@01.software/sdk 0.17.0 → 0.19.0

package/dist/realtime.cjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/realtime.ts","../src/core/query/realtime-hooks.ts","../src/core/query/realtime.ts","../src/core/client/types.ts","../src/core/query/query-keys.ts"],"sourcesContent":["export { useRealtimeQuery } from './core/query/realtime-hooks'\nexport type {\n  UseRealtimeQueryOptions,\n  UseRealtimeQueryResult,\n  RealtimeEvent,\n} from './core/query/realtime-hooks'\nexport { RealtimeConnection, type RealtimeListener } from './core/query/realtime'\n","import { useEffect, useRef, useState } from 'react'\nimport { useQueryClient } from '@tanstack/react-query'\nimport { RealtimeConnection, type RealtimeEvent } from './realtime'\nimport { resolveApiUrl, type PublicCollection } from '../client/types'\nimport { collectionKeys } from './query-keys'\n\nexport type { RealtimeEvent }\n\nexport interface UseRealtimeQueryOptions {\n  /** Filter events to specific collections. Empty/undefined = all collections. */\n  collections?: PublicCollection[]\n  /** Enable/disable the SSE connection. Default: true. */\n  enabled?: boolean\n}\n\nexport interface UseRealtimeQueryResult {\n  /** Whether the SSE connection is currently active. */\n  connected: boolean\n  /** The last received event, or null. */\n  lastEvent: RealtimeEvent | null\n}\n\n/**\n * React hook that subscribes to real-time collection change events via SSE.\n * Automatically invalidates React Query cache when changes are detected.\n *\n * @example\n * ```tsx\n * const { connected } = useRealtimeQuery({\n *   publishableKey: 'your-key',\n *   getToken: () => client.customer.getToken(),\n *   collections: ['products', 'orders'],\n * })\n * ```\n */\nexport function useRealtimeQuery(options: {\n  publishableKey: string\n  getToken: () => string | null\n  collections?: PublicCollection[]\n  enabled?: boolean\n}): UseRealtimeQueryResult {\n  const { getToken, collections, enabled = true } = options\n  const publishableKey = options.publishableKey\n  const queryClient = useQueryClient()\n  const [connected, setConnected] = useState(false)\n  const [lastEvent, setLastEvent] = useState<RealtimeEvent | null>(null)\n  const connectionRef = useRef<RealtimeConnection | null>(null)\n\n  useEffect(() => {\n    if (!enabled || !publishableKey) return\n\n    const baseUrl = resolveApiUrl()\n    const conn = new RealtimeConnection(\n      baseUrl,\n      publishableKey,\n      getToken,\n      collections,\n    )\n    connectionRef.current = conn\n\n    // Listen for events and invalidate queries\n    const removeListener = conn.addListener((event) => {\n      setLastEvent(event)\n\n      // Invalidate all queries for the changed collection\n      const keys = collectionKeys(event.collection as PublicCollection)\n      queryClient.invalidateQueries({ queryKey: keys.all })\n    })\n\n    // Track connection state\n    const pollInterval = setInterval(() => {\n      setConnected(conn.connected)\n    }, 1000)\n\n    conn.connect()\n\n    return () => {\n      conn.disconnect()\n      removeListener()\n      clearInterval(pollInterval)\n      connectionRef.current = null\n      setConnected(false)\n    }\n    // eslint-disable-next-line react-hooks/exhaustive-deps\n  }, [publishableKey, enabled, collections?.join(',')])\n\n  return { connected, lastEvent }\n}\n","/**\n * Fetch-based SSE connection manager for real-time collection change events.\n * Uses fetch + ReadableStream to support custom auth headers (unlike native EventSource).\n */\n\nexport interface RealtimeEvent {\n  collection: string\n  operation: string\n  id: string | null\n  timestamp: string\n}\n\nexport type RealtimeListener = (event: RealtimeEvent) => void\n\nconst INITIAL_RECONNECT_DELAY = 1_000\nconst MAX_RECONNECT_DELAY = 30_000\nconst RECONNECT_BACKOFF_FACTOR = 2\nconst MAX_NO_TOKEN_RETRIES = 5\n\nexport class RealtimeConnection {\n  private abortController: AbortController | null = null\n  private reconnectAttempt = 0\n  private noTokenAttempts = 0\n  private reconnectTimer: ReturnType<typeof setTimeout> | null = null\n  private listeners = new Set<RealtimeListener>()\n  private _connected = false\n\n  constructor(\n    private baseUrl: string,\n    private publishableKey: string,\n    private getToken: () => string | null,\n    private collections?: string[],\n  ) {}\n\n  get connected(): boolean {\n    return this._connected\n  }\n\n  addListener(fn: RealtimeListener): () => void {\n    this.listeners.add(fn)\n    return () => this.listeners.delete(fn)\n  }\n\n  connect(): void {\n    if (this.abortController) return // Already connecting/connected\n\n    this.abortController = new AbortController()\n    this.startStream(this.abortController.signal)\n  }\n\n  disconnect(): void {\n    this._connected = false\n    if (this.reconnectTimer) {\n      clearTimeout(this.reconnectTimer)\n      this.reconnectTimer = null\n    }\n    if (this.abortController) {\n      this.abortController.abort()\n      this.abortController = null\n    }\n    this.reconnectAttempt = 0\n    this.noTokenAttempts = 0\n  }\n\n  private async startStream(signal: AbortSignal): Promise<void> {\n    const token = this.getToken()\n    if (!token) {\n      this.noTokenAttempts++\n      if (this.noTokenAttempts >= MAX_NO_TOKEN_RETRIES) {\n        // Stop reconnecting — no token available after multiple attempts\n        this._connected = false\n        this.abortController = null\n        return\n      }\n      this.scheduleReconnect()\n      return\n    }\n    this.noTokenAttempts = 0\n\n    const params = this.collections?.length\n      ? `?collections=${this.collections.join(',')}`\n      : ''\n    const url = `${this.baseUrl}/api/events/stream${params}`\n\n    try {\n      const response = await fetch(url, {\n        headers: {\n          'X-Publishable-Key': this.publishableKey,\n          Authorization: `Bearer ${token}`,\n        },\n        signal,\n      })\n\n      if (!response.ok) {\n        if (response.status === 401) {\n          // Token expired — try reconnecting (will get fresh token)\n          this.scheduleReconnect()\n          return\n        }\n        throw new Error(`SSE connection failed: ${response.status}`)\n      }\n\n      if (!response.body) {\n        throw new Error('SSE response has no body')\n      }\n\n      this._connected = true\n      this.reconnectAttempt = 0\n\n      await this.readStream(response.body, signal)\n    } catch {\n      if (signal.aborted) return // Intentional disconnect\n      this._connected = false\n      this.scheduleReconnect()\n    }\n  }\n\n  private async readStream(\n    body: ReadableStream<Uint8Array>,\n    signal: AbortSignal,\n  ): Promise<void> {\n    const reader = body.getReader()\n    const decoder = new TextDecoder()\n    let buffer = ''\n    let currentEvent = ''\n    let currentData = ''\n\n    try {\n      while (true) {\n        const { done, value } = await reader.read()\n        if (done || signal.aborted) break\n\n        buffer += decoder.decode(value, { stream: true })\n        const lines = buffer.split('\\n')\n        buffer = lines.pop() ?? '' // Keep incomplete last line in buffer\n\n        for (const line of lines) {\n          if (line.startsWith('event: ')) {\n            currentEvent = line.slice(7)\n          } else if (line.startsWith('data: ')) {\n            currentData += (currentData ? '\\n' : '') + line.slice(6)\n          } else if (line === '') {\n            // Empty line = end of event\n            if (currentEvent === 'collection:change' && currentData) {\n              try {\n                const event: RealtimeEvent = JSON.parse(currentData)\n                for (const listener of this.listeners) {\n                  try {\n                    listener(event)\n                  } catch {\n                    // Listener error — ignore\n                  }\n                }\n              } catch {\n                // Malformed JSON — ignore\n              }\n            }\n            currentEvent = ''\n            currentData = ''\n          }\n          // Ignore comment lines (: heartbeat)\n        }\n      }\n    } catch {\n      // Stream read error\n    } finally {\n      reader.releaseLock()\n      this._connected = false\n      if (!signal.aborted) {\n        this.scheduleReconnect()\n      }\n    }\n  }\n\n  private scheduleReconnect(): void {\n    if (this.reconnectTimer) return\n\n    const delay = Math.min(\n      INITIAL_RECONNECT_DELAY *\n        Math.pow(RECONNECT_BACKOFF_FACTOR, this.reconnectAttempt),\n      MAX_RECONNECT_DELAY,\n    )\n    this.reconnectAttempt++\n\n    this.reconnectTimer = setTimeout(() => {\n      this.reconnectTimer = null\n      this.abortController = new AbortController()\n      this.startStream(this.abortController.signal)\n    }, delay)\n  }\n}\n","import type { Sort, Where } from 'payload'\n\nimport type { Collection, PublicCollection } from '../collection/const'\n\nexport type { Collection, PublicCollection }\n\n// ============================================================================\n// API URL Configuration\n// ============================================================================\n\ndeclare const __DEFAULT_API_URL__: string\n\nexport function resolveApiUrl(): string {\n  if (typeof process !== 'undefined' && process.env) {\n    const envUrl =\n      process.env.SOFTWARE_API_URL || process.env.NEXT_PUBLIC_SOFTWARE_API_URL\n    if (envUrl) {\n      return envUrl.replace(/\\/$/, '')\n    }\n  }\n  return __DEFAULT_API_URL__\n}\n\n// ============================================================================\n// Client Configuration\n// ============================================================================\n\nexport interface ClientConfig {\n  publishableKey: string\n  /**\n   * Customer authentication options.\n   * Used to initialize CustomerAuth on Client.\n   */\n  customer?: {\n    /**\n     * Persist token in localStorage. Defaults to `true`.\n     * - `true` (default): uses key `'customer-token'`\n     * - `string`: uses the given string as localStorage key\n     * - `false`: disables persistence (token/onTokenChange used instead)\n     *\n     * Handles SSR safely (no-op on server).\n     * When enabled, `token` and `onTokenChange` are ignored.\n     */\n    persist?: boolean | string\n    /** Initial token (e.g. from SSR cookie) */\n    token?: string\n    /** Called when token changes (login/logout) — use to persist in localStorage/cookie */\n    onTokenChange?: (token: string | null) => void\n  }\n}\n\n// Server client: requires both publishableKey (for CDN routing + rate limit +\n// monthly quota enforcement via the edge proxy) and secretKey (sk01_ opaque\n// bearer token, the authentication credential).\n// The proxy keys its tenant lookup off `X-Publishable-Key`, so omitting\n// publishableKey would silently bypass rate limiting and plan-based quota\n// enforcement.\nexport interface ClientServerConfig extends ClientConfig {\n  secretKey: string\n  /**\n   * Tenant ID for pat01_ API keys. When provided alongside a pat01_ key,\n   * every server request includes X-Tenant-Id so the API can scope the\n   * request to the correct tenant. Not needed for sk01_ keys (tenant is\n   * encoded in the key itself).\n   */\n  tenantId?: string\n}\n\n\nexport interface ClientMetadata {\n  userAgent?: string\n  timestamp: number\n}\n\nexport interface ClientState {\n  metadata: ClientMetadata\n}\n\nexport interface PaginationMeta {\n  page: number\n  limit: number\n  totalDocs: number\n  totalPages: number\n  hasNextPage: boolean\n  hasPrevPage: boolean\n  pagingCounter: number\n  prevPage: number | null\n  nextPage: number | null\n}\n\n// ============================================================================\n// Payload CMS Native Response Types\n// ============================================================================\n\n/**\n * Payload CMS Find (List) Response\n * GET /api/{collection}\n */\nexport interface PayloadFindResponse<T = unknown> {\n  docs: T[]\n  totalDocs: number\n  limit: number\n  totalPages: number\n  page: number\n  pagingCounter: number\n  hasPrevPage: boolean\n  hasNextPage: boolean\n  prevPage: number | null\n  nextPage: number | null\n}\n\n/**\n * Payload CMS Create/Update Response\n * POST /api/{collection}\n * PATCH /api/{collection}/{id}\n */\nexport interface PayloadMutationResponse<T = unknown> {\n  message: string\n  doc: T\n  errors?: unknown[]\n}\n\n// ============================================================================\n// Query Options\n// ============================================================================\n\n/**\n * Do NOT replace with `Pick<FindOptions>` from `payload`. Payload's generic\n * types (`JoinQuery<TSlug>`, `PopulateType`) depend on `PayloadTypes` module\n * augmentation; external SDK consumers who skip that get degenerate types\n * (`never` / `{}`). Only non-generic `Sort`/`Where` are safe to import.\n * Excluded vs native: Local-API-only fields, `locale`/`fallbackLocale`.\n */\nexport interface ApiQueryOptions {\n  page?: number\n  limit?: number\n  sort?: Sort\n  where?: Where\n  depth?: number\n  select?: Record<string, boolean>\n  /** Per-collection field selection for populated relationships (keyed by collection slug) */\n  populate?: Record<string, boolean | Record<string, boolean>>\n  /** Join field control: pagination/filter per join, or false to disable */\n  joins?:\n    | Record<\n        string,\n        | {\n            limit?: number\n            page?: number\n            sort?: string\n            where?: Where\n            count?: boolean\n          }\n        | false\n      >\n    | false\n  /** Set to `false` to skip the count query — returns docs without totalDocs/totalPages */\n  pagination?: boolean\n  /** Include draft versions (access control still applies on the server) */\n  draft?: boolean\n  /** Include soft-deleted documents (requires `trash` enabled on the collection) */\n  trash?: boolean\n}\n\n// ============================================================================\n// Debug & Retry Configuration\n// ============================================================================\n\nexport interface DebugConfig {\n  logRequests?: boolean\n  logResponses?: boolean\n  logErrors?: boolean\n}\n\nexport interface RetryConfig {\n  maxRetries?: number\n  retryableStatuses?: number[]\n  retryDelay?: (attempt: number) => number\n}\n\n\n// ============================================================================\n// Type Utilities\n// ============================================================================\n\nexport type DeepPartial<T> = {\n  [P in keyof T]?: T[P] extends object ? DeepPartial<T[P]> : T[P]\n}\n\nexport type ExtractArrayType<T> = T extends (infer U)[] ? U : never\n","import type { PublicCollection, ApiQueryOptions } from '../client/types'\nimport type { ProductListingGroupsQueryOptions } from './query-hooks'\n\nexport function collectionKeys<T extends PublicCollection>(collection: T) {\n  return {\n    all: [collection] as const,\n    lists: () => [collection, 'list'] as const,\n    list: (options?: ApiQueryOptions) => [collection, 'list', options] as const,\n    details: () => [collection, 'detail'] as const,\n    detail: (id: string, options?: ApiQueryOptions) =>\n      [collection, 'detail', id, options] as const,\n    infinites: () => [collection, 'infinite'] as const,\n    infinite: (options?: Omit<ApiQueryOptions, 'page'>) =>\n      [collection, 'infinite', options] as const,\n  }\n}\n\nexport const customerKeys = {\n  all: ['customer'] as const,\n  me: () => ['customer', 'me'] as const,\n}\n\nexport const productKeys = {\n  listingGroups: (options?: ProductListingGroupsQueryOptions) =>\n    ['products', 'listing-groups', 'list', options] as const,\n  listingGroupsInfinite: (\n    options?: Omit<ProductListingGroupsQueryOptions, 'page' | 'limit'>,\n  ) =>\n    ['products', 'listing-groups', 'infinite', options] as const,\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,mBAA4C;AAC5C,yBAA+B;;;ACa/B,IAAM,0BAA0B;AAChC,IAAM,sBAAsB;AAC5B,IAAM,2BAA2B;AACjC,IAAM,uBAAuB;AAEtB,IAAM,qBAAN,MAAyB;AAAA,EAQ9B,YACU,SACA,gBACA,UACA,aACR;AAJQ;AACA;AACA;AACA;AAXV,SAAQ,kBAA0C;AAClD,SAAQ,mBAAmB;AAC3B,SAAQ,kBAAkB;AAC1B,SAAQ,iBAAuD;AAC/D,SAAQ,YAAY,oBAAI,IAAsB;AAC9C,SAAQ,aAAa;AAAA,EAOlB;AAAA,EAEH,IAAI,YAAqB;AACvB,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,YAAY,IAAkC;AAC5C,SAAK,UAAU,IAAI,EAAE;AACrB,WAAO,MAAM,KAAK,UAAU,OAAO,EAAE;AAAA,EACvC;AAAA,EAEA,UAAgB;AACd,QAAI,KAAK,gBAAiB;AAE1B,SAAK,kBAAkB,IAAI,gBAAgB;AAC3C,SAAK,YAAY,KAAK,gBAAgB,MAAM;AAAA,EAC9C;AAAA,EAEA,aAAmB;AACjB,SAAK,aAAa;AAClB,QAAI,KAAK,gBAAgB;AACvB,mBAAa,KAAK,cAAc;AAChC,WAAK,iBAAiB;AAAA,IACxB;AACA,QAAI,KAAK,iBAAiB;AACxB,WAAK,gBAAgB,MAAM;AAC3B,WAAK,kBAAkB;AAAA,IACzB;AACA,SAAK,mBAAmB;AACxB,SAAK,kBAAkB;AAAA,EACzB;AAAA,EAEA,MAAc,YAAY,QAAoC;AAC5D,UAAM,QAAQ,KAAK,SAAS;AAC5B,QAAI,CAAC,OAAO;AACV,WAAK;AACL,UAAI,KAAK,mBAAmB,sBAAsB;AAEhD,aAAK,aAAa;AAClB,aAAK,kBAAkB;AACvB;AAAA,MACF;AACA,WAAK,kBAAkB;AACvB;AAAA,IACF;AACA,SAAK,kBAAkB;AAEvB,UAAM,SAAS,KAAK,aAAa,SAC7B,gBAAgB,KAAK,YAAY,KAAK,GAAG,CAAC,KAC1C;AACJ,UAAM,MAAM,GAAG,KAAK,OAAO,qBAAqB,MAAM;AAEtD,QAAI;AACF,YAAM,WAAW,MAAM,MAAM,KAAK;AAAA,QAChC,SAAS;AAAA,UACP,qBAAqB,KAAK;AAAA,UAC1B,eAAe,UAAU,KAAK;AAAA,QAChC;AAAA,QACA;AAAA,MACF,CAAC;AAED,UAAI,CAAC,SAAS,IAAI;AAChB,YAAI,SAAS,WAAW,KAAK;AAE3B,eAAK,kBAAkB;AACvB;AAAA,QACF;AACA,cAAM,IAAI,MAAM,0BAA0B,SAAS,MAAM,EAAE;AAAA,MAC7D;AAEA,UAAI,CAAC,SAAS,MAAM;AAClB,cAAM,IAAI,MAAM,0BAA0B;AAAA,MAC5C;AAEA,WAAK,aAAa;AAClB,WAAK,mBAAmB;AAExB,YAAM,KAAK,WAAW,SAAS,MAAM,MAAM;AAAA,IAC7C,QAAQ;AACN,UAAI,OAAO,QAAS;AACpB,WAAK,aAAa;AAClB,WAAK,kBAAkB;AAAA,IACzB;AAAA,EACF;AAAA,EAEA,MAAc,WACZ,MACA,QACe;AACf,UAAM,SAAS,KAAK,UAAU;AAC9B,UAAM,UAAU,IAAI,YAAY;AAChC,QAAI,SAAS;AACb,QAAI,eAAe;AACnB,QAAI,cAAc;AAElB,QAAI;AACF,aAAO,MAAM;AACX,cAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAAO,KAAK;AAC1C,YAAI,QAAQ,OAAO,QAAS;AAE5B,kBAAU,QAAQ,OAAO,OAAO,EAAE,QAAQ,KAAK,CAAC;AAChD,cAAM,QAAQ,OAAO,MAAM,IAAI;AAC/B,iBAAS,MAAM,IAAI,KAAK;AAExB,mBAAW,QAAQ,OAAO;AACxB,cAAI,KAAK,WAAW,SAAS,GAAG;AAC9B,2BAAe,KAAK,MAAM,CAAC;AAAA,UAC7B,WAAW,KAAK,WAAW,QAAQ,GAAG;AACpC,4BAAgB,cAAc,OAAO,MAAM,KAAK,MAAM,CAAC;AAAA,UACzD,WAAW,SAAS,IAAI;AAEtB,gBAAI,iBAAiB,uBAAuB,aAAa;AACvD,kBAAI;AACF,sBAAM,QAAuB,KAAK,MAAM,WAAW;AACnD,2BAAW,YAAY,KAAK,WAAW;AACrC,sBAAI;AACF,6BAAS,KAAK;AAAA,kBAChB,QAAQ;AAAA,kBAER;AAAA,gBACF;AAAA,cACF,QAAQ;AAAA,cAER;AAAA,YACF;AACA,2BAAe;AACf,0BAAc;AAAA,UAChB;AAAA,QAEF;AAAA,MACF;AAAA,IACF,QAAQ;AAAA,IAER,UAAE;AACA,aAAO,YAAY;AACnB,WAAK,aAAa;AAClB,UAAI,CAAC,OAAO,SAAS;AACnB,aAAK,kBAAkB;AAAA,MACzB;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,oBAA0B;AAChC,QAAI,KAAK,eAAgB;AAEzB,UAAM,QAAQ,KAAK;AAAA,MACjB,0BACE,KAAK,IAAI,0BAA0B,KAAK,gBAAgB;AAAA,MAC1D;AAAA,IACF;AACA,SAAK;AAEL,SAAK,iBAAiB,WAAW,MAAM;AACrC,WAAK,iBAAiB;AACtB,WAAK,kBAAkB,IAAI,gBAAgB;AAC3C,WAAK,YAAY,KAAK,gBAAgB,MAAM;AAAA,IAC9C,GAAG,KAAK;AAAA,EACV;AACF;;;AClLO,SAAS,gBAAwB;AACtC,MAAI,OAAO,YAAY,eAAe,QAAQ,KAAK;AACjD,UAAM,SACJ,QAAQ,IAAI,oBAAoB,QAAQ,IAAI;AAC9C,QAAI,QAAQ;AACV,aAAO,OAAO,QAAQ,OAAO,EAAE;AAAA,IACjC;AAAA,EACF;AACA,SAAO;AACT;;;AClBO,SAAS,eAA2C,YAAe;AACxE,SAAO;AAAA,IACL,KAAK,CAAC,UAAU;AAAA,IAChB,OAAO,MAAM,CAAC,YAAY,MAAM;AAAA,IAChC,MAAM,CAAC,YAA8B,CAAC,YAAY,QAAQ,OAAO;AAAA,IACjE,SAAS,MAAM,CAAC,YAAY,QAAQ;AAAA,IACpC,QAAQ,CAAC,IAAY,YACnB,CAAC,YAAY,UAAU,IAAI,OAAO;AAAA,IACpC,WAAW,MAAM,CAAC,YAAY,UAAU;AAAA,IACxC,UAAU,CAAC,YACT,CAAC,YAAY,YAAY,OAAO;AAAA,EACpC;AACF;;;AHoBO,SAAS,iBAAiB,SAKN;AACzB,QAAM,EAAE,UAAU,aAAa,UAAU,KAAK,IAAI;AAClD,QAAM,iBAAiB,QAAQ;AAC/B,QAAM,kBAAc,mCAAe;AACnC,QAAM,CAAC,WAAW,YAAY,QAAI,uBAAS,KAAK;AAChD,QAAM,CAAC,WAAW,YAAY,QAAI,uBAA+B,IAAI;AACrE,QAAM,oBAAgB,qBAAkC,IAAI;AAE5D,8BAAU,MAAM;AACd,QAAI,CAAC,WAAW,CAAC,eAAgB;AAEjC,UAAM,UAAU,cAAc;AAC9B,UAAM,OAAO,IAAI;AAAA,MACf;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AACA,kBAAc,UAAU;AAGxB,UAAM,iBAAiB,KAAK,YAAY,CAAC,UAAU;AACjD,mBAAa,KAAK;AAGlB,YAAM,OAAO,eAAe,MAAM,UAA8B;AAChE,kBAAY,kBAAkB,EAAE,UAAU,KAAK,IAAI,CAAC;AAAA,IACtD,CAAC;AAGD,UAAM,eAAe,YAAY,MAAM;AACrC,mBAAa,KAAK,SAAS;AAAA,IAC7B,GAAG,GAAI;AAEP,SAAK,QAAQ;AAEb,WAAO,MAAM;AACX,WAAK,WAAW;AAChB,qBAAe;AACf,oBAAc,YAAY;AAC1B,oBAAc,UAAU;AACxB,mBAAa,KAAK;AAAA,IACpB;AAAA,EAEF,GAAG,CAAC,gBAAgB,SAAS,aAAa,KAAK,GAAG,CAAC,CAAC;AAEpD,SAAO,EAAE,WAAW,UAAU;AAChC;","names":[]}
+{"version":3,"sources":["../src/realtime.ts","../src/core/query/realtime-hooks.ts","../src/core/query/realtime.ts","../src/core/client/types.ts","../src/core/query/query-keys.ts"],"sourcesContent":["export { useRealtimeQuery } from './core/query/realtime-hooks'\nexport type {\n  UseRealtimeQueryOptions,\n  UseRealtimeQueryResult,\n  RealtimeEvent,\n} from './core/query/realtime-hooks'\nexport { RealtimeConnection, type RealtimeListener } from './core/query/realtime'\n","import { useEffect, useRef, useState } from 'react'\nimport { useQueryClient } from '@tanstack/react-query'\nimport { RealtimeConnection, type RealtimeEvent } from './realtime'\nimport { resolveApiUrl, type PublicCollection } from '../client/types'\nimport { collectionKeys } from './query-keys'\n\nexport type { RealtimeEvent }\n\nexport interface UseRealtimeQueryOptions {\n  /** Filter events to specific collections. Empty/undefined = all collections. */\n  collections?: PublicCollection[]\n  /** Enable/disable the SSE connection. Default: true. */\n  enabled?: boolean\n}\n\nexport interface UseRealtimeQueryResult {\n  /** Whether the SSE connection is currently active. */\n  connected: boolean\n  /** The last received event, or null. */\n  lastEvent: RealtimeEvent | null\n}\n\n/**\n * React hook that subscribes to real-time collection change events via SSE.\n * Automatically invalidates React Query cache when changes are detected.\n *\n * @example\n * ```tsx\n * const { connected } = useRealtimeQuery({\n *   publishableKey: 'your-key',\n *   getToken: () => client.customer.getToken(),\n *   collections: ['products', 'orders'],\n * })\n * ```\n */\nexport function useRealtimeQuery(options: {\n  publishableKey: string\n  getToken: () => string | null\n  collections?: PublicCollection[]\n  enabled?: boolean\n}): UseRealtimeQueryResult {\n  const { getToken, collections, enabled = true } = options\n  const publishableKey = options.publishableKey\n  const queryClient = useQueryClient()\n  const [connected, setConnected] = useState(false)\n  const [lastEvent, setLastEvent] = useState<RealtimeEvent | null>(null)\n  const connectionRef = useRef<RealtimeConnection | null>(null)\n\n  useEffect(() => {\n    if (!enabled || !publishableKey) return\n\n    const baseUrl = resolveApiUrl()\n    const conn = new RealtimeConnection(\n      baseUrl,\n      publishableKey,\n      getToken,\n      collections,\n    )\n    connectionRef.current = conn\n\n    // Listen for events and invalidate queries\n    const removeListener = conn.addListener((event) => {\n      setLastEvent(event)\n\n      // Invalidate all queries for the changed collection\n      const keys = collectionKeys(event.collection as PublicCollection)\n      queryClient.invalidateQueries({ queryKey: keys.all })\n    })\n\n    // Track connection state\n    const pollInterval = setInterval(() => {\n      setConnected(conn.connected)\n    }, 1000)\n\n    conn.connect()\n\n    return () => {\n      conn.disconnect()\n      removeListener()\n      clearInterval(pollInterval)\n      connectionRef.current = null\n      setConnected(false)\n    }\n    // eslint-disable-next-line react-hooks/exhaustive-deps\n  }, [publishableKey, enabled, collections?.join(',')])\n\n  return { connected, lastEvent }\n}\n","/**\n * Fetch-based SSE connection manager for real-time collection change events.\n * Uses fetch + ReadableStream to support custom auth headers (unlike native EventSource).\n */\n\nexport interface RealtimeEvent {\n  collection: string\n  operation: string\n  id: string | null\n  timestamp: string\n}\n\nexport type RealtimeListener = (event: RealtimeEvent) => void\n\nconst INITIAL_RECONNECT_DELAY = 1_000\nconst MAX_RECONNECT_DELAY = 30_000\nconst RECONNECT_BACKOFF_FACTOR = 2\nconst MAX_NO_TOKEN_RETRIES = 5\n\nexport class RealtimeConnection {\n  private abortController: AbortController | null = null\n  private reconnectAttempt = 0\n  private noTokenAttempts = 0\n  private reconnectTimer: ReturnType<typeof setTimeout> | null = null\n  private listeners = new Set<RealtimeListener>()\n  private _connected = false\n\n  constructor(\n    private baseUrl: string,\n    private publishableKey: string,\n    private getToken: () => string | null,\n    private collections?: string[],\n  ) {}\n\n  get connected(): boolean {\n    return this._connected\n  }\n\n  addListener(fn: RealtimeListener): () => void {\n    this.listeners.add(fn)\n    return () => this.listeners.delete(fn)\n  }\n\n  connect(): void {\n    if (this.abortController) return // Already connecting/connected\n\n    this.abortController = new AbortController()\n    this.startStream(this.abortController.signal)\n  }\n\n  disconnect(): void {\n    this._connected = false\n    if (this.reconnectTimer) {\n      clearTimeout(this.reconnectTimer)\n      this.reconnectTimer = null\n    }\n    if (this.abortController) {\n      this.abortController.abort()\n      this.abortController = null\n    }\n    this.reconnectAttempt = 0\n    this.noTokenAttempts = 0\n  }\n\n  private async startStream(signal: AbortSignal): Promise<void> {\n    const token = this.getToken()\n    if (!token) {\n      this.noTokenAttempts++\n      if (this.noTokenAttempts >= MAX_NO_TOKEN_RETRIES) {\n        // Stop reconnecting — no token available after multiple attempts\n        this._connected = false\n        this.abortController = null\n        return\n      }\n      this.scheduleReconnect()\n      return\n    }\n    this.noTokenAttempts = 0\n\n    const params = this.collections?.length\n      ? `?collections=${this.collections.join(',')}`\n      : ''\n    const url = `${this.baseUrl}/api/events/stream${params}`\n\n    try {\n      const response = await fetch(url, {\n        headers: {\n          'X-Publishable-Key': this.publishableKey,\n          Authorization: `Bearer ${token}`,\n        },\n        signal,\n      })\n\n      if (!response.ok) {\n        if (response.status === 401) {\n          // Token expired — try reconnecting (will get fresh token)\n          this.scheduleReconnect()\n          return\n        }\n        throw new Error(`SSE connection failed: ${response.status}`)\n      }\n\n      if (!response.body) {\n        throw new Error('SSE response has no body')\n      }\n\n      this._connected = true\n      this.reconnectAttempt = 0\n\n      await this.readStream(response.body, signal)\n    } catch {\n      if (signal.aborted) return // Intentional disconnect\n      this._connected = false\n      this.scheduleReconnect()\n    }\n  }\n\n  private async readStream(\n    body: ReadableStream<Uint8Array>,\n    signal: AbortSignal,\n  ): Promise<void> {\n    const reader = body.getReader()\n    const decoder = new TextDecoder()\n    let buffer = ''\n    let currentEvent = ''\n    let currentData = ''\n\n    try {\n      while (true) {\n        const { done, value } = await reader.read()\n        if (done || signal.aborted) break\n\n        buffer += decoder.decode(value, { stream: true })\n        const lines = buffer.split('\\n')\n        buffer = lines.pop() ?? '' // Keep incomplete last line in buffer\n\n        for (const line of lines) {\n          if (line.startsWith('event: ')) {\n            currentEvent = line.slice(7)\n          } else if (line.startsWith('data: ')) {\n            currentData += (currentData ? '\\n' : '') + line.slice(6)\n          } else if (line === '') {\n            // Empty line = end of event\n            if (currentEvent === 'collection:change' && currentData) {\n              try {\n                const event: RealtimeEvent = JSON.parse(currentData)\n                for (const listener of this.listeners) {\n                  try {\n                    listener(event)\n                  } catch {\n                    // Listener error — ignore\n                  }\n                }\n              } catch {\n                // Malformed JSON — ignore\n              }\n            }\n            currentEvent = ''\n            currentData = ''\n          }\n          // Ignore comment lines (: heartbeat)\n        }\n      }\n    } catch {\n      // Stream read error\n    } finally {\n      reader.releaseLock()\n      this._connected = false\n      if (!signal.aborted) {\n        this.scheduleReconnect()\n      }\n    }\n  }\n\n  private scheduleReconnect(): void {\n    if (this.reconnectTimer) return\n\n    const delay = Math.min(\n      INITIAL_RECONNECT_DELAY *\n        Math.pow(RECONNECT_BACKOFF_FACTOR, this.reconnectAttempt),\n      MAX_RECONNECT_DELAY,\n    )\n    this.reconnectAttempt++\n\n    this.reconnectTimer = setTimeout(() => {\n      this.reconnectTimer = null\n      this.abortController = new AbortController()\n      this.startStream(this.abortController.signal)\n    }, delay)\n  }\n}\n","import type { Sort, Where } from 'payload'\n\nimport type { Collection, PublicCollection } from '../collection/const'\n\nexport type { Collection, PublicCollection }\n\n// ============================================================================\n// API URL Configuration\n// ============================================================================\n\ndeclare const __DEFAULT_API_URL__: string\n\nexport function resolveApiUrl(): string {\n  if (typeof process !== 'undefined' && process.env) {\n    const envUrl =\n      process.env.SOFTWARE_API_URL || process.env.NEXT_PUBLIC_SOFTWARE_API_URL\n    if (envUrl) {\n      return envUrl.replace(/\\/$/, '')\n    }\n  }\n  return __DEFAULT_API_URL__\n}\n\n// ============================================================================\n// Client Configuration\n// ============================================================================\n\nexport interface ClientConfig {\n  publishableKey: string\n  /**\n   * Customer authentication options.\n   * Used to initialize CustomerAuth on Client.\n   */\n  customer?: {\n    /**\n     * Persist token in localStorage. Defaults to `true`.\n     * - `true` (default): uses key `'customer-token'`\n     * - `string`: uses the given string as localStorage key\n     * - `false`: disables persistence (token/onTokenChange used instead)\n     *\n     * Handles SSR safely (no-op on server).\n     * When enabled, `token` and `onTokenChange` are ignored.\n     */\n    persist?: boolean | string\n    /** Initial token (e.g. from SSR cookie) */\n    token?: string\n    /** Called when token changes (login/logout) — use to persist in localStorage/cookie */\n    onTokenChange?: (token: string | null) => void\n  }\n}\n\n// Server client: requires both publishableKey (for CDN routing + rate limit +\n// monthly quota enforcement via the edge proxy) and secretKey (sk01_ opaque\n// bearer token, the authentication credential).\n// The proxy keys its tenant lookup off `X-Publishable-Key`, so omitting\n// publishableKey would silently bypass rate limiting and plan-based quota\n// enforcement.\nexport interface ClientServerConfig extends ClientConfig {\n  secretKey: string\n}\n\n\nexport interface ClientMetadata {\n  userAgent?: string\n  timestamp: number\n}\n\nexport interface ClientState {\n  metadata: ClientMetadata\n}\n\nexport interface PaginationMeta {\n  page: number\n  limit: number\n  totalDocs: number\n  totalPages: number\n  hasNextPage: boolean\n  hasPrevPage: boolean\n  pagingCounter: number\n  prevPage: number | null\n  nextPage: number | null\n}\n\n// ============================================================================\n// Payload CMS Native Response Types\n// ============================================================================\n\n/**\n * Payload CMS Find (List) Response\n * GET /api/{collection}\n */\nexport interface PayloadFindResponse<T = unknown> {\n  docs: T[]\n  totalDocs: number\n  limit: number\n  totalPages: number\n  page: number\n  pagingCounter: number\n  hasPrevPage: boolean\n  hasNextPage: boolean\n  prevPage: number | null\n  nextPage: number | null\n}\n\n/**\n * Payload CMS Create/Update Response\n * POST /api/{collection}\n * PATCH /api/{collection}/{id}\n */\nexport interface PayloadMutationResponse<T = unknown> {\n  message: string\n  doc: T\n  errors?: unknown[]\n}\n\n// ============================================================================\n// Query Options\n// ============================================================================\n\n/**\n * Do NOT replace with `Pick<FindOptions>` from `payload`. Payload's generic\n * types (`JoinQuery<TSlug>`, `PopulateType`) depend on `PayloadTypes` module\n * augmentation; external SDK consumers who skip that get degenerate types\n * (`never` / `{}`). Only non-generic `Sort`/`Where` are safe to import.\n * Excluded vs native: Local-API-only fields, `locale`/`fallbackLocale`.\n */\nexport interface ApiQueryOptions {\n  page?: number\n  limit?: number\n  sort?: Sort\n  where?: Where\n  depth?: number\n  select?: Record<string, boolean>\n  /** Per-collection field selection for populated relationships (keyed by collection slug) */\n  populate?: Record<string, boolean | Record<string, boolean>>\n  /** Join field control: pagination/filter per join, or false to disable */\n  joins?:\n    | Record<\n        string,\n        | {\n            limit?: number\n            page?: number\n            sort?: string\n            where?: Where\n            count?: boolean\n          }\n        | false\n      >\n    | false\n  /** Set to `false` to skip the count query — returns docs without totalDocs/totalPages */\n  pagination?: boolean\n  /** Include draft versions (access control still applies on the server) */\n  draft?: boolean\n  /** Include soft-deleted documents (requires `trash` enabled on the collection) */\n  trash?: boolean\n}\n\n// ============================================================================\n// Debug & Retry Configuration\n// ============================================================================\n\nexport interface DebugConfig {\n  logRequests?: boolean\n  logResponses?: boolean\n  logErrors?: boolean\n}\n\nexport interface RetryConfig {\n  maxRetries?: number\n  retryableStatuses?: number[]\n  retryDelay?: (attempt: number) => number\n}\n\n\n// ============================================================================\n// Type Utilities\n// ============================================================================\n\nexport type DeepPartial<T> = {\n  [P in keyof T]?: T[P] extends object ? DeepPartial<T[P]> : T[P]\n}\n\nexport type ExtractArrayType<T> = T extends (infer U)[] ? U : never\n","import type { PublicCollection, ApiQueryOptions } from '../client/types'\nimport type { ProductListingGroupsQueryOptions } from './query-hooks'\n\nexport function collectionKeys<T extends PublicCollection>(collection: T) {\n  return {\n    all: [collection] as const,\n    lists: () => [collection, 'list'] as const,\n    list: (options?: ApiQueryOptions) => [collection, 'list', options] as const,\n    details: () => [collection, 'detail'] as const,\n    detail: (id: string, options?: ApiQueryOptions) =>\n      [collection, 'detail', id, options] as const,\n    infinites: () => [collection, 'infinite'] as const,\n    infinite: (options?: Omit<ApiQueryOptions, 'page'>) =>\n      [collection, 'infinite', options] as const,\n  }\n}\n\nexport const customerKeys = {\n  all: ['customer'] as const,\n  me: () => ['customer', 'me'] as const,\n}\n\nexport const productKeys = {\n  listingGroups: (options?: ProductListingGroupsQueryOptions) =>\n    ['products', 'listing-groups', 'list', options] as const,\n  listingGroupsInfinite: (\n    options?: Omit<ProductListingGroupsQueryOptions, 'page' | 'limit'>,\n  ) =>\n    ['products', 'listing-groups', 'infinite', options] as const,\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,mBAA4C;AAC5C,yBAA+B;;;ACa/B,IAAM,0BAA0B;AAChC,IAAM,sBAAsB;AAC5B,IAAM,2BAA2B;AACjC,IAAM,uBAAuB;AAEtB,IAAM,qBAAN,MAAyB;AAAA,EAQ9B,YACU,SACA,gBACA,UACA,aACR;AAJQ;AACA;AACA;AACA;AAXV,SAAQ,kBAA0C;AAClD,SAAQ,mBAAmB;AAC3B,SAAQ,kBAAkB;AAC1B,SAAQ,iBAAuD;AAC/D,SAAQ,YAAY,oBAAI,IAAsB;AAC9C,SAAQ,aAAa;AAAA,EAOlB;AAAA,EAEH,IAAI,YAAqB;AACvB,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,YAAY,IAAkC;AAC5C,SAAK,UAAU,IAAI,EAAE;AACrB,WAAO,MAAM,KAAK,UAAU,OAAO,EAAE;AAAA,EACvC;AAAA,EAEA,UAAgB;AACd,QAAI,KAAK,gBAAiB;AAE1B,SAAK,kBAAkB,IAAI,gBAAgB;AAC3C,SAAK,YAAY,KAAK,gBAAgB,MAAM;AAAA,EAC9C;AAAA,EAEA,aAAmB;AACjB,SAAK,aAAa;AAClB,QAAI,KAAK,gBAAgB;AACvB,mBAAa,KAAK,cAAc;AAChC,WAAK,iBAAiB;AAAA,IACxB;AACA,QAAI,KAAK,iBAAiB;AACxB,WAAK,gBAAgB,MAAM;AAC3B,WAAK,kBAAkB;AAAA,IACzB;AACA,SAAK,mBAAmB;AACxB,SAAK,kBAAkB;AAAA,EACzB;AAAA,EAEA,MAAc,YAAY,QAAoC;AAC5D,UAAM,QAAQ,KAAK,SAAS;AAC5B,QAAI,CAAC,OAAO;AACV,WAAK;AACL,UAAI,KAAK,mBAAmB,sBAAsB;AAEhD,aAAK,aAAa;AAClB,aAAK,kBAAkB;AACvB;AAAA,MACF;AACA,WAAK,kBAAkB;AACvB;AAAA,IACF;AACA,SAAK,kBAAkB;AAEvB,UAAM,SAAS,KAAK,aAAa,SAC7B,gBAAgB,KAAK,YAAY,KAAK,GAAG,CAAC,KAC1C;AACJ,UAAM,MAAM,GAAG,KAAK,OAAO,qBAAqB,MAAM;AAEtD,QAAI;AACF,YAAM,WAAW,MAAM,MAAM,KAAK;AAAA,QAChC,SAAS;AAAA,UACP,qBAAqB,KAAK;AAAA,UAC1B,eAAe,UAAU,KAAK;AAAA,QAChC;AAAA,QACA;AAAA,MACF,CAAC;AAED,UAAI,CAAC,SAAS,IAAI;AAChB,YAAI,SAAS,WAAW,KAAK;AAE3B,eAAK,kBAAkB;AACvB;AAAA,QACF;AACA,cAAM,IAAI,MAAM,0BAA0B,SAAS,MAAM,EAAE;AAAA,MAC7D;AAEA,UAAI,CAAC,SAAS,MAAM;AAClB,cAAM,IAAI,MAAM,0BAA0B;AAAA,MAC5C;AAEA,WAAK,aAAa;AAClB,WAAK,mBAAmB;AAExB,YAAM,KAAK,WAAW,SAAS,MAAM,MAAM;AAAA,IAC7C,QAAQ;AACN,UAAI,OAAO,QAAS;AACpB,WAAK,aAAa;AAClB,WAAK,kBAAkB;AAAA,IACzB;AAAA,EACF;AAAA,EAEA,MAAc,WACZ,MACA,QACe;AACf,UAAM,SAAS,KAAK,UAAU;AAC9B,UAAM,UAAU,IAAI,YAAY;AAChC,QAAI,SAAS;AACb,QAAI,eAAe;AACnB,QAAI,cAAc;AAElB,QAAI;AACF,aAAO,MAAM;AACX,cAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAAO,KAAK;AAC1C,YAAI,QAAQ,OAAO,QAAS;AAE5B,kBAAU,QAAQ,OAAO,OAAO,EAAE,QAAQ,KAAK,CAAC;AAChD,cAAM,QAAQ,OAAO,MAAM,IAAI;AAC/B,iBAAS,MAAM,IAAI,KAAK;AAExB,mBAAW,QAAQ,OAAO;AACxB,cAAI,KAAK,WAAW,SAAS,GAAG;AAC9B,2BAAe,KAAK,MAAM,CAAC;AAAA,UAC7B,WAAW,KAAK,WAAW,QAAQ,GAAG;AACpC,4BAAgB,cAAc,OAAO,MAAM,KAAK,MAAM,CAAC;AAAA,UACzD,WAAW,SAAS,IAAI;AAEtB,gBAAI,iBAAiB,uBAAuB,aAAa;AACvD,kBAAI;AACF,sBAAM,QAAuB,KAAK,MAAM,WAAW;AACnD,2BAAW,YAAY,KAAK,WAAW;AACrC,sBAAI;AACF,6BAAS,KAAK;AAAA,kBAChB,QAAQ;AAAA,kBAER;AAAA,gBACF;AAAA,cACF,QAAQ;AAAA,cAER;AAAA,YACF;AACA,2BAAe;AACf,0BAAc;AAAA,UAChB;AAAA,QAEF;AAAA,MACF;AAAA,IACF,QAAQ;AAAA,IAER,UAAE;AACA,aAAO,YAAY;AACnB,WAAK,aAAa;AAClB,UAAI,CAAC,OAAO,SAAS;AACnB,aAAK,kBAAkB;AAAA,MACzB;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,oBAA0B;AAChC,QAAI,KAAK,eAAgB;AAEzB,UAAM,QAAQ,KAAK;AAAA,MACjB,0BACE,KAAK,IAAI,0BAA0B,KAAK,gBAAgB;AAAA,MAC1D;AAAA,IACF;AACA,SAAK;AAEL,SAAK,iBAAiB,WAAW,MAAM;AACrC,WAAK,iBAAiB;AACtB,WAAK,kBAAkB,IAAI,gBAAgB;AAC3C,WAAK,YAAY,KAAK,gBAAgB,MAAM;AAAA,IAC9C,GAAG,KAAK;AAAA,EACV;AACF;;;AClLO,SAAS,gBAAwB;AACtC,MAAI,OAAO,YAAY,eAAe,QAAQ,KAAK;AACjD,UAAM,SACJ,QAAQ,IAAI,oBAAoB,QAAQ,IAAI;AAC9C,QAAI,QAAQ;AACV,aAAO,OAAO,QAAQ,OAAO,EAAE;AAAA,IACjC;AAAA,EACF;AACA,SAAO;AACT;;;AClBO,SAAS,eAA2C,YAAe;AACxE,SAAO;AAAA,IACL,KAAK,CAAC,UAAU;AAAA,IAChB,OAAO,MAAM,CAAC,YAAY,MAAM;AAAA,IAChC,MAAM,CAAC,YAA8B,CAAC,YAAY,QAAQ,OAAO;AAAA,IACjE,SAAS,MAAM,CAAC,YAAY,QAAQ;AAAA,IACpC,QAAQ,CAAC,IAAY,YACnB,CAAC,YAAY,UAAU,IAAI,OAAO;AAAA,IACpC,WAAW,MAAM,CAAC,YAAY,UAAU;AAAA,IACxC,UAAU,CAAC,YACT,CAAC,YAAY,YAAY,OAAO;AAAA,EACpC;AACF;;;AHoBO,SAAS,iBAAiB,SAKN;AACzB,QAAM,EAAE,UAAU,aAAa,UAAU,KAAK,IAAI;AAClD,QAAM,iBAAiB,QAAQ;AAC/B,QAAM,kBAAc,mCAAe;AACnC,QAAM,CAAC,WAAW,YAAY,QAAI,uBAAS,KAAK;AAChD,QAAM,CAAC,WAAW,YAAY,QAAI,uBAA+B,IAAI;AACrE,QAAM,oBAAgB,qBAAkC,IAAI;AAE5D,8BAAU,MAAM;AACd,QAAI,CAAC,WAAW,CAAC,eAAgB;AAEjC,UAAM,UAAU,cAAc;AAC9B,UAAM,OAAO,IAAI;AAAA,MACf;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AACA,kBAAc,UAAU;AAGxB,UAAM,iBAAiB,KAAK,YAAY,CAAC,UAAU;AACjD,mBAAa,KAAK;AAGlB,YAAM,OAAO,eAAe,MAAM,UAA8B;AAChE,kBAAY,kBAAkB,EAAE,UAAU,KAAK,IAAI,CAAC;AAAA,IACtD,CAAC;AAGD,UAAM,eAAe,YAAY,MAAM;AACrC,mBAAa,KAAK,SAAS;AAAA,IAC7B,GAAG,GAAI;AAEP,SAAK,QAAQ;AAEb,WAAO,MAAM;AACX,WAAK,WAAW;AAChB,qBAAe;AACf,oBAAc,YAAY;AAC1B,oBAAc,UAAU;AACxB,mBAAa,KAAK;AAAA,IACpB;AAAA,EAEF,GAAG,CAAC,gBAAgB,SAAS,aAAa,KAAK,GAAG,CAAC,CAAC;AAEpD,SAAO,EAAE,WAAW,UAAU;AAChC;","names":[]}

package/dist/realtime.d.cts

@@ -1,7 +1,7 @@
 import { R as RealtimeEvent } from './realtime-D7HtUpqt.cjs';
 export { a as RealtimeConnection, b as RealtimeListener } from './realtime-D7HtUpqt.cjs';
-import { P as PublicCollection } from './const-D2K5HxpP.cjs';
-import './payload-types-CMoyAOjJ.cjs';
+import { P as PublicCollection } from './const-CkhnGqnb.cjs';
+import './payload-types-DfQct8Dj.cjs';
 
 interface UseRealtimeQueryOptions {
     /** Filter events to specific collections. Empty/undefined = all collections. */

package/dist/realtime.d.ts

@@ -1,7 +1,7 @@
 import { R as RealtimeEvent } from './realtime-D7HtUpqt.js';
 export { a as RealtimeConnection, b as RealtimeListener } from './realtime-D7HtUpqt.js';
-import { P as PublicCollection } from './const-DG8TrouX.js';
-import './payload-types-CMoyAOjJ.js';
+import { P as PublicCollection } from './const-B9oeZoDy.js';
+import './payload-types-DfQct8Dj.js';
 
 interface UseRealtimeQueryOptions {
     /** Filter events to specific collections. Empty/undefined = all collections. */

package/dist/realtime.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/core/query/realtime-hooks.ts","../src/core/query/realtime.ts","../src/core/client/types.ts","../src/core/query/query-keys.ts"],"sourcesContent":["import { useEffect, useRef, useState } from 'react'\nimport { useQueryClient } from '@tanstack/react-query'\nimport { RealtimeConnection, type RealtimeEvent } from './realtime'\nimport { resolveApiUrl, type PublicCollection } from '../client/types'\nimport { collectionKeys } from './query-keys'\n\nexport type { RealtimeEvent }\n\nexport interface UseRealtimeQueryOptions {\n  /** Filter events to specific collections. Empty/undefined = all collections. */\n  collections?: PublicCollection[]\n  /** Enable/disable the SSE connection. Default: true. */\n  enabled?: boolean\n}\n\nexport interface UseRealtimeQueryResult {\n  /** Whether the SSE connection is currently active. */\n  connected: boolean\n  /** The last received event, or null. */\n  lastEvent: RealtimeEvent | null\n}\n\n/**\n * React hook that subscribes to real-time collection change events via SSE.\n * Automatically invalidates React Query cache when changes are detected.\n *\n * @example\n * ```tsx\n * const { connected } = useRealtimeQuery({\n *   publishableKey: 'your-key',\n *   getToken: () => client.customer.getToken(),\n *   collections: ['products', 'orders'],\n * })\n * ```\n */\nexport function useRealtimeQuery(options: {\n  publishableKey: string\n  getToken: () => string | null\n  collections?: PublicCollection[]\n  enabled?: boolean\n}): UseRealtimeQueryResult {\n  const { getToken, collections, enabled = true } = options\n  const publishableKey = options.publishableKey\n  const queryClient = useQueryClient()\n  const [connected, setConnected] = useState(false)\n  const [lastEvent, setLastEvent] = useState<RealtimeEvent | null>(null)\n  const connectionRef = useRef<RealtimeConnection | null>(null)\n\n  useEffect(() => {\n    if (!enabled || !publishableKey) return\n\n    const baseUrl = resolveApiUrl()\n    const conn = new RealtimeConnection(\n      baseUrl,\n      publishableKey,\n      getToken,\n      collections,\n    )\n    connectionRef.current = conn\n\n    // Listen for events and invalidate queries\n    const removeListener = conn.addListener((event) => {\n      setLastEvent(event)\n\n      // Invalidate all queries for the changed collection\n      const keys = collectionKeys(event.collection as PublicCollection)\n      queryClient.invalidateQueries({ queryKey: keys.all })\n    })\n\n    // Track connection state\n    const pollInterval = setInterval(() => {\n      setConnected(conn.connected)\n    }, 1000)\n\n    conn.connect()\n\n    return () => {\n      conn.disconnect()\n      removeListener()\n      clearInterval(pollInterval)\n      connectionRef.current = null\n      setConnected(false)\n    }\n    // eslint-disable-next-line react-hooks/exhaustive-deps\n  }, [publishableKey, enabled, collections?.join(',')])\n\n  return { connected, lastEvent }\n}\n","/**\n * Fetch-based SSE connection manager for real-time collection change events.\n * Uses fetch + ReadableStream to support custom auth headers (unlike native EventSource).\n */\n\nexport interface RealtimeEvent {\n  collection: string\n  operation: string\n  id: string | null\n  timestamp: string\n}\n\nexport type RealtimeListener = (event: RealtimeEvent) => void\n\nconst INITIAL_RECONNECT_DELAY = 1_000\nconst MAX_RECONNECT_DELAY = 30_000\nconst RECONNECT_BACKOFF_FACTOR = 2\nconst MAX_NO_TOKEN_RETRIES = 5\n\nexport class RealtimeConnection {\n  private abortController: AbortController | null = null\n  private reconnectAttempt = 0\n  private noTokenAttempts = 0\n  private reconnectTimer: ReturnType<typeof setTimeout> | null = null\n  private listeners = new Set<RealtimeListener>()\n  private _connected = false\n\n  constructor(\n    private baseUrl: string,\n    private publishableKey: string,\n    private getToken: () => string | null,\n    private collections?: string[],\n  ) {}\n\n  get connected(): boolean {\n    return this._connected\n  }\n\n  addListener(fn: RealtimeListener): () => void {\n    this.listeners.add(fn)\n    return () => this.listeners.delete(fn)\n  }\n\n  connect(): void {\n    if (this.abortController) return // Already connecting/connected\n\n    this.abortController = new AbortController()\n    this.startStream(this.abortController.signal)\n  }\n\n  disconnect(): void {\n    this._connected = false\n    if (this.reconnectTimer) {\n      clearTimeout(this.reconnectTimer)\n      this.reconnectTimer = null\n    }\n    if (this.abortController) {\n      this.abortController.abort()\n      this.abortController = null\n    }\n    this.reconnectAttempt = 0\n    this.noTokenAttempts = 0\n  }\n\n  private async startStream(signal: AbortSignal): Promise<void> {\n    const token = this.getToken()\n    if (!token) {\n      this.noTokenAttempts++\n      if (this.noTokenAttempts >= MAX_NO_TOKEN_RETRIES) {\n        // Stop reconnecting — no token available after multiple attempts\n        this._connected = false\n        this.abortController = null\n        return\n      }\n      this.scheduleReconnect()\n      return\n    }\n    this.noTokenAttempts = 0\n\n    const params = this.collections?.length\n      ? `?collections=${this.collections.join(',')}`\n      : ''\n    const url = `${this.baseUrl}/api/events/stream${params}`\n\n    try {\n      const response = await fetch(url, {\n        headers: {\n          'X-Publishable-Key': this.publishableKey,\n          Authorization: `Bearer ${token}`,\n        },\n        signal,\n      })\n\n      if (!response.ok) {\n        if (response.status === 401) {\n          // Token expired — try reconnecting (will get fresh token)\n          this.scheduleReconnect()\n          return\n        }\n        throw new Error(`SSE connection failed: ${response.status}`)\n      }\n\n      if (!response.body) {\n        throw new Error('SSE response has no body')\n      }\n\n      this._connected = true\n      this.reconnectAttempt = 0\n\n      await this.readStream(response.body, signal)\n    } catch {\n      if (signal.aborted) return // Intentional disconnect\n      this._connected = false\n      this.scheduleReconnect()\n    }\n  }\n\n  private async readStream(\n    body: ReadableStream<Uint8Array>,\n    signal: AbortSignal,\n  ): Promise<void> {\n    const reader = body.getReader()\n    const decoder = new TextDecoder()\n    let buffer = ''\n    let currentEvent = ''\n    let currentData = ''\n\n    try {\n      while (true) {\n        const { done, value } = await reader.read()\n        if (done || signal.aborted) break\n\n        buffer += decoder.decode(value, { stream: true })\n        const lines = buffer.split('\\n')\n        buffer = lines.pop() ?? '' // Keep incomplete last line in buffer\n\n        for (const line of lines) {\n          if (line.startsWith('event: ')) {\n            currentEvent = line.slice(7)\n          } else if (line.startsWith('data: ')) {\n            currentData += (currentData ? '\\n' : '') + line.slice(6)\n          } else if (line === '') {\n            // Empty line = end of event\n            if (currentEvent === 'collection:change' && currentData) {\n              try {\n                const event: RealtimeEvent = JSON.parse(currentData)\n                for (const listener of this.listeners) {\n                  try {\n                    listener(event)\n                  } catch {\n                    // Listener error — ignore\n                  }\n                }\n              } catch {\n                // Malformed JSON — ignore\n              }\n            }\n            currentEvent = ''\n            currentData = ''\n          }\n          // Ignore comment lines (: heartbeat)\n        }\n      }\n    } catch {\n      // Stream read error\n    } finally {\n      reader.releaseLock()\n      this._connected = false\n      if (!signal.aborted) {\n        this.scheduleReconnect()\n      }\n    }\n  }\n\n  private scheduleReconnect(): void {\n    if (this.reconnectTimer) return\n\n    const delay = Math.min(\n      INITIAL_RECONNECT_DELAY *\n        Math.pow(RECONNECT_BACKOFF_FACTOR, this.reconnectAttempt),\n      MAX_RECONNECT_DELAY,\n    )\n    this.reconnectAttempt++\n\n    this.reconnectTimer = setTimeout(() => {\n      this.reconnectTimer = null\n      this.abortController = new AbortController()\n      this.startStream(this.abortController.signal)\n    }, delay)\n  }\n}\n","import type { Sort, Where } from 'payload'\n\nimport type { Collection, PublicCollection } from '../collection/const'\n\nexport type { Collection, PublicCollection }\n\n// ============================================================================\n// API URL Configuration\n// ============================================================================\n\ndeclare const __DEFAULT_API_URL__: string\n\nexport function resolveApiUrl(): string {\n  if (typeof process !== 'undefined' && process.env) {\n    const envUrl =\n      process.env.SOFTWARE_API_URL || process.env.NEXT_PUBLIC_SOFTWARE_API_URL\n    if (envUrl) {\n      return envUrl.replace(/\\/$/, '')\n    }\n  }\n  return __DEFAULT_API_URL__\n}\n\n// ============================================================================\n// Client Configuration\n// ============================================================================\n\nexport interface ClientConfig {\n  publishableKey: string\n  /**\n   * Customer authentication options.\n   * Used to initialize CustomerAuth on Client.\n   */\n  customer?: {\n    /**\n     * Persist token in localStorage. Defaults to `true`.\n     * - `true` (default): uses key `'customer-token'`\n     * - `string`: uses the given string as localStorage key\n     * - `false`: disables persistence (token/onTokenChange used instead)\n     *\n     * Handles SSR safely (no-op on server).\n     * When enabled, `token` and `onTokenChange` are ignored.\n     */\n    persist?: boolean | string\n    /** Initial token (e.g. from SSR cookie) */\n    token?: string\n    /** Called when token changes (login/logout) — use to persist in localStorage/cookie */\n    onTokenChange?: (token: string | null) => void\n  }\n}\n\n// Server client: requires both publishableKey (for CDN routing + rate limit +\n// monthly quota enforcement via the edge proxy) and secretKey (sk01_ opaque\n// bearer token, the authentication credential).\n// The proxy keys its tenant lookup off `X-Publishable-Key`, so omitting\n// publishableKey would silently bypass rate limiting and plan-based quota\n// enforcement.\nexport interface ClientServerConfig extends ClientConfig {\n  secretKey: string\n  /**\n   * Tenant ID for pat01_ API keys. When provided alongside a pat01_ key,\n   * every server request includes X-Tenant-Id so the API can scope the\n   * request to the correct tenant. Not needed for sk01_ keys (tenant is\n   * encoded in the key itself).\n   */\n  tenantId?: string\n}\n\n\nexport interface ClientMetadata {\n  userAgent?: string\n  timestamp: number\n}\n\nexport interface ClientState {\n  metadata: ClientMetadata\n}\n\nexport interface PaginationMeta {\n  page: number\n  limit: number\n  totalDocs: number\n  totalPages: number\n  hasNextPage: boolean\n  hasPrevPage: boolean\n  pagingCounter: number\n  prevPage: number | null\n  nextPage: number | null\n}\n\n// ============================================================================\n// Payload CMS Native Response Types\n// ============================================================================\n\n/**\n * Payload CMS Find (List) Response\n * GET /api/{collection}\n */\nexport interface PayloadFindResponse<T = unknown> {\n  docs: T[]\n  totalDocs: number\n  limit: number\n  totalPages: number\n  page: number\n  pagingCounter: number\n  hasPrevPage: boolean\n  hasNextPage: boolean\n  prevPage: number | null\n  nextPage: number | null\n}\n\n/**\n * Payload CMS Create/Update Response\n * POST /api/{collection}\n * PATCH /api/{collection}/{id}\n */\nexport interface PayloadMutationResponse<T = unknown> {\n  message: string\n  doc: T\n  errors?: unknown[]\n}\n\n// ============================================================================\n// Query Options\n// ============================================================================\n\n/**\n * Do NOT replace with `Pick<FindOptions>` from `payload`. Payload's generic\n * types (`JoinQuery<TSlug>`, `PopulateType`) depend on `PayloadTypes` module\n * augmentation; external SDK consumers who skip that get degenerate types\n * (`never` / `{}`). Only non-generic `Sort`/`Where` are safe to import.\n * Excluded vs native: Local-API-only fields, `locale`/`fallbackLocale`.\n */\nexport interface ApiQueryOptions {\n  page?: number\n  limit?: number\n  sort?: Sort\n  where?: Where\n  depth?: number\n  select?: Record<string, boolean>\n  /** Per-collection field selection for populated relationships (keyed by collection slug) */\n  populate?: Record<string, boolean | Record<string, boolean>>\n  /** Join field control: pagination/filter per join, or false to disable */\n  joins?:\n    | Record<\n        string,\n        | {\n            limit?: number\n            page?: number\n            sort?: string\n            where?: Where\n            count?: boolean\n          }\n        | false\n      >\n    | false\n  /** Set to `false` to skip the count query — returns docs without totalDocs/totalPages */\n  pagination?: boolean\n  /** Include draft versions (access control still applies on the server) */\n  draft?: boolean\n  /** Include soft-deleted documents (requires `trash` enabled on the collection) */\n  trash?: boolean\n}\n\n// ============================================================================\n// Debug & Retry Configuration\n// ============================================================================\n\nexport interface DebugConfig {\n  logRequests?: boolean\n  logResponses?: boolean\n  logErrors?: boolean\n}\n\nexport interface RetryConfig {\n  maxRetries?: number\n  retryableStatuses?: number[]\n  retryDelay?: (attempt: number) => number\n}\n\n\n// ============================================================================\n// Type Utilities\n// ============================================================================\n\nexport type DeepPartial<T> = {\n  [P in keyof T]?: T[P] extends object ? DeepPartial<T[P]> : T[P]\n}\n\nexport type ExtractArrayType<T> = T extends (infer U)[] ? U : never\n","import type { PublicCollection, ApiQueryOptions } from '../client/types'\nimport type { ProductListingGroupsQueryOptions } from './query-hooks'\n\nexport function collectionKeys<T extends PublicCollection>(collection: T) {\n  return {\n    all: [collection] as const,\n    lists: () => [collection, 'list'] as const,\n    list: (options?: ApiQueryOptions) => [collection, 'list', options] as const,\n    details: () => [collection, 'detail'] as const,\n    detail: (id: string, options?: ApiQueryOptions) =>\n      [collection, 'detail', id, options] as const,\n    infinites: () => [collection, 'infinite'] as const,\n    infinite: (options?: Omit<ApiQueryOptions, 'page'>) =>\n      [collection, 'infinite', options] as const,\n  }\n}\n\nexport const customerKeys = {\n  all: ['customer'] as const,\n  me: () => ['customer', 'me'] as const,\n}\n\nexport const productKeys = {\n  listingGroups: (options?: ProductListingGroupsQueryOptions) =>\n    ['products', 'listing-groups', 'list', options] as const,\n  listingGroupsInfinite: (\n    options?: Omit<ProductListingGroupsQueryOptions, 'page' | 'limit'>,\n  ) =>\n    ['products', 'listing-groups', 'infinite', options] as const,\n}\n"],"mappings":";AAAA,SAAS,WAAW,QAAQ,gBAAgB;AAC5C,SAAS,sBAAsB;;;ACa/B,IAAM,0BAA0B;AAChC,IAAM,sBAAsB;AAC5B,IAAM,2BAA2B;AACjC,IAAM,uBAAuB;AAEtB,IAAM,qBAAN,MAAyB;AAAA,EAQ9B,YACU,SACA,gBACA,UACA,aACR;AAJQ;AACA;AACA;AACA;AAXV,SAAQ,kBAA0C;AAClD,SAAQ,mBAAmB;AAC3B,SAAQ,kBAAkB;AAC1B,SAAQ,iBAAuD;AAC/D,SAAQ,YAAY,oBAAI,IAAsB;AAC9C,SAAQ,aAAa;AAAA,EAOlB;AAAA,EAEH,IAAI,YAAqB;AACvB,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,YAAY,IAAkC;AAC5C,SAAK,UAAU,IAAI,EAAE;AACrB,WAAO,MAAM,KAAK,UAAU,OAAO,EAAE;AAAA,EACvC;AAAA,EAEA,UAAgB;AACd,QAAI,KAAK,gBAAiB;AAE1B,SAAK,kBAAkB,IAAI,gBAAgB;AAC3C,SAAK,YAAY,KAAK,gBAAgB,MAAM;AAAA,EAC9C;AAAA,EAEA,aAAmB;AACjB,SAAK,aAAa;AAClB,QAAI,KAAK,gBAAgB;AACvB,mBAAa,KAAK,cAAc;AAChC,WAAK,iBAAiB;AAAA,IACxB;AACA,QAAI,KAAK,iBAAiB;AACxB,WAAK,gBAAgB,MAAM;AAC3B,WAAK,kBAAkB;AAAA,IACzB;AACA,SAAK,mBAAmB;AACxB,SAAK,kBAAkB;AAAA,EACzB;AAAA,EAEA,MAAc,YAAY,QAAoC;AAC5D,UAAM,QAAQ,KAAK,SAAS;AAC5B,QAAI,CAAC,OAAO;AACV,WAAK;AACL,UAAI,KAAK,mBAAmB,sBAAsB;AAEhD,aAAK,aAAa;AAClB,aAAK,kBAAkB;AACvB;AAAA,MACF;AACA,WAAK,kBAAkB;AACvB;AAAA,IACF;AACA,SAAK,kBAAkB;AAEvB,UAAM,SAAS,KAAK,aAAa,SAC7B,gBAAgB,KAAK,YAAY,KAAK,GAAG,CAAC,KAC1C;AACJ,UAAM,MAAM,GAAG,KAAK,OAAO,qBAAqB,MAAM;AAEtD,QAAI;AACF,YAAM,WAAW,MAAM,MAAM,KAAK;AAAA,QAChC,SAAS;AAAA,UACP,qBAAqB,KAAK;AAAA,UAC1B,eAAe,UAAU,KAAK;AAAA,QAChC;AAAA,QACA;AAAA,MACF,CAAC;AAED,UAAI,CAAC,SAAS,IAAI;AAChB,YAAI,SAAS,WAAW,KAAK;AAE3B,eAAK,kBAAkB;AACvB;AAAA,QACF;AACA,cAAM,IAAI,MAAM,0BAA0B,SAAS,MAAM,EAAE;AAAA,MAC7D;AAEA,UAAI,CAAC,SAAS,MAAM;AAClB,cAAM,IAAI,MAAM,0BAA0B;AAAA,MAC5C;AAEA,WAAK,aAAa;AAClB,WAAK,mBAAmB;AAExB,YAAM,KAAK,WAAW,SAAS,MAAM,MAAM;AAAA,IAC7C,QAAQ;AACN,UAAI,OAAO,QAAS;AACpB,WAAK,aAAa;AAClB,WAAK,kBAAkB;AAAA,IACzB;AAAA,EACF;AAAA,EAEA,MAAc,WACZ,MACA,QACe;AACf,UAAM,SAAS,KAAK,UAAU;AAC9B,UAAM,UAAU,IAAI,YAAY;AAChC,QAAI,SAAS;AACb,QAAI,eAAe;AACnB,QAAI,cAAc;AAElB,QAAI;AACF,aAAO,MAAM;AACX,cAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAAO,KAAK;AAC1C,YAAI,QAAQ,OAAO,QAAS;AAE5B,kBAAU,QAAQ,OAAO,OAAO,EAAE,QAAQ,KAAK,CAAC;AAChD,cAAM,QAAQ,OAAO,MAAM,IAAI;AAC/B,iBAAS,MAAM,IAAI,KAAK;AAExB,mBAAW,QAAQ,OAAO;AACxB,cAAI,KAAK,WAAW,SAAS,GAAG;AAC9B,2BAAe,KAAK,MAAM,CAAC;AAAA,UAC7B,WAAW,KAAK,WAAW,QAAQ,GAAG;AACpC,4BAAgB,cAAc,OAAO,MAAM,KAAK,MAAM,CAAC;AAAA,UACzD,WAAW,SAAS,IAAI;AAEtB,gBAAI,iBAAiB,uBAAuB,aAAa;AACvD,kBAAI;AACF,sBAAM,QAAuB,KAAK,MAAM,WAAW;AACnD,2BAAW,YAAY,KAAK,WAAW;AACrC,sBAAI;AACF,6BAAS,KAAK;AAAA,kBAChB,QAAQ;AAAA,kBAER;AAAA,gBACF;AAAA,cACF,QAAQ;AAAA,cAER;AAAA,YACF;AACA,2BAAe;AACf,0BAAc;AAAA,UAChB;AAAA,QAEF;AAAA,MACF;AAAA,IACF,QAAQ;AAAA,IAER,UAAE;AACA,aAAO,YAAY;AACnB,WAAK,aAAa;AAClB,UAAI,CAAC,OAAO,SAAS;AACnB,aAAK,kBAAkB;AAAA,MACzB;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,oBAA0B;AAChC,QAAI,KAAK,eAAgB;AAEzB,UAAM,QAAQ,KAAK;AAAA,MACjB,0BACE,KAAK,IAAI,0BAA0B,KAAK,gBAAgB;AAAA,MAC1D;AAAA,IACF;AACA,SAAK;AAEL,SAAK,iBAAiB,WAAW,MAAM;AACrC,WAAK,iBAAiB;AACtB,WAAK,kBAAkB,IAAI,gBAAgB;AAC3C,WAAK,YAAY,KAAK,gBAAgB,MAAM;AAAA,IAC9C,GAAG,KAAK;AAAA,EACV;AACF;;;AClLO,SAAS,gBAAwB;AACtC,MAAI,OAAO,YAAY,eAAe,QAAQ,KAAK;AACjD,UAAM,SACJ,QAAQ,IAAI,oBAAoB,QAAQ,IAAI;AAC9C,QAAI,QAAQ;AACV,aAAO,OAAO,QAAQ,OAAO,EAAE;AAAA,IACjC;AAAA,EACF;AACA,SAAO;AACT;;;AClBO,SAAS,eAA2C,YAAe;AACxE,SAAO;AAAA,IACL,KAAK,CAAC,UAAU;AAAA,IAChB,OAAO,MAAM,CAAC,YAAY,MAAM;AAAA,IAChC,MAAM,CAAC,YAA8B,CAAC,YAAY,QAAQ,OAAO;AAAA,IACjE,SAAS,MAAM,CAAC,YAAY,QAAQ;AAAA,IACpC,QAAQ,CAAC,IAAY,YACnB,CAAC,YAAY,UAAU,IAAI,OAAO;AAAA,IACpC,WAAW,MAAM,CAAC,YAAY,UAAU;AAAA,IACxC,UAAU,CAAC,YACT,CAAC,YAAY,YAAY,OAAO;AAAA,EACpC;AACF;;;AHoBO,SAAS,iBAAiB,SAKN;AACzB,QAAM,EAAE,UAAU,aAAa,UAAU,KAAK,IAAI;AAClD,QAAM,iBAAiB,QAAQ;AAC/B,QAAM,cAAc,eAAe;AACnC,QAAM,CAAC,WAAW,YAAY,IAAI,SAAS,KAAK;AAChD,QAAM,CAAC,WAAW,YAAY,IAAI,SAA+B,IAAI;AACrE,QAAM,gBAAgB,OAAkC,IAAI;AAE5D,YAAU,MAAM;AACd,QAAI,CAAC,WAAW,CAAC,eAAgB;AAEjC,UAAM,UAAU,cAAc;AAC9B,UAAM,OAAO,IAAI;AAAA,MACf;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AACA,kBAAc,UAAU;AAGxB,UAAM,iBAAiB,KAAK,YAAY,CAAC,UAAU;AACjD,mBAAa,KAAK;AAGlB,YAAM,OAAO,eAAe,MAAM,UAA8B;AAChE,kBAAY,kBAAkB,EAAE,UAAU,KAAK,IAAI,CAAC;AAAA,IACtD,CAAC;AAGD,UAAM,eAAe,YAAY,MAAM;AACrC,mBAAa,KAAK,SAAS;AAAA,IAC7B,GAAG,GAAI;AAEP,SAAK,QAAQ;AAEb,WAAO,MAAM;AACX,WAAK,WAAW;AAChB,qBAAe;AACf,oBAAc,YAAY;AAC1B,oBAAc,UAAU;AACxB,mBAAa,KAAK;AAAA,IACpB;AAAA,EAEF,GAAG,CAAC,gBAAgB,SAAS,aAAa,KAAK,GAAG,CAAC,CAAC;AAEpD,SAAO,EAAE,WAAW,UAAU;AAChC;","names":[]}
+{"version":3,"sources":["../src/core/query/realtime-hooks.ts","../src/core/query/realtime.ts","../src/core/client/types.ts","../src/core/query/query-keys.ts"],"sourcesContent":["import { useEffect, useRef, useState } from 'react'\nimport { useQueryClient } from '@tanstack/react-query'\nimport { RealtimeConnection, type RealtimeEvent } from './realtime'\nimport { resolveApiUrl, type PublicCollection } from '../client/types'\nimport { collectionKeys } from './query-keys'\n\nexport type { RealtimeEvent }\n\nexport interface UseRealtimeQueryOptions {\n  /** Filter events to specific collections. Empty/undefined = all collections. */\n  collections?: PublicCollection[]\n  /** Enable/disable the SSE connection. Default: true. */\n  enabled?: boolean\n}\n\nexport interface UseRealtimeQueryResult {\n  /** Whether the SSE connection is currently active. */\n  connected: boolean\n  /** The last received event, or null. */\n  lastEvent: RealtimeEvent | null\n}\n\n/**\n * React hook that subscribes to real-time collection change events via SSE.\n * Automatically invalidates React Query cache when changes are detected.\n *\n * @example\n * ```tsx\n * const { connected } = useRealtimeQuery({\n *   publishableKey: 'your-key',\n *   getToken: () => client.customer.getToken(),\n *   collections: ['products', 'orders'],\n * })\n * ```\n */\nexport function useRealtimeQuery(options: {\n  publishableKey: string\n  getToken: () => string | null\n  collections?: PublicCollection[]\n  enabled?: boolean\n}): UseRealtimeQueryResult {\n  const { getToken, collections, enabled = true } = options\n  const publishableKey = options.publishableKey\n  const queryClient = useQueryClient()\n  const [connected, setConnected] = useState(false)\n  const [lastEvent, setLastEvent] = useState<RealtimeEvent | null>(null)\n  const connectionRef = useRef<RealtimeConnection | null>(null)\n\n  useEffect(() => {\n    if (!enabled || !publishableKey) return\n\n    const baseUrl = resolveApiUrl()\n    const conn = new RealtimeConnection(\n      baseUrl,\n      publishableKey,\n      getToken,\n      collections,\n    )\n    connectionRef.current = conn\n\n    // Listen for events and invalidate queries\n    const removeListener = conn.addListener((event) => {\n      setLastEvent(event)\n\n      // Invalidate all queries for the changed collection\n      const keys = collectionKeys(event.collection as PublicCollection)\n      queryClient.invalidateQueries({ queryKey: keys.all })\n    })\n\n    // Track connection state\n    const pollInterval = setInterval(() => {\n      setConnected(conn.connected)\n    }, 1000)\n\n    conn.connect()\n\n    return () => {\n      conn.disconnect()\n      removeListener()\n      clearInterval(pollInterval)\n      connectionRef.current = null\n      setConnected(false)\n    }\n    // eslint-disable-next-line react-hooks/exhaustive-deps\n  }, [publishableKey, enabled, collections?.join(',')])\n\n  return { connected, lastEvent }\n}\n","/**\n * Fetch-based SSE connection manager for real-time collection change events.\n * Uses fetch + ReadableStream to support custom auth headers (unlike native EventSource).\n */\n\nexport interface RealtimeEvent {\n  collection: string\n  operation: string\n  id: string | null\n  timestamp: string\n}\n\nexport type RealtimeListener = (event: RealtimeEvent) => void\n\nconst INITIAL_RECONNECT_DELAY = 1_000\nconst MAX_RECONNECT_DELAY = 30_000\nconst RECONNECT_BACKOFF_FACTOR = 2\nconst MAX_NO_TOKEN_RETRIES = 5\n\nexport class RealtimeConnection {\n  private abortController: AbortController | null = null\n  private reconnectAttempt = 0\n  private noTokenAttempts = 0\n  private reconnectTimer: ReturnType<typeof setTimeout> | null = null\n  private listeners = new Set<RealtimeListener>()\n  private _connected = false\n\n  constructor(\n    private baseUrl: string,\n    private publishableKey: string,\n    private getToken: () => string | null,\n    private collections?: string[],\n  ) {}\n\n  get connected(): boolean {\n    return this._connected\n  }\n\n  addListener(fn: RealtimeListener): () => void {\n    this.listeners.add(fn)\n    return () => this.listeners.delete(fn)\n  }\n\n  connect(): void {\n    if (this.abortController) return // Already connecting/connected\n\n    this.abortController = new AbortController()\n    this.startStream(this.abortController.signal)\n  }\n\n  disconnect(): void {\n    this._connected = false\n    if (this.reconnectTimer) {\n      clearTimeout(this.reconnectTimer)\n      this.reconnectTimer = null\n    }\n    if (this.abortController) {\n      this.abortController.abort()\n      this.abortController = null\n    }\n    this.reconnectAttempt = 0\n    this.noTokenAttempts = 0\n  }\n\n  private async startStream(signal: AbortSignal): Promise<void> {\n    const token = this.getToken()\n    if (!token) {\n      this.noTokenAttempts++\n      if (this.noTokenAttempts >= MAX_NO_TOKEN_RETRIES) {\n        // Stop reconnecting — no token available after multiple attempts\n        this._connected = false\n        this.abortController = null\n        return\n      }\n      this.scheduleReconnect()\n      return\n    }\n    this.noTokenAttempts = 0\n\n    const params = this.collections?.length\n      ? `?collections=${this.collections.join(',')}`\n      : ''\n    const url = `${this.baseUrl}/api/events/stream${params}`\n\n    try {\n      const response = await fetch(url, {\n        headers: {\n          'X-Publishable-Key': this.publishableKey,\n          Authorization: `Bearer ${token}`,\n        },\n        signal,\n      })\n\n      if (!response.ok) {\n        if (response.status === 401) {\n          // Token expired — try reconnecting (will get fresh token)\n          this.scheduleReconnect()\n          return\n        }\n        throw new Error(`SSE connection failed: ${response.status}`)\n      }\n\n      if (!response.body) {\n        throw new Error('SSE response has no body')\n      }\n\n      this._connected = true\n      this.reconnectAttempt = 0\n\n      await this.readStream(response.body, signal)\n    } catch {\n      if (signal.aborted) return // Intentional disconnect\n      this._connected = false\n      this.scheduleReconnect()\n    }\n  }\n\n  private async readStream(\n    body: ReadableStream<Uint8Array>,\n    signal: AbortSignal,\n  ): Promise<void> {\n    const reader = body.getReader()\n    const decoder = new TextDecoder()\n    let buffer = ''\n    let currentEvent = ''\n    let currentData = ''\n\n    try {\n      while (true) {\n        const { done, value } = await reader.read()\n        if (done || signal.aborted) break\n\n        buffer += decoder.decode(value, { stream: true })\n        const lines = buffer.split('\\n')\n        buffer = lines.pop() ?? '' // Keep incomplete last line in buffer\n\n        for (const line of lines) {\n          if (line.startsWith('event: ')) {\n            currentEvent = line.slice(7)\n          } else if (line.startsWith('data: ')) {\n            currentData += (currentData ? '\\n' : '') + line.slice(6)\n          } else if (line === '') {\n            // Empty line = end of event\n            if (currentEvent === 'collection:change' && currentData) {\n              try {\n                const event: RealtimeEvent = JSON.parse(currentData)\n                for (const listener of this.listeners) {\n                  try {\n                    listener(event)\n                  } catch {\n                    // Listener error — ignore\n                  }\n                }\n              } catch {\n                // Malformed JSON — ignore\n              }\n            }\n            currentEvent = ''\n            currentData = ''\n          }\n          // Ignore comment lines (: heartbeat)\n        }\n      }\n    } catch {\n      // Stream read error\n    } finally {\n      reader.releaseLock()\n      this._connected = false\n      if (!signal.aborted) {\n        this.scheduleReconnect()\n      }\n    }\n  }\n\n  private scheduleReconnect(): void {\n    if (this.reconnectTimer) return\n\n    const delay = Math.min(\n      INITIAL_RECONNECT_DELAY *\n        Math.pow(RECONNECT_BACKOFF_FACTOR, this.reconnectAttempt),\n      MAX_RECONNECT_DELAY,\n    )\n    this.reconnectAttempt++\n\n    this.reconnectTimer = setTimeout(() => {\n      this.reconnectTimer = null\n      this.abortController = new AbortController()\n      this.startStream(this.abortController.signal)\n    }, delay)\n  }\n}\n","import type { Sort, Where } from 'payload'\n\nimport type { Collection, PublicCollection } from '../collection/const'\n\nexport type { Collection, PublicCollection }\n\n// ============================================================================\n// API URL Configuration\n// ============================================================================\n\ndeclare const __DEFAULT_API_URL__: string\n\nexport function resolveApiUrl(): string {\n  if (typeof process !== 'undefined' && process.env) {\n    const envUrl =\n      process.env.SOFTWARE_API_URL || process.env.NEXT_PUBLIC_SOFTWARE_API_URL\n    if (envUrl) {\n      return envUrl.replace(/\\/$/, '')\n    }\n  }\n  return __DEFAULT_API_URL__\n}\n\n// ============================================================================\n// Client Configuration\n// ============================================================================\n\nexport interface ClientConfig {\n  publishableKey: string\n  /**\n   * Customer authentication options.\n   * Used to initialize CustomerAuth on Client.\n   */\n  customer?: {\n    /**\n     * Persist token in localStorage. Defaults to `true`.\n     * - `true` (default): uses key `'customer-token'`\n     * - `string`: uses the given string as localStorage key\n     * - `false`: disables persistence (token/onTokenChange used instead)\n     *\n     * Handles SSR safely (no-op on server).\n     * When enabled, `token` and `onTokenChange` are ignored.\n     */\n    persist?: boolean | string\n    /** Initial token (e.g. from SSR cookie) */\n    token?: string\n    /** Called when token changes (login/logout) — use to persist in localStorage/cookie */\n    onTokenChange?: (token: string | null) => void\n  }\n}\n\n// Server client: requires both publishableKey (for CDN routing + rate limit +\n// monthly quota enforcement via the edge proxy) and secretKey (sk01_ opaque\n// bearer token, the authentication credential).\n// The proxy keys its tenant lookup off `X-Publishable-Key`, so omitting\n// publishableKey would silently bypass rate limiting and plan-based quota\n// enforcement.\nexport interface ClientServerConfig extends ClientConfig {\n  secretKey: string\n}\n\n\nexport interface ClientMetadata {\n  userAgent?: string\n  timestamp: number\n}\n\nexport interface ClientState {\n  metadata: ClientMetadata\n}\n\nexport interface PaginationMeta {\n  page: number\n  limit: number\n  totalDocs: number\n  totalPages: number\n  hasNextPage: boolean\n  hasPrevPage: boolean\n  pagingCounter: number\n  prevPage: number | null\n  nextPage: number | null\n}\n\n// ============================================================================\n// Payload CMS Native Response Types\n// ============================================================================\n\n/**\n * Payload CMS Find (List) Response\n * GET /api/{collection}\n */\nexport interface PayloadFindResponse<T = unknown> {\n  docs: T[]\n  totalDocs: number\n  limit: number\n  totalPages: number\n  page: number\n  pagingCounter: number\n  hasPrevPage: boolean\n  hasNextPage: boolean\n  prevPage: number | null\n  nextPage: number | null\n}\n\n/**\n * Payload CMS Create/Update Response\n * POST /api/{collection}\n * PATCH /api/{collection}/{id}\n */\nexport interface PayloadMutationResponse<T = unknown> {\n  message: string\n  doc: T\n  errors?: unknown[]\n}\n\n// ============================================================================\n// Query Options\n// ============================================================================\n\n/**\n * Do NOT replace with `Pick<FindOptions>` from `payload`. Payload's generic\n * types (`JoinQuery<TSlug>`, `PopulateType`) depend on `PayloadTypes` module\n * augmentation; external SDK consumers who skip that get degenerate types\n * (`never` / `{}`). Only non-generic `Sort`/`Where` are safe to import.\n * Excluded vs native: Local-API-only fields, `locale`/`fallbackLocale`.\n */\nexport interface ApiQueryOptions {\n  page?: number\n  limit?: number\n  sort?: Sort\n  where?: Where\n  depth?: number\n  select?: Record<string, boolean>\n  /** Per-collection field selection for populated relationships (keyed by collection slug) */\n  populate?: Record<string, boolean | Record<string, boolean>>\n  /** Join field control: pagination/filter per join, or false to disable */\n  joins?:\n    | Record<\n        string,\n        | {\n            limit?: number\n            page?: number\n            sort?: string\n            where?: Where\n            count?: boolean\n          }\n        | false\n      >\n    | false\n  /** Set to `false` to skip the count query — returns docs without totalDocs/totalPages */\n  pagination?: boolean\n  /** Include draft versions (access control still applies on the server) */\n  draft?: boolean\n  /** Include soft-deleted documents (requires `trash` enabled on the collection) */\n  trash?: boolean\n}\n\n// ============================================================================\n// Debug & Retry Configuration\n// ============================================================================\n\nexport interface DebugConfig {\n  logRequests?: boolean\n  logResponses?: boolean\n  logErrors?: boolean\n}\n\nexport interface RetryConfig {\n  maxRetries?: number\n  retryableStatuses?: number[]\n  retryDelay?: (attempt: number) => number\n}\n\n\n// ============================================================================\n// Type Utilities\n// ============================================================================\n\nexport type DeepPartial<T> = {\n  [P in keyof T]?: T[P] extends object ? DeepPartial<T[P]> : T[P]\n}\n\nexport type ExtractArrayType<T> = T extends (infer U)[] ? U : never\n","import type { PublicCollection, ApiQueryOptions } from '../client/types'\nimport type { ProductListingGroupsQueryOptions } from './query-hooks'\n\nexport function collectionKeys<T extends PublicCollection>(collection: T) {\n  return {\n    all: [collection] as const,\n    lists: () => [collection, 'list'] as const,\n    list: (options?: ApiQueryOptions) => [collection, 'list', options] as const,\n    details: () => [collection, 'detail'] as const,\n    detail: (id: string, options?: ApiQueryOptions) =>\n      [collection, 'detail', id, options] as const,\n    infinites: () => [collection, 'infinite'] as const,\n    infinite: (options?: Omit<ApiQueryOptions, 'page'>) =>\n      [collection, 'infinite', options] as const,\n  }\n}\n\nexport const customerKeys = {\n  all: ['customer'] as const,\n  me: () => ['customer', 'me'] as const,\n}\n\nexport const productKeys = {\n  listingGroups: (options?: ProductListingGroupsQueryOptions) =>\n    ['products', 'listing-groups', 'list', options] as const,\n  listingGroupsInfinite: (\n    options?: Omit<ProductListingGroupsQueryOptions, 'page' | 'limit'>,\n  ) =>\n    ['products', 'listing-groups', 'infinite', options] as const,\n}\n"],"mappings":";AAAA,SAAS,WAAW,QAAQ,gBAAgB;AAC5C,SAAS,sBAAsB;;;ACa/B,IAAM,0BAA0B;AAChC,IAAM,sBAAsB;AAC5B,IAAM,2BAA2B;AACjC,IAAM,uBAAuB;AAEtB,IAAM,qBAAN,MAAyB;AAAA,EAQ9B,YACU,SACA,gBACA,UACA,aACR;AAJQ;AACA;AACA;AACA;AAXV,SAAQ,kBAA0C;AAClD,SAAQ,mBAAmB;AAC3B,SAAQ,kBAAkB;AAC1B,SAAQ,iBAAuD;AAC/D,SAAQ,YAAY,oBAAI,IAAsB;AAC9C,SAAQ,aAAa;AAAA,EAOlB;AAAA,EAEH,IAAI,YAAqB;AACvB,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,YAAY,IAAkC;AAC5C,SAAK,UAAU,IAAI,EAAE;AACrB,WAAO,MAAM,KAAK,UAAU,OAAO,EAAE;AAAA,EACvC;AAAA,EAEA,UAAgB;AACd,QAAI,KAAK,gBAAiB;AAE1B,SAAK,kBAAkB,IAAI,gBAAgB;AAC3C,SAAK,YAAY,KAAK,gBAAgB,MAAM;AAAA,EAC9C;AAAA,EAEA,aAAmB;AACjB,SAAK,aAAa;AAClB,QAAI,KAAK,gBAAgB;AACvB,mBAAa,KAAK,cAAc;AAChC,WAAK,iBAAiB;AAAA,IACxB;AACA,QAAI,KAAK,iBAAiB;AACxB,WAAK,gBAAgB,MAAM;AAC3B,WAAK,kBAAkB;AAAA,IACzB;AACA,SAAK,mBAAmB;AACxB,SAAK,kBAAkB;AAAA,EACzB;AAAA,EAEA,MAAc,YAAY,QAAoC;AAC5D,UAAM,QAAQ,KAAK,SAAS;AAC5B,QAAI,CAAC,OAAO;AACV,WAAK;AACL,UAAI,KAAK,mBAAmB,sBAAsB;AAEhD,aAAK,aAAa;AAClB,aAAK,kBAAkB;AACvB;AAAA,MACF;AACA,WAAK,kBAAkB;AACvB;AAAA,IACF;AACA,SAAK,kBAAkB;AAEvB,UAAM,SAAS,KAAK,aAAa,SAC7B,gBAAgB,KAAK,YAAY,KAAK,GAAG,CAAC,KAC1C;AACJ,UAAM,MAAM,GAAG,KAAK,OAAO,qBAAqB,MAAM;AAEtD,QAAI;AACF,YAAM,WAAW,MAAM,MAAM,KAAK;AAAA,QAChC,SAAS;AAAA,UACP,qBAAqB,KAAK;AAAA,UAC1B,eAAe,UAAU,KAAK;AAAA,QAChC;AAAA,QACA;AAAA,MACF,CAAC;AAED,UAAI,CAAC,SAAS,IAAI;AAChB,YAAI,SAAS,WAAW,KAAK;AAE3B,eAAK,kBAAkB;AACvB;AAAA,QACF;AACA,cAAM,IAAI,MAAM,0BAA0B,SAAS,MAAM,EAAE;AAAA,MAC7D;AAEA,UAAI,CAAC,SAAS,MAAM;AAClB,cAAM,IAAI,MAAM,0BAA0B;AAAA,MAC5C;AAEA,WAAK,aAAa;AAClB,WAAK,mBAAmB;AAExB,YAAM,KAAK,WAAW,SAAS,MAAM,MAAM;AAAA,IAC7C,QAAQ;AACN,UAAI,OAAO,QAAS;AACpB,WAAK,aAAa;AAClB,WAAK,kBAAkB;AAAA,IACzB;AAAA,EACF;AAAA,EAEA,MAAc,WACZ,MACA,QACe;AACf,UAAM,SAAS,KAAK,UAAU;AAC9B,UAAM,UAAU,IAAI,YAAY;AAChC,QAAI,SAAS;AACb,QAAI,eAAe;AACnB,QAAI,cAAc;AAElB,QAAI;AACF,aAAO,MAAM;AACX,cAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAAO,KAAK;AAC1C,YAAI,QAAQ,OAAO,QAAS;AAE5B,kBAAU,QAAQ,OAAO,OAAO,EAAE,QAAQ,KAAK,CAAC;AAChD,cAAM,QAAQ,OAAO,MAAM,IAAI;AAC/B,iBAAS,MAAM,IAAI,KAAK;AAExB,mBAAW,QAAQ,OAAO;AACxB,cAAI,KAAK,WAAW,SAAS,GAAG;AAC9B,2BAAe,KAAK,MAAM,CAAC;AAAA,UAC7B,WAAW,KAAK,WAAW,QAAQ,GAAG;AACpC,4BAAgB,cAAc,OAAO,MAAM,KAAK,MAAM,CAAC;AAAA,UACzD,WAAW,SAAS,IAAI;AAEtB,gBAAI,iBAAiB,uBAAuB,aAAa;AACvD,kBAAI;AACF,sBAAM,QAAuB,KAAK,MAAM,WAAW;AACnD,2BAAW,YAAY,KAAK,WAAW;AACrC,sBAAI;AACF,6BAAS,KAAK;AAAA,kBAChB,QAAQ;AAAA,kBAER;AAAA,gBACF;AAAA,cACF,QAAQ;AAAA,cAER;AAAA,YACF;AACA,2BAAe;AACf,0BAAc;AAAA,UAChB;AAAA,QAEF;AAAA,MACF;AAAA,IACF,QAAQ;AAAA,IAER,UAAE;AACA,aAAO,YAAY;AACnB,WAAK,aAAa;AAClB,UAAI,CAAC,OAAO,SAAS;AACnB,aAAK,kBAAkB;AAAA,MACzB;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,oBAA0B;AAChC,QAAI,KAAK,eAAgB;AAEzB,UAAM,QAAQ,KAAK;AAAA,MACjB,0BACE,KAAK,IAAI,0BAA0B,KAAK,gBAAgB;AAAA,MAC1D;AAAA,IACF;AACA,SAAK;AAEL,SAAK,iBAAiB,WAAW,MAAM;AACrC,WAAK,iBAAiB;AACtB,WAAK,kBAAkB,IAAI,gBAAgB;AAC3C,WAAK,YAAY,KAAK,gBAAgB,MAAM;AAAA,IAC9C,GAAG,KAAK;AAAA,EACV;AACF;;;AClLO,SAAS,gBAAwB;AACtC,MAAI,OAAO,YAAY,eAAe,QAAQ,KAAK;AACjD,UAAM,SACJ,QAAQ,IAAI,oBAAoB,QAAQ,IAAI;AAC9C,QAAI,QAAQ;AACV,aAAO,OAAO,QAAQ,OAAO,EAAE;AAAA,IACjC;AAAA,EACF;AACA,SAAO;AACT;;;AClBO,SAAS,eAA2C,YAAe;AACxE,SAAO;AAAA,IACL,KAAK,CAAC,UAAU;AAAA,IAChB,OAAO,MAAM,CAAC,YAAY,MAAM;AAAA,IAChC,MAAM,CAAC,YAA8B,CAAC,YAAY,QAAQ,OAAO;AAAA,IACjE,SAAS,MAAM,CAAC,YAAY,QAAQ;AAAA,IACpC,QAAQ,CAAC,IAAY,YACnB,CAAC,YAAY,UAAU,IAAI,OAAO;AAAA,IACpC,WAAW,MAAM,CAAC,YAAY,UAAU;AAAA,IACxC,UAAU,CAAC,YACT,CAAC,YAAY,YAAY,OAAO;AAAA,EACpC;AACF;;;AHoBO,SAAS,iBAAiB,SAKN;AACzB,QAAM,EAAE,UAAU,aAAa,UAAU,KAAK,IAAI;AAClD,QAAM,iBAAiB,QAAQ;AAC/B,QAAM,cAAc,eAAe;AACnC,QAAM,CAAC,WAAW,YAAY,IAAI,SAAS,KAAK;AAChD,QAAM,CAAC,WAAW,YAAY,IAAI,SAA+B,IAAI;AACrE,QAAM,gBAAgB,OAAkC,IAAI;AAE5D,YAAU,MAAM;AACd,QAAI,CAAC,WAAW,CAAC,eAAgB;AAEjC,UAAM,UAAU,cAAc;AAC9B,UAAM,OAAO,IAAI;AAAA,MACf;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AACA,kBAAc,UAAU;AAGxB,UAAM,iBAAiB,KAAK,YAAY,CAAC,UAAU;AACjD,mBAAa,KAAK;AAGlB,YAAM,OAAO,eAAe,MAAM,UAA8B;AAChE,kBAAY,kBAAkB,EAAE,UAAU,KAAK,IAAI,CAAC;AAAA,IACtD,CAAC;AAGD,UAAM,eAAe,YAAY,MAAM;AACrC,mBAAa,KAAK,SAAS;AAAA,IAC7B,GAAG,GAAI;AAEP,SAAK,QAAQ;AAEb,WAAO,MAAM;AACX,WAAK,WAAW;AAChB,qBAAe;AACf,oBAAc,YAAY;AAC1B,oBAAc,UAAU;AACxB,mBAAa,KAAK;AAAA,IACpB;AAAA,EAEF,GAAG,CAAC,gBAAgB,SAAS,aAAa,KAAK,GAAG,CAAC,CAAC;AAEpD,SAAO,EAAE,WAAW,UAAU;AAChC;","names":[]}

package/dist/ui/form.d.cts

@@ -1,5 +1,5 @@
 import React from 'react';
-import { F as Form } from '../payload-types-CMoyAOjJ.cjs';
+import { F as Form } from '../payload-types-DfQct8Dj.cjs';
 import { RichTextData } from './rich-text.cjs';
 import '@payloadcms/richtext-lexical';
 import '@payloadcms/richtext-lexical/lexical';

package/dist/ui/form.d.ts

@@ -1,5 +1,5 @@
 import React from 'react';
-import { F as Form } from '../payload-types-CMoyAOjJ.js';
+import { F as Form } from '../payload-types-DfQct8Dj.js';
 import { RichTextData } from './rich-text.js';
 import '@payloadcms/richtext-lexical';
 import '@payloadcms/richtext-lexical/lexical';

package/dist/ui/video.d.cts

@@ -1,7 +1,7 @@
 import React, { CSSProperties } from 'react';
 import { MuxPlayerProps, MuxPlayerRefAttributes } from '@mux/mux-player-react';
 export { MuxPlayerRefAttributes as VideoPlayerRef } from '@mux/mux-player-react';
-import { V as Video } from '../payload-types-CMoyAOjJ.cjs';
+import { V as Video } from '../payload-types-DfQct8Dj.cjs';
 export { e as VideoGifOptions, V as VideoThumbnailOptions, a as getVideoGif, c as getVideoMp4Url, d as getVideoStoryboard, b as getVideoStreamUrl, g as getVideoThumbnail } from '../video-DbLL8yuc.cjs';
 
 interface VideoPlayerCSSProperties extends CSSProperties {

package/dist/ui/video.d.ts

@@ -1,7 +1,7 @@
 import React, { CSSProperties } from 'react';
 import { MuxPlayerProps, MuxPlayerRefAttributes } from '@mux/mux-player-react';
 export { MuxPlayerRefAttributes as VideoPlayerRef } from '@mux/mux-player-react';
-import { V as Video } from '../payload-types-CMoyAOjJ.js';
+import { V as Video } from '../payload-types-DfQct8Dj.js';
 export { e as VideoGifOptions, V as VideoThumbnailOptions, a as getVideoGif, c as getVideoMp4Url, d as getVideoStoryboard, b as getVideoStreamUrl, g as getVideoThumbnail } from '../video-DbLL8yuc.js';
 
 interface VideoPlayerCSSProperties extends CSSProperties {

package/dist/webhook-CJq7v5Da.d.cts

@@ -0,0 +1,61 @@
+import { C as Collection } from './const-CkhnGqnb.cjs';
+import { l as CustomerProfile, h as Post, m as Comment, n as Reaction, C as Config } from './payload-types-DfQct8Dj.cjs';
+
+type PublicCustomerProfile = Omit<CustomerProfile, 'tenant' | 'customer' | 'isPublic' | 'anonymizedAt' | 'metadata'>;
+type PublicProfileRelation = string | PublicCustomerProfile;
+type PublicPost = Omit<Post, 'authorProfile' | 'lastCommentByProfile'> & {
+    authorProfile: PublicProfileRelation;
+    lastCommentByProfile?: PublicProfileRelation | null;
+};
+type PublicComment = Omit<Comment, 'authorProfile'> & {
+    authorProfile: PublicProfileRelation;
+};
+type PublicReaction = Omit<Reaction, 'actorProfile'> & {
+    actorProfile: PublicProfileRelation;
+};
+type PublicCollectionOverrides = {
+    'customer-profiles': PublicCustomerProfile;
+    posts: PublicPost;
+    comments: PublicComment;
+    reactions: PublicReaction;
+};
+type CollectionType<T extends string> = T extends keyof PublicCollectionOverrides ? PublicCollectionOverrides[T] : T extends keyof Config['collections'] ? Config['collections'][T] : never;
+
+type WebhookOperation = string;
+interface WebhookEvent<T extends Collection | string = Collection, TData = T extends Collection ? CollectionType<T> : Record<string, unknown>> {
+    collection: T;
+    operation: WebhookOperation;
+    data: TData;
+    timestamp?: string;
+    deliveryId?: string;
+}
+type WebhookHandler<T extends Collection | string = Collection, TData = T extends Collection ? CollectionType<T> : Record<string, unknown>> = (event: WebhookEvent<T, TData>) => Promise<void> | void;
+interface WebhookOptions {
+    secret?: string;
+    /** Max accepted skew for signed webhook delivery timestamps. Default: 300s. */
+    toleranceSeconds?: number;
+}
+declare function isValidWebhookEvent(data: unknown): data is WebhookEvent;
+declare const CUSTOMER_PASSWORD_RESET_OPERATION: "password-reset";
+interface CustomerPasswordResetWebhookData {
+    customerId: string | number;
+    email: string;
+    name: string;
+    resetPasswordToken: string;
+    resetPasswordExpiresAt: string;
+}
+type CustomerPasswordResetWebhookEvent = WebhookEvent<'customers', CustomerPasswordResetWebhookData> & {
+    operation: typeof CUSTOMER_PASSWORD_RESET_OPERATION;
+};
+type CustomerAuthWebhookEvent = CustomerPasswordResetWebhookEvent;
+type MaybePromise<T> = T | Promise<T>;
+interface CustomerAuthWebhookHandlers {
+    passwordReset?: (data: CustomerPasswordResetWebhookData, event: CustomerPasswordResetWebhookEvent) => MaybePromise<void>;
+    unhandled?: (event: WebhookEvent<string, unknown>) => MaybePromise<void>;
+}
+declare function isCustomerPasswordResetWebhookEvent(event: WebhookEvent<string, unknown>): event is CustomerPasswordResetWebhookEvent;
+declare function createCustomerAuthWebhookHandler(handlers: CustomerAuthWebhookHandlers): WebhookHandler<string, unknown>;
+declare function handleWebhook<T extends Collection | string = Collection, TData = T extends Collection ? CollectionType<T> : Record<string, unknown>>(request: Request, handler: WebhookHandler<T, TData>, options?: WebhookOptions): Promise<Response>;
+declare function createTypedWebhookHandler<T extends Collection>(collection: T, handler: (event: WebhookEvent<T>) => Promise<void> | void): WebhookHandler<T>;
+
+export { type CollectionType as C, type WebhookOperation as W, type WebhookEvent as a, type WebhookHandler as b, type WebhookOptions as c, CUSTOMER_PASSWORD_RESET_OPERATION as d, type CustomerPasswordResetWebhookData as e, type CustomerPasswordResetWebhookEvent as f, type CustomerAuthWebhookEvent as g, type CustomerAuthWebhookHandlers as h, isValidWebhookEvent as i, isCustomerPasswordResetWebhookEvent as j, createCustomerAuthWebhookHandler as k, handleWebhook as l, createTypedWebhookHandler as m };

package/dist/webhook-CKqXQInG.d.ts

@@ -0,0 +1,61 @@
+import { C as Collection } from './const-B9oeZoDy.js';
+import { l as CustomerProfile, h as Post, m as Comment, n as Reaction, C as Config } from './payload-types-DfQct8Dj.js';
+
+type PublicCustomerProfile = Omit<CustomerProfile, 'tenant' | 'customer' | 'isPublic' | 'anonymizedAt' | 'metadata'>;
+type PublicProfileRelation = string | PublicCustomerProfile;
+type PublicPost = Omit<Post, 'authorProfile' | 'lastCommentByProfile'> & {
+    authorProfile: PublicProfileRelation;
+    lastCommentByProfile?: PublicProfileRelation | null;
+};
+type PublicComment = Omit<Comment, 'authorProfile'> & {
+    authorProfile: PublicProfileRelation;
+};
+type PublicReaction = Omit<Reaction, 'actorProfile'> & {
+    actorProfile: PublicProfileRelation;
+};
+type PublicCollectionOverrides = {
+    'customer-profiles': PublicCustomerProfile;
+    posts: PublicPost;
+    comments: PublicComment;
+    reactions: PublicReaction;
+};
+type CollectionType<T extends string> = T extends keyof PublicCollectionOverrides ? PublicCollectionOverrides[T] : T extends keyof Config['collections'] ? Config['collections'][T] : never;
+
+type WebhookOperation = string;
+interface WebhookEvent<T extends Collection | string = Collection, TData = T extends Collection ? CollectionType<T> : Record<string, unknown>> {
+    collection: T;
+    operation: WebhookOperation;
+    data: TData;
+    timestamp?: string;
+    deliveryId?: string;
+}
+type WebhookHandler<T extends Collection | string = Collection, TData = T extends Collection ? CollectionType<T> : Record<string, unknown>> = (event: WebhookEvent<T, TData>) => Promise<void> | void;
+interface WebhookOptions {
+    secret?: string;
+    /** Max accepted skew for signed webhook delivery timestamps. Default: 300s. */
+    toleranceSeconds?: number;
+}
+declare function isValidWebhookEvent(data: unknown): data is WebhookEvent;
+declare const CUSTOMER_PASSWORD_RESET_OPERATION: "password-reset";
+interface CustomerPasswordResetWebhookData {
+    customerId: string | number;
+    email: string;
+    name: string;
+    resetPasswordToken: string;
+    resetPasswordExpiresAt: string;
+}
+type CustomerPasswordResetWebhookEvent = WebhookEvent<'customers', CustomerPasswordResetWebhookData> & {
+    operation: typeof CUSTOMER_PASSWORD_RESET_OPERATION;
+};
+type CustomerAuthWebhookEvent = CustomerPasswordResetWebhookEvent;
+type MaybePromise<T> = T | Promise<T>;
+interface CustomerAuthWebhookHandlers {
+    passwordReset?: (data: CustomerPasswordResetWebhookData, event: CustomerPasswordResetWebhookEvent) => MaybePromise<void>;
+    unhandled?: (event: WebhookEvent<string, unknown>) => MaybePromise<void>;
+}
+declare function isCustomerPasswordResetWebhookEvent(event: WebhookEvent<string, unknown>): event is CustomerPasswordResetWebhookEvent;
+declare function createCustomerAuthWebhookHandler(handlers: CustomerAuthWebhookHandlers): WebhookHandler<string, unknown>;
+declare function handleWebhook<T extends Collection | string = Collection, TData = T extends Collection ? CollectionType<T> : Record<string, unknown>>(request: Request, handler: WebhookHandler<T, TData>, options?: WebhookOptions): Promise<Response>;
+declare function createTypedWebhookHandler<T extends Collection>(collection: T, handler: (event: WebhookEvent<T>) => Promise<void> | void): WebhookHandler<T>;
+
+export { type CollectionType as C, type WebhookOperation as W, type WebhookEvent as a, type WebhookHandler as b, type WebhookOptions as c, CUSTOMER_PASSWORD_RESET_OPERATION as d, type CustomerPasswordResetWebhookData as e, type CustomerPasswordResetWebhookEvent as f, type CustomerAuthWebhookEvent as g, type CustomerAuthWebhookHandlers as h, isValidWebhookEvent as i, isCustomerPasswordResetWebhookEvent as j, createCustomerAuthWebhookHandler as k, handleWebhook as l, createTypedWebhookHandler as m };

package/dist/webhook.cjs

@@ -20,8 +20,11 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/webhook.ts
 var webhook_exports = {};
 __export(webhook_exports, {
+  CUSTOMER_PASSWORD_RESET_OPERATION: () => CUSTOMER_PASSWORD_RESET_OPERATION,
+  createCustomerAuthWebhookHandler: () => createCustomerAuthWebhookHandler,
   createTypedWebhookHandler: () => createTypedWebhookHandler,
   handleWebhook: () => handleWebhook,
+  isCustomerPasswordResetWebhookEvent: () => isCustomerPasswordResetWebhookEvent,
   isValidWebhookEvent: () => isValidWebhookEvent
 });
 module.exports = __toCommonJS(webhook_exports);
@@ -30,9 +33,34 @@ module.exports = __toCommonJS(webhook_exports);
 function isValidWebhookEvent(data) {
   if (typeof data !== "object" || data === null) return false;
   const obj = data;
-  return typeof obj.collection === "string" && (obj.operation === "create" || obj.operation === "update") && typeof obj.data === "object" && obj.data !== null;
+  return typeof obj.collection === "string" && typeof obj.operation === "string" && obj.operation.length > 0 && typeof obj.data === "object" && obj.data !== null;
 }
-async function verifySignature(payload, secret, signature) {
+var CUSTOMER_PASSWORD_RESET_OPERATION = "password-reset";
+function isRecord(value) {
+  return typeof value === "object" && value !== null;
+}
+function hasString(value, key) {
+  return typeof value[key] === "string";
+}
+function hasStringOrNumber(value, key) {
+  return typeof value[key] === "string" || typeof value[key] === "number";
+}
+function isCustomerPasswordResetWebhookEvent(event) {
+  if (event.collection !== "customers" || event.operation !== CUSTOMER_PASSWORD_RESET_OPERATION || !isRecord(event.data)) {
+    return false;
+  }
+  return hasStringOrNumber(event.data, "customerId") && hasString(event.data, "email") && hasString(event.data, "name") && hasString(event.data, "resetPasswordToken") && hasString(event.data, "resetPasswordExpiresAt");
+}
+function createCustomerAuthWebhookHandler(handlers) {
+  return async (event) => {
+    if (isCustomerPasswordResetWebhookEvent(event) && handlers.passwordReset) {
+      await handlers.passwordReset(event.data, event);
+      return;
+    }
+    await handlers.unhandled?.(event);
+  };
+}
+async function verifySignature(payload, secret, signature, timestamp, deliveryId) {
   const encoder = new TextEncoder();
   const key = await crypto.subtle.importKey(
     "raw",
@@ -47,14 +75,35 @@ async function verifySignature(payload, secret, signature) {
   const sigBytes = new Uint8Array(
     (signature.match(/.{2}/g) ?? []).map((byte) => parseInt(byte, 16))
   );
-  return crypto.subtle.verify("HMAC", key, sigBytes, encoder.encode(payload));
+  return crypto.subtle.verify(
+    "HMAC",
+    key,
+    sigBytes,
+    encoder.encode(`${timestamp}.${deliveryId}.${payload}`)
+  );
+}
+function timestampIsFresh(timestamp, toleranceSeconds) {
+  if (!/^\d+$/.test(timestamp)) return false;
+  const timestampMs = Number(timestamp);
+  if (!Number.isFinite(timestampMs)) return false;
+  const skewMs = Math.abs(Date.now() - timestampMs);
+  return skewMs <= toleranceSeconds * 1e3;
 }
 async function handleWebhook(request, handler, options) {
   try {
     const rawBody = await request.text();
     if (options?.secret) {
       const signature = request.headers.get("x-webhook-signature") || "";
-      const valid = await verifySignature(rawBody, options.secret, signature);
+      const timestamp = request.headers.get("x-webhook-timestamp") || "";
+      const deliveryId = request.headers.get("x-webhook-delivery-id") || "";
+      const toleranceSeconds = options.toleranceSeconds ?? 300;
+      const valid = Boolean(timestamp && deliveryId) && timestampIsFresh(timestamp, toleranceSeconds) && await verifySignature(
+        rawBody,
+        options.secret,
+        signature,
+        timestamp,
+        deliveryId
+      );
       if (!valid) {
         return new Response(
           JSON.stringify({ error: "Invalid webhook signature" }),

package/dist/webhook.cjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/webhook.ts","../src/core/webhook/index.ts"],"sourcesContent":["export {\n  handleWebhook,\n  createTypedWebhookHandler,\n  isValidWebhookEvent,\n} from './core/webhook'\nexport type {\n  WebhookEvent,\n  WebhookHandler,\n  WebhookOperation,\n  WebhookOptions,\n} from './core/webhook'\n","import type { Collection } from '../client/types'\nimport type { CollectionType } from '../collection/types'\n\nexport type WebhookOperation = 'create' | 'update'\n\nexport interface WebhookEvent<T extends Collection = Collection> {\n  collection: T\n  operation: WebhookOperation\n  data: CollectionType<T>\n}\n\nexport type WebhookHandler<T extends Collection = Collection> = (\n  event: WebhookEvent<T>,\n) => Promise<void> | void\n\nexport interface WebhookOptions {\n  secret?: string\n}\n\nexport function isValidWebhookEvent(data: unknown): data is WebhookEvent {\n  if (typeof data !== 'object' || data === null) return false\n  const obj = data as Record<string, unknown>\n  return (\n    typeof obj.collection === 'string' &&\n    (obj.operation === 'create' || obj.operation === 'update') &&\n    typeof obj.data === 'object' &&\n    obj.data !== null\n  )\n}\n\nasync function verifySignature(\n  payload: string,\n  secret: string,\n  signature: string,\n): Promise<boolean> {\n  const encoder = new TextEncoder()\n  const key = await crypto.subtle.importKey(\n    'raw',\n    encoder.encode(secret),\n    { name: 'HMAC', hash: 'SHA-256' },\n    false,\n    ['verify'],\n  )\n  // Validate and convert hex signature to Uint8Array\n  if (signature.length % 2 !== 0 || !/^[0-9a-fA-F]*$/.test(signature)) {\n    return false\n  }\n  const sigBytes = new Uint8Array(\n    (signature.match(/.{2}/g) ?? []).map((byte) => parseInt(byte, 16)),\n  )\n  // crypto.subtle.verify performs constant-time comparison internally\n  return crypto.subtle.verify('HMAC', key, sigBytes, encoder.encode(payload))\n}\n\nexport async function handleWebhook<T extends Collection = Collection>(\n  request: Request,\n  handler: WebhookHandler<T>,\n  options?: WebhookOptions,\n): Promise<Response> {\n  try {\n    const rawBody = await request.text()\n\n    if (options?.secret) {\n      const signature = request.headers.get('x-webhook-signature') || ''\n      const valid = await verifySignature(rawBody, options.secret, signature)\n      if (!valid) {\n        return new Response(\n          JSON.stringify({ error: 'Invalid webhook signature' }),\n          { status: 401, headers: { 'Content-Type': 'application/json' } },\n        )\n      }\n    } else {\n      console.warn(\n        '[@01.software/sdk] Webhook signature verification is disabled. ' +\n          'Set { secret } in handleWebhook() options to enable HMAC-SHA256 verification.',\n      )\n    }\n\n    const body = JSON.parse(rawBody)\n\n    if (!isValidWebhookEvent(body)) {\n      return new Response(\n        JSON.stringify({ error: 'Invalid webhook event format' }),\n        { status: 400, headers: { 'Content-Type': 'application/json' } },\n      )\n    }\n\n    await handler(body as WebhookEvent<T>)\n\n    return new Response(\n      JSON.stringify({ success: true, message: 'Webhook processed' }),\n      { status: 200, headers: { 'Content-Type': 'application/json' } },\n    )\n  } catch (error) {\n    console.error('Webhook processing error:', error)\n\n    return new Response(JSON.stringify({ error: 'Internal server error' }), {\n      status: 500,\n      headers: { 'Content-Type': 'application/json' },\n    })\n  }\n}\n\nexport function createTypedWebhookHandler<T extends Collection>(\n  collection: T,\n  handler: (event: WebhookEvent<T>) => Promise<void> | void,\n): WebhookHandler<T> {\n  return async (event: WebhookEvent<T>) => {\n    if (event.collection !== collection) {\n      throw new Error(\n        `Expected collection \"${collection}\", got \"${event.collection}\"`,\n      )\n    }\n    return handler(event)\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACmBO,SAAS,oBAAoB,MAAqC;AACvE,MAAI,OAAO,SAAS,YAAY,SAAS,KAAM,QAAO;AACtD,QAAM,MAAM;AACZ,SACE,OAAO,IAAI,eAAe,aACzB,IAAI,cAAc,YAAY,IAAI,cAAc,aACjD,OAAO,IAAI,SAAS,YACpB,IAAI,SAAS;AAEjB;AAEA,eAAe,gBACb,SACA,QACA,WACkB;AAClB,QAAM,UAAU,IAAI,YAAY;AAChC,QAAM,MAAM,MAAM,OAAO,OAAO;AAAA,IAC9B;AAAA,IACA,QAAQ,OAAO,MAAM;AAAA,IACrB,EAAE,MAAM,QAAQ,MAAM,UAAU;AAAA,IAChC;AAAA,IACA,CAAC,QAAQ;AAAA,EACX;AAEA,MAAI,UAAU,SAAS,MAAM,KAAK,CAAC,iBAAiB,KAAK,SAAS,GAAG;AACnE,WAAO;AAAA,EACT;AACA,QAAM,WAAW,IAAI;AAAA,KAClB,UAAU,MAAM,OAAO,KAAK,CAAC,GAAG,IAAI,CAAC,SAAS,SAAS,MAAM,EAAE,CAAC;AAAA,EACnE;AAEA,SAAO,OAAO,OAAO,OAAO,QAAQ,KAAK,UAAU,QAAQ,OAAO,OAAO,CAAC;AAC5E;AAEA,eAAsB,cACpB,SACA,SACA,SACmB;AACnB,MAAI;AACF,UAAM,UAAU,MAAM,QAAQ,KAAK;AAEnC,QAAI,SAAS,QAAQ;AACnB,YAAM,YAAY,QAAQ,QAAQ,IAAI,qBAAqB,KAAK;AAChE,YAAM,QAAQ,MAAM,gBAAgB,SAAS,QAAQ,QAAQ,SAAS;AACtE,UAAI,CAAC,OAAO;AACV,eAAO,IAAI;AAAA,UACT,KAAK,UAAU,EAAE,OAAO,4BAA4B,CAAC;AAAA,UACrD,EAAE,QAAQ,KAAK,SAAS,EAAE,gBAAgB,mBAAmB,EAAE;AAAA,QACjE;AAAA,MACF;AAAA,IACF,OAAO;AACL,cAAQ;AAAA,QACN;AAAA,MAEF;AAAA,IACF;AAEA,UAAM,OAAO,KAAK,MAAM,OAAO;AAE/B,QAAI,CAAC,oBAAoB,IAAI,GAAG;AAC9B,aAAO,IAAI;AAAA,QACT,KAAK,UAAU,EAAE,OAAO,+BAA+B,CAAC;AAAA,QACxD,EAAE,QAAQ,KAAK,SAAS,EAAE,gBAAgB,mBAAmB,EAAE;AAAA,MACjE;AAAA,IACF;AAEA,UAAM,QAAQ,IAAuB;AAErC,WAAO,IAAI;AAAA,MACT,KAAK,UAAU,EAAE,SAAS,MAAM,SAAS,oBAAoB,CAAC;AAAA,MAC9D,EAAE,QAAQ,KAAK,SAAS,EAAE,gBAAgB,mBAAmB,EAAE;AAAA,IACjE;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,6BAA6B,KAAK;AAEhD,WAAO,IAAI,SAAS,KAAK,UAAU,EAAE,OAAO,wBAAwB,CAAC,GAAG;AAAA,MACtE,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,IAChD,CAAC;AAAA,EACH;AACF;AAEO,SAAS,0BACd,YACA,SACmB;AACnB,SAAO,OAAO,UAA2B;AACvC,QAAI,MAAM,eAAe,YAAY;AACnC,YAAM,IAAI;AAAA,QACR,wBAAwB,UAAU,WAAW,MAAM,UAAU;AAAA,MAC/D;AAAA,IACF;AACA,WAAO,QAAQ,KAAK;AAAA,EACtB;AACF;","names":[]}
+{"version":3,"sources":["../src/webhook.ts","../src/core/webhook/index.ts"],"sourcesContent":["export {\n  handleWebhook,\n  createTypedWebhookHandler,\n  createCustomerAuthWebhookHandler,\n  isValidWebhookEvent,\n  isCustomerPasswordResetWebhookEvent,\n  CUSTOMER_PASSWORD_RESET_OPERATION,\n} from './core/webhook'\nexport type {\n  CustomerAuthWebhookEvent,\n  CustomerAuthWebhookHandlers,\n  CustomerPasswordResetWebhookData,\n  CustomerPasswordResetWebhookEvent,\n  WebhookEvent,\n  WebhookHandler,\n  WebhookOperation,\n  WebhookOptions,\n} from './core/webhook'\n","import type { Collection } from '../client/types'\nimport type { CollectionType } from '../collection/types'\n\nexport type WebhookOperation = string\n\nexport interface WebhookEvent<\n  T extends Collection | string = Collection,\n  TData = T extends Collection ? CollectionType<T> : Record<string, unknown>,\n> {\n  collection: T\n  operation: WebhookOperation\n  data: TData\n  timestamp?: string\n  deliveryId?: string\n}\n\nexport type WebhookHandler<\n  T extends Collection | string = Collection,\n  TData = T extends Collection ? CollectionType<T> : Record<string, unknown>,\n> = (\n  event: WebhookEvent<T, TData>,\n) => Promise<void> | void\n\nexport interface WebhookOptions {\n  secret?: string\n  /** Max accepted skew for signed webhook delivery timestamps. Default: 300s. */\n  toleranceSeconds?: number\n}\n\nexport function isValidWebhookEvent(data: unknown): data is WebhookEvent {\n  if (typeof data !== 'object' || data === null) return false\n  const obj = data as Record<string, unknown>\n  return (\n    typeof obj.collection === 'string' &&\n    typeof obj.operation === 'string' &&\n    obj.operation.length > 0 &&\n    typeof obj.data === 'object' &&\n    obj.data !== null\n  )\n}\n\nexport const CUSTOMER_PASSWORD_RESET_OPERATION = 'password-reset' as const\n\nexport interface CustomerPasswordResetWebhookData {\n  customerId: string | number\n  email: string\n  name: string\n  resetPasswordToken: string\n  resetPasswordExpiresAt: string\n}\n\nexport type CustomerPasswordResetWebhookEvent = WebhookEvent<\n  'customers',\n  CustomerPasswordResetWebhookData\n> & {\n  operation: typeof CUSTOMER_PASSWORD_RESET_OPERATION\n}\n\nexport type CustomerAuthWebhookEvent = CustomerPasswordResetWebhookEvent\n\ntype MaybePromise<T> = T | Promise<T>\n\nexport interface CustomerAuthWebhookHandlers {\n  passwordReset?: (\n    data: CustomerPasswordResetWebhookData,\n    event: CustomerPasswordResetWebhookEvent,\n  ) => MaybePromise<void>\n  unhandled?: (event: WebhookEvent<string, unknown>) => MaybePromise<void>\n}\n\nfunction isRecord(value: unknown): value is Record<string, unknown> {\n  return typeof value === 'object' && value !== null\n}\n\nfunction hasString(value: Record<string, unknown>, key: string): boolean {\n  return typeof value[key] === 'string'\n}\n\nfunction hasStringOrNumber(\n  value: Record<string, unknown>,\n  key: string,\n): boolean {\n  return typeof value[key] === 'string' || typeof value[key] === 'number'\n}\n\nexport function isCustomerPasswordResetWebhookEvent(\n  event: WebhookEvent<string, unknown>,\n): event is CustomerPasswordResetWebhookEvent {\n  if (\n    event.collection !== 'customers' ||\n    event.operation !== CUSTOMER_PASSWORD_RESET_OPERATION ||\n    !isRecord(event.data)\n  ) {\n    return false\n  }\n\n  return (\n    hasStringOrNumber(event.data, 'customerId') &&\n    hasString(event.data, 'email') &&\n    hasString(event.data, 'name') &&\n    hasString(event.data, 'resetPasswordToken') &&\n    hasString(event.data, 'resetPasswordExpiresAt')\n  )\n}\n\nexport function createCustomerAuthWebhookHandler(\n  handlers: CustomerAuthWebhookHandlers,\n): WebhookHandler<string, unknown> {\n  return async (event) => {\n    if (isCustomerPasswordResetWebhookEvent(event) && handlers.passwordReset) {\n      await handlers.passwordReset(event.data, event)\n      return\n    }\n\n    await handlers.unhandled?.(event)\n  }\n}\n\nasync function verifySignature(\n  payload: string,\n  secret: string,\n  signature: string,\n  timestamp: string,\n  deliveryId: string,\n): Promise<boolean> {\n  const encoder = new TextEncoder()\n  const key = await crypto.subtle.importKey(\n    'raw',\n    encoder.encode(secret),\n    { name: 'HMAC', hash: 'SHA-256' },\n    false,\n    ['verify'],\n  )\n  // Validate and convert hex signature to Uint8Array\n  if (signature.length % 2 !== 0 || !/^[0-9a-fA-F]*$/.test(signature)) {\n    return false\n  }\n  const sigBytes = new Uint8Array(\n    (signature.match(/.{2}/g) ?? []).map((byte) => parseInt(byte, 16)),\n  )\n  // crypto.subtle.verify performs constant-time comparison internally\n  return crypto.subtle.verify(\n    'HMAC',\n    key,\n    sigBytes,\n    encoder.encode(`${timestamp}.${deliveryId}.${payload}`),\n  )\n}\n\nfunction timestampIsFresh(timestamp: string, toleranceSeconds: number): boolean {\n  if (!/^\\d+$/.test(timestamp)) return false\n  const timestampMs = Number(timestamp)\n  if (!Number.isFinite(timestampMs)) return false\n  const skewMs = Math.abs(Date.now() - timestampMs)\n  return skewMs <= toleranceSeconds * 1000\n}\n\nexport async function handleWebhook<\n  T extends Collection | string = Collection,\n  TData = T extends Collection ? CollectionType<T> : Record<string, unknown>,\n>(\n  request: Request,\n  handler: WebhookHandler<T, TData>,\n  options?: WebhookOptions,\n): Promise<Response> {\n  try {\n    const rawBody = await request.text()\n\n    if (options?.secret) {\n      const signature = request.headers.get('x-webhook-signature') || ''\n      const timestamp = request.headers.get('x-webhook-timestamp') || ''\n      const deliveryId = request.headers.get('x-webhook-delivery-id') || ''\n      const toleranceSeconds = options.toleranceSeconds ?? 300\n      const valid = Boolean(timestamp && deliveryId) &&\n        timestampIsFresh(timestamp, toleranceSeconds) &&\n        (await verifySignature(\n          rawBody,\n          options.secret,\n          signature,\n          timestamp,\n          deliveryId,\n        ))\n      if (!valid) {\n        return new Response(\n          JSON.stringify({ error: 'Invalid webhook signature' }),\n          { status: 401, headers: { 'Content-Type': 'application/json' } },\n        )\n      }\n    } else {\n      console.warn(\n        '[@01.software/sdk] Webhook signature verification is disabled. ' +\n          'Set { secret } in handleWebhook() options to enable HMAC-SHA256 verification.',\n      )\n    }\n\n    const body = JSON.parse(rawBody)\n\n    if (!isValidWebhookEvent(body)) {\n      return new Response(\n        JSON.stringify({ error: 'Invalid webhook event format' }),\n        { status: 400, headers: { 'Content-Type': 'application/json' } },\n      )\n    }\n\n    await handler(body as WebhookEvent<T, TData>)\n\n    return new Response(\n      JSON.stringify({ success: true, message: 'Webhook processed' }),\n      { status: 200, headers: { 'Content-Type': 'application/json' } },\n    )\n  } catch (error) {\n    console.error('Webhook processing error:', error)\n\n    return new Response(JSON.stringify({ error: 'Internal server error' }), {\n      status: 500,\n      headers: { 'Content-Type': 'application/json' },\n    })\n  }\n}\n\nexport function createTypedWebhookHandler<T extends Collection>(\n  collection: T,\n  handler: (event: WebhookEvent<T>) => Promise<void> | void,\n): WebhookHandler<T> {\n  return async (event: WebhookEvent<T>) => {\n    if (event.collection !== collection) {\n      throw new Error(\n        `Expected collection \"${collection}\", got \"${event.collection}\"`,\n      )\n    }\n    return handler(event)\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;AC6BO,SAAS,oBAAoB,MAAqC;AACvE,MAAI,OAAO,SAAS,YAAY,SAAS,KAAM,QAAO;AACtD,QAAM,MAAM;AACZ,SACE,OAAO,IAAI,eAAe,YAC1B,OAAO,IAAI,cAAc,YACzB,IAAI,UAAU,SAAS,KACvB,OAAO,IAAI,SAAS,YACpB,IAAI,SAAS;AAEjB;AAEO,IAAM,oCAAoC;AA6BjD,SAAS,SAAS,OAAkD;AAClE,SAAO,OAAO,UAAU,YAAY,UAAU;AAChD;AAEA,SAAS,UAAU,OAAgC,KAAsB;AACvE,SAAO,OAAO,MAAM,GAAG,MAAM;AAC/B;AAEA,SAAS,kBACP,OACA,KACS;AACT,SAAO,OAAO,MAAM,GAAG,MAAM,YAAY,OAAO,MAAM,GAAG,MAAM;AACjE;AAEO,SAAS,oCACd,OAC4C;AAC5C,MACE,MAAM,eAAe,eACrB,MAAM,cAAc,qCACpB,CAAC,SAAS,MAAM,IAAI,GACpB;AACA,WAAO;AAAA,EACT;AAEA,SACE,kBAAkB,MAAM,MAAM,YAAY,KAC1C,UAAU,MAAM,MAAM,OAAO,KAC7B,UAAU,MAAM,MAAM,MAAM,KAC5B,UAAU,MAAM,MAAM,oBAAoB,KAC1C,UAAU,MAAM,MAAM,wBAAwB;AAElD;AAEO,SAAS,iCACd,UACiC;AACjC,SAAO,OAAO,UAAU;AACtB,QAAI,oCAAoC,KAAK,KAAK,SAAS,eAAe;AACxE,YAAM,SAAS,cAAc,MAAM,MAAM,KAAK;AAC9C;AAAA,IACF;AAEA,UAAM,SAAS,YAAY,KAAK;AAAA,EAClC;AACF;AAEA,eAAe,gBACb,SACA,QACA,WACA,WACA,YACkB;AAClB,QAAM,UAAU,IAAI,YAAY;AAChC,QAAM,MAAM,MAAM,OAAO,OAAO;AAAA,IAC9B;AAAA,IACA,QAAQ,OAAO,MAAM;AAAA,IACrB,EAAE,MAAM,QAAQ,MAAM,UAAU;AAAA,IAChC;AAAA,IACA,CAAC,QAAQ;AAAA,EACX;AAEA,MAAI,UAAU,SAAS,MAAM,KAAK,CAAC,iBAAiB,KAAK,SAAS,GAAG;AACnE,WAAO;AAAA,EACT;AACA,QAAM,WAAW,IAAI;AAAA,KAClB,UAAU,MAAM,OAAO,KAAK,CAAC,GAAG,IAAI,CAAC,SAAS,SAAS,MAAM,EAAE,CAAC;AAAA,EACnE;AAEA,SAAO,OAAO,OAAO;AAAA,IACnB;AAAA,IACA;AAAA,IACA;AAAA,IACA,QAAQ,OAAO,GAAG,SAAS,IAAI,UAAU,IAAI,OAAO,EAAE;AAAA,EACxD;AACF;AAEA,SAAS,iBAAiB,WAAmB,kBAAmC;AAC9E,MAAI,CAAC,QAAQ,KAAK,SAAS,EAAG,QAAO;AACrC,QAAM,cAAc,OAAO,SAAS;AACpC,MAAI,CAAC,OAAO,SAAS,WAAW,EAAG,QAAO;AAC1C,QAAM,SAAS,KAAK,IAAI,KAAK,IAAI,IAAI,WAAW;AAChD,SAAO,UAAU,mBAAmB;AACtC;AAEA,eAAsB,cAIpB,SACA,SACA,SACmB;AACnB,MAAI;AACF,UAAM,UAAU,MAAM,QAAQ,KAAK;AAEnC,QAAI,SAAS,QAAQ;AACnB,YAAM,YAAY,QAAQ,QAAQ,IAAI,qBAAqB,KAAK;AAChE,YAAM,YAAY,QAAQ,QAAQ,IAAI,qBAAqB,KAAK;AAChE,YAAM,aAAa,QAAQ,QAAQ,IAAI,uBAAuB,KAAK;AACnE,YAAM,mBAAmB,QAAQ,oBAAoB;AACrD,YAAM,QAAQ,QAAQ,aAAa,UAAU,KAC3C,iBAAiB,WAAW,gBAAgB,KAC3C,MAAM;AAAA,QACL;AAAA,QACA,QAAQ;AAAA,QACR;AAAA,QACA;AAAA,QACA;AAAA,MACF;AACF,UAAI,CAAC,OAAO;AACV,eAAO,IAAI;AAAA,UACT,KAAK,UAAU,EAAE,OAAO,4BAA4B,CAAC;AAAA,UACrD,EAAE,QAAQ,KAAK,SAAS,EAAE,gBAAgB,mBAAmB,EAAE;AAAA,QACjE;AAAA,MACF;AAAA,IACF,OAAO;AACL,cAAQ;AAAA,QACN;AAAA,MAEF;AAAA,IACF;AAEA,UAAM,OAAO,KAAK,MAAM,OAAO;AAE/B,QAAI,CAAC,oBAAoB,IAAI,GAAG;AAC9B,aAAO,IAAI;AAAA,QACT,KAAK,UAAU,EAAE,OAAO,+BAA+B,CAAC;AAAA,QACxD,EAAE,QAAQ,KAAK,SAAS,EAAE,gBAAgB,mBAAmB,EAAE;AAAA,MACjE;AAAA,IACF;AAEA,UAAM,QAAQ,IAA8B;AAE5C,WAAO,IAAI;AAAA,MACT,KAAK,UAAU,EAAE,SAAS,MAAM,SAAS,oBAAoB,CAAC;AAAA,MAC9D,EAAE,QAAQ,KAAK,SAAS,EAAE,gBAAgB,mBAAmB,EAAE;AAAA,IACjE;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,6BAA6B,KAAK;AAEhD,WAAO,IAAI,SAAS,KAAK,UAAU,EAAE,OAAO,wBAAwB,CAAC,GAAG;AAAA,MACtE,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,IAChD,CAAC;AAAA,EACH;AACF;AAEO,SAAS,0BACd,YACA,SACmB;AACnB,SAAO,OAAO,UAA2B;AACvC,QAAI,MAAM,eAAe,YAAY;AACnC,YAAM,IAAI;AAAA,QACR,wBAAwB,UAAU,WAAW,MAAM,UAAU;AAAA,MAC/D;AAAA,IACF;AACA,WAAO,QAAQ,KAAK;AAAA,EACtB;AACF;","names":[]}

package/dist/webhook.d.cts

@@ -1,3 +1,3 @@
-export { a as WebhookEvent, b as WebhookHandler, W as WebhookOperation, c as WebhookOptions, d as createTypedWebhookHandler, h as handleWebhook, i as isValidWebhookEvent } from './webhook-Dm2zz7FQ.cjs';
-import './const-D2K5HxpP.cjs';
-import './payload-types-CMoyAOjJ.cjs';
+export { d as CUSTOMER_PASSWORD_RESET_OPERATION, g as CustomerAuthWebhookEvent, h as CustomerAuthWebhookHandlers, e as CustomerPasswordResetWebhookData, f as CustomerPasswordResetWebhookEvent, a as WebhookEvent, b as WebhookHandler, W as WebhookOperation, c as WebhookOptions, k as createCustomerAuthWebhookHandler, m as createTypedWebhookHandler, l as handleWebhook, j as isCustomerPasswordResetWebhookEvent, i as isValidWebhookEvent } from './webhook-CJq7v5Da.cjs';
+import './const-CkhnGqnb.cjs';
+import './payload-types-DfQct8Dj.cjs';

package/dist/webhook.d.ts

@@ -1,3 +1,3 @@
-export { a as WebhookEvent, b as WebhookHandler, W as WebhookOperation, c as WebhookOptions, d as createTypedWebhookHandler, h as handleWebhook, i as isValidWebhookEvent } from './webhook-IhuUWnt5.js';
-import './const-DG8TrouX.js';
-import './payload-types-CMoyAOjJ.js';
+export { d as CUSTOMER_PASSWORD_RESET_OPERATION, g as CustomerAuthWebhookEvent, h as CustomerAuthWebhookHandlers, e as CustomerPasswordResetWebhookData, f as CustomerPasswordResetWebhookEvent, a as WebhookEvent, b as WebhookHandler, W as WebhookOperation, c as WebhookOptions, k as createCustomerAuthWebhookHandler, m as createTypedWebhookHandler, l as handleWebhook, j as isCustomerPasswordResetWebhookEvent, i as isValidWebhookEvent } from './webhook-CKqXQInG.js';
+import './const-B9oeZoDy.js';
+import './payload-types-DfQct8Dj.js';