feat: surface per-user credentials to feed source providers

Add credentials parameter to FeedSourceProvider.feedSourceForUser so
providers can receive decrypted per-user credentials (OAuth tokens,
passwords) from the user_sources table.

Wire CredentialEncryptor into UserSessionManager to handle
encrypt/decrypt. Providers receive plaintext and handle validation
internally. Existing providers ignore the new parameter.

Co-authored-by: Ona <no-reply@ona.com>

.vscode/settings.json

@@ -1,3 +0,0 @@
-{
-	"js/ts.experimental.useTsgo": true
-}

apps/admin-dashboard/package.json

@@ -34,7 +34,7 @@
 		"@types/react": "^19.2.5",
 		"@types/react-dom": "^19.2.3",
 		"@vitejs/plugin-react": "^5.1.1",
-		"typescript": "^6",
+		"typescript": "~5.9.3",
 		"vite": "^7.2.4"
 	}
 }

apps/admin-dashboard/src/components/source-config-panel.tsx

@@ -20,13 +20,7 @@ import {
 import { Separator } from "@/components/ui/separator"
 import { Switch } from "@/components/ui/switch"
 import { Tooltip, TooltipContent, TooltipTrigger } from "@/components/ui/tooltip"
-import {
-	fetchSourceConfig,
-	pushLocation,
-	replaceSource,
-	updateProviderConfig,
-	updateSourceCredentials,
-} from "@/lib/api"
+import { fetchSourceConfig, pushLocation, replaceSource, updateProviderConfig } from "@/lib/api"
 
 interface SourceConfigPanelProps {
 	source: SourceDefinition
@@ -89,11 +83,7 @@ export function SourceConfigPanel({ source, onUpdate }: SourceConfigPanelProps)
 				(v) => typeof v === "string" && v.length > 0,
 			)
 			if (hasCredentials) {
-				if (source.perUserCredentials) {
-					promises.push(updateSourceCredentials(source.id, credentialFields))
-				} else {
-					promises.push(updateProviderConfig(source.id, { credentials: credentialFields }))
-				}
+				promises.push(updateProviderConfig(source.id, { credentials: credentialFields }))
 			}
 
 			await Promise.all(promises)

apps/admin-dashboard/src/lib/api.ts

@@ -23,8 +23,6 @@ export interface SourceDefinition {
 	name: string
 	description: string
 	alwaysEnabled?: boolean
-	/** When true, secret fields are stored as per-user credentials via /api/sources/:id/credentials. */
-	perUserCredentials?: boolean
 	fields: Record<string, ConfigFieldDef>
 }
 
@@ -80,44 +78,6 @@ const sourceDefinitions: SourceDefinition[] = [
 			},
 		},
 	},
-	{
-		id: "aelis.caldav",
-		name: "CalDAV",
-		description: "Calendar events from any CalDAV server (Nextcloud, Radicale, Baikal, etc.).",
-		perUserCredentials: true,
-		fields: {
-			serverUrl: {
-				type: "string",
-				label: "Server URL",
-				required: true,
-				secret: false,
-				description: "CalDAV server URL (e.g. https://nextcloud.example.com/remote.php/dav)",
-			},
-			username: {
-				type: "string",
-				label: "Username",
-				required: true,
-				secret: false,
-			},
-			password: {
-				type: "string",
-				label: "Password",
-				required: true,
-				secret: true,
-			},
-			lookAheadDays: {
-				type: "number",
-				label: "Look-ahead Days",
-				defaultValue: 0,
-				description: "Number of additional days beyond today to fetch events for",
-			},
-			timeZone: {
-				type: "string",
-				label: "Timezone",
-				description: "IANA timezone for determining \"today\" (e.g. Europe/London). Defaults to UTC.",
-			},
-		},
-	},
 	{
 		id: "aelis.tfl",
 		name: "TfL",
@@ -204,22 +164,6 @@ export async function updateProviderConfig(
 	}
 }
 
-export async function updateSourceCredentials(
-	sourceId: string,
-	credentials: Record<string, unknown>,
-): Promise<void> {
-	const res = await fetch(`${serverBase()}/sources/${sourceId}/credentials`, {
-		method: "PUT",
-		headers: { "Content-Type": "application/json" },
-		credentials: "include",
-		body: JSON.stringify(credentials),
-	})
-	if (!res.ok) {
-		const data = (await res.json()) as { error?: string }
-		throw new Error(data.error ?? `Failed to update credentials: ${res.status}`)
-	}
-}
-
 export interface LocationInput {
 	lat: number
 	lng: number

apps/admin-dashboard/tsconfig.app.json

@@ -3,11 +3,12 @@
 		"tsBuildInfoFile": "./node_modules/.tmp/tsconfig.app.tsbuildinfo",
 		"target": "ES2022",
 		"useDefineForClassFields": true,
-		"lib": ["ES2022", "DOM"],
+		"lib": ["ES2022", "DOM", "DOM.Iterable"],
 		"module": "ESNext",
 		"types": ["vite/client"],
 		"skipLibCheck": true,
 
+		/* Bundler mode */
 		"moduleResolution": "bundler",
 		"allowImportingTsExtensions": true,
 		"verbatimModuleSyntax": true,
@@ -15,12 +16,14 @@
 		"noEmit": true,
 		"jsx": "react-jsx",
 
+		/* Linting */
 		"strict": true,
 		"noUnusedLocals": true,
 		"noUnusedParameters": true,
 		"erasableSyntaxOnly": true,
 		"noFallthroughCasesInSwitch": true,
 		"noUncheckedSideEffectImports": true,
+		"baseUrl": ".",
 		"paths": {
 			"@/*": ["./src/*"]
 		}

apps/admin-dashboard/tsconfig.json

@@ -2,6 +2,7 @@
 	"files": [],
 	"references": [{ "path": "./tsconfig.app.json" }, { "path": "./tsconfig.node.json" }],
 	"compilerOptions": {
+		"baseUrl": ".",
 		"paths": {
 			"@/*": ["./src/*"]
 		}

apps/admin-dashboard/tsconfig.node.json

@@ -7,12 +7,14 @@
 		"types": ["node"],
 		"skipLibCheck": true,
 
+		/* Bundler mode */
 		"moduleResolution": "bundler",
 		"allowImportingTsExtensions": true,
 		"verbatimModuleSyntax": true,
 		"moduleDetection": "force",
 		"noEmit": true,
 
+		/* Linting */
 		"strict": true,
 		"noUnusedLocals": true,
 		"noUnusedParameters": true,

apps/aelis-backend/src/caldav/provider.test.ts

@@ -1,85 +0,0 @@
-import { describe, expect, test } from "bun:test"
-
-import { CalDavSourceProvider } from "./provider.ts"
-
-describe("CalDavSourceProvider", () => {
-	const provider = new CalDavSourceProvider()
-
-	test("sourceId is aelis.caldav", () => {
-		expect(provider.sourceId).toBe("aelis.caldav")
-	})
-
-	test("throws when credentials are null", async () => {
-		const config = { serverUrl: "https://caldav.icloud.com", username: "user@icloud.com" }
-		await expect(provider.feedSourceForUser("user-1", config, null)).rejects.toThrow(
-			"No CalDAV credentials configured",
-		)
-	})
-
-	test("throws when credentials are missing password", async () => {
-		const config = { serverUrl: "https://caldav.icloud.com", username: "user@icloud.com" }
-		await expect(provider.feedSourceForUser("user-1", config, {})).rejects.toThrow(
-			"password must be a string",
-		)
-	})
-
-	test("throws when config is missing serverUrl", async () => {
-		const credentials = { password: "app-specific-password" }
-		await expect(
-			provider.feedSourceForUser("user-1", { username: "user@icloud.com" }, credentials),
-		).rejects.toThrow("Invalid CalDAV config")
-	})
-
-	test("throws when config is missing username", async () => {
-		const credentials = { password: "app-specific-password" }
-		await expect(
-			provider.feedSourceForUser("user-1", { serverUrl: "https://caldav.icloud.com" }, credentials),
-		).rejects.toThrow("Invalid CalDAV config")
-	})
-
-	test("throws when config has extra keys", async () => {
-		const config = {
-			serverUrl: "https://caldav.icloud.com",
-			username: "user@icloud.com",
-			extra: true,
-		}
-		const credentials = { password: "app-specific-password" }
-		await expect(provider.feedSourceForUser("user-1", config, credentials)).rejects.toThrow(
-			"Invalid CalDAV config",
-		)
-	})
-
-	test("throws when credentials have extra keys", async () => {
-		const config = { serverUrl: "https://caldav.icloud.com", username: "user@icloud.com" }
-		const credentials = { password: "app-specific-password", extra: true }
-		await expect(provider.feedSourceForUser("user-1", config, credentials)).rejects.toThrow(
-			"extra must be removed",
-		)
-	})
-
-	test("returns CalDavSource with valid config and credentials", async () => {
-		const config = {
-			serverUrl: "https://caldav.icloud.com",
-			username: "user@icloud.com",
-			lookAheadDays: 3,
-			timeZone: "Europe/London",
-		}
-		const credentials = { password: "app-specific-password" }
-
-		const source = await provider.feedSourceForUser("user-1", config, credentials)
-		expect(source).toBeDefined()
-		expect(source.id).toBe("aelis.caldav")
-	})
-
-	test("returns CalDavSource with minimal config", async () => {
-		const config = {
-			serverUrl: "https://caldav.icloud.com",
-			username: "user@icloud.com",
-		}
-		const credentials = { password: "app-specific-password" }
-
-		const source = await provider.feedSourceForUser("user-1", config, credentials)
-		expect(source).toBeDefined()
-		expect(source.id).toBe("aelis.caldav")
-	})
-})

apps/aelis-backend/src/caldav/provider.ts

@@ -1,53 +0,0 @@
-import { CalDavSource } from "@aelis/source-caldav"
-import { type } from "arktype"
-
-import type { FeedSourceProvider } from "../session/feed-source-provider.ts"
-
-import { InvalidSourceCredentialsError } from "../sources/errors.ts"
-
-const caldavConfig = type({
-	"+": "reject",
-	serverUrl: "string",
-	username: "string",
-	"lookAheadDays?": "number",
-	"timeZone?": "string",
-})
-
-const caldavCredentials = type({
-	"+": "reject",
-	password: "string",
-})
-
-export class CalDavSourceProvider implements FeedSourceProvider {
-	readonly sourceId = "aelis.caldav"
-	readonly configSchema = caldavConfig
-
-	async feedSourceForUser(
-		_userId: string,
-		config: unknown,
-		credentials: unknown,
-	): Promise<CalDavSource> {
-		const parsed = caldavConfig(config)
-		if (parsed instanceof type.errors) {
-			throw new Error(`Invalid CalDAV config: ${parsed.summary}`)
-		}
-
-		if (!credentials) {
-			throw new InvalidSourceCredentialsError("aelis.caldav", "No CalDAV credentials configured")
-		}
-
-		const creds = caldavCredentials(credentials)
-		if (creds instanceof type.errors) {
-			throw new InvalidSourceCredentialsError("aelis.caldav", creds.summary)
-		}
-
-		return new CalDavSource({
-			serverUrl: parsed.serverUrl,
-			authMethod: "basic",
-			username: parsed.username,
-			password: creds.password,
-			lookAheadDays: parsed.lookAheadDays,
-			timeZone: parsed.timeZone,
-		})
-	}
-}

apps/aelis-backend/src/server.ts

@@ -6,7 +6,6 @@ import { createRequireAdmin } from "./auth/admin-middleware.ts"
 import { registerAuthHandlers } from "./auth/http.ts"
 import { createAuth } from "./auth/index.ts"
 import { createRequireSession } from "./auth/session-middleware.ts"
-import { CalDavSourceProvider } from "./caldav/provider.ts"
 import { createDatabase } from "./db/index.ts"
 import { registerFeedHttpHandlers } from "./engine/http.ts"
 import { createFeedEnhancer } from "./enhancement/enhance-feed.ts"
@@ -49,7 +48,6 @@ function main() {
 	const sessionManager = new UserSessionManager({
 		db,
 		providers: [
-			new CalDavSourceProvider(),
 			new LocationSourceProvider(),
 			new WeatherSourceProvider({
 				credentials: {

apps/aelis-backend/src/session/user-session-manager.test.ts

@@ -806,31 +806,6 @@ describe("UserSessionManager.updateSourceCredentials", () => {
 		expect(receivedCredentials).toEqual({ token: "refreshed" })
 	})
 
-	test("adds source to session when source is enabled but not yet in session", async () => {
-		// Simulate a source that was never added to the session (e.g. credentials
-		// were missing at config time), but is enabled in the DB.
-		setEnabledSources([]) // no sources during session creation
-		const factory = mock(async () => createStubSource("test"))
-		const provider: FeedSourceProvider = { sourceId: "test", feedSourceForUser: factory }
-		const manager = new UserSessionManager({
-			db: fakeDb,
-			providers: [provider],
-			credentialEncryptor: testEncryptor,
-		})
-
-		const session = await manager.getOrCreate("user-1")
-		// Source is NOT in the session
-		expect(session.hasSource("test")).toBe(false)
-
-		// mockFindResult returns an enabled row by default, so the source
-		// row exists and is enabled in the DB.
-		await manager.updateSourceCredentials("user-1", "test", { token: "new-token" })
-
-		// Source should now be added to the session
-		expect(session.hasSource("test")).toBe(true)
-		expect(factory).toHaveBeenCalledTimes(1)
-	})
-
 	test("persists credentials without session refresh when no active session", async () => {
 		setEnabledSources(["test"])
 		const factory = mock(async () => createStubSource("test"))

apps/aelis-backend/src/session/user-session-manager.ts

@@ -249,15 +249,11 @@ export class UserSessionManager {
 		// the DB already has the new credentials but the session keeps the old
 		// source. The next session creation will pick up the persisted credentials.
 		const session = this.sessions.get(userId)
-		if (session) {
+		if (session && session.hasSource(sourceId)) {
 			const row = await sources(this.db, userId).find(sourceId)
 			if (row?.enabled) {
 				const source = await provider.feedSourceForUser(userId, row.config ?? {}, credentials)
-				if (session.hasSource(sourceId)) {
-					session.replaceSource(sourceId, source)
-				} else {
-					session.addSource(source)
-				}
+				session.replaceSource(sourceId, source)
 			}
 		}
 	}

apps/aelis-client/package.json

@@ -55,6 +55,6 @@
 		"eas-cli": "^18.0.1",
 		"eslint": "^9.25.0",
 		"eslint-config-expo": "~10.0.0",
-		"typescript": "^6"
+		"typescript": "~5.9.2"
 	}
 }

apps/waitlist-website/package.json

@@ -30,7 +30,7 @@
 		"@types/react": "^19.2.7",
 		"@types/react-dom": "^19.2.3",
 		"tailwindcss": "^4.1.13",
-		"typescript": "^6",
+		"typescript": "^5.9.2",
 		"vite": "^7.1.7",
 		"vite-tsconfig-paths": "^5.1.4"
 	}

apps/waitlist-website/tsconfig.json

@@ -1,16 +1,18 @@
 {
 	"include": ["**/*", "**/.server/**/*", "**/.client/**/*", ".react-router/types/**/*"],
 	"compilerOptions": {
-		"lib": ["DOM", "ES2022"],
+		"lib": ["DOM", "DOM.Iterable", "ES2022"],
 		"types": ["node", "vite/client"],
 		"target": "ES2022",
 		"module": "ES2022",
 		"moduleResolution": "bundler",
 		"jsx": "react-jsx",
 		"rootDirs": [".", "./.react-router/types"],
+		"baseUrl": ".",
 		"paths": {
 			"~/*": ["./app/*"]
 		},
+		"esModuleInterop": true,
 		"verbatimModuleSyntax": true,
 		"noEmit": true,
 		"resolveJsonModule": true,

bun.lock

@@ -8,12 +8,11 @@
         "@json-render/core": "^0.12.1",
         "@nym.sh/jrx": "^0.2.0",
         "@types/bun": "latest",
-        "@typescript/native-preview": "^7.0.0-dev.20260412.1",
         "oxfmt": "^0.24.0",
         "oxlint": "^1.39.0",
       },
       "peerDependencies": {
-        "typescript": "^6",
+        "typescript": "^5",
       },
     },
     "apps/admin-dashboard": {
@@ -42,7 +41,7 @@
         "@types/react": "^19.2.5",
         "@types/react-dom": "^19.2.3",
         "@vitejs/plugin-react": "^5.1.1",
-        "typescript": "^6",
+        "typescript": "~5.9.3",
         "vite": "^7.2.4",
       },
     },
@@ -112,7 +111,7 @@
         "eas-cli": "^18.0.1",
         "eslint": "^9.25.0",
         "eslint-config-expo": "~10.0.0",
-        "typescript": "^6",
+        "typescript": "~5.9.2",
       },
     },
     "apps/waitlist-website": {
@@ -139,7 +138,7 @@
         "@types/react": "^19.2.7",
         "@types/react-dom": "^19.2.3",
         "tailwindcss": "^4.1.13",
-        "typescript": "^6",
+        "typescript": "^5.9.2",
         "vite": "^7.1.7",
         "vite-tsconfig-paths": "^5.1.4",
       },
@@ -1453,22 +1452,6 @@
 
     "@typescript-eslint/visitor-keys": ["@typescript-eslint/visitor-keys@8.57.0", "", { "dependencies": { "@typescript-eslint/types": "8.57.0", "eslint-visitor-keys": "^5.0.0" } }, "sha512-zm6xx8UT/Xy2oSr2ZXD0pZo7Jx2XsCoID2IUh9YSTFRu7z+WdwYTRk6LhUftm1crwqbuoF6I8zAFeCMw0YjwDg=="],
 
-    "@typescript/native-preview": ["@typescript/native-preview@7.0.0-dev.20260412.1", "", { "optionalDependencies": { "@typescript/native-preview-darwin-arm64": "7.0.0-dev.20260412.1", "@typescript/native-preview-darwin-x64": "7.0.0-dev.20260412.1", "@typescript/native-preview-linux-arm": "7.0.0-dev.20260412.1", "@typescript/native-preview-linux-arm64": "7.0.0-dev.20260412.1", "@typescript/native-preview-linux-x64": "7.0.0-dev.20260412.1", "@typescript/native-preview-win32-arm64": "7.0.0-dev.20260412.1", "@typescript/native-preview-win32-x64": "7.0.0-dev.20260412.1" }, "bin": { "tsgo": "bin/tsgo.js" } }, "sha512-tDw3XZt2BkjAlt/MJmnFGmbe9lgKmc5wezmrMoBIEvJcqz+/KVpVBVvjbkZoaiABnJmuG3G3b6IUFrEveTw6UQ=="],
-
-    "@typescript/native-preview-darwin-arm64": ["@typescript/native-preview-darwin-arm64@7.0.0-dev.20260412.1", "", { "os": "darwin", "cpu": "arm64" }, "sha512-sSkFG+hjtRWffg6FddF3dEkk7N3TRMEqfiUpixwcWhXgyocMdPw8wutTvQRBxQdgxeL9y01M2SO8A8YPPiEgVg=="],
-
-    "@typescript/native-preview-darwin-x64": ["@typescript/native-preview-darwin-x64@7.0.0-dev.20260412.1", "", { "os": "darwin", "cpu": "x64" }, "sha512-m2BTeaLkrHEEDg0D9snigddy01qTY+wgx+W+GpXAfx36PPvW4xWuGXNVWfSaB8bqAC9C8NeLnT/C9/G/rJ5v2w=="],
-
-    "@typescript/native-preview-linux-arm": ["@typescript/native-preview-linux-arm@7.0.0-dev.20260412.1", "", { "os": "linux", "cpu": "arm" }, "sha512-wDLekbfsfmKMWORg7CTnEnpKj8oXpU/6AEBrtVN9CEUCiQAe6yH878nZHhJNzWQXHtrtFf3lY49Yplqmdxja3w=="],
-
-    "@typescript/native-preview-linux-arm64": ["@typescript/native-preview-linux-arm64@7.0.0-dev.20260412.1", "", { "os": "linux", "cpu": "arm64" }, "sha512-JAdsG6MlVV1hoAUKPy8zxAL7xLeNxz8JgCbLCJVqW8EyH29R9FD4cFTqr7CSIRTNUEDzDTrgnXUyoRtDe1gr+w=="],
-
-    "@typescript/native-preview-linux-x64": ["@typescript/native-preview-linux-x64@7.0.0-dev.20260412.1", "", { "os": "linux", "cpu": "x64" }, "sha512-gYgppiQIqid3jZ7D8THh4k3Q+4bwidrQH6SL9Xgbk1qfP6/jwv8twuPqDOfZ+cK2OD55lQHp15fOh2lMNAC40Q=="],
-
-    "@typescript/native-preview-win32-arm64": ["@typescript/native-preview-win32-arm64@7.0.0-dev.20260412.1", "", { "os": "win32", "cpu": "arm64" }, "sha512-TOh7rH5H3jisHJqRXJSjmUGMzcbNBocS/hufhXPQIv+g3pdG5IKZoSnv3SV62I5d12FFDSS5KQon5MQPnOKAHg=="],
-
-    "@typescript/native-preview-win32-x64": ["@typescript/native-preview-win32-x64@7.0.0-dev.20260412.1", "", { "os": "win32", "cpu": "x64" }, "sha512-u+70wL89wspN1wKoX6FVNUATRGCG3BpleByP3H/UqOZvlwuMm8N7Gy8hEbM0U8bDyAuyP/daUfTBVkqXjjv9mA=="],
-
     "@ungap/structured-clone": ["@ungap/structured-clone@1.3.0", "", {}, "sha512-WmoN8qaIAo7WTYWbAZuG8PYEhn5fkz7dZrqTBZ7dtt//lL2Gwms1IcnQ5yHqjDfX8Ft5j4YzDM23f87zBfDe9g=="],
 
     "@unrs/resolver-binding-android-arm-eabi": ["@unrs/resolver-binding-android-arm-eabi@1.11.1", "", { "os": "android", "cpu": "arm" }, "sha512-ppLRUgHVaGRWUx0R0Ut06Mjo9gBaBkg3v/8AxusGLhsIotbBLuRk51rAzqLC8gq6NyyAojEXglNjzf6R948DNw=="],
@@ -3445,7 +3428,7 @@
 
     "typed-array-length": ["typed-array-length@1.0.7", "", { "dependencies": { "call-bind": "^1.0.7", "for-each": "^0.3.3", "gopd": "^1.0.1", "is-typed-array": "^1.1.13", "possible-typed-array-names": "^1.0.0", "reflect.getprototypeof": "^1.0.6" } }, "sha512-3KS2b+kL7fsuk/eJZ7EQdnEmQoaho/r6KUef7hxvltNA5DR8NAUM+8wJMbJyZ4G9/7i3v5zPBIMN5aybAh2/Jg=="],
 
-    "typescript": ["typescript@6.0.2", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-bGdAIrZ0wiGDo5l8c++HWtbaNCWTS4UTv7RaTH/ThVIgjkveJt83m74bBHMJkuCbslY8ixgLBVZJIOiQlQTjfQ=="],
+    "typescript": ["typescript@5.9.3", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw=="],
 
     "ua-parser-js": ["ua-parser-js@1.0.41", "", { "bin": { "ua-parser-js": "script/cli.js" } }, "sha512-LbBDqdIC5s8iROCUjMbW1f5dJQTEFB1+KO9ogbvlb3nm9n4YHa5p4KTvFPWvh2Hs8gZMBuiB1/8+pdfe/tDPug=="],
 
@@ -3921,6 +3904,8 @@
 
     "accepts/negotiator": ["negotiator@0.6.3", "", {}, "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg=="],
 
+    "aelis-client/@tanstack/react-query": ["@tanstack/react-query@5.90.21", "", { "dependencies": { "@tanstack/query-core": "5.90.20" }, "peerDependencies": { "react": "^18 || ^19" } }, "sha512-0Lu6y5t+tvlTJMTO7oh5NSpJfpg/5D41LlThfepTixPYkJ0sE2Jj0m0f6yYqujBwIXlId87e234+MxG3D3g7kg=="],
+
     "aelis-client/@types/react": ["@types/react@19.1.17", "", { "dependencies": { "csstype": "^3.0.2" } }, "sha512-Qec1E3mhALmaspIrhWt9jkQMNdw6bReVu64mjvhbhq2NFPftLPVr+l1SZgmw/66WwBNpDh7ao5AT6gF5v41PFA=="],
 
     "aelis-client/react": ["react@19.1.0", "", {}, "sha512-FS+XFBNvn3GTAWq26joslQgWNoFu08F4kl0J4CgdNKADkdSGXQyTCnKteIAJy96Br6YbpEU1LSzV5dYtjMkMDg=="],
@@ -4559,6 +4544,8 @@
 
     "@typescript-eslint/typescript-estree/minimatch/brace-expansion": ["brace-expansion@5.0.4", "", { "dependencies": { "balanced-match": "^4.0.2" } }, "sha512-h+DEnpVvxmfVefa4jFbCf5HdH5YMDXRsmKflpf1pILZWRFlTbJpxeU55nJl4Smt5HQaGzg1o6RHFPJaOqnmBDg=="],
 
+    "aelis-client/@tanstack/react-query/@tanstack/query-core": ["@tanstack/query-core@5.90.20", "", {}, "sha512-OMD2HLpNouXEfZJWcKeVKUgQ5n+n3A2JFmBaScpNDUqSrQSjiveC7dKMe53uJUg1nDG16ttFPz2xfilz6i2uVg=="],
+
     "aelis-client/react-dom/scheduler": ["scheduler@0.26.0", "", {}, "sha512-NlHwttCI/l5gCPR3D1nNXtWABUmBwvZpEQiD4IXSbIDq8BzLIK/7Ir5gTFSGZDUu37K5cMNp0hFtzO38sC7gWA=="],
 
     "better-opn/open/define-lazy-prop": ["define-lazy-prop@2.0.0", "", {}, "sha512-Ds09qNh8yw3khSjiJjiUInaGX9xlqZDY7JVryGxdxV7NPeuqQfplOpQ66yJFZut3jLa5zOwkXw1g9EI2uKh4Og=="],

package.json

@@ -17,11 +17,10 @@
 		"@json-render/core": "^0.12.1",
 		"@nym.sh/jrx": "^0.2.0",
 		"@types/bun": "latest",
-		"@typescript/native-preview": "^7.0.0-dev.20260412.1",
 		"oxfmt": "^0.24.0",
 		"oxlint": "^1.39.0"
 	},
 	"peerDependencies": {
-		"typescript": "^6"
+		"typescript": "^5"
 	}
 }

tsconfig.json

@@ -1,5 +1,6 @@
 {
 	"compilerOptions": {
+		// Environment setup & latest features
 		"lib": ["ESNext"],
 		"target": "ESNext",
 		"module": "Preserve",
@@ -7,19 +8,20 @@
 		"jsx": "react-jsx",
 		"allowJs": true,
 
+		// Bundler mode
 		"moduleResolution": "bundler",
 		"allowImportingTsExtensions": true,
 		"verbatimModuleSyntax": true,
 		"noEmit": true,
 
-		"types": ["bun"],
-
+		// Best practices
 		"strict": true,
 		"skipLibCheck": true,
 		"noFallthroughCasesInSwitch": true,
 		"noUncheckedIndexedAccess": true,
 		"noImplicitOverride": true,
 
+		// Some stricter flags (disabled by default)
 		"noUnusedLocals": false,
 		"noUnusedParameters": false,
 		"noPropertyAccessFromIndexSignature": false