@factiii/auth 0.5.3 → 0.5.4

package/dist/index.d.mts

@@ -1,13 +1,11 @@
 import * as http from 'http';
 import * as SuperJSON from 'superjson';
 import SuperJSON__default from 'superjson';
-import * as _prisma_client from '@prisma/client';
-import { PrismaClient } from '@prisma/client';
 import * as _trpc_server from '@trpc/server';
 import * as zod from 'zod';
 import { CreateHTTPContextOptions } from '@trpc/server/adapters/standalone';
-import { S as SchemaExtensions, A as AuthHooks } from './hooks-BXNxNK4S.mjs';
-export { C as ChangePasswordInput, L as LoginInput, O as OAuthLoginInput, R as ResetPasswordInput, a as SignupInput, T as TwoFaVerifyInput, V as VerifyEmailInput, b as biometricVerifySchema, c as changePasswordSchema, e as endAllSessionsSchema, l as loginSchema, o as oAuthLoginSchema, r as requestPasswordResetSchema, d as resetPasswordSchema, s as signupSchema, t as twoFaResetSchema, f as twoFaVerifySchema, v as verifyEmailSchema } from './hooks-BXNxNK4S.mjs';
+import { S as SchemaExtensions, A as AuthHooks } from './hooks-yHGJ7C6_.mjs';
+export { C as ChangePasswordInput, L as LoginInput, O as OAuthLoginInput, R as ResetPasswordInput, a as SignupInput, T as TwoFaVerifyInput, V as VerifyEmailInput, b as biometricVerifySchema, c as changePasswordSchema, e as endAllSessionsSchema, l as loginSchema, o as oAuthLoginSchema, r as requestPasswordResetSchema, d as resetPasswordSchema, s as signupSchema, t as twoFaResetSchema, f as twoFaVerifySchema, v as verifyEmailSchema } from './hooks-yHGJ7C6_.mjs';
 
 //# sourceMappingURL=TRPCError.d.ts.map
 //#endregion
@@ -149,6 +147,208 @@ declare function createNoopEmailAdapter(): EmailAdapter;
  */
 declare function createConsoleEmailAdapter(): EmailAdapter;
 
+/**
+ * ORM-agnostic database adapter interface for @factiii/auth.
+ * Implement this interface to use any database/ORM with the auth library.
+ */
+interface AuthUser {
+    id: number;
+    status: string;
+    email: string;
+    username: string;
+    password: string | null;
+    twoFaEnabled: boolean;
+    oauthProvider: string | null;
+    oauthId: string | null;
+    tag: string;
+    verifiedHumanAt: Date | null;
+    emailVerificationStatus: string;
+    otpForEmailVerification: string | null;
+    isActive: boolean;
+}
+interface AuthSession {
+    id: number;
+    userId: number;
+    socketId: string | null;
+    twoFaSecret: string | null;
+    browserName: string;
+    issuedAt: Date;
+    lastUsed: Date;
+    revokedAt: Date | null;
+    deviceId: number | null;
+}
+interface AuthOTP {
+    id: number;
+    code: number;
+    expiresAt: Date;
+    userId: number;
+}
+interface AuthPasswordReset {
+    id: string;
+    createdAt: Date;
+    userId: number;
+}
+interface CreateUserData {
+    username: string;
+    email: string;
+    password: string | null;
+    status: string;
+    tag: string;
+    twoFaEnabled: boolean;
+    emailVerificationStatus: string;
+    verifiedHumanAt: Date | null;
+    oauthProvider?: string;
+    oauthId?: string;
+}
+interface CreateSessionData {
+    userId: number;
+    browserName: string;
+    socketId: string | null;
+    [key: string]: unknown;
+}
+type SessionWithUser = AuthSession & {
+    user: {
+        status: string;
+        verifiedHumanAt: Date | null;
+    };
+};
+type SessionWithDevice = {
+    twoFaSecret: string | null;
+    deviceId: number | null;
+    device: {
+        pushToken: string;
+    } | null;
+};
+interface DatabaseAdapter {
+    user: {
+        findByEmailInsensitive(email: string): Promise<AuthUser | null>;
+        findByUsernameInsensitive(username: string): Promise<AuthUser | null>;
+        findByEmailOrUsernameInsensitive(identifier: string): Promise<AuthUser | null>;
+        findByEmailOrOAuthId(email: string, oauthId: string): Promise<AuthUser | null>;
+        findById(id: number): Promise<AuthUser | null>;
+        findActiveById(id: number): Promise<AuthUser | null>;
+        create(data: CreateUserData): Promise<AuthUser>;
+        update(id: number, data: Partial<Omit<AuthUser, 'id'>>): Promise<AuthUser>;
+    };
+    session: {
+        /** Find session by ID with user status and verifiedHumanAt joined. */
+        findById(id: number): Promise<SessionWithUser | null>;
+        create(data: CreateSessionData): Promise<AuthSession>;
+        update(id: number, data: Partial<Pick<AuthSession, 'revokedAt' | 'lastUsed' | 'twoFaSecret' | 'deviceId'>>): Promise<AuthSession>;
+        /** Update lastUsed and return session with user's verifiedHumanAt. */
+        updateLastUsed(id: number): Promise<AuthSession & {
+            user: {
+                verifiedHumanAt: Date | null;
+            };
+        }>;
+        /** Set revokedAt on a single session. */
+        revoke(id: number): Promise<void>;
+        /** Find active (non-revoked) sessions for a user, optionally excluding one. */
+        findActiveByUserId(userId: number, excludeSessionId?: number): Promise<Pick<AuthSession, 'id' | 'socketId' | 'userId'>[]>;
+        /** Revoke all active sessions for a user, optionally excluding one. */
+        revokeAllByUserId(userId: number, excludeSessionId?: number): Promise<void>;
+        /** Get twoFaSecret from all sessions that have one for a user. */
+        findTwoFaSecretsByUserId(userId: number): Promise<{
+            twoFaSecret: string | null;
+        }[]>;
+        /** Clear twoFaSecret on sessions for a user, optionally excluding one. */
+        clearTwoFaSecrets(userId: number, excludeSessionId?: number): Promise<void>;
+        /** Find session with device relation for TOTP verification. */
+        findByIdWithDevice(id: number, userId: number): Promise<SessionWithDevice | null>;
+        /** Revoke other sessions that share a device push token. */
+        revokeByDevicePushToken(userId: number, pushToken: string, excludeSessionId: number): Promise<void>;
+        /** Clear deviceId on all sessions for a user+device pair. */
+        clearDeviceId(userId: number, deviceId: number): Promise<void>;
+    };
+    otp: {
+        findValidByUserAndCode(userId: number, code: number): Promise<AuthOTP | null>;
+        create(data: {
+            userId: number;
+            code: number;
+            expiresAt: Date;
+        }): Promise<AuthOTP>;
+        delete(id: number): Promise<void>;
+    };
+    passwordReset: {
+        findById(id: string): Promise<AuthPasswordReset | null>;
+        create(userId: number): Promise<AuthPasswordReset>;
+        delete(id: string): Promise<void>;
+        deleteAllByUserId(userId: number): Promise<void>;
+    };
+    device: {
+        findByTokenSessionAndUser(pushToken: string, sessionId: number, userId: number): Promise<{
+            id: number;
+        } | null>;
+        upsertByPushToken(pushToken: string, sessionId: number, userId: number): Promise<void>;
+        findByUserAndToken(userId: number, pushToken: string): Promise<{
+            id: number;
+        } | null>;
+        disconnectUser(deviceId: number, userId: number): Promise<void>;
+        hasRemainingUsers(deviceId: number): Promise<boolean>;
+        delete(id: number): Promise<void>;
+    };
+    admin: {
+        findByUserId(userId: number): Promise<{
+            ip: string;
+        } | null>;
+    };
+}
+
+type PrismaClient = any;
+/**
+ * Creates a DatabaseAdapter backed by Prisma.
+ * Each method is a direct extraction of existing Prisma calls from the procedures.
+ */
+declare function createPrismaAdapter(prisma: PrismaClient): DatabaseAdapter;
+
+/**
+ * Drizzle table references required by the adapter.
+ * Consumers pass their Drizzle table objects so the adapter
+ * can build queries without knowing the schema file location.
+ */
+interface DrizzleAdapterTables {
+    users: any;
+    sessions: any;
+    otps: any;
+    passwordResets: any;
+    devices: any;
+    admins: any;
+    /** Join table for many-to-many device↔user relation (if applicable). */
+    devicesToUsers?: any;
+    /** Join table for many-to-many device↔session relation (if applicable). */
+    devicesToSessions?: any;
+}
+/**
+ * Any Drizzle database instance (pg, mysql, better-sqlite3, etc.).
+ * We keep this generic so consumers aren't locked into a specific driver.
+ */
+type DrizzleDB = any;
+/**
+ * Creates a DatabaseAdapter backed by Drizzle ORM.
+ *
+ * Usage:
+ * ```ts
+ * import { drizzle } from 'drizzle-orm/node-postgres';
+ * import { createDrizzleAdapter } from '@factiii/auth';
+ * import * as schema from './schema';
+ *
+ * const db = drizzle(pool, { schema });
+ * const adapter = createDrizzleAdapter(db, {
+ *   users: schema.users,
+ *   sessions: schema.sessions,
+ *   otps: schema.otps,
+ *   passwordResets: schema.passwordResets,
+ *   devices: schema.devices,
+ *   admins: schema.admins,
+ * });
+ * ```
+ *
+ * **Important:** This adapter uses Drizzle's relational query API (`db.query.*`)
+ * for joins and `db.insert/update/delete` for mutations. Make sure your Drizzle
+ * instance is created with `{ schema }` so relational queries work.
+ */
+declare function createDrizzleAdapter(db: DrizzleDB, tables: DrizzleAdapterTables): DatabaseAdapter;
+
 /**
  * JWT payload structure
  */
@@ -241,9 +441,15 @@ interface AuthFeatures {
 }
 interface AuthConfig<TExtensions extends SchemaExtensions = {}> {
     /**
-     * Prisma client instance with required models
+     * Database adapter (use createPrismaAdapter or implement your own).
+     * If omitted but `prisma` is provided, a PrismaAdapter is created automatically.
      */
-    prisma: PrismaClient;
+    database?: DatabaseAdapter;
+    /**
+     * @deprecated Use `database` with createPrismaAdapter() instead.
+     * Prisma client instance — kept for backwards compatibility.
+     */
+    prisma?: unknown;
     /**
      * Secret keys for JWT signing
      */
@@ -318,13 +524,17 @@ declare const defaultCookieSettings: CookieSettings;
 declare const defaultStorageKeys: {
     authToken: string;
 };
+/** Resolved config type with database adapter guaranteed. */
+type ResolvedAuthConfig = Required<Omit<AuthConfig, 'hooks' | 'oauthKeys' | 'schemaExtensions' | 'prisma'>> & AuthConfig & {
+    database: DatabaseAdapter;
+};
 /**
- * Create a fully resolved auth config with defaults applied
+ * Create a fully resolved auth config with defaults applied.
+ * Accepts either `database` (adapter) or `prisma` (auto-wrapped).
  */
-declare function createAuthConfig(config: AuthConfig): Required<Omit<AuthConfig, 'hooks' | 'oauthKeys' | 'schemaExtensions'>> & AuthConfig;
-type ResolvedAuthConfig = ReturnType<typeof createAuthConfig>;
+declare function createAuthConfig(config: AuthConfig): ResolvedAuthConfig;
 /**
- * Default auth config (requires prisma and secrets to be provided)
+ * Default auth config (requires database/prisma and secrets to be provided)
  */
 declare const defaultAuthConfig: {
     features: AuthFeatures;
@@ -438,7 +648,7 @@ declare function createAuthRouter<TExtensions extends SchemaExtensions = {}>(con
                 input: void;
                 output: {
                     email: string;
-                    status: _prisma_client.$Enums.EmailVerificationStatus;
+                    status: string;
                     isVerified: boolean;
                 };
                 meta: Meta;
@@ -659,12 +869,12 @@ declare function createAuthRouter<TExtensions extends SchemaExtensions = {}>(con
                     email: zod.ZodString;
                     password: zod.ZodEffects<zod.ZodString, string, string>;
                 }, "strip", zod.ZodTypeAny, {
-                    email: string;
                     username: string;
+                    email: string;
                     password: string;
                 }, {
-                    email: string;
                     username: string;
+                    email: string;
                     password: string;
                 }>>["in"] extends infer T_7 ? T_7 extends inferParser<[TExtensions["signup"]] extends [zod.AnyZodObject] ? zod.ZodObject<{
                     username: zod.ZodString;
@@ -683,12 +893,12 @@ declare function createAuthRouter<TExtensions extends SchemaExtensions = {}>(con
                     email: zod.ZodString;
                     password: zod.ZodEffects<zod.ZodString, string, string>;
                 }, "strip", zod.ZodTypeAny, {
-                    email: string;
                     username: string;
+                    email: string;
                     password: string;
                 }, {
-                    email: string;
                     username: string;
+                    email: string;
                     password: string;
                 }>>["in"] ? T_7 extends _trpc_server.TRPCUnsetMarker ? void : T_7 : never : never;
                 output: {
@@ -1046,4 +1256,4 @@ declare function verifyTotp(code: string, secret: string): Promise<boolean>;
  */
 declare function generateOtp(min?: number, max?: number): number;
 
-export { type AuthConfig, type AuthFeatures, AuthHooks, type AuthRouter, DEFAULT_STORAGE_KEYS, type EmailAdapter, type OAuthKeys, type OAuthProvider, type OAuthResult, OAuthVerificationError, SchemaExtensions, type TokenSettings, type TrpcContext, cleanBase32String, clearAuthCookie, comparePassword, createAuthConfig, createAuthGuard, createAuthRouter, createAuthToken, createConsoleEmailAdapter, createNoopEmailAdapter, createOAuthVerifier, decodeToken, defaultAuthConfig, defaultCookieSettings, defaultStorageKeys, defaultTokenSettings, detectBrowser, generateOtp, generateTotpCode, generateTotpSecret, hashPassword, isMobileDevice, isNativeApp, isTokenExpiredError, isTokenInvalidError, parseAuthCookie, setAuthCookie, validatePasswordStrength, verifyAuthToken, verifyTotp };
+export { type AuthConfig, type AuthFeatures, AuthHooks, type AuthOTP, type AuthPasswordReset, type AuthRouter, type AuthSession, type AuthUser, type CreateSessionData, type CreateUserData, DEFAULT_STORAGE_KEYS, type DatabaseAdapter, type DrizzleAdapterTables, type EmailAdapter, type OAuthKeys, type OAuthProvider, type OAuthResult, OAuthVerificationError, SchemaExtensions, type SessionWithDevice, type SessionWithUser, type TokenSettings, type TrpcContext, cleanBase32String, clearAuthCookie, comparePassword, createAuthConfig, createAuthGuard, createAuthRouter, createAuthToken, createConsoleEmailAdapter, createDrizzleAdapter, createNoopEmailAdapter, createOAuthVerifier, createPrismaAdapter, decodeToken, defaultAuthConfig, defaultCookieSettings, defaultStorageKeys, defaultTokenSettings, detectBrowser, generateOtp, generateTotpCode, generateTotpSecret, hashPassword, isMobileDevice, isNativeApp, isTokenExpiredError, isTokenInvalidError, parseAuthCookie, setAuthCookie, validatePasswordStrength, verifyAuthToken, verifyTotp };

package/dist/index.d.ts

@@ -1,13 +1,11 @@
 import * as http from 'http';
 import * as SuperJSON from 'superjson';
 import SuperJSON__default from 'superjson';
-import * as _prisma_client from '@prisma/client';
-import { PrismaClient } from '@prisma/client';
 import * as _trpc_server from '@trpc/server';
 import * as zod from 'zod';
 import { CreateHTTPContextOptions } from '@trpc/server/adapters/standalone';
-import { S as SchemaExtensions, A as AuthHooks } from './hooks-BXNxNK4S.js';
-export { C as ChangePasswordInput, L as LoginInput, O as OAuthLoginInput, R as ResetPasswordInput, a as SignupInput, T as TwoFaVerifyInput, V as VerifyEmailInput, b as biometricVerifySchema, c as changePasswordSchema, e as endAllSessionsSchema, l as loginSchema, o as oAuthLoginSchema, r as requestPasswordResetSchema, d as resetPasswordSchema, s as signupSchema, t as twoFaResetSchema, f as twoFaVerifySchema, v as verifyEmailSchema } from './hooks-BXNxNK4S.js';
+import { S as SchemaExtensions, A as AuthHooks } from './hooks-yHGJ7C6_.js';
+export { C as ChangePasswordInput, L as LoginInput, O as OAuthLoginInput, R as ResetPasswordInput, a as SignupInput, T as TwoFaVerifyInput, V as VerifyEmailInput, b as biometricVerifySchema, c as changePasswordSchema, e as endAllSessionsSchema, l as loginSchema, o as oAuthLoginSchema, r as requestPasswordResetSchema, d as resetPasswordSchema, s as signupSchema, t as twoFaResetSchema, f as twoFaVerifySchema, v as verifyEmailSchema } from './hooks-yHGJ7C6_.js';
 
 //# sourceMappingURL=TRPCError.d.ts.map
 //#endregion
@@ -149,6 +147,208 @@ declare function createNoopEmailAdapter(): EmailAdapter;
  */
 declare function createConsoleEmailAdapter(): EmailAdapter;
 
+/**
+ * ORM-agnostic database adapter interface for @factiii/auth.
+ * Implement this interface to use any database/ORM with the auth library.
+ */
+interface AuthUser {
+    id: number;
+    status: string;
+    email: string;
+    username: string;
+    password: string | null;
+    twoFaEnabled: boolean;
+    oauthProvider: string | null;
+    oauthId: string | null;
+    tag: string;
+    verifiedHumanAt: Date | null;
+    emailVerificationStatus: string;
+    otpForEmailVerification: string | null;
+    isActive: boolean;
+}
+interface AuthSession {
+    id: number;
+    userId: number;
+    socketId: string | null;
+    twoFaSecret: string | null;
+    browserName: string;
+    issuedAt: Date;
+    lastUsed: Date;
+    revokedAt: Date | null;
+    deviceId: number | null;
+}
+interface AuthOTP {
+    id: number;
+    code: number;
+    expiresAt: Date;
+    userId: number;
+}
+interface AuthPasswordReset {
+    id: string;
+    createdAt: Date;
+    userId: number;
+}
+interface CreateUserData {
+    username: string;
+    email: string;
+    password: string | null;
+    status: string;
+    tag: string;
+    twoFaEnabled: boolean;
+    emailVerificationStatus: string;
+    verifiedHumanAt: Date | null;
+    oauthProvider?: string;
+    oauthId?: string;
+}
+interface CreateSessionData {
+    userId: number;
+    browserName: string;
+    socketId: string | null;
+    [key: string]: unknown;
+}
+type SessionWithUser = AuthSession & {
+    user: {
+        status: string;
+        verifiedHumanAt: Date | null;
+    };
+};
+type SessionWithDevice = {
+    twoFaSecret: string | null;
+    deviceId: number | null;
+    device: {
+        pushToken: string;
+    } | null;
+};
+interface DatabaseAdapter {
+    user: {
+        findByEmailInsensitive(email: string): Promise<AuthUser | null>;
+        findByUsernameInsensitive(username: string): Promise<AuthUser | null>;
+        findByEmailOrUsernameInsensitive(identifier: string): Promise<AuthUser | null>;
+        findByEmailOrOAuthId(email: string, oauthId: string): Promise<AuthUser | null>;
+        findById(id: number): Promise<AuthUser | null>;
+        findActiveById(id: number): Promise<AuthUser | null>;
+        create(data: CreateUserData): Promise<AuthUser>;
+        update(id: number, data: Partial<Omit<AuthUser, 'id'>>): Promise<AuthUser>;
+    };
+    session: {
+        /** Find session by ID with user status and verifiedHumanAt joined. */
+        findById(id: number): Promise<SessionWithUser | null>;
+        create(data: CreateSessionData): Promise<AuthSession>;
+        update(id: number, data: Partial<Pick<AuthSession, 'revokedAt' | 'lastUsed' | 'twoFaSecret' | 'deviceId'>>): Promise<AuthSession>;
+        /** Update lastUsed and return session with user's verifiedHumanAt. */
+        updateLastUsed(id: number): Promise<AuthSession & {
+            user: {
+                verifiedHumanAt: Date | null;
+            };
+        }>;
+        /** Set revokedAt on a single session. */
+        revoke(id: number): Promise<void>;
+        /** Find active (non-revoked) sessions for a user, optionally excluding one. */
+        findActiveByUserId(userId: number, excludeSessionId?: number): Promise<Pick<AuthSession, 'id' | 'socketId' | 'userId'>[]>;
+        /** Revoke all active sessions for a user, optionally excluding one. */
+        revokeAllByUserId(userId: number, excludeSessionId?: number): Promise<void>;
+        /** Get twoFaSecret from all sessions that have one for a user. */
+        findTwoFaSecretsByUserId(userId: number): Promise<{
+            twoFaSecret: string | null;
+        }[]>;
+        /** Clear twoFaSecret on sessions for a user, optionally excluding one. */
+        clearTwoFaSecrets(userId: number, excludeSessionId?: number): Promise<void>;
+        /** Find session with device relation for TOTP verification. */
+        findByIdWithDevice(id: number, userId: number): Promise<SessionWithDevice | null>;
+        /** Revoke other sessions that share a device push token. */
+        revokeByDevicePushToken(userId: number, pushToken: string, excludeSessionId: number): Promise<void>;
+        /** Clear deviceId on all sessions for a user+device pair. */
+        clearDeviceId(userId: number, deviceId: number): Promise<void>;
+    };
+    otp: {
+        findValidByUserAndCode(userId: number, code: number): Promise<AuthOTP | null>;
+        create(data: {
+            userId: number;
+            code: number;
+            expiresAt: Date;
+        }): Promise<AuthOTP>;
+        delete(id: number): Promise<void>;
+    };
+    passwordReset: {
+        findById(id: string): Promise<AuthPasswordReset | null>;
+        create(userId: number): Promise<AuthPasswordReset>;
+        delete(id: string): Promise<void>;
+        deleteAllByUserId(userId: number): Promise<void>;
+    };
+    device: {
+        findByTokenSessionAndUser(pushToken: string, sessionId: number, userId: number): Promise<{
+            id: number;
+        } | null>;
+        upsertByPushToken(pushToken: string, sessionId: number, userId: number): Promise<void>;
+        findByUserAndToken(userId: number, pushToken: string): Promise<{
+            id: number;
+        } | null>;
+        disconnectUser(deviceId: number, userId: number): Promise<void>;
+        hasRemainingUsers(deviceId: number): Promise<boolean>;
+        delete(id: number): Promise<void>;
+    };
+    admin: {
+        findByUserId(userId: number): Promise<{
+            ip: string;
+        } | null>;
+    };
+}
+
+type PrismaClient = any;
+/**
+ * Creates a DatabaseAdapter backed by Prisma.
+ * Each method is a direct extraction of existing Prisma calls from the procedures.
+ */
+declare function createPrismaAdapter(prisma: PrismaClient): DatabaseAdapter;
+
+/**
+ * Drizzle table references required by the adapter.
+ * Consumers pass their Drizzle table objects so the adapter
+ * can build queries without knowing the schema file location.
+ */
+interface DrizzleAdapterTables {
+    users: any;
+    sessions: any;
+    otps: any;
+    passwordResets: any;
+    devices: any;
+    admins: any;
+    /** Join table for many-to-many device↔user relation (if applicable). */
+    devicesToUsers?: any;
+    /** Join table for many-to-many device↔session relation (if applicable). */
+    devicesToSessions?: any;
+}
+/**
+ * Any Drizzle database instance (pg, mysql, better-sqlite3, etc.).
+ * We keep this generic so consumers aren't locked into a specific driver.
+ */
+type DrizzleDB = any;
+/**
+ * Creates a DatabaseAdapter backed by Drizzle ORM.
+ *
+ * Usage:
+ * ```ts
+ * import { drizzle } from 'drizzle-orm/node-postgres';
+ * import { createDrizzleAdapter } from '@factiii/auth';
+ * import * as schema from './schema';
+ *
+ * const db = drizzle(pool, { schema });
+ * const adapter = createDrizzleAdapter(db, {
+ *   users: schema.users,
+ *   sessions: schema.sessions,
+ *   otps: schema.otps,
+ *   passwordResets: schema.passwordResets,
+ *   devices: schema.devices,
+ *   admins: schema.admins,
+ * });
+ * ```
+ *
+ * **Important:** This adapter uses Drizzle's relational query API (`db.query.*`)
+ * for joins and `db.insert/update/delete` for mutations. Make sure your Drizzle
+ * instance is created with `{ schema }` so relational queries work.
+ */
+declare function createDrizzleAdapter(db: DrizzleDB, tables: DrizzleAdapterTables): DatabaseAdapter;
+
 /**
  * JWT payload structure
  */
@@ -241,9 +441,15 @@ interface AuthFeatures {
 }
 interface AuthConfig<TExtensions extends SchemaExtensions = {}> {
     /**
-     * Prisma client instance with required models
+     * Database adapter (use createPrismaAdapter or implement your own).
+     * If omitted but `prisma` is provided, a PrismaAdapter is created automatically.
      */
-    prisma: PrismaClient;
+    database?: DatabaseAdapter;
+    /**
+     * @deprecated Use `database` with createPrismaAdapter() instead.
+     * Prisma client instance — kept for backwards compatibility.
+     */
+    prisma?: unknown;
     /**
      * Secret keys for JWT signing
      */
@@ -318,13 +524,17 @@ declare const defaultCookieSettings: CookieSettings;
 declare const defaultStorageKeys: {
     authToken: string;
 };
+/** Resolved config type with database adapter guaranteed. */
+type ResolvedAuthConfig = Required<Omit<AuthConfig, 'hooks' | 'oauthKeys' | 'schemaExtensions' | 'prisma'>> & AuthConfig & {
+    database: DatabaseAdapter;
+};
 /**
- * Create a fully resolved auth config with defaults applied
+ * Create a fully resolved auth config with defaults applied.
+ * Accepts either `database` (adapter) or `prisma` (auto-wrapped).
  */
-declare function createAuthConfig(config: AuthConfig): Required<Omit<AuthConfig, 'hooks' | 'oauthKeys' | 'schemaExtensions'>> & AuthConfig;
-type ResolvedAuthConfig = ReturnType<typeof createAuthConfig>;
+declare function createAuthConfig(config: AuthConfig): ResolvedAuthConfig;
 /**
- * Default auth config (requires prisma and secrets to be provided)
+ * Default auth config (requires database/prisma and secrets to be provided)
  */
 declare const defaultAuthConfig: {
     features: AuthFeatures;
@@ -438,7 +648,7 @@ declare function createAuthRouter<TExtensions extends SchemaExtensions = {}>(con
                 input: void;
                 output: {
                     email: string;
-                    status: _prisma_client.$Enums.EmailVerificationStatus;
+                    status: string;
                     isVerified: boolean;
                 };
                 meta: Meta;
@@ -659,12 +869,12 @@ declare function createAuthRouter<TExtensions extends SchemaExtensions = {}>(con
                     email: zod.ZodString;
                     password: zod.ZodEffects<zod.ZodString, string, string>;
                 }, "strip", zod.ZodTypeAny, {
-                    email: string;
                     username: string;
+                    email: string;
                     password: string;
                 }, {
-                    email: string;
                     username: string;
+                    email: string;
                     password: string;
                 }>>["in"] extends infer T_7 ? T_7 extends inferParser<[TExtensions["signup"]] extends [zod.AnyZodObject] ? zod.ZodObject<{
                     username: zod.ZodString;
@@ -683,12 +893,12 @@ declare function createAuthRouter<TExtensions extends SchemaExtensions = {}>(con
                     email: zod.ZodString;
                     password: zod.ZodEffects<zod.ZodString, string, string>;
                 }, "strip", zod.ZodTypeAny, {
-                    email: string;
                     username: string;
+                    email: string;
                     password: string;
                 }, {
-                    email: string;
                     username: string;
+                    email: string;
                     password: string;
                 }>>["in"] ? T_7 extends _trpc_server.TRPCUnsetMarker ? void : T_7 : never : never;
                 output: {
@@ -1046,4 +1256,4 @@ declare function verifyTotp(code: string, secret: string): Promise<boolean>;
  */
 declare function generateOtp(min?: number, max?: number): number;
 
-export { type AuthConfig, type AuthFeatures, AuthHooks, type AuthRouter, DEFAULT_STORAGE_KEYS, type EmailAdapter, type OAuthKeys, type OAuthProvider, type OAuthResult, OAuthVerificationError, SchemaExtensions, type TokenSettings, type TrpcContext, cleanBase32String, clearAuthCookie, comparePassword, createAuthConfig, createAuthGuard, createAuthRouter, createAuthToken, createConsoleEmailAdapter, createNoopEmailAdapter, createOAuthVerifier, decodeToken, defaultAuthConfig, defaultCookieSettings, defaultStorageKeys, defaultTokenSettings, detectBrowser, generateOtp, generateTotpCode, generateTotpSecret, hashPassword, isMobileDevice, isNativeApp, isTokenExpiredError, isTokenInvalidError, parseAuthCookie, setAuthCookie, validatePasswordStrength, verifyAuthToken, verifyTotp };
+export { type AuthConfig, type AuthFeatures, AuthHooks, type AuthOTP, type AuthPasswordReset, type AuthRouter, type AuthSession, type AuthUser, type CreateSessionData, type CreateUserData, DEFAULT_STORAGE_KEYS, type DatabaseAdapter, type DrizzleAdapterTables, type EmailAdapter, type OAuthKeys, type OAuthProvider, type OAuthResult, OAuthVerificationError, SchemaExtensions, type SessionWithDevice, type SessionWithUser, type TokenSettings, type TrpcContext, cleanBase32String, clearAuthCookie, comparePassword, createAuthConfig, createAuthGuard, createAuthRouter, createAuthToken, createConsoleEmailAdapter, createDrizzleAdapter, createNoopEmailAdapter, createOAuthVerifier, createPrismaAdapter, decodeToken, defaultAuthConfig, defaultCookieSettings, defaultStorageKeys, defaultTokenSettings, detectBrowser, generateOtp, generateTotpCode, generateTotpSecret, hashPassword, isMobileDevice, isNativeApp, isTokenExpiredError, isTokenInvalidError, parseAuthCookie, setAuthCookie, validatePasswordStrength, verifyAuthToken, verifyTotp };