@payez/next-mvp 4.0.46 → 4.0.49

package/dist/api/auth-handler.d.ts

@@ -31,8 +31,6 @@ export interface AuthHandlerOptions {
     retryOn401?: boolean;
     /** Maximum number of retry attempts on 401 (default: 1) */
     maxRetries?: number;
-    /** NextAuth secret for JWT decoding */
-    nextAuthSecret?: string;
     /** IDP base URL for refresh requests */
     idpBaseUrl?: string;
     /** OAuth client ID */

package/dist/api/auth-handler.js

@@ -39,7 +39,7 @@ const session_store_1 = require("../lib/session-store");
  */
 function createAuthHandler(options = {}) {
     const { requireAuth = true, autoRefresh = true, refreshBuffer = 60, // 60 seconds - matches website-membership proven threshold
-    retryOn401 = true, maxRetries = 1, nextAuthSecret = process.env.NEXTAUTH_SECRET, idpBaseUrl = process.env.IDP_URL, clientId = process.env.CLIENT_ID || process.env.NEXT_PUBLIC_IDP_CLIENT_ID } = options;
+    retryOn401 = true, maxRetries = 1, idpBaseUrl = process.env.IDP_URL, clientId = process.env.CLIENT_ID || process.env.NEXT_PUBLIC_IDP_CLIENT_ID } = options;
     /**
      * Performs coordinated token refresh with Redis locking
      * This prevents multiple concurrent requests from all trying to refresh simultaneously

package/dist/api-handlers/admin/stats.js

@@ -128,14 +128,16 @@ function createStatsHandler(config) {
             if (adminCheck.error)
                 return adminCheck.error;
             try {
-                // Fetch from 3 sources in parallel
-                const [usersResult, sessionCount, auditResult] = await Promise.allSettled([
-                    // 1. Users + tier breakdown via HMAC proxy (Vibe collection query)
+                // Fetch from 4 sources in parallel
+                const [usersResult, tierDistributionResult, sessionCount, auditResult] = await Promise.allSettled([
+                    // 1. Users count via HMAC proxy (Vibe collection query)
                     vibeServiceRequest('/v1/collections/vibe_app/tables/users/query', {
                         method: 'POST',
                         body: { page: 1, pageSize: 500, orderBy: 'created_at', orderDirection: 'desc' },
                     }),
-                    // 2. Active sessions from Redis
+                    // 2. Tier distribution from analytics endpoint (uses purchases table)
+                    vibeServiceRequest('/v1/analytics/tier-distribution?includeTrend=false', { method: 'GET' }),
+                    // 3. Active sessions from Redis
                     (async () => {
                         const redis = (0, redis_1.getRedis)();
                         const sessionPrefix = getSessionPrefix();
@@ -148,12 +150,11 @@ function createStatsHandler(config) {
                         } while (cursor !== '0');
                         return sessionKeys.length;
                     })(),
-                    // 3. Recent audit activity via HMAC proxy
+                    // 4. Recent audit activity via HMAC proxy
                     vibeServiceRequest('/v1/audit?pageSize=10&sortDir=desc', { method: 'GET' }),
                 ]);
                 // Parse users — deduplicate by user_id
                 let totalUsers = 0;
-                let tierBreakdown = {};
                 if (usersResult.status === 'fulfilled' && usersResult.value.ok && usersResult.value.data) {
                     const data = usersResult.value.data;
                     const rawUsers = data.data || data.documents || data.users || [];
@@ -166,17 +167,26 @@ function createStatsHandler(config) {
                             userMap.set(uid, u);
                         }
                     }
-                    const uniqueUsers = Array.from(userMap.values());
-                    totalUsers = uniqueUsers.length;
-                    // Build tier breakdown from deduplicated users (unless API provides one)
-                    tierBreakdown = data.tierBreakdown || data.tiers || {};
-                    if (Object.keys(tierBreakdown).length === 0) {
-                        for (const user of uniqueUsers) {
-                            const tier = user.tier || 'free';
-                            tierBreakdown[tier] = (tierBreakdown[tier] || 0) + 1;
+                    totalUsers = userMap.size;
+                }
+                // Parse tier distribution from analytics endpoint (uses purchases table)
+                let tierBreakdown = {};
+                if (tierDistributionResult.status === 'fulfilled' && tierDistributionResult.value.ok && tierDistributionResult.value.data) {
+                    const data = tierDistributionResult.value.data;
+                    // Handle response shape: { distribution: [{ tierKey, userCount }, ...] }
+                    const distribution = data.distribution || data.data || data.tiers || [];
+                    if (Array.isArray(distribution)) {
+                        for (const item of distribution) {
+                            const tierKey = item.tierKey || item.tier || item.name || 'free';
+                            const count = item.userCount || item.count || item.users || 0;
+                            tierBreakdown[tierKey] = (tierBreakdown[tierKey] || 0) + count;
                         }
                     }
                 }
+                // Fallback: if no tier data from analytics, show all as free
+                if (Object.keys(tierBreakdown).length === 0) {
+                    tierBreakdown = { free: totalUsers };
+                }
                 // Parse active sessions count
                 let activeSessions = 0;
                 if (sessionCount.status === 'fulfilled') {

package/dist/api-handlers/auth/refresh.d.ts

@@ -4,7 +4,7 @@
  * ASK BEFORE EDITING - TESTED AND WORKING SYSTEM
  *
  * This handler manages the server-side refresh token cycle with:
- * - NextAuth JWT token extraction
+ * - Better Auth session extraction
  * - Session token fallback for internal calls
  * - PayEz IDP refresh token exchange
  * - Session state updates with new tokens
@@ -17,13 +17,12 @@ import { NextRequest, NextResponse } from 'next/server';
 interface RefreshConfig {
     idpBaseUrl: string;
     clientId: string;
-    nextAuthSecret: string;
     refreshEndpoint?: string;
 }
 /**
  * Creates a refresh token handler for Next.js API routes
  *
- * @param config Configuration for IDP connection and NextAuth
+ * @param config IDP connection settings (Better Auth handles session crypto)
  * @returns Next.js POST handler function
  *
  * @example
@@ -34,7 +33,6 @@ interface RefreshConfig {
  * export const POST = createRefreshHandler({
  *   idpBaseUrl: process.env.IDP_URL!,
  *   clientId: process.env.CLIENT_ID!,
- *   nextAuthSecret: process.env.NEXTAUTH_SECRET!,
  *   refreshEndpoint: '/api/ExternalAuth/refresh'
  * });
  * ```
@@ -54,8 +52,8 @@ export declare function createRefreshHandler(config: RefreshConfig): (req: NextR
     hasRefreshToken: boolean;
 }>>;
 /**
- * Default export for backward compatibility
- * Requires environment variables: IDP_URL, CLIENT_ID, NEXTAUTH_SECRET
+ * Default POST export — drop-in for `app/api/auth/refresh/route.ts`.
+ * Requires environment variables: IDP_URL, CLIENT_ID
  */
 export declare const POST: (req: NextRequest) => Promise<NextResponse<{
     error: string;

package/dist/api-handlers/auth/refresh.js

@@ -5,7 +5,7 @@
  * ASK BEFORE EDITING - TESTED AND WORKING SYSTEM
  *
  * This handler manages the server-side refresh token cycle with:
- * - NextAuth JWT token extraction
+ * - Better Auth session extraction
  * - Session token fallback for internal calls
  * - PayEz IDP refresh token exchange
  * - Session state updates with new tokens
@@ -25,7 +25,7 @@ const token_utils_1 = require("../../auth/utils/token-utils");
 /**
  * Creates a refresh token handler for Next.js API routes
  *
- * @param config Configuration for IDP connection and NextAuth
+ * @param config IDP connection settings (Better Auth handles session crypto)
  * @returns Next.js POST handler function
  *
  * @example
@@ -36,13 +36,12 @@ const token_utils_1 = require("../../auth/utils/token-utils");
  * export const POST = createRefreshHandler({
  *   idpBaseUrl: process.env.IDP_URL!,
  *   clientId: process.env.CLIENT_ID!,
- *   nextAuthSecret: process.env.NEXTAUTH_SECRET!,
  *   refreshEndpoint: '/api/ExternalAuth/refresh'
  * });
  * ```
  */
 function createRefreshHandler(config) {
-    const { idpBaseUrl, clientId, nextAuthSecret, refreshEndpoint = '/api/ExternalAuth/refresh' } = config;
+    const { idpBaseUrl, clientId, refreshEndpoint = '/api/ExternalAuth/refresh' } = config;
     return async function POST(req) {
         try {
             // Extract session from Better Auth
@@ -622,12 +621,11 @@ function createRefreshHandler(config) {
     };
 }
 /**
- * Default export for backward compatibility
- * Requires environment variables: IDP_URL, CLIENT_ID, NEXTAUTH_SECRET
+ * Default POST export — drop-in for `app/api/auth/refresh/route.ts`.
+ * Requires environment variables: IDP_URL, CLIENT_ID
  */
 exports.POST = createRefreshHandler({
     idpBaseUrl: process.env.IDP_URL,
     clientId: process.env.CLIENT_ID || 'payez_default_client',
-    nextAuthSecret: process.env.NEXTAUTH_SECRET || '',
     refreshEndpoint: '/api/ExternalAuth/refresh'
 });

package/dist/api-handlers/auth/signout.d.ts

@@ -9,29 +9,20 @@
  * @requires No authentication (public endpoint)
  */
 import { NextRequest, NextResponse } from 'next/server';
-interface SignoutConfig {
-    nextAuthSecret: string;
-}
 /**
- * Creates a signout handler for Next.js API routes
+ * Creates a signout handler for Next.js API routes.
  *
- * @param config Configuration for NextAuth
- * @returns Next.js POST handler function
+ * Better Auth resolves its session from cookies, so this handler takes no
+ * configuration. Use the default `POST` export below for typical usage.
  *
  * @example
  * ```typescript
  * // In your app's /app/api/auth/signout/route.ts
- * import { createSignoutHandler } from '@payez/next-mvp/api-handlers/auth/signout';
- *
- * export const POST = createSignoutHandler({
- *   nextAuthSecret: process.env.NEXTAUTH_SECRET!
- * });
+ * export { POST } from '@payez/next-mvp/api-handlers/auth/signout';
  * ```
  */
-export declare function createSignoutHandler(config: SignoutConfig): (req: NextRequest) => Promise<NextResponse<unknown>>;
+export declare function createSignoutHandler(): (req: NextRequest) => Promise<NextResponse<unknown>>;
 /**
- * Default export for backward compatibility
- * Requires environment variable: NEXTAUTH_SECRET
+ * Default POST export — drop-in for `app/api/auth/signout/route.ts`.
  */
 export declare const POST: (req: NextRequest) => Promise<NextResponse<unknown>>;
-export {};

package/dist/api-handlers/auth/signout.js

@@ -46,23 +46,18 @@ function addSecurityHeaders(response) {
     return response;
 }
 /**
- * Creates a signout handler for Next.js API routes
+ * Creates a signout handler for Next.js API routes.
  *
- * @param config Configuration for NextAuth
- * @returns Next.js POST handler function
+ * Better Auth resolves its session from cookies, so this handler takes no
+ * configuration. Use the default `POST` export below for typical usage.
  *
  * @example
  * ```typescript
  * // In your app's /app/api/auth/signout/route.ts
- * import { createSignoutHandler } from '@payez/next-mvp/api-handlers/auth/signout';
- *
- * export const POST = createSignoutHandler({
- *   nextAuthSecret: process.env.NEXTAUTH_SECRET!
- * });
+ * export { POST } from '@payez/next-mvp/api-handlers/auth/signout';
  * ```
  */
-function createSignoutHandler(config) {
-    const { nextAuthSecret } = config;
+function createSignoutHandler() {
     return async function POST(req) {
         const cookieStore = await (0, headers_1.cookies)();
         // Get app-slug prefixed cookie names
@@ -91,7 +86,8 @@ function createSignoutHandler(config) {
         // Get chunk cookies for cleanup count
         const chunkCookies = cookieStore.getAll()
             .filter(cookie => cookie.name.startsWith(`${sessionCookieName}.`));
-        // Decode NextAuth JWT to extract the Redis session UUID before deletion
+        // Decode the Better Auth session JWT to extract the Redis session UUID
+        // before deletion.
         let redisSessionToken = null;
         // First attempt: Better Auth getSession
         try {
@@ -178,9 +174,6 @@ function createSignoutHandler(config) {
     };
 }
 /**
- * Default export for backward compatibility
- * Requires environment variable: NEXTAUTH_SECRET
+ * Default POST export — drop-in for `app/api/auth/signout/route.ts`.
  */
-exports.POST = createSignoutHandler({
-    nextAuthSecret: process.env.NEXTAUTH_SECRET || ''
-});
+exports.POST = createSignoutHandler();

package/dist/api-handlers/auth/update-session.d.ts

@@ -9,29 +9,20 @@
  * @requires Authentication (authenticated endpoint)
  */
 import { NextRequest, NextResponse } from 'next/server';
-interface UpdateSessionConfig {
-    nextAuthSecret?: string;
-}
 /**
- * Creates an update-session handler for Next.js API routes
+ * Creates an update-session handler for Next.js API routes.
  *
- * @param config Configuration for NextAuth
- * @returns Next.js POST handler function
+ * Better Auth resolves its session from cookies, so this handler takes no
+ * configuration. Use the default `POST` export below for typical usage.
  *
  * @example
  * ```typescript
  * // In your app's /app/api/auth/update-session/route.ts
- * import { createUpdateSessionHandler } from '@payez/next-mvp/api-handlers/auth/update-session';
- *
- * export const POST = createUpdateSessionHandler({
- *   nextAuthSecret: process.env.NEXTAUTH_SECRET!
- * });
+ * export { POST } from '@payez/next-mvp/api-handlers/auth/update-session';
  * ```
  */
-export declare function createUpdateSessionHandler(config: UpdateSessionConfig): (req: NextRequest) => Promise<NextResponse<unknown>>;
+export declare function createUpdateSessionHandler(): (req: NextRequest) => Promise<NextResponse<unknown>>;
 /**
- * Default export for backward compatibility
- * Requires environment variable: NEXTAUTH_SECRET
+ * Default POST export — drop-in for `app/api/auth/update-session/route.ts`.
  */
 export declare const POST: (req: NextRequest) => Promise<NextResponse<unknown>>;
-export {};

package/dist/api-handlers/auth/update-session.js

@@ -29,23 +29,18 @@ function addSecurityHeaders(response) {
     return response;
 }
 /**
- * Creates an update-session handler for Next.js API routes
+ * Creates an update-session handler for Next.js API routes.
  *
- * @param config Configuration for NextAuth
- * @returns Next.js POST handler function
+ * Better Auth resolves its session from cookies, so this handler takes no
+ * configuration. Use the default `POST` export below for typical usage.
  *
  * @example
  * ```typescript
  * // In your app's /app/api/auth/update-session/route.ts
- * import { createUpdateSessionHandler } from '@payez/next-mvp/api-handlers/auth/update-session';
- *
- * export const POST = createUpdateSessionHandler({
- *   nextAuthSecret: process.env.NEXTAUTH_SECRET!
- * });
+ * export { POST } from '@payez/next-mvp/api-handlers/auth/update-session';
  * ```
  */
-function createUpdateSessionHandler(config) {
-    const { nextAuthSecret } = config;
+function createUpdateSessionHandler() {
     return async function POST(req) {
         try {
             let body;
@@ -85,9 +80,6 @@ function createUpdateSessionHandler(config) {
     };
 }
 /**
- * Default export for backward compatibility
- * Requires environment variable: NEXTAUTH_SECRET
+ * Default POST export — drop-in for `app/api/auth/update-session/route.ts`.
  */
-exports.POST = createUpdateSessionHandler({
-    nextAuthSecret: process.env.NEXTAUTH_SECRET || ''
-});
+exports.POST = createUpdateSessionHandler();

package/dist/api-handlers/auth/verify-code.d.ts

@@ -9,35 +9,26 @@
  * @requires Authentication (authenticated endpoint)
  */
 import { NextRequest, NextResponse } from 'next/server';
-interface VerifyCodeConfig {
-    nextAuthSecret?: string;
-}
 /**
- * Creates a verify-code/complete-2FA handler for Next.js API routes
+ * Creates a verify-code/complete-2FA handler for Next.js API routes.
  *
- * @param config Configuration for NextAuth
- * @returns Next.js POST handler function
+ * Better Auth resolves its session from cookies, so this handler takes no
+ * configuration. Use the default `POST` export below for typical usage.
  *
  * @example
  * ```typescript
  * // In your app's /app/api/auth/verify-code/route.ts
- * import { createVerifyCodeHandler } from '@payez/next-mvp/api-handlers/auth/verify-code';
- *
- * export const POST = createVerifyCodeHandler({
- *   nextAuthSecret: process.env.NEXTAUTH_SECRET!
- * });
+ * export { POST } from '@payez/next-mvp/api-handlers/auth/verify-code';
  * ```
  */
-export declare function createVerifyCodeHandler(config: VerifyCodeConfig): (req: NextRequest) => Promise<NextResponse<{
+export declare function createVerifyCodeHandler(): (req: NextRequest) => Promise<NextResponse<{
     success: boolean;
     message: string;
 }>>;
 /**
- * Default export for backward compatibility
- * Requires environment variable: NEXTAUTH_SECRET
+ * Default POST export — drop-in for `app/api/auth/verify-code/route.ts`.
  */
 export declare const POST: (req: NextRequest) => Promise<NextResponse<{
     success: boolean;
     message: string;
 }>>;
-export {};

package/dist/api-handlers/auth/verify-code.js

@@ -16,23 +16,18 @@ const server_1 = require("next/server");
 const auth_1 = require("../../server/auth");
 const session_store_1 = require("../../lib/session-store");
 /**
- * Creates a verify-code/complete-2FA handler for Next.js API routes
+ * Creates a verify-code/complete-2FA handler for Next.js API routes.
  *
- * @param config Configuration for NextAuth
- * @returns Next.js POST handler function
+ * Better Auth resolves its session from cookies, so this handler takes no
+ * configuration. Use the default `POST` export below for typical usage.
  *
  * @example
  * ```typescript
  * // In your app's /app/api/auth/verify-code/route.ts
- * import { createVerifyCodeHandler } from '@payez/next-mvp/api-handlers/auth/verify-code';
- *
- * export const POST = createVerifyCodeHandler({
- *   nextAuthSecret: process.env.NEXTAUTH_SECRET!
- * });
+ * export { POST } from '@payez/next-mvp/api-handlers/auth/verify-code';
  * ```
  */
-function createVerifyCodeHandler(config) {
-    const { nextAuthSecret } = config;
+function createVerifyCodeHandler() {
     return async function POST(req) {
         try {
             let body;
@@ -82,9 +77,6 @@ function createVerifyCodeHandler(config) {
     };
 }
 /**
- * Default export for backward compatibility
- * Requires environment variable: NEXTAUTH_SECRET
+ * Default POST export — drop-in for `app/api/auth/verify-code/route.ts`.
  */
-exports.POST = createVerifyCodeHandler({
-    nextAuthSecret: process.env.NEXTAUTH_SECRET || ''
-});
+exports.POST = createVerifyCodeHandler();

package/dist/api-handlers/session/viability.js

@@ -13,8 +13,8 @@ const startup_init_1 = require("../../lib/startup-init");
 const idp_client_config_1 = require("../../lib/idp-client-config");
 async function GET(req) {
     try {
-        // Ensure initialization is complete
-        if (!process.env.NEXTAUTH_SECRET) {
+        // Ensure initialization is complete (auth signing secret resolved from IDP)
+        if (!process.env.BETTER_AUTH_SECRET && !process.env.NEXTAUTH_SECRET) {
             try {
                 await (0, startup_init_1.ensureInitialized)();
             }

package/dist/auth/better-auth.d.ts

@@ -22,29 +22,13 @@ export interface BetterAuthSocialProvider {
  * Build Better Auth social providers from IDP config.
  */
 export declare function buildBetterAuthProviders(config: IDPClientConfig): Record<string, BetterAuthSocialProvider>;
-/**
- * Optional extra plugins for createBetterAuthInstance.
- * Use to add credentials/custom signin endpoints from the host app.
- */
-export type BetterAuthExtraPlugins = any[];
-/**
- * Optional overrides for createBetterAuthInstance.
- */
-export interface BetterAuthInstanceOptions {
-    /** Path suffix for the BA mount (default: '/api/auth'). Use '/api/ba-auth' for migration scenarios. */
-    basePath?: string;
-}
 /**
  * Create Better Auth instance from IDP config.
  *
  * No database — runs in stateless mode with JWE cookie cache.
  * Call after getIDPClientConfig() resolves.
- *
- * @param idpConfig IDP client config (from getIDPClientConfig)
- * @param extraPlugins Optional plugins to add (e.g., credentials plugin from host app)
- * @param options Optional overrides (e.g., basePath for migration scenarios)
  */
-export declare function createBetterAuthInstance(idpConfig: IDPClientConfig, extraPlugins?: BetterAuthExtraPlugins, options?: BetterAuthInstanceOptions): import("better-auth").Auth<{
+export declare function createBetterAuthInstance(idpConfig: IDPClientConfig): import("better-auth").Auth<{
     baseURL: string;
     secret: string;
     socialProviders: Record<string, BetterAuthSocialProvider>;
@@ -69,7 +53,7 @@ export declare function createBetterAuthInstance(idpConfig: IDPClientConfig, ext
             };
         };
     };
-    plugins: [...any[], {
+    plugins: [{
         id: "next-cookies";
         hooks: {
             before: {
@@ -93,7 +77,7 @@ export declare function isBetterAuthEnabled(): boolean;
  */
 declare let cachedInstance: any;
 export { cachedInstance as __betterAuthInstance };
-export declare function getBetterAuthInstance(extraPlugins?: BetterAuthExtraPlugins): Promise<any>;
+export declare function getBetterAuthInstance(): Promise<any>;
 /**
  * Get flag-gated auth handler for Next.js route.
  *

package/dist/auth/better-auth.js

@@ -80,23 +80,18 @@ function buildBetterAuthProviders(config) {
  *
  * No database — runs in stateless mode with JWE cookie cache.
  * Call after getIDPClientConfig() resolves.
- *
- * @param idpConfig IDP client config (from getIDPClientConfig)
- * @param extraPlugins Optional plugins to add (e.g., credentials plugin from host app)
- * @param options Optional overrides (e.g., basePath for migration scenarios)
  */
-function createBetterAuthInstance(idpConfig, extraPlugins = [], options = {}) {
+function createBetterAuthInstance(idpConfig) {
     const appSlug = idpConfig.clientSlug || (0, app_slug_1.getAppSlug)();
-    const basePath = options.basePath || '/api/auth';
     // Resolve base URL: BETTER_AUTH_URL env > IDP config > localhost fallback
-    // basePath defaults to /api/auth but can be overridden via options for migration scenarios
+    // Must include /api/auth since that's where the catch-all route is mounted
     const rawBaseURL = process.env.BETTER_AUTH_URL
         || idpConfig.baseClientUrl
         || `http://localhost:${process.env.PORT || '3000'}`;
-    const baseURL = rawBaseURL.replace(/\/+$/, '') + basePath;
+    const baseURL = rawBaseURL.replace(/\/+$/, '') + '/api/auth';
     return (0, better_auth_1.betterAuth)({
         baseURL,
-        secret: idpConfig.nextAuthSecret,
+        secret: idpConfig.authSecret,
         socialProviders: buildBetterAuthProviders(idpConfig),
         // Trust the app's own origin + any configured base URL
         trustedOrigins: [
@@ -153,7 +148,6 @@ function createBetterAuthInstance(idpConfig, extraPlugins = [], options = {}) {
             },
         },
         plugins: [
-            ...extraPlugins,
             (0, next_js_1.nextCookies)(),
         ],
     });
@@ -173,12 +167,12 @@ let cachedInstance = null;
 exports.__betterAuthInstance = cachedInstance;
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
 let initPromise = null;
-async function getBetterAuthInstance(extraPlugins = []) {
+async function getBetterAuthInstance() {
     if (cachedInstance)
         return cachedInstance;
     if (!initPromise) {
         initPromise = (0, idp_client_config_1.getIDPClientConfig)(true).then(config => {
-            const instance = createBetterAuthInstance(config, extraPlugins);
+            const instance = createBetterAuthInstance(config);
             exports.__betterAuthInstance = cachedInstance = instance;
             console.log('[BETTER_AUTH] Instance created for', config.clientSlug || config.clientId);
             return instance;
@@ -275,7 +269,7 @@ async function exchangeOAuthForIdpTokens(sessionToken, provider = 'google') {
             return false;
         }
         // Build IDP token data
-        const requiresTwoFactor = result.requires_two_factor ?? result.user?.requiresTwoFactor ?? result.requiresTwoFactor ?? false;
+        const requiresTwoFactor = result.user?.requiresTwoFactor ?? result.requiresTwoFactor ?? false;
         const idpTokenData = {
             idpAccessToken: result.access_token,
             idpRefreshToken: result.refresh_token,

package/dist/client/better-auth-client.d.ts

@@ -1,16 +1,15 @@
 /**
- * Better Auth Client (Phase 3)
+ * Better Auth Client.
  *
- * Drop-in replacement for next-auth/react hooks and functions.
  * Import from '@payez/next-mvp/client/better-auth-client'.
  *
- * Includes useSessionCompat() — returns NextAuth-shaped { data, status }
- * so existing components don't need destructure pattern changes.
+ * Includes useSessionCompat() — returns a { data, status } shape so existing
+ * components written against the legacy hook don't need destructure changes.
  */
 export declare const authClient: {
     signIn: {
         social: <FetchOptions extends import("@better-auth/core").ClientFetchOption<Partial<{
-            provider: (string & {}) | "linear" | "huggingface" | "github" | "apple" | "atlassian" | "cognito" | "discord" | "facebook" | "figma" | "microsoft" | "google" | "slack" | "spotify" | "twitch" | "twitter" | "dropbox" | "kick" | "linkedin" | "gitlab" | "tiktok" | "reddit" | "roblox" | "salesforce" | "vk" | "zoom" | "notion" | "kakao" | "naver" | "line" | "paybin" | "paypal" | "polar" | "railway" | "vercel" | "wechat";
+            provider: "github" | "apple" | "atlassian" | "cognito" | "discord" | "facebook" | "figma" | "microsoft" | "google" | "huggingface" | "slack" | "spotify" | "twitch" | "twitter" | "dropbox" | "kick" | "linear" | "linkedin" | "gitlab" | "tiktok" | "reddit" | "roblox" | "salesforce" | "vk" | "zoom" | "notion" | "kakao" | "naver" | "line" | "paybin" | "paypal" | "polar" | "railway" | "vercel" | "wechat" | (string & {});
             callbackURL?: string | undefined;
             newUserCallbackURL?: string | undefined;
             errorCallbackURL?: string | undefined;
@@ -34,7 +33,7 @@ export declare const authClient: {
             loginHint?: string | undefined;
             additionalData?: Record<string, any> | undefined;
         }> & Record<string, any>, Partial<Record<string, any>> & Record<string, any>, Record<string, any> | undefined>>(data_0: import("better-auth/react").Prettify<{
-            provider: (string & {}) | "linear" | "huggingface" | "github" | "apple" | "atlassian" | "cognito" | "discord" | "facebook" | "figma" | "microsoft" | "google" | "slack" | "spotify" | "twitch" | "twitter" | "dropbox" | "kick" | "linkedin" | "gitlab" | "tiktok" | "reddit" | "roblox" | "salesforce" | "vk" | "zoom" | "notion" | "kakao" | "naver" | "line" | "paybin" | "paypal" | "polar" | "railway" | "vercel" | "wechat";
+            provider: "github" | "apple" | "atlassian" | "cognito" | "discord" | "facebook" | "figma" | "microsoft" | "google" | "huggingface" | "slack" | "spotify" | "twitch" | "twitter" | "dropbox" | "kick" | "linear" | "linkedin" | "gitlab" | "tiktok" | "reddit" | "roblox" | "salesforce" | "vk" | "zoom" | "notion" | "kakao" | "naver" | "line" | "paybin" | "paypal" | "polar" | "railway" | "vercel" | "wechat" | (string & {});
             callbackURL?: string | undefined;
             newUserCallbackURL?: string | undefined;
             errorCallbackURL?: string | undefined;
@@ -828,7 +827,7 @@ export declare const useSession: () => {
     } | undefined) => Promise<void>;
 }, signIn: {
     social: <FetchOptions extends import("@better-auth/core").ClientFetchOption<Partial<{
-        provider: (string & {}) | "linear" | "huggingface" | "github" | "apple" | "atlassian" | "cognito" | "discord" | "facebook" | "figma" | "microsoft" | "google" | "slack" | "spotify" | "twitch" | "twitter" | "dropbox" | "kick" | "linkedin" | "gitlab" | "tiktok" | "reddit" | "roblox" | "salesforce" | "vk" | "zoom" | "notion" | "kakao" | "naver" | "line" | "paybin" | "paypal" | "polar" | "railway" | "vercel" | "wechat";
+        provider: "github" | "apple" | "atlassian" | "cognito" | "discord" | "facebook" | "figma" | "microsoft" | "google" | "huggingface" | "slack" | "spotify" | "twitch" | "twitter" | "dropbox" | "kick" | "linear" | "linkedin" | "gitlab" | "tiktok" | "reddit" | "roblox" | "salesforce" | "vk" | "zoom" | "notion" | "kakao" | "naver" | "line" | "paybin" | "paypal" | "polar" | "railway" | "vercel" | "wechat" | (string & {});
         callbackURL?: string | undefined;
         newUserCallbackURL?: string | undefined;
         errorCallbackURL?: string | undefined;
@@ -852,7 +851,7 @@ export declare const useSession: () => {
         loginHint?: string | undefined;
         additionalData?: Record<string, any> | undefined;
     }> & Record<string, any>, Partial<Record<string, any>> & Record<string, any>, Record<string, any> | undefined>>(data_0: import("better-auth/react").Prettify<{
-        provider: (string & {}) | "linear" | "huggingface" | "github" | "apple" | "atlassian" | "cognito" | "discord" | "facebook" | "figma" | "microsoft" | "google" | "slack" | "spotify" | "twitch" | "twitter" | "dropbox" | "kick" | "linkedin" | "gitlab" | "tiktok" | "reddit" | "roblox" | "salesforce" | "vk" | "zoom" | "notion" | "kakao" | "naver" | "line" | "paybin" | "paypal" | "polar" | "railway" | "vercel" | "wechat";
+        provider: "github" | "apple" | "atlassian" | "cognito" | "discord" | "facebook" | "figma" | "microsoft" | "google" | "huggingface" | "slack" | "spotify" | "twitch" | "twitter" | "dropbox" | "kick" | "linear" | "linkedin" | "gitlab" | "tiktok" | "reddit" | "roblox" | "salesforce" | "vk" | "zoom" | "notion" | "kakao" | "naver" | "line" | "paybin" | "paypal" | "polar" | "railway" | "vercel" | "wechat" | (string & {});
         callbackURL?: string | undefined;
         newUserCallbackURL?: string | undefined;
         errorCallbackURL?: string | undefined;

package/dist/client/better-auth-client.js

@@ -1,12 +1,11 @@
 "use strict";
 /**
- * Better Auth Client (Phase 3)
+ * Better Auth Client.
  *
- * Drop-in replacement for next-auth/react hooks and functions.
  * Import from '@payez/next-mvp/client/better-auth-client'.
  *
- * Includes useSessionCompat() — returns NextAuth-shaped { data, status }
- * so existing components don't need destructure pattern changes.
+ * Includes useSessionCompat() — returns a { data, status } shape so existing
+ * components written against the legacy hook don't need destructure changes.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.signOut = exports.signIn = exports.useSession = exports.authClient = void 0;