aurabase-js 0.6.0 → 0.7.2

package/dist/cli.js

@@ -52,12 +52,30 @@ export async function server() {
 
   return client;
 }
+`,
+  "lib/admin.ts": `import { createClient } from 'aurabase-js';
+
+/**
+ * Admin client with service_role key
+ * \u26A0\uFE0F ONLY use on server-side (API routes, server components)
+ * \u26A0\uFE0F Bypasses all RLS policies - use with caution!
+ */
+export const admin = createClient({
+  url: process.env.NEXT_PUBLIC_AURABASE_URL || '',
+  anonKey: process.env.AURABASE_SERVICE_ROLE_KEY || '',
+});
 `
 };
 var ENV_TEMPLATE = `
 # AuraBase Configuration (.env.local)
+
+# Public keys (client + server)
 NEXT_PUBLIC_AURABASE_URL=https://your-project.cloudfront.net
 NEXT_PUBLIC_AURABASE_ANON_KEY=your-anon-key-here
+
+# Service role key (server only - bypasses RLS!)
+# \u26A0\uFE0F NEVER expose this to the client!
+AURABASE_SERVICE_ROLE_KEY=your-service-role-key-here
 `;
 function findProjectRoot() {
   let dir = process.cwd();
@@ -93,6 +111,7 @@ function init() {
   console.log("\x1B[1m\n\u{1F680} Initializing AuraBase...\x1B[0m\n");
   createFile(projectRoot, "lib/client.ts");
   createFile(projectRoot, "lib/server.ts");
+  createFile(projectRoot, "lib/admin.ts");
   console.log("\x1B[36m%s\x1B[0m", ENV_TEMPLATE);
 }
 function showHelp() {
@@ -107,8 +126,9 @@ function showHelp() {
   -v, --version     Show version
 
 \x1B[1mGenerated files:\x1B[0m
-  lib/client.ts     Browser client
+  lib/client.ts     Browser client (anon key)
   lib/server.ts     Server client (with cookie auth)
+  lib/admin.ts      Admin client (service role, bypasses RLS)
 `);
 }
 function showVersion() {

package/dist/cli.mjs

@@ -29,12 +29,30 @@ export async function server() {
 
   return client;
 }
+`,
+  "lib/admin.ts": `import { createClient } from 'aurabase-js';
+
+/**
+ * Admin client with service_role key
+ * \u26A0\uFE0F ONLY use on server-side (API routes, server components)
+ * \u26A0\uFE0F Bypasses all RLS policies - use with caution!
+ */
+export const admin = createClient({
+  url: process.env.NEXT_PUBLIC_AURABASE_URL || '',
+  anonKey: process.env.AURABASE_SERVICE_ROLE_KEY || '',
+});
 `
 };
 var ENV_TEMPLATE = `
 # AuraBase Configuration (.env.local)
+
+# Public keys (client + server)
 NEXT_PUBLIC_AURABASE_URL=https://your-project.cloudfront.net
 NEXT_PUBLIC_AURABASE_ANON_KEY=your-anon-key-here
+
+# Service role key (server only - bypasses RLS!)
+# \u26A0\uFE0F NEVER expose this to the client!
+AURABASE_SERVICE_ROLE_KEY=your-service-role-key-here
 `;
 function findProjectRoot() {
   let dir = process.cwd();
@@ -70,6 +88,7 @@ function init() {
   console.log("\x1B[1m\n\u{1F680} Initializing AuraBase...\x1B[0m\n");
   createFile(projectRoot, "lib/client.ts");
   createFile(projectRoot, "lib/server.ts");
+  createFile(projectRoot, "lib/admin.ts");
   console.log("\x1B[36m%s\x1B[0m", ENV_TEMPLATE);
 }
 function showHelp() {
@@ -84,8 +103,9 @@ function showHelp() {
   -v, --version     Show version
 
 \x1B[1mGenerated files:\x1B[0m
-  lib/client.ts     Browser client
+  lib/client.ts     Browser client (anon key)
   lib/server.ts     Server client (with cookie auth)
+  lib/admin.ts      Admin client (service role, bypasses RLS)
 `);
 }
 function showVersion() {

package/dist/index.d.mts

@@ -26,6 +26,7 @@ interface PostgrestResponse<T> {
     error: AuraBaseError | null;
     status: number;
     statusText: string;
+    count?: number | null;
 }
 interface AuraBaseError {
     message: string;
@@ -65,6 +66,9 @@ declare class QueryBuilder<T> {
     private queryParams;
     private headers;
     private isSingle;
+    private _countOption;
+    private _head;
+    private _idValue;
     constructor(url: string, anonKey: string, accessToken: string | null, tableName: string, headers?: Record<string, string>);
     /**
      * Select columns
@@ -72,7 +76,10 @@ declare class QueryBuilder<T> {
      * .select('id, name, email')
      * .select('*')
      */
-    select(columns?: string): this;
+    select(columns?: string, options?: {
+        count?: 'exact' | 'planned' | 'estimated';
+        head?: boolean;
+    }): this;
     /**
      * Filter by column equality
      * @example
@@ -124,6 +131,21 @@ declare class QueryBuilder<T> {
      * Filter for non-null values
      */
     isNotNull(column: string): this;
+    /**
+     * Negate a filter
+     */
+    not(column: string, operator: string, value?: unknown): this;
+    /**
+     * Filter by null or not null
+     */
+    is(column: string, value: null | 'not.null'): this;
+    /**
+     * Full-text search
+     */
+    textSearch(column: string, query: string, options?: {
+        config?: string;
+        type?: 'plain' | 'phrase' | 'websearch';
+    }): this;
     /**
      * Order results
      * @example
@@ -266,6 +288,10 @@ declare class AuraBaseClient {
      * Set access token for authenticated requests
      */
     setAccessToken(token: string | null): void;
+    /**
+     * Manually set session (Supabase-compatible alias)
+     */
+    setSession(token: string | null): void;
     /**
      * Get the current access token
      */

package/dist/index.d.ts

@@ -26,6 +26,7 @@ interface PostgrestResponse<T> {
     error: AuraBaseError | null;
     status: number;
     statusText: string;
+    count?: number | null;
 }
 interface AuraBaseError {
     message: string;
@@ -65,6 +66,9 @@ declare class QueryBuilder<T> {
     private queryParams;
     private headers;
     private isSingle;
+    private _countOption;
+    private _head;
+    private _idValue;
     constructor(url: string, anonKey: string, accessToken: string | null, tableName: string, headers?: Record<string, string>);
     /**
      * Select columns
@@ -72,7 +76,10 @@ declare class QueryBuilder<T> {
      * .select('id, name, email')
      * .select('*')
      */
-    select(columns?: string): this;
+    select(columns?: string, options?: {
+        count?: 'exact' | 'planned' | 'estimated';
+        head?: boolean;
+    }): this;
     /**
      * Filter by column equality
      * @example
@@ -124,6 +131,21 @@ declare class QueryBuilder<T> {
      * Filter for non-null values
      */
     isNotNull(column: string): this;
+    /**
+     * Negate a filter
+     */
+    not(column: string, operator: string, value?: unknown): this;
+    /**
+     * Filter by null or not null
+     */
+    is(column: string, value: null | 'not.null'): this;
+    /**
+     * Full-text search
+     */
+    textSearch(column: string, query: string, options?: {
+        config?: string;
+        type?: 'plain' | 'phrase' | 'websearch';
+    }): this;
     /**
      * Order results
      * @example
@@ -266,6 +288,10 @@ declare class AuraBaseClient {
      * Set access token for authenticated requests
      */
     setAccessToken(token: string | null): void;
+    /**
+     * Manually set session (Supabase-compatible alias)
+     */
+    setSession(token: string | null): void;
     /**
      * Get the current access token
      */

package/dist/index.js

@@ -30,6 +30,9 @@ module.exports = __toCommonJS(index_exports);
 var QueryBuilder = class {
   constructor(url, anonKey, accessToken, tableName, headers = {}) {
     this.isSingle = false;
+    this._countOption = null;
+    this._head = false;
+    this._idValue = void 0;
     this.url = url;
     this.anonKey = anonKey;
     this.accessToken = accessToken;
@@ -43,8 +46,10 @@ var QueryBuilder = class {
    * .select('id, name, email')
    * .select('*')
    */
-  select(columns = "*") {
+  select(columns = "*", options) {
     this.queryParams.set("select", columns);
+    if (options?.count) this._countOption = options.count;
+    if (options?.head) this._head = true;
     return this;
   }
   /**
@@ -55,6 +60,7 @@ var QueryBuilder = class {
    */
   eq(column, value) {
     this.queryParams.append(column, `eq.${value}`);
+    if (column === "id") this._idValue = value;
     return this;
   }
   /**
@@ -134,6 +140,29 @@ var QueryBuilder = class {
     this.queryParams.append(column, "is.not.null");
     return this;
   }
+  /**
+   * Negate a filter
+   */
+  not(column, operator, value) {
+    this.queryParams.append(column, `not.${operator}.${value ?? ""}`);
+    return this;
+  }
+  /**
+   * Filter by null or not null
+   */
+  is(column, value) {
+    if (value === null) return this.isNull(column);
+    return this.isNotNull(column);
+  }
+  /**
+   * Full-text search
+   */
+  textSearch(column, query, options) {
+    const prefix = options?.type === "plain" ? "plfts" : options?.type === "phrase" ? "phfts" : "fts";
+    const configStr = options?.config ? `(${options.config})` : "";
+    this.queryParams.append(column, `${prefix}${configStr}.${query}`);
+    return this;
+  }
   /**
    * Order results
    * @example
@@ -187,28 +216,61 @@ var QueryBuilder = class {
   }
   getHeaders() {
     const token = this.accessToken || this.anonKey;
-    return {
+    const headers = {
       "Content-Type": "application/json",
       "apikey": this.anonKey,
       "Authorization": `Bearer ${token}`,
       ...this.headers
     };
+    if (this._countOption) {
+      headers["Prefer"] = `count=${this._countOption}`;
+    }
+    return headers;
   }
   async request(method, body) {
-    const queryString = this.queryParams.toString();
-    const fullUrl = `${this.url}/rest/v1/${this.tableName}${queryString ? `?${queryString}` : ""}`;
+    const effectiveMethod = this._head ? "HEAD" : method;
+    let fullUrl;
+    if ((method === "PATCH" || method === "DELETE") && this._idValue !== void 0) {
+      const params = new URLSearchParams(this.queryParams);
+      params.delete("id");
+      const qs = params.toString();
+      fullUrl = `${this.url}/api/${this.tableName}/${this._idValue}/${qs ? `?${qs}` : ""}`;
+    } else {
+      const queryString = this.queryParams.toString();
+      fullUrl = `${this.url}/api/${this.tableName}/${queryString ? `?${queryString}` : ""}`;
+    }
     const options = {
-      method,
+      method: effectiveMethod,
       headers: this.getHeaders()
     };
-    if (body && method !== "GET") {
+    if (body && method !== "GET" && method !== "HEAD") {
       options.body = JSON.stringify(body);
-      options.headers["Prefer"] = "return=representation";
+      const hdrs = options.headers;
+      if (hdrs["Prefer"]) {
+        hdrs["Prefer"] = hdrs["Prefer"] + ",return=representation";
+      } else {
+        hdrs["Prefer"] = "return=representation";
+      }
     }
     try {
       const response = await fetch(fullUrl, options);
       let data = null;
       let error = null;
+      const contentRange = response.headers.get("content-range");
+      let count = null;
+      if (contentRange) {
+        const match = contentRange.match(/\/(\d+)$/);
+        if (match) count = parseInt(match[1], 10);
+      }
+      if (effectiveMethod === "HEAD") {
+        return {
+          data: null,
+          error: null,
+          status: response.status,
+          statusText: response.statusText,
+          count
+        };
+      }
       const text = await response.text();
       if (text) {
         try {
@@ -234,7 +296,8 @@ var QueryBuilder = class {
         data,
         error,
         status: response.status,
-        statusText: response.statusText
+        statusText: response.statusText,
+        count
       };
     } catch (err) {
       return {
@@ -243,7 +306,8 @@ var QueryBuilder = class {
           message: err instanceof Error ? err.message : "Network error"
         },
         status: 0,
-        statusText: "Network Error"
+        statusText: "Network Error",
+        count: null
       };
     }
   }
@@ -550,6 +614,17 @@ var AuraBaseClient = class {
     this.anonKey = options.anonKey;
     this.customHeaders = options.headers || {};
     this.auth = new AuthClient(this.url, this.anonKey);
+    const { data: { session } } = this.auth.getSession();
+    if (session?.access_token) {
+      this.accessToken = session.access_token;
+    }
+    this.auth.onAuthStateChange((event, session2) => {
+      if (event === "SIGNED_IN" || event === "TOKEN_REFRESHED") {
+        this.accessToken = session2?.access_token ?? null;
+      } else if (event === "SIGNED_OUT") {
+        this.accessToken = null;
+      }
+    });
   }
   /**
    * Set access token for authenticated requests
@@ -557,6 +632,12 @@ var AuraBaseClient = class {
   setAccessToken(token) {
     this.accessToken = token;
   }
+  /**
+   * Manually set session (Supabase-compatible alias)
+   */
+  setSession(token) {
+    this.accessToken = token;
+  }
   /**
    * Get the current access token
    */
@@ -585,7 +666,7 @@ var AuraBaseClient = class {
   async rpc(functionName, params) {
     const token = this.accessToken || this.anonKey;
     try {
-      const response = await fetch(`${this.url}/rpc/v1/${functionName}`, {
+      const response = await fetch(`${this.url}/rest/v1/rpc/${functionName}`, {
         method: "POST",
         headers: {
           "Content-Type": "application/json",

package/dist/index.mjs

@@ -2,6 +2,9 @@
 var QueryBuilder = class {
   constructor(url, anonKey, accessToken, tableName, headers = {}) {
     this.isSingle = false;
+    this._countOption = null;
+    this._head = false;
+    this._idValue = void 0;
     this.url = url;
     this.anonKey = anonKey;
     this.accessToken = accessToken;
@@ -15,8 +18,10 @@ var QueryBuilder = class {
    * .select('id, name, email')
    * .select('*')
    */
-  select(columns = "*") {
+  select(columns = "*", options) {
     this.queryParams.set("select", columns);
+    if (options?.count) this._countOption = options.count;
+    if (options?.head) this._head = true;
     return this;
   }
   /**
@@ -27,6 +32,7 @@ var QueryBuilder = class {
    */
   eq(column, value) {
     this.queryParams.append(column, `eq.${value}`);
+    if (column === "id") this._idValue = value;
     return this;
   }
   /**
@@ -106,6 +112,29 @@ var QueryBuilder = class {
     this.queryParams.append(column, "is.not.null");
     return this;
   }
+  /**
+   * Negate a filter
+   */
+  not(column, operator, value) {
+    this.queryParams.append(column, `not.${operator}.${value ?? ""}`);
+    return this;
+  }
+  /**
+   * Filter by null or not null
+   */
+  is(column, value) {
+    if (value === null) return this.isNull(column);
+    return this.isNotNull(column);
+  }
+  /**
+   * Full-text search
+   */
+  textSearch(column, query, options) {
+    const prefix = options?.type === "plain" ? "plfts" : options?.type === "phrase" ? "phfts" : "fts";
+    const configStr = options?.config ? `(${options.config})` : "";
+    this.queryParams.append(column, `${prefix}${configStr}.${query}`);
+    return this;
+  }
   /**
    * Order results
    * @example
@@ -159,28 +188,61 @@ var QueryBuilder = class {
   }
   getHeaders() {
     const token = this.accessToken || this.anonKey;
-    return {
+    const headers = {
       "Content-Type": "application/json",
       "apikey": this.anonKey,
       "Authorization": `Bearer ${token}`,
       ...this.headers
     };
+    if (this._countOption) {
+      headers["Prefer"] = `count=${this._countOption}`;
+    }
+    return headers;
   }
   async request(method, body) {
-    const queryString = this.queryParams.toString();
-    const fullUrl = `${this.url}/rest/v1/${this.tableName}${queryString ? `?${queryString}` : ""}`;
+    const effectiveMethod = this._head ? "HEAD" : method;
+    let fullUrl;
+    if ((method === "PATCH" || method === "DELETE") && this._idValue !== void 0) {
+      const params = new URLSearchParams(this.queryParams);
+      params.delete("id");
+      const qs = params.toString();
+      fullUrl = `${this.url}/api/${this.tableName}/${this._idValue}/${qs ? `?${qs}` : ""}`;
+    } else {
+      const queryString = this.queryParams.toString();
+      fullUrl = `${this.url}/api/${this.tableName}/${queryString ? `?${queryString}` : ""}`;
+    }
     const options = {
-      method,
+      method: effectiveMethod,
       headers: this.getHeaders()
     };
-    if (body && method !== "GET") {
+    if (body && method !== "GET" && method !== "HEAD") {
       options.body = JSON.stringify(body);
-      options.headers["Prefer"] = "return=representation";
+      const hdrs = options.headers;
+      if (hdrs["Prefer"]) {
+        hdrs["Prefer"] = hdrs["Prefer"] + ",return=representation";
+      } else {
+        hdrs["Prefer"] = "return=representation";
+      }
     }
     try {
       const response = await fetch(fullUrl, options);
       let data = null;
       let error = null;
+      const contentRange = response.headers.get("content-range");
+      let count = null;
+      if (contentRange) {
+        const match = contentRange.match(/\/(\d+)$/);
+        if (match) count = parseInt(match[1], 10);
+      }
+      if (effectiveMethod === "HEAD") {
+        return {
+          data: null,
+          error: null,
+          status: response.status,
+          statusText: response.statusText,
+          count
+        };
+      }
       const text = await response.text();
       if (text) {
         try {
@@ -206,7 +268,8 @@ var QueryBuilder = class {
         data,
         error,
         status: response.status,
-        statusText: response.statusText
+        statusText: response.statusText,
+        count
       };
     } catch (err) {
       return {
@@ -215,7 +278,8 @@ var QueryBuilder = class {
           message: err instanceof Error ? err.message : "Network error"
         },
         status: 0,
-        statusText: "Network Error"
+        statusText: "Network Error",
+        count: null
       };
     }
   }
@@ -522,6 +586,17 @@ var AuraBaseClient = class {
     this.anonKey = options.anonKey;
     this.customHeaders = options.headers || {};
     this.auth = new AuthClient(this.url, this.anonKey);
+    const { data: { session } } = this.auth.getSession();
+    if (session?.access_token) {
+      this.accessToken = session.access_token;
+    }
+    this.auth.onAuthStateChange((event, session2) => {
+      if (event === "SIGNED_IN" || event === "TOKEN_REFRESHED") {
+        this.accessToken = session2?.access_token ?? null;
+      } else if (event === "SIGNED_OUT") {
+        this.accessToken = null;
+      }
+    });
   }
   /**
    * Set access token for authenticated requests
@@ -529,6 +604,12 @@ var AuraBaseClient = class {
   setAccessToken(token) {
     this.accessToken = token;
   }
+  /**
+   * Manually set session (Supabase-compatible alias)
+   */
+  setSession(token) {
+    this.accessToken = token;
+  }
   /**
    * Get the current access token
    */
@@ -557,7 +638,7 @@ var AuraBaseClient = class {
   async rpc(functionName, params) {
     const token = this.accessToken || this.anonKey;
     try {
-      const response = await fetch(`${this.url}/rpc/v1/${functionName}`, {
+      const response = await fetch(`${this.url}/rest/v1/rpc/${functionName}`, {
         method: "POST",
         headers: {
           "Content-Type": "application/json",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "aurabase-js",
-  "version": "0.6.0",
+  "version": "0.7.2",
   "description": "AuraBase client library - Supabase-style SDK for AuraBase",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
@@ -15,6 +15,10 @@
       "require": "./dist/index.js"
     }
   },
+  "files": [
+    "dist",
+    "src"
+  ],
   "scripts": {
     "build": "tsup src/index.ts src/cli.ts --format cjs,esm --dts",
     "dev": "tsup src/index.ts src/cli.ts --format cjs,esm --dts --watch",

package/src/AuraBaseClient.ts

@@ -14,6 +14,21 @@ export class AuraBaseClient {
     this.anonKey = options.anonKey;
     this.customHeaders = options.headers || {};
     this.auth = new AuthClient(this.url, this.anonKey);
+
+    // 저장된 세션 복원 (페이지 새로고침 후에도 로그인 상태 유지)
+    const { data: { session } } = this.auth.getSession();
+    if (session?.access_token) {
+      this.accessToken = session.access_token;
+    }
+
+    // 로그인/로그아웃 시 accessToken 자동 동기화
+    this.auth.onAuthStateChange((event, session) => {
+      if (event === 'SIGNED_IN' || event === 'TOKEN_REFRESHED') {
+        this.accessToken = session?.access_token ?? null;
+      } else if (event === 'SIGNED_OUT') {
+        this.accessToken = null;
+      }
+    });
   }
 
   /**
@@ -23,6 +38,13 @@ export class AuraBaseClient {
     this.accessToken = token;
   }
 
+  /**
+   * Manually set session (Supabase-compatible alias)
+   */
+  setSession(token: string | null): void {
+    this.accessToken = token;
+  }
+
   /**
    * Get the current access token
    */
@@ -57,7 +79,7 @@ export class AuraBaseClient {
     const token = this.accessToken || this.anonKey;
 
     try {
-      const response = await fetch(`${this.url}/rpc/v1/${functionName}`, {
+      const response = await fetch(`${this.url}/rest/v1/rpc/${functionName}`, {
         method: 'POST',
         headers: {
           'Content-Type': 'application/json',

package/src/QueryBuilder.ts

@@ -1,7 +1,7 @@
 import { AuraBaseApiError } from './errors';
 import { PostgrestResponse, AuraBaseError } from './types';
 
-type HttpMethod = 'GET' | 'POST' | 'PATCH' | 'PUT' | 'DELETE';
+type HttpMethod = 'GET' | 'POST' | 'PATCH' | 'PUT' | 'DELETE' | 'HEAD';
 
 export class QueryBuilder<T> {
   private url: string;
@@ -11,6 +11,9 @@ export class QueryBuilder<T> {
   private queryParams: URLSearchParams;
   private headers: Record<string, string>;
   private isSingle: boolean = false;
+  private _countOption: 'exact' | 'planned' | 'estimated' | null = null;
+  private _head: boolean = false;
+  private _idValue: unknown = undefined;
 
   constructor(
     url: string,
@@ -33,8 +36,10 @@ export class QueryBuilder<T> {
    * .select('id, name, email')
    * .select('*')
    */
-  select(columns: string = '*'): this {
+  select(columns: string = '*', options?: { count?: 'exact' | 'planned' | 'estimated'; head?: boolean }): this {
     this.queryParams.set('select', columns);
+    if (options?.count) this._countOption = options.count;
+    if (options?.head) this._head = true;
     return this;
   }
 
@@ -46,6 +51,7 @@ export class QueryBuilder<T> {
    */
   eq(column: string, value: unknown): this {
     this.queryParams.append(column, `eq.${value}`);
+    if (column === 'id') this._idValue = value;
     return this;
   }
 
@@ -137,6 +143,32 @@ export class QueryBuilder<T> {
     return this;
   }
 
+  /**
+   * Negate a filter
+   */
+  not(column: string, operator: string, value?: unknown): this {
+    this.queryParams.append(column, `not.${operator}.${value ?? ''}`);
+    return this;
+  }
+
+  /**
+   * Filter by null or not null
+   */
+  is(column: string, value: null | 'not.null'): this {
+    if (value === null) return this.isNull(column);
+    return this.isNotNull(column);
+  }
+
+  /**
+   * Full-text search
+   */
+  textSearch(column: string, query: string, options?: { config?: string; type?: 'plain' | 'phrase' | 'websearch' }): this {
+    const prefix = options?.type === 'plain' ? 'plfts' : options?.type === 'phrase' ? 'phfts' : 'fts';
+    const configStr = options?.config ? `(${options.config})` : '';
+    this.queryParams.append(column, `${prefix}${configStr}.${query}`);
+    return this;
+  }
+
   /**
    * Order results
    * @example
@@ -196,29 +228,48 @@ export class QueryBuilder<T> {
 
   private getHeaders(): Record<string, string> {
     const token = this.accessToken || this.anonKey;
-    return {
+    const headers: Record<string, string> = {
       'Content-Type': 'application/json',
       'apikey': this.anonKey,
       'Authorization': `Bearer ${token}`,
       ...this.headers,
     };
+    if (this._countOption) {
+      headers['Prefer'] = `count=${this._countOption}`;
+    }
+    return headers;
   }
 
   private async request<TResponse>(
     method: HttpMethod,
     body?: unknown
   ): Promise<PostgrestResponse<TResponse>> {
-    const queryString = this.queryParams.toString();
-    const fullUrl = `${this.url}/rest/v1/${this.tableName}${queryString ? `?${queryString}` : ''}`;
+    const effectiveMethod = this._head ? 'HEAD' : method;
+
+    let fullUrl: string;
+    if ((method === 'PATCH' || method === 'DELETE') && this._idValue !== undefined) {
+      const params = new URLSearchParams(this.queryParams);
+      params.delete('id');
+      const qs = params.toString();
+      fullUrl = `${this.url}/api/${this.tableName}/${this._idValue}/${qs ? `?${qs}` : ''}`;
+    } else {
+      const queryString = this.queryParams.toString();
+      fullUrl = `${this.url}/api/${this.tableName}/${queryString ? `?${queryString}` : ''}`;
+    }
 
     const options: RequestInit = {
-      method,
+      method: effectiveMethod,
       headers: this.getHeaders(),
     };
 
-    if (body && method !== 'GET') {
+    if (body && method !== 'GET' && method !== 'HEAD') {
       options.body = JSON.stringify(body);
-      (options.headers as Record<string, string>)['Prefer'] = 'return=representation';
+      const hdrs = options.headers as Record<string, string>;
+      if (hdrs['Prefer']) {
+        hdrs['Prefer'] = hdrs['Prefer'] + ',return=representation';
+      } else {
+        hdrs['Prefer'] = 'return=representation';
+      }
     }
 
     try {
@@ -227,6 +278,24 @@ export class QueryBuilder<T> {
       let data: TResponse | null = null;
       let error: AuraBaseError | null = null;
 
+      // Parse Content-Range header for count
+      const contentRange = response.headers.get('content-range');
+      let count: number | null = null;
+      if (contentRange) {
+        const match = contentRange.match(/\/(\d+)$/);
+        if (match) count = parseInt(match[1], 10);
+      }
+
+      if (effectiveMethod === 'HEAD') {
+        return {
+          data: null,
+          error: null,
+          status: response.status,
+          statusText: response.statusText,
+          count,
+        };
+      }
+
       const text = await response.text();
 
       if (text) {
@@ -256,6 +325,7 @@ export class QueryBuilder<T> {
         error,
         status: response.status,
         statusText: response.statusText,
+        count,
       };
     } catch (err) {
       return {
@@ -265,6 +335,7 @@ export class QueryBuilder<T> {
         },
         status: 0,
         statusText: 'Network Error',
+        count: null,
       };
     }
   }

package/src/cli.ts

@@ -29,13 +29,31 @@ export async function server() {
 
   return client;
 }
+`,
+  'lib/admin.ts': `import { createClient } from 'aurabase-js';
+
+/**
+ * Admin client with service_role key
+ * ⚠️ ONLY use on server-side (API routes, server components)
+ * ⚠️ Bypasses all RLS policies - use with caution!
+ */
+export const admin = createClient({
+  url: process.env.NEXT_PUBLIC_AURABASE_URL || '',
+  anonKey: process.env.AURABASE_SERVICE_ROLE_KEY || '',
+});
 `,
 };
 
 const ENV_TEMPLATE = `
 # AuraBase Configuration (.env.local)
+
+# Public keys (client + server)
 NEXT_PUBLIC_AURABASE_URL=https://your-project.cloudfront.net
 NEXT_PUBLIC_AURABASE_ANON_KEY=your-anon-key-here
+
+# Service role key (server only - bypasses RLS!)
+# ⚠️ NEVER expose this to the client!
+AURABASE_SERVICE_ROLE_KEY=your-service-role-key-here
 `;
 
 function findProjectRoot(): string {
@@ -80,6 +98,7 @@ function init() {
 
   createFile(projectRoot, 'lib/client.ts');
   createFile(projectRoot, 'lib/server.ts');
+  createFile(projectRoot, 'lib/admin.ts');
 
   console.log('\x1b[36m%s\x1b[0m', ENV_TEMPLATE);
 }
@@ -96,8 +115,9 @@ function showHelp() {
   -v, --version     Show version
 
 \x1b[1mGenerated files:\x1b[0m
-  lib/client.ts     Browser client
+  lib/client.ts     Browser client (anon key)
   lib/server.ts     Server client (with cookie auth)
+  lib/admin.ts      Admin client (service role, bypasses RLS)
 `);
 }
 

package/src/types.ts

@@ -38,6 +38,7 @@ export interface PostgrestResponse<T> {
   error: AuraBaseError | null;
   status: number;
   statusText: string;
+  count?: number | null;
 }
 
 export interface AuraBaseError {

package/.omc/state/hud-state.json

@@ -1,6 +0,0 @@
-{
-  "timestamp": "2026-03-09T12:13:53.326Z",
-  "backgroundTasks": [],
-  "sessionStartTimestamp": "2026-03-09T11:58:48.482Z",
-  "sessionId": "faa7b8297096020e"
-}

package/.omc/state/hud-stdin-cache.json

@@ -1 +0,0 @@
-{"session_id":"1c1e8df6-335a-4058-8bd4-4c0a67d996cd","transcript_path":"C:\\Users\\Jay\\.claude\\projects\\D--000-FrontEnd-242-dino-game\\1c1e8df6-335a-4058-8bd4-4c0a67d996cd.jsonl","cwd":"D:\\000.FrontEnd\\242.dino_game\\packages\\aurabase-js","model":{"id":"GLM-5","display_name":"GLM-5"},"workspace":{"current_dir":"D:\\000.FrontEnd\\242.dino_game\\packages\\aurabase-js","project_dir":"D:\\000.FrontEnd\\242.dino_game","added_dirs":[]},"version":"2.1.71","output_style":{"name":"default"},"cost":{"total_cost_usd":3.1387229999999997,"total_duration_ms":1800053,"total_api_duration_ms":890803,"total_lines_added":356,"total_lines_removed":168},"context_window":{"total_input_tokens":80855,"total_output_tokens":22864,"context_window_size":200000,"current_usage":{"input_tokens":137,"output_tokens":64,"cache_creation_input_tokens":0,"cache_read_input_tokens":86976},"used_percentage":44,"remaining_percentage":56},"exceeds_200k_tokens":false}

package/lib/aurabase.ts

@@ -1,9 +0,0 @@
-import { createClient } from 'aurabase-js';
-
-const AURABASE_URL = process.env.NEXT_PUBLIC_AURABASE_URL || 'https://your-project.cloudfront.net';
-const AURABASE_ANON_KEY = process.env.NEXT_PUBLIC_AURABASE_ANON_KEY || '';
-
-export const aurabase = createClient({
-  url: AURABASE_URL,
-  anonKey: AURABASE_ANON_KEY,
-});

package/tsconfig.json

@@ -1,20 +0,0 @@
-{
-  "compilerOptions": {
-    "target": "ES2020",
-    "module": "ESNext",
-    "lib": ["ES2020", "DOM"],
-    "declaration": true,
-    "declarationMap": true,
-    "sourceMap": true,
-    "outDir": "./dist",
-    "rootDir": "./src",
-    "strict": true,
-    "esModuleInterop": true,
-    "skipLibCheck": true,
-    "forceConsistentCasingInFileNames": true,
-    "moduleResolution": "node",
-    "resolveJsonModule": true
-  },
-  "include": ["src/**/*"],
-  "exclude": ["node_modules", "dist"]
-}