@oxyhq/core 1.0.2 → 1.1.0

package/dist/esm/mixins/OxyServices.fedcm.js

@@ -147,7 +147,10 @@ export function OxyServicesFedCMMixin(Base) {
                 }
                 const clientId = this.getClientId();
                 debug.log('Silent SSO: Starting for', clientId);
-                // First try silent mediation (no UI) - works if user previously consented
+                // Only try silent mediation (no UI) - works if user previously consented.
+                // We intentionally do NOT fall back to optional mediation here because
+                // this runs on app startup — showing browser UI without user action is bad UX.
+                // Optional/interactive mediation should only happen when the user clicks "Sign In".
                 let credential = null;
                 try {
                     const nonce = this.generateNonce();
@@ -161,33 +164,13 @@ export function OxyServicesFedCMMixin(Base) {
                     debug.log('Silent SSO: Silent mediation result:', { hasCredential: !!credential, hasToken: !!credential?.token });
                 }
                 catch (silentError) {
-                    // Silent mediation failed - this is expected if user hasn't consented before or is in quiet period
                     const errorName = silentError instanceof Error ? silentError.name : 'Unknown';
                     const errorMessage = silentError instanceof Error ? silentError.message : String(silentError);
-                    debug.log('Silent SSO: Silent mediation error (will try optional):', { name: errorName, message: errorMessage });
-                }
-                // If silent failed, try optional mediation which shows browser UI if needed
-                if (!credential || !credential.token) {
-                    try {
-                        const nonce = this.generateNonce();
-                        debug.log('Silent SSO: Trying optional mediation (may show browser UI)...');
-                        credential = await this.requestIdentityCredential({
-                            configURL: this.constructor.DEFAULT_CONFIG_URL,
-                            clientId,
-                            nonce,
-                            mediation: 'optional',
-                        });
-                        debug.log('Silent SSO: Optional mediation result:', { hasCredential: !!credential, hasToken: !!credential?.token });
-                    }
-                    catch (optionalError) {
-                        const errorName = optionalError instanceof Error ? optionalError.name : 'Unknown';
-                        const errorMessage = optionalError instanceof Error ? optionalError.message : String(optionalError);
-                        debug.log('Silent SSO: Optional mediation also failed:', { name: errorName, message: errorMessage });
-                        return null;
-                    }
+                    debug.log('Silent SSO: Silent mediation failed:', { name: errorName, message: errorMessage });
+                    return null;
                 }
                 if (!credential || !credential.token) {
-                    debug.log('Silent SSO: No credential returned (user may have dismissed prompt or is not logged in at IdP)');
+                    debug.log('Silent SSO: No credential returned (user not logged in at IdP or hasn\'t consented)');
                     return null;
                 }
                 debug.log('Silent SSO: Got credential, exchanging for session...');
@@ -337,28 +320,17 @@ export function OxyServicesFedCMMixin(Base) {
              * @private
              */
             async exchangeIdTokenForSession(idToken) {
-                debug.log('exchangeIdTokenForSession: Starting exchange...');
-                debug.log('exchangeIdTokenForSession: Token length:', idToken?.length);
-                debug.log('exchangeIdTokenForSession: Token preview:', idToken?.substring(0, 50) + '...');
+                debug.log('Exchanging ID token for session...');
                 try {
                     const response = await this.makeRequest('POST', '/api/fedcm/exchange', { id_token: idToken }, { cache: false });
-                    debug.log('exchangeIdTokenForSession: Response received:', {
-                        hasResponse: !!response,
-                        hasSessionId: !!response?.sessionId,
+                    debug.log('Token exchange complete:', {
+                        hasSession: !!response?.sessionId,
                         hasUser: !!response?.user,
-                        hasAccessToken: !!response?.accessToken,
-                        userId: response?.user?.id,
-                        username: response?.user?.username,
-                        responseKeys: response ? Object.keys(response) : [],
                     });
                     return response;
                 }
                 catch (error) {
-                    debug.error('exchangeIdTokenForSession: Error:', {
-                        name: error instanceof Error ? error.name : 'Unknown',
-                        message: error instanceof Error ? error.message : String(error),
-                        stack: error instanceof Error ? error.stack : undefined,
-                    });
+                    debug.error('Token exchange failed:', error instanceof Error ? error.message : String(error));
                     throw error;
                 }
             }
@@ -423,9 +395,9 @@ export function OxyServicesFedCMMixin(Base) {
             }
         },
         _a.DEFAULT_CONFIG_URL = 'https://auth.oxy.so/fedcm.json',
-        _a.FEDCM_TIMEOUT = 60000 // 1 minute for interactive
+        _a.FEDCM_TIMEOUT = 15000 // 15 seconds for interactive
     ,
-        _a.FEDCM_SILENT_TIMEOUT = 10000 // 10 seconds for silent mediation
+        _a.FEDCM_SILENT_TIMEOUT = 3000 // 3 seconds for silent mediation
     ,
         _a;
 }

package/dist/esm/mixins/OxyServices.language.js

@@ -2,6 +2,7 @@
  * Language Methods Mixin
  */
 import { normalizeLanguageCode, getLanguageMetadata, getLanguageName, getNativeLanguageName } from '../utils/languageUtils';
+import { isDev } from '../shared/utils/debugUtils';
 export function OxyServicesLanguageMixin(Base) {
     return class extends Base {
         constructor(...args) {
@@ -14,7 +15,9 @@ export function OxyServicesLanguageMixin(Base) {
             const isReactNative = typeof navigator !== 'undefined' && navigator.product === 'ReactNative';
             if (isReactNative) {
                 try {
-                    const asyncStorageModule = await import('@react-native-async-storage/async-storage');
+                    // Variable indirection prevents bundlers (Vite, webpack) from statically resolving this
+                    const moduleName = '@react-native-async-storage/async-storage';
+                    const asyncStorageModule = await import(moduleName);
                     const storage = asyncStorageModule.default;
                     return {
                         getItem: storage.getItem.bind(storage),
@@ -77,7 +80,7 @@ export function OxyServicesLanguageMixin(Base) {
                 return null;
             }
             catch (error) {
-                if (__DEV__) {
+                if (isDev()) {
                     console.warn('Failed to get current language:', error);
                 }
                 return null;

package/dist/esm/mixins/OxyServices.privacy.js

@@ -1,3 +1,4 @@
+import { isDev } from '../shared/utils/debugUtils';
 export function OxyServicesPrivacyMixin(Base) {
     return class extends Base {
         constructor(...args) {
@@ -25,7 +26,7 @@ export function OxyServicesPrivacyMixin(Base) {
             }
             catch (error) {
                 // If there's an error, assume not in list to avoid breaking functionality
-                if (__DEV__) {
+                if (isDev()) {
                     console.warn('Error checking user list:', error);
                 }
                 return false;

package/dist/esm/mixins/OxyServices.security.js

@@ -1,3 +1,4 @@
+import { isDev } from '../shared/utils/debugUtils';
 export function OxyServicesSecurityMixin(Base) {
     return class extends Base {
         constructor(...args) {
@@ -52,7 +53,7 @@ export function OxyServicesSecurityMixin(Base) {
             catch (error) {
                 // Don't throw - logging failures shouldn't break user flow
                 // But log for monitoring
-                if (__DEV__) {
+                if (isDev()) {
                     console.warn('[OxyServices] Failed to log private key exported event:', error);
                 }
             }
@@ -69,7 +70,7 @@ export function OxyServicesSecurityMixin(Base) {
             catch (error) {
                 // Don't throw - logging failures shouldn't break user flow
                 // But log for monitoring
-                if (__DEV__) {
+                if (isDev()) {
                     console.warn('[OxyServices] Failed to log backup created event:', error);
                 }
             }

package/dist/esm/shared/utils/debugUtils.js

@@ -10,7 +10,14 @@
  * Check if running in development mode
  */
 export const isDev = () => {
-    return typeof __DEV__ !== 'undefined' && __DEV__;
+    if (typeof __DEV__ !== 'undefined')
+        return __DEV__;
+    try {
+        return typeof process !== 'undefined' && process.env?.NODE_ENV === 'development';
+    }
+    catch {
+        return false;
+    }
 };
 /**
  * Log a debug message (only in development)

package/dist/esm/utils/deviceManager.js

@@ -15,7 +15,9 @@ export class DeviceManager {
     static async getStorage() {
         if (this.isReactNative()) {
             try {
-                const asyncStorageModule = await import('@react-native-async-storage/async-storage');
+                // Variable indirection prevents bundlers (Vite, webpack) from statically resolving this
+                const moduleName = '@react-native-async-storage/async-storage';
+                const asyncStorageModule = await import(moduleName);
                 const storage = asyncStorageModule.default;
                 return {
                     getItem: storage.getItem.bind(storage),

package/dist/esm/utils/platform.js

@@ -92,8 +92,9 @@ export async function initPlatformFromReactNative() {
         return; // Already initialized
     }
     try {
-        // Dynamic import to avoid bundler issues
-        const { Platform } = await import('react-native');
+        // Variable indirection prevents bundlers (Vite, webpack) from statically resolving this
+        const moduleName = 'react-native';
+        const { Platform } = await import(moduleName);
         setPlatformOS(Platform.OS);
     }
     catch {

package/dist/types/CrossDomainAuth.d.ts

@@ -10,7 +10,7 @@
  *
  * Usage:
  * ```typescript
- * import { CrossDomainAuth } from '@oxyhq/services';
+ * import { CrossDomainAuth } from '@oxyhq/core';
  *
  * const auth = new CrossDomainAuth(oxyServices);
  *
@@ -142,7 +142,7 @@ export declare class CrossDomainAuth {
  *
  * @example
  * ```typescript
- * import { createCrossDomainAuth } from '@oxyhq/services';
+ * import { createCrossDomainAuth } from '@oxyhq/core';
  *
  * const oxyServices = new OxyServices({ baseURL: 'https://api.oxy.so' });
  * const auth = createCrossDomainAuth(oxyServices);

package/dist/types/OxyServices.base.d.ts

@@ -66,8 +66,11 @@ export declare class OxyServicesBase {
      * Clear stored authentication tokens
      */
     clearTokens(): void;
+    /** @internal */ _cachedUserId: string | null | undefined;
+    /** @internal */ _cachedAccessToken: string | null;
     /**
-     * Get the current user ID from the access token
+     * Get the current user ID from the access token.
+     * Caches the decoded value and invalidates when the token changes.
      */
     getCurrentUserId(): string | null;
     /**

package/dist/types/OxyServices.d.ts

@@ -58,12 +58,25 @@
  */
 import { type OxyConfig } from './OxyServices.base';
 import { OxyAuthenticationError, OxyAuthenticationTimeoutError } from './OxyServices.errors';
+import type { SessionLoginResponse } from './models/session';
+import type { FedCMAuthOptions, FedCMConfig } from './mixins/OxyServices.fedcm';
+import type { PopupAuthOptions } from './mixins/OxyServices.popup';
+import type { RedirectAuthOptions } from './mixins/OxyServices.redirect';
 import { composeOxyServices } from './mixins';
 declare const OxyServices_base: any;
 export declare class OxyServices extends OxyServices_base {
     constructor(config: OxyConfig);
 }
 export interface OxyServices extends InstanceType<ReturnType<typeof composeOxyServices>> {
+    isFedCMSupported(): boolean;
+    signInWithFedCM(options?: FedCMAuthOptions): Promise<SessionLoginResponse>;
+    silentSignInWithFedCM(): Promise<SessionLoginResponse | null>;
+    revokeFedCMCredential(): Promise<void>;
+    getFedCMConfig(): FedCMConfig;
+    signInWithPopup(options?: PopupAuthOptions): Promise<SessionLoginResponse>;
+    signUpWithPopup(options?: PopupAuthOptions): Promise<SessionLoginResponse>;
+    signInWithRedirect(options?: RedirectAuthOptions): void;
+    signUpWithRedirect(options?: RedirectAuthOptions): void;
 }
 export { OxyAuthenticationError, OxyAuthenticationTimeoutError };
 /**

package/dist/types/index.d.ts

@@ -20,6 +20,9 @@ export { AuthManager, createAuthManager } from './AuthManager';
 export type { StorageAdapter, AuthStateChangeCallback, AuthMethod, AuthManagerConfig } from './AuthManager';
 export { CrossDomainAuth, createCrossDomainAuth } from './CrossDomainAuth';
 export type { CrossDomainAuthOptions } from './CrossDomainAuth';
+export type { FedCMAuthOptions, FedCMConfig } from './mixins/OxyServices.fedcm';
+export type { PopupAuthOptions } from './mixins/OxyServices.popup';
+export type { RedirectAuthOptions } from './mixins/OxyServices.redirect';
 export { KeyManager, SignatureService, RecoveryPhraseService } from './crypto';
 export type { KeyPair, SignedMessage, AuthChallenge, RecoveryPhraseResult } from './crypto';
 export * from './models/interfaces';

package/dist/types/mixins/OxyServices.analytics.d.ts

@@ -44,6 +44,8 @@ export declare function OxyServicesAnalyticsMixin<T extends typeof OxyServicesBa
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/dist/types/mixins/OxyServices.assets.d.ts

@@ -113,6 +113,8 @@ export declare function OxyServicesAssetsMixin<T extends typeof OxyServicesBase>
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/dist/types/mixins/OxyServices.auth.d.ts

@@ -164,6 +164,8 @@ export declare function OxyServicesAuthMixin<T extends typeof OxyServicesBase>(B
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/dist/types/mixins/OxyServices.developer.d.ts

@@ -77,6 +77,8 @@ export declare function OxyServicesDeveloperMixin<T extends typeof OxyServicesBa
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/dist/types/mixins/OxyServices.devices.d.ts

@@ -74,6 +74,8 @@ export declare function OxyServicesDevicesMixin<T extends typeof OxyServicesBase
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/dist/types/mixins/OxyServices.features.d.ts

@@ -206,6 +206,8 @@ export declare function OxyServicesFeaturesMixin<T extends typeof OxyServicesBas
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/dist/types/mixins/OxyServices.fedcm.d.ts

@@ -170,6 +170,8 @@ export declare function OxyServicesFedCMMixin<T extends typeof OxyServicesBase>(
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
@@ -189,8 +191,8 @@ export declare function OxyServicesFedCMMixin<T extends typeof OxyServicesBase>(
         }>;
     };
     readonly DEFAULT_CONFIG_URL: "https://auth.oxy.so/fedcm.json";
-    readonly FEDCM_TIMEOUT: 60000;
-    readonly FEDCM_SILENT_TIMEOUT: 10000;
+    readonly FEDCM_TIMEOUT: 15000;
+    readonly FEDCM_SILENT_TIMEOUT: 3000;
     /**
      * Check if FedCM is supported in the current browser
      */

package/dist/types/mixins/OxyServices.karma.d.ts

@@ -63,6 +63,8 @@ export declare function OxyServicesKarmaMixin<T extends typeof OxyServicesBase>(
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/dist/types/mixins/OxyServices.language.d.ts

@@ -59,6 +59,8 @@ export declare function OxyServicesLanguageMixin<T extends typeof OxyServicesBas
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/dist/types/mixins/OxyServices.location.d.ts

@@ -42,6 +42,8 @@ export declare function OxyServicesLocationMixin<T extends typeof OxyServicesBas
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/dist/types/mixins/OxyServices.payment.d.ts

@@ -89,6 +89,8 @@ export declare function OxyServicesPaymentMixin<T extends typeof OxyServicesBase
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/dist/types/mixins/OxyServices.popup.d.ts

@@ -177,6 +177,8 @@ export declare function OxyServicesPopupAuthMixin<T extends typeof OxyServicesBa
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/dist/types/mixins/OxyServices.privacy.d.ts

@@ -100,6 +100,8 @@ export declare function OxyServicesPrivacyMixin<T extends typeof OxyServicesBase
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/dist/types/mixins/OxyServices.redirect.d.ts

@@ -216,6 +216,8 @@ export declare function OxyServicesRedirectAuthMixin<T extends typeof OxyService
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/dist/types/mixins/OxyServices.security.d.ts

@@ -56,6 +56,8 @@ export declare function OxyServicesSecurityMixin<T extends typeof OxyServicesBas
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/dist/types/mixins/OxyServices.user.d.ts

@@ -160,6 +160,8 @@ export declare function OxyServicesUserMixin<T extends typeof OxyServicesBase>(B
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/dist/types/mixins/OxyServices.utility.d.ts

@@ -71,6 +71,8 @@ export declare function OxyServicesUtilityMixin<T extends typeof OxyServicesBase
         getCloudURL(): string;
         setTokens(accessToken: string, refreshToken?: string): void;
         clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@oxyhq/core",
-  "version": "1.0.2",
+  "version": "1.1.0",
   "description": "OxyHQ SDK Foundation — API client, authentication, cryptographic identity, and shared utilities",
   "main": "dist/cjs/index.js",
   "module": "dist/esm/index.js",
@@ -65,7 +65,6 @@
     "lint": "biome lint --error-on-warnings ./src"
   },
   "dependencies": {
-    "axios": "^1.9.0",
     "bip39": "^3.1.0",
     "buffer": "^6.0.3",
     "elliptic": "^6.6.1",

package/src/AuthManager.ts

@@ -10,13 +10,13 @@
 import type { OxyServices } from './OxyServices';
 import type { HttpService } from './HttpService';
 import type { SessionLoginResponse, MinimalUserData } from './models/session';
+import { retryAsync } from './utils/asyncUtils';
 
 /**
- * OxyServices with optional FedCM methods (provided by FedCM mixin).
+ * OxyServices already declares revokeFedCMCredential via mixin type augmentation.
+ * This alias is kept for readability in the signOut method.
  */
-interface OxyServicesWithFedCM extends OxyServices {
-  revokeFedCMCredential?: () => Promise<void>;
-}
+type OxyServicesWithFedCM = OxyServices;
 
 /**
  * Storage adapter interface for platform-agnostic storage.
@@ -270,19 +270,29 @@ export class AuthManager {
     }
 
     try {
-      // Cast httpService to proper type (needed due to mixin composition)
-      const httpService = this.oxyServices.httpService as HttpService;
-      const response = await httpService.request<SessionLoginResponse>({
-        method: 'POST',
-        url: '/api/auth/refresh',
-        data: { refreshToken },
-        cache: false,
-      });
-
-      await this.handleAuthSuccess(response, 'credentials');
+      await retryAsync(
+        async () => {
+          const httpService = this.oxyServices.httpService as HttpService;
+          const response = await httpService.request<SessionLoginResponse>({
+            method: 'POST',
+            url: '/api/auth/refresh',
+            data: { refreshToken },
+            cache: false,
+          });
+          await this.handleAuthSuccess(response, 'credentials');
+        },
+        2,    // 2 retries = 3 total attempts
+        1000, // 1s base delay with exponential backoff + jitter
+        (error: any) => {
+          // Don't retry on 4xx client errors (invalid/revoked token)
+          const status = error?.status ?? error?.response?.status;
+          if (status && status >= 400 && status < 500) return false;
+          return true;
+        }
+      );
       return true;
     } catch {
-      // Refresh failed, clear session and update state
+      // All retry attempts exhausted, clear session
       await this.clearSession();
       this.currentUser = null;
       this.notifyListeners();

package/src/CrossDomainAuth.ts

@@ -10,7 +10,7 @@
  *
  * Usage:
  * ```typescript
- * import { CrossDomainAuth } from '@oxyhq/services';
+ * import { CrossDomainAuth } from '@oxyhq/core';
  *
  * const auth = new CrossDomainAuth(oxyServices);
  *
@@ -287,7 +287,7 @@ export class CrossDomainAuth {
  *
  * @example
  * ```typescript
- * import { createCrossDomainAuth } from '@oxyhq/services';
+ * import { createCrossDomainAuth } from '@oxyhq/core';
  *
  * const oxyServices = new OxyServices({ baseURL: 'https://api.oxy.so' });
  * const auth = createCrossDomainAuth(oxyServices);

package/src/HttpService.ts

@@ -17,6 +17,7 @@ import { TTLCache, registerCacheForCleanup } from './utils/cache';
 import { RequestDeduplicator, RequestQueue, SimpleLogger } from './utils/requestUtils';
 import { retryAsync } from './utils/asyncUtils';
 import { handleHttpError } from './utils/errorUtils';
+import { isDev } from './shared/utils/debugUtils';
 import { jwtDecode } from 'jwt-decode';
 import { isNative, getPlatformOS } from './utils/platform';
 import type { OxyConfig } from './models/interfaces';
@@ -279,7 +280,7 @@ export class HttpService {
         }
 
         // Debug logging for CSRF issues
-        if (isStateChangingMethod && __DEV__) {
+        if (isStateChangingMethod && isDev()) {
           console.log('[HttpService] CSRF Debug:', {
             url,
             method,
@@ -484,20 +485,20 @@ export class HttpService {
     // Return cached token if available
     const cachedToken = this.tokenStore.getCsrfToken();
     if (cachedToken) {
-      if (__DEV__) console.log('[HttpService] Using cached CSRF token');
+      if (isDev()) console.log('[HttpService] Using cached CSRF token');
       return cachedToken;
     }
 
     // Deduplicate concurrent CSRF token fetches
     const existingPromise = this.tokenStore.getCsrfTokenFetchPromise();
     if (existingPromise) {
-      if (__DEV__) console.log('[HttpService] Waiting for existing CSRF fetch');
+      if (isDev()) console.log('[HttpService] Waiting for existing CSRF fetch');
       return existingPromise;
     }
 
     const fetchPromise = (async () => {
       try {
-        if (__DEV__) console.log('[HttpService] Fetching CSRF token from:', `${this.baseURL}/api/csrf-token`);
+        if (isDev()) console.log('[HttpService] Fetching CSRF token from:', `${this.baseURL}/api/csrf-token`);
 
         // Use AbortController for timeout (more compatible than AbortSignal.timeout)
         const controller = new AbortController();
@@ -512,11 +513,11 @@ export class HttpService {
 
         clearTimeout(timeoutId);
 
-        if (__DEV__) console.log('[HttpService] CSRF fetch response:', response.status, response.ok);
+        if (isDev()) console.log('[HttpService] CSRF fetch response:', response.status, response.ok);
 
         if (response.ok) {
           const data = await response.json() as { csrfToken?: string };
-          if (__DEV__) console.log('[HttpService] CSRF response data:', data);
+          if (isDev()) console.log('[HttpService] CSRF response data:', data);
           const token = data.csrfToken || null;
           this.tokenStore.setCsrfToken(token);
           this.logger.debug('CSRF token fetched');
@@ -531,11 +532,11 @@ export class HttpService {
           return headerToken;
         }
 
-        if (__DEV__) console.log('[HttpService] CSRF fetch failed with status:', response.status);
+        if (isDev()) console.log('[HttpService] CSRF fetch failed with status:', response.status);
         this.logger.warn('Failed to fetch CSRF token:', response.status);
         return null;
       } catch (error) {
-        if (__DEV__) console.log('[HttpService] CSRF fetch error:', error);
+        if (isDev()) console.log('[HttpService] CSRF fetch error:', error);
         this.logger.warn('CSRF token fetch error:', error);
         return null;
       } finally {