workos · nicknisi · Jul 29, 2025 · Jul 29, 2025 · Jul 29, 2025 · Jul 29, 2025
diff --git a/.eslintrc.json b/.eslintrc.json
@@ -1,9 +1,6 @@
 {
   "parser": "@typescript-eslint/parser",
-  "extends": [
-    "eslint:recommended",
-    "plugin:@typescript-eslint/recommended"
-  ],
+  "extends": ["eslint:recommended", "plugin:@typescript-eslint/recommended"],
   "parserOptions": {
     "ecmaVersion": 2022,
     "sourceType": "module"
@@ -16,4 +13,4 @@
     "@typescript-eslint/no-explicit-any": "error",
     "@typescript-eslint/no-unused-vars": ["error", { "argsIgnorePattern": "^_" }]
   }
-}
+}
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1,6 @@
+# See GitHub's docs for more details:
+# https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
+
+# TypeScript Team
+* @workos/typescript
+
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,34 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Desktop (please complete the following information):**
+
+- OS: [e.g. iOS]
+- Browser [e.g. chrome, safari]
+- authkit-nextjs version [e.g. 0.12.0]
+- Next.js version [e.g. 14.2.5]
+
+**Additional context**
+Add any other context about the problem here.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,49 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - 'main'
+  pull_request: {}
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  test:
+    name: Test Node ${{ matrix.node }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node: [20, 22, 24]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: pnpm/action-setup@v4
+        with:
+          version: 10
+      - uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node }}
+          cache: 'pnpm'
+
+      - name: Install Dependencies
+        run: |
+          pnpm install
+
+      - name: Prettier
+        run: |
+          pnpm run prettier
+
+      # - name: Lint
+      #   run: |
+      #     pnpm run lint
+
+      - name: Build
+        run: |
+          pnpm run build
+
+      # NOTE: uncomment when we have tests
+      # - name: Test
+      #   run: |
+      #     pnpm run test -- --coverage
diff --git a/.github/workflows/coana-analysis.yml b/.github/workflows/coana-analysis.yml
@@ -0,0 +1,28 @@
+name: Coana Vulnerability Analysis
+
+on:
+  schedule:
+    - cron: '0 3 * * *' # every day at 3 AM
+  workflow_dispatch:
+    inputs:
+      tags:
+        description: 'Manually run vulnerability analysis'
+      # Required by the return-dispatch action
+      distinct_id:
+
+jobs:
+  coana-vulnerability-analysis:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Run Coana CLI
+        id: coana-cli
+        uses: docker://coana/coana:latest
+        with:
+          args: |
+            coana run . \
+              --api-key ${{ secrets.COANA_API_KEY }} \
+              --repo-url https://github.com/${{github.repository}}
diff --git a/.github/workflows/coana-guardrail.yml b/.github/workflows/coana-guardrail.yml
@@ -0,0 +1,67 @@
+name: Coana Guardrail
+
+on: pull_request
+
+jobs:
+  guardrail:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout the ${{github.base_ref}} branch
+        uses: actions/checkout@v4
+        with:
+          ref: ${{github.base_ref}} # checkout the base branch (usually master/main).
+
+      - name: Fetch the PR branch
+        run: |
+          git fetch ${{ github.event.pull_request.head.repo.clone_url }} ${{ github.head_ref }}:${{ github.head_ref }} --depth=1
+
+      - name: Get list of changed files relative to the main/master branch
+        id: changed-files
+        run: |
+          echo "all_changed_files=$(git diff --name-only ${{ github.base_ref }} ${{ github.head_ref }} | tr '\n' ' ')" >> $GITHUB_OUTPUT
+
+      - name: Use Node.js 20.x
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20.x
+
+      - name: Run Coana on the ${{github.base_ref}} branch
+        run: |
+          npx @coana-tech/cli run . \
+            --guardrail-mode \
+            --api-key ${{ secrets.COANA_API_KEY || 'api-key-unavailable' }} \
+            -o /tmp/main-branch \
+            --changed-files ${{ steps.changed-files.outputs.all_changed_files }} \
+            --lightweight-reachability \
+
+      # Reset file permissions.
+      # This is necessary because the Coana CLI may add
+      # new files with root ownership since it's using docker.
+      # These files will not be deleted by the clean step in checkout
+      # if the permissions are not reset.
+      - name: Reset file permissions
+        run: sudo chown -R $USER:$USER .
+
+      - name: Checkout the current branch
+        uses: actions/checkout@v4
+        with:
+          clean: true
+
+      - name: Run Coana on the current branch
+        run: |
+          npx @coana-tech/cli run . \
+            --guardrail-mode \
+            --api-key ${{ secrets.COANA_API_KEY || 'api-key-unavailable' }} \
+            -o /tmp/current-branch \
+            --changed-files ${{ steps.changed-files.outputs.all_changed_files }} \
+            --lightweight-reachability \
+
+      - name: Run Report Comparison
+        run: |
+          npx @coana-tech/cli compare-reports \
+            --api-key ${{ secrets.COANA_API_KEY || 'api-key-unavailable' }} \
+            /tmp/main-branch/coana-report.json \
+            /tmp/current-branch/coana-report.json
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,49 @@
+name: Release
+
+on:
+  # Support manually pushing a new release
+  workflow_dispatch: {}
+  # Trigger when a release is published
+  release:
+    types: [published]
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  test:
+    name: Publish to NPM
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: pnpm/action-setup@v4
+        with:
+          version: 10
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 18
+          registry-url: 'https://registry.npmjs.org'
+          cache: 'pnpm'
+
+      - name: Install Dependencies
+        run: |
+          pnpm install
+
+      - name: Build project
+        run: |
+          pnpm run build
+
+      - name: Push Release
+        if: ${{ !github.event.release.prerelease }}
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: |
+          pnpm publish --tag latest --access=public
+
+      - name: Push Pre-Release
+        if: ${{ github.event.release.prerelease }}
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: |
+          pnpm publish --tag next --access=public
diff --git a/.gitignore b/.gitignore
@@ -6,4 +6,3 @@ coverage/
 *.log
 .DS_Store
 package-lock.json
-pnpm-lock.yaml
diff --git a/.prettierignore b/.prettierignore
@@ -0,0 +1,2 @@
+pnpm-lock.yaml
+package-lock.json