backlex 0.1.0

package/dist/index.js

@@ -0,0 +1,857 @@
+import { BacklexError } from './chunk-UIUS57OR.js';
+export { BacklexError } from './chunk-UIUS57OR.js';
+export { verifyWebhook } from './chunk-U2MHWV2E.js';
+
+// src/condition.ts
+var isPlainObject = (v) => typeof v === "object" && v !== null && !Array.isArray(v);
+var looksLikeComparison = (o) => {
+  const keys = Object.keys(o);
+  return keys.length > 0 && keys.every((k) => k.startsWith("_"));
+};
+var looksLikeNesting = (o) => {
+  const keys = Object.keys(o);
+  return keys.length > 0 && keys.every((k) => !k.startsWith("_") && !k.startsWith("$"));
+};
+var flattenNested = (prefix, value, out) => {
+  for (const [k, v] of Object.entries(value)) {
+    const path = `${prefix}.${k}`;
+    if (isPlainObject(v) && looksLikeComparison(v)) {
+      out[path] = v;
+    } else if (isPlainObject(v) && looksLikeNesting(v)) {
+      flattenNested(path, v, out);
+    } else {
+      out[path] = { _eq: v };
+    }
+  }
+};
+var normalizeCondition = (raw, opts = {}) => {
+  if (!isPlainObject(raw)) return raw;
+  const rels = opts.relationFields;
+  const and = raw.$and ?? raw._and;
+  if (Array.isArray(and)) {
+    return { $and: and.map((c) => normalizeCondition(c, opts)) };
+  }
+  const or = raw.$or ?? raw._or;
+  if (Array.isArray(or)) {
+    return { $or: or.map((c) => normalizeCondition(c, opts)) };
+  }
+  const not = raw.$not ?? raw._not;
+  if (not !== void 0) {
+    return { $not: normalizeCondition(not, opts) };
+  }
+  const out = {};
+  for (const [key, value] of Object.entries(raw)) {
+    if (isPlainObject(value)) {
+      if (looksLikeComparison(value)) {
+        out[key] = value;
+      } else if (looksLikeNesting(value) && (rels ? rels.has(key) : false)) {
+        flattenNested(key, value, out);
+      } else {
+        out[key] = value;
+      }
+    } else {
+      out[key] = { _eq: value };
+    }
+  }
+  return out;
+};
+
+// src/query.ts
+var prefixKeys = (cond, head) => {
+  const c = cond;
+  if (Array.isArray(c.$and)) {
+    return { $and: c.$and.map((x) => prefixKeys(x, head)) };
+  }
+  if (Array.isArray(c.$or)) {
+    return { $or: c.$or.map((x) => prefixKeys(x, head)) };
+  }
+  if (c.$not !== void 0) {
+    return { $not: prefixKeys(c.$not, head) };
+  }
+  const out = {};
+  for (const [k, v] of Object.entries(c)) out[`${head}.${k}`] = v;
+  return out;
+};
+var makeFilterBuilder = () => {
+  const leaf = (field, op, value) => ({ [field]: { [op]: value } });
+  return {
+    eq: (f, v) => leaf(f, "_eq", v),
+    neq: (f, v) => leaf(f, "_neq", v),
+    gt: (f, v) => leaf(f, "_gt", v),
+    gte: (f, v) => leaf(f, "_gte", v),
+    lt: (f, v) => leaf(f, "_lt", v),
+    lte: (f, v) => leaf(f, "_lte", v),
+    in: (f, v) => leaf(f, "_in", v),
+    nin: (f, v) => leaf(f, "_nin", v),
+    between: (f, lo, hi) => leaf(f, "_between", [lo, hi]),
+    isNull: (f, isNull = true) => leaf(f, "_null", isNull),
+    empty: (f) => leaf(f, "_empty", true),
+    nempty: (f) => leaf(f, "_nempty", true),
+    contains: (f, v) => leaf(f, "_contains", v),
+    icontains: (f, v) => leaf(f, "_icontains", v),
+    startsWith: (f, v) => leaf(f, "_starts_with", v),
+    endsWith: (f, v) => leaf(f, "_ends_with", v),
+    and: (...conds) => ({ $and: conds }),
+    or: (...conds) => ({ $or: conds }),
+    not: (cond) => ({ $not: cond }),
+    rel: (head, build) => prefixKeys(build(makeFilterBuilder()), head),
+    now: (opts = {}) => ({ $now: { ...opts } })
+  };
+};
+var QueryBuilder = class {
+  constructor(listFn) {
+    this.listFn = listFn;
+  }
+  _filter;
+  _sort = [];
+  _fields = [];
+  _expand = [];
+  _limit;
+  _offset;
+  _meta;
+  _locale;
+  _q;
+  where(build) {
+    this._filter = normalizeCondition(build(makeFilterBuilder()));
+    return this;
+  }
+  /** Replace the filter with a raw canonical condition (escape hatch). */
+  filter(cond) {
+    this._filter = normalizeCondition(cond);
+    return this;
+  }
+  select(...fields) {
+    this._fields.push(...fields);
+    return this;
+  }
+  orderBy(...sorts) {
+    this._sort.push(...sorts);
+    return this;
+  }
+  /** Inline single-hop relations (replaces each FK with the related object). */
+  expand(...rels) {
+    this._expand.push(...rels);
+    return this;
+  }
+  /** Project `i18n_text` fields to one locale, or `"*"` for the full map. */
+  locale(loc) {
+    this._locale = loc;
+    return this;
+  }
+  /** Free-text search across readable text fields. */
+  search(text) {
+    this._q = text;
+    return this;
+  }
+  limit(n) {
+    this._limit = n;
+    return this;
+  }
+  offset(n) {
+    this._offset = n;
+    return this;
+  }
+  withMeta(m) {
+    this._meta = m;
+    return this;
+  }
+  /** Assemble the plain `ListQuery` — the canonical JSON the REST API takes. */
+  toQuery() {
+    const q = {};
+    if (this._filter) q.filter = this._filter;
+    if (this._sort.length) q.sort = this._sort;
+    if (this._fields.length) q.fields = this._fields;
+    if (this._expand.length) q.expand = this._expand;
+    if (this._limit !== void 0) q.limit = this._limit;
+    if (this._offset !== void 0) q.offset = this._offset;
+    if (this._meta) q.meta = this._meta;
+    if (this._locale) q.locale = this._locale;
+    if (this._q) q.q = this._q;
+    return q;
+  }
+  list() {
+    return this.listFn(this.toQuery());
+  }
+};
+
+// src/sync.ts
+var memoryStore = () => {
+  const rows = /* @__PURE__ */ new Map();
+  const meta = /* @__PURE__ */ new Map();
+  let queue = [];
+  return {
+    async get(id) {
+      return rows.get(id);
+    },
+    async set(id, row) {
+      rows.set(id, row);
+    },
+    async remove(id) {
+      rows.delete(id);
+    },
+    async all() {
+      return [...rows.values()];
+    },
+    async getMeta(k) {
+      return meta.get(k) ?? null;
+    },
+    async setMeta(k, v) {
+      meta.set(k, v);
+    },
+    async queueGet() {
+      return [...queue];
+    },
+    async queueSet(ops) {
+      queue = [...ops];
+    }
+  };
+};
+var indexedDbStore = (opts) => {
+  const dbName = opts.dbName ?? "backlex-sync";
+  const rowsStore = `rows:${opts.collection}`;
+  const metaStore = `meta:${opts.collection}`;
+  const idb = globalThis.indexedDB;
+  if (!idb) throw new Error("indexedDbStore requires a browser with IndexedDB; use memoryStore()");
+  let dbp = null;
+  const open = () => {
+    if (dbp) return dbp;
+    dbp = new Promise((resolve, reject) => {
+      const req = idb.open(dbName, 1);
+      req.onupgradeneeded = () => {
+        const db = req.result;
+        if (!db.objectStoreNames.contains(rowsStore)) db.createObjectStore(rowsStore);
+        if (!db.objectStoreNames.contains(metaStore)) db.createObjectStore(metaStore);
+      };
+      req.onsuccess = () => resolve(req.result);
+      req.onerror = () => reject(req.error);
+    });
+    return dbp;
+  };
+  const tx = async (store, mode, fn) => {
+    const db = await open();
+    return new Promise((resolve, reject) => {
+      const t = db.transaction(store, mode);
+      const req = fn(t.objectStore(store));
+      req.onsuccess = () => resolve(req.result);
+      req.onerror = () => reject(req.error);
+    });
+  };
+  return {
+    get: (id) => tx(rowsStore, "readonly", (s) => s.get(id)),
+    set: (id, row) => tx(rowsStore, "readwrite", (s) => s.put(row, id)).then(() => {
+    }),
+    remove: (id) => tx(rowsStore, "readwrite", (s) => s.delete(id)).then(() => {
+    }),
+    all: () => tx(rowsStore, "readonly", (s) => s.getAll()),
+    getMeta: (k) => tx(metaStore, "readonly", (s) => s.get(k)).then((v) => v ?? null),
+    setMeta: (k, v) => tx(metaStore, "readwrite", (s) => s.put(v, k)).then(() => {
+    }),
+    queueGet: () => tx(metaStore, "readonly", (s) => s.get("__queue")).then((v) => v ? JSON.parse(v) : []),
+    queueSet: (ops) => tx(metaStore, "readwrite", (s) => s.put(JSON.stringify(ops), "__queue")).then(() => {
+    })
+  };
+};
+var isOnline = () => {
+  const nav = globalThis.navigator;
+  return nav?.onLine ?? true;
+};
+var createSync = (client, options) => {
+  const store = options.store ?? memoryStore();
+  const pk = options.pk ?? "id";
+  const pageSize = options.pageSize ?? 200;
+  const slug = encodeURIComponent(options.collection);
+  const notify = () => options.onChange?.();
+  const pendingIds = async () => {
+    const q = await store.queueGet();
+    const s = /* @__PURE__ */ new Set();
+    for (const op of q) s.add(op.kind === "create" ? op.tempId : op.id);
+    return s;
+  };
+  const applyRow = async (row, skip) => {
+    const id = String(row[pk]);
+    if (skip.has(id)) return;
+    if (row._deleted === true || row.deleted_at != null) await store.remove(id);
+    else await store.set(id, row);
+  };
+  const pull = async () => {
+    let cursor = await store.getMeta("cursor");
+    let total = 0;
+    const skip = await pendingIds();
+    for (; ; ) {
+      const qs = `?limit=${pageSize}${cursor ? `&since=${encodeURIComponent(cursor)}` : ""}`;
+      const res = await client.request("GET", `/api/items/${slug}/changes${qs}`);
+      for (const row of res.data) await applyRow(row, skip);
+      total += res.data.length;
+      if (res.cursor) {
+        cursor = res.cursor;
+        await store.setMeta("cursor", cursor);
+      }
+      if (!res.hasMore) break;
+    }
+    if (total) notify();
+    return total;
+  };
+  const flush = async () => {
+    const queue = await store.queueGet();
+    if (queue.length === 0 || !isOnline()) return;
+    const operations = queue.map(
+      (op) => op.kind === "create" ? { op: "create", data: op.data } : op.kind === "update" ? { op: "update", id: op.id, data: op.data } : { op: "delete", id: op.id }
+    );
+    const res = await client.request(
+      "POST",
+      `/api/items/${slug}/batch`,
+      { operations }
+    );
+    for (let i = 0; i < queue.length; i++) {
+      const op = queue[i];
+      const r = res.data.results[i];
+      if (!op || !r || !r.ok) continue;
+      if (op.kind === "create") {
+        await store.remove(op.tempId);
+        if (r.data) await store.set(String(r.data[pk]), r.data);
+      } else if (op.kind === "update" && r.data) {
+        await store.set(String(r.data[pk]), r.data);
+      }
+    }
+    const remaining = queue.filter((_, i) => !res.data.results[i]?.ok);
+    await store.queueSet(remaining);
+    notify();
+  };
+  const enqueue = async (op) => {
+    const q = await store.queueGet();
+    q.push(op);
+    await store.queueSet(q);
+    if (isOnline()) await flush().catch(() => {
+    });
+  };
+  const getAll = () => store.all();
+  const get = (id) => store.get(id);
+  const create = async (data) => {
+    const tempId = `tmp_${Math.abs(hash(JSON.stringify(data) + await store.getMeta("seq"))).toString(36)}_${await bump()}`;
+    await store.set(tempId, { ...data, [pk]: tempId, _pending: true });
+    await enqueue({ kind: "create", tempId, data });
+    notify();
+    return tempId;
+  };
+  const update = async (id, data) => {
+    const cur = await store.get(id) ?? {};
+    await store.set(id, { ...cur, ...data });
+    await enqueue({ kind: "update", id, data });
+    notify();
+  };
+  const remove = async (id) => {
+    await store.remove(id);
+    await enqueue({ kind: "delete", id });
+    notify();
+  };
+  const bump = async () => {
+    const n = Number(await store.getMeta("seq") ?? "0") + 1;
+    await store.setMeta("seq", String(n));
+    return n;
+  };
+  let unsub = null;
+  let onlineHandler = null;
+  const live = () => {
+    unsub?.();
+    unsub = client.subscribe(`items:${options.collection}`, (e) => {
+      const row = e.event === "deleted" ? { ...e.data, _deleted: true } : e.data;
+      void applyRow(row, /* @__PURE__ */ new Set()).then(notify);
+    });
+    return () => {
+      unsub?.();
+      unsub = null;
+    };
+  };
+  const start = async () => {
+    await pull();
+    await flush().catch(() => {
+    });
+    live();
+    const target = globalThis;
+    if (target.addEventListener) {
+      onlineHandler = () => {
+        void flush().then(() => pull()).catch(() => {
+        });
+      };
+      target.addEventListener("online", onlineHandler);
+    }
+  };
+  const stop = () => {
+    unsub?.();
+    unsub = null;
+    const target = globalThis;
+    if (onlineHandler && target.removeEventListener) target.removeEventListener("online", onlineHandler);
+    onlineHandler = null;
+  };
+  return { pull, flush, live, start, stop, getAll, get, create, update, remove, store };
+};
+var hash = (s) => {
+  let h = 2166136261;
+  for (let i = 0; i < s.length; i++) {
+    h ^= s.charCodeAt(i);
+    h = Math.imul(h, 16777619);
+  }
+  return h | 0;
+};
+
+// src/index.ts
+var buildSearch = (q) => {
+  if (!q) return "";
+  const params = new URLSearchParams();
+  if (q.filter) params.set("filter", JSON.stringify(q.filter));
+  if (q.sort) {
+    params.set("sort", Array.isArray(q.sort) ? q.sort.join(",") : q.sort);
+  }
+  if (q.fields) {
+    params.set("fields", Array.isArray(q.fields) ? q.fields.join(",") : q.fields);
+  }
+  if (q.expand) {
+    params.set("expand", Array.isArray(q.expand) ? q.expand.join(",") : q.expand);
+  }
+  if (q.limit !== void 0) params.set("limit", String(q.limit));
+  if (q.offset !== void 0) params.set("offset", String(q.offset));
+  if (q.meta) params.set("meta", q.meta);
+  if (q.locale) params.set("locale", q.locale);
+  if (q.q) params.set("q", q.q);
+  if (q.status) params.set("status", q.status);
+  const s = params.toString();
+  return s ? `?${s}` : "";
+};
+var buildItemSearch = (q) => {
+  if (!q) return "";
+  const params = new URLSearchParams();
+  if (q.expand) {
+    params.set("expand", Array.isArray(q.expand) ? q.expand.join(",") : q.expand);
+  }
+  if (q.locale) params.set("locale", q.locale);
+  const s = params.toString();
+  return s ? `?${s}` : "";
+};
+var DEFAULT_CHUNK = 8 * 1024 * 1024;
+var OFFSET_OCTET = "application/offset+octet-stream";
+var b64 = (s) => btoa(String.fromCharCode(...new TextEncoder().encode(s)));
+var normalizeUploadData = (data) => {
+  if (typeof Blob !== "undefined" && data instanceof Blob) {
+    return { size: data.size, slice: (s, e) => data.slice(s, e) };
+  }
+  const u = data instanceof Uint8Array ? data : new Uint8Array(data);
+  return { size: u.byteLength, slice: (s, e) => u.subarray(s, e) };
+};
+var createClient = (opts) => {
+  const f = opts.fetch ?? globalThis.fetch.bind(globalThis);
+  let appToken = opts.token ?? null;
+  const authBase = opts.workspace ? `/api/t/${encodeURIComponent(opts.workspace)}/auth` : "/api/auth";
+  const authHeader = () => {
+    if (opts.apiKey) return { authorization: `Bearer ${opts.apiKey}` };
+    if (appToken) return { authorization: `Bearer ${appToken}` };
+    return {};
+  };
+  const tenantHeader = () => opts.tenant ? { "x-backlex-tenant": opts.tenant } : {};
+  const request = async (method, path, body, extraHeaders) => {
+    const headers = {
+      "content-type": "application/json",
+      ...authHeader(),
+      ...tenantHeader(),
+      ...extraHeaders ?? {}
+    };
+    const res = await f(`${opts.url}${path}`, {
+      method,
+      credentials: "include",
+      headers,
+      body: body !== void 0 ? JSON.stringify(body) : void 0
+    });
+    if (!res.ok) {
+      const errBody = await res.json().catch(() => ({}));
+      throw new BacklexError(res.status, errBody);
+    }
+    if (res.status === 204) return void 0;
+    return await res.json();
+  };
+  const requestRaw = async (method, path, rawBody, contentType) => {
+    const headers = {
+      ...authHeader(),
+      ...tenantHeader()
+    };
+    if (contentType) headers["content-type"] = contentType;
+    const res = await f(`${opts.url}${path}`, {
+      method,
+      credentials: "include",
+      headers,
+      body: rawBody
+    });
+    if (!res.ok) {
+      const errBody = await res.json().catch(() => ({}));
+      throw new BacklexError(res.status, errBody);
+    }
+    return res;
+  };
+  const collection = (slug) => {
+    const list = (q) => request("GET", `/api/items/${slug}${buildSearch(q)}`);
+    return {
+      list,
+      /** Fluent, type-safe query builder that compiles to `ListQuery`. */
+      query: () => new QueryBuilder(list),
+      /** Run a single-function aggregate (count/sum/avg/min/max), optionally grouped. */
+      aggregate: (body) => request("POST", `/api/items/${slug}/aggregate`, body),
+      /** Relevance search (full-text / vector / hybrid). */
+      search: (body) => request("POST", `/api/items/${slug}/search`, body),
+      /** Export every readable row as a JSON or CSV string (honors the same
+       *  read filters as `list`). */
+      exportItems: (format = "json") => requestRaw("GET", `/api/items/${slug}/export?format=${format}`).then(
+        (r) => r.text()
+      ),
+      /** Bulk-import rows from a JSON array (or raw JSON/CSV string). Each row
+       *  runs the normal create path; row-level failures land in `errors`. */
+      importItems: (body, format = "json") => {
+        const raw = typeof body === "string" ? body : JSON.stringify(body);
+        const contentType = format === "csv" ? "text/csv" : "application/json";
+        return requestRaw(
+          "POST",
+          `/api/items/${slug}/import?format=${format}`,
+          raw,
+          contentType
+        ).then((r) => r.json());
+      },
+      one: (id, opts2) => request("GET", `/api/items/${slug}/${id}${buildItemSearch(opts2)}`),
+      create: (data) => request("POST", `/api/items/${slug}`, data),
+      update: (id, patch) => request("PATCH", `/api/items/${slug}/${id}`, patch),
+      delete: (id) => request("DELETE", `/api/items/${slug}/${id}`),
+      /** Bulk-create rows. `atomic` runs the whole set in one transaction
+       *  (all-or-nothing; Postgres/SQLite only). Default is partial-success. */
+      createMany: (rows, opts2) => request("POST", `/api/items/${slug}/batch`, {
+        operations: rows.map((data) => ({ op: "create", data })),
+        atomic: opts2?.atomic
+      }),
+      /** Bulk-update rows by id. */
+      updateMany: (updates, opts2) => request("POST", `/api/items/${slug}/batch`, {
+        operations: updates.map((u) => ({ op: "update", id: u.id, data: u.data })),
+        atomic: opts2?.atomic
+      }),
+      /** Bulk-delete rows by id. */
+      deleteMany: (ids, opts2) => request("POST", `/api/items/${slug}/batch`, {
+        operations: ids.map((id) => ({ op: "delete", id })),
+        atomic: opts2?.atomic
+      }),
+      /** Mixed create/update/delete in one request. `atomic` = all-or-nothing. */
+      batch: (operations, opts2) => request("POST", `/api/items/${slug}/batch`, {
+        operations,
+        atomic: opts2?.atomic
+      }),
+      /** Flip a versioned item to published (`_status`) now. */
+      publish: (id) => request("POST", `/api/items/${slug}/${id}/publish`),
+      /** Flip a versioned item back to draft (clears any pending schedule). */
+      unpublish: (id) => request("POST", `/api/items/${slug}/${id}/publish?unpublish=1`),
+      /** Schedule a versioned item to auto-publish at `at` (the cron tick applies
+       *  it when due). Pass `null` to cancel a pending schedule. Requires the
+       *  `publish` permission. */
+      schedulePublish: (id, at) => request("POST", `/api/items/${slug}/${id}/publish`, {
+        publishAt: at == null ? null : at instanceof Date ? at.toISOString() : at
+      })
+    };
+  };
+  const subscribe = (channel, onEvent, onError) => {
+    const url = `${opts.url}/api/realtime/${channel}/subscribe`;
+    const es = new EventSource(url, { withCredentials: true });
+    es.addEventListener("message", (ev) => {
+      try {
+        onEvent(JSON.parse(ev.data));
+      } catch (e) {
+        onError?.(e);
+      }
+    });
+    es.addEventListener("error", (e) => onError?.(e));
+    return () => es.close();
+  };
+  const captureToken = (r) => {
+    if (opts.workspace && typeof r.token === "string") appToken = r.token;
+    return r;
+  };
+  const auth = {
+    /** Email + password sign-up. In app mode this creates a *workspace* end-
+     *  user (in `app_users`), not a control-plane account. */
+    signUp: (input) => request("POST", `${authBase}/sign-up/email`, input).then(captureToken),
+    /** Email + password sign-in. */
+    signIn: (input) => request("POST", `${authBase}/sign-in/email`, input).then(captureToken),
+    /**
+     * Begin an OAuth sign-in. Returns `{ url }` — the provider's authorize
+     * page — which a browser app should navigate to (`location.href = url`).
+     * `provider` must be one of the ids returned by `auth.providers()`.
+     */
+    signInSocial: (provider, input) => request("POST", `${authBase}/sign-in/social`, {
+      provider,
+      ...input,
+      // ask better-auth for the URL instead of a 302, so the caller controls
+      // the navigation.
+      disableRedirect: true
+    }),
+    /** Send a one-time sign-in link by email (requires the `magic` provider
+     *  to be enabled for the workspace). */
+    signInMagicLink: (input) => request("POST", `${authBase}/sign-in/magic-link`, input),
+    /** Email a one-time numeric code (requires the `email-otp` provider). `type`
+     *  defaults to `"sign-in"`; use `"email-verification"` / `"forget-password"`
+     *  for those flows. Complete a sign-in with `signInEmailOTP`. */
+    sendVerificationOTP: (input) => request("POST", `${authBase}/email-otp/send-verification-otp`, {
+      type: "sign-in",
+      ...input
+    }),
+    /** Complete an email-OTP sign-in with the code from `sendVerificationOTP`. In
+     *  app mode the returned session token is captured and replayed as a bearer. */
+    signInEmailOTP: (input) => request("POST", `${authBase}/sign-in/email-otp`, input).then(captureToken),
+    /** Send a password-reset email. `redirectTo` is the link the email points at. */
+    requestPasswordReset: (input) => request("POST", `${authBase}/request-password-reset`, input),
+    /** Complete a reset with the token from the email and a new password. */
+    resetPassword: (input) => request("POST", `${authBase}/reset-password`, input),
+    /** Mint a fresh short-lived access JWT from the stored session token (app
+     *  mode). The SDK's own requests keep using the session token; use this when a
+     *  downstream service needs a proper access token. */
+    refresh: () => request(
+      "POST",
+      `${authBase}/token/refresh`,
+      { refreshToken: appToken }
+    ),
+    /** Change the signed-in user's password (requires the current password). */
+    changePassword: (input) => request("POST", `${authBase}/change-password`, input),
+    /** Update the signed-in user's profile (e.g. `{ name, image }`). */
+    updateUser: (attributes) => request("POST", `${authBase}/update-user`, attributes),
+    /** Send an email-verification link to the signed-in (or named) user. */
+    sendVerificationEmail: (input) => request("POST", `${authBase}/send-verification-email`, input),
+    signOut: () => request("POST", `${authBase}/sign-out`).then((r) => {
+      if (opts.workspace) appToken = null;
+      return r;
+    }),
+    /** Current session, or `{ user: null }`. */
+    getSession: () => request("GET", `${authBase}/get-session`),
+    /** List the signed-in user's active sessions (one row per device/login). */
+    listSessions: () => request("GET", `${authBase}/list-sessions`),
+    /** Revoke one session by its `token` (from `listSessions`). */
+    revokeSession: (input) => request("POST", `${authBase}/revoke-session`, input),
+    /** Revoke every session **except** the current one (sign out other devices). */
+    revokeOtherSessions: () => request("POST", `${authBase}/revoke-other-sessions`),
+    /** Revoke **all** sessions, including the current one. */
+    revokeSessions: () => request("POST", `${authBase}/revoke-sessions`),
+    /** Public description of this workspace's auth surface (provider list +
+     *  policy flags) — what a sign-in screen needs to render. No secrets. */
+    providers: () => request("GET", `${authBase}/providers`).then((r) => r.data),
+    /** The current workspace session token (app mode) — persist this across
+     *  reloads and pass it back via `createClient({ token })`. */
+    getToken: () => appToken,
+    /** Restore a workspace session token (app mode). */
+    setToken: (token) => {
+      appToken = token;
+    }
+  };
+  const safeErr = async (res) => await res.json().catch(() => ({}));
+  const headOffset = async (location, signal) => {
+    const res = await f(`${opts.url}${location}`, {
+      method: "HEAD",
+      credentials: "include",
+      headers: { ...authHeader(), ...tenantHeader(), "Tus-Resumable": "1.0.0" },
+      signal
+    });
+    if (!res.ok) throw new BacklexError(res.status, void 0);
+    return Number(res.headers.get("Upload-Offset") ?? "0");
+  };
+  const patchLoop = async (location, src, chunkSize, onProgress, signal) => {
+    let offset = await headOffset(location, signal);
+    let retries = 0;
+    while (offset < src.size) {
+      const end = Math.min(offset + chunkSize, src.size);
+      try {
+        const res = await f(`${opts.url}${location}`, {
+          method: "PATCH",
+          credentials: "include",
+          headers: {
+            ...authHeader(),
+            ...tenantHeader(),
+            "Tus-Resumable": "1.0.0",
+            "Upload-Offset": String(offset),
+            "content-type": OFFSET_OCTET
+          },
+          body: src.slice(offset, end),
+          signal
+        });
+        if (res.status === 409) {
+          offset = await headOffset(location, signal);
+          continue;
+        }
+        if (!res.ok) throw new BacklexError(res.status, await safeErr(res));
+        offset = Number(res.headers.get("Upload-Offset") ?? String(end));
+        retries = 0;
+        onProgress?.(offset, src.size);
+      } catch (e) {
+        if (signal?.aborted) throw e;
+        if (e instanceof BacklexError && e.status >= 400 && e.status < 500 && e.status !== 409) {
+          throw e;
+        }
+        if (++retries > 6) throw e;
+        await new Promise((r) => setTimeout(r, 250 * 2 ** (retries - 1)));
+        offset = await headOffset(location, signal);
+      }
+    }
+  };
+  const storage = {
+    list: (prefix) => request(
+      "GET",
+      `/api/storage${prefix ? `?prefix=${encodeURIComponent(prefix)}` : ""}`
+    ),
+    put: async (key, body, contentType, folderId) => {
+      const headers = {
+        ...authHeader(),
+        ...tenantHeader(),
+        ...contentType ? { "content-type": contentType } : {}
+      };
+      const url = `${opts.url}/api/storage/${encodeURIComponent(key)}${folderId ? `?folderId=${folderId}` : ""}`;
+      const res = await f(url, {
+        method: "PUT",
+        credentials: "include",
+        headers,
+        body
+      });
+      if (!res.ok) {
+        const errBody = await res.json().catch(() => ({}));
+        throw new BacklexError(res.status, errBody);
+      }
+      return res.json();
+    },
+    download: async (key) => {
+      const res = await f(`${opts.url}/api/storage/${encodeURIComponent(key)}`, {
+        credentials: "include",
+        headers: { ...authHeader(), ...tenantHeader() }
+      });
+      if (!res.ok) {
+        throw new BacklexError(res.status, void 0);
+      }
+      return res;
+    },
+    delete: (key) => request(
+      "DELETE",
+      `/api/storage/${encodeURIComponent(key)}`
+    ),
+    /**
+     * Resumable upload (TUS 1.0.0). Splits `data` into chunks and PATCHes them
+     * to `/api/uploads`, resuming from the server's committed offset after a
+     * transient failure. `data` may be a `Blob`/`File`, `ArrayBuffer`, or
+     * `Uint8Array`. Returns the final key + the TUS session `location` (persist
+     * it to resume across page reloads via `resumeUpload`). The standard TUS
+     * protocol means Uppy / tus-js-client can also target `/api/uploads`.
+     */
+    uploadResumable: async (input) => {
+      const src = normalizeUploadData(input.data);
+      const meta = [`key ${b64(input.key)}`];
+      const ct = input.contentType ?? (input.data instanceof Blob ? input.data.type : "");
+      if (ct) meta.push(`contentType ${b64(ct)}`);
+      if (input.folderId) meta.push(`folderId ${b64(input.folderId)}`);
+      const res = await f(`${opts.url}/api/uploads`, {
+        method: "POST",
+        credentials: "include",
+        headers: {
+          ...authHeader(),
+          ...tenantHeader(),
+          "Tus-Resumable": "1.0.0",
+          "Upload-Length": String(src.size),
+          "Upload-Metadata": meta.join(",")
+        },
+        signal: input.signal
+      });
+      if (!res.ok) throw new BacklexError(res.status, await safeErr(res));
+      const location = res.headers.get("Location");
+      if (!location) throw new BacklexError(res.status, void 0);
+      await patchLoop(location, src, input.chunkSize ?? DEFAULT_CHUNK, input.onProgress, input.signal);
+      return { key: input.key, location };
+    },
+    /** Resume a previously-started resumable upload at the server's offset. */
+    resumeUpload: async (location, data, opts2) => {
+      await patchLoop(
+        location,
+        normalizeUploadData(data),
+        opts2?.chunkSize ?? DEFAULT_CHUNK,
+        opts2?.onProgress,
+        opts2?.signal
+      );
+    }
+  };
+  const messaging = {
+    /** Register (or refresh) the current user's push device. Re-registering the
+     *  same token reactivates it and updates last-seen, so call this on every
+     *  app launch. `web-push` requires `keys` (the VAPID subscription keys). */
+    registerDevice: (input) => request("POST", "/api/device-tokens", input),
+    /** Remove one of the caller's registered devices by id. */
+    unregister: (id) => request("DELETE", `/api/device-tokens/${encodeURIComponent(id)}`),
+    /** List the caller's registered devices. */
+    listDevices: () => request("GET", "/api/device-tokens"),
+    /** Register (or refresh) the current user's phone number for SMS. Number
+     *  must be E.164 (e.g. "+14155552671"). Re-registering reactivates it. */
+    registerPhone: (input) => request("POST", "/api/phone-numbers", input),
+    /** Remove one of the caller's registered phone numbers by id. */
+    unregisterPhone: (id) => request("DELETE", `/api/phone-numbers/${encodeURIComponent(id)}`),
+    /** List the caller's registered phone numbers. */
+    listPhones: () => request("GET", "/api/phone-numbers")
+  };
+  const jobs = {
+    /** Enqueue a durable background job. `type` is `function` (run a named
+     *  function with `payload.name` + `payload.input`) or `webhook.deliver`.
+     *  Jobs retry with backoff and dead-letter after `maxAttempts`. Pass
+     *  `runAt` (ISO string) to schedule for later. Admin-scoped. */
+    enqueue: (input) => request("POST", "/api/jobs", input),
+    /** List jobs (newest first), optionally filtered by queue/status. */
+    list: (q) => {
+      const params = new URLSearchParams();
+      if (q?.queue) params.set("queue", q.queue);
+      if (q?.status) params.set("status", q.status);
+      if (q?.limit != null) params.set("limit", String(q.limit));
+      const suffix = params.toString() ? `?${params.toString()}` : "";
+      return request("GET", `/api/jobs${suffix}`);
+    },
+    /** Fetch a single job by id. */
+    get: (id) => request("GET", `/api/jobs/${encodeURIComponent(id)}`),
+    /** Requeue a failed / dead-lettered / cancelled job to run again. */
+    retry: (id) => request("POST", `/api/jobs/${encodeURIComponent(id)}/retry`),
+    /** Cancel a pending job. */
+    cancel: (id) => request("POST", `/api/jobs/${encodeURIComponent(id)}/cancel`),
+    /** Delete a job row. */
+    remove: (id) => request("DELETE", `/api/jobs/${encodeURIComponent(id)}`)
+  };
+  let flagsCache = null;
+  const fetchFlags = async () => {
+    const res = await request("GET", "/api/flags");
+    flagsCache = res.data ?? {};
+    return flagsCache;
+  };
+  const flags = {
+    /** Fetch + cache the evaluated flag map. */
+    all: () => fetchFlags(),
+    /** Resolved value for a flag (remote config payload), or `undefined`. Uses
+     *  the cache if `all()` was already called this session; pass
+     *  `{ refresh: true }` to force a re-fetch. */
+    get: async (key, opts2) => {
+      const map = opts2?.refresh || !flagsCache ? await fetchFlags() : flagsCache;
+      return map[key]?.value;
+    },
+    /** Whether a flag is on for the caller. */
+    isEnabled: async (key, opts2) => {
+      const map = opts2?.refresh || !flagsCache ? await fetchFlags() : flagsCache;
+      return Boolean(map[key]?.enabled);
+    }
+  };
+  const sync = (options) => createSync({ request, subscribe }, options);
+  return {
+    from: collection,
+    subscribe,
+    auth,
+    storage,
+    messaging,
+    jobs,
+    flags,
+    sync,
+    /** Raw escape hatch — issues a request with auth headers applied. */
+    request
+  };
+};
+var typedCollections = (client) => {
+  const collections = new Proxy({}, {
+    get: (_target, slug) => typeof slug === "string" ? client.from(slug) : void 0
+  });
+  return Object.assign(client, { collections });
+};
+
+export { QueryBuilder, createClient, createSync, indexedDbStore, memoryStore, typedCollections };