@brokr/sdk 1.0.0 → 2.1.0

package/dist/runtime.js

@@ -1,11 +1,10 @@
 "use strict";
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __esm = (fn, res) => function __init() {
-  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
-};
 var __export = (target, all) => {
   for (var name in all)
     __defProp(target, name, { get: all[name], enumerable: true });
@@ -18,159 +17,309 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
-// src/auth.ts
-var auth_exports = {};
-__export(auth_exports, {
-  BrokrAuthClient: () => BrokrAuthClient,
-  authMiddleware: () => authMiddleware
-});
-function parseCookies(cookieHeader) {
-  const cookies = /* @__PURE__ */ new Map();
-  for (const pair of cookieHeader.split(";")) {
-    const eqIdx = pair.indexOf("=");
-    if (eqIdx === -1) continue;
-    const name = pair.slice(0, eqIdx).trim();
-    const value = pair.slice(eqIdx + 1).trim();
-    if (name) cookies.set(name, value);
-  }
-  return cookies;
-}
-function authMiddleware(options) {
-  const { protectedRoutes = [], publicOnlyRoutes = [] } = options;
-  return async function middleware(request) {
-    const url = new URL(request.url);
-    const pathname = url.pathname;
-    const isProtected = protectedRoutes.some((route) => pathname.startsWith(route));
-    const isPublicOnly = publicOnlyRoutes.some((route) => pathname.startsWith(route));
-    if (!isProtected && !isPublicOnly) return void 0;
-    const cookieHeader = request.headers.get("cookie") ?? "";
-    const cookies = parseCookies(cookieHeader);
-    const hasSession = cookies.has("better-auth.session_token");
-    if (isProtected && !hasSession) {
-      return Response.redirect(new URL("/sign-in", request.url).toString(), 302);
-    }
-    if (isPublicOnly && hasSession) {
-      return Response.redirect(new URL("/", request.url).toString(), 302);
-    }
-    return void 0;
-  };
-}
-var BrokrAuthClient;
-var init_auth = __esm({
-  "src/auth.ts"() {
-    "use strict";
-    init_runtime();
-    BrokrAuthClient = class {
-      constructor(token, gatewayUrl, appUrl) {
-        this._token = token;
-        this._gatewayUrl = gatewayUrl;
-        this._appUrl = appUrl ?? (typeof process !== "undefined" ? process.env.BETTER_AUTH_URL : void 0);
-      }
-      /**
-       * Get current user from an incoming request's cookies.
-       * Calls the local Better Auth API (runs inside your app).
-       */
-      async currentUser(request) {
-        const session = await this.getSession(request);
-        return session?.user ?? null;
-      }
-      /**
-       * Get the full session (user + metadata) from an incoming request.
-       * Calls the local Better Auth API.
-       */
-      async getSession(request) {
-        const appUrl = this._appUrl;
-        if (!appUrl) {
-          throw new BrokrError(
-            "[brokr] BETTER_AUTH_URL is not set. Auth may not be provisioned.",
-            "AUTH_NOT_CONFIGURED",
-            "auth"
-          );
-        }
-        const cookieHeader = request.headers.get("cookie") ?? "";
-        if (!cookieHeader) return null;
-        const res = await fetch(`${appUrl}/api/auth/get-session`, {
-          method: "GET",
-          headers: { cookie: cookieHeader }
-        });
-        if (!res.ok) return null;
-        const data = await res.json();
-        if (!data?.user || !data?.session) return null;
-        return {
-          user: {
-            id: data.user.id,
-            email: data.user.email,
-            name: data.user.name ?? null,
-            avatarUrl: data.user.image ?? null,
-            emailVerified: data.user.emailVerified ? /* @__PURE__ */ new Date() : null
-          },
-          sessionId: data.session.id,
-          expiresAt: new Date(data.session.expiresAt)
-        };
-      }
-      /**
-       * Generate an OAuth authorization URL.
-       */
-      async getOAuthUrl(provider, options) {
-        const appUrl = this._appUrl;
-        if (!appUrl) {
-          throw new BrokrError("[brokr] BETTER_AUTH_URL is not set.", "AUTH_NOT_CONFIGURED", "auth");
-        }
-        const redirectTo = options?.redirectTo ?? "/";
-        if (!redirectTo.startsWith("/") || redirectTo.startsWith("//")) {
-          throw new BrokrError("[brokr] redirectTo must be a relative path (start with /)", "INVALID_REDIRECT", "auth");
-        }
-        const params = new URLSearchParams({ callbackURL: redirectTo });
-        return { redirectUrl: `${appUrl}/api/auth/sign-in/social?provider=${provider}&${params}` };
-      }
-      /**
-       * Send a magic link email (requires email capability).
-       */
-      async sendMagicLink(email, options) {
-        const appUrl = this._appUrl;
-        if (!appUrl) {
-          throw new BrokrError("[brokr] BETTER_AUTH_URL is not set.", "AUTH_NOT_CONFIGURED", "auth");
-        }
-        const res = await fetch(`${appUrl}/api/auth/magic-link/send`, {
-          method: "POST",
-          headers: { "Content-Type": "application/json" },
-          body: JSON.stringify({ email, callbackURL: options?.redirectTo ?? "/" })
-        });
-        if (!res.ok) {
-          const data = await res.json().catch(() => ({}));
-          throw new BrokrError(
-            data.message ?? `[brokr] Failed to send magic link (HTTP ${res.status})`,
-            "AUTH_MAGIC_LINK_FAILED",
-            "auth"
-          );
-        }
-      }
-    };
-  }
-});
-
 // src/runtime.ts
 var runtime_exports = {};
 __export(runtime_exports, {
   BrokrAIClient: () => BrokrAIClient,
   BrokrAuthError: () => BrokrAuthError,
   BrokrEmailClient: () => BrokrEmailClient,
+  BrokrEntitlementsClient: () => BrokrEntitlementsClient,
   BrokrError: () => BrokrError,
+  BrokrFilesClient: () => BrokrFilesClient,
   BrokrNetworkError: () => BrokrNetworkError,
+  BrokrNotFoundError: () => BrokrNotFoundError,
+  BrokrNotificationsClient: () => BrokrNotificationsClient,
+  BrokrPaymentsClient: () => BrokrPaymentsClient,
   BrokrRateLimitError: () => BrokrRateLimitError,
   BrokrRuntime: () => BrokrRuntime,
   BrokrStorageClient: () => BrokrStorageClient,
+  BrokrTimeoutError: () => BrokrTimeoutError,
+  BrokrValidationError: () => BrokrValidationError,
   GATEWAY_URL: () => GATEWAY_URL,
   createBrokr: () => createBrokr,
+  detectEnv: () => detectEnv,
+  isDev: () => isDev,
+  isProd: () => isProd,
+  isStaging: () => isStaging,
   models: () => models
 });
 module.exports = __toCommonJS(runtime_exports);
+
+// src/fix-registry.ts
+var FIX_REGISTRY = {
+  AUTH_TOKEN_INVALID: [
+    "\u2192 Run `brokr env pull --stack <name>` to refresh your token",
+    "\u2192 Or run `brokr link account` to re-authenticate"
+  ].join("\n"),
+  AUTH_SESSION_EXPIRED: [
+    "\u2192 Run `brokr link account` to re-authenticate"
+  ].join("\n"),
+  BROKR_TOKEN_MISSING: [
+    "\u2192 Run `brokr env pull --stack <name>` to sync your environment",
+    "\u2192 Or add BROKR_TOKEN to your .env.local manually"
+  ].join("\n"),
+  DATABASE_PROVISION_FAILED: [
+    "\u2192 Run `brokr status <stack>` to check current state",
+    "\u2192 Run `brokr retry <stack>` to re-trigger provisioning"
+  ].join("\n"),
+  DATABASE_QUOTA_REACHED: [
+    "\u2192 Upgrade your plan or delete unused databases",
+    "\u2192 Check usage at brokr.sh/billing"
+  ].join("\n"),
+  DATABASE_HEALTH_TIMEOUT: [
+    "\u2192 Run `brokr status <stack>` to check database state",
+    "\u2192 If persistent, check provider status page"
+  ].join("\n"),
+  DEPLOYMENT_FAILED: [
+    "\u2192 Run `brokr logs --stack <name>` to see build logs",
+    "\u2192 Fix the build error and run `brokr deploy`"
+  ].join("\n"),
+  DEPLOYMENT_RATE_LIMITED: [
+    "\u2192 Wait a minute and retry",
+    "\u2192 Vercel rate limits apply per project"
+  ].join("\n"),
+  REPO_ALREADY_EXISTS: [
+    "\u2192 Use a different stack name",
+    "\u2192 Or run `brokr status <stack>` to check the existing stack"
+  ].join("\n"),
+  REPO_CREATE_FAILED: [
+    "\u2192 Check your GitHub connection: `brokr link account`",
+    "\u2192 Ensure the Brokr GitHub App is installed"
+  ].join("\n"),
+  EMAIL_DOMAIN_FAILED: [
+    "\u2192 Check DNS records are propagated",
+    "\u2192 Run `brokr status <stack>` for details"
+  ].join("\n"),
+  DNS_RECORD_FAILED: [
+    "\u2192 Check Cloudflare dashboard for zone status",
+    "\u2192 Retry with `brokr retry <stack>`"
+  ].join("\n"),
+  INSUFFICIENT_CREDITS: [
+    "\u2192 Top up credits at brokr.sh/billing",
+    "\u2192 Or run `brokr billing topup`"
+  ].join("\n"),
+  AI_BUDGET_EXCEEDED: [
+    "\u2192 Top up credits at brokr.sh/billing",
+    "\u2192 Or run `brokr billing topup`"
+  ].join("\n"),
+  AI_PROVIDER_UNAVAILABLE: [
+    "\u2192 The AI provider is temporarily down",
+    "\u2192 Retry in a few seconds \u2014 this is usually transient"
+  ].join("\n"),
+  AI_MODEL_NOT_FOUND: [
+    "\u2192 Check the model name in your configuration",
+    "\u2192 See available models at brokr.sh/docs/ai-models"
+  ].join("\n"),
+  ENV_VAR_MISSING: [
+    "\u2192 Run `brokr env pull --stack <name>` to sync environment",
+    "\u2192 Check required vars in your template README"
+  ].join("\n"),
+  STACK_LIMIT_REACHED: [
+    "\u2192 Delete unused stacks with `brokr delete <stack>`",
+    "\u2192 Or upgrade your plan at brokr.sh/billing"
+  ].join("\n"),
+  STACK_NOT_FOUND: [
+    "\u2192 Check the stack name: `brokr list`",
+    "\u2192 Create a new stack: `brokr create --name <name>`"
+  ].join("\n"),
+  RATE_LIMITED: [
+    "\u2192 Wait a moment and retry",
+    "\u2192 If persistent, check brokr.sh/status"
+  ].join("\n"),
+  GATEWAY_AUTH_FAILED: [
+    "\u2192 Your BROKR_TOKEN may be expired",
+    "\u2192 Run `brokr env pull --stack <name>` to refresh"
+  ].join("\n"),
+  BROKR_TOKEN_INVALID: [
+    "\u2192 Your BROKR_TOKEN has expired or been revoked",
+    "\u2192 Run `brokr env pull --stack <name>` to get a fresh token"
+  ].join("\n"),
+  AI_STREAM_ERROR: [
+    "\u2192 The AI stream was interrupted",
+    "\u2192 Retry the request \u2014 this is usually transient"
+  ].join("\n"),
+  EMAIL_SEND_FAILED: [
+    "\u2192 Email delivery failed",
+    "\u2192 Check that your domain DNS is verified: `brokr status <stack>`"
+  ].join("\n"),
+  EMAIL_NOT_CONFIGURED: [
+    "\u2192 Email is not set up for this stack",
+    "\u2192 Add email capability: `brokr add email --stack <name>`"
+  ].join("\n"),
+  EMAIL_INVALID_FROM: [
+    "\u2192 The from address must match your verified domain",
+    "\u2192 Check your domain: `brokr status <stack>`"
+  ].join("\n"),
+  STORAGE_UPLOAD_FAILED: [
+    "\u2192 File upload failed",
+    "\u2192 Check file size limits and retry"
+  ].join("\n"),
+  STORAGE_NOT_FOUND: [
+    "\u2192 The requested file does not exist",
+    "\u2192 Check the key and try again"
+  ].join("\n"),
+  PAYMENTS_NOT_CONFIGURED: [
+    "\u2192 Payments are not set up for this stack",
+    "\u2192 Run `brokr payments sync` to configure Stripe"
+  ].join("\n"),
+  PAYMENTS_FAILED: [
+    "\u2192 Payment processing failed",
+    "\u2192 Check your Stripe dashboard for details"
+  ].join("\n"),
+  GATEWAY_INTERNAL: [
+    "\u2192 The Brokr gateway encountered an internal error",
+    "\u2192 Check brokr.sh/status for service health"
+  ].join("\n"),
+  UPSTREAM_ERROR: [
+    "\u2192 An upstream service is temporarily unavailable",
+    "\u2192 Retry in a few seconds \u2014 this is usually transient"
+  ].join("\n"),
+  NETWORK_ERROR: [
+    "\u2192 Could not reach the Brokr gateway",
+    "\u2192 Check your internet connection",
+    "\u2192 Check brokr.sh/status for service health"
+  ].join("\n"),
+  TIMEOUT: [
+    "\u2192 Request timed out",
+    "\u2192 Retry \u2014 if persistent, check brokr.sh/status"
+  ].join("\n")
+};
+
+// src/errors.ts
+var BrokrError = class extends Error {
+  constructor(message, code, capability, retryable = false, errorCode, requestId, hint) {
+    super(message);
+    this.code = code;
+    this.capability = capability;
+    this.retryable = retryable;
+    this.errorCode = errorCode;
+    this.requestId = requestId;
+    this.hint = hint;
+    this.name = "BrokrError";
+  }
+  /** Multi-line terminal fix block — looked up from error code. */
+  get fix() {
+    if (!this.errorCode) return void 0;
+    return FIX_REGISTRY[this.errorCode];
+  }
+  /** Documentation URL for this error code. */
+  get docsUrl() {
+    if (!this.errorCode) return void 0;
+    return `https://brokr.sh/errors/${this.errorCode.toLowerCase().replace(/_/g, "-")}`;
+  }
+  /** Safe message for end users — zero technical language. */
+  toUserMessage() {
+    switch (this.code) {
+      case "RATE_LIMITED":
+        return "Please wait a moment and try again.";
+      case "TIMEOUT":
+        return "The request took too long. Please try again.";
+      case "NETWORK_ERROR":
+        return "Connection issue. Check your internet and try again.";
+      case "BROKR_TOKEN_MISSING":
+        return "App is not connected to Brokr. Contact the developer.";
+      case "BROKR_TOKEN_INVALID":
+        return "Session expired. Please refresh.";
+      case "AI_BUDGET_EXCEEDED":
+        return "AI usage limit reached. The developer needs to add credits.";
+      case "AI_PROVIDER_UNAVAILABLE":
+        return "AI service is temporarily down. Please retry shortly.";
+      case "AI_PROVIDER_RATE_LIMITED":
+        return "Too many AI requests. Please wait a moment.";
+      case "INSUFFICIENT_CREDITS":
+        return "Not enough credits. Please top up your balance.";
+      case "STORAGE_UPLOAD_FAILED":
+        return "File upload failed. Please try again.";
+      case "STORAGE_NOT_FOUND":
+        return "File not found.";
+      case "EMAIL_SEND_FAILED":
+        return "Email could not be sent. Please try again.";
+      case "EMAIL_NOT_CONFIGURED":
+        return "Email is not set up for this app.";
+      case "PAYMENTS_NOT_CONFIGURED":
+        return "Payments are not configured. Contact the developer.";
+      case "PAYMENTS_FAILED":
+        return "Payment processing failed. Please try again.";
+      case "NOT_FOUND":
+        return "The requested resource was not found.";
+      case "VALIDATION_ERROR":
+        return "Invalid input. Please check your data and try again.";
+      default:
+        return "Something went wrong. We're looking into it.";
+    }
+  }
+  toString() {
+    return `${this.name} [${this.errorCode ?? this.code}]: ${this.message}`;
+  }
+  toJSON() {
+    return {
+      name: this.name,
+      code: this.code,
+      errorCode: this.errorCode,
+      message: this.message,
+      capability: this.capability,
+      retryable: this.retryable,
+      requestId: this.requestId,
+      hint: this.hint,
+      component: this.component
+    };
+  }
+};
+var BrokrAuthError = class extends BrokrError {
+  constructor(message, code) {
+    super(message, code, "auth", false);
+    this.name = "BrokrAuthError";
+  }
+};
+var BrokrRateLimitError = class extends BrokrError {
+  constructor(message, retryAfter, capability) {
+    super(message, "RATE_LIMITED", capability, true);
+    this.retryAfter = retryAfter;
+    this.name = "BrokrRateLimitError";
+  }
+};
+var BrokrNetworkError = class extends BrokrError {
+  constructor(message, capability) {
+    super(message, "NETWORK_ERROR", capability, true);
+    this.name = "BrokrNetworkError";
+  }
+};
+var BrokrTimeoutError = class extends BrokrError {
+  constructor(message, capability) {
+    super(message, "TIMEOUT", capability, true);
+    this.name = "BrokrTimeoutError";
+  }
+};
+var BrokrNotFoundError = class extends BrokrError {
+  constructor(message, capability) {
+    super(message, "NOT_FOUND", capability, false);
+    this.name = "BrokrNotFoundError";
+  }
+};
+var BrokrValidationError = class extends BrokrError {
+  constructor(message, capability) {
+    super(message, "VALIDATION_ERROR", capability, false);
+    this.name = "BrokrValidationError";
+  }
+};
+
+// src/gateway.ts
+var GATEWAY_URL = "https://api.brokr.sh";
+var FETCH_TIMEOUT_MS = 3e4;
 function resolveToken() {
   return typeof process !== "undefined" ? process.env.BROKR_TOKEN : void 0;
 }
-function assertToken(token, capability) {
+function requireToken(token, capability) {
   if (!token) {
     let hint = "brokr env pull --stack <name>";
     try {
@@ -186,327 +335,1906 @@ function assertToken(token, capability) {
     } catch {
     }
     throw new BrokrAuthError(
-      `[brokr] BROKR_TOKEN is not set.
-Run: ${hint}`,
+      `BROKR_TOKEN is not set. Run: ${hint}`,
       "BROKR_TOKEN_MISSING"
     );
   }
 }
 async function gatewayFetch(gatewayUrl, token, path, body, capability) {
+  const controller = new AbortController();
+  const timeout = setTimeout(() => controller.abort(), FETCH_TIMEOUT_MS);
   let res;
   try {
     res = await fetch(`${gatewayUrl}${path}`, {
       method: "POST",
       headers: { "Content-Type": "application/json", Authorization: `Bearer ${token}` },
-      body: JSON.stringify(body)
+      body: JSON.stringify(body),
+      signal: controller.signal
     });
   } catch (err) {
+    if (err instanceof Error && err.name === "AbortError") {
+      throw new BrokrTimeoutError(
+        `Request timed out after ${FETCH_TIMEOUT_MS / 1e3}s`,
+        capability
+      );
+    }
     throw new BrokrNetworkError(
-      `[brokr] Could not reach Brokr gateway. Check your network.
-${err instanceof Error ? err.message : String(err)}`,
+      "Could not reach Brokr gateway. Check your network.",
       capability
     );
+  } finally {
+    clearTimeout(timeout);
   }
   if (res.status === 429) {
-    const retryAfter = parseInt(res.headers.get("Retry-After") ?? "60", 10);
+    const rawRetryAfter = parseInt(res.headers.get("Retry-After") ?? "60", 10);
+    const retryAfter = Number.isFinite(rawRetryAfter) ? rawRetryAfter : 60;
     const data = await res.json().catch(() => ({}));
+    const errorMsg = typeof data.error === "string" ? data.error : `Rate limited (retry after ${retryAfter}s)`;
     throw new BrokrRateLimitError(
-      data.error ?? `[brokr] Rate limited (retry after ${retryAfter}s)`,
+      errorMsg,
       retryAfter,
       capability
     );
   }
   if (res.status === 401) {
-    throw new BrokrAuthError("[brokr] Invalid or expired BROKR_TOKEN.", "BROKR_TOKEN_INVALID");
+    throw new BrokrAuthError("Invalid or expired BROKR_TOKEN.", "BROKR_TOKEN_INVALID");
   }
   if (!res.ok) {
-    const data = await res.json().catch(() => ({}));
+    const body2 = await res.json().catch(() => ({}));
+    const errObj = typeof body2.error === "object" && body2.error !== null ? body2.error : void 0;
+    const errorData = body2.data ?? errObj?.data ?? body2;
+    const errorCode = errorData.errorCode ?? body2.code;
+    const hint = errorData.hint;
+    const requestId = errorData.requestId ?? res.headers.get("x-request-id");
+    const retryable = errorData.retryable;
+    const errorStr = typeof body2.error === "string" ? body2.error : void 0;
+    const message = body2.message ?? errObj?.message ?? errorStr ?? `${capability} request failed (HTTP ${res.status})`;
     throw new BrokrError(
-      data.error ?? `[brokr] ${capability} request failed (HTTP ${res.status})`,
-      data.code ?? `${capability.toUpperCase()}_FAILED`,
+      message,
+      errorCode ?? `${capability.toUpperCase()}_FAILED`,
+      capability,
+      retryable ?? false,
+      errorCode ?? void 0,
+      requestId ?? void 0,
+      hint ?? void 0
+    );
+  }
+  try {
+    return await res.json();
+  } catch {
+    throw new BrokrError(
+      `${capability} returned invalid response (expected JSON).`,
+      `${capability.toUpperCase()}_INVALID_RESPONSE`,
+      capability,
+      true
+    );
+  }
+}
+async function gatewayStream(gatewayUrl, token, path, body, capability) {
+  const controller = new AbortController();
+  const timeout = setTimeout(() => controller.abort(), FETCH_TIMEOUT_MS);
+  let res;
+  try {
+    res = await fetch(`${gatewayUrl}${path}`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json", Authorization: `Bearer ${token}` },
+      body: JSON.stringify(body),
+      signal: controller.signal
+    });
+  } catch (err) {
+    clearTimeout(timeout);
+    if (err instanceof Error && err.name === "AbortError") {
+      throw new BrokrTimeoutError(
+        `Stream request timed out after ${FETCH_TIMEOUT_MS / 1e3}s`,
+        capability
+      );
+    }
+    throw new BrokrNetworkError(
+      "Could not reach Brokr gateway. Check your network.",
       capability
     );
   }
-  return res.json();
+  clearTimeout(timeout);
+  if (res.status === 429) {
+    const retryAfter = parseInt(res.headers.get("Retry-After") ?? "60", 10);
+    throw new BrokrRateLimitError("Rate limited.", retryAfter, capability);
+  }
+  if (res.status === 401) {
+    throw new BrokrAuthError("Invalid or expired BROKR_TOKEN.", "BROKR_TOKEN_INVALID");
+  }
+  if (!res.ok || !res.body) {
+    throw new BrokrError(
+      `${capability} stream failed (HTTP ${res.status})`,
+      `${capability.toUpperCase()}_STREAM_FAILED`,
+      capability
+    );
+  }
+  return res;
 }
-function createBrokr(options) {
-  return new BrokrRuntime(options);
+
+// src/env-detect.ts
+var cached = null;
+function detectEnv() {
+  if (cached) return cached;
+  cached = _detect();
+  return cached;
 }
-var GATEWAY_URL, BrokrError, BrokrAuthError, BrokrRateLimitError, BrokrNetworkError, models, BrokrAIClient, BrokrStorageClient, BrokrEmailClient, BrokrRuntime;
-var init_runtime = __esm({
-  "src/runtime.ts"() {
-    GATEWAY_URL = "https://api.brokr.sh";
-    BrokrError = class extends Error {
-      constructor(message, code, capability, retryable = false) {
-        super(message);
-        this.code = code;
-        this.capability = capability;
-        this.retryable = retryable;
-        this.name = "BrokrError";
-      }
-    };
-    BrokrAuthError = class extends BrokrError {
-      constructor(message, code) {
-        super(message, code, "auth", false);
-        this.name = "BrokrAuthError";
-      }
-    };
-    BrokrRateLimitError = class extends BrokrError {
-      constructor(message, retryAfter, capability) {
-        super(message, "RATE_LIMITED", capability, true);
-        this.retryAfter = retryAfter;
-        this.name = "BrokrRateLimitError";
+function isDev() {
+  return detectEnv() === "development";
+}
+function isStaging() {
+  return detectEnv() === "staging";
+}
+function isProd() {
+  return detectEnv() === "production";
+}
+function _detect() {
+  if (typeof process !== "undefined" && process.env) {
+    const vercel = process.env.VERCEL;
+    const vercelEnv = process.env.VERCEL_ENV;
+    if (vercel === "1" || vercel === "true") {
+      if (vercelEnv === "preview") return "staging";
+      if (vercelEnv === "production") return "production";
+      return "production";
+    }
+    return "development";
+  }
+  if (typeof window !== "undefined" && window.location) {
+    const host = window.location.hostname;
+    if (host === "localhost" || host === "127.0.0.1" || host === "::1") {
+      return "development";
+    }
+    if (host.includes("-staging.brokr.sh") || host.includes(".preview.brokr.sh")) {
+      return "staging";
+    }
+    if (host.endsWith(".brokr.sh") || host === "brokr.sh") {
+      return "production";
+    }
+    return "production";
+  }
+  return "production";
+}
+
+// src/dev-console.ts
+var BrokrDevConsole = class _BrokrDevConsole {
+  static {
+    this.installed = false;
+  }
+  static {
+    this.env = "production";
+  }
+  static install() {
+    if (_BrokrDevConsole.installed) return;
+    const env = detectEnv();
+    if (env === "production") return;
+    _BrokrDevConsole.installed = true;
+    _BrokrDevConsole.env = env;
+    if (typeof process !== "undefined" && process.on) {
+      process.on("unhandledRejection", (err) => {
+        if (err instanceof BrokrError) {
+          try {
+            _BrokrDevConsole.print(err);
+          } catch {
+          }
+        }
+      });
+    }
+  }
+  static print(err) {
+    if (_BrokrDevConsole.env === "staging") {
+      const hint = err.hint ?? err.message;
+      console.error(`[brokr] ${err.errorCode ?? err.code}: ${hint}`);
+      return;
+    }
+    const lines = [
+      "",
+      "\u2501".repeat(41),
+      "",
+      `  Brokr${err.component ? ` \u2014 ${err.component}` : ""}`,
+      "",
+      `  ${err.message}`
+    ];
+    if (err.fix) {
+      lines.push("", "  Fix it:");
+      for (const line of err.fix.split("\n")) lines.push(`  ${line}`);
+    }
+    if (err.docsUrl) {
+      lines.push("", `  Still broken? \u2192 ${err.docsUrl}`);
+    }
+    lines.push("", "\u2501".repeat(41), "");
+    console.error(lines.join("\n"));
+  }
+};
+
+// src/logs/capture.ts
+var DEFAULT_BATCH_SIZE = 20;
+var DEFAULT_FLUSH_INTERVAL_MS = 5e3;
+var buffer = [];
+var flushTimer = null;
+var config = null;
+var intercepted = false;
+function initCapture(opts = {}) {
+  if (config) return;
+  const token = opts.token ?? (typeof process !== "undefined" ? process.env.BROKR_TOKEN : void 0);
+  const stackId = opts.stackId ?? resolveStackId();
+  if (!token || !stackId) {
+    if (typeof process !== "undefined") {
+      console.log(`[brokr] Log capture skipped: token=${token ? "present" : "MISSING"} stackId=${stackId ?? "MISSING"}`);
+    }
+    return;
+  }
+  const apiUrl = opts.apiUrl ?? opts.gatewayUrl ?? (typeof process !== "undefined" ? process.env.BROKR_GATEWAY_URL : void 0) ?? "https://api.brokr.sh";
+  config = {
+    token,
+    stackId,
+    apiUrl: apiUrl.replace(/\/+$/, ""),
+    batchSize: opts.batchSize ?? DEFAULT_BATCH_SIZE,
+    flushIntervalMs: opts.flushIntervalMs ?? DEFAULT_FLUSH_INTERVAL_MS
+  };
+  if (typeof process !== "undefined") {
+    console.log(`[brokr] Log capture initialized \u2192 ${apiUrl}/v1/logs/ingest (stack: ${stackId.slice(0, 8)}...)`);
+  }
+  if (flushTimer) clearInterval(flushTimer);
+  flushTimer = setInterval(() => flush(), config.flushIntervalMs);
+  if (typeof process !== "undefined" && process.on) {
+    process.on("beforeExit", () => flush());
+  }
+  if (typeof process !== "undefined" && !intercepted) {
+    intercepted = true;
+    const origError = console.error;
+    const origWarn = console.warn;
+    console.error = (...args) => {
+      origError.apply(console, args);
+      try {
+        const msg = args.map((a) => typeof a === "string" ? a : JSON.stringify(a)).join(" ");
+        if (!msg.startsWith("[brokr]")) capture("error", msg, "console.error");
+      } catch {
       }
     };
-    BrokrNetworkError = class extends BrokrError {
-      constructor(message, capability) {
-        super(message, "NETWORK_ERROR", capability, true);
-        this.name = "BrokrNetworkError";
+    console.warn = (...args) => {
+      origWarn.apply(console, args);
+      try {
+        const msg = args.map((a) => typeof a === "string" ? a : JSON.stringify(a)).join(" ");
+        if (!msg.startsWith("[brokr]")) capture("warn", msg, "console.warn");
+      } catch {
       }
     };
-    models = {
-      /** Cheapest and fastest model (Deepseek Chat). */
-      FAST: "deepseek-chat",
-      /** Most capable model. */
-      SMART: "claude-sonnet-4-20250514",
-      /** Default balanced model (Deepseek Chat). */
-      BALANCED: "deepseek-chat"
-    };
-    BrokrAIClient = class {
-      constructor(_token, _gatewayUrl) {
-        this._token = _token;
-        this._gatewayUrl = _gatewayUrl;
-      }
-      /**
-       * Send a chat completion request.
-       *
-       * @example
-       * ```typescript
-       * const reply = await brokr.ai.chat([
-       *   { role: 'user', content: 'Explain quantum computing in one sentence.' }
-       * ]);
-       * console.log(reply.content);
-       * ```
-       */
-      async chat(messages, options) {
-        assertToken(this._token, "ai");
-        const data = await gatewayFetch(this._gatewayUrl, this._token, "/v1/chat/completions", {
+  }
+}
+function capture(level, message, source, stackTrace) {
+  if (!config) return;
+  buffer.push({
+    level,
+    message: message.slice(0, 1e4),
+    source: source ?? "app",
+    stackTrace: stackTrace?.slice(0, 5e4),
+    timestamp: (/* @__PURE__ */ new Date()).toISOString()
+  });
+  if (buffer.length >= (config.batchSize ?? DEFAULT_BATCH_SIZE)) {
+    flush();
+  }
+}
+function flush() {
+  if (!config || buffer.length === 0) return;
+  const entries = buffer.splice(0);
+  const { token, stackId, apiUrl } = config;
+  fetch(`${apiUrl}/v1/logs/ingest`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      Authorization: `Bearer ${token}`
+    },
+    body: JSON.stringify({ stackId, entries })
+  }).catch((err) => {
+    if (typeof console !== "undefined") {
+      console.warn("[brokr] Log flush failed:", err instanceof Error ? err.message : err);
+    }
+  });
+}
+function resolveStackId() {
+  if (typeof process === "undefined") return void 0;
+  if (process.env.BROKR_STACK_ID) return process.env.BROKR_STACK_ID;
+  try {
+    const fs = require("fs");
+    const path = require("path");
+    const brokrFile = path.join(process.cwd(), ".brokr");
+    if (fs.existsSync(brokrFile)) {
+      const content = fs.readFileSync(brokrFile, "utf8");
+      const match = content.match(/BROKR_STACK_ID=(.+)/);
+      if (match) return match[1].trim();
+    }
+  } catch {
+  }
+  return void 0;
+}
+
+// src/ai/client.ts
+function normalizeInput(input) {
+  if (typeof input === "string") {
+    return [{ role: "user", content: input }];
+  }
+  return input;
+}
+var BrokrAIClient = class {
+  constructor(_token, _gatewayUrl) {
+    this._token = _token;
+    this._gatewayUrl = _gatewayUrl;
+  }
+  // ---------------------------------------------------------------------------
+  // Core chat
+  // ---------------------------------------------------------------------------
+  /**
+   * Send a chat completion request.
+   * Accepts a string (auto-wrapped as user message) or a message array.
+   */
+  async chat(input, options) {
+    requireToken(this._token, "ai");
+    const messages = normalizeInput(input);
+    try {
+      const data = await gatewayFetch(this._gatewayUrl, this._token, "/v1/chat/completions", {
+        messages,
+        model: options?.model,
+        max_tokens: options?.maxTokens,
+        temperature: options?.temperature
+      }, "ai");
+      return {
+        content: data.choices?.[0]?.message?.content ?? "",
+        model: data.model ?? "",
+        usage: {
+          promptTokens: data.usage?.prompt_tokens ?? 0,
+          completionTokens: data.usage?.completion_tokens ?? 0
+        }
+      };
+    } catch (err) {
+      if (err instanceof BrokrError) err.component = "AIChat";
+      const msg = err instanceof Error ? err.message : String(err);
+      capture("error", `AI chat failed: ${msg}`, "brokr.ai.chat", err instanceof Error ? err.stack : void 0);
+      throw err;
+    }
+  }
+  /**
+   * Stream a chat completion. Yields text strings directly.
+   * Accepts a string (auto-wrapped as user message) or a message array.
+   */
+  /**
+   * Stream a chat completion. Yields text strings directly.
+   * Tries streaming first — if the gateway or provider doesn't support it,
+   * falls back to a non-streaming call and yields the full response at once.
+   */
+  async *stream(input, options) {
+    requireToken(this._token, "ai");
+    const messages = normalizeInput(input);
+    let res;
+    try {
+      res = await gatewayStream(
+        this._gatewayUrl,
+        this._token,
+        "/v1/chat/completions",
+        {
           messages,
+          stream: true,
           model: options?.model,
           max_tokens: options?.maxTokens,
           temperature: options?.temperature
-        }, "ai");
-        return {
-          content: data.choices?.[0]?.message?.content ?? "",
-          model: data.model ?? "",
-          usage: {
-            promptTokens: data.usage?.prompt_tokens ?? 0,
-            completionTokens: data.usage?.completion_tokens ?? 0
-          }
-        };
+        },
+        "ai"
+      );
+    } catch (err) {
+      if (err instanceof BrokrError) err.component = "AIStream";
+      const msg = err instanceof Error ? err.message : String(err);
+      capture("error", `AI stream failed: ${msg}`, "brokr.ai.stream", err instanceof Error ? err.stack : void 0);
+      try {
+        const fallback = await this.chat(input, options);
+        yield fallback.content;
+      } catch (fallbackErr) {
+        throw err;
+      }
+      return;
+    }
+    const ct = res.headers.get("content-type") ?? "";
+    if (!ct.includes("text/event-stream")) {
+      try {
+        const data = await res.json();
+        const content = data.choices?.[0]?.message?.content ?? "";
+        if (content) yield content;
+      } catch {
+        const fallback = await this.chat(input, options);
+        yield fallback.content;
       }
-      /**
-       * Stream a chat completion. Yields text strings directly.
-       *
-       * @example
-       * ```typescript
-       * for await (const text of brokr.ai.stream(messages)) {
-       *   process.stdout.write(text);
-       * }
-       * ```
-       */
-      async *stream(messages, options) {
-        assertToken(this._token, "ai");
-        let res;
+      return;
+    }
+    const reader = res.body.getReader();
+    const decoder = new TextDecoder();
+    let buffer2 = "";
+    while (true) {
+      const { done, value } = await reader.read();
+      if (done) break;
+      buffer2 += decoder.decode(value, { stream: true });
+      const lines = buffer2.split("\n");
+      buffer2 = lines.pop() ?? "";
+      for (const line of lines) {
+        if (!line.startsWith("data: ")) continue;
+        const payload = line.slice(6).trim();
+        if (payload === "[DONE]") return;
         try {
-          res = await fetch(`${this._gatewayUrl}/v1/chat/completions`, {
-            method: "POST",
-            headers: { "Content-Type": "application/json", Authorization: `Bearer ${this._token}` },
-            body: JSON.stringify({ messages, stream: true, model: options?.model, max_tokens: options?.maxTokens })
-          });
-        } catch (err) {
-          throw new BrokrNetworkError(
-            `[brokr] Could not reach Brokr gateway.
-${err instanceof Error ? err.message : String(err)}`,
-            "ai"
-          );
-        }
-        if (res.status === 429) {
-          const retryAfter = parseInt(res.headers.get("Retry-After") ?? "60", 10);
-          throw new BrokrRateLimitError("[brokr] AI rate limited.", retryAfter, "ai");
-        }
-        if (res.status === 401) {
-          throw new BrokrAuthError("[brokr] Invalid or expired BROKR_TOKEN.", "BROKR_TOKEN_INVALID");
-        }
-        if (!res.ok || !res.body) {
-          throw new BrokrError(`[brokr] AI stream failed (HTTP ${res.status})`, "AI_STREAM_FAILED", "ai");
-        }
-        const reader = res.body.getReader();
-        const decoder = new TextDecoder();
-        let buffer = "";
-        while (true) {
-          const { done, value } = await reader.read();
-          if (done) break;
-          buffer += decoder.decode(value, { stream: true });
-          const lines = buffer.split("\n");
-          buffer = lines.pop() ?? "";
-          for (const line of lines) {
-            if (!line.startsWith("data: ")) continue;
-            const payload = line.slice(6).trim();
-            if (payload === "[DONE]") return;
-            try {
-              const parsed = JSON.parse(payload);
-              const delta = parsed.choices?.[0]?.delta?.content ?? "";
-              if (delta) yield delta;
-            } catch {
-            }
-          }
+          const parsed = JSON.parse(payload);
+          const delta = parsed.choices?.[0]?.delta?.content ?? "";
+          if (delta) yield delta;
+        } catch {
         }
       }
-      /**
-       * OpenAI-SDK compatible base URL.
-       *
-       * @example
-       * ```typescript
-       * const openai = new OpenAI({ baseURL: brokr.ai.baseURL, apiKey: brokr.ai.apiKey });
-       * ```
-       */
-      get baseURL() {
-        return `${this._gatewayUrl}/v1`;
+    }
+  }
+  // ---------------------------------------------------------------------------
+  // Higher-level primitives
+  // ---------------------------------------------------------------------------
+  /**
+   * Extract structured data from a prompt using JSON mode.
+   * Returns a parsed object matching the provided schema shape.
+   */
+  async structured(params) {
+    requireToken(this._token, "ai");
+    const schemaStr = JSON.stringify(params.schema, null, 2);
+    const messages = [
+      {
+        role: "system",
+        content: `You are a structured data extraction assistant. Return ONLY valid JSON matching this schema:
+${schemaStr}
+Do not include any other text, markdown, or explanation.`
+      },
+      { role: "user", content: params.prompt }
+    ];
+    try {
+      const data = await gatewayFetch(this._gatewayUrl, this._token, "/v1/chat/completions", {
+        messages,
+        model: params.model,
+        temperature: params.temperature ?? 0,
+        response_format: { type: "json_object" }
+      }, "ai");
+      const raw = data.choices?.[0]?.message?.content ?? "{}";
+      try {
+        return JSON.parse(raw);
+      } catch {
+        throw new BrokrError(
+          "[brokr] AI returned invalid JSON for structured extraction.",
+          "AI_STRUCTURED_PARSE_ERROR",
+          "ai"
+        );
       }
-      /** Use as `apiKey` with the official OpenAI SDK to route through Brokr's gateway. */
-      get apiKey() {
-        assertToken(this._token, "ai");
-        return this._token;
+    } catch (err) {
+      if (err instanceof BrokrError) err.component = "AIStructured";
+      throw err;
+    }
+  }
+  /**
+   * Extract fields from unstructured text.
+   * Semantic alias for structured() — same behavior, clearer intent.
+   */
+  async extract(prompt, schema) {
+    return this.structured({ prompt, schema });
+  }
+  /**
+   * Summarize text using AI.
+   */
+  async summarize(text, options) {
+    try {
+      const lengthHint = options?.maxLength ? ` Keep it under ${options.maxLength}.` : "";
+      const response = await this.chat(
+        [
+          {
+            role: "system",
+            content: `You are a summarization assistant. Provide a concise, accurate summary of the following text.${lengthHint} Return only the summary, no preamble.`
+          },
+          { role: "user", content: text }
+        ],
+        { model: options?.model }
+      );
+      return { summary: response.content };
+    } catch (err) {
+      if (err instanceof BrokrError) err.component = "AISummarize";
+      throw err;
+    }
+  }
+  /**
+   * Classify text into one of the provided labels.
+   */
+  async classify(text, labels, options) {
+    try {
+      const labelsStr = labels.map((l) => `"${l}"`).join(", ");
+      const result = await this.structured({
+        prompt: `Classify the following text into exactly one of these labels: [${labelsStr}]
+
+Text: ${text}`,
+        schema: {
+          type: "object",
+          properties: {
+            label: { type: "string", enum: labels },
+            confidence: { type: "number", minimum: 0, maximum: 1 }
+          },
+          required: ["label", "confidence"]
+        },
+        model: options?.model,
+        temperature: 0
+      });
+      return result;
+    } catch (err) {
+      if (err instanceof BrokrError) err.component = "AIClassify";
+      throw err;
+    }
+  }
+  /**
+   * Generate an embedding vector for the given text.
+   */
+  async embed(text) {
+    requireToken(this._token, "ai");
+    try {
+      const data = await gatewayFetch(this._gatewayUrl, this._token, "/v1/embeddings", {
+        input: text,
+        model: "text-embedding-3-small"
+      }, "ai");
+      return {
+        vector: data.data?.[0]?.embedding ?? []
+      };
+    } catch (err) {
+      if (err instanceof BrokrError) err.component = "AIEmbed";
+      throw err;
+    }
+  }
+  /**
+   * Generate an image from a text prompt.
+   */
+  async image(prompt, options) {
+    requireToken(this._token, "ai");
+    try {
+      const data = await gatewayFetch(this._gatewayUrl, this._token, "/v1/images/generate", {
+        prompt,
+        size: options?.size ?? "1024x1024",
+        n: options?.n ?? 1,
+        model: options?.model
+      }, "ai");
+      const url = data.data?.[0]?.url;
+      if (!url) {
+        throw new BrokrError("[brokr] Image generation returned no URL.", "AI_IMAGE_FAILED", "ai");
       }
-    };
-    BrokrStorageClient = class {
-      constructor(_token, _gatewayUrl) {
-        this._token = _token;
-        this._gatewayUrl = _gatewayUrl;
+      return { url };
+    } catch (err) {
+      if (err instanceof BrokrError) err.component = "AIImage";
+      throw err;
+    }
+  }
+  // ---------------------------------------------------------------------------
+  // OpenAI-SDK compatibility
+  // ---------------------------------------------------------------------------
+  /** OpenAI-SDK compatible base URL. */
+  get baseURL() {
+    return `${this._gatewayUrl}/v1`;
+  }
+  /** Use as `apiKey` with the official OpenAI SDK to route through Brokr's gateway. */
+  get apiKey() {
+    requireToken(this._token, "ai");
+    return this._token;
+  }
+};
+
+// src/storage/client.ts
+var MULTIPART_THRESHOLD = 100 * 1024 * 1024;
+var DEFAULT_PART_SIZE = 100 * 1024 * 1024;
+var PART_UPLOAD_RETRIES = 3;
+var BrokrStorageClient = class {
+  constructor(_token, _gatewayUrl) {
+    this._token = _token;
+    this._gatewayUrl = _gatewayUrl;
+  }
+  async upload(paramsOrData, filename, contentTypeArg) {
+    try {
+      let data;
+      let filePath;
+      let contentType;
+      if (typeof paramsOrData === "object" && paramsOrData !== null && "file" in paramsOrData) {
+        data = paramsOrData.file;
+        filePath = paramsOrData.path ?? `upload-${Date.now()}`;
+        contentType = paramsOrData.contentType ?? "application/octet-stream";
+      } else {
+        data = paramsOrData;
+        filePath = filename ?? `upload-${Date.now()}`;
+        contentType = contentTypeArg ?? "application/octet-stream";
       }
-      /**
-       * Get a presigned upload URL for browser-direct or streaming uploads.
-       *
-       * @example
-       * ```typescript
-       * const { url, key } = await brokr.storage.getUploadUrl('avatar.png', 'image/png');
-       * await fetch(url, { method: 'PUT', body: file });
-       * ```
-       */
-      async getUploadUrl(filename, contentType = "application/octet-stream") {
-        assertToken(this._token, "storage");
-        return gatewayFetch(
-          this._gatewayUrl,
-          this._token,
-          "/v1/storage/sign-upload",
-          { filename, contentType },
-          "storage"
-        );
+      const size = getUploadSize(data);
+      if (size !== void 0 && size > MULTIPART_THRESHOLD) {
+        return await this._uploadMultipart(data, filePath, contentType, size);
       }
-      /**
-       * Upload data to R2. Returns the stable object key.
-       *
-       * @example
-       * ```typescript
-       * const { key } = await brokr.storage.upload(fileBuffer, 'photo.jpg', 'image/jpeg');
-       * ```
-       */
-      async upload(data, filename, contentType = "application/octet-stream") {
-        const { url, key } = await this.getUploadUrl(filename, contentType);
-        const putRes = await fetch(url, {
-          method: "PUT",
-          headers: { "Content-Type": contentType },
-          body: data
-        });
-        if (!putRes.ok) {
-          throw new BrokrError(`[brokr] Upload failed (HTTP ${putRes.status})`, "STORAGE_UPLOAD_FAILED", "storage");
-        }
-        return { key };
+      const { url, key } = await this.signUpload({ fileName: filePath, contentType });
+      const uploadHeaders = { "Content-Type": contentType };
+      if (typeof window === "undefined") {
+        const origin = process.env.BETTER_AUTH_URL ?? process.env.NEXT_PUBLIC_APP_URL ?? process.env.APP_URL ?? process.env.BROKR_AUTH_URL ?? (process.env.VERCEL_URL ? `https://${process.env.VERCEL_URL}` : void 0) ?? "http://localhost:3000";
+        uploadHeaders.Origin = origin;
       }
-      /**
-       * Get a presigned download URL for a stored object.
-       *
-       * @example
-       * ```typescript
-       * const { url } = await brokr.storage.url('photos/avatar.jpg');
-       * // use url in <img src={url} /> or redirect
-       * ```
-       */
-      async url(key, options) {
-        assertToken(this._token, "storage");
-        return gatewayFetch(
-          this._gatewayUrl,
-          this._token,
-          "/v1/storage/sign-download",
-          { key, expiresIn: options?.expiresIn },
+      const putRes = await fetch(url, {
+        method: "PUT",
+        headers: uploadHeaders,
+        body: data
+      });
+      if (!putRes.ok) {
+        throw new BrokrError(
+          `[brokr] Upload failed (HTTP ${putRes.status})`,
+          "STORAGE_UPLOAD_FAILED",
           "storage"
         );
       }
-      /** @deprecated Use `url()` instead. */
-      async getUrl(key, options) {
-        return this.url(key, options);
+      const gatewayBase = this._gatewayUrl.replace(/\/+$/, "");
+      const permanentUrl = `${gatewayBase}/v1/storage/file/${encodeURI(key)}`;
+      return {
+        key,
+        url: permanentUrl,
+        name: filePath,
+        size,
+        type: contentType
+      };
+    } catch (err) {
+      if (err instanceof BrokrError) err.component = "Storage";
+      throw err;
+    }
+  }
+  /**
+   * Get a presigned download URL for a stored object.
+   */
+  async signedUrl(key, options) {
+    requireToken(this._token, "storage");
+    try {
+      return await gatewayFetch(
+        this._gatewayUrl,
+        this._token,
+        "/v1/storage/sign-download",
+        { key, expiresIn: options?.expiresIn },
+        "storage"
+      );
+    } catch (err) {
+      if (err instanceof BrokrError) err.component = "Storage";
+      throw err;
+    }
+  }
+  /** Low-level escape hatch. Most apps should call upload() instead. */
+  async signUpload(params) {
+    requireToken(this._token, "storage");
+    try {
+      return await gatewayFetch(
+        this._gatewayUrl,
+        this._token,
+        "/v1/storage/sign-upload",
+        { filename: params.fileName, contentType: params.contentType ?? "application/octet-stream" },
+        "storage"
+      );
+    } catch (err) {
+      if (err instanceof BrokrError) err.component = "Storage";
+      throw err;
+    }
+  }
+  // ---------------------------------------------------------------------------
+  // Multipart upload — handles files > 100MB, up to 20GB
+  // ---------------------------------------------------------------------------
+  /**
+   * Initiate a multipart upload via the gateway.
+   */
+  async _initiateMultipart(params) {
+    requireToken(this._token, "storage");
+    return gatewayFetch(
+      this._gatewayUrl,
+      this._token,
+      "/v1/storage/multipart/initiate",
+      {
+        filename: params.fileName,
+        contentType: params.contentType,
+        totalSize: params.totalSize,
+        partCount: params.partCount
+      },
+      "storage"
+    );
+  }
+  /**
+   * Get a presigned URL for uploading a single part.
+   */
+  async _signPartUpload(params) {
+    requireToken(this._token, "storage");
+    return gatewayFetch(
+      this._gatewayUrl,
+      this._token,
+      "/v1/storage/multipart/sign-part",
+      params,
+      "storage"
+    );
+  }
+  /**
+   * Complete a multipart upload with part ETags.
+   */
+  async _completeMultipart(params) {
+    requireToken(this._token, "storage");
+    return gatewayFetch(
+      this._gatewayUrl,
+      this._token,
+      "/v1/storage/multipart/complete",
+      params,
+      "storage"
+    );
+  }
+  /**
+   * Abort a multipart upload, cleaning up uploaded parts.
+   */
+  async _abortMultipart(params) {
+    requireToken(this._token, "storage");
+    await gatewayFetch(
+      this._gatewayUrl,
+      this._token,
+      "/v1/storage/multipart/abort",
+      params,
+      "storage"
+    );
+  }
+  /**
+   * Upload a large file using multipart upload.
+   * Splits the file into parts, uploads each with retry, then completes.
+   */
+  async _uploadMultipart(data, filePath, contentType, totalSize) {
+    const bytes = await toUint8Array(data);
+    const partSize = Math.max(DEFAULT_PART_SIZE, Math.ceil(totalSize / MAX_PARTS_PER_UPLOAD));
+    const partCount = Math.ceil(totalSize / partSize);
+    const { uploadId, key } = await this._initiateMultipart({
+      fileName: filePath,
+      contentType,
+      totalSize,
+      partCount
+    });
+    try {
+      const completedParts = [];
+      for (let i = 0; i < partCount; i++) {
+        const partNumber = i + 1;
+        const start = i * partSize;
+        const end = Math.min(start + partSize, totalSize);
+        const partData = bytes.slice(start, end);
+        const { url } = await this._signPartUpload({ key, uploadId, partNumber });
+        let lastError;
+        for (let attempt = 0; attempt < PART_UPLOAD_RETRIES; attempt++) {
+          try {
+            const putRes = await fetch(url, {
+              method: "PUT",
+              body: partData
+            });
+            if (!putRes.ok) {
+              throw new Error(`Part ${partNumber} upload failed (HTTP ${putRes.status})`);
+            }
+            const etag = putRes.headers.get("ETag");
+            if (!etag) {
+              throw new Error(`Part ${partNumber} upload returned no ETag`);
+            }
+            completedParts.push({ partNumber, etag });
+            lastError = void 0;
+            break;
+          } catch (err) {
+            lastError = err instanceof Error ? err : new Error(String(err));
+          }
+        }
+        if (lastError) {
+          throw new BrokrError(
+            `[brokr] Multipart upload failed at part ${partNumber} after ${PART_UPLOAD_RETRIES} retries: ${lastError.message}`,
+            "STORAGE_UPLOAD_FAILED",
+            "storage"
+          );
+        }
       }
-    };
-    BrokrEmailClient = class {
-      constructor(_token, _gatewayUrl) {
-        this._token = _token;
-        this._gatewayUrl = _gatewayUrl;
+      completedParts.sort((a, b) => a.partNumber - b.partNumber);
+      await this._completeMultipart({ key, uploadId, parts: completedParts });
+      const gatewayBase = this._gatewayUrl.replace(/\/+$/, "");
+      const permanentUrl = `${gatewayBase}/v1/storage/file/${encodeURI(key)}`;
+      return {
+        key,
+        url: permanentUrl,
+        name: filePath,
+        size: totalSize,
+        type: contentType
+      };
+    } catch (err) {
+      try {
+        await this._abortMultipart({ key, uploadId });
+      } catch {
       }
-      /**
-       * Send an email. The from address and API credentials are resolved server-side.
-       *
-       * @example
-       * ```typescript
-       * await brokr.email.send({
-       *   to: 'user@example.com',
-       *   subject: 'Welcome!',
-       *   html: '<h1>Welcome to the app</h1>',
-       * });
-       * ```
-       */
-      async send(params) {
-        assertToken(this._token, "email");
-        return gatewayFetch(
-          this._gatewayUrl,
-          this._token,
-          "/v1/email/send",
-          params,
+      throw err;
+    }
+  }
+  /**
+   * List objects by prefix with pagination.
+   */
+  async list(params) {
+    requireToken(this._token, "storage");
+    try {
+      return await gatewayFetch(
+        this._gatewayUrl,
+        this._token,
+        "/v1/storage/list",
+        {
+          prefix: params?.prefix,
+          maxKeys: params?.maxKeys,
+          cursor: params?.cursor
+        },
+        "storage"
+      );
+    } catch (err) {
+      if (err instanceof BrokrError) err.component = "Storage";
+      throw err;
+    }
+  }
+  /**
+   * Delete an object by key.
+   */
+  async delete(key) {
+    requireToken(this._token, "storage");
+    try {
+      await gatewayFetch(
+        this._gatewayUrl,
+        this._token,
+        "/v1/storage/delete",
+        { key },
+        "storage"
+      );
+    } catch (err) {
+      if (err instanceof BrokrError) err.component = "Storage";
+      throw err;
+    }
+  }
+  /**
+   * Copy an object from one key to another.
+   */
+  async copy(from, to) {
+    requireToken(this._token, "storage");
+    try {
+      return await gatewayFetch(
+        this._gatewayUrl,
+        this._token,
+        "/v1/storage/copy",
+        { from, to },
+        "storage"
+      );
+    } catch (err) {
+      if (err instanceof BrokrError) err.component = "Storage";
+      throw err;
+    }
+  }
+  /**
+   * Move an object (copy then delete source).
+   */
+  async move(from, to) {
+    try {
+      const copied = await this.copy(from, to);
+      await this.delete(from);
+      return copied;
+    } catch (err) {
+      if (err instanceof BrokrError) err.component = "Storage";
+      throw err;
+    }
+  }
+  /**
+   * Check if an object exists.
+   */
+  /**
+   * Check if an object exists.
+   *
+   * Returns `false` on any error (not-found, rate-limit, network).
+   * This preserves backwards compatibility — `if (await brokr.storage.exists(key))`
+   * must never throw in user code that doesn't wrap it in try-catch.
+   *
+   * If you need to distinguish "doesn't exist" from "couldn't check",
+   * use `metadata()` instead and catch the error.
+   */
+  async exists(key) {
+    requireToken(this._token, "storage");
+    try {
+      const result = await gatewayFetch(
+        this._gatewayUrl,
+        this._token,
+        "/v1/storage/exists",
+        { key },
+        "storage"
+      );
+      return result.exists;
+    } catch (err) {
+      if (err instanceof BrokrError) err.component = "Storage";
+      return false;
+    }
+  }
+  /**
+   * Get file metadata without downloading the file.
+   */
+  async metadata(key) {
+    requireToken(this._token, "storage");
+    try {
+      return await gatewayFetch(
+        this._gatewayUrl,
+        this._token,
+        "/v1/storage/metadata",
+        { key },
+        "storage"
+      );
+    } catch (err) {
+      if (err instanceof BrokrError) err.component = "Storage";
+      throw err;
+    }
+  }
+  // ---------------------------------------------------------------------------
+  // Deprecated aliases (backward compat)
+  // ---------------------------------------------------------------------------
+  /** @deprecated Use signedUrl() instead. */
+  async url(key, options) {
+    return this.signedUrl(key, options);
+  }
+  /** @deprecated Use signedUrl() instead. */
+  async getUrl(key, options) {
+    return this.signedUrl(key, options);
+  }
+  /** @deprecated Use signUpload() instead. */
+  async getUploadUrl(filename, contentType) {
+    return this.signUpload({ fileName: filename, contentType });
+  }
+};
+var MAX_PARTS_PER_UPLOAD = 1e4;
+async function toUint8Array(data) {
+  if (data instanceof Uint8Array) return data;
+  if (typeof data === "string") return new TextEncoder().encode(data);
+  if (typeof Blob !== "undefined" && data instanceof Blob) {
+    return new Uint8Array(await data.arrayBuffer());
+  }
+  throw new Error("Unsupported data type for multipart upload");
+}
+function getUploadSize(data) {
+  if (typeof data === "string") {
+    return new TextEncoder().encode(data).length;
+  }
+  if (data instanceof Uint8Array) {
+    return data.byteLength;
+  }
+  if (typeof Blob !== "undefined" && data instanceof Blob) {
+    return data.size;
+  }
+  return void 0;
+}
+
+// src/email/templates.ts
+function interpolate(template, vars) {
+  return template.replace(/\{\{(\w+)\}\}/g, (_, key) => vars[key] ?? "");
+}
+function wrapHtml(body) {
+  return `<!DOCTYPE html>
+<html>
+<head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1"></head>
+<body style="margin:0;padding:0;background:#f5f5f5;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;">
+  <div style="max-width:560px;margin:40px auto;background:#ffffff;border-radius:8px;border:1px solid #e5e5e5;overflow:hidden;">
+    ${body}
+  </div>
+  <div style="text-align:center;padding:20px;color:#999;font-size:12px;">
+    Sent via Brokr
+  </div>
+</body>
+</html>`;
+}
+function section(content) {
+  return `<div style="padding:32px 40px;">${content}</div>`;
+}
+function button(text, urlVar) {
+  return `<a href="{{${urlVar}}}" style="display:inline-block;padding:12px 24px;background:#000;color:#fff;text-decoration:none;border-radius:6px;font-weight:600;font-size:14px;">${text}</a>`;
+}
+var welcomeTemplate = {
+  name: "welcome",
+  subject: "Welcome to {{appName}}",
+  html: (vars) => interpolate(wrapHtml(section(`
+    <h1 style="margin:0 0 16px;font-size:24px;color:#111;">Welcome to {{appName}}</h1>
+    <p style="margin:0 0 24px;color:#555;font-size:15px;line-height:1.6;">
+      Your account is ready. You can start using {{appName}} right away.
+    </p>
+    ${button("Get Started", "actionUrl")}
+  `)), vars)
+};
+var magicLinkTemplate = {
+  name: "magicLink",
+  subject: "Your sign-in link",
+  html: (vars) => interpolate(wrapHtml(section(`
+    <h1 style="margin:0 0 16px;font-size:24px;color:#111;">Sign in to {{appName}}</h1>
+    <p style="margin:0 0 24px;color:#555;font-size:15px;line-height:1.6;">
+      Click the button below to sign in. This link expires in 10 minutes.
+    </p>
+    ${button("Sign In", "magicLinkUrl")}
+    <p style="margin:24px 0 0;color:#999;font-size:13px;">
+      If you didn't request this, you can safely ignore this email.
+    </p>
+  `)), vars)
+};
+var passwordResetTemplate = {
+  name: "passwordReset",
+  subject: "Reset your password",
+  html: (vars) => interpolate(wrapHtml(section(`
+    <h1 style="margin:0 0 16px;font-size:24px;color:#111;">Reset your password</h1>
+    <p style="margin:0 0 24px;color:#555;font-size:15px;line-height:1.6;">
+      We received a request to reset your password for {{appName}}.
+      Click the button below to choose a new password.
+    </p>
+    ${button("Reset Password", "resetUrl")}
+    <p style="margin:24px 0 0;color:#999;font-size:13px;">
+      This link expires in 1 hour. If you didn't request this, ignore this email.
+    </p>
+  `)), vars)
+};
+var invoiceTemplate = {
+  name: "invoice",
+  subject: "Invoice #{{invoiceNumber}}",
+  html: (vars) => interpolate(wrapHtml(section(`
+    <h1 style="margin:0 0 16px;font-size:24px;color:#111;">Invoice #{{invoiceNumber}}</h1>
+    <p style="margin:0 0 8px;color:#555;font-size:15px;line-height:1.6;">
+      Amount: <strong>{{amount}}</strong>
+    </p>
+    <p style="margin:0 0 24px;color:#555;font-size:15px;line-height:1.6;">
+      {{description}}
+    </p>
+    ${button("View Invoice", "invoiceUrl")}
+  `)), vars)
+};
+var notificationTemplate = {
+  name: "notification",
+  subject: "{{title}}",
+  html: (vars) => interpolate(wrapHtml(section(`
+    <h1 style="margin:0 0 16px;font-size:24px;color:#111;">{{title}}</h1>
+    <p style="margin:0 0 24px;color:#555;font-size:15px;line-height:1.6;">
+      {{body}}
+    </p>
+  `)), vars)
+};
+var builtinTemplates = {
+  welcome: welcomeTemplate,
+  magicLink: magicLinkTemplate,
+  passwordReset: passwordResetTemplate,
+  invoice: invoiceTemplate,
+  notification: notificationTemplate
+};
+
+// src/email/client.ts
+function interpolate2(template, vars) {
+  return template.replace(/\{\{(\w+)\}\}/g, (_, key) => vars[key] ?? "");
+}
+var BrokrEmailClient = class {
+  constructor(_token, _gatewayUrl) {
+    this._token = _token;
+    this._gatewayUrl = _gatewayUrl;
+  }
+  /**
+   * Send an email. The from address and API credentials are resolved server-side.
+   */
+  async send(params) {
+    requireToken(this._token, "email");
+    try {
+      return await gatewayFetch(
+        this._gatewayUrl,
+        this._token,
+        "/v1/email/send",
+        params,
+        "email"
+      );
+    } catch (err) {
+      if (err instanceof BrokrError) err.component = "Email";
+      throw err;
+    }
+  }
+  /**
+   * Send an email using a built-in template.
+   *
+   * @example
+   * ```typescript
+   * await brokr.email.sendTemplate({
+   *   template: 'welcome',
+   *   to: 'user@example.com',
+   *   variables: { appName: 'MyApp', actionUrl: 'https://myapp.com/dashboard' },
+   * });
+   * ```
+   */
+  async sendTemplate(params) {
+    try {
+      const template = builtinTemplates[params.template];
+      if (!template) {
+        throw new BrokrError(
+          `[brokr] Unknown email template "${params.template}". Available: ${Object.keys(builtinTemplates).join(", ")}`,
+          "EMAIL_TEMPLATE_NOT_FOUND",
           "email"
         );
       }
+      const subject = interpolate2(template.subject, params.variables);
+      const html = template.html(params.variables);
+      return await this.send({
+        to: params.to,
+        subject,
+        html,
+        from: params.from
+      });
+    } catch (err) {
+      if (err instanceof BrokrError) err.component = "Email";
+      throw err;
+    }
+  }
+};
+
+// src/files/client.ts
+var BrokrFilesClient = class {
+  constructor(_token, _gatewayUrl, _storage) {
+    this._token = _token;
+    this._gatewayUrl = _gatewayUrl;
+    this._storage = _storage;
+  }
+  /**
+   * Upload a file and trigger server-side AI processing.
+   * Returns the storage key plus any extracted description/text.
+   */
+  async process(params) {
+    requireToken(this._token, "files");
+    const uploaded = await this._storage.upload({
+      file: params.file,
+      path: params.fileName,
+      contentType: params.purpose === "text-extraction" ? "application/pdf" : void 0
+    });
+    const result = await gatewayFetch(
+      this._gatewayUrl,
+      this._token,
+      "/v1/files/process",
+      { key: uploaded.key, purpose: params.purpose ?? "general" },
+      "files"
+    );
+    return {
+      key: uploaded.key,
+      description: result.description,
+      text: result.text
     };
-    BrokrRuntime = class {
-      constructor(options) {
-        this._token = options?.token ?? resolveToken();
-        this._gatewayUrl = options?.gatewayUrl ?? GATEWAY_URL;
-        this.ai = new BrokrAIClient(this._token, this._gatewayUrl);
-        this.storage = new BrokrStorageClient(this._token, this._gatewayUrl);
-        this.email = new BrokrEmailClient(this._token, this._gatewayUrl);
-      }
-      /** Auth client — lazily initialized to avoid pulling in auth deps when not needed. */
-      get auth() {
-        if (!this._auth) {
-          const { BrokrAuthClient: BrokrAuthClient2 } = (init_auth(), __toCommonJS(auth_exports));
-          this._auth = new BrokrAuthClient2(this._token, this._gatewayUrl);
-        }
-        return this._auth;
-      }
+  }
+  /**
+   * Get an AI-generated description of an already-uploaded file.
+   */
+  async describe(key) {
+    requireToken(this._token, "files");
+    return gatewayFetch(
+      this._gatewayUrl,
+      this._token,
+      "/v1/files/describe",
+      { key },
+      "files"
+    );
+  }
+  /**
+   * Extract text from a PDF or image (OCR).
+   */
+  async getText(key) {
+    requireToken(this._token, "files");
+    return gatewayFetch(
+      this._gatewayUrl,
+      this._token,
+      "/v1/files/text",
+      { key },
+      "files"
+    );
+  }
+};
+
+// src/payments/client.ts
+var BrokrPaymentsClient = class {
+  constructor(_token, _gatewayUrl) {
+    this._token = _token;
+    this._gatewayUrl = _gatewayUrl;
+  }
+  /**
+   * Create a Stripe Checkout session for a plan.
+   * Returns a URL to redirect the end user to.
+   *
+   * @example
+   * ```ts
+   * const user = await brokr.auth.requireUser(request.headers);
+   * const { checkoutUrl } = await brokr.payments.checkout({
+   *   plan: 'pro',
+   *   userId: user.id,
+   * });
+   * // Redirect user to checkoutUrl
+   * ```
+   */
+  /**
+   * Create a Stripe Checkout session for a plan.
+   *
+   * @param params.plan - Plan slug (e.g. 'pro')
+   * @param params.userId - End user's ID from your auth system
+   * @param params.returnUrl - Where to redirect after checkout. Defaults to your stack's URL.
+   *   Pass explicitly for localhost or non-Brokr deployments.
+   */
+  async checkout(params) {
+    requireToken(this._token, "payments");
+    try {
+      return await gatewayFetch(
+        this._gatewayUrl,
+        this._token,
+        "/v1/payments/checkout",
+        { planSlug: params.plan, appUserId: params.userId, returnUrl: params.returnUrl },
+        "payments"
+      );
+    } catch (err) {
+      if (err instanceof BrokrError) err.component = "Payments";
+      throw err;
+    }
+  }
+  /**
+   * Create a Stripe Customer Portal session.
+   * Returns a URL where the end user can manage their subscription.
+   */
+  /**
+   * Create a Stripe Customer Portal session.
+   *
+   * @param params.userId - End user's ID
+   * @param params.returnUrl - Where to redirect when they're done. Defaults to your stack's URL.
+   */
+  async portal(params) {
+    requireToken(this._token, "payments");
+    try {
+      return await gatewayFetch(
+        this._gatewayUrl,
+        this._token,
+        "/v1/payments/portal",
+        { appUserId: params.userId, returnUrl: params.returnUrl },
+        "payments"
+      );
+    } catch (err) {
+      if (err instanceof BrokrError) err.component = "Payments";
+      throw err;
+    }
+  }
+  /**
+   * Get the end user's current plan.
+   * Returns null if the user has no subscription.
+   */
+  async currentPlan(params) {
+    requireToken(this._token, "payments");
+    try {
+      return await gatewayFetch(
+        this._gatewayUrl,
+        this._token,
+        "/v1/payments/plan",
+        { appUserId: params.userId },
+        "payments"
+      );
+    } catch (err) {
+      if (err instanceof BrokrError) err.component = "Payments";
+      throw err;
+    }
+  }
+};
+
+// src/payments/entitlements.ts
+var BrokrEntitlementsClient = class {
+  constructor(_token, _gatewayUrl) {
+    this._token = _token;
+    this._gatewayUrl = _gatewayUrl;
+  }
+  /**
+   * Check if an end user is entitled to a feature.
+   * Returns true/false without throwing.
+   *
+   * @example
+   * ```ts
+   * const user = await brokr.auth.requireUser(request.headers);
+   * const canChat = await brokr.entitlements.check({ feature: 'ai.chat', userId: user.id });
+   * ```
+   */
+  async check(params) {
+    requireToken(this._token, "payments");
+    const result = await gatewayFetch(
+      this._gatewayUrl,
+      this._token,
+      "/v1/payments/entitlements/check",
+      { feature: params.feature, appUserId: params.userId },
+      "payments"
+    );
+    return result.allowed;
+  }
+  /**
+   * Require that an end user is entitled to a feature.
+   * Throws BrokrError if not entitled.
+   */
+  async require(params) {
+    const allowed = await this.check(params);
+    if (!allowed) {
+      throw new BrokrError(
+        `[brokr] Feature "${params.feature}" is not available on the user's current plan. Upgrade at the billing portal.`,
+        "ENTITLEMENT_DENIED",
+        "payments"
+      );
+    }
+  }
+  /**
+   * Get usage stats for a metered feature.
+   * This is a READ — does NOT increment the counter.
+   * Use `increment()` to record usage.
+   */
+  async usage(params) {
+    requireToken(this._token, "payments");
+    return gatewayFetch(
+      this._gatewayUrl,
+      this._token,
+      "/v1/payments/entitlements/usage",
+      { feature: params.feature, appUserId: params.userId },
+      "payments"
+    );
+  }
+  /**
+   * Record a usage event for a metered feature.
+   * This is a WRITE — increments the counter.
+   */
+  async increment(params) {
+    requireToken(this._token, "payments");
+    await gatewayFetch(
+      this._gatewayUrl,
+      this._token,
+      "/v1/payments/entitlements/increment",
+      { feature: params.feature, appUserId: params.userId, amount: params.amount ?? 1 },
+      "payments"
+    );
+  }
+};
+
+// src/notifications/client.ts
+var BrokrNotificationsClient = class {
+  constructor(token, gatewayUrl) {
+    this.token = token;
+    this.gatewayUrl = gatewayUrl;
+  }
+  /**
+   * Send a notification to a user. Delivered via WebSocket in real-time
+   * and persisted in the notification history.
+   */
+  async send(params) {
+    requireToken(this.token, "notifications");
+    try {
+      return await gatewayFetch(
+        this.gatewayUrl,
+        this.token,
+        "/v1/notifications/push",
+        params,
+        "notifications"
+      );
+    } catch (err) {
+      if (err instanceof BrokrError) err.component = "Notifications";
+      throw err;
+    }
+  }
+  /**
+   * Fetch notification history for a user. Reads from the DO's SQLite
+   * storage via a gateway REST endpoint.
+   */
+  async list(params) {
+    requireToken(this.token, "notifications");
+    try {
+      return await gatewayFetch(
+        this.gatewayUrl,
+        this.token,
+        "/v1/notifications/list",
+        params,
+        "notifications"
+      );
+    } catch (err) {
+      if (err instanceof BrokrError) err.component = "Notifications";
+      throw err;
+    }
+  }
+};
+
+// src/auth.ts
+function resolveAppUrl(appUrl) {
+  if (appUrl) return appUrl;
+  throw new BrokrError(
+    "[brokr] BROKR_AUTH_URL is not set. Auth may not be provisioned.",
+    "AUTH_NOT_CONFIGURED",
+    "auth"
+  );
+}
+function mapSessionUser(raw) {
+  return {
+    id: raw.id,
+    email: raw.email,
+    name: raw.name ?? null,
+    image: raw.image ?? null,
+    emailVerified: raw.emailVerified ? /* @__PURE__ */ new Date() : null
+  };
+}
+function pluralizeResource(resource) {
+  if (resource.endsWith("s")) return resource;
+  if (resource.endsWith("y") && !/[aeiou]y$/i.test(resource)) return resource.slice(0, -1) + "ies";
+  return resource + "s";
+}
+function validateSqlIdentifier(name, label) {
+  if (!/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(name)) {
+    throw new BrokrError(
+      `[brokr] Invalid ${label}: "${name}". Must be alphanumeric with underscores only.`,
+      "INVALID_IDENTIFIER",
+      "auth"
+    );
+  }
+}
+var _ownershipPool = null;
+async function getOwnershipPool(dbUrl) {
+  let Pool;
+  try {
+    const mod = await import("@neondatabase/serverless");
+    Pool = mod.Pool;
+  } catch {
+    throw new BrokrError(
+      "[brokr] @neondatabase/serverless is required for ownership checks. Run: npm install @neondatabase/serverless",
+      "MISSING_DEPENDENCY",
+      "auth"
+    );
+  }
+  if (_ownershipPool && _ownershipPool.dbUrl === dbUrl) {
+    return _ownershipPool.pool;
+  }
+  const pool = new Pool({ connectionString: dbUrl, max: 3 });
+  _ownershipPool = { pool, dbUrl };
+  return pool;
+}
+async function authApiFetch(appUrl, path, options) {
+  const headers = { "Content-Type": "application/json" };
+  if (options?.cookies) headers.cookie = options.cookies;
+  if (typeof window === "undefined") {
+    headers.Origin = process.env.BETTER_AUTH_URL ?? process.env.NEXT_PUBLIC_APP_URL ?? process.env.APP_URL ?? process.env.BROKR_AUTH_URL ?? (process.env.VERCEL_URL ? `https://${process.env.VERCEL_URL}` : void 0) ?? appUrl;
+  }
+  const res = await fetch(`${appUrl}${path}`, {
+    method: options?.method ?? "GET",
+    headers,
+    body: options?.body ? JSON.stringify(options.body) : void 0
+  });
+  if (!res.ok) {
+    const data = await res.json().catch(() => ({}));
+    throw new BrokrError(
+      data.message ?? `[brokr] Auth API call failed (HTTP ${res.status})`,
+      "AUTH_API_FAILED",
+      "auth"
+    );
+  }
+  return res.json();
+}
+var BrokrAuthClient = class {
+  constructor(_token, _gatewayUrl, appUrl) {
+    this._appUrl = appUrl ?? (typeof process !== "undefined" ? process.env.BROKR_AUTH_URL : void 0);
+  }
+  // -------------------------------------------------------------------------
+  // Identity — read user/session from incoming request
+  // -------------------------------------------------------------------------
+  /**
+   * Get user from request headers. Returns null if not authenticated.
+   * Calls the app's own Better Auth API.
+   */
+  async user(headers) {
+    const session = await this.session(headers);
+    return session?.user ?? null;
+  }
+  /**
+   * Get user from request headers. Throws 401 if not authenticated.
+   */
+  async requireUser(headers) {
+    const u = await this.user(headers);
+    if (!u) {
+      throw new BrokrError("[brokr] Authentication required. The request has no valid session. Check that cookies are being forwarded.", "UNAUTHORIZED", "auth");
+    }
+    return u;
+  }
+  /**
+   * Get full session from request headers. Returns null if not authenticated.
+   */
+  async session(headers) {
+    const appUrl = resolveAppUrl(this._appUrl);
+    const cookieHeader = headers.get("cookie") ?? "";
+    if (!cookieHeader) return null;
+    const res = await fetch(`${appUrl}/api/auth/get-session`, {
+      method: "GET",
+      headers: { cookie: cookieHeader }
+    });
+    if (!res.ok) return null;
+    const data = await res.json();
+    if (!data?.user || !data?.session) return null;
+    return {
+      user: mapSessionUser(data.user),
+      sessionId: data.session.id,
+      expiresAt: new Date(data.session.expiresAt)
     };
   }
-});
-init_runtime();
+  /**
+   * Get full session. Throws 401 if not authenticated.
+   */
+  async requireSession(headers) {
+    const s = await this.session(headers);
+    if (!s) {
+      throw new BrokrError("[brokr] Authentication required. The request has no valid session. Check that cookies are being forwarded.", "UNAUTHORIZED", "auth");
+    }
+    return s;
+  }
+  // -------------------------------------------------------------------------
+  // Legacy aliases (backward compat)
+  // -------------------------------------------------------------------------
+  /** @deprecated Use user(request.headers) instead. */
+  async currentUser(request) {
+    return this.user(request.headers);
+  }
+  /** @deprecated Use session(request.headers) instead. */
+  async getSession(request) {
+    return this.session(request.headers);
+  }
+  // -------------------------------------------------------------------------
+  // Auth actions — call Better Auth endpoints on the stack's app
+  // -------------------------------------------------------------------------
+  /**
+   * Sign in with email and password.
+   */
+  async signIn(params) {
+    const appUrl = resolveAppUrl(this._appUrl);
+    const data = await authApiFetch(appUrl, "/api/auth/sign-in/email", {
+      method: "POST",
+      body: params
+    });
+    return {
+      user: mapSessionUser(data.user),
+      sessionId: data.session.id,
+      expiresAt: new Date(data.session.expiresAt)
+    };
+  }
+  /**
+   * Sign in with OAuth provider. Returns redirect URL.
+   */
+  async signInWithProvider(provider, options) {
+    const appUrl = resolveAppUrl(this._appUrl);
+    const redirectTo = options?.redirectTo ?? "/";
+    if (!redirectTo.startsWith("/") || redirectTo.startsWith("//")) {
+      throw new BrokrError("[brokr] redirectTo must be a relative path (start with /)", "INVALID_REDIRECT", "auth");
+    }
+    if (!/^[a-z][a-z0-9_-]*$/.test(provider)) {
+      throw new BrokrError(`[brokr] Invalid provider name: "${provider}". Must be lowercase alphanumeric.`, "INVALID_PROVIDER", "auth");
+    }
+    const params = new URLSearchParams({ provider, callbackURL: redirectTo });
+    return { redirectUrl: `${appUrl}/api/auth/sign-in/social?${params}` };
+  }
+  /**
+   * Sign up with email and password.
+   */
+  async signUp(params) {
+    const appUrl = resolveAppUrl(this._appUrl);
+    const data = await authApiFetch(appUrl, "/api/auth/sign-up/email", {
+      method: "POST",
+      body: params
+    });
+    return {
+      user: mapSessionUser(data.user),
+      sessionId: data.session.id,
+      expiresAt: new Date(data.session.expiresAt)
+    };
+  }
+  /**
+   * Sign out the current user.
+   */
+  async signOut(headers) {
+    const appUrl = resolveAppUrl(this._appUrl);
+    const cookies = headers?.get("cookie") ?? "";
+    await authApiFetch(appUrl, "/api/auth/sign-out", {
+      method: "POST",
+      cookies
+    });
+  }
+  /**
+   * Send a magic link email.
+   */
+  async sendMagicLink(email, options) {
+    const appUrl = resolveAppUrl(this._appUrl);
+    await authApiFetch(appUrl, "/api/auth/magic-link/send", {
+      method: "POST",
+      body: { email, callbackURL: options?.redirectTo ?? "/" }
+    });
+  }
+  /**
+   * Send a password reset email.
+   */
+  async sendPasswordReset(params) {
+    const appUrl = resolveAppUrl(this._appUrl);
+    await authApiFetch(appUrl, "/api/auth/forget-password", {
+      method: "POST",
+      body: params
+    });
+  }
+  /**
+   * Reset password with token from email.
+   */
+  async resetPassword(params) {
+    const appUrl = resolveAppUrl(this._appUrl);
+    await authApiFetch(appUrl, "/api/auth/reset-password", {
+      method: "POST",
+      body: { token: params.token, newPassword: params.password }
+    });
+  }
+  /**
+   * Verify email with token from email.
+   */
+  async verifyEmail(params) {
+    const appUrl = resolveAppUrl(this._appUrl);
+    await authApiFetch(appUrl, "/api/auth/verify-email", {
+      method: "POST",
+      body: params
+    });
+  }
+  /**
+   * Update the current user's profile.
+   */
+  async updateUser(params, headers) {
+    const appUrl = resolveAppUrl(this._appUrl);
+    const cookies = headers?.get("cookie") ?? "";
+    await authApiFetch(appUrl, "/api/auth/update-user", {
+      method: "POST",
+      body: params,
+      cookies
+    });
+  }
+  // -------------------------------------------------------------------------
+  // Session management
+  // -------------------------------------------------------------------------
+  /** Session management sub-client. */
+  get sessions() {
+    if (!this._sessions) {
+      this._sessions = new BrokrSessionsClient(this._appUrl);
+    }
+    return this._sessions;
+  }
+  // -------------------------------------------------------------------------
+  // Ownership — queries the stack's own DB via gateway → server
+  // -------------------------------------------------------------------------
+  /**
+   * Check if the current user owns a resource. Throws 403 if not.
+   *
+   * Queries the developer's own database directly via DATABASE_URL.
+   * Convention: pluralizes resource name → table, assumes `id` PK + `user_id` owner column.
+   * Override with `opts.table` and `opts.ownerColumn` for non-standard schemas.
+   *
+   * @example
+   * ```ts
+   * await brokr.auth.requireOwner('conversation', conversationId, request.headers);
+   * // Under the hood: SELECT 1 FROM conversations WHERE id = $1 AND user_id = $2
+   * ```
+   */
+  async requireOwner(resource, id, headers, opts) {
+    const isOwner = await this.isOwner(resource, id, headers, opts);
+    if (!isOwner) {
+      throw new BrokrError(
+        `[brokr] Access denied \u2014 current user does not own this ${resource}. Verify the resource ID and that the user is the owner.`,
+        "FORBIDDEN",
+        "auth"
+      );
+    }
+  }
+  /**
+   * Check if the current user owns a resource. Returns boolean.
+   *
+   * Runs a direct query against the developer's database (DATABASE_URL).
+   * No gateway round-trip — this is a local DB operation.
+   */
+  async isOwner(resource, id, headers, opts) {
+    const user = await this.requireUser(headers);
+    const dbUrl = typeof process !== "undefined" ? process.env.DATABASE_URL : void 0;
+    if (!dbUrl) {
+      throw new BrokrError(
+        "[brokr] DATABASE_URL is not set. Cannot check ownership without a database.",
+        "DB_NOT_CONFIGURED",
+        "auth"
+      );
+    }
+    const tableName = opts?.table ?? pluralizeResource(resource);
+    const ownerCol = opts?.ownerColumn ?? "user_id";
+    validateSqlIdentifier(tableName, "table name");
+    validateSqlIdentifier(ownerCol, "owner column");
+    const pool = await getOwnershipPool(dbUrl);
+    try {
+      const result = await pool.query(
+        `SELECT 1 FROM "${tableName}" WHERE id = $1 AND "${ownerCol}" = $2 LIMIT 1`,
+        [id, user.id]
+      );
+      return (result.rowCount ?? 0) > 0;
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      console.error("[brokr] Ownership check error:", msg);
+      if (msg.includes("does not exist")) {
+        throw new BrokrError(
+          `[brokr] Table "${tableName}" does not exist. Check your resource name or provide { table: '...' }.`,
+          "TABLE_NOT_FOUND",
+          "auth"
+        );
+      }
+      throw new BrokrError(
+        "[brokr] Ownership check failed. Check your DATABASE_URL and that the database is accessible.",
+        "DB_QUERY_FAILED",
+        "auth"
+      );
+    }
+  }
+  /**
+   * Check if the current user matches a specific userId. Throws 403 if not.
+   */
+  async requireCurrentUser(userId, headers) {
+    const user = await this.requireUser(headers);
+    if (user.id !== userId) {
+      throw new BrokrError("[brokr] Access denied.", "FORBIDDEN", "auth");
+    }
+  }
+  // -------------------------------------------------------------------------
+  // Legacy alias
+  // -------------------------------------------------------------------------
+  /** @deprecated Use signInWithProvider() instead. */
+  async getOAuthUrl(provider, options) {
+    return this.signInWithProvider(provider, options);
+  }
+};
+var BrokrSessionsClient = class {
+  constructor(appUrl) {
+    this._appUrl = appUrl;
+  }
+  /**
+   * List all active sessions for the current user.
+   */
+  async list(headers) {
+    const appUrl = resolveAppUrl(this._appUrl);
+    const cookies = headers.get("cookie") ?? "";
+    const data = await authApiFetch(appUrl, "/api/auth/list-sessions", { cookies });
+    const sessionToken = parseCookieValue(cookies, "better-auth.session_token") ?? parseCookieValue(cookies, "__Secure-better-auth.session_token");
+    return data.map((s) => ({
+      id: s.id,
+      createdAt: new Date(s.createdAt),
+      expiresAt: new Date(s.expiresAt),
+      userAgent: s.userAgent,
+      ipAddress: s.ipAddress,
+      isCurrent: s.token === sessionToken
+    }));
+  }
+  /**
+   * Revoke a specific session by ID.
+   */
+  async revoke(sessionId, headers) {
+    const appUrl = resolveAppUrl(this._appUrl);
+    const cookies = headers.get("cookie") ?? "";
+    await authApiFetch(appUrl, "/api/auth/revoke-session", {
+      method: "POST",
+      body: { id: sessionId },
+      cookies
+    });
+  }
+  /**
+   * Revoke all sessions except the current one.
+   */
+  async revokeOthers(headers) {
+    const appUrl = resolveAppUrl(this._appUrl);
+    const cookies = headers.get("cookie") ?? "";
+    await authApiFetch(appUrl, "/api/auth/revoke-other-sessions", {
+      method: "POST",
+      cookies
+    });
+  }
+};
+function parseCookies(cookieHeader) {
+  const cookies = /* @__PURE__ */ new Map();
+  for (const pair of cookieHeader.split(";")) {
+    const eqIdx = pair.indexOf("=");
+    if (eqIdx === -1) continue;
+    const name = pair.slice(0, eqIdx).trim();
+    const value = pair.slice(eqIdx + 1).trim();
+    if (name) cookies.set(name, value);
+  }
+  return cookies;
+}
+function parseCookieValue(cookieHeader, name) {
+  return parseCookies(cookieHeader).get(name);
+}
+
+// src/models.ts
+var models = {
+  /** Cheapest and fastest model (Deepseek Chat). */
+  FAST: "deepseek-chat",
+  /** Most capable model. */
+  SMART: "claude-sonnet-4-6",
+  /** Default balanced model (Deepseek Chat). */
+  BALANCED: "deepseek-chat"
+};
+
+// src/runtime.ts
+var BrokrRuntime = class {
+  constructor(options) {
+    this._token = options?.token ?? resolveToken();
+    this._gatewayUrl = options?.gatewayUrl ?? GATEWAY_URL;
+    this.ai = new BrokrAIClient(this._token, this._gatewayUrl);
+    this.storage = new BrokrStorageClient(this._token, this._gatewayUrl);
+    this.email = new BrokrEmailClient(this._token, this._gatewayUrl);
+  }
+  // -------------------------------------------------------------------------
+  // Lazy namespace getters
+  // -------------------------------------------------------------------------
+  /** Files client (upload + AI processing). */
+  get files() {
+    if (!this._files) {
+      this._files = new BrokrFilesClient(this._token, this._gatewayUrl, this.storage);
+    }
+    return this._files;
+  }
+  /** Payments client (checkout, portal, plan queries). */
+  get payments() {
+    if (!this._payments) {
+      this._payments = new BrokrPaymentsClient(this._token, this._gatewayUrl);
+    }
+    return this._payments;
+  }
+  /** Notifications client (send + list notifications). */
+  get notifications() {
+    if (!this._notifications) {
+      this._notifications = new BrokrNotificationsClient(this._token, this._gatewayUrl);
+    }
+    return this._notifications;
+  }
+  /** Entitlements client (feature checks, usage queries). */
+  get entitlements() {
+    if (!this._entitlements) {
+      this._entitlements = new BrokrEntitlementsClient(this._token, this._gatewayUrl);
+    }
+    return this._entitlements;
+  }
+  /** Auth client — lazily initialized. */
+  get auth() {
+    if (!this._auth) {
+      this._auth = new BrokrAuthClient(this._token, this._gatewayUrl);
+    }
+    return this._auth;
+  }
+  // -------------------------------------------------------------------------
+  // Root aliases — one-liner DX for the most common operations
+  // -------------------------------------------------------------------------
+  /** Send a chat message. Alias for `brokr.ai.chat()`. */
+  chat(input, options) {
+    return this.ai.chat(input, options);
+  }
+  /** Upload a file. Alias for `brokr.storage.upload()`. */
+  upload(params) {
+    return this.storage.upload(params);
+  }
+  /** Start a checkout flow. Alias for `brokr.payments.checkout()`. */
+  checkout(params) {
+    return this.payments.checkout(params);
+  }
+  /** Start a checkout flow. Alias for `brokr.checkout()` — north star one-liner. */
+  purchase(params) {
+    return this.payments.checkout(params);
+  }
+};
+function createBrokr(options) {
+  BrokrDevConsole.install();
+  initCapture({
+    token: options?.token,
+    gatewayUrl: options?.gatewayUrl
+  });
+  return new BrokrRuntime(options);
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   BrokrAIClient,
   BrokrAuthError,
   BrokrEmailClient,
+  BrokrEntitlementsClient,
   BrokrError,
+  BrokrFilesClient,
   BrokrNetworkError,
+  BrokrNotFoundError,
+  BrokrNotificationsClient,
+  BrokrPaymentsClient,
   BrokrRateLimitError,
   BrokrRuntime,
   BrokrStorageClient,
+  BrokrTimeoutError,
+  BrokrValidationError,
   GATEWAY_URL,
   createBrokr,
+  detectEnv,
+  isDev,
+  isProd,
+  isStaging,
   models
 });