@01.software/sdk 0.1.5 → 0.1.6

package/dist/index.js

@@ -51,119 +51,8 @@ var __async = (__this, __arguments, generator) => {
   });
 };
 
-// src/core/collection/query-builder.ts
-var CollectionQueryBuilder = class {
-  constructor(api, collection) {
-    this.api = api;
-    this.collection = collection;
-  }
-  /**
-   * Find documents (list query)
-   * GET /api/{collection}
-   * @returns Payload CMS find response with docs array and pagination
-   */
-  find(options) {
-    return __async(this, null, function* () {
-      return this.api.requestFind(
-        `/api/${String(this.collection)}`,
-        options
-      );
-    });
-  }
-  /**
-   * Find document by ID
-   * GET /api/{collection}/{id}
-   * @returns Document object directly (no wrapper)
-   */
-  findById(id, options) {
-    return __async(this, null, function* () {
-      return this.api.requestFindById(
-        `/api/${String(this.collection)}/${String(id)}`,
-        options
-      );
-    });
-  }
-  /**
-   * Create a new document
-   * POST /api/{collection}
-   * @returns Payload CMS mutation response with doc and message
-   */
-  create(data) {
-    return __async(this, null, function* () {
-      return this.api.requestCreate(
-        `/api/${String(this.collection)}`,
-        data
-      );
-    });
-  }
-  /**
-   * Update a document by ID
-   * PATCH /api/{collection}/{id}
-   * @returns Payload CMS mutation response with doc and message
-   */
-  update(id, data) {
-    return __async(this, null, function* () {
-      return this.api.requestUpdate(
-        `/api/${String(this.collection)}/${String(id)}`,
-        data
-      );
-    });
-  }
-  /**
-   * Count documents
-   * GET /api/{collection}/count
-   * @returns Count response with totalDocs
-   */
-  count(options) {
-    return __async(this, null, function* () {
-      return this.api.requestCount(
-        `/api/${String(this.collection)}/count`,
-        options
-      );
-    });
-  }
-  /**
-   * Update multiple documents (bulk update)
-   * PATCH /api/{collection}
-   * @returns Payload CMS find response with updated docs
-   */
-  updateMany(where, data) {
-    return __async(this, null, function* () {
-      return this.api.requestUpdateMany(
-        `/api/${String(this.collection)}`,
-        { where, data }
-      );
-    });
-  }
-  /**
-   * Delete a document by ID
-   * DELETE /api/{collection}/{id}
-   * @returns Deleted document object directly (no wrapper)
-   */
-  remove(id) {
-    return __async(this, null, function* () {
-      return this.api.requestDelete(
-        `/api/${String(this.collection)}/${String(id)}`
-      );
-    });
-  }
-  /**
-   * Delete multiple documents (bulk delete)
-   * DELETE /api/{collection}
-   * @returns Payload CMS find response with deleted docs
-   */
-  removeMany(where) {
-    return __async(this, null, function* () {
-      return this.api.requestDeleteMany(
-        `/api/${String(this.collection)}`,
-        { where }
-      );
-    });
-  }
-};
-
-// src/core/collection/http-client.ts
-import { stringify } from "qs-esm";
+// src/core/internal/utils/index.ts
+import { SignJWT, jwtVerify, decodeJwt } from "jose";
 
 // src/core/internal/errors/index.ts
 var SDKError = class _SDKError extends Error {
@@ -264,112 +153,6 @@ var createConfigError = (message, details, userMessage, suggestion) => new Confi
 var createTimeoutError = (message, details, userMessage, suggestion) => new TimeoutError(message, details, userMessage, suggestion);
 var createUsageLimitError = (message, usage, details, userMessage, suggestion) => new UsageLimitError(message, usage, details, userMessage, suggestion);
 
-// src/core/collection/http-client.ts
-var HttpClient = class {
-  constructor(clientKey, secretKey, baseUrl) {
-    if (!clientKey) {
-      throw createValidationError("clientKey is required.");
-    }
-    this.clientKey = clientKey;
-    this.secretKey = secretKey;
-    this.baseUrl = baseUrl;
-    this.defaultOptions = { clientKey, secretKey, baseUrl };
-  }
-  buildUrl(endpoint, options) {
-    if (!options) return endpoint;
-    const queryString = stringify(options, { addQueryPrefix: true });
-    return queryString ? `${endpoint}${queryString}` : endpoint;
-  }
-  assertJsonResponse(response) {
-    const contentType = response.headers.get("content-type");
-    if (!(contentType == null ? void 0 : contentType.includes("application/json"))) {
-      throw createApiError("Response is not in JSON format.", response.status, { contentType });
-    }
-  }
-  /**
-   * Parse Payload CMS find response (list query)
-   * Returns native Payload response structure
-   */
-  parseFindResponse(response) {
-    return __async(this, null, function* () {
-      var _a, _b;
-      const contentType = response.headers.get("content-type");
-      try {
-        this.assertJsonResponse(response);
-        const jsonData = yield response.json();
-        if (jsonData.docs === void 0) {
-          throw createApiError("Invalid find response.", response.status, { jsonData });
-        }
-        return {
-          docs: jsonData.docs,
-          totalDocs: jsonData.totalDocs || 0,
-          limit: jsonData.limit || 20,
-          totalPages: jsonData.totalPages || 0,
-          page: jsonData.page || 1,
-          pagingCounter: jsonData.pagingCounter || 1,
-          hasPrevPage: jsonData.hasPrevPage || false,
-          hasNextPage: jsonData.hasNextPage || false,
-          prevPage: (_a = jsonData.prevPage) != null ? _a : null,
-          nextPage: (_b = jsonData.nextPage) != null ? _b : null
-        };
-      } catch (error) {
-        throw createApiError("Failed to parse response.", response.status, {
-          contentType,
-          error: error instanceof Error ? error.message : error
-        });
-      }
-    });
-  }
-  /**
-   * Parse Payload CMS mutation response (create/update)
-   * Returns native Payload response structure
-   */
-  parseMutationResponse(response) {
-    return __async(this, null, function* () {
-      const contentType = response.headers.get("content-type");
-      try {
-        this.assertJsonResponse(response);
-        const jsonData = yield response.json();
-        if (jsonData.doc === void 0) {
-          throw createApiError("Invalid mutation response.", response.status, { jsonData });
-        }
-        return {
-          message: jsonData.message || "",
-          doc: jsonData.doc,
-          errors: jsonData.errors
-        };
-      } catch (error) {
-        throw createApiError("Failed to parse response.", response.status, {
-          contentType,
-          error: error instanceof Error ? error.message : error
-        });
-      }
-    });
-  }
-  /**
-   * Parse Payload CMS document response (findById/delete)
-   * Returns document directly without wrapper
-   */
-  parseDocumentResponse(response) {
-    return __async(this, null, function* () {
-      const contentType = response.headers.get("content-type");
-      try {
-        this.assertJsonResponse(response);
-        const jsonData = yield response.json();
-        return jsonData;
-      } catch (error) {
-        throw createApiError("Failed to parse response.", response.status, {
-          contentType,
-          error: error instanceof Error ? error.message : error
-        });
-      }
-    });
-  }
-};
-
-// src/core/internal/utils/index.ts
-import { SignJWT, jwtVerify, decodeJwt } from "jose";
-
 // src/core/client/types.ts
 var API_URLS = {
   local: "http://localhost:3000",
@@ -395,6 +178,7 @@ function resolveApiUrl(config) {
 var DEFAULT_TIMEOUT = 3e4;
 var DEFAULT_RETRYABLE_STATUSES = [408, 429, 500, 502, 503, 504];
 var NON_RETRYABLE_STATUSES = [401, 403, 404, 422];
+var SAFE_METHODS = ["GET", "HEAD", "OPTIONS"];
 function createServerToken(clientKey, secretKey, expiresIn = "1h") {
   return __async(this, null, function* () {
     if (!clientKey || !secretKey) {
@@ -498,6 +282,7 @@ function _fetch(url, options) {
     const _a = options || {}, {
       clientKey,
       secretKey,
+      customerToken,
       timeout = DEFAULT_TIMEOUT,
       baseUrl = API_URLS.production,
       debug,
@@ -505,6 +290,7 @@ function _fetch(url, options) {
     } = _a, requestInit = __objRest(_a, [
       "clientKey",
       "secretKey",
+      "customerToken",
       "timeout",
       "baseUrl",
       "debug",
@@ -518,6 +304,8 @@ function _fetch(url, options) {
     let authToken;
     if (secretKey && clientKey) {
       authToken = yield createServerToken(clientKey, secretKey);
+    } else if (customerToken) {
+      authToken = customerToken;
     }
     let lastError;
     for (let attempt = 0; attempt <= retryConfig.maxRetries; attempt++) {
@@ -532,9 +320,14 @@ function _fetch(url, options) {
         if (!headers.has("Content-Type") && requestInit.body) {
           headers.set("Content-Type", "application/json");
         }
+        const redactedHeaders = Object.fromEntries(headers.entries());
+        if (redactedHeaders["authorization"]) {
+          const token = redactedHeaders["authorization"];
+          redactedHeaders["authorization"] = token.length > 15 ? `${token.slice(0, 15)}...****` : "****";
+        }
         debugLog(debug, "request", url, {
           method: requestInit.method || "GET",
-          headers: Object.fromEntries(headers.entries()),
+          headers: redactedHeaders,
           attempt: attempt + 1
         });
         const controller = new AbortController();
@@ -578,7 +371,8 @@ function _fetch(url, options) {
             `Request failed (status: ${response.status})`,
             getErrorSuggestion(response.status)
           );
-          if (attempt < retryConfig.maxRetries && retryConfig.retryableStatuses.includes(response.status)) {
+          const method = (requestInit.method || "GET").toUpperCase();
+          if (attempt < retryConfig.maxRetries && SAFE_METHODS.includes(method) && retryConfig.retryableStatuses.includes(response.status)) {
             lastError = error;
             const retryDelay = retryConfig.retryDelay(attempt);
             debugLog(debug, "error", `Retrying in ${retryDelay}ms...`, error);
@@ -590,6 +384,8 @@ function _fetch(url, options) {
         return response;
       } catch (error) {
         debugLog(debug, "error", url, error);
+        const method = (requestInit.method || "GET").toUpperCase();
+        const isSafe = SAFE_METHODS.includes(method);
         if (error instanceof Error && error.name === "AbortError") {
           const timeoutError = createTimeoutError(
             `Request timed out after ${timeout}ms.`,
@@ -597,7 +393,7 @@ function _fetch(url, options) {
             "The request timed out.",
             "Please check your network connection or try again later."
           );
-          if (attempt < retryConfig.maxRetries) {
+          if (isSafe && attempt < retryConfig.maxRetries) {
             lastError = timeoutError;
             yield delay(retryConfig.retryDelay(attempt));
             continue;
@@ -612,7 +408,7 @@ function _fetch(url, options) {
             "Network connection failed.",
             "Please check your internet connection and try again."
           );
-          if (attempt < retryConfig.maxRetries) {
+          if (isSafe && attempt < retryConfig.maxRetries) {
             lastError = networkError;
             yield delay(retryConfig.retryDelay(attempt));
             continue;
@@ -620,7 +416,7 @@ function _fetch(url, options) {
           throw networkError;
         }
         if (error instanceof NetworkError || error instanceof TimeoutError) {
-          if (attempt < retryConfig.maxRetries && error.status && !NON_RETRYABLE_STATUSES.includes(error.status) && retryConfig.retryableStatuses.includes(error.status)) {
+          if (isSafe && attempt < retryConfig.maxRetries && error.status && !NON_RETRYABLE_STATUSES.includes(error.status) && retryConfig.retryableStatuses.includes(error.status)) {
             lastError = error;
             yield delay(retryConfig.retryDelay(attempt));
             continue;
@@ -634,7 +430,7 @@ function _fetch(url, options) {
           "An unknown error occurred.",
           "Please try again later."
         );
-        if (attempt < retryConfig.maxRetries) {
+        if (isSafe && attempt < retryConfig.maxRetries) {
           lastError = unknownError;
           yield delay(retryConfig.retryDelay(attempt));
           continue;
@@ -642,14 +438,427 @@ function _fetch(url, options) {
         throw unknownError;
       }
     }
-    throw lastError;
+    throw lastError != null ? lastError : new NetworkError("Request failed after retries");
   });
 }
 
+// src/core/api/order-api.ts
+var OrderApi = class {
+  constructor(options) {
+    if (!options.clientKey) {
+      throw createConfigError("clientKey is required for OrderApi.");
+    }
+    if (!options.secretKey) {
+      throw createConfigError("secretKey is required for OrderApi.");
+    }
+    this.clientKey = options.clientKey;
+    this.secretKey = options.secretKey;
+    this.baseUrl = options.baseUrl;
+  }
+  request(endpoint, body) {
+    return __async(this, null, function* () {
+      const response = yield _fetch(endpoint, {
+        method: "POST",
+        clientKey: this.clientKey,
+        secretKey: this.secretKey,
+        baseUrl: this.baseUrl,
+        body: JSON.stringify(body)
+      });
+      let data;
+      try {
+        data = yield response.json();
+      } catch (e) {
+        throw createApiError(
+          `Invalid JSON response from ${endpoint}`,
+          response.status,
+          void 0,
+          "Server returned an invalid response.",
+          "Check if the API endpoint is available."
+        );
+      }
+      if (data.error) {
+        const errorMessage = typeof data.error === "string" ? data.error : "Unknown API error";
+        throw createApiError(
+          errorMessage,
+          response.status,
+          data,
+          errorMessage,
+          "An error occurred while processing the request."
+        );
+      }
+      return data;
+    });
+  }
+  createOrder(params) {
+    return this.request("/api/orders/create", params);
+  }
+  updateOrder(params) {
+    return this.request("/api/orders/update", params);
+  }
+  getOrder(params) {
+    return this.request("/api/orders/get", params);
+  }
+  updateTransaction(params) {
+    return this.request("/api/transactions/update", params);
+  }
+  checkout(params) {
+    return this.request("/api/orders/checkout", params);
+  }
+  createFulfillment(params) {
+    return this.request("/api/orders/create-fulfillment", params);
+  }
+  returnWithRefund(params) {
+    return this.request("/api/returns/return-refund", params);
+  }
+  createReturn(params) {
+    return this.request("/api/returns/create", params);
+  }
+  updateReturn(params) {
+    return this.request("/api/returns/update", params);
+  }
+};
+
+// src/core/api/cart-api.ts
+var CartApi = class {
+  constructor(options) {
+    if (!options.clientKey) {
+      throw createConfigError("clientKey is required for CartApi.");
+    }
+    if (!options.secretKey && !options.customerToken) {
+      throw createConfigError("Either secretKey or customerToken is required for CartApi.");
+    }
+    this.clientKey = options.clientKey;
+    this.secretKey = options.secretKey;
+    this.customerToken = options.customerToken;
+    this.baseUrl = options.baseUrl;
+  }
+  request(endpoint, body) {
+    return __async(this, null, function* () {
+      const token = typeof this.customerToken === "function" ? this.customerToken() : this.customerToken;
+      const response = yield _fetch(endpoint, {
+        method: "POST",
+        clientKey: this.clientKey,
+        secretKey: this.secretKey,
+        customerToken: token != null ? token : void 0,
+        baseUrl: this.baseUrl,
+        body: JSON.stringify(body)
+      });
+      let data;
+      try {
+        data = yield response.json();
+      } catch (e) {
+        throw createApiError(
+          `Invalid JSON response from ${endpoint}`,
+          response.status,
+          void 0,
+          "Server returned an invalid response.",
+          "Check if the API endpoint is available."
+        );
+      }
+      if (data.error) {
+        const errorMessage = typeof data.error === "string" ? data.error : "Unknown API error";
+        throw createApiError(
+          errorMessage,
+          response.status,
+          data,
+          errorMessage,
+          "An error occurred while processing the request."
+        );
+      }
+      return data;
+    });
+  }
+  addItem(params) {
+    return this.request("/api/carts/add-item", params);
+  }
+  updateItem(params) {
+    return this.request("/api/carts/update-item", params);
+  }
+  removeItem(params) {
+    return this.request("/api/carts/remove-item", params);
+  }
+};
+
+// src/core/api/product-api.ts
+var ProductApi = class {
+  constructor(options) {
+    if (!options.clientKey) {
+      throw createConfigError("clientKey is required for ProductApi.");
+    }
+    if (!options.secretKey) {
+      throw createConfigError("secretKey is required for ProductApi.");
+    }
+    this.clientKey = options.clientKey;
+    this.secretKey = options.secretKey;
+    this.baseUrl = options.baseUrl;
+  }
+  request(endpoint, body) {
+    return __async(this, null, function* () {
+      const response = yield _fetch(endpoint, {
+        method: "POST",
+        clientKey: this.clientKey,
+        secretKey: this.secretKey,
+        baseUrl: this.baseUrl,
+        body: JSON.stringify(body)
+      });
+      let data;
+      try {
+        data = yield response.json();
+      } catch (e) {
+        throw createApiError(
+          `Invalid JSON response from ${endpoint}`,
+          response.status,
+          void 0,
+          "Server returned an invalid response.",
+          "Check if the API endpoint is available."
+        );
+      }
+      if (data.error) {
+        const errorMessage = typeof data.error === "string" ? data.error : "Unknown API error";
+        throw createApiError(
+          errorMessage,
+          response.status,
+          data,
+          errorMessage,
+          "An error occurred while processing the request."
+        );
+      }
+      return data;
+    });
+  }
+  stockCheck(params) {
+    return this.request("/api/products/stock-check", params);
+  }
+};
+
+// src/core/collection/query-builder.ts
+var CollectionQueryBuilder = class {
+  constructor(api, collection) {
+    this.api = api;
+    this.collection = collection;
+  }
+  /**
+   * Find documents (list query)
+   * GET /api/{collection}
+   * @returns Payload CMS find response with docs array and pagination
+   */
+  find(options) {
+    return __async(this, null, function* () {
+      return this.api.requestFind(
+        `/api/${String(this.collection)}`,
+        options
+      );
+    });
+  }
+  /**
+   * Find document by ID
+   * GET /api/{collection}/{id}
+   * @returns Document object directly (no wrapper)
+   */
+  findById(id, options) {
+    return __async(this, null, function* () {
+      return this.api.requestFindById(
+        `/api/${String(this.collection)}/${String(id)}`,
+        options
+      );
+    });
+  }
+  /**
+   * Create a new document
+   * POST /api/{collection}
+   * @returns Payload CMS mutation response with doc and message
+   */
+  create(data) {
+    return __async(this, null, function* () {
+      return this.api.requestCreate(
+        `/api/${String(this.collection)}`,
+        data
+      );
+    });
+  }
+  /**
+   * Update a document by ID
+   * PATCH /api/{collection}/{id}
+   * @returns Payload CMS mutation response with doc and message
+   */
+  update(id, data) {
+    return __async(this, null, function* () {
+      return this.api.requestUpdate(
+        `/api/${String(this.collection)}/${String(id)}`,
+        data
+      );
+    });
+  }
+  /**
+   * Count documents
+   * GET /api/{collection}/count
+   * @returns Count response with totalDocs
+   */
+  count(options) {
+    return __async(this, null, function* () {
+      return this.api.requestCount(
+        `/api/${String(this.collection)}/count`,
+        options
+      );
+    });
+  }
+  /**
+   * Update multiple documents (bulk update)
+   * PATCH /api/{collection}
+   * @returns Payload CMS find response with updated docs
+   */
+  updateMany(where, data) {
+    return __async(this, null, function* () {
+      return this.api.requestUpdateMany(
+        `/api/${String(this.collection)}`,
+        { where, data }
+      );
+    });
+  }
+  /**
+   * Delete a document by ID
+   * DELETE /api/{collection}/{id}
+   * @returns Deleted document object directly (no wrapper)
+   */
+  remove(id) {
+    return __async(this, null, function* () {
+      return this.api.requestDelete(
+        `/api/${String(this.collection)}/${String(id)}`
+      );
+    });
+  }
+  /**
+   * Delete multiple documents (bulk delete)
+   * DELETE /api/{collection}
+   * @returns Payload CMS find response with deleted docs
+   */
+  removeMany(where) {
+    return __async(this, null, function* () {
+      return this.api.requestDeleteMany(
+        `/api/${String(this.collection)}`,
+        { where }
+      );
+    });
+  }
+};
+
+// src/core/collection/http-client.ts
+import { stringify } from "qs-esm";
+var HttpClient = class {
+  constructor(clientKey, secretKey, baseUrl, getCustomerToken) {
+    if (!clientKey) {
+      throw createValidationError("clientKey is required.");
+    }
+    this.clientKey = clientKey;
+    this.secretKey = secretKey;
+    this.baseUrl = baseUrl;
+    this.getCustomerToken = getCustomerToken;
+  }
+  get defaultOptions() {
+    var _a;
+    const opts = { clientKey: this.clientKey, secretKey: this.secretKey, baseUrl: this.baseUrl };
+    const token = (_a = this.getCustomerToken) == null ? void 0 : _a.call(this);
+    if (token) {
+      opts.customerToken = token;
+    }
+    return opts;
+  }
+  buildUrl(endpoint, options) {
+    if (!options) return endpoint;
+    const queryString = stringify(options, { addQueryPrefix: true });
+    return queryString ? `${endpoint}${queryString}` : endpoint;
+  }
+  assertJsonResponse(response) {
+    const contentType = response.headers.get("content-type");
+    if (!(contentType == null ? void 0 : contentType.includes("application/json"))) {
+      throw createApiError("Response is not in JSON format.", response.status, { contentType });
+    }
+  }
+  /**
+   * Parse Payload CMS find response (list query)
+   * Returns native Payload response structure
+   */
+  parseFindResponse(response) {
+    return __async(this, null, function* () {
+      var _a, _b;
+      const contentType = response.headers.get("content-type");
+      try {
+        this.assertJsonResponse(response);
+        const jsonData = yield response.json();
+        if (jsonData.docs === void 0) {
+          throw createApiError("Invalid find response.", response.status, { jsonData });
+        }
+        return {
+          docs: jsonData.docs,
+          totalDocs: jsonData.totalDocs || 0,
+          limit: jsonData.limit || 20,
+          totalPages: jsonData.totalPages || 0,
+          page: jsonData.page || 1,
+          pagingCounter: jsonData.pagingCounter || 1,
+          hasPrevPage: jsonData.hasPrevPage || false,
+          hasNextPage: jsonData.hasNextPage || false,
+          prevPage: (_a = jsonData.prevPage) != null ? _a : null,
+          nextPage: (_b = jsonData.nextPage) != null ? _b : null
+        };
+      } catch (error) {
+        throw createApiError("Failed to parse response.", response.status, {
+          contentType,
+          error: error instanceof Error ? error.message : error
+        });
+      }
+    });
+  }
+  /**
+   * Parse Payload CMS mutation response (create/update)
+   * Returns native Payload response structure
+   */
+  parseMutationResponse(response) {
+    return __async(this, null, function* () {
+      const contentType = response.headers.get("content-type");
+      try {
+        this.assertJsonResponse(response);
+        const jsonData = yield response.json();
+        if (jsonData.doc === void 0) {
+          throw createApiError("Invalid mutation response.", response.status, { jsonData });
+        }
+        return {
+          message: jsonData.message || "",
+          doc: jsonData.doc,
+          errors: jsonData.errors
+        };
+      } catch (error) {
+        throw createApiError("Failed to parse response.", response.status, {
+          contentType,
+          error: error instanceof Error ? error.message : error
+        });
+      }
+    });
+  }
+  /**
+   * Parse Payload CMS document response (findById/delete)
+   * Returns document directly without wrapper
+   */
+  parseDocumentResponse(response) {
+    return __async(this, null, function* () {
+      const contentType = response.headers.get("content-type");
+      try {
+        this.assertJsonResponse(response);
+        const jsonData = yield response.json();
+        return jsonData;
+      } catch (error) {
+        throw createApiError("Failed to parse response.", response.status, {
+          contentType,
+          error: error instanceof Error ? error.message : error
+        });
+      }
+    });
+  }
+};
+
 // src/core/collection/collection-client.ts
 var CollectionClient = class extends HttpClient {
-  constructor(clientKey, secretKey, baseUrl) {
-    super(clientKey, secretKey, baseUrl);
+  constructor(clientKey, secretKey, baseUrl, getCustomerToken) {
+    super(clientKey, secretKey, baseUrl, getCustomerToken);
   }
   from(collection) {
     return new CollectionQueryBuilder(this, collection);
@@ -774,7 +983,17 @@ var COLLECTIONS = [
   "order-products",
   "returns",
   "return-products",
+  "exchanges",
+  "exchange-products",
+  "fulfillments",
+  "fulfillment-items",
   "transactions",
+  "customers",
+  "customer-addresses",
+  "carts",
+  "cart-items",
+  "discounts",
+  "shipping-policies",
   "documents",
   "document-categories",
   "document-images",
@@ -792,12 +1011,205 @@ var COLLECTIONS = [
   "media"
 ];
 
+// src/core/customer/customer-auth.ts
+var DEFAULT_TIMEOUT2 = 15e3;
+var CustomerAuth = class {
+  constructor(clientKey, baseUrl, options) {
+    var _a;
+    this.clientKey = clientKey;
+    this.baseUrl = baseUrl;
+    this.token = (_a = options == null ? void 0 : options.token) != null ? _a : null;
+    this.onTokenChange = options == null ? void 0 : options.onTokenChange;
+  }
+  /**
+   * Register a new customer account
+   */
+  register(data) {
+    return __async(this, null, function* () {
+      return this.requestJson("/api/customers/register", {
+        method: "POST",
+        body: JSON.stringify(data)
+      });
+    });
+  }
+  /**
+   * Login with email and password. Stores the token internally.
+   */
+  login(data) {
+    return __async(this, null, function* () {
+      const result = yield this.requestJson("/api/customers/login", {
+        method: "POST",
+        body: JSON.stringify(data)
+      });
+      this.setToken(result.token);
+      return result;
+    });
+  }
+  /**
+   * Refresh the current token. Requires a valid (non-expired) token.
+   */
+  refreshToken() {
+    return __async(this, null, function* () {
+      if (!this.token) throw new ApiError("Not authenticated", 401);
+      const result = yield this.requestJson("/api/customers/refresh", {
+        method: "POST",
+        headers: { Authorization: `Bearer ${this.token}` }
+      });
+      this.setToken(result.token);
+      return result;
+    });
+  }
+  /**
+   * Clear the stored token
+   */
+  logout() {
+    this.setToken(null);
+  }
+  /**
+   * Get the current authenticated customer's profile
+   */
+  me() {
+    return __async(this, null, function* () {
+      var _a;
+      if (!this.token) return null;
+      try {
+        const data = yield this.requestJson("/api/customers/me", {
+          method: "GET",
+          headers: { Authorization: `Bearer ${this.token}` }
+        });
+        return (_a = data.customer) != null ? _a : null;
+      } catch (error) {
+        if (error instanceof ApiError && error.status === 401) {
+          this.setToken(null);
+          return null;
+        }
+        throw error;
+      }
+    });
+  }
+  /**
+   * Request a password reset email
+   */
+  forgotPassword(email) {
+    return __async(this, null, function* () {
+      yield this.requestJson("/api/customers/forgot-password", {
+        method: "POST",
+        body: JSON.stringify({ email })
+      });
+    });
+  }
+  /**
+   * Reset password using a token from the reset email
+   */
+  resetPassword(token, password) {
+    return __async(this, null, function* () {
+      yield this.requestJson("/api/customers/reset-password", {
+        method: "POST",
+        body: JSON.stringify({ token, password })
+      });
+    });
+  }
+  /**
+   * Change the password of the currently authenticated customer
+   */
+  changePassword(currentPassword, newPassword) {
+    return __async(this, null, function* () {
+      if (!this.token) throw new ApiError("Not authenticated", 401);
+      yield this.requestJson("/api/customers/change-password", {
+        method: "POST",
+        headers: { Authorization: `Bearer ${this.token}` },
+        body: JSON.stringify({ currentPassword, newPassword })
+      });
+    });
+  }
+  /**
+   * Verify email using the verification token
+   */
+  verifyEmail(token) {
+    return __async(this, null, function* () {
+      yield this.requestJson("/api/customers/verify-email", {
+        method: "POST",
+        body: JSON.stringify({ token })
+      });
+    });
+  }
+  /**
+   * Get the current token (or null if not authenticated)
+   */
+  getToken() {
+    return this.token;
+  }
+  /**
+   * Set the token manually (e.g. from SSR)
+   */
+  setToken(token) {
+    var _a;
+    this.token = token;
+    (_a = this.onTokenChange) == null ? void 0 : _a.call(this, token);
+  }
+  /**
+   * Check if the customer is currently authenticated
+   */
+  isAuthenticated() {
+    return this.token !== null;
+  }
+  /**
+   * Internal: make a request with timeout and error handling.
+   * Auth endpoints don't retry — failures are final.
+   */
+  requestJson(path, init) {
+    return __async(this, null, function* () {
+      const headers = new Headers(init.headers);
+      headers.set("X-Client-Key", this.clientKey);
+      if (!headers.has("Content-Type") && init.body) {
+        headers.set("Content-Type", "application/json");
+      }
+      const controller = new AbortController();
+      const timeoutId = setTimeout(() => controller.abort(), DEFAULT_TIMEOUT2);
+      let res;
+      try {
+        res = yield fetch(`${this.baseUrl}${path}`, __spreadProps(__spreadValues({}, init), {
+          headers,
+          signal: controller.signal
+        }));
+      } catch (error) {
+        clearTimeout(timeoutId);
+        if (error instanceof Error && error.name === "AbortError") {
+          throw new TimeoutError(
+            `Request timed out after ${DEFAULT_TIMEOUT2}ms`,
+            { url: path, timeout: DEFAULT_TIMEOUT2 }
+          );
+        }
+        throw new NetworkError(
+          error instanceof Error ? error.message : "Network request failed",
+          void 0,
+          { url: path },
+          "Network connection failed.",
+          "Please check your internet connection and try again."
+        );
+      }
+      clearTimeout(timeoutId);
+      if (!res.ok) {
+        const body = yield res.json().catch(() => ({}));
+        throw new ApiError(
+          body.error || `HTTP ${res.status}`,
+          res.status,
+          body.details,
+          body.error
+        );
+      }
+      return res.json();
+    });
+  }
+};
+
 // src/core/query/get-query-client.ts
 import { isServer, QueryClient, defaultShouldDehydrateQuery } from "@tanstack/react-query";
 function makeQueryClient() {
   return new QueryClient({
     defaultOptions: {
       queries: {
+        // SSR/RSC: server-fetched data doesn't auto-refetch; use refetch()/invalidate() to refresh
         staleTime: Number.POSITIVE_INFINITY,
         refetchOnWindowFocus: false
       },
@@ -838,11 +1250,24 @@ function collectionKeys(collection) {
     infinite: (options) => [collection, "infinite", options]
   };
 }
+var customerKeys = {
+  all: ["customer"],
+  me: () => ["customer", "me"]
+};
 var DEFAULT_PAGE_SIZE = 20;
 var QueryHooks = class {
-  constructor(queryClient, collectionClient) {
+  constructor(queryClient, collectionClient, customerAuth) {
     this.queryClient = queryClient;
     this.collectionClient = collectionClient;
+    this.customerAuth = customerAuth;
+  }
+  ensureCustomerAuth() {
+    if (!this.customerAuth) {
+      throw createConfigError(
+        "Customer hooks require BrowserClient. Use createBrowserClient() instead of createServerClient()."
+      );
+    }
+    return this.customerAuth;
   }
   // ===== useQuery =====
   useQuery(params, options) {
@@ -1034,6 +1459,124 @@ var QueryHooks = class {
       );
     }
   }
+  // ===== Customer Query Hooks =====
+  useCustomerMe(options) {
+    var _a, _b;
+    return useQueryOriginal(__spreadProps(__spreadValues({
+      queryKey: customerKeys.me(),
+      queryFn: () => __async(this, null, function* () {
+        return yield this.ensureCustomerAuth().me();
+      })
+    }, options), {
+      enabled: ((_a = options == null ? void 0 : options.enabled) != null ? _a : true) && !!((_b = this.customerAuth) == null ? void 0 : _b.isAuthenticated())
+    }));
+  }
+  useCustomerLogin(options) {
+    return useMutationOriginal({
+      mutationFn: (data) => __async(this, null, function* () {
+        return yield this.ensureCustomerAuth().login(data);
+      }),
+      onSuccess: (data) => {
+        var _a;
+        this.queryClient.invalidateQueries({ queryKey: customerKeys.me() });
+        (_a = options == null ? void 0 : options.onSuccess) == null ? void 0 : _a.call(options, data);
+      },
+      onError: options == null ? void 0 : options.onError,
+      onSettled: options == null ? void 0 : options.onSettled
+    });
+  }
+  useCustomerRegister(options) {
+    return useMutationOriginal({
+      mutationFn: (data) => __async(this, null, function* () {
+        return yield this.ensureCustomerAuth().register(data);
+      }),
+      onSuccess: options == null ? void 0 : options.onSuccess,
+      onError: options == null ? void 0 : options.onError,
+      onSettled: options == null ? void 0 : options.onSettled
+    });
+  }
+  useCustomerLogout(options) {
+    return useMutationOriginal({
+      mutationFn: () => __async(this, null, function* () {
+        this.ensureCustomerAuth().logout();
+      }),
+      onSuccess: () => {
+        var _a;
+        this.queryClient.removeQueries({ queryKey: customerKeys.all });
+        (_a = options == null ? void 0 : options.onSuccess) == null ? void 0 : _a.call(options);
+      },
+      onError: options == null ? void 0 : options.onError,
+      onSettled: options == null ? void 0 : options.onSettled
+    });
+  }
+  useCustomerForgotPassword(options) {
+    return useMutationOriginal({
+      mutationFn: (email) => __async(this, null, function* () {
+        yield this.ensureCustomerAuth().forgotPassword(email);
+      }),
+      onSuccess: options == null ? void 0 : options.onSuccess,
+      onError: options == null ? void 0 : options.onError,
+      onSettled: options == null ? void 0 : options.onSettled
+    });
+  }
+  useCustomerResetPassword(options) {
+    return useMutationOriginal({
+      mutationFn: (data) => __async(this, null, function* () {
+        yield this.ensureCustomerAuth().resetPassword(data.token, data.password);
+      }),
+      onSuccess: options == null ? void 0 : options.onSuccess,
+      onError: options == null ? void 0 : options.onError,
+      onSettled: options == null ? void 0 : options.onSettled
+    });
+  }
+  useCustomerVerifyEmail(options) {
+    return useMutationOriginal({
+      mutationFn: (token) => __async(this, null, function* () {
+        yield this.ensureCustomerAuth().verifyEmail(token);
+      }),
+      onSuccess: () => {
+        var _a;
+        this.queryClient.invalidateQueries({ queryKey: customerKeys.me() });
+        (_a = options == null ? void 0 : options.onSuccess) == null ? void 0 : _a.call(options);
+      },
+      onError: options == null ? void 0 : options.onError,
+      onSettled: options == null ? void 0 : options.onSettled
+    });
+  }
+  useCustomerRefreshToken(options) {
+    return useMutationOriginal({
+      mutationFn: () => __async(this, null, function* () {
+        return yield this.ensureCustomerAuth().refreshToken();
+      }),
+      onSuccess: (data) => {
+        var _a;
+        this.queryClient.invalidateQueries({ queryKey: customerKeys.me() });
+        (_a = options == null ? void 0 : options.onSuccess) == null ? void 0 : _a.call(options, data);
+      },
+      onError: options == null ? void 0 : options.onError,
+      onSettled: options == null ? void 0 : options.onSettled
+    });
+  }
+  useCustomerChangePassword(options) {
+    return useMutationOriginal({
+      mutationFn: (data) => __async(this, null, function* () {
+        yield this.ensureCustomerAuth().changePassword(data.currentPassword, data.newPassword);
+      }),
+      onSuccess: options == null ? void 0 : options.onSuccess,
+      onError: options == null ? void 0 : options.onError,
+      onSettled: options == null ? void 0 : options.onSettled
+    });
+  }
+  // ===== Customer Cache Utilities =====
+  invalidateCustomerQueries() {
+    return this.queryClient.invalidateQueries({ queryKey: customerKeys.all });
+  }
+  getCustomerData() {
+    return this.queryClient.getQueryData(customerKeys.me());
+  }
+  setCustomerData(data) {
+    this.queryClient.setQueryData(customerKeys.me(), data);
+  }
 };
 
 // src/core/client/client.ts
@@ -1051,8 +1594,19 @@ var BrowserClient = class {
     };
     this.state = { metadata };
     this.queryClient = getQueryClient();
-    this.collections = new CollectionClient(this.config.clientKey, void 0, this.baseUrl);
-    this.query = new QueryHooks(this.queryClient, this.collections);
+    this.customer = new CustomerAuth(this.config.clientKey, this.baseUrl, options.customer);
+    this.cart = new CartApi({
+      clientKey: this.config.clientKey,
+      customerToken: () => this.customer.getToken(),
+      baseUrl: this.baseUrl
+    });
+    this.collections = new CollectionClient(
+      this.config.clientKey,
+      void 0,
+      this.baseUrl,
+      () => this.customer.getToken()
+    );
+    this.query = new QueryHooks(this.queryClient, this.collections, this.customer);
   }
   from(collection) {
     return this.collections.from(collection);
@@ -1065,68 +1619,14 @@ function createBrowserClient(options) {
   return new BrowserClient(options);
 }
 
-// src/core/api/order-api.ts
-var OrderApi = class {
-  constructor(options) {
-    if (!options.clientKey) {
-      throw createConfigError("clientKey is required for OrderApi.");
-    }
-    if (!options.secretKey) {
-      throw createConfigError("secretKey is required for OrderApi.");
-    }
-    this.clientKey = options.clientKey;
-    this.secretKey = options.secretKey;
-    this.baseUrl = options.baseUrl;
-  }
-  request(endpoint, body) {
-    return __async(this, null, function* () {
-      const response = yield _fetch(endpoint, {
-        method: "POST",
-        clientKey: this.clientKey,
-        secretKey: this.secretKey,
-        baseUrl: this.baseUrl,
-        body: JSON.stringify(body)
-      });
-      let data;
-      try {
-        data = yield response.json();
-      } catch (e) {
-        throw createApiError(
-          `Invalid JSON response from ${endpoint}`,
-          response.status,
-          void 0,
-          "Server returned an invalid response.",
-          "Check if the API endpoint is available."
-        );
-      }
-      if (data.error) {
-        const errorMessage = typeof data.error === "string" ? data.error : "Unknown API error";
-        throw createApiError(
-          errorMessage,
-          response.status,
-          data,
-          errorMessage,
-          "An error occurred while processing the request."
-        );
-      }
-      return data;
-    });
-  }
-  createOrder(params) {
-    return this.request("/api/orders/create", params);
-  }
-  updateOrder(params) {
-    return this.request("/api/orders/update", params);
-  }
-  updateTransaction(params) {
-    return this.request("/api/transactions/update", params);
-  }
-};
-
 // src/core/client/client.server.ts
 var ServerClient = class {
   constructor(options) {
-    var _a;
+    if (typeof window !== "undefined") {
+      throw createConfigError(
+        "ServerClient must not be used in a browser environment. This risks exposing your secretKey in client bundles. Use createBrowserClient() for browser code instead."
+      );
+    }
     if (!options.clientKey) {
       throw createConfigError("clientKey is required.");
     }
@@ -1137,7 +1637,7 @@ var ServerClient = class {
     this.baseUrl = resolveApiUrl(options);
     const metadata = {
       timestamp: Date.now(),
-      userAgent: typeof window !== "undefined" ? (_a = window.navigator) == null ? void 0 : _a.userAgent : "Node.js"
+      userAgent: "Node.js"
     };
     this.state = { metadata };
     this.api = new OrderApi({
@@ -1145,6 +1645,16 @@ var ServerClient = class {
       secretKey: this.config.secretKey,
       baseUrl: this.baseUrl
     });
+    this.cart = new CartApi({
+      clientKey: this.config.clientKey,
+      secretKey: this.config.secretKey,
+      baseUrl: this.baseUrl
+    });
+    this.product = new ProductApi({
+      clientKey: this.config.clientKey,
+      secretKey: this.config.secretKey,
+      baseUrl: this.baseUrl
+    });
     this.collections = new CollectionClient(
       this.config.clientKey,
       this.config.secretKey,
@@ -1198,6 +1708,11 @@ function handleWebhook(request, handler, options) {
   return __async(this, null, function* () {
     try {
       const rawBody = yield request.text();
+      if (!(options == null ? void 0 : options.secret)) {
+        console.warn(
+          "[@01.software/sdk] Webhook signature verification is skipped because no secret was provided. Pass { secret } to handleWebhook() to enable signature verification."
+        );
+      }
       if (options == null ? void 0 : options.secret) {
         const signature = request.headers.get("x-webhook-signature") || "";
         const valid = yield verifySignature(rawBody, options.secret, signature);
@@ -1223,10 +1738,7 @@ function handleWebhook(request, handler, options) {
     } catch (error) {
       console.error("Webhook processing error:", error);
       return new Response(
-        JSON.stringify({
-          error: "Internal server error",
-          message: error instanceof Error ? error.message : "Unknown error"
-        }),
+        JSON.stringify({ error: "Internal server error" }),
         { status: 500, headers: { "Content-Type": "application/json" } }
       );
     }
@@ -1243,10 +1755,13 @@ function createTypedWebhookHandler(collection, handler) {
 
 // src/utils/order/generateOrderNumber.ts
 var generateOrderNumber = () => {
+  var _a;
   const year = (/* @__PURE__ */ new Date()).getFullYear().toString().slice(-2);
   const month = ((/* @__PURE__ */ new Date()).getMonth() + 1).toString().padStart(2, "0");
   const day = (/* @__PURE__ */ new Date()).getDate().toString().padStart(2, "0");
-  const random = Math.floor(Math.random() * 1e6).toString().padStart(6, "0");
+  const array = new Uint32Array(1);
+  globalThis.crypto.getRandomValues(array);
+  const random = (((_a = array[0]) != null ? _a : 0) % 1e6).toString().padStart(6, "0");
   return `${year}${month}${day}${random}`;
 };
 
@@ -1295,11 +1810,14 @@ export {
   ApiError,
   BrowserClient,
   COLLECTIONS,
+  CartApi,
   CollectionClient,
   CollectionQueryBuilder,
   ConfigError,
+  CustomerAuth,
   NetworkError,
   OrderApi,
+  ProductApi,
   QueryHooks,
   RichTextContent,
   ServerClient,
@@ -1312,6 +1830,7 @@ export {
   createServerClient,
   createServerToken,
   createTypedWebhookHandler,
+  customerKeys,
   decodeServerToken,
   formatOrderName,
   generateOrderNumber,