@niledatabase/server 5.0.0-alpha.9 → 5.0.0

package/dist/index.mjs

@@ -1,7 +1,17 @@
+import { AsyncLocalStorage } from 'async_hooks';
 import 'dotenv/config';
 import pg from 'pg';
 
 // src/types.ts
+var ExtensionState = /* @__PURE__ */ ((ExtensionState2) => {
+  ExtensionState2["onHandleRequest"] = "onHandleRequest";
+  ExtensionState2["onRequest"] = "onRequest";
+  ExtensionState2["onResponse"] = "onResponse";
+  ExtensionState2["withContext"] = "withContext";
+  ExtensionState2["withTenantId"] = "withTenantId";
+  ExtensionState2["withUserId"] = "withUserId";
+  return ExtensionState2;
+})(ExtensionState || {});
 var APIErrorErrorCodeEnum = {
   InternalError: "internal_error",
   BadRequest: "bad_request",
@@ -57,21 +67,18 @@ var appRoutes = (prefix = DEFAULT_PREFIX) => ({
   INVITE: `${prefix}${"/tenants/{tenantId}/invite" /* INVITE */}`,
   LOG: `${prefix}/_log`
 });
-var apiRoutes = (config) => ({
-  ME: makeRestUrl(config, "/me"),
-  USERS: (qp) => makeRestUrl(config, "/users", qp),
-  USER: (userId) => makeRestUrl(config, `/users/${userId}`),
-  TENANTS: makeRestUrl(config, "/tenants"),
-  TENANT: (tenantId) => makeRestUrl(config, `/tenants/${tenantId}`),
-  SIGNUP: makeRestUrl(config, "/signup"),
-  TENANT_USERS: (tenantId) => makeRestUrl(config, `/tenants/${tenantId}/users`),
-  INVITES: (tenantId) => makeRestUrl(config, `/tenants/${tenantId}/invites`),
-  INVITE: (tenantId) => makeRestUrl(config, `/tenants/${tenantId}/invite`),
-  TENANT_USER: makeRestUrl(
-    config,
-    `/tenants/${config.tenantId}/users/${config.userId}`
-  ),
-  USER_TENANTS: (userId) => makeRestUrl(config, `/users/${userId}/tenants`)
+var apiRoutes = (apiUrl) => ({
+  ME: makeRestUrl(apiUrl, "/me"),
+  USERS: (qp) => makeRestUrl(apiUrl, "/users", qp),
+  USER: (userId) => makeRestUrl(apiUrl, `/users/${userId}`),
+  TENANTS: makeRestUrl(apiUrl, "/tenants"),
+  TENANT: (tenantId) => makeRestUrl(apiUrl, `/tenants/${tenantId}`),
+  SIGNUP: makeRestUrl(apiUrl, "/signup"),
+  TENANT_USERS: (tenantId) => makeRestUrl(apiUrl, `/tenants/${tenantId}/users`),
+  INVITES: (tenantId) => makeRestUrl(apiUrl, `/tenants/${tenantId}/invites`),
+  INVITE: (tenantId) => makeRestUrl(apiUrl, `/tenants/${tenantId}/invite`),
+  TENANT_USER: (tenantId, userId) => makeRestUrl(apiUrl, `/tenants/${tenantId}/users/${userId}`),
+  USER_TENANTS: (userId) => makeRestUrl(apiUrl, `/users/${userId}/tenants`)
 });
 var proxyRoutes = (config) => ({
   SIGNIN: makeRestUrl(config, "/auth/signin" /* SIGNIN */),
@@ -95,8 +102,8 @@ function filterNullUndefined(obj) {
     )
   );
 }
-function makeRestUrl(config, path, qp) {
-  const url = config.apiUrl || NILEDB_API_URL;
+function makeRestUrl(apiUrl, path, qp) {
+  const url = apiUrl || NILEDB_API_URL;
   if (!url) {
     throw new Error(
       "An API url is required. Set it via NILEDB_API_URL. Was auto configuration run?"
@@ -120,9 +127,309 @@ function isUUID(value) {
   return regex.test(value);
 }
 
+// src/utils/Logger.ts
+var red = "\x1B[31m";
+var yellow = "\x1B[38;2;255;255;0m";
+var purple = "\x1B[38;2;200;160;255m";
+var orange = "\x1B[38;2;255;165;0m";
+var reset = "\x1B[0m";
+var baseLogger = (config, ...params) => ({
+  silly(message, meta) {
+    if (config?.debug && process.env.LOG_LEVEL === "silly") {
+      console.log(
+        `${orange}[niledb]${reset}${purple}[DEBUG]${reset}${params.join(
+          ""
+        )}${reset} ${message}`,
+        meta ? `${JSON.stringify(meta)}` : ""
+      );
+    }
+  },
+  info(message, meta) {
+    if (config?.debug) {
+      console.info(
+        `${orange}[niledb]${reset}${purple}[DEBUG]${reset}${params.join(
+          ""
+        )}${reset} ${message}`,
+        meta ? `${JSON.stringify(meta)}` : ""
+      );
+    }
+  },
+  debug(message, meta) {
+    if (config?.debug) {
+      console.log(
+        `${orange}[niledb]${reset}${purple}[DEBUG]${reset}${params.join(
+          ""
+        )}${reset} ${message}`,
+        meta ? `${JSON.stringify(meta)}` : ""
+      );
+    }
+  },
+  warn(message, meta) {
+    if (config?.debug) {
+      console.warn(
+        `${orange}[niledb]${reset}${yellow}[WARN]${reset}${params.join(
+          ""
+        )}${reset} ${message}`,
+        meta ? JSON.stringify(meta) : ""
+      );
+    }
+  },
+  error(message, meta) {
+    console.error(
+      `${orange}[niledb]${reset}${red}[ERROR]${reset}${params.join(
+        ""
+      )}${red} ${message}`,
+      meta ? meta : "",
+      `${reset}`
+    );
+  }
+});
+function Logger(config) {
+  return (prefixes) => {
+    const { info, debug, warn: warn2, error, silly: silly2 } = config && typeof config?.logger === "function" ? config.logger(prefixes) : baseLogger(config, prefixes);
+    return {
+      info,
+      debug,
+      warn: warn2,
+      error,
+      silly: silly2
+    };
+  };
+}
+function matchesLog(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes.LOG);
+}
+
+// src/api/utils/extensions.ts
+function getRequestConfig(params) {
+  if (typeof params[1] === "object") {
+    return params[1];
+  }
+  return {};
+}
+function bindRunExtensions(instance) {
+  return async function runExtensions(toRun, config, params, _init) {
+    const { debug } = config.logger("[EXTENSIONS]");
+    const extensionConfig = getRequestConfig(
+      Array.isArray(params) ? params : [null, params]
+    );
+    if (config.extensions) {
+      for (const create2 of config.extensions) {
+        if (typeof create2 !== "function") {
+          continue;
+        }
+        const ext = create2(instance);
+        if (extensionConfig.disableExtensions?.includes(ext.id)) {
+          continue;
+        }
+        if (ext.withTenantId && toRun === "withTenantId" /* withTenantId */) {
+          ctx.set({
+            tenantId: await ext.withTenantId()
+          });
+        }
+        if (ext.withUserId && toRun === "withUserId" /* withUserId */) {
+          ctx.set({ userId: await ext.withUserId() });
+        }
+        if (ext.withContext && toRun === "withContext" /* withContext */) {
+          await ext.withContext(ctx);
+        }
+        if (ext.onHandleRequest && toRun === "onHandleRequest" /* onHandleRequest */) {
+          const result = await ext.onHandleRequest(
+            Array.isArray(params) ? params : [params]
+          );
+          debug(`${ext.id ?? create2.name} ran onHandleRequest`);
+          if (result != null) {
+            return result;
+          }
+        }
+        const [param] = Array.isArray(params) ? params : [params];
+        if (ext.onRequest && toRun === "onRequest" /* onRequest */) {
+          const { ...previousContext } = ctx.get();
+          if (!_init) {
+            continue;
+          }
+          const previousHeaders = new Headers(previousContext.headers);
+          await ext.onRequest(_init.request, ctx);
+          const updatedContext = ctx.get();
+          if (updatedContext?.headers) {
+            const cookie = updatedContext.headers.get("cookie");
+            if (cookie && param.headers) {
+              const updatedCookies = mergeCookies(
+                previousHeaders?.get("cookie"),
+                updatedContext.headers.get("cookie")
+              );
+              param.headers.set("cookie", updatedCookies);
+            }
+            if (updatedContext.tenantId && param.headers) {
+              param.headers.set(
+                TENANT_COOKIE,
+                String(updatedContext.headers.get(TENANT_COOKIE))
+              );
+            }
+            ctx.set({ headers: param.headers });
+          }
+          debug(`${ext.id ?? create2.name} ran onRequest`);
+        }
+        if (ext.onResponse && toRun === "onResponse" /* onResponse */) {
+          const result = await ext.onResponse(param, ctx);
+          debug(`${ext.id ?? create2.name} ran onResponse`);
+          if (result != null) {
+            return result;
+          }
+        }
+      }
+    }
+    return void 0;
+  };
+}
+function buildExtensionConfig(instance) {
+  return {
+    runExtensions: bindRunExtensions(instance)
+  };
+}
+function mergeCookies(...cookieStrings) {
+  const cookieMap = /* @__PURE__ */ new Map();
+  for (const str of cookieStrings) {
+    if (!str) continue;
+    for (const part of str.split(";")) {
+      const [key17, value] = part.split("=").map((s) => s.trim());
+      if (key17 && value) cookieMap.set(key17, value);
+    }
+  }
+  return [...cookieMap.entries()].map(([k, v]) => `${k}=${v}`).join("; ");
+}
+async function runExtensionContext(config) {
+  await config?.extensionCtx?.runExtensions("withContext" /* withContext */, config);
+  await config?.extensionCtx?.runExtensions(
+    "withTenantId" /* withTenantId */,
+    config
+  );
+  await config?.extensionCtx?.runExtensions("withUserId" /* withUserId */, config);
+}
+
+// src/api/utils/request-context.ts
+var { warn, silly } = Logger({ debug: true })("[REQUEST CONTEXT]");
+var storage = new AsyncLocalStorage();
+var defaultContext = {
+  headers: new Headers(),
+  tenantId: void 0,
+  userId: void 0
+};
+var lastUsedContext = defaultContext;
+var ctx = {
+  run(ctx2, fn) {
+    const merged = {
+      ...defaultContext,
+      ...ctx2,
+      headers: ctx2.headers instanceof Headers ? ctx2.headers : new Headers(ctx2.headers)
+    };
+    lastUsedContext = merged;
+    return storage.run(merged, fn);
+  },
+  get: () => {
+    const ctx2 = storage.getStore();
+    if (!ctx2) {
+      return { ...defaultContext };
+    }
+    silly(`[GET] ${serializeContext(ctx2)}`);
+    return ctx2;
+  },
+  /**
+   * This is a mirror of Server.getContext, but only for requests. We keep only the request
+   * information around, everything else is :above_my_pay_grade:
+   * @param partial A partial context to override
+   */
+  set: (partial) => {
+    const store = storage.getStore();
+    if (!store) {
+      warn("ctx.set() called outside of ctx.run(). This will not persist.");
+      return;
+    }
+    if (partial.headers === null) {
+      store.headers = new Headers();
+    } else if (partial.headers && store.headers instanceof Headers) {
+      for (const [key17, value] of new Headers(partial.headers).entries()) {
+        if (key17.toLowerCase() === "cookie") {
+          const existingCookies = parseCookieHeader(
+            store.headers.get("cookie") || ""
+          );
+          const newCookies = parseCookieHeader(value);
+          const mergedCookies = { ...existingCookies, ...newCookies };
+          store.headers.set("cookie", serializeCookies(mergedCookies));
+        } else {
+          store.headers.set(key17, value);
+        }
+      }
+    }
+    if ("tenantId" in partial) store.tenantId = partial.tenantId;
+    if ("userId" in partial) store.userId = partial.userId;
+    silly(`[SET] ${serializeContext(store)}`);
+    lastUsedContext = { ...store };
+  },
+  // for convenience only
+  getLastUsed: () => lastUsedContext
+};
+function withNileContext(config, fn, name = "unknown") {
+  const initialContext = config.context;
+  const existing = ctx.get();
+  const mergedHeaders = new Headers(existing.headers);
+  if (initialContext instanceof Request) {
+    initialContext.headers.forEach((value, key17) => {
+      mergedHeaders.set(key17, value);
+    });
+    const context2 = {
+      headers: mergedHeaders,
+      tenantId: existing.tenantId,
+      userId: existing.userId
+    };
+    silly(`${name} [INITIAL - Request] ${serializeContext(context2)}`);
+    return ctx.run(context2, fn);
+  }
+  if (initialContext.headers) {
+    const incoming = initialContext.headers instanceof Headers ? initialContext.headers : new Headers(initialContext.headers);
+    incoming.forEach((value, key17) => {
+      mergedHeaders.set(key17, value);
+    });
+  }
+  const hasTenantId = "tenantId" in initialContext;
+  const hasUserId = "userId" in initialContext;
+  const context = {
+    headers: mergedHeaders,
+    tenantId: hasTenantId ? initialContext.tenantId : existing.tenantId,
+    userId: hasUserId ? initialContext.userId : existing.userId
+  };
+  silly(`${name} [INITIAL - Partial<Context>] ${serializeContext(context)}`);
+  return ctx.run(context, async () => {
+    await runExtensionContext(config);
+    return fn();
+  });
+}
+function serializeContext(context) {
+  const headers = {};
+  const rawHeaders = new Headers(context.headers);
+  rawHeaders.forEach((value, key17) => {
+    headers[key17] = value;
+  });
+  return JSON.stringify({
+    headers,
+    tenantId: context.tenantId,
+    userId: context.userId
+  });
+}
+function parseCookieHeader(header) {
+  return header.split(";").map((c) => c.trim()).filter(Boolean).reduce((acc, curr) => {
+    const [key17, ...val] = curr.split("=");
+    if (key17) acc[key17] = val.join("=");
+    return acc;
+  }, {});
+}
+function serializeCookies(cookies) {
+  return Object.entries(cookies).map(([k, v]) => `${k}=${v}`).join("; ");
+}
+
 // src/api/utils/request.ts
 async function request(url, _init, config) {
-  const { debug, info, error } = config.logger("[REQUEST]");
+  const { debug, info, error, warn: warn2 } = config.logger("[REQUEST]");
   const { request: request2, ...init } = _init;
   const requestUrl = new URL(request2.url);
   const updatedHeaders = new Headers({});
@@ -156,9 +463,17 @@ async function request(url, _init, config) {
     if (passedOrigin) {
       updatedHeaders.set(HEADER_ORIGIN, passedOrigin);
     } else {
-      const reqOrigin = config.routePrefix !== DEFAULT_PREFIX ? `${requestUrl.origin}${config.routePrefix}` : requestUrl.origin;
-      updatedHeaders.set(HEADER_ORIGIN, reqOrigin);
-      debug(`Obtained origin from request ${reqOrigin}`);
+      const { headers } = ctx.get();
+      const host = headers.get("host");
+      if (host) {
+        const serverSideOrigin = `${getProtocolFromHeaders(headers)}://${host}`;
+        updatedHeaders.set(HEADER_ORIGIN, serverSideOrigin);
+        debug(`Obtained origin from server side headers ${serverSideOrigin}`);
+      } else {
+        const reqOrigin = config.routePrefix !== DEFAULT_PREFIX ? `${requestUrl.origin}${config.routePrefix}` : requestUrl.origin;
+        updatedHeaders.set(HEADER_ORIGIN, reqOrigin);
+        debug(`Obtained origin from request ${reqOrigin}`);
+      }
     }
   }
   const params = { ...init };
@@ -183,7 +498,12 @@ async function request(url, _init, config) {
     params.headers.set("request-id", crypto.randomUUID());
     params.cache = "no-store";
   }
-  await config.extensionCtx?.handleOnRequest(config, _init, params);
+  await config.extensionCtx?.runExtensions(
+    "onRequest" /* onRequest */,
+    config,
+    params,
+    _init
+  );
   try {
     const res = await fetch(fullUrl, {
       ...params
@@ -203,6 +523,14 @@ async function request(url, _init, config) {
       statusText: res?.statusText,
       text: await loggingRes?.text()
     });
+    const updatedRes = await config.extensionCtx?.runExtensions(
+      "onResponse" /* onResponse */,
+      config,
+      { ...params, response: res }
+    );
+    if (updatedRes) {
+      return updatedRes;
+    }
     return res;
   } catch (e) {
     if (e instanceof Error) {
@@ -217,6 +545,19 @@ async function request(url, _init, config) {
     );
   }
 }
+function getProtocolFromHeaders(headers) {
+  const get = (key17) => headers instanceof Headers ? headers.get(key17) : headers[key17.toLowerCase()];
+  const xfp = get("x-forwarded-proto");
+  if (xfp) return xfp.toLowerCase();
+  const forwarded = get("forwarded");
+  if (forwarded) {
+    const match = forwarded.match(/proto=(https?)/i);
+    if (match) return match[1].toLowerCase();
+  }
+  const ref = get("referer") || get("origin");
+  if (ref && ref.startsWith("https")) return "https";
+  return "http";
+}
 
 // src/api/utils/auth.ts
 async function auth(req, config) {
@@ -226,16 +567,13 @@ async function auth(req, config) {
   info(`using session ${sessionUrl}`);
   req.headers.delete("content-length");
   const res = await request(sessionUrl, { request: req }, config);
-  if (!res) {
-    info("no session found");
-    return void 0;
-  }
-  info("session active");
   try {
     const session = await new Response(res.body).json();
     if (Object.keys(session).length === 0) {
+      info("no session found");
       return void 0;
     }
+    info("session active");
     return session;
   } catch (e) {
     error(e);
@@ -246,7 +584,7 @@ async function auth(req, config) {
 // src/api/routes/me/index.ts
 var key = "ME";
 async function route(request2, config) {
-  const url = apiRoutes(config)[key];
+  const url = apiRoutes(config.apiUrl)[key];
   if (request2.method === "GET") {
     return await GET(url, { request: request2 }, config);
   }
@@ -267,8 +605,9 @@ function matches(configRoutes, request2) {
 }
 async function fetchMe(config, method, body) {
   const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/me" /* ME */}`;
+  const { headers } = ctx.get();
   const init = {
-    headers: config.headers,
+    headers,
     method: method ?? "GET"
   };
   if (method === "PUT") {
@@ -320,9 +659,9 @@ function getTokenFromCookie(headers, cookieKey) {
     return _cookies[cookieKey];
   }
 }
-function getTenantFromHttp(headers, config) {
+function getTenantFromHttp(headers, context) {
   const cookieTenant = getTokenFromCookie(headers, TENANT_COOKIE);
-  return cookieTenant ? cookieTenant : config?.tenantId;
+  return cookieTenant ? cookieTenant : context?.tenantId;
 }
 
 // src/api/routes/users/POST.ts
@@ -332,8 +671,11 @@ async function POST(config, init) {
   const yurl = new URL(init.request.url);
   const tenantId = yurl.searchParams.get("tenantId");
   const newTenantName = yurl.searchParams.get("newTenantName");
-  const tenant = tenantId ?? getTenantFromHttp(init.request.headers, config);
-  const url = apiRoutes(config).USERS({ tenantId: tenant, newTenantName });
+  const tenant = tenantId ?? getTenantFromHttp(init.request.headers);
+  const url = apiRoutes(config.apiUrl).USERS({
+    tenantId: tenant,
+    newTenantName
+  });
   return await request(url, init, config);
 }
 
@@ -341,13 +683,13 @@ async function POST(config, init) {
 async function GET2(config, init, log) {
   const yurl = new URL(init.request.url);
   const tenantId = yurl.searchParams.get("tenantId");
-  const tenant = tenantId ?? getTenantFromHttp(init.request.headers, config);
+  const tenant = tenantId ?? getTenantFromHttp(init.request.headers, config.context);
   if (!tenant) {
     log("[GET] No tenant id provided.");
     return new Response(null, { status: 404 });
   }
   init.method = "GET";
-  const url = apiRoutes(config).TENANT_USERS(tenant);
+  const url = apiRoutes(config.apiUrl).TENANT_USERS(tenant);
   return await request(url, init, config);
 }
 
@@ -356,7 +698,7 @@ async function PUT2(config, init) {
   init.body = init.request.body;
   init.method = "PUT";
   const [userId] = new URL(init.request.url).pathname.split("/").reverse();
-  const url = apiRoutes(config).USER(userId);
+  const url = apiRoutes(config.apiUrl).USER(userId);
   return await request(url, init, config);
 }
 
@@ -383,7 +725,7 @@ function matches2(configRoutes, request2) {
 async function GET3(config, init) {
   const yurl = new URL(init.request.url);
   const [, tenantId] = yurl.pathname.split("/").reverse();
-  const url = `${apiRoutes(config).TENANT_USERS(tenantId)}`;
+  const url = `${apiRoutes(config.apiUrl).TENANT_USERS(tenantId)}`;
   return await request(url, init, config);
 }
 
@@ -397,7 +739,7 @@ async function POST2(config, init) {
   const [, tenantId] = yurl.pathname.split("/").reverse();
   init.body = JSON.stringify({ email: session.email });
   init.method = "POST";
-  const url = apiRoutes(config).TENANT_USERS(tenantId);
+  const url = apiRoutes(config.apiUrl).TENANT_USERS(tenantId);
   return await request(url, init, config);
 }
 
@@ -431,12 +773,13 @@ function matches3(configRoutes, request2) {
 }
 async function fetchTenantUsers(config, method, payload) {
   const { body, params } = {};
-  if (!config.tenantId) {
+  const { tenantId, headers } = ctx.get();
+  if (!tenantId) {
     throw new Error(
       "Unable to fetch the user's tenants, the tenantId context is missing. Call nile.setContext({ tenantId })"
     );
   }
-  if (!isUUID(config.tenantId)) {
+  if (!isUUID(tenantId)) {
     config.logger("fetchTenantUsers").warn(
       "nile.tenantId is not a valid UUID. This may lead to unexpected behavior in your application."
     );
@@ -448,14 +791,11 @@ async function fetchTenantUsers(config, method, payload) {
   if (params?.tenantId) {
     q.set("tenantId", params.tenantId);
   }
-  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/tenants/{tenantId}/users" /* TENANT_USERS */.replace(
-    "{tenantId}",
-    config.tenantId
-  )}`;
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/tenants/{tenantId}/users" /* TENANT_USERS */.replace("{tenantId}", tenantId)}`;
   const m = method;
   const init = {
     method: m,
-    headers: config.headers
+    headers
   };
   const req = new Request(clientUrl, init);
   return await config.handlers[m](req);
@@ -472,9 +812,9 @@ async function PUT3(config, init) {
     init.body = new URLSearchParams(yurl.searchParams).toString();
   }
   init.method = "PUT";
-  const url = `${apiRoutes(config).INVITE(tenantId)}`;
+  const url = `${apiRoutes(config.apiUrl).INVITE(tenantId)}`;
   const res = await request(url, init, config);
-  const location = res?.headers.get("location");
+  const location = res?.headers?.get("location");
   if (location) {
     return new Response(res?.body, {
       status: 302,
@@ -496,7 +836,7 @@ async function POST3(config, init) {
   }
   init.method = "POST";
   init.body = init.request.body;
-  const url = `${apiRoutes(config).INVITE(tenantId)}`;
+  const url = `${apiRoutes(config.apiUrl).INVITE(tenantId)}`;
   return await request(url, init, config);
 }
 
@@ -522,21 +862,22 @@ function matches4(configRoutes, request2) {
   return urlMatches(request2.url, route20);
 }
 async function fetchInvite(config, method, body) {
-  if (!config.tenantId) {
+  const { headers, tenantId } = ctx.get();
+  if (!tenantId) {
     throw new Error(
       "Unable to fetch the invite for the tenant, the tenantId context is missing. Call nile.setContext({ tenantId })"
     );
   }
-  if (!isUUID(config.tenantId)) {
+  if (!isUUID(tenantId)) {
     config.logger("fetchInvite").warn(
       "nile.tenantId is not a valid UUID. This may lead to unexpected behavior in your application."
     );
   }
-  let clientUrl = `${config.serverOrigin}${config.routePrefix}${"/tenants/{tenantId}/invite" /* INVITE */.replace("{tenantId}", config.tenantId)}`;
+  let clientUrl = `${config.serverOrigin}${config.routePrefix}${"/tenants/{tenantId}/invite" /* INVITE */.replace("{tenantId}", tenantId)}`;
   const m = method ?? "GET";
   const init = {
     method: m,
-    headers: config.headers
+    headers
   };
   if (method === "POST" || method === "PUT") {
     init.body = body;
@@ -556,7 +897,7 @@ async function GET4(config, init) {
     return new Response(null, { status: 404 });
   }
   init.method = "GET";
-  const url = `${apiRoutes(config).INVITES(tenantId)}`;
+  const url = `${apiRoutes(config.apiUrl).INVITES(tenantId)}`;
   return await request(url, init, config);
 }
 
@@ -577,29 +918,29 @@ function matches5(configRoutes, request2) {
   return url.pathname.endsWith(route20);
 }
 async function fetchInvites(config) {
-  if (!config.tenantId) {
+  const { tenantId, headers } = ctx.get();
+  if (!tenantId) {
     throw new Error(
       "Unable to fetch invites for the tenant, the tenantId context is missing. Call nile.setContext({ tenantId })"
     );
   }
-  if (!isUUID(config.tenantId)) {
+  if (!isUUID(tenantId)) {
     config.logger("fetchInvites").warn(
       "nile.tenantId is not a valid UUID. This may lead to unexpected behavior in your application."
     );
   }
-  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/tenants/{tenantId}/invites" /* INVITES */.replace("{tenantId}", config.tenantId)}`;
-  const req = new Request(clientUrl, { headers: config.headers });
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/tenants/{tenantId}/invites" /* INVITES */.replace("{tenantId}", tenantId)}`;
+  const req = new Request(clientUrl, { headers });
   return await config.handlers.GET(req);
 }
 
 // src/api/routes/tenants/GET.ts
 async function GET5(config, session, init) {
-  let url = `${apiRoutes(config).USER_TENANTS(session.id)}`;
+  let url = `${apiRoutes(config.apiUrl).USER_TENANTS(session.id)}`;
   if (typeof session === "object" && "user" in session && session.user) {
-    url = `${apiRoutes(config).USER_TENANTS(session.user.id)}`;
+    url = `${apiRoutes(config.apiUrl).USER_TENANTS(session.user.id)}`;
   }
-  const res = await request(url, init, config);
-  return res;
+  return await request(url, init, config);
 }
 
 // src/api/routes/tenants/[tenantId]/GET.ts
@@ -611,7 +952,7 @@ async function GET6(config, init, log) {
     return new Response(null, { status: 404 });
   }
   init.method = "GET";
-  const url = `${apiRoutes(config).TENANT(tenantId)}`;
+  const url = `${apiRoutes(config.apiUrl).TENANT(tenantId)}`;
   return await request(url, init, config);
 }
 
@@ -623,7 +964,7 @@ async function DELETE2(config, init) {
     return new Response(null, { status: 404 });
   }
   init.method = "DELETE";
-  const url = `${apiRoutes(config).TENANT(tenantId)}`;
+  const url = `${apiRoutes(config.apiUrl).TENANT(tenantId)}`;
   return await request(url, init, config);
 }
 
@@ -636,7 +977,7 @@ async function PUT4(config, init) {
   }
   init.body = init.request.body;
   init.method = "PUT";
-  const url = `${apiRoutes(config).TENANT(tenantId)}`;
+  const url = `${apiRoutes(config.apiUrl).TENANT(tenantId)}`;
   return await request(url, init, config);
 }
 
@@ -644,7 +985,7 @@ async function PUT4(config, init) {
 async function POST4(config, init) {
   init.body = init.request.body;
   init.method = "POST";
-  const url = `${apiRoutes(config).TENANTS}`;
+  const url = `${apiRoutes(config.apiUrl).TENANTS}`;
   return await request(url, init, config);
 }
 
@@ -678,10 +1019,11 @@ function matches6(configRoutes, request2) {
   return urlMatches(request2.url, configRoutes[key6]);
 }
 async function fetchTenants(config, method, body) {
+  const { headers } = ctx.get();
   const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/tenants" /* TENANTS */}`;
   const init = {
     method,
-    headers: config.headers
+    headers
   };
   {
     init.body = body;
@@ -690,21 +1032,22 @@ async function fetchTenants(config, method, body) {
   return await config.handlers.POST(req);
 }
 async function fetchTenant(config, method, body) {
-  if (!config.tenantId) {
+  const { headers, tenantId } = ctx.get();
+  if (!tenantId) {
     throw new Error(
       "Unable to fetch tenants, the tenantId context is missing. Call nile.setContext({ tenantId })"
     );
   }
-  if (!isUUID(config.tenantId)) {
+  if (!isUUID(tenantId)) {
     config.logger("fetch tenant").warn(
       "nile.tenantId is not a valid UUID. This may lead to unexpected behavior in your application."
     );
   }
-  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/tenants/{tenantId}" /* TENANT */.replace("{tenantId}", config.tenantId)}`;
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/tenants/{tenantId}" /* TENANT */.replace("{tenantId}", tenantId)}`;
   const m = method ?? "GET";
   const init = {
     method: m,
-    headers: config.headers
+    headers
   };
   if (m === "PUT") {
     init.body = body;
@@ -713,32 +1056,33 @@ async function fetchTenant(config, method, body) {
   return await config.handlers[m](req);
 }
 async function fetchTenantsByUser(config) {
-  const { warn } = config.logger("fetchTenantsByUser");
-  if (!config.userId) {
-    warn(
+  const { warn: warn2 } = config.logger(" fetchTenantsByUser ");
+  const { userId, headers } = ctx.get();
+  if (!userId) {
+    warn2(
       "nile.userId is not set. The call will still work for the API, but the database context is not set properly and may lead to unexpected behavior in your application."
     );
-  } else if (!isUUID(config.userId)) {
-    warn(
+  } else if (!isUUID(userId)) {
+    warn2(
       "nile.userId is not a valid UUID. This may lead to unexpected behavior in your application."
     );
   }
   const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/tenants" /* TENANTS */}`;
-  const req = new Request(clientUrl, { headers: config.headers });
+  const req = new Request(clientUrl, { headers });
   return await config.handlers.GET(req);
 }
 
 // src/api/routes/auth/signin.ts
 var key7 = "SIGNIN";
 async function route7(req, config) {
-  let url = proxyRoutes(config)[key7];
+  let url = proxyRoutes(config.apiUrl)[key7];
   const init = {
     method: req.method,
     headers: req.headers
   };
   if (req.method === "POST") {
     const [provider] = new URL(req.url).pathname.split("/").reverse();
-    url = `${proxyRoutes(config)[key7]}/${provider}`;
+    url = `${proxyRoutes(config.apiUrl)[key7]}/${provider}`;
   }
   const passThroughUrl = new URL(req.url);
   const params = new URLSearchParams(passThroughUrl.search);
@@ -751,10 +1095,11 @@ function matches7(configRoutes, request2) {
 }
 async function fetchSignIn(config, provider, body) {
   const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/signin" /* SIGNIN */}/${provider}`;
+  const { headers } = ctx.get();
   const req = new Request(clientUrl, {
     method: "POST",
-    headers: config.headers,
-    body
+    body,
+    headers
   });
   return await config.handlers.POST(req);
 }
@@ -762,7 +1107,7 @@ async function fetchSignIn(config, provider, body) {
 // src/api/routes/auth/session.ts
 async function route8(req, config) {
   return request(
-    proxyRoutes(config).SESSION,
+    proxyRoutes(config.apiUrl).SESSION,
     {
       method: req.method,
       request: req
@@ -775,9 +1120,10 @@ function matches8(configRoutes, request2) {
 }
 async function fetchSession(config) {
   const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/session" /* SESSION */}`;
+  const { headers } = ctx.get();
   const req = new Request(clientUrl, {
     method: "GET",
-    headers: config.headers
+    headers
   });
   return await config.handlers.GET(req);
 }
@@ -785,7 +1131,7 @@ async function fetchSession(config) {
 // src/api/routes/auth/providers.ts
 async function route9(req, config) {
   return request(
-    proxyRoutes(config).PROVIDERS,
+    proxyRoutes(config.apiUrl).PROVIDERS,
     {
       method: req.method,
       request: req
@@ -798,9 +1144,10 @@ function matches9(configRoutes, request2) {
 }
 async function fetchProviders(config) {
   const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/providers" /* PROVIDERS */}`;
+  const { headers } = ctx.get();
   const req = new Request(clientUrl, {
     method: "GET",
-    headers: config.headers
+    headers
   });
   return await config.handlers.GET(req);
 }
@@ -808,7 +1155,7 @@ async function fetchProviders(config) {
 // src/api/routes/auth/csrf.ts
 async function route10(req, config) {
   return request(
-    proxyRoutes(config).CSRF,
+    proxyRoutes(config.apiUrl).CSRF,
     {
       method: req.method,
       request: req
@@ -821,9 +1168,10 @@ function matches10(configRoutes, request2) {
 }
 async function fetchCsrf(config) {
   const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/csrf" /* CSRF */}`;
+  const { headers } = ctx.get();
   const req = new Request(clientUrl, {
     method: "GET",
-    headers: config.headers
+    headers
   });
   return await config.handlers.GET(req);
 }
@@ -836,7 +1184,7 @@ async function route11(req, config) {
   try {
     const passThroughUrl = new URL(req.url);
     const params = new URLSearchParams(passThroughUrl.search);
-    const url = `${proxyRoutes(config)[key8]}/${provider}${params.toString() !== "" ? `?${params.toString()}` : ""}`;
+    const url = `${proxyRoutes(config.apiUrl)[key8]}/${provider}${params.toString() !== "" ? `?${params.toString()}` : ""}`;
     const res = await request(
       url,
       {
@@ -847,7 +1195,7 @@ async function route11(req, config) {
     ).catch((e) => {
       error("an error as occurred", e);
     });
-    const location = res?.headers.get("location");
+    const location = res?.headers?.get("location");
     if (location) {
       return new Response(res?.body, {
         status: 302,
@@ -867,10 +1215,11 @@ function matches11(configRoutes, request2) {
   return urlMatches(request2.url, configRoutes.CALLBACK);
 }
 async function fetchCallback(config, provider, body, request2, method = "POST") {
+  const { headers } = ctx.get();
   const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/callback" /* CALLBACK */}/${provider}${request2 ? `?${new URL(request2.url).searchParams}` : ""}`;
   const req = new Request(clientUrl, {
     method,
-    headers: config.headers,
+    headers,
     body
   });
   return await config.handlers.POST(req);
@@ -879,14 +1228,14 @@ async function fetchCallback(config, provider, body, request2, method = "POST")
 // src/api/routes/auth/signout.ts
 var key9 = "SIGNOUT";
 async function route12(request2, config) {
-  let url = proxyRoutes(config)[key9];
+  let url = proxyRoutes(config.apiUrl)[key9];
   const init = {
     method: request2.method
   };
   if (request2.method === "POST") {
     init.body = request2.body;
     const [provider] = new URL(request2.url).pathname.split("/").reverse();
-    url = `${proxyRoutes(config)[key9]}${provider !== "signout" ? `/${provider}` : ""}`;
+    url = `${proxyRoutes(config.apiUrl)[key9]}${provider !== "signout" ? `/${provider}` : ""}`;
   }
   const res = await request(url, { ...init, request: request2 }, config);
   return res;
@@ -896,10 +1245,11 @@ function matches12(configRoutes, request2) {
 }
 async function fetchSignOut(config, body) {
   const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/signout" /* SIGNOUT */}`;
+  const { headers } = ctx.get();
   const req = new Request(clientUrl, {
     method: "POST",
     body,
-    headers: config.headers
+    headers
   });
   return await config.handlers.POST(req);
 }
@@ -908,7 +1258,7 @@ async function fetchSignOut(config, body) {
 var key10 = "ERROR";
 async function route13(req, config) {
   return request(
-    proxyRoutes(config)[key10],
+    proxyRoutes(config.apiUrl)[key10],
     {
       method: req.method,
       request: req
@@ -924,7 +1274,7 @@ function matches13(configRoutes, request2) {
 var key11 = "VERIFY_REQUEST";
 async function route14(req, config) {
   return request(
-    proxyRoutes(config)[key11],
+    proxyRoutes(config.apiUrl)[key11],
     {
       method: req.method,
       request: req
@@ -939,7 +1289,7 @@ function matches14(configRoutes, request2) {
 // src/api/routes/auth/password-reset.ts
 var key12 = "PASSWORD_RESET";
 async function route15(req, config) {
-  const url = proxyRoutes(config)[key12];
+  const url = proxyRoutes(config.apiUrl)[key12];
   const res = await request(
     url,
     {
@@ -948,7 +1298,7 @@ async function route15(req, config) {
     },
     config
   );
-  const location = res?.headers.get("location");
+  const location = res?.headers?.get("location");
   if (location) {
     return new Response(res?.body, {
       status: 302,
@@ -968,10 +1318,11 @@ async function fetchResetPassword(config, method, body, params, useJson = true)
   if (useJson) {
     authParams?.set("json", "true");
   }
+  const { headers } = ctx.get();
   const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/reset-password" /* PASSWORD_RESET */}?${authParams?.toString()}`;
   const init = {
     method,
-    headers: config.headers
+    headers
   };
   if (body && method !== "GET") {
     init.body = body;
@@ -983,7 +1334,7 @@ async function fetchResetPassword(config, method, body, params, useJson = true)
 // src/api/routes/auth/verify-email.ts
 var key13 = "VERIFY_EMAIL";
 async function route16(req, config) {
-  const url = proxyRoutes(config)[key13];
+  const url = proxyRoutes(config.apiUrl)[key13];
   const res = await request(
     url,
     {
@@ -992,7 +1343,7 @@ async function route16(req, config) {
     },
     config
   );
-  const location = res?.headers.get("location");
+  const location = res?.headers?.get("location");
   if (location) {
     return new Response(res?.body, {
       status: 302,
@@ -1009,9 +1360,10 @@ function matches16(configRoutes, request2) {
 }
 async function fetchVerifyEmail(config, method, body) {
   const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/verify-email" /* VERIFY_EMAIL */}`;
+  const { headers } = ctx.get();
   const init = {
     method,
-    headers: config.headers
+    headers
   };
   if (body) {
     init.body = body;
@@ -1022,8 +1374,21 @@ async function fetchVerifyEmail(config, method, body) {
 
 // src/api/handlers/GET.ts
 function GETTER(configRoutes, config) {
-  const { info, warn } = config.logger("[GET MATCHER]");
-  return async function GET7(req) {
+  const { error, info, warn: warn2 } = config.logger("[GET MATCHER]");
+  return async function GET7(...params) {
+    const handledRequest = await config.extensionCtx?.runExtensions(
+      "onHandleRequest" /* onHandleRequest */,
+      config,
+      params
+    );
+    if (handledRequest) {
+      return handledRequest;
+    }
+    const req = params[0] instanceof Request ? params[0] : null;
+    if (!req) {
+      error("Proxy requests failed, a Request object was not passed.");
+      return;
+    }
     if (matches(configRoutes, req)) {
       info("matches me");
       return route(req, config);
@@ -1088,78 +1453,16 @@ function GETTER(configRoutes, config) {
       info("matches error");
       return route13(req, config);
     }
-    warn(`No GET routes matched ${req.url}`);
+    warn2(`No GET routes matched ${req.url}`);
     return new Response(null, { status: 404 });
   };
 }
 
-// src/utils/Logger.ts
-var red = "\x1B[31m";
-var yellow = "\x1B[38;2;255;255;0m";
-var purple = "\x1B[38;2;200;160;255m";
-var orange = "\x1B[38;2;255;165;0m";
-var reset = "\x1B[0m";
-var baseLogger = (config, ...params) => ({
-  info(message, meta) {
-    if (config?.debug) {
-      console.info(
-        `${orange}[niledb]${reset}${purple}[DEBUG]${reset}${params.join(
-          ""
-        )}${reset} ${message}`,
-        meta ? `${JSON.stringify(meta)}` : ""
-      );
-    }
-  },
-  debug(message, meta) {
-    if (config?.debug) {
-      console.debug(
-        `${orange}[niledb]${reset}${purple}[DEBUG]${reset}${params.join(
-          ""
-        )}${reset} ${message}`,
-        meta ? `${JSON.stringify(meta)}` : ""
-      );
-    }
-  },
-  warn(message, meta) {
-    if (config?.debug) {
-      console.warn(
-        `${orange}[niledb]${reset}${yellow}[WARN]${reset}${params.join(
-          ""
-        )}${reset} ${message}`,
-        meta ? JSON.stringify(meta) : ""
-      );
-    }
-  },
-  error(message, meta) {
-    console.error(
-      `${orange}[niledb]${reset}${red}[ERROR]${reset}${params.join(
-        ""
-      )}${red} ${message}`,
-      meta ? meta : "",
-      `${reset}`
-    );
-  }
-});
-function Logger(config) {
-  return (prefixes) => {
-    const { info, debug, warn, error } = config && typeof config?.logger === "function" ? config.logger(prefixes) : baseLogger(config, prefixes);
-    return {
-      info,
-      debug,
-      warn,
-      error
-    };
-  };
-}
-function matchesLog(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes.LOG);
-}
-
 // src/api/routes/signup/POST.ts
 async function POST5(config, init) {
   init.body = init.request.body;
   init.method = "POST";
-  const url = `${apiRoutes(config).SIGNUP}`;
+  const url = `${apiRoutes(config.apiUrl).SIGNUP}`;
   return await request(url, init, config);
 }
 
@@ -1186,9 +1489,10 @@ async function fetchSignUp(config, payload) {
     q.set("tenantId", params.tenantId);
   }
   const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/signup" /* SIGNUP */}${q.size > 0 ? `?${q}` : ""}`;
+  const { headers } = ctx.get();
   const req = new Request(clientUrl, {
     method: "POST",
-    headers: config.headers,
+    headers,
     body
   });
   return await config.handlers.POST(req);
@@ -1196,8 +1500,21 @@ async function fetchSignUp(config, payload) {
 
 // src/api/handlers/POST.ts
 function POSTER(configRoutes, config) {
-  const { info, warn, error } = config.logger("[POST MATCHER]");
-  return async function POST6(req) {
+  const { info, warn: warn2, error } = config.logger("[POST MATCHER]");
+  return async function POST6(...params) {
+    const handledRequest = await config.extensionCtx?.runExtensions(
+      "onHandleRequest" /* onHandleRequest */,
+      config,
+      params
+    );
+    if (handledRequest) {
+      return handledRequest;
+    }
+    const req = params[0] instanceof Request ? params[0] : null;
+    if (!req) {
+      error("Proxy requests failed, a Request object was not passed.");
+      return;
+    }
     if (matchesLog(configRoutes, req)) {
       try {
         const json = await req.clone().json();
@@ -1219,10 +1536,6 @@ function POSTER(configRoutes, config) {
       info("matches signup");
       return route17(req, config);
     }
-    if (matches2(configRoutes, req)) {
-      info("matches users");
-      return route2(req, config);
-    }
     if (matches6(configRoutes, req)) {
       info("matches tenants");
       return route6(req, config);
@@ -1259,7 +1572,7 @@ function POSTER(configRoutes, config) {
       info("matches verify-email");
       return route16(req, config);
     }
-    warn(`No POST routes matched ${req.url}`);
+    warn2(`No POST routes matched ${req.url}`);
     return new Response(null, { status: 404 });
   };
 }
@@ -1268,10 +1581,8 @@ function POSTER(configRoutes, config) {
 async function DELETE3(config, init) {
   const yurl = new URL(init.request.url);
   const [, userId, , tenantId] = yurl.pathname.split("/").reverse();
-  config.tenantId = tenantId;
-  config.userId = userId;
   init.method = "DELETE";
-  const url = `${apiRoutes(config).TENANT_USER}/link`;
+  const url = `${apiRoutes(config.apiUrl).TENANT_USER(tenantId, userId)}/link`;
   return await request(url, init, config);
 }
 
@@ -1279,10 +1590,8 @@ async function DELETE3(config, init) {
 async function PUT5(config, init) {
   const yurl = new URL(init.request.url);
   const [, userId, , tenantId] = yurl.pathname.split("/").reverse();
-  config.tenantId = tenantId;
-  config.userId = userId;
   init.method = "PUT";
-  const url = `${apiRoutes(config).TENANT_USER}/link`;
+  const url = `${apiRoutes(config.apiUrl).TENANT_USER(tenantId, userId)}/link`;
   return await request(url, init, config);
 }
 
@@ -1320,22 +1629,24 @@ function matches18(configRoutes, request2) {
   return urlMatches(request2.url, route20);
 }
 async function fetchTenantUser(config, method) {
-  if (!config.tenantId) {
+  const { headers, tenantId, userId } = ctx.get();
+  const action = method === "PUT" ? "add" : "delete";
+  if (!tenantId) {
     throw new Error(
-      "The tenantId context is missing. Call nile.setContext({ tenantId })"
+      `Unable to ${action} user to the tenant, the tenantId context is missing. Use nile.withContext({ tenantId })`
     );
   }
-  if (!config.userId) {
+  if (!userId) {
     throw new Error(
-      "the userId context is missing. Call nile.setContext({ userId })"
+      `Unable to ${action} user to tenant. The userId context is missing. Use nile.withContext({ userId })`
     );
   }
-  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/tenants/{tenantId}/users/{userId}" /* TENANT_USER */.replace(
-    "{tenantId}",
-    config.tenantId
-  ).replace("{userId}", config.userId)}/link`;
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/tenants/{tenantId}/users/{userId}" /* TENANT_USER */.replace("{tenantId}", tenantId).replace(
+    "{userId}",
+    userId
+  )}/link`;
   const req = new Request(clientUrl, {
-    headers: config.headers,
+    headers,
     method
   });
   return await config.handlers[method](req);
@@ -1349,7 +1660,7 @@ async function DELETE4(config, init) {
     return new Response(null, { status: 404 });
   }
   init.method = "DELETE";
-  const url = `${apiRoutes(config).INVITE(tenantId)}/${inviteId}`;
+  const url = `${apiRoutes(config.apiUrl).INVITE(tenantId)}/${inviteId}`;
   return await request(url, init, config);
 }
 
@@ -1372,8 +1683,21 @@ function matches19(configRoutes, request2) {
 
 // src/api/handlers/DELETE.ts
 function DELETER(configRoutes, config) {
-  const { info, warn } = config.logger("[DELETE MATCHER]");
-  return async function DELETE5(req) {
+  const { error, info, warn: warn2 } = config.logger("[DELETE MATCHER]");
+  return async function DELETE5(...params) {
+    const handledRequest = await config.extensionCtx?.runExtensions(
+      "onHandleRequest" /* onHandleRequest */,
+      config,
+      params
+    );
+    if (handledRequest) {
+      return handledRequest;
+    }
+    const req = params[0] instanceof Request ? params[0] : null;
+    if (!req) {
+      error("Proxy requests failed, a Request object was not passed.");
+      return;
+    }
     if (matches19(configRoutes, req)) {
       info("matches tenant invite id");
       return route19(req, config);
@@ -1382,10 +1706,6 @@ function DELETER(configRoutes, config) {
       info("matches tenant user");
       return route18(req, config);
     }
-    if (matches3(configRoutes, req)) {
-      info("matches tenant users");
-      return route3(req, config);
-    }
     if (matches6(configRoutes, req)) {
       info("matches tenants");
       return route6(req, config);
@@ -1394,18 +1714,31 @@ function DELETER(configRoutes, config) {
       info("matches me");
       return route(req, config);
     }
-    warn("No DELETE routes matched");
+    warn2("No DELETE routes matched");
     return new Response(null, { status: 404 });
   };
 }
 
 // src/api/handlers/PUT.ts
 function PUTER(configRoutes, config) {
-  const { info, warn } = config.logger("[PUT MATCHER]");
-  return async function PUT6(req) {
-    if (matches4(configRoutes, req)) {
-      info("matches tenant invite");
-      return route4(req, config);
+  const { error, info, warn: warn2 } = config.logger("[PUT MATCHER]");
+  return async function PUT6(...params) {
+    const handledRequest = await config.extensionCtx?.runExtensions(
+      "onHandleRequest" /* onHandleRequest */,
+      config,
+      params
+    );
+    if (handledRequest) {
+      return handledRequest;
+    }
+    const req = params[0] instanceof Request ? params[0] : null;
+    if (!req) {
+      error("Proxy requests failed, a Request object was not passed.");
+      return;
+    }
+    if (matches4(configRoutes, req)) {
+      info("matches tenant invite");
+      return route4(req, config);
     }
     if (matches18(configRoutes, req)) {
       info("matches tenant user");
@@ -1415,10 +1748,6 @@ function PUTER(configRoutes, config) {
       info("matches tenant users");
       return route3(req, config);
     }
-    if (matches2(configRoutes, req)) {
-      info("matches users");
-      return route2(req, config);
-    }
     if (matches(configRoutes, req)) {
       info("matches me");
       return route(req, config);
@@ -1431,7 +1760,7 @@ function PUTER(configRoutes, config) {
       info("matches reset password");
       return route15(req, config);
     }
-    warn("No PUT routes matched");
+    warn2("No PUT routes matched");
     return new Response(null, { status: 404 });
   };
 }
@@ -1635,18 +1964,7 @@ var Config = class {
   extensionCtx;
   extensions;
   logger;
-  /**
-   * Stores the set tenant id from Server for use in sub classes
-   */
-  tenantId;
-  /**
-   * Stores the set user id from Server for use in sub classes
-   */
-  userId;
-  /**
-   * Stores the headers to be used in `fetch` calls
-   */
-  headers;
+  context;
   /**
    * The nile-auth url
    */
@@ -1697,11 +2015,11 @@ var Config = class {
     if (databaseName) {
       this.db.database = databaseName;
     }
-    if (config?.headers) {
-      this.headers = config?.headers;
-    } else {
-      this.headers = new Headers();
-    }
+    this.context = {
+      tenantId: config?.tenantId,
+      userId: config?.userId,
+      headers: config?.headers ? new Headers(config.headers) : new Headers()
+    };
     this.routes = {
       ...appRoutes(config?.routePrefix),
       ...config?.routes
@@ -1744,8 +2062,6 @@ var Config = class {
       ],
       delete: [this.routes.TENANT_USER, this.routes.TENANT]
     };
-    this.tenantId = config?.tenantId;
-    this.userId = config?.userId;
   }
 };
 
@@ -1794,17 +2110,17 @@ var updateHeaders = (val) => {
 var watchHeaders = (cb) => eventer.subscribe("headers" /* Headers */, cb);
 
 // src/db/PoolProxy.ts
-function createProxyForPool(pool, config) {
-  const { info, error } = config.logger("[pool]");
+function createProxyForPool(pool, config, logger, context) {
+  const { info, error } = logger("[pool]");
   return new Proxy(pool, {
     get(target, property) {
       if (property === "query") {
-        if (!config.db.connectionString) {
-          if (!config.db.user || !config.db.password) {
+        if (!config.connectionString) {
+          if (!config.user || !config.password) {
             error(
               "Cannot connect to the database. User and/or password are missing. Generate them at https://console.thenile.dev"
             );
-          } else if (!config.db.database) {
+          } else if (!config.database) {
             error(
               "Unable to obtain database name. Is process.env.NILEDB_POSTGRES_URL set?"
             );
@@ -1812,7 +2128,15 @@ function createProxyForPool(pool, config) {
         }
         const caller = target[property];
         return function query(...args) {
-          info("query", ...args);
+          let log = "[QUERY]";
+          const [tenantId, userId] = context;
+          if (tenantId) {
+            log = `${log}[TENANT:${tenantId}]`;
+          }
+          if (userId) {
+            log = `${log}[USER:${userId}]`;
+          }
+          info(log, ...args);
           const called = caller.apply(this, args);
           return called;
         };
@@ -1828,39 +2152,44 @@ var NileDatabase = class {
   tenantId;
   userId;
   id;
-  config;
+  logger;
   timer;
-  constructor(config, id) {
-    const { warn, info, debug } = config.logger("[NileInstance]");
+  config;
+  constructor(config, logger, id) {
+    this.logger = logger("[NileInstance]");
     this.id = id;
     const poolConfig = {
       min: 0,
       max: 10,
       idleTimeoutMillis: 3e4,
-      ...config.db
+      ...config
     };
     const { afterCreate, ...remaining } = poolConfig;
-    config.db = poolConfig;
-    this.config = config;
-    const cloned = { ...this.config.db };
+    this.config = remaining;
+    const cloned = { ...config };
     cloned.password = "***";
-    debug(`Connection pool config ${JSON.stringify(cloned)}`);
-    this.pool = createProxyForPool(new pg.Pool(remaining), this.config);
+    this.logger.debug(`Connection pool config ${JSON.stringify(cloned)}`);
+    this.pool = createProxyForPool(
+      new pg.Pool(remaining),
+      this.config,
+      logger,
+      id === "base" ? [] : id.split(":")
+    );
     if (typeof afterCreate === "function") {
-      warn(
+      this.logger.warn(
         "Providing an pool configuration will stop automatic tenant context setting."
       );
     }
     this.startTimeout();
     this.pool.on("connect", async (client) => {
-      debug(`pool connected ${this.id}`);
+      this.logger.debug(`pool connected ${this.id}`);
       this.startTimeout();
       const afterCreate2 = makeAfterCreate(
-        config,
-        `${this.id}-${this.timer}`
+        logger,
+        `${this.id}|${this.timer}`
       );
       afterCreate2(client, (err) => {
-        const { error } = config.logger("[after create callback]");
+        const { error } = logger("[after create callback]");
         if (err) {
           clearTimeout(this.timer);
           error("after create failed", {
@@ -1873,7 +2202,7 @@ var NileDatabase = class {
     });
     this.pool.on("error", (err) => {
       clearTimeout(this.timer);
-      info(`pool ${this.id} failed`, {
+      this.logger.info(`pool ${this.id} failed`, {
         message: err.message,
         stack: err.stack
       });
@@ -1883,27 +2212,27 @@ var NileDatabase = class {
       if (destroy) {
         clearTimeout(this.timer);
         evictPool(this.id);
-        debug(`destroying pool ${this.id}`);
+        this.logger.debug(`destroying pool ${this.id}`);
       }
     });
   }
   startTimeout() {
-    const { debug } = this.config.logger("[NileInstance]");
+    const { debug } = this.logger;
     if (this.timer) {
       clearTimeout(this.timer);
     }
     this.timer = setTimeout(() => {
       debug(
-        `Pool reached idleTimeoutMillis. ${this.id} evicted after ${Number(this.config.db.idleTimeoutMillis) ?? 3e4}ms`
+        `Pool reached idleTimeoutMillis. ${this.id} evicted after ${Number(this.config.idleTimeoutMillis) ?? 3e4}ms`
       );
       this.pool.end(() => {
         clearTimeout(this.timer);
         evictPool(this.id);
       });
-    }, Number(this.config.db.idleTimeoutMillis) ?? 3e4);
+    }, Number(this.config.idleTimeoutMillis) ?? 3e4);
   }
   shutdown() {
-    const { debug } = this.config.logger("[NileInstance]");
+    const { debug } = this.logger;
     debug(`attempting to shut down ${this.id}`);
     clearTimeout(this.timer);
     this.pool.end(() => {
@@ -1912,8 +2241,8 @@ var NileDatabase = class {
   }
 };
 var NileInstance_default = NileDatabase;
-function makeAfterCreate(config, id) {
-  const { error, warn, debug } = config.logger("[afterCreate]");
+function makeAfterCreate(logger, id) {
+  const { error, warn: warn2, debug } = logger("[afterCreate]");
   return (conn, done) => {
     conn.on("error", function errorHandler(e) {
       error(`Connection ${id} was terminated by server`, {
@@ -1922,13 +2251,15 @@ function makeAfterCreate(config, id) {
       });
       done(e, conn);
     });
-    if (config.tenantId) {
-      const query = [`SET nile.tenant_id = '${config.tenantId}'`];
-      if (config.userId) {
-        if (!config.tenantId) {
-          warn("A user id cannot be set in context without a tenant id");
+    const [context] = id.split("|");
+    const [tenantId, userId] = context.split(":");
+    if (tenantId !== "base") {
+      const query = [`SET nile.tenant_id = '${tenantId}'`];
+      if (userId) {
+        if (!tenantId) {
+          warn2("A user id cannot be set in context without a tenant id");
         }
-        query.push(`SET nile.user_id = '${config.userId}'`);
+        query.push(`SET nile.user_id = '${userId}'`);
       }
       conn.query(query.join(";"), function(err) {
         if (err) {
@@ -1941,11 +2272,11 @@ function makeAfterCreate(config, id) {
           });
         } else {
           if (query.length === 1) {
-            debug(`connection context set: tenantId=${config.tenantId}`);
+            debug(`connection context set: tenantId=${tenantId}`);
           }
           if (query.length === 2) {
             debug(
-              `connection context set: tenantId=${config.tenantId} userId=${config.userId}`
+              `connection context set: tenantId=${tenantId} userId=${userId}`
             );
           }
         }
@@ -1977,19 +2308,20 @@ var DBManager = class {
     watchEvictPool(this.poolWatcherFn);
   }
   poolWatcher = (config) => (id) => {
-    const { info, warn } = Logger(config)("[DBManager]");
+    const { info, warn: warn2 } = Logger(config)("[DBManager]");
     if (id && this.connections.has(id)) {
       info(`Removing ${id} from db connection pool.`);
       const connection = this.connections.get(id);
       connection?.shutdown();
       this.connections.delete(id);
     } else {
-      warn(`missed eviction of ${id}`);
+      warn2(`missed eviction of ${id}`);
     }
   };
-  getConnection = (config) => {
+  getConnection = (config, noContext = false) => {
     const { info } = Logger(config)("[DBManager]");
-    const id = this.makeId(config.tenantId, config.userId);
+    const { tenantId, userId } = noContext ? {} : ctx.getLastUsed();
+    const id = this.makeId(tenantId, userId);
     const existing = this.connections.get(id);
     info(`# of instances: ${this.connections.size}`);
     if (existing) {
@@ -1997,7 +2329,7 @@ var DBManager = class {
       existing.startTimeout();
       return existing.pool;
     }
-    const newOne = new NileInstance_default(new Config(config), id);
+    const newOne = new NileInstance_default(config.db, config.logger, id);
     this.connections.set(id, newOne);
     info(`created new ${id}`);
     info(`# of instances: ${this.connections.size}`);
@@ -2021,230 +2353,284 @@ var DBManager = class {
 var Auth = class {
   #logger;
   #config;
+  /**
+   * Create an Auth helper.
+   *
+   * @param config - runtime configuration used by the underlying fetch helpers
+   *   such as `serverOrigin`, `routePrefix` and default headers.
+   */
   constructor(config) {
     this.#config = config;
     this.#logger = config.logger("[auth]");
   }
   async getSession(rawResponse = false) {
-    const res = await fetchSession(this.#config);
-    if (rawResponse) {
-      return res;
-    }
-    try {
-      const session = await res.clone().json();
-      if (Object.keys(session).length === 0) {
-        return void 0;
+    return withNileContext(this.#config, async () => {
+      const res = await fetchSession(this.#config);
+      if (rawResponse) {
+        return res;
       }
-      return session;
-    } catch {
-      return res;
-    }
+      try {
+        const session = await res.clone().json();
+        if (Object.keys(session).length === 0) {
+          return void 0;
+        }
+        return session;
+      } catch {
+        return res;
+      }
+    });
   }
   async getCsrf(rawResponse = false) {
-    return await obtainCsrf(this.#config, rawResponse);
+    return withNileContext(this.#config, async () => {
+      return await obtainCsrf(this.#config, rawResponse);
+    });
   }
   async listProviders(rawResponse = false) {
-    const res = await fetchProviders(this.#config);
-    if (rawResponse) {
-      return res;
-    }
-    try {
-      return await res.clone().json();
-    } catch {
-      return res;
-    }
+    return withNileContext(this.#config, async () => {
+      const res = await fetchProviders(this.#config);
+      if (rawResponse) {
+        return res;
+      }
+      try {
+        return await res.clone().json();
+      } catch {
+        return res;
+      }
+    });
   }
+  /**
+   * Sign the current user out by calling `/api/auth/signout`.
+   *
+   * The CSRF token is fetched automatically and the stored cookies are cleared
+   * from the internal configuration once the request completes.
+   */
   async signOut() {
-    const csrfRes = await this.getCsrf();
-    if (!("csrfToken" in csrfRes)) {
-      throw new Error("Unable to obtain CSRF token. Sign out failed.");
-    }
-    const body = JSON.stringify({
-      csrfToken: csrfRes.csrfToken,
-      json: true
+    return withNileContext(this.#config, async () => {
+      const csrfRes = await this.getCsrf();
+      if (!("csrfToken" in csrfRes)) {
+        throw new Error("Unable to obtain CSRF token. Sign out failed.");
+      }
+      const body = JSON.stringify({
+        csrfToken: csrfRes.csrfToken,
+        json: true
+      });
+      const res = await fetchSignOut(this.#config, body);
+      updateHeaders(new Headers({}));
+      ctx.set({ headers: null });
+      return res;
     });
-    const res = await fetchSignOut(this.#config, body);
-    updateHeaders(new Headers({}));
-    this.#config.headers = new Headers();
-    return res;
   }
   async signUp(payload, rawResponse) {
-    this.#config.headers = new Headers();
-    const { email, password, ...params } = payload;
-    if (!email || !password) {
-      throw new Error(
-        "Server side sign up requires a user email and password."
-      );
-    }
-    const providers = await this.listProviders();
-    const { credentials } = providers ?? {};
-    if (!credentials) {
-      throw new Error(
-        "Unable to obtain credential provider. Aborting server side sign up."
-      );
-    }
-    const csrf = await this.getCsrf();
-    let csrfToken;
-    if ("csrfToken" in csrf) {
-      csrfToken = csrf.csrfToken;
-    } else {
-      throw new Error("Unable to obtain parse CSRF. Request blocked.");
-    }
-    const body = JSON.stringify({
-      email,
-      password,
-      csrfToken,
-      callbackUrl: credentials.callbackUrl
-    });
-    const res = await fetchSignUp(this.#config, { body, params });
-    if (res.status > 299) {
-      this.#logger.error(await res.clone().text());
-      return void 0;
-    }
-    const token = parseToken(res.headers);
-    if (!token) {
-      throw new Error("Server side sign up failed. Session token not found");
-    }
-    this.#config.headers?.append("cookie", token);
-    updateHeaders(this.#config.headers);
-    if (rawResponse) {
-      return res;
-    }
-    try {
-      const json = await res.clone().json();
-      if (json && typeof json === "object" && "tenants" in json) {
-        const tenantId = json.tenants[0];
-        if (tenantId) {
-          updateTenantId(tenantId);
+    return withNileContext(this.#config, async () => {
+      ctx.set({ headers: null });
+      const { email, password, ...params } = payload;
+      if (!email || !password) {
+        throw new Error(
+          "Server side sign up requires a user email and password."
+        );
+      }
+      const providers = await this.listProviders();
+      const { credentials } = providers ?? {};
+      if (!credentials) {
+        throw new Error(
+          "Unable to obtain credential provider. Aborting server side sign up."
+        );
+      }
+      const csrf = await obtainCsrf(this.#config);
+      let csrfToken;
+      if ("csrfToken" in csrf) {
+        csrfToken = csrf.csrfToken;
+      } else {
+        throw new Error("Unable to obtain parse CSRF. Request blocked.");
+      }
+      const body = JSON.stringify({
+        email,
+        password,
+        csrfToken,
+        callbackUrl: credentials.callbackUrl
+      });
+      const res = await fetchSignUp(this.#config, { body, params });
+      if (res.status > 299) {
+        this.#logger.error(await res.clone().text());
+        return void 0;
+      }
+      const token = parseToken(res.headers);
+      if (!token) {
+        throw new Error("Server side sign up failed. Session token not found");
+      }
+      const { headers } = ctx.get();
+      headers?.append("cookie", token);
+      ctx.set({ headers });
+      updateHeaders(headers);
+      if (rawResponse) {
+        return res;
+      }
+      try {
+        const json = await res.clone().json();
+        if (json && typeof json === "object" && "tenants" in json) {
+          const tenantId = json.tenants[0];
+          if (tenantId) {
+            updateTenantId(tenantId);
+          }
         }
+        return json;
+      } catch {
+        return res;
       }
-      return json;
-    } catch {
-      return res;
-    }
-  }
-  async forgotPassword(req) {
-    let email = "";
-    const defaults = defaultCallbackUrl({
-      config: this.#config
-    });
-    let callbackUrl = defaults.callbackUrl;
-    let redirectUrl = defaults.redirectUrl;
-    if ("email" in req) {
-      email = req.email;
-    }
-    if ("callbackUrl" in req) {
-      callbackUrl = req.callbackUrl ? req.callbackUrl : null;
-    }
-    if ("redirectUrl" in req) {
-      redirectUrl = req.redirectUrl ? req.redirectUrl : null;
-    }
-    const body = JSON.stringify({
-      email,
-      redirectUrl,
-      callbackUrl
     });
-    const data = await fetchResetPassword(
-      this.#config,
-      "POST",
-      body,
-      new URLSearchParams(),
-      false
-    );
-    return data;
   }
-  async resetPassword(req) {
-    let email = "";
-    let password = "";
-    const defaults = defaultCallbackUrl({ config: this.#config });
-    let callbackUrl = defaults.callbackUrl;
-    let redirectUrl = defaults.redirectUrl;
-    if (req instanceof Request) {
-      const body2 = await req.json();
-      email = body2.email;
-      password = body2.password;
-      const cbFromHeaders = parseCallback(req.headers);
-      if (cbFromHeaders) {
-        callbackUrl = cbFromHeaders;
-      }
-      if (body2.callbackUrl) {
-        callbackUrl = body2.callbackUrl;
-      }
-      if (body2.redirectUrl) {
-        redirectUrl = body2.redirectUrl;
-      }
-    } else {
+  /**
+   * Request a password reset email.
+   *
+   * Sends a `POST` to `/api/auth/password-reset` with the provided email and
+   * optional callback information. The endpoint responds with a redirect URL
+   * which is returned as a {@link Response} object.
+   */
+  async forgotPassword(req) {
+    return withNileContext(this.#config, async () => {
+      let email = "";
+      const defaults = defaultCallbackUrl(this.#config);
+      let callbackUrl = defaults.callbackUrl;
+      let redirectUrl = defaults.redirectUrl;
       if ("email" in req) {
         email = req.email;
       }
-      if ("password" in req) {
-        password = req.password;
-      }
       if ("callbackUrl" in req) {
-        callbackUrl = req.callbackUrl ? req.callbackUrl : null;
+        callbackUrl = fQUrl(req.callbackUrl ?? "", this.#config);
       }
       if ("redirectUrl" in req) {
-        redirectUrl = req.redirectUrl ? req.redirectUrl : null;
+        redirectUrl = fQUrl(req.redirectUrl ?? "", this.#config);
       }
-    }
-    await this.getCsrf();
-    const body = JSON.stringify({
-      email,
-      password,
-      redirectUrl,
-      callbackUrl
-    });
-    let urlWithParams;
-    try {
-      const data = await fetchResetPassword(this.#config, "POST", body);
-      const cloned = data.clone();
-      if (data.status === 400) {
-        const text = await cloned.text();
-        this.#logger.error(text);
-        return data;
-      }
-      const { url } = await data.json();
-      urlWithParams = url;
-    } catch {
-    }
-    let token;
-    try {
-      const worthyParams = new URL(urlWithParams).searchParams;
-      const answer = await fetchResetPassword(
+      const body = JSON.stringify({
+        email,
+        redirectUrl,
+        callbackUrl
+      });
+      const data = await fetchResetPassword(
         this.#config,
-        "GET",
-        null,
-        worthyParams
-      );
-      token = parseResetToken(answer.headers);
-    } catch {
-      this.#logger.warn(
-        "Unable to parse reset password url. Password not reset."
-      );
-    }
-    const cookie = this.#config.headers.get("cookie")?.split("; ");
-    if (token) {
-      cookie?.push(token);
-    } else {
-      throw new Error(
-        "Unable to reset password, reset token is missing from response"
+        "POST",
+        body,
+        new URLSearchParams(),
+        false
       );
-    }
-    this.#config.headers = new Headers({
-      ...this.#config.headers,
-      cookie: cookie?.join("; ")
+      return data;
     });
-    const res = await fetchResetPassword(this.#config, "PUT", body);
-    cookie?.pop();
-    const cleaned = cookie?.filter((c) => !c.includes("nile.session")) ?? [];
-    cleaned.push(String(parseToken(res.headers)));
-    const updatedHeaders = new Headers({ cookie: cleaned.join("; ") });
-    updateHeaders(updatedHeaders);
-    return res;
   }
+  /**
+   * Complete a password reset.
+   *
+   * This workflow expects a token obtained from {@link forgotPassword}. The
+   * function performs a POST/GET/PUT sequence against
+   * `/api/auth/password-reset` as described in the OpenAPI specification.
+   *
+   * @param req - either a {@link Request} with a JSON body or an object
+   *   containing the necessary fields.
+   */
+  async resetPassword(req) {
+    return withNileContext(this.#config, async () => {
+      let email = "";
+      let password = "";
+      const defaults = defaultCallbackUrl(this.#config);
+      let callbackUrl = defaults.callbackUrl;
+      let redirectUrl = defaults.redirectUrl;
+      if (req instanceof Request) {
+        const body2 = await req.json();
+        email = body2.email;
+        password = body2.password;
+        const cbFromHeaders = parseCallback(req.headers);
+        if (cbFromHeaders) {
+          callbackUrl = cbFromHeaders;
+        }
+        if (body2.callbackUrl) {
+          callbackUrl = body2.callbackUrl;
+        }
+        if (body2.redirectUrl) {
+          redirectUrl = body2.redirectUrl;
+        }
+      } else {
+        if ("email" in req) {
+          email = req.email;
+        }
+        if ("password" in req) {
+          password = req.password;
+        }
+        if ("callbackUrl" in req) {
+          callbackUrl = req.callbackUrl ? req.callbackUrl : null;
+        }
+        if ("redirectUrl" in req) {
+          redirectUrl = req.redirectUrl ? req.redirectUrl : null;
+        }
+      }
+      await this.getCsrf();
+      const body = JSON.stringify({
+        email,
+        password,
+        redirectUrl,
+        callbackUrl
+      });
+      let urlWithParams;
+      try {
+        const data = await fetchResetPassword(this.#config, "POST", body);
+        const cloned = data.clone();
+        if (data.status === 400) {
+          const text = await cloned.text();
+          this.#logger.error(text);
+          return data;
+        }
+        const { url } = await data.json();
+        urlWithParams = url;
+      } catch {
+      }
+      let token;
+      try {
+        const worthyParams = new URL(urlWithParams).searchParams;
+        const answer = await fetchResetPassword(
+          this.#config,
+          "GET",
+          null,
+          worthyParams
+        );
+        token = parseResetToken(answer.headers);
+      } catch {
+        this.#logger.warn(
+          "Unable to parse reset password url. Password not reset."
+        );
+      }
+      const { headers } = ctx.get();
+      const cookie = headers?.get("cookie")?.split("; ");
+      if (token) {
+        cookie?.push(token);
+      } else {
+        throw new Error(
+          "Unable to reset password, reset token is missing from response"
+        );
+      }
+      if (cookie) {
+        headers?.set("cookie", cookie?.join("; "));
+        ctx.set({
+          headers
+        });
+      }
+      const res = await fetchResetPassword(this.#config, "PUT", body);
+      cookie?.pop();
+      const cleaned = cookie?.filter((c) => !c.includes("nile.session")) ?? [];
+      cleaned.push(String(parseToken(res.headers)));
+      const updatedHeaders = new Headers({ cookie: cleaned.join("; ") });
+      updateHeaders(updatedHeaders);
+      return res;
+    });
+  }
+  /**
+   * Low level helper used by {@link signIn} to complete provider flows.
+   *
+   * Depending on the provider this issues either a GET or POST request to
+   * `/api/auth/callback/{provider}` via {@link fetchCallback}.
+   */
   async callback(provider, body) {
     if (body instanceof Request) {
-      this.#config.headers = body.headers;
+      ctx.set({
+        headers: body.headers
+      });
       return await fetchCallback(
         this.#config,
         provider,
@@ -2256,109 +2642,115 @@ var Auth = class {
     return await fetchCallback(this.#config, provider, body);
   }
   async signIn(provider, payload, rawResponse) {
-    if (payload instanceof Request) {
-      const body2 = new URLSearchParams(await payload.text());
-      const origin = new URL(payload.url).origin;
-      const payloadUrl = body2?.get("callbackUrl");
-      const csrfToken2 = body2?.get("csrfToken");
-      const callbackUrl = `${!payloadUrl?.startsWith("http") ? origin : ""}${payloadUrl}`;
-      if (!csrfToken2) {
+    return withNileContext(this.#config, async () => {
+      if (payload instanceof Request) {
+        const body2 = new URLSearchParams(await payload.text());
+        const origin = new URL(payload.url).origin;
+        const payloadUrl = body2?.get("callbackUrl");
+        const csrfToken2 = body2?.get("csrfToken");
+        const callbackUrl = `${!payloadUrl?.startsWith("http") ? origin : ""}${payloadUrl}`;
+        if (!csrfToken2) {
+          throw new Error(
+            "CSRF token in missing from request. Request it by the client before calling sign in"
+          );
+        }
+        const updatedHeaders = new Headers(payload.headers);
+        updatedHeaders.set("Content-Type", "application/x-www-form-urlencoded");
+        ctx.set({ headers: updatedHeaders });
+        const params = new URLSearchParams({
+          csrfToken: csrfToken2,
+          json: String(true)
+        });
+        if (payloadUrl) {
+          params.set("callbackUrl", callbackUrl);
+        }
+        return await fetchSignIn(this.#config, provider, params);
+      }
+      ctx.set({ headers: null });
+      const { info, error } = this.#logger;
+      const providers = await this.listProviders();
+      info("Obtaining csrf");
+      const csrf = await obtainCsrf(this.#config);
+      let csrfToken;
+      if ("csrfToken" in csrf) {
+        csrfToken = csrf.csrfToken;
+      } else {
+        throw new Error("Unable to obtain parse CSRF. Request blocked.");
+      }
+      const { credentials } = providers ?? {};
+      if (!credentials) {
         throw new Error(
-          "CSRF token in missing from request. Request it by the client before calling sign in"
+          "Unable to obtain credential provider. Aborting server side sign in."
         );
       }
-      this.#config.headers = new Headers(payload.headers);
-      this.#config.headers.set(
-        "Content-Type",
-        "application/x-www-form-urlencoded"
-      );
-      const params = new URLSearchParams({
-        csrfToken: csrfToken2,
-        json: String(true)
+      const { email, password } = payload ?? {};
+      if (provider === "email" && (!email || !password)) {
+        throw new Error(
+          "Server side sign in requires a user email and password."
+        );
+      }
+      info(`Obtaining providers for ${email}`);
+      info(`Attempting sign in with email ${email}`);
+      if (!email) {
+        throw new Error("Email missing from payload, unable to sign in");
+      }
+      const body = JSON.stringify({
+        email,
+        password,
+        csrfToken,
+        callbackUrl: credentials.callbackUrl
       });
-      if (payloadUrl) {
-        params.set("callbackUrl", callbackUrl);
-      }
-      return await fetchSignIn(this.#config, provider, params);
-    }
-    this.#config.headers = new Headers();
-    const { info, error } = this.#logger;
-    const providers = await this.listProviders();
-    info("Obtaining csrf");
-    const csrf = await this.getCsrf();
-    let csrfToken;
-    if ("csrfToken" in csrf) {
-      csrfToken = csrf.csrfToken;
-    } else {
-      throw new Error("Unable to obtain parse CSRF. Request blocked.");
-    }
-    const { credentials } = providers ?? {};
-    if (!credentials) {
-      throw new Error(
-        "Unable to obtain credential provider. Aborting server side sign in."
-      );
-    }
-    const { email, password } = payload ?? {};
-    if (provider === "email" && (!email || !password)) {
-      throw new Error(
-        "Server side sign in requires a user email and password."
-      );
-    }
-    info(`Obtaining providers for ${email}`);
-    info(`Attempting sign in with email ${email}`);
-    const body = JSON.stringify({
-      email,
-      password,
-      csrfToken,
-      callbackUrl: credentials.callbackUrl
-    });
-    const signInRes = await this.callback(provider, body);
-    const authCookie = signInRes?.headers.get("set-cookie");
-    if (!authCookie) {
-      throw new Error("authentication failed");
-    }
-    const token = parseToken(signInRes?.headers);
-    const possibleError = signInRes?.headers.get("location");
-    if (possibleError) {
-      let urlError;
+      const signInRes = await this.callback(provider, body);
+      const authCookie = signInRes?.headers.get("set-cookie");
+      if (!authCookie) {
+        throw new Error("authentication failed");
+      }
+      const token = parseToken(signInRes?.headers);
+      const possibleError = signInRes?.headers.get("location");
+      if (possibleError) {
+        let urlError;
+        try {
+          urlError = new URL(possibleError).searchParams.get("error");
+        } catch {
+        }
+        if (urlError) {
+          error("Unable to log user in", { error: urlError });
+          return new Response(urlError, { status: signInRes.status });
+        }
+      }
+      if (!token) {
+        error("Unable to obtain auth token", {
+          authCookie,
+          signInRes
+        });
+        throw new Error("Server login failed");
+      }
+      info("Server sign in successful", { authCookie });
+      const setCookie = signInRes.headers.get("set-cookie");
+      const { headers } = ctx.get();
+      if (setCookie) {
+        const cookie = [
+          parseCSRF(headers),
+          parseCallback(signInRes.headers),
+          parseToken(signInRes.headers)
+        ].filter(Boolean).join("; ");
+        const uHeaders = new Headers({ cookie });
+        updateHeaders(uHeaders);
+        ctx.set({ headers: uHeaders });
+      } else {
+        error("Unable to set context after sign in", {
+          headers: signInRes.headers
+        });
+      }
+      if (rawResponse) {
+        return signInRes;
+      }
       try {
-        urlError = new URL(possibleError).searchParams.get("error");
+        return await signInRes.clone().json();
       } catch {
+        return signInRes;
       }
-      if (urlError) {
-        error("Unable to log user in", { error: urlError });
-        return new Response(urlError, { status: signInRes.status });
-      }
-    }
-    if (!token) {
-      error("Unable to obtain auth token", {
-        authCookie,
-        signInRes
-      });
-      throw new Error("Server login failed");
-    }
-    info("Server sign in successful", { authCookie });
-    const setCookie = signInRes.headers.get("set-cookie");
-    if (setCookie) {
-      const cookie = [
-        parseCSRF(this.#config.headers),
-        parseCallback(signInRes.headers),
-        parseToken(signInRes.headers)
-      ].filter(Boolean).join("; ");
-      updateHeaders(new Headers({ cookie }));
-    } else {
-      error("Unable to set context after sign in", {
-        headers: signInRes.headers
-      });
-    }
-    if (rawResponse) {
-      return signInRes;
-    }
-    try {
-      return await signInRes.clone().json();
-    } catch {
-      return signInRes;
-    }
+    });
   }
 };
 function parseCSRF(headers) {
@@ -2405,22 +2797,54 @@ function parseResetToken(headers) {
   const [, token] = /((__Secure-)?nile\.reset=[^;]+)/.exec(authCookie) ?? [];
   return token;
 }
-function defaultCallbackUrl({ config }) {
+function parseTenantId(headers) {
+  let authCookie = headers?.get("set-cookie");
+  if (!authCookie) {
+    authCookie = headers?.get("cookie");
+  }
+  if (!authCookie) {
+    return void 0;
+  }
+  const [, token] = /((__Secure-)?nile\.tenant-id=[^;]+)/.exec(authCookie) ?? [];
+  if (token) {
+    const [, tenantId] = token.split("=");
+    return tenantId;
+  }
+  return null;
+}
+function defaultCallbackUrl(config) {
   let cb = null;
   let redirect = null;
-  const fallbackCb = parseCallback(config.headers);
+  const { headers } = ctx.get();
+  const fallbackCb = parseCallback(headers);
   if (fallbackCb) {
     const [, value] = fallbackCb.split("=");
     cb = decodeURIComponent(value);
     if (value) {
-      redirect = `${new URL(cb).origin}${"/auth/reset-password" /* PASSWORD_RESET */}`;
+      redirect = `${new URL(cb).origin}${config.routePrefix}${"/auth/reset-password" /* PASSWORD_RESET */}`;
     }
   }
   return { callbackUrl: cb, redirectUrl: redirect };
 }
+function fQUrl(path, config) {
+  if (path.startsWith("/")) {
+    const { callbackUrl } = defaultCallbackUrl(config);
+    if (callbackUrl) {
+      const { origin } = new URL(callbackUrl);
+      return `${origin}${path}`;
+    }
+  }
+  try {
+    new URL(path);
+  } catch {
+    throw new Error("An invalid URL has been passed.");
+  }
+  return path;
+}
 
 // src/auth/obtainCsrf.ts
 async function obtainCsrf(config, rawResponse = false) {
+  const { headers } = ctx.get();
   const res = await fetchCsrf(config);
   const csrfCook = parseCSRF(res.headers);
   if (csrfCook) {
@@ -2433,28 +2857,27 @@ async function obtainCsrf(config, rawResponse = false) {
         parseCallback(res.headers),
         parseToken(res.headers)
       ].filter(Boolean).join("; ");
-      config.headers.set("cookie", cookie);
-      updateHeaders(new Headers({ cookie }));
+      headers.set("cookie", cookie);
+      ctx.set({ headers });
+      updateHeaders(headers);
     }
     if (!rawResponse) {
       return { csrfToken: token };
     }
   } else {
-    const existingCookie = config.headers.get("cookie");
+    const existingCookie = headers.get("cookie");
     const cookieParts = [];
     if (existingCookie) {
-      cookieParts.push(
-        parseToken(config.headers),
-        parseCallback(config.headers)
-      );
+      cookieParts.push(parseToken(headers), parseCallback(headers));
     }
     if (csrfCook) {
       cookieParts.push(csrfCook);
     } else {
-      cookieParts.push(parseCSRF(config.headers));
+      cookieParts.push(parseCSRF(headers));
     }
     const cookie = cookieParts.filter(Boolean).join("; ");
-    config.headers.set("cookie", cookie);
+    headers.set("cookie", cookie);
+    ctx.set({ headers });
     updateHeaders(new Headers({ cookie }));
   }
   if (rawResponse) {
@@ -2467,74 +2890,131 @@ async function obtainCsrf(config, rawResponse = false) {
   }
 }
 
+// src/utils/qualifyDomain.ts
+function fQUrl2(callbackUrl, path) {
+  if (path.startsWith("/")) {
+    if (callbackUrl) {
+      const { origin } = new URL(callbackUrl);
+      return `${origin}${path}`;
+    }
+  }
+  try {
+    new URL(path);
+  } catch {
+    throw new Error("An invalid URL has been passed.");
+  }
+  return path;
+}
+
 // src/users/index.ts
 var Users = class {
   #config;
   #logger;
+  /**
+   * Create a new Users helper.
+   * @param config - The configuration used for requests.
+   */
   constructor(config) {
     this.#config = config;
     this.#logger = config.logger("[me]");
   }
+  /**
+   * Update the current user via `PUT /api/me`.
+   *
+   * The OpenAPI description for this endpoint can be found in
+   * `packages/server/src/api/routes/me/index.ts` under `updateSelf`.
+   *
+   * @param req - Partial user fields to send.
+   * @param [rawResponse] - When `true`, return the raw {@link Response}.
+   */
   async updateSelf(req, rawResponse) {
-    const res = await fetchMe(this.#config, "PUT", JSON.stringify(req));
-    if (rawResponse) {
-      return res;
-    }
-    try {
-      return await res?.clone().json();
-    } catch {
-      return res;
-    }
+    return withNileContext(this.#config, async () => {
+      const res = await fetchMe(this.#config, "PUT", JSON.stringify(req));
+      if (rawResponse) {
+        return res;
+      }
+      try {
+        return await res?.clone().json();
+      } catch {
+        return res;
+      }
+    });
   }
+  /**
+   * Remove the current user using `DELETE /api/me`.
+   *
+   * After the request the authentication headers are cleared with
+   * {@link updateHeaders}. The OpenAPI docs for this route are in
+   * `packages/server/src/api/routes/me/index.ts` under `removeSelf`.
+   */
   async removeSelf() {
-    const me = await this.getSelf();
-    if ("id" in me) {
-      this.#config.userId = me.id;
-    }
-    const res = await fetchMe(this.#config, "DELETE");
-    updateHeaders(new Headers());
-    return res;
+    return withNileContext(this.#config, async () => {
+      const me = await this.getSelf();
+      if ("id" in me) {
+        const userId = me.id;
+        ctx.set({ userId });
+      }
+      const res = await fetchMe(this.#config, "DELETE");
+      updateHeaders(new Headers());
+      return res;
+    });
   }
   async getSelf(rawResponse) {
-    const res = await fetchMe(this.#config);
-    if (rawResponse) {
-      return res;
-    }
-    try {
-      return await res?.clone().json();
-    } catch {
-      return res;
-    }
+    return withNileContext(this.#config, async () => {
+      const res = await fetchMe(this.#config);
+      if (rawResponse) {
+        return res;
+      }
+      try {
+        return await res?.clone().json();
+      } catch {
+        return res;
+      }
+    });
   }
   async verifySelf(options, rawResponse = false) {
-    const bypassEmail = typeof options === "object" ? options.bypassEmail ?? process.env.NODE_ENV !== "production" : process.env.NODE_ENV !== "production";
-    const callbackUrl = typeof options === "object" ? options.callbackUrl : defaultCallbackUrl2(this.#config).callbackUrl;
-    let res;
-    try {
-      const me = await this.getSelf();
-      if (me instanceof Response) {
-        return me;
+    return withNileContext(this.#config, async () => {
+      const bypassEmail = typeof options === "object" && options?.bypassEmail === true;
+      const callbackUrl = fQUrl2(
+        defaultCallbackUrl2().callbackUrl,
+        typeof options === "object" ? String(options.callbackUrl) : "/"
+      );
+      let res;
+      try {
+        const me = await this.getSelf();
+        if (me instanceof Response) {
+          return me;
+        }
+        res = await verifyEmailAddress(this.#config, me, String(callbackUrl));
+        return res;
+      } catch (e) {
+        if (!bypassEmail) {
+          let message = "Unable to verify email.";
+          if (e instanceof Error) {
+            message = e.message;
+          }
+          this.#logger?.error(
+            `${message} you can bypass this message by setting bypassEmail: true when calling 'verifySelf'`
+          );
+          res = new Response(message, { status: 400 });
+        }
+      }
+      if (bypassEmail) {
+        this.#logger?.info(
+          "bypassing email requirements for email verification"
+        );
+        res = this.updateSelf({ emailVerified: true }, rawResponse);
       }
-      res = await verifyEmailAddress(this.#config, me, String(callbackUrl));
       return res;
-    } catch {
-      const message = "Unable to verify email.";
-      this.#logger?.warn(message);
-      res = new Response(message, { status: 400 });
-    }
-    if (bypassEmail) {
-      res = this.updateSelf({ emailVerified: true }, rawResponse);
-    }
-    this.#logger.error(
-      "Unable to verify email address. Configure your SMTP server in the console."
-    );
-    return res;
+    });
   }
 };
 async function verifyEmailAddress(config, user, callback) {
-  config.headers.set("content-type", "application/x-www-form-urlencoded");
+  const { headers } = ctx.get();
+  headers?.set("content-type", "application/x-www-form-urlencoded");
+  ctx.set({ headers });
   const { csrfToken } = await obtainCsrf(config);
-  const defaults = defaultCallbackUrl2(config);
+  const defaults = defaultCallbackUrl2();
   const callbackUrl = callback ?? String(defaults.callbackUrl);
   const res = await fetchVerifyEmail(
     config,
@@ -2550,9 +3030,10 @@ async function verifyEmailAddress(config, user, callback) {
   }
   return res;
 }
-function defaultCallbackUrl2(config) {
+function defaultCallbackUrl2() {
   let cb = null;
-  const fallbackCb = parseCallback(config.headers);
+  const { headers } = ctx.get();
+  const fallbackCb = parseCallback(headers);
   if (fallbackCb) {
     const [, value] = fallbackCb.split("=");
     cb = decodeURIComponent(value);
@@ -2566,194 +3047,286 @@ var Tenants = class {
   constructor(config) {
     this.#config = config;
   }
+  /**
+   * Create a new tenant using `POST /api/tenants`.
+   * See `packages/server/src/api/routes/tenants/POST.ts` for the
+   * `createTenant` operation definition.
+   */
   async create(req, rawResponse) {
-    let res;
-    if (typeof req === "string") {
-      res = await fetchTenants(
-        this.#config,
-        "POST",
-        JSON.stringify({ name: req })
-      );
-    } else if (typeof req === "object" && ("name" in req || "id" in req)) {
-      res = await fetchTenants(this.#config, "POST", JSON.stringify(req));
-    }
-    if (rawResponse) {
-      return res;
-    }
-    try {
-      return await res?.clone().json();
-    } catch {
-      return res;
-    }
+    return withNileContext(this.#config, async () => {
+      let res;
+      if (typeof req === "string") {
+        res = await fetchTenants(
+          this.#config,
+          "POST",
+          JSON.stringify({ name: req })
+        );
+      } else if (typeof req === "object" && ("name" in req || "id" in req)) {
+        res = await fetchTenants(this.#config, "POST", JSON.stringify(req));
+      }
+      if (rawResponse) {
+        return res;
+      }
+      try {
+        return await res?.clone().json();
+      } catch {
+        return res;
+      }
+    });
   }
+  /**
+   * Remove a tenant via `DELETE /api/tenants/{tenantId}`.
+   *
+   * @param req - The tenant to remove or context containing the id.
+   */
   async delete(req) {
-    if (typeof req === "string") {
-      this.#config.tenantId = req;
-    }
-    if (typeof req === "object" && "id" in req) {
-      this.#config.tenantId = req.id;
-    }
-    const res = await fetchTenant(this.#config, "DELETE");
-    return res;
+    return withNileContext(this.#config, async () => {
+      if (typeof req === "string") {
+        ctx.set({ tenantId: req });
+      }
+      if (typeof req === "object" && "id" in req) {
+        ctx.set({ tenantId: req.id });
+      }
+      const res = await fetchTenant(this.#config, "DELETE");
+      return res;
+    });
   }
+  /**
+   * Fetch details for a tenant using `GET /api/tenants/{tenantId}`.
+   *
+   * @param req - Tenant identifier or context.
+   * @param [rawResponse] - When true, return the raw {@link Response}.
+   */
   async get(req, rawResponse) {
-    if (typeof req === "string") {
-      this.#config.tenantId = req;
-    } else if (typeof req === "object" && "id" in req) {
-      this.#config.tenantId = req.id;
-    }
-    const res = await fetchTenant(this.#config, "GET");
-    if (rawResponse === true || req === true) {
-      return res;
-    }
-    try {
-      return await res?.clone().json();
-    } catch {
-      return res;
-    }
+    return withNileContext(this.#config, async () => {
+      if (typeof req === "string") {
+        ctx.set({ tenantId: req });
+      } else if (typeof req === "object" && "id" in req) {
+        ctx.set({ tenantId: req.id });
+      }
+      const res = await fetchTenant(this.#config, "GET");
+      if (rawResponse === true || req === true) {
+        return res;
+      }
+      try {
+        return await res?.clone().json();
+      } catch {
+        return res;
+      }
+    });
   }
   async update(req, rawResponse) {
-    let res;
-    if (typeof req === "object" && ("name" in req || "id" in req)) {
-      const { id, ...remaining } = req;
-      if (id) {
-        this.#config.tenantId = id;
+    return withNileContext(this.#config, async () => {
+      let res;
+      if (typeof req === "object" && ("name" in req || "id" in req)) {
+        const { id, ...remaining } = req;
+        if (id) {
+          ctx.set({ tenantId: id });
+        }
+        res = await fetchTenant(this.#config, "PUT", JSON.stringify(remaining));
       }
-      res = await fetchTenant(this.#config, "PUT", JSON.stringify(remaining));
-    }
-    if (rawResponse) {
-      return res;
-    }
-    try {
-      return await res?.clone().json();
-    } catch {
-      return res;
-    }
+      if (rawResponse) {
+        return res;
+      }
+      try {
+        return await res?.clone().json();
+      } catch {
+        return res;
+      }
+    });
   }
+  /**
+   * List tenants for the current user via `GET /api/tenants`.
+   * See `packages/server/src/api/routes/tenants/GET.ts` for details.
+   */
   async list(req) {
-    const res = await fetchTenantsByUser(this.#config);
-    if (req === true) {
-      return res;
-    }
-    try {
-      return await res?.clone().json();
-    } catch {
-      return res;
-    }
+    return withNileContext(
+      this.#config,
+      async () => {
+        const res = await fetchTenantsByUser(this.#config);
+        if (req === true) {
+          return res;
+        }
+        try {
+          return await res?.clone().json();
+        } catch {
+          return res;
+        }
+      },
+      "listTenants"
+    );
   }
+  /**
+   * Leave the current tenant using `DELETE /api/tenants/{tenantId}/users/{userId}`.
+   *
+   * @param [req] - Optionally specify the tenant id to leave.
+   */
   async leaveTenant(req) {
-    const me = await fetchMe(this.#config);
-    try {
-      const json = await me.json();
-      if ("id" in json) {
-        this.#config.userId = json.id;
+    return withNileContext(this.#config, async () => {
+      const me = await fetchMe(this.#config);
+      try {
+        const json = await me.json();
+        if ("id" in json) {
+          ctx.set({ userId: json.id });
+        }
+      } catch {
       }
-    } catch {
-    }
-    if (typeof req === "string") {
-      this.#config.tenantId = req;
-    } else {
-      this.#handleContext(req);
-    }
-    return await fetchTenantUser(this.#config, "DELETE");
+      if (typeof req === "string") {
+        ctx.set({ tenantId: req });
+      } else {
+        this.#handleContext(req);
+      }
+      return await fetchTenantUser(this.#config, "DELETE");
+    });
   }
   async addMember(req, rawResponse) {
-    if (typeof req === "string") {
-      this.#config.userId = req;
-    } else {
-      this.#handleContext(req);
-    }
-    const res = await fetchTenantUser(this.#config, "PUT");
-    return responseHandler(res, rawResponse);
+    return withNileContext(this.#config, async () => {
+      if (typeof req === "string") {
+        ctx.set({ userId: req });
+      } else {
+        this.#handleContext(req);
+      }
+      const res = await fetchTenantUser(this.#config, "PUT");
+      return responseHandler(res, rawResponse);
+    });
   }
+  /**
+   * Remove a user from a tenant with `DELETE /api/tenants/{tenantId}/users/{userId}`.
+   *
+   * @param req - User and tenant identifiers or context.
+   * @param [rawResponse] - When true, return the raw {@link Response}.
+   */
   async removeMember(req, rawResponse) {
-    this.#handleContext(req);
-    const res = await fetchTenantUser(this.#config, "DELETE");
-    return responseHandler(res, rawResponse);
+    return withNileContext(this.#config, async () => {
+      this.#handleContext(req);
+      if (typeof req === "string") {
+        ctx.set({ userId: req });
+      }
+      const res = await fetchTenantUser(this.#config, "DELETE");
+      return responseHandler(res, rawResponse);
+    });
   }
   async users(req, rawResponse) {
-    this.#handleContext(req);
-    const res = await fetchTenantUsers(this.#config, "GET");
-    return responseHandler(
-      res,
-      rawResponse || typeof req === "boolean" && req
+    return withNileContext(
+      this.#config,
+      async () => {
+        this.#handleContext(req);
+        const res = await fetchTenantUsers(this.#config, "GET");
+        return responseHandler(
+          res,
+          rawResponse || typeof req === "boolean" && req
+        );
+      },
+      "users"
     );
   }
+  /**
+   * List invites for the current tenant via `GET /api/tenants/{tenantId}/invites`.
+   */
   async invites() {
-    const res = await fetchInvites(this.#config);
-    return responseHandler(res);
+    return withNileContext(
+      this.#config,
+      async () => {
+        const res = await fetchInvites(this.#config);
+        return responseHandler(res);
+      },
+      "invites"
+    );
   }
   async invite(req, rawResponse) {
-    const { csrfToken } = await obtainCsrf(this.#config);
-    const defaults = defaultCallbackUrl3(this.#config);
-    let identifier = req;
-    let callbackUrl = defaults.callbackUrl;
-    let redirectUrl = defaults.redirectUrl;
-    if (typeof req === "object") {
-      if ("email" in req) {
-        identifier = req.email;
-      }
-      if ("callbackUrl" in req) {
-        callbackUrl = req.callbackUrl ? req.callbackUrl : "";
-      }
-      if ("redirectUrl" in req) {
-        redirectUrl = req.redirectUrl ? req.redirectUrl : "";
-      }
-    }
-    this.#config.headers.set(
-      "Content-Type",
-      "application/x-www-form-urlencoded"
-    );
-    const res = await fetchInvite(
+    return withNileContext(
       this.#config,
-      "POST",
-      new URLSearchParams({
-        identifier,
-        csrfToken,
-        callbackUrl,
-        redirectUrl
-      }).toString()
+      async () => {
+        const { csrfToken } = await obtainCsrf(
+          this.#config
+        );
+        const defaults = defaultCallbackUrl3(this.#config);
+        let identifier = req;
+        let callbackUrl = defaults.callbackUrl;
+        let redirectUrl = defaults.redirectUrl;
+        if (typeof req === "object") {
+          if ("email" in req) {
+            identifier = req.email;
+          }
+          const { callbackUrl: cbUrl } = defaultCallbackUrl3(this.#config);
+          if ("callbackUrl" in req) {
+            callbackUrl = fQUrl2(cbUrl, req.callbackUrl ?? "/");
+          }
+          if ("redirectUrl" in req) {
+            redirectUrl = fQUrl2(cbUrl, req.redirectUrl ?? "/");
+          }
+        }
+        const { headers } = ctx.get();
+        headers?.set("Content-Type", "application/x-www-form-urlencoded");
+        ctx.set({ headers });
+        const res = await fetchInvite(
+          this.#config,
+          "POST",
+          new URLSearchParams({
+            identifier,
+            csrfToken,
+            callbackUrl,
+            redirectUrl
+          }).toString()
+        );
+        return responseHandler(res, rawResponse);
+      },
+      "invites"
     );
-    return responseHandler(res, rawResponse);
   }
+  /**
+   * Accept an invite using `PUT /api/tenants/{tenantId}/invite`.
+   *
+   * @param req - Identifier and token from the invite email.
+   * @param [rawResponse] - When true, return the raw {@link Response}.
+   */
   async acceptInvite(req, rawResponse) {
-    if (!req) {
-      throw new Error("The identifier and token are required.");
-    }
-    const { identifier, token } = req;
-    const defaults = defaultCallbackUrl3(this.#config);
-    const callbackUrl = String(defaults.callbackUrl);
-    const res = await fetchInvite(
-      this.#config,
-      "PUT",
-      new URLSearchParams({
-        identifier,
-        token,
-        callbackUrl
-      }).toString()
-    );
-    return responseHandler(res, rawResponse);
+    return withNileContext(this.#config, async () => {
+      if (!req) {
+        throw new Error("The identifier and token are required.");
+      }
+      const { identifier, token } = req;
+      const { callbackUrl: cbUrl } = defaultCallbackUrl3(this.#config);
+      const callbackUrl = fQUrl2(cbUrl, req?.callbackUrl ?? "/");
+      const res = await fetchInvite(
+        this.#config,
+        "PUT",
+        new URLSearchParams({
+          identifier,
+          token,
+          callbackUrl
+        }).toString()
+      );
+      return responseHandler(res, rawResponse);
+    });
   }
+  /**
+   * Delete a pending invite using `DELETE /api/tenants/{tenantId}/invite/{inviteId}`.
+   *
+   * @param req - Identifier of the invite to remove.
+   */
   async deleteInvite(req) {
-    let id = "";
-    if (typeof req === "object") {
-      id = req.id;
-    } else {
-      id = req;
-    }
-    if (!id) {
-      throw new Error("An invite id is required.");
-    }
-    const res = await fetchInvite(this.#config, "DELETE", id);
-    return responseHandler(res, true);
+    return withNileContext(this.#config, async () => {
+      let id = "";
+      if (typeof req === "object") {
+        id = req.id;
+      } else {
+        id = req;
+      }
+      if (!id) {
+        throw new Error("An invite id is required.");
+      }
+      const res = await fetchInvite(this.#config, "DELETE", id);
+      return responseHandler(res, true);
+    });
   }
   #handleContext(req) {
     if (typeof req === "object") {
       if ("tenantId" in req) {
-        this.#config.tenantId = req.tenantId;
+        ctx.set({ tenantId: req.tenantId });
       }
       if ("userId" in req) {
-        this.#config.tenantId = req.tenantId;
+        ctx.set({ userId: req.userId });
       }
     }
   }
@@ -2771,15 +3344,13 @@ async function responseHandler(res, rawResponse) {
 function defaultCallbackUrl3(config) {
   let cb = null;
   let redirect = null;
-  const fallbackCb = parseCallback(config.headers);
+  const { headers, tenantId } = ctx.get();
+  const fallbackCb = parseCallback(headers);
   if (fallbackCb) {
     const [, value] = fallbackCb.split("=");
     cb = decodeURIComponent(value);
     if (value) {
-      redirect = `${new URL(cb).origin}${config.routePrefix}${"/tenants/{tenantId}/invite" /* INVITE */.replace(
-        "{tenantId}",
-        String(config.tenantId)
-      )}`;
+      redirect = `${new URL(cb).origin}${config.routePrefix}${"/tenants/{tenantId}/invite" /* INVITE */.replace("{tenantId}", String(tenantId))}`;
     }
   }
   return { callbackUrl: cb, redirectUrl: redirect };
@@ -2817,90 +3388,34 @@ function handlersWithContext(config) {
 function updateConfig(response, config) {
   let origin = "http://localhost:3000";
   let headers = null;
-  if (response?.status === 302) {
-    const location = response.headers.get("location");
-    if (location) {
-      const urlLocation = new URL(location);
-      origin = urlLocation.origin;
+  if (response instanceof Response) {
+    if (response?.status === 302) {
+      const location = response.headers.get("location");
+      if (location) {
+        const urlLocation = new URL(location);
+        origin = urlLocation.origin;
+      }
     }
-  }
-  const setCookies = [];
-  if (response?.headers) {
-    for (const [key17, value] of response.headers) {
-      if (key17.toLowerCase() === "set-cookie") {
-        setCookies.push(value);
+    const setCookies = [];
+    if (response?.headers) {
+      for (const [key17, value] of response.headers) {
+        if (key17.toLowerCase() === "set-cookie") {
+          setCookies.push(value);
+        }
       }
     }
-  }
-  if (setCookies.length > 0) {
-    const cookieHeader = setCookies.map((cookieStr) => cookieStr.split(";")[0]).join("; ");
-    headers = new Headers({ cookie: cookieHeader });
+    if (setCookies.length > 0) {
+      const cookieHeader = setCookies.map((cookieStr) => cookieStr.split(";")[0]).join("; ");
+      headers = new Headers({ cookie: cookieHeader });
+    }
   }
   return {
     ...config,
     origin,
     headers: headers ?? void 0,
-    preserveHeaders: true
-  };
-}
-
-// src/api/utils/extensions.ts
-function bindHandleOnRequest(instance) {
-  return async function handleOnRequest(config, _init, params) {
-    const { debug } = config.logger("[EXTENSIONS]");
-    if (config.extensions) {
-      for (const create2 of config.extensions) {
-        if (typeof create2 !== "function") {
-          return void 0;
-        }
-        const ext = await create2(instance);
-        if (ext.onRequest) {
-          const previousContext = instance.getContext();
-          if (previousContext.preserveHeaders) {
-            instance.setContext({ preserveHeaders: false });
-          }
-          await ext.onRequest(_init.request);
-          const updatedContext = instance.getContext();
-          if (updatedContext?.headers) {
-            const cookie = updatedContext.headers.get("cookie");
-            if (cookie) {
-              params.headers.set(
-                "cookie",
-                mergeCookies(
-                  previousContext.preserveHeaders ? previousContext.headers?.get("cookie") : null,
-                  updatedContext.headers.get("cookie")
-                )
-              );
-            }
-            if (updatedContext.tenantId) {
-              params.headers.set(
-                TENANT_COOKIE,
-                String(updatedContext.headers.get(TENANT_COOKIE))
-              );
-            }
-          }
-          debug(`${ext.id ?? create2.name} ran onRequest`);
-        }
-      }
-    }
+    useLastContext: true
   };
 }
-function buildExtensionConfig(instance) {
-  return {
-    handleOnRequest: bindHandleOnRequest(instance)
-  };
-}
-function mergeCookies(...cookieStrings) {
-  const cookieMap = /* @__PURE__ */ new Map();
-  for (const str of cookieStrings) {
-    if (!str) continue;
-    for (const part of str.split(";")) {
-      const [key17, value] = part.split("=").map((s) => s.trim());
-      if (key17 && value) cookieMap.set(key17, value);
-    }
-  }
-  return [...cookieMap.entries()].map(([k, v]) => `${k}=${v}`).join("; ");
-}
 
 // src/Server.ts
 var Server = class {
@@ -2909,149 +3424,164 @@ var Server = class {
   auth;
   #config;
   #handlers;
-  #paths;
   #manager;
-  #headers;
-  #preserveHeaders;
   constructor(config) {
     this.#config = new Config({
       ...config,
       extensionCtx: buildExtensionConfig(this)
     });
     watchTenantId((tenantId) => {
-      if (tenantId !== this.#config.tenantId) {
-        this.#config.tenantId = tenantId;
+      if (tenantId !== this.#config.context.tenantId) {
+        this.#config.context.tenantId = String(tenantId);
         this.#reset();
       }
     });
     watchUserId((userId) => {
-      if (userId !== this.#config.userId) {
-        this.#config.userId = userId;
+      if (userId !== this.#config.context.userId) {
+        this.#config.context.userId = String(userId);
         this.#reset();
       }
     });
     watchHeaders((headers) => {
-      this.setContext(headers);
-      this.#reset();
+      if (headers) {
+        this.#config.context.headers = new Headers(headers);
+        this.#reset();
+      }
     });
     this.#handlers = {
       ...this.#config.handlers,
       withContext: handlersWithContext(this.#config)
     };
-    this.#preserveHeaders = config?.preserveHeaders ?? false;
-    this.#paths = this.#config.paths;
-    this.#config.tenantId = getTenantId({ config: this.#config });
+    this.#config.context.tenantId = getTenantId({ config: this.#config });
     this.#manager = new DBManager(this.#config);
     this.#handleHeaders(config);
     this.users = new Users(this.#config);
     this.tenants = new Tenants(this.#config);
     this.auth = new Auth(this.#config);
+    if (config?.extensions) {
+      for (const create2 of config.extensions) {
+        if (typeof create2 !== "function") {
+          continue;
+        }
+        const ext = create2(this);
+        if (ext.onConfigure) {
+          ext.onConfigure();
+        }
+        if (ext?.replace?.handlers) {
+          this.#config.logger("[EXTENSION]").debug(`${ext.id} replacing handlers`);
+          this.#handlers = ext.replace.handlers({
+            ...this.#config.handlers,
+            withContext: handlersWithContext(this.#config)
+          });
+        }
+      }
+    }
   }
-  get db() {
+  /**
+   * Query the database with the current context
+   */
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  query = (queryStream, values) => {
+    this.#config.context = { ...this.getContext() };
     const pool = this.#manager.getConnection(this.#config);
+    return pool.query(queryStream, values);
+  };
+  /**
+   * Return a db object that can be used to talk to the database
+   * Does not have a context by default
+   */
+  get db() {
+    const pool = this.#manager.getConnection(this.#config, true);
     return Object.assign(pool, {
       clearConnections: () => {
         this.#manager.clear(this.#config);
       }
     });
   }
-  /**
-   * A convenience function that applies a config and ensures whatever was passed is set properly
-   */
-  getInstance(config, req) {
-    const _config = { ...this.#config, ...config };
-    const updatedConfig = new Config(_config);
-    this.#config = new Config(updatedConfig);
-    this.#config.tenantId = config.tenantId;
-    this.#config.userId = config.userId;
-    if (req) {
-      this.setContext(req);
-    }
-    this.#reset();
-    return this;
+  get logger() {
+    return this.#config.logger;
   }
-  getPaths() {
-    return this.#paths;
+  get extensions() {
+    return {
+      remove: async (id) => {
+        if (!this.#config.extensions) return;
+        const resolved = this.#config.extensions.map((ext) => ext(this));
+        const index = resolved.findIndex((ext) => ext.id === id);
+        if (index !== -1) {
+          this.#config.extensions.splice(index, 1);
+        }
+        return resolved;
+      },
+      add: (extension) => {
+        if (!this.#config.extensions) {
+          this.#config.extensions = [];
+        }
+        this.#config.extensions.push(extension);
+      }
+    };
   }
   get handlers() {
     return this.#handlers;
   }
-  /**
-   * Allow the setting of headers from a req or header object.
-   * Makes it possible to handle REST requests easily
-   * Also makes it easy to set user + tenant in some way
-   * @param req
-   * @returns undefined
-   */
-  setContext(req) {
-    try {
-      if (req instanceof Headers) {
-        this.#handleHeaders(req);
-        this.#reset();
-        return;
-      } else if (req instanceof Request) {
-        this.#handleHeaders(new Headers(req.headers));
-        this.#reset();
-        return;
-      }
-    } catch {
-    }
-    let ok = false;
-    if (req && typeof req === "object" && "tenantId" in req) {
-      ok = true;
-      this.#config.tenantId = req.tenantId;
-    }
-    if (req && typeof req === "object" && "userId" in req) {
-      ok = true;
-      this.#config.userId = req.userId;
-    }
-    if (req && typeof req === "object" && "preserveHeaders" in req) {
-      ok = true;
-      this.#preserveHeaders = Boolean(req.preserveHeaders);
-    }
-    if (ok) {
-      return;
+  get paths() {
+    return this.#config.paths;
+  }
+  set paths(paths) {
+    this.#config.paths = paths;
+  }
+  async withContext(contextOrFn, maybeFn) {
+    const isFn = typeof contextOrFn === "function";
+    const context = isFn ? {} : contextOrFn ?? {};
+    const fn = isFn ? contextOrFn : maybeFn;
+    const preserve = "useLastContext" in context ? context.useLastContext : true;
+    if (preserve) {
+      this.#config.context = { ...this.getContext(), ...context };
+    } else {
+      this.#config.context = { ...defaultContext, ...context };
     }
-    if (typeof req === "object") {
-      const headers = new Headers(req);
-      if (headers) {
-        this.#handleHeaders(headers);
-        this.#reset();
-        return;
+    return withNileContext(this.#config, async () => {
+      return fn ? fn(this) : this;
+    });
+  }
+  async noContext(fn) {
+    this.#config.context.tenantId = void 0;
+    this.#config.context.userId = void 0;
+    return withNileContext(this.#config, async () => {
+      ctx.set({ userId: void 0, tenantId: void 0 });
+      if (fn) {
+        return fn(this);
       }
-    }
-    const { warn } = Logger(this.#config)("[API]");
-    if (warn) {
-      warn(
-        "Set context expects a Request, Header instance or an object of Record<string, string>"
-      );
-    }
+      return this;
+    });
   }
+  /**
+   *
+   * @returns the last used (basically global) context object, useful for debugging or making your own context
+   */
   getContext() {
-    return {
-      headers: this.#headers,
-      userId: this.#config.userId,
-      tenantId: this.#config.tenantId,
-      preserveHeaders: this.#preserveHeaders
-    };
+    return ctx.getLastUsed();
   }
   /**
    * Merge headers together
+   * Saves them in a singleton for use in a request later. It's basically the "default" value
    * Internally, passed a NileConfig, externally, should be using Headers
    */
   #handleHeaders(config) {
     const updates = [];
     let headers;
-    this.#headers = new Headers();
+    this.#config.context.headers = new Headers();
     if (config instanceof Headers) {
       headers = config;
     } else if (config?.headers) {
       headers = config?.headers;
       if (config && config.origin) {
-        this.#headers.set(HEADER_ORIGIN, config.origin);
+        this.#config.context.headers.set(HEADER_ORIGIN, config.origin);
       }
       if (config && config.secureCookies != null) {
-        this.#headers.set(HEADER_SECURE_COOKIES, String(config.secureCookies));
+        this.#config.context.headers.set(
+          HEADER_SECURE_COOKIES,
+          String(config.secureCookies)
+        );
       }
     }
     if (headers instanceof Headers) {
@@ -3064,8 +3594,7 @@ var Server = class {
       }
     }
     const merged = {};
-    this.#config.tenantId = getTenantFromHttp(this.#headers, this.#config);
-    this.#headers?.forEach((value, key17) => {
+    this.#config.context.headers?.forEach((value, key17) => {
       if (key17.toLowerCase() !== "cookie") {
         merged[key17.toLowerCase()] = value;
       }
@@ -3074,16 +3603,15 @@ var Server = class {
       merged[key17] = value;
     }
     for (const [key17, value] of Object.entries(merged)) {
-      this.#headers.set(key17, value);
+      this.#config.context.headers.set(key17, value);
     }
     this.#config.logger("[handleHeaders]").debug(JSON.stringify(merged));
-    this.#config.headers = this.#headers;
   }
   /**
    * Allow some internal mutations to reset our config + headers
    */
   #reset = () => {
-    this.#config.headers = this.#headers ?? new Headers();
+    this.#config.extensionCtx = buildExtensionConfig(this);
     this.users = new Users(this.#config);
     this.tenants = new Tenants(this.#config);
     this.auth = new Auth(this.#config);
@@ -3097,6 +3625,6 @@ function create(config) {
   return server;
 }
 
-export { APIErrorErrorCodeEnum, HEADER_ORIGIN, HEADER_SECURE_COOKIES, LoginUserResponseTokenTypeEnum, create as Nile, Server, TENANT_COOKIE, USER_COOKIE, parseCSRF, parseCallback, parseToken };
+export { APIErrorErrorCodeEnum, ExtensionState, HEADER_ORIGIN, HEADER_SECURE_COOKIES, LoginUserResponseTokenTypeEnum, create as Nile, Server, TENANT_COOKIE, USER_COOKIE, parseCSRF, parseCallback, parseResetToken, parseTenantId, parseToken };
 //# sourceMappingURL=index.mjs.map
 //# sourceMappingURL=index.mjs.map