@01.software/sdk 0.30.1 → 0.32.0

package/dist/{collection-client-QPbwimkU.d.cts → collection-client-CORhppPb.d.cts}

@@ -1,7 +1,7 @@
-import { D as DebugConfig, R as RetryConfig, A as ApiQueryOptions, P as PayloadFindResponse, g as PayloadMutationResponse } from './types-Dlb2mwpX.cjs';
+import { D as DebugConfig, R as RetryConfig, A as ApiQueryOptions, P as PayloadFindResponse, g as PayloadMutationResponse } from './types-CAkWqIr6.cjs';
 import { GenerateMetadataOptions, Metadata } from './metadata.cjs';
-import { c as ServerCollection, P as PublicCollection } from './const-VZuk2tWc.cjs';
-import { C as CollectionType } from './types-BwT0eeaz.cjs';
+import { c as ServerCollection, P as PublicCollection } from './const-Brk2Ff0q.cjs';
+import { C as CollectionType } from './types-ByMrR_Z_.cjs';
 
 interface FetchOptions extends RequestInit {
     apiUrl?: string;

package/dist/{collection-client-B9d9kr1d.d.ts → collection-client-DPGXnhoF.d.ts}

@@ -1,7 +1,7 @@
-import { D as DebugConfig, R as RetryConfig, A as ApiQueryOptions, P as PayloadFindResponse, g as PayloadMutationResponse } from './types-DuSKPiY5.js';
+import { D as DebugConfig, R as RetryConfig, A as ApiQueryOptions, P as PayloadFindResponse, g as PayloadMutationResponse } from './types-CYMSBkJC.js';
 import { GenerateMetadataOptions, Metadata } from './metadata.js';
-import { c as ServerCollection, P as PublicCollection } from './const-B75IFDRi.js';
-import { C as CollectionType } from './types-1fBLrYU7.js';
+import { c as ServerCollection, P as PublicCollection } from './const-DcY2_z9O.js';
+import { C as CollectionType } from './types-DUPC7Xn6.js';
 
 interface FetchOptions extends RequestInit {
     apiUrl?: string;

package/dist/{const-VZuk2tWc.d.cts → const-Brk2Ff0q.d.cts}

@@ -1,4 +1,4 @@
-import { c as Config } from './payload-types-DPjO_IbQ.cjs';
+import { e as Config } from './payload-types-DVK1QCeU.cjs';
 
 /**
  * Collection type derived from Payload Config.
@@ -9,12 +9,12 @@ type Collection = keyof Config['collections'];
  * Internal collections that should not be exposed via SDK.
  * Includes Payload system collections and admin-only collections.
  */
-declare const INTERNAL_COLLECTIONS: readonly ["users", "payload-kv", "payload-locked-documents", "payload-preferences", "payload-migrations", "payload-folders", "field-configs", "system-media", "track-assets", "audiences", "email-logs", "api-usage", "tenant-analytics-daily", "tenant-web-analytics-config", "analytics-event-schemas", "subscriptions", "billing-history", "inventory-reservations", "order-status-logs", "api-keys", "personal-access-tokens", "tenant-entitlements", "tenant-purge-jobs", "direct-upload-sessions", "webhook-events", "webhook-deliveries", "audit-logs", "plans", "webhooks", "event-registrations"];
+declare const INTERNAL_COLLECTIONS: readonly ["users", "payload-kv", "payload-locked-documents", "payload-preferences", "payload-migrations", "payload-folders", "field-configs", "system-media", "track-assets", "audiences", "email-logs", "api-usage", "tenant-analytics-daily", "tenant-web-analytics-config", "analytics-event-schemas", "subscriptions", "billing-history", "inventory-reservations", "product-collection-items", "order-status-logs", "api-keys", "personal-access-tokens", "tenant-entitlements", "tenant-purge-jobs", "direct-upload-sessions", "webhook-events", "webhook-deliveries", "audit-logs", "plans", "webhooks", "event-registrations"];
 /**
  * Array of all public collection names for runtime use (e.g., Zod enum validation).
  * This is the single source of truth for which collections are publicly accessible via SDK.
  */
-declare const COLLECTIONS: readonly ["tenants", "tenant-metadata", "tenant-logos", "products", "product-variants", "product-options", "product-option-values", "product-categories", "product-tags", "product-collections", "brands", "brand-logos", "orders", "order-items", "returns", "return-items", "fulfillments", "fulfillment-items", "transactions", "customers", "customer-profiles", "customer-profile-lists", "customer-addresses", "carts", "cart-items", "discounts", "shipping-policies", "shipping-zones", "documents", "document-categories", "document-types", "articles", "article-authors", "article-categories", "article-tags", "playlists", "playlist-categories", "playlist-tags", "tracks", "track-categories", "track-tags", "galleries", "gallery-categories", "gallery-tags", "gallery-items", "links", "link-categories", "link-tags", "canvases", "canvas-node-types", "canvas-edge-types", "canvas-categories", "canvas-tags", "canvas-nodes", "canvas-edges", "videos", "video-categories", "video-tags", "live-streams", "images", "forms", "form-submissions", "posts", "comments", "reactions", "reaction-types", "bookmarks", "post-categories", "event-calendars", "events", "event-categories", "event-occurrences", "event-tags"];
+declare const COLLECTIONS: readonly ["tenants", "tenant-metadata", "tenant-logos", "products", "product-variants", "product-options", "product-option-values", "product-categories", "product-tags", "product-collections", "brands", "brand-logos", "orders", "order-items", "returns", "return-items", "fulfillments", "fulfillment-items", "transactions", "customers", "customer-profiles", "customer-addresses", "carts", "cart-items", "discounts", "shipping-policies", "shipping-zones", "documents", "document-categories", "document-types", "articles", "article-authors", "article-categories", "article-tags", "playlists", "playlist-categories", "playlist-tags", "tracks", "track-categories", "track-tags", "galleries", "gallery-categories", "gallery-tags", "gallery-items", "links", "link-categories", "link-tags", "canvases", "canvas-node-types", "canvas-edge-types", "canvas-categories", "canvas-tags", "canvas-nodes", "canvas-edges", "videos", "video-categories", "video-tags", "live-streams", "images", "forms", "form-submissions", "posts", "comments", "reactions", "reaction-types", "bookmarks", "post-categories", "customer-profile-lists", "event-calendars", "events", "event-categories", "event-occurrences", "event-tags"];
 /**
  * Server-auth collection names for runtime use. These collections are safe for
  * secret-key/PAT SDK and MCP server tools, but must not appear in browser or
@@ -26,7 +26,7 @@ declare const SERVER_ONLY_COLLECTIONS: readonly ["customer-groups", "reports", "
  * Derived from the COLLECTIONS array (single source of truth).
  */
 type PublicCollection = (typeof COLLECTIONS)[number];
-declare const SERVER_COLLECTIONS: readonly ["tenants", "tenant-metadata", "tenant-logos", "products", "product-variants", "product-options", "product-option-values", "product-categories", "product-tags", "product-collections", "brands", "brand-logos", "orders", "order-items", "returns", "return-items", "fulfillments", "fulfillment-items", "transactions", "customers", "customer-profiles", "customer-profile-lists", "customer-addresses", "carts", "cart-items", "discounts", "shipping-policies", "shipping-zones", "documents", "document-categories", "document-types", "articles", "article-authors", "article-categories", "article-tags", "playlists", "playlist-categories", "playlist-tags", "tracks", "track-categories", "track-tags", "galleries", "gallery-categories", "gallery-tags", "gallery-items", "links", "link-categories", "link-tags", "canvases", "canvas-node-types", "canvas-edge-types", "canvas-categories", "canvas-tags", "canvas-nodes", "canvas-edges", "videos", "video-categories", "video-tags", "live-streams", "images", "forms", "form-submissions", "posts", "comments", "reactions", "reaction-types", "bookmarks", "post-categories", "event-calendars", "events", "event-categories", "event-occurrences", "event-tags", "customer-groups", "reports", "community-bans"];
+declare const SERVER_COLLECTIONS: readonly ["tenants", "tenant-metadata", "tenant-logos", "products", "product-variants", "product-options", "product-option-values", "product-categories", "product-tags", "product-collections", "brands", "brand-logos", "orders", "order-items", "returns", "return-items", "fulfillments", "fulfillment-items", "transactions", "customers", "customer-profiles", "customer-addresses", "carts", "cart-items", "discounts", "shipping-policies", "shipping-zones", "documents", "document-categories", "document-types", "articles", "article-authors", "article-categories", "article-tags", "playlists", "playlist-categories", "playlist-tags", "tracks", "track-categories", "track-tags", "galleries", "gallery-categories", "gallery-tags", "gallery-items", "links", "link-categories", "link-tags", "canvases", "canvas-node-types", "canvas-edge-types", "canvas-categories", "canvas-tags", "canvas-nodes", "canvas-edges", "videos", "video-categories", "video-tags", "live-streams", "images", "forms", "form-submissions", "posts", "comments", "reactions", "reaction-types", "bookmarks", "post-categories", "customer-profile-lists", "event-calendars", "events", "event-categories", "event-occurrences", "event-tags", "customer-groups", "reports", "community-bans"];
 type ServerCollection = (typeof SERVER_COLLECTIONS)[number];
 
 export { type Collection as C, INTERNAL_COLLECTIONS as I, type PublicCollection as P, SERVER_COLLECTIONS as S, COLLECTIONS as a, SERVER_ONLY_COLLECTIONS as b, type ServerCollection as c };

package/dist/{const-B75IFDRi.d.ts → const-DcY2_z9O.d.ts}

@@ -1,4 +1,4 @@
-import { c as Config } from './payload-types-DPjO_IbQ.js';
+import { e as Config } from './payload-types-DVK1QCeU.js';
 
 /**
  * Collection type derived from Payload Config.
@@ -9,12 +9,12 @@ type Collection = keyof Config['collections'];
  * Internal collections that should not be exposed via SDK.
  * Includes Payload system collections and admin-only collections.
  */
-declare const INTERNAL_COLLECTIONS: readonly ["users", "payload-kv", "payload-locked-documents", "payload-preferences", "payload-migrations", "payload-folders", "field-configs", "system-media", "track-assets", "audiences", "email-logs", "api-usage", "tenant-analytics-daily", "tenant-web-analytics-config", "analytics-event-schemas", "subscriptions", "billing-history", "inventory-reservations", "order-status-logs", "api-keys", "personal-access-tokens", "tenant-entitlements", "tenant-purge-jobs", "direct-upload-sessions", "webhook-events", "webhook-deliveries", "audit-logs", "plans", "webhooks", "event-registrations"];
+declare const INTERNAL_COLLECTIONS: readonly ["users", "payload-kv", "payload-locked-documents", "payload-preferences", "payload-migrations", "payload-folders", "field-configs", "system-media", "track-assets", "audiences", "email-logs", "api-usage", "tenant-analytics-daily", "tenant-web-analytics-config", "analytics-event-schemas", "subscriptions", "billing-history", "inventory-reservations", "product-collection-items", "order-status-logs", "api-keys", "personal-access-tokens", "tenant-entitlements", "tenant-purge-jobs", "direct-upload-sessions", "webhook-events", "webhook-deliveries", "audit-logs", "plans", "webhooks", "event-registrations"];
 /**
  * Array of all public collection names for runtime use (e.g., Zod enum validation).
  * This is the single source of truth for which collections are publicly accessible via SDK.
  */
-declare const COLLECTIONS: readonly ["tenants", "tenant-metadata", "tenant-logos", "products", "product-variants", "product-options", "product-option-values", "product-categories", "product-tags", "product-collections", "brands", "brand-logos", "orders", "order-items", "returns", "return-items", "fulfillments", "fulfillment-items", "transactions", "customers", "customer-profiles", "customer-profile-lists", "customer-addresses", "carts", "cart-items", "discounts", "shipping-policies", "shipping-zones", "documents", "document-categories", "document-types", "articles", "article-authors", "article-categories", "article-tags", "playlists", "playlist-categories", "playlist-tags", "tracks", "track-categories", "track-tags", "galleries", "gallery-categories", "gallery-tags", "gallery-items", "links", "link-categories", "link-tags", "canvases", "canvas-node-types", "canvas-edge-types", "canvas-categories", "canvas-tags", "canvas-nodes", "canvas-edges", "videos", "video-categories", "video-tags", "live-streams", "images", "forms", "form-submissions", "posts", "comments", "reactions", "reaction-types", "bookmarks", "post-categories", "event-calendars", "events", "event-categories", "event-occurrences", "event-tags"];
+declare const COLLECTIONS: readonly ["tenants", "tenant-metadata", "tenant-logos", "products", "product-variants", "product-options", "product-option-values", "product-categories", "product-tags", "product-collections", "brands", "brand-logos", "orders", "order-items", "returns", "return-items", "fulfillments", "fulfillment-items", "transactions", "customers", "customer-profiles", "customer-addresses", "carts", "cart-items", "discounts", "shipping-policies", "shipping-zones", "documents", "document-categories", "document-types", "articles", "article-authors", "article-categories", "article-tags", "playlists", "playlist-categories", "playlist-tags", "tracks", "track-categories", "track-tags", "galleries", "gallery-categories", "gallery-tags", "gallery-items", "links", "link-categories", "link-tags", "canvases", "canvas-node-types", "canvas-edge-types", "canvas-categories", "canvas-tags", "canvas-nodes", "canvas-edges", "videos", "video-categories", "video-tags", "live-streams", "images", "forms", "form-submissions", "posts", "comments", "reactions", "reaction-types", "bookmarks", "post-categories", "customer-profile-lists", "event-calendars", "events", "event-categories", "event-occurrences", "event-tags"];
 /**
  * Server-auth collection names for runtime use. These collections are safe for
  * secret-key/PAT SDK and MCP server tools, but must not appear in browser or
@@ -26,7 +26,7 @@ declare const SERVER_ONLY_COLLECTIONS: readonly ["customer-groups", "reports", "
  * Derived from the COLLECTIONS array (single source of truth).
  */
 type PublicCollection = (typeof COLLECTIONS)[number];
-declare const SERVER_COLLECTIONS: readonly ["tenants", "tenant-metadata", "tenant-logos", "products", "product-variants", "product-options", "product-option-values", "product-categories", "product-tags", "product-collections", "brands", "brand-logos", "orders", "order-items", "returns", "return-items", "fulfillments", "fulfillment-items", "transactions", "customers", "customer-profiles", "customer-profile-lists", "customer-addresses", "carts", "cart-items", "discounts", "shipping-policies", "shipping-zones", "documents", "document-categories", "document-types", "articles", "article-authors", "article-categories", "article-tags", "playlists", "playlist-categories", "playlist-tags", "tracks", "track-categories", "track-tags", "galleries", "gallery-categories", "gallery-tags", "gallery-items", "links", "link-categories", "link-tags", "canvases", "canvas-node-types", "canvas-edge-types", "canvas-categories", "canvas-tags", "canvas-nodes", "canvas-edges", "videos", "video-categories", "video-tags", "live-streams", "images", "forms", "form-submissions", "posts", "comments", "reactions", "reaction-types", "bookmarks", "post-categories", "event-calendars", "events", "event-categories", "event-occurrences", "event-tags", "customer-groups", "reports", "community-bans"];
+declare const SERVER_COLLECTIONS: readonly ["tenants", "tenant-metadata", "tenant-logos", "products", "product-variants", "product-options", "product-option-values", "product-categories", "product-tags", "product-collections", "brands", "brand-logos", "orders", "order-items", "returns", "return-items", "fulfillments", "fulfillment-items", "transactions", "customers", "customer-profiles", "customer-addresses", "carts", "cart-items", "discounts", "shipping-policies", "shipping-zones", "documents", "document-categories", "document-types", "articles", "article-authors", "article-categories", "article-tags", "playlists", "playlist-categories", "playlist-tags", "tracks", "track-categories", "track-tags", "galleries", "gallery-categories", "gallery-tags", "gallery-items", "links", "link-categories", "link-tags", "canvases", "canvas-node-types", "canvas-edge-types", "canvas-categories", "canvas-tags", "canvas-nodes", "canvas-edges", "videos", "video-categories", "video-tags", "live-streams", "images", "forms", "form-submissions", "posts", "comments", "reactions", "reaction-types", "bookmarks", "post-categories", "customer-profile-lists", "event-calendars", "events", "event-categories", "event-occurrences", "event-tags", "customer-groups", "reports", "community-bans"];
 type ServerCollection = (typeof SERVER_COLLECTIONS)[number];
 
 export { type Collection as C, INTERNAL_COLLECTIONS as I, type PublicCollection as P, SERVER_COLLECTIONS as S, COLLECTIONS as a, SERVER_ONLY_COLLECTIONS as b, type ServerCollection as c };

package/dist/{index-B2WbhEgT.d.cts → index-BGEhoDUs.d.cts}

@@ -25,7 +25,7 @@ declare class ValidationError extends SDKError {
     constructor(message: string, details?: unknown, userMessage?: string, suggestion?: string, status?: number);
 }
 declare class ApiError extends SDKError {
-    constructor(message: string, status: number, details?: unknown, userMessage?: string, suggestion?: string);
+    constructor(message: string, status: number, details?: unknown, userMessage?: string, suggestion?: string, requestId?: string);
 }
 declare class ConfigError extends SDKError {
     constructor(message: string, details?: unknown, userMessage?: string, suggestion?: string);

package/dist/{index-B2WbhEgT.d.ts → index-BGEhoDUs.d.ts}

@@ -25,7 +25,7 @@ declare class ValidationError extends SDKError {
     constructor(message: string, details?: unknown, userMessage?: string, suggestion?: string, status?: number);
 }
 declare class ApiError extends SDKError {
-    constructor(message: string, status: number, details?: unknown, userMessage?: string, suggestion?: string);
+    constructor(message: string, status: number, details?: unknown, userMessage?: string, suggestion?: string, requestId?: string);
 }
 declare class ConfigError extends SDKError {
     constructor(message: string, details?: unknown, userMessage?: string, suggestion?: string);

package/dist/index.cjs

@@ -38,6 +38,7 @@ __export(src_exports, {
   INTERNAL_COLLECTIONS: () => INTERNAL_COLLECTIONS,
   NetworkError: () => NetworkError,
   NotFoundError: () => NotFoundError,
+  ORDER_CHANGED_EVENT_TYPE: () => ORDER_CHANGED_EVENT_TYPE,
   OrderApi: () => OrderApi,
   PermissionError: () => PermissionError,
   ProductApi: () => ProductApi,
@@ -53,6 +54,7 @@ __export(src_exports, {
   UsageLimitError: () => UsageLimitError,
   ValidationError: () => ValidationError,
   buildProductHref: () => buildProductHref,
+  buildProductListingCard: () => buildProductListingCard,
   buildProductListingGroupsByOption: () => buildProductListingGroupsByOption,
   buildProductListingProjection: () => buildProductListingProjection,
   buildProductOptionMatrix: () => buildProductOptionMatrix,
@@ -91,6 +93,7 @@ __export(src_exports, {
   isGoneError: () => isGoneError,
   isNetworkError: () => isNetworkError,
   isNotFoundError: () => isNotFoundError,
+  isOrderChangedWebhookEvent: () => isOrderChangedWebhookEvent,
   isPermissionError: () => isPermissionError,
   isRateLimitError: () => isRateLimitError,
   isSDKError: () => isSDKError,
@@ -99,6 +102,8 @@ __export(src_exports, {
   isUsageLimitError: () => isUsageLimitError,
   isValidWebhookEvent: () => isValidWebhookEvent,
   isValidationError: () => isValidationError,
+  isWebhookCollection: () => isWebhookCollection,
+  isWebhookOperation: () => isWebhookOperation,
   normalizeProductSelection: () => normalizeProductSelection,
   normalizeProductSelectionFromMatrix: () => normalizeProductSelectionFromMatrix,
   normalizeSelectedValueIds: () => normalizeSelectedValueIds,
@@ -158,8 +163,16 @@ var ValidationError = class extends SDKError {
   }
 };
 var ApiError = class extends SDKError {
-  constructor(message, status, details, userMessage, suggestion) {
-    super("API_ERROR", message, status, details, userMessage, suggestion);
+  constructor(message, status, details, userMessage, suggestion, requestId) {
+    super(
+      "API_ERROR",
+      message,
+      status,
+      details,
+      userMessage,
+      suggestion,
+      requestId
+    );
     this.name = "ApiError";
   }
 };
@@ -210,19 +223,43 @@ var UsageLimitError = class extends SDKError {
 };
 var AuthError = class extends SDKError {
   constructor(message, details, userMessage, suggestion, requestId) {
-    super("auth_error", message, 401, details, userMessage, suggestion, requestId);
+    super(
+      "auth_error",
+      message,
+      401,
+      details,
+      userMessage,
+      suggestion,
+      requestId
+    );
     this.name = "AuthError";
   }
 };
 var PermissionError = class extends SDKError {
   constructor(message, details, userMessage, suggestion, requestId) {
-    super("permission_error", message, 403, details, userMessage, suggestion, requestId);
+    super(
+      "permission_error",
+      message,
+      403,
+      details,
+      userMessage,
+      suggestion,
+      requestId
+    );
     this.name = "PermissionError";
   }
 };
 var NotFoundError = class extends SDKError {
   constructor(message, details, userMessage, suggestion, requestId) {
-    super("not_found", message, 404, details, userMessage, suggestion, requestId);
+    super(
+      "not_found",
+      message,
+      404,
+      details,
+      userMessage,
+      suggestion,
+      requestId
+    );
     this.name = "NotFoundError";
   }
 };
@@ -234,7 +271,15 @@ var ConflictError = class extends SDKError {
 };
 var RateLimitError = class extends SDKError {
   constructor(message, retryAfter, details, userMessage, suggestion, requestId) {
-    super("rate_limit_exceeded", message, 429, details, userMessage, suggestion, requestId);
+    super(
+      "rate_limit_exceeded",
+      message,
+      429,
+      details,
+      userMessage,
+      suggestion,
+      requestId
+    );
     this.name = "RateLimitError";
     this.retryAfter = retryAfter;
   }
@@ -283,7 +328,7 @@ function isRateLimitError(error) {
 }
 var createNetworkError = (message, status, details, userMessage, suggestion) => new NetworkError(message, status, details, userMessage, suggestion);
 var createValidationError = (message, details, userMessage, suggestion, status) => new ValidationError(message, details, userMessage, suggestion, status);
-var createApiError = (message, status, details, userMessage, suggestion) => new ApiError(message, status, details, userMessage, suggestion);
+var createApiError = (message, status, details, userMessage, suggestion, requestId) => new ApiError(message, status, details, userMessage, suggestion, requestId);
 var createConfigError = (message, details, userMessage, suggestion) => new ConfigError(message, details, userMessage, suggestion);
 var createTimeoutError = (message, details, userMessage, suggestion) => new TimeoutError(message, details, userMessage, suggestion);
 var createUsageLimitError = (message, usage, details, userMessage, suggestion) => new UsageLimitError(message, usage, details, userMessage, suggestion);
@@ -291,7 +336,14 @@ var createAuthError = (message, details, userMessage, suggestion, requestId) =>
 var createPermissionError = (message, details, userMessage, suggestion, requestId) => new PermissionError(message, details, userMessage, suggestion, requestId);
 var createNotFoundError = (message, details, userMessage, suggestion, requestId) => new NotFoundError(message, details, userMessage, suggestion, requestId);
 var createConflictError = (message, details, userMessage, suggestion, requestId) => new ConflictError(message, details, userMessage, suggestion, requestId);
-var createRateLimitError = (message, retryAfter, details, userMessage, suggestion, requestId) => new RateLimitError(message, retryAfter, details, userMessage, suggestion, requestId);
+var createRateLimitError = (message, retryAfter, details, userMessage, suggestion, requestId) => new RateLimitError(
+  message,
+  retryAfter,
+  details,
+  userMessage,
+  suggestion,
+  requestId
+);
 
 // src/core/internal/utils/credentials.ts
 function requirePublishableKeyForSecret(apiName, publishableKey, secretKey) {
@@ -331,6 +383,22 @@ function debugLog(debug, type, message, data) {
     console.groupEnd();
   }
 }
+function redactSensitiveHeader(value) {
+  const prefix = value.toLowerCase().startsWith("bearer ") ? "Bearer " : "";
+  return value.length > 20 ? `${prefix}...****${value.slice(-8)}` : "****";
+}
+function redactSensitiveHeaders(headers) {
+  const redacted = Object.fromEntries(headers.entries());
+  if (redacted.authorization) {
+    redacted.authorization = redactSensitiveHeader(redacted.authorization);
+  }
+  if (redacted["x-preview-token"]) {
+    redacted["x-preview-token"] = redactSensitiveHeader(
+      redacted["x-preview-token"]
+    );
+  }
+  return redacted;
+}
 function getErrorSuggestion(status) {
   if (status === 400)
     return "The request data failed validation. Check field values and types.";
@@ -405,6 +473,12 @@ async function parseErrorBody(response) {
     return fallback;
   }
 }
+function getParsedErrorSuggestion(status, parsed) {
+  if (status === 403 && parsed.reason === "origin_not_allowed") {
+    return "Add the request origin to the tenant Browser API origins, then retry the browser request.";
+  }
+  return getErrorSuggestion(status);
+}
 async function delay(ms) {
   return new Promise((resolve) => setTimeout(resolve, ms));
 }
@@ -418,7 +492,7 @@ function createHttpStatusError(status, parsed, details, requestId) {
     ...parsed.errors && { errors: parsed.errors },
     ...parsed.body && { body: parsed.body }
   };
-  const suggestion = getErrorSuggestion(status);
+  const suggestion = getParsedErrorSuggestion(status, parsed);
   if (status === 400 || status === 422) {
     return attachRequestId(
       createValidationError(
@@ -524,11 +598,7 @@ async function httpFetch(url, options) {
       if (!headers.has("Content-Type") && requestInit.body && !(requestInit.body instanceof FormData)) {
         headers.set("Content-Type", "application/json");
       }
-      const redactedHeaders = Object.fromEntries(headers.entries());
-      if (redactedHeaders["authorization"]) {
-        const token = redactedHeaders["authorization"];
-        redactedHeaders["authorization"] = token.length > 20 ? `Bearer ...****${token.slice(-8)}` : "****";
-      }
+      const redactedHeaders = redactSensitiveHeaders(headers);
       debugLog(debug, "request", url, {
         method: requestInit.method || "GET",
         headers: redactedHeaders,
@@ -546,7 +616,7 @@ async function httpFetch(url, options) {
       debugLog(debug, "response", url, {
         status: response.status,
         statusText: response.statusText,
-        headers: Object.fromEntries(response.headers.entries())
+        headers: redactSensitiveHeaders(response.headers)
       });
       if (!response.ok) {
         if (isUsageLimitExceededResponse(response)) {
@@ -979,7 +1049,7 @@ async function parseApiResponse(response, endpoint) {
     if (reason === "validation_failed") {
       throw attachRequestId(createValidationError(errorMessage, data, errorMessage), requestId);
     }
-    if (reason === "token_expired" || reason === "token_invalid" || reason === "key_invalid" || reason === "key_revoked") {
+    if (reason === "token_expired" || reason === "token_invalid" || reason === "preview_token_invalid" || reason === "preview_token_required" || reason === "key_invalid" || reason === "key_revoked") {
       throw attachRequestId(createAuthError(errorMessage, data, errorMessage), requestId);
     }
     if (reason === "forbidden") {
@@ -1274,7 +1344,7 @@ var CustomerAuth = class {
       );
       return data.customer ?? null;
     } catch (error) {
-      if (error instanceof ApiError && error.status === 401) {
+      if (error instanceof SDKError && error.status === 401) {
         this.setToken(null);
         return null;
       }
@@ -1369,51 +1439,15 @@ var CustomerAuth = class {
     if (!headers.has("Content-Type") && init.body) {
       headers.set("Content-Type", "application/json");
     }
-    const controller = new AbortController();
-    const timeoutId = setTimeout(() => controller.abort(), DEFAULT_TIMEOUT2);
-    let res;
-    try {
-      res = await fetch(`${this.baseUrl}${path}`, {
-        ...init,
-        headers,
-        signal: controller.signal
-      });
-    } catch (error) {
-      clearTimeout(timeoutId);
-      if (error instanceof Error && error.name === "AbortError") {
-        throw new TimeoutError(`Request timed out after ${DEFAULT_TIMEOUT2}ms`, {
-          url: path,
-          timeout: DEFAULT_TIMEOUT2
-        });
-      }
-      throw new NetworkError(
-        error instanceof Error ? error.message : "Network request failed",
-        void 0,
-        { url: path },
-        "Network connection failed.",
-        "Please check your internet connection and try again."
-      );
-    }
-    clearTimeout(timeoutId);
-    if (!res.ok) {
-      const body = await res.json().catch(() => ({}));
-      throw new ApiError(
-        body.error || `HTTP ${res.status}`,
-        res.status,
-        body.details,
-        body.error
-      );
-    }
-    try {
-      return await res.json();
-    } catch {
-      throw new ApiError(
-        "Invalid JSON response from server",
-        res.status,
-        void 0,
-        "INVALID_RESPONSE"
-      );
-    }
+    const response = await httpFetch(path, {
+      ...init,
+      apiUrl: this.baseUrl,
+      publishableKey: this.publishableKey,
+      headers,
+      timeout: DEFAULT_TIMEOUT2,
+      retry: { maxRetries: 0 }
+    });
+    return parseApiResponse(response, path);
   }
 };
 
@@ -1750,7 +1784,7 @@ var ProductApi = class extends BaseApi {
   /**
    * Fetch full product detail by slug or id.
    * Returns `null` on 404 regardless of reason (`not_found` / `not_published` /
-   * `tenant_mismatch` / `feature_disabled`). For the reason behind a null,
+   * `feature_disabled`). For the reason behind a null,
    * inspect `client.lastRequestId` against backend logs.
    */
   async detail(params) {
@@ -1773,11 +1807,54 @@ var ProductApi = class extends BaseApi {
 };
 
 // src/core/webhook/index.ts
+var ORDER_CHANGED_EVENT_TYPE = "collection.orderChanged";
 function isValidWebhookEvent(data) {
   if (typeof data !== "object" || data === null) return false;
   const obj = data;
   return typeof obj.collection === "string" && typeof obj.operation === "string" && obj.operation.length > 0 && typeof obj.data === "object" && obj.data !== null;
 }
+function isStringOrNumber(value) {
+  return typeof value === "string" || typeof value === "number";
+}
+function isWebhookOrderScope(value) {
+  if (!isRecord(value)) return false;
+  if (value.kind === "collection") {
+    return typeof value.collection === "string";
+  }
+  if (value.kind === "join") {
+    return typeof value.collection === "string" && typeof value.field === "string" && isStringOrNumber(value.id);
+  }
+  return false;
+}
+function isWebhookOrderMoved(value) {
+  if (!isRecord(value)) return false;
+  return typeof value.collection === "string" && isStringOrNumber(value.id) && (value.relatedCollection === void 0 || typeof value.relatedCollection === "string") && (value.relatedId === void 0 || isStringOrNumber(value.relatedId));
+}
+function hasOptionalOrderValue(value, key) {
+  return value[key] === void 0 || value[key] === null || typeof value[key] === "string";
+}
+function isWebhookOrderChange(value) {
+  if (!isRecord(value)) return false;
+  return value.type === "order" && value.source === "payload-orderable" && (value.orderableFieldName === void 0 || typeof value.orderableFieldName === "string") && hasOptionalOrderValue(value, "previousOrder") && hasOptionalOrderValue(value, "nextOrder") && isWebhookOrderScope(value.scope) && isWebhookOrderMoved(value.moved);
+}
+function isOrderChangedWebhookEvent(event) {
+  if (!isValidWebhookEvent(event) || event.operation !== "update" || event.eventType !== ORDER_CHANGED_EVENT_TYPE || !isWebhookOrderChange(event.change)) {
+    return false;
+  }
+  if (event.collection !== event.change.scope.collection) {
+    return false;
+  }
+  if (event.change.scope.kind === "collection" && event.change.moved.collection !== event.change.scope.collection) {
+    return false;
+  }
+  return true;
+}
+function isWebhookCollection(event, collection) {
+  return isValidWebhookEvent(event) && event.collection === collection;
+}
+function isWebhookOperation(event, operation) {
+  return isValidWebhookEvent(event) && event.operation === operation;
+}
 var CUSTOMER_PASSWORD_RESET_OPERATION = "password-reset";
 function isRecord(value) {
   return typeof value === "object" && value !== null;
@@ -1909,6 +1986,7 @@ var INTERNAL_COLLECTIONS = [
   "subscriptions",
   "billing-history",
   "inventory-reservations",
+  "product-collection-items",
   "order-status-logs",
   "api-keys",
   "personal-access-tokens",
@@ -1944,7 +2022,6 @@ var COLLECTIONS = [
   "transactions",
   "customers",
   "customer-profiles",
-  "customer-profile-lists",
   "customer-addresses",
   "carts",
   "cart-items",
@@ -1992,6 +2069,7 @@ var COLLECTIONS = [
   "reaction-types",
   "bookmarks",
   "post-categories",
+  "customer-profile-lists",
   // Events
   "event-calendars",
   "events",
@@ -2832,17 +2910,21 @@ function mediaArray(values) {
   return values.filter(isPresentMedia);
 }
 function buildSelectionMedia(detail, selectedVariant, matchingVariants, selectedValues) {
+  const selectedVariantImages = mediaArray(selectedVariant?.images);
   const selectedValueImages = selectedValues.flatMap(
     (value) => mediaArray(value.images)
   );
+  const matchingVariantImages = matchingVariants.flatMap(
+    (variant) => mediaArray(variant.images)
+  );
   const selectedValuePrimary = selectedValues.map((value) => firstMedia(value.thumbnail) ?? firstMedia(value.images)).find((value) => value != null) ?? null;
   const selectedVariantPrimary = firstMedia(selectedVariant?.thumbnail) ?? firstMedia(selectedVariant?.images);
   const matchingVariantPrimary = matchingVariants.map(
     (variant) => firstMedia(variant.thumbnail) ?? firstMedia(variant.images)
   ).find((value) => value != null) ?? null;
   const detailImages = mediaArray(detail.images);
-  const primaryImage = selectedVariantPrimary ?? selectedValuePrimary ?? firstMedia(detail.listing.primaryImage) ?? matchingVariantPrimary ?? firstMedia(detailImages);
-  const images = mediaArray(selectedVariant?.images).length > 0 ? mediaArray(selectedVariant?.images) : selectedValueImages.length > 0 ? selectedValueImages : detailImages;
+  const primaryImage = selectedVariantPrimary ?? selectedValuePrimary ?? matchingVariantPrimary ?? firstMedia(detail.listing.primaryImage) ?? firstMedia(detailImages);
+  const images = selectedVariantImages.length > 0 ? selectedVariantImages : selectedValueImages.length > 0 ? selectedValueImages : matchingVariantImages.length > 0 ? matchingVariantImages : detailImages;
   return {
     primaryImage,
     images
@@ -3133,6 +3215,72 @@ function buildProductListingProjection(product, variants) {
     availableForSale: availableVariants.length > 0
   };
 }
+function buildProductListingCard(item, options = {}) {
+  const product = item.product;
+  const groups = item.groups;
+  const primaryImage = firstMedia(product.thumbnail) ?? firstMedia(product.images ?? null) ?? null;
+  const priceRange = aggregateListingPriceRange(groups);
+  const availableForSale = groups.some(
+    (group) => group.listing.availableForSale
+  );
+  const swatches = groups.length > 1 ? groups.map((group) => buildListingSwatch(product, group, options)) : [];
+  return {
+    id: String(product.id),
+    href: buildProductHref({ slug: product.slug }, void 0, options),
+    title: product.title,
+    primaryImage,
+    priceRange,
+    availableForSale,
+    swatches
+  };
+}
+function aggregateListingPriceRange(groups) {
+  const minPrice = minOfNullable(groups.map((g) => g.listing.minPrice));
+  const maxPrice = maxOfNullable(groups.map((g) => g.listing.maxPrice));
+  const minCompareAtPrice = minOfNullable(
+    groups.map((g) => g.listing.minCompareAtPrice)
+  );
+  const maxCompareAtPrice = maxOfNullable(
+    groups.map((g) => g.listing.maxCompareAtPrice)
+  );
+  const isPriceRange = minPrice !== null && maxPrice !== null && minPrice !== maxPrice;
+  return {
+    minPrice,
+    maxPrice,
+    minCompareAtPrice,
+    maxCompareAtPrice,
+    isPriceRange
+  };
+}
+function buildListingSwatch(product, group, options) {
+  const thumbnail = firstMedia(group.optionValueThumbnail) ?? firstMedia(group.optionValueImages) ?? null;
+  return {
+    optionId: group.optionId,
+    optionValueId: group.optionValueId,
+    label: group.optionValueLabel,
+    swatchColor: group.optionValueSwatchColor ?? null,
+    thumbnail,
+    href: buildProductHref(
+      { slug: product.slug },
+      {
+        optionId: group.optionId,
+        optionValueId: group.optionValueId,
+        optionValueSlug: group.optionValueSlug,
+        listing: group.listing
+      },
+      options
+    ),
+    availableForSale: group.listing.availableForSale
+  };
+}
+function minOfNullable(values) {
+  const numbers = values.filter((v) => v !== null);
+  return numbers.length === 0 ? null : Math.min(...numbers);
+}
+function maxOfNullable(values) {
+  const numbers = values.filter((v) => v !== null);
+  return numbers.length === 0 ? null : Math.max(...numbers);
+}
 function buildProductListingGroupsByOption(args) {
   const primaryOptionId = args.primaryOptionId ?? void 0;
   if (!primaryOptionId) return [];