Problem

Currently, users must provide secrets and configuration values through environment variables (process.env). This has several limitations:

• Security concerns with secrets in environment variables
• Doesn't work well across different JavaScript runtimes (Deno, Cloudflare Workers, etc.)
• No convenient way to integrate with secret management systems

Solution

This PR adds a new configure() function that enables programmatic configuration with multiple flexible patterns:

// in entry.server.tsx

// Direct values approach
configure({
  clientId: 'client_...',
  apiKey: 'sk_test_...',
  redirectUri: 'http://localhost:3000/callback',
  cookiePassword: 'secure-password...',
});

// Function-based for different environments (may not yet be fully supported)
configure(key => Deno.env.get(key));

// Hybrid approach
configure({ redirectUri: 'https://example.com/callback' }, mySecretSource);

Implementation Details

• Added lazy initialization to prevent eager loading of credentials
• Environment variables still take precedence (maintains backward compatibility)
• Centralized default values for optional settings
• Added TypeScript overloads for improved developer experience
• Documentation in README updated to explain the new configuration options

Benefits

• Improved security - credentials don't need to be exposed in environment variables
• Cross-platform support - works in any JavaScript runtime
• Better developer experience - flexible API with strong typing
• Secret management integration - values can be loaded from vault services

Testing

• Added unit tests for all configuration patterns
• Verified backward compatibility with environment variables

Additional Changes

• Lazily instantiates workos instance (parity with authkit-nextjs)
• exposes getWorkOS() function to user to get access to WorkOS instance (parity with authkit-nextjs)

Breaking Changes

None. This is a non-breaking enhancement that maintains compatibility with existing code.

Fixes #38