@dxos/edge-client 0.8.4-main.fffef41 → 0.8.4-staging.60fe92afc8

package/dist/lib/{browser → neutral}/index.mjs

@@ -1,3 +1,6 @@
+import {
+  proxyFetchLegacy
+} from "./chunk-WQKMEZJR.mjs";
 import {
   CLOUDFLARE_MESSAGE_MAX_BYTES,
   CLOUDFLARE_RPC_MAX_BYTES,
@@ -6,7 +9,7 @@ import {
   getTypename,
   protocol,
   toUint8Array
-} from "./chunk-VESGVCLQ.mjs";
+} from "./chunk-L5ZHLJ4B.mjs";
 
 // src/index.ts
 export * from "@dxos/protocols/buf/dxos/edge/messenger_pb";
@@ -60,15 +63,7 @@ var createChainEdgeIdentity = async (signer, identityKey, peerKey, chain, creden
     identityKey: identityKey.toHex(),
     peerKey: peerKey.toHex(),
     presentCredentials: async ({ challenge }) => {
-      invariant(chain, void 0, {
-        F: __dxlog_file,
-        L: 75,
-        S: void 0,
-        A: [
-          "chain",
-          ""
-        ]
-      });
+      invariant(chain, void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file, L: 56, S: void 0, A: ["chain", ""] });
       return signPresentation({
         presentation: {
           credentials: credentialsToSign
@@ -124,6 +119,7 @@ var createStubEdgeIdentity = () => {
 
 // src/edge-client.ts
 import { Event, PersistentLifecycle, Trigger, TriggerState, scheduleMicroTask, scheduleTaskInterval as scheduleTaskInterval2 } from "@dxos/async";
+import { TRACE_SPAN_ATTRIBUTE } from "@dxos/context";
 import { Resource as Resource2 } from "@dxos/context";
 import { log as log2, logInfo as logInfo2 } from "@dxos/log";
 import { EdgeStatus } from "@dxos/protocols/proto/dxos/client/services";
@@ -133,35 +129,11 @@ import { invariant as invariant2 } from "@dxos/invariant";
 import { schema } from "@dxos/protocols/proto";
 var __dxlog_file2 = "/__w/dxos/dxos/packages/core/mesh/edge-client/src/edge-identity.ts";
 var handleAuthChallenge = async (failedResponse, identity) => {
-  invariant2(failedResponse.status === 401, void 0, {
-    F: __dxlog_file2,
-    L: 21,
-    S: void 0,
-    A: [
-      "failedResponse.status === 401",
-      ""
-    ]
-  });
+  invariant2(failedResponse.status === 401, void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file2, L: 7, S: void 0, A: ["failedResponse.status === 401", ""] });
   const headerValue = failedResponse.headers.get("Www-Authenticate");
-  invariant2(headerValue?.startsWith("VerifiablePresentation challenge="), void 0, {
-    F: __dxlog_file2,
-    L: 24,
-    S: void 0,
-    A: [
-      "headerValue?.startsWith('VerifiablePresentation challenge=')",
-      ""
-    ]
-  });
+  invariant2(headerValue?.startsWith("VerifiablePresentation challenge="), void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file2, L: 9, S: void 0, A: ["headerValue?.startsWith('VerifiablePresentation challenge=')", ""] });
   const challenge = headerValue?.slice("VerifiablePresentation challenge=".length);
-  invariant2(challenge, void 0, {
-    F: __dxlog_file2,
-    L: 27,
-    S: void 0,
-    A: [
-      "challenge",
-      ""
-    ]
-  });
+  invariant2(challenge, void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file2, L: 11, S: void 0, A: ["challenge", ""] });
   const presentation = await identity.presentCredentials({
     challenge: Buffer.from(challenge, "base64")
   });
@@ -177,13 +149,13 @@ import { log, logInfo } from "@dxos/log";
 import { EdgeWebsocketProtocol } from "@dxos/protocols";
 import { buf } from "@dxos/protocols/buf";
 import { MessageSchema } from "@dxos/protocols/buf/dxos/edge/messenger_pb";
+var __dxlog_file3 = "/__w/dxos/dxos/packages/core/mesh/edge-client/src/edge-ws-connection.ts";
 function _ts_decorate(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
   else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
   return c > 3 && r && Object.defineProperty(target, key, r), r;
 }
-var __dxlog_file3 = "/__w/dxos/dxos/packages/core/mesh/edge-client/src/edge-ws-connection.ts";
 var SIGNAL_KEEPALIVE_INTERVAL = 4e3;
 var SIGNAL_KEEPALIVE_TIMEOUT = 12e3;
 var EdgeWsConnection = class extends Resource {
@@ -235,33 +207,12 @@ var EdgeWsConnection = class extends Resource {
     return this._messagesReceived;
   }
   send(message) {
-    invariant3(this._ws, void 0, {
-      F: __dxlog_file3,
-      L: 93,
-      S: this,
-      A: [
-        "this._ws",
-        ""
-      ]
-    });
-    invariant3(this._wsMuxer, void 0, {
-      F: __dxlog_file3,
-      L: 94,
-      S: this,
-      A: [
-        "this._wsMuxer",
-        ""
-      ]
-    });
+    invariant3(this._ws, void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 72, S: this, A: ["this._ws", ""] });
+    invariant3(this._wsMuxer, void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 73, S: this, A: ["this._wsMuxer", ""] });
     log("sending...", {
       peerKey: this._identity.peerKey,
       payload: protocol.getPayloadType(message)
-    }, {
-      F: __dxlog_file3,
-      L: 95,
-      S: this,
-      C: (f, a) => f(...a)
-    });
+    }, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 74, S: this });
     this._messagesSent++;
     if (this._ws?.protocol.includes(EdgeWebsocketProtocol.V0)) {
       const binary = buf.toBinary(MessageSchema, message);
@@ -270,12 +221,7 @@ var EdgeWsConnection = class extends Resource {
           byteLength: binary.byteLength,
           serviceId: message.serviceId,
           payload: protocol.getPayloadType(message)
-        }, {
-          F: __dxlog_file3,
-          L: 100,
-          S: this,
-          C: (f, a) => f(...a)
-        });
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 82, S: this });
         return;
       }
       this._recordBytes(binary.byteLength, 0);
@@ -283,12 +229,7 @@ var EdgeWsConnection = class extends Resource {
     } else {
       const binary = buf.toBinary(MessageSchema, message);
       this._recordBytes(binary.byteLength, 0);
-      this._wsMuxer.send(message).catch((e) => log.catch(e, void 0, {
-        F: __dxlog_file3,
-        L: 113,
-        S: this,
-        C: (f, a) => f(...a)
-      }));
+      this._wsMuxer.send(message).catch((e) => log.catch(e, void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 95, S: this }));
     }
   }
   async _open() {
@@ -300,17 +241,14 @@ var EdgeWsConnection = class extends Resource {
       this._connectionInfo.protocolHeader
     ] : [
       ...baseProtocols
-    ]);
+    ], this._connectionInfo.headers ? {
+      headers: this._connectionInfo.headers
+    } : void 0);
     const muxer = new WebSocketMuxer(this._ws);
     this._wsMuxer = muxer;
     this._ws.onopen = () => {
       if (this.isOpen) {
-        log("connected", void 0, {
-          F: __dxlog_file3,
-          L: 130,
-          S: this,
-          C: (f, a) => f(...a)
-        });
+        log("connected", void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 114, S: this });
         this._openTimestamp = Date.now();
         this._callbacks.onConnected();
         this._scheduleHeartbeats();
@@ -318,12 +256,7 @@ var EdgeWsConnection = class extends Resource {
       } else {
         log.verbose("connected after becoming inactive", {
           currentIdentity: this._identity
-        }, {
-          F: __dxlog_file3,
-          L: 136,
-          S: this,
-          C: (f, a) => f(...a)
-        });
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 120, S: this });
       }
     };
     this._ws.onclose = (event) => {
@@ -331,12 +264,7 @@ var EdgeWsConnection = class extends Resource {
         log.warn("server disconnected", {
           code: event.code,
           reason: event.reason
-        }, {
-          F: __dxlog_file3,
-          L: 141,
-          S: this,
-          C: (f, a) => f(...a)
-        });
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 127, S: this });
         this._callbacks.onRestartRequired();
         muxer.destroy();
       }
@@ -346,34 +274,19 @@ var EdgeWsConnection = class extends Resource {
         log.warn("edge connection socket error", {
           error: event.error,
           info: event.message
-        }, {
-          F: __dxlog_file3,
-          L: 148,
-          S: this,
-          C: (f, a) => f(...a)
-        });
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 137, S: this });
         this._callbacks.onRestartRequired();
       } else {
         log.verbose("error ignored on closed connection", {
           error: event.error
-        }, {
-          F: __dxlog_file3,
-          L: 151,
-          S: this,
-          C: (f, a) => f(...a)
-        });
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 143, S: this });
       }
     };
     this._ws.onmessage = async (event) => {
       if (!this.isOpen) {
         log.verbose("message ignored on closed connection", {
           event: event.type
-        }, {
-          F: __dxlog_file3,
-          L: 159,
-          S: this,
-          C: (f, a) => f(...a)
-        });
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 152, S: this });
         return;
       }
       this._lastReceivedMessageTimestamp = Date.now();
@@ -396,12 +309,7 @@ var EdgeWsConnection = class extends Resource {
         log("received", {
           from: message.source,
           payload: protocol.getPayloadType(message)
-        }, {
-          F: __dxlog_file3,
-          L: 185,
-          S: this,
-          C: (f, a) => f(...a)
-        });
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 175, S: this });
         this._callbacks.onMessage(message);
       }
     };
@@ -420,24 +328,11 @@ var EdgeWsConnection = class extends Resource {
       }
       log.warn("error closing websocket", {
         err
-      }, {
-        F: __dxlog_file3,
-        L: 203,
-        S: this,
-        C: (f, a) => f(...a)
-      });
+      }, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 194, S: this });
     }
   }
   _scheduleHeartbeats() {
-    invariant3(this._ws, void 0, {
-      F: __dxlog_file3,
-      L: 208,
-      S: this,
-      A: [
-        "this._ws",
-        ""
-      ]
-    });
+    invariant3(this._ws, void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 200, S: this, A: ["this._ws", ""] });
     scheduleTaskInterval(this._ctx, async () => {
       this._pingTimestamp = Date.now();
       this._ws?.send("__ping__");
@@ -451,21 +346,13 @@ var EdgeWsConnection = class extends Resource {
       return;
     }
     void this._inactivityTimeoutCtx?.dispose();
-    this._inactivityTimeoutCtx = new Context(void 0, {
-      F: __dxlog_file3,
-      L: 229
-    });
+    this._inactivityTimeoutCtx = new Context(void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 216 });
     scheduleTask(this._inactivityTimeoutCtx, () => {
       if (this.isOpen) {
         if (Date.now() - this._lastReceivedMessageTimestamp > SIGNAL_KEEPALIVE_TIMEOUT) {
           log.warn("restart due to inactivity timeout", {
             lastReceivedMessageTimestamp: this._lastReceivedMessageTimestamp
-          }, {
-            F: __dxlog_file3,
-            L: 235,
-            S: this,
-            C: (f, a) => f(...a)
-          });
+          }, { "~LogMeta": "~LogMeta", F: __dxlog_file3, L: 220, S: this });
           this._callbacks.onRestartRequired();
         } else {
           this._rescheduleHeartbeatTimeout();
@@ -540,13 +427,13 @@ var getEdgeUrlWithProtocol = (baseUrl, protocol2) => {
 };
 
 // src/edge-client.ts
+var __dxlog_file4 = "/__w/dxos/dxos/packages/core/mesh/edge-client/src/edge-client.ts";
 function _ts_decorate2(decorators, target, key, desc) {
   var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
   if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
   else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
   return c > 3 && r && Object.defineProperty(target, key, r), r;
 }
-var __dxlog_file4 = "/__w/dxos/dxos/packages/core/mesh/edge-client/src/edge-client.ts";
 var DEFAULT_TIMEOUT = 1e4;
 var STATUS_REFRESH_INTERVAL = 1e3;
 var EdgeClient = class extends Resource2 {
@@ -598,12 +485,7 @@ var EdgeClient = class extends Resource2 {
       log2("Edge identity changed", {
         identity,
         oldIdentity: this._identity
-      }, {
-        F: __dxlog_file4,
-        L: 118,
-        S: this,
-        C: (f, a) => f(...a)
-      });
+      }, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 74, S: this });
       this._identity = identity;
       this._closeCurrentConnection(new EdgeIdentityChangedError());
       void this._persistentLifecycle.scheduleRestart();
@@ -613,14 +495,9 @@ var EdgeClient = class extends Resource2 {
   * Send message.
   * NOTE: The message is guaranteed to be delivered but the service must respond with a message to confirm processing.
   */
-  async send(message) {
+  async send(ctx, message) {
     if (this._ready.state !== TriggerState.RESOLVED) {
-      log2("waiting for websocket", void 0, {
-        F: __dxlog_file4,
-        L: 131,
-        S: this,
-        C: (f, a) => f(...a)
-      });
+      log2("waiting for websocket", void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 88, S: this });
       await this._ready.wait({
         timeout: this._config.timeout ?? DEFAULT_TIMEOUT
       });
@@ -631,6 +508,14 @@ var EdgeClient = class extends Resource2 {
     if (message.source && (message.source.peerKey !== this._identity.peerKey || message.source.identityKey !== this.identityKey)) {
       throw new EdgeIdentityChangedError();
     }
+    const traceCtx = ctx.getAttribute(TRACE_SPAN_ATTRIBUTE);
+    if (traceCtx) {
+      message.traceContext = {
+        $typeName: "dxos.edge.messenger.TraceContext",
+        traceparent: traceCtx.traceparent,
+        tracestate: traceCtx.tracestate
+      };
+    }
     this._currentConnection.send(message);
   }
   onMessage(listener) {
@@ -645,12 +530,7 @@ var EdgeClient = class extends Resource2 {
           try {
             listener();
           } catch (error) {
-            log2.catch(error, void 0, {
-              F: __dxlog_file4,
-              L: 164,
-              S: this,
-              C: (f, a) => f(...a)
-            });
+            log2.catch(error, void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 123, S: this });
           }
         }
       });
@@ -663,21 +543,11 @@ var EdgeClient = class extends Resource2 {
   async _open() {
     log2("opening...", {
       info: this.info
-    }, {
-      F: __dxlog_file4,
-      L: 177,
-      S: this,
-      C: (f, a) => f(...a)
-    });
+    }, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 133, S: this });
     this._persistentLifecycle.open().catch((err) => {
       log2.warn("Error while opening connection", {
         err
-      }, {
-        F: __dxlog_file4,
-        L: 179,
-        S: this,
-        C: (f, a) => f(...a)
-      });
+      }, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 137, S: this });
     });
     scheduleTaskInterval2(this._ctx, async () => {
       if (!this._currentConnection) {
@@ -692,12 +562,7 @@ var EdgeClient = class extends Resource2 {
   async _close() {
     log2("closing...", {
       peerKey: this._identity.peerKey
-    }, {
-      F: __dxlog_file4,
-      L: 199,
-      S: this,
-      C: (f, a) => f(...a)
-    });
+    }, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 152, S: this });
     this._closeCurrentConnection();
     await this._persistentLifecycle.close();
   }
@@ -709,12 +574,7 @@ var EdgeClient = class extends Resource2 {
     const path = `/ws/${identity.identityKey}/${identity.peerKey}`;
     const protocolHeader = this._config.disableAuth ? void 0 : await this._createAuthHeader(path);
     if (this._identity !== identity) {
-      log2("identity changed during auth header request", void 0, {
-        F: __dxlog_file4,
-        L: 213,
-        S: this,
-        C: (f, a) => f(...a)
-      });
+      log2("identity changed during auth header request", void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 166, S: this });
       return void 0;
     }
     const restartRequired = new Trigger();
@@ -722,27 +582,20 @@ var EdgeClient = class extends Resource2 {
     log2("Opening websocket", {
       url: url.toString(),
       protocolHeader
-    }, {
-      F: __dxlog_file4,
-      L: 219,
-      S: this,
-      C: (f, a) => f(...a)
-    });
+    }, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 171, S: this });
     const connection = new EdgeWsConnection(identity, {
       url,
-      protocolHeader
+      protocolHeader,
+      headers: this._config.clientTag ? {
+        "X-DXOS-Client-Tag": this._config.clientTag
+      } : void 0
     }, {
       onConnected: () => {
         if (this._isActive(connection)) {
           this._ready.wake();
           this._notifyReconnected();
         } else {
-          log2.verbose("connected callback ignored, because connection is not active", void 0, {
-            F: __dxlog_file4,
-            L: 229,
-            S: this,
-            C: (f, a) => f(...a)
-          });
+          log2.verbose("connected callback ignored, because connection is not active", void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 187, S: this });
         }
       },
       onRestartRequired: () => {
@@ -750,12 +603,7 @@ var EdgeClient = class extends Resource2 {
           this._closeCurrentConnection();
           void this._persistentLifecycle.scheduleRestart();
         } else {
-          log2.verbose("restart requested by inactive connection", void 0, {
-            F: __dxlog_file4,
-            L: 237,
-            S: this,
-            C: (f, a) => f(...a)
-          });
+          log2.verbose("restart requested by inactive connection", void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 195, S: this });
         }
         restartRequired.wake();
       },
@@ -766,23 +614,21 @@ var EdgeClient = class extends Resource2 {
           log2.verbose("ignored a message on inactive connection", {
             from: message.source,
             type: message.payload?.typeUrl
-          }, {
-            F: __dxlog_file4,
-            L: 245,
-            S: this,
-            C: (f, a) => f(...a)
-          });
+          }, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 203, S: this });
         }
       }
     });
     this._currentConnection = connection;
     await connection.open();
-    await Promise.race([
+    const becameReady = await Promise.race([
       this._ready.wait({
         timeout: this._config.timeout ?? DEFAULT_TIMEOUT
-      }),
-      restartRequired
+      }).then(() => true, () => false),
+      restartRequired.wait().then(() => false)
     ]);
+    if (!becameReady) {
+      throw new EdgeConnectionClosedError();
+    }
     return connection;
   }
   async _disconnect(state) {
@@ -803,12 +649,7 @@ var EdgeClient = class extends Resource2 {
       } catch (err) {
         log2.error("ws reconnect listener failed", {
           err
-        }, {
-          F: __dxlog_file4,
-          L: 280,
-          S: this,
-          C: (f, a) => f(...a)
-        });
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 244, S: this });
       }
     }
   }
@@ -820,12 +661,7 @@ var EdgeClient = class extends Resource2 {
         log2.error("ws incoming message processing failed", {
           err,
           payload: protocol.getPayloadType(message)
-        }, {
-          F: __dxlog_file4,
-          L: 290,
-          S: this,
-          C: (f, a) => f(...a)
-        });
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 255, S: this });
       }
     }
   }
@@ -841,12 +677,7 @@ var EdgeClient = class extends Resource2 {
       log2.warn("no auth challenge from edge", {
         status: response.status,
         statusText: response.statusText
-      }, {
-        F: __dxlog_file4,
-        L: 302,
-        S: this,
-        C: (f, a) => f(...a)
-      });
+      }, { "~LogMeta": "~LogMeta", F: __dxlog_file4, L: 271, S: this });
       return void 0;
     }
   }
@@ -860,17 +691,12 @@ var encodePresentationWsAuthHeader = (encodedPresentation) => {
   return `base64url.bearer.authorization.dxos.org.${encodedToken}`;
 };
 
-// src/edge-http-client.ts
-import * as FetchHttpClient from "@effect/platform/FetchHttpClient";
-import * as HttpClient from "@effect/platform/HttpClient";
-import * as Effect2 from "effect/Effect";
-import * as Function from "effect/Function";
+// src/base-http-client.ts
 import { sleep } from "@dxos/async";
-import { Context as Context3 } from "@dxos/context";
+import { TRACE_SPAN_ATTRIBUTE as TRACE_SPAN_ATTRIBUTE2 } from "@dxos/context";
 import { invariant as invariant4 } from "@dxos/invariant";
 import { log as log4 } from "@dxos/log";
-import { EdgeAuthChallengeError, EdgeCallFailedError } from "@dxos/protocols";
-import { createUrl } from "@dxos/util";
+import { EDGE_CLIENT_TAG_HEADER, EdgeAuthChallengeError, EdgeCallFailedError } from "@dxos/protocols";
 
 // src/http-client.ts
 import * as Context2 from "effect/Context";
@@ -903,41 +729,31 @@ var withRetryConfig = (effect) => Effect.gen(function* () {
 var withLogging = (effect) => effect.pipe(Effect.tap((res) => {
   log3.info("response", {
     status: res.status
-  }, {
-    F: __dxlog_file5,
-    L: 66,
-    S: void 0,
-    C: (f, a) => f(...a)
-  });
+  }, { "~LogMeta": "~LogMeta", F: __dxlog_file5, L: 31, S: void 0 });
 }));
 var encodeAuthHeader = (challenge) => {
   const encodedChallenge = Buffer.from(challenge).toString("base64");
   return `VerifiablePresentation pb;base64,${encodedChallenge}`;
 };
 
-// src/edge-http-client.ts
-var __dxlog_file6 = "/__w/dxos/dxos/packages/core/mesh/edge-client/src/edge-http-client.ts";
+// src/base-http-client.ts
+var __dxlog_file6 = "/__w/dxos/dxos/packages/core/mesh/edge-client/src/base-http-client.ts";
 var DEFAULT_RETRY_TIMEOUT = 1500;
 var DEFAULT_RETRY_JITTER = 500;
 var DEFAULT_MAX_RETRIES_COUNT = 3;
 var WARNING_BODY_SIZE = 10 * 1024 * 1024;
-var EdgeHttpClient = class {
+var BaseHttpClient = class {
   _baseUrl;
+  _clientTag;
   _edgeIdentity;
-  /**
-  * Auth header is cached until receiving the next 401 from EDGE, at which point it gets refreshed.
-  */
+  /** Auth header cached until next 401. */
   _authHeader;
-  constructor(baseUrl) {
+  constructor(baseUrl, options) {
     this._baseUrl = getEdgeUrlWithProtocol(baseUrl, "http");
+    this._clientTag = options?.clientTag;
     log4("created", {
       url: this._baseUrl
-    }, {
-      F: __dxlog_file6,
-      L: 107,
-      S: this,
-      C: (f, a) => f(...a)
-    });
+    }, { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 24, S: this });
   }
   get baseUrl() {
     return this._baseUrl;
@@ -948,27 +764,276 @@ var EdgeHttpClient = class {
       this._authHeader = void 0;
     }
   }
+  // TODO(mykola): Extend `_call` to support streaming/raw `Response` returns so
+  // `EdgeHttpClient.anthropicAiRequest` can be absorbed here and the auth/retry loop
+  // stops being duplicated across the two paths.
+  async _call(ctx, url, args) {
+    const shouldRetry = createRetryHandler(args);
+    log4("fetch", {
+      url,
+      hasBody: args.body !== void 0,
+      bodySize: typeof args.body === "string" ? args.body.length : void 0
+    }, { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 43, S: this });
+    const traceHeaders = getTraceHeaders(ctx);
+    let handledAuth = false;
+    const tryCount = 1;
+    while (true) {
+      let processingError = void 0;
+      try {
+        if (!this._authHeader && args.auth) {
+          const response2 = await fetch(new URL("/auth", this._baseUrl));
+          if (response2.status === 401) {
+            this._authHeader = await this._handleUnauthorized(response2);
+          }
+        }
+        const request = createRequest(args, this._authHeader, traceHeaders, this._clientTag);
+        log4("call", {
+          url,
+          tryCount,
+          authHeader: !!this._authHeader
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 61, S: this });
+        const response = await fetch(url, request);
+        if (response.ok) {
+          const contentType2 = response.headers.get("Content-Type") ?? "";
+          if (response.status === 204 || response.headers.get("Content-Length") === "0" || !contentType2.includes("application/json")) {
+            return void 0;
+          }
+          const body2 = await response.clone().json();
+          if (typeof body2 !== "object" || body2 === null) {
+            return body2;
+          }
+          if (!("success" in body2)) {
+            return body2;
+          }
+          if (body2.success) {
+            return body2.data;
+          }
+        } else if (response.status === 401 && response.headers.get("WWW-Authenticate") !== null && !handledAuth) {
+          this._authHeader = await this._handleUnauthorized(response);
+          handledAuth = true;
+          continue;
+        }
+        const contentType = response.headers.get("Content-Type") ?? "";
+        const body = contentType.startsWith("application/json") ? await response.clone().json() : void 0;
+        invariant4(!body?.success, "Expected body to not be a failure response or undefined.", { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 92, S: this, A: ["!body?.success", "'Expected body to not be a failure response or undefined.'"] });
+        if (body?.data?.type === "auth_challenge" && typeof body?.data?.challenge === "string") {
+          processingError = new EdgeAuthChallengeError(body.data.challenge, body.data);
+        } else if (body?.success === false) {
+          processingError = EdgeCallFailedError.fromUnsuccessfulResponse(response, body);
+        } else {
+          invariant4(!response.ok, "Expected response to not be ok.", { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 98, S: this, A: ["!response.ok", "'Expected response to not be ok.'"] });
+          processingError = await EdgeCallFailedError.fromHttpFailure(response);
+        }
+      } catch (error) {
+        processingError = EdgeCallFailedError.fromProcessingFailureCause(error);
+      }
+      if (processingError?.isRetryable && await shouldRetry(ctx, processingError.retryAfterMs)) {
+        log4.verbose("retrying request", {
+          url,
+          processingError
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 105, S: this });
+      } else {
+        throw processingError;
+      }
+    }
+  }
+  async _handleUnauthorized(response) {
+    if (!this._edgeIdentity) {
+      log4.warn("unauthorized response received before identity was set", void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 116, S: this });
+      throw await EdgeCallFailedError.fromHttpFailure(response);
+    }
+    const challenge = await handleAuthChallenge(response, this._edgeIdentity);
+    return encodeAuthHeader(challenge);
+  }
+};
+var createRequest = ({ method, body, json = true }, authHeader, traceHeaders, clientTag) => {
+  let requestBody;
+  const headers = {};
+  if (json) {
+    requestBody = body === void 0 ? void 0 : JSON.stringify(body);
+    headers["Content-Type"] = "application/json";
+  } else {
+    requestBody = body;
+  }
+  if (typeof requestBody === "string" && requestBody.length > WARNING_BODY_SIZE) {
+    log4.warn("Request with large body", {
+      bodySize: requestBody.length
+    }, { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 133, S: void 0 });
+  }
+  if (authHeader) {
+    headers["Authorization"] = authHeader;
+  }
+  if (traceHeaders) {
+    Object.assign(headers, traceHeaders);
+  }
+  if (clientTag) {
+    headers[EDGE_CLIENT_TAG_HEADER] = clientTag;
+  }
+  return {
+    method,
+    body: requestBody,
+    headers
+  };
+};
+var getTraceHeaders = (ctx) => {
+  const traceCtx = ctx.getAttribute(TRACE_SPAN_ATTRIBUTE2);
+  if (!traceCtx) {
+    return void 0;
+  }
+  const headers = {
+    traceparent: traceCtx.traceparent
+  };
+  if (traceCtx.tracestate) {
+    headers.tracestate = traceCtx.tracestate;
+  }
+  return headers;
+};
+var createRetryHandler = ({ retry: retry2 }) => {
+  if (!retry2 || retry2.count < 1) {
+    return async () => false;
+  }
+  let retries = 0;
+  const maxRetries = retry2.count ?? DEFAULT_MAX_RETRIES_COUNT;
+  const baseTimeout = retry2.timeout ?? DEFAULT_RETRY_TIMEOUT;
+  const jitter = retry2.jitter ?? DEFAULT_RETRY_JITTER;
+  return async (ctx, retryAfter) => {
+    if (++retries > maxRetries || ctx.disposed) {
+      return false;
+    }
+    if (retryAfter) {
+      await sleep(retryAfter);
+    } else {
+      const timeout2 = baseTimeout + Math.random() * jitter;
+      await sleep(timeout2);
+    }
+    return true;
+  };
+};
+
+// src/edge-ai-http-client.ts
+import * as Headers2 from "@effect/platform/Headers";
+import * as HttpClient from "@effect/platform/HttpClient";
+import * as HttpClientError from "@effect/platform/HttpClientError";
+import * as HttpClientResponse from "@effect/platform/HttpClientResponse";
+import * as Effect2 from "effect/Effect";
+import * as FiberRef from "effect/FiberRef";
+import * as Layer2 from "effect/Layer";
+import * as Stream from "effect/Stream";
+import { BaseError } from "@dxos/errors";
+import { log as log5 } from "@dxos/log";
+import { BYOK_HEADER } from "@dxos/protocols";
+var __dxlog_file7 = "/__w/dxos/dxos/packages/core/mesh/edge-client/src/edge-ai-http-client.ts";
+var ByokError = class extends BaseError.extend("ByokError", "BYOK authentication failed") {
+  constructor(options) {
+    super({
+      context: {
+        status: options.status,
+        provider: options.provider
+      },
+      ...options
+    });
+  }
+};
+var requestInitTagKey = "@effect/platform/FetchHttpClient/FetchOptions";
+var EdgeAiHttpClient = class _EdgeAiHttpClient {
+  static make = (getClient) => HttpClient.make((request, url, signal, fiber) => {
+    const edgeClient = getClient();
+    const context = fiber.getFiberRef(FiberRef.currentContext);
+    const options = context.unsafeMap.get(requestInitTagKey) ?? {};
+    const headers = options.headers ? Headers2.merge(Headers2.fromInput(options.headers), request.headers) : request.headers;
+    const carriedByok = !!headers[BYOK_HEADER.toLowerCase()];
+    const send = (body) => Effect2.tryPromise({
+      try: () => edgeClient.anthropicAiRequest(new Request(url, {
+        ...options,
+        method: request.method,
+        headers,
+        body,
+        signal
+      })),
+      catch: (cause) => {
+        log5.error("Failed to fetch", {
+          cause
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file7, L: 60, S: this });
+        return new HttpClientError.RequestError({
+          request,
+          reason: "Transport",
+          cause
+        });
+      }
+    }).pipe(Effect2.flatMap((response) => {
+      const httpResponse = HttpClientResponse.fromWeb(request, response);
+      if (carriedByok && (response.status === 401 || response.status === 403)) {
+        return Effect2.tryPromise({
+          try: () => response.clone().json(),
+          catch: () => void 0
+        }).pipe(Effect2.orElseSucceed(() => void 0), Effect2.flatMap((body2) => Effect2.fail(new HttpClientError.ResponseError({
+          request,
+          response: httpResponse,
+          reason: "StatusCode",
+          cause: new ByokError({
+            status: response.status,
+            provider: "anthropic.com",
+            message: body2?.error?.message ?? "Authentication failed"
+          })
+        }))));
+      }
+      return Effect2.succeed(httpResponse);
+    }));
+    switch (request.body._tag) {
+      case "Raw":
+      case "Uint8Array":
+        return send(request.body.body);
+      case "FormData":
+        return send(request.body.formData);
+      case "Stream":
+        return Stream.toReadableStreamEffect(request.body.stream).pipe(Effect2.flatMap(send));
+    }
+    return send(void 0);
+  });
+  static layer = (getClient) => Layer2.succeed(HttpClient.HttpClient, _EdgeAiHttpClient.make(getClient));
+};
+
+// src/edge-http-client.ts
+import * as FetchHttpClient from "@effect/platform/FetchHttpClient";
+import * as HttpClient3 from "@effect/platform/HttpClient";
+import * as HttpClientRequest from "@effect/platform/HttpClientRequest";
+import * as Effect3 from "effect/Effect";
+import * as Function from "effect/Function";
+import { EffectEx } from "@dxos/effect";
+import { invariant as invariant5 } from "@dxos/invariant";
+import { log as log6 } from "@dxos/log";
+import { EDGE_CLIENT_TAG_HEADER as EDGE_CLIENT_TAG_HEADER2 } from "@dxos/protocols";
+import { createUrl } from "@dxos/util";
+var __dxlog_file8 = "/__w/dxos/dxos/packages/core/mesh/edge-client/src/edge-http-client.ts";
+var EdgeHttpClient = class extends BaseHttpClient {
+  constructor(baseUrl, options) {
+    super(baseUrl, options);
+    log6("created", {
+      url: this.baseUrl
+    }, { "~LogMeta": "~LogMeta", F: __dxlog_file8, L: 25, S: this });
+  }
   //
   // Status
   //
-  async getStatus(args) {
-    return this._call(new URL("/status", this.baseUrl), {
+  async getStatus(ctx, args) {
+    return this._call(ctx, new URL("/status", this.baseUrl), {
       ...args,
-      method: "GET"
+      method: "GET",
+      auth: true
     });
   }
   //
   // Agents
   //
-  createAgent(body, args) {
-    return this._call(new URL("/agents/create", this.baseUrl), {
+  createAgent(ctx, body, args) {
+    return this._call(ctx, new URL("/agents/create", this.baseUrl), {
       ...args,
       method: "POST",
       body
     });
   }
-  getAgentStatus(request, args) {
-    return this._call(new URL(`/users/${request.ownerIdentityKey.toHex()}/agent/status`, this.baseUrl), {
+  getAgentStatus(ctx, request, args) {
+    return this._call(ctx, new URL(`/users/${request.ownerIdentityKey.toHex()}/agent/status`, this.baseUrl), {
       ...args,
       method: "GET"
     });
@@ -976,14 +1041,14 @@ var EdgeHttpClient = class {
   //
   // Credentials
   //
-  getCredentialsForNotarization(spaceId, args) {
-    return this._call(new URL(`/spaces/${spaceId}/notarization`, this.baseUrl), {
+  getCredentialsForNotarization(ctx, spaceId, args) {
+    return this._call(ctx, new URL(`/spaces/${spaceId}/notarization`, this.baseUrl), {
       ...args,
       method: "GET"
     });
   }
-  async notarizeCredentials(spaceId, body, args) {
-    await this._call(new URL(`/spaces/${spaceId}/notarization`, this.baseUrl), {
+  async notarizeCredentials(ctx, spaceId, body, args) {
+    await this._call(ctx, new URL(`/spaces/${spaceId}/notarization`, this.baseUrl), {
       ...args,
       body,
       method: "POST"
@@ -992,28 +1057,35 @@ var EdgeHttpClient = class {
   //
   // Identity
   //
-  async recoverIdentity(body, args) {
-    return this._call(new URL("/identity/recover", this.baseUrl), {
+  async recoverIdentity(ctx, body, args) {
+    return this._call(ctx, new URL("/identity/recover", this.baseUrl), {
       ...args,
       body,
       method: "POST"
     });
   }
   //
-  // Invitations
+  // Invitations (space join)
   //
-  async joinSpaceByInvitation(spaceId, body, args) {
-    return this._call(new URL(`/spaces/${spaceId}/join`, this.baseUrl), {
+  async joinSpaceByInvitation(ctx, spaceId, body, args) {
+    return this._call(ctx, new URL(`/spaces/${spaceId}/join`, this.baseUrl), {
       ...args,
       body,
       method: "POST"
     });
   }
   //
-  // OAuth and credentials
+  // OAuth
   //
-  async initiateOAuthFlow(body, args) {
-    return this._call(new URL("/oauth/initiate", this.baseUrl), {
+  async initiateOAuthFlow(ctx, body, args) {
+    return this._call(ctx, new URL("/oauth/initiate", this.baseUrl), {
+      ...args,
+      body,
+      method: "POST"
+    });
+  }
+  async completeOAuthRegistration(ctx, body, args) {
+    return this._call(ctx, new URL("/oauth/registration/complete", this.baseUrl), {
       ...args,
       body,
       method: "POST"
@@ -1022,8 +1094,8 @@ var EdgeHttpClient = class {
   //
   // Spaces
   //
-  async createSpace(body, args) {
-    return this._call(new URL("/spaces/create", this.baseUrl), {
+  async createSpace(ctx, body, args) {
+    return this._call(ctx, new URL("/spaces/create", this.baseUrl), {
       ...args,
       body,
       method: "POST"
@@ -1032,9 +1104,10 @@ var EdgeHttpClient = class {
   //
   // Queues
   //
-  async queryQueue(subspaceTag, spaceId, query, args) {
-    const { queueId } = query;
-    return this._call(createUrl(new URL(`/spaces/${subspaceTag}/${spaceId}/queue/${queueId}/query`, this.baseUrl), {
+  async queryQueue(ctx, subspaceTag, spaceId, query, args) {
+    const queueId = query.queueIds?.[0];
+    invariant5(queueId, "queueId required", { "~LogMeta": "~LogMeta", F: __dxlog_file8, L: 123, S: this, A: ["queueId", "'queueId required'"] });
+    return this._call(ctx, createUrl(new URL(`/spaces/${subspaceTag}/${spaceId}/queue/${queueId}/query`, this.baseUrl), {
       after: query.after,
       before: query.before,
       limit: query.limit,
@@ -1045,8 +1118,8 @@ var EdgeHttpClient = class {
       method: "GET"
     });
   }
-  async insertIntoQueue(subspaceTag, spaceId, queueId, objects, args) {
-    return this._call(new URL(`/spaces/${subspaceTag}/${spaceId}/queue/${queueId}`, this.baseUrl), {
+  async insertIntoQueue(ctx, subspaceTag, spaceId, queueId, objects, args) {
+    return this._call(ctx, new URL(`/spaces/${subspaceTag}/${spaceId}/queue/${queueId}`, this.baseUrl), {
       ...args,
       body: {
         objects
@@ -1054,8 +1127,8 @@ var EdgeHttpClient = class {
       method: "POST"
     });
   }
-  async deleteFromQueue(subspaceTag, spaceId, queueId, objectIds, args) {
-    return this._call(createUrl(new URL(`/spaces/${subspaceTag}/${spaceId}/queue/${queueId}`, this.baseUrl), {
+  async deleteFromQueue(ctx, subspaceTag, spaceId, queueId, objectIds, args) {
+    return this._call(ctx, createUrl(new URL(`/spaces/${subspaceTag}/${spaceId}/queue/${queueId}`, this.baseUrl), {
       ids: objectIds.join(",")
     }), {
       ...args,
@@ -1065,7 +1138,7 @@ var EdgeHttpClient = class {
   //
   // Functions
   //
-  async uploadFunction(pathParts, body, args) {
+  async uploadFunction(ctx, pathParts, body, args) {
     const formData = new FormData();
     formData.append("name", body.name ?? "");
     formData.append("version", body.version);
@@ -1085,20 +1158,20 @@ var EdgeHttpClient = class {
         pathParts.functionId
       ] : []
     ].join("/");
-    return this._call(new URL(path, this.baseUrl), {
+    return this._call(ctx, new URL(path, this.baseUrl), {
       ...args,
       body: formData,
       method: "PUT",
       json: false
     });
   }
-  async listFunctions(args) {
-    return this._call(new URL("/functions", this.baseUrl), {
+  async listFunctions(ctx, args) {
+    return this._call(ctx, new URL("/functions", this.baseUrl), {
       ...args,
       method: "GET"
     });
   }
-  async invokeFunction(params, input, args) {
+  async invokeFunction(ctx, params, input, args) {
     const url = new URL(`/functions/${params.functionId}`, this.baseUrl);
     if (params.version) {
       url.searchParams.set("version", params.version);
@@ -1112,18 +1185,17 @@ var EdgeHttpClient = class {
     if (params.subrequestsLimit) {
       url.searchParams.set("subrequestsLimit", params.subrequestsLimit.toString());
     }
-    return this._call(url, {
+    return this._call(ctx, url, {
       ...args,
       body: input,
-      method: "POST",
-      rawResponse: true
+      method: "POST"
     });
   }
   //
   // Workflows
   //
-  async executeWorkflow(spaceId, graphId, input, args) {
-    return this._call(new URL(`/workflows/${spaceId}/${graphId}`, this.baseUrl), {
+  async executeWorkflow(ctx, spaceId, graphId, input, args) {
+    return this._call(ctx, new URL(`/workflows/${spaceId}/${graphId}`, this.baseUrl), {
       ...args,
       body: input,
       method: "POST"
@@ -1132,217 +1204,229 @@ var EdgeHttpClient = class {
   //
   // Triggers
   //
-  async getCronTriggers(spaceId) {
-    return this._call(new URL(`/test/functions/${spaceId}/triggers/crons`, this.baseUrl), {
+  async getCronTriggers(ctx, spaceId) {
+    return this._call(ctx, new URL(`/functions/${spaceId}/triggers/crons`, this.baseUrl), {
+      method: "GET"
+    });
+  }
+  async getTriggersDispatcherStatus(ctx, spaceId, args) {
+    return this._call(ctx, new URL(`/triggers/${spaceId}/status`, this.baseUrl), {
+      ...args,
+      method: "GET",
+      auth: true
+    });
+  }
+  async forceRunCronTrigger(ctx, spaceId, triggerId) {
+    return this._call(ctx, new URL(`/functions/${spaceId}/triggers/crons/${triggerId}/run`, this.baseUrl), {
+      method: "POST"
+    });
+  }
+  //
+  // Query
+  //
+  async execQuery(ctx, spaceId, body, args) {
+    return this._call(ctx, new URL(`/spaces/${spaceId}/exec-query`, this.baseUrl), {
+      ...args,
+      body,
+      method: "POST"
+    });
+  }
+  //
+  // Registry
+  //
+  async getRegistryPlugins(ctx, args) {
+    return this._call(ctx, new URL("/registry/plugins", this.baseUrl), {
+      ...args,
+      method: "GET"
+    });
+  }
+  async getRegistryPluginVersions(ctx, repo, args) {
+    return this._call(ctx, new URL(`/registry/plugins/${encodeURIComponent(repo)}/versions`, this.baseUrl), {
+      ...args,
       method: "GET"
     });
   }
   //
-  // Import/Export space.
+  // Import/Export
   //
-  async importBundle(spaceId, body, args) {
-    return this._call(new URL(`/spaces/${spaceId}/import`, this.baseUrl), {
+  async importBundle(ctx, spaceId, body, args) {
+    return this._call(ctx, new URL(`/spaces/${spaceId}/import`, this.baseUrl), {
       ...args,
       body,
       method: "PUT"
     });
   }
-  async exportBundle(spaceId, body, args) {
-    return this._call(new URL(`/spaces/${spaceId}/export`, this.baseUrl), {
+  async exportBundle(ctx, spaceId, body, args) {
+    return this._call(ctx, new URL(`/spaces/${spaceId}/export`, this.baseUrl), {
       ...args,
       body,
       method: "POST"
     });
   }
   //
-  // Internal
+  // Proxy
   //
-  async _fetch(url, _args) {
-    return Function.pipe(HttpClient.get(url), withLogging, withRetryConfig, Effect2.provide(FetchHttpClient.layer), Effect2.provide(HttpConfig.default), Effect2.withSpan("EdgeHttpClient"), Effect2.runPromise);
+  /**
+  * Fetch through the edge proxy for third-party REST APIs.
+  * TEMPORARY: currently routes through legacy open proxy. See https://github.com/dxos/edge/pull/576.
+  */
+  async proxyFetch(target, init = {}) {
+    return proxyFetchLegacy(target, init, this._clientTag);
   }
-  // TODO(burdon): Refactor with effect (see edge-http-client.test.ts).
-  async _call(url, args) {
-    const shouldRetry = createRetryHandler(args);
-    const requestContext = args.context ?? Context3.default(void 0, {
-      F: __dxlog_file6,
-      L: 400
-    });
-    log4("fetch", {
-      url,
-      request: args.body
-    }, {
-      F: __dxlog_file6,
-      L: 401,
-      S: this,
-      C: (f, a) => f(...a)
-    });
+  //
+  // AI service.
+  //
+  /**
+  * Issue an authenticated request to the EDGE AI route (`/ai/generate/anthropic/*`), which
+  * proxies to the AI service. Used as the backend HTTP client for the Anthropic AI provider
+  * (see {@link EdgeAiHttpClient}).
+  *
+  * Returns the raw `Response` so streaming bodies are forwarded unchanged to `@effect/ai`.
+  * Requires an identity to have been set via {@link setIdentity}.
+  */
+  // TODO(mykola): Merge into `BaseHttpClient._call` once it can return a streaming/raw `Response`;
+  // the auth/retry loop below duplicates the one in `_call`.
+  async anthropicAiRequest(request) {
+    const incoming = new URL(request.url);
+    const base = this.baseUrl.replace(/\/$/, "");
+    const target = new URL(`${base}/ai/generate/anthropic${incoming.pathname}${incoming.search}`);
+    const method = request.method;
+    const body = method === "GET" || method === "HEAD" ? void 0 : await request.arrayBuffer();
     let handledAuth = false;
-    const tryCount = 1;
     while (true) {
-      let processingError = void 0;
-      try {
-        if (!this._authHeader && args.auth) {
-          const response2 = await fetch(new URL(`/auth`, this.baseUrl));
-          if (response2.status === 401) {
-            this._authHeader = await this._handleUnauthorized(response2);
-          }
+      if (!this._authHeader) {
+        const authResponse = await fetch(new URL("/auth", this.baseUrl));
+        if (authResponse.status === 401) {
+          this._authHeader = await this._handleUnauthorized(authResponse);
         }
-        const request = createRequest(args, this._authHeader);
-        log4("call edge", {
-          url,
-          tryCount,
-          authHeader: !!this._authHeader
-        }, {
-          F: __dxlog_file6,
-          L: 416,
-          S: this,
-          C: (f, a) => f(...a)
-        });
-        const response = await fetch(url, request);
-        if (response.ok) {
-          const body2 = await response.clone().json();
-          if (args.rawResponse) {
-            return body2;
-          }
-          invariant4(body2, "Expected body to be present", {
-            F: __dxlog_file6,
-            L: 424,
-            S: this,
-            A: [
-              "body",
-              "'Expected body to be present'"
-            ]
-          });
-          if (!("success" in body2)) {
-            return body2;
-          }
-          if (body2.success) {
-            return body2.data;
-          }
-        } else if (response.status === 401 && !handledAuth) {
-          this._authHeader = await this._handleUnauthorized(response);
-          handledAuth = true;
-          continue;
-        }
-        const body = response.headers.get("Content-Type") === "application/json" ? await response.clone().json() : void 0;
-        invariant4(!body?.success, "Expected body to not be a failure response or undefined.", {
-          F: __dxlog_file6,
-          L: 440,
-          S: this,
-          A: [
-            "!body?.success",
-            "'Expected body to not be a failure response or undefined.'"
-          ]
-        });
-        if (body?.errorData?.type === "auth_challenge" && typeof body?.errorData?.challenge === "string") {
-          processingError = new EdgeAuthChallengeError(body.errorData.challenge, body.errorData);
-        } else if (body?.success === false) {
-          processingError = EdgeCallFailedError.fromUnsuccessfulResponse(response, body);
-        } else {
-          invariant4(!response.ok, "Expected response to not be ok.", {
-            F: __dxlog_file6,
-            L: 447,
-            S: this,
-            A: [
-              "!response.ok",
-              "'Expected response to not be ok.'"
-            ]
-          });
-          processingError = await EdgeCallFailedError.fromHttpFailure(response);
-        }
-      } catch (error) {
-        processingError = EdgeCallFailedError.fromProcessingFailureCause(error);
       }
-      if (processingError?.isRetryable && await shouldRetry(requestContext, processingError.retryAfterMs)) {
-        log4.verbose("retrying edge request", {
-          url,
-          processingError
-        }, {
-          F: __dxlog_file6,
-          L: 455,
-          S: this,
-          C: (f, a) => f(...a)
-        });
-      } else {
-        throw processingError;
+      const headers = new Headers(request.headers);
+      if (this._authHeader) {
+        headers.set("Authorization", this._authHeader);
       }
-    }
-  }
-  async _handleUnauthorized(response) {
-    if (!this._edgeIdentity) {
-      log4.warn("unauthorized response received before identity was set", void 0, {
-        F: __dxlog_file6,
-        L: 464,
-        S: this,
-        C: (f, a) => f(...a)
+      if (this._clientTag) {
+        headers.set(EDGE_CLIENT_TAG_HEADER2, this._clientTag);
+      }
+      const response = await fetch(target, {
+        method,
+        headers,
+        body,
+        signal: request.signal
       });
-      throw await EdgeCallFailedError.fromHttpFailure(response);
+      if (response.status === 401 && response.headers.get("WWW-Authenticate") !== null && !handledAuth) {
+        this._authHeader = await this._handleUnauthorized(response);
+        handledAuth = true;
+        continue;
+      }
+      return response;
     }
-    const challenge = await handleAuthChallenge(response, this._edgeIdentity);
-    return encodeAuthHeader(challenge);
+  }
+  //
+  // Internal (Effect-based, used by tests)
+  //
+  async _fetch(url, _args) {
+    return Function.pipe(HttpClient3.execute(HttpClientRequest.make(_args.method)(url.toString())), withLogging, withRetryConfig, Effect3.provide(FetchHttpClient.layer), Effect3.provide(HttpConfig.default), Effect3.withSpan("EdgeHttpClient"), EffectEx.runAndForwardErrors);
   }
 };
-var createRequest = ({ method, body, json = true }, authHeader) => {
-  let requestBody;
-  const headers = {};
-  if (json) {
-    requestBody = body && JSON.stringify(body);
-    headers["Content-Type"] = "application/json";
-  } else {
-    requestBody = body;
+var getFileMimeType = (filename) => [
+  ".js",
+  ".mjs"
+].some((ext) => filename.endsWith(ext)) ? "application/javascript+module" : filename.endsWith(".wasm") ? "application/wasm" : "application/octet-stream";
+
+// src/hub-http-client.ts
+var HubHttpClient = class extends BaseHttpClient {
+  constructor(hubUrl, options) {
+    super(hubUrl, options);
   }
-  if (typeof requestBody === "string" && requestBody.length > WARNING_BODY_SIZE) {
-    log4.warn("Request with large body", {
-      bodySize: requestBody.length
-    }, {
-      F: __dxlog_file6,
-      L: 488,
-      S: void 0,
-      C: (f, a) => f(...a)
+  //
+  // Public (unauthenticated) endpoints
+  //
+  async checkEmailExists(ctx, body, args) {
+    return this._call(ctx, new URL("/account/email/exists", this.baseUrl), {
+      ...args,
+      body,
+      method: "POST"
     });
   }
-  if (authHeader) {
-    headers["Authorization"] = authHeader;
+  async validateInvitationCode(ctx, body, args) {
+    return this._call(ctx, new URL("/account/invitation-code/validate", this.baseUrl), {
+      ...args,
+      body,
+      method: "POST"
+    });
   }
-  return {
-    method,
-    body: requestBody,
-    headers
-  };
-};
-var createRetryHandler = ({ retry: retry2 }) => {
-  if (!retry2 || retry2.count < 1) {
-    return async () => false;
+  async redeemInvitationCode(ctx, body, args) {
+    return this._call(ctx, new URL("/account/invitation-code/redeem", this.baseUrl), {
+      ...args,
+      body,
+      method: "POST"
+    });
+  }
+  /**
+  * Existing-account email login. Server inlines `token` for test emails; regular
+  * emails are delivered out-of-band. Response is identical for unknown emails
+  * (enumeration-safe).
+  */
+  async login(ctx, body, args) {
+    return this._call(ctx, new URL("/account/login", this.baseUrl), {
+      ...args,
+      body,
+      method: "POST"
+    });
+  }
+  async requestAccess(ctx, body, args) {
+    return this._call(ctx, new URL("/account/request-access", this.baseUrl), {
+      ...args,
+      body,
+      method: "POST"
+    });
+  }
+  //
+  // Authenticated (VP) endpoints
+  //
+  async getAccount(ctx, args) {
+    return this._call(ctx, new URL("/account/me", this.baseUrl), {
+      ...args,
+      method: "GET"
+    });
+  }
+  async deleteAccount(ctx, args) {
+    return this._call(ctx, new URL("/account/me", this.baseUrl), {
+      ...args,
+      method: "DELETE"
+    });
+  }
+  async listAccountInvitations(ctx, args) {
+    return this._call(ctx, new URL("/account/invitation", this.baseUrl), {
+      ...args,
+      method: "GET"
+    });
+  }
+  async issueAccountInvitation(ctx, args) {
+    return this._call(ctx, new URL("/account/invitation/issue", this.baseUrl), {
+      ...args,
+      method: "POST"
+    });
+  }
+  async resendVerificationEmail(ctx, args) {
+    return this._call(ctx, new URL("/account/email/resend-verification", this.baseUrl), {
+      ...args,
+      method: "POST"
+    });
   }
-  let retries = 0;
-  const maxRetries = retry2.count ?? DEFAULT_MAX_RETRIES_COUNT;
-  const baseTimeout = retry2.timeout ?? DEFAULT_RETRY_TIMEOUT;
-  const jitter = retry2.jitter ?? DEFAULT_RETRY_JITTER;
-  return async (ctx, retryAfter) => {
-    if (++retries > maxRetries || ctx.disposed) {
-      return false;
-    }
-    if (retryAfter) {
-      await sleep(retryAfter);
-    } else {
-      const timeout2 = baseTimeout + Math.random() * jitter;
-      await sleep(timeout2);
-    }
-    return true;
-  };
 };
-var getFileMimeType = (filename) => [
-  ".js",
-  ".mjs"
-].some((codeExtension) => filename.endsWith(codeExtension)) ? "application/javascript+module" : filename.endsWith(".wasm") ? "application/wasm" : "application/octet-stream";
 export {
+  BaseHttpClient,
+  ByokError,
   CLOUDFLARE_MESSAGE_MAX_BYTES,
   CLOUDFLARE_RPC_MAX_BYTES,
+  EdgeAiHttpClient,
   EdgeClient,
   EdgeConnectionClosedError,
   EdgeHttpClient,
   EdgeIdentityChangedError,
   HttpConfig,
+  HubHttpClient,
   Protocol,
   WebSocketMuxer,
   createChainEdgeIdentity,
@@ -1354,6 +1438,8 @@ export {
   getTypename,
   handleAuthChallenge,
   protocol,
+  proxyFetchLegacy,
+  requestInitTagKey,
   toUint8Array,
   withLogging,
   withRetry,