Fix Session.id type and restore nested passkey routes

- Change Session.id from number to string to match DB bigint type
- Restore me.passkeys.{list,rename,delete} nested route structure
- Remove unnecessary String() conversion in logout procedure
- Auto-formatted procedure files

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

apps/api-server/src/router.ts

@@ -9,7 +9,11 @@ import { resendVerificationEmail as resendVerificationHandler } from "./procedur
 import { resetPassword as resetPasswordHandler } from "./procedures/auth/reset-password.js";
 import { signup as signupHandler } from "./procedures/auth/signup.js";
 import { verifyEmail as verifyEmailHandler } from "./procedures/auth/verify-email.js";
-import { authMiddleware, loginRequestMiddleware, os } from "./procedures/base.js";
+import {
+  authMiddleware,
+  loginRequestMiddleware,
+  os,
+} from "./procedures/base.js";
 import {
   createAuthenticationOptions as createAuthOptions,
   createRegistrationOptions as createRegOptions,
@@ -39,7 +43,11 @@ const createRegistrationOptions =
 
       // For signup flow, we don't have a user yet
       // The user will be created when signup is called with the passkeyInfo
-      const rpInfo = getRPInfo(context.origin, context.allowedOrigins, context.rpName);
+      const rpInfo = getRPInfo(
+        context.origin,
+        context.allowedOrigins,
+        context.rpName,
+      );
 
       const result = await createRegOptions(context.db, rpInfo, { email });
       return result;
@@ -51,14 +59,22 @@ const verifyRegistration = os.auth.webauthn.verifyRegistration
   .handler(async ({ input, context }) => {
     const { challengeId, response } = input;
 
-    const rpInfo = getRPInfo(context.origin, context.allowedOrigins, context.rpName);
+    const rpInfo = getRPInfo(
+      context.origin,
+      context.allowedOrigins,
+      context.rpName,
+    );
     await verifyReg(context.db, rpInfo, context.user.id, challengeId, response);
   });
 
 const createAuthenticationOptions = os.auth.webauthn.createAuthenticationOptions
   .use(loginRequestMiddleware)
   .handler(async ({ context }) => {
-    const rpInfo = getRPInfo(context.origin, context.allowedOrigins, context.rpName);
+    const rpInfo = getRPInfo(
+      context.origin,
+      context.allowedOrigins,
+      context.rpName,
+    );
     const result = await createAuthOptions(context.db, rpInfo, context.user.id);
     return result;
   });
@@ -68,7 +84,11 @@ const verifyAuthentication = os.auth.webauthn.verifyAuthentication
   .handler(async ({ input, context }) => {
     const { challengeId, response } = input;
 
-    const rpInfo = getRPInfo(context.origin, context.allowedOrigins, context.rpName);
+    const rpInfo = getRPInfo(
+      context.origin,
+      context.allowedOrigins,
+      context.rpName,
+    );
     const verified = await verifyAuth(
       context.db,
       rpInfo,
@@ -89,13 +109,17 @@ const meGet = os.me.get.use(authMiddleware).handler(async () => {
   throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
 });
 
-const setupProfile = os.me.setupProfile.use(authMiddleware).handler(async () => {
-  throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
-});
+const setupProfile = os.me.setupProfile
+  .use(authMiddleware)
+  .handler(async () => {
+    throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
+  });
 
-const updateProfile = os.me.updateProfile.use(authMiddleware).handler(async () => {
-  throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
-});
+const updateProfile = os.me.updateProfile
+  .use(authMiddleware)
+  .handler(async () => {
+    throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
+  });
 
 const meDelete = os.me.delete.use(authMiddleware).handler(async () => {
   throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
@@ -105,7 +129,7 @@ const setPassword = os.me.setPassword.use(authMiddleware).handler(async () => {
   throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
 });
 
-const listPasskeys = os.me.listPasskeys
+const passkeysList = os.me.passkeys.list
   .use(authMiddleware)
   .handler(async ({ context }) => {
     const passkeys = await getUserPasskeys(context.db, context.user.id);
@@ -118,22 +142,7 @@ const listPasskeys = os.me.listPasskeys
     }));
   });
 
-const createPasskey = os.me.createPasskey
-  .use(authMiddleware)
-  .handler(async ({ input, context }) => {
-    const { name: _name } = input;
-
-    const rpInfo = getRPInfo(context.origin, context.allowedOrigins, context.rpName);
-    const result = await createRegOptions(context.db, rpInfo, {
-      id: context.user.id,
-      email: context.user.email,
-      displayName: context.user.displayName,
-    });
-
-    return result;
-  });
-
-const renamePasskey = os.me.renamePasskey
+const passkeysRename = os.me.passkeys.rename
   .use(authMiddleware)
   .handler(async ({ input, context }) => {
     const { passkeyId, name } = input;
@@ -146,7 +155,7 @@ const renamePasskey = os.me.renamePasskey
       .execute();
   });
 
-const deletePasskey = os.me.deletePasskey
+const passkeysDelete = os.me.passkeys.delete
   .use(authMiddleware)
   .handler(async ({ input, context }) => {
     const { passkeyId } = input;
@@ -177,33 +186,45 @@ const deletePasskey = os.me.deletePasskey
       .execute();
   });
 
-const listSessions = os.me.listSessions.use(authMiddleware).handler(async () => {
-  throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
-});
+const listSessions = os.me.listSessions
+  .use(authMiddleware)
+  .handler(async () => {
+    throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
+  });
 
-const revokeSession = os.me.revokeSession.use(authMiddleware).handler(async () => {
-  throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
-});
+const revokeSession = os.me.revokeSession
+  .use(authMiddleware)
+  .handler(async () => {
+    throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
+  });
 
-const revokeAllSessions = os.me.revokeAllSessions.use(authMiddleware).handler(async () => {
-  throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
-});
+const revokeAllSessions = os.me.revokeAllSessions
+  .use(authMiddleware)
+  .handler(async () => {
+    throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
+  });
 
-const getDeviceInfo = os.me.getDeviceInfo.use(authMiddleware).handler(async () => {
-  throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
-});
+const getDeviceInfo = os.me.getDeviceInfo
+  .use(authMiddleware)
+  .handler(async () => {
+    throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
+  });
 
 const trustDevice = os.me.trustDevice.use(authMiddleware).handler(async () => {
   throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
 });
 
-const listTrustedDevices = os.me.listTrustedDevices.use(authMiddleware).handler(async () => {
-  throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
-});
+const listTrustedDevices = os.me.listTrustedDevices
+  .use(authMiddleware)
+  .handler(async () => {
+    throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
+  });
 
-const untrustDevice = os.me.untrustDevice.use(authMiddleware).handler(async () => {
-  throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
-});
+const untrustDevice = os.me.untrustDevice
+  .use(authMiddleware)
+  .handler(async () => {
+    throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
+  });
 
 const revokeAllTrustedDevices = os.me.revokeAllTrustedDevices
   .use(authMiddleware)
@@ -237,34 +258,48 @@ const orgsLeave = os.orgs.leave.use(authMiddleware).handler(async () => {
 });
 
 // Orgs members procedures
-const membersList = os.orgs.members.list.use(authMiddleware).handler(async () => {
-  throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
-});
+const membersList = os.orgs.members.list
+  .use(authMiddleware)
+  .handler(async () => {
+    throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
+  });
 
-const membersUpdateRole = os.orgs.members.updateRole.use(authMiddleware).handler(async () => {
-  throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
-});
+const membersUpdateRole = os.orgs.members.updateRole
+  .use(authMiddleware)
+  .handler(async () => {
+    throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
+  });
 
-const membersRemove = os.orgs.members.remove.use(authMiddleware).handler(async () => {
-  throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
-});
+const membersRemove = os.orgs.members.remove
+  .use(authMiddleware)
+  .handler(async () => {
+    throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
+  });
 
 // Orgs invites procedures
-const invitesList = os.orgs.invites.list.use(authMiddleware).handler(async () => {
-  throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
-});
+const invitesList = os.orgs.invites.list
+  .use(authMiddleware)
+  .handler(async () => {
+    throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
+  });
 
-const invitesCreate = os.orgs.invites.create.use(authMiddleware).handler(async () => {
-  throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
-});
+const invitesCreate = os.orgs.invites.create
+  .use(authMiddleware)
+  .handler(async () => {
+    throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
+  });
 
-const invitesCancel = os.orgs.invites.cancel.use(authMiddleware).handler(async () => {
-  throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
-});
+const invitesCancel = os.orgs.invites.cancel
+  .use(authMiddleware)
+  .handler(async () => {
+    throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
+  });
 
-const invitesAccept = os.orgs.invites.accept.use(authMiddleware).handler(async () => {
-  throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
-});
+const invitesAccept = os.orgs.invites.accept
+  .use(authMiddleware)
+  .handler(async () => {
+    throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
+  });
 
 // Orgs sites procedures
 const sitesList = os.orgs.sites.list.use(authMiddleware).handler(async () => {
@@ -272,63 +307,89 @@ const sitesList = os.orgs.sites.list.use(authMiddleware).handler(async () => {
 });
 
 // Admin orgs procedures (require superuser - for now just auth, will add superuser middleware later)
-const adminOrgsList = os.admin.orgs.list.use(authMiddleware).handler(async () => {
-  throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
-});
+const adminOrgsList = os.admin.orgs.list
+  .use(authMiddleware)
+  .handler(async () => {
+    throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
+  });
 
 const adminOrgsGet = os.admin.orgs.get.use(authMiddleware).handler(async () => {
   throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
 });
 
-const adminOrgsCreate = os.admin.orgs.create.use(authMiddleware).handler(async () => {
-  throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
-});
+const adminOrgsCreate = os.admin.orgs.create
+  .use(authMiddleware)
+  .handler(async () => {
+    throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
+  });
 
-const adminOrgsUpdate = os.admin.orgs.update.use(authMiddleware).handler(async () => {
-  throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
-});
+const adminOrgsUpdate = os.admin.orgs.update
+  .use(authMiddleware)
+  .handler(async () => {
+    throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
+  });
 
-const adminOrgsDelete = os.admin.orgs.delete.use(authMiddleware).handler(async () => {
-  throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
-});
+const adminOrgsDelete = os.admin.orgs.delete
+  .use(authMiddleware)
+  .handler(async () => {
+    throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
+  });
 
-const adminOrgsListSites = os.admin.orgs.listSites.use(authMiddleware).handler(async () => {
-  throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
-});
+const adminOrgsListSites = os.admin.orgs.listSites
+  .use(authMiddleware)
+  .handler(async () => {
+    throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
+  });
 
-const adminOrgsAddSite = os.admin.orgs.addSite.use(authMiddleware).handler(async () => {
-  throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
-});
+const adminOrgsAddSite = os.admin.orgs.addSite
+  .use(authMiddleware)
+  .handler(async () => {
+    throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
+  });
 
-const adminOrgsRemoveSite = os.admin.orgs.removeSite.use(authMiddleware).handler(async () => {
-  throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
-});
+const adminOrgsRemoveSite = os.admin.orgs.removeSite
+  .use(authMiddleware)
+  .handler(async () => {
+    throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
+  });
 
 // Admin users procedures
-const adminUsersList = os.admin.users.list.use(authMiddleware).handler(async () => {
-  throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
-});
+const adminUsersList = os.admin.users.list
+  .use(authMiddleware)
+  .handler(async () => {
+    throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
+  });
 
-const adminUsersGet = os.admin.users.get.use(authMiddleware).handler(async () => {
-  throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
-});
+const adminUsersGet = os.admin.users.get
+  .use(authMiddleware)
+  .handler(async () => {
+    throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
+  });
 
-const adminUsersCreate = os.admin.users.create.use(authMiddleware).handler(async () => {
-  throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
-});
+const adminUsersCreate = os.admin.users.create
+  .use(authMiddleware)
+  .handler(async () => {
+    throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
+  });
 
-const adminUsersUpdate = os.admin.users.update.use(authMiddleware).handler(async () => {
-  throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
-});
+const adminUsersUpdate = os.admin.users.update
+  .use(authMiddleware)
+  .handler(async () => {
+    throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
+  });
 
-const adminUsersConfirmEmail = os.admin.users.confirmEmail.use(authMiddleware).handler(async () => {
-  throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
-});
+const adminUsersConfirmEmail = os.admin.users.confirmEmail
+  .use(authMiddleware)
+  .handler(async () => {
+    throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
+  });
 
 // Admin auth procedures
-const adminAuthCompleteLogin = os.admin.auth.completeLogin.use(authMiddleware).handler(async () => {
-  throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
-});
+const adminAuthCompleteLogin = os.admin.auth.completeLogin
+  .use(authMiddleware)
+  .handler(async () => {
+    throw new ORPCError("NOT_IMPLEMENTED", { message: "Not implemented" });
+  });
 
 // Build the router
 export const router = os.router({
@@ -356,10 +417,11 @@ export const router = os.router({
     updateProfile,
     delete: meDelete,
     setPassword,
-    listPasskeys,
-    createPasskey,
-    renamePasskey,
-    deletePasskey,
+    passkeys: {
+      list: passkeysList,
+      rename: passkeysRename,
+      delete: passkeysDelete,
+    },
     listSessions,
     revokeSession,
     revokeAllSessions,