@stackframe/js 2.7.20 → 2.7.22

package/dist/esm/lib/{stack-app.js → stack-app/apps/implementations/client-app-impl.js}

@@ -1,14 +1,11 @@
-// src/lib/stack-app.ts
+// src/lib/stack-app/apps/implementations/client-app-impl.ts
 import { WebAuthnError, startAuthentication, startRegistration } from "@simplewebauthn/browser";
-import { KnownErrors, StackAdminInterface, StackClientInterface, StackServerInterface } from "@stackframe/stack-shared";
-import { getProductionModeErrors } from "@stackframe/stack-shared/dist/helpers/production-mode";
+import { KnownErrors, StackClientInterface } from "@stackframe/stack-shared";
 import { InternalSession } from "@stackframe/stack-shared/dist/sessions";
-import { encodeBase64 } from "@stackframe/stack-shared/dist/utils/bytes";
-import { AsyncCache } from "@stackframe/stack-shared/dist/utils/caches";
 import { isBrowserLike } from "@stackframe/stack-shared/dist/utils/env";
-import { StackAssertionError, throwErr } from "@stackframe/stack-shared/dist/utils/errors";
+import { StackAssertionError, captureError, throwErr } from "@stackframe/stack-shared/dist/utils/errors";
 import { DependenciesMap } from "@stackframe/stack-shared/dist/utils/maps";
-import { deepPlainEquals, filterUndefined, omit, pick } from "@stackframe/stack-shared/dist/utils/objects";
+import { deepPlainEquals, omit } from "@stackframe/stack-shared/dist/utils/objects";
 import { neverResolve, runAsynchronously, wait } from "@stackframe/stack-shared/dist/utils/promises";
 import { Result } from "@stackframe/stack-shared/dist/utils/results";
 import { Store, storeLock } from "@stackframe/stack-shared/dist/utils/stores";
@@ -16,101 +13,20 @@ import { mergeScopeStrings } from "@stackframe/stack-shared/dist/utils/strings";
 import { getRelativePart, isRelative } from "@stackframe/stack-shared/dist/utils/urls";
 import { generateUuid } from "@stackframe/stack-shared/dist/utils/uuids";
 import * as cookie from "cookie";
-import { constructRedirectUrl } from "../utils/url";
-import { addNewOAuthProviderOrScope, callOAuthCallback, signInWithOAuth } from "./auth";
-import { createCookieHelper, createEmptyCookieHelper, deleteCookieClient, getCookieClient, setOrDeleteCookie, setOrDeleteCookieClient } from "./cookie";
+import { constructRedirectUrl } from "../../../../utils/url";
+import { addNewOAuthProviderOrScope, callOAuthCallback, signInWithOAuth } from "../../../auth";
+import { createCookieHelper, createPlaceholderCookieHelper, deleteCookieClient, getCookieClient, setOrDeleteCookie, setOrDeleteCookieClient } from "../../../cookie";
+import { stackAppInternalsSymbol } from "../../common";
+import { contactChannelCreateOptionsToCrud, contactChannelUpdateOptionsToCrud } from "../../contact-channels";
+import { adminProjectCreateOptionsToCrud } from "../../projects";
+import { teamCreateOptionsToCrud, teamUpdateOptionsToCrud } from "../../teams";
+import { userUpdateOptionsToCrud } from "../../users";
+import { clientVersion, createCache, createCacheBySession, createEmptyTokenStore, getBaseUrl, getDefaultProjectId, getDefaultPublishableClientKey, getUrls } from "./common";
 var isReactServer = false;
-var clientVersion = "js @stackframe/js@2.7.20";
-if (clientVersion.startsWith("STACK_COMPILE_TIME")) {
-  throw new StackAssertionError("Client version was not replaced. Something went wrong during build!");
-}
 var process = globalThis.process ?? { env: {} };
-function getUrls(partial) {
-  const handler = partial.handler ?? "/handler";
-  const home = partial.home ?? "/";
-  const afterSignIn = partial.afterSignIn ?? home;
-  return {
-    handler,
-    signIn: `${handler}/sign-in`,
-    afterSignIn: home,
-    signUp: `${handler}/sign-up`,
-    afterSignUp: afterSignIn,
-    signOut: `${handler}/sign-out`,
-    afterSignOut: home,
-    emailVerification: `${handler}/email-verification`,
-    passwordReset: `${handler}/password-reset`,
-    forgotPassword: `${handler}/forgot-password`,
-    oauthCallback: `${handler}/oauth-callback`,
-    magicLinkCallback: `${handler}/magic-link-callback`,
-    home,
-    accountSettings: `${handler}/account-settings`,
-    error: `${handler}/error`,
-    teamInvitation: `${handler}/team-invitation`,
-    ...filterUndefined(partial)
-  };
-}
-function getDefaultProjectId() {
-  return process.env.NEXT_PUBLIC_STACK_PROJECT_ID || throwErr(new Error("Welcome to Stack Auth! It seems that you haven't provided a project ID. Please create a project on the Stack dashboard at https://app.stack-auth.com and put it in the NEXT_PUBLIC_STACK_PROJECT_ID environment variable."));
-}
-function getDefaultPublishableClientKey() {
-  return process.env.NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY || throwErr(new Error("Welcome to Stack Auth! It seems that you haven't provided a publishable client key. Please create an API key for your project on the Stack dashboard at https://app.stack-auth.com and copy your publishable client key into the NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY environment variable."));
-}
-function getDefaultSecretServerKey() {
-  return process.env.STACK_SECRET_SERVER_KEY || throwErr(new Error("No secret server key provided. Please copy your key from the Stack dashboard and put your it in the STACK_SECRET_SERVER_KEY environment variable."));
-}
-function getDefaultSuperSecretAdminKey() {
-  return process.env.STACK_SUPER_SECRET_ADMIN_KEY || throwErr(new Error("No super secret admin key provided. Please copy your key from the Stack dashboard and put it in the STACK_SUPER_SECRET_ADMIN_KEY environment variable."));
-}
-function getBaseUrl(userSpecifiedBaseUrl) {
-  let url;
-  if (userSpecifiedBaseUrl) {
-    if (typeof userSpecifiedBaseUrl === "string") {
-      url = userSpecifiedBaseUrl;
-    } else {
-      if (isBrowserLike()) {
-        url = userSpecifiedBaseUrl.browser;
-      } else {
-        url = userSpecifiedBaseUrl.server;
-      }
-    }
-  } else {
-    if (isBrowserLike()) {
-      url = process.env.NEXT_PUBLIC_BROWSER_STACK_API_URL;
-    } else {
-      url = process.env.NEXT_PUBLIC_SERVER_STACK_API_URL;
-    }
-    url = url || process.env.NEXT_PUBLIC_STACK_API_URL || process.env.NEXT_PUBLIC_STACK_URL || defaultBaseUrl;
-  }
-  return url.endsWith("/") ? url.slice(0, -1) : url;
-}
-var defaultBaseUrl = "https://api.stack-auth.com";
-function createEmptyTokenStore() {
-  return new Store({
-    refreshToken: null,
-    accessToken: null
-  });
-}
-var stackAppInternalsSymbol = Symbol.for("StackAuth--DO-NOT-USE-OR-YOU-WILL-BE-FIRED--StackAppInternals");
-var allClientApps = /* @__PURE__ */ new Map();
-var createCache = (fetcher) => {
-  return new AsyncCache(
-    async (dependencies) => await Result.fromThrowingAsync(async () => await fetcher(dependencies)),
-    {}
-  );
-};
-var createCacheBySession = (fetcher) => {
-  return new AsyncCache(
-    async ([session, ...extraDependencies]) => await Result.fromThrowingAsync(async () => await fetcher(session, extraDependencies)),
-    {
-      onSubscribe: ([session], refresh) => {
-        const handler = session.onInvalidate(() => refresh());
-        return () => handler.unsubscribe();
-      }
-    }
-  );
-};
 var numberOfAppsCreated = 0;
-var _StackClientAppImpl = class __StackClientAppImpl {
+var allClientApps = /* @__PURE__ */ new Map();
+var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
   constructor(_options) {
     this._options = _options;
     this._uniqueIdentifier = void 0;
@@ -183,6 +99,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       }
     );
     this._memoryTokenStore = createEmptyTokenStore();
+    this._nextServerCookiesTokenStores = /* @__PURE__ */ new WeakMap();
     this._requestTokenStores = /* @__PURE__ */ new WeakMap();
     this._storedBrowserCookieTokenStore = null;
     /**
@@ -194,6 +111,9 @@ var _StackClientAppImpl = class __StackClientAppImpl {
      * - So different token stores are separated and don't leak information between each other, eg. if the same user sends two requests to the same server they should get a different session object
      */
     this._sessionsByTokenStoreAndSessionKey = /* @__PURE__ */ new WeakMap();
+    if (!__StackClientAppImplIncomplete.LazyStackAdminAppImpl.value) {
+      throw new StackAssertionError("Admin app implementation not initialized. Did you import the _StackClientApp from stack-app/apps/implementations/index.ts? You can't import it directly from ./apps/implementations/client-app-impl.ts as that causes a circular dependency (see the comment at _LazyStackAdminAppImpl for more details).");
+    }
     if ("interface" in _options) {
       this._interface = _options.interface;
     } else {
@@ -225,7 +145,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     if (this._tokenStoreInit === "nextjs-cookie" || this._tokenStoreInit === "cookie") {
       return await createCookieHelper();
     } else {
-      return await createEmptyCookieHelper();
+      return await createPlaceholderCookieHelper();
     }
   }
   async _getUserOAuthConnectionCacheFn(options) {
@@ -619,12 +539,12 @@ var _StackClientAppImpl = class __StackClientAppImpl {
         let attResp;
         try {
           attResp = await startRegistration({ optionsJSON: options_json });
-          debugger;
         } catch (error) {
           if (error instanceof WebAuthnError) {
             return Result.error(new KnownErrors.PasskeyWebAuthnError(error.message, error.name));
           } else {
-            return Result.error(new KnownErrors.PasskeyRegistrationFailed("Failed to start passkey registration"));
+            captureError("passkey-registration-failed", error);
+            return Result.error(new KnownErrors.PasskeyRegistrationFailed("Failed to start passkey registration due to unknown error"));
           }
         }
         const registrationResult = await app._interface.registerPasskey({ credential: attResp, code }, session);
@@ -786,7 +706,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   }
   _getOwnedAdminApp(forProjectId, session) {
     if (!this._ownedAdminApps.has([session, forProjectId])) {
-      this._ownedAdminApps.set([session, forProjectId], new _StackAdminAppImpl({
+      this._ownedAdminApps.set([session, forProjectId], new __StackClientAppImplIncomplete.LazyStackAdminAppImpl.value({
         baseUrl: this._interface.options.getBaseUrl(),
         projectId: forProjectId,
         tokenStore: null,
@@ -1063,7 +983,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   async signUpWithCredential(options) {
     this._ensurePersistentTokenStore();
     const session = await this._getSession();
-    const emailVerificationRedirectUrl = constructRedirectUrl(this.urls.emailVerification);
+    const emailVerificationRedirectUrl = options.verificationCallbackUrl ?? constructRedirectUrl(this.urls.emailVerification);
     const result = await this._interface.signUpWithCredential(
       options.email,
       options.password,
@@ -1237,7 +1157,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
           }
           return clientApp;
         }
-        return new __StackClientAppImpl({
+        return new __StackClientAppImplIncomplete({
           ...json,
           checkString: providedCheckString
         });
@@ -1275,852 +1195,16 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     };
   }
 };
-var _StackServerAppImpl = class extends _StackClientAppImpl {
-  constructor(options) {
-    super("interface" in options ? {
-      interface: options.interface,
-      tokenStore: options.tokenStore,
-      urls: options.urls,
-      oauthScopesOnSignIn: options.oauthScopesOnSignIn
-    } : {
-      interface: new StackServerInterface({
-        getBaseUrl: () => getBaseUrl(options.baseUrl),
-        projectId: options.projectId ?? getDefaultProjectId(),
-        clientVersion,
-        publishableClientKey: options.publishableClientKey ?? getDefaultPublishableClientKey(),
-        secretServerKey: options.secretServerKey ?? getDefaultSecretServerKey()
-      }),
-      baseUrl: options.baseUrl,
-      projectId: options.projectId,
-      publishableClientKey: options.publishableClientKey,
-      tokenStore: options.tokenStore,
-      urls: options.urls ?? {},
-      oauthScopesOnSignIn: options.oauthScopesOnSignIn ?? {},
-      redirectMethod: options.redirectMethod
-    });
-    // TODO override the client user cache to use the server user cache, so we save some requests
-    this._currentServerUserCache = createCacheBySession(async (session) => {
-      if (session.isKnownToBeInvalid()) {
-        return null;
-      }
-      return await this._interface.getServerUserByToken(session);
-    });
-    this._serverUsersCache = createCache(async ([cursor, limit, orderBy, desc, query]) => {
-      return await this._interface.listServerUsers({ cursor, limit, orderBy, desc, query });
-    });
-    this._serverUserCache = createCache(async ([userId]) => {
-      const user = await this._interface.getServerUserById(userId);
-      return Result.or(user, null);
-    });
-    this._serverTeamsCache = createCache(async ([userId]) => {
-      return await this._interface.listServerTeams({ userId });
-    });
-    this._serverTeamUserPermissionsCache = createCache(async ([teamId, userId, recursive]) => {
-      return await this._interface.listServerTeamPermissions({ teamId, userId, recursive }, null);
-    });
-    this._serverUserOAuthConnectionAccessTokensCache = createCache(
-      async ([userId, providerId, scope]) => {
-        try {
-          const result = await this._interface.createServerProviderAccessToken(userId, providerId, scope || "");
-          return { accessToken: result.access_token };
-        } catch (err) {
-          if (!(err instanceof KnownErrors.OAuthConnectionDoesNotHaveRequiredScope || err instanceof KnownErrors.OAuthConnectionNotConnectedToUser)) {
-            throw err;
-          }
-        }
-        return null;
-      }
-    );
-    this._serverUserOAuthConnectionCache = createCache(
-      async ([userId, providerId, scope, redirect]) => {
-        return await this._getUserOAuthConnectionCacheFn({
-          getUser: async () => Result.orThrow(await this._serverUserCache.getOrWait([userId], "write-only")),
-          getOrWaitOAuthToken: async () => Result.orThrow(await this._serverUserOAuthConnectionAccessTokensCache.getOrWait([userId, providerId, scope || ""], "write-only")),
-          providerId,
-          scope,
-          redirect,
-          session: null
-        });
-      }
-    );
-    this._serverTeamMemberProfilesCache = createCache(
-      async ([teamId]) => {
-        return await this._interface.listServerTeamMemberProfiles({ teamId });
-      }
-    );
-    this._serverTeamInvitationsCache = createCache(
-      async ([teamId]) => {
-        return await this._interface.listServerTeamInvitations({ teamId });
-      }
-    );
-    this._serverUserTeamProfileCache = createCache(
-      async ([teamId, userId]) => {
-        return await this._interface.getServerTeamMemberProfile({ teamId, userId });
-      }
-    );
-    this._serverContactChannelsCache = createCache(
-      async ([userId]) => {
-        return await this._interface.listServerContactChannels(userId);
-      }
-    );
-  }
-  async _updateServerUser(userId, update) {
-    const result = await this._interface.updateServerUser(userId, serverUserUpdateOptionsToCrud(update));
-    await this._refreshUsers();
-    return result;
-  }
-  _serverEditableTeamProfileFromCrud(crud) {
-    const app = this;
-    return {
-      displayName: crud.display_name,
-      profileImageUrl: crud.profile_image_url,
-      async update(update) {
-        await app._interface.updateServerTeamMemberProfile({
-          teamId: crud.team_id,
-          userId: crud.user_id,
-          profile: {
-            display_name: update.displayName,
-            profile_image_url: update.profileImageUrl
-          }
-        });
-        await app._serverUserTeamProfileCache.refresh([crud.team_id, crud.user_id]);
-      }
-    };
-  }
-  _serverContactChannelFromCrud(userId, crud) {
-    const app = this;
-    return {
-      id: crud.id,
-      value: crud.value,
-      type: crud.type,
-      isVerified: crud.is_verified,
-      isPrimary: crud.is_primary,
-      usedForAuth: crud.used_for_auth,
-      async sendVerificationEmail(options) {
-        if (!options?.callbackUrl && !await app._getCurrentUrl()) {
-          throw new Error("Cannot send verification email without a callback URL from the server or without a redirect method. Make sure you pass the `callbackUrl` option: `sendVerificationEmail({ callbackUrl: ... })`");
-        }
-        await app._interface.sendServerContactChannelVerificationEmail(userId, crud.id, options?.callbackUrl ?? constructRedirectUrl(app.urls.emailVerification));
-      },
-      async update(data) {
-        await app._interface.updateServerContactChannel(userId, crud.id, serverContactChannelUpdateOptionsToCrud(data));
-      },
-      async delete() {
-        await app._interface.deleteServerContactChannel(userId, crud.id);
-      }
-    };
-  }
-  _serverUserFromCrud(crud) {
-    const app = this;
-    async function getConnectedAccount(id, options) {
-      const scopeString = options?.scopes?.join(" ");
-      return Result.orThrow(await app._serverUserOAuthConnectionCache.getOrWait([crud.id, id, scopeString || "", options?.or === "redirect"], "write-only"));
-    }
-    return {
-      ...super._createBaseUser(crud),
-      lastActiveAt: new Date(crud.last_active_at_millis),
-      serverMetadata: crud.server_metadata,
-      async setPrimaryEmail(email, options) {
-        await app._updateServerUser(crud.id, { primaryEmail: email, primaryEmailVerified: options?.verified });
-      },
-      async grantPermission(scope, permissionId) {
-        await app._interface.grantServerTeamUserPermission(scope.id, crud.id, permissionId);
-        for (const recursive of [true, false]) {
-          await app._serverTeamUserPermissionsCache.refresh([scope.id, crud.id, recursive]);
-        }
-      },
-      async revokePermission(scope, permissionId) {
-        await app._interface.revokeServerTeamUserPermission(scope.id, crud.id, permissionId);
-        for (const recursive of [true, false]) {
-          await app._serverTeamUserPermissionsCache.refresh([scope.id, crud.id, recursive]);
-        }
-      },
-      async delete() {
-        const res = await app._interface.deleteServerServerUser(crud.id);
-        await app._refreshUsers();
-        return res;
-      },
-      async createSession(options) {
-        const tokens = await app._interface.createServerUserSession(crud.id, options.expiresInMillis ?? 1e3 * 60 * 60 * 24 * 365);
-        return {
-          async getTokens() {
-            return tokens;
-          }
-        };
-      },
-      async setDisplayName(displayName) {
-        return await this.update({ displayName });
-      },
-      async setClientMetadata(metadata) {
-        return await this.update({ clientMetadata: metadata });
-      },
-      async setClientReadOnlyMetadata(metadata) {
-        return await this.update({ clientReadOnlyMetadata: metadata });
-      },
-      async setServerMetadata(metadata) {
-        return await this.update({ serverMetadata: metadata });
-      },
-      async setSelectedTeam(team) {
-        return await this.update({ selectedTeamId: team?.id ?? null });
-      },
-      getConnectedAccount,
-      selectedTeam: crud.selected_team ? app._serverTeamFromCrud(crud.selected_team) : null,
-      async getTeam(teamId) {
-        const teams = await this.listTeams();
-        return teams.find((t) => t.id === teamId) ?? null;
-      },
-      async listTeams() {
-        const teams = Result.orThrow(await app._serverTeamsCache.getOrWait([crud.id], "write-only"));
-        return teams.map((t) => app._serverTeamFromCrud(t));
-      },
-      createTeam: async (data) => {
-        const team = await app._interface.createServerTeam(serverTeamCreateOptionsToCrud({
-          creatorUserId: crud.id,
-          ...data
-        }));
-        await app._serverTeamsCache.refresh([void 0]);
-        return app._serverTeamFromCrud(team);
-      },
-      leaveTeam: async (team) => {
-        await app._interface.leaveServerTeam({ teamId: team.id, userId: crud.id });
-      },
-      async listPermissions(scope, options) {
-        const recursive = options?.recursive ?? true;
-        const permissions = Result.orThrow(await app._serverTeamUserPermissionsCache.getOrWait([scope.id, crud.id, recursive], "write-only"));
-        return permissions.map((crud2) => app._serverPermissionFromCrud(crud2));
-      },
-      async getPermission(scope, permissionId) {
-        const permissions = await this.listPermissions(scope);
-        return permissions.find((p) => p.id === permissionId) ?? null;
-      },
-      async hasPermission(scope, permissionId) {
-        return await this.getPermission(scope, permissionId) !== null;
-      },
-      async update(update) {
-        await app._updateServerUser(crud.id, update);
-      },
-      async sendVerificationEmail() {
-        return await app._checkFeatureSupport("sendVerificationEmail() on ServerUser", {});
-      },
-      async updatePassword(options) {
-        const result = await this.update({ password: options.newPassword });
-        await app._serverUserCache.refresh([crud.id]);
-        return result;
-      },
-      async setPassword(options) {
-        const result = await this.update(options);
-        await app._serverUserCache.refresh([crud.id]);
-        return result;
-      },
-      async getTeamProfile(team) {
-        const result = Result.orThrow(await app._serverUserTeamProfileCache.getOrWait([team.id, crud.id], "write-only"));
-        return app._serverEditableTeamProfileFromCrud(result);
-      },
-      async listContactChannels() {
-        const result = Result.orThrow(await app._serverContactChannelsCache.getOrWait([crud.id], "write-only"));
-        return result.map((data) => app._serverContactChannelFromCrud(crud.id, data));
-      },
-      createContactChannel: async (data) => {
-        const contactChannel = await app._interface.createServerContactChannel(serverContactChannelCreateOptionsToCrud(crud.id, data));
-        await app._serverContactChannelsCache.refresh([crud.id]);
-        return app._serverContactChannelFromCrud(crud.id, contactChannel);
-      }
-    };
-  }
-  _serverTeamUserFromCrud(crud) {
-    return {
-      ...this._serverUserFromCrud(crud.user),
-      teamProfile: {
-        displayName: crud.display_name,
-        profileImageUrl: crud.profile_image_url
-      }
-    };
-  }
-  _serverTeamInvitationFromCrud(crud) {
-    return {
-      id: crud.id,
-      recipientEmail: crud.recipient_email,
-      expiresAt: new Date(crud.expires_at_millis),
-      revoke: async () => {
-        await this._interface.revokeServerTeamInvitation(crud.id, crud.team_id);
-      }
-    };
-  }
-  _currentUserFromCrud(crud, session) {
-    const app = this;
-    const currentUser = {
-      ...this._serverUserFromCrud(crud),
-      ...this._createAuth(session),
-      ...this._isInternalProject() ? this._createInternalUserExtra(session) : {}
-    };
-    Object.freeze(currentUser);
-    return currentUser;
-  }
-  _serverTeamFromCrud(crud) {
-    const app = this;
-    return {
-      id: crud.id,
-      displayName: crud.display_name,
-      profileImageUrl: crud.profile_image_url,
-      createdAt: new Date(crud.created_at_millis),
-      clientMetadata: crud.client_metadata,
-      clientReadOnlyMetadata: crud.client_read_only_metadata,
-      serverMetadata: crud.server_metadata,
-      async update(update) {
-        await app._interface.updateServerTeam(crud.id, serverTeamUpdateOptionsToCrud(update));
-        await app._serverTeamsCache.refresh([void 0]);
-      },
-      async delete() {
-        await app._interface.deleteServerTeam(crud.id);
-        await app._serverTeamsCache.refresh([void 0]);
-      },
-      async listUsers() {
-        const result = Result.orThrow(await app._serverTeamMemberProfilesCache.getOrWait([crud.id], "write-only"));
-        return result.map((u) => app._serverTeamUserFromCrud(u));
-      },
-      async addUser(userId) {
-        await app._interface.addServerUserToTeam({
-          teamId: crud.id,
-          userId
-        });
-        await app._serverTeamMemberProfilesCache.refresh([crud.id]);
-      },
-      async removeUser(userId) {
-        await app._interface.removeServerUserFromTeam({
-          teamId: crud.id,
-          userId
-        });
-        await app._serverTeamMemberProfilesCache.refresh([crud.id]);
-      },
-      async inviteUser(options) {
-        if (!options.callbackUrl && !await app._getCurrentUrl()) {
-          throw new Error("Cannot invite user without a callback URL from the server or without a redirect method. Make sure you pass the `callbackUrl` option: `inviteUser({ email, callbackUrl: ... })`");
-        }
-        await app._interface.sendServerTeamInvitation({
-          teamId: crud.id,
-          email: options.email,
-          callbackUrl: options.callbackUrl ?? constructRedirectUrl(app.urls.teamInvitation)
-        });
-        await app._serverTeamInvitationsCache.refresh([crud.id]);
-      },
-      async listInvitations() {
-        const result = Result.orThrow(await app._serverTeamInvitationsCache.getOrWait([crud.id], "write-only"));
-        return result.map((crud2) => app._serverTeamInvitationFromCrud(crud2));
-      }
-    };
-  }
-  async createUser(options) {
-    const crud = await this._interface.createServerUser(serverUserCreateOptionsToCrud(options));
-    await this._refreshUsers();
-    return this._serverUserFromCrud(crud);
-  }
-  async getUser(options) {
-    if (typeof options === "string") {
-      return await this.getServerUserById(options);
-    } else {
-      this._ensurePersistentTokenStore(options?.tokenStore);
-      const session = await this._getSession(options?.tokenStore);
-      const crud = Result.orThrow(await this._currentServerUserCache.getOrWait([session], "write-only"));
-      if (crud === null) {
-        switch (options?.or) {
-          case "redirect": {
-            await this.redirectToSignIn({ replace: true });
-            break;
-          }
-          case "throw": {
-            throw new Error("User is not signed in but getUser was called with { or: 'throw' }");
-          }
-          default: {
-            return null;
-          }
-        }
-      }
-      return crud && this._currentUserFromCrud(crud, session);
-    }
-  }
-  async getServerUser() {
-    console.warn("stackServerApp.getServerUser is deprecated; use stackServerApp.getUser instead");
-    return await this.getUser();
-  }
-  async getServerUserById(userId) {
-    const crud = Result.orThrow(await this._serverUserCache.getOrWait([userId], "write-only"));
-    return crud && this._serverUserFromCrud(crud);
-  }
-  async listUsers(options) {
-    const crud = Result.orThrow(await this._serverUsersCache.getOrWait([options?.cursor, options?.limit, options?.orderBy, options?.desc, options?.query], "write-only"));
-    const result = crud.items.map((j) => this._serverUserFromCrud(j));
-    result.nextCursor = crud.pagination?.next_cursor ?? null;
-    return result;
-  }
-  _serverPermissionFromCrud(crud) {
-    return {
-      id: crud.id
-    };
-  }
-  _serverTeamPermissionDefinitionFromCrud(crud) {
-    return {
-      id: crud.id,
-      description: crud.description,
-      containedPermissionIds: crud.contained_permission_ids
-    };
-  }
-  async listTeams() {
-    const teams = Result.orThrow(await this._serverTeamsCache.getOrWait([void 0], "write-only"));
-    return teams.map((t) => this._serverTeamFromCrud(t));
-  }
-  async createTeam(data) {
-    const team = await this._interface.createServerTeam(serverTeamCreateOptionsToCrud(data));
-    await this._serverTeamsCache.refresh([void 0]);
-    return this._serverTeamFromCrud(team);
-  }
-  async getTeam(teamId) {
-    const teams = await this.listTeams();
-    return teams.find((t) => t.id === teamId) ?? null;
-  }
-  async _refreshSession(session) {
-    await Promise.all([
-      super._refreshUser(session),
-      this._currentServerUserCache.refresh([session])
-    ]);
-  }
-  async _refreshUsers() {
-    await Promise.all([
-      super._refreshUsers(),
-      this._serverUserCache.refreshWhere(() => true),
-      this._serverUsersCache.refreshWhere(() => true),
-      this._serverContactChannelsCache.refreshWhere(() => true)
-    ]);
-  }
-};
-var _StackAdminAppImpl = class extends _StackServerAppImpl {
-  constructor(options) {
-    super({
-      interface: new StackAdminInterface({
-        getBaseUrl: () => getBaseUrl(options.baseUrl),
-        projectId: options.projectId ?? getDefaultProjectId(),
-        clientVersion,
-        ..."projectOwnerSession" in options ? {
-          projectOwnerSession: options.projectOwnerSession
-        } : {
-          publishableClientKey: options.publishableClientKey ?? getDefaultPublishableClientKey(),
-          secretServerKey: options.secretServerKey ?? getDefaultSecretServerKey(),
-          superSecretAdminKey: options.superSecretAdminKey ?? getDefaultSuperSecretAdminKey()
-        }
-      }),
-      baseUrl: options.baseUrl,
-      projectId: options.projectId,
-      tokenStore: options.tokenStore,
-      urls: options.urls,
-      oauthScopesOnSignIn: options.oauthScopesOnSignIn,
-      redirectMethod: options.redirectMethod
-    });
-    this._adminProjectCache = createCache(async () => {
-      return await this._interface.getProject();
-    });
-    this._apiKeysCache = createCache(async () => {
-      return await this._interface.listApiKeys();
-    });
-    this._adminEmailTemplatesCache = createCache(async () => {
-      return await this._interface.listEmailTemplates();
-    });
-    this._adminTeamPermissionDefinitionsCache = createCache(async () => {
-      return await this._interface.listPermissionDefinitions();
-    });
-    this._svixTokenCache = createCache(async () => {
-      return await this._interface.getSvixToken();
-    });
-    this._metricsCache = createCache(async () => {
-      return await this._interface.getMetrics();
-    });
-  }
-  _adminOwnedProjectFromCrud(data, onRefresh) {
-    if (this._tokenStoreInit !== null) {
-      throw new StackAssertionError("Owned apps must always have tokenStore === null \u2014 did you not create this project with app._createOwnedApp()?");
-      ;
-    }
-    return {
-      ...this._adminProjectFromCrud(data, onRefresh),
-      app: this
-    };
-  }
-  _adminProjectFromCrud(data, onRefresh) {
-    if (data.id !== this.projectId) {
-      throw new StackAssertionError(`The project ID of the provided project JSON (${data.id}) does not match the project ID of the app (${this.projectId})!`);
-    }
-    const app = this;
-    return {
-      id: data.id,
-      displayName: data.display_name,
-      description: data.description,
-      createdAt: new Date(data.created_at_millis),
-      userCount: data.user_count,
-      isProductionMode: data.is_production_mode,
-      config: {
-        id: data.config.id,
-        signUpEnabled: data.config.sign_up_enabled,
-        credentialEnabled: data.config.credential_enabled,
-        magicLinkEnabled: data.config.magic_link_enabled,
-        passkeyEnabled: data.config.passkey_enabled,
-        clientTeamCreationEnabled: data.config.client_team_creation_enabled,
-        clientUserDeletionEnabled: data.config.client_user_deletion_enabled,
-        allowLocalhost: data.config.allow_localhost,
-        oauthProviders: data.config.oauth_providers.map((p) => p.type === "shared" ? {
-          id: p.id,
-          enabled: p.enabled,
-          type: "shared"
-        } : {
-          id: p.id,
-          enabled: p.enabled,
-          type: "standard",
-          clientId: p.client_id ?? throwErr("Client ID is missing"),
-          clientSecret: p.client_secret ?? throwErr("Client secret is missing"),
-          facebookConfigId: p.facebook_config_id,
-          microsoftTenantId: p.microsoft_tenant_id
-        }),
-        emailConfig: data.config.email_config.type === "shared" ? {
-          type: "shared"
-        } : {
-          type: "standard",
-          host: data.config.email_config.host ?? throwErr("Email host is missing"),
-          port: data.config.email_config.port ?? throwErr("Email port is missing"),
-          username: data.config.email_config.username ?? throwErr("Email username is missing"),
-          password: data.config.email_config.password ?? throwErr("Email password is missing"),
-          senderName: data.config.email_config.sender_name ?? throwErr("Email sender name is missing"),
-          senderEmail: data.config.email_config.sender_email ?? throwErr("Email sender email is missing")
-        },
-        domains: data.config.domains.map((d) => ({
-          domain: d.domain,
-          handlerPath: d.handler_path
-        })),
-        createTeamOnSignUp: data.config.create_team_on_sign_up,
-        teamCreatorDefaultPermissions: data.config.team_creator_default_permissions,
-        teamMemberDefaultPermissions: data.config.team_member_default_permissions
-      },
-      async update(update) {
-        await app._interface.updateProject(adminProjectUpdateOptionsToCrud(update));
-        await onRefresh();
-      },
-      async delete() {
-        await app._interface.deleteProject();
-      },
-      async getProductionModeErrors() {
-        return getProductionModeErrors(data);
-      },
-      useProductionModeErrors() {
-        return getProductionModeErrors(data);
-      }
-    };
-  }
-  _adminEmailTemplateFromCrud(data) {
-    return {
-      type: data.type,
-      subject: data.subject,
-      content: data.content,
-      isDefault: data.is_default
-    };
-  }
-  async getProject() {
-    return this._adminProjectFromCrud(
-      Result.orThrow(await this._adminProjectCache.getOrWait([], "write-only")),
-      () => this._refreshProject()
-    );
-  }
-  _createApiKeyBaseFromCrud(data) {
-    const app = this;
-    return {
-      id: data.id,
-      description: data.description,
-      expiresAt: new Date(data.expires_at_millis),
-      manuallyRevokedAt: data.manually_revoked_at_millis ? new Date(data.manually_revoked_at_millis) : null,
-      createdAt: new Date(data.created_at_millis),
-      isValid() {
-        return this.whyInvalid() === null;
-      },
-      whyInvalid() {
-        if (this.expiresAt.getTime() < Date.now()) return "expired";
-        if (this.manuallyRevokedAt) return "manually-revoked";
-        return null;
-      },
-      async revoke() {
-        const res = await app._interface.revokeApiKeyById(data.id);
-        await app._refreshApiKeys();
-        return res;
-      }
-    };
-  }
-  _createApiKeyFromCrud(data) {
-    return {
-      ...this._createApiKeyBaseFromCrud(data),
-      publishableClientKey: data.publishable_client_key ? { lastFour: data.publishable_client_key.last_four } : null,
-      secretServerKey: data.secret_server_key ? { lastFour: data.secret_server_key.last_four } : null,
-      superSecretAdminKey: data.super_secret_admin_key ? { lastFour: data.super_secret_admin_key.last_four } : null
-    };
-  }
-  _createApiKeyFirstViewFromCrud(data) {
-    return {
-      ...this._createApiKeyBaseFromCrud(data),
-      publishableClientKey: data.publishable_client_key,
-      secretServerKey: data.secret_server_key,
-      superSecretAdminKey: data.super_secret_admin_key
-    };
-  }
-  async listApiKeys() {
-    const crud = Result.orThrow(await this._apiKeysCache.getOrWait([], "write-only"));
-    return crud.map((j) => this._createApiKeyFromCrud(j));
-  }
-  async createApiKey(options) {
-    const crud = await this._interface.createApiKey(apiKeyCreateOptionsToCrud(options));
-    await this._refreshApiKeys();
-    return this._createApiKeyFirstViewFromCrud(crud);
-  }
-  async listEmailTemplates() {
-    const crud = Result.orThrow(await this._adminEmailTemplatesCache.getOrWait([], "write-only"));
-    return crud.map((j) => this._adminEmailTemplateFromCrud(j));
-  }
-  async updateEmailTemplate(type, data) {
-    await this._interface.updateEmailTemplate(type, adminEmailTemplateUpdateOptionsToCrud(data));
-    await this._adminEmailTemplatesCache.refresh([]);
-  }
-  async resetEmailTemplate(type) {
-    await this._interface.resetEmailTemplate(type);
-    await this._adminEmailTemplatesCache.refresh([]);
-  }
-  async createTeamPermissionDefinition(data) {
-    const crud = await this._interface.createPermissionDefinition(serverTeamPermissionDefinitionCreateOptionsToCrud(data));
-    await this._adminTeamPermissionDefinitionsCache.refresh([]);
-    return this._serverTeamPermissionDefinitionFromCrud(crud);
-  }
-  async updateTeamPermissionDefinition(permissionId, data) {
-    await this._interface.updatePermissionDefinition(permissionId, serverTeamPermissionDefinitionUpdateOptionsToCrud(data));
-    await this._adminTeamPermissionDefinitionsCache.refresh([]);
-  }
-  async deleteTeamPermissionDefinition(permissionId) {
-    await this._interface.deletePermissionDefinition(permissionId);
-    await this._adminTeamPermissionDefinitionsCache.refresh([]);
-  }
-  async listTeamPermissionDefinitions() {
-    const crud = Result.orThrow(await this._adminTeamPermissionDefinitionsCache.getOrWait([], "write-only"));
-    return crud.map((p) => this._serverTeamPermissionDefinitionFromCrud(p));
-  }
-  async _refreshProject() {
-    await Promise.all([
-      super._refreshProject(),
-      this._adminProjectCache.refresh([])
-    ]);
-  }
-  async _refreshApiKeys() {
-    await this._apiKeysCache.refresh([]);
-  }
-  get [stackAppInternalsSymbol]() {
-    return {
-      ...super[stackAppInternalsSymbol]
-    };
-  }
-  async sendTestEmail(options) {
-    const response = await this._interface.sendTestEmail({
-      recipient_email: options.recipientEmail,
-      email_config: {
-        ...pick(options.emailConfig, ["host", "port", "username", "password"]),
-        sender_email: options.emailConfig.senderEmail,
-        sender_name: options.emailConfig.senderName
-      }
-    });
-    if (response.success) {
-      return Result.ok(void 0);
-    } else {
-      return Result.error({ errorMessage: response.error_message ?? throwErr("Email test error not specified") });
-    }
-  }
-};
-function contactChannelCreateOptionsToCrud(userId, options) {
-  return {
-    value: options.value,
-    type: options.type,
-    used_for_auth: options.usedForAuth,
-    user_id: userId
-  };
-}
-function contactChannelUpdateOptionsToCrud(options) {
-  return {
-    value: options.value,
-    used_for_auth: options.usedForAuth,
-    is_primary: options.isPrimary
-  };
-}
-function serverContactChannelUpdateOptionsToCrud(options) {
-  return {
-    value: options.value,
-    is_verified: options.isVerified,
-    used_for_auth: options.usedForAuth
-  };
-}
-function serverContactChannelCreateOptionsToCrud(userId, options) {
-  return {
-    type: options.type,
-    value: options.value,
-    is_verified: options.isVerified,
-    user_id: userId,
-    used_for_auth: options.usedForAuth
-  };
-}
-function userUpdateOptionsToCrud(options) {
-  return {
-    display_name: options.displayName,
-    client_metadata: options.clientMetadata,
-    selected_team_id: options.selectedTeamId,
-    totp_secret_base64: options.totpMultiFactorSecret != null ? encodeBase64(options.totpMultiFactorSecret) : options.totpMultiFactorSecret,
-    profile_image_url: options.profileImageUrl,
-    otp_auth_enabled: options.otpAuthEnabled,
-    passkey_auth_enabled: options.passkeyAuthEnabled
-  };
-}
-function serverUserUpdateOptionsToCrud(options) {
-  return {
-    display_name: options.displayName,
-    primary_email: options.primaryEmail,
-    client_metadata: options.clientMetadata,
-    client_read_only_metadata: options.clientReadOnlyMetadata,
-    server_metadata: options.serverMetadata,
-    selected_team_id: options.selectedTeamId,
-    primary_email_auth_enabled: options.primaryEmailAuthEnabled,
-    primary_email_verified: options.primaryEmailVerified,
-    password: options.password,
-    profile_image_url: options.profileImageUrl,
-    totp_secret_base64: options.totpMultiFactorSecret != null ? encodeBase64(options.totpMultiFactorSecret) : options.totpMultiFactorSecret
-  };
-}
-function serverUserCreateOptionsToCrud(options) {
-  return {
-    primary_email: options.primaryEmail,
-    password: options.password,
-    otp_auth_enabled: options.otpAuthEnabled,
-    primary_email_auth_enabled: options.primaryEmailAuthEnabled,
-    display_name: options.displayName,
-    primary_email_verified: options.primaryEmailVerified,
-    client_metadata: options.clientMetadata,
-    client_read_only_metadata: options.clientReadOnlyMetadata,
-    server_metadata: options.serverMetadata
-  };
-}
-function adminProjectUpdateOptionsToCrud(options) {
-  return {
-    display_name: options.displayName,
-    description: options.description,
-    is_production_mode: options.isProductionMode,
-    config: {
-      domains: options.config?.domains?.map((d) => ({
-        domain: d.domain,
-        handler_path: d.handlerPath
-      })),
-      oauth_providers: options.config?.oauthProviders?.map((p) => ({
-        id: p.id,
-        enabled: p.enabled,
-        type: p.type,
-        ...p.type === "standard" && {
-          client_id: p.clientId,
-          client_secret: p.clientSecret,
-          facebook_config_id: p.facebookConfigId,
-          microsoft_tenant_id: p.microsoftTenantId
-        }
-      })),
-      email_config: options.config?.emailConfig && (options.config.emailConfig.type === "shared" ? {
-        type: "shared"
-      } : {
-        type: "standard",
-        host: options.config.emailConfig.host,
-        port: options.config.emailConfig.port,
-        username: options.config.emailConfig.username,
-        password: options.config.emailConfig.password,
-        sender_name: options.config.emailConfig.senderName,
-        sender_email: options.config.emailConfig.senderEmail
-      }),
-      sign_up_enabled: options.config?.signUpEnabled,
-      credential_enabled: options.config?.credentialEnabled,
-      magic_link_enabled: options.config?.magicLinkEnabled,
-      passkey_enabled: options.config?.passkeyEnabled,
-      allow_localhost: options.config?.allowLocalhost,
-      create_team_on_sign_up: options.config?.createTeamOnSignUp,
-      client_team_creation_enabled: options.config?.clientTeamCreationEnabled,
-      client_user_deletion_enabled: options.config?.clientUserDeletionEnabled,
-      team_creator_default_permissions: options.config?.teamCreatorDefaultPermissions,
-      team_member_default_permissions: options.config?.teamMemberDefaultPermissions
-    }
-  };
-}
-function adminProjectCreateOptionsToCrud(options) {
-  return {
-    ...adminProjectUpdateOptionsToCrud(options),
-    display_name: options.displayName
-  };
-}
-function apiKeyCreateOptionsToCrud(options) {
-  return {
-    description: options.description,
-    expires_at_millis: options.expiresAt.getTime(),
-    has_publishable_client_key: options.hasPublishableClientKey,
-    has_secret_server_key: options.hasSecretServerKey,
-    has_super_secret_admin_key: options.hasSuperSecretAdminKey
-  };
-}
-function teamUpdateOptionsToCrud(options) {
-  return {
-    display_name: options.displayName,
-    profile_image_url: options.profileImageUrl,
-    client_metadata: options.clientMetadata
-  };
-}
-function teamCreateOptionsToCrud(options, creatorUserId) {
-  return {
-    display_name: options.displayName,
-    profile_image_url: options.profileImageUrl,
-    creator_user_id: creatorUserId
-  };
-}
-function serverTeamCreateOptionsToCrud(options) {
-  return {
-    display_name: options.displayName,
-    profile_image_url: options.profileImageUrl,
-    creator_user_id: options.creatorUserId
-  };
-}
-function serverTeamUpdateOptionsToCrud(options) {
-  return {
-    display_name: options.displayName,
-    profile_image_url: options.profileImageUrl,
-    client_metadata: options.clientMetadata,
-    client_read_only_metadata: options.clientReadOnlyMetadata,
-    server_metadata: options.serverMetadata
-  };
-}
-function serverTeamPermissionDefinitionCreateOptionsToCrud(options) {
-  return {
-    id: options.id,
-    description: options.description,
-    contained_permission_ids: options.containedPermissionIds
-  };
-}
-function serverTeamPermissionDefinitionUpdateOptionsToCrud(options) {
-  return {
-    id: options.id,
-    description: options.description,
-    contained_permission_ids: options.containedPermissionIds
-  };
-}
-var StackClientApp = _StackClientAppImpl;
-var StackServerApp = _StackServerAppImpl;
-var StackAdminApp = _StackAdminAppImpl;
-function adminEmailTemplateUpdateOptionsToCrud(options) {
-  return {
-    subject: options.subject,
-    content: options.content
-  };
-}
+/**
+ * There is a circular dependency between the admin app and the client app, as the former inherits from the latter and
+ * the latter needs to use the former when creating a new instance of an internal project.
+ *
+ * To break it, we set the admin app here lazily instead of importing it directly. This variable is set by ./index.ts,
+ * which imports both this file and ./admin-app-impl.ts.
+ */
+__StackClientAppImplIncomplete.LazyStackAdminAppImpl = { value: void 0 };
+var _StackClientAppImplIncomplete = __StackClientAppImplIncomplete;
 export {
-  StackAdminApp,
-  StackClientApp,
-  StackServerApp,
-  serverTeamPermissionDefinitionCreateOptionsToCrud,
-  serverTeamPermissionDefinitionUpdateOptionsToCrud,
-  stackAppInternalsSymbol
+  _StackClientAppImplIncomplete
 };
-//# sourceMappingURL=stack-app.js.map
+//# sourceMappingURL=client-app-impl.js.map