@veloxts/orm 0.6.68 → 0.6.70

package/CHANGELOG.md

@@ -1,5 +1,90 @@
 # @veloxts/orm
 
+## 0.6.70
+
+### Patch Changes
+
+- ### feat(auth): Unified Adapter-Only Architecture
+
+  **New Features:**
+
+  - Add `JwtAdapter` implementing the `AuthAdapter` interface for unified JWT authentication
+  - Add `jwtAuth()` convenience function for direct adapter usage with optional built-in routes (`/api/auth/refresh`, `/api/auth/logout`)
+  - Add `AuthContext` discriminated union (`NativeAuthContext | AdapterAuthContext`) for type-safe auth mode handling
+  - Add double-registration protection to prevent conflicting auth system setups
+  - Add shared decoration utilities (`decorateAuth`, `setRequestAuth`, `checkDoubleRegistration`)
+
+  **Architecture Changes:**
+
+  - `authPlugin` now uses `JwtAdapter` internally - all authentication flows through the adapter pattern
+  - Single code path for authentication (no more dual native/adapter modes)
+  - `authContext.authMode` is now always `'adapter'` with `providerId='jwt'` when using `authPlugin`
+
+  **Breaking Changes:**
+
+  - Remove deprecated `LegacySessionConfig` interface (use `sessionMiddleware` instead)
+  - Remove deprecated `session` field from `AuthConfig`
+  - `User` interface no longer has index signature (extend via declaration merging)
+
+  **Type Safety Improvements:**
+
+  - `AuthContext` discriminated union enables exhaustive type narrowing based on `authMode`
+  - Export `NativeAuthContext` and `AdapterAuthContext` types for explicit typing
+
+  **Migration:**
+
+  - Existing `authPlugin` usage remains backward-compatible
+  - If checking `authContext.token`, use `authContext.session` instead (token stored in session for adapter mode)
+
+- Updated dependencies
+  - @veloxts/core@0.6.70
+
+## 0.6.69
+
+### Patch Changes
+
+- implement user feedback improvements across packages
+
+  ## Summary
+
+  Addresses 9 user feedback items to improve DX, reduce boilerplate, and eliminate template duplications.
+
+  ### Phase 1: Validation Helpers (`@veloxts/validation`)
+
+  - Add `prismaDecimal()`, `prismaDecimalNullable()`, `prismaDecimalOptional()` for Prisma Decimal → number conversion
+  - Add `dateToIso`, `dateToIsoNullable`, `dateToIsoOptional` aliases for consistency
+
+  ### Phase 2: Template Deduplication (`@veloxts/auth`)
+
+  - Export `createEnhancedTokenStore()` with token revocation and refresh token reuse detection
+  - Export `parseUserRoles()` and `DEFAULT_ALLOWED_ROLES`
+  - Fix memory leak: track pending timeouts for proper cleanup on `destroy()`
+  - Update templates to import from `@veloxts/auth` instead of duplicating code
+  - Fix jwtManager singleton pattern in templates
+
+  ### Phase 3: Router Helpers (`@veloxts/router`)
+
+  - Add `createRouter()` returning `{ collections, router }` for DRY setup
+  - Add `toRouter()` for router-only use cases
+  - Update all router templates to use `createRouter()`
+
+  ### Phase 4: Guard Type Narrowing - Experimental (`@veloxts/auth`, `@veloxts/router`)
+
+  - Add `NarrowingGuard` interface with phantom `_narrows` type
+  - Add `authenticatedNarrow` and `hasRoleNarrow()` guards
+  - Add `guardNarrow()` method to `ProcedureBuilder` for context narrowing
+  - Enables `ctx.user` to be non-null after guard passes
+
+  ### Phase 5: Documentation (`@veloxts/router`)
+
+  - Document `.rest()` override patterns
+  - Document `createRouter()` helper usage
+  - Document `guardNarrow()` experimental API
+  - Add schema browser-safety patterns for RSC apps
+
+- Updated dependencies
+  - @veloxts/core@0.6.69
+
 ## 0.6.68
 
 ### Patch Changes

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@veloxts/orm",
-  "version": "0.6.68",
+  "version": "0.6.70",
   "description": "Prisma wrapper with enhanced DX for VeloxTS framework",
   "type": "module",
   "main": "dist/index.js",
@@ -19,7 +19,7 @@
     "fastify": "5.6.2",
     "pg": "8.16.0",
     "pg-format": "1.0.4",
-    "@veloxts/core": "0.6.68"
+    "@veloxts/core": "0.6.70"
   },
   "devDependencies": {
     "@types/pg": "8.15.4",