npm - @commercengine/storefront-sdk - Versions diffs - 0.8.2 → 0.9.0 - Mend

@commercengine/storefront-sdk 0.8.2 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/index.iife.js CHANGED Viewed

@@ -24,8 +24,8 @@ function createClient(clientOptions) {
 			...typeof globalQuerySerializer === "object" ? globalQuerySerializer : {},
 			...requestQuerySerializer
 		});
-		const serializedBody = body === void 0 ? void 0 : bodySerializer(body, mergeHeaders$1(baseHeaders, headers, params.header));
-		const finalHeaders = mergeHeaders$1(serializedBody === void 0 || serializedBody instanceof FormData ? {} : { "Content-Type": "application/json" }, baseHeaders, headers, params.header);
+		const serializedBody = body === void 0 ? void 0 : bodySerializer(body, mergeHeaders(baseHeaders, headers, params.header));
+		const finalHeaders = mergeHeaders(serializedBody === void 0 || serializedBody instanceof FormData ? {} : { "Content-Type": "application/json" }, baseHeaders, headers, params.header);
 		const requestInit = {
 			redirect: "follow",
 			...baseOptions,
@@ -355,7 +355,7 @@ function createFinalURL(pathname, options) {
 	if (search) finalURL += `?${search}`;
 	return finalURL;
 }
-function mergeHeaders$1(...allHeaders) {
+function mergeHeaders(...allHeaders) {
 	const finalHeaders = new Headers();
 	for (const h of allHeaders) {
 		if (!h || typeof h !== "object") continue;
@@ -372,739 +372,916 @@ function removeTrailingSlash(url) {
 }
 //#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.13/node_modules/jose/dist/webapi/lib/buffer_utils.js
-const encoder = new TextEncoder();
-const decoder = new TextDecoder();
-const MAX_INT32 = 2 ** 32;
-//#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.13/node_modules/jose/dist/webapi/lib/base64.js
-function decodeBase64(encoded) {
-	if (Uint8Array.fromBase64) return Uint8Array.fromBase64(encoded);
-	const binary = atob(encoded);
-	const bytes = new Uint8Array(binary.length);
-	for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
-	return bytes;
-}
-//#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.13/node_modules/jose/dist/webapi/util/base64url.js
-function decode(input) {
-	if (Uint8Array.fromBase64) return Uint8Array.fromBase64(typeof input === "string" ? input : decoder.decode(input), { alphabet: "base64url" });
-	let encoded = input;
-	if (encoded instanceof Uint8Array) encoded = decoder.decode(encoded);
-	encoded = encoded.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
-	try {
-		return decodeBase64(encoded);
-	} catch {
-		throw new TypeError("The input to be decoded is not correctly encoded.");
+//#region ../sdk-core/dist/index.js
+/**
+* Response utilities for debugging and working with Response objects
+*/
+var ResponseUtils = class {
+	/**
+	* Get response headers as a plain object
+	*/
+	static getHeaders(response) {
+		return Object.fromEntries(response.headers.entries());
 	}
-}
-//#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.13/node_modules/jose/dist/webapi/util/errors.js
-var JOSEError = class extends Error {
-	static code = "ERR_JOSE_GENERIC";
-	code = "ERR_JOSE_GENERIC";
-	constructor(message, options) {
-		super(message, options);
-		this.name = this.constructor.name;
-		Error.captureStackTrace?.(this, this.constructor);
+	/**
+	* Get specific header value
+	*/
+	static getHeader(response, name) {
+		return response.headers.get(name);
 	}
-};
-var JWTInvalid = class extends JOSEError {
-	static code = "ERR_JWT_INVALID";
-	code = "ERR_JWT_INVALID";
-};
-var JWKSMultipleMatchingKeys = class extends JOSEError {
-	[Symbol.asyncIterator];
-	static code = "ERR_JWKS_MULTIPLE_MATCHING_KEYS";
-	code = "ERR_JWKS_MULTIPLE_MATCHING_KEYS";
-	constructor(message = "multiple matching keys found in the JSON Web Key Set", options) {
-		super(message, options);
+	/**
+	* Check if response was successful
+	*/
+	static isSuccess(response) {
+		return response.ok;
+	}
+	/**
+	* Get response metadata
+	*/
+	static getMetadata(response) {
+		return {
+			status: response.status,
+			statusText: response.statusText,
+			ok: response.ok,
+			url: response.url,
+			redirected: response.redirected,
+			type: response.type,
+			headers: Object.fromEntries(response.headers.entries())
+		};
+	}
+	/**
+	* Clone and read response as text (useful for debugging)
+	* Note: This can only be called once per response
+	*/
+	static async getText(response) {
+		const cloned = response.clone();
+		return await cloned.text();
+	}
+	/**
+	* Clone and read response as JSON (useful for debugging)
+	* Note: This can only be called once per response
+	*/
+	static async getJSON(response) {
+		const cloned = response.clone();
+		return await cloned.json();
+	}
+	/**
+	* Format response information for debugging
+	*/
+	static format(response) {
+		const metadata = this.getMetadata(response);
+		return `${metadata.status} ${metadata.statusText} - ${metadata.url}`;
+	}
+	/**
+	* Format response for logging purposes (enhanced version)
+	*/
+	static formatResponse(response) {
+		return {
+			status: response.status,
+			statusText: response.statusText,
+			url: response.url,
+			ok: response.ok
+		};
 	}
 };
-//#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.13/node_modules/jose/dist/webapi/lib/is_object.js
-function isObjectLike(value) {
-	return typeof value === "object" && value !== null;
-}
-var is_object_default = (input) => {
-	if (!isObjectLike(input) || Object.prototype.toString.call(input) !== "[object Object]") return false;
-	if (Object.getPrototypeOf(input) === null) return true;
-	let proto = input;
-	while (Object.getPrototypeOf(proto) !== null) proto = Object.getPrototypeOf(proto);
-	return Object.getPrototypeOf(input) === proto;
-};
-//#endregion
-//#region ../../node_modules/.pnpm/jose@6.0.13/node_modules/jose/dist/webapi/util/decode_jwt.js
-function decodeJwt(jwt) {
-	if (typeof jwt !== "string") throw new JWTInvalid("JWTs must use Compact JWS serialization, JWT must be a string");
-	const { 1: payload, length } = jwt.split(".");
-	if (length === 5) throw new JWTInvalid("Only JWTs using Compact JWS serialization can be decoded");
-	if (length !== 3) throw new JWTInvalid("Invalid JWT");
-	if (!payload) throw new JWTInvalid("JWTs must contain a payload");
-	let decoded;
-	try {
-		decoded = decode(payload);
-	} catch {
-		throw new JWTInvalid("Failed to base64url decode the payload");
+/**
+* Debug logging utilities
+*/
+var DebugLogger = class {
+	logger;
+	responseTextCache = /* @__PURE__ */ new Map();
+	constructor(logger) {
+		this.logger = logger || ((level, message, data) => {
+			console.log(`[${level.toUpperCase()}]`, message);
+			if (data) console.log(data);
+		});
 	}
-	let result;
-	try {
-		result = JSON.parse(decoder.decode(decoded));
-	} catch {
-		throw new JWTInvalid("Failed to parse the decoded payload as JSON");
+	/**
+	* Log debug information about API request
+	*/
+	logRequest(request, requestBody) {
+		this.logger("info", "API Request Debug Info", {
+			method: request.method,
+			url: request.url,
+			headers: Object.fromEntries(request.headers.entries()),
+			body: requestBody,
+			timestamp: (/* @__PURE__ */ new Date()).toISOString()
+		});
 	}
-	if (!is_object_default(result)) throw new JWTInvalid("Invalid JWT Claims Set");
-	return result;
-}
-//#endregion
-//#region src/lib/jwt-utils.ts
+	/**
+	* Log debug information about API response
+	*/
+	async logResponse(response, responseBody) {
+		if (responseBody && typeof responseBody === "string") this.responseTextCache.set(response.url, responseBody);
+		this.logger("info", "API Response Debug Info", {
+			url: response.url,
+			status: response.status,
+			statusText: response.statusText,
+			ok: response.ok,
+			headers: Object.fromEntries(response.headers.entries()),
+			redirected: response.redirected,
+			type: response.type,
+			timestamp: (/* @__PURE__ */ new Date()).toISOString()
+		});
+		if (responseBody) this.logger("info", "API Response Data", {
+			data: responseBody,
+			contentType: response.headers.get("content-type"),
+			contentLength: response.headers.get("content-length")
+		});
+	}
+	/**
+	* Log error information
+	*/
+	logError(message, error) {
+		this.logger("error", message, error);
+	}
+	/**
+	* Get cached response text for a URL (if available)
+	*/
+	getCachedResponseText(url) {
+		return this.responseTextCache.get(url) || null;
+	}
+	/**
+	* Clear cached response texts
+	*/
+	clearCache() {
+		this.responseTextCache.clear();
+	}
+	info(message, data) {
+		this.logger("info", message, data);
+	}
+	warn(message, data) {
+		this.logger("warn", message, data);
+	}
+	error(message, data) {
+		this.logger("error", message, data);
+	}
+};
 /**
-* Decode and extract user information from a JWT token
-*
-* @param token - The JWT token to decode
-* @returns User information or null if token is invalid
+* Extract request body for logging
 */
-function extractUserInfoFromToken(token) {
+async function extractRequestBody(request) {
+	if (request.method === "GET" || request.method === "HEAD") return null;
 	try {
-		const payload = decodeJwt(token);
-		return {
-			id: payload.ulid,
-			email: payload.email,
-			phone: payload.phone,
-			username: payload.username,
-			firstName: payload.first_name,
-			lastName: payload.last_name,
-			storeId: payload.store_id,
-			isLoggedIn: payload.is_logged_in,
-			isAnonymous: !payload.is_logged_in,
-			customerId: payload.customer_id,
-			customerGroupId: payload.customer_group_id,
-			anonymousId: payload.anonymous_id,
-			tokenExpiry: /* @__PURE__ */ new Date(payload.exp * 1e3),
-			tokenIssuedAt: /* @__PURE__ */ new Date(payload.iat * 1e3)
-		};
+		const clonedRequest = request.clone();
+		const contentType = request.headers.get("content-type")?.toLowerCase();
+		if (contentType?.startsWith("application/json")) return await clonedRequest.json();
+		else if (contentType?.startsWith("multipart/form-data")) return "[FormData - cannot display]";
+		else if (contentType?.startsWith("text/")) return await clonedRequest.text();
+		return "[Request body - unknown format]";
 	} catch (error) {
-		console.warn("Failed to decode JWT token:", error);
-		return null;
+		return "[Request body unavailable]";
 	}
 }
 /**
-* Check if a JWT token is expired
-*
-* @param token - The JWT token to check
-* @param bufferSeconds - Buffer time in seconds (default: 30)
-* @returns True if token is expired or will expire within buffer time
+* Create debug middleware for openapi-fetch (internal use)
+* Enhanced version that combines original functionality with duration tracking
 */
-function isTokenExpired(token, bufferSeconds = 30) {
-	try {
-		const payload = decodeJwt(token);
-		if (!payload.exp) return true;
-		const currentTime = Math.floor(Date.now() / 1e3);
-		const expiryTime = payload.exp;
-		return currentTime >= expiryTime - bufferSeconds;
-	} catch (error) {
-		console.warn("Failed to decode JWT token:", error);
-		return true;
-	}
-}
-/**
-* Get the user ID from a JWT token
-*
-* @param token - The JWT token
-* @returns User ID (ulid) or null if token is invalid
-*/
-function getUserIdFromToken(token) {
-	const userInfo = extractUserInfoFromToken(token);
-	return userInfo?.id || null;
+function createDebugMiddleware(logger) {
+	const debugLogger = new DebugLogger(logger);
+	return {
+		async onRequest({ request }) {
+			request.__debugStartTime = Date.now();
+			const requestBody = await extractRequestBody(request);
+			debugLogger.logRequest(request, requestBody);
+			return request;
+		},
+		async onResponse({ request, response }) {
+			const startTime = request.__debugStartTime;
+			const duration = startTime ? Date.now() - startTime : 0;
+			const cloned = response.clone();
+			let responseBody = null;
+			try {
+				const contentType = response.headers.get("content-type")?.toLowerCase();
+				if (contentType?.startsWith("application/json")) responseBody = await cloned.json();
+				else if (contentType?.startsWith("text/")) responseBody = await cloned.text();
+			} catch (error) {}
+			await debugLogger.logResponse(response, responseBody);
+			if (duration > 0) debugLogger.info(`Request completed in ${duration}ms`, {
+				url: request.url,
+				method: request.method
+			});
+			return response;
+		},
+		async onError({ error, request }) {
+			debugLogger.logError("API Request Failed", {
+				error: {
+					name: error instanceof Error ? error.name : "Unknown",
+					message: error instanceof Error ? error.message : String(error),
+					stack: error instanceof Error ? error.stack : void 0
+				},
+				request: {
+					method: request.method,
+					url: request.url,
+					headers: Object.fromEntries(request.headers.entries())
+				},
+				timestamp: (/* @__PURE__ */ new Date()).toISOString()
+			});
+			throw error;
+		}
+	};
 }
 /**
-* Check if user is logged in based on JWT token
-*
-* @param token - The JWT token
-* @returns True if user is logged in, false otherwise
+* Timeout middleware for Commerce Engine SDKs
 */
-function isUserLoggedIn(token) {
-	const userInfo = extractUserInfoFromToken(token);
-	return userInfo?.isLoggedIn || false;
-}
 /**
-* Check if user is anonymous based on JWT token
+* Create timeout middleware for openapi-fetch
+* Adds configurable request timeout functionality
 *
-* @param token - The JWT token
-* @returns True if user is anonymous, false otherwise
+* @param timeoutMs - Timeout duration in milliseconds
+* @returns Middleware object with onRequest handler
 */
-function isUserAnonymous(token) {
-	const userInfo = extractUserInfoFromToken(token);
-	return userInfo?.isAnonymous || true;
+function createTimeoutMiddleware(timeoutMs) {
+	return { onRequest: async ({ request }) => {
+		const controller = new AbortController();
+		const timeoutId = setTimeout(() => controller.abort(), timeoutMs);
+		if (request.signal) request.signal.addEventListener("abort", () => controller.abort());
+		const newRequest = new Request(request, { signal: controller.signal });
+		controller.signal.addEventListener("abort", () => clearTimeout(timeoutId));
+		return newRequest;
+	} };
 }
-//#endregion
-//#region src/lib/auth-utils.ts
 /**
-* Extract pathname from URL
+* Transform headers using a transformation mapping
+* Headers not in the transformation map are passed through unchanged
+*
+* @param headers - Headers object with original names
+* @param transformations - Mapping of original names to transformed names
+* @returns Headers object with transformed names
 */
-function getPathnameFromUrl(url) {
-	try {
-		const urlObj = new URL(url);
-		return urlObj.pathname;
-	} catch {
-		return url.split("?")[0];
+function transformHeaders(headers, transformations) {
+	const transformed = {};
+	for (const [key, value] of Object.entries(headers)) if (value !== void 0) {
+		const headerName = transformations[key] || key;
+		transformed[headerName] = value;
 	}
+	return transformed;
 }
 /**
-* Check if a URL path is an auth endpoint that should use API key
-*/
-function isAnonymousAuthEndpoint(pathname) {
-	return pathname.endsWith("/auth/anonymous");
-}
-/**
-* Check if a URL path is a login/register endpoint that returns tokens
+* Merge headers with transformation support
+* Transforms default headers, then merges with method headers
+*
+* @param defaultHeaders - Default headers from SDK configuration
+* @param methodHeaders - Headers passed to the specific method call
+* @param transformations - Mapping for header name transformations
+* @returns Merged headers object with transformations applied
 */
-function isTokenReturningEndpoint(pathname) {
-	const tokenEndpoints = [
-		"/auth/login/password",
-		"/auth/register/phone",
-		"/auth/register/email",
-		"/auth/verify-otp",
-		"/auth/refresh-token"
-	];
-	return tokenEndpoints.some((endpoint) => pathname.endsWith(endpoint));
+function mergeAndTransformHeaders(defaultHeaders, methodHeaders, transformations) {
+	const merged = {};
+	if (defaultHeaders && transformations) {
+		const transformedDefaults = transformHeaders(defaultHeaders, transformations);
+		Object.assign(merged, transformedDefaults);
+	} else if (defaultHeaders) Object.assign(merged, defaultHeaders);
+	if (methodHeaders) Object.assign(merged, methodHeaders);
+	Object.keys(merged).forEach((key) => {
+		if (merged[key] === void 0) delete merged[key];
+	});
+	return merged;
 }
 /**
-* Check if a URL path is the logout endpoint
+* Execute a request and handle the response consistently
+* This provides unified error handling and response processing across all SDKs
+*
+* @param apiCall - Function that executes the API request
+* @returns Promise with the API response in standardized format
 */
-function isLogoutEndpoint(pathname) {
-	return pathname.endsWith("/auth/logout");
+async function executeRequest(apiCall) {
+	try {
+		const { data, error, response } = await apiCall();
+		if (error) return {
+			data: null,
+			error,
+			response
+		};
+		if (data && data.content !== void 0) return {
+			data: data.content,
+			error: null,
+			response
+		};
+		return {
+			data,
+			error: null,
+			response
+		};
+	} catch (err) {
+		const mockResponse = new Response(null, {
+			status: 0,
+			statusText: "Network Error"
+		});
+		const errorResult = {
+			data: null,
+			error: {
+				success: false,
+				code: "NETWORK_ERROR",
+				message: "Network error occurred",
+				error: err
+			},
+			response: mockResponse
+		};
+		return errorResult;
+	}
 }
-//#endregion
-//#region src/lib/middleware.ts
 /**
-* Simple in-memory token storage implementation
+* Generic base API client that all Commerce Engine SDKs can extend
+* Handles common functionality like middleware setup, request execution, and header management
+* Does NOT include token management - that's SDK-specific
+*
+* @template TPaths - OpenAPI paths type
+* @template THeaders - Supported default headers type
 */
-var MemoryTokenStorage = class {
-	accessToken = null;
-	refreshToken = null;
-	async getAccessToken() {
-		return this.accessToken;
-	}
-	async setAccessToken(token) {
-		this.accessToken = token;
-	}
-	async getRefreshToken() {
-		return this.refreshToken;
-	}
-	async setRefreshToken(token) {
-		this.refreshToken = token;
-	}
-	async clearTokens() {
-		this.accessToken = null;
-		this.refreshToken = null;
+var BaseAPIClient = class {
+	client;
+	config;
+	baseUrl;
+	headerTransformations;
+	/**
+	* Create a new BaseAPIClient
+	*
+	* @param config - Configuration for the API client
+	* @param baseUrl - The base URL for the API (must be provided by subclass)
+	* @param headerTransformations - Header name transformations for this SDK
+	*/
+	constructor(config, baseUrl, headerTransformations = {}) {
+		this.config = { ...config };
+		this.headerTransformations = headerTransformations;
+		this.baseUrl = baseUrl;
+		this.client = createClient({ baseUrl: this.baseUrl });
+		this.setupMiddleware();
 	}
-};
-/**
-* Browser localStorage token storage implementation
-*/
-var BrowserTokenStorage = class {
-	accessTokenKey;
-	refreshTokenKey;
-	constructor(prefix = "storefront_") {
-		this.accessTokenKey = `${prefix}access_token`;
-		this.refreshTokenKey = `${prefix}refresh_token`;
+	/**
+	* Set up all middleware for the client
+	*/
+	setupMiddleware() {
+		if (this.config.timeout) {
+			const timeoutMiddleware = createTimeoutMiddleware(this.config.timeout);
+			this.client.use(timeoutMiddleware);
+		}
+		if (this.config.debug) {
+			const debugMiddleware = createDebugMiddleware(this.config.logger);
+			this.client.use(debugMiddleware);
+		}
 	}
-	async getAccessToken() {
-		if (typeof localStorage === "undefined") return null;
-		return localStorage.getItem(this.accessTokenKey);
+	/**
+	* Get the base URL of the API
+	*
+	* @returns The base URL of the API
+	*/
+	getBaseUrl() {
+		return this.baseUrl;
 	}
-	async setAccessToken(token) {
-		if (typeof localStorage !== "undefined") localStorage.setItem(this.accessTokenKey, token);
+	/**
+	* Execute a request and handle the response consistently
+	* This provides unified error handling and response processing
+	*
+	* @param apiCall - Function that executes the API request
+	* @returns Promise with the API response in standardized format
+	*/
+	async executeRequest(apiCall) {
+		return executeRequest(apiCall);
 	}
-	async getRefreshToken() {
-		if (typeof localStorage === "undefined") return null;
-		return localStorage.getItem(this.refreshTokenKey);
+	/**
+	* Merge default headers with method-level headers
+	* Method-level headers take precedence over default headers
+	* Automatically applies SDK-specific header transformations
+	*
+	* @param methodHeaders - Headers passed to the specific method call
+	* @returns Merged headers object with proper HTTP header names
+	*/
+	mergeHeaders(methodHeaders) {
+		return mergeAndTransformHeaders(this.config.defaultHeaders, methodHeaders, this.headerTransformations);
 	}
-	async setRefreshToken(token) {
-		if (typeof localStorage !== "undefined") localStorage.setItem(this.refreshTokenKey, token);
+	/**
+	* Set default headers for the client
+	*
+	* @param headers - Default headers to set
+	*/
+	setDefaultHeaders(headers) {
+		this.config.defaultHeaders = headers;
 	}
-	async clearTokens() {
-		if (typeof localStorage !== "undefined") {
-			localStorage.removeItem(this.accessTokenKey);
-			localStorage.removeItem(this.refreshTokenKey);
-		}
+	/**
+	* Get current default headers
+	*
+	* @returns Current default headers
+	*/
+	getDefaultHeaders() {
+		return this.config.defaultHeaders;
 	}
 };
 /**
-* Cookie-based token storage implementation
+* Generic URL utility functions for any SDK
 */
-var CookieTokenStorage = class {
-	accessTokenKey;
-	refreshTokenKey;
-	options;
-	constructor(options = {}) {
-		const prefix = options.prefix || "storefront_";
-		this.accessTokenKey = `${prefix}access_token`;
-		this.refreshTokenKey = `${prefix}refresh_token`;
-		this.options = {
-			maxAge: options.maxAge || 10080 * 60,
-			path: options.path || "/",
-			domain: options.domain,
-			secure: options.secure ?? (typeof window !== "undefined" && window.location?.protocol === "https:"),
-			sameSite: options.sameSite || "Lax",
-			httpOnly: false
-		};
-	}
-	async getAccessToken() {
-		return this.getCookie(this.accessTokenKey);
-	}
-	async setAccessToken(token) {
-		this.setCookie(this.accessTokenKey, token);
-	}
-	async getRefreshToken() {
-		return this.getCookie(this.refreshTokenKey);
+/**
+* Extract pathname from URL
+* Useful for middleware that needs to inspect request paths
+*/
+function getPathnameFromUrl(url) {
+	try {
+		const urlObj = new URL(url);
+		return urlObj.pathname;
+	} catch {
+		return url.split("?")[0] || url;
 	}
-	async setRefreshToken(token) {
-		this.setCookie(this.refreshTokenKey, token);
+}
+//#endregion
+//#region ../../node_modules/.pnpm/jose@6.0.13/node_modules/jose/dist/webapi/lib/buffer_utils.js
+const encoder = new TextEncoder();
+const decoder = new TextDecoder();
+const MAX_INT32 = 2 ** 32;
+//#endregion
+//#region ../../node_modules/.pnpm/jose@6.0.13/node_modules/jose/dist/webapi/lib/base64.js
+function decodeBase64(encoded) {
+	if (Uint8Array.fromBase64) return Uint8Array.fromBase64(encoded);
+	const binary = atob(encoded);
+	const bytes = new Uint8Array(binary.length);
+	for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
+	return bytes;
+}
+//#endregion
+//#region ../../node_modules/.pnpm/jose@6.0.13/node_modules/jose/dist/webapi/util/base64url.js
+function decode(input) {
+	if (Uint8Array.fromBase64) return Uint8Array.fromBase64(typeof input === "string" ? input : decoder.decode(input), { alphabet: "base64url" });
+	let encoded = input;
+	if (encoded instanceof Uint8Array) encoded = decoder.decode(encoded);
+	encoded = encoded.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
+	try {
+		return decodeBase64(encoded);
+	} catch {
+		throw new TypeError("The input to be decoded is not correctly encoded.");
 	}
-	async clearTokens() {
-		this.deleteCookie(this.accessTokenKey);
-		this.deleteCookie(this.refreshTokenKey);
+}
+//#endregion
+//#region ../../node_modules/.pnpm/jose@6.0.13/node_modules/jose/dist/webapi/util/errors.js
+var JOSEError = class extends Error {
+	static code = "ERR_JOSE_GENERIC";
+	code = "ERR_JOSE_GENERIC";
+	constructor(message, options) {
+		super(message, options);
+		this.name = this.constructor.name;
+		Error.captureStackTrace?.(this, this.constructor);
 	}
-	getCookie(name) {
-		if (typeof document === "undefined") return null;
-		const value = `; ${document.cookie}`;
-		const parts = value.split(`; ${name}=`);
-		if (parts.length === 2) {
-			const cookieValue = parts.pop()?.split(";").shift();
-			return cookieValue ? decodeURIComponent(cookieValue) : null;
-		}
-		return null;
+};
+var JWTInvalid = class extends JOSEError {
+	static code = "ERR_JWT_INVALID";
+	code = "ERR_JWT_INVALID";
+};
+var JWKSMultipleMatchingKeys = class extends JOSEError {
+	[Symbol.asyncIterator];
+	static code = "ERR_JWKS_MULTIPLE_MATCHING_KEYS";
+	code = "ERR_JWKS_MULTIPLE_MATCHING_KEYS";
+	constructor(message = "multiple matching keys found in the JSON Web Key Set", options) {
+		super(message, options);
 	}
-	setCookie(name, value) {
-		if (typeof document === "undefined") return;
-		const encodedValue = encodeURIComponent(value);
-		let cookieString = `${name}=${encodedValue}`;
-		if (this.options.maxAge) cookieString += `; Max-Age=${this.options.maxAge}`;
-		if (this.options.path) cookieString += `; Path=${this.options.path}`;
-		if (this.options.domain) cookieString += `; Domain=${this.options.domain}`;
-		if (this.options.secure) cookieString += `; Secure`;
-		if (this.options.sameSite) cookieString += `; SameSite=${this.options.sameSite}`;
-		document.cookie = cookieString;
+};
+//#endregion
+//#region ../../node_modules/.pnpm/jose@6.0.13/node_modules/jose/dist/webapi/lib/is_object.js
+function isObjectLike(value) {
+	return typeof value === "object" && value !== null;
+}
+var is_object_default = (input) => {
+	if (!isObjectLike(input) || Object.prototype.toString.call(input) !== "[object Object]") return false;
+	if (Object.getPrototypeOf(input) === null) return true;
+	let proto = input;
+	while (Object.getPrototypeOf(proto) !== null) proto = Object.getPrototypeOf(proto);
+	return Object.getPrototypeOf(input) === proto;
+};
+//#endregion
+//#region ../../node_modules/.pnpm/jose@6.0.13/node_modules/jose/dist/webapi/util/decode_jwt.js
+function decodeJwt(jwt) {
+	if (typeof jwt !== "string") throw new JWTInvalid("JWTs must use Compact JWS serialization, JWT must be a string");
+	const { 1: payload, length } = jwt.split(".");
+	if (length === 5) throw new JWTInvalid("Only JWTs using Compact JWS serialization can be decoded");
+	if (length !== 3) throw new JWTInvalid("Invalid JWT");
+	if (!payload) throw new JWTInvalid("JWTs must contain a payload");
+	let decoded;
+	try {
+		decoded = decode(payload);
+	} catch {
+		throw new JWTInvalid("Failed to base64url decode the payload");
 	}
-	deleteCookie(name) {
-		if (typeof document === "undefined") return;
-		let cookieString = `${name}=; Max-Age=0`;
-		if (this.options.path) cookieString += `; Path=${this.options.path}`;
-		if (this.options.domain) cookieString += `; Domain=${this.options.domain}`;
-		document.cookie = cookieString;
+	let result;
+	try {
+		result = JSON.parse(decoder.decode(decoded));
+	} catch {
+		throw new JWTInvalid("Failed to parse the decoded payload as JSON");
 	}
-};
+	if (!is_object_default(result)) throw new JWTInvalid("Invalid JWT Claims Set");
+	return result;
+}
+//#endregion
+//#region src/lib/jwt-utils.ts
 /**
-* Create authentication middleware for openapi-fetch
+* Decode and extract user information from a JWT token
+*
+* @param token - The JWT token to decode
+* @returns User information or null if token is invalid
 */
-function createAuthMiddleware(config) {
-	let isRefreshing = false;
-	let refreshPromise = null;
-	let hasAssessedTokens = false;
-	const assessTokenStateOnce = async () => {
-		if (hasAssessedTokens) return;
-		hasAssessedTokens = true;
-		try {
-			const accessToken = await config.tokenStorage.getAccessToken();
-			const refreshToken = await config.tokenStorage.getRefreshToken();
-			if (!accessToken && refreshToken) {
-				await config.tokenStorage.clearTokens();
-				console.info("Cleaned up orphaned refresh token");
-			}
-		} catch (error) {
-			console.warn("Token state assessment failed:", error);
-		}
-	};
-	const refreshTokens = async () => {
-		if (isRefreshing && refreshPromise) return refreshPromise;
-		isRefreshing = true;
-		refreshPromise = (async () => {
-			try {
-				const refreshToken = await config.tokenStorage.getRefreshToken();
-				let newTokens;
-				if (refreshToken && !isTokenExpired(refreshToken)) if (config.refreshTokenFn) newTokens = await config.refreshTokenFn(refreshToken);
-				else {
-					const response = await fetch(`${config.baseUrl}/auth/refresh-token`, {
-						method: "POST",
-						headers: { "Content-Type": "application/json" },
-						body: JSON.stringify({ refresh_token: refreshToken })
-					});
-					if (!response.ok) throw new Error(`Token refresh failed: ${response.status}`);
-					const data = await response.json();
-					newTokens = data.content;
-				}
-				else {
-					const currentAccessToken = await config.tokenStorage.getAccessToken();
-					if (!currentAccessToken) throw new Error("No tokens available for refresh");
-					const reason = refreshToken ? "refresh token expired" : "no refresh token available";
-					const response = await fetch(`${config.baseUrl}/auth/anonymous`, {
-						method: "POST",
-						headers: {
-							"Content-Type": "application/json",
-							...config.apiKey && { "X-Api-Key": config.apiKey },
-							Authorization: `Bearer ${currentAccessToken}`
-						}
-					});
-					if (!response.ok) throw new Error(`Anonymous token fallback failed: ${response.status}`);
-					const data = await response.json();
-					newTokens = data.content;
-					console.info(`Token refreshed via anonymous fallback (${reason}) - user may need to re-authenticate for privileged operations`);
-				}
-				await config.tokenStorage.setAccessToken(newTokens.access_token);
-				await config.tokenStorage.setRefreshToken(newTokens.refresh_token);
-				config.onTokensUpdated?.(newTokens.access_token, newTokens.refresh_token);
-			} catch (error) {
-				console.error("Token refresh failed:", error);
-				await config.tokenStorage.clearTokens();
-				config.onTokensCleared?.();
-				throw error;
-			} finally {
-				isRefreshing = false;
-				refreshPromise = null;
-			}
-		})();
-		return refreshPromise;
-	};
-	return {
-		async onRequest({ request }) {
-			const pathname = getPathnameFromUrl(request.url);
-			await assessTokenStateOnce();
-			if (isAnonymousAuthEndpoint(pathname)) {
-				if (config.apiKey) request.headers.set("X-Api-Key", config.apiKey);
-				const existingToken = await config.tokenStorage.getAccessToken();
-				if (existingToken && !isTokenExpired(existingToken) && isUserLoggedIn(existingToken)) return new Response(JSON.stringify({
-					message: "Cannot create anonymous session while authenticated",
-					success: false,
-					code: "USER_ALREADY_AUTHENTICATED"
-				}), {
-					status: 400,
-					headers: { "Content-Type": "application/json" }
-				});
-				if (existingToken) request.headers.set("Authorization", `Bearer ${existingToken}`);
-				return request;
-			}
-			let accessToken = await config.tokenStorage.getAccessToken();
-			if (!accessToken) try {
-				const response = await fetch(`${config.baseUrl}/auth/anonymous`, {
-					method: "POST",
-					headers: {
-						"Content-Type": "application/json",
-						...config.apiKey && { "X-Api-Key": config.apiKey }
-					}
-				});
-				if (response.ok) {
-					const data = await response.json();
-					const tokens = data.content;
-					if (tokens?.access_token && tokens?.refresh_token) {
-						await config.tokenStorage.setAccessToken(tokens.access_token);
-						await config.tokenStorage.setRefreshToken(tokens.refresh_token);
-						accessToken = tokens.access_token;
-						config.onTokensUpdated?.(tokens.access_token, tokens.refresh_token);
-						console.info("Automatically created anonymous session for first API request");
-					}
-				}
-			} catch (error) {
-				console.warn("Failed to automatically create anonymous tokens:", error);
-			}
-			if (accessToken && isTokenExpired(accessToken)) try {
-				await refreshTokens();
-				accessToken = await config.tokenStorage.getAccessToken();
-			} catch (error) {}
-			if (accessToken) request.headers.set("Authorization", `Bearer ${accessToken}`);
-			return request;
-		},
-		async onResponse({ request, response }) {
-			const pathname = getPathnameFromUrl(request.url);
-			if (response.ok) {
-				if (isTokenReturningEndpoint(pathname) || isAnonymousAuthEndpoint(pathname)) try {
-					const data = await response.clone().json();
-					const content = data.content;
-					if (content?.access_token && content?.refresh_token) {
-						await config.tokenStorage.setAccessToken(content.access_token);
-						await config.tokenStorage.setRefreshToken(content.refresh_token);
-						config.onTokensUpdated?.(content.access_token, content.refresh_token);
-					}
-				} catch (error) {
-					console.warn("Failed to extract tokens from response:", error);
-				}
-				else if (isLogoutEndpoint(pathname)) {
-					await config.tokenStorage.clearTokens();
-					config.onTokensCleared?.();
-				}
-			}
-			if (response.status === 401 && !isAnonymousAuthEndpoint(pathname)) {
-				const currentToken = await config.tokenStorage.getAccessToken();
-				if (currentToken && isTokenExpired(currentToken, 0)) try {
-					await refreshTokens();
-					const newToken = await config.tokenStorage.getAccessToken();
-					if (newToken) {
-						const retryRequest = request.clone();
-						retryRequest.headers.set("Authorization", `Bearer ${newToken}`);
-						return fetch(retryRequest);
-					}
-				} catch (error) {
-					console.warn("Token refresh failed on 401 response:", error);
-				}
-			}
-			return response;
-		}
-	};
+function extractUserInfoFromToken(token) {
+	try {
+		const payload = decodeJwt(token);
+		return {
+			id: payload.ulid,
+			email: payload.email,
+			phone: payload.phone,
+			username: payload.username,
+			firstName: payload.first_name,
+			lastName: payload.last_name,
+			storeId: payload.store_id,
+			isLoggedIn: payload.is_logged_in,
+			isAnonymous: !payload.is_logged_in,
+			customerId: payload.customer_id,
+			customerGroupId: payload.customer_group_id,
+			anonymousId: payload.anonymous_id,
+			tokenExpiry: /* @__PURE__ */ new Date(payload.exp * 1e3),
+			tokenIssuedAt: /* @__PURE__ */ new Date(payload.iat * 1e3)
+		};
+	} catch (error) {
+		console.warn("Failed to decode JWT token:", error);
+		return null;
+	}
 }
 /**
-* Helper function to create auth middleware with sensible defaults
+* Check if a JWT token is expired
+*
+* @param token - The JWT token to check
+* @param bufferSeconds - Buffer time in seconds (default: 30)
+* @returns True if token is expired or will expire within buffer time
+*/
+function isTokenExpired(token, bufferSeconds = 30) {
+	try {
+		const payload = decodeJwt(token);
+		if (!payload.exp) return true;
+		const currentTime = Math.floor(Date.now() / 1e3);
+		const expiryTime = payload.exp;
+		return currentTime >= expiryTime - bufferSeconds;
+	} catch (error) {
+		console.warn("Failed to decode JWT token:", error);
+		return true;
+	}
+}
+/**
+* Get the user ID from a JWT token
+*
+* @param token - The JWT token
+* @returns User ID (ulid) or null if token is invalid
+*/
+function getUserIdFromToken(token) {
+	const userInfo = extractUserInfoFromToken(token);
+	return userInfo?.id || null;
+}
+/**
+* Check if user is logged in based on JWT token
+*
+* @param token - The JWT token
+* @returns True if user is logged in, false otherwise
+*/
+function isUserLoggedIn(token) {
+	const userInfo = extractUserInfoFromToken(token);
+	return userInfo?.isLoggedIn || false;
+}
+/**
+* Check if user is anonymous based on JWT token
+*
+* @param token - The JWT token
+* @returns True if user is anonymous, false otherwise
+*/
+function isUserAnonymous(token) {
+	const userInfo = extractUserInfoFromToken(token);
+	return userInfo?.isAnonymous || true;
+}
+//#endregion
+//#region src/lib/auth-utils.ts
+/**
+* Check if a URL path is an auth endpoint that should use API key
+*/
+function isAnonymousAuthEndpoint(pathname) {
+	return pathname.endsWith("/auth/anonymous");
+}
+/**
+* Check if a URL path is a login/register endpoint that returns tokens
+*/
+function isTokenReturningEndpoint(pathname) {
+	const tokenEndpoints = [
+		"/auth/login/password",
+		"/auth/register/phone",
+		"/auth/register/email",
+		"/auth/verify-otp",
+		"/auth/refresh-token"
+	];
+	return tokenEndpoints.some((endpoint) => pathname.endsWith(endpoint));
+}
+/**
+* Check if a URL path is the logout endpoint
 */
-function createDefaultAuthMiddleware(options) {
-	const tokenStorage = options.tokenStorage || (typeof localStorage !== "undefined" ? new BrowserTokenStorage() : new MemoryTokenStorage());
-	return createAuthMiddleware({
-		tokenStorage,
-		apiKey: options.apiKey,
-		baseUrl: options.baseUrl,
-		onTokensUpdated: options.onTokensUpdated,
-		onTokensCleared: options.onTokensCleared
-	});
+function isLogoutEndpoint(pathname) {
+	return pathname.endsWith("/auth/logout");
 }
 //#endregion
-//#region src/lib/logger-utils.ts
+//#region src/lib/middleware.ts
 /**
-* Response utilities for debugging and working with Response objects
+* Simple in-memory token storage implementation
 */
-var ResponseUtils = class {
-	/**
-	* Get response headers as a plain object
-	*/
-	static getHeaders(response) {
-		return Object.fromEntries(response.headers.entries());
-	}
-	/**
-	* Get specific header value
-	*/
-	static getHeader(response, name) {
-		return response.headers.get(name);
-	}
-	/**
-	* Check if response was successful
-	*/
-	static isSuccess(response) {
-		return response.ok;
+var MemoryTokenStorage = class {
+	accessToken = null;
+	refreshToken = null;
+	async getAccessToken() {
+		return this.accessToken;
 	}
-	/**
-	* Get response metadata
-	*/
-	static getMetadata(response) {
-		return {
-			status: response.status,
-			statusText: response.statusText,
-			ok: response.ok,
-			url: response.url,
-			redirected: response.redirected,
-			type: response.type,
-			headers: Object.fromEntries(response.headers.entries())
-		};
+	async setAccessToken(token) {
+		this.accessToken = token;
 	}
-	/**
-	* Clone and read response as text (useful for debugging)
-	* Note: This can only be called once per response
-	*/
-	static async getText(response) {
-		const cloned = response.clone();
-		return await cloned.text();
+	async getRefreshToken() {
+		return this.refreshToken;
 	}
-	/**
-	* Clone and read response as JSON (useful for debugging)
-	* Note: This can only be called once per response
-	*/
-	static async getJSON(response) {
-		const cloned = response.clone();
-		return await cloned.json();
+	async setRefreshToken(token) {
+		this.refreshToken = token;
 	}
-	/**
-	* Format response information for debugging
-	*/
-	static format(response) {
-		const metadata = this.getMetadata(response);
-		return `${metadata.status} ${metadata.statusText} - ${metadata.url}`;
+	async clearTokens() {
+		this.accessToken = null;
+		this.refreshToken = null;
 	}
 };
 /**
-* Debug logging utilities
+* Browser localStorage token storage implementation
 */
-var DebugLogger = class {
-	logger;
-	responseTextCache = /* @__PURE__ */ new Map();
-	constructor(logger) {
-		this.logger = logger || ((level, message, data) => {
-			console.log(`[${level.toUpperCase()}]`, message);
-			if (data) console.log(data);
-		});
+var BrowserTokenStorage = class {
+	accessTokenKey;
+	refreshTokenKey;
+	constructor(prefix = "storefront_") {
+		this.accessTokenKey = `${prefix}access_token`;
+		this.refreshTokenKey = `${prefix}refresh_token`;
 	}
-	/**
-	* Log debug information about API request
-	*/
-	logRequest(request, requestBody) {
-		this.logger("info", "API Request Debug Info", {
-			method: request.method,
-			url: request.url,
-			headers: Object.fromEntries(request.headers.entries()),
-			body: requestBody,
-			timestamp: (/* @__PURE__ */ new Date()).toISOString()
-		});
+	async getAccessToken() {
+		if (typeof localStorage === "undefined") return null;
+		return localStorage.getItem(this.accessTokenKey);
 	}
-	/**
-	* Log debug information about API response
-	*/
-	async logResponse(response, responseBody) {
-		if (responseBody && typeof responseBody === "string") this.responseTextCache.set(response.url, responseBody);
-		this.logger("info", "API Response Debug Info", {
-			url: response.url,
-			status: response.status,
-			statusText: response.statusText,
-			ok: response.ok,
-			headers: Object.fromEntries(response.headers.entries()),
-			redirected: response.redirected,
-			type: response.type,
-			timestamp: (/* @__PURE__ */ new Date()).toISOString()
-		});
-		if (responseBody) this.logger("info", "API Response Data", {
-			data: responseBody,
-			contentType: response.headers.get("content-type"),
-			contentLength: response.headers.get("content-length")
-		});
+	async setAccessToken(token) {
+		if (typeof localStorage !== "undefined") localStorage.setItem(this.accessTokenKey, token);
 	}
-	/**
-	* Log error information
-	*/
-	logError(message, error) {
-		this.logger("error", message, error);
+	async getRefreshToken() {
+		if (typeof localStorage === "undefined") return null;
+		return localStorage.getItem(this.refreshTokenKey);
 	}
-	/**
-	* Get cached response text for a URL (if available)
-	*/
-	getCachedResponseText(url) {
-		return this.responseTextCache.get(url) || null;
+	async setRefreshToken(token) {
+		if (typeof localStorage !== "undefined") localStorage.setItem(this.refreshTokenKey, token);
 	}
-	/**
-	* Clear cached response texts
-	*/
-	clearCache() {
-		this.responseTextCache.clear();
+	async clearTokens() {
+		if (typeof localStorage !== "undefined") {
+			localStorage.removeItem(this.accessTokenKey);
+			localStorage.removeItem(this.refreshTokenKey);
+		}
 	}
 };
 /**
-* Extract request body for logging
+* Cookie-based token storage implementation
 */
-async function extractRequestBody(request) {
-	if (request.method === "GET" || request.method === "HEAD") return null;
-	try {
-		const clonedRequest = request.clone();
-		const contentType = request.headers.get("content-type")?.toLowerCase();
-		if (contentType?.startsWith("application/json")) return await clonedRequest.json();
-		else if (contentType?.startsWith("multipart/form-data")) return "[FormData - cannot display]";
-		else if (contentType?.startsWith("text/")) return await clonedRequest.text();
-		return "[Request body - unknown format]";
-	} catch (error) {
-		return "[Request body unavailable]";
+var CookieTokenStorage = class {
+	accessTokenKey;
+	refreshTokenKey;
+	options;
+	constructor(options = {}) {
+		const prefix = options.prefix || "storefront_";
+		this.accessTokenKey = `${prefix}access_token`;
+		this.refreshTokenKey = `${prefix}refresh_token`;
+		this.options = {
+			maxAge: options.maxAge || 10080 * 60,
+			path: options.path || "/",
+			domain: options.domain,
+			secure: options.secure ?? (typeof window !== "undefined" && window.location?.protocol === "https:"),
+			sameSite: options.sameSite || "Lax",
+			httpOnly: false
+		};
 	}
-}
+	async getAccessToken() {
+		return this.getCookie(this.accessTokenKey);
+	}
+	async setAccessToken(token) {
+		this.setCookie(this.accessTokenKey, token);
+	}
+	async getRefreshToken() {
+		return this.getCookie(this.refreshTokenKey);
+	}
+	async setRefreshToken(token) {
+		this.setCookie(this.refreshTokenKey, token);
+	}
+	async clearTokens() {
+		this.deleteCookie(this.accessTokenKey);
+		this.deleteCookie(this.refreshTokenKey);
+	}
+	getCookie(name) {
+		if (typeof document === "undefined") return null;
+		const value = `; ${document.cookie}`;
+		const parts = value.split(`; ${name}=`);
+		if (parts.length === 2) {
+			const cookieValue = parts.pop()?.split(";").shift();
+			return cookieValue ? decodeURIComponent(cookieValue) : null;
+		}
+		return null;
+	}
+	setCookie(name, value) {
+		if (typeof document === "undefined") return;
+		const encodedValue = encodeURIComponent(value);
+		let cookieString = `${name}=${encodedValue}`;
+		if (this.options.maxAge) cookieString += `; Max-Age=${this.options.maxAge}`;
+		if (this.options.path) cookieString += `; Path=${this.options.path}`;
+		if (this.options.domain) cookieString += `; Domain=${this.options.domain}`;
+		if (this.options.secure) cookieString += `; Secure`;
+		if (this.options.sameSite) cookieString += `; SameSite=${this.options.sameSite}`;
+		document.cookie = cookieString;
+	}
+	deleteCookie(name) {
+		if (typeof document === "undefined") return;
+		let cookieString = `${name}=; Max-Age=0`;
+		if (this.options.path) cookieString += `; Path=${this.options.path}`;
+		if (this.options.domain) cookieString += `; Domain=${this.options.domain}`;
+		document.cookie = cookieString;
+	}
+};
 /**
-* Create debug middleware for openapi-fetch (internal use)
+* Create authentication middleware for openapi-fetch
 */
-function createDebugMiddleware(logger) {
-	const debugLogger = new DebugLogger(logger);
+function createAuthMiddleware(config) {
+	let isRefreshing = false;
+	let refreshPromise = null;
+	let hasAssessedTokens = false;
+	const assessTokenStateOnce = async () => {
+		if (hasAssessedTokens) return;
+		hasAssessedTokens = true;
+		try {
+			const accessToken = await config.tokenStorage.getAccessToken();
+			const refreshToken = await config.tokenStorage.getRefreshToken();
+			if (!accessToken && refreshToken) {
+				await config.tokenStorage.clearTokens();
+				console.info("Cleaned up orphaned refresh token");
+			}
+		} catch (error) {
+			console.warn("Token state assessment failed:", error);
+		}
+	};
+	const refreshTokens = async () => {
+		if (isRefreshing && refreshPromise) return refreshPromise;
+		isRefreshing = true;
+		refreshPromise = (async () => {
+			try {
+				const refreshToken = await config.tokenStorage.getRefreshToken();
+				let newTokens;
+				if (refreshToken && !isTokenExpired(refreshToken)) if (config.refreshTokenFn) newTokens = await config.refreshTokenFn(refreshToken);
+				else {
+					const response = await fetch(`${config.baseUrl}/auth/refresh-token`, {
+						method: "POST",
+						headers: { "Content-Type": "application/json" },
+						body: JSON.stringify({ refresh_token: refreshToken })
+					});
+					if (!response.ok) throw new Error(`Token refresh failed: ${response.status}`);
+					const data = await response.json();
+					newTokens = data.content;
+				}
+				else {
+					const currentAccessToken = await config.tokenStorage.getAccessToken();
+					if (!currentAccessToken) throw new Error("No tokens available for refresh");
+					const reason = refreshToken ? "refresh token expired" : "no refresh token available";
+					const response = await fetch(`${config.baseUrl}/auth/anonymous`, {
+						method: "POST",
+						headers: {
+							"Content-Type": "application/json",
+							...config.apiKey && { "X-Api-Key": config.apiKey },
+							Authorization: `Bearer ${currentAccessToken}`
+						}
+					});
+					if (!response.ok) throw new Error(`Anonymous token fallback failed: ${response.status}`);
+					const data = await response.json();
+					newTokens = data.content;
+					console.info(`Token refreshed via anonymous fallback (${reason}) - user may need to re-authenticate for privileged operations`);
+				}
+				await config.tokenStorage.setAccessToken(newTokens.access_token);
+				await config.tokenStorage.setRefreshToken(newTokens.refresh_token);
+				config.onTokensUpdated?.(newTokens.access_token, newTokens.refresh_token);
+			} catch (error) {
+				console.error("Token refresh failed:", error);
+				await config.tokenStorage.clearTokens();
+				config.onTokensCleared?.();
+				throw error;
+			} finally {
+				isRefreshing = false;
+				refreshPromise = null;
+			}
+		})();
+		return refreshPromise;
+	};
 	return {
 		async onRequest({ request }) {
-			const requestBody = await extractRequestBody(request);
-			debugLogger.logRequest(request, requestBody);
+			const pathname = getPathnameFromUrl(request.url);
+			await assessTokenStateOnce();
+			if (isAnonymousAuthEndpoint(pathname)) {
+				if (config.apiKey) request.headers.set("X-Api-Key", config.apiKey);
+				const existingToken = await config.tokenStorage.getAccessToken();
+				if (existingToken && !isTokenExpired(existingToken) && isUserLoggedIn(existingToken)) return new Response(JSON.stringify({
+					message: "Cannot create anonymous session while authenticated",
+					success: false,
+					code: "USER_ALREADY_AUTHENTICATED"
+				}), {
+					status: 400,
+					headers: { "Content-Type": "application/json" }
+				});
+				if (existingToken) request.headers.set("Authorization", `Bearer ${existingToken}`);
+				return request;
+			}
+			let accessToken = await config.tokenStorage.getAccessToken();
+			if (!accessToken) try {
+				const response = await fetch(`${config.baseUrl}/auth/anonymous`, {
+					method: "POST",
+					headers: {
+						"Content-Type": "application/json",
+						...config.apiKey && { "X-Api-Key": config.apiKey }
+					}
+				});
+				if (response.ok) {
+					const data = await response.json();
+					const tokens = data.content;
+					if (tokens?.access_token && tokens?.refresh_token) {
+						await config.tokenStorage.setAccessToken(tokens.access_token);
+						await config.tokenStorage.setRefreshToken(tokens.refresh_token);
+						accessToken = tokens.access_token;
+						config.onTokensUpdated?.(tokens.access_token, tokens.refresh_token);
+						console.info("Automatically created anonymous session for first API request");
+					}
+				}
+			} catch (error) {
+				console.warn("Failed to automatically create anonymous tokens:", error);
+			}
+			if (accessToken && isTokenExpired(accessToken)) try {
+				await refreshTokens();
+				accessToken = await config.tokenStorage.getAccessToken();
+			} catch (error) {}
+			if (accessToken) request.headers.set("Authorization", `Bearer ${accessToken}`);
 			return request;
 		},
-		async onResponse({ response }) {
-			const cloned = response.clone();
-			let responseBody = null;
-			try {
-				const contentType = response.headers.get("content-type")?.toLowerCase();
-				if (contentType?.startsWith("application/json")) responseBody = await cloned.json();
-				else if (contentType?.startsWith("text/")) responseBody = await cloned.text();
-			} catch (error) {}
-			await debugLogger.logResponse(response, responseBody);
+		async onResponse({ request, response }) {
+			const pathname = getPathnameFromUrl(request.url);
+			if (response.ok) {
+				if (isTokenReturningEndpoint(pathname) || isAnonymousAuthEndpoint(pathname)) try {
+					const data = await response.clone().json();
+					const content = data.content;
+					if (content?.access_token && content?.refresh_token) {
+						await config.tokenStorage.setAccessToken(content.access_token);
+						await config.tokenStorage.setRefreshToken(content.refresh_token);
+						config.onTokensUpdated?.(content.access_token, content.refresh_token);
+					}
+				} catch (error) {
+					console.warn("Failed to extract tokens from response:", error);
+				}
+				else if (isLogoutEndpoint(pathname)) {
+					await config.tokenStorage.clearTokens();
+					config.onTokensCleared?.();
+				}
+			}
+			if (response.status === 401 && !isAnonymousAuthEndpoint(pathname)) {
+				const currentToken = await config.tokenStorage.getAccessToken();
+				if (currentToken && isTokenExpired(currentToken, 0)) try {
+					await refreshTokens();
+					const newToken = await config.tokenStorage.getAccessToken();
+					if (newToken) {
+						const retryRequest = request.clone();
+						retryRequest.headers.set("Authorization", `Bearer ${newToken}`);
+						return fetch(retryRequest);
+					}
+				} catch (error) {
+					console.warn("Token refresh failed on 401 response:", error);
+				}
+			}
 			return response;
-		},
-		async onError({ error, request }) {
-			debugLogger.logError("API Request Failed", {
-				error: {
-					name: error instanceof Error ? error.name : "Unknown",
-					message: error instanceof Error ? error.message : String(error),
-					stack: error instanceof Error ? error.stack : void 0
-				},
-				request: {
-					method: request.method,
-					url: request.url,
-					headers: Object.fromEntries(request.headers.entries())
-				},
-				timestamp: (/* @__PURE__ */ new Date()).toISOString()
-			});
-			throw error;
 		}
 	};
 }
-//#endregion
-//#region src/lib/header-utils.ts
-/**
-* Mapping of SDK header parameter names to actual HTTP header names
-* Only include headers that need transformation - others pass through as-is
-*/
-const HEADER_TRANSFORMATIONS = { customer_group_id: "x-customer-group-id" };
-/**
-* Transform SDK header parameters to actual HTTP header names
-* Headers not in the transformation map are passed through unchanged
-*
-* @param headers - Headers object with SDK parameter names
-* @returns Headers object with actual HTTP header names
-*/
-function transformHeaders(headers) {
-	const transformed = {};
-	for (const [key, value] of Object.entries(headers)) if (value !== void 0) {
-		const headerName = HEADER_TRANSFORMATIONS[key] || key;
-		transformed[headerName] = value;
-	}
-	return transformed;
-}
 /**
-* Merge default headers with method-level headers
-* Method-level headers take precedence over default headers
-* Automatically transforms SDK parameter names to HTTP header names
-*
-* @param defaultHeaders - Default headers from SDK configuration
-* @param methodHeaders - Headers passed to the specific method call
-* @returns Merged headers object with proper HTTP header names
+* Helper function to create auth middleware with sensible defaults
 */
-function mergeHeaders(defaultHeaders, methodHeaders) {
-	const merged = {};
-	if (defaultHeaders) {
-		const transformedDefaults = transformHeaders(defaultHeaders);
-		Object.assign(merged, transformedDefaults);
-	}
-	if (methodHeaders) Object.assign(merged, methodHeaders);
-	Object.keys(merged).forEach((key) => {
-		if (merged[key] === void 0) delete merged[key];
+function createDefaultAuthMiddleware(options) {
+	const tokenStorage = options.tokenStorage || (typeof localStorage !== "undefined" ? new BrowserTokenStorage() : new MemoryTokenStorage());
+	return createAuthMiddleware({
+		tokenStorage,
+		apiKey: options.apiKey,
+		baseUrl: options.baseUrl,
+		onTokensUpdated: options.onTokensUpdated,
+		onTokensCleared: options.onTokensCleared
 	});
-	return merged;
 }
 //#endregion
-//#region src/lib/client.ts
+//#region src/lib/url-utils.ts
 /**
-* Available API environments
+* URL utility functions for the Storefront SDK
+*/
+/**
+* Available API environments for Commerce Engine
 */
 let Environment = /* @__PURE__ */ function(Environment$1) {
 	/**
@@ -1118,12 +1295,26 @@ let Environment = /* @__PURE__ */ function(Environment$1) {
 	return Environment$1;
 }({});
 /**
-* Base API client for Storefront API
+* Build base URL for Storefront API
 */
-var StorefrontAPIClient = class {
-	client;
+function buildStorefrontURL(config) {
+	if (config.baseUrl) return config.baseUrl;
+	const env = config.environment || Environment.Production;
+	switch (env) {
+		case Environment.Staging: return `https://staging.api.commercengine.io/api/v1/${config.storeId}/storefront`;
+		case Environment.Production:
+		default: return `https://prod.api.commercengine.io/api/v1/${config.storeId}/storefront`;
+	}
+}
+//#endregion
+//#region src/lib/client.ts
+/**
+* Storefront API client that extends the generic BaseAPIClient
+* Adds Commerce Engine specific authentication and token management
+*/
+var StorefrontAPIClient = class extends BaseAPIClient {
 	config;
-	baseUrl;
 	initializationPromise = null;
 	/**
 	* Create a new StorefrontAPIClient
@@ -1131,74 +1322,51 @@ var StorefrontAPIClient = class {
 	* @param config - Configuration for the API client
 	*/
 	constructor(config) {
+		const baseUrl = buildStorefrontURL({
+			storeId: config.storeId,
+			environment: config.environment,
+			baseUrl: config.baseUrl
+		});
+		const headerTransformations = { customer_group_id: "x-customer-group-id" };
+		super({
+			baseUrl,
+			timeout: config.timeout,
+			defaultHeaders: config.defaultHeaders,
+			debug: config.debug,
+			logger: config.logger
+		}, baseUrl, headerTransformations);
 		this.config = { ...config };
-		this.baseUrl = this.getBaseUrlFromConfig(this.config);
-		this.client = createClient({ baseUrl: this.baseUrl });
-		if (this.config.tokenStorage) {
+		this.setupStorefrontAuth();
+	}
+	/**
+	* Set up Storefront-specific authentication middleware
+	*/
+	setupStorefrontAuth() {
+		const config = this.config;
+		if (config.tokenStorage) {
 			const authMiddleware = createDefaultAuthMiddleware({
-				apiKey: this.config.apiKey,
-				baseUrl: this.baseUrl,
-				tokenStorage: this.config.tokenStorage,
-				onTokensUpdated: this.config.onTokensUpdated,
-				onTokensCleared: this.config.onTokensCleared
+				apiKey: config.apiKey,
+				baseUrl: this.getBaseUrl(),
+				tokenStorage: config.tokenStorage,
+				onTokensUpdated: config.onTokensUpdated,
+				onTokensCleared: config.onTokensCleared
 			});
 			this.client.use(authMiddleware);
-			if (this.config.accessToken) {
-				this.initializationPromise = this.initializeTokens(this.config.accessToken, this.config.refreshToken);
-				this.config.accessToken = void 0;
-				this.config.refreshToken = void 0;
+			if (config.accessToken) {
+				this.initializationPromise = this.initializeTokens(config.accessToken, config.refreshToken);
+				config.accessToken = void 0;
+				config.refreshToken = void 0;
 			}
 		} else this.client.use({ onRequest: async ({ request }) => {
 			const pathname = getPathnameFromUrl(request.url);
 			if (isAnonymousAuthEndpoint(pathname)) {
-				if (this.config.apiKey) request.headers.set("X-Api-Key", this.config.apiKey);
-				if (this.config.accessToken) request.headers.set("Authorization", `Bearer ${this.config.accessToken}`);
+				if (config.apiKey) request.headers.set("X-Api-Key", config.apiKey);
+				if (config.accessToken) request.headers.set("Authorization", `Bearer ${config.accessToken}`);
 				return request;
 			}
-			if (this.config.accessToken) request.headers.set("Authorization", `Bearer ${this.config.accessToken}`);
+			if (config.accessToken) request.headers.set("Authorization", `Bearer ${config.accessToken}`);
 			return request;
 		} });
-		if (this.config.timeout) this.setupTimeoutMiddleware();
-		if (this.config.debug) {
-			const debugMiddleware = createDebugMiddleware(this.config.logger);
-			this.client.use(debugMiddleware);
-		}
-	}
-	/**
-	* Set up timeout middleware
-	*/
-	setupTimeoutMiddleware() {
-		this.client.use({ onRequest: async ({ request }) => {
-			const controller = new AbortController();
-			const timeoutId = setTimeout(() => controller.abort(), this.config.timeout);
-			if (request.signal) request.signal.addEventListener("abort", () => controller.abort());
-			const newRequest = new Request(request, { signal: controller.signal });
-			controller.signal.addEventListener("abort", () => clearTimeout(timeoutId));
-			return newRequest;
-		} });
-	}
-	/**
-	* Constructs the base URL from the configuration
-	*
-	* @param config - The client configuration
-	* @returns The constructed base URL
-	*/
-	getBaseUrlFromConfig(config) {
-		if (config.baseUrl) return config.baseUrl;
-		const env = config.environment || Environment.Production;
-		switch (env) {
-			case Environment.Staging: return `https://staging.api.commercengine.io/api/v1/${config.storeId}/storefront`;
-			case Environment.Production:
-			default: return `https://prod.api.commercengine.io/api/v1/${config.storeId}/storefront`;
-		}
-	}
-	/**
-	* Get the base URL of the API
-	*
-	* @returns The base URL of the API
-	*/
-	getBaseUrl() {
-		return this.baseUrl;
 	}
 	/**
 	* Get the authorization header value
@@ -1260,48 +1428,6 @@ var StorefrontAPIClient = class {
 		this.config.apiKey = void 0;
 	}
 	/**
-	* Execute a request and handle the response
-	*
-	* @param apiCall - Function that executes the API request
-	* @returns Promise with the API response
-	*/
-	async executeRequest(apiCall) {
-		try {
-			const { data, error, response } = await apiCall();
-			if (error) return {
-				data: null,
-				error,
-				response
-			};
-			if (data && data.content !== void 0) return {
-				data: data.content,
-				error: null,
-				response
-			};
-			return {
-				data,
-				error: null,
-				response
-			};
-		} catch (err) {
-			const mockResponse = new Response(null, {
-				status: 0,
-				statusText: "Network Error"
-			});
-			const errorResult = {
-				data: null,
-				error: {
-					success: false,
-					code: "NETWORK_ERROR",
-					message: "Network error occurred",
-					error: err
-				},
-				response: mockResponse
-			};
-			return errorResult;
-		}
-	}
-	/**
 	* Initialize tokens in storage (private helper method)
 	*/
 	async initializeTokens(accessToken, refreshToken) {
@@ -1314,16 +1440,6 @@ var StorefrontAPIClient = class {
 			console.warn("Failed to initialize tokens in storage:", error);
 		}
 	}
-	/**
-	* Merge default headers with method-level headers
-	* Method-level headers take precedence over default headers
-	*
-	* @param methodHeaders - Headers passed to the specific method call
-	* @returns Merged headers object with proper HTTP header names
-	*/
-	mergeHeaders(methodHeaders) {
-		return mergeHeaders(this.config.defaultHeaders, methodHeaders);
-	}
 };
 //#endregion
@@ -4108,11 +4224,16 @@ var StorefrontSDK = class {
 	*/
 	store;
 	/**
+	* Centrally stored default headers for consistency
+	*/
+	defaultHeaders;
+	/**
 	* Create a new StorefrontSDK instance
 	*
 	* @param options - Configuration options for the SDK
 	*/
 	constructor(options) {
+		this.defaultHeaders = options.defaultHeaders;
 		const config = {
 			storeId: options.storeId,
 			environment: options.environment,
@@ -4272,26 +4393,23 @@ var StorefrontSDK = class {
 	* @param headers - Default headers to set (only supported headers allowed)
 	*/
 	setDefaultHeaders(headers) {
-		const newConfig = {
-			...this.catalog["config"],
-			defaultHeaders: headers
-		};
-		this.catalog["config"] = newConfig;
-		this.cart["config"] = newConfig;
-		this.auth["config"] = newConfig;
-		this.customer["config"] = newConfig;
-		this.helpers["config"] = newConfig;
-		this.shipping["config"] = newConfig;
-		this.order["config"] = newConfig;
-		this.store["config"] = newConfig;
+		this.defaultHeaders = headers;
+		this.catalog.setDefaultHeaders(headers);
+		this.cart.setDefaultHeaders(headers);
+		this.auth.setDefaultHeaders(headers);
+		this.customer.setDefaultHeaders(headers);
+		this.helpers.setDefaultHeaders(headers);
+		this.shipping.setDefaultHeaders(headers);
+		this.order.setDefaultHeaders(headers);
+		this.store.setDefaultHeaders(headers);
 	}
 	/**
 	* Get current default headers
 	*
-	* @returns Current default headers
+	* @returns Current default headers from central storage (always consistent)
 	*/
 	getDefaultHeaders() {
-		return this.catalog["config"].defaultHeaders;
+		return this.defaultHeaders;
 	}
 };
 var src_default = StorefrontSDK;