@01.software/sdk 0.1.4 → 0.1.6

package/dist/index.cjs

@@ -83,11 +83,14 @@ __export(src_exports, {
   ApiError: () => ApiError,
   BrowserClient: () => BrowserClient,
   COLLECTIONS: () => COLLECTIONS,
+  CartApi: () => CartApi,
   CollectionClient: () => CollectionClient,
   CollectionQueryBuilder: () => CollectionQueryBuilder,
   ConfigError: () => ConfigError,
+  CustomerAuth: () => CustomerAuth,
   NetworkError: () => NetworkError,
   OrderApi: () => OrderApi,
+  ProductApi: () => ProductApi,
   QueryHooks: () => QueryHooks,
   RichTextContent: () => RichTextContent,
   ServerClient: () => ServerClient,
@@ -100,6 +103,7 @@ __export(src_exports, {
   createServerClient: () => createServerClient,
   createServerToken: () => createServerToken,
   createTypedWebhookHandler: () => createTypedWebhookHandler,
+  customerKeys: () => customerKeys,
   decodeServerToken: () => decodeServerToken,
   formatOrderName: () => formatOrderName,
   generateOrderNumber: () => generateOrderNumber,
@@ -120,119 +124,8 @@ __export(src_exports, {
 });
 module.exports = __toCommonJS(src_exports);
 
-// src/core/collection/query-builder.ts
-var CollectionQueryBuilder = class {
-  constructor(api, collection) {
-    this.api = api;
-    this.collection = collection;
-  }
-  /**
-   * Find documents (list query)
-   * GET /api/{collection}
-   * @returns Payload CMS find response with docs array and pagination
-   */
-  find(options) {
-    return __async(this, null, function* () {
-      return this.api.requestFind(
-        `/api/${String(this.collection)}`,
-        options
-      );
-    });
-  }
-  /**
-   * Find document by ID
-   * GET /api/{collection}/{id}
-   * @returns Document object directly (no wrapper)
-   */
-  findById(id, options) {
-    return __async(this, null, function* () {
-      return this.api.requestFindById(
-        `/api/${String(this.collection)}/${String(id)}`,
-        options
-      );
-    });
-  }
-  /**
-   * Create a new document
-   * POST /api/{collection}
-   * @returns Payload CMS mutation response with doc and message
-   */
-  create(data) {
-    return __async(this, null, function* () {
-      return this.api.requestCreate(
-        `/api/${String(this.collection)}`,
-        data
-      );
-    });
-  }
-  /**
-   * Update a document by ID
-   * PATCH /api/{collection}/{id}
-   * @returns Payload CMS mutation response with doc and message
-   */
-  update(id, data) {
-    return __async(this, null, function* () {
-      return this.api.requestUpdate(
-        `/api/${String(this.collection)}/${String(id)}`,
-        data
-      );
-    });
-  }
-  /**
-   * Count documents
-   * GET /api/{collection}/count
-   * @returns Count response with totalDocs
-   */
-  count(options) {
-    return __async(this, null, function* () {
-      return this.api.requestCount(
-        `/api/${String(this.collection)}/count`,
-        options
-      );
-    });
-  }
-  /**
-   * Update multiple documents (bulk update)
-   * PATCH /api/{collection}
-   * @returns Payload CMS find response with updated docs
-   */
-  updateMany(where, data) {
-    return __async(this, null, function* () {
-      return this.api.requestUpdateMany(
-        `/api/${String(this.collection)}`,
-        { where, data }
-      );
-    });
-  }
-  /**
-   * Delete a document by ID
-   * DELETE /api/{collection}/{id}
-   * @returns Deleted document object directly (no wrapper)
-   */
-  remove(id) {
-    return __async(this, null, function* () {
-      return this.api.requestDelete(
-        `/api/${String(this.collection)}/${String(id)}`
-      );
-    });
-  }
-  /**
-   * Delete multiple documents (bulk delete)
-   * DELETE /api/{collection}
-   * @returns Payload CMS find response with deleted docs
-   */
-  removeMany(where) {
-    return __async(this, null, function* () {
-      return this.api.requestDeleteMany(
-        `/api/${String(this.collection)}`,
-        { where }
-      );
-    });
-  }
-};
-
-// src/core/collection/http-client.ts
-var import_qs_esm = require("qs-esm");
+// src/core/internal/utils/index.ts
+var import_jose = require("jose");
 
 // src/core/internal/errors/index.ts
 var SDKError = class _SDKError extends Error {
@@ -333,112 +226,6 @@ var createConfigError = (message, details, userMessage, suggestion) => new Confi
 var createTimeoutError = (message, details, userMessage, suggestion) => new TimeoutError(message, details, userMessage, suggestion);
 var createUsageLimitError = (message, usage, details, userMessage, suggestion) => new UsageLimitError(message, usage, details, userMessage, suggestion);
 
-// src/core/collection/http-client.ts
-var HttpClient = class {
-  constructor(clientKey, secretKey, baseUrl) {
-    if (!clientKey) {
-      throw createValidationError("clientKey is required.");
-    }
-    this.clientKey = clientKey;
-    this.secretKey = secretKey;
-    this.baseUrl = baseUrl;
-    this.defaultOptions = { clientKey, secretKey, baseUrl };
-  }
-  buildUrl(endpoint, options) {
-    if (!options) return endpoint;
-    const queryString = (0, import_qs_esm.stringify)(options, { addQueryPrefix: true });
-    return queryString ? `${endpoint}${queryString}` : endpoint;
-  }
-  assertJsonResponse(response) {
-    const contentType = response.headers.get("content-type");
-    if (!(contentType == null ? void 0 : contentType.includes("application/json"))) {
-      throw createApiError("Response is not in JSON format.", response.status, { contentType });
-    }
-  }
-  /**
-   * Parse Payload CMS find response (list query)
-   * Returns native Payload response structure
-   */
-  parseFindResponse(response) {
-    return __async(this, null, function* () {
-      var _a, _b;
-      const contentType = response.headers.get("content-type");
-      try {
-        this.assertJsonResponse(response);
-        const jsonData = yield response.json();
-        if (jsonData.docs === void 0) {
-          throw createApiError("Invalid find response.", response.status, { jsonData });
-        }
-        return {
-          docs: jsonData.docs,
-          totalDocs: jsonData.totalDocs || 0,
-          limit: jsonData.limit || 20,
-          totalPages: jsonData.totalPages || 0,
-          page: jsonData.page || 1,
-          pagingCounter: jsonData.pagingCounter || 1,
-          hasPrevPage: jsonData.hasPrevPage || false,
-          hasNextPage: jsonData.hasNextPage || false,
-          prevPage: (_a = jsonData.prevPage) != null ? _a : null,
-          nextPage: (_b = jsonData.nextPage) != null ? _b : null
-        };
-      } catch (error) {
-        throw createApiError("Failed to parse response.", response.status, {
-          contentType,
-          error: error instanceof Error ? error.message : error
-        });
-      }
-    });
-  }
-  /**
-   * Parse Payload CMS mutation response (create/update)
-   * Returns native Payload response structure
-   */
-  parseMutationResponse(response) {
-    return __async(this, null, function* () {
-      const contentType = response.headers.get("content-type");
-      try {
-        this.assertJsonResponse(response);
-        const jsonData = yield response.json();
-        if (jsonData.doc === void 0) {
-          throw createApiError("Invalid mutation response.", response.status, { jsonData });
-        }
-        return {
-          message: jsonData.message || "",
-          doc: jsonData.doc,
-          errors: jsonData.errors
-        };
-      } catch (error) {
-        throw createApiError("Failed to parse response.", response.status, {
-          contentType,
-          error: error instanceof Error ? error.message : error
-        });
-      }
-    });
-  }
-  /**
-   * Parse Payload CMS document response (findById/delete)
-   * Returns document directly without wrapper
-   */
-  parseDocumentResponse(response) {
-    return __async(this, null, function* () {
-      const contentType = response.headers.get("content-type");
-      try {
-        this.assertJsonResponse(response);
-        const jsonData = yield response.json();
-        return jsonData;
-      } catch (error) {
-        throw createApiError("Failed to parse response.", response.status, {
-          contentType,
-          error: error instanceof Error ? error.message : error
-        });
-      }
-    });
-  }
-};
-
-// src/core/internal/utils/index.ts
-var import_jose = require("jose");
-
 // src/core/client/types.ts
 var API_URLS = {
   local: "http://localhost:3000",
@@ -464,6 +251,7 @@ function resolveApiUrl(config) {
 var DEFAULT_TIMEOUT = 3e4;
 var DEFAULT_RETRYABLE_STATUSES = [408, 429, 500, 502, 503, 504];
 var NON_RETRYABLE_STATUSES = [401, 403, 404, 422];
+var SAFE_METHODS = ["GET", "HEAD", "OPTIONS"];
 function createServerToken(clientKey, secretKey, expiresIn = "1h") {
   return __async(this, null, function* () {
     if (!clientKey || !secretKey) {
@@ -567,6 +355,7 @@ function _fetch(url, options) {
     const _a = options || {}, {
       clientKey,
       secretKey,
+      customerToken,
       timeout = DEFAULT_TIMEOUT,
       baseUrl = API_URLS.production,
       debug,
@@ -574,6 +363,7 @@ function _fetch(url, options) {
     } = _a, requestInit = __objRest(_a, [
       "clientKey",
       "secretKey",
+      "customerToken",
       "timeout",
       "baseUrl",
       "debug",
@@ -587,6 +377,8 @@ function _fetch(url, options) {
     let authToken;
     if (secretKey && clientKey) {
       authToken = yield createServerToken(clientKey, secretKey);
+    } else if (customerToken) {
+      authToken = customerToken;
     }
     let lastError;
     for (let attempt = 0; attempt <= retryConfig.maxRetries; attempt++) {
@@ -601,9 +393,14 @@ function _fetch(url, options) {
         if (!headers.has("Content-Type") && requestInit.body) {
           headers.set("Content-Type", "application/json");
         }
+        const redactedHeaders = Object.fromEntries(headers.entries());
+        if (redactedHeaders["authorization"]) {
+          const token = redactedHeaders["authorization"];
+          redactedHeaders["authorization"] = token.length > 15 ? `${token.slice(0, 15)}...****` : "****";
+        }
         debugLog(debug, "request", url, {
           method: requestInit.method || "GET",
-          headers: Object.fromEntries(headers.entries()),
+          headers: redactedHeaders,
           attempt: attempt + 1
         });
         const controller = new AbortController();
@@ -647,7 +444,8 @@ function _fetch(url, options) {
             `Request failed (status: ${response.status})`,
             getErrorSuggestion(response.status)
           );
-          if (attempt < retryConfig.maxRetries && retryConfig.retryableStatuses.includes(response.status)) {
+          const method = (requestInit.method || "GET").toUpperCase();
+          if (attempt < retryConfig.maxRetries && SAFE_METHODS.includes(method) && retryConfig.retryableStatuses.includes(response.status)) {
             lastError = error;
             const retryDelay = retryConfig.retryDelay(attempt);
             debugLog(debug, "error", `Retrying in ${retryDelay}ms...`, error);
@@ -659,6 +457,8 @@ function _fetch(url, options) {
         return response;
       } catch (error) {
         debugLog(debug, "error", url, error);
+        const method = (requestInit.method || "GET").toUpperCase();
+        const isSafe = SAFE_METHODS.includes(method);
         if (error instanceof Error && error.name === "AbortError") {
           const timeoutError = createTimeoutError(
             `Request timed out after ${timeout}ms.`,
@@ -666,7 +466,7 @@ function _fetch(url, options) {
             "The request timed out.",
             "Please check your network connection or try again later."
           );
-          if (attempt < retryConfig.maxRetries) {
+          if (isSafe && attempt < retryConfig.maxRetries) {
             lastError = timeoutError;
             yield delay(retryConfig.retryDelay(attempt));
             continue;
@@ -681,7 +481,7 @@ function _fetch(url, options) {
             "Network connection failed.",
             "Please check your internet connection and try again."
           );
-          if (attempt < retryConfig.maxRetries) {
+          if (isSafe && attempt < retryConfig.maxRetries) {
             lastError = networkError;
             yield delay(retryConfig.retryDelay(attempt));
             continue;
@@ -689,7 +489,7 @@ function _fetch(url, options) {
           throw networkError;
         }
         if (error instanceof NetworkError || error instanceof TimeoutError) {
-          if (attempt < retryConfig.maxRetries && error.status && !NON_RETRYABLE_STATUSES.includes(error.status) && retryConfig.retryableStatuses.includes(error.status)) {
+          if (isSafe && attempt < retryConfig.maxRetries && error.status && !NON_RETRYABLE_STATUSES.includes(error.status) && retryConfig.retryableStatuses.includes(error.status)) {
             lastError = error;
             yield delay(retryConfig.retryDelay(attempt));
             continue;
@@ -703,7 +503,7 @@ function _fetch(url, options) {
           "An unknown error occurred.",
           "Please try again later."
         );
-        if (attempt < retryConfig.maxRetries) {
+        if (isSafe && attempt < retryConfig.maxRetries) {
           lastError = unknownError;
           yield delay(retryConfig.retryDelay(attempt));
           continue;
@@ -711,14 +511,427 @@ function _fetch(url, options) {
         throw unknownError;
       }
     }
-    throw lastError;
+    throw lastError != null ? lastError : new NetworkError("Request failed after retries");
   });
 }
 
+// src/core/api/order-api.ts
+var OrderApi = class {
+  constructor(options) {
+    if (!options.clientKey) {
+      throw createConfigError("clientKey is required for OrderApi.");
+    }
+    if (!options.secretKey) {
+      throw createConfigError("secretKey is required for OrderApi.");
+    }
+    this.clientKey = options.clientKey;
+    this.secretKey = options.secretKey;
+    this.baseUrl = options.baseUrl;
+  }
+  request(endpoint, body) {
+    return __async(this, null, function* () {
+      const response = yield _fetch(endpoint, {
+        method: "POST",
+        clientKey: this.clientKey,
+        secretKey: this.secretKey,
+        baseUrl: this.baseUrl,
+        body: JSON.stringify(body)
+      });
+      let data;
+      try {
+        data = yield response.json();
+      } catch (e) {
+        throw createApiError(
+          `Invalid JSON response from ${endpoint}`,
+          response.status,
+          void 0,
+          "Server returned an invalid response.",
+          "Check if the API endpoint is available."
+        );
+      }
+      if (data.error) {
+        const errorMessage = typeof data.error === "string" ? data.error : "Unknown API error";
+        throw createApiError(
+          errorMessage,
+          response.status,
+          data,
+          errorMessage,
+          "An error occurred while processing the request."
+        );
+      }
+      return data;
+    });
+  }
+  createOrder(params) {
+    return this.request("/api/orders/create", params);
+  }
+  updateOrder(params) {
+    return this.request("/api/orders/update", params);
+  }
+  getOrder(params) {
+    return this.request("/api/orders/get", params);
+  }
+  updateTransaction(params) {
+    return this.request("/api/transactions/update", params);
+  }
+  checkout(params) {
+    return this.request("/api/orders/checkout", params);
+  }
+  createFulfillment(params) {
+    return this.request("/api/orders/create-fulfillment", params);
+  }
+  returnWithRefund(params) {
+    return this.request("/api/returns/return-refund", params);
+  }
+  createReturn(params) {
+    return this.request("/api/returns/create", params);
+  }
+  updateReturn(params) {
+    return this.request("/api/returns/update", params);
+  }
+};
+
+// src/core/api/cart-api.ts
+var CartApi = class {
+  constructor(options) {
+    if (!options.clientKey) {
+      throw createConfigError("clientKey is required for CartApi.");
+    }
+    if (!options.secretKey && !options.customerToken) {
+      throw createConfigError("Either secretKey or customerToken is required for CartApi.");
+    }
+    this.clientKey = options.clientKey;
+    this.secretKey = options.secretKey;
+    this.customerToken = options.customerToken;
+    this.baseUrl = options.baseUrl;
+  }
+  request(endpoint, body) {
+    return __async(this, null, function* () {
+      const token = typeof this.customerToken === "function" ? this.customerToken() : this.customerToken;
+      const response = yield _fetch(endpoint, {
+        method: "POST",
+        clientKey: this.clientKey,
+        secretKey: this.secretKey,
+        customerToken: token != null ? token : void 0,
+        baseUrl: this.baseUrl,
+        body: JSON.stringify(body)
+      });
+      let data;
+      try {
+        data = yield response.json();
+      } catch (e) {
+        throw createApiError(
+          `Invalid JSON response from ${endpoint}`,
+          response.status,
+          void 0,
+          "Server returned an invalid response.",
+          "Check if the API endpoint is available."
+        );
+      }
+      if (data.error) {
+        const errorMessage = typeof data.error === "string" ? data.error : "Unknown API error";
+        throw createApiError(
+          errorMessage,
+          response.status,
+          data,
+          errorMessage,
+          "An error occurred while processing the request."
+        );
+      }
+      return data;
+    });
+  }
+  addItem(params) {
+    return this.request("/api/carts/add-item", params);
+  }
+  updateItem(params) {
+    return this.request("/api/carts/update-item", params);
+  }
+  removeItem(params) {
+    return this.request("/api/carts/remove-item", params);
+  }
+};
+
+// src/core/api/product-api.ts
+var ProductApi = class {
+  constructor(options) {
+    if (!options.clientKey) {
+      throw createConfigError("clientKey is required for ProductApi.");
+    }
+    if (!options.secretKey) {
+      throw createConfigError("secretKey is required for ProductApi.");
+    }
+    this.clientKey = options.clientKey;
+    this.secretKey = options.secretKey;
+    this.baseUrl = options.baseUrl;
+  }
+  request(endpoint, body) {
+    return __async(this, null, function* () {
+      const response = yield _fetch(endpoint, {
+        method: "POST",
+        clientKey: this.clientKey,
+        secretKey: this.secretKey,
+        baseUrl: this.baseUrl,
+        body: JSON.stringify(body)
+      });
+      let data;
+      try {
+        data = yield response.json();
+      } catch (e) {
+        throw createApiError(
+          `Invalid JSON response from ${endpoint}`,
+          response.status,
+          void 0,
+          "Server returned an invalid response.",
+          "Check if the API endpoint is available."
+        );
+      }
+      if (data.error) {
+        const errorMessage = typeof data.error === "string" ? data.error : "Unknown API error";
+        throw createApiError(
+          errorMessage,
+          response.status,
+          data,
+          errorMessage,
+          "An error occurred while processing the request."
+        );
+      }
+      return data;
+    });
+  }
+  stockCheck(params) {
+    return this.request("/api/products/stock-check", params);
+  }
+};
+
+// src/core/collection/query-builder.ts
+var CollectionQueryBuilder = class {
+  constructor(api, collection) {
+    this.api = api;
+    this.collection = collection;
+  }
+  /**
+   * Find documents (list query)
+   * GET /api/{collection}
+   * @returns Payload CMS find response with docs array and pagination
+   */
+  find(options) {
+    return __async(this, null, function* () {
+      return this.api.requestFind(
+        `/api/${String(this.collection)}`,
+        options
+      );
+    });
+  }
+  /**
+   * Find document by ID
+   * GET /api/{collection}/{id}
+   * @returns Document object directly (no wrapper)
+   */
+  findById(id, options) {
+    return __async(this, null, function* () {
+      return this.api.requestFindById(
+        `/api/${String(this.collection)}/${String(id)}`,
+        options
+      );
+    });
+  }
+  /**
+   * Create a new document
+   * POST /api/{collection}
+   * @returns Payload CMS mutation response with doc and message
+   */
+  create(data) {
+    return __async(this, null, function* () {
+      return this.api.requestCreate(
+        `/api/${String(this.collection)}`,
+        data
+      );
+    });
+  }
+  /**
+   * Update a document by ID
+   * PATCH /api/{collection}/{id}
+   * @returns Payload CMS mutation response with doc and message
+   */
+  update(id, data) {
+    return __async(this, null, function* () {
+      return this.api.requestUpdate(
+        `/api/${String(this.collection)}/${String(id)}`,
+        data
+      );
+    });
+  }
+  /**
+   * Count documents
+   * GET /api/{collection}/count
+   * @returns Count response with totalDocs
+   */
+  count(options) {
+    return __async(this, null, function* () {
+      return this.api.requestCount(
+        `/api/${String(this.collection)}/count`,
+        options
+      );
+    });
+  }
+  /**
+   * Update multiple documents (bulk update)
+   * PATCH /api/{collection}
+   * @returns Payload CMS find response with updated docs
+   */
+  updateMany(where, data) {
+    return __async(this, null, function* () {
+      return this.api.requestUpdateMany(
+        `/api/${String(this.collection)}`,
+        { where, data }
+      );
+    });
+  }
+  /**
+   * Delete a document by ID
+   * DELETE /api/{collection}/{id}
+   * @returns Deleted document object directly (no wrapper)
+   */
+  remove(id) {
+    return __async(this, null, function* () {
+      return this.api.requestDelete(
+        `/api/${String(this.collection)}/${String(id)}`
+      );
+    });
+  }
+  /**
+   * Delete multiple documents (bulk delete)
+   * DELETE /api/{collection}
+   * @returns Payload CMS find response with deleted docs
+   */
+  removeMany(where) {
+    return __async(this, null, function* () {
+      return this.api.requestDeleteMany(
+        `/api/${String(this.collection)}`,
+        { where }
+      );
+    });
+  }
+};
+
+// src/core/collection/http-client.ts
+var import_qs_esm = require("qs-esm");
+var HttpClient = class {
+  constructor(clientKey, secretKey, baseUrl, getCustomerToken) {
+    if (!clientKey) {
+      throw createValidationError("clientKey is required.");
+    }
+    this.clientKey = clientKey;
+    this.secretKey = secretKey;
+    this.baseUrl = baseUrl;
+    this.getCustomerToken = getCustomerToken;
+  }
+  get defaultOptions() {
+    var _a;
+    const opts = { clientKey: this.clientKey, secretKey: this.secretKey, baseUrl: this.baseUrl };
+    const token = (_a = this.getCustomerToken) == null ? void 0 : _a.call(this);
+    if (token) {
+      opts.customerToken = token;
+    }
+    return opts;
+  }
+  buildUrl(endpoint, options) {
+    if (!options) return endpoint;
+    const queryString = (0, import_qs_esm.stringify)(options, { addQueryPrefix: true });
+    return queryString ? `${endpoint}${queryString}` : endpoint;
+  }
+  assertJsonResponse(response) {
+    const contentType = response.headers.get("content-type");
+    if (!(contentType == null ? void 0 : contentType.includes("application/json"))) {
+      throw createApiError("Response is not in JSON format.", response.status, { contentType });
+    }
+  }
+  /**
+   * Parse Payload CMS find response (list query)
+   * Returns native Payload response structure
+   */
+  parseFindResponse(response) {
+    return __async(this, null, function* () {
+      var _a, _b;
+      const contentType = response.headers.get("content-type");
+      try {
+        this.assertJsonResponse(response);
+        const jsonData = yield response.json();
+        if (jsonData.docs === void 0) {
+          throw createApiError("Invalid find response.", response.status, { jsonData });
+        }
+        return {
+          docs: jsonData.docs,
+          totalDocs: jsonData.totalDocs || 0,
+          limit: jsonData.limit || 20,
+          totalPages: jsonData.totalPages || 0,
+          page: jsonData.page || 1,
+          pagingCounter: jsonData.pagingCounter || 1,
+          hasPrevPage: jsonData.hasPrevPage || false,
+          hasNextPage: jsonData.hasNextPage || false,
+          prevPage: (_a = jsonData.prevPage) != null ? _a : null,
+          nextPage: (_b = jsonData.nextPage) != null ? _b : null
+        };
+      } catch (error) {
+        throw createApiError("Failed to parse response.", response.status, {
+          contentType,
+          error: error instanceof Error ? error.message : error
+        });
+      }
+    });
+  }
+  /**
+   * Parse Payload CMS mutation response (create/update)
+   * Returns native Payload response structure
+   */
+  parseMutationResponse(response) {
+    return __async(this, null, function* () {
+      const contentType = response.headers.get("content-type");
+      try {
+        this.assertJsonResponse(response);
+        const jsonData = yield response.json();
+        if (jsonData.doc === void 0) {
+          throw createApiError("Invalid mutation response.", response.status, { jsonData });
+        }
+        return {
+          message: jsonData.message || "",
+          doc: jsonData.doc,
+          errors: jsonData.errors
+        };
+      } catch (error) {
+        throw createApiError("Failed to parse response.", response.status, {
+          contentType,
+          error: error instanceof Error ? error.message : error
+        });
+      }
+    });
+  }
+  /**
+   * Parse Payload CMS document response (findById/delete)
+   * Returns document directly without wrapper
+   */
+  parseDocumentResponse(response) {
+    return __async(this, null, function* () {
+      const contentType = response.headers.get("content-type");
+      try {
+        this.assertJsonResponse(response);
+        const jsonData = yield response.json();
+        return jsonData;
+      } catch (error) {
+        throw createApiError("Failed to parse response.", response.status, {
+          contentType,
+          error: error instanceof Error ? error.message : error
+        });
+      }
+    });
+  }
+};
+
 // src/core/collection/collection-client.ts
 var CollectionClient = class extends HttpClient {
-  constructor(clientKey, secretKey, baseUrl) {
-    super(clientKey, secretKey, baseUrl);
+  constructor(clientKey, secretKey, baseUrl, getCustomerToken) {
+    super(clientKey, secretKey, baseUrl, getCustomerToken);
   }
   from(collection) {
     return new CollectionQueryBuilder(this, collection);
@@ -843,7 +1056,17 @@ var COLLECTIONS = [
   "order-products",
   "returns",
   "return-products",
+  "exchanges",
+  "exchange-products",
+  "fulfillments",
+  "fulfillment-items",
   "transactions",
+  "customers",
+  "customer-addresses",
+  "carts",
+  "cart-items",
+  "discounts",
+  "shipping-policies",
   "documents",
   "document-categories",
   "document-images",
@@ -861,12 +1084,205 @@ var COLLECTIONS = [
   "media"
 ];
 
+// src/core/customer/customer-auth.ts
+var DEFAULT_TIMEOUT2 = 15e3;
+var CustomerAuth = class {
+  constructor(clientKey, baseUrl, options) {
+    var _a;
+    this.clientKey = clientKey;
+    this.baseUrl = baseUrl;
+    this.token = (_a = options == null ? void 0 : options.token) != null ? _a : null;
+    this.onTokenChange = options == null ? void 0 : options.onTokenChange;
+  }
+  /**
+   * Register a new customer account
+   */
+  register(data) {
+    return __async(this, null, function* () {
+      return this.requestJson("/api/customers/register", {
+        method: "POST",
+        body: JSON.stringify(data)
+      });
+    });
+  }
+  /**
+   * Login with email and password. Stores the token internally.
+   */
+  login(data) {
+    return __async(this, null, function* () {
+      const result = yield this.requestJson("/api/customers/login", {
+        method: "POST",
+        body: JSON.stringify(data)
+      });
+      this.setToken(result.token);
+      return result;
+    });
+  }
+  /**
+   * Refresh the current token. Requires a valid (non-expired) token.
+   */
+  refreshToken() {
+    return __async(this, null, function* () {
+      if (!this.token) throw new ApiError("Not authenticated", 401);
+      const result = yield this.requestJson("/api/customers/refresh", {
+        method: "POST",
+        headers: { Authorization: `Bearer ${this.token}` }
+      });
+      this.setToken(result.token);
+      return result;
+    });
+  }
+  /**
+   * Clear the stored token
+   */
+  logout() {
+    this.setToken(null);
+  }
+  /**
+   * Get the current authenticated customer's profile
+   */
+  me() {
+    return __async(this, null, function* () {
+      var _a;
+      if (!this.token) return null;
+      try {
+        const data = yield this.requestJson("/api/customers/me", {
+          method: "GET",
+          headers: { Authorization: `Bearer ${this.token}` }
+        });
+        return (_a = data.customer) != null ? _a : null;
+      } catch (error) {
+        if (error instanceof ApiError && error.status === 401) {
+          this.setToken(null);
+          return null;
+        }
+        throw error;
+      }
+    });
+  }
+  /**
+   * Request a password reset email
+   */
+  forgotPassword(email) {
+    return __async(this, null, function* () {
+      yield this.requestJson("/api/customers/forgot-password", {
+        method: "POST",
+        body: JSON.stringify({ email })
+      });
+    });
+  }
+  /**
+   * Reset password using a token from the reset email
+   */
+  resetPassword(token, password) {
+    return __async(this, null, function* () {
+      yield this.requestJson("/api/customers/reset-password", {
+        method: "POST",
+        body: JSON.stringify({ token, password })
+      });
+    });
+  }
+  /**
+   * Change the password of the currently authenticated customer
+   */
+  changePassword(currentPassword, newPassword) {
+    return __async(this, null, function* () {
+      if (!this.token) throw new ApiError("Not authenticated", 401);
+      yield this.requestJson("/api/customers/change-password", {
+        method: "POST",
+        headers: { Authorization: `Bearer ${this.token}` },
+        body: JSON.stringify({ currentPassword, newPassword })
+      });
+    });
+  }
+  /**
+   * Verify email using the verification token
+   */
+  verifyEmail(token) {
+    return __async(this, null, function* () {
+      yield this.requestJson("/api/customers/verify-email", {
+        method: "POST",
+        body: JSON.stringify({ token })
+      });
+    });
+  }
+  /**
+   * Get the current token (or null if not authenticated)
+   */
+  getToken() {
+    return this.token;
+  }
+  /**
+   * Set the token manually (e.g. from SSR)
+   */
+  setToken(token) {
+    var _a;
+    this.token = token;
+    (_a = this.onTokenChange) == null ? void 0 : _a.call(this, token);
+  }
+  /**
+   * Check if the customer is currently authenticated
+   */
+  isAuthenticated() {
+    return this.token !== null;
+  }
+  /**
+   * Internal: make a request with timeout and error handling.
+   * Auth endpoints don't retry — failures are final.
+   */
+  requestJson(path, init) {
+    return __async(this, null, function* () {
+      const headers = new Headers(init.headers);
+      headers.set("X-Client-Key", this.clientKey);
+      if (!headers.has("Content-Type") && init.body) {
+        headers.set("Content-Type", "application/json");
+      }
+      const controller = new AbortController();
+      const timeoutId = setTimeout(() => controller.abort(), DEFAULT_TIMEOUT2);
+      let res;
+      try {
+        res = yield fetch(`${this.baseUrl}${path}`, __spreadProps(__spreadValues({}, init), {
+          headers,
+          signal: controller.signal
+        }));
+      } catch (error) {
+        clearTimeout(timeoutId);
+        if (error instanceof Error && error.name === "AbortError") {
+          throw new TimeoutError(
+            `Request timed out after ${DEFAULT_TIMEOUT2}ms`,
+            { url: path, timeout: DEFAULT_TIMEOUT2 }
+          );
+        }
+        throw new NetworkError(
+          error instanceof Error ? error.message : "Network request failed",
+          void 0,
+          { url: path },
+          "Network connection failed.",
+          "Please check your internet connection and try again."
+        );
+      }
+      clearTimeout(timeoutId);
+      if (!res.ok) {
+        const body = yield res.json().catch(() => ({}));
+        throw new ApiError(
+          body.error || `HTTP ${res.status}`,
+          res.status,
+          body.details,
+          body.error
+        );
+      }
+      return res.json();
+    });
+  }
+};
+
 // src/core/query/get-query-client.ts
 var import_react_query = require("@tanstack/react-query");
 function makeQueryClient() {
   return new import_react_query.QueryClient({
     defaultOptions: {
       queries: {
+        // SSR/RSC: server-fetched data doesn't auto-refetch; use refetch()/invalidate() to refresh
         staleTime: Number.POSITIVE_INFINITY,
         refetchOnWindowFocus: false
       },
@@ -901,11 +1317,24 @@ function collectionKeys(collection) {
     infinite: (options) => [collection, "infinite", options]
   };
 }
+var customerKeys = {
+  all: ["customer"],
+  me: () => ["customer", "me"]
+};
 var DEFAULT_PAGE_SIZE = 20;
 var QueryHooks = class {
-  constructor(queryClient, collectionClient) {
+  constructor(queryClient, collectionClient, customerAuth) {
     this.queryClient = queryClient;
     this.collectionClient = collectionClient;
+    this.customerAuth = customerAuth;
+  }
+  ensureCustomerAuth() {
+    if (!this.customerAuth) {
+      throw createConfigError(
+        "Customer hooks require BrowserClient. Use createBrowserClient() instead of createServerClient()."
+      );
+    }
+    return this.customerAuth;
   }
   // ===== useQuery =====
   useQuery(params, options) {
@@ -1097,6 +1526,124 @@ var QueryHooks = class {
       );
     }
   }
+  // ===== Customer Query Hooks =====
+  useCustomerMe(options) {
+    var _a, _b;
+    return (0, import_react_query2.useQuery)(__spreadProps(__spreadValues({
+      queryKey: customerKeys.me(),
+      queryFn: () => __async(this, null, function* () {
+        return yield this.ensureCustomerAuth().me();
+      })
+    }, options), {
+      enabled: ((_a = options == null ? void 0 : options.enabled) != null ? _a : true) && !!((_b = this.customerAuth) == null ? void 0 : _b.isAuthenticated())
+    }));
+  }
+  useCustomerLogin(options) {
+    return (0, import_react_query2.useMutation)({
+      mutationFn: (data) => __async(this, null, function* () {
+        return yield this.ensureCustomerAuth().login(data);
+      }),
+      onSuccess: (data) => {
+        var _a;
+        this.queryClient.invalidateQueries({ queryKey: customerKeys.me() });
+        (_a = options == null ? void 0 : options.onSuccess) == null ? void 0 : _a.call(options, data);
+      },
+      onError: options == null ? void 0 : options.onError,
+      onSettled: options == null ? void 0 : options.onSettled
+    });
+  }
+  useCustomerRegister(options) {
+    return (0, import_react_query2.useMutation)({
+      mutationFn: (data) => __async(this, null, function* () {
+        return yield this.ensureCustomerAuth().register(data);
+      }),
+      onSuccess: options == null ? void 0 : options.onSuccess,
+      onError: options == null ? void 0 : options.onError,
+      onSettled: options == null ? void 0 : options.onSettled
+    });
+  }
+  useCustomerLogout(options) {
+    return (0, import_react_query2.useMutation)({
+      mutationFn: () => __async(this, null, function* () {
+        this.ensureCustomerAuth().logout();
+      }),
+      onSuccess: () => {
+        var _a;
+        this.queryClient.removeQueries({ queryKey: customerKeys.all });
+        (_a = options == null ? void 0 : options.onSuccess) == null ? void 0 : _a.call(options);
+      },
+      onError: options == null ? void 0 : options.onError,
+      onSettled: options == null ? void 0 : options.onSettled
+    });
+  }
+  useCustomerForgotPassword(options) {
+    return (0, import_react_query2.useMutation)({
+      mutationFn: (email) => __async(this, null, function* () {
+        yield this.ensureCustomerAuth().forgotPassword(email);
+      }),
+      onSuccess: options == null ? void 0 : options.onSuccess,
+      onError: options == null ? void 0 : options.onError,
+      onSettled: options == null ? void 0 : options.onSettled
+    });
+  }
+  useCustomerResetPassword(options) {
+    return (0, import_react_query2.useMutation)({
+      mutationFn: (data) => __async(this, null, function* () {
+        yield this.ensureCustomerAuth().resetPassword(data.token, data.password);
+      }),
+      onSuccess: options == null ? void 0 : options.onSuccess,
+      onError: options == null ? void 0 : options.onError,
+      onSettled: options == null ? void 0 : options.onSettled
+    });
+  }
+  useCustomerVerifyEmail(options) {
+    return (0, import_react_query2.useMutation)({
+      mutationFn: (token) => __async(this, null, function* () {
+        yield this.ensureCustomerAuth().verifyEmail(token);
+      }),
+      onSuccess: () => {
+        var _a;
+        this.queryClient.invalidateQueries({ queryKey: customerKeys.me() });
+        (_a = options == null ? void 0 : options.onSuccess) == null ? void 0 : _a.call(options);
+      },
+      onError: options == null ? void 0 : options.onError,
+      onSettled: options == null ? void 0 : options.onSettled
+    });
+  }
+  useCustomerRefreshToken(options) {
+    return (0, import_react_query2.useMutation)({
+      mutationFn: () => __async(this, null, function* () {
+        return yield this.ensureCustomerAuth().refreshToken();
+      }),
+      onSuccess: (data) => {
+        var _a;
+        this.queryClient.invalidateQueries({ queryKey: customerKeys.me() });
+        (_a = options == null ? void 0 : options.onSuccess) == null ? void 0 : _a.call(options, data);
+      },
+      onError: options == null ? void 0 : options.onError,
+      onSettled: options == null ? void 0 : options.onSettled
+    });
+  }
+  useCustomerChangePassword(options) {
+    return (0, import_react_query2.useMutation)({
+      mutationFn: (data) => __async(this, null, function* () {
+        yield this.ensureCustomerAuth().changePassword(data.currentPassword, data.newPassword);
+      }),
+      onSuccess: options == null ? void 0 : options.onSuccess,
+      onError: options == null ? void 0 : options.onError,
+      onSettled: options == null ? void 0 : options.onSettled
+    });
+  }
+  // ===== Customer Cache Utilities =====
+  invalidateCustomerQueries() {
+    return this.queryClient.invalidateQueries({ queryKey: customerKeys.all });
+  }
+  getCustomerData() {
+    return this.queryClient.getQueryData(customerKeys.me());
+  }
+  setCustomerData(data) {
+    this.queryClient.setQueryData(customerKeys.me(), data);
+  }
 };
 
 // src/core/client/client.ts
@@ -1114,8 +1661,19 @@ var BrowserClient = class {
     };
     this.state = { metadata };
     this.queryClient = getQueryClient();
-    this.collections = new CollectionClient(this.config.clientKey, void 0, this.baseUrl);
-    this.query = new QueryHooks(this.queryClient, this.collections);
+    this.customer = new CustomerAuth(this.config.clientKey, this.baseUrl, options.customer);
+    this.cart = new CartApi({
+      clientKey: this.config.clientKey,
+      customerToken: () => this.customer.getToken(),
+      baseUrl: this.baseUrl
+    });
+    this.collections = new CollectionClient(
+      this.config.clientKey,
+      void 0,
+      this.baseUrl,
+      () => this.customer.getToken()
+    );
+    this.query = new QueryHooks(this.queryClient, this.collections, this.customer);
   }
   from(collection) {
     return this.collections.from(collection);
@@ -1128,68 +1686,14 @@ function createBrowserClient(options) {
   return new BrowserClient(options);
 }
 
-// src/core/api/order-api.ts
-var OrderApi = class {
-  constructor(options) {
-    if (!options.clientKey) {
-      throw createConfigError("clientKey is required for OrderApi.");
-    }
-    if (!options.secretKey) {
-      throw createConfigError("secretKey is required for OrderApi.");
-    }
-    this.clientKey = options.clientKey;
-    this.secretKey = options.secretKey;
-    this.baseUrl = options.baseUrl;
-  }
-  request(endpoint, body) {
-    return __async(this, null, function* () {
-      const response = yield _fetch(endpoint, {
-        method: "POST",
-        clientKey: this.clientKey,
-        secretKey: this.secretKey,
-        baseUrl: this.baseUrl,
-        body: JSON.stringify(body)
-      });
-      let data;
-      try {
-        data = yield response.json();
-      } catch (e) {
-        throw createApiError(
-          `Invalid JSON response from ${endpoint}`,
-          response.status,
-          void 0,
-          "Server returned an invalid response.",
-          "Check if the API endpoint is available."
-        );
-      }
-      if (data.error) {
-        const errorMessage = typeof data.error === "string" ? data.error : "Unknown API error";
-        throw createApiError(
-          errorMessage,
-          response.status,
-          data,
-          errorMessage,
-          "An error occurred while processing the request."
-        );
-      }
-      return data;
-    });
-  }
-  createOrder(params) {
-    return this.request("/api/orders/create", params);
-  }
-  updateOrder(params) {
-    return this.request("/api/orders/update", params);
-  }
-  updateTransaction(params) {
-    return this.request("/api/transactions/update", params);
-  }
-};
-
 // src/core/client/client.server.ts
 var ServerClient = class {
   constructor(options) {
-    var _a;
+    if (typeof window !== "undefined") {
+      throw createConfigError(
+        "ServerClient must not be used in a browser environment. This risks exposing your secretKey in client bundles. Use createBrowserClient() for browser code instead."
+      );
+    }
     if (!options.clientKey) {
       throw createConfigError("clientKey is required.");
     }
@@ -1200,7 +1704,7 @@ var ServerClient = class {
     this.baseUrl = resolveApiUrl(options);
     const metadata = {
       timestamp: Date.now(),
-      userAgent: typeof window !== "undefined" ? (_a = window.navigator) == null ? void 0 : _a.userAgent : "Node.js"
+      userAgent: "Node.js"
     };
     this.state = { metadata };
     this.api = new OrderApi({
@@ -1208,6 +1712,16 @@ var ServerClient = class {
       secretKey: this.config.secretKey,
       baseUrl: this.baseUrl
     });
+    this.cart = new CartApi({
+      clientKey: this.config.clientKey,
+      secretKey: this.config.secretKey,
+      baseUrl: this.baseUrl
+    });
+    this.product = new ProductApi({
+      clientKey: this.config.clientKey,
+      secretKey: this.config.secretKey,
+      baseUrl: this.baseUrl
+    });
     this.collections = new CollectionClient(
       this.config.clientKey,
       this.config.secretKey,
@@ -1249,10 +1763,10 @@ function verifySignature(payload, secret, signature) {
     );
     const sig = yield crypto.subtle.sign("HMAC", key, encoder.encode(payload));
     const expected = Array.from(new Uint8Array(sig)).map((b) => b.toString(16).padStart(2, "0")).join("");
-    if (expected.length !== signature.length) return false;
-    let result = 0;
-    for (let i = 0; i < expected.length; i++) {
-      result |= expected.charCodeAt(i) ^ signature.charCodeAt(i);
+    let result = expected.length !== signature.length ? 1 : 0;
+    const len = Math.max(expected.length, signature.length);
+    for (let i = 0; i < len; i++) {
+      result |= (expected.charCodeAt(i) || 0) ^ (signature.charCodeAt(i) || 0);
     }
     return result === 0;
   });
@@ -1261,6 +1775,11 @@ function handleWebhook(request, handler, options) {
   return __async(this, null, function* () {
     try {
       const rawBody = yield request.text();
+      if (!(options == null ? void 0 : options.secret)) {
+        console.warn(
+          "[@01.software/sdk] Webhook signature verification is skipped because no secret was provided. Pass { secret } to handleWebhook() to enable signature verification."
+        );
+      }
       if (options == null ? void 0 : options.secret) {
         const signature = request.headers.get("x-webhook-signature") || "";
         const valid = yield verifySignature(rawBody, options.secret, signature);
@@ -1286,10 +1805,7 @@ function handleWebhook(request, handler, options) {
     } catch (error) {
       console.error("Webhook processing error:", error);
       return new Response(
-        JSON.stringify({
-          error: "Internal server error",
-          message: error instanceof Error ? error.message : "Unknown error"
-        }),
+        JSON.stringify({ error: "Internal server error" }),
         { status: 500, headers: { "Content-Type": "application/json" } }
       );
     }
@@ -1306,10 +1822,13 @@ function createTypedWebhookHandler(collection, handler) {
 
 // src/utils/order/generateOrderNumber.ts
 var generateOrderNumber = () => {
+  var _a;
   const year = (/* @__PURE__ */ new Date()).getFullYear().toString().slice(-2);
   const month = ((/* @__PURE__ */ new Date()).getMonth() + 1).toString().padStart(2, "0");
   const day = (/* @__PURE__ */ new Date()).getDate().toString().padStart(2, "0");
-  const random = Math.floor(Math.random() * 1e6).toString().padStart(6, "0");
+  const array = new Uint32Array(1);
+  globalThis.crypto.getRandomValues(array);
+  const random = (((_a = array[0]) != null ? _a : 0) % 1e6).toString().padStart(6, "0");
   return `${year}${month}${day}${random}`;
 };