Sync Convex Better Auth fixes and support Better Auth 1.6.5

[zbeyens]

Summary

• add the sync-convex-auth audit skill for fork/upstream review work
• bump @convex-dev/better-auth to 0.11.4
• make registerRoutes lazy by default and require explicit basePath for non-default auth routes
• support better-auth@1.6.5 across kitcn, example, docs, and auth fixtures
• add local structural wrappers around Convex Better Auth plugin/client surfaces so Better Auth 1.6.x compiles before upstream catches up
• fix auth adapter composite index matching and accept Better Auth 1.6 Where.mode

Breaking changes

1. Custom auth routes now need an explicit basePath when using registerRoutes.
2. Supported Better Auth version moves from 1.5.3 to 1.6.5.

// Before
import { registerRoutes } from "kitcn/auth/http";

registerRoutes(http, getAuth, {
  cors: {
    allowedOrigins: [process.env.SITE_URL!],
  },
});

// After
import { registerRoutes } from "kitcn/auth/http";

registerRoutes(http, getAuth, {
  basePath: "/custom-auth",
  cors: {
    allowedOrigins: [process.env.SITE_URL!],
  },
});

# Before
bun add better-auth@1.5.3

# After
bun add better-auth@1.6.5

Notes

• auth scaffold and runtime lanes still print Better Auth's upstream oidc-provider deprecation warning through @convex-dev/better-auth@0.11.4
• the branch keeps the current published Convex Better Auth runtime and bypasses the stale type coupling locally inside kitcn

Verification

• bun test packages/kitcn/src/cli/supported-dependencies.test.ts packages/kitcn/src/cli/registry/dependencies.test.ts
• bun test packages/kitcn/src/auth-client/package-entrypoints.integration.test.tsx packages/kitcn/src/react/auth-mutations.test.tsx
• bun typecheck
• bun run fixtures:sync
• bun run fixtures:check
• bun check

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
better-convex	Ready	Preview, Comment	Apr 16, 2026 4:53pm

[changeset-bot]

⚠️ No Changeset found

Latest commit: 3c7cc2e

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes changesets to release 2 packages

Name	Type
kitcn	Minor
@kitcn/resend	Minor

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 165e8fb35e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 909b10b426

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 544f0a9e72

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[zbeyens]

"No Changeset found"

Addressed: the PR now includes an updated unreleased changeset. The bot comment is stale and still reflects an earlier draft.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 85d34f9f3e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Reapply insensitive predicates after index selection

Filtering args.where with w.mode !== 'insensitive' drops case-insensitive eq/gt/gte/lt/lte clauses from index planning, but the indexed-path fallback filter in generateQuery only reapplies contains/ends_with/ne/not_in/starts_with. That means mixed queries (e.g. one indexed sensitive clause plus one mode: "insensitive" equality clause) can return rows that do not satisfy the insensitive condition, because that predicate is neither pushed down nor post-filtered. This is a correctness regression for Better Auth 1.6 Where.mode queries.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3c7cc2e78a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Normalize insensitive equality in gte/lte filters

The new case-insensitive path normalizes string comparisons, but gte/lte still use raw equality (value === w.value) before calling the normalized comparator. For mode: "insensitive", values that are equal except for casing (for example "ABC" vs "abc") fail both checks and get filtered out, which returns incorrect rows for insensitive range queries whenever this static filter path is used.

Useful? React with 👍 / 👎.