@symbo.ls/sdk 3.2.3 → 3.2.7

package/dist/esm/services/AuthService.js

@@ -1,3 +1,613 @@
+var __defProp = Object.defineProperty;
+var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __publicField = (obj, key, value) => __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
+
+// src/config/environment.js
+import { isDevelopment } from "@domql/utils";
+var CONFIG = {
+  // Common defaults for all environments
+  common: {
+    // NOTE: Google client id for google auth, need to configure URLs for each environment in Google console
+    googleClientId: "686286207466-bvd2fqs31rlm64fgich7rtpnc8ns2tqg.apps.googleusercontent.com",
+    // Feature toggles that apply across all environments by default
+    features: {
+      newUserOnboarding: true,
+      betaFeatures: false,
+      // Tracking is enabled by default unless overridden per environment
+      trackingEnabled: true
+    }
+  },
+  // Environment-specific configurations
+  local: {
+    // local
+    socketUrl: "http://localhost:8080",
+    // For socket api
+    apiUrl: "http://localhost:8080",
+    // For server api
+    basedEnv: "development",
+    // For based api
+    basedProject: "platform-v2-sm",
+    // For based api
+    basedOrg: "symbols",
+    // For based api
+    githubClientId: "Ov23liAFrsR0StbAO6PO",
+    // For github api
+    grafanaUrl: "",
+    // For grafana tracing
+    grafanaAppName: "Symbols Localhost",
+    // Environment-specific feature toggles (override common)
+    features: {
+      // Disable tracking by default on localhost/dev machines
+      trackingEnabled: false,
+      // Enable beta features in local dev
+      betaFeatures: true,
+      // Preserve common defaults explicitly for local
+      newUserOnboarding: true
+    },
+    typesenseCollectionName: "docs",
+    typesenseApiKey: "vZya3L2zpq8L6iI5WWMUZJZABvT63VDb",
+    typesenseHost: "localhost",
+    typesensePort: "8108",
+    typesenseProtocol: "http"
+  },
+  development: {
+    socketUrl: "https://dev.api.symbols.app",
+    apiUrl: "https://dev.api.symbols.app",
+    githubClientId: "Ov23liHxyWFBxS8f1gnF",
+    grafanaUrl: "https://faro-collector-prod-us-east-0.grafana.net/collect/7a3ba473cee2025c68513667024316b8",
+    // For grafana tracing
+    grafanaAppName: "Symbols Dev",
+    typesenseCollectionName: "docs",
+    typesenseApiKey: "awmcVpbWqZi9IUgmvslp1C5LKDU8tMjA",
+    typesenseHost: "tl2qpnwxev4cjm36p-1.a1.typesense.net",
+    typesensePort: "443",
+    typesenseProtocol: "https"
+  },
+  testing: {
+    socketUrl: "https://test.api.symbols.app",
+    apiUrl: "https://test.api.symbols.app",
+    basedEnv: "testing",
+    basedProject: "platform-v2-sm",
+    basedOrg: "symbols",
+    githubClientId: "Ov23liHxyWFBxS8f1gnF",
+    grafanaUrl: "",
+    // For grafana tracing
+    grafanaAppName: "Symbols Test",
+    typesenseCollectionName: "docs",
+    typesenseApiKey: "awmcVpbWqZi9IUgmvslp1C5LKDU8tMjA",
+    typesenseHost: "tl2qpnwxev4cjm36p-1.a1.typesense.net",
+    typesensePort: "443",
+    typesenseProtocol: "https"
+  },
+  upcoming: {
+    socketUrl: "https://upcoming.api.symbols.app",
+    apiUrl: "https://upcoming.api.symbols.app",
+    githubClientId: "Ov23liWF7NvdZ056RV5J",
+    grafanaUrl: "",
+    // For grafana tracing
+    grafanaAppName: "Symbols Upcoming",
+    typesenseCollectionName: "docs",
+    typesenseApiKey: "awmcVpbWqZi9IUgmvslp1C5LKDU8tMjA",
+    typesenseHost: "tl2qpnwxev4cjm36p-1.a1.typesense.net",
+    typesensePort: "443",
+    typesenseProtocol: "https"
+  },
+  staging: {
+    socketUrl: "https://staging.api.symbols.app",
+    apiUrl: "https://staging.api.symbols.app",
+    basedEnv: "staging",
+    basedProject: "platform-v2-sm",
+    basedOrg: "symbols",
+    githubClientId: "Ov23ligwZDQVD0VfuWNa",
+    grafanaUrl: "",
+    // For grafana tracing
+    grafanaAppName: "Symbols Staging",
+    typesenseCollectionName: "docs",
+    typesenseApiKey: "awmcVpbWqZi9IUgmvslp1C5LKDU8tMjA",
+    typesenseHost: "tl2qpnwxev4cjm36p-1.a1.typesense.net",
+    typesensePort: "443",
+    typesenseProtocol: "https"
+  },
+  preview: {
+    socketUrl: "https://api.symbols.app",
+    apiUrl: "https://api.symbols.app",
+    basedEnv: "production",
+    basedProject: "platform-v2-sm",
+    basedOrg: "symbols",
+    githubClientId: "Ov23liFAlOEIXtX3dBtR",
+    grafanaUrl: "https://faro-collector-prod-us-east-0.grafana.net/collect/5c1089f3c3eea4ec5658e05c3f53baae",
+    // For grafana tracing
+    grafanaAppName: "Symbols Preview",
+    typesenseCollectionName: "docs",
+    typesenseApiKey: "awmcVpbWqZi9IUgmvslp1C5LKDU8tMjA",
+    typesenseHost: "tl2qpnwxev4cjm36p-1.a1.typesense.net",
+    typesensePort: "443",
+    typesenseProtocol: "https"
+  },
+  production: {
+    socketUrl: "https://api.symbols.app",
+    apiUrl: "https://api.symbols.app",
+    basedEnv: "production",
+    basedProject: "platform-v2-sm",
+    basedOrg: "symbols",
+    githubClientId: "Ov23liFAlOEIXtX3dBtR",
+    grafanaUrl: "https://faro-collector-prod-us-east-0.grafana.net/collect/5c1089f3c3eea4ec5658e05c3f53baae",
+    // For grafana tracing
+    grafanaAppName: "Symbols",
+    typesenseCollectionName: "docs",
+    typesenseApiKey: "awmcVpbWqZi9IUgmvslp1C5LKDU8tMjA",
+    typesenseHost: "tl2qpnwxev4cjm36p-1.a1.typesense.net",
+    typesensePort: "443",
+    typesenseProtocol: "https"
+  }
+};
+var getEnvironment = () => {
+  const env = process.env.SYMBOLS_APP_ENV || process.env.NODE_ENV;
+  if (!CONFIG[env]) {
+    throw new Error(`Unknown environment "${env}"`);
+  }
+  return env;
+};
+var getConfig = () => {
+  try {
+    const env = getEnvironment();
+    const envConfig = { ...CONFIG.common, ...CONFIG[env] };
+    const finalConfig = {
+      ...envConfig,
+      // Deep-merge feature flags so env-specific overrides don't drop common defaults
+      features: {
+        ...CONFIG.common.features || {},
+        ...CONFIG[env] && CONFIG[env].features || {}
+      },
+      socketUrl: process.env.SYMBOLS_APP_SOCKET_URL || envConfig.socketUrl,
+      apiUrl: process.env.SYMBOLS_APP_API_URL || envConfig.apiUrl,
+      basedEnv: process.env.SYMBOLS_APP_BASED_ENV || envConfig.basedEnv,
+      basedProject: process.env.SYMBOLS_APP_BASED_PROJECT || envConfig.basedProject,
+      basedOrg: process.env.SYMBOLS_APP_BASED_ORG || envConfig.basedOrg,
+      githubClientId: process.env.SYMBOLS_APP_GITHUB_CLIENT_ID || envConfig.githubClientId,
+      grafanaUrl: process.env.SYMBOLS_APP_GRAFANA_URL || envConfig.grafanaUrl,
+      typesenseCollectionName: process.env.TYPESENSE_COLLECTION_NAME || envConfig.typesenseCollectionName,
+      typesenseApiKey: process.env.TYPESENSE_API_KEY || envConfig.typesenseApiKey,
+      typesenseHost: process.env.TYPESENSE_HOST || envConfig.typesenseHost,
+      typesensePort: process.env.TYPESENSE_PORT || envConfig.typesensePort,
+      typesenseProtocol: process.env.TYPESENSE_PROTOCOL || envConfig.typesenseProtocol,
+      isDevelopment: isDevelopment(env),
+      isTesting: env === "testing",
+      isStaging: env === "staging",
+      isPreview: env === "preview",
+      isProduction: env === "production"
+      // Store all environment variables for potential future use
+    };
+    const requiredFields = [
+      "socketUrl",
+      "apiUrl",
+      "githubClientId",
+      "googleClientId"
+    ];
+    const missingFields = requiredFields.filter((field) => !finalConfig[field]);
+    if (missingFields.length > 0) {
+      console.error(
+        `Missing required configuration: ${missingFields.join(", ")}`
+      );
+    }
+    if (finalConfig.isDevelopment) {
+      console.warn(
+        "environment in SDK:",
+        env || process.env.NODE_ENV || process.env.NODE_ENV
+      );
+      console.log(finalConfig);
+    } else if (global.window) {
+      global.window.finalConfig = finalConfig;
+    }
+    return finalConfig;
+  } catch (error) {
+    console.error("Failed to load environment configuration:", error);
+    return {
+      ...CONFIG.development
+    };
+  }
+};
+var environment_default = getConfig();
+
+// src/utils/TokenManager.js
+var TokenManager = class {
+  constructor(options = {}) {
+    /**
+     * Memory storage fallback for server-side rendering
+     */
+    __publicField(this, "_memoryStorage", {
+      _data: {},
+      getItem: (key) => this._memoryStorage._data[key] || null,
+      setItem: (key, value) => {
+        this._memoryStorage._data[key] = value;
+      },
+      removeItem: (key) => {
+        delete this._memoryStorage._data[key];
+      },
+      clear: () => {
+        this._memoryStorage._data = {};
+      }
+    });
+    this.config = {
+      storagePrefix: "symbols_",
+      storageType: typeof window === "undefined" || process.env.NODE_ENV === "test" || process.env.NODE_ENV === "testing" ? "memory" : "localStorage",
+      // 'localStorage' | 'sessionStorage' | 'memory'
+      refreshBuffer: 60 * 1e3,
+      // Refresh 1 minute before expiry
+      maxRetries: 3,
+      apiUrl: options.apiUrl || "/api",
+      onTokenRefresh: options.onTokenRefresh || null,
+      onTokenExpired: options.onTokenExpired || null,
+      onTokenError: options.onTokenError || null,
+      ...options
+    };
+    this.tokens = {
+      accessToken: null,
+      refreshToken: null,
+      expiresAt: null,
+      expiresIn: null
+    };
+    this.refreshPromise = null;
+    this.refreshTimeout = null;
+    this.retryCount = 0;
+    this.loadTokens();
+  }
+  /**
+   * Storage keys
+   */
+  get storageKeys() {
+    return {
+      accessToken: `${this.config.storagePrefix}access_token`,
+      refreshToken: `${this.config.storagePrefix}refresh_token`,
+      expiresAt: `${this.config.storagePrefix}expires_at`,
+      expiresIn: `${this.config.storagePrefix}expires_in`
+    };
+  }
+  /**
+   * Get storage instance based on configuration
+   */
+  get storage() {
+    if (typeof window === "undefined") {
+      return this._memoryStorage;
+    }
+    const safeGetStorage = (provider) => {
+      try {
+        const storage = provider();
+        const testKey = `${this.config.storagePrefix}__tm_test__`;
+        storage.setItem(testKey, "1");
+        storage.removeItem(testKey);
+        return storage;
+      } catch {
+        return null;
+      }
+    };
+    const localStorageInstance = safeGetStorage(() => window.localStorage);
+    const sessionStorageInstance = safeGetStorage(() => window.sessionStorage);
+    switch (this.config.storageType) {
+      case "sessionStorage":
+        return sessionStorageInstance || this._memoryStorage;
+      case "memory":
+        return this._memoryStorage;
+      default:
+        return localStorageInstance || this._memoryStorage;
+    }
+  }
+  /**
+   * Set tokens and persist to storage
+   */
+  setTokens(tokenData) {
+    const {
+      access_token: accessToken,
+      refresh_token: refreshToken,
+      expires_in: expiresIn,
+      token_type: tokenType = "Bearer"
+    } = tokenData;
+    if (!accessToken) {
+      throw new Error("Access token is required");
+    }
+    const now = Date.now();
+    const expiresAt = expiresIn ? now + expiresIn * 1e3 : null;
+    this.tokens = {
+      accessToken,
+      refreshToken: refreshToken || this.tokens.refreshToken,
+      expiresAt,
+      expiresIn,
+      tokenType
+    };
+    this.saveTokens();
+    this.scheduleRefresh();
+    if (this.config.onTokenRefresh) {
+      this.config.onTokenRefresh(this.tokens);
+    }
+    return this.tokens;
+  }
+  /**
+   * Get current access token
+   */
+  getAccessToken() {
+    return this.tokens.accessToken;
+  }
+  /**
+   * Get current refresh token
+   */
+  getRefreshToken() {
+    return this.tokens.refreshToken;
+  }
+  /**
+   * Get authorization header value
+   */
+  getAuthHeader() {
+    const token = this.getAccessToken();
+    if (!token) {
+      return null;
+    }
+    return `${this.tokens.tokenType || "Bearer"} ${token}`;
+  }
+  /**
+   * Check if access token is valid and not expired
+   */
+  isAccessTokenValid() {
+    if (!this.tokens.accessToken) {
+      return false;
+    }
+    if (!this.tokens.expiresAt) {
+      return true;
+    }
+    const now = Date.now();
+    const isValid = now < this.tokens.expiresAt - this.config.refreshBuffer;
+    if (!isValid) {
+      console.log("[TokenManager] Access token is expired or near expiry:", {
+        now: new Date(now).toISOString(),
+        expiresAt: new Date(this.tokens.expiresAt).toISOString(),
+        refreshBuffer: this.config.refreshBuffer
+      });
+    }
+    return isValid;
+  }
+  /**
+   * Check if access token exists and is not expired (without refresh buffer)
+   */
+  isAccessTokenActuallyValid() {
+    if (!this.tokens.accessToken) {
+      return false;
+    }
+    if (!this.tokens.expiresAt) {
+      return true;
+    }
+    const now = Date.now();
+    return now < this.tokens.expiresAt;
+  }
+  /**
+   * Check if tokens exist (regardless of expiry)
+   */
+  hasTokens() {
+    return Boolean(this.tokens.accessToken);
+  }
+  /**
+   * Check if refresh token exists
+   */
+  hasRefreshToken() {
+    return Boolean(this.tokens.refreshToken);
+  }
+  /**
+   * Automatically refresh tokens if needed
+   */
+  async ensureValidToken() {
+    if (!this.hasTokens()) {
+      return null;
+    }
+    if (this.isAccessTokenValid()) {
+      return this.getAccessToken();
+    }
+    if (!this.hasRefreshToken()) {
+      this.clearTokens();
+      if (this.config.onTokenExpired) {
+        this.config.onTokenExpired();
+      }
+      return null;
+    }
+    try {
+      await this.refreshTokens();
+      return this.getAccessToken();
+    } catch (error) {
+      this.clearTokens();
+      if (this.config.onTokenError) {
+        this.config.onTokenError(error);
+      }
+      throw error;
+    }
+  }
+  /**
+   * Refresh access token using refresh token
+   */
+  async refreshTokens() {
+    if (this.refreshPromise) {
+      return this.refreshPromise;
+    }
+    if (!this.hasRefreshToken()) {
+      throw new Error("No refresh token available");
+    }
+    if (this.retryCount >= this.config.maxRetries) {
+      throw new Error("Max refresh retries exceeded");
+    }
+    this.refreshPromise = this._performRefresh();
+    try {
+      const result = await this.refreshPromise;
+      this.retryCount = 0;
+      return result;
+    } catch (error) {
+      this.retryCount++;
+      throw error;
+    } finally {
+      this.refreshPromise = null;
+    }
+  }
+  /**
+   * Perform the actual token refresh request
+   */
+  async _performRefresh() {
+    var _a;
+    const refreshToken = this.getRefreshToken();
+    const response = await fetch(`${this.config.apiUrl}/core/auth/refresh`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({ refreshToken })
+    });
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}));
+      throw new Error(errorData.message || `Token refresh failed: ${response.status}`);
+    }
+    const responseData = await response.json();
+    if (responseData.success && responseData.data && responseData.data.tokens) {
+      const { tokens } = responseData.data;
+      const tokenData = {
+        access_token: tokens.accessToken,
+        refresh_token: tokens.refreshToken,
+        expires_in: (_a = tokens.accessTokenExp) == null ? void 0 : _a.expiresIn,
+        token_type: "Bearer"
+      };
+      return this.setTokens(tokenData);
+    }
+    return this.setTokens(responseData);
+  }
+  /**
+   * Schedule automatic token refresh
+   */
+  scheduleRefresh() {
+    if (this.refreshTimeout) {
+      clearTimeout(this.refreshTimeout);
+      this.refreshTimeout = null;
+    }
+    if (!this.tokens.expiresAt || !this.hasRefreshToken()) {
+      return;
+    }
+    const now = Date.now();
+    const refreshTime = this.tokens.expiresAt - this.config.refreshBuffer;
+    const delay = Math.max(0, refreshTime - now);
+    this.refreshTimeout = setTimeout(async () => {
+      try {
+        await this.refreshTokens();
+      } catch (error) {
+        console.error("Automatic token refresh failed:", error);
+        if (this.config.onTokenError) {
+          this.config.onTokenError(error);
+        }
+      }
+    }, delay);
+  }
+  /**
+   * Save tokens to storage
+   */
+  saveTokens() {
+    try {
+      const { storage } = this;
+      const keys = this.storageKeys;
+      if (this.tokens.accessToken) {
+        storage.setItem(keys.accessToken, this.tokens.accessToken);
+      }
+      if (this.tokens.refreshToken) {
+        storage.setItem(keys.refreshToken, this.tokens.refreshToken);
+      }
+      if (this.tokens.expiresAt) {
+        storage.setItem(keys.expiresAt, this.tokens.expiresAt.toString());
+      }
+      if (this.tokens.expiresIn) {
+        storage.setItem(keys.expiresIn, this.tokens.expiresIn.toString());
+      }
+    } catch (error) {
+      console.error("[TokenManager] Error saving tokens to storage:", error);
+    }
+  }
+  /**
+   * Load tokens from storage
+   */
+  loadTokens() {
+    try {
+      const { storage } = this;
+      const keys = this.storageKeys;
+      const accessToken = storage.getItem(keys.accessToken);
+      const refreshToken = storage.getItem(keys.refreshToken);
+      const expiresAt = storage.getItem(keys.expiresAt);
+      const expiresIn = storage.getItem(keys.expiresIn);
+      if (accessToken) {
+        this.tokens = {
+          accessToken,
+          refreshToken,
+          expiresAt: expiresAt ? parseInt(expiresAt, 10) : null,
+          expiresIn: expiresIn ? parseInt(expiresIn, 10) : null,
+          tokenType: "Bearer"
+        };
+        this.scheduleRefresh();
+      }
+    } catch (error) {
+      console.error("[TokenManager] Error loading tokens from storage:", error);
+      this.tokens = {
+        accessToken: null,
+        refreshToken: null,
+        expiresAt: null,
+        expiresIn: null
+      };
+    }
+  }
+  /**
+   * Clear all tokens
+   */
+  clearTokens() {
+    this.tokens = {
+      accessToken: null,
+      refreshToken: null,
+      expiresAt: null,
+      expiresIn: null
+    };
+    const { storage } = this;
+    const keys = this.storageKeys;
+    Object.values(keys).forEach((key) => {
+      storage.removeItem(key);
+    });
+    if (this.refreshTimeout) {
+      clearTimeout(this.refreshTimeout);
+      this.refreshTimeout = null;
+    }
+    this.retryCount = 0;
+  }
+  /**
+   * Get token status information
+   */
+  getTokenStatus() {
+    const hasTokens = this.hasTokens();
+    const isValid = this.isAccessTokenValid();
+    const { expiresAt } = this.tokens;
+    const timeToExpiry = expiresAt ? expiresAt - Date.now() : null;
+    return {
+      hasTokens,
+      isValid,
+      hasRefreshToken: this.hasRefreshToken(),
+      expiresAt,
+      timeToExpiry,
+      willExpireSoon: timeToExpiry ? timeToExpiry < this.config.refreshBuffer : false
+    };
+  }
+  /**
+   * Cleanup resources
+   */
+  destroy() {
+    if (this.refreshTimeout) {
+      clearTimeout(this.refreshTimeout);
+      this.refreshTimeout = null;
+    }
+    this.refreshPromise = null;
+  }
+};
+var defaultTokenManager = null;
+var getTokenManager = (options) => {
+  if (!defaultTokenManager) {
+    defaultTokenManager = new TokenManager(options);
+  }
+  return defaultTokenManager;
+};
+
 // src/services/BaseService.js
 var BaseService = class {
   constructor({ context, options } = {}) {
@@ -5,14 +615,34 @@ var BaseService = class {
     this._options = options || {};
     this._ready = false;
     this._error = null;
+    this._apiUrl = null;
+    this._tokenManager = null;
   }
   // Initialize service
-  init() {
-    throw new Error("init() must be implemented by service");
+  init({ context }) {
+    try {
+      const { apiUrl } = context || this._context;
+      this._apiUrl = apiUrl || environment_default.apiUrl;
+      if (!this._apiUrl) {
+        throw new Error("Service base URL not configured");
+      }
+      this._tokenManager = getTokenManager({
+        apiUrl: this._apiUrl,
+        onTokenError: (error) => {
+          console.error("Token management error:", error);
+        }
+      });
+      this._setReady();
+    } catch (error) {
+      this._setError(error);
+      throw error;
+    }
   }
   // Update context
   updateContext(context) {
-    this._context = { ...this._context, ...context };
+    if (context && typeof context === "object") {
+      Object.assign(this._context, context);
+    }
   }
   // Get service status
   getStatus() {
@@ -35,96 +665,139 @@ var BaseService = class {
     this._ready = false;
     this._error = error;
   }
+  _getTrackingService() {
+    var _a;
+    const services = (_a = this._context) == null ? void 0 : _a.services;
+    const tracking = services == null ? void 0 : services.tracking;
+    if (!tracking || typeof tracking.trackError !== "function") {
+      return null;
+    }
+    return tracking;
+  }
+  _shouldTrackErrors() {
+    var _a;
+    const name = (_a = this == null ? void 0 : this.constructor) == null ? void 0 : _a.name;
+    return name !== "TrackingService";
+  }
+  _trackServiceError(error, details = {}) {
+    var _a;
+    if (!this._shouldTrackErrors()) {
+      return;
+    }
+    try {
+      const tracking = this._getTrackingService();
+      if (!tracking) {
+        return;
+      }
+      const context = {
+        service: ((_a = this == null ? void 0 : this.constructor) == null ? void 0 : _a.name) || "UnknownService",
+        apiUrl: this._apiUrl || null,
+        ...details
+      };
+      tracking.trackError(error instanceof Error ? error : new Error(String(error)), context);
+    } catch {
+    }
+  }
   _requireAuth() {
-    if (!this._context.authToken) {
+    if (!this.getAuthToken()) {
       throw new Error("Authentication required");
     }
   }
-  _requireReady() {
+  _requireReady(methodName = "unknown") {
     if (!this.isReady()) {
-      throw new Error("Service not initialized");
+      throw new Error(`Service not initialized for method: ${methodName}`);
+    }
+  }
+  // Shared HTTP request method
+  async _request(endpoint, options = {}) {
+    const url = `${this._apiUrl}/core${endpoint}`;
+    const defaultHeaders = {};
+    if (!(options.body instanceof FormData)) {
+      defaultHeaders["Content-Type"] = "application/json";
+    }
+    if (this._requiresInit(options.methodName) && this._tokenManager) {
+      try {
+        const validToken = await this._tokenManager.ensureValidToken();
+        if (validToken) {
+          const authHeader = this._tokenManager.getAuthHeader();
+          if (authHeader) {
+            defaultHeaders.Authorization = authHeader;
+          }
+        }
+      } catch (error) {
+        console.warn(
+          "Token management failed, proceeding without authentication:",
+          error
+        );
+      }
+    }
+    try {
+      const response = await fetch(url, {
+        ...options,
+        headers: {
+          ...defaultHeaders,
+          ...options.headers
+        }
+      });
+      if (!response.ok) {
+        let error = {
+          message: `HTTP ${response.status}: ${response.statusText}`
+        };
+        try {
+          error = await response.json();
+        } catch {
+        }
+        this._trackServiceError(
+          new Error(error.message || error.error || `HTTP ${response.status}: ${response.statusText}`),
+          {
+            endpoint,
+            methodName: options.methodName,
+            status: response.status,
+            statusText: response.statusText
+          }
+        );
+        throw new Error(error.message || error.error || "Request failed", { cause: error });
+      }
+      return response.status === 204 ? null : response.json();
+    } catch (error) {
+      this._trackServiceError(error, {
+        endpoint,
+        methodName: options.methodName
+      });
+      throw new Error(`Request failed: ${error.message}`, { cause: error });
     }
   }
+  // Helper method to determine if a method requires initialization
+  _requiresInit(methodName) {
+    const noInitMethods = /* @__PURE__ */ new Set([
+      "register",
+      "login",
+      "googleAuth",
+      "googleAuthCallback",
+      "githubAuth",
+      "requestPasswordReset",
+      "confirmPasswordReset",
+      "confirmRegistration",
+      "verifyEmail",
+      "getPlans",
+      "getPlan",
+      "listPublicProjects",
+      "getPublicProject"
+    ]);
+    return !noInitMethods.has(methodName);
+  }
+  // Cleanup method
+  destroy() {
+    if (this._tokenManager) {
+      this._tokenManager.destroy();
+      this._tokenManager = null;
+    }
+    this._ready = false;
+    this._setReady(false);
+  }
 };
 
 // src/utils/permission.js
-var PERMISSION_MAP = {
-  // Content & Design Operations
-  edit: {
-    permissions: ["editMode", "showCode"],
-    features: ["editMode"]
-  },
-  view: {
-    permissions: ["showContent", "platformSettings"],
-    features: ["canvasPages"]
-  },
-  design: {
-    permissions: ["editMode", "showCode"],
-    features: ["accessToSymbolsLibrary", "marketplace"]
-  },
-  // Project Management
-  manage: {
-    permissions: ["projectSettings", "iam"],
-    features: ["workspaceAdministration", "teamRolesAndPermissions"]
-  },
-  configure: {
-    permissions: ["projectSettings", "branchProtection"],
-    features: ["customBackendIntegration", "integrationsSDK"]
-  },
-  invite: {
-    permissions: ["inviteMembers"],
-    features: ["inviteMembersIAM"]
-  },
-  // Version Control
-  branch: {
-    permissions: ["versions", "branchProtection"],
-    features: ["branching", "versionHistory"]
-  },
-  merge: {
-    permissions: ["versions", "branchProtection"],
-    features: ["branching"]
-  },
-  // Export & Integration
-  export: {
-    permissions: ["showCode"],
-    features: ["downloadAsSVG", "downloadAsReact", "exportToFigma"]
-  },
-  import: {
-    permissions: ["editMode"],
-    features: ["importFromFigma"]
-  },
-  // AI Features
-  aiCopilot: {
-    permissions: ["editMode"],
-    features: ["aiCopilot:3", "aiCopilot:5", "aiCopilot:15"]
-  },
-  aiChatbot: {
-    permissions: ["showContent"],
-    features: ["aiChatbot:3", "aiChatbot:5", "aiChatbot:15"]
-  },
-  // Advanced Features
-  analytics: {
-    permissions: ["projectSettings"],
-    features: ["analytics", "crashalytics"]
-  },
-  payment: {
-    permissions: ["projectSettings", "iam"],
-    features: ["stripeConnect"]
-  },
-  deployment: {
-    permissions: ["projectSettings"],
-    features: ["dompilerCloud", "customDomain"]
-  },
-  // Documentation & Sharing
-  docs: {
-    permissions: ["showContent"],
-    features: ["autoDesignDocs"]
-  },
-  share: {
-    permissions: ["inviteMembers"],
-    features: ["sharing", "sharedLibraries"]
-  }
-};
 var ROLE_PERMISSIONS = {
   guest: ["viewPublicProjects"],
   user: ["viewPublicProjects"],
@@ -261,187 +934,742 @@ var PROJECT_ROLE_PERMISSIONS = {
 };
 
 // src/services/AuthService.js
+var PLUGIN_SESSION_STORAGE_KEY = "plugin_auth_session";
 var AuthService = class extends BaseService {
   constructor(config) {
+    var _a, _b;
     super(config);
     this._userRoles = /* @__PURE__ */ new Set(["guest", "editor", "admin", "owner"]);
     this._projectTiers = /* @__PURE__ */ new Set([
       "ready",
-      "free",
+      "starter",
       "pro1",
       "pro2",
       "enterprise"
     ]);
-    this._initialized = false;
+    this._projectRoleCache = /* @__PURE__ */ new Map();
+    this._roleCacheExpiry = 5 * 60 * 1e3;
+    this._pluginSession = null;
+    this._resolvePluginSession(
+      (config == null ? void 0 : config.session) || (config == null ? void 0 : config.pluginSession) || ((_a = config == null ? void 0 : config.options) == null ? void 0 : _a.pluginSession) || ((_b = config == null ? void 0 : config.context) == null ? void 0 : _b.pluginSession) || null
+    );
   }
-  // eslint-disable-next-line no-empty-pattern
-  init({}) {
+  // Use BaseService.init/_request/_requireReady implementations
+  // ==================== AUTH METHODS ====================
+  async register(userData, options = {}) {
     try {
-      const { authToken, appKey } = this._context || {};
-      this._info = {
-        config: {
-          appKey: appKey ? `${appKey.substr(0, 4)}...${appKey.substr(-4)}` : void 0,
-          // eslint-disable-line no-undefined
-          hasToken: Boolean(authToken)
+      const { payload, session } = this._preparePluginPayload(
+        { ...userData || {} },
+        options.session
+      );
+      const response = await this._request("/auth/register", {
+        method: "POST",
+        body: JSON.stringify(payload),
+        methodName: "register"
+      });
+      if (response.success) {
+        if (session) {
+          this._clearPluginSession(session);
         }
-      };
-      this._initialized = true;
-      this._setReady();
+        return response.data;
+      }
+      throw new Error(response.message);
     } catch (error) {
-      this._setError(error);
-      throw error;
+      throw new Error(`Registration failed: ${error.message}`, { cause: error });
     }
   }
-  _requiresInit(methodName) {
-    const noInitMethods = /* @__PURE__ */ new Set([
-      "users:login",
-      "users:register",
-      "users:request-password-reset",
-      "users:reset-password",
-      "users:reset-password-confirm",
-      "users:register-confirmation",
-      "users:google-auth",
-      "users:github-auth"
-    ]);
-    return !noInitMethods.has(methodName);
+  async login(email, password, options = {}) {
+    var _a;
+    try {
+      const { payload, session } = this._preparePluginPayload(
+        {
+          email,
+          password
+        },
+        options.session
+      );
+      const response = await this._request("/auth/login", {
+        method: "POST",
+        body: JSON.stringify(payload),
+        methodName: "login"
+      });
+      if (response.success && response.data && response.data.tokens) {
+        const { tokens } = response.data;
+        const tokenData = {
+          access_token: tokens.accessToken,
+          refresh_token: tokens.refreshToken,
+          expires_in: (_a = tokens.accessTokenExp) == null ? void 0 : _a.expiresIn,
+          token_type: "Bearer"
+        };
+        if (this._tokenManager) {
+          this._tokenManager.setTokens(tokenData);
+        }
+      }
+      if (response.success) {
+        if (session) {
+          this._clearPluginSession(session);
+        }
+        return response.data;
+      }
+      throw new Error(response.message);
+    } catch (error) {
+      throw new Error(`Login failed: ${error.message}`, { cause: error });
+    }
+  }
+  async logout() {
+    this._requireReady("logout");
+    try {
+      await this._request("/auth/logout", {
+        method: "POST",
+        methodName: "logout"
+      });
+      if (this._tokenManager) {
+        this._tokenManager.clearTokens();
+      }
+    } catch (error) {
+      if (this._tokenManager) {
+        this._tokenManager.clearTokens();
+      }
+      throw new Error(`Logout failed: ${error.message}`, { cause: error });
+    }
   }
-  _requireReady(methodName) {
-    if (this._requiresInit(methodName) && !this._initialized) {
-      throw new Error("Service not initialized");
+  async refreshToken(refreshToken) {
+    try {
+      const response = await this._request("/auth/refresh", {
+        method: "POST",
+        body: JSON.stringify({ refreshToken }),
+        methodName: "refreshToken"
+      });
+      if (response.success) {
+        return response.data;
+      }
+      throw new Error(response.message);
+    } catch (error) {
+      throw new Error(`Token refresh failed: ${error.message}`, { cause: error });
+    }
+  }
+  async googleAuth(idToken, inviteToken = null, options = {}) {
+    var _a;
+    try {
+      const { payload, session } = this._preparePluginPayload({ idToken }, options.session);
+      if (inviteToken) {
+        payload.inviteToken = inviteToken;
+      }
+      const response = await this._request("/auth/google", {
+        method: "POST",
+        body: JSON.stringify(payload),
+        methodName: "googleAuth"
+      });
+      if (response.success && response.data && response.data.tokens) {
+        const { tokens } = response.data;
+        const tokenData = {
+          access_token: tokens.accessToken,
+          refresh_token: tokens.refreshToken,
+          expires_in: (_a = tokens.accessTokenExp) == null ? void 0 : _a.expiresIn,
+          token_type: "Bearer"
+        };
+        if (this._tokenManager) {
+          this._tokenManager.setTokens(tokenData);
+        }
+      }
+      if (response.success) {
+        if (session) {
+          this._clearPluginSession(session);
+        }
+        return response.data;
+      }
+      throw new Error(response.message);
+    } catch (error) {
+      throw new Error(`Google auth failed: ${error.message}`, { cause: error });
+    }
+  }
+  async githubAuth(code, inviteToken = null, options = {}) {
+    var _a;
+    try {
+      const { payload, session } = this._preparePluginPayload({ code }, options.session);
+      if (inviteToken) {
+        payload.inviteToken = inviteToken;
+      }
+      const response = await this._request("/auth/github", {
+        method: "POST",
+        body: JSON.stringify(payload),
+        methodName: "githubAuth"
+      });
+      if (response.success && response.data && response.data.tokens) {
+        const { tokens } = response.data;
+        const tokenData = {
+          access_token: tokens.accessToken,
+          refresh_token: tokens.refreshToken,
+          expires_in: (_a = tokens.accessTokenExp) == null ? void 0 : _a.expiresIn,
+          token_type: "Bearer"
+        };
+        if (this._tokenManager) {
+          this._tokenManager.setTokens(tokenData);
+        }
+      }
+      if (response.success) {
+        if (session) {
+          this._clearPluginSession(session);
+        }
+        return response.data;
+      }
+      throw new Error(response.message);
+    } catch (error) {
+      throw new Error(`GitHub auth failed: ${error.message}`, { cause: error });
     }
   }
-  _getBasedService(methodName) {
+  async googleAuthCallback(code, redirectUri, inviteToken = null, options = {}) {
     var _a;
-    const based = (_a = this._context.services) == null ? void 0 : _a.based;
-    if (this._requiresInit(methodName) && !based) {
-      throw new Error("Based service not available");
+    try {
+      const { payload: body, session } = this._preparePluginPayload(
+        { code, redirectUri },
+        options.session
+      );
+      if (inviteToken) {
+        body.inviteToken = inviteToken;
+      }
+      const response = await this._request("/auth/google/callback", {
+        method: "POST",
+        body: JSON.stringify(body),
+        methodName: "googleAuthCallback"
+      });
+      if (response.success && response.data && response.data.tokens) {
+        const { tokens } = response.data;
+        const tokenData = {
+          access_token: tokens.accessToken,
+          refresh_token: tokens.refreshToken,
+          expires_in: (_a = tokens.accessTokenExp) == null ? void 0 : _a.expiresIn,
+          token_type: "Bearer"
+        };
+        if (this._tokenManager) {
+          this._tokenManager.setTokens(tokenData);
+        }
+      }
+      if (response.success) {
+        if (session) {
+          this._clearPluginSession(session);
+        }
+        return response.data;
+      }
+      throw new Error(response.message);
+    } catch (error) {
+      throw new Error(`Google auth callback failed: ${error.message}`, { cause: error });
     }
-    return based._client;
   }
-  async login(identifier, password) {
+  async requestPasswordReset(email) {
     try {
-      const based = this._getBasedService("login");
-      const response = await based.call("users:login", { identifier, password });
-      if (this._initialized) {
-        this.updateContext({ authToken: response.token });
-      }
-      based.setAuthState({
-        token: response.token,
-        userId: response.userId,
-        projectRoles: response.projectRoles,
-        globalRole: response.globalRole,
-        persistent: true
+      const response = await this._request("/auth/request-password-reset", {
+        method: "POST",
+        body: JSON.stringify({ email }),
+        methodName: "requestPasswordReset"
       });
-      return response;
+      if (response.success) {
+        return response.data;
+      }
+      throw new Error(response.message);
     } catch (error) {
-      throw new Error(`Login failed: ${error.message}`);
+      throw new Error(`Password reset request failed: ${error.message}`, { cause: error });
     }
   }
-  async register(userData) {
+  async confirmPasswordReset(token, password) {
     try {
-      const based = this._getBasedService("register");
-      return await based.call("users:register", userData);
+      const response = await this._request("/auth/reset-password-confirm", {
+        method: "POST",
+        body: JSON.stringify({ token, password }),
+        methodName: "confirmPasswordReset"
+      });
+      if (response.success) {
+        return response.data;
+      }
+      throw new Error(response.message);
     } catch (error) {
-      throw new Error(`Registration failed: ${error.message}`);
+      throw new Error(`Password reset confirmation failed: ${error.message}`, { cause: error });
     }
   }
-  async googleAuth(idToken) {
+  async confirmRegistration(token) {
     try {
-      const based = this._getBasedService("googleAuth");
-      const response = await based.call("users:google-auth", { idToken });
-      if (this._initialized) {
-        this.updateContext({ authToken: response.token });
-      }
-      based.setAuthState({
-        token: response.token,
-        userId: response.userId,
-        persistent: true
+      const response = await this._request("/auth/register-confirmation", {
+        method: "POST",
+        body: JSON.stringify({ token }),
+        methodName: "confirmRegistration"
       });
-      return response;
+      if (response.success) {
+        return response.data;
+      }
+      throw new Error(response.message);
     } catch (error) {
-      throw new Error(`Google auth failed: ${error.message}`);
+      throw new Error(`Registration confirmation failed: ${error.message}`, { cause: error });
     }
   }
-  async googleAuthCallback(code, redirectUri) {
+  async requestPasswordChange() {
+    this._requireReady("requestPasswordChange");
     try {
-      const based = this._getBasedService("googleAuthCallback");
-      const response = await based.call("users:google-auth-callback", {
-        code,
-        redirectUri
+      const response = await this._request("/auth/request-password-change", {
+        method: "POST",
+        methodName: "requestPasswordChange"
       });
-      if (this._initialized) {
-        this.updateContext({ authToken: response.token });
+      if (response.success) {
+        return response.data;
       }
-      based.setAuthState({
-        token: response.token,
-        userId: response.userId,
-        persistent: true
+      throw new Error(response.message);
+    } catch (error) {
+      throw new Error(`Password change request failed: ${error.message}`, { cause: error });
+    }
+  }
+  async confirmPasswordChange(currentPassword, newPassword, code) {
+    this._requireReady("confirmPasswordChange");
+    try {
+      const response = await this._request("/auth/confirm-password-change", {
+        method: "POST",
+        body: JSON.stringify({ currentPassword, newPassword, code }),
+        methodName: "confirmPasswordChange"
       });
-      return response;
+      if (response.success) {
+        return response.data;
+      }
+      throw new Error(response.message);
     } catch (error) {
-      throw new Error(`Google auth callback failed: ${error.message}`);
+      throw new Error(`Password change confirmation failed: ${error.message}`, { cause: error });
     }
   }
-  async githubAuth(code) {
+  async getMe(options = {}) {
+    this._requireReady("getMe");
     try {
-      const based = this._getBasedService("githubAuth");
-      const response = await based.call("users:github-auth", { code });
-      if (this._initialized) {
-        this.updateContext({ authToken: response.token });
-      }
-      based.setAuthState({
-        token: response.token,
-        userId: response.userId,
-        persistent: true
+      const session = this._resolvePluginSession(options.session);
+      const endpoint = session ? `/auth/me?session=${encodeURIComponent(session)}` : "/auth/me";
+      const response = await this._request(endpoint, {
+        method: "GET",
+        methodName: "getMe"
       });
-      return response;
+      if (response.success) {
+        return response.data;
+      }
+      throw new Error(response.message);
     } catch (error) {
-      throw new Error(`GitHub auth failed: ${error.message}`);
+      throw new Error(`Failed to get user profile: ${error.message}`, { cause: error });
     }
   }
-  async logout() {
-    this._requireReady("logout");
+  getAuthToken() {
+    if (!this._tokenManager) {
+      return null;
+    }
+    return this._tokenManager.getAccessToken();
+  }
+  /**
+   * Get stored authentication state (backward compatibility method)
+   * Replaces AuthService.getStoredAuthState()
+   */
+  async getStoredAuthState() {
+    try {
+      if (!this._tokenManager) {
+        return {
+          userId: false,
+          authToken: false
+        };
+      }
+      const tokenStatus = this._tokenManager.getTokenStatus();
+      if (!tokenStatus.hasTokens) {
+        return {
+          userId: false,
+          authToken: false
+        };
+      }
+      if (!tokenStatus.isValid && tokenStatus.hasRefreshToken) {
+        try {
+          await this._tokenManager.ensureValidToken();
+        } catch (error) {
+          console.warn("[AuthService] Token refresh failed:", error.message);
+          if (error.message.includes("401") || error.message.includes("403") || error.message.includes("invalid") || error.message.includes("expired")) {
+            this._tokenManager.clearTokens();
+            return {
+              userId: false,
+              authToken: false,
+              error: `Authentication failed: ${error.message}`
+            };
+          }
+          return {
+            userId: false,
+            authToken: this._tokenManager.getAccessToken(),
+            error: `Network error during token refresh: ${error.message}`,
+            hasTokens: true
+          };
+        }
+      }
+      const currentAccessToken = this._tokenManager.getAccessToken();
+      if (!currentAccessToken) {
+        return {
+          userId: false,
+          authToken: false
+        };
+      }
+      try {
+        const currentUser = await this.getMe();
+        return {
+          userId: currentUser.user.id,
+          authToken: currentAccessToken,
+          ...currentUser,
+          error: null
+        };
+      } catch (error) {
+        console.warn("[AuthService] Failed to get user data:", error.message);
+        if (error.message.includes("401") || error.message.includes("403")) {
+          this._tokenManager.clearTokens();
+          return {
+            userId: false,
+            authToken: false,
+            error: `Authentication failed: ${error.message}`
+          };
+        }
+        return {
+          userId: false,
+          authToken: currentAccessToken,
+          error: `Failed to get user data: ${error.message}`,
+          hasTokens: true
+        };
+      }
+    } catch (error) {
+      console.error(
+        "[AuthService] Unexpected error in getStoredAuthState:",
+        error
+      );
+      return {
+        userId: false,
+        authToken: false,
+        error: `Failed to get stored auth state: ${error.message}`
+      };
+    }
+  }
+  // ==================== USER METHODS ====================
+  async getUserProfile() {
+    this._requireReady("getUserProfile");
     try {
-      const based = this._getBasedService("logout");
-      await based.call("users:logout");
-      this.updateContext({ authToken: null });
+      const response = await this._request("/users/profile", {
+        method: "GET",
+        methodName: "getUserProfile"
+      });
+      if (response.success) {
+        return response.data;
+      }
+      throw new Error(response.message);
     } catch (error) {
-      throw new Error(`Logout failed: ${error.message}`);
+      throw new Error(`Failed to get user profile: ${error.message}`, { cause: error });
     }
   }
-  async updateUserRole(userId, newRole) {
-    this._requireReady("updateUserRole");
+  async updateUserProfile(profileData) {
+    this._requireReady("updateUserProfile");
+    try {
+      const response = await this._request("/users/profile", {
+        method: "PATCH",
+        body: JSON.stringify(profileData),
+        methodName: "updateUserProfile"
+      });
+      if (response.success) {
+        return response.data;
+      }
+      throw new Error(response.message);
+    } catch (error) {
+      throw new Error(`Failed to update user profile: ${error.message}`, { cause: error });
+    }
+  }
+  async getUserProjects() {
+    this._requireReady("getUserProjects");
+    try {
+      const response = await this._request("/users/projects", {
+        method: "GET",
+        methodName: "getUserProjects"
+      });
+      if (response.success) {
+        return response.data.map((project) => ({
+          ...project,
+          ...project.icon && {
+            icon: {
+              src: `${this._apiUrl}/core/files/public/${project.icon.id}/download`,
+              ...project.icon
+            }
+          }
+        }));
+      }
+      throw new Error(response.message);
+    } catch (error) {
+      throw new Error(`Failed to get user projects: ${error.message}`, { cause: error });
+    }
+  }
+  async getUser(userId) {
+    this._requireReady("getUser");
     if (!userId) {
       throw new Error("User ID is required");
     }
-    if (!this._userRoles.has(newRole)) {
-      throw new Error(`Invalid role: ${newRole}`);
+    try {
+      const response = await this._request(`/users/${userId}`, {
+        method: "GET",
+        methodName: "getUser"
+      });
+      if (response.success) {
+        return response.data;
+      }
+      throw new Error(response.message);
+    } catch (error) {
+      throw new Error(`Failed to get user: ${error.message}`, { cause: error });
+    }
+  }
+  async getUserByEmail(email) {
+    this._requireReady("getUserByEmail");
+    if (!email) {
+      throw new Error("Email is required");
     }
     try {
-      const based = this._getBasedService("updateUserRole");
-      return await based.call("users:update-role", { userId, role: newRole });
+      const response = await this._request(`/auth/user?email=${email}`, {
+        method: "GET",
+        methodName: "getUserByEmail"
+      });
+      if (response.success) {
+        return response.data.user;
+      }
+      throw new Error(response.message);
     } catch (error) {
-      throw new Error(`Failed to update user role: ${error.message}`);
+      throw new Error(`Failed to get user by email: ${error.message}`, { cause: error });
     }
   }
-  async updateProjectTier(projectId, newTier) {
-    this._requireReady("updateProjectTier");
+  // ==================== PROJECT ROLE METHODS ====================
+  /**
+   * Get the current user's role for a specific project by project ID
+   * Uses caching to avoid repeated API calls
+   */
+  async getMyProjectRole(projectId) {
+    this._requireReady("getMyProjectRole");
     if (!projectId) {
       throw new Error("Project ID is required");
     }
-    if (!this._projectTiers.has(newTier)) {
-      throw new Error(`Invalid project tier: ${newTier}`);
+    if (!this.hasValidTokens()) {
+      return "guest";
+    }
+    const cacheKey = `role_${projectId}`;
+    const cached = this._projectRoleCache.get(cacheKey);
+    if (cached && Date.now() - cached.timestamp < this._roleCacheExpiry) {
+      return cached.role;
+    }
+    try {
+      const response = await this._request(`/projects/${projectId}/role`, {
+        method: "GET",
+        methodName: "getMyProjectRole"
+      });
+      if (response.success) {
+        const { role } = response.data;
+        this._projectRoleCache.set(cacheKey, {
+          role,
+          timestamp: Date.now()
+        });
+        return role;
+      }
+      throw new Error(response.message);
+    } catch (error) {
+      const message = (error == null ? void 0 : error.message) || "";
+      if (/401|403|unauthorized|no token|invalid token/iu.test(message)) {
+        return "guest";
+      }
+      throw new Error(`Failed to get project role: ${message}`, { cause: error });
+    }
+  }
+  /**
+   * Get the current user's role for a specific project by project key
+   * Uses caching to avoid repeated API calls
+   */
+  async getMyProjectRoleByKey(projectKey) {
+    this._requireReady("getMyProjectRoleByKey");
+    if (!projectKey) {
+      throw new Error("Project key is required");
+    }
+    if (!this.hasValidTokens()) {
+      return "guest";
+    }
+    const cacheKey = `role_key_${projectKey}`;
+    const cached = this._projectRoleCache.get(cacheKey);
+    if (cached && Date.now() - cached.timestamp < this._roleCacheExpiry) {
+      return cached.role;
     }
     try {
-      const based = this._getBasedService("updateProjectTier");
-      return await based.call("projects:update-tier", {
-        projectId,
-        tier: newTier
+      const response = await this._request(`/projects/key/${projectKey}/role`, {
+        method: "GET",
+        methodName: "getMyProjectRoleByKey"
       });
+      if (response.success) {
+        const { role } = response.data;
+        this._projectRoleCache.set(cacheKey, {
+          role,
+          timestamp: Date.now()
+        });
+        return role;
+      }
+      throw new Error(response.message);
+    } catch (error) {
+      const message = (error == null ? void 0 : error.message) || "";
+      if (/401|403|unauthorized|no token|invalid token/iu.test(message)) {
+        return "guest";
+      }
+      throw new Error(`Failed to get project role by key: ${message}`, { cause: error });
+    }
+  }
+  /**
+   * Clear the project role cache for a specific project or all projects
+   */
+  clearProjectRoleCache(projectId = null) {
+    if (projectId) {
+      this._projectRoleCache.delete(`role_${projectId}`);
+      for (const [key] of this._projectRoleCache) {
+        if (key.startsWith("role_key_")) {
+          this._projectRoleCache.delete(key);
+        }
+      }
+    } else {
+      this._projectRoleCache.clear();
+    }
+  }
+  /**
+   * Get project role with fallback to user projects list
+   * This method tries to get the role from user projects first,
+   * then falls back to API call if not found
+   */
+  async getProjectRoleWithFallback(projectId, userProjects = null) {
+    this._requireReady("getProjectRoleWithFallback");
+    if (!projectId) {
+      throw new Error("Project ID is required");
+    }
+    if (userProjects && Array.isArray(userProjects)) {
+      const userProject = userProjects.find((p) => p.id === projectId);
+      if (userProject && userProject.role) {
+        return userProject.role;
+      }
+    }
+    return await this.getMyProjectRole(projectId);
+  }
+  /**
+   * Get project role with fallback to user projects list (by project key)
+   * This method tries to get the role from user projects first,
+   * then falls back to API call if not found
+   */
+  async getProjectRoleByKeyWithFallback(projectKey, userProjects = null) {
+    this._requireReady("getProjectRoleByKeyWithFallback");
+    if (!projectKey) {
+      throw new Error("Project key is required");
+    }
+    if (userProjects && Array.isArray(userProjects)) {
+      const userProject = userProjects.find((p) => p.key === projectKey);
+      if (userProject && userProject.role) {
+        return userProject.role;
+      }
+    }
+    return await this.getMyProjectRoleByKey(projectKey);
+  }
+  // ==================== AUTH HELPER METHODS ====================
+  /**
+   * Debug method to check token status
+   */
+  getTokenDebugInfo() {
+    if (!this._tokenManager) {
+      return {
+        tokenManagerExists: false,
+        error: "TokenManager not initialized"
+      };
+    }
+    const tokenStatus = this._tokenManager.getTokenStatus();
+    const { tokens } = this._tokenManager;
+    return {
+      tokenManagerExists: true,
+      tokenStatus,
+      hasAccessToken: Boolean(tokens.accessToken),
+      hasRefreshToken: Boolean(tokens.refreshToken),
+      accessTokenPreview: tokens.accessToken ? `${tokens.accessToken.substring(0, 20)}...` : null,
+      expiresAt: tokens.expiresAt,
+      timeToExpiry: tokenStatus.timeToExpiry,
+      authHeader: this._tokenManager.getAuthHeader()
+    };
+  }
+  /**
+   * Helper method to check if user is authenticated
+   */
+  isAuthenticated() {
+    if (!this._tokenManager) {
+      return false;
+    }
+    return this._tokenManager.hasTokens();
+  }
+  /**
+   * Helper method to check if user has valid tokens
+   */
+  hasValidTokens() {
+    if (!this._tokenManager) {
+      return false;
+    }
+    return this._tokenManager.hasTokens() && this._tokenManager.isAccessTokenValid();
+  }
+  /**
+   * Helper method to get current user info
+   */
+  async getCurrentUser() {
+    try {
+      return await this.getMe();
     } catch (error) {
-      throw new Error(`Failed to update project tier: ${error.message}`);
+      throw new Error(`Failed to get current user: ${error.message}`, { cause: error });
     }
   }
+  /**
+   * Helper method to validate user data for registration
+   */
+  validateRegistrationData(userData) {
+    const errors = [];
+    if (!userData.email || typeof userData.email !== "string") {
+      errors.push("Email is required and must be a string");
+    } else if (!this._isValidEmail(userData.email)) {
+      errors.push("Email must be a valid email address");
+    }
+    if (!userData.password || typeof userData.password !== "string") {
+      errors.push("Password is required and must be a string");
+    } else if (userData.password.length < 8) {
+      errors.push("Password must be at least 8 characters long");
+    }
+    if (userData.username && typeof userData.username !== "string") {
+      errors.push("Username must be a string");
+    } else if (userData.username && userData.username.length < 3) {
+      errors.push("Username must be at least 3 characters long");
+    }
+    return {
+      isValid: errors.length === 0,
+      errors
+    };
+  }
+  /**
+   * Helper method to register with validation
+   */
+  async registerWithValidation(userData, options = {}) {
+    const validation = this.validateRegistrationData(userData);
+    if (!validation.isValid) {
+      throw new Error(`Validation failed: ${validation.errors.join(", ")}`);
+    }
+    return await this.register(userData, options);
+  }
+  /**
+   * Helper method to login with validation
+   */
+  async loginWithValidation(email, password, options = {}) {
+    if (!email || typeof email !== "string") {
+      throw new Error("Email is required and must be a string");
+    }
+    if (!password || typeof password !== "string") {
+      throw new Error("Password is required and must be a string");
+    }
+    if (!this._isValidEmail(email)) {
+      throw new Error("Email must be a valid email address");
+    }
+    return await this.login(email, password, options);
+  }
+  /**
+   * Private helper to validate email format
+   */
+  _isValidEmail(email) {
+    const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/u;
+    return emailRegex.test(email);
+  }
+  // ==================== PERMISSION METHODS (Existing) ====================
   hasPermission(requiredPermission) {
     var _a;
     const authState = (_a = this._context) == null ? void 0 : _a.state;
@@ -490,23 +1718,17 @@ var AuthService = class extends BaseService {
     if (!operationConfig) {
       return false;
     }
-    if (!operationConfig) {
-      return false;
-    }
     const { permissions = [], features = [] } = operationConfig;
     try {
       const permissionResults = await Promise.all(
         permissions.map(
-          (permission) => this.hasProjectPermission(projectId, permission)
+          (permission) => this.checkProjectPermission(projectId, permission)
         )
       );
       const hasPermissions = requireAll ? permissionResults.every(Boolean) : permissionResults.some(Boolean);
       if (!hasPermissions) {
         return false;
       }
-      if (!hasPermissions) {
-        return false;
-      }
       if (checkFeatures && features.length > 0) {
         const featureResults = features.map((feature) => {
           const result = this.hasProjectFeature(projectId, feature);
@@ -516,9 +1738,6 @@ var AuthService = class extends BaseService {
         if (!hasFeatures) {
           return false;
         }
-        if (!hasFeatures) {
-          return false;
-        }
       }
       return true;
     } catch (error) {
@@ -540,206 +1759,94 @@ var AuthService = class extends BaseService {
     }
     return action();
   }
-  // Project access information
-  async getProjectAccess(projectId) {
-    this._requireReady();
-    if (!projectId) {
-      throw new Error("Project ID is required");
+  // Cleanup
+  destroy() {
+    if (this._tokenManager) {
+      this._tokenManager.destroy();
+      this._tokenManager = null;
     }
-    const operations = Object.keys(PERMISSION_MAP);
-    const access = await Promise.all(
-      operations.map(async (operation) => {
-        const allowed = await this.canPerformOperation(projectId, operation);
-        const config = PERMISSION_MAP[operation];
-        return {
-          operation,
-          allowed,
-          permissions: config.permissions,
-          features: config.features,
-          aiTokens: operation.startsWith("ai") ? this._getAITokens(projectId, operation.replace("ai", "")) : null
-        };
-      })
-    );
-    return {
-      projectId,
-      permissions: access.reduce(
-        (acc, { operation, ...details }) => ({
-          ...acc,
-          [operation]: details
-        }),
-        {}
-      ),
-      timestamp: (/* @__PURE__ */ new Date()).toISOString()
-    };
+    this._projectRoleCache.clear();
+    this._setReady(false);
   }
-  // AI token management
-  _getAITokens(projectId, featureType) {
-    const tokenFeatures = [
-      `ai${featureType}:3`,
-      `ai${featureType}:5`,
-      `ai${featureType}:15`
-    ];
-    return tokenFeatures.reduce((total, feature) => {
-      const tokens = this.hasProjectFeature(projectId, feature);
-      return total + (typeof tokens === "number" ? tokens : 0);
-    }, 0);
-  }
-  async getProjectMembers(projectId) {
-    var _a;
-    this._requireReady("getProjectMembers");
-    if (!projectId) {
-      throw new Error("Project ID is required");
-    }
-    try {
-      const based = this._getBasedService("getProjectMembers");
-      return await based.call("projects:get-members", { projectId });
-    } catch (error) {
-      if ((_a = error.message) == null ? void 0 : _a.includes("Authentication failed. Please try again"))
-        window.location.reload();
-      throw new Error(`Failed to get project members: ${error.message}`);
-    }
-  }
-  async inviteMember(projectId, email, role, name, callbackUrl) {
-    this._requireReady("inviteMember");
-    if (!projectId) {
-      throw new Error("Project ID is required");
-    }
-    if (!email) {
-      throw new Error("Email is required");
-    }
-    if (!callbackUrl || Object.keys(callbackUrl).length === 0) {
-      throw new Error("Callback Url is required");
-    }
-    if (!role || !this._userRoles.has(role)) {
-      throw new Error(`Invalid role: ${role}`);
-    }
-    try {
-      const based = this._getBasedService("inviteMember");
-      return await based.call("projects:invite-member", {
-        projectId,
-        email,
-        role,
-        name,
-        callbackUrl
-      });
-    } catch (error) {
-      throw new Error(`Failed to invite member: ${error.message}`);
+  _preparePluginPayload(payload, sessionOverride = null) {
+    const target = payload && typeof payload === "object" ? { ...payload } : {};
+    const session = this._resolvePluginSession(sessionOverride);
+    if (session && !Object.hasOwn(target, "session")) {
+      target.session = session;
+      return { payload: target, session };
     }
+    return { payload: target, session: null };
   }
-  async acceptInvite(token) {
-    this._requireReady("acceptInvite");
-    try {
-      const based = this._getBasedService("acceptInvite");
-      return await based.call("projects:accept-invite", { token });
-    } catch (error) {
-      throw new Error(`Failed to accept invite: ${error.message}`);
+  _resolvePluginSession(sessionOverride = null) {
+    var _a, _b;
+    if (sessionOverride) {
+      return this._cachePluginSession(sessionOverride);
     }
-  }
-  async updateMemberRole(projectId, userId, role) {
-    this._requireReady("updateMemberRole");
-    if (!projectId) {
-      throw new Error("Project ID is required");
+    if (this._pluginSession) {
+      return this._pluginSession;
     }
-    if (!userId) {
-      throw new Error("User ID is required");
+    const optionSession = (_a = this._options) == null ? void 0 : _a.pluginSession;
+    if (optionSession) {
+      return this._cachePluginSession(optionSession);
     }
-    if (!this._userRoles.has(role)) {
-      throw new Error(`Invalid role: ${role}`);
+    const contextSession = (_b = this._context) == null ? void 0 : _b.pluginSession;
+    if (contextSession) {
+      return this._cachePluginSession(contextSession);
     }
-    try {
-      const based = this._getBasedService("updateMemberRole");
-      return await based.call("projects:update-member-role", {
-        projectId,
-        userId,
-        role
-      });
-    } catch (error) {
-      throw new Error(`Failed to update member role: ${error.message}`);
+    if (typeof window !== "undefined") {
+      try {
+        const sessionFromUrl = new URL(window.location.href).searchParams.get("session");
+        if (sessionFromUrl) {
+          return this._cachePluginSession(sessionFromUrl);
+        }
+      } catch {
+      }
+      try {
+        if (window.localStorage) {
+          const stored = window.localStorage.getItem(PLUGIN_SESSION_STORAGE_KEY);
+          if (stored) {
+            this._pluginSession = stored;
+            return stored;
+          }
+        }
+      } catch {
+      }
     }
+    return null;
   }
-  async removeMember(projectId, userId) {
-    this._requireReady("removeMember");
-    if (!projectId || !userId) {
-      throw new Error("Project ID and user ID are required");
+  _cachePluginSession(session) {
+    if (!session) {
+      return null;
     }
-    try {
-      const based = this._getBasedService("removeMember");
-      return await based.call("projects:remove-member", { projectId, userId });
-    } catch (error) {
-      throw new Error(`Failed to remove member: ${error.message}`);
-    }
-  }
-  async confirmRegistration(token) {
-    try {
-      const based = this._getBasedService("confirmRegistration");
-      return await based.call("users:register-confirmation", { token });
-    } catch (error) {
-      throw new Error(`Registration confirmation failed: ${error.message}`);
+    this._pluginSession = session;
+    if (typeof window !== "undefined") {
+      try {
+        if (window.localStorage) {
+          window.localStorage.setItem(PLUGIN_SESSION_STORAGE_KEY, session);
+        }
+      } catch {
+      }
     }
+    return session;
   }
-  async requestPasswordReset(email, callbackUrl) {
-    try {
-      const based = this._getBasedService("requestPasswordReset");
-      return await based.call("users:reset-password", { email, callbackUrl });
-    } catch (error) {
-      throw new Error(`Password reset request failed: ${error.message}`);
-    }
+  setPluginSession(session) {
+    this._cachePluginSession(session);
   }
-  async confirmPasswordReset(token, newPassword) {
-    try {
-      const based = this._getBasedService("confirmPasswordReset");
-      return await based.call("users:reset-password-confirm", {
-        token,
-        newPassword
-      });
-    } catch (error) {
-      throw new Error(`Password reset confirmation failed: ${error.message}`);
+  _clearPluginSession(session = null) {
+    if (!session || this._pluginSession === session) {
+      this._pluginSession = null;
     }
-  }
-  async getStoredAuthState() {
-    try {
-      const based = this._getBasedService("getStoredAuthState");
-      const { authState } = based;
-      if (authState == null ? void 0 : authState.token) {
-        return {
-          userId: authState.userId,
-          authToken: authState.token,
-          projectRoles: authState.projectRoles,
-          globalRole: authState.globalRole,
-          error: null
-        };
+    if (typeof window !== "undefined") {
+      try {
+        if (window.localStorage) {
+          window.localStorage.removeItem(PLUGIN_SESSION_STORAGE_KEY);
+        }
+      } catch {
       }
-      return {
-        userId: false,
-        authToken: false
-      };
-    } catch (error) {
-      this._setError(error);
-      return {
-        userId: false,
-        authToken: false,
-        error: `Failed to get stored auth state: ${error.message}`
-      };
     }
   }
-  async subscribeToAuthChanges(callback) {
-    const based = this._getBasedService("subscribeToAuthChanges");
-    based.on("authstate-change", async (authState) => {
-      const formattedState = (authState == null ? void 0 : authState.token) ? {
-        userId: authState.userId,
-        authToken: authState.token,
-        projectRoles: authState.projectRoles,
-        globalRole: authState.globalRole,
-        error: null
-      } : {
-        userId: false,
-        authToken: false
-      };
-      await callback(formattedState);
-    });
-    return () => based.off("authstate-change");
-  }
 };
 export {
   AuthService
 };
+// @preserve-env