npm - hydrousdb - Versions diffs - 3.5.1 → 3.5.3 - Mend

hydrousdb 3.5.1 → 3.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -57,6 +57,35 @@ interface LoginOptions {
     email: string;
     password: string;
 }
+/**
+ * Options for `auth.continueWithGoogle()`.
+ *
+ * Pass the Google ID token returned by the Google Sign-In SDK.
+ * Your server verifies this token — the SDK never calls Google APIs directly.
+ *
+ * How to get the idToken:
+ *   Web (Google Identity Services):
+ *     `google.accounts.id.initialize({ callback: ({ credential }) => ... })`
+ *     → credential IS the idToken
+ *   React Native (@react-native-google-signin/google-signin):
+ *     `const { idToken } = await GoogleSignin.signIn()`
+ *   Flutter (google_sign_in):
+ *     `final idToken = (await account.authentication).idToken`
+ */
+interface GoogleSignInOptions {
+    idToken: string;
+}
+/**
+ * Options for `auth.linkGoogle()`.
+ * Links a Google account to an existing email/password account so the
+ * user can sign in with either method going forward.
+ */
+interface GoogleLinkOptions {
+    /** Active session ID of the currently signed-in user. */
+    sessionId: string;
+    /** Google ID token from the Google Sign-In SDK. */
+    idToken: string;
+}
 interface UserRecord {
     id: string;
     email: string;
@@ -67,6 +96,24 @@ interface UserRecord {
     createdAt: number;
     updatedAt: number;
     metadata?: Record<string, unknown>;
+    /**
+     * Primary authentication provider for this account.
+     *   'email'  — signed up with email + password
+     *   'google' — signed up via Google (no password unless added later)
+     */
+    authProvider?: 'email' | 'google' | 'github';
+    /**
+     * Google profile picture URL.
+     * Present for users who signed up or linked Google.
+     * Refreshed automatically on each Google sign-in.
+     */
+    picture?: string | null;
+    /**
+     * Stable Google user ID (the `sub` claim from the Google ID token).
+     * Never changes even if the user changes their Google email.
+     * Only present for users with Google linked.
+     */
+    googleId?: string;
     [key: string]: unknown;
 }
 interface Session {
@@ -81,6 +128,19 @@ interface Session {
 interface AuthResult {
     user: UserRecord;
     session: Session;
+    /**
+     * `true` when this is the very first sign-in (account was just created).
+     * `false` for returning users.
+     * Present for all auth methods — signup, login, and continueWithGoogle.
+     *
+     * Use to drive onboarding flows:
+     * ```ts
+     * const { user, session, isNew } = await auth.continueWithGoogle({ idToken });
+     * if (isNew) router.push('/onboarding');
+     * else       router.push('/dashboard');
+     * ```
+     */
+    isNew?: boolean;
 }
 interface UpdateUserOptions {
     sessionId: string;
@@ -152,6 +212,30 @@ interface QueryOptions {
      * await posts.query({ timeScope: '_day_260305' });
      */
     timeScope?: string;
+    /**
+     * Start of a date range — inclusive. ISO date string (YYYY-MM-DD).
+     * Maps to `?startDate=` on the server.
+     * @example '2026-01-01'
+     */
+    startDate?: string;
+    /**
+     * End of a date range — inclusive. ISO date string (YYYY-MM-DD).
+     * Maps to `?endDate=` on the server.
+     * @example '2026-12-31'
+     */
+    endDate?: string;
+    /**
+     * Restrict the monthly walk to a specific two-digit year.
+     * Maps to `?year=` on the server.
+     * @example '26' for 2026
+     */
+    year?: string;
+    /**
+     * Field to sort by. Maps to `?sortBy=` on the server.
+     * Works on every query path — sorting is always done in-memory after hydration
+     * so any field name is accepted, not just indexed ones.
+     */
+    sortBy?: string;
 }
 interface QueryResult<T = RecordData> {
     records: (T & RecordResult)[];
@@ -414,6 +498,83 @@ declare class AuthClient {
         sessionId: string;
         allDevices?: boolean;
     }): Promise<void>;
+    /**
+     * Sign in or create an account using a Google ID token.
+     *
+     * Pass the `idToken` from the Google Sign-In SDK. Your server verifies the
+     * token against Google's public keys, then either creates a new account or
+     * signs in the returning user. No password is ever set or required.
+     *
+     * The returned `AuthResult` is identical in shape to `login()` and `signup()`.
+     * Sessions from Google sign-in work with `validateSession`, `refreshSession`,
+     * and `logout` — nothing changes after the initial sign-in.
+     *
+     * Use `isNew` to drive onboarding flows.
+     *
+     * @example
+     * ```ts
+     * // Web — Google Identity Services
+     * google.accounts.id.initialize({
+     *   client_id: 'YOUR_GOOGLE_CLIENT_ID',
+     *   callback: async ({ credential }) => {
+     *     const { user, session, isNew } = await db.auth().continueWithGoogle({
+     *       idToken: credential,
+     *     });
+     *     if (isNew) router.push('/onboarding');
+     *     else       router.push('/dashboard');
+     *   },
+     * });
+     *
+     * // React Native
+     * const { idToken } = await GoogleSignin.signIn();
+     * const { user, session, isNew } = await db.auth().continueWithGoogle({ idToken });
+     * ```
+     *
+     * Server: POST /api/auth/google
+     * Body: { idToken }
+     */
+    continueWithGoogle(options: GoogleSignInOptions): Promise<AuthResult>;
+    /**
+     * Link a Google account to the currently signed-in user.
+     *
+     * After linking, the user can sign in with either their email + password
+     * or with Google — both produce valid sessions.
+     *
+     * The server is idempotent — calling this when Google is already linked
+     * returns the updated user without creating duplicate entries.
+     *
+     * @example
+     * ```ts
+     * // User is signed in with email. They click "Connect Google" in settings.
+     * const { idToken } = await GoogleSignin.signIn();
+     * const updatedUser = await db.auth().linkGoogle({
+     *   sessionId: currentSession.sessionId,
+     *   idToken,
+     * });
+     * ```
+     *
+     * Server: POST /api/auth/google/link
+     * Body: { sessionId, idToken }
+     */
+    linkGoogle(options: GoogleLinkOptions): Promise<UserRecord>;
+    /**
+     * Unlink Google from the currently signed-in user's account.
+     *
+     * Only succeeds if the user has a password set — you cannot remove the only
+     * sign-in method. If the account was created via Google and has no password,
+     * call `changePassword` first.
+     *
+     * @example
+     * ```ts
+     * await db.auth().unlinkGoogle({ sessionId: currentSession.sessionId });
+     * ```
+     *
+     * Server: DELETE /api/auth/google/unlink
+     * Body: { sessionId }
+     */
+    unlinkGoogle(options: {
+        sessionId: string;
+    }): Promise<void>;
     /**
      * Validate an existing session and retrieve the current user.
      *
@@ -1203,114 +1364,64 @@ declare class HydrousClient {
  */
 declare function createClient(config: HydrousConfig): HydrousClient;
-/**
- * routes.ts — Single source of truth for every API path in the HydrousDB SDK.
- *
- * Base URL: https://db-api-82687684612.us-central1.run.app
- *
- * Mount points (from server.js):
- *   /api          → records router   (X-Api-Key: bucketSecurityKey)
- *   /api/analytics → analytics router (X-Api-Key: bucketSecurityKey)
- *   /api/auth      → auth router      (X-Api-Key: authKey)
- *   /storage       → storage router   (X-Storage-Key: ssk_…)
- *
- * ⚠️  Keys MUST be sent in headers — NEVER in URLs or query strings.
- *     Records + Analytics: X-Api-Key  (or Authorization: Bearer …)
- *     Storage:             X-Storage-Key (or Authorization: Bearer …)
- */
 declare const RECORDS: {
-    /** GET|POST|PATCH|DELETE|HEAD /api/:bucketKey */
+    /** Base path for a bucket: GET|POST /api/:bucketKey */
     readonly bucket: (bucketKey: string) => string;
-    /** POST /api/:bucketKey/batch/insert */
+    /** Batch insert: POST /api/:bucketKey/batch/insert */
     readonly batchInsert: (bucketKey: string) => string;
-    /** POST /api/:bucketKey/batch/update */
+    /** Batch update: POST /api/:bucketKey/batch/update */
     readonly batchUpdate: (bucketKey: string) => string;
-    /** POST /api/:bucketKey/batch/delete */
+    /** Batch delete: POST /api/:bucketKey/batch/delete */
     readonly batchDelete: (bucketKey: string) => string;
 };
 declare const ANALYTICS: {
-    /** POST /api/analytics/:bucketKey */
+    /** Analytics query: POST /api/analytics/:bucketKey */
     readonly query: (bucketKey: string) => string;
 };
 declare const AUTH: {
-    /** POST /api/auth/signup   body: { email, password, fullName?, ...extra } */
     readonly signup: "/api/auth/signup";
-    /** POST /api/auth/signin   body: { email, password } */
     readonly signin: "/api/auth/signin";
-    /** POST /api/auth/signout  body: { sessionId, allDevices? } */
     readonly signout: "/api/auth/signout";
-    /** POST /api/auth/session/validate  body: { sessionId } */
+    readonly googleSignIn: "/api/auth/google";
+    readonly googleLink: "/api/auth/google/link";
+    readonly googleUnlink: "/api/auth/google/unlink";
     readonly sessionValidate: "/api/auth/session/validate";
-    /** POST /api/auth/session/refresh   body: { refreshToken } */
     readonly sessionRefresh: "/api/auth/session/refresh";
-    /** GET  /api/auth/user?userId=... */
     readonly getUser: "/api/auth/user";
-    /** GET  /api/auth/users?limit=&cursor= */
-    readonly listUsers: "/api/auth/users";
-    /** PATCH /api/auth/user  body: { sessionId, userId, updates: {...} } */
     readonly updateUser: "/api/auth/user";
-    /** DELETE /api/auth/user?userId=...  body: { sessionId } */
     readonly deleteUser: "/api/auth/user";
-    /** DELETE /api/auth/user/hard?userId=...  body: { sessionId } */
+    readonly listUsers: "/api/auth/users";
     readonly hardDeleteUser: "/api/auth/user/hard";
-    /** DELETE /api/auth/users/bulk  body: { userIds, hard?, sessionId } */
     readonly bulkDeleteUsers: "/api/auth/users/bulk";
-    /** POST /api/auth/password/change  body: { sessionId, userId, oldPassword, newPassword } */
+    readonly accountLock: "/api/auth/account/lock";
+    readonly accountUnlock: "/api/auth/account/unlock";
     readonly passwordChange: "/api/auth/password/change";
-    /** POST /api/auth/password/reset/request  body: { email } */
     readonly passwordResetRequest: "/api/auth/password/reset/request";
-    /** POST /api/auth/password/reset/confirm  body: { resetToken, newPassword } */
     readonly passwordResetConfirm: "/api/auth/password/reset/confirm";
-    /** POST /api/auth/email/verify/request  body: { userId } */
     readonly emailVerifyRequest: "/api/auth/email/verify/request";
-    /** POST /api/auth/email/verify/confirm  body: { verifyToken } */
     readonly emailVerifyConfirm: "/api/auth/email/verify/confirm";
-    /** POST /api/auth/account/lock    body: { sessionId, userId, duration? } */
-    readonly accountLock: "/api/auth/account/lock";
-    /** POST /api/auth/account/unlock  body: { sessionId, userId } */
-    readonly accountUnlock: "/api/auth/account/unlock";
 };
 declare const STORAGE: {
-    /** GET /storage/info  — no auth required */
-    readonly info: "/storage/info";
-    /** GET /storage/public/:fullScopedPath  — no auth required */
-    readonly publicFile: (fullScopedPath: string) => string;
-    /** POST /storage/upload-url  body: { path, mimeType, size, isPublic?, overwrite?, expiresIn? } */
-    readonly uploadUrl: "/storage/upload-url";
-    /** POST /storage/batch-upload-urls  body: { files: [...], expiresIn? } */
-    readonly batchUploadUrls: "/storage/batch-upload-urls";
-    /** POST /storage/confirm  body: { path, mimeType, isPublic? } */
-    readonly confirm: "/storage/confirm";
-    /** POST /storage/batch-confirm  body: { files: [...] } */
-    readonly batchConfirm: "/storage/batch-confirm";
-    /** POST /storage/upload  multipart/form-data: file, path, mimeType, isPublic, overwrite */
+    readonly base: "/storage";
     readonly upload: "/storage/upload";
-    /** POST /storage/upload-raw  body: { path, content, mimeType?, isPublic?, overwrite? } */
-    readonly uploadRaw: "/storage/upload-raw";
-    /** GET /storage/list?prefix=&limit=&cursor= */
+    readonly uploadRaw: "/storage/upload/raw";
+    readonly uploadUrl: "/storage/upload/url";
+    readonly confirm: "/storage/upload/confirm";
+    readonly batchUploadUrls: "/storage/upload/batch/urls";
+    readonly batchConfirm: "/storage/upload/batch/confirm";
+    readonly download: (encodedPath: string) => string;
+    readonly batchDownload: "/storage/download/batch";
     readonly list: "/storage/list";
-    /** GET /storage/download/:path  — requires X-Storage-Key */
-    readonly download: (filePath: string) => string;
-    /** POST /storage/batch-download  body: { paths: [...], concurrency? } */
-    readonly batchDownload: "/storage/batch-download";
-    /** GET /storage/metadata/:path */
-    readonly metadata: (filePath: string) => string;
-    /** POST /storage/signed-url  body: { path, expiresIn? } */
+    readonly metadata: (encodedPath: string) => string;
     readonly signedUrl: "/storage/signed-url";
-    /** PATCH /storage/visibility  body: { path, isPublic } */
     readonly visibility: "/storage/visibility";
-    /** POST /storage/folder  body: { path } */
     readonly folder: "/storage/folder";
-    /** DELETE /storage/file  body: { path } */
     readonly file: "/storage/file";
-    /** DELETE /storage/folder  body: { path } */
-    readonly folderDelete: "/storage/folder";
-    /** POST /storage/move  body: { from, to } */
+    readonly folderDelete: "/storage/folder/delete";
     readonly move: "/storage/move";
-    /** POST /storage/copy  body: { from, to } */
     readonly copy: "/storage/copy";
-    /** GET /storage/stats */
     readonly stats: "/storage/stats";
+    readonly info: "/storage/info";
 };
 declare class HydrousError extends Error {
@@ -1341,4 +1452,4 @@ declare class NetworkError extends HydrousError {
     constructor(message: string, cause?: unknown);
 }
-export { ANALYTICS, AUTH, type Aggregation, AnalyticsClient, AnalyticsError, type AnalyticsFilter, type AnalyticsQuery, type AnalyticsResult, AuthClient, AuthError, type AuthResult, type BatchCreateOptions, type BatchDownloadResult, type BatchUploadItem, type BatchUploadUrlResult, type ChangePasswordOptions, type CountResult, type CreateRecordOptions, type CrossBucketRow, DEFAULT_BASE_URL, type DateRange, type DistributionRow, type FieldStats, type FieldTimeSeriesRow, type FileEntry, type FileMetadata, type Granularity, HttpClient, HydrousClient, type HydrousConfig, HydrousError, type ListOptions, type ListResult, type ListUsersOptions, type ListUsersResult, type LoginOptions, type MetricDefinition, type MultiMetricResult, NetworkError, type PatchRecordOptions, type QueryFilter, type QueryOptions, type QueryResult, type QueryType, RECORDS, type RecordData, RecordError, type RecordHistoryEntry, type RecordResult, RecordsClient, STORAGE, ScopedStorage, type Session, type SignedUrlResult, type SignupOptions, type SortOrder, StorageError, type StorageKeys, StorageManager, type StorageStats, type StorageStatsResult, type SumRow, type TimeSeriesRow, type TopNRow, type UpdateUserOptions, type UploadOptions, type UploadResult, type UploadUrlResult, type UserRecord, ValidationError, createClient };
+export { ANALYTICS, AUTH, type Aggregation, AnalyticsClient, AnalyticsError, type AnalyticsFilter, type AnalyticsQuery, type AnalyticsResult, AuthClient, AuthError, type AuthResult, type BatchCreateOptions, type BatchDownloadResult, type BatchUploadItem, type BatchUploadUrlResult, type ChangePasswordOptions, type CountResult, type CreateRecordOptions, type CrossBucketRow, DEFAULT_BASE_URL, type DateRange, type DistributionRow, type FieldStats, type FieldTimeSeriesRow, type FileEntry, type FileMetadata, type GoogleLinkOptions, type GoogleSignInOptions, type Granularity, HttpClient, HydrousClient, type HydrousConfig, HydrousError, type ListOptions, type ListResult, type ListUsersOptions, type ListUsersResult, type LoginOptions, type MetricDefinition, type MultiMetricResult, NetworkError, type PatchRecordOptions, type QueryFilter, type QueryOptions, type QueryResult, type QueryType, RECORDS, type RecordData, RecordError, type RecordHistoryEntry, type RecordResult, RecordsClient, STORAGE, ScopedStorage, type Session, type SignedUrlResult, type SignupOptions, type SortOrder, StorageError, type StorageKeys, StorageManager, type StorageStats, type StorageStatsResult, type SumRow, type TimeSeriesRow, type TopNRow, type UpdateUserOptions, type UploadOptions, type UploadResult, type UploadUrlResult, type UserRecord, ValidationError, createClient };

package/dist/index.mjs CHANGED Viewed

@@ -177,98 +177,74 @@ var HttpClient = class {
 // src/routes.ts
 var RECORDS = {
-  /** GET|POST|PATCH|DELETE|HEAD /api/:bucketKey */
+  /** Base path for a bucket: GET|POST /api/:bucketKey */
   bucket: (bucketKey) => `/api/${bucketKey}`,
-  /** POST /api/:bucketKey/batch/insert */
+  /** Batch insert: POST /api/:bucketKey/batch/insert */
   batchInsert: (bucketKey) => `/api/${bucketKey}/batch/insert`,
-  /** POST /api/:bucketKey/batch/update */
+  /** Batch update: POST /api/:bucketKey/batch/update */
   batchUpdate: (bucketKey) => `/api/${bucketKey}/batch/update`,
-  /** POST /api/:bucketKey/batch/delete */
+  /** Batch delete: POST /api/:bucketKey/batch/delete */
   batchDelete: (bucketKey) => `/api/${bucketKey}/batch/delete`
 };
 var ANALYTICS = {
-  /** POST /api/analytics/:bucketKey */
+  /** Analytics query: POST /api/analytics/:bucketKey */
   query: (bucketKey) => `/api/analytics/${bucketKey}`
 };
 var AUTH = {
-  /** POST /api/auth/signup   body: { email, password, fullName?, ...extra } */
+  // ── Core ────────────────────────────────────────────────────────────────
   signup: "/api/auth/signup",
-  /** POST /api/auth/signin   body: { email, password } */
   signin: "/api/auth/signin",
-  /** POST /api/auth/signout  body: { sessionId, allDevices? } */
   signout: "/api/auth/signout",
-  /** POST /api/auth/session/validate  body: { sessionId } */
+  // ── Google OAuth ─────────────────────────────────────────────────────────
+  // POST   /api/auth/google        — sign in or create account via Google ID token
+  // POST   /api/auth/google/link   — link Google to an existing email/password account
+  // DELETE /api/auth/google/unlink — remove Google (only if a password is set)
+  googleSignIn: "/api/auth/google",
+  googleLink: "/api/auth/google/link",
+  googleUnlink: "/api/auth/google/unlink",
+  // ── Session ──────────────────────────────────────────────────────────────
   sessionValidate: "/api/auth/session/validate",
-  /** POST /api/auth/session/refresh   body: { refreshToken } */
   sessionRefresh: "/api/auth/session/refresh",
-  /** GET  /api/auth/user?userId=... */
+  // ── User ─────────────────────────────────────────────────────────────────
   getUser: "/api/auth/user",
-  /** GET  /api/auth/users?limit=&cursor= */
-  listUsers: "/api/auth/users",
-  /** PATCH /api/auth/user  body: { sessionId, userId, updates: {...} } */
   updateUser: "/api/auth/user",
-  /** DELETE /api/auth/user?userId=...  body: { sessionId } */
   deleteUser: "/api/auth/user",
-  /** DELETE /api/auth/user/hard?userId=...  body: { sessionId } */
+  // ── Admin ─────────────────────────────────────────────────────────────────
+  listUsers: "/api/auth/users",
   hardDeleteUser: "/api/auth/user/hard",
-  /** DELETE /api/auth/users/bulk  body: { userIds, hard?, sessionId } */
   bulkDeleteUsers: "/api/auth/users/bulk",
-  /** POST /api/auth/password/change  body: { sessionId, userId, oldPassword, newPassword } */
+  // ── Account ───────────────────────────────────────────────────────────────
+  accountLock: "/api/auth/account/lock",
+  accountUnlock: "/api/auth/account/unlock",
+  // ── Password ──────────────────────────────────────────────────────────────
   passwordChange: "/api/auth/password/change",
-  /** POST /api/auth/password/reset/request  body: { email } */
   passwordResetRequest: "/api/auth/password/reset/request",
-  /** POST /api/auth/password/reset/confirm  body: { resetToken, newPassword } */
   passwordResetConfirm: "/api/auth/password/reset/confirm",
-  /** POST /api/auth/email/verify/request  body: { userId } */
+  // ── Email Verification ────────────────────────────────────────────────────
   emailVerifyRequest: "/api/auth/email/verify/request",
-  /** POST /api/auth/email/verify/confirm  body: { verifyToken } */
-  emailVerifyConfirm: "/api/auth/email/verify/confirm",
-  /** POST /api/auth/account/lock    body: { sessionId, userId, duration? } */
-  accountLock: "/api/auth/account/lock",
-  /** POST /api/auth/account/unlock  body: { sessionId, userId } */
-  accountUnlock: "/api/auth/account/unlock"
+  emailVerifyConfirm: "/api/auth/email/verify/confirm"
 };
 var STORAGE = {
-  /** GET /storage/info  — no auth required */
-  info: "/storage/info",
-  /** GET /storage/public/:fullScopedPath  — no auth required */
-  publicFile: (fullScopedPath) => `/storage/public/${fullScopedPath}`,
-  /** POST /storage/upload-url  body: { path, mimeType, size, isPublic?, overwrite?, expiresIn? } */
-  uploadUrl: "/storage/upload-url",
-  /** POST /storage/batch-upload-urls  body: { files: [...], expiresIn? } */
-  batchUploadUrls: "/storage/batch-upload-urls",
-  /** POST /storage/confirm  body: { path, mimeType, isPublic? } */
-  confirm: "/storage/confirm",
-  /** POST /storage/batch-confirm  body: { files: [...] } */
-  batchConfirm: "/storage/batch-confirm",
-  /** POST /storage/upload  multipart/form-data: file, path, mimeType, isPublic, overwrite */
+  base: "/storage",
   upload: "/storage/upload",
-  /** POST /storage/upload-raw  body: { path, content, mimeType?, isPublic?, overwrite? } */
-  uploadRaw: "/storage/upload-raw",
-  /** GET /storage/list?prefix=&limit=&cursor= */
+  uploadRaw: "/storage/upload/raw",
+  uploadUrl: "/storage/upload/url",
+  confirm: "/storage/upload/confirm",
+  batchUploadUrls: "/storage/upload/batch/urls",
+  batchConfirm: "/storage/upload/batch/confirm",
+  download: (encodedPath) => `/storage/download/${encodedPath}`,
+  batchDownload: "/storage/download/batch",
   list: "/storage/list",
-  /** GET /storage/download/:path  — requires X-Storage-Key */
-  download: (filePath) => `/storage/download/${filePath}`,
-  /** POST /storage/batch-download  body: { paths: [...], concurrency? } */
-  batchDownload: "/storage/batch-download",
-  /** GET /storage/metadata/:path */
-  metadata: (filePath) => `/storage/metadata/${filePath}`,
-  /** POST /storage/signed-url  body: { path, expiresIn? } */
+  metadata: (encodedPath) => `/storage/metadata/${encodedPath}`,
   signedUrl: "/storage/signed-url",
-  /** PATCH /storage/visibility  body: { path, isPublic } */
   visibility: "/storage/visibility",
-  /** POST /storage/folder  body: { path } */
   folder: "/storage/folder",
-  /** DELETE /storage/file  body: { path } */
   file: "/storage/file",
-  /** DELETE /storage/folder  body: { path } */
-  folderDelete: "/storage/folder",
-  /** POST /storage/move  body: { from, to } */
+  folderDelete: "/storage/folder/delete",
   move: "/storage/move",
-  /** POST /storage/copy  body: { from, to } */
   copy: "/storage/copy",
-  /** GET /storage/stats */
-  stats: "/storage/stats"
+  stats: "/storage/stats",
+  info: "/storage/info"
 };
 // src/auth/client.ts
@@ -296,8 +272,7 @@ var AuthClient = class {
    */
   async signup(options) {
     const result = await this.post(AUTH.signup, options);
-    const user = result.data;
-    return this._buildAuthResult(user, result.session);
+    return this._buildAuthResult(result.data, result.session, result.isNew);
   }
   /**
    * Sign in with email + password.
@@ -307,8 +282,7 @@ var AuthClient = class {
    */
   async login(options) {
     const result = await this.post(AUTH.signin, options);
-    const user = result.data;
-    return this._buildAuthResult(user, result.session);
+    return this._buildAuthResult(result.data, result.session, result.isNew);
   }
   /**
    * Sign out — revoke a session (or all sessions with `allDevices: true`).
@@ -319,6 +293,111 @@ var AuthClient = class {
   async logout(options) {
     await this.post(AUTH.signout, options);
   }
+  // ─── Google Sign-In ───────────────────────────────────────────────────────
+  /**
+   * Sign in or create an account using a Google ID token.
+   *
+   * Pass the `idToken` from the Google Sign-In SDK. Your server verifies the
+   * token against Google's public keys, then either creates a new account or
+   * signs in the returning user. No password is ever set or required.
+   *
+   * The returned `AuthResult` is identical in shape to `login()` and `signup()`.
+   * Sessions from Google sign-in work with `validateSession`, `refreshSession`,
+   * and `logout` — nothing changes after the initial sign-in.
+   *
+   * Use `isNew` to drive onboarding flows.
+   *
+   * @example
+   * ```ts
+   * // Web — Google Identity Services
+   * google.accounts.id.initialize({
+   *   client_id: 'YOUR_GOOGLE_CLIENT_ID',
+   *   callback: async ({ credential }) => {
+   *     const { user, session, isNew } = await db.auth().continueWithGoogle({
+   *       idToken: credential,
+   *     });
+   *     if (isNew) router.push('/onboarding');
+   *     else       router.push('/dashboard');
+   *   },
+   * });
+   *
+   * // React Native
+   * const { idToken } = await GoogleSignin.signIn();
+   * const { user, session, isNew } = await db.auth().continueWithGoogle({ idToken });
+   * ```
+   *
+   * Server: POST /api/auth/google
+   * Body: { idToken }
+   */
+  async continueWithGoogle(options) {
+    if (!options.idToken || typeof options.idToken !== "string") {
+      throw new Error("[HydrousDB] continueWithGoogle: idToken is required and must be a string.");
+    }
+    const result = await this.post(AUTH.googleSignIn, {
+      idToken: options.idToken
+    });
+    return this._buildAuthResult(result.data, result.session, result.isNew);
+  }
+  /**
+   * Link a Google account to the currently signed-in user.
+   *
+   * After linking, the user can sign in with either their email + password
+   * or with Google — both produce valid sessions.
+   *
+   * The server is idempotent — calling this when Google is already linked
+   * returns the updated user without creating duplicate entries.
+   *
+   * @example
+   * ```ts
+   * // User is signed in with email. They click "Connect Google" in settings.
+   * const { idToken } = await GoogleSignin.signIn();
+   * const updatedUser = await db.auth().linkGoogle({
+   *   sessionId: currentSession.sessionId,
+   *   idToken,
+   * });
+   * ```
+   *
+   * Server: POST /api/auth/google/link
+   * Body: { sessionId, idToken }
+   */
+  async linkGoogle(options) {
+    if (!options.sessionId) {
+      throw new Error("[HydrousDB] linkGoogle: sessionId is required.");
+    }
+    if (!options.idToken || typeof options.idToken !== "string") {
+      throw new Error("[HydrousDB] linkGoogle: idToken is required and must be a string.");
+    }
+    const result = await this.post(AUTH.googleLink, {
+      sessionId: options.sessionId,
+      idToken: options.idToken
+    });
+    return result.data;
+  }
+  /**
+   * Unlink Google from the currently signed-in user's account.
+   *
+   * Only succeeds if the user has a password set — you cannot remove the only
+   * sign-in method. If the account was created via Google and has no password,
+   * call `changePassword` first.
+   *
+   * @example
+   * ```ts
+   * await db.auth().unlinkGoogle({ sessionId: currentSession.sessionId });
+   * ```
+   *
+   * Server: DELETE /api/auth/google/unlink
+   * Body: { sessionId }
+   */
+  async unlinkGoogle(options) {
+    if (!options.sessionId) {
+      throw new Error("[HydrousDB] unlinkGoogle: sessionId is required.");
+    }
+    await this.http.request(AUTH.googleUnlink, {
+      method: "DELETE",
+      body: { sessionId: options.sessionId },
+      headers: { "X-Api-Key": this.authKey }
+    });
+  }
   // ─── Session Management ───────────────────────────────────────────────────
   /**
    * Validate an existing session and retrieve the current user.
@@ -533,7 +612,7 @@ var AuthClient = class {
     await this.post(AUTH.emailVerifyConfirm, { verifyToken });
   }
   // ─── Private helpers ──────────────────────────────────────────────────────
-  _buildAuthResult(user, session) {
+  _buildAuthResult(user, session, isNew) {
     return {
       user,
       session: {
@@ -544,7 +623,8 @@ var AuthClient = class {
         expiresAt: session.expiresAt,
         refreshToken: session.refreshToken,
         refreshExpiresAt: session.expiresAt
-      }
+      },
+      isNew: isNew ?? false
     };
   }
 };
@@ -554,16 +634,21 @@ function buildQueryParams(options = {}) {
   const params = new URLSearchParams();
   if (options.limit !== void 0) params.set("limit", String(options.limit));
   if (options.offset !== void 0) params.set("offset", String(options.offset));
-  if (options.orderBy !== void 0) params.set("sortBy", options.orderBy);
   if (options.order !== void 0) params.set("sortOrder", options.order);
   if (options.fields !== void 0) params.set("fields", options.fields);
+  if (options.orderBy !== void 0) params.set("sortBy", options.orderBy);
+  if (options.sortBy !== void 0) params.set("sortBy", options.sortBy);
   if (options.startAfter !== void 0) params.set("cursor", options.startAfter);
   if (options.startAt !== void 0) params.set("cursor", options.startAt);
+  if (options.endAt !== void 0) params.set("endAt", options.endAt);
   if (options.timeScope !== void 0) params.set("timeScope", options.timeScope);
-  if (options.dateRange?.start !== void 0)
+  if (options.startDate !== void 0) params.set("startDate", options.startDate);
+  if (options.endDate !== void 0) params.set("endDate", options.endDate);
+  if (options.dateRange?.start !== void 0 && options.startDate === void 0)
     params.set("startDate", new Date(options.dateRange.start).toISOString().split("T")[0]);
-  if (options.dateRange?.end !== void 0)
+  if (options.dateRange?.end !== void 0 && options.endDate === void 0)
     params.set("endDate", new Date(options.dateRange.end).toISOString().split("T")[0]);
+  if (options.year !== void 0) params.set("year", options.year);
   if (options.filters && options.filters.length > 0) {
     for (const f of options.filters) {
       const key = f.op === "==" ? f.field : `${f.field}[${f.op}]`;