create-instant-app 0.22.167 → 0.22.168

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-instant-app",
-  "version": "0.22.167",
+  "version": "0.22.168",
   "description": "Scaffold a new web/mobile app with InstantDB",
   "homepage": "https://github.com/instantdb/instant/tree/main/client/packages/create-instant-app",
   "repository": {
@@ -36,9 +36,9 @@
     "ora": "6.3.1",
     "slugify": "^1.6.6",
     "sort-package-json": "^2.10.0",
-    "@instantdb/version": "0.22.167",
-    "@instantdb/platform": "0.22.167",
-    "instant-cli": "0.22.167"
+    "@instantdb/version": "0.22.168",
+    "@instantdb/platform": "0.22.168",
+    "instant-cli": "0.22.168"
   },
   "devDependencies": {
     "@anthropic-ai/sdk": "^0.60.0",

package/template/rules/AGENTS.md

@@ -176,9 +176,11 @@ data.ref(someVar + '.members.id')
 ## $users Permissions
 
 - Default `view` permission is `auth.id == data.id`
-- Default `create`, `update`, and `delete` permissions is false
-- Can override `view` and `update`
-- Cannot override `create` or `delete`
+- Default `update` and `delete` permissions is false
+- Default `create` permission is true (anyone can sign up)
+- Can override `view`, `update`, and `create`
+- Cannot override `delete`
+- The `create` rule runs during auth signup flows (not via `transact`). Use it to restrict signups or validate `extraFields`.
 
 ## $files Permissions
 
@@ -277,6 +279,30 @@ function App() {
 }
 ```
 
+## Set custom properties at signup with `extraFields`
+
+Pass `extraFields` to any sign-in method to write custom `$users` properties atomically on user creation.
+Fields must be defined as optional attrs on `$users` in your schema.
+Use the `created` boolean to scaffold data for new users.
+
+```tsx
+// Set properties at signup
+const { user, created } = await db.auth.signInWithMagicCode({
+  email,
+  code,
+  extraFields: { nickname, createdAt: Date.now() },
+});
+
+// Scaffold data for new users
+if (created) {
+  db.transact([
+    db.tx.settings[id()]
+      .update({ theme: 'light', notifications: true })
+      .link({ user: user.id }),
+  ]);
+}
+```
+
 # Ad-hoc queries from the CLI
 
 Run `npx instant-cli query '{ posts: {} }' --admin` to query your app. A context flag is required: `--admin`, `--as-email <email>`, or `--as-guest`. Also supports `--app <id>`.

package/template/rules/cursor-rules.md

@@ -182,9 +182,11 @@ data.ref(someVar + '.members.id')
 ## $users Permissions
 
 - Default `view` permission is `auth.id == data.id`
-- Default `create`, `update`, and `delete` permissions is false
-- Can override `view` and `update`
-- Cannot override `create` or `delete`
+- Default `update` and `delete` permissions is false
+- Default `create` permission is true (anyone can sign up)
+- Can override `view`, `update`, and `create`
+- Cannot override `delete`
+- The `create` rule runs during auth signup flows (not via `transact`). Use it to restrict signups or validate `extraFields`.
 
 ## $files Permissions
 
@@ -283,6 +285,30 @@ function App() {
 }
 ```
 
+## Set custom properties at signup with `extraFields`
+
+Pass `extraFields` to any sign-in method to write custom `$users` properties atomically on user creation.
+Fields must be defined as optional attrs on `$users` in your schema.
+Use the `created` boolean to scaffold data for new users.
+
+```tsx
+// Set properties at signup
+const { user, created } = await db.auth.signInWithMagicCode({
+  email,
+  code,
+  extraFields: { nickname, createdAt: Date.now() },
+});
+
+// Scaffold data for new users
+if (created) {
+  db.transact([
+    db.tx.settings[id()]
+      .update({ theme: 'light', notifications: true })
+      .link({ user: user.id }),
+  ]);
+}
+```
+
 # Ad-hoc queries from the CLI
 
 Run `npx instant-cli query '{ posts: {} }' --admin` to query your app. A context flag is required: `--admin`, `--as-email <email>`, or `--as-guest`. Also supports `--app <id>`.

package/template/rules/windsurf-rules.md

@@ -182,9 +182,11 @@ data.ref(someVar + '.members.id')
 ## $users Permissions
 
 - Default `view` permission is `auth.id == data.id`
-- Default `create`, `update`, and `delete` permissions is false
-- Can override `view` and `update`
-- Cannot override `create` or `delete`
+- Default `update` and `delete` permissions is false
+- Default `create` permission is true (anyone can sign up)
+- Can override `view`, `update`, and `create`
+- Cannot override `delete`
+- The `create` rule runs during auth signup flows (not via `transact`). Use it to restrict signups or validate `extraFields`.
 
 ## $files Permissions
 
@@ -283,6 +285,30 @@ function App() {
 }
 ```
 
+## Set custom properties at signup with `extraFields`
+
+Pass `extraFields` to any sign-in method to write custom `$users` properties atomically on user creation.
+Fields must be defined as optional attrs on `$users` in your schema.
+Use the `created` boolean to scaffold data for new users.
+
+```tsx
+// Set properties at signup
+const { user, created } = await db.auth.signInWithMagicCode({
+  email,
+  code,
+  extraFields: { nickname, createdAt: Date.now() },
+});
+
+// Scaffold data for new users
+if (created) {
+  db.transact([
+    db.tx.settings[id()]
+      .update({ theme: 'light', notifications: true })
+      .link({ user: user.id }),
+  ]);
+}
+```
+
 # Ad-hoc queries from the CLI
 
 Run `npx instant-cli query '{ posts: {} }' --admin` to query your app. A context flag is required: `--admin`, `--as-email <email>`, or `--as-guest`. Also supports `--app <id>`.