npm - @robelest/convex-auth - Versions diffs - 0.0.4-preview.21 → 0.0.4-preview.23 - Mend

@robelest/convex-auth 0.0.4-preview.21 → 0.0.4-preview.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (310) hide show

package/dist/authorization/index.d.ts +1 -1
package/dist/authorization/index.js +1 -1
package/dist/authorization/index.js.map +1 -1
package/dist/client/index.d.ts +1 -2
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +36 -39
package/dist/client/index.js.map +1 -1
package/dist/component/client/index.d.ts +1 -2
package/dist/component/convex.config.d.ts +2 -2
package/dist/component/convex.config.d.ts.map +1 -1
package/dist/component/model.d.ts +5 -5
package/dist/component/model.d.ts.map +1 -1
package/dist/component/public/enterprise/audit.d.ts.map +1 -1
package/dist/component/public/enterprise/audit.js.map +1 -1
package/dist/component/public/enterprise/core.d.ts.map +1 -1
package/dist/component/public/enterprise/core.js.map +1 -1
package/dist/component/public/enterprise/domains.d.ts.map +1 -1
package/dist/component/public/enterprise/domains.js.map +1 -1
package/dist/component/public/enterprise/scim.d.ts.map +1 -1
package/dist/component/public/enterprise/scim.js.map +1 -1
package/dist/component/public/enterprise/secrets.d.ts.map +1 -1
package/dist/component/public/enterprise/secrets.js.map +1 -1
package/dist/component/public/enterprise/webhooks.d.ts.map +1 -1
package/dist/component/public/enterprise/webhooks.js.map +1 -1
package/dist/component/public/factors/devices.d.ts.map +1 -1
package/dist/component/public/factors/devices.js.map +1 -1
package/dist/component/public/factors/passkeys.d.ts.map +1 -1
package/dist/component/public/factors/passkeys.js.map +1 -1
package/dist/component/public/factors/totp.d.ts.map +1 -1
package/dist/component/public/factors/totp.js.map +1 -1
package/dist/component/public/groups/core.js.map +1 -1
package/dist/component/public/groups/invites.d.ts.map +1 -1
package/dist/component/public/groups/invites.js.map +1 -1
package/dist/component/public/groups/members.d.ts.map +1 -1
package/dist/component/public/groups/members.js.map +1 -1
package/dist/component/public/identity/accounts.d.ts.map +1 -1
package/dist/component/public/identity/accounts.js.map +1 -1
package/dist/component/public/identity/codes.d.ts.map +1 -1
package/dist/component/public/identity/codes.js.map +1 -1
package/dist/component/public/identity/sessions.d.ts.map +1 -1
package/dist/component/public/identity/sessions.js.map +1 -1
package/dist/component/public/identity/tokens.d.ts.map +1 -1
package/dist/component/public/identity/tokens.js.map +1 -1
package/dist/component/public/identity/users.d.ts.map +1 -1
package/dist/component/public/identity/users.js.map +1 -1
package/dist/component/public/identity/verifiers.d.ts.map +1 -1
package/dist/component/public/identity/verifiers.js.map +1 -1
package/dist/component/public/security/keys.d.ts.map +1 -1
package/dist/component/public/security/keys.js.map +1 -1
package/dist/component/public/security/limits.d.ts.map +1 -1
package/dist/component/public/security/limits.js.map +1 -1
package/dist/component/schema.d.ts +39 -39
package/dist/component/server/auth.d.ts +95 -52
package/dist/component/server/auth.d.ts.map +1 -1
package/dist/component/server/auth.js +63 -43
package/dist/component/server/auth.js.map +1 -1
package/dist/component/server/core.js +116 -235
package/dist/component/server/core.js.map +1 -1
package/dist/component/server/crypto.js +25 -7
package/dist/component/server/crypto.js.map +1 -1
package/dist/component/server/device.js +58 -15
package/dist/component/server/device.js.map +1 -1
package/dist/component/server/enterprise/domain.js +148 -59
package/dist/component/server/enterprise/domain.js.map +1 -1
package/dist/component/server/enterprise/http.js +36 -15
package/dist/component/server/enterprise/http.js.map +1 -1
package/dist/component/server/enterprise/oidc.js +1 -1
package/dist/component/server/http.js +26 -21
package/dist/component/server/http.js.map +1 -1
package/dist/component/server/identity.js +5 -2
package/dist/component/server/identity.js.map +1 -1
package/dist/component/server/limits.js +21 -30
package/dist/component/server/limits.js.map +1 -1
package/dist/component/server/mutations/account.js +12 -10
package/dist/component/server/mutations/account.js.map +1 -1
package/dist/component/server/mutations/code.js +5 -2
package/dist/component/server/mutations/code.js.map +1 -1
package/dist/component/server/mutations/invalidate.js +1 -1
package/dist/component/server/mutations/invalidate.js.map +1 -1
package/dist/component/server/mutations/oauth.js +10 -4
package/dist/component/server/mutations/oauth.js.map +1 -1
package/dist/component/server/mutations/refresh.js +2 -2
package/dist/component/server/mutations/refresh.js.map +1 -1
package/dist/component/server/mutations/register.js +46 -42
package/dist/component/server/mutations/register.js.map +1 -1
package/dist/component/server/mutations/retrieve.js +21 -25
package/dist/component/server/mutations/retrieve.js.map +1 -1
package/dist/component/server/mutations/signature.js +10 -4
package/dist/component/server/mutations/signature.js.map +1 -1
package/dist/component/server/mutations/signout.js.map +1 -1
package/dist/component/server/mutations/store.js +9 -24
package/dist/component/server/mutations/store.js.map +1 -1
package/dist/component/server/mutations/verifier.js.map +1 -1
package/dist/component/server/mutations/verify.js +1 -1
package/dist/component/server/mutations/verify.js.map +1 -1
package/dist/component/server/oauth.js +53 -16
package/dist/component/server/oauth.js.map +1 -1
package/dist/component/server/passkey.js +115 -31
package/dist/component/server/passkey.js.map +1 -1
package/dist/component/server/redirects.js +9 -3
package/dist/component/server/redirects.js.map +1 -1
package/dist/component/server/refresh.js +10 -7
package/dist/component/server/refresh.js.map +1 -1
package/dist/component/server/runtime.d.ts +3 -3
package/dist/component/server/runtime.d.ts.map +1 -1
package/dist/component/server/runtime.js +62 -20
package/dist/component/server/runtime.js.map +1 -1
package/dist/component/server/signin.js +34 -10
package/dist/component/server/signin.js.map +1 -1
package/dist/component/server/totp.js +79 -19
package/dist/component/server/totp.js.map +1 -1
package/dist/component/server/types.d.ts +12 -20
package/dist/component/server/types.d.ts.map +1 -1
package/dist/component/server/types.js.map +1 -1
package/dist/component/server/users.js +6 -3
package/dist/component/server/users.js.map +1 -1
package/dist/component/server/utils.js +10 -4
package/dist/component/server/utils.js.map +1 -1
package/dist/core/types.d.ts +14 -22
package/dist/core/types.d.ts.map +1 -1
package/dist/factors/device.js +8 -9
package/dist/factors/device.js.map +1 -1
package/dist/factors/passkey.js +18 -21
package/dist/factors/passkey.js.map +1 -1
package/dist/providers/password.js +66 -81
package/dist/providers/password.js.map +1 -1
package/dist/runtime/invite.js +2 -8
package/dist/runtime/invite.js.map +1 -1
package/dist/server/auth.d.ts +95 -52
package/dist/server/auth.d.ts.map +1 -1
package/dist/server/auth.js +63 -43
package/dist/server/auth.js.map +1 -1
package/dist/server/core.d.ts +71 -159
package/dist/server/core.d.ts.map +1 -1
package/dist/server/core.js +116 -235
package/dist/server/core.js.map +1 -1
package/dist/server/crypto.d.ts.map +1 -1
package/dist/server/crypto.js +25 -7
package/dist/server/crypto.js.map +1 -1
package/dist/server/device.js +58 -15
package/dist/server/device.js.map +1 -1
package/dist/server/enterprise/domain.d.ts +0 -8
package/dist/server/enterprise/domain.d.ts.map +1 -1
package/dist/server/enterprise/domain.js +148 -59
package/dist/server/enterprise/domain.js.map +1 -1
package/dist/server/enterprise/http.d.ts.map +1 -1
package/dist/server/enterprise/http.js +35 -14
package/dist/server/enterprise/http.js.map +1 -1
package/dist/server/http.d.ts +2 -2
package/dist/server/http.d.ts.map +1 -1
package/dist/server/http.js +25 -20
package/dist/server/http.js.map +1 -1
package/dist/server/identity.js +5 -2
package/dist/server/identity.js.map +1 -1
package/dist/server/index.d.ts +2 -2
package/dist/server/limits.js +21 -30
package/dist/server/limits.js.map +1 -1
package/dist/server/mounts.d.ts +26 -64
package/dist/server/mounts.d.ts.map +1 -1
package/dist/server/mounts.js +45 -106
package/dist/server/mounts.js.map +1 -1
package/dist/server/mutations/account.d.ts +8 -9
package/dist/server/mutations/account.d.ts.map +1 -1
package/dist/server/mutations/account.js +11 -9
package/dist/server/mutations/account.js.map +1 -1
package/dist/server/mutations/code.d.ts +13 -13
package/dist/server/mutations/code.d.ts.map +1 -1
package/dist/server/mutations/code.js +5 -2
package/dist/server/mutations/code.js.map +1 -1
package/dist/server/mutations/invalidate.d.ts +4 -4
package/dist/server/mutations/invalidate.d.ts.map +1 -1
package/dist/server/mutations/invalidate.js.map +1 -1
package/dist/server/mutations/oauth.d.ts +12 -10
package/dist/server/mutations/oauth.d.ts.map +1 -1
package/dist/server/mutations/oauth.js +9 -3
package/dist/server/mutations/oauth.js.map +1 -1
package/dist/server/mutations/refresh.d.ts +3 -3
package/dist/server/mutations/refresh.d.ts.map +1 -1
package/dist/server/mutations/refresh.js +1 -1
package/dist/server/mutations/refresh.js.map +1 -1
package/dist/server/mutations/register.d.ts +11 -11
package/dist/server/mutations/register.d.ts.map +1 -1
package/dist/server/mutations/register.js +45 -41
package/dist/server/mutations/register.js.map +1 -1
package/dist/server/mutations/retrieve.d.ts +6 -6
package/dist/server/mutations/retrieve.d.ts.map +1 -1
package/dist/server/mutations/retrieve.js +20 -24
package/dist/server/mutations/retrieve.js.map +1 -1
package/dist/server/mutations/signature.d.ts +6 -7
package/dist/server/mutations/signature.d.ts.map +1 -1
package/dist/server/mutations/signature.js +9 -3
package/dist/server/mutations/signature.js.map +1 -1
package/dist/server/mutations/signin.d.ts +5 -5
package/dist/server/mutations/signin.d.ts.map +1 -1
package/dist/server/mutations/signout.js.map +1 -1
package/dist/server/mutations/store.d.ts +97 -97
package/dist/server/mutations/store.d.ts.map +1 -1
package/dist/server/mutations/store.js +8 -23
package/dist/server/mutations/store.js.map +1 -1
package/dist/server/mutations/verifier.js.map +1 -1
package/dist/server/mutations/verify.d.ts +10 -10
package/dist/server/mutations/verify.d.ts.map +1 -1
package/dist/server/mutations/verify.js.map +1 -1
package/dist/server/oauth.js +53 -16
package/dist/server/oauth.js.map +1 -1
package/dist/server/passkey.d.ts +2 -2
package/dist/server/passkey.d.ts.map +1 -1
package/dist/server/passkey.js +114 -30
package/dist/server/passkey.js.map +1 -1
package/dist/server/redirects.js +9 -3
package/dist/server/redirects.js.map +1 -1
package/dist/server/refresh.js +10 -7
package/dist/server/refresh.js.map +1 -1
package/dist/server/runtime.d.ts +14 -14
package/dist/server/runtime.d.ts.map +1 -1
package/dist/server/runtime.js +61 -19
package/dist/server/runtime.js.map +1 -1
package/dist/server/signin.js +34 -10
package/dist/server/signin.js.map +1 -1
package/dist/server/ssr.d.ts.map +1 -1
package/dist/server/ssr.js +175 -184
package/dist/server/ssr.js.map +1 -1
package/dist/server/totp.js +78 -18
package/dist/server/totp.js.map +1 -1
package/dist/server/types.d.ts +13 -21
package/dist/server/types.d.ts.map +1 -1
package/dist/server/types.js.map +1 -1
package/dist/server/users.js +6 -3
package/dist/server/users.js.map +1 -1
package/dist/server/utils.js +10 -4
package/dist/server/utils.js.map +1 -1
package/package.json +2 -6
package/src/authorization/index.ts +1 -1
package/src/cli/index.ts +1 -1
package/src/client/core/types.ts +14 -14
package/src/client/factors/device.ts +10 -12
package/src/client/factors/passkey.ts +23 -26
package/src/client/index.ts +54 -64
package/src/client/runtime/invite.ts +5 -7
package/src/component/index.ts +1 -0
package/src/component/public/enterprise/audit.ts +6 -1
package/src/component/public/enterprise/core.ts +1 -0
package/src/component/public/enterprise/domains.ts +5 -1
package/src/component/public/enterprise/scim.ts +1 -0
package/src/component/public/enterprise/secrets.ts +1 -0
package/src/component/public/enterprise/webhooks.ts +1 -0
package/src/component/public/factors/devices.ts +1 -0
package/src/component/public/factors/passkeys.ts +1 -0
package/src/component/public/factors/totp.ts +1 -0
package/src/component/public/groups/core.ts +1 -1
package/src/component/public/groups/invites.ts +7 -1
package/src/component/public/groups/members.ts +1 -0
package/src/component/public/identity/accounts.ts +1 -0
package/src/component/public/identity/codes.ts +1 -0
package/src/component/public/identity/sessions.ts +1 -0
package/src/component/public/identity/tokens.ts +1 -0
package/src/component/public/identity/users.ts +1 -0
package/src/component/public/identity/verifiers.ts +1 -0
package/src/component/public/security/keys.ts +1 -0
package/src/component/public/security/limits.ts +1 -0
package/src/providers/password.ts +89 -110
package/src/server/auth.ts +177 -111
package/src/server/core.ts +197 -233
package/src/server/crypto.ts +31 -29
package/src/server/device.ts +65 -32
package/src/server/enterprise/domain.ts +158 -170
package/src/server/enterprise/http.ts +46 -39
package/src/server/http.ts +36 -30
package/src/server/identity.ts +5 -5
package/src/server/index.ts +2 -0
package/src/server/limits.ts +53 -80
package/src/server/mounts.ts +47 -74
package/src/server/mutations/account.ts +22 -36
package/src/server/mutations/code.ts +6 -6
package/src/server/mutations/invalidate.ts +1 -1
package/src/server/mutations/oauth.ts +14 -8
package/src/server/mutations/refresh.ts +5 -4
package/src/server/mutations/register.ts +87 -132
package/src/server/mutations/retrieve.ts +44 -44
package/src/server/mutations/signature.ts +13 -6
package/src/server/mutations/signout.ts +1 -1
package/src/server/mutations/store.ts +16 -31
package/src/server/mutations/verifier.ts +1 -1
package/src/server/mutations/verify.ts +3 -5
package/src/server/oauth.ts +60 -69
package/src/server/passkey.ts +567 -517
package/src/server/redirects.ts +10 -6
package/src/server/refresh.ts +14 -18
package/src/server/runtime.ts +70 -55
package/src/server/signin.ts +44 -37
package/src/server/ssr.ts +390 -407
package/src/server/totp.ts +85 -35
package/src/server/types.ts +19 -22
package/src/server/users.ts +7 -6
package/src/server/utils.ts +10 -12
package/dist/component/server/authError.js +0 -34
package/dist/component/server/authError.js.map +0 -1
package/dist/component/server/errors.d.ts +0 -1
package/dist/component/server/errors.js +0 -137
package/dist/component/server/errors.js.map +0 -1
package/dist/server/authError.d.ts +0 -46
package/dist/server/authError.d.ts.map +0 -1
package/dist/server/authError.js +0 -34
package/dist/server/authError.js.map +0 -1
package/dist/server/errors.d.ts +0 -177
package/dist/server/errors.d.ts.map +0 -1
package/dist/server/errors.js +0 -212
package/dist/server/errors.js.map +0 -1
package/src/server/authError.ts +0 -44
package/src/server/errors.ts +0 -290

package/src/server/errors.ts DELETED Viewed

@@ -1,290 +0,0 @@
-/**
- * Structured error handling for Convex Auth.
- *
- * Every error thrown by the auth system uses `ConvexError` with a
- * `{ code, message }` payload so clients can distinguish error types
- * and display user-friendly messages.
- *
- * **Consumer API:** Use {@link throwAuthError} to throw structured errors
- * from your own Convex functions (e.g. custom authorization checks).
- *
- * **Internal pattern:** The library itself uses `new AuthError(code)` with
- * the `@robelest/fx` effect system (`Fx.fail(new AuthError(code))`).
- * You do not need to use `AuthError` directly — it is an implementation detail.
- *
- * @module
- */
-import { ConvexError } from "convex/values";
-// ============================================================================
-// Error code → default message map  (single source of truth)
-// ============================================================================
-/**
- * Map of every auth error code to its default human-readable message.
- *
- * Use the keys as the `code` argument to {@link throwAuthError}.
- * Clients can match on these codes for conditional error handling.
- *
- * @example
- * ```ts
- * throwAuthError("NOT_SIGNED_IN");
- * // ConvexError { data: { code: "NOT_SIGNED_IN", message: "You must be signed in..." } }
- * ```
- */
-export const AUTH_ERRORS = {
-  // ---- Configuration ----
-  PROVIDER_NOT_CONFIGURED: "This sign-in method is not available.",
-  EMAIL_CONFIG_REQUIRED:
-    "Email transport is not configured. Configure email in createAuth(...).",
-  MISSING_ENV_VAR: "A required server environment variable is missing.",
-  MISSING_ACTION_CONTEXT: "Action context is required for this operation.",
-  INVALID_PARAMETERS: "The provided parameters are invalid.",
-  // ---- Authentication ----
-  NOT_SIGNED_IN: "You must be signed in to perform this action.",
-  INVALID_VERIFICATION_CODE: "Invalid or expired verification code.",
-  INVALID_REFRESH_TOKEN: "Your session has expired. Please sign in again.",
-  AUTH_HANDSHAKE_TIMEOUT:
-    "Sign-in succeeded but authentication confirmation timed out.",
-  AUTH_HANDSHAKE_REJECTED:
-    "Authentication was rejected while confirming the session.",
-  SIGN_IN_MISSING_PARAMS:
-    "Cannot sign in: missing provider, code, or refresh token.",
-  UNSUPPORTED_PROVIDER_TYPE: "This provider type is not supported.",
-  INVALID_REDIRECT: "Invalid redirect URL.",
-  // ---- Email / Phone ----
-  EMAIL_SEND_FAILED: "Failed to send verification email. Please try again.",
-  // ---- API Keys ----
-  INVALID_API_KEY: "Invalid API key.",
-  API_KEY_REVOKED: "This API key has been revoked.",
-  API_KEY_EXPIRED: "This API key has expired.",
-  API_KEY_RATE_LIMITED: "API key rate limit exceeded. Please try again later.",
-  API_KEY_INVALID_SCOPE: "Invalid scope requested for API key.",
-  KEY_NOT_FOUND: "API key not found.",
-  // ---- HTTP Bearer Auth ----
-  MISSING_BEARER_TOKEN: "Missing or malformed Authorization: Bearer header.",
-  SCOPE_CHECK_FAILED: "This API key does not have the required permissions.",
-  // ---- OAuth ----
-  OAUTH_MISSING_PROVIDER: "Missing OAuth provider ID.",
-  OAUTH_MISSING_VERIFIER: "Missing sign-in verifier.",
-  OAUTH_INVALID_STATE: "Invalid OAuth state. Please try signing in again.",
-  OAUTH_PROVIDER_ERROR: "The sign-in provider returned an error.",
-  OAUTH_MISSING_ID_TOKEN:
-    "ID token claims are missing from the provider response.",
-  OAUTH_INVALID_PROFILE: "The sign-in provider returned an invalid profile.",
-  OAUTH_UNSUPPORTED_AUTH_METHOD:
-    "Unsupported OAuth client authentication method.",
-  OAUTH_NO_USERINFO: "No userinfo endpoint configured for this provider.",
-  // ---- Credentials ----
-  ACCOUNT_ALREADY_EXISTS: "An account with these credentials already exists.",
-  ACCOUNT_NOT_FOUND: "Account not found.",
-  INVALID_CREDENTIALS_PROVIDER:
-    "This provider does not support credential operations.",
-  MISSING_CRYPTO_FUNCTION:
-    "This provider is missing a required cryptographic function.",
-  USER_UPDATE_FAILED: "Could not update the user record.",
-  // ---- Verifier ----
-  INVALID_VERIFIER: "Invalid or expired verifier.",
-  // ---- Passkey ----
-  PASSKEY_MISSING_CONFIG:
-    "Passkey provider requires SITE_URL or explicit rpId configuration.",
-  PASSKEY_AUTH_REQUIRED: "Sign in first, then add a passkey to your account.",
-  PASSKEY_MISSING_VERIFIER: "Missing verifier for passkey operation.",
-  PASSKEY_INVALID_CLIENT_DATA: "Invalid passkey client data.",
-  PASSKEY_INVALID_ORIGIN: "Passkey origin does not match the expected value.",
-  PASSKEY_INVALID_CHALLENGE: "Invalid or expired passkey challenge.",
-  PASSKEY_RP_MISMATCH: "Relying party ID mismatch.",
-  PASSKEY_USER_PRESENCE: "User presence flag not set.",
-  PASSKEY_USER_VERIFICATION: "User verification required but not performed.",
-  PASSKEY_NO_CREDENTIAL: "No credential in attestation.",
-  PASSKEY_UNSUPPORTED_ALGORITHM: "Unsupported passkey algorithm.",
-  PASSKEY_INVALID_SIGNATURE: "Invalid passkey signature.",
-  PASSKEY_UNKNOWN_CREDENTIAL: "Unknown passkey credential.",
-  PASSKEY_COUNTER_ERROR:
-    "Authenticator counter did not increase — possible credential cloning detected.",
-  PASSKEY_MISSING_FLOW: "Missing passkey flow parameter.",
-  PASSKEY_UNKNOWN_FLOW: "Unknown passkey flow.",
-  // ---- TOTP ----
-  TOTP_AUTH_REQUIRED: "Sign in first, then set up two-factor authentication.",
-  TOTP_MISSING_VERIFIER: "Missing verifier for TOTP operation.",
-  TOTP_MISSING_CODE: "Missing TOTP code.",
-  TOTP_MISSING_ID: "Missing TOTP enrollment ID.",
-  TOTP_NOT_FOUND: "TOTP enrollment not found.",
-  TOTP_ALREADY_VERIFIED: "TOTP enrollment is already verified.",
-  TOTP_INVALID_CODE: "Invalid TOTP code.",
-  TOTP_INVALID_VERIFIER: "Invalid or expired TOTP verifier.",
-  TOTP_NO_ENROLLMENT: "No verified TOTP enrollment found.",
-  TOTP_MISSING_FLOW: "Missing TOTP flow parameter.",
-  TOTP_UNKNOWN_FLOW: "Unknown TOTP flow.",
-  // ---- Device Authorization (RFC 8628) ----
-  DEVICE_CODE_EXPIRED:
-    "The device code has expired. Please start a new authorization request.",
-  DEVICE_CODE_DENIED: "The authorization request was denied.",
-  DEVICE_AUTHORIZATION_PENDING: "The user has not yet authorized this device.",
-  DEVICE_SLOW_DOWN:
-    "Polling too frequently. Increase the interval between requests.",
-  DEVICE_INVALID_USER_CODE: "Invalid or expired user code.",
-  DEVICE_ALREADY_AUTHORIZED: "This device code has already been authorized.",
-  DEVICE_MISSING_FLOW: "Missing device flow parameter.",
-  DEVICE_UNKNOWN_FLOW: "Unknown device flow.",
-  // ---- Invites ----
-  INVITE_EXPIRED: "This invitation has expired.",
-  INVITE_EMAIL_MISMATCH: "This invitation is for a different email.",
-  INVITE_ALREADY_ACCEPTED: "This invitation has already been accepted.",
-  DUPLICATE_INVITE:
-    "A pending invite already exists for this email in this group.",
-  INVITE_NOT_FOUND: "Invite not found.",
-  INVITE_NOT_PENDING: "Cannot accept or revoke invite that is not pending.",
-  // ---- Groups / Members ----
-  FORBIDDEN: "Access denied.",
-  NO_ACTIVE_GROUP: "User has no active group set.",
-  DUPLICATE_MEMBERSHIP: "User is already a member of this group.",
-  // ---- Enterprise ----
-  ENTERPRISE_ALREADY_EXISTS:
-    "An enterprise record already exists for this group.",
-  ENTERPRISE_DOMAIN_TAKEN:
-    "That domain is already attached to another enterprise.",
-  // ---- Internal (should never reach user) ----
-  INTERNAL_ERROR: "An unexpected error occurred.",
-} as const satisfies Record<string, string>;
-/** Union of all recognized auth error code strings (keys of {@link AUTH_ERRORS}). */
-export type AuthErrorCode = keyof typeof AUTH_ERRORS;
-// ============================================================================
-// Error helpers
-// ============================================================================
-/**
- * Throw a structured `ConvexError` with `{ code, message }`.
- *
- * Use this in your own Convex functions (queries, mutations, actions)
- * to throw auth-domain errors that clients can match on by `code`.
- * The library itself uses `AuthError` internally, but consumers
- * should prefer this helper for simplicity.
- *
- * @param code    Machine-readable error code from `AUTH_ERRORS`.
- * @param message Optional override for the default human-readable message.
- * @param context Optional extra fields merged into the error payload.
- *
- * @example
- * ```ts
- * import { throwAuthError } from "@robelest/convex-auth/server";
- *
- * // In a custom mutation:
- * if (!isAdmin) {
- *   throwAuthError("FORBIDDEN");
- * }
- * ```
- *
- * @throws {ConvexError} Always — throws a `ConvexError` with `{ code, message }` payload.
- */
-export function throwAuthError(
-  code: AuthErrorCode,
-  message?: string,
-  context?: Record<string, unknown>,
-): never {
-  throw new ConvexError({
-    code,
-    message: message ?? AUTH_ERRORS[code],
-    ...context,
-  });
-}
-/**
- * Type guard: check whether a caught value is a structured auth `ConvexError`.
- *
- * @param error - The caught value (typically from a `catch` block).
- * @returns `true` when `error` is a `ConvexError` with `{ code, message }` data.
- *
- * @example
- * ```ts
- * try { await auth.signIn('email', { email }); }
- * catch (e) {
- *   if (isAuthError(e)) console.log(e.data.code); // "EMAIL_SEND_FAILED"
- * }
- * ```
- */
-export function isAuthError(
-  error: unknown,
-): error is ConvexError<{ code: AuthErrorCode; message: string }> {
-  return (
-    error instanceof ConvexError &&
-    typeof error.data === "object" &&
-    error.data !== null &&
-    "code" in error.data &&
-    "message" in error.data
-  );
-}
-/**
- * Extract `{ code, message }` from a caught error.
- *
- * Works for `ConvexError` (from Convex actions), plain `Error`
- * instances, and structured auth errors. Returns `null` when the
- * value is not an error object.
- *
- * @param error - The caught value to parse.
- * @returns `{ code, message }` when extractable, or `null`.
- *   When `code` is `null`, the error is not a structured auth error
- *   but `message` still contains the error text.
- *
- * @example
- * ```ts
- * try {
- *   await auth.signIn("email", { email });
- * } catch (e) {
- *   const err = parseAuthError(e);
- *   if (err?.code === "EMAIL_SEND_FAILED") { ... }
- * }
- * ```
- */
-export function parseAuthError(
-  error: unknown,
-):
-  | { code: AuthErrorCode; message: string }
-  | { code: null; message: string }
-  | null {
-  if (isAuthError(error)) {
-    const { code, message } = error.data as {
-      code: AuthErrorCode;
-      message: string;
-    };
-    return { code, message };
-  }
-  // Recognize the Fx-native AuthError class (has _tag + code)
-  if (
-    error instanceof Error &&
-    "_tag" in error &&
-    (error as any)._tag === "AuthError" &&
-    "code" in error &&
-    typeof (error as any).code === "string"
-  ) {
-    return {
-      code: (error as any).code as AuthErrorCode,
-      message: error.message,
-    };
-  }
-  if (error instanceof ConvexError && typeof error.data === "string") {
-    return { code: null, message: error.data };
-  }
-  if (error instanceof Error) {
-    return { code: null, message: error.message };
-  }
-  return null;
-}