@banata-auth/convex 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Banata Auth Contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,104 @@
+# @banata-auth/convex
+
+Convex backend integration for Banata Auth -- auth factory, plugins, triggers, and database schema.
+
+## Installation
+
+```bash
+npm install @banata-auth/convex
+```
+
+## Quick start
+
+### 1. Define your schema
+
+```ts
+// convex/banataAuth/schema.ts
+export { default } from "@banata-auth/convex/schema";
+```
+
+### 2. Create the auth component and instance
+
+```ts
+// convex/banataAuth/auth.ts
+import {
+  createBanataAuth,
+  createBanataAuthComponent,
+  createBanataAuthOptions,
+  type BanataAuthConfig,
+} from "@banata-auth/convex";
+import type { GenericCtx } from "@convex-dev/better-auth/utils";
+import { components } from "../_generated/api";
+import type { DataModel } from "../_generated/dataModel";
+import authConfig from "../auth.config";
+import schema from "./schema";
+
+export const authComponent = createBanataAuthComponent(components.banataAuth, schema);
+
+function getConfig(): BanataAuthConfig {
+  return {
+    appName: "My App",
+    siteUrl: process.env.SITE_URL!,
+    secret: process.env.BETTER_AUTH_SECRET!,
+    authMethods: {
+      emailPassword: true,
+      organization: true,
+    },
+    email: {
+      sendVerificationEmail: async ({ email, url }) => { /* ... */ },
+      sendResetPassword: async ({ email, url }) => { /* ... */ },
+    },
+  };
+}
+
+export const createAuthOptions = (ctx: GenericCtx<DataModel>) =>
+  createBanataAuthOptions(ctx, {
+    authComponent,
+    authConfig,
+    config: getConfig(),
+  });
+
+export const createAuth = (ctx: GenericCtx<DataModel>) =>
+  createBanataAuth(ctx, {
+    authComponent,
+    authConfig,
+    config: getConfig(),
+  });
+```
+
+### 3. Register HTTP routes
+
+```ts
+// convex/http.ts
+import { httpRouter } from "convex/server";
+import { authComponent, createAuth } from "./banataAuth/auth";
+
+const http = httpRouter();
+authComponent.registerRoutes(http, createAuth);
+export default http;
+```
+
+### 4. Register triggers (optional)
+
+```ts
+import { defineBanataAuthTriggers } from "@banata-auth/convex";
+
+export const triggers = defineBanataAuthTriggers({
+  onUserCreated: async (ctx, user) => {
+    console.log("New user:", user.email);
+  },
+});
+```
+
+## Features
+
+- Better Auth factory with sensible defaults
+- Dashboard config, audit log, and webhook plugins
+- Email template plugin with block-based editor support, template CRUD, and HTML rendering
+- Lifecycle trigger system for user/session/org events
+- Pre-built Convex schema for all auth tables (35 tables)
+- Multi-tenant project isolation with `projectId` scoping
+
+## License
+
+MIT

package/dist/auth-config.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Convex auth configuration provider for JWT validation.
+ *
+ * This tells Convex how to validate JWTs issued by Better Auth
+ * using the JWKS endpoint exposed by the component.
+ *
+ * Usage in consumer's convex/auth.config.ts:
+ *
+ * ```ts
+ * import { getAuthConfigProvider } from "@banata-auth/convex/auth-config";
+ * import type { AuthConfig } from "convex/server";
+ *
+ * export default {
+ *   providers: [getAuthConfigProvider()],
+ * } satisfies AuthConfig;
+ * ```
+ *
+ * We re-export the official function from @convex-dev/better-auth
+ * and also provide our own version as a fallback.
+ */
+export { getAuthConfigProvider } from "@convex-dev/better-auth/auth-config";
+//# sourceMappingURL=auth-config.d.ts.map

package/dist/auth-config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-config.d.ts","sourceRoot":"","sources":["../src/auth-config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAGH,OAAO,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC"}

package/dist/auth-config.js

@@ -0,0 +1,3 @@
+export { getAuthConfigProvider } from '@convex-dev/better-auth/auth-config';
+//# sourceMappingURL=auth-config.js.map
+//# sourceMappingURL=auth-config.js.map

package/dist/auth-config.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"names":[],"mappings":"","file":"auth-config.js","sourcesContent":[]}

package/dist/auth.d.ts

@@ -0,0 +1,462 @@
+/**
+ * Banata Auth Convex integration — core auth instance factory.
+ *
+ * This module provides factory functions to wire Better Auth with Convex,
+ * pre-configured with all plugins needed for WorkOS-equivalent functionality.
+ *
+ * Architecture:
+ * - `@convex-dev/better-auth` bridges Better Auth to Convex's document DB
+ * - `createClient()` creates the component client with the DB adapter
+ * - `betterAuth()` is configured with all Phase 1 plugins
+ * - HTTP routes are registered on Convex's httpRouter
+ * - JWTs are signed with RS256 keys stored in the jwks table
+ * - Convex validates JWTs via the JWKS endpoint
+ *
+ * Usage in consumer's convex/ directory:
+ *
+ * ```ts
+ * // convex/banataAuth/auth.ts
+ * import { createBanataAuthComponent, createBanataAuthOptions, createBanataAuth } from "@banata-auth/convex";
+ * import { components } from "../_generated/api";
+ * import type { DataModel } from "../_generated/dataModel";
+ * import authConfig from "../auth.config";
+ * import schema from "./schema";
+ *
+ * export const authComponent = createBanataAuthComponent(components.banataAuth, schema);
+ *
+ * export const createAuthOptions = (ctx: GenericCtx<DataModel>) =>
+ *   createBanataAuthOptions(ctx, {
+ *     authComponent,
+ *     authConfig,
+ *     siteUrl: process.env.SITE_URL!,
+ *     secret: process.env.BETTER_AUTH_SECRET!,
+ *   });
+ *
+ * export const createAuth = (ctx: GenericCtx<DataModel>) =>
+ *   createBanataAuth(ctx, { authComponent, authConfig, config: { ... } });
+ * ```
+ */
+import { createClient } from "@convex-dev/better-auth";
+import type { GenericCtx } from "@convex-dev/better-auth/utils";
+import type { BetterAuthOptions } from "better-auth";
+import type { AuthConfig, FunctionReference, GenericDataModel, GenericSchema, SchemaDefinition } from "convex/server";
+import { type BanataEmailOptions } from "./plugins/email";
+import { type BanataProtectionOptions } from "./plugins/protection";
+interface BanataAuthComponentApi {
+    adapter: {
+        create: FunctionReference<"mutation", "internal">;
+        findOne: FunctionReference<"query", "internal">;
+        findMany: FunctionReference<"query", "internal">;
+        updateOne: FunctionReference<"mutation", "internal">;
+        updateMany: FunctionReference<"mutation", "internal">;
+        deleteOne: FunctionReference<"mutation", "internal">;
+        deleteMany: FunctionReference<"mutation", "internal">;
+    };
+}
+/**
+ * Configuration for email callbacks used by various auth methods.
+ */
+export interface BanataAuthEmailConfig {
+    /** Send email verification link to new users. */
+    sendVerificationEmail?: (params: {
+        user: {
+            email: string;
+            name: string;
+        };
+        url: string;
+        token: string;
+    }) => Promise<void>;
+    /** Send password reset link. */
+    sendResetPassword?: (params: {
+        user: {
+            email: string;
+            name: string;
+        };
+        url: string;
+        token: string;
+    }) => Promise<void>;
+    /** Send magic link for passwordless sign-in. */
+    sendMagicLink?: (params: {
+        email: string;
+        url: string;
+        token: string;
+    }) => Promise<void>;
+    /** Send one-time password for email OTP auth. */
+    sendOtp?: (params: {
+        email: string;
+        otp: string;
+    }) => Promise<void>;
+    /**
+     * Send organization invitation email.
+     * Note: The invitation ID is provided instead of a URL.
+     * The consumer constructs the accept URL from the ID.
+     */
+    sendInvitationEmail?: (params: {
+        email: string;
+        invitationId: string;
+        organizationName: string;
+        inviterName: string;
+    }) => Promise<void>;
+    /** Send domain verification email. */
+    sendDomainVerification?: (params: {
+        email: string;
+        domain: string;
+        verificationToken: string;
+    }) => Promise<void>;
+}
+/**
+ * Social provider credentials.
+ */
+export interface SocialProviderConfig {
+    clientId: string;
+    clientSecret: string;
+    enabled?: boolean;
+}
+/**
+ * Supported social providers and their config shapes.
+ * Matches a subset of BetterAuthOptions["socialProviders"] keys.
+ */
+export interface BanataAuthSocialProviders {
+    google?: SocialProviderConfig;
+    github?: SocialProviderConfig;
+    microsoft?: SocialProviderConfig & {
+        tenantId?: string;
+    };
+    apple?: SocialProviderConfig;
+    discord?: SocialProviderConfig;
+    facebook?: SocialProviderConfig;
+    twitter?: SocialProviderConfig;
+    linkedin?: SocialProviderConfig;
+    gitlab?: SocialProviderConfig;
+    slack?: SocialProviderConfig;
+}
+/**
+ * Configuration for the Banata Auth instance.
+ */
+export interface BanataAuthConfig {
+    /** App name displayed in emails and OAuth consent screens. */
+    appName?: string;
+    /**
+     * Site URL — your application's public URL.
+     * Used as Better Auth's `baseURL` for OAuth callbacks and email links.
+     * Typically `process.env.SITE_URL` (e.g., "http://localhost:3000").
+     *
+     * The Next.js route handler at `/api/auth/[...all]` proxies auth
+     * requests to Convex, so OAuth providers redirect to this URL and
+     * the proxy forwards the callback to Convex for processing.
+     */
+    siteUrl: string;
+    /**
+     * Better Auth secret for signing/encryption.
+     * Typically process.env.BETTER_AUTH_SECRET.
+     */
+    secret: string;
+    /** Social providers configuration (object, not array). */
+    socialProviders?: BanataAuthSocialProviders;
+    /** Email callback configuration (optional overrides). */
+    email?: BanataAuthEmailConfig;
+    /**
+     * Built-in email sending options.
+     *
+     * When an email provider is configured through the dashboard, emails
+     * are sent automatically on auth events (verification, password reset,
+     * magic link, OTP, invitation). No consumer callbacks needed.
+     *
+     * Consumer-provided callbacks in `email` still take priority.
+     */
+    emailOptions?: BanataEmailOptions;
+    /**
+     * Enable/disable specific auth methods.
+     * All default to true unless explicitly set to false.
+     */
+    authMethods?: {
+        emailPassword?: boolean;
+        magicLink?: boolean;
+        emailOtp?: boolean;
+        passkey?: boolean;
+        twoFactor?: boolean;
+        anonymous?: boolean;
+        username?: boolean;
+        multiSession?: boolean;
+        organization?: boolean;
+        sso?: boolean;
+        scim?: boolean;
+        apiKey?: boolean;
+    };
+    /**
+     * Passkey (WebAuthn) configuration.
+     * Required if authMethods.passkey is enabled.
+     */
+    passkey?: {
+        rpId: string;
+        rpName: string;
+        origin: string;
+    };
+    /**
+     * Organization plugin configuration.
+     */
+    organizationConfig?: {
+        /** Allow users to create organizations (default: true). */
+        allowUserToCreateOrg?: boolean;
+        /** Creator role when a user creates an org (default: "owner"). */
+        creatorRole?: string;
+        /** Maximum organizations a user can create. */
+        maxOrganizations?: number;
+    };
+    /** SSO plugin configuration. */
+    ssoConfig?: {
+        /** Issuer URL for SAML SP entity ID construction. */
+        issuer?: string;
+        /** Enable domain verification for SSO connections. */
+        domainVerification?: boolean;
+        /** Default organization provisioning behavior. */
+        provisionOrganization?: boolean;
+    };
+    /** SCIM plugin configuration. */
+    scimConfig?: {
+        /** Default role for SCIM-provisioned users. */
+        defaultRole?: string;
+        /** Whether to auto-create organizations from SCIM groups. */
+        autoCreateOrganizations?: boolean;
+    };
+    /** API Key plugin configuration. */
+    apiKeyConfig?: {
+        /** API key prefix (e.g., "sk_live"). */
+        prefix?: string;
+        /** Default API key expiration in seconds. */
+        defaultExpiresIn?: number;
+    };
+    /**
+     * Bot protection configuration.
+     *
+     * When configured, Banata Auth intercepts requests to sensitive auth
+     * endpoints (sign-in, sign-up, password reset) and verifies them using
+     * the provided `verifyRequest` function before any auth processing occurs.
+     *
+     * This is provider-agnostic — implement `verifyRequest` with Vercel BotID,
+     * Cloudflare Turnstile, hCaptcha, reCAPTCHA, or any other service.
+     *
+     * @example
+     * ```ts
+     * protection: {
+     *   enabled: true,
+     *   verifyRequest: async (request) => {
+     *     const result = await checkBotId();
+     *     return { isBot: result.isBot };
+     *   },
+     * },
+     * ```
+     */
+    protection?: BanataProtectionOptions;
+    /** Lifecycle trigger handlers. */
+    triggers?: import("./triggers").BanataAuthTriggers;
+    /**
+     * Trusted origins for CSRF/origin validation.
+     *
+     * Better Auth validates the `Origin` header on cookie-bearing requests.
+     * By default, only `siteUrl` is trusted. In development, the Next.js
+     * proxy may run on a different port (e.g. `http://localhost:3002`)
+     * and forward the browser's `Origin` header, causing a 403.
+     *
+     * Add all origins your dashboard/app may run on:
+     * ```ts
+     * trustedOrigins: ["http://localhost:3000", "http://localhost:3002"]
+     * ```
+     */
+    trustedOrigins?: string[];
+    /**
+     * Additional Better Auth options to merge.
+     * Use this for advanced configuration not covered by the typed config.
+     */
+    advanced?: Partial<BetterAuthOptions>;
+}
+/**
+ * Re-export Convex's AuthConfig for convenience.
+ * This is the type consumers use in `convex/auth.config.ts`.
+ */
+export type { AuthConfig as BanataAuthConvexAuthConfig } from "convex/server";
+/** The return type of `createClient` with GenericDataModel defaults. */
+type ComponentClient = ReturnType<typeof createClient>;
+/**
+ * Create the Better Auth Convex component client.
+ *
+ * This bridges `@convex-dev/better-auth` to your Convex component,
+ * providing the database adapter and HTTP route registration.
+ *
+ * @param componentRef - The component reference from `components.banataAuth`
+ * @param schema - The component schema definition
+ * @param options - Optional client options
+ * @returns The component client with adapter and registerRoutes
+ *
+ * @example
+ * ```ts
+ * import { createBanataAuthComponent } from "@banata-auth/convex";
+ * import { components } from "../_generated/api";
+ * import schema from "./schema";
+ *
+ * export const authComponent = createBanataAuthComponent(
+ *   components.banataAuth,
+ *   schema,
+ * );
+ * ```
+ */
+export declare function createBanataAuthComponent<TDataModel extends GenericDataModel, TSchema extends SchemaDefinition<GenericSchema, true>>(componentRef: BanataAuthComponentApi, schema: TSchema, options?: {
+    verbose?: boolean;
+}): {
+    adapter: (ctx: GenericCtx<TDataModel>) => import("better-auth/adapters").AdapterFactory;
+    getAuth: <T extends import("@convex-dev/better-auth").CreateAuth<TDataModel>>(createAuth: T, ctx: GenericCtx<TDataModel>) => Promise<{
+        auth: ReturnType<T>;
+        headers: Headers;
+    }>;
+    getHeaders: (ctx: GenericCtx<TDataModel>) => Promise<Headers>;
+    safeGetAuthUser: (ctx: GenericCtx<TDataModel>) => Promise<(TSchema["strictTableNameTypes"] extends infer T ? T extends TSchema["strictTableNameTypes"] ? T extends true ? { [TableName in keyof TSchema["tables"] & string]: TSchema["tables"][TableName] extends import("convex/server").TableDefinition<infer DocumentType extends import("convex/values").Validator<any, any, any>, infer Indexes extends import("convex/server").GenericTableIndexes, infer SearchIndexes extends import("convex/server").GenericTableSearchIndexes, infer VectorIndexes extends import("convex/server").GenericTableVectorIndexes> ? {
+        document: import("convex/server").Expand<import("convex/server").IdField<TableName> & import("convex/server").Expand<import("convex/server").SystemFields & DocumentType["type"]>>;
+        fieldPaths: keyof import("convex/server").IdField<TableName_1> | ("_creationTime" | DocumentType["fieldPaths"]);
+        indexes: import("convex/server").Expand<Indexes & import("convex/server").SystemIndexes>;
+        searchIndexes: SearchIndexes;
+        vectorIndexes: VectorIndexes;
+    } : never; } : import("convex/server").Expand<{ [TableName in keyof TSchema["tables"] & string]: TSchema["tables"][TableName] extends import("convex/server").TableDefinition<infer DocumentType extends import("convex/values").Validator<any, any, any>, infer Indexes extends import("convex/server").GenericTableIndexes, infer SearchIndexes extends import("convex/server").GenericTableSearchIndexes, infer VectorIndexes extends import("convex/server").GenericTableVectorIndexes> ? {
+        document: import("convex/server").Expand<import("convex/server").IdField<TableName> & import("convex/server").Expand<import("convex/server").SystemFields & DocumentType["type"]>>;
+        fieldPaths: keyof import("convex/server").IdField<TableName_1> | ("_creationTime" | DocumentType["fieldPaths"]);
+        indexes: import("convex/server").Expand<Indexes & import("convex/server").SystemIndexes>;
+        searchIndexes: SearchIndexes;
+        vectorIndexes: VectorIndexes;
+    } : never; } & import("convex/server").AnyDataModel> : never : never)["user"]["document"] | undefined>;
+    getAuthUser: (ctx: GenericCtx<TDataModel>) => Promise<(TSchema["strictTableNameTypes"] extends infer T ? T extends TSchema["strictTableNameTypes"] ? T extends true ? { [TableName in keyof TSchema["tables"] & string]: TSchema["tables"][TableName] extends import("convex/server").TableDefinition<infer DocumentType extends import("convex/values").Validator<any, any, any>, infer Indexes extends import("convex/server").GenericTableIndexes, infer SearchIndexes extends import("convex/server").GenericTableSearchIndexes, infer VectorIndexes extends import("convex/server").GenericTableVectorIndexes> ? {
+        document: import("convex/server").Expand<import("convex/server").IdField<TableName> & import("convex/server").Expand<import("convex/server").SystemFields & DocumentType["type"]>>;
+        fieldPaths: keyof import("convex/server").IdField<TableName_1> | ("_creationTime" | DocumentType["fieldPaths"]);
+        indexes: import("convex/server").Expand<Indexes & import("convex/server").SystemIndexes>;
+        searchIndexes: SearchIndexes;
+        vectorIndexes: VectorIndexes;
+    } : never; } : import("convex/server").Expand<{ [TableName in keyof TSchema["tables"] & string]: TSchema["tables"][TableName] extends import("convex/server").TableDefinition<infer DocumentType extends import("convex/values").Validator<any, any, any>, infer Indexes extends import("convex/server").GenericTableIndexes, infer SearchIndexes extends import("convex/server").GenericTableSearchIndexes, infer VectorIndexes extends import("convex/server").GenericTableVectorIndexes> ? {
+        document: import("convex/server").Expand<import("convex/server").IdField<TableName> & import("convex/server").Expand<import("convex/server").SystemFields & DocumentType["type"]>>;
+        fieldPaths: keyof import("convex/server").IdField<TableName_1> | ("_creationTime" | DocumentType["fieldPaths"]);
+        indexes: import("convex/server").Expand<Indexes & import("convex/server").SystemIndexes>;
+        searchIndexes: SearchIndexes;
+        vectorIndexes: VectorIndexes;
+    } : never; } & import("convex/server").AnyDataModel> : never : never)["user"]["document"]>;
+    getAnyUserById: (ctx: GenericCtx<TDataModel>, id: string) => Promise<(TSchema["strictTableNameTypes"] extends infer T ? T extends TSchema["strictTableNameTypes"] ? T extends true ? { [TableName in keyof TSchema["tables"] & string]: TSchema["tables"][TableName] extends import("convex/server").TableDefinition<infer DocumentType extends import("convex/values").Validator<any, any, any>, infer Indexes extends import("convex/server").GenericTableIndexes, infer SearchIndexes extends import("convex/server").GenericTableSearchIndexes, infer VectorIndexes extends import("convex/server").GenericTableVectorIndexes> ? {
+        document: import("convex/server").Expand<import("convex/server").IdField<TableName> & import("convex/server").Expand<import("convex/server").SystemFields & DocumentType["type"]>>;
+        fieldPaths: keyof import("convex/server").IdField<TableName_1> | ("_creationTime" | DocumentType["fieldPaths"]);
+        indexes: import("convex/server").Expand<Indexes & import("convex/server").SystemIndexes>;
+        searchIndexes: SearchIndexes;
+        vectorIndexes: VectorIndexes;
+    } : never; } : import("convex/server").Expand<{ [TableName in keyof TSchema["tables"] & string]: TSchema["tables"][TableName] extends import("convex/server").TableDefinition<infer DocumentType extends import("convex/values").Validator<any, any, any>, infer Indexes extends import("convex/server").GenericTableIndexes, infer SearchIndexes extends import("convex/server").GenericTableSearchIndexes, infer VectorIndexes extends import("convex/server").GenericTableVectorIndexes> ? {
+        document: import("convex/server").Expand<import("convex/server").IdField<TableName> & import("convex/server").Expand<import("convex/server").SystemFields & DocumentType["type"]>>;
+        fieldPaths: keyof import("convex/server").IdField<TableName_1> | ("_creationTime" | DocumentType["fieldPaths"]);
+        indexes: import("convex/server").Expand<Indexes & import("convex/server").SystemIndexes>;
+        searchIndexes: SearchIndexes;
+        vectorIndexes: VectorIndexes;
+    } : never; } & import("convex/server").AnyDataModel> : never : never)["user"]["document"] | null>;
+    setUserId: (ctx: import("convex/server").GenericMutationCtx<TDataModel>, authId: string, userId: string) => Promise<void>;
+    clientApi: () => {
+        getAuthUser: import("convex/server").RegisteredQuery<"public", {}, Promise<(TSchema["strictTableNameTypes"] extends infer T ? T extends TSchema["strictTableNameTypes"] ? T extends true ? { [TableName in keyof TSchema["tables"] & string]: TSchema["tables"][TableName] extends import("convex/server").TableDefinition<infer DocumentType extends import("convex/values").Validator<any, any, any>, infer Indexes extends import("convex/server").GenericTableIndexes, infer SearchIndexes extends import("convex/server").GenericTableSearchIndexes, infer VectorIndexes extends import("convex/server").GenericTableVectorIndexes> ? {
+            document: import("convex/server").Expand<import("convex/server").IdField<TableName> & import("convex/server").Expand<import("convex/server").SystemFields & DocumentType["type"]>>;
+            fieldPaths: keyof import("convex/server").IdField<TableName_1> | ("_creationTime" | DocumentType["fieldPaths"]);
+            indexes: import("convex/server").Expand<Indexes & import("convex/server").SystemIndexes>;
+            searchIndexes: SearchIndexes;
+            vectorIndexes: VectorIndexes;
+        } : never; } : import("convex/server").Expand<{ [TableName in keyof TSchema["tables"] & string]: TSchema["tables"][TableName] extends import("convex/server").TableDefinition<infer DocumentType extends import("convex/values").Validator<any, any, any>, infer Indexes extends import("convex/server").GenericTableIndexes, infer SearchIndexes extends import("convex/server").GenericTableSearchIndexes, infer VectorIndexes extends import("convex/server").GenericTableVectorIndexes> ? {
+            document: import("convex/server").Expand<import("convex/server").IdField<TableName> & import("convex/server").Expand<import("convex/server").SystemFields & DocumentType["type"]>>;
+            fieldPaths: keyof import("convex/server").IdField<TableName_1> | ("_creationTime" | DocumentType["fieldPaths"]);
+            indexes: import("convex/server").Expand<Indexes & import("convex/server").SystemIndexes>;
+            searchIndexes: SearchIndexes;
+            vectorIndexes: VectorIndexes;
+        } : never; } & import("convex/server").AnyDataModel> : never : never)["user"]["document"]>>;
+    };
+    triggersApi: () => {
+        onCreate: import("convex/server").RegisteredMutation<"internal", {
+            model: string;
+            doc: any;
+        }, Promise<void>>;
+        onUpdate: import("convex/server").RegisteredMutation<"internal", {
+            model: string;
+            oldDoc: any;
+            newDoc: any;
+        }, Promise<void>>;
+        onDelete: import("convex/server").RegisteredMutation<"internal", {
+            model: string;
+            doc: any;
+        }, Promise<void>>;
+    };
+    registerRoutes: (http: import("convex/server").HttpRouter, createAuth: import("@convex-dev/better-auth").CreateAuth<TDataModel>, opts?: {
+        cors?: boolean | {
+            allowedOrigins?: string[];
+            allowedHeaders?: string[];
+            exposedHeaders?: string[];
+        };
+    }) => void;
+};
+/**
+ * Build the Better Auth options object from Banata Auth config.
+ *
+ * This configures all Phase 1 plugins and returns a BetterAuthOptions
+ * that can be passed to `betterAuth()`. The Convex database adapter
+ * is injected from the component client.
+ *
+ * @param ctx - Convex function context
+ * @param params - Configuration parameters
+ * @returns BetterAuthOptions ready for `betterAuth()`
+ *
+ * @example
+ * ```ts
+ * export const createAuthOptions = (ctx: GenericCtx<DataModel>) =>
+ *   createBanataAuthOptions(ctx, {
+ *     authComponent,
+ *     authConfig,
+ *     config: {
+ *       siteUrl: process.env.SITE_URL!,
+ *       secret: process.env.BETTER_AUTH_SECRET!,
+ *       socialProviders: { github: { clientId: "...", clientSecret: "..." } },
+ *     },
+ *   });
+ * ```
+ */
+export declare function createBanataAuthOptions(ctx: GenericCtx<GenericDataModel>, params: {
+    authComponent: ComponentClient;
+    authConfig: AuthConfig;
+    config: BanataAuthConfig;
+}): BetterAuthOptions;
+/**
+ * Create the Better Auth instance for a given Convex context.
+ *
+ * This is the main factory function that creates a fully configured
+ * Better Auth instance ready to handle auth requests.
+ *
+ * @param ctx - Convex function context
+ * @param params - Same params as createBanataAuthOptions
+ * @returns A Better Auth instance
+ *
+ * @example
+ * ```ts
+ * export const createAuth = (ctx: GenericCtx<DataModel>) =>
+ *   createBanataAuth(ctx, {
+ *     authComponent,
+ *     authConfig,
+ *     config: { siteUrl: "...", secret: "..." },
+ *   });
+ * ```
+ */
+export declare function createBanataAuth(ctx: GenericCtx<GenericDataModel>, params: {
+    authComponent: ComponentClient;
+    authConfig: AuthConfig;
+    config: BanataAuthConfig;
+}): import("better-auth").Auth<BetterAuthOptions>;
+/**
+ * Helper to create the static auth options for schema generation.
+ *
+ * The `npx auth generate` CLI needs a static options object (not bound to
+ * a Convex context). This creates one with a dummy adapter.
+ *
+ * @example
+ * ```ts
+ * // For CLI: npx auth generate --config ./convex/banataAuth/auth.ts
+ * export const options = createBanataAuthStaticOptions({ ... });
+ * ```
+ */
+export declare function createBanataAuthStaticOptions(params: {
+    authComponent: ComponentClient;
+    authConfig: AuthConfig;
+    config: BanataAuthConfig;
+}): BetterAuthOptions;
+//# sourceMappingURL=auth.d.ts.map

package/dist/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AAOH,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAEvD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAChE,OAAO,KAAK,EAAE,iBAAiB,EAAoB,MAAM,aAAa,CAAC;AAWvE,OAAO,KAAK,EACX,UAAU,EACV,iBAAiB,EACjB,gBAAgB,EAChB,aAAa,EACb,gBAAgB,EAChB,MAAM,eAAe,CAAC;AAKvB,OAAO,EAAE,KAAK,kBAAkB,EAAyC,MAAM,iBAAiB,CAAC;AAMjG,OAAO,EAAE,KAAK,uBAAuB,EAAoB,MAAM,sBAAsB,CAAC;AAStF,UAAU,sBAAsB;IAC/B,OAAO,EAAE;QACR,MAAM,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAClD,OAAO,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAChD,QAAQ,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACjD,SAAS,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACrD,UAAU,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACtD,SAAS,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACrD,UAAU,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;KACtD,CAAC;CACF;AAID;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACrC,iDAAiD;IACjD,qBAAqB,CAAC,EAAE,CAAC,MAAM,EAAE;QAChC,IAAI,EAAE;YAAE,KAAK,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,CAAA;SAAE,CAAC;QACtC,GAAG,EAAE,MAAM,CAAC;QACZ,KAAK,EAAE,MAAM,CAAC;KACd,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAEpB,gCAAgC;IAChC,iBAAiB,CAAC,EAAE,CAAC,MAAM,EAAE;QAC5B,IAAI,EAAE;YAAE,KAAK,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,CAAA;SAAE,CAAC;QACtC,GAAG,EAAE,MAAM,CAAC;QACZ,KAAK,EAAE,MAAM,CAAC;KACd,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAEpB,gDAAgD;IAChD,aAAa,CAAC,EAAE,CAAC,MAAM,EAAE;QACxB,KAAK,EAAE,MAAM,CAAC;QACd,GAAG,EAAE,MAAM,CAAC;QACZ,KAAK,EAAE,MAAM,CAAC;KACd,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAEpB,iDAAiD;IACjD,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE;QAClB,KAAK,EAAE,MAAM,CAAC;QACd,GAAG,EAAE,MAAM,CAAC;KACZ,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAEpB;;;;OAIG;IACH,mBAAmB,CAAC,EAAE,CAAC,MAAM,EAAE;QAC9B,KAAK,EAAE,MAAM,CAAC;QACd,YAAY,EAAE,MAAM,CAAC;QACrB,gBAAgB,EAAE,MAAM,CAAC;QACzB,WAAW,EAAE,MAAM,CAAC;KACpB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAEpB,sCAAsC;IACtC,sBAAsB,CAAC,EAAE,CAAC,MAAM,EAAE;QACjC,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,MAAM,CAAC;QACf,iBAAiB,EAAE,MAAM,CAAC;KAC1B,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACpC,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,OAAO,CAAC;CAClB;AAED;;;GAGG;AACH,MAAM,WAAW,yBAAyB;IACzC,MAAM,CAAC,EAAE,oBAAoB,CAAC;IAC9B,MAAM,CAAC,EAAE,oBAAoB,CAAC;IAC9B,SAAS,CAAC,EAAE,oBAAoB,GAAG;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IACzD,KAAK,CAAC,EAAE,oBAAoB,CAAC;IAC7B,OAAO,CAAC,EAAE,oBAAoB,CAAC;IAC/B,QAAQ,CAAC,EAAE,oBAAoB,CAAC;IAChC,OAAO,CAAC,EAAE,oBAAoB,CAAC;IAC/B,QAAQ,CAAC,EAAE,oBAAoB,CAAC;IAChC,MAAM,CAAC,EAAE,oBAAoB,CAAC;IAC9B,KAAK,CAAC,EAAE,oBAAoB,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAChC,8DAA8D;IAC9D,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;;;;;;OAQG;IACH,OAAO,EAAE,MAAM,CAAC;IAEhB;;;OAGG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf,0DAA0D;IAC1D,eAAe,CAAC,EAAE,yBAAyB,CAAC;IAE5C,yDAAyD;IACzD,KAAK,CAAC,EAAE,qBAAqB,CAAC;IAE9B;;;;;;;;OAQG;IACH,YAAY,CAAC,EAAE,kBAAkB,CAAC;IAElC;;;OAGG;IACH,WAAW,CAAC,EAAE;QACb,aAAa,CAAC,EAAE,OAAO,CAAC;QACxB,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,QAAQ,CAAC,EAAE,OAAO,CAAC;QACnB,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,QAAQ,CAAC,EAAE,OAAO,CAAC;QACnB,YAAY,CAAC,EAAE,OAAO,CAAC;QACvB,YAAY,CAAC,EAAE,OAAO,CAAC;QACvB,GAAG,CAAC,EAAE,OAAO,CAAC;QACd,IAAI,CAAC,EAAE,OAAO,CAAC;QACf,MAAM,CAAC,EAAE,OAAO,CAAC;KACjB,CAAC;IAEF;;;OAGG;IACH,OAAO,CAAC,EAAE;QACT,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,EAAE,MAAM,CAAC;KACf,CAAC;IAEF;;OAEG;IACH,kBAAkB,CAAC,EAAE;QACpB,2DAA2D;QAC3D,oBAAoB,CAAC,EAAE,OAAO,CAAC;QAC/B,kEAAkE;QAClE,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,+CAA+C;QAC/C,gBAAgB,CAAC,EAAE,MAAM,CAAC;KAC1B,CAAC;IAEF,gCAAgC;IAChC,SAAS,CAAC,EAAE;QACX,qDAAqD;QACrD,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,sDAAsD;QACtD,kBAAkB,CAAC,EAAE,OAAO,CAAC;QAC7B,kDAAkD;QAClD,qBAAqB,CAAC,EAAE,OAAO,CAAC;KAChC,CAAC;IAEF,iCAAiC;IACjC,UAAU,CAAC,EAAE;QACZ,+CAA+C;QAC/C,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,6DAA6D;QAC7D,uBAAuB,CAAC,EAAE,OAAO,CAAC;KAClC,CAAC;IAEF,oCAAoC;IACpC,YAAY,CAAC,EAAE;QACd,wCAAwC;QACxC,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,6CAA6C;QAC7C,gBAAgB,CAAC,EAAE,MAAM,CAAC;KAC1B,CAAC;IAEF;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,UAAU,CAAC,EAAE,uBAAuB,CAAC;IAErC,kCAAkC;IAClC,QAAQ,CAAC,EAAE,OAAO,YAAY,EAAE,kBAAkB,CAAC;IAEnD;;;;;;;;;;;;OAYG;IACH,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAE1B;;;OAGG;IACH,QAAQ,CAAC,EAAE,OAAO,CAAC,iBAAiB,CAAC,CAAC;CACtC;AAED;;;GAGG;AACH,YAAY,EAAE,UAAU,IAAI,0BAA0B,EAAE,MAAM,eAAe,CAAC;AAI9E,wEAAwE;AACxE,KAAK,eAAe,GAAG,UAAU,CAAC,OAAO,YAAY,CAAC,CAAC;AAIvD;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,yBAAyB,CACxC,UAAU,SAAS,gBAAgB,EACnC,OAAO,SAAS,gBAAgB,CAAC,aAAa,EAAE,IAAI,CAAC,EACpD,YAAY,EAAE,sBAAsB,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;YAtJlF,CAAC;0BAEJ,CAAC;0BACe,CAAC;0BAEL,CAAC;;;EAsJf;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,wBAAgB,uBAAuB,CACtC,GAAG,EAAE,UAAU,CAAC,gBAAgB,CAAC,EACjC,MAAM,EAAE;IACP,aAAa,EAAE,eAAe,CAAC;IAC/B,UAAU,EAAE,UAAU,CAAC;IACvB,MAAM,EAAE,gBAAgB,CAAC;CACzB,GACC,iBAAiB,CA+GnB;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,gBAAgB,CAC/B,GAAG,EAAE,UAAU,CAAC,gBAAgB,CAAC,EACjC,MAAM,EAAE;IACP,aAAa,EAAE,eAAe,CAAC;IAC/B,UAAU,EAAE,UAAU,CAAC;IACvB,MAAM,EAAE,gBAAgB,CAAC;CACzB,iDAGD;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,6BAA6B,CAAC,MAAM,EAAE;IACrD,aAAa,EAAE,eAAe,CAAC;IAC/B,UAAU,EAAE,UAAU,CAAC;IACvB,MAAM,EAAE,gBAAgB,CAAC;CACzB,qBAGA"}

package/dist/component/adapter.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Re-export `createApi` from @convex-dev/better-auth for consumers.
+ *
+ * Per the Convex component pattern, consumers call `createApi` directly
+ * in their local `convex/banataAuth/adapter.ts` to generate the CRUD
+ * functions (create, findOne, findMany, updateOne, updateMany, deleteOne,
+ * deleteMany) needed by the component adapter.
+ *
+ * @example
+ * ```ts
+ * // convex/banataAuth/adapter.ts
+ * import { createApi } from "@banata-auth/convex/adapter";
+ * import { createAuthOptions } from "./auth";
+ * import schema from "./schema";
+ *
+ * export const { create, findOne, findMany, updateOne, updateMany, deleteOne, deleteMany }
+ *   = createApi(schema, createAuthOptions);
+ * ```
+ */
+export { createApi } from "@convex-dev/better-auth";
+//# sourceMappingURL=adapter.d.ts.map

package/dist/component/adapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"adapter.d.ts","sourceRoot":"","sources":["../../src/component/adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC"}

package/dist/component/adapter.js

@@ -0,0 +1,3 @@
+export { createApi } from '@convex-dev/better-auth';
+//# sourceMappingURL=adapter.js.map
+//# sourceMappingURL=adapter.js.map