feat(w1): maven skeleton + CI scaffold

- Parent POM: de.platesoft:plate-auth-parent with ${revision} CI-friendly versioning
- plate-auth-starter module: Spring Boot 4.1.0 starter deps (web, jpa, security, validation, jwt, flyway, envers)
- @platesoft/auth npm package skeleton: tsup bundler, conditional exports, TypeScript strict
- Gitea Actions: ci.yml (on push/PR) + release.yml (on v* tag)
- distributionManagement pointing to Gitea Package Registry (Maven + npm)
- Apache-2.0 LICENSE, README with quickstart, CHANGELOG, .editorconfig, .gitignore
- pnpm workspace with packages/auth
- Maven BUILD SUCCESS verified locally

packages/auth/package.json

@@ -0,0 +1,70 @@
+{
+  "name": "@platesoft/auth",
+  "version": "0.1.0",
+  "type": "module",
+  "description": "NextAuth v5 config factory, HMAC exchange, proxy helpers, and React hooks for plate-auth",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs",
+      "types": "./dist/index.d.ts"
+    },
+    "./config": {
+      "import": "./dist/config/index.js",
+      "types": "./dist/config/index.d.ts"
+    },
+    "./exchange": {
+      "import": "./dist/exchange/index.js",
+      "types": "./dist/exchange/index.d.ts"
+    },
+    "./proxy": {
+      "import": "./dist/proxy/index.js",
+      "types": "./dist/proxy/index.d.ts"
+    },
+    "./middleware": {
+      "import": "./dist/middleware/index.js",
+      "types": "./dist/middleware/index.d.ts"
+    },
+    "./client": {
+      "import": "./dist/client/index.js",
+      "types": "./dist/client/index.d.ts"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsup",
+    "test": "vitest run",
+    "lint": "tsc --noEmit"
+  },
+  "peerDependencies": {
+    "next": ">=15.0.0",
+    "next-auth": ">=5.0.0-beta",
+    "react": ">=19.0.0"
+  },
+  "devDependencies": {
+    "next": "^15.3.0",
+    "next-auth": "^5.0.0-beta.30",
+    "react": "^19.0.0",
+    "tsup": "^8.4.0",
+    "typescript": "^5.7.0",
+    "vitest": "^3.1.0",
+    "@types/node": "^22.0.0",
+    "@types/react": "^19.0.0"
+  },
+  "publishConfig": {
+    "registry": "https://git.plate-software.de/api/packages/pplate/npm/"
+  },
+  "license": "Apache-2.0",
+  "repository": {
+    "type": "git",
+    "url": "https://git.plate-software.de/pplate/plate-auth.git",
+    "directory": "packages/auth"
+  }
+}

packages/auth/src/client/index.ts

@@ -0,0 +1,17 @@
+// Placeholder — W3 implementation
+// Re-exports from next-auth/react will be added in W3
+export function useAccessToken(): string | null {
+  throw new Error('Not yet implemented — Sprint 0 W3');
+}
+
+export interface Membership {
+  id: string;
+  orgType: string;
+  orgId: string;
+  role: string;
+  status: string;
+}
+
+export function useMemberships(): Membership[] {
+  throw new Error('Not yet implemented — Sprint 0 W3');
+}

packages/auth/src/config/index.ts

@@ -0,0 +1,25 @@
+// Placeholder — W3 implementation
+export interface PlateAuthConfigOptions {
+  providers: {
+    google?: { clientId: string; clientSecret: string };
+    microsoft?: { clientId: string; clientSecret: string; tenantId?: string };
+    email?: { server: string; from: string };
+  };
+  exchange: {
+    backendUrl: string;
+    secret: string;
+    appLabel?: string;
+  };
+  session?: {
+    strategy?: 'jwt';
+    maxAge?: number;
+  };
+  callbacks?: {
+    afterSignIn?: (user: any) => Promise<void>;
+  };
+  trustHost?: boolean;
+}
+
+export function createAuthConfig(_opts: PlateAuthConfigOptions): any {
+  throw new Error('Not yet implemented — Sprint 0 W3');
+}

packages/auth/src/exchange/index.ts

@@ -0,0 +1,23 @@
+// Placeholder — W3 implementation
+export interface ExchangeEnvelope {
+  provider: 'google' | 'microsoft' | 'email' | 'password';
+  providerSubject: string;
+  email: string;
+  name?: string;
+  inviteToken?: string;
+  nonce: string;
+  iat: number;
+}
+
+export interface TokenResponse {
+  accessToken: string;
+  refreshToken: string;
+}
+
+export function signEnvelope(_envelope: ExchangeEnvelope, _secret: string): { envelope: string; signature: string } {
+  throw new Error('Not yet implemented — Sprint 0 W3');
+}
+
+export function makeNonce(): string {
+  return crypto.randomUUID();
+}

packages/auth/src/index.ts

@@ -0,0 +1,4 @@
+// @platesoft/auth — main barrel export
+export type { PlateAuthConfigOptions } from './config';
+export type { ExchangeEnvelope, TokenResponse } from './exchange';
+export type { ProxyOptions } from './proxy';

packages/auth/src/middleware/index.ts

@@ -0,0 +1,8 @@
+// Placeholder — W3 implementation
+export interface MiddlewareOptions {
+  publicPaths?: string[];
+}
+
+export function createAuthMiddleware(_opts?: MiddlewareOptions): any {
+  throw new Error('Not yet implemented — Sprint 0 W3');
+}

packages/auth/src/proxy/index.ts

@@ -0,0 +1,10 @@
+// Placeholder — W3 implementation
+export interface ProxyOptions {
+  backendUrl: string;
+  stripHeaders?: string[];
+  authHeaderName?: string;
+}
+
+export function createProxyHandlers(_opts: ProxyOptions): Record<string, any> {
+  throw new Error('Not yet implemented — Sprint 0 W3');
+}

packages/auth/tsconfig.json

@@ -0,0 +1,20 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "ESNext",
+    "moduleResolution": "Bundler",
+    "declaration": true,
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "outDir": "./dist",
+    "rootDir": "./src",
+    "resolveJsonModule": true,
+    "isolatedModules": true,
+    "jsx": "react-jsx",
+    "lib": ["ES2022", "DOM", "DOM.Iterable"]
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "dist", "tests"]
+}

packages/auth/tsup.config.ts

@@ -0,0 +1,18 @@
+import { defineConfig } from 'tsup';
+
+export default defineConfig({
+  entry: {
+    'index': 'src/index.ts',
+    'config/index': 'src/config/index.ts',
+    'exchange/index': 'src/exchange/index.ts',
+    'proxy/index': 'src/proxy/index.ts',
+    'middleware/index': 'src/middleware/index.ts',
+    'client/index': 'src/client/index.ts',
+  },
+  format: ['esm', 'cjs'],
+  dts: true,
+  splitting: true,
+  clean: true,
+  target: 'es2022',
+  external: ['next', 'next-auth', 'react', 'next-auth/react'],
+});