better-convex 0.6.3 → 0.7.0

package/dist/auth/index.js

@@ -1,12 +1,13 @@
-import { a as partial, h as asyncMap, l as isQueryCtx, n as customCtx, r as customMutation, u as isRunMutationCtx } from "../customFunctions-C1okqCzL.js";
-import { C as stream, D as unsetToken, L as eq, S as mergedStream } from "../orm-CleikBIV.js";
+import { a as partial, h as asyncMap, l as isQueryCtx, n as customCtx, r as customMutation, u as isRunMutationCtx } from "../customFunctions-CZnCwoR3.js";
+import { a as mergedStream, l as unsetToken, o as stream, t as getByIdWithOrmQueryFallback, v as eq } from "../query-context-BDSis9rT.js";
+import { v } from "convex/values";
+import { internalActionGeneric, internalMutationGeneric, internalQueryGeneric, paginationOptsValidator } from "convex/server";
 import { convex } from "@convex-dev/better-auth/plugins";
 import { createAdapterFactory } from "better-auth/adapters";
 import { getAuthTables } from "better-auth/db";
-import { ROUTABLE_HTTP_METHODS, createFunctionHandle, httpActionGeneric, httpRouter, internalActionGeneric, internalMutationGeneric, internalQueryGeneric, paginationOptsValidator } from "convex/server";
 import { prop, sortBy, uniqueBy } from "remeda";
-import { v } from "convex/values";
 import { stripIndent } from "common-tags";
+import { betterAuth } from "better-auth";
 
 //#region src/auth/adapter-utils.ts
 const adapterWhereValidator = v.object({
@@ -278,6 +279,20 @@ const listOne = async (ctx, schema, betterAuthSchema, args) => (await paginate(c
 
 //#endregion
 //#region src/auth/create-api.ts
+const AUTH_TABLE_TRIGGER_KEYS = new Set([
+	"create",
+	"update",
+	"delete",
+	"change"
+]);
+const LEGACY_AUTH_TRIGGER_KEYS = new Set([
+	"beforeCreate",
+	"beforeDelete",
+	"beforeUpdate",
+	"onCreate",
+	"onDelete",
+	"onUpdate"
+]);
 const whereValidator = (schema, tableName) => v.object({
 	connector: v.optional(v.union(v.literal("AND"), v.literal("OR"))),
 	field: v.union(...Object.keys(schema.tables[tableName].validator.fields).map((field) => v.literal(field)), v.literal("_id")),
@@ -312,17 +327,59 @@ const ormDelete = async (ctx, table, id) => {
 	await ctx.orm.delete(table).where(eq(table._id, id));
 };
 const withBothIdFields = (doc) => {
-	const existingUnderscoreId = doc._id;
-	const existingId = doc.id;
+	if (!doc || typeof doc !== "object" || Array.isArray(doc)) return doc;
+	const record = doc;
+	const existingUnderscoreId = record._id;
+	const existingId = record.id;
 	const id = existingUnderscoreId ?? existingId;
 	if (!id) return doc;
 	return {
-		...doc,
+		...record,
 		_id: existingUnderscoreId ?? id,
 		id: existingId ?? id
 	};
 };
 const isPlainObject = (value) => !!value && typeof value === "object" && !Array.isArray(value);
+const isBeforeDataResult = (value) => isPlainObject(value) && "data" in value && isPlainObject(value.data);
+const ensureRuntimeTableTriggers = (model, value) => {
+	if (value === void 0) return;
+	if (!isPlainObject(value)) throw new Error(`Invalid auth triggers for '${model}'. Expected an object with create/update/delete/change keys.`);
+	for (const key of Object.keys(value)) {
+		if (LEGACY_AUTH_TRIGGER_KEYS.has(key)) throw new Error(`Invalid auth trigger key '${key}' for '${model}'. Auth triggers now use { create, update, delete, change } shape.`);
+		if (!AUTH_TABLE_TRIGGER_KEYS.has(key)) throw new Error(`Invalid auth trigger key '${key}' for '${model}'. Allowed keys: create, update, delete, change.`);
+	}
+	const create = value.create;
+	const update = value.update;
+	const del = value.delete;
+	const change = value.change;
+	const validateOperationHook = (operation, operationHooks) => {
+		if (operationHooks === void 0) return;
+		if (!isPlainObject(operationHooks)) throw new Error(`Invalid auth trigger '${operation}' for '${model}'. Expected an object with optional before/after handlers.`);
+		if (operationHooks.before !== void 0 && typeof operationHooks.before !== "function") throw new Error(`Invalid auth trigger '${operation}.before' for '${model}'. Expected a function.`);
+		if (operationHooks.after !== void 0 && typeof operationHooks.after !== "function") throw new Error(`Invalid auth trigger '${operation}.after' for '${model}'. Expected a function.`);
+	};
+	validateOperationHook("create", create);
+	validateOperationHook("update", update);
+	validateOperationHook("delete", del);
+	if (change !== void 0 && typeof change !== "function") throw new Error(`Invalid auth trigger 'change' for '${model}'. Expected a function.`);
+	return {
+		...create ? { create } : {},
+		...update ? { update } : {},
+		...del ? { delete: del } : {},
+		...change ? { change } : {}
+	};
+};
+const applyBeforeHook = async (model, operation, data, beforeHook, triggerCtx) => {
+	if (!beforeHook) return data;
+	const result = await beforeHook(data, triggerCtx);
+	if (result === false) throw new Error(`Auth trigger cancelled ${operation} on '${model}'.`);
+	if (isBeforeDataResult(result)) return {
+		...data,
+		...result.data
+	};
+	return data;
+};
+const getDocId = (doc) => doc._id ?? doc.id;
 const serializeDatesForConvex = (value) => {
 	if (value instanceof Date) return value.getTime();
 	if (Array.isArray(value)) {
@@ -352,14 +409,9 @@ const serializeDatesForConvex = (value) => {
 };
 const toConvexSafe = (value) => serializeDatesForConvex(value);
 const createHandler = async (ctx, args, schema, betterAuthSchema) => {
-	let data = args.input.data;
-	if (!args.skipBeforeHooks && args.beforeCreateHandle) {
-		const transformedData = await ctx.runMutation(args.beforeCreateHandle, serializeDatesForConvex({
-			data,
-			model: args.input.model
-		}));
-		if (transformedData !== void 0) data = transformedData;
-	}
+	const triggerCtx = args.triggerCtx ?? ctx;
+	const tableTriggers = args.tableTriggers;
+	const data = serializeDatesForConvex(await applyBeforeHook(args.input.model, "create", args.input.data, tableTriggers?.create?.before, triggerCtx));
 	await checkUniqueFields(ctx, schema, betterAuthSchema, args.input.model, data);
 	const ormTable = resolveOrmTable(ctx, schema, betterAuthSchema, args.input.model);
 	const doc = ormTable ? await ormInsert(ctx, ormTable.table, data) : await (async () => {
@@ -367,50 +419,51 @@ const createHandler = async (ctx, args, schema, betterAuthSchema) => {
 		return ctx.db.get(id);
 	})();
 	if (!doc) throw new Error(`Failed to create ${args.input.model}`);
-	const normalizedDoc = ormTable ? withBothIdFields(doc) : doc;
+	const normalizedDoc = withBothIdFields(doc);
 	const result = await selectFields(normalizedDoc, args.select);
-	if (args.onCreateHandle) {
-		const hookDoc = normalizedDoc;
-		await ctx.runMutation(args.onCreateHandle, serializeDatesForConvex({
-			doc: hookDoc,
-			model: args.input.model
-		}));
-	}
+	const hookDoc = serializeDatesForConvex(normalizedDoc);
+	const id = getDocId(hookDoc);
+	await tableTriggers?.create?.after?.(hookDoc, triggerCtx);
+	await tableTriggers?.change?.({
+		id,
+		newDoc: hookDoc,
+		oldDoc: null,
+		operation: "insert"
+	}, triggerCtx);
 	return toConvexSafe(result);
 };
 const findOneHandler = async (ctx, args, schema, betterAuthSchema) => toConvexSafe(await listOne(ctx, schema, betterAuthSchema, args));
 const findManyHandler = async (ctx, args, schema, betterAuthSchema) => toConvexSafe(await paginate(ctx, schema, betterAuthSchema, args));
 const updateOneHandler = async (ctx, args, schema, betterAuthSchema) => {
+	const triggerCtx = args.triggerCtx ?? ctx;
+	const tableTriggers = args.tableTriggers;
 	const doc = await listOne(ctx, schema, betterAuthSchema, args.input);
 	if (!doc) throw new Error(`Failed to update ${args.input.model}`);
-	let update = args.input.update;
-	if (args.beforeUpdateHandle) {
-		const transformedUpdate = await ctx.runMutation(args.beforeUpdateHandle, serializeDatesForConvex({
-			doc,
-			model: args.input.model,
-			update
-		}));
-		if (transformedUpdate !== void 0) update = transformedUpdate;
-	}
-	await checkUniqueFields(ctx, schema, betterAuthSchema, args.input.model, update, doc);
+	const normalizedDoc = withBothIdFields(doc);
+	const update = serializeDatesForConvex(await applyBeforeHook(args.input.model, "update", args.input.update, tableTriggers?.update?.before, triggerCtx));
+	await checkUniqueFields(ctx, schema, betterAuthSchema, args.input.model, update, normalizedDoc);
 	const ormTable = resolveOrmTable(ctx, schema, betterAuthSchema, args.input.model);
-	const updatedDoc = ormTable ? await ormUpdate(ctx, ormTable.table, doc._id, update) : await (async () => {
-		await ctx.db.patch(doc._id, update);
-		return ctx.db.get(doc._id);
+	const updatedDoc = ormTable ? await ormUpdate(ctx, ormTable.table, normalizedDoc._id, update) : await (async () => {
+		await ctx.db.patch(normalizedDoc._id, update);
+		return ctx.db.get(normalizedDoc._id);
 	})();
 	if (!updatedDoc) throw new Error(`Failed to update ${args.input.model}`);
-	const normalizedUpdatedDoc = ormTable ? withBothIdFields(updatedDoc) : updatedDoc;
-	if (args.onUpdateHandle) {
-		const hookNewDoc = normalizedUpdatedDoc;
-		await ctx.runMutation(args.onUpdateHandle, serializeDatesForConvex({
-			model: args.input.model,
-			newDoc: hookNewDoc,
-			oldDoc: doc
-		}));
-	}
+	const normalizedUpdatedDoc = withBothIdFields(updatedDoc);
+	const hookNewDoc = serializeDatesForConvex(normalizedUpdatedDoc);
+	const hookOldDoc = serializeDatesForConvex(normalizedDoc);
+	const id = getDocId(hookNewDoc);
+	await tableTriggers?.update?.after?.(hookNewDoc, triggerCtx);
+	await tableTriggers?.change?.({
+		id,
+		newDoc: hookNewDoc,
+		oldDoc: hookOldDoc,
+		operation: "update"
+	}, triggerCtx);
 	return toConvexSafe(normalizedUpdatedDoc);
 };
 const updateManyHandler = async (ctx, args, schema, betterAuthSchema) => {
+	const triggerCtx = args.triggerCtx ?? ctx;
+	const tableTriggers = args.tableTriggers;
 	const { page, ...result } = await paginate(ctx, schema, betterAuthSchema, {
 		...args.input,
 		paginationOpts: args.paginationOpts
@@ -419,89 +472,91 @@ const updateManyHandler = async (ctx, args, schema, betterAuthSchema) => {
 	if (args.input.update) {
 		if (hasUniqueFields(betterAuthSchema, args.input.model, args.input.update ?? {}) && page.length > 1) throw new Error(`Attempted to set unique fields in multiple documents in ${args.input.model} with the same value. Fields: ${Object.keys(args.input.update ?? {}).join(", ")}`);
 		await asyncMap(page, async (doc) => {
-			let update = args.input.update;
-			if (args.beforeUpdateHandle) {
-				const transformedUpdate = await ctx.runMutation(args.beforeUpdateHandle, serializeDatesForConvex({
-					doc,
-					model: args.input.model,
-					update
-				}));
-				if (transformedUpdate !== void 0) update = transformedUpdate;
-			}
-			await checkUniqueFields(ctx, schema, betterAuthSchema, args.input.model, update ?? {}, doc);
-			const newDoc = ormTable ? await ormUpdate(ctx, ormTable.table, doc._id, update ?? {}) : await (async () => {
-				await ctx.db.patch(doc._id, update);
-				return ctx.db.get(doc._id);
-			})();
-			if (args.onUpdateHandle) {
-				const hookNewDoc = ormTable ? withBothIdFields(newDoc) : newDoc;
-				await ctx.runMutation(args.onUpdateHandle, serializeDatesForConvex({
-					model: args.input.model,
-					newDoc: hookNewDoc,
-					oldDoc: doc
-				}));
-			}
+			const normalizedDoc = withBothIdFields(doc);
+			const update = serializeDatesForConvex(await applyBeforeHook(args.input.model, "update", args.input.update ?? {}, tableTriggers?.update?.before, triggerCtx));
+			await checkUniqueFields(ctx, schema, betterAuthSchema, args.input.model, update ?? {}, normalizedDoc);
+			const hookNewDoc = serializeDatesForConvex(withBothIdFields(ormTable ? await ormUpdate(ctx, ormTable.table, normalizedDoc._id, update ?? {}) : await (async () => {
+				await ctx.db.patch(normalizedDoc._id, update);
+				return ctx.db.get(normalizedDoc._id);
+			})()));
+			const hookOldDoc = serializeDatesForConvex(normalizedDoc);
+			const id = getDocId(hookNewDoc);
+			await tableTriggers?.update?.after?.(hookNewDoc, triggerCtx);
+			await tableTriggers?.change?.({
+				id,
+				newDoc: hookNewDoc,
+				oldDoc: hookOldDoc,
+				operation: "update"
+			}, triggerCtx);
 		});
 	}
 	return toConvexSafe({
 		...result,
 		count: page.length,
-		ids: page.map((doc) => doc._id)
+		ids: page.map((doc) => withBothIdFields(doc)._id)
 	});
 };
 const deleteOneHandler = async (ctx, args, schema, betterAuthSchema) => {
+	const triggerCtx = args.triggerCtx ?? ctx;
+	const tableTriggers = args.tableTriggers;
 	const doc = await listOne(ctx, schema, betterAuthSchema, args.input);
 	if (!doc) return;
-	let hookDoc = doc;
-	if (!args.skipBeforeHooks && args.beforeDeleteHandle) {
-		const transformedDoc = await ctx.runMutation(args.beforeDeleteHandle, serializeDatesForConvex({
-			doc,
-			model: args.input.model
-		}));
-		if (transformedDoc !== void 0) hookDoc = transformedDoc;
-	}
+	const normalizedDoc = withBothIdFields(doc);
+	const hookDoc = withBothIdFields(serializeDatesForConvex(await applyBeforeHook(args.input.model, "delete", normalizedDoc, tableTriggers?.delete?.before, triggerCtx)));
+	const id = getDocId(normalizedDoc);
 	const ormTable = resolveOrmTable(ctx, schema, betterAuthSchema, args.input.model);
-	if (ormTable) await ormDelete(ctx, ormTable.table, doc._id);
-	else await ctx.db.delete(doc._id);
-	if (args.onDeleteHandle) await ctx.runMutation(args.onDeleteHandle, serializeDatesForConvex({
-		doc: hookDoc,
-		model: args.input.model
-	}));
-	return toConvexSafe(hookDoc);
+	if (ormTable) await ormDelete(ctx, ormTable.table, normalizedDoc._id);
+	else await ctx.db.delete(normalizedDoc._id);
+	await tableTriggers?.delete?.after?.(hookDoc, triggerCtx);
+	await tableTriggers?.change?.({
+		id,
+		newDoc: null,
+		oldDoc: hookDoc,
+		operation: "delete"
+	}, triggerCtx);
+	return toConvexSafe(withBothIdFields(hookDoc));
 };
 const deleteManyHandler = async (ctx, args, schema, betterAuthSchema) => {
+	const triggerCtx = args.triggerCtx ?? ctx;
+	const tableTriggers = args.tableTriggers;
 	const { page, ...result } = await paginate(ctx, schema, betterAuthSchema, {
 		...args.input,
 		paginationOpts: args.paginationOpts
 	});
 	const ormTable = resolveOrmTable(ctx, schema, betterAuthSchema, args.input.model);
 	await asyncMap(page, async (doc) => {
-		let hookDoc = doc;
-		if (!args.skipBeforeHooks && args.beforeDeleteHandle) {
-			const transformedDoc = await ctx.runMutation(args.beforeDeleteHandle, serializeDatesForConvex({
-				doc,
-				model: args.input.model
-			}));
-			if (transformedDoc !== void 0) hookDoc = transformedDoc;
-		}
-		if (ormTable) await ormDelete(ctx, ormTable.table, doc._id);
-		else await ctx.db.delete(doc._id);
-		if (args.onDeleteHandle) await ctx.runMutation(args.onDeleteHandle, serializeDatesForConvex({
-			doc: hookDoc,
-			model: args.input.model
-		}));
+		const normalizedDoc = withBothIdFields(doc);
+		const hookDoc = withBothIdFields(serializeDatesForConvex(await applyBeforeHook(args.input.model, "delete", normalizedDoc, tableTriggers?.delete?.before, triggerCtx)));
+		const id = getDocId(normalizedDoc);
+		if (ormTable) await ormDelete(ctx, ormTable.table, normalizedDoc._id);
+		else await ctx.db.delete(normalizedDoc._id);
+		await tableTriggers?.delete?.after?.(hookDoc, triggerCtx);
+		await tableTriggers?.change?.({
+			id,
+			newDoc: null,
+			oldDoc: hookDoc,
+			operation: "delete"
+		}, triggerCtx);
 	});
 	return toConvexSafe({
 		...result,
 		count: page.length,
-		ids: page.map((doc) => doc._id)
+		ids: page.map((doc) => withBothIdFields(doc)._id)
 	});
 };
 const createApi = (schema, getAuth, options) => {
-	const betterAuthSchema = getAuthTables(getAuth({}).options);
-	const { internalMutation, skipValidation, context } = options ?? {};
+	const { internalMutation, validateInput = false, context, triggers } = options ?? {};
+	let betterAuthSchema;
+	const getBetterAuthSchema = () => {
+		betterAuthSchema ??= getAuthTables(getAuth({}).options);
+		return betterAuthSchema;
+	};
 	const mutationBuilderBase = internalMutation ?? internalMutationGeneric;
 	const mutationBuilder = context ? customMutation(mutationBuilderBase, customCtx(async (ctx) => await context?.(ctx) ?? ctx)) : mutationBuilderBase;
+	const resolveTableTriggers = (model, triggerCtx) => {
+		const tableTriggers = (typeof triggers === "function" ? triggers(triggerCtx) : triggers)?.[model];
+		return ensureRuntimeTableTriggers(model, tableTriggers);
+	};
 	const anyInput = v.object({
 		data: v.any(),
 		model: v.string()
@@ -515,55 +570,71 @@ const createApi = (schema, getAuth, options) => {
 		update: v.any(),
 		where: v.optional(v.array(v.any()))
 	});
-	const authTableNames = new Set(Object.keys(betterAuthSchema));
+	const authSchemaForValidation = validateInput ? getBetterAuthSchema() : {};
+	const authTableNames = new Set(Object.keys(authSchemaForValidation));
 	const authTables = Object.entries(schema.tables).filter(([name]) => authTableNames.has(name));
 	const authTableKeys = authTables.map(([name]) => name);
-	const createInput = skipValidation ? anyInput : v.union(...authTables.map(([model, table]) => {
+	const createInput = validateInput ? v.union(...authTables.map(([model, table]) => {
 		const fields = partial(table.validator.fields);
 		return v.object({
 			data: v.object(fields),
 			model: v.literal(model)
 		});
-	}));
-	const deleteInput = skipValidation ? anyInputWithWhere : v.union(...authTableKeys.map((tableName) => v.object({
+	})) : anyInput;
+	const deleteInput = validateInput ? v.union(...authTableKeys.map((tableName) => v.object({
 		model: v.literal(tableName),
 		where: v.optional(v.array(whereValidator(schema, tableName)))
-	})));
-	const modelValidator = skipValidation ? v.string() : v.union(...authTableKeys.map((model) => v.literal(model)));
-	const updateInput = skipValidation ? anyInputWithUpdate : v.union(...authTables.map(([tableName, table]) => {
+	}))) : anyInputWithWhere;
+	const modelValidator = validateInput ? v.union(...authTableKeys.map((model) => v.literal(model))) : v.string();
+	const updateInput = validateInput ? v.union(...authTables.map(([tableName, table]) => {
 		const fields = partial(table.validator.fields);
 		return v.object({
 			model: v.literal(tableName),
 			update: v.object(fields),
 			where: v.optional(v.array(whereValidator(schema, tableName)))
 		});
-	}));
+	})) : anyInputWithUpdate;
 	return {
 		create: mutationBuilder({
 			args: {
-				beforeCreateHandle: v.optional(v.string()),
 				input: createInput,
-				select: v.optional(v.array(v.string())),
-				onCreateHandle: v.optional(v.string())
+				select: v.optional(v.array(v.string()))
 			},
-			handler: async (ctx, args) => createHandler(ctx, args, schema, betterAuthSchema)
+			handler: async (ctx, args) => {
+				const triggerCtx = ctx;
+				return createHandler(ctx, {
+					input: args.input,
+					select: args.select,
+					tableTriggers: resolveTableTriggers(args.input.model, triggerCtx),
+					triggerCtx
+				}, schema, getBetterAuthSchema());
+			}
 		}),
 		deleteMany: mutationBuilder({
 			args: {
-				beforeDeleteHandle: v.optional(v.string()),
 				input: deleteInput,
-				paginationOpts: paginationOptsValidator,
-				onDeleteHandle: v.optional(v.string())
+				paginationOpts: paginationOptsValidator
 			},
-			handler: async (ctx, args) => deleteManyHandler(ctx, args, schema, betterAuthSchema)
+			handler: async (ctx, args) => {
+				const triggerCtx = ctx;
+				return deleteManyHandler(ctx, {
+					input: args.input,
+					paginationOpts: args.paginationOpts,
+					tableTriggers: resolveTableTriggers(args.input.model, triggerCtx),
+					triggerCtx
+				}, schema, getBetterAuthSchema());
+			}
 		}),
 		deleteOne: mutationBuilder({
-			args: {
-				beforeDeleteHandle: v.optional(v.string()),
-				input: deleteInput,
-				onDeleteHandle: v.optional(v.string())
-			},
-			handler: async (ctx, args) => deleteOneHandler(ctx, args, schema, betterAuthSchema)
+			args: { input: deleteInput },
+			handler: async (ctx, args) => {
+				const triggerCtx = ctx;
+				return deleteOneHandler(ctx, {
+					input: args.input,
+					tableTriggers: resolveTableTriggers(args.input.model, triggerCtx),
+					triggerCtx
+				}, schema, getBetterAuthSchema());
+			}
 		}),
 		findMany: internalQueryGeneric({
 			args: {
@@ -578,7 +649,7 @@ const createApi = (schema, getAuth, options) => {
 				where: v.optional(v.array(adapterWhereValidator)),
 				join: v.optional(v.any())
 			},
-			handler: async (ctx, args) => findManyHandler(ctx, args, schema, betterAuthSchema)
+			handler: async (ctx, args) => findManyHandler(ctx, args, schema, getBetterAuthSchema())
 		}),
 		findOne: internalQueryGeneric({
 			args: {
@@ -587,24 +658,33 @@ const createApi = (schema, getAuth, options) => {
 				where: v.optional(v.array(adapterWhereValidator)),
 				join: v.optional(v.any())
 			},
-			handler: async (ctx, args) => findOneHandler(ctx, args, schema, betterAuthSchema)
+			handler: async (ctx, args) => findOneHandler(ctx, args, schema, getBetterAuthSchema())
 		}),
 		updateMany: mutationBuilder({
 			args: {
-				beforeUpdateHandle: v.optional(v.string()),
 				input: updateInput,
-				paginationOpts: paginationOptsValidator,
-				onUpdateHandle: v.optional(v.string())
+				paginationOpts: paginationOptsValidator
 			},
-			handler: async (ctx, args) => updateManyHandler(ctx, args, schema, betterAuthSchema)
+			handler: async (ctx, args) => {
+				const triggerCtx = ctx;
+				return updateManyHandler(ctx, {
+					input: args.input,
+					paginationOpts: args.paginationOpts,
+					tableTriggers: resolveTableTriggers(args.input.model, triggerCtx),
+					triggerCtx
+				}, schema, getBetterAuthSchema());
+			}
 		}),
 		updateOne: mutationBuilder({
-			args: {
-				beforeUpdateHandle: v.optional(v.string()),
-				input: updateInput,
-				onUpdateHandle: v.optional(v.string())
-			},
-			handler: async (ctx, args) => updateOneHandler(ctx, args, schema, betterAuthSchema)
+			args: { input: updateInput },
+			handler: async (ctx, args) => {
+				const triggerCtx = ctx;
+				return updateOneHandler(ctx, {
+					input: args.input,
+					tableTriggers: resolveTableTriggers(args.input.model, triggerCtx),
+					triggerCtx
+				}, schema, getBetterAuthSchema());
+			}
 		}),
 		getLatestJwks: internalActionGeneric({
 			args: {},
@@ -692,26 +772,25 @@ const ORM_SCHEMA_OPTIONS = Symbol.for("better-convex:OrmSchemaOptions");
 const hasOrmSchemaMetadata = (schema) => !!schema && typeof schema === "object" && ORM_SCHEMA_OPTIONS in schema;
 const createAuthSchema = async ({ file, schema, tables }) => {
 	if (hasOrmSchemaMetadata(schema)) {
-		const { createSchemaOrm } = await import("../create-schema-orm-DplxTtYj.js");
+		const { createSchemaOrm } = await import("../create-schema-orm-69VF4CFV.js");
 		return createSchemaOrm({
 			file,
 			tables
 		});
 	}
-	const { createSchema } = await import("../create-schema-DhWXOhnU.js");
+	const { createSchema } = await import("../create-schema-BdZOL6ns.js");
 	return createSchema({
 		file,
 		tables
 	});
 };
-const httpAdapter = (ctx, { authFunctions, debugLogs, schema, triggers }) => {
+const httpAdapter = (ctx, { authFunctions, debugLogs, schema }) => {
 	return createAdapterFactory({
 		config: {
 			...adapterConfig,
 			debugLogs: debugLogs || false
 		},
 		adapter: ({ options }) => {
-			const getTriggers = (model) => triggers?.[model];
 			options.telemetry = { enabled: false };
 			return {
 				id: "convex",
@@ -730,16 +809,12 @@ const httpAdapter = (ctx, { authFunctions, debugLogs, schema, triggers }) => {
 				},
 				create: async ({ data, model, select }) => {
 					if (!("runMutation" in ctx)) throw new Error("ctx is not a mutation ctx");
-					const onCreateHandle = authFunctions.onCreate && getTriggers(model)?.onCreate ? await createFunctionHandle(authFunctions.onCreate) : void 0;
-					const beforeCreateHandle = authFunctions.beforeCreate && getTriggers(model)?.beforeCreate ? await createFunctionHandle(authFunctions.beforeCreate) : void 0;
 					return await ctx.runMutation(authFunctions.create, {
-						beforeCreateHandle,
 						input: {
 							data,
 							model
 						},
-						select,
-						onCreateHandle
+						select
 					});
 				},
 				createSchema: async ({ file, tables }) => createAuthSchema({
@@ -749,29 +824,19 @@ const httpAdapter = (ctx, { authFunctions, debugLogs, schema, triggers }) => {
 				}),
 				delete: async (data) => {
 					if (!("runMutation" in ctx)) throw new Error("ctx is not a mutation ctx");
-					const onDeleteHandle = authFunctions.onDelete && getTriggers(data.model)?.onDelete ? await createFunctionHandle(authFunctions.onDelete) : void 0;
-					const beforeDeleteHandle = authFunctions.beforeDelete && getTriggers(data.model)?.beforeDelete ? await createFunctionHandle(authFunctions.beforeDelete) : void 0;
-					await ctx.runMutation(authFunctions.deleteOne, {
-						beforeDeleteHandle,
-						input: {
-							model: data.model,
-							where: parseWhere(data.where)
-						},
-						onDeleteHandle
-					});
+					await ctx.runMutation(authFunctions.deleteOne, { input: {
+						model: data.model,
+						where: parseWhere(data.where)
+					} });
 				},
 				deleteMany: async (data) => {
 					if (!("runMutation" in ctx)) throw new Error("ctx is not a mutation ctx");
-					const onDeleteHandle = authFunctions.onDelete && getTriggers(data.model)?.onDelete ? await createFunctionHandle(authFunctions.onDelete) : void 0;
-					const beforeDeleteHandle = authFunctions.beforeDelete && getTriggers(data.model)?.beforeDelete ? await createFunctionHandle(authFunctions.beforeDelete) : void 0;
 					return (await handlePagination(async ({ paginationOpts }) => await ctx.runMutation(authFunctions.deleteMany, {
-						beforeDeleteHandle,
 						input: {
 							...data,
 							where: parseWhere(data.where)
 						},
-						paginationOpts,
-						onDeleteHandle
+						paginationOpts
 					}))).count;
 				},
 				findMany: async (data) => {
@@ -815,39 +880,29 @@ const httpAdapter = (ctx, { authFunctions, debugLogs, schema, triggers }) => {
 						}), { limit: 2 });
 						if (countResult.docs.length === 0) throw new Error(`No ${data.model} found matching criteria`);
 						if (countResult.docs.length > 1) throw new Error(`Multiple ${data.model} found matching criteria. Expected exactly 1.`);
-						const onUpdateHandle = authFunctions.onUpdate && getTriggers(data.model)?.onUpdate ? await createFunctionHandle(authFunctions.onUpdate) : void 0;
-						const beforeUpdateHandle = authFunctions.beforeUpdate && getTriggers(data.model)?.beforeUpdate ? await createFunctionHandle(authFunctions.beforeUpdate) : void 0;
-						return await ctx.runMutation(authFunctions.updateOne, {
-							beforeUpdateHandle,
-							input: {
-								model: data.model,
-								update: data.update,
-								where: parseWhere(data.where)
-							},
-							onUpdateHandle
-						});
+						return await ctx.runMutation(authFunctions.updateOne, { input: {
+							model: data.model,
+							update: data.update,
+							where: parseWhere(data.where)
+						} });
 					}
 					throw new Error("where clause not supported");
 				},
 				updateMany: async (data) => {
 					if (!("runMutation" in ctx)) throw new Error("ctx is not a mutation ctx");
-					const onUpdateHandle = authFunctions.onUpdate && getTriggers(data.model)?.onUpdate ? await createFunctionHandle(authFunctions.onUpdate) : void 0;
-					const beforeUpdateHandle = authFunctions.beforeUpdate && getTriggers(data.model)?.beforeUpdate ? await createFunctionHandle(authFunctions.beforeUpdate) : void 0;
 					return (await handlePagination(async ({ paginationOpts }) => await ctx.runMutation(authFunctions.updateMany, {
-						beforeUpdateHandle,
 						input: {
 							...data,
 							where: parseWhere(data.where)
 						},
-						paginationOpts,
-						onUpdateHandle
+						paginationOpts
 					}))).count;
 				}
 			};
 		}
 	});
 };
-const dbAdapter = (ctx, getAuthOptions, { authFunctions, debugLogs, schema, triggers }) => {
+const dbAdapter = (ctx, getAuthOptions, { authFunctions, debugLogs, schema }) => {
 	const betterAuthSchema = getAuthTables(getAuthOptions({}));
 	return createAdapterFactory({
 		config: {
@@ -855,7 +910,6 @@ const dbAdapter = (ctx, getAuthOptions, { authFunctions, debugLogs, schema, trig
 			debugLogs: debugLogs || false
 		},
 		adapter: ({ options }) => {
-			const getTriggers = (model) => triggers?.[model];
 			options.telemetry = { enabled: false };
 			return {
 				id: "convex",
@@ -873,16 +927,14 @@ const dbAdapter = (ctx, getAuthOptions, { authFunctions, debugLogs, schema, trig
 					}, schema, betterAuthSchema))).docs.length;
 				},
 				create: async ({ data, model, select }) => {
-					const onCreateHandle = authFunctions.onCreate && getTriggers(model)?.onCreate ? await createFunctionHandle(authFunctions.onCreate) : void 0;
-					return await createHandler(ctx, {
-						beforeCreateHandle: authFunctions.beforeCreate && getTriggers(model)?.beforeCreate ? await createFunctionHandle(authFunctions.beforeCreate) : void 0,
+					if (!("runMutation" in ctx)) throw new Error("ctx is not a mutation ctx");
+					return await ctx.runMutation(authFunctions.create, {
 						input: {
 							data,
 							model
 						},
-						select,
-						onCreateHandle
-					}, schema, betterAuthSchema);
+						select
+					});
 				},
 				createSchema: async ({ file, tables }) => createAuthSchema({
 					file,
@@ -890,28 +942,21 @@ const dbAdapter = (ctx, getAuthOptions, { authFunctions, debugLogs, schema, trig
 					tables
 				}),
 				delete: async (data) => {
-					const onDeleteHandle = authFunctions.onDelete && getTriggers(data.model)?.onDelete ? await createFunctionHandle(authFunctions.onDelete) : void 0;
-					await deleteOneHandler(ctx, {
-						beforeDeleteHandle: authFunctions.beforeDelete && getTriggers(data.model)?.beforeDelete ? await createFunctionHandle(authFunctions.beforeDelete) : void 0,
-						input: {
-							model: data.model,
-							where: parseWhere(data.where)
-						},
-						onDeleteHandle
-					}, schema, betterAuthSchema);
+					if (!("runMutation" in ctx)) throw new Error("ctx is not a mutation ctx");
+					await ctx.runMutation(authFunctions.deleteOne, { input: {
+						model: data.model,
+						where: parseWhere(data.where)
+					} });
 				},
 				deleteMany: async (data) => {
-					const onDeleteHandle = authFunctions.onDelete && getTriggers(data.model)?.onDelete ? await createFunctionHandle(authFunctions.onDelete) : void 0;
-					const beforeDeleteHandle = authFunctions.beforeDelete && getTriggers(data.model)?.beforeDelete ? await createFunctionHandle(authFunctions.beforeDelete) : void 0;
-					return (await handlePagination(async ({ paginationOpts }) => await deleteManyHandler(ctx, {
-						beforeDeleteHandle,
+					if (!("runMutation" in ctx)) throw new Error("ctx is not a mutation ctx");
+					return (await handlePagination(async ({ paginationOpts }) => await ctx.runMutation(authFunctions.deleteMany, {
 						input: {
 							...data,
 							where: parseWhere(data.where)
 						},
-						paginationOpts,
-						onDeleteHandle
-					}, schema, betterAuthSchema))).count;
+						paginationOpts
+					}))).count;
 				},
 				findMany: async (data) => {
 					if (data.offset) throw new Error("offset not supported");
@@ -952,31 +997,24 @@ const dbAdapter = (ctx, getAuthOptions, { authFunctions, debugLogs, schema, trig
 						}, schema, betterAuthSchema), { limit: 2 });
 						if (countResult.docs.length === 0) throw new Error(`No ${data.model} found matching criteria`);
 						if (countResult.docs.length > 1) throw new Error(`Multiple ${data.model} found matching criteria. Expected exactly 1.`);
-						const onUpdateHandle = authFunctions.onUpdate && getTriggers(data.model)?.onUpdate ? await createFunctionHandle(authFunctions.onUpdate) : void 0;
-						return await updateOneHandler(ctx, {
-							beforeUpdateHandle: authFunctions.beforeUpdate && getTriggers(data.model)?.beforeUpdate ? await createFunctionHandle(authFunctions.beforeUpdate) : void 0,
-							input: {
-								model: data.model,
-								update: data.update,
-								where: parseWhere(data.where)
-							},
-							onUpdateHandle
-						}, schema, betterAuthSchema);
+						if (!("runMutation" in ctx)) throw new Error("ctx is not a mutation ctx");
+						return await ctx.runMutation(authFunctions.updateOne, { input: {
+							model: data.model,
+							update: data.update,
+							where: parseWhere(data.where)
+						} });
 					}
 					throw new Error("where clause not supported");
 				},
 				updateMany: async (data) => {
-					const onUpdateHandle = authFunctions.onUpdate && getTriggers(data.model)?.onUpdate ? await createFunctionHandle(authFunctions.onUpdate) : void 0;
-					const beforeUpdateHandle = authFunctions.beforeUpdate && getTriggers(data.model)?.beforeUpdate ? await createFunctionHandle(authFunctions.beforeUpdate) : void 0;
-					return (await handlePagination(async ({ paginationOpts }) => await updateManyHandler(ctx, {
-						beforeUpdateHandle,
+					if (!("runMutation" in ctx)) throw new Error("ctx is not a mutation ctx");
+					return (await handlePagination(async ({ paginationOpts }) => await ctx.runMutation(authFunctions.updateMany, {
 						input: {
 							...data,
 							where: parseWhere(data.where)
 						},
-						paginationOpts,
-						onUpdateHandle
-					}, schema, betterAuthSchema))).count;
+						paginationOpts
+					}))).count;
 				}
 			};
 		}
@@ -988,81 +1026,124 @@ const dbAdapter = (ctx, getAuthOptions, { authFunctions, debugLogs, schema, trig
 const createClient = (config) => ({
 	authFunctions: config.authFunctions,
 	triggers: config.triggers,
-	adapter: (ctx, getAuthOptions) => isQueryCtx(ctx) ? dbAdapter(ctx, getAuthOptions, config) : httpAdapter(ctx, config),
-	triggersApi: () => {
-		const mutationBuilderBase = config.internalMutation ?? internalMutationGeneric;
-		const hasMutationCtxTransforms = config.context !== void 0;
-		const transformMutationCtx = async (ctx) => await config.context?.(ctx) ?? ctx;
-		const mutationBuilder = hasMutationCtxTransforms ? customMutation(mutationBuilderBase, customCtx(async (ctx) => await transformMutationCtx(ctx))) : mutationBuilderBase;
-		const getTriggers = (model) => config.triggers?.[model];
-		const resolveTriggerCtx = async (ctx) => hasMutationCtxTransforms ? ctx : await transformMutationCtx(ctx);
-		return {
-			beforeCreate: mutationBuilder({
-				args: {
-					data: v.any(),
-					model: v.string()
-				},
-				handler: async (ctx, args) => {
-					const triggerCtx = await resolveTriggerCtx(ctx);
-					return await getTriggers(args.model)?.beforeCreate?.(triggerCtx, args.data) ?? args.data;
-				}
-			}),
-			beforeDelete: mutationBuilder({
-				args: {
-					doc: v.any(),
-					model: v.string()
-				},
-				handler: async (ctx, args) => {
-					const triggerCtx = await resolveTriggerCtx(ctx);
-					return await getTriggers(args.model)?.beforeDelete?.(triggerCtx, args.doc) ?? args.doc;
-				}
-			}),
-			beforeUpdate: mutationBuilder({
-				args: {
-					doc: v.any(),
-					model: v.string(),
-					update: v.any()
-				},
-				handler: async (ctx, args) => {
-					const triggerCtx = await resolveTriggerCtx(ctx);
-					return await getTriggers(args.model)?.beforeUpdate?.(triggerCtx, args.doc, args.update) ?? args.update;
-				}
-			}),
-			onCreate: mutationBuilder({
-				args: {
-					doc: v.any(),
-					model: v.string()
-				},
-				handler: async (ctx, args) => {
-					const triggerCtx = await resolveTriggerCtx(ctx);
-					await getTriggers(args.model)?.onCreate?.(triggerCtx, args.doc);
-				}
-			}),
-			onDelete: mutationBuilder({
-				args: {
-					doc: v.any(),
-					model: v.string()
-				},
-				handler: async (ctx, args) => {
-					const triggerCtx = await resolveTriggerCtx(ctx);
-					await getTriggers(args.model)?.onDelete?.(triggerCtx, args.doc);
-				}
-			}),
-			onUpdate: mutationBuilder({
-				args: {
-					model: v.string(),
-					newDoc: v.any(),
-					oldDoc: v.any()
-				},
-				handler: async (ctx, args) => {
-					const triggerCtx = await resolveTriggerCtx(ctx);
-					await getTriggers(args.model)?.onUpdate?.(triggerCtx, args.newDoc, args.oldDoc);
-				}
-			})
-		};
-	}
+	adapter: (ctx, getAuthOptions) => isQueryCtx(ctx) ? dbAdapter(ctx, getAuthOptions, config) : httpAdapter(ctx, config)
 });
 
+//#endregion
+//#region src/auth/define-auth.ts
+const defineAuth = (definition) => definition;
+
+//#endregion
+//#region src/auth/generated-contract.ts
+const GENERATED_AUTH_DISABLED_REASONS = {
+	default_export_unavailable: "Auth runtime is disabled. convex/functions/auth.ts default export is unavailable. Export `default defineAuth((ctx) => ({ ...options, triggers }))` and run `better-convex codegen`.",
+	missing_auth_file: "Auth runtime is disabled. Create convex/functions/auth.ts with `export default defineAuth(...)` and run `better-convex codegen`.",
+	missing_default_export: "Auth runtime is disabled. convex/functions/auth.ts exists but does not export a default auth definition. Export `default defineAuth((ctx) => ({ ...options, triggers }))` and run `better-convex codegen`."
+};
+const getGeneratedAuthDisabledReason = (kind) => GENERATED_AUTH_DISABLED_REASONS[kind];
+const DEFAULT_DISABLED_AUTH_MESSAGE = getGeneratedAuthDisabledReason("missing_auth_file");
+const resolveGeneratedAuthDefinition = (input, reason) => {
+	const resolved = typeof input === "function" ? input : typeof input === "object" && input !== null && "default" in input && typeof input.default === "function" ? input.default : void 0;
+	if (typeof resolved === "function") return resolved;
+	throw new Error(reason);
+};
+const withDatabase = (authOptions, ctx, adapter) => ({
+	...authOptions,
+	database: adapter(ctx)
+});
+const withoutTriggers = (authOptions) => {
+	const { triggers: _triggers, ...options } = authOptions;
+	return options;
+};
+const createDisabledError = (message, exportName) => () => {
+	throw new Error(`${message} (${exportName})`);
+};
+const createLazyAuthProxy = (resolve) => new Proxy({}, { get(_target, prop, receiver) {
+	const auth = resolve();
+	const value = Reflect.get(auth, prop, receiver);
+	return typeof value === "function" ? value.bind(auth) : value;
+} });
+const AUTH_RUNTIME_PROCEDURE_TYPES = {
+	create: "mutation",
+	deleteMany: "mutation",
+	deleteOne: "mutation",
+	findMany: "query",
+	findOne: "query",
+	getLatestJwks: "action",
+	rotateKeys: "action",
+	updateMany: "mutation",
+	updateOne: "mutation"
+};
+const decorateProcedureExport = (value, procedureType) => {
+	if (value === null || typeof value !== "object" && typeof value !== "function") return;
+	const procedure = value;
+	if (typeof procedure._handler !== "function") return;
+	procedure._crpcMeta = {
+		...procedure._crpcMeta ?? {},
+		internal: true,
+		type: procedureType
+	};
+	if (typeof procedure.__betterConvexRawHandler !== "function") procedure.__betterConvexRawHandler = ({ ctx, input }) => procedure._handler?.(ctx, input);
+};
+const decorateAuthRuntimeProcedures = (exportsObject) => {
+	for (const [name, procedureType] of Object.entries(AUTH_RUNTIME_PROCEDURE_TYPES)) decorateProcedureExport(exportsObject[name], procedureType);
+	return exportsObject;
+};
+const createAuthRuntime = (config) => {
+	const authDefinition = resolveGeneratedAuthDefinition(config.auth, "Invalid auth definition export. Expected convex/functions/auth.ts default export to be `defineAuth((ctx) => ({ ... }))`.");
+	const authFunctions = config.internal[config.moduleName];
+	const resolveRuntimeTriggers = (ctx) => authDefinition(ctx).triggers;
+	const authClient = createClient({
+		authFunctions,
+		schema: config.schema,
+		...config.context ? { context: config.context } : {},
+		triggers: resolveRuntimeTriggers
+	});
+	const adapterGetAuthOptions = ((ctx) => withoutTriggers(authDefinition(ctx)));
+	const resolveAuthOptions = (ctx) => withDatabase(withoutTriggers(authDefinition(ctx)), ctx, (_ctx) => authClient.adapter(_ctx, adapterGetAuthOptions));
+	const getAuth = (ctx) => betterAuth(resolveAuthOptions(ctx));
+	const decoratedAuthApi = decorateAuthRuntimeProcedures(createApi(config.schema, getAuth, {
+		...config.context ? { context: config.context } : {},
+		triggers: resolveRuntimeTriggers
+	}));
+	let staticAuth;
+	const getStaticAuth = () => {
+		staticAuth ??= betterAuth(resolveAuthOptions({}));
+		return staticAuth;
+	};
+	return {
+		authEnabled: true,
+		authClient,
+		getAuth,
+		auth: createLazyAuthProxy(getStaticAuth),
+		...decoratedAuthApi
+	};
+};
+const createDisabledAuthRuntime = (config) => {
+	const message = config?.reason ?? DEFAULT_DISABLED_AUTH_MESSAGE;
+	return {
+		authEnabled: false,
+		authClient: {
+			authFunctions: {},
+			triggers: void 0,
+			adapter: createDisabledError(message, "authClient.adapter")
+		},
+		auth: new Proxy({}, { get() {
+			throw new Error(`${message} (auth)`);
+		} }),
+		getAuth: createDisabledError(message, "getAuth"),
+		create: createDisabledError(message, "create"),
+		deleteMany: createDisabledError(message, "deleteMany"),
+		deleteOne: createDisabledError(message, "deleteOne"),
+		findMany: createDisabledError(message, "findMany"),
+		findOne: createDisabledError(message, "findOne"),
+		updateMany: createDisabledError(message, "updateMany"),
+		updateOne: createDisabledError(message, "updateOne"),
+		getLatestJwks: createDisabledError(message, "getLatestJwks"),
+		rotateKeys: createDisabledError(message, "rotateKeys")
+	};
+};
+
 //#endregion
 //#region src/auth/helpers.ts
 const getAuthUserIdentity = async (ctx) => {
@@ -1079,7 +1160,7 @@ const getAuthUserId = async (ctx) => {
 	if (!identity) return null;
 	return identity.subject;
 };
-const getSession = async (ctx, _sessionId) => {
+async function getSession(ctx, _sessionId) {
 	let sessionId = _sessionId;
 	if (!sessionId) {
 		const identity = await getAuthUserIdentity(ctx);
@@ -1087,8 +1168,8 @@ const getSession = async (ctx, _sessionId) => {
 		sessionId = identity.sessionId;
 	}
 	if (!sessionId) return null;
-	return await ctx.db.get(sessionId);
-};
+	return await getByIdWithOrmQueryFallback(ctx, "session", sessionId);
+}
 const getHeaders = async (ctx, session) => {
 	const resolvedSession = session ?? await getSession(ctx);
 	if (!resolvedSession) return new Headers();
@@ -1099,398 +1180,4 @@ const getHeaders = async (ctx, session) => {
 };
 
 //#endregion
-//#region src/auth/error-response.ts
-const isApiErrorLike = (error) => !!error && typeof error === "object" && (error.name === "APIError" && "statusCode" in error || typeof error.statusCode === "number");
-const toResponseInit = (error) => {
-	const init = {
-		headers: new Headers(error.headers ?? {}),
-		status: typeof error.statusCode === "number" ? error.statusCode : 500
-	};
-	if (typeof error.status === "string") init.statusText = error.status;
-	return init;
-};
-const toAuthErrorResponse = (error) => {
-	if (!isApiErrorLike(error)) return null;
-	const init = toResponseInit(error);
-	const { body } = error;
-	if (body === void 0) return new Response(null, init);
-	if (typeof body === "string") {
-		if (init.headers instanceof Headers && !init.headers.has("content-type")) init.headers.set("content-type", "text/plain");
-		return new Response(body, init);
-	}
-	return Response.json(body, init);
-};
-
-//#endregion
-//#region src/auth/middleware.ts
-/**
-* Create auth middleware that handles auth routes and OpenID well-known redirect.
-*
-* @example
-* ```ts
-* import { Hono } from 'hono';
-* import { cors } from 'hono/cors';
-* import { authMiddleware } from 'better-convex/auth';
-* import { createHttpRouter } from 'better-convex/server';
-*
-* const app = new Hono();
-* app.use('/api/*', cors({ origin: process.env.SITE_URL, credentials: true }));
-* app.use(authMiddleware(getAuth));
-*
-* export default createHttpRouter(app, appRouter);
-* ```
-*/
-function authMiddleware(getAuth, opts = {}) {
-	const basePath = opts.basePath ?? "/api/auth";
-	return async (c, next) => {
-		if (c.req.path === "/.well-known/openid-configuration") return c.redirect(`${process.env.CONVEX_SITE_URL}${basePath}/convex/.well-known/openid-configuration`);
-		if (c.req.path.startsWith(basePath)) {
-			if (opts.verbose) console.log("request headers", c.req.raw.headers);
-			const auth = getAuth(c.env);
-			let response;
-			try {
-				response = await auth.handler(c.req.raw);
-			} catch (error) {
-				const errorResponse = toAuthErrorResponse(error);
-				if (errorResponse) return errorResponse;
-				throw error;
-			}
-			if (opts.verbose) console.log("response headers", response.headers);
-			return response;
-		}
-		return next();
-	};
-}
-
-//#endregion
-//#region src/internal/upstream/server/cors.ts
-/** biome-ignore-all lint: vendored upstream helper source */
-/**
-* Vendored from upstream helper repository at commit c5e52c8.
-* Source path: packages/convex_helpers/server/cors.ts
-*/
-/**
-* This file defines a CorsHttpRouter class that extends Convex's HttpRouter.
-* It provides CORS (Cross-Origin Resource Sharing) support for HTTP routes.
-*
-* The CorsHttpRouter:
-* 1. Allows specifying allowed origins for CORS.
-* 2. Overrides the route method to add CORS headers to all non-OPTIONS requests.
-* 3. Automatically adds an OPTIONS route to handle CORS preflight requests.
-* 4. Uses the handleCors helper function to apply CORS headers consistently.
-*
-* This router simplifies the process of making Convex HTTP endpoints
-* accessible to web applications hosted on different domains while
-* maintaining proper CORS configuration.
-*/
-const DEFAULT_EXPOSED_HEADERS = ["Content-Range", "Accept-Ranges"];
-/**
-* Factory function to create a router that adds CORS support to routes.
-* @param allowedOrigins An array of allowed origins for CORS.
-* @returns A function to use instead of http.route when you want CORS.
-*/
-const corsRouter = (http, corsConfig) => {
-	const allowedExactMethodsByPath = /* @__PURE__ */ new Map();
-	const allowedPrefixMethodsByPath = /* @__PURE__ */ new Map();
-	return {
-		http,
-		route: (routeSpec) => {
-			const tempRouter = httpRouter();
-			tempRouter.exactRoutes = http.exactRoutes;
-			tempRouter.prefixRoutes = http.prefixRoutes;
-			const config = {
-				...corsConfig,
-				...routeSpec
-			};
-			const httpCorsHandler = handleCors({
-				originalHandler: routeSpec.handler,
-				allowedMethods: [routeSpec.method],
-				...config
-			});
-			/**
-			* Figure out what kind of route we're adding: exact or prefix and handle
-			* accordingly.
-			*/
-			if ("path" in routeSpec) {
-				let methods = allowedExactMethodsByPath.get(routeSpec.path);
-				if (!methods) {
-					methods = /* @__PURE__ */ new Set();
-					allowedExactMethodsByPath.set(routeSpec.path, methods);
-				}
-				methods.add(routeSpec.method);
-				tempRouter.route({
-					path: routeSpec.path,
-					method: routeSpec.method,
-					handler: httpCorsHandler
-				});
-				handleExactRoute(tempRouter, routeSpec, config, Array.from(methods));
-			} else {
-				let methods = allowedPrefixMethodsByPath.get(routeSpec.pathPrefix);
-				if (!methods) {
-					methods = /* @__PURE__ */ new Set();
-					allowedPrefixMethodsByPath.set(routeSpec.pathPrefix, methods);
-				}
-				methods.add(routeSpec.method);
-				tempRouter.route({
-					pathPrefix: routeSpec.pathPrefix,
-					method: routeSpec.method,
-					handler: httpCorsHandler
-				});
-				handlePrefixRoute(tempRouter, routeSpec, config, Array.from(methods));
-			}
-			/**
-			* Copy the routes from the temporary router to the main router.
-			*/
-			http.exactRoutes = new Map(tempRouter.exactRoutes);
-			http.prefixRoutes = new Map(tempRouter.prefixRoutes);
-		}
-	};
-};
-/**
-* Handles exact route matching and adds OPTIONS handler.
-* @param tempRouter Temporary router instance.
-* @param routeSpec Route specification for exact matching.
-*/
-function handleExactRoute(tempRouter, routeSpec, config, allowedMethods) {
-	const currentMethodsForPath = tempRouter.exactRoutes.get(routeSpec.path);
-	/**
-	* Add the OPTIONS handler for the given path
-	*/
-	const optionsHandler = createOptionsHandlerForMethods(allowedMethods, config);
-	currentMethodsForPath?.set("OPTIONS", optionsHandler);
-	tempRouter.exactRoutes.set(routeSpec.path, new Map(currentMethodsForPath));
-}
-/**
-* Handles prefix route matching and adds OPTIONS handler.
-* @param tempRouter Temporary router instance.
-* @param routeSpec Route specification for prefix matching.
-*/
-function handlePrefixRoute(tempRouter, routeSpec, config, allowedMethods) {
-	/**
-	* prefixRoutes is structured differently than exactRoutes. It's defined as
-	* a Map<string, Map<string, PublicHttpAction>> where the KEY is the
-	* METHOD and the VALUE is a map of paths and handlers.
-	*/
-	const optionsHandler = createOptionsHandlerForMethods(allowedMethods, config);
-	const optionsPrefixes = tempRouter.prefixRoutes.get("OPTIONS") || /* @__PURE__ */ new Map();
-	optionsPrefixes.set(routeSpec.pathPrefix, optionsHandler);
-	tempRouter.prefixRoutes.set("OPTIONS", optionsPrefixes);
-}
-/**
-* Creates an OPTIONS handler for the given HTTP methods.
-* @param methods Array of HTTP methods to be allowed.
-* @returns A CORS-enabled OPTIONS handler.
-*/
-function createOptionsHandlerForMethods(methods, config) {
-	return handleCors({
-		...config,
-		allowedMethods: methods
-	});
-}
-/**
-* handleCors() is a higher-order function that wraps a Convex HTTP action handler to add CORS support.
-* It allows for customization of allowed HTTP methods and origins for cross-origin requests.
-*
-* The function:
-* 1. Validates and normalizes the allowed HTTP methods.
-* 2. Generates appropriate CORS headers based on the provided configuration.
-* 3. Handles preflight OPTIONS requests automatically.
-* 4. Wraps the original handler to add CORS headers to its response.
-*
-* This helper simplifies the process of making Convex HTTP actions accessible
-* to web applications hosted on different domains.
-*/
-const SECONDS_IN_A_DAY = 3600 * 24;
-/**
-* Example CORS origins:
-* - "*" (allow all origins)
-* - "https://example.com" (allow a specific domain)
-* - "https://*.example.com" (allow all subdomains of example.com)
-* - "https://example1.com, https://example2.com" (allow multiple specific domains)
-* - "null" (allow requests from data URLs or local files)
-*/
-const handleCors = ({ originalHandler, allowedMethods = ["OPTIONS"], allowedOrigins = ["*"], allowedHeaders = ["Content-Type"], exposedHeaders = DEFAULT_EXPOSED_HEADERS, allowCredentials = false, browserCacheMaxAge = SECONDS_IN_A_DAY, enforceAllowOrigins = false, debug = false }) => {
-	const filteredMethods = Array.from(new Set(allowedMethods.map((method) => method.toUpperCase()))).filter((method) => ROUTABLE_HTTP_METHODS.includes(method));
-	if (filteredMethods.length === 0) throw new Error("No valid HTTP methods provided");
-	/**
-	* Ensure OPTIONS is not duplicated if it was passed in
-	* E.g. if allowedMethods = ["GET", "OPTIONS"]
-	*/
-	const allowMethods = filteredMethods.includes("OPTIONS") ? filteredMethods.join(", ") : [...filteredMethods].join(", ");
-	/**
-	* Build up the set of CORS headers
-	*/
-	const commonHeaders = { Vary: "Origin" };
-	if (allowCredentials) commonHeaders["Access-Control-Allow-Credentials"] = "true";
-	if (exposedHeaders.length > 0) commonHeaders["Access-Control-Expose-Headers"] = exposedHeaders.join(", ");
-	async function parseAllowedOrigins(request) {
-		return Array.isArray(allowedOrigins) ? allowedOrigins : await allowedOrigins(request);
-	}
-	async function isAllowedOrigin(request) {
-		const requestOrigin = request.headers.get("origin");
-		if (!requestOrigin) return false;
-		return (await parseAllowedOrigins(request)).some((allowed) => {
-			if (allowed === "*") return true;
-			if (allowed === requestOrigin) return true;
-			if (allowed.startsWith("*.")) {
-				const wildcardDomain = allowed.slice(1);
-				const rootDomain = allowed.slice(2);
-				try {
-					const url = new URL(requestOrigin);
-					return url.protocol === "https:" && (url.hostname.endsWith(wildcardDomain) || url.hostname === rootDomain);
-				} catch {
-					return false;
-				}
-			}
-			return false;
-		});
-	}
-	/**
-	* Return our modified HTTP action
-	*/
-	return httpActionGeneric(async (ctx, request) => {
-		if (debug) console.log("CORS request", {
-			path: request.url,
-			origin: request.headers.get("origin"),
-			headers: request.headers,
-			method: request.method,
-			body: request.body
-		});
-		const requestOrigin = request.headers.get("origin");
-		const parsedAllowedOrigins = await parseAllowedOrigins(request);
-		if (debug) console.log("allowed origins", parsedAllowedOrigins);
-		let allowOrigins = null;
-		if (parsedAllowedOrigins.includes("*") && requestOrigin && !allowCredentials) allowOrigins = requestOrigin;
-		else if (requestOrigin) {
-			if (await isAllowedOrigin(request)) allowOrigins = requestOrigin;
-		}
-		if (enforceAllowOrigins && !allowOrigins) {
-			console.error(`Request from origin ${requestOrigin} blocked, missing from allowed origins: ${parsedAllowedOrigins.join()}`);
-			return new Response(null, { status: 403 });
-		}
-		/**
-		* OPTIONS has no handler and just returns headers
-		*/
-		if (request.method === "OPTIONS") {
-			const responseHeaders = new Headers({
-				...commonHeaders,
-				...allowOrigins ? { "Access-Control-Allow-Origin": allowOrigins } : {},
-				"Access-Control-Allow-Methods": allowMethods,
-				"Access-Control-Allow-Headers": allowedHeaders.join(", "),
-				"Access-Control-Max-Age": browserCacheMaxAge.toString()
-			});
-			if (debug) console.log("CORS OPTIONS response headers", responseHeaders);
-			return new Response(null, {
-				status: 204,
-				headers: responseHeaders
-			});
-		}
-		/**
-		* If the method is not OPTIONS, it must pass a handler
-		*/
-		if (!originalHandler) throw new Error("No PublicHttpAction provider to CORS handler");
-		const originalResponse = await ("_handler" in originalHandler ? originalHandler["_handler"] : originalHandler)(ctx, request);
-		/**
-		* Second, get a copy of the original response's headers and add the
-		* allow origin header if it's allowed
-		*/
-		const newHeaders = new Headers(originalResponse.headers);
-		if (allowOrigins) newHeaders.set("Access-Control-Allow-Origin", allowOrigins);
-		/**
-		* Third, add or update our other CORS headers
-		*/
-		Object.entries(commonHeaders).forEach(([key, value]) => {
-			newHeaders.set(key, value);
-		});
-		if (debug) console.log("CORS response headers", newHeaders);
-		/**
-		* Fourth, return the modified Response.
-		* A Response object is immutable, so we create a new one to return here.
-		*/
-		return new Response(originalResponse.body, {
-			status: originalResponse.status,
-			statusText: originalResponse.statusText,
-			headers: newHeaders
-		});
-	});
-};
-
-//#endregion
-//#region src/auth/registerRoutes.ts
-/** biome-ignore-all lint/suspicious/noConsole: lib */
-const registerRoutes = (http, getAuth, opts = {}) => {
-	const staticAuth = getAuth({});
-	const path = staticAuth.options.basePath ?? "/api/auth";
-	const authRequestHandler = httpActionGeneric(async (ctx, request) => {
-		if (opts?.verbose) {
-			console.log("options.baseURL", staticAuth.options.baseURL);
-			console.log("request headers", request.headers);
-		}
-		const auth = getAuth(ctx);
-		let response;
-		try {
-			response = await auth.handler(request);
-		} catch (error) {
-			const errorResponse = toAuthErrorResponse(error);
-			if (errorResponse) return errorResponse;
-			throw error;
-		}
-		if (opts?.verbose) console.log("response headers", response.headers);
-		return response;
-	});
-	if (!http.lookup("/.well-known/openid-configuration", "GET")) http.route({
-		handler: httpActionGeneric(async () => {
-			const url = `${process.env.CONVEX_SITE_URL}${path}/convex/.well-known/openid-configuration`;
-			return Response.redirect(url);
-		}),
-		method: "GET",
-		path: "/.well-known/openid-configuration"
-	});
-	if (!opts.cors) {
-		http.route({
-			handler: authRequestHandler,
-			method: "GET",
-			pathPrefix: `${path}/`
-		});
-		http.route({
-			handler: authRequestHandler,
-			method: "POST",
-			pathPrefix: `${path}/`
-		});
-		return;
-	}
-	const corsOpts = typeof opts.cors === "boolean" ? {
-		allowedHeaders: [],
-		allowedOrigins: [],
-		exposedHeaders: []
-	} : opts.cors;
-	let trustedOriginsOption;
-	const cors = corsRouter(http, {
-		allowCredentials: true,
-		allowedHeaders: [
-			"Content-Type",
-			"Better-Auth-Cookie",
-			"Authorization"
-		].concat(corsOpts.allowedHeaders ?? []),
-		debug: opts?.verbose,
-		enforceAllowOrigins: false,
-		exposedHeaders: ["Set-Better-Auth-Cookie"].concat(corsOpts.exposedHeaders ?? []),
-		allowedOrigins: async (request) => {
-			trustedOriginsOption = trustedOriginsOption ?? (await staticAuth.$context).options.trustedOrigins ?? [];
-			return (Array.isArray(trustedOriginsOption) ? trustedOriginsOption : await trustedOriginsOption?.(request) ?? []).map((origin) => origin.endsWith("*") && origin.length > 1 ? origin.slice(0, -1) : origin).concat(corsOpts.allowedOrigins ?? []);
-		}
-	});
-	cors.route({
-		handler: authRequestHandler,
-		method: "GET",
-		pathPrefix: `${path}/`
-	});
-	cors.route({
-		handler: authRequestHandler,
-		method: "POST",
-		pathPrefix: `${path}/`
-	});
-};
-
-//#endregion
-export { adapterArgsValidator, adapterConfig, adapterWhereValidator, authMiddleware, checkUniqueFields, convex, createApi, createClient, createHandler, dbAdapter, deleteManyHandler, deleteOneHandler, findManyHandler, findOneHandler, getAuthUserId, getAuthUserIdentity, getHeaders, getSession, handlePagination, hasUniqueFields, httpAdapter, listOne, paginate, registerRoutes, selectFields, updateManyHandler, updateOneHandler };
+export { adapterArgsValidator, adapterConfig, adapterWhereValidator, checkUniqueFields, convex, createApi, createAuthRuntime, createClient, createDisabledAuthRuntime, createHandler, dbAdapter, defineAuth, deleteManyHandler, deleteOneHandler, findManyHandler, findOneHandler, getAuthUserId, getAuthUserIdentity, getGeneratedAuthDisabledReason, getHeaders, getSession, handlePagination, hasUniqueFields, httpAdapter, listOne, paginate, resolveGeneratedAuthDefinition, selectFields, updateManyHandler, updateOneHandler };