hydrousdb 2.0.3 → 3.0.1

package/dist/index.js

@@ -1,1055 +1,1179 @@
-'use strict';
-
 // src/utils/errors.ts
-var HydrousDBError = class extends Error {
-  constructor(message, code = "SDK_ERROR", status) {
+var HydrousError = class extends Error {
+  constructor(message, code, status, requestId, details) {
     super(message);
-    this.name = "HydrousDBError";
+    this.name = "HydrousError";
     this.code = code;
     this.status = status;
+    this.requestId = requestId;
+    this.details = details;
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+  toString() {
+    return `HydrousError [${this.code}]: ${this.message}`;
   }
 };
-function toHydrousError(err) {
-  if (err instanceof HydrousDBError) {
-    return { message: err.message, code: err.code, status: err.status };
+var AuthError = class extends HydrousError {
+  constructor(message, code, status, requestId, details) {
+    super(message, code, status, requestId, details);
+    this.name = "AuthError";
   }
-  if (err instanceof Error) {
-    return { message: err.message, code: "UNKNOWN_ERROR" };
+};
+var RecordError = class extends HydrousError {
+  constructor(message, code, status, requestId, details) {
+    super(message, code, status, requestId, details);
+    this.name = "RecordError";
   }
-  return { message: String(err), code: "UNKNOWN_ERROR" };
-}
-function isHydrousError(err) {
-  return err instanceof HydrousDBError;
-}
+};
+var StorageError = class extends HydrousError {
+  constructor(message, code, status, requestId) {
+    super(message, code, status, requestId);
+    this.name = "StorageError";
+  }
+};
+var AnalyticsError = class extends HydrousError {
+  constructor(message, code, status, requestId) {
+    super(message, code, status, requestId);
+    this.name = "AnalyticsError";
+  }
+};
+var ValidationError = class extends HydrousError {
+  constructor(message, details) {
+    super(message, "VALIDATION_ERROR", 400, void 0, details);
+    this.name = "ValidationError";
+  }
+};
+var NetworkError = class extends HydrousError {
+  constructor(message, cause) {
+    super(message, "NETWORK_ERROR");
+    this.name = "NetworkError";
+    if (cause) this.cause = cause;
+  }
+};
 
 // src/utils/http.ts
-async function parseResponse(res) {
-  let body;
-  try {
-    body = await res.json();
-  } catch (e) {
-    if (!res.ok) throw new HydrousDBError(`HTTP ${res.status}`, "HTTP_ERROR", res.status);
-    return void 0;
-  }
-  if (!res.ok) {
-    const e = body;
-    throw new HydrousDBError(
-      e.error || e.message || `HTTP ${res.status}`,
-      e.code || "HTTP_ERROR",
-      res.status
-    );
+var DEFAULT_BASE_URL = "https://db-api-82687684612.us-central1.run.app";
+var HttpClient = class {
+  constructor(baseUrl) {
+    this.baseUrl = baseUrl.replace(/\/$/, "");
   }
-  return body;
-}
-function buildUrl(base, path, params) {
-  const url = new URL(path, base.endsWith("/") ? base : base + "/");
-  if (params) {
-    for (const [k, v] of Object.entries(params)) {
-      if (v !== void 0 && v !== null) url.searchParams.set(k, String(v));
+  async request(path, apiKeyOrOpts, opts = {}) {
+    let apiKey;
+    let resolvedOpts;
+    if (typeof apiKeyOrOpts === "string") {
+      apiKey = apiKeyOrOpts;
+      resolvedOpts = opts;
+    } else {
+      apiKey = void 0;
+      resolvedOpts = apiKeyOrOpts ?? opts;
     }
-  }
-  return url.toString();
-}
-function mergeHeaders(a, b) {
-  return { ...a, ...b };
-}
-async function readSSEStream(response, onEvent) {
-  if (!response.body) return;
-  const reader = response.body.getReader();
-  const decoder = new TextDecoder();
-  let buf = "";
-  const flush = (chunk) => {
-    var _a;
-    buf += chunk;
-    const blocks = buf.split("\n\n");
-    buf = (_a = blocks.pop()) != null ? _a : "";
-    for (const block of blocks) {
-      if (!block.trim()) continue;
-      let eventType = "message";
-      let dataLine = null;
-      for (const line of block.split("\n")) {
-        if (line.startsWith("event:")) eventType = line.slice(6).trim();
-        if (line.startsWith("data:")) dataLine = line.slice(5).trim();
-      }
-      if (dataLine === null) continue;
-      try {
-        onEvent(eventType, JSON.parse(dataLine));
-      } catch (e) {
-      }
+    const {
+      method = "GET",
+      body,
+      headers = {},
+      rawBody,
+      contentType = "application/json"
+    } = resolvedOpts;
+    const url = `${this.baseUrl}${path}`;
+    const reqHeaders = {
+      ...apiKey ? { "X-Api-Key": apiKey } : {},
+      ...headers
+    };
+    let reqBody = null;
+    if (rawBody !== void 0) {
+      reqBody = rawBody;
+      if (contentType) reqHeaders["Content-Type"] = contentType;
+    } else if (body !== void 0) {
+      reqBody = JSON.stringify(body);
+      reqHeaders["Content-Type"] = "application/json";
     }
-  };
-  while (true) {
-    const { done, value } = await reader.read();
-    if (done) break;
-    flush(decoder.decode(value, { stream: true }));
-  }
-  if (buf.trim()) flush("");
-}
-function parseSSEText(text, onEvent) {
-  const blocks = text.split("\n\n");
-  for (const block of blocks) {
-    if (!block.trim()) continue;
-    let eventType = "message";
-    let dataLine = null;
-    for (const line of block.split("\n")) {
-      if (line.startsWith("event:")) eventType = line.slice(6).trim();
-      if (line.startsWith("data:")) dataLine = line.slice(5).trim();
+    let response;
+    try {
+      response = await fetch(url, {
+        method,
+        headers: reqHeaders,
+        body: reqBody
+      });
+    } catch (err) {
+      throw new NetworkError(
+        `Network request failed: ${err instanceof Error ? err.message : String(err)}`,
+        err
+      );
+    }
+    const ct = response.headers.get("content-type") ?? "";
+    if (!ct.includes("application/json")) {
+      if (!response.ok) {
+        throw new HydrousError(
+          `Request failed with status ${response.status}`,
+          `HTTP_${response.status}`,
+          response.status
+        );
+      }
+      const buffer = await response.arrayBuffer();
+      return buffer;
     }
-    if (dataLine === null) continue;
+    let responseData;
     try {
-      onEvent(eventType, JSON.parse(dataLine));
-    } catch (e) {
+      responseData = await response.json();
+    } catch {
+      throw new HydrousError(
+        "Failed to parse server response as JSON",
+        "PARSE_ERROR",
+        response.status
+      );
+    }
+    if (!response.ok) {
+      const errData = responseData;
+      throw new HydrousError(
+        errData["error"] ?? `Request failed with status ${response.status}`,
+        errData["code"] ?? `HTTP_${response.status}`,
+        response.status,
+        errData["requestId"],
+        errData["details"]
+      );
     }
+    return responseData;
   }
-}
-function xhrUpload(url, body, headers, onProgress) {
-  return new Promise((resolve, reject) => {
-    const xhr = new XMLHttpRequest();
-    xhr.open("POST", url);
-    for (const [k, v] of Object.entries(headers)) xhr.setRequestHeader(k, v);
-    xhr.responseType = "text";
-    if (onProgress) {
-      xhr.upload.onprogress = (e) => {
-        if (e.lengthComputable) onProgress(e.loaded, e.total);
-      };
+  get(path, apiKey, headers) {
+    return this.request(path, apiKey, { method: "GET", headers });
+  }
+  post(path, apiKey, body, headers) {
+    return this.request(path, apiKey, { method: "POST", body, headers });
+  }
+  put(path, apiKey, body, headers) {
+    return this.request(path, apiKey, { method: "PUT", body, headers });
+  }
+  patch(path, apiKey, body, headers) {
+    return this.request(path, apiKey, { method: "PATCH", body, headers });
+  }
+  delete(path, apiKey, body, headers) {
+    return this.request(path, apiKey, { method: "DELETE", body, headers });
+  }
+  async putToSignedUrl(signedUrl, data, mimeType, onProgress) {
+    const XHR = typeof globalThis["XMLHttpRequest"] !== "undefined" ? globalThis["XMLHttpRequest"] : void 0;
+    if (XHR && onProgress) {
+      return new Promise((resolve, reject) => {
+        const xhr = new XHR();
+        xhr.upload.onprogress = (e) => {
+          if (e.lengthComputable) {
+            onProgress(Math.round(e.loaded / e.total * 100));
+          }
+        };
+        xhr.onload = () => {
+          if (xhr.status >= 200 && xhr.status < 300) {
+            resolve();
+          } else {
+            reject(new Error(`Upload failed: ${xhr.status}`));
+          }
+        };
+        xhr.onerror = () => reject(new Error("Upload network error"));
+        xhr.open("PUT", signedUrl);
+        xhr.setRequestHeader("Content-Type", mimeType);
+        const payload = data instanceof Blob ? data : new Blob([data], { type: mimeType });
+        xhr.send(payload);
+      });
     }
-    xhr.onload = () => {
-      var _a;
-      if (xhr.status >= 200 && xhr.status < 300) {
-        resolve(xhr.responseText);
-      } else {
-        try {
-          const d = JSON.parse(xhr.responseText);
-          reject(new HydrousDBError((_a = d.error) != null ? _a : `HTTP ${xhr.status}`, "HTTP_ERROR", xhr.status));
-        } catch (e) {
-          reject(new HydrousDBError(`HTTP ${xhr.status}`, "HTTP_ERROR", xhr.status));
-        }
-      }
-    };
-    xhr.onerror = () => reject(new HydrousDBError("Network error", "NETWORK_ERROR"));
-    xhr.onabort = () => reject(new HydrousDBError("Upload aborted", "UPLOAD_ABORTED"));
-    xhr.ontimeout = () => reject(new HydrousDBError("Upload timed out", "UPLOAD_TIMEOUT"));
-    xhr.send(body);
-  });
-}
+    const fetchBody = data instanceof Blob ? data : new Blob([data], { type: mimeType });
+    const response = await fetch(signedUrl, {
+      method: "PUT",
+      headers: { "Content-Type": mimeType },
+      body: fetchBody
+    });
+    if (!response.ok) {
+      throw new NetworkError(`Signed URL upload failed with status ${response.status}`);
+    }
+  }
+};
 
 // src/auth/client.ts
 var AuthClient = class {
-  constructor(config) {
-    this.session = null;
-    this.baseUrl = config.url;
-    this.headers = {
-      "Content-Type": "application/json",
-      "Authorization": `Bearer ${config.authKey}`
-    };
+  constructor(http, authKey, bucketKey) {
+    this.http = http;
+    this.authKey = authKey;
+    this.basePath = `/auth/${bucketKey}`;
   }
-  /** Create a new user account */
-  async signUp(options) {
-    try {
-      const res = await fetch(buildUrl(this.baseUrl, "auth/signup"), {
-        method: "POST",
-        headers: this.headers,
-        body: JSON.stringify(options)
-      });
-      const json = await parseResponse(res);
-      this.session = json.data;
-      return { data: json.data, error: null };
-    } catch (err) {
-      return { data: null, error: toHydrousError(err) };
-    }
+  post(path, body) {
+    return this.http.post(path, this.authKey, body);
   }
-  /** Sign in with email and password */
-  async signIn(options) {
-    try {
-      const res = await fetch(buildUrl(this.baseUrl, "auth/signin"), {
-        method: "POST",
-        headers: this.headers,
-        body: JSON.stringify(options)
-      });
-      const json = await parseResponse(res);
-      this.session = json.data;
-      return { data: json.data, error: null };
-    } catch (err) {
-      return { data: null, error: toHydrousError(err) };
-    }
+  get(path) {
+    return this.http.get(path, this.authKey);
   }
-  /** Sign out and invalidate the current session */
-  async signOut() {
-    try {
-      const res = await fetch(buildUrl(this.baseUrl, "auth/signout"), {
-        method: "POST",
-        headers: mergeHeaders(this.headers, this._sessionHeader())
-      });
-      await parseResponse(res);
-      this.session = null;
-      return { data: void 0, error: null };
-    } catch (err) {
-      return { data: null, error: toHydrousError(err) };
-    }
+  patch(path, body) {
+    return this.http.patch(path, this.authKey, body);
   }
-  /** Get the currently authenticated user */
-  async getUser() {
-    try {
-      const res = await fetch(buildUrl(this.baseUrl, "auth/user"), {
-        headers: mergeHeaders(this.headers, this._sessionHeader())
-      });
-      const json = await parseResponse(res);
-      return { data: json.data, error: null };
-    } catch (err) {
-      return { data: null, error: toHydrousError(err) };
-    }
+  delete(path, body) {
+    return this.http.delete(path, this.authKey, body);
   }
-  /** Refresh the access token using the stored refresh token */
-  async refreshSession() {
-    var _a;
-    if (!((_a = this.session) == null ? void 0 : _a.refreshToken)) {
-      return { data: null, error: { message: "No active session", code: "NO_SESSION" } };
-    }
-    try {
-      const res = await fetch(buildUrl(this.baseUrl, "auth/refresh"), {
-        method: "POST",
-        headers: this.headers,
-        body: JSON.stringify({ refreshToken: this.session.refreshToken })
-      });
-      const json = await parseResponse(res);
-      this.session = json.data;
-      return { data: json.data, error: null };
-    } catch (err) {
-      return { data: null, error: toHydrousError(err) };
-    }
+  // ─── Registration & Login ─────────────────────────────────────────────────
+  async signup(options) {
+    const result = await this.post(`${this.basePath}/signup`, options);
+    return { user: result.user, session: result.session };
   }
-  /** Return the current in-memory session (may be null) */
-  getSession() {
-    return this.session;
+  async login(options) {
+    const result = await this.post(`${this.basePath}/login`, options);
+    return { user: result.user, session: result.session };
   }
-  _sessionHeader() {
-    var _a;
-    return ((_a = this.session) == null ? void 0 : _a.accessToken) ? { "X-Session-Token": this.session.accessToken } : {};
+  async logout({ sessionId }) {
+    await this.post(`${this.basePath}/logout`, { sessionId });
+  }
+  async refreshSession({ refreshToken }) {
+    const result = await this.post(`${this.basePath}/session/refresh`, { refreshToken });
+    return result.session;
+  }
+  // ─── User Profile ─────────────────────────────────────────────────────────
+  async getUser({ userId }) {
+    const result = await this.get(`${this.basePath}/user/${userId}`);
+    return result.user;
+  }
+  async updateUser(options) {
+    const { sessionId, userId, data } = options;
+    const result = await this.patch(`${this.basePath}/user`, { sessionId, userId, ...data });
+    return result.user;
+  }
+  async deleteUser({ sessionId, userId }) {
+    await this.delete(`${this.basePath}/user`, { sessionId, userId });
+  }
+  // ─── Admin Operations ─────────────────────────────────────────────────────
+  async listUsers(options) {
+    const { sessionId, limit = 50, offset = 0 } = options;
+    const result = await this.post(
+      `${this.basePath}/users/list`,
+      { sessionId, limit, offset }
+    );
+    return { users: result.users, total: result.total, limit: result.limit, offset: result.offset };
+  }
+  async hardDeleteUser({ sessionId, userId }) {
+    await this.delete(`${this.basePath}/user/hard`, { sessionId, userId });
+  }
+  async bulkDeleteUsers({ sessionId, userIds }) {
+    const result = await this.post(
+      `${this.basePath}/users/bulk-delete`,
+      { sessionId, userIds }
+    );
+    return { deleted: result.deleted, failed: result.failed };
+  }
+  async lockAccount({ sessionId, userId, duration }) {
+    const result = await this.post(
+      `${this.basePath}/account/lock`,
+      { sessionId, userId, duration }
+    );
+    return result.data;
+  }
+  async unlockAccount({ sessionId, userId }) {
+    await this.post(`${this.basePath}/account/unlock`, { sessionId, userId });
+  }
+  // ─── Password Management ──────────────────────────────────────────────────
+  async changePassword(options) {
+    await this.post(`${this.basePath}/password/change`, options);
+  }
+  async requestPasswordReset({ email }) {
+    await this.post(`${this.basePath}/password/reset/request`, { email });
+  }
+  async confirmPasswordReset({ resetToken, newPassword }) {
+    await this.post(`${this.basePath}/password/reset/confirm`, { resetToken, newPassword });
+  }
+  // ─── Email Verification ───────────────────────────────────────────────────
+  async requestEmailVerification({ userId }) {
+    await this.post(`${this.basePath}/email/verify/request`, { userId });
+  }
+  async confirmEmailVerification({ verifyToken }) {
+    await this.post(`${this.basePath}/email/verify/confirm`, { verifyToken });
   }
 };
 
 // src/utils/query.ts
-function serialiseQuery(opts = {}) {
-  var _a;
-  const params = {};
-  if (opts.limit !== void 0) params["limit"] = String(opts.limit);
-  if (opts.offset !== void 0) params["offset"] = String(opts.offset);
-  if (opts.select && opts.select.length > 0) params["select"] = opts.select.join(",");
-  if (opts.orderBy) {
-    params["orderBy"] = opts.orderBy.field;
-    params["direction"] = (_a = opts.orderBy.direction) != null ? _a : "asc";
-  }
-  const filters = opts.where ? Array.isArray(opts.where) ? opts.where : [opts.where] : [];
-  if (filters.length > 0) params["where"] = JSON.stringify(filters);
-  return params;
+function buildQueryParams(options = {}) {
+  const params = new URLSearchParams();
+  if (options.limit !== void 0) params.set("limit", String(options.limit));
+  if (options.offset !== void 0) params.set("offset", String(options.offset));
+  if (options.orderBy !== void 0) params.set("orderBy", options.orderBy);
+  if (options.order !== void 0) params.set("order", options.order);
+  if (options.fields !== void 0) params.set("fields", options.fields);
+  if (options.startAfter !== void 0) params.set("startAfter", options.startAfter);
+  if (options.startAt !== void 0) params.set("startAt", options.startAt);
+  if (options.endAt !== void 0) params.set("endAt", options.endAt);
+  if (options.dateRange?.start !== void 0)
+    params.set("startDate", new Date(options.dateRange.start).toISOString().split("T")[0]);
+  if (options.dateRange?.end !== void 0)
+    params.set("endDate", new Date(options.dateRange.end).toISOString().split("T")[0]);
+  if (options.filters && options.filters.length > 0) {
+    params.set("filters", JSON.stringify(options.filters));
+  }
+  const str = params.toString();
+  return str ? `?${str}` : "";
+}
+function guessMimeType(filename) {
+  const ext = filename.split(".").pop()?.toLowerCase();
+  const map = {
+    jpg: "image/jpeg",
+    jpeg: "image/jpeg",
+    png: "image/png",
+    gif: "image/gif",
+    webp: "image/webp",
+    svg: "image/svg+xml",
+    pdf: "application/pdf",
+    mp4: "video/mp4",
+    webm: "video/webm",
+    mp3: "audio/mpeg",
+    wav: "audio/wav",
+    txt: "text/plain",
+    html: "text/html",
+    css: "text/css",
+    js: "application/javascript",
+    json: "application/json",
+    xml: "application/xml",
+    zip: "application/zip",
+    csv: "text/csv"
+  };
+  return map[ext ?? ""] ?? "application/octet-stream";
+}
+function assertSafeName(name, label = "name") {
+  if (!/^[a-zA-Z_][a-zA-Z0-9_.\-]{0,200}$/.test(name)) {
+    throw new Error(
+      `Invalid ${label} "${name}". Must start with a letter or underscore and contain only letters, numbers, underscores, dots, or hyphens.`
+    );
+  }
 }
-var eq = (field, value) => ({ field, operator: "eq", value });
-var neq = (field, value) => ({ field, operator: "neq", value });
-var gt = (field, value) => ({ field, operator: "gt", value });
-var lt = (field, value) => ({ field, operator: "lt", value });
-var gte = (field, value) => ({ field, operator: "gte", value });
-var lte = (field, value) => ({ field, operator: "lte", value });
-var inArray = (field, value) => ({ field, operator: "in", value });
 
 // src/records/client.ts
 var RecordsClient = class {
-  constructor(config) {
-    this.baseUrl = config.url;
-    this.headers = {
-      "Content-Type": "application/json",
-      "Authorization": `Bearer ${config.bucketSecurityKey}`
-    };
+  constructor(http, bucketSecurityKey, bucketKey) {
+    assertSafeName(bucketKey, "bucketKey");
+    this.http = http;
+    this.bucketKey = bucketKey;
+    this.bucketKey_ = bucketSecurityKey;
+    this.basePath = `/records/${bucketKey}`;
   }
-  /** Query records from a collection */
-  async select(collection, options = {}) {
-    try {
-      const url = buildUrl(this.baseUrl, `records/${collection}`, serialiseQuery(options));
-      const res = await fetch(url, { headers: this.headers });
-      const json = await parseResponse(res);
-      return { data: json.data, count: json.count, error: null };
-    } catch (err) {
-      return { data: [], count: 0, error: toHydrousError(err) };
-    }
+  get key() {
+    return this.bucketKey_;
   }
-  /** Fetch a single record by ID */
-  async get(collection, id) {
-    try {
-      const res = await fetch(buildUrl(this.baseUrl, `records/${collection}/${id}`), { headers: this.headers });
-      const json = await parseResponse(res);
-      return { data: json.data, error: null };
-    } catch (err) {
-      return { data: null, error: toHydrousError(err) };
-    }
+  // ─── Single Record Operations ─────────────────────────────────────────────
+  async create(data) {
+    const result = await this.http.post(this.basePath, this.key, data);
+    return result.record ?? result.data;
   }
-  /** Insert one or more records */
-  async insert(collection, payload) {
-    try {
-      const res = await fetch(buildUrl(this.baseUrl, `records/${collection}`), {
-        method: "POST",
-        headers: this.headers,
-        body: JSON.stringify(payload)
-      });
-      const json = await parseResponse(res);
-      return { data: json.data, count: json.count, error: null };
-    } catch (err) {
-      return { data: [], count: 0, error: toHydrousError(err) };
-    }
+  async get(id) {
+    const result = await this.http.get(`${this.basePath}/${id}`, this.key);
+    return result.record ?? result.data;
   }
-  /** Update a record by ID */
-  async update(collection, id, payload) {
-    try {
-      const res = await fetch(buildUrl(this.baseUrl, `records/${collection}/${id}`), {
-        method: "PATCH",
-        headers: this.headers,
-        body: JSON.stringify(payload)
-      });
-      const json = await parseResponse(res);
-      return { data: json.data, error: null };
-    } catch (err) {
-      return { data: null, error: toHydrousError(err) };
-    }
+  async set(id, data) {
+    const result = await this.http.put(`${this.basePath}/${id}`, this.key, data);
+    return result.record ?? result.data;
   }
-  /** Delete a record by ID */
-  async delete(collection, id) {
-    try {
-      const res = await fetch(buildUrl(this.baseUrl, `records/${collection}/${id}`), {
-        method: "DELETE",
-        headers: this.headers
-      });
-      await parseResponse(res);
-      return { data: void 0, error: null };
-    } catch (err) {
-      return { data: null, error: toHydrousError(err) };
-    }
+  async patch(id, data, options = {}) {
+    const { merge = true } = options;
+    const result = await this.http.patch(
+      `${this.basePath}/${id}`,
+      this.key,
+      { ...data, _merge: merge }
+    );
+    return result.record ?? result.data;
+  }
+  async delete(id) {
+    await this.http.delete(`${this.basePath}/${id}`, this.key);
+  }
+  // ─── Batch Operations ─────────────────────────────────────────────────────
+  async batchCreate(items) {
+    const result = await this.http.post(
+      `${this.basePath}/batch`,
+      this.key,
+      { records: items }
+    );
+    return result.records;
+  }
+  async batchDelete(ids) {
+    const result = await this.http.post(
+      `${this.basePath}/batch/delete`,
+      this.key,
+      { ids }
+    );
+    return { deleted: result.deleted, failed: result.failed };
+  }
+  // ─── Querying ─────────────────────────────────────────────────────────────
+  async query(options = {}) {
+    const qs = buildQueryParams(options);
+    const result = await this.http.get(`${this.basePath}${qs}`, this.key);
+    return {
+      records: result.records,
+      total: result.total,
+      hasMore: result.hasMore,
+      nextCursor: result.nextCursor
+    };
+  }
+  async getAll(options = {}) {
+    const { records } = await this.query(options);
+    return records;
+  }
+  async count(filters = []) {
+    const result = await this.http.post(
+      `${this.basePath}/count`,
+      this.key,
+      { filters }
+    );
+    return result.count;
+  }
+  // ─── Version History ──────────────────────────────────────────────────────
+  async getHistory(id) {
+    const result = await this.http.get(`${this.basePath}/${id}/history`, this.key);
+    return result.history;
+  }
+  async restoreVersion(id, version) {
+    const result = await this.http.post(
+      `${this.basePath}/${id}/restore`,
+      this.key,
+      { version }
+    );
+    return result.record ?? result.data;
   }
 };
 
 // src/analytics/client.ts
 var AnalyticsClient = class {
-  constructor(config) {
-    this.baseUrl = config.url;
-    this.headers = {
-      "Content-Type": "application/json",
-      "Authorization": `Bearer ${config.bucketSecurityKey}`
-    };
+  constructor(http, bucketSecurityKey, bucketKey) {
+    assertSafeName(bucketKey, "bucketKey");
+    this.http = http;
+    this.bucketSecurityKey = bucketSecurityKey;
+    this.basePath = `/analytics/${bucketKey}`;
   }
-  /** Track a single analytics event */
-  async track(options) {
-    var _a;
-    try {
-      const res = await fetch(buildUrl(this.baseUrl, "analytics/track"), {
-        method: "POST",
-        headers: this.headers,
-        body: JSON.stringify({ ...options, timestamp: (_a = options.timestamp) != null ? _a : Date.now() })
-      });
-      await parseResponse(res);
-      return { data: void 0, error: null };
-    } catch (err) {
-      return { data: null, error: toHydrousError(err) };
-    }
+  async run(query) {
+    const result = await this.http.post(
+      this.basePath,
+      this.bucketSecurityKey,
+      query
+    );
+    return result.data;
   }
-  /** Track many events in one request */
-  async trackBatch(events) {
-    try {
-      const stamped = events.map((e) => {
-        var _a;
-        return { ...e, timestamp: (_a = e.timestamp) != null ? _a : Date.now() };
-      });
-      const res = await fetch(buildUrl(this.baseUrl, "analytics/track/batch"), {
-        method: "POST",
-        headers: this.headers,
-        body: JSON.stringify({ events: stamped })
-      });
-      await parseResponse(res);
-      return { data: void 0, error: null };
-    } catch (err) {
-      return { data: null, error: toHydrousError(err) };
-    }
+  async count(opts = {}) {
+    return this.run({ queryType: "count", ...opts });
   }
-  /** Query recorded analytics events */
-  async query(options = {}) {
-    try {
-      const params = {};
-      if (options.event) params["event"] = options.event;
-      if (options.from) params["from"] = options.from;
-      if (options.to) params["to"] = options.to;
-      if (options.limit) params["limit"] = String(options.limit);
-      if (options.groupBy) params["groupBy"] = options.groupBy;
-      const url = buildUrl(this.baseUrl, "analytics/events", params);
-      const res = await fetch(url, { headers: this.headers });
-      const json = await parseResponse(res);
-      return { data: json.data, count: json.count, error: null };
-    } catch (err) {
-      return { data: [], count: 0, error: toHydrousError(err) };
-    }
+  async distribution(opts) {
+    assertSafeName(opts.field, "field");
+    return this.run({ queryType: "distribution", ...opts });
+  }
+  async sum(opts) {
+    assertSafeName(opts.field, "field");
+    if (opts.groupBy) assertSafeName(opts.groupBy, "groupBy");
+    return this.run({ queryType: "sum", ...opts });
+  }
+  async timeSeries(opts = {}) {
+    return this.run({ queryType: "timeSeries", granularity: "day", ...opts });
+  }
+  async fieldTimeSeries(opts) {
+    assertSafeName(opts.field, "field");
+    return this.run({ queryType: "fieldTimeSeries", aggregation: "sum", granularity: "day", ...opts });
+  }
+  async topN(opts) {
+    assertSafeName(opts.field, "field");
+    if (opts.labelField) assertSafeName(opts.labelField, "labelField");
+    return this.run({ queryType: "topN", n: 10, order: "desc", ...opts });
+  }
+  async stats(opts) {
+    assertSafeName(opts.field, "field");
+    return this.run({ queryType: "stats", ...opts });
+  }
+  async records(opts = {}) {
+    if (opts.orderBy) assertSafeName(opts.orderBy, "orderBy");
+    if (opts.selectFields) opts.selectFields.forEach((f) => assertSafeName(f, "selectField"));
+    return this.run({ queryType: "records", limit: 100, order: "desc", ...opts });
+  }
+  async multiMetric(opts) {
+    opts.metrics.forEach((m) => {
+      assertSafeName(m.field, "metric.field");
+      assertSafeName(m.name, "metric.name");
+    });
+    return this.run({ queryType: "multiMetric", ...opts });
+  }
+  async storageStats(opts = {}) {
+    return this.run({ queryType: "storageStats", ...opts });
+  }
+  async crossBucket(opts) {
+    assertSafeName(opts.field, "field");
+    opts.bucketKeys.forEach((k) => assertSafeName(k, "bucketKey"));
+    return this.run({ queryType: "crossBucket", aggregation: "sum", ...opts });
+  }
+  async query(query) {
+    const data = await this.run(query);
+    return { queryType: query.queryType, data };
   }
 };
 
-// src/storage/scoped.ts
-var isBrowser = typeof window !== "undefined" && typeof XMLHttpRequest !== "undefined";
-function storageBase(url, bucketKey) {
-  return `${url.replace(/\/$/, "")}/storage/${encodeURIComponent(bucketKey)}`;
-}
-function storageHeaders(bucketKey) {
-  return { "X-Storage-Key": bucketKey };
-}
-function jsonHeaders(bucketKey) {
-  return { "X-Storage-Key": bucketKey, "Content-Type": "application/json" };
-}
-function drainSSE(raw, onProgress) {
-  const results = [];
-  const errors = [];
-  parseSSEText(raw, (eventType, data) => {
-    var _a, _b, _c, _d, _e, _f, _g, _h, _i, _j, _k, _l;
-    const d = data;
-    if (eventType === "progress" && onProgress) {
-      onProgress({
-        index: (_a = d["index"]) != null ? _a : 0,
-        total: (_b = d["total"]) != null ? _b : 1,
-        path: (_c = d["path"]) != null ? _c : "",
-        stage: (_d = d["stage"]) != null ? _d : "uploading",
-        bytesUploaded: (_e = d["bytesUploaded"]) != null ? _e : 0,
-        totalBytes: (_f = d["totalBytes"]) != null ? _f : 0,
-        percent: (_g = d["percent"]) != null ? _g : 0,
-        bytesPerSecond: (_h = d["bytesPerSecond"]) != null ? _h : null,
-        eta: (_i = d["eta"]) != null ? _i : null,
-        result: d["result"],
-        error: d["error"],
-        code: d["code"]
-      });
-    }
-    if (eventType === "done") {
-      if (d["path"]) {
-        results.push(d);
-      } else if (Array.isArray(d["succeeded"])) {
-        results.push(...d["succeeded"]);
-        errors.push(...(_j = d["errors"]) != null ? _j : []);
-      }
-    }
-    if (eventType === "error") {
-      errors.push({
-        path: "",
-        error: (_k = d["error"]) != null ? _k : "Unknown error",
-        code: (_l = d["code"]) != null ? _l : "UNKNOWN"
-      });
-    }
-  });
-  return { results, errors };
-}
-var ScopedStorageClient = class {
-  constructor(baseUrl, keyName, bucketKey) {
-    this.base = storageBase(baseUrl, bucketKey);
-    this.key = bucketKey;
-    this.keyName = keyName;
-  }
-  // ══════════════════════════════════════════════════════════════════════════
-  // UPLOAD — single file
-  // ══════════════════════════════════════════════════════════════════════════
+// src/storage/manager.ts
+var StorageManager = class {
+  constructor(http, storageKey) {
+    this.basePath = "/storage";
+    this.http = http;
+    this.storageKey = storageKey;
+  }
+  /** Headers for all storage requests — uses X-Storage-Key, not X-Api-Key. */
+  get authHeaders() {
+    return { "X-Storage-Key": this.storageKey };
+  }
+  // ─── Upload: Simple (server-buffered) ────────────────────────────────────
   /**
-   * Upload a single file.
+   * Upload a file to storage in one step (server-buffered, up to 500 MB).
+   * For files >10 MB or when you need upload progress, use `getUploadUrl()` instead.
    *
-   * Supply `onProgress` to receive live upload ticks including bytes
-   * transferred, speed (bytes/sec), ETA, and lifecycle stage.
+   * @param data     File data as a Blob, Buffer, Uint8Array, or ArrayBuffer.
+   * @param path     Destination path in your storage (e.g. `"avatars/alice.jpg"`).
+   * @param options  Upload options: isPublic, overwrite, mimeType.
    *
-   * **Stage sequence:**
-   * `pending → compressing → uploading → done | error`
+   * @example
+   * ```ts
+   * // Upload a public avatar
+   * const result = await storage.upload(file, 'avatars/alice.jpg', { isPublic: true });
+   * console.log(result.publicUrl); // → https://...
    *
-   * In browsers the progress is tracked at the network level via XHR, so
-   * `percent` reflects actual bytes leaving the device.  `done` only fires
-   * after the server confirms the write to cloud storage, so 100% is real.
+   * // Upload a private document
+   * const result = await storage.upload(pdfBuffer, 'docs/contract.pdf');
+   * console.log(result.downloadUrl); // → /storage/download/docs/contract.pdf
+   * ```
+   */
+  async upload(data, path, options = {}) {
+    const { isPublic = false, overwrite = false, mimeType } = options;
+    const mime = mimeType ?? guessMimeType(path);
+    const formData = new FormData();
+    const blob = data instanceof Blob ? data : new Blob([data], { type: mime });
+    formData.append("file", blob, path.split("/").pop() ?? "file");
+    formData.append("path", path);
+    formData.append("mimeType", mime);
+    formData.append("isPublic", String(isPublic));
+    formData.append("overwrite", String(overwrite));
+    const result = await this.http.request(`${this.basePath}/upload`, {
+      method: "POST",
+      rawBody: formData,
+      headers: this.authHeaders
+    });
+    return {
+      path: result.path,
+      mimeType: result.mimeType,
+      size: result.size,
+      isPublic: result.isPublic,
+      publicUrl: result.publicUrl,
+      downloadUrl: result.downloadUrl
+    };
+  }
+  /**
+   * Upload raw JSON or plain text data as a file.
    *
    * @example
-   * const { data, error } = await db.storage('avatars').upload(file, {
-   *   path:      'users/alice.jpg',
-   *   overwrite: true,
-   *   onProgress: (p) => {
-   *     setProgress(p.percent);              // e.g. drive a <progress> bar
-   *     setSpeed(`${p.bytesPerSecond} B/s`);
-   *     setEta(`${p.eta}s remaining`);
-   *   },
+   * ```ts
+   * const result = await storage.uploadRaw(
+   *   { config: { theme: 'dark' } },
+   *   'settings/user-config.json',
+   *   { isPublic: false },
+   * );
+   * ```
+   */
+  async uploadRaw(data, path, options = {}) {
+    const { isPublic = false, overwrite = false, mimeType = "application/json" } = options;
+    const body = typeof data === "string" ? data : JSON.stringify(data);
+    const result = await this.http.request(`${this.basePath}/upload-raw`, {
+      method: "POST",
+      body: { path, data: body, mimeType, isPublic, overwrite },
+      headers: this.authHeaders
+    });
+    return {
+      path: result.path,
+      mimeType: result.mimeType,
+      size: result.size,
+      isPublic: result.isPublic,
+      publicUrl: result.publicUrl,
+      downloadUrl: result.downloadUrl
+    };
+  }
+  // ─── Upload: Direct-to-GCS (recommended for large files) ─────────────────
+  /**
+   * Step 1 of the recommended upload flow.
+   * Get a signed URL to upload directly to GCS from the client (supports progress).
+   *
+   * @example
+   * ```ts
+   * const { uploadUrl, path: confirmedPath } = await storage.getUploadUrl({
+   *   path: 'videos/intro.mp4',
+   *   mimeType: 'video/mp4',
+   *   size: file.size,
+   *   isPublic: true,
    * });
+   *
+   * // Upload using XHR for progress tracking
+   * await storage.uploadToSignedUrl(uploadUrl, file, 'video/mp4', (pct) => {
+   *   console.log(`${pct}% uploaded`);
+   * });
+   *
+   * // Step 3: confirm
+   * const result = await storage.confirmUpload({ path: confirmedPath, mimeType: 'video/mp4', isPublic: true });
+   * ```
    */
-  async upload(file, options = {}) {
-    var _a, _b;
-    const { path, overwrite = false, onProgress } = options;
-    try {
-      const url = `${this.base}/upload`;
-      const form = new FormData();
-      if (file instanceof Uint8Array) {
-        form.append("file", new Blob([file.buffer]), path != null ? path : "file");
-      } else if (file instanceof ArrayBuffer) {
-        form.append("file", new Blob([file]), path != null ? path : "file");
-      } else {
-        form.append("file", file, path != null ? path : file instanceof File ? file.name : "file");
-      }
-      if (path) form.append("path", path);
-      if (overwrite) form.append("overwrite", "true");
-      const headers = storageHeaders(this.key);
-      if (isBrowser) {
-        const totalBytes = file instanceof Blob ? file.size : file instanceof Uint8Array ? file.byteLength : file.byteLength;
-        const rawBody = await xhrUpload(url, form, headers, (loaded, total) => {
-          onProgress == null ? void 0 : onProgress({
-            index: 0,
-            total: 1,
-            path: path != null ? path : "",
-            stage: "uploading",
-            bytesUploaded: loaded,
-            totalBytes: total || totalBytes,
-            percent: Math.min(99, Math.round(loaded / (total || totalBytes) * 100)),
-            bytesPerSecond: null,
-            eta: null
-          });
-        });
-        const { results, errors } = drainSSE(rawBody, onProgress);
-        if (errors.length > 0 && results.length === 0) {
-          return { data: null, error: { message: errors[0].error, code: errors[0].code } };
-        }
-        const result = (_a = results[0]) != null ? _a : null;
-        if (result && onProgress) {
-          onProgress({
-            index: 0,
-            total: 1,
-            path: result.path,
-            stage: "done",
-            bytesUploaded: totalBytes,
-            totalBytes,
-            percent: 100,
-            bytesPerSecond: null,
-            eta: 0,
-            result
-          });
-        }
-        return { data: result, error: null };
-      }
-      const res = await fetch(url, { method: "POST", headers, body: form });
-      if (!res.ok) {
-        const e = await res.json().catch(() => ({}));
-        throw new HydrousDBError((_b = e.error) != null ? _b : `HTTP ${res.status}`, "HTTP_ERROR", res.status);
-      }
-      let finalResult = null;
-      await readSSEStream(res, (eventType, data) => {
-        var _a2, _b2, _c, _d, _e, _f, _g, _h;
-        const d = data;
-        if (eventType === "progress" && onProgress) {
-          onProgress({
-            index: 0,
-            total: 1,
-            path: path != null ? path : "",
-            stage: (_a2 = d["stage"]) != null ? _a2 : "uploading",
-            bytesUploaded: (_b2 = d["bytesUploaded"]) != null ? _b2 : 0,
-            totalBytes: (_c = d["totalBytes"]) != null ? _c : 0,
-            percent: (_d = d["percent"]) != null ? _d : 0,
-            bytesPerSecond: (_e = d["bytesPerSecond"]) != null ? _e : null,
-            eta: (_f = d["eta"]) != null ? _f : null,
-            result: d["result"]
-          });
-        }
-        if (eventType === "done") finalResult = data;
-        if (eventType === "error") {
-          throw new HydrousDBError(
-            (_g = d["error"]) != null ? _g : "Upload failed",
-            (_h = d["code"]) != null ? _h : "UPLOAD_ERROR"
-          );
-        }
-      });
-      return { data: finalResult, error: null };
-    } catch (err) {
-      return { data: null, error: toHydrousError(err) };
-    }
+  async getUploadUrl(opts) {
+    const result = await this.http.request(`${this.basePath}/upload-url`, {
+      method: "POST",
+      body: { isPublic: false, overwrite: false, expiresInSeconds: 900, ...opts },
+      headers: this.authHeaders
+    });
+    return result;
+  }
+  /**
+   * Upload data directly to a signed GCS URL (no auth headers needed).
+   * Optionally tracks progress via a callback.
+   *
+   * @param signedUrl  The URL returned by `getUploadUrl()`.
+   * @param data       File data.
+   * @param mimeType   Must match what was used in `getUploadUrl()`.
+   * @param onProgress Optional callback called with 0–100 progress percentage.
+   */
+  async uploadToSignedUrl(signedUrl, data, mimeType, onProgress) {
+    await this.http.putToSignedUrl(signedUrl, data, mimeType, onProgress);
   }
-  // ══════════════════════════════════════════════════════════════════════════
-  // UPLOAD TEXT / JSON
-  // ══════════════════════════════════════════════════════════════════════════
   /**
-   * Upload raw text or JSON content directly — no File object needed.
+   * Step 3 of the recommended upload flow.
+   * Confirm a direct upload and register metadata on the server.
    *
    * @example
-   * // Save a JSON config
-   * await db.storage('configs').uploadText(
-   *   'settings/app.json',
-   *   JSON.stringify({ theme: 'dark' }),
-   *   { mimeType: 'application/json' }
-   * );
+   * ```ts
+   * const result = await storage.confirmUpload({
+   *   path: 'videos/intro.mp4',
+   *   mimeType: 'video/mp4',
+   *   isPublic: true,
+   * });
+   * console.log(result.publicUrl);
+   * ```
    */
-  async uploadText(path, content, options = {}) {
-    var _a;
-    const { mimeType = "text/plain", overwrite = false, onProgress } = options;
-    try {
-      const res = await fetch(`${this.base}/upload-raw`, {
-        method: "POST",
-        headers: jsonHeaders(this.key),
-        body: JSON.stringify({ path, content, mimeType, overwrite })
-      });
-      if (!res.ok) {
-        const e = await res.json().catch(() => ({}));
-        throw new HydrousDBError((_a = e.error) != null ? _a : `HTTP ${res.status}`, "HTTP_ERROR", res.status);
-      }
-      let finalResult = null;
-      await readSSEStream(res, (eventType, data) => {
-        var _a2, _b, _c, _d, _e, _f;
-        const d = data;
-        if (eventType === "progress" && onProgress) {
-          onProgress({
-            index: 0,
-            total: 1,
-            path,
-            stage: (_a2 = d["stage"]) != null ? _a2 : "uploading",
-            bytesUploaded: (_b = d["bytesUploaded"]) != null ? _b : 0,
-            totalBytes: (_c = d["totalBytes"]) != null ? _c : 0,
-            percent: (_d = d["percent"]) != null ? _d : 0,
-            bytesPerSecond: (_e = d["bytesPerSecond"]) != null ? _e : null,
-            eta: (_f = d["eta"]) != null ? _f : null
-          });
-        }
-        if (eventType === "done") finalResult = data;
-      });
-      return { data: finalResult, error: null };
-    } catch (err) {
-      return { data: null, error: toHydrousError(err) };
-    }
+  async confirmUpload(opts) {
+    const result = await this.http.request(`${this.basePath}/confirm`, {
+      method: "POST",
+      body: { isPublic: false, ...opts },
+      headers: this.authHeaders
+    });
+    return {
+      path: result.path,
+      mimeType: result.mimeType,
+      size: result.size,
+      isPublic: result.isPublic,
+      publicUrl: result.publicUrl,
+      downloadUrl: result.downloadUrl
+    };
   }
-  // ══════════════════════════════════════════════════════════════════════════
-  // BATCH UPLOAD
-  // ══════════════════════════════════════════════════════════════════════════
+  // ─── Batch Upload ─────────────────────────────────────────────────────────
   /**
-   * Upload multiple files in one request.
+   * Get signed upload URLs for multiple files at once.
    *
-   * `onProgress` fires per file — use `p.index` to identify which file.
-   * All files receive a `pending` event upfront so you can render progress
-   * bars immediately before any data is sent.
+   * @example
+   * ```ts
+   * const { files } = await storage.getBatchUploadUrls([
+   *   { path: 'images/photo1.jpg', mimeType: 'image/jpeg', size: 204800 },
+   *   { path: 'images/photo2.jpg', mimeType: 'image/jpeg', size: 153600 },
+   * ]);
+   *
+   * // Upload each file and confirm
+   * for (const f of files) {
+   *   await storage.uploadToSignedUrl(f.uploadUrl, blobs[f.index], f.mimeType);
+   *   await storage.confirmUpload({ path: f.path, mimeType: f.mimeType });
+   * }
+   * ```
+   */
+  async getBatchUploadUrls(files) {
+    const result = await this.http.request(
+      `${this.basePath}/batch-upload-urls`,
+      { method: "POST", body: { files }, headers: this.authHeaders }
+    );
+    return { files: result.files };
+  }
+  /**
+   * Confirm multiple direct uploads at once.
+   */
+  async batchConfirmUploads(items) {
+    const result = await this.http.request(
+      `${this.basePath}/batch-confirm`,
+      { method: "POST", body: { files: items }, headers: this.authHeaders }
+    );
+    return result.files.map((r) => ({
+      path: r.path,
+      mimeType: r.mimeType,
+      size: r.size,
+      isPublic: r.isPublic,
+      publicUrl: r.publicUrl,
+      downloadUrl: r.downloadUrl
+    }));
+  }
+  // ─── Download ─────────────────────────────────────────────────────────────
+  /**
+   * Download a private file as an ArrayBuffer.
+   * For public files, use the `publicUrl` directly — no SDK needed.
+   *
+   * @example
+   * ```ts
+   * const buffer = await storage.download('docs/contract.pdf');
+   * const blob = new Blob([buffer], { type: 'application/pdf' });
+   * // Open in browser:
+   * window.open(URL.createObjectURL(blob));
+   * ```
+   */
+  async download(path) {
+    const encoded = path.split("/").map(encodeURIComponent).join("/");
+    return this.http.request(`${this.basePath}/download/${encoded}`, {
+      method: "GET",
+      headers: this.authHeaders
+    });
+  }
+  /**
+   * Download multiple files at once, returned as a JSON map of `{ path: base64 }`.
    *
    * @example
-   * await db.storage('documents').batchUpload(files, {
-   *   prefix:     'reports/2024/',
-   *   onProgress: (p) => updateBar(p.index, p.percent),
+   * ```ts
+   * const files = await storage.batchDownload(['docs/a.pdf', 'docs/b.pdf']);
+   * ```
+   */
+  async batchDownload(paths) {
+    const result = await this.http.request(
+      `${this.basePath}/batch-download`,
+      { method: "POST", body: { paths }, headers: this.authHeaders }
+    );
+    return result.files;
+  }
+  // ─── List ─────────────────────────────────────────────────────────────────
+  /**
+   * List files and folders at a given path prefix.
+   *
+   * @example
+   * ```ts
+   * // List everything in the root
+   * const { files, folders } = await storage.list();
+   *
+   * // List a specific folder
+   * const { files, folders, hasMore, nextCursor } = await storage.list({
+   *   prefix: 'avatars/',
+   *   limit: 20,
    * });
+   *
+   * // Next page
+   * const page2 = await storage.list({ prefix: 'avatars/', cursor: nextCursor });
+   * ```
    */
-  async batchUpload(files, options = {}) {
-    var _a;
-    const { prefix = "", paths, overwrite = false, onProgress } = options;
-    try {
-      const url = `${this.base}/batch-upload`;
-      const resolvedPaths = files.map((f, i) => {
-        var _a2;
-        return (_a2 = paths == null ? void 0 : paths[i]) != null ? _a2 : `${prefix}${f.name}`;
-      });
-      const form = new FormData();
-      files.forEach((f) => form.append("files", f, f.name));
-      form.append("paths", JSON.stringify(resolvedPaths));
-      if (overwrite) form.append("overwrite", "true");
-      const headers = storageHeaders(this.key);
-      if (isBrowser) {
-        const totalBytes = files.reduce((s, f) => s + f.size, 0);
-        const rawBody = await xhrUpload(url, form, headers, (loaded, total) => {
-          if (!onProgress) return;
-          let cursor = 0;
-          for (let i = 0; i < files.length; i++) {
-            const share = files[i].size / (totalBytes || 1);
-            const fileLoaded = Math.max(0, Math.min(
-              files[i].size,
-              (loaded / (total || totalBytes) - cursor) / share * files[i].size
-            ));
-            onProgress({
-              index: i,
-              total: files.length,
-              path: resolvedPaths[i],
-              stage: "uploading",
-              bytesUploaded: Math.round(fileLoaded),
-              totalBytes: files[i].size,
-              percent: Math.min(99, Math.round(fileLoaded / files[i].size * 100)),
-              bytesPerSecond: null,
-              eta: null
-            });
-            cursor += share;
-          }
-        });
-        const { results, errors } = drainSSE(rawBody, onProgress);
-        return { data: { succeeded: results, failed: errors }, error: null };
-      }
-      const res = await fetch(url, { method: "POST", headers, body: form });
-      if (!res.ok) {
-        const e = await res.json().catch(() => ({}));
-        throw new HydrousDBError((_a = e.error) != null ? _a : `HTTP ${res.status}`, "HTTP_ERROR", res.status);
-      }
-      const succeeded = [];
-      const failed = [];
-      await readSSEStream(res, (eventType, data) => {
-        var _a2, _b, _c, _d, _e, _f, _g, _h, _i, _j;
-        const d = data;
-        if (eventType === "progress" && onProgress) {
-          onProgress({
-            index: (_a2 = d["index"]) != null ? _a2 : 0,
-            total: (_b = d["total"]) != null ? _b : files.length,
-            path: (_c = d["path"]) != null ? _c : "",
-            stage: (_d = d["stage"]) != null ? _d : "uploading",
-            bytesUploaded: (_e = d["bytesUploaded"]) != null ? _e : 0,
-            totalBytes: (_f = d["totalBytes"]) != null ? _f : 0,
-            percent: (_g = d["percent"]) != null ? _g : 0,
-            bytesPerSecond: (_h = d["bytesPerSecond"]) != null ? _h : null,
-            eta: (_i = d["eta"]) != null ? _i : null
-          });
-        }
-        if (eventType === "done" && d["succeeded"]) {
-          succeeded.push(...d["succeeded"]);
-          failed.push(...(_j = d["errors"]) != null ? _j : []);
-        }
-      });
-      return { data: { succeeded, failed }, error: null };
-    } catch (err) {
-      return { data: null, error: toHydrousError(err) };
-    }
+  async list(opts = {}) {
+    const params = new URLSearchParams();
+    if (opts.prefix) params.set("prefix", opts.prefix);
+    if (opts.limit) params.set("limit", String(opts.limit));
+    if (opts.cursor) params.set("cursor", opts.cursor);
+    if (opts.recursive) params.set("recursive", "true");
+    const qs = params.toString() ? `?${params}` : "";
+    const result = await this.http.request(`${this.basePath}/list${qs}`, {
+      method: "GET",
+      headers: this.authHeaders
+    });
+    return {
+      files: result.files,
+      folders: result.folders,
+      hasMore: result.hasMore,
+      nextCursor: result.nextCursor
+    };
   }
-  // ══════════════════════════════════════════════════════════════════════════
-  // DOWNLOAD
-  // ══════════════════════════════════════════════════════════════════════════
+  // ─── Metadata ─────────────────────────────────────────────────────────────
   /**
-   * Download a single file and return its content as an `ArrayBuffer`.
+   * Get metadata for a file (size, MIME type, visibility, URLs).
    *
    * @example
-   * const { data } = await db.storage('avatars').download('users/alice.jpg');
-   * const blob = new Blob([data!]);
-   * img.src = URL.createObjectURL(blob);
+   * ```ts
+   * const meta = await storage.getMetadata('avatars/alice.jpg');
+   * console.log(meta.size, meta.isPublic, meta.publicUrl);
+   * ```
    */
-  async download(filePath) {
-    var _a;
-    try {
-      const res = await fetch(`${this.base}/download/${filePath}`, {
-        headers: storageHeaders(this.key)
-      });
-      if (!res.ok) {
-        const e = await res.json().catch(() => ({}));
-        throw new HydrousDBError((_a = e.error) != null ? _a : `HTTP ${res.status}`, "HTTP_ERROR", res.status);
-      }
-      return { data: await res.arrayBuffer(), error: null };
-    } catch (err) {
-      return { data: null, error: toHydrousError(err) };
-    }
+  async getMetadata(path) {
+    const encoded = path.split("/").map(encodeURIComponent).join("/");
+    const result = await this.http.request(
+      `${this.basePath}/metadata/${encoded}`,
+      { method: "GET", headers: this.authHeaders }
+    );
+    return {
+      path: result.path,
+      size: result.size,
+      mimeType: result.mimeType,
+      isPublic: result.isPublic,
+      publicUrl: result.publicUrl,
+      downloadUrl: result.downloadUrl,
+      createdAt: result.createdAt,
+      updatedAt: result.updatedAt
+    };
   }
-  // ══════════════════════════════════════════════════════════════════════════
-  // BATCH DOWNLOAD
-  // ══════════════════════════════════════════════════════════════════════════
+  // ─── Signed URL (time-limited share) ─────────────────────────────────────
   /**
-   * Download multiple files in one request.
+   * Generate a time-limited download URL for a private file.
+   * The URL can be shared externally without requiring an `X-Storage-Key`.
+   *
+   * > **Note:** Downloads via signed URLs bypass the server, so download stats
+   * > are NOT tracked. Use `downloadUrl` for tracked downloads.
    *
-   * Set `autoSave: true` (browser only) to trigger a Save dialog per file.
+   * @param path       Path to the file.
+   * @param expiresIn  URL lifetime in seconds (default 3600 = 1 hour).
    *
    * @example
-   * const { data } = await db.storage('reports').batchDownload(
-   *   ['jan.pdf', 'feb.pdf'],
-   *   { autoSave: true, onProgress: (p) => console.log(p.path, p.status) }
-   * );
+   * ```ts
+   * const { signedUrl, expiresAt } = await storage.getSignedUrl('docs/invoice.pdf', 1800);
+   * // Share signedUrl with the recipient — it expires in 30 minutes.
+   * ```
    */
-  async batchDownload(filePaths, options = {}) {
-    var _a;
-    const { concurrency = 5, onProgress, autoSave = false } = options;
-    try {
-      const res = await fetch(`${this.base}/batch-download`, {
-        method: "POST",
-        headers: jsonHeaders(this.key),
-        body: JSON.stringify({ paths: filePaths, concurrency })
-      });
-      if (!res.ok) {
-        const e = await res.json().catch(() => ({}));
-        throw new HydrousDBError((_a = e.error) != null ? _a : `HTTP ${res.status}`, "HTTP_ERROR", res.status);
-      }
-      const downloadedFiles = [];
-      await readSSEStream(res, (eventType, data) => {
-        var _a2, _b, _c, _d, _e, _f, _g, _h;
-        const d = data;
-        if (eventType === "file") {
-          const base64 = d["content"];
-          const mimeType = (_a2 = d["mimeType"]) != null ? _a2 : "application/octet-stream";
-          const path = (_b = d["path"]) != null ? _b : "";
-          const size = (_c = d["size"]) != null ? _c : 0;
-          const index = (_d = d["index"]) != null ? _d : 0;
-          const binary = atob(base64);
-          const bytes = new Uint8Array(binary.length);
-          for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
-          downloadedFiles.push({ path, content: bytes.buffer, mimeType, size });
-          onProgress == null ? void 0 : onProgress({ index, total: filePaths.length, path, status: "success", size, mimeType });
-          if (autoSave && isBrowser) {
-            const blob = new Blob([bytes.buffer], { type: mimeType });
-            const blobUrl = URL.createObjectURL(blob);
-            const a = document.createElement("a");
-            a.href = blobUrl;
-            a.download = (_e = path.split("/").pop()) != null ? _e : "download";
-            a.click();
-            setTimeout(() => URL.revokeObjectURL(blobUrl), 5e3);
-          }
-        }
-        if (eventType === "error" && onProgress) {
-          const index = (_f = d["index"]) != null ? _f : 0;
-          onProgress({
-            index,
-            total: filePaths.length,
-            path: (_g = filePaths[index]) != null ? _g : "",
-            status: "error",
-            error: (_h = d["error"]) != null ? _h : "Download failed"
-          });
-        }
-      });
-      return { data: downloadedFiles, error: null };
-    } catch (err) {
-      return { data: null, error: toHydrousError(err) };
-    }
+  async getSignedUrl(path, expiresIn = 3600) {
+    const result = await this.http.request(`${this.basePath}/signed-url`, {
+      method: "POST",
+      body: { path, expiresIn },
+      headers: this.authHeaders
+    });
+    return {
+      signedUrl: result.signedUrl,
+      expiresAt: result.expiresAt,
+      expiresIn: result.expiresIn,
+      path: result.path
+    };
   }
-  // ══════════════════════════════════════════════════════════════════════════
-  // LIST
-  // ══════════════════════════════════════════════════════════════════════════
+  // ─── Visibility ───────────────────────────────────────────────────────────
   /**
-   * List files and folders (paginated).
+   * Change a file's visibility between public and private after upload.
    *
    * @example
-   * const { data } = await db.storage('avatars').list({ prefix: 'users/' });
-   * for (const item of data!.items) {
-   *   console.log(item.type, item.path, item.size);
-   * }
+   * ```ts
+   * // Make a file public
+   * const result = await storage.setVisibility('avatars/alice.jpg', true);
+   * console.log(result.publicUrl); // CDN URL
+   *
+   * // Make a file private
+   * const result = await storage.setVisibility('avatars/alice.jpg', false);
+   * console.log(result.downloadUrl); // Auth-required URL
+   * ```
    */
-  async list(options = {}) {
-    const { prefix = "", limit = 50, cursor } = options;
-    try {
-      const url = buildUrl(this.base, "list", {
-        prefix: prefix || void 0,
-        limit,
-        cursor: cursor || void 0
-      });
-      const res = await fetch(url.replace(this.base + "/list", `${this.base}/list`), {
-        headers: storageHeaders(this.key)
-      });
-      const u = `${this.base}/list?${new URLSearchParams(
-        Object.entries({ prefix: prefix || "", limit: String(limit), ...cursor ? { cursor } : {} }).filter(([, v]) => v !== "")
-      ).toString()}`;
-      const r = await fetch(u, { headers: storageHeaders(this.key) });
-      const json = await parseResponse(r);
-      return { data: json, error: null };
-    } catch (err) {
-      return { data: null, error: toHydrousError(err) };
-    }
+  async setVisibility(path, isPublic) {
+    const result = await this.http.request(`${this.basePath}/visibility`, {
+      method: "PATCH",
+      body: { path, isPublic },
+      headers: this.authHeaders
+    });
+    return {
+      path: result.path,
+      isPublic: result.isPublic,
+      publicUrl: result.publicUrl,
+      downloadUrl: result.downloadUrl
+    };
   }
-  // ══════════════════════════════════════════════════════════════════════════
-  // METADATA
-  // ══════════════════════════════════════════════════════════════════════════
+  // ─── Folder Operations ────────────────────────────────────────────────────
   /**
-   * Get metadata for a file (size, MIME type, compression, etc.)
+   * Create a folder (a GCS prefix placeholder).
    *
    * @example
-   * const { data: meta } = await db.storage('docs').metadata('report.pdf');
-   * console.log(meta!.size, meta!.mimeType, meta!.isCompressed);
+   * ```ts
+   * await storage.createFolder('uploads/2025/');
+   * ```
    */
-  async metadata(filePath) {
-    try {
-      const res = await fetch(`${this.base}/metadata/${filePath}`, {
-        headers: storageHeaders(this.key)
-      });
-      const json = await parseResponse(res);
-      return { data: json.data, error: null };
-    } catch (err) {
-      return { data: null, error: toHydrousError(err) };
-    }
+  async createFolder(path) {
+    const result = await this.http.request(
+      `${this.basePath}/folder`,
+      { method: "POST", body: { path }, headers: this.authHeaders }
+    );
+    return { path: result.path };
   }
-  // ══════════════════════════════════════════════════════════════════════════
-  // DELETE
-  // ══════════════════════════════════════════════════════════════════════════
-  /** Delete a single file */
-  async deleteFile(filePath) {
-    try {
-      const res = await fetch(`${this.base}/file`, {
-        method: "DELETE",
-        headers: jsonHeaders(this.key),
-        body: JSON.stringify({ path: filePath })
-      });
-      await parseResponse(res);
-      return { data: void 0, error: null };
-    } catch (err) {
-      return { data: null, error: toHydrousError(err) };
-    }
+  // ─── File Operations ──────────────────────────────────────────────────────
+  /**
+   * Delete a single file.
+   *
+   * @example
+   * ```ts
+   * await storage.deleteFile('avatars/old-avatar.jpg');
+   * ```
+   */
+  async deleteFile(path) {
+    await this.http.request(`${this.basePath}/file`, {
+      method: "DELETE",
+      body: { path },
+      headers: this.authHeaders
+    });
   }
-  /** Recursively delete a folder and all its contents */
-  async deleteFolder(folderPath) {
-    try {
-      const res = await fetch(`${this.base}/folder`, {
-        method: "DELETE",
-        headers: jsonHeaders(this.key),
-        body: JSON.stringify({ path: folderPath })
-      });
-      await parseResponse(res);
-      return { data: void 0, error: null };
-    } catch (err) {
-      return { data: null, error: toHydrousError(err) };
-    }
+  /**
+   * Delete a folder and all its contents recursively.
+   *
+   * @example
+   * ```ts
+   * await storage.deleteFolder('temp/');
+   * ```
+   */
+  async deleteFolder(path) {
+    await this.http.request(`${this.basePath}/folder`, {
+      method: "DELETE",
+      body: { path },
+      headers: this.authHeaders
+    });
   }
-  /** Create an empty folder */
-  async createFolder(folderPath) {
-    try {
-      const res = await fetch(`${this.base}/folder`, {
-        method: "POST",
-        headers: jsonHeaders(this.key),
-        body: JSON.stringify({ path: folderPath })
-      });
-      await parseResponse(res);
-      return { data: void 0, error: null };
-    } catch (err) {
-      return { data: null, error: toHydrousError(err) };
-    }
+  /**
+   * Move or rename a file.
+   *
+   * @example
+   * ```ts
+   * // Rename
+   * await storage.move('docs/draft.pdf', 'docs/final.pdf');
+   * // Move to a different folder
+   * await storage.move('inbox/report.xlsx', 'archive/2025/report.xlsx');
+   * ```
+   */
+  async move(from, to) {
+    const result = await this.http.request(
+      `${this.basePath}/move`,
+      { method: "POST", body: { from, to }, headers: this.authHeaders }
+    );
+    return { from: result.from, to: result.to };
   }
-  // ══════════════════════════════════════════════════════════════════════════
-  // MOVE & COPY
-  // ══════════════════════════════════════════════════════════════════════════
-  /** Move (rename) a file */
-  async move(fromPath, toPath) {
-    try {
-      const res = await fetch(`${this.base}/move`, {
-        method: "POST",
-        headers: jsonHeaders(this.key),
-        body: JSON.stringify({ from: fromPath, to: toPath })
-      });
-      await parseResponse(res);
-      return { data: void 0, error: null };
-    } catch (err) {
-      return { data: null, error: toHydrousError(err) };
-    }
+  /**
+   * Copy a file to a new path.
+   *
+   * @example
+   * ```ts
+   * await storage.copy('templates/base.html', 'sites/my-site/index.html');
+   * ```
+   */
+  async copy(from, to) {
+    const result = await this.http.request(
+      `${this.basePath}/copy`,
+      { method: "POST", body: { from, to }, headers: this.authHeaders }
+    );
+    return { from: result.from, to: result.to };
   }
-  /** Copy a file (original is kept) */
-  async copy(fromPath, toPath) {
-    try {
-      const res = await fetch(`${this.base}/copy`, {
-        method: "POST",
-        headers: jsonHeaders(this.key),
-        body: JSON.stringify({ from: fromPath, to: toPath })
-      });
-      await parseResponse(res);
-      return { data: void 0, error: null };
-    } catch (err) {
-      return { data: null, error: toHydrousError(err) };
-    }
+  // ─── Stats ────────────────────────────────────────────────────────────────
+  /**
+   * Get storage statistics for your key: total files, bytes, operation counts.
+   *
+   * @example
+   * ```ts
+   * const stats = await storage.getStats();
+   * console.log(`${stats.totalFiles} files, ${(stats.totalBytes / 1e6).toFixed(1)} MB`);
+   * ```
+   */
+  async getStats() {
+    const result = await this.http.request(`${this.basePath}/stats`, {
+      method: "GET",
+      headers: this.authHeaders
+    });
+    return result.stats;
   }
-  // ══════════════════════════════════════════════════════════════════════════
-  // SIGNED URL
-  // ══════════════════════════════════════════════════════════════════════════
+  // ─── Info (no auth) ───────────────────────────────────────────────────────
   /**
-   * Generate a time-limited public URL for a private file.
+   * Ping the storage service. No authentication required.
    *
    * @example
-   * const { data } = await db.storage('contracts').signedUrl('nda.pdf', { expiresIn: 300 });
-   * console.log(data!.signedUrl); // share this
+   * ```ts
+   * const info = await storage.info();
+   * // → { ok: true, storageRoot: 'hydrous-storage' }
+   * ```
    */
-  async signedUrl(filePath, options = {}) {
-    const { expiresIn = 3600 } = options;
-    try {
-      const res = await fetch(`${this.base}/signed-url`, {
-        method: "POST",
-        headers: jsonHeaders(this.key),
-        body: JSON.stringify({ path: filePath, expiresInSeconds: expiresIn })
-      });
-      const json = await parseResponse(res);
-      return { data: json, error: null };
-    } catch (err) {
-      return { data: null, error: toHydrousError(err) };
-    }
+  async info() {
+    return this.http.get(`${this.basePath}/info`);
+  }
+};
+
+// src/storage/scoped.ts
+var ScopedStorage = class _ScopedStorage {
+  constructor(manager, prefix) {
+    this.manager = manager;
+    this.prefix = prefix.replace(/\/+$/, "") + "/";
+  }
+  scopedPath(userPath) {
+    return `${this.prefix}${userPath.replace(/^\/+/, "")}`;
+  }
+  /** Upload a file within the scoped folder. */
+  upload(data, path, options) {
+    return this.manager.upload(data, this.scopedPath(path), options);
+  }
+  /** Upload raw JSON or text within the scoped folder. */
+  uploadRaw(data, path, options) {
+    return this.manager.uploadRaw(data, this.scopedPath(path), options);
+  }
+  /** Get a signed upload URL for a file within the scoped folder. */
+  getUploadUrl(opts) {
+    return this.manager.getUploadUrl({ ...opts, path: this.scopedPath(opts.path) });
+  }
+  /** Confirm a direct upload within the scoped folder. */
+  confirmUpload(opts) {
+    return this.manager.confirmUpload({ ...opts, path: this.scopedPath(opts.path) });
+  }
+  /** Download a file within the scoped folder. */
+  download(path) {
+    return this.manager.download(this.scopedPath(path));
+  }
+  /**
+   * List files within the scoped folder.
+   * `prefix` in options is relative to the scope.
+   */
+  list(opts = {}) {
+    const scopedOpts = {
+      ...opts,
+      prefix: this.scopedPath(opts.prefix ?? "")
+    };
+    return this.manager.list(scopedOpts);
+  }
+  /** Get metadata for a file within the scoped folder. */
+  getMetadata(path) {
+    return this.manager.getMetadata(this.scopedPath(path));
+  }
+  /** Get a time-limited signed URL for a file within the scoped folder. */
+  getSignedUrl(path, expiresIn) {
+    return this.manager.getSignedUrl(this.scopedPath(path), expiresIn);
+  }
+  /** Change visibility of a file within the scoped folder. */
+  setVisibility(path, isPublic) {
+    return this.manager.setVisibility(this.scopedPath(path), isPublic);
+  }
+  /** Delete a file within the scoped folder. */
+  deleteFile(path) {
+    return this.manager.deleteFile(this.scopedPath(path));
+  }
+  /** Delete a sub-folder within the scoped folder. */
+  deleteFolder(path) {
+    return this.manager.deleteFolder(this.scopedPath(path));
+  }
+  /** Move a file within the scoped folder. */
+  move(from, to) {
+    return this.manager.move(this.scopedPath(from), this.scopedPath(to));
+  }
+  /** Copy a file within the scoped folder. */
+  copy(from, to) {
+    return this.manager.copy(this.scopedPath(from), this.scopedPath(to));
+  }
+  /** Create a sub-folder within the scoped folder. */
+  createFolder(path) {
+    return this.manager.createFolder(this.scopedPath(path));
   }
-  // ══════════════════════════════════════════════════════════════════════════
-  // STATS
-  // ══════════════════════════════════════════════════════════════════════════
   /**
-   * Get usage and billing stats for this storage key.
+   * Create a further-scoped instance nested within this scope.
    *
    * @example
-   * const { data } = await db.storage('main').stats();
-   * console.log(data!.totalFiles, data!.totalSizeBytes);
+   * ```ts
+   * const uploads = db.storage.scope('user-uploads');
+   * const images = uploads.scope('images');   // → "user-uploads/images/"
+   * ```
    */
-  async stats() {
-    try {
-      const res = await fetch(`${this.base}/stats`, {
-        headers: storageHeaders(this.key)
-      });
-      const json = await parseResponse(res);
-      return { data: json.data, error: null };
-    } catch (err) {
-      return { data: null, error: toHydrousError(err) };
-    }
+  scope(subPrefix) {
+    return new _ScopedStorage(this.manager, this.scopedPath(subPrefix));
   }
 };
 
-// src/storage/manager.ts
-var StorageManager = class {
+// src/client.ts
+var HydrousClient = class {
   constructor(config) {
-    this.cache = /* @__PURE__ */ new Map();
-    this.baseUrl = config.url;
-    this._keys = config.storageKeys;
+    this._recordsCache = /* @__PURE__ */ new Map();
+    this._authCache = /* @__PURE__ */ new Map();
+    this._analyticsCache = /* @__PURE__ */ new Map();
+    this._storageCache = /* @__PURE__ */ new Map();
+    if (!config.authKey) {
+      throw new Error("[HydrousDB] authKey is required. Get yours from https://hydrousdb.com/dashboard.");
+    }
+    if (!config.bucketSecurityKey) {
+      throw new Error("[HydrousDB] bucketSecurityKey is required. Get yours from https://hydrousdb.com/dashboard.");
+    }
+    if (!config.storageKeys || Object.keys(config.storageKeys).length === 0) {
+      throw new Error("[HydrousDB] storageKeys is required. Define at least one storage key from https://hydrousdb.com/dashboard.");
+    }
+    const baseUrl = config.baseUrl ?? DEFAULT_BASE_URL;
+    this.http = new HttpClient(baseUrl);
+    this.authKey_ = config.authKey;
+    this.bucketSecurityKey_ = config.bucketSecurityKey;
+    this.storageKeys_ = config.storageKeys;
   }
+  // ─── Records ─────────────────────────────────────────────────────────────
   /**
-   * Get a storage client scoped to a named key.
-   *
-   * @param keyName - Must match a property you declared in `storageKeys`
+   * Get a typed records client for the named bucket.
+   * Uses your `bucketSecurityKey` automatically.
    *
    * @example
-   * const avatarStore   = db.storage('avatars');
-   * const documentStore = db.storage('documents');
-   *
-   * await avatarStore.upload(file, { path: 'users/alice.jpg' });
-   * const list = await documentStore.list({ prefix: 'invoices/' });
+   * ```ts
+   * interface Post { title: string; published: boolean }
+   * const posts = db.records<Post>('blog-posts');
+   * const post = await posts.create({ title: 'Hello', published: false });
+   * ```
    */
-  use(keyName) {
-    const bucketKey = this._keys[keyName];
-    if (!bucketKey) {
-      const available = Object.keys(this._keys).join(", ");
-      throw new HydrousDBError(
-        `Storage key "${keyName}" is not defined.
-Available: ${available || "(none)"}`,
-        "UNKNOWN_STORAGE_KEY"
+  records(bucketKey) {
+    if (!this._recordsCache.has(bucketKey)) {
+      this._recordsCache.set(
+        bucketKey,
+        new RecordsClient(this.http, this.bucketSecurityKey_, bucketKey)
       );
     }
-    if (!this.cache.has(keyName)) {
-      this.cache.set(keyName, new ScopedStorageClient(this.baseUrl, keyName, bucketKey));
+    return this._recordsCache.get(bucketKey);
+  }
+  // ─── Auth ─────────────────────────────────────────────────────────────────
+  /**
+   * Get an auth client for the named user bucket.
+   * Uses your `authKey` automatically.
+   *
+   * @example
+   * ```ts
+   * const auth = db.auth('app-users');
+   * const { user, session } = await auth.login({ email: '…', password: '…' });
+   * ```
+   */
+  auth(bucketKey) {
+    if (!this._authCache.has(bucketKey)) {
+      this._authCache.set(bucketKey, new AuthClient(this.http, this.authKey_, bucketKey));
     }
-    return this.cache.get(keyName);
+    return this._authCache.get(bucketKey);
   }
-  /** Return the names of all configured storage keys */
-  keyNames() {
-    return Object.keys(this._keys);
+  // ─── Analytics ────────────────────────────────────────────────────────────
+  /**
+   * Get an analytics client for the named bucket.
+   * Uses your `bucketSecurityKey` automatically.
+   *
+   * @example
+   * ```ts
+   * const analytics = db.analytics('orders');
+   * const { count } = await analytics.count();
+   * ```
+   */
+  analytics(bucketKey) {
+    if (!this._analyticsCache.has(bucketKey)) {
+      this._analyticsCache.set(
+        bucketKey,
+        new AnalyticsClient(this.http, this.bucketSecurityKey_, bucketKey)
+      );
+    }
+    return this._analyticsCache.get(bucketKey);
   }
-};
-
-// src/client.ts
-var HydrousClient = class {
-  constructor(config) {
-    if (!config.url) throw new Error("[HydrousDB] config.url is required");
-    if (!config.authKey) throw new Error("[HydrousDB] config.authKey is required");
-    if (!config.bucketSecurityKey) throw new Error("[HydrousDB] config.bucketSecurityKey is required");
-    if (!config.storageKeys || typeof config.storageKeys !== "object") {
-      throw new Error("[HydrousDB] config.storageKeys must be an object of named keys");
+  // ─── Storage ──────────────────────────────────────────────────────────────
+  /**
+   * Get a storage manager for the named storage key.
+   * The name must match a key you defined in `storageKeys` when calling `createClient`.
+   * Uses the corresponding `ssk_…` key automatically via `X-Storage-Key` header.
+   *
+   * @param keyName  The name of the storage key (e.g. `"avatars"`, `"documents"`, `"main"`).
+   *
+   * @example
+   * ```ts
+   * const avatars   = db.storage('avatars');
+   * const documents = db.storage('documents');
+   *
+   * // Upload to avatars bucket
+   * await avatars.upload(file, `${userId}.jpg`, { isPublic: true });
+   *
+   * // Scope to a sub-folder
+   * const userDocs = db.storage('documents').scope(`users/${userId}`);
+   * await userDocs.upload(pdfBuffer, 'contract.pdf');
+   * ```
+   */
+  storage(keyName) {
+    const ssk = this.storageKeys_[keyName];
+    if (!ssk) {
+      const available = Object.keys(this.storageKeys_).join(", ");
+      throw new Error(
+        `[HydrousDB] Unknown storage key name "${keyName}". Available keys: ${available}. Add it to storageKeys in your createClient() config.`
+      );
+    }
+    if (!this._storageCache.has(keyName)) {
+      this._storageCache.set(keyName, new StorageManager(this.http, ssk));
     }
-    this.auth = new AuthClient(config);
-    this.records = new RecordsClient(config);
-    this.analytics = new AnalyticsClient(config);
-    const manager = new StorageManager(config);
-    const fn = (keyName) => manager.use(keyName);
-    fn.use = (keyName) => manager.use(keyName);
-    fn.keyNames = () => manager.keyNames();
-    this.storage = fn;
+    const mgr = this._storageCache.get(keyName);
+    const extended = mgr;
+    if (!extended.scope) {
+      extended.scope = (prefix) => new ScopedStorage(mgr, prefix);
+    }
+    return extended;
   }
 };
-
-// src/index.ts
 function createClient(config) {
   return new HydrousClient(config);
 }
 
-exports.AnalyticsClient = AnalyticsClient;
-exports.AuthClient = AuthClient;
-exports.HydrousClient = HydrousClient;
-exports.HydrousDBError = HydrousDBError;
-exports.RecordsClient = RecordsClient;
-exports.ScopedStorageClient = ScopedStorageClient;
-exports.StorageManager = StorageManager;
-exports.createClient = createClient;
-exports.eq = eq;
-exports.gt = gt;
-exports.gte = gte;
-exports.inArray = inArray;
-exports.isHydrousError = isHydrousError;
-exports.lt = lt;
-exports.lte = lte;
-exports.neq = neq;
+export { AnalyticsClient, AnalyticsError, AuthClient, AuthError, HydrousClient, HydrousError, NetworkError, RecordError, RecordsClient, ScopedStorage, StorageError, StorageManager, ValidationError, createClient };
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map