create-croissant 0.1.1 → 0.1.2

package/template/apps/web/node_modules/@better-auth/core/src/instrumentation/noop.ts

@@ -0,0 +1,74 @@
+import type { Span, Tracer } from "@opentelemetry/api";
+
+export type OpenTelemetryAPI = Pick<
+	typeof import("@opentelemetry/api"),
+	"trace" | "SpanStatusCode"
+>;
+
+function createNoopSpan(): Span {
+	const span = {
+		end(): void {},
+		setAttribute(_key: string, _value: unknown): void {},
+		setStatus(_status: unknown): void {},
+		recordException(_exception: unknown): void {},
+		updateName(_name: string) {
+			return span;
+		},
+	} as unknown as Span;
+	return span;
+}
+
+function createNoopTracer(noopSpan: Span): Tracer {
+	// OpenTelemetry `Tracer.startActiveSpan` has three overloads:
+	//   (name, fn)
+	//   (name, options, fn)
+	//   (name, options, context, fn)
+	// The callback is always the last argument; fish it out by arity so a
+	// 2-arg call (options omitted) doesn't try to invoke `undefined`.
+	function startActiveSpan<F extends (span: Span) => unknown>(
+		_name: string,
+		fn: F,
+	): ReturnType<F>;
+	function startActiveSpan<F extends (span: Span) => unknown>(
+		_name: string,
+		_options: { attributes?: Record<string, string | number | boolean> },
+		fn: F,
+	): ReturnType<F>;
+	function startActiveSpan<F extends (span: Span) => unknown>(
+		_name: string,
+		_options: { attributes?: Record<string, string | number | boolean> },
+		_context: unknown,
+		fn: F,
+	): ReturnType<F>;
+	function startActiveSpan(_name: string, ...rest: Array<unknown>): unknown {
+		const fn = rest[rest.length - 1] as (span: Span) => unknown;
+		return fn(noopSpan);
+	}
+	return { startActiveSpan } as Tracer;
+}
+
+function createNoopTraceAPI() {
+	const noopTracer = createNoopTracer(createNoopSpan());
+	return {
+		getTracer(_name?: string, _version?: string) {
+			return noopTracer;
+		},
+		getActiveSpan(): Span | undefined {
+			return undefined;
+		},
+	};
+}
+
+function createNoopOpenTelemetryAPI(): OpenTelemetryAPI {
+	return {
+		SpanStatusCode: {
+			UNSET: 0,
+			OK: 1,
+			ERROR: 2,
+		},
+		trace: createNoopTraceAPI(),
+	} as OpenTelemetryAPI;
+}
+
+export const noopOpenTelemetryAPI: OpenTelemetryAPI =
+	createNoopOpenTelemetryAPI();

package/template/apps/web/node_modules/@better-auth/core/src/instrumentation/pure.index.ts

@@ -0,0 +1,31 @@
+/**
+ * Noop variant of `./instrumentation` for runtimes where the dynamic
+ * `import("@opentelemetry/api")` in `./api` throws synchronously instead of
+ * rejecting its returned promise. Convex's V8 isolate is the reproducer: bare
+ * specifiers are rejected at resolve time in `get-convex/convex-backend`
+ * `crates/isolate/src/request_scope.rs`, so the `.catch()` in
+ * `getOpenTelemetryAPI` never runs and every `withSpan` call surfaces an
+ * uncaught error.
+ *
+ * Public surface must stay identical to `./index` (enforced by `pure.test.ts`).
+ */
+
+export * from "./attributes";
+
+export function withSpan<T>(
+	name: string,
+	attributes: Record<string, string | number | boolean>,
+	fn: () => T,
+): T;
+export function withSpan<T>(
+	name: string,
+	attributes: Record<string, string | number | boolean>,
+	fn: () => Promise<T>,
+): Promise<T>;
+export function withSpan<T>(
+	_name: string,
+	_attributes: Record<string, string | number | boolean>,
+	fn: () => T | Promise<T>,
+): T | Promise<T> {
+	return fn();
+}

package/template/apps/web/node_modules/@better-auth/core/src/oauth2/index.ts

@@ -15,7 +15,11 @@ export {
 	refreshAccessToken,
 	refreshAccessTokenRequest,
 } from "./refresh-access-token";
-export { generateCodeChallenge, getOAuth2Tokens } from "./utils";
+export {
+	generateCodeChallenge,
+	getOAuth2Tokens,
+	getPrimaryClientId,
+} from "./utils";
 export {
 	authorizationCodeRequest,
 	createAuthorizationCodeRequest,

package/template/apps/web/node_modules/@better-auth/core/src/oauth2/utils.ts

@@ -28,6 +28,19 @@ export function getOAuth2Tokens(data: Record<string, any>): OAuth2Tokens {
 	};
 }
 
+/**
+ * Return the provider's primary Client ID: the single string, or the entry at
+ * array index 0 for the cross-platform form used by ID token audience
+ * verification. Index 0 is the designated primary and pairs with
+ * `clientSecret` for the authorization code flow; later array entries are
+ * only used as additional accepted audiences. Returns `undefined` when the
+ * primary value is missing or an empty string.
+ */
+export function getPrimaryClientId(clientId: unknown): string | undefined {
+	const value = Array.isArray(clientId) ? clientId[0] : clientId;
+	return typeof value === "string" && value.length > 0 ? value : undefined;
+}
+
 export async function generateCodeChallenge(codeVerifier: string) {
 	const encoder = new TextEncoder();
 	const data = encoder.encode(codeVerifier);

package/template/apps/web/node_modules/@better-auth/core/src/social-providers/apple.ts

@@ -1,10 +1,12 @@
 import { betterFetch } from "@better-fetch/fetch";
 
 import { decodeJwt, decodeProtectedHeader, importJWK, jwtVerify } from "jose";
-import { APIError } from "../error";
+import { logger } from "../env";
+import { APIError, BetterAuthError } from "../error";
 import type { OAuthProvider, ProviderOptions } from "../oauth2";
 import {
 	createAuthorizationURL,
+	getPrimaryClientId,
 	refreshAccessToken,
 	validateAuthorizationCode,
 } from "../oauth2";
@@ -70,7 +72,7 @@ export interface AppleNonConformUser {
 }
 
 export interface AppleOptions extends ProviderOptions<AppleProfile> {
-	clientId: string;
+	clientId: string | string[];
 	appBundleIdentifier?: string | undefined;
 	audience?: (string | string[]) | undefined;
 }
@@ -81,6 +83,12 @@ export const apple = (options: AppleOptions) => {
 		id: "apple",
 		name: "Apple",
 		async createAuthorizationURL({ state, scopes, redirectURI }) {
+			if (!getPrimaryClientId(options.clientId) || !options.clientSecret) {
+				logger.error(
+					"Client ID and client secret are required for Apple. Make sure to provide them in the options.",
+				);
+				throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
+			}
 			const _scope = options.disableDefaultScope ? [] : ["email", "name"];
 			if (options.scope) _scope.push(...options.scope);
 			if (scopes) _scope.push(...scopes);

package/template/apps/web/node_modules/@better-auth/core/src/social-providers/cognito.ts

@@ -5,6 +5,7 @@ import { APIError, BetterAuthError } from "../error";
 import type { OAuthProvider, ProviderOptions } from "../oauth2";
 import {
 	createAuthorizationURL,
+	getPrimaryClientId,
 	refreshAccessToken,
 	validateAuthorizationCode,
 } from "../oauth2";
@@ -30,7 +31,7 @@ export interface CognitoProfile {
 }
 
 export interface CognitoOptions extends ProviderOptions<CognitoProfile> {
-	clientId: string;
+	clientId: string | string[];
 	/**
 	 * The Cognito domain (e.g., "your-app.auth.us-east-1.amazoncognito.com")
 	 */
@@ -60,7 +61,7 @@ export const cognito = (options: CognitoOptions) => {
 		id: "cognito",
 		name: "Cognito",
 		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
-			if (!options.clientId) {
+			if (!getPrimaryClientId(options.clientId)) {
 				logger.error(
 					"ClientId is required for Amazon Cognito. Make sure to provide them in the options.",
 				);

package/template/apps/web/node_modules/@better-auth/core/src/social-providers/facebook.ts

@@ -1,8 +1,11 @@
 import { betterFetch } from "@better-fetch/fetch";
 import { createRemoteJWKSet, decodeJwt, jwtVerify } from "jose";
+import { logger } from "../env";
+import { BetterAuthError } from "../error";
 import type { OAuthProvider, ProviderOptions } from "../oauth2";
 import {
 	createAuthorizationURL,
+	getPrimaryClientId,
 	refreshAccessToken,
 	validateAuthorizationCode,
 } from "../oauth2";
@@ -22,7 +25,7 @@ export interface FacebookProfile {
 }
 
 export interface FacebookOptions extends ProviderOptions<FacebookProfile> {
-	clientId: string;
+	clientId: string | string[];
 	/**
 	 * Extend list of fields to retrieve from the Facebook user profile.
 	 *
@@ -41,6 +44,12 @@ export const facebook = (options: FacebookOptions) => {
 		id: "facebook",
 		name: "Facebook",
 		async createAuthorizationURL({ state, scopes, redirectURI, loginHint }) {
+			if (!getPrimaryClientId(options.clientId) || !options.clientSecret) {
+				logger.error(
+					"Client ID and client secret are required for Facebook. Make sure to provide them in the options.",
+				);
+				throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
+			}
 			const _scopes = options.disableDefaultScope
 				? []
 				: ["email", "public_profile"];

package/template/apps/web/node_modules/@better-auth/core/src/social-providers/google.ts

@@ -5,6 +5,7 @@ import { APIError, BetterAuthError } from "../error";
 import type { OAuthProvider, ProviderOptions } from "../oauth2";
 import {
 	createAuthorizationURL,
+	getPrimaryClientId,
 	refreshAccessToken,
 	validateAuthorizationCode,
 } from "../oauth2";
@@ -37,7 +38,7 @@ export interface GoogleProfile {
 }
 
 export interface GoogleOptions extends ProviderOptions<GoogleProfile> {
-	clientId: string;
+	clientId: string | string[];
 	/**
 	 * The access type to use for the authorization code request
 	 */
@@ -64,7 +65,7 @@ export const google = (options: GoogleOptions) => {
 			loginHint,
 			display,
 		}) {
-			if (!options.clientId || !options.clientSecret) {
+			if (!getPrimaryClientId(options.clientId) || !options.clientSecret) {
 				logger.error(
 					"Client Id and Client Secret is required for Google. Make sure to provide them in the options.",
 				);

package/template/apps/web/node_modules/@better-auth/core/src/social-providers/microsoft-entra-id.ts

@@ -2,10 +2,11 @@ import { base64 } from "@better-auth/utils/base64";
 import { betterFetch } from "@better-fetch/fetch";
 import { decodeJwt, decodeProtectedHeader, importJWK, jwtVerify } from "jose";
 import { logger } from "../env";
-import { APIError } from "../error";
+import { APIError, BetterAuthError } from "../error";
 import type { OAuthProvider, ProviderOptions } from "../oauth2";
 import {
 	createAuthorizationURL,
+	getPrimaryClientId,
 	refreshAccessToken,
 	validateAuthorizationCode,
 } from "../oauth2";
@@ -116,7 +117,7 @@ export interface MicrosoftEntraIDProfile extends Record<string, any> {
 
 export interface MicrosoftOptions
 	extends ProviderOptions<MicrosoftEntraIDProfile> {
-	clientId: string;
+	clientId: string | string[];
 	/**
 	 * The tenant ID of the Microsoft account
 	 * @default "common"
@@ -149,6 +150,15 @@ export const microsoft = (options: MicrosoftOptions) => {
 		id: "microsoft",
 		name: "Microsoft EntraID",
 		createAuthorizationURL(data) {
+			// Microsoft Entra supports public clients (SPA / native apps with
+			// PKCE only), so clientSecret is intentionally not required here.
+			// See https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow
+			if (!getPrimaryClientId(options.clientId)) {
+				logger.error(
+					"Client Id is required for Microsoft Entra ID. Make sure to provide it in the options.",
+				);
+				throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
+			}
 			const scopes = options.disableDefaultScope
 				? []
 				: ["openid", "profile", "email", "User.Read", "offline_access"];
@@ -190,7 +200,7 @@ export const microsoft = (options: MicrosoftOptions) => {
 				const publicKey = await getMicrosoftPublicKey(kid, tenant, authority);
 				const verifyOptions: {
 					algorithms: [string];
-					audience: string;
+					audience: string | string[];
 					maxTokenAge: string;
 					issuer?: string;
 				} = {

package/template/apps/web/node_modules/@better-auth/core/src/utils/is-api-error.ts

@@ -0,0 +1,10 @@
+import { APIError as BaseAPIError } from "better-call";
+import { APIError } from "../error";
+
+export function isAPIError(error: unknown): error is APIError {
+	return (
+		error instanceof BaseAPIError ||
+		error instanceof APIError ||
+		(error as { name?: string })?.name === "APIError"
+	);
+}

package/template/apps/web/node_modules/@better-auth/drizzle-adapter/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@better-auth/drizzle-adapter",
-  "version": "1.6.6",
+  "version": "1.6.7",
   "description": "Drizzle adapter for Better Auth",
   "type": "module",
   "license": "MIT",
@@ -37,7 +37,7 @@
   "peerDependencies": {
     "@better-auth/utils": "0.4.0",
     "drizzle-orm": "^0.45.2",
-    "@better-auth/core": "^1.6.6"
+    "@better-auth/core": "^1.6.7"
   },
   "peerDependenciesMeta": {
     "drizzle-orm": {
@@ -49,7 +49,7 @@
     "drizzle-orm": "^0.45.2",
     "tsdown": "0.21.1",
     "typescript": "^5.9.3",
-    "@better-auth/core": "1.6.6"
+    "@better-auth/core": "1.6.7"
   },
   "scripts": {
     "build": "tsdown",

package/template/apps/web/package.json

@@ -14,10 +14,10 @@
     "db:studio": "drizzle-kit studio"
   },
   "dependencies": {
-    "@better-auth/drizzle-adapter": "^1.6.6",
+    "@better-auth/drizzle-adapter": "^1.6.7",
     "@noble/ciphers": "^2.2.0",
-    "@orpc/client": "^1.13.14",
-    "@orpc/server": "^1.13.14",
+    "@orpc/client": "^1.14.0",
+    "@orpc/server": "^1.14.0",
     "@tailwindcss/vite": "^4.2.4",
     "@tanstack/react-router": "^1.132.0",
     "@tanstack/react-start": "^1.132.0",
@@ -25,7 +25,7 @@
     "@workspace/auth": "*",
     "@workspace/orpc": "*",
     "@workspace/ui": "*",
-    "better-auth": "^1.6.6",
+    "better-auth": "^1.6.7",
     "lucide-react": "^1.8.0",
     "nitro": "latest",
     "react": "^19.2.4",

package/template/apps/web/src/components/app-sidebar.tsx

@@ -1,8 +1,11 @@
 import * as React from "react"
+import { Link } from "@tanstack/react-router"
+import { LogOut, User } from "lucide-react"
 
 import {
   Sidebar,
   SidebarContent,
+  SidebarFooter,
   SidebarGroup,
   SidebarGroupContent,
   SidebarGroupLabel,
@@ -12,149 +15,57 @@ import {
   SidebarMenuItem,
   SidebarRail,
 } from "@workspace/ui/components/sidebar"
-import { SearchForm } from "@/components/search-form"
-import { VersionSwitcher } from "@/components/version-switcher"
+import { Avatar, AvatarFallback, AvatarImage } from "@workspace/ui/components/avatar"
+import { authClient } from "../lib/auth-client"
 
 // This is sample data.
 const data = {
-  versions: ["1.0.1", "1.1.0-alpha", "2.0.0-beta1"],
   navMain: [
     {
-      title: "Getting Started",
-      url: "#",
+      title: "Examples",
       items: [
         {
-          title: "Installation",
-          url: "#",
+          title: "SSR + oRPC",
+          url: "/ssr-orpc",
         },
         {
-          title: "Project Structure",
-          url: "#",
-        },
-      ],
-    },
-    {
-      title: "Build Your Application",
-      url: "#",
-      items: [
-        {
-          title: "Routing",
-          url: "#",
-        },
-        {
-          title: "Data Fetching",
-          url: "#",
-          isActive: true,
-        },
-        {
-          title: "Rendering",
-          url: "#",
-        },
-        {
-          title: "Caching",
-          url: "#",
-        },
-        {
-          title: "Styling",
-          url: "#",
+          title: "SSR + oRPC (Auth)",
+          url: "/ssr-orpc-auth",
         },
         {
-          title: "Optimizing",
-          url: "#",
+          title: "Client + oRPC",
+          url: "/client-orpc",
         },
         {
-          title: "Configuring",
-          url: "#",
+          title: "Client + oRPC (Auth)",
+          url: "/client-orpc-auth",
         },
         {
-          title: "Testing",
-          url: "#",
-        },
-        {
-          title: "Authentication",
-          url: "#",
-        },
-        {
-          title: "Deploying",
-          url: "#",
-        },
-        {
-          title: "Upgrading",
-          url: "#",
-        },
-        {
-          title: "Examples",
-          url: "#",
-        },
-      ],
-    },
-    {
-      title: "API Reference",
-      url: "#",
-      items: [
-        {
-          title: "Components",
-          url: "#",
-        },
-        {
-          title: "File Conventions",
-          url: "#",
-        },
-        {
-          title: "Functions",
-          url: "#",
-        },
-        {
-          title: "next.config.js Options",
-          url: "#",
-        },
-        {
-          title: "CLI",
-          url: "#",
-        },
-        {
-          title: "Edge Runtime",
-          url: "#",
-        },
-      ],
-    },
-    {
-      title: "Architecture",
-      url: "#",
-      items: [
-        {
-          title: "Accessibility",
-          url: "#",
-        },
-        {
-          title: "Fast Refresh",
-          url: "#",
-        },
-        {
-          title: "Next.js Compiler",
-          url: "#",
-        },
-        {
-          title: "Supported Browsers",
-          url: "#",
-        },
-        {
-          title: "Turbopack",
-          url: "#",
+          title: "ISR",
+          url: "/isr",
         },
       ],
     },
   ],
 }
+
 export function AppSidebar({ ...props }: React.ComponentProps<typeof Sidebar>) {
+  const [user, setUser] = React.useState<any>(null)
+
+  React.useEffect(() => {
+    const checkSession = async () => {
+      const { data: sessionData } = await authClient.getSession()
+      setUser(sessionData?.user || null)
+    }
+    checkSession()
+  }, [])
+
   return (
     <Sidebar {...props}>
       <SidebarHeader>
-        <VersionSwitcher
-          versions={data.versions}
-          defaultVersion={data.versions[0]}
-        />
-        <SearchForm />
+        <div className="flex items-center gap-2 px-4 py-2">
+          <span className="font-bold">LLM Trust</span>
+        </div>
       </SidebarHeader>
       <SidebarContent>
         {data.navMain.map((item) => (
@@ -165,8 +76,12 @@ export function AppSidebar({ ...props }: React.ComponentProps<typeof Sidebar>) {
                 {item.items.map((subItem) => (
                   <SidebarMenuItem key={subItem.title}>
                     <SidebarMenuButton
-                      isActive={subItem.isActive}
-                      render={<a href={subItem.url} />}
+                      render={
+                        <Link
+                          to={subItem.url}
+                          activeProps={{ className: "bg-sidebar-accent" }}
+                        />
+                      }
                     >
                       {subItem.title}
                     </SidebarMenuButton>
@@ -177,6 +92,47 @@ export function AppSidebar({ ...props }: React.ComponentProps<typeof Sidebar>) {
           </SidebarGroup>
         ))}
       </SidebarContent>
+      <SidebarFooter>
+        <SidebarMenu>
+          <SidebarMenuItem>
+            {user ? (
+              <SidebarMenuButton
+                size="lg"
+                className="data-[state=open]:bg-sidebar-accent data-[state=open]:text-sidebar-accent-foreground"
+              >
+                <Avatar className="h-8 w-8 rounded-lg">
+                  <AvatarImage src={user.image || ""} alt={user.name} />
+                  <AvatarFallback className="rounded-lg">
+                    {user.name?.charAt(0) || "U"}
+                  </AvatarFallback>
+                </Avatar>
+                <div className="grid flex-1 text-left text-sm leading-tight">
+                  <span className="truncate font-semibold">{user.name}</span>
+                  <span className="truncate text-xs">{user.email}</span>
+                </div>
+                <button
+                  onClick={async () => {
+                    await authClient.signOut()
+                    window.location.reload()
+                  }}
+                  className="ml-auto"
+                >
+                  <LogOut className="h-4 w-4" />
+                </button>
+              </SidebarMenuButton>
+            ) : (
+              <SidebarMenuButton
+                render={
+                  <Link to="/login" className="flex items-center gap-2" />
+                }
+              >
+                <User className="h-4 w-4" />
+                <span>Sign In</span>
+              </SidebarMenuButton>
+            )}
+          </SidebarMenuItem>
+        </SidebarMenu>
+      </SidebarFooter>
       <SidebarRail />
     </Sidebar>
   )