@blinkdotnew/sdk 2.0.3 → 2.1.0

package/dist/index.d.mts

@@ -61,6 +61,39 @@ interface BlinkClientConfig {
     projectId: string;
     authRequired?: boolean;
     auth?: BlinkAuthConfig;
+    /**
+     * Publishable key (client-safe).
+     *
+     * Used for **public endpoints** when no user JWT is present (e.g. analytics ingest, storage upload,
+     * optional public DB reads). Never use for privileged operations.
+     */
+    publishableKey?: string;
+    /**
+     * Secret key (server-only, privileged). Permanent, never expires.
+     *
+     * Used in **server runtimes** (Edge Functions, Workers) for privileged operations that require
+     * service-role access (e.g. raw SQL, bypassing row-level security).
+     *
+     * Format: `blnk_sk_{projectId-last-8}_{random}` (similar to Stripe's `sk_live_...`)
+     *
+     * **Security**: Never expose this key in client-side code. It is injected by the platform
+     * into edge function environments as `BLINK_SECRET_KEY`.
+     *
+     * When present, this key takes precedence over user JWTs for all requests.
+     *
+     * @example
+     * // Edge function (Deno)
+     * const blink = createClient({
+     *   projectId: Deno.env.get('BLINK_PROJECT_ID')!,
+     *   secretKey: Deno.env.get('BLINK_SECRET_KEY'),
+     * })
+     */
+    secretKey?: string;
+    /**
+     * @deprecated Use `secretKey` instead. Service tokens are JWT-based and expire after 365 days.
+     * Secret keys are permanent and never expire.
+     */
+    serviceToken?: string;
     /**
      * Storage adapter for cross-platform token persistence
      *
@@ -281,6 +314,9 @@ declare class BlinkError extends Error {
     constructor(message: string, code?: string | undefined, status?: number | undefined, details?: any);
 }
 interface StorageUploadOptions {
+    /**
+     * @deprecated Blink storage uploads are add-only by default. This option is ignored.
+     */
     upsert?: boolean;
     onProgress?: (percent: number) => void;
 }
@@ -737,7 +773,7 @@ interface BlinkNotifications {
  */
 
 interface RequestOptions {
-    method?: 'GET' | 'POST' | 'PATCH' | 'DELETE';
+    method?: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE';
     headers?: Record<string, string>;
     body?: any;
     searchParams?: Record<string, string>;
@@ -752,9 +788,14 @@ declare class HttpClient {
     private readonly authUrl;
     private readonly coreUrl;
     readonly projectId: string;
+    private readonly publishableKey?;
+    private readonly secretKey?;
     private getToken;
     private getValidToken?;
     constructor(config: BlinkClientConfig, getToken: () => string | null, getValidToken?: () => Promise<string | null>);
+    private shouldAttachPublishableKey;
+    private shouldSkipSecretKey;
+    private getAuthorizationHeader;
     /**
      * Make an authenticated request to the Blink API
      */
@@ -1633,6 +1674,50 @@ declare class BlinkAnalyticsImpl implements BlinkAnalytics {
     private detectChannel;
 }
 
+/**
+ * Blink Functions - Edge function invocation helper
+ * Provides a simple interface for calling Blink Edge Functions with automatic JWT attachment
+ */
+
+interface FunctionsInvokeOptions {
+    method?: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE';
+    body?: any;
+    headers?: Record<string, string>;
+    searchParams?: Record<string, string>;
+}
+interface FunctionsInvokeResponse<T = any> {
+    data: T;
+    status: number;
+    headers: Headers;
+}
+interface BlinkFunctions {
+    /**
+     * Invoke a Blink Edge Function.
+     *
+     * Automatically attaches the user's JWT for authenticated requests.
+     * The function URL is constructed as: https://{projectSuffix}--{functionSlug}.functions.blink.new
+     *
+     * @param functionSlug - The slug of the edge function to invoke
+     * @param options - Request options (method, body, headers, etc.)
+     * @returns The function response
+     *
+     * @example
+     * // Simple POST request
+     * const { data } = await blink.functions.invoke('my-function', {
+     *   method: 'POST',
+     *   body: { message: 'Hello' }
+     * })
+     *
+     * @example
+     * // GET request with query params
+     * const { data } = await blink.functions.invoke('my-function', {
+     *   method: 'GET',
+     *   searchParams: { limit: '10' }
+     * })
+     */
+    invoke<T = any>(functionSlug: string, options?: FunctionsInvokeOptions): Promise<FunctionsInvokeResponse<T>>;
+}
+
 /**
  * Blink Client - Main SDK entry point
  * Factory function and client class for the Blink SDK
@@ -1647,6 +1732,7 @@ interface BlinkClient {
     realtime: BlinkRealtime;
     notifications: BlinkNotifications;
     analytics: BlinkAnalytics;
+    functions: BlinkFunctions;
 }
 /**
  * Create a new Blink client instance

package/dist/index.d.ts

@@ -61,6 +61,39 @@ interface BlinkClientConfig {
     projectId: string;
     authRequired?: boolean;
     auth?: BlinkAuthConfig;
+    /**
+     * Publishable key (client-safe).
+     *
+     * Used for **public endpoints** when no user JWT is present (e.g. analytics ingest, storage upload,
+     * optional public DB reads). Never use for privileged operations.
+     */
+    publishableKey?: string;
+    /**
+     * Secret key (server-only, privileged). Permanent, never expires.
+     *
+     * Used in **server runtimes** (Edge Functions, Workers) for privileged operations that require
+     * service-role access (e.g. raw SQL, bypassing row-level security).
+     *
+     * Format: `blnk_sk_{projectId-last-8}_{random}` (similar to Stripe's `sk_live_...`)
+     *
+     * **Security**: Never expose this key in client-side code. It is injected by the platform
+     * into edge function environments as `BLINK_SECRET_KEY`.
+     *
+     * When present, this key takes precedence over user JWTs for all requests.
+     *
+     * @example
+     * // Edge function (Deno)
+     * const blink = createClient({
+     *   projectId: Deno.env.get('BLINK_PROJECT_ID')!,
+     *   secretKey: Deno.env.get('BLINK_SECRET_KEY'),
+     * })
+     */
+    secretKey?: string;
+    /**
+     * @deprecated Use `secretKey` instead. Service tokens are JWT-based and expire after 365 days.
+     * Secret keys are permanent and never expire.
+     */
+    serviceToken?: string;
     /**
      * Storage adapter for cross-platform token persistence
      *
@@ -281,6 +314,9 @@ declare class BlinkError extends Error {
     constructor(message: string, code?: string | undefined, status?: number | undefined, details?: any);
 }
 interface StorageUploadOptions {
+    /**
+     * @deprecated Blink storage uploads are add-only by default. This option is ignored.
+     */
     upsert?: boolean;
     onProgress?: (percent: number) => void;
 }
@@ -737,7 +773,7 @@ interface BlinkNotifications {
  */
 
 interface RequestOptions {
-    method?: 'GET' | 'POST' | 'PATCH' | 'DELETE';
+    method?: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE';
     headers?: Record<string, string>;
     body?: any;
     searchParams?: Record<string, string>;
@@ -752,9 +788,14 @@ declare class HttpClient {
     private readonly authUrl;
     private readonly coreUrl;
     readonly projectId: string;
+    private readonly publishableKey?;
+    private readonly secretKey?;
     private getToken;
     private getValidToken?;
     constructor(config: BlinkClientConfig, getToken: () => string | null, getValidToken?: () => Promise<string | null>);
+    private shouldAttachPublishableKey;
+    private shouldSkipSecretKey;
+    private getAuthorizationHeader;
     /**
      * Make an authenticated request to the Blink API
      */
@@ -1633,6 +1674,50 @@ declare class BlinkAnalyticsImpl implements BlinkAnalytics {
     private detectChannel;
 }
 
+/**
+ * Blink Functions - Edge function invocation helper
+ * Provides a simple interface for calling Blink Edge Functions with automatic JWT attachment
+ */
+
+interface FunctionsInvokeOptions {
+    method?: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE';
+    body?: any;
+    headers?: Record<string, string>;
+    searchParams?: Record<string, string>;
+}
+interface FunctionsInvokeResponse<T = any> {
+    data: T;
+    status: number;
+    headers: Headers;
+}
+interface BlinkFunctions {
+    /**
+     * Invoke a Blink Edge Function.
+     *
+     * Automatically attaches the user's JWT for authenticated requests.
+     * The function URL is constructed as: https://{projectSuffix}--{functionSlug}.functions.blink.new
+     *
+     * @param functionSlug - The slug of the edge function to invoke
+     * @param options - Request options (method, body, headers, etc.)
+     * @returns The function response
+     *
+     * @example
+     * // Simple POST request
+     * const { data } = await blink.functions.invoke('my-function', {
+     *   method: 'POST',
+     *   body: { message: 'Hello' }
+     * })
+     *
+     * @example
+     * // GET request with query params
+     * const { data } = await blink.functions.invoke('my-function', {
+     *   method: 'GET',
+     *   searchParams: { limit: '10' }
+     * })
+     */
+    invoke<T = any>(functionSlug: string, options?: FunctionsInvokeOptions): Promise<FunctionsInvokeResponse<T>>;
+}
+
 /**
  * Blink Client - Main SDK entry point
  * Factory function and client class for the Blink SDK
@@ -1647,6 +1732,7 @@ interface BlinkClient {
     realtime: BlinkRealtime;
     notifications: BlinkNotifications;
     analytics: BlinkAnalytics;
+    functions: BlinkFunctions;
 }
 /**
  * Create a new Blink client instance

package/dist/index.js

@@ -391,32 +391,65 @@ var HttpClient = class {
   authUrl = "https://blink.new";
   coreUrl = "https://core.blink.new";
   projectId;
+  publishableKey;
+  secretKey;
+  // Permanent, non-expiring key (like Stripe's sk_live_...)
   getToken;
   getValidToken;
   constructor(config, getToken, getValidToken) {
     this.projectId = config.projectId;
+    this.publishableKey = config.publishableKey;
+    this.secretKey = config.secretKey || config.serviceToken;
     this.getToken = getToken;
     this.getValidToken = getValidToken;
   }
+  shouldAttachPublishableKey(path, method) {
+    if (method !== "GET" && method !== "POST") return false;
+    if (path.includes("/api/analytics/")) return true;
+    if (path.includes("/api/storage/")) return true;
+    if (path.includes("/api/db/") && path.includes("/rest/v1/")) return method === "GET";
+    return false;
+  }
+  shouldSkipSecretKey(url) {
+    try {
+      const parsed = new URL(url);
+      return parsed.hostname.endsWith(".functions.blink.new");
+    } catch {
+      return false;
+    }
+  }
+  getAuthorizationHeader(url, token) {
+    if (this.secretKey && !this.shouldSkipSecretKey(url)) {
+      return `Bearer ${this.secretKey}`;
+    }
+    if (token) {
+      return `Bearer ${token}`;
+    }
+    return null;
+  }
   /**
    * Make an authenticated request to the Blink API
    */
   async request(path, options = {}) {
     const url = this.buildUrl(path, options.searchParams);
     const token = this.getValidToken ? await this.getValidToken() : this.getToken();
+    const method = options.method || "GET";
     const headers = {
       "Content-Type": "application/json",
       ...options.headers
     };
-    if (token) {
-      headers.Authorization = `Bearer ${token}`;
+    const auth = this.getAuthorizationHeader(url, token);
+    if (auth) {
+      headers.Authorization = auth;
+    } else if (this.publishableKey && !headers["x-blink-publishable-key"] && this.shouldAttachPublishableKey(path, method)) {
+      headers["x-blink-publishable-key"] = this.publishableKey;
     }
     const requestInit = {
-      method: options.method || "GET",
+      method,
       headers,
       signal: options.signal
     };
-    if (options.body && options.method !== "GET") {
+    if (options.body && method !== "GET") {
       requestInit.body = typeof options.body === "string" ? options.body : JSON.stringify(options.body);
     }
     try {
@@ -570,12 +603,12 @@ var HttpClient = class {
       throw new BlinkValidationError("Unsupported file type");
     }
     formData.append("path", filePath);
-    if (options.upsert !== void 0) {
-      formData.append("options", JSON.stringify({ upsert: options.upsert }));
-    }
     const headers = {};
-    if (token) {
-      headers.Authorization = `Bearer ${token}`;
+    const auth = this.getAuthorizationHeader(url, token);
+    if (auth) {
+      headers.Authorization = auth;
+    } else if (this.publishableKey && path.includes("/api/storage/") && !headers["x-blink-publishable-key"]) {
+      headers["x-blink-publishable-key"] = this.publishableKey;
     }
     try {
       if (typeof XMLHttpRequest !== "undefined" && options.onProgress) {
@@ -684,9 +717,8 @@ var HttpClient = class {
     const headers = {
       "Content-Type": "application/json"
     };
-    if (token) {
-      headers.Authorization = `Bearer ${token}`;
-    }
+    const auth = this.getAuthorizationHeader(url, token);
+    if (auth) headers.Authorization = auth;
     const body = {
       prompt,
       stream: true,
@@ -739,9 +771,8 @@ var HttpClient = class {
     const headers = {
       "Content-Type": "application/json"
     };
-    if (token) {
-      headers.Authorization = `Bearer ${token}`;
-    }
+    const auth = this.getAuthorizationHeader(url, token);
+    if (auth) headers.Authorization = auth;
     const body = {
       prompt,
       stream: true,
@@ -2966,6 +2997,11 @@ var BlinkAuth = class {
 };
 
 // src/database.ts
+function assertServerOnly(methodName) {
+  if (typeof window !== "undefined") {
+    throw new Error(`${methodName} is server-only. Use Blink CRUD methods (blink.db.<table>.*) instead.`);
+  }
+}
 function camelToSnake3(str) {
   return str.replace(/[A-Z]/g, (letter) => `_${letter.toLowerCase()}`);
 }
@@ -3184,6 +3220,7 @@ var BlinkTable = class {
    * Raw SQL query on this table (for advanced use cases)
    */
   async sql(query, params) {
+    assertServerOnly("blink.db.<table>.sql");
     const response = await this.httpClient.dbSql(query, params);
     return response.data;
   }
@@ -3232,6 +3269,7 @@ var BlinkDatabase = class {
    * Execute raw SQL query
    */
   async sql(query, params) {
+    assertServerOnly("blink.db.sql");
     const response = await this.httpClient.dbSql(query, params);
     return response.data;
   }
@@ -3239,6 +3277,7 @@ var BlinkDatabase = class {
    * Execute batch SQL operations
    */
   async batch(statements, mode = "write") {
+    assertServerOnly("blink.db.batch");
     const response = await this.httpClient.dbBatch(statements, mode);
     return response.data;
   }
@@ -3301,7 +3340,6 @@ var BlinkStorageImpl = class {
         correctedPath,
         // Use corrected path with proper extension
         {
-          upsert: options.upsert,
           onProgress: options.onProgress,
           contentType: detectedContentType
           // Pass detected content type
@@ -3321,7 +3359,7 @@ var BlinkStorageImpl = class {
       if (error instanceof Error && "status" in error) {
         const status = error.status;
         if (status === 409) {
-          throw new BlinkStorageError("File already exists. Set upsert: true to overwrite.", 409);
+          throw new BlinkStorageError("File already exists.", 409);
         }
         if (status === 400) {
           throw new BlinkStorageError("Invalid request parameters", 400);
@@ -3366,7 +3404,6 @@ var BlinkStorageImpl = class {
         detectedContentType
       };
     } catch (error) {
-      console.warn("File type detection failed, using original path:", error);
       return {
         correctedPath: originalPath,
         detectedContentType: "application/octet-stream"
@@ -5292,7 +5329,6 @@ var BlinkAnalyticsImpl = class {
     } catch (error) {
       this.queue = [...events, ...this.queue];
       this.persistQueue();
-      console.error("Failed to send analytics events:", error);
     }
     if (this.queue.length > 0) {
       this.timer = setTimeout(() => this.flush(), BATCH_TIMEOUT);
@@ -5483,6 +5519,45 @@ var BlinkAnalyticsImpl = class {
   }
 };
 
+// src/functions.ts
+var BlinkFunctionsImpl = class {
+  httpClient;
+  projectId;
+  constructor(httpClient, projectId, _getToken) {
+    this.httpClient = httpClient;
+    this.projectId = projectId;
+  }
+  /**
+   * Get the project suffix from the full project ID.
+   * Project IDs are formatted as: prj_xxxxx
+   * The suffix is the last 8 characters used in function URLs.
+   */
+  getProjectSuffix() {
+    return this.projectId.slice(-8);
+  }
+  /**
+   * Build the full function URL
+   */
+  buildFunctionUrl(functionSlug, searchParams) {
+    const suffix = this.getProjectSuffix();
+    const baseUrl = `https://${suffix}--${functionSlug}.functions.blink.new`;
+    if (!searchParams || Object.keys(searchParams).length === 0) {
+      return baseUrl;
+    }
+    const url = new URL(baseUrl);
+    Object.entries(searchParams).forEach(([key, value]) => {
+      url.searchParams.set(key, value);
+    });
+    return url.toString();
+  }
+  async invoke(functionSlug, options = {}) {
+    const { method = "POST", body, headers = {}, searchParams } = options;
+    const url = this.buildFunctionUrl(functionSlug, searchParams);
+    const res = await this.httpClient.request(url, { method, body, headers });
+    return { data: res.data, status: res.status, headers: res.headers };
+  }
+};
+
 // src/client.ts
 var BlinkClientImpl = class {
   auth;
@@ -5493,8 +5568,12 @@ var BlinkClientImpl = class {
   realtime;
   notifications;
   analytics;
+  functions;
   httpClient;
   constructor(config) {
+    if ((config.secretKey || config.serviceToken) && isBrowser) {
+      throw new Error("secretKey/serviceToken is server-only. Do not provide it in browser/React Native clients.");
+    }
     this.auth = new BlinkAuth(config);
     this.httpClient = new HttpClient(
       config,
@@ -5508,6 +5587,11 @@ var BlinkClientImpl = class {
     this.realtime = new BlinkRealtimeImpl(this.httpClient, config.projectId);
     this.notifications = new BlinkNotificationsImpl(this.httpClient);
     this.analytics = new BlinkAnalyticsImpl(this.httpClient, config.projectId);
+    this.functions = new BlinkFunctionsImpl(
+      this.httpClient,
+      config.projectId,
+      () => this.auth.getValidToken()
+    );
     this.auth.onAuthStateChanged((state) => {
       if (state.isAuthenticated && state.user) {
         this.analytics.setUserId(state.user.id);

package/dist/index.mjs

@@ -389,32 +389,65 @@ var HttpClient = class {
   authUrl = "https://blink.new";
   coreUrl = "https://core.blink.new";
   projectId;
+  publishableKey;
+  secretKey;
+  // Permanent, non-expiring key (like Stripe's sk_live_...)
   getToken;
   getValidToken;
   constructor(config, getToken, getValidToken) {
     this.projectId = config.projectId;
+    this.publishableKey = config.publishableKey;
+    this.secretKey = config.secretKey || config.serviceToken;
     this.getToken = getToken;
     this.getValidToken = getValidToken;
   }
+  shouldAttachPublishableKey(path, method) {
+    if (method !== "GET" && method !== "POST") return false;
+    if (path.includes("/api/analytics/")) return true;
+    if (path.includes("/api/storage/")) return true;
+    if (path.includes("/api/db/") && path.includes("/rest/v1/")) return method === "GET";
+    return false;
+  }
+  shouldSkipSecretKey(url) {
+    try {
+      const parsed = new URL(url);
+      return parsed.hostname.endsWith(".functions.blink.new");
+    } catch {
+      return false;
+    }
+  }
+  getAuthorizationHeader(url, token) {
+    if (this.secretKey && !this.shouldSkipSecretKey(url)) {
+      return `Bearer ${this.secretKey}`;
+    }
+    if (token) {
+      return `Bearer ${token}`;
+    }
+    return null;
+  }
   /**
    * Make an authenticated request to the Blink API
    */
   async request(path, options = {}) {
     const url = this.buildUrl(path, options.searchParams);
     const token = this.getValidToken ? await this.getValidToken() : this.getToken();
+    const method = options.method || "GET";
     const headers = {
       "Content-Type": "application/json",
       ...options.headers
     };
-    if (token) {
-      headers.Authorization = `Bearer ${token}`;
+    const auth = this.getAuthorizationHeader(url, token);
+    if (auth) {
+      headers.Authorization = auth;
+    } else if (this.publishableKey && !headers["x-blink-publishable-key"] && this.shouldAttachPublishableKey(path, method)) {
+      headers["x-blink-publishable-key"] = this.publishableKey;
     }
     const requestInit = {
-      method: options.method || "GET",
+      method,
       headers,
       signal: options.signal
     };
-    if (options.body && options.method !== "GET") {
+    if (options.body && method !== "GET") {
       requestInit.body = typeof options.body === "string" ? options.body : JSON.stringify(options.body);
     }
     try {
@@ -568,12 +601,12 @@ var HttpClient = class {
       throw new BlinkValidationError("Unsupported file type");
     }
     formData.append("path", filePath);
-    if (options.upsert !== void 0) {
-      formData.append("options", JSON.stringify({ upsert: options.upsert }));
-    }
     const headers = {};
-    if (token) {
-      headers.Authorization = `Bearer ${token}`;
+    const auth = this.getAuthorizationHeader(url, token);
+    if (auth) {
+      headers.Authorization = auth;
+    } else if (this.publishableKey && path.includes("/api/storage/") && !headers["x-blink-publishable-key"]) {
+      headers["x-blink-publishable-key"] = this.publishableKey;
     }
     try {
       if (typeof XMLHttpRequest !== "undefined" && options.onProgress) {
@@ -682,9 +715,8 @@ var HttpClient = class {
     const headers = {
       "Content-Type": "application/json"
     };
-    if (token) {
-      headers.Authorization = `Bearer ${token}`;
-    }
+    const auth = this.getAuthorizationHeader(url, token);
+    if (auth) headers.Authorization = auth;
     const body = {
       prompt,
       stream: true,
@@ -737,9 +769,8 @@ var HttpClient = class {
     const headers = {
       "Content-Type": "application/json"
     };
-    if (token) {
-      headers.Authorization = `Bearer ${token}`;
-    }
+    const auth = this.getAuthorizationHeader(url, token);
+    if (auth) headers.Authorization = auth;
     const body = {
       prompt,
       stream: true,
@@ -2964,6 +2995,11 @@ var BlinkAuth = class {
 };
 
 // src/database.ts
+function assertServerOnly(methodName) {
+  if (typeof window !== "undefined") {
+    throw new Error(`${methodName} is server-only. Use Blink CRUD methods (blink.db.<table>.*) instead.`);
+  }
+}
 function camelToSnake3(str) {
   return str.replace(/[A-Z]/g, (letter) => `_${letter.toLowerCase()}`);
 }
@@ -3182,6 +3218,7 @@ var BlinkTable = class {
    * Raw SQL query on this table (for advanced use cases)
    */
   async sql(query, params) {
+    assertServerOnly("blink.db.<table>.sql");
     const response = await this.httpClient.dbSql(query, params);
     return response.data;
   }
@@ -3230,6 +3267,7 @@ var BlinkDatabase = class {
    * Execute raw SQL query
    */
   async sql(query, params) {
+    assertServerOnly("blink.db.sql");
     const response = await this.httpClient.dbSql(query, params);
     return response.data;
   }
@@ -3237,6 +3275,7 @@ var BlinkDatabase = class {
    * Execute batch SQL operations
    */
   async batch(statements, mode = "write") {
+    assertServerOnly("blink.db.batch");
     const response = await this.httpClient.dbBatch(statements, mode);
     return response.data;
   }
@@ -3299,7 +3338,6 @@ var BlinkStorageImpl = class {
         correctedPath,
         // Use corrected path with proper extension
         {
-          upsert: options.upsert,
           onProgress: options.onProgress,
           contentType: detectedContentType
           // Pass detected content type
@@ -3319,7 +3357,7 @@ var BlinkStorageImpl = class {
       if (error instanceof Error && "status" in error) {
         const status = error.status;
         if (status === 409) {
-          throw new BlinkStorageError("File already exists. Set upsert: true to overwrite.", 409);
+          throw new BlinkStorageError("File already exists.", 409);
         }
         if (status === 400) {
           throw new BlinkStorageError("Invalid request parameters", 400);
@@ -3364,7 +3402,6 @@ var BlinkStorageImpl = class {
         detectedContentType
       };
     } catch (error) {
-      console.warn("File type detection failed, using original path:", error);
       return {
         correctedPath: originalPath,
         detectedContentType: "application/octet-stream"
@@ -5290,7 +5327,6 @@ var BlinkAnalyticsImpl = class {
     } catch (error) {
       this.queue = [...events, ...this.queue];
       this.persistQueue();
-      console.error("Failed to send analytics events:", error);
     }
     if (this.queue.length > 0) {
       this.timer = setTimeout(() => this.flush(), BATCH_TIMEOUT);
@@ -5481,6 +5517,45 @@ var BlinkAnalyticsImpl = class {
   }
 };
 
+// src/functions.ts
+var BlinkFunctionsImpl = class {
+  httpClient;
+  projectId;
+  constructor(httpClient, projectId, _getToken) {
+    this.httpClient = httpClient;
+    this.projectId = projectId;
+  }
+  /**
+   * Get the project suffix from the full project ID.
+   * Project IDs are formatted as: prj_xxxxx
+   * The suffix is the last 8 characters used in function URLs.
+   */
+  getProjectSuffix() {
+    return this.projectId.slice(-8);
+  }
+  /**
+   * Build the full function URL
+   */
+  buildFunctionUrl(functionSlug, searchParams) {
+    const suffix = this.getProjectSuffix();
+    const baseUrl = `https://${suffix}--${functionSlug}.functions.blink.new`;
+    if (!searchParams || Object.keys(searchParams).length === 0) {
+      return baseUrl;
+    }
+    const url = new URL(baseUrl);
+    Object.entries(searchParams).forEach(([key, value]) => {
+      url.searchParams.set(key, value);
+    });
+    return url.toString();
+  }
+  async invoke(functionSlug, options = {}) {
+    const { method = "POST", body, headers = {}, searchParams } = options;
+    const url = this.buildFunctionUrl(functionSlug, searchParams);
+    const res = await this.httpClient.request(url, { method, body, headers });
+    return { data: res.data, status: res.status, headers: res.headers };
+  }
+};
+
 // src/client.ts
 var BlinkClientImpl = class {
   auth;
@@ -5491,8 +5566,12 @@ var BlinkClientImpl = class {
   realtime;
   notifications;
   analytics;
+  functions;
   httpClient;
   constructor(config) {
+    if ((config.secretKey || config.serviceToken) && isBrowser) {
+      throw new Error("secretKey/serviceToken is server-only. Do not provide it in browser/React Native clients.");
+    }
     this.auth = new BlinkAuth(config);
     this.httpClient = new HttpClient(
       config,
@@ -5506,6 +5585,11 @@ var BlinkClientImpl = class {
     this.realtime = new BlinkRealtimeImpl(this.httpClient, config.projectId);
     this.notifications = new BlinkNotificationsImpl(this.httpClient);
     this.analytics = new BlinkAnalyticsImpl(this.httpClient, config.projectId);
+    this.functions = new BlinkFunctionsImpl(
+      this.httpClient,
+      config.projectId,
+      () => this.auth.getValidToken()
+    );
     this.auth.onAuthStateChanged((state) => {
       if (state.isAuthenticated && state.user) {
         this.analytics.setUserId(state.user.id);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blinkdotnew/sdk",
-  "version": "2.0.3",
+  "version": "2.1.0",
   "description": "Blink TypeScript SDK for client-side applications - Zero-boilerplate CRUD + auth + AI + analytics + notifications for modern SaaS/AI apps",
   "keywords": [
     "blink",
@@ -46,7 +46,8 @@
     "build": "tsup",
     "dev": "tsup --watch",
     "type-check": "tsc --noEmit",
-    "clean": "rm -rf dist"
+    "clean": "rm -rf dist",
+    "prepublishOnly": "npm run build"
   },
   "dependencies": {},
   "devDependencies": {