@objectstack/plugin-auth 4.0.3 → 4.0.5

package/src/objectql-adapter.test.ts

@@ -1,281 +0,0 @@
-// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.
-
-import { describe, it, expect, vi, beforeEach } from 'vitest';
-import {
-  createObjectQLAdapter,
-  createObjectQLAdapterFactory,
-  AUTH_MODEL_TO_PROTOCOL,
-  resolveProtocolName,
-} from './objectql-adapter';
-import {
-  AUTH_USER_CONFIG,
-  AUTH_SESSION_CONFIG,
-  AUTH_ACCOUNT_CONFIG,
-  AUTH_VERIFICATION_CONFIG,
-  AUTH_ORGANIZATION_SCHEMA,
-  AUTH_MEMBER_SCHEMA,
-  AUTH_INVITATION_SCHEMA,
-  AUTH_TEAM_SCHEMA,
-  AUTH_TEAM_MEMBER_SCHEMA,
-  AUTH_TWO_FACTOR_SCHEMA,
-  AUTH_ORG_SESSION_FIELDS,
-  buildOrganizationPluginSchema,
-  buildTwoFactorPluginSchema,
-} from './auth-schema-config';
-import { SystemObjectName } from '@objectstack/spec/system';
-import type { IDataEngine } from '@objectstack/core';
-
-describe('AUTH_MODEL_TO_PROTOCOL mapping', () => {
-  it('should map all four core better-auth models to sys_ protocol names', () => {
-    expect(AUTH_MODEL_TO_PROTOCOL.user).toBe('sys_user');
-    expect(AUTH_MODEL_TO_PROTOCOL.session).toBe('sys_session');
-    expect(AUTH_MODEL_TO_PROTOCOL.account).toBe('sys_account');
-    expect(AUTH_MODEL_TO_PROTOCOL.verification).toBe('sys_verification');
-  });
-
-  it('should align with SystemObjectName constants', () => {
-    expect(AUTH_MODEL_TO_PROTOCOL.user).toBe(SystemObjectName.USER);
-    expect(AUTH_MODEL_TO_PROTOCOL.session).toBe(SystemObjectName.SESSION);
-    expect(AUTH_MODEL_TO_PROTOCOL.account).toBe(SystemObjectName.ACCOUNT);
-    expect(AUTH_MODEL_TO_PROTOCOL.verification).toBe(SystemObjectName.VERIFICATION);
-  });
-});
-
-describe('resolveProtocolName', () => {
-  it('should resolve core models to sys_ prefixed names', () => {
-    expect(resolveProtocolName('user')).toBe('sys_user');
-    expect(resolveProtocolName('session')).toBe('sys_session');
-    expect(resolveProtocolName('account')).toBe('sys_account');
-    expect(resolveProtocolName('verification')).toBe('sys_verification');
-  });
-
-  it('should fall back to original name for unknown models', () => {
-    expect(resolveProtocolName('organization')).toBe('organization');
-    expect(resolveProtocolName('custom_model')).toBe('custom_model');
-  });
-});
-
-describe('AUTH_*_CONFIG schema mappings', () => {
-  it('should define correct modelName for all core models', () => {
-    expect(AUTH_USER_CONFIG.modelName).toBe('sys_user');
-    expect(AUTH_SESSION_CONFIG.modelName).toBe('sys_session');
-    expect(AUTH_ACCOUNT_CONFIG.modelName).toBe('sys_account');
-    expect(AUTH_VERIFICATION_CONFIG.modelName).toBe('sys_verification');
-  });
-
-  it('should map user camelCase fields to snake_case', () => {
-    expect(AUTH_USER_CONFIG.fields).toEqual({
-      emailVerified: 'email_verified',
-      createdAt: 'created_at',
-      updatedAt: 'updated_at',
-    });
-  });
-
-  it('should map session camelCase fields to snake_case', () => {
-    expect(AUTH_SESSION_CONFIG.fields).toEqual({
-      userId: 'user_id',
-      expiresAt: 'expires_at',
-      createdAt: 'created_at',
-      updatedAt: 'updated_at',
-      ipAddress: 'ip_address',
-      userAgent: 'user_agent',
-    });
-  });
-
-  it('should map account camelCase fields to snake_case', () => {
-    expect(AUTH_ACCOUNT_CONFIG.fields).toEqual({
-      userId: 'user_id',
-      providerId: 'provider_id',
-      accountId: 'account_id',
-      accessToken: 'access_token',
-      refreshToken: 'refresh_token',
-      idToken: 'id_token',
-      accessTokenExpiresAt: 'access_token_expires_at',
-      refreshTokenExpiresAt: 'refresh_token_expires_at',
-      createdAt: 'created_at',
-      updatedAt: 'updated_at',
-    });
-  });
-
-  it('should map verification camelCase fields to snake_case', () => {
-    expect(AUTH_VERIFICATION_CONFIG.fields).toEqual({
-      expiresAt: 'expires_at',
-      createdAt: 'created_at',
-      updatedAt: 'updated_at',
-    });
-  });
-});
-
-describe('AUTH_*_SCHEMA plugin table mappings', () => {
-  it('should define organization model mapping', () => {
-    expect(AUTH_ORGANIZATION_SCHEMA.modelName).toBe('sys_organization');
-    expect(AUTH_ORGANIZATION_SCHEMA.fields).toEqual({
-      createdAt: 'created_at',
-      updatedAt: 'updated_at',
-    });
-  });
-
-  it('should define member model mapping', () => {
-    expect(AUTH_MEMBER_SCHEMA.modelName).toBe('sys_member');
-    expect(AUTH_MEMBER_SCHEMA.fields).toEqual({
-      organizationId: 'organization_id',
-      userId: 'user_id',
-      createdAt: 'created_at',
-    });
-  });
-
-  it('should define invitation model mapping', () => {
-    expect(AUTH_INVITATION_SCHEMA.modelName).toBe('sys_invitation');
-    expect(AUTH_INVITATION_SCHEMA.fields).toEqual({
-      organizationId: 'organization_id',
-      inviterId: 'inviter_id',
-      expiresAt: 'expires_at',
-      createdAt: 'created_at',
-      teamId: 'team_id',
-    });
-  });
-
-  it('should define team model mapping', () => {
-    expect(AUTH_TEAM_SCHEMA.modelName).toBe('sys_team');
-    expect(AUTH_TEAM_SCHEMA.fields).toEqual({
-      organizationId: 'organization_id',
-      createdAt: 'created_at',
-      updatedAt: 'updated_at',
-    });
-  });
-
-  it('should define team member model mapping', () => {
-    expect(AUTH_TEAM_MEMBER_SCHEMA.modelName).toBe('sys_team_member');
-    expect(AUTH_TEAM_MEMBER_SCHEMA.fields).toEqual({
-      teamId: 'team_id',
-      userId: 'user_id',
-      createdAt: 'created_at',
-    });
-  });
-
-  it('should define two-factor model mapping', () => {
-    expect(AUTH_TWO_FACTOR_SCHEMA.modelName).toBe('sys_two_factor');
-    expect(AUTH_TWO_FACTOR_SCHEMA.fields).toEqual({
-      backupCodes: 'backup_codes',
-      userId: 'user_id',
-    });
-  });
-
-  it('should define org session additional fields', () => {
-    expect(AUTH_ORG_SESSION_FIELDS).toEqual({
-      activeOrganizationId: 'active_organization_id',
-      activeTeamId: 'active_team_id',
-    });
-  });
-});
-
-describe('buildOrganizationPluginSchema', () => {
-  it('should compose all org plugin table schemas', () => {
-    const schema = buildOrganizationPluginSchema();
-    expect(schema.organization).toBe(AUTH_ORGANIZATION_SCHEMA);
-    expect(schema.member).toBe(AUTH_MEMBER_SCHEMA);
-    expect(schema.invitation).toBe(AUTH_INVITATION_SCHEMA);
-    expect(schema.team).toBe(AUTH_TEAM_SCHEMA);
-    expect(schema.teamMember).toBe(AUTH_TEAM_MEMBER_SCHEMA);
-    expect(schema.session.fields).toBe(AUTH_ORG_SESSION_FIELDS);
-  });
-});
-
-describe('buildTwoFactorPluginSchema', () => {
-  it('should compose two-factor model + user field schema', () => {
-    const schema = buildTwoFactorPluginSchema();
-    expect(schema.twoFactor).toBe(AUTH_TWO_FACTOR_SCHEMA);
-    expect(schema.user.fields).toEqual({
-      twoFactorEnabled: 'two_factor_enabled',
-    });
-  });
-});
-
-describe('createObjectQLAdapterFactory', () => {
-  it('should return a function (adapter factory)', () => {
-    const mockEngine = {
-      insert: vi.fn(),
-      findOne: vi.fn(),
-      find: vi.fn(),
-      count: vi.fn(),
-      update: vi.fn(),
-      delete: vi.fn(),
-    } as unknown as IDataEngine;
-
-    const factory = createObjectQLAdapterFactory(mockEngine);
-    expect(typeof factory).toBe('function');
-  });
-});
-
-describe('createObjectQLAdapter – legacy model name mapping', () => {
-  let mockEngine: IDataEngine;
-
-  beforeEach(() => {
-    mockEngine = {
-      insert: vi.fn().mockResolvedValue({ id: '1' }),
-      findOne: vi.fn().mockResolvedValue({ id: '1' }),
-      find: vi.fn().mockResolvedValue([]),
-      count: vi.fn().mockResolvedValue(0),
-      update: vi.fn().mockResolvedValue({ id: '1' }),
-      delete: vi.fn().mockResolvedValue(undefined),
-    } as unknown as IDataEngine;
-  });
-
-  it('create: should call dataEngine.insert with sys_ protocol name', async () => {
-    const adapter = createObjectQLAdapter(mockEngine);
-    await adapter.create({ model: 'user', data: { email: 'a@b.com' } });
-    expect(mockEngine.insert).toHaveBeenCalledWith('sys_user', { email: 'a@b.com' });
-  });
-
-  it('findOne: should call dataEngine.findOne with sys_ protocol name', async () => {
-    const adapter = createObjectQLAdapter(mockEngine);
-    await adapter.findOne({
-      model: 'session',
-      where: [{ field: 'token', value: 'abc', operator: 'eq', connector: 'AND' }],
-    });
-    expect(mockEngine.findOne).toHaveBeenCalledWith('sys_session', expect.objectContaining({
-      where: { token: 'abc' },
-    }));
-  });
-
-  it('findMany: should call dataEngine.find with sys_ protocol name', async () => {
-    const adapter = createObjectQLAdapter(mockEngine);
-    await adapter.findMany({ model: 'account', limit: 10 });
-    expect(mockEngine.find).toHaveBeenCalledWith('sys_account', expect.objectContaining({
-      limit: 10,
-    }));
-  });
-
-  it('count: should call dataEngine.count with sys_ protocol name', async () => {
-    const adapter = createObjectQLAdapter(mockEngine);
-    await adapter.count({ model: 'verification' });
-    expect(mockEngine.count).toHaveBeenCalledWith('sys_verification', expect.anything());
-  });
-
-  it('update: should call dataEngine with sys_ protocol name', async () => {
-    const adapter = createObjectQLAdapter(mockEngine);
-    await adapter.update({
-      model: 'user',
-      where: [{ field: 'id', value: '1', operator: 'eq', connector: 'AND' }],
-      update: { name: 'New' },
-    });
-    expect(mockEngine.findOne).toHaveBeenCalledWith('sys_user', expect.anything());
-    expect(mockEngine.update).toHaveBeenCalledWith('sys_user', expect.objectContaining({ name: 'New', id: '1' }));
-  });
-
-  it('delete: should call dataEngine with sys_ protocol name', async () => {
-    const adapter = createObjectQLAdapter(mockEngine);
-    await adapter.delete({
-      model: 'session',
-      where: [{ field: 'id', value: '1', operator: 'eq', connector: 'AND' }],
-    });
-    expect(mockEngine.findOne).toHaveBeenCalledWith('sys_session', expect.anything());
-    expect(mockEngine.delete).toHaveBeenCalledWith('sys_session', expect.anything());
-  });
-
-  it('should pass through unknown model names unchanged', async () => {
-    const adapter = createObjectQLAdapter(mockEngine);
-    await adapter.create({ model: 'organization', data: { name: 'Acme' } });
-    expect(mockEngine.insert).toHaveBeenCalledWith('organization', { name: 'Acme' });
-  });
-});

package/src/objectql-adapter.ts

@@ -1,279 +0,0 @@
-// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.
-
-import type { IDataEngine } from '@objectstack/core';
-import { createAdapterFactory } from 'better-auth/adapters';
-import type { CleanedWhere } from 'better-auth/adapters';
-import { SystemObjectName } from '@objectstack/spec/system';
-
-/**
- * Mapping from better-auth model names to ObjectStack protocol object names.
- *
- * better-auth uses hardcoded model names ('user', 'session', 'account', 'verification')
- * while ObjectStack's protocol layer uses `sys_` prefixed names. This map bridges the two.
- */
-export const AUTH_MODEL_TO_PROTOCOL: Record<string, string> = {
-  user: SystemObjectName.USER,
-  session: SystemObjectName.SESSION,
-  account: SystemObjectName.ACCOUNT,
-  verification: SystemObjectName.VERIFICATION,
-};
-
-/**
- * Resolve a better-auth model name to the ObjectStack protocol object name.
- * Falls back to the original model name for custom / non-core models.
- */
-export function resolveProtocolName(model: string): string {
-  return AUTH_MODEL_TO_PROTOCOL[model] ?? model;
-}
-
-// ---------------------------------------------------------------------------
-// Internal helpers
-// ---------------------------------------------------------------------------
-
-/**
- * Convert better-auth where clause to ObjectQL query format.
- *
- * Field names in the incoming {@link CleanedWhere} are expected to already be
- * in snake_case (transformed by `createAdapterFactory`).
- */
-function convertWhere(where: CleanedWhere[]): Record<string, any> {
-  const filter: Record<string, any> = {};
-
-  for (const condition of where) {
-    const fieldName = condition.field;
-
-    if (condition.operator === 'eq') {
-      filter[fieldName] = condition.value;
-    } else if (condition.operator === 'ne') {
-      filter[fieldName] = { $ne: condition.value };
-    } else if (condition.operator === 'in') {
-      filter[fieldName] = { $in: condition.value };
-    } else if (condition.operator === 'gt') {
-      filter[fieldName] = { $gt: condition.value };
-    } else if (condition.operator === 'gte') {
-      filter[fieldName] = { $gte: condition.value };
-    } else if (condition.operator === 'lt') {
-      filter[fieldName] = { $lt: condition.value };
-    } else if (condition.operator === 'lte') {
-      filter[fieldName] = { $lte: condition.value };
-    } else if (condition.operator === 'contains') {
-      filter[fieldName] = { $regex: condition.value };
-    }
-  }
-
-  return filter;
-}
-
-// ---------------------------------------------------------------------------
-// Adapter factory
-// ---------------------------------------------------------------------------
-
-/**
- * Create an ObjectQL adapter **factory** for better-auth.
- *
- * Uses better-auth's official `createAdapterFactory` so that model-name and
- * field-name transformations (declared via `modelName` / `fields` in the
- * betterAuth config) are applied **automatically** before any data reaches
- * ObjectQL. This eliminates the need for manual camelCase ↔ snake_case
- * conversion inside the adapter.
- *
- * The returned value is an `AdapterFactory` – a function of type
- * `(options: BetterAuthOptions) => DBAdapter` – which is the shape expected
- * by `betterAuth({ database: … })`.
- *
- * @param dataEngine - ObjectQL data engine instance
- * @returns better-auth AdapterFactory
- */
-export function createObjectQLAdapterFactory(dataEngine: IDataEngine) {
-  return createAdapterFactory({
-    config: {
-      adapterId: 'objectql',
-      // ObjectQL natively supports these types — no extra conversion needed
-      supportsBooleans: true,
-      supportsDates: true,
-      supportsJSON: true,
-    },
-    adapter: () => ({
-      create: async <T extends Record<string, any>>(
-        { model, data, select: _select }: { model: string; data: T; select?: string[] },
-      ): Promise<T> => {
-        const result = await dataEngine.insert(model, data);
-        return result as T;
-      },
-
-      findOne: async <T>(
-        { model, where, select, join: _join }: { model: string; where: CleanedWhere[]; select?: string[]; join?: any },
-      ): Promise<T | null> => {
-        const filter = convertWhere(where);
-
-        const result = await dataEngine.findOne(model, { where: filter, fields: select });
-
-        return result ? (result as T) : null;
-      },
-
-      findMany: async <T>(
-        { model, where, limit, offset, sortBy, join: _join }: {
-          model: string; where?: CleanedWhere[]; limit: number;
-          offset?: number; sortBy?: { field: string; direction: 'asc' | 'desc' }; join?: any;
-        },
-      ): Promise<T[]> => {
-        const filter = where ? convertWhere(where) : {};
-
-        const orderBy = sortBy
-          ? [{ field: sortBy.field, order: sortBy.direction as 'asc' | 'desc' }]
-          : undefined;
-
-        const results = await dataEngine.find(model, {
-          where: filter,
-          limit: limit || 100,
-          offset,
-          orderBy,
-        });
-
-        return results as T[];
-      },
-
-      count: async (
-        { model, where }: { model: string; where?: CleanedWhere[] },
-      ): Promise<number> => {
-        const filter = where ? convertWhere(where) : {};
-        return await dataEngine.count(model, { where: filter });
-      },
-
-      update: async <T>(
-        { model, where, update }: { model: string; where: CleanedWhere[]; update: T },
-      ): Promise<T | null> => {
-        const filter = convertWhere(where);
-
-        // ObjectQL requires an ID for updates – find the record first
-        const record = await dataEngine.findOne(model, { where: filter });
-        if (!record) return null;
-
-        const result = await dataEngine.update(model, { ...(update as any), id: record.id });
-        return result ? (result as T) : null;
-      },
-
-      updateMany: async (
-        { model, where, update }: { model: string; where: CleanedWhere[]; update: Record<string, any> },
-      ): Promise<number> => {
-        const filter = convertWhere(where);
-
-        // Sequential updates: ObjectQL requires an ID per update
-        const records = await dataEngine.find(model, { where: filter });
-        for (const record of records) {
-          await dataEngine.update(model, { ...update, id: record.id });
-        }
-        return records.length;
-      },
-
-      delete: async (
-        { model, where }: { model: string; where: CleanedWhere[] },
-      ): Promise<void> => {
-        const filter = convertWhere(where);
-
-        const record = await dataEngine.findOne(model, { where: filter });
-        if (!record) return;
-
-        await dataEngine.delete(model, { where: { id: record.id } });
-      },
-
-      deleteMany: async (
-        { model, where }: { model: string; where: CleanedWhere[] },
-      ): Promise<number> => {
-        const filter = convertWhere(where);
-
-        const records = await dataEngine.find(model, { where: filter });
-        for (const record of records) {
-          await dataEngine.delete(model, { where: { id: record.id } });
-        }
-        return records.length;
-      },
-    }),
-  });
-}
-
-// ---------------------------------------------------------------------------
-// Legacy adapter (kept for backward compatibility)
-// ---------------------------------------------------------------------------
-
-/**
- * Create a raw ObjectQL adapter for better-auth (without factory wrapping).
- *
- * > **Prefer {@link createObjectQLAdapterFactory}** for production use.
- * > The factory version leverages `createAdapterFactory` and automatically
- * > handles model-name + field-name transformations declared in the
- * > better-auth config.
- *
- * This function is retained for direct / low-level usage where callers
- * manage field-name conversion themselves.
- *
- * @param dataEngine - ObjectQL data engine instance
- * @returns better-auth CustomAdapter (raw, without factory wrapping)
- */
-export function createObjectQLAdapter(dataEngine: IDataEngine) {
-  return {
-    create: async <T extends Record<string, any>>({ model, data, select: _select }: { model: string; data: T; select?: string[] }): Promise<T> => {
-      const objectName = resolveProtocolName(model);
-      const result = await dataEngine.insert(objectName, data);
-      return result as T;
-    },
-
-    findOne: async <T>({ model, where, select, join: _join }: { model: string; where: CleanedWhere[]; select?: string[]; join?: any }): Promise<T | null> => {
-      const objectName = resolveProtocolName(model);
-      const filter = convertWhere(where);
-      const result = await dataEngine.findOne(objectName, { where: filter, fields: select });
-      return result ? result as T : null;
-    },
-
-    findMany: async <T>({ model, where, limit, offset, sortBy, join: _join }: { model: string; where?: CleanedWhere[]; limit: number; offset?: number; sortBy?: { field: string; direction: 'asc' | 'desc' }; join?: any }): Promise<T[]> => {
-      const objectName = resolveProtocolName(model);
-      const filter = where ? convertWhere(where) : {};
-      const orderBy = sortBy ? [{ field: sortBy.field, order: sortBy.direction as 'asc' | 'desc' }] : undefined;
-      const results = await dataEngine.find(objectName, { where: filter, limit: limit || 100, offset, orderBy });
-      return results as T[];
-    },
-
-    count: async ({ model, where }: { model: string; where?: CleanedWhere[] }): Promise<number> => {
-      const objectName = resolveProtocolName(model);
-      const filter = where ? convertWhere(where) : {};
-      return await dataEngine.count(objectName, { where: filter });
-    },
-
-    update: async <T>({ model, where, update }: { model: string; where: CleanedWhere[]; update: Record<string, any> }): Promise<T | null> => {
-      const objectName = resolveProtocolName(model);
-      const filter = convertWhere(where);
-      const record = await dataEngine.findOne(objectName, { where: filter });
-      if (!record) return null;
-      const result = await dataEngine.update(objectName, { ...update, id: record.id });
-      return result ? result as T : null;
-    },
-
-    updateMany: async ({ model, where, update }: { model: string; where: CleanedWhere[]; update: Record<string, any> }): Promise<number> => {
-      const objectName = resolveProtocolName(model);
-      const filter = convertWhere(where);
-      const records = await dataEngine.find(objectName, { where: filter });
-      for (const record of records) {
-        await dataEngine.update(objectName, { ...update, id: record.id });
-      }
-      return records.length;
-    },
-
-    delete: async ({ model, where }: { model: string; where: CleanedWhere[] }): Promise<void> => {
-      const objectName = resolveProtocolName(model);
-      const filter = convertWhere(where);
-      const record = await dataEngine.findOne(objectName, { where: filter });
-      if (!record) return;
-      await dataEngine.delete(objectName, { where: { id: record.id } });
-    },
-
-    deleteMany: async ({ model, where }: { model: string; where: CleanedWhere[] }): Promise<number> => {
-      const objectName = resolveProtocolName(model);
-      const filter = convertWhere(where);
-      const records = await dataEngine.find(objectName, { where: filter });
-      for (const record of records) {
-        await dataEngine.delete(objectName, { where: { id: record.id } });
-      }
-      return records.length;
-    },
-  };
-}

package/src/objects/auth-account.object.ts

@@ -1,7 +0,0 @@
-// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.
-
-/**
- * @deprecated Use `SysAccount` from `./sys-account.object` instead.
- *             This re-export is kept for backward compatibility.
- */
-export { SysAccount as AuthAccount } from './sys-account.object.js';

package/src/objects/auth-session.object.ts

@@ -1,7 +0,0 @@
-// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.
-
-/**
- * @deprecated Use `SysSession` from `./sys-session.object` instead.
- *             This re-export is kept for backward compatibility.
- */
-export { SysSession as AuthSession } from './sys-session.object.js';

package/src/objects/auth-user.object.ts

@@ -1,7 +0,0 @@
-// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.
-
-/**
- * @deprecated Use `SysUser` from `./sys-user.object` instead.
- *             This re-export is kept for backward compatibility.
- */
-export { SysUser as AuthUser } from './sys-user.object.js';

package/src/objects/auth-verification.object.ts

@@ -1,7 +0,0 @@
-// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.
-
-/**
- * @deprecated Use `SysVerification` from `./sys-verification.object` instead.
- *             This re-export is kept for backward compatibility.
- */
-export { SysVerification as AuthVerification } from './sys-verification.object.js';

package/src/objects/index.ts

@@ -1,40 +0,0 @@
-// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.
-
-/**
- * Auth Plugin — System Object Definitions (sys namespace)
- *
- * Canonical ObjectSchema definitions for all authentication-related system objects.
- * All objects belong to the `sys` namespace and follow the unified naming convention:
- *   - File: `sys-{name}.object.ts`
- *   - Export: `Sys{PascalCase}`
- *   - Object name: `{name}` (snake_case, no prefix)
- *   - Table name: `sys_{name}` (auto-derived from namespace)
- */
-
-// ── Core Auth Objects ──────────────────────────────────────────────────────
-export { SysUser } from './sys-user.object.js';
-export { SysSession } from './sys-session.object.js';
-export { SysAccount } from './sys-account.object.js';
-export { SysVerification } from './sys-verification.object.js';
-
-// ── Organization Objects ───────────────────────────────────────────────────
-export { SysOrganization } from './sys-organization.object.js';
-export { SysMember } from './sys-member.object.js';
-export { SysInvitation } from './sys-invitation.object.js';
-export { SysTeam } from './sys-team.object.js';
-export { SysTeamMember } from './sys-team-member.object.js';
-
-// ── Additional Auth Objects ────────────────────────────────────────────────
-export { SysApiKey } from './sys-api-key.object.js';
-export { SysTwoFactor } from './sys-two-factor.object.js';
-export { SysUserPreference } from './sys-user-preference.object.js';
-
-// ── Backward Compatibility (deprecated) ────────────────────────────────────
-/** @deprecated Use `SysUser` instead */
-export { AuthUser } from './auth-user.object.js';
-/** @deprecated Use `SysSession` instead */
-export { AuthSession } from './auth-session.object.js';
-/** @deprecated Use `SysAccount` instead */
-export { AuthAccount } from './auth-account.object.js';
-/** @deprecated Use `SysVerification` instead */
-export { AuthVerification } from './auth-verification.object.js';