@stackframe/react 2.7.20

package/dist/lib/stack-app.js

@@ -0,0 +1,2438 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/lib/stack-app.ts
+var stack_app_exports = {};
+__export(stack_app_exports, {
+  StackAdminApp: () => StackAdminApp,
+  StackClientApp: () => StackClientApp,
+  StackServerApp: () => StackServerApp,
+  serverTeamPermissionDefinitionCreateOptionsToCrud: () => serverTeamPermissionDefinitionCreateOptionsToCrud,
+  serverTeamPermissionDefinitionUpdateOptionsToCrud: () => serverTeamPermissionDefinitionUpdateOptionsToCrud,
+  stackAppInternalsSymbol: () => stackAppInternalsSymbol
+});
+module.exports = __toCommonJS(stack_app_exports);
+var import_browser = require("@simplewebauthn/browser");
+var import_stack_shared = require("@stackframe/stack-shared");
+var import_production_mode = require("@stackframe/stack-shared/dist/helpers/production-mode");
+var import_sessions = require("@stackframe/stack-shared/dist/sessions");
+var import_bytes = require("@stackframe/stack-shared/dist/utils/bytes");
+var import_caches = require("@stackframe/stack-shared/dist/utils/caches");
+var import_env = require("@stackframe/stack-shared/dist/utils/env");
+var import_errors = require("@stackframe/stack-shared/dist/utils/errors");
+var import_maps = require("@stackframe/stack-shared/dist/utils/maps");
+var import_objects = require("@stackframe/stack-shared/dist/utils/objects");
+var import_promises = require("@stackframe/stack-shared/dist/utils/promises");
+var import_react = require("@stackframe/stack-shared/dist/utils/react");
+var import_results = require("@stackframe/stack-shared/dist/utils/results");
+var import_stores = require("@stackframe/stack-shared/dist/utils/stores");
+var import_strings = require("@stackframe/stack-shared/dist/utils/strings");
+var import_urls = require("@stackframe/stack-shared/dist/utils/urls");
+var import_uuids = require("@stackframe/stack-shared/dist/utils/uuids");
+var cookie = __toESM(require("cookie"));
+var import_react2 = __toESM(require("react"));
+var import_url = require("../utils/url");
+var import_auth = require("./auth");
+var import_cookie = require("./cookie");
+var isReactServer = false;
+var clientVersion = "js @stackframe/react@2.7.20";
+if (clientVersion.startsWith("STACK_COMPILE_TIME")) {
+  throw new import_errors.StackAssertionError("Client version was not replaced. Something went wrong during build!");
+}
+var process = globalThis.process ?? { env: {} };
+function getUrls(partial) {
+  const handler = partial.handler ?? "/handler";
+  const home = partial.home ?? "/";
+  const afterSignIn = partial.afterSignIn ?? home;
+  return {
+    handler,
+    signIn: `${handler}/sign-in`,
+    afterSignIn: home,
+    signUp: `${handler}/sign-up`,
+    afterSignUp: afterSignIn,
+    signOut: `${handler}/sign-out`,
+    afterSignOut: home,
+    emailVerification: `${handler}/email-verification`,
+    passwordReset: `${handler}/password-reset`,
+    forgotPassword: `${handler}/forgot-password`,
+    oauthCallback: `${handler}/oauth-callback`,
+    magicLinkCallback: `${handler}/magic-link-callback`,
+    home,
+    accountSettings: `${handler}/account-settings`,
+    error: `${handler}/error`,
+    teamInvitation: `${handler}/team-invitation`,
+    ...(0, import_objects.filterUndefined)(partial)
+  };
+}
+function getDefaultProjectId() {
+  return process.env.NEXT_PUBLIC_STACK_PROJECT_ID || (0, import_errors.throwErr)(new Error("Welcome to Stack Auth! It seems that you haven't provided a project ID. Please create a project on the Stack dashboard at https://app.stack-auth.com and put it in the NEXT_PUBLIC_STACK_PROJECT_ID environment variable."));
+}
+function getDefaultPublishableClientKey() {
+  return process.env.NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY || (0, import_errors.throwErr)(new Error("Welcome to Stack Auth! It seems that you haven't provided a publishable client key. Please create an API key for your project on the Stack dashboard at https://app.stack-auth.com and copy your publishable client key into the NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY environment variable."));
+}
+function getDefaultSecretServerKey() {
+  return process.env.STACK_SECRET_SERVER_KEY || (0, import_errors.throwErr)(new Error("No secret server key provided. Please copy your key from the Stack dashboard and put your it in the STACK_SECRET_SERVER_KEY environment variable."));
+}
+function getDefaultSuperSecretAdminKey() {
+  return process.env.STACK_SUPER_SECRET_ADMIN_KEY || (0, import_errors.throwErr)(new Error("No super secret admin key provided. Please copy your key from the Stack dashboard and put it in the STACK_SUPER_SECRET_ADMIN_KEY environment variable."));
+}
+function getBaseUrl(userSpecifiedBaseUrl) {
+  let url;
+  if (userSpecifiedBaseUrl) {
+    if (typeof userSpecifiedBaseUrl === "string") {
+      url = userSpecifiedBaseUrl;
+    } else {
+      if ((0, import_env.isBrowserLike)()) {
+        url = userSpecifiedBaseUrl.browser;
+      } else {
+        url = userSpecifiedBaseUrl.server;
+      }
+    }
+  } else {
+    if ((0, import_env.isBrowserLike)()) {
+      url = process.env.NEXT_PUBLIC_BROWSER_STACK_API_URL;
+    } else {
+      url = process.env.NEXT_PUBLIC_SERVER_STACK_API_URL;
+    }
+    url = url || process.env.NEXT_PUBLIC_STACK_API_URL || process.env.NEXT_PUBLIC_STACK_URL || defaultBaseUrl;
+  }
+  return url.endsWith("/") ? url.slice(0, -1) : url;
+}
+var defaultBaseUrl = "https://api.stack-auth.com";
+function createEmptyTokenStore() {
+  return new import_stores.Store({
+    refreshToken: null,
+    accessToken: null
+  });
+}
+var cachePromiseByComponentId = /* @__PURE__ */ new Map();
+function useAsyncCache(cache, dependencies, caller) {
+  (0, import_react.suspendIfSsr)(caller);
+  const id = import_react2.default.useId();
+  const subscribe = (0, import_react2.useCallback)((cb) => {
+    const { unsubscribe } = cache.onStateChange(dependencies, () => {
+      cachePromiseByComponentId.delete(id);
+      cb();
+    });
+    return unsubscribe;
+  }, [cache, ...dependencies]);
+  const getSnapshot = (0, import_react2.useCallback)(() => {
+    if (!cachePromiseByComponentId.has(id)) {
+      cachePromiseByComponentId.set(id, cache.getOrWait(dependencies, "read-write"));
+    }
+    return cachePromiseByComponentId.get(id);
+  }, [cache, ...dependencies]);
+  const promise = import_react2.default.useSyncExternalStore(
+    subscribe,
+    getSnapshot,
+    () => (0, import_errors.throwErr)(new Error("getServerSnapshot should never be called in useAsyncCache because we restrict to CSR earlier"))
+  );
+  const result = import_react2.default.use(promise);
+  if (result.status === "error") {
+    const error = result.error;
+    if (error instanceof Error && !error.__stackHasConcatenatedStacktraces) {
+      (0, import_errors.concatStacktraces)(error, new Error());
+      error.__stackHasConcatenatedStacktraces = true;
+    }
+    throw error;
+  }
+  return result.data;
+}
+var stackAppInternalsSymbol = Symbol.for("StackAuth--DO-NOT-USE-OR-YOU-WILL-BE-FIRED--StackAppInternals");
+var allClientApps = /* @__PURE__ */ new Map();
+var createCache = (fetcher) => {
+  return new import_caches.AsyncCache(
+    async (dependencies) => await import_results.Result.fromThrowingAsync(async () => await fetcher(dependencies)),
+    {}
+  );
+};
+var createCacheBySession = (fetcher) => {
+  return new import_caches.AsyncCache(
+    async ([session, ...extraDependencies]) => await import_results.Result.fromThrowingAsync(async () => await fetcher(session, extraDependencies)),
+    {
+      onSubscribe: ([session], refresh) => {
+        const handler = session.onInvalidate(() => refresh());
+        return () => handler.unsubscribe();
+      }
+    }
+  );
+};
+var numberOfAppsCreated = 0;
+var _StackClientAppImpl = class __StackClientAppImpl {
+  constructor(_options) {
+    this._options = _options;
+    this._uniqueIdentifier = void 0;
+    this.__DEMO_ENABLE_SLIGHT_FETCH_DELAY = false;
+    this._ownedAdminApps = new import_maps.DependenciesMap();
+    this._currentUserCache = createCacheBySession(async (session) => {
+      if (this.__DEMO_ENABLE_SLIGHT_FETCH_DELAY) {
+        await (0, import_promises.wait)(2e3);
+      }
+      if (session.isKnownToBeInvalid()) {
+        return null;
+      }
+      return await this._interface.getClientUserByToken(session);
+    });
+    this._currentProjectCache = createCache(async () => {
+      return import_results.Result.orThrow(await this._interface.getClientProject());
+    });
+    this._ownedProjectsCache = createCacheBySession(async (session) => {
+      return await this._interface.listProjects(session);
+    });
+    this._currentUserPermissionsCache = createCacheBySession(async (session, [teamId, recursive]) => {
+      return await this._interface.listCurrentUserTeamPermissions({ teamId, recursive }, session);
+    });
+    this._currentUserTeamsCache = createCacheBySession(async (session) => {
+      return await this._interface.listCurrentUserTeams(session);
+    });
+    this._currentUserOAuthConnectionAccessTokensCache = createCacheBySession(
+      async (session, [providerId, scope]) => {
+        try {
+          const result = await this._interface.createProviderAccessToken(providerId, scope || "", session);
+          return { accessToken: result.access_token };
+        } catch (err) {
+          if (!(err instanceof import_stack_shared.KnownErrors.OAuthConnectionDoesNotHaveRequiredScope || err instanceof import_stack_shared.KnownErrors.OAuthConnectionNotConnectedToUser)) {
+            throw err;
+          }
+        }
+        return null;
+      }
+    );
+    this._currentUserOAuthConnectionCache = createCacheBySession(
+      async (session, [providerId, scope, redirect]) => {
+        return await this._getUserOAuthConnectionCacheFn({
+          getUser: async () => import_results.Result.orThrow(await this._currentUserCache.getOrWait([session], "write-only")),
+          getOrWaitOAuthToken: async () => import_results.Result.orThrow(await this._currentUserOAuthConnectionAccessTokensCache.getOrWait([session, providerId, scope || ""], "write-only")),
+          useOAuthToken: () => useAsyncCache(this._currentUserOAuthConnectionAccessTokensCache, [session, providerId, scope || ""], "useOAuthToken"),
+          providerId,
+          scope,
+          redirect,
+          session
+        });
+      }
+    );
+    this._teamMemberProfilesCache = createCacheBySession(
+      async (session, [teamId]) => {
+        return await this._interface.listTeamMemberProfiles({ teamId }, session);
+      }
+    );
+    this._teamInvitationsCache = createCacheBySession(
+      async (session, [teamId]) => {
+        return await this._interface.listTeamInvitations({ teamId }, session);
+      }
+    );
+    this._currentUserTeamProfileCache = createCacheBySession(
+      async (session, [teamId]) => {
+        return await this._interface.getTeamMemberProfile({ teamId, userId: "me" }, session);
+      }
+    );
+    this._clientContactChannelsCache = createCacheBySession(
+      async (session) => {
+        return await this._interface.listClientContactChannels(session);
+      }
+    );
+    this._memoryTokenStore = createEmptyTokenStore();
+    this._requestTokenStores = /* @__PURE__ */ new WeakMap();
+    this._storedBrowserCookieTokenStore = null;
+    /**
+     * A map from token stores and session keys to sessions.
+     *
+     * This isn't just a map from session keys to sessions for two reasons:
+     *
+     * - So we can garbage-collect Session objects when the token store is garbage-collected
+     * - So different token stores are separated and don't leak information between each other, eg. if the same user sends two requests to the same server they should get a different session object
+     */
+    this._sessionsByTokenStoreAndSessionKey = /* @__PURE__ */ new WeakMap();
+    if ("interface" in _options) {
+      this._interface = _options.interface;
+    } else {
+      this._interface = new import_stack_shared.StackClientInterface({
+        getBaseUrl: () => getBaseUrl(_options.baseUrl),
+        projectId: _options.projectId ?? getDefaultProjectId(),
+        clientVersion,
+        publishableClientKey: _options.publishableClientKey ?? getDefaultPublishableClientKey(),
+        prepareRequest: async () => {
+        }
+      });
+    }
+    this._tokenStoreInit = _options.tokenStore;
+    this._redirectMethod = _options.redirectMethod || "none";
+    this._urlOptions = _options.urls ?? {};
+    this._oauthScopesOnSignIn = _options.oauthScopesOnSignIn ?? {};
+    if (_options.uniqueIdentifier) {
+      this._uniqueIdentifier = _options.uniqueIdentifier;
+      this._initUniqueIdentifier();
+    }
+    if (!_options.noAutomaticPrefetch) {
+      numberOfAppsCreated++;
+      if (numberOfAppsCreated > 10) {
+        (process.env.NODE_ENV === "development" ? console.log : console.warn)(`You have created more than 10 Stack apps with automatic pre-fetch enabled (${numberOfAppsCreated}). This is usually a sign of a memory leak, but can sometimes be caused by hot reload of your tech stack. If you are getting this error and it is not caused by hot reload, make sure to minimize the number of Stack apps per page (usually, one per project). (If it is caused by hot reload and does not occur in production, you can safely ignore it.)`);
+      }
+    }
+  }
+  async _createCookieHelper() {
+    if (this._tokenStoreInit === "nextjs-cookie" || this._tokenStoreInit === "cookie") {
+      return await (0, import_cookie.createCookieHelper)();
+    } else {
+      return await (0, import_cookie.createEmptyCookieHelper)();
+    }
+  }
+  async _getUserOAuthConnectionCacheFn(options) {
+    const user = await options.getUser();
+    let hasConnection = true;
+    if (!user || !user.oauth_providers.find((p) => p.id === options.providerId)) {
+      hasConnection = false;
+    }
+    const token = await options.getOrWaitOAuthToken();
+    if (!token) {
+      hasConnection = false;
+    }
+    if (!hasConnection && options.redirect) {
+      if (!options.session) {
+        throw new Error("No session found. You might be calling getConnectedAccount with redirect without having a user session.");
+      }
+      await (0, import_auth.addNewOAuthProviderOrScope)(
+        this._interface,
+        {
+          provider: options.providerId,
+          redirectUrl: this.urls.oauthCallback,
+          errorRedirectUrl: this.urls.error,
+          providerScope: (0, import_strings.mergeScopeStrings)(options.scope || "", (this._oauthScopesOnSignIn[options.providerId] ?? []).join(" "))
+        },
+        options.session
+      );
+      return await (0, import_promises.neverResolve)();
+    } else if (!hasConnection) {
+      return null;
+    }
+    const app = this;
+    return {
+      id: options.providerId,
+      async getAccessToken() {
+        const result = await options.getOrWaitOAuthToken();
+        if (!result) {
+          throw new import_errors.StackAssertionError("No access token available");
+        }
+        return result;
+      },
+      useAccessToken() {
+        const result = options.useOAuthToken();
+        if (!result) {
+          throw new import_errors.StackAssertionError("No access token available");
+        }
+        return result;
+      }
+    };
+  }
+  _initUniqueIdentifier() {
+    if (!this._uniqueIdentifier) {
+      throw new import_errors.StackAssertionError("Unique identifier not initialized");
+    }
+    if (allClientApps.has(this._uniqueIdentifier)) {
+      throw new import_errors.StackAssertionError("A Stack client app with the same unique identifier already exists");
+    }
+    allClientApps.set(this._uniqueIdentifier, [this._options.checkString ?? "default check string", this]);
+  }
+  /**
+   * Cloudflare workers does not allow use of randomness on the global scope (on which the Stack app is probably
+   * initialized). For that reason, we generate the unique identifier lazily when it is first needed instead of in the
+   * constructor.
+   */
+  _getUniqueIdentifier() {
+    if (!this._uniqueIdentifier) {
+      this._uniqueIdentifier = (0, import_uuids.generateUuid)();
+      this._initUniqueIdentifier();
+    }
+    return this._uniqueIdentifier;
+  }
+  async _checkFeatureSupport(name, options) {
+    return await this._interface.checkFeatureSupport({ ...options, name });
+  }
+  _useCheckFeatureSupport(name, options) {
+    (0, import_promises.runAsynchronously)(this._checkFeatureSupport(name, options));
+    throw new import_errors.StackAssertionError(`${name} is not currently supported. Please reach out to Stack support for more information.`);
+  }
+  get _refreshTokenCookieName() {
+    return `stack-refresh-${this.projectId}`;
+  }
+  _getTokensFromCookies(cookies) {
+    const refreshToken = cookies.refreshTokenCookie;
+    const accessTokenObject = cookies.accessTokenCookie?.startsWith('["') ? JSON.parse(cookies.accessTokenCookie) : null;
+    const accessToken = accessTokenObject && refreshToken === accessTokenObject[0] ? accessTokenObject[1] : null;
+    return {
+      refreshToken,
+      accessToken
+    };
+  }
+  get _accessTokenCookieName() {
+    return `stack-access`;
+  }
+  _getBrowserCookieTokenStore() {
+    if (!(0, import_env.isBrowserLike)()) {
+      throw new Error("Cannot use cookie token store on the server!");
+    }
+    if (this._storedBrowserCookieTokenStore === null) {
+      const getCurrentValue = (old) => {
+        const tokens = this._getTokensFromCookies({
+          refreshTokenCookie: (0, import_cookie.getCookieClient)(this._refreshTokenCookieName) ?? (0, import_cookie.getCookieClient)("stack-refresh"),
+          // keep old cookie name for backwards-compatibility
+          accessTokenCookie: (0, import_cookie.getCookieClient)(this._accessTokenCookieName)
+        });
+        return {
+          refreshToken: tokens.refreshToken,
+          accessToken: tokens.accessToken ?? (old?.refreshToken === tokens.refreshToken ? old.accessToken : null)
+        };
+      };
+      this._storedBrowserCookieTokenStore = new import_stores.Store(getCurrentValue(null));
+      let hasSucceededInWriting = true;
+      setInterval(() => {
+        if (hasSucceededInWriting) {
+          const oldValue = this._storedBrowserCookieTokenStore.get();
+          const currentValue = getCurrentValue(oldValue);
+          if (!(0, import_objects.deepPlainEquals)(currentValue, oldValue)) {
+            this._storedBrowserCookieTokenStore.set(currentValue);
+          }
+        }
+      }, 100);
+      this._storedBrowserCookieTokenStore.onChange((value) => {
+        try {
+          (0, import_cookie.setOrDeleteCookieClient)(this._refreshTokenCookieName, value.refreshToken, { maxAge: 60 * 60 * 24 * 365 });
+          (0, import_cookie.setOrDeleteCookieClient)(this._accessTokenCookieName, value.accessToken ? JSON.stringify([value.refreshToken, value.accessToken]) : null, { maxAge: 60 * 60 * 24 });
+          (0, import_cookie.deleteCookieClient)("stack-refresh");
+          hasSucceededInWriting = true;
+        } catch (e) {
+          if (!(0, import_env.isBrowserLike)()) {
+            hasSucceededInWriting = false;
+          } else {
+            throw e;
+          }
+        }
+      });
+    }
+    return this._storedBrowserCookieTokenStore;
+  }
+  _getOrCreateTokenStore(cookieHelper, overrideTokenStoreInit) {
+    const tokenStoreInit = overrideTokenStoreInit === void 0 ? this._tokenStoreInit : overrideTokenStoreInit;
+    switch (tokenStoreInit) {
+      case "cookie": {
+        return this._getBrowserCookieTokenStore();
+      }
+      case "nextjs-cookie": {
+        if ((0, import_env.isBrowserLike)()) {
+          return this._getBrowserCookieTokenStore();
+        } else {
+          const tokens = this._getTokensFromCookies({
+            refreshTokenCookie: cookieHelper.get(this._refreshTokenCookieName) ?? cookieHelper.get("stack-refresh"),
+            // keep old cookie name for backwards-compatibility
+            accessTokenCookie: cookieHelper.get(this._accessTokenCookieName)
+          });
+          const store = new import_stores.Store(tokens);
+          store.onChange((value) => {
+            (0, import_promises.runAsynchronously)(async () => {
+              await Promise.all([
+                (0, import_cookie.setOrDeleteCookie)(this._refreshTokenCookieName, value.refreshToken, { maxAge: 60 * 60 * 24 * 365, noOpIfServerComponent: true }),
+                (0, import_cookie.setOrDeleteCookie)(this._accessTokenCookieName, value.accessToken ? JSON.stringify([value.refreshToken, value.accessToken]) : null, { maxAge: 60 * 60 * 24, noOpIfServerComponent: true })
+              ]);
+            });
+          });
+          return store;
+        }
+      }
+      case "memory": {
+        return this._memoryTokenStore;
+      }
+      default: {
+        if (tokenStoreInit === null) {
+          return createEmptyTokenStore();
+        } else if (typeof tokenStoreInit === "object" && "headers" in tokenStoreInit) {
+          if (this._requestTokenStores.has(tokenStoreInit)) return this._requestTokenStores.get(tokenStoreInit);
+          const stackAuthHeader = tokenStoreInit.headers.get("x-stack-auth");
+          if (stackAuthHeader) {
+            let parsed2;
+            try {
+              parsed2 = JSON.parse(stackAuthHeader);
+              if (typeof parsed2 !== "object") throw new Error("x-stack-auth header must be a JSON object");
+              if (parsed2 === null) throw new Error("x-stack-auth header must not be null");
+            } catch (e) {
+              throw new Error(`Invalid x-stack-auth header: ${stackAuthHeader}`, { cause: e });
+            }
+            return this._getOrCreateTokenStore(cookieHelper, {
+              accessToken: parsed2.accessToken ?? null,
+              refreshToken: parsed2.refreshToken ?? null
+            });
+          }
+          const cookieHeader = tokenStoreInit.headers.get("cookie");
+          const parsed = cookie.parse(cookieHeader || "");
+          const res = new import_stores.Store({
+            refreshToken: parsed[this._refreshTokenCookieName] || parsed["stack-refresh"] || null,
+            // keep old cookie name for backwards-compatibility
+            accessToken: parsed[this._accessTokenCookieName] || null
+          });
+          this._requestTokenStores.set(tokenStoreInit, res);
+          return res;
+        } else if ("accessToken" in tokenStoreInit || "refreshToken" in tokenStoreInit) {
+          return new import_stores.Store({
+            refreshToken: tokenStoreInit.refreshToken,
+            accessToken: tokenStoreInit.accessToken
+          });
+        }
+        throw new Error(`Invalid token store ${tokenStoreInit}`);
+      }
+    }
+  }
+  _useTokenStore(overrideTokenStoreInit) {
+    (0, import_react.suspendIfSsr)();
+    const cookieHelper = (0, import_cookie.createBrowserCookieHelper)();
+    const tokenStore = this._getOrCreateTokenStore(cookieHelper, overrideTokenStoreInit);
+    return tokenStore;
+  }
+  _getSessionFromTokenStore(tokenStore) {
+    const tokenObj = tokenStore.get();
+    const sessionKey = import_sessions.InternalSession.calculateSessionKey(tokenObj);
+    const existing = sessionKey ? this._sessionsByTokenStoreAndSessionKey.get(tokenStore)?.get(sessionKey) : null;
+    if (existing) return existing;
+    const session = this._interface.createSession({
+      refreshToken: tokenObj.refreshToken,
+      accessToken: tokenObj.accessToken
+    });
+    session.onAccessTokenChange((newAccessToken) => {
+      tokenStore.update((old) => ({
+        ...old,
+        accessToken: newAccessToken?.token ?? null
+      }));
+    });
+    session.onInvalidate(() => {
+      tokenStore.update((old) => ({
+        ...old,
+        accessToken: null,
+        refreshToken: null
+      }));
+    });
+    let sessionsBySessionKey = this._sessionsByTokenStoreAndSessionKey.get(tokenStore) ?? /* @__PURE__ */ new Map();
+    this._sessionsByTokenStoreAndSessionKey.set(tokenStore, sessionsBySessionKey);
+    sessionsBySessionKey.set(sessionKey, session);
+    return session;
+  }
+  async _getSession(overrideTokenStoreInit) {
+    const tokenStore = this._getOrCreateTokenStore(await this._createCookieHelper(), overrideTokenStoreInit);
+    return this._getSessionFromTokenStore(tokenStore);
+  }
+  _useSession(overrideTokenStoreInit) {
+    const tokenStore = this._useTokenStore(overrideTokenStoreInit);
+    const subscribe = (0, import_react2.useCallback)((cb) => {
+      const { unsubscribe } = tokenStore.onChange(() => {
+        cb();
+      });
+      return unsubscribe;
+    }, [tokenStore]);
+    const getSnapshot = (0, import_react2.useCallback)(() => this._getSessionFromTokenStore(tokenStore), [tokenStore]);
+    return import_react2.default.useSyncExternalStore(subscribe, getSnapshot, getSnapshot);
+  }
+  async _signInToAccountWithTokens(tokens) {
+    if (!("accessToken" in tokens) || !("refreshToken" in tokens)) {
+      throw new import_errors.StackAssertionError("Invalid tokens object; can't sign in with this", { tokens });
+    }
+    const tokenStore = this._getOrCreateTokenStore(await this._createCookieHelper());
+    tokenStore.set(tokens);
+  }
+  _hasPersistentTokenStore(overrideTokenStoreInit) {
+    return (overrideTokenStoreInit !== void 0 ? overrideTokenStoreInit : this._tokenStoreInit) !== null;
+  }
+  _ensurePersistentTokenStore(overrideTokenStoreInit) {
+    if (!this._hasPersistentTokenStore(overrideTokenStoreInit)) {
+      throw new Error("Cannot call this function on a Stack app without a persistent token store. Make sure the tokenStore option on the constructor is set to a non-null value when initializing Stack.\n\nStack uses token stores to access access tokens of the current user. For example, on web frontends it is commonly the string value 'cookies' for cookie storage.");
+    }
+  }
+  _isInternalProject() {
+    return this.projectId === "internal";
+  }
+  _ensureInternalProject() {
+    if (!this._isInternalProject()) {
+      throw new Error("Cannot call this function on a Stack app with a project ID other than 'internal'.");
+    }
+  }
+  _clientProjectFromCrud(crud) {
+    return {
+      id: crud.id,
+      displayName: crud.display_name,
+      config: {
+        signUpEnabled: crud.config.sign_up_enabled,
+        credentialEnabled: crud.config.credential_enabled,
+        magicLinkEnabled: crud.config.magic_link_enabled,
+        passkeyEnabled: crud.config.passkey_enabled,
+        clientTeamCreationEnabled: crud.config.client_team_creation_enabled,
+        clientUserDeletionEnabled: crud.config.client_user_deletion_enabled,
+        oauthProviders: crud.config.enabled_oauth_providers.map((p) => ({
+          id: p.id
+        }))
+      }
+    };
+  }
+  _clientTeamPermissionFromCrud(crud) {
+    return {
+      id: crud.id
+    };
+  }
+  _clientTeamUserFromCrud(crud) {
+    return {
+      id: crud.user_id,
+      teamProfile: {
+        displayName: crud.display_name,
+        profileImageUrl: crud.profile_image_url
+      }
+    };
+  }
+  _clientTeamInvitationFromCrud(session, crud) {
+    return {
+      id: crud.id,
+      recipientEmail: crud.recipient_email,
+      expiresAt: new Date(crud.expires_at_millis),
+      revoke: async () => {
+        await this._interface.revokeTeamInvitation(crud.id, crud.team_id, session);
+        await this._teamInvitationsCache.refresh([session, crud.team_id]);
+      }
+    };
+  }
+  _clientTeamFromCrud(crud, session) {
+    const app = this;
+    return {
+      id: crud.id,
+      displayName: crud.display_name,
+      profileImageUrl: crud.profile_image_url,
+      clientMetadata: crud.client_metadata,
+      clientReadOnlyMetadata: crud.client_read_only_metadata,
+      async inviteUser(options) {
+        if (!options.callbackUrl && !await app._getCurrentUrl()) {
+          throw new Error("Cannot invite user without a callback URL from the server or without a redirect method. Make sure you pass the `callbackUrl` option: `inviteUser({ email, callbackUrl: ... })`");
+        }
+        await app._interface.sendTeamInvitation({
+          teamId: crud.id,
+          email: options.email,
+          session,
+          callbackUrl: options.callbackUrl ?? (0, import_url.constructRedirectUrl)(app.urls.teamInvitation)
+        });
+        await app._teamInvitationsCache.refresh([session, crud.id]);
+      },
+      async listUsers() {
+        const result = import_results.Result.orThrow(await app._teamMemberProfilesCache.getOrWait([session, crud.id], "write-only"));
+        return result.map((crud2) => app._clientTeamUserFromCrud(crud2));
+      },
+      useUsers() {
+        const result = useAsyncCache(app._teamMemberProfilesCache, [session, crud.id], "team.useUsers()");
+        return result.map((crud2) => app._clientTeamUserFromCrud(crud2));
+      },
+      async listInvitations() {
+        const result = import_results.Result.orThrow(await app._teamInvitationsCache.getOrWait([session, crud.id], "write-only"));
+        return result.map((crud2) => app._clientTeamInvitationFromCrud(session, crud2));
+      },
+      useInvitations() {
+        const result = useAsyncCache(app._teamInvitationsCache, [session, crud.id], "team.useInvitations()");
+        return result.map((crud2) => app._clientTeamInvitationFromCrud(session, crud2));
+      },
+      async update(data) {
+        await app._interface.updateTeam({ data: teamUpdateOptionsToCrud(data), teamId: crud.id }, session);
+        await app._currentUserTeamsCache.refresh([session]);
+      },
+      async delete() {
+        await app._interface.deleteTeam(crud.id, session);
+        await app._currentUserTeamsCache.refresh([session]);
+      }
+    };
+  }
+  _clientContactChannelFromCrud(crud, session) {
+    const app = this;
+    return {
+      id: crud.id,
+      value: crud.value,
+      type: crud.type,
+      isVerified: crud.is_verified,
+      isPrimary: crud.is_primary,
+      usedForAuth: crud.used_for_auth,
+      async sendVerificationEmail() {
+        await app._interface.sendCurrentUserContactChannelVerificationEmail(crud.id, (0, import_url.constructRedirectUrl)(app.urls.emailVerification), session);
+      },
+      async update(data) {
+        await app._interface.updateClientContactChannel(crud.id, contactChannelUpdateOptionsToCrud(data), session);
+        await app._clientContactChannelsCache.refresh([session]);
+      },
+      async delete() {
+        await app._interface.deleteClientContactChannel(crud.id, session);
+        await app._clientContactChannelsCache.refresh([session]);
+      }
+    };
+  }
+  _createAuth(session) {
+    const app = this;
+    return {
+      _internalSession: session,
+      currentSession: {
+        async getTokens() {
+          const tokens = await session.getOrFetchLikelyValidTokens(2e4);
+          return {
+            accessToken: tokens?.accessToken.token ?? null,
+            refreshToken: tokens?.refreshToken?.token ?? null
+          };
+        }
+      },
+      async getAuthHeaders() {
+        return {
+          "x-stack-auth": JSON.stringify(await this.getAuthJson())
+        };
+      },
+      async getAuthJson() {
+        const tokens = await this.currentSession.getTokens();
+        return tokens;
+      },
+      async registerPasskey(options) {
+        const hostname = (await app._getCurrentUrl())?.hostname;
+        if (!hostname) {
+          throw new import_errors.StackAssertionError("hostname must be provided if the Stack App does not have a redirect method");
+        }
+        const initiationResult = await app._interface.initiatePasskeyRegistration({}, session);
+        if (initiationResult.status !== "ok") {
+          return import_results.Result.error(new import_stack_shared.KnownErrors.PasskeyRegistrationFailed("Failed to get initiation options for passkey registration"));
+        }
+        const { options_json, code } = initiationResult.data;
+        if (options_json.rp.id !== "THIS_VALUE_WILL_BE_REPLACED.example.com") {
+          throw new import_errors.StackAssertionError(`Expected returned RP ID from server to equal sentinel, but found ${options_json.rp.id}`);
+        }
+        options_json.rp.id = hostname;
+        let attResp;
+        try {
+          attResp = await (0, import_browser.startRegistration)({ optionsJSON: options_json });
+          debugger;
+        } catch (error) {
+          if (error instanceof import_browser.WebAuthnError) {
+            return import_results.Result.error(new import_stack_shared.KnownErrors.PasskeyWebAuthnError(error.message, error.name));
+          } else {
+            return import_results.Result.error(new import_stack_shared.KnownErrors.PasskeyRegistrationFailed("Failed to start passkey registration"));
+          }
+        }
+        const registrationResult = await app._interface.registerPasskey({ credential: attResp, code }, session);
+        await app._refreshUser(session);
+        return registrationResult;
+      },
+      signOut(options) {
+        return app._signOut(session, options);
+      }
+    };
+  }
+  _editableTeamProfileFromCrud(crud, session) {
+    const app = this;
+    return {
+      displayName: crud.display_name,
+      profileImageUrl: crud.profile_image_url,
+      async update(update) {
+        await app._interface.updateTeamMemberProfile({
+          teamId: crud.team_id,
+          userId: crud.user_id,
+          profile: {
+            display_name: update.displayName,
+            profile_image_url: update.profileImageUrl
+          }
+        }, session);
+        await app._currentUserTeamProfileCache.refresh([session, crud.team_id]);
+      }
+    };
+  }
+  _createBaseUser(crud) {
+    return {
+      id: crud.id,
+      displayName: crud.display_name,
+      primaryEmail: crud.primary_email,
+      primaryEmailVerified: crud.primary_email_verified,
+      profileImageUrl: crud.profile_image_url,
+      signedUpAt: new Date(crud.signed_up_at_millis),
+      clientMetadata: crud.client_metadata,
+      clientReadOnlyMetadata: crud.client_read_only_metadata,
+      hasPassword: crud.has_password,
+      emailAuthEnabled: crud.auth_with_email,
+      otpAuthEnabled: crud.otp_auth_enabled,
+      oauthProviders: crud.oauth_providers,
+      passkeyAuthEnabled: crud.passkey_auth_enabled,
+      isMultiFactorRequired: crud.requires_totp_mfa,
+      toClientJson() {
+        return crud;
+      }
+    };
+  }
+  _createUserExtraFromCurrent(crud, session) {
+    const app = this;
+    async function getConnectedAccount(id, options) {
+      const scopeString = options?.scopes?.join(" ");
+      return import_results.Result.orThrow(await app._currentUserOAuthConnectionCache.getOrWait([session, id, scopeString || "", options?.or === "redirect"], "write-only"));
+    }
+    function useConnectedAccount(id, options) {
+      const scopeString = options?.scopes?.join(" ");
+      return useAsyncCache(app._currentUserOAuthConnectionCache, [session, id, scopeString || "", options?.or === "redirect"], "user.useConnectedAccount()");
+    }
+    return {
+      setDisplayName(displayName) {
+        return this.update({ displayName });
+      },
+      setClientMetadata(metadata) {
+        return this.update({ clientMetadata: metadata });
+      },
+      async setSelectedTeam(team) {
+        await this.update({ selectedTeamId: team?.id ?? null });
+      },
+      getConnectedAccount,
+      useConnectedAccount,
+      async getTeam(teamId) {
+        const teams = await this.listTeams();
+        return teams.find((t) => t.id === teamId) ?? null;
+      },
+      useTeam(teamId) {
+        const teams = this.useTeams();
+        return (0, import_react2.useMemo)(() => {
+          return teams.find((t) => t.id === teamId) ?? null;
+        }, [teams, teamId]);
+      },
+      async listTeams() {
+        const teams = import_results.Result.orThrow(await app._currentUserTeamsCache.getOrWait([session], "write-only"));
+        return teams.map((crud2) => app._clientTeamFromCrud(crud2, session));
+      },
+      useTeams() {
+        const teams = useAsyncCache(app._currentUserTeamsCache, [session], "user.useTeams()");
+        return (0, import_react2.useMemo)(() => teams.map((crud2) => app._clientTeamFromCrud(crud2, session)), [teams]);
+      },
+      async createTeam(data) {
+        const crud2 = await app._interface.createClientTeam(teamCreateOptionsToCrud(data, "me"), session);
+        await app._currentUserTeamsCache.refresh([session]);
+        return app._clientTeamFromCrud(crud2, session);
+      },
+      async leaveTeam(team) {
+        await app._interface.leaveTeam(team.id, session);
+      },
+      async listPermissions(scope, options) {
+        const recursive = options?.recursive ?? true;
+        const permissions = import_results.Result.orThrow(await app._currentUserPermissionsCache.getOrWait([session, scope.id, recursive], "write-only"));
+        return permissions.map((crud2) => app._clientTeamPermissionFromCrud(crud2));
+      },
+      usePermissions(scope, options) {
+        const recursive = options?.recursive ?? true;
+        const permissions = useAsyncCache(app._currentUserPermissionsCache, [session, scope.id, recursive], "user.usePermissions()");
+        return (0, import_react2.useMemo)(() => permissions.map((crud2) => app._clientTeamPermissionFromCrud(crud2)), [permissions]);
+      },
+      usePermission(scope, permissionId) {
+        const permissions = this.usePermissions(scope);
+        return (0, import_react2.useMemo)(() => permissions.find((p) => p.id === permissionId) ?? null, [permissions, permissionId]);
+      },
+      async getPermission(scope, permissionId) {
+        const permissions = await this.listPermissions(scope);
+        return permissions.find((p) => p.id === permissionId) ?? null;
+      },
+      async hasPermission(scope, permissionId) {
+        return await this.getPermission(scope, permissionId) !== null;
+      },
+      async update(update) {
+        return await app._updateClientUser(update, session);
+      },
+      async sendVerificationEmail(options) {
+        if (!crud.primary_email) {
+          throw new import_errors.StackAssertionError("User does not have a primary email");
+        }
+        if (!options?.callbackUrl && !await app._getCurrentUrl()) {
+          throw new Error("Cannot send verification email without a callback URL from the server or without a redirect method. Make sure you pass the `callbackUrl` option: `sendVerificationEmail({ callbackUrl: ... })`");
+        }
+        return await app._interface.sendVerificationEmail(crud.primary_email, options?.callbackUrl ?? (0, import_url.constructRedirectUrl)(app.urls.emailVerification), session);
+      },
+      async updatePassword(options) {
+        const result = await app._interface.updatePassword(options, session);
+        await app._currentUserCache.refresh([session]);
+        return result;
+      },
+      async setPassword(options) {
+        const result = await app._interface.setPassword(options, session);
+        await app._currentUserCache.refresh([session]);
+        return result;
+      },
+      selectedTeam: crud.selected_team && this._clientTeamFromCrud(crud.selected_team, session),
+      async getTeamProfile(team) {
+        const result = import_results.Result.orThrow(await app._currentUserTeamProfileCache.getOrWait([session, team.id], "write-only"));
+        return app._editableTeamProfileFromCrud(result, session);
+      },
+      useTeamProfile(team) {
+        const result = useAsyncCache(app._currentUserTeamProfileCache, [session, team.id], "user.useTeamProfile()");
+        return app._editableTeamProfileFromCrud(result, session);
+      },
+      async delete() {
+        await app._interface.deleteCurrentUser(session);
+        session.markInvalid();
+      },
+      async listContactChannels() {
+        const result = import_results.Result.orThrow(await app._clientContactChannelsCache.getOrWait([session], "write-only"));
+        return result.map((crud2) => app._clientContactChannelFromCrud(crud2, session));
+      },
+      useContactChannels() {
+        const result = useAsyncCache(app._clientContactChannelsCache, [session], "user.useContactChannels()");
+        return result.map((crud2) => app._clientContactChannelFromCrud(crud2, session));
+      },
+      async createContactChannel(data) {
+        const crud2 = await app._interface.createClientContactChannel(contactChannelCreateOptionsToCrud("me", data), session);
+        await app._clientContactChannelsCache.refresh([session]);
+        return app._clientContactChannelFromCrud(crud2, session);
+      }
+    };
+  }
+  _createInternalUserExtra(session) {
+    const app = this;
+    this._ensureInternalProject();
+    return {
+      createProject(newProject) {
+        return app._createProject(session, newProject);
+      },
+      listOwnedProjects() {
+        return app._listOwnedProjects(session);
+      },
+      useOwnedProjects() {
+        return app._useOwnedProjects(session);
+      }
+    };
+  }
+  _currentUserFromCrud(crud, session) {
+    const currentUser = {
+      ...this._createBaseUser(crud),
+      ...this._createAuth(session),
+      ...this._createUserExtraFromCurrent(crud, session),
+      ...this._isInternalProject() ? this._createInternalUserExtra(session) : {}
+    };
+    Object.freeze(currentUser);
+    return currentUser;
+  }
+  _getOwnedAdminApp(forProjectId, session) {
+    if (!this._ownedAdminApps.has([session, forProjectId])) {
+      this._ownedAdminApps.set([session, forProjectId], new _StackAdminAppImpl({
+        baseUrl: this._interface.options.getBaseUrl(),
+        projectId: forProjectId,
+        tokenStore: null,
+        projectOwnerSession: session,
+        noAutomaticPrefetch: true
+      }));
+    }
+    return this._ownedAdminApps.get([session, forProjectId]);
+  }
+  get projectId() {
+    return this._interface.projectId;
+  }
+  async _isTrusted(url) {
+    return (0, import_urls.isRelative)(url);
+  }
+  get urls() {
+    return getUrls(this._urlOptions);
+  }
+  async _getCurrentUrl() {
+    if (this._redirectMethod === "none") {
+      return null;
+    }
+    return new URL(window.location.href);
+  }
+  async _redirectTo(options) {
+    if (this._redirectMethod === "none") {
+      return;
+    } else if (typeof this._redirectMethod === "object" && this._redirectMethod.navigate) {
+      this._redirectMethod.navigate(options.url.toString());
+    } else {
+      if (options.replace) {
+        window.location.replace(options.url);
+      } else {
+        window.location.assign(options.url);
+      }
+    }
+    await (0, import_promises.wait)(2e3);
+  }
+  useNavigate() {
+    if (typeof this._redirectMethod === "object") {
+      return this._redirectMethod.useNavigate();
+    } else if (this._redirectMethod === "window") {
+      return () => window.location.assign;
+    } else {
+      return (to) => {
+      };
+    }
+  }
+  async _redirectIfTrusted(url, options) {
+    if (!await this._isTrusted(url)) {
+      throw new Error(`Redirect URL ${url} is not trusted; should be relative.`);
+    }
+    return await this._redirectTo({ url, ...options });
+  }
+  async _redirectToHandler(handlerName, options) {
+    let url = this.urls[handlerName];
+    if (!url) {
+      throw new Error(`No URL for handler name ${handlerName}`);
+    }
+    if (!options?.noRedirectBack) {
+      if (handlerName === "afterSignIn" || handlerName === "afterSignUp") {
+        if (isReactServer || typeof window === "undefined") {
+          try {
+            await this._checkFeatureSupport("rsc-handler-" + handlerName, {});
+          } catch (e) {
+          }
+        } else {
+          const queryParams = new URLSearchParams(window.location.search);
+          url = queryParams.get("after_auth_return_to") || url;
+        }
+      } else if (handlerName === "signIn" || handlerName === "signUp") {
+        if (isReactServer || typeof window === "undefined") {
+          try {
+            await this._checkFeatureSupport("rsc-handler-" + handlerName, {});
+          } catch (e) {
+          }
+        } else {
+          const currentUrl = new URL(window.location.href);
+          const nextUrl = new URL(url, currentUrl);
+          if (currentUrl.searchParams.has("after_auth_return_to")) {
+            nextUrl.searchParams.set("after_auth_return_to", currentUrl.searchParams.get("after_auth_return_to"));
+          } else if (currentUrl.protocol === nextUrl.protocol && currentUrl.host === nextUrl.host) {
+            nextUrl.searchParams.set("after_auth_return_to", (0, import_urls.getRelativePart)(currentUrl));
+          }
+          url = (0, import_urls.getRelativePart)(nextUrl);
+        }
+      }
+    }
+    await this._redirectIfTrusted(url, options);
+  }
+  async redirectToSignIn(options) {
+    return await this._redirectToHandler("signIn", options);
+  }
+  async redirectToSignUp(options) {
+    return await this._redirectToHandler("signUp", options);
+  }
+  async redirectToSignOut(options) {
+    return await this._redirectToHandler("signOut", options);
+  }
+  async redirectToEmailVerification(options) {
+    return await this._redirectToHandler("emailVerification", options);
+  }
+  async redirectToPasswordReset(options) {
+    return await this._redirectToHandler("passwordReset", options);
+  }
+  async redirectToForgotPassword(options) {
+    return await this._redirectToHandler("forgotPassword", options);
+  }
+  async redirectToHome(options) {
+    return await this._redirectToHandler("home", options);
+  }
+  async redirectToOAuthCallback(options) {
+    return await this._redirectToHandler("oauthCallback", options);
+  }
+  async redirectToMagicLinkCallback(options) {
+    return await this._redirectToHandler("magicLinkCallback", options);
+  }
+  async redirectToAfterSignIn(options) {
+    return await this._redirectToHandler("afterSignIn", options);
+  }
+  async redirectToAfterSignUp(options) {
+    return await this._redirectToHandler("afterSignUp", options);
+  }
+  async redirectToAfterSignOut(options) {
+    return await this._redirectToHandler("afterSignOut", options);
+  }
+  async redirectToAccountSettings(options) {
+    return await this._redirectToHandler("accountSettings", options);
+  }
+  async redirectToError(options) {
+    return await this._redirectToHandler("error", options);
+  }
+  async redirectToTeamInvitation(options) {
+    return await this._redirectToHandler("teamInvitation", options);
+  }
+  async sendForgotPasswordEmail(email, options) {
+    if (!options?.callbackUrl && !await this._getCurrentUrl()) {
+      throw new Error("Cannot send forgot password email without a callback URL from the server or without a redirect method. Make sure you pass the `callbackUrl` option: `sendForgotPasswordEmail({ email, callbackUrl: ... })`");
+    }
+    return await this._interface.sendForgotPasswordEmail(email, options?.callbackUrl ?? (0, import_url.constructRedirectUrl)(this.urls.passwordReset));
+  }
+  async sendMagicLinkEmail(email, options) {
+    if (!options?.callbackUrl && !await this._getCurrentUrl()) {
+      throw new Error("Cannot send magic link email without a callback URL from the server or without a redirect method. Make sure you pass the `callbackUrl` option: `sendMagicLinkEmail({ email, callbackUrl: ... })`");
+    }
+    return await this._interface.sendMagicLinkEmail(email, options?.callbackUrl ?? (0, import_url.constructRedirectUrl)(this.urls.magicLinkCallback));
+  }
+  async resetPassword(options) {
+    return await this._interface.resetPassword(options);
+  }
+  async verifyPasswordResetCode(code) {
+    return await this._interface.verifyPasswordResetCode(code);
+  }
+  async verifyTeamInvitationCode(code) {
+    return await this._interface.acceptTeamInvitation({
+      type: "check",
+      code,
+      session: await this._getSession()
+    });
+  }
+  async acceptTeamInvitation(code) {
+    const result = await this._interface.acceptTeamInvitation({
+      type: "use",
+      code,
+      session: await this._getSession()
+    });
+    if (result.status === "ok") {
+      return import_results.Result.ok(void 0);
+    } else {
+      return import_results.Result.error(result.error);
+    }
+  }
+  async getTeamInvitationDetails(code) {
+    const result = await this._interface.acceptTeamInvitation({
+      type: "details",
+      code,
+      session: await this._getSession()
+    });
+    if (result.status === "ok") {
+      return import_results.Result.ok({ teamDisplayName: result.data.team_display_name });
+    } else {
+      return import_results.Result.error(result.error);
+    }
+  }
+  async verifyEmail(code) {
+    const result = await this._interface.verifyEmail(code);
+    await this._currentUserCache.refresh([await this._getSession()]);
+    await this._clientContactChannelsCache.refresh([await this._getSession()]);
+    return result;
+  }
+  async getUser(options) {
+    this._ensurePersistentTokenStore(options?.tokenStore);
+    const session = await this._getSession(options?.tokenStore);
+    const crud = import_results.Result.orThrow(await this._currentUserCache.getOrWait([session], "write-only"));
+    if (crud === null) {
+      switch (options?.or) {
+        case "redirect": {
+          await this.redirectToSignIn({ replace: true });
+          break;
+        }
+        case "throw": {
+          throw new Error("User is not signed in but getUser was called with { or: 'throw' }");
+        }
+        default: {
+          return null;
+        }
+      }
+    }
+    return crud && this._currentUserFromCrud(crud, session);
+  }
+  useUser(options) {
+    this._ensurePersistentTokenStore(options?.tokenStore);
+    const session = this._useSession(options?.tokenStore);
+    const crud = useAsyncCache(this._currentUserCache, [session], "useUser()");
+    if (crud === null) {
+      switch (options?.or) {
+        case "redirect": {
+          (0, import_promises.runAsynchronously)(this.redirectToSignIn({ replace: true }));
+          (0, import_react.suspend)();
+          throw new import_errors.StackAssertionError("suspend should never return");
+        }
+        case "throw": {
+          throw new Error("User is not signed in but useUser was called with { or: 'throw' }");
+        }
+        case void 0:
+        case "return-null": {
+        }
+      }
+    }
+    return (0, import_react2.useMemo)(() => {
+      return crud && this._currentUserFromCrud(crud, session);
+    }, [crud, session, options?.or]);
+  }
+  async _updateClientUser(update, session) {
+    const res = await this._interface.updateClientUser(userUpdateOptionsToCrud(update), session);
+    await this._refreshUser(session);
+    return res;
+  }
+  async signInWithOAuth(provider) {
+    if (typeof window === "undefined") {
+      throw new Error("signInWithOAuth can currently only be called in a browser environment");
+    }
+    this._ensurePersistentTokenStore();
+    await (0, import_auth.signInWithOAuth)(
+      this._interface,
+      {
+        provider,
+        redirectUrl: this.urls.oauthCallback,
+        errorRedirectUrl: this.urls.error,
+        providerScope: this._oauthScopesOnSignIn[provider]?.join(" ")
+      }
+    );
+  }
+  /**
+   * @deprecated
+   * TODO remove
+   */
+  async _experimentalMfa(error, session) {
+    const otp = prompt("Please enter the six-digit TOTP code from your authenticator app.");
+    if (!otp) {
+      throw new import_stack_shared.KnownErrors.InvalidTotpCode();
+    }
+    return await this._interface.totpMfa(
+      error.details?.attempt_code ?? (0, import_errors.throwErr)("attempt code missing"),
+      otp,
+      session
+    );
+  }
+  /**
+   * @deprecated
+   * TODO remove
+   */
+  async _catchMfaRequiredError(callback) {
+    try {
+      return await callback();
+    } catch (e) {
+      if (e instanceof import_stack_shared.KnownErrors.MultiFactorAuthenticationRequired) {
+        return import_results.Result.ok(await this._experimentalMfa(e, await this._getSession()));
+      }
+      throw e;
+    }
+  }
+  async signInWithCredential(options) {
+    this._ensurePersistentTokenStore();
+    const session = await this._getSession();
+    let result;
+    try {
+      result = await this._catchMfaRequiredError(async () => {
+        return await this._interface.signInWithCredential(options.email, options.password, session);
+      });
+    } catch (e) {
+      if (e instanceof import_stack_shared.KnownErrors.InvalidTotpCode) {
+        return import_results.Result.error(e);
+      }
+      throw e;
+    }
+    if (result.status === "ok") {
+      await this._signInToAccountWithTokens(result.data);
+      if (!options.noRedirect) {
+        await this.redirectToAfterSignIn({ replace: true });
+      }
+      return import_results.Result.ok(void 0);
+    } else {
+      return import_results.Result.error(result.error);
+    }
+  }
+  async signUpWithCredential(options) {
+    this._ensurePersistentTokenStore();
+    const session = await this._getSession();
+    const emailVerificationRedirectUrl = (0, import_url.constructRedirectUrl)(this.urls.emailVerification);
+    const result = await this._interface.signUpWithCredential(
+      options.email,
+      options.password,
+      emailVerificationRedirectUrl,
+      session
+    );
+    if (result.status === "ok") {
+      await this._signInToAccountWithTokens(result.data);
+      if (!options.noRedirect) {
+        await this.redirectToAfterSignUp({ replace: true });
+      }
+      return import_results.Result.ok(void 0);
+    } else {
+      return import_results.Result.error(result.error);
+    }
+  }
+  async signInWithMagicLink(code) {
+    this._ensurePersistentTokenStore();
+    let result;
+    try {
+      result = await this._catchMfaRequiredError(async () => {
+        return await this._interface.signInWithMagicLink(code);
+      });
+    } catch (e) {
+      if (e instanceof import_stack_shared.KnownErrors.InvalidTotpCode) {
+        return import_results.Result.error(e);
+      }
+      throw e;
+    }
+    if (result.status === "ok") {
+      await this._signInToAccountWithTokens(result.data);
+      if (result.data.newUser) {
+        await this.redirectToAfterSignUp({ replace: true });
+      } else {
+        await this.redirectToAfterSignIn({ replace: true });
+      }
+      return import_results.Result.ok(void 0);
+    } else {
+      return import_results.Result.error(result.error);
+    }
+  }
+  async signInWithPasskey() {
+    this._ensurePersistentTokenStore();
+    const session = await this._getSession();
+    let result;
+    try {
+      result = await this._catchMfaRequiredError(async () => {
+        const initiationResult = await this._interface.initiatePasskeyAuthentication({}, session);
+        if (initiationResult.status !== "ok") {
+          return import_results.Result.error(new import_stack_shared.KnownErrors.PasskeyAuthenticationFailed("Failed to get initiation options for passkey authentication"));
+        }
+        const { options_json, code } = initiationResult.data;
+        if (options_json.rpId !== "THIS_VALUE_WILL_BE_REPLACED.example.com") {
+          throw new import_errors.StackAssertionError(`Expected returned RP ID from server to equal sentinel, but found ${options_json.rpId}`);
+        }
+        options_json.rpId = window.location.hostname;
+        const authentication_response = await (0, import_browser.startAuthentication)({ optionsJSON: options_json });
+        return await this._interface.signInWithPasskey({ authentication_response, code });
+      });
+    } catch (error) {
+      if (error instanceof import_browser.WebAuthnError) {
+        return import_results.Result.error(new import_stack_shared.KnownErrors.PasskeyWebAuthnError(error.message, error.name));
+      } else {
+        return import_results.Result.error(new import_stack_shared.KnownErrors.PasskeyAuthenticationFailed("Failed to sign in with passkey"));
+      }
+    }
+    if (result.status === "ok") {
+      await this._signInToAccountWithTokens(result.data);
+      await this.redirectToAfterSignIn({ replace: true });
+      return import_results.Result.ok(void 0);
+    } else {
+      return import_results.Result.error(result.error);
+    }
+  }
+  async callOAuthCallback() {
+    if (typeof window === "undefined") {
+      throw new Error("callOAuthCallback can currently only be called in a browser environment");
+    }
+    this._ensurePersistentTokenStore();
+    let result;
+    try {
+      result = await this._catchMfaRequiredError(async () => {
+        return await (0, import_auth.callOAuthCallback)(this._interface, this.urls.oauthCallback);
+      });
+    } catch (e) {
+      if (e instanceof import_stack_shared.KnownErrors.InvalidTotpCode) {
+        alert("Invalid TOTP code. Please try signing in again.");
+        return false;
+      } else {
+        throw e;
+      }
+    }
+    if (result.status === "ok" && result.data) {
+      await this._signInToAccountWithTokens(result.data);
+      if ("afterCallbackRedirectUrl" in result.data && result.data.afterCallbackRedirectUrl) {
+        await this._redirectTo({ url: result.data.afterCallbackRedirectUrl, replace: true });
+        return true;
+      } else if (result.data.newUser) {
+        await this.redirectToAfterSignUp({ replace: true });
+        return true;
+      } else {
+        await this.redirectToAfterSignIn({ replace: true });
+        return true;
+      }
+    }
+    return false;
+  }
+  async _signOut(session, options) {
+    await import_stores.storeLock.withWriteLock(async () => {
+      await this._interface.signOut(session);
+      if (options?.redirectUrl) {
+        await this._redirectTo({ url: options.redirectUrl, replace: true });
+      } else {
+        await this.redirectToAfterSignOut();
+      }
+    });
+  }
+  async signOut(options) {
+    const user = await this.getUser();
+    if (user) {
+      await user.signOut(options);
+    }
+  }
+  async getProject() {
+    const crud = import_results.Result.orThrow(await this._currentProjectCache.getOrWait([], "write-only"));
+    return this._clientProjectFromCrud(crud);
+  }
+  useProject() {
+    const crud = useAsyncCache(this._currentProjectCache, [], "useProject()");
+    return (0, import_react2.useMemo)(() => this._clientProjectFromCrud(crud), [crud]);
+  }
+  async _listOwnedProjects(session) {
+    this._ensureInternalProject();
+    const crud = import_results.Result.orThrow(await this._ownedProjectsCache.getOrWait([session], "write-only"));
+    return crud.map((j) => this._getOwnedAdminApp(j.id, session)._adminOwnedProjectFromCrud(
+      j,
+      () => this._refreshOwnedProjects(session)
+    ));
+  }
+  _useOwnedProjects(session) {
+    this._ensureInternalProject();
+    const projects = useAsyncCache(this._ownedProjectsCache, [session], "useOwnedProjects()");
+    return (0, import_react2.useMemo)(() => projects.map((j) => this._getOwnedAdminApp(j.id, session)._adminOwnedProjectFromCrud(
+      j,
+      () => this._refreshOwnedProjects(session)
+    )), [projects]);
+  }
+  async _createProject(session, newProject) {
+    this._ensureInternalProject();
+    const crud = await this._interface.createProject(adminProjectCreateOptionsToCrud(newProject), session);
+    const res = this._getOwnedAdminApp(crud.id, session)._adminOwnedProjectFromCrud(
+      crud,
+      () => this._refreshOwnedProjects(session)
+    );
+    await this._refreshOwnedProjects(session);
+    return res;
+  }
+  async _refreshUser(session) {
+    await this._refreshSession(session);
+  }
+  async _refreshSession(session) {
+    await this._currentUserCache.refresh([session]);
+  }
+  async _refreshUsers() {
+  }
+  async _refreshProject() {
+    await this._currentProjectCache.refresh([]);
+  }
+  async _refreshOwnedProjects(session) {
+    await this._ownedProjectsCache.refresh([session]);
+  }
+  static get [stackAppInternalsSymbol]() {
+    return {
+      fromClientJson: (json) => {
+        const providedCheckString = JSON.stringify((0, import_objects.omit)(json, [
+          /* none currently */
+        ]));
+        const existing = allClientApps.get(json.uniqueIdentifier);
+        if (existing) {
+          const [existingCheckString, clientApp] = existing;
+          if (existingCheckString !== providedCheckString) {
+            throw new import_errors.StackAssertionError("The provided app JSON does not match the configuration of the existing client app with the same unique identifier", { providedObj: json, existingString: existingCheckString });
+          }
+          return clientApp;
+        }
+        return new __StackClientAppImpl({
+          ...json,
+          checkString: providedCheckString
+        });
+      }
+    };
+  }
+  get [stackAppInternalsSymbol]() {
+    return {
+      toClientJson: () => {
+        if (!("publishableClientKey" in this._interface.options)) {
+          throw new import_errors.StackAssertionError("Cannot serialize to JSON from an application without a publishable client key");
+        }
+        if (typeof this._redirectMethod !== "string") {
+          throw new import_errors.StackAssertionError("Cannot serialize to JSON from an application with a non-string redirect method");
+        }
+        return {
+          baseUrl: this._options.baseUrl,
+          projectId: this.projectId,
+          publishableClientKey: this._interface.options.publishableClientKey,
+          tokenStore: this._tokenStoreInit,
+          urls: this._urlOptions,
+          oauthScopesOnSignIn: this._oauthScopesOnSignIn,
+          uniqueIdentifier: this._getUniqueIdentifier(),
+          redirectMethod: this._redirectMethod
+        };
+      },
+      setCurrentUser: (userJsonPromise) => {
+        (0, import_promises.runAsynchronously)(async () => {
+          await this._currentUserCache.forceSetCachedValueAsync([await this._getSession()], import_results.Result.fromPromise(userJsonPromise));
+        });
+      },
+      sendRequest: async (path, requestOptions, requestType = "client") => {
+        return await this._interface.sendClientRequest(path, requestOptions, await this._getSession(), requestType);
+      }
+    };
+  }
+};
+var _StackServerAppImpl = class extends _StackClientAppImpl {
+  constructor(options) {
+    super("interface" in options ? {
+      interface: options.interface,
+      tokenStore: options.tokenStore,
+      urls: options.urls,
+      oauthScopesOnSignIn: options.oauthScopesOnSignIn
+    } : {
+      interface: new import_stack_shared.StackServerInterface({
+        getBaseUrl: () => getBaseUrl(options.baseUrl),
+        projectId: options.projectId ?? getDefaultProjectId(),
+        clientVersion,
+        publishableClientKey: options.publishableClientKey ?? getDefaultPublishableClientKey(),
+        secretServerKey: options.secretServerKey ?? getDefaultSecretServerKey()
+      }),
+      baseUrl: options.baseUrl,
+      projectId: options.projectId,
+      publishableClientKey: options.publishableClientKey,
+      tokenStore: options.tokenStore,
+      urls: options.urls ?? {},
+      oauthScopesOnSignIn: options.oauthScopesOnSignIn ?? {},
+      redirectMethod: options.redirectMethod
+    });
+    // TODO override the client user cache to use the server user cache, so we save some requests
+    this._currentServerUserCache = createCacheBySession(async (session) => {
+      if (session.isKnownToBeInvalid()) {
+        return null;
+      }
+      return await this._interface.getServerUserByToken(session);
+    });
+    this._serverUsersCache = createCache(async ([cursor, limit, orderBy, desc, query]) => {
+      return await this._interface.listServerUsers({ cursor, limit, orderBy, desc, query });
+    });
+    this._serverUserCache = createCache(async ([userId]) => {
+      const user = await this._interface.getServerUserById(userId);
+      return import_results.Result.or(user, null);
+    });
+    this._serverTeamsCache = createCache(async ([userId]) => {
+      return await this._interface.listServerTeams({ userId });
+    });
+    this._serverTeamUserPermissionsCache = createCache(async ([teamId, userId, recursive]) => {
+      return await this._interface.listServerTeamPermissions({ teamId, userId, recursive }, null);
+    });
+    this._serverUserOAuthConnectionAccessTokensCache = createCache(
+      async ([userId, providerId, scope]) => {
+        try {
+          const result = await this._interface.createServerProviderAccessToken(userId, providerId, scope || "");
+          return { accessToken: result.access_token };
+        } catch (err) {
+          if (!(err instanceof import_stack_shared.KnownErrors.OAuthConnectionDoesNotHaveRequiredScope || err instanceof import_stack_shared.KnownErrors.OAuthConnectionNotConnectedToUser)) {
+            throw err;
+          }
+        }
+        return null;
+      }
+    );
+    this._serverUserOAuthConnectionCache = createCache(
+      async ([userId, providerId, scope, redirect]) => {
+        return await this._getUserOAuthConnectionCacheFn({
+          getUser: async () => import_results.Result.orThrow(await this._serverUserCache.getOrWait([userId], "write-only")),
+          getOrWaitOAuthToken: async () => import_results.Result.orThrow(await this._serverUserOAuthConnectionAccessTokensCache.getOrWait([userId, providerId, scope || ""], "write-only")),
+          useOAuthToken: () => useAsyncCache(this._serverUserOAuthConnectionAccessTokensCache, [userId, providerId, scope || ""], "user.useConnectedAccount()"),
+          providerId,
+          scope,
+          redirect,
+          session: null
+        });
+      }
+    );
+    this._serverTeamMemberProfilesCache = createCache(
+      async ([teamId]) => {
+        return await this._interface.listServerTeamMemberProfiles({ teamId });
+      }
+    );
+    this._serverTeamInvitationsCache = createCache(
+      async ([teamId]) => {
+        return await this._interface.listServerTeamInvitations({ teamId });
+      }
+    );
+    this._serverUserTeamProfileCache = createCache(
+      async ([teamId, userId]) => {
+        return await this._interface.getServerTeamMemberProfile({ teamId, userId });
+      }
+    );
+    this._serverContactChannelsCache = createCache(
+      async ([userId]) => {
+        return await this._interface.listServerContactChannels(userId);
+      }
+    );
+  }
+  async _updateServerUser(userId, update) {
+    const result = await this._interface.updateServerUser(userId, serverUserUpdateOptionsToCrud(update));
+    await this._refreshUsers();
+    return result;
+  }
+  _serverEditableTeamProfileFromCrud(crud) {
+    const app = this;
+    return {
+      displayName: crud.display_name,
+      profileImageUrl: crud.profile_image_url,
+      async update(update) {
+        await app._interface.updateServerTeamMemberProfile({
+          teamId: crud.team_id,
+          userId: crud.user_id,
+          profile: {
+            display_name: update.displayName,
+            profile_image_url: update.profileImageUrl
+          }
+        });
+        await app._serverUserTeamProfileCache.refresh([crud.team_id, crud.user_id]);
+      }
+    };
+  }
+  _serverContactChannelFromCrud(userId, crud) {
+    const app = this;
+    return {
+      id: crud.id,
+      value: crud.value,
+      type: crud.type,
+      isVerified: crud.is_verified,
+      isPrimary: crud.is_primary,
+      usedForAuth: crud.used_for_auth,
+      async sendVerificationEmail(options) {
+        if (!options?.callbackUrl && !await app._getCurrentUrl()) {
+          throw new Error("Cannot send verification email without a callback URL from the server or without a redirect method. Make sure you pass the `callbackUrl` option: `sendVerificationEmail({ callbackUrl: ... })`");
+        }
+        await app._interface.sendServerContactChannelVerificationEmail(userId, crud.id, options?.callbackUrl ?? (0, import_url.constructRedirectUrl)(app.urls.emailVerification));
+      },
+      async update(data) {
+        await app._interface.updateServerContactChannel(userId, crud.id, serverContactChannelUpdateOptionsToCrud(data));
+      },
+      async delete() {
+        await app._interface.deleteServerContactChannel(userId, crud.id);
+      }
+    };
+  }
+  _serverUserFromCrud(crud) {
+    const app = this;
+    async function getConnectedAccount(id, options) {
+      const scopeString = options?.scopes?.join(" ");
+      return import_results.Result.orThrow(await app._serverUserOAuthConnectionCache.getOrWait([crud.id, id, scopeString || "", options?.or === "redirect"], "write-only"));
+    }
+    function useConnectedAccount(id, options) {
+      const scopeString = options?.scopes?.join(" ");
+      return useAsyncCache(app._serverUserOAuthConnectionCache, [crud.id, id, scopeString || "", options?.or === "redirect"], "user.useConnectedAccount()");
+    }
+    return {
+      ...super._createBaseUser(crud),
+      lastActiveAt: new Date(crud.last_active_at_millis),
+      serverMetadata: crud.server_metadata,
+      async setPrimaryEmail(email, options) {
+        await app._updateServerUser(crud.id, { primaryEmail: email, primaryEmailVerified: options?.verified });
+      },
+      async grantPermission(scope, permissionId) {
+        await app._interface.grantServerTeamUserPermission(scope.id, crud.id, permissionId);
+        for (const recursive of [true, false]) {
+          await app._serverTeamUserPermissionsCache.refresh([scope.id, crud.id, recursive]);
+        }
+      },
+      async revokePermission(scope, permissionId) {
+        await app._interface.revokeServerTeamUserPermission(scope.id, crud.id, permissionId);
+        for (const recursive of [true, false]) {
+          await app._serverTeamUserPermissionsCache.refresh([scope.id, crud.id, recursive]);
+        }
+      },
+      async delete() {
+        const res = await app._interface.deleteServerServerUser(crud.id);
+        await app._refreshUsers();
+        return res;
+      },
+      async createSession(options) {
+        const tokens = await app._interface.createServerUserSession(crud.id, options.expiresInMillis ?? 1e3 * 60 * 60 * 24 * 365);
+        return {
+          async getTokens() {
+            return tokens;
+          }
+        };
+      },
+      async setDisplayName(displayName) {
+        return await this.update({ displayName });
+      },
+      async setClientMetadata(metadata) {
+        return await this.update({ clientMetadata: metadata });
+      },
+      async setClientReadOnlyMetadata(metadata) {
+        return await this.update({ clientReadOnlyMetadata: metadata });
+      },
+      async setServerMetadata(metadata) {
+        return await this.update({ serverMetadata: metadata });
+      },
+      async setSelectedTeam(team) {
+        return await this.update({ selectedTeamId: team?.id ?? null });
+      },
+      getConnectedAccount,
+      useConnectedAccount,
+      selectedTeam: crud.selected_team ? app._serverTeamFromCrud(crud.selected_team) : null,
+      async getTeam(teamId) {
+        const teams = await this.listTeams();
+        return teams.find((t) => t.id === teamId) ?? null;
+      },
+      useTeam(teamId) {
+        const teams = this.useTeams();
+        return (0, import_react2.useMemo)(() => {
+          return teams.find((t) => t.id === teamId) ?? null;
+        }, [teams, teamId]);
+      },
+      async listTeams() {
+        const teams = import_results.Result.orThrow(await app._serverTeamsCache.getOrWait([crud.id], "write-only"));
+        return teams.map((t) => app._serverTeamFromCrud(t));
+      },
+      useTeams() {
+        const teams = useAsyncCache(app._serverTeamsCache, [crud.id], "user.useTeams()");
+        return (0, import_react2.useMemo)(() => teams.map((t) => app._serverTeamFromCrud(t)), [teams]);
+      },
+      createTeam: async (data) => {
+        const team = await app._interface.createServerTeam(serverTeamCreateOptionsToCrud({
+          creatorUserId: crud.id,
+          ...data
+        }));
+        await app._serverTeamsCache.refresh([void 0]);
+        return app._serverTeamFromCrud(team);
+      },
+      leaveTeam: async (team) => {
+        await app._interface.leaveServerTeam({ teamId: team.id, userId: crud.id });
+      },
+      async listPermissions(scope, options) {
+        const recursive = options?.recursive ?? true;
+        const permissions = import_results.Result.orThrow(await app._serverTeamUserPermissionsCache.getOrWait([scope.id, crud.id, recursive], "write-only"));
+        return permissions.map((crud2) => app._serverPermissionFromCrud(crud2));
+      },
+      usePermissions(scope, options) {
+        const recursive = options?.recursive ?? true;
+        const permissions = useAsyncCache(app._serverTeamUserPermissionsCache, [scope.id, crud.id, recursive], "user.usePermissions()");
+        return (0, import_react2.useMemo)(() => permissions.map((crud2) => app._serverPermissionFromCrud(crud2)), [permissions]);
+      },
+      async getPermission(scope, permissionId) {
+        const permissions = await this.listPermissions(scope);
+        return permissions.find((p) => p.id === permissionId) ?? null;
+      },
+      usePermission(scope, permissionId) {
+        const permissions = this.usePermissions(scope);
+        return (0, import_react2.useMemo)(() => permissions.find((p) => p.id === permissionId) ?? null, [permissions, permissionId]);
+      },
+      async hasPermission(scope, permissionId) {
+        return await this.getPermission(scope, permissionId) !== null;
+      },
+      async update(update) {
+        await app._updateServerUser(crud.id, update);
+      },
+      async sendVerificationEmail() {
+        return await app._checkFeatureSupport("sendVerificationEmail() on ServerUser", {});
+      },
+      async updatePassword(options) {
+        const result = await this.update({ password: options.newPassword });
+        await app._serverUserCache.refresh([crud.id]);
+        return result;
+      },
+      async setPassword(options) {
+        const result = await this.update(options);
+        await app._serverUserCache.refresh([crud.id]);
+        return result;
+      },
+      async getTeamProfile(team) {
+        const result = import_results.Result.orThrow(await app._serverUserTeamProfileCache.getOrWait([team.id, crud.id], "write-only"));
+        return app._serverEditableTeamProfileFromCrud(result);
+      },
+      useTeamProfile(team) {
+        const result = useAsyncCache(app._serverUserTeamProfileCache, [team.id, crud.id], "user.useTeamProfile()");
+        return (0, import_react2.useMemo)(() => app._serverEditableTeamProfileFromCrud(result), [result]);
+      },
+      async listContactChannels() {
+        const result = import_results.Result.orThrow(await app._serverContactChannelsCache.getOrWait([crud.id], "write-only"));
+        return result.map((data) => app._serverContactChannelFromCrud(crud.id, data));
+      },
+      useContactChannels() {
+        const result = useAsyncCache(app._serverContactChannelsCache, [crud.id], "user.useContactChannels()");
+        return (0, import_react2.useMemo)(() => result.map((data) => app._serverContactChannelFromCrud(crud.id, data)), [result]);
+      },
+      createContactChannel: async (data) => {
+        const contactChannel = await app._interface.createServerContactChannel(serverContactChannelCreateOptionsToCrud(crud.id, data));
+        await app._serverContactChannelsCache.refresh([crud.id]);
+        return app._serverContactChannelFromCrud(crud.id, contactChannel);
+      }
+    };
+  }
+  _serverTeamUserFromCrud(crud) {
+    return {
+      ...this._serverUserFromCrud(crud.user),
+      teamProfile: {
+        displayName: crud.display_name,
+        profileImageUrl: crud.profile_image_url
+      }
+    };
+  }
+  _serverTeamInvitationFromCrud(crud) {
+    return {
+      id: crud.id,
+      recipientEmail: crud.recipient_email,
+      expiresAt: new Date(crud.expires_at_millis),
+      revoke: async () => {
+        await this._interface.revokeServerTeamInvitation(crud.id, crud.team_id);
+      }
+    };
+  }
+  _currentUserFromCrud(crud, session) {
+    const app = this;
+    const currentUser = {
+      ...this._serverUserFromCrud(crud),
+      ...this._createAuth(session),
+      ...this._isInternalProject() ? this._createInternalUserExtra(session) : {}
+    };
+    Object.freeze(currentUser);
+    return currentUser;
+  }
+  _serverTeamFromCrud(crud) {
+    const app = this;
+    return {
+      id: crud.id,
+      displayName: crud.display_name,
+      profileImageUrl: crud.profile_image_url,
+      createdAt: new Date(crud.created_at_millis),
+      clientMetadata: crud.client_metadata,
+      clientReadOnlyMetadata: crud.client_read_only_metadata,
+      serverMetadata: crud.server_metadata,
+      async update(update) {
+        await app._interface.updateServerTeam(crud.id, serverTeamUpdateOptionsToCrud(update));
+        await app._serverTeamsCache.refresh([void 0]);
+      },
+      async delete() {
+        await app._interface.deleteServerTeam(crud.id);
+        await app._serverTeamsCache.refresh([void 0]);
+      },
+      async listUsers() {
+        const result = import_results.Result.orThrow(await app._serverTeamMemberProfilesCache.getOrWait([crud.id], "write-only"));
+        return result.map((u) => app._serverTeamUserFromCrud(u));
+      },
+      useUsers() {
+        const result = useAsyncCache(app._serverTeamMemberProfilesCache, [crud.id], "team.useUsers()");
+        return (0, import_react2.useMemo)(() => result.map((u) => app._serverTeamUserFromCrud(u)), [result]);
+      },
+      async addUser(userId) {
+        await app._interface.addServerUserToTeam({
+          teamId: crud.id,
+          userId
+        });
+        await app._serverTeamMemberProfilesCache.refresh([crud.id]);
+      },
+      async removeUser(userId) {
+        await app._interface.removeServerUserFromTeam({
+          teamId: crud.id,
+          userId
+        });
+        await app._serverTeamMemberProfilesCache.refresh([crud.id]);
+      },
+      async inviteUser(options) {
+        if (!options.callbackUrl && !await app._getCurrentUrl()) {
+          throw new Error("Cannot invite user without a callback URL from the server or without a redirect method. Make sure you pass the `callbackUrl` option: `inviteUser({ email, callbackUrl: ... })`");
+        }
+        await app._interface.sendServerTeamInvitation({
+          teamId: crud.id,
+          email: options.email,
+          callbackUrl: options.callbackUrl ?? (0, import_url.constructRedirectUrl)(app.urls.teamInvitation)
+        });
+        await app._serverTeamInvitationsCache.refresh([crud.id]);
+      },
+      async listInvitations() {
+        const result = import_results.Result.orThrow(await app._serverTeamInvitationsCache.getOrWait([crud.id], "write-only"));
+        return result.map((crud2) => app._serverTeamInvitationFromCrud(crud2));
+      },
+      useInvitations() {
+        const result = useAsyncCache(app._serverTeamInvitationsCache, [crud.id], "team.useInvitations()");
+        return (0, import_react2.useMemo)(() => result.map((crud2) => app._serverTeamInvitationFromCrud(crud2)), [result]);
+      }
+    };
+  }
+  async createUser(options) {
+    const crud = await this._interface.createServerUser(serverUserCreateOptionsToCrud(options));
+    await this._refreshUsers();
+    return this._serverUserFromCrud(crud);
+  }
+  async getUser(options) {
+    if (typeof options === "string") {
+      return await this.getServerUserById(options);
+    } else {
+      this._ensurePersistentTokenStore(options?.tokenStore);
+      const session = await this._getSession(options?.tokenStore);
+      const crud = import_results.Result.orThrow(await this._currentServerUserCache.getOrWait([session], "write-only"));
+      if (crud === null) {
+        switch (options?.or) {
+          case "redirect": {
+            await this.redirectToSignIn({ replace: true });
+            break;
+          }
+          case "throw": {
+            throw new Error("User is not signed in but getUser was called with { or: 'throw' }");
+          }
+          default: {
+            return null;
+          }
+        }
+      }
+      return crud && this._currentUserFromCrud(crud, session);
+    }
+  }
+  async getServerUser() {
+    console.warn("stackServerApp.getServerUser is deprecated; use stackServerApp.getUser instead");
+    return await this.getUser();
+  }
+  async getServerUserById(userId) {
+    const crud = import_results.Result.orThrow(await this._serverUserCache.getOrWait([userId], "write-only"));
+    return crud && this._serverUserFromCrud(crud);
+  }
+  useUser(options) {
+    if (typeof options === "string") {
+      return this.useUserById(options);
+    } else {
+      this._ensurePersistentTokenStore(options?.tokenStore);
+      const session = this._useSession(options?.tokenStore);
+      const crud = useAsyncCache(this._currentServerUserCache, [session], "useUser()");
+      if (crud === null) {
+        switch (options?.or) {
+          case "redirect": {
+            (0, import_promises.runAsynchronously)(this.redirectToSignIn({ replace: true }));
+            (0, import_react.suspend)();
+            throw new import_errors.StackAssertionError("suspend should never return");
+          }
+          case "throw": {
+            throw new Error("User is not signed in but useUser was called with { or: 'throw' }");
+          }
+          case void 0:
+          case "return-null": {
+          }
+        }
+      }
+      return (0, import_react2.useMemo)(() => {
+        return crud && this._currentUserFromCrud(crud, session);
+      }, [crud, session, options?.or]);
+    }
+  }
+  useUserById(userId) {
+    const crud = useAsyncCache(this._serverUserCache, [userId], "useUserById()");
+    return (0, import_react2.useMemo)(() => {
+      return crud && this._serverUserFromCrud(crud);
+    }, [crud]);
+  }
+  async listUsers(options) {
+    const crud = import_results.Result.orThrow(await this._serverUsersCache.getOrWait([options?.cursor, options?.limit, options?.orderBy, options?.desc, options?.query], "write-only"));
+    const result = crud.items.map((j) => this._serverUserFromCrud(j));
+    result.nextCursor = crud.pagination?.next_cursor ?? null;
+    return result;
+  }
+  useUsers(options) {
+    const crud = useAsyncCache(this._serverUsersCache, [options?.cursor, options?.limit, options?.orderBy, options?.desc, options?.query], "useServerUsers()");
+    const result = crud.items.map((j) => this._serverUserFromCrud(j));
+    result.nextCursor = crud.pagination?.next_cursor ?? null;
+    return result;
+  }
+  _serverPermissionFromCrud(crud) {
+    return {
+      id: crud.id
+    };
+  }
+  _serverTeamPermissionDefinitionFromCrud(crud) {
+    return {
+      id: crud.id,
+      description: crud.description,
+      containedPermissionIds: crud.contained_permission_ids
+    };
+  }
+  async listTeams() {
+    const teams = import_results.Result.orThrow(await this._serverTeamsCache.getOrWait([void 0], "write-only"));
+    return teams.map((t) => this._serverTeamFromCrud(t));
+  }
+  async createTeam(data) {
+    const team = await this._interface.createServerTeam(serverTeamCreateOptionsToCrud(data));
+    await this._serverTeamsCache.refresh([void 0]);
+    return this._serverTeamFromCrud(team);
+  }
+  useTeams() {
+    const teams = useAsyncCache(this._serverTeamsCache, [void 0], "useServerTeams()");
+    return (0, import_react2.useMemo)(() => {
+      return teams.map((t) => this._serverTeamFromCrud(t));
+    }, [teams]);
+  }
+  async getTeam(teamId) {
+    const teams = await this.listTeams();
+    return teams.find((t) => t.id === teamId) ?? null;
+  }
+  useTeam(teamId) {
+    const teams = this.useTeams();
+    return (0, import_react2.useMemo)(() => {
+      return teams.find((t) => t.id === teamId) ?? null;
+    }, [teams, teamId]);
+  }
+  async _refreshSession(session) {
+    await Promise.all([
+      super._refreshUser(session),
+      this._currentServerUserCache.refresh([session])
+    ]);
+  }
+  async _refreshUsers() {
+    await Promise.all([
+      super._refreshUsers(),
+      this._serverUserCache.refreshWhere(() => true),
+      this._serverUsersCache.refreshWhere(() => true),
+      this._serverContactChannelsCache.refreshWhere(() => true)
+    ]);
+  }
+};
+var _StackAdminAppImpl = class extends _StackServerAppImpl {
+  constructor(options) {
+    super({
+      interface: new import_stack_shared.StackAdminInterface({
+        getBaseUrl: () => getBaseUrl(options.baseUrl),
+        projectId: options.projectId ?? getDefaultProjectId(),
+        clientVersion,
+        ..."projectOwnerSession" in options ? {
+          projectOwnerSession: options.projectOwnerSession
+        } : {
+          publishableClientKey: options.publishableClientKey ?? getDefaultPublishableClientKey(),
+          secretServerKey: options.secretServerKey ?? getDefaultSecretServerKey(),
+          superSecretAdminKey: options.superSecretAdminKey ?? getDefaultSuperSecretAdminKey()
+        }
+      }),
+      baseUrl: options.baseUrl,
+      projectId: options.projectId,
+      tokenStore: options.tokenStore,
+      urls: options.urls,
+      oauthScopesOnSignIn: options.oauthScopesOnSignIn,
+      redirectMethod: options.redirectMethod
+    });
+    this._adminProjectCache = createCache(async () => {
+      return await this._interface.getProject();
+    });
+    this._apiKeysCache = createCache(async () => {
+      return await this._interface.listApiKeys();
+    });
+    this._adminEmailTemplatesCache = createCache(async () => {
+      return await this._interface.listEmailTemplates();
+    });
+    this._adminTeamPermissionDefinitionsCache = createCache(async () => {
+      return await this._interface.listPermissionDefinitions();
+    });
+    this._svixTokenCache = createCache(async () => {
+      return await this._interface.getSvixToken();
+    });
+    this._metricsCache = createCache(async () => {
+      return await this._interface.getMetrics();
+    });
+  }
+  _adminOwnedProjectFromCrud(data, onRefresh) {
+    if (this._tokenStoreInit !== null) {
+      throw new import_errors.StackAssertionError("Owned apps must always have tokenStore === null \u2014 did you not create this project with app._createOwnedApp()?");
+      ;
+    }
+    return {
+      ...this._adminProjectFromCrud(data, onRefresh),
+      app: this
+    };
+  }
+  _adminProjectFromCrud(data, onRefresh) {
+    if (data.id !== this.projectId) {
+      throw new import_errors.StackAssertionError(`The project ID of the provided project JSON (${data.id}) does not match the project ID of the app (${this.projectId})!`);
+    }
+    const app = this;
+    return {
+      id: data.id,
+      displayName: data.display_name,
+      description: data.description,
+      createdAt: new Date(data.created_at_millis),
+      userCount: data.user_count,
+      isProductionMode: data.is_production_mode,
+      config: {
+        id: data.config.id,
+        signUpEnabled: data.config.sign_up_enabled,
+        credentialEnabled: data.config.credential_enabled,
+        magicLinkEnabled: data.config.magic_link_enabled,
+        passkeyEnabled: data.config.passkey_enabled,
+        clientTeamCreationEnabled: data.config.client_team_creation_enabled,
+        clientUserDeletionEnabled: data.config.client_user_deletion_enabled,
+        allowLocalhost: data.config.allow_localhost,
+        oauthProviders: data.config.oauth_providers.map((p) => p.type === "shared" ? {
+          id: p.id,
+          enabled: p.enabled,
+          type: "shared"
+        } : {
+          id: p.id,
+          enabled: p.enabled,
+          type: "standard",
+          clientId: p.client_id ?? (0, import_errors.throwErr)("Client ID is missing"),
+          clientSecret: p.client_secret ?? (0, import_errors.throwErr)("Client secret is missing"),
+          facebookConfigId: p.facebook_config_id,
+          microsoftTenantId: p.microsoft_tenant_id
+        }),
+        emailConfig: data.config.email_config.type === "shared" ? {
+          type: "shared"
+        } : {
+          type: "standard",
+          host: data.config.email_config.host ?? (0, import_errors.throwErr)("Email host is missing"),
+          port: data.config.email_config.port ?? (0, import_errors.throwErr)("Email port is missing"),
+          username: data.config.email_config.username ?? (0, import_errors.throwErr)("Email username is missing"),
+          password: data.config.email_config.password ?? (0, import_errors.throwErr)("Email password is missing"),
+          senderName: data.config.email_config.sender_name ?? (0, import_errors.throwErr)("Email sender name is missing"),
+          senderEmail: data.config.email_config.sender_email ?? (0, import_errors.throwErr)("Email sender email is missing")
+        },
+        domains: data.config.domains.map((d) => ({
+          domain: d.domain,
+          handlerPath: d.handler_path
+        })),
+        createTeamOnSignUp: data.config.create_team_on_sign_up,
+        teamCreatorDefaultPermissions: data.config.team_creator_default_permissions,
+        teamMemberDefaultPermissions: data.config.team_member_default_permissions
+      },
+      async update(update) {
+        await app._interface.updateProject(adminProjectUpdateOptionsToCrud(update));
+        await onRefresh();
+      },
+      async delete() {
+        await app._interface.deleteProject();
+      },
+      async getProductionModeErrors() {
+        return (0, import_production_mode.getProductionModeErrors)(data);
+      },
+      useProductionModeErrors() {
+        return (0, import_production_mode.getProductionModeErrors)(data);
+      }
+    };
+  }
+  _adminEmailTemplateFromCrud(data) {
+    return {
+      type: data.type,
+      subject: data.subject,
+      content: data.content,
+      isDefault: data.is_default
+    };
+  }
+  async getProject() {
+    return this._adminProjectFromCrud(
+      import_results.Result.orThrow(await this._adminProjectCache.getOrWait([], "write-only")),
+      () => this._refreshProject()
+    );
+  }
+  useProject() {
+    const crud = useAsyncCache(this._adminProjectCache, [], "useProjectAdmin()");
+    return (0, import_react2.useMemo)(() => this._adminProjectFromCrud(
+      crud,
+      () => this._refreshProject()
+    ), [crud]);
+  }
+  _createApiKeyBaseFromCrud(data) {
+    const app = this;
+    return {
+      id: data.id,
+      description: data.description,
+      expiresAt: new Date(data.expires_at_millis),
+      manuallyRevokedAt: data.manually_revoked_at_millis ? new Date(data.manually_revoked_at_millis) : null,
+      createdAt: new Date(data.created_at_millis),
+      isValid() {
+        return this.whyInvalid() === null;
+      },
+      whyInvalid() {
+        if (this.expiresAt.getTime() < Date.now()) return "expired";
+        if (this.manuallyRevokedAt) return "manually-revoked";
+        return null;
+      },
+      async revoke() {
+        const res = await app._interface.revokeApiKeyById(data.id);
+        await app._refreshApiKeys();
+        return res;
+      }
+    };
+  }
+  _createApiKeyFromCrud(data) {
+    return {
+      ...this._createApiKeyBaseFromCrud(data),
+      publishableClientKey: data.publishable_client_key ? { lastFour: data.publishable_client_key.last_four } : null,
+      secretServerKey: data.secret_server_key ? { lastFour: data.secret_server_key.last_four } : null,
+      superSecretAdminKey: data.super_secret_admin_key ? { lastFour: data.super_secret_admin_key.last_four } : null
+    };
+  }
+  _createApiKeyFirstViewFromCrud(data) {
+    return {
+      ...this._createApiKeyBaseFromCrud(data),
+      publishableClientKey: data.publishable_client_key,
+      secretServerKey: data.secret_server_key,
+      superSecretAdminKey: data.super_secret_admin_key
+    };
+  }
+  async listApiKeys() {
+    const crud = import_results.Result.orThrow(await this._apiKeysCache.getOrWait([], "write-only"));
+    return crud.map((j) => this._createApiKeyFromCrud(j));
+  }
+  useApiKeys() {
+    const crud = useAsyncCache(this._apiKeysCache, [], "useApiKeys()");
+    return (0, import_react2.useMemo)(() => {
+      return crud.map((j) => this._createApiKeyFromCrud(j));
+    }, [crud]);
+  }
+  async createApiKey(options) {
+    const crud = await this._interface.createApiKey(apiKeyCreateOptionsToCrud(options));
+    await this._refreshApiKeys();
+    return this._createApiKeyFirstViewFromCrud(crud);
+  }
+  useEmailTemplates() {
+    const crud = useAsyncCache(this._adminEmailTemplatesCache, [], "useEmailTemplates()");
+    return (0, import_react2.useMemo)(() => {
+      return crud.map((j) => this._adminEmailTemplateFromCrud(j));
+    }, [crud]);
+  }
+  async listEmailTemplates() {
+    const crud = import_results.Result.orThrow(await this._adminEmailTemplatesCache.getOrWait([], "write-only"));
+    return crud.map((j) => this._adminEmailTemplateFromCrud(j));
+  }
+  async updateEmailTemplate(type, data) {
+    await this._interface.updateEmailTemplate(type, adminEmailTemplateUpdateOptionsToCrud(data));
+    await this._adminEmailTemplatesCache.refresh([]);
+  }
+  async resetEmailTemplate(type) {
+    await this._interface.resetEmailTemplate(type);
+    await this._adminEmailTemplatesCache.refresh([]);
+  }
+  async createTeamPermissionDefinition(data) {
+    const crud = await this._interface.createPermissionDefinition(serverTeamPermissionDefinitionCreateOptionsToCrud(data));
+    await this._adminTeamPermissionDefinitionsCache.refresh([]);
+    return this._serverTeamPermissionDefinitionFromCrud(crud);
+  }
+  async updateTeamPermissionDefinition(permissionId, data) {
+    await this._interface.updatePermissionDefinition(permissionId, serverTeamPermissionDefinitionUpdateOptionsToCrud(data));
+    await this._adminTeamPermissionDefinitionsCache.refresh([]);
+  }
+  async deleteTeamPermissionDefinition(permissionId) {
+    await this._interface.deletePermissionDefinition(permissionId);
+    await this._adminTeamPermissionDefinitionsCache.refresh([]);
+  }
+  async listTeamPermissionDefinitions() {
+    const crud = import_results.Result.orThrow(await this._adminTeamPermissionDefinitionsCache.getOrWait([], "write-only"));
+    return crud.map((p) => this._serverTeamPermissionDefinitionFromCrud(p));
+  }
+  useTeamPermissionDefinitions() {
+    const crud = useAsyncCache(this._adminTeamPermissionDefinitionsCache, [], "usePermissions()");
+    return (0, import_react2.useMemo)(() => {
+      return crud.map((p) => this._serverTeamPermissionDefinitionFromCrud(p));
+    }, [crud]);
+  }
+  useSvixToken() {
+    const crud = useAsyncCache(this._svixTokenCache, [], "useSvixToken()");
+    return crud.token;
+  }
+  async _refreshProject() {
+    await Promise.all([
+      super._refreshProject(),
+      this._adminProjectCache.refresh([])
+    ]);
+  }
+  async _refreshApiKeys() {
+    await this._apiKeysCache.refresh([]);
+  }
+  get [stackAppInternalsSymbol]() {
+    return {
+      ...super[stackAppInternalsSymbol],
+      useMetrics: () => {
+        return useAsyncCache(this._metricsCache, [], "useMetrics()");
+      }
+    };
+  }
+  async sendTestEmail(options) {
+    const response = await this._interface.sendTestEmail({
+      recipient_email: options.recipientEmail,
+      email_config: {
+        ...(0, import_objects.pick)(options.emailConfig, ["host", "port", "username", "password"]),
+        sender_email: options.emailConfig.senderEmail,
+        sender_name: options.emailConfig.senderName
+      }
+    });
+    if (response.success) {
+      return import_results.Result.ok(void 0);
+    } else {
+      return import_results.Result.error({ errorMessage: response.error_message ?? (0, import_errors.throwErr)("Email test error not specified") });
+    }
+  }
+};
+function contactChannelCreateOptionsToCrud(userId, options) {
+  return {
+    value: options.value,
+    type: options.type,
+    used_for_auth: options.usedForAuth,
+    user_id: userId
+  };
+}
+function contactChannelUpdateOptionsToCrud(options) {
+  return {
+    value: options.value,
+    used_for_auth: options.usedForAuth,
+    is_primary: options.isPrimary
+  };
+}
+function serverContactChannelUpdateOptionsToCrud(options) {
+  return {
+    value: options.value,
+    is_verified: options.isVerified,
+    used_for_auth: options.usedForAuth
+  };
+}
+function serverContactChannelCreateOptionsToCrud(userId, options) {
+  return {
+    type: options.type,
+    value: options.value,
+    is_verified: options.isVerified,
+    user_id: userId,
+    used_for_auth: options.usedForAuth
+  };
+}
+function userUpdateOptionsToCrud(options) {
+  return {
+    display_name: options.displayName,
+    client_metadata: options.clientMetadata,
+    selected_team_id: options.selectedTeamId,
+    totp_secret_base64: options.totpMultiFactorSecret != null ? (0, import_bytes.encodeBase64)(options.totpMultiFactorSecret) : options.totpMultiFactorSecret,
+    profile_image_url: options.profileImageUrl,
+    otp_auth_enabled: options.otpAuthEnabled,
+    passkey_auth_enabled: options.passkeyAuthEnabled
+  };
+}
+function serverUserUpdateOptionsToCrud(options) {
+  return {
+    display_name: options.displayName,
+    primary_email: options.primaryEmail,
+    client_metadata: options.clientMetadata,
+    client_read_only_metadata: options.clientReadOnlyMetadata,
+    server_metadata: options.serverMetadata,
+    selected_team_id: options.selectedTeamId,
+    primary_email_auth_enabled: options.primaryEmailAuthEnabled,
+    primary_email_verified: options.primaryEmailVerified,
+    password: options.password,
+    profile_image_url: options.profileImageUrl,
+    totp_secret_base64: options.totpMultiFactorSecret != null ? (0, import_bytes.encodeBase64)(options.totpMultiFactorSecret) : options.totpMultiFactorSecret
+  };
+}
+function serverUserCreateOptionsToCrud(options) {
+  return {
+    primary_email: options.primaryEmail,
+    password: options.password,
+    otp_auth_enabled: options.otpAuthEnabled,
+    primary_email_auth_enabled: options.primaryEmailAuthEnabled,
+    display_name: options.displayName,
+    primary_email_verified: options.primaryEmailVerified,
+    client_metadata: options.clientMetadata,
+    client_read_only_metadata: options.clientReadOnlyMetadata,
+    server_metadata: options.serverMetadata
+  };
+}
+function adminProjectUpdateOptionsToCrud(options) {
+  return {
+    display_name: options.displayName,
+    description: options.description,
+    is_production_mode: options.isProductionMode,
+    config: {
+      domains: options.config?.domains?.map((d) => ({
+        domain: d.domain,
+        handler_path: d.handlerPath
+      })),
+      oauth_providers: options.config?.oauthProviders?.map((p) => ({
+        id: p.id,
+        enabled: p.enabled,
+        type: p.type,
+        ...p.type === "standard" && {
+          client_id: p.clientId,
+          client_secret: p.clientSecret,
+          facebook_config_id: p.facebookConfigId,
+          microsoft_tenant_id: p.microsoftTenantId
+        }
+      })),
+      email_config: options.config?.emailConfig && (options.config.emailConfig.type === "shared" ? {
+        type: "shared"
+      } : {
+        type: "standard",
+        host: options.config.emailConfig.host,
+        port: options.config.emailConfig.port,
+        username: options.config.emailConfig.username,
+        password: options.config.emailConfig.password,
+        sender_name: options.config.emailConfig.senderName,
+        sender_email: options.config.emailConfig.senderEmail
+      }),
+      sign_up_enabled: options.config?.signUpEnabled,
+      credential_enabled: options.config?.credentialEnabled,
+      magic_link_enabled: options.config?.magicLinkEnabled,
+      passkey_enabled: options.config?.passkeyEnabled,
+      allow_localhost: options.config?.allowLocalhost,
+      create_team_on_sign_up: options.config?.createTeamOnSignUp,
+      client_team_creation_enabled: options.config?.clientTeamCreationEnabled,
+      client_user_deletion_enabled: options.config?.clientUserDeletionEnabled,
+      team_creator_default_permissions: options.config?.teamCreatorDefaultPermissions,
+      team_member_default_permissions: options.config?.teamMemberDefaultPermissions
+    }
+  };
+}
+function adminProjectCreateOptionsToCrud(options) {
+  return {
+    ...adminProjectUpdateOptionsToCrud(options),
+    display_name: options.displayName
+  };
+}
+function apiKeyCreateOptionsToCrud(options) {
+  return {
+    description: options.description,
+    expires_at_millis: options.expiresAt.getTime(),
+    has_publishable_client_key: options.hasPublishableClientKey,
+    has_secret_server_key: options.hasSecretServerKey,
+    has_super_secret_admin_key: options.hasSuperSecretAdminKey
+  };
+}
+function teamUpdateOptionsToCrud(options) {
+  return {
+    display_name: options.displayName,
+    profile_image_url: options.profileImageUrl,
+    client_metadata: options.clientMetadata
+  };
+}
+function teamCreateOptionsToCrud(options, creatorUserId) {
+  return {
+    display_name: options.displayName,
+    profile_image_url: options.profileImageUrl,
+    creator_user_id: creatorUserId
+  };
+}
+function serverTeamCreateOptionsToCrud(options) {
+  return {
+    display_name: options.displayName,
+    profile_image_url: options.profileImageUrl,
+    creator_user_id: options.creatorUserId
+  };
+}
+function serverTeamUpdateOptionsToCrud(options) {
+  return {
+    display_name: options.displayName,
+    profile_image_url: options.profileImageUrl,
+    client_metadata: options.clientMetadata,
+    client_read_only_metadata: options.clientReadOnlyMetadata,
+    server_metadata: options.serverMetadata
+  };
+}
+function serverTeamPermissionDefinitionCreateOptionsToCrud(options) {
+  return {
+    id: options.id,
+    description: options.description,
+    contained_permission_ids: options.containedPermissionIds
+  };
+}
+function serverTeamPermissionDefinitionUpdateOptionsToCrud(options) {
+  return {
+    id: options.id,
+    description: options.description,
+    contained_permission_ids: options.containedPermissionIds
+  };
+}
+var StackClientApp = _StackClientAppImpl;
+var StackServerApp = _StackServerAppImpl;
+var StackAdminApp = _StackAdminAppImpl;
+function adminEmailTemplateUpdateOptionsToCrud(options) {
+  return {
+    subject: options.subject,
+    content: options.content
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  StackAdminApp,
+  StackClientApp,
+  StackServerApp,
+  serverTeamPermissionDefinitionCreateOptionsToCrud,
+  serverTeamPermissionDefinitionUpdateOptionsToCrud,
+  stackAppInternalsSymbol
+});
+//# sourceMappingURL=stack-app.js.map