@cfast/auth 0.2.0 → 0.2.2

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Daniel Schmidt
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/schema.d.ts

@@ -732,7 +732,7 @@ declare const passkeys: drizzle_orm_sqlite_core.SQLiteTableWithColumns<{
         }, {}, {
             length: number | undefined;
         }>;
-        credentialId: drizzle_orm_sqlite_core.SQLiteColumn<{
+        credentialID: drizzle_orm_sqlite_core.SQLiteColumn<{
             name: "credential_id";
             tableName: "passkeys";
             dataType: "string";
@@ -775,7 +775,7 @@ declare const passkeys: drizzle_orm_sqlite_core.SQLiteTableWithColumns<{
             columnType: "SQLiteText";
             data: string;
             driverParam: string;
-            notNull: false;
+            notNull: true;
             hasDefault: false;
             isPrimaryKey: false;
             isAutoincrement: false;
@@ -794,7 +794,7 @@ declare const passkeys: drizzle_orm_sqlite_core.SQLiteTableWithColumns<{
             columnType: "SQLiteBoolean";
             data: boolean;
             driverParam: number;
-            notNull: false;
+            notNull: true;
             hasDefault: true;
             isPrimaryKey: false;
             isAutoincrement: false;
@@ -823,6 +823,25 @@ declare const passkeys: drizzle_orm_sqlite_core.SQLiteTableWithColumns<{
         }, {}, {
             length: number | undefined;
         }>;
+        aaguid: drizzle_orm_sqlite_core.SQLiteColumn<{
+            name: "aaguid";
+            tableName: "passkeys";
+            dataType: "string";
+            columnType: "SQLiteText";
+            data: string;
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: number | undefined;
+        }>;
         createdAt: drizzle_orm_sqlite_core.SQLiteColumn<{
             name: "created_at";
             tableName: "passkeys";

package/dist/schema.js

@@ -51,11 +51,12 @@ var passkeys = sqliteTable("passkeys", {
   name: text("name"),
   userId: text("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
   publicKey: text("public_key").notNull(),
-  credentialId: text("credential_id").notNull().unique(),
+  credentialID: text("credential_id").notNull().unique(),
   counter: integer("counter").notNull().default(0),
-  deviceType: text("device_type"),
-  backedUp: integer("backed_up", { mode: "boolean" }).default(false),
+  deviceType: text("device_type").notNull(),
+  backedUp: integer("backed_up", { mode: "boolean" }).notNull().default(false),
   transports: text("transports"),
+  aaguid: text("aaguid"),
   createdAt: integer("created_at", { mode: "timestamp" }).$defaultFn(
     () => /* @__PURE__ */ new Date()
   )

package/llms.txt

@@ -214,3 +214,8 @@ await auth.removeRole(userId, "editor");
 - **Forgetting to add auth routes** -- The magic link callback and passkey endpoints need `authRoutes()` in your `routes.ts`.
 - **Using `unsafe()` instead of roles for admin** -- Admins should have a proper role with grants, not bypass permissions entirely.
 - **Not wrapping the app with `AuthClientProvider`** -- `useAuth()` and `LoginPage` require the provider at the app root.
+
+## See Also
+
+- `@cfast/permissions` -- Defines roles and grants resolved from the authenticated user.
+- `@cfast/db` -- Receives `grants` from auth to enforce permissions on queries.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cfast/auth",
-  "version": "0.2.0",
+  "version": "0.2.2",
   "description": "Authentication for Cloudflare Workers: magic email, passkeys, roles, and impersonation",
   "keywords": [
     "cfast",
@@ -44,13 +44,6 @@
   "publishConfig": {
     "access": "public"
   },
-  "scripts": {
-    "build": "tsup src/index.ts src/client.ts src/plugin.ts src/schema.ts --format esm --dts",
-    "dev": "tsup src/index.ts src/client.ts src/plugin.ts src/schema.ts --format esm --dts --watch",
-    "test": "vitest run",
-    "typecheck": "tsc --noEmit",
-    "lint": "eslint src/"
-  },
   "peerDependencies": {
     "@better-auth/passkey": ">=1",
     "better-auth": ">=1",
@@ -58,7 +51,7 @@
     "react": ">=18"
   },
   "dependencies": {
-    "@cfast/permissions": "workspace:*"
+    "@cfast/permissions": "0.1.0"
   },
   "devDependencies": {
     "@cloudflare/workers-types": "^4.20260305.1",
@@ -71,5 +64,12 @@
     "tsup": "^8",
     "typescript": "^5.7",
     "vitest": "^4.1.0"
+  },
+  "scripts": {
+    "build": "tsup src/index.ts src/client.ts src/plugin.ts src/schema.ts --format esm --dts",
+    "dev": "tsup src/index.ts src/client.ts src/plugin.ts src/schema.ts --format esm --dts --watch",
+    "test": "vitest run",
+    "typecheck": "tsc --noEmit",
+    "lint": "eslint src/"
   }
-}
+}