accessio 1.5.0 → 1.7.0

package/README.md

@@ -2,298 +2,256 @@
 
 **Fast, flexible HTTP client — simple, modular, and dependency-free.**
 
-`Accessio` is a lightweight, modern HTTP client built on top of the native `fetch` API. It provides a familiar, Promise-based interface with advanced features like interceptors, automatic retries, rate limiting, and structured debug logging, all while maintaining **zero external dependencies**.
+Accessio is a lightweight, modern HTTP client built on top of the native fetch API. It provides a familiar, Promise-based interface with advanced features like interceptors, automatic retries, rate limiting, and structured debug logging, all while maintaining zero external dependencies.
 
 ---
 
-## ✨ Features
-
-- 🚀 **Promise-based** — works seamlessly with `async`/`await`
-- 🌐 **Isomorphic** — runs in both browser and Node.js (≥ 18)
-- 🪶 **Zero dependencies** — ultra-lightweight, built on native `fetch`
-- 🔄 **Interceptors** — transform requests and responses globally or per instance
-- ⚙️ **Configurable instances** — create multiple API clients with custom defaults
-- 🛡️ **Robust Error handling** — structured `AccessioError` with status, config, and response
-- 📦 **Dual format** — full support for both ESM and CommonJS
-- 📐 **TypeScript first** — written in TS with comprehensive type definitions
-- ⏱️ **Timeout & Cancellation** — built-in support via `AbortController` and `signal`
-- 🔧 **Transform pipelines** — flexible request/response data transformation
-- ♻️ **Automatic Retries** — smart retry logic with exponential backoff and jitter
-- 🚥 **Rate Limiter** — built-in concurrency control for high-throughput applications
-- 🐞 **Debug Mode** — structured, beautiful console logging for easy development
-- ⏱️ **Duration Tracking** — every response includes precise timing metadata
-- 🧬 **GraphQL Support** — built-in `gql` method for easy querying
-- 📡 **SSE Streaming** — async iterators for Server-Sent Events via `stream`
-- 📚 **Auto-Pagination** — seamlessly iterate through paginated APIs via `autoPaginate`
-- 🛡️ **Schema Validation** — validate responses automatically using Zod or custom schemas
-- 🗂️ **Caching & Deduplication** — prevent redundant requests and cache responses
-- 🪝 **Lifecycle Hooks** — simple hooks for request/response/error events
+## ⚡ Key Features
+
+- **Zero Runtime Dependencies**: Keep your bundle size minimal and avoid supply chain vulnerabilities.
+- **Axios-Compatible API**: Direct drop-in replacement with `.get()`, `.post()`, `.request()`, and custom instances via `.create()`.
+- **🛡️ Built-in Security & Auto-Redaction**: Prevents accidental leakage of secrets in error logs. Automatically redacts:
+  - `Authorization`, `Cookie`, and `Set-Cookie` headers.
+  - Sensitive request/response parameters (e.g., `api_key`, `token`, `password`, `secret`).
+  - Inline credentials inside URLs.
+- **⏳ Concurrency Rate Limiter**: Built-in queue-based rate limiter to throttle concurrent requests, complete with immediate queue ejection on `AbortSignal` cancellation.
+- **🔁 Jittered Exponential Backoff Retry**: Automatic retries for network failures or `5xx` status codes. Fully respects the HTTP 429 `Retry-After` header and supports customizable retry conditions and callbacks.
+- **🌊 SSE & Newline JSON Streaming**: Native asynchronous generator-based parsing for Server-Sent Events (SSE) and newline-delimited JSON streams.
+- **📂 Auto-Pagination**: Seamlessly yields paginated items from APIs using page links (e.g., `next` or `links.next`).
+- **🧪 Type-safe Schema Validation**: Validate API response payloads at runtime using Zod, ArkType, or any validation library with a `.parse()` or `.parseAsync()` method.
+- **📦 Request Deduplication**: Automatically coalesces concurrent duplicate GET requests to avoid redundant network traffic.
+- **💾 Memory Caching**: In-memory caching out-of-the-box with custom TTL, or easily swap in a custom storage provider (e.g., Redis, LocalStorage).
+- **🔗 Synchronous & Asynchronous Interceptors**: Hook into the request/response pipeline to dynamically inject headers, handle global errors, or log metrics.
+- **⚓ Lifecycle Hooks**: Granular callbacks (`onBeforeRequest`, `onRequestResponse`, `onRequestError`) for custom instrumentation.
+- **FormData Serialization**: Automatically converts flat or nested JS objects to `FormData` for multipart submissions.
 
 ---
 
 ## 📦 Installation
 
 ```bash
-# Using npm
 npm install accessio
-
-# Using yarn
-yarn add accessio
-
-# Using pnpm
-pnpm add accessio
 ```
 
 ---
 
 ## 🚀 Quick Start
 
+### Basic Requests
+
 ```typescript
 import accessio from 'accessio';
 
 // Simple GET request
-const { data } = await accessio.get('https://api.example.com/users');
+const response = await accessio.get('https://api.example.com/users/123');
+console.log(response.data); // Automatically parsed JSON response
 
-// POST request with JSON body
-const response = await accessio.post('https://api.example.com/users', {
-  name: 'John Doe',
+// POST request with body
+const postResponse = await accessio.post('https://api.example.com/users', {
+  name: 'Jane Doe',
   role: 'Developer',
 });
-
-console.log(`User created in ${response.duration}ms`);
 ```
 
----
-
-## 📖 API Reference
-
-### Request Methods
-
-| Method                                     | Description                              |
-| :----------------------------------------- | :--------------------------------------- |
-| `accessio(config)`                         | Generic request using config object      |
-| `accessio.get(url, config?)`               | GET request                              |
-| `accessio.post(url, data?, config?)`       | POST request                             |
-| `accessio.put(url, data?, config?)`        | PUT request                              |
-| `accessio.patch(url, data?, config?)`      | PATCH request                            |
-| `accessio.delete(url, config?)`            | DELETE request                           |
-| `accessio.head(url, config?)`              | HEAD request                             |
-| `accessio.options(url, config?)`           | OPTIONS request                          |
-| `accessio.postForm(url, data?, config?)`   | POST request with `multipart/form-data`  |
-| `accessio.putForm(url, data?, config?)`    | PUT request with `multipart/form-data`   |
-| `accessio.patchForm(url, data?, config?)`  | PATCH request with `multipart/form-data` |
-| `accessio.stream(url, config?)`            | Server-Sent Events (SSE) streaming       |
-| `accessio.autoPaginate(url, config?)`      | Async iterator for paginated endpoints   |
-| `accessio.gql(url, query, vars?, config?)` | GraphQL query/mutation wrapper           |
-
-### Configuration Options
+### Custom Instances
 
 ```typescript
-{
-  baseURL: 'https://api.example.com', // Base URL for all requests
-  url: '/users',                     // Relative or absolute URL
-  method: 'get',                     // HTTP method (default: get)
-  headers: { 'X-Custom': 'val' },    // Custom headers
-  params: { id: 123 },               // URL query parameters
-  data: { name: 'John' },            // Request body (JSON/FormData/etc)
-  timeout: 5000,                     // Timeout in ms (default: 0)
-  responseType: 'json',              // Expected response: 'json', 'text', 'blob', 'stream'
-  auth: { username: '', password: '' }, // Basic auth credentials
-  retry: 3,                          // Max retry attempts
-  retryDelay: 1000,                  // Base delay for exponential backoff
-  debug: true,                       // Enable structured logging
-  rateLimiter: limiter,              // Concurrency limiter instance
-  validateStatus: (s) => s < 400,    // Resolve/reject predicate
-  signal: abortController.signal,    // Custom AbortSignal
-  dedupe: true,                      // Prevent duplicate in-flight requests
-  cache: true,                       // Cache responses (boolean or CacheProvider)
-  cacheTTL: 60000,                   // Cache time-to-live in ms
-  schema: z.object({...}),           // Schema validator (e.g., Zod)
-  fetch: customFetch,                // Custom fetch implementation
-  retryOn429: true,                  // Automatically retry on rate limits
-  hooks: {                           // Lifecycle hooks
-    onBeforeRequest: (config) => {},
-    onRequestResponse: (response) => {},
-    onRequestError: (error) => {}
-  }
-}
+import accessio from 'accessio';
+
+// Create a configured instance
+const api = accessio.create({
+  baseURL: 'https://api.example.com/v1',
+  headers: {
+    'X-Client-Name': 'AccessioClient',
+  },
+  timeout: 5000, // 5-second timeout
+});
+
+// Use instance methods
+const { data } = await api.get('/users');
 ```
 
 ---
 
-## ♻️ Advanced Usage
+## 🛠️ Advanced Features
 
-### Interceptors
+### 🛡️ Auto-Redaction (Zero-leak Logs)
 
-Interceptors allow you to transform requests or responses before they are handled by `then` or `catch`.
+Accessio is built with security first. If a request fails, sensitive credentials in request/response properties are redacted automatically before being attached to the `AccessioError`.
 
 ```typescript
-// Add a request interceptor
-accessio.interceptors.request.use((config) => {
-  config.headers['Authorization'] = `Bearer ${storage.getToken()}`;
-  return config;
-});
-
-// Add a response interceptor
-accessio.interceptors.response.use(
-  (response) => response,
-  (error) => {
-    if (error.response?.status === 401) logout();
-    return Promise.reject(error);
-  },
-);
+try {
+  await accessio.get('https://admin:secret_password@api.example.com/users', {
+    params: { api_key: 'super_secret_token_123' },
+    headers: { Authorization: 'Bearer token_xyz' },
+  });
+} catch (error) {
+  if (accessio.isAccessioError(error)) {
+    console.error(error.toJSON());
+    /*
+      Outputs:
+      {
+        "name": "AccessioError",
+        "message": "Request failed with status code 401",
+        "code": "ERR_BAD_REQUEST",
+        "status": 401,
+        "config": {
+          "url": "https://admin:[REDACTED]@api.example.com/users",
+          "params": {
+            "api_key": "[REDACTED]"
+          },
+          "headers": {
+            "authorization": "[REDACTED]"
+          }
+        }
+      }
+    */
+  }
+}
 ```
 
-### Error Handling
-
-`Accessio` provides a structured error object with specific codes to help you handle failures gracefully.
+### 🔁 Automatic Retries & Backoff
 
-| Code               | Description                   |
-| :----------------- | :---------------------------- |
-| `ERR_BAD_REQUEST`  | 4xx status code               |
-| `ERR_BAD_RESPONSE` | 5xx status code               |
-| `ERR_NETWORK`      | Network connectivity issues   |
-| `ETIMEDOUT`        | Request exceeded timeout      |
-| `ERR_CANCELED`     | Request was manually aborted  |
-| `ERR_INVALID_URL`  | The provided URL is malformed |
-| `ERR_BAD_OPTION`   | Invalid configuration option  |
-
-### Automatic Retries
-
-`Accessio` includes a powerful retry mechanism that handles network errors and 5xx responses automatically.
+Automatically retry failed requests using exponential backoff with randomized jitter to prevent thundering herds.
 
 ```typescript
 const response = await accessio.get('/flaky-endpoint', {
-  retry: 5,
-  retryDelay: 1000, // Delays: 1s, 2s, 4s, 8s, 16s (+/- random jitter)
-  onRetry: (attempt, error) => console.log(`Retry #${attempt}...`),
+  retry: 3, // Max retry attempts
+  retryDelay: 1000, // Initial delay in ms (doubles each attempt)
+  maxRetryDelay: 10000, // Maximum delay cap
+  retryOn429: true, // Respect Retry-After header for HTTP 429 responses
+  onRetry: (attempt, error, config) => {
+    console.warn(`Retry attempt #${attempt} due to: ${error.message}`);
+  },
 });
 ```
 
-### Rate Limiting
+### ⏳ Concurrency Rate Limiting
 
-Limit concurrent requests globally or per-instance to prevent overloading APIs.
+Throttle outbound requests using a queue-based rate limiter. This is especially useful for third-party APIs with tight request limits.
 
 ```typescript
-import { createRateLimiter } from 'accessio';
+import accessio, { createRateLimiter } from 'accessio';
+
+// Allow a maximum of 2 requests in parallel
+const rateLimiter = createRateLimiter(2);
 
-const limiter = createRateLimiter(5); // Max 5 concurrent requests
-const api = accessio.create({ rateLimiter: limiter });
+const api = accessio.create({ rateLimiter });
 
-// Requests will wait in queue if limit is reached
-const results = await Promise.all([
-  api.get('/req-1'),
-  api.get('/req-2'),
-  // ...
-]);
+// These will run with a max concurrency of 2, queueing the rest
+const requests = [1, 2, 3, 4, 5].map((id) => api.get(`/users/${id}`));
+const responses = await Promise.all(requests);
 ```
 
-### Debug Mode
+### 🌊 SSE & Newline JSON Streaming
 
-Get beautiful, structured logs in your console by enabling `debug: true`.
+Accessio leverages asynchronous generators to handle incoming response streams dynamically (works with Server-Sent Events or line-by-line JSON streams).
 
 ```typescript
-// 🐦‍⬛ [accessio] → GET https://api.example.com/users
-//    Params: {"page":1}
-//    Timeout: 5000ms
-// 🐦‍⬛ [accessio] ← ✅ 200 OK (142ms)
-//    Size: ~3.2 KB
+// Iterating through an AI completion SSE stream
+for await (const chunk of api.stream('/ai/complete')) {
+  console.log(chunk); // Parsed JSON chunk, e.g., { text: "hello" }
+}
 ```
 
-### Caching & Deduplication
+### 📂 Auto-Pagination
 
-Prevent duplicate requests and cache responses to improve performance.
+Avoid boilerplate code for pagination. Accessio can auto-follow `next` and `links.next` properties automatically:
 
 ```typescript
-const api = accessio.create({
-  dedupe: true, // Prevents identical requests while one is pending
-  cache: true, // Caches responses in memory
-  cacheTTL: 5 * 60 * 1000, // Cache for 5 minutes
-});
+// Automatically fetches subsequent pages until next link is null
+for await (const item of api.autoPaginate('/users?page=1')) {
+  console.log(item.name); // Yields individual items from each page's items array
+}
 ```
 
-### Schema Validation
+### 🧪 Runtime Schema Validation
 
-Automatically parse and validate responses using libraries like Zod.
+Validate your API payloads at runtime using your favorite validation library (e.g., Zod, ArkType, Superstruct).
 
 ```typescript
 import { z } from 'zod';
 
-const userSchema = z.object({ id: z.number(), name: z.string() });
-
-const response = await accessio.get('/user/1', { schema: userSchema });
-// response.data is strictly typed and validated against userSchema
-```
-
-### Server-Sent Events (SSE)
+const UserSchema = z.object({
+  id: z.string(),
+  name: z.string(),
+  email: z.string().email(),
+});
 
-Easily consume SSE streams using async iterators.
+const response = await api.get('/users/123', {
+  schema: UserSchema, // Throws AccessioError (ERR_BAD_RESPONSE) if validation fails
+});
 
-```typescript
-for await (const chunk of accessio.stream('/stream')) {
-  console.log(chunk); // Parsed JSON or string data from SSE
-}
+const user = response.data; // Fully typed as { id: string; name: string; email: string }
 ```
 
-### Auto-Pagination
+### 📦 Request Deduplication & Caching
 
-Iterate through paginated endpoints effortlessly.
+Optimize application performance by preventing duplicate queries and utilizing caching.
 
 ```typescript
-for await (const user of accessio.autoPaginate('/users')) {
-  console.log(user); // Automatically fetches the next page when needed
-}
+const api = accessio.create({
+  dedupe: true, // Merge concurrent requests targeting the same endpoint
+  cache: true, // Enable in-memory cache
+  cacheTTL: 60000, // Cache responses for 60 seconds
+});
+
+// Executes exactly 1 network call, resolves both promises
+const [res1, res2] = await Promise.all([api.get('/heavy-report'), api.get('/heavy-report')]);
 ```
 
-### GraphQL
+### 🔗 Interceptors & Hooks
 
-Send GraphQL queries and mutations with ease.
+Modify requests and responses at runtime, or listen to client lifecycles:
 
 ```typescript
-const query = `
-  query GetUser($id: ID!) {
-    user(id: $id) { name, email }
-  }
-`;
-
-const response = await accessio.gql('/graphql', query, { id: '1' });
-```
+const api = accessio.create();
 
-### Lifecycle Hooks
-
-Use hooks for simple global or request-specific event handling.
+// Add Request Interceptor
+api.interceptors.request.use((config) => {
+  config.headers = config.headers || {};
+  config.headers['X-Request-Timestamp'] = Date.now().toString();
+  return config;
+});
 
-```typescript
-accessio.create({
-  hooks: {
-    onBeforeRequest: (config) => console.log('Starting request...'),
-    onRequestResponse: (response) => console.log('Request succeeded!'),
-    onRequestError: (error) => console.error('Request failed!'),
+// Add Response Interceptor
+api.interceptors.response.use(
+  (response) => {
+    // Modify output data
+    return response;
   },
-});
+  (error) => {
+    // Handle global errors (e.g. token refresh)
+    return Promise.reject(error);
+  },
+);
 ```
 
 ---
 
-## 🛠️ Developer Guide
-
-### Local Setup
-
-```bash
-git clone https://github.com/salvatorecorvaglia/accessio.git
-cd accessio
-npm install
-```
-
-### Available Scripts
-
-- `npm run build`: Generate CommonJS bundles
-- `npm run test`: Run the full test suite with Vitest
-- `npm run test:coverage`: Run tests with coverage report
-- `npm run test:browser`: Run tests in browser environment
-- `npm run lint`: Check for code style issues
-- `npm run format`: Automatically format the codebase with Prettier
-- `npm run typecheck`: Validate TypeScript types
+## ⚙️ Configuration Options
+
+Here is the complete list of config parameters available in `AccessioRequestConfig`:
+
+| Option             | Type                                                      | Default               | Description                                                                    |
+| :----------------- | :-------------------------------------------------------- | :-------------------- | :----------------------------------------------------------------------------- |
+| `baseURL`          | `string`                                                  | `undefined`           | Prepended to relative URLs.                                                    |
+| `method`           | `string`                                                  | `'get'`               | HTTP request method (e.g., `'get'`, `'post'`).                                 |
+| `headers`          | `Record`                                                  | `{}`                  | Key-value mapping of custom headers.                                           |
+| `params`           | `Record`                                                  | `undefined`           | Query parameters appended to the URL.                                          |
+| `data`             | `any`                                                     | `undefined`           | The payload to send in the request body.                                       |
+| `timeout`          | `number`                                                  | `0` (disabled)        | Request timeout in milliseconds.                                               |
+| `responseType`     | `'json' \| 'text' \| 'blob' \| 'arraybuffer' \| 'stream'` | `'json'`              | Expected format of the response data.                                          |
+| `retry`            | `number`                                                  | `0`                   | Number of times to retry failed requests.                                      |
+| `retryDelay`       | `number`                                                  | `1000`                | Initial delay for exponential backoff (ms).                                    |
+| `retryOn429`       | `boolean`                                                 | `false`               | Automatically retry on 429 using the `Retry-After` header.                     |
+| `rateLimiter`      | `RateLimiter`                                             | `undefined`           | A rate limiter instance to enqueue requests.                                   |
+| `dedupe`           | `boolean`                                                 | `false`               | Coalesce concurrent duplicate GET requests.                                    |
+| `cache`            | `boolean \| CacheProvider`                                | `false`               | Enable caching using memory or custom provider.                                |
+| `cacheTTL`         | `number`                                                  | `undefined`           | TTL for cached responses in ms.                                                |
+| `schema`           | `SchemaValidator`                                         | `undefined`           | Zod/schema parser to validate response body.                                   |
+| `hooks`            | `AccessioHooks`                                           | `undefined`           | Lifecycle callbacks: `onBeforeRequest`, `onRequestResponse`, `onRequestError`. |
+| `allowedProtocols` | `string[] \| null`                                        | `['http:', 'https:']` | Protocols allowed for requesting. Set to `null` to disable check.              |
 
 ---
 

package/cjs/core/accessioError.cjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/core/accessioError.ts"],"sourcesContent":["import ErrorCodes from '../constants/errorCodes';\nimport type { AccessioRequestConfig, AccessioResponse } from '../types';\n\nfunction redactHeaders(headers: unknown): unknown {\n  if (!headers || typeof headers !== 'object') return headers;\n  const out: Record<string, unknown> = {};\n  for (const key of Object.keys(headers as Record<string, unknown>)) {\n    const value = (headers as Record<string, unknown>)[key];\n    if (/^authorization$/i.test(key) || /^cookie$/i.test(key) || /^set-cookie$/i.test(key)) {\n      out[key] = '[REDACTED]';\n    } else if (value && typeof value === 'object' && !Array.isArray(value)) {\n      out[key] = redactHeaders(value);\n    } else {\n      out[key] = value;\n    }\n  }\n  return out;\n}\n\nconst SENSITIVE_BODY_KEY =\n  /^(password|passwd|pwd|token|access_token|refresh_token|id_token|authorization|api[_-]?key|secret|client[_-]?secret|cookie|set[_-]?cookie|private[_-]?key|session)$/i;\n\nexport function redactBody(value: unknown, seen?: WeakSet<object>): unknown {\n  if (value === null || typeof value !== 'object') return value;\n  const visited = seen ?? new WeakSet<object>();\n  if (visited.has(value as object)) return '[Circular]';\n  visited.add(value as object);\n\n  if (Array.isArray(value)) {\n    return value.map((item) => redactBody(item, visited));\n  }\n\n  const out: Record<string, unknown> = {};\n  for (const key of Object.keys(value as Record<string, unknown>)) {\n    const v = (value as Record<string, unknown>)[key];\n    if (SENSITIVE_BODY_KEY.test(key)) {\n      out[key] = '[REDACTED]';\n    } else {\n      out[key] = redactBody(v, visited);\n    }\n  }\n  return out;\n}\n\nfunction redactParams(params: unknown): unknown {\n  if (!params || typeof params !== 'object') return params;\n  const out: Record<string, unknown> = {};\n  for (const key of Object.keys(params as Record<string, unknown>)) {\n    const value = (params as Record<string, unknown>)[key];\n    if (SENSITIVE_BODY_KEY.test(key)) {\n      out[key] = '[REDACTED]';\n    } else if (value && typeof value === 'object' && !Array.isArray(value)) {\n      out[key] = redactParams(value);\n    } else {\n      out[key] = value;\n    }\n  }\n  return out;\n}\n\nfunction redactURL(url: string | undefined): string | undefined {\n  if (!url) return url;\n  // Match inline credentials: http://user:pass@host\n  return url.replace(/^([a-z][a-z\\d+\\-.]*:\\/\\/)([^/]+)@/i, (match, protocol, userInfo) => {\n    const parts = userInfo.split(':');\n    if (parts.length > 1) {\n      return `${protocol}${parts[0]}:[REDACTED]@`;\n    }\n    return `${protocol}[REDACTED]@`;\n  });\n}\n\nexport function redactConfig(config: AccessioRequestConfig | null): AccessioRequestConfig | null {\n  if (!config) return config;\n  const clone = { ...config } as AccessioRequestConfig & { auth?: unknown };\n  if ('auth' in clone) delete clone.auth;\n  if (clone.headers) clone.headers = redactHeaders(clone.headers) as typeof clone.headers;\n  if (clone.params) clone.params = redactParams(clone.params) as typeof clone.params;\n  if (clone.url) clone.url = redactURL(clone.url);\n  if (clone._builtUrl) clone._builtUrl = redactURL(clone._builtUrl);\n  return clone;\n}\n\nexport class AccessioError extends Error {\n  static ERR_BAD_OPTION_VALUE: string = ErrorCodes.ERR_BAD_OPTION_VALUE;\n  static ERR_BAD_OPTION: string = ErrorCodes.ERR_BAD_OPTION;\n  static ECONNABORTED: string = ErrorCodes.ECONNABORTED;\n  static ETIMEDOUT: string = ErrorCodes.ETIMEDOUT;\n  static ERR_NETWORK: string = ErrorCodes.ERR_NETWORK;\n  static ERR_FR_TOO_MANY_REDIRECTS: string = ErrorCodes.ERR_FR_TOO_MANY_REDIRECTS;\n  static ERR_BAD_RESPONSE: string = ErrorCodes.ERR_BAD_RESPONSE;\n  static ERR_BAD_REQUEST: string = ErrorCodes.ERR_BAD_REQUEST;\n  static ERR_CANCELED: string = ErrorCodes.ERR_CANCELED;\n  static ERR_NOT_SUPPORT: string = ErrorCodes.ERR_NOT_SUPPORT;\n  static ERR_INVALID_URL: string = ErrorCodes.ERR_INVALID_URL;\n\n  readonly code: string | null;\n  readonly config: AccessioRequestConfig | null;\n  readonly request: unknown;\n  readonly response: AccessioResponse | null;\n  readonly isAccessioError: true;\n  cause?: Error;\n  override name = 'AccessioError' as const;\n\n  constructor(\n    message: string,\n    code: string | null,\n    config: AccessioRequestConfig | null,\n    request: unknown,\n    response: AccessioResponse | null,\n  ) {\n    super(message);\n    this.name = 'AccessioError';\n    this.code = code ?? null;\n    this.config = redactConfig(config ?? null);\n    this.request = request ?? null;\n    this.response = response ?? null;\n    this.isAccessioError = true;\n\n    if (Error.captureStackTrace) {\n      Error.captureStackTrace(this, AccessioError);\n    }\n  }\n\n  toJSON(): Record<string, unknown> {\n    return {\n      name: this.name,\n      message: this.message,\n      code: this.code,\n      status: this.response ? this.response.status : null,\n      config: this.config,\n    };\n  }\n\n  static from(\n    error: Error,\n    code: string,\n    config: AccessioRequestConfig | null,\n    request: unknown,\n    response: AccessioResponse | null,\n  ): AccessioError {\n    const accessioError = new AccessioError(error.message, code, config, request, response);\n    accessioError.cause = error;\n    accessioError.stack = error.stack;\n    return accessioError;\n  }\n}\n\nexport default AccessioError;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,wBAAuB;AAGvB,SAAS,cAAc,SAA2B;AAChD,MAAI,CAAC,WAAW,OAAO,YAAY,SAAU,QAAO;AACpD,QAAM,MAA+B,CAAC;AACtC,aAAW,OAAO,OAAO,KAAK,OAAkC,GAAG;AACjE,UAAM,QAAS,QAAoC,GAAG;AACtD,QAAI,mBAAmB,KAAK,GAAG,KAAK,YAAY,KAAK,GAAG,KAAK,gBAAgB,KAAK,GAAG,GAAG;AACtF,UAAI,GAAG,IAAI;AAAA,IACb,WAAW,SAAS,OAAO,UAAU,YAAY,CAAC,MAAM,QAAQ,KAAK,GAAG;AACtE,UAAI,GAAG,IAAI,cAAc,KAAK;AAAA,IAChC,OAAO;AACL,UAAI,GAAG,IAAI;AAAA,IACb;AAAA,EACF;AACA,SAAO;AACT;AAEA,MAAM,qBACJ;AAEK,SAAS,WAAW,OAAgB,MAAiC;AAC1E,MAAI,UAAU,QAAQ,OAAO,UAAU,SAAU,QAAO;AACxD,QAAM,UAAU,QAAQ,oBAAI,QAAgB;AAC5C,MAAI,QAAQ,IAAI,KAAe,EAAG,QAAO;AACzC,UAAQ,IAAI,KAAe;AAE3B,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,MAAM,IAAI,CAAC,SAAS,WAAW,MAAM,OAAO,CAAC;AAAA,EACtD;AAEA,QAAM,MAA+B,CAAC;AACtC,aAAW,OAAO,OAAO,KAAK,KAAgC,GAAG;AAC/D,UAAM,IAAK,MAAkC,GAAG;AAChD,QAAI,mBAAmB,KAAK,GAAG,GAAG;AAChC,UAAI,GAAG,IAAI;AAAA,IACb,OAAO;AACL,UAAI,GAAG,IAAI,WAAW,GAAG,OAAO;AAAA,IAClC;AAAA,EACF;AACA,SAAO;AACT;AAEA,SAAS,aAAa,QAA0B;AAC9C,MAAI,CAAC,UAAU,OAAO,WAAW,SAAU,QAAO;AAClD,QAAM,MAA+B,CAAC;AACtC,aAAW,OAAO,OAAO,KAAK,MAAiC,GAAG;AAChE,UAAM,QAAS,OAAmC,GAAG;AACrD,QAAI,mBAAmB,KAAK,GAAG,GAAG;AAChC,UAAI,GAAG,IAAI;AAAA,IACb,WAAW,SAAS,OAAO,UAAU,YAAY,CAAC,MAAM,QAAQ,KAAK,GAAG;AACtE,UAAI,GAAG,IAAI,aAAa,KAAK;AAAA,IAC/B,OAAO;AACL,UAAI,GAAG,IAAI;AAAA,IACb;AAAA,EACF;AACA,SAAO;AACT;AAEA,SAAS,UAAU,KAA6C;AAC9D,MAAI,CAAC,IAAK,QAAO;AAEjB,SAAO,IAAI,QAAQ,sCAAsC,CAAC,OAAO,UAAU,aAAa;AACtF,UAAM,QAAQ,SAAS,MAAM,GAAG;AAChC,QAAI,MAAM,SAAS,GAAG;AACpB,aAAO,GAAG,QAAQ,GAAG,MAAM,CAAC,CAAC;AAAA,IAC/B;AACA,WAAO,GAAG,QAAQ;AAAA,EACpB,CAAC;AACH;AAEO,SAAS,aAAa,QAAoE;AAC/F,MAAI,CAAC,OAAQ,QAAO;AACpB,QAAM,QAAQ,EAAE,GAAG,OAAO;AAC1B,MAAI,UAAU,MAAO,QAAO,MAAM;AAClC,MAAI,MAAM,QAAS,OAAM,UAAU,cAAc,MAAM,OAAO;AAC9D,MAAI,MAAM,OAAQ,OAAM,SAAS,aAAa,MAAM,MAAM;AAC1D,MAAI,MAAM,IAAK,OAAM,MAAM,UAAU,MAAM,GAAG;AAC9C,MAAI,MAAM,UAAW,OAAM,YAAY,UAAU,MAAM,SAAS;AAChE,SAAO;AACT;AAEO,MAAM,sBAAsB,MAAM;AAAA,EACvC,OAAO,uBAA+B,kBAAAA,QAAW;AAAA,EACjD,OAAO,iBAAyB,kBAAAA,QAAW;AAAA,EAC3C,OAAO,eAAuB,kBAAAA,QAAW;AAAA,EACzC,OAAO,YAAoB,kBAAAA,QAAW;AAAA,EACtC,OAAO,cAAsB,kBAAAA,QAAW;AAAA,EACxC,OAAO,4BAAoC,kBAAAA,QAAW;AAAA,EACtD,OAAO,mBAA2B,kBAAAA,QAAW;AAAA,EAC7C,OAAO,kBAA0B,kBAAAA,QAAW;AAAA,EAC5C,OAAO,eAAuB,kBAAAA,QAAW;AAAA,EACzC,OAAO,kBAA0B,kBAAAA,QAAW;AAAA,EAC5C,OAAO,kBAA0B,kBAAAA,QAAW;AAAA,EAEnC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACT;AAAA,EACS,OAAO;AAAA,EAEhB,YACE,SACA,MACA,QACA,SACA,UACA;AACA,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,OAAO,QAAQ;AACpB,SAAK,SAAS,aAAa,UAAU,IAAI;AACzC,SAAK,UAAU,WAAW;AAC1B,SAAK,WAAW,YAAY;AAC5B,SAAK,kBAAkB;AAEvB,QAAI,MAAM,mBAAmB;AAC3B,YAAM,kBAAkB,MAAM,aAAa;AAAA,IAC7C;AAAA,EACF;AAAA,EAEA,SAAkC;AAChC,WAAO;AAAA,MACL,MAAM,KAAK;AAAA,MACX,SAAS,KAAK;AAAA,MACd,MAAM,KAAK;AAAA,MACX,QAAQ,KAAK,WAAW,KAAK,SAAS,SAAS;AAAA,MAC/C,QAAQ,KAAK;AAAA,IACf;AAAA,EACF;AAAA,EAEA,OAAO,KACL,OACA,MACA,QACA,SACA,UACe;AACf,UAAM,gBAAgB,IAAI,cAAc,MAAM,SAAS,MAAM,QAAQ,SAAS,QAAQ;AACtF,kBAAc,QAAQ;AACtB,kBAAc,QAAQ,MAAM;AAC5B,WAAO;AAAA,EACT;AACF;AAEA,IAAO,wBAAQ;","names":["ErrorCodes"]}
+{"version":3,"sources":["../../src/core/accessioError.ts"],"sourcesContent":["import ErrorCodes from '../constants/errorCodes';\nimport type { AccessioRequestConfig, AccessioResponse } from '../types';\n\nfunction redactHeaders(headers: unknown): unknown {\n  if (!headers || typeof headers !== 'object') return headers;\n  const out: Record<string, unknown> = {};\n  for (const key of Object.keys(headers as Record<string, unknown>)) {\n    const value = (headers as Record<string, unknown>)[key];\n    if (/^authorization$/i.test(key) || /^cookie$/i.test(key) || /^set-cookie$/i.test(key)) {\n      out[key] = '[REDACTED]';\n    } else if (value && typeof value === 'object' && !Array.isArray(value)) {\n      out[key] = redactHeaders(value);\n    } else {\n      out[key] = value;\n    }\n  }\n  return out;\n}\n\nconst SENSITIVE_BODY_KEY =\n  /^(password|passwd|pwd|token|access_token|refresh_token|id_token|authorization|api[_-]?key|secret|client[_-]?secret|cookie|set[_-]?cookie|private[_-]?key|session)$/i;\n\nexport function redactBody(value: unknown, seen?: WeakSet<object>): unknown {\n  if (value === null || typeof value !== 'object') return value;\n  const visited = seen ?? new WeakSet<object>();\n  if (visited.has(value as object)) return '[Circular]';\n  visited.add(value as object);\n\n  if (Array.isArray(value)) {\n    return value.map((item) => redactBody(item, visited));\n  }\n\n  const out: Record<string, unknown> = {};\n  for (const key of Object.keys(value as Record<string, unknown>)) {\n    const v = (value as Record<string, unknown>)[key];\n    if (SENSITIVE_BODY_KEY.test(key)) {\n      out[key] = '[REDACTED]';\n    } else {\n      out[key] = redactBody(v, visited);\n    }\n  }\n  return out;\n}\n\nfunction redactParams(params: unknown): unknown {\n  if (!params || typeof params !== 'object') return params;\n  const out: Record<string, unknown> = {};\n  for (const key of Object.keys(params as Record<string, unknown>)) {\n    const value = (params as Record<string, unknown>)[key];\n    if (SENSITIVE_BODY_KEY.test(key)) {\n      out[key] = '[REDACTED]';\n    } else if (value && typeof value === 'object' && !Array.isArray(value)) {\n      out[key] = redactParams(value);\n    } else {\n      out[key] = value;\n    }\n  }\n  return out;\n}\n\nfunction redactURL(url: string | undefined): string | undefined {\n  if (!url) return url;\n  // Match inline credentials: http://user:pass@host\n  return url.replace(/^([a-z][a-z\\d+\\-.]*:\\/\\/)([^/]+)@/i, (match, protocol, userInfo) => {\n    const parts = userInfo.split(':');\n    if (parts.length > 1) {\n      return `${protocol}${parts[0]}:[REDACTED]@`;\n    }\n    return `${protocol}[REDACTED]@`;\n  });\n}\n\nexport function redactConfig(config: AccessioRequestConfig | null): AccessioRequestConfig | null {\n  if (!config) return config;\n  const clone = { ...config } as AccessioRequestConfig & { auth?: unknown };\n  if ('auth' in clone) delete clone.auth;\n  if (clone.headers) clone.headers = redactHeaders(clone.headers) as typeof clone.headers;\n  if (clone.params) clone.params = redactParams(clone.params) as typeof clone.params;\n  if (clone.url) clone.url = redactURL(clone.url);\n  if (clone._builtUrl) clone._builtUrl = redactURL(clone._builtUrl);\n  return clone;\n}\n\nexport class AccessioError extends Error {\n  static ERR_BAD_OPTION_VALUE: string = ErrorCodes.ERR_BAD_OPTION_VALUE;\n  static ERR_BAD_OPTION: string = ErrorCodes.ERR_BAD_OPTION;\n  static ECONNABORTED: string = ErrorCodes.ECONNABORTED;\n  static ETIMEDOUT: string = ErrorCodes.ETIMEDOUT;\n  static ERR_NETWORK: string = ErrorCodes.ERR_NETWORK;\n  static ERR_FR_TOO_MANY_REDIRECTS: string = ErrorCodes.ERR_FR_TOO_MANY_REDIRECTS;\n  static ERR_BAD_RESPONSE: string = ErrorCodes.ERR_BAD_RESPONSE;\n  static ERR_BAD_REQUEST: string = ErrorCodes.ERR_BAD_REQUEST;\n  static ERR_CANCELED: string = ErrorCodes.ERR_CANCELED;\n  static ERR_NOT_SUPPORT: string = ErrorCodes.ERR_NOT_SUPPORT;\n  static ERR_INVALID_URL: string = ErrorCodes.ERR_INVALID_URL;\n\n  readonly code: string | null;\n  readonly config: AccessioRequestConfig | null;\n  readonly request: unknown;\n  readonly response: AccessioResponse | null;\n  readonly isAccessioError: true;\n  cause?: Error;\n  override name = 'AccessioError' as const;\n\n  constructor(\n    message: string,\n    code: string | null,\n    config: AccessioRequestConfig | null,\n    request: unknown,\n    response: AccessioResponse | null,\n  ) {\n    super(message);\n    this.name = 'AccessioError';\n    this.code = code ?? null;\n    this.config = redactConfig(config ?? null);\n    this.request = request ?? null;\n    this.response = response ?? null;\n    this.isAccessioError = true;\n\n    if ((Error as any).captureStackTrace) {\n      (Error as any).captureStackTrace(this, AccessioError);\n    }\n  }\n\n  toJSON(): Record<string, unknown> {\n    return {\n      name: this.name,\n      message: this.message,\n      code: this.code,\n      status: this.response ? this.response.status : null,\n      config: this.config,\n    };\n  }\n\n  static from(\n    error: Error,\n    code: string,\n    config: AccessioRequestConfig | null,\n    request: unknown,\n    response: AccessioResponse | null,\n  ): AccessioError {\n    const accessioError = new AccessioError(error.message, code, config, request, response);\n    accessioError.cause = error;\n    accessioError.stack = error.stack;\n    return accessioError;\n  }\n}\n\nexport default AccessioError;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,wBAAuB;AAGvB,SAAS,cAAc,SAA2B;AAChD,MAAI,CAAC,WAAW,OAAO,YAAY,SAAU,QAAO;AACpD,QAAM,MAA+B,CAAC;AACtC,aAAW,OAAO,OAAO,KAAK,OAAkC,GAAG;AACjE,UAAM,QAAS,QAAoC,GAAG;AACtD,QAAI,mBAAmB,KAAK,GAAG,KAAK,YAAY,KAAK,GAAG,KAAK,gBAAgB,KAAK,GAAG,GAAG;AACtF,UAAI,GAAG,IAAI;AAAA,IACb,WAAW,SAAS,OAAO,UAAU,YAAY,CAAC,MAAM,QAAQ,KAAK,GAAG;AACtE,UAAI,GAAG,IAAI,cAAc,KAAK;AAAA,IAChC,OAAO;AACL,UAAI,GAAG,IAAI;AAAA,IACb;AAAA,EACF;AACA,SAAO;AACT;AAEA,MAAM,qBACJ;AAEK,SAAS,WAAW,OAAgB,MAAiC;AAC1E,MAAI,UAAU,QAAQ,OAAO,UAAU,SAAU,QAAO;AACxD,QAAM,UAAU,QAAQ,oBAAI,QAAgB;AAC5C,MAAI,QAAQ,IAAI,KAAe,EAAG,QAAO;AACzC,UAAQ,IAAI,KAAe;AAE3B,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,MAAM,IAAI,CAAC,SAAS,WAAW,MAAM,OAAO,CAAC;AAAA,EACtD;AAEA,QAAM,MAA+B,CAAC;AACtC,aAAW,OAAO,OAAO,KAAK,KAAgC,GAAG;AAC/D,UAAM,IAAK,MAAkC,GAAG;AAChD,QAAI,mBAAmB,KAAK,GAAG,GAAG;AAChC,UAAI,GAAG,IAAI;AAAA,IACb,OAAO;AACL,UAAI,GAAG,IAAI,WAAW,GAAG,OAAO;AAAA,IAClC;AAAA,EACF;AACA,SAAO;AACT;AAEA,SAAS,aAAa,QAA0B;AAC9C,MAAI,CAAC,UAAU,OAAO,WAAW,SAAU,QAAO;AAClD,QAAM,MAA+B,CAAC;AACtC,aAAW,OAAO,OAAO,KAAK,MAAiC,GAAG;AAChE,UAAM,QAAS,OAAmC,GAAG;AACrD,QAAI,mBAAmB,KAAK,GAAG,GAAG;AAChC,UAAI,GAAG,IAAI;AAAA,IACb,WAAW,SAAS,OAAO,UAAU,YAAY,CAAC,MAAM,QAAQ,KAAK,GAAG;AACtE,UAAI,GAAG,IAAI,aAAa,KAAK;AAAA,IAC/B,OAAO;AACL,UAAI,GAAG,IAAI;AAAA,IACb;AAAA,EACF;AACA,SAAO;AACT;AAEA,SAAS,UAAU,KAA6C;AAC9D,MAAI,CAAC,IAAK,QAAO;AAEjB,SAAO,IAAI,QAAQ,sCAAsC,CAAC,OAAO,UAAU,aAAa;AACtF,UAAM,QAAQ,SAAS,MAAM,GAAG;AAChC,QAAI,MAAM,SAAS,GAAG;AACpB,aAAO,GAAG,QAAQ,GAAG,MAAM,CAAC,CAAC;AAAA,IAC/B;AACA,WAAO,GAAG,QAAQ;AAAA,EACpB,CAAC;AACH;AAEO,SAAS,aAAa,QAAoE;AAC/F,MAAI,CAAC,OAAQ,QAAO;AACpB,QAAM,QAAQ,EAAE,GAAG,OAAO;AAC1B,MAAI,UAAU,MAAO,QAAO,MAAM;AAClC,MAAI,MAAM,QAAS,OAAM,UAAU,cAAc,MAAM,OAAO;AAC9D,MAAI,MAAM,OAAQ,OAAM,SAAS,aAAa,MAAM,MAAM;AAC1D,MAAI,MAAM,IAAK,OAAM,MAAM,UAAU,MAAM,GAAG;AAC9C,MAAI,MAAM,UAAW,OAAM,YAAY,UAAU,MAAM,SAAS;AAChE,SAAO;AACT;AAEO,MAAM,sBAAsB,MAAM;AAAA,EACvC,OAAO,uBAA+B,kBAAAA,QAAW;AAAA,EACjD,OAAO,iBAAyB,kBAAAA,QAAW;AAAA,EAC3C,OAAO,eAAuB,kBAAAA,QAAW;AAAA,EACzC,OAAO,YAAoB,kBAAAA,QAAW;AAAA,EACtC,OAAO,cAAsB,kBAAAA,QAAW;AAAA,EACxC,OAAO,4BAAoC,kBAAAA,QAAW;AAAA,EACtD,OAAO,mBAA2B,kBAAAA,QAAW;AAAA,EAC7C,OAAO,kBAA0B,kBAAAA,QAAW;AAAA,EAC5C,OAAO,eAAuB,kBAAAA,QAAW;AAAA,EACzC,OAAO,kBAA0B,kBAAAA,QAAW;AAAA,EAC5C,OAAO,kBAA0B,kBAAAA,QAAW;AAAA,EAEnC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACT;AAAA,EACS,OAAO;AAAA,EAEhB,YACE,SACA,MACA,QACA,SACA,UACA;AACA,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,OAAO,QAAQ;AACpB,SAAK,SAAS,aAAa,UAAU,IAAI;AACzC,SAAK,UAAU,WAAW;AAC1B,SAAK,WAAW,YAAY;AAC5B,SAAK,kBAAkB;AAEvB,QAAK,MAAc,mBAAmB;AACpC,MAAC,MAAc,kBAAkB,MAAM,aAAa;AAAA,IACtD;AAAA,EACF;AAAA,EAEA,SAAkC;AAChC,WAAO;AAAA,MACL,MAAM,KAAK;AAAA,MACX,SAAS,KAAK;AAAA,MACd,MAAM,KAAK;AAAA,MACX,QAAQ,KAAK,WAAW,KAAK,SAAS,SAAS;AAAA,MAC/C,QAAQ,KAAK;AAAA,IACf;AAAA,EACF;AAAA,EAEA,OAAO,KACL,OACA,MACA,QACA,SACA,UACe;AACf,UAAM,gBAAgB,IAAI,cAAc,MAAM,SAAS,MAAM,QAAQ,SAAS,QAAQ;AACtF,kBAAc,QAAQ;AACtB,kBAAc,QAAQ,MAAM;AAC5B,WAAO;AAAA,EACT;AACF;AAEA,IAAO,wBAAQ;","names":["ErrorCodes"]}

package/cjs/core/buildURL.cjs

@@ -84,15 +84,18 @@ function buildURL(url, baseURL, params, paramsSerializer) {
       if (key === "__proto__" || key === "prototype" || key === "constructor") continue;
       unusedParams[key] = params[key];
     }
-    fullURL = fullURL.replace(/(?::([a-zA-Z0-9_]+))|(?:{([a-zA-Z0-9_]+)})/g, (match, p1, p2) => {
-      const key = p1 || p2;
-      if (key && Object.prototype.hasOwnProperty.call(unusedParams, key) && unusedParams[key] !== void 0) {
-        const val = unusedParams[key];
-        delete unusedParams[key];
-        return encodeURIComponent(String(val));
+    fullURL = fullURL.replace(
+      /(?::([a-zA-Z_][a-zA-Z0-9_]*))|(?:{([a-zA-Z_][a-zA-Z0-9_]*)})/g,
+      (match, p1, p2) => {
+        const key = p1 || p2;
+        if (key && Object.prototype.hasOwnProperty.call(unusedParams, key) && unusedParams[key] !== void 0) {
+          const val = unusedParams[key];
+          delete unusedParams[key];
+          return encodeURIComponent(String(val));
+        }
+        return match;
       }
-      return match;
-    });
+    );
     finalParams = unusedParams;
   }
   const serialized = serializeParams(finalParams, paramsSerializer);

package/cjs/core/buildURL.cjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/core/buildURL.ts"],"sourcesContent":["import type { ParamsSerializer } from '../types';\n\nfunction serializeParams(\n  params: Record<string, unknown>,\n  paramsSerializer?: ParamsSerializer,\n): string {\n  if (!params) return '';\n\n  if (typeof paramsSerializer === 'function') {\n    return paramsSerializer(params);\n  }\n\n  if (typeof URLSearchParams !== 'undefined' && params instanceof URLSearchParams) {\n    return params.toString();\n  }\n\n  const parts: string[] = [];\n\n  function encode(prefix: string, value: unknown): void {\n    if (value === null || value === undefined) {\n      return;\n    }\n\n    if (Array.isArray(value)) {\n      value.forEach((item, index) => {\n        if (typeof item === 'object' && item !== null) {\n          encode(`${prefix}[${index}]`, item);\n        } else {\n          encode(prefix, item);\n        }\n      });\n    } else if (typeof value === 'object' && !(value instanceof Date)) {\n      Object.keys(value as Record<string, unknown>).forEach((key) => {\n        encode(`${prefix}[${key}]`, (value as Record<string, unknown>)[key]);\n      });\n    } else {\n      const encodedValue = value instanceof Date ? value.toISOString() : value;\n      parts.push(`${encodeURIComponent(prefix)}=${encodeURIComponent(encodedValue as string)}`);\n    }\n  }\n\n  Object.keys(params).forEach((key) => {\n    encode(key, params[key]);\n  });\n\n  return parts.join('&');\n}\n\nfunction combineURLs(baseURL: string, relativeURL: string): string {\n  if (!baseURL) return relativeURL || '';\n  if (!relativeURL) return baseURL;\n\n  let base = baseURL;\n  while (base.endsWith('/')) {\n    base = base.slice(0, -1);\n  }\n\n  let relative = relativeURL;\n  while (relative.startsWith('/')) {\n    relative = relative.slice(1);\n  }\n\n  return `${base}/${relative}`;\n}\n\nfunction isAbsoluteURL(url: string): boolean {\n  return /^([a-z][a-z\\d+\\-.]*:)/i.test(url);\n}\n\nexport default function buildURL(\n  url: string,\n  baseURL?: string,\n  params?: Record<string, unknown>,\n  paramsSerializer?: ParamsSerializer,\n): string {\n  let fullURL = baseURL && !isAbsoluteURL(url) ? combineURLs(baseURL, url) : url || '';\n\n  let finalParams = params;\n  if (params && typeof params === 'object' && !(params instanceof URLSearchParams)) {\n    const unusedParams: Record<string, unknown> = {};\n    for (const key of Object.keys(params)) {\n      if (key === '__proto__' || key === 'prototype' || key === 'constructor') continue;\n      unusedParams[key] = (params as Record<string, unknown>)[key];\n    }\n    fullURL = fullURL.replace(/(?::([a-zA-Z0-9_]+))|(?:{([a-zA-Z0-9_]+)})/g, (match, p1, p2) => {\n      const key = p1 || p2;\n      if (\n        key &&\n        Object.prototype.hasOwnProperty.call(unusedParams, key) &&\n        unusedParams[key] !== undefined\n      ) {\n        const val = unusedParams[key];\n        delete unusedParams[key];\n        return encodeURIComponent(String(val));\n      }\n      return match;\n    });\n    finalParams = unusedParams;\n  }\n\n  const serialized = serializeParams(finalParams as Record<string, unknown>, paramsSerializer);\n  if (serialized) {\n    const hashIndex = fullURL.indexOf('#');\n    let fragment = '';\n    if (hashIndex !== -1) {\n      fragment = fullURL.slice(hashIndex);\n      fullURL = fullURL.slice(0, hashIndex);\n    }\n    fullURL += (fullURL.indexOf('?') === -1 ? '?' : '&') + serialized + fragment;\n  }\n\n  return fullURL;\n}\n\nexport { serializeParams, combineURLs, isAbsoluteURL };\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,SAAS,gBACP,QACA,kBACQ;AACR,MAAI,CAAC,OAAQ,QAAO;AAEpB,MAAI,OAAO,qBAAqB,YAAY;AAC1C,WAAO,iBAAiB,MAAM;AAAA,EAChC;AAEA,MAAI,OAAO,oBAAoB,eAAe,kBAAkB,iBAAiB;AAC/E,WAAO,OAAO,SAAS;AAAA,EACzB;AAEA,QAAM,QAAkB,CAAC;AAEzB,WAAS,OAAO,QAAgB,OAAsB;AACpD,QAAI,UAAU,QAAQ,UAAU,QAAW;AACzC;AAAA,IACF;AAEA,QAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,YAAM,QAAQ,CAAC,MAAM,UAAU;AAC7B,YAAI,OAAO,SAAS,YAAY,SAAS,MAAM;AAC7C,iBAAO,GAAG,MAAM,IAAI,KAAK,KAAK,IAAI;AAAA,QACpC,OAAO;AACL,iBAAO,QAAQ,IAAI;AAAA,QACrB;AAAA,MACF,CAAC;AAAA,IACH,WAAW,OAAO,UAAU,YAAY,EAAE,iBAAiB,OAAO;AAChE,aAAO,KAAK,KAAgC,EAAE,QAAQ,CAAC,QAAQ;AAC7D,eAAO,GAAG,MAAM,IAAI,GAAG,KAAM,MAAkC,GAAG,CAAC;AAAA,MACrE,CAAC;AAAA,IACH,OAAO;AACL,YAAM,eAAe,iBAAiB,OAAO,MAAM,YAAY,IAAI;AACnE,YAAM,KAAK,GAAG,mBAAmB,MAAM,CAAC,IAAI,mBAAmB,YAAsB,CAAC,EAAE;AAAA,IAC1F;AAAA,EACF;AAEA,SAAO,KAAK,MAAM,EAAE,QAAQ,CAAC,QAAQ;AACnC,WAAO,KAAK,OAAO,GAAG,CAAC;AAAA,EACzB,CAAC;AAED,SAAO,MAAM,KAAK,GAAG;AACvB;AAEA,SAAS,YAAY,SAAiB,aAA6B;AACjE,MAAI,CAAC,QAAS,QAAO,eAAe;AACpC,MAAI,CAAC,YAAa,QAAO;AAEzB,MAAI,OAAO;AACX,SAAO,KAAK,SAAS,GAAG,GAAG;AACzB,WAAO,KAAK,MAAM,GAAG,EAAE;AAAA,EACzB;AAEA,MAAI,WAAW;AACf,SAAO,SAAS,WAAW,GAAG,GAAG;AAC/B,eAAW,SAAS,MAAM,CAAC;AAAA,EAC7B;AAEA,SAAO,GAAG,IAAI,IAAI,QAAQ;AAC5B;AAEA,SAAS,cAAc,KAAsB;AAC3C,SAAO,yBAAyB,KAAK,GAAG;AAC1C;AAEe,SAAR,SACL,KACA,SACA,QACA,kBACQ;AACR,MAAI,UAAU,WAAW,CAAC,cAAc,GAAG,IAAI,YAAY,SAAS,GAAG,IAAI,OAAO;AAElF,MAAI,cAAc;AAClB,MAAI,UAAU,OAAO,WAAW,YAAY,EAAE,kBAAkB,kBAAkB;AAChF,UAAM,eAAwC,CAAC;AAC/C,eAAW,OAAO,OAAO,KAAK,MAAM,GAAG;AACrC,UAAI,QAAQ,eAAe,QAAQ,eAAe,QAAQ,cAAe;AACzE,mBAAa,GAAG,IAAK,OAAmC,GAAG;AAAA,IAC7D;AACA,cAAU,QAAQ,QAAQ,+CAA+C,CAAC,OAAO,IAAI,OAAO;AAC1F,YAAM,MAAM,MAAM;AAClB,UACE,OACA,OAAO,UAAU,eAAe,KAAK,cAAc,GAAG,KACtD,aAAa,GAAG,MAAM,QACtB;AACA,cAAM,MAAM,aAAa,GAAG;AAC5B,eAAO,aAAa,GAAG;AACvB,eAAO,mBAAmB,OAAO,GAAG,CAAC;AAAA,MACvC;AACA,aAAO;AAAA,IACT,CAAC;AACD,kBAAc;AAAA,EAChB;AAEA,QAAM,aAAa,gBAAgB,aAAwC,gBAAgB;AAC3F,MAAI,YAAY;AACd,UAAM,YAAY,QAAQ,QAAQ,GAAG;AACrC,QAAI,WAAW;AACf,QAAI,cAAc,IAAI;AACpB,iBAAW,QAAQ,MAAM,SAAS;AAClC,gBAAU,QAAQ,MAAM,GAAG,SAAS;AAAA,IACtC;AACA,gBAAY,QAAQ,QAAQ,GAAG,MAAM,KAAK,MAAM,OAAO,aAAa;AAAA,EACtE;AAEA,SAAO;AACT;","names":[]}
+{"version":3,"sources":["../../src/core/buildURL.ts"],"sourcesContent":["import type { ParamsSerializer } from '../types';\n\nfunction serializeParams(\n  params: Record<string, unknown>,\n  paramsSerializer?: ParamsSerializer,\n): string {\n  if (!params) return '';\n\n  if (typeof paramsSerializer === 'function') {\n    return paramsSerializer(params);\n  }\n\n  if (typeof URLSearchParams !== 'undefined' && params instanceof URLSearchParams) {\n    return params.toString();\n  }\n\n  const parts: string[] = [];\n\n  function encode(prefix: string, value: unknown): void {\n    if (value === null || value === undefined) {\n      return;\n    }\n\n    if (Array.isArray(value)) {\n      value.forEach((item, index) => {\n        if (typeof item === 'object' && item !== null) {\n          encode(`${prefix}[${index}]`, item);\n        } else {\n          encode(prefix, item);\n        }\n      });\n    } else if (typeof value === 'object' && !(value instanceof Date)) {\n      Object.keys(value as Record<string, unknown>).forEach((key) => {\n        encode(`${prefix}[${key}]`, (value as Record<string, unknown>)[key]);\n      });\n    } else {\n      const encodedValue = value instanceof Date ? value.toISOString() : value;\n      parts.push(`${encodeURIComponent(prefix)}=${encodeURIComponent(encodedValue as string)}`);\n    }\n  }\n\n  Object.keys(params).forEach((key) => {\n    encode(key, params[key]);\n  });\n\n  return parts.join('&');\n}\n\nfunction combineURLs(baseURL: string, relativeURL: string): string {\n  if (!baseURL) return relativeURL || '';\n  if (!relativeURL) return baseURL;\n\n  let base = baseURL;\n  while (base.endsWith('/')) {\n    base = base.slice(0, -1);\n  }\n\n  let relative = relativeURL;\n  while (relative.startsWith('/')) {\n    relative = relative.slice(1);\n  }\n\n  return `${base}/${relative}`;\n}\n\nfunction isAbsoluteURL(url: string): boolean {\n  return /^([a-z][a-z\\d+\\-.]*:)/i.test(url);\n}\n\nexport default function buildURL(\n  url: string,\n  baseURL?: string,\n  params?: Record<string, unknown>,\n  paramsSerializer?: ParamsSerializer,\n): string {\n  let fullURL = baseURL && !isAbsoluteURL(url) ? combineURLs(baseURL, url) : url || '';\n\n  let finalParams = params;\n  if (params && typeof params === 'object' && !(params instanceof URLSearchParams)) {\n    const unusedParams: Record<string, unknown> = {};\n    for (const key of Object.keys(params)) {\n      if (key === '__proto__' || key === 'prototype' || key === 'constructor') continue;\n      unusedParams[key] = (params as Record<string, unknown>)[key];\n    }\n    fullURL = fullURL.replace(\n      /(?::([a-zA-Z_][a-zA-Z0-9_]*))|(?:{([a-zA-Z_][a-zA-Z0-9_]*)})/g,\n      (match, p1, p2) => {\n        const key = p1 || p2;\n        if (\n          key &&\n          Object.prototype.hasOwnProperty.call(unusedParams, key) &&\n          unusedParams[key] !== undefined\n        ) {\n          const val = unusedParams[key];\n          delete unusedParams[key];\n          return encodeURIComponent(String(val));\n        }\n        return match;\n      },\n    );\n    finalParams = unusedParams;\n  }\n\n  const serialized = serializeParams(finalParams as Record<string, unknown>, paramsSerializer);\n  if (serialized) {\n    const hashIndex = fullURL.indexOf('#');\n    let fragment = '';\n    if (hashIndex !== -1) {\n      fragment = fullURL.slice(hashIndex);\n      fullURL = fullURL.slice(0, hashIndex);\n    }\n    fullURL += (fullURL.indexOf('?') === -1 ? '?' : '&') + serialized + fragment;\n  }\n\n  return fullURL;\n}\n\nexport { serializeParams, combineURLs, isAbsoluteURL };\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,SAAS,gBACP,QACA,kBACQ;AACR,MAAI,CAAC,OAAQ,QAAO;AAEpB,MAAI,OAAO,qBAAqB,YAAY;AAC1C,WAAO,iBAAiB,MAAM;AAAA,EAChC;AAEA,MAAI,OAAO,oBAAoB,eAAe,kBAAkB,iBAAiB;AAC/E,WAAO,OAAO,SAAS;AAAA,EACzB;AAEA,QAAM,QAAkB,CAAC;AAEzB,WAAS,OAAO,QAAgB,OAAsB;AACpD,QAAI,UAAU,QAAQ,UAAU,QAAW;AACzC;AAAA,IACF;AAEA,QAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,YAAM,QAAQ,CAAC,MAAM,UAAU;AAC7B,YAAI,OAAO,SAAS,YAAY,SAAS,MAAM;AAC7C,iBAAO,GAAG,MAAM,IAAI,KAAK,KAAK,IAAI;AAAA,QACpC,OAAO;AACL,iBAAO,QAAQ,IAAI;AAAA,QACrB;AAAA,MACF,CAAC;AAAA,IACH,WAAW,OAAO,UAAU,YAAY,EAAE,iBAAiB,OAAO;AAChE,aAAO,KAAK,KAAgC,EAAE,QAAQ,CAAC,QAAQ;AAC7D,eAAO,GAAG,MAAM,IAAI,GAAG,KAAM,MAAkC,GAAG,CAAC;AAAA,MACrE,CAAC;AAAA,IACH,OAAO;AACL,YAAM,eAAe,iBAAiB,OAAO,MAAM,YAAY,IAAI;AACnE,YAAM,KAAK,GAAG,mBAAmB,MAAM,CAAC,IAAI,mBAAmB,YAAsB,CAAC,EAAE;AAAA,IAC1F;AAAA,EACF;AAEA,SAAO,KAAK,MAAM,EAAE,QAAQ,CAAC,QAAQ;AACnC,WAAO,KAAK,OAAO,GAAG,CAAC;AAAA,EACzB,CAAC;AAED,SAAO,MAAM,KAAK,GAAG;AACvB;AAEA,SAAS,YAAY,SAAiB,aAA6B;AACjE,MAAI,CAAC,QAAS,QAAO,eAAe;AACpC,MAAI,CAAC,YAAa,QAAO;AAEzB,MAAI,OAAO;AACX,SAAO,KAAK,SAAS,GAAG,GAAG;AACzB,WAAO,KAAK,MAAM,GAAG,EAAE;AAAA,EACzB;AAEA,MAAI,WAAW;AACf,SAAO,SAAS,WAAW,GAAG,GAAG;AAC/B,eAAW,SAAS,MAAM,CAAC;AAAA,EAC7B;AAEA,SAAO,GAAG,IAAI,IAAI,QAAQ;AAC5B;AAEA,SAAS,cAAc,KAAsB;AAC3C,SAAO,yBAAyB,KAAK,GAAG;AAC1C;AAEe,SAAR,SACL,KACA,SACA,QACA,kBACQ;AACR,MAAI,UAAU,WAAW,CAAC,cAAc,GAAG,IAAI,YAAY,SAAS,GAAG,IAAI,OAAO;AAElF,MAAI,cAAc;AAClB,MAAI,UAAU,OAAO,WAAW,YAAY,EAAE,kBAAkB,kBAAkB;AAChF,UAAM,eAAwC,CAAC;AAC/C,eAAW,OAAO,OAAO,KAAK,MAAM,GAAG;AACrC,UAAI,QAAQ,eAAe,QAAQ,eAAe,QAAQ,cAAe;AACzE,mBAAa,GAAG,IAAK,OAAmC,GAAG;AAAA,IAC7D;AACA,cAAU,QAAQ;AAAA,MAChB;AAAA,MACA,CAAC,OAAO,IAAI,OAAO;AACjB,cAAM,MAAM,MAAM;AAClB,YACE,OACA,OAAO,UAAU,eAAe,KAAK,cAAc,GAAG,KACtD,aAAa,GAAG,MAAM,QACtB;AACA,gBAAM,MAAM,aAAa,GAAG;AAC5B,iBAAO,aAAa,GAAG;AACvB,iBAAO,mBAAmB,OAAO,GAAG,CAAC;AAAA,QACvC;AACA,eAAO;AAAA,MACT;AAAA,IACF;AACA,kBAAc;AAAA,EAChB;AAEA,QAAM,aAAa,gBAAgB,aAAwC,gBAAgB;AAC3F,MAAI,YAAY;AACd,UAAM,YAAY,QAAQ,QAAQ,GAAG;AACrC,QAAI,WAAW;AACf,QAAI,cAAc,IAAI;AACpB,iBAAW,QAAQ,MAAM,SAAS;AAClC,gBAAU,QAAQ,MAAM,GAAG,SAAS;AAAA,IACtC;AACA,gBAAY,QAAQ,QAAQ,GAAG,MAAM,KAAK,MAAM,OAAO,aAAa;AAAA,EACtE;AAEA,SAAO;AACT;","names":[]}

package/cjs/core/fetchAdapter.cjs

@@ -42,6 +42,8 @@ async function readResponseData(fetchResponse, config) {
       return await fetchResponse.blob();
     case "stream":
       return fetchResponse.body;
+    case "text":
+      return await fetchResponse.text();
     case "json":
     default: {
       const contentType = fetchResponse.headers.get("content-type") || "";
@@ -186,7 +188,13 @@ function classifyFetchError(error, config, isTimedOut) {
   }
   const isAbort = error instanceof Error && error.name === "AbortError" || !!config.signal?.aborted;
   if (isAbort) {
-    return new import_accessioError.default("Request aborted", import_accessioError.default.ERR_CANCELED, config, null, null);
+    const reason = config.signal?.reason;
+    const message = reason instanceof Error ? reason.message : typeof reason === "string" ? reason : "Request aborted";
+    const err = new import_accessioError.default(message, import_accessioError.default.ERR_CANCELED, config, null, null);
+    if (reason instanceof Error) {
+      err.cause = reason;
+    }
+    return err;
   }
   return import_accessioError.default.from(
     error instanceof Error ? error : new Error(String(error)),