@explorins/pers-sdk 2.1.37 → 2.1.39

package/dist/chunks/{pers-sdk-Dds2lB27.js → pers-sdk-CNIfzWYX.js}

@@ -2,10 +2,10 @@ import { AccountOwnerType, MembershipRole, WebhookMethod, WebhookExecutionStatus
 import { i as isTokenExpired, d as decodeJwtPayload, e as getTokenTimeToLive, E as ErrorUtils, A as AuthenticationError, b as PersApiError } from './index--OssIds0.js';
 import { UserService, UserApi } from '../user.js';
 import { createUserStatusSDK } from '../user-status.js';
-import { a as TokenService, T as TokenApi } from './token-service-qRSYG9uT.js';
-import { B as BusinessApi, b as BusinessService, a as BusinessMembershipApi, c as BusinessMembershipService } from './business-membership-service-CPcE-AW0.js';
+import { a as TokenService, T as TokenApi } from './token-service-BcuDj292.js';
+import { B as BusinessApi, b as BusinessService, a as BusinessMembershipApi, c as BusinessMembershipService } from './business-membership-service-NLoqoFpG.js';
 import { CampaignService, CampaignApi } from '../campaign.js';
-import { a as RedemptionService, R as RedemptionApi } from './redemption-service-DWhZgrZT.js';
+import { a as RedemptionService, R as RedemptionApi } from './redemption-service-w0GMdF0m.js';
 import { a as TransactionService, T as TransactionApi } from './transaction-request.builder-BZ6Uq6Qe.js';
 import { a as PaymentService, P as PurchaseApi } from './payment-service-IvM6rryM.js';
 import { T as TenantManager } from './tenant-manager-xmYKBFGu.js';
@@ -502,6 +502,9 @@ class AuthService {
      * Extracts context (tenantId/businessId) from the current refresh token to ensure
      * the recovered session maintains the same context.
      *
+     * This is a PUBLIC method that can be called by TokenRefreshManager when internal
+     * refresh fails, to try external (provider token) recovery before giving up.
+     *
      * @returns true if session was successfully recovered
      */
     async attemptProviderTokenRecovery() {
@@ -654,6 +657,8 @@ class TokenRefreshManager {
         // Retry configuration for transient failures
         this.MAX_RETRY_ATTEMPTS = 3;
         this.RETRY_DELAY_MS = 1000;
+        // Active refresh promise for deduplication
+        this.activeRefreshPromise = null;
     }
     /**
      * Ensures the access token is valid, refreshing if needed.
@@ -754,11 +759,27 @@ class TokenRefreshManager {
         return new Promise(resolve => setTimeout(resolve, ms));
     }
     /**
-     * @deprecated Use ensureValidToken() instead
+     * Attempt token refresh: internal first, then provider token fallback.
+     * DEDUPLICATES concurrent calls - all callers share the same promise.
      */
     async attemptInternalRefresh() {
-        const result = await this.attemptRefreshWithRetry();
-        return result.success;
+        if (this.activeRefreshPromise) {
+            return this.activeRefreshPromise;
+        }
+        this.activeRefreshPromise = (async () => {
+            const result = await this.attemptRefreshWithRetry();
+            if (result.success)
+                return result;
+            // Internal failed - try provider token recovery
+            const recovered = await this.authService.attemptProviderTokenRecovery();
+            return recovered ? { success: true, retryable: false } : result;
+        })();
+        try {
+            return await this.activeRefreshPromise;
+        }
+        finally {
+            this.activeRefreshPromise = null;
+        }
     }
 }
 
@@ -1564,7 +1585,7 @@ class DefaultAuthProvider {
 /** SDK package name */
 const SDK_NAME = "@explorins/pers-sdk";
 /** SDK version - injected from package.json at build time */
-const SDK_VERSION = "2.1.37";
+const SDK_VERSION = "2.1.39";
 /** Full SDK identifier for headers */
 const SDK_USER_AGENT = `${SDK_NAME}/${SDK_VERSION}`;
 
@@ -1674,12 +1695,16 @@ class PersApiClient {
         }
         const { retryCount = 0, responseType = 'json', bypassAuth = false } = options || {};
         const url = `${this.apiRoot}${endpoint}`;
-        // SMART TOKEN VALIDATION: Only check if we suspect the token might be expired
+        // TOKEN VALIDATION: Ensure token is valid before request
+        // This blocks the request until token validation completes - prevents 401s from expired tokens
         if (!bypassAuth && this.mergedConfig.authProvider && retryCount === 0) {
-            // Fire-and-forget validation - don't block the request unless we know there's an issue
-            this.ensureValidToken().catch(error => {
-                console.debug('[PersApiClient] Background token validation failed:', error);
-            });
+            try {
+                await this.ensureValidToken();
+            }
+            catch (error) {
+                console.debug('[PersApiClient] Token validation failed:', error);
+                // Continue with request - it will fail with 401 and trigger retry logic
+            }
         }
         const requestOptions = {
             headers: await this.getHeaders(!bypassAuth, method, url),
@@ -1707,49 +1732,63 @@ class PersApiClient {
             return result;
         }
         catch (error) {
-            // Error handling - proactive token refresh should prevent most 401s
             const status = ErrorUtils.getStatus(error);
             const errorMessage = ErrorUtils.getMessage(error);
-            // Handle 401 errors centrally through AuthService
+            // Handle 401 Unauthorized errors
             if (status === 401) {
                 const backendError = ErrorUtils.extractBackendErrorDetails(error);
-                // Check for FATAL auth error CODES (not just 401 status)
-                // Fatal codes: REFRESH_TOKEN_EXPIRED, TOKEN_REVOKED, etc. → immediate logout
-                // Non-fatal codes: TOKEN_EXPIRED → try refresh first
+                // ===========================================
+                // FATAL AUTH ERRORS → Immediate logout
+                // ===========================================
+                // Fatal codes: REFRESH_TOKEN_EXPIRED, TOKEN_REVOKED, INVALID_REFRESH_TOKEN, etc.
                 if (this.authService.isFatalAuthError(backendError.code)) {
-                    // Definitive auth failure - no retry, session is invalid
+                    console.warn(`[PersApiClient] Fatal auth error: ${backendError.code}`);
                     await this.authService.handleAuthFailure();
                     this.emitErrorEvent(backendError, errorMessage, endpoint, method, status, error);
                     throw new AuthenticationError(errorMessage, endpoint, method, backendError);
                 }
-                // If this IS a refresh request that failed with 401, don't retry to avoid infinite loop
+                // ===========================================
+                // REFRESH REQUEST FAILED → Logout (prevents infinite loop)
+                // ===========================================
                 if (options?.isRefreshRequest) {
-                    // Refresh failed - this is a real auth failure
+                    console.warn('[PersApiClient] Refresh request itself failed with 401');
                     await this.authService.handleAuthFailure();
                     this.emitErrorEvent(backendError, errorMessage, endpoint, method, status, error);
                     throw new AuthenticationError(errorMessage, endpoint, method, backendError);
                 }
-                // TOKEN_EXPIRED or unknown 401: try refresh once, then retry
+                // ===========================================
+                // RETRYABLE 401 (TOKEN_EXPIRED) → Try refresh, then retry
+                // ===========================================
                 if (retryCount === 0 && this.mergedConfig.authProvider) {
-                    try {
-                        const refreshSuccessful = await this.refreshManager.attemptInternalRefresh();
-                        if (refreshSuccessful) {
-                            // Emit TOKEN_REFRESHED event so WS clients can retry if they gave up
-                            this._events?.emitSuccess({
-                                type: 'token_refreshed',
-                                domain: 'authentication',
-                                userMessage: 'Authentication token refreshed',
-                            });
-                            // Retry with new token
-                            return await this.request(method, endpoint, body, { ...options, retryCount: 1 });
-                        }
+                    const refreshResult = await this.refreshManager.attemptInternalRefresh();
+                    if (refreshResult.success) {
+                        // Refresh succeeded → retry request with new token
+                        this._events?.emitSuccess({
+                            type: 'token_refreshed',
+                            domain: 'authentication',
+                            userMessage: 'Authentication token refreshed',
+                        });
+                        return await this.request(method, endpoint, body, { ...options, retryCount: 1 });
+                    }
+                    // Refresh failed - check if it's a definitive failure
+                    if (!refreshResult.retryable) {
+                        // Non-retryable failure (e.g., refresh token expired) → logout
+                        console.warn('[PersApiClient] Refresh failed with non-retryable error, logging out');
+                        await this.authService.handleAuthFailure();
                     }
-                    catch (refreshError) {
-                        // Refresh failed - fall through to handleAuthFailure
+                    else {
+                        // Retryable failure (network error, etc.) → DON'T logout, let app retry later
+                        console.warn('[PersApiClient] Refresh failed with retryable error, NOT logging out');
                     }
+                    this.emitErrorEvent(backendError, errorMessage, endpoint, method, status, error);
+                    throw new AuthenticationError(errorMessage, endpoint, method, backendError);
                 }
-                // All recovery attempts failed
-                await this.authService.handleAuthFailure();
+                // ===========================================
+                // RETRY FAILED (retryCount > 0) → Something wrong, but DON'T logout
+                // ===========================================
+                // We already refreshed successfully, but retry still got 401
+                // This is unexpected - don't logout, let app investigate
+                console.warn('[PersApiClient] Retry with new token still got 401 - not logging out');
                 this.emitErrorEvent(backendError, errorMessage, endpoint, method, status, error);
                 throw new AuthenticationError(errorMessage, endpoint, method, backendError);
             }
@@ -3414,16 +3453,17 @@ class TokenManager {
         return this.tokenService.getTokenByContractAddress(contractAddress, contractTokenId);
     }
     /**
-     * Get all token metadata with filtering and pagination
+     * Get all token metadata with filtering, pagination, and include relations
      *
-     * Retrieves token metadata (rewards/stamps) with server-side filtering and pagination.
+     * Retrieves token metadata (rewards/stamps) with server-side filtering, pagination,
+     * and optional include relations for additional data.
      * Useful for displaying rewards (ERC1155) or stamps (ERC721) in admin tables.
      * Non-admin users always get active metadata only.
      *
-     * @param options - Filter and pagination options
+     * @param options - Filter, pagination, and include options
      * @returns Promise resolving to paginated token metadata
      *
-     * @example Get paginated rewards
+     * @example Get paginated rewards with counts
      * ```typescript
      * const rewards = await sdk.tokens.getTokenMetadata({
      *   tokenType: 'ERC1155',
@@ -3431,19 +3471,26 @@ class TokenManager {
      *   page: 1,
      *   limit: 10,
      *   sortBy: 'name',
-     *   sortOrder: 'ASC'
+     *   sortOrder: 'ASC',
+     *   include: ['mintCount', 'burnCount', 'token']
      * });
      *
-     * console.log(`Page 1 of ${rewards.pagination.pages}`);
-     * rewards.data.forEach(r => console.log(r.name));
+     * rewards.data.forEach(r => {
+     *   console.log(`${r.name}: ${r.mintCount} minted, ${r.burnCount} burned`);
+     *   console.log(`Contract: ${r.included?.token?.contractAddress}`);
+     * });
      * ```
      *
-     * @example Get stamps with search
+     * @example Get stamps with owner business
      * ```typescript
      * const stamps = await sdk.tokens.getTokenMetadata({
      *   tokenType: 'ERC721',
      *   search: 'gold',
-     *   limit: 25
+     *   include: ['ownerBusiness', 'token']
+     * });
+     *
+     * stamps.data.forEach(s => {
+     *   console.log(`${s.name} owned by ${s.included?.ownerBusiness?.displayName}`);
      * });
      * ```
      */
@@ -3451,31 +3498,27 @@ class TokenManager {
         return this.tokenService.getTokenMetadata(options);
     }
     /**
-     * Get rewards (ERC1155 token metadata) with filtering and pagination
+     * Get rewards (ERC1155 token metadata) with filtering, pagination, and include relations
      *
      * Convenience method for fetching reward metadata. Rewards are ERC1155 tokens
      * that represent collectible items, vouchers, or other redeemable rewards.
      *
-     * @param options - Filter and pagination options (tokenType is set automatically)
+     * @param options - Filter, pagination, and include options (tokenType is set automatically)
      * @returns Promise resolving to paginated reward metadata
      *
-     * @example Get active rewards
+     * @example Get active rewards with mint counts
      * ```typescript
      * const rewards = await sdk.tokens.getRewards({
      *   active: true,
-     *   limit: 10
+     *   limit: 10,
+     *   include: ['mintCount', 'burnCount', 'token', 'ownerBusiness']
      * });
      *
-     * console.log(`Found ${rewards.pagination.total} rewards`);
-     * rewards.data.forEach(r => console.log(`${r.name}: ${r.description}`));
-     * ```
-     *
-     * @example Search rewards
-     * ```typescript
-     * const discountRewards = await sdk.tokens.getRewards({
-     *   search: 'discount',
-     *   sortBy: 'name',
-     *   sortOrder: 'ASC'
+     * rewards.data.forEach(r => {
+     *   console.log(`${r.name}: ${r.mintCount ?? 0} minted`);
+     *   if (r.included?.token) {
+     *     console.log(`  Chain: ${r.included.token.chainId}, Contract: ${r.included.token.contractAddress}`);
+     *   }
      * });
      * ```
      */
@@ -3483,31 +3526,27 @@ class TokenManager {
         return this.tokenService.getRewards(options);
     }
     /**
-     * Get stamps (ERC721 token metadata) with filtering and pagination
+     * Get stamps (ERC721 token metadata) with filtering, pagination, and include relations
      *
      * Convenience method for fetching stamp metadata. Stamps are ERC721 tokens
      * that represent achievements, badges, or collectible status markers.
      *
-     * @param options - Filter and pagination options (tokenType is set automatically)
+     * @param options - Filter, pagination, and include options (tokenType is set automatically)
      * @returns Promise resolving to paginated stamp metadata
      *
-     * @example Get active stamps
+     * @example Get active stamps with all includes
      * ```typescript
      * const stamps = await sdk.tokens.getStamps({
      *   active: true,
-     *   limit: 10
+     *   limit: 10,
+     *   include: ['mintCount', 'burnCount', 'token', 'ownerBusiness']
      * });
      *
-     * console.log(`Found ${stamps.pagination.total} stamps`);
-     * stamps.data.forEach(s => console.log(`${s.name}: ${s.description}`));
-     * ```
-     *
-     * @example Filter stamps by tags
-     * ```typescript
-     * const goldStamps = await sdk.tokens.getStamps({
-     *   tags: ['gold', 'premium'],
-     *   sortBy: 'createdAt',
-     *   sortOrder: 'DESC'
+     * stamps.data.forEach(s => {
+     *   console.log(`${s.name}: ${s.mintCount ?? 0} minted`);
+     *   if (s.included?.ownerBusiness) {
+     *     console.log(`  Owner: ${s.included.ownerBusiness.displayName}`);
+     *   }
      * });
      * ```
      */
@@ -3605,6 +3644,32 @@ class TokenManager {
     async toggleTokenActive(tokenId) {
         return this.tokenService.toggleTokenActive(tokenId);
     }
+    /**
+     * Admin: Delete token metadata (soft delete)
+     *
+     * Soft deletes token metadata by setting deletedAt timestamp.
+     * Requires administrator privileges. Will fail with 409 Conflict
+     * if metadata is currently in use by active campaigns or redemptions.
+     *
+     * @param metadataId - ID of the token metadata to delete
+     * @throws {PersApiError} When not authenticated as admin
+     * @throws {PersApiError} 409 Conflict if metadata is in use
+     *
+     * @example
+     * ```typescript
+     * try {
+     *   await sdk.tokens.deleteTokenMetadata('metadata-123');
+     *   console.log('Token metadata deleted');
+     * } catch (error) {
+     *   if (error.statusCode === 409) {
+     *     console.log('Cannot delete: metadata is used by campaigns/redemptions');
+     *   }
+     * }
+     * ```
+     */
+    async deleteTokenMetadata(metadataId) {
+        return this.tokenService.deleteTokenMetadata(metadataId);
+    }
     /**
      * Get the full token SDK for advanced operations
      *
@@ -5998,6 +6063,21 @@ class RedemptionManager {
     async deleteRedemptionType(id) {
         return this.redemptionService.deleteRedemptionType(id);
     }
+    /**
+     * Delete a redemption (soft delete)
+     *
+     * @param id - Redemption ID to delete
+     * @returns Promise resolving to true if deleted successfully
+     *
+     * @example
+     * ```typescript
+     * const success = await sdk.redemptions.deleteRedemption('redemption-123');
+     * console.log('Deleted:', success);
+     * ```
+     */
+    async deleteRedemption(id) {
+        return this.redemptionService.deleteRedemption(id);
+    }
     /**
      * Get the full redemption service for advanced operations
      *
@@ -10820,4 +10900,4 @@ function createPersSDK(httpClient, config) {
 }
 
 export { AuthStatus as A, BusinessManager as B, CampaignManager as C, DefaultAuthProvider as D, WebhookManager as E, FATAL_AUTH_CODES as F, WalletEventsManager as G, FileApi as H, IndexedDBTokenStorage as I, FileService as J, ApiKeyApi as K, LocalStorageTokenStorage as L, MemoryTokenStorage as M, WebhookApi as N, WebhookService as O, PersSDK as P, PersEventsClient as Q, RedemptionManager as R, SDK_NAME as S, TokenManager as T, UserManager as U, createPersEventsClient as V, WebDPoPCryptoProvider as W, AuthTokenManager as a, AUTH_STORAGE_KEYS as b, createPersSDK as c, DPOP_STORAGE_KEYS as d, SDK_VERSION as e, SDK_USER_AGENT as f, PersApiClient as g, DEFAULT_PERS_CONFIG as h, buildApiRoot as i, buildWalletEventsWsUrl as j, StaticJwtAuthProvider as k, AuthApi as l, mergeWithDefaults as m, isFatalAuthErrorInMessage as n, AuthService as o, DPoPManager as p, PersEventEmitter as q, AuthManager as r, UserStatusManager as s, TransactionManager as t, PurchaseManager as u, FileManager as v, ApiKeyManager as w, AnalyticsManager as x, DonationManager as y, TriggerSourceManager as z };
-//# sourceMappingURL=pers-sdk-Dds2lB27.js.map
+//# sourceMappingURL=pers-sdk-CNIfzWYX.js.map