@neondatabase/auth 0.4.0-beta → 0.4.1-beta

package/dist/index.d.mts

@@ -1,6 +1,6 @@
-import { S as ReactBetterAuthClient, k as VanillaBetterAuthClient } from "./adapter-core-BWM7cWOp.mjs";
-import { n as BetterAuthReactAdapterInstance } from "./better-auth-react-adapter-BDxJ65mF.mjs";
-import { r as SupabaseAuthAdapterInstance, s as BetterAuthVanillaAdapterInstance } from "./supabase-adapter-BGwV0Vu2.mjs";
+import { S as ReactBetterAuthClient, k as VanillaBetterAuthClient } from "./adapter-core-ClY-p_AI.mjs";
+import { n as BetterAuthReactAdapterInstance } from "./better-auth-react-adapter-iJMZCLUI.mjs";
+import { r as SupabaseAuthAdapterInstance, s as BetterAuthVanillaAdapterInstance } from "./supabase-adapter-cuLnmLDs.mjs";
 import { a as isAuthError, i as isAuthApiError, n as AuthError, t as AuthApiError } from "./auth-interface-Clz-oWq1.mjs";
 
 //#region src/neon-auth.d.ts

package/dist/index.mjs

@@ -1,5 +1,5 @@
-import "./adapter-core-Bt4M5I2g.mjs";
+import "./adapter-core-BFMM3lwe.mjs";
 import { c as isAuthApiError, l as isAuthError, o as AuthApiError, s as AuthError } from "./better-auth-helpers-Bkezghej.mjs";
-import { n as createInternalNeonAuth, t as createAuthClient } from "./neon-auth-CS4FpK2X.mjs";
+import { n as createInternalNeonAuth, t as createAuthClient } from "./neon-auth-VDrC3GwX.mjs";
 
 export { AuthApiError, AuthError, createAuthClient, createInternalNeonAuth, isAuthApiError, isAuthError };

package/dist/{neon-auth-CS4FpK2X.mjs → neon-auth-VDrC3GwX.mjs}

@@ -1,4 +1,4 @@
-import { n as BetterAuthVanillaAdapter } from "./supabase-adapter-DBt4LJJd.mjs";
+import { n as BetterAuthVanillaAdapter } from "./supabase-adapter-CAyBFrNn.mjs";
 
 //#region src/neon-auth.ts
 /**

package/dist/next/index.mjs

@@ -1,7 +1,7 @@
-import "../adapter-core-Bt4M5I2g.mjs";
+import "../adapter-core-BFMM3lwe.mjs";
 import { c as isAuthApiError, l as isAuthError, o as AuthApiError, s as AuthError } from "../better-auth-helpers-Bkezghej.mjs";
-import { t as BetterAuthReactAdapter } from "../better-auth-react-adapter-aMv8WeDb.mjs";
-import { t as createAuthClient$1 } from "../neon-auth-CS4FpK2X.mjs";
+import { t as BetterAuthReactAdapter } from "../better-auth-react-adapter-DZTZVVnk.mjs";
+import { t as createAuthClient$1 } from "../neon-auth-VDrC3GwX.mjs";
 
 //#region src/next/index.ts
 function createAuthClient() {

package/dist/next/server/index.d.mts

@@ -1,11 +1,49 @@
-import { k as VanillaBetterAuthClient } from "../../adapter-core-BWM7cWOp.mjs";
+import { k as VanillaBetterAuthClient } from "../../adapter-core-ClY-p_AI.mjs";
 import { a as isAuthError, i as isAuthApiError, n as AuthError, t as AuthApiError } from "../../auth-interface-Clz-oWq1.mjs";
 import { NextRequest, NextResponse } from "next/server";
 
-//#region src/server/config.d.ts
+//#region src/server/logger.d.ts
+/**
+ * Framework-agnostic logging for Neon Auth server-side proxy and middleware.
+ */
+/** Supported Neon Auth log levels (`'silent'` disables all Neon Auth SDK `console` output). */
+type NeonAuthLogLevel = 'error' | 'warn' | 'info' | 'debug' | 'silent';
+/**
+ * Optional injectable logger. Omitted methods fall back to `console`.
+ *
+ * Custom implementations may receive structured fields such as `err` (the raw caught value)
+ * alongside `detail` for richer sinks (Sentry, OTel).
+ */
+type NeonAuthLogger = Partial<{
+  error(message: string, meta?: Record<string, unknown>): void;
+  warn(message: string, meta?: Record<string, unknown>): void;
+  info(message: string, meta?: Record<string, unknown>): void;
+  debug(message: string, meta?: Record<string, unknown>): void;
+}>;
+/** Resolved sink after merging defaults and level filtering (same shape as {@link NeonAuthLogger} with all methods required). */
+type ResolvedNeonAuthLogging = Required<NeonAuthLogger>;
+/**
+ * Logger / level options for Neon Auth server surfaces.
+ *
+ * When **`logLevel`** is **`'silent'`**, any **`logger`** is ignored at runtime (full mute).
+ */
+type NeonAuthLoggingInput = {
+  logger?: NeonAuthLogger;
+  /**
+   * Minimum level for Neon Auth logs. **`'silent'`** disables all Neon Auth `console` output.
+   * @default 'warn' — emits `error` and `warn` only
+   */
+  logLevel?: NeonAuthLogLevel;
+};
 /**
- * Framework-agnostic configuration types for Neon Auth
+ * Merges user logger with `console`, applies {@link NeonAuthLoggingInput} level rules.
+ *
+ * **Opt-out:** Defaults to `warn` (structured `error` / `warn` to `console`). Set **`logLevel: 'silent'`**
+ * to disable completely. Custom **`logger`** overrides `console` per level when not silent.
  */
+declare function resolveNeonAuthLogging(input?: NeonAuthLoggingInput): ResolvedNeonAuthLogging;
+//#endregion
+//#region src/server/config.d.ts
 /** Allowed values for the `SameSite` attribute on Neon Auth cookies. */
 type SessionCookieSameSite = 'strict' | 'lax' | 'none';
 /**
@@ -54,10 +92,7 @@ interface SessionCookieConfig {
    */
   sameSite?: SessionCookieSameSite;
 }
-/**
- * Base configuration for Neon Auth server utilities
- */
-interface NeonAuthConfig {
+type NeonAuthBase = {
   /**
    * Base URL for the Neon Auth server
    * @example 'https://ep-xxxx.neonauth.us-east-1.aws.neon.tech'
@@ -67,18 +102,27 @@ interface NeonAuthConfig {
    * Cookie configuration
    */
   cookies: SessionCookieConfig;
-}
+};
 /**
- * Configuration for Neon Auth middleware
- * Extends base config with middleware-specific options
+ * Base configuration for Neon Auth server utilities.
+ *
+ * Combines connection settings with {@link NeonAuthLoggingInput} (`logger`, `logLevel`, including `'silent'`).
  */
-interface NeonAuthMiddlewareConfig extends NeonAuthConfig {
+type NeonAuthConfig = NeonAuthBase & NeonAuthLoggingInput;
+/**
+ * Configuration for Neon Auth middleware.
+ */
+type NeonAuthMiddlewareConfig = NeonAuthConfig & {
   /**
    * URL to redirect to when user is not authenticated
    * @default '/auth/sign-in'
    */
   loginUrl?: string;
-}
+  /**
+   * Pre-resolved sink from {@link resolveNeonAuthLogging}. Set by {@link createNeonAuth} so middleware shares the same logging configuration as the API handler without resolving per request.
+   */
+  log?: ResolvedNeonAuthLogging;
+};
 //#endregion
 //#region src/next/server/handler.d.ts
 type Params = {
@@ -148,6 +192,9 @@ declare function authApiHandler(config: NeonAuthConfig): {
  * @param config.cookies - Cookie configuration
  * @param config.cookies.secret - Secret for signing session cookies (minimum 32 characters)
  * @param config.cookies.sessionDataTtl - Optional TTL for session cache in seconds (default: 300)
+ * @param config.logger - Optional structured logger; omitted methods fall back to `console`
+ * @param config.logLevel - Minimum log level; `'silent'` disables Neon Auth console output (default: `warn`)
+ * @param config.log - Pre-resolved logging sink (set by {@link createNeonAuth})
  * @param config.loginUrl - The URL to redirect to when the user is not authenticated (default: '/auth/sign-in')
  * @returns A middleware function that can be used in the Next.js app.
  * @throws Error if `cookies.secret` is less than 32 characters
@@ -443,7 +490,53 @@ declare const API_ENDPOINTS: {
   };
 };
 //#endregion
+//#region src/server/network-error.d.ts
+/**
+ * Classifies failed upstream `fetch` calls for clearer client responses and logs.
+ */
+/**
+ * Semver-stable transport error codes surfaced as JSON `code` on synthetic HTTP responses
+ * (for example 502 from the proxy) and in logs. Treat adding values as non-breaking;
+ * renaming or removing values is a breaking change.
+ */
+declare const NEON_AUTH_NETWORK_ERROR_CODES: readonly ["NETWORK_ERROR", "NETWORK_DNS", "NETWORK_REFUSED", "NETWORK_TIMEOUT", "NETWORK_TLS", "NETWORK_RESET", "NETWORK_ABORT"];
+/** @see NEON_AUTH_NETWORK_ERROR_CODES */
+type NeonAuthNetworkErrorCode = (typeof NEON_AUTH_NETWORK_ERROR_CODES)[number];
+/**
+ * Result of {@link classifyFetchFailure}: a transport failure with a stable
+ * {@link NeonAuthNetworkErrorCode}, or an internal/unclassified error (detail for logs only).
+ */
+type ClassifiedFetchFailure = {
+  kind: 'transport';
+  code: NeonAuthNetworkErrorCode;
+  /** Safe short detail for logs (no secrets) */
+  detail?: string;
+  /** Safe message for JSON bodies returned to clients */
+  clientMessage: string;
+} | {
+  kind: 'internal';
+  /** Truncated detail for server-side logs only */
+  detail?: string;
+  /** Generic message for JSON bodies — never echo raw `Error.message` */
+  clientMessage: string;
+};
+/**
+ * Inspects an error from `fetch` (including `cause` and aggregate errors) and
+ * returns a stable code for responses and observability.
+ */
+declare function classifyFetchFailure(error: unknown): ClassifiedFetchFailure;
+//#endregion
 //#region src/server/types.d.ts
+/**
+ * Error shape returned from Neon Auth server API helpers (`auth.signIn`, `getSession`, etc.)
+ * when the upstream call fails. `code` is a transport code, `'INTERNAL_ERROR'`, or a Better Auth HTTP error code string.
+ */
+type NeonAuthServerApiError = {
+  message: string;
+  status: number;
+  statusText: string;
+  code: NeonAuthNetworkErrorCode | 'INTERNAL_ERROR' | (string & {});
+};
 /**
  * Extract top-level keys from API_ENDPOINTS.
  * For nested endpoints like signIn.email, this extracts 'signIn' (not 'email').
@@ -476,6 +569,8 @@ type NeonAuthServer = Pick<VanillaBetterAuthClient, ServerAuthMethods>;
  * @param config.cookies.secret - Secret for signing session cookies (minimum 32 characters)
  * @param config.cookies.sessionDataTtl - Optional TTL for session cache in seconds (default: 300)
  * @param config.cookies.domain - Optional cookie domain (default: current domain)
+ * @param config.logger - Optional structured logger; omitted methods fall back to `console` (see {@link NeonAuthLogger})
+ * @param config.logLevel - Minimum level; `'silent'` disables Neon Auth server console logs (default: `warn`)
  * @returns Unified auth instance with server methods, handler, and middleware
  * @throws Error if `cookies.secret` is less than 32 characters
  *
@@ -555,4 +650,4 @@ type NeonAuth = NeonAuthServer & {
   middleware: (middlewareConfig?: Pick<NeonAuthMiddlewareConfig, 'loginUrl'>) => ReturnType<typeof neonAuthMiddleware>;
 };
 //#endregion
-export { AuthApiError, AuthError, NeonAuth, createNeonAuth, isAuthApiError, isAuthError };
+export { AuthApiError, AuthError, type ClassifiedFetchFailure, NEON_AUTH_NETWORK_ERROR_CODES, NeonAuth, type NeonAuthLogLevel, type NeonAuthLogger, type NeonAuthLoggingInput, type NeonAuthNetworkErrorCode, type NeonAuthServerApiError, type ResolvedNeonAuthLogging, classifyFetchFailure, createNeonAuth, isAuthApiError, isAuthError, resolveNeonAuthLogging };