feat(next): add next integration package (@aura-stack/next)

[halvaradop]

Description

This pull request introduces the @aura-stack/next package, providing seamless integration with Next.js App Router. The package supports both server-side rendering (SSR) and client-side rendering (CSR) by exposing built-in utilities for each environment.

On the server side, the package provides access to the api object for executing authentication flows within server actions and route handlers. On the client side, it leverages the @aura-stack/react package to provide context and hooks for managing authentication state.

Note

The @aura-stack/next package builds on top of @aura-stack/react for client-side state management and adds additional utilities to handle server-side flows in Next.js.

Additionally, this PR includes a cleanup and reorganization of exports across multiple packages (core, elysia, express, hono, and react). The goal is to provide clearer and more minimal entry points, reducing noise and improving discoverability of public APIs.

As part of this effort, new structured entry points have been introduced across packages:

• /identity
• /shared
• /crypto

The @aura-stack/react package also introduces a /server entry point.

---

Key Changes

• Introduced @aura-stack/next integration package
• Updated apps/nextjs/app-router example to use the new package
• Cleaned up and simplified index entry points across core and integration packages
• Added /identity, /shared, and /crypto entry points across packages
• Added /server entry point to @aura-stack/react

---

Usage

Server-Side Rendering (SSR)

import { createAuth } from "@aura-stack/next"

export const auth = createAuth({
  oauth: ["github"],
})

export const { api, core } = auth

await api.getSession()
await api.signIn("github")

Client-Side Rendering (CSR)

import {
  createAuthClient,
  AuthProvider as AuraAuthProvider,
  type AuthProviderProps,
  useSession,
  useSignIn,
} from "@aura-stack/next/client"

export const authClient = createAuthClient({
  baseURL: "http://localhost:3000",
})

export const AuthProvider = ({
  children,
  initialSession,
}: Omit<AuthProviderProps, "client">) => {
  return (
    <AuraAuthProvider client={authClient} initialSession={initialSession}>
      {children}
    </AuraAuthProvider>
  )
}

const session = useSession()

Summary by CodeRabbit

• New Features

  • Added @aura-stack/next package with App Router integration and a consolidated client entry
  • New direct entry points: /identity, /crypto, /shared across packages

• Documentation

  • Added README and CHANGELOG for the Next.js package

• Refactor

  • Streamlined public APIs and reorganized exports for cleaner imports

• Style

  • Updated button styling (reduced border-radius) and minor auth UI class adjustments

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
auth	Skipped		Apr 12, 2026 10:04pm

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Reorganized auth exports and adapters: added a Next.js integration package, exposed auth instance handlers/core/api, removed several framework-specific server helpers, updated many import targets to new next/react entry points, and added identity/crypto/shared subpath re-exports across packages.

Changes

Cohort / File(s)	Summary
Elysia integration apps/elysia/src/lib/auth.ts, apps/elysia/src/lib/handler.ts	Re-exported handlers from auth instance; removed Elysia-specific toElysiaHandler helper.
New Next.js package packages/next/* package.json, src/index.ts, src/createAuth.ts, src/client.ts, src/lib/api.ts, README.md, CHANGELOG.md, tsconfig.json, tsup.config.ts, deno.json, src/_core/*	Added @aura-stack/next with createAuth wrapper returning { core, api }, client entry, Next server wrappers (api() using headers()/cookies()), docs, build and deno metadata.
Next.js app-router apps/nextjs/app-router/...	Switched to @aura-stack/next and new local libs, removed local lib/server.ts, switched handlers usage to core.handlers/api.*, updated hook/client imports, and removed several local auth type interfaces.
Other apps & routes apps/nextjs/pages-router/*, apps/astro/*, apps/react-router/*, apps/tanstack-start/*	Redirected auth imports to new lib paths, replaced @aura-stack/auth with @aura-stack/react/@aura-stack/next where appropriate, updated auth-client imports, and removed duplicated AuthProvider/Context types.
Core package API surface packages/core/src/index.ts, packages/core/*	Narrowed root exports (removed many value/type re-exports), added direct subpath entry points (identity, crypto, shared, client, types), renamed session/type aliases (GetSessionOptions, UpdateSessionOptions), and moved crypto helpers.
React package changes packages/react/src/*, packages/react/package.json, packages/react/tsup.config.ts, packages/react/deno.json	Added re-export entrypoints (oauth, identity, crypto, shared, server), exposed createAuthClient and related types, adjusted "use client" placements and build/deno export mappings.
Shared/core re-exports packages/*/src/_core/*, packages/*/deno.json, packages/*/package.json	Added _core re-export entrypoints (identity, crypto, shared) across express/hono/elysia/next/react packages and updated package manifests to expose those subpaths.
Tests & config tweaks various tests, apps/vercel/tsconfig.json, minor types	Updated tests to import crypto/shared helpers from new modules, adjusted tsconfig excludes, and small type/import reworks across tests and helpers.

Sequence Diagram(s)

sequenceDiagram
    participant Browser
    participant NextServer as Next.js Server
    participant NextAPI as Next API (packages/next.api)
    participant AuthCore as Auth Core (createAuth core / handlers / api)
    participant CookieStore as Next CookieStore

    Browser->>NextServer: request SSR or sign-in action
    NextServer->>NextAPI: call api.getSession() or api.signIn() (reads headers(), cookies())
    NextAPI->>AuthCore: forward headers/cookies to auth.api.getSession / auth.api.signIn
    AuthCore-->>NextAPI: return session or sign-in response (signInURL / JSON)
    NextAPI->>CookieStore: apply/delete Set-Cookie values from response headers
    NextAPI-->>NextServer: return session data or redirect
    NextServer-->>Browser: render or redirect per response

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• chore(examples): add Elysia integration app #98 — touches the same Elysia auth bridge files and related export/handler changes.
• feat(core): add ALL HTTP handler to centralize GET and POST handling #115 — related to exposing handlers and removing framework-specific handler wrappers.
• feat(core): add experimental updateSession API (unstable) #129 — aligns with added/reshaped handlers (e.g., PATCH/updateSession) and handler surface changes.

Suggested labels

refactor

Poem

🐇 I hopped through exports, bright and quick,
I ferried handlers in a nimble flick.
Next burrows sprung, core paths rearranged,
Old helpers trimmed, new doors exchanged.
A carrot of tidy code — fresh and picked!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat(next): add next integration package (@aura-stack/next)' clearly and specifically describes the main change: introducing a new Next.js integration package. It's concise, uses conventional commit format, and accurately reflects the primary objective of the PR.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/add-next-pkg

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 7

🧹 Nitpick comments (1)

apps/nextjs/app-router/src/lib/auth.ts (1)

6-10: Avoid hardcoded baseURL in auth bootstrap.

Using a fixed localhost URL can break non-local deployments and makes env-specific config harder to manage.

♻️ Proposed refactor

+const appUrl = process.env.NEXT_PUBLIC_APP_URL ?? process.env.APP_URL ?? "http://localhost:3000"
+
 export const { api, core } = createAuth({
     oauth,
     basePath: "/api/auth",
-    baseURL: "http://localhost:3000",
+    baseURL: appUrl,
 })

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/nextjs/app-router/src/lib/auth.ts` around lines 6 - 10, The auth
bootstrap currently hardcodes baseURL to "http://localhost:3000" in the
createAuth call (exported const { api, core }) which will fail in non-local
environments; change createAuth to read the host from an environment variable
(e.g., process.env.NEXT_PUBLIC_BASE_URL or process.env.NEXTAUTH_URL) and fall
back to a safe default or omit baseURL so it uses relative paths in production,
updating the createAuth invocation to use that env var instead of the literal
string.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@packages/next/README.md`:
- Around line 26-27: The feature list mentions withAuth and toHandler but the
package actually exposes core.handlers in the quick start/API; update the README
bullets to match the exported API by either replacing "withAuth" and "toHandler"
with "core.handlers" (and a short description like "simple handler bridge for
app/api routes") or explicitly document that withAuth/toHandler are aliases that
map to core.handlers; ensure you reference the existing exported symbol
core.handlers and the wrapper names (withAuth, toHandler) so readers know which
API to use.

In `@packages/next/src/createAuth.ts`:
- Around line 1-8: The module createAuth.ts imports directly from
"@aura-stack/auth" (see the createAuth import at top of file), but the next
package's package.json does not list "@aura-stack/auth" as a direct dependency;
add "@aura-stack/auth": "workspace:*" to the dependencies of the
`@aura-stack/next` package.json alongside the existing "@aura-stack/react" entry
so the direct import resolves correctly.

In `@packages/next/src/lib/api.ts`:
- Around line 78-87: The sign-out flow currently always calls redirect(...) when
response.status === 202, which ignores callers passing redirect: false; update
the logic in the signOut function (the block that inspects response.status ===
202 and calls redirect(options?.redirectTo ?? "/")) to only call redirect when
options?.redirect !== false (i.e., respect redirect: false), while still
performing the cookie deletion and using options?.redirectTo when redirect is
allowed.

In `@packages/next/src/oauth/index.ts`:
- Line 1: The re-export path in the top-level export statement is invalid;
update the module specifier in packages/next/src/oauth/index.ts from
"@aura-stack/auth/oauth/index" to "@aura-stack/auth/oauth" so it matches the
package's exported pattern (use the same import used by other framework
packages), ensuring the export line correctly re-exports the OAuth providers.

In `@packages/react/src/index.tsx`:
- Line 5: You changed the public type surface by exporting only User, Session,
AuthConfig, AuthInstance from `@/`@types/core.ts which can break consumers;
restore backward compatibility by re-exporting any previously published type
names as aliases (e.g., export type { OldTypeName as OldTypeName } from "...")
or reintroduce the removed/renamed types in packages/react/src/index.tsx, and if
you intentionally removed/renamed types, prepare a semver-major bump and add a
clear migration note in the release notes describing the old→new type mappings
and examples for updating consumer code.
- Line 4: The package export for OAuth is missing entries so imports like the
one in packages/react/src/index.tsx (exporting builtInOAuthProviders and type
BuiltInOAuthProvider from "@aura-stack/auth/oauth/index") fail; update the
exports map in packages/core/package.json to add explicit entries for "./oauth"
and "./oauth/index" (pointing to the OAuth entry file and its types) so the
symbols builtInOAuthProviders and BuiltInOAuthProvider are resolvable from the
`@aura-stack/auth` package.

In `@packages/react/src/oauth/index.ts`:
- Line 1: Replace the deep-import string "@aura-stack/auth/oauth/index" with the
package's public subpath export (e.g., "@aura-stack/auth/oauth") so tsup can
resolve it; update the export line in packages/react/src/oauth/index.ts (the
export * from "@aura-stack/auth/oauth/index" statement) and fix the identical
deep-import occurrence in the other file where the same string is used (the
export in packages/react/src/index.tsx) to use the public "/oauth" subpath
instead of "/index".

---

Nitpick comments:
In `@apps/nextjs/app-router/src/lib/auth.ts`:
- Around line 6-10: The auth bootstrap currently hardcodes baseURL to
"http://localhost:3000" in the createAuth call (exported const { api, core })
which will fail in non-local environments; change createAuth to read the host
from an environment variable (e.g., process.env.NEXT_PUBLIC_BASE_URL or
process.env.NEXTAUTH_URL) and fall back to a safe default or omit baseURL so it
uses relative paths in production, updating the createAuth invocation to use
that env var instead of the literal string.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 1016b27f-b6ae-47c5-a0b5-f113a5fed639

📥 Commits

Reviewing files that changed from the base of the PR and between 1c49b4f and 1ec0bb1.

⛔ Files ignored due to path filters (2)

• bun.lock is excluded by !**/*.lock
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (38)

• apps/elysia/src/lib/auth.ts
• apps/elysia/src/lib/handler.ts
• apps/nextjs/app-router/package.json
• apps/nextjs/app-router/src/@types/props.ts
• apps/nextjs/app-router/src/@types/types.ts
• apps/nextjs/app-router/src/app/api/auth/[...aura]/route.ts
• apps/nextjs/app-router/src/components/auth-client.tsx
• apps/nextjs/app-router/src/components/auth-server.tsx
• apps/nextjs/app-router/src/components/header.tsx
• apps/nextjs/app-router/src/components/ui/button.tsx
• apps/nextjs/app-router/src/contexts/auth.tsx
• apps/nextjs/app-router/src/lib/auth-client.ts
• apps/nextjs/app-router/src/lib/auth.ts
• apps/nextjs/app-router/src/lib/server.ts
• apps/vercel/tsconfig.json
• packages/core/src/@types/index.ts
• packages/core/src/index.ts
• packages/next/CHANGELOG.md
• packages/next/README.md
• packages/next/deno.json
• packages/next/package.json
• packages/next/src/@types/core.ts
• packages/next/src/client.ts
• packages/next/src/createAuth.ts
• packages/next/src/index.ts
• packages/next/src/lib/api.ts
• packages/next/src/oauth/index.ts
• packages/next/tsconfig.json
• packages/next/tsup.config.ts
• packages/react/package.json
• packages/react/src/@types/core.ts
• packages/react/src/@types/index.ts
• packages/react/src/@types/types.ts
• packages/react/src/context.tsx
• packages/react/src/hooks.ts
• packages/react/src/index.tsx
• packages/react/src/oauth/index.ts
• packages/react/test/hooks.test.tsx

💤 Files with no reviewable changes (3)

• apps/elysia/src/lib/handler.ts
• apps/nextjs/app-router/src/@types/types.ts
• apps/nextjs/app-router/src/lib/server.ts

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (3)

packages/core/test/types.test-d.ts (1)

14-15: Keep the public API test on public entrypoints.

Importing OAuthProviderCredentials from @/@types/oauth.ts bypasses the published export surface, so this test will keep passing even if consumers can no longer import that type. If this file is meant to guard the package API, point it at the public subpath instead.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/core/test/types.test-d.ts` around lines 14 - 15, The test imports
OAuthProviderCredentials from an internal path which bypasses the package export
surface; update the import in types.test-d.ts to reference the public
export/subpath that re-exports OAuthProviderCredentials (i.e., change the import
of OAuthProviderCredentials from "@/@types/oauth.ts" to the package's public
entrypoint or public subpath that exposes that type) so the test actually
validates the published API surface.

packages/core/src/client/client.ts (1)

108-113: Fix misleading CSRF error message in updateSession.

On Line 112, the thrown message references sign-out, but this branch is session update. This makes logs harder to trust.

Proposed patch

-                throw new AuthClientError("Failed to fetch CSRF token for sign-out.")
+                throw new AuthClientError("Failed to fetch CSRF token for session update.")

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/core/src/client/client.ts` around lines 108 - 113, The thrown
AuthClientError message in updateSession incorrectly references "sign-out";
update the error text thrown when getCSRFToken returns falsy to reflect a
session update operation (e.g., "Failed to fetch CSRF token for session
update.") so logs accurately point to updateSession and not sign-out; change the
message in the branch inside the updateSession function where getCSRFToken is
called and AuthClientError is thrown.

packages/core/src/client/index.ts (1)

1-1: Consider a temporary compatibility bridge for removed client exports.

This entrypoint now narrows the public surface. If downstream consumers still import removed symbols from this path, they’ll break immediately. Consider one deprecation cycle with compatibility re-exports.

Compatibility bridge option

-export { createAuthClient, type AuthClientOptions } from "@/client/client.ts"
+export {
+  createAuthClient,
+  createClient,
+  type AuthClientOptions,
+  type AuthClient,
+  type SignInOptions,
+  type SignOutOptions,
+} from "@/client/client.ts"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/core/src/client/index.ts` at line 1, The new index.ts export narrows
the public surface by only exporting createAuthClient and AuthClientOptions and
may break consumers importing previously exported symbols; add a temporary
compatibility bridge by re-exporting the old/removed symbols from this
entrypoint (or from their new locations) under the same names so downstream code
keeps working, and mark them as deprecated in comments/JS docstrings so
consumers migrate; specifically update packages/core/src/client/index.ts to
re-export any formerly-public functions/classes/types (in addition to export {
createAuthClient, type AuthClientOptions }) and include a short deprecation note
for each re-export to be removed in the next major release.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@packages/core/src/index.ts`:
- Around line 1-2: The change removed previous root-level re-exports and will
break existing imports from the package root; restore compatibility by
reintroducing the original root-facing exports while keeping the new explicit
paths. Specifically, ensure the package still re-exports createAuth and the
types User, Session, AuthConfig, AuthInstance from the original root entry (so
imports like import { createAuth } from "@aura-stack/auth" continue to work)
while keeping the new "@/createAuth.ts" and "@/@types/index.ts" exports; you can
add compatibility re-exports that forward to the new symbols (retain export {
createAuth } and export type { User, Session, AuthConfig, AuthInstance } at the
root) and document they are transitional for a future breaking release.

In `@packages/react/tsup.config.ts`:
- Line 7: The tsup multi-entry configuration uses entry: ["src",
"!src/index.ts"] but the actual root entry file is src/index.tsx, so the
negation doesn't exclude the intended file; update the exclusion pattern to
"!src/index.tsx" (or remove the negation if you don't intend to exclude the
root) in the tsup config entry array to ensure the correct file is excluded from
the multi-entry build.

---

Nitpick comments:
In `@packages/core/src/client/client.ts`:
- Around line 108-113: The thrown AuthClientError message in updateSession
incorrectly references "sign-out"; update the error text thrown when
getCSRFToken returns falsy to reflect a session update operation (e.g., "Failed
to fetch CSRF token for session update.") so logs accurately point to
updateSession and not sign-out; change the message in the branch inside the
updateSession function where getCSRFToken is called and AuthClientError is
thrown.

In `@packages/core/src/client/index.ts`:
- Line 1: The new index.ts export narrows the public surface by only exporting
createAuthClient and AuthClientOptions and may break consumers importing
previously exported symbols; add a temporary compatibility bridge by
re-exporting the old/removed symbols from this entrypoint (or from their new
locations) under the same names so downstream code keeps working, and mark them
as deprecated in comments/JS docstrings so consumers migrate; specifically
update packages/core/src/client/index.ts to re-export any formerly-public
functions/classes/types (in addition to export { createAuthClient, type
AuthClientOptions }) and include a short deprecation note for each re-export to
be removed in the next major release.

In `@packages/core/test/types.test-d.ts`:
- Around line 14-15: The test imports OAuthProviderCredentials from an internal
path which bypasses the package export surface; update the import in
types.test-d.ts to reference the public export/subpath that re-exports
OAuthProviderCredentials (i.e., change the import of OAuthProviderCredentials
from "@/@types/oauth.ts" to the package's public entrypoint or public subpath
that exposes that type) so the test actually validates the published API
surface.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 7daf6d1c-07bb-4dd3-9409-c5e511691024

📥 Commits

Reviewing files that changed from the base of the PR and between 1ec0bb1 and 74e2edf.

⛔ Files ignored due to path filters (3)

• bun.lock is excluded by !**/*.lock
• deno.lock is excluded by !**/*.lock
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (92)

• apps/astro/package.json
• apps/astro/src/@types/props.ts
• apps/astro/src/@types/types.ts
• apps/astro/src/contexts/auth.tsx
• apps/astro/src/lib/auth-client.ts
• apps/astro/src/lib/auth.ts
• apps/astro/src/lib/server.ts
• apps/astro/src/pages/api/auth/[...all].ts
• apps/nextjs/app-router/src/components/auth-client.tsx
• apps/nextjs/app-router/src/components/header.tsx
• apps/nextjs/app-router/src/contexts/auth.tsx
• apps/nextjs/app-router/src/lib/auth.ts
• apps/nextjs/pages-router/package.json
• apps/nextjs/pages-router/src/@types/props.ts
• apps/nextjs/pages-router/src/@types/types.ts
• apps/nextjs/pages-router/src/components/auth-client.tsx
• apps/nextjs/pages-router/src/contexts/auth.tsx
• apps/nextjs/pages-router/src/lib/auth-client.ts
• apps/nextjs/pages-router/src/lib/auth.ts
• apps/nextjs/pages-router/src/pages/_app.tsx
• apps/nextjs/pages-router/src/pages/api/auth/[...aura].ts
• apps/nextjs/pages-router/src/pages/index.tsx
• apps/react-router/app/@types/props.ts
• apps/react-router/app/@types/types.ts
• apps/react-router/app/actions/auth-server.ts
• apps/react-router/app/contexts/auth.tsx
• apps/react-router/app/lib/auth-client.ts
• apps/react-router/app/lib/auth.ts
• apps/react-router/app/routes/api.auth.$.tsx
• apps/react-router/package.json
• apps/tanstack-start/package.json
• apps/tanstack-start/src/@types/props.ts
• apps/tanstack-start/src/@types/types.ts
• apps/tanstack-start/src/lib/auth-client.ts
• apps/tanstack-start/src/lib/auth-server.ts
• apps/tanstack-start/src/lib/auth.ts
• apps/tanstack-start/src/routes/api/auth.$.ts
• packages/core/CHANGELOG.md
• packages/core/deno.json
• packages/core/package.json
• packages/core/src/@types/config.ts
• packages/core/src/@types/session.ts
• packages/core/src/actions/callback/callback.ts
• packages/core/src/actions/callback/userinfo.ts
• packages/core/src/actions/csrfToken/csrfToken.ts
• packages/core/src/actions/signIn/authorization-url.ts
• packages/core/src/api/credentials.ts
• packages/core/src/client/client.ts
• packages/core/src/client/index.ts
• packages/core/src/index.ts
• packages/core/src/session/stateless.ts
• packages/core/src/shared/crypto.ts
• packages/core/src/shared/identity.ts
• packages/core/src/shared/index.ts
• packages/core/test/actions/callback/access-token.test.ts
• packages/core/test/actions/callback/callback.test.ts
• packages/core/test/actions/session/session.test.ts
• packages/core/test/actions/signOut/signOut.test.ts
• packages/core/test/actions/updateSession/updateSession.test.ts
• packages/core/test/api/updateSession.test.ts
• packages/core/test/env.test.ts
• packages/core/test/jose.test.ts
• packages/core/test/secure.test.ts
• packages/core/test/types.test-d.ts
• packages/hono/src/createAuth.ts
• packages/hono/src/index.ts
• packages/hono/src/oauth/index.ts
• packages/next/CHANGELOG.md
• packages/next/README.md
• packages/next/deno.json
• packages/next/package.json
• packages/next/src/@types/index.ts
• packages/next/src/_core/crypto.ts
• packages/next/src/_core/identity.ts
• packages/next/src/_core/shared.ts
• packages/next/src/client.ts
• packages/next/src/createAuth.ts
• packages/next/src/index.ts
• packages/next/src/lib/api.ts
• packages/next/src/oauth/index.ts
• packages/react/deno.json
• packages/react/package.json
• packages/react/src/@types/core.ts
• packages/react/src/_core/crypto.ts
• packages/react/src/_core/identity.ts
• packages/react/src/_core/shared.ts
• packages/react/src/context.tsx
• packages/react/src/hooks.ts
• packages/react/src/index.tsx
• packages/react/src/oauth/index.ts
• packages/react/src/server.ts
• packages/react/tsup.config.ts

💤 Files with no reviewable changes (11)

• apps/astro/package.json
• apps/tanstack-start/package.json
• apps/react-router/package.json
• apps/nextjs/pages-router/package.json
• apps/tanstack-start/src/@types/types.ts
• apps/tanstack-start/src/@types/props.ts
• apps/nextjs/pages-router/src/@types/types.ts
• apps/react-router/app/@types/types.ts
• apps/astro/src/@types/types.ts
• apps/astro/src/@types/props.ts
• packages/hono/src/index.ts

✅ Files skipped from review due to trivial changes (46)

• apps/tanstack-start/src/routes/api/auth.$.ts
• apps/nextjs/pages-router/src/components/auth-client.tsx
• apps/nextjs/pages-router/src/pages/api/auth/[...aura].ts
• packages/core/src/session/stateless.ts
• packages/core/test/actions/signOut/signOut.test.ts
• packages/core/test/env.test.ts
• packages/core/src/actions/signIn/authorization-url.ts
• packages/core/test/secure.test.ts
• packages/core/test/actions/callback/access-token.test.ts
• packages/next/src/_core/shared.ts
• apps/react-router/app/routes/api.auth.$.tsx
• packages/react/src/oauth/index.ts
• apps/tanstack-start/src/lib/auth-server.ts
• packages/hono/src/oauth/index.ts
• apps/astro/src/contexts/auth.tsx
• apps/nextjs/pages-router/src/lib/auth-client.ts
• packages/core/src/api/credentials.ts
• apps/react-router/app/contexts/auth.tsx
• packages/core/test/actions/session/session.test.ts
• packages/core/test/actions/updateSession/updateSession.test.ts
• packages/next/CHANGELOG.md
• apps/react-router/app/lib/auth.ts
• packages/core/src/actions/csrfToken/csrfToken.ts
• packages/react/src/_core/identity.ts
• packages/react/src/@types/core.ts
• packages/next/src/@types/index.ts
• packages/core/test/actions/callback/callback.test.ts
• packages/core/src/actions/callback/userinfo.ts
• apps/nextjs/pages-router/src/contexts/auth.tsx
• packages/hono/src/createAuth.ts
• packages/core/test/jose.test.ts
• apps/astro/src/lib/auth.ts
• apps/nextjs/app-router/src/contexts/auth.tsx
• packages/core/src/shared/index.ts
• packages/core/CHANGELOG.md
• packages/core/test/api/updateSession.test.ts
• apps/astro/src/lib/server.ts
• packages/core/src/actions/callback/callback.ts
• apps/astro/src/pages/api/auth/[...all].ts
• packages/next/src/client.ts
• packages/next/README.md
• packages/core/src/@types/config.ts
• apps/nextjs/pages-router/src/@types/props.ts
• packages/react/deno.json
• packages/next/package.json
• packages/next/src/_core/identity.ts

🚧 Files skipped from review as they are similar to previous changes (11)

• packages/react/src/hooks.ts
• packages/next/src/oauth/index.ts
• apps/nextjs/app-router/src/components/header.tsx
• packages/next/src/index.ts
• apps/nextjs/app-router/src/components/auth-client.tsx
• packages/react/src/context.tsx
• apps/nextjs/app-router/src/lib/auth.ts
• packages/next/src/createAuth.ts
• packages/react/src/index.tsx
• packages/next/deno.json
• packages/next/src/lib/api.ts

[coderabbitai]

Actionable comments posted: 5

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@packages/elysia/CHANGELOG.md`:
- Line 13: Fix the grammar and typos in the changelog line: change "Removed and
clean up the types and functions exported from the index `/` entry point to
reduce import nose and introduced `/identity`, `/crypto` and `/shared` as direct
entry points for specific utilities. [`#141`]" to a corrected sentence referencing
the same symbols (index `/`, `/identity`, `/crypto`, `/shared`, PR `#141`); for
example use past-tense and correct wording like "Removed and cleaned up the
types and functions exported from the index `/` entry point to reduce import
noise, and introduced `/identity`, `/crypto`, and `/shared` as direct entry
points for specific utilities." Ensure commas and articles are correct and
replace "import nose" with "import noise" and "clean up" with "cleaned up."

In `@packages/express/CHANGELOG.md`:
- Line 13: Update the changelog entry that currently reads "Removed and clean up
the types and functions exported from the index `/` entry point to reduce import
nose..." by fixing the typo ("import nose" → "import noise") and moving this
bullet out of the "### Added" section into the appropriate "### Changed" or "###
Removed" section to reflect the API removal; ensure the sentence references the
new direct entry points (`/identity`, `/crypto`, `/shared`) and retains the PR
link (`#141`).

In `@packages/express/src/index.ts`:
- Around line 2-3: You removed the root export for builtInOAuthProviders causing
consumers that import builtInOAuthProviders from the package root to break;
restore compatibility by either re-exporting builtInOAuthProviders from the
package root (add export { builtInOAuthProviders } from "@/lib/auth/providers"
alongside the existing exports toExpressResponse and toWebRequest in the
package's index) or update the consumer to import builtInOAuthProviders directly
from its module (the providers module) wherever it currently imports
builtInOAuthProviders from the package root.

In `@packages/hono/CHANGELOG.md`:
- Line 13: Update the release-note bullet that reads "Removed and clean up the
types and functions exported from the index `/` entry point to reduce import
nose and introduced `/identity`, `/crypto` and `/shared` as direct entry points
for specific utilities. [`#141`]" to correct grammar and spelling; replace it with
a sentence like: "Removed and cleaned up the types and functions exported from
the index (`/`) entry point to reduce import noise, and introduced `/identity`,
`/crypto`, and `/shared` as direct entry points for specific utilities. [`#141`]".
Ensure the entry references the same index and entry-point names (`/`,
`/identity`, `/crypto`, `/shared`) and PR number (`#141`).

In `@packages/react/CHANGELOG.md`:
- Line 13: Update the changelog sentence to fix tense and typos: replace
"Removed and clean up the types and functions exported from the index `/` entry
point to reduce import nose and introduced `/identity`, `/crypto` and `/shared`
as direct entry points for specific utilities. [`#141`](...)" with a corrected
version such as "Removed and cleaned up the types and functions exported from
the index (`/`) entry point to reduce import noise, and introduced `/identity`,
`/crypto`, and `/shared` as direct entry points for specific utilities (`#141`)";
ensure the backticks around `/`, `/identity`, `/crypto`, and `/shared` remain
and the PR reference/number is preserved.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e1b78e5e-d061-4ed3-a29e-44af5bc16915

📥 Commits

Reviewing files that changed from the base of the PR and between 5428167 and be87e8d.

⛔ Files ignored due to path filters (1)

• bun.lock is excluded by !**/*.lock

📒 Files selected for processing (27)

• packages/elysia/CHANGELOG.md
• packages/elysia/deno.json
• packages/elysia/package.json
• packages/elysia/src/_core/crypto.ts
• packages/elysia/src/_core/identity.ts
• packages/elysia/src/_core/shared.ts
• packages/elysia/src/createAuth.ts
• packages/elysia/src/index.ts
• packages/elysia/src/oauth/index.ts
• packages/express/CHANGELOG.md
• packages/express/deno.json
• packages/express/package.json
• packages/express/src/_core/crypto.ts
• packages/express/src/_core/identity.ts
• packages/express/src/_core/shared.ts
• packages/express/src/createAuth.ts
• packages/express/src/index.ts
• packages/express/test/types.test-d.ts
• packages/hono/CHANGELOG.md
• packages/hono/deno.json
• packages/hono/package.json
• packages/hono/src/_core/crypto.ts
• packages/hono/src/_core/identity.ts
• packages/hono/src/_core/shared.ts
• packages/hono/src/index.ts
• packages/next/CHANGELOG.md
• packages/react/CHANGELOG.md

✅ Files skipped from review due to trivial changes (16)

• packages/hono/src/_core/shared.ts
• packages/elysia/src/oauth/index.ts
• packages/express/src/_core/identity.ts
• packages/express/src/_core/shared.ts
• packages/elysia/src/_core/identity.ts
• packages/elysia/src/createAuth.ts
• packages/hono/src/_core/identity.ts
• packages/hono/src/_core/crypto.ts
• packages/next/CHANGELOG.md
• packages/express/src/_core/crypto.ts
• packages/express/test/types.test-d.ts
• packages/hono/deno.json
• packages/elysia/deno.json
• packages/express/src/createAuth.ts
• packages/express/deno.json
• packages/elysia/src/_core/crypto.ts

🚧 Files skipped from review as they are similar to previous changes (1)

• packages/hono/src/index.ts