@sanity/sdk 2.12.0 → 2.14.0

package/dist/index.js

@@ -1,6 +1,6 @@
-import { switchMap, from, firstValueFrom, EMPTY, asapScheduler, distinctUntilChanged, map as map$1, combineLatest, of, concatMap, withLatestFrom, filter as filter$1, concat, timer, throwError, first as first$1, Subject, takeUntil, share, partition, merge, shareReplay, tap as tap$1, catchError as catchError$1, startWith as startWith$1, pairwise as pairwise$1, groupBy as groupBy$1, mergeMap as mergeMap$1, throttle, race, skip, Observable, NEVER, fromEvent, Subscription, debounceTime, defer } from "rxjs";
-import { createLogger, pickProperties, insecureRandomId, getClientState, bindActionGlobally, createStateSourceAction, setCleanupTimeout, omitProperty, defineStore, authStore, AuthStateType, getCleanedUrl, getTokenFromLocation, createLoggedInAuthState, getAuthCode, REQUEST_TAG_PREFIX, DEFAULT_API_VERSION, getDefaultLocation, isDeepEqual, configureLogging as configureLogging$1, isReleasePerspective, bindActionByResource, isDatasetResource, isMediaLibraryResource, isCanvasResource, getUsersKey, addSubscription, parseUsersKey, getClient, PROJECT_API_VERSION, setUsersError, setUsersData, API_VERSION as API_VERSION$8, getDashboardOrganizationId as getDashboardOrganizationId$1, USERS_STATE_CLEAR_DELAY, removeSubscription, updateLastLoadMoreRequest, cancelRequest, initializeRequest, getTokenState, getQueryState, resolveQuery, bindActionByResourceAndPerspective, PREVIEW_PROJECTION, transformProjectionToPreview } from "./_chunks-es/createGroqSearchFilter.js";
-import { createGroqSearchFilter, getActiveReleasesState, getAllReleasesState, getAuthState, getClientErrorApiBody, getClientErrorApiDescription, getClientErrorApiType, getCurrentUserState, getIsInDashboardState, getLoginUrlState, getPerspectiveState, getQueryKey, isCanvasSource, isDatasetSource, isMediaLibrarySource, isProjectUserNotFoundClientError, isStudioConfig, parseQueryKey, setAuthToken } from "./_chunks-es/createGroqSearchFilter.js";
+import { switchMap, from, firstValueFrom, EMPTY, asapScheduler, distinctUntilChanged, map as map$1, combineLatest, of, concatMap, withLatestFrom, filter as filter$1, concat, timer, throwError, first as first$1, Subject, takeUntil, share, partition, merge, shareReplay, tap as tap$1, catchError as catchError$1, startWith as startWith$1, pairwise as pairwise$1, groupBy as groupBy$1, mergeMap as mergeMap$1, retry, throttle, race, skip, Observable, NEVER, fromEvent, Subscription, debounceTime, defer } from "rxjs";
+import { createLogger, pickProperties, insecureRandomId, getClientState, bindActionGlobally, createStateSourceAction, setCleanupTimeout, omitProperty, defineStore, authStore, getAuthLogger, AuthStateType, getCleanedUrl, getTokenFromLocation, createLoggedInAuthState, getAuthCode, REQUEST_TAG_PREFIX, DEFAULT_API_VERSION, getDefaultLocation, isDeepEqual, configureLogging as configureLogging$1, isReleasePerspective, bindActionByResource, isDatasetResource, isMediaLibraryResource, isCanvasResource, getCurrentUserState, getUsersKey, addSubscription, USERS_STATE_CLEAR_DELAY, removeSubscription, parseUsersKey, getClient, PROJECT_API_VERSION, setUsersError, setUsersData, API_VERSION as API_VERSION$8, getDashboardOrganizationId as getDashboardOrganizationId$1, updateLastLoadMoreRequest, cancelRequest, initializeRequest, getTokenState, getQueryState, resolveQuery, bindActionByResourceAndPerspective, PREVIEW_PROJECTION, transformProjectionToPreview } from "./_chunks-es/createGroqSearchFilter.js";
+import { createGroqSearchFilter, getActiveReleasesState, getAllReleasesState, getAuthState, getClientErrorApiBody, getClientErrorApiDescription, getClientErrorApiType, getIsInDashboardState, getLoginUrlState, getPerspectiveState, getQueryKey, isCanvasSource, isDatasetSource, isMediaLibrarySource, isProjectUserNotFoundClientError, isStudioConfig, parseQueryKey, setAuthToken } from "./_chunks-es/createGroqSearchFilter.js";
 import { first, switchMap as switchMap$1, groupBy, mergeMap, startWith, pairwise, filter, map, delay, tap, catchError, scan, share as share$1 } from "rxjs/operators";
 import { createController, createNode } from "@sanity/comlink";
 import { createSelector } from "reselect";
@@ -328,30 +328,35 @@ function observeOrganizationVerificationState(instance, projectIds) {
 }
 const handleAuthCallback = bindActionGlobally(
   authStore,
-  async ({ state }, locationHref = getDefaultLocation()) => {
-    const { providedToken, callbackUrl, clientFactory, apiHost, storageArea, storageKey } = state.get().options;
-    if (providedToken) return !1;
+  async ({ state, instance }, locationHref = getDefaultLocation()) => {
+    const logger = getAuthLogger(instance), { providedToken, callbackUrl, clientFactory, apiHost, storageArea, storageKey } = state.get().options;
+    if (providedToken)
+      return logger.debug("Skipping auth callback - token already provided"), !1;
     const { authState } = state.get();
-    if (authState.type === AuthStateType.LOGGING_IN && authState.isExchangingToken) return !1;
+    if (authState.type === AuthStateType.LOGGING_IN && authState.isExchangingToken)
+      return logger.debug("Skipping auth callback - token exchange already in progress"), !1;
     const cleanedUrl = getCleanedUrl(locationHref), tokenFromUrl = getTokenFromLocation(locationHref);
     if (tokenFromUrl)
-      return state.set("setTokenFromUrl", {
+      return logger.info("Auth token found in URL, logging in"), state.set("setTokenFromUrl", {
         authState: createLoggedInAuthState(tokenFromUrl, null)
       }), cleanedUrl;
     const authCode = getAuthCode(callbackUrl, locationHref);
-    if (!authCode) return !1;
+    if (!authCode)
+      return logger.debug("No auth code found in callback URL"), !1;
     const parsedUrl = new URL(locationHref);
     let dashboardContext = {};
     try {
       const contextParam = parsedUrl.searchParams.get("_context");
       if (contextParam) {
         const parsedContext = JSON.parse(contextParam);
-        parsedContext && typeof parsedContext == "object" && (delete parsedContext.sid, dashboardContext = parsedContext);
+        parsedContext && typeof parsedContext == "object" && (delete parsedContext.sid, dashboardContext = parsedContext, logger.debug("Dashboard context parsed from callback URL", {
+          hasDashboardContext: !0
+        }));
       }
     } catch (err) {
-      console.error("Failed to parse dashboard context:", err);
+      logger.warn("Failed to parse dashboard context from callback URL", { error: err });
     }
-    state.set("exchangeSessionForToken", {
+    logger.info("Exchanging auth code for token"), state.set("exchangeSessionForToken", {
       authState: { type: AuthStateType.LOGGING_IN, isExchangingToken: !0 },
       dashboardContext
     });
@@ -362,36 +367,51 @@ const handleAuthCallback = bindActionGlobally(
         useProjectHostname: !1,
         useCdn: !1,
         ...apiHost && { apiHost }
-      }), { token } = await client.request({
+      });
+      logger.debug("Fetching token from auth endpoint");
+      const { token } = await client.request({
         method: "GET",
         uri: "/auth/fetch",
         query: { sid: authCode },
         tag: "fetch-token"
       });
-      return storageArea?.setItem(storageKey, JSON.stringify({ token })), state.set("setToken", { authState: createLoggedInAuthState(token, null) }), cleanedUrl;
+      return logger.info("Auth token obtained successfully, user logged in"), storageArea?.setItem(storageKey, JSON.stringify({ token })), state.set("setToken", { authState: createLoggedInAuthState(token, null) }), cleanedUrl;
     } catch (error) {
-      return state.set("exchangeSessionForTokenError", { authState: { type: AuthStateType.ERROR, error } }), cleanedUrl;
+      return logger.error("Failed to exchange auth code for token", { error }), state.set("exchangeSessionForTokenError", { authState: { type: AuthStateType.ERROR, error } }), cleanedUrl;
     }
   }
-), logout = bindActionGlobally(authStore, async ({ state }) => {
-  const { clientFactory, apiHost, providedToken, storageArea, storageKey } = state.get().options;
-  if (providedToken) return;
+), logout = bindActionGlobally(authStore, async ({ state, instance }) => {
+  const logger = getAuthLogger(instance), { clientFactory, apiHost, providedToken, storageArea, storageKey } = state.get().options;
+  if (providedToken) {
+    logger.debug("Skipping logout - token is statically provided");
+    return;
+  }
   const { authState } = state.get();
-  if (authState.type === AuthStateType.LOGGED_OUT && authState.isDestroyingSession) return;
+  if (authState.type === AuthStateType.LOGGED_OUT && authState.isDestroyingSession) {
+    logger.debug("Skipping logout - already in progress");
+    return;
+  }
   const token = authState.type === AuthStateType.LOGGED_IN && authState.token;
   try {
-    token && (state.set("loggingOut", {
-      authState: { type: AuthStateType.LOGGED_OUT, isDestroyingSession: !0 }
-    }), await clientFactory({
-      token,
-      requestTagPrefix: REQUEST_TAG_PREFIX,
-      apiVersion: DEFAULT_API_VERSION,
-      ...apiHost && { apiHost },
-      useProjectHostname: !1,
-      useCdn: !1
-    }).request({ uri: "/auth/logout", method: "POST", tag: "logout" }));
+    if (token) {
+      logger.info("Logging out user"), state.set("loggingOut", {
+        authState: { type: AuthStateType.LOGGED_OUT, isDestroyingSession: !0 }
+      });
+      const client = clientFactory({
+        token,
+        requestTagPrefix: REQUEST_TAG_PREFIX,
+        apiVersion: DEFAULT_API_VERSION,
+        ...apiHost && { apiHost },
+        useProjectHostname: !1,
+        useCdn: !1
+      });
+      logger.debug("Calling logout endpoint"), await client.request({ uri: "/auth/logout", method: "POST", tag: "logout" });
+    } else
+      logger.debug("No token to logout - already logged out");
+  } catch (error) {
+    throw logger.error("Logout request failed", { error }), error;
   } finally {
-    state.set("logoutSuccess", {
+    logger.info("User logged out, clearing stored tokens"), state.set("logoutSuccess", {
       authState: { type: AuthStateType.LOGGED_OUT, isDestroyingSession: !1 }
     }), storageArea?.removeItem(storageKey), storageArea?.removeItem(`${storageKey}_last_refresh`);
   }
@@ -519,7 +539,7 @@ const handleAuthCallback = bindActionGlobally(
       status: nodeEntry.status
     } : void 0),
     onSubscribe: ({ state, instance }, nodeInput) => {
-      const nodeName = nodeInput.name, subscriberId = Symbol("comlink-node-subscriber");
+      const nodeName = nodeInput.name, subscriberId = /* @__PURE__ */ Symbol("comlink-node-subscriber");
       getOrCreateNode(instance, nodeInput);
       let subs = state.get().subscriptions.get(nodeName);
       return subs || (subs = /* @__PURE__ */ new Set(), state.get().subscriptions.set(nodeName, subs)), subs.add(subscriberId), () => {
@@ -666,7 +686,7 @@ function unarchiveRelease(handle) {
 function deleteRelease(handle) {
   return { type: "release.delete", ...handle };
 }
-const DOCUMENT_STATE_CLEAR_DELAY = 1e3, INITIAL_OUTGOING_THROTTLE_TIME = 1e3, API_VERSION$4 = "v2025-05-06", RELEASE_DOCUMENTS_PATH = "_.releases";
+const DOCUMENT_STATE_CLEAR_DELAY = 1e3, INITIAL_OUTGOING_THROTTLE_TIME = 1e3, API_VERSION$4 = "v2025-05-06", OUT_OF_SYNC_RETRY_BASE_DELAY = 500, OUT_OF_SYNC_RETRY_MAX_DELAY = 1e4, RELEASE_DOCUMENTS_PATH = "_.releases";
 function getReleaseDocumentId(releaseId) {
   return `${RELEASE_DOCUMENTS_PATH}.${releaseId}`;
 }
@@ -1186,6 +1206,52 @@ class MultiKeyWeakMap {
     this.#setDeep(arrangedKeys, this.#rootMap, value);
   }
 }
+function checkGrant(grantExpr, document, identity) {
+  const value = evaluateSync(grantExpr, { params: { document }, identity });
+  return value.type === "boolean" && value.data;
+}
+class ActionError extends Error {
+  documentId;
+  transactionId;
+  constructor(options) {
+    super(options.message), Object.assign(this, options);
+  }
+}
+class PermissionActionError extends ActionError {
+}
+function applySingleDocPatch({
+  base: initialBase,
+  working: initialWorking,
+  documentId,
+  patches,
+  transactionId,
+  timestamp,
+  grants,
+  identity,
+  notFoundMessage = "Cannot edit document because it does not exist.",
+  permissionMessage = `You do not have permission to edit document "${documentId}".`
+}) {
+  let base = initialBase, working = initialWorking;
+  const userPatches = patches?.map((patch) => ({ patch: { id: documentId, ...patch } }));
+  if (!userPatches?.length)
+    return { base, working, diffedPatches: [], workingMutations: [] };
+  if (!working[documentId] || !base[documentId])
+    throw new ActionError({ documentId, transactionId, message: notFoundMessage });
+  const baseBefore = base[documentId];
+  base = processMutations({ documents: base, transactionId, mutations: userPatches, timestamp });
+  const baseAfter = base[documentId], diffedPatches = diffValue(baseBefore, baseAfter), workingBefore = working[documentId];
+  if (!checkGrant(grants.update, workingBefore, identity))
+    throw new PermissionActionError({ documentId, transactionId, message: permissionMessage });
+  const workingMutations = diffedPatches.map((patch) => ({
+    patch: { id: documentId, ...patch }
+  }));
+  return working = processMutations({
+    documents: working,
+    transactionId,
+    mutations: workingMutations,
+    timestamp
+  }), { base, working, diffedPatches, workingMutations };
+}
 function createGrantsLookup(datasetAcl) {
   const filtersByGrant = {
     create: /* @__PURE__ */ new Set(),
@@ -1196,7 +1262,7 @@ function createGrantsLookup(datasetAcl) {
   for (const entry of datasetAcl)
     for (const grant of entry.permissions) {
       const set2 = filtersByGrant[grant];
-      set2.add(entry.filter), filtersByGrant[grant] = set2;
+      set2 && (set2.add(entry.filter), filtersByGrant[grant] = set2);
     }
   return Object.fromEntries(
     Object.entries(filtersByGrant).map(([grant, filters]) => {
@@ -1246,22 +1312,18 @@ const documentsCache = new MultiKeyWeakMap(), actionsCache = /* @__PURE__ */ new
     const normalizedActions = Array.isArray(actions) ? actions : [actions], actionsKey = JSON.stringify(normalizedActions);
     return nestedCache.get(actionsKey) || (nestedCache.set(actionsKey, normalizedActions), normalizedActions);
   }
-);
-function checkGrant$1(grantExpr, document) {
-  const value = evaluateSync(grantExpr, { params: { document } });
-  return value.type === "boolean" && value.data;
-}
-const enNarrowConjunction = new Intl.ListFormat("en", { style: "narrow", type: "conjunction" });
+), enNarrowConjunction = new Intl.ListFormat("en", { style: "narrow", type: "conjunction" });
 function calculatePermissions(...args) {
   return _calculatePermissions(...args);
 }
 const _calculatePermissions = createSelector(
   [
     ({ state: { grants } }) => grants,
+    ({ state: { identity } }) => identity,
     documentsSelector,
     memoizedActionsSelector
   ],
-  (grants, documents, actions) => {
+  (grants, identity, documents, actions) => {
     if (!documents || !grants || !actions) return;
     const timestamp = (/* @__PURE__ */ new Date()).toISOString(), reasons = [];
     try {
@@ -1271,7 +1333,8 @@ const _calculatePermissions = createSelector(
         working: documents,
         base: documents,
         timestamp,
-        grants
+        grants,
+        identity
       });
     } catch (error) {
       if (error instanceof PermissionActionError)
@@ -1293,7 +1356,7 @@ const _calculatePermissions = createSelector(
       if (action.type === "document.edit" && !action.patches?.length) {
         const docId = action.documentId;
         let doc;
-        action.liveEdit ? doc = documents[docId] : isReleasePerspective(action.perspective) ? doc = documents[getVersionId(DocumentId(docId), action.perspective.releaseName)] : doc = documents[getDraftId(DocumentId(docId))] ?? documents[getPublishedId(DocumentId(docId))], doc ? checkGrant$1(grants.update, doc) || reasons.push({
+        action.liveEdit ? doc = documents[docId] : isReleasePerspective(action.perspective) ? doc = documents[getVersionId(DocumentId(docId), action.perspective.releaseName)] : doc = documents[getDraftId(DocumentId(docId))] ?? documents[getPublishedId(DocumentId(docId))], doc ? checkGrant(grants.update, doc, identity) || reasons.push({
           type: "access",
           message: `You are not allowed to edit the document with ID "${docId}".`,
           documentId: docId
@@ -1317,53 +1380,8 @@ const _calculatePermissions = createSelector(
     };
   }
 );
-function checkGrant(grantExpr, document) {
-  const value = evaluateSync(grantExpr, { params: { document } });
-  return value.type === "boolean" && value.data;
-}
-class ActionError extends Error {
-  documentId;
-  transactionId;
-  constructor(options) {
-    super(options.message), Object.assign(this, options);
-  }
-}
-class PermissionActionError extends ActionError {
-}
-function applySingleDocPatch({
-  base: initialBase,
-  working: initialWorking,
-  documentId,
-  patches,
-  transactionId,
-  timestamp,
-  grants,
-  notFoundMessage = "Cannot edit document because it does not exist.",
-  permissionMessage = `You do not have permission to edit document "${documentId}".`
-}) {
-  let base = initialBase, working = initialWorking;
-  const userPatches = patches?.map((patch) => ({ patch: { id: documentId, ...patch } }));
-  if (!userPatches?.length)
-    return { base, working, diffedPatches: [], workingMutations: [] };
-  if (!working[documentId] || !base[documentId])
-    throw new ActionError({ documentId, transactionId, message: notFoundMessage });
-  const baseBefore = base[documentId];
-  base = processMutations({ documents: base, transactionId, mutations: userPatches, timestamp });
-  const baseAfter = base[documentId], diffedPatches = diffValue(baseBefore, baseAfter), workingBefore = working[documentId];
-  if (!checkGrant(grants.update, workingBefore))
-    throw new PermissionActionError({ documentId, transactionId, message: permissionMessage });
-  const workingMutations = diffedPatches.map((patch) => ({
-    patch: { id: documentId, ...patch }
-  }));
-  return working = processMutations({
-    documents: working,
-    transactionId,
-    mutations: workingMutations,
-    timestamp
-  }), { base, working, diffedPatches, workingMutations };
-}
 function handleCreate(action, ctx) {
-  const { transactionId, timestamp, grants, outgoingActions, outgoingMutations } = ctx;
+  const { transactionId, timestamp, grants, identity, outgoingActions, outgoingMutations } = ctx;
   let { base, working } = ctx;
   const documentId = getId(action.documentId);
   if (action.liveEdit) {
@@ -1388,7 +1406,7 @@ function handleCreate(action, ctx) {
       transactionId,
       mutations: mutations2,
       timestamp
-    }), !checkGrant(grants.create, working[documentId]))
+    }), !checkGrant(grants.create, working[documentId], identity))
       throw new PermissionActionError({
         documentId,
         transactionId,
@@ -1426,13 +1444,13 @@ function handleCreate(action, ctx) {
     transactionId,
     mutations,
     timestamp
-  }), versionId && !checkGrant(grants.create, working[versionId]))
+  }), versionId && !checkGrant(grants.create, working[versionId], identity))
     throw new PermissionActionError({
       documentId,
       transactionId,
       message: `You do not have permission to create a release version for document "${documentId}".`
     });
-  if (!versionId && !checkGrant(grants.create, working[draftId]))
+  if (!versionId && !checkGrant(grants.create, working[draftId], identity))
     throw new PermissionActionError({
       documentId,
       transactionId,
@@ -1445,7 +1463,7 @@ function handleCreate(action, ctx) {
   }), { base, working };
 }
 function handleDelete(action, ctx) {
-  const { transactionId, timestamp, grants, outgoingActions, outgoingMutations } = ctx;
+  const { transactionId, timestamp, grants, identity, outgoingActions, outgoingMutations } = ctx;
   let { base, working } = ctx;
   const documentId = action.documentId;
   if (isReleasePerspective(action.perspective))
@@ -1461,7 +1479,7 @@ function handleDelete(action, ctx) {
         transactionId,
         message: "The document you are trying to delete does not exist."
       });
-    if (!checkGrant(grants.update, working[documentId]))
+    if (!checkGrant(grants.update, working[documentId], identity))
       throw new PermissionActionError({
         documentId,
         transactionId,
@@ -1477,7 +1495,7 @@ function handleDelete(action, ctx) {
       transactionId,
       message: working[draftId] ? "Cannot delete a document without a published version." : "The document you are trying to delete does not exist."
     });
-  const cantDeleteDraft = working[draftId] && !checkGrant(grants.update, working[draftId]), cantDeletePublished = working[publishedId] && !checkGrant(grants.update, working[publishedId]);
+  const cantDeleteDraft = working[draftId] && !checkGrant(grants.update, working[draftId], identity), cantDeletePublished = working[publishedId] && !checkGrant(grants.update, working[publishedId], identity);
   if (cantDeleteDraft || cantDeletePublished)
     throw new PermissionActionError({
       documentId,
@@ -1492,7 +1510,7 @@ function handleDelete(action, ctx) {
   }), { base, working };
 }
 function handleDiscard(action, ctx) {
-  const { transactionId, timestamp, grants, outgoingActions, outgoingMutations } = ctx;
+  const { transactionId, timestamp, grants, identity, outgoingActions, outgoingMutations } = ctx;
   let { base, working } = ctx;
   const documentId = getId(action.documentId);
   if (action.liveEdit)
@@ -1508,7 +1526,7 @@ function handleDiscard(action, ctx) {
       transactionId,
       message: `There is no draft or version available to discard for document "${documentId}".`
     });
-  if (!checkGrant(grants.update, working[versionId]))
+  if (!checkGrant(grants.update, working[versionId], identity))
     throw new PermissionActionError({
       documentId,
       transactionId,
@@ -1520,7 +1538,7 @@ function handleDiscard(action, ctx) {
   }), { base, working };
 }
 function handleEdit(action, ctx) {
-  const { transactionId, timestamp, grants, outgoingActions, outgoingMutations } = ctx;
+  const { transactionId, timestamp, grants, identity, outgoingActions, outgoingMutations } = ctx;
   let { base, working } = ctx;
   const documentId = getId(action.documentId);
   if (action.liveEdit) {
@@ -1531,7 +1549,8 @@ function handleEdit(action, ctx) {
       patches: action.patches,
       transactionId,
       timestamp,
-      grants
+      grants,
+      identity
     });
     return outgoingMutations.push(...result.workingMutations), { base: result.base, working: result.working };
   }
@@ -1564,7 +1583,7 @@ function handleEdit(action, ctx) {
   const baseAfter = base[patchDocumentId], patches = diffValue(baseBefore, baseAfter), workingMutations = [];
   if (!isReleasePerspective(action.perspective) && !working[draftId] && working[publishedId]) {
     const newDraftFromPublished = { ...working[publishedId], _id: draftId };
-    if (!checkGrant(grants.create, newDraftFromPublished))
+    if (!checkGrant(grants.create, newDraftFromPublished, identity))
       throw new PermissionActionError({
         documentId,
         transactionId,
@@ -1573,7 +1592,7 @@ function handleEdit(action, ctx) {
     workingMutations.push({ create: newDraftFromPublished });
   }
   const workingBefore = working[patchDocumentId] ?? working[publishedId];
-  if (!checkGrant(grants.update, workingBefore))
+  if (!checkGrant(grants.update, workingBefore, identity))
     throw new PermissionActionError({
       documentId,
       transactionId,
@@ -1594,7 +1613,7 @@ function handleEdit(action, ctx) {
   ), { base, working };
 }
 function handlePublish(action, ctx) {
-  const { transactionId, timestamp, grants, outgoingActions, outgoingMutations } = ctx;
+  const { transactionId, timestamp, grants, identity, outgoingActions, outgoingMutations } = ctx;
   let { base, working } = ctx;
   const documentId = getId(action.documentId);
   if (action.liveEdit || isReleasePerspective(action.perspective))
@@ -1617,19 +1636,19 @@ function handlePublish(action, ctx) {
       message: "Publish aborted: The document has changed elsewhere. Please try again."
     });
   const newPublishedFromDraft = { ...strengthenOnPublish(workingDraft), _id: publishedId }, mutations = [{ delete: { id: draftId } }, { createOrReplace: newPublishedFromDraft }];
-  if (working[draftId] && !checkGrant(grants.update, working[draftId]))
+  if (working[draftId] && !checkGrant(grants.update, working[draftId], identity))
     throw new PermissionActionError({
       documentId,
       transactionId,
       message: `Publish failed: You do not have permission to update the draft for "${documentId}".`
     });
-  if (working[publishedId] && !checkGrant(grants.update, newPublishedFromDraft))
+  if (working[publishedId] && !checkGrant(grants.update, newPublishedFromDraft, identity))
     throw new PermissionActionError({
       documentId,
       transactionId,
       message: `Publish failed: You do not have permission to update the published version of "${documentId}".`
     });
-  if (!working[publishedId] && !checkGrant(grants.create, newPublishedFromDraft))
+  if (!working[publishedId] && !checkGrant(grants.create, newPublishedFromDraft, identity))
     throw new PermissionActionError({
       documentId,
       transactionId,
@@ -1657,14 +1676,14 @@ function strengthenOnPublish(draft) {
   return strengthen(draft);
 }
 function handleReleaseArchive(action, ctx) {
-  const { base, working, grants, outgoingActions, transactionId } = ctx, releaseDocumentId = getReleaseDocumentId(action.releaseId), existing = working[releaseDocumentId] ?? base[releaseDocumentId];
+  const { base, working, grants, outgoingActions, transactionId, identity } = ctx, releaseDocumentId = getReleaseDocumentId(action.releaseId), existing = working[releaseDocumentId] ?? base[releaseDocumentId];
   if (!existing)
     throw new ActionError({
       documentId: releaseDocumentId,
       transactionId,
       message: `Cannot archive release "${action.releaseId}" because it does not exist.`
     });
-  if (!checkGrant(grants.update, existing))
+  if (!checkGrant(grants.update, existing, identity))
     throw new PermissionActionError({
       documentId: releaseDocumentId,
       transactionId,
@@ -1676,14 +1695,14 @@ function handleReleaseArchive(action, ctx) {
   }), { base, working };
 }
 function handleReleaseUnarchive(action, ctx) {
-  const { base, working, grants, outgoingActions, transactionId } = ctx, releaseDocumentId = getReleaseDocumentId(action.releaseId), existing = working[releaseDocumentId] ?? base[releaseDocumentId];
+  const { base, working, grants, outgoingActions, transactionId, identity } = ctx, releaseDocumentId = getReleaseDocumentId(action.releaseId), existing = working[releaseDocumentId] ?? base[releaseDocumentId];
   if (!existing)
     throw new ActionError({
       documentId: releaseDocumentId,
       transactionId,
       message: `Cannot unarchive release "${action.releaseId}" because it does not exist.`
     });
-  if (!checkGrant(grants.update, existing))
+  if (!checkGrant(grants.update, existing, identity))
     throw new PermissionActionError({
       documentId: releaseDocumentId,
       transactionId,
@@ -1695,7 +1714,7 @@ function handleReleaseUnarchive(action, ctx) {
   }), { base, working };
 }
 function handleReleaseCreate(action, ctx) {
-  const { transactionId, timestamp, grants, outgoingActions, outgoingMutations } = ctx;
+  const { transactionId, timestamp, grants, outgoingActions, outgoingMutations, identity } = ctx;
   let { base, working } = ctx;
   const releaseDocumentId = getReleaseDocumentId(action.releaseId);
   if (working[releaseDocumentId] || base[releaseDocumentId])
@@ -1711,7 +1730,7 @@ function handleReleaseCreate(action, ctx) {
     state: "active",
     metadata: action.metadata
   } }];
-  if (base = processMutations({ documents: base, transactionId, mutations, timestamp }), working = processMutations({ documents: working, transactionId, mutations, timestamp }), !checkGrant(grants.create, working[releaseDocumentId]))
+  if (base = processMutations({ documents: base, transactionId, mutations, timestamp }), working = processMutations({ documents: working, transactionId, mutations, timestamp }), !checkGrant(grants.create, working[releaseDocumentId], identity))
     throw new PermissionActionError({
       documentId: releaseDocumentId,
       transactionId,
@@ -1725,7 +1744,7 @@ function handleReleaseCreate(action, ctx) {
 }
 const DELETABLE_STATES = /* @__PURE__ */ new Set(["archived", "published"]);
 function handleReleaseDelete(action, ctx) {
-  const { transactionId, timestamp, grants, outgoingActions, outgoingMutations } = ctx;
+  const { transactionId, timestamp, grants, outgoingActions, outgoingMutations, identity } = ctx;
   let { base, working } = ctx;
   const releaseDocumentId = getReleaseDocumentId(action.releaseId), existing = working[releaseDocumentId] ?? base[releaseDocumentId];
   if (!existing)
@@ -1741,7 +1760,7 @@ function handleReleaseDelete(action, ctx) {
       transactionId,
       message: `Cannot delete release "${action.releaseId}" while it is "${state}". Archive it first.`
     });
-  if (!checkGrant(grants.update, existing))
+  if (!checkGrant(grants.update, existing, identity))
     throw new PermissionActionError({
       documentId: releaseDocumentId,
       transactionId,
@@ -1754,7 +1773,7 @@ function handleReleaseDelete(action, ctx) {
   }), { base, working };
 }
 function handleReleaseEdit(action, ctx) {
-  const { transactionId, timestamp, grants, outgoingActions, outgoingMutations } = ctx, { base, working } = ctx, releaseDocumentId = getReleaseDocumentId(action.releaseId), result = applySingleDocPatch({
+  const { transactionId, timestamp, grants, outgoingActions, outgoingMutations, identity } = ctx, { base, working } = ctx, releaseDocumentId = getReleaseDocumentId(action.releaseId), result = applySingleDocPatch({
     base,
     working,
     documentId: releaseDocumentId,
@@ -1762,6 +1781,7 @@ function handleReleaseEdit(action, ctx) {
     transactionId,
     timestamp,
     grants,
+    identity,
     notFoundMessage: `Cannot edit release "${action.releaseId}" because it does not exist.`,
     permissionMessage: `You do not have permission to edit release "${action.releaseId}".`
   });
@@ -1774,14 +1794,14 @@ function handleReleaseEdit(action, ctx) {
   ), { base: result.base, working: result.working };
 }
 function handleReleasePublish(action, ctx) {
-  const { base, working, grants, outgoingActions, transactionId } = ctx, releaseDocumentId = getReleaseDocumentId(action.releaseId), existing = working[releaseDocumentId] ?? base[releaseDocumentId];
+  const { base, working, grants, outgoingActions, transactionId, identity } = ctx, releaseDocumentId = getReleaseDocumentId(action.releaseId), existing = working[releaseDocumentId] ?? base[releaseDocumentId];
   if (!existing)
     throw new ActionError({
       documentId: releaseDocumentId,
       transactionId,
       message: `Cannot publish release "${action.releaseId}" because it does not exist.`
     });
-  if (!checkGrant(grants.update, existing))
+  if (!checkGrant(grants.update, existing, identity))
     throw new PermissionActionError({
       documentId: releaseDocumentId,
       transactionId,
@@ -1793,7 +1813,7 @@ function handleReleasePublish(action, ctx) {
   }), { base, working };
 }
 function handleReleaseSchedule(action, ctx) {
-  const { base, working, grants, outgoingActions, transactionId } = ctx, releaseDocumentId = getReleaseDocumentId(action.releaseId);
+  const { base, working, grants, outgoingActions, transactionId, identity } = ctx, releaseDocumentId = getReleaseDocumentId(action.releaseId);
   if (Number.isNaN(Date.parse(action.publishAt)))
     throw new ActionError({
       documentId: releaseDocumentId,
@@ -1807,7 +1827,7 @@ function handleReleaseSchedule(action, ctx) {
       transactionId,
       message: `Cannot schedule release "${action.releaseId}" because it does not exist.`
     });
-  if (!checkGrant(grants.update, existing))
+  if (!checkGrant(grants.update, existing, identity))
     throw new PermissionActionError({
       documentId: releaseDocumentId,
       transactionId,
@@ -1820,14 +1840,14 @@ function handleReleaseSchedule(action, ctx) {
   }), { base, working };
 }
 function handleReleaseUnschedule(action, ctx) {
-  const { base, working, grants, outgoingActions, transactionId } = ctx, releaseDocumentId = getReleaseDocumentId(action.releaseId), existing = working[releaseDocumentId] ?? base[releaseDocumentId];
+  const { base, working, grants, outgoingActions, transactionId, identity } = ctx, releaseDocumentId = getReleaseDocumentId(action.releaseId), existing = working[releaseDocumentId] ?? base[releaseDocumentId];
   if (!existing)
     throw new ActionError({
       documentId: releaseDocumentId,
       transactionId,
       message: `Cannot unschedule release "${action.releaseId}" because it does not exist.`
     });
-  if (!checkGrant(grants.update, existing))
+  if (!checkGrant(grants.update, existing, identity))
     throw new PermissionActionError({
       documentId: releaseDocumentId,
       transactionId,
@@ -1839,7 +1859,7 @@ function handleReleaseUnschedule(action, ctx) {
   }), { base, working };
 }
 function handleUnpublish(action, ctx) {
-  const { transactionId, timestamp, grants, outgoingActions, outgoingMutations } = ctx;
+  const { transactionId, timestamp, grants, identity, outgoingActions, outgoingMutations } = ctx;
   let { base, working } = ctx;
   const documentId = getId(action.documentId);
   if (action.liveEdit || isReleasePerspective(action.perspective))
@@ -1859,13 +1879,13 @@ function handleUnpublish(action, ctx) {
     { delete: { id: publishedId } },
     { createIfNotExists: newDraftFromPublished }
   ];
-  if (!checkGrant(grants.update, sourceDoc))
+  if (!checkGrant(grants.update, sourceDoc, identity))
     throw new PermissionActionError({
       documentId,
       transactionId,
       message: `You do not have permission to unpublish the document "${documentId}".`
     });
-  if (!working[draftId] && !checkGrant(grants.create, newDraftFromPublished))
+  if (!working[draftId] && !checkGrant(grants.create, newDraftFromPublished, identity))
     throw new PermissionActionError({
       documentId,
       transactionId,
@@ -1891,7 +1911,8 @@ function processActions({
   working: initialWorking,
   base: initialBase,
   timestamp,
-  grants
+  grants,
+  identity
 }) {
   let base = { ...initialBase }, working = { ...initialWorking };
   const outgoingActions = [], outgoingMutations = [], liveEditAction = actions.find((action) => !isReleaseAction(action) && action.liveEdit), otherAction = actions.find((action) => isReleaseAction(action) || !action.liveEdit);
@@ -1908,6 +1929,7 @@ function processActions({
       transactionId,
       timestamp,
       grants,
+      identity,
       outgoingActions,
       outgoingMutations
     });
@@ -1992,7 +2014,8 @@ function applyFirstQueuedTransaction(prev) {
     working,
     base: working,
     timestamp,
-    grants: prev.grants
+    grants: prev.grants,
+    identity: prev.identity
   }), applied = {
     ...queued,
     ...result,
@@ -2114,7 +2137,7 @@ function revertOutgoingTransaction(prev) {
   const nextApplied = [];
   for (const t of prev.applied)
     try {
-      const next = processActions({ ...t, working, grants: prev.grants });
+      const next = processActions({ ...t, working, grants: prev.grants, identity: prev.identity });
       working = next.working, nextApplied.push({ ...t, ...next });
     } catch (error) {
       if (error instanceof ActionError) continue;
@@ -2161,7 +2184,7 @@ function applyRemoteDocument(prev, { document, documentId, previousRev, revision
   const nextApplied = [];
   for (const curr of prev.applied)
     try {
-      const next = processActions({ ...curr, working, grants: prev.grants });
+      const next = processActions({ ...curr, working, grants: prev.grants, identity: prev.identity });
       working = next.working, nextApplied.push({ ...curr, ...next });
     } catch (error) {
       if (error instanceof ActionError) {
@@ -2349,7 +2372,8 @@ const documentStore = defineStore({
       subscribeToQueuedAndApplyNextTransaction(context),
       subscribeToSubscriptionsAndListenToDocuments(context),
       subscribeToAppliedAndSubmitNextTransaction(context),
-      subscribeToClientAndFetchDatasetAcl(context)
+      subscribeToClientAndFetchDatasetAcl(context),
+      subscribeToCurrentUserAndSetIdentity(context)
     ];
     return () => {
       sharedListener.dispose(), subscriptions.forEach((subscription) => subscription.unsubscribe());
@@ -2542,8 +2566,15 @@ const _resolveDocument = bindActionByResource(
     mergeMap$1(
       (group) => group.pipe(
         switchMap((e) => e.add ? listen(context, e.id).pipe(
-          catchError$1((error) => {
-            throw error instanceof OutOfSyncError && listen(context, e.id), error;
+          retry({
+            delay: (error, retryCount) => {
+              if (!(error instanceof OutOfSyncError)) return throwError(() => error);
+              const backoff = Math.min(
+                OUT_OF_SYNC_RETRY_BASE_DELAY * 2 ** (retryCount - 1),
+                OUT_OF_SYNC_RETRY_MAX_DELAY
+              );
+              return timer(backoff);
+            }
           }),
           tap$1(
             (remote) => state.set(
@@ -2582,15 +2613,58 @@ const _resolveDocument = bindActionByResource(
   ).subscribe({
     error: (error) => state.set("setError", { error })
   });
-};
+}, subscribeToCurrentUserAndSetIdentity = ({
+  instance,
+  state
+}) => getCurrentUserState(instance).observable.subscribe({
+  next: (currentUser) => state.set("setIdentity", { identity: currentUser?.id }),
+  // A transient identity-fetch failure (network blip, expired token, or a
+  // normal logout/re-login transition) should not brick all document
+  // operations. Reset the identity to `undefined` and keep going — GROQ's
+  // `identity()` then evaluates to null, matching the unauthenticated state.
+  error: () => state.set("setIdentity", { identity: void 0 })
+}), MEDIA_LIBRARY_DRAFTED_TYPES = /* @__PURE__ */ new Set(["sanity.asset"]);
+function getEffectiveDocumentModel(resource, documentType) {
+  return resource ? isCanvasResource(resource) ? { liveEdit: !0, supportsReleases: !1 } : isMediaLibraryResource(resource) ? { liveEdit: !(documentType && MEDIA_LIBRARY_DRAFTED_TYPES.has(documentType)), supportsReleases: !1 } : { liveEdit: void 0, supportsReleases: !0 } : { liveEdit: void 0, supportsReleases: !0 };
+}
+function describeResource(resource) {
+  return resource && isCanvasResource(resource) ? "Canvas" : resource && isMediaLibraryResource(resource) ? "Media Library" : "this resource";
+}
+function normalizeActionsForResource(actions, resource) {
+  const stripped = [], normalized = actions.map((action) => {
+    if (action.type !== "document.edit") return action;
+    const { liveEdit: forcedLiveEdit, supportsReleases } = getEffectiveDocumentModel(
+      resource,
+      action.documentType
+    ), shouldRemovePerspective = isReleasePerspective(action.perspective) && !supportsReleases, shouldForceLiveEdit = forcedLiveEdit === !0 && !action.liveEdit;
+    if (!shouldRemovePerspective && !shouldForceLiveEdit) return action;
+    const corrected = { ...action };
+    return shouldForceLiveEdit && (corrected.liveEdit = !0), shouldRemovePerspective && (corrected.perspective = void 0), corrected.documentId = getEffectiveDocumentId({
+      ...corrected,
+      documentId: getPublishedId(DocumentId(corrected.documentId))
+    }), shouldRemovePerspective && stripped.push({ documentType: action.documentType, documentId: corrected.documentId }), corrected;
+  });
+  if (stripped.length > 0) {
+    const docs = stripped.map((e) => `${e.documentType} (${e.documentId})`).join(", ");
+    console.warn(
+      `[sanity-sdk] ${describeResource(resource)} does not support release perspectives \u2014 falling back to the standard editing path for: ${docs}`
+    );
+  }
+  return normalized;
+}
 function applyDocumentActions(...args) {
   return boundApplyDocumentActions(...args);
 }
 const boundApplyDocumentActions = bindActionByResource(documentStore, _applyDocumentActions);
-async function _applyDocumentActions({ state }, { actions, transactionId = crypto.randomUUID(), disableBatching }) {
-  const { events } = state.get(), transaction = {
+async function _applyDocumentActions({ state }, {
+  actions,
+  resource,
+  transactionId = crypto.randomUUID(),
+  disableBatching
+}) {
+  const { events } = state.get(), normalizedActions = normalizeActionsForResource(actions, resource), transaction = {
     transactionId,
-    actions,
+    actions: normalizedActions,
     ...disableBatching && { disableBatching }
   }, fatalError$ = state.observable.pipe(
     map$1((s) => s.error),