@objectstack/plugin-auth 3.2.3 → 3.2.5

package/.turbo/turbo-build.log

@@ -1,5 +1,5 @@
 
-> @objectstack/plugin-auth@3.2.3 build /home/runner/work/spec/spec/packages/plugins/plugin-auth
+> @objectstack/plugin-auth@3.2.5 build /home/runner/work/spec/spec/packages/plugins/plugin-auth
 > tsup --config ../../../tsup.config.ts
 
 CLI Building entry: src/index.ts
@@ -10,13 +10,13 @@
 CLI Cleaning output folder
 ESM Build start
 CJS Build start
-ESM dist/index.mjs     20.62 KB
-ESM dist/index.mjs.map 44.89 KB
-ESM ⚡️ Build success in 53ms
-CJS dist/index.js     22.36 KB
-CJS dist/index.js.map 45.45 KB
-CJS ⚡️ Build success in 54ms
+ESM dist/index.mjs     26.88 KB
+ESM dist/index.mjs.map 65.75 KB
+ESM ⚡️ Build success in 63ms
+CJS dist/index.js     29.59 KB
+CJS dist/index.js.map 66.40 KB
+CJS ⚡️ Build success in 72ms
 DTS Build start
-DTS ⚡️ Build success in 7878ms
-DTS dist/index.d.mts 409.21 KB
-DTS dist/index.d.ts  409.21 KB
+DTS ⚡️ Build success in 7688ms
+DTS dist/index.d.mts 421.97 KB
+DTS dist/index.d.ts  421.97 KB

package/CHANGELOG.md

@@ -1,5 +1,21 @@
 # Changelog
 
+## 3.2.5
+
+### Patch Changes
+
+- e854538: fix beyyer-auth
+  - @objectstack/spec@3.2.5
+  - @objectstack/core@3.2.5
+
+## 3.2.4
+
+### Patch Changes
+
+- f490991: fix better-auth
+  - @objectstack/spec@3.2.4
+  - @objectstack/core@3.2.4
+
 ## 3.2.3
 
 ### Patch Changes

package/README.md

@@ -215,38 +215,75 @@ export const AuthUser = ObjectSchema.create({
 **Database Objects:**
 Uses ObjectStack `sys_` prefixed protocol names with snake_case field naming.
 The adapter automatically maps better-auth model names to protocol names:
+
+*Core models:*
 - `sys_user` (← better-auth `user`) - User accounts (id, email, name, email_verified, created_at, etc.)
 - `sys_session` (← better-auth `session`) - Active sessions (id, token, user_id, expires_at, ip_address, etc.)
 - `sys_account` (← better-auth `account`) - OAuth provider accounts (id, provider_id, account_id, user_id, tokens, etc.)
 - `sys_verification` (← better-auth `verification`) - Verification tokens (id, value, identifier, expires_at, etc.)
 
-**Adapter:**
-The `createObjectQLAdapter()` function bridges better-auth's database interface to ObjectQL's IDataEngine. It includes a model→protocol name mapping (`AUTH_MODEL_TO_PROTOCOL`) that translates better-auth's hardcoded model names (e.g. `user`) to ObjectStack protocol names (e.g. `sys_user`):
+*Organization plugin (when `plugins.organization: true`):*
+- `sys_organization` (← `organization`) - Organizations (id, name, slug, logo, created_at, etc.)
+- `sys_member` (← `member`) - Organization members (id, organization_id, user_id, role, created_at)
+- `sys_invitation` (← `invitation`) - Invitations (id, organization_id, inviter_id, email, role, expires_at, etc.)
+- `sys_team` (← `team`) - Teams (id, name, organization_id, created_at, etc.)
+- `sys_team_member` (← `teamMember`) - Team members (id, team_id, user_id, created_at)
 
-```typescript
-// Better-auth → ObjectQL Adapter (handles model name mapping + field transformation)
-import { createObjectQLAdapter, AUTH_MODEL_TO_PROTOCOL } from '@objectstack/plugin-auth';
+*Two-Factor plugin (when `plugins.twoFactor: true`):*
+- `sys_two_factor` (← `twoFactor`) - 2FA secrets (id, secret, backup_codes, user_id)
+
+**Schema Mapping (modelName + fields):**
 
-const adapter = createObjectQLAdapter(dataEngine);
+better-auth uses camelCase field names internally (`emailVerified`, `userId`, `createdAt`, etc.)
+while ObjectStack's protocol layer uses snake_case (`email_verified`, `user_id`, `created_at`).
 
-// Mapping: { user: 'sys_user', session: 'sys_session', account: 'sys_account', verification: 'sys_verification' }
-console.log(AUTH_MODEL_TO_PROTOCOL);
+The plugin leverages better-auth's official `modelName` / `fields` schema customisation API
+to declare the mapping at configuration time. The `createAdapterFactory` wrapper then
+transforms data and where-clauses automatically — no runtime camelCase ↔ snake_case
+conversion is needed in the adapter itself.
 
-// better-auth requires a DBAdapterInstance (factory function), not a raw adapter object.
-// Passing a plain object falls through to the Kysely adapter path and fails silently.
-// Wrap the adapter in a factory function:
+```typescript
+// Schema mapping constants (auth-schema-config.ts)
+import {
+  AUTH_USER_CONFIG,
+  AUTH_SESSION_CONFIG,
+  AUTH_ACCOUNT_CONFIG,
+  AUTH_VERIFICATION_CONFIG,
+  buildOrganizationPluginSchema,
+  buildTwoFactorPluginSchema,
+} from '@objectstack/plugin-auth';
+
+// Applied to the betterAuth() config:
 const auth = betterAuth({
-  database: (options) => ({
-    id: 'objectql',
-    ...adapter,
-    transaction: async (cb) => cb(adapter),
-  }),
-  // ... other config
+  database: createObjectQLAdapterFactory(dataEngine),
+  user:         { ...AUTH_USER_CONFIG },
+  session:      { ...AUTH_SESSION_CONFIG, expiresIn: 604800 },
+  account:      { ...AUTH_ACCOUNT_CONFIG },
+  verification: { ...AUTH_VERIFICATION_CONFIG },
+  plugins: [
+    organization({ schema: buildOrganizationPluginSchema() }),
+    twoFactor({ schema: buildTwoFactorPluginSchema() }),
+  ],
 });
 ```
 
-> **Note:** `AuthManager` handles this wrapping automatically when you provide a `dataEngine`.
-> You only need the factory pattern above when using `createObjectQLAdapter()` directly.
+**Adapter Factory:**
+The `createObjectQLAdapterFactory()` function uses better-auth's `createAdapterFactory` to
+bridge ObjectQL's IDataEngine with better-auth. Model-name and field-name transformations
+are applied by the factory wrapper so the adapter code stays simple:
+
+```typescript
+import { createObjectQLAdapterFactory } from '@objectstack/plugin-auth';
+
+const adapterFactory = createObjectQLAdapterFactory(dataEngine);
+// adapterFactory is (options: BetterAuthOptions) => DBAdapter
+```
+
+> **Note:** `AuthManager` handles all of this automatically when you provide a `dataEngine`.
+> You only need the factory/config above when using the adapter directly.
+
+A legacy `createObjectQLAdapter()` function (with manual model-name mapping via
+`AUTH_MODEL_TO_PROTOCOL`) is still exported for backward compatibility.
 
 ## Development
 

package/dist/index.d.mts

@@ -3,6 +3,7 @@ import { AuthConfig } from '@objectstack/spec/system';
 export { AuthConfig, AuthPluginConfig, AuthProviderConfig } from '@objectstack/spec/system';
 import * as better_auth from 'better-auth';
 import { Auth } from 'better-auth';
+import * as better_auth_adapters from 'better-auth/adapters';
 import { CleanedWhere } from 'better-auth/adapters';
 import { z } from 'zod';
 import * as _objectstack_spec_data from '@objectstack/spec/data';
@@ -90,6 +91,13 @@ interface AuthManagerOptions extends Partial<AuthConfig> {
      * Required for database operations using ObjectQL instead of third-party ORMs
      */
     dataEngine?: IDataEngine;
+    /**
+     * Base path for auth routes
+     * Forwarded to better-auth's basePath option so it can match incoming
+     * request URLs without manual path rewriting.
+     * @default '/api/v1/auth'
+     */
+    basePath?: string;
 }
 /**
  * Authentication Manager
@@ -115,6 +123,14 @@ declare class AuthManager {
      * Create a better-auth instance from configuration
      */
     private createAuthInstance;
+    /**
+     * Build the list of better-auth plugins based on AuthPluginConfig flags.
+     *
+     * Each plugin that introduces its own database tables is configured with
+     * a `schema` option containing the appropriate snake_case field mappings,
+     * so that `createAdapterFactory` transforms them automatically.
+     */
+    private buildPluginList;
     /**
      * Create database configuration using ObjectQL adapter
      *
@@ -2257,17 +2273,35 @@ declare const AUTH_MODEL_TO_PROTOCOL: Record<string, string>;
  */
 declare function resolveProtocolName(model: string): string;
 /**
- * ObjectQL Adapter for better-auth
+ * Create an ObjectQL adapter **factory** for better-auth.
+ *
+ * Uses better-auth's official `createAdapterFactory` so that model-name and
+ * field-name transformations (declared via `modelName` / `fields` in the
+ * betterAuth config) are applied **automatically** before any data reaches
+ * ObjectQL. This eliminates the need for manual camelCase ↔ snake_case
+ * conversion inside the adapter.
+ *
+ * The returned value is an `AdapterFactory` – a function of type
+ * `(options: BetterAuthOptions) => DBAdapter` – which is the shape expected
+ * by `betterAuth({ database: … })`.
+ *
+ * @param dataEngine - ObjectQL data engine instance
+ * @returns better-auth AdapterFactory
+ */
+declare function createObjectQLAdapterFactory(dataEngine: IDataEngine): better_auth_adapters.AdapterFactory<better_auth.BetterAuthOptions>;
+/**
+ * Create a raw ObjectQL adapter for better-auth (without factory wrapping).
  *
- * Bridges better-auth's database adapter interface with ObjectQL's IDataEngine.
- * This allows better-auth to use ObjectQL for data persistence instead of
- * third-party ORMs like drizzle-orm.
+ * > **Prefer {@link createObjectQLAdapterFactory}** for production use.
+ * > The factory version leverages `createAdapterFactory` and automatically
+ * > handles model-name + field-name transformations declared in the
+ * > better-auth config.
  *
- * Model names from better-auth (e.g. 'user') are automatically mapped to
- * ObjectStack protocol names (e.g. 'sys_user') via {@link AUTH_MODEL_TO_PROTOCOL}.
+ * This function is retained for direct / low-level usage where callers
+ * manage field-name conversion themselves.
  *
  * @param dataEngine - ObjectQL data engine instance
- * @returns better-auth CustomAdapter
+ * @returns better-auth CustomAdapter (raw, without factory wrapping)
  */
 declare function createObjectQLAdapter(dataEngine: IDataEngine): {
     create: <T extends Record<string, any>>({ model, data, select: _select }: {
@@ -2316,6 +2350,313 @@ declare function createObjectQLAdapter(dataEngine: IDataEngine): {
     }) => Promise<number>;
 };
 
+/**
+ * better-auth ↔ ObjectStack Schema Mapping
+ *
+ * better-auth uses camelCase field names internally (e.g. `emailVerified`, `userId`)
+ * while ObjectStack's protocol layer uses snake_case (e.g. `email_verified`, `user_id`).
+ *
+ * These constants declare the `modelName` and `fields` mappings for each core auth
+ * model, following better-auth's official schema customisation API
+ * ({@link https://www.better-auth.com/docs/concepts/database}).
+ *
+ * The mappings serve two purposes:
+ * 1. `modelName` — maps the default model name to the ObjectStack protocol name
+ *    (e.g. `user` → `sys_user`).
+ * 2. `fields`   — maps camelCase field names to their snake_case database column
+ *    equivalents. Only fields whose names differ need to be listed; fields that
+ *    are already identical (e.g. `email`, `name`, `token`) are omitted.
+ *
+ * These mappings are consumed by:
+ * - The `betterAuth()` configuration in {@link AuthManager} so that
+ *   `getAuthTables()` builds the correct schema.
+ * - The ObjectQL adapter factory (via `createAdapterFactory`) which uses the
+ *   schema to transform data and where-clauses automatically.
+ */
+/**
+ * better-auth `user` model mapping.
+ *
+ * | camelCase (better-auth) | snake_case (ObjectStack) |
+ * |:------------------------|:-------------------------|
+ * | emailVerified           | email_verified           |
+ * | createdAt               | created_at               |
+ * | updatedAt               | updated_at               |
+ */
+declare const AUTH_USER_CONFIG: {
+    readonly modelName: "sys_user";
+    readonly fields: {
+        readonly emailVerified: "email_verified";
+        readonly createdAt: "created_at";
+        readonly updatedAt: "updated_at";
+    };
+};
+/**
+ * better-auth `session` model mapping.
+ *
+ * | camelCase (better-auth) | snake_case (ObjectStack) |
+ * |:------------------------|:-------------------------|
+ * | userId                  | user_id                  |
+ * | expiresAt               | expires_at               |
+ * | createdAt               | created_at               |
+ * | updatedAt               | updated_at               |
+ * | ipAddress               | ip_address               |
+ * | userAgent               | user_agent               |
+ */
+declare const AUTH_SESSION_CONFIG: {
+    readonly modelName: "sys_session";
+    readonly fields: {
+        readonly userId: "user_id";
+        readonly expiresAt: "expires_at";
+        readonly createdAt: "created_at";
+        readonly updatedAt: "updated_at";
+        readonly ipAddress: "ip_address";
+        readonly userAgent: "user_agent";
+    };
+};
+/**
+ * better-auth `account` model mapping.
+ *
+ * | camelCase (better-auth)   | snake_case (ObjectStack)       |
+ * |:--------------------------|:-------------------------------|
+ * | userId                    | user_id                        |
+ * | providerId                | provider_id                    |
+ * | accountId                 | account_id                     |
+ * | accessToken               | access_token                   |
+ * | refreshToken              | refresh_token                  |
+ * | idToken                   | id_token                       |
+ * | accessTokenExpiresAt      | access_token_expires_at        |
+ * | refreshTokenExpiresAt     | refresh_token_expires_at       |
+ * | createdAt                 | created_at                     |
+ * | updatedAt                 | updated_at                     |
+ */
+declare const AUTH_ACCOUNT_CONFIG: {
+    readonly modelName: "sys_account";
+    readonly fields: {
+        readonly userId: "user_id";
+        readonly providerId: "provider_id";
+        readonly accountId: "account_id";
+        readonly accessToken: "access_token";
+        readonly refreshToken: "refresh_token";
+        readonly idToken: "id_token";
+        readonly accessTokenExpiresAt: "access_token_expires_at";
+        readonly refreshTokenExpiresAt: "refresh_token_expires_at";
+        readonly createdAt: "created_at";
+        readonly updatedAt: "updated_at";
+    };
+};
+/**
+ * better-auth `verification` model mapping.
+ *
+ * | camelCase (better-auth) | snake_case (ObjectStack) |
+ * |:------------------------|:-------------------------|
+ * | expiresAt               | expires_at               |
+ * | createdAt               | created_at               |
+ * | updatedAt               | updated_at               |
+ */
+declare const AUTH_VERIFICATION_CONFIG: {
+    readonly modelName: "sys_verification";
+    readonly fields: {
+        readonly expiresAt: "expires_at";
+        readonly createdAt: "created_at";
+        readonly updatedAt: "updated_at";
+    };
+};
+/**
+ * better-auth Organization plugin `organization` model mapping.
+ *
+ * | camelCase (better-auth) | snake_case (ObjectStack) |
+ * |:------------------------|:-------------------------|
+ * | createdAt               | created_at               |
+ * | updatedAt               | updated_at               |
+ */
+declare const AUTH_ORGANIZATION_SCHEMA: {
+    readonly modelName: "sys_organization";
+    readonly fields: {
+        readonly createdAt: "created_at";
+        readonly updatedAt: "updated_at";
+    };
+};
+/**
+ * better-auth Organization plugin `member` model mapping.
+ *
+ * | camelCase (better-auth) | snake_case (ObjectStack) |
+ * |:------------------------|:-------------------------|
+ * | organizationId          | organization_id          |
+ * | userId                  | user_id                  |
+ * | createdAt               | created_at               |
+ */
+declare const AUTH_MEMBER_SCHEMA: {
+    readonly modelName: "sys_member";
+    readonly fields: {
+        readonly organizationId: "organization_id";
+        readonly userId: "user_id";
+        readonly createdAt: "created_at";
+    };
+};
+/**
+ * better-auth Organization plugin `invitation` model mapping.
+ *
+ * | camelCase (better-auth) | snake_case (ObjectStack) |
+ * |:------------------------|:-------------------------|
+ * | organizationId          | organization_id          |
+ * | inviterId               | inviter_id               |
+ * | expiresAt               | expires_at               |
+ * | createdAt               | created_at               |
+ * | teamId                  | team_id                  |
+ */
+declare const AUTH_INVITATION_SCHEMA: {
+    readonly modelName: "sys_invitation";
+    readonly fields: {
+        readonly organizationId: "organization_id";
+        readonly inviterId: "inviter_id";
+        readonly expiresAt: "expires_at";
+        readonly createdAt: "created_at";
+        readonly teamId: "team_id";
+    };
+};
+/**
+ * Organization plugin adds `activeOrganizationId` (and optionally
+ * `activeTeamId`) to the session model. These field mappings are
+ * injected via the organization plugin's `schema.session.fields`.
+ */
+declare const AUTH_ORG_SESSION_FIELDS: {
+    readonly activeOrganizationId: "active_organization_id";
+    readonly activeTeamId: "active_team_id";
+};
+/**
+ * better-auth Organization plugin `team` model mapping.
+ *
+ * | camelCase (better-auth) | snake_case (ObjectStack) |
+ * |:------------------------|:-------------------------|
+ * | organizationId          | organization_id          |
+ * | createdAt               | created_at               |
+ * | updatedAt               | updated_at               |
+ */
+declare const AUTH_TEAM_SCHEMA: {
+    readonly modelName: "sys_team";
+    readonly fields: {
+        readonly organizationId: "organization_id";
+        readonly createdAt: "created_at";
+        readonly updatedAt: "updated_at";
+    };
+};
+/**
+ * better-auth Organization plugin `teamMember` model mapping.
+ *
+ * | camelCase (better-auth) | snake_case (ObjectStack) |
+ * |:------------------------|:-------------------------|
+ * | teamId                  | team_id                  |
+ * | userId                  | user_id                  |
+ * | createdAt               | created_at               |
+ */
+declare const AUTH_TEAM_MEMBER_SCHEMA: {
+    readonly modelName: "sys_team_member";
+    readonly fields: {
+        readonly teamId: "team_id";
+        readonly userId: "user_id";
+        readonly createdAt: "created_at";
+    };
+};
+/**
+ * better-auth Two-Factor plugin `twoFactor` model mapping.
+ *
+ * | camelCase (better-auth) | snake_case (ObjectStack) |
+ * |:------------------------|:-------------------------|
+ * | backupCodes             | backup_codes             |
+ * | userId                  | user_id                  |
+ */
+declare const AUTH_TWO_FACTOR_SCHEMA: {
+    readonly modelName: "sys_two_factor";
+    readonly fields: {
+        readonly backupCodes: "backup_codes";
+        readonly userId: "user_id";
+    };
+};
+/**
+ * Two-Factor plugin adds a `twoFactorEnabled` field to the user model.
+ */
+declare const AUTH_TWO_FACTOR_USER_FIELDS: {
+    readonly twoFactorEnabled: "two_factor_enabled";
+};
+/**
+ * Builds the `schema` option for better-auth's `twoFactor()` plugin.
+ *
+ * @returns An object suitable for `twoFactor({ schema: … })`
+ */
+declare function buildTwoFactorPluginSchema(): {
+    twoFactor: {
+        readonly modelName: "sys_two_factor";
+        readonly fields: {
+            readonly backupCodes: "backup_codes";
+            readonly userId: "user_id";
+        };
+    };
+    user: {
+        fields: {
+            readonly twoFactorEnabled: "two_factor_enabled";
+        };
+    };
+};
+/**
+ * Builds the `schema` option for better-auth's `organization()` plugin.
+ *
+ * The organization plugin accepts a `schema` sub-option that allows
+ * customising model names and field names for each table it manages.
+ * This helper assembles the correct snake_case mappings from the
+ * individual `AUTH_*_SCHEMA` constants above.
+ *
+ * @returns An object suitable for `organization({ schema: … })`
+ */
+declare function buildOrganizationPluginSchema(): {
+    organization: {
+        readonly modelName: "sys_organization";
+        readonly fields: {
+            readonly createdAt: "created_at";
+            readonly updatedAt: "updated_at";
+        };
+    };
+    member: {
+        readonly modelName: "sys_member";
+        readonly fields: {
+            readonly organizationId: "organization_id";
+            readonly userId: "user_id";
+            readonly createdAt: "created_at";
+        };
+    };
+    invitation: {
+        readonly modelName: "sys_invitation";
+        readonly fields: {
+            readonly organizationId: "organization_id";
+            readonly inviterId: "inviter_id";
+            readonly expiresAt: "expires_at";
+            readonly createdAt: "created_at";
+            readonly teamId: "team_id";
+        };
+    };
+    team: {
+        readonly modelName: "sys_team";
+        readonly fields: {
+            readonly organizationId: "organization_id";
+            readonly createdAt: "created_at";
+            readonly updatedAt: "updated_at";
+        };
+    };
+    teamMember: {
+        readonly modelName: "sys_team_member";
+        readonly fields: {
+            readonly teamId: "team_id";
+            readonly userId: "user_id";
+            readonly createdAt: "created_at";
+        };
+    };
+    session: {
+        fields: {
+            readonly activeOrganizationId: "active_organization_id";
+            readonly activeTeamId: "active_team_id";
+        };
+    };
+};
+
 /**
  * XState-inspired State Machine Protocol
  * Used to define strict business logic constraints and lifecycle management.
@@ -2382,7 +2723,7 @@ declare const AuthUser: Omit<{
     abstract: boolean;
     datasource: string;
     fields: Record<string, {
-        type: "number" | "boolean" | "select" | "date" | "file" | "email" | "url" | "time" | "code" | "password" | "image" | "json" | "location" | "tags" | "lookup" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "currency" | "percent" | "datetime" | "toggle" | "multiselect" | "radio" | "checkboxes" | "master_detail" | "tree" | "avatar" | "video" | "audio" | "formula" | "summary" | "autonumber" | "address" | "color" | "rating" | "slider" | "signature" | "qrcode" | "progress" | "vector";
+        type: "number" | "boolean" | "select" | "date" | "file" | "email" | "url" | "image" | "password" | "time" | "code" | "json" | "location" | "tags" | "lookup" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "currency" | "percent" | "datetime" | "toggle" | "multiselect" | "radio" | "checkboxes" | "master_detail" | "tree" | "avatar" | "video" | "audio" | "formula" | "summary" | "autonumber" | "address" | "color" | "rating" | "slider" | "signature" | "qrcode" | "progress" | "vector";
         required: boolean;
         searchable: boolean;
         multiple: boolean;
@@ -3859,7 +4200,7 @@ declare const AuthSession: Omit<{
     abstract: boolean;
     datasource: string;
     fields: Record<string, {
-        type: "number" | "boolean" | "select" | "date" | "file" | "email" | "url" | "time" | "code" | "password" | "image" | "json" | "location" | "tags" | "lookup" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "currency" | "percent" | "datetime" | "toggle" | "multiselect" | "radio" | "checkboxes" | "master_detail" | "tree" | "avatar" | "video" | "audio" | "formula" | "summary" | "autonumber" | "address" | "color" | "rating" | "slider" | "signature" | "qrcode" | "progress" | "vector";
+        type: "number" | "boolean" | "select" | "date" | "file" | "email" | "url" | "image" | "password" | "time" | "code" | "json" | "location" | "tags" | "lookup" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "currency" | "percent" | "datetime" | "toggle" | "multiselect" | "radio" | "checkboxes" | "master_detail" | "tree" | "avatar" | "video" | "audio" | "formula" | "summary" | "autonumber" | "address" | "color" | "rating" | "slider" | "signature" | "qrcode" | "progress" | "vector";
         required: boolean;
         searchable: boolean;
         multiple: boolean;
@@ -5494,7 +5835,7 @@ declare const AuthAccount: Omit<{
     abstract: boolean;
     datasource: string;
     fields: Record<string, {
-        type: "number" | "boolean" | "select" | "date" | "file" | "email" | "url" | "time" | "code" | "password" | "image" | "json" | "location" | "tags" | "lookup" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "currency" | "percent" | "datetime" | "toggle" | "multiselect" | "radio" | "checkboxes" | "master_detail" | "tree" | "avatar" | "video" | "audio" | "formula" | "summary" | "autonumber" | "address" | "color" | "rating" | "slider" | "signature" | "qrcode" | "progress" | "vector";
+        type: "number" | "boolean" | "select" | "date" | "file" | "email" | "url" | "image" | "password" | "time" | "code" | "json" | "location" | "tags" | "lookup" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "currency" | "percent" | "datetime" | "toggle" | "multiselect" | "radio" | "checkboxes" | "master_detail" | "tree" | "avatar" | "video" | "audio" | "formula" | "summary" | "autonumber" | "address" | "color" | "rating" | "slider" | "signature" | "qrcode" | "progress" | "vector";
         required: boolean;
         searchable: boolean;
         multiple: boolean;
@@ -7909,7 +8250,7 @@ declare const AuthVerification: Omit<{
     abstract: boolean;
     datasource: string;
     fields: Record<string, {
-        type: "number" | "boolean" | "select" | "date" | "file" | "email" | "url" | "time" | "code" | "password" | "image" | "json" | "location" | "tags" | "lookup" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "currency" | "percent" | "datetime" | "toggle" | "multiselect" | "radio" | "checkboxes" | "master_detail" | "tree" | "avatar" | "video" | "audio" | "formula" | "summary" | "autonumber" | "address" | "color" | "rating" | "slider" | "signature" | "qrcode" | "progress" | "vector";
+        type: "number" | "boolean" | "select" | "date" | "file" | "email" | "url" | "image" | "password" | "time" | "code" | "json" | "location" | "tags" | "lookup" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "currency" | "percent" | "datetime" | "toggle" | "multiselect" | "radio" | "checkboxes" | "master_detail" | "tree" | "avatar" | "video" | "audio" | "formula" | "summary" | "autonumber" | "address" | "color" | "rating" | "slider" | "signature" | "qrcode" | "progress" | "vector";
         required: boolean;
         searchable: boolean;
         multiple: boolean;
@@ -9203,4 +9544,4 @@ declare const AuthVerification: Omit<{
     };
 }, "fields">;
 
-export { AUTH_MODEL_TO_PROTOCOL, AuthAccount, AuthManager, type AuthManagerOptions, AuthPlugin, type AuthPluginOptions, AuthSession, AuthUser, AuthVerification, createObjectQLAdapter, resolveProtocolName };
+export { AUTH_ACCOUNT_CONFIG, AUTH_INVITATION_SCHEMA, AUTH_MEMBER_SCHEMA, AUTH_MODEL_TO_PROTOCOL, AUTH_ORGANIZATION_SCHEMA, AUTH_ORG_SESSION_FIELDS, AUTH_SESSION_CONFIG, AUTH_TEAM_MEMBER_SCHEMA, AUTH_TEAM_SCHEMA, AUTH_TWO_FACTOR_SCHEMA, AUTH_TWO_FACTOR_USER_FIELDS, AUTH_USER_CONFIG, AUTH_VERIFICATION_CONFIG, AuthAccount, AuthManager, type AuthManagerOptions, AuthPlugin, type AuthPluginOptions, AuthSession, AuthUser, AuthVerification, buildOrganizationPluginSchema, buildTwoFactorPluginSchema, createObjectQLAdapter, createObjectQLAdapterFactory, resolveProtocolName };