@casfa/client 0.2.0 → 0.3.0

package/dist/index.js

@@ -1,44 +1,57 @@
 var __defProp = Object.defineProperty;
 var __export = (target, all) => {
   for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
+    __defProp(target, name, {
+      get: all[name],
+      enumerable: true,
+      configurable: true,
+      set: (newValue) => all[name] = () => newValue
+    });
 };
 
 // src/api/index.ts
-var api_exports = {};
-__export(api_exports, {
-  approveAuthRequest: () => approveAuthRequest,
-  commitDepot: () => commitDepot,
-  createAuthRequest: () => createAuthRequest,
-  createDepot: () => createDepot,
-  createTicket: () => createTicket,
-  createToken: () => createToken,
-  delegateToken: () => delegateToken,
-  deleteDepot: () => deleteDepot,
-  exchangeCode: () => exchangeCode,
-  fetchServiceInfo: () => fetchServiceInfo,
-  getAuthRequest: () => getAuthRequest,
-  getDepot: () => getDepot,
-  getMe: () => getMe,
-  getNode: () => getNode,
-  getNodeMetadata: () => getNodeMetadata,
-  getOAuthConfig: () => getOAuthConfig,
-  getTicket: () => getTicket,
-  getToken: () => getToken,
-  healthCheck: () => healthCheck,
-  listDepots: () => listDepots,
-  listTickets: () => listTickets,
-  listTokens: () => listTokens,
-  login: () => login,
-  pollAuthRequest: () => pollAuthRequest,
-  prepareNodes: () => prepareNodes,
-  putNode: () => putNode,
-  refresh: () => refresh,
-  rejectAuthRequest: () => rejectAuthRequest,
-  revokeToken: () => revokeToken,
-  submitTicket: () => submitTicket,
+var exports_api = {};
+__export(exports_api, {
+  updateDepot: () => updateDepot,
   tokenResponseToStoredUserToken: () => tokenResponseToStoredUserToken,
-  updateDepot: () => updateDepot
+  revokeDelegate: () => revokeDelegate,
+  rejectAuthRequest: () => rejectAuthRequest,
+  refreshToken: () => refreshToken,
+  refresh: () => refresh,
+  putNode: () => putNode,
+  pollAuthRequest: () => pollAuthRequest,
+  login: () => login,
+  listDepots: () => listDepots,
+  listDelegates: () => listDelegates,
+  healthCheck: () => healthCheck,
+  getOAuthConfig: () => getOAuthConfig,
+  getNodeNavigated: () => getNodeNavigated,
+  getNodeMetadata: () => getNodeMetadata,
+  getNode: () => getNode,
+  getMe: () => getMe,
+  getDepot: () => getDepot,
+  getDelegate: () => getDelegate,
+  getAuthRequest: () => getAuthRequest,
+  fsWrite: () => fsWrite,
+  fsStat: () => fsStat,
+  fsRm: () => fsRm,
+  fsRewrite: () => fsRewrite,
+  fsRead: () => fsRead,
+  fsMv: () => fsMv,
+  fsMkdir: () => fsMkdir,
+  fsLs: () => fsLs,
+  fsCp: () => fsCp,
+  fetchServiceInfo: () => fetchServiceInfo,
+  exchangeCode: () => exchangeCode,
+  deleteDepot: () => deleteDepot,
+  createDepot: () => createDepot,
+  createDelegate: () => createDelegate,
+  createAuthRequest: () => createAuthRequest,
+  commitDepot: () => commitDepot,
+  claimNode: () => claimNode,
+  checkNodes: () => checkNodes,
+  batchClaimNodes: () => batchClaimNodes,
+  approveAuthRequest: () => approveAuthRequest
 });
 
 // src/utils/http.ts
@@ -64,18 +77,22 @@ var statusToErrorCode = (status) => {
 var createErrorFromResponse = async (response) => {
   const code = statusToErrorCode(response.status);
   let message = response.statusText;
-  let details;
+  let details = null;
   try {
     const body = await response.json();
     if (typeof body.message === "string") {
       message = body.message;
-    }
-    if (typeof body.error === "string") {
+    } else if (typeof body.error === "string") {
       message = body.error;
     }
+    if (body.error && typeof body.error === "object" && "issues" in body.error) {
+      const issues = body.error.issues;
+      if (Array.isArray(issues) && issues.length > 0) {
+        message = issues.map((i) => i.path?.length ? `${i.path.join(".")}: ${i.message}` : i.message).join("; ");
+      }
+    }
     details = body;
-  } catch {
-  }
+  } catch {}
   return { code, message, status: response.status, details };
 };
 var createNetworkError = (err) => ({
@@ -86,14 +103,14 @@ var createNetworkError = (err) => ({
 var fetchApi = async (url, options = {}) => {
   const { method = "GET", headers = {}, body, responseType = "json" } = options;
   const requestHeaders = { ...headers };
-  if (body !== void 0 && !requestHeaders["Content-Type"]) {
+  if (body !== undefined && !requestHeaders["Content-Type"]) {
     requestHeaders["Content-Type"] = "application/json";
   }
   try {
     const response = await fetch(url, {
       method,
       headers: requestHeaders,
-      body: body !== void 0 ? JSON.stringify(body) : void 0
+      body: body !== undefined ? JSON.stringify(body) : undefined
     });
     if (!response.ok) {
       const error = await createErrorFromResponse(response);
@@ -111,7 +128,7 @@ var fetchApi = async (url, options = {}) => {
         data = await response.text();
         break;
       case "none":
-        data = void 0;
+        data = undefined;
         break;
     }
     return { ok: true, data, status: response.status };
@@ -127,62 +144,212 @@ var fetchWithAuth = async (url, authHeader, options = {}) => {
   return fetchApi(url, { ...options, headers });
 };
 
+// src/api/claim.ts
+var claimNode = async (baseUrl, realm, accessTokenBase64, nodeKey, params) => {
+  return fetchWithAuth(`${baseUrl}/api/realm/${encodeURIComponent(realm)}/nodes/${encodeURIComponent(nodeKey)}/claim`, `Bearer ${accessTokenBase64}`, {
+    method: "POST",
+    body: params
+  });
+};
+var batchClaimNodes = async (baseUrl, realm, accessTokenBase64, params) => {
+  return fetchWithAuth(`${baseUrl}/api/realm/${encodeURIComponent(realm)}/nodes/claim`, `Bearer ${accessTokenBase64}`, {
+    method: "POST",
+    body: params
+  });
+};
+// src/api/delegates.ts
+var createDelegate = async (baseUrl, realm, accessTokenBase64, params) => {
+  return fetchWithAuth(`${baseUrl}/api/realm/${encodeURIComponent(realm)}/delegates`, `Bearer ${accessTokenBase64}`, {
+    method: "POST",
+    body: params
+  });
+};
+var listDelegates = async (baseUrl, realm, accessTokenBase64, params) => {
+  const query = new URLSearchParams;
+  if (params?.limit)
+    query.set("limit", String(params.limit));
+  if (params?.cursor)
+    query.set("cursor", params.cursor);
+  if (params?.includeRevoked)
+    query.set("includeRevoked", "true");
+  const queryString = query.toString();
+  const url = `${baseUrl}/api/realm/${encodeURIComponent(realm)}/delegates${queryString ? `?${queryString}` : ""}`;
+  return fetchWithAuth(url, `Bearer ${accessTokenBase64}`);
+};
+var getDelegate = async (baseUrl, realm, accessTokenBase64, delegateId) => {
+  return fetchWithAuth(`${baseUrl}/api/realm/${encodeURIComponent(realm)}/delegates/${encodeURIComponent(delegateId)}`, `Bearer ${accessTokenBase64}`);
+};
+var revokeDelegate = async (baseUrl, realm, accessTokenBase64, delegateId) => {
+  return fetchWithAuth(`${baseUrl}/api/realm/${encodeURIComponent(realm)}/delegates/${encodeURIComponent(delegateId)}/revoke`, `Bearer ${accessTokenBase64}`, {
+    method: "POST"
+  });
+};
 // src/api/depots.ts
 var createDepot = async (baseUrl, realm, accessTokenBase64, params) => {
-  return fetchWithAuth(
-    `${baseUrl}/api/realm/${encodeURIComponent(realm)}/depots`,
-    `Bearer ${accessTokenBase64}`,
-    {
-      method: "POST",
-      body: params
-    }
-  );
+  return fetchWithAuth(`${baseUrl}/api/realm/${encodeURIComponent(realm)}/depots`, `Bearer ${accessTokenBase64}`, {
+    method: "POST",
+    body: params
+  });
 };
 var listDepots = async (baseUrl, realm, accessTokenBase64, params) => {
-  const query = new URLSearchParams();
-  if (params?.limit) query.set("limit", String(params.limit));
-  if (params?.cursor) query.set("cursor", params.cursor);
+  const query = new URLSearchParams;
+  if (params?.limit)
+    query.set("limit", String(params.limit));
+  if (params?.cursor)
+    query.set("cursor", params.cursor);
   const queryString = query.toString();
   const url = `${baseUrl}/api/realm/${encodeURIComponent(realm)}/depots${queryString ? `?${queryString}` : ""}`;
   return fetchWithAuth(url, `Bearer ${accessTokenBase64}`);
 };
 var getDepot = async (baseUrl, realm, accessTokenBase64, depotId) => {
-  return fetchWithAuth(
-    `${baseUrl}/api/realm/${encodeURIComponent(realm)}/depots/${encodeURIComponent(depotId)}`,
-    `Bearer ${accessTokenBase64}`
-  );
+  return fetchWithAuth(`${baseUrl}/api/realm/${encodeURIComponent(realm)}/depots/${encodeURIComponent(depotId)}`, `Bearer ${accessTokenBase64}`);
 };
 var updateDepot = async (baseUrl, realm, accessTokenBase64, depotId, params) => {
-  return fetchWithAuth(
-    `${baseUrl}/api/realm/${encodeURIComponent(realm)}/depots/${encodeURIComponent(depotId)}`,
-    `Bearer ${accessTokenBase64}`,
-    {
-      method: "PATCH",
-      body: params
-    }
-  );
+  return fetchWithAuth(`${baseUrl}/api/realm/${encodeURIComponent(realm)}/depots/${encodeURIComponent(depotId)}`, `Bearer ${accessTokenBase64}`, {
+    method: "PATCH",
+    body: params
+  });
 };
 var deleteDepot = async (baseUrl, realm, accessTokenBase64, depotId) => {
-  return fetchWithAuth(
-    `${baseUrl}/api/realm/${encodeURIComponent(realm)}/depots/${encodeURIComponent(depotId)}`,
-    `Bearer ${accessTokenBase64}`,
-    {
-      method: "DELETE",
-      responseType: "none"
-    }
-  );
+  return fetchWithAuth(`${baseUrl}/api/realm/${encodeURIComponent(realm)}/depots/${encodeURIComponent(depotId)}`, `Bearer ${accessTokenBase64}`, {
+    method: "DELETE",
+    responseType: "none"
+  });
 };
 var commitDepot = async (baseUrl, realm, accessTokenBase64, depotId, params) => {
-  return fetchWithAuth(
-    `${baseUrl}/api/realm/${encodeURIComponent(realm)}/depots/${encodeURIComponent(depotId)}/commit`,
-    `Bearer ${accessTokenBase64}`,
-    {
+  return fetchWithAuth(`${baseUrl}/api/realm/${encodeURIComponent(realm)}/depots/${encodeURIComponent(depotId)}/commit`, `Bearer ${accessTokenBase64}`, {
+    method: "POST",
+    body: params
+  });
+};
+// src/api/filesystem.ts
+function buildFsUrl(baseUrl, realm, rootKey, op) {
+  return `${baseUrl}/api/realm/${encodeURIComponent(realm)}/nodes/fs/${encodeURIComponent(rootKey)}/${op}`;
+}
+var fsStat = async (baseUrl, realm, accessTokenBase64, rootKey, path) => {
+  const params = new URLSearchParams;
+  if (path)
+    params.set("path", path);
+  const qs = params.toString();
+  const url = `${buildFsUrl(baseUrl, realm, rootKey, "stat")}${qs ? `?${qs}` : ""}`;
+  return fetchWithAuth(url, `Bearer ${accessTokenBase64}`);
+};
+var fsLs = async (baseUrl, realm, accessTokenBase64, rootKey, path, opts) => {
+  const params = new URLSearchParams;
+  if (path)
+    params.set("path", path);
+  if (opts?.limit)
+    params.set("limit", String(opts.limit));
+  if (opts?.cursor)
+    params.set("cursor", opts.cursor);
+  const qs = params.toString();
+  const url = `${buildFsUrl(baseUrl, realm, rootKey, "ls")}${qs ? `?${qs}` : ""}`;
+  return fetchWithAuth(url, `Bearer ${accessTokenBase64}`);
+};
+var fsRead = async (baseUrl, realm, accessTokenBase64, rootKey, path) => {
+  const params = new URLSearchParams({ path });
+  const url = `${buildFsUrl(baseUrl, realm, rootKey, "read")}?${params}`;
+  try {
+    const response = await fetch(url, {
+      headers: { Authorization: `Bearer ${accessTokenBase64}` }
+    });
+    if (!response.ok) {
+      let message = response.statusText;
+      try {
+        const body = await response.json();
+        if (typeof body.message === "string")
+          message = body.message;
+      } catch {}
+      return {
+        ok: false,
+        error: { code: String(response.status), message, status: response.status }
+      };
+    }
+    const blob = await response.blob();
+    return { ok: true, data: blob, status: response.status };
+  } catch (err) {
+    return {
+      ok: false,
+      error: {
+        code: "NETWORK_ERROR",
+        message: err instanceof Error ? err.message : "Network error"
+      }
+    };
+  }
+};
+var fsWrite = async (baseUrl, realm, accessTokenBase64, rootKey, path, data, contentType = "application/octet-stream") => {
+  const params = new URLSearchParams({ path });
+  const url = `${buildFsUrl(baseUrl, realm, rootKey, "write")}?${params}`;
+  const body = data instanceof Blob ? data : new Blob([data], { type: contentType });
+  try {
+    const response = await fetch(url, {
       method: "POST",
-      body: params
+      headers: {
+        Authorization: `Bearer ${accessTokenBase64}`,
+        "Content-Type": contentType,
+        "Content-Length": String(body.size)
+      },
+      body
+    });
+    if (!response.ok) {
+      let message = response.statusText;
+      try {
+        const body2 = await response.json();
+        if (typeof body2.message === "string")
+          message = body2.message;
+      } catch {}
+      return {
+        ok: false,
+        error: { code: String(response.status), message, status: response.status }
+      };
     }
-  );
+    const result = await response.json();
+    return { ok: true, data: result, status: response.status };
+  } catch (err) {
+    return {
+      ok: false,
+      error: {
+        code: "NETWORK_ERROR",
+        message: err instanceof Error ? err.message : "Network error"
+      }
+    };
+  }
+};
+var fsMkdir = async (baseUrl, realm, accessTokenBase64, rootKey, path) => {
+  const url = buildFsUrl(baseUrl, realm, rootKey, "mkdir");
+  return fetchWithAuth(url, `Bearer ${accessTokenBase64}`, {
+    method: "POST",
+    body: { path }
+  });
+};
+var fsRm = async (baseUrl, realm, accessTokenBase64, rootKey, path) => {
+  const url = buildFsUrl(baseUrl, realm, rootKey, "rm");
+  return fetchWithAuth(url, `Bearer ${accessTokenBase64}`, {
+    method: "POST",
+    body: { path }
+  });
+};
+var fsMv = async (baseUrl, realm, accessTokenBase64, rootKey, from, to) => {
+  const url = buildFsUrl(baseUrl, realm, rootKey, "mv");
+  return fetchWithAuth(url, `Bearer ${accessTokenBase64}`, {
+    method: "POST",
+    body: { from, to }
+  });
+};
+var fsCp = async (baseUrl, realm, accessTokenBase64, rootKey, from, to) => {
+  const url = buildFsUrl(baseUrl, realm, rootKey, "cp");
+  return fetchWithAuth(url, `Bearer ${accessTokenBase64}`, {
+    method: "POST",
+    body: { from, to }
+  });
+};
+var fsRewrite = async (baseUrl, realm, accessTokenBase64, rootKey, entries, deletes) => {
+  const url = buildFsUrl(baseUrl, realm, rootKey, "rewrite");
+  return fetchWithAuth(url, `Bearer ${accessTokenBase64}`, {
+    method: "POST",
+    body: { entries, deletes }
+  });
 };
-
 // src/api/info.ts
 var fetchServiceInfo = async (baseUrl) => {
   return fetchApi(`${baseUrl}/api/info`);
@@ -190,17 +357,14 @@ var fetchServiceInfo = async (baseUrl) => {
 var healthCheck = async (baseUrl) => {
   return fetchApi(`${baseUrl}/api/health`);
 };
-
 // src/api/nodes.ts
-var getNode = async (baseUrl, realm, accessTokenBase64, nodeKey, indexPath) => {
-  const url = `${baseUrl}/api/realm/${encodeURIComponent(realm)}/nodes/${encodeURIComponent(nodeKey)}`;
+var getNode = async (baseUrl, realm, accessTokenBase64, nodeKey) => {
+  const url = `${baseUrl}/api/realm/${encodeURIComponent(realm)}/nodes/raw/${encodeURIComponent(nodeKey)}`;
   try {
-    const response = await fetch(url, {
-      headers: {
-        Authorization: `Bearer ${accessTokenBase64}`,
-        "X-CAS-Index-Path": indexPath
-      }
-    });
+    const headers = {
+      Authorization: `Bearer ${accessTokenBase64}`
+    };
+    const response = await fetch(url, { headers });
     if (!response.ok) {
       const error = await response.json().catch(() => ({ message: response.statusText }));
       return {
@@ -224,29 +388,47 @@ var getNode = async (baseUrl, realm, accessTokenBase64, nodeKey, indexPath) => {
     };
   }
 };
-var getNodeMetadata = async (baseUrl, realm, accessTokenBase64, nodeKey, indexPath) => {
-  return fetchWithAuth(
-    `${baseUrl}/api/realm/${encodeURIComponent(realm)}/nodes/${encodeURIComponent(nodeKey)}/metadata`,
-    `Bearer ${accessTokenBase64}`,
-    {
-      headers: {
-        "X-CAS-Index-Path": indexPath
-      }
+var getNodeNavigated = async (baseUrl, realm, accessTokenBase64, nodeKey, indexPath) => {
+  const url = `${baseUrl}/api/realm/${encodeURIComponent(realm)}/nodes/raw/${encodeURIComponent(nodeKey)}/${indexPath}`;
+  try {
+    const headers = {
+      Authorization: `Bearer ${accessTokenBase64}`
+    };
+    const response = await fetch(url, { headers });
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({ message: response.statusText }));
+      return {
+        ok: false,
+        error: {
+          code: String(response.status),
+          message: error.message ?? response.statusText,
+          status: response.status
+        }
+      };
     }
-  );
+    const data = new Uint8Array(await response.arrayBuffer());
+    return { ok: true, data, status: response.status };
+  } catch (err) {
+    return {
+      ok: false,
+      error: {
+        code: "NETWORK_ERROR",
+        message: err instanceof Error ? err.message : "Network error"
+      }
+    };
+  }
 };
-var prepareNodes = async (baseUrl, realm, accessTokenBase64, params) => {
-  return fetchWithAuth(
-    `${baseUrl}/api/realm/${encodeURIComponent(realm)}/nodes/prepare`,
-    `Bearer ${accessTokenBase64}`,
-    {
-      method: "POST",
-      body: params
-    }
-  );
+var getNodeMetadata = async (baseUrl, realm, accessTokenBase64, nodeKey) => {
+  return fetchWithAuth(`${baseUrl}/api/realm/${encodeURIComponent(realm)}/nodes/metadata/${encodeURIComponent(nodeKey)}`, `Bearer ${accessTokenBase64}`);
+};
+var checkNodes = async (baseUrl, realm, accessTokenBase64, params) => {
+  return fetchWithAuth(`${baseUrl}/api/realm/${encodeURIComponent(realm)}/nodes/check`, `Bearer ${accessTokenBase64}`, {
+    method: "POST",
+    body: params
+  });
 };
 var putNode = async (baseUrl, realm, accessTokenBase64, nodeKey, content) => {
-  const url = `${baseUrl}/api/realm/${encodeURIComponent(realm)}/nodes/${encodeURIComponent(nodeKey)}`;
+  const url = `${baseUrl}/api/realm/${encodeURIComponent(realm)}/nodes/raw/${encodeURIComponent(nodeKey)}`;
   try {
     const response = await fetch(url, {
       method: "PUT",
@@ -279,7 +461,6 @@ var putNode = async (baseUrl, realm, accessTokenBase64, nodeKey, content) => {
     };
   }
 };
-
 // src/api/oauth.ts
 var getOAuthConfig = async (baseUrl) => {
   return fetchApi(`${baseUrl}/api/oauth/config`);
@@ -306,12 +487,11 @@ var getMe = async (baseUrl, userAccessToken) => {
   return fetchWithAuth(`${baseUrl}/api/oauth/me`, `Bearer ${userAccessToken}`);
 };
 var tokenResponseToStoredUserToken = (response, userId) => ({
-  accessToken: response.accessToken,
+  accessToken: response.idToken ?? response.accessToken,
   refreshToken: response.refreshToken,
   userId,
-  expiresAt: Date.now() + response.expiresIn * 1e3
+  expiresAt: Date.now() + response.expiresIn * 1000
 });
-
 // src/api/requests.ts
 var createAuthRequest = async (baseUrl, params) => {
   return fetchApi(`${baseUrl}/api/tokens/requests`, {
@@ -320,190 +500,55 @@ var createAuthRequest = async (baseUrl, params) => {
   });
 };
 var pollAuthRequest = async (baseUrl, requestId) => {
-  return fetchApi(
-    `${baseUrl}/api/tokens/requests/${encodeURIComponent(requestId)}/poll`
-  );
+  return fetchApi(`${baseUrl}/api/tokens/requests/${encodeURIComponent(requestId)}/poll`);
 };
 var getAuthRequest = async (baseUrl, userAccessToken, requestId) => {
-  return fetchWithAuth(
-    `${baseUrl}/api/tokens/requests/${encodeURIComponent(requestId)}`,
-    `Bearer ${userAccessToken}`
-  );
+  return fetchWithAuth(`${baseUrl}/api/tokens/requests/${encodeURIComponent(requestId)}`, `Bearer ${userAccessToken}`);
 };
 var approveAuthRequest = async (baseUrl, userAccessToken, requestId, params) => {
-  return fetchWithAuth(
-    `${baseUrl}/api/tokens/requests/${encodeURIComponent(requestId)}/approve`,
-    `Bearer ${userAccessToken}`,
-    {
-      method: "POST",
-      body: params ?? {}
-    }
-  );
+  return fetchWithAuth(`${baseUrl}/api/tokens/requests/${encodeURIComponent(requestId)}/approve`, `Bearer ${userAccessToken}`, {
+    method: "POST",
+    body: params ?? {}
+  });
 };
 var rejectAuthRequest = async (baseUrl, userAccessToken, requestId, params) => {
-  return fetchWithAuth(
-    `${baseUrl}/api/tokens/requests/${encodeURIComponent(requestId)}/reject`,
-    `Bearer ${userAccessToken}`,
-    {
-      method: "POST",
-      body: params ?? {}
-    }
-  );
-};
-
-// src/api/tickets.ts
-var createTicket = async (baseUrl, realm, accessTokenBase64, params) => {
-  return fetchWithAuth(
-    `${baseUrl}/api/realm/${encodeURIComponent(realm)}/tickets`,
-    `Bearer ${accessTokenBase64}`,
-    {
-      method: "POST",
-      body: params
-    }
-  );
-};
-var listTickets = async (baseUrl, realm, accessTokenBase64, params) => {
-  const query = new URLSearchParams();
-  if (params?.limit) query.set("limit", String(params.limit));
-  if (params?.cursor) query.set("cursor", params.cursor);
-  if (params?.status) query.set("status", params.status);
-  const queryString = query.toString();
-  const url = `${baseUrl}/api/realm/${encodeURIComponent(realm)}/tickets${queryString ? `?${queryString}` : ""}`;
-  return fetchWithAuth(url, `Bearer ${accessTokenBase64}`);
-};
-var getTicket = async (baseUrl, realm, accessTokenBase64, ticketId) => {
-  return fetchWithAuth(
-    `${baseUrl}/api/realm/${encodeURIComponent(realm)}/tickets/${encodeURIComponent(ticketId)}`,
-    `Bearer ${accessTokenBase64}`
-  );
-};
-var submitTicket = async (baseUrl, realm, accessTokenBase64, ticketId, params) => {
-  return fetchWithAuth(
-    `${baseUrl}/api/realm/${encodeURIComponent(realm)}/tickets/${encodeURIComponent(ticketId)}/submit`,
-    `Bearer ${accessTokenBase64}`,
-    {
-      method: "POST",
-      body: params
-    }
-  );
-};
-
-// src/api/tokens.ts
-var createToken = async (baseUrl, userAccessToken, params) => {
-  return fetchWithAuth(`${baseUrl}/api/tokens`, `Bearer ${userAccessToken}`, {
+  return fetchWithAuth(`${baseUrl}/api/tokens/requests/${encodeURIComponent(requestId)}/reject`, `Bearer ${userAccessToken}`, {
     method: "POST",
-    body: params
+    body: params ?? {}
   });
 };
-var listTokens = async (baseUrl, userAccessToken, params) => {
-  const query = new URLSearchParams();
-  if (params?.limit) query.set("limit", String(params.limit));
-  if (params?.cursor) query.set("cursor", params.cursor);
-  if (params?.type) query.set("type", params.type);
-  const queryString = query.toString();
-  const url = `${baseUrl}/api/tokens${queryString ? `?${queryString}` : ""}`;
-  return fetchWithAuth(url, `Bearer ${userAccessToken}`);
-};
-var getToken = async (baseUrl, userAccessToken, tokenId) => {
-  return fetchWithAuth(
-    `${baseUrl}/api/tokens/${encodeURIComponent(tokenId)}`,
-    `Bearer ${userAccessToken}`
-  );
-};
-var revokeToken = async (baseUrl, userAccessToken, tokenId) => {
-  return fetchWithAuth(
-    `${baseUrl}/api/tokens/${encodeURIComponent(tokenId)}/revoke`,
-    `Bearer ${userAccessToken}`,
-    { method: "POST" }
-  );
-};
-var delegateToken = async (baseUrl, delegateTokenBase64, params) => {
-  return fetchWithAuth(
-    `${baseUrl}/api/tokens/delegate`,
-    `Bearer ${delegateTokenBase64}`,
-    {
-      method: "POST",
-      body: params
-    }
-  );
+// src/api/tokens.ts
+var refreshToken = async (baseUrl, refreshTokenBase64) => {
+  return fetchWithAuth(`${baseUrl}/api/auth/refresh`, `Bearer ${refreshTokenBase64}`, {
+    method: "POST"
+  });
 };
-
 // src/store/token-checks.ts
-var DEFAULT_EXPIRY_BUFFER_MS = 6e4;
+var DEFAULT_EXPIRY_BUFFER_MS = 60000;
 var isTokenValid = (token, bufferMs = DEFAULT_EXPIRY_BUFFER_MS) => {
-  if (!token) return false;
+  if (!token)
+    return false;
   return Date.now() + bufferMs < token.expiresAt;
 };
-var isTokenExpiringSoon = (token, windowMs = 5 * 6e4) => {
-  if (!token) return false;
+var isTokenExpiringSoon = (token, windowMs = 5 * 60000) => {
+  if (!token)
+    return false;
   return Date.now() + windowMs >= token.expiresAt;
 };
 var isUserTokenValid = (userToken, bufferMs) => {
   return isTokenValid(userToken, bufferMs);
 };
-var isDelegateTokenValid = (delegateToken3, bufferMs) => {
-  return isTokenValid(delegateToken3, bufferMs);
-};
-var isAccessTokenValid = (accessToken, bufferMs) => {
+var isStoredAccessTokenValid = (accessToken, bufferMs) => {
   return isTokenValid(accessToken, bufferMs);
 };
-var getMaxIssuerId = (state) => {
-  if (state.user && isUserTokenValid(state.user)) {
-    return state.user.userId;
-  }
-  if (state.delegate && isDelegateTokenValid(state.delegate)) {
-    return state.delegate.tokenId;
-  }
-  return null;
-};
-var isAccessTokenFromMaxIssuer = (state) => {
-  const accessToken = state.access;
-  if (!accessToken || !isAccessTokenValid(accessToken)) {
-    return false;
-  }
-  const maxIssuerId = getMaxIssuerId(state);
-  if (!maxIssuerId) {
-    return true;
-  }
-  return accessToken.issuerId === maxIssuerId;
-};
-var isDelegateTokenFromCurrentUser = (state) => {
-  const delegateToken3 = state.delegate;
-  const userToken = state.user;
-  if (!delegateToken3 || !isDelegateTokenValid(delegateToken3)) {
-    return false;
-  }
-  if (!userToken || !isUserTokenValid(userToken)) {
-    return true;
-  }
-  return delegateToken3.issuerId === userToken.userId;
-};
-var shouldReissueAccessToken = (state) => {
-  if (!isAccessTokenValid(state.access)) {
-    return true;
-  }
-  if (!isAccessTokenFromMaxIssuer(state)) {
-    return true;
-  }
-  return false;
-};
-var shouldReissueDelegateToken = (state) => {
-  if (!isDelegateTokenValid(state.delegate)) {
-    return true;
-  }
-  if (state.user && !isDelegateTokenFromCurrentUser(state)) {
-    return true;
-  }
-  return false;
-};
 
 // src/store/jwt-refresh.ts
-var callRefreshApi = async (baseUrl, refreshToken) => {
+var callRefreshApi = async (baseUrl, refreshToken2) => {
   try {
     const response = await fetch(`${baseUrl}/api/oauth/refresh`, {
       method: "POST",
       headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ refreshToken })
+      body: JSON.stringify({ refreshToken: refreshToken2 })
     });
     if (!response.ok) {
       return null;
@@ -531,10 +576,10 @@ var createRefreshManager = (config) => {
       return null;
     }
     const newUserToken = {
-      accessToken: result.accessToken,
+      accessToken: result.idToken ?? result.accessToken,
       refreshToken: result.refreshToken ?? userToken.refreshToken,
       userId: userToken.userId,
-      expiresAt: Date.now() + result.expiresIn * 1e3
+      expiresAt: Date.now() + result.expiresIn * 1000
     };
     store.setUser(newUserToken);
     return newUserToken;
@@ -559,8 +604,9 @@ var createRefreshManager = (config) => {
     cancelScheduledRefresh();
     const state = store.getState();
     const userToken = state.user;
-    if (!userToken) return;
-    const refreshTime = userToken.expiresAt - Date.now() - 5 * 6e4;
+    if (!userToken)
+      return;
+    const refreshTime = userToken.expiresAt - Date.now() - 5 * 60000;
     if (refreshTime <= 0) {
       ensureValidUserToken();
       return;
@@ -587,157 +633,31 @@ var createRefreshManager = (config) => {
 };
 
 // src/store/token-selector.ts
-var issueTokenWithUserJwt = async (baseUrl, userAccessToken, request) => {
-  try {
-    const response = await fetch(`${baseUrl}/api/tokens`, {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        Authorization: `Bearer ${userAccessToken}`
-      },
-      body: JSON.stringify(request)
-    });
-    if (!response.ok) {
-      console.error("[TokenSelector] Failed to issue token with User JWT:", response.status);
-      return null;
-    }
-    return await response.json();
-  } catch (err) {
-    console.error("[TokenSelector] Error issuing token with User JWT:", err);
-    return null;
-  }
-};
-var delegateToken2 = async (baseUrl, delegateTokenBase64, request) => {
-  try {
-    const response = await fetch(`${baseUrl}/api/tokens/delegate`, {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        Authorization: `Bearer ${delegateTokenBase64}`
-      },
-      body: JSON.stringify(request)
-    });
-    if (!response.ok) {
-      console.error("[TokenSelector] Failed to delegate token:", response.status);
-      return null;
-    }
-    return await response.json();
-  } catch (err) {
-    console.error("[TokenSelector] Error delegating token:", err);
-    return null;
-  }
-};
 var createTokenSelector = (config) => {
-  const { store, baseUrl, realm, serverInfo, defaultTokenTtl } = config;
-  const getTokenTtl = (type) => {
-    if (defaultTokenTtl) return defaultTokenTtl;
-    if (serverInfo?.limits) {
-      if (type === "delegate" && serverInfo.limits.maxDelegateTokenTtl) {
-        return serverInfo.limits.maxDelegateTokenTtl;
-      }
-      if (type === "access" && serverInfo.limits.maxAccessTokenTtl) {
-        return serverInfo.limits.maxAccessTokenTtl;
-      }
-    }
-    return type === "access" ? 3600 : 30 * 24 * 3600;
-  };
+  const { store } = config;
   const ensureAccessToken = async () => {
     const state = store.getState();
-    if (!shouldReissueAccessToken(state)) {
-      return state.access;
-    }
-    const userToken = state.user;
-    const delegateToken_ = state.delegate;
-    if (isUserTokenValid(userToken)) {
-      const result = await issueTokenWithUserJwt(baseUrl, userToken.accessToken, {
-        realm,
-        name: "auto-issued-access",
-        type: "access",
-        expiresIn: getTokenTtl("access"),
-        canUpload: true,
-        canManageDepot: true
-      });
-      if (result) {
-        const newToken = {
-          tokenId: result.tokenId,
-          tokenBase64: result.tokenBase64,
-          type: "access",
-          issuerId: result.issuerId,
-          expiresAt: result.expiresAt,
-          canUpload: result.canUpload,
-          canManageDepot: result.canManageDepot
-        };
-        store.setAccess(newToken);
-        return newToken;
-      }
-    }
-    if (isDelegateTokenValid(delegateToken_)) {
-      const result = await delegateToken2(baseUrl, delegateToken_.tokenBase64, {
-        name: "auto-issued-access",
-        type: "access",
-        expiresIn: getTokenTtl("access"),
-        canUpload: delegateToken_.canUpload,
-        canManageDepot: delegateToken_.canManageDepot
-      });
-      if (result) {
-        const newToken = {
-          tokenId: result.tokenId,
-          tokenBase64: result.tokenBase64,
-          type: "access",
-          issuerId: result.issuerId,
-          expiresAt: result.expiresAt,
-          canUpload: result.canUpload,
-          canManageDepot: result.canManageDepot
-        };
-        store.setAccess(newToken);
-        return newToken;
-      }
-    }
-    return null;
-  };
-  const ensureDelegateToken = async () => {
-    const state = store.getState();
-    if (isDelegateTokenValid(state.delegate)) {
-      return state.delegate;
-    }
     const userToken = state.user;
     if (!isUserTokenValid(userToken)) {
       return null;
     }
-    const result = await issueTokenWithUserJwt(baseUrl, userToken.accessToken, {
-      realm,
-      name: "auto-issued-delegate",
-      type: "delegate",
-      expiresIn: getTokenTtl("delegate"),
+    return {
+      tokenBase64: userToken.accessToken,
+      tokenBytes: new Uint8Array(0),
+      expiresAt: userToken.expiresAt,
       canUpload: true,
       canManageDepot: true
-    });
-    if (result) {
-      const newToken = {
-        tokenId: result.tokenId,
-        tokenBase64: result.tokenBase64,
-        type: "delegate",
-        issuerId: result.issuerId,
-        expiresAt: result.expiresAt,
-        canUpload: result.canUpload,
-        canManageDepot: result.canManageDepot
-      };
-      store.setDelegate(newToken);
-      return newToken;
-    }
-    return null;
+    };
   };
   return {
-    ensureAccessToken,
-    ensureDelegateToken
+    ensureAccessToken
   };
 };
 
 // src/types/tokens.ts
 var emptyTokenState = () => ({
   user: null,
-  delegate: null,
-  access: null
+  rootDelegate: null
 });
 
 // src/store/token-store.ts
@@ -756,12 +676,8 @@ var createTokenStore = (config = {}) => {
       state = { ...state, user: token };
       notifyAndPersist();
     },
-    setDelegate: (token) => {
-      state = { ...state, delegate: token };
-      notifyAndPersist();
-    },
-    setAccess: (token) => {
-      state = { ...state, access: token };
+    setRootDelegate: (delegate) => {
+      state = { ...state, rootDelegate: delegate };
       notifyAndPersist();
     },
     clear: () => {
@@ -772,7 +688,8 @@ var createTokenStore = (config = {}) => {
       });
     },
     initialize: async () => {
-      if (!storage) return;
+      if (!storage)
+        return;
       try {
         const loaded = await storage.load();
         if (loaded) {
@@ -788,17 +705,28 @@ var createTokenStore = (config = {}) => {
 // src/client/helpers.ts
 var ERRORS = {
   USER_REQUIRED: { code: "UNAUTHORIZED", message: "User login required" },
-  DELEGATE_REQUIRED: { code: "FORBIDDEN", message: "Delegate token required" },
   ACCESS_REQUIRED: { code: "FORBIDDEN", message: "Access token required" }
 };
-var withToken = (getToken2, error) => {
-  return (fn) => getToken2().then(
-    (token) => token ? fn(token) : Promise.resolve({ ok: false, error })
-  );
+var withToken = (getToken, error) => {
+  return (fn) => getToken().then((token) => token ? fn(token) : Promise.resolve({ ok: false, error }));
+};
+var withAccessToken = (getToken) => withToken(getToken, ERRORS.ACCESS_REQUIRED);
+
+// src/client/delegates.ts
+var createDelegateMethods = ({
+  baseUrl,
+  realm,
+  tokenSelector
+}) => {
+  const requireAccess = withAccessToken(() => tokenSelector.ensureAccessToken());
+  return {
+    create: (params) => requireAccess((t) => createDelegate(baseUrl, realm, t.tokenBase64, params)),
+    list: (params) => requireAccess((t) => listDelegates(baseUrl, realm, t.tokenBase64, params)),
+    get: (delegateId) => requireAccess((t) => getDelegate(baseUrl, realm, t.tokenBase64, delegateId)),
+    revoke: (delegateId) => requireAccess((t) => revokeDelegate(baseUrl, realm, t.tokenBase64, delegateId)),
+    claimNode: (nodeKey, pop) => requireAccess((t) => claimNode(baseUrl, realm, t.tokenBase64, nodeKey, { pop }))
+  };
 };
-var withUserToken = (getToken2) => withToken(getToken2, ERRORS.USER_REQUIRED);
-var withDelegateToken = (getToken2) => withToken(getToken2, ERRORS.DELEGATE_REQUIRED);
-var withAccessToken = (getToken2) => withToken(getToken2, ERRORS.ACCESS_REQUIRED);
 
 // src/client/depots.ts
 var createDepotMethods = ({ baseUrl, realm, tokenSelector }) => {
@@ -813,14 +741,33 @@ var createDepotMethods = ({ baseUrl, realm, tokenSelector }) => {
   };
 };
 
+// src/client/filesystem.ts
+var createFsMethods = ({ baseUrl, realm, tokenSelector }) => {
+  const requireAccess = withAccessToken(() => tokenSelector.ensureAccessToken());
+  return {
+    stat: (rootKey, path) => requireAccess((t) => fsStat(baseUrl, realm, t.tokenBase64, rootKey, path)),
+    ls: (rootKey, path, opts) => requireAccess((t) => fsLs(baseUrl, realm, t.tokenBase64, rootKey, path, opts)),
+    read: (rootKey, path) => requireAccess((t) => fsRead(baseUrl, realm, t.tokenBase64, rootKey, path)),
+    write: (rootKey, path, data, contentType) => requireAccess((t) => fsWrite(baseUrl, realm, t.tokenBase64, rootKey, path, data, contentType)),
+    mkdir: (rootKey, path) => requireAccess((t) => fsMkdir(baseUrl, realm, t.tokenBase64, rootKey, path)),
+    rm: (rootKey, path) => requireAccess((t) => fsRm(baseUrl, realm, t.tokenBase64, rootKey, path)),
+    mv: (rootKey, from, to) => requireAccess((t) => fsMv(baseUrl, realm, t.tokenBase64, rootKey, from, to)),
+    cp: (rootKey, from, to) => requireAccess((t) => fsCp(baseUrl, realm, t.tokenBase64, rootKey, from, to)),
+    rewrite: (rootKey, entries, deletes) => requireAccess((t) => fsRewrite(baseUrl, realm, t.tokenBase64, rootKey, entries, deletes))
+  };
+};
+
 // src/client/nodes.ts
 var createNodeMethods = ({ baseUrl, realm, tokenSelector }) => {
   const requireAccess = withAccessToken(() => tokenSelector.ensureAccessToken());
   return {
-    get: (nodeKey, indexPath) => requireAccess((t) => getNode(baseUrl, realm, t.tokenBase64, nodeKey, indexPath)),
-    getMetadata: (nodeKey, indexPath) => requireAccess((t) => getNodeMetadata(baseUrl, realm, t.tokenBase64, nodeKey, indexPath)),
-    prepare: (params) => requireAccess((t) => prepareNodes(baseUrl, realm, t.tokenBase64, params)),
-    put: (nodeKey, content) => requireAccess((t) => putNode(baseUrl, realm, t.tokenBase64, nodeKey, content))
+    get: (nodeKey) => requireAccess((t) => getNode(baseUrl, realm, t.tokenBase64, nodeKey)),
+    getNavigated: (nodeKey, indexPath) => requireAccess((t) => getNodeNavigated(baseUrl, realm, t.tokenBase64, nodeKey, indexPath)),
+    getMetadata: (nodeKey) => requireAccess((t) => getNodeMetadata(baseUrl, realm, t.tokenBase64, nodeKey)),
+    check: (params) => requireAccess((t) => checkNodes(baseUrl, realm, t.tokenBase64, params)),
+    put: (nodeKey, content) => requireAccess((t) => putNode(baseUrl, realm, t.tokenBase64, nodeKey, content)),
+    claim: (nodeKey, pop) => requireAccess((t) => claimNode(baseUrl, realm, t.tokenBase64, nodeKey, { pop })),
+    batchClaim: (params) => requireAccess((t) => batchClaimNodes(baseUrl, realm, t.tokenBase64, params))
   };
 };
 
@@ -833,9 +780,11 @@ var createOAuthMethods = ({
   getConfig: () => getOAuthConfig(baseUrl),
   login: async (email, password) => {
     const result = await login(baseUrl, { email, password });
-    if (!result.ok) return result;
+    if (!result.ok)
+      return result;
     const meResult = await getMe(baseUrl, result.data.accessToken);
-    if (!meResult.ok) return meResult;
+    if (!meResult.ok)
+      return meResult;
     store.setUser(tokenResponseToStoredUserToken(result.data, meResult.data.userId));
     refreshManager.scheduleProactiveRefresh();
     return meResult;
@@ -846,9 +795,11 @@ var createOAuthMethods = ({
       redirect_uri: redirectUri,
       code_verifier: codeVerifier
     });
-    if (!result.ok) return result;
+    if (!result.ok)
+      return result;
     const meResult = await getMe(baseUrl, result.data.accessToken);
-    if (!meResult.ok) return meResult;
+    if (!meResult.ok)
+      return meResult;
     store.setUser(tokenResponseToStoredUserToken(result.data, meResult.data.userId));
     refreshManager.scheduleProactiveRefresh();
     return meResult;
@@ -862,76 +813,30 @@ var createOAuthMethods = ({
   }
 });
 
-// src/client/tickets.ts
-var createTicketMethods = ({
-  baseUrl,
-  realm,
-  tokenSelector
-}) => {
-  const requireAccess = withAccessToken(() => tokenSelector.ensureAccessToken());
-  return {
-    create: (params) => requireAccess((access) => createTicket(baseUrl, realm, access.tokenBase64, params)),
-    list: (params) => requireAccess((access) => listTickets(baseUrl, realm, access.tokenBase64, params)),
-    get: (ticketId) => requireAccess((access) => getTicket(baseUrl, realm, access.tokenBase64, ticketId)),
-    submit: (ticketId, params) => requireAccess(
-      (access) => submitTicket(baseUrl, realm, access.tokenBase64, ticketId, params)
-    )
-  };
-};
-
 // src/client/tokens.ts
-var createTokenMethods = ({
-  baseUrl,
-  realm,
-  store,
-  refreshManager,
-  tokenSelector
-}) => {
-  const requireUser = withUserToken(() => refreshManager.ensureValidUserToken());
-  const requireDelegate = withDelegateToken(() => tokenSelector.ensureDelegateToken());
+var createTokenMethods = ({ refreshManager }) => {
   return {
-    create: (params) => requireUser(async (user) => {
-      const result = await createToken(baseUrl, user.accessToken, params);
-      if (!result.ok) return result;
-      const newToken = toStoredToken(result.data);
-      if (params.realm === realm) {
-        if (params.type === "delegate") {
-          store.setDelegate(newToken);
-        } else {
-          store.setAccess(newToken);
-        }
+    refresh: async () => {
+      try {
+        await refreshManager.ensureValidUserToken();
+        return { ok: true, data: undefined, status: 200 };
+      } catch (err) {
+        return {
+          ok: false,
+          error: {
+            message: err.message,
+            code: "REFRESH_FAILED"
+          },
+          status: 0
+        };
       }
-      return { ok: true, data: newToken, status: result.status };
-    }),
-    list: (params) => requireUser((user) => listTokens(baseUrl, user.accessToken, params)),
-    revoke: (tokenId) => requireUser(async (user) => {
-      const result = await revokeToken(baseUrl, user.accessToken, tokenId);
-      if (!result.ok) return { ok: false, error: result.error };
-      const state = store.getState();
-      if (state.delegate?.tokenId === tokenId) store.setDelegate(null);
-      if (state.access?.tokenId === tokenId) store.setAccess(null);
-      return { ok: true, data: void 0, status: result.status };
-    }),
-    delegate: (params) => requireDelegate(async (delegate) => {
-      const result = await delegateToken(baseUrl, delegate.tokenBase64, params);
-      if (!result.ok) return result;
-      return { ok: true, data: toStoredToken(result.data), status: result.status };
-    })
+    }
   };
 };
-var toStoredToken = (response) => ({
-  tokenId: response.tokenId,
-  tokenBase64: response.tokenBase64,
-  type: response.type ?? "delegate",
-  issuerId: response.issuerId ?? "",
-  expiresAt: response.expiresAt,
-  canUpload: response.canUpload ?? false,
-  canManageDepot: response.canManageDepot ?? false
-});
 
 // src/client/index.ts
 var createClient = async (config) => {
-  const { baseUrl, realm, tokenStorage, onTokenChange, onAuthRequired, defaultTokenTtl } = config;
+  const { baseUrl, realm, tokenStorage, onTokenChange, onAuthRequired } = config;
   const store = createTokenStore({
     storage: tokenStorage,
     onTokenChange,
@@ -951,44 +856,38 @@ var createClient = async (config) => {
   const tokenSelector = createTokenSelector({
     store,
     baseUrl,
-    realm,
-    serverInfo,
-    defaultTokenTtl
+    realm
   });
   const deps = { baseUrl, realm, store, refreshManager, tokenSelector };
   return {
     getState: () => store.getState(),
     getServerInfo: () => serverInfo,
-    setDelegateToken: (token) => store.setDelegate(token),
-    setAccessToken: (token) => store.setAccess(token),
+    setRootDelegate: (delegate) => store.setRootDelegate(delegate),
+    getAccessToken: () => tokenSelector.ensureAccessToken(),
     logout: () => {
       refreshManager.cancelScheduledRefresh();
       store.clear();
     },
     oauth: createOAuthMethods(deps),
     tokens: createTokenMethods(deps),
-    tickets: createTicketMethods(deps),
+    delegates: createDelegateMethods(deps),
     depots: createDepotMethods(deps),
+    fs: createFsMethods(deps),
     nodes: createNodeMethods(deps)
   };
 };
 export {
-  DEFAULT_EXPIRY_BUFFER_MS,
-  api_exports as api,
-  createClient,
-  createRefreshManager,
-  createTokenSelector,
-  createTokenStore,
-  emptyTokenState,
-  getMaxIssuerId,
-  isAccessTokenFromMaxIssuer,
-  isAccessTokenValid,
-  isDelegateTokenFromCurrentUser,
-  isDelegateTokenValid,
-  isTokenExpiringSoon,
-  isTokenValid,
   isUserTokenValid,
-  shouldReissueAccessToken,
-  shouldReissueDelegateToken
+  isTokenValid,
+  isTokenExpiringSoon,
+  isStoredAccessTokenValid,
+  emptyTokenState,
+  createTokenStore,
+  createTokenSelector,
+  createRefreshManager,
+  createClient,
+  exports_api as api,
+  DEFAULT_EXPIRY_BUFFER_MS
 };
-//# sourceMappingURL=index.js.map
+
+//# debugId=5038FC2C1365EC6364756E2164756E21