create-velox-app 0.8.1 → 0.8.3

package/CHANGELOG.md

@@ -1,5 +1,17 @@
 # create-velox-app
 
+## 0.8.3
+
+### Patch Changes
+
+- bump dependencies across packages (April 2026)
+
+## 0.8.2
+
+### Patch Changes
+
+- merge URL params into POST input for flat .rest() paths
+
 ## 0.8.1
 
 ### Patch Changes
@@ -303,6 +315,7 @@
 - ### feat(auth): Unified Adapter-Only Architecture
 
   **New Features:**
+
   - Add `JwtAdapter` implementing the `AuthAdapter` interface for unified JWT authentication
   - Add `jwtAuth()` convenience function for direct adapter usage with optional built-in routes (`/api/auth/refresh`, `/api/auth/logout`)
   - Add `AuthContext` discriminated union (`NativeAuthContext | AdapterAuthContext`) for type-safe auth mode handling
@@ -310,20 +323,24 @@
   - Add shared decoration utilities (`decorateAuth`, `setRequestAuth`, `checkDoubleRegistration`)
 
   **Architecture Changes:**
+
   - `authPlugin` now uses `JwtAdapter` internally - all authentication flows through the adapter pattern
   - Single code path for authentication (no more dual native/adapter modes)
   - `authContext.authMode` is now always `'adapter'` with `providerId='jwt'` when using `authPlugin`
 
   **Breaking Changes:**
+
   - Remove deprecated `LegacySessionConfig` interface (use `sessionMiddleware` instead)
   - Remove deprecated `session` field from `AuthConfig`
   - `User` interface no longer has index signature (extend via declaration merging)
 
   **Type Safety Improvements:**
+
   - `AuthContext` discriminated union enables exhaustive type narrowing based on `authMode`
   - Export `NativeAuthContext` and `AdapterAuthContext` types for explicit typing
 
   **Migration:**
+
   - Existing `authPlugin` usage remains backward-compatible
   - If checking `authContext.token`, use `authContext.session` instead (token stored in session for adapter mode)
 
@@ -338,10 +355,12 @@
   Addresses 9 user feedback items to improve DX, reduce boilerplate, and eliminate template duplications.
 
   ### Phase 1: Validation Helpers (`@veloxts/validation`)
+
   - Add `prismaDecimal()`, `prismaDecimalNullable()`, `prismaDecimalOptional()` for Prisma Decimal → number conversion
   - Add `dateToIso`, `dateToIsoNullable`, `dateToIsoOptional` aliases for consistency
 
   ### Phase 2: Template Deduplication (`@veloxts/auth`)
+
   - Export `createEnhancedTokenStore()` with token revocation and refresh token reuse detection
   - Export `parseUserRoles()` and `DEFAULT_ALLOWED_ROLES`
   - Fix memory leak: track pending timeouts for proper cleanup on `destroy()`
@@ -349,17 +368,20 @@
   - Fix jwtManager singleton pattern in templates
 
   ### Phase 3: Router Helpers (`@veloxts/router`)
+
   - Add `createRouter()` returning `{ collections, router }` for DRY setup
   - Add `toRouter()` for router-only use cases
   - Update all router templates to use `createRouter()`
 
   ### Phase 4: Guard Type Narrowing - Experimental (`@veloxts/auth`, `@veloxts/router`)
+
   - Add `NarrowingGuard` interface with phantom `_narrows` type
   - Add `authenticatedNarrow` and `hasRoleNarrow()` guards
   - Add `guardNarrow()` method to `ProcedureBuilder` for context narrowing
   - Enables `ctx.user` to be non-null after guard passes
 
   ### Phase 5: Documentation (`@veloxts/router`)
+
   - Document `.rest()` override patterns
   - Document `createRouter()` helper usage
   - Document `guardNarrow()` experimental API

package/dist/templates/placeholders.js

@@ -175,7 +175,7 @@ export function applyPlaceholdersToJson(content, config) {
     return applyPlaceholders(jsonString, config);
 }
 // Database adapter versions
-const PRISMA_VERSION = '7.4.0';
+const PRISMA_VERSION = '7.8.0';
 const PG_VERSION = '8.16.0';
 /**
  * Apply database-specific dependency modifications to package.json content.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-velox-app",
-  "version": "0.8.1",
+  "version": "0.8.3",
   "description": "Project scaffolder for VeloxTS framework",
   "type": "module",
   "main": "dist/index.js",
@@ -23,16 +23,16 @@
     "CHANGELOG.md"
   ],
   "dependencies": {
-    "@clack/prompts": "1.1.0",
-    "ora": "9.3.0",
+    "@clack/prompts": "1.2.0",
+    "ora": "9.4.0",
     "picocolors": "1.1.1"
   },
   "devDependencies": {
-    "@playwright/test": "1.58.2",
-    "@types/node": "25.5.0",
-    "@vitest/coverage-v8": "4.1.0",
+    "@playwright/test": "1.59.1",
+    "@types/node": "25.6.0",
+    "@vitest/coverage-v8": "4.1.5",
     "typescript": "5.9.3",
-    "vitest": "4.1.0"
+    "vitest": "4.1.5"
   },
   "keywords": [
     "velox",

package/src/templates/source/api/package.auth.json

@@ -18,9 +18,9 @@
     "postinstall": "prisma generate"
   },
   "dependencies": {
-    "@prisma/adapter-better-sqlite3": "7.5.0",
-    "@prisma/client": "7.5.0",
-    "@prisma/client-runtime-utils": "7.5.0",
+    "@prisma/adapter-better-sqlite3": "7.8.0",
+    "@prisma/client": "7.8.0",
+    "@prisma/client-runtime-utils": "7.8.0",
     "@veloxts/auth": "__VELOXTS_VERSION__",
     "@veloxts/core": "__VELOXTS_VERSION__",
     "@veloxts/velox": "__VELOXTS_VERSION__",
@@ -34,7 +34,7 @@
     "@types/bcrypt": "6.0.0",
     "@types/node": "25.5.0",
     "hot-hook": "0.4.0",
-    "prisma": "7.5.0",
+    "prisma": "7.8.0",
     "tsup": "8.5.1",
     "tsx": "4.21.0",
     "typescript": "5.9.3"

package/src/templates/source/api/package.default.json

@@ -18,9 +18,9 @@
     "postinstall": "prisma generate"
   },
   "dependencies": {
-    "@prisma/adapter-better-sqlite3": "7.5.0",
-    "@prisma/client": "7.5.0",
-    "@prisma/client-runtime-utils": "7.5.0",
+    "@prisma/adapter-better-sqlite3": "7.8.0",
+    "@prisma/client": "7.8.0",
+    "@prisma/client-runtime-utils": "7.8.0",
     "@veloxts/core": "__VELOXTS_VERSION__",
     "@veloxts/velox": "__VELOXTS_VERSION__",
     "better-sqlite3": "12.8.0",
@@ -31,7 +31,7 @@
   "devDependencies": {
     "@types/node": "25.5.0",
     "hot-hook": "0.4.0",
-    "prisma": "7.5.0",
+    "prisma": "7.8.0",
     "tsup": "8.5.1",
     "tsx": "4.21.0",
     "typescript": "5.9.3"

package/src/templates/source/api/package.trpc.json

@@ -18,9 +18,9 @@
     "postinstall": "prisma generate"
   },
   "dependencies": {
-    "@prisma/adapter-better-sqlite3": "7.5.0",
-    "@prisma/client": "7.5.0",
-    "@prisma/client-runtime-utils": "7.5.0",
+    "@prisma/adapter-better-sqlite3": "7.8.0",
+    "@prisma/client": "7.8.0",
+    "@prisma/client-runtime-utils": "7.8.0",
     "@trpc/server": "11.12.0",
     "@veloxts/core": "__VELOXTS_VERSION__",
     "@veloxts/velox": "__VELOXTS_VERSION__",
@@ -32,7 +32,7 @@
   "devDependencies": {
     "@types/node": "25.5.0",
     "hot-hook": "0.4.0",
-    "prisma": "7.5.0",
+    "prisma": "7.8.0",
     "tsup": "8.5.1",
     "tsx": "4.21.0",
     "typescript": "5.9.3"

package/src/templates/source/api/procedures/auth.ts

@@ -147,7 +147,7 @@ export const authProcedures = procedures('auth', {
       const hashToVerify = user?.password || DUMMY_HASH;
       const isValid = await verifyPassword(input.password, hashToVerify);
 
-      if (!user || !user.password || !isValid) {
+      if (!user?.password || !isValid) {
         throw new AuthError('Invalid email or password', 401, 'INVALID_CREDENTIALS');
       }
 

package/src/templates/source/root/package.json

@@ -17,11 +17,11 @@
     "db:studio": "__WS_API__ db:studio"
   },
   "dependencies": {
-    "@prisma/client-runtime-utils": "7.5.0",
+    "@prisma/client-runtime-utils": "7.8.0",
     "@veloxts/velox": "__VELOXTS_VERSION__"
   },
   "devDependencies": {
-    "@types/node": "25.5.0",
+    "@types/node": "25.6.0",
     "@veloxts/cli": "__VELOXTS_VERSION__",
     "@veloxts/mcp": "__VELOXTS_VERSION__",
     "tsx": "4.21.0",

package/src/templates/source/rsc/package.json

@@ -17,29 +17,29 @@
     "lint:client": "./scripts/check-client-imports.sh"
   },
   "dependencies": {
-    "@prisma/adapter-better-sqlite3": "7.5.0",
-    "@prisma/client": "7.5.0",
-    "@prisma/client-runtime-utils": "7.5.0",
-    "better-sqlite3": "12.8.0",
+    "@prisma/adapter-better-sqlite3": "7.8.0",
+    "@prisma/client": "7.8.0",
+    "@prisma/client-runtime-utils": "7.8.0",
+    "better-sqlite3": "12.9.0",
     "@veloxts/core": "__VELOXTS_VERSION__",
     "@veloxts/orm": "__VELOXTS_VERSION__",
     "@veloxts/router": "__VELOXTS_VERSION__",
     "@veloxts/validation": "__VELOXTS_VERSION__",
     "@veloxts/web": "__VELOXTS_VERSION__",
     "@vinxi/server-functions": "0.5.1",
-    "dotenv": "17.3.1",
-    "react": "19.2.4",
-    "react-dom": "19.2.4",
+    "dotenv": "17.4.2",
+    "react": "19.2.5",
+    "react-dom": "19.2.5",
     "vinxi": "0.5.11",
     "zod": "4.3.6"
   },
   "devDependencies": {
-    "@types/node": "25.5.0",
+    "@types/node": "25.6.0",
     "@types/react": "19.2.14",
     "@types/react-dom": "19.2.3",
     "@veloxts/cli": "__VELOXTS_VERSION__",
     "@veloxts/mcp": "__VELOXTS_VERSION__",
-    "prisma": "7.5.0",
+    "prisma": "7.8.0",
     "typescript": "5.9.3"
   }
 }

package/src/templates/source/rsc-auth/package.json

@@ -17,10 +17,10 @@
     "lint:client": "./scripts/check-client-imports.sh"
   },
   "dependencies": {
-    "@prisma/adapter-better-sqlite3": "7.5.0",
-    "@prisma/client": "7.5.0",
-    "@prisma/client-runtime-utils": "7.5.0",
-    "better-sqlite3": "12.8.0",
+    "@prisma/adapter-better-sqlite3": "7.8.0",
+    "@prisma/client": "7.8.0",
+    "@prisma/client-runtime-utils": "7.8.0",
+    "better-sqlite3": "12.9.0",
     "@veloxts/auth": "__VELOXTS_VERSION__",
     "@veloxts/core": "__VELOXTS_VERSION__",
     "@veloxts/orm": "__VELOXTS_VERSION__",
@@ -29,20 +29,20 @@
     "@veloxts/web": "__VELOXTS_VERSION__",
     "@vinxi/server-functions": "0.5.1",
     "bcrypt": "6.0.0",
-    "dotenv": "17.3.1",
-    "react": "19.2.4",
-    "react-dom": "19.2.4",
+    "dotenv": "17.4.2",
+    "react": "19.2.5",
+    "react-dom": "19.2.5",
     "vinxi": "0.5.11",
     "zod": "4.3.6"
   },
   "devDependencies": {
     "@types/bcrypt": "6.0.0",
-    "@types/node": "25.5.0",
+    "@types/node": "25.6.0",
     "@types/react": "19.2.14",
     "@types/react-dom": "19.2.3",
     "@veloxts/cli": "__VELOXTS_VERSION__",
     "@veloxts/mcp": "__VELOXTS_VERSION__",
-    "prisma": "7.5.0",
+    "prisma": "7.8.0",
     "typescript": "5.9.3"
   }
 }

package/src/templates/source/rsc-auth/src/api/procedures/auth.ts

@@ -146,7 +146,7 @@ export const authProcedures = procedures('auth', {
       const hashToVerify = user?.password || DUMMY_HASH;
       const isValid = await verifyPassword(input.password, hashToVerify);
 
-      if (!user || !user.password || !isValid) {
+      if (!user?.password || !isValid) {
         throw new AuthError('Invalid email or password', 401, 'INVALID_CREDENTIALS');
       }
 

package/src/templates/source/web/package.json

@@ -10,20 +10,20 @@
     "type-check": "tsc --noEmit"
   },
   "dependencies": {
-    "@tanstack/react-query": "5.90.21",
-    "@tanstack/react-router": "1.167.0",
+    "@tanstack/react-query": "5.100.3",
+    "@tanstack/react-router": "1.168.24",
     "@veloxts/client": "__VELOXTS_VERSION__",
-    "react": "19.2.4",
-    "react-dom": "19.2.4",
+    "react": "19.2.5",
+    "react-dom": "19.2.5",
     "react-error-boundary": "6.1.1"
   },
   "devDependencies": {
-    "@tanstack/router-plugin": "1.166.9",
-    "@types/node": "25.5.0",
+    "@tanstack/router-plugin": "1.167.26",
+    "@types/node": "25.6.0",
     "@types/react": "19.2.14",
     "@types/react-dom": "19.2.3",
     "@vitejs/plugin-react": "5.2.0",
     "typescript": "5.9.3",
-    "vite": "7.3.1"
+    "vite": "7.3.2"
   }
 }