npm - @robelest/convex-auth - Versions diffs - 0.0.4-preview.2 → 0.0.4-preview.21 - Mend

@robelest/convex-auth 0.0.4-preview.2 → 0.0.4-preview.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (798) hide show

package/README.md +67 -26
package/dist/authorization/index.d.ts +63 -0
package/dist/authorization/index.d.ts.map +1 -0
package/dist/authorization/index.js +63 -0
package/dist/authorization/index.js.map +1 -0
package/dist/bin.js +6185 -0
package/dist/client/core/types.d.ts +20 -0
package/dist/client/core/types.d.ts.map +1 -0
package/dist/client/index.d.ts +2 -299
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +407 -534
package/dist/client/index.js.map +1 -1
package/dist/component/_generated/api.d.ts +42 -0
package/dist/component/_generated/api.d.ts.map +1 -1
package/dist/component/_generated/api.js.map +1 -1
package/dist/component/_generated/component.d.ts +2546 -90
package/dist/component/_generated/component.d.ts.map +1 -1
package/dist/component/client/core/types.d.ts +2 -0
package/dist/component/client/index.d.ts +2 -0
package/dist/component/convex.config.d.ts +2 -2
package/dist/component/functions.d.ts +11 -9
package/dist/component/functions.d.ts.map +1 -1
package/dist/component/functions.js.map +1 -1
package/dist/component/index.d.ts +7 -11
package/dist/component/index.js +2 -3
package/dist/component/model.d.ts +153 -0
package/dist/component/model.d.ts.map +1 -0
package/dist/component/model.js +349 -0
package/dist/component/model.js.map +1 -0
package/dist/component/providers/anonymous.d.ts +54 -0
package/dist/component/providers/anonymous.d.ts.map +1 -0
package/dist/component/providers/credentials.d.ts +5 -5
package/dist/component/providers/credentials.d.ts.map +1 -1
package/dist/component/providers/device.d.ts +67 -0
package/dist/component/providers/device.d.ts.map +1 -0
package/dist/component/providers/email.d.ts +62 -0
package/dist/component/providers/email.d.ts.map +1 -0
package/dist/component/providers/oauth.d.ts.map +1 -1
package/dist/component/providers/oauth.js.map +1 -1
package/dist/component/providers/passkey.d.ts +57 -0
package/dist/component/providers/passkey.d.ts.map +1 -0
package/dist/component/providers/password.d.ts +88 -0
package/dist/component/providers/password.d.ts.map +1 -0
package/dist/component/providers/phone.d.ts +48 -0
package/dist/component/providers/phone.d.ts.map +1 -0
package/dist/component/providers/sso.d.ts +50 -0
package/dist/component/providers/sso.d.ts.map +1 -0
package/dist/component/providers/totp.d.ts +45 -0
package/dist/component/providers/totp.d.ts.map +1 -0
package/dist/component/public/enterprise/audit.d.ts +73 -0
package/dist/component/public/enterprise/audit.d.ts.map +1 -0
package/dist/component/public/enterprise/audit.js +108 -0
package/dist/component/public/enterprise/audit.js.map +1 -0
package/dist/component/public/enterprise/core.d.ts +176 -0
package/dist/component/public/enterprise/core.d.ts.map +1 -0
package/dist/component/public/enterprise/core.js +292 -0
package/dist/component/public/enterprise/core.js.map +1 -0
package/dist/component/public/enterprise/domains.d.ts +174 -0
package/dist/component/public/enterprise/domains.d.ts.map +1 -0
package/dist/component/public/enterprise/domains.js +271 -0
package/dist/component/public/enterprise/domains.js.map +1 -0
package/dist/component/public/enterprise/scim.d.ts +245 -0
package/dist/component/public/enterprise/scim.d.ts.map +1 -0
package/dist/component/public/enterprise/scim.js +344 -0
package/dist/component/public/enterprise/scim.js.map +1 -0
package/dist/component/public/enterprise/secrets.d.ts +78 -0
package/dist/component/public/enterprise/secrets.d.ts.map +1 -0
package/dist/component/public/enterprise/secrets.js +118 -0
package/dist/component/public/enterprise/secrets.js.map +1 -0
package/dist/component/public/enterprise/webhooks.d.ts +211 -0
package/dist/component/public/enterprise/webhooks.d.ts.map +1 -0
package/dist/component/public/enterprise/webhooks.js +300 -0
package/dist/component/public/enterprise/webhooks.js.map +1 -0
package/dist/component/public/factors/devices.d.ts +157 -0
package/dist/component/public/factors/devices.d.ts.map +1 -0
package/dist/component/public/factors/devices.js +216 -0
package/dist/component/public/factors/devices.js.map +1 -0
package/dist/component/public/factors/passkeys.d.ts +175 -0
package/dist/component/public/factors/passkeys.d.ts.map +1 -0
package/dist/component/public/factors/passkeys.js +238 -0
package/dist/component/public/factors/passkeys.js.map +1 -0
package/dist/component/public/factors/totp.d.ts +189 -0
package/dist/component/public/factors/totp.d.ts.map +1 -0
package/dist/component/public/factors/totp.js +254 -0
package/dist/component/public/factors/totp.js.map +1 -0
package/dist/component/public/groups/core.d.ts +137 -0
package/dist/component/public/groups/core.d.ts.map +1 -0
package/dist/component/public/groups/core.js +321 -0
package/dist/component/public/groups/core.js.map +1 -0
package/dist/component/public/groups/invites.d.ts +217 -0
package/dist/component/public/groups/invites.d.ts.map +1 -0
package/dist/component/public/groups/invites.js +457 -0
package/dist/component/public/groups/invites.js.map +1 -0
package/dist/component/public/groups/members.d.ts +204 -0
package/dist/component/public/groups/members.d.ts.map +1 -0
package/dist/component/public/groups/members.js +355 -0
package/dist/component/public/groups/members.js.map +1 -0
package/dist/component/public/identity/accounts.d.ts +147 -0
package/dist/component/public/identity/accounts.d.ts.map +1 -0
package/dist/component/public/identity/accounts.js +200 -0
package/dist/component/public/identity/accounts.js.map +1 -0
package/dist/component/public/identity/codes.d.ts +104 -0
package/dist/component/public/identity/codes.d.ts.map +1 -0
package/dist/component/public/identity/codes.js +140 -0
package/dist/component/public/identity/codes.js.map +1 -0
package/dist/component/public/identity/sessions.d.ts +128 -0
package/dist/component/public/identity/sessions.d.ts.map +1 -0
package/dist/component/public/identity/sessions.js +192 -0
package/dist/component/public/identity/sessions.js.map +1 -0
package/dist/component/public/identity/tokens.d.ts +169 -0
package/dist/component/public/identity/tokens.d.ts.map +1 -0
package/dist/component/public/identity/tokens.js +227 -0
package/dist/component/public/identity/tokens.js.map +1 -0
package/dist/component/public/identity/users.d.ts +212 -0
package/dist/component/public/identity/users.d.ts.map +1 -0
package/dist/component/public/identity/users.js +311 -0
package/dist/component/public/identity/users.js.map +1 -0
package/dist/component/public/identity/verifiers.d.ts +116 -0
package/dist/component/public/identity/verifiers.d.ts.map +1 -0
package/dist/component/public/identity/verifiers.js +154 -0
package/dist/component/public/identity/verifiers.js.map +1 -0
package/dist/component/public/security/keys.d.ts +209 -0
package/dist/component/public/security/keys.d.ts.map +1 -0
package/dist/component/public/security/keys.js +319 -0
package/dist/component/public/security/keys.js.map +1 -0
package/dist/component/public/security/limits.d.ts +114 -0
package/dist/component/public/security/limits.d.ts.map +1 -0
package/dist/component/public/security/limits.js +169 -0
package/dist/component/public/security/limits.js.map +1 -0
package/dist/component/public.d.ts +24 -271
package/dist/component/public.d.ts.map +1 -1
package/dist/component/public.js +21 -1229
package/dist/component/schema.d.ts +473 -110
package/dist/component/schema.js +162 -73
package/dist/component/schema.js.map +1 -1
package/dist/component/server/auth.d.ts +318 -373
package/dist/component/server/auth.d.ts.map +1 -1
package/dist/component/server/auth.js +204 -123
package/dist/component/server/auth.js.map +1 -1
package/dist/component/server/authError.js +34 -0
package/dist/component/server/authError.js.map +1 -0
package/dist/component/server/{providers.js → config.js} +43 -12
package/dist/component/server/config.js.map +1 -0
package/dist/component/server/cookies.js +3 -0
package/dist/component/server/cookies.js.map +1 -1
package/dist/component/server/core.js +713 -0
package/dist/component/server/core.js.map +1 -0
package/dist/component/server/crypto.js +38 -0
package/dist/component/server/crypto.js.map +1 -0
package/dist/component/server/{implementation/db.js → db.js} +2 -1
package/dist/component/server/db.js.map +1 -0
package/dist/component/server/device.js +109 -0
package/dist/component/server/device.js.map +1 -0
package/dist/component/server/enterprise/config.js +46 -0
package/dist/component/server/enterprise/config.js.map +1 -0
package/dist/component/server/enterprise/domain.js +885 -0
package/dist/component/server/enterprise/domain.js.map +1 -0
package/dist/component/server/enterprise/http.js +766 -0
package/dist/component/server/enterprise/http.js.map +1 -0
package/dist/component/server/enterprise/oidc.js +248 -0
package/dist/component/server/enterprise/oidc.js.map +1 -0
package/dist/component/server/enterprise/policy.js +85 -0
package/dist/component/server/enterprise/policy.js.map +1 -0
package/dist/component/server/enterprise/saml.js +338 -0
package/dist/component/server/enterprise/saml.js.map +1 -0
package/dist/component/server/enterprise/scim.js +97 -0
package/dist/component/server/enterprise/scim.js.map +1 -0
package/dist/component/server/enterprise/shared.js +51 -0
package/dist/component/server/enterprise/shared.js.map +1 -0
package/dist/component/server/errors.d.ts +1 -0
package/dist/component/server/errors.js +24 -16
package/dist/component/server/errors.js.map +1 -1
package/dist/component/server/http.js +288 -0
package/dist/component/server/http.js.map +1 -0
package/dist/component/server/identity.js +13 -0
package/dist/component/server/identity.js.map +1 -0
package/dist/{server/implementation → component/server}/keys.js +9 -31
package/dist/component/server/keys.js.map +1 -0
package/dist/component/server/limits.js +61 -0
package/dist/component/server/limits.js.map +1 -0
package/dist/component/server/mutations/account.js +44 -0
package/dist/component/server/mutations/account.js.map +1 -0
package/dist/component/server/{implementation/mutations → mutations}/code.js +7 -4
package/dist/component/server/mutations/code.js.map +1 -0
package/dist/component/server/mutations/invalidate.js +32 -0
package/dist/component/server/mutations/invalidate.js.map +1 -0
package/dist/component/server/mutations/oauth.js +110 -0
package/dist/component/server/mutations/oauth.js.map +1 -0
package/dist/component/server/mutations/refresh.js +119 -0
package/dist/component/server/mutations/refresh.js.map +1 -0
package/dist/component/server/mutations/register.js +83 -0
package/dist/component/server/mutations/register.js.map +1 -0
package/dist/component/server/mutations/retrieve.js +65 -0
package/dist/component/server/mutations/retrieve.js.map +1 -0
package/dist/component/server/mutations/signature.js +32 -0
package/dist/component/server/mutations/signature.js.map +1 -0
package/dist/component/server/{implementation/mutations → mutations}/signin.js +2 -2
package/dist/component/server/mutations/signin.js.map +1 -0
package/dist/component/server/mutations/signout.js +27 -0
package/dist/component/server/mutations/signout.js.map +1 -0
package/dist/component/server/mutations/store/refs.js +15 -0
package/dist/component/server/mutations/store/refs.js.map +1 -0
package/dist/component/server/mutations/store.js +85 -0
package/dist/component/server/mutations/store.js.map +1 -0
package/dist/component/server/mutations/verifier.js +18 -0
package/dist/component/server/mutations/verifier.js.map +1 -0
package/dist/component/server/mutations/verify.js +98 -0
package/dist/component/server/mutations/verify.js.map +1 -0
package/dist/component/server/oauth.js +106 -60
package/dist/component/server/oauth.js.map +1 -1
package/dist/component/server/passkey.js +328 -0
package/dist/component/server/passkey.js.map +1 -0
package/dist/{server/implementation → component/server}/redirects.js +13 -11
package/dist/component/server/redirects.js.map +1 -0
package/dist/component/server/refresh.js +96 -0
package/dist/component/server/refresh.js.map +1 -0
package/dist/component/server/runtime.d.ts +136 -0
package/dist/component/server/runtime.d.ts.map +1 -0
package/dist/component/server/runtime.js +413 -0
package/dist/component/server/runtime.js.map +1 -0
package/dist/{server/implementation → component/server}/sessions.js +14 -8
package/dist/component/server/sessions.js.map +1 -0
package/dist/component/server/signin.js +201 -0
package/dist/component/server/signin.js.map +1 -0
package/dist/component/server/tokens.js +17 -0
package/dist/component/server/tokens.js.map +1 -0
package/dist/component/server/totp.js +148 -0
package/dist/component/server/totp.js.map +1 -0
package/dist/component/server/types.d.ts +387 -298
package/dist/component/server/types.d.ts.map +1 -1
package/dist/component/server/{implementation/types.js → types.js} +1 -1
package/dist/component/server/types.js.map +1 -0
package/dist/component/server/{implementation/users.js → users.js} +54 -35
package/dist/component/server/users.js.map +1 -0
package/dist/component/server/utils.js +110 -4
package/dist/component/server/utils.js.map +1 -1
package/dist/core/types.d.ts +369 -0
package/dist/core/types.d.ts.map +1 -0
package/dist/factors/device.js +105 -0
package/dist/factors/device.js.map +1 -0
package/dist/factors/passkey.js +181 -0
package/dist/factors/passkey.js.map +1 -0
package/dist/factors/totp.js +122 -0
package/dist/factors/totp.js.map +1 -0
package/dist/providers/anonymous.d.ts +3 -9
package/dist/providers/anonymous.d.ts.map +1 -1
package/dist/providers/anonymous.js +1 -18
package/dist/providers/anonymous.js.map +1 -1
package/dist/providers/credentials.d.ts +8 -10
package/dist/providers/credentials.d.ts.map +1 -1
package/dist/providers/credentials.js +3 -5
package/dist/providers/credentials.js.map +1 -1
package/dist/providers/device.d.ts +18 -10
package/dist/providers/device.d.ts.map +1 -1
package/dist/providers/device.js +4 -8
package/dist/providers/device.js.map +1 -1
package/dist/providers/email.d.ts +50 -23
package/dist/providers/email.d.ts.map +1 -1
package/dist/providers/email.js +58 -34
package/dist/providers/email.js.map +1 -1
package/dist/providers/index.d.ts +7 -3
package/dist/providers/index.js +4 -1
package/dist/providers/oauth.d.ts.map +1 -1
package/dist/providers/oauth.js.map +1 -1
package/dist/providers/passkey.d.ts +12 -9
package/dist/providers/passkey.d.ts.map +1 -1
package/dist/providers/passkey.js +1 -7
package/dist/providers/passkey.js.map +1 -1
package/dist/providers/password.d.ts +6 -12
package/dist/providers/password.d.ts.map +1 -1
package/dist/providers/password.js +189 -89
package/dist/providers/password.js.map +1 -1
package/dist/providers/phone.d.ts +40 -11
package/dist/providers/phone.d.ts.map +1 -1
package/dist/providers/phone.js +52 -21
package/dist/providers/phone.js.map +1 -1
package/dist/providers/sso.d.ts +50 -0
package/dist/providers/sso.d.ts.map +1 -0
package/dist/providers/sso.js +34 -0
package/dist/providers/sso.js.map +1 -0
package/dist/providers/totp.d.ts +12 -9
package/dist/providers/totp.d.ts.map +1 -1
package/dist/providers/totp.js +1 -7
package/dist/providers/totp.js.map +1 -1
package/dist/runtime/browser.js +68 -0
package/dist/runtime/browser.js.map +1 -0
package/dist/runtime/invite.js +51 -0
package/dist/runtime/invite.js.map +1 -0
package/dist/runtime/proxy.js +70 -0
package/dist/runtime/proxy.js.map +1 -0
package/dist/runtime/storage.js +37 -0
package/dist/runtime/storage.js.map +1 -0
package/dist/server/auth.d.ts +335 -370
package/dist/server/auth.d.ts.map +1 -1
package/dist/server/auth.js +204 -123
package/dist/server/auth.js.map +1 -1
package/dist/server/authError.d.ts +46 -0
package/dist/server/authError.d.ts.map +1 -0
package/dist/server/authError.js +34 -0
package/dist/server/authError.js.map +1 -0
package/dist/server/config.d.ts +1 -0
package/dist/server/{providers.js → config.js} +43 -12
package/dist/server/config.js.map +1 -0
package/dist/server/cookies.d.ts +1 -38
package/dist/server/cookies.js +3 -0
package/dist/server/cookies.js.map +1 -1
package/dist/server/core.d.ts +1436 -0
package/dist/server/core.d.ts.map +1 -0
package/dist/server/core.js +713 -0
package/dist/server/core.js.map +1 -0
package/dist/server/crypto.d.ts +8 -0
package/dist/server/crypto.d.ts.map +1 -0
package/dist/server/crypto.js +38 -0
package/dist/server/crypto.js.map +1 -0
package/dist/server/db.d.ts +1 -0
package/dist/server/{implementation/db.js → db.js} +2 -1
package/dist/server/db.js.map +1 -0
package/dist/server/device.d.ts +1 -0
package/dist/server/device.js +109 -0
package/dist/server/device.js.map +1 -0
package/dist/server/enterprise/config.d.ts +1 -0
package/dist/server/enterprise/config.js +46 -0
package/dist/server/enterprise/config.js.map +1 -0
package/dist/server/enterprise/domain.d.ts +409 -0
package/dist/server/enterprise/domain.d.ts.map +1 -0
package/dist/server/enterprise/domain.js +885 -0
package/dist/server/enterprise/domain.js.map +1 -0
package/dist/server/enterprise/http.d.ts +26 -0
package/dist/server/enterprise/http.d.ts.map +1 -0
package/dist/server/enterprise/http.js +766 -0
package/dist/server/enterprise/http.js.map +1 -0
package/dist/server/enterprise/oidc.d.ts +1 -0
package/dist/server/enterprise/oidc.js +248 -0
package/dist/server/enterprise/oidc.js.map +1 -0
package/dist/server/enterprise/policy.d.ts +1 -0
package/dist/server/enterprise/policy.js +85 -0
package/dist/server/enterprise/policy.js.map +1 -0
package/dist/server/enterprise/saml.d.ts +1 -0
package/dist/server/enterprise/saml.js +338 -0
package/dist/server/enterprise/saml.js.map +1 -0
package/dist/server/enterprise/scim.d.ts +1 -0
package/dist/server/enterprise/scim.js +97 -0
package/dist/server/enterprise/scim.js.map +1 -0
package/dist/server/enterprise/shared.d.ts +5 -0
package/dist/server/enterprise/shared.d.ts.map +1 -0
package/dist/server/enterprise/shared.js +51 -0
package/dist/server/enterprise/shared.js.map +1 -0
package/dist/server/enterprise/validators.d.ts +1 -0
package/dist/server/enterprise/validators.js +60 -0
package/dist/server/enterprise/validators.js.map +1 -0
package/dist/server/errors.d.ts +33 -1
package/dist/server/errors.d.ts.map +1 -1
package/dist/server/errors.js +44 -1
package/dist/server/errors.js.map +1 -1
package/dist/server/http.d.ts +59 -0
package/dist/server/http.d.ts.map +1 -0
package/dist/server/http.js +288 -0
package/dist/server/http.js.map +1 -0
package/dist/server/identity.d.ts +1 -0
package/dist/server/identity.js +13 -0
package/dist/server/identity.js.map +1 -0
package/dist/server/index.d.ts +4 -182
package/dist/server/index.js +4 -376
package/dist/server/keys.d.ts +1 -0
package/dist/{component/server/implementation → server}/keys.js +9 -31
package/dist/server/keys.js.map +1 -0
package/dist/server/limits.d.ts +1 -0
package/dist/server/limits.js +61 -0
package/dist/server/limits.js.map +1 -0
package/dist/server/mounts.d.ts +647 -0
package/dist/server/mounts.d.ts.map +1 -0
package/dist/server/mounts.js +643 -0
package/dist/server/mounts.js.map +1 -0
package/dist/server/mutations/account.d.ts +30 -0
package/dist/server/mutations/account.d.ts.map +1 -0
package/dist/server/mutations/account.js +44 -0
package/dist/server/mutations/account.js.map +1 -0
package/dist/server/mutations/code.d.ts +30 -0
package/dist/server/mutations/code.d.ts.map +1 -0
package/dist/server/{implementation/mutations → mutations}/code.js +7 -4
package/dist/server/mutations/code.js.map +1 -0
package/dist/server/mutations/index.d.ts +14 -0
package/dist/server/mutations/index.js +15 -0
package/dist/server/mutations/invalidate.d.ts +20 -0
package/dist/server/mutations/invalidate.d.ts.map +1 -0
package/dist/server/mutations/invalidate.js +32 -0
package/dist/server/mutations/invalidate.js.map +1 -0
package/dist/server/mutations/oauth.d.ts +28 -0
package/dist/server/mutations/oauth.d.ts.map +1 -0
package/dist/server/mutations/oauth.js +110 -0
package/dist/server/mutations/oauth.js.map +1 -0
package/dist/server/mutations/refresh.d.ts +21 -0
package/dist/server/mutations/refresh.d.ts.map +1 -0
package/dist/server/mutations/refresh.js +119 -0
package/dist/server/mutations/refresh.js.map +1 -0
package/dist/server/mutations/register.d.ts +38 -0
package/dist/server/mutations/register.d.ts.map +1 -0
package/dist/server/mutations/register.js +83 -0
package/dist/server/mutations/register.js.map +1 -0
package/dist/server/mutations/retrieve.d.ts +33 -0
package/dist/server/mutations/retrieve.d.ts.map +1 -0
package/dist/server/mutations/retrieve.js +65 -0
package/dist/server/mutations/retrieve.js.map +1 -0
package/dist/server/mutations/signature.d.ts +22 -0
package/dist/server/mutations/signature.d.ts.map +1 -0
package/dist/server/mutations/signature.js +32 -0
package/dist/server/mutations/signature.js.map +1 -0
package/dist/server/mutations/signin.d.ts +22 -0
package/dist/server/mutations/signin.d.ts.map +1 -0
package/dist/server/{implementation/mutations → mutations}/signin.js +2 -2
package/dist/server/mutations/signin.js.map +1 -0
package/dist/server/mutations/signout.d.ts +16 -0
package/dist/server/mutations/signout.d.ts.map +1 -0
package/dist/server/mutations/signout.js +27 -0
package/dist/server/mutations/signout.js.map +1 -0
package/dist/server/mutations/store/refs.d.ts +12 -0
package/dist/server/mutations/store/refs.d.ts.map +1 -0
package/dist/server/mutations/store/refs.js +15 -0
package/dist/server/mutations/store/refs.js.map +1 -0
package/dist/server/mutations/store.d.ts +306 -0
package/dist/server/mutations/store.d.ts.map +1 -0
package/dist/server/mutations/store.js +85 -0
package/dist/server/mutations/store.js.map +1 -0
package/dist/server/mutations/verifier.d.ts +13 -0
package/dist/server/mutations/verifier.d.ts.map +1 -0
package/dist/server/mutations/verifier.js +18 -0
package/dist/server/mutations/verifier.js.map +1 -0
package/dist/server/mutations/verify.d.ts +26 -0
package/dist/server/mutations/verify.d.ts.map +1 -0
package/dist/server/mutations/verify.js +98 -0
package/dist/server/mutations/verify.js.map +1 -0
package/dist/server/oauth.d.ts +1 -48
package/dist/server/oauth.js +107 -64
package/dist/server/oauth.js.map +1 -1
package/dist/server/passkey.d.ts +27 -0
package/dist/server/passkey.d.ts.map +1 -0
package/dist/server/passkey.js +328 -0
package/dist/server/passkey.js.map +1 -0
package/dist/server/redirects.d.ts +1 -0
package/dist/{component/server/implementation → server}/redirects.js +13 -11
package/dist/server/redirects.js.map +1 -0
package/dist/server/refresh.d.ts +1 -0
package/dist/server/refresh.js +96 -0
package/dist/server/refresh.js.map +1 -0
package/dist/server/runtime.d.ts +136 -0
package/dist/server/runtime.d.ts.map +1 -0
package/dist/server/runtime.js +413 -0
package/dist/server/runtime.js.map +1 -0
package/dist/server/sessions.d.ts +1 -0
package/dist/{component/server/implementation → server}/sessions.js +14 -8
package/dist/server/sessions.js.map +1 -0
package/dist/server/signin.d.ts +1 -0
package/dist/server/signin.js +201 -0
package/dist/server/signin.js.map +1 -0
package/dist/server/ssr.d.ts +226 -0
package/dist/server/ssr.d.ts.map +1 -0
package/dist/server/ssr.js +786 -0
package/dist/server/ssr.js.map +1 -0
package/dist/server/templates.d.ts +1 -21
package/dist/server/templates.js +2 -1
package/dist/server/templates.js.map +1 -1
package/dist/server/tokens.d.ts +1 -0
package/dist/server/tokens.js +17 -0
package/dist/server/tokens.js.map +1 -0
package/dist/server/totp.d.ts +1 -0
package/dist/server/totp.js +148 -0
package/dist/server/totp.js.map +1 -0
package/dist/server/types.d.ts +498 -306
package/dist/server/types.d.ts.map +1 -1
package/dist/server/types.js +108 -1
package/dist/server/types.js.map +1 -0
package/dist/server/users.d.ts +1 -0
package/dist/server/{implementation/users.js → users.js} +54 -35
package/dist/server/users.js.map +1 -0
package/dist/server/utils.d.ts +1 -6
package/dist/server/utils.js +110 -4
package/dist/server/utils.js.map +1 -1
package/package.json +49 -46
package/src/authorization/index.ts +83 -0
package/src/cli/bin.ts +5 -0
package/src/cli/command.ts +6 -5
package/src/cli/index.ts +456 -248
package/src/cli/keys.ts +3 -0
package/src/client/core/types.ts +437 -0
package/src/client/factors/device.ts +160 -0
package/src/client/factors/passkey.ts +282 -0
package/src/client/factors/totp.ts +150 -0
package/src/client/index.ts +745 -989
package/src/client/runtime/browser.ts +112 -0
package/src/client/runtime/invite.ts +65 -0
package/src/client/runtime/proxy.ts +111 -0
package/src/client/runtime/storage.ts +79 -0
package/src/component/_generated/api.ts +42 -0
package/src/component/_generated/component.ts +3123 -102
package/src/component/functions.ts +38 -22
package/src/component/index.ts +10 -20
package/src/component/model.ts +449 -0
package/src/component/public/enterprise/audit.ts +120 -0
package/src/component/public/enterprise/core.ts +354 -0
package/src/component/public/enterprise/domains.ts +323 -0
package/src/component/public/enterprise/scim.ts +396 -0
package/src/component/public/enterprise/secrets.ts +132 -0
package/src/component/public/enterprise/webhooks.ts +306 -0
package/src/component/public/factors/devices.ts +223 -0
package/src/component/public/factors/passkeys.ts +242 -0
package/src/component/public/factors/totp.ts +258 -0
package/src/component/public/groups/core.ts +481 -0
package/src/component/public/groups/invites.ts +602 -0
package/src/component/public/groups/members.ts +409 -0
package/src/component/public/identity/accounts.ts +206 -0
package/src/component/public/identity/codes.ts +148 -0
package/src/component/public/identity/sessions.ts +209 -0
package/src/component/public/identity/tokens.ts +250 -0
package/src/component/public/identity/users.ts +354 -0
package/src/component/public/identity/verifiers.ts +157 -0
package/src/component/public/security/keys.ts +365 -0
package/src/component/public/security/limits.ts +173 -0
package/src/component/public.ts +26 -1766
package/src/component/schema.ts +273 -100
package/src/providers/anonymous.ts +10 -20
package/src/providers/credentials.ts +14 -22
package/src/providers/device.ts +3 -14
package/src/providers/email.ts +83 -47
package/src/providers/index.ts +7 -0
package/src/providers/oauth.ts +5 -3
package/src/providers/passkey.ts +0 -13
package/src/providers/password.ts +307 -130
package/src/providers/phone.ts +81 -37
package/src/providers/sso.ts +54 -0
package/src/providers/totp.ts +0 -13
package/src/samlify.d.ts +53 -0
package/src/server/auth.ts +701 -247
package/src/server/authError.ts +44 -0
package/src/server/{providers.ts → config.ts} +84 -15
package/src/server/cookies.ts +8 -1
package/src/server/core.ts +2095 -0
package/src/server/crypto.ts +88 -0
package/src/server/{implementation/db.ts → db.ts} +90 -15
package/src/server/device.ts +221 -0
package/src/server/enterprise/config.ts +51 -0
package/src/server/enterprise/domain.ts +1751 -0
package/src/server/enterprise/http.ts +1324 -0
package/src/server/enterprise/oidc.ts +500 -0
package/src/server/enterprise/policy.ts +128 -0
package/src/server/enterprise/saml.ts +578 -0
package/src/server/enterprise/scim.ts +135 -0
package/src/server/enterprise/shared.ts +134 -0
package/src/server/enterprise/validators.ts +93 -0
package/src/server/errors.ts +130 -119
package/src/server/http.ts +531 -0
package/src/server/identity.ts +18 -0
package/src/server/index.ts +32 -650
package/src/server/{implementation/keys.ts → keys.ts} +16 -44
package/src/server/limits.ts +134 -0
package/src/server/mounts.ts +948 -0
package/src/server/mutations/account.ts +76 -0
package/src/server/{implementation/mutations → mutations}/code.ts +22 -11
package/src/server/mutations/index.ts +13 -0
package/src/server/mutations/invalidate.ts +50 -0
package/src/server/mutations/oauth.ts +237 -0
package/src/server/mutations/refresh.ts +298 -0
package/src/server/mutations/register.ts +200 -0
package/src/server/mutations/retrieve.ts +109 -0
package/src/server/mutations/signature.ts +50 -0
package/src/server/{implementation/mutations → mutations}/signin.ts +9 -7
package/src/server/mutations/signout.ts +43 -0
package/src/server/mutations/store/refs.ts +10 -0
package/src/server/mutations/store.ts +138 -0
package/src/server/mutations/verifier.ts +34 -0
package/src/server/mutations/verify.ts +202 -0
package/src/server/oauth.ts +243 -131
package/src/server/passkey.ts +784 -0
package/src/server/{implementation/redirects.ts → redirects.ts} +21 -16
package/src/server/refresh.ts +222 -0
package/src/server/runtime.ts +880 -0
package/src/server/{implementation/sessions.ts → sessions.ts} +33 -25
package/src/server/signin.ts +438 -0
package/src/server/ssr.ts +1764 -0
package/src/server/templates.ts +8 -3
package/src/server/{implementation/tokens.ts → tokens.ts} +11 -5
package/src/server/totp.ts +349 -0
package/src/server/types.ts +972 -207
package/src/server/{implementation/users.ts → users.ts} +129 -75
package/src/server/utils.ts +192 -5
package/src/test.ts +28 -4
package/dist/bin.cjs +0 -27757
package/dist/component/providers/email.js +0 -47
package/dist/component/providers/email.js.map +0 -1
package/dist/component/public.js.map +0 -1
package/dist/component/server/implementation/db.js.map +0 -1
package/dist/component/server/implementation/device.js +0 -135
package/dist/component/server/implementation/device.js.map +0 -1
package/dist/component/server/implementation/index.d.ts +0 -870
package/dist/component/server/implementation/index.d.ts.map +0 -1
package/dist/component/server/implementation/index.js +0 -610
package/dist/component/server/implementation/index.js.map +0 -1
package/dist/component/server/implementation/keys.js.map +0 -1
package/dist/component/server/implementation/mutations/account.js +0 -39
package/dist/component/server/implementation/mutations/account.js.map +0 -1
package/dist/component/server/implementation/mutations/code.js.map +0 -1
package/dist/component/server/implementation/mutations/index.js +0 -70
package/dist/component/server/implementation/mutations/index.js.map +0 -1
package/dist/component/server/implementation/mutations/invalidate.js +0 -29
package/dist/component/server/implementation/mutations/invalidate.js.map +0 -1
package/dist/component/server/implementation/mutations/oauth.js +0 -51
package/dist/component/server/implementation/mutations/oauth.js.map +0 -1
package/dist/component/server/implementation/mutations/refresh.js +0 -85
package/dist/component/server/implementation/mutations/refresh.js.map +0 -1
package/dist/component/server/implementation/mutations/register.js +0 -65
package/dist/component/server/implementation/mutations/register.js.map +0 -1
package/dist/component/server/implementation/mutations/retrieve.js +0 -50
package/dist/component/server/implementation/mutations/retrieve.js.map +0 -1
package/dist/component/server/implementation/mutations/signature.js +0 -27
package/dist/component/server/implementation/mutations/signature.js.map +0 -1
package/dist/component/server/implementation/mutations/signin.js.map +0 -1
package/dist/component/server/implementation/mutations/signout.js +0 -27
package/dist/component/server/implementation/mutations/signout.js.map +0 -1
package/dist/component/server/implementation/mutations/store.js +0 -12
package/dist/component/server/implementation/mutations/store.js.map +0 -1
package/dist/component/server/implementation/mutations/verifier.js +0 -16
package/dist/component/server/implementation/mutations/verifier.js.map +0 -1
package/dist/component/server/implementation/mutations/verify.js +0 -105
package/dist/component/server/implementation/mutations/verify.js.map +0 -1
package/dist/component/server/implementation/passkey.js +0 -307
package/dist/component/server/implementation/passkey.js.map +0 -1
package/dist/component/server/implementation/provider.js +0 -19
package/dist/component/server/implementation/provider.js.map +0 -1
package/dist/component/server/implementation/ratelimit.js +0 -48
package/dist/component/server/implementation/ratelimit.js.map +0 -1
package/dist/component/server/implementation/redirects.js.map +0 -1
package/dist/component/server/implementation/refresh.js +0 -109
package/dist/component/server/implementation/refresh.js.map +0 -1
package/dist/component/server/implementation/sessions.js.map +0 -1
package/dist/component/server/implementation/signin.js +0 -148
package/dist/component/server/implementation/signin.js.map +0 -1
package/dist/component/server/implementation/tokens.js +0 -15
package/dist/component/server/implementation/tokens.js.map +0 -1
package/dist/component/server/implementation/totp.js +0 -142
package/dist/component/server/implementation/totp.js.map +0 -1
package/dist/component/server/implementation/types.d.ts +0 -42
package/dist/component/server/implementation/types.d.ts.map +0 -1
package/dist/component/server/implementation/types.js.map +0 -1
package/dist/component/server/implementation/users.js.map +0 -1
package/dist/component/server/implementation/utils.js +0 -56
package/dist/component/server/implementation/utils.js.map +0 -1
package/dist/component/server/providers.js.map +0 -1
package/dist/component/server/templates.js +0 -84
package/dist/component/server/templates.js.map +0 -1
package/dist/server/cookies.d.ts.map +0 -1
package/dist/server/implementation/db.d.ts +0 -86
package/dist/server/implementation/db.d.ts.map +0 -1
package/dist/server/implementation/db.js.map +0 -1
package/dist/server/implementation/device.d.ts +0 -30
package/dist/server/implementation/device.d.ts.map +0 -1
package/dist/server/implementation/device.js +0 -135
package/dist/server/implementation/device.js.map +0 -1
package/dist/server/implementation/index.d.ts +0 -870
package/dist/server/implementation/index.d.ts.map +0 -1
package/dist/server/implementation/index.js +0 -610
package/dist/server/implementation/index.js.map +0 -1
package/dist/server/implementation/keys.d.ts +0 -66
package/dist/server/implementation/keys.d.ts.map +0 -1
package/dist/server/implementation/keys.js.map +0 -1
package/dist/server/implementation/mutations/account.d.ts +0 -27
package/dist/server/implementation/mutations/account.d.ts.map +0 -1
package/dist/server/implementation/mutations/account.js +0 -39
package/dist/server/implementation/mutations/account.js.map +0 -1
package/dist/server/implementation/mutations/code.d.ts +0 -29
package/dist/server/implementation/mutations/code.d.ts.map +0 -1
package/dist/server/implementation/mutations/code.js.map +0 -1
package/dist/server/implementation/mutations/index.d.ts +0 -310
package/dist/server/implementation/mutations/index.d.ts.map +0 -1
package/dist/server/implementation/mutations/index.js +0 -70
package/dist/server/implementation/mutations/index.js.map +0 -1
package/dist/server/implementation/mutations/invalidate.d.ts +0 -18
package/dist/server/implementation/mutations/invalidate.d.ts.map +0 -1
package/dist/server/implementation/mutations/invalidate.js +0 -29
package/dist/server/implementation/mutations/invalidate.js.map +0 -1
package/dist/server/implementation/mutations/oauth.d.ts +0 -23
package/dist/server/implementation/mutations/oauth.d.ts.map +0 -1
package/dist/server/implementation/mutations/oauth.js +0 -51
package/dist/server/implementation/mutations/oauth.js.map +0 -1
package/dist/server/implementation/mutations/refresh.d.ts +0 -20
package/dist/server/implementation/mutations/refresh.d.ts.map +0 -1
package/dist/server/implementation/mutations/refresh.js +0 -85
package/dist/server/implementation/mutations/refresh.js.map +0 -1
package/dist/server/implementation/mutations/register.d.ts +0 -37
package/dist/server/implementation/mutations/register.d.ts.map +0 -1
package/dist/server/implementation/mutations/register.js +0 -65
package/dist/server/implementation/mutations/register.js.map +0 -1
package/dist/server/implementation/mutations/retrieve.d.ts +0 -31
package/dist/server/implementation/mutations/retrieve.d.ts.map +0 -1
package/dist/server/implementation/mutations/retrieve.js +0 -50
package/dist/server/implementation/mutations/retrieve.js.map +0 -1
package/dist/server/implementation/mutations/signature.d.ts +0 -19
package/dist/server/implementation/mutations/signature.d.ts.map +0 -1
package/dist/server/implementation/mutations/signature.js +0 -27
package/dist/server/implementation/mutations/signature.js.map +0 -1
package/dist/server/implementation/mutations/signin.d.ts +0 -21
package/dist/server/implementation/mutations/signin.d.ts.map +0 -1
package/dist/server/implementation/mutations/signin.js.map +0 -1
package/dist/server/implementation/mutations/signout.d.ts +0 -14
package/dist/server/implementation/mutations/signout.d.ts.map +0 -1
package/dist/server/implementation/mutations/signout.js +0 -27
package/dist/server/implementation/mutations/signout.js.map +0 -1
package/dist/server/implementation/mutations/store.d.ts +0 -11
package/dist/server/implementation/mutations/store.d.ts.map +0 -1
package/dist/server/implementation/mutations/store.js +0 -12
package/dist/server/implementation/mutations/store.js.map +0 -1
package/dist/server/implementation/mutations/verifier.d.ts +0 -11
package/dist/server/implementation/mutations/verifier.d.ts.map +0 -1
package/dist/server/implementation/mutations/verifier.js +0 -16
package/dist/server/implementation/mutations/verifier.js.map +0 -1
package/dist/server/implementation/mutations/verify.d.ts +0 -25
package/dist/server/implementation/mutations/verify.d.ts.map +0 -1
package/dist/server/implementation/mutations/verify.js +0 -105
package/dist/server/implementation/mutations/verify.js.map +0 -1
package/dist/server/implementation/passkey.d.ts +0 -24
package/dist/server/implementation/passkey.d.ts.map +0 -1
package/dist/server/implementation/passkey.js +0 -307
package/dist/server/implementation/passkey.js.map +0 -1
package/dist/server/implementation/provider.d.ts +0 -10
package/dist/server/implementation/provider.d.ts.map +0 -1
package/dist/server/implementation/provider.js +0 -19
package/dist/server/implementation/provider.js.map +0 -1
package/dist/server/implementation/ratelimit.d.ts +0 -10
package/dist/server/implementation/ratelimit.d.ts.map +0 -1
package/dist/server/implementation/ratelimit.js +0 -48
package/dist/server/implementation/ratelimit.js.map +0 -1
package/dist/server/implementation/redirects.d.ts +0 -10
package/dist/server/implementation/redirects.d.ts.map +0 -1
package/dist/server/implementation/redirects.js.map +0 -1
package/dist/server/implementation/refresh.d.ts +0 -37
package/dist/server/implementation/refresh.d.ts.map +0 -1
package/dist/server/implementation/refresh.js +0 -109
package/dist/server/implementation/refresh.js.map +0 -1
package/dist/server/implementation/sessions.d.ts +0 -29
package/dist/server/implementation/sessions.d.ts.map +0 -1
package/dist/server/implementation/sessions.js.map +0 -1
package/dist/server/implementation/signin.d.ts +0 -55
package/dist/server/implementation/signin.d.ts.map +0 -1
package/dist/server/implementation/signin.js +0 -148
package/dist/server/implementation/signin.js.map +0 -1
package/dist/server/implementation/tokens.d.ts +0 -11
package/dist/server/implementation/tokens.d.ts.map +0 -1
package/dist/server/implementation/tokens.js +0 -15
package/dist/server/implementation/tokens.js.map +0 -1
package/dist/server/implementation/totp.d.ts +0 -31
package/dist/server/implementation/totp.d.ts.map +0 -1
package/dist/server/implementation/totp.js +0 -142
package/dist/server/implementation/totp.js.map +0 -1
package/dist/server/implementation/types.d.ts +0 -189
package/dist/server/implementation/types.d.ts.map +0 -1
package/dist/server/implementation/types.js +0 -97
package/dist/server/implementation/types.js.map +0 -1
package/dist/server/implementation/users.d.ts +0 -30
package/dist/server/implementation/users.d.ts.map +0 -1
package/dist/server/implementation/users.js.map +0 -1
package/dist/server/implementation/utils.d.ts +0 -19
package/dist/server/implementation/utils.d.ts.map +0 -1
package/dist/server/implementation/utils.js +0 -56
package/dist/server/implementation/utils.js.map +0 -1
package/dist/server/index.d.ts.map +0 -1
package/dist/server/index.js.map +0 -1
package/dist/server/oauth.d.ts.map +0 -1
package/dist/server/providers.d.ts +0 -72
package/dist/server/providers.d.ts.map +0 -1
package/dist/server/providers.js.map +0 -1
package/dist/server/templates.d.ts.map +0 -1
package/dist/server/utils.d.ts.map +0 -1
package/dist/server/version.d.ts +0 -5
package/dist/server/version.d.ts.map +0 -1
package/dist/server/version.js +0 -6
package/dist/server/version.js.map +0 -1
package/src/cli/utils.ts +0 -248
package/src/server/implementation/device.ts +0 -307
package/src/server/implementation/index.ts +0 -1583
package/src/server/implementation/mutations/account.ts +0 -50
package/src/server/implementation/mutations/index.ts +0 -157
package/src/server/implementation/mutations/invalidate.ts +0 -42
package/src/server/implementation/mutations/oauth.ts +0 -73
package/src/server/implementation/mutations/refresh.ts +0 -175
package/src/server/implementation/mutations/register.ts +0 -100
package/src/server/implementation/mutations/retrieve.ts +0 -79
package/src/server/implementation/mutations/signature.ts +0 -39
package/src/server/implementation/mutations/signout.ts +0 -35
package/src/server/implementation/mutations/store.ts +0 -7
package/src/server/implementation/mutations/verifier.ts +0 -24
package/src/server/implementation/mutations/verify.ts +0 -194
package/src/server/implementation/passkey.ts +0 -620
package/src/server/implementation/provider.ts +0 -36
package/src/server/implementation/ratelimit.ts +0 -79
package/src/server/implementation/refresh.ts +0 -172
package/src/server/implementation/signin.ts +0 -296
package/src/server/implementation/totp.ts +0 -342
package/src/server/implementation/types.ts +0 -444
package/src/server/implementation/utils.ts +0 -91
package/src/server/version.ts +0 -2

package/dist/server/core.js ADDED Viewed

@@ -0,0 +1,713 @@
+import { TOKEN_SUB_CLAIM_DIVIDER, generateRandomString, sha256 } from "./utils.js";
+import { buildScopeChecker, checkKeyRateLimit, generateApiKey, hashApiKey } from "./keys.js";
+import { materializeProvider } from "./config.js";
+import { signInImpl } from "./signin.js";
+//#region src/server/core.ts
+/**
+* Build the core auth domains that back the canonical app API surface.
+*
+* Creates the grouped `user`, `session`, `account`, `provider`, `group`,
+* `member`, `invite`, and `key` APIs used by the higher-level auth
+* factory. Each namespace wraps the underlying Convex component functions with
+* application-friendly helpers, result shaping, and documentation-friendly
+* method names.
+*
+* @param deps - Internal component wiring, provider config, and helper
+*   functions needed to construct the domain API surface.
+* @returns The core domain namespaces consumed by the auth factory.
+*/
+function createCoreDomains(deps) {
+	const { config, getAuth, callInvalidateSessions, callCreateAccountFromCredentials, callRetrieveAccountWithCredentials, callModifyAccount, getEnrichCtx, inviteTokenAlphabet, inviteTokenLength } = deps;
+	const roleDefinitions = config.authorization.roles;
+	const getRoleDefinition = (roleId) => {
+		return roleDefinitions[roleId] ?? null;
+	};
+	const normalizeRoleIds = (roleIds) => {
+		const normalized = Array.from(new Set(roleIds ?? []));
+		const invalid = normalized.filter((id) => getRoleDefinition(id) === null);
+		if (invalid.length > 0) return {
+			ok: false,
+			invalidRoleIds: invalid
+		};
+		return {
+			ok: true,
+			roleIds: normalized
+		};
+	};
+	const listAllKeysByUser = async (ctx, userId) => {
+		const items = [];
+		let cursor = null;
+		do {
+			const page = await ctx.runQuery(config.component.public.keyList, {
+				where: { userId },
+				limit: 100,
+				cursor
+			});
+			items.push(...page.items);
+			cursor = page.nextCursor;
+		} while (cursor !== null);
+		return items;
+	};
+	const listAllMembersByUser = async (ctx, userId) => {
+		const items = [];
+		let cursor = null;
+		do {
+			const page = await ctx.runQuery(config.component.public.memberList, {
+				where: { userId },
+				limit: 100,
+				cursor
+			});
+			items.push(...page.items);
+			cursor = page.nextCursor;
+		} while (cursor !== null);
+		return items;
+	};
+	const resolveGrantedPermissions = (roleIds) => {
+		const grants = /* @__PURE__ */ new Set();
+		for (const roleId of roleIds ?? []) {
+			const role = getRoleDefinition(roleId);
+			if (role === null) continue;
+			for (const grant of role.grants) grants.add(grant);
+		}
+		return Array.from(grants).sort();
+	};
+	const AUTH_CACHE = Symbol("__convexAuthCache");
+	function cache(ctx) {
+		if (!ctx[AUTH_CACHE]) ctx[AUTH_CACHE] = {
+			users: /* @__PURE__ */ new Map(),
+			groups: /* @__PURE__ */ new Map()
+		};
+		return ctx[AUTH_CACHE];
+	}
+	const user = {
+		id: async (ctx, request) => {
+			const identity = await ctx.auth.getUserIdentity();
+			if (identity !== null) {
+				const [userId] = identity.subject.split(TOKEN_SUB_CLAIM_DIVIDER);
+				return userId;
+			}
+			if (request !== void 0 && "runMutation" in ctx && ctx.runMutation) {
+				const authHeader = request.headers.get("Authorization");
+				if (authHeader?.startsWith("Bearer sk_")) {
+					const rawKey = authHeader.slice(7);
+					const result = await getAuth().key.verify(ctx, rawKey);
+					if (result.ok) return result.userId;
+					return null;
+				}
+			}
+			return null;
+		},
+		get: async (ctx, userId) => {
+			const c = cache(ctx);
+			if (c.users.has(userId)) return c.users.get(userId);
+			const result = await ctx.runQuery(config.component.public.userGetById, { userId });
+			c.users.set(userId, result);
+			return result;
+		},
+		list: async (ctx, opts = {}) => {
+			return await ctx.runQuery(config.component.public.userList, opts);
+		},
+		viewer: async (ctx) => {
+			const userId = await user.id(ctx);
+			if (userId === null) return null;
+			return await user.get(ctx, userId);
+		},
+		update: async (ctx, userId, data) => {
+			await ctx.runMutation(config.component.public.userPatch, {
+				userId,
+				data
+			});
+			return {
+				ok: true,
+				userId
+			};
+		},
+		setActiveGroup: async (ctx, opts) => {
+			const doc = await user.get(ctx, opts.userId);
+			const existingExtend = doc !== null && doc.extend !== null && typeof doc.extend === "object" && !Array.isArray(doc.extend) ? { ...doc.extend } : {};
+			if (opts.groupId === null) {
+				const { lastActiveGroup: _omit, ...rest } = existingExtend;
+				await user.update(ctx, opts.userId, { extend: rest });
+				return {
+					ok: true,
+					userId: opts.userId,
+					groupId: null
+				};
+			}
+			await user.update(ctx, opts.userId, { extend: {
+				...existingExtend,
+				lastActiveGroup: opts.groupId
+			} });
+			return {
+				ok: true,
+				userId: opts.userId,
+				groupId: opts.groupId
+			};
+		},
+		getActiveGroup: async (ctx, opts) => {
+			const doc = await user.get(ctx, opts.userId);
+			if (doc !== null && doc.extend !== null && typeof doc.extend === "object" && !Array.isArray(doc.extend)) {
+				const val = doc.extend.lastActiveGroup;
+				if (typeof val === "string") return val;
+			}
+			return null;
+		},
+		delete: async (ctx, userId, opts) => {
+			const cascade = opts?.cascade !== false;
+			const [sessions, accounts, keys, members, passkeys, totps] = await Promise.all([
+				ctx.runQuery(config.component.public.sessionListByUser, { userId }),
+				ctx.runQuery(config.component.public.accountListByUser, { userId }),
+				listAllKeysByUser(ctx, userId),
+				listAllMembersByUser(ctx, userId),
+				ctx.runQuery(config.component.public.passkeyListByUserId, { userId }),
+				ctx.runQuery(config.component.public.totpListByUserId, { userId })
+			]);
+			const totalLinked = sessions.length + accounts.length + keys.length + members.length + passkeys.length + totps.length;
+			if (!cascade && totalLinked > 0) return {
+				ok: false,
+				code: "INVALID_PARAMETERS"
+			};
+			const deletions = [];
+			for (const s of sessions) deletions.push(ctx.runMutation(config.component.public.sessionDelete, { sessionId: s._id }));
+			for (const a of accounts) deletions.push(ctx.runMutation(config.component.public.accountDelete, { accountId: a._id }));
+			for (const k of keys) deletions.push(ctx.runMutation(config.component.public.keyDelete, { keyId: k._id }));
+			for (const m of members) deletions.push(ctx.runMutation(config.component.public.memberRemove, { memberId: m._id }));
+			for (const p of passkeys) deletions.push(ctx.runMutation(config.component.public.passkeyDelete, { passkeyId: p._id }));
+			for (const t of totps) deletions.push(ctx.runMutation(config.component.public.totpDelete, { totpId: t._id }));
+			await Promise.all(deletions);
+			await ctx.runMutation(config.component.public.userDelete, { userId });
+			return {
+				ok: true,
+				userId
+			};
+		}
+	};
+	const session = {
+		current: async (ctx) => {
+			const identity = await ctx.auth.getUserIdentity();
+			if (identity === null) return null;
+			const [, sessionId] = identity.subject.split(TOKEN_SUB_CLAIM_DIVIDER);
+			return sessionId;
+		},
+		invalidate: async (ctx, args) => {
+			await callInvalidateSessions(ctx, args);
+			return {
+				ok: true,
+				userId: args.userId,
+				except: args.except ?? []
+			};
+		},
+		get: async (ctx, sessionId) => {
+			return await ctx.runQuery(config.component.public.sessionGetById, { sessionId });
+		},
+		list: async (ctx, opts) => {
+			return await ctx.runQuery(config.component.public.sessionListByUser, { userId: opts.userId });
+		}
+	};
+	const account = {
+		create: async (ctx, args) => {
+			return {
+				ok: true,
+				...await callCreateAccountFromCredentials(ctx, args)
+			};
+		},
+		get: async (ctx, args) => {
+			const result = await callRetrieveAccountWithCredentials(ctx, args);
+			if (typeof result === "string") return null;
+			return result;
+		},
+		update: async (ctx, args) => {
+			await callModifyAccount(ctx, args);
+			return {
+				ok: true,
+				accountId: args.account.id
+			};
+		},
+		delete: async (ctx, accountId) => {
+			const doc = await ctx.runQuery(config.component.public.accountGetById, { accountId });
+			if (doc === null) return {
+				ok: false,
+				code: "ACCOUNT_NOT_FOUND"
+			};
+			if ((await ctx.runQuery(config.component.public.accountListByUser, { userId: doc.userId })).length <= 1) return {
+				ok: false,
+				code: "INVALID_PARAMETERS"
+			};
+			await ctx.runMutation(config.component.public.accountDelete, { accountId });
+			return {
+				ok: true,
+				accountId
+			};
+		},
+		listPasskeys: async (ctx, opts) => {
+			return await ctx.runQuery(config.component.public.passkeyListByUserId, opts);
+		},
+		renamePasskey: async (ctx, passkeyId, name) => {
+			await ctx.runMutation(config.component.public.passkeyUpdateMeta, {
+				passkeyId,
+				data: { name }
+			});
+			return {
+				ok: true,
+				passkeyId
+			};
+		},
+		deletePasskey: async (ctx, passkeyId) => {
+			await ctx.runMutation(config.component.public.passkeyDelete, { passkeyId });
+			return {
+				ok: true,
+				passkeyId
+			};
+		},
+		listTotps: async (ctx, opts) => {
+			return await ctx.runQuery(config.component.public.totpListByUserId, opts);
+		},
+		deleteTotp: async (ctx, totpId) => {
+			await ctx.runMutation(config.component.public.totpDelete, { totpId });
+			return {
+				ok: true,
+				totpId
+			};
+		}
+	};
+	const provider = { signIn: async (ctx, providerConfig, args) => {
+		const result = await signInImpl(getEnrichCtx()(ctx), materializeProvider(providerConfig), args, {
+			generateTokens: false,
+			allowExtraProviders: true
+		});
+		return result.kind === "signedIn" ? result.signedIn !== null ? {
+			userId: result.signedIn.userId,
+			sessionId: result.signedIn.sessionId
+		} : null : null;
+	} };
+	const group = {
+		create: async (ctx, data) => {
+			return {
+				ok: true,
+				groupId: await ctx.runMutation(config.component.public.groupCreate, data)
+			};
+		},
+		get: async (ctx, groupId) => {
+			const c = cache(ctx);
+			if (c.groups.has(groupId)) return c.groups.get(groupId);
+			const result = await ctx.runQuery(config.component.public.groupGet, { groupId });
+			c.groups.set(groupId, result);
+			return result;
+		},
+		list: async (ctx, opts) => {
+			return await ctx.runQuery(config.component.public.groupList, {
+				where: opts?.where,
+				limit: opts?.limit,
+				cursor: opts?.cursor,
+				orderBy: opts?.orderBy,
+				order: opts?.order
+			});
+		},
+		update: async (ctx, groupId, data) => {
+			await ctx.runMutation(config.component.public.groupUpdate, {
+				groupId,
+				data
+			});
+			return {
+				ok: true,
+				groupId
+			};
+		},
+		delete: async (ctx, groupId) => {
+			await ctx.runMutation(config.component.public.groupDelete, { groupId });
+			return {
+				ok: true,
+				groupId
+			};
+		},
+		ancestors: async (ctx, opts) => {
+			const maxDepth = Math.max(0, Math.floor(opts.maxDepth ?? 32));
+			const visited = /* @__PURE__ */ new Set();
+			const ancestors = [];
+			let cycleDetected = false;
+			let maxDepthReached = false;
+			let currentGroupId = opts.groupId;
+			let depth = 0;
+			let isFirst = true;
+			while (currentGroupId !== void 0) {
+				if (depth > maxDepth) {
+					maxDepthReached = true;
+					break;
+				}
+				if (visited.has(currentGroupId)) {
+					cycleDetected = true;
+					break;
+				}
+				visited.add(currentGroupId);
+				const doc = await group.get(ctx, currentGroupId);
+				if (doc === null) break;
+				if (isFirst) {
+					isFirst = false;
+					if (opts.includeSelf) ancestors.push(doc);
+					currentGroupId = doc.parentGroupId;
+					depth += 1;
+					continue;
+				}
+				ancestors.push(doc);
+				currentGroupId = doc.parentGroupId;
+				depth += 1;
+			}
+			return {
+				ancestors,
+				cycleDetected,
+				maxDepthReached
+			};
+		}
+	};
+	const member = {
+		create: async (ctx, data) => {
+			const normalized = normalizeRoleIds(data.roleIds);
+			if (!normalized.ok) return {
+				ok: false,
+				code: "INVALID_ROLE_IDS",
+				invalidRoleIds: normalized.invalidRoleIds
+			};
+			return {
+				ok: true,
+				memberId: await ctx.runMutation(config.component.public.memberAdd, {
+					...data,
+					roleIds: normalized.roleIds
+				})
+			};
+		},
+		get: async (ctx, memberId) => {
+			return await ctx.runQuery(config.component.public.memberGet, { memberId });
+		},
+		list: async (ctx, opts) => {
+			return await ctx.runQuery(config.component.public.memberList, {
+				where: opts?.where,
+				limit: opts?.limit,
+				cursor: opts?.cursor,
+				orderBy: opts?.orderBy,
+				order: opts?.order
+			});
+		},
+		delete: async (ctx, memberId) => {
+			await ctx.runMutation(config.component.public.memberRemove, { memberId });
+			return {
+				ok: true,
+				memberId
+			};
+		},
+		update: async (ctx, memberId, data) => {
+			const nextData = { ...data };
+			if ("roleIds" in nextData) {
+				const normalized = normalizeRoleIds(Array.isArray(nextData.roleIds) ? nextData.roleIds : void 0);
+				if (!normalized.ok) return {
+					ok: false,
+					code: "INVALID_ROLE_IDS",
+					invalidRoleIds: normalized.invalidRoleIds
+				};
+				nextData.roleIds = normalized.roleIds;
+			}
+			await ctx.runMutation(config.component.public.memberUpdate, {
+				memberId,
+				data: nextData
+			});
+			return {
+				ok: true,
+				memberId
+			};
+		},
+		resolve: async (ctx, opts) => {
+			const normalized = normalizeRoleIds(opts.roleIds);
+			if (!normalized.ok) return {
+				ok: false,
+				membership: null,
+				matchedGroupId: null,
+				roleIds: [],
+				grants: [],
+				missingGrants: Array.from(new Set(opts.grants ?? [])),
+				depth: null,
+				isDirect: false,
+				isInherited: false,
+				traversedGroupIds: [],
+				code: "INVALID_ROLE_IDS",
+				invalidRoleIds: normalized.invalidRoleIds
+			};
+			const requestedRoleIds = normalized.roleIds;
+			const roleFilter = requestedRoleIds.length > 0 ? new Set(requestedRoleIds) : null;
+			const requiredGrants = Array.from(new Set(opts.grants ?? []));
+			const useAncestry = opts.ancestry === true;
+			let membership = null;
+			let matchedGroupId = null;
+			let depth = null;
+			let isDirect = false;
+			let isInherited = false;
+			let traversedGroupIds = [];
+			if (useAncestry) {
+				const maxDepth = Math.max(0, Math.floor(opts.maxDepth ?? 32));
+				const result = await ctx.runQuery(config.component.public.memberResolve, {
+					userId: opts.userId,
+					groupId: opts.groupId,
+					maxDepth,
+					ancestry: true
+				});
+				membership = result.membership;
+				matchedGroupId = result.matchedGroupId;
+				depth = result.depth;
+				isDirect = result.isDirect;
+				isInherited = result.isInherited;
+				traversedGroupIds = result.traversedGroupIds ?? [];
+			} else {
+				const doc = await ctx.runQuery(config.component.public.memberGetByGroupAndUser, {
+					userId: opts.userId,
+					groupId: opts.groupId
+				});
+				membership = doc;
+				matchedGroupId = doc ? opts.groupId : null;
+				depth = doc ? 0 : null;
+				isDirect = doc !== null;
+			}
+			if (membership === null) return {
+				ok: false,
+				membership: null,
+				matchedGroupId: null,
+				roleIds: [],
+				grants: [],
+				missingGrants: requiredGrants,
+				depth: null,
+				isDirect: false,
+				isInherited: false,
+				traversedGroupIds
+			};
+			const membershipRoleIds = membership.roleIds ?? [];
+			const membershipGrants = resolveGrantedPermissions(membershipRoleIds);
+			if (roleFilter !== null && !membershipRoleIds.some((roleId) => roleFilter.has(roleId))) return {
+				ok: false,
+				membership: null,
+				matchedGroupId: null,
+				roleIds: [],
+				grants: [],
+				missingGrants: requiredGrants,
+				depth: null,
+				isDirect: false,
+				isInherited: false,
+				traversedGroupIds
+			};
+			const missingGrants = requiredGrants.filter((grant) => !membershipGrants.includes(grant));
+			return {
+				ok: missingGrants.length === 0,
+				membership,
+				matchedGroupId,
+				roleIds: membershipRoleIds,
+				grants: membershipGrants,
+				missingGrants,
+				depth,
+				isDirect,
+				isInherited,
+				traversedGroupIds
+			};
+		}
+	};
+	const invite = {
+		create: async (ctx, data) => {
+			const normalized = normalizeRoleIds(data.roleIds);
+			if (!normalized.ok) return {
+				ok: false,
+				code: "INVALID_ROLE_IDS",
+				invalidRoleIds: normalized.invalidRoleIds
+			};
+			const token = generateRandomString(inviteTokenLength, inviteTokenAlphabet);
+			const tokenHash = await sha256(token);
+			return {
+				ok: true,
+				inviteId: await ctx.runMutation(config.component.public.inviteCreate, {
+					...data,
+					roleIds: normalized.roleIds,
+					tokenHash,
+					status: "pending"
+				}),
+				token
+			};
+		},
+		get: async (ctx, inviteId) => {
+			return await ctx.runQuery(config.component.public.inviteGet, { inviteId });
+		},
+		token: {
+			get: async (ctx, token) => {
+				const tokenHash = await sha256(token);
+				return await ctx.runQuery(config.component.public.inviteGetByTokenHash, { tokenHash });
+			},
+			accept: async (ctx, args) => {
+				const tokenHash = await sha256(args.token);
+				return {
+					ok: true,
+					...await ctx.runMutation(config.component.public.inviteAcceptByToken, {
+						tokenHash,
+						acceptedByUserId: args.acceptedByUserId
+					})
+				};
+			}
+		},
+		list: async (ctx, opts) => {
+			return await ctx.runQuery(config.component.public.inviteList, {
+				where: opts?.where,
+				limit: opts?.limit,
+				cursor: opts?.cursor,
+				orderBy: opts?.orderBy,
+				order: opts?.order
+			});
+		},
+		accept: async (ctx, inviteId, acceptedByUserId) => {
+			await ctx.runMutation(config.component.public.inviteAccept, {
+				inviteId,
+				...acceptedByUserId ? { acceptedByUserId } : {}
+			});
+			return {
+				ok: true,
+				inviteId,
+				acceptedByUserId: acceptedByUserId ?? null
+			};
+		},
+		revoke: async (ctx, inviteId) => {
+			await ctx.runMutation(config.component.public.inviteRevoke, { inviteId });
+			return {
+				ok: true,
+				inviteId
+			};
+		}
+	};
+	const key = {
+		create: async (ctx, opts) => {
+			const { raw, hashedKey, displayPrefix } = await generateApiKey("sk_");
+			return {
+				ok: true,
+				keyId: await ctx.runMutation(config.component.public.keyInsert, {
+					userId: opts.userId,
+					prefix: displayPrefix,
+					hashedKey,
+					name: opts.name,
+					scopes: opts.scopes,
+					rateLimit: opts.rateLimit,
+					expiresAt: opts.expiresAt,
+					metadata: opts.metadata
+				}),
+				secret: raw
+			};
+		},
+		verify: async (ctx, rawKey) => {
+			const hashedKey = await hashApiKey(rawKey);
+			const doc = await ctx.runQuery(config.component.public.keyGetByHashedKey, { hashedKey });
+			if (!doc) return {
+				ok: false,
+				code: "INVALID_API_KEY"
+			};
+			const k = doc;
+			if (k.revoked) return {
+				ok: false,
+				code: "API_KEY_REVOKED"
+			};
+			if (k.expiresAt && k.expiresAt < Date.now()) return {
+				ok: false,
+				code: "API_KEY_EXPIRED"
+			};
+			const patchData = { lastUsedAt: Date.now() };
+			if (k.rateLimit) {
+				const { limited, newState } = checkKeyRateLimit(k.rateLimit, k.rateLimitState ?? void 0);
+				if (limited) return {
+					ok: false,
+					code: "API_KEY_RATE_LIMITED"
+				};
+				patchData.rateLimitState = newState;
+			}
+			await ctx.runMutation(config.component.public.keyPatch, {
+				keyId: k._id,
+				data: patchData
+			});
+			return {
+				ok: true,
+				userId: k.userId,
+				keyId: k._id,
+				scopes: buildScopeChecker(k.scopes)
+			};
+		},
+		list: async (ctx, opts) => {
+			return await ctx.runQuery(config.component.public.keyList, {
+				where: opts?.where,
+				limit: opts?.limit,
+				cursor: opts?.cursor,
+				orderBy: opts?.orderBy,
+				order: opts?.order
+			});
+		},
+		get: async (ctx, keyId) => {
+			const doc = await ctx.runQuery(config.component.public.keyGetById, { keyId });
+			if (!doc) return { ok: false };
+			return {
+				ok: true,
+				key: doc
+			};
+		},
+		update: async (ctx, keyId, data) => {
+			await ctx.runMutation(config.component.public.keyPatch, {
+				keyId,
+				data
+			});
+			return {
+				ok: true,
+				keyId
+			};
+		},
+		revoke: async (ctx, keyId) => {
+			await ctx.runMutation(config.component.public.keyPatch, {
+				keyId,
+				data: { revoked: true }
+			});
+			return {
+				ok: true,
+				keyId
+			};
+		},
+		delete: async (ctx, keyId) => {
+			await ctx.runMutation(config.component.public.keyDelete, { keyId });
+			return {
+				ok: true,
+				keyId
+			};
+		},
+		rotate: async (ctx, keyId, opts) => {
+			const existing = await ctx.runQuery(config.component.public.keyGetById, { keyId });
+			if (!existing) return {
+				ok: false,
+				code: "INVALID_PARAMETERS"
+			};
+			if (existing.revoked === true) return {
+				ok: false,
+				code: "API_KEY_REVOKED"
+			};
+			await ctx.runMutation(config.component.public.keyPatch, {
+				keyId,
+				data: { revoked: true }
+			});
+			return await key.create(ctx, {
+				userId: existing.userId,
+				name: opts?.name ?? existing.name,
+				scopes: existing.scopes ?? [],
+				rateLimit: existing.rateLimit,
+				expiresAt: opts?.expiresAt,
+				metadata: existing.metadata
+			});
+		}
+	};
+	return {
+		user,
+		session,
+		account,
+		provider,
+		group,
+		member,
+		invite,
+		key
+	};
+}
+//#endregion
+export { createCoreDomains };
+//# sourceMappingURL=core.js.map