intlayer-editor 7.3.12 → 7.3.13

package/client/dist/assets/{index-OEPa9TO7.js → index-ZwO-oPRC.js}

@@ -25116,19 +25116,19 @@ function createRenderBatcher(scheduleNextBatch, allowKeepAlive) {
   return { schedule, cancel, state, steps };
 }
 const { schedule: frame, cancel: cancelFrame, state: frameData, steps: frameSteps } = /* @__PURE__ */ createRenderBatcher(typeof requestAnimationFrame !== "undefined" ? requestAnimationFrame : noop$2, true);
-let now;
+let now$2;
 function clearTime() {
-  now = void 0;
+  now$2 = void 0;
 }
 const time$2 = {
   now: () => {
-    if (now === void 0) {
+    if (now$2 === void 0) {
       time$2.set(frameData.isProcessing || MotionGlobalConfig.useManualTiming ? frameData.timestamp : performance.now());
     }
-    return now;
+    return now$2;
   },
   set: (newTime) => {
-    now = newTime;
+    now$2 = newTime;
     queueMicrotask(clearTime);
   }
 };
@@ -37898,609 +37898,433 @@ const useOAuth2 = (intlayerConfiguration) => {
   });
   return { oAuth2AccessToken: data?.data };
 };
-var __defProp = Object.defineProperty;
-var __defProps = Object.defineProperties;
-var __getOwnPropDescs = Object.getOwnPropertyDescriptors;
-var __getOwnPropSymbols = Object.getOwnPropertySymbols;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __propIsEnum = Object.prototype.propertyIsEnumerable;
-var __defNormalProp = (obj, key2, value) => key2 in obj ? __defProp(obj, key2, { enumerable: true, configurable: true, writable: true, value }) : obj[key2] = value;
-var __spreadValues = (a2, b) => {
-  for (var prop in b || (b = {}))
-    if (__hasOwnProp.call(b, prop))
-      __defNormalProp(a2, prop, b[prop]);
-  if (__getOwnPropSymbols)
-    for (var prop of __getOwnPropSymbols(b)) {
-      if (__propIsEnum.call(b, prop))
-        __defNormalProp(a2, prop, b[prop]);
-    }
-  return a2;
-};
-var __spreadProps = (a2, b) => __defProps(a2, __getOwnPropDescs(b));
-var BetterFetchError = class extends Error {
-  constructor(status, statusText, error) {
-    super(statusText || status.toString(), {
-      cause: error
-    });
-    this.status = status;
-    this.statusText = statusText;
-    this.error = error;
-  }
-};
-var initializePlugins = async (url, options) => {
-  var _a2, _b, _c, _d, _e2, _f;
-  let opts = options || {};
-  const hooks = {
-    onRequest: [options == null ? void 0 : options.onRequest],
-    onResponse: [options == null ? void 0 : options.onResponse],
-    onSuccess: [options == null ? void 0 : options.onSuccess],
-    onError: [options == null ? void 0 : options.onError],
-    onRetry: [options == null ? void 0 : options.onRetry]
-  };
-  if (!options || !(options == null ? void 0 : options.plugins)) {
-    return {
-      url,
-      options: opts,
-      hooks
-    };
-  }
-  for (const plugin of (options == null ? void 0 : options.plugins) || []) {
-    if (plugin.init) {
-      const pluginRes = await ((_a2 = plugin.init) == null ? void 0 : _a2.call(plugin, url.toString(), options));
-      opts = pluginRes.options || opts;
-      url = pluginRes.url;
-    }
-    hooks.onRequest.push((_b = plugin.hooks) == null ? void 0 : _b.onRequest);
-    hooks.onResponse.push((_c = plugin.hooks) == null ? void 0 : _c.onResponse);
-    hooks.onSuccess.push((_d = plugin.hooks) == null ? void 0 : _d.onSuccess);
-    hooks.onError.push((_e2 = plugin.hooks) == null ? void 0 : _e2.onError);
-    hooks.onRetry.push((_f = plugin.hooks) == null ? void 0 : _f.onRetry);
-  }
-  return {
-    url,
-    options: opts,
-    hooks
-  };
-};
-var LinearRetryStrategy = class {
-  constructor(options) {
-    this.options = options;
-  }
-  shouldAttemptRetry(attempt, response) {
-    if (this.options.shouldRetry) {
-      return Promise.resolve(
-        attempt < this.options.attempts && this.options.shouldRetry(response)
-      );
-    }
-    return Promise.resolve(attempt < this.options.attempts);
-  }
-  getDelay() {
-    return this.options.delay;
-  }
-};
-var ExponentialRetryStrategy = class {
-  constructor(options) {
-    this.options = options;
-  }
-  shouldAttemptRetry(attempt, response) {
-    if (this.options.shouldRetry) {
-      return Promise.resolve(
-        attempt < this.options.attempts && this.options.shouldRetry(response)
-      );
-    }
-    return Promise.resolve(attempt < this.options.attempts);
-  }
-  getDelay(attempt) {
-    const delay2 = Math.min(
-      this.options.maxDelay,
-      this.options.baseDelay * 2 ** attempt
-    );
-    return delay2;
-  }
-};
-function createRetryStrategy(options) {
-  if (typeof options === "number") {
-    return new LinearRetryStrategy({
-      type: "linear",
-      attempts: options,
-      delay: 1e3
-    });
-  }
-  switch (options.type) {
-    case "linear":
-      return new LinearRetryStrategy(options);
-    case "exponential":
-      return new ExponentialRetryStrategy(options);
-    default:
-      throw new Error("Invalid retry strategy");
-  }
-}
-var getAuthHeader = async (options) => {
-  const headers = {};
-  const getValue = async (value) => typeof value === "function" ? await value() : value;
-  if (options == null ? void 0 : options.auth) {
-    if (options.auth.type === "Bearer") {
-      const token = await getValue(options.auth.token);
-      if (!token) {
-        return headers;
-      }
-      headers["authorization"] = `Bearer ${token}`;
-    } else if (options.auth.type === "Basic") {
-      const username = getValue(options.auth.username);
-      const password = getValue(options.auth.password);
-      if (!username || !password) {
-        return headers;
-      }
-      headers["authorization"] = `Basic ${btoa(`${username}:${password}`)}`;
-    } else if (options.auth.type === "Custom") {
-      const value = getValue(options.auth.value);
-      if (!value) {
-        return headers;
-      }
-      headers["authorization"] = `${getValue(options.auth.prefix)} ${value}`;
-    }
-  }
-  return headers;
-};
-var JSON_RE = /^application\/(?:[\w!#$%&*.^`~-]*\+)?json(;.+)?$/i;
-function detectResponseType(request) {
-  const _contentType = request.headers.get("content-type");
-  const textTypes = /* @__PURE__ */ new Set([
-    "image/svg",
-    "application/xml",
-    "application/xhtml",
-    "application/html"
-  ]);
-  if (!_contentType) {
-    return "json";
-  }
-  const contentType = _contentType.split(";").shift() || "";
-  if (JSON_RE.test(contentType)) {
-    return "json";
-  }
-  if (textTypes.has(contentType) || contentType.startsWith("text/")) {
-    return "text";
+function bufferToBase64URLString(buffer) {
+  const bytes = new Uint8Array(buffer);
+  let str = "";
+  for (const charCode of bytes) {
+    str += String.fromCharCode(charCode);
   }
-  return "blob";
+  const base64String = btoa(str);
+  return base64String.replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
 }
-function isJSONParsable(value) {
-  try {
-    JSON.parse(value);
-    return true;
-  } catch (error) {
-    return false;
+function base64URLStringToBuffer(base64URLString) {
+  const base642 = base64URLString.replace(/-/g, "+").replace(/_/g, "/");
+  const padLength = (4 - base642.length % 4) % 4;
+  const padded = base642.padEnd(base642.length + padLength, "=");
+  const binary = atob(padded);
+  const buffer = new ArrayBuffer(binary.length);
+  const bytes = new Uint8Array(buffer);
+  for (let i2 = 0; i2 < binary.length; i2++) {
+    bytes[i2] = binary.charCodeAt(i2);
   }
+  return buffer;
 }
-function isJSONSerializable(value) {
-  if (value === void 0) {
-    return false;
-  }
-  const t2 = typeof value;
-  if (t2 === "string" || t2 === "number" || t2 === "boolean" || t2 === null) {
-    return true;
-  }
-  if (t2 !== "object") {
-    return false;
-  }
-  if (Array.isArray(value)) {
-    return true;
-  }
-  if (value.buffer) {
-    return false;
-  }
-  return value.constructor && value.constructor.name === "Object" || typeof value.toJSON === "function";
+function browserSupportsWebAuthn() {
+  return _browserSupportsWebAuthnInternals.stubThis(globalThis?.PublicKeyCredential !== void 0 && typeof globalThis.PublicKeyCredential === "function");
 }
-function jsonParse(text) {
-  try {
-    return JSON.parse(text);
-  } catch (error) {
-    return text;
-  }
+const _browserSupportsWebAuthnInternals = {
+  stubThis: (value) => value
+};
+function toPublicKeyCredentialDescriptor(descriptor) {
+  const { id: id2 } = descriptor;
+  return {
+    ...descriptor,
+    id: base64URLStringToBuffer(id2),
+    /**
+     * `descriptor.transports` is an array of our `AuthenticatorTransportFuture` that includes newer
+     * transports that TypeScript's DOM lib is ignorant of. Convince TS that our list of transports
+     * are fine to pass to WebAuthn since browsers will recognize the new value.
+     */
+    transports: descriptor.transports
+  };
 }
-function isFunction$1(value) {
-  return typeof value === "function";
+function isValidDomain(hostname) {
+  return (
+    // Consider localhost valid as well since it's okay wrt Secure Contexts
+    hostname === "localhost" || /^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(hostname)
+  );
 }
-function getFetch(options) {
-  if (options == null ? void 0 : options.customFetchImpl) {
-    return options.customFetchImpl;
-  }
-  if (typeof globalThis !== "undefined" && isFunction$1(globalThis.fetch)) {
-    return globalThis.fetch;
-  }
-  if (typeof window !== "undefined" && isFunction$1(window.fetch)) {
-    return window.fetch;
+class WebAuthnError extends Error {
+  constructor({ message, code, cause, name }) {
+    super(message, { cause });
+    Object.defineProperty(this, "code", {
+      enumerable: true,
+      configurable: true,
+      writable: true,
+      value: void 0
+    });
+    this.name = name ?? cause.name;
+    this.code = code;
   }
-  throw new Error("No fetch implementation found");
 }
-async function getHeaders(opts) {
-  const headers = new Headers(opts == null ? void 0 : opts.headers);
-  const authHeader = await getAuthHeader(opts);
-  for (const [key2, value] of Object.entries(authHeader || {})) {
-    headers.set(key2, value);
+function identifyRegistrationError({ error, options }) {
+  const { publicKey } = options;
+  if (!publicKey) {
+    throw Error("options was missing required publicKey property");
   }
-  if (!headers.has("content-type")) {
-    const t2 = detectContentType(opts == null ? void 0 : opts.body);
-    if (t2) {
-      headers.set("content-type", t2);
+  if (error.name === "AbortError") {
+    if (options.signal instanceof AbortSignal) {
+      return new WebAuthnError({
+        message: "Registration ceremony was sent an abort signal",
+        code: "ERROR_CEREMONY_ABORTED",
+        cause: error
+      });
     }
-  }
-  return headers;
-}
-function detectContentType(body) {
-  if (isJSONSerializable(body)) {
-    return "application/json";
-  }
-  return null;
-}
-function getBody(options) {
-  if (!(options == null ? void 0 : options.body)) {
-    return null;
-  }
-  const headers = new Headers(options == null ? void 0 : options.headers);
-  if (isJSONSerializable(options.body) && !headers.has("content-type")) {
-    for (const [key2, value] of Object.entries(options == null ? void 0 : options.body)) {
-      if (value instanceof Date) {
-        options.body[key2] = value.toISOString();
-      }
+  } else if (error.name === "ConstraintError") {
+    if (publicKey.authenticatorSelection?.requireResidentKey === true) {
+      return new WebAuthnError({
+        message: "Discoverable credentials were required but no available authenticator supported it",
+        code: "ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",
+        cause: error
+      });
+    } else if (
+      // @ts-ignore: `mediation` doesn't yet exist on CredentialCreationOptions but it's possible as of Sept 2024
+      options.mediation === "conditional" && publicKey.authenticatorSelection?.userVerification === "required"
+    ) {
+      return new WebAuthnError({
+        message: "User verification was required during automatic registration but it could not be performed",
+        code: "ERROR_AUTO_REGISTER_USER_VERIFICATION_FAILURE",
+        cause: error
+      });
+    } else if (publicKey.authenticatorSelection?.userVerification === "required") {
+      return new WebAuthnError({
+        message: "User verification was required but no available authenticator supported it",
+        code: "ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",
+        cause: error
+      });
     }
-    return JSON.stringify(options.body);
+  } else if (error.name === "InvalidStateError") {
+    return new WebAuthnError({
+      message: "The authenticator was previously registered",
+      code: "ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",
+      cause: error
+    });
+  } else if (error.name === "NotAllowedError") {
+    return new WebAuthnError({
+      message: error.message,
+      code: "ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",
+      cause: error
+    });
+  } else if (error.name === "NotSupportedError") {
+    const validPubKeyCredParams = publicKey.pubKeyCredParams.filter((param) => param.type === "public-key");
+    if (validPubKeyCredParams.length === 0) {
+      return new WebAuthnError({
+        message: 'No entry in pubKeyCredParams was of type "public-key"',
+        code: "ERROR_MALFORMED_PUBKEYCREDPARAMS",
+        cause: error
+      });
+    }
+    return new WebAuthnError({
+      message: "No available authenticator supported any of the specified pubKeyCredParams algorithms",
+      code: "ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",
+      cause: error
+    });
+  } else if (error.name === "SecurityError") {
+    const effectiveDomain = globalThis.location.hostname;
+    if (!isValidDomain(effectiveDomain)) {
+      return new WebAuthnError({
+        message: `${globalThis.location.hostname} is an invalid domain`,
+        code: "ERROR_INVALID_DOMAIN",
+        cause: error
+      });
+    } else if (publicKey.rp.id !== effectiveDomain) {
+      return new WebAuthnError({
+        message: `The RP ID "${publicKey.rp.id}" is invalid for this domain`,
+        code: "ERROR_INVALID_RP_ID",
+        cause: error
+      });
+    }
+  } else if (error.name === "TypeError") {
+    if (publicKey.user.id.byteLength < 1 || publicKey.user.id.byteLength > 64) {
+      return new WebAuthnError({
+        message: "User ID was not between 1 and 64 characters",
+        code: "ERROR_INVALID_USER_ID_LENGTH",
+        cause: error
+      });
+    }
+  } else if (error.name === "UnknownError") {
+    return new WebAuthnError({
+      message: "The authenticator was unable to process the specified options, or could not create a new credential",
+      code: "ERROR_AUTHENTICATOR_GENERAL_ERROR",
+      cause: error
+    });
   }
-  return options.body;
+  return error;
 }
-function getMethod$1(url, options) {
-  var _a2;
-  if (options == null ? void 0 : options.method) {
-    return options.method.toUpperCase();
+class BaseWebAuthnAbortService {
+  constructor() {
+    Object.defineProperty(this, "controller", {
+      enumerable: true,
+      configurable: true,
+      writable: true,
+      value: void 0
+    });
   }
-  if (url.startsWith("@")) {
-    const pMethod = (_a2 = url.split("@")[1]) == null ? void 0 : _a2.split("/")[0];
-    if (!methods.includes(pMethod)) {
-      return (options == null ? void 0 : options.body) ? "POST" : "GET";
+  createNewAbortSignal() {
+    if (this.controller) {
+      const abortError = new Error("Cancelling existing WebAuthn API call for new one");
+      abortError.name = "AbortError";
+      this.controller.abort(abortError);
     }
-    return pMethod.toUpperCase();
-  }
-  return (options == null ? void 0 : options.body) ? "POST" : "GET";
-}
-function getTimeout(options, controller) {
-  let abortTimeout;
-  if (!(options == null ? void 0 : options.signal) && (options == null ? void 0 : options.timeout)) {
-    abortTimeout = setTimeout(() => controller == null ? void 0 : controller.abort(), options == null ? void 0 : options.timeout);
+    const newController = new AbortController();
+    this.controller = newController;
+    return newController.signal;
   }
-  return {
-    abortTimeout,
-    clearTimeout: () => {
-      if (abortTimeout) {
-        clearTimeout(abortTimeout);
-      }
+  cancelCeremony() {
+    if (this.controller) {
+      const abortError = new Error("Manually cancelling existing WebAuthn API call");
+      abortError.name = "AbortError";
+      this.controller.abort(abortError);
+      this.controller = void 0;
     }
-  };
+  }
 }
-var ValidationError = class _ValidationError extends Error {
-  constructor(issues, message) {
-    super(message || JSON.stringify(issues, null, 2));
-    this.issues = issues;
-    Object.setPrototypeOf(this, _ValidationError.prototype);
+const WebAuthnAbortService = new BaseWebAuthnAbortService();
+const attachments = ["cross-platform", "platform"];
+function toAuthenticatorAttachment(attachment) {
+  if (!attachment) {
+    return;
   }
-};
-async function parseStandardSchema(schema, input) {
-  let result = await schema["~standard"].validate(input);
-  if (result.issues) {
-    throw new ValidationError(result.issues);
+  if (attachments.indexOf(attachment) < 0) {
+    return;
   }
-  return result.value;
+  return attachment;
 }
-var methods = ["get", "post", "put", "patch", "delete"];
-var applySchemaPlugin = (config2) => ({
-  id: "apply-schema",
-  name: "Apply Schema",
-  version: "1.0.0",
-  async init(url, options) {
-    var _a2, _b, _c, _d;
-    const schema = ((_b = (_a2 = config2.plugins) == null ? void 0 : _a2.find(
-      (plugin) => {
-        var _a22;
-        return ((_a22 = plugin.schema) == null ? void 0 : _a22.config) ? url.startsWith(plugin.schema.config.baseURL || "") || url.startsWith(plugin.schema.config.prefix || "") : false;
-      }
-    )) == null ? void 0 : _b.schema) || config2.schema;
-    if (schema) {
-      let urlKey = url;
-      if ((_c = schema.config) == null ? void 0 : _c.prefix) {
-        if (urlKey.startsWith(schema.config.prefix)) {
-          urlKey = urlKey.replace(schema.config.prefix, "");
-          if (schema.config.baseURL) {
-            url = url.replace(schema.config.prefix, schema.config.baseURL);
-          }
-        }
-      }
-      if ((_d = schema.config) == null ? void 0 : _d.baseURL) {
-        if (urlKey.startsWith(schema.config.baseURL)) {
-          urlKey = urlKey.replace(schema.config.baseURL, "");
-        }
-      }
-      const keySchema = schema.schema[urlKey];
-      if (keySchema) {
-        let opts = __spreadProps(__spreadValues({}, options), {
-          method: keySchema.method,
-          output: keySchema.output
-        });
-        if (!(options == null ? void 0 : options.disableValidation)) {
-          opts = __spreadProps(__spreadValues({}, opts), {
-            body: keySchema.input ? await parseStandardSchema(keySchema.input, options == null ? void 0 : options.body) : options == null ? void 0 : options.body,
-            params: keySchema.params ? await parseStandardSchema(keySchema.params, options == null ? void 0 : options.params) : options == null ? void 0 : options.params,
-            query: keySchema.query ? await parseStandardSchema(keySchema.query, options == null ? void 0 : options.query) : options == null ? void 0 : options.query
-          });
-        }
-        return {
-          url,
-          options: opts
-        };
-      }
-    }
-    return {
-      url,
-      options
-    };
+async function startRegistration(options) {
+  if (!options.optionsJSON && options.challenge) {
+    console.warn("startRegistration() was not called correctly. It will try to continue with the provided options, but this call should be refactored to use the expected call structure instead. See https://simplewebauthn.dev/docs/packages/browser#typeerror-cannot-read-properties-of-undefined-reading-challenge for more information.");
+    options = { optionsJSON: options };
   }
-});
-var createFetch = (config2) => {
-  async function $fetch(url, options) {
-    const opts = __spreadProps(__spreadValues(__spreadValues({}, config2), options), {
-      plugins: [...(config2 == null ? void 0 : config2.plugins) || [], applySchemaPlugin(config2 || {})]
-    });
-    if (config2 == null ? void 0 : config2.catchAllError) {
-      try {
-        return await betterFetch(url, opts);
-      } catch (error) {
-        return {
-          data: null,
-          error: {
-            status: 500,
-            statusText: "Fetch Error",
-            message: "Fetch related error. Captured by catchAllError option. See error property for more details.",
-            error
-          }
-        };
-      }
-    }
-    return await betterFetch(url, opts);
+  const { optionsJSON, useAutoRegister = false } = options;
+  if (!browserSupportsWebAuthn()) {
+    throw new Error("WebAuthn is not supported in this browser");
   }
-  return $fetch;
-};
-function getURL2(url, option) {
-  let { baseURL, params, query } = option || {
-    query: {},
-    params: {},
-    baseURL: ""
+  const publicKey = {
+    ...optionsJSON,
+    challenge: base64URLStringToBuffer(optionsJSON.challenge),
+    user: {
+      ...optionsJSON.user,
+      id: base64URLStringToBuffer(optionsJSON.user.id)
+    },
+    excludeCredentials: optionsJSON.excludeCredentials?.map(toPublicKeyCredentialDescriptor)
   };
-  let basePath = url.startsWith("http") ? url.split("/").slice(0, 3).join("/") : baseURL || "";
-  if (url.startsWith("@")) {
-    const m2 = url.toString().split("@")[1].split("/")[0];
-    if (methods.includes(m2)) {
-      url = url.replace(`@${m2}/`, "/");
-    }
+  const createOptions = {};
+  if (useAutoRegister) {
+    createOptions.mediation = "conditional";
   }
-  if (!basePath.endsWith("/")) basePath += "/";
-  let [path, urlQuery] = url.replace(basePath, "").split("?");
-  const queryParams = new URLSearchParams(urlQuery);
-  for (const [key2, value] of Object.entries(query || {})) {
-    if (value == null) continue;
-    queryParams.set(key2, String(value));
+  createOptions.publicKey = publicKey;
+  createOptions.signal = WebAuthnAbortService.createNewAbortSignal();
+  let credential;
+  try {
+    credential = await navigator.credentials.create(createOptions);
+  } catch (err) {
+    throw identifyRegistrationError({ error: err, options: createOptions });
   }
-  if (params) {
-    if (Array.isArray(params)) {
-      const paramPaths = path.split("/").filter((p2) => p2.startsWith(":"));
-      for (const [index2, key2] of paramPaths.entries()) {
-        const value = params[index2];
-        path = path.replace(key2, value);
-      }
-    } else {
-      for (const [key2, value] of Object.entries(params)) {
-        path = path.replace(`:${key2}`, String(value));
-      }
-    }
+  if (!credential) {
+    throw new Error("Registration was not completed");
   }
-  path = path.split("/").map(encodeURIComponent).join("/");
-  if (path.startsWith("/")) path = path.slice(1);
-  let queryParamString = queryParams.toString();
-  queryParamString = queryParamString.length > 0 ? `?${queryParamString}`.replace(/\+/g, "%20") : "";
-  if (!basePath.startsWith("http")) {
-    return `${basePath}${path}${queryParamString}`;
+  const { id: id2, rawId, response, type } = credential;
+  let transports = void 0;
+  if (typeof response.getTransports === "function") {
+    transports = response.getTransports();
   }
-  const _url2 = new URL(`${path}${queryParamString}`, basePath);
-  return _url2;
-}
-var betterFetch = async (url, options) => {
-  var _a2, _b, _c, _d, _e2, _f, _g, _h;
-  const {
-    hooks,
-    url: __url,
-    options: opts
-  } = await initializePlugins(url, options);
-  const fetch2 = getFetch(opts);
-  const controller = new AbortController();
-  const signal = (_a2 = opts.signal) != null ? _a2 : controller.signal;
-  const _url2 = getURL2(__url, opts);
-  const body = getBody(opts);
-  const headers = await getHeaders(opts);
-  const method = getMethod$1(__url, opts);
-  let context = __spreadProps(__spreadValues({}, opts), {
-    url: _url2,
-    headers,
-    body,
-    method,
-    signal
-  });
-  for (const onRequest of hooks.onRequest) {
-    if (onRequest) {
-      const res = await onRequest(context);
-      if (res instanceof Object) {
-        context = res;
+  let responsePublicKeyAlgorithm = void 0;
+  if (typeof response.getPublicKeyAlgorithm === "function") {
+    try {
+      responsePublicKeyAlgorithm = response.getPublicKeyAlgorithm();
+    } catch (error) {
+      warnOnBrokenImplementation("getPublicKeyAlgorithm()", error);
+    }
+  }
+  let responsePublicKey = void 0;
+  if (typeof response.getPublicKey === "function") {
+    try {
+      const _publicKey = response.getPublicKey();
+      if (_publicKey !== null) {
+        responsePublicKey = bufferToBase64URLString(_publicKey);
       }
+    } catch (error) {
+      warnOnBrokenImplementation("getPublicKey()", error);
     }
   }
-  if ("pipeTo" in context && typeof context.pipeTo === "function" || typeof ((_b = options == null ? void 0 : options.body) == null ? void 0 : _b.pipe) === "function") {
-    if (!("duplex" in context)) {
-      context.duplex = "half";
+  let responseAuthenticatorData;
+  if (typeof response.getAuthenticatorData === "function") {
+    try {
+      responseAuthenticatorData = bufferToBase64URLString(response.getAuthenticatorData());
+    } catch (error) {
+      warnOnBrokenImplementation("getAuthenticatorData()", error);
     }
   }
-  const { clearTimeout: clearTimeout2 } = getTimeout(opts, controller);
-  let response = await fetch2(context.url, context);
-  clearTimeout2();
-  const responseContext = {
-    response,
-    request: context
+  return {
+    id: id2,
+    rawId: bufferToBase64URLString(rawId),
+    response: {
+      attestationObject: bufferToBase64URLString(response.attestationObject),
+      clientDataJSON: bufferToBase64URLString(response.clientDataJSON),
+      transports,
+      publicKeyAlgorithm: responsePublicKeyAlgorithm,
+      publicKey: responsePublicKey,
+      authenticatorData: responseAuthenticatorData
+    },
+    type,
+    clientExtensionResults: credential.getClientExtensionResults(),
+    authenticatorAttachment: toAuthenticatorAttachment(credential.authenticatorAttachment)
   };
-  for (const onResponse of hooks.onResponse) {
-    if (onResponse) {
-      const r2 = await onResponse(__spreadProps(__spreadValues({}, responseContext), {
-        response: ((_c = options == null ? void 0 : options.hookOptions) == null ? void 0 : _c.cloneResponse) ? response.clone() : response
-      }));
-      if (r2 instanceof Response) {
-        response = r2;
-      } else if (r2 instanceof Object) {
-        response = r2.response;
-      }
-    }
+}
+function warnOnBrokenImplementation(methodName, cause) {
+  console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${methodName}. You should report this error to them.
+`, cause);
+}
+function browserSupportsWebAuthnAutofill() {
+  if (!browserSupportsWebAuthn()) {
+    return _browserSupportsWebAuthnAutofillInternals.stubThis(new Promise((resolve) => resolve(false)));
   }
-  if (response.ok) {
-    const hasBody = context.method !== "HEAD";
-    if (!hasBody) {
-      return {
-        data: "",
-        error: null
-      };
-    }
-    const responseType = detectResponseType(response);
-    const successContext = {
-      data: "",
-      response,
-      request: context
-    };
-    if (responseType === "json" || responseType === "text") {
-      const text = await response.text();
-      const parser2 = (_d = context.jsonParser) != null ? _d : jsonParse;
-      const data = await parser2(text);
-      successContext.data = data;
-    } else {
-      successContext.data = await response[responseType]();
-    }
-    if (context == null ? void 0 : context.output) {
-      if (context.output && !context.disableValidation) {
-        successContext.data = await parseStandardSchema(
-          context.output,
-          successContext.data
-        );
-      }
-    }
-    for (const onSuccess of hooks.onSuccess) {
-      if (onSuccess) {
-        await onSuccess(__spreadProps(__spreadValues({}, successContext), {
-          response: ((_e2 = options == null ? void 0 : options.hookOptions) == null ? void 0 : _e2.cloneResponse) ? response.clone() : response
-        }));
-      }
+  const globalPublicKeyCredential = globalThis.PublicKeyCredential;
+  if (globalPublicKeyCredential?.isConditionalMediationAvailable === void 0) {
+    return _browserSupportsWebAuthnAutofillInternals.stubThis(new Promise((resolve) => resolve(false)));
+  }
+  return _browserSupportsWebAuthnAutofillInternals.stubThis(globalPublicKeyCredential.isConditionalMediationAvailable());
+}
+const _browserSupportsWebAuthnAutofillInternals = {
+  stubThis: (value) => value
+};
+function identifyAuthenticationError({ error, options }) {
+  const { publicKey } = options;
+  if (!publicKey) {
+    throw Error("options was missing required publicKey property");
+  }
+  if (error.name === "AbortError") {
+    if (options.signal instanceof AbortSignal) {
+      return new WebAuthnError({
+        message: "Authentication ceremony was sent an abort signal",
+        code: "ERROR_CEREMONY_ABORTED",
+        cause: error
+      });
     }
-    if (options == null ? void 0 : options.throw) {
-      return successContext.data;
+  } else if (error.name === "NotAllowedError") {
+    return new WebAuthnError({
+      message: error.message,
+      code: "ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",
+      cause: error
+    });
+  } else if (error.name === "SecurityError") {
+    const effectiveDomain = globalThis.location.hostname;
+    if (!isValidDomain(effectiveDomain)) {
+      return new WebAuthnError({
+        message: `${globalThis.location.hostname} is an invalid domain`,
+        code: "ERROR_INVALID_DOMAIN",
+        cause: error
+      });
+    } else if (publicKey.rpId !== effectiveDomain) {
+      return new WebAuthnError({
+        message: `The RP ID "${publicKey.rpId}" is invalid for this domain`,
+        code: "ERROR_INVALID_RP_ID",
+        cause: error
+      });
     }
-    return {
-      data: successContext.data,
-      error: null
-    };
+  } else if (error.name === "UnknownError") {
+    return new WebAuthnError({
+      message: "The authenticator was unable to process the specified options, or could not create a new assertion signature",
+      code: "ERROR_AUTHENTICATOR_GENERAL_ERROR",
+      cause: error
+    });
   }
-  const parser = (_f = options == null ? void 0 : options.jsonParser) != null ? _f : jsonParse;
-  const responseText = await response.text();
-  const isJSONResponse = isJSONParsable(responseText);
-  const errorObject = isJSONResponse ? await parser(responseText) : null;
-  const errorContext = {
-    response,
-    responseText,
-    request: context,
-    error: __spreadProps(__spreadValues({}, errorObject), {
-      status: response.status,
-      statusText: response.statusText
-    })
+  return error;
+}
+async function startAuthentication(options) {
+  if (!options.optionsJSON && options.challenge) {
+    console.warn("startAuthentication() was not called correctly. It will try to continue with the provided options, but this call should be refactored to use the expected call structure instead. See https://simplewebauthn.dev/docs/packages/browser#typeerror-cannot-read-properties-of-undefined-reading-challenge for more information.");
+    options = { optionsJSON: options };
+  }
+  const { optionsJSON, useBrowserAutofill = false, verifyBrowserAutofillInput = true } = options;
+  if (!browserSupportsWebAuthn()) {
+    throw new Error("WebAuthn is not supported in this browser");
+  }
+  let allowCredentials;
+  if (optionsJSON.allowCredentials?.length !== 0) {
+    allowCredentials = optionsJSON.allowCredentials?.map(toPublicKeyCredentialDescriptor);
+  }
+  const publicKey = {
+    ...optionsJSON,
+    challenge: base64URLStringToBuffer(optionsJSON.challenge),
+    allowCredentials
   };
-  for (const onError of hooks.onError) {
-    if (onError) {
-      await onError(__spreadProps(__spreadValues({}, errorContext), {
-        response: ((_g = options == null ? void 0 : options.hookOptions) == null ? void 0 : _g.cloneResponse) ? response.clone() : response
-      }));
+  const getOptions = {};
+  if (useBrowserAutofill) {
+    if (!await browserSupportsWebAuthnAutofill()) {
+      throw Error("Browser does not support WebAuthn autofill");
     }
-  }
-  if (options == null ? void 0 : options.retry) {
-    const retryStrategy = createRetryStrategy(options.retry);
-    const _retryAttempt = (_h = options.retryAttempt) != null ? _h : 0;
-    if (await retryStrategy.shouldAttemptRetry(_retryAttempt, response)) {
-      for (const onRetry of hooks.onRetry) {
-        if (onRetry) {
-          await onRetry(responseContext);
-        }
-      }
-      const delay2 = retryStrategy.getDelay(_retryAttempt);
-      await new Promise((resolve) => setTimeout(resolve, delay2));
-      return await betterFetch(url, __spreadProps(__spreadValues({}, options), {
-        retryAttempt: _retryAttempt + 1
-      }));
+    const eligibleInputs = document.querySelectorAll("input[autocomplete$='webauthn']");
+    if (eligibleInputs.length < 1 && verifyBrowserAutofillInput) {
+      throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');
     }
+    getOptions.mediation = "conditional";
+    publicKey.allowCredentials = [];
   }
-  if (options == null ? void 0 : options.throw) {
-    throw new BetterFetchError(
-      response.status,
-      response.statusText,
-      isJSONResponse ? errorObject : responseText
-    );
+  getOptions.publicKey = publicKey;
+  getOptions.signal = WebAuthnAbortService.createNewAbortSignal();
+  let credential;
+  try {
+    credential = await navigator.credentials.get(getOptions);
+  } catch (err) {
+    throw identifyAuthenticationError({ error: err, options: getOptions });
+  }
+  if (!credential) {
+    throw new Error("Authentication was not completed");
+  }
+  const { id: id2, rawId, response, type } = credential;
+  let userHandle = void 0;
+  if (response.userHandle) {
+    userHandle = bufferToBase64URLString(response.userHandle);
   }
   return {
-    data: null,
-    error: __spreadProps(__spreadValues({}, errorObject), {
-      status: response.status,
-      statusText: response.statusText
-    })
+    id: id2,
+    rawId: bufferToBase64URLString(rawId),
+    response: {
+      authenticatorData: bufferToBase64URLString(response.authenticatorData),
+      clientDataJSON: bufferToBase64URLString(response.clientDataJSON),
+      signature: bufferToBase64URLString(response.signature),
+      userHandle
+    },
+    type,
+    clientExtensionResults: credential.getClientExtensionResults(),
+    authenticatorAttachment: toAuthenticatorAttachment(credential.authenticatorAttachment)
   };
-};
+}
+function capitalizeFirstLetter(str) {
+  return str.charAt(0).toUpperCase() + str.slice(1);
+}
 var define_globalThis_process_env_default = {};
 var define_process_env_default = {};
 const _envShim = /* @__PURE__ */ Object.create(null);
-const _getEnv = (useShim) => define_globalThis_process_env_default || //@ts-expect-error
-globalThis.Deno?.env.toObject() || //@ts-expect-error
-globalThis.__env__ || (useShim ? _envShim : globalThis);
+const _getEnv = (useShim) => define_globalThis_process_env_default || globalThis.Deno?.env.toObject() || globalThis.__env__ || (useShim ? _envShim : globalThis);
 const env = new Proxy(_envShim, {
   get(_2, prop) {
-    const env2 = _getEnv();
-    return env2[prop] ?? _envShim[prop];
+    return _getEnv()[prop] ?? _envShim[prop];
   },
   has(_2, prop) {
-    const env2 = _getEnv();
-    return prop in env2 || prop in _envShim;
+    return prop in _getEnv() || prop in _envShim;
   },
   set(_2, prop, value) {
-    const env2 = _getEnv(true);
-    env2[prop] = value;
+    const env$1 = _getEnv(true);
+    env$1[prop] = value;
     return true;
   },
   deleteProperty(_2, prop) {
-    if (!prop) {
-      return false;
-    }
-    const env2 = _getEnv(true);
-    delete env2[prop];
+    if (!prop) return false;
+    const env$1 = _getEnv(true);
+    delete env$1[prop];
     return true;
   },
   ownKeys() {
-    const env2 = _getEnv(true);
-    return Object.keys(env2);
+    const env$1 = _getEnv(true);
+    return Object.keys(env$1);
   }
 });
 function getEnvVar(key2, fallback) {
-  if (typeof process !== "undefined" && define_process_env_default) {
-    return define_process_env_default[key2] ?? fallback;
-  }
-  if (typeof Deno !== "undefined") {
-    return Deno.env.get(key2) ?? fallback;
-  }
-  if (typeof Bun !== "undefined") {
-    return Bun.env[key2] ?? fallback;
-  }
+  if (typeof process !== "undefined" && define_process_env_default) return define_process_env_default[key2] ?? fallback;
+  if (typeof Deno !== "undefined") return Deno.env.get(key2) ?? fallback;
+  if (typeof Bun !== "undefined") return Bun.env[key2] ?? fallback;
   return fallback;
 }
 const COLORS_2 = 1;
@@ -38522,24 +38346,20 @@ const TERM_ENVS = {
   mosh: COLORS_16m,
   putty: COLORS_16,
   st: COLORS_16,
-  // http://lists.schmorp.de/pipermail/rxvt-unicode/2016q2/002261.html
   "rxvt-unicode-24bit": COLORS_16m,
-  // https://bugs.launchpad.net/terminator/+bug/1030562
   terminator: COLORS_16m,
   "xterm-kitty": COLORS_16m
 };
-const CI_ENVS_MAP = new Map(
-  Object.entries({
-    APPVEYOR: COLORS_256,
-    BUILDKITE: COLORS_256,
-    CIRCLECI: COLORS_16m,
-    DRONE: COLORS_256,
-    GITEA_ACTIONS: COLORS_16m,
-    GITHUB_ACTIONS: COLORS_16m,
-    GITLAB_CI: COLORS_256,
-    TRAVIS: COLORS_256
-  })
-);
+const CI_ENVS_MAP = new Map(Object.entries({
+  APPVEYOR: COLORS_256,
+  BUILDKITE: COLORS_256,
+  CIRCLECI: COLORS_16m,
+  DRONE: COLORS_256,
+  GITEA_ACTIONS: COLORS_16m,
+  GITHUB_ACTIONS: COLORS_16m,
+  GITLAB_CI: COLORS_256,
+  TRAVIS: COLORS_256
+}));
 const TERM_ENVS_REG_EXP = [
   /ansi/,
   /color/,
@@ -38550,57 +38370,33 @@ const TERM_ENVS_REG_EXP = [
   /^screen/,
   /^xterm/,
   /^vt100/,
-  /^vt220/
-];
-function getColorDepth() {
-  if (getEnvVar("FORCE_COLOR") !== void 0) {
-    switch (getEnvVar("FORCE_COLOR")) {
-      case "":
-      case "1":
-      case "true":
-        return COLORS_16;
-      case "2":
-        return COLORS_256;
-      case "3":
-        return COLORS_16m;
-      default:
-        return COLORS_2;
-    }
-  }
-  if (getEnvVar("NODE_DISABLE_COLORS") !== void 0 && getEnvVar("NODE_DISABLE_COLORS") !== "" || // See https://no-color.org/
-  getEnvVar("NO_COLOR") !== void 0 && getEnvVar("NO_COLOR") !== "" || // The "dumb" special terminal, as defined by terminfo, doesn't support
-  // ANSI color control codes.
-  // See https://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
-  getEnvVar("TERM") === "dumb") {
-    return COLORS_2;
-  }
-  if (getEnvVar("TMUX")) {
-    return COLORS_16m;
-  }
-  if ("TF_BUILD" in env && "AGENT_NAME" in env) {
-    return COLORS_16;
+  /^vt220/
+];
+function getColorDepth() {
+  if (getEnvVar("FORCE_COLOR") !== void 0) switch (getEnvVar("FORCE_COLOR")) {
+    case "":
+    case "1":
+    case "true":
+      return COLORS_16;
+    case "2":
+      return COLORS_256;
+    case "3":
+      return COLORS_16m;
+    default:
+      return COLORS_2;
   }
+  if (getEnvVar("NODE_DISABLE_COLORS") !== void 0 && getEnvVar("NODE_DISABLE_COLORS") !== "" || getEnvVar("NO_COLOR") !== void 0 && getEnvVar("NO_COLOR") !== "" || getEnvVar("TERM") === "dumb") return COLORS_2;
+  if (getEnvVar("TMUX")) return COLORS_16m;
+  if ("TF_BUILD" in env && "AGENT_NAME" in env) return COLORS_16;
   if ("CI" in env) {
-    for (const { 0: envName, 1: colors } of CI_ENVS_MAP) {
-      if (envName in env) {
-        return colors;
-      }
-    }
-    if (getEnvVar("CI_NAME") === "codeship") {
-      return COLORS_256;
-    }
+    for (const { 0: envName, 1: colors } of CI_ENVS_MAP) if (envName in env) return colors;
+    if (getEnvVar("CI_NAME") === "codeship") return COLORS_256;
     return COLORS_2;
   }
-  if ("TEAMCITY_VERSION" in env) {
-    return /^(9\.(0*[1-9]\d*)\.|\d{2,}\.)/.exec(
-      getEnvVar("TEAMCITY_VERSION")
-    ) !== null ? COLORS_16 : COLORS_2;
-  }
+  if ("TEAMCITY_VERSION" in env) return /^(9\.(0*[1-9]\d*)\.|\d{2,}\.)/.exec(getEnvVar("TEAMCITY_VERSION")) !== null ? COLORS_16 : COLORS_2;
   switch (getEnvVar("TERM_PROGRAM")) {
     case "iTerm.app":
-      if (!getEnvVar("TERM_PROGRAM_VERSION") || /^[0-2]\./.exec(getEnvVar("TERM_PROGRAM_VERSION")) !== null) {
-        return COLORS_256;
-      }
+      if (!getEnvVar("TERM_PROGRAM_VERSION") || /^[0-2]\./.exec(getEnvVar("TERM_PROGRAM_VERSION")) !== null) return COLORS_256;
       return COLORS_16m;
     case "HyperTerm":
     case "MacTerm":
@@ -38608,27 +38404,15 @@ function getColorDepth() {
     case "Apple_Terminal":
       return COLORS_256;
   }
-  if (getEnvVar("COLORTERM") === "truecolor" || getEnvVar("COLORTERM") === "24bit") {
-    return COLORS_16m;
-  }
+  if (getEnvVar("COLORTERM") === "truecolor" || getEnvVar("COLORTERM") === "24bit") return COLORS_16m;
   if (getEnvVar("TERM")) {
-    if (/truecolor/.exec(getEnvVar("TERM")) !== null) {
-      return COLORS_16m;
-    }
-    if (/^xterm-256/.exec(getEnvVar("TERM")) !== null) {
-      return COLORS_256;
-    }
+    if (/truecolor/.exec(getEnvVar("TERM")) !== null) return COLORS_16m;
+    if (/^xterm-256/.exec(getEnvVar("TERM")) !== null) return COLORS_256;
     const termEnv = getEnvVar("TERM").toLowerCase();
-    if (TERM_ENVS[termEnv]) {
-      return TERM_ENVS[termEnv];
-    }
-    if (TERM_ENVS_REG_EXP.some((term) => term.exec(termEnv) !== null)) {
-      return COLORS_16;
-    }
-  }
-  if (getEnvVar("COLORTERM")) {
-    return COLORS_16;
+    if (TERM_ENVS[termEnv]) return TERM_ENVS[termEnv];
+    if (TERM_ENVS_REG_EXP.some((term) => term.exec(termEnv) !== null)) return COLORS_16;
   }
+  if (getEnvVar("COLORTERM")) return COLORS_16;
   return COLORS_2;
 }
 const TTY_COLORS = {
@@ -38643,9 +38427,15 @@ const TTY_COLORS = {
     magenta: "\x1B[35m"
   }
 };
-const levels = ["info", "success", "warn", "error", "debug"];
+const levels = [
+  "debug",
+  "info",
+  "success",
+  "warn",
+  "error"
+];
 function shouldPublishLog(currentLogLevel, logLevel) {
-  return levels.indexOf(logLevel) <= levels.indexOf(currentLogLevel);
+  return levels.indexOf(logLevel) >= levels.indexOf(currentLogLevel);
 }
 const levelColors = {
   info: TTY_COLORS.fg.blue,
@@ -38656,45 +38446,31 @@ const levelColors = {
 };
 const formatMessage = (level, message, colorsEnabled) => {
   const timestamp = (/* @__PURE__ */ new Date()).toISOString();
-  if (colorsEnabled) {
-    return `${TTY_COLORS.dim}${timestamp}${TTY_COLORS.reset} ${levelColors[level]}${level.toUpperCase()}${TTY_COLORS.reset} ${TTY_COLORS.bright}[Better Auth]:${TTY_COLORS.reset} ${message}`;
-  }
+  if (colorsEnabled) return `${TTY_COLORS.dim}${timestamp}${TTY_COLORS.reset} ${levelColors[level]}${level.toUpperCase()}${TTY_COLORS.reset} ${TTY_COLORS.bright}[Better Auth]:${TTY_COLORS.reset} ${message}`;
   return `${timestamp} ${level.toUpperCase()} [Better Auth]: ${message}`;
 };
 const createLogger = (options) => {
   const logLevel = "error";
   const colorsEnabled = getColorDepth() !== 1;
   const LogFunc = (level, message, args = []) => {
-    if (!shouldPublishLog(logLevel, level)) {
-      return;
-    }
+    if (!shouldPublishLog(logLevel, level)) return;
     const formattedMessage = formatMessage(level, message, colorsEnabled);
     {
-      if (level === "error") {
-        console.error(formattedMessage, ...args);
-      } else if (level === "warn") {
-        console.warn(formattedMessage, ...args);
-      } else {
-        console.log(formattedMessage, ...args);
-      }
+      if (level === "error") console.error(formattedMessage, ...args);
+      else if (level === "warn") console.warn(formattedMessage, ...args);
+      else console.log(formattedMessage, ...args);
       return;
     }
   };
-  const logger2 = Object.fromEntries(
-    levels.map((level) => [
-      level,
-      (...[message, ...args]) => LogFunc(level, message, args)
-    ])
-  );
   return {
-    ...logger2,
+    ...Object.fromEntries(levels.map((level) => [level, (...[message, ...args]) => LogFunc(level, message, args)])),
     get level() {
       return logLevel;
     }
   };
 };
 createLogger();
-class BetterAuthError extends Error {
+var BetterAuthError = class extends Error {
   constructor(message, cause) {
     super(message);
     this.name = "BetterAuthError";
@@ -38702,44 +38478,106 @@ class BetterAuthError extends Error {
     this.cause = cause;
     this.stack = "";
   }
-}
+};
 function checkHasPath(url) {
+  try {
+    return (new URL(url).pathname.replace(/\/+$/, "") || "/") !== "/";
+  } catch (error) {
+    throw new BetterAuthError(`Invalid base URL: ${url}. Please provide a valid base URL.`);
+  }
+}
+function assertHasProtocol(url) {
   try {
     const parsedUrl = new URL(url);
-    const pathname = parsedUrl.pathname.replace(/\/+$/, "") || "/";
-    return pathname !== "/";
+    if (parsedUrl.protocol !== "http:" && parsedUrl.protocol !== "https:") throw new BetterAuthError(`Invalid base URL: ${url}. URL must include 'http://' or 'https://'`);
   } catch (error) {
-    throw new BetterAuthError(
-      `Invalid base URL: ${url}. Please provide a valid base URL.`
-    );
+    if (error instanceof BetterAuthError) throw error;
+    throw new BetterAuthError(`Invalid base URL: ${url}. Please provide a valid base URL.`, String(error));
   }
 }
 function withPath(url, path = "/api/auth") {
-  const hasPath = checkHasPath(url);
-  if (hasPath) {
-    return url;
-  }
+  assertHasProtocol(url);
+  if (checkHasPath(url)) return url;
   const trimmedUrl = url.replace(/\/+$/, "");
-  if (!path || path === "/") {
-    return trimmedUrl;
-  }
+  if (!path || path === "/") return trimmedUrl;
   path = path.startsWith("/") ? path : `/${path}`;
   return `${trimmedUrl}${path}`;
 }
-function getBaseURL(url, path, request, loadEnv) {
-  if (url) {
-    return withPath(url, path);
-  }
+function getBaseURL(url, path, request, loadEnv, trustedProxyHeaders) {
+  if (url) return withPath(url, path);
   {
     const fromEnv = env.BETTER_AUTH_URL || env.NEXT_PUBLIC_BETTER_AUTH_URL || env.PUBLIC_BETTER_AUTH_URL || env.NUXT_PUBLIC_BETTER_AUTH_URL || env.NUXT_PUBLIC_AUTH_URL || (env.BASE_URL !== "/" ? env.BASE_URL : void 0);
-    if (fromEnv) {
-      return withPath(fromEnv, path);
-    }
+    if (fromEnv) return withPath(fromEnv, path);
+  }
+  if (typeof window !== "undefined" && window.location) return withPath(window.location.origin, path);
+}
+const PROTO_POLLUTION_PATTERNS = {
+  proto: /"(?:_|\\u0{2}5[Ff]){2}(?:p|\\u0{2}70)(?:r|\\u0{2}72)(?:o|\\u0{2}6[Ff])(?:t|\\u0{2}74)(?:o|\\u0{2}6[Ff])(?:_|\\u0{2}5[Ff]){2}"\s*:/,
+  constructor: /"(?:c|\\u0063)(?:o|\\u006[Ff])(?:n|\\u006[Ee])(?:s|\\u0073)(?:t|\\u0074)(?:r|\\u0072)(?:u|\\u0075)(?:c|\\u0063)(?:t|\\u0074)(?:o|\\u006[Ff])(?:r|\\u0072)"\s*:/,
+  protoShort: /"__proto__"\s*:/,
+  constructorShort: /"constructor"\s*:/
+};
+const JSON_SIGNATURE = /^\s*["[{]|^\s*-?\d{1,16}(\.\d{1,17})?([Ee][+-]?\d+)?\s*$/;
+const SPECIAL_VALUES = {
+  true: true,
+  false: false,
+  null: null,
+  undefined: void 0,
+  nan: NaN,
+  infinity: Number.POSITIVE_INFINITY,
+  "-infinity": Number.NEGATIVE_INFINITY
+};
+const ISO_DATE_REGEX = /^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})(?:\.(\d{1,7}))?(?:Z|([+-])(\d{2}):(\d{2}))$/;
+function isValidDate(date2) {
+  return date2 instanceof Date && !isNaN(date2.getTime());
+}
+function parseISODate(value) {
+  const match = ISO_DATE_REGEX.exec(value);
+  if (!match) return null;
+  const [, year, month, day, hour, minute, second, ms, offsetSign, offsetHour, offsetMinute] = match;
+  let date2 = new Date(Date.UTC(parseInt(year, 10), parseInt(month, 10) - 1, parseInt(day, 10), parseInt(hour, 10), parseInt(minute, 10), parseInt(second, 10), ms ? parseInt(ms.padEnd(3, "0"), 10) : 0));
+  if (offsetSign) {
+    const offset2 = (parseInt(offsetHour, 10) * 60 + parseInt(offsetMinute, 10)) * (offsetSign === "+" ? -1 : 1);
+    date2.setUTCMinutes(date2.getUTCMinutes() + offset2);
   }
-  if (typeof window !== "undefined" && window.location) {
-    return withPath(window.location.origin, path);
+  return isValidDate(date2) ? date2 : null;
+}
+function betterJSONParse(value, options = {}) {
+  const { strict = false, warnings = false, reviver, parseDates = true } = options;
+  if (typeof value !== "string") return value;
+  const trimmed = value.trim();
+  if (trimmed.length > 0 && trimmed[0] === '"' && trimmed.endsWith('"') && !trimmed.slice(1, -1).includes('"')) return trimmed.slice(1, -1);
+  const lowerValue = trimmed.toLowerCase();
+  if (lowerValue.length <= 9 && lowerValue in SPECIAL_VALUES) return SPECIAL_VALUES[lowerValue];
+  if (!JSON_SIGNATURE.test(trimmed)) {
+    if (strict) throw new SyntaxError("[better-json] Invalid JSON");
+    return value;
   }
-  return void 0;
+  if (Object.entries(PROTO_POLLUTION_PATTERNS).some(([key2, pattern]) => {
+    const matches = pattern.test(trimmed);
+    if (matches && warnings) console.warn(`[better-json] Detected potential prototype pollution attempt using ${key2} pattern`);
+    return matches;
+  }) && strict) throw new Error("[better-json] Potential prototype pollution attempt detected");
+  try {
+    const secureReviver = (key2, value$1) => {
+      if (key2 === "__proto__" || key2 === "constructor" && value$1 && typeof value$1 === "object" && "prototype" in value$1) {
+        if (warnings) console.warn(`[better-json] Dropping "${key2}" key to prevent prototype pollution`);
+        return;
+      }
+      if (parseDates && typeof value$1 === "string") {
+        const date2 = parseISODate(value$1);
+        if (date2) return date2;
+      }
+      return reviver ? reviver(key2, value$1) : value$1;
+    };
+    return JSON.parse(trimmed, secureReviver);
+  } catch (error) {
+    if (strict) throw error;
+    return value;
+  }
+}
+function parseJSON(value, options = { strict: true }) {
+  return betterJSONParse(value, options);
 }
 let listenerQueue = [];
 let lqIndex = 0;
@@ -38867,918 +38705,1073 @@ let onMount = ($store, initialize) => {
     };
   });
 };
-const isServer = typeof window === "undefined";
-const useAuthQuery = (initializedAtom, path, $fetch, options) => {
-  const value = /* @__PURE__ */ atom({
-    data: null,
-    error: null,
-    isPending: true,
-    isRefetching: false,
-    refetch: (queryParams) => {
-      return fn(queryParams);
-    }
-  });
-  const fn = (queryParams) => {
-    const opts = typeof options === "function" ? options({
-      data: value.get().data,
-      error: value.get().error,
-      isPending: value.get().isPending
-    }) : options;
-    $fetch(path, {
-      ...opts,
-      query: {
-        ...opts?.query,
-        ...queryParams?.query
-      },
-      async onSuccess(context) {
-        value.set({
-          data: context.data,
-          error: null,
-          isPending: false,
-          isRefetching: false,
-          refetch: value.value.refetch
-        });
-        await opts?.onSuccess?.(context);
-      },
-      async onError(context) {
-        const { request } = context;
-        const retryAttempts = typeof request.retry === "number" ? request.retry : request.retry?.attempts;
-        const retryAttempt = request.retryAttempt || 0;
-        if (retryAttempts && retryAttempt < retryAttempts) return;
-        value.set({
-          error: context.error,
-          data: null,
-          isPending: false,
-          isRefetching: false,
-          refetch: value.value.refetch
-        });
-        await opts?.onError?.(context);
-      },
-      async onRequest(context) {
-        const currentValue = value.get();
-        value.set({
-          isPending: currentValue.data === null,
-          data: currentValue.data,
-          error: null,
-          isRefetching: true,
-          refetch: value.value.refetch
-        });
-        await opts?.onRequest?.(context);
-      }
-    }).catch((error) => {
-      value.set({
-        error,
-        data: null,
-        isPending: false,
-        isRefetching: false,
-        refetch: value.value.refetch
-      });
-    });
-  };
-  initializedAtom = Array.isArray(initializedAtom) ? initializedAtom : [initializedAtom];
-  let isMounted = false;
-  for (const initAtom of initializedAtom) {
-    initAtom.subscribe(() => {
-      if (isServer) {
-        return;
-      }
-      if (isMounted) {
-        fn();
-      } else {
-        onMount(value, () => {
-          const timeoutId = setTimeout(() => {
-            if (!isMounted) {
-              fn();
-              isMounted = true;
-            }
-          }, 0);
-          return () => {
-            value.off();
-            initAtom.off();
-            clearTimeout(timeoutId);
-          };
-        });
-      }
+var __defProp = Object.defineProperty;
+var __defProps = Object.defineProperties;
+var __getOwnPropDescs = Object.getOwnPropertyDescriptors;
+var __getOwnPropSymbols = Object.getOwnPropertySymbols;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __propIsEnum = Object.prototype.propertyIsEnumerable;
+var __defNormalProp = (obj, key2, value) => key2 in obj ? __defProp(obj, key2, { enumerable: true, configurable: true, writable: true, value }) : obj[key2] = value;
+var __spreadValues = (a2, b) => {
+  for (var prop in b || (b = {}))
+    if (__hasOwnProp.call(b, prop))
+      __defNormalProp(a2, prop, b[prop]);
+  if (__getOwnPropSymbols)
+    for (var prop of __getOwnPropSymbols(b)) {
+      if (__propIsEnum.call(b, prop))
+        __defNormalProp(a2, prop, b[prop]);
+    }
+  return a2;
+};
+var __spreadProps = (a2, b) => __defProps(a2, __getOwnPropDescs(b));
+var BetterFetchError = class extends Error {
+  constructor(status, statusText, error) {
+    super(statusText || status.toString(), {
+      cause: error
     });
+    this.status = status;
+    this.statusText = statusText;
+    this.error = error;
   }
-  return value;
 };
-const PROTO_POLLUTION_PATTERNS = {
-  proto: /"(?:_|\\u0{2}5[Ff]){2}(?:p|\\u0{2}70)(?:r|\\u0{2}72)(?:o|\\u0{2}6[Ff])(?:t|\\u0{2}74)(?:o|\\u0{2}6[Ff])(?:_|\\u0{2}5[Ff]){2}"\s*:/,
-  constructor: /"(?:c|\\u0063)(?:o|\\u006[Ff])(?:n|\\u006[Ee])(?:s|\\u0073)(?:t|\\u0074)(?:r|\\u0072)(?:u|\\u0075)(?:c|\\u0063)(?:t|\\u0074)(?:o|\\u006[Ff])(?:r|\\u0072)"\s*:/,
-  protoShort: /"__proto__"\s*:/,
-  constructorShort: /"constructor"\s*:/
+var initializePlugins = async (url, options) => {
+  var _a2, _b, _c, _d, _e2, _f;
+  let opts = options || {};
+  const hooks = {
+    onRequest: [options == null ? void 0 : options.onRequest],
+    onResponse: [options == null ? void 0 : options.onResponse],
+    onSuccess: [options == null ? void 0 : options.onSuccess],
+    onError: [options == null ? void 0 : options.onError],
+    onRetry: [options == null ? void 0 : options.onRetry]
+  };
+  if (!options || !(options == null ? void 0 : options.plugins)) {
+    return {
+      url,
+      options: opts,
+      hooks
+    };
+  }
+  for (const plugin of (options == null ? void 0 : options.plugins) || []) {
+    if (plugin.init) {
+      const pluginRes = await ((_a2 = plugin.init) == null ? void 0 : _a2.call(plugin, url.toString(), options));
+      opts = pluginRes.options || opts;
+      url = pluginRes.url;
+    }
+    hooks.onRequest.push((_b = plugin.hooks) == null ? void 0 : _b.onRequest);
+    hooks.onResponse.push((_c = plugin.hooks) == null ? void 0 : _c.onResponse);
+    hooks.onSuccess.push((_d = plugin.hooks) == null ? void 0 : _d.onSuccess);
+    hooks.onError.push((_e2 = plugin.hooks) == null ? void 0 : _e2.onError);
+    hooks.onRetry.push((_f = plugin.hooks) == null ? void 0 : _f.onRetry);
+  }
+  return {
+    url,
+    options: opts,
+    hooks
+  };
 };
-const JSON_SIGNATURE = /^\s*["[{]|^\s*-?\d{1,16}(\.\d{1,17})?([Ee][+-]?\d+)?\s*$/;
-const SPECIAL_VALUES = {
-  true: true,
-  false: false,
-  null: null,
-  undefined: void 0,
-  nan: Number.NaN,
-  infinity: Number.POSITIVE_INFINITY,
-  "-infinity": Number.NEGATIVE_INFINITY
+var LinearRetryStrategy = class {
+  constructor(options) {
+    this.options = options;
+  }
+  shouldAttemptRetry(attempt, response) {
+    if (this.options.shouldRetry) {
+      return Promise.resolve(
+        attempt < this.options.attempts && this.options.shouldRetry(response)
+      );
+    }
+    return Promise.resolve(attempt < this.options.attempts);
+  }
+  getDelay() {
+    return this.options.delay;
+  }
 };
-const ISO_DATE_REGEX = /^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})(?:\.(\d{1,7}))?(?:Z|([+-])(\d{2}):(\d{2}))$/;
-function isValidDate(date2) {
-  return date2 instanceof Date && !isNaN(date2.getTime());
-}
-function parseISODate(value) {
-  const match = ISO_DATE_REGEX.exec(value);
-  if (!match) return null;
-  const [
-    ,
-    year,
-    month,
-    day,
-    hour,
-    minute,
-    second,
-    ms,
-    offsetSign,
-    offsetHour,
-    offsetMinute
-  ] = match;
-  let date2 = new Date(
-    Date.UTC(
-      parseInt(year, 10),
-      parseInt(month, 10) - 1,
-      parseInt(day, 10),
-      parseInt(hour, 10),
-      parseInt(minute, 10),
-      parseInt(second, 10),
-      ms ? parseInt(ms.padEnd(3, "0"), 10) : 0
-    )
-  );
-  if (offsetSign) {
-    const offset2 = (parseInt(offsetHour, 10) * 60 + parseInt(offsetMinute, 10)) * (offsetSign === "+" ? -1 : 1);
-    date2.setUTCMinutes(date2.getUTCMinutes() + offset2);
+var ExponentialRetryStrategy = class {
+  constructor(options) {
+    this.options = options;
   }
-  return isValidDate(date2) ? date2 : null;
-}
-function betterJSONParse(value, options = {}) {
-  const {
-    strict = false,
-    warnings = false,
-    reviver,
-    parseDates = true
-  } = options;
-  if (typeof value !== "string") {
-    return value;
+  shouldAttemptRetry(attempt, response) {
+    if (this.options.shouldRetry) {
+      return Promise.resolve(
+        attempt < this.options.attempts && this.options.shouldRetry(response)
+      );
+    }
+    return Promise.resolve(attempt < this.options.attempts);
   }
-  const trimmed = value.trim();
-  if (trimmed.length > 0 && trimmed[0] === '"' && trimmed.endsWith('"') && !trimmed.slice(1, -1).includes('"')) {
-    return trimmed.slice(1, -1);
+  getDelay(attempt) {
+    const delay2 = Math.min(
+      this.options.maxDelay,
+      this.options.baseDelay * 2 ** attempt
+    );
+    return delay2;
   }
-  const lowerValue = trimmed.toLowerCase();
-  if (lowerValue.length <= 9 && lowerValue in SPECIAL_VALUES) {
-    return SPECIAL_VALUES[lowerValue];
+};
+function createRetryStrategy(options) {
+  if (typeof options === "number") {
+    return new LinearRetryStrategy({
+      type: "linear",
+      attempts: options,
+      delay: 1e3
+    });
   }
-  if (!JSON_SIGNATURE.test(trimmed)) {
-    if (strict) {
-      throw new SyntaxError("[better-json] Invalid JSON");
-    }
-    return value;
+  switch (options.type) {
+    case "linear":
+      return new LinearRetryStrategy(options);
+    case "exponential":
+      return new ExponentialRetryStrategy(options);
+    default:
+      throw new Error("Invalid retry strategy");
   }
-  const hasProtoPattern = Object.entries(PROTO_POLLUTION_PATTERNS).some(
-    ([key2, pattern]) => {
-      const matches = pattern.test(trimmed);
-      if (matches && warnings) {
-        console.warn(
-          `[better-json] Detected potential prototype pollution attempt using ${key2} pattern`
-        );
+}
+var getAuthHeader = async (options) => {
+  const headers = {};
+  const getValue = async (value) => typeof value === "function" ? await value() : value;
+  if (options == null ? void 0 : options.auth) {
+    if (options.auth.type === "Bearer") {
+      const token = await getValue(options.auth.token);
+      if (!token) {
+        return headers;
       }
-      return matches;
-    }
-  );
-  if (hasProtoPattern && strict) {
-    throw new Error(
-      "[better-json] Potential prototype pollution attempt detected"
-    );
-  }
-  try {
-    const secureReviver = (key2, value2) => {
-      if (key2 === "__proto__" || key2 === "constructor" && value2 && typeof value2 === "object" && "prototype" in value2) {
-        if (warnings) {
-          console.warn(
-            `[better-json] Dropping "${key2}" key to prevent prototype pollution`
-          );
-        }
-        return void 0;
+      headers["authorization"] = `Bearer ${token}`;
+    } else if (options.auth.type === "Basic") {
+      const username = getValue(options.auth.username);
+      const password = getValue(options.auth.password);
+      if (!username || !password) {
+        return headers;
       }
-      if (parseDates && typeof value2 === "string") {
-        const date2 = parseISODate(value2);
-        if (date2) {
-          return date2;
-        }
+      headers["authorization"] = `Basic ${btoa(`${username}:${password}`)}`;
+    } else if (options.auth.type === "Custom") {
+      const value = getValue(options.auth.value);
+      if (!value) {
+        return headers;
       }
-      return reviver ? reviver(key2, value2) : value2;
-    };
-    return JSON.parse(trimmed, secureReviver);
-  } catch (error) {
-    if (strict) {
-      throw error;
+      headers["authorization"] = `${getValue(options.auth.prefix)} ${value}`;
     }
-    return value;
   }
+  return headers;
+};
+var JSON_RE = /^application\/(?:[\w!#$%&*.^`~-]*\+)?json(;.+)?$/i;
+function detectResponseType(request) {
+  const _contentType = request.headers.get("content-type");
+  const textTypes = /* @__PURE__ */ new Set([
+    "image/svg",
+    "application/xml",
+    "application/xhtml",
+    "application/html"
+  ]);
+  if (!_contentType) {
+    return "json";
+  }
+  const contentType = _contentType.split(";").shift() || "";
+  if (JSON_RE.test(contentType)) {
+    return "json";
+  }
+  if (textTypes.has(contentType) || contentType.startsWith("text/")) {
+    return "text";
+  }
+  return "blob";
 }
-function parseJSON(value, options = { strict: true }) {
-  return betterJSONParse(value, options);
-}
-const redirectPlugin = {
-  id: "redirect",
-  name: "Redirect",
-  hooks: {
-    onSuccess(context) {
-      if (context.data?.url && context.data?.redirect) {
-        if (typeof window !== "undefined" && window.location) {
-          if (window.location) {
-            try {
-              window.location.href = context.data.url;
-            } catch {
-            }
-          }
-        }
-      }
-    }
+function isJSONParsable(value) {
+  try {
+    JSON.parse(value);
+    return true;
+  } catch (error) {
+    return false;
   }
-};
-function getSessionAtom($fetch) {
-  const $signal = /* @__PURE__ */ atom(false);
-  const session = useAuthQuery($signal, "/get-session", $fetch, {
-    method: "GET"
-  });
-  return {
-    session,
-    $sessionSignal: $signal
-  };
 }
-const getClientConfig = (options, loadEnv) => {
-  const isCredentialsSupported = "credentials" in Request.prototype;
-  const baseURL = getBaseURL(options?.baseURL, options?.basePath) ?? "/api/auth";
-  const pluginsFetchPlugins = options?.plugins?.flatMap((plugin) => plugin.fetchPlugins).filter((pl) => pl !== void 0) || [];
-  const lifeCyclePlugin = {
-    id: "lifecycle-hooks",
-    name: "lifecycle-hooks",
-    hooks: {
-      onSuccess: options?.fetchOptions?.onSuccess,
-      onError: options?.fetchOptions?.onError,
-      onRequest: options?.fetchOptions?.onRequest,
-      onResponse: options?.fetchOptions?.onResponse
-    }
-  };
-  const { onSuccess, onError, onRequest, onResponse, ...restOfFetchOptions } = options?.fetchOptions || {};
-  const $fetch = createFetch({
-    baseURL,
-    ...isCredentialsSupported ? { credentials: "include" } : {},
-    method: "GET",
-    jsonParser(text) {
-      if (!text) {
-        return null;
-      }
-      return parseJSON(text, {
-        strict: false
-      });
-    },
-    customFetchImpl: fetch,
-    ...restOfFetchOptions,
-    plugins: [
-      lifeCyclePlugin,
-      ...restOfFetchOptions.plugins || [],
-      ...options?.disableDefaultFetchPlugins ? [] : [redirectPlugin],
-      ...pluginsFetchPlugins
-    ]
-  });
-  const { $sessionSignal, session } = getSessionAtom($fetch);
-  const plugins = options?.plugins || [];
-  let pluginsActions = {};
-  let pluginsAtoms = {
-    $sessionSignal,
-    session
-  };
-  let pluginPathMethods = {
-    "/sign-out": "POST",
-    "/revoke-sessions": "POST",
-    "/revoke-other-sessions": "POST",
-    "/delete-user": "POST"
-  };
-  const atomListeners = [
-    {
-      signal: "$sessionSignal",
-      matcher(path) {
-        return path === "/sign-out" || path === "/update-user" || path.startsWith("/sign-in") || path.startsWith("/sign-up") || path === "/delete-user" || path === "/verify-email";
-      }
-    }
-  ];
-  for (const plugin of plugins) {
-    if (plugin.getAtoms) {
-      Object.assign(pluginsAtoms, plugin.getAtoms?.($fetch));
-    }
-    if (plugin.pathMethods) {
-      Object.assign(pluginPathMethods, plugin.pathMethods);
-    }
-    if (plugin.atomListeners) {
-      atomListeners.push(...plugin.atomListeners);
-    }
+function isJSONSerializable(value) {
+  if (value === void 0) {
+    return false;
   }
-  const $store = {
-    notify: (signal) => {
-      pluginsAtoms[signal].set(
-        !pluginsAtoms[signal].get()
-      );
-    },
-    listen: (signal, listener) => {
-      pluginsAtoms[signal].subscribe(listener);
-    },
-    atoms: pluginsAtoms
-  };
-  for (const plugin of plugins) {
-    if (plugin.getActions) {
-      Object.assign(
-        pluginsActions,
-        plugin.getActions?.($fetch, $store, options)
-      );
-    }
+  const t2 = typeof value;
+  if (t2 === "string" || t2 === "number" || t2 === "boolean" || t2 === null) {
+    return true;
   }
-  return {
-    get baseURL() {
-      return baseURL;
-    },
-    pluginsActions,
-    pluginsAtoms,
-    pluginPathMethods,
-    atomListeners,
-    $fetch,
-    $store
-  };
-};
-function isAtom(value) {
-  return typeof value === "object" && value !== null && "get" in value && typeof value.get === "function" && "lc" in value && typeof value.lc === "number";
-}
-function getMethod(path, knownPathMethods, args) {
-  const method = knownPathMethods[path];
-  const { fetchOptions, query, ...body } = args || {};
-  if (method) {
-    return method;
+  if (t2 !== "object") {
+    return false;
   }
-  if (fetchOptions?.method) {
-    return fetchOptions.method;
+  if (Array.isArray(value)) {
+    return true;
   }
-  if (body && Object.keys(body).length > 0) {
-    return "POST";
+  if (value.buffer) {
+    return false;
   }
-  return "GET";
+  return value.constructor && value.constructor.name === "Object" || typeof value.toJSON === "function";
 }
-function createDynamicPathProxy(routes, client2, knownPathMethods, atoms, atomListeners) {
-  function createProxy(path = []) {
-    return new Proxy(function() {
-    }, {
-      get(_2, prop) {
-        if (typeof prop !== "string") {
-          return void 0;
-        }
-        if (prop === "then" || prop === "catch" || prop === "finally") {
-          return void 0;
-        }
-        const fullPath = [...path, prop];
-        let current = routes;
-        for (const segment of fullPath) {
-          if (current && typeof current === "object" && segment in current) {
-            current = current[segment];
-          } else {
-            current = void 0;
-            break;
-          }
-        }
-        if (typeof current === "function") {
-          return current;
-        }
-        if (isAtom(current)) {
-          return current;
-        }
-        return createProxy(fullPath);
-      },
-      apply: async (_2, __, args) => {
-        const routePath = "/" + path.map(
-          (segment) => segment.replace(/[A-Z]/g, (letter) => `-${letter.toLowerCase()}`)
-        ).join("/");
-        const arg = args[0] || {};
-        const fetchOptions = args[1] || {};
-        const { query, fetchOptions: argFetchOptions, ...body } = arg;
-        const options = {
-          ...fetchOptions,
-          ...argFetchOptions
-        };
-        const method = getMethod(routePath, knownPathMethods, arg);
-        return await client2(routePath, {
-          ...options,
-          body: method === "GET" ? void 0 : {
-            ...body,
-            ...options?.body || {}
-          },
-          query: query || options?.query,
-          method,
-          async onSuccess(context) {
-            await options?.onSuccess?.(context);
-            if (!atomListeners) return;
-            const matches = atomListeners.filter((s2) => s2.matcher(routePath));
-            if (!matches.length) return;
-            for (const match of matches) {
-              const signal = atoms[match.signal];
-              if (!signal) return;
-              const val = signal.get();
-              setTimeout(() => {
-                signal.set(!val);
-              }, 10);
-            }
-          }
-        });
-      }
-    });
+function jsonParse(text) {
+  try {
+    return JSON.parse(text);
+  } catch (error) {
+    return text;
   }
-  return createProxy();
 }
-function capitalizeFirstLetter(str) {
-  return str.charAt(0).toUpperCase() + str.slice(1);
+function isFunction$1(value) {
+  return typeof value === "function";
+}
+function getFetch(options) {
+  if (options == null ? void 0 : options.customFetchImpl) {
+    return options.customFetchImpl;
+  }
+  if (typeof globalThis !== "undefined" && isFunction$1(globalThis.fetch)) {
+    return globalThis.fetch;
+  }
+  if (typeof window !== "undefined" && isFunction$1(window.fetch)) {
+    return window.fetch;
+  }
+  throw new Error("No fetch implementation found");
 }
-function createAuthClient(options) {
-  const {
-    pluginPathMethods,
-    pluginsActions,
-    pluginsAtoms,
-    $fetch,
-    atomListeners,
-    $store
-  } = getClientConfig(options);
-  let resolvedHooks = {};
-  for (const [key2, value] of Object.entries(pluginsAtoms)) {
-    resolvedHooks[`use${capitalizeFirstLetter(key2)}`] = value;
+async function getHeaders(opts) {
+  const headers = new Headers(opts == null ? void 0 : opts.headers);
+  const authHeader = await getAuthHeader(opts);
+  for (const [key2, value] of Object.entries(authHeader || {})) {
+    headers.set(key2, value);
   }
-  const routes = {
-    ...pluginsActions,
-    ...resolvedHooks,
-    $fetch,
-    $store
-  };
-  const proxy = createDynamicPathProxy(
-    routes,
-    $fetch,
-    pluginPathMethods,
-    pluginsAtoms,
-    atomListeners
-  );
-  return proxy;
+  if (!headers.has("content-type")) {
+    const t2 = detectContentType(opts == null ? void 0 : opts.body);
+    if (t2) {
+      headers.set("content-type", t2);
+    }
+  }
+  return headers;
 }
-function bufferToBase64URLString(buffer) {
-  const bytes = new Uint8Array(buffer);
-  let str = "";
-  for (const charCode of bytes) {
-    str += String.fromCharCode(charCode);
+function detectContentType(body) {
+  if (isJSONSerializable(body)) {
+    return "application/json";
   }
-  const base64String = btoa(str);
-  return base64String.replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+  return null;
 }
-function base64URLStringToBuffer(base64URLString) {
-  const base642 = base64URLString.replace(/-/g, "+").replace(/_/g, "/");
-  const padLength = (4 - base642.length % 4) % 4;
-  const padded = base642.padEnd(base642.length + padLength, "=");
-  const binary = atob(padded);
-  const buffer = new ArrayBuffer(binary.length);
-  const bytes = new Uint8Array(buffer);
-  for (let i2 = 0; i2 < binary.length; i2++) {
-    bytes[i2] = binary.charCodeAt(i2);
+function getBody(options) {
+  if (!(options == null ? void 0 : options.body)) {
+    return null;
   }
-  return buffer;
+  const headers = new Headers(options == null ? void 0 : options.headers);
+  if (isJSONSerializable(options.body) && !headers.has("content-type")) {
+    for (const [key2, value] of Object.entries(options == null ? void 0 : options.body)) {
+      if (value instanceof Date) {
+        options.body[key2] = value.toISOString();
+      }
+    }
+    return JSON.stringify(options.body);
+  }
+  return options.body;
 }
-function browserSupportsWebAuthn() {
-  return _browserSupportsWebAuthnInternals.stubThis(globalThis?.PublicKeyCredential !== void 0 && typeof globalThis.PublicKeyCredential === "function");
+function getMethod$1(url, options) {
+  var _a2;
+  if (options == null ? void 0 : options.method) {
+    return options.method.toUpperCase();
+  }
+  if (url.startsWith("@")) {
+    const pMethod = (_a2 = url.split("@")[1]) == null ? void 0 : _a2.split("/")[0];
+    if (!methods.includes(pMethod)) {
+      return (options == null ? void 0 : options.body) ? "POST" : "GET";
+    }
+    return pMethod.toUpperCase();
+  }
+  return (options == null ? void 0 : options.body) ? "POST" : "GET";
 }
-const _browserSupportsWebAuthnInternals = {
-  stubThis: (value) => value
-};
-function toPublicKeyCredentialDescriptor(descriptor) {
-  const { id: id2 } = descriptor;
+function getTimeout(options, controller) {
+  let abortTimeout;
+  if (!(options == null ? void 0 : options.signal) && (options == null ? void 0 : options.timeout)) {
+    abortTimeout = setTimeout(() => controller == null ? void 0 : controller.abort(), options == null ? void 0 : options.timeout);
+  }
   return {
-    ...descriptor,
-    id: base64URLStringToBuffer(id2),
-    /**
-     * `descriptor.transports` is an array of our `AuthenticatorTransportFuture` that includes newer
-     * transports that TypeScript's DOM lib is ignorant of. Convince TS that our list of transports
-     * are fine to pass to WebAuthn since browsers will recognize the new value.
-     */
-    transports: descriptor.transports
+    abortTimeout,
+    clearTimeout: () => {
+      if (abortTimeout) {
+        clearTimeout(abortTimeout);
+      }
+    }
   };
 }
-function isValidDomain(hostname) {
-  return (
-    // Consider localhost valid as well since it's okay wrt Secure Contexts
-    hostname === "localhost" || /^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(hostname)
-  );
-}
-class WebAuthnError extends Error {
-  constructor({ message, code, cause, name }) {
-    super(message, { cause });
-    Object.defineProperty(this, "code", {
-      enumerable: true,
-      configurable: true,
-      writable: true,
-      value: void 0
-    });
-    this.name = name ?? cause.name;
-    this.code = code;
+var ValidationError = class _ValidationError extends Error {
+  constructor(issues, message) {
+    super(message || JSON.stringify(issues, null, 2));
+    this.issues = issues;
+    Object.setPrototypeOf(this, _ValidationError.prototype);
   }
-}
-function identifyRegistrationError({ error, options }) {
-  const { publicKey } = options;
-  if (!publicKey) {
-    throw Error("options was missing required publicKey property");
+};
+async function parseStandardSchema(schema, input) {
+  let result = await schema["~standard"].validate(input);
+  if (result.issues) {
+    throw new ValidationError(result.issues);
   }
-  if (error.name === "AbortError") {
-    if (options.signal instanceof AbortSignal) {
-      return new WebAuthnError({
-        message: "Registration ceremony was sent an abort signal",
-        code: "ERROR_CEREMONY_ABORTED",
-        cause: error
-      });
-    }
-  } else if (error.name === "ConstraintError") {
-    if (publicKey.authenticatorSelection?.requireResidentKey === true) {
-      return new WebAuthnError({
-        message: "Discoverable credentials were required but no available authenticator supported it",
-        code: "ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",
-        cause: error
-      });
-    } else if (
-      // @ts-ignore: `mediation` doesn't yet exist on CredentialCreationOptions but it's possible as of Sept 2024
-      options.mediation === "conditional" && publicKey.authenticatorSelection?.userVerification === "required"
-    ) {
-      return new WebAuthnError({
-        message: "User verification was required during automatic registration but it could not be performed",
-        code: "ERROR_AUTO_REGISTER_USER_VERIFICATION_FAILURE",
-        cause: error
-      });
-    } else if (publicKey.authenticatorSelection?.userVerification === "required") {
-      return new WebAuthnError({
-        message: "User verification was required but no available authenticator supported it",
-        code: "ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",
-        cause: error
-      });
-    }
-  } else if (error.name === "InvalidStateError") {
-    return new WebAuthnError({
-      message: "The authenticator was previously registered",
-      code: "ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",
-      cause: error
-    });
-  } else if (error.name === "NotAllowedError") {
-    return new WebAuthnError({
-      message: error.message,
-      code: "ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",
-      cause: error
-    });
-  } else if (error.name === "NotSupportedError") {
-    const validPubKeyCredParams = publicKey.pubKeyCredParams.filter((param) => param.type === "public-key");
-    if (validPubKeyCredParams.length === 0) {
-      return new WebAuthnError({
-        message: 'No entry in pubKeyCredParams was of type "public-key"',
-        code: "ERROR_MALFORMED_PUBKEYCREDPARAMS",
-        cause: error
-      });
-    }
-    return new WebAuthnError({
-      message: "No available authenticator supported any of the specified pubKeyCredParams algorithms",
-      code: "ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",
-      cause: error
-    });
-  } else if (error.name === "SecurityError") {
-    const effectiveDomain = globalThis.location.hostname;
-    if (!isValidDomain(effectiveDomain)) {
-      return new WebAuthnError({
-        message: `${globalThis.location.hostname} is an invalid domain`,
-        code: "ERROR_INVALID_DOMAIN",
-        cause: error
-      });
-    } else if (publicKey.rp.id !== effectiveDomain) {
-      return new WebAuthnError({
-        message: `The RP ID "${publicKey.rp.id}" is invalid for this domain`,
-        code: "ERROR_INVALID_RP_ID",
-        cause: error
-      });
-    }
-  } else if (error.name === "TypeError") {
-    if (publicKey.user.id.byteLength < 1 || publicKey.user.id.byteLength > 64) {
-      return new WebAuthnError({
-        message: "User ID was not between 1 and 64 characters",
-        code: "ERROR_INVALID_USER_ID_LENGTH",
-        cause: error
-      });
+  return result.value;
+}
+var methods = ["get", "post", "put", "patch", "delete"];
+var applySchemaPlugin = (config2) => ({
+  id: "apply-schema",
+  name: "Apply Schema",
+  version: "1.0.0",
+  async init(url, options) {
+    var _a2, _b, _c, _d;
+    const schema = ((_b = (_a2 = config2.plugins) == null ? void 0 : _a2.find(
+      (plugin) => {
+        var _a22;
+        return ((_a22 = plugin.schema) == null ? void 0 : _a22.config) ? url.startsWith(plugin.schema.config.baseURL || "") || url.startsWith(plugin.schema.config.prefix || "") : false;
+      }
+    )) == null ? void 0 : _b.schema) || config2.schema;
+    if (schema) {
+      let urlKey = url;
+      if ((_c = schema.config) == null ? void 0 : _c.prefix) {
+        if (urlKey.startsWith(schema.config.prefix)) {
+          urlKey = urlKey.replace(schema.config.prefix, "");
+          if (schema.config.baseURL) {
+            url = url.replace(schema.config.prefix, schema.config.baseURL);
+          }
+        }
+      }
+      if ((_d = schema.config) == null ? void 0 : _d.baseURL) {
+        if (urlKey.startsWith(schema.config.baseURL)) {
+          urlKey = urlKey.replace(schema.config.baseURL, "");
+        }
+      }
+      const keySchema = schema.schema[urlKey];
+      if (keySchema) {
+        let opts = __spreadProps(__spreadValues({}, options), {
+          method: keySchema.method,
+          output: keySchema.output
+        });
+        if (!(options == null ? void 0 : options.disableValidation)) {
+          opts = __spreadProps(__spreadValues({}, opts), {
+            body: keySchema.input ? await parseStandardSchema(keySchema.input, options == null ? void 0 : options.body) : options == null ? void 0 : options.body,
+            params: keySchema.params ? await parseStandardSchema(keySchema.params, options == null ? void 0 : options.params) : options == null ? void 0 : options.params,
+            query: keySchema.query ? await parseStandardSchema(keySchema.query, options == null ? void 0 : options.query) : options == null ? void 0 : options.query
+          });
+        }
+        return {
+          url,
+          options: opts
+        };
+      }
     }
-  } else if (error.name === "UnknownError") {
-    return new WebAuthnError({
-      message: "The authenticator was unable to process the specified options, or could not create a new credential",
-      code: "ERROR_AUTHENTICATOR_GENERAL_ERROR",
-      cause: error
-    });
+    return {
+      url,
+      options
+    };
   }
-  return error;
-}
-class BaseWebAuthnAbortService {
-  constructor() {
-    Object.defineProperty(this, "controller", {
-      enumerable: true,
-      configurable: true,
-      writable: true,
-      value: void 0
+});
+var createFetch = (config2) => {
+  async function $fetch(url, options) {
+    const opts = __spreadProps(__spreadValues(__spreadValues({}, config2), options), {
+      plugins: [...(config2 == null ? void 0 : config2.plugins) || [], applySchemaPlugin(config2 || {})]
     });
-  }
-  createNewAbortSignal() {
-    if (this.controller) {
-      const abortError = new Error("Cancelling existing WebAuthn API call for new one");
-      abortError.name = "AbortError";
-      this.controller.abort(abortError);
+    if (config2 == null ? void 0 : config2.catchAllError) {
+      try {
+        return await betterFetch(url, opts);
+      } catch (error) {
+        return {
+          data: null,
+          error: {
+            status: 500,
+            statusText: "Fetch Error",
+            message: "Fetch related error. Captured by catchAllError option. See error property for more details.",
+            error
+          }
+        };
+      }
     }
-    const newController = new AbortController();
-    this.controller = newController;
-    return newController.signal;
+    return await betterFetch(url, opts);
   }
-  cancelCeremony() {
-    if (this.controller) {
-      const abortError = new Error("Manually cancelling existing WebAuthn API call");
-      abortError.name = "AbortError";
-      this.controller.abort(abortError);
-      this.controller = void 0;
+  return $fetch;
+};
+function getURL2(url, option) {
+  let { baseURL, params, query } = option || {
+    query: {},
+    params: {},
+    baseURL: ""
+  };
+  let basePath = url.startsWith("http") ? url.split("/").slice(0, 3).join("/") : baseURL || "";
+  if (url.startsWith("@")) {
+    const m2 = url.toString().split("@")[1].split("/")[0];
+    if (methods.includes(m2)) {
+      url = url.replace(`@${m2}/`, "/");
     }
   }
-}
-const WebAuthnAbortService = new BaseWebAuthnAbortService();
-const attachments = ["cross-platform", "platform"];
-function toAuthenticatorAttachment(attachment) {
-  if (!attachment) {
-    return;
+  if (!basePath.endsWith("/")) basePath += "/";
+  let [path, urlQuery] = url.replace(basePath, "").split("?");
+  const queryParams = new URLSearchParams(urlQuery);
+  for (const [key2, value] of Object.entries(query || {})) {
+    if (value == null) continue;
+    queryParams.set(key2, String(value));
   }
-  if (attachments.indexOf(attachment) < 0) {
-    return;
+  if (params) {
+    if (Array.isArray(params)) {
+      const paramPaths = path.split("/").filter((p2) => p2.startsWith(":"));
+      for (const [index2, key2] of paramPaths.entries()) {
+        const value = params[index2];
+        path = path.replace(key2, value);
+      }
+    } else {
+      for (const [key2, value] of Object.entries(params)) {
+        path = path.replace(`:${key2}`, String(value));
+      }
+    }
   }
-  return attachment;
+  path = path.split("/").map(encodeURIComponent).join("/");
+  if (path.startsWith("/")) path = path.slice(1);
+  let queryParamString = queryParams.toString();
+  queryParamString = queryParamString.length > 0 ? `?${queryParamString}`.replace(/\+/g, "%20") : "";
+  if (!basePath.startsWith("http")) {
+    return `${basePath}${path}${queryParamString}`;
+  }
+  const _url2 = new URL(`${path}${queryParamString}`, basePath);
+  return _url2;
 }
-async function startRegistration(options) {
-  if (!options.optionsJSON && options.challenge) {
-    console.warn("startRegistration() was not called correctly. It will try to continue with the provided options, but this call should be refactored to use the expected call structure instead. See https://simplewebauthn.dev/docs/packages/browser#typeerror-cannot-read-properties-of-undefined-reading-challenge for more information.");
-    options = { optionsJSON: options };
+var betterFetch = async (url, options) => {
+  var _a2, _b, _c, _d, _e2, _f, _g, _h;
+  const {
+    hooks,
+    url: __url,
+    options: opts
+  } = await initializePlugins(url, options);
+  const fetch2 = getFetch(opts);
+  const controller = new AbortController();
+  const signal = (_a2 = opts.signal) != null ? _a2 : controller.signal;
+  const _url2 = getURL2(__url, opts);
+  const body = getBody(opts);
+  const headers = await getHeaders(opts);
+  const method = getMethod$1(__url, opts);
+  let context = __spreadProps(__spreadValues({}, opts), {
+    url: _url2,
+    headers,
+    body,
+    method,
+    signal
+  });
+  for (const onRequest of hooks.onRequest) {
+    if (onRequest) {
+      const res = await onRequest(context);
+      if (res instanceof Object) {
+        context = res;
+      }
+    }
   }
-  const { optionsJSON, useAutoRegister = false } = options;
-  if (!browserSupportsWebAuthn()) {
-    throw new Error("WebAuthn is not supported in this browser");
+  if ("pipeTo" in context && typeof context.pipeTo === "function" || typeof ((_b = options == null ? void 0 : options.body) == null ? void 0 : _b.pipe) === "function") {
+    if (!("duplex" in context)) {
+      context.duplex = "half";
+    }
   }
-  const publicKey = {
-    ...optionsJSON,
-    challenge: base64URLStringToBuffer(optionsJSON.challenge),
-    user: {
-      ...optionsJSON.user,
-      id: base64URLStringToBuffer(optionsJSON.user.id)
-    },
-    excludeCredentials: optionsJSON.excludeCredentials?.map(toPublicKeyCredentialDescriptor)
+  const { clearTimeout: clearTimeout2 } = getTimeout(opts, controller);
+  let response = await fetch2(context.url, context);
+  clearTimeout2();
+  const responseContext = {
+    response,
+    request: context
   };
-  const createOptions = {};
-  if (useAutoRegister) {
-    createOptions.mediation = "conditional";
-  }
-  createOptions.publicKey = publicKey;
-  createOptions.signal = WebAuthnAbortService.createNewAbortSignal();
-  let credential;
-  try {
-    credential = await navigator.credentials.create(createOptions);
-  } catch (err) {
-    throw identifyRegistrationError({ error: err, options: createOptions });
-  }
-  if (!credential) {
-    throw new Error("Registration was not completed");
+  for (const onResponse of hooks.onResponse) {
+    if (onResponse) {
+      const r2 = await onResponse(__spreadProps(__spreadValues({}, responseContext), {
+        response: ((_c = options == null ? void 0 : options.hookOptions) == null ? void 0 : _c.cloneResponse) ? response.clone() : response
+      }));
+      if (r2 instanceof Response) {
+        response = r2;
+      } else if (r2 instanceof Object) {
+        response = r2.response;
+      }
+    }
   }
-  const { id: id2, rawId, response, type } = credential;
-  let transports = void 0;
-  if (typeof response.getTransports === "function") {
-    transports = response.getTransports();
+  if (response.ok) {
+    const hasBody = context.method !== "HEAD";
+    if (!hasBody) {
+      return {
+        data: "",
+        error: null
+      };
+    }
+    const responseType = detectResponseType(response);
+    const successContext = {
+      data: "",
+      response,
+      request: context
+    };
+    if (responseType === "json" || responseType === "text") {
+      const text = await response.text();
+      const parser2 = (_d = context.jsonParser) != null ? _d : jsonParse;
+      const data = await parser2(text);
+      successContext.data = data;
+    } else {
+      successContext.data = await response[responseType]();
+    }
+    if (context == null ? void 0 : context.output) {
+      if (context.output && !context.disableValidation) {
+        successContext.data = await parseStandardSchema(
+          context.output,
+          successContext.data
+        );
+      }
+    }
+    for (const onSuccess of hooks.onSuccess) {
+      if (onSuccess) {
+        await onSuccess(__spreadProps(__spreadValues({}, successContext), {
+          response: ((_e2 = options == null ? void 0 : options.hookOptions) == null ? void 0 : _e2.cloneResponse) ? response.clone() : response
+        }));
+      }
+    }
+    if (options == null ? void 0 : options.throw) {
+      return successContext.data;
+    }
+    return {
+      data: successContext.data,
+      error: null
+    };
   }
-  let responsePublicKeyAlgorithm = void 0;
-  if (typeof response.getPublicKeyAlgorithm === "function") {
-    try {
-      responsePublicKeyAlgorithm = response.getPublicKeyAlgorithm();
-    } catch (error) {
-      warnOnBrokenImplementation("getPublicKeyAlgorithm()", error);
+  const parser = (_f = options == null ? void 0 : options.jsonParser) != null ? _f : jsonParse;
+  const responseText = await response.text();
+  const isJSONResponse = isJSONParsable(responseText);
+  const errorObject = isJSONResponse ? await parser(responseText) : null;
+  const errorContext = {
+    response,
+    responseText,
+    request: context,
+    error: __spreadProps(__spreadValues({}, errorObject), {
+      status: response.status,
+      statusText: response.statusText
+    })
+  };
+  for (const onError of hooks.onError) {
+    if (onError) {
+      await onError(__spreadProps(__spreadValues({}, errorContext), {
+        response: ((_g = options == null ? void 0 : options.hookOptions) == null ? void 0 : _g.cloneResponse) ? response.clone() : response
+      }));
     }
   }
-  let responsePublicKey = void 0;
-  if (typeof response.getPublicKey === "function") {
-    try {
-      const _publicKey = response.getPublicKey();
-      if (_publicKey !== null) {
-        responsePublicKey = bufferToBase64URLString(_publicKey);
+  if (options == null ? void 0 : options.retry) {
+    const retryStrategy = createRetryStrategy(options.retry);
+    const _retryAttempt = (_h = options.retryAttempt) != null ? _h : 0;
+    if (await retryStrategy.shouldAttemptRetry(_retryAttempt, response)) {
+      for (const onRetry of hooks.onRetry) {
+        if (onRetry) {
+          await onRetry(responseContext);
+        }
       }
-    } catch (error) {
-      warnOnBrokenImplementation("getPublicKey()", error);
+      const delay2 = retryStrategy.getDelay(_retryAttempt);
+      await new Promise((resolve) => setTimeout(resolve, delay2));
+      return await betterFetch(url, __spreadProps(__spreadValues({}, options), {
+        retryAttempt: _retryAttempt + 1
+      }));
     }
   }
-  let responseAuthenticatorData;
-  if (typeof response.getAuthenticatorData === "function") {
-    try {
-      responseAuthenticatorData = bufferToBase64URLString(response.getAuthenticatorData());
-    } catch (error) {
-      warnOnBrokenImplementation("getAuthenticatorData()", error);
-    }
+  if (options == null ? void 0 : options.throw) {
+    throw new BetterFetchError(
+      response.status,
+      response.statusText,
+      isJSONResponse ? errorObject : responseText
+    );
   }
   return {
-    id: id2,
-    rawId: bufferToBase64URLString(rawId),
-    response: {
-      attestationObject: bufferToBase64URLString(response.attestationObject),
-      clientDataJSON: bufferToBase64URLString(response.clientDataJSON),
-      transports,
-      publicKeyAlgorithm: responsePublicKeyAlgorithm,
-      publicKey: responsePublicKey,
-      authenticatorData: responseAuthenticatorData
-    },
-    type,
-    clientExtensionResults: credential.getClientExtensionResults(),
-    authenticatorAttachment: toAuthenticatorAttachment(credential.authenticatorAttachment)
+    data: null,
+    error: __spreadProps(__spreadValues({}, errorObject), {
+      status: response.status,
+      statusText: response.statusText
+    })
   };
-}
-function warnOnBrokenImplementation(methodName, cause) {
-  console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${methodName}. You should report this error to them.
-`, cause);
-}
-function browserSupportsWebAuthnAutofill() {
-  if (!browserSupportsWebAuthn()) {
-    return _browserSupportsWebAuthnAutofillInternals.stubThis(new Promise((resolve) => resolve(false)));
+};
+const kBroadcastChannel = Symbol.for("better-auth:broadcast-channel");
+const now$1 = () => Math.floor(Date.now() / 1e3);
+var WindowBroadcastChannel = class {
+  listeners = /* @__PURE__ */ new Set();
+  name;
+  constructor(name = "better-auth.message") {
+    this.name = name;
   }
-  const globalPublicKeyCredential = globalThis.PublicKeyCredential;
-  if (globalPublicKeyCredential?.isConditionalMediationAvailable === void 0) {
-    return _browserSupportsWebAuthnAutofillInternals.stubThis(new Promise((resolve) => resolve(false)));
+  subscribe(listener) {
+    this.listeners.add(listener);
+    return () => {
+      this.listeners.delete(listener);
+    };
   }
-  return _browserSupportsWebAuthnAutofillInternals.stubThis(globalPublicKeyCredential.isConditionalMediationAvailable());
+  post(message) {
+    if (typeof window === "undefined") return;
+    try {
+      localStorage.setItem(this.name, JSON.stringify({
+        ...message,
+        timestamp: now$1()
+      }));
+    } catch {
+    }
+  }
+  setup() {
+    if (typeof window === "undefined" || typeof window.addEventListener === "undefined") return () => {
+    };
+    const handler = (event) => {
+      if (event.key !== this.name) return;
+      const message = JSON.parse(event.newValue ?? "{}");
+      if (message?.event !== "session" || !message?.data) return;
+      this.listeners.forEach((listener) => listener(message));
+    };
+    window.addEventListener("storage", handler);
+    return () => {
+      window.removeEventListener("storage", handler);
+    };
+  }
+};
+function getGlobalBroadcastChannel(name = "better-auth.message") {
+  if (!globalThis[kBroadcastChannel]) globalThis[kBroadcastChannel] = new WindowBroadcastChannel(name);
+  return globalThis[kBroadcastChannel];
 }
-const _browserSupportsWebAuthnAutofillInternals = {
-  stubThis: (value) => value
+const kFocusManager = Symbol.for("better-auth:focus-manager");
+var WindowFocusManager = class {
+  listeners = /* @__PURE__ */ new Set();
+  subscribe(listener) {
+    this.listeners.add(listener);
+    return () => {
+      this.listeners.delete(listener);
+    };
+  }
+  setFocused(focused) {
+    this.listeners.forEach((listener) => listener(focused));
+  }
+  setup() {
+    if (typeof window === "undefined" || typeof document === "undefined" || typeof window.addEventListener === "undefined") return () => {
+    };
+    const visibilityHandler = () => {
+      if (document.visibilityState === "visible") this.setFocused(true);
+    };
+    document.addEventListener("visibilitychange", visibilityHandler, false);
+    return () => {
+      document.removeEventListener("visibilitychange", visibilityHandler, false);
+    };
+  }
 };
-function identifyAuthenticationError({ error, options }) {
-  const { publicKey } = options;
-  if (!publicKey) {
-    throw Error("options was missing required publicKey property");
+function getGlobalFocusManager() {
+  if (!globalThis[kFocusManager]) globalThis[kFocusManager] = new WindowFocusManager();
+  return globalThis[kFocusManager];
+}
+const kOnlineManager = Symbol.for("better-auth:online-manager");
+var WindowOnlineManager = class {
+  listeners = /* @__PURE__ */ new Set();
+  isOnline = typeof navigator !== "undefined" ? navigator.onLine : true;
+  subscribe(listener) {
+    this.listeners.add(listener);
+    return () => {
+      this.listeners.delete(listener);
+    };
   }
-  if (error.name === "AbortError") {
-    if (options.signal instanceof AbortSignal) {
-      return new WebAuthnError({
-        message: "Authentication ceremony was sent an abort signal",
-        code: "ERROR_CEREMONY_ABORTED",
-        cause: error
+  setOnline(online) {
+    this.isOnline = online;
+    this.listeners.forEach((listener) => listener(online));
+  }
+  setup() {
+    if (typeof window === "undefined" || typeof window.addEventListener === "undefined") return () => {
+    };
+    const onOnline = () => this.setOnline(true);
+    const onOffline = () => this.setOnline(false);
+    window.addEventListener("online", onOnline, false);
+    window.addEventListener("offline", onOffline, false);
+    return () => {
+      window.removeEventListener("online", onOnline, false);
+      window.removeEventListener("offline", onOffline, false);
+    };
+  }
+};
+function getGlobalOnlineManager() {
+  if (!globalThis[kOnlineManager]) globalThis[kOnlineManager] = new WindowOnlineManager();
+  return globalThis[kOnlineManager];
+}
+const isServer = () => typeof window === "undefined";
+const useAuthQuery = (initializedAtom, path, $fetch, options) => {
+  const value = /* @__PURE__ */ atom({
+    data: null,
+    error: null,
+    isPending: true,
+    isRefetching: false,
+    refetch: (queryParams) => fn(queryParams)
+  });
+  const fn = async (queryParams) => {
+    return new Promise((resolve) => {
+      const opts = typeof options === "function" ? options({
+        data: value.get().data,
+        error: value.get().error,
+        isPending: value.get().isPending
+      }) : options;
+      $fetch(path, {
+        ...opts,
+        query: {
+          ...opts?.query,
+          ...queryParams?.query
+        },
+        async onSuccess(context) {
+          value.set({
+            data: context.data,
+            error: null,
+            isPending: false,
+            isRefetching: false,
+            refetch: value.value.refetch
+          });
+          await opts?.onSuccess?.(context);
+        },
+        async onError(context) {
+          const { request } = context;
+          const retryAttempts = typeof request.retry === "number" ? request.retry : request.retry?.attempts;
+          const retryAttempt = request.retryAttempt || 0;
+          if (retryAttempts && retryAttempt < retryAttempts) return;
+          value.set({
+            error: context.error,
+            data: null,
+            isPending: false,
+            isRefetching: false,
+            refetch: value.value.refetch
+          });
+          await opts?.onError?.(context);
+        },
+        async onRequest(context) {
+          const currentValue = value.get();
+          value.set({
+            isPending: currentValue.data === null,
+            data: currentValue.data,
+            error: null,
+            isRefetching: true,
+            refetch: value.value.refetch
+          });
+          await opts?.onRequest?.(context);
+        }
+      }).catch((error) => {
+        value.set({
+          error,
+          data: null,
+          isPending: false,
+          isRefetching: false,
+          refetch: value.value.refetch
+        });
+      }).finally(() => {
+        resolve(void 0);
       });
-    }
-  } else if (error.name === "NotAllowedError") {
-    return new WebAuthnError({
-      message: error.message,
-      code: "ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",
-      cause: error
     });
-  } else if (error.name === "SecurityError") {
-    const effectiveDomain = globalThis.location.hostname;
-    if (!isValidDomain(effectiveDomain)) {
-      return new WebAuthnError({
-        message: `${globalThis.location.hostname} is an invalid domain`,
-        code: "ERROR_INVALID_DOMAIN",
-        cause: error
-      });
-    } else if (publicKey.rpId !== effectiveDomain) {
-      return new WebAuthnError({
-        message: `The RP ID "${publicKey.rpId}" is invalid for this domain`,
-        code: "ERROR_INVALID_RP_ID",
-        cause: error
+  };
+  initializedAtom = Array.isArray(initializedAtom) ? initializedAtom : [initializedAtom];
+  let isMounted = false;
+  for (const initAtom of initializedAtom) initAtom.subscribe(async () => {
+    if (isServer()) return;
+    if (isMounted) await fn();
+    else onMount(value, () => {
+      const timeoutId = setTimeout(async () => {
+        if (!isMounted) {
+          await fn();
+          isMounted = true;
+        }
+      }, 0);
+      return () => {
+        value.off();
+        initAtom.off();
+        clearTimeout(timeoutId);
+      };
+    });
+  });
+  return value;
+};
+const now = () => Math.floor(Date.now() / 1e3);
+const FOCUS_REFETCH_RATE_LIMIT_SECONDS = 5;
+function createSessionRefreshManager(opts) {
+  const { sessionAtom, sessionSignal, $fetch, options = {} } = opts;
+  const refetchInterval = options.sessionOptions?.refetchInterval ?? 0;
+  const refetchOnWindowFocus = options.sessionOptions?.refetchOnWindowFocus ?? true;
+  const refetchWhenOffline = options.sessionOptions?.refetchWhenOffline ?? false;
+  const state = {
+    lastSync: 0,
+    lastSessionRequest: 0,
+    cachedSession: void 0
+  };
+  const shouldRefetch = () => {
+    return refetchWhenOffline || getGlobalOnlineManager().isOnline;
+  };
+  const triggerRefetch = (event) => {
+    if (!shouldRefetch()) return;
+    if (event?.event === "storage") {
+      state.lastSync = now();
+      sessionSignal.set(!sessionSignal.get());
+      return;
+    }
+    const currentSession = sessionAtom.get();
+    if (event?.event === "poll") {
+      state.lastSessionRequest = now();
+      $fetch("/get-session").then((res) => {
+        sessionAtom.set({
+          ...currentSession,
+          data: res.data,
+          error: res.error || null
+        });
+        state.lastSync = now();
+        sessionSignal.set(!sessionSignal.get());
+      }).catch(() => {
       });
+      return;
     }
-  } else if (error.name === "UnknownError") {
-    return new WebAuthnError({
-      message: "The authenticator was unable to process the specified options, or could not create a new assertion signature",
-      code: "ERROR_AUTHENTICATOR_GENERAL_ERROR",
-      cause: error
+    if (event?.event === "visibilitychange") {
+      if (now() - state.lastSessionRequest < FOCUS_REFETCH_RATE_LIMIT_SECONDS && currentSession?.data !== null && currentSession?.data !== void 0) return;
+    }
+    if (currentSession?.data === null || currentSession?.data === void 0 || event?.event === "visibilitychange") {
+      if (event?.event === "visibilitychange") state.lastSessionRequest = now();
+      state.lastSync = now();
+      sessionSignal.set(!sessionSignal.get());
+    }
+  };
+  const broadcastSessionUpdate = (trigger) => {
+    getGlobalBroadcastChannel().post({
+      event: "session",
+      data: { trigger },
+      clientId: Math.random().toString(36).substring(7)
     });
-  }
-  return error;
+  };
+  const setupPolling = () => {
+    if (refetchInterval && refetchInterval > 0) state.pollInterval = setInterval(() => {
+      if (sessionAtom.get()?.data) triggerRefetch({ event: "poll" });
+    }, refetchInterval * 1e3);
+  };
+  const setupBroadcast = () => {
+    state.unsubscribeBroadcast = getGlobalBroadcastChannel().subscribe(() => {
+      triggerRefetch({ event: "storage" });
+    });
+  };
+  const setupFocusRefetch = () => {
+    if (!refetchOnWindowFocus) return;
+    state.unsubscribeFocus = getGlobalFocusManager().subscribe(() => {
+      triggerRefetch({ event: "visibilitychange" });
+    });
+  };
+  const setupOnlineRefetch = () => {
+    state.unsubscribeOnline = getGlobalOnlineManager().subscribe((online) => {
+      if (online) triggerRefetch({ event: "visibilitychange" });
+    });
+  };
+  const init2 = () => {
+    setupPolling();
+    setupBroadcast();
+    setupFocusRefetch();
+    setupOnlineRefetch();
+    getGlobalBroadcastChannel().setup();
+    getGlobalFocusManager().setup();
+    getGlobalOnlineManager().setup();
+  };
+  const cleanup = () => {
+    if (state.pollInterval) {
+      clearInterval(state.pollInterval);
+      state.pollInterval = void 0;
+    }
+    if (state.unsubscribeBroadcast) {
+      state.unsubscribeBroadcast();
+      state.unsubscribeBroadcast = void 0;
+    }
+    if (state.unsubscribeFocus) {
+      state.unsubscribeFocus();
+      state.unsubscribeFocus = void 0;
+    }
+    if (state.unsubscribeOnline) {
+      state.unsubscribeOnline();
+      state.unsubscribeOnline = void 0;
+    }
+    state.lastSync = 0;
+    state.lastSessionRequest = 0;
+    state.cachedSession = void 0;
+  };
+  return {
+    init: init2,
+    cleanup,
+    triggerRefetch,
+    broadcastSessionUpdate
+  };
 }
-async function startAuthentication(options) {
-  if (!options.optionsJSON && options.challenge) {
-    console.warn("startAuthentication() was not called correctly. It will try to continue with the provided options, but this call should be refactored to use the expected call structure instead. See https://simplewebauthn.dev/docs/packages/browser#typeerror-cannot-read-properties-of-undefined-reading-challenge for more information.");
-    options = { optionsJSON: options };
-  }
-  const { optionsJSON, useBrowserAutofill = false, verifyBrowserAutofillInput = true } = options;
-  if (!browserSupportsWebAuthn()) {
-    throw new Error("WebAuthn is not supported in this browser");
-  }
-  let allowCredentials;
-  if (optionsJSON.allowCredentials?.length !== 0) {
-    allowCredentials = optionsJSON.allowCredentials?.map(toPublicKeyCredentialDescriptor);
-  }
-  const publicKey = {
-    ...optionsJSON,
-    challenge: base64URLStringToBuffer(optionsJSON.challenge),
-    allowCredentials
+const redirectPlugin = {
+  id: "redirect",
+  name: "Redirect",
+  hooks: { onSuccess(context) {
+    if (context.data?.url && context.data?.redirect) {
+      if (typeof window !== "undefined" && window.location) {
+        if (window.location) try {
+          window.location.href = context.data.url;
+        } catch {
+        }
+      }
+    }
+  } }
+};
+function getSessionAtom($fetch, options) {
+  const $signal = /* @__PURE__ */ atom(false);
+  const session = useAuthQuery($signal, "/get-session", $fetch, { method: "GET" });
+  onMount(session, () => {
+    const refreshManager = createSessionRefreshManager({
+      sessionAtom: session,
+      sessionSignal: $signal,
+      $fetch,
+      options
+    });
+    refreshManager.init();
+    return () => {
+      refreshManager.cleanup();
+    };
+  });
+  return {
+    session,
+    $sessionSignal: $signal
   };
-  const getOptions = {};
-  if (useBrowserAutofill) {
-    if (!await browserSupportsWebAuthnAutofill()) {
-      throw Error("Browser does not support WebAuthn autofill");
+}
+const getClientConfig = (options, loadEnv) => {
+  const isCredentialsSupported = "credentials" in Request.prototype;
+  const baseURL = getBaseURL(options?.baseURL, options?.basePath) ?? "/api/auth";
+  const pluginsFetchPlugins = options?.plugins?.flatMap((plugin) => plugin.fetchPlugins).filter((pl) => pl !== void 0) || [];
+  const lifeCyclePlugin = {
+    id: "lifecycle-hooks",
+    name: "lifecycle-hooks",
+    hooks: {
+      onSuccess: options?.fetchOptions?.onSuccess,
+      onError: options?.fetchOptions?.onError,
+      onRequest: options?.fetchOptions?.onRequest,
+      onResponse: options?.fetchOptions?.onResponse
     }
-    const eligibleInputs = document.querySelectorAll("input[autocomplete$='webauthn']");
-    if (eligibleInputs.length < 1 && verifyBrowserAutofillInput) {
-      throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');
+  };
+  const { onSuccess, onError, onRequest, onResponse, ...restOfFetchOptions } = options?.fetchOptions || {};
+  const $fetch = createFetch({
+    baseURL,
+    ...isCredentialsSupported ? { credentials: "include" } : {},
+    method: "GET",
+    jsonParser(text) {
+      if (!text) return null;
+      return parseJSON(text, { strict: false });
+    },
+    customFetchImpl: fetch,
+    ...restOfFetchOptions,
+    plugins: [
+      lifeCyclePlugin,
+      ...restOfFetchOptions.plugins || [],
+      ...options?.disableDefaultFetchPlugins ? [] : [redirectPlugin],
+      ...pluginsFetchPlugins
+    ]
+  });
+  const { $sessionSignal, session } = getSessionAtom($fetch, options);
+  const plugins = options?.plugins || [];
+  let pluginsActions = {};
+  let pluginsAtoms = {
+    $sessionSignal,
+    session
+  };
+  let pluginPathMethods = {
+    "/sign-out": "POST",
+    "/revoke-sessions": "POST",
+    "/revoke-other-sessions": "POST",
+    "/delete-user": "POST"
+  };
+  const atomListeners = [{
+    signal: "$sessionSignal",
+    matcher(path) {
+      return path === "/sign-out" || path === "/update-user" || path === "/sign-up/email" || path === "/sign-in/email" || path === "/delete-user" || path === "/verify-email" || path === "/revoke-sessions" || path === "/revoke-session" || path === "/change-email";
     }
-    getOptions.mediation = "conditional";
-    publicKey.allowCredentials = [];
-  }
-  getOptions.publicKey = publicKey;
-  getOptions.signal = WebAuthnAbortService.createNewAbortSignal();
-  let credential;
-  try {
-    credential = await navigator.credentials.get(getOptions);
-  } catch (err) {
-    throw identifyAuthenticationError({ error: err, options: getOptions });
-  }
-  if (!credential) {
-    throw new Error("Authentication was not completed");
-  }
-  const { id: id2, rawId, response, type } = credential;
-  let userHandle = void 0;
-  if (response.userHandle) {
-    userHandle = bufferToBase64URLString(response.userHandle);
+  }];
+  for (const plugin of plugins) {
+    if (plugin.getAtoms) Object.assign(pluginsAtoms, plugin.getAtoms?.($fetch));
+    if (plugin.pathMethods) Object.assign(pluginPathMethods, plugin.pathMethods);
+    if (plugin.atomListeners) atomListeners.push(...plugin.atomListeners);
   }
-  return {
-    id: id2,
-    rawId: bufferToBase64URLString(rawId),
-    response: {
-      authenticatorData: bufferToBase64URLString(response.authenticatorData),
-      clientDataJSON: bufferToBase64URLString(response.clientDataJSON),
-      signature: bufferToBase64URLString(response.signature),
-      userHandle
+  const $store = {
+    notify: (signal) => {
+      pluginsAtoms[signal].set(!pluginsAtoms[signal].get());
     },
-    type,
-    clientExtensionResults: credential.getClientExtensionResults(),
-    authenticatorAttachment: toAuthenticatorAttachment(credential.authenticatorAttachment)
+    listen: (signal, listener) => {
+      pluginsAtoms[signal].subscribe(listener);
+    },
+    atoms: pluginsAtoms
   };
-}
-const twoFactorClient = (options) => {
+  for (const plugin of plugins) if (plugin.getActions) Object.assign(pluginsActions, plugin.getActions?.($fetch, $store, options));
   return {
-    id: "two-factor",
-    $InferServerPlugin: {},
-    atomListeners: [
-      {
-        matcher: (path) => path.startsWith("/two-factor/"),
-        signal: "$sessionSignal"
-      }
-    ],
-    pathMethods: {
-      "/two-factor/disable": "POST",
-      "/two-factor/enable": "POST",
-      "/two-factor/send-otp": "POST",
-      "/two-factor/generate-backup-codes": "POST"
+    get baseURL() {
+      return baseURL;
     },
-    fetchPlugins: [
-      {
-        id: "two-factor",
-        name: "two-factor",
-        hooks: {
+    pluginsActions,
+    pluginsAtoms,
+    pluginPathMethods,
+    atomListeners,
+    $fetch,
+    $store
+  };
+};
+function isAtom(value) {
+  return typeof value === "object" && value !== null && "get" in value && typeof value.get === "function" && "lc" in value && typeof value.lc === "number";
+}
+function getMethod(path, knownPathMethods, args) {
+  const method = knownPathMethods[path];
+  const { fetchOptions, query, ...body } = args || {};
+  if (method) return method;
+  if (fetchOptions?.method) return fetchOptions.method;
+  if (body && Object.keys(body).length > 0) return "POST";
+  return "GET";
+}
+function createDynamicPathProxy(routes, client2, knownPathMethods, atoms, atomListeners) {
+  function createProxy(path = []) {
+    return new Proxy(function() {
+    }, {
+      get(_2, prop) {
+        if (typeof prop !== "string") return;
+        if (prop === "then" || prop === "catch" || prop === "finally") return;
+        const fullPath = [...path, prop];
+        let current = routes;
+        for (const segment of fullPath) if (current && typeof current === "object" && segment in current) current = current[segment];
+        else {
+          current = void 0;
+          break;
+        }
+        if (typeof current === "function") return current;
+        if (isAtom(current)) return current;
+        return createProxy(fullPath);
+      },
+      apply: async (_2, __, args) => {
+        const routePath = "/" + path.map((segment) => segment.replace(/[A-Z]/g, (letter) => `-${letter.toLowerCase()}`)).join("/");
+        const arg = args[0] || {};
+        const fetchOptions = args[1] || {};
+        const { query, fetchOptions: argFetchOptions, ...body } = arg;
+        const options = {
+          ...fetchOptions,
+          ...argFetchOptions
+        };
+        const method = getMethod(routePath, knownPathMethods, arg);
+        return await client2(routePath, {
+          ...options,
+          body: method === "GET" ? void 0 : {
+            ...body,
+            ...options?.body || {}
+          },
+          query: query || options?.query,
+          method,
           async onSuccess(context) {
-            if (context.data?.twoFactorRedirect) {
-              if (options?.onTwoFactorRedirect) {
-                await options.onTwoFactorRedirect();
-              }
+            await options?.onSuccess?.(context);
+            if (!atomListeners || options.disableSignal) return;
+            const matches = atomListeners.filter((s2) => s2.matcher(routePath));
+            if (!matches.length) return;
+            for (const match of matches) {
+              const signal = atoms[match.signal];
+              if (!signal) return;
+              const val = signal.get();
+              setTimeout(() => {
+                signal.set(!val);
+              }, 10);
             }
           }
-        }
+        });
       }
-    ]
-  };
-};
-const getPasskeyActions = ($fetch, {
-  $listPasskeys,
-  $store
-}) => {
+    });
+  }
+  return createProxy();
+}
+function createAuthClient(options) {
+  const { pluginPathMethods, pluginsActions, pluginsAtoms, $fetch, atomListeners, $store } = getClientConfig(options);
+  let resolvedHooks = {};
+  for (const [key2, value] of Object.entries(pluginsAtoms)) resolvedHooks[`use${capitalizeFirstLetter(key2)}`] = value;
+  return createDynamicPathProxy({
+    ...pluginsActions,
+    ...resolvedHooks,
+    $fetch,
+    $store
+  }, $fetch, pluginPathMethods, pluginsAtoms, atomListeners);
+}
+const getPasskeyActions = ($fetch, { $listPasskeys, $store }) => {
   const signInPasskey = async (opts, options) => {
-    const response = await $fetch(
-      "/passkey/generate-authenticate-options",
-      {
-        method: "POST",
-        throw: false
-      }
-    );
-    if (!response.data) {
-      return response;
-    }
+    const response = await $fetch("/passkey/generate-authenticate-options", {
+      method: "GET",
+      throw: false
+    });
+    if (!response.data) return response;
     try {
-      const res = await startAuthentication({
-        optionsJSON: response.data,
-        useBrowserAutofill: opts?.autoFill
-      });
       const verified = await $fetch("/passkey/verify-authentication", {
-        body: {
-          response: res
-        },
+        body: { response: await startAuthentication({
+          optionsJSON: response.data,
+          useBrowserAutofill: opts?.autoFill
+        }) },
         ...opts?.fetchOptions,
         ...options,
         method: "POST",
@@ -39800,24 +39793,15 @@ const getPasskeyActions = ($fetch, {
     }
   };
   const registerPasskey = async (opts, fetchOpts) => {
-    const options = await $fetch(
-      "/passkey/generate-register-options",
-      {
-        method: "GET",
-        query: {
-          ...opts?.authenticatorAttachment && {
-            authenticatorAttachment: opts.authenticatorAttachment
-          },
-          ...opts?.name && {
-            name: opts.name
-          }
-        },
-        throw: false
-      }
-    );
-    if (!options.data) {
-      return options;
-    }
+    const options = await $fetch("/passkey/generate-register-options", {
+      method: "GET",
+      query: {
+        ...opts?.authenticatorAttachment && { authenticatorAttachment: opts.authenticatorAttachment },
+        ...opts?.name && { name: opts.name }
+      },
+      throw: false
+    });
+    if (!options.data) return options;
     try {
       const res = await startRegistration({
         optionsJSON: options.data,
@@ -39833,34 +39817,29 @@ const getPasskeyActions = ($fetch, {
         method: "POST",
         throw: false
       });
-      if (!verified.data) {
-        return verified;
-      }
+      if (!verified.data) return verified;
       $listPasskeys.set(Math.random());
+      return verified;
     } catch (e) {
       if (e instanceof WebAuthnError) {
-        if (e.code === "ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED") {
-          return {
-            data: null,
-            error: {
-              code: e.code,
-              message: "previously registered",
-              status: 400,
-              statusText: "BAD_REQUEST"
-            }
-          };
-        }
-        if (e.code === "ERROR_CEREMONY_ABORTED") {
-          return {
-            data: null,
-            error: {
-              code: e.code,
-              message: "registration cancelled",
-              status: 400,
-              statusText: "BAD_REQUEST"
-            }
-          };
-        }
+        if (e.code === "ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED") return {
+          data: null,
+          error: {
+            code: e.code,
+            message: "previously registered",
+            status: 400,
+            statusText: "BAD_REQUEST"
+          }
+        };
+        if (e.code === "ERROR_CEREMONY_ABORTED") return {
+          data: null,
+          error: {
+            code: e.code,
+            message: "registration cancelled",
+            status: 400,
+            statusText: "BAD_REQUEST"
+          }
+        };
         return {
           data: null,
           error: {
@@ -39883,21 +39862,8 @@ const getPasskeyActions = ($fetch, {
     }
   };
   return {
-    signIn: {
-      /**
-       * Sign in with a registered passkey
-       */
-      passkey: signInPasskey
-    },
-    passkey: {
-      /**
-       * Add a passkey to the user account
-       */
-      addPasskey: registerPasskey
-    },
-    /**
-     * Inferred Internal Types
-     */
+    signIn: { passkey: signInPasskey },
+    passkey: { addPasskey: registerPasskey },
     $Infer: {}
   };
 };
@@ -39911,16 +39877,8 @@ const passkeyClient = () => {
       $store
     }),
     getAtoms($fetch) {
-      const listPasskeys = useAuthQuery(
-        $listPasskeys,
-        "/passkey/list-user-passkeys",
-        $fetch,
-        {
-          method: "GET"
-        }
-      );
       return {
-        listPasskeys,
+        listPasskeys: useAuthQuery($listPasskeys, "/passkey/list-user-passkeys", $fetch, { method: "GET" }),
         $listPasskeys
       };
     },
@@ -39928,18 +39886,40 @@ const passkeyClient = () => {
       "/passkey/register": "POST",
       "/passkey/authenticate": "POST"
     },
-    atomListeners: [
-      {
-        matcher(path) {
-          return path === "/passkey/verify-registration" || path === "/passkey/delete-passkey" || path === "/passkey/update-passkey" || path === "/sign-out";
-        },
-        signal: "$listPasskeys"
+    atomListeners: [{
+      matcher(path) {
+        return path === "/passkey/verify-registration" || path === "/passkey/delete-passkey" || path === "/passkey/update-passkey" || path === "/sign-out";
       },
-      {
-        matcher: (path) => path === "/passkey/verify-authentication",
-        signal: "$sessionSignal"
-      }
-    ]
+      signal: "$listPasskeys"
+    }, {
+      matcher: (path) => path === "/passkey/verify-authentication",
+      signal: "$sessionSignal"
+    }]
+  };
+};
+const twoFactorClient = (options) => {
+  return {
+    id: "two-factor",
+    $InferServerPlugin: {},
+    atomListeners: [{
+      matcher: (path) => path.startsWith("/two-factor/"),
+      signal: "$sessionSignal"
+    }],
+    pathMethods: {
+      "/two-factor/disable": "POST",
+      "/two-factor/enable": "POST",
+      "/two-factor/send-otp": "POST",
+      "/two-factor/generate-backup-codes": "POST"
+    },
+    fetchPlugins: [{
+      id: "two-factor",
+      name: "two-factor",
+      hooks: { async onSuccess(context) {
+        if (context.data?.twoFactorRedirect) {
+          if (options?.onTwoFactorRedirect) await options.onTwoFactorRedirect();
+        }
+      } }
+    }]
   };
 };
 const magicLinkClient = () => {
@@ -50472,7 +50452,7 @@ const CodeDefault = ({
     })
   })
 });
-const CodeBlockShiki = reactExports.lazy(() => __vitePreload(() => import("./CodeBlockShiki-C3xG8AyL.js"), true ? [] : void 0).then((mod) => ({
+const CodeBlockShiki = reactExports.lazy(() => __vitePreload(() => import("./CodeBlockShiki-By6BGsDF.js"), true ? [] : void 0).then((mod) => ({
   default: mod.CodeBlockShiki
 })));
 const CodeBlock = ({