dexie-cloud-sdk 0.1.0

package/dist/index.js

@@ -0,0 +1,1065 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  AuthManager: () => AuthManager,
+  BlobManager: () => BlobManager,
+  DataManager: () => DataManager,
+  DatabaseManager: () => DatabaseManager,
+  DatabaseSession: () => DatabaseSession,
+  DexieCloudAuthError: () => DexieCloudAuthError,
+  DexieCloudClient: () => DexieCloudClient,
+  DexieCloudError: () => DexieCloudError,
+  DexieCloudNetworkError: () => DexieCloudNetworkError,
+  FetchAdapter: () => FetchAdapter,
+  HealthManager: () => HealthManager,
+  NodeAdapter: () => NodeAdapter,
+  TSON: () => TSON,
+  createAdapter: () => createAdapter,
+  default: () => DexieCloudClient,
+  parse: () => parse,
+  stringify: () => stringify
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/types.ts
+var DexieCloudError = class extends Error {
+  constructor(message, status, response) {
+    super(message);
+    this.status = status;
+    this.response = response;
+    this.name = "DexieCloudError";
+  }
+};
+var DexieCloudAuthError = class extends DexieCloudError {
+  constructor(message, status) {
+    super(message, status);
+    this.name = "DexieCloudAuthError";
+  }
+};
+var DexieCloudNetworkError = class extends DexieCloudError {
+  constructor(message) {
+    super(message);
+    this.name = "DexieCloudNetworkError";
+  }
+};
+
+// src/adapters.ts
+var FetchAdapter = class {
+  constructor(config, fetchImpl = globalThis.fetch) {
+    this.config = config;
+    this.fetchImpl = fetchImpl;
+    if (!this.fetchImpl) {
+      throw new Error("Fetch is not available. Please provide a fetch implementation.");
+    }
+  }
+  async fetch(url, options = {}) {
+    const { timeout = 3e4, debug } = this.config;
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), timeout);
+    const fetchOptions = {
+      ...options,
+      signal: controller.signal,
+      headers: {
+        "Content-Type": "application/json",
+        "User-Agent": "dexie-cloud-sdk",
+        ...options.headers
+      }
+    };
+    if (debug) {
+      console.log(`[DexieCloud] ${options.method || "GET"} ${url}`, fetchOptions);
+    }
+    try {
+      const response = await this.fetchImpl(url, fetchOptions);
+      if (debug) {
+        console.log(`[DexieCloud] Response ${response.status}`, response);
+      }
+      return response;
+    } catch (error) {
+      if (error instanceof Error && error.name === "AbortError") {
+        throw new Error(`Request timeout after ${timeout}ms`);
+      }
+      throw error;
+    } finally {
+      clearTimeout(timeoutId);
+    }
+  }
+};
+var NodeAdapter = class {
+  constructor(config) {
+    this.config = config;
+  }
+  async fetch(url, options = {}) {
+    const { default: fetch } = await import("node-fetch");
+    const adapter = new FetchAdapter(this.config, fetch);
+    return adapter.fetch(url, options);
+  }
+};
+function createAdapter(config) {
+  if (config.fetch) {
+    return new FetchAdapter(config, config.fetch);
+  }
+  if (typeof globalThis.fetch === "function") {
+    return new FetchAdapter(config);
+  }
+  if (typeof process !== "undefined" && process.versions?.node) {
+    return new NodeAdapter(config);
+  }
+  throw new Error("No suitable HTTP adapter found. Please provide a fetch implementation in config.");
+}
+
+// src/tson.ts
+var import_dexie_cloud_common = require("dexie-cloud-common");
+var import_dexie_cloud_common2 = require("dexie-cloud-common");
+var sdkTypeDefs = {
+  // URL type support
+  URL: {
+    test: (val) => val instanceof URL,
+    replace: (url) => ({
+      $t: "URL",
+      href: url.href
+    }),
+    revive: ({ href }) => new URL(href)
+  }
+};
+var TSON = (0, import_dexie_cloud_common.TypesonSimplified)(
+  import_dexie_cloud_common.builtInTypeDefs,
+  import_dexie_cloud_common.fileTypeDef,
+  sdkTypeDefs
+);
+function stringify(value, space) {
+  return TSON.stringify(value, void 0, space);
+}
+function parse(text) {
+  return TSON.parse(text);
+}
+
+// src/http-utils.ts
+async function parseResponse(response) {
+  const text = await response.text();
+  if (!text || text.trim() === "") {
+    return void 0;
+  }
+  try {
+    return TSON.parse(text);
+  } catch (error) {
+    throw new Error(`Failed to parse response: ${error instanceof Error ? error.message : String(error)}`);
+  }
+}
+function stringifyBody(data) {
+  if (data === void 0 || data === null) {
+    return "";
+  }
+  try {
+    return TSON.stringify(data);
+  } catch (error) {
+    throw new Error(`Failed to stringify request body: ${error instanceof Error ? error.message : String(error)}`);
+  }
+}
+
+// src/auth.ts
+var AuthManager = class {
+  constructor(config, http) {
+    this.config = config;
+    this.http = http;
+  }
+  get serviceUrl() {
+    return `${this.config.serviceUrl}/service`;
+  }
+  /**
+   * Step 1: Request OTP to be sent to email
+   * Returns otp_id needed for verification
+   */
+  async requestOTP(email, scopes = ["CREATE_DB"]) {
+    const response = await this.http.fetch(`${this.serviceUrl}/token`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: stringifyBody({
+        grant_type: "otp",
+        email,
+        scopes
+      })
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      throw new DexieCloudAuthError(
+        `Failed to request OTP: ${error}`,
+        response.status
+      );
+    }
+    const data = await parseResponse(response);
+    if (data.type !== "otp-sent" || !data.otp_id) {
+      throw new DexieCloudAuthError(`Unexpected response: ${JSON.stringify(data)}`);
+    }
+    return data.otp_id;
+  }
+  /**
+   * Step 2: Verify OTP and get access tokens
+   */
+  async verifyOTP(email, otpId, otp, scopes = ["CREATE_DB"]) {
+    const response = await this.http.fetch(`${this.serviceUrl}/token`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: stringifyBody({
+        grant_type: "otp",
+        email,
+        scopes,
+        otp_id: otpId,
+        otp
+      })
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      throw new DexieCloudAuthError(
+        `Failed to verify OTP: ${error}`,
+        response.status
+      );
+    }
+    const data = await parseResponse(response);
+    if (data.type !== "tokens" || !data.accessToken) {
+      throw new DexieCloudAuthError(`Unexpected response: ${JSON.stringify(data)}`);
+    }
+    return {
+      accessToken: data.accessToken,
+      refreshToken: data.refreshToken,
+      userId: data.userId
+    };
+  }
+  /**
+   * Full OTP flow: request → verify → return tokens
+   * The getOTP callback should return the OTP code (e.g., from email)
+   */
+  async authenticateWithOTP(email, getOTP, scopes = ["CREATE_DB"]) {
+    const otpId = await this.requestOTP(email, scopes);
+    const otp = await getOTP();
+    return this.verifyOTP(email, otpId, otp, scopes);
+  }
+  /**
+   * Request OTP for database-specific operations
+   */
+  async requestDatabaseOTP(dbUrl, email) {
+    const response = await this.http.fetch(`${dbUrl}/token`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: stringifyBody({
+        grant_type: "otp-email",
+        email
+      })
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      throw new DexieCloudAuthError(
+        `Failed to request database OTP: ${error}`,
+        response.status
+      );
+    }
+  }
+  /**
+   * Verify OTP for database-specific access
+   */
+  async verifyDatabaseOTP(dbUrl, email, otp) {
+    const response = await this.http.fetch(`${dbUrl}/token`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: stringifyBody({
+        grant_type: "otp-token",
+        email,
+        otp
+      })
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      throw new DexieCloudAuthError(
+        `Failed to verify database OTP: ${error}`,
+        response.status
+      );
+    }
+    return parseResponse(response);
+  }
+  /**
+   * Full database authentication flow
+   */
+  async authenticateDatabase(dbUrl, email, getOTP) {
+    await this.requestDatabaseOTP(dbUrl, email);
+    const otp = await getOTP();
+    return this.verifyDatabaseOTP(dbUrl, email, otp);
+  }
+  /**
+   * Authenticate using client credentials (client_id + client_secret).
+   *
+   * This is the recommended method for server-to-server access.
+   * The credentials are found in the `dexie-cloud.key` file generated
+   * by the `dexie-cloud` CLI when connecting to a database.
+   *
+   * @param dbUrl - The database URL (e.g., 'https://xxxxxxxx.dexie.cloud')
+   * @param clientId - The client_id from dexie-cloud.key
+   * @param clientSecret - The client_secret from dexie-cloud.key
+   * @param scopes - Requested scopes (default: ['ACCESS_DB'])
+   */
+  async authenticateWithClientCredentials(dbUrl, clientId, clientSecret, scopes = ["ACCESS_DB"]) {
+    const response = await this.http.fetch(`${dbUrl}/token`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: stringifyBody({
+        grant_type: "client_credentials",
+        client_id: clientId,
+        client_secret: clientSecret,
+        scopes
+      })
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      throw new DexieCloudAuthError(
+        `Failed to authenticate with client credentials: ${error}`,
+        response.status
+      );
+    }
+    const data = await parseResponse(response);
+    if (data.type !== "tokens" || !data.accessToken) {
+      throw new DexieCloudAuthError(`Unexpected response: ${JSON.stringify(data)}`);
+    }
+    return {
+      accessToken: data.accessToken,
+      refreshToken: data.refreshToken,
+      userId: data.userId
+    };
+  }
+};
+
+// src/database.ts
+var DatabaseManager = class {
+  constructor(config, http) {
+    this.config = config;
+    this.http = http;
+  }
+  get serviceUrl() {
+    return `${this.config.serviceUrl}/service`;
+  }
+  /**
+   * Create a new database (requires authenticated token with CREATE_DB scope)
+   */
+  async create(accessToken, options = {}) {
+    const response = await this.http.fetch(`${this.serviceUrl}/create-db`, {
+      method: "POST",
+      headers: {
+        "Authorization": `Bearer ${accessToken}`,
+        "Content-Type": "application/json"
+      },
+      body: stringifyBody({
+        timeZone: options.timeZone || "UTC",
+        ...options.hackathon && { hackathon: true }
+      })
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      throw new DexieCloudError(
+        `Failed to create database: ${error}`,
+        response.status
+      );
+    }
+    const data = await parseResponse(response);
+    if (!data?.url) {
+      throw new DexieCloudError(`Invalid response: ${JSON.stringify(data)}`);
+    }
+    return data;
+  }
+  /**
+   * List databases accessible to user (placeholder - API not documented yet)
+   */
+  async list(accessToken) {
+    throw new Error("List databases API not yet implemented");
+  }
+  /**
+   * Get database information by URL (placeholder)
+   */
+  async getInfo(dbUrl, accessToken) {
+    throw new Error("Database info API not yet implemented");
+  }
+  /**
+   * Delete database (placeholder - use with extreme caution!)
+   */
+  async delete(dbUrl, accessToken) {
+    throw new Error("Delete database API not yet implemented");
+  }
+};
+
+// src/health.ts
+var HealthManager = class {
+  constructor(config, http) {
+    this.config = config;
+    this.http = http;
+  }
+  /**
+   * Health check - basic server status
+   */
+  async health() {
+    try {
+      const response = await this.http.fetch(`${this.config.serviceUrl}/health`);
+      return response.ok;
+    } catch {
+      return false;
+    }
+  }
+  /**
+   * Ready check - server + database connection
+   */
+  async ready() {
+    try {
+      const response = await this.http.fetch(`${this.config.serviceUrl}/ready`);
+      return response.ok;
+    } catch {
+      return false;
+    }
+  }
+  /**
+   * Combined health status
+   */
+  async status() {
+    const [healthy, ready] = await Promise.all([
+      this.health(),
+      this.ready()
+    ]);
+    return { healthy, ready };
+  }
+  /**
+   * Wait for server to be ready
+   */
+  async waitForReady(timeout = 6e4, interval = 1e3) {
+    const startTime = Date.now();
+    while (Date.now() - startTime < timeout) {
+      if (await this.ready()) {
+        return;
+      }
+      await new Promise((resolve) => setTimeout(resolve, interval));
+    }
+    throw new DexieCloudNetworkError(`Server not ready after ${timeout}ms`);
+  }
+  /**
+   * Wait for server to be healthy
+   */
+  async waitForHealth(timeout = 3e4, interval = 1e3) {
+    const startTime = Date.now();
+    while (Date.now() - startTime < timeout) {
+      if (await this.health()) {
+        return;
+      }
+      await new Promise((resolve) => setTimeout(resolve, interval));
+    }
+    throw new DexieCloudNetworkError(`Server not healthy after ${timeout}ms`);
+  }
+};
+
+// src/data.ts
+async function handleResponse(response) {
+  if (!response.ok) {
+    const text = await response.text().catch(() => "");
+    throw new DexieCloudError(
+      `HTTP ${response.status}: ${text || response.statusText}`,
+      response.status,
+      text
+    );
+  }
+  return parseResponse(response);
+}
+var DataManager = class {
+  constructor(dbUrl, http, blobManager, access = "my") {
+    this.dbUrl = dbUrl;
+    this.http = http;
+    this.blobManager = blobManager;
+    this.access = access;
+  }
+  tableUrl(table) {
+    return `${this.dbUrl}/${this.access}/${encodeURIComponent(table)}`;
+  }
+  itemUrl(table, id) {
+    return `${this.dbUrl}/${this.access}/${encodeURIComponent(table)}/${encodeURIComponent(id)}`;
+  }
+  /**
+   * List all objects in a table, optionally filtered by realm.
+   * BlobRefs in results are automatically resolved to inline data
+   * when a BlobManager is present.
+   */
+  async list(table, token, options) {
+    let url = this.tableUrl(table);
+    if (options?.realm) {
+      url += `?realm=${encodeURIComponent(options.realm)}`;
+    }
+    const response = await this.http.fetch(url, {
+      method: "GET",
+      headers: { Authorization: `Bearer ${token}` }
+    });
+    const result = await handleResponse(response);
+    const items = Array.isArray(result) ? result : result?.data ?? result ?? [];
+    if (this.blobManager) {
+      const resolved = [];
+      for (const item of items) {
+        resolved.push(await this.blobManager.processForRead(item, token));
+      }
+      return resolved;
+    }
+    return items;
+  }
+  /**
+   * Get a single object by id.
+   * BlobRefs in the result are automatically resolved to inline data
+   * when a BlobManager is present.
+   */
+  async get(table, id, token) {
+    const url = this.itemUrl(table, id);
+    const response = await this.http.fetch(url, {
+      method: "GET",
+      headers: { Authorization: `Bearer ${token}` }
+    });
+    const result = await handleResponse(response);
+    if (this.blobManager) {
+      return this.blobManager.processForRead(result, token);
+    }
+    return result;
+  }
+  /**
+   * Create an object in a table.
+   * Inline blobs in obj are automatically uploaded and replaced with
+   * BlobRefs when a BlobManager is present.
+   */
+  async create(table, obj, token) {
+    const url = this.tableUrl(table);
+    const body = this.blobManager ? await this.blobManager.processForUpload(obj, token) : obj;
+    const response = await this.http.fetch(url, {
+      method: "POST",
+      headers: {
+        Authorization: `Bearer ${token}`,
+        "Content-Type": "application/json"
+      },
+      body: stringifyBody(body)
+    });
+    const keys = await handleResponse(response);
+    const id = Array.isArray(keys) ? keys[0] : keys;
+    return { id: typeof id === "string" ? id : JSON.stringify(id) };
+  }
+  /**
+   * Replace (full update) an object by id using HTTP PUT.
+   *
+   * NOTE: This sends the complete object as a full replacement (PUT semantics).
+   * All fields not included in `obj` will be removed on the server.
+   * If you want partial updates, use a PATCH-based approach when the server
+   * supports it (not currently exposed here).
+   *
+   * Previously named `update()` — `update` is kept as an alias for backwards
+   * compatibility but may be deprecated in a future release.
+   */
+  async replace(table, id, obj, token) {
+    const url = this.tableUrl(table);
+    const merged = { ...obj, id };
+    const body = this.blobManager ? await this.blobManager.processForUpload(merged, token) : merged;
+    const response = await this.http.fetch(url, {
+      method: "POST",
+      headers: {
+        Authorization: `Bearer ${token}`,
+        "Content-Type": "application/json"
+      },
+      body: stringifyBody(body)
+    });
+    const keys = await handleResponse(response);
+    const returnedId = Array.isArray(keys) ? keys[0] : keys;
+    return { id: typeof returnedId === "string" ? returnedId : JSON.stringify(returnedId) };
+  }
+  /**
+   * @deprecated Use `replace()` instead. This method performs a full object
+   * replacement (HTTP PUT), not a partial update (PATCH). The name `update`
+   * is misleading and kept only for backwards compatibility.
+   */
+  update(table, id, obj, token) {
+    return this.replace(table, id, obj, token);
+  }
+  /**
+   * Delete an object by id.
+   */
+  async delete(table, id, token) {
+    const url = this.itemUrl(table, id);
+    const response = await this.http.fetch(url, {
+      method: "DELETE",
+      headers: { Authorization: `Bearer ${token}` }
+    });
+    if (!response.ok) {
+      const text = await response.text().catch(() => "");
+      throw new DexieCloudError(
+        `HTTP ${response.status}: ${text || response.statusText}`,
+        response.status,
+        text
+      );
+    }
+  }
+  /**
+   * Bulk create objects in a table in parallel.
+   * All requests are sent concurrently via Promise.all.
+   *
+   * NOTE: This is NOT atomic — if one create fails, others may have already
+   * succeeded on the server. There is no rollback for partial failures.
+   */
+  async bulkCreate(table, objects, token) {
+    return Promise.all(objects.map((obj) => this.create(table, obj, token)));
+  }
+};
+
+// src/blob.ts
+var BLOB_THRESHOLD = 4096;
+var MAX_CONCURRENT_DOWNLOADS = 6;
+function generateBlobId() {
+  if (typeof crypto !== "undefined" && typeof crypto.randomUUID === "function") {
+    return crypto.randomUUID().replace(/-/g, "");
+  }
+  if (typeof crypto !== "undefined" && typeof crypto.getRandomValues === "function") {
+    const bytes = new Uint8Array(16);
+    crypto.getRandomValues(bytes);
+    return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+  }
+  const ts = Date.now().toString(16);
+  const rand = Math.floor(Math.random() * 4294967295).toString(16).padStart(8, "0");
+  return ts + rand;
+}
+async function toUint8Array(data) {
+  if (data instanceof Uint8Array) return data;
+  if (data instanceof ArrayBuffer) return new Uint8Array(data);
+  if (typeof Blob !== "undefined" && data instanceof Blob) {
+    const buf = await data.arrayBuffer();
+    return new Uint8Array(buf);
+  }
+  if (ArrayBuffer.isView(data)) {
+    return new Uint8Array(data.buffer, data.byteOffset, data.byteLength);
+  }
+  throw new TypeError("Unsupported data type for blob upload");
+}
+function isInlineBlob(val) {
+  return val !== null && typeof val === "object" && typeof val._bt === "string" && typeof val.v === "string";
+}
+function isBlobRef(val) {
+  return val !== null && typeof val === "object" && typeof val._bt === "string" && typeof val.ref === "string" && val.v === void 0;
+}
+function base64ToUint8Array(b64) {
+  if (typeof Buffer !== "undefined") {
+    return new Uint8Array(Buffer.from(b64, "base64"));
+  }
+  const binary = atob(b64);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) {
+    bytes[i] = binary.charCodeAt(i);
+  }
+  return bytes;
+}
+function uint8ArrayToBase64(data) {
+  if (typeof Buffer !== "undefined") {
+    return Buffer.from(data).toString("base64");
+  }
+  let binary = "";
+  for (let i = 0; i < data.length; i++) {
+    binary += String.fromCharCode(data[i]);
+  }
+  return btoa(binary);
+}
+var DEFAULT_MAX_STRING_LENGTH = 32768;
+var BlobManager = class {
+  constructor(dbUrl, http, mode = "auto", maxStringLength = DEFAULT_MAX_STRING_LENGTH) {
+    this.dbUrl = dbUrl;
+    this.http = http;
+    this.mode = mode;
+    this.maxStringLength = maxStringLength;
+  }
+  /**
+   * Upload binary data to the blob store.
+   * Returns the blob ref (e.g. "1:abc123...").
+   */
+  async upload(data, contentType = "application/octet-stream", token) {
+    const blobId = generateBlobId();
+    const url = `${this.dbUrl}/blob/${blobId}`;
+    const bytes = await toUint8Array(data);
+    const response = await this.http.fetch(url, {
+      method: "PUT",
+      headers: {
+        Authorization: `Bearer ${token}`,
+        "Content-Type": contentType
+      },
+      body: bytes
+    });
+    if (!response.ok) {
+      const text2 = await response.text().catch(() => "");
+      throw new DexieCloudError(
+        `Blob upload failed HTTP ${response.status}: ${text2 || response.statusText}`,
+        response.status,
+        text2
+      );
+    }
+    const text = await response.text().catch(() => "");
+    if (text && text.trim()) {
+      try {
+        const parsed = JSON.parse(text);
+        if (parsed?.ref) return parsed.ref;
+      } catch {
+      }
+      if (text.includes(":")) return text.trim();
+    }
+    throw new DexieCloudError(
+      `Blob upload succeeded (HTTP ${response.status}) but server returned no parseable ref. Cannot construct a safe blob reference without the server-assigned version.`,
+      response.status,
+      text
+    );
+  }
+  /**
+   * Download a blob by ref (format: "version:blobId").
+   */
+  async download(ref, token) {
+    const url = `${this.dbUrl}/blob/${encodeURIComponent(ref)}`;
+    const response = await this.http.fetch(url, {
+      method: "GET",
+      headers: { Authorization: `Bearer ${token}` }
+    });
+    if (!response.ok) {
+      const text = await response.text().catch(() => "");
+      throw new DexieCloudError(
+        `Blob download failed HTTP ${response.status}: ${text || response.statusText}`,
+        response.status,
+        text
+      );
+    }
+    const contentType = response.headers?.get("content-type") ?? "application/octet-stream";
+    const arrayBuffer = await response.arrayBuffer();
+    return { data: new Uint8Array(arrayBuffer), contentType };
+  }
+  /**
+   * Process an object before uploading: find inline blobs large enough to
+   * offload (≥ BLOB_THRESHOLD bytes), upload them, replace with BlobRefs.
+   * Small binaries are left inline. Only active in 'auto' mode.
+   */
+  async processForUpload(obj, token) {
+    if (this.mode !== "auto") return obj;
+    return this._walkForUpload(obj, token);
+  }
+  /**
+   * Process an object after reading: find BlobRefs, download them,
+   * replace with inline data. Only active in 'auto' mode.
+   */
+  async processForRead(obj, token) {
+    if (this.mode !== "auto") return obj;
+    return this._walkForRead(obj, token);
+  }
+  async _walkForUpload(val, token) {
+    if (typeof val === "string" && val.length > this.maxStringLength && this.maxStringLength !== Infinity) {
+      const bytes = new TextEncoder().encode(val);
+      const ref = await this.upload(bytes, "text/plain;charset=utf-8", token);
+      return { _bt: "string", ref, size: bytes.length };
+    }
+    if (isInlineBlob(val)) {
+      const bytes = base64ToUint8Array(val.v);
+      if (bytes.length < BLOB_THRESHOLD) {
+        return val;
+      }
+      const contentType = val.ct ?? "application/octet-stream";
+      const ref = await this.upload(bytes, contentType, token);
+      const blobRef = {
+        _bt: val._bt,
+        ref,
+        size: bytes.length,
+        ...val._bt === "Blob" && val.ct ? { ct: val.ct } : {}
+      };
+      return blobRef;
+    }
+    if (Array.isArray(val)) {
+      return Promise.all(val.map((item) => this._walkForUpload(item, token)));
+    }
+    if (val !== null && typeof val === "object") {
+      const entries = await Promise.all(
+        Object.entries(val).map(async ([k, v]) => [k, await this._walkForUpload(v, token)])
+      );
+      return Object.fromEntries(entries);
+    }
+    return val;
+  }
+  async _walkForRead(val, token) {
+    if (isBlobRef(val)) {
+      if (val._bt === "string") {
+        const { data: data2 } = await this.download(val.ref, token);
+        return new TextDecoder().decode(data2);
+      }
+      const { data, contentType } = await this.download(val.ref, token);
+      return {
+        _bt: val._bt,
+        v: uint8ArrayToBase64(data),
+        ...val._bt === "Blob" ? { ct: val.ct ?? contentType } : {}
+      };
+    }
+    if (Array.isArray(val)) {
+      return this._parallelMap(val, (item) => this._walkForRead(item, token));
+    }
+    if (val !== null && typeof val === "object") {
+      const keys = Object.keys(val);
+      const resolvedValues = await this._parallelMap(
+        keys,
+        (k) => this._walkForRead(val[k], token)
+      );
+      const result = {};
+      for (let i = 0; i < keys.length; i++) {
+        result[keys[i]] = resolvedValues[i];
+      }
+      return result;
+    }
+    return val;
+  }
+  /**
+   * Like Promise.all but with a concurrency cap.
+   */
+  async _parallelMap(items, fn) {
+    const results = new Array(items.length);
+    let index = 0;
+    async function worker() {
+      while (index < items.length) {
+        const i = index++;
+        results[i] = await fn(items[i]);
+      }
+    }
+    const workers = Array.from(
+      { length: Math.min(MAX_CONCURRENT_DOWNLOADS, items.length) },
+      () => worker()
+    );
+    await Promise.all(workers);
+    return results;
+  }
+};
+
+// src/DatabaseSession.ts
+function stableStringify(obj) {
+  const sorted = Object.keys(obj).sort().reduce(
+    (acc, key) => {
+      acc[key] = obj[key];
+      return acc;
+    },
+    {}
+  );
+  return JSON.stringify(sorted);
+}
+var tokenCache = /* @__PURE__ */ new Map();
+var REFRESH_MARGIN = 300;
+function cacheKey(clientId, dbUrl, claims) {
+  return `${clientId}::${dbUrl}::${stableStringify(claims ?? {})}`;
+}
+function parseJwtExp(token) {
+  const payload = JSON.parse(
+    Buffer.from(token.split(".")[1], "base64url").toString()
+  );
+  return payload.exp;
+}
+function createDataProxy(data, getToken) {
+  return new Proxy(data, {
+    get(target, prop) {
+      const original = target[prop];
+      if (typeof original !== "function") return original;
+      return async (...args) => {
+        const token = await getToken();
+        return original.apply(target, [...args, token]);
+      };
+    }
+  });
+}
+function createBlobProxy(blobs, getToken) {
+  return new Proxy(blobs, {
+    get(target, prop) {
+      const original = target[prop];
+      if (typeof original !== "function") return original;
+      return async (...args) => {
+        const token = await getToken();
+        return original.apply(target, [...args, token]);
+      };
+    }
+  });
+}
+var DatabaseSession = class _DatabaseSession {
+  constructor(dbUrl, credentials, http, blobManager, dataManager) {
+    this.dbUrl = dbUrl;
+    this.credentials = credentials;
+    this.http = http;
+    this.inflightToken = null;
+    const getToken = () => this.getToken();
+    this.data = createDataProxy(dataManager, getToken);
+    this.blobs = createBlobProxy(blobManager, getToken);
+  }
+  /**
+   * Create a new session that impersonates a specific user.
+   *
+   * The returned session shares the same HTTP adapter and managers but
+   * uses a separate cache entry for tokens.
+   */
+  asUser(claims) {
+    const bm = new BlobManager(this.dbUrl, this.http);
+    return new _DatabaseSession(
+      this.dbUrl,
+      { ...this.credentials, impersonate: claims },
+      this.http,
+      bm,
+      new DataManager(this.dbUrl, this.http, bm, "my")
+    );
+  }
+  // ── Token management ────────────────────────────────────────────
+  async getToken() {
+    const key = cacheKey(
+      this.credentials.clientId,
+      this.dbUrl,
+      this.credentials.impersonate
+    );
+    const cached = tokenCache.get(key);
+    const now = Math.floor(Date.now() / 1e3);
+    if (cached && cached.expiresAt - now > REFRESH_MARGIN) {
+      return cached.token;
+    }
+    if (!this.inflightToken) {
+      this.inflightToken = this.fetchToken(key).finally(() => {
+        this.inflightToken = null;
+      });
+    }
+    return this.inflightToken;
+  }
+  async fetchToken(key) {
+    const { clientId, clientSecret, impersonate } = this.credentials;
+    const isImpersonation = !!impersonate;
+    const body = {
+      grant_type: "client_credentials",
+      client_id: clientId,
+      client_secret: clientSecret,
+      scopes: isImpersonation ? ["ACCESS_DB", "IMPERSONATE", "MANAGE_DB"] : ["ACCESS_DB", "GLOBAL_READ", "GLOBAL_WRITE"]
+      // GLOBAL_* needed for /all/ access
+    };
+    if (isImpersonation) {
+      body.claims = impersonate;
+    }
+    const response = await this.http.fetch(`${this.dbUrl}/token`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: stringifyBody(body)
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      throw new DexieCloudAuthError(
+        `Failed to authenticate with client credentials: ${error}`,
+        response.status
+      );
+    }
+    const data = await parseResponse(response);
+    if (data.type !== "tokens" || !data.accessToken) {
+      throw new DexieCloudAuthError(
+        `Unexpected token response: ${JSON.stringify(data)}`
+      );
+    }
+    const token = data.accessToken;
+    const expiresAt = parseJwtExp(token);
+    tokenCache.set(key, { token, expiresAt });
+    return token;
+  }
+};
+
+// src/client.ts
+var DexieCloudClient = class {
+  constructor(config) {
+    const fullConfig = typeof config === "string" ? { serviceUrl: config } : config;
+    if (!fullConfig.serviceUrl) {
+      throw new DexieCloudError("serviceUrl is required");
+    }
+    fullConfig.serviceUrl = fullConfig.serviceUrl.replace(/\/$/, "");
+    if (fullConfig.dbUrl) {
+      fullConfig.dbUrl = fullConfig.dbUrl.replace(/\/$/, "");
+    }
+    this.http = createAdapter(fullConfig);
+    this.auth = new AuthManager(fullConfig, this.http);
+    this.databases = new DatabaseManager(fullConfig, this.http);
+    this.health = new HealthManager(fullConfig, this.http);
+    const dbUrl = fullConfig.dbUrl ?? fullConfig.serviceUrl;
+    this.blobs = new BlobManager(dbUrl, this.http, fullConfig.blobHandling ?? "auto", fullConfig.maxStringLength ?? 32768);
+    this.data = new DataManager(dbUrl, this.http, this.blobs);
+  }
+  /**
+   * Convenience method: Full database creation flow with OTP
+   * 1. Request OTP → 2. Get OTP from callback → 3. Verify → 4. Create DB
+   */
+  async createDatabase(email, getOTP, options = {}) {
+    const { accessToken } = await this.auth.authenticateWithOTP(email, getOTP, ["CREATE_DB"]);
+    const dbInfo = await this.databases.create(accessToken, options);
+    return { ...dbInfo, accessToken };
+  }
+  /** Convenience: Check if service is operational */
+  async isReady() {
+    return this.health.ready();
+  }
+  /** Convenience: Get full health status */
+  async getStatus() {
+    return this.health.status();
+  }
+  /** Convenience: Wait for service to be ready */
+  async waitForReady(timeout) {
+    return this.health.waitForReady(timeout);
+  }
+  /**
+   * Create a pre-authenticated DatabaseSession for a specific database.
+   *
+   * Tokens are acquired lazily and cached in-memory. When a token is
+   * within 5 minutes of expiry a fresh one is fetched transparently.
+   *
+   * @example
+   * ```ts
+   * const db = client.db('https://xxxxxxxx.dexie.cloud', {
+   *   clientId: '...',
+   *   clientSecret: '...',
+   * });
+   * const items = await db.data.list('todoItems');
+   * ```
+   */
+  db(dbUrl, credentials) {
+    const normalizedUrl = dbUrl.replace(/\/$/, "");
+    const blobManager = new BlobManager(normalizedUrl, this.http);
+    const access = credentials.impersonate ? "my" : "all";
+    const dataManager = new DataManager(normalizedUrl, this.http, blobManager, access);
+    return new DatabaseSession(normalizedUrl, credentials, this.http, blobManager, dataManager);
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AuthManager,
+  BlobManager,
+  DataManager,
+  DatabaseManager,
+  DatabaseSession,
+  DexieCloudAuthError,
+  DexieCloudClient,
+  DexieCloudError,
+  DexieCloudNetworkError,
+  FetchAdapter,
+  HealthManager,
+  NodeAdapter,
+  TSON,
+  createAdapter,
+  parse,
+  stringify
+});