What you can call from the CLI, an integration, or your own dashboard. Auth tier, input shape, and return shape for each. Internal-only admin procedures are not documented here.
trpc.auth
Magic-link sign-in and sign-out. Verification itself lives at /api/auth/* (Better Auth handler) because it sets cookies via browser redirect.
auth.requestMagicLinkmutationpublic
Send a sign-in magic link to the supplied email.
input
{ email: string; callbackURL?: string }
returns
{ ok: true }
errors
INTERNAL_SERVER_ERROR · email provider rejected the send
auth.signOutmutationprotected
Sign out the current session. Sets clearing cookies on the response.
input
— (none)
returns
{ ok: true }
trpc.me
Single round-trip "who am I" payload — session, active org, org list. The one call you make to figure out the current caller's context.
me.bootstrapquerypublic
Returns the auth state needed to render any authed UI. Returns nullable session for unauthed callers so the same hook drives both paths.
All orgs the caller belongs to, including their role in each.
returns
Array<{ id, name, slug, role }>
trpc.project
List / get / create / archive projects within the active org. Every query routes through scoped(db, orgId) — direct schema queries are not allowed here.
project.listqueryprotected
Every project the active org owns.
returns
Array<Project>
project.getqueryprotected
One project by slug. 404s if it does not belong to the active org.