@kaiz11/stack-client 0.0.14

package/dist/test/helpers/jwt.js

@@ -0,0 +1,132 @@
+/**
+ * JWT generation helpers for tests (ES256)
+ *
+ * Uses ES256 (ECDSA P-256) to match production GoTrue configuration.
+ */
+import * as jose from "jose";
+/**
+ * Test keypair for ES256 signing
+ * Generated once and reused across tests
+ */
+let testKeyPair = null;
+let testJWKS = null;
+/**
+ * Generate or retrieve the test ES256 keypair
+ */
+export async function getTestKeyPair() {
+    if (!testKeyPair) {
+        const { privateKey, publicKey } = await jose.generateKeyPair("ES256");
+        testKeyPair = { privateKey, publicKey };
+    }
+    return testKeyPair;
+}
+/**
+ * Get the test JWKS (for createLocalJWKS)
+ */
+export async function getTestJWKS() {
+    if (!testJWKS) {
+        const { publicKey } = await getTestKeyPair();
+        const jwk = await jose.exportJWK(publicKey);
+        jwk.kid = "test-key-1";
+        jwk.alg = "ES256";
+        jwk.use = "sig";
+        testJWKS = { keys: [jwk] };
+    }
+    return testJWKS;
+}
+/**
+ * Reset test keys (for isolation between test suites if needed)
+ */
+export function resetTestKeys() {
+    testKeyPair = null;
+    testJWKS = null;
+}
+/**
+ * Generate an ES256 JWT token for testing
+ *
+ * @param role - The role (anon, authenticated, service_role)
+ * @param sub - Optional user ID for the sub claim
+ * @param options - Additional options (email, phone, aal)
+ * @returns Signed JWT token
+ */
+export async function generateJwt(role, sub, options) {
+    const { privateKey } = await getTestKeyPair();
+    const builder = new jose.SignJWT({
+        role,
+        ...(sub && { sub }),
+        ...(options?.email && { email: options.email }),
+        ...(options?.phone && { phone: options.phone }),
+        ...(options?.aal && { aal: options.aal }),
+    })
+        .setProtectedHeader({ alg: "ES256", kid: "test-key-1" })
+        .setIssuedAt()
+        .setExpirationTime("1h")
+        .setIssuer("supabase");
+    if (sub) {
+        builder.setSubject(sub);
+    }
+    return builder.sign(privateKey);
+}
+/**
+ * Generate an expired ES256 JWT for testing expiration handling
+ */
+export async function generateExpiredJwt(role, sub) {
+    const { privateKey } = await getTestKeyPair();
+    const builder = new jose.SignJWT({
+        role,
+        ...(sub && { sub }),
+    })
+        .setProtectedHeader({ alg: "ES256", kid: "test-key-1" })
+        .setIssuedAt(Math.floor(Date.now() / 1000) - 7200) // 2 hours ago
+        .setExpirationTime("-1h") // Expired 1 hour ago
+        .setIssuer("supabase");
+    if (sub) {
+        builder.setSubject(sub);
+    }
+    return builder.sign(privateKey);
+}
+/**
+ * Generate a JWT with custom audience
+ */
+export async function generateJwtWithAudience(role, sub, audience) {
+    const { privateKey } = await getTestKeyPair();
+    return new jose.SignJWT({ role })
+        .setProtectedHeader({ alg: "ES256", kid: "test-key-1" })
+        .setSubject(sub)
+        .setIssuedAt()
+        .setExpirationTime("1h")
+        .setIssuer("supabase")
+        .setAudience(audience)
+        .sign(privateKey);
+}
+/**
+ * Generate a JWT missing the sub claim (for testing validation)
+ */
+export async function generateJwtWithoutSub(role) {
+    const { privateKey } = await getTestKeyPair();
+    return new jose.SignJWT({ role })
+        .setProtectedHeader({ alg: "ES256", kid: "test-key-1" })
+        .setIssuedAt()
+        .setExpirationTime("1h")
+        .setIssuer("supabase")
+        .sign(privateKey);
+}
+/**
+ * Generate an anon JWT
+ */
+export async function generateAnonJwt() {
+    return generateJwt("anon");
+}
+/**
+ * Generate a service_role JWT (bypasses RLS)
+ */
+export async function generateServiceRoleJwt() {
+    return generateJwt("service_role", "service");
+}
+/**
+ * Generate an authenticated JWT for a specific user
+ */
+export async function generateAuthenticatedJwt(userId, options) {
+    return generateJwt("authenticated", userId, options);
+}
+//# sourceMappingURL=jwt.js.map

package/dist/test/helpers/jwt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../../../src/test/helpers/jwt.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAI7B;;;GAGG;AACH,IAAI,WAAW,GAAsC,IAAI,CAAC;AAC1D,IAAI,QAAQ,GAA8B,IAAI,CAAC;AAE/C;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACtE,WAAW,GAAG,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;IAC1C,CAAC;IACD,OAAO,WAAW,CAAC;AACrB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW;IAC/B,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,cAAc,EAAE,CAAC;QAC7C,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QAC5C,GAAG,CAAC,GAAG,GAAG,YAAY,CAAC;QACvB,GAAG,CAAC,GAAG,GAAG,OAAO,CAAC;QAClB,GAAG,CAAC,GAAG,GAAG,KAAK,CAAC;QAChB,QAAQ,GAAG,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC;IAC7B,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa;IAC3B,WAAW,GAAG,IAAI,CAAC;IACnB,QAAQ,GAAG,IAAI,CAAC;AAClB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,IAAa,EACb,GAAY,EACZ,OAAmE;IAEnE,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,cAAc,EAAE,CAAC;IAE9C,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC;QAC/B,IAAI;QACJ,GAAG,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,CAAC;QACnB,GAAG,CAAC,OAAO,EAAE,KAAK,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC;QAC/C,GAAG,CAAC,OAAO,EAAE,KAAK,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC;QAC/C,GAAG,CAAC,OAAO,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;KAC1C,CAAC;SACC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,YAAY,EAAE,CAAC;SACvD,WAAW,EAAE;SACb,iBAAiB,CAAC,IAAI,CAAC;SACvB,SAAS,CAAC,UAAU,CAAC,CAAC;IAEzB,IAAI,GAAG,EAAE,CAAC;QACR,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;IAED,OAAO,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;AAClC,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,IAAa,EACb,GAAY;IAEZ,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,cAAc,EAAE,CAAC;IAE9C,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC;QAC/B,IAAI;QACJ,GAAG,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,CAAC;KACpB,CAAC;SACC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,YAAY,EAAE,CAAC;SACvD,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC,cAAc;SAChE,iBAAiB,CAAC,KAAK,CAAC,CAAC,qBAAqB;SAC9C,SAAS,CAAC,UAAU,CAAC,CAAC;IAEzB,IAAI,GAAG,EAAE,CAAC;QACR,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;IAED,OAAO,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;AAClC,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,IAAa,EACb,GAAW,EACX,QAAgB;IAEhB,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,cAAc,EAAE,CAAC;IAE9C,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC;SAC9B,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,YAAY,EAAE,CAAC;SACvD,UAAU,CAAC,GAAG,CAAC;SACf,WAAW,EAAE;SACb,iBAAiB,CAAC,IAAI,CAAC;SACvB,SAAS,CAAC,UAAU,CAAC;SACrB,WAAW,CAAC,QAAQ,CAAC;SACrB,IAAI,CAAC,UAAU,CAAC,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,IAAa;IACvD,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,cAAc,EAAE,CAAC;IAE9C,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC;SAC9B,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,YAAY,EAAE,CAAC;SACvD,WAAW,EAAE;SACb,iBAAiB,CAAC,IAAI,CAAC;SACvB,SAAS,CAAC,UAAU,CAAC;SACrB,IAAI,CAAC,UAAU,CAAC,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,OAAO,WAAW,CAAC,MAAM,CAAC,CAAC;AAC7B,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB;IAC1C,OAAO,WAAW,CAAC,cAAc,EAAE,SAAS,CAAC,CAAC;AAChD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,MAAc,EACd,OAAmE;IAEnE,OAAO,WAAW,CAAC,eAAe,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;AACvD,CAAC"}

package/dist/test/helpers/mailpit.d.ts

@@ -0,0 +1,61 @@
+/**
+ * Mailpit API client for integration tests
+ *
+ * Provides helpers to fetch and parse emails captured by Mailpit
+ * during integration testing.
+ */
+export interface MailpitMessage {
+    ID: string;
+    Subject: string;
+    From: {
+        Name: string;
+        Address: string;
+    };
+    To: Array<{
+        Name: string;
+        Address: string;
+    }>;
+    Text: string;
+    HTML: string;
+}
+/**
+ * Check if Mailpit is available
+ */
+export declare function isMailpitAvailable(): boolean;
+/**
+ * Skip condition for tests that require Mailpit
+ */
+export declare const skipWithoutMailpit: boolean;
+/**
+ * Fetch emails for a recipient from Mailpit
+ */
+export declare function getEmailsFor(email: string, options?: {
+    limit?: number;
+    timeout?: number;
+}): Promise<MailpitMessage[]>;
+/**
+ * Wait for an email to arrive for a recipient
+ */
+export declare function waitForEmail(email: string, options?: {
+    subject?: string;
+    timeout?: number;
+}): Promise<MailpitMessage>;
+/**
+ * Extract OTP code from email body
+ * Looks for patterns like "enter the code: 123456" or "code: 123456"
+ */
+export declare function extractOtp(email: MailpitMessage): string | null;
+/**
+ * Extract verification token from email link
+ * Looks for token parameter in verification URLs
+ */
+export declare function extractToken(email: MailpitMessage): string | null;
+/**
+ * Extract magic link URL from email
+ */
+export declare function extractMagicLink(email: MailpitMessage): string | null;
+/**
+ * Delete all emails for a recipient (cleanup)
+ */
+export declare function deleteEmailsFor(email: string): Promise<void>;
+//# sourceMappingURL=mailpit.d.ts.map

package/dist/test/helpers/mailpit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mailpit.d.ts","sourceRoot":"","sources":["../../../src/test/helpers/mailpit.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IACxC,EAAE,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC7C,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACd;AAWD;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,OAAO,CAE5C;AAED;;GAEG;AACH,eAAO,MAAM,kBAAkB,SAAe,CAAC;AAE/C;;GAEG;AACH,wBAAsB,YAAY,CAChC,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE;IAAE,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,GAC7C,OAAO,CAAC,cAAc,EAAE,CAAC,CA8B3B;AAED;;GAEG;AACH,wBAAsB,YAAY,CAChC,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,GAC/C,OAAO,CAAC,cAAc,CAAC,CAqBzB;AAED;;;GAGG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,cAAc,GAAG,MAAM,GAAG,IAAI,CAK/D;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,cAAc,GAAG,MAAM,GAAG,IAAI,CAKjE;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,cAAc,GAAG,MAAM,GAAG,IAAI,CAOrE;AAED;;GAEG;AACH,wBAAsB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAWlE"}

package/dist/test/helpers/mailpit.js

@@ -0,0 +1,107 @@
+/**
+ * Mailpit API client for integration tests
+ *
+ * Provides helpers to fetch and parse emails captured by Mailpit
+ * during integration testing.
+ */
+const MAILPIT_URL = process.env.MAILPIT_URL;
+/**
+ * Check if Mailpit is available
+ */
+export function isMailpitAvailable() {
+    return !!MAILPIT_URL;
+}
+/**
+ * Skip condition for tests that require Mailpit
+ */
+export const skipWithoutMailpit = !MAILPIT_URL;
+/**
+ * Fetch emails for a recipient from Mailpit
+ */
+export async function getEmailsFor(email, options) {
+    if (!MAILPIT_URL) {
+        throw new Error("MAILPIT_URL not set");
+    }
+    const { limit = 10, timeout = 5000 } = options ?? {};
+    const startTime = Date.now();
+    // Poll for emails with timeout
+    while (Date.now() - startTime < timeout) {
+        const searchUrl = `${MAILPIT_URL}/api/v1/search?query=to:${encodeURIComponent(email)}&limit=${limit}`;
+        const searchRes = await fetch(searchUrl);
+        const searchData = (await searchRes.json());
+        if (searchData.messages?.length > 0) {
+            // Fetch full message content for each
+            const messages = await Promise.all(searchData.messages.map(async (msg) => {
+                const msgRes = await fetch(`${MAILPIT_URL}/api/v1/message/${msg.ID}`);
+                return msgRes.json();
+            }));
+            return messages;
+        }
+        // Wait before polling again
+        await new Promise((r) => setTimeout(r, 200));
+    }
+    return [];
+}
+/**
+ * Wait for an email to arrive for a recipient
+ */
+export async function waitForEmail(email, options) {
+    const { subject, timeout = 10000 } = options ?? {};
+    const startTime = Date.now();
+    while (Date.now() - startTime < timeout) {
+        const emails = await getEmailsFor(email, { limit: 5, timeout: 1000 });
+        const match = subject
+            ? emails.find((e) => e.Subject.includes(subject))
+            : emails[0];
+        if (match) {
+            return match;
+        }
+        await new Promise((r) => setTimeout(r, 300));
+    }
+    throw new Error(`Timeout waiting for email to ${email}${subject ? ` with subject "${subject}"` : ""}`);
+}
+/**
+ * Extract OTP code from email body
+ * Looks for patterns like "enter the code: 123456" or "code: 123456"
+ */
+export function extractOtp(email) {
+    const text = email.Text || email.HTML;
+    // Match 6-digit OTP code after common patterns
+    const match = text.match(/(?:code|otp|token)[:\s]+(\d{6})/i);
+    return match?.[1] ?? null;
+}
+/**
+ * Extract verification token from email link
+ * Looks for token parameter in verification URLs
+ */
+export function extractToken(email) {
+    const text = email.Text || email.HTML;
+    // Match token parameter in URL
+    const match = text.match(/[?&]token=([a-f0-9]+)/i);
+    return match?.[1] ?? null;
+}
+/**
+ * Extract magic link URL from email
+ */
+export function extractMagicLink(email) {
+    const text = email.Text || email.HTML;
+    // Match the full verification/magic link URL
+    const match = text.match(/https?:\/\/[^\s<>"]+\/auth\/[^\s<>"]+\/verify\?[^\s<>"]+/i);
+    return match?.[0] ?? null;
+}
+/**
+ * Delete all emails for a recipient (cleanup)
+ */
+export async function deleteEmailsFor(email) {
+    if (!MAILPIT_URL)
+        return;
+    const emails = await getEmailsFor(email, { timeout: 1000 });
+    for (const msg of emails) {
+        await fetch(`${MAILPIT_URL}/api/v1/messages`, {
+            method: "DELETE",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ IDs: [msg.ID] }),
+        });
+    }
+}
+//# sourceMappingURL=mailpit.js.map

package/dist/test/helpers/mailpit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mailpit.js","sourceRoot":"","sources":["../../../src/test/helpers/mailpit.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;AAoB5C;;GAEG;AACH,MAAM,UAAU,kBAAkB;IAChC,OAAO,CAAC,CAAC,WAAW,CAAC;AACvB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,WAAW,CAAC;AAE/C;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,KAAa,EACb,OAA8C;IAE9C,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;IACzC,CAAC;IAED,MAAM,EAAE,KAAK,GAAG,EAAE,EAAE,OAAO,GAAG,IAAI,EAAE,GAAG,OAAO,IAAI,EAAE,CAAC;IACrD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,+BAA+B;IAC/B,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,OAAO,EAAE,CAAC;QACxC,MAAM,SAAS,GAAG,GAAG,WAAW,2BAA2B,kBAAkB,CAAC,KAAK,CAAC,UAAU,KAAK,EAAE,CAAC;QACtG,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC,CAAC;QACzC,MAAM,UAAU,GAAG,CAAC,MAAM,SAAS,CAAC,IAAI,EAAE,CAAwB,CAAC;QAEnE,IAAI,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,sCAAsC;YACtC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,GAAG,CAChC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;gBACpC,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,GAAG,WAAW,mBAAmB,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;gBACtE,OAAO,MAAM,CAAC,IAAI,EAA6B,CAAC;YAClD,CAAC,CAAC,CACH,CAAC;YACF,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,4BAA4B;QAC5B,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;IAC/C,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,KAAa,EACb,OAAgD;IAEhD,MAAM,EAAE,OAAO,EAAE,OAAO,GAAG,KAAK,EAAE,GAAG,OAAO,IAAI,EAAE,CAAC;IACnD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,OAAO,EAAE,CAAC;QACxC,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,KAAK,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAEtE,MAAM,KAAK,GAAG,OAAO;YACnB,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACjD,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAEd,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;IAC/C,CAAC;IAED,MAAM,IAAI,KAAK,CACb,gCAAgC,KAAK,GAAG,OAAO,CAAC,CAAC,CAAC,kBAAkB,OAAO,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACtF,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,UAAU,CAAC,KAAqB;IAC9C,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,CAAC;IACtC,+CAA+C;IAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC;IAC7D,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;AAC5B,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,KAAqB;IAChD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,CAAC;IACtC,+BAA+B;IAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;IACnD,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;AAC5B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAAqB;IACpD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,CAAC;IACtC,6CAA6C;IAC7C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CACtB,2DAA2D,CAC5D,CAAC;IACF,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;AAC5B,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,KAAa;IACjD,IAAI,CAAC,WAAW;QAAE,OAAO;IAEzB,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,KAAK,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IAC5D,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;QACzB,MAAM,KAAK,CAAC,GAAG,WAAW,kBAAkB,EAAE;YAC5C,MAAM,EAAE,QAAQ;YAChB,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;SACxC,CAAC,CAAC;IACL,CAAC;AACH,CAAC"}

package/dist/test/setup.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=setup.d.ts.map

package/dist/test/setup.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"setup.d.ts","sourceRoot":"","sources":["../../src/test/setup.ts"],"names":[],"mappings":""}

package/dist/test/setup.js

@@ -0,0 +1,17 @@
+import { afterAll, afterEach, beforeAll } from "vitest";
+import { server, mockState, requestCounts } from "../mocks/index.js";
+// Start MSW server before all tests
+beforeAll(() => {
+    server.listen({ onUnhandledRequest: "error" });
+});
+// Reset handlers and state after each test
+afterEach(() => {
+    server.resetHandlers();
+    mockState.reset();
+    requestCounts.reset();
+});
+// Clean up after all tests
+afterAll(() => {
+    server.close();
+});
+//# sourceMappingURL=setup.js.map

package/dist/test/setup.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"setup.js","sourceRoot":"","sources":["../../src/test/setup.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACxD,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAErE,oCAAoC;AACpC,SAAS,CAAC,GAAG,EAAE;IACb,MAAM,CAAC,MAAM,CAAC,EAAE,kBAAkB,EAAE,OAAO,EAAE,CAAC,CAAC;AACjD,CAAC,CAAC,CAAC;AAEH,2CAA2C;AAC3C,SAAS,CAAC,GAAG,EAAE;IACb,MAAM,CAAC,aAAa,EAAE,CAAC;IACvB,SAAS,CAAC,KAAK,EAAE,CAAC;IAClB,aAAa,CAAC,KAAK,EAAE,CAAC;AACxB,CAAC,CAAC,CAAC;AAEH,2BAA2B;AAC3B,QAAQ,CAAC,GAAG,EAAE;IACZ,MAAM,CAAC,KAAK,EAAE,CAAC;AACjB,CAAC,CAAC,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,96 @@
+import type { TokenStoreType } from "./lib/token-store.js";
+import type { MockOptions } from "./mocks/state.js";
+/**
+ * Default tenant ID for platform-level operations
+ */
+export declare const PLATFORM_TENANT_ID = "_platform";
+/**
+ * Client configuration
+ */
+export interface ClientConfig {
+    /** Base URL of the stack (e.g., "https://stack.zenku.app") */
+    baseUrl: string;
+    /**
+     * Tenant identifier (default: "_platform" for platform-level operations)
+     *
+     * Use "_platform" (or omit) for platform admin operations.
+     * Use a specific tenant ID for end-user applications.
+     */
+    tenantId?: string;
+    /** Token storage type or custom implementation */
+    tokenStore?: TokenStoreType;
+    /** Storage key prefix (default: "stack") */
+    storagePrefix?: string;
+    /** Request timeout in milliseconds (default: 30000) */
+    timeout?: number;
+    /**
+     * Static access token for service accounts or testing
+     *
+     * When provided, this token is used for all requests without going through
+     * the auth flow. Useful for:
+     * - Service role access (bypasses RLS)
+     * - Testing with pre-generated tokens
+     * - Server-side operations with admin tokens
+     *
+     * @example
+     * ```typescript
+     * const client = createClient({
+     *   baseUrl: "https://stack.example.com",
+     *   tenantId: "my-tenant",
+     *   accessToken: process.env.SERVICE_ROLE_JWT,
+     * });
+     * ```
+     */
+    accessToken?: string;
+    /**
+     * Account ID for admin/control-plane operations
+     *
+     * Required for operations like managing storage policies.
+     * This is the Basejump account ID that owns the tenant.
+     *
+     * @example
+     * ```typescript
+     * const client = createClient({
+     *   baseUrl: "https://stack.example.com",
+     *   tenantId: "my-tenant",
+     *   accountId: "acct_123",
+     *   accessToken: process.env.ADMIN_JWT,
+     * });
+     *
+     * // Now you can manage policies
+     * await client.storage.policies.applyTemplate("avatars", "ownerOnly");
+     * ```
+     */
+    accountId?: string;
+    /**
+     * Enable mock mode for testing/development
+     *
+     * When true, the client returns mock responses without making HTTP requests.
+     * Uses the same mock data as MSW handlers for consistency.
+     *
+     * @example
+     * ```typescript
+     * const client = createClient({
+     *   baseUrl: "https://stack.example.com",
+     *   tenantId: "my-tenant",
+     *   mock: true,
+     * });
+     * ```
+     */
+    mock?: boolean;
+    /**
+     * Mock options (only used when mock: true)
+     */
+    mockOptions?: MockOptions;
+}
+/**
+ * Internal client configuration with resolved tenant
+ * @internal
+ */
+export interface ResolvedClientConfig extends ClientConfig {
+    /** Resolved tenant identifier (never undefined) */
+    tenantId: string;
+}
+export type { TokenStore, TokenStoreType } from "./lib/token-store.js";
+export type { MockOptions } from "./mocks/state.js";
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAEpD;;GAEG;AACH,eAAO,MAAM,kBAAkB,cAAc,CAAC;AAE9C;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,8DAA8D;IAC9D,OAAO,EAAE,MAAM,CAAC;IAChB;;;;;OAKG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kDAAkD;IAClD,UAAU,CAAC,EAAE,cAAc,CAAC;IAC5B,4CAA4C;IAC5C,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,uDAAuD;IACvD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;;;;;;;;;;;;;;;OAiBG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;;;;;;;;;;;;;;;;;OAkBG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;;;;;;;;;;;;OAcG;IACH,IAAI,CAAC,EAAE,OAAO,CAAC;IACf;;OAEG;IACH,WAAW,CAAC,EAAE,WAAW,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,oBAAqB,SAAQ,YAAY;IACxD,mDAAmD;IACnD,QAAQ,EAAE,MAAM,CAAC;CAClB;AAGD,YAAY,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACvE,YAAY,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC"}

package/dist/types.js

@@ -0,0 +1,5 @@
+/**
+ * Default tenant ID for platform-level operations
+ */
+export const PLATFORM_TENANT_ID = "_platform";
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,WAAW,CAAC"}

package/package.json

@@ -0,0 +1,78 @@
+{
+  "name": "@kaiz11/stack-client",
+  "version": "0.0.14",
+  "type": "module",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/kaiz11/hikari.git",
+    "directory": "packages/stack-client"
+  },
+  "files": [
+    "dist"
+  ],
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    },
+    "./auth": {
+      "types": "./dist/auth/index.d.ts",
+      "import": "./dist/auth/index.js"
+    },
+    "./auth/server": {
+      "types": "./dist/auth/server/index.d.ts",
+      "import": "./dist/auth/server/index.js"
+    },
+    "./storage": {
+      "types": "./dist/storage/index.d.ts",
+      "import": "./dist/storage/index.js"
+    },
+    "./accounts": {
+      "types": "./dist/accounts/index.d.ts",
+      "import": "./dist/accounts/index.js"
+    },
+    "./test/helpers/jwt": {
+      "types": "./dist/test/helpers/jwt.d.ts",
+      "import": "./dist/test/helpers/jwt.js"
+    },
+    "./cli": {
+      "types": "./dist/cli/index.d.ts",
+      "import": "./dist/cli/index.js"
+    }
+  },
+  "scripts": {
+    "build": "tsc",
+    "typecheck": "tsc --noEmit",
+    "lint": "pnpm typecheck && pnpm lint:eslint && pnpm lint:prettier",
+    "lint:eslint": "eslint .",
+    "lint:prettier": "prettier --check .",
+    "format": "prettier --write .",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:integration": "./scripts/integration-test.sh",
+    "test:integration:watch": "./scripts/integration-test.sh --watch",
+    "test:integration:remote": "./scripts/integration-test-remote.sh",
+    "test:integration:remote:watch": "./scripts/integration-test-remote.sh --watch",
+    "release": "./scripts/publish.sh"
+  },
+  "dependencies": {
+    "@supabase/postgrest-js": "catalog:",
+    "jose": "catalog:",
+    "zod": "catalog:"
+  },
+  "devDependencies": {
+    "@eslint/js": "catalog:",
+    "@types/node": "catalog:",
+    "@typescript-eslint/eslint-plugin": "catalog:",
+    "@typescript-eslint/parser": "catalog:",
+    "@vitest/coverage-v8": "^4.0.16",
+    "eslint": "catalog:",
+    "globals": "catalog:",
+    "happy-dom": "catalog:",
+    "hono": "catalog:",
+    "msw": "catalog:",
+    "prettier": "catalog:",
+    "typescript": "catalog:",
+    "vitest": "catalog:"
+  }
+}