(): StorageAdapter {
+ return {
+ async getItem(key: string): Promise {
+ const value = localStorage.getItem(key);
+ if (value === null) return null;
+ try {
+ return JSON.parse(value) as T;
+ } catch {
+ return value as T;
+ }
+ },
+ async setItem(key: string, value: string): Promise {
+ localStorage.setItem(key, typeof value === 'string' ? value : JSON.stringify(value));
+ },
+ async removeItem(key: string): Promise {
+ localStorage.removeItem(key);
+ },
+ };
+}
+
+/**
+ * Create an in-memory storage adapter (for testing)
+ */
+export function createMemoryStorageAdapter(): StorageAdapter {
+ const storage = new Map();
+
+ return {
+ async getItem(key: string): Promise {
+ const value = storage.get(key);
+ if (value === undefined) return null;
+ try {
+ return JSON.parse(value) as T;
+ } catch {
+ return value as T;
+ }
+ },
+ async setItem(key: string, value: string): Promise {
+ storage.set(key, typeof value === 'string' ? value : JSON.stringify(value));
+ },
+ async removeItem(key: string): Promise {
+ storage.delete(key);
+ },
+ };
+}
diff --git a/packages/shared-auth/src/core/authService.ts b/packages/shared-auth/src/core/authService.ts
new file mode 100644
index 000000000..3fb9be057
--- /dev/null
+++ b/packages/shared-auth/src/core/authService.ts
@@ -0,0 +1,546 @@
+import type {
+ AuthServiceConfig,
+ AuthEndpoints,
+ AuthResult,
+ TokenRefreshResult,
+ UserData,
+ StorageKeys,
+ CreditBalance,
+ B2BInfo,
+} from '../types';
+import { getStorageAdapter } from '../adapters/storage';
+import { getDeviceAdapter } from '../adapters/device';
+import {
+ decodeToken,
+ isTokenValidLocally,
+ getUserFromToken,
+ getB2BInfo as getB2BInfoFromToken,
+ shouldDisableRevenueCat as checkRevenueCat,
+ isB2BUser as checkB2BUser,
+ getAppSettings as getAppSettingsFromToken,
+} from './jwtUtils';
+
+/**
+ * Default storage keys
+ */
+const DEFAULT_STORAGE_KEYS: StorageKeys = {
+ APP_TOKEN: '@auth/appToken',
+ REFRESH_TOKEN: '@auth/refreshToken',
+ USER_EMAIL: '@auth/userEmail',
+};
+
+/**
+ * Default API endpoints
+ */
+const DEFAULT_ENDPOINTS: AuthEndpoints = {
+ signIn: '/auth/signin',
+ signUp: '/auth/signup',
+ signOut: '/auth/logout',
+ refresh: '/auth/refresh',
+ validate: '/auth/validate',
+ forgotPassword: '/auth/forgot-password',
+ googleSignIn: '/auth/google-signin',
+ appleSignIn: '/auth/apple-signin',
+ credits: '/auth/credits',
+};
+
+/**
+ * Create an authentication service with the given configuration
+ */
+export function createAuthService(config: AuthServiceConfig) {
+ const baseUrl = config.baseUrl.replace(/\/$/, ''); // Remove trailing slash
+ const storageKeys: StorageKeys = { ...DEFAULT_STORAGE_KEYS, ...config.storageKeys };
+ const endpoints: AuthEndpoints = { ...DEFAULT_ENDPOINTS, ...config.endpoints };
+
+ // Callback for token refresh events
+ let onTokenRefreshCallback: ((userData: UserData) => void) | null = null;
+
+ const service = {
+ /**
+ * Sign in with email and password
+ */
+ async signIn(email: string, password: string): Promise {
+ try {
+ const storage = getStorageAdapter();
+ const deviceAdapter = getDeviceAdapter();
+ const deviceInfo = await deviceAdapter.getDeviceInfo();
+
+ const response = await fetch(`${baseUrl}${endpoints.signIn}`, {
+ method: 'POST',
+ headers: { 'Content-Type': 'application/json' },
+ body: JSON.stringify({ email, password, deviceInfo }),
+ });
+
+ if (!response.ok) {
+ const errorData = await response.json();
+ return service.handleAuthError(response.status, errorData);
+ }
+
+ const { appToken, refreshToken } = await response.json();
+
+ await Promise.all([
+ storage.setItem(storageKeys.APP_TOKEN, appToken),
+ storage.setItem(storageKeys.REFRESH_TOKEN, refreshToken),
+ storage.setItem(storageKeys.USER_EMAIL, email),
+ ]);
+
+ return { success: true };
+ } catch (error) {
+ console.error('Error signing in:', error);
+ return {
+ success: false,
+ error: error instanceof Error ? error.message : 'Unknown error during sign in',
+ };
+ }
+ },
+
+ /**
+ * Sign up with email and password
+ */
+ async signUp(email: string, password: string): Promise {
+ try {
+ const storage = getStorageAdapter();
+ const deviceAdapter = getDeviceAdapter();
+ const deviceInfo = await deviceAdapter.getDeviceInfo();
+
+ const response = await fetch(`${baseUrl}${endpoints.signUp}`, {
+ method: 'POST',
+ headers: { 'Content-Type': 'application/json' },
+ body: JSON.stringify({ email, password, deviceInfo }),
+ });
+
+ if (!response.ok) {
+ const errorData = await response.json();
+
+ if (response.status === 409) {
+ return { success: false, error: 'Email already in use' };
+ } else if (response.status === 400) {
+ return { success: false, error: errorData.message || 'Invalid email or password' };
+ }
+
+ return { success: false, error: errorData.message || 'Sign up failed' };
+ }
+
+ const responseData = await response.json();
+
+ // Check if email verification is required
+ if (responseData.confirmationRequired) {
+ return { success: true, needsVerification: true };
+ }
+
+ const { appToken, refreshToken } = responseData;
+
+ if (appToken && refreshToken) {
+ await Promise.all([
+ storage.setItem(storageKeys.APP_TOKEN, appToken),
+ storage.setItem(storageKeys.REFRESH_TOKEN, refreshToken),
+ storage.setItem(storageKeys.USER_EMAIL, email),
+ ]);
+ }
+
+ return { success: true };
+ } catch (error) {
+ console.error('Error signing up:', error);
+ return {
+ success: false,
+ error: error instanceof Error ? error.message : 'Unknown error during sign up',
+ };
+ }
+ },
+
+ /**
+ * Sign out the current user
+ */
+ async signOut(): Promise {
+ try {
+ const storage = getStorageAdapter();
+ const refreshToken = await storage.getItem(storageKeys.REFRESH_TOKEN);
+
+ if (refreshToken) {
+ await fetch(`${baseUrl}${endpoints.signOut}`, {
+ method: 'POST',
+ headers: { 'Content-Type': 'application/json' },
+ body: JSON.stringify({ refreshToken }),
+ }).catch((err) => console.error('Error logging out on server:', err));
+ }
+
+ await service.clearAuthStorage();
+ } catch (error) {
+ console.error('Error signing out:', error);
+ }
+ },
+
+ /**
+ * Send password reset email
+ */
+ async forgotPassword(email: string): Promise {
+ try {
+ const response = await fetch(`${baseUrl}${endpoints.forgotPassword}`, {
+ method: 'POST',
+ headers: { 'Content-Type': 'application/json' },
+ body: JSON.stringify({ email }),
+ });
+
+ if (!response.ok) {
+ const errorData = await response.json();
+
+ if (errorData.message?.includes('rate limit')) {
+ return { success: false, error: 'Too many attempts. Please wait before trying again.' };
+ }
+
+ return { success: false, error: errorData.message || 'Password reset failed' };
+ }
+
+ return { success: true };
+ } catch (error) {
+ console.error('Error sending password reset email:', error);
+ return {
+ success: false,
+ error: error instanceof Error ? error.message : 'Unknown error during password reset',
+ };
+ }
+ },
+
+ /**
+ * Refresh the authentication tokens
+ */
+ async refreshTokens(currentRefreshToken: string): Promise {
+ const storage = getStorageAdapter();
+ const deviceAdapter = getDeviceAdapter();
+
+ // Check for device ID mismatch
+ const storedDeviceId = await deviceAdapter.getStoredDeviceId();
+ const deviceInfo = await deviceAdapter.getDeviceInfo();
+
+ if (storedDeviceId && deviceInfo.deviceId !== storedDeviceId) {
+ throw new Error('Device ID has changed. Please sign in again.');
+ }
+
+ const response = await fetch(`${baseUrl}${endpoints.refresh}`, {
+ method: 'POST',
+ headers: { 'Content-Type': 'application/json' },
+ body: JSON.stringify({ refreshToken: currentRefreshToken, deviceInfo }),
+ });
+
+ if (!response.ok) {
+ const errorData = await response.json().catch(() => ({}));
+
+ if (response.status === 401 && errorData.message === 'Invalid refresh token') {
+ throw new Error('Session expired. Please sign in again.');
+ }
+
+ throw new Error(errorData.message || 'Failed to refresh tokens');
+ }
+
+ const { appToken, refreshToken } = await response.json();
+
+ if (!appToken || !refreshToken) {
+ throw new Error('Invalid response from token refresh - missing tokens');
+ }
+
+ // Store new tokens
+ await storage.setItem(storageKeys.APP_TOKEN, appToken);
+ await storage.setItem(storageKeys.REFRESH_TOKEN, refreshToken);
+
+ // Extract user data from new token
+ const storedEmail = await storage.getItem(storageKeys.USER_EMAIL);
+ const userData = getUserFromToken(appToken, storedEmail || undefined);
+
+ // Notify callback if registered
+ if (userData && onTokenRefreshCallback) {
+ onTokenRefreshCallback(userData);
+ }
+
+ return { appToken, refreshToken, userData };
+ },
+
+ /**
+ * Sign in with Google
+ */
+ async signInWithGoogle(idToken: string): Promise {
+ return service.signInWithSocial(idToken, endpoints.googleSignIn);
+ },
+
+ /**
+ * Sign in with Apple
+ */
+ async signInWithApple(identityToken: string): Promise {
+ return service.signInWithSocial(identityToken, endpoints.appleSignIn);
+ },
+
+ /**
+ * Internal: Sign in with social provider
+ */
+ async signInWithSocial(token: string, endpoint: string): Promise {
+ try {
+ const storage = getStorageAdapter();
+ const deviceAdapter = getDeviceAdapter();
+ const deviceInfo = await deviceAdapter.getDeviceInfo();
+
+ const response = await fetch(`${baseUrl}${endpoint}`, {
+ method: 'POST',
+ headers: { 'Content-Type': 'application/json' },
+ body: JSON.stringify({ token, deviceInfo }),
+ });
+
+ if (!response.ok) {
+ const errorData = await response.json();
+ return { success: false, error: errorData.message || 'Social sign in failed' };
+ }
+
+ const responseData = await response.json();
+ const { appToken, refreshToken } = responseData;
+
+ // Extract email from response or token
+ let email = responseData.email;
+ if (!email && appToken) {
+ const userData = getUserFromToken(appToken);
+ email = userData?.email;
+ }
+
+ // Store tokens
+ const storagePromises = [
+ storage.setItem(storageKeys.APP_TOKEN, appToken),
+ storage.setItem(storageKeys.REFRESH_TOKEN, refreshToken),
+ ];
+
+ if (email) {
+ storagePromises.push(storage.setItem(storageKeys.USER_EMAIL, email));
+ }
+
+ await Promise.all(storagePromises);
+
+ return { success: true };
+ } catch (error) {
+ console.error('Error with social sign in:', error);
+ return {
+ success: false,
+ error: error instanceof Error ? error.message : 'Unknown error during social sign in',
+ };
+ }
+ },
+
+ /**
+ * Get the current app token
+ */
+ async getAppToken(): Promise {
+ try {
+ const storage = getStorageAdapter();
+ return await storage.getItem(storageKeys.APP_TOKEN);
+ } catch (error) {
+ console.error('Error getting app token:', error);
+ return null;
+ }
+ },
+
+ /**
+ * Get the current refresh token
+ */
+ async getRefreshToken(): Promise {
+ try {
+ const storage = getStorageAdapter();
+ return await storage.getItem(storageKeys.REFRESH_TOKEN);
+ } catch (error) {
+ console.debug('Error getting refresh token:', error);
+ return null;
+ }
+ },
+
+ /**
+ * Update stored tokens
+ */
+ async updateTokens(appToken: string, refreshToken: string): Promise {
+ const storage = getStorageAdapter();
+ await Promise.all([
+ storage.setItem(storageKeys.APP_TOKEN, appToken),
+ storage.setItem(storageKeys.REFRESH_TOKEN, refreshToken),
+ ]);
+
+ // Notify callback
+ const storedEmail = await storage.getItem(storageKeys.USER_EMAIL);
+ const userData = getUserFromToken(appToken, storedEmail || undefined);
+ if (userData && onTokenRefreshCallback) {
+ onTokenRefreshCallback(userData);
+ }
+ },
+
+ /**
+ * Get user from current token
+ */
+ async getUserFromToken(): Promise {
+ const storage = getStorageAdapter();
+ const appToken = await storage.getItem(storageKeys.APP_TOKEN);
+ if (!appToken) return null;
+
+ const storedEmail = await storage.getItem(storageKeys.USER_EMAIL);
+ return getUserFromToken(appToken, storedEmail || undefined);
+ },
+
+ /**
+ * Clear all authentication data
+ */
+ async clearAuthStorage(): Promise {
+ const storage = getStorageAdapter();
+ await Promise.all(
+ Object.values(storageKeys).map((key) => storage.removeItem(key))
+ );
+ },
+
+ /**
+ * Check if user is authenticated
+ */
+ async isAuthenticated(): Promise {
+ const appToken = await service.getAppToken();
+ if (!appToken) return false;
+ return isTokenValidLocally(appToken);
+ },
+
+ /**
+ * Check if token is valid locally
+ */
+ isTokenValidLocally(token: string): boolean {
+ return isTokenValidLocally(token);
+ },
+
+ /**
+ * Decode token
+ */
+ decodeToken(token: string) {
+ return decodeToken(token);
+ },
+
+ /**
+ * Get user credits
+ */
+ async getUserCredits(): Promise {
+ try {
+ const appToken = await service.getAppToken();
+ if (!appToken) return null;
+
+ const response = await fetch(`${baseUrl}${endpoints.credits}`, {
+ method: 'GET',
+ headers: {
+ Authorization: `Bearer ${appToken}`,
+ 'Content-Type': 'application/json',
+ },
+ });
+
+ if (!response.ok) {
+ throw new Error('Failed to fetch user credits');
+ }
+
+ const data = await response.json();
+ return {
+ credits: data.credits || 0,
+ maxCreditLimit: data.max_credit_limit || 1000,
+ userId: data.id || 'unknown',
+ };
+ } catch (error) {
+ console.error('Error fetching user credits:', error);
+ return null;
+ }
+ },
+
+ /**
+ * Check if user is B2B
+ */
+ async isB2BUser(): Promise {
+ const appToken = await service.getAppToken();
+ if (!appToken) return false;
+ return checkB2BUser(appToken);
+ },
+
+ /**
+ * Get B2B information
+ */
+ async getB2BInfo(): Promise {
+ const appToken = await service.getAppToken();
+ if (!appToken) return null;
+ return getB2BInfoFromToken(appToken);
+ },
+
+ /**
+ * Check if RevenueCat should be disabled
+ */
+ async shouldDisableRevenueCat(): Promise {
+ const appToken = await service.getAppToken();
+ if (!appToken) return false;
+ return checkRevenueCat(appToken);
+ },
+
+ /**
+ * Get app settings from token
+ */
+ async getAppSettings(): Promise | null> {
+ const appToken = await service.getAppToken();
+ if (!appToken) return null;
+ return getAppSettingsFromToken(appToken);
+ },
+
+ /**
+ * Set callback for token refresh events
+ */
+ set onTokenRefresh(callback: ((userData: UserData) => void) | null) {
+ onTokenRefreshCallback = callback;
+ },
+
+ /**
+ * Get callback for token refresh events
+ */
+ get onTokenRefresh(): ((userData: UserData) => void) | null {
+ return onTokenRefreshCallback;
+ },
+
+ /**
+ * Handle authentication errors
+ */
+ handleAuthError(status: number, errorData: Record): AuthResult {
+ if (status === 401) {
+ const isFirebaseUserNeedsReset =
+ String(errorData.message).includes('Firebase user detected') ||
+ String(errorData.message).includes('password reset required') ||
+ errorData.code === 'FIREBASE_USER_PASSWORD_RESET_REQUIRED';
+
+ if (isFirebaseUserNeedsReset) {
+ return { success: false, error: 'FIREBASE_USER_PASSWORD_RESET_REQUIRED' };
+ }
+
+ const isEmailNotConfirmed =
+ String(errorData.message).includes('Email not confirmed') ||
+ String(errorData.message).includes('Email not verified') ||
+ errorData.code === 'EMAIL_NOT_VERIFIED';
+
+ if (isEmailNotConfirmed) {
+ return { success: false, error: 'EMAIL_NOT_VERIFIED' };
+ }
+
+ return { success: false, error: 'INVALID_CREDENTIALS' };
+ } else if (status === 403) {
+ return { success: false, error: 'EMAIL_NOT_VERIFIED' };
+ }
+
+ return { success: false, error: String(errorData.message) || 'Authentication failed' };
+ },
+
+ /**
+ * Get the base URL
+ */
+ getBaseUrl(): string {
+ return baseUrl;
+ },
+
+ /**
+ * Get storage keys
+ */
+ getStorageKeys(): StorageKeys {
+ return storageKeys;
+ },
+ };
+
+ return service;
+}
+
+/**
+ * Type for the auth service instance
+ */
+export type AuthService = ReturnType;
diff --git a/packages/shared-auth/src/core/jwtUtils.ts b/packages/shared-auth/src/core/jwtUtils.ts
new file mode 100644
index 000000000..e44f957bc
--- /dev/null
+++ b/packages/shared-auth/src/core/jwtUtils.ts
@@ -0,0 +1,160 @@
+import type { DecodedToken, UserData } from '../types';
+
+/**
+ * Decode a JWT token payload
+ */
+export function decodeToken(token: string): DecodedToken | null {
+ try {
+ const parts = token.split('.');
+ if (parts.length !== 3) {
+ return null;
+ }
+
+ const base64Url = parts[1];
+ const base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/');
+
+ // Add padding if needed
+ const padding = base64.length % 4;
+ const paddedBase64 = padding ? base64 + '='.repeat(4 - padding) : base64;
+
+ // Decode base64 - atob is available in browsers, Node.js 16+, and React Native
+ const payload: DecodedToken = JSON.parse(atob(paddedBase64));
+
+ return payload;
+ } catch (error) {
+ console.error('Error decoding JWT token:', error);
+ return null;
+ }
+}
+
+/**
+ * Check if a token is valid locally (not expired)
+ */
+export function isTokenValidLocally(token: string, bufferSeconds: number = 10): boolean {
+ try {
+ const payload = decodeToken(token);
+ if (!payload || !payload.exp) {
+ return false;
+ }
+
+ const bufferTime = bufferSeconds * 1000;
+ const expiryTime = payload.exp * 1000;
+ const currentTime = Date.now();
+
+ return currentTime < expiryTime - bufferTime;
+ } catch (error) {
+ console.debug('Error validating token locally:', error);
+ return false;
+ }
+}
+
+/**
+ * Check if a token is expired
+ */
+export function isTokenExpired(token: string): boolean {
+ return !isTokenValidLocally(token, 0);
+}
+
+/**
+ * Extract user data from a JWT token
+ */
+export function getUserFromToken(token: string, storedEmail?: string): UserData | null {
+ try {
+ const payload = decodeToken(token);
+ if (!payload) {
+ return null;
+ }
+
+ // Get email from various sources
+ let email = payload.email || '';
+ if (!email && payload.user_metadata?.email) {
+ email = payload.user_metadata.email;
+ }
+ if (!email && storedEmail) {
+ email = storedEmail;
+ }
+
+ return {
+ id: payload.sub,
+ email: email || 'user@example.com',
+ role: payload.role || 'user',
+ };
+ } catch (error) {
+ console.error('Error extracting user from token:', error);
+ return null;
+ }
+}
+
+/**
+ * Get token expiration time in milliseconds
+ */
+export function getTokenExpirationTime(token: string): number | null {
+ const payload = decodeToken(token);
+ if (!payload || !payload.exp) {
+ return null;
+ }
+ return payload.exp * 1000;
+}
+
+/**
+ * Get time until token expiration in milliseconds
+ */
+export function getTimeUntilExpiration(token: string): number {
+ const expirationTime = getTokenExpirationTime(token);
+ if (!expirationTime) {
+ return 0;
+ }
+ return Math.max(0, expirationTime - Date.now());
+}
+
+/**
+ * Check if user is B2B based on JWT claims
+ */
+export function isB2BUser(token: string): boolean {
+ const payload = decodeToken(token);
+ if (!payload) {
+ return false;
+ }
+
+ // Handle different types for is_b2b
+ return payload.is_b2b === true || payload.is_b2b === 'true' || payload.is_b2b === 1;
+}
+
+/**
+ * Get B2B information from JWT claims
+ */
+export function getB2BInfo(token: string): {
+ disableRevenueCat: boolean;
+ organizationId?: string;
+ plan?: string;
+ role?: string;
+} | null {
+ const payload = decodeToken(token);
+ if (!payload?.app_settings?.b2b) {
+ return null;
+ }
+
+ const b2bSettings = payload.app_settings.b2b;
+ return {
+ disableRevenueCat: !!b2bSettings.disableRevenueCat,
+ organizationId: b2bSettings.organizationId,
+ plan: b2bSettings.plan,
+ role: b2bSettings.role,
+ };
+}
+
+/**
+ * Check if RevenueCat should be disabled for this token
+ */
+export function shouldDisableRevenueCat(token: string): boolean {
+ const b2bInfo = getB2BInfo(token);
+ return b2bInfo?.disableRevenueCat ?? false;
+}
+
+/**
+ * Get app settings from JWT claims
+ */
+export function getAppSettings(token: string): Record | null {
+ const payload = decodeToken(token);
+ return payload?.app_settings || null;
+}
diff --git a/packages/shared-auth/src/core/tokenManager.ts b/packages/shared-auth/src/core/tokenManager.ts
new file mode 100644
index 000000000..417078b20
--- /dev/null
+++ b/packages/shared-auth/src/core/tokenManager.ts
@@ -0,0 +1,464 @@
+import type {
+ TokenState,
+ TokenStateObserver,
+ QueuedRequest,
+ InternalTokenRefreshResult,
+} from '../types';
+import { TokenState as TokenStateEnum } from '../types';
+import { isDeviceConnected, hasStableConnection } from '../adapters/network';
+import type { AuthService } from './authService';
+
+/**
+ * Configuration for the token manager
+ */
+export interface TokenManagerConfig {
+ maxQueueSize?: number;
+ queueTimeoutMs?: number;
+ maxRefreshAttempts?: number;
+ refreshCooldownMs?: number;
+}
+
+/**
+ * Create a token manager instance
+ */
+export function createTokenManager(authService: AuthService, config?: TokenManagerConfig) {
+ // Configuration
+ const MAX_QUEUE_SIZE = config?.maxQueueSize ?? 50;
+ const QUEUE_TIMEOUT_MS = config?.queueTimeoutMs ?? 30000;
+ const MAX_REFRESH_ATTEMPTS = config?.maxRefreshAttempts ?? 3;
+ const REFRESH_COOLDOWN_MS = config?.refreshCooldownMs ?? 5000;
+
+ // State
+ let state: TokenState = TokenStateEnum.IDLE;
+ let refreshPromise: Promise | null = null;
+ let requestQueue: QueuedRequest[] = [];
+ const observers = new Set();
+ let refreshAttempts = 0;
+ let lastRefreshTime = 0;
+
+ // Internal functions
+ function notifyObservers(newState: TokenState, token?: string): void {
+ observers.forEach((observer) => {
+ try {
+ observer(newState, token);
+ } catch (error) {
+ console.debug('Error in token state observer:', error);
+ }
+ });
+ }
+
+ function setState(newState: TokenState, token?: string): void {
+ if (state !== newState) {
+ console.debug(`TokenManager: State transition ${state} -> ${newState}`);
+ state = newState;
+ notifyObservers(newState, token);
+ }
+ }
+
+ function removeFromQueue(requestId: string): void {
+ const index = requestQueue.findIndex((item) => item.id === requestId);
+ if (index !== -1) {
+ requestQueue.splice(index, 1);
+ }
+ }
+
+ function isRecoverableError(error: unknown): boolean {
+ if (!(error instanceof Error)) return false;
+
+ const networkErrors = [
+ 'network', 'Network', 'fetch', 'connection', 'timeout',
+ 'Failed to fetch', 'NetworkError', 'TypeError', 'ERR_NETWORK',
+ 'ERR_INTERNET_DISCONNECTED', 'ECONNREFUSED', 'ENOTFOUND',
+ 'ETIMEDOUT', 'Unable to resolve host', 'Request failed',
+ ];
+
+ const authErrors = [
+ '401', '403', 'Unauthorized', 'Forbidden', 'Invalid token',
+ 'Token expired', 'jwt expired', 'jwt malformed',
+ ];
+
+ const errorString = `${error.message} ${error.name}`.toLowerCase();
+
+ const isNetworkError = networkErrors.some((keyword) =>
+ errorString.includes(keyword.toLowerCase())
+ );
+
+ const isAuthError = authErrors.some((keyword) =>
+ errorString.includes(keyword.toLowerCase())
+ );
+
+ return isNetworkError && !isAuthError;
+ }
+
+ async function handleRefreshFailure(): Promise {
+ console.debug('TokenManager: Handling permanent refresh failure');
+ try {
+ await authService.clearAuthStorage();
+ setState(TokenStateEnum.EXPIRED);
+ } catch (error) {
+ console.debug('Error in handleRefreshFailure:', error);
+ }
+ }
+
+ async function performTokenRefresh(): Promise {
+ try {
+ console.debug('TokenManager: Starting token refresh');
+
+ const isOnline = await isDeviceConnected();
+ if (!isOnline) {
+ console.debug('TokenManager: Device offline, skipping refresh');
+ const currentToken = await authService.getAppToken();
+ if (currentToken) {
+ setState(TokenStateEnum.EXPIRED_OFFLINE, currentToken);
+ }
+ return { success: false, error: 'offline', shouldPreserveAuth: true };
+ }
+
+ const isStable = await hasStableConnection();
+ if (!isStable) {
+ console.debug('TokenManager: Connection not stable yet, will retry');
+ return { success: false, error: 'unstable_connection' };
+ }
+
+ const refreshToken = await authService.getRefreshToken();
+ if (!refreshToken) {
+ throw new Error('No refresh token available');
+ }
+
+ const refreshResult = await authService.refreshTokens(refreshToken);
+ const { appToken } = refreshResult;
+
+ console.debug('TokenManager: Token refresh successful');
+ return { success: true, token: appToken };
+ } catch (error) {
+ console.debug('TokenManager: Token refresh failed:', error);
+
+ const isRecoverable = isRecoverableError(error);
+ if (!isRecoverable) {
+ await handleRefreshFailure();
+ }
+
+ return {
+ success: false,
+ error: error instanceof Error ? error.message : 'Unknown refresh error',
+ };
+ }
+ }
+
+ async function performTokenRefreshWithRetry(): Promise {
+ const retryDelays = [0, 1000, 2000, 5000];
+ let lastError: unknown = null;
+
+ for (let attempt = 0; attempt < retryDelays.length; attempt++) {
+ try {
+ if (retryDelays[attempt] > 0) {
+ console.debug(
+ `TokenManager: Retrying token refresh in ${retryDelays[attempt]}ms (attempt ${attempt + 1}/${retryDelays.length})`
+ );
+ await new Promise((resolve) => setTimeout(resolve, retryDelays[attempt]));
+ }
+
+ const result = await performTokenRefresh();
+
+ if (result.success) {
+ return result;
+ }
+
+ // Non-retryable errors
+ if (
+ result.error === 'invalid_token' ||
+ result.error === 'token_expired' ||
+ result.error?.includes('Device ID has changed')
+ ) {
+ return result;
+ }
+
+ if (result.error === 'offline') {
+ return { success: false, error: 'offline', shouldPreserveAuth: true };
+ }
+
+ if (result.error === 'unstable_connection') {
+ await new Promise((resolve) => setTimeout(resolve, 2000));
+ }
+
+ lastError = new Error(result.error || 'Token refresh failed');
+
+ if (attempt === retryDelays.length - 1) break;
+ } catch (error) {
+ lastError = error;
+ const isRecoverable = isRecoverableError(error);
+
+ if (!isRecoverable || attempt === retryDelays.length - 1) {
+ break;
+ }
+ }
+ }
+
+ return {
+ success: false,
+ error: lastError instanceof Error ? lastError.message : 'All retry attempts failed',
+ };
+ }
+
+ async function processQueuedRequests(token: string): Promise {
+ console.debug(`TokenManager: Processing ${requestQueue.length} queued requests`);
+
+ const requests = [...requestQueue];
+ requestQueue = [];
+
+ for (const request of requests) {
+ try {
+ const response = await retryRequestWithToken(request.input, request.init, token);
+ request.resolve(response);
+ } catch (error) {
+ request.reject(error);
+ }
+ }
+ }
+
+ async function rejectQueuedRequests(error: string): Promise {
+ console.debug(`TokenManager: Rejecting ${requestQueue.length} queued requests`);
+
+ const requests = [...requestQueue];
+ requestQueue = [];
+
+ for (const request of requests) {
+ request.reject(new Error(error));
+ }
+ }
+
+ async function retryRequestWithToken(
+ input: RequestInfo | URL,
+ init: RequestInit | undefined,
+ token: string
+ ): Promise {
+ const headers = new Headers(init?.headers || {});
+ headers.set('Authorization', `Bearer ${token}`);
+
+ return fetch(input, {
+ ...init,
+ headers,
+ });
+ }
+
+ // Public API
+ const manager = {
+ /**
+ * Subscribe to token state changes
+ */
+ subscribe(observer: TokenStateObserver): () => void {
+ observers.add(observer);
+ return () => observers.delete(observer);
+ },
+
+ /**
+ * Get current token state
+ */
+ getState(): TokenState {
+ return state;
+ },
+
+ /**
+ * Get a valid token, refreshing if necessary
+ */
+ async getValidToken(): Promise {
+ const currentToken = await authService.getAppToken();
+
+ if (currentToken && authService.isTokenValidLocally(currentToken)) {
+ setState(TokenStateEnum.VALID, currentToken);
+ return currentToken;
+ }
+
+ if (!currentToken) {
+ console.debug('TokenManager: No token available, skipping refresh');
+ setState(TokenStateEnum.EXPIRED);
+ return null;
+ }
+
+ const isOnline = await isDeviceConnected();
+ if (!isOnline) {
+ console.debug('TokenManager: Token expired while offline');
+ setState(TokenStateEnum.EXPIRED_OFFLINE, currentToken);
+ return currentToken;
+ }
+
+ const refreshResult = await manager.refreshToken();
+ if (refreshResult.success && refreshResult.token) {
+ return refreshResult.token;
+ }
+
+ if (refreshResult.shouldPreserveAuth) {
+ setState(TokenStateEnum.EXPIRED_OFFLINE, currentToken);
+ return currentToken;
+ }
+
+ return null;
+ },
+
+ /**
+ * Handle 401 response
+ */
+ async handle401Response(
+ input: RequestInfo | URL,
+ init?: RequestInit
+ ): Promise {
+ if (state === TokenStateEnum.REFRESHING && refreshPromise) {
+ return manager.queueRequest(input, init);
+ }
+
+ const refreshResult = await manager.refreshToken();
+
+ if (refreshResult.success && refreshResult.token) {
+ return retryRequestWithToken(input, init, refreshResult.token);
+ }
+
+ throw new Error(refreshResult.error || 'Token refresh failed');
+ },
+
+ /**
+ * Queue a request during token refresh
+ */
+ async queueRequest(
+ input: RequestInfo | URL,
+ init?: RequestInit
+ ): Promise {
+ return new Promise((resolve, reject) => {
+ if (requestQueue.length >= MAX_QUEUE_SIZE) {
+ reject(new Error('Request queue full'));
+ return;
+ }
+
+ const queueItem: QueuedRequest = {
+ id: Math.random().toString(36).substring(2, 11),
+ input,
+ init,
+ resolve,
+ reject,
+ timestamp: Date.now(),
+ };
+
+ requestQueue.push(queueItem);
+
+ setTimeout(() => {
+ removeFromQueue(queueItem.id);
+ reject(new Error('Queued request timeout'));
+ }, QUEUE_TIMEOUT_MS);
+ });
+ },
+
+ /**
+ * Refresh the authentication token
+ */
+ async refreshToken(): Promise {
+ const now = Date.now();
+ if (now - lastRefreshTime < REFRESH_COOLDOWN_MS) {
+ return { success: false, error: 'Refresh cooldown active' };
+ }
+
+ if (refreshAttempts >= MAX_REFRESH_ATTEMPTS) {
+ await handleRefreshFailure();
+ return { success: false, error: 'Max refresh attempts reached' };
+ }
+
+ if (refreshPromise) {
+ return refreshPromise;
+ }
+
+ setState(TokenStateEnum.REFRESHING);
+ lastRefreshTime = now;
+
+ refreshPromise = performTokenRefreshWithRetry();
+
+ try {
+ const result = await refreshPromise;
+
+ if (result.success) {
+ refreshAttempts = 0;
+ setState(TokenStateEnum.VALID, result.token);
+ await processQueuedRequests(result.token!);
+ } else {
+ refreshAttempts++;
+ setState(TokenStateEnum.EXPIRED);
+ await rejectQueuedRequests(result.error || 'Token refresh failed');
+ }
+
+ return result;
+ } finally {
+ refreshPromise = null;
+ }
+ },
+
+ /**
+ * Reset the token manager state
+ */
+ reset(): void {
+ state = TokenStateEnum.IDLE;
+ refreshPromise = null;
+ refreshAttempts = 0;
+ lastRefreshTime = 0;
+
+ const requests = [...requestQueue];
+ requestQueue = [];
+
+ for (const request of requests) {
+ request.reject(new Error('Token manager reset'));
+ }
+ },
+
+ /**
+ * Clear tokens and reset state
+ */
+ async clearTokens(): Promise {
+ try {
+ await authService.clearAuthStorage();
+ manager.reset();
+ } catch (error) {
+ console.debug('Error clearing tokens:', error);
+ manager.reset();
+ }
+ },
+
+ /**
+ * Get queue status for debugging
+ */
+ getQueueStatus(): { size: number; state: TokenState; refreshAttempts: number } {
+ return {
+ size: requestQueue.length,
+ state,
+ refreshAttempts,
+ };
+ },
+
+ /**
+ * Check initial token state
+ */
+ async checkInitialState(): Promise {
+ try {
+ const token = await authService.getAppToken();
+ if (!token) {
+ setState(TokenStateEnum.EXPIRED);
+ return;
+ }
+
+ if (authService.isTokenValidLocally(token)) {
+ setState(TokenStateEnum.VALID, token);
+ } else {
+ setState(TokenStateEnum.EXPIRED);
+ }
+ } catch (error) {
+ console.debug('Error checking initial token state:', error);
+ setState(TokenStateEnum.EXPIRED);
+ }
+ },
+ };
+
+ // Initialize
+ manager.checkInitialState();
+
+ return manager;
+}
+
+/**
+ * Type for the token manager instance
+ */
+export type TokenManager = ReturnType;
diff --git a/packages/shared-auth/src/index.ts b/packages/shared-auth/src/index.ts
new file mode 100644
index 000000000..faeaf60d4
--- /dev/null
+++ b/packages/shared-auth/src/index.ts
@@ -0,0 +1,99 @@
+// Types
+export * from './types';
+
+// Core utilities
+import { createAuthService as _createAuthService } from './core/authService';
+export { createAuthService } from './core/authService';
+export type { AuthService } from './core/authService';
+
+import { createTokenManager as _createTokenManager } from './core/tokenManager';
+export { createTokenManager } from './core/tokenManager';
+export type { TokenManager, TokenManagerConfig } from './core/tokenManager';
+
+export {
+ decodeToken,
+ isTokenValidLocally,
+ isTokenExpired,
+ getUserFromToken,
+ getTokenExpirationTime,
+ getTimeUntilExpiration,
+ isB2BUser,
+ getB2BInfo,
+ shouldDisableRevenueCat,
+ getAppSettings,
+} from './core/jwtUtils';
+
+// Storage adapter
+import {
+ setStorageAdapter as _setStorageAdapter,
+ createLocalStorageAdapter as _createLocalStorageAdapter,
+} from './adapters/storage';
+export {
+ setStorageAdapter,
+ getStorageAdapter,
+ isStorageInitialized,
+ createLocalStorageAdapter,
+ createMemoryStorageAdapter,
+} from './adapters/storage';
+
+// Device adapter
+import {
+ setDeviceAdapter as _setDeviceAdapter,
+ createWebDeviceAdapter as _createWebDeviceAdapter,
+} from './adapters/device';
+export {
+ setDeviceAdapter,
+ getDeviceAdapter,
+ isDeviceInitialized,
+ createWebDeviceAdapter,
+} from './adapters/device';
+
+// Network adapter
+import {
+ setNetworkAdapter as _setNetworkAdapter,
+ createWebNetworkAdapter as _createWebNetworkAdapter,
+} from './adapters/network';
+export {
+ setNetworkAdapter,
+ getNetworkAdapter,
+ isDeviceConnected,
+ hasStableConnection,
+ createWebNetworkAdapter,
+} from './adapters/network';
+
+// Fetch interceptor
+import { setupFetchInterceptor as _setupFetchInterceptor } from './interceptors/fetchInterceptor';
+export {
+ setupFetchInterceptor,
+ setupTokenObservers,
+ getInterceptorStatus,
+} from './interceptors/fetchInterceptor';
+export type { FetchInterceptorConfig } from './interceptors/fetchInterceptor';
+
+/**
+ * Initialize auth service with all adapters for web
+ *
+ * @example
+ * ```typescript
+ * import { initializeWebAuth } from '@manacore/shared-auth';
+ *
+ * const { authService, tokenManager } = initializeWebAuth({
+ * baseUrl: 'https://api.example.com',
+ * });
+ * ```
+ */
+export function initializeWebAuth(config: { baseUrl: string; storageKeys?: Partial }) {
+ // Set up adapters
+ _setStorageAdapter(_createLocalStorageAdapter());
+ _setDeviceAdapter(_createWebDeviceAdapter());
+ _setNetworkAdapter(_createWebNetworkAdapter());
+
+ // Create services
+ const authService = _createAuthService(config);
+ const tokenManager = _createTokenManager(authService);
+
+ // Set up interceptor
+ _setupFetchInterceptor(authService, tokenManager);
+
+ return { authService, tokenManager };
+}
diff --git a/packages/shared-auth/src/interceptors/fetchInterceptor.ts b/packages/shared-auth/src/interceptors/fetchInterceptor.ts
new file mode 100644
index 000000000..d6fee6fe5
--- /dev/null
+++ b/packages/shared-auth/src/interceptors/fetchInterceptor.ts
@@ -0,0 +1,220 @@
+import type { TokenManager } from '../core/tokenManager';
+import type { AuthService } from '../core/authService';
+import { TokenState } from '../types';
+
+/**
+ * Configuration for the fetch interceptor
+ */
+export interface FetchInterceptorConfig {
+ /**
+ * Patterns to skip (won't be intercepted)
+ */
+ skipPatterns?: string[];
+ /**
+ * Backend URL to match (only intercept requests to this URL)
+ */
+ backendUrl?: string;
+}
+
+/**
+ * Default patterns to skip
+ */
+const DEFAULT_SKIP_PATTERNS = [
+ // Auth endpoints
+ '/auth/signin',
+ '/auth/signup',
+ '/auth/refresh',
+ '/auth/forgot-password',
+ '/auth/reset-password',
+ '/auth/verify',
+ '/auth/logout',
+ // Public endpoints
+ '/health',
+ '/ping',
+ '/status',
+ '/version',
+ '/public/',
+ // Storage endpoints
+ '.supabase.co/storage/',
+ '/storage/v1/',
+ // External APIs
+ 'googleapis.com',
+ 'firebase.com',
+ 'firebaseapp.com',
+ 'replicate.com',
+ 'openai.com',
+ 'anthropic.com',
+];
+
+/**
+ * Setup a global fetch interceptor for automatic token handling
+ */
+export function setupFetchInterceptor(
+ authService: AuthService,
+ tokenManager: TokenManager,
+ config?: FetchInterceptorConfig
+): void {
+ if (typeof globalThis === 'undefined' || !globalThis.fetch) {
+ console.warn('FetchInterceptor: globalThis.fetch not available');
+ return;
+ }
+
+ const originalFetch = globalThis.fetch;
+ const skipPatterns = [...DEFAULT_SKIP_PATTERNS, ...(config?.skipPatterns || [])];
+ const backendUrl = config?.backendUrl || authService.getBaseUrl();
+
+ globalThis.fetch = (async (input: RequestInfo | URL, init?: RequestInit) => {
+ const url = extractUrl(input);
+
+ // Skip intercepting if URL doesn't match criteria
+ if (shouldSkipInterception(url, skipPatterns, backendUrl)) {
+ return originalFetch(input, init);
+ }
+
+ console.debug('Fetch interceptor: Intercepting URL:', url);
+
+ try {
+ // Make request with current token
+ const response = await makeRequestWithToken(originalFetch, authService, input, init);
+
+ // Handle 401 responses
+ if (response.status === 401) {
+ const responseData = await response.clone().json().catch(() => ({}));
+ console.debug('Fetch interceptor: Received 401 response:', responseData);
+
+ if (isTokenExpiredResponse(responseData)) {
+ console.debug('Fetch interceptor: Token expired, delegating to TokenManager');
+ return tokenManager.handle401Response(input, init);
+ }
+ }
+
+ return response;
+ } catch (error) {
+ console.debug('Error in global fetch interceptor:', error);
+ return originalFetch(input, init);
+ }
+ }) as typeof fetch;
+}
+
+/**
+ * Setup token state observers for integrations (e.g., Supabase)
+ */
+export function setupTokenObservers(
+ tokenManager: TokenManager,
+ onValid?: (token: string) => void | Promise,
+ onExpired?: () => void | Promise
+): () => void {
+ return tokenManager.subscribe(async (state, token) => {
+ try {
+ if (state === TokenState.VALID && token && onValid) {
+ await onValid(token);
+ } else if (state === TokenState.EXPIRED && onExpired) {
+ await onExpired();
+ }
+ } catch (error) {
+ console.debug('Error in token observer:', error);
+ }
+ });
+}
+
+/**
+ * Extract URL from various input types
+ */
+function extractUrl(input: RequestInfo | URL): string {
+ if (typeof input === 'string') {
+ return input;
+ } else if (input instanceof URL) {
+ return input.toString();
+ } else if (input instanceof Request) {
+ return input.url;
+ }
+ return '';
+}
+
+/**
+ * Check if request should skip interception
+ */
+function shouldSkipInterception(
+ url: string,
+ skipPatterns: string[],
+ backendUrl: string
+): boolean {
+ if (!url) return true;
+
+ const lowerUrl = url.toLowerCase();
+
+ // Check skip patterns
+ if (skipPatterns.some((pattern) => lowerUrl.includes(pattern.toLowerCase()))) {
+ return true;
+ }
+
+ // Check if URL matches backend
+ const backendDomain = backendUrl
+ .replace(/https?:\/\//, '')
+ .replace(/:\d+$/, '')
+ .toLowerCase();
+
+ if (!lowerUrl.includes(backendDomain)) {
+ return true;
+ }
+
+ return false;
+}
+
+/**
+ * Make a request with the current token
+ */
+async function makeRequestWithToken(
+ originalFetch: typeof fetch,
+ authService: AuthService,
+ input: RequestInfo | URL,
+ init?: RequestInit
+): Promise {
+ const token = await authService.getAppToken();
+
+ const requestInit: RequestInit = {
+ method: init?.method || 'GET',
+ ...init,
+ };
+
+ if (token) {
+ const headers = new Headers(requestInit.headers || {});
+ headers.set('Authorization', `Bearer ${token}`);
+ requestInit.headers = headers;
+ }
+
+ return originalFetch(input, requestInit);
+}
+
+/**
+ * Check if response indicates token expiration
+ */
+function isTokenExpiredResponse(responseData: Record): boolean {
+ const error = responseData.error as Record | undefined;
+ const errorMessage = String(error?.message || responseData.message || responseData.error || '');
+ const errorCode = String(responseData.code || error?.code || '');
+
+ return (
+ errorMessage === 'JWT expired' ||
+ errorCode === 'PGRST301' ||
+ errorMessage === 'Unauthorized'
+ );
+}
+
+/**
+ * Get interceptor status for debugging
+ */
+export function getInterceptorStatus(
+ authService: AuthService,
+ tokenManager: TokenManager
+): {
+ isSetup: boolean;
+ backendUrl: string;
+ tokenManager: { size: number; state: string; refreshAttempts: number };
+} {
+ return {
+ isSetup: typeof globalThis !== 'undefined' && globalThis.fetch !== undefined,
+ backendUrl: authService.getBaseUrl(),
+ tokenManager: tokenManager.getQueueStatus(),
+ };
+}
diff --git a/packages/shared-auth/src/types/index.ts b/packages/shared-auth/src/types/index.ts
new file mode 100644
index 000000000..a5def6020
--- /dev/null
+++ b/packages/shared-auth/src/types/index.ts
@@ -0,0 +1,178 @@
+/**
+ * Storage keys for authentication data
+ */
+export interface StorageKeys {
+ APP_TOKEN: string;
+ REFRESH_TOKEN: string;
+ USER_EMAIL: string;
+}
+
+/**
+ * Device information for multi-device support
+ */
+export interface DeviceInfo {
+ deviceId: string;
+ deviceName: string;
+ deviceType: string;
+ platform?: string;
+}
+
+/**
+ * Decoded JWT token payload
+ */
+export interface DecodedToken {
+ sub: string;
+ email?: string;
+ role?: string;
+ exp: number;
+ iat: number;
+ aud?: string;
+ app_id?: string;
+ is_b2b?: boolean | string | number;
+ subscription_plan_id?: string;
+ user_metadata?: {
+ email?: string;
+ };
+ app_settings?: {
+ b2b?: {
+ disableRevenueCat?: boolean;
+ organizationId?: string;
+ plan?: string;
+ role?: string;
+ };
+ };
+}
+
+/**
+ * User data extracted from token
+ */
+export interface UserData {
+ id: string;
+ email: string;
+ role: string;
+}
+
+/**
+ * Authentication result from sign in/up
+ */
+export interface AuthResult {
+ success: boolean;
+ error?: string;
+ needsVerification?: boolean;
+}
+
+/**
+ * Token refresh result
+ */
+export interface TokenRefreshResult {
+ appToken: string;
+ refreshToken: string;
+ userData?: UserData | null;
+}
+
+/**
+ * Token state for the token manager
+ */
+export enum TokenState {
+ IDLE = 'idle',
+ REFRESHING = 'refreshing',
+ EXPIRED = 'expired',
+ EXPIRED_OFFLINE = 'expired_offline',
+ VALID = 'valid',
+}
+
+/**
+ * Token state observer callback
+ */
+export type TokenStateObserver = (state: TokenState, token?: string) => void;
+
+/**
+ * Queued request item during token refresh
+ */
+export interface QueuedRequest {
+ id: string;
+ input: RequestInfo | URL;
+ init?: RequestInit;
+ resolve: (value: Response) => void;
+ reject: (reason?: unknown) => void;
+ timestamp: number;
+}
+
+/**
+ * Internal token refresh result
+ */
+export interface InternalTokenRefreshResult {
+ success: boolean;
+ token?: string;
+ error?: string;
+ shouldPreserveAuth?: boolean;
+ shouldRetry?: boolean;
+}
+
+/**
+ * Configuration for the auth service
+ */
+export interface AuthServiceConfig {
+ baseUrl: string;
+ storageKeys?: Partial;
+ endpoints?: Partial;
+}
+
+/**
+ * Auth API endpoints
+ */
+export interface AuthEndpoints {
+ signIn: string;
+ signUp: string;
+ signOut: string;
+ refresh: string;
+ validate: string;
+ forgotPassword: string;
+ googleSignIn: string;
+ appleSignIn: string;
+ credits: string;
+}
+
+/**
+ * Storage adapter interface
+ */
+export interface StorageAdapter {
+ getItem(key: string): Promise;
+ setItem(key: string, value: string): Promise;
+ removeItem(key: string): Promise;
+}
+
+/**
+ * Device manager adapter interface
+ */
+export interface DeviceManagerAdapter {
+ getDeviceInfo(): Promise;
+ getStoredDeviceId(): Promise;
+}
+
+/**
+ * Network utilities adapter interface
+ */
+export interface NetworkAdapter {
+ isDeviceConnected(): Promise;
+ hasStableConnection?(): Promise;
+}
+
+/**
+ * Credit balance response
+ */
+export interface CreditBalance {
+ credits: number;
+ maxCreditLimit: number;
+ userId: string;
+}
+
+/**
+ * B2B information from JWT claims
+ */
+export interface B2BInfo {
+ disableRevenueCat: boolean;
+ organizationId?: string;
+ plan?: string;
+ role?: string;
+}
diff --git a/packages/shared-auth/tsconfig.json b/packages/shared-auth/tsconfig.json
new file mode 100644
index 000000000..a0d235f9f
--- /dev/null
+++ b/packages/shared-auth/tsconfig.json
@@ -0,0 +1,18 @@
+{
+ "compilerOptions": {
+ "target": "ES2020",
+ "module": "ESNext",
+ "moduleResolution": "bundler",
+ "lib": ["ES2020", "DOM", "DOM.Iterable"],
+ "strict": true,
+ "esModuleInterop": true,
+ "skipLibCheck": true,
+ "forceConsistentCasingInFileNames": true,
+ "declaration": true,
+ "declarationMap": true,
+ "outDir": "./dist",
+ "rootDir": "./src"
+ },
+ "include": ["src/**/*"],
+ "exclude": ["node_modules", "dist"]
+}
diff --git a/packages/shared-config/package.json b/packages/shared-config/package.json
new file mode 100644
index 000000000..f4a0c1a52
--- /dev/null
+++ b/packages/shared-config/package.json
@@ -0,0 +1,23 @@
+{
+ "name": "@manacore/shared-config",
+ "version": "1.0.0",
+ "private": true,
+ "type": "module",
+ "main": "./src/index.ts",
+ "types": "./src/index.ts",
+ "exports": {
+ ".": "./src/index.ts",
+ "./env": "./src/env.ts",
+ "./api": "./src/api.ts",
+ "./features": "./src/features.ts"
+ },
+ "scripts": {
+ "type-check": "tsc --noEmit"
+ },
+ "dependencies": {
+ "zod": "^3.24.0"
+ },
+ "devDependencies": {
+ "typescript": "^5.7.3"
+ }
+}
diff --git a/packages/shared-config/src/api.ts b/packages/shared-config/src/api.ts
new file mode 100644
index 000000000..33bd82a1e
--- /dev/null
+++ b/packages/shared-config/src/api.ts
@@ -0,0 +1,207 @@
+/**
+ * API endpoint construction utilities
+ */
+
+/**
+ * API configuration
+ */
+export interface ApiConfig {
+ /** Base URL for the API */
+ baseUrl: string;
+ /** API version prefix (e.g., 'v1') */
+ version?: string;
+ /** Default timeout in milliseconds */
+ timeout?: number;
+ /** Default headers */
+ headers?: Record;
+}
+
+/**
+ * Create API endpoint URL builder
+ */
+export function createApiBuilder(config: ApiConfig) {
+ const { baseUrl, version } = config;
+
+ // Remove trailing slash from base URL
+ const base = baseUrl.replace(/\/$/, '');
+
+ // Build base path with optional version
+ const basePath = version ? `${base}/${version}` : base;
+
+ return {
+ /**
+ * Build endpoint URL from path segments
+ */
+ endpoint(...segments: (string | number)[]): string {
+ const path = segments
+ .map(String)
+ .map(s => s.replace(/^\/+|\/+$/g, '')) // Remove leading/trailing slashes
+ .filter(Boolean)
+ .join('/');
+
+ return `${basePath}/${path}`;
+ },
+
+ /**
+ * Build endpoint URL with query parameters
+ */
+ endpointWithQuery(
+ path: string | string[],
+ params?: Record
+ ): string {
+ const segments = Array.isArray(path) ? path : [path];
+ const url = this.endpoint(...segments);
+
+ if (!params) {
+ return url;
+ }
+
+ const searchParams = new URLSearchParams();
+ for (const [key, value] of Object.entries(params)) {
+ if (value !== undefined) {
+ searchParams.append(key, String(value));
+ }
+ }
+
+ const queryString = searchParams.toString();
+ return queryString ? `${url}?${queryString}` : url;
+ },
+
+ /**
+ * Get the base URL
+ */
+ getBaseUrl(): string {
+ return basePath;
+ },
+
+ /**
+ * Get the config
+ */
+ getConfig(): ApiConfig {
+ return config;
+ },
+ };
+}
+
+/**
+ * Build URL with query parameters
+ */
+export function buildUrl(
+ baseUrl: string,
+ path: string,
+ params?: Record
+): string {
+ // Ensure single slash between base and path
+ const base = baseUrl.replace(/\/$/, '');
+ const cleanPath = path.replace(/^\//, '');
+ const url = `${base}/${cleanPath}`;
+
+ if (!params) {
+ return url;
+ }
+
+ const searchParams = new URLSearchParams();
+ for (const [key, value] of Object.entries(params)) {
+ if (value !== undefined) {
+ searchParams.append(key, String(value));
+ }
+ }
+
+ const queryString = searchParams.toString();
+ return queryString ? `${url}?${queryString}` : url;
+}
+
+/**
+ * Parse URL and extract components
+ */
+export function parseUrl(url: string): {
+ protocol: string;
+ host: string;
+ port: string;
+ pathname: string;
+ search: string;
+ params: Record;
+} {
+ const urlObj = new URL(url);
+
+ const params: Record = {};
+ urlObj.searchParams.forEach((value, key) => {
+ params[key] = value;
+ });
+
+ return {
+ protocol: urlObj.protocol.replace(':', ''),
+ host: urlObj.hostname,
+ port: urlObj.port,
+ pathname: urlObj.pathname,
+ search: urlObj.search,
+ params,
+ };
+}
+
+/**
+ * Join URL path segments
+ */
+export function joinPath(...segments: string[]): string {
+ return segments
+ .map(s => s.replace(/^\/+|\/+$/g, ''))
+ .filter(Boolean)
+ .join('/');
+}
+
+/**
+ * Common HTTP methods
+ */
+export const HTTP_METHODS = {
+ GET: 'GET',
+ POST: 'POST',
+ PUT: 'PUT',
+ PATCH: 'PATCH',
+ DELETE: 'DELETE',
+ HEAD: 'HEAD',
+ OPTIONS: 'OPTIONS',
+} as const;
+
+export type HttpMethod = typeof HTTP_METHODS[keyof typeof HTTP_METHODS];
+
+/**
+ * Common HTTP status codes
+ */
+export const HTTP_STATUS = {
+ OK: 200,
+ CREATED: 201,
+ NO_CONTENT: 204,
+ BAD_REQUEST: 400,
+ UNAUTHORIZED: 401,
+ FORBIDDEN: 403,
+ NOT_FOUND: 404,
+ CONFLICT: 409,
+ UNPROCESSABLE_ENTITY: 422,
+ TOO_MANY_REQUESTS: 429,
+ INTERNAL_SERVER_ERROR: 500,
+ BAD_GATEWAY: 502,
+ SERVICE_UNAVAILABLE: 503,
+} as const;
+
+export type HttpStatus = typeof HTTP_STATUS[keyof typeof HTTP_STATUS];
+
+/**
+ * Check if status code is successful (2xx)
+ */
+export function isSuccessStatus(status: number): boolean {
+ return status >= 200 && status < 300;
+}
+
+/**
+ * Check if status code is client error (4xx)
+ */
+export function isClientError(status: number): boolean {
+ return status >= 400 && status < 500;
+}
+
+/**
+ * Check if status code is server error (5xx)
+ */
+export function isServerError(status: number): boolean {
+ return status >= 500 && status < 600;
+}
diff --git a/packages/shared-config/src/env.ts b/packages/shared-config/src/env.ts
new file mode 100644
index 000000000..54628c6f9
--- /dev/null
+++ b/packages/shared-config/src/env.ts
@@ -0,0 +1,173 @@
+/**
+ * Environment variable validation utilities
+ */
+
+import { z } from 'zod';
+
+/**
+ * Common environment variable schemas
+ */
+export const envSchemas = {
+ /** URL schema */
+ url: z.string().url(),
+
+ /** Non-empty string schema */
+ nonEmpty: z.string().min(1),
+
+ /** Optional string schema */
+ optional: z.string().optional(),
+
+ /** Port number schema */
+ port: z.coerce.number().int().min(1).max(65535),
+
+ /** Boolean schema (accepts various formats) */
+ boolean: z.preprocess(
+ (val) => {
+ if (typeof val === 'boolean') return val;
+ if (typeof val === 'string') {
+ return ['true', '1', 'yes', 'on'].includes(val.toLowerCase());
+ }
+ return false;
+ },
+ z.boolean()
+ ),
+
+ /** Number schema */
+ number: z.coerce.number(),
+
+ /** Positive integer schema */
+ positiveInt: z.coerce.number().int().positive(),
+
+ /** Email schema */
+ email: z.string().email(),
+
+ /** Node environment schema */
+ nodeEnv: z.enum(['development', 'production', 'test']).default('development'),
+};
+
+/**
+ * Common Supabase environment schema
+ */
+export const supabaseEnvSchema = z.object({
+ SUPABASE_URL: envSchemas.url,
+ SUPABASE_ANON_KEY: envSchemas.nonEmpty,
+ SUPABASE_SERVICE_ROLE_KEY: envSchemas.nonEmpty.optional(),
+});
+
+/**
+ * Common app environment schema
+ */
+export const appEnvSchema = z.object({
+ NODE_ENV: envSchemas.nodeEnv,
+ PORT: envSchemas.port.default(3000),
+});
+
+/**
+ * Create an environment config from schema
+ */
+export function createEnvConfig(
+ schema: T,
+ env: NodeJS.ProcessEnv = process.env
+): z.infer {
+ const result = schema.safeParse(env);
+
+ if (!result.success) {
+ const errors = result.error.errors
+ .map((err) => ` ${err.path.join('.')}: ${err.message}`)
+ .join('\n');
+
+ throw new Error(`Environment validation failed:\n${errors}`);
+ }
+
+ return result.data;
+}
+
+/**
+ * Validate environment variables with custom schema
+ */
+export function validateEnv(
+ schema: z.ZodObject,
+ env: NodeJS.ProcessEnv = process.env
+): z.infer> {
+ return createEnvConfig(schema, env);
+}
+
+/**
+ * Get required environment variable with type safety
+ */
+export function getRequiredEnv(key: string, env: NodeJS.ProcessEnv = process.env): string {
+ const value = env[key];
+
+ if (value === undefined || value === '') {
+ throw new Error(`Required environment variable "${key}" is not set`);
+ }
+
+ return value;
+}
+
+/**
+ * Get optional environment variable with default
+ */
+export function getEnv(
+ key: string,
+ defaultValue: string,
+ env: NodeJS.ProcessEnv = process.env
+): string {
+ return env[key] ?? defaultValue;
+}
+
+/**
+ * Get boolean environment variable
+ */
+export function getBoolEnv(
+ key: string,
+ defaultValue: boolean = false,
+ env: NodeJS.ProcessEnv = process.env
+): boolean {
+ const value = env[key];
+
+ if (value === undefined) {
+ return defaultValue;
+ }
+
+ return ['true', '1', 'yes', 'on'].includes(value.toLowerCase());
+}
+
+/**
+ * Get number environment variable
+ */
+export function getNumEnv(
+ key: string,
+ defaultValue: number,
+ env: NodeJS.ProcessEnv = process.env
+): number {
+ const value = env[key];
+
+ if (value === undefined) {
+ return defaultValue;
+ }
+
+ const parsed = Number(value);
+ return isNaN(parsed) ? defaultValue : parsed;
+}
+
+/**
+ * Check if running in development
+ */
+export function isDevelopment(env: NodeJS.ProcessEnv = process.env): boolean {
+ return env.NODE_ENV === 'development';
+}
+
+/**
+ * Check if running in production
+ */
+export function isProduction(env: NodeJS.ProcessEnv = process.env): boolean {
+ return env.NODE_ENV === 'production';
+}
+
+/**
+ * Check if running in test
+ */
+export function isTest(env: NodeJS.ProcessEnv = process.env): boolean {
+ return env.NODE_ENV === 'test';
+}
diff --git a/packages/shared-config/src/features.ts b/packages/shared-config/src/features.ts
new file mode 100644
index 000000000..3852f6df8
--- /dev/null
+++ b/packages/shared-config/src/features.ts
@@ -0,0 +1,173 @@
+/**
+ * Feature flag utilities
+ */
+
+/**
+ * Feature flag configuration
+ */
+export interface FeatureFlag {
+ /** Feature key */
+ key: string;
+ /** Default enabled state */
+ defaultEnabled: boolean;
+ /** Description */
+ description?: string;
+ /** Environment variable to override */
+ envVar?: string;
+}
+
+/**
+ * Create a feature flag manager
+ */
+export function createFeatureFlags>(
+ flags: T,
+ env: NodeJS.ProcessEnv = process.env
+) {
+ type FlagKey = keyof T;
+
+ /**
+ * Check if a feature is enabled
+ */
+ function isEnabled(key: FlagKey): boolean {
+ const flag = flags[key];
+
+ if (!flag) {
+ return false;
+ }
+
+ // Check environment variable override
+ if (flag.envVar) {
+ const envValue = env[flag.envVar];
+ if (envValue !== undefined) {
+ return ['true', '1', 'yes', 'on'].includes(envValue.toLowerCase());
+ }
+ }
+
+ // Check generic feature flag env var
+ const genericEnvVar = `FEATURE_${String(key).toUpperCase()}`;
+ const genericValue = env[genericEnvVar];
+ if (genericValue !== undefined) {
+ return ['true', '1', 'yes', 'on'].includes(genericValue.toLowerCase());
+ }
+
+ return flag.defaultEnabled;
+ }
+
+ /**
+ * Get all enabled features
+ */
+ function getEnabledFeatures(): FlagKey[] {
+ return (Object.keys(flags) as FlagKey[]).filter(isEnabled);
+ }
+
+ /**
+ * Get all disabled features
+ */
+ function getDisabledFeatures(): FlagKey[] {
+ return (Object.keys(flags) as FlagKey[]).filter(key => !isEnabled(key));
+ }
+
+ /**
+ * Get feature configuration
+ */
+ function getFlag(key: FlagKey): FeatureFlag | undefined {
+ return flags[key];
+ }
+
+ /**
+ * Get all flags with their current state
+ */
+ function getAllFlags(): Record {
+ const result: Record = {};
+ for (const key of Object.keys(flags) as FlagKey[]) {
+ result[String(key)] = isEnabled(key);
+ }
+ return result;
+ }
+
+ return {
+ isEnabled,
+ getEnabledFeatures,
+ getDisabledFeatures,
+ getFlag,
+ getAllFlags,
+ };
+}
+
+/**
+ * Simple feature check using environment variable
+ */
+export function isFeatureEnabled(
+ featureName: string,
+ defaultValue: boolean = false,
+ env: NodeJS.ProcessEnv = process.env
+): boolean {
+ const envVar = `FEATURE_${featureName.toUpperCase().replace(/[^A-Z0-9]/g, '_')}`;
+ const value = env[envVar];
+
+ if (value === undefined) {
+ return defaultValue;
+ }
+
+ return ['true', '1', 'yes', 'on'].includes(value.toLowerCase());
+}
+
+/**
+ * App metadata configuration
+ */
+export interface AppMetadata {
+ /** App name */
+ name: string;
+ /** App version */
+ version: string;
+ /** App description */
+ description?: string;
+ /** Build number */
+ buildNumber?: string;
+ /** Git commit hash */
+ commitHash?: string;
+ /** Build timestamp */
+ buildTime?: string;
+ /** Environment */
+ environment?: string;
+}
+
+/**
+ * Create app metadata from environment
+ */
+export function createAppMetadata(
+ config: {
+ name: string;
+ version: string;
+ description?: string;
+ },
+ env: NodeJS.ProcessEnv = process.env
+): AppMetadata {
+ return {
+ name: config.name,
+ version: config.version,
+ description: config.description,
+ buildNumber: env.BUILD_NUMBER || env.VITE_BUILD_NUMBER,
+ commitHash: env.COMMIT_HASH || env.VITE_COMMIT_HASH || env.GIT_COMMIT,
+ buildTime: env.BUILD_TIME || env.VITE_BUILD_TIME,
+ environment: env.NODE_ENV || 'development',
+ };
+}
+
+/**
+ * Format version string with build info
+ */
+export function formatVersion(metadata: AppMetadata): string {
+ let version = metadata.version;
+
+ if (metadata.buildNumber) {
+ version += ` (${metadata.buildNumber})`;
+ }
+
+ if (metadata.commitHash) {
+ const shortHash = metadata.commitHash.substring(0, 7);
+ version += ` [${shortHash}]`;
+ }
+
+ return version;
+}
diff --git a/packages/shared-config/src/index.ts b/packages/shared-config/src/index.ts
new file mode 100644
index 000000000..94129fec4
--- /dev/null
+++ b/packages/shared-config/src/index.ts
@@ -0,0 +1,48 @@
+/**
+ * Shared configuration utilities for Manacore monorepo
+ *
+ * This package provides common configuration utilities including
+ * environment validation, API endpoint construction, and feature flags.
+ */
+
+// Environment utilities
+export {
+ envSchemas,
+ supabaseEnvSchema,
+ appEnvSchema,
+ createEnvConfig,
+ validateEnv,
+ getRequiredEnv,
+ getEnv,
+ getBoolEnv,
+ getNumEnv,
+ isDevelopment,
+ isProduction,
+ isTest,
+} from './env';
+
+// API utilities
+export {
+ type ApiConfig,
+ createApiBuilder,
+ buildUrl,
+ parseUrl,
+ joinPath,
+ HTTP_METHODS,
+ HTTP_STATUS,
+ type HttpMethod,
+ type HttpStatus,
+ isSuccessStatus,
+ isClientError,
+ isServerError,
+} from './api';
+
+// Feature flag utilities
+export {
+ type FeatureFlag,
+ createFeatureFlags,
+ isFeatureEnabled,
+ type AppMetadata,
+ createAppMetadata,
+ formatVersion,
+} from './features';
diff --git a/packages/shared-config/tsconfig.json b/packages/shared-config/tsconfig.json
new file mode 100644
index 000000000..121a61a7f
--- /dev/null
+++ b/packages/shared-config/tsconfig.json
@@ -0,0 +1,19 @@
+{
+ "compilerOptions": {
+ "target": "ES2022",
+ "module": "ESNext",
+ "moduleResolution": "bundler",
+ "lib": ["ES2022"],
+ "strict": true,
+ "esModuleInterop": true,
+ "skipLibCheck": true,
+ "forceConsistentCasingInFileNames": true,
+ "declaration": true,
+ "declarationMap": true,
+ "resolveJsonModule": true,
+ "isolatedModules": true,
+ "noEmit": true
+ },
+ "include": ["src/**/*"],
+ "exclude": ["node_modules"]
+}
diff --git a/packages/shared-i18n/package.json b/packages/shared-i18n/package.json
new file mode 100644
index 000000000..03c2b5e19
--- /dev/null
+++ b/packages/shared-i18n/package.json
@@ -0,0 +1,20 @@
+{
+ "name": "@manacore/shared-i18n",
+ "version": "1.0.0",
+ "private": true,
+ "type": "module",
+ "main": "./src/index.ts",
+ "types": "./src/index.ts",
+ "exports": {
+ ".": "./src/index.ts",
+ "./languages": "./src/languages.ts",
+ "./utils": "./src/utils.ts",
+ "./translations/common": "./src/translations/common/index.ts"
+ },
+ "scripts": {
+ "type-check": "tsc --noEmit"
+ },
+ "devDependencies": {
+ "typescript": "^5.7.3"
+ }
+}
diff --git a/packages/shared-i18n/src/index.ts b/packages/shared-i18n/src/index.ts
new file mode 100644
index 000000000..ffc2acc42
--- /dev/null
+++ b/packages/shared-i18n/src/index.ts
@@ -0,0 +1,46 @@
+/**
+ * Shared i18n for Manacore monorepo
+ *
+ * This package provides common i18n utilities, language definitions,
+ * and translations that can be shared across all projects.
+ */
+
+// Language definitions
+export {
+ type LanguageCode,
+ type LanguageInfo,
+ LANGUAGES,
+ getLanguageCodes,
+ getLanguageInfo,
+ isLanguageSupported,
+ isRTL,
+ getLanguageDisplayName,
+ LOCALE_GROUPS,
+ getLanguagesByGroup,
+} from './languages';
+
+// Utilities
+export {
+ detectBrowserLocale,
+ getStoredLocale,
+ storeLocale,
+ getInitialLocale,
+ normalizeLocale,
+ getBaseLanguage,
+ matchesLanguage,
+ findBestMatch,
+ formatLocalizedNumber,
+ formatLocalizedDate,
+ formatRelativeTime,
+ getPluralCategory,
+ interpolate,
+} from './utils';
+
+// Common translations
+export {
+ en as commonTranslationsEn,
+ de as commonTranslationsDe,
+ type CommonTranslations,
+ getCommonTranslations,
+ mergeWithCommon,
+} from './translations/common';
diff --git a/packages/shared-i18n/src/languages.ts b/packages/shared-i18n/src/languages.ts
new file mode 100644
index 000000000..6d2286c05
--- /dev/null
+++ b/packages/shared-i18n/src/languages.ts
@@ -0,0 +1,159 @@
+/**
+ * Language definitions and metadata
+ */
+
+/**
+ * Supported language codes
+ */
+export type LanguageCode =
+ | 'en' | 'de' | 'fr' | 'es' | 'it' | 'pt' | 'nl' | 'pl' | 'ru' | 'ja'
+ | 'ko' | 'zh' | 'ar' | 'hi' | 'bn' | 'ur' | 'id' | 'fa' | 'vi' | 'th'
+ | 'tr' | 'uk' | 'cs' | 'da' | 'fi' | 'sv' | 'nb' | 'el' | 'hu' | 'ro'
+ | 'bg' | 'hr' | 'sk' | 'sl' | 'sr' | 'lt' | 'lv' | 'et' | 'mt' | 'ga'
+ | 'tl' | 'ms' | 'he' | 'af' | 'pt-BR' | 'es-MX';
+
+/**
+ * Language metadata
+ */
+export interface LanguageInfo {
+ /** Native name of the language */
+ nativeName: string;
+ /** English name of the language */
+ englishName: string;
+ /** Flag emoji */
+ emoji: string;
+ /** RTL language */
+ rtl?: boolean;
+}
+
+/**
+ * Complete language definitions
+ */
+export const LANGUAGES: Record = {
+ // Major languages
+ en: { nativeName: 'English', englishName: 'English', emoji: '🇬🇧' },
+ de: { nativeName: 'Deutsch', englishName: 'German', emoji: '🇩🇪' },
+ fr: { nativeName: 'Français', englishName: 'French', emoji: '🇫🇷' },
+ es: { nativeName: 'Español', englishName: 'Spanish', emoji: '🇪🇸' },
+ it: { nativeName: 'Italiano', englishName: 'Italian', emoji: '🇮🇹' },
+ pt: { nativeName: 'Português', englishName: 'Portuguese', emoji: '🇵🇹' },
+ nl: { nativeName: 'Nederlands', englishName: 'Dutch', emoji: '🇳🇱' },
+ pl: { nativeName: 'Polski', englishName: 'Polish', emoji: '🇵🇱' },
+ ru: { nativeName: 'Русский', englishName: 'Russian', emoji: '🇷🇺' },
+
+ // Asian languages
+ ja: { nativeName: '日本語', englishName: 'Japanese', emoji: '🇯🇵' },
+ ko: { nativeName: '한국어', englishName: 'Korean', emoji: '🇰🇷' },
+ zh: { nativeName: '中文', englishName: 'Chinese', emoji: '🇨🇳' },
+ vi: { nativeName: 'Tiếng Việt', englishName: 'Vietnamese', emoji: '🇻🇳' },
+ th: { nativeName: 'ไทย', englishName: 'Thai', emoji: '🇹🇭' },
+ id: { nativeName: 'Bahasa Indonesia', englishName: 'Indonesian', emoji: '🇮🇩' },
+ ms: { nativeName: 'Bahasa Melayu', englishName: 'Malay', emoji: '🇲🇾' },
+ tl: { nativeName: 'Filipino', englishName: 'Filipino', emoji: '🇵🇭' },
+
+ // South Asian languages
+ hi: { nativeName: 'हिन्दी', englishName: 'Hindi', emoji: '🇮🇳' },
+ bn: { nativeName: 'বাংলা', englishName: 'Bengali', emoji: '🇧🇩' },
+ ur: { nativeName: 'اردو', englishName: 'Urdu', emoji: '🇵🇰', rtl: true },
+
+ // Middle Eastern languages
+ ar: { nativeName: 'العربية', englishName: 'Arabic', emoji: '🇦🇪', rtl: true },
+ fa: { nativeName: 'فارسی', englishName: 'Persian', emoji: '🇮🇷', rtl: true },
+ he: { nativeName: 'עברית', englishName: 'Hebrew', emoji: '🇮🇱', rtl: true },
+ tr: { nativeName: 'Türkçe', englishName: 'Turkish', emoji: '🇹🇷' },
+
+ // Nordic languages
+ sv: { nativeName: 'Svenska', englishName: 'Swedish', emoji: '🇸🇪' },
+ da: { nativeName: 'Dansk', englishName: 'Danish', emoji: '🇩🇰' },
+ fi: { nativeName: 'Suomi', englishName: 'Finnish', emoji: '🇫🇮' },
+ nb: { nativeName: 'Norsk', englishName: 'Norwegian', emoji: '🇳🇴' },
+
+ // Eastern European languages
+ uk: { nativeName: 'Українська', englishName: 'Ukrainian', emoji: '🇺🇦' },
+ cs: { nativeName: 'Čeština', englishName: 'Czech', emoji: '🇨🇿' },
+ hu: { nativeName: 'Magyar', englishName: 'Hungarian', emoji: '🇭🇺' },
+ ro: { nativeName: 'Română', englishName: 'Romanian', emoji: '🇷🇴' },
+ bg: { nativeName: 'Български', englishName: 'Bulgarian', emoji: '🇧🇬' },
+ hr: { nativeName: 'Hrvatski', englishName: 'Croatian', emoji: '🇭🇷' },
+ sk: { nativeName: 'Slovenčina', englishName: 'Slovak', emoji: '🇸🇰' },
+ sl: { nativeName: 'Slovenščina', englishName: 'Slovenian', emoji: '🇸🇮' },
+ sr: { nativeName: 'Српски', englishName: 'Serbian', emoji: '🇷🇸' },
+
+ // Baltic languages
+ lt: { nativeName: 'Lietuvių', englishName: 'Lithuanian', emoji: '🇱🇹' },
+ lv: { nativeName: 'Latviešu', englishName: 'Latvian', emoji: '🇱🇻' },
+ et: { nativeName: 'Eesti', englishName: 'Estonian', emoji: '🇪🇪' },
+
+ // Other European languages
+ el: { nativeName: 'Ελληνικά', englishName: 'Greek', emoji: '🇬🇷' },
+ mt: { nativeName: 'Malti', englishName: 'Maltese', emoji: '🇲🇹' },
+ ga: { nativeName: 'Gaeilge', englishName: 'Irish', emoji: '🇮🇪' },
+
+ // African languages
+ af: { nativeName: 'Afrikaans', englishName: 'Afrikaans', emoji: '🇿🇦' },
+
+ // Regional variants
+ 'pt-BR': { nativeName: 'Português (Brasil)', englishName: 'Portuguese (Brazil)', emoji: '🇧🇷' },
+ 'es-MX': { nativeName: 'Español (México)', englishName: 'Spanish (Mexico)', emoji: '🇲🇽' },
+};
+
+/**
+ * Get list of all language codes
+ */
+export function getLanguageCodes(): LanguageCode[] {
+ return Object.keys(LANGUAGES) as LanguageCode[];
+}
+
+/**
+ * Get language info by code
+ */
+export function getLanguageInfo(code: string): LanguageInfo | undefined {
+ return LANGUAGES[code as LanguageCode];
+}
+
+/**
+ * Check if a language code is supported
+ */
+export function isLanguageSupported(code: string): code is LanguageCode {
+ return code in LANGUAGES;
+}
+
+/**
+ * Check if a language is RTL
+ */
+export function isRTL(code: string): boolean {
+ const info = LANGUAGES[code as LanguageCode];
+ return info?.rtl === true;
+}
+
+/**
+ * Get display name for a language (native name with emoji)
+ */
+export function getLanguageDisplayName(code: string): string {
+ const info = LANGUAGES[code as LanguageCode];
+ if (!info) return code;
+ return `${info.emoji} ${info.nativeName}`;
+}
+
+/**
+ * Common locale groups for filtering
+ */
+export const LOCALE_GROUPS = {
+ /** European Union official languages */
+ eu: ['en', 'de', 'fr', 'es', 'it', 'pt', 'nl', 'pl', 'cs', 'da', 'fi', 'sv', 'el', 'hu', 'ro', 'bg', 'hr', 'sk', 'sl', 'lt', 'lv', 'et', 'mt', 'ga'] as LanguageCode[],
+ /** Major world languages */
+ major: ['en', 'de', 'fr', 'es', 'it', 'pt', 'ru', 'ja', 'ko', 'zh', 'ar'] as LanguageCode[],
+ /** DACH region (German-speaking) */
+ dach: ['de'] as LanguageCode[],
+ /** Nordic countries */
+ nordic: ['sv', 'da', 'fi', 'nb'] as LanguageCode[],
+ /** RTL languages */
+ rtl: ['ar', 'fa', 'he', 'ur'] as LanguageCode[],
+};
+
+/**
+ * Get languages by group
+ */
+export function getLanguagesByGroup(group: keyof typeof LOCALE_GROUPS): LanguageCode[] {
+ return LOCALE_GROUPS[group];
+}
diff --git a/packages/shared-i18n/src/translations/common/de.json b/packages/shared-i18n/src/translations/common/de.json
new file mode 100644
index 000000000..999e5999f
--- /dev/null
+++ b/packages/shared-i18n/src/translations/common/de.json
@@ -0,0 +1,172 @@
+{
+ "common": {
+ "actions": {
+ "save": "Speichern",
+ "cancel": "Abbrechen",
+ "delete": "Löschen",
+ "edit": "Bearbeiten",
+ "create": "Erstellen",
+ "update": "Aktualisieren",
+ "close": "Schließen",
+ "confirm": "Bestätigen",
+ "submit": "Absenden",
+ "back": "Zurück",
+ "next": "Weiter",
+ "done": "Fertig",
+ "retry": "Erneut versuchen",
+ "refresh": "Aktualisieren",
+ "search": "Suchen",
+ "filter": "Filtern",
+ "sort": "Sortieren",
+ "share": "Teilen",
+ "copy": "Kopieren",
+ "download": "Herunterladen",
+ "upload": "Hochladen",
+ "select": "Auswählen",
+ "clear": "Leeren",
+ "reset": "Zurücksetzen",
+ "apply": "Anwenden",
+ "continue": "Fortfahren",
+ "skip": "Überspringen",
+ "yes": "Ja",
+ "no": "Nein",
+ "ok": "OK"
+ },
+ "labels": {
+ "loading": "Lädt...",
+ "saving": "Speichert...",
+ "deleting": "Löscht...",
+ "processing": "Verarbeitet...",
+ "uploading": "Lädt hoch...",
+ "downloading": "Lädt herunter...",
+ "searching": "Sucht...",
+ "noResults": "Keine Ergebnisse gefunden",
+ "noData": "Keine Daten verfügbar",
+ "empty": "Leer",
+ "all": "Alle",
+ "none": "Keine",
+ "other": "Andere",
+ "more": "Mehr",
+ "less": "Weniger",
+ "showMore": "Mehr anzeigen",
+ "showLess": "Weniger anzeigen",
+ "viewAll": "Alle anzeigen",
+ "required": "Erforderlich",
+ "optional": "Optional",
+ "new": "Neu",
+ "recent": "Aktuell",
+ "popular": "Beliebt",
+ "featured": "Empfohlen"
+ },
+ "time": {
+ "now": "Jetzt",
+ "today": "Heute",
+ "yesterday": "Gestern",
+ "tomorrow": "Morgen",
+ "thisWeek": "Diese Woche",
+ "lastWeek": "Letzte Woche",
+ "thisMonth": "Diesen Monat",
+ "lastMonth": "Letzten Monat",
+ "thisYear": "Dieses Jahr",
+ "ago": "vor",
+ "in": "in"
+ },
+ "status": {
+ "active": "Aktiv",
+ "inactive": "Inaktiv",
+ "pending": "Ausstehend",
+ "completed": "Abgeschlossen",
+ "failed": "Fehlgeschlagen",
+ "cancelled": "Abgebrochen",
+ "success": "Erfolg",
+ "error": "Fehler",
+ "warning": "Warnung",
+ "info": "Info"
+ }
+ },
+ "errors": {
+ "generic": "Etwas ist schief gelaufen. Bitte versuche es erneut.",
+ "network": "Netzwerkfehler. Bitte überprüfe deine Verbindung.",
+ "timeout": "Zeitüberschreitung. Bitte versuche es erneut.",
+ "notFound": "Das angeforderte Element wurde nicht gefunden.",
+ "unauthorized": "Du bist nicht berechtigt, diese Aktion durchzuführen.",
+ "forbidden": "Zugriff verweigert.",
+ "serverError": "Serverfehler. Bitte versuche es später erneut.",
+ "validation": "Bitte überprüfe deine Eingabe und versuche es erneut.",
+ "unknown": "Ein unbekannter Fehler ist aufgetreten.",
+ "offline": "Du bist offline. Bitte überprüfe deine Internetverbindung.",
+ "sessionExpired": "Deine Sitzung ist abgelaufen. Bitte melde dich erneut an.",
+ "rateLimited": "Zu viele Anfragen. Bitte warte einen Moment und versuche es erneut."
+ },
+ "validation": {
+ "required": "Dieses Feld ist erforderlich",
+ "email": "Bitte gib eine gültige E-Mail-Adresse ein",
+ "minLength": "Muss mindestens {min} Zeichen lang sein",
+ "maxLength": "Darf höchstens {max} Zeichen lang sein",
+ "min": "Muss mindestens {min} sein",
+ "max": "Darf höchstens {max} sein",
+ "pattern": "Ungültiges Format",
+ "match": "Felder stimmen nicht überein",
+ "unique": "Dieser Wert wird bereits verwendet",
+ "invalid": "Ungültiger Wert",
+ "url": "Bitte gib eine gültige URL ein",
+ "phone": "Bitte gib eine gültige Telefonnummer ein",
+ "number": "Bitte gib eine gültige Zahl ein",
+ "integer": "Bitte gib eine ganze Zahl ein",
+ "positive": "Muss eine positive Zahl sein",
+ "date": "Bitte gib ein gültiges Datum ein",
+ "futureDate": "Datum muss in der Zukunft liegen",
+ "pastDate": "Datum muss in der Vergangenheit liegen",
+ "password": {
+ "minLength": "Passwort muss mindestens {min} Zeichen lang sein",
+ "uppercase": "Passwort muss einen Großbuchstaben enthalten",
+ "lowercase": "Passwort muss einen Kleinbuchstaben enthalten",
+ "number": "Passwort muss eine Zahl enthalten",
+ "special": "Passwort muss ein Sonderzeichen enthalten",
+ "weak": "Passwort ist zu schwach"
+ }
+ },
+ "auth": {
+ "signIn": "Anmelden",
+ "signOut": "Abmelden",
+ "signUp": "Registrieren",
+ "forgotPassword": "Passwort vergessen?",
+ "resetPassword": "Passwort zurücksetzen",
+ "changePassword": "Passwort ändern",
+ "email": "E-Mail",
+ "password": "Passwort",
+ "confirmPassword": "Passwort bestätigen",
+ "rememberMe": "Angemeldet bleiben",
+ "orContinueWith": "Oder fortfahren mit",
+ "alreadyHaveAccount": "Bereits ein Konto?",
+ "dontHaveAccount": "Noch kein Konto?",
+ "errors": {
+ "invalidCredentials": "Ungültige E-Mail oder Passwort",
+ "emailInUse": "Diese E-Mail wird bereits verwendet",
+ "weakPassword": "Passwort ist zu schwach",
+ "userNotFound": "Benutzer nicht gefunden",
+ "tooManyAttempts": "Zu viele Versuche. Bitte versuche es später erneut."
+ }
+ },
+ "settings": {
+ "title": "Einstellungen",
+ "account": "Konto",
+ "profile": "Profil",
+ "preferences": "Einstellungen",
+ "notifications": "Benachrichtigungen",
+ "privacy": "Datenschutz",
+ "security": "Sicherheit",
+ "language": "Sprache",
+ "theme": "Design",
+ "appearance": "Erscheinungsbild",
+ "darkMode": "Dunkelmodus",
+ "lightMode": "Hellmodus",
+ "systemDefault": "Systemstandard",
+ "about": "Über",
+ "help": "Hilfe",
+ "feedback": "Feedback",
+ "terms": "Nutzungsbedingungen",
+ "privacyPolicy": "Datenschutzrichtlinie",
+ "version": "Version"
+ }
+}
diff --git a/packages/shared-i18n/src/translations/common/en.json b/packages/shared-i18n/src/translations/common/en.json
new file mode 100644
index 000000000..1b9d53b36
--- /dev/null
+++ b/packages/shared-i18n/src/translations/common/en.json
@@ -0,0 +1,172 @@
+{
+ "common": {
+ "actions": {
+ "save": "Save",
+ "cancel": "Cancel",
+ "delete": "Delete",
+ "edit": "Edit",
+ "create": "Create",
+ "update": "Update",
+ "close": "Close",
+ "confirm": "Confirm",
+ "submit": "Submit",
+ "back": "Back",
+ "next": "Next",
+ "done": "Done",
+ "retry": "Retry",
+ "refresh": "Refresh",
+ "search": "Search",
+ "filter": "Filter",
+ "sort": "Sort",
+ "share": "Share",
+ "copy": "Copy",
+ "download": "Download",
+ "upload": "Upload",
+ "select": "Select",
+ "clear": "Clear",
+ "reset": "Reset",
+ "apply": "Apply",
+ "continue": "Continue",
+ "skip": "Skip",
+ "yes": "Yes",
+ "no": "No",
+ "ok": "OK"
+ },
+ "labels": {
+ "loading": "Loading...",
+ "saving": "Saving...",
+ "deleting": "Deleting...",
+ "processing": "Processing...",
+ "uploading": "Uploading...",
+ "downloading": "Downloading...",
+ "searching": "Searching...",
+ "noResults": "No results found",
+ "noData": "No data available",
+ "empty": "Empty",
+ "all": "All",
+ "none": "None",
+ "other": "Other",
+ "more": "More",
+ "less": "Less",
+ "showMore": "Show more",
+ "showLess": "Show less",
+ "viewAll": "View all",
+ "required": "Required",
+ "optional": "Optional",
+ "new": "New",
+ "recent": "Recent",
+ "popular": "Popular",
+ "featured": "Featured"
+ },
+ "time": {
+ "now": "Now",
+ "today": "Today",
+ "yesterday": "Yesterday",
+ "tomorrow": "Tomorrow",
+ "thisWeek": "This week",
+ "lastWeek": "Last week",
+ "thisMonth": "This month",
+ "lastMonth": "Last month",
+ "thisYear": "This year",
+ "ago": "ago",
+ "in": "in"
+ },
+ "status": {
+ "active": "Active",
+ "inactive": "Inactive",
+ "pending": "Pending",
+ "completed": "Completed",
+ "failed": "Failed",
+ "cancelled": "Cancelled",
+ "success": "Success",
+ "error": "Error",
+ "warning": "Warning",
+ "info": "Info"
+ }
+ },
+ "errors": {
+ "generic": "Something went wrong. Please try again.",
+ "network": "Network error. Please check your connection.",
+ "timeout": "Request timed out. Please try again.",
+ "notFound": "The requested item was not found.",
+ "unauthorized": "You are not authorized to perform this action.",
+ "forbidden": "Access denied.",
+ "serverError": "Server error. Please try again later.",
+ "validation": "Please check your input and try again.",
+ "unknown": "An unknown error occurred.",
+ "offline": "You are offline. Please check your internet connection.",
+ "sessionExpired": "Your session has expired. Please sign in again.",
+ "rateLimited": "Too many requests. Please wait a moment and try again."
+ },
+ "validation": {
+ "required": "This field is required",
+ "email": "Please enter a valid email address",
+ "minLength": "Must be at least {min} characters",
+ "maxLength": "Must be at most {max} characters",
+ "min": "Must be at least {min}",
+ "max": "Must be at most {max}",
+ "pattern": "Invalid format",
+ "match": "Fields do not match",
+ "unique": "This value is already in use",
+ "invalid": "Invalid value",
+ "url": "Please enter a valid URL",
+ "phone": "Please enter a valid phone number",
+ "number": "Please enter a valid number",
+ "integer": "Please enter a whole number",
+ "positive": "Must be a positive number",
+ "date": "Please enter a valid date",
+ "futureDate": "Date must be in the future",
+ "pastDate": "Date must be in the past",
+ "password": {
+ "minLength": "Password must be at least {min} characters",
+ "uppercase": "Password must contain an uppercase letter",
+ "lowercase": "Password must contain a lowercase letter",
+ "number": "Password must contain a number",
+ "special": "Password must contain a special character",
+ "weak": "Password is too weak"
+ }
+ },
+ "auth": {
+ "signIn": "Sign in",
+ "signOut": "Sign out",
+ "signUp": "Sign up",
+ "forgotPassword": "Forgot password?",
+ "resetPassword": "Reset password",
+ "changePassword": "Change password",
+ "email": "Email",
+ "password": "Password",
+ "confirmPassword": "Confirm password",
+ "rememberMe": "Remember me",
+ "orContinueWith": "Or continue with",
+ "alreadyHaveAccount": "Already have an account?",
+ "dontHaveAccount": "Don't have an account?",
+ "errors": {
+ "invalidCredentials": "Invalid email or password",
+ "emailInUse": "This email is already in use",
+ "weakPassword": "Password is too weak",
+ "userNotFound": "User not found",
+ "tooManyAttempts": "Too many attempts. Please try again later."
+ }
+ },
+ "settings": {
+ "title": "Settings",
+ "account": "Account",
+ "profile": "Profile",
+ "preferences": "Preferences",
+ "notifications": "Notifications",
+ "privacy": "Privacy",
+ "security": "Security",
+ "language": "Language",
+ "theme": "Theme",
+ "appearance": "Appearance",
+ "darkMode": "Dark mode",
+ "lightMode": "Light mode",
+ "systemDefault": "System default",
+ "about": "About",
+ "help": "Help",
+ "feedback": "Feedback",
+ "terms": "Terms of Service",
+ "privacyPolicy": "Privacy Policy",
+ "version": "Version"
+ }
+}
diff --git a/packages/shared-i18n/src/translations/common/index.ts b/packages/shared-i18n/src/translations/common/index.ts
new file mode 100644
index 000000000..b156e3184
--- /dev/null
+++ b/packages/shared-i18n/src/translations/common/index.ts
@@ -0,0 +1,37 @@
+/**
+ * Common translations exports
+ */
+
+import en from './en.json';
+import de from './de.json';
+
+export { en, de };
+
+/**
+ * Common translations type
+ */
+export type CommonTranslations = typeof en;
+
+/**
+ * Get common translations by locale
+ */
+export function getCommonTranslations(locale: string): CommonTranslations {
+ switch (locale) {
+ case 'de':
+ return de;
+ case 'en':
+ default:
+ return en;
+ }
+}
+
+/**
+ * Merge common translations with app-specific translations
+ */
+export function mergeWithCommon>(
+ locale: string,
+ appTranslations: T
+): T & CommonTranslations {
+ const common = getCommonTranslations(locale);
+ return { ...common, ...appTranslations } as T & CommonTranslations;
+}
diff --git a/packages/shared-i18n/src/utils.ts b/packages/shared-i18n/src/utils.ts
new file mode 100644
index 000000000..3b5f1f13c
--- /dev/null
+++ b/packages/shared-i18n/src/utils.ts
@@ -0,0 +1,249 @@
+/**
+ * i18n utility functions
+ */
+
+import { type LanguageCode, isLanguageSupported } from './languages';
+
+/**
+ * Detect user's preferred locale from browser
+ * Works in browser environment only
+ */
+export function detectBrowserLocale(
+ supportedLocales: readonly string[],
+ defaultLocale: string = 'en'
+): string {
+ if (typeof navigator === 'undefined') {
+ return defaultLocale;
+ }
+
+ // Try navigator.language first
+ const browserLang = navigator.language;
+
+ // Check exact match (e.g., 'pt-BR')
+ if (supportedLocales.includes(browserLang)) {
+ return browserLang;
+ }
+
+ // Check base language (e.g., 'pt' from 'pt-BR')
+ const baseLang = browserLang.split('-')[0];
+ if (supportedLocales.includes(baseLang)) {
+ return baseLang;
+ }
+
+ // Try navigator.languages array
+ if (navigator.languages) {
+ for (const lang of navigator.languages) {
+ if (supportedLocales.includes(lang)) {
+ return lang;
+ }
+ const base = lang.split('-')[0];
+ if (supportedLocales.includes(base)) {
+ return base;
+ }
+ }
+ }
+
+ return defaultLocale;
+}
+
+/**
+ * Get locale from localStorage with validation
+ */
+export function getStoredLocale(
+ storageKey: string,
+ supportedLocales: readonly string[]
+): string | null {
+ if (typeof localStorage === 'undefined') {
+ return null;
+ }
+
+ const stored = localStorage.getItem(storageKey);
+ if (stored && supportedLocales.includes(stored)) {
+ return stored;
+ }
+
+ return null;
+}
+
+/**
+ * Store locale in localStorage
+ */
+export function storeLocale(storageKey: string, locale: string): void {
+ if (typeof localStorage === 'undefined') {
+ return;
+ }
+
+ localStorage.setItem(storageKey, locale);
+}
+
+/**
+ * Get initial locale with priority:
+ * 1. localStorage
+ * 2. Browser language
+ * 3. Default locale
+ */
+export function getInitialLocale(
+ storageKey: string,
+ supportedLocales: readonly string[],
+ defaultLocale: string = 'en'
+): string {
+ // Check localStorage first
+ const stored = getStoredLocale(storageKey, supportedLocales);
+ if (stored) {
+ return stored;
+ }
+
+ // Fall back to browser language
+ return detectBrowserLocale(supportedLocales, defaultLocale);
+}
+
+/**
+ * Normalize locale code to standard format
+ * Examples: 'en-us' -> 'en-US', 'pt_BR' -> 'pt-BR'
+ */
+export function normalizeLocale(locale: string): string {
+ const parts = locale.replace('_', '-').split('-');
+
+ if (parts.length === 1) {
+ return parts[0].toLowerCase();
+ }
+
+ return `${parts[0].toLowerCase()}-${parts[1].toUpperCase()}`;
+}
+
+/**
+ * Get base language from locale code
+ * Examples: 'pt-BR' -> 'pt', 'en-US' -> 'en'
+ */
+export function getBaseLanguage(locale: string): string {
+ return locale.split('-')[0].toLowerCase();
+}
+
+/**
+ * Check if locale matches a language (including variants)
+ * Examples: matchesLanguage('pt-BR', 'pt') -> true
+ */
+export function matchesLanguage(locale: string, language: string): boolean {
+ const normalizedLocale = normalizeLocale(locale);
+ const normalizedLanguage = language.toLowerCase();
+
+ return (
+ normalizedLocale === normalizedLanguage ||
+ getBaseLanguage(normalizedLocale) === normalizedLanguage
+ );
+}
+
+/**
+ * Find best matching locale from supported list
+ */
+export function findBestMatch(
+ preferredLocale: string,
+ supportedLocales: readonly string[],
+ defaultLocale: string = 'en'
+): string {
+ const normalized = normalizeLocale(preferredLocale);
+
+ // Exact match
+ if (supportedLocales.includes(normalized)) {
+ return normalized;
+ }
+
+ // Base language match
+ const base = getBaseLanguage(normalized);
+ if (supportedLocales.includes(base)) {
+ return base;
+ }
+
+ // Find any variant of the same language
+ const variant = supportedLocales.find(loc => getBaseLanguage(loc) === base);
+ if (variant) {
+ return variant;
+ }
+
+ return defaultLocale;
+}
+
+/**
+ * Format number according to locale
+ */
+export function formatLocalizedNumber(
+ value: number,
+ locale: string = 'en',
+ options?: Intl.NumberFormatOptions
+): string {
+ return new Intl.NumberFormat(locale, options).format(value);
+}
+
+/**
+ * Format date according to locale
+ */
+export function formatLocalizedDate(
+ date: Date | string | number,
+ locale: string = 'en',
+ options?: Intl.DateTimeFormatOptions
+): string {
+ const dateObj = date instanceof Date ? date : new Date(date);
+ return new Intl.DateTimeFormat(locale, options).format(dateObj);
+}
+
+/**
+ * Format relative time according to locale
+ */
+export function formatRelativeTime(
+ date: Date | string | number,
+ locale: string = 'en',
+ style: 'long' | 'short' | 'narrow' = 'long'
+): string {
+ const dateObj = date instanceof Date ? date : new Date(date);
+ const now = new Date();
+ const diffMs = dateObj.getTime() - now.getTime();
+ const diffSecs = Math.round(diffMs / 1000);
+ const diffMins = Math.round(diffSecs / 60);
+ const diffHours = Math.round(diffMins / 60);
+ const diffDays = Math.round(diffHours / 24);
+ const diffWeeks = Math.round(diffDays / 7);
+ const diffMonths = Math.round(diffDays / 30);
+ const diffYears = Math.round(diffDays / 365);
+
+ const rtf = new Intl.RelativeTimeFormat(locale, { numeric: 'auto', style });
+
+ if (Math.abs(diffSecs) < 60) {
+ return rtf.format(diffSecs, 'second');
+ } else if (Math.abs(diffMins) < 60) {
+ return rtf.format(diffMins, 'minute');
+ } else if (Math.abs(diffHours) < 24) {
+ return rtf.format(diffHours, 'hour');
+ } else if (Math.abs(diffDays) < 7) {
+ return rtf.format(diffDays, 'day');
+ } else if (Math.abs(diffWeeks) < 4) {
+ return rtf.format(diffWeeks, 'week');
+ } else if (Math.abs(diffMonths) < 12) {
+ return rtf.format(diffMonths, 'month');
+ } else {
+ return rtf.format(diffYears, 'year');
+ }
+}
+
+/**
+ * Get plural form category
+ */
+export function getPluralCategory(
+ count: number,
+ locale: string = 'en'
+): Intl.LDMLPluralRule {
+ const pr = new Intl.PluralRules(locale);
+ return pr.select(count);
+}
+
+/**
+ * Interpolate values into a translation string
+ * Example: interpolate("Hello {name}!", { name: "World" }) -> "Hello World!"
+ */
+export function interpolate(
+ text: string,
+ values: Record
+): string {
+ return text.replace(/\{(\w+)\}/g, (match, key) => {
+ return key in values ? String(values[key]) : match;
+ });
+}
diff --git a/packages/shared-i18n/tsconfig.json b/packages/shared-i18n/tsconfig.json
new file mode 100644
index 000000000..121a61a7f
--- /dev/null
+++ b/packages/shared-i18n/tsconfig.json
@@ -0,0 +1,19 @@
+{
+ "compilerOptions": {
+ "target": "ES2022",
+ "module": "ESNext",
+ "moduleResolution": "bundler",
+ "lib": ["ES2022"],
+ "strict": true,
+ "esModuleInterop": true,
+ "skipLibCheck": true,
+ "forceConsistentCasingInFileNames": true,
+ "declaration": true,
+ "declarationMap": true,
+ "resolveJsonModule": true,
+ "isolatedModules": true,
+ "noEmit": true
+ },
+ "include": ["src/**/*"],
+ "exclude": ["node_modules"]
+}
diff --git a/packages/shared-icons/package.json b/packages/shared-icons/package.json
new file mode 100644
index 000000000..6c4cda791
--- /dev/null
+++ b/packages/shared-icons/package.json
@@ -0,0 +1,34 @@
+{
+ "name": "@manacore/shared-icons",
+ "version": "0.1.0",
+ "private": true,
+ "description": "Shared Phosphor Icons (Bold) for Manacore SvelteKit web apps",
+ "type": "module",
+ "svelte": "./src/index.ts",
+ "main": "./src/index.ts",
+ "types": "./src/index.ts",
+ "exports": {
+ ".": {
+ "svelte": "./src/index.ts",
+ "default": "./src/index.ts"
+ },
+ "./Icon.svelte": {
+ "svelte": "./src/Icon.svelte",
+ "default": "./src/Icon.svelte"
+ },
+ "./iconPaths": {
+ "default": "./src/iconPaths.ts"
+ }
+ },
+ "scripts": {
+ "check": "svelte-check --tsconfig ./tsconfig.json"
+ },
+ "peerDependencies": {
+ "svelte": "^5.0.0"
+ },
+ "devDependencies": {
+ "svelte": "^5.16.6",
+ "svelte-check": "^4.2.1",
+ "typescript": "^5.9.3"
+ }
+}
diff --git a/packages/shared-icons/src/Icon.svelte b/packages/shared-icons/src/Icon.svelte
new file mode 100644
index 000000000..b6f1e2eb5
--- /dev/null
+++ b/packages/shared-icons/src/Icon.svelte
@@ -0,0 +1,39 @@
+
+
+{#if path}
+
+{:else}
+ ⚠
+{/if}
diff --git a/packages/shared-icons/src/iconPaths.ts b/packages/shared-icons/src/iconPaths.ts
new file mode 100644
index 000000000..db0dbbd0f
--- /dev/null
+++ b/packages/shared-icons/src/iconPaths.ts
@@ -0,0 +1,131 @@
+/**
+ * Phosphor Icons (Bold weight) - Shared icons for Manacore web apps
+ *
+ * This is a centralized icon catalog for all SvelteKit applications.
+ * All icons use the Bold weight for consistency.
+ *
+ * To add new icons:
+ * 1. Find the icon at https://phosphoricons.com/
+ * 2. Copy the SVG content (the tag) from the Bold variant
+ * 3. Add it to this file with a descriptive key
+ *
+ * Usage:
+ * import { Icon } from '@manacore/shared-icons';
+ *
+
+
diff --git a/packages/shared-auth-ui/src/pages/RegisterPage.svelte b/packages/shared-auth-ui/src/pages/RegisterPage.svelte
new file mode 100644
index 000000000..4929cab75
--- /dev/null
+++ b/packages/shared-auth-ui/src/pages/RegisterPage.svelte
@@ -0,0 +1,310 @@
+
+
+
+
+
+
+
+
+ + {appName} +
+
+
+
+
+
+
+
+
+
+
+
+
+ {#if error}
+ + {#if mode === 'initial'} + Mana Login + {:else if mode === 'login'} + Sign In + {:else if mode === 'forgot-password'} + Reset Password + {:else if mode === 'password-reset-success'} + Email Sent + {/if} +
+ {#if mode === 'initial'} ++ Sign in with your Mana account +
+ {/if} +
+
+ {/if}
+
+
+ {#if mode === 'initial'}
+ {error}
+
+
+
+
+
+
+
+ {:else if mode === 'login'}
+
+
+
+ {#if enableGoogle || enableApple}
+
+
+
+
+ or
+ +
+ {#if enableGoogle && onSignInWithGoogle}
+
+ {/if}
+
+
+
+
+
+
+
+ {:else if mode === 'forgot-password'}
+
+
+
+ {:else if mode === 'password-reset-success'}
+
+
+ {/if}
+
+
+
+
+
+
+ + We've sent a password reset link to {resetEmail}. Please check your + inbox. +
+
+
+
+
+
+
+
+
diff --git a/packages/shared-auth-ui/src/types.ts b/packages/shared-auth-ui/src/types.ts
new file mode 100644
index 000000000..95712ddf3
--- /dev/null
+++ b/packages/shared-auth-ui/src/types.ts
@@ -0,0 +1,80 @@
+import type { Component } from 'svelte';
+
+/**
+ * Configuration for auth UI pages
+ */
+export interface AuthUIConfig {
+ /** App name to display */
+ appName: string;
+
+ /** Logo component to render */
+ logo: Component<{ size?: number; color?: string }>;
+
+ /** Primary color (hex) */
+ primaryColor: string;
+
+ /** Primary color for dark mode (optional, defaults to primaryColor) */
+ darkPrimaryColor?: string;
+
+ /** Page background color for light mode */
+ lightBackground?: string;
+
+ /** Page background color for dark mode */
+ darkBackground?: string;
+
+ /** Redirect path after successful login (default: '/dashboard') */
+ successRedirect?: string;
+
+ /** Enable Google Sign-In */
+ enableGoogle?: boolean;
+
+ /** Enable Apple Sign-In */
+ enableApple?: boolean;
+
+ /** Google OAuth Client ID (required if enableGoogle is true) */
+ googleClientId?: string;
+
+ /** Apple OAuth Service ID (required if enableApple is true) */
+ appleClientId?: string;
+
+ /** Apple OAuth Redirect URI */
+ appleRedirectUri?: string;
+}
+
+/**
+ * Auth service interface expected by the UI components
+ */
+export interface AuthServiceInterface {
+ signIn(email: string, password: string): Promise
+
+
+
+
+
+ + {appName} +
+
+
+
+
+
+
+
+
+ + Create Account +
+ + + {#if error} +
+
+ {/if}
+
+
+ {#if success && needsVerification}
+ {error}
+
+
+ {/if}
+
+
+
+
+
+ + Account created! Please check your email to verify your account. +
+
+
+
+