npm - @robelest/convex-auth - Versions diffs - 0.0.4-preview.25 → 0.0.4-preview.28 - Mend

@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (666) hide show

package/README.md +43 -36
package/dist/bin.js +5765 -4880
package/dist/browser/index.d.ts +30 -0
package/dist/browser/index.js +93 -0
package/dist/browser/locks.js +11 -0
package/dist/browser/navigation.js +14 -0
package/dist/{factors → browser}/passkey.js +23 -32
package/dist/browser/runtime.js +92 -0
package/dist/client/core/types.d.ts +452 -5
package/dist/client/core/types.js +17 -0
package/dist/client/errors.js +19 -0
package/dist/client/factors/device.js +94 -0
package/dist/{factors → client/factors}/totp.js +12 -4
package/dist/client/index.d.ts +47 -1
package/dist/client/index.js +269 -232
package/dist/client/runtime/mutex.js +24 -0
package/dist/client/runtime/proxy.js +30 -0
package/dist/client/runtime/storage.js +45 -0
package/dist/client/services/adapters.js +7 -0
package/dist/client/services/http.js +6 -0
package/dist/client/services/resolve.js +13 -0
package/dist/client/services/runtime.js +6 -0
package/dist/component/_generated/component.d.ts +1355 -1399
package/dist/component/convex.config.d.ts +2 -2
package/dist/component/index.d.ts +4 -26
package/dist/component/index.js +1 -1
package/dist/component/model.d.ts +26 -112
package/dist/component/model.js +76 -54
package/dist/component/modules.js +38 -0
package/dist/component/public/factors/devices.js +1 -1
package/dist/component/public/factors/passkeys.js +1 -1
package/dist/component/public/factors/totp.js +1 -1
package/dist/component/public/groups/core.js +2 -2
package/dist/component/public/groups/invites.js +1 -1
package/dist/component/public/groups/members.js +1 -1
package/dist/component/public/identity/accounts.js +1 -1
package/dist/component/public/identity/codes.js +1 -1
package/dist/component/public/identity/sessions.js +39 -2
package/dist/component/public/identity/tokens.js +82 -4
package/dist/component/public/identity/users.js +1 -1
package/dist/component/public/identity/verifiers.js +10 -4
package/dist/component/public/security/keys.js +1 -1
package/dist/component/public/security/limits.js +1 -1
package/dist/component/public/{enterprise → sso}/audit.js +26 -26
package/dist/component/public/sso/core.js +263 -0
package/dist/component/public/sso/domains.js +280 -0
package/dist/component/public/{enterprise → sso}/scim.js +87 -87
package/dist/component/public/sso/secrets.js +125 -0
package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
package/dist/component/public.js +9 -9
package/dist/component/schema.d.ts +472 -393
package/dist/component/schema.js +36 -35
package/dist/core/index.d.ts +380 -0
package/dist/core/index.js +83 -0
package/dist/otel.d.ts +69 -0
package/dist/otel.js +82 -0
package/dist/providers/anonymous.d.ts +15 -34
package/dist/providers/anonymous.js +27 -35
package/dist/providers/apple.d.ts +59 -0
package/dist/providers/apple.js +58 -0
package/dist/providers/credentials.d.ts +18 -34
package/dist/providers/credentials.js +16 -27
package/dist/providers/custom.d.ts +94 -0
package/dist/providers/custom.js +119 -0
package/dist/providers/device.d.ts +15 -49
package/dist/providers/device.js +17 -34
package/dist/providers/email.d.ts +21 -38
package/dist/providers/email.js +36 -55
package/dist/providers/github.d.ts +54 -0
package/dist/providers/github.js +75 -0
package/dist/providers/google.d.ts +54 -0
package/dist/providers/google.js +61 -0
package/dist/providers/index.d.ts +16 -12
package/dist/providers/index.js +15 -11
package/dist/providers/microsoft.d.ts +57 -0
package/dist/providers/microsoft.js +101 -0
package/dist/providers/passkey.d.ts +19 -35
package/dist/providers/passkey.js +20 -30
package/dist/providers/password.d.ts +17 -18
package/dist/providers/password.js +121 -143
package/dist/providers/phone.d.ts +13 -28
package/dist/providers/phone.js +21 -46
package/dist/providers/sso.d.ts +16 -36
package/dist/providers/sso.js +21 -22
package/dist/providers/totp.d.ts +13 -29
package/dist/providers/totp.js +17 -27
package/dist/server/auth-context.d.ts +204 -0
package/dist/server/auth-context.js +76 -0
package/dist/server/auth.d.ts +99 -244
package/dist/server/auth.js +56 -152
package/dist/server/componentContext.d.ts +12 -0
package/dist/server/componentContext.js +1 -0
package/dist/server/config.js +6 -67
package/dist/server/constants.js +6 -0
package/dist/server/contract.d.ts +105 -0
package/dist/server/contract.js +43 -0
package/dist/server/cookies.js +3 -2
package/dist/server/core.js +31 -36
package/dist/server/crypto.js +34 -44
package/dist/server/db.js +6 -1
package/dist/server/device.js +96 -130
package/dist/server/env.js +48 -0
package/dist/server/errors.js +20 -0
package/dist/server/http.d.ts +15 -59
package/dist/server/http.js +136 -120
package/dist/server/identity.js +2 -2
package/dist/server/index.d.ts +5 -4
package/dist/server/index.js +3 -3
package/dist/server/keys.js +10 -1
package/dist/server/limits.js +26 -26
package/dist/server/log.js +28 -0
package/dist/server/mounts.d.ts +1107 -296
package/dist/server/mounts.js +315 -196
package/dist/server/mutations/account.js +11 -14
package/dist/server/mutations/code.js +6 -5
package/dist/server/mutations/invalidate.js +9 -11
package/dist/server/mutations/oauth.js +112 -73
package/dist/server/mutations/refresh.js +47 -97
package/dist/server/mutations/register.js +37 -35
package/dist/server/mutations/retrieve.js +16 -16
package/dist/server/mutations/signature.js +15 -18
package/dist/server/mutations/signin.js +10 -5
package/dist/server/mutations/signout.js +11 -14
package/dist/server/mutations/store.js +25 -18
package/dist/server/mutations/verifier.js +11 -8
package/dist/server/mutations/verify.js +53 -41
package/dist/server/oauth/factory.js +44 -0
package/dist/server/oauth/index.js +12 -0
package/dist/server/oauth/runtime.js +248 -0
package/dist/server/passkey.js +331 -365
package/dist/server/payloads.d.ts +16 -0
package/dist/server/payloads.js +30 -0
package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
package/dist/server/prefetch.js +635 -0
package/dist/server/random.js +19 -0
package/dist/server/redirects.js +10 -5
package/dist/server/refresh.js +14 -86
package/dist/server/runtime.d.ts +531 -31
package/dist/server/runtime.js +106 -267
package/dist/server/secret.js +44 -0
package/dist/server/services/config.js +10 -0
package/dist/server/services/group.js +211 -0
package/dist/server/services/logger.js +8 -0
package/dist/server/services/providers.js +22 -0
package/dist/server/services/refresh.js +8 -0
package/dist/server/services/resolve.js +27 -0
package/dist/server/services/signin.js +8 -0
package/dist/server/sessions.js +35 -34
package/dist/server/signin.js +229 -140
package/dist/server/{enterprise → sso}/config.js +10 -3
package/dist/server/sso/domain.d.ts +614 -0
package/dist/server/sso/domain.js +1175 -0
package/dist/server/sso/http.js +1060 -0
package/dist/server/sso/oidc.js +324 -0
package/dist/server/sso/policies.js +59 -0
package/dist/server/sso/policy.js +139 -0
package/dist/server/sso/profile.js +22 -0
package/dist/server/sso/provision.js +179 -0
package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
package/dist/server/sso/shared.js +74 -0
package/dist/server/sso/validators.js +88 -0
package/dist/server/sso/webhook.js +94 -0
package/dist/server/tokens.js +16 -4
package/dist/server/totp.js +155 -164
package/dist/server/types.d.ts +306 -296
package/dist/server/types.js +1 -30
package/dist/server/url.js +32 -0
package/dist/server/users.js +74 -40
package/dist/server/utils/cache.js +51 -0
package/dist/server/utils/dispatch.js +36 -0
package/dist/server/utils/retry.js +24 -0
package/dist/server/utils/span.js +32 -0
package/dist/shared/errors.js +19 -0
package/dist/shared/log.js +45 -0
package/{src/test.ts → dist/test.d.ts} +21 -22
package/dist/test.js +51 -0
package/package.json +70 -42
package/dist/authorization/index.d.ts.map +0 -1
package/dist/authorization/index.js.map +0 -1
package/dist/client/core/types.d.ts.map +0 -1
package/dist/client/index.d.ts.map +0 -1
package/dist/client/index.js.map +0 -1
package/dist/component/_generated/api.d.ts +0 -75
package/dist/component/_generated/api.d.ts.map +0 -1
package/dist/component/_generated/api.js.map +0 -1
package/dist/component/_generated/component.d.ts.map +0 -1
package/dist/component/_generated/dataModel.d.ts +0 -42
package/dist/component/_generated/dataModel.d.ts.map +0 -1
package/dist/component/_generated/server.d.ts +0 -117
package/dist/component/_generated/server.d.ts.map +0 -1
package/dist/component/_generated/server.js.map +0 -1
package/dist/component/_virtual/rolldown_runtime.js +0 -18
package/dist/component/client/core/types.d.ts +0 -2
package/dist/component/client/index.d.ts +0 -1
package/dist/component/convex.config.d.ts.map +0 -1
package/dist/component/convex.config.js.map +0 -1
package/dist/component/functions.d.ts +0 -25
package/dist/component/functions.d.ts.map +0 -1
package/dist/component/functions.js.map +0 -1
package/dist/component/index.d.ts.map +0 -1
package/dist/component/model.d.ts.map +0 -1
package/dist/component/model.js.map +0 -1
package/dist/component/providers/anonymous.d.ts +0 -54
package/dist/component/providers/anonymous.d.ts.map +0 -1
package/dist/component/providers/credentials.d.ts +0 -38
package/dist/component/providers/credentials.d.ts.map +0 -1
package/dist/component/providers/device.d.ts +0 -67
package/dist/component/providers/device.d.ts.map +0 -1
package/dist/component/providers/email.d.ts +0 -62
package/dist/component/providers/email.d.ts.map +0 -1
package/dist/component/providers/oauth.d.ts +0 -25
package/dist/component/providers/oauth.d.ts.map +0 -1
package/dist/component/providers/oauth.js +0 -13
package/dist/component/providers/oauth.js.map +0 -1
package/dist/component/providers/passkey.d.ts +0 -57
package/dist/component/providers/passkey.d.ts.map +0 -1
package/dist/component/providers/password.d.ts +0 -88
package/dist/component/providers/password.d.ts.map +0 -1
package/dist/component/providers/phone.d.ts +0 -48
package/dist/component/providers/phone.d.ts.map +0 -1
package/dist/component/providers/sso.d.ts +0 -50
package/dist/component/providers/sso.d.ts.map +0 -1
package/dist/component/providers/totp.d.ts +0 -45
package/dist/component/providers/totp.d.ts.map +0 -1
package/dist/component/public/enterprise/audit.d.ts +0 -73
package/dist/component/public/enterprise/audit.d.ts.map +0 -1
package/dist/component/public/enterprise/audit.js.map +0 -1
package/dist/component/public/enterprise/core.d.ts +0 -176
package/dist/component/public/enterprise/core.d.ts.map +0 -1
package/dist/component/public/enterprise/core.js +0 -292
package/dist/component/public/enterprise/core.js.map +0 -1
package/dist/component/public/enterprise/domains.d.ts +0 -174
package/dist/component/public/enterprise/domains.d.ts.map +0 -1
package/dist/component/public/enterprise/domains.js +0 -271
package/dist/component/public/enterprise/domains.js.map +0 -1
package/dist/component/public/enterprise/scim.d.ts +0 -245
package/dist/component/public/enterprise/scim.d.ts.map +0 -1
package/dist/component/public/enterprise/scim.js.map +0 -1
package/dist/component/public/enterprise/secrets.d.ts +0 -78
package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
package/dist/component/public/enterprise/secrets.js +0 -118
package/dist/component/public/enterprise/secrets.js.map +0 -1
package/dist/component/public/enterprise/webhooks.d.ts +0 -211
package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
package/dist/component/public/enterprise/webhooks.js.map +0 -1
package/dist/component/public/factors/devices.d.ts +0 -157
package/dist/component/public/factors/devices.d.ts.map +0 -1
package/dist/component/public/factors/devices.js.map +0 -1
package/dist/component/public/factors/passkeys.d.ts +0 -175
package/dist/component/public/factors/passkeys.d.ts.map +0 -1
package/dist/component/public/factors/passkeys.js.map +0 -1
package/dist/component/public/factors/totp.d.ts +0 -189
package/dist/component/public/factors/totp.d.ts.map +0 -1
package/dist/component/public/factors/totp.js.map +0 -1
package/dist/component/public/groups/core.d.ts +0 -137
package/dist/component/public/groups/core.d.ts.map +0 -1
package/dist/component/public/groups/core.js.map +0 -1
package/dist/component/public/groups/invites.d.ts +0 -217
package/dist/component/public/groups/invites.d.ts.map +0 -1
package/dist/component/public/groups/invites.js.map +0 -1
package/dist/component/public/groups/members.d.ts +0 -204
package/dist/component/public/groups/members.d.ts.map +0 -1
package/dist/component/public/groups/members.js.map +0 -1
package/dist/component/public/identity/accounts.d.ts +0 -147
package/dist/component/public/identity/accounts.d.ts.map +0 -1
package/dist/component/public/identity/accounts.js.map +0 -1
package/dist/component/public/identity/codes.d.ts +0 -104
package/dist/component/public/identity/codes.d.ts.map +0 -1
package/dist/component/public/identity/codes.js.map +0 -1
package/dist/component/public/identity/sessions.d.ts +0 -128
package/dist/component/public/identity/sessions.d.ts.map +0 -1
package/dist/component/public/identity/sessions.js.map +0 -1
package/dist/component/public/identity/tokens.d.ts +0 -169
package/dist/component/public/identity/tokens.d.ts.map +0 -1
package/dist/component/public/identity/tokens.js.map +0 -1
package/dist/component/public/identity/users.d.ts +0 -212
package/dist/component/public/identity/users.d.ts.map +0 -1
package/dist/component/public/identity/users.js.map +0 -1
package/dist/component/public/identity/verifiers.d.ts +0 -116
package/dist/component/public/identity/verifiers.d.ts.map +0 -1
package/dist/component/public/identity/verifiers.js.map +0 -1
package/dist/component/public/security/keys.d.ts +0 -209
package/dist/component/public/security/keys.d.ts.map +0 -1
package/dist/component/public/security/keys.js.map +0 -1
package/dist/component/public/security/limits.d.ts +0 -114
package/dist/component/public/security/limits.d.ts.map +0 -1
package/dist/component/public/security/limits.js.map +0 -1
package/dist/component/public.d.ts +0 -28
package/dist/component/public.d.ts.map +0 -1
package/dist/component/schema.d.ts.map +0 -1
package/dist/component/schema.js.map +0 -1
package/dist/component/server/auth.d.ts +0 -447
package/dist/component/server/auth.d.ts.map +0 -1
package/dist/component/server/auth.js +0 -254
package/dist/component/server/auth.js.map +0 -1
package/dist/component/server/config.js +0 -121
package/dist/component/server/config.js.map +0 -1
package/dist/component/server/context.js +0 -53
package/dist/component/server/context.js.map +0 -1
package/dist/component/server/cookies.js +0 -47
package/dist/component/server/cookies.js.map +0 -1
package/dist/component/server/core.js +0 -576
package/dist/component/server/core.js.map +0 -1
package/dist/component/server/crypto.js +0 -56
package/dist/component/server/crypto.js.map +0 -1
package/dist/component/server/db.js +0 -87
package/dist/component/server/db.js.map +0 -1
package/dist/component/server/device.js +0 -152
package/dist/component/server/device.js.map +0 -1
package/dist/component/server/enterprise/config.js +0 -46
package/dist/component/server/enterprise/config.js.map +0 -1
package/dist/component/server/enterprise/domain.js +0 -974
package/dist/component/server/enterprise/domain.js.map +0 -1
package/dist/component/server/enterprise/http.js +0 -787
package/dist/component/server/enterprise/http.js.map +0 -1
package/dist/component/server/enterprise/oidc.js +0 -248
package/dist/component/server/enterprise/oidc.js.map +0 -1
package/dist/component/server/enterprise/policy.js +0 -85
package/dist/component/server/enterprise/policy.js.map +0 -1
package/dist/component/server/enterprise/saml.js.map +0 -1
package/dist/component/server/enterprise/scim.js.map +0 -1
package/dist/component/server/enterprise/shared.js +0 -51
package/dist/component/server/enterprise/shared.js.map +0 -1
package/dist/component/server/http.d.ts +0 -85
package/dist/component/server/http.d.ts.map +0 -1
package/dist/component/server/http.js +0 -351
package/dist/component/server/http.js.map +0 -1
package/dist/component/server/identity.js +0 -16
package/dist/component/server/identity.js.map +0 -1
package/dist/component/server/keys.js +0 -96
package/dist/component/server/keys.js.map +0 -1
package/dist/component/server/limits.js +0 -52
package/dist/component/server/limits.js.map +0 -1
package/dist/component/server/mutations/account.js +0 -46
package/dist/component/server/mutations/account.js.map +0 -1
package/dist/component/server/mutations/code.js +0 -68
package/dist/component/server/mutations/code.js.map +0 -1
package/dist/component/server/mutations/invalidate.js +0 -32
package/dist/component/server/mutations/invalidate.js.map +0 -1
package/dist/component/server/mutations/oauth.js +0 -116
package/dist/component/server/mutations/oauth.js.map +0 -1
package/dist/component/server/mutations/refresh.js +0 -119
package/dist/component/server/mutations/refresh.js.map +0 -1
package/dist/component/server/mutations/register.js +0 -87
package/dist/component/server/mutations/register.js.map +0 -1
package/dist/component/server/mutations/retrieve.js +0 -61
package/dist/component/server/mutations/retrieve.js.map +0 -1
package/dist/component/server/mutations/signature.js +0 -38
package/dist/component/server/mutations/signature.js.map +0 -1
package/dist/component/server/mutations/signin.js +0 -27
package/dist/component/server/mutations/signin.js.map +0 -1
package/dist/component/server/mutations/signout.js +0 -27
package/dist/component/server/mutations/signout.js.map +0 -1
package/dist/component/server/mutations/store/refs.js +0 -15
package/dist/component/server/mutations/store/refs.js.map +0 -1
package/dist/component/server/mutations/store.js +0 -70
package/dist/component/server/mutations/store.js.map +0 -1
package/dist/component/server/mutations/verifier.js +0 -18
package/dist/component/server/mutations/verifier.js.map +0 -1
package/dist/component/server/mutations/verify.js +0 -98
package/dist/component/server/mutations/verify.js.map +0 -1
package/dist/component/server/oauth.js +0 -242
package/dist/component/server/oauth.js.map +0 -1
package/dist/component/server/passkey.js +0 -415
package/dist/component/server/passkey.js.map +0 -1
package/dist/component/server/redirects.js +0 -40
package/dist/component/server/redirects.js.map +0 -1
package/dist/component/server/refresh.js +0 -99
package/dist/component/server/refresh.js.map +0 -1
package/dist/component/server/runtime.d.ts +0 -136
package/dist/component/server/runtime.d.ts.map +0 -1
package/dist/component/server/runtime.js +0 -456
package/dist/component/server/runtime.js.map +0 -1
package/dist/component/server/sessions.js +0 -71
package/dist/component/server/sessions.js.map +0 -1
package/dist/component/server/signin.js +0 -225
package/dist/component/server/signin.js.map +0 -1
package/dist/component/server/tokens.js +0 -17
package/dist/component/server/tokens.js.map +0 -1
package/dist/component/server/totp.js +0 -208
package/dist/component/server/totp.js.map +0 -1
package/dist/component/server/types.d.ts +0 -949
package/dist/component/server/types.d.ts.map +0 -1
package/dist/component/server/types.js +0 -79
package/dist/component/server/types.js.map +0 -1
package/dist/component/server/users.js +0 -123
package/dist/component/server/users.js.map +0 -1
package/dist/component/server/utils.js +0 -140
package/dist/component/server/utils.js.map +0 -1
package/dist/core/types.d.ts +0 -361
package/dist/core/types.d.ts.map +0 -1
package/dist/factors/device.js +0 -104
package/dist/factors/device.js.map +0 -1
package/dist/factors/passkey.js.map +0 -1
package/dist/factors/totp.js.map +0 -1
package/dist/providers/anonymous.d.ts.map +0 -1
package/dist/providers/anonymous.js.map +0 -1
package/dist/providers/credentials.d.ts.map +0 -1
package/dist/providers/credentials.js.map +0 -1
package/dist/providers/device.d.ts.map +0 -1
package/dist/providers/device.js.map +0 -1
package/dist/providers/email.d.ts.map +0 -1
package/dist/providers/email.js.map +0 -1
package/dist/providers/oauth.d.ts +0 -69
package/dist/providers/oauth.d.ts.map +0 -1
package/dist/providers/oauth.js +0 -43
package/dist/providers/oauth.js.map +0 -1
package/dist/providers/passkey.d.ts.map +0 -1
package/dist/providers/passkey.js.map +0 -1
package/dist/providers/password.d.ts.map +0 -1
package/dist/providers/password.js.map +0 -1
package/dist/providers/phone.d.ts.map +0 -1
package/dist/providers/phone.js.map +0 -1
package/dist/providers/sso.d.ts.map +0 -1
package/dist/providers/sso.js.map +0 -1
package/dist/providers/totp.d.ts.map +0 -1
package/dist/providers/totp.js.map +0 -1
package/dist/runtime/browser.js +0 -68
package/dist/runtime/browser.js.map +0 -1
package/dist/runtime/invite.js.map +0 -1
package/dist/runtime/proxy.js +0 -70
package/dist/runtime/proxy.js.map +0 -1
package/dist/runtime/storage.js +0 -37
package/dist/runtime/storage.js.map +0 -1
package/dist/server/auth.d.ts.map +0 -1
package/dist/server/auth.js.map +0 -1
package/dist/server/config.d.ts +0 -1
package/dist/server/config.js.map +0 -1
package/dist/server/context.d.ts +0 -1
package/dist/server/context.js.map +0 -1
package/dist/server/cookies.d.ts +0 -1
package/dist/server/cookies.js.map +0 -1
package/dist/server/core.d.ts +0 -1315
package/dist/server/core.d.ts.map +0 -1
package/dist/server/core.js.map +0 -1
package/dist/server/crypto.d.ts +0 -8
package/dist/server/crypto.d.ts.map +0 -1
package/dist/server/crypto.js.map +0 -1
package/dist/server/db.d.ts +0 -1
package/dist/server/db.js.map +0 -1
package/dist/server/device.d.ts +0 -1
package/dist/server/device.js.map +0 -1
package/dist/server/enterprise/config.d.ts +0 -1
package/dist/server/enterprise/config.js.map +0 -1
package/dist/server/enterprise/domain.d.ts +0 -401
package/dist/server/enterprise/domain.d.ts.map +0 -1
package/dist/server/enterprise/domain.js +0 -974
package/dist/server/enterprise/domain.js.map +0 -1
package/dist/server/enterprise/http.d.ts +0 -26
package/dist/server/enterprise/http.d.ts.map +0 -1
package/dist/server/enterprise/http.js +0 -787
package/dist/server/enterprise/http.js.map +0 -1
package/dist/server/enterprise/oidc.d.ts +0 -1
package/dist/server/enterprise/oidc.js +0 -248
package/dist/server/enterprise/oidc.js.map +0 -1
package/dist/server/enterprise/policy.d.ts +0 -1
package/dist/server/enterprise/policy.js +0 -85
package/dist/server/enterprise/policy.js.map +0 -1
package/dist/server/enterprise/saml.d.ts +0 -1
package/dist/server/enterprise/saml.js +0 -338
package/dist/server/enterprise/saml.js.map +0 -1
package/dist/server/enterprise/scim.d.ts +0 -1
package/dist/server/enterprise/scim.js +0 -97
package/dist/server/enterprise/scim.js.map +0 -1
package/dist/server/enterprise/shared.d.ts +0 -5
package/dist/server/enterprise/shared.d.ts.map +0 -1
package/dist/server/enterprise/shared.js +0 -51
package/dist/server/enterprise/shared.js.map +0 -1
package/dist/server/enterprise/validators.d.ts +0 -1
package/dist/server/enterprise/validators.js +0 -60
package/dist/server/enterprise/validators.js.map +0 -1
package/dist/server/http.d.ts.map +0 -1
package/dist/server/http.js.map +0 -1
package/dist/server/identity.d.ts +0 -1
package/dist/server/identity.js.map +0 -1
package/dist/server/keys.d.ts +0 -1
package/dist/server/keys.js.map +0 -1
package/dist/server/limits.d.ts +0 -1
package/dist/server/limits.js.map +0 -1
package/dist/server/mounts.d.ts.map +0 -1
package/dist/server/mounts.js.map +0 -1
package/dist/server/mutations/account.d.ts +0 -29
package/dist/server/mutations/account.d.ts.map +0 -1
package/dist/server/mutations/account.js.map +0 -1
package/dist/server/mutations/code.d.ts +0 -30
package/dist/server/mutations/code.d.ts.map +0 -1
package/dist/server/mutations/code.js.map +0 -1
package/dist/server/mutations/index.d.ts +0 -14
package/dist/server/mutations/invalidate.d.ts +0 -20
package/dist/server/mutations/invalidate.d.ts.map +0 -1
package/dist/server/mutations/invalidate.js.map +0 -1
package/dist/server/mutations/oauth.d.ts +0 -30
package/dist/server/mutations/oauth.d.ts.map +0 -1
package/dist/server/mutations/oauth.js.map +0 -1
package/dist/server/mutations/refresh.d.ts +0 -21
package/dist/server/mutations/refresh.d.ts.map +0 -1
package/dist/server/mutations/refresh.js.map +0 -1
package/dist/server/mutations/register.d.ts +0 -38
package/dist/server/mutations/register.d.ts.map +0 -1
package/dist/server/mutations/register.js.map +0 -1
package/dist/server/mutations/retrieve.d.ts +0 -33
package/dist/server/mutations/retrieve.d.ts.map +0 -1
package/dist/server/mutations/retrieve.js.map +0 -1
package/dist/server/mutations/signature.d.ts +0 -21
package/dist/server/mutations/signature.d.ts.map +0 -1
package/dist/server/mutations/signature.js.map +0 -1
package/dist/server/mutations/signin.d.ts +0 -22
package/dist/server/mutations/signin.d.ts.map +0 -1
package/dist/server/mutations/signin.js.map +0 -1
package/dist/server/mutations/signout.d.ts +0 -16
package/dist/server/mutations/signout.d.ts.map +0 -1
package/dist/server/mutations/signout.js.map +0 -1
package/dist/server/mutations/store/refs.d.ts +0 -12
package/dist/server/mutations/store/refs.d.ts.map +0 -1
package/dist/server/mutations/store/refs.js.map +0 -1
package/dist/server/mutations/store.d.ts +0 -306
package/dist/server/mutations/store.d.ts.map +0 -1
package/dist/server/mutations/store.js.map +0 -1
package/dist/server/mutations/verifier.d.ts +0 -13
package/dist/server/mutations/verifier.d.ts.map +0 -1
package/dist/server/mutations/verifier.js.map +0 -1
package/dist/server/mutations/verify.d.ts +0 -26
package/dist/server/mutations/verify.d.ts.map +0 -1
package/dist/server/mutations/verify.js.map +0 -1
package/dist/server/oauth.d.ts +0 -1
package/dist/server/oauth.js +0 -242
package/dist/server/oauth.js.map +0 -1
package/dist/server/passkey.d.ts +0 -27
package/dist/server/passkey.d.ts.map +0 -1
package/dist/server/passkey.js.map +0 -1
package/dist/server/redirects.d.ts +0 -1
package/dist/server/redirects.js.map +0 -1
package/dist/server/refresh.d.ts +0 -1
package/dist/server/refresh.js.map +0 -1
package/dist/server/runtime.d.ts.map +0 -1
package/dist/server/runtime.js.map +0 -1
package/dist/server/sessions.d.ts +0 -1
package/dist/server/sessions.js.map +0 -1
package/dist/server/signin.d.ts +0 -1
package/dist/server/signin.js.map +0 -1
package/dist/server/ssr.d.ts.map +0 -1
package/dist/server/ssr.js +0 -777
package/dist/server/ssr.js.map +0 -1
package/dist/server/templates.d.ts +0 -1
package/dist/server/templates.js.map +0 -1
package/dist/server/tokens.d.ts +0 -1
package/dist/server/tokens.js.map +0 -1
package/dist/server/totp.d.ts +0 -1
package/dist/server/totp.js.map +0 -1
package/dist/server/types.d.ts.map +0 -1
package/dist/server/types.js.map +0 -1
package/dist/server/users.d.ts +0 -1
package/dist/server/users.js.map +0 -1
package/dist/server/utils.d.ts +0 -1
package/dist/server/utils.js +0 -140
package/dist/server/utils.js.map +0 -1
package/src/authorization/index.ts +0 -83
package/src/cli/bin.ts +0 -5
package/src/cli/command.ts +0 -70
package/src/cli/index.ts +0 -1112
package/src/cli/keys.ts +0 -23
package/src/client/core/types.ts +0 -437
package/src/client/factors/device.ts +0 -158
package/src/client/factors/passkey.ts +0 -279
package/src/client/factors/totp.ts +0 -150
package/src/client/index.ts +0 -1124
package/src/client/runtime/browser.ts +0 -112
package/src/client/runtime/invite.ts +0 -63
package/src/client/runtime/proxy.ts +0 -111
package/src/client/runtime/storage.ts +0 -79
package/src/component/_generated/api.ts +0 -96
package/src/component/_generated/component.ts +0 -3774
package/src/component/_generated/dataModel.ts +0 -60
package/src/component/_generated/server.ts +0 -156
package/src/component/convex.config.ts +0 -5
package/src/component/functions.ts +0 -104
package/src/component/index.ts +0 -42
package/src/component/model.ts +0 -449
package/src/component/public/enterprise/audit.ts +0 -125
package/src/component/public/enterprise/core.ts +0 -355
package/src/component/public/enterprise/domains.ts +0 -327
package/src/component/public/enterprise/scim.ts +0 -397
package/src/component/public/enterprise/secrets.ts +0 -133
package/src/component/public/enterprise/webhooks.ts +0 -307
package/src/component/public/factors/devices.ts +0 -224
package/src/component/public/factors/passkeys.ts +0 -243
package/src/component/public/factors/totp.ts +0 -259
package/src/component/public/groups/core.ts +0 -481
package/src/component/public/groups/invites.ts +0 -608
package/src/component/public/groups/members.ts +0 -410
package/src/component/public/identity/accounts.ts +0 -207
package/src/component/public/identity/codes.ts +0 -149
package/src/component/public/identity/sessions.ts +0 -210
package/src/component/public/identity/tokens.ts +0 -251
package/src/component/public/identity/users.ts +0 -355
package/src/component/public/identity/verifiers.ts +0 -158
package/src/component/public/security/keys.ts +0 -366
package/src/component/public/security/limits.ts +0 -174
package/src/component/public.ts +0 -27
package/src/component/schema.ts +0 -505
package/src/providers/anonymous.ts +0 -99
package/src/providers/credentials.ts +0 -102
package/src/providers/device.ts +0 -87
package/src/providers/email.ts +0 -99
package/src/providers/index.ts +0 -31
package/src/providers/oauth.ts +0 -117
package/src/providers/passkey.ts +0 -77
package/src/providers/password.ts +0 -441
package/src/providers/phone.ts +0 -93
package/src/providers/sso.ts +0 -54
package/src/providers/totp.ts +0 -62
package/src/samlify.d.ts +0 -53
package/src/server/auth.ts +0 -949
package/src/server/config.ts +0 -200
package/src/server/context.ts +0 -90
package/src/server/cookies.ts +0 -49
package/src/server/core.ts +0 -2004
package/src/server/crypto.ts +0 -90
package/src/server/db.ts +0 -203
package/src/server/device.ts +0 -254
package/src/server/enterprise/config.ts +0 -51
package/src/server/enterprise/domain.ts +0 -1739
package/src/server/enterprise/http.ts +0 -1331
package/src/server/enterprise/oidc.ts +0 -500
package/src/server/enterprise/policy.ts +0 -128
package/src/server/enterprise/saml.ts +0 -578
package/src/server/enterprise/scim.ts +0 -135
package/src/server/enterprise/shared.ts +0 -134
package/src/server/enterprise/validators.ts +0 -93
package/src/server/http.ts +0 -790
package/src/server/identity.ts +0 -18
package/src/server/index.ts +0 -40
package/src/server/keys.ts +0 -158
package/src/server/limits.ts +0 -107
package/src/server/mounts.ts +0 -924
package/src/server/mutations/account.ts +0 -62
package/src/server/mutations/code.ts +0 -119
package/src/server/mutations/index.ts +0 -13
package/src/server/mutations/invalidate.ts +0 -50
package/src/server/mutations/oauth.ts +0 -243
package/src/server/mutations/refresh.ts +0 -299
package/src/server/mutations/register.ts +0 -155
package/src/server/mutations/retrieve.ts +0 -109
package/src/server/mutations/signature.ts +0 -57
package/src/server/mutations/signin.ts +0 -54
package/src/server/mutations/signout.ts +0 -43
package/src/server/mutations/store/refs.ts +0 -10
package/src/server/mutations/store.ts +0 -123
package/src/server/mutations/verifier.ts +0 -34
package/src/server/mutations/verify.ts +0 -200
package/src/server/oauth.ts +0 -418
package/src/server/passkey.ts +0 -838
package/src/server/redirects.ts +0 -59
package/src/server/refresh.ts +0 -218
package/src/server/runtime.ts +0 -918
package/src/server/sessions.ts +0 -132
package/src/server/signin.ts +0 -445
package/src/server/ssr.ts +0 -1747
package/src/server/templates.ts +0 -82
package/src/server/tokens.ts +0 -35
package/src/server/totp.ts +0 -399
package/src/server/types.ts +0 -1942
package/src/server/users.ts +0 -291
package/src/server/utils.ts +0 -220
/package/dist/{runtime → client/runtime}/invite.js +0 -0

package/dist/server/ssr.js DELETED Viewed

@@ -1,777 +0,0 @@
-import { isLocalHost } from "./utils.js";
-import { Fx } from "@robelest/fx";
-import { makeFunctionReference } from "convex/server";
-import { ConvexError } from "convex/values";
-import { parse, serialize } from "cookie";
-import { ConvexHttpClient } from "convex/browser";
-import { jwtDecode } from "jwt-decode";
-//#region src/server/ssr.ts
-const signInActionRef = makeFunctionReference("auth:signIn");
-const signOutActionRef = makeFunctionReference("auth:signOut");
-const TOKEN_COOKIE_BASE_NAME = "__convexAuthJWT";
-const REFRESH_COOKIE_BASE_NAME = "__convexAuthRefreshToken";
-const VERIFIER_COOKIE_BASE_NAME = "__convexAuthOAuthVerifier";
-const DERIVED_COOKIE_NAMESPACE_FALLBACK = "convexauth";
-/**
-* Derive the cookie names used for auth tokens.
-*
-* On localhost the names are unprefixed; on production hosts they
-* use the `__Host-` prefix for tighter security.
-*
-* @param host - The `Host` header value. Omit to use unprefixed names.
-* @param cookieNamespace - Optional namespace suffix for cookie isolation.
-* @returns An object with `token`, `refreshToken`, and `verifier` cookie names.
-*/
-function authCookieNames(host, cookieNamespace) {
-	const prefix = isLocalHost(host) ? "" : "__Host-";
-	const namespace = normalizeCookieNamespace(cookieNamespace);
-	const suffix = namespace === null ? "" : `_${namespace}`;
-	return {
-		token: `${prefix}${TOKEN_COOKIE_BASE_NAME}${suffix}`,
-		refreshToken: `${prefix}${REFRESH_COOKIE_BASE_NAME}${suffix}`,
-		verifier: `${prefix}${VERIFIER_COOKIE_BASE_NAME}${suffix}`
-	};
-}
-/**
-* Parse auth cookie values from a raw `Cookie` header string.
-*
-* @param cookieHeader - The raw `Cookie` header, or `null`/`undefined`.
-* @param host - The `Host` header, used to determine cookie name prefixes.
-* @param cookieNamespace - Optional namespace suffix for cookie isolation.
-* @returns Parsed {@link AuthCookies} with `token`, `refreshToken`, and `verifier`.
-*/
-function parseAuthCookies(cookieHeader, host, cookieNamespace) {
-	const names = authCookieNames(host, cookieNamespace);
-	const parsed = parse(cookieHeader ?? "");
-	return {
-		token: parsed[names.token] ?? null,
-		refreshToken: parsed[names.refreshToken] ?? null,
-		verifier: parsed[names.verifier] ?? null
-	};
-}
-/**
-* Serialize auth cookies into `Set-Cookie` header strings.
-*
-* Nulled-out values produce deletion cookies (maxAge 0, expired date).
-*
-* @param cookies - The auth cookie values to serialize.
-* @param host - The `Host` header, used for cookie name prefixes and `Secure` flag.
-* @param config - Cookie lifetime config. Defaults to session cookies.
-* @param cookieNamespace - Optional namespace suffix for cookie isolation.
-* @returns An array of three `Set-Cookie` header strings.
-*/
-function serializeAuthCookies(cookies, host, config = { maxAge: null }, cookieNamespace) {
-	const names = authCookieNames(host, cookieNamespace);
-	const base = {
-		path: "/",
-		httpOnly: true,
-		sameSite: "lax",
-		secure: !isLocalHost(host)
-	};
-	const maxAge = config.maxAge ?? void 0;
-	return [
-		serialize(names.token, cookies.token ?? "", {
-			...base,
-			maxAge: cookies.token === null ? 0 : maxAge,
-			expires: cookies.token === null ? /* @__PURE__ */ new Date(0) : void 0
-		}),
-		serialize(names.refreshToken, cookies.refreshToken ?? "", {
-			...base,
-			maxAge: cookies.refreshToken === null ? 0 : maxAge,
-			expires: cookies.refreshToken === null ? /* @__PURE__ */ new Date(0) : void 0
-		}),
-		serialize(names.verifier, cookies.verifier ?? "", {
-			...base,
-			maxAge: cookies.verifier === null ? 0 : maxAge,
-			expires: cookies.verifier === null ? /* @__PURE__ */ new Date(0) : void 0
-		})
-	];
-}
-/**
-* Build structured cookie objects for any SSR framework.
-*
-* Use with SvelteKit's `event.cookies.set()`, TanStack Start's `setCookie()`,
-* Next.js's `cookies().set()`, or any other framework cookie API.
-*
-* @param cookies - The auth cookie values to convert.
-* @param host - The `Host` header, used for cookie name prefixes and `Secure`.
-* @param config - Cookie lifetime config. Defaults to session cookies.
-* @param cookieNamespace - Optional namespace suffix for cookie isolation.
-* @returns Structured cookie descriptors ready for framework cookie APIs.
-*/
-function structuredAuthCookies(cookies, host, config = { maxAge: null }, cookieNamespace) {
-	const names = authCookieNames(host, cookieNamespace);
-	const base = {
-		path: "/",
-		httpOnly: true,
-		secure: !isLocalHost(host),
-		sameSite: "lax"
-	};
-	const maxAge = config.maxAge ?? void 0;
-	return [
-		{
-			name: names.token,
-			value: cookies.token ?? "",
-			options: {
-				...base,
-				maxAge: cookies.token === null ? 0 : maxAge,
-				expires: cookies.token === null ? /* @__PURE__ */ new Date(0) : void 0
-			}
-		},
-		{
-			name: names.refreshToken,
-			value: cookies.refreshToken ?? "",
-			options: {
-				...base,
-				maxAge: cookies.refreshToken === null ? 0 : maxAge,
-				expires: cookies.refreshToken === null ? /* @__PURE__ */ new Date(0) : void 0
-			}
-		},
-		{
-			name: names.verifier,
-			value: cookies.verifier ?? "",
-			options: {
-				...base,
-				maxAge: cookies.verifier === null ? 0 : maxAge,
-				expires: cookies.verifier === null ? /* @__PURE__ */ new Date(0) : void 0
-			}
-		}
-	];
-}
-/**
-* Check whether a request pathname matches the auth proxy route.
-*
-* Handles trailing-slash ambiguity: both `/api/auth` and `/api/auth/`
-* match regardless of how `apiRoute` is configured.
-*
-* @param pathname - The request URL pathname.
-* @param apiRoute - The configured proxy route (e.g. `"/api/auth"`).
-* @returns `true` when the pathname matches the proxy route.
-*
-* @see {@link server}
-*/
-function shouldProxyAuthAction(pathname, apiRoute) {
-	if (apiRoute.endsWith("/")) return pathname === apiRoute || pathname === apiRoute.slice(0, -1);
-	return pathname === apiRoute || pathname === `${apiRoute}/`;
-}
-const REQUIRED_TOKEN_LIFETIME_MS = 6e4;
-const MINIMUM_REQUIRED_TOKEN_LIFETIME_MS = 1e4;
-function normalizeCookieNamespace(cookieNamespace) {
-	if (cookieNamespace === void 0 || cookieNamespace === null) return null;
-	const normalized = cookieNamespace.trim().replace(/[^a-zA-Z0-9]+/g, "_").replace(/^_+|_+$/g, "").toLowerCase();
-	return normalized.length > 0 ? normalized : null;
-}
-/**
-* Safely check if a string is a valid URL without throwing.
-*/
-function canParseUrl(value) {
-	try {
-		new URL(value);
-		return true;
-	} catch {
-		return false;
-	}
-}
-function serializeAuthCookie(cookie) {
-	const parts = [`${cookie.name}=${cookie.value}`, `Path=${cookie.options.path}`];
-	if (cookie.options.httpOnly) parts.push("HttpOnly");
-	if (cookie.options.secure) parts.push("Secure");
-	if (cookie.options.sameSite) parts.push(`SameSite=${cookie.options.sameSite}`);
-	if (cookie.options.maxAge !== void 0) parts.push(`Max-Age=${cookie.options.maxAge}`);
-	if (cookie.options.expires) parts.push(`Expires=${cookie.options.expires.toUTCString()}`);
-	return parts.join("; ");
-}
-function buildRedirectResponse(location, cookies) {
-	const headers = new Headers({ Location: location });
-	for (const cookie of cookies) headers.append("Set-Cookie", serializeAuthCookie(cookie));
-	return new Response(null, {
-		status: 302,
-		headers
-	});
-}
-function deriveCookieNamespaceFromUrl(url) {
-	if (!canParseUrl(url)) return DERIVED_COOKIE_NAMESPACE_FALLBACK;
-	const parsed = new URL(url);
-	return normalizeCookieNamespace(`${parsed.hostname}${parsed.pathname}`) ?? DERIVED_COOKIE_NAMESPACE_FALLBACK;
-}
-function normalizeIssuer(value) {
-	if (!canParseUrl(value)) return value.replace(/\/+$/, "");
-	const parsed = new URL(value);
-	const pathname = parsed.pathname === "/" ? "" : parsed.pathname.replace(/\/+$/, "");
-	return `${parsed.protocol}//${parsed.host}${pathname}`;
-}
-function convexSiteIssuerFromCloudUrl(value) {
-	if (!canParseUrl(value)) return null;
-	const parsed = new URL(value);
-	if (!parsed.hostname.endsWith(".convex.cloud")) return null;
-	parsed.hostname = parsed.hostname.slice(0, -13) + ".convex.site";
-	return normalizeIssuer(parsed.toString());
-}
-function defaultAcceptedIssuersForUrl(value) {
-	const issuers = [normalizeIssuer(value)];
-	const siteIssuer = convexSiteIssuerFromCloudUrl(value);
-	if (siteIssuer !== null) issuers.push(siteIssuer);
-	return issuers;
-}
-/**
-* Create an SSR auth helper for server-side frameworks.
-*
-* Handles cookie-based token management, OAuth code exchange,
-* and automatic JWT refresh on page loads. Works with any
-* framework that gives you a `Request` object — SvelteKit,
-* TanStack Start, Remix, Next.js, etc.
-*
-* @param options - SSR configuration (Convex API URL, issuer rules, proxy route, cookie lifetime).
-* @returns An object with `token`, `verify`, `proxy`, and `refresh` methods.
-*
-* @example SvelteKit hooks
-* ```ts
-* // src/hooks.server.ts
-* import { server } from '@robelest/convex-auth/server';
-*
-* const auth = server({ url: CONVEX_URL });
-*
-* export const handle = async ({ event, resolve }) => {
-*   const { cookies, token } = await auth.refresh(event.request);
-*   for (const c of cookies) event.cookies.set(c.name, c.value, c.options);
-*   event.locals.token = token;
-*   return resolve(event);
-* };
-* ```
-*
-* @example Generic proxy endpoint
-* ```ts
-* if (shouldProxyAuthAction(url.pathname, '/api/auth')) {
-*   return auth.proxy(request);
-* }
-* ```
-*
-* @param options - Server-side auth configuration including Convex URL,
-*   accepted issuers, proxy route, and cookie behavior.
-* @returns SSR helpers for reading tokens, refreshing cookies, and proxying
-*   auth actions through an httpOnly-cookie layer.
-*
-* @see {@link shouldProxyAuthAction}
-*/
-function server(options) {
-	const convexUrl = options.url;
-	const apiRoute = options.apiRoute ?? "/api/auth";
-	const cookieConfig = { maxAge: options.cookieMaxAge ?? null };
-	const verbose = options.verbose ?? false;
-	const cookieNamespace = normalizeCookieNamespace(options.cookieNamespace) ?? deriveCookieNamespaceFromUrl(convexUrl);
-	const acceptedIssuers = new Set((options.acceptedIssuers ?? defaultAcceptedIssuersForUrl(convexUrl)).map(normalizeIssuer).filter((issuer) => issuer.length > 0));
-	return {
-		token(request) {
-			return parseAuthCookies(request.headers.get("cookie"), request.headers.get("host") ?? new URL(request.url).host, cookieNamespace).token;
-		},
-		async verify(request) {
-			const token = parseAuthCookies(request.headers.get("cookie"), request.headers.get("host") ?? new URL(request.url).host, cookieNamespace).token;
-			if (token === null) return false;
-			const decodedToken = await Fx.run(Fx.attempt(async () => jwtDecode(token), (decoded) => decoded, () => null));
-			if (decodedToken?.exp === void 0 || decodedToken.iss === void 0) return false;
-			if (!acceptedIssuers.has(normalizeIssuer(decodedToken.iss))) return false;
-			return decodedToken.exp * 1e3 > Date.now();
-		},
-		async proxy(request) {
-			const requestDispatch = !shouldProxyAuthAction(new URL(request.url).pathname, apiRoute) ? { kind: "invalidRoute" } : request.method !== "POST" ? { kind: "invalidMethod" } : (() => {
-				const originHeader = request.headers.get("origin");
-				if (originHeader === null) return false;
-				const forwardedProtoHeader = request.headers.get("x-forwarded-proto");
-				const protocol = forwardedProtoHeader !== null ? (() => {
-					const forwardedProto = forwardedProtoHeader.split(",")[0]?.trim();
-					if (forwardedProto !== void 0 && forwardedProto.length > 0) return forwardedProto.endsWith(":") ? forwardedProto : `${forwardedProto}:`;
-					return new URL(request.url).protocol;
-				})() : new URL(request.url).protocol;
-				const requestHost = request.headers.get("host") ?? new URL(request.url).host;
-				const hostCandidate = `${protocol}//${requestHost}`;
-				const host$1 = canParseUrl(hostCandidate) ? new URL(hostCandidate).host : requestHost;
-				if (!canParseUrl(originHeader)) return true;
-				const originUrl = new URL(originHeader);
-				return originUrl.host !== host$1 || originUrl.protocol !== protocol;
-			})() ? { kind: "invalidOrigin" } : { kind: "valid" };
-			const validationErrorResponse = await Fx.run(Fx.match(requestDispatch, requestDispatch.kind, {
-				invalidRoute: () => new Response("Invalid route", { status: 404 }),
-				invalidMethod: () => new Response("Invalid method", { status: 405 }),
-				invalidOrigin: () => new Response("Invalid origin", { status: 403 }),
-				valid: () => null
-			}));
-			if (validationErrorResponse !== null) return validationErrorResponse;
-			const body = await Fx.run(Fx.attempt(async () => {
-				const parsed = await request.json();
-				if (typeof parsed !== "object" || parsed === null) return null;
-				return parsed;
-			}, (parsed) => parsed, () => null));
-			if (body === null) return new Response("Invalid request body", { status: 400 });
-			const action = body.action;
-			const args = typeof body.args === "object" && body.args !== null ? body.args : {};
-			const actionDispatch = action === "auth:signIn" ? { action: "sessionStart" } : action === "auth:signOut" ? { action: "sessionStop" } : null;
-			if (actionDispatch === null) return new Response("Invalid action", { status: 400 });
-			const host = request.headers.get("host") ?? new URL(request.url).host;
-			const currentCookies = parseAuthCookies(request.headers.get("cookie"), host, cookieNamespace);
-			return Fx.run(Fx.match(actionDispatch, actionDispatch.action, {
-				sessionStart: (_) => Fx.promise(async () => {
-					const refreshDispatch = args.refreshToken === void 0 ? { kind: "passthrough" } : currentCookies.refreshToken === null ? { kind: "refreshRequestedWithoutCookie" } : {
-						kind: "hydrateRefreshFromCookie",
-						refreshToken: currentCookies.refreshToken
-					};
-					const refreshResponse = await Fx.run(Fx.match(refreshDispatch, refreshDispatch.kind, {
-						passthrough: async () => null,
-						hydrateRefreshFromCookie: async ({ refreshToken }) => {
-							args.refreshToken = refreshToken;
-							return null;
-						},
-						refreshRequestedWithoutCookie: async () => {
-							const currentToken = currentCookies.token;
-							const decodedToken = currentToken === null ? null : await Fx.run(Fx.attempt(async () => jwtDecode(currentToken), (decoded) => decoded, () => null));
-							const tokenDispatch = currentToken !== null && decodedToken?.exp !== void 0 && decodedToken.iss !== void 0 && acceptedIssuers.has(normalizeIssuer(decodedToken.iss)) && decodedToken.exp * 1e3 > Date.now() ? {
-								kind: "validToken",
-								token: currentToken
-							} : { kind: "missingToken" };
-							return await Fx.run(Fx.match(tokenDispatch, tokenDispatch.kind, {
-								validToken: ({ token }) => new Response(JSON.stringify({ tokens: {
-									token,
-									refreshToken: "dummy"
-								} }), {
-									status: 200,
-									headers: { "Content-Type": "application/json" }
-								}),
-								missingToken: () => new Response(JSON.stringify({ tokens: null }), {
-									status: 200,
-									headers: { "Content-Type": "application/json" }
-								})
-							}));
-						}
-					}));
-					const refreshDecision = refreshResponse !== null ? {
-						kind: "shortCircuit",
-						response: refreshResponse
-					} : { kind: "continue" };
-					const maybeShortCircuitResponse = await Fx.run(Fx.match(refreshDecision, refreshDecision.kind, {
-						shortCircuit: ({ response }) => response,
-						continue: () => null
-					}));
-					if (maybeShortCircuitResponse !== null) return maybeShortCircuitResponse;
-					const client = new ConvexHttpClient(convexUrl);
-					const authDispatch = args.refreshToken === void 0 && args.params?.code === void 0 && currentCookies.token !== null ? {
-						kind: "attachAuth",
-						token: currentCookies.token
-					} : { kind: "skipAuth" };
-					await Fx.run(Fx.match(authDispatch, authDispatch.kind, {
-						attachAuth: ({ token }) => {
-							client.setAuth(token);
-						},
-						skipAuth: () => void 0
-					}));
-					return Fx.run(Fx.from({
-						ok: () => client.action(signInActionRef, args),
-						err: (error) => error
-					}).pipe(Fx.fold({
-						ok: (result) => Fx.run(Fx.match(result, result.kind, {
-							redirect: (redirectResult) => {
-								const response = new Response(JSON.stringify({
-									kind: "redirect",
-									redirect: redirectResult.redirect,
-									verifier: redirectResult.verifier
-								}), {
-									status: 200,
-									headers: { "Content-Type": "application/json" }
-								});
-								for (const value of serializeAuthCookies({
-									...currentCookies,
-									verifier: redirectResult.verifier
-								}, host, cookieConfig, cookieNamespace)) response.headers.append("Set-Cookie", value);
-								return Fx.succeed(response);
-							},
-							signedIn: (signedInResult) => {
-								const response = new Response(JSON.stringify({
-									kind: "signedIn",
-									tokens: signedInResult.tokens === null ? null : {
-										token: signedInResult.tokens.token,
-										refreshToken: "dummy"
-									}
-								}), {
-									status: 200,
-									headers: { "Content-Type": "application/json" }
-								});
-								for (const value of serializeAuthCookies({
-									token: signedInResult.tokens?.token ?? null,
-									refreshToken: signedInResult.tokens?.refreshToken ?? null,
-									verifier: null
-								}, host, cookieConfig, cookieNamespace)) response.headers.append("Set-Cookie", value);
-								return Fx.succeed(response);
-							},
-							started: (startedResult) => Fx.succeed(new Response(JSON.stringify(startedResult), {
-								status: 200,
-								headers: { "Content-Type": "application/json" }
-							})),
-							passkeyOptions: (passkeyOptionsResult) => Fx.succeed(new Response(JSON.stringify(passkeyOptionsResult), {
-								status: 200,
-								headers: { "Content-Type": "application/json" }
-							})),
-							totpRequired: (totpRequiredResult) => Fx.succeed(new Response(JSON.stringify(totpRequiredResult), {
-								status: 200,
-								headers: { "Content-Type": "application/json" }
-							})),
-							totpSetup: (totpSetupResult) => Fx.succeed(new Response(JSON.stringify(totpSetupResult), {
-								status: 200,
-								headers: { "Content-Type": "application/json" }
-							})),
-							deviceCode: (deviceCodeResult) => Fx.succeed(new Response(JSON.stringify(deviceCodeResult), {
-								status: 200,
-								headers: { "Content-Type": "application/json" }
-							}))
-						})),
-						err: (error) => {
-							const errorBody = error instanceof ConvexError && typeof error.data === "object" && error.data !== null && "code" in error.data ? {
-								error: error.data.message ?? String(error),
-								authError: error.data
-							} : { error: error instanceof Error ? error.message : String(error) };
-							const response = new Response(JSON.stringify(errorBody), {
-								status: 400,
-								headers: { "Content-Type": "application/json" }
-							});
-							const clearSession = args.refreshToken !== void 0 && error instanceof ConvexError && typeof error.data === "object" && error.data !== null && error.data.code === "INVALID_REFRESH_TOKEN";
-							for (const value of serializeAuthCookies({
-								token: clearSession ? null : currentCookies.token,
-								refreshToken: clearSession ? null : currentCookies.refreshToken,
-								verifier: null
-							}, host, cookieConfig, cookieNamespace)) response.headers.append("Set-Cookie", value);
-							return response;
-						}
-					})));
-				}),
-				sessionStop: (_) => Fx.promise(async () => {
-					await Fx.run(Fx.from({
-						ok: () => (() => {
-							const client = new ConvexHttpClient(convexUrl);
-							if (currentCookies.token !== null) client.setAuth(currentCookies.token);
-							return client.action(signOutActionRef);
-						})(),
-						err: (error) => error
-					}).pipe(Fx.recover((error) => {
-						console.error("[convex-auth/server] proxy sign-out failed", error);
-						const fallbackDispatch = currentCookies.refreshToken !== null ? {
-							kind: "attemptFallback",
-							refreshToken: currentCookies.refreshToken
-						} : { kind: "skipFallback" };
-						return Fx.match(fallbackDispatch, fallbackDispatch.kind, {
-							attemptFallback: ({ refreshToken }) => Fx.from({
-								ok: async () => {
-									const refreshed = await new ConvexHttpClient(convexUrl).action(signInActionRef, { refreshToken });
-									const refreshedTokens = await Fx.run(Fx.match(refreshed, refreshed.kind, {
-										signedIn: (signedInResult) => Fx.succeed(signedInResult.tokens),
-										redirect: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for sign-out fallback refresh")),
-										started: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for sign-out fallback refresh")),
-										passkeyOptions: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for sign-out fallback refresh")),
-										totpRequired: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for sign-out fallback refresh")),
-										totpSetup: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for sign-out fallback refresh")),
-										deviceCode: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for sign-out fallback refresh"))
-									}));
-									const fallbackSignOutDispatch = refreshedTokens !== null ? {
-										kind: "signOutWithRefreshed",
-										token: refreshedTokens.token
-									} : { kind: "skipRefreshedSignOut" };
-									await Fx.run(Fx.match(fallbackSignOutDispatch, fallbackSignOutDispatch.kind, {
-										signOutWithRefreshed: ({ token }) => Fx.promise(async () => {
-											const client = new ConvexHttpClient(convexUrl);
-											client.setAuth(token);
-											await client.action(signOutActionRef);
-										}),
-										skipRefreshedSignOut: () => Fx.succeed(void 0)
-									}));
-								},
-								err: (error$1) => error$1
-							}).pipe(Fx.recover((fallbackError) => {
-								console.error("[convex-auth/server] proxy sign-out fallback failed", fallbackError);
-								return Fx.succeed(void 0);
-							})),
-							skipFallback: () => Fx.succeed(void 0)
-						});
-					}), Fx.map(() => void 0)));
-					const response = new Response(JSON.stringify(null), {
-						status: 200,
-						headers: { "Content-Type": "application/json" }
-					});
-					for (const value of serializeAuthCookies({
-						token: null,
-						refreshToken: null,
-						verifier: null
-					}, host, cookieConfig, cookieNamespace)) response.headers.append("Set-Cookie", value);
-					return response;
-				})
-			}));
-		},
-		async refresh(request) {
-			const host = request.headers.get("host") ?? new URL(request.url).host;
-			const currentCookies = parseAuthCookies(request.headers.get("cookie"), host, cookieNamespace);
-			const currentToken = currentCookies.token;
-			const originHeader = request.headers.get("origin");
-			const forwardedProtoHeader = request.headers.get("x-forwarded-proto");
-			const protocol = forwardedProtoHeader !== null ? (() => {
-				const forwardedProto = forwardedProtoHeader.split(",")[0]?.trim();
-				if (forwardedProto !== void 0 && forwardedProto.length > 0) return forwardedProto.endsWith(":") ? forwardedProto : `${forwardedProto}:`;
-				return new URL(request.url).protocol;
-			})() : new URL(request.url).protocol;
-			const requestHost = request.headers.get("host") ?? new URL(request.url).host;
-			const hostCandidate = `${protocol}//${requestHost}`;
-			const normalizedHost = canParseUrl(hostCandidate) ? new URL(hostCandidate).host : requestHost;
-			const originUrl = originHeader !== null && canParseUrl(originHeader) ? new URL(originHeader) : null;
-			const corsDispatch = originHeader !== null && (originUrl === null || originUrl.host !== normalizedHost || originUrl.protocol !== protocol) ? { kind: "crossOrigin" } : { kind: "sameOrigin" };
-			const corsRefreshResult = await Fx.run(Fx.match(corsDispatch, corsDispatch.kind, {
-				crossOrigin: () => ({
-					redirect: false,
-					cookies: [],
-					token: null
-				}),
-				sameOrigin: () => null
-			}));
-			if (corsRefreshResult !== null) return corsRefreshResult;
-			const requestUrl = new URL(request.url);
-			const code = requestUrl.searchParams.get("code");
-			const shouldHandleCode = options.shouldHandleCode === void 0 ? true : typeof options.shouldHandleCode === "function" ? await options.shouldHandleCode(request) : options.shouldHandleCode;
-			const codeExchangeDispatch = code !== null && request.method === "GET" && request.headers.get("accept")?.includes("text/html") && shouldHandleCode ? {
-				kind: "exchange",
-				code
-			} : { kind: "skip" };
-			const codeExchangeResult = await Fx.run(Fx.match(codeExchangeDispatch, codeExchangeDispatch.kind, {
-				exchange: async ({ code: verificationCode }) => {
-					const redirectUrl = new URL(requestUrl.toString());
-					return Fx.run(Fx.from({
-						ok: async () => {
-							const result = await new ConvexHttpClient(convexUrl).action(signInActionRef, {
-								params: { code: verificationCode },
-								verifier: currentCookies.verifier ?? void 0
-							});
-							return {
-								kind: "signedIn",
-								tokens: await Fx.run(Fx.match(result, result.kind, {
-									signedIn: (signedInResult) => Fx.succeed(signedInResult.tokens),
-									redirect: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for code exchange")),
-									started: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for code exchange")),
-									passkeyOptions: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for code exchange")),
-									totpRequired: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for code exchange")),
-									totpSetup: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for code exchange")),
-									deviceCode: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for code exchange"))
-								}))
-							};
-						},
-						err: (error) => error
-					}).pipe(Fx.fold({
-						ok: (result) => {
-							redirectUrl.searchParams.delete("code");
-							const cookies = structuredAuthCookies({
-								token: result.tokens?.token ?? null,
-								refreshToken: result.tokens?.refreshToken ?? null,
-								verifier: null
-							}, host, cookieConfig, cookieNamespace);
-							return {
-								redirect: true,
-								response: buildRedirectResponse(redirectUrl.toString(), cookies)
-							};
-						},
-						err: (error) => {
-							console.error("[convex-auth/server] code exchange failed", error);
-							const errorCode = error instanceof ConvexError && typeof error.data === "object" && error.data !== null && typeof error.data.code === "string" ? error.data.code : null;
-							if (!(errorCode === "OAUTH_INVALID_STATE" || errorCode === "OAUTH_PROVIDER_ERROR" || errorCode === "OAUTH_MISSING_ID_TOKEN" || errorCode === "OAUTH_INVALID_PROFILE" || errorCode === "OAUTH_MISSING_VERIFIER" || errorCode === "INVALID_VERIFIER" || errorCode === "INVALID_VERIFICATION_CODE")) return {
-								redirect: false,
-								cookies: [],
-								token: currentCookies.token
-							};
-							redirectUrl.searchParams.delete("code");
-							const cookies = structuredAuthCookies({
-								token: currentCookies.token,
-								refreshToken: currentCookies.refreshToken,
-								verifier: null
-							}, host, cookieConfig, cookieNamespace);
-							return {
-								redirect: true,
-								response: buildRedirectResponse(redirectUrl.toString(), cookies)
-							};
-						}
-					})));
-				},
-				skip: async () => null
-			}));
-			const codeExchangeDecision = codeExchangeResult !== null ? {
-				kind: "done",
-				result: codeExchangeResult
-			} : { kind: "continue" };
-			const maybeCodeExchangeResult = await Fx.run(Fx.match(codeExchangeDecision, codeExchangeDecision.kind, {
-				done: ({ result }) => result,
-				continue: () => null
-			}));
-			if (maybeCodeExchangeResult !== null) return maybeCodeExchangeResult;
-			const tokens = await Fx.run(Fx.gen(function* () {
-				const { token, refreshToken } = currentCookies;
-				const malformedRefreshTokenDispatch = refreshToken !== null && (refreshToken.trim().length === 0 || refreshToken === "dummy") ? { kind: "malformed" } : { kind: "ok" };
-				const malformedRefreshTokenResult = yield* Fx.match(malformedRefreshTokenDispatch, malformedRefreshTokenDispatch.kind, {
-					malformed: () => {
-						if (verbose) console.debug(`${(/* @__PURE__ */ new Date()).toISOString()} [convex-auth/server] Refresh token cookie malformed, clearing auth cookies`);
-						return null;
-					},
-					ok: () => void 0
-				});
-				if (malformedRefreshTokenResult !== void 0) return malformedRefreshTokenResult;
-				const decodedToken = token === null ? null : yield* Fx.attempt(async () => jwtDecode(token), (decoded) => decoded, () => null);
-				const issuerDispatch = decodedToken?.iss !== void 0 && !acceptedIssuers.has(normalizeIssuer(decodedToken.iss)) ? { kind: "issuerMismatch" } : { kind: "issuerOk" };
-				const issuerResult = yield* Fx.match(issuerDispatch, issuerDispatch.kind, {
-					issuerMismatch: () => {
-						if (verbose) console.debug(`${(/* @__PURE__ */ new Date()).toISOString()} [convex-auth/server] Access token issuer mismatch, clearing auth cookies`);
-						return null;
-					},
-					issuerOk: () => void 0
-				});
-				if (issuerResult !== void 0) return issuerResult;
-				const tokenState = token === null ? refreshToken === null ? { kind: "none" } : {
-					kind: "refreshOnly",
-					refreshToken
-				} : refreshToken === null ? {
-					kind: "accessOnly",
-					token
-				} : {
-					kind: "both",
-					token,
-					refreshToken
-				};
-				return yield* Fx.match(tokenState, tokenState.kind, {
-					none: () => {
-						if (verbose) console.debug(`${(/* @__PURE__ */ new Date()).toISOString()} [convex-auth/server] No auth cookies found, skipping refresh`);
-						return Fx.succeed(void 0);
-					},
-					refreshOnly: ({ refreshToken: refreshTokenValue }) => {
-						if (verbose) console.debug(`${(/* @__PURE__ */ new Date()).toISOString()} [convex-auth/server] Access token cookie missing, attempting refresh-token recovery`);
-						return Fx.from({
-							ok: async () => {
-								const result = await new ConvexHttpClient(convexUrl).action(signInActionRef, { refreshToken: refreshTokenValue });
-								const tokens$1 = await Fx.run(Fx.match(result, result.kind, {
-									signedIn: (signedInResult) => Fx.succeed(signedInResult.tokens),
-									redirect: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for token refresh")),
-									started: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for token refresh")),
-									passkeyOptions: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for token refresh")),
-									totpRequired: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for token refresh")),
-									totpSetup: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for token refresh")),
-									deviceCode: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for token refresh"))
-								}));
-								if (verbose) console.debug(`${(/* @__PURE__ */ new Date()).toISOString()} [convex-auth/server] Refreshed tokens, null=${tokens$1 === null}`);
-								return tokens$1;
-							},
-							err: (error) => error
-						}).pipe(Fx.recover((error) => {
-							console.error("[convex-auth/server] refresh-token exchange failed", error);
-							if ((error instanceof ConvexError && typeof error.data === "object" && error.data !== null && typeof error.data.code === "string" ? error.data.code : null) === "INVALID_REFRESH_TOKEN") {
-								if (verbose) console.debug(`${(/* @__PURE__ */ new Date()).toISOString()} [convex-auth/server] Refresh token rejected, clearing auth cookies`);
-								return Fx.succeed(null);
-							}
-							if (verbose) console.debug(`${(/* @__PURE__ */ new Date()).toISOString()} [convex-auth/server] Token refresh failed transiently, keeping current cookies`);
-							return Fx.succeed(void 0);
-						}));
-					},
-					accessOnly: () => {
-						const accessOnlyDispatch = decodedToken?.exp !== void 0 && decodedToken.iss !== void 0 && acceptedIssuers.has(normalizeIssuer(decodedToken.iss)) && decodedToken.exp * 1e3 > Date.now() ? { kind: "accessValid" } : { kind: "accessInvalid" };
-						return Fx.match(accessOnlyDispatch, accessOnlyDispatch.kind, {
-							accessValid: () => {
-								if (verbose) console.debug(`${(/* @__PURE__ */ new Date()).toISOString()} [convex-auth/server] Refresh token cookie missing but access token still valid`);
-								return Fx.succeed(void 0);
-							},
-							accessInvalid: () => {
-								if (verbose) console.debug(`${(/* @__PURE__ */ new Date()).toISOString()} [convex-auth/server] Refresh token cookie missing and access token invalid, clearing`);
-								return Fx.succeed(null);
-							}
-						});
-					},
-					both: ({ refreshToken: refreshTokenValue }) => {
-						const bothDecodeDispatch = decodedToken?.exp === void 0 || decodedToken.iat === void 0 ? { kind: "undecodable" } : {
-							kind: "decoded",
-							decodedToken
-						};
-						return Fx.match(bothDecodeDispatch, bothDecodeDispatch.kind, {
-							undecodable: () => {
-								if (verbose) console.debug(`${(/* @__PURE__ */ new Date()).toISOString()} [convex-auth/server] Failed to decode access token, attempting refresh-token recovery`);
-								return Fx.from({
-									ok: async () => {
-										const result = await new ConvexHttpClient(convexUrl).action(signInActionRef, { refreshToken: refreshTokenValue });
-										const tokens$1 = await Fx.run(Fx.match(result, result.kind, {
-											signedIn: (signedInResult) => Fx.succeed(signedInResult.tokens),
-											redirect: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for token refresh")),
-											started: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for token refresh")),
-											passkeyOptions: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for token refresh")),
-											totpRequired: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for token refresh")),
-											totpSetup: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for token refresh")),
-											deviceCode: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for token refresh"))
-										}));
-										if (verbose) console.debug(`${(/* @__PURE__ */ new Date()).toISOString()} [convex-auth/server] Refreshed tokens, null=${tokens$1 === null}`);
-										return tokens$1;
-									},
-									err: (error) => error
-								}).pipe(Fx.recover((error) => {
-									console.error("[convex-auth/server] refresh-token exchange failed", error);
-									if ((error instanceof ConvexError && typeof error.data === "object" && error.data !== null && typeof error.data.code === "string" ? error.data.code : null) === "INVALID_REFRESH_TOKEN") {
-										if (verbose) console.debug(`${(/* @__PURE__ */ new Date()).toISOString()} [convex-auth/server] Refresh token rejected, clearing auth cookies`);
-										return Fx.succeed(null);
-									}
-									if (verbose) console.debug(`${(/* @__PURE__ */ new Date()).toISOString()} [convex-auth/server] Token refresh failed transiently, keeping current cookies`);
-									return Fx.succeed(void 0);
-								}));
-							},
-							decoded: ({ decodedToken: decodedAccessToken }) => {
-								const totalTokenLifetimeMs = decodedAccessToken.exp * 1e3 - decodedAccessToken.iat * 1e3;
-								const minimumExpiration = Date.now() + Math.min(REQUIRED_TOKEN_LIFETIME_MS, Math.max(MINIMUM_REQUIRED_TOKEN_LIFETIME_MS, totalTokenLifetimeMs / 10));
-								const expirationDispatch = decodedAccessToken.exp * 1e3 > minimumExpiration ? { kind: "skipRefresh" } : { kind: "refresh" };
-								return Fx.match(expirationDispatch, expirationDispatch.kind, {
-									skipRefresh: () => {
-										if (verbose) console.debug(`${(/* @__PURE__ */ new Date()).toISOString()} [convex-auth/server] Token valid long enough, skipping refresh`);
-										return Fx.succeed(void 0);
-									},
-									refresh: () => Fx.from({
-										ok: async () => {
-											const result = await new ConvexHttpClient(convexUrl).action(signInActionRef, { refreshToken: refreshTokenValue });
-											const tokens$1 = await Fx.run(Fx.match(result, result.kind, {
-												signedIn: (signedInResult) => Fx.succeed(signedInResult.tokens),
-												redirect: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for token refresh")),
-												started: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for token refresh")),
-												passkeyOptions: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for token refresh")),
-												totpRequired: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for token refresh")),
-												totpSetup: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for token refresh")),
-												deviceCode: () => Fx.fatal(/* @__PURE__ */ new Error("Invalid `auth:signIn` result for token refresh"))
-											}));
-											if (verbose) console.debug(`${(/* @__PURE__ */ new Date()).toISOString()} [convex-auth/server] Refreshed tokens, null=${tokens$1 === null}`);
-											return tokens$1;
-										},
-										err: (error) => error
-									}).pipe(Fx.recover((error) => {
-										console.error("[convex-auth/server] refresh-token exchange failed", error);
-										if ((error instanceof ConvexError && typeof error.data === "object" && error.data !== null && typeof error.data.code === "string" ? error.data.code : null) === "INVALID_REFRESH_TOKEN") {
-											if (verbose) console.debug(`${(/* @__PURE__ */ new Date()).toISOString()} [convex-auth/server] Refresh token rejected, clearing auth cookies`);
-											return Fx.succeed(null);
-										}
-										if (verbose) console.debug(`${(/* @__PURE__ */ new Date()).toISOString()} [convex-auth/server] Token refresh failed transiently, keeping current cookies`);
-										return Fx.succeed(void 0);
-									}))
-								});
-							}
-						});
-					}
-				});
-			}));
-			if (tokens === void 0) return {
-				redirect: false,
-				cookies: [],
-				token: currentToken
-			};
-			return {
-				redirect: false,
-				cookies: structuredAuthCookies({
-					token: tokens?.token ?? null,
-					refreshToken: tokens?.refreshToken ?? null,
-					verifier: null
-				}, host, cookieConfig, cookieNamespace),
-				token: tokens?.token ?? null
-			};
-		}
-	};
-}
-//#endregion
-export { authCookieNames, parseAuthCookies, serializeAuthCookies, server, shouldProxyAuthAction, structuredAuthCookies };
-//# sourceMappingURL=ssr.js.map