@blinkdotnew/sdk 2.0.3 → 2.1.1

package/dist/index.d.mts

@@ -61,6 +61,39 @@ interface BlinkClientConfig {
     projectId: string;
     authRequired?: boolean;
     auth?: BlinkAuthConfig;
+    /**
+     * Publishable key (client-safe).
+     *
+     * Used for **public endpoints** when no user JWT is present (e.g. analytics ingest, storage upload,
+     * optional public DB reads). Never use for privileged operations.
+     */
+    publishableKey?: string;
+    /**
+     * Secret key (server-only, privileged). Permanent, never expires.
+     *
+     * Used in **server runtimes** (Edge Functions, Workers) for privileged operations that require
+     * service-role access (e.g. raw SQL, bypassing row-level security).
+     *
+     * Format: `blnk_sk_{projectId-last-8}_{random}` (similar to Stripe's `sk_live_...`)
+     *
+     * **Security**: Never expose this key in client-side code. It is injected by the platform
+     * into edge function environments as `BLINK_SECRET_KEY`.
+     *
+     * When present, this key takes precedence over user JWTs for all requests.
+     *
+     * @example
+     * // Edge function (Deno)
+     * const blink = createClient({
+     *   projectId: Deno.env.get('BLINK_PROJECT_ID')!,
+     *   secretKey: Deno.env.get('BLINK_SECRET_KEY'),
+     * })
+     */
+    secretKey?: string;
+    /**
+     * @deprecated Use `secretKey` instead. Service tokens are JWT-based and expire after 365 days.
+     * Secret keys are permanent and never expire.
+     */
+    serviceToken?: string;
     /**
      * Storage adapter for cross-platform token persistence
      *
@@ -281,6 +314,9 @@ declare class BlinkError extends Error {
     constructor(message: string, code?: string | undefined, status?: number | undefined, details?: any);
 }
 interface StorageUploadOptions {
+    /**
+     * @deprecated Blink storage uploads are add-only by default. This option is ignored.
+     */
     upsert?: boolean;
     onProgress?: (percent: number) => void;
 }
@@ -737,7 +773,7 @@ interface BlinkNotifications {
  */
 
 interface RequestOptions {
-    method?: 'GET' | 'POST' | 'PATCH' | 'DELETE';
+    method?: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE';
     headers?: Record<string, string>;
     body?: any;
     searchParams?: Record<string, string>;
@@ -752,9 +788,14 @@ declare class HttpClient {
     private readonly authUrl;
     private readonly coreUrl;
     readonly projectId: string;
+    private readonly publishableKey?;
+    private readonly secretKey?;
     private getToken;
     private getValidToken?;
     constructor(config: BlinkClientConfig, getToken: () => string | null, getValidToken?: () => Promise<string | null>);
+    private shouldAttachPublishableKey;
+    private shouldSkipSecretKey;
+    private getAuthorizationHeader;
     /**
      * Make an authenticated request to the Blink API
      */
@@ -949,9 +990,9 @@ declare class HttpClient {
 
 /**
  * Platform detection for cross-platform compatibility
- * Detects whether code is running on web, React Native, or Node.js
+ * Detects whether code is running on web, React Native, Node.js, or Deno
  */
-type Platform = 'web' | 'react-native' | 'node';
+type Platform = 'web' | 'react-native' | 'node' | 'deno';
 /**
  * Current platform
  */
@@ -962,7 +1003,9 @@ declare const platform: Platform;
 declare const isWeb: boolean;
 declare const isReactNative: boolean;
 declare const isNode: boolean;
+declare const isDeno: boolean;
 declare const isBrowser: boolean;
+declare const isServer: boolean;
 
 /**
  * Blink Auth Module - Client-side authentication management
@@ -1633,6 +1676,50 @@ declare class BlinkAnalyticsImpl implements BlinkAnalytics {
     private detectChannel;
 }
 
+/**
+ * Blink Functions - Edge function invocation helper
+ * Provides a simple interface for calling Blink Edge Functions with automatic JWT attachment
+ */
+
+interface FunctionsInvokeOptions {
+    method?: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE';
+    body?: any;
+    headers?: Record<string, string>;
+    searchParams?: Record<string, string>;
+}
+interface FunctionsInvokeResponse<T = any> {
+    data: T;
+    status: number;
+    headers: Headers;
+}
+interface BlinkFunctions {
+    /**
+     * Invoke a Blink Edge Function.
+     *
+     * Automatically attaches the user's JWT for authenticated requests.
+     * The function URL is constructed as: https://{projectSuffix}--{functionSlug}.functions.blink.new
+     *
+     * @param functionSlug - The slug of the edge function to invoke
+     * @param options - Request options (method, body, headers, etc.)
+     * @returns The function response
+     *
+     * @example
+     * // Simple POST request
+     * const { data } = await blink.functions.invoke('my-function', {
+     *   method: 'POST',
+     *   body: { message: 'Hello' }
+     * })
+     *
+     * @example
+     * // GET request with query params
+     * const { data } = await blink.functions.invoke('my-function', {
+     *   method: 'GET',
+     *   searchParams: { limit: '10' }
+     * })
+     */
+    invoke<T = any>(functionSlug: string, options?: FunctionsInvokeOptions): Promise<FunctionsInvokeResponse<T>>;
+}
+
 /**
  * Blink Client - Main SDK entry point
  * Factory function and client class for the Blink SDK
@@ -1647,6 +1734,7 @@ interface BlinkClient {
     realtime: BlinkRealtime;
     notifications: BlinkNotifications;
     analytics: BlinkAnalytics;
+    functions: BlinkFunctions;
 }
 /**
  * Create a new Blink client instance
@@ -2296,4 +2384,4 @@ declare class BlinkRealtimeImpl implements BlinkRealtime {
     onPresence(channelName: string, callback: (users: PresenceUser[]) => void): () => void;
 }
 
-export { type AnalyticsEvent, AsyncStorageAdapter, type AuthState, type AuthStateChangeCallback, type AuthTokens, type BlinkAI, BlinkAIImpl, type BlinkAnalytics, BlinkAnalyticsImpl, type BlinkClient, type BlinkClientConfig, type BlinkData, BlinkDataImpl, BlinkDatabase, type BlinkRealtime, BlinkRealtimeChannel, BlinkRealtimeError, BlinkRealtimeImpl, type BlinkStorage, BlinkStorageImpl, BlinkTable, type BlinkUser, type CreateOptions, type DataExtraction, type FileObject, type FilterCondition, type ImageGenerationRequest, type ImageGenerationResponse, type Message, NoOpStorageAdapter, type ObjectGenerationRequest, type ObjectGenerationResponse, type PresenceUser, type QueryOptions, type RealtimeChannel, type RealtimeGetMessagesOptions, type RealtimeMessage, type RealtimePublishOptions, type RealtimeSubscribeOptions, type SearchRequest, type SearchResponse, type SpeechGenerationRequest, type SpeechGenerationResponse, type StorageAdapter, type StorageUploadOptions, type StorageUploadResponse, type TableOperations, type TextGenerationRequest, type TextGenerationResponse, type TokenUsage, type TranscriptionRequest, type TranscriptionResponse, type UpdateOptions, type UpsertOptions, type WebBrowserModule, WebStorageAdapter, createClient, getDefaultStorageAdapter, isBrowser, isNode, isReactNative, isWeb, platform };
+export { type AnalyticsEvent, AsyncStorageAdapter, type AuthState, type AuthStateChangeCallback, type AuthTokens, type BlinkAI, BlinkAIImpl, type BlinkAnalytics, BlinkAnalyticsImpl, type BlinkClient, type BlinkClientConfig, type BlinkData, BlinkDataImpl, BlinkDatabase, type BlinkRealtime, BlinkRealtimeChannel, BlinkRealtimeError, BlinkRealtimeImpl, type BlinkStorage, BlinkStorageImpl, BlinkTable, type BlinkUser, type CreateOptions, type DataExtraction, type FileObject, type FilterCondition, type ImageGenerationRequest, type ImageGenerationResponse, type Message, NoOpStorageAdapter, type ObjectGenerationRequest, type ObjectGenerationResponse, type PresenceUser, type QueryOptions, type RealtimeChannel, type RealtimeGetMessagesOptions, type RealtimeMessage, type RealtimePublishOptions, type RealtimeSubscribeOptions, type SearchRequest, type SearchResponse, type SpeechGenerationRequest, type SpeechGenerationResponse, type StorageAdapter, type StorageUploadOptions, type StorageUploadResponse, type TableOperations, type TextGenerationRequest, type TextGenerationResponse, type TokenUsage, type TranscriptionRequest, type TranscriptionResponse, type UpdateOptions, type UpsertOptions, type WebBrowserModule, WebStorageAdapter, createClient, getDefaultStorageAdapter, isBrowser, isDeno, isNode, isReactNative, isServer, isWeb, platform };

package/dist/index.d.ts

@@ -61,6 +61,39 @@ interface BlinkClientConfig {
     projectId: string;
     authRequired?: boolean;
     auth?: BlinkAuthConfig;
+    /**
+     * Publishable key (client-safe).
+     *
+     * Used for **public endpoints** when no user JWT is present (e.g. analytics ingest, storage upload,
+     * optional public DB reads). Never use for privileged operations.
+     */
+    publishableKey?: string;
+    /**
+     * Secret key (server-only, privileged). Permanent, never expires.
+     *
+     * Used in **server runtimes** (Edge Functions, Workers) for privileged operations that require
+     * service-role access (e.g. raw SQL, bypassing row-level security).
+     *
+     * Format: `blnk_sk_{projectId-last-8}_{random}` (similar to Stripe's `sk_live_...`)
+     *
+     * **Security**: Never expose this key in client-side code. It is injected by the platform
+     * into edge function environments as `BLINK_SECRET_KEY`.
+     *
+     * When present, this key takes precedence over user JWTs for all requests.
+     *
+     * @example
+     * // Edge function (Deno)
+     * const blink = createClient({
+     *   projectId: Deno.env.get('BLINK_PROJECT_ID')!,
+     *   secretKey: Deno.env.get('BLINK_SECRET_KEY'),
+     * })
+     */
+    secretKey?: string;
+    /**
+     * @deprecated Use `secretKey` instead. Service tokens are JWT-based and expire after 365 days.
+     * Secret keys are permanent and never expire.
+     */
+    serviceToken?: string;
     /**
      * Storage adapter for cross-platform token persistence
      *
@@ -281,6 +314,9 @@ declare class BlinkError extends Error {
     constructor(message: string, code?: string | undefined, status?: number | undefined, details?: any);
 }
 interface StorageUploadOptions {
+    /**
+     * @deprecated Blink storage uploads are add-only by default. This option is ignored.
+     */
     upsert?: boolean;
     onProgress?: (percent: number) => void;
 }
@@ -737,7 +773,7 @@ interface BlinkNotifications {
  */
 
 interface RequestOptions {
-    method?: 'GET' | 'POST' | 'PATCH' | 'DELETE';
+    method?: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE';
     headers?: Record<string, string>;
     body?: any;
     searchParams?: Record<string, string>;
@@ -752,9 +788,14 @@ declare class HttpClient {
     private readonly authUrl;
     private readonly coreUrl;
     readonly projectId: string;
+    private readonly publishableKey?;
+    private readonly secretKey?;
     private getToken;
     private getValidToken?;
     constructor(config: BlinkClientConfig, getToken: () => string | null, getValidToken?: () => Promise<string | null>);
+    private shouldAttachPublishableKey;
+    private shouldSkipSecretKey;
+    private getAuthorizationHeader;
     /**
      * Make an authenticated request to the Blink API
      */
@@ -949,9 +990,9 @@ declare class HttpClient {
 
 /**
  * Platform detection for cross-platform compatibility
- * Detects whether code is running on web, React Native, or Node.js
+ * Detects whether code is running on web, React Native, Node.js, or Deno
  */
-type Platform = 'web' | 'react-native' | 'node';
+type Platform = 'web' | 'react-native' | 'node' | 'deno';
 /**
  * Current platform
  */
@@ -962,7 +1003,9 @@ declare const platform: Platform;
 declare const isWeb: boolean;
 declare const isReactNative: boolean;
 declare const isNode: boolean;
+declare const isDeno: boolean;
 declare const isBrowser: boolean;
+declare const isServer: boolean;
 
 /**
  * Blink Auth Module - Client-side authentication management
@@ -1633,6 +1676,50 @@ declare class BlinkAnalyticsImpl implements BlinkAnalytics {
     private detectChannel;
 }
 
+/**
+ * Blink Functions - Edge function invocation helper
+ * Provides a simple interface for calling Blink Edge Functions with automatic JWT attachment
+ */
+
+interface FunctionsInvokeOptions {
+    method?: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE';
+    body?: any;
+    headers?: Record<string, string>;
+    searchParams?: Record<string, string>;
+}
+interface FunctionsInvokeResponse<T = any> {
+    data: T;
+    status: number;
+    headers: Headers;
+}
+interface BlinkFunctions {
+    /**
+     * Invoke a Blink Edge Function.
+     *
+     * Automatically attaches the user's JWT for authenticated requests.
+     * The function URL is constructed as: https://{projectSuffix}--{functionSlug}.functions.blink.new
+     *
+     * @param functionSlug - The slug of the edge function to invoke
+     * @param options - Request options (method, body, headers, etc.)
+     * @returns The function response
+     *
+     * @example
+     * // Simple POST request
+     * const { data } = await blink.functions.invoke('my-function', {
+     *   method: 'POST',
+     *   body: { message: 'Hello' }
+     * })
+     *
+     * @example
+     * // GET request with query params
+     * const { data } = await blink.functions.invoke('my-function', {
+     *   method: 'GET',
+     *   searchParams: { limit: '10' }
+     * })
+     */
+    invoke<T = any>(functionSlug: string, options?: FunctionsInvokeOptions): Promise<FunctionsInvokeResponse<T>>;
+}
+
 /**
  * Blink Client - Main SDK entry point
  * Factory function and client class for the Blink SDK
@@ -1647,6 +1734,7 @@ interface BlinkClient {
     realtime: BlinkRealtime;
     notifications: BlinkNotifications;
     analytics: BlinkAnalytics;
+    functions: BlinkFunctions;
 }
 /**
  * Create a new Blink client instance
@@ -2296,4 +2384,4 @@ declare class BlinkRealtimeImpl implements BlinkRealtime {
     onPresence(channelName: string, callback: (users: PresenceUser[]) => void): () => void;
 }
 
-export { type AnalyticsEvent, AsyncStorageAdapter, type AuthState, type AuthStateChangeCallback, type AuthTokens, type BlinkAI, BlinkAIImpl, type BlinkAnalytics, BlinkAnalyticsImpl, type BlinkClient, type BlinkClientConfig, type BlinkData, BlinkDataImpl, BlinkDatabase, type BlinkRealtime, BlinkRealtimeChannel, BlinkRealtimeError, BlinkRealtimeImpl, type BlinkStorage, BlinkStorageImpl, BlinkTable, type BlinkUser, type CreateOptions, type DataExtraction, type FileObject, type FilterCondition, type ImageGenerationRequest, type ImageGenerationResponse, type Message, NoOpStorageAdapter, type ObjectGenerationRequest, type ObjectGenerationResponse, type PresenceUser, type QueryOptions, type RealtimeChannel, type RealtimeGetMessagesOptions, type RealtimeMessage, type RealtimePublishOptions, type RealtimeSubscribeOptions, type SearchRequest, type SearchResponse, type SpeechGenerationRequest, type SpeechGenerationResponse, type StorageAdapter, type StorageUploadOptions, type StorageUploadResponse, type TableOperations, type TextGenerationRequest, type TextGenerationResponse, type TokenUsage, type TranscriptionRequest, type TranscriptionResponse, type UpdateOptions, type UpsertOptions, type WebBrowserModule, WebStorageAdapter, createClient, getDefaultStorageAdapter, isBrowser, isNode, isReactNative, isWeb, platform };
+export { type AnalyticsEvent, AsyncStorageAdapter, type AuthState, type AuthStateChangeCallback, type AuthTokens, type BlinkAI, BlinkAIImpl, type BlinkAnalytics, BlinkAnalyticsImpl, type BlinkClient, type BlinkClientConfig, type BlinkData, BlinkDataImpl, BlinkDatabase, type BlinkRealtime, BlinkRealtimeChannel, BlinkRealtimeError, BlinkRealtimeImpl, type BlinkStorage, BlinkStorageImpl, BlinkTable, type BlinkUser, type CreateOptions, type DataExtraction, type FileObject, type FilterCondition, type ImageGenerationRequest, type ImageGenerationResponse, type Message, NoOpStorageAdapter, type ObjectGenerationRequest, type ObjectGenerationResponse, type PresenceUser, type QueryOptions, type RealtimeChannel, type RealtimeGetMessagesOptions, type RealtimeMessage, type RealtimePublishOptions, type RealtimeSubscribeOptions, type SearchRequest, type SearchResponse, type SpeechGenerationRequest, type SpeechGenerationResponse, type StorageAdapter, type StorageUploadOptions, type StorageUploadResponse, type TableOperations, type TextGenerationRequest, type TextGenerationResponse, type TokenUsage, type TranscriptionRequest, type TranscriptionResponse, type UpdateOptions, type UpsertOptions, type WebBrowserModule, WebStorageAdapter, createClient, getDefaultStorageAdapter, isBrowser, isDeno, isNode, isReactNative, isServer, isWeb, platform };

package/dist/index.js

@@ -7,6 +7,33 @@ var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require
   throw Error('Dynamic require of "' + x + '" is not supported');
 });
 
+// ../core/src/platform.ts
+function detectPlatform() {
+  if (typeof Deno !== "undefined") {
+    return "deno";
+  }
+  if (typeof process !== "undefined" && process.versions?.node) {
+    if (typeof navigator !== "undefined" && navigator.product === "ReactNative") {
+      return "react-native";
+    }
+    return "node";
+  }
+  if (typeof navigator !== "undefined" && navigator.product === "ReactNative") {
+    return "react-native";
+  }
+  if (typeof window !== "undefined" && typeof document !== "undefined") {
+    return "web";
+  }
+  return "node";
+}
+var platform = detectPlatform();
+var isWeb = platform === "web";
+var isReactNative = platform === "react-native";
+var isNode = platform === "node";
+var isDeno = platform === "deno";
+var isBrowser = isWeb || isReactNative;
+var isServer = isNode || isDeno;
+
 // ../core/src/storage-adapter.ts
 var WebStorageAdapter = class {
   getItem(key) {
@@ -92,6 +119,9 @@ var NoOpStorageAdapter = class {
   }
 };
 function getDefaultStorageAdapter() {
+  if (isDeno) {
+    return new NoOpStorageAdapter();
+  }
   if (typeof window !== "undefined" && typeof localStorage !== "undefined") {
     try {
       localStorage.setItem("__test__", "test");
@@ -103,28 +133,6 @@ function getDefaultStorageAdapter() {
   return new NoOpStorageAdapter();
 }
 
-// ../core/src/platform.ts
-function detectPlatform() {
-  if (typeof process !== "undefined" && process.versions?.node) {
-    if (typeof navigator !== "undefined" && navigator.product === "ReactNative") {
-      return "react-native";
-    }
-    return "node";
-  }
-  if (typeof navigator !== "undefined" && navigator.product === "ReactNative") {
-    return "react-native";
-  }
-  if (typeof window !== "undefined" && typeof document !== "undefined") {
-    return "web";
-  }
-  return "node";
-}
-var platform = detectPlatform();
-var isWeb = platform === "web";
-var isReactNative = platform === "react-native";
-var isNode = platform === "node";
-var isBrowser = isWeb || isReactNative;
-
 // ../core/src/types.ts
 var BlinkError = class extends Error {
   constructor(message, code, status, details) {
@@ -391,32 +399,65 @@ var HttpClient = class {
   authUrl = "https://blink.new";
   coreUrl = "https://core.blink.new";
   projectId;
+  publishableKey;
+  secretKey;
+  // Permanent, non-expiring key (like Stripe's sk_live_...)
   getToken;
   getValidToken;
   constructor(config, getToken, getValidToken) {
     this.projectId = config.projectId;
+    this.publishableKey = config.publishableKey;
+    this.secretKey = config.secretKey || config.serviceToken;
     this.getToken = getToken;
     this.getValidToken = getValidToken;
   }
+  shouldAttachPublishableKey(path, method) {
+    if (method !== "GET" && method !== "POST") return false;
+    if (path.includes("/api/analytics/")) return true;
+    if (path.includes("/api/storage/")) return true;
+    if (path.includes("/api/db/") && path.includes("/rest/v1/")) return method === "GET";
+    return false;
+  }
+  shouldSkipSecretKey(url) {
+    try {
+      const parsed = new URL(url);
+      return parsed.hostname.endsWith(".functions.blink.new");
+    } catch {
+      return false;
+    }
+  }
+  getAuthorizationHeader(url, token) {
+    if (this.secretKey && !this.shouldSkipSecretKey(url)) {
+      return `Bearer ${this.secretKey}`;
+    }
+    if (token) {
+      return `Bearer ${token}`;
+    }
+    return null;
+  }
   /**
    * Make an authenticated request to the Blink API
    */
   async request(path, options = {}) {
     const url = this.buildUrl(path, options.searchParams);
     const token = this.getValidToken ? await this.getValidToken() : this.getToken();
+    const method = options.method || "GET";
     const headers = {
       "Content-Type": "application/json",
       ...options.headers
     };
-    if (token) {
-      headers.Authorization = `Bearer ${token}`;
+    const auth = this.getAuthorizationHeader(url, token);
+    if (auth) {
+      headers.Authorization = auth;
+    } else if (this.publishableKey && !headers["x-blink-publishable-key"] && this.shouldAttachPublishableKey(path, method)) {
+      headers["x-blink-publishable-key"] = this.publishableKey;
     }
     const requestInit = {
-      method: options.method || "GET",
+      method,
       headers,
       signal: options.signal
     };
-    if (options.body && options.method !== "GET") {
+    if (options.body && method !== "GET") {
       requestInit.body = typeof options.body === "string" ? options.body : JSON.stringify(options.body);
     }
     try {
@@ -570,12 +611,12 @@ var HttpClient = class {
       throw new BlinkValidationError("Unsupported file type");
     }
     formData.append("path", filePath);
-    if (options.upsert !== void 0) {
-      formData.append("options", JSON.stringify({ upsert: options.upsert }));
-    }
     const headers = {};
-    if (token) {
-      headers.Authorization = `Bearer ${token}`;
+    const auth = this.getAuthorizationHeader(url, token);
+    if (auth) {
+      headers.Authorization = auth;
+    } else if (this.publishableKey && path.includes("/api/storage/") && !headers["x-blink-publishable-key"]) {
+      headers["x-blink-publishable-key"] = this.publishableKey;
     }
     try {
       if (typeof XMLHttpRequest !== "undefined" && options.onProgress) {
@@ -684,9 +725,8 @@ var HttpClient = class {
     const headers = {
       "Content-Type": "application/json"
     };
-    if (token) {
-      headers.Authorization = `Bearer ${token}`;
-    }
+    const auth = this.getAuthorizationHeader(url, token);
+    if (auth) headers.Authorization = auth;
     const body = {
       prompt,
       stream: true,
@@ -739,9 +779,8 @@ var HttpClient = class {
     const headers = {
       "Content-Type": "application/json"
     };
-    if (token) {
-      headers.Authorization = `Bearer ${token}`;
-    }
+    const auth = this.getAuthorizationHeader(url, token);
+    if (auth) headers.Authorization = auth;
     const body = {
       prompt,
       stream: true,
@@ -2966,6 +3005,11 @@ var BlinkAuth = class {
 };
 
 // src/database.ts
+function assertServerOnly(methodName) {
+  if (typeof window !== "undefined") {
+    throw new Error(`${methodName} is server-only. Use Blink CRUD methods (blink.db.<table>.*) instead.`);
+  }
+}
 function camelToSnake3(str) {
   return str.replace(/[A-Z]/g, (letter) => `_${letter.toLowerCase()}`);
 }
@@ -3184,6 +3228,7 @@ var BlinkTable = class {
    * Raw SQL query on this table (for advanced use cases)
    */
   async sql(query, params) {
+    assertServerOnly("blink.db.<table>.sql");
     const response = await this.httpClient.dbSql(query, params);
     return response.data;
   }
@@ -3232,6 +3277,7 @@ var BlinkDatabase = class {
    * Execute raw SQL query
    */
   async sql(query, params) {
+    assertServerOnly("blink.db.sql");
     const response = await this.httpClient.dbSql(query, params);
     return response.data;
   }
@@ -3239,6 +3285,7 @@ var BlinkDatabase = class {
    * Execute batch SQL operations
    */
   async batch(statements, mode = "write") {
+    assertServerOnly("blink.db.batch");
     const response = await this.httpClient.dbBatch(statements, mode);
     return response.data;
   }
@@ -3301,7 +3348,6 @@ var BlinkStorageImpl = class {
         correctedPath,
         // Use corrected path with proper extension
         {
-          upsert: options.upsert,
           onProgress: options.onProgress,
           contentType: detectedContentType
           // Pass detected content type
@@ -3321,7 +3367,7 @@ var BlinkStorageImpl = class {
       if (error instanceof Error && "status" in error) {
         const status = error.status;
         if (status === 409) {
-          throw new BlinkStorageError("File already exists. Set upsert: true to overwrite.", 409);
+          throw new BlinkStorageError("File already exists.", 409);
         }
         if (status === 400) {
           throw new BlinkStorageError("Invalid request parameters", 400);
@@ -3366,7 +3412,6 @@ var BlinkStorageImpl = class {
         detectedContentType
       };
     } catch (error) {
-      console.warn("File type detection failed, using original path:", error);
       return {
         correctedPath: originalPath,
         detectedContentType: "application/octet-stream"
@@ -5292,7 +5337,6 @@ var BlinkAnalyticsImpl = class {
     } catch (error) {
       this.queue = [...events, ...this.queue];
       this.persistQueue();
-      console.error("Failed to send analytics events:", error);
     }
     if (this.queue.length > 0) {
       this.timer = setTimeout(() => this.flush(), BATCH_TIMEOUT);
@@ -5483,6 +5527,45 @@ var BlinkAnalyticsImpl = class {
   }
 };
 
+// src/functions.ts
+var BlinkFunctionsImpl = class {
+  httpClient;
+  projectId;
+  constructor(httpClient, projectId, _getToken) {
+    this.httpClient = httpClient;
+    this.projectId = projectId;
+  }
+  /**
+   * Get the project suffix from the full project ID.
+   * Project IDs are formatted as: prj_xxxxx
+   * The suffix is the last 8 characters used in function URLs.
+   */
+  getProjectSuffix() {
+    return this.projectId.slice(-8);
+  }
+  /**
+   * Build the full function URL
+   */
+  buildFunctionUrl(functionSlug, searchParams) {
+    const suffix = this.getProjectSuffix();
+    const baseUrl = `https://${suffix}--${functionSlug}.functions.blink.new`;
+    if (!searchParams || Object.keys(searchParams).length === 0) {
+      return baseUrl;
+    }
+    const url = new URL(baseUrl);
+    Object.entries(searchParams).forEach(([key, value]) => {
+      url.searchParams.set(key, value);
+    });
+    return url.toString();
+  }
+  async invoke(functionSlug, options = {}) {
+    const { method = "POST", body, headers = {}, searchParams } = options;
+    const url = this.buildFunctionUrl(functionSlug, searchParams);
+    const res = await this.httpClient.request(url, { method, body, headers });
+    return { data: res.data, status: res.status, headers: res.headers };
+  }
+};
+
 // src/client.ts
 var BlinkClientImpl = class {
   auth;
@@ -5493,8 +5576,12 @@ var BlinkClientImpl = class {
   realtime;
   notifications;
   analytics;
+  functions;
   httpClient;
   constructor(config) {
+    if ((config.secretKey || config.serviceToken) && isBrowser) {
+      throw new Error("secretKey/serviceToken is server-only. Do not provide it in browser/React Native clients.");
+    }
     this.auth = new BlinkAuth(config);
     this.httpClient = new HttpClient(
       config,
@@ -5508,6 +5595,11 @@ var BlinkClientImpl = class {
     this.realtime = new BlinkRealtimeImpl(this.httpClient, config.projectId);
     this.notifications = new BlinkNotificationsImpl(this.httpClient);
     this.analytics = new BlinkAnalyticsImpl(this.httpClient, config.projectId);
+    this.functions = new BlinkFunctionsImpl(
+      this.httpClient,
+      config.projectId,
+      () => this.auth.getValidToken()
+    );
     this.auth.onAuthStateChanged((state) => {
       if (state.isAuthenticated && state.user) {
         this.analytics.setUserId(state.user.id);
@@ -5540,8 +5632,10 @@ exports.WebStorageAdapter = WebStorageAdapter;
 exports.createClient = createClient;
 exports.getDefaultStorageAdapter = getDefaultStorageAdapter;
 exports.isBrowser = isBrowser;
+exports.isDeno = isDeno;
 exports.isNode = isNode;
 exports.isReactNative = isReactNative;
+exports.isServer = isServer;
 exports.isWeb = isWeb;
 exports.platform = platform;
 //# sourceMappingURL=index.js.map

package/dist/index.mjs

@@ -5,6 +5,33 @@ var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require
   throw Error('Dynamic require of "' + x + '" is not supported');
 });
 
+// ../core/src/platform.ts
+function detectPlatform() {
+  if (typeof Deno !== "undefined") {
+    return "deno";
+  }
+  if (typeof process !== "undefined" && process.versions?.node) {
+    if (typeof navigator !== "undefined" && navigator.product === "ReactNative") {
+      return "react-native";
+    }
+    return "node";
+  }
+  if (typeof navigator !== "undefined" && navigator.product === "ReactNative") {
+    return "react-native";
+  }
+  if (typeof window !== "undefined" && typeof document !== "undefined") {
+    return "web";
+  }
+  return "node";
+}
+var platform = detectPlatform();
+var isWeb = platform === "web";
+var isReactNative = platform === "react-native";
+var isNode = platform === "node";
+var isDeno = platform === "deno";
+var isBrowser = isWeb || isReactNative;
+var isServer = isNode || isDeno;
+
 // ../core/src/storage-adapter.ts
 var WebStorageAdapter = class {
   getItem(key) {
@@ -90,6 +117,9 @@ var NoOpStorageAdapter = class {
   }
 };
 function getDefaultStorageAdapter() {
+  if (isDeno) {
+    return new NoOpStorageAdapter();
+  }
   if (typeof window !== "undefined" && typeof localStorage !== "undefined") {
     try {
       localStorage.setItem("__test__", "test");
@@ -101,28 +131,6 @@ function getDefaultStorageAdapter() {
   return new NoOpStorageAdapter();
 }
 
-// ../core/src/platform.ts
-function detectPlatform() {
-  if (typeof process !== "undefined" && process.versions?.node) {
-    if (typeof navigator !== "undefined" && navigator.product === "ReactNative") {
-      return "react-native";
-    }
-    return "node";
-  }
-  if (typeof navigator !== "undefined" && navigator.product === "ReactNative") {
-    return "react-native";
-  }
-  if (typeof window !== "undefined" && typeof document !== "undefined") {
-    return "web";
-  }
-  return "node";
-}
-var platform = detectPlatform();
-var isWeb = platform === "web";
-var isReactNative = platform === "react-native";
-var isNode = platform === "node";
-var isBrowser = isWeb || isReactNative;
-
 // ../core/src/types.ts
 var BlinkError = class extends Error {
   constructor(message, code, status, details) {
@@ -389,32 +397,65 @@ var HttpClient = class {
   authUrl = "https://blink.new";
   coreUrl = "https://core.blink.new";
   projectId;
+  publishableKey;
+  secretKey;
+  // Permanent, non-expiring key (like Stripe's sk_live_...)
   getToken;
   getValidToken;
   constructor(config, getToken, getValidToken) {
     this.projectId = config.projectId;
+    this.publishableKey = config.publishableKey;
+    this.secretKey = config.secretKey || config.serviceToken;
     this.getToken = getToken;
     this.getValidToken = getValidToken;
   }
+  shouldAttachPublishableKey(path, method) {
+    if (method !== "GET" && method !== "POST") return false;
+    if (path.includes("/api/analytics/")) return true;
+    if (path.includes("/api/storage/")) return true;
+    if (path.includes("/api/db/") && path.includes("/rest/v1/")) return method === "GET";
+    return false;
+  }
+  shouldSkipSecretKey(url) {
+    try {
+      const parsed = new URL(url);
+      return parsed.hostname.endsWith(".functions.blink.new");
+    } catch {
+      return false;
+    }
+  }
+  getAuthorizationHeader(url, token) {
+    if (this.secretKey && !this.shouldSkipSecretKey(url)) {
+      return `Bearer ${this.secretKey}`;
+    }
+    if (token) {
+      return `Bearer ${token}`;
+    }
+    return null;
+  }
   /**
    * Make an authenticated request to the Blink API
    */
   async request(path, options = {}) {
     const url = this.buildUrl(path, options.searchParams);
     const token = this.getValidToken ? await this.getValidToken() : this.getToken();
+    const method = options.method || "GET";
     const headers = {
       "Content-Type": "application/json",
       ...options.headers
     };
-    if (token) {
-      headers.Authorization = `Bearer ${token}`;
+    const auth = this.getAuthorizationHeader(url, token);
+    if (auth) {
+      headers.Authorization = auth;
+    } else if (this.publishableKey && !headers["x-blink-publishable-key"] && this.shouldAttachPublishableKey(path, method)) {
+      headers["x-blink-publishable-key"] = this.publishableKey;
     }
     const requestInit = {
-      method: options.method || "GET",
+      method,
       headers,
       signal: options.signal
     };
-    if (options.body && options.method !== "GET") {
+    if (options.body && method !== "GET") {
       requestInit.body = typeof options.body === "string" ? options.body : JSON.stringify(options.body);
     }
     try {
@@ -568,12 +609,12 @@ var HttpClient = class {
       throw new BlinkValidationError("Unsupported file type");
     }
     formData.append("path", filePath);
-    if (options.upsert !== void 0) {
-      formData.append("options", JSON.stringify({ upsert: options.upsert }));
-    }
     const headers = {};
-    if (token) {
-      headers.Authorization = `Bearer ${token}`;
+    const auth = this.getAuthorizationHeader(url, token);
+    if (auth) {
+      headers.Authorization = auth;
+    } else if (this.publishableKey && path.includes("/api/storage/") && !headers["x-blink-publishable-key"]) {
+      headers["x-blink-publishable-key"] = this.publishableKey;
     }
     try {
       if (typeof XMLHttpRequest !== "undefined" && options.onProgress) {
@@ -682,9 +723,8 @@ var HttpClient = class {
     const headers = {
       "Content-Type": "application/json"
     };
-    if (token) {
-      headers.Authorization = `Bearer ${token}`;
-    }
+    const auth = this.getAuthorizationHeader(url, token);
+    if (auth) headers.Authorization = auth;
     const body = {
       prompt,
       stream: true,
@@ -737,9 +777,8 @@ var HttpClient = class {
     const headers = {
       "Content-Type": "application/json"
     };
-    if (token) {
-      headers.Authorization = `Bearer ${token}`;
-    }
+    const auth = this.getAuthorizationHeader(url, token);
+    if (auth) headers.Authorization = auth;
     const body = {
       prompt,
       stream: true,
@@ -2964,6 +3003,11 @@ var BlinkAuth = class {
 };
 
 // src/database.ts
+function assertServerOnly(methodName) {
+  if (typeof window !== "undefined") {
+    throw new Error(`${methodName} is server-only. Use Blink CRUD methods (blink.db.<table>.*) instead.`);
+  }
+}
 function camelToSnake3(str) {
   return str.replace(/[A-Z]/g, (letter) => `_${letter.toLowerCase()}`);
 }
@@ -3182,6 +3226,7 @@ var BlinkTable = class {
    * Raw SQL query on this table (for advanced use cases)
    */
   async sql(query, params) {
+    assertServerOnly("blink.db.<table>.sql");
     const response = await this.httpClient.dbSql(query, params);
     return response.data;
   }
@@ -3230,6 +3275,7 @@ var BlinkDatabase = class {
    * Execute raw SQL query
    */
   async sql(query, params) {
+    assertServerOnly("blink.db.sql");
     const response = await this.httpClient.dbSql(query, params);
     return response.data;
   }
@@ -3237,6 +3283,7 @@ var BlinkDatabase = class {
    * Execute batch SQL operations
    */
   async batch(statements, mode = "write") {
+    assertServerOnly("blink.db.batch");
     const response = await this.httpClient.dbBatch(statements, mode);
     return response.data;
   }
@@ -3299,7 +3346,6 @@ var BlinkStorageImpl = class {
         correctedPath,
         // Use corrected path with proper extension
         {
-          upsert: options.upsert,
           onProgress: options.onProgress,
           contentType: detectedContentType
           // Pass detected content type
@@ -3319,7 +3365,7 @@ var BlinkStorageImpl = class {
       if (error instanceof Error && "status" in error) {
         const status = error.status;
         if (status === 409) {
-          throw new BlinkStorageError("File already exists. Set upsert: true to overwrite.", 409);
+          throw new BlinkStorageError("File already exists.", 409);
         }
         if (status === 400) {
           throw new BlinkStorageError("Invalid request parameters", 400);
@@ -3364,7 +3410,6 @@ var BlinkStorageImpl = class {
         detectedContentType
       };
     } catch (error) {
-      console.warn("File type detection failed, using original path:", error);
       return {
         correctedPath: originalPath,
         detectedContentType: "application/octet-stream"
@@ -5290,7 +5335,6 @@ var BlinkAnalyticsImpl = class {
     } catch (error) {
       this.queue = [...events, ...this.queue];
       this.persistQueue();
-      console.error("Failed to send analytics events:", error);
     }
     if (this.queue.length > 0) {
       this.timer = setTimeout(() => this.flush(), BATCH_TIMEOUT);
@@ -5481,6 +5525,45 @@ var BlinkAnalyticsImpl = class {
   }
 };
 
+// src/functions.ts
+var BlinkFunctionsImpl = class {
+  httpClient;
+  projectId;
+  constructor(httpClient, projectId, _getToken) {
+    this.httpClient = httpClient;
+    this.projectId = projectId;
+  }
+  /**
+   * Get the project suffix from the full project ID.
+   * Project IDs are formatted as: prj_xxxxx
+   * The suffix is the last 8 characters used in function URLs.
+   */
+  getProjectSuffix() {
+    return this.projectId.slice(-8);
+  }
+  /**
+   * Build the full function URL
+   */
+  buildFunctionUrl(functionSlug, searchParams) {
+    const suffix = this.getProjectSuffix();
+    const baseUrl = `https://${suffix}--${functionSlug}.functions.blink.new`;
+    if (!searchParams || Object.keys(searchParams).length === 0) {
+      return baseUrl;
+    }
+    const url = new URL(baseUrl);
+    Object.entries(searchParams).forEach(([key, value]) => {
+      url.searchParams.set(key, value);
+    });
+    return url.toString();
+  }
+  async invoke(functionSlug, options = {}) {
+    const { method = "POST", body, headers = {}, searchParams } = options;
+    const url = this.buildFunctionUrl(functionSlug, searchParams);
+    const res = await this.httpClient.request(url, { method, body, headers });
+    return { data: res.data, status: res.status, headers: res.headers };
+  }
+};
+
 // src/client.ts
 var BlinkClientImpl = class {
   auth;
@@ -5491,8 +5574,12 @@ var BlinkClientImpl = class {
   realtime;
   notifications;
   analytics;
+  functions;
   httpClient;
   constructor(config) {
+    if ((config.secretKey || config.serviceToken) && isBrowser) {
+      throw new Error("secretKey/serviceToken is server-only. Do not provide it in browser/React Native clients.");
+    }
     this.auth = new BlinkAuth(config);
     this.httpClient = new HttpClient(
       config,
@@ -5506,6 +5593,11 @@ var BlinkClientImpl = class {
     this.realtime = new BlinkRealtimeImpl(this.httpClient, config.projectId);
     this.notifications = new BlinkNotificationsImpl(this.httpClient);
     this.analytics = new BlinkAnalyticsImpl(this.httpClient, config.projectId);
+    this.functions = new BlinkFunctionsImpl(
+      this.httpClient,
+      config.projectId,
+      () => this.auth.getValidToken()
+    );
     this.auth.onAuthStateChanged((state) => {
       if (state.isAuthenticated && state.user) {
         this.analytics.setUserId(state.user.id);
@@ -5524,6 +5616,6 @@ function createClient(config) {
   return new BlinkClientImpl(config);
 }
 
-export { AsyncStorageAdapter, BlinkAIImpl, BlinkAnalyticsImpl, BlinkDataImpl, BlinkDatabase, BlinkRealtimeChannel, BlinkRealtimeImpl, BlinkStorageImpl, BlinkTable, NoOpStorageAdapter, WebStorageAdapter, createClient, getDefaultStorageAdapter, isBrowser, isNode, isReactNative, isWeb, platform };
+export { AsyncStorageAdapter, BlinkAIImpl, BlinkAnalyticsImpl, BlinkDataImpl, BlinkDatabase, BlinkRealtimeChannel, BlinkRealtimeImpl, BlinkStorageImpl, BlinkTable, NoOpStorageAdapter, WebStorageAdapter, createClient, getDefaultStorageAdapter, isBrowser, isDeno, isNode, isReactNative, isServer, isWeb, platform };
 //# sourceMappingURL=index.mjs.map
 //# sourceMappingURL=index.mjs.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blinkdotnew/sdk",
-  "version": "2.0.3",
+  "version": "2.1.1",
   "description": "Blink TypeScript SDK for client-side applications - Zero-boilerplate CRUD + auth + AI + analytics + notifications for modern SaaS/AI apps",
   "keywords": [
     "blink",
@@ -46,7 +46,8 @@
     "build": "tsup",
     "dev": "tsup --watch",
     "type-check": "tsc --noEmit",
-    "clean": "rm -rf dist"
+    "clean": "rm -rf dist",
+    "prepublishOnly": "npm run build"
   },
   "dependencies": {},
   "devDependencies": {