Better Auth 1.5.0: fix breaking issues with new release 🚨#1089
Conversation
jhaynie
changed the title
📝 WalkthroughWalkthroughMonorepo-wide version bump from 1.0.27 to 1.0.28 across package manifests and plugin metadata files. Dependency updates for better-auth from ^1.4.9 to ^1.5.0 with import path migrations to Changes
🚥 Pre-merge checks | ✅ 1✅ Passed checks (1 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Comment |
📦 Canary Packages Publishedversion: PackagesInstallAdd to your {
"dependencies": {
"@agentuity/frontend": "https://agentuity-sdk-objects.t3.storageapi.dev/npm/1.0.28-4027565/agentuity-frontend-1.0.28-4027565.tgz",
"@agentuity/postgres": "https://agentuity-sdk-objects.t3.storageapi.dev/npm/1.0.28-4027565/agentuity-postgres-1.0.28-4027565.tgz",
"@agentuity/auth": "https://agentuity-sdk-objects.t3.storageapi.dev/npm/1.0.28-4027565/agentuity-auth-1.0.28-4027565.tgz",
"@agentuity/react": "https://agentuity-sdk-objects.t3.storageapi.dev/npm/1.0.28-4027565/agentuity-react-1.0.28-4027565.tgz",
"@agentuity/opencode": "https://agentuity-sdk-objects.t3.storageapi.dev/npm/1.0.28-4027565/agentuity-opencode-1.0.28-4027565.tgz",
"@agentuity/runtime": "https://agentuity-sdk-objects.t3.storageapi.dev/npm/1.0.28-4027565/agentuity-runtime-1.0.28-4027565.tgz",
"@agentuity/server": "https://agentuity-sdk-objects.t3.storageapi.dev/npm/1.0.28-4027565/agentuity-server-1.0.28-4027565.tgz",
"@agentuity/pi": "https://agentuity-sdk-objects.t3.storageapi.dev/npm/1.0.28-4027565/agentuity-pi-1.0.28-4027565.tgz",
"@agentuity/evals": "https://agentuity-sdk-objects.t3.storageapi.dev/npm/1.0.28-4027565/agentuity-evals-1.0.28-4027565.tgz",
"@agentuity/cli": "https://agentuity-sdk-objects.t3.storageapi.dev/npm/1.0.28-4027565/agentuity-cli-1.0.28-4027565.tgz",
"@agentuity/claude-code": "https://agentuity-sdk-objects.t3.storageapi.dev/npm/1.0.28-4027565/agentuity-claude-code-1.0.28-4027565.tgz",
"@agentuity/schema": "https://agentuity-sdk-objects.t3.storageapi.dev/npm/1.0.28-4027565/agentuity-schema-1.0.28-4027565.tgz",
"@agentuity/drizzle": "https://agentuity-sdk-objects.t3.storageapi.dev/npm/1.0.28-4027565/agentuity-drizzle-1.0.28-4027565.tgz",
"@agentuity/core": "https://agentuity-sdk-objects.t3.storageapi.dev/npm/1.0.28-4027565/agentuity-core-1.0.28-4027565.tgz",
"@agentuity/workbench": "https://agentuity-sdk-objects.t3.storageapi.dev/npm/1.0.28-4027565/agentuity-workbench-1.0.28-4027565.tgz"
}
}Or install directly: bun add https://agentuity-sdk-objects.t3.storageapi.dev/npm/1.0.28-4027565/agentuity-frontend-1.0.28-4027565.tgz
bun add https://agentuity-sdk-objects.t3.storageapi.dev/npm/1.0.28-4027565/agentuity-postgres-1.0.28-4027565.tgz
bun add https://agentuity-sdk-objects.t3.storageapi.dev/npm/1.0.28-4027565/agentuity-auth-1.0.28-4027565.tgz
bun add https://agentuity-sdk-objects.t3.storageapi.dev/npm/1.0.28-4027565/agentuity-react-1.0.28-4027565.tgz
bun add https://agentuity-sdk-objects.t3.storageapi.dev/npm/1.0.28-4027565/agentuity-opencode-1.0.28-4027565.tgz
bun add https://agentuity-sdk-objects.t3.storageapi.dev/npm/1.0.28-4027565/agentuity-runtime-1.0.28-4027565.tgz
bun add https://agentuity-sdk-objects.t3.storageapi.dev/npm/1.0.28-4027565/agentuity-server-1.0.28-4027565.tgz
bun add https://agentuity-sdk-objects.t3.storageapi.dev/npm/1.0.28-4027565/agentuity-pi-1.0.28-4027565.tgz
bun add https://agentuity-sdk-objects.t3.storageapi.dev/npm/1.0.28-4027565/agentuity-evals-1.0.28-4027565.tgz
bun add https://agentuity-sdk-objects.t3.storageapi.dev/npm/1.0.28-4027565/agentuity-cli-1.0.28-4027565.tgz
bun add https://agentuity-sdk-objects.t3.storageapi.dev/npm/1.0.28-4027565/agentuity-claude-code-1.0.28-4027565.tgz
bun add https://agentuity-sdk-objects.t3.storageapi.dev/npm/1.0.28-4027565/agentuity-schema-1.0.28-4027565.tgz
bun add https://agentuity-sdk-objects.t3.storageapi.dev/npm/1.0.28-4027565/agentuity-drizzle-1.0.28-4027565.tgz
bun add https://agentuity-sdk-objects.t3.storageapi.dev/npm/1.0.28-4027565/agentuity-core-1.0.28-4027565.tgz
bun add https://agentuity-sdk-objects.t3.storageapi.dev/npm/1.0.28-4027565/agentuity-workbench-1.0.28-4027565.tgz |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 3
🧹 Nitpick comments (1)
packages/auth/src/agentuity/react.tsx (1)
308-310: Consider usingStructuredErrorfor error handling.The error wrapping at line 310 uses a plain
Errorinstead ofStructuredErrorfrom@agentuity/core. As per coding guidelines,StructuredErrorshould be used for error handling.♻️ Suggested refactor
+import { StructuredError } from '@agentuity/core';} catch (err) { console.error('[AuthProvider] Failed to get auth state:', err); - setError(err instanceof Error ? err : new Error('Failed to get auth state')); + setError(err instanceof StructuredError ? err : new StructuredError('Failed to get auth state', { cause: err })); setUser(null);As per coding guidelines: "Use
StructuredErrorfrom@agentuity/corefor error handling".🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@packages/auth/src/agentuity/react.tsx` around lines 308 - 310, Replace the plain Error wrapping in the catch block with a StructuredError from `@agentuity/core`: import StructuredError and when catching err, if it's already an instance of StructuredError use it, else if it's an Error convert it to a new StructuredError preserving message and stack, and for non-Error values create a StructuredError with a descriptive message and original value in metadata; pass that StructuredError into setError and include it in the console.error call. Ensure you update the catch in the same scope where setError is called (the AuthProvider/get auth state handler).
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@apps/testing/auth-package-app/package.json`:
- Line 26: In package.json update the better-auth dependency string from
"^1.5.0" to a published version to avoid install failures (e.g.,
"^1.5.0-beta.9"); locate the better-auth entry in the dependencies block (the
"better-auth" key) and replace the version value accordingly, or pin to the
latest stable release available on npm if you prefer not to use a beta.
In `@packages/auth/src/agentuity/config.ts`:
- Around line 422-424: resolvedBaseURL is computed but restOptions still
contains the original (possibly unsafe) baseURL which later gets spread into
betterAuth(); replace or remove the raw baseURL in restOptions before passing it
on. Locate where resolvedBaseURL and restOptions are used and construct
sanitized options for betterAuth() by either setting baseURL to resolvedBaseURL
(when defined) or removing/undefined-ing the baseURL key from the options object
so the original unsanitized value cannot be passed through; ensure the variable
passed into betterAuth() uses this sanitized options object instead of the
original restOptions.
In `@packages/auth/src/agentuity/react.tsx`:
- Around line 12-13: The import for apiKeyClient is using the wrong package;
replace the separate import of apiKeyClient from '@better-auth/api-key/client'
with a single named import from 'better-auth/client/plugins' so that both
organizationClient and apiKeyClient are imported together (update the import
statement that currently references organizationClient and apiKeyClient to:
import { organizationClient, apiKeyClient } from 'better-auth/client/plugins';).
---
Nitpick comments:
In `@packages/auth/src/agentuity/react.tsx`:
- Around line 308-310: Replace the plain Error wrapping in the catch block with
a StructuredError from `@agentuity/core`: import StructuredError and when catching
err, if it's already an instance of StructuredError use it, else if it's an
Error convert it to a new StructuredError preserving message and stack, and for
non-Error values create a StructuredError with a descriptive message and
original value in metadata; pass that StructuredError into setError and include
it in the console.error call. Ensure you update the catch in the same scope
where setError is called (the AuthProvider/get auth state handler).
ℹ️ Review info
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
bun.lockis excluded by!**/*.lock
📒 Files selected for processing (26)
.claude-plugin/marketplace.jsonapps/create-agentuity/package.jsonapps/docs/package.jsonapps/testing/auth-package-app/package.jsonapps/testing/package.jsonpackage.jsonpackages/auth/package.jsonpackages/auth/src/agentuity/config.tspackages/auth/src/agentuity/react.tsxpackages/claude-code/.claude-plugin/plugin.jsonpackages/claude-code/package.jsonpackages/cli/package.jsonpackages/core/package.jsonpackages/drizzle/package.jsonpackages/evals/package.jsonpackages/frontend/package.jsonpackages/opencode/package.jsonpackages/pi/package.jsonpackages/postgres/package.jsonpackages/react/package.jsonpackages/runtime/package.jsonpackages/schema/package.jsonpackages/server/package.jsonpackages/test-utils/package.jsonpackages/vscode/package.jsonpackages/workbench/package.json
📜 Review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)
- GitHub Check: Agentuity Deployment
- GitHub Check: Sandbox CLI Tests
- GitHub Check: Queue CLI Tests
- GitHub Check: Framework Integration Tests (TanStack & Next.js)
- GitHub Check: Cloud Deployment Tests
- GitHub Check: Playwright E2E Smoke Test
- GitHub Check: SDK Integration Test Suite
- GitHub Check: Build
🧰 Additional context used
📓 Path-based instructions (7)
**/*.{ts,tsx,js,jsx,json,md}
📄 CodeRabbit inference engine (AGENTS.md)
Use Prettier with tabs (width 3), single quotes, and semicolons for code formatting
Files:
packages/auth/package.jsonpackages/opencode/package.jsonpackages/server/package.jsonpackages/auth/src/agentuity/react.tsxpackages/vscode/package.jsonpackages/core/package.jsonapps/docs/package.jsonpackages/pi/package.jsonpackages/drizzle/package.jsonpackage.jsonpackages/schema/package.jsonpackages/auth/src/agentuity/config.tspackages/react/package.jsonpackages/postgres/package.jsonpackages/runtime/package.jsonapps/testing/package.jsonpackages/evals/package.jsonpackages/workbench/package.jsonpackages/claude-code/package.jsonpackages/frontend/package.jsonapps/testing/auth-package-app/package.jsonpackages/test-utils/package.jsonapps/create-agentuity/package.jsonpackages/cli/package.json
packages/auth/**/*.{ts,tsx}
📄 CodeRabbit inference engine (packages/auth/AGENTS.md)
packages/auth/**/*.{ts,tsx}: All public APIs should use the 'AgentuityAuth' prefix instead of 'BetterAuth'
All React code should be imported from '@agentuity/auth/react', including AuthProvider, createAuthClient, and useAuth
Files:
packages/auth/src/agentuity/react.tsxpackages/auth/src/agentuity/config.ts
packages/auth/**/*.tsx
📄 CodeRabbit inference engine (packages/auth/AGENTS.md)
Use React hooks and components from '@agentuity/auth/react' for client-side authentication in React applications
Files:
packages/auth/src/agentuity/react.tsx
**/*.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
Use TypeScript in strict mode with ESNext target and bundler moduleResolution
Files:
packages/auth/src/agentuity/react.tsxpackages/auth/src/agentuity/config.ts
**/*.{ts,tsx,js,jsx}
📄 CodeRabbit inference engine (AGENTS.md)
Use
StructuredErrorfrom@agentuity/corefor error handling
Files:
packages/auth/src/agentuity/react.tsxpackages/auth/src/agentuity/config.ts
apps/docs/**/*.json
📄 CodeRabbit inference engine (apps/docs/AGENTS.md)
Workspace dependencies must use workspace:* protocol for local package references (
@agentuity/runtime,@agentuity/react,@agentuity/schema,@agentuity/workbench,@agentuity/evals,@agentuity/cli)
Files:
apps/docs/package.json
packages/auth/**/config.ts
📄 CodeRabbit inference engine (packages/auth/AGENTS.md)
packages/auth/**/config.ts: Prefer environment variable 'AGENTUITY_AUTH_SECRET' over 'BETTER_AUTH_SECRET'
Set default basePath to '/api/auth' for authentication routes
Enable emailAndPassword authentication by default
Use the 'organization' plugin by default for multi-tenancy support
Use the 'jwt' plugin by default for token generation
Use the 'bearer' plugin by default for bearer token authentication
Use the 'apiKey' plugin by default for API key management
Files:
packages/auth/src/agentuity/config.ts
🧠 Learnings (1)
📚 Learning: 2025-12-21T00:31:41.858Z
Learnt from: jhaynie
Repo: agentuity/sdk PR: 274
File: packages/cli/src/cmd/build/vite/server-bundler.ts:12-41
Timestamp: 2025-12-21T00:31:41.858Z
Learning: In Bun runtime, BuildMessage and ResolveMessage are global types and are not exported from the bun module. Do not import { BuildMessage } from 'bun' or similar; these types are available globally and should be used without import. This applies to all TypeScript files that target the Bun runtime within the repository.
Applied to files:
packages/auth/src/agentuity/config.ts
🔇 Additional comments (26)
packages/opencode/package.json (1)
3-3: Version bump looks correct.This manifest update is consistent with the coordinated
1.0.28release changes.packages/vscode/package.json (1)
6-6: LGTM for this package version update.The version increment is clean and aligned with the release bump.
packages/drizzle/package.json (2)
3-3: Version alignment is good.This package version bump is consistent with the repo-wide
1.0.28release.
47-47: Dependency update matches the PR objective.Upgrading
better-authto^1.5.0is consistent with the Better Auth migration intent.packages/pi/package.json (1)
3-3: No concerns on this change.The
1.0.28version bump is straightforward and consistent.packages/workbench/package.json (1)
3-3: Looks good.This version update is consistent with the coordinated release bump.
packages/cli/package.json (1)
3-3: Version bump is clean.No issues found with this manifest change.
packages/frontend/package.json (1)
3-3: LGTM.This version update is consistent and non-risky.
apps/testing/package.json (1)
3-3: No concerns here.The testing app version increment is straightforward and consistent with the release.
packages/schema/package.json (1)
3-3: LGTM!Version bump to 1.0.28 aligns with the repo-wide release.
packages/core/package.json (1)
3-3: LGTM!Version bump to 1.0.28 consistent with other packages in this release.
packages/runtime/package.json (1)
3-3: LGTM!Version bump to 1.0.28 is consistent with the monorepo-wide release.
packages/react/package.json (1)
3-3: LGTM!Version bump to 1.0.28 aligns with the release.
packages/evals/package.json (1)
3-3: LGTM!Version bump to 1.0.28 is consistent with the release.
apps/docs/package.json (1)
3-3: LGTM!Version bump to 1.0.28 is consistent with the release. All local package references correctly use the
workspace:*protocol as required. As per coding guidelines: "Workspace dependencies must use workspace:* protocol for local package references".packages/test-utils/package.json (1)
3-3: LGTM!Version bump to 1.0.28 for the internal test utilities package.
apps/create-agentuity/package.json (1)
3-3: LGTM!Version bump to 1.0.28 for the create-agentuity CLI wrapper.
packages/claude-code/package.json (1)
3-3: LGTM!Version bump to 1.0.28 aligns with the repo-wide release.
packages/server/package.json (1)
3-3: LGTM!Version bump to 1.0.28 aligns with the repo-wide release.
package.json (1)
3-3: LGTM!Root version bump to 1.0.28 aligns with the monorepo-wide release.
packages/postgres/package.json (1)
3-3: LGTM!Version bump to 1.0.28 aligns with the repo-wide release.
packages/claude-code/.claude-plugin/plugin.json (1)
3-3: LGTM!Version bump to 1.0.28 and keywords reformatting to single-line array are consistent with the marketplace.json changes.
Also applies to: 12-12
.claude-plugin/marketplace.json (1)
9-9: LGTM!Version bumps to 1.0.28 in both metadata and plugin entry are consistent with the repo-wide release. Keywords reformatting aligns with plugin.json changes.
Also applies to: 16-16, 23-23
packages/auth/src/agentuity/config.ts (1)
11-12: No actionable concerns in this import migration segment.packages/auth/package.json (2)
3-3: No actionable concerns in this version bump segment.
45-46: No actionable concerns in this dependency bump segment.
| "@ai-sdk/openai": "^3.0.1", | ||
| "ai": "^6.0.3", | ||
| "better-auth": "^1.4.9", | ||
| "better-auth": "^1.5.0", |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
# Check better-auth and `@better-auth/api-key` versions on npm
curl -s https://registry.npmjs.org/better-auth | jq '.versions | keys[-5:]' 2>/dev/null || echo "Failed to fetch better-auth"
curl -s https://registry.npmjs.org/@better-auth/api-key | jq '.versions | keys[-5:]' 2>/dev/null || echo "Failed to fetch `@better-auth/api-key`"Repository: agentuity/sdk
Length of output: 201
🏁 Script executed:
# Check if the referenced file exists and contains relevant changes
fd "react.tsx" --type f | grep -E "packages/auth.*react\.tsx"Repository: agentuity/sdk
Length of output: 94
🏁 Script executed:
# Verify the package.json file and its formatting
git ls-files apps/testing/auth-package-app/package.json
cat -n apps/testing/auth-package-app/package.json | head -30Repository: agentuity/sdk
Length of output: 1192
🏁 Script executed:
cat -n packages/auth/src/agentuity/react.tsx | head -50Repository: agentuity/sdk
Length of output: 1973
Update better-auth version: ^1.5.0 stable does not exist on npm.
The stable version 1.5.0 is not available on npm (only beta versions exist: 1.5.0-beta.5 through 1.5.0-beta.9). Using ^1.5.0 will cause npm install to fail. Update to the latest available version such as ^1.5.0-beta.9 or wait for the stable 1.5.0 release.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@apps/testing/auth-package-app/package.json` at line 26, In package.json
update the better-auth dependency string from "^1.5.0" to a published version to
avoid install failures (e.g., "^1.5.0-beta.9"); locate the better-auth entry in
the dependencies block (the "better-auth" key) and replace the version value
accordingly, or pin to the latest stable release available on npm if you prefer
not to use a beta.
| const resolvedBaseURL = resolveBaseURL( | ||
| typeof restOptions.baseURL === 'string' ? restOptions.baseURL : undefined | ||
| ); |
There was a problem hiding this comment.
Sanitized baseURL can still leak unsanitized input into betterAuth().
Line 422-424 computes a safe resolvedBaseURL, but restOptions still contains the original baseURL. When resolvedBaseURL is undefined, the spread at Line 479 passes the original value through.
Proposed fix
export function createAuth<T extends AuthOptions>(options: T) {
const {
skipDefaultPlugins,
plugins = [],
apiKey: apiKeyOptions,
connectionString,
+ baseURL: explicitBaseURL,
...restOptions
} = options;
const resolvedBaseURL = resolveBaseURL(
- typeof restOptions.baseURL === 'string' ? restOptions.baseURL : undefined
+ typeof explicitBaseURL === 'string' ? explicitBaseURL : undefined
);🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@packages/auth/src/agentuity/config.ts` around lines 422 - 424,
resolvedBaseURL is computed but restOptions still contains the original
(possibly unsafe) baseURL which later gets spread into betterAuth(); replace or
remove the raw baseURL in restOptions before passing it on. Locate where
resolvedBaseURL and restOptions are used and construct sanitized options for
betterAuth() by either setting baseURL to resolvedBaseURL (when defined) or
removing/undefined-ing the baseURL key from the options object so the original
unsanitized value cannot be passed through; ensure the variable passed into
betterAuth() uses this sanitized options object instead of the original
restOptions.
| import { organizationClient } from 'better-auth/client/plugins'; | ||
| import { apiKeyClient } from '@better-auth/api-key/client'; |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
better-auth 1.5.0 organizationClient apiKeyClient import paths migration
💡 Result:
In Better Auth v1.5.0, the client plugin import paths for organizationClient and apiKeyClient do not change—you still import them from better-auth/client/plugins as shown in the official plugin docs:
import { createAuthClient } from "better-auth/client";
import { organizationClient, apiKeyClient } from "better-auth/client/plugins";
export const authClient = createAuthClient({
plugins: [organizationClient(), apiKeyClient()],
});- Organization client plugin docs show
organizationClientfrombetter-auth/client/plugins. [1] - API Key client plugin docs show
apiKeyClientfrombetter-auth/client/plugins. [2]
What does change in 1.5.0 (migration)
CLI migration: v1.5.0 introduces the new standalone CLI npx auth, replacing the old @better-auth/cli command (which is slated for deprecation). Use:
npx auth upgradenpx auth migrate/npx auth generate[3]
Potential breaking change to watch (organization): if your code/schema references an Organization permission field, v1.5.0 notes it has been renamed to permissions (plural)—you may need to regenerate/apply migrations accordingly. [3]
Other noted migration gotcha: if you import getMigrations from better-auth, it moved to better-auth/db/migration. [3]
Sources:
[1] (better-auth.com)
[2] (better-auth.com)
[3] (github.com)
Citations:
- 1: https://www.better-auth.com/docs/plugins/organization?utm_source=openai
- 2: https://www.better-auth.com/docs/plugins/api-key?utm_source=openai
- 3: https://github.com/better-auth/better-auth/releases/tag/v1.5.0
🏁 Script executed:
# First, let's check if this file exists and look at the relevant lines
fd 'react.tsx' packages/auth/src/
# Get the actual imports and context
if [ -f "packages/auth/src/agentuity/react.tsx" ]; then
echo "=== File exists, showing context around lines 1-30 ==="
head -30 "packages/auth/src/agentuity/react.tsx"
fiRepository: agentuity/sdk
Length of output: 1272
Fix import path for apiKeyClient
Line 13 has an incorrect import path. According to better-auth v1.5.0 documentation, both organizationClient and apiKeyClient should be imported from better-auth/client/plugins:
import { organizationClient, apiKeyClient } from 'better-auth/client/plugins';The current import of apiKeyClient from @better-auth/api-key/client does not align with the official better-auth 1.5.0 plugin structure.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@packages/auth/src/agentuity/react.tsx` around lines 12 - 13, The import for
apiKeyClient is using the wrong package; replace the separate import of
apiKeyClient from '@better-auth/api-key/client' with a single named import from
'better-auth/client/plugins' so that both organizationClient and apiKeyClient
are imported together (update the import statement that currently references
organizationClient and apiKeyClient to: import { organizationClient,
apiKeyClient } from 'better-auth/client/plugins';).
There was a problem hiding this comment.
apiKeyClient is not exported from better-auth/client/plugins in v1.5.0 — it's confirmed absent from the barrel export. The current code importing from @better-auth/api-key/client is correct. No change needed.
There was a problem hiding this comment.
Seems like the humans are having a chat. I'll hop back into my burrow for now. If you need me again, just tag @coderabbitai in a new comment, and I'll come hopping out!
1 participant
Summary by CodeRabbit
New Features
Chores