@percepta/create 3.2.0 → 3.3.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@percepta/create",
-  "version": "3.2.0",
+  "version": "3.3.0",
   "description": "Scaffold a new Mosaic package",
   "keywords": [
     "cli",
@@ -38,7 +38,7 @@
     "@types/node": "^24.1.0",
     "@types/validate-npm-package-name": "^4.0.2",
     "vitest": "^4.0.0",
-    "@percepta/build": "0.5.1"
+    "@percepta/build": "1.0.0"
   },
   "engines": {
     "node": ">=18.0.0"

package/templates/monorepo/README.md

@@ -63,9 +63,10 @@ pnpm access:bootstrap-customer-admin -- --subject core/user:<user-id>
 
 ## Shared Auth
 
-The `auth/` workspace owns the customer-global Better Auth schema, including
-`users`, `groups`, and `group_members`. Apps should consume this shared
-identity layer instead of creating app-local users or groups.
+The `auth/` workspace wires the customer-global Better Auth schema from
+`@percepta/auth`, including `users`, `groups`, and `group_members`. Apps should
+consume this shared identity layer instead of creating app-local users or
+groups.
 
 ## Adding a new package
 

package/templates/monorepo/auth/README.md

@@ -1,8 +1,9 @@
 # Shared Auth
 
-This workspace owns the customer-global Better Auth database schema. Apps in the
-customer monorepo should import this package for session validation and user /
-group table references instead of creating app-local auth tables.
+This workspace wires the customer-global Better Auth database schema from
+`@percepta/auth`. Apps in the customer monorepo should import this package for
+session validation and user / group table references instead of creating
+app-local auth tables.
 
 Import auth as `@__APP_NAME__/auth`, the database handle as
 `@__APP_NAME__/auth/db`, and table definitions as `@__APP_NAME__/auth/schema`

package/templates/monorepo/auth/package.json

@@ -17,14 +17,11 @@
     "db:setup-and-migrate": "pnpm db:setup && pnpm db:migrate"
   },
   "dependencies": {
-    "@percepta/access-control": "0.3.2",
-    "better-auth": "^1.6.4",
-    "drizzle-orm": "^0.45.2",
-    "pg": "^8.16.3"
+    "@percepta/auth": "0.1.0",
+    "drizzle-orm": "^0.45.2"
   },
   "devDependencies": {
     "@types/node": "^24.1.0",
-    "@types/pg": "^8.15.4",
     "drizzle-kit": "^0.31.4",
     "tsx": "^4.20.3",
     "typescript": "^5.8.3"

package/templates/monorepo/auth/scripts/setup-database.ts

@@ -1,54 +1,8 @@
-import { Pool } from "pg";
+import { setupAuthDatabase } from "@percepta/auth";
 import { getAuthDatabaseConfig } from "../src/config/database";
 
-const SHARED_DATABASES = new Set(["demos", "internal_apps"]);
-
 async function main(): Promise<void> {
-  const { database, host, password, port, url, user } = getAuthDatabaseConfig();
-
-  if (url != null && url.length > 0) {
-    console.log("AUTH_DATABASE_URL is set; skipping CREATE DATABASE.");
-    return;
-  }
-
-  console.log(`Setting up shared auth database: ${database}`);
-  console.log(`Host: ${host}:${port}`);
-  console.log(`User: ${user}`);
-
-  if (SHARED_DATABASES.has(database)) {
-    console.log(`${database} is a shared infra-managed database; skipping.`);
-    return;
-  }
-
-  const adminClient = new Pool({
-    database: "postgres",
-    host,
-    password,
-    port,
-    user,
-  });
-
-  try {
-    const result = await adminClient.query(
-      "SELECT 1 FROM pg_database WHERE datname = $1",
-      [database],
-    );
-
-    if (result.rows.length === 0) {
-      await adminClient.query(
-        `CREATE DATABASE ${escapePgIdentifier(database)}`,
-      );
-      console.log(`Database ${database} created successfully.`);
-    } else {
-      console.log(`Database ${database} already exists.`);
-    }
-  } finally {
-    await adminClient.end();
-  }
-}
-
-function escapePgIdentifier(identifier: string): string {
-  return `"${identifier.replaceAll('"', '""')}"`;
+  await setupAuthDatabase({ config: getAuthDatabaseConfig() });
 }
 
 void main().catch((error) => {

package/templates/monorepo/auth/src/auth.ts

@@ -1,6 +1,4 @@
-import { betterAuth } from "better-auth";
-import { drizzleAdapter } from "better-auth/adapters/drizzle";
-import { admin } from "better-auth/plugins";
+import { createLazyAuth, createPerceptaAuth } from "@percepta/auth/better-auth";
 import { db } from "./drizzle/db";
 import { accounts } from "./drizzle/schema/auth/accounts";
 import { sessions } from "./drizzle/schema/auth/sessions";
@@ -27,51 +25,23 @@ function getSecret(): string {
 }
 
 function createAuth() {
-  return betterAuth({
+  return createPerceptaAuth({
     baseURL: process.env.BETTER_AUTH_URL ?? "http://localhost:3000",
-    secret: getSecret(),
-    database: drizzleAdapter(db, {
-      provider: "pg",
-      schema: {
-        user: users,
-        session: sessions,
-        account: accounts,
-        verification: verifications,
-      },
-    }),
-    emailAndPassword: {
-      enabled: true,
-    },
-    plugins: [admin()],
-    advanced: {
-      database: {
-        generateId: false,
-      },
+    database: db,
+    schema: {
+      user: users,
+      session: sessions,
+      account: accounts,
+      verification: verifications,
     },
+    secret: getSecret(),
   });
 }
 
-type Auth = ReturnType<typeof createAuth>;
-
-let authInstance: Auth | undefined;
-
-function getAuth(): Auth {
-  authInstance ??= createAuth();
-  return authInstance;
-}
-
 /**
  * Lazy proxy so app builds can import the shared auth package without requiring
  * runtime secrets until Better Auth is actually used.
  */
-export const auth: Auth = new Proxy({} as Auth, {
-  get(_target, prop, receiver) {
-    // eslint-disable-next-line @typescript-eslint/no-unsafe-return
-    return Reflect.get(getAuth(), prop, receiver);
-  },
-  has(_target, prop) {
-    return Reflect.has(getAuth(), prop);
-  },
-});
+export const auth = createLazyAuth(createAuth);
 
 export type BetterAuthSession = typeof auth.$Infer.Session;

package/templates/monorepo/auth/src/config/database.ts

@@ -1,31 +1,15 @@
-export interface AuthDatabaseConfig {
-  readonly database: string;
-  readonly host: string;
-  readonly password: string;
-  readonly port: number;
-  readonly url?: string;
-  readonly user: string;
-}
+import {
+  createAuthDatabaseConnectionString,
+  readAuthDatabaseConfig,
+  type AuthDatabaseConfig,
+} from "@percepta/auth";
+
+export type { AuthDatabaseConfig } from "@percepta/auth";
 
 export function getAuthDatabaseConfig(): AuthDatabaseConfig {
-  return {
-    database: process.env.AUTH_DATABASE_NAME ?? "__DB_NAME__",
-    host: process.env.DATABASE_HOST ?? "localhost",
-    password: process.env.DATABASE_PASSWORD ?? "postgres",
-    port: Number(process.env.DATABASE_PORT ?? 5434),
-    url: process.env.AUTH_DATABASE_URL,
-    user: process.env.DATABASE_USERNAME ?? "postgres",
-  };
+  return readAuthDatabaseConfig({ defaultDatabaseName: "__DB_NAME__" });
 }
 
 export function getAuthDatabaseConnectionString(): string {
-  const { database, host, password, port, url, user } = getAuthDatabaseConfig();
-  if (url != null && url.length > 0) {
-    return url;
-  }
-
-  return (
-    `postgresql://${encodeURIComponent(user)}:${encodeURIComponent(password)}` +
-    `@${host}:${port}/${encodeURIComponent(database)}`
-  );
+  return createAuthDatabaseConnectionString(getAuthDatabaseConfig());
 }

package/templates/monorepo/auth/src/drizzle/db.ts

@@ -1,9 +1,8 @@
-import { type NodePgDatabase, drizzle } from "drizzle-orm/node-postgres";
-import { Pool } from "pg";
+import { createAuthDatabase } from "@percepta/auth/drizzle";
 import { getAuthDatabaseConnectionString } from "../config/database";
 import * as schema from "./schema";
 
-export const client = new Pool({
+export const { client, db } = createAuthDatabase({
   connectionString: getAuthDatabaseConnectionString(),
+  schema,
 });
-export const db: NodePgDatabase<typeof schema> = drizzle(client, { schema });

package/templates/monorepo/auth/src/drizzle/schema/auth/accounts.ts

@@ -1,28 +1,7 @@
-import { integer, pgTable, text, timestamp, uuid } from "drizzle-orm/pg-core";
+import { createAccountsTable } from "@percepta/auth/drizzle";
 import { users } from "../users";
 
-export const accounts = pgTable("account", {
-  id: text("id")
-    .$defaultFn(() => crypto.randomUUID())
-    .primaryKey(),
-  userId: uuid("user_id")
-    .notNull()
-    .references(() => users.id, { onDelete: "cascade" }),
-  accountId: text("account_id").notNull(),
-  providerId: text("provider_id").notNull(),
-  accessToken: text("access_token"),
-  refreshToken: text("refresh_token"),
-  expiresAt: integer("expires_at"),
-  accessTokenExpiresAt: timestamp("access_token_expires_at", { mode: "date" }),
-  refreshTokenExpiresAt: timestamp("refresh_token_expires_at", {
-    mode: "date",
-  }),
-  scope: text("scope"),
-  idToken: text("id_token"),
-  password: text("password"),
-  createdAt: timestamp("created_at", { mode: "date" }).notNull(),
-  updatedAt: timestamp("updated_at", { mode: "date" }).notNull(),
-});
+export const accounts = createAccountsTable({ usersTable: users });
 
 export type Account = typeof accounts.$inferSelect;
 export type NewAccount = typeof accounts.$inferInsert;

package/templates/monorepo/auth/src/drizzle/schema/auth/sessions.ts

@@ -1,21 +1,7 @@
-import { pgTable, text, timestamp, uuid } from "drizzle-orm/pg-core";
+import { createSessionsTable } from "@percepta/auth/drizzle";
 import { users } from "../users";
 
-export const sessions = pgTable("session", {
-  id: text("id")
-    .$defaultFn(() => crypto.randomUUID())
-    .primaryKey(),
-  userId: uuid("user_id")
-    .notNull()
-    .references(() => users.id, { onDelete: "cascade" }),
-  token: text("token").notNull().unique(),
-  expiresAt: timestamp("expires_at", { mode: "date" }).notNull(),
-  ipAddress: text("ip_address"),
-  userAgent: text("user_agent"),
-  impersonatedBy: text("impersonated_by"),
-  createdAt: timestamp("created_at", { mode: "date" }).notNull(),
-  updatedAt: timestamp("updated_at", { mode: "date" }).notNull(),
-});
+export const sessions = createSessionsTable({ usersTable: users });
 
 export type Session = typeof sessions.$inferSelect;
 export type NewSession = typeof sessions.$inferInsert;

package/templates/monorepo/auth/src/drizzle/schema/auth/verifications.ts

@@ -1,15 +1,6 @@
-import { pgTable, text, timestamp } from "drizzle-orm/pg-core";
+import { createVerificationsTable } from "@percepta/auth/drizzle";
 
-export const verifications = pgTable("verification", {
-  id: text("id")
-    .$defaultFn(() => crypto.randomUUID())
-    .primaryKey(),
-  identifier: text("identifier").notNull(),
-  value: text("value").notNull(),
-  expiresAt: timestamp("expires_at", { mode: "date" }).notNull(),
-  createdAt: timestamp("created_at", { mode: "date" }),
-  updatedAt: timestamp("updated_at", { mode: "date" }),
-});
+export const verifications = createVerificationsTable();
 
 export type Verification = typeof verifications.$inferSelect;
 export type NewVerification = typeof verifications.$inferInsert;

package/templates/monorepo/auth/src/drizzle/schema/groups.ts

@@ -1,7 +1,7 @@
 import {
   createGroupMembersTable,
   createGroupsTable,
-} from "@percepta/access-control/drizzle";
+} from "@percepta/auth/drizzle";
 import { users } from "./users";
 
 export const groups = createGroupsTable();

package/templates/monorepo/auth/src/drizzle/schema/users.ts

@@ -1,4 +1,4 @@
-import { createUsersTable } from "@percepta/access-control/drizzle";
+import { createUsersTable } from "@percepta/auth/drizzle";
 
 export const users = createUsersTable();