@ragable/sdk 0.5.0 → 0.6.0

package/dist/index.mjs

@@ -9,14 +9,50 @@ function bindFetch(custom) {
     return f.call(globalThis, input, init);
   };
 }
-var RagableError = class extends Error {
+var DEFAULT_RAGABLE_API_BASE = "https://ragable-341305259977.asia-southeast1.run.app/api";
+var RagableSdkError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = this.constructor.name;
+  }
+};
+var RagableError = class extends RagableSdkError {
   constructor(message, status, body) {
     super(message);
+    __publicField(this, "__type", "RagableError");
     __publicField(this, "status");
     __publicField(this, "body");
-    this.name = "RagableError";
+    __publicField(this, "code");
+    __publicField(this, "details");
     this.status = status;
     this.body = body;
+    if (body && typeof body === "object") {
+      const b = body;
+      this.code = typeof b.code === "string" ? b.code : void 0;
+      this.details = typeof b.details === "string" ? b.details : void 0;
+    }
+  }
+};
+var RagableNetworkError = class extends RagableSdkError {
+  constructor(message, cause) {
+    super(message);
+    __publicField(this, "__type", "RagableNetworkError");
+    __publicField(this, "cause");
+    this.cause = cause;
+  }
+};
+var RagableAbortError = class extends RagableSdkError {
+  constructor(message = "Request aborted") {
+    super(message);
+    __publicField(this, "__type", "RagableAbortError");
+  }
+};
+var RagableTimeoutError = class extends RagableSdkError {
+  constructor(timeoutMs) {
+    super(`Request timed out after ${timeoutMs}ms`);
+    __publicField(this, "__type", "RagableTimeoutError");
+    __publicField(this, "timeoutMs");
+    this.timeoutMs = timeoutMs;
   }
 };
 function extractErrorMessage(payload, fallback) {
@@ -40,7 +76,7 @@ var RagableRequestClient = class {
     __publicField(this, "fetchImpl");
     __publicField(this, "defaultHeaders");
     this.apiKey = options.apiKey;
-    this.baseUrl = options.baseUrl ?? "http://localhost:8080/api";
+    this.baseUrl = options.baseUrl ?? DEFAULT_RAGABLE_API_BASE;
     this.fetchImpl = bindFetch(options.fetch);
     this.defaultHeaders = options.headers;
   }
@@ -344,42 +380,191 @@ var AgentsClient = class {
   }
 };
 
-// src/browser-postgrest.ts
-function assertIdent(name, ctx) {
-  if (!/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(name)) {
-    throw new RagableError(
-      `Invalid ${ctx} identifier "${name}" (use letters, numbers, underscore)`,
-      400,
-      null
-    );
+// src/transport.ts
+var DEFAULT_RETRY = {
+  maxRetries: 3,
+  baseDelayMs: 200,
+  maxDelayMs: 5e3,
+  retryOn: [408, 425, 429, 502, 503, 504],
+  respectRetryAfter: true
+};
+var DEFAULT_TIMEOUT_MS = 3e4;
+function jitteredDelay(base, attempt, max) {
+  const exp = Math.min(base * 2 ** attempt, max);
+  return Math.round(exp * (0.5 + Math.random() * 0.5));
+}
+function parseRetryAfter(header) {
+  if (!header) return null;
+  const seconds = Number(header);
+  if (Number.isFinite(seconds) && seconds >= 0) return seconds * 1e3;
+  const date = Date.parse(header);
+  if (Number.isFinite(date)) return Math.max(0, date - Date.now());
+  return null;
+}
+var _uuidCounter = 0;
+function generateIdempotencyKey() {
+  if (typeof crypto !== "undefined" && crypto.randomUUID) {
+    return crypto.randomUUID();
   }
+  _uuidCounter++;
+  return `idk-${Date.now()}-${_uuidCounter}-${Math.random().toString(36).slice(2, 10)}`;
 }
-function quoteIdent(name) {
-  assertIdent(name, "column");
-  return `"${name}"`;
+function requestCacheKey(req) {
+  return `${req.method}:${req.url}`;
 }
-function parseConflictColumns(onConflict) {
-  const parts = onConflict.split(",").map((s) => s.trim()).filter(Boolean);
-  if (parts.length === 0) {
-    throw new RagableError(
-      "upsert requires onConflict with at least one column (e.g. 'id' or 'org_id,user_id')",
-      400,
-      null
+var Transport = class {
+  constructor(options = {}) {
+    __publicField(this, "fetchImpl");
+    __publicField(this, "defaultHeaders");
+    __publicField(this, "defaultRetry");
+    __publicField(this, "defaultTimeoutMs");
+    __publicField(this, "onRequest");
+    __publicField(this, "onResponse");
+    __publicField(this, "onRetry");
+    __publicField(this, "inflightGets", /* @__PURE__ */ new Map());
+    __publicField(this, "_refreshHandler", null);
+    this.fetchImpl = bindFetch(options.fetch);
+    this.defaultHeaders = options.headers;
+    this.defaultRetry = { ...DEFAULT_RETRY, ...options.retry };
+    this.defaultTimeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+    this.onRequest = options.onRequest;
+    this.onResponse = options.onResponse;
+    this.onRetry = options.onRetry;
+  }
+  setRefreshHandler(handler) {
+    this._refreshHandler = handler;
+  }
+  async execute(req) {
+    if (req.method === "GET") {
+      const key = requestCacheKey(req);
+      const existing = this.inflightGets.get(key);
+      if (existing) return existing;
+      const promise = this._executeWithRetry(req).finally(() => {
+        this.inflightGets.delete(key);
+      });
+      this.inflightGets.set(key, promise);
+      return promise;
+    }
+    return this._executeWithRetry(req);
+  }
+  async _executeWithRetry(req) {
+    const retryOpts = {
+      ...this.defaultRetry,
+      ...req.retry
+    };
+    const timeoutMs = req.timeoutMs ?? this.defaultTimeoutMs;
+    const headers = new Headers(this.defaultHeaders);
+    req.headers.forEach((v, k) => headers.set(k, v));
+    if (req.idempotencyKey) {
+      headers.set("Idempotency-Key", req.idempotencyKey);
+    }
+    const finalReq = { ...req, headers };
+    this.onRequest?.(finalReq);
+    let lastError;
+    const maxAttempts = 1 + retryOpts.maxRetries;
+    let did401Refresh = false;
+    for (let attempt = 0; attempt < maxAttempts; attempt++) {
+      try {
+        const response = await this._singleFetch(finalReq, timeoutMs);
+        if (response.status === 401 && this._refreshHandler && !did401Refresh) {
+          did401Refresh = true;
+          const newToken = await this._refreshHandler();
+          if (newToken) {
+            finalReq.headers.set("Authorization", `Bearer ${newToken}`);
+            attempt--;
+            continue;
+          }
+        }
+        if (!response.ok && retryOpts.retryOn.includes(response.status) && attempt < maxAttempts - 1) {
+          let delayMs = jitteredDelay(retryOpts.baseDelayMs, attempt, retryOpts.maxDelayMs);
+          if (retryOpts.respectRetryAfter) {
+            const ra = parseRetryAfter(response.headers.get("retry-after"));
+            if (ra !== null) delayMs = Math.min(ra, retryOpts.maxDelayMs);
+          }
+          this.onRetry?.(finalReq, attempt + 1, delayMs, `HTTP ${response.status}`);
+          await sleep(delayMs);
+          continue;
+        }
+        return response;
+      } catch (e) {
+        if (e instanceof RagableAbortError || e instanceof RagableTimeoutError) {
+          throw e;
+        }
+        lastError = e;
+        if (attempt < maxAttempts - 1) {
+          const delayMs = jitteredDelay(retryOpts.baseDelayMs, attempt, retryOpts.maxDelayMs);
+          this.onRetry?.(finalReq, attempt + 1, delayMs, e.message);
+          await sleep(delayMs);
+          continue;
+        }
+      }
+    }
+    throw lastError instanceof RagableNetworkError ? lastError : new RagableNetworkError(
+      lastError?.message ?? "Network request failed",
+      lastError
     );
   }
-  for (const p of parts) assertIdent(p, "onConflict");
-  return parts;
-}
-var OP_SQL = {
-  eq: "=",
-  neq: "<>",
-  gt: ">",
-  gte: ">=",
-  lt: "<",
-  lte: "<=",
-  like: "LIKE",
-  ilike: "ILIKE"
+  async _singleFetch(req, timeoutMs) {
+    const controller = new AbortController();
+    const signals = [controller.signal];
+    if (req.signal) signals.push(req.signal);
+    const combinedSignal = signals.length === 1 ? controller.signal : AbortSignal.any ? AbortSignal.any(signals) : controller.signal;
+    if (req.signal?.aborted) {
+      throw new RagableAbortError();
+    }
+    const timer = setTimeout(() => controller.abort(), timeoutMs);
+    const externalAbortHandler = req.signal ? () => controller.abort() : null;
+    if (externalAbortHandler && req.signal) {
+      req.signal.addEventListener("abort", externalAbortHandler, { once: true });
+    }
+    const start = Date.now();
+    try {
+      const response = await this.fetchImpl(req.url, {
+        method: req.method,
+        headers: req.headers,
+        body: req.body,
+        signal: combinedSignal
+      });
+      this.onResponse?.(req, response, Date.now() - start);
+      return response;
+    } catch (e) {
+      if (e.name === "AbortError") {
+        if (req.signal?.aborted) throw new RagableAbortError();
+        throw new RagableTimeoutError(timeoutMs);
+      }
+      throw new RagableNetworkError(e.message, e);
+    } finally {
+      clearTimeout(timer);
+      if (externalAbortHandler && req.signal) {
+        req.signal.removeEventListener("abort", externalAbortHandler);
+      }
+    }
+  }
 };
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+async function parseTransportResponse(response) {
+  if (response.status === 204) return null;
+  const text = await response.text();
+  if (!text) return null;
+  let payload;
+  try {
+    payload = JSON.parse(text);
+  } catch {
+    if (!response.ok) {
+      throw new RagableError(text.slice(0, 200), response.status, null);
+    }
+    return text;
+  }
+  if (!response.ok) {
+    const message = extractErrorMessage(payload, response.statusText);
+    throw new RagableError(message, response.status, payload);
+  }
+  return payload;
+}
+
+// src/browser-postgrest.ts
 async function asPostgrestResponse(fn) {
   try {
     const data = await fn();
@@ -389,28 +574,75 @@ async function asPostgrestResponse(fn) {
     return { data: null, error: err };
   }
 }
-function buildWhere(filters, params) {
-  if (filters.length === 0) return { clause: "", nextIdx: 1 };
-  const parts = [];
-  let i = params.length;
-  for (const f of filters) {
-    assertIdent(f.column, "filter");
-    i += 1;
-    parts.push(`${quoteIdent(f.column)} ${OP_SQL[f.op]} $${i}`);
-    params.push(f.value);
-  }
-  return { clause: ` WHERE ${parts.join(" AND ")}`, nextIdx: i };
+function encodeFilterValue(op, value) {
+  if (op === "is") return `is.${value}`;
+  if (op === "in") {
+    const vals = value;
+    return `in.(${vals.map(String).join(",")})`;
+  }
+  return `${op}.${value}`;
+}
+async function parsePostgRESTResponse(response) {
+  if (response.status === 204) return null;
+  const text = await response.text();
+  if (!text) return null;
+  let payload;
+  try {
+    payload = JSON.parse(text);
+  } catch {
+    throw new RagableError(
+      `PostgREST response parse error: ${text.slice(0, 200)}`,
+      response.status,
+      null
+    );
+  }
+  if (!response.ok) {
+    const msg = typeof payload === "object" && payload !== null ? payload.message ?? payload.error ?? response.statusText : response.statusText;
+    const code = typeof payload === "object" && payload !== null ? payload.code : void 0;
+    throw new RagableError(String(msg), response.status, { code });
+  }
+  return payload;
+}
+function addFilterMethods(builder) {
+  const b = builder;
+  for (const op of ["eq", "neq", "gt", "gte", "lt", "lte", "like", "ilike"]) {
+    b[op] = function(column, value) {
+      b.filters.push({ op, column, value });
+      return b;
+    };
+  }
+  b.is = function(column, value) {
+    b.filters.push({ op: "is", column, value });
+    return b;
+  };
+  b.in = function(column, values) {
+    b.filters.push({ op: "in", column, value: values });
+    return b;
+  };
+  b.match = function(query) {
+    for (const [col, val] of Object.entries(query)) {
+      if (val === null) {
+        b.filters.push({ op: "is", column: col, value: null });
+      } else {
+        b.filters.push({ op: "eq", column: col, value: val });
+      }
+    }
+    return b;
+  };
+  return b;
 }
 var PostgrestSelectBuilder = class {
-  constructor(run, databaseInstanceId, table, columns) {
-    this.run = run;
+  constructor(pgFetch, databaseInstanceId, table, columns) {
+    this.pgFetch = pgFetch;
     this.databaseInstanceId = databaseInstanceId;
     this.table = table;
     this.columns = columns;
     __publicField(this, "filters", []);
     __publicField(this, "_limit");
+    __publicField(this, "_offset");
     __publicField(this, "_order");
-    assertIdent(table, "table");
+    __publicField(this, "_signal");
+    addFilterMethods(this);
   }
   eq(column, value) {
     this.filters.push({ op: "eq", column, value });
@@ -444,140 +676,173 @@ var PostgrestSelectBuilder = class {
     this.filters.push({ op: "ilike", column, value });
     return this;
   }
+  is(column, value) {
+    this.filters.push({ op: "is", column, value });
+    return this;
+  }
+  in(column, values) {
+    this.filters.push({ op: "in", column, value: values });
+    return this;
+  }
+  match(query) {
+    for (const [col, val] of Object.entries(query)) {
+      if (val === null) {
+        this.filters.push({ op: "is", column: col, value: null });
+      } else {
+        this.filters.push({ op: "eq", column: col, value: val });
+      }
+    }
+    return this;
+  }
   limit(n) {
     this._limit = n;
     return this;
   }
+  offset(n) {
+    this._offset = n;
+    return this;
+  }
+  range(from, to) {
+    this._offset = from;
+    this._limit = to - from + 1;
+    return this;
+  }
   order(column, options) {
-    this._order = { column, ascending: options?.ascending !== false };
+    this._order = {
+      column,
+      ascending: options?.ascending !== false,
+      nullsFirst: options?.nullsFirst
+    };
+    return this;
+  }
+  abortSignal(signal) {
+    this._signal = signal;
     return this;
   }
-  buildSelectCore(params, includeUserLimit) {
-    const tbl = quoteIdent(this.table);
-    const { clause } = buildWhere(this.filters, params);
-    let sql = `SELECT ${this.columns} FROM ${tbl}${clause}`;
+  buildSearchParams() {
+    const sp = new URLSearchParams();
+    if (this.columns && this.columns !== "*") {
+      sp.set("select", this.columns);
+    }
+    for (const f of this.filters) {
+      sp.append(f.column, encodeFilterValue(f.op, f.value));
+    }
     if (this._order) {
-      sql += ` ORDER BY ${quoteIdent(this._order.column)} ${this._order.ascending ? "ASC" : "DESC"}`;
+      let orderStr = `${this._order.column}.${this._order.ascending ? "asc" : "desc"}`;
+      if (this._order.nullsFirst === true) orderStr += ".nullsfirst";
+      else if (this._order.nullsFirst === false) orderStr += ".nullslast";
+      sp.set("order", orderStr);
     }
-    if (includeUserLimit && this._limit != null) {
-      sql += ` LIMIT ${Math.max(0, Math.floor(this._limit))}`;
+    if (this._limit != null) {
+      sp.set("limit", String(Math.max(0, Math.floor(this._limit))));
     }
-    return sql;
+    if (this._offset != null && this._offset > 0) {
+      sp.set("offset", String(Math.max(0, Math.floor(this._offset))));
+    }
+    return sp;
   }
   then(onfulfilled, onrejected) {
     return this.executeMany().then(onfulfilled, onrejected);
   }
   async executeMany() {
     return asPostgrestResponse(async () => {
-      const params = [];
-      const sql = this.buildSelectCore(params, true);
-      const res = await this.run({
+      const response = await this.pgFetch({
+        method: "GET",
+        table: this.table,
+        searchParams: this.buildSearchParams(),
         databaseInstanceId: this.databaseInstanceId,
-        sql,
-        params,
-        readOnly: true
+        signal: this._signal
       });
-      return res.rows;
+      return parsePostgRESTResponse(response);
     });
   }
   async single() {
     return asPostgrestResponse(async () => {
-      const params = [];
-      const base = this.buildSelectCore(params, false);
-      const sql = `${base} LIMIT 2`;
-      const res = await this.run({
+      const sp = this.buildSearchParams();
+      const response = await this.pgFetch({
+        method: "GET",
+        table: this.table,
+        searchParams: sp,
+        headers: { Accept: "application/vnd.pgrst.object+json" },
         databaseInstanceId: this.databaseInstanceId,
-        sql,
-        params,
-        readOnly: true
+        signal: this._signal
       });
-      if (res.rows.length === 0 || res.rows.length > 1) {
-        throw new RagableError("JSON object requested, multiple (or no) rows returned", 406, {
-          code: "PGRST116"
-        });
-      }
-      return res.rows[0];
+      return parsePostgRESTResponse(response);
     });
   }
   async maybeSingle() {
     return asPostgrestResponse(async () => {
-      const params = [];
-      const base = this.buildSelectCore(params, false);
-      const sql = `${base} LIMIT 2`;
-      const res = await this.run({
+      const response = await this.pgFetch({
+        method: "GET",
+        table: this.table,
+        searchParams: this.buildSearchParams(),
         databaseInstanceId: this.databaseInstanceId,
-        sql,
-        params,
-        readOnly: true
+        signal: this._signal
       });
-      if (res.rows.length > 1) {
-        throw new RagableError("JSON object requested, multiple (or no) rows returned", 406, {
-          code: "PGRST116"
-        });
+      const rows = await parsePostgRESTResponse(response);
+      if (rows.length > 1) {
+        throw new RagableError(
+          "JSON object requested, multiple (or no) rows returned",
+          406,
+          { code: "PGRST116" }
+        );
       }
-      return res.rows[0] ?? null;
+      return rows[0] ?? null;
     });
   }
 };
 var PostgrestInsertRootBuilder = class {
-  constructor(run, databaseInstanceId, table, rows) {
-    this.run = run;
+  constructor(pgFetch, databaseInstanceId, table, rows) {
+    this.pgFetch = pgFetch;
     this.databaseInstanceId = databaseInstanceId;
     this.table = table;
     this.rows = rows;
-    assertIdent(table, "table");
+    __publicField(this, "_signal");
   }
-  /**
-   * Return inserted rows (Supabase: chain `.select()` to get data).
-   * @see https://supabase.com/docs/reference/javascript/insert
-   */
   select(columns = "*") {
     return new PostgrestInsertReturningBuilder(
-      this.run,
+      this.pgFetch,
       this.databaseInstanceId,
       this.table,
       this.rows,
-      columns
+      columns,
+      this._signal
     );
   }
+  abortSignal(signal) {
+    this._signal = signal;
+    return this;
+  }
   then(onfulfilled, onrejected) {
     return this.executeNoReturn().then(onfulfilled, onrejected);
   }
   async executeNoReturn() {
     return asPostgrestResponse(async () => {
       if (this.rows.length === 0) return null;
-      const keys = Object.keys(this.rows[0]);
-      for (const k of keys) assertIdent(k, "column");
-      const tbl = quoteIdent(this.table);
-      const params = [];
-      const valueGroups = [];
-      for (const row of this.rows) {
-        const placeholders = [];
-        for (const k of keys) {
-          params.push(row[k]);
-          placeholders.push(`$${params.length}`);
-        }
-        valueGroups.push(`(${placeholders.join(", ")})`);
-      }
-      const cols = keys.map(quoteIdent).join(", ");
-      const sql = `INSERT INTO ${tbl} (${cols}) VALUES ${valueGroups.join(", ")}`;
-      await this.run({
+      const body = this.rows.length === 1 ? this.rows[0] : this.rows;
+      const response = await this.pgFetch({
+        method: "POST",
+        table: this.table,
+        searchParams: new URLSearchParams(),
+        body,
+        headers: { Prefer: "return=minimal" },
         databaseInstanceId: this.databaseInstanceId,
-        sql,
-        params,
-        readOnly: false
+        signal: this._signal,
+        idempotencyKey: generateIdempotencyKey()
       });
+      await parsePostgRESTResponse(response);
       return null;
     });
   }
 };
 var PostgrestInsertReturningBuilder = class {
-  constructor(run, databaseInstanceId, table, rows, returning) {
-    this.run = run;
+  constructor(pgFetch, databaseInstanceId, table, rows, returning, _signal) {
+    this.pgFetch = pgFetch;
     this.databaseInstanceId = databaseInstanceId;
     this.table = table;
     this.rows = rows;
     this.returning = returning;
+    this._signal = _signal;
   }
   then(onfulfilled, onrejected) {
     return this.executeMany().then(onfulfilled, onrejected);
@@ -585,28 +850,22 @@ var PostgrestInsertReturningBuilder = class {
   async executeMany() {
     return asPostgrestResponse(async () => {
       if (this.rows.length === 0) return [];
-      const keys = Object.keys(this.rows[0]);
-      for (const k of keys) assertIdent(k, "column");
-      const tbl = quoteIdent(this.table);
-      const params = [];
-      const valueGroups = [];
-      for (const row of this.rows) {
-        const placeholders = [];
-        for (const k of keys) {
-          params.push(row[k]);
-          placeholders.push(`$${params.length}`);
-        }
-        valueGroups.push(`(${placeholders.join(", ")})`);
+      const body = this.rows.length === 1 ? this.rows[0] : this.rows;
+      const sp = new URLSearchParams();
+      if (this.returning && this.returning !== "*") {
+        sp.set("select", this.returning);
       }
-      const cols = keys.map(quoteIdent).join(", ");
-      const sql = `INSERT INTO ${tbl} (${cols}) VALUES ${valueGroups.join(", ")} RETURNING ${this.returning}`;
-      const res = await this.run({
+      const response = await this.pgFetch({
+        method: "POST",
+        table: this.table,
+        searchParams: sp,
+        body,
+        headers: { Prefer: "return=representation" },
         databaseInstanceId: this.databaseInstanceId,
-        sql,
-        params,
-        readOnly: false
+        signal: this._signal,
+        idempotencyKey: generateIdempotencyKey()
       });
-      return res.rows;
+      return parsePostgRESTResponse(response);
     });
   }
   async single() {
@@ -615,9 +874,11 @@ var PostgrestInsertReturningBuilder = class {
       if (error) throw error;
       const rows = data ?? [];
       if (rows.length === 0 || rows.length > 1) {
-        throw new RagableError("JSON object requested, multiple (or no) rows returned", 406, {
-          code: "PGRST116"
-        });
+        throw new RagableError(
+          "JSON object requested, multiple (or no) rows returned",
+          406,
+          { code: "PGRST116" }
+        );
       }
       return rows[0];
     });
@@ -628,22 +889,24 @@ var PostgrestInsertReturningBuilder = class {
       if (error) throw error;
       const rows = data ?? [];
       if (rows.length > 1) {
-        throw new RagableError("JSON object requested, multiple (or no) rows returned", 406, {
-          code: "PGRST116"
-        });
+        throw new RagableError(
+          "JSON object requested, multiple (or no) rows returned",
+          406,
+          { code: "PGRST116" }
+        );
       }
       return rows[0] ?? null;
     });
   }
 };
 var PostgrestUpdateRootBuilder = class {
-  constructor(run, databaseInstanceId, table, patch) {
-    this.run = run;
+  constructor(pgFetch, databaseInstanceId, table, patch) {
+    this.pgFetch = pgFetch;
     this.databaseInstanceId = databaseInstanceId;
     this.table = table;
     this.patch = patch;
     __publicField(this, "filters", []);
-    assertIdent(table, "table");
+    __publicField(this, "_signal");
   }
   eq(column, value) {
     this.filters.push({ op: "eq", column, value });
@@ -677,64 +940,79 @@ var PostgrestUpdateRootBuilder = class {
     this.filters.push({ op: "ilike", column, value });
     return this;
   }
-  /**
-   * Return updated rows (Supabase: `.update().eq().select()`).
-   * @see https://supabase.com/docs/reference/javascript/update
-   */
+  is(column, value) {
+    this.filters.push({ op: "is", column, value });
+    return this;
+  }
+  in(column, values) {
+    this.filters.push({ op: "in", column, value: values });
+    return this;
+  }
+  match(query) {
+    for (const [col, val] of Object.entries(query)) {
+      if (val === null) {
+        this.filters.push({ op: "is", column: col, value: null });
+      } else {
+        this.filters.push({ op: "eq", column: col, value: val });
+      }
+    }
+    return this;
+  }
   select(columns = "*") {
     return new PostgrestUpdateReturningBuilder(
-      this.run,
+      this.pgFetch,
       this.databaseInstanceId,
       this.table,
       this.patch,
       this.filters,
-      columns
+      columns,
+      this._signal
     );
   }
+  abortSignal(signal) {
+    this._signal = signal;
+    return this;
+  }
   then(onfulfilled, onrejected) {
     return this.executeNoReturn().then(onfulfilled, onrejected);
   }
+  buildSearchParams() {
+    const sp = new URLSearchParams();
+    for (const f of this.filters) {
+      sp.append(f.column, encodeFilterValue(f.op, f.value));
+    }
+    return sp;
+  }
   async executeNoReturn() {
     return asPostgrestResponse(async () => {
       const keys = Object.keys(this.patch);
       if (keys.length === 0) {
         throw new RagableError("Empty update payload", 400, null);
       }
-      for (const k of keys) assertIdent(k, "column");
-      if (this.filters.length === 0) {
-        throw new RagableError(
-          "UPDATE requires a filter (e.g. .eq('id', value)) \u2014 refusing unscoped update",
-          400,
-          null
-        );
-      }
-      const params = [];
-      const sets = [];
-      for (const k of keys) {
-        params.push(this.patch[k]);
-        sets.push(`${quoteIdent(k)} = $${params.length}`);
-      }
-      const { clause } = buildWhere(this.filters, params);
-      const tbl = quoteIdent(this.table);
-      const sql = `UPDATE ${tbl} SET ${sets.join(", ")}${clause}`;
-      await this.run({
+      const response = await this.pgFetch({
+        method: "PATCH",
+        table: this.table,
+        searchParams: this.buildSearchParams(),
+        body: this.patch,
+        headers: { Prefer: "return=minimal" },
         databaseInstanceId: this.databaseInstanceId,
-        sql,
-        params,
-        readOnly: false
+        signal: this._signal,
+        idempotencyKey: generateIdempotencyKey()
       });
+      await parsePostgRESTResponse(response);
       return null;
     });
   }
 };
 var PostgrestUpdateReturningBuilder = class {
-  constructor(run, databaseInstanceId, table, patch, filters, returning) {
-    this.run = run;
+  constructor(pgFetch, databaseInstanceId, table, patch, filters, returning, _signal) {
+    this.pgFetch = pgFetch;
     this.databaseInstanceId = databaseInstanceId;
     this.table = table;
     this.patch = patch;
     this.filters = filters;
     this.returning = returning;
+    this._signal = _signal;
   }
   then(onfulfilled, onrejected) {
     return this.executeMany().then(onfulfilled, onrejected);
@@ -745,30 +1023,24 @@ var PostgrestUpdateReturningBuilder = class {
       if (keys.length === 0) {
         throw new RagableError("Empty update payload", 400, null);
       }
-      for (const k of keys) assertIdent(k, "column");
-      if (this.filters.length === 0) {
-        throw new RagableError(
-          "UPDATE requires a filter (e.g. .eq('id', value)) \u2014 refusing unscoped update",
-          400,
-          null
-        );
+      const sp = new URLSearchParams();
+      for (const f of this.filters) {
+        sp.append(f.column, encodeFilterValue(f.op, f.value));
       }
-      const params = [];
-      const sets = [];
-      for (const k of keys) {
-        params.push(this.patch[k]);
-        sets.push(`${quoteIdent(k)} = $${params.length}`);
+      if (this.returning && this.returning !== "*") {
+        sp.set("select", this.returning);
       }
-      const { clause } = buildWhere(this.filters, params);
-      const tbl = quoteIdent(this.table);
-      const sql = `UPDATE ${tbl} SET ${sets.join(", ")}${clause} RETURNING ${this.returning}`;
-      const res = await this.run({
+      const response = await this.pgFetch({
+        method: "PATCH",
+        table: this.table,
+        searchParams: sp,
+        body: this.patch,
+        headers: { Prefer: "return=representation" },
         databaseInstanceId: this.databaseInstanceId,
-        sql,
-        params,
-        readOnly: false
+        signal: this._signal,
+        idempotencyKey: generateIdempotencyKey()
       });
-      return res.rows;
+      return parsePostgRESTResponse(response);
     });
   }
   async single() {
@@ -777,9 +1049,11 @@ var PostgrestUpdateReturningBuilder = class {
       if (error) throw error;
       const rows = data ?? [];
       if (rows.length === 0 || rows.length > 1) {
-        throw new RagableError("JSON object requested, multiple (or no) rows returned", 406, {
-          code: "PGRST116"
-        });
+        throw new RagableError(
+          "JSON object requested, multiple (or no) rows returned",
+          406,
+          { code: "PGRST116" }
+        );
       }
       return rows[0];
     });
@@ -790,21 +1064,23 @@ var PostgrestUpdateReturningBuilder = class {
       if (error) throw error;
       const rows = data ?? [];
       if (rows.length > 1) {
-        throw new RagableError("JSON object requested, multiple (or no) rows returned", 406, {
-          code: "PGRST116"
-        });
+        throw new RagableError(
+          "JSON object requested, multiple (or no) rows returned",
+          406,
+          { code: "PGRST116" }
+        );
       }
       return rows[0] ?? null;
     });
   }
 };
 var PostgrestDeleteRootBuilder = class {
-  constructor(run, databaseInstanceId, table) {
-    this.run = run;
+  constructor(pgFetch, databaseInstanceId, table) {
+    this.pgFetch = pgFetch;
     this.databaseInstanceId = databaseInstanceId;
     this.table = table;
     __publicField(this, "filters", []);
-    assertIdent(table, "table");
+    __publicField(this, "_signal");
   }
   eq(column, value) {
     this.filters.push({ op: "eq", column, value });
@@ -838,76 +1114,92 @@ var PostgrestDeleteRootBuilder = class {
     this.filters.push({ op: "ilike", column, value });
     return this;
   }
-  /**
-   * Return deleted rows (Supabase: `.delete().eq().select()`).
-   * @see https://supabase.com/docs/reference/javascript/delete
-   */
+  is(column, value) {
+    this.filters.push({ op: "is", column, value });
+    return this;
+  }
+  in(column, values) {
+    this.filters.push({ op: "in", column, value: values });
+    return this;
+  }
+  match(query) {
+    for (const [col, val] of Object.entries(query)) {
+      if (val === null) {
+        this.filters.push({ op: "is", column: col, value: null });
+      } else {
+        this.filters.push({ op: "eq", column: col, value: val });
+      }
+    }
+    return this;
+  }
   select(columns = "*") {
     return new PostgrestDeleteReturningBuilder(
-      this.run,
+      this.pgFetch,
       this.databaseInstanceId,
       this.table,
       this.filters,
-      columns
+      columns,
+      this._signal
     );
   }
+  abortSignal(signal) {
+    this._signal = signal;
+    return this;
+  }
   then(onfulfilled, onrejected) {
     return this.executeNoReturn().then(onfulfilled, onrejected);
   }
   async executeNoReturn() {
     return asPostgrestResponse(async () => {
-      if (this.filters.length === 0) {
-        throw new RagableError(
-          "DELETE requires a filter (e.g. .eq('id', value)) \u2014 refusing unscoped delete",
-          400,
-          null
-        );
+      const sp = new URLSearchParams();
+      for (const f of this.filters) {
+        sp.append(f.column, encodeFilterValue(f.op, f.value));
       }
-      const params = [];
-      const { clause } = buildWhere(this.filters, params);
-      const tbl = quoteIdent(this.table);
-      const sql = `DELETE FROM ${tbl}${clause}`;
-      await this.run({
+      const response = await this.pgFetch({
+        method: "DELETE",
+        table: this.table,
+        searchParams: sp,
+        headers: { Prefer: "return=minimal" },
         databaseInstanceId: this.databaseInstanceId,
-        sql,
-        params,
-        readOnly: false
+        signal: this._signal,
+        idempotencyKey: generateIdempotencyKey()
       });
+      await parsePostgRESTResponse(response);
       return null;
     });
   }
 };
 var PostgrestDeleteReturningBuilder = class {
-  constructor(run, databaseInstanceId, table, filters, returning) {
-    this.run = run;
+  constructor(pgFetch, databaseInstanceId, table, filters, returning, _signal) {
+    this.pgFetch = pgFetch;
     this.databaseInstanceId = databaseInstanceId;
     this.table = table;
     this.filters = filters;
     this.returning = returning;
+    this._signal = _signal;
   }
   then(onfulfilled, onrejected) {
     return this.executeMany().then(onfulfilled, onrejected);
   }
   async executeMany() {
     return asPostgrestResponse(async () => {
-      if (this.filters.length === 0) {
-        throw new RagableError(
-          "DELETE requires a filter (e.g. .eq('id', value)) \u2014 refusing unscoped delete",
-          400,
-          null
-        );
+      const sp = new URLSearchParams();
+      for (const f of this.filters) {
+        sp.append(f.column, encodeFilterValue(f.op, f.value));
+      }
+      if (this.returning && this.returning !== "*") {
+        sp.set("select", this.returning);
       }
-      const params = [];
-      const { clause } = buildWhere(this.filters, params);
-      const tbl = quoteIdent(this.table);
-      const sql = `DELETE FROM ${tbl}${clause} RETURNING ${this.returning}`;
-      const res = await this.run({
+      const response = await this.pgFetch({
+        method: "DELETE",
+        table: this.table,
+        searchParams: sp,
+        headers: { Prefer: "return=representation" },
         databaseInstanceId: this.databaseInstanceId,
-        sql,
-        params,
-        readOnly: false
+        signal: this._signal,
+        idempotencyKey: generateIdempotencyKey()
       });
-      return res.rows;
+      return parsePostgRESTResponse(response);
     });
   }
   async single() {
@@ -916,9 +1208,11 @@ var PostgrestDeleteReturningBuilder = class {
       if (error) throw error;
       const rows = data ?? [];
       if (rows.length === 0 || rows.length > 1) {
-        throw new RagableError("JSON object requested, multiple (or no) rows returned", 406, {
-          code: "PGRST116"
-        });
+        throw new RagableError(
+          "JSON object requested, multiple (or no) rows returned",
+          406,
+          { code: "PGRST116" }
+        );
       }
       return rows[0];
     });
@@ -929,84 +1223,66 @@ var PostgrestDeleteReturningBuilder = class {
       if (error) throw error;
       const rows = data ?? [];
       if (rows.length > 1) {
-        throw new RagableError("JSON object requested, multiple (or no) rows returned", 406, {
-          code: "PGRST116"
-        });
+        throw new RagableError(
+          "JSON object requested, multiple (or no) rows returned",
+          406,
+          { code: "PGRST116" }
+        );
       }
       return rows[0] ?? null;
     });
   }
 };
 var PostgrestUpsertRootBuilder = class {
-  constructor(run, databaseInstanceId, table, rows, onConflict, ignoreDuplicates) {
-    this.run = run;
+  constructor(pgFetch, databaseInstanceId, table, rows, onConflict, ignoreDuplicates) {
+    this.pgFetch = pgFetch;
     this.databaseInstanceId = databaseInstanceId;
     this.table = table;
     this.rows = rows;
+    this.onConflict = onConflict;
     this.ignoreDuplicates = ignoreDuplicates;
-    __publicField(this, "conflictCols");
-    assertIdent(table, "table");
-    this.conflictCols = parseConflictColumns(onConflict);
+    __publicField(this, "_signal");
   }
-  /**
-   * Return upserted rows (Supabase: `.upsert().select()`).
-   * @see https://supabase.com/docs/reference/javascript/upsert
-   */
   select(columns = "*") {
     return new PostgrestUpsertReturningBuilder(this, columns);
   }
+  abortSignal(signal) {
+    this._signal = signal;
+    return this;
+  }
   then(onfulfilled, onrejected) {
     return this.executeNoReturn().then(onfulfilled, onrejected);
   }
   async executeNoReturn() {
     return asPostgrestResponse(async () => {
-      await this.runUpsert(null);
+      await this.runUpsert("return=minimal", null);
       return null;
     });
   }
-  async runUpsert(returning) {
-    if (this.rows.length === 0) {
-      return { command: "INSERT", rowCount: 0, truncated: false, rows: [] };
-    }
-    const keys = Object.keys(this.rows[0]);
-    for (const k of keys) assertIdent(k, "column");
-    const tbl = quoteIdent(this.table);
-    const conflictQuoted = this.conflictCols.map(quoteIdent).join(", ");
-    const params = [];
-    const valueGroups = [];
-    for (const row of this.rows) {
-      const placeholders = [];
-      for (const k of keys) {
-        params.push(row[k]);
-        placeholders.push(`$${params.length}`);
-      }
-      valueGroups.push(`(${placeholders.join(", ")})`);
-    }
-    const cols = keys.map(quoteIdent).join(", ");
-    let sql = `INSERT INTO ${tbl} (${cols}) VALUES ${valueGroups.join(", ")} ON CONFLICT (${conflictQuoted})`;
-    if (this.ignoreDuplicates) {
-      sql += " DO NOTHING";
-    } else {
-      const setParts = keys.filter((k) => !this.conflictCols.includes(k)).map((k) => `${quoteIdent(k)} = EXCLUDED.${quoteIdent(k)}`);
-      if (setParts.length === 0) {
-        sql += " DO NOTHING";
-      } else {
-        sql += ` DO UPDATE SET ${setParts.join(", ")}`;
-      }
-    }
-    if (returning) {
-      sql += ` RETURNING ${returning}`;
+  async runUpsert(prefer, selectCols) {
+    if (this.rows.length === 0) return [];
+    const body = this.rows.length === 1 ? this.rows[0] : this.rows;
+    const sp = new URLSearchParams();
+    sp.set("on_conflict", this.onConflict);
+    if (selectCols && selectCols !== "*") {
+      sp.set("select", selectCols);
     }
-    return this.run({
+    const resolution = this.ignoreDuplicates ? "resolution=ignore-duplicates" : "resolution=merge-duplicates";
+    const response = await this.pgFetch({
+      method: "POST",
+      table: this.table,
+      searchParams: sp,
+      body,
+      headers: { Prefer: `${prefer},${resolution}` },
       databaseInstanceId: this.databaseInstanceId,
-      sql,
-      params,
-      readOnly: false
+      signal: this._signal,
+      idempotencyKey: generateIdempotencyKey()
     });
-  }
-  /** Used by returning builder */
-  async runWithReturning(returning) {
-    return this.runUpsert(returning);
+    if (prefer.includes("return=minimal")) {
+      await parsePostgRESTResponse(response);
+      return [];
+    }
+    return parsePostgRESTResponse(response);
   }
 };
 var PostgrestUpsertReturningBuilder = class {
@@ -1019,8 +1295,7 @@ var PostgrestUpsertReturningBuilder = class {
   }
   async executeMany() {
     return asPostgrestResponse(async () => {
-      const res = await this.root.runWithReturning(this.returning);
-      return res.rows;
+      return this.root.runUpsert("return=representation", this.returning);
     });
   }
   async single() {
@@ -1029,9 +1304,11 @@ var PostgrestUpsertReturningBuilder = class {
       if (error) throw error;
       const rows = data ?? [];
       if (rows.length === 0 || rows.length > 1) {
-        throw new RagableError("JSON object requested, multiple (or no) rows returned", 406, {
-          code: "PGRST116"
-        });
+        throw new RagableError(
+          "JSON object requested, multiple (or no) rows returned",
+          406,
+          { code: "PGRST116" }
+        );
       }
       return rows[0];
     });
@@ -1042,23 +1319,25 @@ var PostgrestUpsertReturningBuilder = class {
       if (error) throw error;
       const rows = data ?? [];
       if (rows.length > 1) {
-        throw new RagableError("JSON object requested, multiple (or no) rows returned", 406, {
-          code: "PGRST116"
-        });
+        throw new RagableError(
+          "JSON object requested, multiple (or no) rows returned",
+          406,
+          { code: "PGRST116" }
+        );
       }
       return rows[0] ?? null;
     });
   }
 };
 var PostgrestTableApi = class {
-  constructor(run, databaseInstanceId, table) {
-    this.run = run;
+  constructor(pgFetch, databaseInstanceId, table) {
+    this.pgFetch = pgFetch;
     this.databaseInstanceId = databaseInstanceId;
     this.table = table;
   }
   select(columns = "*") {
     return new PostgrestSelectBuilder(
-      this.run,
+      this.pgFetch,
       this.databaseInstanceId,
       this.table,
       columns
@@ -1067,7 +1346,7 @@ var PostgrestTableApi = class {
   insert(values) {
     const rows = Array.isArray(values) ? values : [values];
     return new PostgrestInsertRootBuilder(
-      this.run,
+      this.pgFetch,
       this.databaseInstanceId,
       this.table,
       rows
@@ -1075,7 +1354,7 @@ var PostgrestTableApi = class {
   }
   update(patch) {
     return new PostgrestUpdateRootBuilder(
-      this.run,
+      this.pgFetch,
       this.databaseInstanceId,
       this.table,
       patch
@@ -1083,19 +1362,15 @@ var PostgrestTableApi = class {
   }
   delete() {
     return new PostgrestDeleteRootBuilder(
-      this.run,
+      this.pgFetch,
       this.databaseInstanceId,
       this.table
     );
   }
-  /**
-   * `INSERT ... ON CONFLICT ... DO UPDATE` (or `DO NOTHING` with `ignoreDuplicates`).
-   * @see https://supabase.com/docs/reference/javascript/upsert
-   */
   upsert(values, options) {
     const rows = Array.isArray(values) ? values : [values];
     return new PostgrestUpsertRootBuilder(
-      this.run,
+      this.pgFetch,
       this.databaseInstanceId,
       this.table,
       rows,
@@ -1105,42 +1380,139 @@ var PostgrestTableApi = class {
   }
 };
 
-// src/browser.ts
-function normalizeBrowserApiBase(baseUrl) {
-  return (baseUrl ?? "http://localhost:8080/api").replace(/\/+$/, "");
-}
-function requireAuthGroupId(options) {
-  const id = options.authGroupId?.trim();
-  if (!id) {
-    throw new Error(
-      "authGroupId is required for auth and database methods on the browser client"
-    );
+// src/auth-storage.ts
+var LocalStorageAdapter = class {
+  getItem(key) {
+    try {
+      return globalThis.localStorage.getItem(key);
+    } catch {
+      return null;
+    }
   }
-  return id;
-}
-async function requireAccessToken(options) {
-  const getter = options.getAccessToken;
-  if (!getter) {
-    throw new Error(
-      "getAccessToken is required for this call (return the end-user access JWT)"
-    );
+  setItem(key, value) {
+    try {
+      globalThis.localStorage.setItem(key, value);
+    } catch {
+    }
   }
-  const token = await getter();
-  if (!token?.trim()) {
-    throw new Error("getAccessToken returned no token");
+  removeItem(key) {
+    try {
+      globalThis.localStorage.removeItem(key);
+    } catch {
+    }
   }
-  return token.trim();
-}
-async function parseJsonOrThrow(response) {
-  const payload = await parseMaybeJsonBody(response);
-  if (!response.ok) {
-    const message = extractErrorMessage(payload, response.statusText);
-    throw new RagableError(message, response.status, payload);
+};
+var SessionStorageAdapter = class {
+  getItem(key) {
+    try {
+      return globalThis.sessionStorage.getItem(key);
+    } catch {
+      return null;
+    }
   }
-  return payload;
+  setItem(key, value) {
+    try {
+      globalThis.sessionStorage.setItem(key, value);
+    } catch {
+    }
+  }
+  removeItem(key) {
+    try {
+      globalThis.sessionStorage.removeItem(key);
+    } catch {
+    }
+  }
+};
+var MemoryStorageAdapter = class {
+  constructor() {
+    __publicField(this, "store", /* @__PURE__ */ new Map());
+  }
+  getItem(key) {
+    return this.store.get(key) ?? null;
+  }
+  setItem(key, value) {
+    this.store.set(key, value);
+  }
+  removeItem(key) {
+    this.store.delete(key);
+  }
+};
+var CookieStorageAdapter = class {
+  constructor(maxAge = 30 * 24 * 60 * 60, path = "/", sameSite = "Lax") {
+    this.maxAge = maxAge;
+    this.path = path;
+    this.sameSite = sameSite;
+  }
+  getItem(key) {
+    if (typeof document === "undefined") return null;
+    const match = document.cookie.split("; ").find((c) => c.startsWith(`${encodeURIComponent(key)}=`));
+    if (!match) return null;
+    return decodeURIComponent(match.split("=").slice(1).join("="));
+  }
+  setItem(key, value) {
+    if (typeof document === "undefined") return;
+    const parts = [
+      `${encodeURIComponent(key)}=${encodeURIComponent(value)}`,
+      `path=${this.path}`,
+      `max-age=${this.maxAge}`,
+      `SameSite=${this.sameSite}`
+    ];
+    if (this.sameSite === "None") parts.push("Secure");
+    document.cookie = parts.join("; ");
+  }
+  removeItem(key) {
+    if (typeof document === "undefined") return;
+    document.cookie = `${encodeURIComponent(key)}=; path=${this.path}; max-age=0`;
+  }
+};
+function detectStorage() {
+  if (typeof globalThis !== "undefined" && typeof globalThis.localStorage !== "undefined") {
+    try {
+      const testKey = "__ragable_test__";
+      globalThis.localStorage.setItem(testKey, "1");
+      globalThis.localStorage.removeItem(testKey);
+      return new LocalStorageAdapter();
+    } catch {
+    }
+  }
+  return new MemoryStorageAdapter();
 }
-function parseExpiresInSeconds(expiresIn) {
-  const s = expiresIn.trim().toLowerCase();
+var AuthBroadcastChannel = class {
+  constructor(channelName) {
+    __publicField(this, "channel", null);
+    if (typeof BroadcastChannel !== "undefined") {
+      try {
+        this.channel = new BroadcastChannel(channelName);
+      } catch {
+      }
+    }
+  }
+  onMessage(cb) {
+    if (this.channel) {
+      this.channel.onmessage = (e) => {
+        const data = e.data;
+        if (data && typeof data.type === "string") {
+          cb(data);
+        }
+      };
+    }
+  }
+  postSessionUpdated(serialized) {
+    this.channel?.postMessage({ type: "SESSION_UPDATED", payload: serialized });
+  }
+  postSessionRemoved() {
+    this.channel?.postMessage({ type: "SESSION_REMOVED" });
+  }
+  close() {
+    this.channel?.close();
+    this.channel = null;
+  }
+};
+
+// src/auth.ts
+function parseExpiresInSeconds(raw) {
+  if (typeof raw === "number") return raw;
+  const s = raw.trim().toLowerCase();
   const m = /^(\d+)([smhd])?$/.exec(s);
   if (m) {
     const n = Number(m[1]);
@@ -1151,147 +1523,541 @@ function parseExpiresInSeconds(expiresIn) {
   const asNum = Number(s);
   return Number.isFinite(asNum) ? asNum : 0;
 }
-function toSupabaseSession(s) {
-  return {
-    access_token: s.accessToken,
-    refresh_token: s.refreshToken,
-    expires_in: parseExpiresInSeconds(s.expiresIn),
-    token_type: "bearer",
-    user: s.user
-  };
-}
-var RagableBrowserAuthClient = class {
-  constructor(options) {
-    this.options = options;
-    __publicField(this, "fetchImpl");
-    this.fetchImpl = bindFetch(options.fetch);
+async function parseJsonOrThrow(response) {
+  const text = await response.text();
+  let payload;
+  try {
+    payload = text ? JSON.parse(text) : null;
+  } catch {
+    throw new RagableError(`Response parse error: ${text.slice(0, 200)}`, response.status, null);
   }
-  toUrl(path) {
-    return `${normalizeBrowserApiBase(this.options.baseUrl)}${path.startsWith("/") ? path : `/${path}`}`;
+  if (!response.ok) {
+    const message = extractErrorMessage(payload, response.statusText);
+    throw new RagableError(message, response.status, payload);
   }
-  baseHeaders(json) {
-    const h = new Headers(this.options.headers);
-    if (json) {
-      h.set("Content-Type", "application/json");
+  return payload;
+}
+var _subCounter = 0;
+var RagableAuth = class {
+  constructor(config) {
+    __publicField(this, "fetchImpl");
+    __publicField(this, "baseUrl");
+    __publicField(this, "authGroupId");
+    __publicField(this, "defaultHeaders");
+    __publicField(this, "persistSession");
+    __publicField(this, "autoRefreshToken");
+    __publicField(this, "storage");
+    __publicField(this, "storageKey");
+    __publicField(this, "refreshSkewSeconds");
+    __publicField(this, "debug");
+    __publicField(this, "currentSession", null);
+    __publicField(this, "refreshTimer", null);
+    __publicField(this, "refreshPromise", null);
+    __publicField(this, "listeners", /* @__PURE__ */ new Map());
+    __publicField(this, "broadcast", null);
+    __publicField(this, "visibilityHandler", null);
+    __publicField(this, "initialized", false);
+    this.baseUrl = config.baseUrl;
+    this.authGroupId = config.authGroupId;
+    this.fetchImpl = bindFetch(config.fetch);
+    this.defaultHeaders = config.headers;
+    const auth = config.auth ?? {};
+    this.persistSession = auth.persistSession !== false;
+    this.autoRefreshToken = auth.autoRefreshToken !== false;
+    this.storage = auth.storage ?? detectStorage();
+    this.storageKey = auth.storageKey ?? `ragable.session.${this.authGroupId}`;
+    this.refreshSkewSeconds = auth.refreshSkewSeconds ?? 60;
+    this.debug = auth.debug ?? false;
+    this.broadcast = new AuthBroadcastChannel(`ragable-auth-${this.authGroupId}`);
+    this.broadcast.onMessage((msg) => {
+      if (msg.type === "SESSION_UPDATED") {
+        try {
+          const session = JSON.parse(msg.payload);
+          this.currentSession = session;
+          this.scheduleRefresh(session);
+          this.emit("TOKEN_REFRESHED", session);
+        } catch {
+        }
+      } else if (msg.type === "SESSION_REMOVED") {
+        this.currentSession = null;
+        this.clearRefreshTimer();
+        this.emit("SIGNED_OUT", null);
+      }
+    });
+    this.setupVisibilityListener();
+  }
+  log(...args) {
+    if (this.debug) console.debug("[RagableAuth]", ...args);
+  }
+  // ── Lifecycle ──────────────────────────────────────────────────────────────
+  async initialize() {
+    if (this.initialized) return this.currentSession;
+    this.initialized = true;
+    if (this.persistSession) {
+      try {
+        const raw = await this.storage.getItem(this.storageKey);
+        if (raw) {
+          const session = JSON.parse(raw);
+          if (session.expires_at && session.expires_at > nowSeconds()) {
+            this.currentSession = session;
+            this.scheduleRefresh(session);
+            this.log("Restored session from storage");
+          } else if (session.refresh_token) {
+            this.log("Stored session expired, attempting refresh");
+            const refreshed = await this._doRefresh(session.refresh_token);
+            if (refreshed) {
+              this.currentSession = refreshed;
+            }
+          }
+        }
+      } catch (e) {
+        this.log("Failed to restore session", e);
+      }
     }
-    return h;
-  }
-  authPrefix() {
-    const gid = requireAuthGroupId(this.options);
-    return `/auth-groups/${gid}/auth`;
+    this.emit("INITIAL_SESSION", this.currentSession);
+    return this.currentSession;
   }
-  /** Supabase: `signUp` → `{ data: { user, session }, error }` */
+  // ── Auth methods ───────────────────────────────────────────────────────────
   async signUp(credentials) {
     return asPostgrestResponse(async () => {
       const name = typeof credentials.options?.data?.name === "string" ? credentials.options.data.name : void 0;
-      const session = await this.register({
+      const raw = await this.fetchAuth("/register", "POST", {
         email: credentials.email,
         password: credentials.password,
-        name
+        ...name !== void 0 ? { name } : {}
       });
-      return { user: session.user, session: toSupabaseSession(session) };
+      const session = this.rawToSession(raw);
+      await this.setSessionInternal(session, "SIGNED_IN");
+      return { user: session.user, session };
     });
   }
-  /** Supabase: `signInWithPassword` */
   async signInWithPassword(credentials) {
     return asPostgrestResponse(async () => {
-      const session = await this.login(credentials);
-      return { user: session.user, session: toSupabaseSession(session) };
+      const raw = await this.fetchAuth("/login", "POST", {
+        email: credentials.email,
+        password: credentials.password
+      });
+      const session = this.rawToSession(raw);
+      await this.setSessionInternal(session, "SIGNED_IN");
+      return { user: session.user, session };
     });
   }
-  /** Supabase: `refreshSession` */
+  async signOut(_options) {
+    this.currentSession = null;
+    this.clearRefreshTimer();
+    if (this.persistSession) {
+      await this.storage.removeItem(this.storageKey);
+    }
+    this.broadcast?.postSessionRemoved();
+    this.emit("SIGNED_OUT", null);
+    return { error: null };
+  }
   async refreshSession(refreshToken) {
     return asPostgrestResponse(async () => {
-      const tokens = await this.refresh({ refreshToken });
-      const me = await this.getUserFromToken(tokens.accessToken);
+      const token = refreshToken ?? this.currentSession?.refresh_token;
+      if (!token) throw new RagableError("No refresh token available", 401, null);
+      const session = await this.singleFlightRefresh(token);
+      if (!session) throw new RagableError("Refresh failed", 401, null);
+      return { session, user: session.user };
+    });
+  }
+  async getSession() {
+    if (!this.initialized) await this.initialize();
+    return { data: { session: this.currentSession }, error: null };
+  }
+  async getUser() {
+    return asPostgrestResponse(async () => {
+      const token = this.currentSession?.access_token;
+      if (!token) throw new RagableError("Not authenticated", 401, null);
+      return this.fetchAuthWithBearer("/me", "GET", token);
+    });
+  }
+  async setSession(tokens) {
+    return asPostgrestResponse(async () => {
+      const me = await this.fetchAuthWithBearer("/me", "GET", tokens.access_token);
+      const decoded = decodeJwtExpiry(tokens.access_token);
+      const expiresIn = decoded ? decoded - nowSeconds() : 3600;
       const session = {
-        access_token: tokens.accessToken,
-        refresh_token: tokens.refreshToken,
-        expires_in: parseExpiresInSeconds(tokens.expiresIn),
+        access_token: tokens.access_token,
+        refresh_token: tokens.refresh_token,
+        expires_in: expiresIn,
+        expires_at: nowSeconds() + expiresIn,
         token_type: "bearer",
         user: me.user
       };
+      await this.setSessionInternal(session, "SIGNED_IN");
       return { session, user: me.user };
     });
   }
-  /** Supabase: `getUser()` — needs `getAccessToken` on the client */
-  async getUser() {
-    return asPostgrestResponse(() => this.getMe());
-  }
-  /** Supabase: `updateUser` */
   async updateUser(attributes) {
-    return asPostgrestResponse(
-      () => this.updateMe({
-        password: attributes.password,
-        name: attributes.data?.name
-      })
-    );
+    return asPostgrestResponse(async () => {
+      const token = this.currentSession?.access_token;
+      if (!token) throw new RagableError("Not authenticated", 401, null);
+      const result = await this.fetchAuthWithBearer("/me", "PATCH", token, {
+        ...attributes.password !== void 0 ? { password: attributes.password } : {},
+        ...attributes.data?.name !== void 0 ? { name: attributes.data.name } : {}
+      });
+      if (this.currentSession) {
+        this.currentSession = { ...this.currentSession, user: result.user };
+        await this.persistCurrentSession();
+      }
+      this.emit("USER_UPDATED", this.currentSession);
+      return result;
+    });
   }
-  /**
-   * Supabase/Firebase: no server call — clear tokens in your app.
-   * Returns `{ error: null }` for API compatibility.
-   */
-  async signOut(_options) {
-    return { error: null };
+  // ── Event subscription ─────────────────────────────────────────────────────
+  onAuthStateChange(callback) {
+    _subCounter++;
+    const id = `sub-${_subCounter}`;
+    this.listeners.set(id, callback);
+    const unsubscribe = () => {
+      this.listeners.delete(id);
+    };
+    return { data: { subscription: { id, unsubscribe } } };
   }
-  async getUserFromToken(accessToken) {
-    const headers = this.baseHeaders(false);
-    headers.set("Authorization", `Bearer ${accessToken}`);
-    const response = await this.fetchImpl(`${this.toUrl(this.authPrefix())}/me`, {
-      method: "GET",
-      headers
-    });
-    return parseJsonOrThrow(response);
+  // ── Accessors ──────────────────────────────────────────────────────────────
+  getAccessToken() {
+    return this.currentSession?.access_token ?? null;
+  }
+  getCurrentSession() {
+    return this.currentSession;
   }
+  // ── Back-compat: raw Ragable auth methods ──────────────────────────────────
   async register(body) {
-    const response = await this.fetchImpl(`${this.toUrl(this.authPrefix())}/register`, {
-      method: "POST",
-      headers: this.baseHeaders(true),
-      body: JSON.stringify(body)
-    });
-    return parseJsonOrThrow(response);
+    const raw = await this.fetchAuth("/register", "POST", body);
+    const session = this.rawToSession(raw);
+    await this.setSessionInternal(session, "SIGNED_IN");
+    return raw;
   }
   async login(body) {
-    const response = await this.fetchImpl(`${this.toUrl(this.authPrefix())}/login`, {
-      method: "POST",
-      headers: this.baseHeaders(true),
-      body: JSON.stringify(body)
-    });
-    return parseJsonOrThrow(response);
+    const raw = await this.fetchAuth("/login", "POST", body);
+    const session = this.rawToSession(raw);
+    await this.setSessionInternal(session, "SIGNED_IN");
+    return raw;
   }
   async refresh(body) {
-    const response = await this.fetchImpl(`${this.toUrl(this.authPrefix())}/refresh`, {
-      method: "POST",
-      headers: this.baseHeaders(true),
-      body: JSON.stringify(body)
-    });
-    return parseJsonOrThrow(response);
+    return this.fetchAuth("/refresh", "POST", body);
   }
   async getMe() {
-    const token = await requireAccessToken(this.options);
-    const headers = this.baseHeaders(false);
-    headers.set("Authorization", `Bearer ${token}`);
-    const response = await this.fetchImpl(`${this.toUrl(this.authPrefix())}/me`, {
-      method: "GET",
-      headers
+    const token = this.currentSession?.access_token;
+    if (!token) throw new RagableError("Not authenticated", 401, null);
+    return this.fetchAuthWithBearer("/me", "GET", token);
+  }
+  async updateMe(body) {
+    const token = this.currentSession?.access_token;
+    if (!token) throw new RagableError("Not authenticated", 401, null);
+    const result = await this.fetchAuthWithBearer("/me", "PATCH", token, body);
+    if (this.currentSession) {
+      this.currentSession = { ...this.currentSession, user: result.user };
+      await this.persistCurrentSession();
+    }
+    this.emit("USER_UPDATED", this.currentSession);
+    return result;
+  }
+  // ── Cleanup ────────────────────────────────────────────────────────────────
+  destroy() {
+    this.clearRefreshTimer();
+    this.broadcast?.close();
+    this.listeners.clear();
+    if (this.visibilityHandler && typeof document !== "undefined") {
+      document.removeEventListener("visibilitychange", this.visibilityHandler);
+    }
+  }
+  // ─── Internal ──────────────────────────────────────────────────────────────
+  authPrefix() {
+    return `/auth-groups/${this.authGroupId}/auth`;
+  }
+  toUrl(path) {
+    return `${this.baseUrl}${this.authPrefix()}${path}`;
+  }
+  baseHeaders(json) {
+    const h = new Headers(this.defaultHeaders);
+    if (json) h.set("Content-Type", "application/json");
+    return h;
+  }
+  async fetchAuth(path, method, body) {
+    const headers = this.baseHeaders(body !== void 0);
+    const response = await this.fetchImpl(this.toUrl(path), {
+      method,
+      headers,
+      body: body !== void 0 ? JSON.stringify(body) : void 0
     });
     return parseJsonOrThrow(response);
   }
-  async updateMe(body) {
-    const token = await requireAccessToken(this.options);
-    const headers = this.baseHeaders(true);
+  async fetchAuthWithBearer(path, method, token, body) {
+    const headers = this.baseHeaders(body !== void 0);
     headers.set("Authorization", `Bearer ${token}`);
-    const response = await this.fetchImpl(`${this.toUrl(this.authPrefix())}/me`, {
-      method: "PATCH",
+    const response = await this.fetchImpl(this.toUrl(path), {
+      method,
       headers,
-      body: JSON.stringify(body)
+      body: body !== void 0 ? JSON.stringify(body) : void 0
     });
     return parseJsonOrThrow(response);
   }
+  rawToSession(raw) {
+    const expiresIn = parseExpiresInSeconds(raw.expiresIn);
+    return {
+      access_token: raw.accessToken,
+      refresh_token: raw.refreshToken,
+      expires_in: expiresIn,
+      expires_at: nowSeconds() + expiresIn,
+      token_type: "bearer",
+      user: raw.user
+    };
+  }
+  async setSessionInternal(session, event) {
+    this.currentSession = session;
+    await this.persistCurrentSession();
+    this.broadcast?.postSessionUpdated(JSON.stringify(session));
+    this.scheduleRefresh(session);
+    this.emit(event, session);
+  }
+  async persistCurrentSession() {
+    if (!this.persistSession || !this.currentSession) return;
+    try {
+      await this.storage.setItem(this.storageKey, JSON.stringify(this.currentSession));
+    } catch (e) {
+      this.log("Failed to persist session", e);
+    }
+  }
+  emit(event, session) {
+    this.log(event, session?.user);
+    for (const cb of this.listeners.values()) {
+      try {
+        cb(event, session);
+      } catch (e) {
+        this.log("Listener threw", e);
+      }
+    }
+  }
+  // ─── Refresh scheduling ────────────────────────────────────────────────────
+  scheduleRefresh(session) {
+    this.clearRefreshTimer();
+    if (!this.autoRefreshToken) return;
+    const secondsUntilExpiry = session.expires_at - nowSeconds();
+    const refreshIn = Math.max(0, secondsUntilExpiry - this.refreshSkewSeconds);
+    this.log(`Scheduling refresh in ${refreshIn}s`);
+    this.refreshTimer = setTimeout(() => {
+      this.singleFlightRefresh(session.refresh_token).catch((e) => {
+        this.log("Scheduled refresh failed", e);
+      });
+    }, refreshIn * 1e3);
+  }
+  clearRefreshTimer() {
+    if (this.refreshTimer !== null) {
+      clearTimeout(this.refreshTimer);
+      this.refreshTimer = null;
+    }
+  }
+  async singleFlightRefresh(refreshToken) {
+    if (this.refreshPromise) return this.refreshPromise;
+    this.refreshPromise = this._doRefresh(refreshToken).finally(() => {
+      this.refreshPromise = null;
+    });
+    return this.refreshPromise;
+  }
+  async _doRefresh(refreshToken) {
+    try {
+      const raw = await this.fetchAuth("/refresh", "POST", { refreshToken });
+      const me = await this.fetchAuthWithBearer("/me", "GET", raw.accessToken);
+      const expiresIn = parseExpiresInSeconds(raw.expiresIn);
+      const session = {
+        access_token: raw.accessToken,
+        refresh_token: raw.refreshToken,
+        expires_in: expiresIn,
+        expires_at: nowSeconds() + expiresIn,
+        token_type: "bearer",
+        user: me.user
+      };
+      await this.setSessionInternal(session, "TOKEN_REFRESHED");
+      return session;
+    } catch (e) {
+      this.log("Refresh failed", e);
+      return null;
+    }
+  }
+  // ─── Visibility listener ───────────────────────────────────────────────────
+  setupVisibilityListener() {
+    if (typeof document === "undefined") return;
+    this.visibilityHandler = () => {
+      if (document.visibilityState === "visible" && this.currentSession) {
+        const secondsUntilExpiry = this.currentSession.expires_at - nowSeconds();
+        if (secondsUntilExpiry <= this.refreshSkewSeconds) {
+          this.singleFlightRefresh(this.currentSession.refresh_token).catch(() => {
+          });
+        } else {
+          this.scheduleRefresh(this.currentSession);
+        }
+      } else {
+        this.clearRefreshTimer();
+      }
+    };
+    document.addEventListener("visibilitychange", this.visibilityHandler);
+  }
+};
+function nowSeconds() {
+  return Math.floor(Date.now() / 1e3);
+}
+function decodeJwtExpiry(jwt) {
+  try {
+    const parts = jwt.split(".");
+    if (parts.length !== 3) return null;
+    const payload = JSON.parse(atob(parts[1].replace(/-/g, "+").replace(/_/g, "/")));
+    return typeof payload.exp === "number" ? payload.exp : null;
+  } catch {
+    return null;
+  }
+}
+
+// src/browser.ts
+function normalizeBrowserApiBase(baseUrl) {
+  const trimmed = (baseUrl ?? DEFAULT_RAGABLE_API_BASE).trim().replace(/\/+$/, "");
+  return trimmed.endsWith("/api") ? trimmed : `${trimmed}/api`;
+}
+function requireAuthGroupId(options) {
+  const id = options.authGroupId?.trim();
+  if (!id) {
+    throw new Error(
+      "authGroupId is required for auth and database methods on the browser client"
+    );
+  }
+  return id;
+}
+async function requireAccessToken(options, ragableAuth) {
+  if (ragableAuth) {
+    const token = ragableAuth.getAccessToken();
+    if (token) return token;
+  }
+  const getter = options.getAccessToken;
+  if (getter) {
+    const token = await getter();
+    if (token?.trim()) return token.trim();
+  }
+  throw new Error(
+    "No access token available (sign in or provide getAccessToken)"
+  );
+}
+async function resolveDatabaseAuthBearer(options, ragableAuth) {
+  const mode = options.dataAuth ?? "user";
+  if (mode === "user") {
+    return requireAccessToken(options, ragableAuth);
+  }
+  const fromGetter = options.getDataStaticKey ? await options.getDataStaticKey() : null;
+  const key = (fromGetter?.trim() || options.dataStaticKey?.trim()) ?? "";
+  if (!key) {
+    throw new Error(
+      mode === "publicAnon" ? "dataAuth publicAnon requires getDataStaticKey or dataStaticKey" : "dataAuth admin requires getDataStaticKey or dataStaticKey"
+    );
+  }
+  return key;
+}
+async function parseJsonOrThrow2(response) {
+  const payload = await parseMaybeJsonBody(response);
+  if (!response.ok) {
+    const message = extractErrorMessage(payload, response.statusText);
+    throw new RagableError(message, response.status, payload);
+  }
+  return payload;
+}
+var RagableBrowserAuthClient = class {
+  constructor(_options, ragableAuth = null) {
+    this.ragableAuth = ragableAuth;
+  }
+  get auth() {
+    if (!this.ragableAuth) {
+      throw new Error("Auth not initialized \u2014 provide authGroupId to enable auth");
+    }
+    return this.ragableAuth;
+  }
+  async signUp(credentials) {
+    const result = await this.auth.signUp(credentials);
+    if (result.error) return { data: null, error: result.error };
+    const session = result.data.session;
+    return {
+      data: {
+        user: session.user,
+        session: {
+          access_token: session.access_token,
+          refresh_token: session.refresh_token,
+          expires_in: session.expires_in,
+          token_type: "bearer",
+          user: session.user
+        }
+      },
+      error: null
+    };
+  }
+  async signInWithPassword(credentials) {
+    const result = await this.auth.signInWithPassword(credentials);
+    if (result.error) return { data: null, error: result.error };
+    const session = result.data.session;
+    return {
+      data: {
+        user: session.user,
+        session: {
+          access_token: session.access_token,
+          refresh_token: session.refresh_token,
+          expires_in: session.expires_in,
+          token_type: "bearer",
+          user: session.user
+        }
+      },
+      error: null
+    };
+  }
+  async refreshSession(refreshToken) {
+    const result = await this.auth.refreshSession(refreshToken);
+    if (result.error) return { data: null, error: result.error };
+    const session = result.data.session;
+    return {
+      data: {
+        user: session.user,
+        session: {
+          access_token: session.access_token,
+          refresh_token: session.refresh_token,
+          expires_in: session.expires_in,
+          token_type: "bearer",
+          user: session.user
+        }
+      },
+      error: null
+    };
+  }
+  async getUser() {
+    return this.auth.getUser();
+  }
+  async updateUser(attributes) {
+    return this.auth.updateUser(attributes);
+  }
+  async signOut(_options) {
+    return this.auth.signOut(_options);
+  }
+  async register(body) {
+    return this.auth.register(body);
+  }
+  async login(body) {
+    return this.auth.login(body);
+  }
+  async refresh(body) {
+    return this.auth.refresh(body);
+  }
+  async getMe() {
+    return this.auth.getMe();
+  }
+  async updateMe(body) {
+    return this.auth.updateMe(body);
+  }
+  onAuthStateChange(callback) {
+    return this.auth.onAuthStateChange(callback);
+  }
+  getSession() {
+    return this.auth.getSession();
+  }
 };
 var RagableBrowserDatabaseClient = class {
-  constructor(options) {
+  constructor(options, ragableAuth = null) {
     this.options = options;
+    this.ragableAuth = ragableAuth;
     __publicField(this, "fetchImpl");
     this.fetchImpl = bindFetch(options.fetch);
   }
@@ -1300,7 +2066,7 @@ var RagableBrowserDatabaseClient = class {
   }
   async query(params) {
     const gid = requireAuthGroupId(this.options);
-    const token = await requireAccessToken(this.options);
+    const token = await resolveDatabaseAuthBearer(this.options, this.ragableAuth);
     const databaseInstanceId = params.databaseInstanceId?.trim() || this.options.databaseInstanceId?.trim();
     if (!databaseInstanceId) {
       throw new Error(
@@ -1310,6 +2076,7 @@ var RagableBrowserDatabaseClient = class {
     const headers = this.baseHeaders();
     headers.set("Authorization", `Bearer ${token}`);
     headers.set("Content-Type", "application/json");
+    const readOnly = (this.options.dataAuth ?? "user") === "publicAnon" ? true : params.readOnly !== false;
     const response = await this.fetchImpl(
       this.toUrl(`/auth-groups/${gid}/data/query`),
       {
@@ -1319,13 +2086,13 @@ var RagableBrowserDatabaseClient = class {
           databaseInstanceId,
           sql: params.sql,
           ...params.params !== void 0 ? { params: params.params } : {},
-          ...params.readOnly === false ? { readOnly: false } : {},
+          readOnly,
           ...params.timeoutMs !== void 0 ? { timeoutMs: params.timeoutMs } : {},
           ...params.rowLimit !== void 0 ? { rowLimit: params.rowLimit } : {}
         })
       }
     );
-    return parseJsonOrThrow(response);
+    return parseJsonOrThrow2(response);
   }
   baseHeaders() {
     return new Headers(this.options.headers);
@@ -1340,9 +2107,6 @@ var RagableBrowserAgentsClient = class {
   toUrl(path) {
     return `${normalizeBrowserApiBase(this.options.baseUrl)}${path.startsWith("/") ? path : `/${path}`}`;
   }
-  /**
-   * Stream agent execution as SSE (`POST /public/organizations/:orgId/agents/:agentId/chat/stream`).
-   */
   async *chatStream(agentId, params) {
     const orgId = this.options.organizationId;
     const body = {
@@ -1378,16 +2142,40 @@ var RagableBrowser = class {
     __publicField(this, "agents");
     __publicField(this, "auth");
     __publicField(this, "database");
+    __publicField(this, "transport");
     __publicField(this, "options");
+    __publicField(this, "_ragableAuth");
     this.options = options;
+    this.transport = new Transport({
+      fetch: options.fetch,
+      headers: options.headers,
+      ...options.transport
+    });
+    if (options.authGroupId) {
+      this._ragableAuth = new RagableAuth({
+        baseUrl: normalizeBrowserApiBase(options.baseUrl),
+        authGroupId: options.authGroupId,
+        fetch: options.fetch,
+        headers: options.headers,
+        auth: options.auth
+      });
+      this.transport.setRefreshHandler(async () => {
+        const session = await this._ragableAuth.singleFlightRefresh(
+          this._ragableAuth.getCurrentSession()?.refresh_token ?? ""
+        );
+        return session?.access_token ?? null;
+      });
+      if (!options.getAccessToken) {
+        this._ragableAuth.initialize().catch(() => {
+        });
+      }
+    } else {
+      this._ragableAuth = null;
+    }
     this.agents = new RagableBrowserAgentsClient(options);
-    this.auth = new RagableBrowserAuthClient(options);
-    this.database = new RagableBrowserDatabaseClient(options);
+    this.auth = new RagableBrowserAuthClient(options, this._ragableAuth);
+    this.database = new RagableBrowserDatabaseClient(options, this._ragableAuth);
   }
-  /**
-   * Supabase-style table API: `.from('items').select().eq('id', 1).single()`.
-   * Pass `databaseInstanceId` here or set `databaseInstanceId` on the client options.
-   */
   from(table, databaseInstanceId) {
     const id = databaseInstanceId?.trim() || this.options.databaseInstanceId?.trim();
     if (!id) {
@@ -1395,8 +2183,40 @@ var RagableBrowser = class {
         "RagableBrowser.from() requires databaseInstanceId in client options or as the second argument"
       );
     }
-    const run = (p) => this.database.query(p);
-    return new PostgrestTableApi(run, id, table);
+    const gid = requireAuthGroupId(this.options);
+    const ragableAuth = this._ragableAuth;
+    const opts = this.options;
+    const pgFetch = async (params) => {
+      const token = await resolveDatabaseAuthBearer(opts, ragableAuth);
+      const baseUrl = normalizeBrowserApiBase(opts.baseUrl);
+      const qs = params.searchParams.toString();
+      const url = `${baseUrl}/auth-groups/${gid}/data/rest/${params.table}${qs ? `?${qs}` : ""}`;
+      const headers = new Headers(opts.headers);
+      headers.set("Authorization", `Bearer ${token}`);
+      headers.set("X-Database-Instance-Id", params.databaseInstanceId);
+      if (params.body !== void 0) {
+        headers.set("Content-Type", "application/json");
+      }
+      if (params.headers) {
+        for (const [k, v] of Object.entries(params.headers)) {
+          headers.set(k, v);
+        }
+      }
+      if (params.idempotencyKey) {
+        headers.set("Idempotency-Key", params.idempotencyKey);
+      }
+      const fetchImpl = bindFetch(opts.fetch);
+      return fetchImpl(url, {
+        method: params.method,
+        headers,
+        body: params.body !== void 0 ? JSON.stringify(params.body) : void 0,
+        signal: params.signal
+      });
+    };
+    return new PostgrestTableApi(pgFetch, id, table);
+  }
+  destroy() {
+    this._ragableAuth?.destroy();
   }
 };
 function createBrowserClient(options) {
@@ -1494,6 +2314,11 @@ function createRagableServerClient(options) {
 }
 export {
   AgentsClient,
+  AuthBroadcastChannel,
+  CookieStorageAdapter,
+  DEFAULT_RAGABLE_API_BASE,
+  LocalStorageAdapter,
+  MemoryStorageAdapter,
   PostgrestDeleteReturningBuilder,
   PostgrestDeleteRootBuilder,
   PostgrestInsertReturningBuilder,
@@ -1505,13 +2330,20 @@ export {
   PostgrestUpsertReturningBuilder,
   PostgrestUpsertRootBuilder,
   Ragable,
+  RagableAbortError,
+  RagableAuth,
   RagableBrowser,
   RagableBrowserAgentsClient,
   RagableBrowserAuthClient,
   RagableBrowserDatabaseClient,
   RagableError,
+  RagableNetworkError,
   RagableRequestClient,
+  RagableSdkError,
+  RagableTimeoutError,
+  SessionStorageAdapter,
   ShiftClient,
+  Transport,
   asPostgrestResponse,
   bindFetch,
   createBrowserClient,
@@ -1519,10 +2351,13 @@ export {
   createRagPipeline,
   createRagableBrowserClient,
   createRagableServerClient,
+  detectStorage,
   extractErrorMessage,
   formatRetrievalContext,
+  generateIdempotencyKey,
   normalizeBrowserApiBase,
   parseSseDataLine,
+  parseTransportResponse,
   readSseStream
 };
 //# sourceMappingURL=index.mjs.map