@sanity/sdk 2.2.0 → 2.3.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sanity/sdk",
-  "version": "2.2.0",
+  "version": "2.3.1",
   "private": false,
   "description": "Sanity SDK",
   "keywords": [
@@ -43,7 +43,7 @@
   "prettier": "@sanity/prettier-config",
   "dependencies": {
     "@sanity/bifur-client": "^0.4.1",
-    "@sanity/client": "^7.10.0",
+    "@sanity/client": "^7.12.0",
     "@sanity/comlink": "^3.0.4",
     "@sanity/diff-match-patch": "^3.2.0",
     "@sanity/diff-patch": "^6.0.0",
@@ -52,6 +52,7 @@
     "@sanity/mutate": "^0.12.4",
     "@sanity/types": "^3.83.0",
     "groq": "3.88.1-typegen-experimental.0",
+    "groq-js": "^1.19.0",
     "lodash-es": "^4.17.21",
     "reselect": "^5.1.1",
     "rxjs": "^7.8.2",
@@ -64,17 +65,16 @@
     "@types/lodash-es": "^4.17.12",
     "@vitest/coverage-v8": "3.1.2",
     "eslint": "^9.22.0",
-    "groq-js": "^1.16.1",
     "prettier": "^3.5.3",
     "rollup-plugin-visualizer": "^5.14.0",
     "typescript": "^5.8.3",
     "vite": "^6.3.4",
     "vitest": "^3.1.2",
     "@repo/config-eslint": "0.0.0",
-    "@repo/config-test": "0.0.1",
-    "@repo/package.config": "0.0.1",
     "@repo/package.bundle": "3.82.0",
-    "@repo/tsconfig": "0.0.1"
+    "@repo/package.config": "0.0.1",
+    "@repo/tsconfig": "0.0.1",
+    "@repo/config-test": "0.0.1"
   },
   "engines": {
     "node": ">=20.0.0"

package/src/_exports/index.ts

@@ -157,6 +157,7 @@ export {
 export {type FetcherStore, type FetcherStoreState} from '../utils/createFetcherStore'
 export {createGroqSearchFilter} from '../utils/createGroqSearchFilter'
 export {defineIntent, type Intent, type IntentFilter} from '../utils/defineIntent'
+export {getCorsErrorProjectId} from '../utils/getCorsErrorProjectId'
 export {CORE_SDK_VERSION} from '../version'
 export {
   getIndexForKey,

package/src/auth/authStore.test.ts

@@ -237,6 +237,7 @@ describe('authStore', () => {
     it('sets to logged in using studio token when studio mode is enabled and token exists', () => {
       const studioToken = 'studio-token'
       const projectId = 'studio-project'
+      const studioStorageKey = `__studio_auth_token_${projectId}`
       const mockStorage = {
         getItem: vi.fn(),
         setItem: vi.fn(),
@@ -252,40 +253,38 @@ describe('authStore', () => {
       })
 
       const {authState, options} = authStore.getInitialState(instance)
-      expect(getStudioTokenFromLocalStorage).toHaveBeenCalledWith(mockStorage, projectId)
+      expect(getStudioTokenFromLocalStorage).toHaveBeenCalledWith(mockStorage, studioStorageKey)
       expect(authState).toMatchObject({type: AuthStateType.LOGGED_IN, token: studioToken})
       expect(options.authMethod).toBe('localstorage')
     })
 
-    it('checks for cookie auth when studio mode is enabled and no studio token exists', async () => {
-      vi.useFakeTimers()
+    it('checks for cookie auth during initialize when studio mode is enabled and no studio token exists', () => {
       const projectId = 'studio-project'
+      const studioStorageKey = `__studio_auth_token_${projectId}`
       const mockStorage = {
         getItem: vi.fn(),
         setItem: vi.fn(),
         removeItem: vi.fn(),
       } as unknown as Storage // Mock storage
       vi.mocked(getStudioTokenFromLocalStorage).mockReturnValue(null)
-      // Mock cookie check to return true asynchronously
       vi.mocked(checkForCookieAuth).mockResolvedValue(true)
 
       instance = createSanityInstance({
         projectId,
         dataset: 'd',
         studioMode: {enabled: true},
-        auth: {storageArea: mockStorage}, // Provide mock storage
+        auth: {storageArea: mockStorage},
       })
 
-      // Initial state might be logged out before the async check completes
+      // Verify initial state without async cookie probe
       const {authState: initialAuthState} = authStore.getInitialState(instance)
-      expect(initialAuthState.type).toBe(AuthStateType.LOGGED_OUT) // Or potentially logging in depending on other factors
-      expect(getStudioTokenFromLocalStorage).toHaveBeenCalledWith(mockStorage, projectId)
-      expect(checkForCookieAuth).toHaveBeenCalledWith(projectId, expect.any(Function))
+      expect(initialAuthState.type).toBe(AuthStateType.LOGGED_OUT)
+      expect(getStudioTokenFromLocalStorage).toHaveBeenCalledWith(mockStorage, studioStorageKey)
 
-      // Wait for the promise in getInitialState to resolve
-      await vi.runAllTimersAsync()
+      // Trigger store creation + initialize
+      getAuthState(instance)
 
-      vi.useRealTimers()
+      expect(checkForCookieAuth).toHaveBeenCalledWith(projectId, expect.any(Function))
     })
 
     it('falls back to default auth (storage token) when studio mode is disabled', () => {
@@ -573,14 +572,7 @@ describe('authStore', () => {
       expect(initialOrgId.getCurrent()).toBe('initial-org-id')
 
       // Call handleCallback with the callback URL
-      await handleAuthCallback(instance, callbackUrl) // Use await as handleAuthCallback is async
-
-      // Wait for the state update to be reflected in the selector
-      await vi.waitUntil(
-        () => getDashboardOrganizationId(instance).getCurrent() === 'callback-org-id',
-      )
-      // Add a microtask yield just in case
-      await new Promise((resolve) => setTimeout(resolve, 0))
+      await handleAuthCallback(instance, callbackUrl)
 
       // Check that the orgId from the callback context is now set
       const finalOrgId = getDashboardOrganizationId(instance)

package/src/auth/authStore.ts

@@ -67,7 +67,11 @@ export interface DashboardContext {
   orgId?: string
 }
 
-type AuthMethodOptions = 'localstorage' | 'cookie' | undefined
+/**
+ * The method of authentication used.
+ * @internal
+ */
+export type AuthMethodOptions = 'localstorage' | 'cookie' | undefined
 
 let tokenRefresherRunning = false
 
@@ -105,7 +109,8 @@ export const authStore = defineStore<AuthStoreState>({
     } = instance.config.auth ?? {}
     let storageArea = instance.config.auth?.storageArea
 
-    const storageKey = `__sanity_auth_token`
+    let storageKey = `__sanity_auth_token`
+    const studioModeEnabled = instance.config.studioMode?.enabled
 
     // This login URL will only be used for local development
     let loginDomain = 'https://www.sanity.io'
@@ -149,23 +154,21 @@ export const authStore = defineStore<AuthStoreState>({
       console.error('Failed to parse dashboard context from initial location:', err)
     }
 
-    if (!isInDashboard) {
+    if (!isInDashboard || studioModeEnabled) {
       // If not in dashboard, use the storage area from the config
+      // If studio mode is enabled, use the local storage area (default)
       storageArea = storageArea ?? getDefaultStorage()
     }
 
     let token: string | null
     let authMethod: AuthMethodOptions
-    if (instance.config.studioMode?.enabled) {
-      token = getStudioTokenFromLocalStorage(storageArea, instance.config.projectId)
+    if (studioModeEnabled) {
+      // In studio mode, always use the studio-specific storage key and subscribe to it
+      const studioStorageKey = `__studio_auth_token_${instance.config.projectId ?? ''}`
+      storageKey = studioStorageKey
+      token = getStudioTokenFromLocalStorage(storageArea, studioStorageKey)
       if (token) {
         authMethod = 'localstorage'
-      } else {
-        checkForCookieAuth(instance.config.projectId, clientFactory).then((isCookieAuthEnabled) => {
-          if (isCookieAuthEnabled) {
-            authMethod = 'cookie'
-          }
-        })
       }
     } else {
       token = getTokenFromStorage(storageArea, storageKey)
@@ -177,14 +180,16 @@ export const authStore = defineStore<AuthStoreState>({
     let authState: AuthState
     if (providedToken) {
       authState = {type: AuthStateType.LOGGED_IN, token: providedToken, currentUser: null}
+    } else if (token && studioModeEnabled) {
+      authState = {type: AuthStateType.LOGGED_IN, token: token ?? '', currentUser: null}
     } else if (
       getAuthCode(callbackUrl, initialLocationHref) ||
       getTokenFromLocation(initialLocationHref)
     ) {
       authState = {type: AuthStateType.LOGGING_IN, isExchangingToken: false}
       // Note: dashboardContext from the callback URL can be set later in handleAuthCallback too
-    } else if (token && !isInDashboard) {
-      // Only use token from storage if NOT running in dashboard
+    } else if (token && !isInDashboard && !studioModeEnabled) {
+      // Only use token from storage if NOT running in dashboard and studio mode is not enabled
       authState = {type: AuthStateType.LOGGED_IN, token, currentUser: null}
     } else {
       // Default to logged out if no provided token, not handling callback,
@@ -212,11 +217,37 @@ export const authStore = defineStore<AuthStoreState>({
   initialize(context) {
     const subscriptions: Subscription[] = []
     subscriptions.push(subscribeToStateAndFetchCurrentUser(context))
-
-    if (context.state.get().options?.storageArea) {
+    const storageArea = context.state.get().options?.storageArea
+    if (storageArea) {
       subscriptions.push(subscribeToStorageEventsAndSetToken(context))
     }
 
+    // If in Studio mode with no local token, resolve cookie auth asynchronously
+    try {
+      const {instance, state} = context
+      const studioModeEnabled = !!instance.config.studioMode?.enabled
+      const token: string | null =
+        state.get().authState?.type === AuthStateType.LOGGED_IN
+          ? (state.get().authState as LoggedInAuthState).token
+          : null
+      if (studioModeEnabled && !token) {
+        const projectId = instance.config.projectId
+        const clientFactory = state.get().options.clientFactory
+        checkForCookieAuth(projectId, clientFactory).then((isCookieAuthEnabled) => {
+          if (!isCookieAuthEnabled) return
+          state.set('enableCookieAuth', (prev) => ({
+            options: {...prev.options, authMethod: 'cookie'},
+            authState:
+              prev.authState.type === AuthStateType.LOGGED_IN
+                ? prev.authState
+                : {type: AuthStateType.LOGGED_IN, token: '', currentUser: null},
+          }))
+        })
+      }
+    } catch {
+      // best-effort cookie detection
+    }
+
     if (!tokenRefresherRunning) {
       tokenRefresherRunning = true
       subscriptions.push(refreshStampedToken(context))

package/src/auth/studioModeAuth.test.ts

@@ -96,7 +96,7 @@ describe('getStudioTokenFromLocalStorage', () => {
     expect(getTokenFromStorageSpy).not.toHaveBeenCalled()
   })
 
-  it('should return null if projectId is undefined', () => {
+  it('should return null if storageKey is undefined', () => {
     const result = getStudioTokenFromLocalStorage(storageArea, undefined)
     expect(result).toBeNull()
     expect(getTokenFromStorageSpy).not.toHaveBeenCalled()
@@ -104,19 +104,19 @@ describe('getStudioTokenFromLocalStorage', () => {
 
   it('should call getTokenFromStorage with correct key', () => {
     getTokenFromStorageSpy.mockReturnValue(null) // Assume token not found for this test
-    getStudioTokenFromLocalStorage(storageArea, projectId)
+    getStudioTokenFromLocalStorage(storageArea, studioStorageKey)
     expect(getTokenFromStorageSpy).toHaveBeenCalledWith(storageArea, studioStorageKey)
   })
 
   it('should return the token if found in storage', () => {
     getTokenFromStorageSpy.mockReturnValue(mockToken)
-    const result = getStudioTokenFromLocalStorage(storageArea, projectId)
+    const result = getStudioTokenFromLocalStorage(storageArea, studioStorageKey)
     expect(result).toBe(mockToken)
   })
 
   it('should return null if token is not found in storage', () => {
     getTokenFromStorageSpy.mockReturnValue(null)
-    const result = getStudioTokenFromLocalStorage(storageArea, projectId)
+    const result = getStudioTokenFromLocalStorage(storageArea, studioStorageKey)
     expect(result).toBeNull()
   })
 })

package/src/auth/studioModeAuth.ts

@@ -33,17 +33,16 @@ export async function checkForCookieAuth(
 /**
  * Attempts to retrieve a studio token from local storage.
  * @param storageArea - The storage area to retrieve the token from.
- * @param projectId - The project ID to retrieve the token for.
+ * @param storageKey - The storage key to retrieve the token from.
  * @returns The studio token or null if it does not exist.
  * @internal
  */
 export function getStudioTokenFromLocalStorage(
   storageArea: Storage | undefined,
-  projectId: string | undefined,
+  storageKey: string | undefined,
 ): string | null {
-  if (!storageArea || !projectId) return null
-  const studioStorageKey = `__studio_auth_token_${projectId}`
-  const token = getTokenFromStorage(storageArea, studioStorageKey)
+  if (!storageArea || !storageKey) return null
+  const token = getTokenFromStorage(storageArea, storageKey)
   if (token) {
     return token
   }

package/src/auth/subscribeToStateAndFetchCurrentUser.ts

@@ -4,32 +4,43 @@ import {distinctUntilChanged, filter, map, type Subscription, switchMap} from 'r
 import {type StoreContext} from '../store/defineStore'
 import {DEFAULT_API_VERSION, REQUEST_TAG_PREFIX} from './authConstants'
 import {AuthStateType} from './authStateType'
-import {type AuthState, type AuthStoreState} from './authStore'
+import {type AuthMethodOptions, type AuthState, type AuthStoreState} from './authStore'
 
 export const subscribeToStateAndFetchCurrentUser = ({
   state,
+  instance,
 }: StoreContext<AuthStoreState>): Subscription => {
   const {clientFactory, apiHost} = state.get().options
+  const useProjectHostname = !!instance.config.studioMode?.enabled
+  const projectId = instance.config.projectId
 
   const currentUser$ = state.observable
     .pipe(
-      map(({authState}) => authState),
+      map(({authState, options}) => ({authState, authMethod: options.authMethod})),
       filter(
-        (authState): authState is Extract<AuthState, {type: AuthStateType.LOGGED_IN}> =>
-          authState.type === AuthStateType.LOGGED_IN && !authState.currentUser,
+        (
+          value,
+        ): value is {
+          authState: Extract<AuthState, {type: AuthStateType.LOGGED_IN}>
+          authMethod: AuthMethodOptions
+        } => value.authState.type === AuthStateType.LOGGED_IN && !value.authState.currentUser,
+      ),
+      map((value) => ({token: value.authState.token, authMethod: value.authMethod})),
+      distinctUntilChanged(
+        (prev, curr) => prev.token === curr.token && prev.authMethod === curr.authMethod,
       ),
-      map((authState) => authState.token),
-      distinctUntilChanged(),
     )
     .pipe(
-      map((token) =>
+      map(({token, authMethod}) =>
         clientFactory({
           apiVersion: DEFAULT_API_VERSION,
           requestTagPrefix: REQUEST_TAG_PREFIX,
-          token,
+          token: authMethod === 'cookie' ? undefined : token,
           ignoreBrowserTokenWarning: true,
-          useProjectHostname: false,
+          useProjectHostname,
           useCdn: false,
+          ...(authMethod === 'cookie' ? {withCredentials: true} : {}),
+          ...(useProjectHostname && projectId ? {projectId} : {}),
           ...(apiHost && {apiHost}),
         }),
       ),

package/src/auth/utils.test.ts

@@ -4,6 +4,7 @@ import {afterEach, beforeEach, describe, expect, it, vi} from 'vitest'
 import {AUTH_CODE_PARAM, DEFAULT_BASE} from './authConstants'
 import {
   getAuthCode,
+  getCleanedUrl,
   getDefaultLocation,
   getDefaultStorage,
   getStorageEvents,
@@ -230,3 +231,36 @@ describe('getTokenFromLocation', () => {
     expect(result).toBe(testToken)
   })
 })
+
+describe('getCleanedUrl', () => {
+  it('removes only token from hash when it is the only param', () => {
+    const url = 'http://example.com/page#token=abc'
+    const cleaned = getCleanedUrl(url)
+    expect(cleaned).toBe('http://example.com/page')
+  })
+
+  it('removes only token from hash and preserves other hash params', () => {
+    const url = 'http://example.com/page#token=abc&foo=bar'
+    const cleaned = getCleanedUrl(url)
+    expect(cleaned).toBe('http://example.com/page#foo=bar')
+  })
+
+  it('removes token when it appears among multiple hash params', () => {
+    const url = 'http://example.com/page#foo=bar&token=abc&baz=qux'
+    const cleaned = getCleanedUrl(url)
+    expect(cleaned).toBe('http://example.com/page#foo=bar&baz=qux')
+  })
+
+  it('removes sid and url from query string while preserving others', () => {
+    const url =
+      'http://example.com/callback?sid=s1&url=https%3A%2F%2Freturn.example%2Fdone&x=1#token=abc'
+    const cleaned = getCleanedUrl(url)
+    expect(cleaned).toBe('http://example.com/callback?x=1')
+  })
+
+  it('preserves non key-value hash fragments', () => {
+    const url = 'http://example.com/page#section'
+    const cleaned = getCleanedUrl(url)
+    expect(cleaned).toBe('http://example.com/page#section')
+  })
+})

package/src/auth/utils.ts

@@ -116,12 +116,20 @@ export function getDefaultLocation(): string {
 }
 
 /**
- * Cleans up the URL by removing the hash and the sid and url parameters.
+ * Cleans up the URL by removing the `token` from the hash and the `sid` and `url` search params.
  * @internal
  */
 export function getCleanedUrl(locationUrl: string): string {
   const loc = new URL(locationUrl)
-  loc.hash = ''
+  // Remove only the `token` param from the hash while preserving other fragments
+  const rawHash = loc.hash.startsWith('#') ? loc.hash.slice(1) : loc.hash
+  if (rawHash && rawHash.includes('=')) {
+    const hashParams = new URLSearchParams(rawHash)
+    hashParams.delete('token')
+    hashParams.delete('withSid')
+    const nextHash = hashParams.toString()
+    loc.hash = nextHash ? `#${nextHash}` : ''
+  }
   loc.searchParams.delete('sid')
   loc.searchParams.delete('url')
   return loc.toString()

package/src/document/permissions.test.ts

@@ -1,10 +1,9 @@
 import {type SanityDocument} from '@sanity/types'
-import {type ExprNode} from 'groq-js'
+import {evaluateSync, type ExprNode, parse} from 'groq-js'
 import {describe, expect, it} from 'vitest'
 
 import {createSanityInstance} from '../store/createSanityInstance'
 import {getDraftId, getPublishedId} from '../utils/ids'
-import {evaluateSync, parse} from './_synchronous-groq-js.mjs'
 import {type DocumentAction} from './actions'
 import {calculatePermissions, createGrantsLookup, type DatasetAcl, type Grant} from './permissions'
 import {type SyncTransactionState} from './reducers'
@@ -50,7 +49,7 @@ describe('createGrantsLookup', () => {
     ;(['read', 'update', 'create', 'history'] as Grant[]).forEach((key) => {
       expect(grants[key]).toBeDefined()
       // Evaluate the expression for the dummy document.
-      expect(evaluateSync(grants[key], {params: {document: dummyDoc}}).get()).toBe(true)
+      expect(evaluateSync(grants[key], {params: {document: dummyDoc}}).data).toBe(true)
     })
   })
 })

package/src/document/permissions.ts

@@ -1,11 +1,10 @@
 import {type SanityDocument} from '@sanity/types'
-import {type ExprNode} from 'groq-js'
+import {evaluateSync, type ExprNode, parse} from 'groq-js'
 import {createSelector} from 'reselect'
 
 import {type SelectorContext} from '../store/createStateSourceAction'
 import {getDraftId, getPublishedId} from '../utils/ids'
 import {MultiKeyWeakMap} from '../utils/MultiKeyWeakMap'
-import {evaluateSync, parse} from './_synchronous-groq-js.mjs'
 import {type DocumentAction} from './actions'
 import {ActionError, PermissionActionError, processActions} from './processActions'
 import {type DocumentSet} from './processMutations'
@@ -127,7 +126,8 @@ const memoizedActionsSelector = createSelector(
 )
 
 function checkGrant(grantExpr: ExprNode, document: SanityDocument): boolean {
-  return evaluateSync(grantExpr, {params: {document}}).get()
+  const value = evaluateSync(grantExpr, {params: {document}})
+  return value.type === 'boolean' && value.data
 }
 
 /** @beta */

package/src/document/processActions.test.ts

@@ -1,7 +1,7 @@
 import {type Reference, type SanityDocument} from '@sanity/types'
+import {parse} from 'groq-js'
 import {describe, expect, it} from 'vitest'
 
-import {parse} from './_synchronous-groq-js.mjs'
 import {type DocumentAction} from './actions'
 import {ActionError, processActions} from './processActions'
 import {type DocumentSet} from './processMutations'

package/src/document/processActions.ts

@@ -5,18 +5,18 @@ import {
   type Reference,
   type SanityDocument,
 } from '@sanity/types'
-import {type ExprNode} from 'groq-js'
+import {evaluateSync, type ExprNode} from 'groq-js'
 import {isEqual} from 'lodash-es'
 
 import {getDraftId, getPublishedId} from '../utils/ids'
-import {evaluateSync} from './_synchronous-groq-js.mjs'
 import {type DocumentAction} from './actions'
 import {type Grant} from './permissions'
 import {type DocumentSet, getId, processMutations} from './processMutations'
 import {type HttpAction} from './reducers'
 
 function checkGrant(grantExpr: ExprNode, document: SanityDocument): boolean {
-  return evaluateSync(grantExpr, {params: {document}}).get()
+  const value = evaluateSync(grantExpr, {params: {document}})
+  return value.type === 'boolean' && value.data
 }
 
 interface ProcessActionsOptions {

package/src/projection/getProjectionState.ts

@@ -12,11 +12,11 @@ import {
 import {hashString} from '../utils/hashString'
 import {getPublishedId, insecureRandomId} from '../utils/ids'
 import {projectionStore} from './projectionStore'
-import {type ProjectionStoreState, type ProjectionValuePending, type ValidProjection} from './types'
+import {type ProjectionStoreState, type ProjectionValuePending} from './types'
 import {PROJECTION_STATE_CLEAR_DELAY, STABLE_EMPTY_PROJECTION, validateProjection} from './util'
 
 export interface ProjectionOptions<
-  TProjection extends ValidProjection = ValidProjection,
+  TProjection extends string = string,
   TDocumentType extends string = string,
   TDataset extends string = string,
   TProjectId extends string = string,
@@ -28,7 +28,7 @@ export interface ProjectionOptions<
  * @beta
  */
 export function getProjectionState<
-  TProjection extends ValidProjection = ValidProjection,
+  TProjection extends string = string,
   TDocumentType extends string = string,
   TDataset extends string = string,
   TProjectId extends string = string,
@@ -75,13 +75,13 @@ export const _getProjectionState = bindActionByDataset(
   createStateSourceAction({
     selector: (
       {state}: SelectorContext<ProjectionStoreState>,
-      options: ProjectionOptions<ValidProjection, string, string, string>,
+      options: ProjectionOptions<string, string, string, string>,
     ): ProjectionValuePending<object> | undefined => {
       const documentId = getPublishedId(options.documentId)
       const projectionHash = hashString(options.projection)
       return state.values[documentId]?.[projectionHash] ?? STABLE_EMPTY_PROJECTION
     },
-    onSubscribe: ({state}, options: ProjectionOptions<ValidProjection, string, string, string>) => {
+    onSubscribe: ({state}, options: ProjectionOptions<string, string, string, string>) => {
       const {projection, ...docHandle} = options
       const subscriptionId = insecureRandomId()
       const documentId = getPublishedId(docHandle.documentId)

package/src/projection/projectionQuery.test.ts

@@ -1,12 +1,11 @@
 import {describe, expect, it} from 'vitest'
 
 import {createProjectionQuery, processProjectionQuery} from './projectionQuery'
-import {type ValidProjection} from './types'
 
 describe('createProjectionQuery', () => {
   it('creates a query and params for given ids and projections', () => {
     const ids = new Set(['doc1', 'doc2'])
-    const projectionHash: ValidProjection = '{title, description}'
+    const projectionHash = '{title, description}'
     const documentProjections = {
       doc1: {[projectionHash]: projectionHash},
       doc2: {[projectionHash]: projectionHash},
@@ -21,8 +20,8 @@ describe('createProjectionQuery', () => {
 
   it('handles multiple different projections', () => {
     const ids = new Set(['doc1', 'doc2'])
-    const projectionHash1: ValidProjection = '{title, description}'
-    const projectionHash2: ValidProjection = '{name, age}'
+    const projectionHash1 = '{title, description}'
+    const projectionHash2 = '{name, age}'
     const documentProjections = {
       doc1: {[projectionHash1]: projectionHash1},
       doc2: {[projectionHash2]: projectionHash2},
@@ -39,9 +38,9 @@ describe('createProjectionQuery', () => {
 
   it('filters out ids without projections', () => {
     const ids = new Set(['doc1', 'doc2', 'doc3'])
-    const projectionHash1: ValidProjection = '{title}'
+    const projectionHash1 = '{title}'
     // projectionHash2 missing intentionally
-    const projectionHash3: ValidProjection = '{name}'
+    const projectionHash3 = '{name}'
 
     const documentProjections = {
       doc1: {[projectionHash1]: projectionHash1},

package/src/projection/projectionQuery.ts

@@ -1,9 +1,6 @@
 import {getDraftId, getPublishedId} from '../utils/ids'
-import {
-  type DocumentProjections,
-  type DocumentProjectionValues,
-  type ValidProjection,
-} from './types'
+import {type DocumentProjections, type DocumentProjectionValues} from './types'
+import {validateProjection} from './util'
 
 export type ProjectionQueryResult = {
   _id: string
@@ -18,7 +15,7 @@ interface CreateProjectionQueryResult {
   params: Record<string, unknown>
 }
 
-type ProjectionMap = Record<string, {projection: ValidProjection; documentIds: Set<string>}>
+type ProjectionMap = Record<string, {projection: string; documentIds: Set<string>}>
 
 export function createProjectionQuery(
   documentIds: Set<string>,
@@ -31,7 +28,7 @@ export function createProjectionQuery(
 
       return Object.entries(projectionsForDoc).map(([projectionHash, projection]) => ({
         documentId: id,
-        projection,
+        projection: validateProjection(projection),
         projectionHash,
       }))
     })

package/src/projection/resolveProjection.test.ts

@@ -6,7 +6,7 @@ import {createSanityInstance, type SanityInstance} from '../store/createSanityIn
 import {type StateSource} from '../store/createStateSourceAction'
 import {getProjectionState} from './getProjectionState'
 import {resolveProjection} from './resolveProjection'
-import {type ProjectionValuePending, type ValidProjection} from './types'
+import {type ProjectionValuePending} from './types'
 
 vi.mock('./getProjectionState')
 
@@ -35,7 +35,7 @@ describe('resolveProjection', () => {
       documentId: 'doc123',
       documentType: 'movie',
     })
-    const projection = '{title}' as ValidProjection
+    const projection = '{title}'
 
     const result = await resolveProjection(instance, {...docHandle, projection})
 

package/src/projection/resolveProjection.ts

@@ -5,11 +5,11 @@ import {bindActionByDataset} from '../store/createActionBinder'
 import {type SanityInstance} from '../store/createSanityInstance'
 import {getProjectionState, type ProjectionOptions} from './getProjectionState'
 import {projectionStore} from './projectionStore'
-import {type ProjectionValuePending, type ValidProjection} from './types'
+import {type ProjectionValuePending} from './types'
 
 /** @beta */
 export function resolveProjection<
-  TProjection extends ValidProjection = ValidProjection,
+  TProjection extends string = string,
   TDocumentType extends string = string,
   TDataset extends string = string,
   TProjectId extends string = string,