Optional ReadonlyaccessOptional ReadonlyauditOptional ReadonlychallengeOptional ReadonlychallengeReadonlyclientReadonlycodeReadonlyconfigOptionalmemoryRateLimiter?: {Rate-limit config for SESSION routes (e.g. /session/login bruteforce
protection). Uses windowMs (milliseconds) because this section is
consumed by express-rate-limit in
packages/session/src/routes/Session.mts.
IH-18 — config split:
This section ONLY governs session-route rate limiting. OAuth endpoint
rate limiting (/token, /authorize) is provided via the optional
rateLimiter component slot; the built-in module config lives under
memoryRateLimiter.* / redisRateLimiter.* and uses windowSeconds
(seconds) per RateLimitSpec in packages/core/src/ratelimit/types.mts.
Two independent systems, different keys, different units.
OptionalrateLimiter?: { adapter?: "memory" | "redis" }OptionalredisCodeRepository?: { defaultExpiresIn?: number; keyPrefix?: string }OptionalredisRefreshTokenFamilyStore?: { casRetryLimit?: number; keyPrefix?: string }OptionalredisSessionStores?: { keyPrefix?: string }OptionalrefreshTokenFamilyStore?: { redis?: { password?: string; url: string } }OptionaluserSessionStores?: { adapter?: "memory" | "redis" }Optional ReadonlyfederationOptional ReadonlyfederationOptional ReadonlygrantOptional ReadonlygrantReadonlykeyReadonlylifecycleBoot-planner-owned lifecycle registrar (D-5). Pre-seeded as a bootstrap
component before any module factory runs. Modules that create disposable
sub-resources (Redis clients, interval timers) declare
optional: ["lifecycleRegistrar"] and forward the value into
createAdapterFactory(kind, { lifecycle: deps.lifecycleRegistrar })
so each builder receives the registrar via BuilderContext.lifecycle.
This slot is NOT consumer-overridable — bootstrap-component-collision
fires if a consumer passes it via bootstrapComponents /
overrideComponents.
Optional ReadonlyloggerReadonlypathOptional ReadonlyrateOptional ReadonlyrefreshOptional ReadonlyrefreshOptional ReadonlyrefreshOptional ReadonlyreplayOptional ReadonlysessionOptional ReadonlysessionOptional ReadonlysessionOptional ReadonlytokenReadonlyuserOptional ReadonlyuserOptional ReadonlywebauthnOptional WebAuthn credential store. Present when the webauthn package is wired.
ComponentMap — the typed DI graph for v0.5.0 manifest authoring.
The base interface is intentionally empty. Slot declarations are added by other files in @o3co/auth-provider-core (and by downstream packages such as @o3co/auth-provider-redis) via TypeScript declaration merging:
Per A2-α §6.1 the v0.5.0 baseline slot set is added incrementally during Phases 3–8 of the v0.5.0 redesign. This empty base is the foundation.
Per the cross-spec X1 amendment (documented in v0.5.0 redesign specs A3 §5.5 line 391 and A4 §5.6 of this repository's design history): the v0.5.0 ComponentMap does NOT contain the legacy
userSessionStore: UserSessionStoreBasenorrefreshTokenStore: RefreshTokenStoreBaseslots. Phase 5 (A1) and later phases declaration-merge their replacement slots without those legacy names appearing.Consumer-side augmentation MUST namespace consumer-specific keys (e.g.
acme.cacheClient) to avoid colliding with o3co-claimed slot names.v0.5.0 in-tree slot inventory (declaration-merged into this interface from elsewhere in the package; grep
declare module "@o3co/auth-provider-core"for the authoritative list):config: AppConfig— declared inboot/types.mtsper A2-β §6.2pathResolver: PathResolver— declared inboot/types.mtsper A2-β §6.2