@crowdedkingdoms/crowdyjs 1.0.0

package/dist/domains/auth.d.ts

@@ -0,0 +1,163 @@
+import type { GraphQLClient } from '../client.js';
+import type { AuthState } from '../auth-state.js';
+import { type LoginMutation, type LoginUserInput, type RegisterMutation, type RegisterUserInput, type ResetPasswordInput } from '../generated/graphql.js';
+/**
+ * Authentication and account-lifecycle flows — exposed as `client.auth`.
+ *
+ * Targets the **management-api**: every call routes to `managementUrl` (falling
+ * back to the game-api endpoint only in legacy single-endpoint mode). The
+ * management API owns the `game_tokens` table that backs every login / register
+ * / password / email-confirmation flow; the `token` it returns is a
+ * `game_tokens` row that game-api validates against the same shared Postgres.
+ *
+ * {@link login} and {@link register} mint that session token **and** store it on
+ * the shared session state automatically, so every later call on *either*
+ * endpoint (auth, users, apps, actors, chunks, udp, ...) is authenticated
+ * without you threading the token through by hand. Use {@link setToken} to
+ * rehydrate a saved token and {@link getToken} to read the current one. `BigInt`
+ * ids on the returned user (e.g. `userId`, `orgId`) are decimal strings.
+ *
+ * **Public — no session required:** {@link login}, {@link register},
+ * {@link confirmEmail}, {@link requestPasswordReset}, {@link resetPassword}, and
+ * {@link resendConfirmationEmail}. **Require a valid session:** {@link logout},
+ * {@link logoutAllDevices}, and {@link changePassword}, which otherwise throw
+ * {@link CrowdyGraphQLError} with `UNAUTHENTICATED` when the bearer token is
+ * missing, expired, or revoked.
+ */
+export declare class AuthAPI {
+    private readonly graphql;
+    private readonly session;
+    constructor(graphql: GraphQLClient, session: AuthState);
+    /**
+     * Authenticate with email + password and start a new session. **Public** — no
+     * existing session required.
+     *
+     * On success the returned `token` is minted **and** stored on the shared
+     * session state, so subsequent calls on any sub-client (management-api or
+     * game-api) carry it automatically — no need to call {@link setToken}.
+     *
+     * @param input - Credentials ({@link LoginUserInput}): `email` and `password`
+     *   (min 8 characters).
+     * @returns An {@link AuthResponse}: the opaque session `token` (sent as
+     *   `Authorization: Bearer <token>`), `gameTokenId` (the session row id, a
+     *   string), and the authenticated `user`.
+     * @throws {CrowdyGraphQLError} `UNAUTHENTICATED` on invalid credentials, or
+     *   `BAD_USER_INPUT` on malformed input.
+     * @example
+     * ```ts
+     * const { user } = await client.auth.login({ email, password });
+     * // the session token is now stored; later calls are authenticated for you
+     * await client.users.me();
+     * ```
+     */
+    login(input: LoginUserInput): Promise<LoginMutation['login']>;
+    /**
+     * Create a new (initially unconfirmed) account, send a confirmation email, and
+     * return a session for immediate login. **Public** — no existing session
+     * required. Same token-persistence behaviour as {@link login}: the new `token`
+     * is stored on the shared session state automatically.
+     *
+     * @param input - New-account details ({@link RegisterUserInput}): `email`
+     *   (where the confirmation email is sent), `password` (min 8 characters), and
+     *   an optional initial `gamertag` (min 3 characters; can also be set later via
+     *   `client.users.updateGamertag`).
+     * @returns An {@link AuthResponse} (session `token`, `gameTokenId`, and the new
+     *   `user`).
+     * @throws {CrowdyGraphQLError} `BAD_USER_INPUT` if the email already exists or
+     *   the input is invalid.
+     */
+    register(input: RegisterUserInput): Promise<RegisterMutation['register']>;
+    /**
+     * Single-device logout: revoke the `game_tokens` row that authenticated this
+     * request; other devices/tokens are unaffected. After a successful server-side
+     * revoke the in-memory token is cleared from the shared session state so the
+     * other sub-clients stop using it. Requires a valid session.
+     *
+     * @returns `true` if a token was revoked, or `false` if the request carried no
+     *   game token.
+     * @throws {CrowdyGraphQLError} `UNAUTHENTICATED` if the session is invalid.
+     */
+    logout(): Promise<boolean>;
+    /**
+     * Revoke **every** active session for the authenticated user (deletes all
+     * their `game_tokens` rows and records revocations). Requires a valid session;
+     * use {@link logout} to end only the current one.
+     *
+     * Note: unlike {@link logout}, this does not clear the SDK's in-memory token —
+     * call {@link setToken}`(null)` afterwards if you also want to drop it locally.
+     *
+     * @returns `true` on success.
+     * @throws {CrowdyGraphQLError} `UNAUTHENTICATED` if the session is invalid.
+     */
+    logoutAllDevices(): Promise<boolean>;
+    /**
+     * Confirm a user's email address using the token from the confirmation email.
+     * **Public** — the token itself authorizes the call.
+     *
+     * @param token - The confirmation token from the emailed link.
+     * @returns `true` on success, or `false` if the token is invalid or expired.
+     * @throws {CrowdyGraphQLError} on transport/validation failures (invalid or
+     *   expired tokens resolve to `false` rather than throwing).
+     */
+    confirmEmail(token: string): Promise<boolean>;
+    /**
+     * Start the password-reset flow by emailing a reset link to the address.
+     * **Public**. Always returns `true` regardless of whether the email exists or
+     * is confirmed, to prevent account enumeration.
+     *
+     * @param email - Email address to send the password-reset link to.
+     * @returns `true` (always, even when no such account exists).
+     * @throws {CrowdyGraphQLError} on transport/validation failures.
+     */
+    requestPasswordReset(email: string): Promise<boolean>;
+    /**
+     * Complete a password reset using the reset token and a new password.
+     * **Public** — the reset token authorizes the call. Existing sessions are
+     * **not** revoked.
+     *
+     * @param input - {@link ResetPasswordInput}: the `token` from the emailed reset
+     *   link and the `newPassword` to set (min 8 characters).
+     * @returns `true` on success.
+     * @throws {CrowdyGraphQLError} `BAD_USER_INPUT` if the token is invalid or
+     *   expired.
+     */
+    resetPassword(input: ResetPasswordInput): Promise<boolean>;
+    /**
+     * Re-send the email-confirmation link. **Public**. Always returns `true`
+     * regardless of whether the account exists or is already confirmed (prevents
+     * enumeration); the email is only actually sent for existing unconfirmed
+     * accounts.
+     *
+     * @param email - Email address of the account to re-send confirmation to.
+     * @returns `true` (always).
+     * @throws {CrowdyGraphQLError} on transport/validation failures.
+     */
+    resendConfirmationEmail(email: string): Promise<boolean>;
+    /**
+     * Change the authenticated user's password after verifying the current one.
+     * Requires a valid session. Existing sessions are **not** revoked.
+     *
+     * @param currentPassword - The user's current password, for verification.
+     * @param newPassword - The new password to set (min 8 characters).
+     * @returns `true` on success.
+     * @throws {CrowdyGraphQLError} `UNAUTHENTICATED` without a valid session, or
+     *   `BAD_USER_INPUT` if the current password is wrong.
+     */
+    changePassword(currentPassword: string, newPassword: string): Promise<boolean>;
+    /**
+     * Imperatively replace the in-memory bearer token on the shared session state
+     * (e.g. to rehydrate a token persisted to disk). Affects every sub-client.
+     * Local only — performs no network call. Pass `null` to clear it.
+     *
+     * @param token - The bearer token to use, or `null` to clear the session.
+     */
+    setToken(token: string | null): void;
+    /**
+     * Read the current in-memory bearer token from the shared session state. Local
+     * only — performs no network call.
+     *
+     * @returns The current bearer token, or `null` if none is set.
+     */
+    getToken(): string | null;
+}
+//# sourceMappingURL=auth.d.ts.map

package/dist/domains/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/domains/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAClD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAUL,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,kBAAkB,EACxB,MAAM,yBAAyB,CAAC;AAEjC;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,qBAAa,OAAO;IAEhB,OAAO,CAAC,QAAQ,CAAC,OAAO;IACxB,OAAO,CAAC,QAAQ,CAAC,OAAO;gBADP,OAAO,EAAE,aAAa,EACtB,OAAO,EAAE,SAAS;IAGrC;;;;;;;;;;;;;;;;;;;;;OAqBG;IACG,KAAK,CAAC,KAAK,EAAE,cAAc,GAAG,OAAO,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;IAQnE;;;;;;;;;;;;;;OAcG;IACG,QAAQ,CACZ,KAAK,EAAE,iBAAiB,GACvB,OAAO,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC;IAQxC;;;;;;;;;OASG;IACG,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC;IAMhC;;;;;;;;;;OAUG;IACG,gBAAgB,IAAI,OAAO,CAAC,OAAO,CAAC;IAK1C;;;;;;;;OAQG;IACG,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAKnD;;;;;;;;OAQG;IACG,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAO3D;;;;;;;;;;OAUG;IACG,aAAa,CAAC,KAAK,EAAE,kBAAkB,GAAG,OAAO,CAAC,OAAO,CAAC;IAOhE;;;;;;;;;OASG;IACG,uBAAuB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAO9D;;;;;;;;;OASG;IACG,cAAc,CAClB,eAAe,EAAE,MAAM,EACvB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,OAAO,CAAC;IAQnB;;;;;;OAMG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,IAAI;IAIpC;;;;;OAKG;IACH,QAAQ,IAAI,MAAM,GAAG,IAAI;CAG1B"}

package/dist/domains/auth.js

@@ -0,0 +1,208 @@
+import { ChangePasswordDocument, ConfirmEmailDocument, LoginDocument, LogoutAllDevicesDocument, LogoutDocument, RegisterDocument, RequestPasswordResetDocument, ResendConfirmationEmailDocument, ResetPasswordDocument, } from '../generated/graphql.js';
+/**
+ * Authentication and account-lifecycle flows — exposed as `client.auth`.
+ *
+ * Targets the **management-api**: every call routes to `managementUrl` (falling
+ * back to the game-api endpoint only in legacy single-endpoint mode). The
+ * management API owns the `game_tokens` table that backs every login / register
+ * / password / email-confirmation flow; the `token` it returns is a
+ * `game_tokens` row that game-api validates against the same shared Postgres.
+ *
+ * {@link login} and {@link register} mint that session token **and** store it on
+ * the shared session state automatically, so every later call on *either*
+ * endpoint (auth, users, apps, actors, chunks, udp, ...) is authenticated
+ * without you threading the token through by hand. Use {@link setToken} to
+ * rehydrate a saved token and {@link getToken} to read the current one. `BigInt`
+ * ids on the returned user (e.g. `userId`, `orgId`) are decimal strings.
+ *
+ * **Public — no session required:** {@link login}, {@link register},
+ * {@link confirmEmail}, {@link requestPasswordReset}, {@link resetPassword}, and
+ * {@link resendConfirmationEmail}. **Require a valid session:** {@link logout},
+ * {@link logoutAllDevices}, and {@link changePassword}, which otherwise throw
+ * {@link CrowdyGraphQLError} with `UNAUTHENTICATED` when the bearer token is
+ * missing, expired, or revoked.
+ */
+export class AuthAPI {
+    constructor(graphql, session) {
+        this.graphql = graphql;
+        this.session = session;
+    }
+    /**
+     * Authenticate with email + password and start a new session. **Public** — no
+     * existing session required.
+     *
+     * On success the returned `token` is minted **and** stored on the shared
+     * session state, so subsequent calls on any sub-client (management-api or
+     * game-api) carry it automatically — no need to call {@link setToken}.
+     *
+     * @param input - Credentials ({@link LoginUserInput}): `email` and `password`
+     *   (min 8 characters).
+     * @returns An {@link AuthResponse}: the opaque session `token` (sent as
+     *   `Authorization: Bearer <token>`), `gameTokenId` (the session row id, a
+     *   string), and the authenticated `user`.
+     * @throws {CrowdyGraphQLError} `UNAUTHENTICATED` on invalid credentials, or
+     *   `BAD_USER_INPUT` on malformed input.
+     * @example
+     * ```ts
+     * const { user } = await client.auth.login({ email, password });
+     * // the session token is now stored; later calls are authenticated for you
+     * await client.users.me();
+     * ```
+     */
+    async login(input) {
+        const data = await this.graphql.request(LoginDocument, { input });
+        if (data.login?.token) {
+            this.session.setToken(data.login.token);
+        }
+        return data.login;
+    }
+    /**
+     * Create a new (initially unconfirmed) account, send a confirmation email, and
+     * return a session for immediate login. **Public** — no existing session
+     * required. Same token-persistence behaviour as {@link login}: the new `token`
+     * is stored on the shared session state automatically.
+     *
+     * @param input - New-account details ({@link RegisterUserInput}): `email`
+     *   (where the confirmation email is sent), `password` (min 8 characters), and
+     *   an optional initial `gamertag` (min 3 characters; can also be set later via
+     *   `client.users.updateGamertag`).
+     * @returns An {@link AuthResponse} (session `token`, `gameTokenId`, and the new
+     *   `user`).
+     * @throws {CrowdyGraphQLError} `BAD_USER_INPUT` if the email already exists or
+     *   the input is invalid.
+     */
+    async register(input) {
+        const data = await this.graphql.request(RegisterDocument, { input });
+        if (data.register?.token) {
+            this.session.setToken(data.register.token);
+        }
+        return data.register;
+    }
+    /**
+     * Single-device logout: revoke the `game_tokens` row that authenticated this
+     * request; other devices/tokens are unaffected. After a successful server-side
+     * revoke the in-memory token is cleared from the shared session state so the
+     * other sub-clients stop using it. Requires a valid session.
+     *
+     * @returns `true` if a token was revoked, or `false` if the request carried no
+     *   game token.
+     * @throws {CrowdyGraphQLError} `UNAUTHENTICATED` if the session is invalid.
+     */
+    async logout() {
+        const data = await this.graphql.request(LogoutDocument);
+        this.session.setToken(null);
+        return data.logout;
+    }
+    /**
+     * Revoke **every** active session for the authenticated user (deletes all
+     * their `game_tokens` rows and records revocations). Requires a valid session;
+     * use {@link logout} to end only the current one.
+     *
+     * Note: unlike {@link logout}, this does not clear the SDK's in-memory token —
+     * call {@link setToken}`(null)` afterwards if you also want to drop it locally.
+     *
+     * @returns `true` on success.
+     * @throws {CrowdyGraphQLError} `UNAUTHENTICATED` if the session is invalid.
+     */
+    async logoutAllDevices() {
+        const data = await this.graphql.request(LogoutAllDevicesDocument);
+        return data.logoutAllDevices;
+    }
+    /**
+     * Confirm a user's email address using the token from the confirmation email.
+     * **Public** — the token itself authorizes the call.
+     *
+     * @param token - The confirmation token from the emailed link.
+     * @returns `true` on success, or `false` if the token is invalid or expired.
+     * @throws {CrowdyGraphQLError} on transport/validation failures (invalid or
+     *   expired tokens resolve to `false` rather than throwing).
+     */
+    async confirmEmail(token) {
+        const data = await this.graphql.request(ConfirmEmailDocument, { token });
+        return data.confirmEmail;
+    }
+    /**
+     * Start the password-reset flow by emailing a reset link to the address.
+     * **Public**. Always returns `true` regardless of whether the email exists or
+     * is confirmed, to prevent account enumeration.
+     *
+     * @param email - Email address to send the password-reset link to.
+     * @returns `true` (always, even when no such account exists).
+     * @throws {CrowdyGraphQLError} on transport/validation failures.
+     */
+    async requestPasswordReset(email) {
+        const data = await this.graphql.request(RequestPasswordResetDocument, {
+            email,
+        });
+        return data.requestPasswordReset;
+    }
+    /**
+     * Complete a password reset using the reset token and a new password.
+     * **Public** — the reset token authorizes the call. Existing sessions are
+     * **not** revoked.
+     *
+     * @param input - {@link ResetPasswordInput}: the `token` from the emailed reset
+     *   link and the `newPassword` to set (min 8 characters).
+     * @returns `true` on success.
+     * @throws {CrowdyGraphQLError} `BAD_USER_INPUT` if the token is invalid or
+     *   expired.
+     */
+    async resetPassword(input) {
+        const data = await this.graphql.request(ResetPasswordDocument, {
+            input,
+        });
+        return data.resetPassword;
+    }
+    /**
+     * Re-send the email-confirmation link. **Public**. Always returns `true`
+     * regardless of whether the account exists or is already confirmed (prevents
+     * enumeration); the email is only actually sent for existing unconfirmed
+     * accounts.
+     *
+     * @param email - Email address of the account to re-send confirmation to.
+     * @returns `true` (always).
+     * @throws {CrowdyGraphQLError} on transport/validation failures.
+     */
+    async resendConfirmationEmail(email) {
+        const data = await this.graphql.request(ResendConfirmationEmailDocument, {
+            email,
+        });
+        return data.resendConfirmationEmail;
+    }
+    /**
+     * Change the authenticated user's password after verifying the current one.
+     * Requires a valid session. Existing sessions are **not** revoked.
+     *
+     * @param currentPassword - The user's current password, for verification.
+     * @param newPassword - The new password to set (min 8 characters).
+     * @returns `true` on success.
+     * @throws {CrowdyGraphQLError} `UNAUTHENTICATED` without a valid session, or
+     *   `BAD_USER_INPUT` if the current password is wrong.
+     */
+    async changePassword(currentPassword, newPassword) {
+        const data = await this.graphql.request(ChangePasswordDocument, {
+            currentPassword,
+            newPassword,
+        });
+        return data.changePassword;
+    }
+    /**
+     * Imperatively replace the in-memory bearer token on the shared session state
+     * (e.g. to rehydrate a token persisted to disk). Affects every sub-client.
+     * Local only — performs no network call. Pass `null` to clear it.
+     *
+     * @param token - The bearer token to use, or `null` to clear the session.
+     */
+    setToken(token) {
+        this.session.setToken(token);
+    }
+    /**
+     * Read the current in-memory bearer token from the shared session state. Local
+     * only — performs no network call.
+     *
+     * @returns The current bearer token, or `null` if none is set.
+     */
+    getToken() {
+        return this.session.getToken();
+    }
+}

package/dist/domains/avatars.d.ts

@@ -0,0 +1,94 @@
+import type { GraphQLClient } from '../client.js';
+import { type UserAvatarsQuery, type AvatarByIdQuery, type MyAvatarsQuery, type AvatarAppStateQuery, type AvatarAppStatesQuery, type CreateAvatarMutation, type UpdateAvatarMutation, type DeleteAvatarMutation, type UpdateAvatarStateMutation, type UpdateAvatarAppStateMutation, type CreateAvatarInput, type UpdateAvatarInput, type UpdateAvatarStateInput, type UpdateAvatarAppStateInput } from '../generated/graphql.js';
+/**
+ * Avatars + per-app avatar state — exposed as `client.avatars`.
+ *
+ * Targets the **game-api**. Avatars are durable player identities (distinct
+ * from realtime actors). Reads are owner-aware: non-owners receive
+ * `privateState` stripped to `null`. Create/update/delete and state writes are
+ * owner-exclusive (throw on a non-owner). All require a valid session; state
+ * blobs are base64-encoded binary; `BigInt` ids are decimal strings.
+ *
+ * @throws {CrowdyGraphQLError} `UNAUTHENTICATED` without a session; an
+ *   authorization error when writing an avatar you do not own.
+ */
+export declare class AvatarsAPI {
+    private readonly graphql;
+    constructor(graphql: GraphQLClient);
+    /**
+     * List a user's avatars (owner-aware: `privateState` stripped for non-owners).
+     *
+     * @param userId - Owner user id.
+     * @returns The user's avatars.
+     */
+    listForUser(userId: string): Promise<UserAvatarsQuery['userAvatars']>;
+    /**
+     * Fetch one avatar by id (owner-aware). Throws if it does not exist.
+     *
+     * @param id - Avatar id.
+     * @returns The avatar.
+     */
+    get(id: string): Promise<AvatarByIdQuery['avatar']>;
+    /**
+     * List the authenticated caller's own avatars (full state included).
+     *
+     * @returns The caller's avatars.
+     */
+    mine(): Promise<MyAvatarsQuery['myAvatars']>;
+    /**
+     * Read one avatar's per-app state (public read). Returns `null` when unset.
+     *
+     * @param appId - App id the state is scoped to.
+     * @param avatarId - Avatar id whose per-app state to read.
+     * @returns The per-app state, or `null`.
+     */
+    appState(appId: string, avatarId: string): Promise<AvatarAppStateQuery['avatarAppState']>;
+    /**
+     * Batch-read per-app state for many avatars under one app (public read).
+     *
+     * @param appId - App id the states are scoped to.
+     * @param avatarIds - Avatar ids to fetch.
+     * @returns The per-app states (avatars with no row are omitted).
+     */
+    appStates(appId: string, avatarIds: string[]): Promise<AvatarAppStatesQuery['avatarAppStates']>;
+    /**
+     * Create a new avatar owned by the caller.
+     *
+     * @param input - {@link CreateAvatarInput} (optional `name`).
+     * @returns The created avatar.
+     */
+    create(input: CreateAvatarInput): Promise<CreateAvatarMutation['createAvatar']>;
+    /**
+     * Update an avatar's mutable fields (owner-exclusive).
+     *
+     * @param id - Avatar id.
+     * @param input - {@link UpdateAvatarInput} fields to change.
+     * @returns The updated avatar.
+     */
+    update(id: string, input: UpdateAvatarInput): Promise<UpdateAvatarMutation['updateAvatar']>;
+    /**
+     * Permanently delete an avatar (owner-exclusive). Returns the deleted row.
+     *
+     * @param id - Avatar id.
+     * @param idempotencyKey - Optional idempotency key for safe retries.
+     * @returns The now-deleted avatar.
+     */
+    delete(id: string, idempotencyKey?: string): Promise<DeleteAvatarMutation['deleteAvatar']>;
+    /**
+     * Replace an avatar's public/private state blobs (owner-exclusive).
+     *
+     * @param id - Avatar id.
+     * @param input - {@link UpdateAvatarStateInput} (base64 blobs).
+     * @returns The updated avatar.
+     */
+    updateState(id: string, input: UpdateAvatarStateInput): Promise<UpdateAvatarStateMutation['updateAvatarState']>;
+    /**
+     * Create/replace an avatar's per-app state (owner-exclusive write, public
+     * read).
+     *
+     * @param input - {@link UpdateAvatarAppStateInput} (appId, avatarId, state).
+     * @returns The upserted per-app state.
+     */
+    updateAppState(input: UpdateAvatarAppStateInput): Promise<UpdateAvatarAppStateMutation['updateAvatarAppState']>;
+}
+//# sourceMappingURL=avatars.d.ts.map

package/dist/domains/avatars.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"avatars.d.ts","sourceRoot":"","sources":["../../src/domains/avatars.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAClD,OAAO,EAWL,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,EACzB,KAAK,oBAAoB,EACzB,KAAK,oBAAoB,EACzB,KAAK,oBAAoB,EACzB,KAAK,yBAAyB,EAC9B,KAAK,4BAA4B,EACjC,KAAK,iBAAiB,EACtB,KAAK,iBAAiB,EACtB,KAAK,sBAAsB,EAC3B,KAAK,yBAAyB,EAC/B,MAAM,yBAAyB,CAAC;AAEjC;;;;;;;;;;;GAWG;AACH,qBAAa,UAAU;IACT,OAAO,CAAC,QAAQ,CAAC,OAAO;gBAAP,OAAO,EAAE,aAAa;IAEnD;;;;;OAKG;IACG,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC;IAK3E;;;;;OAKG;IACG,GAAG,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;IAKzD;;;;OAIG;IACG,IAAI,IAAI,OAAO,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC;IAKlD;;;;;;OAMG;IACG,QAAQ,CACZ,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,mBAAmB,CAAC,gBAAgB,CAAC,CAAC;IAQjD;;;;;;OAMG;IACG,SAAS,CACb,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,EAAE,GAClB,OAAO,CAAC,oBAAoB,CAAC,iBAAiB,CAAC,CAAC;IAQnD;;;;;OAKG;IACG,MAAM,CACV,KAAK,EAAE,iBAAiB,GACvB,OAAO,CAAC,oBAAoB,CAAC,cAAc,CAAC,CAAC;IAKhD;;;;;;OAMG;IACG,MAAM,CACV,EAAE,EAAE,MAAM,EACV,KAAK,EAAE,iBAAiB,GACvB,OAAO,CAAC,oBAAoB,CAAC,cAAc,CAAC,CAAC;IAKhD;;;;;;OAMG;IACG,MAAM,CACV,EAAE,EAAE,MAAM,EACV,cAAc,CAAC,EAAE,MAAM,GACtB,OAAO,CAAC,oBAAoB,CAAC,cAAc,CAAC,CAAC;IAQhD;;;;;;OAMG;IACG,WAAW,CACf,EAAE,EAAE,MAAM,EACV,KAAK,EAAE,sBAAsB,GAC5B,OAAO,CAAC,yBAAyB,CAAC,mBAAmB,CAAC,CAAC;IAQ1D;;;;;;OAMG;IACG,cAAc,CAClB,KAAK,EAAE,yBAAyB,GAC/B,OAAO,CAAC,4BAA4B,CAAC,sBAAsB,CAAC,CAAC;CAMjE"}

package/dist/domains/avatars.js

@@ -0,0 +1,137 @@
+import { UserAvatarsDocument, AvatarByIdDocument, MyAvatarsDocument, AvatarAppStateDocument, AvatarAppStatesDocument, CreateAvatarDocument, UpdateAvatarDocument, DeleteAvatarDocument, UpdateAvatarStateDocument, UpdateAvatarAppStateDocument, } from '../generated/graphql.js';
+/**
+ * Avatars + per-app avatar state — exposed as `client.avatars`.
+ *
+ * Targets the **game-api**. Avatars are durable player identities (distinct
+ * from realtime actors). Reads are owner-aware: non-owners receive
+ * `privateState` stripped to `null`. Create/update/delete and state writes are
+ * owner-exclusive (throw on a non-owner). All require a valid session; state
+ * blobs are base64-encoded binary; `BigInt` ids are decimal strings.
+ *
+ * @throws {CrowdyGraphQLError} `UNAUTHENTICATED` without a session; an
+ *   authorization error when writing an avatar you do not own.
+ */
+export class AvatarsAPI {
+    constructor(graphql) {
+        this.graphql = graphql;
+    }
+    /**
+     * List a user's avatars (owner-aware: `privateState` stripped for non-owners).
+     *
+     * @param userId - Owner user id.
+     * @returns The user's avatars.
+     */
+    async listForUser(userId) {
+        const data = await this.graphql.request(UserAvatarsDocument, { userId });
+        return data.userAvatars;
+    }
+    /**
+     * Fetch one avatar by id (owner-aware). Throws if it does not exist.
+     *
+     * @param id - Avatar id.
+     * @returns The avatar.
+     */
+    async get(id) {
+        const data = await this.graphql.request(AvatarByIdDocument, { id });
+        return data.avatar;
+    }
+    /**
+     * List the authenticated caller's own avatars (full state included).
+     *
+     * @returns The caller's avatars.
+     */
+    async mine() {
+        const data = await this.graphql.request(MyAvatarsDocument, {});
+        return data.myAvatars;
+    }
+    /**
+     * Read one avatar's per-app state (public read). Returns `null` when unset.
+     *
+     * @param appId - App id the state is scoped to.
+     * @param avatarId - Avatar id whose per-app state to read.
+     * @returns The per-app state, or `null`.
+     */
+    async appState(appId, avatarId) {
+        const data = await this.graphql.request(AvatarAppStateDocument, {
+            appId,
+            avatarId,
+        });
+        return data.avatarAppState;
+    }
+    /**
+     * Batch-read per-app state for many avatars under one app (public read).
+     *
+     * @param appId - App id the states are scoped to.
+     * @param avatarIds - Avatar ids to fetch.
+     * @returns The per-app states (avatars with no row are omitted).
+     */
+    async appStates(appId, avatarIds) {
+        const data = await this.graphql.request(AvatarAppStatesDocument, {
+            appId,
+            avatarIds,
+        });
+        return data.avatarAppStates;
+    }
+    /**
+     * Create a new avatar owned by the caller.
+     *
+     * @param input - {@link CreateAvatarInput} (optional `name`).
+     * @returns The created avatar.
+     */
+    async create(input) {
+        const data = await this.graphql.request(CreateAvatarDocument, { input });
+        return data.createAvatar;
+    }
+    /**
+     * Update an avatar's mutable fields (owner-exclusive).
+     *
+     * @param id - Avatar id.
+     * @param input - {@link UpdateAvatarInput} fields to change.
+     * @returns The updated avatar.
+     */
+    async update(id, input) {
+        const data = await this.graphql.request(UpdateAvatarDocument, { id, input });
+        return data.updateAvatar;
+    }
+    /**
+     * Permanently delete an avatar (owner-exclusive). Returns the deleted row.
+     *
+     * @param id - Avatar id.
+     * @param idempotencyKey - Optional idempotency key for safe retries.
+     * @returns The now-deleted avatar.
+     */
+    async delete(id, idempotencyKey) {
+        const data = await this.graphql.request(DeleteAvatarDocument, {
+            id,
+            idempotencyKey,
+        });
+        return data.deleteAvatar;
+    }
+    /**
+     * Replace an avatar's public/private state blobs (owner-exclusive).
+     *
+     * @param id - Avatar id.
+     * @param input - {@link UpdateAvatarStateInput} (base64 blobs).
+     * @returns The updated avatar.
+     */
+    async updateState(id, input) {
+        const data = await this.graphql.request(UpdateAvatarStateDocument, {
+            id,
+            input,
+        });
+        return data.updateAvatarState;
+    }
+    /**
+     * Create/replace an avatar's per-app state (owner-exclusive write, public
+     * read).
+     *
+     * @param input - {@link UpdateAvatarAppStateInput} (appId, avatarId, state).
+     * @returns The upserted per-app state.
+     */
+    async updateAppState(input) {
+        const data = await this.graphql.request(UpdateAvatarAppStateDocument, {
+            input,
+        });
+        return data.updateAvatarAppState;
+    }
+}