chore(deps): bump the major-dependencies group with 9 updates

biome.json

@@ -1,9 +1,9 @@
 {
-  "$schema": "https://biomejs.dev/schemas/1.9.4/schema.json",
+  "$schema": "https://biomejs.dev/schemas/2.4.14/schema.json",
   "files": {
-    "ignore": ["dist", "coverage", "node_modules", ".turbo"]
+    "includes": ["**", "!!**/dist", "!!**/coverage", "!!**/node_modules", "!!**/.turbo"]
   },
-  "organizeImports": {
+  "assist": {
     "enabled": true
   },
   "linter": {

package.json

@@ -30,18 +30,26 @@
     "release": "turbo run build && changeset publish"
   },
   "devDependencies": {
-    "@biomejs/biome": "^1.9.4",
+    "@biomejs/biome": "^2.4.14",
     "@changesets/changelog-github": "^0.6.0",
     "@changesets/cli": "^2.28.1",
     "turbo": "^2.9.8",
-    "typescript": "^5.8.3"
+    "typescript": "^6.0.3"
   },
   "packageManager": "pnpm@10.22.0",
   "engines": {
     "node": ">=22.0.0",
     "pnpm": ">=10.0.0"
   },
-  "keywords": ["proxy", "auth", "oauth2", "api", "agent", "identity", "security"],
+  "keywords": [
+    "proxy",
+    "auth",
+    "oauth2",
+    "api",
+    "agent",
+    "identity",
+    "security"
+  ],
   "author": "Rick Somers <rick@reaatech.com> (https://reaatech.com)",
   "license": "MIT",
   "repository": {

packages/client/package.json

@@ -11,7 +11,9 @@
       "import": "./dist/index.js"
     }
   },
-  "files": ["dist"],
+  "files": [
+    "dist"
+  ],
   "publishConfig": {
     "access": "public"
   },
@@ -27,16 +29,21 @@
     "@reaatech/agent-auth-proxy-core": "workspace:*"
   },
   "devDependencies": {
-    "@types/node": "^22.10.0",
-    "@vitest/coverage-v8": "^3.0.0",
+    "@types/node": "^25.6.0",
+    "@vitest/coverage-v8": "^4.1.5",
     "tsup": "^8.0.1",
-    "typescript": "^5.8.3",
-    "vitest": "^3.0.0"
+    "typescript": "^6.0.3",
+    "vitest": "^4.1.5"
   },
   "engines": {
     "node": ">=22.0.0"
   },
-  "keywords": ["agent-auth-proxy", "client", "sdk", "oauth2"],
+  "keywords": [
+    "agent-auth-proxy",
+    "client",
+    "sdk",
+    "oauth2"
+  ],
   "author": "Rick Somers <rick@reaatech.com> (https://reaatech.com)",
   "license": "MIT",
   "repository": {

packages/client/src/index.ts

@@ -1,12 +1,19 @@
-export { AgentClient } from './agent-client';
-export type { AgentClientOptions, ProxyOptions } from './agent-client';
-export { AdminClient } from './admin-client';
+export {
+  AppError,
+  AuthError,
+  ScopeError,
+  UpstreamError,
+  ValidationError,
+} from '@reaatech/agent-auth-proxy-core';
 export type {
   AdminClientOptions,
   CreateAgentInput,
   CreateGrantInput,
   CreateUserInput,
 } from './admin-client';
+export { AdminClient } from './admin-client';
+export type { AgentClientOptions, ProxyOptions } from './agent-client';
+export { AgentClient } from './agent-client';
 export type {
   Agent,
   AgentSession,
@@ -18,10 +25,3 @@ export type {
   ReadinessStatus,
   User,
 } from './types';
-export {
-  AppError,
-  AuthError,
-  ScopeError,
-  UpstreamError,
-  ValidationError,
-} from '@reaatech/agent-auth-proxy-core';

packages/client/tests/agent-client.test.ts

@@ -60,7 +60,7 @@ describe('AgentClient', () => {
       client.proxy({
         provider: 'google',
         path: 'calendar/v3/events',
-        userId: '00000000-0000-0000-0000-000000000001',
+        userId: '00000000-0000-4000-8000-000000000001',
       }),
     ).rejects.toThrow(AuthError);
   });
@@ -82,7 +82,7 @@ describe('AgentClient', () => {
     await client.proxy({
       provider: 'google',
       path: 'calendar/v3/events',
-      userId: '00000000-0000-0000-0000-000000000001',
+      userId: '00000000-0000-4000-8000-000000000001',
       scopes: ['https://www.googleapis.com/auth/calendar.readonly'],
     });
 
@@ -91,7 +91,7 @@ describe('AgentClient', () => {
       'http://localhost:3000/proxy/google/calendar/v3/events?_scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcalendar.readonly',
     );
     expect(init.headers.Authorization).toBe('Bearer jwt-token');
-    expect(init.headers['X-User-ID']).toBe('00000000-0000-0000-0000-000000000001');
+    expect(init.headers['X-User-ID']).toBe('00000000-0000-4000-8000-000000000001');
   });
 
   it('strips a leading slash from the proxy path', async () => {
@@ -111,7 +111,7 @@ describe('AgentClient', () => {
     await client.proxy({
       provider: 'google',
       path: '/calendar/v3/events',
-      userId: '00000000-0000-0000-0000-000000000001',
+      userId: '00000000-0000-4000-8000-000000000001',
     });
 
     const [url] = fetchMock.mock.calls[1];

packages/core/package.json

@@ -11,7 +11,9 @@
       "import": "./dist/index.js"
     }
   },
-  "files": ["dist"],
+  "files": [
+    "dist"
+  ],
   "publishConfig": {
     "access": "public"
   },
@@ -23,18 +25,23 @@
     "typecheck": "tsc --noEmit"
   },
   "dependencies": {
-    "zod": "^3.22.0"
+    "zod": "^4.4.3"
   },
   "devDependencies": {
-    "@types/node": "^22.10.0",
+    "@types/node": "^25.6.0",
     "tsup": "^8.0.1",
-    "typescript": "^5.8.3",
-    "vitest": "^3.0.0"
+    "typescript": "^6.0.3",
+    "vitest": "^4.1.5"
   },
   "engines": {
     "node": ">=22.0.0"
   },
-  "keywords": ["agent-auth-proxy", "types", "zod", "schemas"],
+  "keywords": [
+    "agent-auth-proxy",
+    "types",
+    "zod",
+    "schemas"
+  ],
   "author": "Rick Somers <rick@reaatech.com> (https://reaatech.com)",
   "license": "MIT",
   "repository": {

packages/core/src/errors.ts

@@ -7,7 +7,13 @@ export class AppError extends Error {
   ) {
     super(message);
     this.name = 'AppError';
-    Error.captureStackTrace(this, this.constructor);
+    const captureStackTrace =
+      // biome-ignore lint/complexity/noBannedTypes: matching Node.js Error.stackTraceLimit signature
+      (Error as unknown as { captureStackTrace?: (target: object, ctor: Function) => void })
+        .captureStackTrace;
+    if (captureStackTrace) {
+      captureStackTrace(this, this.constructor);
+    }
   }
 }
 

packages/core/tests/schemas.test.ts

@@ -1,7 +1,7 @@
 import { describe, expect, it } from 'vitest';
 import { oauthInitiateSchema, proxyParamsSchema, proxyRequestSchema } from '../src/schemas';
 
-const VALID_UUID = '00000000-0000-0000-0000-000000000001';
+const VALID_UUID = '00000000-0000-4000-8000-000000000001';
 
 describe('proxyParamsSchema', () => {
   it('accepts a valid provider/path pair', () => {

packages/server/package.json

@@ -14,7 +14,9 @@
   "bin": {
     "agent-auth-proxy-server": "./dist/bin.js"
   },
-  "files": ["dist"],
+  "files": [
+    "dist"
+  ],
   "publishConfig": {
     "access": "public"
   },
@@ -41,29 +43,38 @@
     "@reaatech/agent-auth-proxy-core": "workspace:*",
     "drizzle-orm": "^0.45.2",
     "fastify": "^5.8.5",
-    "pino": "^8.21.0",
+    "pino": "^10.3.1",
     "postgres": "^3.4.9",
     "prom-client": "^15.1.3",
-    "zod": "^3.25.76"
+    "zod": "^4.4.3"
   },
   "devDependencies": {
     "@electric-sql/pglite": "^0.4.5",
-    "@types/node": "^22.19.19",
-    "@types/supertest": "^6.0.3",
-    "@vitest/coverage-v8": "^3.2.4",
+    "@types/node": "^25.6.0",
+    "@types/supertest": "^7.2.0",
+    "@vitest/coverage-v8": "^4.1.5",
     "drizzle-kit": "^0.31.10",
     "pino-pretty": "^13.1.3",
-    "supertest": "^6.3.4",
+    "supertest": "^7.2.2",
     "tsup": "^8.5.1",
     "tsx": "^4.22.1",
-    "typescript": "^5.9.3",
+    "typescript": "^6.0.3",
     "vite-tsconfig-paths": "^6.1.1",
-    "vitest": "^3.2.4"
+    "vitest": "^4.1.5"
   },
   "engines": {
     "node": ">=22.0.0"
   },
-  "keywords": ["proxy", "auth", "oauth2", "api", "agent", "identity", "security", "fastify"],
+  "keywords": [
+    "proxy",
+    "auth",
+    "oauth2",
+    "api",
+    "agent",
+    "identity",
+    "security",
+    "fastify"
+  ],
   "author": "Rick Somers <rick@reaatech.com> (https://reaatech.com)",
   "license": "MIT",
   "repository": {

packages/server/scripts/migrate.ts

@@ -1,7 +1,7 @@
-import { db } from '@/db';
-import { logger } from '@/utils/logger';
 /* eslint-disable @typescript-eslint/no-unsafe-assignment */
 import { migrate } from 'drizzle-orm/postgres-js/migrator';
+import { db } from '@/db';
+import { logger } from '@/utils/logger';
 
 async function runMigrations() {
   logger.info('Running migrations...');

packages/server/src/api/middleware/auth.ts

@@ -1,10 +1,10 @@
 import { createHash, timingSafeEqual } from 'node:crypto';
-import { config } from '@/config';
-import { db } from '@/db';
-import { agents } from '@/db/schema';
 import { AuthError } from '@reaatech/agent-auth-proxy-core';
 import { eq } from 'drizzle-orm';
 import type { FastifyReply, FastifyRequest } from 'fastify';
+import { config } from '@/config';
+import { db } from '@/db';
+import { agents } from '@/db/schema';
 
 export async function authenticateAgent(request: FastifyRequest, reply: FastifyReply) {
   try {
@@ -51,7 +51,7 @@ export async function authenticateAgentWithApiKey(request: FastifyRequest, reply
   const authHeader = request.headers.authorization || '';
   const apiKey = authHeader.startsWith('Bearer ') ? authHeader.slice(7) : '';
 
-  if (!apiKey || !apiKey.startsWith('aap_')) {
+  if (!apiKey?.startsWith('aap_')) {
     reply.code(401).send({
       error: 'INVALID_API_KEY',
       message: 'Valid agent API key required (Bearer aap_...)',
@@ -64,7 +64,7 @@ export async function authenticateAgentWithApiKey(request: FastifyRequest, reply
     where: eq(agents.apiKeyHash, apiKeyHash),
   });
 
-  if (!agent || !agent.active) {
+  if (!agent?.active) {
     reply.code(401).send({
       error: 'INVALID_API_KEY',
       message: 'Agent not found or inactive',

packages/server/src/api/routes/auth.ts

@@ -1,7 +1,7 @@
-import { authenticateAgentWithApiKey } from '@/api/middleware/auth';
-import { getOAuth2Manager } from '@/auth/managers/shared';
 import type { FastifyPluginAsync } from 'fastify';
 import { z } from 'zod';
+import { authenticateAgentWithApiKey } from '@/api/middleware/auth';
+import { getOAuth2Manager } from '@/auth/managers/shared';
 
 const authorizeQuerySchema = z.object({
   user_id: z.string().uuid(),

packages/server/src/api/routes/health.ts

@@ -1,7 +1,7 @@
-import { db } from '@/db';
 import { sql } from 'drizzle-orm';
 import type { FastifyPluginAsync } from 'fastify';
 import { register } from 'prom-client';
+import { db } from '@/db';
 
 export const healthRoutes: FastifyPluginAsync = async (fastify) => {
   fastify.get('/health', async () => {

packages/server/src/api/routes/management.ts

@@ -1,13 +1,13 @@
 import { createHash, randomBytes } from 'node:crypto';
+import { ValidationError } from '@reaatech/agent-auth-proxy-core';
+import { desc, eq } from 'drizzle-orm';
+import type { FastifyPluginAsync } from 'fastify';
+import { z } from 'zod';
 import { requireAdmin } from '@/api/middleware/auth';
 import { ScopeEnforcer } from '@/auth/managers/scopeManager';
 import { db } from '@/db';
 import { agents, oauthTokens, userAgentGrants, users } from '@/db/schema';
 import { getAuditLogger } from '@/services/auditService';
-import { ValidationError } from '@reaatech/agent-auth-proxy-core';
-import { desc, eq } from 'drizzle-orm';
-import type { FastifyPluginAsync } from 'fastify';
-import { z } from 'zod';
 
 const createUserSchema = z.object({
   email: z.string().email(),

packages/server/src/app.ts

@@ -1,3 +1,9 @@
+import cors from '@fastify/cors';
+import helmet from '@fastify/helmet';
+import jwt from '@fastify/jwt';
+import rateLimit from '@fastify/rate-limit';
+import fastify from 'fastify';
+import { Counter, collectDefaultMetrics, Histogram, register } from 'prom-client';
 import { authRoutes } from '@/api/routes/auth';
 import { healthRoutes } from '@/api/routes/health';
 import { managementRoutes } from '@/api/routes/management';
@@ -7,12 +13,6 @@ import { startAuditRetentionCleanup } from '@/services/auditCleanup';
 import { getAuditLogger } from '@/services/auditService';
 import { startOAuthStateCleanup } from '@/services/oauthCleanup';
 import { logger } from '@/utils/logger';
-import cors from '@fastify/cors';
-import helmet from '@fastify/helmet';
-import jwt from '@fastify/jwt';
-import rateLimit from '@fastify/rate-limit';
-import fastify from 'fastify';
-import { Counter, Histogram, collectDefaultMetrics, register } from 'prom-client';
 
 let metricsInitialized = false;
 let shutdownSignalled = false;

packages/server/src/auth/managers/keyVault.ts

@@ -1,10 +1,10 @@
 import { createCipheriv, createDecipheriv, createHash, randomBytes, scrypt } from 'node:crypto';
+import { and, eq } from 'drizzle-orm';
 import { config } from '@/config';
 import { db } from '@/db';
 import { apiKeys } from '@/db/schema';
 import { type AuditLogger, getAuditLogger } from '@/services/auditService';
 import { validateBase64Key } from '@/utils/crypto';
-import { and, eq } from 'drizzle-orm';
 
 const DEK_CACHE = new Map<string, { dek: Buffer; expiresAt: number }>();
 const DEK_CACHE_TTL_MS = 300_000;