@techfinityedge/koolbase-react-native 2.4.0 → 3.1.0

package/README.md

@@ -16,9 +16,13 @@ Auth, database, storage, realtime, functions, feature flags, remote config, vers
 3. Add the SDK:
 
 ```bash
-npm install @techfinityedge/koolbase-react-native@^2.0.0
+npm install @techfinityedge/koolbase-react-native
 # or
-yarn add @techfinityedge/koolbase-react-native@^2.0.0
+yarn add @techfinityedge/koolbase-react-native
+# or
+pnpm add @techfinityedge/koolbase-react-native
+# or
+bun add @techfinityedge/koolbase-react-native
 ```
 
 **4. Initialize at app startup:**
@@ -36,6 +40,13 @@ That's it. Every feature below is now available via `Koolbase.*`.
 
 ---
 
+> **Auth is automatic (v3+).** Database, storage, and functions calls
+> authenticate as the currently signed-in user — nothing to pass, no manual
+> wiring. Log in (or restore a session) and every request carries that
+> identity. `owner`/`authenticated` collections require an active session.
+
+---
+
 ## Authentication
 
 Email + password, Apple Sign-In, Google Sign-In, and phone + OTP — out of the box.
@@ -208,6 +219,8 @@ const deleted = await Koolbase.db.deleteWhere('sessions', {
 > A non-empty filter is required. The collection's delete rule applies; for
 > `owner`/`scoped` rules the delete is scoped to your own records. Online-only.
 
+---
+
 ### Offline-first
 
 ```typescript
@@ -217,6 +230,31 @@ if (isFromCache) console.log('Served from local cache');
 await Koolbase.db.syncPendingWrites();
 ```
 
+### Atomic batch writes
+
+Run multiple writes in a single server-side transaction. All operations commit together or none are applied — any failure rolls back the entire batch.
+
+```ts
+import { Koolbase, BatchOp } from '@techfinityedge/koolbase-react-native';
+
+const results = await Koolbase.db.batch([
+  BatchOp.insert('orders', { total: 50, customer_id: customerId }),
+  BatchOp.update(inventoryId, { stock: 9 }),
+  BatchOp.upsert('counters', {
+    match: { name: 'orders' },
+    data: { value: 1 },
+  }),
+  BatchOp.delete(cartItemId),
+]);
+
+// results[i] corresponds to operations[i]:
+//   - insert / update: { type, record }
+//   - upsert:          { type, record, created }   // created = true if inserted
+//   - delete:          { type, deleted: true }
+```
+
+**Online-only by design.** Atomicity needs the server's authoritative view, so `batch()` is never queued offline — it throws on network failure (like `upsert` and `deleteWhere`). A server-side rejection throws a `KoolbaseDataException` with the failing operation's details; nothing was persisted.
+
 ---
 
 ## Storage

package/dist/auth.d.ts

@@ -132,6 +132,14 @@ export declare class KoolbaseAuth {
     unlock(token: string): Promise<void>;
     get currentUser(): KoolbaseUser | null;
     get accessToken(): string | null;
+    /**
+     * Currently-valid access token for data-plane requests, refreshing
+     * (via refresh()) if the cached one is near expiry. Returns null when no
+     * session exists or refresh fails — callers then go api-key-only and the
+     * server treats it as having no end-user identity. The db/storage/functions
+     * clients pull from this per request so identity follows the live session.
+     */
+    validAccessToken(): Promise<string | null>;
     setSession(session: KoolbaseSession | null): Promise<void>;
     /**
      * @deprecated v1.9.0: Server endpoint /v1/sdk/auth/oauth not yet

package/dist/auth.js

@@ -497,6 +497,23 @@ class KoolbaseAuth {
     get accessToken() {
         return this.session?.accessToken ?? null;
     }
+    /**
+     * Currently-valid access token for data-plane requests, refreshing
+     * (via refresh()) if the cached one is near expiry. Returns null when no
+     * session exists or refresh fails — callers then go api-key-only and the
+     * server treats it as having no end-user identity. The db/storage/functions
+     * clients pull from this per request so identity follows the live session.
+     */
+    async validAccessToken() {
+        if (!this.session)
+            return null;
+        try {
+            return await this._ensureValidToken();
+        }
+        catch {
+            return null;
+        }
+    }
     async setSession(session) {
         if (session) {
             await this.setSessionInternal(session);

package/dist/database.d.ts

@@ -1,10 +1,11 @@
-import { KoolbaseConfig, KoolbaseRecord, QueryOptions, QueryResult, UpsertResult } from './types';
+import { KoolbaseConfig, KoolbaseRecord, QueryOptions, QueryResult, UpsertResult, BatchOp, BatchResult } from './types';
 export declare class KoolbaseDatabase {
     private config;
     private getUserId;
+    private getToken;
     private syncEngine;
-    constructor(config: KoolbaseConfig, getUserId: () => string | null);
-    private get headers();
+    constructor(config: KoolbaseConfig, getUserId: () => string | null, getToken: () => Promise<string | null>);
+    private buildHeaders;
     private request;
     private runQuery;
     query(collection: string, options?: QueryOptions): Promise<QueryResult>;
@@ -37,6 +38,30 @@ export declare class KoolbaseDatabase {
      * The collection cache is invalidated on success.
      */
     deleteWhere(collection: string, filters: Record<string, unknown>): Promise<number>;
+    /**
+     * Run multiple writes as a single atomic transaction.
+     *
+     * All `operations` commit together or none are applied — the server runs
+     * them in one database transaction and rolls back entirely on any failure.
+     * Operations apply in order and may span multiple collections.
+     *
+     * Online-only by design (like `upsert` and `deleteWhere`): atomicity needs
+     * the server's authoritative view, so a batch is never queued offline — it
+     * throws on network failure. A server-side rejection throws a
+     * `KoolbaseDataException` whose message identifies which operation failed;
+     * nothing was persisted.
+     *
+     * Returns one `BatchResult` per operation, in order.
+     *
+     * @example
+     * const results = await Koolbase.db.batch([
+     *   BatchOp.insert('orders', { total: 50 }),
+     *   BatchOp.update(inventoryId, { stock: 9 }),
+     *   BatchOp.upsert('counters', { match: { name: 'orders' }, data: { value: 1 } }),
+     *   BatchOp.delete(cartItemId),
+     * ]);
+     */
+    batch(operations: BatchOp[]): Promise<BatchResult[]>;
     get(recordId: string): Promise<KoolbaseRecord>;
     update(recordId: string, data: Record<string, unknown>): Promise<KoolbaseRecord>;
     delete(recordId: string): Promise<void>;

package/dist/database.js

@@ -8,25 +8,45 @@ const database_errors_1 = require("./database-errors");
 function generateId() {
     return 'local_' + Math.random().toString(36).slice(2) + Date.now().toString(36);
 }
+function batchOpToWire(op) {
+    switch (op.type) {
+        case 'insert':
+            return { type: 'insert', collection: op.collection, data: op.data };
+        case 'update':
+            return { type: 'update', record_id: op.recordId, data: op.data };
+        case 'delete':
+            return { type: 'delete', record_id: op.recordId };
+        case 'upsert':
+            return {
+                type: 'upsert',
+                collection: op.collection,
+                match: op.match,
+                data: op.data,
+            };
+    }
+}
 class KoolbaseDatabase {
-    constructor(config, getUserId) {
+    constructor(config, getUserId, getToken) {
         this.config = config;
         this.getUserId = getUserId;
-        this.syncEngine = new sync_engine_1.SyncEngine(config, getUserId);
+        this.getToken = getToken;
+        this.syncEngine = new sync_engine_1.SyncEngine(config, getUserId, getToken);
         this.syncEngine.start();
     }
-    get headers() {
-        const userId = this.getUserId();
+    // getUserId is kept only for local cache keys / offline metadata; request
+    // identity now comes solely from the verified access token.
+    async buildHeaders() {
+        const token = await this.getToken();
         return {
             'Content-Type': 'application/json',
             'x-api-key': this.config.publicKey,
-            ...(userId ? { 'x-user-id': userId } : {}),
+            ...(token ? { Authorization: `Bearer ${token}` } : {}),
         };
     }
     async request(method, path, body) {
         const res = await fetch(`${this.config.baseUrl}${path}`, {
             method,
-            headers: this.headers,
+            headers: await this.buildHeaders(),
             body: body ? JSON.stringify(body) : undefined,
         });
         const data = await res.json();
@@ -117,7 +137,7 @@ class KoolbaseDatabase {
     async upsert(collection, match, data) {
         const res = await fetch(`${this.config.baseUrl}/v1/sdk/db/upsert`, {
             method: 'POST',
-            headers: this.headers,
+            headers: await this.buildHeaders(),
             body: JSON.stringify({ collection, match, data }),
         });
         const body = await res.json();
@@ -146,7 +166,7 @@ class KoolbaseDatabase {
     async deleteWhere(collection, filters) {
         const res = await fetch(`${this.config.baseUrl}/v1/sdk/db/delete-where`, {
             method: 'POST',
-            headers: this.headers,
+            headers: await this.buildHeaders(),
             body: JSON.stringify({ collection, filters }),
         });
         const body = await res.json();
@@ -157,6 +177,70 @@ class KoolbaseDatabase {
         await (0, cache_store_1.invalidateCache)(userId, collection);
         return body.deleted ?? 0;
     }
+    // ─── Batch (atomic, online-only) ────────────────────────────────────────────
+    /**
+     * Run multiple writes as a single atomic transaction.
+     *
+     * All `operations` commit together or none are applied — the server runs
+     * them in one database transaction and rolls back entirely on any failure.
+     * Operations apply in order and may span multiple collections.
+     *
+     * Online-only by design (like `upsert` and `deleteWhere`): atomicity needs
+     * the server's authoritative view, so a batch is never queued offline — it
+     * throws on network failure. A server-side rejection throws a
+     * `KoolbaseDataException` whose message identifies which operation failed;
+     * nothing was persisted.
+     *
+     * Returns one `BatchResult` per operation, in order.
+     *
+     * @example
+     * const results = await Koolbase.db.batch([
+     *   BatchOp.insert('orders', { total: 50 }),
+     *   BatchOp.update(inventoryId, { stock: 9 }),
+     *   BatchOp.upsert('counters', { match: { name: 'orders' }, data: { value: 1 } }),
+     *   BatchOp.delete(cartItemId),
+     * ]);
+     */
+    async batch(operations) {
+        if (operations.length === 0) {
+            throw new Error('batch requires at least one operation');
+        }
+        const res = await fetch(`${this.config.baseUrl}/v1/sdk/db/batch`, {
+            method: 'POST',
+            headers: await this.buildHeaders(),
+            body: JSON.stringify({
+                operations: operations.map(batchOpToWire),
+            }),
+        });
+        const body = await res.json();
+        if (!res.ok) {
+            throw (0, database_errors_1.koolbaseDataError)(res.status, body, `Batch failed: ${res.status}`);
+        }
+        const results = (body.results ?? []).map(r => ({
+            type: r.type ?? '',
+            record: r.record
+                ? (0, record_1.recordFromWire)(r.record)
+                : undefined,
+            created: r.created,
+            deleted: r.deleted ?? false,
+        }));
+        // Keep the cache consistent with what committed. Insert/upsert carry the
+        // collection in the input op; update/delete address records by id, so we
+        // don't know the collection at this layer — those refresh naturally on
+        // the next query for the affected collection.
+        const userId = this.getUserId() ?? 'anonymous';
+        const touched = new Set();
+        for (const op of operations) {
+            if (op.type === 'insert' || op.type === 'upsert') {
+                touched.add(op.collection);
+            }
+        }
+        for (const col of touched) {
+            await (0, cache_store_1.invalidateCache)(userId, col);
+        }
+        return results;
+    }
+    // ─── Get single record ──────────────────────────────────────────────────────
     // ─── Get single record ──────────────────────────────────────────────────────
     async get(recordId) {
         const raw = await this.request('GET', `/v1/sdk/db/records/${recordId}`);
@@ -194,7 +278,7 @@ class KoolbaseDatabase {
             recordId,
         });
         // Try network
-        const res = await fetch(`${this.config.baseUrl}/v1/sdk/db/records/${recordId}`, { method: 'DELETE', headers: this.headers });
+        const res = await fetch(`${this.config.baseUrl}/v1/sdk/db/records/${recordId}`, { method: 'DELETE', headers: await this.buildHeaders(), });
         if (!res.ok && res.status !== 204) {
             // Queued for sync — will retry when online
         }

package/dist/functions.d.ts

@@ -2,7 +2,7 @@ import { KoolbaseConfig, FunctionInvokeResult, DeployOptions, DeployResult } fro
 export declare class KoolbaseFunctions {
     private config;
     private getUserAccessToken?;
-    constructor(config: KoolbaseConfig, getUserAccessToken?: () => string | null);
+    constructor(config: KoolbaseConfig, getUserAccessToken?: () => Promise<string | null>);
     deploy(options: DeployOptions): Promise<DeployResult>;
     invoke(name: string, body?: Record<string, unknown>): Promise<FunctionInvokeResult>;
 }

package/dist/functions.js

@@ -45,7 +45,7 @@ class KoolbaseFunctions {
             'Content-Type': 'application/json',
             'x-api-key': this.config.publicKey,
         };
-        const userToken = this.getUserAccessToken?.();
+        const userToken = await this.getUserAccessToken?.();
         if (userToken) {
             headers['Authorization'] = `Bearer ${userToken}`;
         }

package/dist/index.js

@@ -67,10 +67,10 @@ exports.Koolbase = {
         if (_initialized)
             return;
         _auth = new auth_1.KoolbaseAuth(config);
-        _db = new database_1.KoolbaseDatabase(config, () => _auth?.currentUser?.id ?? null);
-        _storage = new storage_1.KoolbaseStorage(config, () => _auth?.accessToken ?? null);
+        _db = new database_1.KoolbaseDatabase(config, () => _auth?.currentUser?.id ?? null, () => _auth?.validAccessToken() ?? Promise.resolve(null));
+        _storage = new storage_1.KoolbaseStorage(config, () => _auth?.validAccessToken() ?? Promise.resolve(null));
         _realtime = new realtime_1.KoolbaseRealtime(config);
-        _functions = new functions_1.KoolbaseFunctions(config, () => _auth?.accessToken ?? null);
+        _functions = new functions_1.KoolbaseFunctions(config, () => _auth?.validAccessToken() ?? Promise.resolve(null));
         _flags = new flags_1.KoolbaseFlags(config, 'rn-device');
         _codePush = new code_push_1.KoolbaseCodePush(config, config.codePushChannel ?? 'stable');
         // Initialize code push — loads cached bundle then checks in background

package/dist/storage.d.ts

@@ -2,8 +2,8 @@ import { KoolbaseConfig, UploadOptions } from './types';
 export declare class KoolbaseStorage {
     private config;
     private getToken;
-    constructor(config: KoolbaseConfig, getToken: () => string | null);
-    private get headers();
+    constructor(config: KoolbaseConfig, getToken: () => Promise<string | null>);
+    private buildHeaders;
     upload(options: UploadOptions): Promise<{
         url: string;
     }>;

package/dist/storage.js

@@ -6,8 +6,8 @@ class KoolbaseStorage {
         this.config = config;
         this.getToken = getToken;
     }
-    get headers() {
-        const token = this.getToken();
+    async buildHeaders() {
+        const token = await this.getToken();
         return {
             'x-api-key': this.config.publicKey,
             ...(token ? { Authorization: `Bearer ${token}` } : {}),
@@ -17,7 +17,7 @@ class KoolbaseStorage {
         // Get presigned upload URL
         const res = await fetch(`${this.config.baseUrl}/v1/sdk/storage/${options.bucket}/upload`, {
             method: 'POST',
-            headers: { ...this.headers, 'Content-Type': 'application/json' },
+            headers: { ...(await this.buildHeaders()), 'Content-Type': 'application/json' },
             body: JSON.stringify({
                 path: options.path,
                 content_type: options.file.type,
@@ -39,7 +39,7 @@ class KoolbaseStorage {
         return { url: public_url };
     }
     async getDownloadUrl(bucket, path) {
-        const res = await fetch(`${this.config.baseUrl}/v1/sdk/storage/${bucket}/download?path=${encodeURIComponent(path)}`, { headers: this.headers });
+        const res = await fetch(`${this.config.baseUrl}/v1/sdk/storage/${bucket}/download?path=${encodeURIComponent(path)}`, { headers: await this.buildHeaders() });
         if (!res.ok) {
             const data = await res.json();
             throw new Error(data.error ?? 'Failed to get download URL');
@@ -50,7 +50,7 @@ class KoolbaseStorage {
     async delete(bucket, path) {
         const res = await fetch(`${this.config.baseUrl}/v1/sdk/storage/${bucket}/delete`, {
             method: 'DELETE',
-            headers: { ...this.headers, 'Content-Type': 'application/json' },
+            headers: { ...(await this.buildHeaders()), 'Content-Type': 'application/json' },
             body: JSON.stringify({ path }),
         });
         if (!res.ok && res.status !== 204) {

package/dist/sync-engine.d.ts

@@ -3,10 +3,11 @@ type SyncCallback = () => void;
 export declare class SyncEngine {
     private config;
     private getUserId;
+    private getToken;
     private onSyncComplete?;
     private unsubscribe?;
     private isSyncing;
-    constructor(config: KoolbaseConfig, getUserId: () => string | null, onSyncComplete?: SyncCallback);
+    constructor(config: KoolbaseConfig, getUserId: () => string | null, getToken: () => Promise<string | null>, onSyncComplete?: SyncCallback);
     start(): void;
     stop(): void;
     flush(): Promise<void>;

package/dist/sync-engine.js

@@ -7,10 +7,11 @@ exports.SyncEngine = void 0;
 const netinfo_1 = __importDefault(require("@react-native-community/netinfo"));
 const cache_store_1 = require("./cache-store");
 class SyncEngine {
-    constructor(config, getUserId, onSyncComplete) {
+    constructor(config, getUserId, getToken, onSyncComplete) {
         this.isSyncing = false;
         this.config = config;
         this.getUserId = getUserId;
+        this.getToken = getToken;
         this.onSyncComplete = onSyncComplete;
     }
     start() {
@@ -50,9 +51,11 @@ class SyncEngine {
         }
     }
     async executeWrite(write) {
+        const token = await this.getToken();
         const headers = {
             'Content-Type': 'application/json',
             'x-api-key': this.config.publicKey,
+            ...(token ? { Authorization: `Bearer ${token}` } : {}),
         };
         if (write.type === 'insert') {
             const res = await fetch(`${this.config.baseUrl}/v1/sdk/db/insert`, {

package/dist/types.d.ts

@@ -243,3 +243,42 @@ export interface SignInWithGoogleParams {
     idToken: string;
     nonce?: string;
 }
+export type BatchOp = {
+    type: 'insert';
+    collection: string;
+    data: Record<string, unknown>;
+} | {
+    type: 'update';
+    recordId: string;
+    data: Record<string, unknown>;
+} | {
+    type: 'delete';
+    recordId: string;
+} | {
+    type: 'upsert';
+    collection: string;
+    match: Record<string, unknown>;
+    data: Record<string, unknown>;
+};
+/**
+ * Factory helpers for constructing batch operations. Same shape as
+ * Flutter's `KoolbaseBatchOp.insert(...)` etc., so the mental model
+ * transfers between platforms.
+ */
+export declare const BatchOp: {
+    insert: (collection: string, data: Record<string, unknown>) => BatchOp;
+    update: (recordId: string, data: Record<string, unknown>) => BatchOp;
+    delete: (recordId: string) => BatchOp;
+    upsert: (collection: string, opts: {
+        match: Record<string, unknown>;
+        data: Record<string, unknown>;
+    }) => BatchOp;
+};
+export interface BatchResult {
+    type: string;
+    record?: KoolbaseRecord;
+    /** For upsert: true if a new record was inserted, false if one was updated. */
+    created?: boolean;
+    /** True for a successful delete. */
+    deleted?: boolean;
+}

package/dist/types.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.FunctionRuntime = exports.RestoreResult = void 0;
+exports.BatchOp = exports.FunctionRuntime = exports.RestoreResult = void 0;
 /**
  * Result of KoolbaseAuth.restoreSession(). Apps should branch on this:
  * - NoSession  → show login screen
@@ -22,3 +22,19 @@ var FunctionRuntime;
     FunctionRuntime["Deno"] = "deno";
     FunctionRuntime["Dart"] = "dart";
 })(FunctionRuntime || (exports.FunctionRuntime = FunctionRuntime = {}));
+/**
+ * Factory helpers for constructing batch operations. Same shape as
+ * Flutter's `KoolbaseBatchOp.insert(...)` etc., so the mental model
+ * transfers between platforms.
+ */
+exports.BatchOp = {
+    insert: (collection, data) => ({ type: 'insert', collection, data }),
+    update: (recordId, data) => ({ type: 'update', recordId, data }),
+    delete: (recordId) => ({ type: 'delete', recordId }),
+    upsert: (collection, opts) => ({
+        type: 'upsert',
+        collection,
+        match: opts.match,
+        data: opts.data,
+    }),
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@techfinityedge/koolbase-react-native",
-  "version": "2.4.0",
+  "version": "3.1.0",
   "description": "React Native SDK for Koolbase \u2014 auth, database, storage, realtime, feature flags, and functions in one package.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",