@unidy.io/sdk 1.2.0-alpha9 → 1.2.0

package/dist/esm/{index-BVlbCQEX.js → index-kgGjfc-n.js}

@@ -1,164 +1,9 @@
-import { u as unidyState, w as waitForConfig } from './unidy-store-Bg7IaIMd.js';
-import { f as captureException, j as createLogger } from './index-FTKB5a1d.js';
-import { s as state$1 } from './profile-store-CHlSKuTY.js';
-import { t } from './i18n-Da7S9Oqf.js';
-import { a as authStore, s as state } from './auth-store-DBlGNGhq.js';
-import { c as clearUrlParam } from './component-utils-BGq0leDV.js';
-import { F as Flash } from './flash-store-Df2YkLTB.js';
-
-/**
- * Base API client with shared functionality for both browser and standalone environments.
- */
-/**
- * Abstract base class for API clients.
- * Provides shared functionality for making HTTP requests.
- */
-class BaseApiClient {
-    /**
-     * Error messages that indicate a connection failure rather than a server error.
-     * Grouped by source/environment.
-     */
-    static CONNECTION_ERROR_MESSAGES = [
-        // Browser fetch API errors
-        "Failed to fetch", // Generic browser fetch failure (Chrome)
-        "NetworkError", // Firefox network error
-        "Load failed", // Safari network error
-        "The network connection was lost", // Safari connection lost
-        // Chromium/V8 error codes (used by Node.js and Chrome)
-        "ERR_CONNECTION_REFUSED", // Server not accepting connections
-        "ERR_NETWORK", // General network error
-        "ERR_INTERNET_DISCONNECTED", // No internet connection
-        // Node.js system error codes
-        "ECONNREFUSED", // Connection refused by server
-        "ENOTFOUND", // DNS lookup failed
-        "EAI_AGAIN", // Temporary DNS failure
-    ];
-    onConnectionChange;
-    baseUrl;
-    api_key;
-    constructor(config) {
-        this.baseUrl = config.baseUrl;
-        this.api_key = config.apiKey;
-        this.onConnectionChange = config.onConnectionChange;
-    }
-    isConnectionError(error) {
-        if (error instanceof Error) {
-            return BaseApiClient.CONNECTION_ERROR_MESSAGES.some((msg) => error.message.includes(msg));
-        }
-        return false;
-    }
-    setConnectionStatus(isConnected) {
-        this.onConnectionChange?.(isConnected);
-    }
-    baseHeaders() {
-        const h = new Headers();
-        h.set("Content-Type", "application/json");
-        h.set("Accept", "application/json");
-        h.set("Authorization", `Bearer ${this.api_key}`);
-        return h;
-    }
-    mergeHeaders(base, extra) {
-        const out = new Headers(base);
-        if (extra) {
-            new Headers(extra).forEach((v, k) => {
-                out.set(k, v);
-            });
-        }
-        return out;
-    }
-    /**
-     * Builds a query string from params, filtering out undefined/null values.
-     */
-    buildQueryString(params) {
-        if (!params)
-            return "";
-        const filtered = Object.entries(params)
-            .filter(([_, v]) => v !== undefined && v !== null)
-            .map(([k, v]) => [k, String(v)]);
-        if (filtered.length === 0)
-            return "";
-        return `?${new URLSearchParams(Object.fromEntries(filtered)).toString()}`;
-    }
-    async request(method, endpoint, body, headers) {
-        let res = null;
-        try {
-            res = await fetch(`${this.baseUrl}${endpoint}`, {
-                method,
-                ...this.getRequestOptions(),
-                headers: this.mergeHeaders(this.baseHeaders(), headers),
-                body: body ? JSON.stringify(body) : undefined,
-            });
-            let data;
-            try {
-                data = await res.json();
-            }
-            catch {
-                data = undefined;
-            }
-            this.setConnectionStatus(true);
-            return {
-                data,
-                status: res.status,
-                headers: res.headers,
-                success: res.ok,
-                connectionError: false,
-            };
-        }
-        catch (error) {
-            const connectionFailed = this.isConnectionError(error);
-            if (connectionFailed) {
-                this.setConnectionStatus(false);
-                this.handleConnectionError(error, endpoint, method);
-            }
-            return {
-                status: res?.status ?? (connectionFailed ? 0 : 500),
-                error: error instanceof Error ? error.message : String(error),
-                headers: res?.headers ?? new Headers(),
-                success: false,
-                data: undefined,
-                connectionError: connectionFailed,
-            };
-        }
-    }
-    async get(endpoint, headers, params) {
-        const queryString = this.buildQueryString(params);
-        return this.request("GET", `${endpoint}${queryString}`, undefined, headers);
-    }
-    async post(endpoint, body, headers) {
-        return this.request("POST", endpoint, body, headers);
-    }
-    async patch(endpoint, body, headers) {
-        return this.request("PATCH", endpoint, body, headers);
-    }
-    async delete(endpoint, headers) {
-        return this.request("DELETE", endpoint, undefined, headers);
-    }
-}
-
-/**
- * Browser-specific API client with CORS mode and Sentry error reporting.
- */
-class ApiClient extends BaseApiClient {
-    constructor(baseUrl, apiKey, onConnectionChange) {
-        super({ baseUrl, apiKey, onConnectionChange });
-    }
-    setConnectionStatus(isConnected) {
-        super.setConnectionStatus(isConnected);
-        unidyState.backendConnected = isConnected;
-    }
-    getRequestOptions() {
-        return {
-            mode: "cors",
-            credentials: "include",
-        };
-    }
-    handleConnectionError(error, endpoint, method) {
-        captureException(error, {
-            tags: { error_type: "connection_error" },
-            extra: { endpoint, method },
-        });
-    }
-}
+import { s as state$1 } from './profile-store-7wBS3gBH.js';
+import { i as createLogger, f as captureException } from './index-BsJDptgj.js';
+import { w as waitForConfig, u as unidyState } from './unidy-store-B5Bf4Vit.js';
+import { t } from './i18n-ioyZxWsT.js';
+import { a as authStore, s as state } from './auth-store-CSpEdi46.js';
+import { F as Flash } from './flash-store-Dn1Bava8.js';
 
 /** A special constant with type `never` */
 function $constructor(name, initializer, params) {
@@ -5148,7 +4993,7 @@ const BaseFieldDataSchema = object({
     label: string(),
     attr_name: string(),
     locked: boolean().optional(),
-    locked_text: string().optional(),
+    locked_text: string().nullish(),
 })
     .strict();
 // Select option schema
@@ -5362,7 +5207,7 @@ const ErrorSchema = BaseErrorSchema;
 // Magic code response
 const SendMagicCodeResponseSchema = object({
     enable_resend_after: number(),
-    sid: string().optional(),
+    sid: string().nullish(),
     login_options: object({
         magic_link: boolean(),
     })
@@ -5375,7 +5220,7 @@ const SendMagicCodeErrorSchema = BaseErrorSchema.extend({
 // JWT token response
 const TokenResponseSchema = object({
     jwt: string(),
-    sid: string().optional(),
+    sid: string().nullish(),
 });
 // Missing required fields response extends base error with specific error_identifier
 const RequiredFieldsResponseSchema = object({
@@ -5384,7 +5229,7 @@ const RequiredFieldsResponseSchema = object({
         fields: UserProfileSchema.omit({ custom_attributes: true }).partial().extend({
             custom_attributes: UserProfileSchema.shape.custom_attributes?.optional(),
         }),
-        sid: string().optional(),
+        sid: string().nullish(),
     }),
 })
     .transform(({ error_identifier, meta }) => ({
@@ -5426,8 +5271,8 @@ const JumpToUnidyErrorSchema = object({
 });
 const JumpToServiceRequestSchema = object({
     email: string(),
-    redirect_uri: string().optional(),
-    scopes: array(string()).optional(),
+    redirect_uri: string().nullish(),
+    scopes: array(string()).nullish(),
     skip_oauth_authorization: boolean().optional(),
 });
 const JumpToUnidyRequestSchema = object({
@@ -5698,672 +5543,158 @@ class AuthService extends BaseService {
     }
 }
 
-// Salutation enum
-const SalutationEnum = _enum(["mr", "mrs", "mx"]);
-// Newsletter subscription from API
-const NewsletterSubscriptionSchema = object({
-    id: number(),
-    email: string(),
-    newsletter_internal_name: string(),
-    preference_identifiers: array(string()),
-    preference_token: string(),
-    confirmed_at: string().nullable(),
-});
-// Newsletter subscription error extends base error with typed meta
-const NewsletterSubscriptionErrorSchema = BaseErrorSchema.extend({
-    error_details: record(string(), array(string())).optional(),
-    meta: object({
-        newsletter_internal_name: string(),
-    }),
-});
-// Create subscriptions response
-const CreateSubscriptionsResponseSchema = object({
-    results: array(NewsletterSubscriptionSchema),
-    errors: array(NewsletterSubscriptionErrorSchema),
-});
-// Additional fields for subscription creation - using .partial() for all optional fields
-const AdditionalFieldsSchema = object({
-    first_name: string().nullable(),
-    last_name: string().nullable(),
-    salutation: SalutationEnum.nullable(),
-    phone_number: string().nullable(),
-    date_of_birth: string().nullable(),
-    company_name: string().nullable(),
-    address_line_1: string().nullable(),
-    address_line_2: string().nullable(),
-    city: string().nullable(),
-    postal_code: string().nullable(),
-    country_code: string().nullable(),
-    preferred_language: string().nullable(),
-    custom_attributes: record(string(), unknown()).nullable(),
-})
-    .partial();
-// Create subscriptions payload
-const CreateSubscriptionsPayloadSchema = object({
-    email: string(),
-    additional_fields: optional(AdditionalFieldsSchema),
-    newsletter_subscriptions: array(object({
-        newsletter_internal_name: string(),
-        preference_identifiers: optional(array(string())),
-    })),
-    redirect_to_after_confirmation: optional(string()),
-});
-// Update subscription payload
-const UpdateSubscriptionPayloadSchema = object({
-    preference_identifiers: array(string()),
-});
-// Login email payload
-const LoginEmailPayloadSchema = object({
-    email: string(),
-    redirect_uri: string(),
-});
-// Resend DOI payload
-const ResendDoiPayloadSchema = object({
-    redirect_to_after_confirmation: string(),
-})
-    .partial();
-// Preference schema
-const PreferenceSchema = object({
-    id: number(),
-    name: string(),
-    description: string().nullable(),
-    plugin_identifier: string().nullable(),
-    position: number(),
-    default: boolean(),
-    hidden: boolean(),
-});
-// Preference group schema
-const PreferenceGroupSchema = object({
-    id: number(),
-    name: string(),
-    position: number(),
-    flat: boolean(),
-    preferences: array(PreferenceSchema),
-});
-// Newsletter schema
-const NewsletterSchema = object({
-    id: number(),
-    internal_name: string(),
-    default: boolean(),
-    position: number(),
-    opt_in_type: string(),
-    title: string(),
-    description: string().nullable(),
-    created_at: string(),
-    updated_at: string(),
-    preference_groups: array(PreferenceGroupSchema),
-});
-// Newsletters list response
-const NewslettersResponseSchema = object({
-    newsletters: array(NewsletterSchema),
-});
-// Delete subscription response
-const DeleteSubscriptionResponseSchema = object({
-    new_preference_token: string(),
-})
-    .nullable();
-// Generic newsletter error response (extends base error)
-const NewsletterErrorResponseSchema = BaseErrorSchema;
-
-class NewsletterService extends BaseService {
-    constructor(client, deps) {
-        super(client, "NewsletterService", deps);
+class InvalidTokenError extends Error {
+}
+InvalidTokenError.prototype.name = "InvalidTokenError";
+function b64DecodeUnicode(str) {
+    return decodeURIComponent(atob(str).replace(/(.)/g, (m, p) => {
+        let code = p.charCodeAt(0).toString(16).toUpperCase();
+        if (code.length < 2) {
+            code = "0" + code;
+        }
+        return "%" + code;
+    }));
+}
+function base64UrlDecode(str) {
+    let output = str.replace(/-/g, "+").replace(/_/g, "/");
+    switch (output.length % 4) {
+        case 0:
+            break;
+        case 2:
+            output += "==";
+            break;
+        case 3:
+            output += "=";
+            break;
+        default:
+            throw new Error("base64 string is not of the correct length");
     }
-    async buildNewsletterAuthHeaders(options) {
-        const idToken = await this.getIdToken();
-        return this.buildAuthHeaders({
-            "X-ID-Token": idToken ?? undefined,
-            "X-Preference-Token": options?.preferenceToken,
-        });
+    try {
+        return b64DecodeUnicode(output);
     }
-    /**
-     * Create newsletter subscriptions for a user
-     */
-    async create(args) {
-        const { payload, options } = args;
-        const validatedPayload = CreateSubscriptionsPayloadSchema.safeParse(payload);
-        if (!validatedPayload.success) {
-            this.logger.error("Invalid payload for create", validatedPayload.error);
-            return ["schema_validation_error", { error_identifier: "schema_validation_error", errors: [String(validatedPayload.error)] }];
-        }
-        const headers = await this.buildNewsletterAuthHeaders(options);
-        const response = await this.client.post("/api/sdk/v1/newsletters/newsletter_subscription", payload, headers);
-        return this.handleResponse(response, () => {
-            if (!response.success) {
-                const parsed = NewsletterErrorResponseSchema.safeParse(response.data);
-                const error = parsed.success ? parsed.data : { error_identifier: "unknown_error" };
-                switch (response.status) {
-                    case 401:
-                        return ["unauthorized", error];
-                    case 429:
-                        this.logger.warn("Rate limit exceeded");
-                        return ["rate_limit_exceeded", error];
-                    case 500:
-                        this.errorReporter.captureException(response);
-                        return ["server_error", error];
-                    default:
-                        return ["server_error", error];
-                }
-            }
-            const data = CreateSubscriptionsResponseSchema.parse(response.data);
-            if (data.errors.length > 0) {
-                return ["newsletter_error", data];
-            }
-            return [null, data];
-        });
+    catch (err) {
+        return atob(output);
     }
-    /**
-     * List all subscriptions for the authenticated user
-     */
-    async list(args) {
-        const headers = await this.buildNewsletterAuthHeaders(args?.options);
-        const response = await this.client.get("/api/sdk/v1/newsletters/newsletter_subscription", headers);
-        return this.handleResponse(response, () => {
-            if (!response.success) {
-                const parsed = NewsletterErrorResponseSchema.safeParse(response.data);
-                const error = parsed.success ? parsed.data : { error_identifier: "unknown_error" };
-                if (response.status === 401) {
-                    return ["unauthorized", error];
-                }
-                return ["server_error", error];
-            }
-            const data = array(NewsletterSubscriptionSchema).parse(response.data);
-            return [null, data];
-        });
+}
+function jwtDecode(token, options) {
+    if (typeof token !== "string") {
+        throw new InvalidTokenError("Invalid token specified: must be a string");
     }
-    /**
-     * Get a specific subscription by newsletter internal name
-     */
-    async get(args) {
-        const { internalName, options } = args;
-        const headers = await this.buildNewsletterAuthHeaders(options);
-        const response = await this.client.get(`/api/sdk/v1/newsletters/${internalName}/newsletter_subscription`, headers);
-        return this.handleResponse(response, () => {
-            if (!response.success) {
-                const parsed = NewsletterErrorResponseSchema.safeParse(response.data);
-                const error = parsed.success ? parsed.data : { error_identifier: "unknown_error" };
-                if (response.status === 401) {
-                    return ["unauthorized", error];
-                }
-                if (response.status === 404) {
-                    return ["not_found", error];
-                }
-                return ["server_error", error];
-            }
-            const data = NewsletterSubscriptionSchema.parse(response.data);
-            return [null, data];
-        });
+    options || (options = {});
+    const pos = options.header === true ? 0 : 1;
+    const part = token.split(".")[pos];
+    if (typeof part !== "string") {
+        throw new InvalidTokenError(`Invalid token specified: missing part #${pos + 1}`);
     }
-    /**
-     * Update a subscription's preferences
-     */
-    async update(args) {
-        const { internalName, payload, options } = args;
-        const validatedPayload = UpdateSubscriptionPayloadSchema.safeParse(payload);
-        if (!validatedPayload.success) {
-            this.logger.error("Invalid payload for update", validatedPayload.error);
-            return ["schema_validation_error", { error_identifier: "schema_validation_error", errors: [String(validatedPayload.error)] }];
-        }
-        const headers = await this.buildNewsletterAuthHeaders(options);
-        const response = await this.client.patch(`/api/sdk/v1/newsletters/${internalName}/newsletter_subscription`, payload, headers);
-        return this.handleResponse(response, () => {
-            if (!response.success) {
-                const parsed = NewsletterErrorResponseSchema.safeParse(response.data);
-                const error = parsed.success ? parsed.data : { error_identifier: "unknown_error" };
-                if (response.status === 401) {
-                    return ["unauthorized", error];
-                }
-                if (response.status === 404) {
-                    return ["not_found", error];
-                }
-                return ["server_error", error];
-            }
-            const data = NewsletterSubscriptionSchema.parse(response.data);
-            return [null, data];
-        });
+    let decoded;
+    try {
+        decoded = base64UrlDecode(part);
     }
-    /**
-     * Delete a subscription
-     */
-    async delete(args) {
-        const { internalName, options } = args;
-        const headers = await this.buildNewsletterAuthHeaders(options);
-        const response = await this.client.delete(`/api/sdk/v1/newsletters/${internalName}/newsletter_subscription`, headers);
-        return this.handleResponse(response, () => {
-            if (!response.success) {
-                const parsed = NewsletterErrorResponseSchema.safeParse(response.data);
-                const error = parsed.success ? parsed.data : { error_identifier: "unknown_error" };
-                if (response.status === 401) {
-                    return ["unauthorized", error];
-                }
-                if (response.status === 404) {
-                    return ["not_found", error];
-                }
-                if (response.status === 422) {
-                    return ["unprocessable_entity", error];
-                }
-                return ["server_error", error];
-            }
-            if (response.status === 204) {
-                return [null, null];
-            }
-            const data = DeleteSubscriptionResponseSchema.parse(response.data);
-            return [null, data];
-        });
+    catch (e) {
+        throw new InvalidTokenError(`Invalid token specified: invalid base64 for part #${pos + 1} (${e.message})`);
     }
-    /**
-     * Resend double opt-in confirmation email
-     */
-    async resendDoi(args) {
-        const { internalName, payload, options } = args;
-        const validatedPayload = ResendDoiPayloadSchema.safeParse(payload);
-        if (!validatedPayload.success) {
-            this.logger.error("Invalid payload for resendDoi", validatedPayload.error);
-            return ["schema_validation_error", { error_identifier: "schema_validation_error", errors: [String(validatedPayload.error)] }];
-        }
-        const headers = await this.buildNewsletterAuthHeaders(options);
-        const response = await this.client.post(`/api/sdk/v1/newsletters/${internalName}/newsletter_subscription/resend_doi`, payload, headers);
-        return this.handleResponse(response, () => {
-            if (!response.success) {
-                const parsed = NewsletterErrorResponseSchema.safeParse(response.data);
-                const error = parsed.success ? parsed.data : { error_identifier: "unknown_error" };
-                if (response.status === 401) {
-                    return ["unauthorized", error];
-                }
-                if (response.status === 404) {
-                    return ["not_found", error];
-                }
-                if (error.error_identifier === "already_confirmed") {
-                    return ["already_confirmed", error];
-                }
-                return ["server_error", error];
-            }
-            return [null, null];
-        });
+    try {
+        return JSON.parse(decoded);
     }
-    /**
-     * Send a login email for newsletter management
-     */
-    async sendLoginEmail(args) {
-        const { payload } = args;
-        const validatedPayload = LoginEmailPayloadSchema.safeParse(payload);
-        if (!validatedPayload.success) {
-            this.logger.error("Invalid payload for sendLoginEmail", validatedPayload.error);
-            return ["schema_validation_error", { error_identifier: "schema_validation_error", errors: [String(validatedPayload.error)] }];
-        }
-        const response = await this.client.post("/api/sdk/v1/newsletters/newsletter_subscription/login_email", payload);
-        return this.handleResponse(response, () => {
-            if (!response.success) {
-                const parsed = NewsletterErrorResponseSchema.safeParse(response.data);
-                const error = parsed.success ? parsed.data : { error_identifier: "unknown_error" };
-                if (response.status === 429) {
-                    return ["rate_limit_exceeded", error];
-                }
-                if (response.status === 404) {
-                    return ["not_found", error];
-                }
-                return ["server_error", error];
-            }
-            return [null, null];
-        });
+    catch (e) {
+        throw new InvalidTokenError(`Invalid token specified: invalid json for part #${pos + 1} (${e.message})`);
     }
-    /**
-     * List all available newsletters
-     */
-    async listAll() {
-        const response = await this.client.get("/api/sdk/v1/newsletters");
-        return this.handleResponse(response, () => {
-            if (!response.success) {
-                return ["server_error", null];
-            }
-            const data = NewslettersResponseSchema.parse(response.data);
-            return [null, data];
-        });
-    }
-    /**
-     * Get a newsletter by its internal name
-     */
-    async getByName(args) {
-        const { internalName } = args;
-        const response = await this.client.get(`/api/sdk/v1/newsletters/${internalName}`);
-        return this.handleResponse(response, () => {
-            if (!response.success) {
-                const parsed = NewsletterErrorResponseSchema.safeParse(response.data);
-                const error = parsed.success ? parsed.data : { error_identifier: "unknown_error" };
-                if (response.status === 404) {
-                    return ["not_found", error];
-                }
-                return ["server_error", error];
-            }
-            const data = NewsletterSchema.parse(response.data);
-            return [null, data];
-        });
+}
+
+/**
+ * Removes a query parameter from the current URL and updates the browser history.
+ * Uses `replaceState` to avoid adding a new history entry.
+ *
+ * @param param - The name of the query parameter to remove
+ * @returns The value of the removed parameter, or null if it wasn't present
+ *
+ * @example
+ * ```ts
+ * // URL: https://example.com?token=abc123&foo=bar
+ * const token = clearUrlParam("token");
+ * // token = "abc123"
+ * // URL is now: https://example.com?foo=bar
+ * ```
+ */
+function clearUrlParam(param) {
+    const url = new URL(window.location.href);
+    const value = url.searchParams.get(param);
+    if (value) {
+        url.searchParams.delete(param);
+        window.history.replaceState(null, "", url.toString());
     }
+    return value;
 }
 
-// Input validation schemas for ticketable list parameters
-const TicketableListParamsSchema = object({
-    page: number().int().positive().optional(),
-    perPage: number().int().positive().max(250).optional(),
-    state: string().optional(),
-    paymentState: string().optional(),
-    orderBy: _enum(["starts_at", "ends_at", "reference", "created_at"]).optional(),
-    orderDirection: _enum(["asc", "desc"]).optional(),
-    serviceId: number().int().positive().optional(),
-});
-// Date transformer for ISO8601 strings
-const dateTransformer = date();
-const nullableDateTransformer = date().nullable();
-// Ticket schema based on TicketSerializer
-const TicketSchema = object({
-    id: uuid(), // unidy_id
-    title: string(),
-    text: string().nullable(),
-    reference: string(),
-    metadata: record(string(), unknown()).nullable(),
-    wallet_export: record(string(), unknown()).nullable(),
-    state: string(),
-    payment_state: string().nullable(),
-    button_cta_url: string().nullable(),
-    info_banner: string().nullable(),
-    seating: string().nullable(),
-    venue: string().nullable(),
-    currency: string().nullable(),
-    starts_at: dateTransformer, // ISO8601(3) -> Date
-    ends_at: nullableDateTransformer, // ISO8601(3) -> Date | null
-    created_at: dateTransformer, // ISO8601(3) -> Date
-    updated_at: dateTransformer, // ISO8601(3) -> Date
-    price: number(), // decimal(8, 2) -> float
-    user_id: uuid(),
-    ticket_category_id: uuid(),
-});
-// Tickets list response schema
-const TicketsListResponseSchema = object({
-    meta: PaginationMetaSchema,
-    results: array(TicketSchema),
-});
-// Subscription schema based on SubscriptionSerializer
-const SubscriptionSchema = object({
-    id: uuid(), // unidy_id
-    title: string(),
-    text: string(),
-    payment_frequency: string().nullable(),
-    metadata: record(string(), unknown()).nullable(),
-    wallet_export: record(string(), unknown()).nullable(),
-    state: string(),
-    reference: string(),
-    payment_state: string().nullable(),
-    currency: string().nullable(),
-    button_cta_url: string().nullable(),
-    created_at: dateTransformer, // ISO8601(3) -> Date
-    updated_at: dateTransformer, // ISO8601(3) -> Date
-    starts_at: nullableDateTransformer, // ISO8601(3) -> Date | null
-    ends_at: nullableDateTransformer, // ISO8601(3) -> Date | null
-    next_payment_at: nullableDateTransformer, // ISO8601(3) -> Date | null
-    price: number(), // decimal(8, 2) -> float
-    user_id: uuid(),
-    subscription_category_id: uuid(),
-});
-// Subscriptions list response schema
-const SubscriptionsListResponseSchema = object({
-    meta: PaginationMetaSchema,
-    results: array(SubscriptionSchema),
-});
-
-/**
- * Base service for ticketable resources (tickets and subscriptions).
- * Handles common query parameter building and response parsing.
- */
-class TicketableService extends BaseService {
-    /**
-     * Builds query params from args, mapping camelCase to snake_case.
-     * Returns undefined values filtered out.
-     */
-    buildListParams(args = {}, categoryIdKey, categoryIdValue) {
-        return {
-            page: args.page,
-            limit: args.perPage,
-            state: args.state,
-            payment_state: args.paymentState,
-            order_by: args.orderBy,
-            order_direction: args.orderDirection,
-            service_id: args.serviceId,
-            [categoryIdKey]: categoryIdValue,
-        };
-    }
-    /**
-     * Converts params to query string, filtering undefined/null and converting to strings.
-     */
-    toQueryString(params) {
-        const filtered = Object.entries(params)
-            .filter(([_, v]) => v !== undefined && v !== null)
-            .map(([k, v]) => [k, String(v)]);
-        if (filtered.length === 0)
-            return "";
-        return `?${new URLSearchParams(Object.fromEntries(filtered)).toString()}`;
-    }
-    /**
-     * Validates list arguments before making API request.
-     * Uses Zod for input validation.
-     */
-    validateListArgs(args) {
-        const result = TicketableListParamsSchema.safeParse(args);
-        if (!result.success) {
-            this.logger.error("Invalid list parameters", result.error);
-            return false;
-        }
-        return true;
+const logger = createLogger("PasskeyAuth");
+const PASSKEY_ERRORS = {
+    NotSupportedError: "passkey_not_supported",
+    NotAllowedError: "passkey_cancelled",
+    SecurityError: "passkey_security_error",
+    InvalidStateError: "passkey_invalid_state",
+};
+function decodeBase64Url(base64url) {
+    const base64 = base64url.replace(/-/g, "+").replace(/_/g, "/");
+    const padded = base64 + "=".repeat((4 - (base64.length % 4)) % 4);
+    return Uint8Array.from(atob(padded), (c) => c.charCodeAt(0));
+}
+function buildPublicKeyOptions(options) {
+    return {
+        challenge: Uint8Array.from(atob(options.challenge), (c) => c.charCodeAt(0)),
+        timeout: options.timeout || 60000,
+        rpId: options.rpId,
+        userVerification: options.userVerification || "required",
+        allowCredentials: options.allowCredentials?.map((cred) => ({
+            ...cred,
+            id: decodeBase64Url(cred.id),
+        })),
+    };
+}
+function formatCredentialForServer(credential) {
+    const response = credential.response;
+    return {
+        id: credential.id,
+        rawId: btoa(String.fromCharCode(...new Uint8Array(credential.rawId))),
+        response: {
+            authenticatorData: btoa(String.fromCharCode(...new Uint8Array(response.authenticatorData))),
+            clientDataJSON: btoa(String.fromCharCode(...new Uint8Array(response.clientDataJSON))),
+            signature: btoa(String.fromCharCode(...new Uint8Array(response.signature))),
+        },
+        type: credential.type,
+    };
+}
+function extractAndSetSignInId(tokenResponse) {
+    if (tokenResponse.sid) {
+        authStore.setSignInId(tokenResponse.sid);
+        return;
     }
-    /**
-     * Generic list handler with schema validation.
-     */
-    async handleList(endpoint, queryString, schema, resourceName, args = {}) {
-        // Validate input parameters
-        if (!this.validateListArgs(args)) {
-            return ["invalid_response", null]; // Invalid input treated same as invalid response
-        }
-        const idToken = await this.getIdToken();
-        if (!idToken) {
-            return ["missing_id_token", null];
+    // Fallback: extract sid from JWT token payload
+    try {
+        const decoded = jwtDecode(tokenResponse.jwt);
+        if (decoded.sid) {
+            authStore.setSignInId(decoded.sid);
         }
-        const response = await this.client.get(`${endpoint}${queryString}`, this.buildAuthHeaders({ "X-ID-Token": idToken }));
-        return this.handleResponse(response, () => {
-            if (!response.success) {
-                this.logger.error(`Failed to fetch ${resourceName}`, response);
-                return ["server_error", null];
-            }
-            const parsed = schema.safeParse(response.data);
-            if (!parsed.success) {
-                this.logger.error("Invalid response format", parsed.error);
-                this.errorReporter.captureException(parsed.error, { resourceName, endpoint });
-                return ["invalid_response", null];
-            }
-            return [null, parsed.data];
-        });
     }
-    /**
-     * Generic get handler with schema validation.
-     */
-    async handleGet(endpoint, schema, resourceName) {
-        const idToken = await this.getIdToken();
-        if (!idToken) {
-            return ["missing_id_token", null];
-        }
-        const response = await this.client.get(endpoint, this.buildAuthHeaders({ "X-ID-Token": idToken }));
-        return this.handleResponse(response, () => {
-            if (!response.success) {
-                if (response.status === 404) {
-                    return ["not_found", null];
-                }
-                this.logger.error(`Failed to fetch ${resourceName}`, response);
-                return ["server_error", null];
-            }
-            const parsed = schema.safeParse(response.data);
-            if (!parsed.success) {
-                this.logger.error("Invalid response format", parsed.error);
-                this.errorReporter.captureException(parsed.error, { resourceName, endpoint });
-                return ["invalid_response", null];
-            }
-            return [null, parsed.data];
-        });
+    catch {
+        // Failed to decode JWT token to extract sid, continue without it
     }
 }
-
-class SubscriptionsService extends TicketableService {
-    constructor(client, deps) {
-        super(client, "SubscriptionsService", deps);
-    }
-    async list(args = {}) {
-        const params = this.buildListParams(args, "subscription_category_id", args.subscriptionCategoryId);
-        const queryString = this.toQueryString(params);
-        return this.handleList("/api/sdk/v1/subscriptions", queryString, SubscriptionsListResponseSchema, "subscriptions", args);
-    }
-    async get(args) {
-        return this.handleGet(`/api/sdk/v1/subscriptions/${args.id}`, SubscriptionSchema, "subscription");
+function handlePasskeyError(error) {
+    logger.error("Passkey error:", error);
+    let errorMessage = "passkey_error";
+    if (error instanceof DOMException) {
+        errorMessage = PASSKEY_ERRORS[error.name] || "passkey_error";
     }
+    authStore.setFieldError("passkey", errorMessage);
+    authStore.setLoading(false);
 }
-
-class TicketsService extends TicketableService {
-    constructor(client, deps) {
-        super(client, "TicketsService", deps);
-    }
-    async list(args = {}) {
-        const params = this.buildListParams(args, "ticket_category_id", args.ticketCategoryId);
-        const queryString = this.toQueryString(params);
-        return this.handleList("/api/sdk/v1/tickets", queryString, TicketsListResponseSchema, "tickets", args);
-    }
-    async get(args) {
-        return this.handleGet(`/api/sdk/v1/tickets/${args.id}`, TicketSchema, "ticket");
-    }
-}
-
-class InvalidTokenError extends Error {
-}
-InvalidTokenError.prototype.name = "InvalidTokenError";
-function b64DecodeUnicode(str) {
-    return decodeURIComponent(atob(str).replace(/(.)/g, (m, p) => {
-        let code = p.charCodeAt(0).toString(16).toUpperCase();
-        if (code.length < 2) {
-            code = "0" + code;
-        }
-        return "%" + code;
-    }));
-}
-function base64UrlDecode(str) {
-    let output = str.replace(/-/g, "+").replace(/_/g, "/");
-    switch (output.length % 4) {
-        case 0:
-            break;
-        case 2:
-            output += "==";
-            break;
-        case 3:
-            output += "=";
-            break;
-        default:
-            throw new Error("base64 string is not of the correct length");
-    }
-    try {
-        return b64DecodeUnicode(output);
-    }
-    catch (err) {
-        return atob(output);
-    }
-}
-function jwtDecode(token, options) {
-    if (typeof token !== "string") {
-        throw new InvalidTokenError("Invalid token specified: must be a string");
-    }
-    options || (options = {});
-    const pos = options.header === true ? 0 : 1;
-    const part = token.split(".")[pos];
-    if (typeof part !== "string") {
-        throw new InvalidTokenError(`Invalid token specified: missing part #${pos + 1}`);
-    }
-    let decoded;
-    try {
-        decoded = base64UrlDecode(part);
-    }
-    catch (e) {
-        throw new InvalidTokenError(`Invalid token specified: invalid base64 for part #${pos + 1} (${e.message})`);
-    }
-    try {
-        return JSON.parse(decoded);
-    }
-    catch (e) {
-        throw new InvalidTokenError(`Invalid token specified: invalid json for part #${pos + 1} (${e.message})`);
-    }
-}
-
-const logger = createLogger("PasskeyAuth");
-const PASSKEY_ERRORS = {
-    NotSupportedError: "passkey_not_supported",
-    NotAllowedError: "passkey_cancelled",
-    SecurityError: "passkey_security_error",
-    InvalidStateError: "passkey_invalid_state",
-};
-function decodeBase64Url(base64url) {
-    const base64 = base64url.replace(/-/g, "+").replace(/_/g, "/");
-    const padded = base64 + "=".repeat((4 - (base64.length % 4)) % 4);
-    return Uint8Array.from(atob(padded), (c) => c.charCodeAt(0));
-}
-function buildPublicKeyOptions(options) {
-    return {
-        challenge: Uint8Array.from(atob(options.challenge), (c) => c.charCodeAt(0)),
-        timeout: options.timeout || 60000,
-        rpId: options.rpId,
-        userVerification: options.userVerification || "required",
-        allowCredentials: options.allowCredentials?.map((cred) => ({
-            ...cred,
-            id: decodeBase64Url(cred.id),
-        })),
-    };
-}
-function formatCredentialForServer(credential) {
-    const response = credential.response;
-    return {
-        id: credential.id,
-        rawId: btoa(String.fromCharCode(...new Uint8Array(credential.rawId))),
-        response: {
-            authenticatorData: btoa(String.fromCharCode(...new Uint8Array(response.authenticatorData))),
-            clientDataJSON: btoa(String.fromCharCode(...new Uint8Array(response.clientDataJSON))),
-            signature: btoa(String.fromCharCode(...new Uint8Array(response.signature))),
-        },
-        type: credential.type,
-    };
-}
-function extractAndSetSignInId(tokenResponse) {
-    if (tokenResponse.sid) {
-        authStore.setSignInId(tokenResponse.sid);
-        return;
-    }
-    // Fallback: extract sid from JWT token payload
-    try {
-        const decoded = jwtDecode(tokenResponse.jwt);
-        if (decoded.sid) {
-            authStore.setSignInId(decoded.sid);
-        }
-    }
-    catch {
-        // Failed to decode JWT token to extract sid, continue without it
-    }
-}
-function handlePasskeyError(error) {
-    logger.error("Passkey error:", error);
-    let errorMessage = "passkey_error";
-    if (error instanceof DOMException) {
-        errorMessage = PASSKEY_ERRORS[error.name] || "passkey_error";
-    }
-    authStore.setFieldError("passkey", errorMessage);
-    authStore.setLoading(false);
-}
-async function authenticateWithPasskey(client, onSuccess) {
-    authStore.setLoading(true);
-    authStore.clearErrors();
-    if (!window.PublicKeyCredential) {
-        authStore.setFieldError("passkey", "passkey_not_supported");
-        authStore.setLoading(false);
-        return;
+async function authenticateWithPasskey(client, onSuccess) {
+    authStore.setLoading(true);
+    authStore.clearErrors();
+    if (!window.PublicKeyCredential) {
+        authStore.setFieldError("passkey", "passkey_not_supported");
+        authStore.setLoading(false);
+        return;
     }
     try {
         const [optionsError, options] = await client.auth.getPasskeyOptions(state.sid ? { signInId: state.sid } : undefined);
@@ -6507,13 +5838,6 @@ class AuthHelpers {
         return [error, _];
     }
     async refreshToken() {
-        if (state.step === "missing-fields") {
-            return;
-        }
-        const sid = clearUrlParam("sid");
-        if (sid) {
-            authStore.setSignInId(sid);
-        }
         if (!state.sid) {
             this.logger.warn("No sign-in ID in the session");
             return;
@@ -6527,6 +5851,12 @@ class AuthHelpers {
             authStore.setToken(response.jwt);
         }
     }
+    extractSidFromUrl() {
+        const sid = clearUrlParam("sid");
+        if (sid) {
+            authStore.setSignInId(sid);
+        }
+    }
     async checkSignedIn() {
         if (state.authenticated)
             return;
@@ -6569,307 +5899,1052 @@ class AuthHelpers {
         }
         return [error, response];
     }
-    async sendResetPasswordEmail() {
-        if (!state.sid) {
-            throw new Error(t("errors.no_sign_in_id"));
-        }
-        authStore.setLoading(true);
-        authStore.setResetPasswordStep("requested");
-        const [error, _] = await this.client.auth.sendResetPasswordEmail({
-            signInId: state.sid,
-            payload: { returnTo: window.location.href },
-        });
-        if (error) {
-            authStore.setFieldError("resetPassword", error);
-        }
-        else {
-            authStore.setResetPasswordStep("sent");
-            authStore.clearErrors();
+    async sendResetPasswordEmail() {
+        if (!state.sid) {
+            throw new Error(t("errors.no_sign_in_id"));
+        }
+        authStore.setLoading(true);
+        authStore.setResetPasswordStep("requested");
+        const [error, _] = await this.client.auth.sendResetPasswordEmail({
+            signInId: state.sid,
+            payload: { returnTo: window.location.href },
+        });
+        if (error) {
+            authStore.setFieldError("resetPassword", error);
+        }
+        else {
+            authStore.setResetPasswordStep("sent");
+            authStore.clearErrors();
+        }
+        authStore.setLoading(false);
+    }
+    async resetPassword() {
+        if (!state.resetPassword.token) {
+            throw new Error("No reset token available");
+        }
+        if (!state.resetPassword.newPassword) {
+            authStore.setFieldError("resetPassword", "password_required");
+            return;
+        }
+        if (state.resetPassword.passwordConfirmation &&
+            state.resetPassword.newPassword !== state.resetPassword.passwordConfirmation) {
+            authStore.setFieldError("resetPassword", "passwords_do_not_match");
+            return;
+        }
+        authStore.setLoading(true);
+        authStore.clearErrors();
+        const [error, response] = await this.client.auth.resetPassword({
+            signInId: state.sid,
+            token: state.resetPassword.token,
+            payload: {
+                password: state.resetPassword.newPassword,
+                passwordConfirmation: state.resetPassword.passwordConfirmation,
+            },
+        });
+        if (error) {
+            authStore.setFieldError("resetPassword", error);
+            // TODO: add proper password requirements handling --> for now this is fine
+            if (error === "invalid_password") {
+                authStore.setFieldError("password", response.error_details?.password.map((p) => t(`errors.password_requirements.${p}`)).join("\n"));
+            }
+        }
+        else {
+            authStore.setStep("email");
+            authStore.updateResetPassword({
+                step: "completed",
+                token: null,
+                newPassword: "",
+                passwordConfirmation: "",
+            });
+            clearUrlParam("reset_password_token");
+            Flash.success.addMessage("Password reset successfully");
+        }
+        authStore.setLoading(false);
+    }
+    async handleResetPasswordRedirect() {
+        const url = new URL(window.location.href);
+        const params = url.searchParams;
+        const resetToken = params.get("reset_password_token");
+        if (!resetToken) {
+            return;
+        }
+        if (state.sid) {
+            authStore.setLoading(true);
+            const [error] = await this.client.auth.validateResetPasswordToken({
+                signInId: state.sid,
+                token: resetToken,
+            });
+            if (error) {
+                authStore.setFieldError("resetPassword", error);
+                authStore.setStep("reset-password");
+                authStore.setLoading(false);
+                return;
+            }
+        }
+        authStore.setResetToken(resetToken);
+        authStore.setStep("reset-password");
+        authStore.setLoading(false);
+    }
+    handleSocialAuthRedirect() {
+        const url = new URL(window.location.href);
+        const params = url.searchParams;
+        const error = params.get("error");
+        // Not a social auth redirect (normal page load)
+        if (!error && !params.has("sid")) {
+            return;
+        }
+        // Handle successful social auth redirect
+        if (!error && params.has("sid") && params.has("id_token")) {
+            authStore.setSignInId(clearUrlParam("sid"));
+            const idToken = clearUrlParam("id_token");
+            if (idToken) {
+                authStore.setToken(idToken);
+                this.handleAuthSuccess({ jwt: idToken });
+            }
+            else {
+                this.logger.error("No ID token found in the URL on social auth redirect");
+            }
+            return;
+        }
+        // Handle missing required fields
+        if (error !== "missing_required_fields") {
+            this.logger.error("Social auth redirect error:", error);
+            return;
+        }
+        const fieldsFromUrl = clearUrlParam("fields");
+        const sid = clearUrlParam("sid");
+        clearUrlParam("error");
+        if (!fieldsFromUrl || !sid) {
+            return;
+        }
+        try {
+            const fields = JSON.parse(fieldsFromUrl);
+            authStore.setSignInId(sid);
+            this.handleMissingFields(fields);
+        }
+        catch (e) {
+            this.logger.error("Failed to parse missing fields payload:", e);
+            authStore.setGlobalError("auth", "invalid_required_fields_payload");
+        }
+    }
+    handleAuthError(error, response, fallbackField) {
+        switch (error) {
+            case "account_not_found":
+                authStore.setFieldError("email", error);
+                break;
+            case "missing_required_fields": {
+                const { fields, sid } = response;
+                this.handleMissingFields(fields);
+                if (sid) {
+                    authStore.setSignInId(sid);
+                }
+                break;
+            }
+            default:
+                if (fallbackField === "password") {
+                    authStore.setFieldError("password", error);
+                }
+                else if (fallbackField === "magicCode") {
+                    authStore.setFieldError("magicCode", error);
+                }
+                else if (fallbackField === "email") {
+                    authStore.setFieldError("email", error);
+                }
+                else {
+                    // e.g. "account_locked", "internal_server_error"
+                    authStore.setGlobalError("auth", error);
+                }
+                break;
+        }
+        authStore.setLoading(false);
+    }
+    handleMissingFields(fields) {
+        authStore.setMissingFields(fields);
+        state$1.data = fields;
+        authStore.setStep("missing-fields");
+        authStore.setLoading(false);
+    }
+    handleAuthSuccess(response) {
+        authStore.setToken(response.jwt);
+        authStore.setLoading(false);
+        authStore.getRootComponentRef()?.onAuth(response);
+    }
+}
+
+const DEFAULT_TOKEN_EXPIRATION_BUFFER_SECONDS = 10;
+class Auth {
+    static instance;
+    helpers;
+    constructor(client) {
+        this.helpers = new AuthHelpers(client);
+    }
+    static Errors = {
+        email: {
+            NOT_FOUND: "account_not_found",
+        },
+        magicCode: {
+            RECENTLY_CREATED: "magic_code_recently_created",
+            NOT_VALID: "magic_code_not_valid",
+            EXPIRED: "magic_code_expired",
+            USED: "magic_code_used",
+        },
+        password: {
+            INVALID: "invalid_password",
+            NOT_SET: "password_not_set",
+            RESET_PASSWORD_ALREADY_SENT: "reset_password_already_sent",
+        },
+        general: {
+            ACCOUNT_LOCKED: "account_locked",
+            SIGN_IN_EXPIRED: "sign_in_expired",
+        },
+    };
+    static async getInstance() {
+        if (!Auth.isInitialized()) {
+            await waitForConfig();
+            return Auth.initialize(getUnidyClient());
+        }
+        return Auth.instance;
+    }
+    static async initialize(client) {
+        if (Auth.instance) {
+            return Auth.instance;
+        }
+        Auth.instance = new Auth(client);
+        Auth.instance.helpers.handleSocialAuthRedirect();
+        Auth.instance.helpers.extractSidFromUrl();
+        await Auth.instance.helpers.handleResetPasswordRedirect();
+        if (Auth.instance.isTokenValid(state.token)) {
+            authStore.setAuthenticated(true);
+        }
+        return Auth.instance;
+    }
+    static isInitialized() {
+        return !!Auth.instance;
+    }
+    /**
+     * Checks whether a JWT token is valid and not expired.
+     *
+     * @param token - The JWT token to validate. Can be a raw JWT string, a decoded TokenPayload, or null.
+     * @param expirationBuffer - Number of seconds before actual expiration to consider the token invalid, used to prevent race conditions with preemptive token refresh. Defaults to 10 seconds.
+     * @returns `true` if the token is valid and won't expire within the buffer period, `false` otherwise.
+     * @throws Error if expirationBuffer is not positive number
+     */
+    isTokenValid(token, expirationBuffer = DEFAULT_TOKEN_EXPIRATION_BUFFER_SECONDS) {
+        if (!Number.isFinite(expirationBuffer) || expirationBuffer <= 0) {
+            throw new Error("expirationBuffer must be a positive finite number");
+        }
+        try {
+            let decoded;
+            if (typeof token === "string") {
+                decoded = jwtDecode(token);
+            }
+            else {
+                decoded = token;
+            }
+            if (!decoded)
+                return false;
+            if (typeof decoded.exp !== "number" || !Number.isFinite(decoded.exp)) {
+                return false;
+            }
+            const currentTime = Date.now() / 1000;
+            return decoded.exp > currentTime + expirationBuffer;
+        }
+        catch (error) {
+            captureException(error);
+            return false;
+        }
+    }
+    async isAuthenticated() {
+        const token = await this.getToken();
+        return typeof token === "string";
+    }
+    async getToken() {
+        const currentToken = state.token;
+        if (currentToken && this.isTokenValid(currentToken)) {
+            return currentToken;
+        }
+        await this.helpers.refreshToken();
+        if (state.globalErrors.auth || !state.token) {
+            return this.createAuthError(t("errors.refresh_failed"), "REFRESH_FAILED", true);
+        }
+        return state.token;
+    }
+    async userData() {
+        const token = await this.getToken();
+        if (typeof token !== "string") {
+            return null;
+        }
+        if (!token) {
+            return null;
+        }
+        try {
+            return jwtDecode(token);
+        }
+        catch (error) {
+            captureException(error);
+            return null;
+        }
+    }
+    async logout() {
+        const [error, _] = await this.helpers.logout();
+        if (error) {
+            return this.createAuthError(t("errors.sign_out_failed", { reason: error }), "SIGN_OUT_FAILED", false);
+        }
+        authStore.reset();
+        return true;
+    }
+    getEmail() {
+        return state.email;
+    }
+    createAuthError(message, code, requiresReauth = false) {
+        const error = new Error(message);
+        error.code = code;
+        error.requiresReauth = requiresReauth;
+        return error;
+    }
+}
+
+// Salutation enum
+const SalutationEnum = _enum(["mr", "mrs", "mx"]);
+// Newsletter subscription from API
+const NewsletterSubscriptionSchema = object({
+    id: number(),
+    email: string(),
+    newsletter_internal_name: string(),
+    preference_identifiers: array(string()),
+    preference_token: string(),
+    confirmed_at: string().nullable(),
+});
+// Newsletter subscription error extends base error with typed meta
+const NewsletterSubscriptionErrorSchema = BaseErrorSchema.extend({
+    error_details: record(string(), array(string())).optional(),
+    meta: object({
+        newsletter_internal_name: string(),
+    }),
+});
+// Create subscriptions response
+const CreateSubscriptionsResponseSchema = object({
+    results: array(NewsletterSubscriptionSchema),
+    errors: array(NewsletterSubscriptionErrorSchema),
+});
+// Additional fields for subscription creation - using .partial() for all optional fields
+const AdditionalFieldsSchema = object({
+    first_name: string().nullable(),
+    last_name: string().nullable(),
+    salutation: SalutationEnum.nullable(),
+    phone_number: string().nullable(),
+    date_of_birth: string().nullable(),
+    company_name: string().nullable(),
+    address_line_1: string().nullable(),
+    address_line_2: string().nullable(),
+    city: string().nullable(),
+    postal_code: string().nullable(),
+    country_code: string().nullable(),
+    preferred_language: string().nullable(),
+    custom_attributes: record(string(), unknown()).nullable(),
+})
+    .partial();
+// Create subscriptions payload
+const CreateSubscriptionsPayloadSchema = object({
+    email: string(),
+    additional_fields: optional(AdditionalFieldsSchema),
+    newsletter_subscriptions: array(object({
+        newsletter_internal_name: string(),
+        preference_identifiers: optional(array(string())),
+    })),
+    redirect_to_after_confirmation: optional(string()),
+});
+// Update subscription payload
+const UpdateSubscriptionPayloadSchema = object({
+    preference_identifiers: array(string()),
+});
+// Login email payload
+const LoginEmailPayloadSchema = object({
+    email: string(),
+    redirect_uri: string(),
+});
+// Resend DOI payload
+const ResendDoiPayloadSchema = object({
+    redirect_to_after_confirmation: string(),
+})
+    .partial();
+// Preference schema
+const PreferenceSchema = object({
+    id: number(),
+    name: string(),
+    description: string().nullable(),
+    plugin_identifier: string().nullable(),
+    position: number(),
+    default: boolean(),
+    hidden: boolean(),
+});
+// Preference group schema
+const PreferenceGroupSchema = object({
+    id: number(),
+    name: string(),
+    position: number(),
+    flat: boolean(),
+    preferences: array(PreferenceSchema),
+});
+// Newsletter schema
+const NewsletterSchema = object({
+    id: number(),
+    internal_name: string(),
+    default: boolean(),
+    position: number(),
+    opt_in_type: string(),
+    title: string(),
+    description: string().nullable(),
+    created_at: string(),
+    updated_at: string(),
+    preference_groups: array(PreferenceGroupSchema),
+});
+// Newsletters list response
+const NewslettersResponseSchema = object({
+    newsletters: array(NewsletterSchema),
+});
+// Delete subscription response
+const DeleteSubscriptionResponseSchema = object({
+    new_preference_token: string(),
+})
+    .nullable();
+// Generic newsletter error response (extends base error)
+const NewsletterErrorResponseSchema = BaseErrorSchema;
+
+class NewsletterService extends BaseService {
+    constructor(client, deps) {
+        super(client, "NewsletterService", deps);
+    }
+    async buildNewsletterAuthHeaders(options) {
+        const idToken = await this.getIdToken();
+        return this.buildAuthHeaders({
+            "X-ID-Token": idToken ?? undefined,
+            "X-Preference-Token": options?.preferenceToken,
+        });
+    }
+    /**
+     * Create newsletter subscriptions for a user
+     */
+    async create(args) {
+        const { payload, options } = args;
+        const validatedPayload = CreateSubscriptionsPayloadSchema.safeParse(payload);
+        if (!validatedPayload.success) {
+            this.logger.error("Invalid payload for create", validatedPayload.error);
+            return ["schema_validation_error", { error_identifier: "schema_validation_error", errors: [String(validatedPayload.error)] }];
+        }
+        const headers = await this.buildNewsletterAuthHeaders(options);
+        const response = await this.client.post("/api/sdk/v1/newsletters/newsletter_subscription", payload, headers);
+        return this.handleResponse(response, () => {
+            // Both success and 422 return CreateSubscriptionsResponse
+            if (response.success || response.status === 422) {
+                const data = CreateSubscriptionsResponseSchema.parse(response.data);
+                if (data.errors.length > 0) {
+                    return ["newsletter_error", data];
+                }
+                return [null, data];
+            }
+            const parsed = NewsletterErrorResponseSchema.safeParse(response.data);
+            const error = parsed.success ? parsed.data : { error_identifier: "unknown_error" };
+            switch (response.status) {
+                case 401:
+                    return ["unauthorized", error];
+                case 429:
+                    this.logger.warn("Rate limit exceeded");
+                    return ["rate_limit_exceeded", error];
+                case 500:
+                    this.errorReporter.captureException(response);
+                    return ["server_error", error];
+                default:
+                    return ["server_error", error];
+            }
+        });
+    }
+    /**
+     * List all subscriptions for the authenticated user
+     */
+    async list(args) {
+        const headers = await this.buildNewsletterAuthHeaders(args?.options);
+        const response = await this.client.get("/api/sdk/v1/newsletters/newsletter_subscription", headers);
+        return this.handleResponse(response, () => {
+            if (!response.success) {
+                const parsed = NewsletterErrorResponseSchema.safeParse(response.data);
+                const error = parsed.success ? parsed.data : { error_identifier: "unknown_error" };
+                if (response.status === 401) {
+                    return ["unauthorized", error];
+                }
+                return ["server_error", error];
+            }
+            const data = array(NewsletterSubscriptionSchema).parse(response.data);
+            return [null, data];
+        });
+    }
+    /**
+     * Get a specific subscription by newsletter internal name
+     */
+    async get(args) {
+        const { internalName, options } = args;
+        const headers = await this.buildNewsletterAuthHeaders(options);
+        const response = await this.client.get(`/api/sdk/v1/newsletters/${internalName}/newsletter_subscription`, headers);
+        return this.handleResponse(response, () => {
+            if (!response.success) {
+                const parsed = NewsletterErrorResponseSchema.safeParse(response.data);
+                const error = parsed.success ? parsed.data : { error_identifier: "unknown_error" };
+                if (response.status === 401) {
+                    return ["unauthorized", error];
+                }
+                if (response.status === 404) {
+                    return ["not_found", error];
+                }
+                return ["server_error", error];
+            }
+            const data = NewsletterSubscriptionSchema.parse(response.data);
+            return [null, data];
+        });
+    }
+    /**
+     * Update a subscription's preferences
+     */
+    async update(args) {
+        const { internalName, payload, options } = args;
+        const validatedPayload = UpdateSubscriptionPayloadSchema.safeParse(payload);
+        if (!validatedPayload.success) {
+            this.logger.error("Invalid payload for update", validatedPayload.error);
+            return ["schema_validation_error", { error_identifier: "schema_validation_error", errors: [String(validatedPayload.error)] }];
+        }
+        const headers = await this.buildNewsletterAuthHeaders(options);
+        const response = await this.client.patch(`/api/sdk/v1/newsletters/${internalName}/newsletter_subscription`, payload, headers);
+        return this.handleResponse(response, () => {
+            if (!response.success) {
+                const parsed = NewsletterErrorResponseSchema.safeParse(response.data);
+                const error = parsed.success ? parsed.data : { error_identifier: "unknown_error" };
+                if (response.status === 401) {
+                    return ["unauthorized", error];
+                }
+                if (response.status === 404) {
+                    return ["not_found", error];
+                }
+                return ["server_error", error];
+            }
+            const data = NewsletterSubscriptionSchema.parse(response.data);
+            return [null, data];
+        });
+    }
+    /**
+     * Delete a subscription
+     */
+    async delete(args) {
+        const { internalName, options } = args;
+        const headers = await this.buildNewsletterAuthHeaders(options);
+        const response = await this.client.delete(`/api/sdk/v1/newsletters/${internalName}/newsletter_subscription`, headers);
+        return this.handleResponse(response, () => {
+            if (!response.success) {
+                const parsed = NewsletterErrorResponseSchema.safeParse(response.data);
+                const error = parsed.success ? parsed.data : { error_identifier: "unknown_error" };
+                if (response.status === 401) {
+                    return ["unauthorized", error];
+                }
+                if (response.status === 404) {
+                    return ["not_found", error];
+                }
+                if (response.status === 422) {
+                    return ["unprocessable_entity", error];
+                }
+                return ["server_error", error];
+            }
+            if (response.status === 204) {
+                return [null, null];
+            }
+            const data = DeleteSubscriptionResponseSchema.parse(response.data);
+            return [null, data];
+        });
+    }
+    /**
+     * Resend double opt-in confirmation email
+     */
+    async resendDoi(args) {
+        const { internalName, payload, options } = args;
+        const validatedPayload = ResendDoiPayloadSchema.safeParse(payload);
+        if (!validatedPayload.success) {
+            this.logger.error("Invalid payload for resendDoi", validatedPayload.error);
+            return ["schema_validation_error", { error_identifier: "schema_validation_error", errors: [String(validatedPayload.error)] }];
+        }
+        const headers = await this.buildNewsletterAuthHeaders(options);
+        const response = await this.client.post(`/api/sdk/v1/newsletters/${internalName}/newsletter_subscription/resend_doi`, payload, headers);
+        return this.handleResponse(response, () => {
+            if (!response.success) {
+                const parsed = NewsletterErrorResponseSchema.safeParse(response.data);
+                const error = parsed.success ? parsed.data : { error_identifier: "unknown_error" };
+                if (response.status === 401) {
+                    return ["unauthorized", error];
+                }
+                if (response.status === 404) {
+                    return ["not_found", error];
+                }
+                if (error.error_identifier === "already_confirmed") {
+                    return ["already_confirmed", error];
+                }
+                return ["server_error", error];
+            }
+            return [null, null];
+        });
+    }
+    /**
+     * Send a login email for newsletter management
+     */
+    async sendLoginEmail(args) {
+        const { payload } = args;
+        const validatedPayload = LoginEmailPayloadSchema.safeParse(payload);
+        if (!validatedPayload.success) {
+            this.logger.error("Invalid payload for sendLoginEmail", validatedPayload.error);
+            return ["schema_validation_error", { error_identifier: "schema_validation_error", errors: [String(validatedPayload.error)] }];
+        }
+        const response = await this.client.post("/api/sdk/v1/newsletters/newsletter_subscription/login_email", payload);
+        return this.handleResponse(response, () => {
+            if (!response.success) {
+                const parsed = NewsletterErrorResponseSchema.safeParse(response.data);
+                const error = parsed.success ? parsed.data : { error_identifier: "unknown_error" };
+                if (response.status === 429) {
+                    return ["rate_limit_exceeded", error];
+                }
+                if (response.status === 404) {
+                    return ["not_found", error];
+                }
+                return ["server_error", error];
+            }
+            return [null, null];
+        });
+    }
+    /**
+     * List all available newsletters
+     */
+    async listAll() {
+        const response = await this.client.get("/api/sdk/v1/newsletters");
+        return this.handleResponse(response, () => {
+            if (!response.success) {
+                return ["server_error", null];
+            }
+            const data = NewslettersResponseSchema.parse(response.data);
+            return [null, data];
+        });
+    }
+    /**
+     * Get a newsletter by its internal name
+     */
+    async getByName(args) {
+        const { internalName } = args;
+        const response = await this.client.get(`/api/sdk/v1/newsletters/${internalName}`);
+        return this.handleResponse(response, () => {
+            if (!response.success) {
+                const parsed = NewsletterErrorResponseSchema.safeParse(response.data);
+                const error = parsed.success ? parsed.data : { error_identifier: "unknown_error" };
+                if (response.status === 404) {
+                    return ["not_found", error];
+                }
+                return ["server_error", error];
+            }
+            const data = NewsletterSchema.parse(response.data);
+            return [null, data];
+        });
+    }
+}
+
+// Export format and link response schemas
+const ExportFormat = _enum(["pdf", "pkpass"]);
+const ExportLinkResponseSchema = object({
+    url: string().url(),
+    expires_in: number(),
+});
+// Input validation schemas for ticketable list parameters
+const TicketableListParamsSchema = object({
+    page: number().int().positive().optional(),
+    perPage: number().int().positive().max(250).optional(),
+    state: string().nullish(),
+    paymentState: string().nullish(),
+    orderBy: _enum(["starts_at", "ends_at", "reference", "created_at"]).optional(),
+    orderDirection: _enum(["asc", "desc"]).optional(),
+    serviceId: number().int().positive().optional(),
+});
+// Date transformer for ISO8601 strings
+const dateTransformer = date();
+const nullableDateTransformer = date().nullable();
+// Ticket schema based on TicketSerializer
+const TicketSchema = object({
+    id: uuid(), // unidy_id
+    title: string(),
+    text: string().nullable(),
+    reference: string(),
+    metadata: record(string(), unknown()).nullable(),
+    wallet_export: record(string(), unknown()).nullable(),
+    exportable_to_wallet: boolean(),
+    state: string(),
+    payment_state: string().nullable(),
+    button_cta_url: string().nullable(),
+    info_banner: string().nullable(),
+    seating: string().nullable(),
+    venue: string().nullable(),
+    currency: string().nullable(),
+    starts_at: dateTransformer, // ISO8601(3) -> Date
+    ends_at: nullableDateTransformer, // ISO8601(3) -> Date | null
+    created_at: dateTransformer, // ISO8601(3) -> Date
+    updated_at: dateTransformer, // ISO8601(3) -> Date
+    price: number(), // decimal(8, 2) -> float
+    user_id: uuid(),
+    ticket_category_id: uuid(),
+});
+// Tickets list response schema
+const TicketsListResponseSchema = object({
+    meta: PaginationMetaSchema,
+    results: array(TicketSchema),
+});
+// Subscription schema based on SubscriptionSerializer
+const SubscriptionSchema = object({
+    id: uuid(), // unidy_id
+    title: string(),
+    text: string(),
+    payment_frequency: string().nullable(),
+    metadata: record(string(), unknown()).nullable(),
+    wallet_export: record(string(), unknown()).nullable(),
+    exportable_to_wallet: boolean(),
+    state: string(),
+    reference: string(),
+    payment_state: string().nullable(),
+    currency: string().nullable(),
+    button_cta_url: string().nullable(),
+    created_at: dateTransformer, // ISO8601(3) -> Date
+    updated_at: dateTransformer, // ISO8601(3) -> Date
+    starts_at: nullableDateTransformer, // ISO8601(3) -> Date | null
+    ends_at: nullableDateTransformer, // ISO8601(3) -> Date | null
+    next_payment_at: nullableDateTransformer, // ISO8601(3) -> Date | null
+    price: number(), // decimal(8, 2) -> float
+    user_id: uuid(),
+    subscription_category_id: uuid(),
+});
+// Subscriptions list response schema
+const SubscriptionsListResponseSchema = object({
+    meta: PaginationMetaSchema,
+    results: array(SubscriptionSchema),
+});
+
+/**
+ * Base service for ticketable resources (tickets and subscriptions).
+ * Handles common query parameter building and response parsing.
+ */
+class TicketableService extends BaseService {
+    /**
+     * Builds query params from args, mapping camelCase to snake_case.
+     * Returns undefined values filtered out.
+     */
+    buildListParams(args = {}, categoryIdKey, categoryIdValue) {
+        return {
+            page: args.page,
+            limit: args.perPage,
+            state: args.state,
+            payment_state: args.paymentState,
+            order_by: args.orderBy,
+            order_direction: args.orderDirection,
+            service_id: args.serviceId,
+            [categoryIdKey]: categoryIdValue,
+        };
+    }
+    /**
+     * Converts params to query string, filtering undefined/null and converting to strings.
+     */
+    toQueryString(params) {
+        const filtered = Object.entries(params)
+            .filter(([_, v]) => v !== undefined && v !== null)
+            .map(([k, v]) => [k, String(v)]);
+        if (filtered.length === 0)
+            return "";
+        return `?${new URLSearchParams(Object.fromEntries(filtered)).toString()}`;
+    }
+    /**
+     * Validates list arguments before making API request.
+     * Uses Zod for input validation.
+     */
+    validateListArgs(args) {
+        const result = TicketableListParamsSchema.safeParse(args);
+        if (!result.success) {
+            this.logger.error("Invalid list parameters", result.error);
+            return false;
         }
-        authStore.setLoading(false);
+        return true;
     }
-    async resetPassword() {
-        if (!state.resetPassword.token) {
-            throw new Error("No reset token available");
-        }
-        if (!state.resetPassword.newPassword) {
-            authStore.setFieldError("resetPassword", "password_required");
-            return;
+    /**
+     * Generic list handler with schema validation.
+     */
+    async handleList(endpoint, queryString, schema, resourceName, args = {}) {
+        // Validate input parameters
+        if (!this.validateListArgs(args)) {
+            return ["invalid_response", null]; // Invalid input treated same as invalid response
         }
-        if (state.resetPassword.passwordConfirmation &&
-            state.resetPassword.newPassword !== state.resetPassword.passwordConfirmation) {
-            authStore.setFieldError("resetPassword", "passwords_do_not_match");
-            return;
+        const idToken = await this.getIdToken();
+        if (!idToken) {
+            return ["missing_id_token", null];
         }
-        authStore.setLoading(true);
-        authStore.clearErrors();
-        const [error, response] = await this.client.auth.resetPassword({
-            signInId: state.sid,
-            token: state.resetPassword.token,
-            payload: {
-                password: state.resetPassword.newPassword,
-                passwordConfirmation: state.resetPassword.passwordConfirmation,
-            },
-        });
-        if (error) {
-            authStore.setFieldError("resetPassword", error);
-            // TODO: add proper password requirements handling --> for now this is fine
-            if (error === "invalid_password") {
-                authStore.setFieldError("password", response.error_details?.password.map((p) => t(`errors.password_requirements.${p}`)).join("\n"));
+        const response = await this.client.get(`${endpoint}${queryString}`, this.buildAuthHeaders({ "X-ID-Token": idToken }));
+        return this.handleResponse(response, () => {
+            if (!response.success) {
+                this.logger.error(`Failed to fetch ${resourceName}`, response);
+                return ["server_error", null];
             }
-        }
-        else {
-            authStore.setStep("email");
-            authStore.updateResetPassword({
-                step: "completed",
-                token: null,
-                newPassword: "",
-                passwordConfirmation: "",
-            });
-            clearUrlParam("reset_password_token");
-            Flash.success.addMessage("Password reset successfully");
-        }
-        authStore.setLoading(false);
-    }
-    async handleResetPasswordRedirect() {
-        const url = new URL(window.location.href);
-        const params = url.searchParams;
-        const resetToken = params.get("reset_password_token");
-        if (!resetToken) {
-            return;
-        }
-        if (state.sid) {
-            authStore.setLoading(true);
-            const [error] = await this.client.auth.validateResetPasswordToken({
-                signInId: state.sid,
-                token: resetToken,
-            });
-            if (error) {
-                authStore.setFieldError("resetPassword", error);
-                authStore.setStep("reset-password");
-                authStore.setLoading(false);
-                return;
+            const parsed = schema.safeParse(response.data);
+            if (!parsed.success) {
+                this.logger.error("Invalid response format", parsed.error);
+                this.errorReporter.captureException(parsed.error, { resourceName, endpoint });
+                return ["invalid_response", null];
             }
-        }
-        authStore.setResetToken(resetToken);
-        authStore.setStep("reset-password");
-        authStore.setLoading(false);
+            return [null, parsed.data];
+        });
     }
-    handleSocialAuthRedirect() {
-        const url = new URL(window.location.href);
-        const params = url.searchParams;
-        const error = params.get("error");
-        // Not a social auth redirect (normal page load)
-        if (!error && !params.has("sid")) {
-            return;
+    /**
+     * Generic get handler with schema validation.
+     */
+    async handleGet(endpoint, schema, resourceName) {
+        const idToken = await this.getIdToken();
+        if (!idToken) {
+            return ["missing_id_token", null];
         }
-        // Handle successful social auth redirect
-        if (!error && params.has("sid") && params.has("id_token")) {
-            authStore.setSignInId(clearUrlParam("sid"));
-            const idToken = clearUrlParam("id_token");
-            if (idToken) {
-                authStore.setToken(idToken);
-                this.handleAuthSuccess({ jwt: idToken });
+        const response = await this.client.get(endpoint, this.buildAuthHeaders({ "X-ID-Token": idToken }));
+        return this.handleResponse(response, () => {
+            if (!response.success) {
+                if (response.status === 404) {
+                    return ["not_found", null];
+                }
+                this.logger.error(`Failed to fetch ${resourceName}`, response);
+                return ["server_error", null];
             }
-            else {
-                this.logger.error("No ID token found in the URL on social auth redirect");
+            const parsed = schema.safeParse(response.data);
+            if (!parsed.success) {
+                this.logger.error("Invalid response format", parsed.error);
+                this.errorReporter.captureException(parsed.error, { resourceName, endpoint });
+                return ["invalid_response", null];
             }
-            return;
-        }
-        // Handle missing required fields
-        if (error !== "missing_required_fields") {
-            this.logger.error("Social auth redirect error:", error);
-            return;
-        }
-        const fieldsFromUrl = clearUrlParam("fields");
-        const sid = clearUrlParam("sid");
-        clearUrlParam("error");
-        if (!fieldsFromUrl || !sid) {
-            return;
-        }
-        try {
-            const fields = JSON.parse(fieldsFromUrl);
-            authStore.setSignInId(sid);
-            this.handleMissingFields(fields);
-        }
-        catch (e) {
-            this.logger.error("Failed to parse missing fields payload:", e);
-            authStore.setGlobalError("auth", "invalid_required_fields_payload");
-        }
+            return [null, parsed.data];
+        });
     }
-    handleAuthError(error, response, fallbackField) {
-        switch (error) {
-            case "account_not_found":
-                authStore.setFieldError("email", error);
-                break;
-            case "missing_required_fields": {
-                const { fields, sid } = response;
-                this.handleMissingFields(fields);
-                if (sid) {
-                    authStore.setSignInId(sid);
+}
+
+class SubscriptionsService extends TicketableService {
+    constructor(client, deps) {
+        super(client, "SubscriptionsService", deps);
+    }
+    async list(args = {}) {
+        const params = this.buildListParams(args, "subscription_category_id", args.subscriptionCategoryId);
+        const queryString = this.toQueryString(params);
+        return this.handleList("/api/sdk/v1/subscriptions", queryString, SubscriptionsListResponseSchema, "subscriptions", args);
+    }
+    async get(args) {
+        return this.handleGet(`/api/sdk/v1/subscriptions/${args.id}`, SubscriptionSchema, "subscription");
+    }
+    async getExportLink(args) {
+        const idToken = await this.getIdToken();
+        if (!idToken) {
+            return ["missing_id_token", null];
+        }
+        const response = await this.client.post(`/api/sdk/v1/subscriptions/${args.id}/export_link`, { format: args.format }, this.buildAuthHeaders({ "X-ID-Token": idToken }));
+        return this.handleResponse(response, () => {
+            if (!response.success) {
+                if (response.status === 401 || response.status === 403) {
+                    return ["unauthorized", null];
                 }
-                break;
+                return ["server_error", null];
             }
-            default:
-                if (fallbackField === "password") {
-                    authStore.setFieldError("password", error);
-                }
-                else if (fallbackField === "magicCode") {
-                    authStore.setFieldError("magicCode", error);
-                }
-                else if (fallbackField === "email") {
-                    authStore.setFieldError("email", error);
-                }
-                else {
-                    // e.g. "account_locked", "internal_server_error"
-                    authStore.setGlobalError("auth", error);
-                }
-                break;
-        }
-        authStore.setLoading(false);
+            const parsed = ExportLinkResponseSchema.safeParse(response.data);
+            if (!parsed.success) {
+                this.logger.error("Invalid export link response", parsed.error);
+                return ["invalid_response", null];
+            }
+            return [null, parsed.data];
+        });
     }
-    handleMissingFields(fields) {
-        authStore.setMissingFields(fields);
-        state$1.data = fields;
-        authStore.setStep("missing-fields");
-        authStore.setLoading(false);
+}
+
+class TicketsService extends TicketableService {
+    constructor(client, deps) {
+        super(client, "TicketsService", deps);
     }
-    handleAuthSuccess(response) {
-        authStore.setToken(response.jwt);
-        authStore.setLoading(false);
-        authStore.getRootComponentRef()?.onAuth(response);
+    async list(args = {}) {
+        const params = this.buildListParams(args, "ticket_category_id", args.ticketCategoryId);
+        const queryString = this.toQueryString(params);
+        return this.handleList("/api/sdk/v1/tickets", queryString, TicketsListResponseSchema, "tickets", args);
+    }
+    async get(args) {
+        return this.handleGet(`/api/sdk/v1/tickets/${args.id}`, TicketSchema, "ticket");
+    }
+    async getExportLink(args) {
+        const idToken = await this.getIdToken();
+        if (!idToken) {
+            return ["missing_id_token", null];
+        }
+        const response = await this.client.post(`/api/sdk/v1/tickets/${args.id}/export_link`, { format: args.format }, this.buildAuthHeaders({ "X-ID-Token": idToken }));
+        return this.handleResponse(response, () => {
+            if (!response.success) {
+                if (response.status === 401 || response.status === 403) {
+                    return ["unauthorized", null];
+                }
+                return ["server_error", null];
+            }
+            const parsed = ExportLinkResponseSchema.safeParse(response.data);
+            if (!parsed.success) {
+                this.logger.error("Invalid export link response", parsed.error);
+                return ["invalid_response", null];
+            }
+            return [null, parsed.data];
+        });
     }
 }
 
-const DEFAULT_TOKEN_EXPIRATION_BUFFER_SECONDS = 10;
-class Auth {
-    static instance;
-    helpers;
-    constructor(client) {
-        this.helpers = new AuthHelpers(client);
+/**
+ * Base API client with shared functionality for both browser and standalone environments.
+ */
+/**
+ * Abstract base class for API clients.
+ * Provides shared functionality for making HTTP requests.
+ */
+class BaseApiClient {
+    /**
+     * Error messages that indicate a connection failure rather than a server error.
+     * Grouped by source/environment.
+     */
+    static CONNECTION_ERROR_MESSAGES = [
+        // Browser fetch API errors
+        "Failed to fetch", // Generic browser fetch failure (Chrome)
+        "NetworkError", // Firefox network error
+        "Load failed", // Safari network error
+        "The network connection was lost", // Safari connection lost
+        // Chromium/V8 error codes (used by Node.js and Chrome)
+        "ERR_CONNECTION_REFUSED", // Server not accepting connections
+        "ERR_NETWORK", // General network error
+        "ERR_INTERNET_DISCONNECTED", // No internet connection
+        // Node.js system error codes
+        "ECONNREFUSED", // Connection refused by server
+        "ENOTFOUND", // DNS lookup failed
+        "EAI_AGAIN", // Temporary DNS failure
+    ];
+    onConnectionChange;
+    baseUrl;
+    api_key;
+    constructor(config) {
+        this.baseUrl = config.baseUrl;
+        this.api_key = config.apiKey;
+        this.onConnectionChange = config.onConnectionChange;
     }
-    static Errors = {
-        email: {
-            NOT_FOUND: "account_not_found",
-        },
-        magicCode: {
-            RECENTLY_CREATED: "magic_code_recently_created",
-            NOT_VALID: "magic_code_not_valid",
-            EXPIRED: "magic_code_expired",
-            USED: "magic_code_used",
-        },
-        password: {
-            INVALID: "invalid_password",
-            NOT_SET: "password_not_set",
-            RESET_PASSWORD_ALREADY_SENT: "reset_password_already_sent",
-        },
-        general: {
-            ACCOUNT_LOCKED: "account_locked",
-            SIGN_IN_EXPIRED: "sign_in_expired",
-        },
-    };
-    static async getInstance() {
-        if (!Auth.isInitialized()) {
-            await waitForConfig();
-            return Auth.initialize(getUnidyClient());
+    isConnectionError(error) {
+        if (error instanceof Error) {
+            return BaseApiClient.CONNECTION_ERROR_MESSAGES.some((msg) => error.message.includes(msg));
         }
-        return Auth.instance;
+        return false;
     }
-    static async initialize(client) {
-        if (Auth.instance) {
-            return Auth.instance;
-        }
-        Auth.instance = new Auth(client);
-        Auth.instance.helpers.handleSocialAuthRedirect();
-        await Auth.instance.helpers.handleResetPasswordRedirect();
-        if (Auth.instance.isTokenValid(state.token)) {
-            authStore.setAuthenticated(true);
-        }
-        return Auth.instance;
+    setConnectionStatus(isConnected) {
+        this.onConnectionChange?.(isConnected);
     }
-    static isInitialized() {
-        return !!Auth.instance;
+    baseHeaders() {
+        const h = new Headers();
+        h.set("Content-Type", "application/json");
+        h.set("Accept", "application/json");
+        h.set("Authorization", `Bearer ${this.api_key}`);
+        return h;
+    }
+    mergeHeaders(base, extra) {
+        const out = new Headers(base);
+        if (extra) {
+            new Headers(extra).forEach((v, k) => {
+                out.set(k, v);
+            });
+        }
+        return out;
     }
     /**
-     * Checks whether a JWT token is valid and not expired.
-     *
-     * @param token - The JWT token to validate. Can be a raw JWT string, a decoded TokenPayload, or null.
-     * @param expirationBuffer - Number of seconds before actual expiration to consider the token invalid, used to prevent race conditions with preemptive token refresh. Defaults to 10 seconds.
-     * @returns `true` if the token is valid and won't expire within the buffer period, `false` otherwise.
-     * @throws Error if expirationBuffer is not positive number
+     * Builds a query string from params, filtering out undefined/null values.
      */
-    isTokenValid(token, expirationBuffer = DEFAULT_TOKEN_EXPIRATION_BUFFER_SECONDS) {
-        if (!Number.isFinite(expirationBuffer) || expirationBuffer <= 0) {
-            throw new Error("expirationBuffer must be a positive finite number");
-        }
+    buildQueryString(params) {
+        if (!params)
+            return "";
+        const filtered = Object.entries(params)
+            .filter(([_, v]) => v !== undefined && v !== null)
+            .map(([k, v]) => [k, String(v)]);
+        if (filtered.length === 0)
+            return "";
+        return `?${new URLSearchParams(Object.fromEntries(filtered)).toString()}`;
+    }
+    async request(method, endpoint, body, headers) {
+        let res = null;
         try {
-            let decoded;
-            if (typeof token === "string") {
-                decoded = jwtDecode(token);
-            }
-            else {
-                decoded = token;
+            res = await fetch(`${this.baseUrl}${endpoint}`, {
+                method,
+                ...this.getRequestOptions(),
+                headers: this.mergeHeaders(this.baseHeaders(), headers),
+                body: body ? JSON.stringify(body) : undefined,
+            });
+            let data;
+            try {
+                data = await res.json();
             }
-            if (!decoded)
-                return false;
-            if (typeof decoded.exp !== "number" || !Number.isFinite(decoded.exp)) {
-                return false;
+            catch {
+                data = undefined;
             }
-            const currentTime = Date.now() / 1000;
-            return decoded.exp > currentTime + expirationBuffer;
+            this.setConnectionStatus(true);
+            return {
+                data,
+                status: res.status,
+                headers: res.headers,
+                success: res.ok,
+                connectionError: false,
+            };
         }
         catch (error) {
-            captureException(error);
-            return false;
+            const connectionFailed = this.isConnectionError(error);
+            if (connectionFailed) {
+                this.setConnectionStatus(false);
+                this.handleConnectionError(error, endpoint, method);
+            }
+            return {
+                status: res?.status ?? (connectionFailed ? 0 : 500),
+                error: error instanceof Error ? error.message : String(error),
+                headers: res?.headers ?? new Headers(),
+                success: false,
+                data: undefined,
+                connectionError: connectionFailed,
+            };
         }
     }
-    async isAuthenticated() {
-        const token = await this.getToken();
-        return typeof token === "string";
+    async get(endpoint, headers, params) {
+        const queryString = this.buildQueryString(params);
+        return this.request("GET", `${endpoint}${queryString}`, undefined, headers);
     }
-    async getToken() {
-        const currentToken = state.token;
-        if (currentToken && this.isTokenValid(currentToken)) {
-            return currentToken;
-        }
-        await this.helpers.refreshToken();
-        if (state.globalErrors.auth || !state.token) {
-            return this.createAuthError(t("errors.refresh_failed"), "REFRESH_FAILED", true);
-        }
-        return state.token;
+    async post(endpoint, body, headers) {
+        return this.request("POST", endpoint, body, headers);
     }
-    async userData() {
-        const token = await this.getToken();
-        if (typeof token !== "string") {
-            return null;
-        }
-        if (!token) {
-            return null;
-        }
-        try {
-            return jwtDecode(token);
-        }
-        catch (error) {
-            captureException(error);
-            return null;
-        }
+    async patch(endpoint, body, headers) {
+        return this.request("PATCH", endpoint, body, headers);
     }
-    async logout() {
-        const [error, _] = await this.helpers.logout();
-        if (error) {
-            return this.createAuthError(t("errors.sign_out_failed", { reason: error }), "SIGN_OUT_FAILED", false);
-        }
-        authStore.reset();
-        return true;
+    async delete(endpoint, headers) {
+        return this.request("DELETE", endpoint, undefined, headers);
     }
-    getEmail() {
-        return state.email;
+}
+
+/**
+ * Browser-specific API client with CORS mode and Sentry error reporting.
+ */
+class ApiClient extends BaseApiClient {
+    constructor(baseUrl, apiKey, onConnectionChange) {
+        super({ baseUrl, apiKey, onConnectionChange });
     }
-    createAuthError(message, code, requiresReauth = false) {
-        const error = new Error(message);
-        error.code = code;
-        error.requiresReauth = requiresReauth;
-        return error;
+    setConnectionStatus(isConnected) {
+        super.setConnectionStatus(isConnected);
+        unidyState.backendConnected = isConnected;
+    }
+    getRequestOptions() {
+        return {
+            mode: "cors",
+            credentials: "include",
+        };
+    }
+    handleConnectionError(error, endpoint, method) {
+        captureException(error, {
+            tags: { error_type: "connection_error" },
+            extra: { endpoint, method },
+        });
     }
 }
 
@@ -6916,7 +6991,7 @@ function getUnidyClient() {
     return instance;
 }
 
-export { AuthService as A, BaseApiClient as B, NewsletterService as N, ProfileService as P, SubscriptionsService as S, TicketsService as T, UnidyClient as U, ApiClient as a, UserProfileSchema as b, BaseErrorSchema as c, SchemaValidationErrorSchema as d, PaginationMetaSchema as e, PaginationParamsSchema as f, getUnidyClient as g, BaseService as h, Auth as i };
-//# sourceMappingURL=index-BVlbCQEX.js.map
+export { AuthService as A, BaseApiClient as B, ExportFormat as E, NewsletterService as N, ProfileService as P, SubscriptionsService as S, TicketsService as T, UnidyClient as U, ApiClient as a, UserProfileSchema as b, BaseService as c, BaseErrorSchema as d, SchemaValidationErrorSchema as e, PaginationMetaSchema as f, getUnidyClient as g, PaginationParamsSchema as h, Auth as i, ExportLinkResponseSchema as j, TicketableListParamsSchema as k, TicketSchema as l, TicketsListResponseSchema as m, SubscriptionSchema as n, SubscriptionsListResponseSchema as o, clearUrlParam as p };
+//# sourceMappingURL=index-kgGjfc-n.js.map
 
-//# sourceMappingURL=index-BVlbCQEX.js.map
+//# sourceMappingURL=index-kgGjfc-n.js.map