@snackbase/sdk 0.1.1 → 0.3.0

package/dist/index.cjs

@@ -0,0 +1,2835 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+
+//#region src/types/config.ts
+const DEFAULT_CONFIG = {
+	timeout: 3e4,
+	enableAutoRefresh: true,
+	refreshBeforeExpiry: 300,
+	maxRetries: 3,
+	retryDelay: 1e3,
+	logLevel: "error",
+	enableLogging: false,
+	defaultAccount: void 0,
+	maxRealTimeRetries: 10,
+	realTimeReconnectionDelay: 1e3
+};
+
+//#endregion
+//#region src/utils/platform.ts
+/**
+* Detects the platform and returns the recommended storage backend.
+* - Web: localStorage
+* - React Native: asyncStorage
+*/
+function getAutoDetectedStorage() {
+	if (typeof navigator !== "undefined" && navigator.product === "ReactNative") return "asyncStorage";
+	if (typeof window !== "undefined" && typeof window.localStorage !== "undefined") return "localStorage";
+	return "memory";
+}
+
+//#endregion
+//#region src/core/errors.ts
+/**
+* Base error class for all SnackBase SDK errors.
+*/
+var SnackBaseError = class SnackBaseError extends Error {
+	code;
+	status;
+	details;
+	field;
+	retryable;
+	constructor(message, code, status, details, retryable = false, field, redirectUrl, authProvider, providerName) {
+		super(message);
+		this.redirectUrl = redirectUrl;
+		this.authProvider = authProvider;
+		this.providerName = providerName;
+		this.name = this.constructor.name;
+		this.code = code;
+		this.status = status;
+		this.details = details;
+		this.retryable = retryable;
+		this.field = field;
+		Object.setPrototypeOf(this, SnackBaseError.prototype);
+	}
+};
+/**
+* Thrown when authentication fails (401).
+*/
+var AuthenticationError = class AuthenticationError extends SnackBaseError {
+	constructor(message = "Authentication failed", details) {
+		super(message, "AUTHENTICATION_ERROR", 401, details, false);
+		Object.setPrototypeOf(this, AuthenticationError.prototype);
+	}
+};
+/**
+* Thrown when the user is not authorized to perform an action (403).
+*/
+var AuthorizationError = class AuthorizationError extends SnackBaseError {
+	constructor(message = "Not authorized", details) {
+		super(message, "AUTHORIZATION_ERROR", 403, details, false);
+		Object.setPrototypeOf(this, AuthorizationError.prototype);
+	}
+};
+/**
+* Thrown when an API key is restricted to superadmin users (403).
+*/
+var ApiKeyRestrictedError = class ApiKeyRestrictedError extends SnackBaseError {
+	constructor(message, details) {
+		super(message || "API keys are restricted to superadmin users. Please use JWT authentication.", "API_KEY_RESTRICTED", 403, details || {
+			suggestion: "Remove apiKey config and use login() instead",
+			documentation: "https://docs.snackbase.com/authentication/api-keys"
+		}, false);
+		Object.setPrototypeOf(this, ApiKeyRestrictedError.prototype);
+	}
+};
+/**
+* Thrown when email verification is required (401).
+*/
+var EmailVerificationRequiredError = class EmailVerificationRequiredError extends SnackBaseError {
+	constructor(message, details) {
+		super(message || "Please check your email inbox to verify your account before logging in.", "EMAIL_VERIFICATION_REQUIRED", 401, details || {
+			suggestion: "Click the verification link sent to your email address",
+			canResend: true
+		}, false);
+		Object.setPrototypeOf(this, EmailVerificationRequiredError.prototype);
+	}
+};
+/**
+* Thrown when a resource is not found (404).
+*/
+var NotFoundError = class NotFoundError extends SnackBaseError {
+	constructor(message = "Resource not found", details) {
+		super(message, "NOT_FOUND_ERROR", 404, details, false);
+		Object.setPrototypeOf(this, NotFoundError.prototype);
+	}
+};
+/**
+* Thrown when a conflict occurs (409).
+*/
+var ConflictError = class ConflictError extends SnackBaseError {
+	constructor(message = "Resource conflict", details) {
+		super(message, "CONFLICT_ERROR", 409, details, false);
+		Object.setPrototypeOf(this, ConflictError.prototype);
+	}
+};
+/**
+* Thrown when validation fails (422).
+*/
+var ValidationError = class ValidationError extends SnackBaseError {
+	fields;
+	constructor(message = "Validation failed", details) {
+		super(message, "VALIDATION_ERROR", 422, details, false, details?.field);
+		Object.setPrototypeOf(this, ValidationError.prototype);
+		if (details?.errors) this.fields = details.errors;
+	}
+};
+/**
+* Thrown when rate limit is exceeded (429).
+*/
+var RateLimitError = class RateLimitError extends SnackBaseError {
+	retryAfter;
+	constructor(message = "Rate limit exceeded", details, retryAfter) {
+		super(message, "RATE_LIMIT_ERROR", 429, details, true);
+		Object.setPrototypeOf(this, RateLimitError.prototype);
+		this.retryAfter = retryAfter;
+	}
+};
+/**
+* Thrown when a network failure occurs.
+*/
+var NetworkError = class NetworkError extends SnackBaseError {
+	constructor(message = "Network error", details) {
+		super(message, "NETWORK_ERROR", void 0, details, true);
+		Object.setPrototypeOf(this, NetworkError.prototype);
+	}
+};
+/**
+* Thrown when a request times out.
+*/
+var TimeoutError = class TimeoutError extends SnackBaseError {
+	constructor(message = "Request timed out", details) {
+		super(message, "TIMEOUT_ERROR", void 0, details, true);
+		Object.setPrototypeOf(this, TimeoutError.prototype);
+	}
+};
+/**
+* Thrown when a server error occurs (500+).
+*/
+var ServerError = class ServerError extends SnackBaseError {
+	constructor(message = "Internal server error", status = 500, details) {
+		super(message, "SERVER_ERROR", status, details, true);
+		Object.setPrototypeOf(this, ServerError.prototype);
+	}
+};
+
+//#endregion
+//#region src/core/http-client.ts
+/**
+* Robust HTTP client wrapping the fetch API.
+*/
+var HttpClient = class {
+	config;
+	requestInterceptors = [];
+	responseInterceptors = [];
+	errorInterceptors = [];
+	constructor(config) {
+		this.config = {
+			timeout: 3e4,
+			maxRetries: 3,
+			retryDelay: 1e3,
+			...config
+		};
+	}
+	addRequestInterceptor(interceptor) {
+		this.requestInterceptors.push(interceptor);
+	}
+	addResponseInterceptor(interceptor) {
+		this.responseInterceptors.push(interceptor);
+	}
+	addErrorInterceptor(interceptor) {
+		this.errorInterceptors.push(interceptor);
+	}
+	async request(req) {
+		let currentReq = {
+			url: req.url || "",
+			method: req.method || "GET",
+			headers: req.headers || {},
+			body: req.body,
+			params: req.params,
+			timeout: req.timeout ?? this.config.timeout,
+			signal: req.signal
+		};
+		const startTime = Date.now();
+		const requestId = Math.random().toString(36).substring(7);
+		try {
+			for (const interceptor of this.requestInterceptors) currentReq = await interceptor(currentReq);
+			const fullUrl = this.resolveUrl(currentReq.url, currentReq);
+			if (this.config.logger) this.config.logger.debug(`[${requestId}] Request: ${currentReq.method} ${fullUrl}`, {
+				headers: currentReq.headers,
+				body: currentReq.body
+			});
+			const controller = new AbortController();
+			const { signal } = controller;
+			if (currentReq.signal) currentReq.signal.addEventListener("abort", () => controller.abort());
+			const timeoutId = setTimeout(() => controller.abort(), currentReq.timeout);
+			let retryCount = 0;
+			const executeFetch = async () => {
+				try {
+					const fetchOptions = {
+						method: currentReq.method,
+						headers: currentReq.headers,
+						body: currentReq.body ? JSON.stringify(currentReq.body) : void 0,
+						signal
+					};
+					const response = await fetch(fullUrl, fetchOptions);
+					clearTimeout(timeoutId);
+					let data;
+					const contentType = response.headers.get("content-type");
+					if (contentType && contentType.includes("application/json")) data = await response.json();
+					else data = await response.text();
+					let httpResponse = {
+						data,
+						status: response.status,
+						headers: response.headers,
+						request: currentReq
+					};
+					const duration = Date.now() - startTime;
+					if (this.config.logger) {
+						this.config.logger.debug(`[${requestId}] Response: ${response.status} (${duration}ms)`, {
+							status: response.status,
+							headers: response.headers,
+							data
+						});
+						if (duration > 1e3) this.config.logger.warn(`[${requestId}] Slow request detected: ${currentReq.method} ${fullUrl} took ${duration}ms`);
+					}
+					for (const interceptor of this.responseInterceptors) httpResponse = await interceptor(httpResponse);
+					return httpResponse;
+				} catch (error) {
+					clearTimeout(timeoutId);
+					let processedError = error;
+					if (error.name === "AbortError") processedError = new TimeoutError(`Request timed out after ${currentReq.timeout}ms`);
+					else if (!(error instanceof Error)) processedError = new NetworkError(error.message || "Network request failed", error);
+					for (const interceptor of this.errorInterceptors) try {
+						processedError = await interceptor(processedError);
+					} catch (interceptorError) {
+						processedError = interceptorError;
+					}
+					if (this.shouldRetry(processedError, retryCount)) {
+						retryCount++;
+						const delay = this.calculateRetryDelay(retryCount);
+						if (this.config.logger) this.config.logger.info(`[${requestId}] Retrying request (attempt ${retryCount}/${this.config.maxRetries})...`);
+						await new Promise((resolve) => setTimeout(resolve, delay));
+						return executeFetch();
+					}
+					throw processedError;
+				}
+			};
+			return await executeFetch();
+		} catch (error) {
+			const duration = Date.now() - startTime;
+			if (this.config.logger) this.config.logger.error(`[${requestId}] Request failed (${duration}ms): ${error.message}`, error);
+			throw error;
+		}
+	}
+	async get(url, config) {
+		return this.request({
+			...config,
+			url,
+			method: "GET"
+		});
+	}
+	async post(url, body, config) {
+		return this.request({
+			...config,
+			url,
+			method: "POST",
+			body
+		});
+	}
+	async put(url, body, config) {
+		return this.request({
+			...config,
+			url,
+			method: "PUT",
+			body
+		});
+	}
+	async patch(url, body, config) {
+		return this.request({
+			...config,
+			url,
+			method: "PATCH",
+			body
+		});
+	}
+	async delete(url, config) {
+		return this.request({
+			...config,
+			url,
+			method: "DELETE"
+		});
+	}
+	resolveUrl(url, currentReq) {
+		if (url.startsWith("http://") || url.startsWith("https://")) return url;
+		let fullUrl = `${this.config.baseUrl.endsWith("/") ? this.config.baseUrl : `${this.config.baseUrl}/`}${url.startsWith("/") ? url.slice(1) : url}`;
+		if (currentReq?.params) {
+			const urlObj = new URL(fullUrl);
+			Object.entries(currentReq.params).forEach(([key, value]) => {
+				if (value !== void 0) urlObj.searchParams.append(key, String(value));
+			});
+			fullUrl = urlObj.toString();
+		}
+		return fullUrl;
+	}
+	shouldRetry(error, retryCount) {
+		if (retryCount >= this.config.maxRetries) return false;
+		return error.retryable === true;
+	}
+	calculateRetryDelay(retryCount) {
+		return this.config.retryDelay * Math.pow(2, retryCount - 1);
+	}
+};
+
+//#endregion
+//#region src/core/logger.ts
+let LogLevel = /* @__PURE__ */ function(LogLevel) {
+	LogLevel[LogLevel["NONE"] = 0] = "NONE";
+	LogLevel[LogLevel["ERROR"] = 1] = "ERROR";
+	LogLevel[LogLevel["WARN"] = 2] = "WARN";
+	LogLevel[LogLevel["INFO"] = 3] = "INFO";
+	LogLevel[LogLevel["DEBUG"] = 4] = "DEBUG";
+	return LogLevel;
+}({});
+var Logger = class {
+	level;
+	handlers = [];
+	logs = [];
+	maxLogs = 1e3;
+	constructor(level = LogLevel.NONE) {
+		this.level = level;
+		this.handlers.push((entry) => {
+			const { level, message, data } = entry;
+			const args = data ? [message, data] : [message];
+			switch (level) {
+				case LogLevel.ERROR:
+					console.error("[SnackBase]", ...args);
+					break;
+				case LogLevel.WARN:
+					console.warn("[SnackBase]", ...args);
+					break;
+				case LogLevel.INFO:
+					console.info("[SnackBase]", ...args);
+					break;
+				case LogLevel.DEBUG:
+					console.debug("[SnackBase]", ...args);
+					break;
+			}
+		});
+		this.handlers.push((entry) => {
+			this.logs.push(entry);
+			if (this.logs.length > this.maxLogs) this.logs.shift();
+		});
+	}
+	setLevel(level) {
+		this.level = level;
+	}
+	getLogs() {
+		return [...this.logs];
+	}
+	clearLogs() {
+		this.logs = [];
+	}
+	log(level, message, data) {
+		if (this.level < level) return;
+		const entry = {
+			timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+			level,
+			message,
+			data
+		};
+		this.handlers.forEach((handler) => handler(entry));
+	}
+	error(message, data) {
+		this.log(LogLevel.ERROR, message, data);
+	}
+	warn(message, data) {
+		this.log(LogLevel.WARN, message, data);
+	}
+	info(message, data) {
+		this.log(LogLevel.INFO, message, data);
+	}
+	debug(message, data) {
+		this.log(LogLevel.DEBUG, message, data);
+	}
+};
+
+//#endregion
+//#region src/core/interceptors.ts
+/**
+* Interceptor to set Content-Type: application/json for requests with a body.
+*/
+const contentTypeInterceptor = (request) => {
+	if (request.body && !request.headers["Content-Type"]) request.headers["Content-Type"] = "application/json";
+	return request;
+};
+/**
+* Interceptor to inject Authorization and API Key headers.
+*/
+const createAuthInterceptor = (getToken, apiKey) => {
+	return (request) => {
+		const isUserSpecific = request.url.includes("/auth/oauth/") || request.url.includes("/auth/saml/");
+		if (apiKey && !isUserSpecific) {
+			if (!(request.url.includes("/auth/login") || request.url.includes("/auth/register"))) request.headers["X-API-Key"] = apiKey;
+		}
+		const token = getToken();
+		if (token) request.headers["Authorization"] = `Bearer ${token}`;
+		return request;
+	};
+};
+/**
+* Interceptor to normalize error responses into SnackBaseError instances.
+*/
+const errorNormalizationInterceptor = (response) => {
+	if (response.status >= 400) throw createErrorFromResponse(response);
+	return response;
+};
+/**
+* Error interceptor to handle raw fetch errors.
+*/
+const errorInterceptor = (error) => {
+	if (error instanceof SnackBaseError) throw error;
+	if (error instanceof Error) {
+		if (error.name === "AbortError") return error;
+		throw new NetworkError(error.message, error);
+	}
+	throw new NetworkError(String(error), error);
+};
+/**
+* Creates a specific SnackBaseError based on the response status and body.
+*/
+function createErrorFromResponse(response) {
+	const { status, data } = response;
+	const message = data?.message || data?.error || "An unexpected error occurred";
+	switch (status) {
+		case 401: return new AuthenticationError(message, data);
+		case 403: return new AuthorizationError(message, data);
+		case 404: return new NotFoundError(message, data);
+		case 409: return new ConflictError(message, data);
+		case 422: return new ValidationError(message, data);
+		case 429:
+			const retryAfter = response.headers.get("Retry-After") || data?.retryAfter;
+			return new RateLimitError(message, data, retryAfter ? parseInt(retryAfter, 10) : void 0);
+		default:
+			if (status >= 500) return new ServerError(message, status, data);
+			return new SnackBaseError(message, "UNKNOWN_ERROR", status, data, false);
+	}
+}
+/**
+* Enhanced error interceptor to handle 403 API key errors and preserve redirects.
+*/
+const createAuthErrorInterceptor = (onAuthError) => {
+	return (error) => {
+		if (error.status === 403 && error.details) {
+			const detail = error.details.detail || error.details.message || "";
+			if (detail.includes("superadmin") || detail.includes("restricted")) {
+				const restrictedError = new ApiKeyRestrictedError(detail, error.details);
+				if (onAuthError) onAuthError(restrictedError);
+				throw restrictedError;
+			}
+		}
+		if (error.status === 403 && error.details?.redirect_url) {
+			error.redirectUrl = error.details.redirect_url;
+			error.authProvider = error.details.auth_provider;
+			error.providerName = error.details.provider_name;
+		}
+		if (error.status === 401 && error.details) {
+			const detail = error.details.detail || error.details.message || "";
+			if (detail.includes("verify") || detail.includes("email")) {
+				const verificationError = new EmailVerificationRequiredError(detail, error.details);
+				if (onAuthError) onAuthError(verificationError);
+				throw verificationError;
+			}
+		}
+		if (error.status === 401 || error.status === 403) {
+			if (onAuthError) onAuthError(error);
+		}
+		throw error;
+	};
+};
+
+//#endregion
+//#region src/types/auth.ts
+/**
+* Token type enum matching backend TokenType
+*/
+let TokenType = /* @__PURE__ */ function(TokenType) {
+	TokenType["JWT"] = "jwt";
+	TokenType["API_KEY"] = "api_key";
+	TokenType["PERSONAL_TOKEN"] = "personal_token";
+	TokenType["OAUTH"] = "oauth";
+	return TokenType;
+}({});
+
+//#endregion
+//#region src/core/events.ts
+var AuthEventEmitter = class {
+	listeners = {};
+	on(event, listener) {
+		if (!this.listeners[event]) this.listeners[event] = /* @__PURE__ */ new Set();
+		this.listeners[event].add(listener);
+		return () => this.off(event, listener);
+	}
+	off(event, listener) {
+		this.listeners[event]?.delete(listener);
+	}
+	emit(event, ...args) {
+		this.listeners[event]?.forEach((listener) => {
+			listener(...args);
+		});
+	}
+};
+
+//#endregion
+//#region src/core/constants.ts
+/**
+* System account ID for superadmin detection
+* Nil UUID format used by backend
+* @see https://github.com/snackbase/snackbase/blob/main/src/snackbase/infrastructure/api/middleware/authorization.py
+*/
+const SYSTEM_ACCOUNT_ID = "00000000-0000-0000-0000-000000000000";
+/**
+* Token type prefixes matching backend TokenCodec
+*/
+const TOKEN_PREFIXES = {
+	JWT: "sb_jwt",
+	API_KEY: "sb_ak",
+	PERSONAL_TOKEN: "sb_pt",
+	OAUTH: "sb_ot"
+};
+/**
+* Valid token prefixes for validation
+*/
+const VALID_TOKEN_PREFIXES = new Set(Object.values(TOKEN_PREFIXES));
+/**
+* API key endpoint path
+*/
+const API_KEY_BASE_PATH = "/api/v1/admin/api-keys";
+
+//#endregion
+//#region src/utils/token-utils.ts
+/**
+* Detect token type from token string
+* @param token - The token to analyze
+* @returns Detected token type or undefined
+*/
+function detectTokenType(token) {
+	if (!token) return void 0;
+	switch (token.split(".")[0]) {
+		case TOKEN_PREFIXES.API_KEY: return TokenType.API_KEY;
+		case TOKEN_PREFIXES.PERSONAL_TOKEN: return TokenType.PERSONAL_TOKEN;
+		case TOKEN_PREFIXES.OAUTH: return TokenType.OAUTH;
+		case TOKEN_PREFIXES.JWT: return TokenType.JWT;
+		default: return token.startsWith("ey") ? TokenType.JWT : void 0;
+	}
+}
+/**
+* Check if user is a superadmin
+* @param user - User object to check
+* @returns true if user is superadmin
+*/
+function isSuperadmin(user) {
+	if (!user) return false;
+	return user.account_id === SYSTEM_ACCOUNT_ID;
+}
+/**
+* Format masked API key for display
+* @param key - The full or masked key
+* @returns Formatted masked key
+*/
+function formatMaskedKey(key) {
+	if (!key) return "";
+	if (key.includes("...")) return key;
+	const parts = key.split(".");
+	if (parts.length === 3) {
+		const [, payload, signature] = parts;
+		return `${parts[0]}.${payload.slice(0, 4)}...${signature.slice(-4)}`;
+	}
+	return key;
+}
+
+//#endregion
+//#region src/core/auth.ts
+const DEFAULT_AUTH_STATE = {
+	user: null,
+	account: null,
+	token: null,
+	refreshToken: null,
+	isAuthenticated: false,
+	expiresAt: null,
+	tokenType: TokenType.JWT
+};
+var AuthManager = class {
+	state = { ...DEFAULT_AUTH_STATE };
+	storage;
+	storageKey;
+	events;
+	constructor(options) {
+		this.storage = options.storage;
+		this.storageKey = options.storageKey || "sb_auth_state";
+		this.events = new AuthEventEmitter();
+	}
+	async initialize() {
+		await this.hydrate();
+		this.validateSession();
+	}
+	getState() {
+		return { ...this.state };
+	}
+	get user() {
+		return this.state.user;
+	}
+	get account() {
+		return this.state.account;
+	}
+	get token() {
+		return this.state.token;
+	}
+	get refreshToken() {
+		return this.state.refreshToken;
+	}
+	get isAuthenticated() {
+		return this.state.isAuthenticated;
+	}
+	get tokenType() {
+		return this.state.tokenType;
+	}
+	/**
+	* Update auth state (enhanced to extract token_type)
+	*/
+	async updateState(data) {
+		const user = data.user || (data.user_id ? {
+			id: data.user_id,
+			email: data.email || "",
+			role: data.role || "user",
+			account_id: data.account_id || "",
+			groups: [],
+			is_active: true,
+			created_at: "",
+			last_login: null,
+			token_type: TokenType.JWT
+		} : null);
+		const token = data.token || null;
+		const refreshToken = data.refresh_token || data.refreshToken || null;
+		let tokenType = TokenType.JWT;
+		if (token) tokenType = detectTokenType(token) || TokenType.JWT;
+		else if (user?.token_type) tokenType = user.token_type;
+		this.state = {
+			...this.state,
+			user,
+			account: data.account || (data.account_id ? {
+				id: data.account_id,
+				slug: "",
+				name: "",
+				created_at: ""
+			} : this.state.account),
+			token: token || this.state.token,
+			refreshToken: refreshToken || this.state.refreshToken,
+			isAuthenticated: !!((token || this.state.token) && user),
+			expiresAt: this.calculateExpiry(data) || this.state.expiresAt,
+			tokenType
+		};
+		await this.persist();
+		if (token || user) this.events.emit("auth:login", this.state);
+	}
+	/**
+	* Check if current user is superadmin
+	*/
+	isSuperadmin() {
+		return isSuperadmin(this.state.user);
+	}
+	/**
+	* Check if current session uses API key authentication
+	*/
+	isApiKeySession() {
+		return this.state.tokenType === TokenType.API_KEY;
+	}
+	/**
+	* Check if current session uses personal token authentication
+	*/
+	isPersonalTokenSession() {
+		return this.state.tokenType === TokenType.PERSONAL_TOKEN;
+	}
+	/**
+	* Check if current session uses OAuth authentication
+	*/
+	isOAuthSession() {
+		return this.state.tokenType === TokenType.OAUTH;
+	}
+	calculateExpiry(data) {
+		if (data.expiresAt) return data.expiresAt;
+		if (data.expires_in) return new Date(Date.now() + data.expires_in * 1e3).toISOString();
+		return null;
+	}
+	async setState(newState) {
+		this.state = {
+			...this.state,
+			...newState
+		};
+		this.state.isAuthenticated = !!(this.state.token && this.state.user);
+		await this.persist();
+		if (newState.token || newState.user) this.events.emit("auth:login", this.state);
+	}
+	async clear() {
+		this.state = { ...DEFAULT_AUTH_STATE };
+		await this.storage.removeItem(this.storageKey);
+		this.events.emit("auth:logout");
+	}
+	on(event, listener) {
+		return this.events.on(event, listener);
+	}
+	async hydrate() {
+		try {
+			const stored = await this.storage.getItem(this.storageKey);
+			if (stored) {
+				const parsed = JSON.parse(stored);
+				this.state = {
+					...DEFAULT_AUTH_STATE,
+					...parsed,
+					isAuthenticated: !!(parsed.token && parsed.user)
+				};
+			}
+		} catch (error) {
+			console.error("Failed to hydrate auth state:", error);
+			await this.clear();
+		}
+	}
+	async persist() {
+		try {
+			await this.storage.setItem(this.storageKey, JSON.stringify(this.state));
+		} catch (error) {
+			console.error("Failed to persist auth state:", error);
+		}
+	}
+	validateSession() {
+		if (!this.state.expiresAt) return;
+		if (new Date(this.state.expiresAt).getTime() <= Date.now()) this.clear();
+	}
+};
+
+//#endregion
+//#region src/core/auth-service.ts
+/**
+* Service for handling authentication operations.
+*/
+var AuthService = class {
+	oauthStates = /* @__PURE__ */ new Map();
+	STATE_EXPIRY_MS = 600 * 1e3;
+	constructor(http, auth, apiKey, defaultAccount) {
+		this.http = http;
+		this.auth = auth;
+		this.apiKey = apiKey;
+		this.defaultAccount = defaultAccount;
+	}
+	/**
+	* Helper to ensure API key is not used for user-specific operations.
+	*/
+	checkApiKeyRestriction() {
+		if (this.apiKey && !this.auth.token) {}
+	}
+	/**
+	* Authenticate a user with email and password.
+	*/
+	async login(credentials) {
+		const data = { ...credentials };
+		if (!data.account && this.defaultAccount) data.account = this.defaultAccount;
+		const authData = (await this.http.post("/api/v1/auth/login", data)).data;
+		console.log("Login Response:", JSON.stringify(authData, null, 2));
+		await this.auth.updateState(authData);
+		return authData;
+	}
+	/**
+	* Register a new user and account.
+	*/
+	async register(data) {
+		const payload = { ...data };
+		if (!payload.account_name && this.defaultAccount) payload.account_name = this.defaultAccount;
+		return (await this.http.post("/api/v1/auth/register", payload)).data;
+	}
+	/**
+	* Refresh the access token using the refresh token.
+	*/
+	async refreshToken() {
+		const refreshToken = this.auth.refreshToken;
+		if (!refreshToken) throw new Error("No refresh token available");
+		const authData = (await this.http.post("/api/v1/auth/refresh", { refresh_token: refreshToken })).data;
+		await this.auth.updateState(authData);
+		return authData;
+	}
+	/**
+	* Log out the current user.
+	*/
+	async logout() {
+		try {
+			await this.http.post("/api/v1/auth/logout", {});
+		} catch (e) {} finally {
+			await this.auth.clear();
+		}
+		return { success: true };
+	}
+	/**
+	* Get the current authenticated user profile.
+	*/
+	async getCurrentUser() {
+		const authData = (await this.http.get("/api/v1/auth/me")).data;
+		console.log("GetMe Response:", JSON.stringify(authData, null, 2));
+		await this.auth.updateState(authData);
+		return authData;
+	}
+	/**
+	* Initiate password reset flow.
+	*/
+	async forgotPassword(data) {
+		const payload = { ...data };
+		if (!payload.account && this.defaultAccount) payload.account = this.defaultAccount;
+		return (await this.http.post("/api/v1/auth/forgot-password", payload)).data;
+	}
+	/**
+	* Reset password using a token.
+	*/
+	async resetPassword(data) {
+		return (await this.http.post("/api/v1/auth/reset-password", data)).data;
+	}
+	/**
+	* Verify email using a token.
+	*/
+	async verifyEmail(token) {
+		return (await this.http.post("/api/v1/auth/verify-email", { token })).data;
+	}
+	/**
+	* Resend the verification email to the current user.
+	*/
+	async resendVerificationEmail() {
+		return (await this.http.post("/api/v1/auth/resend-verification", {})).data;
+	}
+	/**
+	* Send a verification email to a specific email address.
+	* This can be used by admins to send verification emails to users.
+	*/
+	async sendVerification(email) {
+		return (await this.http.post("/api/v1/auth/send-verification", { email })).data;
+	}
+	/**
+	* Verify a password reset token is valid.
+	* Returns the email associated with the token if valid.
+	*/
+	async verifyResetToken(token) {
+		return (await this.http.get(`/api/v1/auth/verify-reset-token/${token}`)).data;
+	}
+	/**
+	* Generate OAuth authorization URL for the specified provider.
+	*/
+	async getOAuthUrl(provider, redirectUri, state) {
+		this.checkApiKeyRestriction();
+		const response = await this.http.post(`/api/v1/auth/oauth/${provider}/authorize`, {
+			redirectUri,
+			state
+		});
+		const { url, state: stateToken } = response.data;
+		this.oauthStates.set(stateToken, Date.now() + this.STATE_EXPIRY_MS);
+		this.cleanupExpiredStates();
+		return response.data;
+	}
+	/**
+	* Handle OAuth callback and authenticate user.
+	*/
+	async handleOAuthCallback(params) {
+		this.checkApiKeyRestriction();
+		const { provider, code, redirectUri, state } = params;
+		const expiry = this.oauthStates.get(state);
+		if (!expiry || expiry < Date.now()) {
+			this.oauthStates.delete(state);
+			throw new AuthenticationError("Invalid or expired state token", { code: "INVALID_STATE" });
+		}
+		this.oauthStates.delete(state);
+		const authData = (await this.http.post(`/api/v1/auth/oauth/${provider}/callback`, {
+			code,
+			redirectUri,
+			state
+		})).data;
+		await this.auth.updateState(authData);
+		return authData;
+	}
+	/**
+	* Generate SAML SSO authorization URL for the specified provider and account.
+	*/
+	async getSAMLUrl(provider, account, relayState) {
+		this.checkApiKeyRestriction();
+		return (await this.http.get("/api/v1/auth/saml/sso", { params: {
+			provider,
+			account,
+			relayState
+		} })).data;
+	}
+	/**
+	* Handle SAML callback (ACS) and authenticate user.
+	*/
+	async handleSAMLCallback(params) {
+		const authData = (await this.http.post("/api/v1/auth/saml/acs", params)).data;
+		await this.auth.updateState(authData);
+		return authData;
+	}
+	/**
+	* Get SAML metadata for the specified provider and account.
+	*/
+	async getSAMLMetadata(provider, account) {
+		return (await this.http.get("/api/v1/auth/saml/metadata", { params: {
+			provider,
+			account
+		} })).data;
+	}
+	/**
+	* Cleanup expired state tokens.
+	*/
+	cleanupExpiredStates() {
+		const now = Date.now();
+		for (const [state, expiry] of this.oauthStates.entries()) if (expiry < now) this.oauthStates.delete(state);
+	}
+};
+
+//#endregion
+//#region src/core/account-service.ts
+/**
+* Service for managing accounts and their users.
+* Requires superadmin authentication.
+*/
+var AccountService = class {
+	constructor(http) {
+		this.http = http;
+	}
+	/**
+	* List all accounts with pagination, filtering, and sorting.
+	*/
+	async list(params) {
+		return (await this.http.get("/api/v1/accounts", { params })).data;
+	}
+	/**
+	* Get details for a specific account.
+	*/
+	async get(accountId) {
+		return (await this.http.get(`/api/v1/accounts/${accountId}`)).data;
+	}
+	/**
+	* Create a new account.
+	*/
+	async create(data) {
+		return (await this.http.post("/api/v1/accounts", data)).data;
+	}
+	/**
+	* Update an existing account.
+	*/
+	async update(accountId, data) {
+		return (await this.http.patch(`/api/v1/accounts/${accountId}`, data)).data;
+	}
+	/**
+	* Delete an account and all its associated data.
+	*/
+	async delete(accountId) {
+		await this.http.delete(`/api/v1/accounts/${accountId}`);
+		return { success: true };
+	}
+	/**
+	* Get all users belonging to a specific account.
+	*/
+	async getUsers(accountId, params) {
+		return (await this.http.get(`/api/v1/accounts/${accountId}/users`, { params })).data;
+	}
+};
+
+//#endregion
+//#region src/core/user-service.ts
+/**
+* Service for managing users.
+* Requires superadmin authentication for most operations.
+*/
+var UserService = class {
+	constructor(http) {
+		this.http = http;
+	}
+	/**
+	* List all users with pagination, filtering, and sorting.
+	*/
+	async list(params) {
+		return (await this.http.get("/api/v1/users", { params })).data;
+	}
+	/**
+	* Get details for a specific user.
+	*/
+	async get(userId) {
+		return (await this.http.get(`/api/v1/users/${userId}`)).data;
+	}
+	/**
+	* Create a new user in a specific account.
+	*/
+	async create(data) {
+		return (await this.http.post("/api/v1/users", data)).data;
+	}
+	/**
+	* Update an existing user.
+	*/
+	async update(userId, data) {
+		return (await this.http.patch(`/api/v1/users/${userId}`, data)).data;
+	}
+	/**
+	* Soft delete (deactivate) a user.
+	*/
+	async delete(userId) {
+		await this.http.delete(`/api/v1/users/${userId}`);
+		return { success: true };
+	}
+	/**
+	* Manually set a new password for a user.
+	*/
+	async setPassword(userId, password) {
+		await this.http.post(`/api/v1/users/${userId}/password`, { password });
+		return { success: true };
+	}
+	/**
+	* Manually verify a user's email address.
+	*/
+	async verifyEmail(userId) {
+		await this.http.post(`/api/v1/users/${userId}/verify`, {});
+		return { success: true };
+	}
+	/**
+	* Resend the verification email to a user.
+	*/
+	async resendVerification(userId) {
+		await this.http.post(`/api/v1/users/${userId}/resend-verification`, {});
+		return { success: true };
+	}
+};
+
+//#endregion
+//#region src/core/collection-service.ts
+/**
+* Service for managing collections and their schemas.
+* Requires superadmin authentication.
+*/
+var CollectionService = class {
+	constructor(http) {
+		this.http = http;
+	}
+	/**
+	* List all collections.
+	*/
+	async list() {
+		return (await this.http.get("/api/v1/collections")).data;
+	}
+	/**
+	* List collection names only.
+	*/
+	async listNames() {
+		return (await this.http.get("/api/v1/collections/names")).data;
+	}
+	/**
+	* Get schema details for a specific collection.
+	*/
+	async get(collectionId) {
+		return (await this.http.get(`/api/v1/collections/${collectionId}`)).data;
+	}
+	/**
+	* Create a new collection and its physical table.
+	*/
+	async create(data) {
+		return (await this.http.post("/api/v1/collections", data)).data;
+	}
+	/**
+	* Update an existing collection schema.
+	* Note: Field types cannot be changed for data safety.
+	*/
+	async update(collectionId, data) {
+		return (await this.http.patch(`/api/v1/collections/${collectionId}`, data)).data;
+	}
+	/**
+	* Delete a collection and drop its physical table.
+	*/
+	async delete(collectionId) {
+		await this.http.delete(`/api/v1/collections/${collectionId}`);
+		return { success: true };
+	}
+	/**
+	* Export collections to JSON format.
+	* Returns collection schemas and rules for backup or migration.
+	*
+	* @param params Optional filter by collection IDs
+	* @returns Complete export data structure with collections, schemas, and rules
+	* @throws {AuthorizationError} If user is not a superadmin
+	*
+	* @example
+	* // Export all collections
+	* const exportData = await client.collections.export();
+	*
+	* @example
+	* // Export specific collections
+	* const exportData = await client.collections.export({
+	*   collection_ids: ['col-123', 'col-456']
+	* });
+	*/
+	async export(params) {
+		const queryParams = {};
+		if (params?.collection_ids && params.collection_ids.length > 0) queryParams.collection_ids = params.collection_ids.join(",");
+		return (await this.http.get("/api/v1/collections/export", { params: queryParams })).data;
+	}
+	/**
+	* Import collections from JSON export.
+	*
+	* @param request Import request with data and conflict strategy
+	* @returns Import result with per-collection status and migration IDs
+	* @throws {ValidationError} If import data is invalid
+	* @throws {ConflictError} If collection exists and strategy is 'error'
+	* @throws {AuthorizationError} If user is not a superadmin
+	*
+	* @example
+	* // Import with error strategy (fail on conflicts)
+	* const result = await client.collections.import({
+	*   data: exportData,
+	*   strategy: 'error'
+	* });
+	*
+	* @example
+	* // Import with skip strategy (skip existing collections)
+	* const result = await client.collections.import({
+	*   data: exportData,
+	*   strategy: 'skip'
+	* });
+	*
+	* @example
+	* // Import with update strategy (update existing collections)
+	* const result = await client.collections.import({
+	*   data: exportData,
+	*   strategy: 'update'
+	* });
+	*/
+	async import(request) {
+		return (await this.http.post("/api/v1/collections/import", request)).data;
+	}
+};
+
+//#endregion
+//#region src/core/query-builder.ts
+/**
+* Fluent interface for building complex queries.
+*/
+var QueryBuilder = class {
+	_fields = [];
+	_expand = [];
+	_filterParts = [];
+	_sortParts = [];
+	_page = 1;
+	_perPage = 30;
+	_skip = 0;
+	_limit = 30;
+	_useLegacyPagination = false;
+	constructor(service, collection) {
+		this.service = service;
+		this.collection = collection;
+	}
+	/**
+	* Specify fields to return.
+	* @param fields Array of field names or comma-separated string
+	*/
+	select(fields) {
+		if (Array.isArray(fields)) this._fields = [...this._fields, ...fields];
+		else this._fields.push(fields);
+		return this;
+	}
+	/**
+	* Expand related records.
+	* @param relations Array of relation names or comma-separated string
+	*/
+	expand(relations) {
+		if (Array.isArray(relations)) this._expand = [...this._expand, ...relations];
+		else this._expand.push(relations);
+		return this;
+	}
+	filter(fieldOrString, operator, value) {
+		if (operator === void 0) this._filterParts.push(`(${fieldOrString})`);
+		else {
+			let expression = "";
+			const formattedValue = this.formatValue(value);
+			switch (operator) {
+				case "=":
+					expression = `${fieldOrString} = ${formattedValue}`;
+					break;
+				case "!=":
+					expression = `${fieldOrString} != ${formattedValue}`;
+					break;
+				case ">":
+					expression = `${fieldOrString} > ${formattedValue}`;
+					break;
+				case ">=":
+					expression = `${fieldOrString} >= ${formattedValue}`;
+					break;
+				case "<":
+					expression = `${fieldOrString} < ${formattedValue}`;
+					break;
+				case "<=":
+					expression = `${fieldOrString} <= ${formattedValue}`;
+					break;
+				case "~":
+					expression = `${fieldOrString} ~ ${formattedValue}`;
+					break;
+				case "!~":
+					expression = `${fieldOrString} !~ ${formattedValue}`;
+					break;
+				case "?=":
+					expression = `${fieldOrString} ?= ${formattedValue}`;
+					break;
+				case "?!=":
+					expression = `${fieldOrString} ?!= ${formattedValue}`;
+					break;
+				default: expression = `${fieldOrString} = ${formattedValue}`;
+			}
+			this._filterParts.push(expression);
+		}
+		return this;
+	}
+	/**
+	* Add sorting.
+	* @param field Field name
+	* @param direction 'asc' or 'desc' (default: 'asc')
+	*/
+	sort(field, direction = "asc") {
+		let sortStr = field;
+		if (direction === "desc") sortStr = `-${field}`;
+		else sortStr = `+${field}`;
+		this._sortParts.push(sortStr);
+		return this;
+	}
+	/**
+	* Set limit (and optionally skip).
+	* Note: Using limit/skip switches to manual offset pagination.
+	* @param limit Max records
+	* @param skip Records to skip
+	*/
+	limit(limit) {
+		this._limit = limit;
+		this._useLegacyPagination = true;
+		return this;
+	}
+	/**
+	* Set skip.
+	* Note: Using limit/skip switches to manual offset pagination.
+	* @param skip Records to skip
+	*/
+	skip(skip) {
+		this._skip = skip;
+		this._useLegacyPagination = true;
+		return this;
+	}
+	/**
+	* Set page number and page size.
+	* @param page Page number (1-based)
+	* @param perPage Records per page
+	*/
+	page(page, perPage = 30) {
+		this._page = page;
+		this._perPage = perPage;
+		this._useLegacyPagination = false;
+		return this;
+	}
+	/**
+	* Execute query and get list of records.
+	*/
+	async get() {
+		const params = {};
+		if (this._fields.length > 0) params.fields = this._fields.join(",");
+		if (this._expand.length > 0) params.expand = this._expand.join(",");
+		if (this._filterParts.length > 0) params.filter = this._filterParts.join(" && ");
+		if (this._sortParts.length > 0) params.sort = this._sortParts.join(",");
+		if (this._useLegacyPagination) {
+			params.skip = this._skip;
+			params.limit = this._limit;
+		} else {
+			if (this._page < 1) this._page = 1;
+			params.skip = (this._page - 1) * this._perPage;
+			params.limit = this._perPage;
+		}
+		return this.service.list(this.collection, params);
+	}
+	/**
+	* Execute query and get the first matching record.
+	*/
+	async first() {
+		this.limit(1);
+		this.skip(0);
+		const result = await this.get();
+		return result.items.length > 0 ? result.items[0] : null;
+	}
+	formatValue(value) {
+		if (value === null || value === void 0) return "null";
+		if (typeof value === "string") return `'${value.replace(/'/g, "\\'")}'`;
+		return String(value);
+	}
+};
+
+//#endregion
+//#region src/core/record-service.ts
+/**
+* Service for performing CRUD operations on dynamic collections.
+*/
+var RecordService = class {
+	constructor(http) {
+		this.http = http;
+	}
+	/**
+	* List records from a collection with pagination, filtering, and sorting.
+	* @template T The record type
+	* @param collection Collection name
+	* @param params Query parameters
+	*/
+	async list(collection, params) {
+		const formattedParams = {};
+		if (params) {
+			if (params.skip !== void 0) formattedParams.skip = params.skip;
+			if (params.limit !== void 0) formattedParams.limit = params.limit;
+			if (params.sort !== void 0) formattedParams.sort = params.sort;
+			if (params.fields) formattedParams.fields = Array.isArray(params.fields) ? params.fields.join(",") : params.fields;
+			if (params.expand) formattedParams.expand = Array.isArray(params.expand) ? params.expand.join(",") : params.expand;
+			if (params.filter) {
+				const filterStr = typeof params.filter === "string" ? params.filter : JSON.stringify(params.filter);
+				const match = filterStr.match(/^\(?\s*(\w+)\s*=\s*(["']?)([^"'\)]+)\2\s*\)?$/);
+				if (match) {
+					const [, key, , value] = match;
+					formattedParams[key] = value;
+				} else formattedParams.filter = filterStr;
+			}
+		}
+		return (await this.http.get(`/api/v1/records/${collection}`, { params: formattedParams })).data;
+	}
+	/**
+	* Create a query builder for the collection.
+	* @template T The record type
+	* @param collection Collection name
+	*/
+	query(collection) {
+		return new QueryBuilder(this, collection);
+	}
+	/**
+	* Get a single record by ID.
+	* @template T The record type
+	* @param collection Collection name
+	* @param recordId Record ID
+	* @param params Optional query parameters (e.g., fields)
+	*/
+	async get(collection, recordId, params) {
+		const formattedParams = {};
+		if (params) {
+			if (params.fields) formattedParams.fields = Array.isArray(params.fields) ? params.fields.join(",") : params.fields;
+			if (params.expand) formattedParams.expand = Array.isArray(params.expand) ? params.expand.join(",") : params.expand;
+		}
+		return (await this.http.get(`/api/v1/records/${collection}/${recordId}`, { params: formattedParams })).data;
+	}
+	/**
+	* Create a new record in a collection.
+	* @template T The record type
+	* @param collection Collection name
+	* @param data Record data
+	*/
+	async create(collection, data) {
+		return (await this.http.post(`/api/v1/records/${collection}`, data)).data;
+	}
+	/**
+	* Full update of an existing record (PUT).
+	* @template T The record type
+	* @param collection Collection name
+	* @param recordId Record ID
+	* @param data Record data
+	*/
+	async update(collection, recordId, data) {
+		return (await this.http.put(`/api/v1/records/${collection}/${recordId}`, data)).data;
+	}
+	/**
+	* Partial update of an existing record (PATCH).
+	* @template T The record type
+	* @param collection Collection name
+	* @param recordId Record ID
+	* @param data Partial record data
+	*/
+	async patch(collection, recordId, data) {
+		return (await this.http.patch(`/api/v1/records/${collection}/${recordId}`, data)).data;
+	}
+	/**
+	* Delete a record from a collection.
+	* @param collection Collection name
+	* @param recordId Record ID
+	*/
+	async delete(collection, recordId) {
+		await this.http.delete(`/api/v1/records/${collection}/${recordId}`);
+		return { success: true };
+	}
+};
+
+//#endregion
+//#region src/core/group-service.ts
+/**
+* Service for managing groups.
+*/
+var GroupsService = class {
+	constructor(http) {
+		this.http = http;
+	}
+	/**
+	* List all groups in the current account.
+	*/
+	async list(params) {
+		return (await this.http.get("/api/v1/groups", { params })).data;
+	}
+	/**
+	* Get details for a specific group.
+	*/
+	async get(groupId) {
+		return (await this.http.get(`/api/v1/groups/${groupId}`)).data;
+	}
+	/**
+	* Create a new group in the current account.
+	*/
+	async create(data) {
+		return (await this.http.post("/api/v1/groups", data)).data;
+	}
+	/**
+	* Update a group's name or description.
+	*/
+	async update(groupId, data) {
+		return (await this.http.patch(`/api/v1/groups/${groupId}`, data)).data;
+	}
+	/**
+	* Delete a group.
+	*/
+	async delete(groupId) {
+		await this.http.delete(`/api/v1/groups/${groupId}`);
+		return { success: true };
+	}
+	/**
+	* Add a user to a group.
+	*/
+	async addMember(groupId, userId) {
+		await this.http.post(`/api/v1/groups/${groupId}/members`, { user_id: userId });
+		return { success: true };
+	}
+	/**
+	* Remove a user from a group.
+	*/
+	async removeMember(groupId, userId) {
+		await this.http.delete(`/api/v1/groups/${groupId}/members/${userId}`);
+		return { success: true };
+	}
+};
+
+//#endregion
+//#region src/core/invitation-service.ts
+/**
+* Service for managing user invitations.
+* Allows admins to invite users and tracks invitation status.
+*/
+var InvitationService = class {
+	constructor(http) {
+		this.http = http;
+	}
+	/**
+	* List all invitations in the current account.
+	*/
+	async list(params) {
+		return (await this.http.get("/api/v1/invitations", { params })).data;
+	}
+	/**
+	* Create a new invitation for a user.
+	*/
+	async create(data) {
+		return (await this.http.post("/api/v1/invitations", data)).data;
+	}
+	/**
+	* Resend an invitation email.
+	*/
+	async resend(invitationId) {
+		await this.http.post(`/api/v1/invitations/${invitationId}/resend`, {});
+		return { success: true };
+	}
+	/**
+	* Get public details of an invitation using a token.
+	* No authentication required.
+	*/
+	async getPublic(token) {
+		return (await this.http.get(`/api/v1/invitations/${token}`)).data;
+	}
+	/**
+	* Accept an invitation using a token and password.
+	* Creates the user account and returns authentication tokens.
+	*/
+	async accept(token, password) {
+		return (await this.http.post(`/api/v1/invitations/${token}/accept`, { password })).data;
+	}
+	/**
+	* Cancel a pending invitation.
+	*/
+	async cancel(invitationId) {
+		await this.http.delete(`/api/v1/invitations/${invitationId}`);
+		return { success: true };
+	}
+};
+
+//#endregion
+//#region src/core/api-key-service.ts
+/**
+* Service for managing API keys.
+* API keys are used for service-to-service communication.
+*/
+var ApiKeyService = class {
+	constructor(http) {
+		this.http = http;
+	}
+	/**
+	* List all API keys
+	* GET /api/v1/admin/api-keys
+	*/
+	async list(params) {
+		return (await this.http.get(API_KEY_BASE_PATH, { params })).data;
+	}
+	/**
+	* Get specific API key
+	* GET /api/v1/admin/api-keys/{id}
+	*/
+	async get(keyId) {
+		return (await this.http.get(`${API_KEY_BASE_PATH}/${encodeURIComponent(keyId)}`)).data;
+	}
+	/**
+	* Create a new API key
+	* POST /api/v1/admin/api-keys
+	*/
+	async create(data) {
+		const apiKey = (await this.http.post(API_KEY_BASE_PATH, data)).data;
+		if (apiKey.key && !apiKey.masked_key) apiKey.masked_key = formatMaskedKey(apiKey.key);
+		return apiKey;
+	}
+	/**
+	* Revoke an API key
+	* DELETE /api/v1/admin/api-keys/{id}
+	*/
+	async revoke(keyId) {
+		return (await this.http.delete(`${API_KEY_BASE_PATH}/${encodeURIComponent(keyId)}`)).data;
+	}
+};
+
+//#endregion
+//#region src/core/audit-log-service.ts
+var AuditLogService = class {
+	constructor(httpClient) {
+		this.httpClient = httpClient;
+	}
+	/**
+	* Lists audit logs with optional filtering, pagination, and sorting.
+	*/
+	async list(params) {
+		return (await this.httpClient.get("/api/v1/audit-logs", { params })).data;
+	}
+	/**
+	* Retrieves a single audit log entry by ID.
+	*/
+	async get(logId) {
+		return (await this.httpClient.get(`/api/v1/audit-logs/${logId}`)).data;
+	}
+	/**
+	* Exports audit logs in the specified format (JSON, CSV, or PDF).
+	*
+	* @param params Optional filters (account_id, table_name, operation, date range, etc.)
+	* @param format Export format: 'json', 'csv', or 'pdf' (default: 'json')
+	* @returns Exported data as string (base64-encoded for PDF format)
+	* @throws {AuthorizationError} If user is not a superadmin
+	*
+	* @example
+	* // Export as JSON
+	* const jsonData = await client.auditLogs.export({ table_name: 'users' }, 'json');
+	*
+	* @example
+	* // Export as CSV
+	* const csvData = await client.auditLogs.export({ table_name: 'users' }, 'csv');
+	*
+	* @example
+	* // Export as PDF
+	* const pdfBase64 = await client.auditLogs.export({ table_name: 'users' }, 'pdf');
+	* // pdfBase64 is a base64-encoded PDF string
+	*/
+	async export(params, format = "json") {
+		return (await this.httpClient.get("/api/v1/audit-logs/export", { params: {
+			...params,
+			format
+		} })).data;
+	}
+};
+
+//#endregion
+//#region src/core/role-service.ts
+/**
+* Service for managing roles.
+* Requires superadmin authentication.
+*/
+var RoleService = class {
+	constructor(http) {
+		this.http = http;
+	}
+	/**
+	* List all roles with pagination.
+	*/
+	async list() {
+		return (await this.http.get("/api/v1/roles")).data;
+	}
+	/**
+	* Get details for a specific role.
+	*/
+	async get(roleId) {
+		return (await this.http.get(`/api/v1/roles/${roleId}`)).data;
+	}
+	/**
+	* Create a new role.
+	*/
+	async create(data) {
+		return (await this.http.post("/api/v1/roles", data)).data;
+	}
+	/**
+	* Update an existing role.
+	*/
+	async update(roleId, data) {
+		return (await this.http.patch(`/api/v1/roles/${roleId}`, data)).data;
+	}
+	/**
+	* Delete a role.
+	* Fails if the role is currently in use.
+	*/
+	async delete(roleId) {
+		await this.http.delete(`/api/v1/roles/${roleId}`);
+		return { success: true };
+	}
+};
+
+//#endregion
+//#region src/core/collection-rule-service.ts
+/**
+* Service for managing collection-level access rules and field permissions.
+* Requires superadmin authentication.
+*/
+var CollectionRuleService = class {
+	constructor(http) {
+		this.http = http;
+	}
+	/**
+	* Get access rules and field permissions for a specific collection.
+	*/
+	async get(collectionName) {
+		return (await this.http.get(`/api/v1/collections/${collectionName}/rules`)).data;
+	}
+	/**
+	* Update access rules and field permissions for a specific collection.
+	*/
+	async update(collectionName, data) {
+		return (await this.http.put(`/api/v1/collections/${collectionName}/rules`, data)).data;
+	}
+	/**
+	* Validate a rule expression against a collection schema.
+	*/
+	async validateRule(rule, operation, collectionFields) {
+		return (await this.http.post("/api/v1/rules/validate", {
+			rule,
+			operation,
+			collectionFields
+		})).data;
+	}
+	/**
+	* Test a rule evaluation with a sample context.
+	*/
+	async testRule(rule, context) {
+		return (await this.http.post("/api/v1/rules/test", {
+			rule,
+			context
+		})).data;
+	}
+};
+
+//#endregion
+//#region src/core/macro-service.ts
+/**
+* Service for managing SQL macros.
+* Macros can be used in permission rules.
+* Requires superadmin authentication for most operations.
+*/
+var MacroService = class {
+	constructor(http) {
+		this.http = http;
+	}
+	/**
+	* List all macros, including built-in ones.
+	*/
+	async list() {
+		return (await this.http.get("/api/v1/macros")).data;
+	}
+	/**
+	* Get details for a specific macro.
+	*/
+	async get(macroId) {
+		return (await this.http.get(`/api/v1/macros/${macroId}`)).data;
+	}
+	/**
+	* Create a new custom macro.
+	*/
+	async create(data) {
+		return (await this.http.post("/api/v1/macros", data)).data;
+	}
+	/**
+	* Update an existing custom macro.
+	* Built-in macros cannot be updated.
+	*/
+	async update(macroId, data) {
+		return (await this.http.patch(`/api/v1/macros/${macroId}`, data)).data;
+	}
+	/**
+	* Delete a macro.
+	* Fails if the macro is built-in or currently in use.
+	*/
+	async delete(macroId) {
+		await this.http.delete(`/api/v1/macros/${macroId}`);
+		return { success: true };
+	}
+	/**
+	* Test a macro with parameters.
+	*/
+	async test(macroId, params) {
+		return (await this.http.post(`/api/v1/macros/${macroId}/test`, { params })).data;
+	}
+};
+
+//#endregion
+//#region src/core/dashboard-service.ts
+/**
+* Service for interacting with the Dashboard API.
+* Provides statistics and metrics for system monitoring.
+*/
+var DashboardService = class {
+	constructor(httpClient) {
+		this.httpClient = httpClient;
+	}
+	/**
+	* Retrieves dashboard statistics including counts for accounts, users, 
+	* collections, and records, as well as recent activity and health metrics.
+	* 
+	* @returns {Promise<DashboardStats>} A promise that resolves to dashboard statistics.
+	* @throws {AuthenticationError} If not authenticated.
+	* @throws {AuthorizationError} If the user is not a superadmin.
+	*/
+	async getStats() {
+		return (await this.httpClient.get("/api/v1/dashboard/stats")).data;
+	}
+};
+
+//#endregion
+//#region src/core/admin-service.ts
+/**
+* Service for superadmin operations and system configuration management.
+*/
+var AdminService = class {
+	constructor(http) {
+		this.http = http;
+	}
+	/**
+	* Returns configuration statistics by category.
+	*/
+	async getConfigurationStats() {
+		return (await this.http.get("/api/v1/admin/configuration/stats")).data;
+	}
+	/**
+	* Returns recently modified configurations.
+	* @param limit Number of configurations to return
+	*/
+	async getRecentConfigurations(limit = 10) {
+		return (await this.http.get("/api/v1/admin/configuration/recent", { params: { limit } })).data;
+	}
+	/**
+	* Returns all system-level configurations.
+	* @param category Optional category filter
+	*/
+	async listSystemConfigurations(category) {
+		return (await this.http.get("/api/v1/admin/configuration/system", { params: { category } })).data;
+	}
+	/**
+	* Returns configurations for specific account.
+	* @param accountId Account ID
+	* @param category Optional category filter
+	*/
+	async listAccountConfigurations(accountId, category) {
+		return (await this.http.get("/api/v1/admin/configuration/account", { params: {
+			account_id: accountId,
+			category
+		} })).data;
+	}
+	/**
+	* Returns decrypted configuration values with secrets masked.
+	* @param configId Configuration ID
+	*/
+	async getConfigurationValues(configId) {
+		return (await this.http.get(`/api/v1/admin/configuration/${configId}/values`)).data;
+	}
+	/**
+	* Updates configuration values.
+	* @param configId Configuration ID
+	* @param values New configuration values
+	*/
+	async updateConfigurationValues(configId, values) {
+		return (await this.http.patch(`/api/v1/admin/configuration/${configId}/values`, values)).data;
+	}
+	/**
+	* Enables or disables configuration.
+	* @param configId Configuration ID
+	* @param enabled Enabled status
+	*/
+	async updateConfigurationStatus(configId, enabled) {
+		return (await this.http.patch(`/api/v1/admin/configuration/${configId}`, { enabled })).data;
+	}
+	/**
+	* Creates new configuration record.
+	* @param data Configuration data
+	*/
+	async createConfiguration(data) {
+		return (await this.http.post("/api/v1/admin/configuration", data)).data;
+	}
+	/**
+	* Deletes configuration.
+	* @param configId Configuration ID
+	*/
+	async deleteConfiguration(configId) {
+		return (await this.http.delete(`/api/v1/admin/configuration/${configId}`)).data;
+	}
+	/**
+	* Lists all available provider definitions.
+	* @param category Optional category filter
+	*/
+	async listProviders(category) {
+		return (await this.http.get("/api/v1/admin/configuration/providers", { params: { category } })).data;
+	}
+	/**
+	* Returns JSON schema for provider configuration.
+	* @param category Provider category
+	* @param providerName Provider name
+	*/
+	async getProviderSchema(category, providerName) {
+		return (await this.http.get(`/api/v1/admin/configuration/schema/${category}/${providerName}`)).data;
+	}
+	/**
+	* Tests provider connection.
+	* @param category Provider category
+	* @param providerName Provider name
+	* @param config Configuration values to test
+	*/
+	async testConnection(category, providerName, config) {
+		return (await this.http.post("/api/v1/admin/configuration/test-connection", {
+			category,
+			provider_name: providerName,
+			config
+		}, { timeout: 15e3 })).data;
+	}
+};
+
+//#endregion
+//#region src/core/email-template-service.ts
+/**
+* Service for managing email templates and logs.
+*/
+var EmailTemplateService = class {
+	constructor(http) {
+		this.http = http;
+	}
+	/**
+	* Returns a list of email templates.
+	* @param filters Optional filters for listing templates
+	*/
+	async list(filters) {
+		return (await this.http.get("/api/v1/admin/email/templates", { params: filters })).data;
+	}
+	/**
+	* Returns email template details.
+	* @param templateId Template ID
+	*/
+	async get(templateId) {
+		return (await this.http.get(`/api/v1/admin/email/templates/${templateId}`)).data;
+	}
+	/**
+	* Updates an email template.
+	* @param templateId Template ID
+	* @param data Update data
+	*/
+	async update(templateId, data) {
+		return (await this.http.put(`/api/v1/admin/email/templates/${templateId}`, data)).data;
+	}
+	/**
+	* Renders an email template with provided variables.
+	* @param request Render request data
+	*/
+	async render(request) {
+		return (await this.http.post("/api/v1/admin/email/templates/render", request)).data;
+	}
+	/**
+	* Sends a test email using the specified template.
+	* @param templateId Template ID
+	* @param recipientEmail Recipient email address
+	* @param variables Template variables
+	* @param provider Optional provider override
+	*/
+	async sendTest(templateId, recipientEmail, variables = {}, provider) {
+		return (await this.http.post(`/api/v1/admin/email/templates/${templateId}/test`, {
+			recipient: recipientEmail,
+			variables,
+			provider
+		})).data;
+	}
+	/**
+	* Returns a paginated list of email logs.
+	* @param filters Optional filters for listing logs
+	*/
+	async listLogs(filters) {
+		return (await this.http.get("/api/v1/admin/email/logs", { params: filters })).data;
+	}
+	/**
+	* Returns single email log details.
+	* @param logId Log ID
+	*/
+	async getLog(logId) {
+		return (await this.http.get(`/api/v1/admin/email/logs/${logId}`)).data;
+	}
+};
+
+//#endregion
+//#region src/core/file-service.ts
+/**
+* Service for working with files (upload, download, delete).
+*/
+var FileService = class {
+	constructor(http, getBaseUrl, getToken) {
+		this.http = http;
+		this.getBaseUrl = getBaseUrl;
+		this.getToken = getToken;
+	}
+	/**
+	* Upload a file to the server.
+	* @param file The file or blob to upload
+	* @param options Optional upload options (filename, contentType)
+	*/
+	async upload(file, options) {
+		const formData = new FormData();
+		const filename = options?.filename || file.name || "file";
+		formData.append("file", file, filename);
+		if (options?.contentType) {}
+		return (await this.http.post("/api/v1/files/upload", formData, { headers: { "Content-Type": void 0 } })).data;
+	}
+	/**
+	* Get the download URL for a file.
+	* @param path The server path to the file
+	*/
+	getDownloadUrl(path) {
+		const baseUrl = this.getBaseUrl().replace(/\/$/, "");
+		const cleanPath = path.startsWith("/") ? path : `/${path}`;
+		const url = new URL(`${baseUrl}/api/v1/files/download${cleanPath}`);
+		const token = this.getToken();
+		if (token) url.searchParams.set("token", token);
+		return url.toString();
+	}
+	/**
+	* Delete a file from the server.
+	* @param path The server path to the file
+	*/
+	async delete(path) {
+		const cleanPath = path.startsWith("/") ? path : `/${path}`;
+		await this.http.delete(`/api/v1/files${cleanPath}`);
+		return { success: true };
+	}
+};
+
+//#endregion
+//#region src/core/realtime-service.ts
+var RealTimeService = class {
+	state = "disconnected";
+	socket = null;
+	sse = null;
+	listeners = {};
+	retryCount = 0;
+	reconnectTimer = null;
+	heartbeatTimer = null;
+	subscriptions = /* @__PURE__ */ new Set();
+	subscriptionRequests = /* @__PURE__ */ new Map();
+	pendingSubscriptions = /* @__PURE__ */ new Map();
+	authUnsubscribe;
+	isReconnectingForAuth = false;
+	constructor(options) {
+		this.options = options;
+		if (this.options.authManager) this.authUnsubscribe = this.options.authManager.on("auth:login", () => {
+			this.handleTokenRefresh();
+		});
+	}
+	async connect() {
+		if (this.state === "connected" || this.state === "connecting") return;
+		this.setState("connecting");
+		this.retryCount = 0;
+		if (this.options.logger) this.options.logger.info("RealTimeService: Connecting...");
+		return this.doConnect();
+	}
+	disconnect() {
+		if (this.options.logger) this.options.logger.info("RealTimeService: Disconnecting...");
+		this.clearTimers();
+		this.closeConnections();
+		this.setState("disconnected");
+		this.subscriptions.clear();
+		if (this.authUnsubscribe) {
+			this.authUnsubscribe();
+			this.authUnsubscribe = void 0;
+		}
+	}
+	getState() {
+		return this.state;
+	}
+	on(event, handler) {
+		const eventName = event;
+		if (!this.listeners[eventName]) this.listeners[eventName] = /* @__PURE__ */ new Set();
+		this.listeners[eventName].add(handler);
+		return () => this.off(event, handler);
+	}
+	off(event, handler) {
+		this.listeners[event]?.delete(handler);
+	}
+	async subscribe(collection, operations = [
+		"create",
+		"update",
+		"delete"
+	]) {
+		if (this.subscriptions.size >= 100) throw new Error("Maximum 100 subscriptions per connection");
+		this.subscriptions.add(collection);
+		this.subscriptionRequests.set(collection, operations);
+		if (this.options.logger) this.options.logger.debug(`RealTimeService: Subscribing to ${collection}`, { operations });
+		if (this.state === "connected" && this.socket) return new Promise((resolve, reject) => {
+			this.pendingSubscriptions.set(`subscribe:${collection}`, {
+				resolve,
+				reject
+			});
+			this.send({
+				action: "subscribe",
+				collection,
+				operations
+			});
+			setTimeout(() => {
+				if (this.pendingSubscriptions.has(`subscribe:${collection}`)) {
+					this.pendingSubscriptions.delete(`subscribe:${collection}`);
+					const error = /* @__PURE__ */ new Error(`Subscription to ${collection} timed out`);
+					if (this.options.logger) this.options.logger.warn(`RealTimeService: ${error.message}`);
+					reject(error);
+				}
+			}, 5e3);
+		});
+		return Promise.resolve();
+	}
+	async unsubscribe(collection) {
+		this.subscriptions.delete(collection);
+		this.subscriptionRequests.delete(collection);
+		if (this.options.logger) this.options.logger.debug(`RealTimeService: Unsubscribing from ${collection}`);
+		if (this.state === "connected" && this.socket) return new Promise((resolve, reject) => {
+			this.pendingSubscriptions.set(`unsubscribe:${collection}`, {
+				resolve,
+				reject
+			});
+			this.send({
+				action: "unsubscribe",
+				collection
+			});
+			setTimeout(() => {
+				if (this.pendingSubscriptions.has(`unsubscribe:${collection}`)) {
+					this.pendingSubscriptions.delete(`unsubscribe:${collection}`);
+					const error = /* @__PURE__ */ new Error(`Unsubscription from ${collection} timed out`);
+					if (this.options.logger) this.options.logger.warn(`RealTimeService: ${error.message}`);
+					reject(error);
+				}
+			}, 5e3);
+		});
+		return Promise.resolve();
+	}
+	getSubscriptions() {
+		return Array.from(this.subscriptions);
+	}
+	async doConnect() {
+		if (this.state === "error" && !this.isReconnectingForAuth) return;
+		const token = this.options.getToken();
+		if (!token) {
+			this.setState("error");
+			const error = /* @__PURE__ */ new Error("Authentication token is required for real-time connection");
+			this.emit("error", error);
+			this.emit("auth_error", error);
+			if (this.options.logger) this.options.logger.error(`RealTimeService: ${error.message}`);
+			return;
+		}
+		if (this.options.authManager) {
+			const authState = this.options.authManager.getState();
+			if (authState.expiresAt) {
+				if (new Date(authState.expiresAt).getTime() <= Date.now()) {
+					this.setState("error");
+					const error = /* @__PURE__ */ new Error("Authentication token has expired");
+					this.emit("error", error);
+					this.emit("auth_error", error);
+					if (this.options.logger) this.options.logger.error(`RealTimeService: ${error.message}`);
+					return;
+				}
+			}
+		}
+		let webSocketAttempted = false;
+		try {
+			if (typeof WebSocket !== "undefined") {
+				webSocketAttempted = true;
+				await this.connectWebSocket(token);
+			} else await this.connectSSE(token);
+		} catch (err) {
+			if (webSocketAttempted && !this.sse) try {
+				if (this.options.logger) this.options.logger.info(`RealTimeService: WebSocket connection failed, falling back to SSE`);
+				await this.connectSSE(token);
+			} catch (sseErr) {
+				this.handleError(sseErr);
+			}
+			else this.handleError(err);
+		}
+	}
+	connectWebSocket(token) {
+		return new Promise((resolve, reject) => {
+			const url = new URL(this.options.baseUrl);
+			url.protocol = url.protocol === "https:" ? "wss:" : "ws:";
+			url.pathname = "/api/v1/realtime/ws";
+			url.searchParams.set("token", token);
+			this.socket = new WebSocket(url.toString());
+			let connectionResolved = false;
+			this.socket.onopen = () => {
+				this.setState("connected");
+				this.retryCount = 0;
+				this.startHeartbeat();
+				this.resubscribe();
+				connectionResolved = true;
+				if (this.options.logger) this.options.logger.info(`RealTimeService: WebSocket connected`);
+				resolve();
+			};
+			this.socket.onmessage = (event) => {
+				try {
+					const message = JSON.parse(event.data);
+					this.handleMessage(message);
+				} catch (e) {}
+			};
+			this.socket.onclose = () => {
+				this.socket = null;
+				if (!connectionResolved) reject(/* @__PURE__ */ new Error("WebSocket closed during connection"));
+				else if (this.state !== "disconnected") {
+					if (this.options.logger) this.options.logger.info(`RealTimeService: WebSocket closed, reconnecting...`);
+					this.handleReconnect();
+				}
+			};
+			this.socket.onerror = (e) => {
+				if (!connectionResolved) reject(e);
+				else this.emit("error", /* @__PURE__ */ new Error("WebSocket error"));
+			};
+		});
+	}
+	connectSSE(token) {
+		return new Promise((resolve, reject) => {
+			const url = new URL(this.options.baseUrl);
+			url.pathname = "/api/v1/realtime/subscribe";
+			url.searchParams.set("token", token);
+			this.subscriptionRequests.forEach((operations, collection) => {
+				const value = operations.length > 0 ? `${collection}:${operations.join(",")}` : collection;
+				url.searchParams.append("collections", value);
+			});
+			this.sse = new EventSource(url.toString());
+			this.sse.onopen = () => {
+				this.setState("connected");
+				this.retryCount = 0;
+				if (this.options.logger) this.options.logger.info(`RealTimeService: SSE connected`);
+				resolve();
+			};
+			this.sse.onmessage = (event) => {
+				try {
+					const message = JSON.parse(event.data);
+					this.handleMessage(message);
+				} catch (e) {}
+			};
+			this.sse.onerror = (e) => {
+				if (this.state === "connecting") reject(e);
+				else {
+					if (this.options.logger) this.options.logger.info(`RealTimeService: SSE connection error, reconnecting...`);
+					this.handleReconnect();
+				}
+			};
+		});
+	}
+	handleMessage(message) {
+		if (this.options.logger && message.type !== "heartbeat" && message.type !== "pong") this.options.logger.debug(`RealTimeService: Received message`, message);
+		if (message.type === "heartbeat" || message.type === "pong") return;
+		if (message.type === "subscribed" && message.collection) {
+			const key = `subscribe:${message.collection}`;
+			const pending = this.pendingSubscriptions.get(key);
+			if (pending) {
+				pending.resolve();
+				this.pendingSubscriptions.delete(key);
+			}
+			return;
+		}
+		if (message.type === "unsubscribed" && message.collection) {
+			const key = `unsubscribe:${message.collection}`;
+			const pending = this.pendingSubscriptions.get(key);
+			if (pending) {
+				pending.resolve();
+				this.pendingSubscriptions.delete(key);
+			}
+			return;
+		}
+		this.emit("message", message);
+		if (message.type) {
+			this.emit(message.type, message.data);
+			const parts = message.type.split(".");
+			if (parts.length === 2) {
+				const [collection, operation] = parts;
+				this.emit(`${collection}.*`, message.data);
+			}
+			this.emit("*", message.data);
+		}
+	}
+	handleReconnect() {
+		if (this.state === "disconnected") return;
+		if (!this.isReconnectingForAuth) {
+			if (!this.options.getToken()) {
+				this.setState("error");
+				const error = /* @__PURE__ */ new Error("Cannot reconnect: no authentication token available");
+				this.emit("error", error);
+				this.emit("auth_error", error);
+				if (this.options.logger) this.options.logger.error(`RealTimeService: ${error.message}`);
+				return;
+			}
+			if (this.options.authManager) {
+				const authState = this.options.authManager.getState();
+				if (authState.expiresAt) {
+					if (new Date(authState.expiresAt).getTime() <= Date.now()) {
+						this.setState("error");
+						const error = /* @__PURE__ */ new Error("Cannot reconnect: authentication token has expired");
+						this.emit("error", error);
+						this.emit("auth_error", error);
+						if (this.options.logger) this.options.logger.error(`RealTimeService: ${error.message}`);
+						return;
+					}
+				}
+			}
+		}
+		this.setState("connecting");
+		const maxRetries = this.options.maxRetries ?? 10;
+		if (this.retryCount >= maxRetries) {
+			this.setState("error");
+			const error = /* @__PURE__ */ new Error("Maximum reconnection attempts reached");
+			this.emit("error", error);
+			if (this.options.logger) this.options.logger.error(`RealTimeService: ${error.message}`);
+			return;
+		}
+		const delay = Math.min(3e4, (this.options.reconnectionDelay ?? 1e3) * Math.pow(2, this.retryCount));
+		this.retryCount++;
+		if (this.options.logger) this.options.logger.info(`RealTimeService: Reconnecting in ${delay}ms (attempt ${this.retryCount}/${maxRetries})`);
+		this.reconnectTimer = setTimeout(() => {
+			this.doConnect();
+		}, delay);
+	}
+	handleError(error) {
+		this.emit("error", error);
+		if (this.options.logger) this.options.logger.error(`RealTimeService: Error: ${error.message}`, error);
+		this.handleReconnect();
+	}
+	setState(state) {
+		if (this.state !== state && this.options.logger) this.options.logger.debug(`RealTimeService: State changed from ${this.state} to ${state}`);
+		this.state = state;
+		this.emit(state);
+	}
+	emit(event, ...args) {
+		this.listeners[event]?.forEach((handler) => handler(...args));
+	}
+	send(message) {
+		if (this.options.logger) this.options.logger.debug(`RealTimeService: Sending message`, message);
+		if (this.socket && this.socket.readyState === 1) this.socket.send(JSON.stringify(message));
+	}
+	startHeartbeat() {
+		this.heartbeatTimer = setInterval(() => {
+			this.send({ action: "ping" });
+		}, 3e4);
+	}
+	resubscribe() {
+		this.subscriptionRequests.forEach((operations, collection) => {
+			this.send({
+				action: "subscribe",
+				collection,
+				operations
+			});
+		});
+	}
+	clearTimers() {
+		if (this.reconnectTimer) clearTimeout(this.reconnectTimer);
+		if (this.heartbeatTimer) clearInterval(this.heartbeatTimer);
+		this.reconnectTimer = null;
+		this.heartbeatTimer = null;
+	}
+	closeConnections() {
+		if (this.socket) {
+			this.socket.close();
+			this.socket = null;
+		}
+		if (this.sse) {
+			this.sse.close();
+			this.sse = null;
+		}
+	}
+	/**
+	* Handle token refresh by reconnecting with new token
+	*/
+	handleTokenRefresh() {
+		if (this.state === "connected") {
+			if (this.options.logger) this.options.logger.info(`RealTimeService: Token refreshed, reconnecting...`);
+			this.isReconnectingForAuth = true;
+			this.clearTimers();
+			this.closeConnections();
+			this.setState("connecting");
+			this.retryCount = 0;
+			this.doConnect().finally(() => {
+				this.isReconnectingForAuth = false;
+			});
+		}
+	}
+};
+
+//#endregion
+//#region src/core/migration-service.ts
+/**
+* Service for viewing migration status and history.
+* Requires superadmin authentication.
+*/
+var MigrationService = class {
+	constructor(http) {
+		this.http = http;
+	}
+	/**
+	* List all Alembic migration revisions.
+	* Returns all migrations with their application status.
+	*/
+	async list() {
+		return (await this.http.get("/api/v1/migrations")).data;
+	}
+	/**
+	* Get the current database revision.
+	* Returns the currently applied migration.
+	*/
+	async getCurrent() {
+		try {
+			return (await this.http.get("/api/v1/migrations/current")).data;
+		} catch (error) {
+			if (error?.status === 404) return null;
+			throw error;
+		}
+	}
+	/**
+	* Get full migration history.
+	* Returns all applied migrations in chronological order.
+	*/
+	async getHistory() {
+		return (await this.http.get("/api/v1/migrations/history")).data;
+	}
+};
+
+//#endregion
+//#region src/core/storage.ts
+var MemoryStorage = class {
+	storage = /* @__PURE__ */ new Map();
+	getItem(key) {
+		return this.storage.get(key) || null;
+	}
+	setItem(key, value) {
+		this.storage.set(key, value);
+	}
+	removeItem(key) {
+		this.storage.delete(key);
+	}
+};
+var LocalStorageBackend = class {
+	getItem(key) {
+		if (typeof localStorage === "undefined") return null;
+		return localStorage.getItem(key);
+	}
+	setItem(key, value) {
+		if (typeof localStorage === "undefined") return;
+		localStorage.setItem(key, value);
+	}
+	removeItem(key) {
+		if (typeof localStorage === "undefined") return;
+		localStorage.removeItem(key);
+	}
+};
+var SessionStorageBackend = class {
+	getItem(key) {
+		if (typeof sessionStorage === "undefined") return null;
+		return sessionStorage.getItem(key);
+	}
+	setItem(key, value) {
+		if (typeof sessionStorage === "undefined") return;
+		sessionStorage.setItem(key, value);
+	}
+	removeItem(key) {
+		if (typeof sessionStorage === "undefined") return;
+		sessionStorage.removeItem(key);
+	}
+};
+function createStorageBackend(type) {
+	switch (type) {
+		case "localStorage": return new LocalStorageBackend();
+		case "sessionStorage": return new SessionStorageBackend();
+		case "memory": return new MemoryStorage();
+		case "asyncStorage": return new MemoryStorage();
+		default: return new LocalStorageBackend();
+	}
+}
+
+//#endregion
+//#region src/core/client.ts
+/**
+* Main SDK client for interacting with SnackBase API.
+*/
+var SnackBaseClient = class {
+	config;
+	http;
+	logger;
+	authManager;
+	authService;
+	accountService;
+	userService;
+	collectionService;
+	recordService;
+	groupsService;
+	invitationService;
+	apiKeyService;
+	auditLogService;
+	roleService;
+	collectionRuleService;
+	macroService;
+	dashboardService;
+	adminService;
+	emailTemplateService;
+	fileService;
+	realtimeService;
+	migrationService;
+	/**
+	* Initialize a new SnackBaseClient instance.
+	* @param config Configuration options
+	*/
+	constructor(config) {
+		this.validateConfig(config);
+		this.config = {
+			...DEFAULT_CONFIG,
+			storageBackend: config.storageBackend || getAutoDetectedStorage(),
+			...config
+		};
+		let logLevel = LogLevel.NONE;
+		if (this.config.enableLogging) switch (this.config.logLevel) {
+			case "debug":
+				logLevel = LogLevel.DEBUG;
+				break;
+			case "info":
+				logLevel = LogLevel.INFO;
+				break;
+			case "warn":
+				logLevel = LogLevel.WARN;
+				break;
+			case "error":
+				logLevel = LogLevel.ERROR;
+				break;
+			default: logLevel = LogLevel.ERROR;
+		}
+		this.logger = new Logger(logLevel);
+		if (typeof window !== "undefined") window.snackbase_debug = {
+			logger: this.logger,
+			client: this
+		};
+		this.http = new HttpClient({
+			baseUrl: this.config.baseUrl,
+			timeout: this.config.timeout,
+			maxRetries: this.config.maxRetries,
+			retryDelay: this.config.retryDelay,
+			logger: this.logger
+		});
+		this.authManager = new AuthManager({ storage: createStorageBackend(this.config.storageBackend) });
+		this.authService = new AuthService(this.http, this.authManager, this.config.apiKey, this.config.defaultAccount);
+		this.accountService = new AccountService(this.http);
+		this.userService = new UserService(this.http);
+		this.collectionService = new CollectionService(this.http);
+		this.recordService = new RecordService(this.http);
+		this.groupsService = new GroupsService(this.http);
+		this.invitationService = new InvitationService(this.http);
+		this.apiKeyService = new ApiKeyService(this.http);
+		this.auditLogService = new AuditLogService(this.http);
+		this.roleService = new RoleService(this.http);
+		this.collectionRuleService = new CollectionRuleService(this.http);
+		this.macroService = new MacroService(this.http);
+		this.dashboardService = new DashboardService(this.http);
+		this.adminService = new AdminService(this.http);
+		this.emailTemplateService = new EmailTemplateService(this.http);
+		this.fileService = new FileService(this.http, () => this.config.baseUrl, () => this.authManager.token);
+		this.realtimeService = new RealTimeService({
+			baseUrl: this.config.baseUrl,
+			getToken: () => this.authManager.token,
+			authManager: this.authManager,
+			maxRetries: this.config.maxRealTimeRetries,
+			reconnectionDelay: this.config.realTimeReconnectionDelay,
+			logger: this.logger
+		});
+		this.migrationService = new MigrationService(this.http);
+		this.setupInterceptors();
+		this.authManager.initialize();
+	}
+	/**
+	* Returns the current client configuration.
+	*/
+	getConfig() {
+		return { ...this.config };
+	}
+	/**
+	* Internal helper to access the HTTP client.
+	* @internal
+	*/
+	get httpClient() {
+		return this.http;
+	}
+	/**
+	* Sets up the default interceptors for the HTTP client.
+	*/
+	setupInterceptors() {
+		this.http.addRequestInterceptor(contentTypeInterceptor);
+		this.http.addRequestInterceptor(createAuthInterceptor(() => this.authManager.token || void 0, this.config.apiKey));
+		this.http.addResponseInterceptor(errorNormalizationInterceptor);
+		this.http.addErrorInterceptor(createAuthErrorInterceptor(this.config.onAuthError));
+		this.http.addErrorInterceptor(errorInterceptor);
+	}
+	/**
+	* Returns the current authenticated user.
+	*/
+	get user() {
+		return this.authManager.user;
+	}
+	/**
+	* Returns the current account.
+	*/
+	get account() {
+		return this.authManager.account;
+	}
+	/**
+	* Returns whether the client is currently authenticated.
+	*/
+	get isAuthenticated() {
+		return this.authManager.isAuthenticated;
+	}
+	/**
+	* Check if current user is superadmin.
+	*/
+	get isSuperadmin() {
+		return this.authManager.isSuperadmin();
+	}
+	/**
+	* Check if current session uses API key authentication.
+	*/
+	get isApiKeySession() {
+		return this.authManager.isApiKeySession();
+	}
+	/**
+	* Check if current session uses personal token authentication.
+	*/
+	get isPersonalTokenSession() {
+		return this.authManager.isPersonalTokenSession();
+	}
+	/**
+	* Check if current session uses OAuth authentication.
+	*/
+	get isOAuthSession() {
+		return this.authManager.isOAuthSession();
+	}
+	/**
+	* Returns the current token type.
+	*/
+	get tokenType() {
+		return this.authManager.tokenType;
+	}
+	/**
+	* Access to authentication methods.
+	*/
+	get auth() {
+		return this.authService;
+	}
+	/**
+	* Access to account management methods.
+	*/
+	get accounts() {
+		return this.accountService;
+	}
+	/**
+	* Access to user management methods.
+	*/
+	get users() {
+		return this.userService;
+	}
+	/**
+	* Access to collection management methods.
+	*/
+	get collections() {
+		return this.collectionService;
+	}
+	/**
+	* Access to record management methods (CRUD on dynamic collections).
+	*/
+	get records() {
+		return this.recordService;
+	}
+	/**
+	* Access to group management methods.
+	*/
+	get groups() {
+		return this.groupsService;
+	}
+	/**
+	* Access to invitation management methods.
+	*/
+	get invitations() {
+		return this.invitationService;
+	}
+	/**
+	* Access to API key management methods.
+	*/
+	get apiKeys() {
+		return this.apiKeyService;
+	}
+	/**
+	* Access to audit log management methods.
+	*/
+	get auditLogs() {
+		return this.auditLogService;
+	}
+	/**
+	* Access to role management methods.
+	*/
+	get roles() {
+		return this.roleService;
+	}
+	/**
+	* Access to collection rule management methods.
+	*/
+	get collectionRules() {
+		return this.collectionRuleService;
+	}
+	/**
+	* Access to macro management methods.
+	*/
+	get macros() {
+		return this.macroService;
+	}
+	/**
+	* Access to dashboard statistics and monitoring.
+	*/
+	get dashboard() {
+		return this.dashboardService;
+	}
+	/**
+	* Access to system administration and configuration methods.
+	*/
+	get admin() {
+		return this.adminService;
+	}
+	/**
+	* Access to email template management methods.
+	*/
+	get emailTemplates() {
+		return this.emailTemplateService;
+	}
+	/**
+	* Access to file management methods.
+	*/
+	get files() {
+		return this.fileService;
+	}
+	/**
+	* Access to real-time features and subscriptions.
+	*/
+	get realtime() {
+		return this.realtimeService;
+	}
+	/**
+	* Access to migration status and history.
+	*/
+	get migrations() {
+		return this.migrationService;
+	}
+	/**
+	* Subscribe to authentication events.
+	* @param event Event name
+	* @param listener Callback function
+	*/
+	on(event, listener) {
+		return this.authManager.on(event, listener);
+	}
+	/**
+	* Authenticate a user with email and password.
+	*/
+	async login(credentials) {
+		return this.authService.login(credentials);
+	}
+	/**
+	* Log out the current user.
+	*/
+	async logout() {
+		return this.authService.logout();
+	}
+	/**
+	* Register a new user and account.
+	*/
+	async register(data) {
+		return this.authService.register(data);
+	}
+	/**
+	* Refresh the access token using the refresh token.
+	*/
+	async refreshToken() {
+		return this.authService.refreshToken();
+	}
+	/**
+	* Get the current authenticated user profile.
+	*/
+	async getCurrentUser() {
+		return this.authService.getCurrentUser();
+	}
+	/**
+	* Initiate password reset flow.
+	*/
+	async forgotPassword(data) {
+		return this.authService.forgotPassword(data);
+	}
+	/**
+	* Reset password using a token.
+	*/
+	async resetPassword(data) {
+		return this.authService.resetPassword(data);
+	}
+	/**
+	* Verify email using a token.
+	*/
+	async verifyEmail(token) {
+		return this.authService.verifyEmail(token);
+	}
+	/**
+	* Resend the verification email to the current user.
+	*/
+	async resendVerificationEmail() {
+		return this.authService.resendVerificationEmail();
+	}
+	/**
+	* Generate SAML SSO authorization URL.
+	*/
+	async getSAMLUrl(provider, account, relayState) {
+		return this.authService.getSAMLUrl(provider, account, relayState);
+	}
+	/**
+	* Handle SAML callback.
+	*/
+	async handleSAMLCallback(params) {
+		return this.authService.handleSAMLCallback(params);
+	}
+	/**
+	* Get SAML metadata.
+	*/
+	async getSAMLMetadata(provider, account) {
+		return this.authService.getSAMLMetadata(provider, account);
+	}
+	/**
+	* Internal access to AuthManager.
+	* @internal
+	*/
+	get internalAuthManager() {
+		return this.authManager;
+	}
+	/**
+	* Validates the configuration object.
+	* Throws descriptive errors for invalid options.
+	*/
+	validateConfig(config) {
+		if (!config.baseUrl) throw new Error("SnackBaseClient: baseUrl is required");
+		try {
+			new URL(config.baseUrl);
+		} catch (e) {
+			throw new Error("SnackBaseClient: baseUrl must be a valid URL");
+		}
+		if (config.timeout !== void 0 && (typeof config.timeout !== "number" || config.timeout < 0)) throw new Error("SnackBaseClient: timeout must be a non-negative number");
+		if (config.maxRetries !== void 0 && (typeof config.maxRetries !== "number" || config.maxRetries < 0)) throw new Error("SnackBaseClient: maxRetries must be a non-negative number");
+		if (config.retryDelay !== void 0 && (typeof config.retryDelay !== "number" || config.retryDelay < 0)) throw new Error("SnackBaseClient: retryDelay must be a non-negative number");
+		if (config.refreshBeforeExpiry !== void 0 && (typeof config.refreshBeforeExpiry !== "number" || config.refreshBeforeExpiry < 0)) throw new Error("SnackBaseClient: refreshBeforeExpiry must be a non-negative number");
+		if (config.defaultAccount !== void 0 && typeof config.defaultAccount !== "string") throw new Error("SnackBaseClient: defaultAccount must be a string");
+	}
+};
+
+//#endregion
+exports.ApiKeyRestrictedError = ApiKeyRestrictedError;
+exports.AuthenticationError = AuthenticationError;
+exports.AuthorizationError = AuthorizationError;
+exports.ConflictError = ConflictError;
+exports.DEFAULT_CONFIG = DEFAULT_CONFIG;
+exports.EmailVerificationRequiredError = EmailVerificationRequiredError;
+exports.NetworkError = NetworkError;
+exports.NotFoundError = NotFoundError;
+exports.QueryBuilder = QueryBuilder;
+exports.RateLimitError = RateLimitError;
+exports.ServerError = ServerError;
+exports.SnackBaseClient = SnackBaseClient;
+exports.SnackBaseError = SnackBaseError;
+exports.TimeoutError = TimeoutError;
+exports.TokenType = TokenType;
+exports.ValidationError = ValidationError;
+exports.getAutoDetectedStorage = getAutoDetectedStorage;