import "server-only"

/**
 * Session access single entry point (server-only).
 *
 * Shared/lib modules that need the current session MUST go through this
 * module instead of importing `@/auth` directly. `@/auth` itself imports
 * from `@/shared/lib/*`, so a static `import { auth } from "@/auth"` in
 * shared/lib would create a module-level cycle. The dynamic import below
 * keeps the module-loading graph acyclic while centralising session
 * retrieval so callers depend on `@/shared/lib/session`, not `@/auth`.
 */

export type AppSession = {
  user: {
    id: string
    name?: string | null
    email?: string | null
    role?: string
    roles?: string[]
    permissions?: string[]
  }
} | null

/**
 * Get the current NextAuth session.
 *
 * Uses a dynamic import to avoid a static circular dependency on
 * `@/auth` (which itself imports from `@/shared/lib/*`). The runtime
 * call chain is unchanged — only the module-loading graph is acyclic.
 */
export async function getSession(): Promise<AppSession> {
  const { auth } = await import("@/auth")
  return auth()
}