feat(w1): maven skeleton + CI scaffold

- Parent POM: de.platesoft:plate-auth-parent with ${revision} CI-friendly versioning
- plate-auth-starter module: Spring Boot 4.1.0 starter deps (web, jpa, security, validation, jwt, flyway, envers)
- @platesoft/auth npm package skeleton: tsup bundler, conditional exports, TypeScript strict
- Gitea Actions: ci.yml (on push/PR) + release.yml (on v* tag)
- distributionManagement pointing to Gitea Package Registry (Maven + npm)
- Apache-2.0 LICENSE, README with quickstart, CHANGELOG, .editorconfig, .gitignore
- pnpm workspace with packages/auth
- Maven BUILD SUCCESS verified locally

packages/auth/src/client/index.ts

@@ -0,0 +1,17 @@
+// Placeholder — W3 implementation
+// Re-exports from next-auth/react will be added in W3
+export function useAccessToken(): string | null {
+  throw new Error('Not yet implemented — Sprint 0 W3');
+}
+
+export interface Membership {
+  id: string;
+  orgType: string;
+  orgId: string;
+  role: string;
+  status: string;
+}
+
+export function useMemberships(): Membership[] {
+  throw new Error('Not yet implemented — Sprint 0 W3');
+}

packages/auth/src/config/index.ts

@@ -0,0 +1,25 @@
+// Placeholder — W3 implementation
+export interface PlateAuthConfigOptions {
+  providers: {
+    google?: { clientId: string; clientSecret: string };
+    microsoft?: { clientId: string; clientSecret: string; tenantId?: string };
+    email?: { server: string; from: string };
+  };
+  exchange: {
+    backendUrl: string;
+    secret: string;
+    appLabel?: string;
+  };
+  session?: {
+    strategy?: 'jwt';
+    maxAge?: number;
+  };
+  callbacks?: {
+    afterSignIn?: (user: any) => Promise<void>;
+  };
+  trustHost?: boolean;
+}
+
+export function createAuthConfig(_opts: PlateAuthConfigOptions): any {
+  throw new Error('Not yet implemented — Sprint 0 W3');
+}

packages/auth/src/exchange/index.ts

@@ -0,0 +1,23 @@
+// Placeholder — W3 implementation
+export interface ExchangeEnvelope {
+  provider: 'google' | 'microsoft' | 'email' | 'password';
+  providerSubject: string;
+  email: string;
+  name?: string;
+  inviteToken?: string;
+  nonce: string;
+  iat: number;
+}
+
+export interface TokenResponse {
+  accessToken: string;
+  refreshToken: string;
+}
+
+export function signEnvelope(_envelope: ExchangeEnvelope, _secret: string): { envelope: string; signature: string } {
+  throw new Error('Not yet implemented — Sprint 0 W3');
+}
+
+export function makeNonce(): string {
+  return crypto.randomUUID();
+}

packages/auth/src/index.ts

@@ -0,0 +1,4 @@
+// @platesoft/auth — main barrel export
+export type { PlateAuthConfigOptions } from './config';
+export type { ExchangeEnvelope, TokenResponse } from './exchange';
+export type { ProxyOptions } from './proxy';

packages/auth/src/middleware/index.ts

@@ -0,0 +1,8 @@
+// Placeholder — W3 implementation
+export interface MiddlewareOptions {
+  publicPaths?: string[];
+}
+
+export function createAuthMiddleware(_opts?: MiddlewareOptions): any {
+  throw new Error('Not yet implemented — Sprint 0 W3');
+}

packages/auth/src/proxy/index.ts

@@ -0,0 +1,10 @@
+// Placeholder — W3 implementation
+export interface ProxyOptions {
+  backendUrl: string;
+  stripHeaders?: string[];
+  authHeaderName?: string;
+}
+
+export function createProxyHandlers(_opts: ProxyOptions): Record<string, any> {
+  throw new Error('Not yet implemented — Sprint 0 W3');
+}