chore(repo): initialize planarchy workspace

apps/web/src/server/auth.ts

@@ -0,0 +1,65 @@
+import { prisma } from "@planarchy/db";
+import NextAuth, { type NextAuthConfig } from "next-auth";
+import Credentials from "next-auth/providers/credentials";
+import { verify } from "@node-rs/argon2";
+import { z } from "zod";
+
+const LoginSchema = z.object({
+  email: z.string().email(),
+  password: z.string().min(1),
+});
+
+const authConfig = {
+  providers: [
+    Credentials({
+      name: "credentials",
+      credentials: {
+        email: { label: "Email", type: "email" },
+        password: { label: "Password", type: "password" },
+      },
+      async authorize(credentials) {
+        const parsed = LoginSchema.safeParse(credentials);
+        if (!parsed.success) return null;
+
+        const { email, password } = parsed.data;
+        const user = await prisma.user.findUnique({ where: { email } });
+        if (!user?.passwordHash) return null;
+
+        const isValid = await verify(user.passwordHash, password);
+        if (!isValid) return null;
+
+        return {
+          id: user.id,
+          email: user.email,
+          name: user.name,
+          role: user.systemRole,
+        };
+      },
+    }),
+  ],
+  callbacks: {
+    async session({ session, token }) {
+      if (token.sub) {
+        session.user.id = token.sub;
+      }
+      if (token.role) {
+        (session.user as typeof session.user & { role: string }).role = token.role as string;
+      }
+      return session;
+    },
+    async jwt({ token, user }) {
+      if (user) {
+        token.role = (user as typeof user & { role: string }).role;
+      }
+      return token;
+    },
+  },
+  pages: {
+    signIn: "/auth/signin",
+  },
+  session: {
+    strategy: "jwt",
+  },
+} satisfies NextAuthConfig;
+
+export const { handlers, auth } = NextAuth(authConfig);

apps/web/src/server/trpc.ts

@@ -0,0 +1,24 @@
+import { createTRPCContext } from "@planarchy/api";
+import { appRouter } from "@planarchy/api/router";
+import { createCallerFactory } from "@planarchy/api/trpc";
+import { prisma } from "@planarchy/db";
+import { auth } from "./auth.js";
+
+/**
+ * Server-side tRPC caller for RSC.
+ * Usage: const trpc = await createCaller(); const result = await trpc.resource.list({});
+ */
+export async function createCaller() {
+  const session = await auth();
+
+  const dbUser = session?.user?.email
+    ? await prisma.user.findUnique({
+        where: { email: session.user.email },
+        select: { id: true, systemRole: true, permissionOverrides: true },
+      })
+    : null;
+
+  const ctx = createTRPCContext({ session, dbUser });
+  const callerFactory = createCallerFactory(appRouter);
+  return callerFactory(ctx);
+}