@01.software/sdk 0.30.1 → 0.31.0

package/dist/{collection-client-B9d9kr1d.d.ts → collection-client-ByzY3hWK.d.ts}

@@ -1,7 +1,7 @@
-import { D as DebugConfig, R as RetryConfig, A as ApiQueryOptions, P as PayloadFindResponse, g as PayloadMutationResponse } from './types-DuSKPiY5.js';
+import { D as DebugConfig, R as RetryConfig, A as ApiQueryOptions, P as PayloadFindResponse, g as PayloadMutationResponse } from './types-BX2mqDf6.js';
 import { GenerateMetadataOptions, Metadata } from './metadata.js';
-import { c as ServerCollection, P as PublicCollection } from './const-B75IFDRi.js';
-import { C as CollectionType } from './types-1fBLrYU7.js';
+import { c as ServerCollection, P as PublicCollection } from './const-BGCP-OJL.js';
+import { C as CollectionType } from './types-CVA10VC-.js';
 
 interface FetchOptions extends RequestInit {
     apiUrl?: string;

package/dist/{collection-client-QPbwimkU.d.cts → collection-client-DFXXz0vk.d.cts}

@@ -1,7 +1,7 @@
-import { D as DebugConfig, R as RetryConfig, A as ApiQueryOptions, P as PayloadFindResponse, g as PayloadMutationResponse } from './types-Dlb2mwpX.cjs';
+import { D as DebugConfig, R as RetryConfig, A as ApiQueryOptions, P as PayloadFindResponse, g as PayloadMutationResponse } from './types-DChFjQGz.cjs';
 import { GenerateMetadataOptions, Metadata } from './metadata.cjs';
-import { c as ServerCollection, P as PublicCollection } from './const-VZuk2tWc.cjs';
-import { C as CollectionType } from './types-BwT0eeaz.cjs';
+import { c as ServerCollection, P as PublicCollection } from './const-AytzliEu.cjs';
+import { C as CollectionType } from './types-CmLG-7RL.cjs';
 
 interface FetchOptions extends RequestInit {
     apiUrl?: string;

package/dist/{const-VZuk2tWc.d.cts → const-AytzliEu.d.cts}

@@ -1,4 +1,4 @@
-import { c as Config } from './payload-types-DPjO_IbQ.cjs';
+import { e as Config } from './payload-types-Wa4-eC6x.cjs';
 
 /**
  * Collection type derived from Payload Config.
@@ -9,12 +9,12 @@ type Collection = keyof Config['collections'];
  * Internal collections that should not be exposed via SDK.
  * Includes Payload system collections and admin-only collections.
  */
-declare const INTERNAL_COLLECTIONS: readonly ["users", "payload-kv", "payload-locked-documents", "payload-preferences", "payload-migrations", "payload-folders", "field-configs", "system-media", "track-assets", "audiences", "email-logs", "api-usage", "tenant-analytics-daily", "tenant-web-analytics-config", "analytics-event-schemas", "subscriptions", "billing-history", "inventory-reservations", "order-status-logs", "api-keys", "personal-access-tokens", "tenant-entitlements", "tenant-purge-jobs", "direct-upload-sessions", "webhook-events", "webhook-deliveries", "audit-logs", "plans", "webhooks", "event-registrations"];
+declare const INTERNAL_COLLECTIONS: readonly ["users", "payload-kv", "payload-locked-documents", "payload-preferences", "payload-migrations", "payload-folders", "field-configs", "system-media", "track-assets", "audiences", "email-logs", "api-usage", "tenant-analytics-daily", "tenant-web-analytics-config", "analytics-event-schemas", "subscriptions", "billing-history", "inventory-reservations", "product-collection-items", "order-status-logs", "api-keys", "personal-access-tokens", "tenant-entitlements", "tenant-purge-jobs", "direct-upload-sessions", "webhook-events", "webhook-deliveries", "audit-logs", "plans", "webhooks", "event-registrations"];
 /**
  * Array of all public collection names for runtime use (e.g., Zod enum validation).
  * This is the single source of truth for which collections are publicly accessible via SDK.
  */
-declare const COLLECTIONS: readonly ["tenants", "tenant-metadata", "tenant-logos", "products", "product-variants", "product-options", "product-option-values", "product-categories", "product-tags", "product-collections", "brands", "brand-logos", "orders", "order-items", "returns", "return-items", "fulfillments", "fulfillment-items", "transactions", "customers", "customer-profiles", "customer-profile-lists", "customer-addresses", "carts", "cart-items", "discounts", "shipping-policies", "shipping-zones", "documents", "document-categories", "document-types", "articles", "article-authors", "article-categories", "article-tags", "playlists", "playlist-categories", "playlist-tags", "tracks", "track-categories", "track-tags", "galleries", "gallery-categories", "gallery-tags", "gallery-items", "links", "link-categories", "link-tags", "canvases", "canvas-node-types", "canvas-edge-types", "canvas-categories", "canvas-tags", "canvas-nodes", "canvas-edges", "videos", "video-categories", "video-tags", "live-streams", "images", "forms", "form-submissions", "posts", "comments", "reactions", "reaction-types", "bookmarks", "post-categories", "event-calendars", "events", "event-categories", "event-occurrences", "event-tags"];
+declare const COLLECTIONS: readonly ["tenants", "tenant-metadata", "tenant-logos", "products", "product-variants", "product-options", "product-option-values", "product-categories", "product-tags", "product-collections", "brands", "brand-logos", "orders", "order-items", "returns", "return-items", "fulfillments", "fulfillment-items", "transactions", "customers", "customer-profiles", "customer-addresses", "carts", "cart-items", "discounts", "shipping-policies", "shipping-zones", "documents", "document-categories", "document-types", "articles", "article-authors", "article-categories", "article-tags", "playlists", "playlist-categories", "playlist-tags", "tracks", "track-categories", "track-tags", "galleries", "gallery-categories", "gallery-tags", "gallery-items", "links", "link-categories", "link-tags", "canvases", "canvas-node-types", "canvas-edge-types", "canvas-categories", "canvas-tags", "canvas-nodes", "canvas-edges", "videos", "video-categories", "video-tags", "live-streams", "images", "forms", "form-submissions", "posts", "comments", "reactions", "reaction-types", "bookmarks", "post-categories", "customer-profile-lists", "event-calendars", "events", "event-categories", "event-occurrences", "event-tags"];
 /**
  * Server-auth collection names for runtime use. These collections are safe for
  * secret-key/PAT SDK and MCP server tools, but must not appear in browser or
@@ -26,7 +26,7 @@ declare const SERVER_ONLY_COLLECTIONS: readonly ["customer-groups", "reports", "
  * Derived from the COLLECTIONS array (single source of truth).
  */
 type PublicCollection = (typeof COLLECTIONS)[number];
-declare const SERVER_COLLECTIONS: readonly ["tenants", "tenant-metadata", "tenant-logos", "products", "product-variants", "product-options", "product-option-values", "product-categories", "product-tags", "product-collections", "brands", "brand-logos", "orders", "order-items", "returns", "return-items", "fulfillments", "fulfillment-items", "transactions", "customers", "customer-profiles", "customer-profile-lists", "customer-addresses", "carts", "cart-items", "discounts", "shipping-policies", "shipping-zones", "documents", "document-categories", "document-types", "articles", "article-authors", "article-categories", "article-tags", "playlists", "playlist-categories", "playlist-tags", "tracks", "track-categories", "track-tags", "galleries", "gallery-categories", "gallery-tags", "gallery-items", "links", "link-categories", "link-tags", "canvases", "canvas-node-types", "canvas-edge-types", "canvas-categories", "canvas-tags", "canvas-nodes", "canvas-edges", "videos", "video-categories", "video-tags", "live-streams", "images", "forms", "form-submissions", "posts", "comments", "reactions", "reaction-types", "bookmarks", "post-categories", "event-calendars", "events", "event-categories", "event-occurrences", "event-tags", "customer-groups", "reports", "community-bans"];
+declare const SERVER_COLLECTIONS: readonly ["tenants", "tenant-metadata", "tenant-logos", "products", "product-variants", "product-options", "product-option-values", "product-categories", "product-tags", "product-collections", "brands", "brand-logos", "orders", "order-items", "returns", "return-items", "fulfillments", "fulfillment-items", "transactions", "customers", "customer-profiles", "customer-addresses", "carts", "cart-items", "discounts", "shipping-policies", "shipping-zones", "documents", "document-categories", "document-types", "articles", "article-authors", "article-categories", "article-tags", "playlists", "playlist-categories", "playlist-tags", "tracks", "track-categories", "track-tags", "galleries", "gallery-categories", "gallery-tags", "gallery-items", "links", "link-categories", "link-tags", "canvases", "canvas-node-types", "canvas-edge-types", "canvas-categories", "canvas-tags", "canvas-nodes", "canvas-edges", "videos", "video-categories", "video-tags", "live-streams", "images", "forms", "form-submissions", "posts", "comments", "reactions", "reaction-types", "bookmarks", "post-categories", "customer-profile-lists", "event-calendars", "events", "event-categories", "event-occurrences", "event-tags", "customer-groups", "reports", "community-bans"];
 type ServerCollection = (typeof SERVER_COLLECTIONS)[number];
 
 export { type Collection as C, INTERNAL_COLLECTIONS as I, type PublicCollection as P, SERVER_COLLECTIONS as S, COLLECTIONS as a, SERVER_ONLY_COLLECTIONS as b, type ServerCollection as c };

package/dist/{const-B75IFDRi.d.ts → const-BGCP-OJL.d.ts}

@@ -1,4 +1,4 @@
-import { c as Config } from './payload-types-DPjO_IbQ.js';
+import { e as Config } from './payload-types-Wa4-eC6x.js';
 
 /**
  * Collection type derived from Payload Config.
@@ -9,12 +9,12 @@ type Collection = keyof Config['collections'];
  * Internal collections that should not be exposed via SDK.
  * Includes Payload system collections and admin-only collections.
  */
-declare const INTERNAL_COLLECTIONS: readonly ["users", "payload-kv", "payload-locked-documents", "payload-preferences", "payload-migrations", "payload-folders", "field-configs", "system-media", "track-assets", "audiences", "email-logs", "api-usage", "tenant-analytics-daily", "tenant-web-analytics-config", "analytics-event-schemas", "subscriptions", "billing-history", "inventory-reservations", "order-status-logs", "api-keys", "personal-access-tokens", "tenant-entitlements", "tenant-purge-jobs", "direct-upload-sessions", "webhook-events", "webhook-deliveries", "audit-logs", "plans", "webhooks", "event-registrations"];
+declare const INTERNAL_COLLECTIONS: readonly ["users", "payload-kv", "payload-locked-documents", "payload-preferences", "payload-migrations", "payload-folders", "field-configs", "system-media", "track-assets", "audiences", "email-logs", "api-usage", "tenant-analytics-daily", "tenant-web-analytics-config", "analytics-event-schemas", "subscriptions", "billing-history", "inventory-reservations", "product-collection-items", "order-status-logs", "api-keys", "personal-access-tokens", "tenant-entitlements", "tenant-purge-jobs", "direct-upload-sessions", "webhook-events", "webhook-deliveries", "audit-logs", "plans", "webhooks", "event-registrations"];
 /**
  * Array of all public collection names for runtime use (e.g., Zod enum validation).
  * This is the single source of truth for which collections are publicly accessible via SDK.
  */
-declare const COLLECTIONS: readonly ["tenants", "tenant-metadata", "tenant-logos", "products", "product-variants", "product-options", "product-option-values", "product-categories", "product-tags", "product-collections", "brands", "brand-logos", "orders", "order-items", "returns", "return-items", "fulfillments", "fulfillment-items", "transactions", "customers", "customer-profiles", "customer-profile-lists", "customer-addresses", "carts", "cart-items", "discounts", "shipping-policies", "shipping-zones", "documents", "document-categories", "document-types", "articles", "article-authors", "article-categories", "article-tags", "playlists", "playlist-categories", "playlist-tags", "tracks", "track-categories", "track-tags", "galleries", "gallery-categories", "gallery-tags", "gallery-items", "links", "link-categories", "link-tags", "canvases", "canvas-node-types", "canvas-edge-types", "canvas-categories", "canvas-tags", "canvas-nodes", "canvas-edges", "videos", "video-categories", "video-tags", "live-streams", "images", "forms", "form-submissions", "posts", "comments", "reactions", "reaction-types", "bookmarks", "post-categories", "event-calendars", "events", "event-categories", "event-occurrences", "event-tags"];
+declare const COLLECTIONS: readonly ["tenants", "tenant-metadata", "tenant-logos", "products", "product-variants", "product-options", "product-option-values", "product-categories", "product-tags", "product-collections", "brands", "brand-logos", "orders", "order-items", "returns", "return-items", "fulfillments", "fulfillment-items", "transactions", "customers", "customer-profiles", "customer-addresses", "carts", "cart-items", "discounts", "shipping-policies", "shipping-zones", "documents", "document-categories", "document-types", "articles", "article-authors", "article-categories", "article-tags", "playlists", "playlist-categories", "playlist-tags", "tracks", "track-categories", "track-tags", "galleries", "gallery-categories", "gallery-tags", "gallery-items", "links", "link-categories", "link-tags", "canvases", "canvas-node-types", "canvas-edge-types", "canvas-categories", "canvas-tags", "canvas-nodes", "canvas-edges", "videos", "video-categories", "video-tags", "live-streams", "images", "forms", "form-submissions", "posts", "comments", "reactions", "reaction-types", "bookmarks", "post-categories", "customer-profile-lists", "event-calendars", "events", "event-categories", "event-occurrences", "event-tags"];
 /**
  * Server-auth collection names for runtime use. These collections are safe for
  * secret-key/PAT SDK and MCP server tools, but must not appear in browser or
@@ -26,7 +26,7 @@ declare const SERVER_ONLY_COLLECTIONS: readonly ["customer-groups", "reports", "
  * Derived from the COLLECTIONS array (single source of truth).
  */
 type PublicCollection = (typeof COLLECTIONS)[number];
-declare const SERVER_COLLECTIONS: readonly ["tenants", "tenant-metadata", "tenant-logos", "products", "product-variants", "product-options", "product-option-values", "product-categories", "product-tags", "product-collections", "brands", "brand-logos", "orders", "order-items", "returns", "return-items", "fulfillments", "fulfillment-items", "transactions", "customers", "customer-profiles", "customer-profile-lists", "customer-addresses", "carts", "cart-items", "discounts", "shipping-policies", "shipping-zones", "documents", "document-categories", "document-types", "articles", "article-authors", "article-categories", "article-tags", "playlists", "playlist-categories", "playlist-tags", "tracks", "track-categories", "track-tags", "galleries", "gallery-categories", "gallery-tags", "gallery-items", "links", "link-categories", "link-tags", "canvases", "canvas-node-types", "canvas-edge-types", "canvas-categories", "canvas-tags", "canvas-nodes", "canvas-edges", "videos", "video-categories", "video-tags", "live-streams", "images", "forms", "form-submissions", "posts", "comments", "reactions", "reaction-types", "bookmarks", "post-categories", "event-calendars", "events", "event-categories", "event-occurrences", "event-tags", "customer-groups", "reports", "community-bans"];
+declare const SERVER_COLLECTIONS: readonly ["tenants", "tenant-metadata", "tenant-logos", "products", "product-variants", "product-options", "product-option-values", "product-categories", "product-tags", "product-collections", "brands", "brand-logos", "orders", "order-items", "returns", "return-items", "fulfillments", "fulfillment-items", "transactions", "customers", "customer-profiles", "customer-addresses", "carts", "cart-items", "discounts", "shipping-policies", "shipping-zones", "documents", "document-categories", "document-types", "articles", "article-authors", "article-categories", "article-tags", "playlists", "playlist-categories", "playlist-tags", "tracks", "track-categories", "track-tags", "galleries", "gallery-categories", "gallery-tags", "gallery-items", "links", "link-categories", "link-tags", "canvases", "canvas-node-types", "canvas-edge-types", "canvas-categories", "canvas-tags", "canvas-nodes", "canvas-edges", "videos", "video-categories", "video-tags", "live-streams", "images", "forms", "form-submissions", "posts", "comments", "reactions", "reaction-types", "bookmarks", "post-categories", "customer-profile-lists", "event-calendars", "events", "event-categories", "event-occurrences", "event-tags", "customer-groups", "reports", "community-bans"];
 type ServerCollection = (typeof SERVER_COLLECTIONS)[number];
 
 export { type Collection as C, INTERNAL_COLLECTIONS as I, type PublicCollection as P, SERVER_COLLECTIONS as S, COLLECTIONS as a, SERVER_ONLY_COLLECTIONS as b, type ServerCollection as c };

package/dist/{index-B2WbhEgT.d.cts → index-BGEhoDUs.d.cts}

@@ -25,7 +25,7 @@ declare class ValidationError extends SDKError {
     constructor(message: string, details?: unknown, userMessage?: string, suggestion?: string, status?: number);
 }
 declare class ApiError extends SDKError {
-    constructor(message: string, status: number, details?: unknown, userMessage?: string, suggestion?: string);
+    constructor(message: string, status: number, details?: unknown, userMessage?: string, suggestion?: string, requestId?: string);
 }
 declare class ConfigError extends SDKError {
     constructor(message: string, details?: unknown, userMessage?: string, suggestion?: string);

package/dist/{index-B2WbhEgT.d.ts → index-BGEhoDUs.d.ts}

@@ -25,7 +25,7 @@ declare class ValidationError extends SDKError {
     constructor(message: string, details?: unknown, userMessage?: string, suggestion?: string, status?: number);
 }
 declare class ApiError extends SDKError {
-    constructor(message: string, status: number, details?: unknown, userMessage?: string, suggestion?: string);
+    constructor(message: string, status: number, details?: unknown, userMessage?: string, suggestion?: string, requestId?: string);
 }
 declare class ConfigError extends SDKError {
     constructor(message: string, details?: unknown, userMessage?: string, suggestion?: string);

package/dist/index.cjs

@@ -53,6 +53,7 @@ __export(src_exports, {
   UsageLimitError: () => UsageLimitError,
   ValidationError: () => ValidationError,
   buildProductHref: () => buildProductHref,
+  buildProductListingCard: () => buildProductListingCard,
   buildProductListingGroupsByOption: () => buildProductListingGroupsByOption,
   buildProductListingProjection: () => buildProductListingProjection,
   buildProductOptionMatrix: () => buildProductOptionMatrix,
@@ -158,8 +159,16 @@ var ValidationError = class extends SDKError {
   }
 };
 var ApiError = class extends SDKError {
-  constructor(message, status, details, userMessage, suggestion) {
-    super("API_ERROR", message, status, details, userMessage, suggestion);
+  constructor(message, status, details, userMessage, suggestion, requestId) {
+    super(
+      "API_ERROR",
+      message,
+      status,
+      details,
+      userMessage,
+      suggestion,
+      requestId
+    );
     this.name = "ApiError";
   }
 };
@@ -210,19 +219,43 @@ var UsageLimitError = class extends SDKError {
 };
 var AuthError = class extends SDKError {
   constructor(message, details, userMessage, suggestion, requestId) {
-    super("auth_error", message, 401, details, userMessage, suggestion, requestId);
+    super(
+      "auth_error",
+      message,
+      401,
+      details,
+      userMessage,
+      suggestion,
+      requestId
+    );
     this.name = "AuthError";
   }
 };
 var PermissionError = class extends SDKError {
   constructor(message, details, userMessage, suggestion, requestId) {
-    super("permission_error", message, 403, details, userMessage, suggestion, requestId);
+    super(
+      "permission_error",
+      message,
+      403,
+      details,
+      userMessage,
+      suggestion,
+      requestId
+    );
     this.name = "PermissionError";
   }
 };
 var NotFoundError = class extends SDKError {
   constructor(message, details, userMessage, suggestion, requestId) {
-    super("not_found", message, 404, details, userMessage, suggestion, requestId);
+    super(
+      "not_found",
+      message,
+      404,
+      details,
+      userMessage,
+      suggestion,
+      requestId
+    );
     this.name = "NotFoundError";
   }
 };
@@ -234,7 +267,15 @@ var ConflictError = class extends SDKError {
 };
 var RateLimitError = class extends SDKError {
   constructor(message, retryAfter, details, userMessage, suggestion, requestId) {
-    super("rate_limit_exceeded", message, 429, details, userMessage, suggestion, requestId);
+    super(
+      "rate_limit_exceeded",
+      message,
+      429,
+      details,
+      userMessage,
+      suggestion,
+      requestId
+    );
     this.name = "RateLimitError";
     this.retryAfter = retryAfter;
   }
@@ -283,7 +324,7 @@ function isRateLimitError(error) {
 }
 var createNetworkError = (message, status, details, userMessage, suggestion) => new NetworkError(message, status, details, userMessage, suggestion);
 var createValidationError = (message, details, userMessage, suggestion, status) => new ValidationError(message, details, userMessage, suggestion, status);
-var createApiError = (message, status, details, userMessage, suggestion) => new ApiError(message, status, details, userMessage, suggestion);
+var createApiError = (message, status, details, userMessage, suggestion, requestId) => new ApiError(message, status, details, userMessage, suggestion, requestId);
 var createConfigError = (message, details, userMessage, suggestion) => new ConfigError(message, details, userMessage, suggestion);
 var createTimeoutError = (message, details, userMessage, suggestion) => new TimeoutError(message, details, userMessage, suggestion);
 var createUsageLimitError = (message, usage, details, userMessage, suggestion) => new UsageLimitError(message, usage, details, userMessage, suggestion);
@@ -291,7 +332,14 @@ var createAuthError = (message, details, userMessage, suggestion, requestId) =>
 var createPermissionError = (message, details, userMessage, suggestion, requestId) => new PermissionError(message, details, userMessage, suggestion, requestId);
 var createNotFoundError = (message, details, userMessage, suggestion, requestId) => new NotFoundError(message, details, userMessage, suggestion, requestId);
 var createConflictError = (message, details, userMessage, suggestion, requestId) => new ConflictError(message, details, userMessage, suggestion, requestId);
-var createRateLimitError = (message, retryAfter, details, userMessage, suggestion, requestId) => new RateLimitError(message, retryAfter, details, userMessage, suggestion, requestId);
+var createRateLimitError = (message, retryAfter, details, userMessage, suggestion, requestId) => new RateLimitError(
+  message,
+  retryAfter,
+  details,
+  userMessage,
+  suggestion,
+  requestId
+);
 
 // src/core/internal/utils/credentials.ts
 function requirePublishableKeyForSecret(apiName, publishableKey, secretKey) {
@@ -331,6 +379,22 @@ function debugLog(debug, type, message, data) {
     console.groupEnd();
   }
 }
+function redactSensitiveHeader(value) {
+  const prefix = value.toLowerCase().startsWith("bearer ") ? "Bearer " : "";
+  return value.length > 20 ? `${prefix}...****${value.slice(-8)}` : "****";
+}
+function redactSensitiveHeaders(headers) {
+  const redacted = Object.fromEntries(headers.entries());
+  if (redacted.authorization) {
+    redacted.authorization = redactSensitiveHeader(redacted.authorization);
+  }
+  if (redacted["x-preview-token"]) {
+    redacted["x-preview-token"] = redactSensitiveHeader(
+      redacted["x-preview-token"]
+    );
+  }
+  return redacted;
+}
 function getErrorSuggestion(status) {
   if (status === 400)
     return "The request data failed validation. Check field values and types.";
@@ -405,6 +469,12 @@ async function parseErrorBody(response) {
     return fallback;
   }
 }
+function getParsedErrorSuggestion(status, parsed) {
+  if (status === 403 && parsed.reason === "origin_not_allowed") {
+    return "Add the request origin to the tenant Browser API origins, then retry the browser request.";
+  }
+  return getErrorSuggestion(status);
+}
 async function delay(ms) {
   return new Promise((resolve) => setTimeout(resolve, ms));
 }
@@ -418,7 +488,7 @@ function createHttpStatusError(status, parsed, details, requestId) {
     ...parsed.errors && { errors: parsed.errors },
     ...parsed.body && { body: parsed.body }
   };
-  const suggestion = getErrorSuggestion(status);
+  const suggestion = getParsedErrorSuggestion(status, parsed);
   if (status === 400 || status === 422) {
     return attachRequestId(
       createValidationError(
@@ -524,11 +594,7 @@ async function httpFetch(url, options) {
       if (!headers.has("Content-Type") && requestInit.body && !(requestInit.body instanceof FormData)) {
         headers.set("Content-Type", "application/json");
       }
-      const redactedHeaders = Object.fromEntries(headers.entries());
-      if (redactedHeaders["authorization"]) {
-        const token = redactedHeaders["authorization"];
-        redactedHeaders["authorization"] = token.length > 20 ? `Bearer ...****${token.slice(-8)}` : "****";
-      }
+      const redactedHeaders = redactSensitiveHeaders(headers);
       debugLog(debug, "request", url, {
         method: requestInit.method || "GET",
         headers: redactedHeaders,
@@ -546,7 +612,7 @@ async function httpFetch(url, options) {
       debugLog(debug, "response", url, {
         status: response.status,
         statusText: response.statusText,
-        headers: Object.fromEntries(response.headers.entries())
+        headers: redactSensitiveHeaders(response.headers)
       });
       if (!response.ok) {
         if (isUsageLimitExceededResponse(response)) {
@@ -979,7 +1045,7 @@ async function parseApiResponse(response, endpoint) {
     if (reason === "validation_failed") {
       throw attachRequestId(createValidationError(errorMessage, data, errorMessage), requestId);
     }
-    if (reason === "token_expired" || reason === "token_invalid" || reason === "key_invalid" || reason === "key_revoked") {
+    if (reason === "token_expired" || reason === "token_invalid" || reason === "preview_token_invalid" || reason === "preview_token_required" || reason === "key_invalid" || reason === "key_revoked") {
       throw attachRequestId(createAuthError(errorMessage, data, errorMessage), requestId);
     }
     if (reason === "forbidden") {
@@ -1909,6 +1975,7 @@ var INTERNAL_COLLECTIONS = [
   "subscriptions",
   "billing-history",
   "inventory-reservations",
+  "product-collection-items",
   "order-status-logs",
   "api-keys",
   "personal-access-tokens",
@@ -1944,7 +2011,6 @@ var COLLECTIONS = [
   "transactions",
   "customers",
   "customer-profiles",
-  "customer-profile-lists",
   "customer-addresses",
   "carts",
   "cart-items",
@@ -1992,6 +2058,7 @@ var COLLECTIONS = [
   "reaction-types",
   "bookmarks",
   "post-categories",
+  "customer-profile-lists",
   // Events
   "event-calendars",
   "events",
@@ -2832,17 +2899,21 @@ function mediaArray(values) {
   return values.filter(isPresentMedia);
 }
 function buildSelectionMedia(detail, selectedVariant, matchingVariants, selectedValues) {
+  const selectedVariantImages = mediaArray(selectedVariant?.images);
   const selectedValueImages = selectedValues.flatMap(
     (value) => mediaArray(value.images)
   );
+  const matchingVariantImages = matchingVariants.flatMap(
+    (variant) => mediaArray(variant.images)
+  );
   const selectedValuePrimary = selectedValues.map((value) => firstMedia(value.thumbnail) ?? firstMedia(value.images)).find((value) => value != null) ?? null;
   const selectedVariantPrimary = firstMedia(selectedVariant?.thumbnail) ?? firstMedia(selectedVariant?.images);
   const matchingVariantPrimary = matchingVariants.map(
     (variant) => firstMedia(variant.thumbnail) ?? firstMedia(variant.images)
   ).find((value) => value != null) ?? null;
   const detailImages = mediaArray(detail.images);
-  const primaryImage = selectedVariantPrimary ?? selectedValuePrimary ?? firstMedia(detail.listing.primaryImage) ?? matchingVariantPrimary ?? firstMedia(detailImages);
-  const images = mediaArray(selectedVariant?.images).length > 0 ? mediaArray(selectedVariant?.images) : selectedValueImages.length > 0 ? selectedValueImages : detailImages;
+  const primaryImage = selectedVariantPrimary ?? selectedValuePrimary ?? matchingVariantPrimary ?? firstMedia(detail.listing.primaryImage) ?? firstMedia(detailImages);
+  const images = selectedVariantImages.length > 0 ? selectedVariantImages : selectedValueImages.length > 0 ? selectedValueImages : matchingVariantImages.length > 0 ? matchingVariantImages : detailImages;
   return {
     primaryImage,
     images
@@ -3133,6 +3204,72 @@ function buildProductListingProjection(product, variants) {
     availableForSale: availableVariants.length > 0
   };
 }
+function buildProductListingCard(item, options = {}) {
+  const product = item.product;
+  const groups = item.groups;
+  const primaryImage = firstMedia(product.thumbnail) ?? firstMedia(product.images ?? null) ?? null;
+  const priceRange = aggregateListingPriceRange(groups);
+  const availableForSale = groups.some(
+    (group) => group.listing.availableForSale
+  );
+  const swatches = groups.length > 1 ? groups.map((group) => buildListingSwatch(product, group, options)) : [];
+  return {
+    id: String(product.id),
+    href: buildProductHref({ slug: product.slug }, void 0, options),
+    title: product.title,
+    primaryImage,
+    priceRange,
+    availableForSale,
+    swatches
+  };
+}
+function aggregateListingPriceRange(groups) {
+  const minPrice = minOfNullable(groups.map((g) => g.listing.minPrice));
+  const maxPrice = maxOfNullable(groups.map((g) => g.listing.maxPrice));
+  const minCompareAtPrice = minOfNullable(
+    groups.map((g) => g.listing.minCompareAtPrice)
+  );
+  const maxCompareAtPrice = maxOfNullable(
+    groups.map((g) => g.listing.maxCompareAtPrice)
+  );
+  const isPriceRange = minPrice !== null && maxPrice !== null && minPrice !== maxPrice;
+  return {
+    minPrice,
+    maxPrice,
+    minCompareAtPrice,
+    maxCompareAtPrice,
+    isPriceRange
+  };
+}
+function buildListingSwatch(product, group, options) {
+  const thumbnail = firstMedia(group.optionValueThumbnail) ?? firstMedia(group.optionValueImages) ?? null;
+  return {
+    optionId: group.optionId,
+    optionValueId: group.optionValueId,
+    label: group.optionValueLabel,
+    swatchColor: group.optionValueSwatchColor ?? null,
+    thumbnail,
+    href: buildProductHref(
+      { slug: product.slug },
+      {
+        optionId: group.optionId,
+        optionValueId: group.optionValueId,
+        optionValueSlug: group.optionValueSlug,
+        listing: group.listing
+      },
+      options
+    ),
+    availableForSale: group.listing.availableForSale
+  };
+}
+function minOfNullable(values) {
+  const numbers = values.filter((v) => v !== null);
+  return numbers.length === 0 ? null : Math.min(...numbers);
+}
+function maxOfNullable(values) {
+  const numbers = values.filter((v) => v !== null);
+  return numbers.length === 0 ? null : Math.max(...numbers);
+}
 function buildProductListingGroupsByOption(args) {
   const primaryOptionId = args.primaryOptionId ?? void 0;
   if (!primaryOptionId) return [];