@supabase/server 1.1.0-rc.64 → 1.1.0-rc.65

package/README.md

@@ -264,15 +264,58 @@ withSupabase(
 
 Adapters wrap `withSupabase` for a specific framework's middleware contract. They ship inside `@supabase/server`, so a single `npm install @supabase/server` covers the framework you're using — no separate package per adapter.
 
-> **Adapters are a community initiative.** Every adapter in this repo originated as a community contribution — Hono and H3 included. The Supabase team reviews PRs, runs security and regression triage, and ships releases; the original contributor is the de-facto domain expert for their adapter and the first responder on framework-version bumps. Want to add a new one? See [`src/adapters/README.md`](src/adapters/README.md) for the contribution requirements (tests, types, docs, build wiring).
+> **Adapters are a community-driven initiative.** They're developed, maintained, and evolved by contributors — including responding to upstream framework changes. See [`src/adapters/README.md`](src/adapters/README.md) for the contribution requirements (tests, types, docs, build wiring) if you'd like to add or help maintain one.
 
-| Framework | Import                           | Framework version | Docs                                           |
-| --------- | -------------------------------- | ----------------- | ---------------------------------------------- |
-| Hono      | `@supabase/server/adapters/hono` | `^4.0.0`          | [docs/adapters/hono.md](docs/adapters/hono.md) |
-| H3 / Nuxt | `@supabase/server/adapters/h3`   | `^2.0.0`          | [docs/adapters/h3.md](docs/adapters/h3.md)     |
+| Framework | Import                             | Framework version | Docs                                               |
+| --------- | ---------------------------------- | ----------------- | -------------------------------------------------- |
+| Hono      | `@supabase/server/adapters/hono`   | `^4.0.0`          | [docs/adapters/hono.md](docs/adapters/hono.md)     |
+| H3 / Nuxt | `@supabase/server/adapters/h3`     | `^2.0.0`          | [docs/adapters/h3.md](docs/adapters/h3.md)         |
+| Elysia    | `@supabase/server/adapters/elysia` | `^1.4.0`          | [docs/adapters/elysia.md](docs/adapters/elysia.md) |
 
 See the per-adapter docs above for setup, per-route auth, CORS, error handling, and other patterns.
 
+### Elysia
+
+```ts
+import { Elysia } from 'elysia'
+import { withSupabase } from '@supabase/server/adapters/elysia'
+
+const app = new Elysia()
+  // Protected — plugin resolves supabaseContext before handlers run
+  .use(withSupabase({ auth: 'user' }))
+  .get('/games', async ({ supabaseContext }) => {
+    const { data: myGames } = await supabaseContext.supabase
+      .from('favorite_games')
+      .select()
+    return myGames
+  })
+  // Public — no plugin means no auth
+  .get('/health', () => ({ status: 'ok' }))
+
+app.listen(3000)
+```
+
+For per-route auth, use scoped groups:
+
+```ts
+import { Elysia } from 'elysia'
+import { withSupabase } from '@supabase/server/adapters/elysia'
+
+const app = new Elysia()
+  .get('/health', () => ({ status: 'ok' }))
+  .group('/api', (app) =>
+    app
+      .use(withSupabase({ auth: 'user' }))
+      .get('/profile', async ({ supabaseContext }) => {
+        return supabaseContext.userClaims
+      }),
+  )
+
+app.listen(3000)
+```
+
+The adapter does not handle CORS — use `@elysiajs/cors` for that.
+
 ## Primitives
 
 For when you need more control than `withSupabase` provides — multiple routes with different auth, custom response headers, or building your own wrapper.
@@ -407,7 +450,7 @@ For other environments, pass overrides via the `env` config option or `resolveEn
 | **Deno / Bun**              | Works out of the box via `export default { fetch }`.                                                                                      |
 | **Node.js**                 | Use a [framework adapter](#framework-adapters) or [core primitives](#primitives) with your framework of choice.                           |
 
-Using a framework? See [Framework Adapters](#framework-adapters) for Hono and H3 / Nuxt, or [`docs/ssr-frameworks.md`](docs/ssr-frameworks.md) for Next.js / SvelteKit / Remix (compose with [`@supabase/ssr`](https://github.com/supabase/ssr)).
+Using a framework? See [Framework Adapters](#framework-adapters) for Hono, H3 / Nuxt, and Elysia, or [`docs/ssr-frameworks.md`](docs/ssr-frameworks.md) for Next.js / SvelteKit / Remix (compose with [`@supabase/ssr`](https://github.com/supabase/ssr)).
 
 ### Does this replace `@supabase/ssr`?
 
@@ -415,12 +458,13 @@ No. `@supabase/ssr` handles cookie-based session management for frameworks like
 
 ## Exports
 
-| Export                           | What's in it                                                                                                      |
-| -------------------------------- | ----------------------------------------------------------------------------------------------------------------- |
-| `@supabase/server`               | `withSupabase`, `createSupabaseContext`                                                                           |
-| `@supabase/server/core`          | `verifyAuth`, `verifyCredentials`, `extractCredentials`, `createContextClient`, `createAdminClient`, `resolveEnv` |
-| `@supabase/server/adapters/hono` | `withSupabase` (Hono middleware)                                                                                  |
-| `@supabase/server/adapters/h3`   | `withSupabase` (H3 / Nuxt middleware)                                                                             |
+| Export                             | What's in it                                                                                                      |
+| ---------------------------------- | ----------------------------------------------------------------------------------------------------------------- |
+| `@supabase/server`                 | `withSupabase`, `createSupabaseContext`                                                                           |
+| `@supabase/server/core`            | `verifyAuth`, `verifyCredentials`, `extractCredentials`, `createContextClient`, `createAdminClient`, `resolveEnv` |
+| `@supabase/server/adapters/hono`   | `withSupabase` (Hono middleware)                                                                                  |
+| `@supabase/server/adapters/h3`     | `withSupabase` (H3 / Nuxt middleware)                                                                             |
+| `@supabase/server/adapters/elysia` | `withSupabase` (Elysia plugin)                                                                                    |
 
 ## Documentation
 
@@ -431,6 +475,7 @@ No. `@supabase/ssr` handles cookie-based session management for frameworks like
 | Which framework adapters exist? How do I contribute one?            | [`src/adapters/README.md`](src/adapters/README.md)               |
 | How do I use this with Hono?                                        | [`docs/adapters/hono.md`](docs/adapters/hono.md)                 |
 | How do I use this with H3 / Nuxt?                                   | [`docs/adapters/h3.md`](docs/adapters/h3.md)                     |
+| How do I use this with Elysia?                                      | [`docs/adapters/elysia.md`](docs/adapters/elysia.md)             |
 | How do I use low-level primitives for custom flows?                 | [`docs/core-primitives.md`](docs/core-primitives.md)             |
 | How do environment variables work across runtimes?                  | [`docs/environment-variables.md`](docs/environment-variables.md) |
 | How do I handle errors? What codes exist?                           | [`docs/error-handling.md`](docs/error-handling.md)               |

package/dist/adapters/elysia/index.cjs

@@ -0,0 +1,66 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_create_supabase_context = require('../../create-supabase-context-CKv-4AIg.cjs');
+let elysia = require("elysia");
+
+//#region src/adapters/elysia/plugin.ts
+var SupabaseError = class extends Error {
+	constructor(inner) {
+		super(inner.message, { cause: inner });
+		this.status = inner.status;
+	}
+};
+/**
+* Elysia plugin that creates a {@link SupabaseContext} and makes it available in route handlers.
+*
+* Skips if a previous plugin already set the context, enabling route-level overrides.
+* Throws a `SupabaseError` on auth failure. `.status` is on the error directly; the original
+* `AuthError` is available as the typed `.cause`. Discriminate in `onError` via `code === 'SupabaseError'`.
+*
+* @param config - Auth modes and optional environment overrides. CORS is excluded — use Elysia's CORS utilities.
+* @returns An Elysia plugin that exposes `supabaseContext`.
+*
+* @example App-wide auth via `.use()`
+* ```ts
+* import { Elysia } from 'elysia'
+* import { withSupabase } from '@supabase/server/adapters/elysia'
+*
+* const app = new Elysia()
+*   .use(withSupabase({ allow: 'user' }))
+*   .get('/games', async ({ supabaseContext }) => {
+*     const { data } = await supabaseContext.supabase.from('favorite_games').select()
+*     return data
+*   })
+*
+* app.listen(3000)
+* ```
+*
+* @example Per-route auth via scoped `.use()`
+* ```ts
+* import { Elysia } from 'elysia'
+* import { withSupabase } from '@supabase/server/adapters/elysia'
+*
+* const app = new Elysia()
+*   .get('/health', () => ({ status: 'ok' }))
+*   .group('/api', (app) =>
+*     app
+*       .use(withSupabase({ allow: 'user' }))
+*       .get('/profile', async ({ supabaseContext }) => {
+*         return supabaseContext.userClaims
+*       })
+*   )
+*
+* app.listen(3000)
+* ```
+*/
+function withSupabase(config) {
+	return new elysia.Elysia().error({ SupabaseError }).resolve(async (ctx) => {
+		const existing = ctx.supabaseContext;
+		if (existing) return { supabaseContext: existing };
+		const { data, error } = await require_create_supabase_context.createSupabaseContext(ctx.request, config);
+		if (error) throw new SupabaseError(error);
+		return { supabaseContext: data };
+	}).as("scoped");
+}
+
+//#endregion
+exports.withSupabase = withSupabase;

package/dist/adapters/elysia/index.d.cts

@@ -0,0 +1,90 @@
+import { t as AuthError } from "../../errors-fa-CyugW.cjs";
+import { d as SupabaseContext, m as WithSupabaseConfig } from "../../types-CwKZOVIv.cjs";
+import * as elysia from "elysia";
+import { Elysia } from "elysia";
+
+//#region src/adapters/elysia/plugin.d.ts
+declare class SupabaseError extends Error {
+  status: number;
+  cause: AuthError;
+  constructor(inner: AuthError);
+}
+/**
+ * Elysia plugin that creates a {@link SupabaseContext} and makes it available in route handlers.
+ *
+ * Skips if a previous plugin already set the context, enabling route-level overrides.
+ * Throws a `SupabaseError` on auth failure. `.status` is on the error directly; the original
+ * `AuthError` is available as the typed `.cause`. Discriminate in `onError` via `code === 'SupabaseError'`.
+ *
+ * @param config - Auth modes and optional environment overrides. CORS is excluded — use Elysia's CORS utilities.
+ * @returns An Elysia plugin that exposes `supabaseContext`.
+ *
+ * @example App-wide auth via `.use()`
+ * ```ts
+ * import { Elysia } from 'elysia'
+ * import { withSupabase } from '@supabase/server/adapters/elysia'
+ *
+ * const app = new Elysia()
+ *   .use(withSupabase({ allow: 'user' }))
+ *   .get('/games', async ({ supabaseContext }) => {
+ *     const { data } = await supabaseContext.supabase.from('favorite_games').select()
+ *     return data
+ *   })
+ *
+ * app.listen(3000)
+ * ```
+ *
+ * @example Per-route auth via scoped `.use()`
+ * ```ts
+ * import { Elysia } from 'elysia'
+ * import { withSupabase } from '@supabase/server/adapters/elysia'
+ *
+ * const app = new Elysia()
+ *   .get('/health', () => ({ status: 'ok' }))
+ *   .group('/api', (app) =>
+ *     app
+ *       .use(withSupabase({ allow: 'user' }))
+ *       .get('/profile', async ({ supabaseContext }) => {
+ *         return supabaseContext.userClaims
+ *       })
+ *   )
+ *
+ * app.listen(3000)
+ * ```
+ */
+declare function withSupabase(config?: Omit<WithSupabaseConfig, 'cors'>): Elysia<"", {
+  decorator: {};
+  store: {};
+  derive: {};
+  resolve: {};
+}, {
+  typebox: {};
+  error: {
+    readonly SupabaseError: SupabaseError;
+  };
+}, {
+  schema: {};
+  standaloneSchema: {};
+  macro: {};
+  macroFn: {};
+  parser: {};
+  response: {};
+}, {}, {
+  derive: {};
+  resolve: {
+    supabaseContext: SupabaseContext;
+  };
+  schema: {};
+  standaloneSchema: {};
+  response: elysia.ExtractErrorFromHandle<{
+    supabaseContext: SupabaseContext;
+  }>;
+}, {
+  derive: {};
+  resolve: {};
+  schema: {};
+  standaloneSchema: {};
+  response: {};
+}>;
+//#endregion
+export { withSupabase };

package/dist/adapters/elysia/index.d.mts

@@ -0,0 +1,90 @@
+import { t as AuthError } from "../../errors-C43um2Gg.mjs";
+import { d as SupabaseContext, m as WithSupabaseConfig } from "../../types-DbvLfq25.mjs";
+import * as elysia from "elysia";
+import { Elysia } from "elysia";
+
+//#region src/adapters/elysia/plugin.d.ts
+declare class SupabaseError extends Error {
+  status: number;
+  cause: AuthError;
+  constructor(inner: AuthError);
+}
+/**
+ * Elysia plugin that creates a {@link SupabaseContext} and makes it available in route handlers.
+ *
+ * Skips if a previous plugin already set the context, enabling route-level overrides.
+ * Throws a `SupabaseError` on auth failure. `.status` is on the error directly; the original
+ * `AuthError` is available as the typed `.cause`. Discriminate in `onError` via `code === 'SupabaseError'`.
+ *
+ * @param config - Auth modes and optional environment overrides. CORS is excluded — use Elysia's CORS utilities.
+ * @returns An Elysia plugin that exposes `supabaseContext`.
+ *
+ * @example App-wide auth via `.use()`
+ * ```ts
+ * import { Elysia } from 'elysia'
+ * import { withSupabase } from '@supabase/server/adapters/elysia'
+ *
+ * const app = new Elysia()
+ *   .use(withSupabase({ allow: 'user' }))
+ *   .get('/games', async ({ supabaseContext }) => {
+ *     const { data } = await supabaseContext.supabase.from('favorite_games').select()
+ *     return data
+ *   })
+ *
+ * app.listen(3000)
+ * ```
+ *
+ * @example Per-route auth via scoped `.use()`
+ * ```ts
+ * import { Elysia } from 'elysia'
+ * import { withSupabase } from '@supabase/server/adapters/elysia'
+ *
+ * const app = new Elysia()
+ *   .get('/health', () => ({ status: 'ok' }))
+ *   .group('/api', (app) =>
+ *     app
+ *       .use(withSupabase({ allow: 'user' }))
+ *       .get('/profile', async ({ supabaseContext }) => {
+ *         return supabaseContext.userClaims
+ *       })
+ *   )
+ *
+ * app.listen(3000)
+ * ```
+ */
+declare function withSupabase(config?: Omit<WithSupabaseConfig, 'cors'>): Elysia<"", {
+  decorator: {};
+  store: {};
+  derive: {};
+  resolve: {};
+}, {
+  typebox: {};
+  error: {
+    readonly SupabaseError: SupabaseError;
+  };
+}, {
+  schema: {};
+  standaloneSchema: {};
+  macro: {};
+  macroFn: {};
+  parser: {};
+  response: {};
+}, {}, {
+  derive: {};
+  resolve: {
+    supabaseContext: SupabaseContext;
+  };
+  schema: {};
+  standaloneSchema: {};
+  response: elysia.ExtractErrorFromHandle<{
+    supabaseContext: SupabaseContext;
+  }>;
+}, {
+  derive: {};
+  resolve: {};
+  schema: {};
+  standaloneSchema: {};
+  response: {};
+}>;
+//#endregion
+export { withSupabase };

package/dist/adapters/elysia/index.mjs

@@ -0,0 +1,65 @@
+import { t as createSupabaseContext } from "../../create-supabase-context-BxSEJN8a.mjs";
+import { Elysia } from "elysia";
+
+//#region src/adapters/elysia/plugin.ts
+var SupabaseError = class extends Error {
+	constructor(inner) {
+		super(inner.message, { cause: inner });
+		this.status = inner.status;
+	}
+};
+/**
+* Elysia plugin that creates a {@link SupabaseContext} and makes it available in route handlers.
+*
+* Skips if a previous plugin already set the context, enabling route-level overrides.
+* Throws a `SupabaseError` on auth failure. `.status` is on the error directly; the original
+* `AuthError` is available as the typed `.cause`. Discriminate in `onError` via `code === 'SupabaseError'`.
+*
+* @param config - Auth modes and optional environment overrides. CORS is excluded — use Elysia's CORS utilities.
+* @returns An Elysia plugin that exposes `supabaseContext`.
+*
+* @example App-wide auth via `.use()`
+* ```ts
+* import { Elysia } from 'elysia'
+* import { withSupabase } from '@supabase/server/adapters/elysia'
+*
+* const app = new Elysia()
+*   .use(withSupabase({ allow: 'user' }))
+*   .get('/games', async ({ supabaseContext }) => {
+*     const { data } = await supabaseContext.supabase.from('favorite_games').select()
+*     return data
+*   })
+*
+* app.listen(3000)
+* ```
+*
+* @example Per-route auth via scoped `.use()`
+* ```ts
+* import { Elysia } from 'elysia'
+* import { withSupabase } from '@supabase/server/adapters/elysia'
+*
+* const app = new Elysia()
+*   .get('/health', () => ({ status: 'ok' }))
+*   .group('/api', (app) =>
+*     app
+*       .use(withSupabase({ allow: 'user' }))
+*       .get('/profile', async ({ supabaseContext }) => {
+*         return supabaseContext.userClaims
+*       })
+*   )
+*
+* app.listen(3000)
+* ```
+*/
+function withSupabase(config) {
+	return new Elysia().error({ SupabaseError }).resolve(async (ctx) => {
+		const existing = ctx.supabaseContext;
+		if (existing) return { supabaseContext: existing };
+		const { data, error } = await createSupabaseContext(ctx.request, config);
+		if (error) throw new SupabaseError(error);
+		return { supabaseContext: data };
+	}).as("scoped");
+}
+
+//#endregion
+export { withSupabase };

package/dist/adapters/h3/index.d.cts

@@ -1,4 +1,4 @@
-import { d as SupabaseContext, m as WithSupabaseConfig } from "../../types-Bjy1j07i.cjs";
+import { d as SupabaseContext, m as WithSupabaseConfig } from "../../types-CwKZOVIv.cjs";
 import { Middleware } from "h3";
 
 //#region src/adapters/h3/middleware.d.ts

package/dist/adapters/h3/index.d.mts

@@ -1,4 +1,4 @@
-import { d as SupabaseContext, m as WithSupabaseConfig } from "../../types-DP9l5Cvf.mjs";
+import { d as SupabaseContext, m as WithSupabaseConfig } from "../../types-DbvLfq25.mjs";
 import { Middleware } from "h3";
 
 //#region src/adapters/h3/middleware.d.ts

package/dist/adapters/hono/index.d.cts

@@ -1,4 +1,4 @@
-import { d as SupabaseContext, m as WithSupabaseConfig } from "../../types-Bjy1j07i.cjs";
+import { d as SupabaseContext, m as WithSupabaseConfig } from "../../types-CwKZOVIv.cjs";
 import { MiddlewareHandler } from "hono";
 
 //#region src/adapters/hono/middleware.d.ts

package/dist/adapters/hono/index.d.mts

@@ -1,4 +1,4 @@
-import { d as SupabaseContext, m as WithSupabaseConfig } from "../../types-DP9l5Cvf.mjs";
+import { d as SupabaseContext, m as WithSupabaseConfig } from "../../types-DbvLfq25.mjs";
 import { MiddlewareHandler } from "hono";
 
 //#region src/adapters/hono/middleware.d.ts

package/dist/core/index.d.cts

@@ -1,5 +1,5 @@
-import { a as AuthResult, c as CreateContextClientOptions, f as SupabaseEnv, i as AuthModeWithKey, l as Credentials, o as ClientAuth, s as CreateAdminClientOptions } from "../types-Bjy1j07i.cjs";
-import { i as EnvError, t as AuthError } from "../errors-CZFEYnV_.cjs";
+import { i as EnvError, t as AuthError } from "../errors-fa-CyugW.cjs";
+import { a as AuthResult, c as CreateContextClientOptions, f as SupabaseEnv, i as AuthModeWithKey, l as Credentials, o as ClientAuth, s as CreateAdminClientOptions } from "../types-CwKZOVIv.cjs";
 import { SupabaseClient } from "@supabase/supabase-js";
 
 //#region src/core/resolve-env.d.ts

package/dist/core/index.d.mts

@@ -1,5 +1,5 @@
-import { a as AuthResult, c as CreateContextClientOptions, f as SupabaseEnv, i as AuthModeWithKey, l as Credentials, o as ClientAuth, s as CreateAdminClientOptions } from "../types-DP9l5Cvf.mjs";
-import { i as EnvError, t as AuthError } from "../errors-0dbzn5gA.mjs";
+import { i as EnvError, t as AuthError } from "../errors-C43um2Gg.mjs";
+import { a as AuthResult, c as CreateContextClientOptions, f as SupabaseEnv, i as AuthModeWithKey, l as Credentials, o as ClientAuth, s as CreateAdminClientOptions } from "../types-DbvLfq25.mjs";
 import { SupabaseClient } from "@supabase/supabase-js";
 
 //#region src/core/resolve-env.d.ts

package/dist/index.d.cts

@@ -1,5 +1,5 @@
-import { a as AuthResult, c as CreateContextClientOptions, d as SupabaseContext, f as SupabaseEnv, i as AuthModeWithKey, l as Credentials, m as WithSupabaseConfig, n as AllowWithKey, o as ClientAuth, p as UserClaims, r as AuthMode, s as CreateAdminClientOptions, t as Allow, u as JWTClaims } from "./types-Bjy1j07i.cjs";
-import { a as EnvGenericError, c as MissingDefaultPublishableKeyError, d as MissingSecretKeyError, f as MissingSupabaseURLError, i as EnvError, l as MissingDefaultSecretKeyError, n as AuthGenericError, o as Errors, r as CreateSupabaseClientError, s as InvalidCredentialsError, t as AuthError, u as MissingPublishableKeyError } from "./errors-CZFEYnV_.cjs";
+import { a as EnvGenericError, c as MissingDefaultPublishableKeyError, d as MissingSecretKeyError, f as MissingSupabaseURLError, i as EnvError, l as MissingDefaultSecretKeyError, n as AuthGenericError, o as Errors, r as CreateSupabaseClientError, s as InvalidCredentialsError, t as AuthError, u as MissingPublishableKeyError } from "./errors-fa-CyugW.cjs";
+import { a as AuthResult, c as CreateContextClientOptions, d as SupabaseContext, f as SupabaseEnv, i as AuthModeWithKey, l as Credentials, m as WithSupabaseConfig, n as AllowWithKey, o as ClientAuth, p as UserClaims, r as AuthMode, s as CreateAdminClientOptions, t as Allow, u as JWTClaims } from "./types-CwKZOVIv.cjs";
 
 //#region src/with-supabase.d.ts
 /**

package/dist/index.d.mts

@@ -1,5 +1,5 @@
-import { a as AuthResult, c as CreateContextClientOptions, d as SupabaseContext, f as SupabaseEnv, i as AuthModeWithKey, l as Credentials, m as WithSupabaseConfig, n as AllowWithKey, o as ClientAuth, p as UserClaims, r as AuthMode, s as CreateAdminClientOptions, t as Allow, u as JWTClaims } from "./types-DP9l5Cvf.mjs";
-import { a as EnvGenericError, c as MissingDefaultPublishableKeyError, d as MissingSecretKeyError, f as MissingSupabaseURLError, i as EnvError, l as MissingDefaultSecretKeyError, n as AuthGenericError, o as Errors, r as CreateSupabaseClientError, s as InvalidCredentialsError, t as AuthError, u as MissingPublishableKeyError } from "./errors-0dbzn5gA.mjs";
+import { a as EnvGenericError, c as MissingDefaultPublishableKeyError, d as MissingSecretKeyError, f as MissingSupabaseURLError, i as EnvError, l as MissingDefaultSecretKeyError, n as AuthGenericError, o as Errors, r as CreateSupabaseClientError, s as InvalidCredentialsError, t as AuthError, u as MissingPublishableKeyError } from "./errors-C43um2Gg.mjs";
+import { a as AuthResult, c as CreateContextClientOptions, d as SupabaseContext, f as SupabaseEnv, i as AuthModeWithKey, l as Credentials, m as WithSupabaseConfig, n as AllowWithKey, o as ClientAuth, p as UserClaims, r as AuthMode, s as CreateAdminClientOptions, t as Allow, u as JWTClaims } from "./types-DbvLfq25.mjs";
 
 //#region src/with-supabase.d.ts
 /**

package/docs/adapters/elysia.md

@@ -0,0 +1,140 @@
+# Elysia Adapter
+
+## Setup
+
+Install Elysia as a peer dependency:
+
+```bash
+pnpm add elysia
+```
+
+The adapter exports its own `withSupabase` that returns an Elysia plugin instead of a fetch handler.
+
+## Basic app with auth
+
+```ts
+import { Elysia } from 'elysia'
+import { withSupabase } from '@supabase/server/adapters/elysia'
+
+const app = new Elysia()
+  .use(withSupabase({ auth: 'user' }))
+  .get('/todos', async ({ supabaseContext }) => {
+    const { data } = await supabaseContext.supabase.from('todos').select()
+    return data
+  })
+
+app.listen(3000)
+```
+
+The context is available as `supabaseContext` in your route handlers and contains the same `SupabaseContext` fields as the main `withSupabase` wrapper: `supabase`, `supabaseAdmin`, `userClaims`, `jwtClaims`, and `authMode`.
+
+## Per-route auth
+
+Apply different auth modes to different routes by using the plugin on scoped route groups:
+
+```ts
+import { Elysia } from 'elysia'
+import { withSupabase } from '@supabase/server/adapters/elysia'
+
+const app = new Elysia()
+  // Public route — no auth
+  .get('/health', () => ({ status: 'ok' }))
+  // User-authenticated routes
+  .group('/api', (app) =>
+    app
+      .use(withSupabase({ auth: 'user' }))
+      .get('/todos', async ({ supabaseContext }) => {
+        const { data } = await supabaseContext.supabase.from('todos').select()
+        return data
+      }),
+  )
+  // Secret-key-protected admin routes
+  .group('/admin', (app) =>
+    app
+      .use(withSupabase({ auth: 'secret' }))
+      .post('/sync', async ({ supabaseContext }) => {
+        const { data } = await supabaseContext.supabaseAdmin
+          .from('audit_log')
+          .insert({ action: 'sync' })
+        return data
+      }),
+  )
+
+app.listen(3000)
+```
+
+## Skip behavior
+
+If a previous plugin already resolved `supabaseContext`, subsequent `withSupabase` calls skip auth. This allows chaining plugins without redundant work.
+
+**Important:** The plugin calls `.as('scoped')` so its `resolve` hook propagates one level up to the parent app — routes registered after `.use(withSupabase(...))` will see `supabaseContext`. The skip-if-set pattern cannot make a route stricter than an already-resolved context.
+
+For routes that need different auth than the rest of the app, use scoped `.group()` with `.use(withSupabase(...))` without an app-wide plugin (see the "Per-route auth" section above).
+
+## CORS
+
+The Elysia adapter does not handle CORS — the `cors` option is excluded from its config type. Use Elysia's CORS plugin:
+
+```ts
+import { Elysia } from 'elysia'
+import { cors } from '@elysiajs/cors'
+import { withSupabase } from '@supabase/server/adapters/elysia'
+
+const app = new Elysia()
+  .use(cors())
+  .use(withSupabase({ auth: 'user' }))
+  .get('/todos', async ({ supabaseContext }) => {
+    const { data } = await supabaseContext.supabase.from('todos').select()
+    return data
+  })
+
+app.listen(3000)
+```
+
+## Error handling
+
+When auth fails, the plugin throws a `SupabaseError`. The HTTP status is on `.status` directly, and the original `AuthError` is available as the typed `.cause`. Discriminate in `onError` via `code === 'SupabaseError'`:
+
+```ts
+import { Elysia } from 'elysia'
+import { withSupabase } from '@supabase/server/adapters/elysia'
+
+const app = new Elysia()
+  .use(withSupabase({ auth: 'user' }))
+  .onError(({ code, error, status }) => {
+    if (code !== 'SupabaseError') return
+    return status(error.status as 401, {
+      error: error.message,
+      code: error.cause.code,
+    })
+  })
+  .get('/todos', async ({ supabaseContext }) => {
+    const { data } = await supabaseContext.supabase.from('todos').select()
+    return data
+  })
+
+app.listen(3000)
+```
+
+Without a custom `onError`, Elysia uses the `status` property on the thrown `SupabaseError` to set the response status automatically (401 for auth failures, 500 for internal errors).
+
+## Environment overrides
+
+Pass `env` to override auto-detected environment variables, same as the main wrapper:
+
+```ts
+app.use(withSupabase({ auth: 'user', env: { url: 'http://localhost:54321' } }))
+```
+
+## Supabase client options
+
+Forward options to the underlying `createClient()` calls:
+
+```ts
+app.use(
+  withSupabase({
+    auth: 'user',
+    supabaseOptions: { db: { schema: 'api' } },
+  }),
+)
+```

package/docs/api-reference.md

@@ -134,6 +134,38 @@ Defaults to `auth: 'user'` when config is omitted.
 
 ---
 
+## @supabase/server/adapters/h3
+
+### withSupabase (H3)
+
+```ts
+function withSupabase(config?: Omit<WithSupabaseConfig, 'cors'>): Middleware
+```
+
+H3 middleware. Sets `event.context.supabaseContext` on the H3 event. Throws `HTTPError` on auth failure with `cause: AuthError`.
+
+Skips if `event.context.supabaseContext` is already set (enables chained middleware).
+
+Defaults to `auth: 'user'` when config is omitted.
+
+---
+
+## @supabase/server/adapters/elysia
+
+### withSupabase (Elysia)
+
+```ts
+function withSupabase(config?: Omit<WithSupabaseConfig, 'cors'>): Elysia
+```
+
+Elysia plugin that resolves `supabaseContext` into the request context. Throws an error on auth failure with `cause: AuthError`.
+
+Skips if `supabaseContext` is already resolved by a prior plugin.
+
+Defaults to `auth: 'user'` when config is omitted.
+
+---
+
 ## Types
 
 ### AuthMode

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@supabase/server",
-  "version": "1.1.0-rc.64",
+  "version": "1.1.0-rc.65",
   "description": "Server-side utilities for Supabase. Handles auth, client creation, and context injection so you write business logic, not boilerplate.",
   "keywords": [
     "edge",
@@ -39,6 +39,11 @@
       "import": "./dist/adapters/h3/index.mjs",
       "require": "./dist/adapters/h3/index.cjs"
     },
+    "./adapters/elysia": {
+      "types": "./dist/adapters/elysia/index.d.mts",
+      "import": "./dist/adapters/elysia/index.mjs",
+      "require": "./dist/adapters/elysia/index.cjs"
+    },
     "./package.json": "./package.json"
   },
   "main": "./dist/index.cjs",
@@ -72,7 +77,8 @@
   "peerDependencies": {
     "@supabase/supabase-js": "^2.0.0",
     "h3": "^2.0.0",
-    "hono": "^4.0.0"
+    "hono": "^4.0.0",
+    "elysia": "^1.4.0"
   },
   "peerDependenciesMeta": {
     "h3": {
@@ -80,6 +86,9 @@
     },
     "hono": {
       "optional": true
+    },
+    "elysia": {
+      "optional": true
     }
   },
   "devDependencies": {
@@ -87,6 +96,7 @@
     "@commitlint/config-conventional": "^20.4.2",
     "@supabase/supabase-js": "^2.105.4",
     "eslint": "^10.0.2",
+    "elysia": "^1.4.0",
     "h3": "2.0.1-rc.20",
     "hono": "^4.12.5",
     "prettier": "3.8.1",