@proappstore/sdk 1.7.0 → 1.9.0

package/dist/notifications.js

@@ -0,0 +1,174 @@
+/**
+ * Web Push notifications — subscribe users, send targeted or broadcast pushes.
+ * Backed by the PAS API + VAPID + W3C Push API.
+ */
+export class Notifications {
+    appId;
+    apiBase;
+    auth;
+    vapidKeyCache = null;
+    constructor(appId, apiBase, auth) {
+        this.appId = appId;
+        this.apiBase = apiBase;
+        this.auth = auth;
+    }
+    /** Fetch the server's VAPID public key (cached after first call). */
+    async getVapidKey() {
+        if (this.vapidKeyCache)
+            return this.vapidKeyCache;
+        const res = await fetch(`${this.apiBase}/v1/notifications/vapid-key`);
+        if (!res.ok)
+            throw new Error(`Failed to fetch VAPID key: ${res.status}`);
+        const data = (await res.json());
+        this.vapidKeyCache = data.publicKey;
+        return data.publicKey;
+    }
+    /** Request permission, register the service worker, and subscribe to push. */
+    async subscribe(swPath = '/sw.js') {
+        const token = this.auth.token;
+        if (!token)
+            throw new Error('Not signed in.');
+        const permission = await Notification.requestPermission();
+        if (permission !== 'granted')
+            throw new Error('Notification permission denied.');
+        const vapidKey = await this.getVapidKey();
+        await navigator.serviceWorker.register(swPath);
+        const registration = await navigator.serviceWorker.ready;
+        const subscription = await registration.pushManager.subscribe({
+            userVisibleOnly: true,
+            applicationServerKey: urlBase64ToUint8Array(vapidKey),
+        });
+        const keys = subscription.toJSON().keys;
+        const res = await fetch(`${this.apiBase}/v1/notifications/subscribe`, {
+            method: 'POST',
+            headers: {
+                Authorization: `Bearer ${token}`,
+                'Content-Type': 'application/json',
+            },
+            body: JSON.stringify({
+                appId: this.appId,
+                endpoint: subscription.endpoint,
+                p256dh: keys.p256dh,
+                auth: keys.auth,
+            }),
+        });
+        if (!res.ok) {
+            // Roll back browser subscription so isSubscribed() stays consistent
+            await subscription.unsubscribe();
+            if (res.status === 401) {
+                this.auth.handleUnauthorized();
+                throw new Error('Not signed in.');
+            }
+            throw new Error(`subscribe failed: ${res.status}`);
+        }
+    }
+    /** Unsubscribe from push notifications (browser + backend). */
+    async unsubscribe() {
+        const token = this.auth.token;
+        if (!token)
+            throw new Error('Not signed in.');
+        const registration = await navigator.serviceWorker.getRegistration();
+        const subscription = await registration?.pushManager.getSubscription();
+        if (subscription) {
+            const endpoint = subscription.endpoint;
+            // Backend first — if it fails, browser sub stays active so user can retry
+            await fetch(`${this.apiBase}/v1/notifications/unsubscribe`, {
+                method: 'POST',
+                headers: {
+                    Authorization: `Bearer ${token}`,
+                    'Content-Type': 'application/json',
+                },
+                body: JSON.stringify({ endpoint }),
+            });
+            await subscription.unsubscribe();
+        }
+    }
+    /** Check if the user is currently subscribed to push. */
+    async isSubscribed() {
+        const registration = await navigator.serviceWorker.getRegistration();
+        if (!registration)
+            return false;
+        const subscription = await registration.pushManager.getSubscription();
+        return subscription !== null;
+    }
+    /** Return the current Notification permission state. */
+    getPermission() {
+        return typeof Notification !== 'undefined' ? Notification.permission : 'denied';
+    }
+    /** Send a push notification to a specific user (must be app creator). */
+    async send(userId, payload) {
+        return this._send({ ...payload, userId });
+    }
+    /** Broadcast a push notification to all subscribers (must be app creator). */
+    async broadcast(payload) {
+        return this._send(payload);
+    }
+    async _send(payload) {
+        const token = this.auth.token;
+        if (!token)
+            throw new Error('Not signed in.');
+        const res = await fetch(`${this.apiBase}/v1/notifications/send`, {
+            method: 'POST',
+            headers: {
+                Authorization: `Bearer ${token}`,
+                'Content-Type': 'application/json',
+            },
+            body: JSON.stringify({
+                appId: this.appId,
+                userId: payload.userId,
+                title: payload.title,
+                body: payload.body,
+                url: payload.url,
+                icon: payload.icon,
+                tag: payload.tag,
+            }),
+        });
+        if (res.status === 401) {
+            this.auth.handleUnauthorized();
+            throw new Error('Not signed in.');
+        }
+        if (res.status === 403)
+            throw new Error('Only the app creator can send notifications.');
+        if (!res.ok)
+            throw new Error(`send failed: ${res.status}`);
+        return (await res.json());
+    }
+    /**
+     * Returns the service worker push event handler script as a string.
+     * Apps should save this as their sw.js (or append to an existing one).
+     */
+    static getServiceWorkerScript() {
+        return `
+self.addEventListener('push', (event) => {
+  const data = event.data ? event.data.json() : {};
+  event.waitUntil(
+    self.registration.showNotification(data.title || 'Notification', {
+      body: data.body || '',
+      icon: data.icon || '/icon-192.png',
+      tag: data.tag || undefined,
+      data: { url: data.url },
+    })
+  );
+});
+
+self.addEventListener('notificationclick', (event) => {
+  event.notification.close();
+  const url = event.notification.data?.url;
+  if (url) {
+    event.waitUntil(clients.openWindow(url));
+  }
+});
+`.trim();
+    }
+}
+/** Convert a URL-safe base64 VAPID key to Uint8Array for PushManager. */
+function urlBase64ToUint8Array(base64String) {
+    const padding = '='.repeat((4 - (base64String.length % 4)) % 4);
+    const base64 = (base64String + padding).replace(/-/g, '+').replace(/_/g, '/');
+    const raw = atob(base64);
+    const arr = new Uint8Array(raw.length);
+    for (let i = 0; i < raw.length; i++)
+        arr[i] = raw.charCodeAt(i);
+    return arr;
+}
+//# sourceMappingURL=notifications.js.map

package/dist/notifications.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"notifications.js","sourceRoot":"","sources":["../src/notifications.ts"],"names":[],"mappings":"AAkBA;;;GAGG;AACH,MAAM,OAAO,aAAa;IAIL;IACA;IACA;IALX,aAAa,GAAkB,IAAI,CAAC;IAE5C,YACmB,KAAa,EACb,OAAe,EACf,IAAc;QAFd,UAAK,GAAL,KAAK,CAAQ;QACb,YAAO,GAAP,OAAO,CAAQ;QACf,SAAI,GAAJ,IAAI,CAAU;IAC9B,CAAC;IAEJ,qEAAqE;IACrE,KAAK,CAAC,WAAW;QACf,IAAI,IAAI,CAAC,aAAa;YAAE,OAAO,IAAI,CAAC,aAAa,CAAC;QAClD,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,6BAA6B,CAAC,CAAC;QACtE,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,8BAA8B,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QACzE,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA0B,CAAC;QACzD,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC;QACpC,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,8EAA8E;IAC9E,KAAK,CAAC,SAAS,CAAC,MAAM,GAAG,QAAQ;QAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC;QAC9B,IAAI,CAAC,KAAK;YAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAE9C,MAAM,UAAU,GAAG,MAAM,YAAY,CAAC,iBAAiB,EAAE,CAAC;QAC1D,IAAI,UAAU,KAAK,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QAEjF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QAC1C,MAAM,SAAS,CAAC,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC/C,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,aAAa,CAAC,KAAK,CAAC;QAEzD,MAAM,YAAY,GAAG,MAAM,YAAY,CAAC,WAAW,CAAC,SAAS,CAAC;YAC5D,eAAe,EAAE,IAAI;YACrB,oBAAoB,EAAE,qBAAqB,CAAC,QAAQ,CAAiB;SACtE,CAAC,CAAC;QAEH,MAAM,IAAI,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,IAAK,CAAC;QACzC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,6BAA6B,EAAE;YACpE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,KAAK,EAAE;gBAChC,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,QAAQ,EAAE,YAAY,CAAC,QAAQ;gBAC/B,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,IAAI,EAAE,IAAI,CAAC,IAAI;aAChB,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,oEAAoE;YACpE,MAAM,YAAY,CAAC,WAAW,EAAE,CAAC;YACjC,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBACvB,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBAC/B,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;YACpC,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,qBAAqB,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAED,+DAA+D;IAC/D,KAAK,CAAC,WAAW;QACf,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC;QAC9B,IAAI,CAAC,KAAK;YAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAE9C,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,aAAa,CAAC,eAAe,EAAE,CAAC;QACrE,MAAM,YAAY,GAAG,MAAM,YAAY,EAAE,WAAW,CAAC,eAAe,EAAE,CAAC;QAEvE,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC;YAEvC,0EAA0E;YAC1E,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,+BAA+B,EAAE;gBAC1D,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,aAAa,EAAE,UAAU,KAAK,EAAE;oBAChC,cAAc,EAAE,kBAAkB;iBACnC;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,CAAC;aACnC,CAAC,CAAC;YAEH,MAAM,YAAY,CAAC,WAAW,EAAE,CAAC;QACnC,CAAC;IACH,CAAC;IAED,yDAAyD;IACzD,KAAK,CAAC,YAAY;QAChB,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,aAAa,CAAC,eAAe,EAAE,CAAC;QACrE,IAAI,CAAC,YAAY;YAAE,OAAO,KAAK,CAAC;QAChC,MAAM,YAAY,GAAG,MAAM,YAAY,CAAC,WAAW,CAAC,eAAe,EAAE,CAAC;QACtE,OAAO,YAAY,KAAK,IAAI,CAAC;IAC/B,CAAC;IAED,wDAAwD;IACxD,aAAa;QACX,OAAO,OAAO,YAAY,KAAK,WAAW,CAAC,CAAC,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC;IAClF,CAAC;IAED,yEAAyE;IACzE,KAAK,CAAC,IAAI,CAAC,MAAc,EAAE,OAA4B;QACrD,OAAO,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED,8EAA8E;IAC9E,KAAK,CAAC,SAAS,CAAC,OAA4B;QAC1C,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAEO,KAAK,CAAC,KAAK,CAAC,OAAkD;QACpE,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC;QAC9B,IAAI,CAAC,KAAK;YAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAE9C,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,wBAAwB,EAAE;YAC/D,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,KAAK,EAAE;gBAChC,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,GAAG,EAAE,OAAO,CAAC,GAAG;gBAChB,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,GAAG,EAAE,OAAO,CAAC,GAAG;aACjB,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACvB,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACpC,CAAC;QACD,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;QACxF,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QAE3D,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAe,CAAC;IAC1C,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,sBAAsB;QAC3B,OAAO;;;;;;;;;;;;;;;;;;;;CAoBV,CAAC,IAAI,EAAE,CAAC;IACP,CAAC;CACF;AAED,yEAAyE;AACzE,SAAS,qBAAqB,CAAC,YAAoB;IACjD,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAChE,MAAM,MAAM,GAAG,CAAC,YAAY,GAAG,OAAO,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC9E,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IACzB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAChE,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/sms.d.ts

@@ -0,0 +1,31 @@
+interface AuthLike {
+    token: string | null;
+    handleUnauthorized(): void;
+}
+export interface SmsSendResult {
+    sent: number;
+    failed: number;
+}
+/**
+ * SMS — send text messages via the PAS API (Twilio-backed server-side).
+ *
+ * The platform owns the Twilio credentials; the app never sees them.
+ * Only the app creator can send. Rate-limiting / abuse protection is
+ * server-side. Numbers must be E.164 ("+15551234567").
+ *
+ * Use case: class reminders, OTP codes, no-show notifications. Pair with
+ * `app.notifications` (Web Push) for in-browser delivery on the same event.
+ */
+export declare class SMS {
+    private readonly appId;
+    private readonly apiBase;
+    private readonly auth;
+    constructor(appId: string, apiBase: string, auth: AuthLike);
+    /** Send an SMS to a single phone number (E.164). Caller must be app creator. */
+    send(to: string, message: string): Promise<SmsSendResult>;
+    /** Send the same SMS to many recipients. Caller must be app creator. */
+    broadcast(numbers: string[], message: string): Promise<SmsSendResult>;
+    private _send;
+}
+export {};
+//# sourceMappingURL=sms.d.ts.map

package/dist/sms.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sms.d.ts","sourceRoot":"","sources":["../src/sms.ts"],"names":[],"mappings":"AAAA,UAAU,QAAQ;IAChB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,kBAAkB,IAAI,IAAI,CAAC;CAC5B;AAED,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;;;;GASG;AACH,qBAAa,GAAG;IAEZ,OAAO,CAAC,QAAQ,CAAC,KAAK;IACtB,OAAO,CAAC,QAAQ,CAAC,OAAO;IACxB,OAAO,CAAC,QAAQ,CAAC,IAAI;gBAFJ,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,QAAQ;IAGjC,gFAAgF;IAC1E,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAI/D,wEAAwE;IAClE,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;YAI7D,KAAK;CAuBpB"}

package/dist/sms.js

@@ -0,0 +1,53 @@
+/**
+ * SMS — send text messages via the PAS API (Twilio-backed server-side).
+ *
+ * The platform owns the Twilio credentials; the app never sees them.
+ * Only the app creator can send. Rate-limiting / abuse protection is
+ * server-side. Numbers must be E.164 ("+15551234567").
+ *
+ * Use case: class reminders, OTP codes, no-show notifications. Pair with
+ * `app.notifications` (Web Push) for in-browser delivery on the same event.
+ */
+export class SMS {
+    appId;
+    apiBase;
+    auth;
+    constructor(appId, apiBase, auth) {
+        this.appId = appId;
+        this.apiBase = apiBase;
+        this.auth = auth;
+    }
+    /** Send an SMS to a single phone number (E.164). Caller must be app creator. */
+    async send(to, message) {
+        return this._send([to], message);
+    }
+    /** Send the same SMS to many recipients. Caller must be app creator. */
+    async broadcast(numbers, message) {
+        return this._send(numbers, message);
+    }
+    async _send(numbers, message) {
+        const token = this.auth.token;
+        if (!token)
+            throw new Error('Not signed in.');
+        const res = await fetch(`${this.apiBase}/v1/sms/send`, {
+            method: 'POST',
+            headers: {
+                Authorization: `Bearer ${token}`,
+                'Content-Type': 'application/json',
+            },
+            body: JSON.stringify({ appId: this.appId, to: numbers, message }),
+        });
+        if (res.status === 401) {
+            this.auth.handleUnauthorized();
+            throw new Error('Not signed in.');
+        }
+        if (res.status === 403)
+            throw new Error('Only the app creator can send SMS.');
+        if (res.status === 503)
+            throw new Error('SMS is not configured on this platform.');
+        if (!res.ok)
+            throw new Error(`SMS send failed: ${res.status}`);
+        return (await res.json());
+    }
+}
+//# sourceMappingURL=sms.js.map

package/dist/sms.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sms.js","sourceRoot":"","sources":["../src/sms.ts"],"names":[],"mappings":"AAUA;;;;;;;;;GASG;AACH,MAAM,OAAO,GAAG;IAEK;IACA;IACA;IAHnB,YACmB,KAAa,EACb,OAAe,EACf,IAAc;QAFd,UAAK,GAAL,KAAK,CAAQ;QACb,YAAO,GAAP,OAAO,CAAQ;QACf,SAAI,GAAJ,IAAI,CAAU;IAC9B,CAAC;IAEJ,gFAAgF;IAChF,KAAK,CAAC,IAAI,CAAC,EAAU,EAAE,OAAe;QACpC,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,OAAO,CAAC,CAAC;IACnC,CAAC;IAED,wEAAwE;IACxE,KAAK,CAAC,SAAS,CAAC,OAAiB,EAAE,OAAe;QAChD,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACtC,CAAC;IAEO,KAAK,CAAC,KAAK,CAAC,OAAiB,EAAE,OAAe;QACpD,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC;QAC9B,IAAI,CAAC,KAAK;YAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAE9C,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,cAAc,EAAE;YACrD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,KAAK,EAAE;gBAChC,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;SAClE,CAAC,CAAC;QAEH,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACvB,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACpC,CAAC;QACD,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QAC9E,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QACnF,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QAE/D,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAkB,CAAC;IAC7C,CAAC;CACF"}

package/dist/tenant.d.ts

@@ -0,0 +1,52 @@
+import type { Database, ExecuteResult } from './db.js';
+/**
+ * TenantScope — safe-by-default helpers for multi-tenant tables.
+ *
+ * Every multi-tenant table in your app must have a `tenant_id` column.
+ * The helpers here auto-inject `tenant_id` on inserts and auto-scope
+ * reads/writes by `tenant_id` — so you can't accidentally leak a row
+ * across tenants by forgetting a `WHERE` clause.
+ *
+ * Where this lives architecturally: a thin wrapper around `app.db`.
+ * It does NOT replace `db.query` / `db.execute` — those are still raw.
+ * Use the scope helpers for normal CRUD; drop down to `db.query` when
+ * you need joins, aggregates, or anything beyond single-table operations.
+ *
+ * @example
+ *   const tx = app.db.tenant('studio-123');
+ *
+ *   await tx.insert('clients', { id: 'c-1', name: 'Alice' });
+ *   const alice = await tx.find('clients', { id: 'c-1' });
+ *   await tx.update('clients', { id: 'c-1' }, { name: 'Alicia' });
+ *   await tx.delete('clients', { id: 'c-1' });
+ *
+ *   // Raw escape hatch — tenant_id available as tx.tenantId; bind it yourself.
+ *   const rows = await tx.db.query(
+ *     'SELECT * FROM clients WHERE name LIKE ? AND tenant_id = ?',
+ *     ['A%', tx.tenantId],
+ *   );
+ */
+export declare class TenantScope {
+    /** The Database instance this scope wraps. Exposed for raw escape-hatch queries. */
+    readonly db: Database;
+    /** The tenant_id all scope operations bind to. */
+    readonly tenantId: string;
+    constructor(
+    /** The Database instance this scope wraps. Exposed for raw escape-hatch queries. */
+    db: Database, 
+    /** The tenant_id all scope operations bind to. */
+    tenantId: string);
+    /** Find a single row matching the filter (tenant_id automatically appended). Returns null when nothing matches. */
+    find<T = Record<string, unknown>>(table: string, filter?: Record<string, unknown>): Promise<T | null>;
+    /** Find all rows matching the filter (tenant_id automatically appended). */
+    findMany<T = Record<string, unknown>>(table: string, filter?: Record<string, unknown>): Promise<T[]>;
+    /** Insert a row. `tenant_id` is set automatically — don't include it in `values`. */
+    insert(table: string, values: Record<string, unknown>): Promise<ExecuteResult>;
+    /** Update rows matching `filter`. `tenant_id` is auto-appended to the WHERE. */
+    update(table: string, filter: Record<string, unknown>, values: Record<string, unknown>): Promise<ExecuteResult>;
+    /** Delete rows matching `filter`. `tenant_id` is auto-appended. */
+    delete(table: string, filter: Record<string, unknown>): Promise<ExecuteResult>;
+    /** Count rows matching `filter` (or all in the tenant). */
+    count(table: string, filter?: Record<string, unknown>): Promise<number>;
+}
+//# sourceMappingURL=tenant.d.ts.map

package/dist/tenant.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tenant.d.ts","sourceRoot":"","sources":["../src/tenant.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,aAAa,EAAe,MAAM,SAAS,CAAC;AAEpE;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,qBAAa,WAAW;IAEpB,oFAAoF;IACpF,QAAQ,CAAC,EAAE,EAAE,QAAQ;IACrB,kDAAkD;IAClD,QAAQ,CAAC,QAAQ,EAAE,MAAM;;IAHzB,oFAAoF;IAC3E,EAAE,EAAE,QAAQ;IACrB,kDAAkD;IACzC,QAAQ,EAAE,MAAM;IAK3B,mHAAmH;IAC7G,IAAI,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACpC,KAAK,EAAE,MAAM,EACb,MAAM,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,GACnC,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC;IAQpB,4EAA4E;IACtE,QAAQ,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACxC,KAAK,EAAE,MAAM,EACb,MAAM,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,GACnC,OAAO,CAAC,CAAC,EAAE,CAAC;IAQf,qFAAqF;IAC/E,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,aAAa,CAAC;IAapF,gFAAgF;IAC1E,MAAM,CACV,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC9B,OAAO,CAAC,aAAa,CAAC;IAczB,mEAAmE;IAC7D,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,aAAa,CAAC;IAOpF,2DAA2D;IACrD,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,GAAG,OAAO,CAAC,MAAM,CAAC;CAOlF"}

package/dist/tenant.js

@@ -0,0 +1,126 @@
+/**
+ * TenantScope — safe-by-default helpers for multi-tenant tables.
+ *
+ * Every multi-tenant table in your app must have a `tenant_id` column.
+ * The helpers here auto-inject `tenant_id` on inserts and auto-scope
+ * reads/writes by `tenant_id` — so you can't accidentally leak a row
+ * across tenants by forgetting a `WHERE` clause.
+ *
+ * Where this lives architecturally: a thin wrapper around `app.db`.
+ * It does NOT replace `db.query` / `db.execute` — those are still raw.
+ * Use the scope helpers for normal CRUD; drop down to `db.query` when
+ * you need joins, aggregates, or anything beyond single-table operations.
+ *
+ * @example
+ *   const tx = app.db.tenant('studio-123');
+ *
+ *   await tx.insert('clients', { id: 'c-1', name: 'Alice' });
+ *   const alice = await tx.find('clients', { id: 'c-1' });
+ *   await tx.update('clients', { id: 'c-1' }, { name: 'Alicia' });
+ *   await tx.delete('clients', { id: 'c-1' });
+ *
+ *   // Raw escape hatch — tenant_id available as tx.tenantId; bind it yourself.
+ *   const rows = await tx.db.query(
+ *     'SELECT * FROM clients WHERE name LIKE ? AND tenant_id = ?',
+ *     ['A%', tx.tenantId],
+ *   );
+ */
+export class TenantScope {
+    db;
+    tenantId;
+    constructor(
+    /** The Database instance this scope wraps. Exposed for raw escape-hatch queries. */
+    db, 
+    /** The tenant_id all scope operations bind to. */
+    tenantId) {
+        this.db = db;
+        this.tenantId = tenantId;
+        if (!tenantId)
+            throw new Error('TenantScope requires a non-empty tenantId.');
+    }
+    /** Find a single row matching the filter (tenant_id automatically appended). Returns null when nothing matches. */
+    async find(table, filter = {}) {
+        assertIdent(table);
+        const { whereSql, params } = whereClause(filter, this.tenantId);
+        const sql = `SELECT * FROM ${table} ${whereSql} LIMIT 1`;
+        const result = await this.db.query(sql, params);
+        return result.rows[0] ?? null;
+    }
+    /** Find all rows matching the filter (tenant_id automatically appended). */
+    async findMany(table, filter = {}) {
+        assertIdent(table);
+        const { whereSql, params } = whereClause(filter, this.tenantId);
+        const sql = `SELECT * FROM ${table} ${whereSql}`;
+        const result = await this.db.query(sql, params);
+        return result.rows;
+    }
+    /** Insert a row. `tenant_id` is set automatically — don't include it in `values`. */
+    async insert(table, values) {
+        assertIdent(table);
+        if ('tenant_id' in values) {
+            throw new Error('Do not pass tenant_id to TenantScope.insert — it is set automatically.');
+        }
+        const fullValues = { ...values, tenant_id: this.tenantId };
+        const cols = Object.keys(fullValues);
+        for (const c of cols)
+            assertIdent(c);
+        const placeholders = cols.map(() => '?').join(', ');
+        const sql = `INSERT INTO ${table} (${cols.join(', ')}) VALUES (${placeholders})`;
+        return this.db.execute(sql, Object.values(fullValues));
+    }
+    /** Update rows matching `filter`. `tenant_id` is auto-appended to the WHERE. */
+    async update(table, filter, values) {
+        assertIdent(table);
+        if ('tenant_id' in values) {
+            throw new Error('Do not pass tenant_id to TenantScope.update — it is preserved automatically.');
+        }
+        const setCols = Object.keys(values);
+        if (setCols.length === 0)
+            throw new Error('TenantScope.update requires at least one column to set.');
+        for (const c of setCols)
+            assertIdent(c);
+        const setSql = setCols.map((c) => `${c} = ?`).join(', ');
+        const { whereSql, params: whereParams } = whereClause(filter, this.tenantId);
+        const sql = `UPDATE ${table} SET ${setSql} ${whereSql}`;
+        return this.db.execute(sql, [...Object.values(values), ...whereParams]);
+    }
+    /** Delete rows matching `filter`. `tenant_id` is auto-appended. */
+    async delete(table, filter) {
+        assertIdent(table);
+        const { whereSql, params } = whereClause(filter, this.tenantId);
+        const sql = `DELETE FROM ${table} ${whereSql}`;
+        return this.db.execute(sql, params);
+    }
+    /** Count rows matching `filter` (or all in the tenant). */
+    async count(table, filter = {}) {
+        assertIdent(table);
+        const { whereSql, params } = whereClause(filter, this.tenantId);
+        const sql = `SELECT COUNT(*) AS n FROM ${table} ${whereSql}`;
+        const result = await this.db.query(sql, params);
+        return Number(result.rows[0]?.n ?? 0);
+    }
+}
+/** Build a WHERE clause from an equality filter plus the auto-injected tenant_id. */
+function whereClause(filter, tenantId) {
+    const keys = Object.keys(filter);
+    for (const k of keys)
+        assertIdent(k);
+    const conds = keys.map((k) => `${k} = ?`);
+    conds.push('tenant_id = ?');
+    const params = [...keys.map((k) => filter[k]), tenantId];
+    return { whereSql: `WHERE ${conds.join(' AND ')}`, params };
+}
+/**
+ * Identifiers (table + column names) cannot be parameterized in SQL, so we
+ * interpolate them directly. Reject anything that isn't a safe SQL identifier
+ * to keep this from becoming an SQL-injection vector.
+ *
+ * Allowed: ASCII letter or underscore, followed by letters/digits/underscores.
+ * Reject anything with quotes, spaces, semicolons, dashes, dots, etc.
+ */
+function assertIdent(name) {
+    if (!/^[A-Za-z_][A-Za-z0-9_]*$/.test(name)) {
+        throw new Error(`Unsafe SQL identifier: ${JSON.stringify(name)}`);
+    }
+}
+//# sourceMappingURL=tenant.js.map

package/dist/tenant.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tenant.js","sourceRoot":"","sources":["../src/tenant.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,MAAM,OAAO,WAAW;IAGX;IAEA;IAJX;IACE,oFAAoF;IAC3E,EAAY;IACrB,kDAAkD;IACzC,QAAgB;QAFhB,OAAE,GAAF,EAAE,CAAU;QAEZ,aAAQ,GAAR,QAAQ,CAAQ;QAEzB,IAAI,CAAC,QAAQ;YAAE,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAC/E,CAAC;IAED,mHAAmH;IACnH,KAAK,CAAC,IAAI,CACR,KAAa,EACb,SAAkC,EAAE;QAEpC,WAAW,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,WAAW,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QAChE,MAAM,GAAG,GAAG,iBAAiB,KAAK,IAAI,QAAQ,UAAU,CAAC;QACzD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,KAAK,CAAI,GAAG,EAAE,MAAM,CAAC,CAAC;QACnD,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;IAChC,CAAC;IAED,4EAA4E;IAC5E,KAAK,CAAC,QAAQ,CACZ,KAAa,EACb,SAAkC,EAAE;QAEpC,WAAW,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,WAAW,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QAChE,MAAM,GAAG,GAAG,iBAAiB,KAAK,IAAI,QAAQ,EAAE,CAAC;QACjD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,KAAK,CAAI,GAAG,EAAE,MAAM,CAAC,CAAC;QACnD,OAAO,MAAM,CAAC,IAAI,CAAC;IACrB,CAAC;IAED,qFAAqF;IACrF,KAAK,CAAC,MAAM,CAAC,KAAa,EAAE,MAA+B;QACzD,WAAW,CAAC,KAAK,CAAC,CAAC;QACnB,IAAI,WAAW,IAAI,MAAM,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAC;QAC5F,CAAC;QACD,MAAM,UAAU,GAAG,EAAE,GAAG,MAAM,EAAE,SAAS,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC3D,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACrC,KAAK,MAAM,CAAC,IAAI,IAAI;YAAE,WAAW,CAAC,CAAC,CAAC,CAAC;QACrC,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpD,MAAM,GAAG,GAAG,eAAe,KAAK,KAAK,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,YAAY,GAAG,CAAC;QACjF,OAAO,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;IACzD,CAAC;IAED,gFAAgF;IAChF,KAAK,CAAC,MAAM,CACV,KAAa,EACb,MAA+B,EAC/B,MAA+B;QAE/B,WAAW,CAAC,KAAK,CAAC,CAAC;QACnB,IAAI,WAAW,IAAI,MAAM,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,8EAA8E,CAAC,CAAC;QAClG,CAAC;QACD,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACpC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;QACrG,KAAK,MAAM,CAAC,IAAI,OAAO;YAAE,WAAW,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzD,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,WAAW,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC7E,MAAM,GAAG,GAAG,UAAU,KAAK,QAAQ,MAAM,IAAI,QAAQ,EAAE,CAAC;QACxD,OAAO,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,GAAG,WAAW,CAAC,CAAC,CAAC;IAC1E,CAAC;IAED,mEAAmE;IACnE,KAAK,CAAC,MAAM,CAAC,KAAa,EAAE,MAA+B;QACzD,WAAW,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,WAAW,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QAChE,MAAM,GAAG,GAAG,eAAe,KAAK,IAAI,QAAQ,EAAE,CAAC;QAC/C,OAAO,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACtC,CAAC;IAED,2DAA2D;IAC3D,KAAK,CAAC,KAAK,CAAC,KAAa,EAAE,SAAkC,EAAE;QAC7D,WAAW,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,WAAW,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QAChE,MAAM,GAAG,GAAG,6BAA6B,KAAK,IAAI,QAAQ,EAAE,CAAC;QAC7D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,KAAK,CAAgB,GAAG,EAAE,MAAM,CAAC,CAAC;QAC/D,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;IACxC,CAAC;CACF;AAED,qFAAqF;AACrF,SAAS,WAAW,CAClB,MAA+B,EAC/B,QAAgB;IAEhB,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACjC,KAAK,MAAM,CAAC,IAAI,IAAI;QAAE,WAAW,CAAC,CAAC,CAAC,CAAC;IACrC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAC1C,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAC5B,MAAM,MAAM,GAAG,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IACzD,OAAO,EAAE,QAAQ,EAAE,SAAS,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC;AAC9D,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,WAAW,CAAC,IAAY;IAC/B,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3C,MAAM,IAAI,KAAK,CAAC,0BAA0B,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACpE,CAAC;AACH,CAAC"}

package/dist/types.d.ts

@@ -6,6 +6,11 @@ export interface ProInitOptions {
     proApiBase?: string;
     /** Defaults to https://data-{appId}.proappstore.online (per-app data worker). */
     dataApiBase?: string;
+    /** Usage telemetry options. Auto-heartbeat is on by default. */
+    usage?: {
+        /** Default true. Set false to disable the auto-heartbeat in this app. */
+        auto?: boolean;
+    };
 }
 export type SubscriptionStatus = 'active' | 'past_due' | 'canceled' | 'incomplete';
 export interface Subscription {

package/dist/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,uEAAuE;IACvE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,qEAAqE;IACrE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,iFAAiF;IACjF,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,MAAM,kBAAkB,GAAG,QAAQ,GAAG,UAAU,GAAG,UAAU,GAAG,YAAY,CAAC;AAEnF,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,kBAAkB,CAAC;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,gEAAgE;IAChE,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,sDAAsD;IACtD,gBAAgB,EAAE,MAAM,CAAC;IACzB,2DAA2D;IAC3D,iBAAiB,EAAE,OAAO,CAAC;CAC5B;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,8EAA8E;IAC9E,UAAU,EAAE,MAAM,CAAC;IACnB,sDAAsD;IACtD,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,uEAAuE;IACvE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,qEAAqE;IACrE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,iFAAiF;IACjF,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,gEAAgE;IAChE,KAAK,CAAC,EAAE;QACN,yEAAyE;QACzE,IAAI,CAAC,EAAE,OAAO,CAAC;KAChB,CAAC;CACH;AAED,MAAM,MAAM,kBAAkB,GAAG,QAAQ,GAAG,UAAU,GAAG,UAAU,GAAG,YAAY,CAAC;AAEnF,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,kBAAkB,CAAC;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,gEAAgE;IAChE,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,sDAAsD;IACtD,gBAAgB,EAAE,MAAM,CAAC;IACzB,2DAA2D;IAC3D,iBAAiB,EAAE,OAAO,CAAC;CAC5B;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,8EAA8E;IAC9E,UAAU,EAAE,MAAM,CAAC;IACnB,sDAAsD;IACtD,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B"}

package/dist/usage.d.ts

@@ -0,0 +1,65 @@
+/**
+ * Usage telemetry — heartbeats `POST /v1/usage/ping` while the tab is visible.
+ *
+ * Auto-started by `initPro()` unless `usage.auto === false` in the options.
+ * The collected (app, user, day) counts drive the usage-proportional creator
+ * payouts described in proappstore.online/pricing.
+ *
+ * Design notes:
+ *
+ * - **Visible-time only.** We start a stopwatch when the tab is visible and
+ *   pause on `visibilitychange`. A tab that's been hidden for 90s contributes
+ *   0 seconds for that interval.
+ * - **Browser-only.** All methods no-op when `document` or `window` is
+ *   undefined so the import is SSR-safe.
+ * - **Silent failures.** Telemetry must never break an app. Every network
+ *   path catches + ignores errors.
+ * - **Page-close flush.** On `pagehide` we send a final ping with the
+ *   residual elapsed seconds via `navigator.sendBeacon` (survives unload)
+ *   falling back to `fetch(..., { keepalive: true })`.
+ */
+interface AuthLike {
+    token: string | null;
+}
+export interface UsageOptions {
+    /** Default true. Set false to disable auto-heartbeat in this app. */
+    auto?: boolean;
+}
+export declare class Usage {
+    private readonly appId;
+    private readonly apiBase;
+    private readonly auth;
+    private running;
+    private timer;
+    private visibleSince;
+    /** Accumulated visible-time since the last successful ping, in milliseconds. */
+    private accruedMs;
+    private pendingApiCalls;
+    private onVisibility;
+    private onPageHide;
+    constructor(appId: string, apiBase: string, auth: AuthLike);
+    /** Begin heartbeat reporting. Idempotent — calling twice is a no-op. */
+    start(): void;
+    /** Stop heartbeats. Idempotent. Doesn't flush; call `flush()` if you need to. */
+    stop(): void;
+    /**
+     * Record API calls. Bumps a local counter that piggybacks on the next
+     * heartbeat. Cheap to call from hot paths — no network until the next tick.
+     */
+    recordApiCall(n?: number): void;
+    /**
+     * Send a final ping (intended for page-close paths). Best-effort,
+     * fire-and-forget. Uses sendBeacon when available so the request survives
+     * unload; falls back to keepalive fetch otherwise.
+     */
+    flush(): void;
+    /** Add any in-progress visible-time to the running accrual. */
+    private bankVisible;
+    /** Round accrued ms to whole seconds, clamp to MAX_DELTA_SECONDS, return + reset. */
+    private drainSeconds;
+    private drainApiCalls;
+    private tick;
+    private send;
+}
+export {};
+//# sourceMappingURL=usage.d.ts.map

package/dist/usage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"usage.d.ts","sourceRoot":"","sources":["../src/usage.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,UAAU,QAAQ;IAChB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAED,MAAM,WAAW,YAAY;IAC3B,qEAAqE;IACrE,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AASD,qBAAa,KAAK;IAWd,OAAO,CAAC,QAAQ,CAAC,KAAK;IACtB,OAAO,CAAC,QAAQ,CAAC,OAAO;IACxB,OAAO,CAAC,QAAQ,CAAC,IAAI;IAZvB,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,KAAK,CAA+C;IAC5D,OAAO,CAAC,YAAY,CAAuB;IAC3C,gFAAgF;IAChF,OAAO,CAAC,SAAS,CAAK;IACtB,OAAO,CAAC,eAAe,CAAK;IAC5B,OAAO,CAAC,YAAY,CAA6B;IACjD,OAAO,CAAC,UAAU,CAA6B;gBAG5B,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,QAAQ;IAGjC,wEAAwE;IACxE,KAAK,IAAI,IAAI;IA6Bb,iFAAiF;IACjF,IAAI,IAAI,IAAI;IAkBZ;;;OAGG;IACH,aAAa,CAAC,CAAC,GAAE,MAAU,GAAG,IAAI;IAKlC;;;;OAIG;IACH,KAAK,IAAI,IAAI;IAWb,+DAA+D;IAC/D,OAAO,CAAC,WAAW;IAOnB,qFAAqF;IACrF,OAAO,CAAC,YAAY;IAWpB,OAAO,CAAC,aAAa;YAMP,IAAI;YAoBJ,IAAI;CAsCnB"}