@01.software/sdk 0.15.0 → 0.17.0

package/README.md

@@ -79,7 +79,7 @@ const { docs } = await client.collections.from('products').find({
 import { createServerClient } from '@01.software/sdk'
 
 const client = createServerClient({
-  publishableKey: process.env.NEXT_PUBLIC_SOFTWARE_PUBLISHABLE_KEY,
+  publishableKey: process.env.SOFTWARE_PUBLISHABLE_KEY,
   secretKey: process.env.SOFTWARE_SECRET_KEY, // sk01_... opaque API key from Console
 })
 
@@ -113,7 +113,7 @@ const client = createClient({
 const server = createServerClient({
   publishableKey: string,
   secretKey: string,      // sk01_... or pat01_...
-  tenantId: string,       // required when secretKey is pat01_
+  tenantId?: string,      // for PAT workflows, must match the pinned tenant when supplied
 })
 ```
 
@@ -121,6 +121,7 @@ const server = createServerClient({
 | ---------------- | -------- | ---------------------------- |
 | `publishableKey` | `string` | API publishable key          |
 | `secretKey`      | `string` | API secret key (server only) |
+| `tenantId`       | `string` | Optional generally; required when a PAT must disambiguate multi-tenant access. Must match the pinned tenant when supplied. |
 
 API URL은 환경변수로 오버라이드 가능합니다:
 
@@ -464,22 +465,25 @@ const handler = createTypedWebhookHandler('orders', async (event) => {
 
 ## Supported Collections
 
-| Category     | Collections                                                                                                                                     |
-| ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------- |
-| Tenant       | `tenants`, `tenant-metadata`, `tenant-logos`                                                                                                    |
-| Images       | `images` (unified), `brand-logos`                                                                                                               |
-| Products     | `products`, `product-variants`, `product-options`, `product-option-values`, `product-categories`, `product-tags`, `product-collections`, `brands`, `brand-logos` |
-| Orders       | `orders`, `order-items`, `returns`, `return-items`, `fulfillments`, `fulfillment-items`, `transactions`, `order-status-logs` |
-| Customers    | `customers`, `customer-addresses`, `customer-groups`                                                                                            |
-| Carts        | `carts`, `cart-items`                                                                                                                           |
-| Commerce     | `discounts`, `shipping-policies`                                                                                                                |
-| Content      | `posts`, `post-authors`, `post-categories`, `post-tags`, `documents`, `document-categories`, `document-types`                                  |
-| Playlists    | `playlists`, `playlist-categories`, `playlist-tags`, `tracks`, `track-categories`, `track-tags`                                               |
-| Galleries    | `galleries`, `gallery-items`, `gallery-categories`, `gallery-tags`                                                                              |
-| Canvas       | `canvases`, `canvas-node-types`, `canvas-edge-types`, `canvas-categories`, `canvas-tags`                                                        |
-| Videos       | `videos`, `video-categories`, `video-tags`                                                                                                      |
-| Live Streams | `live-streams`                                                                                                                                  |
-| Forms        | `forms`, `form-submissions`                                                                                                                     |
+Source of truth: `packages/sdk/src/core/collection/const.ts` (`COLLECTIONS`: 70).
+
+| Category | Collections |
+| --- | --- |
+| Tenant | `tenants`, `tenant-metadata`, `tenant-logos` |
+| Products | `products`, `product-variants`, `product-options`, `product-option-values`, `product-categories`, `product-tags`, `product-collections`, `brands`, `brand-logos` |
+| Orders | `orders`, `order-items`, `returns`, `return-items`, `fulfillments`, `fulfillment-items`, `transactions` |
+| Customers | `customers`, `customer-profiles`, `customer-addresses`, `customer-groups` |
+| Carts | `carts`, `cart-items` |
+| Commerce | `discounts`, `promotions`, `shipping-policies` |
+| Content | `documents`, `document-categories`, `document-types`, `posts`, `post-authors`, `post-categories`, `post-tags`, `links`, `link-categories`, `link-tags` |
+| Playlists / Tracks | `playlists`, `playlist-categories`, `playlist-tags`, `tracks`, `track-categories`, `track-tags` |
+| Galleries | `galleries`, `gallery-categories`, `gallery-tags`, `gallery-items` |
+| Canvas | `canvases`, `canvas-node-types`, `canvas-edge-types`, `canvas-categories`, `canvas-tags`, `canvas-nodes`, `canvas-edges` |
+| Videos | `videos`, `video-categories`, `video-tags` |
+| Live Streams | `live-streams` |
+| Media | `images` |
+| Forms | `forms`, `form-submissions` |
+| Community | `threads`, `comments`, `reactions`, `reaction-types`, `bookmarks`, `thread-categories`, `reports`, `community-bans` |
 
 ## Utilities
 
@@ -581,6 +585,7 @@ Error classes: `SDKError`, `ApiError`, `NetworkError`, `ValidationError`, `Confi
 
 ```bash
 NEXT_PUBLIC_SOFTWARE_PUBLISHABLE_KEY=your_publishable_key
+SOFTWARE_PUBLISHABLE_KEY=your_publishable_key
 SOFTWARE_SECRET_KEY=sk01_...  # Server only — opaque API key from Console
 ```
 
@@ -590,6 +595,22 @@ SOFTWARE_SECRET_KEY=sk01_...  # Server only — opaque API key from Console
 
 ## Migration Guide
 
+### v0.16.0 (Phase 1–7 sync — additive)
+
+New error codes propagated via `SDKError.code` (no breaking change; existing callers ignore unknown codes safely):
+
+| Code | Phase | Trigger |
+|---|---|---|
+| `account_suspended` | P1 | Suspended session / `sk01_` / `pat01_` / customer JWT — 401 |
+| `pat_tenant_header_forbidden` | P1 | `pat01_` request with a forbidden or mismatched `X-Tenant-Id` header — 401 |
+| `tenant_mismatch` | P3 | Cross-tenant FK rejection (forms / community / orders) |
+| `server_derived` | P3 | Body-driven write into a server-derived state field — 422 |
+| `scope_denied` | P5 | `pat01_` whose `ApiKeys.scopes` lacks the operation |
+
+P5 also adds JWT-`jti` revocation: `revokeCustomerJti(jti, ttl)` on the server invalidates a token immediately; subsequent SDK calls receive `401 { code: 'token_revoked' }`.
+
+`COLLECTIONS` and `INTERNAL_COLLECTIONS` are now both exported from `@01.software/sdk`. Use `INTERNAL_COLLECTIONS` to detect admin-only slugs in custom tooling.
+
 ### v0.8.0 (Breaking Changes)
 
 **Field renames** — update any code that reads these fields from API responses:

package/dist/const-D2K5HxpP.d.cts

@@ -0,0 +1,24 @@
+import { C as Config } from './payload-types-CMoyAOjJ.cjs';
+
+/**
+ * Collection type derived from Payload Config.
+ * This ensures type safety and automatic synchronization with payload-types.ts
+ */
+type Collection = keyof Config['collections'];
+/**
+ * Internal collections that should not be exposed via SDK.
+ * Includes Payload system collections and admin-only collections.
+ */
+declare const INTERNAL_COLLECTIONS: readonly ["users", "payload-kv", "payload-locked-documents", "payload-preferences", "payload-migrations", "field-configs", "system-media", "track-assets", "audiences", "email-logs", "tenant-auth-settings", "tenant-community-settings", "api-usage", "tenant-analytics-daily", "analytics-event-schemas", "subscriptions", "billing-history", "order-status-logs", "api-keys", "personal-access-tokens", "tenant-entitlements", "webhook-events", "webhook-deliveries", "audit-logs", "plans", "webhooks"];
+/**
+ * Array of all public collection names for runtime use (e.g., Zod enum validation).
+ * This is the single source of truth for which collections are publicly accessible via SDK.
+ */
+declare const COLLECTIONS: readonly ["tenants", "tenant-metadata", "tenant-logos", "products", "product-variants", "product-options", "product-option-values", "product-categories", "product-tags", "product-collections", "brands", "brand-logos", "orders", "order-items", "returns", "return-items", "fulfillments", "fulfillment-items", "transactions", "customers", "customer-profiles", "customer-addresses", "customer-groups", "carts", "cart-items", "discounts", "promotions", "shipping-policies", "documents", "document-categories", "document-types", "posts", "post-authors", "post-categories", "post-tags", "playlists", "playlist-categories", "playlist-tags", "tracks", "track-categories", "track-tags", "galleries", "gallery-categories", "gallery-tags", "gallery-items", "links", "link-categories", "link-tags", "canvases", "canvas-node-types", "canvas-edge-types", "canvas-categories", "canvas-tags", "canvas-nodes", "canvas-edges", "videos", "video-categories", "video-tags", "live-streams", "images", "forms", "form-submissions", "threads", "comments", "reactions", "reaction-types", "bookmarks", "thread-categories", "reports", "community-bans"];
+/**
+ * Public collections available for SDK access.
+ * Derived from the COLLECTIONS array (single source of truth).
+ */
+type PublicCollection = (typeof COLLECTIONS)[number];
+
+export { type Collection as C, INTERNAL_COLLECTIONS as I, type PublicCollection as P, COLLECTIONS as a };

package/dist/const-DG8TrouX.d.ts

@@ -0,0 +1,24 @@
+import { C as Config } from './payload-types-CMoyAOjJ.js';
+
+/**
+ * Collection type derived from Payload Config.
+ * This ensures type safety and automatic synchronization with payload-types.ts
+ */
+type Collection = keyof Config['collections'];
+/**
+ * Internal collections that should not be exposed via SDK.
+ * Includes Payload system collections and admin-only collections.
+ */
+declare const INTERNAL_COLLECTIONS: readonly ["users", "payload-kv", "payload-locked-documents", "payload-preferences", "payload-migrations", "field-configs", "system-media", "track-assets", "audiences", "email-logs", "tenant-auth-settings", "tenant-community-settings", "api-usage", "tenant-analytics-daily", "analytics-event-schemas", "subscriptions", "billing-history", "order-status-logs", "api-keys", "personal-access-tokens", "tenant-entitlements", "webhook-events", "webhook-deliveries", "audit-logs", "plans", "webhooks"];
+/**
+ * Array of all public collection names for runtime use (e.g., Zod enum validation).
+ * This is the single source of truth for which collections are publicly accessible via SDK.
+ */
+declare const COLLECTIONS: readonly ["tenants", "tenant-metadata", "tenant-logos", "products", "product-variants", "product-options", "product-option-values", "product-categories", "product-tags", "product-collections", "brands", "brand-logos", "orders", "order-items", "returns", "return-items", "fulfillments", "fulfillment-items", "transactions", "customers", "customer-profiles", "customer-addresses", "customer-groups", "carts", "cart-items", "discounts", "promotions", "shipping-policies", "documents", "document-categories", "document-types", "posts", "post-authors", "post-categories", "post-tags", "playlists", "playlist-categories", "playlist-tags", "tracks", "track-categories", "track-tags", "galleries", "gallery-categories", "gallery-tags", "gallery-items", "links", "link-categories", "link-tags", "canvases", "canvas-node-types", "canvas-edge-types", "canvas-categories", "canvas-tags", "canvas-nodes", "canvas-edges", "videos", "video-categories", "video-tags", "live-streams", "images", "forms", "form-submissions", "threads", "comments", "reactions", "reaction-types", "bookmarks", "thread-categories", "reports", "community-bans"];
+/**
+ * Public collections available for SDK access.
+ * Derived from the COLLECTIONS array (single source of truth).
+ */
+type PublicCollection = (typeof COLLECTIONS)[number];
+
+export { type Collection as C, INTERNAL_COLLECTIONS as I, type PublicCollection as P, COLLECTIONS as a };

package/dist/index.cjs

@@ -39,6 +39,7 @@ __export(src_exports, {
   DiscountApi: () => DiscountApi,
   GoneError: () => GoneError,
   IMAGE_SIZES: () => IMAGE_SIZES,
+  INTERNAL_COLLECTIONS: () => INTERNAL_COLLECTIONS,
   ModerationApi: () => ModerationApi,
   NetworkError: () => NetworkError,
   NotFoundError: () => NotFoundError,
@@ -1065,6 +1066,34 @@ var CollectionClient = class extends HttpClient {
 };
 
 // src/core/collection/const.ts
+var INTERNAL_COLLECTIONS = [
+  "users",
+  "payload-kv",
+  "payload-locked-documents",
+  "payload-preferences",
+  "payload-migrations",
+  "field-configs",
+  "system-media",
+  "track-assets",
+  "audiences",
+  "email-logs",
+  "tenant-auth-settings",
+  "tenant-community-settings",
+  "api-usage",
+  "tenant-analytics-daily",
+  "analytics-event-schemas",
+  "subscriptions",
+  "billing-history",
+  "order-status-logs",
+  "api-keys",
+  "personal-access-tokens",
+  "tenant-entitlements",
+  "webhook-events",
+  "webhook-deliveries",
+  "audit-logs",
+  "plans",
+  "webhooks"
+];
 var COLLECTIONS = [
   "tenants",
   "tenant-metadata",
@@ -1086,11 +1115,13 @@ var COLLECTIONS = [
   "fulfillment-items",
   "transactions",
   "customers",
+  "customer-profiles",
   "customer-addresses",
   "customer-groups",
   "carts",
   "cart-items",
   "discounts",
+  "promotions",
   "shipping-policies",
   "documents",
   "document-categories",
@@ -1117,6 +1148,8 @@ var COLLECTIONS = [
   "canvas-edge-types",
   "canvas-categories",
   "canvas-tags",
+  "canvas-nodes",
+  "canvas-edges",
   "videos",
   "video-categories",
   "video-tags",