You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This pull request prepares the @aura-stack/auth and @aura-stack/jose packages for their first stable release by publishing release candidate (RC) versions and tagging them with rc on npm.
Note
The @aura-stack/auth package encountered issues related to module augmentation. These issues occurred because the interfaces intended for augmentation were composed using utility types such as Pick and Omit, which cannot be safely augmented and led to unexpected type behavior once the package was published to npm.
Additionally, other issues became visible only after publishing the packages, which explains why more release candidate versions were published than originally expected.
In parallel, the package.json files for both packages were updated to improve metadata and publishing configuration, including:
Adding homepage and repository links
Defining publishConfig
Refining other package configuration options to better support publishing and discoverability
After debugging the unexpected behavior in @aura-stack/auth and @aura-stack/jose, I discovered that the issue stems from how the secret key is provided to the createAuth function. While Aura Auth defaults to using the AURA_AUTH_SECRET environment variable, this value is inaccessible to the client-side instance of the auth consumer; therefore, the variable must be prefixed with NEXT_PUBLIC_ to be properly bundled. To prevent similar confusion in the future, we should implement more descriptive error messages to clarify when a required secret is missing or inaccessible on the client.
The error was caused by Turborepo not inferring the environment variables configured in the Vercel dashboard; this occurred because these variables must be explicitly added as inputs in the turbo.json configuration file to be recognized during the build process. 5f6581d
halvaradop
added
the
chore
Maintenance tasks, tooling, dependency updates, or housekeeping changes.
label
Jan 23, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
choreMaintenance tasks, tooling, dependency updates, or housekeeping changes.
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
halvaradop
added
the
chore
Description
This pull request prepares the
@aura-stack/authand@aura-stack/josepackages for their first stable release by publishing release candidate (RC) versions and tagging them withrcon npm.Note
The
@aura-stack/authpackage encountered issues related to module augmentation. These issues occurred because the interfaces intended for augmentation were composed using utility types such asPickandOmit, which cannot be safely augmented and led to unexpected type behavior once the package was published to npm.Additionally, other issues became visible only after publishing the packages, which explains why more release candidate versions were published than originally expected.
In parallel, the
package.jsonfiles for both packages were updated to improve metadata and publishing configuration, including:homepageandrepositorylinkspublishConfig