npm - @robelest/convex-auth - Versions diffs - 0.0.4-preview.2 → 0.0.4-preview.21 - Mend

@robelest/convex-auth 0.0.4-preview.2 → 0.0.4-preview.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (798) hide show

package/README.md +67 -26
package/dist/authorization/index.d.ts +63 -0
package/dist/authorization/index.d.ts.map +1 -0
package/dist/authorization/index.js +63 -0
package/dist/authorization/index.js.map +1 -0
package/dist/bin.js +6185 -0
package/dist/client/core/types.d.ts +20 -0
package/dist/client/core/types.d.ts.map +1 -0
package/dist/client/index.d.ts +2 -299
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +407 -534
package/dist/client/index.js.map +1 -1
package/dist/component/_generated/api.d.ts +42 -0
package/dist/component/_generated/api.d.ts.map +1 -1
package/dist/component/_generated/api.js.map +1 -1
package/dist/component/_generated/component.d.ts +2546 -90
package/dist/component/_generated/component.d.ts.map +1 -1
package/dist/component/client/core/types.d.ts +2 -0
package/dist/component/client/index.d.ts +2 -0
package/dist/component/convex.config.d.ts +2 -2
package/dist/component/functions.d.ts +11 -9
package/dist/component/functions.d.ts.map +1 -1
package/dist/component/functions.js.map +1 -1
package/dist/component/index.d.ts +7 -11
package/dist/component/index.js +2 -3
package/dist/component/model.d.ts +153 -0
package/dist/component/model.d.ts.map +1 -0
package/dist/component/model.js +349 -0
package/dist/component/model.js.map +1 -0
package/dist/component/providers/anonymous.d.ts +54 -0
package/dist/component/providers/anonymous.d.ts.map +1 -0
package/dist/component/providers/credentials.d.ts +5 -5
package/dist/component/providers/credentials.d.ts.map +1 -1
package/dist/component/providers/device.d.ts +67 -0
package/dist/component/providers/device.d.ts.map +1 -0
package/dist/component/providers/email.d.ts +62 -0
package/dist/component/providers/email.d.ts.map +1 -0
package/dist/component/providers/oauth.d.ts.map +1 -1
package/dist/component/providers/oauth.js.map +1 -1
package/dist/component/providers/passkey.d.ts +57 -0
package/dist/component/providers/passkey.d.ts.map +1 -0
package/dist/component/providers/password.d.ts +88 -0
package/dist/component/providers/password.d.ts.map +1 -0
package/dist/component/providers/phone.d.ts +48 -0
package/dist/component/providers/phone.d.ts.map +1 -0
package/dist/component/providers/sso.d.ts +50 -0
package/dist/component/providers/sso.d.ts.map +1 -0
package/dist/component/providers/totp.d.ts +45 -0
package/dist/component/providers/totp.d.ts.map +1 -0
package/dist/component/public/enterprise/audit.d.ts +73 -0
package/dist/component/public/enterprise/audit.d.ts.map +1 -0
package/dist/component/public/enterprise/audit.js +108 -0
package/dist/component/public/enterprise/audit.js.map +1 -0
package/dist/component/public/enterprise/core.d.ts +176 -0
package/dist/component/public/enterprise/core.d.ts.map +1 -0
package/dist/component/public/enterprise/core.js +292 -0
package/dist/component/public/enterprise/core.js.map +1 -0
package/dist/component/public/enterprise/domains.d.ts +174 -0
package/dist/component/public/enterprise/domains.d.ts.map +1 -0
package/dist/component/public/enterprise/domains.js +271 -0
package/dist/component/public/enterprise/domains.js.map +1 -0
package/dist/component/public/enterprise/scim.d.ts +245 -0
package/dist/component/public/enterprise/scim.d.ts.map +1 -0
package/dist/component/public/enterprise/scim.js +344 -0
package/dist/component/public/enterprise/scim.js.map +1 -0
package/dist/component/public/enterprise/secrets.d.ts +78 -0
package/dist/component/public/enterprise/secrets.d.ts.map +1 -0
package/dist/component/public/enterprise/secrets.js +118 -0
package/dist/component/public/enterprise/secrets.js.map +1 -0
package/dist/component/public/enterprise/webhooks.d.ts +211 -0
package/dist/component/public/enterprise/webhooks.d.ts.map +1 -0
package/dist/component/public/enterprise/webhooks.js +300 -0
package/dist/component/public/enterprise/webhooks.js.map +1 -0
package/dist/component/public/factors/devices.d.ts +157 -0
package/dist/component/public/factors/devices.d.ts.map +1 -0
package/dist/component/public/factors/devices.js +216 -0
package/dist/component/public/factors/devices.js.map +1 -0
package/dist/component/public/factors/passkeys.d.ts +175 -0
package/dist/component/public/factors/passkeys.d.ts.map +1 -0
package/dist/component/public/factors/passkeys.js +238 -0
package/dist/component/public/factors/passkeys.js.map +1 -0
package/dist/component/public/factors/totp.d.ts +189 -0
package/dist/component/public/factors/totp.d.ts.map +1 -0
package/dist/component/public/factors/totp.js +254 -0
package/dist/component/public/factors/totp.js.map +1 -0
package/dist/component/public/groups/core.d.ts +137 -0
package/dist/component/public/groups/core.d.ts.map +1 -0
package/dist/component/public/groups/core.js +321 -0
package/dist/component/public/groups/core.js.map +1 -0
package/dist/component/public/groups/invites.d.ts +217 -0
package/dist/component/public/groups/invites.d.ts.map +1 -0
package/dist/component/public/groups/invites.js +457 -0
package/dist/component/public/groups/invites.js.map +1 -0
package/dist/component/public/groups/members.d.ts +204 -0
package/dist/component/public/groups/members.d.ts.map +1 -0
package/dist/component/public/groups/members.js +355 -0
package/dist/component/public/groups/members.js.map +1 -0
package/dist/component/public/identity/accounts.d.ts +147 -0
package/dist/component/public/identity/accounts.d.ts.map +1 -0
package/dist/component/public/identity/accounts.js +200 -0
package/dist/component/public/identity/accounts.js.map +1 -0
package/dist/component/public/identity/codes.d.ts +104 -0
package/dist/component/public/identity/codes.d.ts.map +1 -0
package/dist/component/public/identity/codes.js +140 -0
package/dist/component/public/identity/codes.js.map +1 -0
package/dist/component/public/identity/sessions.d.ts +128 -0
package/dist/component/public/identity/sessions.d.ts.map +1 -0
package/dist/component/public/identity/sessions.js +192 -0
package/dist/component/public/identity/sessions.js.map +1 -0
package/dist/component/public/identity/tokens.d.ts +169 -0
package/dist/component/public/identity/tokens.d.ts.map +1 -0
package/dist/component/public/identity/tokens.js +227 -0
package/dist/component/public/identity/tokens.js.map +1 -0
package/dist/component/public/identity/users.d.ts +212 -0
package/dist/component/public/identity/users.d.ts.map +1 -0
package/dist/component/public/identity/users.js +311 -0
package/dist/component/public/identity/users.js.map +1 -0
package/dist/component/public/identity/verifiers.d.ts +116 -0
package/dist/component/public/identity/verifiers.d.ts.map +1 -0
package/dist/component/public/identity/verifiers.js +154 -0
package/dist/component/public/identity/verifiers.js.map +1 -0
package/dist/component/public/security/keys.d.ts +209 -0
package/dist/component/public/security/keys.d.ts.map +1 -0
package/dist/component/public/security/keys.js +319 -0
package/dist/component/public/security/keys.js.map +1 -0
package/dist/component/public/security/limits.d.ts +114 -0
package/dist/component/public/security/limits.d.ts.map +1 -0
package/dist/component/public/security/limits.js +169 -0
package/dist/component/public/security/limits.js.map +1 -0
package/dist/component/public.d.ts +24 -271
package/dist/component/public.d.ts.map +1 -1
package/dist/component/public.js +21 -1229
package/dist/component/schema.d.ts +473 -110
package/dist/component/schema.js +162 -73
package/dist/component/schema.js.map +1 -1
package/dist/component/server/auth.d.ts +318 -373
package/dist/component/server/auth.d.ts.map +1 -1
package/dist/component/server/auth.js +204 -123
package/dist/component/server/auth.js.map +1 -1
package/dist/component/server/authError.js +34 -0
package/dist/component/server/authError.js.map +1 -0
package/dist/component/server/{providers.js → config.js} +43 -12
package/dist/component/server/config.js.map +1 -0
package/dist/component/server/cookies.js +3 -0
package/dist/component/server/cookies.js.map +1 -1
package/dist/component/server/core.js +713 -0
package/dist/component/server/core.js.map +1 -0
package/dist/component/server/crypto.js +38 -0
package/dist/component/server/crypto.js.map +1 -0
package/dist/component/server/{implementation/db.js → db.js} +2 -1
package/dist/component/server/db.js.map +1 -0
package/dist/component/server/device.js +109 -0
package/dist/component/server/device.js.map +1 -0
package/dist/component/server/enterprise/config.js +46 -0
package/dist/component/server/enterprise/config.js.map +1 -0
package/dist/component/server/enterprise/domain.js +885 -0
package/dist/component/server/enterprise/domain.js.map +1 -0
package/dist/component/server/enterprise/http.js +766 -0
package/dist/component/server/enterprise/http.js.map +1 -0
package/dist/component/server/enterprise/oidc.js +248 -0
package/dist/component/server/enterprise/oidc.js.map +1 -0
package/dist/component/server/enterprise/policy.js +85 -0
package/dist/component/server/enterprise/policy.js.map +1 -0
package/dist/component/server/enterprise/saml.js +338 -0
package/dist/component/server/enterprise/saml.js.map +1 -0
package/dist/component/server/enterprise/scim.js +97 -0
package/dist/component/server/enterprise/scim.js.map +1 -0
package/dist/component/server/enterprise/shared.js +51 -0
package/dist/component/server/enterprise/shared.js.map +1 -0
package/dist/component/server/errors.d.ts +1 -0
package/dist/component/server/errors.js +24 -16
package/dist/component/server/errors.js.map +1 -1
package/dist/component/server/http.js +288 -0
package/dist/component/server/http.js.map +1 -0
package/dist/component/server/identity.js +13 -0
package/dist/component/server/identity.js.map +1 -0
package/dist/{server/implementation → component/server}/keys.js +9 -31
package/dist/component/server/keys.js.map +1 -0
package/dist/component/server/limits.js +61 -0
package/dist/component/server/limits.js.map +1 -0
package/dist/component/server/mutations/account.js +44 -0
package/dist/component/server/mutations/account.js.map +1 -0
package/dist/component/server/{implementation/mutations → mutations}/code.js +7 -4
package/dist/component/server/mutations/code.js.map +1 -0
package/dist/component/server/mutations/invalidate.js +32 -0
package/dist/component/server/mutations/invalidate.js.map +1 -0
package/dist/component/server/mutations/oauth.js +110 -0
package/dist/component/server/mutations/oauth.js.map +1 -0
package/dist/component/server/mutations/refresh.js +119 -0
package/dist/component/server/mutations/refresh.js.map +1 -0
package/dist/component/server/mutations/register.js +83 -0
package/dist/component/server/mutations/register.js.map +1 -0
package/dist/component/server/mutations/retrieve.js +65 -0
package/dist/component/server/mutations/retrieve.js.map +1 -0
package/dist/component/server/mutations/signature.js +32 -0
package/dist/component/server/mutations/signature.js.map +1 -0
package/dist/component/server/{implementation/mutations → mutations}/signin.js +2 -2
package/dist/component/server/mutations/signin.js.map +1 -0
package/dist/component/server/mutations/signout.js +27 -0
package/dist/component/server/mutations/signout.js.map +1 -0
package/dist/component/server/mutations/store/refs.js +15 -0
package/dist/component/server/mutations/store/refs.js.map +1 -0
package/dist/component/server/mutations/store.js +85 -0
package/dist/component/server/mutations/store.js.map +1 -0
package/dist/component/server/mutations/verifier.js +18 -0
package/dist/component/server/mutations/verifier.js.map +1 -0
package/dist/component/server/mutations/verify.js +98 -0
package/dist/component/server/mutations/verify.js.map +1 -0
package/dist/component/server/oauth.js +106 -60
package/dist/component/server/oauth.js.map +1 -1
package/dist/component/server/passkey.js +328 -0
package/dist/component/server/passkey.js.map +1 -0
package/dist/{server/implementation → component/server}/redirects.js +13 -11
package/dist/component/server/redirects.js.map +1 -0
package/dist/component/server/refresh.js +96 -0
package/dist/component/server/refresh.js.map +1 -0
package/dist/component/server/runtime.d.ts +136 -0
package/dist/component/server/runtime.d.ts.map +1 -0
package/dist/component/server/runtime.js +413 -0
package/dist/component/server/runtime.js.map +1 -0
package/dist/{server/implementation → component/server}/sessions.js +14 -8
package/dist/component/server/sessions.js.map +1 -0
package/dist/component/server/signin.js +201 -0
package/dist/component/server/signin.js.map +1 -0
package/dist/component/server/tokens.js +17 -0
package/dist/component/server/tokens.js.map +1 -0
package/dist/component/server/totp.js +148 -0
package/dist/component/server/totp.js.map +1 -0
package/dist/component/server/types.d.ts +387 -298
package/dist/component/server/types.d.ts.map +1 -1
package/dist/component/server/{implementation/types.js → types.js} +1 -1
package/dist/component/server/types.js.map +1 -0
package/dist/component/server/{implementation/users.js → users.js} +54 -35
package/dist/component/server/users.js.map +1 -0
package/dist/component/server/utils.js +110 -4
package/dist/component/server/utils.js.map +1 -1
package/dist/core/types.d.ts +369 -0
package/dist/core/types.d.ts.map +1 -0
package/dist/factors/device.js +105 -0
package/dist/factors/device.js.map +1 -0
package/dist/factors/passkey.js +181 -0
package/dist/factors/passkey.js.map +1 -0
package/dist/factors/totp.js +122 -0
package/dist/factors/totp.js.map +1 -0
package/dist/providers/anonymous.d.ts +3 -9
package/dist/providers/anonymous.d.ts.map +1 -1
package/dist/providers/anonymous.js +1 -18
package/dist/providers/anonymous.js.map +1 -1
package/dist/providers/credentials.d.ts +8 -10
package/dist/providers/credentials.d.ts.map +1 -1
package/dist/providers/credentials.js +3 -5
package/dist/providers/credentials.js.map +1 -1
package/dist/providers/device.d.ts +18 -10
package/dist/providers/device.d.ts.map +1 -1
package/dist/providers/device.js +4 -8
package/dist/providers/device.js.map +1 -1
package/dist/providers/email.d.ts +50 -23
package/dist/providers/email.d.ts.map +1 -1
package/dist/providers/email.js +58 -34
package/dist/providers/email.js.map +1 -1
package/dist/providers/index.d.ts +7 -3
package/dist/providers/index.js +4 -1
package/dist/providers/oauth.d.ts.map +1 -1
package/dist/providers/oauth.js.map +1 -1
package/dist/providers/passkey.d.ts +12 -9
package/dist/providers/passkey.d.ts.map +1 -1
package/dist/providers/passkey.js +1 -7
package/dist/providers/passkey.js.map +1 -1
package/dist/providers/password.d.ts +6 -12
package/dist/providers/password.d.ts.map +1 -1
package/dist/providers/password.js +189 -89
package/dist/providers/password.js.map +1 -1
package/dist/providers/phone.d.ts +40 -11
package/dist/providers/phone.d.ts.map +1 -1
package/dist/providers/phone.js +52 -21
package/dist/providers/phone.js.map +1 -1
package/dist/providers/sso.d.ts +50 -0
package/dist/providers/sso.d.ts.map +1 -0
package/dist/providers/sso.js +34 -0
package/dist/providers/sso.js.map +1 -0
package/dist/providers/totp.d.ts +12 -9
package/dist/providers/totp.d.ts.map +1 -1
package/dist/providers/totp.js +1 -7
package/dist/providers/totp.js.map +1 -1
package/dist/runtime/browser.js +68 -0
package/dist/runtime/browser.js.map +1 -0
package/dist/runtime/invite.js +51 -0
package/dist/runtime/invite.js.map +1 -0
package/dist/runtime/proxy.js +70 -0
package/dist/runtime/proxy.js.map +1 -0
package/dist/runtime/storage.js +37 -0
package/dist/runtime/storage.js.map +1 -0
package/dist/server/auth.d.ts +335 -370
package/dist/server/auth.d.ts.map +1 -1
package/dist/server/auth.js +204 -123
package/dist/server/auth.js.map +1 -1
package/dist/server/authError.d.ts +46 -0
package/dist/server/authError.d.ts.map +1 -0
package/dist/server/authError.js +34 -0
package/dist/server/authError.js.map +1 -0
package/dist/server/config.d.ts +1 -0
package/dist/server/{providers.js → config.js} +43 -12
package/dist/server/config.js.map +1 -0
package/dist/server/cookies.d.ts +1 -38
package/dist/server/cookies.js +3 -0
package/dist/server/cookies.js.map +1 -1
package/dist/server/core.d.ts +1436 -0
package/dist/server/core.d.ts.map +1 -0
package/dist/server/core.js +713 -0
package/dist/server/core.js.map +1 -0
package/dist/server/crypto.d.ts +8 -0
package/dist/server/crypto.d.ts.map +1 -0
package/dist/server/crypto.js +38 -0
package/dist/server/crypto.js.map +1 -0
package/dist/server/db.d.ts +1 -0
package/dist/server/{implementation/db.js → db.js} +2 -1
package/dist/server/db.js.map +1 -0
package/dist/server/device.d.ts +1 -0
package/dist/server/device.js +109 -0
package/dist/server/device.js.map +1 -0
package/dist/server/enterprise/config.d.ts +1 -0
package/dist/server/enterprise/config.js +46 -0
package/dist/server/enterprise/config.js.map +1 -0
package/dist/server/enterprise/domain.d.ts +409 -0
package/dist/server/enterprise/domain.d.ts.map +1 -0
package/dist/server/enterprise/domain.js +885 -0
package/dist/server/enterprise/domain.js.map +1 -0
package/dist/server/enterprise/http.d.ts +26 -0
package/dist/server/enterprise/http.d.ts.map +1 -0
package/dist/server/enterprise/http.js +766 -0
package/dist/server/enterprise/http.js.map +1 -0
package/dist/server/enterprise/oidc.d.ts +1 -0
package/dist/server/enterprise/oidc.js +248 -0
package/dist/server/enterprise/oidc.js.map +1 -0
package/dist/server/enterprise/policy.d.ts +1 -0
package/dist/server/enterprise/policy.js +85 -0
package/dist/server/enterprise/policy.js.map +1 -0
package/dist/server/enterprise/saml.d.ts +1 -0
package/dist/server/enterprise/saml.js +338 -0
package/dist/server/enterprise/saml.js.map +1 -0
package/dist/server/enterprise/scim.d.ts +1 -0
package/dist/server/enterprise/scim.js +97 -0
package/dist/server/enterprise/scim.js.map +1 -0
package/dist/server/enterprise/shared.d.ts +5 -0
package/dist/server/enterprise/shared.d.ts.map +1 -0
package/dist/server/enterprise/shared.js +51 -0
package/dist/server/enterprise/shared.js.map +1 -0
package/dist/server/enterprise/validators.d.ts +1 -0
package/dist/server/enterprise/validators.js +60 -0
package/dist/server/enterprise/validators.js.map +1 -0
package/dist/server/errors.d.ts +33 -1
package/dist/server/errors.d.ts.map +1 -1
package/dist/server/errors.js +44 -1
package/dist/server/errors.js.map +1 -1
package/dist/server/http.d.ts +59 -0
package/dist/server/http.d.ts.map +1 -0
package/dist/server/http.js +288 -0
package/dist/server/http.js.map +1 -0
package/dist/server/identity.d.ts +1 -0
package/dist/server/identity.js +13 -0
package/dist/server/identity.js.map +1 -0
package/dist/server/index.d.ts +4 -182
package/dist/server/index.js +4 -376
package/dist/server/keys.d.ts +1 -0
package/dist/{component/server/implementation → server}/keys.js +9 -31
package/dist/server/keys.js.map +1 -0
package/dist/server/limits.d.ts +1 -0
package/dist/server/limits.js +61 -0
package/dist/server/limits.js.map +1 -0
package/dist/server/mounts.d.ts +647 -0
package/dist/server/mounts.d.ts.map +1 -0
package/dist/server/mounts.js +643 -0
package/dist/server/mounts.js.map +1 -0
package/dist/server/mutations/account.d.ts +30 -0
package/dist/server/mutations/account.d.ts.map +1 -0
package/dist/server/mutations/account.js +44 -0
package/dist/server/mutations/account.js.map +1 -0
package/dist/server/mutations/code.d.ts +30 -0
package/dist/server/mutations/code.d.ts.map +1 -0
package/dist/server/{implementation/mutations → mutations}/code.js +7 -4
package/dist/server/mutations/code.js.map +1 -0
package/dist/server/mutations/index.d.ts +14 -0
package/dist/server/mutations/index.js +15 -0
package/dist/server/mutations/invalidate.d.ts +20 -0
package/dist/server/mutations/invalidate.d.ts.map +1 -0
package/dist/server/mutations/invalidate.js +32 -0
package/dist/server/mutations/invalidate.js.map +1 -0
package/dist/server/mutations/oauth.d.ts +28 -0
package/dist/server/mutations/oauth.d.ts.map +1 -0
package/dist/server/mutations/oauth.js +110 -0
package/dist/server/mutations/oauth.js.map +1 -0
package/dist/server/mutations/refresh.d.ts +21 -0
package/dist/server/mutations/refresh.d.ts.map +1 -0
package/dist/server/mutations/refresh.js +119 -0
package/dist/server/mutations/refresh.js.map +1 -0
package/dist/server/mutations/register.d.ts +38 -0
package/dist/server/mutations/register.d.ts.map +1 -0
package/dist/server/mutations/register.js +83 -0
package/dist/server/mutations/register.js.map +1 -0
package/dist/server/mutations/retrieve.d.ts +33 -0
package/dist/server/mutations/retrieve.d.ts.map +1 -0
package/dist/server/mutations/retrieve.js +65 -0
package/dist/server/mutations/retrieve.js.map +1 -0
package/dist/server/mutations/signature.d.ts +22 -0
package/dist/server/mutations/signature.d.ts.map +1 -0
package/dist/server/mutations/signature.js +32 -0
package/dist/server/mutations/signature.js.map +1 -0
package/dist/server/mutations/signin.d.ts +22 -0
package/dist/server/mutations/signin.d.ts.map +1 -0
package/dist/server/{implementation/mutations → mutations}/signin.js +2 -2
package/dist/server/mutations/signin.js.map +1 -0
package/dist/server/mutations/signout.d.ts +16 -0
package/dist/server/mutations/signout.d.ts.map +1 -0
package/dist/server/mutations/signout.js +27 -0
package/dist/server/mutations/signout.js.map +1 -0
package/dist/server/mutations/store/refs.d.ts +12 -0
package/dist/server/mutations/store/refs.d.ts.map +1 -0
package/dist/server/mutations/store/refs.js +15 -0
package/dist/server/mutations/store/refs.js.map +1 -0
package/dist/server/mutations/store.d.ts +306 -0
package/dist/server/mutations/store.d.ts.map +1 -0
package/dist/server/mutations/store.js +85 -0
package/dist/server/mutations/store.js.map +1 -0
package/dist/server/mutations/verifier.d.ts +13 -0
package/dist/server/mutations/verifier.d.ts.map +1 -0
package/dist/server/mutations/verifier.js +18 -0
package/dist/server/mutations/verifier.js.map +1 -0
package/dist/server/mutations/verify.d.ts +26 -0
package/dist/server/mutations/verify.d.ts.map +1 -0
package/dist/server/mutations/verify.js +98 -0
package/dist/server/mutations/verify.js.map +1 -0
package/dist/server/oauth.d.ts +1 -48
package/dist/server/oauth.js +107 -64
package/dist/server/oauth.js.map +1 -1
package/dist/server/passkey.d.ts +27 -0
package/dist/server/passkey.d.ts.map +1 -0
package/dist/server/passkey.js +328 -0
package/dist/server/passkey.js.map +1 -0
package/dist/server/redirects.d.ts +1 -0
package/dist/{component/server/implementation → server}/redirects.js +13 -11
package/dist/server/redirects.js.map +1 -0
package/dist/server/refresh.d.ts +1 -0
package/dist/server/refresh.js +96 -0
package/dist/server/refresh.js.map +1 -0
package/dist/server/runtime.d.ts +136 -0
package/dist/server/runtime.d.ts.map +1 -0
package/dist/server/runtime.js +413 -0
package/dist/server/runtime.js.map +1 -0
package/dist/server/sessions.d.ts +1 -0
package/dist/{component/server/implementation → server}/sessions.js +14 -8
package/dist/server/sessions.js.map +1 -0
package/dist/server/signin.d.ts +1 -0
package/dist/server/signin.js +201 -0
package/dist/server/signin.js.map +1 -0
package/dist/server/ssr.d.ts +226 -0
package/dist/server/ssr.d.ts.map +1 -0
package/dist/server/ssr.js +786 -0
package/dist/server/ssr.js.map +1 -0
package/dist/server/templates.d.ts +1 -21
package/dist/server/templates.js +2 -1
package/dist/server/templates.js.map +1 -1
package/dist/server/tokens.d.ts +1 -0
package/dist/server/tokens.js +17 -0
package/dist/server/tokens.js.map +1 -0
package/dist/server/totp.d.ts +1 -0
package/dist/server/totp.js +148 -0
package/dist/server/totp.js.map +1 -0
package/dist/server/types.d.ts +498 -306
package/dist/server/types.d.ts.map +1 -1
package/dist/server/types.js +108 -1
package/dist/server/types.js.map +1 -0
package/dist/server/users.d.ts +1 -0
package/dist/server/{implementation/users.js → users.js} +54 -35
package/dist/server/users.js.map +1 -0
package/dist/server/utils.d.ts +1 -6
package/dist/server/utils.js +110 -4
package/dist/server/utils.js.map +1 -1
package/package.json +49 -46
package/src/authorization/index.ts +83 -0
package/src/cli/bin.ts +5 -0
package/src/cli/command.ts +6 -5
package/src/cli/index.ts +456 -248
package/src/cli/keys.ts +3 -0
package/src/client/core/types.ts +437 -0
package/src/client/factors/device.ts +160 -0
package/src/client/factors/passkey.ts +282 -0
package/src/client/factors/totp.ts +150 -0
package/src/client/index.ts +745 -989
package/src/client/runtime/browser.ts +112 -0
package/src/client/runtime/invite.ts +65 -0
package/src/client/runtime/proxy.ts +111 -0
package/src/client/runtime/storage.ts +79 -0
package/src/component/_generated/api.ts +42 -0
package/src/component/_generated/component.ts +3123 -102
package/src/component/functions.ts +38 -22
package/src/component/index.ts +10 -20
package/src/component/model.ts +449 -0
package/src/component/public/enterprise/audit.ts +120 -0
package/src/component/public/enterprise/core.ts +354 -0
package/src/component/public/enterprise/domains.ts +323 -0
package/src/component/public/enterprise/scim.ts +396 -0
package/src/component/public/enterprise/secrets.ts +132 -0
package/src/component/public/enterprise/webhooks.ts +306 -0
package/src/component/public/factors/devices.ts +223 -0
package/src/component/public/factors/passkeys.ts +242 -0
package/src/component/public/factors/totp.ts +258 -0
package/src/component/public/groups/core.ts +481 -0
package/src/component/public/groups/invites.ts +602 -0
package/src/component/public/groups/members.ts +409 -0
package/src/component/public/identity/accounts.ts +206 -0
package/src/component/public/identity/codes.ts +148 -0
package/src/component/public/identity/sessions.ts +209 -0
package/src/component/public/identity/tokens.ts +250 -0
package/src/component/public/identity/users.ts +354 -0
package/src/component/public/identity/verifiers.ts +157 -0
package/src/component/public/security/keys.ts +365 -0
package/src/component/public/security/limits.ts +173 -0
package/src/component/public.ts +26 -1766
package/src/component/schema.ts +273 -100
package/src/providers/anonymous.ts +10 -20
package/src/providers/credentials.ts +14 -22
package/src/providers/device.ts +3 -14
package/src/providers/email.ts +83 -47
package/src/providers/index.ts +7 -0
package/src/providers/oauth.ts +5 -3
package/src/providers/passkey.ts +0 -13
package/src/providers/password.ts +307 -130
package/src/providers/phone.ts +81 -37
package/src/providers/sso.ts +54 -0
package/src/providers/totp.ts +0 -13
package/src/samlify.d.ts +53 -0
package/src/server/auth.ts +701 -247
package/src/server/authError.ts +44 -0
package/src/server/{providers.ts → config.ts} +84 -15
package/src/server/cookies.ts +8 -1
package/src/server/core.ts +2095 -0
package/src/server/crypto.ts +88 -0
package/src/server/{implementation/db.ts → db.ts} +90 -15
package/src/server/device.ts +221 -0
package/src/server/enterprise/config.ts +51 -0
package/src/server/enterprise/domain.ts +1751 -0
package/src/server/enterprise/http.ts +1324 -0
package/src/server/enterprise/oidc.ts +500 -0
package/src/server/enterprise/policy.ts +128 -0
package/src/server/enterprise/saml.ts +578 -0
package/src/server/enterprise/scim.ts +135 -0
package/src/server/enterprise/shared.ts +134 -0
package/src/server/enterprise/validators.ts +93 -0
package/src/server/errors.ts +130 -119
package/src/server/http.ts +531 -0
package/src/server/identity.ts +18 -0
package/src/server/index.ts +32 -650
package/src/server/{implementation/keys.ts → keys.ts} +16 -44
package/src/server/limits.ts +134 -0
package/src/server/mounts.ts +948 -0
package/src/server/mutations/account.ts +76 -0
package/src/server/{implementation/mutations → mutations}/code.ts +22 -11
package/src/server/mutations/index.ts +13 -0
package/src/server/mutations/invalidate.ts +50 -0
package/src/server/mutations/oauth.ts +237 -0
package/src/server/mutations/refresh.ts +298 -0
package/src/server/mutations/register.ts +200 -0
package/src/server/mutations/retrieve.ts +109 -0
package/src/server/mutations/signature.ts +50 -0
package/src/server/{implementation/mutations → mutations}/signin.ts +9 -7
package/src/server/mutations/signout.ts +43 -0
package/src/server/mutations/store/refs.ts +10 -0
package/src/server/mutations/store.ts +138 -0
package/src/server/mutations/verifier.ts +34 -0
package/src/server/mutations/verify.ts +202 -0
package/src/server/oauth.ts +243 -131
package/src/server/passkey.ts +784 -0
package/src/server/{implementation/redirects.ts → redirects.ts} +21 -16
package/src/server/refresh.ts +222 -0
package/src/server/runtime.ts +880 -0
package/src/server/{implementation/sessions.ts → sessions.ts} +33 -25
package/src/server/signin.ts +438 -0
package/src/server/ssr.ts +1764 -0
package/src/server/templates.ts +8 -3
package/src/server/{implementation/tokens.ts → tokens.ts} +11 -5
package/src/server/totp.ts +349 -0
package/src/server/types.ts +972 -207
package/src/server/{implementation/users.ts → users.ts} +129 -75
package/src/server/utils.ts +192 -5
package/src/test.ts +28 -4
package/dist/bin.cjs +0 -27757
package/dist/component/providers/email.js +0 -47
package/dist/component/providers/email.js.map +0 -1
package/dist/component/public.js.map +0 -1
package/dist/component/server/implementation/db.js.map +0 -1
package/dist/component/server/implementation/device.js +0 -135
package/dist/component/server/implementation/device.js.map +0 -1
package/dist/component/server/implementation/index.d.ts +0 -870
package/dist/component/server/implementation/index.d.ts.map +0 -1
package/dist/component/server/implementation/index.js +0 -610
package/dist/component/server/implementation/index.js.map +0 -1
package/dist/component/server/implementation/keys.js.map +0 -1
package/dist/component/server/implementation/mutations/account.js +0 -39
package/dist/component/server/implementation/mutations/account.js.map +0 -1
package/dist/component/server/implementation/mutations/code.js.map +0 -1
package/dist/component/server/implementation/mutations/index.js +0 -70
package/dist/component/server/implementation/mutations/index.js.map +0 -1
package/dist/component/server/implementation/mutations/invalidate.js +0 -29
package/dist/component/server/implementation/mutations/invalidate.js.map +0 -1
package/dist/component/server/implementation/mutations/oauth.js +0 -51
package/dist/component/server/implementation/mutations/oauth.js.map +0 -1
package/dist/component/server/implementation/mutations/refresh.js +0 -85
package/dist/component/server/implementation/mutations/refresh.js.map +0 -1
package/dist/component/server/implementation/mutations/register.js +0 -65
package/dist/component/server/implementation/mutations/register.js.map +0 -1
package/dist/component/server/implementation/mutations/retrieve.js +0 -50
package/dist/component/server/implementation/mutations/retrieve.js.map +0 -1
package/dist/component/server/implementation/mutations/signature.js +0 -27
package/dist/component/server/implementation/mutations/signature.js.map +0 -1
package/dist/component/server/implementation/mutations/signin.js.map +0 -1
package/dist/component/server/implementation/mutations/signout.js +0 -27
package/dist/component/server/implementation/mutations/signout.js.map +0 -1
package/dist/component/server/implementation/mutations/store.js +0 -12
package/dist/component/server/implementation/mutations/store.js.map +0 -1
package/dist/component/server/implementation/mutations/verifier.js +0 -16
package/dist/component/server/implementation/mutations/verifier.js.map +0 -1
package/dist/component/server/implementation/mutations/verify.js +0 -105
package/dist/component/server/implementation/mutations/verify.js.map +0 -1
package/dist/component/server/implementation/passkey.js +0 -307
package/dist/component/server/implementation/passkey.js.map +0 -1
package/dist/component/server/implementation/provider.js +0 -19
package/dist/component/server/implementation/provider.js.map +0 -1
package/dist/component/server/implementation/ratelimit.js +0 -48
package/dist/component/server/implementation/ratelimit.js.map +0 -1
package/dist/component/server/implementation/redirects.js.map +0 -1
package/dist/component/server/implementation/refresh.js +0 -109
package/dist/component/server/implementation/refresh.js.map +0 -1
package/dist/component/server/implementation/sessions.js.map +0 -1
package/dist/component/server/implementation/signin.js +0 -148
package/dist/component/server/implementation/signin.js.map +0 -1
package/dist/component/server/implementation/tokens.js +0 -15
package/dist/component/server/implementation/tokens.js.map +0 -1
package/dist/component/server/implementation/totp.js +0 -142
package/dist/component/server/implementation/totp.js.map +0 -1
package/dist/component/server/implementation/types.d.ts +0 -42
package/dist/component/server/implementation/types.d.ts.map +0 -1
package/dist/component/server/implementation/types.js.map +0 -1
package/dist/component/server/implementation/users.js.map +0 -1
package/dist/component/server/implementation/utils.js +0 -56
package/dist/component/server/implementation/utils.js.map +0 -1
package/dist/component/server/providers.js.map +0 -1
package/dist/component/server/templates.js +0 -84
package/dist/component/server/templates.js.map +0 -1
package/dist/server/cookies.d.ts.map +0 -1
package/dist/server/implementation/db.d.ts +0 -86
package/dist/server/implementation/db.d.ts.map +0 -1
package/dist/server/implementation/db.js.map +0 -1
package/dist/server/implementation/device.d.ts +0 -30
package/dist/server/implementation/device.d.ts.map +0 -1
package/dist/server/implementation/device.js +0 -135
package/dist/server/implementation/device.js.map +0 -1
package/dist/server/implementation/index.d.ts +0 -870
package/dist/server/implementation/index.d.ts.map +0 -1
package/dist/server/implementation/index.js +0 -610
package/dist/server/implementation/index.js.map +0 -1
package/dist/server/implementation/keys.d.ts +0 -66
package/dist/server/implementation/keys.d.ts.map +0 -1
package/dist/server/implementation/keys.js.map +0 -1
package/dist/server/implementation/mutations/account.d.ts +0 -27
package/dist/server/implementation/mutations/account.d.ts.map +0 -1
package/dist/server/implementation/mutations/account.js +0 -39
package/dist/server/implementation/mutations/account.js.map +0 -1
package/dist/server/implementation/mutations/code.d.ts +0 -29
package/dist/server/implementation/mutations/code.d.ts.map +0 -1
package/dist/server/implementation/mutations/code.js.map +0 -1
package/dist/server/implementation/mutations/index.d.ts +0 -310
package/dist/server/implementation/mutations/index.d.ts.map +0 -1
package/dist/server/implementation/mutations/index.js +0 -70
package/dist/server/implementation/mutations/index.js.map +0 -1
package/dist/server/implementation/mutations/invalidate.d.ts +0 -18
package/dist/server/implementation/mutations/invalidate.d.ts.map +0 -1
package/dist/server/implementation/mutations/invalidate.js +0 -29
package/dist/server/implementation/mutations/invalidate.js.map +0 -1
package/dist/server/implementation/mutations/oauth.d.ts +0 -23
package/dist/server/implementation/mutations/oauth.d.ts.map +0 -1
package/dist/server/implementation/mutations/oauth.js +0 -51
package/dist/server/implementation/mutations/oauth.js.map +0 -1
package/dist/server/implementation/mutations/refresh.d.ts +0 -20
package/dist/server/implementation/mutations/refresh.d.ts.map +0 -1
package/dist/server/implementation/mutations/refresh.js +0 -85
package/dist/server/implementation/mutations/refresh.js.map +0 -1
package/dist/server/implementation/mutations/register.d.ts +0 -37
package/dist/server/implementation/mutations/register.d.ts.map +0 -1
package/dist/server/implementation/mutations/register.js +0 -65
package/dist/server/implementation/mutations/register.js.map +0 -1
package/dist/server/implementation/mutations/retrieve.d.ts +0 -31
package/dist/server/implementation/mutations/retrieve.d.ts.map +0 -1
package/dist/server/implementation/mutations/retrieve.js +0 -50
package/dist/server/implementation/mutations/retrieve.js.map +0 -1
package/dist/server/implementation/mutations/signature.d.ts +0 -19
package/dist/server/implementation/mutations/signature.d.ts.map +0 -1
package/dist/server/implementation/mutations/signature.js +0 -27
package/dist/server/implementation/mutations/signature.js.map +0 -1
package/dist/server/implementation/mutations/signin.d.ts +0 -21
package/dist/server/implementation/mutations/signin.d.ts.map +0 -1
package/dist/server/implementation/mutations/signin.js.map +0 -1
package/dist/server/implementation/mutations/signout.d.ts +0 -14
package/dist/server/implementation/mutations/signout.d.ts.map +0 -1
package/dist/server/implementation/mutations/signout.js +0 -27
package/dist/server/implementation/mutations/signout.js.map +0 -1
package/dist/server/implementation/mutations/store.d.ts +0 -11
package/dist/server/implementation/mutations/store.d.ts.map +0 -1
package/dist/server/implementation/mutations/store.js +0 -12
package/dist/server/implementation/mutations/store.js.map +0 -1
package/dist/server/implementation/mutations/verifier.d.ts +0 -11
package/dist/server/implementation/mutations/verifier.d.ts.map +0 -1
package/dist/server/implementation/mutations/verifier.js +0 -16
package/dist/server/implementation/mutations/verifier.js.map +0 -1
package/dist/server/implementation/mutations/verify.d.ts +0 -25
package/dist/server/implementation/mutations/verify.d.ts.map +0 -1
package/dist/server/implementation/mutations/verify.js +0 -105
package/dist/server/implementation/mutations/verify.js.map +0 -1
package/dist/server/implementation/passkey.d.ts +0 -24
package/dist/server/implementation/passkey.d.ts.map +0 -1
package/dist/server/implementation/passkey.js +0 -307
package/dist/server/implementation/passkey.js.map +0 -1
package/dist/server/implementation/provider.d.ts +0 -10
package/dist/server/implementation/provider.d.ts.map +0 -1
package/dist/server/implementation/provider.js +0 -19
package/dist/server/implementation/provider.js.map +0 -1
package/dist/server/implementation/ratelimit.d.ts +0 -10
package/dist/server/implementation/ratelimit.d.ts.map +0 -1
package/dist/server/implementation/ratelimit.js +0 -48
package/dist/server/implementation/ratelimit.js.map +0 -1
package/dist/server/implementation/redirects.d.ts +0 -10
package/dist/server/implementation/redirects.d.ts.map +0 -1
package/dist/server/implementation/redirects.js.map +0 -1
package/dist/server/implementation/refresh.d.ts +0 -37
package/dist/server/implementation/refresh.d.ts.map +0 -1
package/dist/server/implementation/refresh.js +0 -109
package/dist/server/implementation/refresh.js.map +0 -1
package/dist/server/implementation/sessions.d.ts +0 -29
package/dist/server/implementation/sessions.d.ts.map +0 -1
package/dist/server/implementation/sessions.js.map +0 -1
package/dist/server/implementation/signin.d.ts +0 -55
package/dist/server/implementation/signin.d.ts.map +0 -1
package/dist/server/implementation/signin.js +0 -148
package/dist/server/implementation/signin.js.map +0 -1
package/dist/server/implementation/tokens.d.ts +0 -11
package/dist/server/implementation/tokens.d.ts.map +0 -1
package/dist/server/implementation/tokens.js +0 -15
package/dist/server/implementation/tokens.js.map +0 -1
package/dist/server/implementation/totp.d.ts +0 -31
package/dist/server/implementation/totp.d.ts.map +0 -1
package/dist/server/implementation/totp.js +0 -142
package/dist/server/implementation/totp.js.map +0 -1
package/dist/server/implementation/types.d.ts +0 -189
package/dist/server/implementation/types.d.ts.map +0 -1
package/dist/server/implementation/types.js +0 -97
package/dist/server/implementation/types.js.map +0 -1
package/dist/server/implementation/users.d.ts +0 -30
package/dist/server/implementation/users.d.ts.map +0 -1
package/dist/server/implementation/users.js.map +0 -1
package/dist/server/implementation/utils.d.ts +0 -19
package/dist/server/implementation/utils.d.ts.map +0 -1
package/dist/server/implementation/utils.js +0 -56
package/dist/server/implementation/utils.js.map +0 -1
package/dist/server/index.d.ts.map +0 -1
package/dist/server/index.js.map +0 -1
package/dist/server/oauth.d.ts.map +0 -1
package/dist/server/providers.d.ts +0 -72
package/dist/server/providers.d.ts.map +0 -1
package/dist/server/providers.js.map +0 -1
package/dist/server/templates.d.ts.map +0 -1
package/dist/server/utils.d.ts.map +0 -1
package/dist/server/version.d.ts +0 -5
package/dist/server/version.d.ts.map +0 -1
package/dist/server/version.js +0 -6
package/dist/server/version.js.map +0 -1
package/src/cli/utils.ts +0 -248
package/src/server/implementation/device.ts +0 -307
package/src/server/implementation/index.ts +0 -1583
package/src/server/implementation/mutations/account.ts +0 -50
package/src/server/implementation/mutations/index.ts +0 -157
package/src/server/implementation/mutations/invalidate.ts +0 -42
package/src/server/implementation/mutations/oauth.ts +0 -73
package/src/server/implementation/mutations/refresh.ts +0 -175
package/src/server/implementation/mutations/register.ts +0 -100
package/src/server/implementation/mutations/retrieve.ts +0 -79
package/src/server/implementation/mutations/signature.ts +0 -39
package/src/server/implementation/mutations/signout.ts +0 -35
package/src/server/implementation/mutations/store.ts +0 -7
package/src/server/implementation/mutations/verifier.ts +0 -24
package/src/server/implementation/mutations/verify.ts +0 -194
package/src/server/implementation/passkey.ts +0 -620
package/src/server/implementation/provider.ts +0 -36
package/src/server/implementation/ratelimit.ts +0 -79
package/src/server/implementation/refresh.ts +0 -172
package/src/server/implementation/signin.ts +0 -296
package/src/server/implementation/totp.ts +0 -342
package/src/server/implementation/types.ts +0 -444
package/src/server/implementation/utils.ts +0 -91
package/src/server/version.ts +0 -2

package/src/cli/index.ts CHANGED Viewed

@@ -1,18 +1,98 @@
-#!/usr/bin/env node
+import { execFileSync } from "child_process";
+import {
+  existsSync,
+  mkdtempSync,
+  readFileSync,
+  writeFileSync,
+  unlinkSync,
+} from "fs";
+import { tmpdir } from "os";
+import path from "path";
+import * as p from "@clack/prompts";
 import { Command } from "@commander-js/extra-typings";
-import chalk from "chalk";
-import { execSync } from "child_process";
 import { config as loadEnvFile } from "dotenv";
-import { existsSync, readFileSync, writeFileSync } from "fs";
-import inquirer from "inquirer";
-import path from "path";
 import * as v from "valibot";
 import { actionDescription } from "./command";
 import { generateKeys } from "./keys";
-const program = new Command()
+// ---------------------------------------------------------------------------
+// Package version
+// ---------------------------------------------------------------------------
+function getPackageVersion(): string {
+  // When bundled to dist/bin.cjs the package.json is one level up
+  for (const relative of ["..", "../.."]) {
+    try {
+      const pkgPath = path.resolve(__dirname, relative, "package.json");
+      return JSON.parse(readFileSync(pkgPath, "utf-8")).version;
+    } catch {
+      // try next
+    }
+  }
+  return "unknown";
+}
+const version = getPackageVersion();
+// ---------------------------------------------------------------------------
+// Package-manager detection
+// ---------------------------------------------------------------------------
+type PackageRunner = { cmd: string; args: string[] };
+function detectPackageRunner(): PackageRunner {
+  // Walk up from cwd to find lockfiles or packageManager field
+  let dir = process.cwd();
+  const root = path.parse(dir).root;
+  while (dir !== root) {
+    const pkgPath = path.join(dir, "package.json");
+    if (existsSync(pkgPath)) {
+      try {
+        const pkg = JSON.parse(readFileSync(pkgPath, "utf-8"));
+        if (typeof pkg.packageManager === "string") {
+          const name = pkg.packageManager.split("@")[0];
+          if (name === "pnpm") return { cmd: "pnpm", args: ["exec"] };
+          if (name === "bun") return { cmd: "bunx", args: [] };
+          if (name === "yarn") return { cmd: "yarn", args: ["dlx"] };
+        }
+      } catch {
+        // ignore parse errors
+      }
+    }
+    if (existsSync(path.join(dir, "pnpm-lock.yaml")))
+      return { cmd: "pnpm", args: ["exec"] };
+    if (
+      existsSync(path.join(dir, "bun.lockb")) ||
+      existsSync(path.join(dir, "bun.lock"))
+    )
+      return { cmd: "bunx", args: [] };
+    if (existsSync(path.join(dir, "yarn.lock")))
+      return { cmd: "yarn", args: ["dlx"] };
+    dir = path.dirname(dir);
+  }
+  return { cmd: "npx", args: [] };
+}
+const runner = detectPackageRunner();
+/** Build the full command + args to invoke `convex` via the detected runner. */
+function convexCmd(...subArgs: string[]): { file: string; args: string[] } {
+  return { file: runner.cmd, args: [...runner.args, "convex", ...subArgs] };
+}
+// ---------------------------------------------------------------------------
+// Commander program
+// ---------------------------------------------------------------------------
+export const program = new Command()
   .name("@robelest/convex-auth")
+  .version(version)
   .description(
     "Add code and set environment variables for @robelest/convex-auth.\n\n" +
       "Full docs: https://deepwiki.com/robelest/convex-auth",
@@ -34,6 +114,8 @@ program
     actionDescription("Set environment variables on"),
   )
   .action(async (options) => {
+    p.intro("@robelest/convex-auth");
     await checkSourceControl(options);
     const packageJson = readPackageJson();
@@ -52,7 +134,7 @@ program
     const isExpo = !!(
       packageJson.dependencies?.expo || packageJson.devDependencies?.expo
     );
-    const config = {
+    const config: ProjectConfig = {
       isNextjs,
       isVite,
       isExpo,
@@ -63,31 +145,21 @@ program
     };
     // Step 1: Configure SITE_URL
-    // We check for existing config.
-    // We default to localhost and port depending on framework
     await configureSiteUrl(config, options.siteUrl);
     // Step 2: Configure private and public key
-    // We ask if we would overwrite existing keys
     await configureKeys(config);
-    // Step 3: Change moduleResolution to "bundler"
-    // and turn on skipLibCheck
-    // Skipped if there's no tsconfig.json
+    // Step 3: Change moduleResolution to "bundler" and turn on skipLibCheck
     await modifyTsConfig(config);
     // Step 4: Configure convex.config.ts
-    // Ensure the auth component is registered via app.use(auth).
     await configureConvexConfig(config);
     // Step 5: Initialize auth.ts
-    // We do nothing if the file already contains the code,
-    // and give instructions otherwise
     await initializeAuth(config);
     // Step 6: Configure http.ts
-    // We do nothing if the file already contains the code,
-    // and give instructions otherwise
     await configureHttp(config);
     // Extra: Configure providers interactively.
@@ -96,9 +168,13 @@ program
     } else {
       printFinalSuccessMessage(config);
     }
+    p.outro("Done!");
   });
-program.parse(process.argv);
+// ---------------------------------------------------------------------------
+// Types
+// ---------------------------------------------------------------------------
 type ProjectConfig = {
   isExpo: boolean;
@@ -121,10 +197,14 @@ type ProjectConfig = {
   step: number;
 };
+// ---------------------------------------------------------------------------
+// Step 1: SITE_URL
+// ---------------------------------------------------------------------------
 async function configureSiteUrl(config: ProjectConfig, forcedValue?: string) {
   logStep(config, "Configure SITE_URL");
   if (config.isExpo) {
-    logInfo("React Native projects don't require a SITE_URL.");
+    p.log.info("React Native projects don't require a SITE_URL.");
     return;
   }
@@ -157,6 +237,10 @@ async function configureSiteUrl(config: ProjectConfig, forcedValue?: string) {
   });
 }
+// ---------------------------------------------------------------------------
+// Generic env var configuration
+// ---------------------------------------------------------------------------
 async function configureEnvVar(
   config: ProjectConfig,
   variable: {
@@ -174,14 +258,13 @@ async function configureEnvVar(
     await setEnvVar(config, variable.name, variable.forcedValue);
     return;
   }
-  const existing = await backendEnvVar(config, variable.name);
+  const existing = backendEnvVar(config, variable.name);
   if (existing !== "") {
-    if (
-      !(await promptForConfirmation(
-        `The ${printDeployment(config)} already has ${variable.name} configured to ${chalk.bold(existing)}. Do you want to change it?`,
-        { default: false },
-      ))
-    ) {
+    const shouldChange = await promptForConfirmation(
+      `The ${printDeployment(config)} already has ${variable.name} configured to "${existing}". Do you want to change it?`,
+      { default: false },
+    );
+    if (!shouldChange) {
       return;
     }
   }
@@ -192,41 +275,61 @@ async function configureEnvVar(
   await setEnvVar(config, variable.name, chosenValue);
 }
+// ---------------------------------------------------------------------------
+// Step 2: Keys
+// ---------------------------------------------------------------------------
 async function configureKeys(config: ProjectConfig) {
-  logStep(config, "Configure private and public key");
-  const { JWT_PRIVATE_KEY, JWKS } = await generateKeys();
-  // TODO: We should just list all the 3 env vars in one command
-  // to speed things up, but the convex CLI doesn't quote the
-  // values correctly right now, so we can't.
-  const existingPrivateKey = await backendEnvVar(config, "JWT_PRIVATE_KEY");
-  const existingJwks = await backendEnvVar(config, "JWKS");
-  if (existingPrivateKey !== "" || existingJwks !== "") {
-    if (
-      !(await promptForConfirmation(
-        `The ${printDeployment(config)} already has JWT_PRIVATE_KEY or JWKS configured. Overwrite them?`,
-        { default: false },
-      ))
-    ) {
+  logStep(config, "Configure signing and encryption keys");
+  const { JWT_PRIVATE_KEY, JWKS, AUTH_SECRET_ENCRYPTION_KEY } =
+    await generateKeys();
+  const existingPrivateKey = backendEnvVar(config, "JWT_PRIVATE_KEY");
+  const existingJwks = backendEnvVar(config, "JWKS");
+  const existingSecretEncryptionKey = backendEnvVar(
+    config,
+    "AUTH_SECRET_ENCRYPTION_KEY",
+  );
+  if (
+    existingPrivateKey !== "" ||
+    existingJwks !== "" ||
+    existingSecretEncryptionKey !== ""
+  ) {
+    const shouldOverwrite = await promptForConfirmation(
+      `The ${printDeployment(config)} already has JWT_PRIVATE_KEY, JWKS, or AUTH_SECRET_ENCRYPTION_KEY configured. Overwrite them?`,
+      { default: false },
+    );
+    if (!shouldOverwrite) {
       return;
     }
   }
-  // TODO: We should set both env vars in one command, but the convex CLI doesn't
-  // support setting multiple env vars.
-  await setEnvVar(config, "JWT_PRIVATE_KEY", JWT_PRIVATE_KEY, {
-    hideValue: true,
-  });
-  await setEnvVar(config, "JWKS", JWKS, { hideValue: true });
+  // Use --from-file to avoid shell quoting issues with multiline values
+  await setEnvVarFromFile(config, "JWT_PRIVATE_KEY", JWT_PRIVATE_KEY);
+  await setEnvVarFromFile(config, "JWKS", JWKS);
+  await setEnvVar(
+    config,
+    "AUTH_SECRET_ENCRYPTION_KEY",
+    AUTH_SECRET_ENCRYPTION_KEY,
+    {
+      hideValue: true,
+    },
+  );
 }
-async function backendEnvVar(config: ProjectConfig, name: string) {
-  return (
-    execSync(`npx convex env get ${deploymentOptions(config)} ${name}`, {
-      stdio: "pipe",
-    })
-      .toString()
-      // Remove trailing newline
-      .slice(0, -1)
+// ---------------------------------------------------------------------------
+// Convex env helpers (no shell injection — argument arrays only)
+// ---------------------------------------------------------------------------
+function backendEnvVar(config: ProjectConfig, name: string): string {
+  const { file, args } = convexCmd(
+    "env",
+    "get",
+    ...deploymentArgs(config),
+    name,
   );
+  return execFileSync(file, args, {
+    stdio: "pipe",
+    encoding: "utf-8",
+  }).slice(0, -1);
 }
 async function setEnvVar(
@@ -235,59 +338,91 @@ async function setEnvVar(
   value: string,
   options?: { hideValue: boolean },
 ) {
-  const valueEscaped = value.replace(/"/g, '\\"');
-  execSync(
-    `npx convex env set ${deploymentOptions(config)} -- ${name} "${valueEscaped}"`,
-    {
-      stdio: options?.hideValue ? "ignore" : "inherit",
-    },
+  const { file, args } = convexCmd(
+    "env",
+    "set",
+    ...deploymentArgs(config),
+    "--",
+    name,
+    value,
   );
+  execFileSync(file, args, {
+    stdio: options?.hideValue ? "ignore" : "inherit",
+  });
   if (options?.hideValue) {
-    logSuccess(
-      `Successfully set ${chalk.bold(name)} (on ${printDeployment(config)})`,
-    );
+    p.log.success(`Successfully set ${name} (on ${printDeployment(config)})`);
   }
 }
-function deploymentOptions(config: ProjectConfig) {
-  const {
-    deployment: {
-      options: { adminKey },
-    },
-  } = config;
-  const adminKeyOption =
-    adminKey !== undefined ? `--admin-key '${adminKey}' ` : "";
-  return adminKeyOption + deploymentNameOptions(config);
+/**
+ * Write value to a temp file and use `convex env set KEY --from-file tmpfile`.
+ * This avoids shell-quoting issues with multiline values like private keys.
+ */
+async function setEnvVarFromFile(
+  config: ProjectConfig,
+  name: string,
+  value: string,
+) {
+  const tmpDir = mkdtempSync(path.join(tmpdir(), "convex-auth-"));
+  const tmpFile = path.join(tmpDir, `${name}.tmp`);
+  try {
+    writeFileSync(tmpFile, value, "utf-8");
+    const { file, args } = convexCmd(
+      "env",
+      "set",
+      ...deploymentArgs(config),
+      name,
+      "--from-file",
+      tmpFile,
+    );
+    execFileSync(file, args, { stdio: "ignore" });
+    p.log.success(`Successfully set ${name} (on ${printDeployment(config)})`);
+  } finally {
+    try {
+      unlinkSync(tmpFile);
+    } catch {
+      // cleanup is best-effort
+    }
+  }
 }
-function deploymentNameOptions(config: ProjectConfig) {
+function deploymentArgs(config: ProjectConfig): string[] {
   const {
     deployment: {
-      options: { url, prod, previewName, deploymentName },
+      options: { adminKey, url, prod, previewName, deploymentName },
     },
   } = config;
-  if (url) {
-    return `--url ${url}`;
-  } else if (prod) {
-    return "--prod";
-  } else if (previewName) {
-    return `--preview-name ${previewName}`;
-  } else if (deploymentName) {
-    return `--deployment-name ${deploymentName}`;
-  } else {
-    return "";
+  const args: string[] = [];
+  if (adminKey !== undefined) {
+    args.push("--admin-key", adminKey);
   }
+  const selectionArgs =
+    [
+      url ? ["--url", url] : null,
+      prod ? ["--prod"] : null,
+      previewName ? ["--preview-name", previewName] : null,
+      deploymentName ? ["--deployment-name", deploymentName] : null,
+    ].find((s): s is string[] => s !== null) ?? [];
+  args.push(...selectionArgs);
+  return args;
 }
-function printDeployment(config: ProjectConfig) {
+function printDeployment(config: ProjectConfig): string {
   const { name, type } = config.deployment;
   return (
-    (type !== null ? `${chalk.bold(type)} ` : "") +
+    (type !== null ? `${type} ` : "") +
     "deployment" +
-    (name !== null ? ` ${chalk.bold(name)}` : "")
+    (name !== null ? ` ${name}` : "")
   );
 }
+// ---------------------------------------------------------------------------
+// Step 3: tsconfig
+// ---------------------------------------------------------------------------
 // Match `"compilerOptions": {"`
 // ignore comments after the bracket
 // and capture the space between the bracket/last comment
@@ -331,13 +466,13 @@ async function modifyTsConfig(config: ProjectConfig) {
     if (existsSync(projectLevelTsConfigPath)) {
       if (config.isExpo) {
         writeFileSync(tsConfigPath, validTsConfig);
-        logSuccess(`Added ${chalk.bold(tsConfigPath)}`);
+        p.log.success(`Added ${tsConfigPath}`);
         return;
       }
       // else assume that the project-level tsconfig already
       // has the right settings, which is true for Vite and Next.js
     }
-    logInfo(`No ${chalk.bold(tsConfigPath)} found. Skipping.`);
+    p.log.info(`No ${tsConfigPath} found. Skipping.`);
     return;
   }
   const existingTsConfig = readFileSync(tsConfigPath, "utf8");
@@ -351,14 +486,12 @@ async function modifyTsConfig(config: ProjectConfig) {
     /Bundler/i.test(existingModuleResolution) &&
     existingSkipLibCheck === "true"
   ) {
-    logSuccess(`The ${chalk.bold(tsConfigPath)} is already set up.`);
+    p.log.success(`The ${tsConfigPath} is already set up.`);
     return;
   }
   if (!compilerOptionsPattern.test(existingTsConfig)) {
-    logInfo(
-      `Modify your ${chalk.bold(tsConfigPath)} to include the following:`,
-    );
+    p.log.info(`Modify your ${tsConfigPath} to include the following:`);
     const source = `\
   {
     "compilerOptions": {
@@ -367,7 +500,7 @@ async function modifyTsConfig(config: ProjectConfig) {
     }
   }
     `;
-    print(indent(`\n${source}\n`));
+    p.log.message(indent(`\n${source}\n`));
     await promptForConfirmationOrExit("Ready to continue?");
   }
   const changedTsConfig = addCompilerOption(
@@ -382,7 +515,7 @@ async function modifyTsConfig(config: ProjectConfig) {
     '"skipLibCheck": true',
   );
   writeFileSync(tsConfigPath, changedTsConfig);
-  logSuccess(`Modified ${chalk.bold(tsConfigPath)}`);
+  p.log.success(`Modified ${tsConfigPath}`);
 }
 function addCompilerOption(
@@ -398,6 +531,10 @@ function addCompilerOption(
   }
 }
+// ---------------------------------------------------------------------------
+// Step 4: convex.config
+// ---------------------------------------------------------------------------
 async function configureConvexConfig(config: ProjectConfig) {
   logStep(config, "Configure convex config file");
   const sourceTemplate = `\
@@ -412,16 +549,16 @@ export default app;
 `;
   const source = templateToSource(sourceTemplate);
   const convexConfigPath = path.join(config.convexFolderPath, "convex.config");
-  const existingConfigPath = await existingNonEmptySourcePath(convexConfigPath);
+  const existingConfigPath = existingNonEmptySourcePath(convexConfigPath);
   if (existingConfigPath !== null) {
     const existingConfig = readFileSync(existingConfigPath, "utf8");
     if (doesAlreadyMatchTemplate(existingConfig, sourceTemplate)) {
-      logSuccess(`The ${chalk.bold(existingConfigPath)} is already set up.`);
+      p.log.success(`The ${existingConfigPath} is already set up.`);
     } else {
-      logInfo(
-        `You already have a ${chalk.bold(existingConfigPath)}, make sure it registers the auth component like this:`,
+      p.log.info(
+        `You already have a ${existingConfigPath}, make sure it registers the auth component like this:`,
       );
-      print(indent(`\n${source}\n`));
+      p.log.message(indent(`\n${source}\n`));
       await promptForConfirmationOrExit("Ready to continue?");
     }
   } else {
@@ -429,17 +566,21 @@ export default app;
       ? `${convexConfigPath}.ts`
       : `${convexConfigPath}.js`;
     writeFileSync(newConfigPath, source);
-    logSuccess(`Created ${chalk.bold(newConfigPath)}`);
+    p.log.success(`Created ${newConfigPath}`);
   }
 }
+// ---------------------------------------------------------------------------
+// Step 5: auth.ts
+// ---------------------------------------------------------------------------
 async function initializeAuth(config: ProjectConfig) {
   logStep(config, "Initialize auth file");
   const sourceTemplate = `\
-import { Auth } from "@robelest/convex-auth/component";
+import { createAuth } from "@robelest/convex-auth/component";
 import { components } from "./_generated/api";
-const auth = new Auth(components.auth, {$$
+const auth = createAuth(components.auth, {$$
   providers: [$$],$$
 });
@@ -448,16 +589,16 @@ export const { signIn, signOut, store } = auth;
 `;
   const source = templateToSource(sourceTemplate);
   const authPath = path.join(config.convexFolderPath, "auth");
-  const existingAuthPath = await existingNonEmptySourcePath(authPath);
+  const existingAuthPath = existingNonEmptySourcePath(authPath);
   if (existingAuthPath !== null) {
     const existingAuth = readFileSync(existingAuthPath, "utf8");
     if (doesAlreadyMatchTemplate(existingAuth, sourceTemplate)) {
-      logSuccess(`The ${chalk.bold(existingAuthPath)} is already set up.`);
+      p.log.success(`The ${existingAuthPath} is already set up.`);
     } else {
-      logInfo(
-        `You already have a ${chalk.bold(existingAuthPath)}, make sure it initializes \`Auth\` like this:`,
+      p.log.info(
+        `You already have a ${existingAuthPath}, make sure it initializes auth with \`createAuth\` like this:`,
       );
-      print(indent(`\n${source}\n`));
+      p.log.message(indent(`\n${source}\n`));
       await promptForConfirmationOrExit("Ready to continue?");
     }
   } else {
@@ -465,10 +606,14 @@ export const { signIn, signOut, store } = auth;
       ? `${authPath}.ts`
       : `${authPath}.js`;
     writeFileSync(newAuthPath, source);
-    logSuccess(`Created ${chalk.bold(newAuthPath)}`);
+    p.log.success(`Created ${newAuthPath}`);
   }
 }
+// ---------------------------------------------------------------------------
+// Step 6: http.ts
+// ---------------------------------------------------------------------------
 async function configureHttp(config: ProjectConfig) {
   logStep(config, "Configure http file");
   const sourceTemplate = `\
@@ -483,16 +628,16 @@ export default http;
 `;
   const source = templateToSource(sourceTemplate);
   const httpPath = path.join(config.convexFolderPath, "http");
-  const existingHttpPath = await existingNonEmptySourcePath(httpPath);
+  const existingHttpPath = existingNonEmptySourcePath(httpPath);
   if (existingHttpPath !== null) {
     const existingHttp = readFileSync(existingHttpPath, "utf8");
     if (doesAlreadyMatchTemplate(existingHttp, sourceTemplate)) {
-      logSuccess(`The ${chalk.bold(existingHttpPath)} is already set up.`);
+      p.log.success(`The ${existingHttpPath} is already set up.`);
     } else {
-      logInfo(
-        `You already have a ${chalk.bold(existingHttpPath)}, make sure it includes the call to \`auth.http.add\`:`,
+      p.log.info(
+        `You already have a ${existingHttpPath}, make sure it includes the call to \`auth.http.add\`:`,
       );
-      print(indent(`\n${source}\n`));
+      p.log.message(indent(`\n${source}\n`));
       await promptForConfirmationOrExit("Ready to continue?");
     }
   } else {
@@ -500,10 +645,14 @@ export default http;
       ? `${httpPath}.ts`
       : `${httpPath}.js`;
     writeFileSync(newHttpPath, source);
-    logSuccess(`Created ${chalk.bold(newHttpPath)}`);
+    p.log.success(`Created ${newHttpPath}`);
   }
 }
+// ---------------------------------------------------------------------------
+// Extra: --variables
+// ---------------------------------------------------------------------------
 const VariablesSchema = v.object({
   help: v.optional(v.string()),
   providers: v.array(
@@ -522,23 +671,30 @@ const VariablesSchema = v.object({
 });
 async function configureOtherVariables(config: ProjectConfig, json: string) {
-  const variables = v.parse(VariablesSchema, JSON.parse(json));
+  let parsed: unknown;
+  try {
+    parsed = JSON.parse(json);
+  } catch (err) {
+    logErrorAndExit(
+      "The --variables flag must be valid JSON.",
+      err instanceof Error ? err.message : String(err),
+    );
+  }
+  const variables = v.parse(VariablesSchema, parsed);
   logStep(config, "Configure extra environment variables");
-  // Ex: The default setup includes sign-in with GitHub OAuth
-  // and sending magic links via Resend.
   if (variables.help !== undefined) {
-    print(variables.help);
+    p.log.message(variables.help);
   }
   for (const provider of variables.providers) {
-    if (
-      !(await promptForConfirmation(
-        `Do you want to configure ${provider.name}?`,
-      ))
-    ) {
+    const shouldConfigure = await promptForConfirmation(
+      `Do you want to configure ${provider.name}?`,
+    );
+    if (!shouldConfigure) {
       continue;
     }
     if (provider.help !== undefined) {
-      print(provider.help);
+      p.log.message(provider.help);
     }
     for (const variable of provider.variables) {
       await configureEnvVar(config, {
@@ -548,11 +704,15 @@ async function configureOtherVariables(config: ProjectConfig, json: string) {
     }
   }
   if (variables.success !== undefined) {
-    logSuccess(variables.success);
+    p.log.success(variables.success);
   }
 }
-function doesAlreadyMatchTemplate(existing: string, template: string) {
+// ---------------------------------------------------------------------------
+// Template helpers
+// ---------------------------------------------------------------------------
+export function doesAlreadyMatchTemplate(existing: string, template: string) {
   const regex = new RegExp(
     template
       .replace(/[.*+?^${}()|[\]\\]/g, "\\$&")
@@ -563,29 +723,34 @@ function doesAlreadyMatchTemplate(existing: string, template: string) {
   return regex.test(existing);
 }
-function templateToSource(template: string) {
+export function templateToSource(template: string) {
   return template.replace(/\$\$/g, "");
 }
-async function existingNonEmptySourcePath(path: string) {
-  return (await existsAndNotEmpty(`${path}.ts`))
-    ? `${path}.ts`
-    : (await existsAndNotEmpty(`${path}.js`))
-      ? `${path}.js`
+function existingNonEmptySourcePath(filePath: string): string | null {
+  return existsAndNotEmpty(`${filePath}.ts`)
+    ? `${filePath}.ts`
+    : existsAndNotEmpty(`${filePath}.js`)
+      ? `${filePath}.js`
       : null;
 }
-async function existsAndNotEmpty(path: string) {
-  return existsSync(path) && readFileSync(path, "utf8").trim() !== "";
+function existsAndNotEmpty(filePath: string): boolean {
+  return existsSync(filePath) && readFileSync(filePath, "utf8").trim() !== "";
 }
+// ---------------------------------------------------------------------------
+// Logging
+// ---------------------------------------------------------------------------
 function logStep(config: ProjectConfig, message: string) {
-  if (config.step > 1) {
-    print();
-  }
-  logInfo(chalk.bold(`Step ${config.step++}: ${message}`));
+  p.log.step(`Step ${config.step++}: ${message}`);
 }
+// ---------------------------------------------------------------------------
+// Source control check
+// ---------------------------------------------------------------------------
 async function checkSourceControl(options: {
   skipGitCheck?: boolean;
   allowDirtyGitState?: boolean;
@@ -595,14 +760,25 @@ async function checkSourceControl(options: {
   }
   const isGit = existsSync(".git");
   if (isGit) {
-    const gitStatus = execSync("git status --porcelain").toString();
+    let gitStatus: string;
+    try {
+      gitStatus = execFileSync("git", ["status", "--porcelain"], {
+        encoding: "utf-8",
+      });
+    } catch {
+      // git not available — skip check
+      return;
+    }
     const changedFiles = gitStatus
       .split("\n")
       .filter(
-        (line) => !/\bpackage(-lock)?.json/.test(line) && line.length > 0,
+        (line) =>
+          !/\bpackage(-lock)?.json/.test(line) &&
+          !/\benv\.d\.ts$/.test(line) &&
+          line.length > 0,
       );
     if (changedFiles.length > 0) {
-      logError(
+      p.log.error(
         "There are unstaged or uncommitted changes in the working directory. " +
           "Please commit or stash them before proceeding.",
       );
@@ -612,13 +788,17 @@ async function checkSourceControl(options: {
     if (options.skipGitCheck) {
       return;
     }
-    logWarning(
+    p.log.warn(
       "No source control detected. We strongly recommend committing the current state of your code before proceeding.",
     );
     await promptForConfirmationOrExit("Continue anyway?");
   }
 }
+// ---------------------------------------------------------------------------
+// Project file readers
+// ---------------------------------------------------------------------------
 type PackageJSON = { __isPackageJSON: true; [key: string]: any };
 function readPackageJson(): PackageJSON {
@@ -652,7 +832,11 @@ function readConvexJson(): ConvexJSON {
   }
 }
-function readConvexDeployment(options: {
+// ---------------------------------------------------------------------------
+// Deployment selection
+// ---------------------------------------------------------------------------
+export function readConvexDeployment(options: {
   url?: string;
   adminKey?: string;
   prod?: boolean;
@@ -660,30 +844,45 @@ function readConvexDeployment(options: {
   deploymentName?: string;
 }) {
   const { adminKey, url, prod, previewName, deploymentName } = options;
-  const adminKeyName = adminKey ? deploymentNameFromAdminKey(adminKey) : null;
-  const adminKeyType = adminKey ? deploymentTypeFromAdminKey(adminKey) : null;
   if (url) {
-    return { name: adminKeyName ?? url, type: adminKeyType, options };
-  } else if (prod) {
-    return { name: adminKeyName, type: "prod", options };
-  }
-  if (previewName) {
-    return { name: previewName, type: "preview", options };
-  }
-  if (deploymentName) {
-    return { name: deploymentName, type: adminKeyType, options };
+    return {
+      name: url,
+      type: null,
+      options,
+    };
   }
-  if (adminKey) {
-    return { name: adminKeyName, type: adminKeyType, options };
+  const adminKeyName = adminKey ? deploymentNameFromAdminKey(adminKey) : null;
+  const adminKeyType = adminKey ? deploymentTypeFromAdminKey(adminKey) : null;
+  const explicitSelection = [
+    prod ? { name: adminKeyName, type: "prod" as const } : null,
+    previewName ? { name: previewName, type: "preview" as const } : null,
+    deploymentName ? { name: deploymentName, type: adminKeyType } : null,
+    adminKey ? { name: adminKeyName, type: adminKeyType } : null,
+  ].find(
+    (
+      selection,
+    ): selection is {
+      name: string | null;
+      type: string | null;
+    } => selection !== null,
+  );
+  if (explicitSelection !== undefined) {
+    return { ...explicitSelection, options };
   }
   loadEnvFile({ path: ".env.local" });
   loadEnvFile();
   if (process.env.CONVEX_DEPLOYMENT) {
+    const type = getDeploymentTypeFromConfiguredDeployment(
+      process.env.CONVEX_DEPLOYMENT,
+    );
     return {
       name: stripDeploymentTypePrefix(process.env.CONVEX_DEPLOYMENT),
-      type: getDeploymentTypeFromConfiguredDeployment(
-        process.env.CONVEX_DEPLOYMENT,
-      ),
+      type,
       options,
     };
   }
@@ -696,50 +895,52 @@ function readConvexDeployment(options: {
 // NOTE: CONVEX CLI DEP
 // Given a deployment string like "dev:tall-forest-1234"
 // returns only the slug "tall-forest-1234".
-// If there's no prefix returns the original string.
 export function stripDeploymentTypePrefix(deployment: string) {
-  return deployment.split(":").at(-1)!;
+  const [type, name] = deployment.split(":");
+  if ((type !== "prod" && type !== "dev" && type !== "preview") || !name) {
+    logErrorAndExit(
+      "Invalid CONVEX_DEPLOYMENT.",
+      'Expected a typed deployment like "dev:my-deployment", "prod:my-deployment", or "preview:my-deployment".',
+    );
+  }
+  return name;
 }
 // NOTE: CONVEX CLI DEP
-// Handling legacy CONVEX_DEPLOYMENT without type prefix as well
 function getDeploymentTypeFromConfiguredDeployment(raw: string) {
   const typeRaw = raw.split(":")[0];
-  const type =
-    typeRaw === "prod" || typeRaw === "dev" || typeRaw === "preview"
-      ? typeRaw
-      : null;
-  return type;
+  if (typeRaw === "prod" || typeRaw === "dev" || typeRaw === "preview") {
+    return typeRaw;
+  }
+  logErrorAndExit(
+    "Invalid CONVEX_DEPLOYMENT.",
+    'Expected a typed deployment like "dev:my-deployment", "prod:my-deployment", or "preview:my-deployment".',
+  );
 }
 // NOTE: CONVEX CLI DEP
 function deploymentNameFromAdminKey(adminKey: string) {
   const parts = adminKey.split("|");
-  if (parts.length === 1) {
-    return null;
-  }
-  if (isPreviewDeployKey(adminKey)) {
-    // Preview deploy keys do not contain a deployment name.
-    return null;
-  }
-  return stripDeploymentTypePrefix(parts[0]);
+  const hasDeployment = parts.length > 1;
+  return hasDeployment && !isPreviewDeployKey(adminKey)
+    ? stripDeploymentTypePrefix(parts[0])
+    : null;
 }
-// NOTE: CONVEX CLI DEP - but modified to not default to "prod"
-//
-// For current keys returns prod|dev|preview,
-// for legacy keys returns "prod".
+// NOTE: CONVEX CLI DEP
 // Examples:
 //  "prod:deploymentName|key" -> "prod"
 //  "preview:deploymentName|key" -> "preview"
 //  "dev:deploymentName|key" -> "dev"
-//  "key" -> "prod"
 export function deploymentTypeFromAdminKey(adminKey: string) {
-  const parts = adminKey.split(":");
-  if (parts.length === 1) {
-    return null;
+  const type = adminKey.split(":")[0];
+  if (type === "prod" || type === "dev" || type === "preview") {
+    return type;
   }
-  return parts.at(0)!;
+  logErrorAndExit(
+    "Invalid admin key.",
+    'Expected a typed key like "dev:deployment|...", "prod:deployment|...", or "preview:...".',
+  );
 }
 // NOTE: CONVEX CLI DEP
@@ -757,11 +958,16 @@ export function isPreviewDeployKey(adminKey: string) {
   return prefixParts[0] === "preview" && prefixParts.length === 3;
 }
+// ---------------------------------------------------------------------------
+// Prompts (using @clack/prompts, with TTY detection on stdin)
+// ---------------------------------------------------------------------------
 async function promptForConfirmationOrExit(
   message: string,
   options: { default?: boolean } = {},
 ) {
   if (!(await promptForConfirmation(message, options))) {
+    p.cancel("Setup cancelled.");
     process.exit(1);
   }
 }
@@ -769,17 +975,17 @@ async function promptForConfirmationOrExit(
 async function promptForConfirmation(
   message: string,
   options: { default?: boolean } = {},
-) {
-  if (process.stdout.isTTY) {
-    const { confirmed } = await inquirer.prompt<{ confirmed: boolean }>([
-      {
-        type: "confirm",
-        name: "confirmed",
-        message,
-        default: options.default ?? true,
-      },
-    ]);
-    return confirmed;
+): Promise<boolean> {
+  if (process.stdin.isTTY) {
+    const result = await p.confirm({
+      message,
+      initialValue: options.default ?? true,
+    });
+    if (p.isCancel(result)) {
+      p.cancel("Setup cancelled.");
+      process.exit(1);
+    }
+    return result;
   } else {
     return options.default ?? true;
   }
@@ -787,19 +993,30 @@ async function promptForConfirmation(
 async function promptForInput(
   message: string,
-  options: { default?: string; validate?: (input: string) => true | string },
-) {
-  if (process.stdout.isTTY) {
-    const { input } = await inquirer.prompt<{ input: string }>([
-      {
-        type: "input",
-        name: "input",
-        message,
-        default: options.default,
-        validate: options.validate,
-      },
-    ]);
-    return input;
+  options: {
+    default?: string;
+    validate?: (input: string) => true | string;
+  },
+): Promise<string> {
+  if (process.stdin.isTTY) {
+    const result = await p.text({
+      message,
+      defaultValue: options.default,
+      placeholder: options.default,
+      validate: options.validate
+        ? (val: string | undefined) => {
+            if (val === undefined) return "Input is required";
+            const check = options.validate!(val);
+            if (check === true) return undefined;
+            return check;
+          }
+        : undefined,
+    });
+    if (p.isCancel(result)) {
+      p.cancel("Setup cancelled.");
+      process.exit(1);
+    }
+    return result;
   } else {
     if (options.default !== undefined) {
       return options.default;
@@ -811,56 +1028,47 @@ async function promptForInput(
   }
 }
+// ---------------------------------------------------------------------------
+// Final success message
+// ---------------------------------------------------------------------------
 function printFinalSuccessMessage(config: ProjectConfig) {
   const isProd = config.deployment.type === "prod";
   const deploymentName = config.deployment.name ?? "your deployment";
   if (isProd) {
-    logSuccess(`Production setup complete for ${deploymentName}.`);
-    print("");
-    print(`  Full docs: ${chalk.cyan("https://deepwiki.com/robelest/convex-auth")}`);
+    p.log.success(`Production setup complete for ${deploymentName}.`);
+    p.log.message("  Full docs: https://deepwiki.com/robelest/convex-auth");
   } else {
-    logSuccess(`Setup complete for ${deploymentName}.`);
-    print("");
-    print(`  ${chalk.bold("To set up production")}, run this command with your production URL:`);
-    print(`    ${chalk.cyan("npx @robelest/convex-auth --prod --site-url \"https://myapp.com\"")}`);
-    print("");
-    print(`  ${chalk.bold("Don't forget")} to set provider secrets on production too:`);
-    print(`    ${chalk.grey("npx convex env set --prod AUTH_GITHUB_ID \"...\"")}`);
-    print(`    ${chalk.grey("npx convex env set --prod AUTH_GITHUB_SECRET \"...\"")}`);
-    print("");
-    print(`  Full docs: ${chalk.cyan("https://deepwiki.com/robelest/convex-auth")}`);
+    p.log.success(`Setup complete for ${deploymentName}.`);
+    p.log.message("");
+    p.log.message(
+      "  To set up production, run this command with your production URL:",
+    );
+    p.log.message(
+      '    npx @robelest/convex-auth --prod --site-url "https://myapp.com"',
+    );
+    p.log.message("");
+    p.log.message("  Don't forget to set provider secrets on production too:");
+    p.log.message('    npx convex env set --prod AUTH_GITHUB_ID "..."');
+    p.log.message('    npx convex env set --prod AUTH_GITHUB_SECRET "..."');
+    p.log.message("");
+    p.log.message("  Full docs: https://deepwiki.com/robelest/convex-auth");
   }
 }
+// ---------------------------------------------------------------------------
+// Error helpers
+// ---------------------------------------------------------------------------
 function logErrorAndExit(message: string, error?: string): never {
-  logError(message, error);
+  p.log.error(`${message}${error !== undefined ? `\n  Error: ${error}` : ""}`);
   process.exit(1);
 }
-function logError(message: string, error?: string) {
-  print(
-    `${chalk.red(`✖`)} ${indent(message)}${
-      error !== undefined ? `\n  ${chalk.grey(`Error: ${indent(error)}`)}` : ""
-    }`,
-  );
-}
-function logWarning(message: string) {
-  print(`${chalk.yellow.bold(`!`)} ${indent(message)}`);
-}
-function logInfo(message: string) {
-  print(`${chalk.blue.bold(`i`)} ${indent(message)}`);
-}
-function logSuccess(message: string) {
-  print(`${chalk.green(`✔`)} ${indent(message)}`);
-}
-function print(message?: string) {
-  process.stderr.write((message ?? "") + "\n");
-}
+// ---------------------------------------------------------------------------
+// String helpers
+// ---------------------------------------------------------------------------
 function indent(string: string) {
   return string.replace(/^/gm, "  ").slice(2);