@01.software/sdk 0.16.0 → 0.18.0

package/README.md

@@ -79,7 +79,7 @@ const { docs } = await client.collections.from('products').find({
 import { createServerClient } from '@01.software/sdk'
 
 const client = createServerClient({
-  publishableKey: process.env.NEXT_PUBLIC_SOFTWARE_PUBLISHABLE_KEY,
+  publishableKey: process.env.SOFTWARE_PUBLISHABLE_KEY,
   secretKey: process.env.SOFTWARE_SECRET_KEY, // sk01_... opaque API key from Console
 })
 
@@ -113,7 +113,7 @@ const client = createClient({
 const server = createServerClient({
   publishableKey: string,
   secretKey: string,      // sk01_... or pat01_...
-  tenantId: string,       // required when secretKey is pat01_
+  tenantId?: string,      // for PAT workflows, must match the pinned tenant when supplied
 })
 ```
 
@@ -121,6 +121,7 @@ const server = createServerClient({
 | ---------------- | -------- | ---------------------------- |
 | `publishableKey` | `string` | API publishable key          |
 | `secretKey`      | `string` | API secret key (server only) |
+| `tenantId`       | `string` | Optional generally; required when a PAT must disambiguate multi-tenant access. Must match the pinned tenant when supplied. |
 
 API URL은 환경변수로 오버라이드 가능합니다:
 
@@ -306,7 +307,6 @@ login({ email: 'user@example.com', password: 'password' })
 // Other customer mutations
 client.query.useCustomerForgotPassword()
 client.query.useCustomerResetPassword()
-client.query.useCustomerVerifyEmail()
 client.query.useCustomerChangePassword()
 
 // Customer cache utilities
@@ -348,11 +348,10 @@ const orders = await client.commerce.orders.listMine({
   status: 'paid',
 })
 
-// Password & email
+// Password
 await client.customer.auth.forgotPassword('john@example.com')
 await client.customer.auth.resetPassword(token, newPassword)
 await client.customer.auth.changePassword(currentPassword, newPassword)
-await client.customer.auth.verifyEmail(verificationToken)
 ```
 
 ### Commerce Orders (ServerClient-only writes)
@@ -439,7 +438,11 @@ await server.community.moderation.unbanCustomer({ customerId })
 ### Webhook
 
 ```typescript
-import { handleWebhook, createTypedWebhookHandler } from '@01.software/sdk'
+import {
+  handleWebhook,
+  createCustomerAuthWebhookHandler,
+  createTypedWebhookHandler,
+} from '@01.software/sdk'
 
 // Basic handler
 export async function POST(request: Request) {
@@ -460,26 +463,37 @@ const handler = createTypedWebhookHandler('orders', async (event) => {
   // event.data is typed as Order
   console.log(event.data.orderNumber)
 })
+
+// Customer auth helper
+const customerAuthHandler = createCustomerAuthWebhookHandler({
+  passwordReset: async ({ email, resetPasswordToken }) => {
+    await sendPasswordResetEmail(email, resetPasswordToken)
+  },
+})
 ```
 
 ## Supported Collections
 
-| Category     | Collections                                                                                                                                     |
-| ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------- |
-| Tenant       | `tenants`, `tenant-metadata`, `tenant-logos`                                                                                                    |
-| Images       | `images` (unified), `brand-logos`                                                                                                               |
-| Products     | `products`, `product-variants`, `product-options`, `product-option-values`, `product-categories`, `product-tags`, `product-collections`, `brands`, `brand-logos` |
-| Orders       | `orders`, `order-items`, `returns`, `return-items`, `fulfillments`, `fulfillment-items`, `transactions`, `order-status-logs` |
-| Customers    | `customers`, `customer-addresses`, `customer-groups`                                                                                            |
-| Carts        | `carts`, `cart-items`                                                                                                                           |
-| Commerce     | `discounts`, `shipping-policies`                                                                                                                |
-| Content      | `posts`, `post-authors`, `post-categories`, `post-tags`, `documents`, `document-categories`, `document-types`                                  |
-| Playlists    | `playlists`, `playlist-categories`, `playlist-tags`, `tracks`, `track-categories`, `track-tags`                                               |
-| Galleries    | `galleries`, `gallery-items`, `gallery-categories`, `gallery-tags`                                                                              |
-| Canvas       | `canvases`, `canvas-node-types`, `canvas-edge-types`, `canvas-categories`, `canvas-tags`                                                        |
-| Videos       | `videos`, `video-categories`, `video-tags`                                                                                                      |
-| Live Streams | `live-streams`                                                                                                                                  |
-| Forms        | `forms`, `form-submissions`                                                                                                                     |
+Source of truth: `packages/sdk/src/core/collection/const.ts` (`COLLECTIONS`: 74).
+
+| Category | Collections |
+| --- | --- |
+| Tenant | `tenants`, `tenant-metadata`, `tenant-logos` |
+| Products | `products`, `product-variants`, `product-options`, `product-option-values`, `product-categories`, `product-tags`, `product-collections`, `brands`, `brand-logos` |
+| Orders | `orders`, `order-items`, `returns`, `return-items`, `fulfillments`, `fulfillment-items`, `transactions` |
+| Customers | `customers`, `customer-profiles`, `customer-addresses`, `customer-groups` |
+| Carts | `carts`, `cart-items` |
+| Commerce | `discounts`, `promotions`, `shipping-policies` |
+| Content | `documents`, `document-categories`, `document-types`, `posts`, `post-authors`, `post-categories`, `post-tags`, `links`, `link-categories`, `link-tags` |
+| Playlists / Tracks | `playlists`, `playlist-categories`, `playlist-tags`, `tracks`, `track-categories`, `track-tags` |
+| Galleries | `galleries`, `gallery-categories`, `gallery-tags`, `gallery-items` |
+| Canvas | `canvases`, `canvas-node-types`, `canvas-edge-types`, `canvas-categories`, `canvas-tags`, `canvas-nodes`, `canvas-edges` |
+| Videos | `videos`, `video-categories`, `video-tags` |
+| Live Streams | `live-streams` |
+| Media | `images` |
+| Forms | `forms`, `form-submissions` |
+| Community | `threads`, `comments`, `reactions`, `reaction-types`, `bookmarks`, `thread-categories`, `reports`, `community-bans` |
+| Events | `event-calendars`, `events`, `event-occurrences`, `event-tags` |
 
 ## Utilities
 
@@ -581,6 +595,7 @@ Error classes: `SDKError`, `ApiError`, `NetworkError`, `ValidationError`, `Confi
 
 ```bash
 NEXT_PUBLIC_SOFTWARE_PUBLISHABLE_KEY=your_publishable_key
+SOFTWARE_PUBLISHABLE_KEY=your_publishable_key
 SOFTWARE_SECRET_KEY=sk01_...  # Server only — opaque API key from Console
 ```
 
@@ -597,7 +612,7 @@ New error codes propagated via `SDKError.code` (no breaking change; existing cal
 | Code | Phase | Trigger |
 |---|---|---|
 | `account_suspended` | P1 | Suspended session / `sk01_` / `pat01_` / customer JWT — 401 |
-| `pat_tenant_header_forbidden` | P1 | `pat01_` with `X-Tenant-Id` header — 401 (header rejected) |
+| `pat_tenant_header_forbidden` | P1 | `pat01_` request with a forbidden or mismatched `X-Tenant-Id` header — 401 |
 | `tenant_mismatch` | P3 | Cross-tenant FK rejection (forms / community / orders) |
 | `server_derived` | P3 | Body-driven write into a server-derived state field — 422 |
 | `scope_denied` | P5 | `pat01_` whose `ApiKeys.scopes` lacks the operation |
@@ -613,7 +628,6 @@ P5 also adds JWT-`jti` revocation: `revokeCustomerJti(jti, ttl)` on the server i
 | Collection | Old | New |
 |---|---|---|
 | Customers | `socialId` | `providerUserId` |
-| Customers | `isVerified` | `isEmailVerified` |
 | Customers | `loginAttempts` | `loginAttemptCount` |
 | Customers | `resetPasswordExpiry` | `resetPasswordExpiresAt` |
 | Orders, Carts | `shippingFee` | `shippingAmount` |

package/dist/{const-BLwHrFZ-.d.cts → const-_gW__LA1.d.ts}

@@ -1,4 +1,4 @@
-import { C as Config } from './payload-types-DRvL_bS2.cjs';
+import { C as Config } from './payload-types-Cwnj_qN4.js';
 
 /**
  * Collection type derived from Payload Config.
@@ -9,12 +9,12 @@ type Collection = keyof Config['collections'];
  * Internal collections that should not be exposed via SDK.
  * Includes Payload system collections and admin-only collections.
  */
-declare const INTERNAL_COLLECTIONS: readonly ["users", "payload-kv", "payload-locked-documents", "payload-preferences", "payload-migrations", "field-configs", "system-media", "track-assets", "audiences", "email-logs", "tenant-auth-settings", "tenant-community-settings", "api-usage", "tenant-analytics-daily", "analytics-event-schemas", "subscriptions", "billing-history", "order-status-logs", "api-keys", "personal-access-tokens", "tenant-entitlements", "webhook-events", "webhook-deliveries", "audit-logs", "plans", "webhooks"];
+declare const INTERNAL_COLLECTIONS: readonly ["users", "payload-kv", "payload-locked-documents", "payload-preferences", "payload-migrations", "field-configs", "system-media", "track-assets", "audiences", "email-logs", "api-usage", "tenant-analytics-daily", "analytics-event-schemas", "subscriptions", "billing-history", "order-status-logs", "api-keys", "personal-access-tokens", "tenant-entitlements", "webhook-events", "webhook-deliveries", "audit-logs", "plans", "webhooks", "event-registrations"];
 /**
  * Array of all public collection names for runtime use (e.g., Zod enum validation).
  * This is the single source of truth for which collections are publicly accessible via SDK.
  */
-declare const COLLECTIONS: readonly ["tenants", "tenant-metadata", "tenant-logos", "products", "product-variants", "product-options", "product-option-values", "product-categories", "product-tags", "product-collections", "brands", "brand-logos", "orders", "order-items", "returns", "return-items", "fulfillments", "fulfillment-items", "transactions", "customers", "customer-addresses", "customer-groups", "carts", "cart-items", "discounts", "promotions", "shipping-policies", "documents", "document-categories", "document-types", "posts", "post-authors", "post-categories", "post-tags", "playlists", "playlist-categories", "playlist-tags", "tracks", "track-categories", "track-tags", "galleries", "gallery-categories", "gallery-tags", "gallery-items", "links", "link-categories", "link-tags", "canvases", "canvas-node-types", "canvas-edge-types", "canvas-categories", "canvas-tags", "canvas-nodes", "canvas-edges", "videos", "video-categories", "video-tags", "live-streams", "images", "forms", "form-submissions", "threads", "comments", "reactions", "reaction-types", "bookmarks", "thread-categories", "reports", "community-bans"];
+declare const COLLECTIONS: readonly ["tenants", "tenant-metadata", "tenant-logos", "products", "product-variants", "product-options", "product-option-values", "product-categories", "product-tags", "product-collections", "brands", "brand-logos", "orders", "order-items", "returns", "return-items", "fulfillments", "fulfillment-items", "transactions", "customers", "customer-profiles", "customer-addresses", "customer-groups", "carts", "cart-items", "discounts", "promotions", "shipping-policies", "documents", "document-categories", "document-types", "posts", "post-authors", "post-categories", "post-tags", "playlists", "playlist-categories", "playlist-tags", "tracks", "track-categories", "track-tags", "galleries", "gallery-categories", "gallery-tags", "gallery-items", "links", "link-categories", "link-tags", "canvases", "canvas-node-types", "canvas-edge-types", "canvas-categories", "canvas-tags", "canvas-nodes", "canvas-edges", "videos", "video-categories", "video-tags", "live-streams", "images", "forms", "form-submissions", "threads", "comments", "reactions", "reaction-types", "bookmarks", "thread-categories", "reports", "community-bans", "event-calendars", "events", "event-occurrences", "event-tags"];
 /**
  * Public collections available for SDK access.
  * Derived from the COLLECTIONS array (single source of truth).

package/dist/{const-RMD3ZVaS.d.ts → const-zEoxAfGX.d.cts}

@@ -1,4 +1,4 @@
-import { C as Config } from './payload-types-DRvL_bS2.js';
+import { C as Config } from './payload-types-Cwnj_qN4.cjs';
 
 /**
  * Collection type derived from Payload Config.
@@ -9,12 +9,12 @@ type Collection = keyof Config['collections'];
  * Internal collections that should not be exposed via SDK.
  * Includes Payload system collections and admin-only collections.
  */
-declare const INTERNAL_COLLECTIONS: readonly ["users", "payload-kv", "payload-locked-documents", "payload-preferences", "payload-migrations", "field-configs", "system-media", "track-assets", "audiences", "email-logs", "tenant-auth-settings", "tenant-community-settings", "api-usage", "tenant-analytics-daily", "analytics-event-schemas", "subscriptions", "billing-history", "order-status-logs", "api-keys", "personal-access-tokens", "tenant-entitlements", "webhook-events", "webhook-deliveries", "audit-logs", "plans", "webhooks"];
+declare const INTERNAL_COLLECTIONS: readonly ["users", "payload-kv", "payload-locked-documents", "payload-preferences", "payload-migrations", "field-configs", "system-media", "track-assets", "audiences", "email-logs", "api-usage", "tenant-analytics-daily", "analytics-event-schemas", "subscriptions", "billing-history", "order-status-logs", "api-keys", "personal-access-tokens", "tenant-entitlements", "webhook-events", "webhook-deliveries", "audit-logs", "plans", "webhooks", "event-registrations"];
 /**
  * Array of all public collection names for runtime use (e.g., Zod enum validation).
  * This is the single source of truth for which collections are publicly accessible via SDK.
  */
-declare const COLLECTIONS: readonly ["tenants", "tenant-metadata", "tenant-logos", "products", "product-variants", "product-options", "product-option-values", "product-categories", "product-tags", "product-collections", "brands", "brand-logos", "orders", "order-items", "returns", "return-items", "fulfillments", "fulfillment-items", "transactions", "customers", "customer-addresses", "customer-groups", "carts", "cart-items", "discounts", "promotions", "shipping-policies", "documents", "document-categories", "document-types", "posts", "post-authors", "post-categories", "post-tags", "playlists", "playlist-categories", "playlist-tags", "tracks", "track-categories", "track-tags", "galleries", "gallery-categories", "gallery-tags", "gallery-items", "links", "link-categories", "link-tags", "canvases", "canvas-node-types", "canvas-edge-types", "canvas-categories", "canvas-tags", "canvas-nodes", "canvas-edges", "videos", "video-categories", "video-tags", "live-streams", "images", "forms", "form-submissions", "threads", "comments", "reactions", "reaction-types", "bookmarks", "thread-categories", "reports", "community-bans"];
+declare const COLLECTIONS: readonly ["tenants", "tenant-metadata", "tenant-logos", "products", "product-variants", "product-options", "product-option-values", "product-categories", "product-tags", "product-collections", "brands", "brand-logos", "orders", "order-items", "returns", "return-items", "fulfillments", "fulfillment-items", "transactions", "customers", "customer-profiles", "customer-addresses", "customer-groups", "carts", "cart-items", "discounts", "promotions", "shipping-policies", "documents", "document-categories", "document-types", "posts", "post-authors", "post-categories", "post-tags", "playlists", "playlist-categories", "playlist-tags", "tracks", "track-categories", "track-tags", "galleries", "gallery-categories", "gallery-tags", "gallery-items", "links", "link-categories", "link-tags", "canvases", "canvas-node-types", "canvas-edge-types", "canvas-categories", "canvas-tags", "canvas-nodes", "canvas-edges", "videos", "video-categories", "video-tags", "live-streams", "images", "forms", "form-submissions", "threads", "comments", "reactions", "reaction-types", "bookmarks", "thread-categories", "reports", "community-bans", "event-calendars", "events", "event-occurrences", "event-tags"];
 /**
  * Public collections available for SDK access.
  * Derived from the COLLECTIONS array (single source of truth).

package/dist/index.cjs

@@ -24,6 +24,7 @@ __export(src_exports, {
   AuthError: () => AuthError,
   BaseApi: () => BaseApi,
   COLLECTIONS: () => COLLECTIONS,
+  CUSTOMER_PASSWORD_RESET_OPERATION: () => CUSTOMER_PASSWORD_RESET_OPERATION,
   CartApi: () => CartApi,
   Client: () => Client,
   CollectionClient: () => CollectionClient,
@@ -65,6 +66,7 @@ __export(src_exports, {
   createAuthError: () => createAuthError,
   createClient: () => createClient,
   createConflictError: () => createConflictError,
+  createCustomerAuthWebhookHandler: () => createCustomerAuthWebhookHandler,
   createNotFoundError: () => createNotFoundError,
   createPermissionError: () => createPermissionError,
   createRateLimitError: () => createRateLimitError,
@@ -91,6 +93,7 @@ __export(src_exports, {
   isAuthError: () => isAuthError,
   isConfigError: () => isConfigError,
   isConflictError: () => isConflictError,
+  isCustomerPasswordResetWebhookEvent: () => isCustomerPasswordResetWebhookEvent,
   isGoneError: () => isGoneError,
   isNetworkError: () => isNetworkError,
   isNotFoundError: () => isNotFoundError,
@@ -1077,8 +1080,6 @@ var INTERNAL_COLLECTIONS = [
   "track-assets",
   "audiences",
   "email-logs",
-  "tenant-auth-settings",
-  "tenant-community-settings",
   "api-usage",
   "tenant-analytics-daily",
   "analytics-event-schemas",
@@ -1092,7 +1093,8 @@ var INTERNAL_COLLECTIONS = [
   "webhook-deliveries",
   "audit-logs",
   "plans",
-  "webhooks"
+  "webhooks",
+  "event-registrations"
 ];
 var COLLECTIONS = [
   "tenants",
@@ -1115,6 +1117,7 @@ var COLLECTIONS = [
   "fulfillment-items",
   "transactions",
   "customers",
+  "customer-profiles",
   "customer-addresses",
   "customer-groups",
   "carts",
@@ -1164,7 +1167,12 @@ var COLLECTIONS = [
   "bookmarks",
   "thread-categories",
   "reports",
-  "community-bans"
+  "community-bans",
+  // Events
+  "event-calendars",
+  "events",
+  "event-occurrences",
+  "event-tags"
 ];
 
 // src/core/api/parse-response.ts
@@ -1580,15 +1588,6 @@ var CustomerAuth = class {
       body: JSON.stringify({ currentPassword, newPassword })
     });
   }
-  /**
-   * Verify email using the verification token
-   */
-  async verifyEmail(token) {
-    await this.requestJson("/api/customers/verify-email", {
-      method: "POST",
-      body: JSON.stringify({ token })
-    });
-  }
   /**
    * Get the authenticated customer's orders with pagination and optional status filter
    */
@@ -2308,14 +2307,6 @@ var CustomerHooks = class {
       options
     );
   }
-  useCustomerVerifyEmail(options) {
-    return createMutation(
-      (token) => this.ensureCustomerAuth().verifyEmail(token).then(() => {
-      }),
-      options,
-      this.invalidateMe
-    );
-  }
   useCustomerRefreshToken(options) {
     return createMutation(
       () => this.ensureCustomerAuth().refreshToken(),
@@ -2360,7 +2351,6 @@ var QueryHooks = class extends CollectionHooks {
     this.useCustomerLogout = (...args) => this._customer.useCustomerLogout(...args);
     this.useCustomerForgotPassword = (...args) => this._customer.useCustomerForgotPassword(...args);
     this.useCustomerResetPassword = (...args) => this._customer.useCustomerResetPassword(...args);
-    this.useCustomerVerifyEmail = (...args) => this._customer.useCustomerVerifyEmail(...args);
     this.useCustomerRefreshToken = (...args) => this._customer.useCustomerRefreshToken(...args);
     this.useCustomerUpdateProfile = (...args) => this._customer.useCustomerUpdateProfile(...args);
     this.useCustomerChangePassword = (...args) => this._customer.useCustomerChangePassword(...args);
@@ -2744,7 +2734,32 @@ var RealtimeConnection = class {
 function isValidWebhookEvent(data) {
   if (typeof data !== "object" || data === null) return false;
   const obj = data;
-  return typeof obj.collection === "string" && (obj.operation === "create" || obj.operation === "update") && typeof obj.data === "object" && obj.data !== null;
+  return typeof obj.collection === "string" && typeof obj.operation === "string" && obj.operation.length > 0 && typeof obj.data === "object" && obj.data !== null;
+}
+var CUSTOMER_PASSWORD_RESET_OPERATION = "password-reset";
+function isRecord(value) {
+  return typeof value === "object" && value !== null;
+}
+function hasString(value, key) {
+  return typeof value[key] === "string";
+}
+function hasStringOrNumber(value, key) {
+  return typeof value[key] === "string" || typeof value[key] === "number";
+}
+function isCustomerPasswordResetWebhookEvent(event) {
+  if (event.collection !== "customers" || event.operation !== CUSTOMER_PASSWORD_RESET_OPERATION || !isRecord(event.data)) {
+    return false;
+  }
+  return hasStringOrNumber(event.data, "customerId") && hasString(event.data, "email") && hasString(event.data, "name") && hasString(event.data, "resetPasswordToken") && hasString(event.data, "resetPasswordExpiresAt");
+}
+function createCustomerAuthWebhookHandler(handlers) {
+  return async (event) => {
+    if (isCustomerPasswordResetWebhookEvent(event) && handlers.passwordReset) {
+      await handlers.passwordReset(event.data, event);
+      return;
+    }
+    await handlers.unhandled?.(event);
+  };
 }
 async function verifySignature(payload, secret, signature) {
   const encoder = new TextEncoder();