@omen.dog/sdk 1.0.0 → 1.1.0

package/dist/index.js

@@ -20,12 +20,19 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
+  ASK_GROWN_UP_STATES: () => ASK_GROWN_UP_STATES,
+  CHILD_LOGIN_STATES: () => CHILD_LOGIN_STATES,
+  ChildLogin: () => ChildLogin,
+  ENTRY_STATES: () => ENTRY_STATES,
   OmenAuthError: () => OmenAuthError,
   OmenClient: () => OmenClient,
   OmenError: () => OmenError,
   OmenNotFoundError: () => OmenNotFoundError,
   OmenRateLimitError: () => OmenRateLimitError,
-  OmenValidationError: () => OmenValidationError
+  OmenValidationError: () => OmenValidationError,
+  deriveInitialState: () => deriveInitialState,
+  displayGroup: () => displayGroup,
+  reduce: () => reduce
 });
 module.exports = __toCommonJS(index_exports);
 
@@ -285,6 +292,27 @@ var ItemsNamespace = class {
       body: { reason }
     });
   }
+  /**
+   * Award a catalog item (open-shop cosmetic or avatar-editor trait) to a user,
+   * paid for from your Sparks pool at the item's list price. Custom items use
+   * `issue()` and are free; catalog items draw the pool down. Re-awarding an item
+   * the user already owns is a no-op (no charge).
+   *
+   * @example
+   * ```ts
+   * await omen.items.awardCatalog({
+   *   userId, catalogType: 'store', catalogItemId: 'theme_lava',
+   * });
+   * ```
+   */
+  async awardCatalog(options) {
+    const { idempotencyKey, ...body } = options;
+    return this.http.request(`/api/v1/apps/${this.appId}/items/award-catalog`, {
+      method: "POST",
+      body,
+      headers: idempotencyKey ? { "Idempotency-Key": idempotencyKey } : void 0
+    });
+  }
 };
 
 // src/namespaces/collections.ts
@@ -507,6 +535,610 @@ function timingSafeEqual(a, b) {
   return result === 0;
 }
 
+// src/namespaces/products.ts
+var ProductsNamespace = class {
+  constructor(http, appId) {
+    this.http = http;
+    this.appId = appId;
+  }
+  /**
+   * Create a new product.
+   *
+   * @example
+   * ```ts
+   * const product = await omen.products.create({
+   *   name: 'Premium Sword',
+   *   type: 'one_time',
+   *   priceCents: 499,
+   * });
+   * ```
+   */
+  async create(options) {
+    return this.http.request(`/api/v1/apps/${this.appId}/products`, {
+      method: "POST",
+      body: options
+    });
+  }
+  /**
+   * List all products for this app.
+   *
+   * @param activeOnly - If true, only return active products. Defaults to false.
+   */
+  async list(activeOnly) {
+    return this.http.request(`/api/v1/apps/${this.appId}/products`, {
+      query: activeOnly ? { active: "true" } : void 0
+    });
+  }
+  /**
+   * Update an existing product.
+   *
+   * @param productId - The product ID to update.
+   * @param options - Fields to update.
+   */
+  async update(productId, options) {
+    return this.http.request(`/api/v1/apps/${this.appId}/products`, {
+      method: "PATCH",
+      query: { productId },
+      body: options
+    });
+  }
+  /**
+   * Deactivate a product. Deactivated products cannot be purchased but existing
+   * purchases remain valid.
+   *
+   * @param productId - The product ID to deactivate.
+   */
+  async deactivate(productId) {
+    await this.http.request(`/api/v1/apps/${this.appId}/products`, {
+      method: "DELETE",
+      query: { productId }
+    });
+  }
+};
+
+// src/namespaces/multiplayer.ts
+var MultiplayerNamespace = class {
+  constructor(http, appId) {
+    this.http = http;
+    this.appId = appId;
+  }
+  /**
+   * Get the current multiplayer configuration for this app.
+   */
+  async getConfig() {
+    const res = await this.http.request(
+      `/api/v1/apps/${this.appId}/multiplayer-config`
+    );
+    return res.multiplayerConfig;
+  }
+  /**
+   * Enable or update managed multiplayer configuration.
+   *
+   * @example
+   * ```ts
+   * await omen.multiplayer.updateConfig({
+   *   managed: true,
+   *   maxPlayers: 8,
+   *   voiceEnabled: true,
+   *   teamMode: 'manual',
+   * });
+   * ```
+   */
+  async updateConfig(options) {
+    const res = await this.http.request(
+      `/api/v1/apps/${this.appId}/multiplayer-config`,
+      { method: "PUT", body: options }
+    );
+    return res.multiplayerConfig;
+  }
+  /**
+   * Deploy authoritative room logic (Pro tier required).
+   * The bundle is a JavaScript file that exports room lifecycle hooks.
+   *
+   * @param bundle - The JavaScript source code as a string.
+   */
+  async deployLogic(bundle) {
+    return this.http.request(`/api/v1/apps/${this.appId}/room-logic`, {
+      method: "PUT",
+      body: { bundle }
+    });
+  }
+  /**
+   * List deployed room logic versions.
+   */
+  async listLogicVersions() {
+    const res = await this.http.request(
+      `/api/v1/apps/${this.appId}/room-logic/versions`
+    );
+    return res.versions;
+  }
+  /**
+   * Roll back to a previous room logic version.
+   *
+   * @param version - The version number to roll back to.
+   */
+  async rollbackLogic(version) {
+    return this.http.request(`/api/v1/apps/${this.appId}/room-logic/rollback`, {
+      method: "POST",
+      body: { version }
+    });
+  }
+};
+
+// src/namespaces/notifications.ts
+var NotificationsNamespace = class {
+  constructor(http, appId) {
+    this.http = http;
+    this.appId = appId;
+  }
+  /**
+   * Send a notification to a user.
+   *
+   * @example
+   * ```ts
+   * await omen.notifications.send({
+   *   userId: 'cmm0tzco8...',
+   *   title: 'New high score!',
+   *   body: 'Someone beat your record on Pixel Duel.',
+   *   category: 'app',
+   *   actionUrl: '/creations/pixel-duel',
+   * });
+   * ```
+   */
+  async send(options) {
+    return this.http.request(`/api/v1/apps/${this.appId}/notifications/send`, {
+      method: "POST",
+      body: options
+    });
+  }
+};
+
+// src/namespaces/sparks.ts
+var import_node_crypto = require("crypto");
+var SparksNamespace = class {
+  constructor(http, appId) {
+    this.http = http;
+    this.appId = appId;
+  }
+  /**
+   * Award Sparks to a single user. Pass `idempotencyKey` to make retries safe.
+   *
+   * @example
+   * ```ts
+   * await omen.sparks.award({
+   *   userId: 'cmm0tzco8...',
+   *   amount: 250,
+   *   reason: 'Beat level 10',
+   *   idempotencyKey: `level10:${userId}`,
+   * });
+   * ```
+   */
+  async award(options) {
+    const { idempotencyKey, ...body } = options;
+    return this.http.request(`/api/v1/apps/${this.appId}/sparks/award`, {
+      method: "POST",
+      body,
+      headers: idempotencyKey ? { "Idempotency-Key": idempotencyKey } : void 0
+    });
+  }
+  /**
+   * Award Sparks to many users in one request (max 100). Best-effort per item:
+   * a single bad/underfunded entry does not fail the rest. Inspect `results`.
+   */
+  async awardBatch(awards) {
+    return this.http.request(`/api/v1/apps/${this.appId}/sparks/award-batch`, {
+      method: "POST",
+      body: { awards }
+    });
+  }
+  /** Current pool status: balance, lifetime stats, and per-app budgets. */
+  async pool() {
+    return this.http.request(`/api/v1/apps/${this.appId}/sparks/pool`);
+  }
+  /**
+   * Mint a short-lived display token for the UI kit, scoped to one user. Sign
+   * with your app's OAuth client SECRET (from the Developer Portal) — never ship
+   * the secret to the browser; call this on your backend and pass the token to
+   * `<omen-sparks-balance token="...">` / `<omen-inventory token="...">`.
+   *
+   * Synchronous (no network). Default TTL 10 min, max 1 hour.
+   *
+   * @example
+   * ```ts
+   * const token = omen.sparks.displayToken({ userId, secret: process.env.OMEN_CLIENT_SECRET! });
+   * ```
+   */
+  displayToken(options) {
+    if (!options.userId || !options.secret) throw new Error("userId and secret are required");
+    const ttl = Math.min(Math.max(1, Math.floor(options.ttlSeconds ?? 600)), 3600);
+    const exp = Math.floor(Date.now() / 1e3) + ttl;
+    const payloadB64 = Buffer.from(JSON.stringify({ a: this.appId, u: options.userId, e: exp })).toString("base64url");
+    const sig = (0, import_node_crypto.createHmac)("sha256", options.secret).update(payloadB64).digest("base64url");
+    return `${payloadB64}.${sig}`;
+  }
+};
+
+// src/namespaces/emails.ts
+var EmailsNamespace = class {
+  constructor(http, appId) {
+    this.http = http;
+    this.appId = appId;
+  }
+  /**
+   * Send one email (up to 10 recipients). No attachments; 256 KB body max.
+   *
+   * @example
+   * ```ts
+   * await omen.emails.send({
+   *   from: 'hello@yourdomain.com',
+   *   fromName: 'My App',
+   *   to: player.email,
+   *   subject: 'Your weekly recap',
+   *   html: '<h1>Nice run!</h1>',
+   * });
+   * ```
+   */
+  async send(options) {
+    return this.http.request(`/api/v1/apps/${this.appId}/emails/send`, {
+      method: "POST",
+      body: options
+    });
+  }
+  /** Recent sends for this app plus the rolling 24h quota. */
+  async log(limit = 50) {
+    return this.http.request(`/api/v1/apps/${this.appId}/emails/log?limit=${limit}`);
+  }
+};
+
+// src/namespaces/avatar.ts
+var import_node_crypto2 = require("crypto");
+var AvatarNamespace = class {
+  constructor(appId, baseUrl) {
+    this.appId = appId;
+    this.baseUrl = baseUrl;
+  }
+  /**
+   * Mint a short-lived WRITE-scoped editor token for one user (backend only —
+   * never expose your client secret to the browser). Pass it to
+   * `<omen-avatar-editor token="...">`.
+   *
+   * @example
+   * ```ts
+   * const token = omen.avatar.editorToken({ userId, secret: process.env.OMEN_CLIENT_SECRET! });
+   * ```
+   */
+  editorToken(options) {
+    if (!options.userId || !options.secret) throw new Error("userId and secret are required");
+    const ttl = Math.min(Math.max(1, Math.floor(options.ttlSeconds ?? 600)), 3600);
+    const exp = Math.floor(Date.now() / 1e3) + ttl;
+    const payloadB64 = Buffer.from(
+      JSON.stringify({ a: this.appId, u: options.userId, e: exp, t: "editor" })
+    ).toString("base64url");
+    const sig = (0, import_node_crypto2.createHmac)("sha256", options.secret).update(payloadB64).digest("base64url");
+    return `${payloadB64}.${sig}`;
+  }
+  /**
+   * Public render URL for a user's shared avatar (SVG; append `&format=png`
+   * where supported). Pass `version` (from the `avatar:saved` event or the
+   * `user.avatar_updated` webhook) to bust caches after an edit.
+   */
+  renderUrl(userId, options) {
+    const v = options?.version ? `&v=${encodeURIComponent(options.version)}` : "";
+    return `${this.baseUrl}/api/v1/avatar/render?userId=${encodeURIComponent(userId)}${v}`;
+  }
+  /**
+   * Enumerate the shared avatar catalog — every trait id, name, rarity and
+   * Sparks list price. Public, no auth. Trait ids (`category/file.svg` paths)
+   * are also public SVGs at `{baseUrl}/avatar/{id}` for previews, and feed
+   * `omen.items.awardCatalog({ catalogType: 'avatar_trait', catalogItemId })`
+   * for pool-funded gifts.
+   *
+   * Pass a user's editor token and each trait's `locked` flag reflects that
+   * user's ownership instead of the anonymous default.
+   */
+  async catalog(options) {
+    const res = await fetch(`${this.baseUrl}/api/v1/avatar/catalog`, {
+      headers: options?.editorToken ? { Authorization: `Bearer ${options.editorToken}` } : void 0
+    });
+    if (!res.ok) throw new Error(`Failed to load avatar catalog (HTTP ${res.status})`);
+    return await res.json();
+  }
+};
+
+// src/childLogin/rfc8628.js
+function mapPollResponse(httpStatus, body) {
+  body = body || {};
+  if (httpStatus >= 200 && httpStatus < 300 && body.access_token) {
+    return {
+      status: "approved",
+      tokens: {
+        access_token: body.access_token,
+        refresh_token: body.refresh_token,
+        token_type: body.token_type || "Bearer",
+        expires_in: typeof body.expires_in === "number" ? body.expires_in : void 0,
+        scope: body.scope
+      },
+      rebind: body.rebind || null,
+      deviceToken: body.device_token || null
+    };
+  }
+  switch (body.error) {
+    case "authorization_pending":
+      return { status: "pending" };
+    case "slow_down":
+      return { status: "slow_down" };
+    case "access_denied":
+      return { status: "denied" };
+    case "expired_token":
+      return { status: "expired" };
+    default:
+      return { status: "error", error: body.error || `http_${httpStatus}` };
+  }
+}
+var SLOW_DOWN_INCREMENT_SECONDS = 5;
+var MIN_POLL_INTERVAL_SECONDS = 1;
+function nextInterval(currentInterval, status) {
+  const base = Number.isFinite(currentInterval) && currentInterval >= MIN_POLL_INTERVAL_SECONDS ? currentInterval : MIN_POLL_INTERVAL_SECONDS;
+  if (status === "slow_down") return base + SLOW_DOWN_INCREMENT_SECONDS;
+  return base;
+}
+function isTerminalStatus(status) {
+  return status === "approved" || status === "denied" || status === "expired" || status === "error";
+}
+
+// src/childLogin/session.js
+var DEFAULT_ACCESS_TTL_SECONDS = 86400;
+var DEFAULT_SKEW_MS = 3e4;
+function seal(tokens, opts) {
+  if (!tokens || !tokens.access_token) {
+    throw new Error("seal(): tokens.access_token is required");
+  }
+  const now = opts && typeof opts.now === "number" ? opts.now : Date.now();
+  const ttlSeconds = typeof tokens.expires_in === "number" ? tokens.expires_in : DEFAULT_ACCESS_TTL_SECONDS;
+  const record = {
+    accessToken: tokens.access_token,
+    refreshToken: tokens.refresh_token || null,
+    scope: tokens.scope || "child",
+    accessExpiresAt: now + ttlSeconds * 1e3
+  };
+  const deviceToken = opts && opts.deviceToken || tokens.device_token || null;
+  if (deviceToken) record.deviceToken = deviceToken;
+  return record;
+}
+function accessExpired(record, opts) {
+  if (!record || typeof record.accessExpiresAt !== "number") return true;
+  const now = opts && typeof opts.now === "number" ? opts.now : Date.now();
+  const skew = opts && typeof opts.skewMs === "number" ? opts.skewMs : DEFAULT_SKEW_MS;
+  return now >= record.accessExpiresAt - skew;
+}
+
+// src/childLogin/webhook.js
+var import_node_crypto3 = require("crypto");
+function verifyWebhook(payload, signature, secret) {
+  if (typeof payload !== "string" || !signature || !secret) return false;
+  const expected = (0, import_node_crypto3.createHmac)("sha256", secret).update(payload).digest("hex");
+  const a = Buffer.from(expected, "utf8");
+  const b = Buffer.from(String(signature), "utf8");
+  if (a.length !== b.length) return false;
+  return (0, import_node_crypto3.timingSafeEqual)(a, b);
+}
+function parseChildLoginApproved(payload, signature, secret) {
+  if (!verifyWebhook(payload, signature, secret)) return null;
+  try {
+    return JSON.parse(payload);
+  } catch {
+    return null;
+  }
+}
+
+// src/childLogin/stateMachine.js
+var CHILD_LOGIN_STATES = [
+  "trusted",
+  // this device is pre-authorised → one tap
+  "known",
+  // we know who she is (cached identity) → "ask a grown-up"
+  "cold",
+  // no hint → type a username
+  "pending",
+  // a grown-up has been asked; waiting (calm, no timer)
+  "approved",
+  // she's in
+  "denied",
+  // a grown-up said "not now"
+  "blocked",
+  // a grown-up blocked this app
+  "paused",
+  // her account is paused everywhere
+  "expired",
+  // the request timed out; let's try again
+  "offline"
+  // no connection; render her card from cache, can't log in
+];
+var ASK_GROWN_UP_STATES = ["denied", "blocked", "paused"];
+var ENTRY_STATES = ["trusted", "known", "cold"];
+function deriveInitialState(ctx) {
+  ctx = ctx || {};
+  if (ctx.online === false) return "offline";
+  if (ctx.trustedDevice) return "trusted";
+  if (ctx.identity) return "known";
+  return "cold";
+}
+var TERMINAL = {
+  approved: "approved",
+  denied: "denied",
+  blocked: "blocked",
+  paused: "paused",
+  expired: "expired",
+  offline: "offline"
+};
+function reduce(state, signal, ctx) {
+  if (signal in TERMINAL) return TERMINAL[signal];
+  if (signal === "reset") return deriveInitialState(ctx);
+  if (signal === "online") return state === "offline" ? deriveInitialState(ctx) : state;
+  if (ENTRY_STATES.includes(state) && (signal === "ask" || signal === "pending")) {
+    return "pending";
+  }
+  if (state === "pending" && (signal === "pending" || signal === "slow_down")) {
+    return "pending";
+  }
+  return state;
+}
+function displayGroup(state) {
+  if (ENTRY_STATES.includes(state)) return "ready";
+  if (state === "pending") return "waiting";
+  if (state === "approved") return "approved";
+  if (ASK_GROWN_UP_STATES.includes(state)) return "ask-grown-up";
+  if (state === "expired") return "expired";
+  return "offline";
+}
+
+// src/childLogin/index.ts
+var DEVICE_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:device_code";
+var ChildLogin = class {
+  clientId;
+  clientSecret;
+  webhookSecret;
+  baseUrl;
+  constructor(options) {
+    if (!options?.clientId) throw new Error("ChildLogin: clientId is required");
+    this.clientId = options.clientId;
+    this.clientSecret = options.clientSecret;
+    this.webhookSecret = options.webhookSecret;
+    this.baseUrl = (options.baseUrl ?? "https://omen.dog").replace(/\/$/, "");
+  }
+  /** Start a child device-authorization grant. `scope:'child'` is always sent. */
+  async deviceStart(options = {}) {
+    const { status, body } = await this.post("/api/oauth/device", {
+      client_id: this.clientId,
+      scope: "child",
+      login_hint: options.loginHint,
+      device_id: options.deviceId,
+      device_name: options.deviceName,
+      device_token: options.deviceToken
+    });
+    if (status >= 400) throw oauthError(status, body);
+    return body;
+  }
+  /**
+   * Tell Omen which child is logging in. With `username` this is the cold-start
+   * path (no prior `login_hint`); without it, it re-pings the family for a known
+   * child. Always resolves `{ ok: true }` (enumeration-safe) on the cold path.
+   */
+  async notify(args) {
+    const { status, body } = await this.post("/api/oauth/device/notify", {
+      device_code: args.device_code,
+      username: args.username
+    });
+    if (status >= 400) throw oauthError(status, body);
+    return body;
+  }
+  /**
+   * Poll the token endpoint once. Returns a calm status union — `pending`,
+   * `slow_down`, `denied`, `expired`, `error`, or `approved` (with tokens,
+   * rebind blob and one-time device_token). Never throws on a normal RFC 8628
+   * polling response; only network failures reject.
+   */
+  async poll(deviceCode) {
+    const { status, body } = await this.post("/api/oauth/token", {
+      grant_type: DEVICE_GRANT_TYPE,
+      device_code: deviceCode,
+      client_id: this.clientId
+    });
+    return mapPollResponse(status, body);
+  }
+  /**
+   * Poll until the grant reaches a terminal state, honouring `interval` and
+   * widening it by 5s on every `slow_down` (RFC 8628 §3.5). Prefer driving the
+   * flip from the `child.login.approved` webhook; use this as the fallback.
+   */
+  async pollUntil(deviceCode, options = {}) {
+    let interval = options.intervalSeconds ?? 5;
+    for (; ; ) {
+      if (options.signal?.aborted) throw new DOMException("Aborted", "AbortError");
+      const result = await this.poll(deviceCode);
+      if (isTerminalStatus(result.status)) return result;
+      options.onStatus?.(result.status);
+      interval = nextInterval(interval, result.status);
+      await sleep(interval * 1e3, options.signal);
+    }
+  }
+  /**
+   * Refresh a child access token. `scope:'child'` is preserved across rotation,
+   * and the old refresh token is single-use (Omen rotates it).
+   */
+  async refresh(refreshToken) {
+    const { status, body } = await this.post("/api/oauth/token", {
+      grant_type: "refresh_token",
+      refresh_token: refreshToken,
+      client_id: this.clientId,
+      client_secret: this.clientSecret
+    });
+    if (status >= 400) throw oauthError(status, body);
+    return body;
+  }
+  /** Fetch the consent-gated identity bundle with the child's access token. */
+  async childIdentity(accessToken) {
+    const res = await fetch(`${this.baseUrl}/api/oauth/child-identity`, {
+      headers: { Authorization: `Bearer ${accessToken}`, Accept: "application/json" }
+    });
+    const body = await res.json().catch(() => ({}));
+    if (!res.ok) throw oauthError(res.status, body);
+    return body;
+  }
+  /** Normalise a token grant into a record for your httpOnly session store. */
+  seal(tokens, opts) {
+    return seal(tokens, opts);
+  }
+  /** Whether a sealed session's access token needs a refresh before use. */
+  accessExpired(record, opts) {
+    return accessExpired(record, opts);
+  }
+  /** Verify a `child.login.approved` webhook signature (uses your `webhookSecret`). */
+  verifyWebhook(payload, signature, secret = this.webhookSecret) {
+    if (!secret) throw new Error("ChildLogin.verifyWebhook: no webhookSecret configured");
+    return verifyWebhook(payload, signature, secret);
+  }
+  /** Verify + parse a `child.login.approved` webhook. Returns null if the signature is invalid. */
+  parseApproval(payload, signature, secret = this.webhookSecret) {
+    if (!secret) throw new Error("ChildLogin.parseApproval: no webhookSecret configured");
+    return parseChildLoginApproved(payload, signature, secret);
+  }
+  async post(path, body) {
+    const clean = {};
+    for (const [k, v] of Object.entries(body)) if (v !== void 0) clean[k] = v;
+    const res = await fetch(`${this.baseUrl}${path}`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json", Accept: "application/json" },
+      body: JSON.stringify(clean)
+    });
+    const text = await res.text();
+    let json = {};
+    try {
+      json = text ? JSON.parse(text) : {};
+    } catch {
+      json = { error: "invalid_response", raw: text };
+    }
+    return { status: res.status, body: json };
+  }
+};
+function oauthError(status, body) {
+  const code = body?.error || `http_${status}`;
+  const err = new Error(body?.error_description || code);
+  err.status = status;
+  err.code = code;
+  return err;
+}
+function sleep(ms, signal) {
+  return new Promise((resolve, reject) => {
+    if (signal?.aborted) return reject(new DOMException("Aborted", "AbortError"));
+    const t = setTimeout(resolve, ms);
+    signal?.addEventListener("abort", () => {
+      clearTimeout(t);
+      reject(new DOMException("Aborted", "AbortError"));
+    }, { once: true });
+  });
+}
+
 // src/index.ts
 var OmenClient = class {
   /** User profiles and friend lists. */
@@ -519,6 +1151,18 @@ var OmenClient = class {
   collections;
   /** Webhook endpoint management and signature verification. */
   webhooks;
+  /** In-app products (one-time purchases and subscriptions). */
+  products;
+  /** Managed multiplayer configuration and room logic deployment. */
+  multiplayer;
+  /** Send notifications to app users. */
+  notifications;
+  /** Award Sparks from your prepaid pool + mint UI-kit display tokens. */
+  sparks;
+  /** Send transactional email from your verified domains (Partner Apps). */
+  emails;
+  /** Shared Omen avatar in your app: editor tokens + render URLs (F262). */
+  avatar;
   constructor(options) {
     if (!options.token) throw new Error("OmenClient: token is required");
     if (!options.appId) throw new Error("OmenClient: appId is required");
@@ -529,14 +1173,27 @@ var OmenClient = class {
     this.items = new ItemsNamespace(http, options.appId);
     this.collections = new CollectionsNamespace(http, options.appId);
     this.webhooks = new WebhooksNamespace(http, options.appId);
+    this.products = new ProductsNamespace(http, options.appId);
+    this.multiplayer = new MultiplayerNamespace(http, options.appId);
+    this.notifications = new NotificationsNamespace(http, options.appId);
+    this.sparks = new SparksNamespace(http, options.appId);
+    this.emails = new EmailsNamespace(http, options.appId);
+    this.avatar = new AvatarNamespace(options.appId, baseUrl);
   }
 };
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
+  ASK_GROWN_UP_STATES,
+  CHILD_LOGIN_STATES,
+  ChildLogin,
+  ENTRY_STATES,
   OmenAuthError,
   OmenClient,
   OmenError,
   OmenNotFoundError,
   OmenRateLimitError,
-  OmenValidationError
+  OmenValidationError,
+  deriveInitialState,
+  displayGroup,
+  reduce
 });