api-invoke 0.1.0

package/dist/index.js

@@ -0,0 +1,1783 @@
+import { ContentType, ParamLocation, AuthType, HeaderName, ApiInvokeError, ErrorKind, HttpMethod, parseError, authError, httpError, SpecFormat, graphqlError, timeoutError, corsError, API_INVOKE_ERROR_NAME, networkError } from './chunk-TXAOTXB4.js';
+export { API_INVOKE_ERROR_NAME, ApiInvokeError, AuthType, ContentType, ErrorKind, HeaderName, HttpMethod, ParamLocation, SpecFormat, authError, corsError, graphqlError, httpError, networkError, parseError, parseGraphQLSchema, timeoutError } from './chunk-TXAOTXB4.js';
+import SwaggerParser from '@apidevtools/swagger-parser';
+
+// src/core/sse.ts
+async function* parseSSE(body) {
+  const reader = body.getReader();
+  const decoder = new TextDecoder("utf-8", { fatal: true });
+  let buffer = "";
+  let eventType;
+  let dataLines = [];
+  let id;
+  let retry;
+  let hasData = false;
+  function buildEvent() {
+    const event = { data: dataLines.join("\n") };
+    if (eventType !== void 0) event.event = eventType;
+    if (id !== void 0) event.id = id;
+    if (retry !== void 0) event.retry = retry;
+    return event;
+  }
+  function resetAccumulator() {
+    eventType = void 0;
+    dataLines = [];
+    id = void 0;
+    retry = void 0;
+    hasData = false;
+  }
+  function processLine(line) {
+    if (line === "") {
+      if (hasData) {
+        const event = buildEvent();
+        resetAccumulator();
+        return event;
+      }
+      resetAccumulator();
+      return void 0;
+    }
+    if (line[0] === ":") return void 0;
+    const colonIdx = line.indexOf(":");
+    let field;
+    let value;
+    if (colonIdx === -1) {
+      field = line;
+      value = "";
+    } else {
+      field = line.slice(0, colonIdx);
+      value = line[colonIdx + 1] === " " ? line.slice(colonIdx + 2) : line.slice(colonIdx + 1);
+    }
+    switch (field) {
+      case "data":
+        dataLines.push(value);
+        hasData = true;
+        break;
+      case "event":
+        eventType = value;
+        break;
+      case "id":
+        if (!value.includes("\0")) id = value;
+        break;
+      case "retry": {
+        const n = parseInt(value, 10);
+        if (!isNaN(n) && n >= 0 && String(n) === value) retry = n;
+        break;
+      }
+    }
+    return void 0;
+  }
+  try {
+    while (true) {
+      const { done, value } = await reader.read();
+      if (done) break;
+      try {
+        buffer += decoder.decode(value, { stream: true });
+      } catch (decodeError) {
+        throw new Error("SSE stream contains invalid UTF-8 data", { cause: decodeError });
+      }
+      let startIdx = 0;
+      const limit = buffer.length - (buffer[buffer.length - 1] === "\r" ? 1 : 0);
+      for (let i = 0; i < limit; i++) {
+        if (buffer[i] === "\r" || buffer[i] === "\n") {
+          const line = buffer.slice(startIdx, i);
+          if (buffer[i] === "\r" && buffer[i + 1] === "\n") i++;
+          startIdx = i + 1;
+          const event = processLine(line);
+          if (event) yield event;
+        }
+      }
+      buffer = buffer.slice(startIdx);
+    }
+    try {
+      buffer += decoder.decode();
+    } catch (decodeError) {
+      throw new Error("SSE stream contains invalid UTF-8 data", { cause: decodeError });
+    }
+    if (buffer.length > 0) {
+      const event = processLine(buffer);
+      if (event) yield event;
+    }
+    if (hasData) yield buildEvent();
+  } finally {
+    reader.releaseLock();
+  }
+}
+
+// src/core/url-builder.ts
+function buildUrl(baseUrl, operation, args) {
+  let path = operation.path;
+  for (const param of operation.parameters) {
+    if (param.in === ParamLocation.PATH && args[param.name] !== void 0) {
+      path = path.replace(
+        `{${param.name}}`,
+        encodeURIComponent(String(args[param.name]))
+      );
+    }
+  }
+  const fullBase = baseUrl.replace(/\/$/, "");
+  const fullPath = path.startsWith("/") ? path : `/${path}`;
+  const url = new URL(`${fullBase}${fullPath}`);
+  for (const param of operation.parameters) {
+    if (param.in === ParamLocation.QUERY) {
+      const value = args[param.name] ?? param.schema.default;
+      if (value !== void 0 && value !== null) {
+        serializeQueryParam(url, param.name, value);
+      }
+    }
+  }
+  return url.toString();
+}
+function deriveBaseUrl(specUrl) {
+  try {
+    const u = new URL(specUrl);
+    u.pathname = u.pathname.replace(/\/[^/]*$/, "");
+    const base = u.origin + u.pathname;
+    return base.replace(/\/$/, "");
+  } catch {
+    return "";
+  }
+}
+function extractHeaderParams(parameters, args) {
+  const headers = {};
+  for (const param of parameters) {
+    if (param.in === ParamLocation.HEADER && args[param.name] !== void 0) {
+      headers[param.name] = String(args[param.name]);
+    }
+  }
+  return headers;
+}
+function extractCookieParams(parameters, args) {
+  const cookies = [];
+  for (const param of parameters) {
+    if (param.in === ParamLocation.COOKIE) {
+      const value = args[param.name] ?? param.schema.default;
+      if (value !== void 0 && value !== null) {
+        cookies.push(`${encodeURIComponent(param.name)}=${encodeURIComponent(String(value))}`);
+      }
+    }
+  }
+  return cookies.length > 0 ? cookies.join("; ") : void 0;
+}
+function serializeQueryParam(url, name, value) {
+  if (Array.isArray(value)) {
+    url.searchParams.set(name, value.map(String).join(","));
+  } else if (typeof value === "object" && value !== null) {
+    const pairs = Object.entries(value).filter(([, v]) => v !== void 0 && v !== null).map(([k, v]) => {
+      if (typeof v === "object" && v !== null) {
+        throw new Error(
+          `Cannot serialize nested object for query parameter "${name}.${k}". Only flat key-value objects are supported.`
+        );
+      }
+      if (typeof v === "symbol" || typeof v === "function") {
+        throw new Error(
+          `Cannot serialize ${typeof v} value for query parameter "${name}.${k}". Use a string or number.`
+        );
+      }
+      return `${k},${String(v)}`;
+    });
+    url.searchParams.set(name, pairs.join(","));
+  } else {
+    url.searchParams.set(name, String(value));
+  }
+}
+
+// src/core/auth.ts
+function injectAuth(url, headers, auth) {
+  if (Array.isArray(auth)) {
+    let result2 = { url, headers: { ...headers } };
+    for (const a of auth) {
+      result2 = injectAuth(result2.url, result2.headers, a);
+    }
+    return result2;
+  }
+  const result = { url, headers: { ...headers } };
+  switch (auth.type) {
+    case AuthType.BEARER:
+      result.headers[HeaderName.AUTHORIZATION] = `Bearer ${auth.token}`;
+      break;
+    case AuthType.BASIC: {
+      const encoded = btoa(`${auth.username}:${auth.password}`);
+      result.headers[HeaderName.AUTHORIZATION] = `Basic ${encoded}`;
+      break;
+    }
+    case AuthType.API_KEY:
+      if (auth.location === ParamLocation.HEADER) {
+        result.headers[auth.name] = auth.value;
+      } else if (auth.location === ParamLocation.QUERY) {
+        const u = new URL(url);
+        u.searchParams.set(auth.name, auth.value);
+        result.url = u.toString();
+      }
+      break;
+    case AuthType.OAUTH2:
+      result.headers[HeaderName.AUTHORIZATION] = `Bearer ${auth.accessToken}`;
+      break;
+    case AuthType.COOKIE: {
+      const existing = result.headers[HeaderName.COOKIE];
+      const cookie = `${encodeURIComponent(auth.name)}=${encodeURIComponent(auth.value)}`;
+      result.headers[HeaderName.COOKIE] = existing ? `${existing}; ${cookie}` : cookie;
+      break;
+    }
+  }
+  return result;
+}
+async function refreshOAuth2Token(tokenUrl, refreshToken, options) {
+  const fetchFn = options?.fetch ?? globalThis.fetch;
+  const body = new URLSearchParams({
+    grant_type: "refresh_token",
+    refresh_token: refreshToken
+  });
+  if (options?.clientId) body.set("client_id", options.clientId);
+  if (options?.clientSecret) body.set("client_secret", options.clientSecret);
+  if (options?.scopes?.length) body.set("scope", options.scopes.join(" "));
+  const response = await fetchFn(tokenUrl, {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: body.toString()
+  });
+  if (!response.ok) {
+    let errorDetail = "";
+    try {
+      const body2 = await response.text();
+      errorDetail = body2 ? `: ${body2.slice(0, 500)}` : "";
+    } catch (bodyReadError) {
+      errorDetail = ` (error body unreadable: ${bodyReadError instanceof Error ? bodyReadError.message : String(bodyReadError)})`;
+    }
+    throw new ApiInvokeError({
+      kind: ErrorKind.AUTH,
+      message: `OAuth2 token refresh failed: ${response.status} ${response.statusText}${errorDetail}`,
+      suggestion: "Check the refresh token, client credentials, and token endpoint URL.",
+      retryable: response.status >= 500,
+      status: response.status
+    });
+  }
+  let data;
+  try {
+    data = await response.json();
+  } catch (parseError2) {
+    throw new ApiInvokeError({
+      kind: ErrorKind.PARSE,
+      message: `OAuth2 token refresh succeeded (${response.status}) but response body is not valid JSON`,
+      suggestion: "The token endpoint returned a non-JSON response. Verify the endpoint URL.",
+      retryable: false
+    });
+  }
+  const accessToken = data.access_token;
+  if (typeof accessToken !== "string" || !accessToken) {
+    throw new ApiInvokeError({
+      kind: ErrorKind.AUTH,
+      message: `OAuth2 token refresh response missing required "access_token" field. Got keys: [${Object.keys(data).join(", ")}]`,
+      suggestion: "The token endpoint response did not include a valid access_token. Verify the endpoint and grant type.",
+      retryable: false
+    });
+  }
+  return {
+    accessToken,
+    refreshToken: typeof data.refresh_token === "string" && data.refresh_token ? data.refresh_token : void 0,
+    expiresIn: typeof data.expires_in === "number" ? data.expires_in : void 0
+  };
+}
+function maskAuth(auth) {
+  switch (auth.type) {
+    case AuthType.BEARER: {
+      if (auth.token.length <= 4) return "Bearer ***";
+      return `Bearer ${auth.token.substring(0, 4)}***`;
+    }
+    case AuthType.BASIC:
+      return `Basic ${auth.username}:***`;
+    case AuthType.API_KEY:
+      return `${auth.name}: ***`;
+    case AuthType.OAUTH2:
+      return `OAuth2 ***`;
+    case AuthType.COOKIE:
+      return `Cookie ${auth.name}=***`;
+  }
+}
+
+// src/core/executor.ts
+var ABORT_ERROR_NAME = "AbortError";
+var OPAQUE_RESPONSE_TYPE = "opaque";
+var NO_CORS_MODE = "no-cors";
+var JSON_SUFFIX = "+json";
+var XML_SUBTYPE = "/xml";
+var XML_SUFFIX = "+xml";
+function buildRequest(baseUrl, operation, args, options = {}) {
+  const missing = operation.parameters.filter((p) => p.required && args[p.name] === void 0).map((p) => p.name);
+  if (missing.length > 0) {
+    throw new Error(
+      `Missing required parameter${missing.length > 1 ? "s" : ""}: ${missing.join(", ")} for operation "${operation.id}"`
+    );
+  }
+  let url = buildUrl(baseUrl, operation, args);
+  const method = operation.method.toUpperCase();
+  const accept = options.accept || operation.responseContentType || ContentType.JSON;
+  const headers = {
+    [HeaderName.ACCEPT]: accept,
+    ...extractHeaderParams(operation.parameters, args)
+  };
+  const cookieHeader = extractCookieParams(operation.parameters, args);
+  if (cookieHeader) {
+    headers[HeaderName.COOKIE] = cookieHeader;
+  }
+  let bodyData = args["body"];
+  const allowsBody = method !== HttpMethod.GET && method !== HttpMethod.HEAD && method !== HttpMethod.OPTIONS;
+  if (!bodyData && operation.buildBody && allowsBody) {
+    bodyData = operation.buildBody(args);
+  } else if (!bodyData && operation.requestBody && allowsBody) {
+    const bodyProps = operation.requestBody.schema.properties;
+    if (bodyProps) {
+      const assembled = {};
+      for (const propName of Object.keys(bodyProps)) {
+        if (args[propName] !== void 0) {
+          assembled[propName] = args[propName];
+        }
+      }
+      if (Object.keys(assembled).length > 0) {
+        bodyData = assembled;
+      }
+    }
+  }
+  let body;
+  if (bodyData && allowsBody) {
+    const contentType = operation.requestBody?.contentType ?? ContentType.JSON;
+    if (contentType === ContentType.FORM_URLENCODED) {
+      const params = new URLSearchParams();
+      const obj = typeof bodyData === "object" && bodyData !== null ? bodyData : {};
+      for (const [key, value] of Object.entries(obj)) {
+        if (value !== void 0 && value !== null) {
+          params.set(key, String(value));
+        }
+      }
+      body = params.toString();
+      headers[HeaderName.CONTENT_TYPE] = ContentType.FORM_URLENCODED;
+    } else if (contentType === ContentType.MULTIPART) {
+      if (typeof bodyData !== "object" || bodyData === null) {
+        throw new Error(
+          `Multipart/form-data body for operation "${operation.id}" must be an object, got ${typeof bodyData}`
+        );
+      }
+      const formData = new FormData();
+      const obj = bodyData;
+      for (const [key, value] of Object.entries(obj)) {
+        if (value === void 0 || value === null) continue;
+        if (value instanceof Blob) {
+          const filename = value instanceof File ? value.name : key;
+          formData.append(key, value, filename);
+        } else if (value instanceof ArrayBuffer) {
+          formData.append(key, new Blob([value]), key);
+        } else if (ArrayBuffer.isView(value)) {
+          formData.append(key, new Blob([new Uint8Array(value.buffer, value.byteOffset, value.byteLength)]), key);
+        } else {
+          formData.append(key, String(value));
+        }
+      }
+      body = formData;
+    } else {
+      body = typeof bodyData === "string" ? bodyData : JSON.stringify(bodyData);
+      headers[HeaderName.CONTENT_TYPE] = ContentType.JSON;
+    }
+  }
+  if (options.auth) {
+    const authed = injectAuth(url, headers, options.auth);
+    url = authed.url;
+    Object.assign(headers, authed.headers);
+  }
+  return { method, url, headers, body };
+}
+async function executeFetch(baseUrl, operation, args, options) {
+  const fetchFn = options.fetch ?? globalThis.fetch;
+  let { method, url, headers, body } = buildRequest(baseUrl, operation, args, {
+    auth: options.auth,
+    accept: options.accept
+  });
+  if (options.headers) {
+    Object.assign(headers, options.headers);
+  }
+  let signal = options.signal;
+  let timeoutId;
+  let abortHandler;
+  if (options.timeoutMs && options.timeoutMs > 0) {
+    const controller = new AbortController();
+    timeoutId = setTimeout(() => controller.abort(), options.timeoutMs);
+    if (options.signal) {
+      abortHandler = () => controller.abort();
+      options.signal.addEventListener("abort", abortHandler, { once: true });
+    }
+    signal = controller.signal;
+  }
+  let init = { method, headers, body, signal, redirect: options.redirect };
+  if (options.middleware) {
+    for (const mw of options.middleware) {
+      if (mw.onRequest) {
+        const result = await mw.onRequest(url, init);
+        url = result.url;
+        init = result.init;
+      }
+    }
+  }
+  const start = performance.now();
+  let response;
+  try {
+    response = await fetchFn(url, init);
+  } catch (error) {
+    if (timeoutId) clearTimeout(timeoutId);
+    if (abortHandler && options.signal) options.signal.removeEventListener("abort", abortHandler);
+    if (options.middleware) {
+      for (const mw of options.middleware) {
+        if (mw.onError) {
+          const normalized = error instanceof Error ? error : new Error(String(error));
+          try {
+            mw.onError(normalized);
+          } catch (mwError) {
+            console.warn(`[api-invoke] middleware "${mw.name ?? "unnamed"}" onError handler threw (suppressed):`, mwError);
+          }
+        }
+      }
+    }
+    if (error instanceof DOMException && error.name === ABORT_ERROR_NAME) {
+      if (options.timeoutMs && options.timeoutMs > 0) {
+        throw timeoutError(url);
+      }
+      throw error;
+    }
+    if (error instanceof TypeError) {
+      if (typeof window !== "undefined") {
+        try {
+          const probe = await fetchFn(url, { mode: NO_CORS_MODE });
+          if (probe.type === OPAQUE_RESPONSE_TYPE) throw corsError(url);
+        } catch (probeError) {
+          if (probeError instanceof Error && probeError.name === API_INVOKE_ERROR_NAME) throw probeError;
+        }
+      }
+      throw networkError(url);
+    }
+    throw networkError(url);
+  }
+  if (timeoutId) clearTimeout(timeoutId);
+  if (abortHandler && options.signal) options.signal.removeEventListener("abort", abortHandler);
+  const elapsedMs = Math.round(performance.now() - start);
+  if (options.middleware) {
+    for (const mw of options.middleware) {
+      if (mw.onResponse) {
+        response = await mw.onResponse(response);
+      }
+    }
+  }
+  const responseHeaders = {};
+  response.headers.forEach((value, key) => {
+    responseHeaders[key] = value;
+  });
+  return { response, request: { method, url, headers, body }, headers: responseHeaders, elapsedMs };
+}
+async function executeOperation(baseUrl, operation, args, options = {}) {
+  const { response, request, headers: responseHeaders, elapsedMs } = await executeFetch(baseUrl, operation, args, options);
+  const { method, url, headers, body } = request;
+  let data;
+  const contentType = response.headers.get(HeaderName.CONTENT_TYPE) || "";
+  if (contentType.includes(ContentType.JSON) || contentType.includes(JSON_SUFFIX)) {
+    const cloned = response.clone();
+    try {
+      data = await response.json();
+    } catch (jsonError) {
+      if (options.throwOnHttpError !== false) throw parseError(url);
+      console.warn("[api-invoke] JSON parse failed, falling back to text:", jsonError);
+      try {
+        data = await cloned.text();
+      } catch {
+        throw parseError(url);
+      }
+    }
+  } else if (isBinaryContentType(contentType)) {
+    try {
+      data = await response.arrayBuffer();
+    } catch {
+      throw parseError(url, "binary");
+    }
+  } else if (contentType.includes(XML_SUBTYPE) || contentType.includes(XML_SUFFIX)) {
+    try {
+      data = await response.text();
+    } catch {
+      throw parseError(url, "XML");
+    }
+  } else {
+    let text;
+    try {
+      text = await response.text();
+    } catch {
+      throw parseError(url, "text");
+    }
+    try {
+      data = JSON.parse(text);
+    } catch {
+      data = text;
+    }
+  }
+  const result = {
+    status: response.status,
+    data,
+    contentType,
+    headers: responseHeaders,
+    request: { method, url, headers, body },
+    elapsedMs
+  };
+  if (options.throwOnHttpError !== false) {
+    if (response.status === 401 || response.status === 403) {
+      throw authError(url, response.status, data);
+    }
+    if (!response.ok) {
+      throw httpError(url, response.status, response.statusText, data);
+    }
+  } else if (!response.ok) {
+    if (response.status === 401 || response.status === 403) {
+      result.errorKind = ErrorKind.AUTH;
+    } else if (response.status === 429) {
+      result.errorKind = ErrorKind.RATE_LIMIT;
+    } else {
+      result.errorKind = ErrorKind.HTTP;
+    }
+  }
+  return result;
+}
+async function executeRaw(url, options = {}) {
+  const operation = {
+    id: "raw",
+    path: "",
+    method: options.method ?? HttpMethod.GET,
+    parameters: [],
+    tags: []
+  };
+  return executeOperation(url, operation, { body: options.body }, {
+    auth: options.auth,
+    middleware: options.middleware,
+    fetch: options.fetch,
+    timeoutMs: options.timeoutMs,
+    signal: options.signal,
+    accept: options.accept,
+    redirect: options.redirect,
+    headers: options.headers
+  });
+}
+async function executeOperationStream(baseUrl, operation, args, options = {}) {
+  const streamOptions = {
+    ...options,
+    accept: options.accept ?? operation.responseContentType ?? ContentType.SSE
+  };
+  const { response, request, headers: responseHeaders, elapsedMs } = await executeFetch(baseUrl, operation, args, streamOptions);
+  if (!response.ok) {
+    let body;
+    try {
+      const text = await response.text();
+      try {
+        body = JSON.parse(text);
+      } catch {
+        body = text;
+      }
+    } catch (readError) {
+      body = `[api-invoke: failed to read error response body: ${readError instanceof Error ? readError.message : String(readError)}]`;
+    }
+    if (response.status === 401 || response.status === 403) {
+      throw authError(request.url, response.status, body);
+    }
+    throw httpError(request.url, response.status, response.statusText, body);
+  }
+  if (!response.body) {
+    throw parseError(request.url, "SSE (response body is null)");
+  }
+  const contentType = response.headers.get(HeaderName.CONTENT_TYPE) || "";
+  if (contentType && !contentType.includes("text/event-stream")) {
+    console.warn(`[api-invoke] Expected content-type text/event-stream but got "${contentType}" \u2014 SSE parsing may produce unexpected results`);
+  }
+  let stream = parseSSE(response.body);
+  if (options.onEvent) {
+    const inner = stream;
+    const onEvent = options.onEvent;
+    stream = (async function* () {
+      for await (const event of inner) {
+        try {
+          onEvent(event);
+        } catch (callbackError) {
+          throw new Error(
+            `onEvent callback threw for event "${event.event ?? "message"}": ${callbackError instanceof Error ? callbackError.message : String(callbackError)}`,
+            { cause: callbackError }
+          );
+        }
+        yield event;
+      }
+    })();
+  }
+  return {
+    status: response.status,
+    stream,
+    contentType,
+    headers: responseHeaders,
+    request,
+    elapsedMs
+  };
+}
+async function executeRawStream(url, options = {}) {
+  const operation = {
+    id: "raw-stream",
+    path: "",
+    method: options.method ?? HttpMethod.POST,
+    parameters: [],
+    tags: []
+  };
+  return executeOperationStream(url, operation, { body: options.body }, {
+    auth: options.auth,
+    middleware: options.middleware,
+    fetch: options.fetch,
+    timeoutMs: options.timeoutMs,
+    signal: options.signal,
+    accept: options.accept,
+    redirect: options.redirect,
+    headers: options.headers,
+    onEvent: options.onEvent
+  });
+}
+var BINARY_CONTENT_PATTERNS = [
+  "application/octet-stream",
+  "application/pdf",
+  "application/zip",
+  "audio/",
+  "image/",
+  "video/"
+];
+function isBinaryContentType(contentType) {
+  return BINARY_CONTENT_PATTERNS.some((p) => contentType.includes(p));
+}
+
+// src/adapters/openapi/base-url.ts
+function extractOpenAPI3BaseUrl(api, specUrl) {
+  const server = api.servers?.[0];
+  if (!server) return "";
+  let url = server.url;
+  if (server.variables) {
+    for (const [name, variable] of Object.entries(server.variables)) {
+      const value = variable.default ?? variable.enum?.[0];
+      if (value === void 0) return "";
+      url = url.replaceAll(`{${name}}`, String(value));
+    }
+  }
+  if (url && !url.startsWith("http")) {
+    if (!specUrl) return "";
+    try {
+      const resolved = new URL(url, specUrl);
+      return resolved.origin + resolved.pathname.replace(/\/$/, "");
+    } catch {
+      return "";
+    }
+  }
+  return url;
+}
+function extractSwagger2BaseUrl(api) {
+  const host = api.host;
+  if (!host) return "";
+  const scheme = api.schemes?.[0] ?? "https";
+  const basePath = api.basePath ?? "";
+  return `${scheme}://${host}${basePath}`;
+}
+
+// src/adapters/openapi/security.ts
+function mapSecuritySchemes(schemes) {
+  const results = [];
+  for (const [name, scheme] of Object.entries(schemes)) {
+    results.push(mapSingleScheme(name, scheme));
+  }
+  return results;
+}
+function mapSingleScheme(name, scheme) {
+  const baseDescription = scheme.description || name;
+  if (scheme.type === "apiKey") {
+    const apiKeyScheme = scheme;
+    if (apiKeyScheme.in === ParamLocation.HEADER) {
+      return { name, authType: AuthType.API_KEY, metadata: { headerName: apiKeyScheme.name }, description: baseDescription };
+    }
+    if (apiKeyScheme.in === ParamLocation.QUERY) {
+      return { name, authType: AuthType.QUERY_PARAM, metadata: { paramName: apiKeyScheme.name }, description: baseDescription };
+    }
+    if (apiKeyScheme.in === ParamLocation.COOKIE) {
+      return { name, authType: AuthType.COOKIE, metadata: { cookieName: apiKeyScheme.name }, description: baseDescription };
+    }
+    return { name, authType: null, metadata: {}, description: `${baseDescription} (unsupported: apiKey in "${apiKeyScheme.in}")` };
+  }
+  if (scheme.type === "http") {
+    const httpScheme = scheme;
+    if (httpScheme.scheme === AuthType.BEARER) {
+      return { name, authType: AuthType.BEARER, metadata: {}, description: baseDescription };
+    }
+    if (httpScheme.scheme === AuthType.BASIC) {
+      return { name, authType: AuthType.BASIC, metadata: {}, description: baseDescription };
+    }
+    return { name, authType: null, metadata: {}, description: `${baseDescription} (unsupported: HTTP scheme "${httpScheme.scheme}")` };
+  }
+  if (scheme.type === "basic") {
+    return { name, authType: AuthType.BASIC, metadata: {}, description: baseDescription };
+  }
+  if (scheme.type === "oauth2") {
+    const metadata = {};
+    let flowResolved = false;
+    if ("flows" in scheme) {
+      const oauth3 = scheme;
+      const flow = oauth3.flows.authorizationCode ?? oauth3.flows.clientCredentials ?? oauth3.flows.implicit ?? oauth3.flows.password;
+      if (flow) {
+        flowResolved = true;
+        if ("authorizationUrl" in flow && flow.authorizationUrl) metadata.authorizationUrl = flow.authorizationUrl;
+        if ("tokenUrl" in flow && flow.tokenUrl) metadata.tokenUrl = flow.tokenUrl;
+        if (flow.refreshUrl) metadata.refreshUrl = flow.refreshUrl;
+        if (flow.scopes && Object.keys(flow.scopes).length > 0) {
+          metadata.scopes = Object.keys(flow.scopes).join(",");
+        }
+      }
+    }
+    if ("flow" in scheme) {
+      flowResolved = true;
+      const oauth2 = scheme;
+      if (typeof oauth2.authorizationUrl === "string") metadata.authorizationUrl = oauth2.authorizationUrl;
+      if (typeof oauth2.tokenUrl === "string") metadata.tokenUrl = oauth2.tokenUrl;
+      const scopes = oauth2.scopes;
+      if (scopes && Object.keys(scopes).length > 0) {
+        metadata.scopes = Object.keys(scopes).join(",");
+      }
+    }
+    const description = flowResolved ? baseDescription : `${baseDescription} (OAuth2 detected but no supported flow found)`;
+    return { name, authType: AuthType.OAUTH2, metadata, description };
+  }
+  if (scheme.type === "openIdConnect") {
+    return { name, authType: null, metadata: {}, description: `${baseDescription} (unsupported: OpenID Connect)` };
+  }
+  return { name, authType: null, metadata: {}, description: `${baseDescription} (unsupported: unknown scheme type)` };
+}
+
+// src/adapters/openapi/parser.ts
+var SUPPORTED_METHODS = ["get", "post", "put", "patch", "delete", "head", "options"];
+function normalizeType(type, fallback = "string") {
+  if (Array.isArray(type)) {
+    const nonNull = type.filter((t) => t !== "null");
+    return nonNull[0] ?? fallback;
+  }
+  if (typeof type === "string") return type;
+  return fallback;
+}
+async function parseOpenAPISpec(specUrlOrObject, options) {
+  try {
+    let apiRaw;
+    try {
+      apiRaw = await SwaggerParser.dereference(specUrlOrObject);
+    } catch {
+      apiRaw = await SwaggerParser.parse(specUrlOrObject);
+    }
+    const api = apiRaw;
+    const isOpenAPI3 = "openapi" in api;
+    const specVersion = isOpenAPI3 ? api.openapi : api.swagger;
+    const title = api.info.title;
+    const version = api.info.version;
+    const sourceUrl = options?.specUrl ?? (typeof specUrlOrObject === "string" ? specUrlOrObject : void 0);
+    let baseUrl = isOpenAPI3 ? extractOpenAPI3BaseUrl(api, sourceUrl) : extractSwagger2BaseUrl(api);
+    if (!baseUrl && sourceUrl) {
+      baseUrl = deriveBaseUrl(sourceUrl);
+    }
+    const operations = extractOperations(api, isOpenAPI3);
+    if (baseUrl) {
+      try {
+        const basePath = new URL(baseUrl).pathname.replace(/\/$/, "");
+        if (basePath && basePath !== "/") {
+          const allOverlap = operations.length > 0 && operations.every(
+            (op) => op.path === basePath || op.path.startsWith(basePath + "/")
+          );
+          if (allOverlap) {
+            for (const op of operations) {
+              op.path = op.path.slice(basePath.length) || "/";
+            }
+          }
+        }
+      } catch {
+      }
+    }
+    const authSchemes = extractSecuritySchemes(api, isOpenAPI3);
+    return {
+      title,
+      version,
+      baseUrl,
+      operations,
+      authSchemes,
+      specFormat: isOpenAPI3 ? SpecFormat.OPENAPI_3 : SpecFormat.OPENAPI_2,
+      rawSpecVersion: specVersion
+    };
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Unknown error";
+    const urlInfo = typeof specUrlOrObject === "string" ? ` from ${specUrlOrObject}` : "";
+    throw new Error(`Failed to parse OpenAPI spec${urlInfo}: ${message}`, { cause: error });
+  }
+}
+function extractOperations(api, isOpenAPI3) {
+  const operations = [];
+  if (!api.paths) return operations;
+  for (const [path, pathItem] of Object.entries(api.paths)) {
+    if (!pathItem) continue;
+    const pathLevelParams = "parameters" in pathItem ? pathItem.parameters ?? [] : [];
+    for (const method of SUPPORTED_METHODS) {
+      if (!(method in pathItem) || !pathItem[method]) continue;
+      const op = pathItem[method];
+      const operationParams = op.parameters ?? [];
+      const allParams = [...pathLevelParams, ...operationParams].filter(
+        (p) => p.in !== "body"
+        // 'body' is a Swagger 2.0-specific location, not in ParamLocation
+      );
+      const parameters = allParams.map(
+        (param) => parseParameter(param, isOpenAPI3)
+      );
+      const requestBody = extractRequestBody(op, isOpenAPI3);
+      const { primary: responseSchema, all: responseSchemas } = extractResponseSchemas(op, isOpenAPI3);
+      const responseContentType = extractResponseContentType(op, isOpenAPI3);
+      const errorHints = extractErrorHints(op);
+      const id = op.operationId ?? `${method}_${path.replace(/[{}\/]/g, "_").replace(/^_|_$/g, "").replace(/_+/g, "_")}`;
+      operations.push({
+        id,
+        path,
+        method: method.toUpperCase(),
+        summary: op.summary,
+        description: op.description,
+        parameters,
+        requestBody,
+        responseSchema,
+        responseSchemas: Object.keys(responseSchemas).length > 0 ? responseSchemas : void 0,
+        responseContentType,
+        errorHints,
+        tags: op.tags ?? []
+      });
+    }
+  }
+  return operations;
+}
+function parseParameter(param, isOpenAPI3) {
+  const name = param.name;
+  const location = param.in;
+  const required = param.required ?? location === ParamLocation.PATH;
+  const description = param.description ?? "";
+  let schema;
+  if (isOpenAPI3) {
+    const p = param;
+    const s = p.schema;
+    schema = {
+      type: normalizeType(s?.type),
+      format: s?.format,
+      enum: s?.enum,
+      default: s?.default,
+      example: p.example ?? s?.example,
+      minimum: s?.minimum,
+      maximum: s?.maximum,
+      maxLength: s?.maxLength
+      // TODO: extract s?.items for array parameters (ParameterSchema.items)
+    };
+  } else {
+    const p = param;
+    schema = {
+      type: ("type" in p ? p.type : void 0) ?? "string",
+      format: "format" in p ? p.format : void 0,
+      enum: "enum" in p ? p.enum : void 0,
+      default: "default" in p ? p.default : void 0,
+      example: "x-example" in p ? p["x-example"] : void 0,
+      minimum: "minimum" in p ? p.minimum : void 0,
+      maximum: "maximum" in p ? p.maximum : void 0,
+      maxLength: "maxLength" in p ? p.maxLength : void 0
+      // TODO: extract p.items for array parameters (ParameterSchema.items)
+    };
+  }
+  return { name, in: location, required, description, schema };
+}
+var CONTENT_TYPE_PRIORITY = [
+  ContentType.JSON,
+  ContentType.FORM_URLENCODED,
+  ContentType.MULTIPART,
+  ContentType.XML,
+  ContentType.TEXT,
+  ContentType.OCTET_STREAM
+];
+function extractRequestBody(operation, isOpenAPI3) {
+  if (isOpenAPI3) {
+    const op = operation;
+    if (!op.requestBody) return void 0;
+    const body = op.requestBody;
+    if (!body.content) return void 0;
+    for (const ct of CONTENT_TYPE_PRIORITY) {
+      const mediaType = body.content[ct];
+      if (mediaType?.schema) {
+        return {
+          required: body.required ?? false,
+          description: body.description,
+          contentType: ct,
+          schema: flattenSchema(mediaType.schema)
+        };
+      }
+    }
+    const firstKey = Object.keys(body.content)[0];
+    if (firstKey) {
+      const mediaType = body.content[firstKey];
+      if (mediaType?.schema) {
+        return {
+          required: body.required ?? false,
+          description: body.description,
+          contentType: firstKey,
+          schema: flattenSchema(mediaType.schema)
+        };
+      }
+    }
+    return void 0;
+  } else {
+    const op = operation;
+    const bodyParam = op.parameters?.find(
+      (p) => p.in === "body"
+    );
+    if (!bodyParam?.schema) return void 0;
+    const consumes = op.consumes ?? [];
+    let contentType = ContentType.JSON;
+    if (consumes.includes(ContentType.FORM_URLENCODED)) {
+      contentType = ContentType.FORM_URLENCODED;
+    } else if (consumes.includes(ContentType.MULTIPART)) {
+      contentType = ContentType.MULTIPART;
+    } else if (consumes.length > 0) {
+      contentType = consumes[0];
+    }
+    return {
+      required: bodyParam.required ?? false,
+      description: bodyParam.description,
+      contentType,
+      schema: flattenSchema(bodyParam.schema)
+    };
+  }
+}
+function flattenSchema(schema) {
+  const normalizedType = normalizeType(schema.type, "object");
+  const result = {
+    type: normalizedType,
+    raw: schema
+  };
+  if (normalizedType === "object" && schema.properties) {
+    result.properties = {};
+    result.required = schema.required;
+    for (const [name, propSchema] of Object.entries(schema.properties)) {
+      const prop = propSchema;
+      const propType = normalizeType(prop.type);
+      const isNested = propType === "object" || propType === "array";
+      result.properties[name] = {
+        type: propType,
+        format: prop.format,
+        description: prop.description,
+        enum: prop.enum,
+        default: prop.default,
+        example: prop.example,
+        nested: isNested || void 0
+      };
+    }
+  }
+  return result;
+}
+var RESPONSE_STATUS_CODES = ["200", "201", "202", "204", "2XX", "default"];
+function extractResponseSchemas(operation, isOpenAPI3) {
+  const responses = operation.responses;
+  if (!responses) return { primary: void 0, all: {} };
+  const all = {};
+  for (const code of RESPONSE_STATUS_CODES) {
+    const resp = responses[code];
+    if (!resp) continue;
+    let schema;
+    if (isOpenAPI3) {
+      schema = resp.content?.[ContentType.JSON]?.schema;
+    } else {
+      schema = resp.schema;
+    }
+    if (schema) {
+      all[code] = schema;
+    }
+  }
+  const primary = all["200"] ?? all["201"] ?? all["202"] ?? all["2XX"];
+  return { primary, all };
+}
+var ERROR_STATUS_CODES = ["400", "401", "403", "404", "409", "422", "429", "500"];
+function extractErrorHints(operation) {
+  const responses = operation.responses;
+  if (!responses) return void 0;
+  const hints = {};
+  for (const code of ERROR_STATUS_CODES) {
+    const resp = responses[code];
+    if (!resp?.description) continue;
+    hints[code] = resp.description;
+  }
+  return Object.keys(hints).length > 0 ? hints : void 0;
+}
+function extractResponseContentType(operation, isOpenAPI3) {
+  const responses = operation.responses;
+  if (!responses) return void 0;
+  const successResponse = responses["200"] ?? responses["201"] ?? responses["202"] ?? responses["2XX"];
+  if (!successResponse) return void 0;
+  if (isOpenAPI3) {
+    const resp = successResponse;
+    if (!resp.content) return void 0;
+    const types = Object.keys(resp.content);
+    if (types.includes(ContentType.JSON)) return ContentType.JSON;
+    return types[0];
+  } else {
+    const op = operation;
+    const produces = op.produces;
+    if (produces && produces.length > 0) {
+      if (produces.includes(ContentType.JSON)) return ContentType.JSON;
+      return produces[0];
+    }
+    return void 0;
+  }
+}
+function extractSecuritySchemes(api, isOpenAPI3) {
+  if (isOpenAPI3) {
+    const openapi3 = api;
+    const rawSchemes = openapi3.components?.securitySchemes ?? {};
+    const schemes = {};
+    for (const [name, scheme] of Object.entries(rawSchemes)) {
+      if (scheme && !("$ref" in scheme)) {
+        schemes[name] = scheme;
+      }
+    }
+    return mapSecuritySchemes(schemes);
+  } else {
+    const swagger2 = api;
+    return mapSecuritySchemes(swagger2.securityDefinitions ?? {});
+  }
+}
+
+// src/adapters/raw/parser.ts
+function parseRawUrl(url) {
+  return parseRawUrls([{ url }]);
+}
+function parseRawUrls(endpoints) {
+  if (endpoints.length === 0) {
+    throw new Error("At least one endpoint is required");
+  }
+  let firstParsed;
+  try {
+    firstParsed = new URL(endpoints[0].url);
+  } catch {
+    throw new Error(`Invalid URL "${endpoints[0].url}". Expected an absolute URL like "https://api.example.com/path".`);
+  }
+  const baseUrl = firstParsed.origin;
+  const operations = endpoints.map((ep) => {
+    let parsed;
+    try {
+      parsed = new URL(ep.url);
+    } catch {
+      throw new Error(`Invalid URL "${ep.url}". Expected an absolute URL like "https://api.example.com/path".`);
+    }
+    if (parsed.origin !== firstParsed.origin) {
+      throw new Error(
+        `All endpoints must share the same origin. Got "${parsed.origin}" but expected "${firstParsed.origin}"`
+      );
+    }
+    const method = (ep.method ?? HttpMethod.GET).toUpperCase();
+    const pathname = parsed.pathname;
+    const parameters = [];
+    const entries = /* @__PURE__ */ new Map();
+    for (const [rawKey, value] of parsed.searchParams.entries()) {
+      const name = rawKey.replace(/(\[\])+$/, "");
+      const isBracket = name !== rawKey;
+      if (!name) continue;
+      const existing = entries.get(name);
+      if (existing) {
+        existing.values.push(value);
+        existing.isBracket = existing.isBracket || isBracket;
+      } else {
+        entries.set(name, { values: [value], isBracket });
+      }
+    }
+    for (const [name, { values, isBracket }] of entries) {
+      const isArray = values.length > 1 || isBracket;
+      parameters.push({
+        name,
+        in: ParamLocation.QUERY,
+        required: false,
+        description: isArray ? `Default: ${JSON.stringify(values)}` : `Default: ${values[0]}`,
+        schema: isArray ? { type: "array", default: values, items: { type: "string" } } : { type: "string", default: values[0] }
+      });
+    }
+    const id = ep.id ?? `${method.toLowerCase()}_${pathname.replace(/^\//, "").replace(/[\/]/g, "_") || "root"}`;
+    return {
+      id,
+      path: pathname,
+      method,
+      summary: ep.summary ?? `${method} ${parsed.hostname}${pathname}`,
+      parameters,
+      tags: []
+    };
+  });
+  return {
+    title: firstParsed.hostname,
+    version: "1.0.0",
+    baseUrl,
+    operations,
+    authSchemes: [],
+    specFormat: SpecFormat.RAW_URL
+  };
+}
+
+// src/core/detection.ts
+function isSpecUrl(url) {
+  const lower = url.toLowerCase();
+  return lower.endsWith("/openapi.json") || lower.endsWith("/openapi.yaml") || lower.endsWith("/openapi.yml") || lower.endsWith("/swagger.json") || lower.endsWith("/swagger.yaml") || lower.endsWith("/swagger.yml") || lower.endsWith("/spec.json") || lower.endsWith("/spec.yaml") || lower.endsWith("/spec.yml") || lower.endsWith("/api-docs") || lower.endsWith("/api-docs.json") || lower.endsWith("/api-docs.yaml") || lower.endsWith("/v2/api-docs") || lower.endsWith("/v3/api-docs") || lower.includes("swagger") || lower.includes("openapi");
+}
+function isSpecContent(data) {
+  if (!data || typeof data !== "object" || Array.isArray(data)) return false;
+  const obj = data;
+  return typeof obj.openapi === "string" || typeof obj.swagger === "string";
+}
+function isGraphQLUrl(url) {
+  try {
+    return /\/graphql(?:$|[\/\?#])/i.test(new URL(url).pathname);
+  } catch {
+    return false;
+  }
+}
+
+// src/client.ts
+function isGraphQLIntrospection(obj) {
+  if (obj.__schema !== void 0) return true;
+  if (typeof obj.data === "object" && obj.data !== null && "__schema" in obj.data) return true;
+  return false;
+}
+var ApiInvokeClient = class {
+  /** The parsed API specification backing this client. */
+  api;
+  auth;
+  middleware;
+  fetchFn;
+  timeoutMs;
+  /**
+   * @param api - Parsed API specification (from any adapter)
+   * @param options - Client configuration (auth, middleware, fetch, timeout)
+   */
+  constructor(api, options = {}) {
+    this.api = api;
+    this.auth = options.auth;
+    this.middleware = options.middleware ?? [];
+    this.fetchFn = options.fetch ?? globalThis.fetch;
+    this.timeoutMs = options.timeoutMs ?? 0;
+  }
+  /** The resolved base URL for this API. */
+  get baseUrl() {
+    return this.api.baseUrl;
+  }
+  /** All available operations from the parsed spec. */
+  get operations() {
+    return this.api.operations;
+  }
+  /** Authentication schemes declared in the spec. Useful for building auth UIs. */
+  get authSchemes() {
+    return this.api.authSchemes;
+  }
+  /**
+   * Set authentication credentials for all subsequent requests.
+   * @param auth - Single credential or array for composing multiple schemes
+   */
+  setAuth(auth) {
+    this.auth = auth;
+  }
+  /**
+   * Clear authentication credentials.
+   */
+  clearAuth() {
+    this.auth = void 0;
+  }
+  /**
+   * Find an operation by its ID.
+   * @param operationId - The operation ID to search for (e.g. 'listUsers', 'get_users_userId')
+   * @returns The operation, or undefined if not found
+   */
+  findOperation(operationId) {
+    return this.api.operations.find((op) => op.id === operationId);
+  }
+  /**
+   * Execute an operation by ID with arguments.
+   *
+   * @param operationId - The operation ID from the parsed spec
+   * @param args - Key-value pairs for path, query, header, and body parameters
+   * @param options - Per-call overrides for auth, accept header, error behavior, and redirect mode
+   * @returns The execution result with status, parsed data, and response metadata
+   * @throws {ApiInvokeError} For network, CORS, timeout, and (by default) HTTP errors
+   * @throws {Error} If the operation ID is not found
+   *
+   * @example
+   * ```ts
+   * const result = await client.execute('getUser', { userId: 123 })
+   * console.log(result.status, result.data)
+   * ```
+   */
+  async execute(operationId, args = {}, options) {
+    const operation = this.findOperation(operationId);
+    if (!operation) {
+      throw new Error(`Operation "${operationId}" not found. Available: ${this.api.operations.map((o) => o.id).join(", ")}`);
+    }
+    return executeOperation(this.api.baseUrl, operation, args, {
+      auth: options?.auth ?? this.auth,
+      middleware: this.middleware,
+      fetch: this.fetchFn,
+      timeoutMs: this.timeoutMs,
+      accept: options?.accept,
+      throwOnHttpError: options?.throwOnHttpError,
+      redirect: options?.redirect
+    });
+  }
+  /**
+   * Execute an operation as a stream, returning an async iterable of SSE events.
+   * Errors always throw (no non-throwing mode for streams).
+   *
+   * @param operationId - The operation ID from the parsed spec
+   * @param args - Key-value pairs for path, query, header, and body parameters
+   * @param options - Per-call overrides for auth, accept header, abort signal, and event callback. The client-level `timeoutMs` applies to the initial connection.
+   * @returns Streaming result with an async iterable `stream` property
+   * @throws {ApiInvokeError} For network, CORS, timeout, and HTTP errors
+   * @throws {Error} If the operation ID is not found
+   *
+   * @example
+   * ```ts
+   * const result = await client.executeStream('chatCompletion', {
+   *   model: 'gpt-4', messages: [{ role: 'user', content: 'Hi' }], stream: true,
+   * })
+   * for await (const event of result.stream) {
+   *   console.log(event.data)
+   * }
+   * ```
+   */
+  async executeStream(operationId, args = {}, options) {
+    const operation = this.findOperation(operationId);
+    if (!operation) {
+      throw new Error(`Operation "${operationId}" not found. Available: ${this.api.operations.map((o) => o.id).join(", ")}`);
+    }
+    return executeOperationStream(this.api.baseUrl, operation, args, {
+      auth: options?.auth ?? this.auth,
+      middleware: this.middleware,
+      fetch: this.fetchFn,
+      timeoutMs: this.timeoutMs,
+      accept: options?.accept,
+      signal: options?.signal,
+      onEvent: options?.onEvent
+    });
+  }
+};
+async function createClient(input, options = {}) {
+  let api;
+  if (typeof input === "string") {
+    if (isSpecUrl(input)) {
+      api = await fetchAndParseSpec(input, options);
+    } else if (isGraphQLUrl(input)) {
+      const { parseGraphQLSchema: parseGraphQLSchema2 } = await import('./parser-PMZEKQPK.js');
+      api = await parseGraphQLSchema2(input, { endpoint: input, fetch: options.fetch });
+    } else {
+      api = await tryContentDetection(input, options);
+    }
+  } else {
+    const obj = input;
+    if (isGraphQLIntrospection(obj)) {
+      const { parseGraphQLSchema: parseGraphQLSchema2 } = await import('./parser-PMZEKQPK.js');
+      api = await parseGraphQLSchema2(input, { endpoint: options.specUrl, fetch: options.fetch });
+    } else {
+      api = await parseOpenAPISpec(input, { specUrl: options.specUrl });
+    }
+  }
+  return finalize(api, options);
+}
+async function fetchAndParseSpec(url, options) {
+  const fetchFn = options.fetch ?? globalThis.fetch;
+  const response = await fetchFn(url);
+  if (!response.ok) {
+    throw new Error(`Failed to fetch spec: ${response.status} ${response.statusText}`);
+  }
+  const text = await response.text();
+  let specObject;
+  try {
+    specObject = JSON.parse(text);
+  } catch {
+    return parseOpenAPISpec(url, { specUrl: url });
+  }
+  return parseOpenAPISpec(specObject, { specUrl: url });
+}
+async function tryContentDetection(url, options) {
+  const fetchFn = options.fetch ?? globalThis.fetch;
+  let response;
+  try {
+    response = await fetchFn(url);
+  } catch (error) {
+    if (error instanceof TypeError || error instanceof DOMException && error.name === "AbortError") {
+      return parseRawUrl(url);
+    }
+    throw error;
+  }
+  if (!response.ok) {
+    return parseRawUrl(url);
+  }
+  let text;
+  try {
+    text = await response.text();
+  } catch {
+    return parseRawUrl(url);
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(text);
+  } catch {
+    return parseRawUrl(url);
+  }
+  if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) {
+    return parseRawUrl(url);
+  }
+  const obj = parsed;
+  if (isSpecContent(obj)) {
+    return parseOpenAPISpec(obj, { specUrl: url });
+  }
+  if (isGraphQLIntrospection(obj)) {
+    const { parseGraphQLSchema: parseGraphQLSchema2 } = await import('./parser-PMZEKQPK.js');
+    return parseGraphQLSchema2(obj, { endpoint: url, fetch: options.fetch });
+  }
+  return parseRawUrl(url);
+}
+async function finalize(api, options) {
+  if (options.enricher) {
+    api = await Promise.resolve(options.enricher.enrichAPI(api));
+  }
+  return new ApiInvokeClient(api, options);
+}
+
+// src/core/auth-config.ts
+var AuthConfigType = {
+  BEARER: "bearer",
+  HEADER: "header",
+  API_KEY: "apikey",
+  NONE: "none"
+};
+function toAuth(config) {
+  switch (config.type) {
+    case AuthConfigType.BEARER:
+      return config.token ? { type: AuthType.BEARER, token: config.token } : void 0;
+    case AuthConfigType.HEADER:
+      return config.headerName && config.headerValue ? { type: AuthType.API_KEY, location: ParamLocation.HEADER, name: config.headerName, value: config.headerValue } : void 0;
+    case AuthConfigType.API_KEY:
+      return config.paramName && config.paramValue ? { type: AuthType.API_KEY, location: ParamLocation.QUERY, name: config.paramName, value: config.paramValue } : void 0;
+    case AuthConfigType.NONE:
+      return void 0;
+  }
+}
+
+// src/middleware/retry.ts
+var DEFAULT_RETRYABLE_STATUSES = [429, 500, 502, 503, 504];
+function parseRetryAfter(value) {
+  const seconds = Number(value);
+  if (!Number.isNaN(seconds) && seconds >= 0) {
+    return seconds * 1e3;
+  }
+  const date = Date.parse(value);
+  if (!Number.isNaN(date)) {
+    const delayMs = date - Date.now();
+    return delayMs > 0 ? delayMs : 0;
+  }
+  return void 0;
+}
+function calculateDelay(attempt, initialDelayMs, multiplier, maxDelayMs, jitter) {
+  const base = initialDelayMs * Math.pow(multiplier, attempt);
+  const capped = Math.min(base, maxDelayMs);
+  const jitterAmount = capped * jitter * (Math.random() * 2 - 1);
+  return Math.max(0, Math.round(capped + jitterAmount));
+}
+function withRetry(options = {}, baseFetch) {
+  const {
+    maxRetries = 3,
+    initialDelayMs = 1e3,
+    maxDelayMs = 3e4,
+    multiplier = 2,
+    jitter = 0.1,
+    retryableStatuses = DEFAULT_RETRYABLE_STATUSES,
+    onRetry
+  } = options;
+  const fetchFn = baseFetch ?? globalThis.fetch;
+  return async function retryFetch(input, init) {
+    let lastError;
+    let lastResponse;
+    for (let attempt = 0; attempt <= maxRetries; attempt++) {
+      try {
+        const response = await fetchFn(input, init);
+        if (retryableStatuses.includes(response.status) && attempt < maxRetries) {
+          lastResponse = response;
+          const retryAfter = response.headers.get("retry-after");
+          let delayMs;
+          if (retryAfter) {
+            const parsed = parseRetryAfter(retryAfter);
+            delayMs = parsed !== void 0 ? Math.min(parsed, maxDelayMs) : calculateDelay(attempt, initialDelayMs, multiplier, maxDelayMs, jitter);
+          } else {
+            delayMs = calculateDelay(attempt, initialDelayMs, multiplier, maxDelayMs, jitter);
+          }
+          onRetry?.(attempt + 1, delayMs, response.status);
+          await sleep(delayMs);
+          continue;
+        }
+        return response;
+      } catch (error) {
+        lastError = error;
+        if (attempt < maxRetries) {
+          const delayMs = calculateDelay(attempt, initialDelayMs, multiplier, maxDelayMs, jitter);
+          onRetry?.(attempt + 1, delayMs);
+          await sleep(delayMs);
+          continue;
+        }
+      }
+    }
+    if (lastResponse) return lastResponse;
+    throw lastError;
+  };
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+// src/middleware/cors-proxy.ts
+function defaultRewrite(url) {
+  return `/api-proxy/${encodeURIComponent(url)}`;
+}
+function defaultShouldProxy(url) {
+  return url.startsWith("http://") || url.startsWith("https://");
+}
+function corsProxy(options = {}) {
+  const rewrite = options.rewrite ?? defaultRewrite;
+  const shouldProxy = options.shouldProxy ?? defaultShouldProxy;
+  return {
+    name: "cors-proxy",
+    onRequest(url, init) {
+      if (shouldProxy(url)) {
+        return { url: rewrite(url), init };
+      }
+      return { url, init };
+    }
+  };
+}
+
+// src/middleware/logging.ts
+var DEFAULT_SENSITIVE_HEADERS = ["authorization", "x-api-key", "cookie"];
+var DEFAULT_SENSITIVE_PARAMS = ["api_key", "apikey", "key", "token", "access_token"];
+function maskHeaderValue(name, value) {
+  const lower = name.toLowerCase();
+  if (lower === "authorization") {
+    const space = value.indexOf(" ");
+    if (space > 0) {
+      return `${value.substring(0, space)} ***`;
+    }
+    return "***";
+  }
+  return "***";
+}
+function maskUrl(url, sensitiveParams) {
+  try {
+    const parsed = new URL(url);
+    let masked = false;
+    for (const param of sensitiveParams) {
+      if (parsed.searchParams.has(param)) {
+        parsed.searchParams.set(param, "***");
+        masked = true;
+      }
+    }
+    return masked ? parsed.toString() : url;
+  } catch {
+    return url;
+  }
+}
+function formatHeaders(init, sensitiveHeaders) {
+  const headers = init.headers;
+  if (!headers) return void 0;
+  const result = {};
+  const sensitiveSet = new Set(sensitiveHeaders.map((h) => h.toLowerCase()));
+  if (headers instanceof Headers) {
+    headers.forEach((value, key) => {
+      result[key] = sensitiveSet.has(key.toLowerCase()) ? maskHeaderValue(key, value) : value;
+    });
+  } else if (Array.isArray(headers)) {
+    for (const [key, value] of headers) {
+      result[key] = sensitiveSet.has(key.toLowerCase()) ? maskHeaderValue(key, value) : value;
+    }
+  } else {
+    for (const [key, value] of Object.entries(headers)) {
+      result[key] = sensitiveSet.has(key.toLowerCase()) ? maskHeaderValue(key, value) : value;
+    }
+  }
+  return Object.keys(result).length > 0 ? result : void 0;
+}
+function logging(options = {}) {
+  const {
+    log = console.log,
+    logBody = false,
+    prefix = "api-invoke"
+  } = options;
+  const sensitiveHeaders = [
+    ...DEFAULT_SENSITIVE_HEADERS,
+    ...(options.sensitiveHeaders ?? []).map((h) => h.toLowerCase())
+  ];
+  const sensitiveParams = [
+    ...DEFAULT_SENSITIVE_PARAMS,
+    ...options.sensitiveParams ?? []
+  ];
+  let requestStart = 0;
+  return {
+    name: "logging",
+    onRequest(url, init) {
+      requestStart = performance.now();
+      const maskedUrl = maskUrl(url, sensitiveParams);
+      const method = (init.method ?? HttpMethod.GET).toUpperCase();
+      const headers = formatHeaders(init, sensitiveHeaders);
+      const parts = [`[${prefix}] \u2192 ${method} ${maskedUrl}`];
+      if (headers) {
+        parts.push(`  headers: ${JSON.stringify(headers)}`);
+      }
+      if (logBody && init.body) {
+        const bodyStr = typeof init.body === "string" ? init.body : "<binary>";
+        parts.push(`  body: ${bodyStr}`);
+      }
+      log(parts.join("\n"));
+      return { url, init };
+    },
+    onResponse(response) {
+      const elapsed = requestStart ? `${Math.round(performance.now() - requestStart)}ms` : "?ms";
+      const status = response.status;
+      const statusText = response.statusText;
+      log(`[${prefix}] \u2190 ${status} ${statusText} (${elapsed})`);
+      return response;
+    },
+    onError(error) {
+      log(`[${prefix}] \u2715 ${error.message}`);
+    }
+  };
+}
+
+// src/middleware/oauth-refresh.ts
+function withOAuthRefresh(options, baseFetch) {
+  const fetchFn = baseFetch ?? globalThis.fetch;
+  let currentRefreshToken = options.refreshToken;
+  let refreshPromise = null;
+  return async function oauthRefreshFetch(input, init) {
+    const response = await fetchFn(input, init);
+    if (response.status !== 401) return response;
+    if (init?.body instanceof ReadableStream || typeof init?.body === "object" && init.body !== null && Symbol.asyncIterator in init.body || typeof init?.body === "object" && init.body !== null && typeof init.body.pipe === "function") {
+      console.warn(
+        "[api-invoke] Cannot retry request with stream body after 401 \u2014 the stream was consumed. Use a string or Blob body for OAuth2-protected requests."
+      );
+      return response;
+    }
+    let tokens;
+    try {
+      if (!refreshPromise) {
+        refreshPromise = refreshOAuth2Token(options.tokenUrl, currentRefreshToken, {
+          clientId: options.clientId,
+          clientSecret: options.clientSecret,
+          scopes: options.scopes,
+          fetch: fetchFn
+        }).then(async (result) => {
+          if (result.refreshToken) currentRefreshToken = result.refreshToken;
+          if (options.onTokenRefresh) {
+            try {
+              await options.onTokenRefresh(result);
+            } catch (callbackError) {
+              console.warn(
+                "[api-invoke] onTokenRefresh callback threw \u2014 new tokens were NOT persisted. The refreshed token is used for this request, but may be lost on restart.",
+                callbackError
+              );
+            }
+          }
+          return result;
+        }).finally(() => {
+          refreshPromise = null;
+        });
+      }
+      tokens = await refreshPromise;
+    } catch (error) {
+      console.warn(
+        "[api-invoke] OAuth2 token refresh failed, returning original 401.",
+        error
+      );
+      return response;
+    }
+    let baseHeaders = {};
+    if (input instanceof Request) {
+      input.headers.forEach((value, key) => {
+        baseHeaders[key] = value;
+      });
+    }
+    const initHeaders = typeof init?.headers === "object" && !Array.isArray(init.headers) && !(init.headers instanceof Headers) ? { ...init.headers } : Object.fromEntries(new Headers(init?.headers).entries());
+    const existingHeaders = { ...baseHeaders, ...initHeaders };
+    for (const key of Object.keys(existingHeaders)) {
+      if (key.toLowerCase() === "authorization") delete existingHeaders[key];
+    }
+    existingHeaders["Authorization"] = `Bearer ${tokens.accessToken}`;
+    return fetchFn(input, { ...init, headers: existingHeaders });
+  };
+}
+
+// src/adapters/manual/builder.ts
+var APIBuilder = class {
+  _title;
+  _version = "1.0.0";
+  _baseUrl = "";
+  _operations = [];
+  constructor(title) {
+    this._title = title;
+  }
+  /**
+   * Set the API version string.
+   * @param v - Version string (e.g. '2.0.0'). Default: '1.0.0'.
+   */
+  version(v) {
+    this._version = v;
+    return this;
+  }
+  /**
+   * Set the base URL for all endpoints.
+   * @param url - Base URL (e.g. 'https://api.example.com/v1'). Required before calling {@link build}.
+   */
+  baseUrl(url) {
+    this._baseUrl = url;
+    return this;
+  }
+  /** Add a GET endpoint. */
+  get(path, options = {}) {
+    return this.endpoint(HttpMethod.GET, path, options);
+  }
+  /** Add a POST endpoint. */
+  post(path, options = {}) {
+    return this.endpoint(HttpMethod.POST, path, options);
+  }
+  /** Add a PUT endpoint. */
+  put(path, options = {}) {
+    return this.endpoint(HttpMethod.PUT, path, options);
+  }
+  /** Add a PATCH endpoint. */
+  patch(path, options = {}) {
+    return this.endpoint(HttpMethod.PATCH, path, options);
+  }
+  /** Add a DELETE endpoint. */
+  delete(path, options = {}) {
+    return this.endpoint(HttpMethod.DELETE, path, options);
+  }
+  /**
+   * Add an endpoint with any HTTP method.
+   * Path parameters are auto-detected from `{placeholder}` segments.
+   *
+   * @param method - HTTP method (e.g. 'GET', 'POST')
+   * @param path - URL path template (e.g. '/users/{userId}')
+   * @param options - Endpoint configuration
+   */
+  endpoint(method, path, options = {}) {
+    const id = options.id ?? `${method.toLowerCase()}_${path.replace(/[{}\/]/g, "_").replace(/^_|_$/g, "").replace(/_+/g, "_")}`;
+    const pathParamNames = [...path.matchAll(/\{(\w+)\}/g)].map((m) => m[1]);
+    const parameters = [];
+    for (const name of pathParamNames) {
+      const explicit = options.params?.[name];
+      const def = typeof explicit === "string" ? { type: explicit } : explicit ?? {};
+      parameters.push({
+        name,
+        in: ParamLocation.PATH,
+        required: true,
+        description: def.description ?? "",
+        schema: { type: def.type ?? "string", default: def.default }
+      });
+    }
+    if (options.params) {
+      for (const [name, raw] of Object.entries(options.params)) {
+        if (pathParamNames.includes(name)) continue;
+        const def = typeof raw === "string" ? { type: raw } : raw;
+        parameters.push({
+          name,
+          in: def.in ?? ParamLocation.QUERY,
+          required: def.required ?? false,
+          description: def.description ?? "",
+          schema: { type: def.type ?? "string", default: def.default }
+        });
+      }
+    }
+    let requestBody;
+    if (options.body) {
+      const properties = {};
+      if (options.body.properties) {
+        for (const [name, raw] of Object.entries(options.body.properties)) {
+          if (typeof raw === "string") {
+            properties[name] = { type: raw };
+          } else {
+            properties[name] = {
+              type: raw.type,
+              description: raw.description,
+              format: raw.format,
+              enum: raw.enum
+            };
+          }
+        }
+      }
+      requestBody = {
+        required: options.body.required ?? true,
+        contentType: options.body.contentType ?? ContentType.JSON,
+        schema: {
+          type: "object",
+          raw: {},
+          properties,
+          required: options.body.requiredFields
+        }
+      };
+    }
+    this._operations.push({
+      id,
+      path,
+      method: method.toUpperCase(),
+      summary: options.summary,
+      description: options.description,
+      parameters,
+      requestBody,
+      responseContentType: options.responseContentType,
+      tags: options.tags ?? []
+    });
+    return this;
+  }
+  /**
+   * Build the {@link ParsedAPI} from the configured endpoints.
+   * @returns A ParsedAPI ready to use with {@link ApiInvokeClient}
+   * @throws {Error} If `baseUrl` is not set or no endpoints are defined
+   */
+  build() {
+    if (!this._baseUrl) {
+      throw new Error('baseUrl is required. Call .baseUrl("https://...") before .build().');
+    }
+    if (this._operations.length === 0) {
+      throw new Error("At least one endpoint is required. Call .get(), .post(), etc. before .build().");
+    }
+    return {
+      title: this._title,
+      version: this._version,
+      baseUrl: this._baseUrl,
+      operations: [...this._operations],
+      authSchemes: [],
+      specFormat: SpecFormat.MANUAL
+    };
+  }
+};
+function defineAPI(title) {
+  return new APIBuilder(title);
+}
+
+// src/adapters/graphql/errors.ts
+function hasGraphQLErrors(result) {
+  const body = result.data;
+  return body != null && Array.isArray(body.errors) && body.errors.length > 0;
+}
+function getGraphQLErrors(result) {
+  const body = result.data;
+  if (body != null && Array.isArray(body.errors)) return body.errors;
+  return [];
+}
+function throwOnGraphQLErrors(result) {
+  const body = result.data;
+  if (body == null || !Array.isArray(body.errors) || body.errors.length === 0) return;
+  if (body.data != null) return;
+  const errors = body.errors;
+  const messages = errors.map((e) => e.message).join("; ");
+  throw graphqlError(messages, result.status, body);
+}
+
+export { APIBuilder, ApiInvokeClient, AuthConfigType, buildRequest, buildUrl, corsProxy, createClient, defineAPI, deriveBaseUrl, executeOperation, executeOperationStream, executeRaw, executeRawStream, getGraphQLErrors, hasGraphQLErrors, injectAuth, isGraphQLUrl, isSpecContent, isSpecUrl, logging, maskAuth, parseOpenAPISpec, parseRawUrl, parseRawUrls, parseSSE, refreshOAuth2Token, throwOnGraphQLErrors, toAuth, withOAuthRefresh, withRetry };
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map