kitcn 0.12.27 → 0.13.1

package/dist/cli.mjs

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-import { $ as resolveAddTemplateDefaults, A as resolveConfiguredBackend, B as runConvexInitIfNeeded, C as isInitialized, D as readPackageVersions, E as parseInitCommandArgs, Et as highlighter, F as runAfterScaffoldScript, G as trackProcess, H as runInitCommandFlow, I as runAggregateBackfillFlow, J as createSpinner, K as withLocalCodegenEnv, L as runAggregatePruneFlow, M as resolveInitProjectDir, N as resolveMigrationConfig, O as resolveBackfillConfig, P as resolveRunDeps, Q as promptForScaffoldTemplateSelection, R as runBackendFunction, S as isEntryPoint, St as stripConvexCommandNoise, T as parseBackendRunJson, Tt as logger, U as runMigrationCreate, V as runDevSchemaBackfillIfNeeded, W as runMigrationFlow, X as filterScaffoldTemplatePathMap, Y as collectPluginScaffoldTemplates, Z as promptForPluginSelection, _ as formatInfoOutput, _t as applyPluginDependencyInstall, a as cleanup, at as getSupportedPluginKeys, b as hasRemoteConvexDeploymentEnv, bt as resolveAuthEnvState, c as createCommandEnv, ct as resolvePluginScaffoldRoots, d as extractBackfillCliOptions, dt as getPluginLockfilePath, et as resolvePluginPreset, f as extractConcaveRunTargetArgs, ft as getSchemaFilePath, g as formatDocsOutput, gt as applyPlanningDependencyInstall, h as extractResetCliOptions, ht as applyDependencyHintsInstall, i as buildInitializationPlan, it as getPluginCatalogEntry, j as resolveDocTopic, k as resolveCodegenTrimSegments, l as ensureConvexGitignoreEntry, lt as assertSchemaFileExists, m as extractMigrationDownOptions, mt as resolveSchemaInstalledPlugins, n as applyPluginInstallPlanFiles, nt as resolveTemplateSelectionSource, o as createBackendAdapter, ot as isSupportedPluginKey, p as extractMigrationCliOptions, pt as readPluginLockfile, q as withWorkingDirectory, r as assertNoRemovedDevPreRunFlag, rt as resolveTemplatesByIdOrThrow, s as createBackendCommandEnv, st as buildPluginInstallPlan, t as applyDependencyInstallPlan, tt as resolvePresetScaffoldTemplates, u as extractBackendRunTargetArgs, ut as collectInstalledPluginKeys, v as getAggregateBackfillDeploymentKey, vt as inspectPluginDependencyInstall, w as parseArgs, x as isConvexDevPreRunConflictFlag, xt as serializeEnvValue, y as getDevAggregateBackfillStatePath, yt as resolveProjectScaffoldContext, z as runConfiguredCodegen } from "./backend-core-DqCCa0nr.mjs";
+import { $ as promptForScaffoldTemplateSelection, A as resolveCodegenTrimSegments, B as runConfiguredCodegen, C as isEntryPoint, Ct as serializeEnvValue, D as parseInitCommandArgs, Dt as logger, E as parseBackendRunJson, F as resolveRunDeps, G as runMigrationFlow, H as runDevSchemaBackfillIfNeeded, I as runAfterScaffoldScript, J as withWorkingDirectory, K as trackProcess, L as runAggregateBackfillFlow, M as resolveDocTopic, N as resolveInitProjectDir, O as readPackageVersions, Ot as highlighter, P as resolveMigrationConfig, Q as promptForPluginSelection, R as runAggregatePruneFlow, S as isConvexDevPreRunConflictFlag, St as resolveAuthEnvState, T as parseArgs, U as runInitCommandFlow, V as runConvexInitIfNeeded, W as runMigrationCreate, X as collectPluginScaffoldTemplates, Y as createSpinner, Z as filterScaffoldTemplatePathMap, _ as formatInfoOutput, _t as applyPlanningDependencyInstall, a as cleanup, at as getPluginCatalogEntry, b as getDevAggregateBackfillStatePath, bt as resolveSupportedDependencyWarnings, c as createCommandEnv, ct as buildPluginInstallPlan, d as extractBackfillCliOptions, dt as collectInstalledPluginKeys, et as resolveAddTemplateDefaults, f as extractConcaveRunTargetArgs, ft as getPluginLockfilePath, g as formatDocsOutput, gt as applyDependencyHintsInstall, h as extractResetCliOptions, ht as resolveSchemaInstalledPlugins, i as buildInitializationPlan, it as resolveTemplatesByIdOrThrow, j as resolveConfiguredBackend, k as resolveBackfillConfig, l as ensureConvexGitignoreEntry, lt as resolvePluginScaffoldRoots, m as extractMigrationDownOptions, mt as readPluginLockfile, n as applyPluginInstallPlanFiles, nt as resolvePresetScaffoldTemplates, o as createBackendAdapter, ot as getSupportedPluginKeys, p as extractMigrationCliOptions, pt as getSchemaFilePath, q as withLocalCodegenEnv, r as assertNoRemovedDevPreRunFlag, rt as resolveTemplateSelectionSource, s as createBackendCommandEnv, st as isSupportedPluginKey, t as applyDependencyInstallPlan, tt as resolvePluginPreset, u as extractBackendRunTargetArgs, ut as assertSchemaFileExists, v as getAggregateBackfillDeploymentKey, vt as applyPluginDependencyInstall, w as isInitialized, wt as stripConvexCommandNoise, x as hasRemoteConvexDeploymentEnv, xt as resolveProjectScaffoldContext, y as getConvexDeploymentCommandEnv, yt as inspectPluginDependencyInstall, z as runBackendFunction } from "./backend-core-yq-eWLRJ.mjs";
 import fs, { existsSync, readFileSync } from "node:fs";
 import path, { delimiter, dirname, join, relative, resolve } from "node:path";
 import { fileURLToPath } from "node:url";
@@ -381,7 +381,7 @@ function filterDevStartupLine(rawLine) {
 	const line = stripConvexCommandNoise(rawLine).trim();
 	if (!line) return { kind: "skip" };
 	if (DEV_SUPPRESSED_LINE_PATTERNS.some((pattern) => pattern.test(line))) return { kind: "skip" };
-	if (line.includes("Finished running function \"init\"") || line.includes("CONVEX_AGENT_MODE=anonymous mode is in beta") || line.includes("Convex AI files are not installed.") || line.includes("Preparing Convex functions...") || line.includes("Bundling component schemas and implementations") || line.includes("Uploading functions to Convex")) return { kind: "skip" };
+	if (line.includes("Finished running function \"init\"") || line.includes("Convex AI files are not installed.") || line.includes("Preparing Convex functions...") || line.includes("Bundling component schemas and implementations") || line.includes("Uploading functions to Convex")) return { kind: "skip" };
 	if (DEV_READY_LINE_RE.test(line)) return {
 		kind: "ready",
 		message: line.toLowerCase().includes("concave") ? "Concave ready" : "Convex ready"
@@ -652,12 +652,6 @@ function resolveImplicitConvexRemoteDeploymentEnv(cwd = process.cwd()) {
 		CONVEX_SELF_HOSTED_ADMIN_KEY: parsed.CONVEX_SELF_HOSTED_ADMIN_KEY
 	};
 }
-function resolveImplicitConvexAnonymousAgentMode(cwd = process.cwd()) {
-	const envLocalPath = join(cwd, ".env.local");
-	if (!fs.existsSync(envLocalPath)) return;
-	const deployment = parseEnv(fs.readFileSync(envLocalPath, "utf8")).CONVEX_DEPLOYMENT?.trim();
-	if (deployment === "anonymous-agent" || deployment?.startsWith("anonymous:")) return "anonymous";
-}
 function resolveConvexEnvFileCommandEnv(args, cwd = process.cwd()) {
 	let envFilePath = null;
 	for (let i = 0; i < args.length; i += 1) {
@@ -880,12 +874,11 @@ const handleDevCommand = async (argv, deps) => {
 	const explicitConvexTargetArgs = extractBackendRunTargetArgs("convex", convexDevArgs);
 	const explicitConvexCommandEnv = resolveConvexEnvFileCommandEnv(convexDevArgs);
 	const implicitConvexCommandEnv = backend === "convex" && explicitConvexTargetArgs.length === 0 && explicitConvexCommandEnv === null ? resolveImplicitConvexRemoteDeploymentEnv() : null;
-	const implicitConvexAgentMode = backend === "convex" && explicitConvexTargetArgs.length === 0 && !explicitConvexCommandEnv?.CONVEX_AGENT_MODE && !implicitConvexCommandEnv?.CONVEX_AGENT_MODE ? resolveImplicitConvexAnonymousAgentMode() : void 0;
 	const effectiveConvexCommandEnv = explicitConvexCommandEnv ?? implicitConvexCommandEnv;
 	const preRunFunction = config.dev.preRun;
 	if (bootstrap && backend !== "convex") throw new Error("`kitcn dev --bootstrap` is only supported for backend convex.");
 	if (preRunFunction && backend === "concave") throw new Error("`dev.preRun` is only supported for backend convex. Concave dev has no equivalent `--run` flow.");
-	if (preRunFunction && convexDevArgs.some((arg) => isConvexDevPreRunConflictFlag(arg))) throw new Error("`dev.preRun` cannot be combined with Convex dev run flags (`--run`, `--run-sh`, `--run-component`).");
+	if (preRunFunction && convexDevArgs.some((arg) => isConvexDevPreRunConflictFlag(arg))) throw new Error("`dev.preRun` cannot be combined with Convex dev run flags (`--run`, `--start`, `--run-sh`, `--run-component`).");
 	const backendAdapter = createBackendAdapter({
 		backend,
 		realConvexPath,
@@ -926,8 +919,7 @@ const handleDevCommand = async (argv, deps) => {
 		echoOutput: false,
 		env: {
 			...localNodeEnvOverrides,
-			...effectiveConvexCommandEnv,
-			...implicitConvexAgentMode ? { CONVEX_AGENT_MODE: implicitConvexAgentMode } : {}
+			...effectiveConvexCommandEnv
 		},
 		targetArgs
 	});
@@ -980,7 +972,6 @@ const handleDevCommand = async (argv, deps) => {
 		env: createBackendCommandEnv({
 			...localNodeEnvOverrides,
 			...effectiveConvexCommandEnv,
-			...implicitConvexAgentMode ? { CONVEX_AGENT_MODE: implicitConvexAgentMode } : {},
 			...concaveLocalDevContract?.backendEnv
 		}),
 		reject: false
@@ -1781,6 +1772,7 @@ const handleDeployCommand = async (argv, deps = {}) => {
 	const { remainingArgs: deployArgsWithoutMigrationFlags, overrides: deployMigrationOverrides } = extractMigrationCliOptions(parsed.convexArgs);
 	const { remainingArgs: deployCommandArgs, overrides: deployBackfillOverrides } = extractBackfillCliOptions(deployArgsWithoutMigrationFlags);
 	const deployArgs = [...config.deploy.args, ...deployCommandArgs];
+	const deployCommandEnv = backend === "convex" ? getConvexDeploymentCommandEnv() : void 0;
 	const deployResult = await execaFn(backendAdapter.command, [
 		...backendAdapter.argsPrefix,
 		"deploy",
@@ -1788,7 +1780,7 @@ const handleDeployCommand = async (argv, deps = {}) => {
 	], {
 		stdio: "inherit",
 		cwd: process.cwd(),
-		env: createBackendCommandEnv(),
+		env: createBackendCommandEnv(deployCommandEnv),
 		reject: false
 	});
 	if ((deployResult.exitCode ?? 1) !== 0) return deployResult.exitCode ?? 1;
@@ -1800,6 +1792,7 @@ const handleDeployCommand = async (argv, deps = {}) => {
 		backendAdapter,
 		migrationConfig,
 		targetArgs,
+		env: deployCommandEnv,
 		context: "deploy",
 		direction: "up"
 	});
@@ -1810,6 +1803,7 @@ const handleDeployCommand = async (argv, deps = {}) => {
 		backfillConfig,
 		mode: "resume",
 		targetArgs,
+		env: deployCommandEnv,
 		context: "deploy"
 	});
 };
@@ -2470,16 +2464,6 @@ Options:
 function assertNoVerifyLifecycleFlags(args) {
 	if (args.includes("--once") || args.includes("--bootstrap")) throw new Error("`kitcn verify` already runs one-shot runtime proof. Do not pass `--once` or `--bootstrap`.");
 }
-async function withAnonymousVerifyAgentMode(run) {
-	const previous = process.env.CONVEX_AGENT_MODE;
-	if (!previous) process.env.CONVEX_AGENT_MODE = "anonymous";
-	try {
-		return await run();
-	} finally {
-		if (previous === void 0) delete process.env.CONVEX_AGENT_MODE;
-		else process.env.CONVEX_AGENT_MODE = previous;
-	}
-}
 function hasConfiguredLocalConvexDeployment(cwd = process.cwd()) {
 	return fs.existsSync(path.join(cwd, ".convex", "local", "default", "config.json"));
 }
@@ -2524,7 +2508,7 @@ const handleVerifyCommand = async (argv, deps) => {
 	if (getAggregateBackfillDeploymentKey(extractBackendRunTargetArgs(backend, parsed.convexArgs)) !== "local") throw new Error("`kitcn verify` is local-only. Remove remote deployment flags like `--prod`, `--preview-name`, and `--deployment-name`.");
 	const devArgv = buildVerifyDevArgv(argv);
 	if (hasConfiguredLocalConvexDeployment()) return handleDevCommand(devArgv, deps);
-	return withIsolatedLocalConvexState(() => withAnonymousVerifyAgentMode(() => handleDevCommand(devArgv, deps)));
+	return withIsolatedLocalConvexState(() => handleDevCommand(devArgv, deps));
 };
 
 //#endregion
@@ -2654,6 +2638,15 @@ const LOCAL_NODE_REEXEC_COMMANDS = new Set([
 	"init",
 	"verify"
 ]);
+const DEPENDENCY_WARNING_COMMANDS = new Set([
+	"add",
+	"codegen",
+	"deploy",
+	"dev",
+	"env",
+	"init",
+	"verify"
+]);
 const COMMAND_HELP = {
 	init: INIT_HELP_TEXT,
 	add: ADD_HELP_TEXT,
@@ -2759,6 +2752,10 @@ const printCommandHelp = (command, backend = "convex") => {
 	}
 	printRootHelp(backend);
 };
+function warnSupportedDependencyIssues(command) {
+	if (!DEPENDENCY_WARNING_COMMANDS.has(command)) return;
+	for (const warning of resolveSupportedDependencyWarnings()) logger.warn(`⚠️  kitcn expects ${warning.packageName} ${warning.minimum}; found ${warning.current}. Run \`bun add ${warning.installSpec}\` when you can.`);
+}
 const handlePassthroughCommand = async (argv, deps) => {
 	const parsed = parseArgs(argv);
 	const { execa: execaFn, loadCliConfig, realConvex, realConcave } = resolveRunDeps(deps);
@@ -2811,6 +2808,7 @@ async function run(argv, deps) {
 			deps
 		});
 		if (reexecExitCode !== null) return reexecExitCode;
+		warnSupportedDependencyIssues("dev");
 		return handleDevCommand(argv, deps);
 	}
 	if (VERSION_FLAGS.has(argv[0])) {
@@ -2846,7 +2844,9 @@ async function run(argv, deps) {
 		printCommandHelp(parsed.command, getBackend());
 		return 0;
 	}
-	return (COMMAND_HANDLERS[parsed.command] ?? handlePassthroughCommand)(argv, deps);
+	const handler = COMMAND_HANDLERS[parsed.command] ?? handlePassthroughCommand;
+	warnSupportedDependencyIssues(parsed.command);
+	return handler(argv, deps);
 }
 if (isEntryPoint(process.argv[1], __filename)) {
 	process.on("SIGINT", () => process.exit(0));

package/dist/convex-plugin-C3N9BB-J.js

@@ -0,0 +1,275 @@
+import { r as omit } from "./upstream-BR6sBLg3.js";
+import { createAuthEndpoint, createAuthMiddleware, sessionMiddleware } from "better-auth/api";
+import { bearer } from "better-auth/plugins/bearer";
+import { jwt } from "better-auth/plugins/jwt";
+import { oidcProvider } from "better-auth/plugins/oidc-provider";
+
+//#region src/auth/internal/convex-plugin.ts
+const JWT_COOKIE_NAME = "convex_jwt";
+const normalizeAfterHooks = (hooks) => {
+	return hooks.map((hook) => ({
+		...hook,
+		matcher: (ctx) => Boolean(hook.matcher(ctx))
+	}));
+};
+const getJwksAlg = (authProvider) => {
+	const isCustomJwt = "type" in authProvider && authProvider.type === "customJwt";
+	if (isCustomJwt && authProvider.algorithm !== "RS256") throw new Error("Only RS256 is supported for custom JWT with Better Auth");
+	return isCustomJwt ? authProvider.algorithm : "EdDSA";
+};
+const parseAuthConfig = (authConfig, opts) => {
+	const providerConfigs = authConfig.providers.filter((provider) => provider.applicationID === "convex");
+	if (providerConfigs.length > 1) throw new Error("Multiple auth providers with applicationID 'convex' detected. Please use only one.");
+	const providerConfig = providerConfigs[0];
+	if (!providerConfig) throw new Error("No auth provider with applicationID 'convex' found. Please add one to your auth config.");
+	if (!("type" in providerConfig) || providerConfig.type !== "customJwt") return providerConfig;
+	const isDataUriJwks = providerConfig.jwks?.startsWith("data:text/");
+	if (isDataUriJwks && !opts.jwks) throw new Error("Static JWKS detected in auth config, but missing from Convex plugin");
+	if (!isDataUriJwks && opts.jwks) console.warn("Static JWKS provided to Convex plugin, but not to auth config. This adds an unnecessary network request for token verification.");
+	return providerConfig;
+};
+const convex = (opts) => {
+	const jwtExpirationSeconds = opts.jwt?.expirationSeconds ?? opts.jwtExpirationSeconds ?? 900;
+	const oidcProvider$1 = oidcProvider({
+		loginPage: "/not-used",
+		metadata: {
+			issuer: `${process.env.CONVEX_SITE_URL}`,
+			jwks_uri: `${process.env.CONVEX_SITE_URL}${opts.options?.basePath ?? "/api/auth"}/convex/jwks`
+		}
+	});
+	const providerConfig = parseAuthConfig(opts.authConfig, opts);
+	const jwtOptions = {
+		jwt: {
+			issuer: `${process.env.CONVEX_SITE_URL}`,
+			audience: "convex",
+			expirationTime: `${jwtExpirationSeconds}s`,
+			definePayload: async ({ user, session }) => ({
+				...opts.jwt?.definePayload ? await opts.jwt.definePayload({
+					session,
+					user
+				}) : omit(user, ["id", "image"]),
+				sessionId: session.id,
+				iat: Math.floor(Date.now() / 1e3)
+			})
+		},
+		jwks: { keyPairConfig: { alg: getJwksAlg(providerConfig) } }
+	};
+	const jwks = opts.jwks ? JSON.parse(opts.jwks) : void 0;
+	const jwt$1 = jwt({
+		...jwtOptions,
+		adapter: {
+			createJwk: async (webKey, ctx) => {
+				if (opts.jwks) throw new Error("Not implemented");
+				return await ctx.context.adapter.create({
+					model: "jwks",
+					data: {
+						...webKey,
+						createdAt: /* @__PURE__ */ new Date()
+					}
+				});
+			},
+			getJwks: async (ctx) => {
+				if (opts.jwks) return jwks;
+				return (await ctx.context.adapter.findMany({
+					model: "jwks",
+					sortBy: {
+						direction: "desc",
+						field: "createdAt"
+					}
+				})).map((key) => ({
+					...key,
+					createdAt: new Date(key.createdAt),
+					...key.expiresAt ? { expiresAt: new Date(key.expiresAt) } : {}
+				}));
+			}
+		}
+	});
+	const bearer$1 = bearer();
+	const schema = {
+		user: { fields: { userId: {
+			type: "string",
+			required: false,
+			input: false
+		} } },
+		...jwt$1.schema
+	};
+	return {
+		id: "convex",
+		init: (ctx) => {
+			const { options } = ctx;
+			if (options.basePath !== "/api/auth" && !opts.options?.basePath) console.warn(`Better Auth basePath set to ${options.basePath} but no basePath is set in the Convex plugin. This is probably a mistake.`);
+			if (opts.options?.basePath && options.basePath !== opts.options?.basePath) console.warn(`Better Auth basePath ${options.basePath} does not match Convex plugin basePath ${opts.options?.basePath}. This is probably a mistake.`);
+		},
+		hooks: {
+			before: [...bearer$1.hooks.before, {
+				matcher: (ctx) => {
+					return !ctx.context.adapter.options?.isRunMutationCtx;
+				},
+				handler: createAuthMiddleware(async (ctx) => {
+					ctx.query = {
+						...ctx.query,
+						disableRefresh: true
+					};
+					ctx.context.internalAdapter.deleteSession = async (..._args) => {};
+					const knownSafePaths = ["/api-key/list", "/api-key/get"];
+					const noopWrite = (method) => {
+						return async (..._args) => {
+							if (ctx.path && !knownSafePaths.includes(ctx.path)) console.warn(`[convex-better-auth] Write operation "${method}" skipped in query context for ${ctx.path}`);
+							return 0;
+						};
+					};
+					ctx.context.adapter.create = noopWrite("create");
+					ctx.context.adapter.update = noopWrite("update");
+					ctx.context.adapter.updateMany = noopWrite("updateMany");
+					ctx.context.adapter.delete = noopWrite("delete");
+					ctx.context.adapter.deleteMany = noopWrite("deleteMany");
+					return { context: ctx };
+				})
+			}],
+			after: [
+				...normalizeAfterHooks(oidcProvider$1.hooks.after),
+				{
+					matcher: (ctx) => {
+						return Boolean(ctx.path?.startsWith("/sign-in") || ctx.path?.startsWith("/sign-up") || ctx.path?.startsWith("/callback") || ctx.path?.startsWith("/oauth2/callback") || ctx.path?.startsWith("/magic-link/verify") || ctx.path?.startsWith("/email-otp/verify-email") || ctx.path?.startsWith("/phone-number/verify") || ctx.path?.startsWith("/siwe/verify") || ctx.path?.startsWith("/update-session") || ctx.path?.startsWith("/get-session") && ctx.context.session);
+					},
+					handler: createAuthMiddleware(async (ctx) => {
+						const originalSession = ctx.context.session;
+						try {
+							ctx.context.session = ctx.context.session ?? ctx.context.newSession;
+							const { token } = await jwt$1.endpoints.getToken({
+								...ctx,
+								headers: {},
+								method: "GET",
+								returnHeaders: false,
+								returnStatus: false
+							});
+							const jwtCookie = ctx.context.createAuthCookie(JWT_COOKIE_NAME, { maxAge: jwtExpirationSeconds });
+							ctx.setCookie(jwtCookie.name, token, jwtCookie.attributes);
+						} catch (_error) {}
+						ctx.context.session = originalSession;
+					})
+				},
+				{
+					matcher: (ctx) => {
+						return Boolean(ctx.path?.startsWith("/sign-out") || ctx.path?.startsWith("/delete-user") || ctx.path?.startsWith("/get-session") && !ctx.context.session);
+					},
+					handler: createAuthMiddleware(async (ctx) => {
+						const jwtCookie = ctx.context.createAuthCookie(JWT_COOKIE_NAME, { maxAge: 0 });
+						ctx.setCookie(jwtCookie.name, "", jwtCookie.attributes);
+					})
+				}
+			]
+		},
+		endpoints: {
+			getOpenIdConfig: createAuthEndpoint("/convex/.well-known/openid-configuration", {
+				method: "GET",
+				metadata: { isAction: false }
+			}, async (ctx) => {
+				return await oidcProvider$1.endpoints.getOpenIdConfig({
+					...ctx,
+					returnHeaders: false,
+					returnStatus: false
+				});
+			}),
+			getJwks: createAuthEndpoint("/convex/jwks", {
+				method: "GET",
+				metadata: { openapi: {
+					description: "Get the JSON Web Key Set",
+					responses: { "200": { description: "JSON Web Key Set retrieved successfully" } }
+				} }
+			}, async (ctx) => {
+				return await jwt$1.endpoints.getJwks({
+					...ctx,
+					returnHeaders: false,
+					returnStatus: false
+				});
+			}),
+			getLatestJwks: createAuthEndpoint("/convex/latest-jwks", {
+				isAction: true,
+				method: "POST",
+				metadata: {
+					SERVER_ONLY: true,
+					openapi: { description: "Delete and regenerate JWKS, and return the new JWKS for static usage" }
+				}
+			}, async (ctx) => {
+				await jwt(jwtOptions).endpoints.getJwks({
+					...ctx,
+					method: "GET"
+				});
+				const jwks = await ctx.context.adapter.findMany({
+					model: "jwks",
+					limit: 1,
+					sortBy: {
+						direction: "desc",
+						field: "createdAt"
+					}
+				});
+				jwks[0].alg = jwtOptions.jwks.keyPairConfig.alg;
+				return jwks;
+			}),
+			rotateKeys: createAuthEndpoint("/convex/rotate-keys", {
+				isAction: true,
+				method: "POST",
+				metadata: {
+					SERVER_ONLY: true,
+					openapi: { description: "Delete and regenerate JWKS, and return the new JWKS for static usage" }
+				}
+			}, async (ctx) => {
+				await ctx.context.adapter.deleteMany({
+					model: "jwks",
+					where: []
+				});
+				await jwt(jwtOptions).endpoints.getJwks({
+					...ctx,
+					method: "GET"
+				});
+				const jwks = await ctx.context.adapter.findMany({
+					model: "jwks",
+					limit: 1,
+					sortBy: {
+						direction: "desc",
+						field: "createdAt"
+					}
+				});
+				jwks[0].alg = jwtOptions.jwks.keyPairConfig.alg;
+				return jwks;
+			}),
+			getToken: createAuthEndpoint("/convex/token", {
+				method: "GET",
+				requireHeaders: true,
+				use: [sessionMiddleware],
+				metadata: { openapi: { description: "Get a JWT token" } }
+			}, async (ctx) => {
+				const runEndpoint = async () => {
+					const response = await jwt$1.endpoints.getToken({
+						...ctx,
+						returnHeaders: false,
+						returnStatus: false
+					});
+					const jwtCookie = ctx.context.createAuthCookie(JWT_COOKIE_NAME, { maxAge: jwtExpirationSeconds });
+					ctx.setCookie(jwtCookie.name, response.token, jwtCookie.attributes);
+					return response;
+				};
+				try {
+					return await runEndpoint();
+				} catch (error) {
+					if (!opts.jwks && error?.code === "ERR_JOSE_NOT_SUPPORTED") {
+						if (opts.jwksRotateOnTokenGenerationError) {
+							await ctx.context.adapter.deleteMany({
+								model: "jwks",
+								where: []
+							});
+							return await runEndpoint();
+						}
+						console.error("Try temporarily setting jwksRotateOnTokenGenerationError: true on the Convex Better Auth plugin.");
+					}
+					throw error;
+				}
+			})
+		},
+		schema
+	};
+};
+
+//#endregion
+export { convex as n, JWT_COOKIE_NAME as t };