npm - dexie-cloud-sdk - Versions diffs - 0.1.0 - Mend

dexie-cloud-sdk 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.mjs ADDED Viewed

@@ -0,0 +1,1017 @@
+// src/types.ts
+var DexieCloudError = class extends Error {
+  constructor(message, status, response) {
+    super(message);
+    this.status = status;
+    this.response = response;
+    this.name = "DexieCloudError";
+  }
+};
+var DexieCloudAuthError = class extends DexieCloudError {
+  constructor(message, status) {
+    super(message, status);
+    this.name = "DexieCloudAuthError";
+  }
+};
+var DexieCloudNetworkError = class extends DexieCloudError {
+  constructor(message) {
+    super(message);
+    this.name = "DexieCloudNetworkError";
+  }
+};
+// src/adapters.ts
+var FetchAdapter = class {
+  constructor(config, fetchImpl = globalThis.fetch) {
+    this.config = config;
+    this.fetchImpl = fetchImpl;
+    if (!this.fetchImpl) {
+      throw new Error("Fetch is not available. Please provide a fetch implementation.");
+    }
+  }
+  async fetch(url, options = {}) {
+    const { timeout = 3e4, debug } = this.config;
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), timeout);
+    const fetchOptions = {
+      ...options,
+      signal: controller.signal,
+      headers: {
+        "Content-Type": "application/json",
+        "User-Agent": "dexie-cloud-sdk",
+        ...options.headers
+      }
+    };
+    if (debug) {
+      console.log(`[DexieCloud] ${options.method || "GET"} ${url}`, fetchOptions);
+    }
+    try {
+      const response = await this.fetchImpl(url, fetchOptions);
+      if (debug) {
+        console.log(`[DexieCloud] Response ${response.status}`, response);
+      }
+      return response;
+    } catch (error) {
+      if (error instanceof Error && error.name === "AbortError") {
+        throw new Error(`Request timeout after ${timeout}ms`);
+      }
+      throw error;
+    } finally {
+      clearTimeout(timeoutId);
+    }
+  }
+};
+var NodeAdapter = class {
+  constructor(config) {
+    this.config = config;
+  }
+  async fetch(url, options = {}) {
+    const { default: fetch } = await import("node-fetch");
+    const adapter = new FetchAdapter(this.config, fetch);
+    return adapter.fetch(url, options);
+  }
+};
+function createAdapter(config) {
+  if (config.fetch) {
+    return new FetchAdapter(config, config.fetch);
+  }
+  if (typeof globalThis.fetch === "function") {
+    return new FetchAdapter(config);
+  }
+  if (typeof process !== "undefined" && process.versions?.node) {
+    return new NodeAdapter(config);
+  }
+  throw new Error("No suitable HTTP adapter found. Please provide a fetch implementation in config.");
+}
+// src/tson.ts
+import {
+  TypesonSimplified,
+  builtInTypeDefs,
+  fileTypeDef
+} from "dexie-cloud-common";
+import { TypesonSimplified as TypesonSimplified2, builtInTypeDefs as builtInTypeDefs2 } from "dexie-cloud-common";
+var sdkTypeDefs = {
+  // URL type support
+  URL: {
+    test: (val) => val instanceof URL,
+    replace: (url) => ({
+      $t: "URL",
+      href: url.href
+    }),
+    revive: ({ href }) => new URL(href)
+  }
+};
+var TSON = TypesonSimplified(
+  builtInTypeDefs,
+  fileTypeDef,
+  sdkTypeDefs
+);
+function stringify(value, space) {
+  return TSON.stringify(value, void 0, space);
+}
+function parse(text) {
+  return TSON.parse(text);
+}
+// src/http-utils.ts
+async function parseResponse(response) {
+  const text = await response.text();
+  if (!text || text.trim() === "") {
+    return void 0;
+  }
+  try {
+    return TSON.parse(text);
+  } catch (error) {
+    throw new Error(`Failed to parse response: ${error instanceof Error ? error.message : String(error)}`);
+  }
+}
+function stringifyBody(data) {
+  if (data === void 0 || data === null) {
+    return "";
+  }
+  try {
+    return TSON.stringify(data);
+  } catch (error) {
+    throw new Error(`Failed to stringify request body: ${error instanceof Error ? error.message : String(error)}`);
+  }
+}
+// src/auth.ts
+var AuthManager = class {
+  constructor(config, http) {
+    this.config = config;
+    this.http = http;
+  }
+  get serviceUrl() {
+    return `${this.config.serviceUrl}/service`;
+  }
+  /**
+   * Step 1: Request OTP to be sent to email
+   * Returns otp_id needed for verification
+   */
+  async requestOTP(email, scopes = ["CREATE_DB"]) {
+    const response = await this.http.fetch(`${this.serviceUrl}/token`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: stringifyBody({
+        grant_type: "otp",
+        email,
+        scopes
+      })
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      throw new DexieCloudAuthError(
+        `Failed to request OTP: ${error}`,
+        response.status
+      );
+    }
+    const data = await parseResponse(response);
+    if (data.type !== "otp-sent" || !data.otp_id) {
+      throw new DexieCloudAuthError(`Unexpected response: ${JSON.stringify(data)}`);
+    }
+    return data.otp_id;
+  }
+  /**
+   * Step 2: Verify OTP and get access tokens
+   */
+  async verifyOTP(email, otpId, otp, scopes = ["CREATE_DB"]) {
+    const response = await this.http.fetch(`${this.serviceUrl}/token`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: stringifyBody({
+        grant_type: "otp",
+        email,
+        scopes,
+        otp_id: otpId,
+        otp
+      })
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      throw new DexieCloudAuthError(
+        `Failed to verify OTP: ${error}`,
+        response.status
+      );
+    }
+    const data = await parseResponse(response);
+    if (data.type !== "tokens" || !data.accessToken) {
+      throw new DexieCloudAuthError(`Unexpected response: ${JSON.stringify(data)}`);
+    }
+    return {
+      accessToken: data.accessToken,
+      refreshToken: data.refreshToken,
+      userId: data.userId
+    };
+  }
+  /**
+   * Full OTP flow: request → verify → return tokens
+   * The getOTP callback should return the OTP code (e.g., from email)
+   */
+  async authenticateWithOTP(email, getOTP, scopes = ["CREATE_DB"]) {
+    const otpId = await this.requestOTP(email, scopes);
+    const otp = await getOTP();
+    return this.verifyOTP(email, otpId, otp, scopes);
+  }
+  /**
+   * Request OTP for database-specific operations
+   */
+  async requestDatabaseOTP(dbUrl, email) {
+    const response = await this.http.fetch(`${dbUrl}/token`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: stringifyBody({
+        grant_type: "otp-email",
+        email
+      })
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      throw new DexieCloudAuthError(
+        `Failed to request database OTP: ${error}`,
+        response.status
+      );
+    }
+  }
+  /**
+   * Verify OTP for database-specific access
+   */
+  async verifyDatabaseOTP(dbUrl, email, otp) {
+    const response = await this.http.fetch(`${dbUrl}/token`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: stringifyBody({
+        grant_type: "otp-token",
+        email,
+        otp
+      })
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      throw new DexieCloudAuthError(
+        `Failed to verify database OTP: ${error}`,
+        response.status
+      );
+    }
+    return parseResponse(response);
+  }
+  /**
+   * Full database authentication flow
+   */
+  async authenticateDatabase(dbUrl, email, getOTP) {
+    await this.requestDatabaseOTP(dbUrl, email);
+    const otp = await getOTP();
+    return this.verifyDatabaseOTP(dbUrl, email, otp);
+  }
+  /**
+   * Authenticate using client credentials (client_id + client_secret).
+   *
+   * This is the recommended method for server-to-server access.
+   * The credentials are found in the `dexie-cloud.key` file generated
+   * by the `dexie-cloud` CLI when connecting to a database.
+   *
+   * @param dbUrl - The database URL (e.g., 'https://xxxxxxxx.dexie.cloud')
+   * @param clientId - The client_id from dexie-cloud.key
+   * @param clientSecret - The client_secret from dexie-cloud.key
+   * @param scopes - Requested scopes (default: ['ACCESS_DB'])
+   */
+  async authenticateWithClientCredentials(dbUrl, clientId, clientSecret, scopes = ["ACCESS_DB"]) {
+    const response = await this.http.fetch(`${dbUrl}/token`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: stringifyBody({
+        grant_type: "client_credentials",
+        client_id: clientId,
+        client_secret: clientSecret,
+        scopes
+      })
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      throw new DexieCloudAuthError(
+        `Failed to authenticate with client credentials: ${error}`,
+        response.status
+      );
+    }
+    const data = await parseResponse(response);
+    if (data.type !== "tokens" || !data.accessToken) {
+      throw new DexieCloudAuthError(`Unexpected response: ${JSON.stringify(data)}`);
+    }
+    return {
+      accessToken: data.accessToken,
+      refreshToken: data.refreshToken,
+      userId: data.userId
+    };
+  }
+};
+// src/database.ts
+var DatabaseManager = class {
+  constructor(config, http) {
+    this.config = config;
+    this.http = http;
+  }
+  get serviceUrl() {
+    return `${this.config.serviceUrl}/service`;
+  }
+  /**
+   * Create a new database (requires authenticated token with CREATE_DB scope)
+   */
+  async create(accessToken, options = {}) {
+    const response = await this.http.fetch(`${this.serviceUrl}/create-db`, {
+      method: "POST",
+      headers: {
+        "Authorization": `Bearer ${accessToken}`,
+        "Content-Type": "application/json"
+      },
+      body: stringifyBody({
+        timeZone: options.timeZone || "UTC",
+        ...options.hackathon && { hackathon: true }
+      })
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      throw new DexieCloudError(
+        `Failed to create database: ${error}`,
+        response.status
+      );
+    }
+    const data = await parseResponse(response);
+    if (!data?.url) {
+      throw new DexieCloudError(`Invalid response: ${JSON.stringify(data)}`);
+    }
+    return data;
+  }
+  /**
+   * List databases accessible to user (placeholder - API not documented yet)
+   */
+  async list(accessToken) {
+    throw new Error("List databases API not yet implemented");
+  }
+  /**
+   * Get database information by URL (placeholder)
+   */
+  async getInfo(dbUrl, accessToken) {
+    throw new Error("Database info API not yet implemented");
+  }
+  /**
+   * Delete database (placeholder - use with extreme caution!)
+   */
+  async delete(dbUrl, accessToken) {
+    throw new Error("Delete database API not yet implemented");
+  }
+};
+// src/health.ts
+var HealthManager = class {
+  constructor(config, http) {
+    this.config = config;
+    this.http = http;
+  }
+  /**
+   * Health check - basic server status
+   */
+  async health() {
+    try {
+      const response = await this.http.fetch(`${this.config.serviceUrl}/health`);
+      return response.ok;
+    } catch {
+      return false;
+    }
+  }
+  /**
+   * Ready check - server + database connection
+   */
+  async ready() {
+    try {
+      const response = await this.http.fetch(`${this.config.serviceUrl}/ready`);
+      return response.ok;
+    } catch {
+      return false;
+    }
+  }
+  /**
+   * Combined health status
+   */
+  async status() {
+    const [healthy, ready] = await Promise.all([
+      this.health(),
+      this.ready()
+    ]);
+    return { healthy, ready };
+  }
+  /**
+   * Wait for server to be ready
+   */
+  async waitForReady(timeout = 6e4, interval = 1e3) {
+    const startTime = Date.now();
+    while (Date.now() - startTime < timeout) {
+      if (await this.ready()) {
+        return;
+      }
+      await new Promise((resolve) => setTimeout(resolve, interval));
+    }
+    throw new DexieCloudNetworkError(`Server not ready after ${timeout}ms`);
+  }
+  /**
+   * Wait for server to be healthy
+   */
+  async waitForHealth(timeout = 3e4, interval = 1e3) {
+    const startTime = Date.now();
+    while (Date.now() - startTime < timeout) {
+      if (await this.health()) {
+        return;
+      }
+      await new Promise((resolve) => setTimeout(resolve, interval));
+    }
+    throw new DexieCloudNetworkError(`Server not healthy after ${timeout}ms`);
+  }
+};
+// src/data.ts
+async function handleResponse(response) {
+  if (!response.ok) {
+    const text = await response.text().catch(() => "");
+    throw new DexieCloudError(
+      `HTTP ${response.status}: ${text || response.statusText}`,
+      response.status,
+      text
+    );
+  }
+  return parseResponse(response);
+}
+var DataManager = class {
+  constructor(dbUrl, http, blobManager, access = "my") {
+    this.dbUrl = dbUrl;
+    this.http = http;
+    this.blobManager = blobManager;
+    this.access = access;
+  }
+  tableUrl(table) {
+    return `${this.dbUrl}/${this.access}/${encodeURIComponent(table)}`;
+  }
+  itemUrl(table, id) {
+    return `${this.dbUrl}/${this.access}/${encodeURIComponent(table)}/${encodeURIComponent(id)}`;
+  }
+  /**
+   * List all objects in a table, optionally filtered by realm.
+   * BlobRefs in results are automatically resolved to inline data
+   * when a BlobManager is present.
+   */
+  async list(table, token, options) {
+    let url = this.tableUrl(table);
+    if (options?.realm) {
+      url += `?realm=${encodeURIComponent(options.realm)}`;
+    }
+    const response = await this.http.fetch(url, {
+      method: "GET",
+      headers: { Authorization: `Bearer ${token}` }
+    });
+    const result = await handleResponse(response);
+    const items = Array.isArray(result) ? result : result?.data ?? result ?? [];
+    if (this.blobManager) {
+      const resolved = [];
+      for (const item of items) {
+        resolved.push(await this.blobManager.processForRead(item, token));
+      }
+      return resolved;
+    }
+    return items;
+  }
+  /**
+   * Get a single object by id.
+   * BlobRefs in the result are automatically resolved to inline data
+   * when a BlobManager is present.
+   */
+  async get(table, id, token) {
+    const url = this.itemUrl(table, id);
+    const response = await this.http.fetch(url, {
+      method: "GET",
+      headers: { Authorization: `Bearer ${token}` }
+    });
+    const result = await handleResponse(response);
+    if (this.blobManager) {
+      return this.blobManager.processForRead(result, token);
+    }
+    return result;
+  }
+  /**
+   * Create an object in a table.
+   * Inline blobs in obj are automatically uploaded and replaced with
+   * BlobRefs when a BlobManager is present.
+   */
+  async create(table, obj, token) {
+    const url = this.tableUrl(table);
+    const body = this.blobManager ? await this.blobManager.processForUpload(obj, token) : obj;
+    const response = await this.http.fetch(url, {
+      method: "POST",
+      headers: {
+        Authorization: `Bearer ${token}`,
+        "Content-Type": "application/json"
+      },
+      body: stringifyBody(body)
+    });
+    const keys = await handleResponse(response);
+    const id = Array.isArray(keys) ? keys[0] : keys;
+    return { id: typeof id === "string" ? id : JSON.stringify(id) };
+  }
+  /**
+   * Replace (full update) an object by id using HTTP PUT.
+   *
+   * NOTE: This sends the complete object as a full replacement (PUT semantics).
+   * All fields not included in `obj` will be removed on the server.
+   * If you want partial updates, use a PATCH-based approach when the server
+   * supports it (not currently exposed here).
+   *
+   * Previously named `update()` — `update` is kept as an alias for backwards
+   * compatibility but may be deprecated in a future release.
+   */
+  async replace(table, id, obj, token) {
+    const url = this.tableUrl(table);
+    const merged = { ...obj, id };
+    const body = this.blobManager ? await this.blobManager.processForUpload(merged, token) : merged;
+    const response = await this.http.fetch(url, {
+      method: "POST",
+      headers: {
+        Authorization: `Bearer ${token}`,
+        "Content-Type": "application/json"
+      },
+      body: stringifyBody(body)
+    });
+    const keys = await handleResponse(response);
+    const returnedId = Array.isArray(keys) ? keys[0] : keys;
+    return { id: typeof returnedId === "string" ? returnedId : JSON.stringify(returnedId) };
+  }
+  /**
+   * @deprecated Use `replace()` instead. This method performs a full object
+   * replacement (HTTP PUT), not a partial update (PATCH). The name `update`
+   * is misleading and kept only for backwards compatibility.
+   */
+  update(table, id, obj, token) {
+    return this.replace(table, id, obj, token);
+  }
+  /**
+   * Delete an object by id.
+   */
+  async delete(table, id, token) {
+    const url = this.itemUrl(table, id);
+    const response = await this.http.fetch(url, {
+      method: "DELETE",
+      headers: { Authorization: `Bearer ${token}` }
+    });
+    if (!response.ok) {
+      const text = await response.text().catch(() => "");
+      throw new DexieCloudError(
+        `HTTP ${response.status}: ${text || response.statusText}`,
+        response.status,
+        text
+      );
+    }
+  }
+  /**
+   * Bulk create objects in a table in parallel.
+   * All requests are sent concurrently via Promise.all.
+   *
+   * NOTE: This is NOT atomic — if one create fails, others may have already
+   * succeeded on the server. There is no rollback for partial failures.
+   */
+  async bulkCreate(table, objects, token) {
+    return Promise.all(objects.map((obj) => this.create(table, obj, token)));
+  }
+};
+// src/blob.ts
+var BLOB_THRESHOLD = 4096;
+var MAX_CONCURRENT_DOWNLOADS = 6;
+function generateBlobId() {
+  if (typeof crypto !== "undefined" && typeof crypto.randomUUID === "function") {
+    return crypto.randomUUID().replace(/-/g, "");
+  }
+  if (typeof crypto !== "undefined" && typeof crypto.getRandomValues === "function") {
+    const bytes = new Uint8Array(16);
+    crypto.getRandomValues(bytes);
+    return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+  }
+  const ts = Date.now().toString(16);
+  const rand = Math.floor(Math.random() * 4294967295).toString(16).padStart(8, "0");
+  return ts + rand;
+}
+async function toUint8Array(data) {
+  if (data instanceof Uint8Array) return data;
+  if (data instanceof ArrayBuffer) return new Uint8Array(data);
+  if (typeof Blob !== "undefined" && data instanceof Blob) {
+    const buf = await data.arrayBuffer();
+    return new Uint8Array(buf);
+  }
+  if (ArrayBuffer.isView(data)) {
+    return new Uint8Array(data.buffer, data.byteOffset, data.byteLength);
+  }
+  throw new TypeError("Unsupported data type for blob upload");
+}
+function isInlineBlob(val) {
+  return val !== null && typeof val === "object" && typeof val._bt === "string" && typeof val.v === "string";
+}
+function isBlobRef(val) {
+  return val !== null && typeof val === "object" && typeof val._bt === "string" && typeof val.ref === "string" && val.v === void 0;
+}
+function base64ToUint8Array(b64) {
+  if (typeof Buffer !== "undefined") {
+    return new Uint8Array(Buffer.from(b64, "base64"));
+  }
+  const binary = atob(b64);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) {
+    bytes[i] = binary.charCodeAt(i);
+  }
+  return bytes;
+}
+function uint8ArrayToBase64(data) {
+  if (typeof Buffer !== "undefined") {
+    return Buffer.from(data).toString("base64");
+  }
+  let binary = "";
+  for (let i = 0; i < data.length; i++) {
+    binary += String.fromCharCode(data[i]);
+  }
+  return btoa(binary);
+}
+var DEFAULT_MAX_STRING_LENGTH = 32768;
+var BlobManager = class {
+  constructor(dbUrl, http, mode = "auto", maxStringLength = DEFAULT_MAX_STRING_LENGTH) {
+    this.dbUrl = dbUrl;
+    this.http = http;
+    this.mode = mode;
+    this.maxStringLength = maxStringLength;
+  }
+  /**
+   * Upload binary data to the blob store.
+   * Returns the blob ref (e.g. "1:abc123...").
+   */
+  async upload(data, contentType = "application/octet-stream", token) {
+    const blobId = generateBlobId();
+    const url = `${this.dbUrl}/blob/${blobId}`;
+    const bytes = await toUint8Array(data);
+    const response = await this.http.fetch(url, {
+      method: "PUT",
+      headers: {
+        Authorization: `Bearer ${token}`,
+        "Content-Type": contentType
+      },
+      body: bytes
+    });
+    if (!response.ok) {
+      const text2 = await response.text().catch(() => "");
+      throw new DexieCloudError(
+        `Blob upload failed HTTP ${response.status}: ${text2 || response.statusText}`,
+        response.status,
+        text2
+      );
+    }
+    const text = await response.text().catch(() => "");
+    if (text && text.trim()) {
+      try {
+        const parsed = JSON.parse(text);
+        if (parsed?.ref) return parsed.ref;
+      } catch {
+      }
+      if (text.includes(":")) return text.trim();
+    }
+    throw new DexieCloudError(
+      `Blob upload succeeded (HTTP ${response.status}) but server returned no parseable ref. Cannot construct a safe blob reference without the server-assigned version.`,
+      response.status,
+      text
+    );
+  }
+  /**
+   * Download a blob by ref (format: "version:blobId").
+   */
+  async download(ref, token) {
+    const url = `${this.dbUrl}/blob/${encodeURIComponent(ref)}`;
+    const response = await this.http.fetch(url, {
+      method: "GET",
+      headers: { Authorization: `Bearer ${token}` }
+    });
+    if (!response.ok) {
+      const text = await response.text().catch(() => "");
+      throw new DexieCloudError(
+        `Blob download failed HTTP ${response.status}: ${text || response.statusText}`,
+        response.status,
+        text
+      );
+    }
+    const contentType = response.headers?.get("content-type") ?? "application/octet-stream";
+    const arrayBuffer = await response.arrayBuffer();
+    return { data: new Uint8Array(arrayBuffer), contentType };
+  }
+  /**
+   * Process an object before uploading: find inline blobs large enough to
+   * offload (≥ BLOB_THRESHOLD bytes), upload them, replace with BlobRefs.
+   * Small binaries are left inline. Only active in 'auto' mode.
+   */
+  async processForUpload(obj, token) {
+    if (this.mode !== "auto") return obj;
+    return this._walkForUpload(obj, token);
+  }
+  /**
+   * Process an object after reading: find BlobRefs, download them,
+   * replace with inline data. Only active in 'auto' mode.
+   */
+  async processForRead(obj, token) {
+    if (this.mode !== "auto") return obj;
+    return this._walkForRead(obj, token);
+  }
+  async _walkForUpload(val, token) {
+    if (typeof val === "string" && val.length > this.maxStringLength && this.maxStringLength !== Infinity) {
+      const bytes = new TextEncoder().encode(val);
+      const ref = await this.upload(bytes, "text/plain;charset=utf-8", token);
+      return { _bt: "string", ref, size: bytes.length };
+    }
+    if (isInlineBlob(val)) {
+      const bytes = base64ToUint8Array(val.v);
+      if (bytes.length < BLOB_THRESHOLD) {
+        return val;
+      }
+      const contentType = val.ct ?? "application/octet-stream";
+      const ref = await this.upload(bytes, contentType, token);
+      const blobRef = {
+        _bt: val._bt,
+        ref,
+        size: bytes.length,
+        ...val._bt === "Blob" && val.ct ? { ct: val.ct } : {}
+      };
+      return blobRef;
+    }
+    if (Array.isArray(val)) {
+      return Promise.all(val.map((item) => this._walkForUpload(item, token)));
+    }
+    if (val !== null && typeof val === "object") {
+      const entries = await Promise.all(
+        Object.entries(val).map(async ([k, v]) => [k, await this._walkForUpload(v, token)])
+      );
+      return Object.fromEntries(entries);
+    }
+    return val;
+  }
+  async _walkForRead(val, token) {
+    if (isBlobRef(val)) {
+      if (val._bt === "string") {
+        const { data: data2 } = await this.download(val.ref, token);
+        return new TextDecoder().decode(data2);
+      }
+      const { data, contentType } = await this.download(val.ref, token);
+      return {
+        _bt: val._bt,
+        v: uint8ArrayToBase64(data),
+        ...val._bt === "Blob" ? { ct: val.ct ?? contentType } : {}
+      };
+    }
+    if (Array.isArray(val)) {
+      return this._parallelMap(val, (item) => this._walkForRead(item, token));
+    }
+    if (val !== null && typeof val === "object") {
+      const keys = Object.keys(val);
+      const resolvedValues = await this._parallelMap(
+        keys,
+        (k) => this._walkForRead(val[k], token)
+      );
+      const result = {};
+      for (let i = 0; i < keys.length; i++) {
+        result[keys[i]] = resolvedValues[i];
+      }
+      return result;
+    }
+    return val;
+  }
+  /**
+   * Like Promise.all but with a concurrency cap.
+   */
+  async _parallelMap(items, fn) {
+    const results = new Array(items.length);
+    let index = 0;
+    async function worker() {
+      while (index < items.length) {
+        const i = index++;
+        results[i] = await fn(items[i]);
+      }
+    }
+    const workers = Array.from(
+      { length: Math.min(MAX_CONCURRENT_DOWNLOADS, items.length) },
+      () => worker()
+    );
+    await Promise.all(workers);
+    return results;
+  }
+};
+// src/DatabaseSession.ts
+function stableStringify(obj) {
+  const sorted = Object.keys(obj).sort().reduce(
+    (acc, key) => {
+      acc[key] = obj[key];
+      return acc;
+    },
+    {}
+  );
+  return JSON.stringify(sorted);
+}
+var tokenCache = /* @__PURE__ */ new Map();
+var REFRESH_MARGIN = 300;
+function cacheKey(clientId, dbUrl, claims) {
+  return `${clientId}::${dbUrl}::${stableStringify(claims ?? {})}`;
+}
+function parseJwtExp(token) {
+  const payload = JSON.parse(
+    Buffer.from(token.split(".")[1], "base64url").toString()
+  );
+  return payload.exp;
+}
+function createDataProxy(data, getToken) {
+  return new Proxy(data, {
+    get(target, prop) {
+      const original = target[prop];
+      if (typeof original !== "function") return original;
+      return async (...args) => {
+        const token = await getToken();
+        return original.apply(target, [...args, token]);
+      };
+    }
+  });
+}
+function createBlobProxy(blobs, getToken) {
+  return new Proxy(blobs, {
+    get(target, prop) {
+      const original = target[prop];
+      if (typeof original !== "function") return original;
+      return async (...args) => {
+        const token = await getToken();
+        return original.apply(target, [...args, token]);
+      };
+    }
+  });
+}
+var DatabaseSession = class _DatabaseSession {
+  constructor(dbUrl, credentials, http, blobManager, dataManager) {
+    this.dbUrl = dbUrl;
+    this.credentials = credentials;
+    this.http = http;
+    this.inflightToken = null;
+    const getToken = () => this.getToken();
+    this.data = createDataProxy(dataManager, getToken);
+    this.blobs = createBlobProxy(blobManager, getToken);
+  }
+  /**
+   * Create a new session that impersonates a specific user.
+   *
+   * The returned session shares the same HTTP adapter and managers but
+   * uses a separate cache entry for tokens.
+   */
+  asUser(claims) {
+    const bm = new BlobManager(this.dbUrl, this.http);
+    return new _DatabaseSession(
+      this.dbUrl,
+      { ...this.credentials, impersonate: claims },
+      this.http,
+      bm,
+      new DataManager(this.dbUrl, this.http, bm, "my")
+    );
+  }
+  // ── Token management ────────────────────────────────────────────
+  async getToken() {
+    const key = cacheKey(
+      this.credentials.clientId,
+      this.dbUrl,
+      this.credentials.impersonate
+    );
+    const cached = tokenCache.get(key);
+    const now = Math.floor(Date.now() / 1e3);
+    if (cached && cached.expiresAt - now > REFRESH_MARGIN) {
+      return cached.token;
+    }
+    if (!this.inflightToken) {
+      this.inflightToken = this.fetchToken(key).finally(() => {
+        this.inflightToken = null;
+      });
+    }
+    return this.inflightToken;
+  }
+  async fetchToken(key) {
+    const { clientId, clientSecret, impersonate } = this.credentials;
+    const isImpersonation = !!impersonate;
+    const body = {
+      grant_type: "client_credentials",
+      client_id: clientId,
+      client_secret: clientSecret,
+      scopes: isImpersonation ? ["ACCESS_DB", "IMPERSONATE", "MANAGE_DB"] : ["ACCESS_DB", "GLOBAL_READ", "GLOBAL_WRITE"]
+      // GLOBAL_* needed for /all/ access
+    };
+    if (isImpersonation) {
+      body.claims = impersonate;
+    }
+    const response = await this.http.fetch(`${this.dbUrl}/token`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: stringifyBody(body)
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      throw new DexieCloudAuthError(
+        `Failed to authenticate with client credentials: ${error}`,
+        response.status
+      );
+    }
+    const data = await parseResponse(response);
+    if (data.type !== "tokens" || !data.accessToken) {
+      throw new DexieCloudAuthError(
+        `Unexpected token response: ${JSON.stringify(data)}`
+      );
+    }
+    const token = data.accessToken;
+    const expiresAt = parseJwtExp(token);
+    tokenCache.set(key, { token, expiresAt });
+    return token;
+  }
+};
+// src/client.ts
+var DexieCloudClient = class {
+  constructor(config) {
+    const fullConfig = typeof config === "string" ? { serviceUrl: config } : config;
+    if (!fullConfig.serviceUrl) {
+      throw new DexieCloudError("serviceUrl is required");
+    }
+    fullConfig.serviceUrl = fullConfig.serviceUrl.replace(/\/$/, "");
+    if (fullConfig.dbUrl) {
+      fullConfig.dbUrl = fullConfig.dbUrl.replace(/\/$/, "");
+    }
+    this.http = createAdapter(fullConfig);
+    this.auth = new AuthManager(fullConfig, this.http);
+    this.databases = new DatabaseManager(fullConfig, this.http);
+    this.health = new HealthManager(fullConfig, this.http);
+    const dbUrl = fullConfig.dbUrl ?? fullConfig.serviceUrl;
+    this.blobs = new BlobManager(dbUrl, this.http, fullConfig.blobHandling ?? "auto", fullConfig.maxStringLength ?? 32768);
+    this.data = new DataManager(dbUrl, this.http, this.blobs);
+  }
+  /**
+   * Convenience method: Full database creation flow with OTP
+   * 1. Request OTP → 2. Get OTP from callback → 3. Verify → 4. Create DB
+   */
+  async createDatabase(email, getOTP, options = {}) {
+    const { accessToken } = await this.auth.authenticateWithOTP(email, getOTP, ["CREATE_DB"]);
+    const dbInfo = await this.databases.create(accessToken, options);
+    return { ...dbInfo, accessToken };
+  }
+  /** Convenience: Check if service is operational */
+  async isReady() {
+    return this.health.ready();
+  }
+  /** Convenience: Get full health status */
+  async getStatus() {
+    return this.health.status();
+  }
+  /** Convenience: Wait for service to be ready */
+  async waitForReady(timeout) {
+    return this.health.waitForReady(timeout);
+  }
+  /**
+   * Create a pre-authenticated DatabaseSession for a specific database.
+   *
+   * Tokens are acquired lazily and cached in-memory. When a token is
+   * within 5 minutes of expiry a fresh one is fetched transparently.
+   *
+   * @example
+   * ```ts
+   * const db = client.db('https://xxxxxxxx.dexie.cloud', {
+   *   clientId: '...',
+   *   clientSecret: '...',
+   * });
+   * const items = await db.data.list('todoItems');
+   * ```
+   */
+  db(dbUrl, credentials) {
+    const normalizedUrl = dbUrl.replace(/\/$/, "");
+    const blobManager = new BlobManager(normalizedUrl, this.http);
+    const access = credentials.impersonate ? "my" : "all";
+    const dataManager = new DataManager(normalizedUrl, this.http, blobManager, access);
+    return new DatabaseSession(normalizedUrl, credentials, this.http, blobManager, dataManager);
+  }
+};
+export {
+  AuthManager,
+  BlobManager,
+  DataManager,
+  DatabaseManager,
+  DatabaseSession,
+  DexieCloudAuthError,
+  DexieCloudClient,
+  DexieCloudError,
+  DexieCloudNetworkError,
+  FetchAdapter,
+  HealthManager,
+  NodeAdapter,
+  TSON,
+  createAdapter,
+  DexieCloudClient as default,
+  parse,
+  stringify
+};