honertia 0.1.1 → 0.1.3

package/README.md

@@ -9,20 +9,13 @@
 [![Cloudflare Workers](https://img.shields.io/badge/Cloudflare%20Workers-F38020?logo=cloudflare&logoColor=fff)](https://workers.cloudflare.com/)
 [![Effect](https://img.shields.io/badge/Effect-TS-black)](https://effect.website/)
 
-## Raison d'être
-
-I've found myself wanting to use Cloudflare Workers for everything, but having come from a Laravel background nothing quite matched the DX and simplicity of Laravel x Inertia.js. When building Laravel projects I would always use Loris Leiva's laravel-actions package among other opinionated architecture decisions such as Vite, Tailwind, Bun, React etc., all of which have or will be incorporated into this project. With Cloudflare Workers the obvious choice is Hono and so we've adapted the Inertia.js protocol to run on workers+hono to mimic a Laravel-style app. Ever since learning of Effect.ts I've known that I wanted to use it for something bigger, and so we've utilised it here. Ultimately this is a workers+hono+vite+bun+laravel+inertia+effect+betterauth+planetscale mashup that delivers clean, readable, and powerful web app scaffolding.
+## Overview
 
-An Inertia.js-style adapter for Hono with Effect.js integration. Build full-stack applications with type-safe server actions, Laravel-inspired validation, and seamless React rendering.
+An Inertia.js-style adapter for Hono with Effect.ts integration. Inertia keeps a server-driven app but behaves like an SPA: link clicks and form posts are intercepted, a fetch/XHR request returns a JSON page object (component + props), and the client swaps the page without a full reload. Honertia layers Laravel-style route patterns and Effect actions on top of that so handlers stay clean, readable, and composable.
 
-## Requirements
+## Raison d'être
 
-- **Runtime**: Node.js 18+ or Bun 1.0+
-- **Peer Dependencies**:
-  - `hono` >= 4.0.0
-  - `better-auth` >= 1.0.0
-- **Dependencies**:
-  - `effect` >= 3.12.0
+I wanted to build on Cloudflare Workers whilst retaining the ergonomics of the Laravel+Inertia combination. There are certain patterns that I always use with Laravel (such as the laravel-actions package) and so we have incorporated those ideas into honertia. Now, we can't have Laravel in javascript - but we can create it in the aggregate. For auth we have used better-auth, for validation we have leant on Effect's Schema, and for the database we are using Drizzle. To make it testable and hardy we wrapped everything in Effect.ts
 
 ## Installation
 
@@ -32,26 +25,61 @@ bun add honertia
 
 ## Quick Start
 
+[![Deploy to Cloudflare](https://deploy.workers.cloudflare.com/button)](https://deploy.workers.cloudflare.com/?url=https://github.com/PatrickOgilvie/honertia-worker-demo)
+
+### Recommended File Structure
+
+```
+.
+├── src/
+│   ├── index.ts                 # Hono app setup (setupHonertia)
+│   ├── routes.ts                # effectRoutes / effectAuthRoutes
+│   ├── main.tsx                 # Inertia + React client entry
+│   ├── styles.css               # Tailwind CSS entry
+│   ├── actions/
+│   │   └── projects/
+│   │       └── list.ts           # listProjects action
+│   ├── pages/
+│   │   └── Projects/
+│   │       └── Index.tsx         # render('Projects/Index')
+│   ├── db/
+│   │   └── db.ts
+│   │   └── schema.ts
+│   ├── lib/
+│   │   └── auth.ts
+│   └── types.ts
+├── dist/
+│   └── manifest.json            # generated by Vite build
+├── vite.config.ts
+├── wrangler.toml                # or wrangler.jsonc
+├── package.json
+└── tsconfig.json
+```
+
 ```typescript
 // src/index.ts
 import { Hono } from 'hono'
 import { logger } from 'hono/logger'
-import { setupHonertia, createTemplate, registerErrorHandlers, vite } from 'honertia'
+import { setupHonertia, createTemplate, createVersion, registerErrorHandlers, vite } from 'honertia'
 import { Context, Layer } from 'effect'
+import manifest from '../dist/manifest.json'
 
-import { createDb } from './db'
 import type { Env } from './types'
+import { createDb } from './db/db'
 import { createAuth } from './lib/auth'
 import { registerRoutes } from './routes'
 
 const app = new Hono<Env>()
+const assetVersion = createVersion(manifest)
+const entry = manifest['src/main.tsx']
+const assetPath = (path: string) => `/${path}`
 
 class BindingsService extends Context.Tag('app/Bindings')<
   BindingsService,
   { KV: KVNamespace }
 >() {}
 
-// Database & Auth
+// Request-scoped setup: put db/auth on c.var so Honertia/Effect can read them.
 app.use('*', async (c, next) => {
   c.set('db', createDb(c.env.DATABASE_URL))
   c.set('auth', createAuth({
@@ -62,24 +90,28 @@ app.use('*', async (c, next) => {
   await next()
 })
 
-// Honertia (bundles core middleware, auth loading, and Effect bridge)
+// Honertia bundles the core middleware + auth loading + Effect runtime setup.
 app.use('*', setupHonertia<Env, BindingsService>({
   honertia: {
-    version: '1.0.0',
+    // Use your asset manifest hash so Inertia reloads on deploy.
+    version: assetVersion,
     render: createTemplate((ctx) => {
       const isProd = ctx.env.ENVIRONMENT === 'production'
       return {
-        title: 'Dashboard',
-        scripts: isProd ? ['/assets/main.js'] : [vite.script()],
+        title: 'My Web App',
+        scripts: isProd ? [assetPath(entry.file)] : [vite.script()],
+        styles: isProd ? (entry.css ?? []).map(assetPath) : [],
         head: isProd ? '' : vite.hmrHead(),
       }
     }),
   },
   effect: {
+    // Expose Cloudflare bindings to Effect handlers via a service layer.
     services: (c) => Layer.succeed(BindingsService, {
       KV: c.env.MY_KV,
     }),
   },
+  // Optional: extra Hono middleware in the same chain.
   middleware: [
     logger(),
     // register additional middleware here...
@@ -99,18 +131,24 @@ import type { Env } from './types'
 import { effectRoutes } from 'honertia/effect'
 import { effectAuthRoutes, RequireAuthLayer } from 'honertia/auth'
 import { showDashboard, listProjects, createProject, showProject, deleteProject } from './actions'
+import { loginUser, registerUser, logoutUser } from './actions/auth'
 
 export function registerRoutes(app: Hono<Env>) {
-  // Auth routes (login, register, logout, API handler)
+  // Auth routes: pages, form actions, logout, and API handler in one place.
   effectAuthRoutes(app, {
     loginComponent: 'Auth/Login',
     registerComponent: 'Auth/Register',
+    // Form actions (automatically wrapped with RequireGuestLayer)
+    loginAction: loginUser,
+    registerAction: registerUser,
+    logoutAction: logoutUser,
   })
 
-  // Routes that require the user to be authenticated
+  // Effect routes give you typed, DI-friendly handlers (no direct Hono ctx).
   effectRoutes(app)
     .provide(RequireAuthLayer)
     .group((route) => {
+      // Grouped routes share layers and path prefixes.
       route.get('/', showDashboard) // GET example.com
 
       route.prefix('/projects').group((route) => {
@@ -157,10 +195,220 @@ export const listProjects = Effect.gen(function* () {
   const db = yield* DatabaseService
   const user = yield* AuthUserService
   const props = yield* fetchProjects(db as Database, user)
-  return yield* render('Dashboard/Projects/Index', props)
+  return yield* render('Projects/Index', props)
+})
+```
+
+The component name `Projects/Index` maps to a file on disk. A common
+Vite + React layout is:
+
+```
+src/pages/Projects/Index.tsx
+```
+
+That means the folders mirror the component path, and `Index.tsx` is the file
+that exports the page component. In the example below, `Link` comes from
+`@inertiajs/react` because it performs Inertia client-side visits (preserving
+page state and avoiding full reloads), whereas a plain `<a>` would do a full
+navigation.
+
+```tsx
+// src/pages/Projects/Index.tsx
+/**
+ * Projects Index Page
+ */
+
+import { Link } from '@inertiajs/react'
+import Layout from '~/components/Layout'
+import type { PageProps, Project } from '~/types'
+
+interface Props {
+  projects: Project[]
+}
+
+export default function ProjectsIndex({ projects }: PageProps<Props>) {
+  return (
+    <Layout>
+      <div className="flex justify-between items-center mb-6">
+        <h1 className="text-2xl font-bold text-gray-900">Projects</h1>
+        <Link
+          href="/projects/create"
+          className="bg-indigo-600 text-white px-4 py-2 rounded-md hover:bg-indigo-700"
+        >
+          New Project
+        </Link>
+      </div>
+      
+      <div className="bg-white rounded-lg shadow">
+        {projects.length === 0 ? (
+          <div className="p-6 text-center text-gray-500">
+            No projects yet.{' '}
+            <Link href="/projects/create" className="text-indigo-600 hover:underline">
+              Create your first project
+            </Link>
+          </div>
+        ) : (
+          <ul className="divide-y divide-gray-200">
+            {projects.map((project) => (
+              <li key={project.id}>
+                <Link
+                  href={`/projects/${project.id}`}
+                  className="block px-6 py-4 hover:bg-gray-50"
+                >
+                  <div className="flex justify-between items-start">
+                    <div>
+                      <h3 className="text-sm font-medium text-gray-900">
+                        {project.name}
+                      </h3>
+                      {project.description && (
+                        <p className="text-sm text-gray-500 mt-1">
+                          {project.description}
+                        </p>
+                      )}
+                    </div>
+                    <span className="text-sm text-gray-400">
+                      {new Date(project.createdAt).toLocaleDateString()}
+                    </span>
+                  </div>
+                </Link>
+              </li>
+            ))}
+          </ul>
+        )}
+      </div>
+    </Layout>
+  )
+}
+```
+
+### Environment Variables
+
+Honertia reads these from `c.env` (Cloudflare Workers bindings):
+
+```toml
+# wrangler.toml
+ENVIRONMENT = "production"
+```
+
+If you prefer `wrangler.jsonc`, the same binding looks like:
+
+```jsonc
+{
+  "vars": {
+    "ENVIRONMENT": "production"
+  }
+}
+```
+
+Set secrets like `DATABASE_URL` and `BETTER_AUTH_SECRET` via Wrangler (not in source control):
+
+```bash
+wrangler secret put DATABASE_URL
+wrangler secret put BETTER_AUTH_SECRET
+```
+
+### Client Setup (React + Inertia)
+
+Honertia uses the standard Inertia React client. You'll need a client entry
+point and a Vite build that emits a manifest (for `createVersion`).
+
+Install client dependencies:
+
+```bash
+bun add react react-dom @inertiajs/react
+bun add -d @vitejs/plugin-react tailwindcss @tailwindcss/vite
+```
+
+Create a Vite config that enables Tailwind v4, sets up an alias used in the
+examples, and emits `dist/manifest.json`:
+
+```typescript
+// vite.config.ts
+import { defineConfig } from 'vite'
+import react from '@vitejs/plugin-react'
+import tailwindcss from '@tailwindcss/vite'
+import path from 'path'
+
+export default defineConfig({
+  plugins: [tailwindcss(), react()],
+  build: {
+    outDir: 'dist',
+    // Use an explicit filename so imports match build output.
+    manifest: 'manifest.json',
+    emptyOutDir: true,
+  },
+  resolve: {
+    alias: {
+      '~': path.resolve(__dirname, 'src'),
+    },
+  },
+})
+```
+
+Create a Tailwind CSS entry file:
+
+```css
+/* src/styles.css */
+@import "tailwindcss";
+
+@layer base {
+  body {
+    margin: 0;
+    font-family: ui-sans-serif, system-ui, -apple-system, "Segoe UI", sans-serif;
+    background-color: #f8fafc;
+    color: #0f172a;
+  }
+}
+```
+
+Set up the Inertia client entry point (default path matches `vite.script()`):
+
+```tsx
+// src/main.tsx
+import './styles.css'
+
+import { createInertiaApp } from '@inertiajs/react'
+import { createRoot } from 'react-dom/client'
+
+const pages = import.meta.glob('./pages/**/*.tsx')
+
+createInertiaApp({
+  resolve: (name) => {
+    const page = pages[`./pages/${name}.tsx`]
+    if (!page) {
+      throw new Error(`Page not found: ${name}`)
+    }
+    return page()
+  },
+  setup({ el, App, props }) {
+    createRoot(el).render(<App {...props} />)
+  },
 })
 ```
 
+The `resolve` function maps `render('Projects/Index')` to
+`src/pages/Projects/Index.tsx`.
+
+Optional: add a `tailwind.config.ts` only if you need theme extensions or
+custom content globs.
+
+### Build & Deploy Notes
+
+The server imports `dist/manifest.json`, so it must exist at build time. In
+production, read scripts and styles from the manifest (Tailwind's CSS is listed
+under your entry's `css` array). When deploying with Wrangler, build the client
+assets first:
+
+```bash
+# build client assets before deploying the worker
+bun run build:client
+wrangler deploy
+```
+
+Optional dev convenience: if you want to run the worker without building the
+client, you can keep a stub `dist/manifest.json` (ignored by git) and replace it
+once you run `vite build`.
+
 ### Vite Helpers
 
 The `vite` helper provides dev/prod asset management:
@@ -172,6 +420,15 @@ vite.script()   // 'http://localhost:5173/src/main.tsx'
 vite.hmrHead()  // HMR preamble script tags for React Fast Refresh
 ```
 
+## Requirements
+
+- **Runtime**: Node.js 18+ or Bun 1.0+
+- **Peer Dependencies**:
+  - `hono` >= 4.0.0
+  - `better-auth` >= 1.0.0
+- **Dependencies**:
+  - `effect` >= 3.12.0
+
 ## Core Concepts
 
 ### Effect-Based Handlers
@@ -554,19 +811,159 @@ const user = yield* currentUser       // AuthUser | null
 ### Built-in Auth Routes
 
 ```typescript
-import { effectAuthRoutes } from 'honertia'
+import { effectAuthRoutes } from 'honertia/auth'
+import { loginUser, registerUser, logoutUser, verify2FA, forgotPassword } from './actions/auth'
 
 effectAuthRoutes(app, {
+  // Page routes
   loginPath: '/login',           // GET: show login page
   registerPath: '/register',     // GET: show register page
   logoutPath: '/logout',         // POST: logout and redirect
   apiPath: '/api/auth',          // Better-auth API handler
   logoutRedirect: '/login',
+  loginRedirect: '/',
   loginComponent: 'Auth/Login',
   registerComponent: 'Auth/Register',
+
+  // Form actions (automatically wrapped with RequireGuestLayer)
+  loginAction: loginUser,        // POST /login
+  registerAction: registerUser,  // POST /register
+  logoutAction: logoutUser,      // POST /logout (overrides default)
+
+  // Extended auth flows (all guest-only POST routes)
+  guestActions: {
+    '/login/2fa': verify2FA,
+    '/forgot-password': forgotPassword,
+  },
 })
 ```
 
+All `loginAction`, `registerAction`, and `guestActions` are automatically wrapped with
+`RequireGuestLayer`, so authenticated users will be redirected. The `logoutAction` is
+not wrapped (logout should work regardless of auth state).
+
+To enable CORS for the auth API handler (`/api/auth/*`), pass a `cors` config.
+By default, no CORS headers are added (recommended when your UI and API share the same origin).
+Use this when your frontend is on a different origin (local dev, separate domain, mobile app, etc.).
+
+```typescript
+effectAuthRoutes(app, {
+  apiPath: '/api/auth',
+  cors: {
+    origin: ['http://localhost:5173', 'http://localhost:3000'],
+    credentials: true,
+  },
+})
+```
+
+This sets the appropriate `Access-Control-*` headers and handles `OPTIONS` preflight for the auth API routes.
+Always keep the `origin` list tight; avoid `'*'` for auth endpoints, especially with `credentials: true`.
+
+### Better-auth Form Actions
+
+Honertia provides `betterAuthFormAction` to handle the common pattern of form-based
+authentication: validate input, call better-auth, map errors to field-level messages,
+and redirect on success. This bridges better-auth's JSON responses with Inertia's
+form handling conventions.
+
+```typescript
+// src/actions/auth/login.ts
+import { betterAuthFormAction } from 'honertia/auth'
+import { Schema as S } from 'effect'
+import { requiredString, email } from 'honertia'
+import type { Auth } from './lib/auth' // your better-auth instance type
+
+const LoginSchema = S.Struct({
+  email,
+  password: requiredString,
+})
+
+// Map better-auth error codes to user-friendly field errors
+const mapLoginError = (error: { code?: string; message?: string }) => {
+  switch (error.code) {
+    case 'INVALID_EMAIL_OR_PASSWORD':
+      return { email: 'Invalid email or password' }
+    case 'USER_NOT_FOUND':
+      return { email: 'No account found with this email' }
+    case 'INVALID_PASSWORD':
+      return { password: 'Incorrect password' }
+    default:
+      return { email: error.message ?? 'Login failed' }
+  }
+}
+
+export const loginUser = betterAuthFormAction({
+  schema: LoginSchema,
+  errorComponent: 'Auth/Login',
+  redirectTo: '/',
+  errorMapper: mapLoginError,
+  // `auth` is the better-auth instance from AuthService
+  // `input` is the validated form data
+  // `request` is the original Request (needed for session cookies)
+  call: (auth: Auth, input, request) =>
+    auth.api.signInEmail({
+      body: { email: input.email, password: input.password },
+      request,
+      returnHeaders: true,
+    }),
+})
+```
+
+```typescript
+// src/actions/auth/register.ts
+import { betterAuthFormAction } from 'honertia/auth'
+import { Schema as S } from 'effect'
+import { requiredString, email, password } from 'honertia'
+import type { Auth } from './lib/auth'
+
+const RegisterSchema = S.Struct({
+  name: requiredString,
+  email,
+  password: password({ min: 8, letters: true, numbers: true }),
+})
+
+const mapRegisterError = (error: { code?: string; message?: string }) => {
+  switch (error.code) {
+    case 'USER_ALREADY_EXISTS':
+      return { email: 'An account with this email already exists' }
+    case 'PASSWORD_TOO_SHORT':
+      return { password: 'Password must be at least 8 characters' }
+    default:
+      return { email: error.message ?? 'Registration failed' }
+  }
+}
+
+export const registerUser = betterAuthFormAction({
+  schema: RegisterSchema,
+  errorComponent: 'Auth/Register',
+  redirectTo: '/',
+  errorMapper: mapRegisterError,
+  call: (auth: Auth, input, request) =>
+    auth.api.signUpEmail({
+      body: { name: input.name, email: input.email, password: input.password },
+      request,
+      returnHeaders: true,
+    }),
+})
+```
+
+For logout, use the simpler `betterAuthLogoutAction`:
+
+```typescript
+// src/actions/auth/logout.ts
+import { betterAuthLogoutAction } from 'honertia/auth'
+
+export const logoutUser = betterAuthLogoutAction({
+  redirectTo: '/login',
+})
+```
+
+**How errors are handled:**
+
+1. **Schema validation fails** → Re-renders `errorComponent` with field errors from Effect Schema
+2. **better-auth returns an error** → Calls your `errorMapper`, then re-renders `errorComponent` with those errors
+3. **Success** → Sets session cookies from better-auth's response headers, then 303 redirects to `redirectTo`
+
 ## Action Factories
 
 For common patterns, use action factories:
@@ -675,6 +1072,13 @@ On Cloudflare Workers, database connections and other I/O objects are isolated p
 
 If you're using PlanetScale with Hyperdrive, the "connection" you create per request is lightweight - it's just a client pointing at Hyperdrive's persistent connection pool.
 
+## Acknowledgements
+
+- Inertia.js by Jonathan Reinink and its contributors
+- Laravel by Taylor Otwell and the Laravel community
+
+🐐
+
 ## Contributing
 
 Contributions are welcome! Please feel free to submit a Pull Request.

package/dist/auth.d.ts

@@ -4,7 +4,7 @@
  * Re-exports all authentication and authorization functionality.
  * Import from 'honertia/auth' for auth-related functionality.
  */
-export { RequireAuthLayer, RequireGuestLayer, isAuthenticated, currentUser, requireAuth, requireGuest, shareAuth, shareAuthMiddleware, effectAuthRoutes, loadUser, type AuthRoutesConfig, } from './effect/auth.js';
+export { RequireAuthLayer, RequireGuestLayer, isAuthenticated, currentUser, requireAuth, requireGuest, shareAuth, shareAuthMiddleware, effectAuthRoutes, betterAuthFormAction, betterAuthLogoutAction, loadUser, type AuthRoutesConfig, type AuthActionEffect, type BetterAuthFormActionConfig, type BetterAuthLogoutConfig, type BetterAuthActionResult, } from './effect/auth.js';
 export { AuthService, AuthUserService, type AuthUser, } from './effect/services.js';
 export { UnauthorizedError, ForbiddenError, } from './effect/errors.js';
 //# sourceMappingURL=auth.d.ts.map

package/dist/auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,eAAe,EACf,WAAW,EACX,WAAW,EACX,YAAY,EACZ,SAAS,EACT,mBAAmB,EACnB,gBAAgB,EAChB,QAAQ,EACR,KAAK,gBAAgB,GACtB,MAAM,kBAAkB,CAAA;AAGzB,OAAO,EACL,WAAW,EACX,eAAe,EACf,KAAK,QAAQ,GACd,MAAM,sBAAsB,CAAA;AAG7B,OAAO,EACL,iBAAiB,EACjB,cAAc,GACf,MAAM,oBAAoB,CAAA"}
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,eAAe,EACf,WAAW,EACX,WAAW,EACX,YAAY,EACZ,SAAS,EACT,mBAAmB,EACnB,gBAAgB,EAChB,oBAAoB,EACpB,sBAAsB,EACtB,QAAQ,EACR,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,EACrB,KAAK,0BAA0B,EAC/B,KAAK,sBAAsB,EAC3B,KAAK,sBAAsB,GAC5B,MAAM,kBAAkB,CAAA;AAGzB,OAAO,EACL,WAAW,EACX,eAAe,EACf,KAAK,QAAQ,GACd,MAAM,sBAAsB,CAAA;AAG7B,OAAO,EACL,iBAAiB,EACjB,cAAc,GACf,MAAM,oBAAoB,CAAA"}

package/dist/auth.js

@@ -4,7 +4,7 @@
  * Re-exports all authentication and authorization functionality.
  * Import from 'honertia/auth' for auth-related functionality.
  */
-export { RequireAuthLayer, RequireGuestLayer, isAuthenticated, currentUser, requireAuth, requireGuest, shareAuth, shareAuthMiddleware, effectAuthRoutes, loadUser, } from './effect/auth.js';
+export { RequireAuthLayer, RequireGuestLayer, isAuthenticated, currentUser, requireAuth, requireGuest, shareAuth, shareAuthMiddleware, effectAuthRoutes, betterAuthFormAction, betterAuthLogoutAction, loadUser, } from './effect/auth.js';
 // Re-export auth-related services
 export { AuthService, AuthUserService, } from './effect/services.js';
 // Re-export auth-related errors

package/dist/effect/auth.d.ts

@@ -3,10 +3,11 @@
  *
  * Authentication and authorization via Effect Layers.
  */
-import { Effect, Layer } from 'effect';
+import { Effect, Layer, Schema as S } from 'effect';
 import type { Hono, MiddlewareHandler, Env } from 'hono';
-import { AuthUserService, HonertiaService, type AuthUser } from './services.js';
-import { UnauthorizedError } from './errors.js';
+import { AuthUserService, AuthService, HonertiaService, RequestService, type AuthUser } from './services.js';
+import { UnauthorizedError, ValidationError } from './errors.js';
+import { type EffectHandler } from './routing.js';
 /**
  * Layer that requires an authenticated user.
  * Fails with UnauthorizedError if no user is present.
@@ -51,6 +52,11 @@ export declare const shareAuth: Effect.Effect<void, never, HonertiaService>;
  * Middleware version of shareAuth for use with app.use().
  */
 export declare function shareAuthMiddleware<E extends Env>(): MiddlewareHandler<E>;
+/**
+ * An auth action effect that returns a Response.
+ * Used for loginAction, registerAction, logoutAction, and guestActions.
+ */
+export type AuthActionEffect<R = never, E extends Error = Error> = EffectHandler<R, E>;
 /**
  * Configuration for auth routes.
  */
@@ -60,6 +66,9 @@ export interface AuthRoutesConfig<E extends Env> {
     logoutPath?: string;
     apiPath?: string;
     logoutRedirect?: string;
+    /**
+     * Redirect path for authenticated users hitting login/register pages.
+     */
     loginRedirect?: string;
     loginComponent?: string;
     registerComponent?: string;
@@ -72,6 +81,37 @@ export interface AuthRoutesConfig<E extends Env> {
         origin: string | string[] | ((origin: string) => string | undefined | null);
         credentials?: boolean;
     };
+    /**
+     * POST handler for login form submission.
+     * Automatically wrapped with RequireGuestLayer.
+     * Use betterAuthFormAction to create this.
+     */
+    loginAction?: AuthActionEffect;
+    /**
+     * POST handler for registration form submission.
+     * Automatically wrapped with RequireGuestLayer.
+     * Use betterAuthFormAction to create this.
+     */
+    registerAction?: AuthActionEffect;
+    /**
+     * POST handler for logout.
+     * If not provided, uses a default handler that calls auth.api.signOut.
+     * Use betterAuthLogoutAction to create this.
+     */
+    logoutAction?: AuthActionEffect;
+    /**
+     * Additional guest-only POST routes for extended auth flows.
+     * Keys are paths (e.g., '/forgot-password'), values are Effect handlers.
+     * All routes are wrapped with RequireGuestLayer.
+     *
+     * @example
+     * guestActions: {
+     *   '/forgot-password': forgotPasswordAction,
+     *   '/reset-password': resetPasswordAction,
+     *   '/login/2fa': verify2FAAction,
+     * }
+     */
+    guestActions?: Record<string, AuthActionEffect>;
 }
 /**
  * Register standard auth routes.
@@ -80,6 +120,8 @@ export interface AuthRoutesConfig<E extends Env> {
  * effectAuthRoutes(app, {
  *   loginComponent: 'Auth/Login',
  *   registerComponent: 'Auth/Register',
+ *   loginAction: loginUser,
+ *   registerAction: registerUser,
  * })
  */
 export declare function effectAuthRoutes<E extends Env>(app: Hono<E>, config?: AuthRoutesConfig<E>): void;
@@ -91,4 +133,38 @@ export declare function loadUser<E extends Env>(config?: {
     userKey?: string;
     sessionCookie?: string;
 }): MiddlewareHandler<E>;
+/**
+ * Result types from better-auth calls that expose headers.
+ */
+export type BetterAuthActionResult = Response | Headers | {
+    headers?: Headers | HeadersInit;
+};
+/**
+ * Config for better-auth form actions (login/register).
+ */
+export interface BetterAuthFormActionConfig<A, I, AuthClient = unknown> {
+    schema: S.Schema<A, I>;
+    errorComponent: string;
+    call: (auth: AuthClient, input: A, request: Request) => Promise<BetterAuthActionResult>;
+    errorMapper?: (error: unknown) => Record<string, string>;
+    redirectTo?: string | ((input: A, result: BetterAuthActionResult) => string);
+}
+/**
+ * Create a better-auth form action with Honertia-friendly responses.
+ *
+ * Copies Set-Cookie headers from better-auth and redirects with 303.
+ * Maps errors into ValidationError so the standard error handler can render.
+ */
+export declare function betterAuthFormAction<A, I, AuthClient = unknown>(config: BetterAuthFormActionConfig<A, I, AuthClient>): Effect.Effect<Response, ValidationError, RequestService | AuthService>;
+/**
+ * Config for better-auth logout actions.
+ */
+export interface BetterAuthLogoutConfig {
+    redirectTo?: string;
+    cookieNames?: string[];
+}
+/**
+ * Create a better-auth logout action that clears cookies and redirects.
+ */
+export declare function betterAuthLogoutAction(config?: BetterAuthLogoutConfig): Effect.Effect<Response, never, RequestService | AuthService>;
 //# sourceMappingURL=auth.d.ts.map

package/dist/effect/auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/effect/auth.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,EAAE,KAAK,EAAU,MAAM,QAAQ,CAAA;AAC9C,OAAO,KAAK,EAAE,IAAI,EAAE,iBAAiB,EAAE,GAAG,EAAE,MAAM,MAAM,CAAA;AACxD,OAAO,EAAE,eAAe,EAAe,eAAe,EAAkB,KAAK,QAAQ,EAAE,MAAM,eAAe,CAAA;AAC5G,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAA;AAI/C;;;;;;;;GAQG;AACH,eAAO,MAAM,gBAAgB,wDAiB5B,CAAA;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,iBAAiB,8CAe7B,CAAA;AAED;;GAEG;AACH,eAAO,MAAM,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,CACM,CAAA;AAEvE;;GAEG;AACH,eAAO,MAAM,WAAW,EAAE,MAAM,CAAC,MAAM,CAAC,QAAQ,GAAG,IAAI,EAAE,KAAK,EAAE,KAAK,CAGlE,CAAA;AAEH;;GAEG;AACH,eAAO,MAAM,WAAW,GACtB,mBAAqB,KACpB,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,iBAAiB,EAAE,KAAK,CAQhD,CAAA;AAEH;;GAEG;AACH,eAAO,MAAM,YAAY,GACvB,mBAAgB,KACf,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,iBAAiB,EAAE,KAAK,CAQ5C,CAAA;AAEH;;GAEG;AACH,eAAO,MAAM,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,eAAe,CAK9D,CAAA;AAEJ;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,CAAC,SAAS,GAAG,KAAK,iBAAiB,CAAC,CAAC,CAAC,CASzE;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB,CAAC,CAAC,SAAS,GAAG;IAC7C,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,iBAAiB,CAAC,EAAE,MAAM,CAAA;IAC1B,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB;;;OAGG;IACH,IAAI,CAAC,EAAE;QACL,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,CAAC,CAAC,MAAM,EAAE,MAAM,KAAK,MAAM,GAAG,SAAS,GAAG,IAAI,CAAC,CAAA;QAC3E,WAAW,CAAC,EAAE,OAAO,CAAA;KACtB,CAAA;CACF;AAED;;;;;;;;GAQG;AACH,wBAAgB,gBAAgB,CAAC,CAAC,SAAS,GAAG,EAC5C,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC,EACZ,MAAM,GAAE,gBAAgB,CAAC,CAAC,CAAM,GAC/B,IAAI,CAoGN;AAED;;;GAGG;AACH,wBAAgB,QAAQ,CAAC,CAAC,SAAS,GAAG,EACpC,MAAM,GAAE;IACN,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,aAAa,CAAC,EAAE,MAAM,CAAA;CAClB,GACL,iBAAiB,CAAC,CAAC,CAAC,CAwBtB"}
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/effect/auth.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,EAAE,KAAK,EAAU,MAAM,IAAI,CAAC,EAAE,MAAM,QAAQ,CAAA;AAC3D,OAAO,KAAK,EAAE,IAAI,EAAE,iBAAiB,EAAE,GAAG,EAAE,MAAM,MAAM,CAAA;AACxD,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,eAAe,EAAE,cAAc,EAAE,KAAK,QAAQ,EAAE,MAAM,eAAe,CAAA;AAC5G,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;AAChE,OAAO,EAAgB,KAAK,aAAa,EAAE,MAAM,cAAc,CAAA;AAI/D;;;;;;;;GAQG;AACH,eAAO,MAAM,gBAAgB,wDAiB5B,CAAA;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,iBAAiB,8CAe7B,CAAA;AAED;;GAEG;AACH,eAAO,MAAM,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,CACM,CAAA;AAEvE;;GAEG;AACH,eAAO,MAAM,WAAW,EAAE,MAAM,CAAC,MAAM,CAAC,QAAQ,GAAG,IAAI,EAAE,KAAK,EAAE,KAAK,CAGlE,CAAA;AAEH;;GAEG;AACH,eAAO,MAAM,WAAW,GACtB,mBAAqB,KACpB,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,iBAAiB,EAAE,KAAK,CAQhD,CAAA;AAEH;;GAEG;AACH,eAAO,MAAM,YAAY,GACvB,mBAAgB,KACf,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,iBAAiB,EAAE,KAAK,CAQ5C,CAAA;AAEH;;GAEG;AACH,eAAO,MAAM,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,eAAe,CAK9D,CAAA;AAEJ;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,CAAC,SAAS,GAAG,KAAK,iBAAiB,CAAC,CAAC,CAAC,CASzE;AAED;;;GAGG;AACH,MAAM,MAAM,gBAAgB,CAAC,CAAC,GAAG,KAAK,EAAE,CAAC,SAAS,KAAK,GAAG,KAAK,IAAI,aAAa,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;AAEtF;;GAEG;AACH,MAAM,WAAW,gBAAgB,CAAC,CAAC,SAAS,GAAG;IAC7C,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB;;OAEG;IACH,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,iBAAiB,CAAC,EAAE,MAAM,CAAA;IAC1B,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB;;;OAGG;IACH,IAAI,CAAC,EAAE;QACL,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,CAAC,CAAC,MAAM,EAAE,MAAM,KAAK,MAAM,GAAG,SAAS,GAAG,IAAI,CAAC,CAAA;QAC3E,WAAW,CAAC,EAAE,OAAO,CAAA;KACtB,CAAA;IACD;;;;OAIG;IACH,WAAW,CAAC,EAAE,gBAAgB,CAAA;IAC9B;;;;OAIG;IACH,cAAc,CAAC,EAAE,gBAAgB,CAAA;IACjC;;;;OAIG;IACH,YAAY,CAAC,EAAE,gBAAgB,CAAA;IAC/B;;;;;;;;;;;OAWG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAA;CAChD;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,gBAAgB,CAAC,CAAC,SAAS,GAAG,EAC5C,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC,EACZ,MAAM,GAAE,gBAAgB,CAAC,CAAC,CAAM,GAC/B,IAAI,CA+HN;AAED;;;GAGG;AACH,wBAAgB,QAAQ,CAAC,CAAC,SAAS,GAAG,EACpC,MAAM,GAAE;IACN,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,aAAa,CAAC,EAAE,MAAM,CAAA;CAClB,GACL,iBAAiB,CAAC,CAAC,CAAC,CAwBtB;AAED;;GAEG;AACH,MAAM,MAAM,sBAAsB,GAC9B,QAAQ,GACR,OAAO,GACP;IAAE,OAAO,CAAC,EAAE,OAAO,GAAG,WAAW,CAAA;CAAE,CAAA;AAEvC;;GAEG;AACH,MAAM,WAAW,0BAA0B,CAAC,CAAC,EAAE,CAAC,EAAE,UAAU,GAAG,OAAO;IACpE,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;IACtB,cAAc,EAAE,MAAM,CAAA;IACtB,IAAI,EAAE,CAAC,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,sBAAsB,CAAC,CAAA;IACvF,WAAW,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IACxD,UAAU,CAAC,EAAE,MAAM,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,sBAAsB,KAAK,MAAM,CAAC,CAAA;CAC7E;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,CAAC,EAAE,CAAC,EAAE,UAAU,GAAG,OAAO,EAC7D,MAAM,EAAE,0BAA0B,CAAC,CAAC,EAAE,CAAC,EAAE,UAAU,CAAC,GACnD,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,eAAe,EAAE,cAAc,GAAG,WAAW,CAAC,CAiCxE;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAA;CACvB;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,MAAM,GAAE,sBAA2B,GAClC,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,KAAK,EAAE,cAAc,GAAG,WAAW,CAAC,CAiC9D"}

package/dist/effect/auth.js

@@ -5,9 +5,10 @@
  */
 import { Effect, Layer, Option } from 'effect';
 import { AuthUserService, AuthService, HonertiaService, RequestService } from './services.js';
-import { UnauthorizedError } from './errors.js';
+import { UnauthorizedError, ValidationError } from './errors.js';
 import { effectRoutes } from './routing.js';
 import { render } from './responses.js';
+import { validateRequest } from './validation.js';
 /**
  * Layer that requires an authenticated user.
  * Fails with UnauthorizedError if no user is present.
@@ -101,39 +102,65 @@ export function shareAuthMiddleware() {
  * effectAuthRoutes(app, {
  *   loginComponent: 'Auth/Login',
  *   registerComponent: 'Auth/Register',
+ *   loginAction: loginUser,
+ *   registerAction: registerUser,
  * })
  */
 export function effectAuthRoutes(app, config = {}) {
-    const { loginPath = '/login', registerPath = '/register', logoutPath = '/logout', apiPath = '/api/auth', logoutRedirect = '/login', loginComponent = 'Auth/Login', registerComponent = 'Auth/Register', } = config;
+    const { loginPath = '/login', registerPath = '/register', logoutPath = '/logout', apiPath = '/api/auth', logoutRedirect = '/login', loginRedirect = '/', loginComponent = 'Auth/Login', registerComponent = 'Auth/Register', } = config;
     const routes = effectRoutes(app);
     // Login page (guest only)
     routes.get(loginPath, Effect.gen(function* () {
-        yield* requireGuest(loginPath === '/login' ? '/' : loginPath);
+        yield* requireGuest(loginRedirect);
         return yield* render(loginComponent);
     }));
     // Register page (guest only)
     routes.get(registerPath, Effect.gen(function* () {
-        yield* requireGuest(registerPath === '/register' ? '/' : registerPath);
+        yield* requireGuest(loginRedirect);
         return yield* render(registerComponent);
     }));
-    // Logout (POST)
-    routes.post(logoutPath, Effect.gen(function* () {
-        const auth = yield* AuthService;
-        const request = yield* RequestService;
-        // Revoke session server-side
-        yield* Effect.tryPromise(() => auth.api.signOut({
-            headers: request.headers,
+    // Login action (POST) - guest only
+    if (config.loginAction) {
+        routes
+            .provide(RequireGuestLayer)
+            .post(loginPath, config.loginAction);
+    }
+    // Register action (POST) - guest only
+    if (config.registerAction) {
+        routes
+            .provide(RequireGuestLayer)
+            .post(registerPath, config.registerAction);
+    }
+    // Logout (POST) - use provided action or default
+    if (config.logoutAction) {
+        routes.post(logoutPath, config.logoutAction);
+    }
+    else {
+        routes.post(logoutPath, Effect.gen(function* () {
+            const auth = yield* AuthService;
+            const request = yield* RequestService;
+            // Revoke session server-side
+            yield* Effect.tryPromise(() => auth.api.signOut({
+                headers: request.headers,
+            }));
+            // Clear cookie and redirect
+            const sessionCookie = config.sessionCookie ?? 'better-auth.session_token';
+            return new Response(null, {
+                status: 303,
+                headers: {
+                    'Location': logoutRedirect,
+                    'Set-Cookie': `${sessionCookie}=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; SameSite=Lax`,
+                },
+            });
         }));
-        // Clear cookie and redirect
-        const sessionCookie = config.sessionCookie ?? 'better-auth.session_token';
-        return new Response(null, {
-            status: 303,
-            headers: {
-                'Location': logoutRedirect,
-                'Set-Cookie': `${sessionCookie}=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; SameSite=Lax`,
-            },
-        });
-    }));
+    }
+    // Additional guest-only actions (2FA, forgot password, etc.)
+    if (config.guestActions) {
+        const guestRoutes = routes.provide(RequireGuestLayer);
+        for (const [path, action] of Object.entries(config.guestActions)) {
+            guestRoutes.post(path, action);
+        }
+    }
     // Better-auth API handler (handles sign-in, sign-up, etc.)
     // Apply CORS if configured
     if (config.cors) {
@@ -202,3 +229,146 @@ export function loadUser(config = {}) {
         await next();
     };
 }
+/**
+ * Create a better-auth form action with Honertia-friendly responses.
+ *
+ * Copies Set-Cookie headers from better-auth and redirects with 303.
+ * Maps errors into ValidationError so the standard error handler can render.
+ */
+export function betterAuthFormAction(config) {
+    return Effect.gen(function* () {
+        const auth = yield* AuthService;
+        const request = yield* RequestService;
+        const input = yield* validateRequest(config.schema, {
+            errorComponent: config.errorComponent,
+        });
+        const result = yield* Effect.tryPromise({
+            try: () => config.call(auth, input, buildAuthRequest(request)),
+            catch: (error) => error,
+        }).pipe(Effect.mapError((error) => new ValidationError({
+            errors: (config.errorMapper ?? defaultAuthErrorMapper)(error),
+            component: config.errorComponent,
+        })));
+        const redirectTo = resolveRedirect(config.redirectTo, input, result);
+        const responseHeaders = new Headers({ Location: redirectTo });
+        const resultHeaders = getHeaders(result);
+        if (resultHeaders) {
+            appendSetCookies(responseHeaders, resultHeaders);
+        }
+        return new Response(null, {
+            status: 303,
+            headers: responseHeaders,
+        });
+    });
+}
+/**
+ * Create a better-auth logout action that clears cookies and redirects.
+ */
+export function betterAuthLogoutAction(config = {}) {
+    return Effect.gen(function* () {
+        const auth = yield* AuthService;
+        const request = yield* RequestService;
+        const result = yield* Effect.tryPromise({
+            try: () => auth.api.signOut({
+                headers: request.headers,
+                request: buildAuthRequest(request),
+                returnHeaders: true,
+            }),
+            catch: () => undefined,
+        }).pipe(Effect.catchAll(() => Effect.succeed(undefined)));
+        const responseHeaders = new Headers({
+            Location: config.redirectTo ?? '/login',
+        });
+        const resultHeaders = getHeaders(result);
+        if (resultHeaders) {
+            appendSetCookies(responseHeaders, resultHeaders);
+        }
+        if (!responseHeaders.has('set-cookie')) {
+            appendLogoutCookies(responseHeaders, config.cookieNames);
+        }
+        return new Response(null, {
+            status: 303,
+            headers: responseHeaders,
+        });
+    });
+}
+function buildAuthRequest(request) {
+    return new Request(request.url, {
+        method: request.method,
+        headers: request.headers,
+    });
+}
+function resolveRedirect(target, input, result) {
+    if (typeof target === 'function') {
+        return target(input, result);
+    }
+    return target ?? '/';
+}
+function getHeaders(result) {
+    if (!result)
+        return undefined;
+    if (result instanceof Headers)
+        return result;
+    if (result instanceof Response)
+        return result.headers;
+    if (typeof result === 'object' && 'headers' in result && result.headers) {
+        return coerceHeaders(result.headers);
+    }
+    return undefined;
+}
+function coerceHeaders(value) {
+    return value instanceof Headers ? value : new Headers(value);
+}
+function defaultAuthErrorMapper(error) {
+    const message = getAuthErrorMessage(error) ?? 'Unable to complete request. Please try again.';
+    return { form: message };
+}
+function getAuthErrorMessage(error) {
+    if (!error || typeof error !== 'object')
+        return undefined;
+    const candidate = error;
+    if (typeof candidate.body?.message === 'string')
+        return candidate.body.message;
+    if (typeof candidate.message === 'string')
+        return candidate.message;
+    return undefined;
+}
+function appendSetCookies(target, source) {
+    const sourceWithSetCookie = source;
+    if (typeof sourceWithSetCookie.getSetCookie === 'function') {
+        for (const cookie of sourceWithSetCookie.getSetCookie()) {
+            target.append('set-cookie', cookie);
+        }
+        return;
+    }
+    const setCookie = source.get('set-cookie');
+    if (!setCookie) {
+        return;
+    }
+    // Split on cookie boundaries without breaking Expires attributes.
+    const parts = setCookie
+        .split(/,(?=[^;]+?=)/g)
+        .map((part) => part.trim())
+        .filter(Boolean);
+    for (const cookie of parts) {
+        target.append('set-cookie', cookie);
+    }
+}
+function appendExpiredCookie(target, name, options = {}) {
+    const base = `${name}=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; SameSite=Lax`;
+    const value = options.secure ? `${base}; Secure` : base;
+    target.append('set-cookie', value);
+}
+function appendLogoutCookies(target, cookieNames) {
+    const defaults = [
+        'better-auth.session_token',
+        'better-auth.session_data',
+        'better-auth.account_data',
+        'better-auth.dont_remember',
+    ];
+    const names = cookieNames?.length ? cookieNames : defaults;
+    for (const name of names) {
+        appendExpiredCookie(target, name);
+        appendExpiredCookie(target, `__Secure-${name}`, { secure: true });
+    }
+}

package/dist/effect/index.d.ts

@@ -12,5 +12,5 @@ export { effectHandler, effect, handle, errorToResponse, } from './handler.js';
 export { effectAction, dbAction, authAction, simpleAction, injectUser, dbOperation, prepareData, preparedAction, } from './action.js';
 export { redirect, render, renderWithErrors, json, text, notFound, forbidden, httpError, prefersJson, jsonOrRender, share, } from './responses.js';
 export { EffectRouteBuilder, effectRoutes, type EffectHandler, type BaseServices, } from './routing.js';
-export { RequireAuthLayer, RequireGuestLayer, isAuthenticated, currentUser, requireAuth, requireGuest, shareAuth, shareAuthMiddleware, effectAuthRoutes, loadUser, type AuthRoutesConfig, } from './auth.js';
+export { RequireAuthLayer, RequireGuestLayer, isAuthenticated, currentUser, requireAuth, requireGuest, shareAuth, shareAuthMiddleware, effectAuthRoutes, betterAuthFormAction, betterAuthLogoutAction, loadUser, type AuthRoutesConfig, type BetterAuthFormActionConfig, type BetterAuthLogoutConfig, type BetterAuthActionResult, } from './auth.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/effect/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/effect/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EACL,eAAe,EACf,WAAW,EACX,eAAe,EACf,eAAe,EACf,cAAc,EACd,sBAAsB,EACtB,KAAK,QAAQ,EACb,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,eAAe,GACrB,MAAM,eAAe,CAAA;AAGtB,OAAO,EACL,eAAe,EACf,iBAAiB,EACjB,aAAa,EACb,cAAc,EACd,SAAS,EACT,QAAQ,EACR,KAAK,QAAQ,GACd,MAAM,aAAa,CAAA;AAGpB,cAAc,aAAa,CAAA;AAG3B,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,QAAQ,EACR,eAAe,GAChB,MAAM,iBAAiB,CAAA;AAGxB,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,gBAAgB,EAChB,KAAK,kBAAkB,GACxB,MAAM,aAAa,CAAA;AAGpB,OAAO,EACL,aAAa,EACb,MAAM,EACN,MAAM,EACN,eAAe,GAChB,MAAM,cAAc,CAAA;AAGrB,OAAO,EACL,YAAY,EACZ,QAAQ,EACR,UAAU,EACV,YAAY,EACZ,UAAU,EACV,WAAW,EACX,WAAW,EACX,cAAc,GACf,MAAM,aAAa,CAAA;AAGpB,OAAO,EACL,QAAQ,EACR,MAAM,EACN,gBAAgB,EAChB,IAAI,EACJ,IAAI,EACJ,QAAQ,EACR,SAAS,EACT,SAAS,EACT,WAAW,EACX,YAAY,EACZ,KAAK,GACN,MAAM,gBAAgB,CAAA;AAGvB,OAAO,EACL,kBAAkB,EAClB,YAAY,EACZ,KAAK,aAAa,EAClB,KAAK,YAAY,GAClB,MAAM,cAAc,CAAA;AAGrB,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,eAAe,EACf,WAAW,EACX,WAAW,EACX,YAAY,EACZ,SAAS,EACT,mBAAmB,EACnB,gBAAgB,EAChB,QAAQ,EACR,KAAK,gBAAgB,GACtB,MAAM,WAAW,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/effect/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EACL,eAAe,EACf,WAAW,EACX,eAAe,EACf,eAAe,EACf,cAAc,EACd,sBAAsB,EACtB,KAAK,QAAQ,EACb,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,eAAe,GACrB,MAAM,eAAe,CAAA;AAGtB,OAAO,EACL,eAAe,EACf,iBAAiB,EACjB,aAAa,EACb,cAAc,EACd,SAAS,EACT,QAAQ,EACR,KAAK,QAAQ,GACd,MAAM,aAAa,CAAA;AAGpB,cAAc,aAAa,CAAA;AAG3B,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,QAAQ,EACR,eAAe,GAChB,MAAM,iBAAiB,CAAA;AAGxB,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,gBAAgB,EAChB,KAAK,kBAAkB,GACxB,MAAM,aAAa,CAAA;AAGpB,OAAO,EACL,aAAa,EACb,MAAM,EACN,MAAM,EACN,eAAe,GAChB,MAAM,cAAc,CAAA;AAGrB,OAAO,EACL,YAAY,EACZ,QAAQ,EACR,UAAU,EACV,YAAY,EACZ,UAAU,EACV,WAAW,EACX,WAAW,EACX,cAAc,GACf,MAAM,aAAa,CAAA;AAGpB,OAAO,EACL,QAAQ,EACR,MAAM,EACN,gBAAgB,EAChB,IAAI,EACJ,IAAI,EACJ,QAAQ,EACR,SAAS,EACT,SAAS,EACT,WAAW,EACX,YAAY,EACZ,KAAK,GACN,MAAM,gBAAgB,CAAA;AAGvB,OAAO,EACL,kBAAkB,EAClB,YAAY,EACZ,KAAK,aAAa,EAClB,KAAK,YAAY,GAClB,MAAM,cAAc,CAAA;AAGrB,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,eAAe,EACf,WAAW,EACX,WAAW,EACX,YAAY,EACZ,SAAS,EACT,mBAAmB,EACnB,gBAAgB,EAChB,oBAAoB,EACpB,sBAAsB,EACtB,QAAQ,EACR,KAAK,gBAAgB,EACrB,KAAK,0BAA0B,EAC/B,KAAK,sBAAsB,EAC3B,KAAK,sBAAsB,GAC5B,MAAM,WAAW,CAAA"}

package/dist/effect/index.js

@@ -22,4 +22,4 @@ export { redirect, render, renderWithErrors, json, text, notFound, forbidden, ht
 // Routing
 export { EffectRouteBuilder, effectRoutes, } from './routing.js';
 // Auth
-export { RequireAuthLayer, RequireGuestLayer, isAuthenticated, currentUser, requireAuth, requireGuest, shareAuth, shareAuthMiddleware, effectAuthRoutes, loadUser, } from './auth.js';
+export { RequireAuthLayer, RequireGuestLayer, isAuthenticated, currentUser, requireAuth, requireGuest, shareAuth, shareAuthMiddleware, effectAuthRoutes, betterAuthFormAction, betterAuthLogoutAction, loadUser, } from './auth.js';

package/dist/helpers.d.ts

@@ -6,6 +6,12 @@ import type { PageObject } from './types.js';
 export interface PageProps {
     errors?: Record<string, string>;
 }
+export interface AssetManifestEntry {
+    file?: string;
+    css?: string[];
+    assets?: string[];
+}
+export type AssetManifest = Record<string, string | AssetManifestEntry>;
 export interface TemplateOptions {
     title?: string;
     scripts?: string[];
@@ -26,16 +32,23 @@ export interface TemplateOptions {
  *
  * @example Dynamic config based on environment
  * ```ts
+ * const entry = manifest['src/main.tsx']
+ * const assetPath = (path: string) => `/${path}`
+ *
  * createTemplate((ctx) => ({
  *   title: 'App',
  *   scripts: ctx.env.ENVIRONMENT === 'production'
- *     ? ['/assets/main.js']
- *     : ['http://localhost:5173/src/main.tsx'],
+ *     ? [assetPath(entry.file)]
+ *     : [vite.script()],
+ *   styles: ctx.env.ENVIRONMENT === 'production'
+ *     ? (entry.css ?? []).map(assetPath)
+ *     : [],
+ *   head: ctx.env.ENVIRONMENT === 'production' ? '' : vite.hmrHead(),
  * }))
  * ```
  */
 export declare function createTemplate(options: TemplateOptions | ((ctx: Context) => TemplateOptions)): (page: PageObject, ctx?: Context) => string;
-export declare function createVersion(manifest: Record<string, string>): string;
+export declare function createVersion(manifest: AssetManifest): string;
 /**
  * Vite development configuration helpers.
  */
@@ -57,7 +70,7 @@ export declare const vite: {
      * @param port - Vite dev server port (default: 5173)
      * @example
      * ```ts
-     * scripts: isProd ? ['/assets/main.js'] : [vite.script()]
+     * scripts: isProd ? [manifest['src/main.tsx'].file] : [vite.script()]
      * ```
      */
     script(entry?: string, port?: number): string;

package/dist/helpers.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"helpers.d.ts","sourceRoot":"","sources":["../src/helpers.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AACnC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAA;AAE5C,MAAM,WAAW,SAAS;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAChC;AAED,MAAM,WAAW,eAAe;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,OAAO,CAAC,EAAE,MAAM,EAAE,CAAA;IAClB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAA;IACjB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,cAAc,CAC5B,OAAO,EAAE,eAAe,GAAG,CAAC,CAAC,GAAG,EAAE,OAAO,KAAK,eAAe,CAAC,GAC7D,CAAC,IAAI,EAAE,UAAU,EAAE,GAAG,CAAC,EAAE,OAAO,KAAK,MAAM,CA6C7C;AAWD,wBAAgB,aAAa,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,CAStE;AAED;;GAEG;AACH,eAAO,MAAM,IAAI;IACf;;;;;;;;OAQG;4BACmB,MAAM;IAa5B;;;;;;;;;OASG;2CAC2C,MAAM;CAGrD,CAAA"}
+{"version":3,"file":"helpers.d.ts","sourceRoot":"","sources":["../src/helpers.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AACnC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAA;AAE5C,MAAM,WAAW,SAAS;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAChC;AAED,MAAM,WAAW,kBAAkB;IACjC,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,GAAG,CAAC,EAAE,MAAM,EAAE,CAAA;IACd,MAAM,CAAC,EAAE,MAAM,EAAE,CAAA;CAClB;AAED,MAAM,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,kBAAkB,CAAC,CAAA;AAEvE,MAAM,WAAW,eAAe;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,OAAO,CAAC,EAAE,MAAM,EAAE,CAAA;IAClB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAA;IACjB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,wBAAgB,cAAc,CAC5B,OAAO,EAAE,eAAe,GAAG,CAAC,CAAC,GAAG,EAAE,OAAO,KAAK,eAAe,CAAC,GAC7D,CAAC,IAAI,EAAE,UAAU,EAAE,GAAG,CAAC,EAAE,OAAO,KAAK,MAAM,CA6C7C;AAWD,wBAAgB,aAAa,CAAC,QAAQ,EAAE,aAAa,GAAG,MAAM,CA8B7D;AAED;;GAEG;AACH,eAAO,MAAM,IAAI;IACf;;;;;;;;OAQG;4BACmB,MAAM;IAa5B;;;;;;;;;OASG;2CAC2C,MAAM;CAGrD,CAAA"}

package/dist/helpers.js

@@ -14,11 +14,18 @@
  *
  * @example Dynamic config based on environment
  * ```ts
+ * const entry = manifest['src/main.tsx']
+ * const assetPath = (path: string) => `/${path}`
+ *
  * createTemplate((ctx) => ({
  *   title: 'App',
  *   scripts: ctx.env.ENVIRONMENT === 'production'
- *     ? ['/assets/main.js']
- *     : ['http://localhost:5173/src/main.tsx'],
+ *     ? [assetPath(entry.file)]
+ *     : [vite.script()],
+ *   styles: ctx.env.ENVIRONMENT === 'production'
+ *     ? (entry.css ?? []).map(assetPath)
+ *     : [],
+ *   head: ctx.env.ENVIRONMENT === 'production' ? '' : vite.hmrHead(),
  * }))
  * ```
  */
@@ -66,7 +73,26 @@ function escapeHtml(str) {
         .replace(/'/g, ''');
 }
 export function createVersion(manifest) {
-    const combined = Object.values(manifest).sort().join('');
+    const assetFiles = [];
+    for (const value of Object.values(manifest)) {
+        if (typeof value === 'string') {
+            assetFiles.push(value);
+            continue;
+        }
+        if (!value || typeof value !== 'object') {
+            continue;
+        }
+        if (typeof value.file === 'string') {
+            assetFiles.push(value.file);
+        }
+        if (Array.isArray(value.css)) {
+            assetFiles.push(...value.css);
+        }
+        if (Array.isArray(value.assets)) {
+            assetFiles.push(...value.assets);
+        }
+    }
+    const combined = assetFiles.sort().join('');
     let hash = 0;
     for (let i = 0; i < combined.length; i++) {
         const char = combined.charCodeAt(i);
@@ -107,7 +133,7 @@ export const vite = {
      * @param port - Vite dev server port (default: 5173)
      * @example
      * ```ts
-     * scripts: isProd ? ['/assets/main.js'] : [vite.script()]
+     * scripts: isProd ? [manifest['src/main.tsx'].file] : [vite.script()]
      * ```
      */
     script(entry = '/src/main.tsx', port = 5173) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "honertia",
-  "version": "0.1.1",
+  "version": "0.1.3",
   "description": "Inertia.js-style server-driven SPA adapter for Hono",
   "type": "module",
   "main": "./dist/index.js",