import NextAuth from 'next-auth';
import { authConfig } from './lib/auth.config';

// Edge-runtime middleware. Uses the edge-safe authConfig (no Credentials
// provider, no Prisma) — it only validates and refreshes the JWT cookie. The
// full auth config with the Credentials provider lives in lib/auth.ts and
// runs in the Node.js runtime via the route handlers.
export default NextAuth(authConfig).auth;

export const config = {
  matcher: [
    // Run on every path except static assets, image optimization, and the
    // PWA manifest. The Auth.js / tRPC API routes are excluded explicitly
    // because they handle session resolution themselves.
    '/((?!api/auth|api/trpc|_next/static|_next/image|favicon.ico|manifest.webmanifest|icon-.*\\.svg).*)',
  ],
};