@rei-standard/amsg-client 2.5.0-next.0 → 2.5.0

package/dist/index.cjs

@@ -19,21 +19,23 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/index.js
 var src_exports = {};
 __export(src_exports, {
-  MESSAGE_KIND: () => import_amsg_shared.MESSAGE_KIND,
-  MESSAGE_TYPE: () => import_amsg_shared.MESSAGE_TYPE,
-  PUSH_SOURCE: () => import_amsg_shared.PUSH_SOURCE,
+  MESSAGE_KIND: () => import_amsg_shared2.MESSAGE_KIND,
+  MESSAGE_TYPE: () => import_amsg_shared2.MESSAGE_TYPE,
+  PUSH_SOURCE: () => import_amsg_shared2.PUSH_SOURCE,
   ReiClient: () => ReiClient,
-  buildContentPush: () => import_amsg_shared.buildContentPush,
-  buildErrorPush: () => import_amsg_shared.buildErrorPush,
-  buildReasoningPush: () => import_amsg_shared.buildReasoningPush,
-  buildToolRequestPush: () => import_amsg_shared.buildToolRequestPush,
-  isContentPush: () => import_amsg_shared.isContentPush,
-  isErrorPush: () => import_amsg_shared.isErrorPush,
-  isReasoningPush: () => import_amsg_shared.isReasoningPush,
-  isToolRequestPush: () => import_amsg_shared.isToolRequestPush
+  buildContentPush: () => import_amsg_shared2.buildContentPush,
+  buildErrorPush: () => import_amsg_shared2.buildErrorPush,
+  buildReasoningPush: () => import_amsg_shared2.buildReasoningPush,
+  buildToolRequestPush: () => import_amsg_shared2.buildToolRequestPush,
+  isContentPush: () => import_amsg_shared2.isContentPush,
+  isErrorPush: () => import_amsg_shared2.isErrorPush,
+  isReasoningPush: () => import_amsg_shared2.isReasoningPush,
+  isToolRequestPush: () => import_amsg_shared2.isToolRequestPush
 });
 module.exports = __toCommonJS(src_exports);
 var import_amsg_shared = require("@rei-standard/amsg-shared");
+var import_amsg_shared2 = require("@rei-standard/amsg-shared");
+var TEXT_ENCODER = new TextEncoder();
 var AVATAR_URL_MAX_LENGTH = 2048;
 function makeLocalError(code, message, details) {
   const err = new Error(`[rei-standard-amsg-client] ${message}`);
@@ -187,11 +189,11 @@ var ReiClient = class {
    * @param {string} [endpointPath] - Path under the resolved base URL. Default '/instant'.
    * @param {{ authorization?: string, expectsBackupPush?: boolean }} [opts]
    *   - `authorization`: optional auth header to forward.
-   *   - `expectsBackupPush`: opt-in flag for the dev warning. Set to `true`
-   *     to log a one-shot console.warn confirming you understand the
-   *     "200 ≠ delivered" pitfall and have your own out-of-band check
-   *     (or migrated to `deliver()`). Set to `false` to explicitly silence
-   *     the warning (you have read this contract).
+   *   - `expectsBackupPush`: opt-in dev reminder. Set to `true` to log a
+   *     one-shot console.warn that this is a low-level transport and
+   *     "HTTP 200 ≠ delivery confirmation" once the worker has backup
+   *     push enabled (amsg-instant 0.9.0+ default). Default (omitted) is
+   *     silent.
    * @returns {Promise<Object>} `{ success, data?: { messagesSent, sentAt }, error? }`
    */
   async sendInstant(payload, endpointPath = "/instant", opts = {}) {
@@ -201,6 +203,7 @@ var ReiClient = class {
       endpointPath,
       { authorization: opts.authorization, methodName: "sendInstant" }
     );
+    headers["Accept"] = "application/json";
     const res = await fetch(url, { method: "POST", headers, body });
     return res.json();
   }
@@ -231,10 +234,10 @@ var ReiClient = class {
    * @param {(error: unknown) => void} [options.onError]
    * @param {() => void} [options.onDone]
    * @param {AbortSignal} [options.signal]
-   * @param {boolean} [options.expectsBackupPush] - Opt-in flag for the dev warning.
-   *   Set to `true` to log a one-shot console.warn confirming you understand the
-   *   "rejection ≠ delivery failure" pitfall and have your own check (or migrated
-   *   to `deliver()`). Set to `false` to explicitly silence the warning.
+   * @param {boolean} [options.expectsBackupPush] - Opt-in dev reminder. Set
+   *   to `true` to log a one-shot console.warn that "rejection ≠ delivery
+   *   failure" once the worker has backup push enabled (amsg-instant 0.9.0+
+   *   default). Default (omitted) is silent.
    * @returns {Promise<void>}
    */
   async consumeInstantStream(payload, endpointPath = "/instant", options = {}) {
@@ -551,7 +554,7 @@ var ReiClient = class {
   async subscribePush(vapidPublicKey, registration) {
     const subscription = await registration.pushManager.subscribe({
       userVisibleOnly: true,
-      applicationServerKey: this._urlBase64ToUint8Array(vapidPublicKey)
+      applicationServerKey: (0, import_amsg_shared.base64UrlToBytes)(vapidPublicKey)
     });
     return subscription;
   }
@@ -599,7 +602,7 @@ var ReiClient = class {
    */
   _assertPayloadSize(bodyJson, methodName) {
     if (this._maxPayloadBytes == null) return;
-    const bytes = new TextEncoder().encode(bodyJson).length;
+    const bytes = TEXT_ENCODER.encode(bodyJson).length;
     if (bytes > this._maxPayloadBytes) {
       throw makeLocalError(
         "PAYLOAD_TOO_LARGE_LOCAL",
@@ -871,10 +874,10 @@ ${piece}` : piece;
     return Math.min(defaultGrace, remainingMs);
   }
   /**
-   * One-shot dev warning for low-level instant APIs. The warning is opt-in
-   * per call via `opts.expectsBackupPush === true`, and can be explicitly
-   * silenced via `opts.expectsBackupPush === false`. Fires at most once per
-   * ReiClient instance per method name.
+   * One-shot dev reminder for low-level instant APIs. The warning is opt-in
+   * per call via `opts.expectsBackupPush === true` and fires at most once
+   * per ReiClient instance per method name. Default (omitted or `false`)
+   * is silent.
    *
    * @private
    * @param {string} methodName
@@ -886,7 +889,7 @@ ${piece}` : piece;
     this._lowLevelWarned.add(methodName);
     const verdict = methodName === "sendInstant" ? "HTTP 200 \u2260 delivery confirmation" : "rejection \u2260 delivery failure";
     console.warn(
-      `[rei-standard-amsg-client] ${methodName} is a low-level transport \u2014 ${verdict} when the worker is configured with always-on backup Web Push (amsg-instant 0.9.0+ default). Prefer client.deliver() for a correct delivered / cancelled / timeout / send-failed verdict. Pass expectsBackupPush: false to silence this warning.`
+      `[rei-standard-amsg-client] ${methodName} is a low-level transport \u2014 ${verdict} when the worker is configured with always-on backup Web Push (amsg-instant 0.9.0+ default). Prefer client.deliver() for a correct delivered / cancelled / timeout / send-failed verdict.`
     );
   }
   // ─── Crypto helpers (Web Crypto API) ────────────────────────────
@@ -900,7 +903,7 @@ ${piece}` : piece;
     if (!this._userKey) throw new Error("[rei-standard-amsg-client] Not initialised. Call init() first.");
     const iv = crypto.getRandomValues(new Uint8Array(12));
     const key = await crypto.subtle.importKey("raw", this._userKey, { name: "AES-GCM" }, false, ["encrypt"]);
-    const encoded = new TextEncoder().encode(plaintext);
+    const encoded = TEXT_ENCODER.encode(plaintext);
     const cipherBuf = await crypto.subtle.encrypt({ name: "AES-GCM", iv }, key, encoded);
     const cipherArr = new Uint8Array(cipherBuf);
     const encryptedData = cipherArr.slice(0, cipherArr.length - 16);
@@ -953,15 +956,6 @@ ${piece}` : piece;
     }
     return arr;
   }
-  /** @private */
-  _urlBase64ToUint8Array(base64String) {
-    const padding = "=".repeat((4 - base64String.length % 4) % 4);
-    const base64 = (base64String + padding).replace(/-/g, "+").replace(/_/g, "/");
-    const raw = atob(base64);
-    const arr = new Uint8Array(raw.length);
-    for (let i = 0; i < raw.length; i++) arr[i] = raw.charCodeAt(i);
-    return arr;
-  }
 };
 function normalizeMaxPayloadBytes(value) {
   if (value === void 0 || value === null) return null;

package/dist/index.d.cts

@@ -1,3 +1,4 @@
+import { base64UrlToBytes } from '@rei-standard/amsg-shared';
 export { MESSAGE_KIND, MESSAGE_TYPE, PUSH_SOURCE, buildContentPush, buildErrorPush, buildReasoningPush, buildToolRequestPush, isContentPush, isErrorPush, isReasoningPush, isToolRequestPush } from '@rei-standard/amsg-shared';
 
 /**
@@ -30,6 +31,11 @@ export { MESSAGE_KIND, MESSAGE_TYPE, PUSH_SOURCE, buildContentPush, buildErrorPu
  *   await client.scheduleMessage({ ... });
  */
 
+
+// `TextEncoder` is stateless — hoist once instead of allocating a fresh
+// instance for every encrypt + payload-size check.
+const TEXT_ENCODER = new TextEncoder();
+
 /** @typedef {import('@rei-standard/amsg-shared').MessageKind} MessageKind */
 /** @typedef {import('@rei-standard/amsg-shared').MessageType} MessageType */
 /** @typedef {import('@rei-standard/amsg-shared').PushSource} PushSource */
@@ -400,11 +406,11 @@ class ReiClient {
    * @param {string} [endpointPath] - Path under the resolved base URL. Default '/instant'.
    * @param {{ authorization?: string, expectsBackupPush?: boolean }} [opts]
    *   - `authorization`: optional auth header to forward.
-   *   - `expectsBackupPush`: opt-in flag for the dev warning. Set to `true`
-   *     to log a one-shot console.warn confirming you understand the
-   *     "200 ≠ delivered" pitfall and have your own out-of-band check
-   *     (or migrated to `deliver()`). Set to `false` to explicitly silence
-   *     the warning (you have read this contract).
+   *   - `expectsBackupPush`: opt-in dev reminder. Set to `true` to log a
+   *     one-shot console.warn that this is a low-level transport and
+   *     "HTTP 200 ≠ delivery confirmation" once the worker has backup
+   *     push enabled (amsg-instant 0.9.0+ default). Default (omitted) is
+   *     silent.
    * @returns {Promise<Object>} `{ success, data?: { messagesSent, sentAt }, error? }`
    */
   async sendInstant(payload, endpointPath = '/instant', opts = {}) {
@@ -415,6 +421,10 @@ class ReiClient {
       endpointPath,
       { authorization: opts.authorization, methodName: 'sendInstant' }
     );
+    // Pin the response shape: amsg-instant routes the JSON `{ success, data }`
+    // envelope only when the caller asked exclusively for it. Omitting Accept
+    // gets the SSE branch and `res.json()` then throws on the SSE bytes.
+    headers['Accept'] = 'application/json';
 
     const res = await fetch(url, { method: 'POST', headers, body });
     return res.json();
@@ -447,10 +457,10 @@ class ReiClient {
    * @param {(error: unknown) => void} [options.onError]
    * @param {() => void} [options.onDone]
    * @param {AbortSignal} [options.signal]
-   * @param {boolean} [options.expectsBackupPush] - Opt-in flag for the dev warning.
-   *   Set to `true` to log a one-shot console.warn confirming you understand the
-   *   "rejection ≠ delivery failure" pitfall and have your own check (or migrated
-   *   to `deliver()`). Set to `false` to explicitly silence the warning.
+   * @param {boolean} [options.expectsBackupPush] - Opt-in dev reminder. Set
+   *   to `true` to log a one-shot console.warn that "rejection ≠ delivery
+   *   failure" once the worker has backup push enabled (amsg-instant 0.9.0+
+   *   default). Default (omitted) is silent.
    * @returns {Promise<void>}
    */
   async consumeInstantStream(payload, endpointPath = '/instant', options = {}) {
@@ -860,7 +870,7 @@ class ReiClient {
   async subscribePush(vapidPublicKey, registration) {
     const subscription = await registration.pushManager.subscribe({
       userVisibleOnly: true,
-      applicationServerKey: this._urlBase64ToUint8Array(vapidPublicKey)
+      applicationServerKey: base64UrlToBytes(vapidPublicKey)
     });
     return subscription;
   }
@@ -911,7 +921,7 @@ class ReiClient {
    */
   _assertPayloadSize(bodyJson, methodName) {
     if (this._maxPayloadBytes == null) return;
-    const bytes = new TextEncoder().encode(bodyJson).length;
+    const bytes = TEXT_ENCODER.encode(bodyJson).length;
     if (bytes > this._maxPayloadBytes) {
       throw makeLocalError(
         'PAYLOAD_TOO_LARGE_LOCAL',
@@ -1204,10 +1214,10 @@ class ReiClient {
   }
 
   /**
-   * One-shot dev warning for low-level instant APIs. The warning is opt-in
-   * per call via `opts.expectsBackupPush === true`, and can be explicitly
-   * silenced via `opts.expectsBackupPush === false`. Fires at most once per
-   * ReiClient instance per method name.
+   * One-shot dev reminder for low-level instant APIs. The warning is opt-in
+   * per call via `opts.expectsBackupPush === true` and fires at most once
+   * per ReiClient instance per method name. Default (omitted or `false`)
+   * is silent.
    *
    * @private
    * @param {string} methodName
@@ -1221,7 +1231,7 @@ class ReiClient {
       ? 'HTTP 200 ≠ delivery confirmation'
       : 'rejection ≠ delivery failure';
     console.warn(
-      `[rei-standard-amsg-client] ${methodName} is a low-level transport — ${verdict} when the worker is configured with always-on backup Web Push (amsg-instant 0.9.0+ default). Prefer client.deliver() for a correct delivered / cancelled / timeout / send-failed verdict. Pass expectsBackupPush: false to silence this warning.`
+      `[rei-standard-amsg-client] ${methodName} is a low-level transport — ${verdict} when the worker is configured with always-on backup Web Push (amsg-instant 0.9.0+ default). Prefer client.deliver() for a correct delivered / cancelled / timeout / send-failed verdict.`
     );
   }
 
@@ -1238,7 +1248,7 @@ class ReiClient {
 
     const iv = crypto.getRandomValues(new Uint8Array(12));
     const key = await crypto.subtle.importKey('raw', this._userKey, { name: 'AES-GCM' }, false, ['encrypt']);
-    const encoded = new TextEncoder().encode(plaintext);
+    const encoded = TEXT_ENCODER.encode(plaintext);
     const cipherBuf = await crypto.subtle.encrypt({ name: 'AES-GCM', iv }, key, encoded);
 
     // Web Crypto appends the 16-byte auth tag at the end of the ciphertext
@@ -1302,15 +1312,6 @@ class ReiClient {
     return arr;
   }
 
-  /** @private */
-  _urlBase64ToUint8Array(base64String) {
-    const padding = '='.repeat((4 - (base64String.length % 4)) % 4);
-    const base64 = (base64String + padding).replace(/-/g, '+').replace(/_/g, '/');
-    const raw = atob(base64);
-    const arr = new Uint8Array(raw.length);
-    for (let i = 0; i < raw.length; i++) arr[i] = raw.charCodeAt(i);
-    return arr;
-  }
 }
 
 function normalizeMaxPayloadBytes(value) {

package/dist/index.d.ts

@@ -1,3 +1,4 @@
+import { base64UrlToBytes } from '@rei-standard/amsg-shared';
 export { MESSAGE_KIND, MESSAGE_TYPE, PUSH_SOURCE, buildContentPush, buildErrorPush, buildReasoningPush, buildToolRequestPush, isContentPush, isErrorPush, isReasoningPush, isToolRequestPush } from '@rei-standard/amsg-shared';
 
 /**
@@ -30,6 +31,11 @@ export { MESSAGE_KIND, MESSAGE_TYPE, PUSH_SOURCE, buildContentPush, buildErrorPu
  *   await client.scheduleMessage({ ... });
  */
 
+
+// `TextEncoder` is stateless — hoist once instead of allocating a fresh
+// instance for every encrypt + payload-size check.
+const TEXT_ENCODER = new TextEncoder();
+
 /** @typedef {import('@rei-standard/amsg-shared').MessageKind} MessageKind */
 /** @typedef {import('@rei-standard/amsg-shared').MessageType} MessageType */
 /** @typedef {import('@rei-standard/amsg-shared').PushSource} PushSource */
@@ -400,11 +406,11 @@ class ReiClient {
    * @param {string} [endpointPath] - Path under the resolved base URL. Default '/instant'.
    * @param {{ authorization?: string, expectsBackupPush?: boolean }} [opts]
    *   - `authorization`: optional auth header to forward.
-   *   - `expectsBackupPush`: opt-in flag for the dev warning. Set to `true`
-   *     to log a one-shot console.warn confirming you understand the
-   *     "200 ≠ delivered" pitfall and have your own out-of-band check
-   *     (or migrated to `deliver()`). Set to `false` to explicitly silence
-   *     the warning (you have read this contract).
+   *   - `expectsBackupPush`: opt-in dev reminder. Set to `true` to log a
+   *     one-shot console.warn that this is a low-level transport and
+   *     "HTTP 200 ≠ delivery confirmation" once the worker has backup
+   *     push enabled (amsg-instant 0.9.0+ default). Default (omitted) is
+   *     silent.
    * @returns {Promise<Object>} `{ success, data?: { messagesSent, sentAt }, error? }`
    */
   async sendInstant(payload, endpointPath = '/instant', opts = {}) {
@@ -415,6 +421,10 @@ class ReiClient {
       endpointPath,
       { authorization: opts.authorization, methodName: 'sendInstant' }
     );
+    // Pin the response shape: amsg-instant routes the JSON `{ success, data }`
+    // envelope only when the caller asked exclusively for it. Omitting Accept
+    // gets the SSE branch and `res.json()` then throws on the SSE bytes.
+    headers['Accept'] = 'application/json';
 
     const res = await fetch(url, { method: 'POST', headers, body });
     return res.json();
@@ -447,10 +457,10 @@ class ReiClient {
    * @param {(error: unknown) => void} [options.onError]
    * @param {() => void} [options.onDone]
    * @param {AbortSignal} [options.signal]
-   * @param {boolean} [options.expectsBackupPush] - Opt-in flag for the dev warning.
-   *   Set to `true` to log a one-shot console.warn confirming you understand the
-   *   "rejection ≠ delivery failure" pitfall and have your own check (or migrated
-   *   to `deliver()`). Set to `false` to explicitly silence the warning.
+   * @param {boolean} [options.expectsBackupPush] - Opt-in dev reminder. Set
+   *   to `true` to log a one-shot console.warn that "rejection ≠ delivery
+   *   failure" once the worker has backup push enabled (amsg-instant 0.9.0+
+   *   default). Default (omitted) is silent.
    * @returns {Promise<void>}
    */
   async consumeInstantStream(payload, endpointPath = '/instant', options = {}) {
@@ -860,7 +870,7 @@ class ReiClient {
   async subscribePush(vapidPublicKey, registration) {
     const subscription = await registration.pushManager.subscribe({
       userVisibleOnly: true,
-      applicationServerKey: this._urlBase64ToUint8Array(vapidPublicKey)
+      applicationServerKey: base64UrlToBytes(vapidPublicKey)
     });
     return subscription;
   }
@@ -911,7 +921,7 @@ class ReiClient {
    */
   _assertPayloadSize(bodyJson, methodName) {
     if (this._maxPayloadBytes == null) return;
-    const bytes = new TextEncoder().encode(bodyJson).length;
+    const bytes = TEXT_ENCODER.encode(bodyJson).length;
     if (bytes > this._maxPayloadBytes) {
       throw makeLocalError(
         'PAYLOAD_TOO_LARGE_LOCAL',
@@ -1204,10 +1214,10 @@ class ReiClient {
   }
 
   /**
-   * One-shot dev warning for low-level instant APIs. The warning is opt-in
-   * per call via `opts.expectsBackupPush === true`, and can be explicitly
-   * silenced via `opts.expectsBackupPush === false`. Fires at most once per
-   * ReiClient instance per method name.
+   * One-shot dev reminder for low-level instant APIs. The warning is opt-in
+   * per call via `opts.expectsBackupPush === true` and fires at most once
+   * per ReiClient instance per method name. Default (omitted or `false`)
+   * is silent.
    *
    * @private
    * @param {string} methodName
@@ -1221,7 +1231,7 @@ class ReiClient {
       ? 'HTTP 200 ≠ delivery confirmation'
       : 'rejection ≠ delivery failure';
     console.warn(
-      `[rei-standard-amsg-client] ${methodName} is a low-level transport — ${verdict} when the worker is configured with always-on backup Web Push (amsg-instant 0.9.0+ default). Prefer client.deliver() for a correct delivered / cancelled / timeout / send-failed verdict. Pass expectsBackupPush: false to silence this warning.`
+      `[rei-standard-amsg-client] ${methodName} is a low-level transport — ${verdict} when the worker is configured with always-on backup Web Push (amsg-instant 0.9.0+ default). Prefer client.deliver() for a correct delivered / cancelled / timeout / send-failed verdict.`
     );
   }
 
@@ -1238,7 +1248,7 @@ class ReiClient {
 
     const iv = crypto.getRandomValues(new Uint8Array(12));
     const key = await crypto.subtle.importKey('raw', this._userKey, { name: 'AES-GCM' }, false, ['encrypt']);
-    const encoded = new TextEncoder().encode(plaintext);
+    const encoded = TEXT_ENCODER.encode(plaintext);
     const cipherBuf = await crypto.subtle.encrypt({ name: 'AES-GCM', iv }, key, encoded);
 
     // Web Crypto appends the 16-byte auth tag at the end of the ciphertext
@@ -1302,15 +1312,6 @@ class ReiClient {
     return arr;
   }
 
-  /** @private */
-  _urlBase64ToUint8Array(base64String) {
-    const padding = '='.repeat((4 - (base64String.length % 4)) % 4);
-    const base64 = (base64String + padding).replace(/-/g, '+').replace(/_/g, '/');
-    const raw = atob(base64);
-    const arr = new Uint8Array(raw.length);
-    for (let i = 0; i < raw.length; i++) arr[i] = raw.charCodeAt(i);
-    return arr;
-  }
 }
 
 function normalizeMaxPayloadBytes(value) {

package/dist/index.mjs

@@ -1,4 +1,5 @@
 // src/index.js
+import { base64UrlToBytes } from "@rei-standard/amsg-shared";
 import {
   MESSAGE_KIND,
   MESSAGE_TYPE,
@@ -12,6 +13,7 @@ import {
   isToolRequestPush,
   isErrorPush
 } from "@rei-standard/amsg-shared";
+var TEXT_ENCODER = new TextEncoder();
 var AVATAR_URL_MAX_LENGTH = 2048;
 function makeLocalError(code, message, details) {
   const err = new Error(`[rei-standard-amsg-client] ${message}`);
@@ -165,11 +167,11 @@ var ReiClient = class {
    * @param {string} [endpointPath] - Path under the resolved base URL. Default '/instant'.
    * @param {{ authorization?: string, expectsBackupPush?: boolean }} [opts]
    *   - `authorization`: optional auth header to forward.
-   *   - `expectsBackupPush`: opt-in flag for the dev warning. Set to `true`
-   *     to log a one-shot console.warn confirming you understand the
-   *     "200 ≠ delivered" pitfall and have your own out-of-band check
-   *     (or migrated to `deliver()`). Set to `false` to explicitly silence
-   *     the warning (you have read this contract).
+   *   - `expectsBackupPush`: opt-in dev reminder. Set to `true` to log a
+   *     one-shot console.warn that this is a low-level transport and
+   *     "HTTP 200 ≠ delivery confirmation" once the worker has backup
+   *     push enabled (amsg-instant 0.9.0+ default). Default (omitted) is
+   *     silent.
    * @returns {Promise<Object>} `{ success, data?: { messagesSent, sentAt }, error? }`
    */
   async sendInstant(payload, endpointPath = "/instant", opts = {}) {
@@ -179,6 +181,7 @@ var ReiClient = class {
       endpointPath,
       { authorization: opts.authorization, methodName: "sendInstant" }
     );
+    headers["Accept"] = "application/json";
     const res = await fetch(url, { method: "POST", headers, body });
     return res.json();
   }
@@ -209,10 +212,10 @@ var ReiClient = class {
    * @param {(error: unknown) => void} [options.onError]
    * @param {() => void} [options.onDone]
    * @param {AbortSignal} [options.signal]
-   * @param {boolean} [options.expectsBackupPush] - Opt-in flag for the dev warning.
-   *   Set to `true` to log a one-shot console.warn confirming you understand the
-   *   "rejection ≠ delivery failure" pitfall and have your own check (or migrated
-   *   to `deliver()`). Set to `false` to explicitly silence the warning.
+   * @param {boolean} [options.expectsBackupPush] - Opt-in dev reminder. Set
+   *   to `true` to log a one-shot console.warn that "rejection ≠ delivery
+   *   failure" once the worker has backup push enabled (amsg-instant 0.9.0+
+   *   default). Default (omitted) is silent.
    * @returns {Promise<void>}
    */
   async consumeInstantStream(payload, endpointPath = "/instant", options = {}) {
@@ -529,7 +532,7 @@ var ReiClient = class {
   async subscribePush(vapidPublicKey, registration) {
     const subscription = await registration.pushManager.subscribe({
       userVisibleOnly: true,
-      applicationServerKey: this._urlBase64ToUint8Array(vapidPublicKey)
+      applicationServerKey: base64UrlToBytes(vapidPublicKey)
     });
     return subscription;
   }
@@ -577,7 +580,7 @@ var ReiClient = class {
    */
   _assertPayloadSize(bodyJson, methodName) {
     if (this._maxPayloadBytes == null) return;
-    const bytes = new TextEncoder().encode(bodyJson).length;
+    const bytes = TEXT_ENCODER.encode(bodyJson).length;
     if (bytes > this._maxPayloadBytes) {
       throw makeLocalError(
         "PAYLOAD_TOO_LARGE_LOCAL",
@@ -849,10 +852,10 @@ ${piece}` : piece;
     return Math.min(defaultGrace, remainingMs);
   }
   /**
-   * One-shot dev warning for low-level instant APIs. The warning is opt-in
-   * per call via `opts.expectsBackupPush === true`, and can be explicitly
-   * silenced via `opts.expectsBackupPush === false`. Fires at most once per
-   * ReiClient instance per method name.
+   * One-shot dev reminder for low-level instant APIs. The warning is opt-in
+   * per call via `opts.expectsBackupPush === true` and fires at most once
+   * per ReiClient instance per method name. Default (omitted or `false`)
+   * is silent.
    *
    * @private
    * @param {string} methodName
@@ -864,7 +867,7 @@ ${piece}` : piece;
     this._lowLevelWarned.add(methodName);
     const verdict = methodName === "sendInstant" ? "HTTP 200 \u2260 delivery confirmation" : "rejection \u2260 delivery failure";
     console.warn(
-      `[rei-standard-amsg-client] ${methodName} is a low-level transport \u2014 ${verdict} when the worker is configured with always-on backup Web Push (amsg-instant 0.9.0+ default). Prefer client.deliver() for a correct delivered / cancelled / timeout / send-failed verdict. Pass expectsBackupPush: false to silence this warning.`
+      `[rei-standard-amsg-client] ${methodName} is a low-level transport \u2014 ${verdict} when the worker is configured with always-on backup Web Push (amsg-instant 0.9.0+ default). Prefer client.deliver() for a correct delivered / cancelled / timeout / send-failed verdict.`
     );
   }
   // ─── Crypto helpers (Web Crypto API) ────────────────────────────
@@ -878,7 +881,7 @@ ${piece}` : piece;
     if (!this._userKey) throw new Error("[rei-standard-amsg-client] Not initialised. Call init() first.");
     const iv = crypto.getRandomValues(new Uint8Array(12));
     const key = await crypto.subtle.importKey("raw", this._userKey, { name: "AES-GCM" }, false, ["encrypt"]);
-    const encoded = new TextEncoder().encode(plaintext);
+    const encoded = TEXT_ENCODER.encode(plaintext);
     const cipherBuf = await crypto.subtle.encrypt({ name: "AES-GCM", iv }, key, encoded);
     const cipherArr = new Uint8Array(cipherBuf);
     const encryptedData = cipherArr.slice(0, cipherArr.length - 16);
@@ -931,15 +934,6 @@ ${piece}` : piece;
     }
     return arr;
   }
-  /** @private */
-  _urlBase64ToUint8Array(base64String) {
-    const padding = "=".repeat((4 - base64String.length % 4) % 4);
-    const base64 = (base64String + padding).replace(/-/g, "+").replace(/_/g, "/");
-    const raw = atob(base64);
-    const arr = new Uint8Array(raw.length);
-    for (let i = 0; i < raw.length; i++) arr[i] = raw.charCodeAt(i);
-    return arr;
-  }
 };
 function normalizeMaxPayloadBytes(value) {
   if (value === void 0 || value === null) return null;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rei-standard/amsg-client",
-  "version": "2.5.0-next.0",
+  "version": "2.5.0",
   "description": "ReiStandard Active Messaging browser client SDK — also re-exports shared push types, builders, and guards from @rei-standard/amsg-shared",
   "repository": {
     "type": "git",