npm - @stackframe/stack - Versions diffs - 2.5.3 → 2.5.4 - Mend

@stackframe/stack 2.5.3 → 2.5.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (144) hide show

package/CHANGELOG.md +10 -0
package/dist/components/credential-sign-in-form.js +4 -14
package/dist/components/credential-sign-in-form.js.map +1 -1
package/dist/components/credential-sign-up-form.js +18 -20
package/dist/components/credential-sign-up-form.js.map +1 -1
package/dist/components/elements/maybe-full-page.js.map +1 -1
package/dist/components/elements/ssr-layout-effect.d.mts +1 -0
package/dist/components/elements/ssr-layout-effect.d.ts +1 -0
package/dist/components/elements/ssr-layout-effect.js +8 -1
package/dist/components/elements/ssr-layout-effect.js.map +1 -1
package/dist/components/elements/user-avatar.d.mts +5 -3
package/dist/components/elements/user-avatar.d.ts +5 -3
package/dist/components/elements/user-avatar.js.map +1 -1
package/dist/components/forgot-password-form.js +3 -13
package/dist/components/forgot-password-form.js.map +1 -1
package/dist/components/magic-link-sign-in-form.js +3 -13
package/dist/components/magic-link-sign-in-form.js.map +1 -1
package/dist/components/message-cards/known-error-message-card.js.map +1 -1
package/dist/components/message-cards/message-card.js.map +1 -1
package/dist/components/message-cards/predefined-message-card.js.map +1 -1
package/dist/components/oauth-button-group.d.mts +7 -2
package/dist/components/oauth-button-group.d.ts +7 -2
package/dist/components/oauth-button-group.js +1 -1
package/dist/components/oauth-button-group.js.map +1 -1
package/dist/components/oauth-button.js +28 -26
package/dist/components/oauth-button.js.map +1 -1
package/dist/components/password-reset-form.js +4 -3
package/dist/components/password-reset-form.js.map +1 -1
package/dist/components/selected-team-switcher.d.mts +5 -3
package/dist/components/selected-team-switcher.d.ts +5 -3
package/dist/components/selected-team-switcher.js +12 -1
package/dist/components/selected-team-switcher.js.map +1 -1
package/dist/components/user-button.js.map +1 -1
package/dist/components-page/account-settings.js +42 -7
package/dist/components-page/account-settings.js.map +1 -1
package/dist/components-page/auth-page.d.mts +9 -2
package/dist/components-page/auth-page.d.ts +9 -2
package/dist/components-page/auth-page.js +3 -3
package/dist/components-page/auth-page.js.map +1 -1
package/dist/components-page/email-verification.js +12 -2
package/dist/components-page/email-verification.js.map +1 -1
package/dist/components-page/error-page.js.map +1 -1
package/dist/components-page/magic-link-callback.js +13 -3
package/dist/components-page/magic-link-callback.js.map +1 -1
package/dist/components-page/password-reset.js +2 -2
package/dist/components-page/password-reset.js.map +1 -1
package/dist/components-page/sign-out.js +12 -2
package/dist/components-page/sign-out.js.map +1 -1
package/dist/components-page/stack-handler.d.mts +5 -3
package/dist/components-page/stack-handler.d.ts +5 -3
package/dist/components-page/stack-handler.js +27 -10
package/dist/components-page/stack-handler.js.map +1 -1
package/dist/esm/components/credential-sign-in-form.js +4 -4
package/dist/esm/components/credential-sign-in-form.js.map +1 -1
package/dist/esm/components/credential-sign-up-form.js +18 -20
package/dist/esm/components/credential-sign-up-form.js.map +1 -1
package/dist/esm/components/elements/maybe-full-page.js.map +1 -1
package/dist/esm/components/elements/ssr-layout-effect.js +8 -1
package/dist/esm/components/elements/ssr-layout-effect.js.map +1 -1
package/dist/esm/components/elements/user-avatar.js.map +1 -1
package/dist/esm/components/forgot-password-form.js +3 -3
package/dist/esm/components/forgot-password-form.js.map +1 -1
package/dist/esm/components/magic-link-sign-in-form.js +3 -3
package/dist/esm/components/magic-link-sign-in-form.js.map +1 -1
package/dist/esm/components/message-cards/known-error-message-card.js.map +1 -1
package/dist/esm/components/message-cards/message-card.js.map +1 -1
package/dist/esm/components/message-cards/predefined-message-card.js.map +1 -1
package/dist/esm/components/oauth-button-group.js +1 -1
package/dist/esm/components/oauth-button-group.js.map +1 -1
package/dist/esm/components/oauth-button.js +29 -27
package/dist/esm/components/oauth-button.js.map +1 -1
package/dist/esm/components/password-reset-form.js +4 -3
package/dist/esm/components/password-reset-form.js.map +1 -1
package/dist/esm/components/selected-team-switcher.js +2 -1
package/dist/esm/components/selected-team-switcher.js.map +1 -1
package/dist/esm/components/user-button.js.map +1 -1
package/dist/esm/components-page/account-settings.js +42 -7
package/dist/esm/components-page/account-settings.js.map +1 -1
package/dist/esm/components-page/auth-page.js +3 -3
package/dist/esm/components-page/auth-page.js.map +1 -1
package/dist/esm/components-page/email-verification.js +2 -2
package/dist/esm/components-page/email-verification.js.map +1 -1
package/dist/esm/components-page/error-page.js.map +1 -1
package/dist/esm/components-page/magic-link-callback.js +3 -3
package/dist/esm/components-page/magic-link-callback.js.map +1 -1
package/dist/esm/components-page/password-reset.js +2 -2
package/dist/esm/components-page/password-reset.js.map +1 -1
package/dist/esm/components-page/sign-out.js +2 -2
package/dist/esm/components-page/sign-out.js.map +1 -1
package/dist/esm/components-page/stack-handler.js +27 -10
package/dist/esm/components-page/stack-handler.js.map +1 -1
package/dist/esm/index.js +1 -4
package/dist/esm/index.js.map +1 -1
package/dist/esm/lib/auth.js.map +1 -1
package/dist/esm/lib/cookie.js +6 -1
package/dist/esm/lib/cookie.js.map +1 -1
package/dist/esm/lib/hooks.js.map +1 -1
package/dist/esm/lib/stack-app.js +478 -349
package/dist/esm/lib/stack-app.js.map +1 -1
package/dist/esm/providers/stack-provider-client.js +3 -4
package/dist/esm/providers/stack-provider-client.js.map +1 -1
package/dist/esm/providers/theme-provider.js +16 -7
package/dist/esm/providers/theme-provider.js.map +1 -1
package/dist/esm/utils/browser-script.js +2 -2
package/dist/esm/utils/browser-script.js.map +1 -1
package/dist/esm/utils/email.js +2 -2
package/dist/esm/utils/email.js.map +1 -1
package/dist/index.d.mts +6 -4
package/dist/index.d.ts +6 -4
package/dist/index.js +4 -8
package/dist/index.js.map +1 -1
package/dist/lib/auth.js.map +1 -1
package/dist/lib/cookie.js +6 -1
package/dist/lib/cookie.js.map +1 -1
package/dist/lib/hooks.d.mts +5 -3
package/dist/lib/hooks.d.ts +5 -3
package/dist/lib/hooks.js.map +1 -1
package/dist/lib/stack-app.d.mts +219 -114
package/dist/lib/stack-app.d.ts +219 -114
package/dist/lib/stack-app.js +500 -369
package/dist/lib/stack-app.js.map +1 -1
package/dist/providers/stack-provider-client.d.mts +8 -6
package/dist/providers/stack-provider-client.d.ts +8 -6
package/dist/providers/stack-provider-client.js +4 -5
package/dist/providers/stack-provider-client.js.map +1 -1
package/dist/providers/stack-provider.d.mts +5 -3
package/dist/providers/stack-provider.d.ts +5 -3
package/dist/providers/theme-provider.d.mts +2 -1
package/dist/providers/theme-provider.d.ts +2 -1
package/dist/providers/theme-provider.js +15 -6
package/dist/providers/theme-provider.js.map +1 -1
package/dist/utils/browser-script.d.mts +3 -1
package/dist/utils/browser-script.d.ts +3 -1
package/dist/utils/browser-script.js +2 -2
package/dist/utils/browser-script.js.map +1 -1
package/dist/utils/email.js +2 -12
package/dist/utils/email.js.map +1 -1
package/package.json +4 -5
package/dist/esm/providers/styled-components-registry.js +0 -25
package/dist/esm/providers/styled-components-registry.js.map +0 -1
package/dist/providers/styled-components-registry.d.mts +0 -8
package/dist/providers/styled-components-registry.d.ts +0 -8
package/dist/providers/styled-components-registry.js +0 -45
package/dist/providers/styled-components-registry.js.map +0 -1

package/dist/lib/stack-app.js CHANGED Viewed

@@ -33,36 +33,35 @@ __export(stack_app_exports, {
   StackAdminApp: () => StackAdminApp,
   StackClientApp: () => StackClientApp,
   StackServerApp: () => StackServerApp,
+  serverTeamPermissionDefinitionCreateOptionsToCrud: () => serverTeamPermissionDefinitionCreateOptionsToCrud,
+  serverTeamPermissionDefinitionUpdateOptionsToCrud: () => serverTeamPermissionDefinitionUpdateOptionsToCrud,
   stackAppInternalsSymbol: () => stackAppInternalsSymbol
 });
 module.exports = __toCommonJS(stack_app_exports);
-var import_react = __toESM(require("react"));
+var import_stack_sc = require("@stackframe/stack-sc");
 var import_stack_shared = require("@stackframe/stack-shared");
-var import_cookie = require("./cookie");
+var import_production_mode = require("@stackframe/stack-shared/dist/helpers/production-mode");
+var import_sessions = require("@stackframe/stack-shared/dist/sessions");
+var import_caches = require("@stackframe/stack-shared/dist/utils/caches");
+var import_compile_time = require("@stackframe/stack-shared/dist/utils/compile-time");
+var import_env = require("@stackframe/stack-shared/dist/utils/env");
 var import_errors = require("@stackframe/stack-shared/dist/utils/errors");
-var import_uuids = require("@stackframe/stack-shared/dist/utils/uuids");
+var import_maps = require("@stackframe/stack-shared/dist/utils/maps");
+var import_objects = require("@stackframe/stack-shared/dist/utils/objects");
+var import_promises = require("@stackframe/stack-shared/dist/utils/promises");
+var import_react = require("@stackframe/stack-shared/dist/utils/react");
 var import_results = require("@stackframe/stack-shared/dist/utils/results");
-var import_react2 = require("@stackframe/stack-shared/dist/utils/react");
 var import_stores = require("@stackframe/stack-shared/dist/utils/stores");
-var import_clientInterface = require("@stackframe/stack-shared/dist/interface/clientInterface");
-var import_env = require("@stackframe/stack-shared/dist/utils/env");
-var import_auth = require("./auth");
+var import_strings = require("@stackframe/stack-shared/dist/utils/strings");
+var import_uuids = require("@stackframe/stack-shared/dist/utils/uuids");
+var cookie = __toESM(require("cookie"));
 var NextNavigationUnscrambled = __toESM(require("next/navigation"));
+var import_react2 = __toESM(require("react"));
 var import_url = require("../utils/url");
-var import_objects = require("@stackframe/stack-shared/dist/utils/objects");
-var import_promises = require("@stackframe/stack-shared/dist/utils/promises");
-var import_caches = require("@stackframe/stack-shared/dist/utils/caches");
-var import_react3 = require("@stackframe/stack-shared/dist/utils/react");
-var import_compile_time = require("@stackframe/stack-shared/dist/utils/compile-time");
-var import_stack_sc = require("@stackframe/stack-sc");
-var cookie = __toESM(require("cookie"));
-var import_sessions = require("@stackframe/stack-shared/dist/sessions");
-var import_strings = require("@stackframe/stack-shared/dist/utils/strings");
+var import_auth = require("./auth");
+var import_cookie = require("./cookie");
 var NextNavigation = (0, import_compile_time.scrambleDuringCompileTime)(NextNavigationUnscrambled);
-var clientVersion = "js @stackframe/stack@2.5.3";
-function permissionDefinitionScopeToType(scope) {
-  return { "any-team": "team", "specific-team": "team", "global": "global" }[scope.type];
-}
+var clientVersion = "js @stackframe/stack@2.5.4";
 function getUrls(partial) {
   const handler = partial.handler ?? "/handler";
   return {
@@ -111,7 +110,7 @@ function getDefaultSuperSecretAdminKey() {
 function getDefaultBaseUrl() {
   return process.env.NEXT_PUBLIC_STACK_URL || defaultBaseUrl;
 }
-var defaultBaseUrl = "https://app.stack-auth.com";
+var defaultBaseUrl = "https://api.stack-auth.com";
 function createEmptyTokenStore() {
   return new import_stores.Store({
     refreshToken: null,
@@ -120,27 +119,27 @@ function createEmptyTokenStore() {
 }
 var cachePromiseByComponentId = /* @__PURE__ */ new Map();
 function useAsyncCache(cache, dependencies, caller) {
-  (0, import_react2.suspendIfSsr)(caller);
-  const id = import_react.default.useId();
-  const subscribe = (0, import_react.useCallback)((cb) => {
+  (0, import_react.suspendIfSsr)(caller);
+  const id = import_react2.default.useId();
+  const subscribe = (0, import_react2.useCallback)((cb) => {
     const { unsubscribe } = cache.onStateChange(dependencies, () => {
       cachePromiseByComponentId.delete(id);
       cb();
     });
     return unsubscribe;
   }, [cache, ...dependencies]);
-  const getSnapshot = (0, import_react.useCallback)(() => {
+  const getSnapshot = (0, import_react2.useCallback)(() => {
     if (!cachePromiseByComponentId.has(id)) {
       cachePromiseByComponentId.set(id, cache.getOrWait(dependencies, "read-write"));
     }
     return cachePromiseByComponentId.get(id);
   }, [cache, ...dependencies]);
-  const promise = import_react.default.useSyncExternalStore(
+  const promise = import_react2.default.useSyncExternalStore(
     subscribe,
     getSnapshot,
     () => (0, import_errors.throwErr)(new Error("getServerSnapshot should never be called in useAsyncCache because we restrict to CSR earlier"))
   );
-  return (0, import_react.use)(promise);
+  return import_react2.default.use(promise);
 }
 var stackAppInternalsSymbol = Symbol.for("StackAppInternals");
 var allClientApps = /* @__PURE__ */ new Map();
@@ -167,12 +166,12 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     this._options = _options;
     this._uniqueIdentifier = void 0;
     this.__DEMO_ENABLE_SLIGHT_FETCH_DELAY = false;
+    this._ownedAdminApps = new import_maps.DependenciesMap();
     this._currentUserCache = createCacheBySession(async (session) => {
       if (this.__DEMO_ENABLE_SLIGHT_FETCH_DELAY) {
         await (0, import_promises.wait)(2e3);
       }
-      const user = await this._interface.getClientUserByToken(session);
-      return import_results.Result.or(user, null);
+      return await this._interface.getClientUserByToken(session);
     });
     this._currentProjectCache = createCache(async () => {
       return import_results.Result.orThrow(await this._interface.getClientProject());
@@ -180,11 +179,11 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     this._ownedProjectsCache = createCacheBySession(async (session) => {
       return await this._interface.listProjects(session);
     });
-    this._currentUserPermissionsCache = createCacheBySession(async (session, [teamId, type, direct]) => {
-      return await this._interface.listClientUserTeamPermissions({ teamId, type, direct }, session);
+    this._currentUserPermissionsCache = createCacheBySession(async (session, [teamId, recursive]) => {
+      return await this._interface.listCurrentUserTeamPermissions({ teamId, recursive }, session);
     });
     this._currentUserTeamsCache = createCacheBySession(async (session) => {
-      return await this._interface.listClientUserTeams(session);
+      return await this._interface.listCurrentUserTeams(session);
     });
     this._currentUserOAuthConnectionAccessTokensCache = createCacheBySession(
       async (session, [accountId, scope]) => {
@@ -202,7 +201,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       async (session, [connectionId, scope, redirect]) => {
         const user = await this._currentUserCache.getOrWait([session], "write-only");
         let hasConnection = true;
-        if (!user || !user.oauthProviders.find((p) => p === connectionId)) {
+        if (!user || !user.oauth_providers.find((p) => p.id === connectionId)) {
           hasConnection = false;
         }
         const token = await this._currentUserOAuthConnectionAccessTokensCache.getOrWait([session, connectionId, scope || ""], "write-only");
@@ -249,9 +248,9 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     this._storedCookieTokenStore = null;
     /**
      * A map from token stores and session keys to sessions.
-     *
+     *
      * This isn't just a map from session keys to sessions for two reasons:
-     *
+     *
      * - So we can garbage-collect Session objects when the token store is garbage-collected
      * - So different token stores are separated and don't leak information between each other, eg. if the same user sends two requests to the same server they should get a different session object
      */
@@ -273,9 +272,11 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       this._uniqueIdentifier = _options.uniqueIdentifier;
       this._initUniqueIdentifier();
     }
-    numberOfAppsCreated++;
-    if (numberOfAppsCreated > 10) {
-      (process.env.NODE_ENV === "development" ? console.log : console.warn)(`You have created more than 10 Stack apps (${numberOfAppsCreated}). This is usually a sign of a memory leak, but can sometimes be caused by hot reload of your tech stack. In production, make sure to minimize the number of Stack apps per page (usually, one per project).`);
+    if (!_options.noAutomaticPrefetch) {
+      numberOfAppsCreated++;
+      if (numberOfAppsCreated > 10) {
+        (process.env.NODE_ENV === "development" ? console.log : console.warn)(`You have created more than 10 Stack apps with automatic pre-fetch enabled (${numberOfAppsCreated}). This is usually a sign of a memory leak, but can sometimes be caused by hot reload of your tech stack. If you are getting this error and it is not caused by hot reload, make sure to minimize the number of Stack apps per page (usually, one per project). (If it is caused by hot reload and does not occur in production, you can safely ignore it.)`);
+      }
     }
   }
   _initUniqueIdentifier() {
@@ -289,7 +290,8 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   }
   /**
    * Cloudflare workers does not allow use of randomness on the global scope (on which the Stack app is probably
-   * initialized). For that reason, we generate the unique identifier lazily when it is first needed.
+   * initialized). For that reason, we generate the unique identifier lazily when it is first needed instead of in the
+   * constructor.
    */
   _getUniqueIdentifier() {
     if (!this._uniqueIdentifier) {
@@ -465,14 +467,14 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   }
   _useSession(overrideTokenStoreInit) {
     const tokenStore = this._getOrCreateTokenStore(overrideTokenStoreInit);
-    const subscribe = (0, import_react.useCallback)((cb) => {
+    const subscribe = (0, import_react2.useCallback)((cb) => {
       const { unsubscribe } = tokenStore.onChange(() => {
         cb();
       });
       return unsubscribe;
     }, [tokenStore]);
-    const getSnapshot = (0, import_react.useCallback)(() => this._getSessionFromTokenStore(tokenStore), [tokenStore]);
-    return import_react.default.useSyncExternalStore(subscribe, getSnapshot, getSnapshot);
+    const getSnapshot = (0, import_react2.useCallback)(() => this._getSessionFromTokenStore(tokenStore), [tokenStore]);
+    return import_react2.default.useSyncExternalStore(subscribe, getSnapshot, getSnapshot);
   }
   async _signInToAccountWithTokens(tokens) {
     const tokenStore = this._getOrCreateTokenStore();
@@ -494,38 +496,28 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       throw new Error("Cannot call this function on a Stack app with a project ID other than 'internal'.");
     }
   }
-  _permissionFromJson(json) {
-    const type = permissionDefinitionScopeToType(json.scope);
-    if (type === "team") {
-      return {
-        id: json.id,
-        type,
-        teamId: json.scope.teamId
-      };
-    } else {
-      return {
-        id: json.id,
-        type
-      };
-    }
-  }
-  _teamFromJson(json) {
+  _clientProjectFromCrud(crud) {
     return {
-      id: json.id,
-      displayName: json.displayName,
-      profileImageUrl: json.profileImageUrl,
-      createdAt: new Date(json.createdAtMillis),
-      toJson() {
-        return json;
+      id: crud.id,
+      config: {
+        credentialEnabled: crud.config.credential_enabled,
+        magicLinkEnabled: crud.config.magic_link_enabled,
+        oauthProviders: crud.config.oauth_providers.map((p) => ({
+          id: p.id
+        }))
       }
     };
   }
-  _teamMemberFromJson(json) {
-    if (json === null) return null;
+  _clientTeamPermissionFromCrud(crud) {
+    return {
+      id: crud.id
+    };
+  }
+  _clientTeamFromCrud(crud) {
     return {
-      teamId: json.teamId,
-      userId: json.userId,
-      displayName: json.displayName
+      id: crud.id,
+      displayName: crud.display_name,
+      profileImageUrl: crud.profile_image_url
     };
   }
   _createAuth(session) {
@@ -555,41 +547,29 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       }
     };
   }
-  _createBaseUser(json) {
+  _createBaseUser(crud) {
+    if (!crud) {
+      throw new import_errors.StackAssertionError("User not found");
+    }
     return {
-      projectId: json.projectId,
-      id: json.id,
-      displayName: json.displayName,
-      primaryEmail: json.primaryEmail,
-      primaryEmailVerified: json.primaryEmailVerified,
-      profileImageUrl: json.profileImageUrl,
-      signedUpAt: new Date(json.signedUpAtMillis),
-      clientMetadata: json.clientMetadata,
-      hasPassword: json.hasPassword,
-      authWithEmail: json.authWithEmail,
-      oauthProviders: json.oauthProviders,
-      selectedTeam: json.selectedTeam && this._teamFromJson(json.selectedTeam),
+      projectId: crud.project_id,
+      id: crud.id,
+      displayName: crud.display_name,
+      primaryEmail: crud.primary_email,
+      primaryEmailVerified: crud.primary_email_verified,
+      profileImageUrl: crud.profile_image_url,
+      signedUpAt: new Date(crud.signed_up_at_millis),
+      clientMetadata: crud.client_metadata,
+      hasPassword: crud.has_password,
+      emailAuthEnabled: crud.auth_with_email,
+      oauthProviders: crud.oauth_providers,
+      selectedTeam: crud.selected_team && this._clientTeamFromCrud(crud.selected_team),
       toClientJson() {
-        return (0, import_objects.pick)(json, [
-          "projectId",
-          "id",
-          "displayName",
-          "primaryEmail",
-          "primaryEmailVerified",
-          "profileImageUrl",
-          "signedUpAtMillis",
-          "clientMetadata",
-          "hasPassword",
-          "authMethod",
-          "authWithEmail",
-          "selectedTeamId",
-          "selectedTeam",
-          "oauthProviders"
-        ]);
+        return crud;
       }
     };
   }
-  _createUserExtra(json, session) {
+  _createCurrentUserExtra(crud, session) {
     const app = this;
     async function getConnectedAccount(id, options) {
       const scopeString = options?.scopes?.join(" ");
@@ -617,34 +597,36 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       },
       useTeam(teamId) {
         const teams = this.useTeams();
-        return (0, import_react.useMemo)(() => {
+        return (0, import_react2.useMemo)(() => {
           return teams.find((t) => t.id === teamId) ?? null;
         }, [teams, teamId]);
       },
       async listTeams() {
         const teams = await app._currentUserTeamsCache.getOrWait([session], "write-only");
-        return teams.map((json2) => app._teamFromJson(json2));
+        return teams.map((crud2) => app._clientTeamFromCrud(crud2));
       },
       useTeams() {
         const teams = useAsyncCache(app._currentUserTeamsCache, [session], "user.useTeams()");
-        return (0, import_react.useMemo)(() => teams.map((json2) => app._teamFromJson(json2)), [teams]);
+        return (0, import_react2.useMemo)(() => teams.map((crud2) => app._clientTeamFromCrud(crud2)), [teams]);
       },
       async createTeam(data) {
-        const teamJson = await app._interface.createTeamForCurrentUser(data, session);
+        const crud2 = await app._interface.createTeamForCurrentUser(teamCreateOptionsToCrud(data), session);
         await app._currentUserTeamsCache.refresh([session]);
-        return app._teamFromJson(teamJson);
+        return app._clientTeamFromCrud(crud2);
       },
       async listPermissions(scope, options) {
-        const permissions = await app._currentUserPermissionsCache.getOrWait([session, scope.id, "team", !!options?.direct], "write-only");
-        return permissions.map((json2) => app._permissionFromJson(json2));
+        const recursive = options?.recursive ?? true;
+        const permissions = await app._currentUserPermissionsCache.getOrWait([session, scope.id, recursive], "write-only");
+        return permissions.map((crud2) => app._clientTeamPermissionFromCrud(crud2));
       },
       usePermissions(scope, options) {
-        const permissions = useAsyncCache(app._currentUserPermissionsCache, [session, scope.id, "team", !!options?.direct], "user.usePermissions()");
-        return (0, import_react.useMemo)(() => permissions.map((json2) => app._permissionFromJson(json2)), [permissions]);
+        const recursive = options?.recursive ?? true;
+        const permissions = useAsyncCache(app._currentUserPermissionsCache, [session, scope.id, recursive], "user.usePermissions()");
+        return (0, import_react2.useMemo)(() => permissions.map((crud2) => app._clientTeamPermissionFromCrud(crud2)), [permissions]);
       },
       usePermission(scope, permissionId) {
         const permissions = this.usePermissions(scope);
-        return (0, import_react.useMemo)(() => permissions.find((p) => p.id === permissionId) ?? null, [permissions, permissionId]);
+        return (0, import_react2.useMemo)(() => permissions.find((p) => p.id === permissionId) ?? null, [permissions, permissionId]);
       },
       async getPermission(scope, permissionId) {
         const permissions = await this.listPermissions(scope);
@@ -654,7 +636,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
         return await this.getPermission(scope, permissionId) !== null;
       },
       update(update) {
-        return app._updateUser(update, session);
+        return app._updateClientUser(update, session);
       },
       sendVerificationEmail() {
         return app._sendVerificationEmail(session);
@@ -679,58 +661,27 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       }
     };
   }
-  _createCurrentUser(json, session) {
+  _currentUserFromCrud(crud, session) {
     const currentUser = {
-      ...this._createBaseUser(json),
+      ...this._createBaseUser(crud),
       ...this._createAuth(session),
-      ...this._createUserExtra(json, session),
+      ...this._createCurrentUserExtra(crud, session),
       ...this._isInternalProject() ? this._createInternalUserExtra(session) : {}
     };
     Object.freeze(currentUser);
     return currentUser;
   }
-  _projectAdminFromJson(data, adminInterface, onRefresh) {
-    if (data.id !== adminInterface.projectId) {
-      throw new Error(`The project ID of the provided project JSON (${data.id}) does not match the project ID of the app (${adminInterface.projectId})! This is a Stack bug.`);
+  _getOwnedAdminApp(forProjectId, session) {
+    if (!this._ownedAdminApps.has([session, forProjectId])) {
+      this._ownedAdminApps.set([session, forProjectId], new _StackAdminAppImpl({
+        baseUrl: this._interface.options.baseUrl,
+        projectId: forProjectId,
+        tokenStore: null,
+        projectOwnerSession: session,
+        noAutomaticPrefetch: true
+      }));
     }
-    return {
-      id: data.id,
-      displayName: data.displayName,
-      description: data.description,
-      createdAt: new Date(data.createdAtMillis),
-      userCount: data.userCount,
-      isProductionMode: data.isProductionMode,
-      evaluatedConfig: {
-        id: data.evaluatedConfig.id,
-        credentialEnabled: data.evaluatedConfig.credentialEnabled,
-        magicLinkEnabled: data.evaluatedConfig.magicLinkEnabled,
-        allowLocalhost: data.evaluatedConfig.allowLocalhost,
-        oauthProviders: data.evaluatedConfig.oauthProviders,
-        emailConfig: data.evaluatedConfig.emailConfig,
-        domains: data.evaluatedConfig.domains,
-        createTeamOnSignUp: data.evaluatedConfig.createTeamOnSignUp,
-        teamCreatorDefaultPermissions: data.evaluatedConfig.teamCreatorDefaultPermissions,
-        teamMemberDefaultPermissions: data.evaluatedConfig.teamMemberDefaultPermissions
-      },
-      async update(update) {
-        await adminInterface.updateProject(update);
-        await onRefresh();
-      },
-      toJson() {
-        return data;
-      },
-      getProductionModeErrors() {
-        return (0, import_clientInterface.getProductionModeErrors)(this.toJson());
-      }
-    };
-  }
-  _createAdminInterface(forProjectId, session) {
-    return new import_stack_shared.StackAdminInterface({
-      baseUrl: this._interface.options.baseUrl,
-      projectId: forProjectId,
-      clientVersion,
-      projectOwnerSession: session
-    });
+    return this._ownedAdminApps.get([session, forProjectId]);
   }
   get projectId() {
     return this._interface.projectId;
@@ -810,8 +761,8 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   async getUser(options) {
     this._ensurePersistentTokenStore(options?.tokenStore);
     const session = this._getSession(options?.tokenStore);
-    const userJson = await this._currentUserCache.getOrWait([session], "write-only");
-    if (userJson === null) {
+    const crud = await this._currentUserCache.getOrWait([session], "write-only");
+    if (crud === null) {
       switch (options?.or) {
         case "redirect": {
           await this.redirectToSignIn();
@@ -825,18 +776,18 @@ var _StackClientAppImpl = class __StackClientAppImpl {
         }
       }
     }
-    return userJson && this._createCurrentUser(userJson, session);
+    return crud && this._currentUserFromCrud(crud, session);
   }
   useUser(options) {
     this._ensurePersistentTokenStore(options?.tokenStore);
     const router = NextNavigation.useRouter();
     const session = this._useSession(options?.tokenStore);
-    const userJson = useAsyncCache(this._currentUserCache, [session], "useUser()");
-    if (userJson === null) {
+    const crud = useAsyncCache(this._currentUserCache, [session], "useUser()");
+    if (crud === null) {
       switch (options?.or) {
         case "redirect": {
           setTimeout(() => router.replace(this.urls.signIn), 0);
-          (0, import_react3.suspend)();
+          (0, import_react.suspend)();
           throw new import_errors.StackAssertionError("suspend should never return");
         }
         case "throw": {
@@ -847,12 +798,12 @@ var _StackClientAppImpl = class __StackClientAppImpl {
         }
       }
     }
-    return (0, import_react.useMemo)(() => {
-      return userJson && this._createCurrentUser(userJson, session);
-    }, [userJson, session, options?.or]);
+    return (0, import_react2.useMemo)(() => {
+      return crud && this._currentUserFromCrud(crud, session);
+    }, [crud, session, options?.or]);
   }
-  async _updateUser(update, session) {
-    const res = await this._interface.setClientUserCustomizableData(update, session);
+  async _updateClientUser(update, session) {
+    const res = await this._interface.updateClientUser(userUpdateOptionsToCrud(update), session);
     await this._refreshUser(session);
     return res;
   }
@@ -896,8 +847,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   }
   async signInWithMagicLink(code) {
     this._ensurePersistentTokenStore();
-    const session = this._getSession();
-    const result = await this._interface.signInWithMagicLink(code, session);
+    const result = await this._interface.signInWithMagicLink(code);
     if (result instanceof import_stack_shared.KnownError) {
       return result;
     }
@@ -944,35 +894,34 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     }
   }
   async getProject() {
-    return await this._currentProjectCache.getOrWait([], "write-only");
+    const crud = await this._currentProjectCache.getOrWait([], "write-only");
+    return this._clientProjectFromCrud(crud);
   }
   useProject() {
-    return useAsyncCache(this._currentProjectCache, [], "useProject()");
+    const crud = useAsyncCache(this._currentProjectCache, [], "useProject()");
+    return (0, import_react2.useMemo)(() => this._clientProjectFromCrud(crud), [crud]);
   }
   async _listOwnedProjects(session) {
     this._ensureInternalProject();
-    const json = await this._ownedProjectsCache.getOrWait([session], "write-only");
-    return json.map((j) => this._projectAdminFromJson(
+    const crud = await this._ownedProjectsCache.getOrWait([session], "write-only");
+    return crud.map((j) => this._getOwnedAdminApp(j.id, session)._adminOwnedProjectFromCrud(
       j,
-      this._createAdminInterface(j.id, session),
       () => this._refreshOwnedProjects(session)
     ));
   }
   _useOwnedProjects(session) {
     this._ensureInternalProject();
-    const json = useAsyncCache(this._ownedProjectsCache, [session], "useOwnedProjects()");
-    return (0, import_react.useMemo)(() => json.map((j) => this._projectAdminFromJson(
+    const projects = useAsyncCache(this._ownedProjectsCache, [session], "useOwnedProjects()");
+    return (0, import_react2.useMemo)(() => projects.map((j) => this._getOwnedAdminApp(j.id, session)._adminOwnedProjectFromCrud(
       j,
-      this._createAdminInterface(j.id, session),
       () => this._refreshOwnedProjects(session)
-    )), [json]);
+    )), [projects]);
   }
   async _createProject(session, newProject) {
     this._ensureInternalProject();
-    const json = await this._interface.createProject(newProject, session);
-    const res = this._projectAdminFromJson(
-      json,
-      this._createAdminInterface(json.id, session),
+    const crud = await this._interface.createProject(adminProjectCreateOptionsToCrud(newProject), session);
+    const res = this._getOwnedAdminApp(crud.id, session)._adminOwnedProjectFromCrud(
+      crud,
       () => this._refreshOwnedProjects(session)
     );
     await this._refreshOwnedProjects(session);
@@ -1056,8 +1005,7 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
     });
     // TODO override the client user cache to use the server user cache, so we save some requests
     this._currentServerUserCache = createCacheBySession(async (session) => {
-      const user = await this._interface.getServerUserByToken(session);
-      return import_results.Result.or(user, null);
+      return await this._interface.getServerUserByToken(session);
     });
     this._serverUsersCache = createCache(async () => {
       return await this._interface.listServerUsers();
@@ -1069,36 +1017,32 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
     this._serverTeamsCache = createCache(async () => {
       return await this._interface.listServerTeams();
     });
-    this._serverTeamMembersCache = createCache(async ([teamId]) => {
-      return await this._interface.listServerTeamMembers(teamId);
+    this._serverCurrentUserTeamsCache = createCacheBySession(async (session) => {
+      return await this._interface.listServerCurrentUserTeams(session);
     });
-    this._serverTeamPermissionDefinitionsCache = createCache(async () => {
-      return await this._interface.listPermissionDefinitions();
+    this._serverTeamUsersCache = createCache(async ([teamId]) => {
+      return await this._interface.listServerTeamUsers(teamId);
     });
-    this._serverTeamUserPermissionsCache = createCache(async ([teamId, userId, type, direct]) => {
-      return await this._interface.listServerTeamMemberPermissions({ teamId, userId, type, direct });
-    });
-    this._serverEmailTemplatesCache = createCache(async () => {
-      return await this._interface.listEmailTemplates();
+    this._serverTeamUserPermissionsCache = createCache(async ([teamId, userId, recursive]) => {
+      return await this._interface.listServerTeamMemberPermissions({ teamId, userId, recursive });
     });
   }
-  _createBaseUser(json) {
+  _createBaseUser(crud) {
+    if (!crud) {
+      throw new import_errors.StackAssertionError("User not found");
+    }
     return {
-      ...super._createBaseUser(json),
-      ..."serverMetadata" in json ? {
-        serverMetadata: json.serverMetadata,
-        toServerJson() {
-          return {
-            ...this.toClientJson(),
-            ...(0, import_objects.pick)(json, [
-              "serverMetadata"
-            ])
-          };
-        }
+      ...super._createBaseUser(crud),
+      ..."server_metadata" in crud ? {
+        // server user
+        serverMetadata: crud.server_metadata
       } : {}
     };
   }
-  _createUserExtra(json) {
+  _createCurrentUserExtra(crud) {
+    if (!crud) {
+      throw new import_errors.StackAssertionError("User not found");
+    }
     const app = this;
     return {
       async setDisplayName(displayName) {
@@ -1114,7 +1058,7 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
         return await this.update({ selectedTeamId: team?.id ?? null });
       },
       async setPrimaryEmail(email, options) {
-        return await this.update({ primaryEmail: email });
+        return await this.update({ primaryEmail: email, primaryEmailVerified: options?.verified });
       },
       getConnectedAccount: async () => {
         return await app._checkFeatureSupport("getConnectedAccount() on ServerUser", {});
@@ -1127,31 +1071,29 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
         return teams.find((t) => t.id === teamId) ?? null;
       },
       useTeam(teamId) {
-        const teams = this.useTeams();
-        return (0, import_react.useMemo)(() => {
-          return teams.find((t) => t.id === teamId) ?? null;
-        }, [teams, teamId]);
+        return app._useCheckFeatureSupport("useTeam() on ServerUser", {});
       },
       async listTeams() {
-        const teams = await app.listTeams();
-        const withMembers = await Promise.all(teams.map(async (t) => [t, await t.listMembers()]));
-        return withMembers.filter(([_, members]) => members.find((m) => m.userId === json.id)).map(([t]) => t);
+        const crud2 = await app._serverCurrentUserTeamsCache.getOrWait([app._getSession()], "write-only");
+        return crud2.map((t) => app._serverTeamFromCrud(t));
       },
       useTeams() {
         return app._useCheckFeatureSupport("useTeams() on ServerUser", {});
       },
       createTeam: async (data) => {
-        const team = await app._interface.createServerTeamForUser(json.id, data, app._getSession());
+        const team = await app._interface.createServerTeam(serverTeamCreateOptionsToCrud(data), app._getSession());
         await app._serverTeamsCache.refresh([]);
-        return app._serverTeamFromJson(team);
+        return app._serverTeamFromCrud(team);
       },
       async listPermissions(scope, options) {
-        const permissions = await app._serverTeamUserPermissionsCache.getOrWait([scope.id, json.id, "team", !!options?.direct], "write-only");
-        return permissions.map((json2) => app._serverPermissionFromJson(json2));
+        const recursive = options?.recursive ?? true;
+        const permissions = await app._serverTeamUserPermissionsCache.getOrWait([scope.id, crud.id, recursive], "write-only");
+        return permissions.map((crud2) => app._serverPermissionFromCrud(crud2));
       },
       usePermissions(scope, options) {
-        const permissions = useAsyncCache(app._serverTeamUserPermissionsCache, [scope.id, json.id, "team", !!options?.direct], "user.usePermissions()");
-        return (0, import_react.useMemo)(() => permissions.map((json2) => app._serverPermissionFromJson(json2)), [permissions]);
+        const recursive = options?.recursive ?? true;
+        const permissions = useAsyncCache(app._serverTeamUserPermissionsCache, [scope.id, crud.id, recursive], "user.usePermissions()");
+        return (0, import_react2.useMemo)(() => permissions.map((crud2) => app._serverPermissionFromCrud(crud2)), [permissions]);
       },
       async getPermission(scope, permissionId) {
         const permissions = await this.listPermissions(scope);
@@ -1159,32 +1101,31 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
       },
       usePermission(scope, permissionId) {
         const permissions = this.usePermissions(scope);
-        return (0, import_react.useMemo)(() => permissions.find((p) => p.id === permissionId) ?? null, [permissions, permissionId]);
+        return (0, import_react2.useMemo)(() => permissions.find((p) => p.id === permissionId) ?? null, [permissions, permissionId]);
       },
       async hasPermission(scope, permissionId) {
         return await this.getPermission(scope, permissionId) !== null;
       },
       async grantPermission(scope, permissionId) {
-        await app._interface.grantServerTeamUserPermission(scope.id, json.id, permissionId, "team");
-        for (const direct of [true, false]) {
-          await app._serverTeamUserPermissionsCache.refresh([scope.id, json.id, "team", direct]);
+        await app._interface.grantServerTeamUserPermission(scope.id, crud.id, permissionId);
+        for (const recursive of [true, false]) {
+          await app._serverTeamUserPermissionsCache.refresh([scope.id, crud.id, recursive]);
         }
       },
       async revokePermission(scope, permissionId) {
-        await app._interface.revokeServerTeamUserPermission(scope.id, json.id, permissionId, "team");
-        for (const direct of [true, false]) {
-          await app._serverTeamUserPermissionsCache.refresh([scope.id, json.id, "team", direct]);
+        await app._interface.revokeServerTeamUserPermission(scope.id, crud.id, permissionId);
+        for (const recursive of [true, false]) {
+          await app._serverTeamUserPermissionsCache.refresh([scope.id, crud.id, recursive]);
         }
       },
       async delete() {
-        const res = await app._interface.deleteServerServerUser(json.id);
+        const res = await app._interface.deleteServerServerUser(crud.id);
         await app._refreshUsers();
         return res;
       },
       async update(update) {
-        const res = await app._interface.setServerUserCustomizableData(json.id, update);
+        const res = await app._interface.updateServerUser(crud.id, serverUserUpdateOptionsToCrud(update));
         await app._refreshUsers();
-        return res;
       },
       async sendVerificationEmail() {
         return await app._checkFeatureSupport("sendVerificationEmail() on ServerUser", {});
@@ -1194,76 +1135,65 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
       }
     };
   }
-  _createUser(json) {
+  _serverUserFromCrud(crud) {
     return {
-      ...this._createBaseUser(json),
-      ...this._createUserExtra(json)
+      ...this._createBaseUser(crud),
+      ...this._createCurrentUserExtra(crud)
     };
   }
-  _createCurrentUser(json, session) {
+  _currentUserFromCrud(crud, session) {
     const app = this;
     const currentUser = {
-      ...this._createUser(json),
+      ...this._serverUserFromCrud(crud),
       ...this._createAuth(session),
       ...this._isInternalProject() ? this._createInternalUserExtra(session) : {}
     };
     Object.freeze(currentUser);
     return currentUser;
   }
-  _serverTeamMemberFromJson(json) {
-    if (json === null) return null;
+  _serverTeamFromCrud(crud) {
     const app = this;
     return {
-      ...app._teamMemberFromJson(json),
-      user: app._createUser(json.user)
-    };
-  }
-  _serverTeamFromJson(json) {
-    const app = this;
-    return {
-      id: json.id,
-      displayName: json.displayName,
-      profileImageUrl: json.profileImageUrl,
-      createdAt: new Date(json.createdAtMillis),
-      async listMembers() {
-        return (await app._interface.listServerTeamMembers(json.id)).map((u) => app._serverTeamMemberFromJson(u));
+      id: crud.id,
+      displayName: crud.display_name,
+      profileImageUrl: crud.profile_image_url,
+      createdAt: new Date(crud.created_at_millis),
+      async listUsers() {
+        return (await app._interface.listServerTeamUsers(crud.id)).map((u) => app._serverUserFromCrud(u));
       },
       async update(update) {
-        await app._interface.updateServerTeam(json.id, update);
+        await app._interface.updateServerTeam(crud.id, serverTeamUpdateOptionsToCrud(update));
         await app._serverTeamsCache.refresh([]);
       },
       async delete() {
-        await app._interface.deleteServerTeam(json.id);
+        await app._interface.deleteServerTeam(crud.id);
         await app._serverTeamsCache.refresh([]);
       },
-      useMembers() {
-        const result = useAsyncCache(app._serverTeamMembersCache, [json.id], "team.useUsers()");
-        return (0, import_react.useMemo)(() => result.map((u) => app._serverTeamMemberFromJson(u)), [result]);
+      useUsers() {
+        const result = useAsyncCache(app._serverTeamUsersCache, [crud.id], "team.useUsers()");
+        return (0, import_react2.useMemo)(() => result.map((u) => app._serverUserFromCrud(u)), [result]);
       },
       async addUser(userId) {
         await app._interface.addServerUserToTeam({
-          teamId: json.id,
+          teamId: crud.id,
           userId
         });
-        await app._serverTeamMembersCache.refresh([json.id]);
+        await app._serverTeamUsersCache.refresh([crud.id]);
       },
       async removeUser(userId) {
         await app._interface.removeServerUserFromTeam({
-          teamId: json.id,
+          teamId: crud.id,
           userId
         });
-        await app._serverTeamMembersCache.refresh([json.id]);
-      },
-      toJson() {
-        return json;
+        await app._serverTeamUsersCache.refresh([crud.id]);
       }
     };
   }
   async getUser(options) {
     this._ensurePersistentTokenStore(options?.tokenStore);
     const session = this._getSession(options?.tokenStore);
-    const userJson = await this._currentServerUserCache.getOrWait([session], "write-only");
-    if (userJson === null) {
+    const crud = await this._currentServerUserCache.getOrWait([session], "write-only");
+    if (crud === null) {
       switch (options?.or) {
         case "redirect": {
           await this.redirectToSignIn();
@@ -1277,26 +1207,26 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
         }
       }
     }
-    return userJson && this._createCurrentUser(userJson, session);
+    return crud && this._currentUserFromCrud(crud, session);
   }
   async getServerUser() {
     console.warn("stackServerApp.getServerUser is deprecated; use stackServerApp.getUser instead");
     return await this.getUser();
   }
   async getServerUserById(userId) {
-    const json = await this._serverUserCache.getOrWait([userId], "write-only");
-    return json && this._createUser(json);
+    const crud = await this._serverUserCache.getOrWait([userId], "write-only");
+    return crud && this._serverUserFromCrud(crud);
   }
   useUser(options) {
     this._ensurePersistentTokenStore(options?.tokenStore);
     const router = NextNavigation.useRouter();
     const session = this._getSession(options?.tokenStore);
-    const userJson = useAsyncCache(this._currentServerUserCache, [session], "useUser()");
-    if (userJson === null) {
+    const crud = useAsyncCache(this._currentServerUserCache, [session], "useUser()");
+    if (crud === null) {
       switch (options?.or) {
         case "redirect": {
           setTimeout(() => router.replace(this.urls.signIn), 0);
-          (0, import_react3.suspend)();
+          (0, import_react.suspend)();
           throw new import_errors.StackAssertionError("suspend should never return");
         }
         case "throw": {
@@ -1307,66 +1237,51 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
         }
       }
     }
-    return (0, import_react.useMemo)(() => {
-      return userJson && this._createCurrentUser(userJson, session);
-    }, [userJson, session, options?.or]);
+    return (0, import_react2.useMemo)(() => {
+      return crud && this._currentUserFromCrud(crud, session);
+    }, [crud, session, options?.or]);
   }
   useUserById(userId) {
-    const json = useAsyncCache(this._serverUserCache, [userId], "useUserById()");
-    return (0, import_react.useMemo)(() => {
-      return json && this._createUser(json);
-    }, [json]);
+    const crud = useAsyncCache(this._serverUserCache, [userId], "useUserById()");
+    return (0, import_react2.useMemo)(() => {
+      return crud && this._serverUserFromCrud(crud);
+    }, [crud]);
   }
   async listUsers() {
-    const json = await this._serverUsersCache.getOrWait([], "write-only");
-    return json.map((j) => this._createUser(j));
+    const crud = await this._serverUsersCache.getOrWait([], "write-only");
+    return crud.map((j) => this._serverUserFromCrud(j));
   }
   useUsers() {
-    const json = useAsyncCache(this._serverUsersCache, [], "useServerUsers()");
-    return (0, import_react.useMemo)(() => {
-      return json.map((j) => this._createUser(j));
-    }, [json]);
-  }
-  async listPermissionDefinitions() {
-    return await this._serverTeamPermissionDefinitionsCache.getOrWait([], "write-only");
+    const crud = useAsyncCache(this._serverUsersCache, [], "useServerUsers()");
+    return (0, import_react2.useMemo)(() => {
+      return crud.map((j) => this._serverUserFromCrud(j));
+    }, [crud]);
   }
-  usePermissionDefinitions() {
-    return useAsyncCache(this._serverTeamPermissionDefinitionsCache, [], "usePermissions()");
-  }
-  _serverPermissionFromJson(json) {
+  _serverPermissionFromCrud(crud) {
     return {
-      ...this._permissionFromJson(json),
-      __databaseUniqueId: json.__databaseUniqueId,
-      description: json.description,
-      containPermissionIds: json.containPermissionIds
+      id: crud.id
     };
   }
-  async createPermissionDefinition(data) {
-    const permission = this._serverPermissionFromJson(await this._interface.createPermissionDefinition(data));
-    await this._serverTeamPermissionDefinitionsCache.refresh([]);
-    return permission;
-  }
-  async updatePermissionDefinition(permissionId, data) {
-    await this._interface.updatePermissionDefinition(permissionId, data);
-    await this._serverTeamPermissionDefinitionsCache.refresh([]);
-  }
-  async deletePermissionDefinition(permissionId) {
-    await this._interface.deletePermissionDefinition(permissionId);
-    await this._serverTeamPermissionDefinitionsCache.refresh([]);
+  _serverTeamPermissionDefinitionFromCrud(crud) {
+    return {
+      id: crud.id,
+      description: crud.description,
+      containedPermissionIds: crud.contained_permission_ids
+    };
   }
   async listTeams() {
     const teams = await this._serverTeamsCache.getOrWait([], "write-only");
-    return teams.map((t) => this._serverTeamFromJson(t));
+    return teams.map((t) => this._serverTeamFromCrud(t));
   }
   async createTeam(data) {
-    const team = await this._interface.createServerTeam(data);
+    const team = await this._interface.createServerTeam(serverTeamCreateOptionsToCrud(data));
     await this._serverTeamsCache.refresh([]);
-    return this._serverTeamFromJson(team);
+    return this._serverTeamFromCrud(team);
   }
   useTeams() {
     const teams = useAsyncCache(this._serverTeamsCache, [], "useServerTeams()");
-    return (0, import_react.useMemo)(() => {
-      return teams.map((t) => this._serverTeamFromJson(t));
+    return (0, import_react2.useMemo)(() => {
+      return teams.map((t) => this._serverTeamFromCrud(t));
     }, [teams]);
   }
   async getTeam(teamId) {
@@ -1375,7 +1290,7 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
   }
   useTeam(teamId) {
     const teams = this.useTeams();
-    return (0, import_react.useMemo)(() => {
+    return (0, import_react2.useMemo)(() => {
       return teams.find((t) => t.id === teamId) ?? null;
     }, [teams, teamId]);
   }
@@ -1391,20 +1306,6 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
       this._serverUsersCache.refresh([])
     ]);
   }
-  useEmailTemplates() {
-    return useAsyncCache(this._serverEmailTemplatesCache, [], "useEmailTemplates()");
-  }
-  async listEmailTemplates() {
-    return await this._serverEmailTemplatesCache.getOrWait([], "write-only");
-  }
-  async updateEmailTemplate(type, data) {
-    await this._interface.updateEmailTemplate(type, data);
-    await this._serverEmailTemplatesCache.refresh([]);
-  }
-  async resetEmailTemplate(type) {
-    await this._interface.resetEmailTemplate(type);
-    await this._serverEmailTemplatesCache.refresh([]);
-  }
 };
 var _StackAdminAppImpl = class extends _StackServerAppImpl {
   constructor(options) {
@@ -1428,18 +1329,114 @@ var _StackAdminAppImpl = class extends _StackServerAppImpl {
     this._adminProjectCache = createCache(async () => {
       return await this._interface.getProject();
     });
-    this._apiKeySetsCache = createCache(async () => {
-      return await this._interface.listApiKeySets();
+    this._apiKeysCache = createCache(async () => {
+      return await this._interface.listApiKeys();
+    });
+    this._adminEmailTemplatesCache = createCache(async () => {
+      return await this._interface.listEmailTemplates();
     });
+    this._adminTeamPermissionDefinitionsCache = createCache(async () => {
+      return await this._interface.listPermissionDefinitions();
+    });
+  }
+  _adminOwnedProjectFromCrud(data, onRefresh) {
+    if (this._tokenStoreInit !== null) {
+      throw new import_errors.StackAssertionError("Owned apps must always have tokenStore === null \u2014 did you not create this project with app._createOwnedApp()?");
+      ;
+    }
+    return {
+      ...this._adminProjectFromCrud(data, onRefresh),
+      app: this
+    };
   }
-  _createApiKeySetBaseFromJson(data) {
+  _adminProjectFromCrud(data, onRefresh) {
+    if (data.id !== this.projectId) {
+      throw new import_errors.StackAssertionError(`The project ID of the provided project JSON (${data.id}) does not match the project ID of the app (${this.projectId})!`);
+    }
     const app = this;
     return {
       id: data.id,
+      displayName: data.display_name,
       description: data.description,
-      expiresAt: new Date(data.expiresAtMillis),
-      manuallyRevokedAt: data.manuallyRevokedAtMillis ? new Date(data.manuallyRevokedAtMillis) : null,
-      createdAt: new Date(data.createdAtMillis),
+      createdAt: new Date(data.created_at_millis),
+      userCount: data.user_count,
+      isProductionMode: data.is_production_mode,
+      config: {
+        id: data.config.id,
+        credentialEnabled: data.config.credential_enabled,
+        magicLinkEnabled: data.config.magic_link_enabled,
+        allowLocalhost: data.config.allow_localhost,
+        oauthProviders: data.config.oauth_providers.map((p) => p.type === "shared" ? {
+          id: p.id,
+          enabled: p.enabled,
+          type: "shared"
+        } : {
+          id: p.id,
+          enabled: p.enabled,
+          type: "standard",
+          clientId: p.client_id ?? (0, import_errors.throwErr)("Client ID is missing"),
+          clientSecret: p.client_secret ?? (0, import_errors.throwErr)("Client secret is missing")
+        }),
+        emailConfig: data.config.email_config.type === "shared" ? {
+          type: "shared"
+        } : {
+          type: "standard",
+          host: data.config.email_config.host ?? (0, import_errors.throwErr)("Email host is missing"),
+          port: data.config.email_config.port ?? (0, import_errors.throwErr)("Email port is missing"),
+          username: data.config.email_config.username ?? (0, import_errors.throwErr)("Email username is missing"),
+          password: data.config.email_config.password ?? (0, import_errors.throwErr)("Email password is missing"),
+          senderName: data.config.email_config.sender_name ?? (0, import_errors.throwErr)("Email sender name is missing"),
+          senderEmail: data.config.email_config.sender_email ?? (0, import_errors.throwErr)("Email sender email is missing")
+        },
+        domains: data.config.domains.map((d) => ({
+          domain: d.domain,
+          handlerPath: d.handler_path
+        })),
+        createTeamOnSignUp: data.config.create_team_on_sign_up,
+        teamCreatorDefaultPermissions: data.config.team_creator_default_permissions,
+        teamMemberDefaultPermissions: data.config.team_member_default_permissions
+      },
+      async update(update) {
+        await app._interface.updateProject(adminProjectUpdateOptionsToCrud(update));
+        await onRefresh();
+      },
+      async getProductionModeErrors() {
+        return (0, import_production_mode.getProductionModeErrors)(data);
+      },
+      useProductionModeErrors() {
+        return (0, import_production_mode.getProductionModeErrors)(data);
+      }
+    };
+  }
+  _adminEmailTemplateFromCrud(data) {
+    return {
+      type: data.type,
+      subject: data.subject,
+      content: data.content,
+      isDefault: data.is_default
+    };
+  }
+  async getProject() {
+    return this._adminProjectFromCrud(
+      await this._adminProjectCache.getOrWait([], "write-only"),
+      () => this._refreshProject()
+    );
+  }
+  useProject() {
+    const crud = useAsyncCache(this._adminProjectCache, [], "useProjectAdmin()");
+    return (0, import_react2.useMemo)(() => this._adminProjectFromCrud(
+      crud,
+      () => this._refreshProject()
+    ), [crud]);
+  }
+  _createApiKeyBaseFromCrud(data) {
+    const app = this;
+    return {
+      id: data.id,
+      description: data.description,
+      expiresAt: new Date(data.expires_at_millis),
+      manuallyRevokedAt: data.manually_revoked_at_millis ? new Date(data.manually_revoked_at_millis) : null,
+      createdAt: new Date(data.created_at_millis),
       isValid() {
         return this.whyInvalid() === null;
       },
@@ -1449,57 +1446,83 @@ var _StackAdminAppImpl = class extends _StackServerAppImpl {
         return null;
       },
       async revoke() {
-        const res = await app._interface.revokeApiKeySetById(data.id);
-        await app._refreshApiKeySets();
+        const res = await app._interface.revokeApiKeyById(data.id);
+        await app._refreshApiKeys();
         return res;
       }
     };
   }
-  _createApiKeySetFromJson(data) {
+  _createApiKeyFromCrud(data) {
     return {
-      ...this._createApiKeySetBaseFromJson(data),
-      publishableClientKey: data.publishableClientKey ? { lastFour: data.publishableClientKey.lastFour } : null,
-      secretServerKey: data.secretServerKey ? { lastFour: data.secretServerKey.lastFour } : null,
-      superSecretAdminKey: data.superSecretAdminKey ? { lastFour: data.superSecretAdminKey.lastFour } : null
+      ...this._createApiKeyBaseFromCrud(data),
+      publishableClientKey: data.publishable_client_key ? { lastFour: data.publishable_client_key.last_four } : null,
+      secretServerKey: data.secret_server_key ? { lastFour: data.secret_server_key.last_four } : null,
+      superSecretAdminKey: data.super_secret_admin_key ? { lastFour: data.super_secret_admin_key.last_four } : null
     };
   }
-  _createApiKeySetFirstViewFromJson(data) {
+  _createApiKeyFirstViewFromCrud(data) {
     return {
-      ...this._createApiKeySetBaseFromJson(data),
-      publishableClientKey: data.publishableClientKey,
-      secretServerKey: data.secretServerKey,
-      superSecretAdminKey: data.superSecretAdminKey
+      ...this._createApiKeyBaseFromCrud(data),
+      publishableClientKey: data.publishable_client_key,
+      secretServerKey: data.secret_server_key,
+      superSecretAdminKey: data.super_secret_admin_key
     };
   }
-  async getProjectAdmin() {
-    return this._projectAdminFromJson(
-      await this._adminProjectCache.getOrWait([], "write-only"),
-      this._interface,
-      () => this._refreshProject()
-    );
+  async listApiKeys() {
+    const crud = await this._apiKeysCache.getOrWait([], "write-only");
+    return crud.map((j) => this._createApiKeyFromCrud(j));
   }
-  useProjectAdmin() {
-    const json = useAsyncCache(this._adminProjectCache, [], "useProjectAdmin()");
-    return (0, import_react.useMemo)(() => this._projectAdminFromJson(
-      json,
-      this._interface,
-      () => this._refreshProject()
-    ), [json]);
+  useApiKeys() {
+    const crud = useAsyncCache(this._apiKeysCache, [], "useApiKeys()");
+    return (0, import_react2.useMemo)(() => {
+      return crud.map((j) => this._createApiKeyFromCrud(j));
+    }, [crud]);
+  }
+  async createApiKey(options) {
+    const crud = await this._interface.createApiKey(apiKeyCreateOptionsToCrud(options));
+    await this._refreshApiKeys();
+    return this._createApiKeyFirstViewFromCrud(crud);
+  }
+  useEmailTemplates() {
+    const crud = useAsyncCache(this._adminEmailTemplatesCache, [], "useEmailTemplates()");
+    return (0, import_react2.useMemo)(() => {
+      return crud.map((j) => this._adminEmailTemplateFromCrud(j));
+    }, [crud]);
+  }
+  async listEmailTemplates() {
+    const crud = await this._adminEmailTemplatesCache.getOrWait([], "write-only");
+    return crud.map((j) => this._adminEmailTemplateFromCrud(j));
   }
-  async listApiKeySets() {
-    const json = await this._apiKeySetsCache.getOrWait([], "write-only");
-    return json.map((j) => this._createApiKeySetFromJson(j));
+  async updateEmailTemplate(type, data) {
+    await this._interface.updateEmailTemplate(type, adminEmailTemplateUpdateOptionsToCrud(data));
+    await this._adminEmailTemplatesCache.refresh([]);
+  }
+  async resetEmailTemplate(type) {
+    await this._interface.resetEmailTemplate(type);
+    await this._adminEmailTemplatesCache.refresh([]);
   }
-  useApiKeySets() {
-    const json = useAsyncCache(this._apiKeySetsCache, [], "useApiKeySets()");
-    return (0, import_react.useMemo)(() => {
-      return json.map((j) => this._createApiKeySetFromJson(j));
-    }, [json]);
+  async createTeamPermissionDefinition(data) {
+    const crud = await this._interface.createPermissionDefinition(serverTeamPermissionDefinitionCreateOptionsToCrud(data));
+    await this._adminTeamPermissionDefinitionsCache.refresh([]);
+    return this._serverTeamPermissionDefinitionFromCrud(crud);
   }
-  async createApiKeySet(options) {
-    const json = await this._interface.createApiKeySet(options);
-    await this._refreshApiKeySets();
-    return this._createApiKeySetFirstViewFromJson(json);
+  async updateTeamPermissionDefinition(permissionId, data) {
+    await this._interface.updatePermissionDefinition(permissionId, data);
+    await this._adminTeamPermissionDefinitionsCache.refresh([]);
+  }
+  async deleteTeamPermissionDefinition(permissionId) {
+    await this._interface.deletePermissionDefinition(permissionId);
+    await this._adminTeamPermissionDefinitionsCache.refresh([]);
+  }
+  async listTeamPermissionDefinitions() {
+    const crud = await this._adminTeamPermissionDefinitionsCache.getOrWait([], "write-only");
+    return crud.map((p) => this._serverTeamPermissionDefinitionFromCrud(p));
+  }
+  useTeamPermissionDefinitions() {
+    const crud = useAsyncCache(this._adminTeamPermissionDefinitionsCache, [], "usePermissions()");
+    return (0, import_react2.useMemo)(() => {
+      return crud.map((p) => this._serverTeamPermissionDefinitionFromCrud(p));
+    }, [crud]);
   }
   async _refreshProject() {
     await Promise.all([
@@ -1507,18 +1530,126 @@ var _StackAdminAppImpl = class extends _StackServerAppImpl {
       this._adminProjectCache.refresh([])
     ]);
   }
-  async _refreshApiKeySets() {
-    await this._apiKeySetsCache.refresh([]);
+  async _refreshApiKeys() {
+    await this._apiKeysCache.refresh([]);
   }
 };
+function userUpdateOptionsToCrud(options) {
+  return {
+    display_name: options.displayName,
+    client_metadata: options.clientMetadata,
+    selected_team_id: options.selectedTeamId
+  };
+}
+function serverUserUpdateOptionsToCrud(options) {
+  return {
+    display_name: options.displayName,
+    client_metadata: options.clientMetadata,
+    selected_team_id: options.selectedTeamId,
+    primary_email: options.primaryEmail,
+    primary_email_verified: options.primaryEmailVerified,
+    server_metadata: options.serverMetadata
+  };
+}
+function adminProjectUpdateOptionsToCrud(options) {
+  return {
+    display_name: options.displayName,
+    description: options.description,
+    is_production_mode: options.isProductionMode,
+    config: {
+      domains: options.config?.domains?.map((d) => ({
+        domain: d.domain,
+        handler_path: d.handlerPath
+      })),
+      oauth_providers: options.config?.oauthProviders?.map((p) => ({
+        id: p.id,
+        enabled: p.enabled,
+        type: p.type,
+        ...p.type === "standard" && {
+          client_id: p.clientId,
+          client_secret: p.clientSecret
+        }
+      })),
+      email_config: options.config?.emailConfig && (options.config.emailConfig.type === "shared" ? {
+        type: "shared"
+      } : {
+        type: "standard",
+        host: options.config.emailConfig.host,
+        port: options.config.emailConfig.port,
+        username: options.config.emailConfig.username,
+        password: options.config.emailConfig.password,
+        sender_name: options.config.emailConfig.senderName,
+        sender_email: options.config.emailConfig.senderEmail
+      }),
+      credential_enabled: options.config?.credentialEnabled,
+      magic_link_enabled: options.config?.magicLinkEnabled,
+      allow_localhost: options.config?.allowLocalhost,
+      create_team_on_sign_up: options.config?.createTeamOnSignUp,
+      team_creator_default_permissions: options.config?.teamCreatorDefaultPermissions,
+      team_member_default_permissions: options.config?.teamMemberDefaultPermissions
+    }
+  };
+}
+function adminProjectCreateOptionsToCrud(options) {
+  return {
+    ...adminProjectUpdateOptionsToCrud(options),
+    display_name: options.displayName
+  };
+}
+function apiKeyCreateOptionsToCrud(options) {
+  return {
+    description: options.description,
+    expires_at_millis: options.expiresAt.getTime(),
+    has_publishable_client_key: options.hasPublishableClientKey,
+    has_secret_server_key: options.hasSecretServerKey,
+    has_super_secret_admin_key: options.hasSuperSecretAdminKey
+  };
+}
+function teamCreateOptionsToCrud(options) {
+  return {
+    display_name: options.displayName,
+    profile_image_url: options.profileImageUrl
+  };
+}
+function serverTeamCreateOptionsToCrud(options) {
+  return teamCreateOptionsToCrud(options);
+}
+function serverTeamUpdateOptionsToCrud(options) {
+  return {
+    display_name: options.displayName,
+    profile_image_url: options.profileImageUrl
+  };
+}
+function serverTeamPermissionDefinitionCreateOptionsToCrud(options) {
+  return {
+    id: options.id,
+    description: options.description,
+    contained_permission_ids: options.containedPermissionIds
+  };
+}
+function serverTeamPermissionDefinitionUpdateOptionsToCrud(options) {
+  return {
+    id: options.id,
+    description: options.description,
+    contained_permission_ids: options.containedPermissionIds
+  };
+}
 var StackClientApp = _StackClientAppImpl;
 var StackServerApp = _StackServerAppImpl;
 var StackAdminApp = _StackAdminAppImpl;
+function adminEmailTemplateUpdateOptionsToCrud(options) {
+  return {
+    subject: options.subject,
+    content: options.content
+  };
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   StackAdminApp,
   StackClientApp,
   StackServerApp,
+  serverTeamPermissionDefinitionCreateOptionsToCrud,
+  serverTeamPermissionDefinitionUpdateOptionsToCrud,
   stackAppInternalsSymbol
 });
 //# sourceMappingURL=stack-app.js.map