@insforge/sdk 1.0.1-refresh.2 → 1.0.1-refresh.4

package/dist/index.d.mts

@@ -115,7 +115,7 @@ declare class HttpClient {
  *
  * Implements the Strategy Pattern for token storage:
  * - SecureSessionStorage: In-memory tokens + httpOnly cookie refresh (XSS-resistant)
- * - PersistentSessionStorage: localStorage-based storage (legacy/fallback)
+ * - LocalSessionStorage: localStorage-based storage (legacy/fallback)
  */
 
 /**
@@ -147,7 +147,7 @@ interface SessionStorageStrategy {
  *
  * Stores access token in memory only (cleared on page refresh).
  * Refresh token is stored in httpOnly cookie by the backend.
- * Uses an 'isAuthenticated' flag cookie to detect if refresh should be attempted.
+ * The `isAuthenticated` cookie is set by the backend to signal that a refresh token exists.
  *
  * Security benefits:
  * - Access token not accessible to XSS attacks (in memory only)
@@ -165,11 +165,10 @@ declare class SecureSessionStorage implements SessionStorageStrategy {
     setUser(user: UserSchema): void;
     clearSession(): void;
     shouldAttemptRefresh(): boolean;
-    private setAuthFlag;
     private hasAuthFlag;
 }
 /**
- * Persistent Session Storage Strategy
+ * Local Session Storage Strategy
  *
  * Stores tokens in localStorage for persistence across page reloads.
  * Used for legacy backends or environments where httpOnly cookies aren't available.
@@ -177,8 +176,8 @@ declare class SecureSessionStorage implements SessionStorageStrategy {
  * Note: This approach exposes tokens to XSS attacks. Use SecureSessionStorage
  * when possible.
  */
-declare class PersistentSessionStorage implements SessionStorageStrategy {
-    readonly strategyId = "persistent";
+declare class LocalSessionStorage implements SessionStorageStrategy {
+    readonly strategyId = "local";
     private storage;
     constructor(storage?: TokenStorage);
     saveSession(session: AuthSession): void;
@@ -191,64 +190,6 @@ declare class PersistentSessionStorage implements SessionStorageStrategy {
     shouldAttemptRefresh(): boolean;
 }
 
-/**
- * Backend Capability Discovery for InsForge SDK
- *
- * Discovers backend capabilities via the /api/health endpoint
- * and creates appropriate storage strategies based on those capabilities.
- */
-
-/**
- * Backend capabilities returned from /api/health
- */
-interface BackendCapabilities {
-    /** Whether backend supports secure httpOnly cookie storage for refresh tokens */
-    secureSessionStorage: boolean;
-    /** Whether backend supports token refresh endpoint */
-    refreshTokens: boolean;
-}
-/**
- * Discover backend capabilities from the /api/health endpoint
- *
- * This is the primary method for determining which features the backend supports.
- * The SDK uses this information to select appropriate storage strategies.
- *
- * @param baseUrl - The backend base URL
- * @param fetchImpl - Optional custom fetch implementation
- * @returns Backend capabilities object
- *
- * @example
- * ```typescript
- * const capabilities = await discoverCapabilities('https://api.example.com');
- * if (capabilities.secureSessionStorage) {
- *   // Use secure storage strategy
- * }
- * ```
- */
-declare function discoverCapabilities(baseUrl: string, fetchImpl?: typeof fetch): Promise<BackendCapabilities>;
-/**
- * Create the appropriate session storage strategy based on backend capabilities
- *
- * This is the factory function that implements the Strategy Pattern.
- * It selects the storage implementation based on what the backend supports.
- *
- * @param capabilities - Backend capabilities from discoverCapabilities()
- * @param storage - Optional custom storage adapter (for PersistentSessionStorage)
- * @returns Appropriate SessionStorageStrategy implementation
- *
- * @example
- * ```typescript
- * const capabilities = await discoverCapabilities(baseUrl);
- * const storage = createSessionStorage(capabilities);
- * storage.saveSession({ accessToken: '...', user: {...} });
- * ```
- */
-declare function createSessionStorage(capabilities: BackendCapabilities, storage?: TokenStorage): SessionStorageStrategy;
-/**
- * Get default capabilities (useful for testing or manual override)
- */
-declare function getDefaultCapabilities(): BackendCapabilities;
-
 /**
  * Token Manager for InsForge SDK
  *
@@ -260,14 +201,14 @@ declare function getDefaultCapabilities(): BackendCapabilities;
  * TokenManager - Manages session storage using the Strategy Pattern
  *
  * The actual storage implementation is delegated to a SessionStorageStrategy.
- * By default, uses PersistentSessionStorage until a strategy is explicitly set
+ * By default, uses LocalSessionStorage until a strategy is explicitly set
  * via setStrategy() during client initialization.
  */
 declare class TokenManager {
     private strategy;
     /**
      * Create a new TokenManager
-     * @param storage - Optional custom storage adapter (used for initial PersistentSessionStorage)
+     * @param storage - Optional custom storage adapter (used for initial LocalSessionStorage)
      */
     constructor(storage?: TokenStorage);
     /**
@@ -338,28 +279,35 @@ declare class Auth {
     private http;
     private tokenManager;
     private database;
-    private initPromise;
     constructor(http: HttpClient, tokenManager: TokenManager);
     /**
-     * Check if an error represents an authentication failure
-     * Used to determine appropriate HTTP status code (401 vs 500)
+     * Check if the isAuthenticated cookie flag exists
      */
-    private isAuthenticationError;
+    private hasAuthenticatedCookie;
     /**
-     * Set the initialization promise that auth operations should wait for
-     * This ensures TokenManager mode is set before any auth operations
+     * Switch to SecureSessionStorage (cookie-based auth)
+     * Called when we detect backend supports secure cookie mode
+     * @internal
      */
-    setInitPromise(promise: Promise<void>): void;
+    _switchToSecureStorage(): void;
     /**
-     * Wait for initialization to complete (if set)
+     * Switch to LocalSessionStorage (localStorage-based auth)
+     * Called when cookie-based auth fails (fallback)
+     * @internal
      */
-    private waitForInit;
+    _switchToLocalStorage(): void;
     /**
-     * Automatically detect and handle OAuth callback parameters in the URL
-     * This runs after initialization to seamlessly complete the OAuth flow
-     * Matches the backend's OAuth callback response (backend/src/api/routes/auth.ts:540-544)
+     * Detect storage strategy after successful auth
+     * Checks for isAuthenticated cookie to determine backend mode
+     * @internal
      */
-    private detectAuthCallbackAsync;
+    private _detectStorageAfterAuth;
+    /**
+   * Automatically detect and handle OAuth callback parameters in the URL
+   * This runs on initialization to seamlessly complete the OAuth flow
+   * Matches the backend's OAuth callback response (backend/src/api/routes/auth.ts:540-544)
+   */
+    detectAuthCallback(): void;
     /**
      * Sign up a new user
      */
@@ -425,6 +373,9 @@ declare class Auth {
     /**
      * Get the current user with full profile information
      * Returns both auth info (id, email, role) and profile data (dynamic fields from users table)
+     *
+     * In secure session mode (httpOnly cookie), this method will automatically attempt
+     * to refresh the session if no access token is available (e.g., after page reload).
      */
     getCurrentUser(): Promise<{
         data: {
@@ -829,11 +780,8 @@ declare class Functions {
  *   baseUrl: 'http://localhost:7130'
  * });
  *
- * // Wait for initialization (optional but recommended)
- * await client.initialize();
- *
  * // Authentication
- * const session = await client.auth.signUp({
+ * const { data, error } = await client.auth.signUp({
  *   email: 'user@example.com',
  *   password: 'password123',
  *   name: 'John Doe'
@@ -862,30 +810,12 @@ declare class Functions {
 declare class InsForgeClient {
     private http;
     private tokenManager;
-    private initialized;
-    private initializationPromise;
-    private capabilities;
     readonly auth: Auth;
     readonly database: Database;
     readonly storage: Storage;
     readonly ai: AI;
     readonly functions: Functions;
     constructor(config?: InsForgeConfig);
-    /**
-     * Initialize the client by discovering backend capabilities
-     * This is called automatically on construction but can be awaited for guaranteed initialization
-     *
-     * @example
-     * ```typescript
-     * const client = new InsForgeClient({ baseUrl: 'https://api.example.com' });
-     * await client.initialize(); // Wait for capability discovery
-     * ```
-     */
-    initialize(): Promise<void>;
-    /**
-     * Internal async initialization - discovers capabilities and configures storage strategy
-     */
-    private initializeAsync;
     /**
      * Get the underlying HTTP client for custom requests
      *
@@ -896,18 +826,10 @@ declare class InsForgeClient {
      * ```
      */
     getHttpClient(): HttpClient;
-    /**
-     * Get the discovered backend capabilities
-     */
-    getCapabilities(): BackendCapabilities | null;
     /**
      * Get the current storage strategy identifier
      */
     getStorageStrategy(): string;
-    /**
-     * Check if the client has been fully initialized
-     */
-    isInitialized(): boolean;
 }
 
 /**
@@ -918,4 +840,4 @@ declare class InsForgeClient {
 
 declare function createClient(config: InsForgeConfig): InsForgeClient;
 
-export { AI, type ApiError, Auth, type AuthSession, type BackendCapabilities, type InsForgeConfig as ClientOptions, Database, type FunctionInvokeOptions, Functions, HttpClient, InsForgeClient, type InsForgeConfig, InsForgeError, PersistentSessionStorage, type ProfileData, SecureSessionStorage, type SessionStorageStrategy, Storage, StorageBucket, type StorageResponse, TokenManager, type TokenStorage, type UpdateProfileData, createClient, createSessionStorage, InsForgeClient as default, discoverCapabilities, getDefaultCapabilities };
+export { AI, type ApiError, Auth, type AuthSession, type InsForgeConfig as ClientOptions, Database, type FunctionInvokeOptions, Functions, HttpClient, InsForgeClient, type InsForgeConfig, InsForgeError, LocalSessionStorage, type ProfileData, SecureSessionStorage, type SessionStorageStrategy, Storage, StorageBucket, type StorageResponse, TokenManager, type TokenStorage, type UpdateProfileData, createClient, InsForgeClient as default };

package/dist/index.d.ts

@@ -115,7 +115,7 @@ declare class HttpClient {
  *
  * Implements the Strategy Pattern for token storage:
  * - SecureSessionStorage: In-memory tokens + httpOnly cookie refresh (XSS-resistant)
- * - PersistentSessionStorage: localStorage-based storage (legacy/fallback)
+ * - LocalSessionStorage: localStorage-based storage (legacy/fallback)
  */
 
 /**
@@ -147,7 +147,7 @@ interface SessionStorageStrategy {
  *
  * Stores access token in memory only (cleared on page refresh).
  * Refresh token is stored in httpOnly cookie by the backend.
- * Uses an 'isAuthenticated' flag cookie to detect if refresh should be attempted.
+ * The `isAuthenticated` cookie is set by the backend to signal that a refresh token exists.
  *
  * Security benefits:
  * - Access token not accessible to XSS attacks (in memory only)
@@ -165,11 +165,10 @@ declare class SecureSessionStorage implements SessionStorageStrategy {
     setUser(user: UserSchema): void;
     clearSession(): void;
     shouldAttemptRefresh(): boolean;
-    private setAuthFlag;
     private hasAuthFlag;
 }
 /**
- * Persistent Session Storage Strategy
+ * Local Session Storage Strategy
  *
  * Stores tokens in localStorage for persistence across page reloads.
  * Used for legacy backends or environments where httpOnly cookies aren't available.
@@ -177,8 +176,8 @@ declare class SecureSessionStorage implements SessionStorageStrategy {
  * Note: This approach exposes tokens to XSS attacks. Use SecureSessionStorage
  * when possible.
  */
-declare class PersistentSessionStorage implements SessionStorageStrategy {
-    readonly strategyId = "persistent";
+declare class LocalSessionStorage implements SessionStorageStrategy {
+    readonly strategyId = "local";
     private storage;
     constructor(storage?: TokenStorage);
     saveSession(session: AuthSession): void;
@@ -191,64 +190,6 @@ declare class PersistentSessionStorage implements SessionStorageStrategy {
     shouldAttemptRefresh(): boolean;
 }
 
-/**
- * Backend Capability Discovery for InsForge SDK
- *
- * Discovers backend capabilities via the /api/health endpoint
- * and creates appropriate storage strategies based on those capabilities.
- */
-
-/**
- * Backend capabilities returned from /api/health
- */
-interface BackendCapabilities {
-    /** Whether backend supports secure httpOnly cookie storage for refresh tokens */
-    secureSessionStorage: boolean;
-    /** Whether backend supports token refresh endpoint */
-    refreshTokens: boolean;
-}
-/**
- * Discover backend capabilities from the /api/health endpoint
- *
- * This is the primary method for determining which features the backend supports.
- * The SDK uses this information to select appropriate storage strategies.
- *
- * @param baseUrl - The backend base URL
- * @param fetchImpl - Optional custom fetch implementation
- * @returns Backend capabilities object
- *
- * @example
- * ```typescript
- * const capabilities = await discoverCapabilities('https://api.example.com');
- * if (capabilities.secureSessionStorage) {
- *   // Use secure storage strategy
- * }
- * ```
- */
-declare function discoverCapabilities(baseUrl: string, fetchImpl?: typeof fetch): Promise<BackendCapabilities>;
-/**
- * Create the appropriate session storage strategy based on backend capabilities
- *
- * This is the factory function that implements the Strategy Pattern.
- * It selects the storage implementation based on what the backend supports.
- *
- * @param capabilities - Backend capabilities from discoverCapabilities()
- * @param storage - Optional custom storage adapter (for PersistentSessionStorage)
- * @returns Appropriate SessionStorageStrategy implementation
- *
- * @example
- * ```typescript
- * const capabilities = await discoverCapabilities(baseUrl);
- * const storage = createSessionStorage(capabilities);
- * storage.saveSession({ accessToken: '...', user: {...} });
- * ```
- */
-declare function createSessionStorage(capabilities: BackendCapabilities, storage?: TokenStorage): SessionStorageStrategy;
-/**
- * Get default capabilities (useful for testing or manual override)
- */
-declare function getDefaultCapabilities(): BackendCapabilities;
-
 /**
  * Token Manager for InsForge SDK
  *
@@ -260,14 +201,14 @@ declare function getDefaultCapabilities(): BackendCapabilities;
  * TokenManager - Manages session storage using the Strategy Pattern
  *
  * The actual storage implementation is delegated to a SessionStorageStrategy.
- * By default, uses PersistentSessionStorage until a strategy is explicitly set
+ * By default, uses LocalSessionStorage until a strategy is explicitly set
  * via setStrategy() during client initialization.
  */
 declare class TokenManager {
     private strategy;
     /**
      * Create a new TokenManager
-     * @param storage - Optional custom storage adapter (used for initial PersistentSessionStorage)
+     * @param storage - Optional custom storage adapter (used for initial LocalSessionStorage)
      */
     constructor(storage?: TokenStorage);
     /**
@@ -338,28 +279,35 @@ declare class Auth {
     private http;
     private tokenManager;
     private database;
-    private initPromise;
     constructor(http: HttpClient, tokenManager: TokenManager);
     /**
-     * Check if an error represents an authentication failure
-     * Used to determine appropriate HTTP status code (401 vs 500)
+     * Check if the isAuthenticated cookie flag exists
      */
-    private isAuthenticationError;
+    private hasAuthenticatedCookie;
     /**
-     * Set the initialization promise that auth operations should wait for
-     * This ensures TokenManager mode is set before any auth operations
+     * Switch to SecureSessionStorage (cookie-based auth)
+     * Called when we detect backend supports secure cookie mode
+     * @internal
      */
-    setInitPromise(promise: Promise<void>): void;
+    _switchToSecureStorage(): void;
     /**
-     * Wait for initialization to complete (if set)
+     * Switch to LocalSessionStorage (localStorage-based auth)
+     * Called when cookie-based auth fails (fallback)
+     * @internal
      */
-    private waitForInit;
+    _switchToLocalStorage(): void;
     /**
-     * Automatically detect and handle OAuth callback parameters in the URL
-     * This runs after initialization to seamlessly complete the OAuth flow
-     * Matches the backend's OAuth callback response (backend/src/api/routes/auth.ts:540-544)
+     * Detect storage strategy after successful auth
+     * Checks for isAuthenticated cookie to determine backend mode
+     * @internal
      */
-    private detectAuthCallbackAsync;
+    private _detectStorageAfterAuth;
+    /**
+   * Automatically detect and handle OAuth callback parameters in the URL
+   * This runs on initialization to seamlessly complete the OAuth flow
+   * Matches the backend's OAuth callback response (backend/src/api/routes/auth.ts:540-544)
+   */
+    detectAuthCallback(): void;
     /**
      * Sign up a new user
      */
@@ -425,6 +373,9 @@ declare class Auth {
     /**
      * Get the current user with full profile information
      * Returns both auth info (id, email, role) and profile data (dynamic fields from users table)
+     *
+     * In secure session mode (httpOnly cookie), this method will automatically attempt
+     * to refresh the session if no access token is available (e.g., after page reload).
      */
     getCurrentUser(): Promise<{
         data: {
@@ -829,11 +780,8 @@ declare class Functions {
  *   baseUrl: 'http://localhost:7130'
  * });
  *
- * // Wait for initialization (optional but recommended)
- * await client.initialize();
- *
  * // Authentication
- * const session = await client.auth.signUp({
+ * const { data, error } = await client.auth.signUp({
  *   email: 'user@example.com',
  *   password: 'password123',
  *   name: 'John Doe'
@@ -862,30 +810,12 @@ declare class Functions {
 declare class InsForgeClient {
     private http;
     private tokenManager;
-    private initialized;
-    private initializationPromise;
-    private capabilities;
     readonly auth: Auth;
     readonly database: Database;
     readonly storage: Storage;
     readonly ai: AI;
     readonly functions: Functions;
     constructor(config?: InsForgeConfig);
-    /**
-     * Initialize the client by discovering backend capabilities
-     * This is called automatically on construction but can be awaited for guaranteed initialization
-     *
-     * @example
-     * ```typescript
-     * const client = new InsForgeClient({ baseUrl: 'https://api.example.com' });
-     * await client.initialize(); // Wait for capability discovery
-     * ```
-     */
-    initialize(): Promise<void>;
-    /**
-     * Internal async initialization - discovers capabilities and configures storage strategy
-     */
-    private initializeAsync;
     /**
      * Get the underlying HTTP client for custom requests
      *
@@ -896,18 +826,10 @@ declare class InsForgeClient {
      * ```
      */
     getHttpClient(): HttpClient;
-    /**
-     * Get the discovered backend capabilities
-     */
-    getCapabilities(): BackendCapabilities | null;
     /**
      * Get the current storage strategy identifier
      */
     getStorageStrategy(): string;
-    /**
-     * Check if the client has been fully initialized
-     */
-    isInitialized(): boolean;
 }
 
 /**
@@ -918,4 +840,4 @@ declare class InsForgeClient {
 
 declare function createClient(config: InsForgeConfig): InsForgeClient;
 
-export { AI, type ApiError, Auth, type AuthSession, type BackendCapabilities, type InsForgeConfig as ClientOptions, Database, type FunctionInvokeOptions, Functions, HttpClient, InsForgeClient, type InsForgeConfig, InsForgeError, PersistentSessionStorage, type ProfileData, SecureSessionStorage, type SessionStorageStrategy, Storage, StorageBucket, type StorageResponse, TokenManager, type TokenStorage, type UpdateProfileData, createClient, createSessionStorage, InsForgeClient as default, discoverCapabilities, getDefaultCapabilities };
+export { AI, type ApiError, Auth, type AuthSession, type InsForgeConfig as ClientOptions, Database, type FunctionInvokeOptions, Functions, HttpClient, InsForgeClient, type InsForgeConfig, InsForgeError, LocalSessionStorage, type ProfileData, SecureSessionStorage, type SessionStorageStrategy, Storage, StorageBucket, type StorageResponse, TokenManager, type TokenStorage, type UpdateProfileData, createClient, InsForgeClient as default };