@objectstack/plugin-auth 3.0.0 → 3.0.2

package/dist/index.js

@@ -368,7 +368,7 @@ var AuthUser = import_data.ObjectSchema.create({
   icon: "user",
   description: "User accounts for authentication",
   titleFormat: "{name} ({email})",
-  compactLayout: ["name", "email", "emailVerified"],
+  compactLayout: ["name", "email", "email_verified"],
   fields: {
     // ID is auto-generated by ObjectQL
     id: import_data.Field.text({
@@ -376,12 +376,12 @@ var AuthUser = import_data.ObjectSchema.create({
       required: true,
       readonly: true
     }),
-    createdAt: import_data.Field.datetime({
+    created_at: import_data.Field.datetime({
       label: "Created At",
       defaultValue: "NOW()",
       readonly: true
     }),
-    updatedAt: import_data.Field.datetime({
+    updated_at: import_data.Field.datetime({
       label: "Updated At",
       defaultValue: "NOW()",
       readonly: true
@@ -391,7 +391,7 @@ var AuthUser = import_data.ObjectSchema.create({
       required: true,
       searchable: true
     }),
-    emailVerified: import_data.Field.boolean({
+    email_verified: import_data.Field.boolean({
       label: "Email Verified",
       defaultValue: false
     }),
@@ -409,7 +409,7 @@ var AuthUser = import_data.ObjectSchema.create({
   // Database indexes for performance
   indexes: [
     { fields: ["email"], unique: true },
-    { fields: ["createdAt"], unique: false }
+    { fields: ["created_at"], unique: false }
   ],
   // Enable features
   enable: {
@@ -442,28 +442,28 @@ var AuthSession = import_data2.ObjectSchema.create({
   icon: "key",
   description: "Active user sessions",
   titleFormat: "Session {token}",
-  compactLayout: ["userId", "expiresAt", "ipAddress"],
+  compactLayout: ["user_id", "expires_at", "ip_address"],
   fields: {
     id: import_data2.Field.text({
       label: "Session ID",
       required: true,
       readonly: true
     }),
-    createdAt: import_data2.Field.datetime({
+    created_at: import_data2.Field.datetime({
       label: "Created At",
       defaultValue: "NOW()",
       readonly: true
     }),
-    updatedAt: import_data2.Field.datetime({
+    updated_at: import_data2.Field.datetime({
       label: "Updated At",
       defaultValue: "NOW()",
       readonly: true
     }),
-    userId: import_data2.Field.text({
+    user_id: import_data2.Field.text({
       label: "User ID",
       required: true
     }),
-    expiresAt: import_data2.Field.datetime({
+    expires_at: import_data2.Field.datetime({
       label: "Expires At",
       required: true
     }),
@@ -471,13 +471,13 @@ var AuthSession = import_data2.ObjectSchema.create({
       label: "Session Token",
       required: true
     }),
-    ipAddress: import_data2.Field.text({
+    ip_address: import_data2.Field.text({
       label: "IP Address",
       required: false,
       maxLength: 45
       // Support IPv6
     }),
-    userAgent: import_data2.Field.textarea({
+    user_agent: import_data2.Field.textarea({
       label: "User Agent",
       required: false
     })
@@ -485,8 +485,8 @@ var AuthSession = import_data2.ObjectSchema.create({
   // Database indexes for performance
   indexes: [
     { fields: ["token"], unique: true },
-    { fields: ["userId"], unique: false },
-    { fields: ["expiresAt"], unique: false }
+    { fields: ["user_id"], unique: false },
+    { fields: ["expires_at"], unique: false }
   ],
   // Enable features
   enable: {
@@ -510,56 +510,56 @@ var AuthAccount = import_data3.ObjectSchema.create({
   pluralLabel: "Accounts",
   icon: "link",
   description: "OAuth and authentication provider accounts",
-  titleFormat: "{providerId} - {accountId}",
-  compactLayout: ["providerId", "userId", "accountId"],
+  titleFormat: "{provider_id} - {account_id}",
+  compactLayout: ["provider_id", "user_id", "account_id"],
   fields: {
     id: import_data3.Field.text({
       label: "Account ID",
       required: true,
       readonly: true
     }),
-    createdAt: import_data3.Field.datetime({
+    created_at: import_data3.Field.datetime({
       label: "Created At",
       defaultValue: "NOW()",
       readonly: true
     }),
-    updatedAt: import_data3.Field.datetime({
+    updated_at: import_data3.Field.datetime({
       label: "Updated At",
       defaultValue: "NOW()",
       readonly: true
     }),
-    providerId: import_data3.Field.text({
+    provider_id: import_data3.Field.text({
       label: "Provider ID",
       required: true,
       description: "OAuth provider identifier (google, github, etc.)"
     }),
-    accountId: import_data3.Field.text({
+    account_id: import_data3.Field.text({
       label: "Provider Account ID",
       required: true,
       description: "User's ID in the provider's system"
     }),
-    userId: import_data3.Field.text({
+    user_id: import_data3.Field.text({
       label: "User ID",
       required: true,
       description: "Link to user table"
     }),
-    accessToken: import_data3.Field.textarea({
+    access_token: import_data3.Field.textarea({
       label: "Access Token",
       required: false
     }),
-    refreshToken: import_data3.Field.textarea({
+    refresh_token: import_data3.Field.textarea({
       label: "Refresh Token",
       required: false
     }),
-    idToken: import_data3.Field.textarea({
+    id_token: import_data3.Field.textarea({
       label: "ID Token",
       required: false
     }),
-    accessTokenExpiresAt: import_data3.Field.datetime({
+    access_token_expires_at: import_data3.Field.datetime({
       label: "Access Token Expires At",
       required: false
     }),
-    refreshTokenExpiresAt: import_data3.Field.datetime({
+    refresh_token_expires_at: import_data3.Field.datetime({
       label: "Refresh Token Expires At",
       required: false
     }),
@@ -575,8 +575,8 @@ var AuthAccount = import_data3.ObjectSchema.create({
   },
   // Database indexes for performance
   indexes: [
-    { fields: ["userId"], unique: false },
-    { fields: ["providerId", "accountId"], unique: true }
+    { fields: ["user_id"], unique: false },
+    { fields: ["provider_id", "account_id"], unique: true }
   ],
   // Enable features
   enable: {
@@ -598,19 +598,19 @@ var AuthVerification = import_data4.ObjectSchema.create({
   icon: "shield-check",
   description: "Email and phone verification tokens",
   titleFormat: "Verification for {identifier}",
-  compactLayout: ["identifier", "expiresAt", "createdAt"],
+  compactLayout: ["identifier", "expires_at", "created_at"],
   fields: {
     id: import_data4.Field.text({
       label: "Verification ID",
       required: true,
       readonly: true
     }),
-    createdAt: import_data4.Field.datetime({
+    created_at: import_data4.Field.datetime({
       label: "Created At",
       defaultValue: "NOW()",
       readonly: true
     }),
-    updatedAt: import_data4.Field.datetime({
+    updated_at: import_data4.Field.datetime({
       label: "Updated At",
       defaultValue: "NOW()",
       readonly: true
@@ -620,7 +620,7 @@ var AuthVerification = import_data4.ObjectSchema.create({
       required: true,
       description: "Token or code for verification"
     }),
-    expiresAt: import_data4.Field.datetime({
+    expires_at: import_data4.Field.datetime({
       label: "Expires At",
       required: true
     }),
@@ -634,7 +634,7 @@ var AuthVerification = import_data4.ObjectSchema.create({
   indexes: [
     { fields: ["value"], unique: true },
     { fields: ["identifier"], unique: false },
-    { fields: ["expiresAt"], unique: false }
+    { fields: ["expires_at"], unique: false }
   ],
   // Enable features
   enable: {

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/index.ts","../src/auth-manager.ts","../src/objectql-adapter.ts","../src/auth-plugin.ts","../src/objects/auth-user.object.ts","../src/objects/auth-session.object.ts","../src/objects/auth-account.object.ts","../src/objects/auth-verification.object.ts"],"sourcesContent":["// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\n/**\n * @objectstack/plugin-auth\n * \n * Authentication & Identity Plugin for ObjectStack\n * Powered by better-auth for robust, secure authentication\n * Uses ObjectQL for data persistence (no third-party ORM required)\n */\n\nexport * from './auth-plugin.js';\nexport * from './auth-manager.js';\nexport * from './objectql-adapter.js';\nexport * from './objects/index.js';\nexport type { AuthConfig, AuthProviderConfig, AuthPluginConfig } from '@objectstack/spec/system';\n","// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport { betterAuth } from 'better-auth';\nimport type { Auth, BetterAuthOptions } from 'better-auth';\nimport type { AuthConfig } from '@objectstack/spec/system';\nimport type { IDataEngine } from '@objectstack/core';\nimport { createObjectQLAdapter } from './objectql-adapter.js';\n\n/**\n * Extended options for AuthManager\n */\nexport interface AuthManagerOptions extends Partial<AuthConfig> {\n  /**\n   * Better-Auth instance (for advanced use cases)\n   * If not provided, one will be created from config\n   */\n  authInstance?: Auth<any>;\n  \n  /**\n   * ObjectQL Data Engine instance\n   * Required for database operations using ObjectQL instead of third-party ORMs\n   */\n  dataEngine?: IDataEngine;\n}\n\n/**\n * Authentication Manager\n * \n * Wraps better-auth and provides authentication services for ObjectStack.\n * Supports multiple authentication methods:\n * - Email/password\n * - OAuth providers (Google, GitHub, etc.)\n * - Magic links\n * - Two-factor authentication\n * - Passkeys\n * - Organization/teams\n */\nexport class AuthManager {\n  private auth: Auth<any> | null = null;\n  private config: AuthManagerOptions;\n\n  constructor(config: AuthManagerOptions) {\n    this.config = config;\n    \n    // Use provided auth instance\n    if (config.authInstance) {\n      this.auth = config.authInstance;\n    }\n    // Don't create auth instance automatically to avoid database initialization errors\n    // It will be created lazily when needed\n  }\n\n  /**\n   * Get or create the better-auth instance (lazy initialization)\n   */\n  private getOrCreateAuth(): Auth<any> {\n    if (!this.auth) {\n      this.auth = this.createAuthInstance();\n    }\n    return this.auth;\n  }\n\n  /**\n   * Create a better-auth instance from configuration\n   */\n  private createAuthInstance(): Auth<any> {\n    const betterAuthConfig: BetterAuthOptions = {\n      // Base configuration\n      secret: this.config.secret || this.generateSecret(),\n      baseURL: this.config.baseUrl || 'http://localhost:3000',\n      \n      // Database adapter configuration\n      // For now, we configure a basic setup that will be enhanced\n      // when database URL is provided and drizzle-orm is available\n      database: this.createDatabaseConfig(),\n      \n      // Email configuration\n      emailAndPassword: {\n        enabled: true,\n      },\n      \n      // Session configuration\n      session: {\n        expiresIn: this.config.session?.expiresIn || 60 * 60 * 24 * 7, // 7 days default\n        updateAge: this.config.session?.updateAge || 60 * 60 * 24, // 1 day default\n      },\n    };\n\n    return betterAuth(betterAuthConfig);\n  }\n\n  /**\n   * Create database configuration using ObjectQL adapter\n   */\n  private createDatabaseConfig(): any {\n    // Use ObjectQL adapter if dataEngine is provided\n    if (this.config.dataEngine) {\n      return createObjectQLAdapter(this.config.dataEngine);\n    }\n    \n    // Fallback warning if no dataEngine is provided\n    console.warn(\n      '⚠️  WARNING: No dataEngine provided to AuthManager! ' +\n      'Using in-memory storage. This is NOT suitable for production. ' +\n      'Please provide a dataEngine instance (e.g., ObjectQL) in AuthManagerOptions.'\n    );\n    \n    // Return a minimal in-memory configuration as fallback\n    // This allows the system to work in development/testing without a real database\n    return undefined; // better-auth will use its default in-memory adapter\n  }\n\n  /**\n   * Generate a secure secret if not provided\n   */\n  private generateSecret(): string {\n    const envSecret = process.env.AUTH_SECRET;\n    \n    if (!envSecret) {\n      // In production, a secret MUST be provided\n      // For development/testing, we'll use a fallback but warn about it\n      const fallbackSecret = 'dev-secret-' + Date.now();\n      \n      console.warn(\n        '⚠️  WARNING: No AUTH_SECRET environment variable set! ' +\n        'Using a temporary development secret. ' +\n        'This is NOT secure for production use. ' +\n        'Please set AUTH_SECRET in your environment variables.'\n      );\n      \n      return fallbackSecret;\n    }\n    \n    return envSecret;\n  }\n\n  /**\n   * Get the underlying better-auth instance\n   * Useful for advanced use cases\n   */\n  getAuthInstance(): Auth<any> {\n    return this.getOrCreateAuth();\n  }\n\n  /**\n   * Handle an authentication request\n   * Forwards the request directly to better-auth's universal handler\n   * \n   * @param request - Web standard Request object\n   * @returns Web standard Response object\n   */\n  async handleRequest(request: Request): Promise<Response> {\n    const auth = this.getOrCreateAuth();\n    return await auth.handler(request);\n  }\n\n  /**\n   * Get the better-auth API for programmatic access\n   * Use this for server-side operations (e.g., creating users, checking sessions)\n   */\n  get api() {\n    return this.getOrCreateAuth().api;\n  }\n}\n","// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport type { IDataEngine } from '@objectstack/core';\nimport type { CleanedWhere } from 'better-auth/adapters';\n\n/**\n * ObjectQL Adapter for better-auth\n * \n * Bridges better-auth's database adapter interface with ObjectQL's IDataEngine.\n * This allows better-auth to use ObjectQL for data persistence instead of\n * third-party ORMs like drizzle-orm.\n * \n * Uses better-auth's native naming conventions (camelCase) for seamless migration.\n * \n * @param dataEngine - ObjectQL data engine instance\n * @returns better-auth CustomAdapter\n */\nexport function createObjectQLAdapter(dataEngine: IDataEngine) {\n  /**\n   * Convert better-auth where clause to ObjectQL query format\n   */\n  function convertWhere(where: CleanedWhere[]): Record<string, any> {\n    const filter: Record<string, any> = {};\n    \n    for (const condition of where) {\n      // Use field names as-is (no conversion needed)\n      const fieldName = condition.field;\n      \n      if (condition.operator === 'eq') {\n        filter[fieldName] = condition.value;\n      } else if (condition.operator === 'ne') {\n        filter[fieldName] = { $ne: condition.value };\n      } else if (condition.operator === 'in') {\n        filter[fieldName] = { $in: condition.value };\n      } else if (condition.operator === 'gt') {\n        filter[fieldName] = { $gt: condition.value };\n      } else if (condition.operator === 'gte') {\n        filter[fieldName] = { $gte: condition.value };\n      } else if (condition.operator === 'lt') {\n        filter[fieldName] = { $lt: condition.value };\n      } else if (condition.operator === 'lte') {\n        filter[fieldName] = { $lte: condition.value };\n      } else if (condition.operator === 'contains') {\n        filter[fieldName] = { $regex: condition.value };\n      }\n    }\n    \n    return filter;\n  }\n\n  return {\n    create: async <T extends Record<string, any>>({ model, data, select: _select }: { model: string; data: T; select?: string[] }): Promise<T> => {\n      // Use model name as-is (no conversion needed)\n      const objectName = model;\n      \n      // Note: select parameter is currently not supported by ObjectQL's insert operation\n      // The full record is always returned after insertion\n      const result = await dataEngine.insert(objectName, data);\n      return result as T;\n    },\n    \n    findOne: async <T>({ model, where, select, join: _join }: { model: string; where: CleanedWhere[]; select?: string[]; join?: any }): Promise<T | null> => {\n      const objectName = model;\n      const filter = convertWhere(where);\n      \n      // Note: join parameter is not currently supported by ObjectQL's findOne operation\n      // Joins/populate functionality is planned for future ObjectQL releases\n      // For now, related data must be fetched separately\n      \n      const result = await dataEngine.findOne(objectName, {\n        filter,\n        select,\n      });\n      \n      return result ? result as T : null;\n    },\n    \n    findMany: async <T>({ model, where, limit, offset, sortBy, join: _join }: { model: string; where?: CleanedWhere[]; limit: number; offset?: number; sortBy?: { field: string; direction: 'asc' | 'desc' }; join?: any }): Promise<T[]> => {\n      const objectName = model;\n      const filter = where ? convertWhere(where) : {};\n      \n      // Note: join parameter is not currently supported by ObjectQL's find operation\n      // Joins/populate functionality is planned for future ObjectQL releases\n      \n      const sort = sortBy ? [{\n        field: sortBy.field,\n        order: sortBy.direction as 'asc' | 'desc',\n      }] : undefined;\n      \n      const results = await dataEngine.find(objectName, {\n        filter,\n        limit: limit || 100,\n        skip: offset,\n        sort,\n      });\n      \n      return results as T[];\n    },\n    \n    count: async ({ model, where }: { model: string; where?: CleanedWhere[] }): Promise<number> => {\n      const objectName = model;\n      const filter = where ? convertWhere(where) : {};\n      \n      return await dataEngine.count(objectName, { filter });\n    },\n    \n    update: async <T>({ model, where, update }: { model: string; where: CleanedWhere[]; update: Record<string, any> }): Promise<T | null> => {\n      const objectName = model;\n      const filter = convertWhere(where);\n      \n      // Find the record first to get its ID\n      const record = await dataEngine.findOne(objectName, { filter });\n      if (!record) {\n        return null;\n      }\n      \n      const result = await dataEngine.update(objectName, {\n        ...update,\n        id: record.id,\n      });\n      \n      return result ? result as T : null;\n    },\n    \n    updateMany: async ({ model, where, update }: { model: string; where: CleanedWhere[]; update: Record<string, any> }): Promise<number> => {\n      const objectName = model;\n      const filter = convertWhere(where);\n      \n      // Note: Sequential updates are used here because ObjectQL's IDataEngine interface\n      // requires an ID for updates. A future optimization could use a bulk update\n      // operation if ObjectQL adds support for filter-based updates without IDs.\n      \n      // Find all matching records\n      const records = await dataEngine.find(objectName, { filter });\n      \n      // Update each record\n      for (const record of records) {\n        await dataEngine.update(objectName, {\n          ...update,\n          id: record.id,\n        });\n      }\n      \n      return records.length;\n    },\n    \n    delete: async ({ model, where }: { model: string; where: CleanedWhere[] }): Promise<void> => {\n      const objectName = model;\n      const filter = convertWhere(where);\n      \n      // Note: We need to find the record first to get its ID because ObjectQL's\n      // delete operation requires an ID. Direct filter-based delete would be more\n      // efficient if supported by ObjectQL in the future.\n      const record = await dataEngine.findOne(objectName, { filter });\n      if (!record) {\n        return;\n      }\n      \n      await dataEngine.delete(objectName, { filter: { id: record.id } });\n    },\n    \n    deleteMany: async ({ model, where }: { model: string; where: CleanedWhere[] }): Promise<number> => {\n      const objectName = model;\n      const filter = convertWhere(where);\n      \n      // Note: Sequential deletes are used here because ObjectQL's delete operation\n      // requires an ID in the filter. A future optimization could use a single\n      // delete call with the original filter if ObjectQL supports it.\n      \n      // Find all matching records\n      const records = await dataEngine.find(objectName, { filter });\n      \n      // Delete each record\n      for (const record of records) {\n        await dataEngine.delete(objectName, { filter: { id: record.id } });\n      }\n      \n      return records.length;\n    },\n  };\n}\n","// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport { Plugin, PluginContext, IHttpServer } from '@objectstack/core';\nimport { AuthConfig } from '@objectstack/spec/system';\nimport { AuthManager } from './auth-manager.js';\n\n/**\n * Auth Plugin Options\n * Extends AuthConfig from spec with additional runtime options\n */\nexport interface AuthPluginOptions extends Partial<AuthConfig> {\n  /**\n   * Whether to automatically register auth routes\n   * @default true\n   */\n  registerRoutes?: boolean;\n  \n  /**\n   * Base path for auth routes\n   * @default '/api/v1/auth'\n   */\n  basePath?: string;\n}\n\n/**\n * Authentication Plugin\n * \n * Provides authentication and identity services for ObjectStack applications.\n * \n * Features:\n * - Session management\n * - User registration/login\n * - OAuth providers (Google, GitHub, etc.)\n * - Organization/team support\n * - 2FA, passkeys, magic links\n * \n * This plugin registers:\n * - `auth` service (auth manager instance)\n * - HTTP routes for authentication endpoints\n * \n * Integrates with better-auth library to provide comprehensive\n * authentication capabilities including email/password, OAuth, 2FA,\n * magic links, passkeys, and organization support.\n */\nexport class AuthPlugin implements Plugin {\n  name = 'com.objectstack.auth';\n  type = 'standard';\n  version = '1.0.0';\n  dependencies = ['com.objectstack.server.hono']; // Requires HTTP server\n  \n  private options: AuthPluginOptions;\n  private authManager: AuthManager | null = null;\n\n  constructor(options: AuthPluginOptions = {}) {\n    this.options = {\n      registerRoutes: true,\n      basePath: '/api/v1/auth',\n      ...options\n    };\n  }\n\n  async init(ctx: PluginContext): Promise<void> {\n    ctx.logger.info('Initializing Auth Plugin...');\n\n    // Validate required configuration\n    if (!this.options.secret) {\n      throw new Error('AuthPlugin: secret is required');\n    }\n\n    // Get data engine service for database operations\n    const dataEngine = ctx.getService<any>('data');\n    if (!dataEngine) {\n      ctx.logger.warn('No data engine service found - auth will use in-memory storage');\n    }\n\n    // Initialize auth manager with data engine\n    this.authManager = new AuthManager({\n      ...this.options,\n      dataEngine,\n    });\n\n    // Register auth service\n    ctx.registerService('auth', this.authManager);\n    \n    ctx.logger.info('Auth Plugin initialized successfully');\n  }\n\n  async start(ctx: PluginContext): Promise<void> {\n    ctx.logger.info('Starting Auth Plugin...');\n\n    if (!this.authManager) {\n      throw new Error('Auth manager not initialized');\n    }\n\n    // Register HTTP routes if enabled\n    if (this.options.registerRoutes) {\n      try {\n        const httpServer = ctx.getService<IHttpServer>('http-server');\n        this.registerAuthRoutes(httpServer, ctx);\n        ctx.logger.info(`Auth routes registered at ${this.options.basePath}`);\n      } catch (error) {\n        const err = error instanceof Error ? error : new Error(String(error));\n        ctx.logger.error('Failed to register auth routes:', err);\n        throw err;\n      }\n    }\n\n    // Register auth middleware on ObjectQL engine (if available)\n    try {\n      const ql = ctx.getService<any>('objectql');\n      if (ql && typeof ql.registerMiddleware === 'function') {\n        ql.registerMiddleware(async (opCtx: any, next: () => Promise<void>) => {\n          // If context already has userId or isSystem, skip auth resolution\n          if (opCtx.context?.userId || opCtx.context?.isSystem) {\n            return next();\n          }\n          // Future: resolve session from AsyncLocalStorage or request context\n          await next();\n        });\n        ctx.logger.info('Auth middleware registered on ObjectQL engine');\n      }\n    } catch (_e) {\n      ctx.logger.debug('ObjectQL engine not available, skipping auth middleware registration');\n    }\n\n    ctx.logger.info('Auth Plugin started successfully');\n  }\n\n  async destroy(): Promise<void> {\n    // Cleanup if needed\n    this.authManager = null;\n  }\n\n  /**\n   * Register authentication routes with HTTP server\n   * \n   * Uses better-auth's universal handler for all authentication requests.\n   * This forwards all requests under basePath to better-auth, which handles:\n   * - Email/password authentication\n   * - OAuth providers (Google, GitHub, etc.)\n   * - Session management\n   * - Password reset\n   * - Email verification\n   * - 2FA, passkeys, magic links (if enabled)\n   */\n  private registerAuthRoutes(httpServer: IHttpServer, ctx: PluginContext): void {\n    if (!this.authManager) return;\n\n    const basePath = this.options.basePath || '/api/v1/auth';\n\n    // Get raw Hono app to use native wildcard routing\n    // Type assertion is safe here because we explicitly require Hono server as a dependency\n    if (!('getRawApp' in httpServer) || typeof (httpServer as any).getRawApp !== 'function') {\n      ctx.logger.error('HTTP server does not support getRawApp() - wildcard routing requires Hono server');\n      throw new Error(\n        'AuthPlugin requires HonoServerPlugin for wildcard routing support. ' +\n        'Please ensure HonoServerPlugin is loaded before AuthPlugin.'\n      );\n    }\n\n    const rawApp = (httpServer as any).getRawApp();\n\n    // Register wildcard route to forward all auth requests to better-auth\n    // Better-auth expects requests at its baseURL, so we need to preserve the full path\n    rawApp.all(`${basePath}/*`, async (c: any) => {\n      try {\n        // Get the Web standard Request from Hono context\n        const request = c.req.raw as Request;\n        \n        // Create a new Request with the path rewritten to match better-auth's expectations\n        // Better-auth expects paths like /sign-in/email, /sign-up/email, etc.\n        // We need to strip our basePath prefix\n        const url = new URL(request.url);\n        const authPath = url.pathname.replace(basePath, '');\n        const rewrittenUrl = new URL(authPath || '/', url.origin);\n        rewrittenUrl.search = url.search; // Preserve query params\n        \n        const rewrittenRequest = new Request(rewrittenUrl, {\n          method: request.method,\n          headers: request.headers,\n          body: request.body,\n          duplex: 'half' as any, // Required for Request with body\n        });\n\n        // Forward to better-auth handler\n        const response = await this.authManager!.handleRequest(rewrittenRequest);\n        \n        return response;\n      } catch (error) {\n        const err = error instanceof Error ? error : new Error(String(error));\n        ctx.logger.error('Auth request error:', err);\n        \n        // Return error response\n        return new Response(\n          JSON.stringify({\n            success: false,\n            error: err.message,\n          }),\n          {\n            status: 500,\n            headers: { 'Content-Type': 'application/json' },\n          }\n        );\n      }\n    });\n\n    ctx.logger.info(`Auth routes registered: All requests under ${basePath}/* forwarded to better-auth`);\n  }\n}\n\n\n\n","// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport { ObjectSchema, Field } from '@objectstack/spec/data';\n\n/**\n * Auth User Object\n * \n * Uses better-auth's native schema for seamless migration:\n * - id: string\n * - createdAt: Date\n * - updatedAt: Date\n * - email: string (unique, lowercase)\n * - emailVerified: boolean\n * - name: string\n * - image: string | null\n */\nexport const AuthUser = ObjectSchema.create({\n  name: 'user',\n  label: 'User',\n  pluralLabel: 'Users',\n  icon: 'user',\n  description: 'User accounts for authentication',\n  titleFormat: '{name} ({email})',\n  compactLayout: ['name', 'email', 'emailVerified'],\n  \n  fields: {\n    // ID is auto-generated by ObjectQL\n    id: Field.text({\n      label: 'User ID',\n      required: true,\n      readonly: true,\n    }),\n    \n    createdAt: Field.datetime({\n      label: 'Created At',\n      defaultValue: 'NOW()',\n      readonly: true,\n    }),\n    \n    updatedAt: Field.datetime({\n      label: 'Updated At',\n      defaultValue: 'NOW()',\n      readonly: true,\n    }),\n    \n    email: Field.email({\n      label: 'Email',\n      required: true,\n      searchable: true,\n    }),\n    \n    emailVerified: Field.boolean({\n      label: 'Email Verified',\n      defaultValue: false,\n    }),\n    \n    name: Field.text({\n      label: 'Name',\n      required: true,\n      searchable: true,\n      maxLength: 255,\n    }),\n    \n    image: Field.url({\n      label: 'Profile Image',\n      required: false,\n    }),\n  },\n  \n  // Database indexes for performance\n  indexes: [\n    { fields: ['email'], unique: true },\n    { fields: ['createdAt'], unique: false },\n  ],\n  \n  // Enable features\n  enable: {\n    trackHistory: true,\n    searchable: true,\n    apiEnabled: true,\n    apiMethods: ['get', 'list', 'create', 'update', 'delete'],\n    trash: true,\n    mru: true,\n  },\n  \n  // Validation Rules\n  validations: [\n    {\n      name: 'email_unique',\n      type: 'unique',\n      severity: 'error',\n      message: 'Email must be unique',\n      fields: ['email'],\n      caseSensitive: false,\n    },\n  ],\n});\n","// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport { ObjectSchema, Field } from '@objectstack/spec/data';\n\n/**\n * Auth Session Object\n * \n * Uses better-auth's native schema for seamless migration:\n * - id: string\n * - createdAt: Date\n * - updatedAt: Date\n * - userId: string\n * - expiresAt: Date\n * - token: string\n * - ipAddress: string | null\n * - userAgent: string | null\n */\nexport const AuthSession = ObjectSchema.create({\n  name: 'session',\n  label: 'Session',\n  pluralLabel: 'Sessions',\n  icon: 'key',\n  description: 'Active user sessions',\n  titleFormat: 'Session {token}',\n  compactLayout: ['userId', 'expiresAt', 'ipAddress'],\n  \n  fields: {\n    id: Field.text({\n      label: 'Session ID',\n      required: true,\n      readonly: true,\n    }),\n    \n    createdAt: Field.datetime({\n      label: 'Created At',\n      defaultValue: 'NOW()',\n      readonly: true,\n    }),\n    \n    updatedAt: Field.datetime({\n      label: 'Updated At',\n      defaultValue: 'NOW()',\n      readonly: true,\n    }),\n    \n    userId: Field.text({\n      label: 'User ID',\n      required: true,\n    }),\n    \n    expiresAt: Field.datetime({\n      label: 'Expires At',\n      required: true,\n    }),\n    \n    token: Field.text({\n      label: 'Session Token',\n      required: true,\n    }),\n    \n    ipAddress: Field.text({\n      label: 'IP Address',\n      required: false,\n      maxLength: 45, // Support IPv6\n    }),\n    \n    userAgent: Field.textarea({\n      label: 'User Agent',\n      required: false,\n    }),\n  },\n  \n  // Database indexes for performance\n  indexes: [\n    { fields: ['token'], unique: true },\n    { fields: ['userId'], unique: false },\n    { fields: ['expiresAt'], unique: false },\n  ],\n  \n  // Enable features\n  enable: {\n    trackHistory: false, // Sessions don't need history tracking\n    searchable: false,\n    apiEnabled: true,\n    apiMethods: ['get', 'list', 'create', 'delete'], // No update for sessions\n    trash: false, // Sessions should be hard deleted\n    mru: false,\n  },\n});\n","// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport { ObjectSchema, Field } from '@objectstack/spec/data';\n\n/**\n * Auth Account Object\n * \n * Uses better-auth's native schema for seamless migration:\n * - id: string\n * - createdAt: Date\n * - updatedAt: Date\n * - providerId: string (e.g., 'google', 'github')\n * - accountId: string (provider's user ID)\n * - userId: string (link to user table)\n * - accessToken: string | null\n * - refreshToken: string | null\n * - idToken: string | null\n * - accessTokenExpiresAt: Date | null\n * - refreshTokenExpiresAt: Date | null\n * - scope: string | null\n * - password: string | null (for email/password provider)\n */\nexport const AuthAccount = ObjectSchema.create({\n  name: 'account',\n  label: 'Account',\n  pluralLabel: 'Accounts',\n  icon: 'link',\n  description: 'OAuth and authentication provider accounts',\n  titleFormat: '{providerId} - {accountId}',\n  compactLayout: ['providerId', 'userId', 'accountId'],\n  \n  fields: {\n    id: Field.text({\n      label: 'Account ID',\n      required: true,\n      readonly: true,\n    }),\n    \n    createdAt: Field.datetime({\n      label: 'Created At',\n      defaultValue: 'NOW()',\n      readonly: true,\n    }),\n    \n    updatedAt: Field.datetime({\n      label: 'Updated At',\n      defaultValue: 'NOW()',\n      readonly: true,\n    }),\n    \n    providerId: Field.text({\n      label: 'Provider ID',\n      required: true,\n      description: 'OAuth provider identifier (google, github, etc.)',\n    }),\n    \n    accountId: Field.text({\n      label: 'Provider Account ID',\n      required: true,\n      description: \"User's ID in the provider's system\",\n    }),\n    \n    userId: Field.text({\n      label: 'User ID',\n      required: true,\n      description: 'Link to user table',\n    }),\n    \n    accessToken: Field.textarea({\n      label: 'Access Token',\n      required: false,\n    }),\n    \n    refreshToken: Field.textarea({\n      label: 'Refresh Token',\n      required: false,\n    }),\n    \n    idToken: Field.textarea({\n      label: 'ID Token',\n      required: false,\n    }),\n    \n    accessTokenExpiresAt: Field.datetime({\n      label: 'Access Token Expires At',\n      required: false,\n    }),\n    \n    refreshTokenExpiresAt: Field.datetime({\n      label: 'Refresh Token Expires At',\n      required: false,\n    }),\n    \n    scope: Field.text({\n      label: 'OAuth Scope',\n      required: false,\n    }),\n    \n    password: Field.text({\n      label: 'Password Hash',\n      required: false,\n      description: 'Hashed password for email/password provider',\n    }),\n  },\n  \n  // Database indexes for performance\n  indexes: [\n    { fields: ['userId'], unique: false },\n    { fields: ['providerId', 'accountId'], unique: true },\n  ],\n  \n  // Enable features\n  enable: {\n    trackHistory: false,\n    searchable: false,\n    apiEnabled: true,\n    apiMethods: ['get', 'list', 'create', 'update', 'delete'],\n    trash: true,\n    mru: false,\n  },\n});\n","// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport { ObjectSchema, Field } from '@objectstack/spec/data';\n\n/**\n * Auth Verification Object\n * \n * Uses better-auth's native schema for seamless migration:\n * - id: string\n * - createdAt: Date\n * - updatedAt: Date\n * - value: string (verification token/code)\n * - expiresAt: Date\n * - identifier: string (email or phone number)\n */\nexport const AuthVerification = ObjectSchema.create({\n  name: 'verification',\n  label: 'Verification',\n  pluralLabel: 'Verifications',\n  icon: 'shield-check',\n  description: 'Email and phone verification tokens',\n  titleFormat: 'Verification for {identifier}',\n  compactLayout: ['identifier', 'expiresAt', 'createdAt'],\n  \n  fields: {\n    id: Field.text({\n      label: 'Verification ID',\n      required: true,\n      readonly: true,\n    }),\n    \n    createdAt: Field.datetime({\n      label: 'Created At',\n      defaultValue: 'NOW()',\n      readonly: true,\n    }),\n    \n    updatedAt: Field.datetime({\n      label: 'Updated At',\n      defaultValue: 'NOW()',\n      readonly: true,\n    }),\n    \n    value: Field.text({\n      label: 'Verification Token',\n      required: true,\n      description: 'Token or code for verification',\n    }),\n    \n    expiresAt: Field.datetime({\n      label: 'Expires At',\n      required: true,\n    }),\n    \n    identifier: Field.text({\n      label: 'Identifier',\n      required: true,\n      description: 'Email address or phone number',\n    }),\n  },\n  \n  // Database indexes for performance\n  indexes: [\n    { fields: ['value'], unique: true },\n    { fields: ['identifier'], unique: false },\n    { fields: ['expiresAt'], unique: false },\n  ],\n  \n  // Enable features\n  enable: {\n    trackHistory: false,\n    searchable: false,\n    apiEnabled: true,\n    apiMethods: ['get', 'create', 'delete'], // No list or update\n    trash: false, // Hard delete expired tokens\n    mru: false,\n  },\n});\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACEA,yBAA2B;;;ACepB,SAAS,sBAAsB,YAAyB;AAI7D,WAAS,aAAa,OAA4C;AAChE,UAAM,SAA8B,CAAC;AAErC,eAAW,aAAa,OAAO;AAE7B,YAAM,YAAY,UAAU;AAE5B,UAAI,UAAU,aAAa,MAAM;AAC/B,eAAO,SAAS,IAAI,UAAU;AAAA,MAChC,WAAW,UAAU,aAAa,MAAM;AACtC,eAAO,SAAS,IAAI,EAAE,KAAK,UAAU,MAAM;AAAA,MAC7C,WAAW,UAAU,aAAa,MAAM;AACtC,eAAO,SAAS,IAAI,EAAE,KAAK,UAAU,MAAM;AAAA,MAC7C,WAAW,UAAU,aAAa,MAAM;AACtC,eAAO,SAAS,IAAI,EAAE,KAAK,UAAU,MAAM;AAAA,MAC7C,WAAW,UAAU,aAAa,OAAO;AACvC,eAAO,SAAS,IAAI,EAAE,MAAM,UAAU,MAAM;AAAA,MAC9C,WAAW,UAAU,aAAa,MAAM;AACtC,eAAO,SAAS,IAAI,EAAE,KAAK,UAAU,MAAM;AAAA,MAC7C,WAAW,UAAU,aAAa,OAAO;AACvC,eAAO,SAAS,IAAI,EAAE,MAAM,UAAU,MAAM;AAAA,MAC9C,WAAW,UAAU,aAAa,YAAY;AAC5C,eAAO,SAAS,IAAI,EAAE,QAAQ,UAAU,MAAM;AAAA,MAChD;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL,QAAQ,OAAsC,EAAE,OAAO,MAAM,QAAQ,QAAQ,MAAiE;AAE5I,YAAM,aAAa;AAInB,YAAM,SAAS,MAAM,WAAW,OAAO,YAAY,IAAI;AACvD,aAAO;AAAA,IACT;AAAA,IAEA,SAAS,OAAU,EAAE,OAAO,OAAO,QAAQ,MAAM,MAAM,MAAkG;AACvJ,YAAM,aAAa;AACnB,YAAM,SAAS,aAAa,KAAK;AAMjC,YAAM,SAAS,MAAM,WAAW,QAAQ,YAAY;AAAA,QAClD;AAAA,QACA;AAAA,MACF,CAAC;AAED,aAAO,SAAS,SAAc;AAAA,IAChC;AAAA,IAEA,UAAU,OAAU,EAAE,OAAO,OAAO,OAAO,QAAQ,QAAQ,MAAM,MAAM,MAAkK;AACvO,YAAM,aAAa;AACnB,YAAM,SAAS,QAAQ,aAAa,KAAK,IAAI,CAAC;AAK9C,YAAM,OAAO,SAAS,CAAC;AAAA,QACrB,OAAO,OAAO;AAAA,QACd,OAAO,OAAO;AAAA,MAChB,CAAC,IAAI;AAEL,YAAM,UAAU,MAAM,WAAW,KAAK,YAAY;AAAA,QAChD;AAAA,QACA,OAAO,SAAS;AAAA,QAChB,MAAM;AAAA,QACN;AAAA,MACF,CAAC;AAED,aAAO;AAAA,IACT;AAAA,IAEA,OAAO,OAAO,EAAE,OAAO,MAAM,MAAkE;AAC7F,YAAM,aAAa;AACnB,YAAM,SAAS,QAAQ,aAAa,KAAK,IAAI,CAAC;AAE9C,aAAO,MAAM,WAAW,MAAM,YAAY,EAAE,OAAO,CAAC;AAAA,IACtD;AAAA,IAEA,QAAQ,OAAU,EAAE,OAAO,OAAO,OAAO,MAAgG;AACvI,YAAM,aAAa;AACnB,YAAM,SAAS,aAAa,KAAK;AAGjC,YAAM,SAAS,MAAM,WAAW,QAAQ,YAAY,EAAE,OAAO,CAAC;AAC9D,UAAI,CAAC,QAAQ;AACX,eAAO;AAAA,MACT;AAEA,YAAM,SAAS,MAAM,WAAW,OAAO,YAAY;AAAA,QACjD,GAAG;AAAA,QACH,IAAI,OAAO;AAAA,MACb,CAAC;AAED,aAAO,SAAS,SAAc;AAAA,IAChC;AAAA,IAEA,YAAY,OAAO,EAAE,OAAO,OAAO,OAAO,MAA8F;AACtI,YAAM,aAAa;AACnB,YAAM,SAAS,aAAa,KAAK;AAOjC,YAAM,UAAU,MAAM,WAAW,KAAK,YAAY,EAAE,OAAO,CAAC;AAG5D,iBAAW,UAAU,SAAS;AAC5B,cAAM,WAAW,OAAO,YAAY;AAAA,UAClC,GAAG;AAAA,UACH,IAAI,OAAO;AAAA,QACb,CAAC;AAAA,MACH;AAEA,aAAO,QAAQ;AAAA,IACjB;AAAA,IAEA,QAAQ,OAAO,EAAE,OAAO,MAAM,MAA+D;AAC3F,YAAM,aAAa;AACnB,YAAM,SAAS,aAAa,KAAK;AAKjC,YAAM,SAAS,MAAM,WAAW,QAAQ,YAAY,EAAE,OAAO,CAAC;AAC9D,UAAI,CAAC,QAAQ;AACX;AAAA,MACF;AAEA,YAAM,WAAW,OAAO,YAAY,EAAE,QAAQ,EAAE,IAAI,OAAO,GAAG,EAAE,CAAC;AAAA,IACnE;AAAA,IAEA,YAAY,OAAO,EAAE,OAAO,MAAM,MAAiE;AACjG,YAAM,aAAa;AACnB,YAAM,SAAS,aAAa,KAAK;AAOjC,YAAM,UAAU,MAAM,WAAW,KAAK,YAAY,EAAE,OAAO,CAAC;AAG5D,iBAAW,UAAU,SAAS;AAC5B,cAAM,WAAW,OAAO,YAAY,EAAE,QAAQ,EAAE,IAAI,OAAO,GAAG,EAAE,CAAC;AAAA,MACnE;AAEA,aAAO,QAAQ;AAAA,IACjB;AAAA,EACF;AACF;;;AD/IO,IAAM,cAAN,MAAkB;AAAA,EAIvB,YAAY,QAA4B;AAHxC,SAAQ,OAAyB;AAI/B,SAAK,SAAS;AAGd,QAAI,OAAO,cAAc;AACvB,WAAK,OAAO,OAAO;AAAA,IACrB;AAAA,EAGF;AAAA;AAAA;AAAA;AAAA,EAKQ,kBAA6B;AACnC,QAAI,CAAC,KAAK,MAAM;AACd,WAAK,OAAO,KAAK,mBAAmB;AAAA,IACtC;AACA,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKQ,qBAAgC;AACtC,UAAM,mBAAsC;AAAA;AAAA,MAE1C,QAAQ,KAAK,OAAO,UAAU,KAAK,eAAe;AAAA,MAClD,SAAS,KAAK,OAAO,WAAW;AAAA;AAAA;AAAA;AAAA,MAKhC,UAAU,KAAK,qBAAqB;AAAA;AAAA,MAGpC,kBAAkB;AAAA,QAChB,SAAS;AAAA,MACX;AAAA;AAAA,MAGA,SAAS;AAAA,QACP,WAAW,KAAK,OAAO,SAAS,aAAa,KAAK,KAAK,KAAK;AAAA;AAAA,QAC5D,WAAW,KAAK,OAAO,SAAS,aAAa,KAAK,KAAK;AAAA;AAAA,MACzD;AAAA,IACF;AAEA,eAAO,+BAAW,gBAAgB;AAAA,EACpC;AAAA;AAAA;AAAA;AAAA,EAKQ,uBAA4B;AAElC,QAAI,KAAK,OAAO,YAAY;AAC1B,aAAO,sBAAsB,KAAK,OAAO,UAAU;AAAA,IACrD;AAGA,YAAQ;AAAA,MACN;AAAA,IAGF;AAIA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKQ,iBAAyB;AAC/B,UAAM,YAAY,QAAQ,IAAI;AAE9B,QAAI,CAAC,WAAW;AAGd,YAAM,iBAAiB,gBAAgB,KAAK,IAAI;AAEhD,cAAQ;AAAA,QACN;AAAA,MAIF;AAEA,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,kBAA6B;AAC3B,WAAO,KAAK,gBAAgB;AAAA,EAC9B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,cAAc,SAAqC;AACvD,UAAM,OAAO,KAAK,gBAAgB;AAClC,WAAO,MAAM,KAAK,QAAQ,OAAO;AAAA,EACnC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,IAAI,MAAM;AACR,WAAO,KAAK,gBAAgB,EAAE;AAAA,EAChC;AACF;;;AEvHO,IAAM,aAAN,MAAmC;AAAA,EASxC,YAAY,UAA6B,CAAC,GAAG;AAR7C,gBAAO;AACP,gBAAO;AACP,mBAAU;AACV,wBAAe,CAAC,6BAA6B;AAG7C,SAAQ,cAAkC;AAGxC,SAAK,UAAU;AAAA,MACb,gBAAgB;AAAA,MAChB,UAAU;AAAA,MACV,GAAG;AAAA,IACL;AAAA,EACF;AAAA,EAEA,MAAM,KAAK,KAAmC;AAC5C,QAAI,OAAO,KAAK,6BAA6B;AAG7C,QAAI,CAAC,KAAK,QAAQ,QAAQ;AACxB,YAAM,IAAI,MAAM,gCAAgC;AAAA,IAClD;AAGA,UAAM,aAAa,IAAI,WAAgB,MAAM;AAC7C,QAAI,CAAC,YAAY;AACf,UAAI,OAAO,KAAK,gEAAgE;AAAA,IAClF;AAGA,SAAK,cAAc,IAAI,YAAY;AAAA,MACjC,GAAG,KAAK;AAAA,MACR;AAAA,IACF,CAAC;AAGD,QAAI,gBAAgB,QAAQ,KAAK,WAAW;AAE5C,QAAI,OAAO,KAAK,sCAAsC;AAAA,EACxD;AAAA,EAEA,MAAM,MAAM,KAAmC;AAC7C,QAAI,OAAO,KAAK,yBAAyB;AAEzC,QAAI,CAAC,KAAK,aAAa;AACrB,YAAM,IAAI,MAAM,8BAA8B;AAAA,IAChD;AAGA,QAAI,KAAK,QAAQ,gBAAgB;AAC/B,UAAI;AACF,cAAM,aAAa,IAAI,WAAwB,aAAa;AAC5D,aAAK,mBAAmB,YAAY,GAAG;AACvC,YAAI,OAAO,KAAK,6BAA6B,KAAK,QAAQ,QAAQ,EAAE;AAAA,MACtE,SAAS,OAAO;AACd,cAAM,MAAM,iBAAiB,QAAQ,QAAQ,IAAI,MAAM,OAAO,KAAK,CAAC;AACpE,YAAI,OAAO,MAAM,mCAAmC,GAAG;AACvD,cAAM;AAAA,MACR;AAAA,IACF;AAGA,QAAI;AACF,YAAM,KAAK,IAAI,WAAgB,UAAU;AACzC,UAAI,MAAM,OAAO,GAAG,uBAAuB,YAAY;AACrD,WAAG,mBAAmB,OAAO,OAAY,SAA8B;AAErE,cAAI,MAAM,SAAS,UAAU,MAAM,SAAS,UAAU;AACpD,mBAAO,KAAK;AAAA,UACd;AAEA,gBAAM,KAAK;AAAA,QACb,CAAC;AACD,YAAI,OAAO,KAAK,+CAA+C;AAAA,MACjE;AAAA,IACF,SAAS,IAAI;AACX,UAAI,OAAO,MAAM,sEAAsE;AAAA,IACzF;AAEA,QAAI,OAAO,KAAK,kCAAkC;AAAA,EACpD;AAAA,EAEA,MAAM,UAAyB;AAE7B,SAAK,cAAc;AAAA,EACrB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcQ,mBAAmB,YAAyB,KAA0B;AAC5E,QAAI,CAAC,KAAK,YAAa;AAEvB,UAAM,WAAW,KAAK,QAAQ,YAAY;AAI1C,QAAI,EAAE,eAAe,eAAe,OAAQ,WAAmB,cAAc,YAAY;AACvF,UAAI,OAAO,MAAM,kFAAkF;AACnG,YAAM,IAAI;AAAA,QACR;AAAA,MAEF;AAAA,IACF;AAEA,UAAM,SAAU,WAAmB,UAAU;AAI7C,WAAO,IAAI,GAAG,QAAQ,MAAM,OAAO,MAAW;AAC5C,UAAI;AAEF,cAAM,UAAU,EAAE,IAAI;AAKtB,cAAM,MAAM,IAAI,IAAI,QAAQ,GAAG;AAC/B,cAAM,WAAW,IAAI,SAAS,QAAQ,UAAU,EAAE;AAClD,cAAM,eAAe,IAAI,IAAI,YAAY,KAAK,IAAI,MAAM;AACxD,qBAAa,SAAS,IAAI;AAE1B,cAAM,mBAAmB,IAAI,QAAQ,cAAc;AAAA,UACjD,QAAQ,QAAQ;AAAA,UAChB,SAAS,QAAQ;AAAA,UACjB,MAAM,QAAQ;AAAA,UACd,QAAQ;AAAA;AAAA,QACV,CAAC;AAGD,cAAM,WAAW,MAAM,KAAK,YAAa,cAAc,gBAAgB;AAEvE,eAAO;AAAA,MACT,SAAS,OAAO;AACd,cAAM,MAAM,iBAAiB,QAAQ,QAAQ,IAAI,MAAM,OAAO,KAAK,CAAC;AACpE,YAAI,OAAO,MAAM,uBAAuB,GAAG;AAG3C,eAAO,IAAI;AAAA,UACT,KAAK,UAAU;AAAA,YACb,SAAS;AAAA,YACT,OAAO,IAAI;AAAA,UACb,CAAC;AAAA,UACD;AAAA,YACE,QAAQ;AAAA,YACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,UAChD;AAAA,QACF;AAAA,MACF;AAAA,IACF,CAAC;AAED,QAAI,OAAO,KAAK,8CAA8C,QAAQ,6BAA6B;AAAA,EACrG;AACF;;;AC9MA,kBAAoC;AAc7B,IAAM,WAAW,yBAAa,OAAO;AAAA,EAC1C,MAAM;AAAA,EACN,OAAO;AAAA,EACP,aAAa;AAAA,EACb,MAAM;AAAA,EACN,aAAa;AAAA,EACb,aAAa;AAAA,EACb,eAAe,CAAC,QAAQ,SAAS,eAAe;AAAA,EAEhD,QAAQ;AAAA;AAAA,IAEN,IAAI,kBAAM,KAAK;AAAA,MACb,OAAO;AAAA,MACP,UAAU;AAAA,MACV,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,WAAW,kBAAM,SAAS;AAAA,MACxB,OAAO;AAAA,MACP,cAAc;AAAA,MACd,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,WAAW,kBAAM,SAAS;AAAA,MACxB,OAAO;AAAA,MACP,cAAc;AAAA,MACd,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,OAAO,kBAAM,MAAM;AAAA,MACjB,OAAO;AAAA,MACP,UAAU;AAAA,MACV,YAAY;AAAA,IACd,CAAC;AAAA,IAED,eAAe,kBAAM,QAAQ;AAAA,MAC3B,OAAO;AAAA,MACP,cAAc;AAAA,IAChB,CAAC;AAAA,IAED,MAAM,kBAAM,KAAK;AAAA,MACf,OAAO;AAAA,MACP,UAAU;AAAA,MACV,YAAY;AAAA,MACZ,WAAW;AAAA,IACb,CAAC;AAAA,IAED,OAAO,kBAAM,IAAI;AAAA,MACf,OAAO;AAAA,MACP,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAAA;AAAA,EAGA,SAAS;AAAA,IACP,EAAE,QAAQ,CAAC,OAAO,GAAG,QAAQ,KAAK;AAAA,IAClC,EAAE,QAAQ,CAAC,WAAW,GAAG,QAAQ,MAAM;AAAA,EACzC;AAAA;AAAA,EAGA,QAAQ;AAAA,IACN,cAAc;AAAA,IACd,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,YAAY,CAAC,OAAO,QAAQ,UAAU,UAAU,QAAQ;AAAA,IACxD,OAAO;AAAA,IACP,KAAK;AAAA,EACP;AAAA;AAAA,EAGA,aAAa;AAAA,IACX;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,MACT,QAAQ,CAAC,OAAO;AAAA,MAChB,eAAe;AAAA,IACjB;AAAA,EACF;AACF,CAAC;;;AC9FD,IAAAA,eAAoC;AAe7B,IAAM,cAAc,0BAAa,OAAO;AAAA,EAC7C,MAAM;AAAA,EACN,OAAO;AAAA,EACP,aAAa;AAAA,EACb,MAAM;AAAA,EACN,aAAa;AAAA,EACb,aAAa;AAAA,EACb,eAAe,CAAC,UAAU,aAAa,WAAW;AAAA,EAElD,QAAQ;AAAA,IACN,IAAI,mBAAM,KAAK;AAAA,MACb,OAAO;AAAA,MACP,UAAU;AAAA,MACV,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,WAAW,mBAAM,SAAS;AAAA,MACxB,OAAO;AAAA,MACP,cAAc;AAAA,MACd,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,WAAW,mBAAM,SAAS;AAAA,MACxB,OAAO;AAAA,MACP,cAAc;AAAA,MACd,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,QAAQ,mBAAM,KAAK;AAAA,MACjB,OAAO;AAAA,MACP,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,WAAW,mBAAM,SAAS;AAAA,MACxB,OAAO;AAAA,MACP,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,OAAO,mBAAM,KAAK;AAAA,MAChB,OAAO;AAAA,MACP,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,WAAW,mBAAM,KAAK;AAAA,MACpB,OAAO;AAAA,MACP,UAAU;AAAA,MACV,WAAW;AAAA;AAAA,IACb,CAAC;AAAA,IAED,WAAW,mBAAM,SAAS;AAAA,MACxB,OAAO;AAAA,MACP,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAAA;AAAA,EAGA,SAAS;AAAA,IACP,EAAE,QAAQ,CAAC,OAAO,GAAG,QAAQ,KAAK;AAAA,IAClC,EAAE,QAAQ,CAAC,QAAQ,GAAG,QAAQ,MAAM;AAAA,IACpC,EAAE,QAAQ,CAAC,WAAW,GAAG,QAAQ,MAAM;AAAA,EACzC;AAAA;AAAA,EAGA,QAAQ;AAAA,IACN,cAAc;AAAA;AAAA,IACd,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,YAAY,CAAC,OAAO,QAAQ,UAAU,QAAQ;AAAA;AAAA,IAC9C,OAAO;AAAA;AAAA,IACP,KAAK;AAAA,EACP;AACF,CAAC;;;ACtFD,IAAAC,eAAoC;AAoB7B,IAAM,cAAc,0BAAa,OAAO;AAAA,EAC7C,MAAM;AAAA,EACN,OAAO;AAAA,EACP,aAAa;AAAA,EACb,MAAM;AAAA,EACN,aAAa;AAAA,EACb,aAAa;AAAA,EACb,eAAe,CAAC,cAAc,UAAU,WAAW;AAAA,EAEnD,QAAQ;AAAA,IACN,IAAI,mBAAM,KAAK;AAAA,MACb,OAAO;AAAA,MACP,UAAU;AAAA,MACV,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,WAAW,mBAAM,SAAS;AAAA,MACxB,OAAO;AAAA,MACP,cAAc;AAAA,MACd,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,WAAW,mBAAM,SAAS;AAAA,MACxB,OAAO;AAAA,MACP,cAAc;AAAA,MACd,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,YAAY,mBAAM,KAAK;AAAA,MACrB,OAAO;AAAA,MACP,UAAU;AAAA,MACV,aAAa;AAAA,IACf,CAAC;AAAA,IAED,WAAW,mBAAM,KAAK;AAAA,MACpB,OAAO;AAAA,MACP,UAAU;AAAA,MACV,aAAa;AAAA,IACf,CAAC;AAAA,IAED,QAAQ,mBAAM,KAAK;AAAA,MACjB,OAAO;AAAA,MACP,UAAU;AAAA,MACV,aAAa;AAAA,IACf,CAAC;AAAA,IAED,aAAa,mBAAM,SAAS;AAAA,MAC1B,OAAO;AAAA,MACP,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,cAAc,mBAAM,SAAS;AAAA,MAC3B,OAAO;AAAA,MACP,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,SAAS,mBAAM,SAAS;AAAA,MACtB,OAAO;AAAA,MACP,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,sBAAsB,mBAAM,SAAS;AAAA,MACnC,OAAO;AAAA,MACP,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,uBAAuB,mBAAM,SAAS;AAAA,MACpC,OAAO;AAAA,MACP,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,OAAO,mBAAM,KAAK;AAAA,MAChB,OAAO;AAAA,MACP,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,UAAU,mBAAM,KAAK;AAAA,MACnB,OAAO;AAAA,MACP,UAAU;AAAA,MACV,aAAa;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA,EAGA,SAAS;AAAA,IACP,EAAE,QAAQ,CAAC,QAAQ,GAAG,QAAQ,MAAM;AAAA,IACpC,EAAE,QAAQ,CAAC,cAAc,WAAW,GAAG,QAAQ,KAAK;AAAA,EACtD;AAAA;AAAA,EAGA,QAAQ;AAAA,IACN,cAAc;AAAA,IACd,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,YAAY,CAAC,OAAO,QAAQ,UAAU,UAAU,QAAQ;AAAA,IACxD,OAAO;AAAA,IACP,KAAK;AAAA,EACP;AACF,CAAC;;;ACtHD,IAAAC,eAAoC;AAa7B,IAAM,mBAAmB,0BAAa,OAAO;AAAA,EAClD,MAAM;AAAA,EACN,OAAO;AAAA,EACP,aAAa;AAAA,EACb,MAAM;AAAA,EACN,aAAa;AAAA,EACb,aAAa;AAAA,EACb,eAAe,CAAC,cAAc,aAAa,WAAW;AAAA,EAEtD,QAAQ;AAAA,IACN,IAAI,mBAAM,KAAK;AAAA,MACb,OAAO;AAAA,MACP,UAAU;AAAA,MACV,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,WAAW,mBAAM,SAAS;AAAA,MACxB,OAAO;AAAA,MACP,cAAc;AAAA,MACd,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,WAAW,mBAAM,SAAS;AAAA,MACxB,OAAO;AAAA,MACP,cAAc;AAAA,MACd,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,OAAO,mBAAM,KAAK;AAAA,MAChB,OAAO;AAAA,MACP,UAAU;AAAA,MACV,aAAa;AAAA,IACf,CAAC;AAAA,IAED,WAAW,mBAAM,SAAS;AAAA,MACxB,OAAO;AAAA,MACP,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,YAAY,mBAAM,KAAK;AAAA,MACrB,OAAO;AAAA,MACP,UAAU;AAAA,MACV,aAAa;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA,EAGA,SAAS;AAAA,IACP,EAAE,QAAQ,CAAC,OAAO,GAAG,QAAQ,KAAK;AAAA,IAClC,EAAE,QAAQ,CAAC,YAAY,GAAG,QAAQ,MAAM;AAAA,IACxC,EAAE,QAAQ,CAAC,WAAW,GAAG,QAAQ,MAAM;AAAA,EACzC;AAAA;AAAA,EAGA,QAAQ;AAAA,IACN,cAAc;AAAA,IACd,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,YAAY,CAAC,OAAO,UAAU,QAAQ;AAAA;AAAA,IACtC,OAAO;AAAA;AAAA,IACP,KAAK;AAAA,EACP;AACF,CAAC;","names":["import_data","import_data","import_data"]}
+{"version":3,"sources":["../src/index.ts","../src/auth-manager.ts","../src/objectql-adapter.ts","../src/auth-plugin.ts","../src/objects/auth-user.object.ts","../src/objects/auth-session.object.ts","../src/objects/auth-account.object.ts","../src/objects/auth-verification.object.ts"],"sourcesContent":["// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\n/**\n * @objectstack/plugin-auth\n * \n * Authentication & Identity Plugin for ObjectStack\n * Powered by better-auth for robust, secure authentication\n * Uses ObjectQL for data persistence (no third-party ORM required)\n */\n\nexport * from './auth-plugin.js';\nexport * from './auth-manager.js';\nexport * from './objectql-adapter.js';\nexport * from './objects/index.js';\nexport type { AuthConfig, AuthProviderConfig, AuthPluginConfig } from '@objectstack/spec/system';\n","// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport { betterAuth } from 'better-auth';\nimport type { Auth, BetterAuthOptions } from 'better-auth';\nimport type { AuthConfig } from '@objectstack/spec/system';\nimport type { IDataEngine } from '@objectstack/core';\nimport { createObjectQLAdapter } from './objectql-adapter.js';\n\n/**\n * Extended options for AuthManager\n */\nexport interface AuthManagerOptions extends Partial<AuthConfig> {\n  /**\n   * Better-Auth instance (for advanced use cases)\n   * If not provided, one will be created from config\n   */\n  authInstance?: Auth<any>;\n  \n  /**\n   * ObjectQL Data Engine instance\n   * Required for database operations using ObjectQL instead of third-party ORMs\n   */\n  dataEngine?: IDataEngine;\n}\n\n/**\n * Authentication Manager\n * \n * Wraps better-auth and provides authentication services for ObjectStack.\n * Supports multiple authentication methods:\n * - Email/password\n * - OAuth providers (Google, GitHub, etc.)\n * - Magic links\n * - Two-factor authentication\n * - Passkeys\n * - Organization/teams\n */\nexport class AuthManager {\n  private auth: Auth<any> | null = null;\n  private config: AuthManagerOptions;\n\n  constructor(config: AuthManagerOptions) {\n    this.config = config;\n    \n    // Use provided auth instance\n    if (config.authInstance) {\n      this.auth = config.authInstance;\n    }\n    // Don't create auth instance automatically to avoid database initialization errors\n    // It will be created lazily when needed\n  }\n\n  /**\n   * Get or create the better-auth instance (lazy initialization)\n   */\n  private getOrCreateAuth(): Auth<any> {\n    if (!this.auth) {\n      this.auth = this.createAuthInstance();\n    }\n    return this.auth;\n  }\n\n  /**\n   * Create a better-auth instance from configuration\n   */\n  private createAuthInstance(): Auth<any> {\n    const betterAuthConfig: BetterAuthOptions = {\n      // Base configuration\n      secret: this.config.secret || this.generateSecret(),\n      baseURL: this.config.baseUrl || 'http://localhost:3000',\n      \n      // Database adapter configuration\n      // For now, we configure a basic setup that will be enhanced\n      // when database URL is provided and drizzle-orm is available\n      database: this.createDatabaseConfig(),\n      \n      // Email configuration\n      emailAndPassword: {\n        enabled: true,\n      },\n      \n      // Session configuration\n      session: {\n        expiresIn: this.config.session?.expiresIn || 60 * 60 * 24 * 7, // 7 days default\n        updateAge: this.config.session?.updateAge || 60 * 60 * 24, // 1 day default\n      },\n    };\n\n    return betterAuth(betterAuthConfig);\n  }\n\n  /**\n   * Create database configuration using ObjectQL adapter\n   */\n  private createDatabaseConfig(): any {\n    // Use ObjectQL adapter if dataEngine is provided\n    if (this.config.dataEngine) {\n      return createObjectQLAdapter(this.config.dataEngine);\n    }\n    \n    // Fallback warning if no dataEngine is provided\n    console.warn(\n      '⚠️  WARNING: No dataEngine provided to AuthManager! ' +\n      'Using in-memory storage. This is NOT suitable for production. ' +\n      'Please provide a dataEngine instance (e.g., ObjectQL) in AuthManagerOptions.'\n    );\n    \n    // Return a minimal in-memory configuration as fallback\n    // This allows the system to work in development/testing without a real database\n    return undefined; // better-auth will use its default in-memory adapter\n  }\n\n  /**\n   * Generate a secure secret if not provided\n   */\n  private generateSecret(): string {\n    const envSecret = process.env.AUTH_SECRET;\n    \n    if (!envSecret) {\n      // In production, a secret MUST be provided\n      // For development/testing, we'll use a fallback but warn about it\n      const fallbackSecret = 'dev-secret-' + Date.now();\n      \n      console.warn(\n        '⚠️  WARNING: No AUTH_SECRET environment variable set! ' +\n        'Using a temporary development secret. ' +\n        'This is NOT secure for production use. ' +\n        'Please set AUTH_SECRET in your environment variables.'\n      );\n      \n      return fallbackSecret;\n    }\n    \n    return envSecret;\n  }\n\n  /**\n   * Get the underlying better-auth instance\n   * Useful for advanced use cases\n   */\n  getAuthInstance(): Auth<any> {\n    return this.getOrCreateAuth();\n  }\n\n  /**\n   * Handle an authentication request\n   * Forwards the request directly to better-auth's universal handler\n   * \n   * @param request - Web standard Request object\n   * @returns Web standard Response object\n   */\n  async handleRequest(request: Request): Promise<Response> {\n    const auth = this.getOrCreateAuth();\n    return await auth.handler(request);\n  }\n\n  /**\n   * Get the better-auth API for programmatic access\n   * Use this for server-side operations (e.g., creating users, checking sessions)\n   */\n  get api() {\n    return this.getOrCreateAuth().api;\n  }\n}\n","// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport type { IDataEngine } from '@objectstack/core';\nimport type { CleanedWhere } from 'better-auth/adapters';\n\n/**\n * ObjectQL Adapter for better-auth\n * \n * Bridges better-auth's database adapter interface with ObjectQL's IDataEngine.\n * This allows better-auth to use ObjectQL for data persistence instead of\n * third-party ORMs like drizzle-orm.\n * \n * Uses better-auth's native naming conventions (camelCase) for seamless migration.\n * \n * @param dataEngine - ObjectQL data engine instance\n * @returns better-auth CustomAdapter\n */\nexport function createObjectQLAdapter(dataEngine: IDataEngine) {\n  /**\n   * Convert better-auth where clause to ObjectQL query format\n   */\n  function convertWhere(where: CleanedWhere[]): Record<string, any> {\n    const filter: Record<string, any> = {};\n    \n    for (const condition of where) {\n      // Use field names as-is (no conversion needed)\n      const fieldName = condition.field;\n      \n      if (condition.operator === 'eq') {\n        filter[fieldName] = condition.value;\n      } else if (condition.operator === 'ne') {\n        filter[fieldName] = { $ne: condition.value };\n      } else if (condition.operator === 'in') {\n        filter[fieldName] = { $in: condition.value };\n      } else if (condition.operator === 'gt') {\n        filter[fieldName] = { $gt: condition.value };\n      } else if (condition.operator === 'gte') {\n        filter[fieldName] = { $gte: condition.value };\n      } else if (condition.operator === 'lt') {\n        filter[fieldName] = { $lt: condition.value };\n      } else if (condition.operator === 'lte') {\n        filter[fieldName] = { $lte: condition.value };\n      } else if (condition.operator === 'contains') {\n        filter[fieldName] = { $regex: condition.value };\n      }\n    }\n    \n    return filter;\n  }\n\n  return {\n    create: async <T extends Record<string, any>>({ model, data, select: _select }: { model: string; data: T; select?: string[] }): Promise<T> => {\n      // Use model name as-is (no conversion needed)\n      const objectName = model;\n      \n      // Note: select parameter is currently not supported by ObjectQL's insert operation\n      // The full record is always returned after insertion\n      const result = await dataEngine.insert(objectName, data);\n      return result as T;\n    },\n    \n    findOne: async <T>({ model, where, select, join: _join }: { model: string; where: CleanedWhere[]; select?: string[]; join?: any }): Promise<T | null> => {\n      const objectName = model;\n      const filter = convertWhere(where);\n      \n      // Note: join parameter is not currently supported by ObjectQL's findOne operation\n      // Joins/populate functionality is planned for future ObjectQL releases\n      // For now, related data must be fetched separately\n      \n      const result = await dataEngine.findOne(objectName, {\n        filter,\n        select,\n      });\n      \n      return result ? result as T : null;\n    },\n    \n    findMany: async <T>({ model, where, limit, offset, sortBy, join: _join }: { model: string; where?: CleanedWhere[]; limit: number; offset?: number; sortBy?: { field: string; direction: 'asc' | 'desc' }; join?: any }): Promise<T[]> => {\n      const objectName = model;\n      const filter = where ? convertWhere(where) : {};\n      \n      // Note: join parameter is not currently supported by ObjectQL's find operation\n      // Joins/populate functionality is planned for future ObjectQL releases\n      \n      const sort = sortBy ? [{\n        field: sortBy.field,\n        order: sortBy.direction as 'asc' | 'desc',\n      }] : undefined;\n      \n      const results = await dataEngine.find(objectName, {\n        filter,\n        limit: limit || 100,\n        skip: offset,\n        sort,\n      });\n      \n      return results as T[];\n    },\n    \n    count: async ({ model, where }: { model: string; where?: CleanedWhere[] }): Promise<number> => {\n      const objectName = model;\n      const filter = where ? convertWhere(where) : {};\n      \n      return await dataEngine.count(objectName, { filter });\n    },\n    \n    update: async <T>({ model, where, update }: { model: string; where: CleanedWhere[]; update: Record<string, any> }): Promise<T | null> => {\n      const objectName = model;\n      const filter = convertWhere(where);\n      \n      // Find the record first to get its ID\n      const record = await dataEngine.findOne(objectName, { filter });\n      if (!record) {\n        return null;\n      }\n      \n      const result = await dataEngine.update(objectName, {\n        ...update,\n        id: record.id,\n      });\n      \n      return result ? result as T : null;\n    },\n    \n    updateMany: async ({ model, where, update }: { model: string; where: CleanedWhere[]; update: Record<string, any> }): Promise<number> => {\n      const objectName = model;\n      const filter = convertWhere(where);\n      \n      // Note: Sequential updates are used here because ObjectQL's IDataEngine interface\n      // requires an ID for updates. A future optimization could use a bulk update\n      // operation if ObjectQL adds support for filter-based updates without IDs.\n      \n      // Find all matching records\n      const records = await dataEngine.find(objectName, { filter });\n      \n      // Update each record\n      for (const record of records) {\n        await dataEngine.update(objectName, {\n          ...update,\n          id: record.id,\n        });\n      }\n      \n      return records.length;\n    },\n    \n    delete: async ({ model, where }: { model: string; where: CleanedWhere[] }): Promise<void> => {\n      const objectName = model;\n      const filter = convertWhere(where);\n      \n      // Note: We need to find the record first to get its ID because ObjectQL's\n      // delete operation requires an ID. Direct filter-based delete would be more\n      // efficient if supported by ObjectQL in the future.\n      const record = await dataEngine.findOne(objectName, { filter });\n      if (!record) {\n        return;\n      }\n      \n      await dataEngine.delete(objectName, { filter: { id: record.id } });\n    },\n    \n    deleteMany: async ({ model, where }: { model: string; where: CleanedWhere[] }): Promise<number> => {\n      const objectName = model;\n      const filter = convertWhere(where);\n      \n      // Note: Sequential deletes are used here because ObjectQL's delete operation\n      // requires an ID in the filter. A future optimization could use a single\n      // delete call with the original filter if ObjectQL supports it.\n      \n      // Find all matching records\n      const records = await dataEngine.find(objectName, { filter });\n      \n      // Delete each record\n      for (const record of records) {\n        await dataEngine.delete(objectName, { filter: { id: record.id } });\n      }\n      \n      return records.length;\n    },\n  };\n}\n","// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport { Plugin, PluginContext, IHttpServer } from '@objectstack/core';\nimport { AuthConfig } from '@objectstack/spec/system';\nimport { AuthManager } from './auth-manager.js';\n\n/**\n * Auth Plugin Options\n * Extends AuthConfig from spec with additional runtime options\n */\nexport interface AuthPluginOptions extends Partial<AuthConfig> {\n  /**\n   * Whether to automatically register auth routes\n   * @default true\n   */\n  registerRoutes?: boolean;\n  \n  /**\n   * Base path for auth routes\n   * @default '/api/v1/auth'\n   */\n  basePath?: string;\n}\n\n/**\n * Authentication Plugin\n * \n * Provides authentication and identity services for ObjectStack applications.\n * \n * Features:\n * - Session management\n * - User registration/login\n * - OAuth providers (Google, GitHub, etc.)\n * - Organization/team support\n * - 2FA, passkeys, magic links\n * \n * This plugin registers:\n * - `auth` service (auth manager instance)\n * - HTTP routes for authentication endpoints\n * \n * Integrates with better-auth library to provide comprehensive\n * authentication capabilities including email/password, OAuth, 2FA,\n * magic links, passkeys, and organization support.\n */\nexport class AuthPlugin implements Plugin {\n  name = 'com.objectstack.auth';\n  type = 'standard';\n  version = '1.0.0';\n  dependencies = ['com.objectstack.server.hono']; // Requires HTTP server\n  \n  private options: AuthPluginOptions;\n  private authManager: AuthManager | null = null;\n\n  constructor(options: AuthPluginOptions = {}) {\n    this.options = {\n      registerRoutes: true,\n      basePath: '/api/v1/auth',\n      ...options\n    };\n  }\n\n  async init(ctx: PluginContext): Promise<void> {\n    ctx.logger.info('Initializing Auth Plugin...');\n\n    // Validate required configuration\n    if (!this.options.secret) {\n      throw new Error('AuthPlugin: secret is required');\n    }\n\n    // Get data engine service for database operations\n    const dataEngine = ctx.getService<any>('data');\n    if (!dataEngine) {\n      ctx.logger.warn('No data engine service found - auth will use in-memory storage');\n    }\n\n    // Initialize auth manager with data engine\n    this.authManager = new AuthManager({\n      ...this.options,\n      dataEngine,\n    });\n\n    // Register auth service\n    ctx.registerService('auth', this.authManager);\n    \n    ctx.logger.info('Auth Plugin initialized successfully');\n  }\n\n  async start(ctx: PluginContext): Promise<void> {\n    ctx.logger.info('Starting Auth Plugin...');\n\n    if (!this.authManager) {\n      throw new Error('Auth manager not initialized');\n    }\n\n    // Register HTTP routes if enabled\n    if (this.options.registerRoutes) {\n      try {\n        const httpServer = ctx.getService<IHttpServer>('http-server');\n        this.registerAuthRoutes(httpServer, ctx);\n        ctx.logger.info(`Auth routes registered at ${this.options.basePath}`);\n      } catch (error) {\n        const err = error instanceof Error ? error : new Error(String(error));\n        ctx.logger.error('Failed to register auth routes:', err);\n        throw err;\n      }\n    }\n\n    // Register auth middleware on ObjectQL engine (if available)\n    try {\n      const ql = ctx.getService<any>('objectql');\n      if (ql && typeof ql.registerMiddleware === 'function') {\n        ql.registerMiddleware(async (opCtx: any, next: () => Promise<void>) => {\n          // If context already has userId or isSystem, skip auth resolution\n          if (opCtx.context?.userId || opCtx.context?.isSystem) {\n            return next();\n          }\n          // Future: resolve session from AsyncLocalStorage or request context\n          await next();\n        });\n        ctx.logger.info('Auth middleware registered on ObjectQL engine');\n      }\n    } catch (_e) {\n      ctx.logger.debug('ObjectQL engine not available, skipping auth middleware registration');\n    }\n\n    ctx.logger.info('Auth Plugin started successfully');\n  }\n\n  async destroy(): Promise<void> {\n    // Cleanup if needed\n    this.authManager = null;\n  }\n\n  /**\n   * Register authentication routes with HTTP server\n   * \n   * Uses better-auth's universal handler for all authentication requests.\n   * This forwards all requests under basePath to better-auth, which handles:\n   * - Email/password authentication\n   * - OAuth providers (Google, GitHub, etc.)\n   * - Session management\n   * - Password reset\n   * - Email verification\n   * - 2FA, passkeys, magic links (if enabled)\n   */\n  private registerAuthRoutes(httpServer: IHttpServer, ctx: PluginContext): void {\n    if (!this.authManager) return;\n\n    const basePath = this.options.basePath || '/api/v1/auth';\n\n    // Get raw Hono app to use native wildcard routing\n    // Type assertion is safe here because we explicitly require Hono server as a dependency\n    if (!('getRawApp' in httpServer) || typeof (httpServer as any).getRawApp !== 'function') {\n      ctx.logger.error('HTTP server does not support getRawApp() - wildcard routing requires Hono server');\n      throw new Error(\n        'AuthPlugin requires HonoServerPlugin for wildcard routing support. ' +\n        'Please ensure HonoServerPlugin is loaded before AuthPlugin.'\n      );\n    }\n\n    const rawApp = (httpServer as any).getRawApp();\n\n    // Register wildcard route to forward all auth requests to better-auth\n    // Better-auth expects requests at its baseURL, so we need to preserve the full path\n    rawApp.all(`${basePath}/*`, async (c: any) => {\n      try {\n        // Get the Web standard Request from Hono context\n        const request = c.req.raw as Request;\n        \n        // Create a new Request with the path rewritten to match better-auth's expectations\n        // Better-auth expects paths like /sign-in/email, /sign-up/email, etc.\n        // We need to strip our basePath prefix\n        const url = new URL(request.url);\n        const authPath = url.pathname.replace(basePath, '');\n        const rewrittenUrl = new URL(authPath || '/', url.origin);\n        rewrittenUrl.search = url.search; // Preserve query params\n        \n        const rewrittenRequest = new Request(rewrittenUrl, {\n          method: request.method,\n          headers: request.headers,\n          body: request.body,\n          duplex: 'half' as any, // Required for Request with body\n        });\n\n        // Forward to better-auth handler\n        const response = await this.authManager!.handleRequest(rewrittenRequest);\n        \n        return response;\n      } catch (error) {\n        const err = error instanceof Error ? error : new Error(String(error));\n        ctx.logger.error('Auth request error:', err);\n        \n        // Return error response\n        return new Response(\n          JSON.stringify({\n            success: false,\n            error: err.message,\n          }),\n          {\n            status: 500,\n            headers: { 'Content-Type': 'application/json' },\n          }\n        );\n      }\n    });\n\n    ctx.logger.info(`Auth routes registered: All requests under ${basePath}/* forwarded to better-auth`);\n  }\n}\n\n\n\n","// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport { ObjectSchema, Field } from '@objectstack/spec/data';\n\n/**\n * Auth User Object\n * \n * Uses better-auth's native schema for seamless migration:\n * - id: string\n * - created_at: Date\n * - updated_at: Date\n * - email: string (unique, lowercase)\n * - email_verified: boolean\n * - name: string\n * - image: string | null\n */\nexport const AuthUser = ObjectSchema.create({\n  name: 'user',\n  label: 'User',\n  pluralLabel: 'Users',\n  icon: 'user',\n  description: 'User accounts for authentication',\n  titleFormat: '{name} ({email})',\n  compactLayout: ['name', 'email', 'email_verified'],\n  \n  fields: {\n    // ID is auto-generated by ObjectQL\n    id: Field.text({\n      label: 'User ID',\n      required: true,\n      readonly: true,\n    }),\n    \n    created_at: Field.datetime({\n      label: 'Created At',\n      defaultValue: 'NOW()',\n      readonly: true,\n    }),\n    \n    updated_at: Field.datetime({\n      label: 'Updated At',\n      defaultValue: 'NOW()',\n      readonly: true,\n    }),\n    \n    email: Field.email({\n      label: 'Email',\n      required: true,\n      searchable: true,\n    }),\n    \n    email_verified: Field.boolean({\n      label: 'Email Verified',\n      defaultValue: false,\n    }),\n    \n    name: Field.text({\n      label: 'Name',\n      required: true,\n      searchable: true,\n      maxLength: 255,\n    }),\n    \n    image: Field.url({\n      label: 'Profile Image',\n      required: false,\n    }),\n  },\n  \n  // Database indexes for performance\n  indexes: [\n    { fields: ['email'], unique: true },\n    { fields: ['created_at'], unique: false },\n  ],\n  \n  // Enable features\n  enable: {\n    trackHistory: true,\n    searchable: true,\n    apiEnabled: true,\n    apiMethods: ['get', 'list', 'create', 'update', 'delete'],\n    trash: true,\n    mru: true,\n  },\n  \n  // Validation Rules\n  validations: [\n    {\n      name: 'email_unique',\n      type: 'unique',\n      severity: 'error',\n      message: 'Email must be unique',\n      fields: ['email'],\n      caseSensitive: false,\n    },\n  ],\n});\n","// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport { ObjectSchema, Field } from '@objectstack/spec/data';\n\n/**\n * Auth Session Object\n * \n * Uses better-auth's native schema for seamless migration:\n * - id: string\n * - created_at: Date\n * - updated_at: Date\n * - user_id: string\n * - expires_at: Date\n * - token: string\n * - ip_address: string | null\n * - user_agent: string | null\n */\nexport const AuthSession = ObjectSchema.create({\n  name: 'session',\n  label: 'Session',\n  pluralLabel: 'Sessions',\n  icon: 'key',\n  description: 'Active user sessions',\n  titleFormat: 'Session {token}',\n  compactLayout: ['user_id', 'expires_at', 'ip_address'],\n  \n  fields: {\n    id: Field.text({\n      label: 'Session ID',\n      required: true,\n      readonly: true,\n    }),\n    \n    created_at: Field.datetime({\n      label: 'Created At',\n      defaultValue: 'NOW()',\n      readonly: true,\n    }),\n    \n    updated_at: Field.datetime({\n      label: 'Updated At',\n      defaultValue: 'NOW()',\n      readonly: true,\n    }),\n    \n    user_id: Field.text({\n      label: 'User ID',\n      required: true,\n    }),\n    \n    expires_at: Field.datetime({\n      label: 'Expires At',\n      required: true,\n    }),\n    \n    token: Field.text({\n      label: 'Session Token',\n      required: true,\n    }),\n    \n    ip_address: Field.text({\n      label: 'IP Address',\n      required: false,\n      maxLength: 45, // Support IPv6\n    }),\n    \n    user_agent: Field.textarea({\n      label: 'User Agent',\n      required: false,\n    }),\n  },\n  \n  // Database indexes for performance\n  indexes: [\n    { fields: ['token'], unique: true },\n    { fields: ['user_id'], unique: false },\n    { fields: ['expires_at'], unique: false },\n  ],\n  \n  // Enable features\n  enable: {\n    trackHistory: false, // Sessions don't need history tracking\n    searchable: false,\n    apiEnabled: true,\n    apiMethods: ['get', 'list', 'create', 'delete'], // No update for sessions\n    trash: false, // Sessions should be hard deleted\n    mru: false,\n  },\n});\n","// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport { ObjectSchema, Field } from '@objectstack/spec/data';\n\n/**\n * Auth Account Object\n * \n * Uses better-auth's native schema for seamless migration:\n * - id: string\n * - created_at: Date\n * - updated_at: Date\n * - provider_id: string (e.g., 'google', 'github')\n * - account_id: string (provider's user ID)\n * - user_id: string (link to user table)\n * - access_token: string | null\n * - refresh_token: string | null\n * - id_token: string | null\n * - access_token_expires_at: Date | null\n * - refresh_token_expires_at: Date | null\n * - scope: string | null\n * - password: string | null (for email/password provider)\n */\nexport const AuthAccount = ObjectSchema.create({\n  name: 'account',\n  label: 'Account',\n  pluralLabel: 'Accounts',\n  icon: 'link',\n  description: 'OAuth and authentication provider accounts',\n  titleFormat: '{provider_id} - {account_id}',\n  compactLayout: ['provider_id', 'user_id', 'account_id'],\n  \n  fields: {\n    id: Field.text({\n      label: 'Account ID',\n      required: true,\n      readonly: true,\n    }),\n    \n    created_at: Field.datetime({\n      label: 'Created At',\n      defaultValue: 'NOW()',\n      readonly: true,\n    }),\n    \n    updated_at: Field.datetime({\n      label: 'Updated At',\n      defaultValue: 'NOW()',\n      readonly: true,\n    }),\n    \n    provider_id: Field.text({\n      label: 'Provider ID',\n      required: true,\n      description: 'OAuth provider identifier (google, github, etc.)',\n    }),\n    \n    account_id: Field.text({\n      label: 'Provider Account ID',\n      required: true,\n      description: \"User's ID in the provider's system\",\n    }),\n    \n    user_id: Field.text({\n      label: 'User ID',\n      required: true,\n      description: 'Link to user table',\n    }),\n    \n    access_token: Field.textarea({\n      label: 'Access Token',\n      required: false,\n    }),\n    \n    refresh_token: Field.textarea({\n      label: 'Refresh Token',\n      required: false,\n    }),\n    \n    id_token: Field.textarea({\n      label: 'ID Token',\n      required: false,\n    }),\n    \n    access_token_expires_at: Field.datetime({\n      label: 'Access Token Expires At',\n      required: false,\n    }),\n    \n    refresh_token_expires_at: Field.datetime({\n      label: 'Refresh Token Expires At',\n      required: false,\n    }),\n    \n    scope: Field.text({\n      label: 'OAuth Scope',\n      required: false,\n    }),\n    \n    password: Field.text({\n      label: 'Password Hash',\n      required: false,\n      description: 'Hashed password for email/password provider',\n    }),\n  },\n  \n  // Database indexes for performance\n  indexes: [\n    { fields: ['user_id'], unique: false },\n    { fields: ['provider_id', 'account_id'], unique: true },\n  ],\n  \n  // Enable features\n  enable: {\n    trackHistory: false,\n    searchable: false,\n    apiEnabled: true,\n    apiMethods: ['get', 'list', 'create', 'update', 'delete'],\n    trash: true,\n    mru: false,\n  },\n});\n","// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport { ObjectSchema, Field } from '@objectstack/spec/data';\n\n/**\n * Auth Verification Object\n * \n * Uses better-auth's native schema for seamless migration:\n * - id: string\n * - created_at: Date\n * - updated_at: Date\n * - value: string (verification token/code)\n * - expires_at: Date\n * - identifier: string (email or phone number)\n */\nexport const AuthVerification = ObjectSchema.create({\n  name: 'verification',\n  label: 'Verification',\n  pluralLabel: 'Verifications',\n  icon: 'shield-check',\n  description: 'Email and phone verification tokens',\n  titleFormat: 'Verification for {identifier}',\n  compactLayout: ['identifier', 'expires_at', 'created_at'],\n  \n  fields: {\n    id: Field.text({\n      label: 'Verification ID',\n      required: true,\n      readonly: true,\n    }),\n    \n    created_at: Field.datetime({\n      label: 'Created At',\n      defaultValue: 'NOW()',\n      readonly: true,\n    }),\n    \n    updated_at: Field.datetime({\n      label: 'Updated At',\n      defaultValue: 'NOW()',\n      readonly: true,\n    }),\n    \n    value: Field.text({\n      label: 'Verification Token',\n      required: true,\n      description: 'Token or code for verification',\n    }),\n    \n    expires_at: Field.datetime({\n      label: 'Expires At',\n      required: true,\n    }),\n    \n    identifier: Field.text({\n      label: 'Identifier',\n      required: true,\n      description: 'Email address or phone number',\n    }),\n  },\n  \n  // Database indexes for performance\n  indexes: [\n    { fields: ['value'], unique: true },\n    { fields: ['identifier'], unique: false },\n    { fields: ['expires_at'], unique: false },\n  ],\n  \n  // Enable features\n  enable: {\n    trackHistory: false,\n    searchable: false,\n    apiEnabled: true,\n    apiMethods: ['get', 'create', 'delete'], // No list or update\n    trash: false, // Hard delete expired tokens\n    mru: false,\n  },\n});\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACEA,yBAA2B;;;ACepB,SAAS,sBAAsB,YAAyB;AAI7D,WAAS,aAAa,OAA4C;AAChE,UAAM,SAA8B,CAAC;AAErC,eAAW,aAAa,OAAO;AAE7B,YAAM,YAAY,UAAU;AAE5B,UAAI,UAAU,aAAa,MAAM;AAC/B,eAAO,SAAS,IAAI,UAAU;AAAA,MAChC,WAAW,UAAU,aAAa,MAAM;AACtC,eAAO,SAAS,IAAI,EAAE,KAAK,UAAU,MAAM;AAAA,MAC7C,WAAW,UAAU,aAAa,MAAM;AACtC,eAAO,SAAS,IAAI,EAAE,KAAK,UAAU,MAAM;AAAA,MAC7C,WAAW,UAAU,aAAa,MAAM;AACtC,eAAO,SAAS,IAAI,EAAE,KAAK,UAAU,MAAM;AAAA,MAC7C,WAAW,UAAU,aAAa,OAAO;AACvC,eAAO,SAAS,IAAI,EAAE,MAAM,UAAU,MAAM;AAAA,MAC9C,WAAW,UAAU,aAAa,MAAM;AACtC,eAAO,SAAS,IAAI,EAAE,KAAK,UAAU,MAAM;AAAA,MAC7C,WAAW,UAAU,aAAa,OAAO;AACvC,eAAO,SAAS,IAAI,EAAE,MAAM,UAAU,MAAM;AAAA,MAC9C,WAAW,UAAU,aAAa,YAAY;AAC5C,eAAO,SAAS,IAAI,EAAE,QAAQ,UAAU,MAAM;AAAA,MAChD;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL,QAAQ,OAAsC,EAAE,OAAO,MAAM,QAAQ,QAAQ,MAAiE;AAE5I,YAAM,aAAa;AAInB,YAAM,SAAS,MAAM,WAAW,OAAO,YAAY,IAAI;AACvD,aAAO;AAAA,IACT;AAAA,IAEA,SAAS,OAAU,EAAE,OAAO,OAAO,QAAQ,MAAM,MAAM,MAAkG;AACvJ,YAAM,aAAa;AACnB,YAAM,SAAS,aAAa,KAAK;AAMjC,YAAM,SAAS,MAAM,WAAW,QAAQ,YAAY;AAAA,QAClD;AAAA,QACA;AAAA,MACF,CAAC;AAED,aAAO,SAAS,SAAc;AAAA,IAChC;AAAA,IAEA,UAAU,OAAU,EAAE,OAAO,OAAO,OAAO,QAAQ,QAAQ,MAAM,MAAM,MAAkK;AACvO,YAAM,aAAa;AACnB,YAAM,SAAS,QAAQ,aAAa,KAAK,IAAI,CAAC;AAK9C,YAAM,OAAO,SAAS,CAAC;AAAA,QACrB,OAAO,OAAO;AAAA,QACd,OAAO,OAAO;AAAA,MAChB,CAAC,IAAI;AAEL,YAAM,UAAU,MAAM,WAAW,KAAK,YAAY;AAAA,QAChD;AAAA,QACA,OAAO,SAAS;AAAA,QAChB,MAAM;AAAA,QACN;AAAA,MACF,CAAC;AAED,aAAO;AAAA,IACT;AAAA,IAEA,OAAO,OAAO,EAAE,OAAO,MAAM,MAAkE;AAC7F,YAAM,aAAa;AACnB,YAAM,SAAS,QAAQ,aAAa,KAAK,IAAI,CAAC;AAE9C,aAAO,MAAM,WAAW,MAAM,YAAY,EAAE,OAAO,CAAC;AAAA,IACtD;AAAA,IAEA,QAAQ,OAAU,EAAE,OAAO,OAAO,OAAO,MAAgG;AACvI,YAAM,aAAa;AACnB,YAAM,SAAS,aAAa,KAAK;AAGjC,YAAM,SAAS,MAAM,WAAW,QAAQ,YAAY,EAAE,OAAO,CAAC;AAC9D,UAAI,CAAC,QAAQ;AACX,eAAO;AAAA,MACT;AAEA,YAAM,SAAS,MAAM,WAAW,OAAO,YAAY;AAAA,QACjD,GAAG;AAAA,QACH,IAAI,OAAO;AAAA,MACb,CAAC;AAED,aAAO,SAAS,SAAc;AAAA,IAChC;AAAA,IAEA,YAAY,OAAO,EAAE,OAAO,OAAO,OAAO,MAA8F;AACtI,YAAM,aAAa;AACnB,YAAM,SAAS,aAAa,KAAK;AAOjC,YAAM,UAAU,MAAM,WAAW,KAAK,YAAY,EAAE,OAAO,CAAC;AAG5D,iBAAW,UAAU,SAAS;AAC5B,cAAM,WAAW,OAAO,YAAY;AAAA,UAClC,GAAG;AAAA,UACH,IAAI,OAAO;AAAA,QACb,CAAC;AAAA,MACH;AAEA,aAAO,QAAQ;AAAA,IACjB;AAAA,IAEA,QAAQ,OAAO,EAAE,OAAO,MAAM,MAA+D;AAC3F,YAAM,aAAa;AACnB,YAAM,SAAS,aAAa,KAAK;AAKjC,YAAM,SAAS,MAAM,WAAW,QAAQ,YAAY,EAAE,OAAO,CAAC;AAC9D,UAAI,CAAC,QAAQ;AACX;AAAA,MACF;AAEA,YAAM,WAAW,OAAO,YAAY,EAAE,QAAQ,EAAE,IAAI,OAAO,GAAG,EAAE,CAAC;AAAA,IACnE;AAAA,IAEA,YAAY,OAAO,EAAE,OAAO,MAAM,MAAiE;AACjG,YAAM,aAAa;AACnB,YAAM,SAAS,aAAa,KAAK;AAOjC,YAAM,UAAU,MAAM,WAAW,KAAK,YAAY,EAAE,OAAO,CAAC;AAG5D,iBAAW,UAAU,SAAS;AAC5B,cAAM,WAAW,OAAO,YAAY,EAAE,QAAQ,EAAE,IAAI,OAAO,GAAG,EAAE,CAAC;AAAA,MACnE;AAEA,aAAO,QAAQ;AAAA,IACjB;AAAA,EACF;AACF;;;AD/IO,IAAM,cAAN,MAAkB;AAAA,EAIvB,YAAY,QAA4B;AAHxC,SAAQ,OAAyB;AAI/B,SAAK,SAAS;AAGd,QAAI,OAAO,cAAc;AACvB,WAAK,OAAO,OAAO;AAAA,IACrB;AAAA,EAGF;AAAA;AAAA;AAAA;AAAA,EAKQ,kBAA6B;AACnC,QAAI,CAAC,KAAK,MAAM;AACd,WAAK,OAAO,KAAK,mBAAmB;AAAA,IACtC;AACA,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKQ,qBAAgC;AACtC,UAAM,mBAAsC;AAAA;AAAA,MAE1C,QAAQ,KAAK,OAAO,UAAU,KAAK,eAAe;AAAA,MAClD,SAAS,KAAK,OAAO,WAAW;AAAA;AAAA;AAAA;AAAA,MAKhC,UAAU,KAAK,qBAAqB;AAAA;AAAA,MAGpC,kBAAkB;AAAA,QAChB,SAAS;AAAA,MACX;AAAA;AAAA,MAGA,SAAS;AAAA,QACP,WAAW,KAAK,OAAO,SAAS,aAAa,KAAK,KAAK,KAAK;AAAA;AAAA,QAC5D,WAAW,KAAK,OAAO,SAAS,aAAa,KAAK,KAAK;AAAA;AAAA,MACzD;AAAA,IACF;AAEA,eAAO,+BAAW,gBAAgB;AAAA,EACpC;AAAA;AAAA;AAAA;AAAA,EAKQ,uBAA4B;AAElC,QAAI,KAAK,OAAO,YAAY;AAC1B,aAAO,sBAAsB,KAAK,OAAO,UAAU;AAAA,IACrD;AAGA,YAAQ;AAAA,MACN;AAAA,IAGF;AAIA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKQ,iBAAyB;AAC/B,UAAM,YAAY,QAAQ,IAAI;AAE9B,QAAI,CAAC,WAAW;AAGd,YAAM,iBAAiB,gBAAgB,KAAK,IAAI;AAEhD,cAAQ;AAAA,QACN;AAAA,MAIF;AAEA,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,kBAA6B;AAC3B,WAAO,KAAK,gBAAgB;AAAA,EAC9B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,cAAc,SAAqC;AACvD,UAAM,OAAO,KAAK,gBAAgB;AAClC,WAAO,MAAM,KAAK,QAAQ,OAAO;AAAA,EACnC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,IAAI,MAAM;AACR,WAAO,KAAK,gBAAgB,EAAE;AAAA,EAChC;AACF;;;AEvHO,IAAM,aAAN,MAAmC;AAAA,EASxC,YAAY,UAA6B,CAAC,GAAG;AAR7C,gBAAO;AACP,gBAAO;AACP,mBAAU;AACV,wBAAe,CAAC,6BAA6B;AAG7C,SAAQ,cAAkC;AAGxC,SAAK,UAAU;AAAA,MACb,gBAAgB;AAAA,MAChB,UAAU;AAAA,MACV,GAAG;AAAA,IACL;AAAA,EACF;AAAA,EAEA,MAAM,KAAK,KAAmC;AAC5C,QAAI,OAAO,KAAK,6BAA6B;AAG7C,QAAI,CAAC,KAAK,QAAQ,QAAQ;AACxB,YAAM,IAAI,MAAM,gCAAgC;AAAA,IAClD;AAGA,UAAM,aAAa,IAAI,WAAgB,MAAM;AAC7C,QAAI,CAAC,YAAY;AACf,UAAI,OAAO,KAAK,gEAAgE;AAAA,IAClF;AAGA,SAAK,cAAc,IAAI,YAAY;AAAA,MACjC,GAAG,KAAK;AAAA,MACR;AAAA,IACF,CAAC;AAGD,QAAI,gBAAgB,QAAQ,KAAK,WAAW;AAE5C,QAAI,OAAO,KAAK,sCAAsC;AAAA,EACxD;AAAA,EAEA,MAAM,MAAM,KAAmC;AAC7C,QAAI,OAAO,KAAK,yBAAyB;AAEzC,QAAI,CAAC,KAAK,aAAa;AACrB,YAAM,IAAI,MAAM,8BAA8B;AAAA,IAChD;AAGA,QAAI,KAAK,QAAQ,gBAAgB;AAC/B,UAAI;AACF,cAAM,aAAa,IAAI,WAAwB,aAAa;AAC5D,aAAK,mBAAmB,YAAY,GAAG;AACvC,YAAI,OAAO,KAAK,6BAA6B,KAAK,QAAQ,QAAQ,EAAE;AAAA,MACtE,SAAS,OAAO;AACd,cAAM,MAAM,iBAAiB,QAAQ,QAAQ,IAAI,MAAM,OAAO,KAAK,CAAC;AACpE,YAAI,OAAO,MAAM,mCAAmC,GAAG;AACvD,cAAM;AAAA,MACR;AAAA,IACF;AAGA,QAAI;AACF,YAAM,KAAK,IAAI,WAAgB,UAAU;AACzC,UAAI,MAAM,OAAO,GAAG,uBAAuB,YAAY;AACrD,WAAG,mBAAmB,OAAO,OAAY,SAA8B;AAErE,cAAI,MAAM,SAAS,UAAU,MAAM,SAAS,UAAU;AACpD,mBAAO,KAAK;AAAA,UACd;AAEA,gBAAM,KAAK;AAAA,QACb,CAAC;AACD,YAAI,OAAO,KAAK,+CAA+C;AAAA,MACjE;AAAA,IACF,SAAS,IAAI;AACX,UAAI,OAAO,MAAM,sEAAsE;AAAA,IACzF;AAEA,QAAI,OAAO,KAAK,kCAAkC;AAAA,EACpD;AAAA,EAEA,MAAM,UAAyB;AAE7B,SAAK,cAAc;AAAA,EACrB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcQ,mBAAmB,YAAyB,KAA0B;AAC5E,QAAI,CAAC,KAAK,YAAa;AAEvB,UAAM,WAAW,KAAK,QAAQ,YAAY;AAI1C,QAAI,EAAE,eAAe,eAAe,OAAQ,WAAmB,cAAc,YAAY;AACvF,UAAI,OAAO,MAAM,kFAAkF;AACnG,YAAM,IAAI;AAAA,QACR;AAAA,MAEF;AAAA,IACF;AAEA,UAAM,SAAU,WAAmB,UAAU;AAI7C,WAAO,IAAI,GAAG,QAAQ,MAAM,OAAO,MAAW;AAC5C,UAAI;AAEF,cAAM,UAAU,EAAE,IAAI;AAKtB,cAAM,MAAM,IAAI,IAAI,QAAQ,GAAG;AAC/B,cAAM,WAAW,IAAI,SAAS,QAAQ,UAAU,EAAE;AAClD,cAAM,eAAe,IAAI,IAAI,YAAY,KAAK,IAAI,MAAM;AACxD,qBAAa,SAAS,IAAI;AAE1B,cAAM,mBAAmB,IAAI,QAAQ,cAAc;AAAA,UACjD,QAAQ,QAAQ;AAAA,UAChB,SAAS,QAAQ;AAAA,UACjB,MAAM,QAAQ;AAAA,UACd,QAAQ;AAAA;AAAA,QACV,CAAC;AAGD,cAAM,WAAW,MAAM,KAAK,YAAa,cAAc,gBAAgB;AAEvE,eAAO;AAAA,MACT,SAAS,OAAO;AACd,cAAM,MAAM,iBAAiB,QAAQ,QAAQ,IAAI,MAAM,OAAO,KAAK,CAAC;AACpE,YAAI,OAAO,MAAM,uBAAuB,GAAG;AAG3C,eAAO,IAAI;AAAA,UACT,KAAK,UAAU;AAAA,YACb,SAAS;AAAA,YACT,OAAO,IAAI;AAAA,UACb,CAAC;AAAA,UACD;AAAA,YACE,QAAQ;AAAA,YACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,UAChD;AAAA,QACF;AAAA,MACF;AAAA,IACF,CAAC;AAED,QAAI,OAAO,KAAK,8CAA8C,QAAQ,6BAA6B;AAAA,EACrG;AACF;;;AC9MA,kBAAoC;AAc7B,IAAM,WAAW,yBAAa,OAAO;AAAA,EAC1C,MAAM;AAAA,EACN,OAAO;AAAA,EACP,aAAa;AAAA,EACb,MAAM;AAAA,EACN,aAAa;AAAA,EACb,aAAa;AAAA,EACb,eAAe,CAAC,QAAQ,SAAS,gBAAgB;AAAA,EAEjD,QAAQ;AAAA;AAAA,IAEN,IAAI,kBAAM,KAAK;AAAA,MACb,OAAO;AAAA,MACP,UAAU;AAAA,MACV,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,YAAY,kBAAM,SAAS;AAAA,MACzB,OAAO;AAAA,MACP,cAAc;AAAA,MACd,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,YAAY,kBAAM,SAAS;AAAA,MACzB,OAAO;AAAA,MACP,cAAc;AAAA,MACd,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,OAAO,kBAAM,MAAM;AAAA,MACjB,OAAO;AAAA,MACP,UAAU;AAAA,MACV,YAAY;AAAA,IACd,CAAC;AAAA,IAED,gBAAgB,kBAAM,QAAQ;AAAA,MAC5B,OAAO;AAAA,MACP,cAAc;AAAA,IAChB,CAAC;AAAA,IAED,MAAM,kBAAM,KAAK;AAAA,MACf,OAAO;AAAA,MACP,UAAU;AAAA,MACV,YAAY;AAAA,MACZ,WAAW;AAAA,IACb,CAAC;AAAA,IAED,OAAO,kBAAM,IAAI;AAAA,MACf,OAAO;AAAA,MACP,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAAA;AAAA,EAGA,SAAS;AAAA,IACP,EAAE,QAAQ,CAAC,OAAO,GAAG,QAAQ,KAAK;AAAA,IAClC,EAAE,QAAQ,CAAC,YAAY,GAAG,QAAQ,MAAM;AAAA,EAC1C;AAAA;AAAA,EAGA,QAAQ;AAAA,IACN,cAAc;AAAA,IACd,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,YAAY,CAAC,OAAO,QAAQ,UAAU,UAAU,QAAQ;AAAA,IACxD,OAAO;AAAA,IACP,KAAK;AAAA,EACP;AAAA;AAAA,EAGA,aAAa;AAAA,IACX;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,MACV,SAAS;AAAA,MACT,QAAQ,CAAC,OAAO;AAAA,MAChB,eAAe;AAAA,IACjB;AAAA,EACF;AACF,CAAC;;;AC9FD,IAAAA,eAAoC;AAe7B,IAAM,cAAc,0BAAa,OAAO;AAAA,EAC7C,MAAM;AAAA,EACN,OAAO;AAAA,EACP,aAAa;AAAA,EACb,MAAM;AAAA,EACN,aAAa;AAAA,EACb,aAAa;AAAA,EACb,eAAe,CAAC,WAAW,cAAc,YAAY;AAAA,EAErD,QAAQ;AAAA,IACN,IAAI,mBAAM,KAAK;AAAA,MACb,OAAO;AAAA,MACP,UAAU;AAAA,MACV,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,YAAY,mBAAM,SAAS;AAAA,MACzB,OAAO;AAAA,MACP,cAAc;AAAA,MACd,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,YAAY,mBAAM,SAAS;AAAA,MACzB,OAAO;AAAA,MACP,cAAc;AAAA,MACd,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,SAAS,mBAAM,KAAK;AAAA,MAClB,OAAO;AAAA,MACP,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,YAAY,mBAAM,SAAS;AAAA,MACzB,OAAO;AAAA,MACP,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,OAAO,mBAAM,KAAK;AAAA,MAChB,OAAO;AAAA,MACP,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,YAAY,mBAAM,KAAK;AAAA,MACrB,OAAO;AAAA,MACP,UAAU;AAAA,MACV,WAAW;AAAA;AAAA,IACb,CAAC;AAAA,IAED,YAAY,mBAAM,SAAS;AAAA,MACzB,OAAO;AAAA,MACP,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAAA;AAAA,EAGA,SAAS;AAAA,IACP,EAAE,QAAQ,CAAC,OAAO,GAAG,QAAQ,KAAK;AAAA,IAClC,EAAE,QAAQ,CAAC,SAAS,GAAG,QAAQ,MAAM;AAAA,IACrC,EAAE,QAAQ,CAAC,YAAY,GAAG,QAAQ,MAAM;AAAA,EAC1C;AAAA;AAAA,EAGA,QAAQ;AAAA,IACN,cAAc;AAAA;AAAA,IACd,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,YAAY,CAAC,OAAO,QAAQ,UAAU,QAAQ;AAAA;AAAA,IAC9C,OAAO;AAAA;AAAA,IACP,KAAK;AAAA,EACP;AACF,CAAC;;;ACtFD,IAAAC,eAAoC;AAoB7B,IAAM,cAAc,0BAAa,OAAO;AAAA,EAC7C,MAAM;AAAA,EACN,OAAO;AAAA,EACP,aAAa;AAAA,EACb,MAAM;AAAA,EACN,aAAa;AAAA,EACb,aAAa;AAAA,EACb,eAAe,CAAC,eAAe,WAAW,YAAY;AAAA,EAEtD,QAAQ;AAAA,IACN,IAAI,mBAAM,KAAK;AAAA,MACb,OAAO;AAAA,MACP,UAAU;AAAA,MACV,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,YAAY,mBAAM,SAAS;AAAA,MACzB,OAAO;AAAA,MACP,cAAc;AAAA,MACd,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,YAAY,mBAAM,SAAS;AAAA,MACzB,OAAO;AAAA,MACP,cAAc;AAAA,MACd,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,aAAa,mBAAM,KAAK;AAAA,MACtB,OAAO;AAAA,MACP,UAAU;AAAA,MACV,aAAa;AAAA,IACf,CAAC;AAAA,IAED,YAAY,mBAAM,KAAK;AAAA,MACrB,OAAO;AAAA,MACP,UAAU;AAAA,MACV,aAAa;AAAA,IACf,CAAC;AAAA,IAED,SAAS,mBAAM,KAAK;AAAA,MAClB,OAAO;AAAA,MACP,UAAU;AAAA,MACV,aAAa;AAAA,IACf,CAAC;AAAA,IAED,cAAc,mBAAM,SAAS;AAAA,MAC3B,OAAO;AAAA,MACP,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,eAAe,mBAAM,SAAS;AAAA,MAC5B,OAAO;AAAA,MACP,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,UAAU,mBAAM,SAAS;AAAA,MACvB,OAAO;AAAA,MACP,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,yBAAyB,mBAAM,SAAS;AAAA,MACtC,OAAO;AAAA,MACP,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,0BAA0B,mBAAM,SAAS;AAAA,MACvC,OAAO;AAAA,MACP,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,OAAO,mBAAM,KAAK;AAAA,MAChB,OAAO;AAAA,MACP,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,UAAU,mBAAM,KAAK;AAAA,MACnB,OAAO;AAAA,MACP,UAAU;AAAA,MACV,aAAa;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA,EAGA,SAAS;AAAA,IACP,EAAE,QAAQ,CAAC,SAAS,GAAG,QAAQ,MAAM;AAAA,IACrC,EAAE,QAAQ,CAAC,eAAe,YAAY,GAAG,QAAQ,KAAK;AAAA,EACxD;AAAA;AAAA,EAGA,QAAQ;AAAA,IACN,cAAc;AAAA,IACd,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,YAAY,CAAC,OAAO,QAAQ,UAAU,UAAU,QAAQ;AAAA,IACxD,OAAO;AAAA,IACP,KAAK;AAAA,EACP;AACF,CAAC;;;ACtHD,IAAAC,eAAoC;AAa7B,IAAM,mBAAmB,0BAAa,OAAO;AAAA,EAClD,MAAM;AAAA,EACN,OAAO;AAAA,EACP,aAAa;AAAA,EACb,MAAM;AAAA,EACN,aAAa;AAAA,EACb,aAAa;AAAA,EACb,eAAe,CAAC,cAAc,cAAc,YAAY;AAAA,EAExD,QAAQ;AAAA,IACN,IAAI,mBAAM,KAAK;AAAA,MACb,OAAO;AAAA,MACP,UAAU;AAAA,MACV,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,YAAY,mBAAM,SAAS;AAAA,MACzB,OAAO;AAAA,MACP,cAAc;AAAA,MACd,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,YAAY,mBAAM,SAAS;AAAA,MACzB,OAAO;AAAA,MACP,cAAc;AAAA,MACd,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,OAAO,mBAAM,KAAK;AAAA,MAChB,OAAO;AAAA,MACP,UAAU;AAAA,MACV,aAAa;AAAA,IACf,CAAC;AAAA,IAED,YAAY,mBAAM,SAAS;AAAA,MACzB,OAAO;AAAA,MACP,UAAU;AAAA,IACZ,CAAC;AAAA,IAED,YAAY,mBAAM,KAAK;AAAA,MACrB,OAAO;AAAA,MACP,UAAU;AAAA,MACV,aAAa;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA,EAGA,SAAS;AAAA,IACP,EAAE,QAAQ,CAAC,OAAO,GAAG,QAAQ,KAAK;AAAA,IAClC,EAAE,QAAQ,CAAC,YAAY,GAAG,QAAQ,MAAM;AAAA,IACxC,EAAE,QAAQ,CAAC,YAAY,GAAG,QAAQ,MAAM;AAAA,EAC1C;AAAA;AAAA,EAGA,QAAQ;AAAA,IACN,cAAc;AAAA,IACd,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,YAAY,CAAC,OAAO,UAAU,QAAQ;AAAA;AAAA,IACtC,OAAO;AAAA;AAAA,IACP,KAAK;AAAA,EACP;AACF,CAAC;","names":["import_data","import_data","import_data"]}

package/dist/index.mjs

@@ -336,7 +336,7 @@ var AuthUser = ObjectSchema.create({
   icon: "user",
   description: "User accounts for authentication",
   titleFormat: "{name} ({email})",
-  compactLayout: ["name", "email", "emailVerified"],
+  compactLayout: ["name", "email", "email_verified"],
   fields: {
     // ID is auto-generated by ObjectQL
     id: Field.text({
@@ -344,12 +344,12 @@ var AuthUser = ObjectSchema.create({
       required: true,
       readonly: true
     }),
-    createdAt: Field.datetime({
+    created_at: Field.datetime({
       label: "Created At",
       defaultValue: "NOW()",
       readonly: true
     }),
-    updatedAt: Field.datetime({
+    updated_at: Field.datetime({
       label: "Updated At",
       defaultValue: "NOW()",
       readonly: true
@@ -359,7 +359,7 @@ var AuthUser = ObjectSchema.create({
       required: true,
       searchable: true
     }),
-    emailVerified: Field.boolean({
+    email_verified: Field.boolean({
       label: "Email Verified",
       defaultValue: false
     }),
@@ -377,7 +377,7 @@ var AuthUser = ObjectSchema.create({
   // Database indexes for performance
   indexes: [
     { fields: ["email"], unique: true },
-    { fields: ["createdAt"], unique: false }
+    { fields: ["created_at"], unique: false }
   ],
   // Enable features
   enable: {
@@ -410,28 +410,28 @@ var AuthSession = ObjectSchema2.create({
   icon: "key",
   description: "Active user sessions",
   titleFormat: "Session {token}",
-  compactLayout: ["userId", "expiresAt", "ipAddress"],
+  compactLayout: ["user_id", "expires_at", "ip_address"],
   fields: {
     id: Field2.text({
       label: "Session ID",
       required: true,
       readonly: true
     }),
-    createdAt: Field2.datetime({
+    created_at: Field2.datetime({
       label: "Created At",
       defaultValue: "NOW()",
       readonly: true
     }),
-    updatedAt: Field2.datetime({
+    updated_at: Field2.datetime({
       label: "Updated At",
       defaultValue: "NOW()",
       readonly: true
     }),
-    userId: Field2.text({
+    user_id: Field2.text({
       label: "User ID",
       required: true
     }),
-    expiresAt: Field2.datetime({
+    expires_at: Field2.datetime({
       label: "Expires At",
       required: true
     }),
@@ -439,13 +439,13 @@ var AuthSession = ObjectSchema2.create({
       label: "Session Token",
       required: true
     }),
-    ipAddress: Field2.text({
+    ip_address: Field2.text({
       label: "IP Address",
       required: false,
       maxLength: 45
       // Support IPv6
     }),
-    userAgent: Field2.textarea({
+    user_agent: Field2.textarea({
       label: "User Agent",
       required: false
     })
@@ -453,8 +453,8 @@ var AuthSession = ObjectSchema2.create({
   // Database indexes for performance
   indexes: [
     { fields: ["token"], unique: true },
-    { fields: ["userId"], unique: false },
-    { fields: ["expiresAt"], unique: false }
+    { fields: ["user_id"], unique: false },
+    { fields: ["expires_at"], unique: false }
   ],
   // Enable features
   enable: {
@@ -478,56 +478,56 @@ var AuthAccount = ObjectSchema3.create({
   pluralLabel: "Accounts",
   icon: "link",
   description: "OAuth and authentication provider accounts",
-  titleFormat: "{providerId} - {accountId}",
-  compactLayout: ["providerId", "userId", "accountId"],
+  titleFormat: "{provider_id} - {account_id}",
+  compactLayout: ["provider_id", "user_id", "account_id"],
   fields: {
     id: Field3.text({
       label: "Account ID",
       required: true,
       readonly: true
     }),
-    createdAt: Field3.datetime({
+    created_at: Field3.datetime({
       label: "Created At",
       defaultValue: "NOW()",
       readonly: true
     }),
-    updatedAt: Field3.datetime({
+    updated_at: Field3.datetime({
       label: "Updated At",
       defaultValue: "NOW()",
       readonly: true
     }),
-    providerId: Field3.text({
+    provider_id: Field3.text({
       label: "Provider ID",
       required: true,
       description: "OAuth provider identifier (google, github, etc.)"
     }),
-    accountId: Field3.text({
+    account_id: Field3.text({
       label: "Provider Account ID",
       required: true,
       description: "User's ID in the provider's system"
     }),
-    userId: Field3.text({
+    user_id: Field3.text({
       label: "User ID",
       required: true,
       description: "Link to user table"
     }),
-    accessToken: Field3.textarea({
+    access_token: Field3.textarea({
       label: "Access Token",
       required: false
     }),
-    refreshToken: Field3.textarea({
+    refresh_token: Field3.textarea({
       label: "Refresh Token",
       required: false
     }),
-    idToken: Field3.textarea({
+    id_token: Field3.textarea({
       label: "ID Token",
       required: false
     }),
-    accessTokenExpiresAt: Field3.datetime({
+    access_token_expires_at: Field3.datetime({
       label: "Access Token Expires At",
       required: false
     }),
-    refreshTokenExpiresAt: Field3.datetime({
+    refresh_token_expires_at: Field3.datetime({
       label: "Refresh Token Expires At",
       required: false
     }),
@@ -543,8 +543,8 @@ var AuthAccount = ObjectSchema3.create({
   },
   // Database indexes for performance
   indexes: [
-    { fields: ["userId"], unique: false },
-    { fields: ["providerId", "accountId"], unique: true }
+    { fields: ["user_id"], unique: false },
+    { fields: ["provider_id", "account_id"], unique: true }
   ],
   // Enable features
   enable: {
@@ -566,19 +566,19 @@ var AuthVerification = ObjectSchema4.create({
   icon: "shield-check",
   description: "Email and phone verification tokens",
   titleFormat: "Verification for {identifier}",
-  compactLayout: ["identifier", "expiresAt", "createdAt"],
+  compactLayout: ["identifier", "expires_at", "created_at"],
   fields: {
     id: Field4.text({
       label: "Verification ID",
       required: true,
       readonly: true
     }),
-    createdAt: Field4.datetime({
+    created_at: Field4.datetime({
       label: "Created At",
       defaultValue: "NOW()",
       readonly: true
     }),
-    updatedAt: Field4.datetime({
+    updated_at: Field4.datetime({
       label: "Updated At",
       defaultValue: "NOW()",
       readonly: true
@@ -588,7 +588,7 @@ var AuthVerification = ObjectSchema4.create({
       required: true,
       description: "Token or code for verification"
     }),
-    expiresAt: Field4.datetime({
+    expires_at: Field4.datetime({
       label: "Expires At",
       required: true
     }),
@@ -602,7 +602,7 @@ var AuthVerification = ObjectSchema4.create({
   indexes: [
     { fields: ["value"], unique: true },
     { fields: ["identifier"], unique: false },
-    { fields: ["expiresAt"], unique: false }
+    { fields: ["expires_at"], unique: false }
   ],
   // Enable features
   enable: {