lingcode-js 1.0.0

package/README.md

@@ -0,0 +1,125 @@
+# lingcode-js
+
+Official client SDK for a [LingCode](https://lingcode.dev) managed backend — database, auth, realtime, storage, serverless functions, vector search, and push, in one zero-dependency client.
+
+## Install
+
+```bash
+npm install lingcode-js
+```
+
+Or drop it in with a `<script>` tag (no build step):
+
+```html
+<script src="https://lingcode.dev/sdk/lingcode-v1.js"></script>
+<script>
+  const lingcode = LingCode.createClient(BACKEND_URL, ANON_KEY);
+</script>
+```
+
+> In apps built with LingCode `/try`, a ready `window.lingcode` is **already injected** — you can skip `createClient` entirely.
+
+## Quick start
+
+```js
+import { createClient } from "lingcode-js";
+
+const lingcode = createClient(
+  "https://lingcode.dev/api/cloud/be/<your-backend-id>",
+  "<your-anon-key>"
+);
+```
+
+## Database
+
+Supabase-style query builder — filters first, terminal op last.
+
+```js
+// Select
+const { data, error } = await lingcode
+  .from("todos")
+  .eq("done", false)
+  .order("created_at", { ascending: false })
+  .limit(50)
+  .select();
+
+// Insert
+await lingcode.from("todos").insert({ title: "Buy milk" });
+
+// Update / delete (a filter is REQUIRED)
+await lingcode.from("todos").eq("id", 1).update({ done: true });
+await lingcode.from("todos").eq("id", 1).delete();
+```
+
+Filters: `.eq .neq .gt .gte .lt .lte .like .ilike .in(col, [...]) .is(col, null | "not_null") .match({ ... })`.
+
+## Realtime
+
+```js
+const off = lingcode.from("todos").subscribe(({ type, row }) => {
+  // type: "INSERT" | "UPDATE" | "DELETE" — patch your UI
+});
+// later: off();
+```
+
+Server-side RLS means a signed-in user only ever receives their own rows.
+
+## Auth
+
+The SDK persists the session and auto-attaches it to later calls.
+
+```js
+await lingcode.auth.signUp({ email, password });
+await lingcode.auth.signIn({ email, password });
+
+// Passwordless (the SDK finalizes the link/redirect automatically)
+await lingcode.auth.sendMagicLink({ email });
+await lingcode.ready;            // wait for redirect-session consumption on load
+lingcode.auth.getUser();         // { id, email } | null
+
+// Social (only render buttons whose provider is available)
+const providers = await lingcode.auth.getProviders();
+if (providers.google?.available) lingcode.auth.signInWithOAuth("google");
+
+// Email code
+await lingcode.auth.sendOtp({ email });
+await lingcode.auth.verifyOtp({ email, code });
+
+await lingcode.auth.signOut();
+```
+
+## Storage
+
+```js
+const { data } = await lingcode.storage.from("public").upload("avatars/me.png", file);
+const url = lingcode.storage.from("public").getPublicUrl("avatars/me.png");
+await lingcode.storage.from("public").remove("avatars/me.png");
+```
+
+## Functions
+
+```js
+const { data } = await lingcode.functions.invoke("send-email", { to, subject, html });
+```
+
+## Vector search
+
+```js
+const { data } = await lingcode.vector.search({
+  table: "docs", column: "embedding", embedding: queryVec, limit: 5, metric: "cosine",
+});
+// Optional managed embeddings:
+const { data: e } = await lingcode.vector.embed("some text"); // e.embedding
+```
+
+## Push notifications (Web Push)
+
+```js
+await lingcode.push.subscribe(); // registers the service worker + subscribes
+```
+
+The owner sends notifications from the LingCode Cloud console (or the backend API). For apps served on their own origin, host the service worker at your origin and pass `{ serviceWorker: "/lingcode-sw.js" }`.
+
+## License
+
+MIT

package/index.d.ts

@@ -0,0 +1,166 @@
+// Type definitions for lingcode-js
+// Project: https://lingcode.dev
+
+export interface LingCodeError extends Error {
+  /** Server error code, e.g. "where_required", "object_not_found", or null. */
+  code: string | null;
+  /** HTTP status (0 for client-side errors). */
+  status: number;
+}
+
+/** Supabase-style result envelope: check `error` before using `data`. */
+export interface Result<T = any> {
+  data: T | null;
+  error: LingCodeError | null;
+}
+
+export interface User {
+  id: string | null;
+  email: string | null;
+}
+
+export interface Session {
+  user: User | null;
+  token: string;
+}
+
+/** A live row-change event delivered to `.subscribe()`. */
+export interface ChangeEvent<T = any> {
+  table: string;
+  type: "INSERT" | "UPDATE" | "DELETE";
+  row: T;
+}
+
+/** Cancels a realtime subscription. */
+export type Unsubscribe = () => void;
+
+/**
+ * Chainable query builder. Add filters (`.eq`, `.in`, …) and modifiers
+ * (`.order`, `.limit`) before a terminal op (`.select`, `.insert`,
+ * `.update`, `.delete`). `.update()`/`.delete()` REQUIRE a filter.
+ */
+export interface QueryBuilder<T = any> {
+  eq(column: string, value: any): this;
+  neq(column: string, value: any): this;
+  gt(column: string, value: any): this;
+  gte(column: string, value: any): this;
+  lt(column: string, value: any): this;
+  lte(column: string, value: any): this;
+  like(column: string, value: string): this;
+  ilike(column: string, value: string): this;
+  in(column: string, values: any[]): this;
+  /** `.is(col, null)` → IS NULL; `.is(col, "not_null")` → IS NOT NULL. */
+  is(column: string, value: null | "not_null"): this;
+  /** Merge several equality filters at once. */
+  match(filters: Record<string, any>): this;
+  order(column: string, opts?: { ascending?: boolean }): this;
+  limit(n: number): this;
+  range(from: number, to: number): this;
+
+  select(): Promise<Result<T[]>>;
+  insert(row: Partial<T> | Partial<T>[]): Promise<Result<T[]>>;
+  /** Requires a filter (.eq/.match). */
+  update(patch: Partial<T>): Promise<Result<T[]>>;
+  /** Requires a filter (.eq/.match). */
+  delete(): Promise<Result<T[]>>;
+
+  /** Subscribe to live INSERT/UPDATE/DELETE events (RLS-filtered). */
+  subscribe(
+    onChange: (event: ChangeEvent<T>) => void,
+    onError?: (e: Event) => void
+  ): Unsubscribe;
+}
+
+export interface ProviderInfo {
+  available: boolean;
+  source?: string | null;
+}
+
+export interface AuthApi {
+  signUp(creds: { email: string; password: string }): Promise<Result<Session>>;
+  signIn(creds: { email: string; password: string }): Promise<Result<Session>>;
+  signInWithPassword(creds: { email: string; password: string }): Promise<Result<Session>>;
+  /** Top-level navigation to the provider; on return the session is auto-stored. */
+  signInWithOAuth(provider: "google" | "github" | "apple" | string, opts?: { redirectTo?: string }): void;
+  /** Which OAuth providers are enabled for this backend. */
+  getProviders(): Promise<Record<string, ProviderInfo>>;
+  sendMagicLink(opts: { email: string; redirectTo?: string }): Promise<Result<{ sent: boolean }>>;
+  verifyMagicLink(token: string): Promise<Result<Session>>;
+  sendOtp(opts: { email: string }): Promise<Result<{ sent: boolean }>>;
+  verifyOtp(opts: { email: string; code: string }): Promise<Result<Session>>;
+  getUser(): User | null;
+  getToken(): string | null;
+  /** OAuth error code from the last redirect, if any. */
+  lastError(): string | null;
+  signOut(): Promise<{ error: null }>;
+}
+
+export interface StorageBucket {
+  upload(path: string, file: Blob | File | ArrayBuffer | string, opts?: { contentType?: string }): Promise<Result<{ bucket: string; path: string; bytes: number; url: string }>>;
+  download(path: string): Promise<Result<Blob>>;
+  getPublicUrl(path: string): string;
+  remove(path: string): Promise<Result<{ removed: boolean }>>;
+}
+
+export interface StorageApi {
+  from(bucket: string): StorageBucket;
+}
+
+export interface FunctionsApi {
+  invoke<T = any>(slug: string, body?: any): Promise<Result<T>>;
+}
+
+export interface VectorApi {
+  search<T = any>(query: {
+    table: string;
+    column: string;
+    embedding: number[];
+    limit?: number;
+    metric?: "cosine" | "l2" | "ip";
+  }): Promise<Result<T[]>>;
+  embed(input: string | string[]): Promise<Result<{ embedding: number[]; embeddings: number[][]; model: string; dimensions: number }>>;
+}
+
+export interface PushApi {
+  isSupported(): boolean;
+  /** Registers the service worker + subscribes via PushManager, then stores the subscription. */
+  subscribe(opts?: { serviceWorker?: string }): Promise<Result<any>>;
+}
+
+export interface LingCodeClient {
+  readonly url: string;
+  readonly anonKey: string;
+  readonly backendId: string;
+  /** Resolves after any auth redirect in the URL is consumed. */
+  readonly ready: Promise<LingCodeClient>;
+  from<T = any>(table: string): QueryBuilder<T>;
+  auth: AuthApi;
+  storage: StorageApi;
+  functions: FunctionsApi;
+  vector: VectorApi;
+  push: PushApi;
+}
+
+export interface CreateClientOptions {
+  /** Set false to skip reading ?lc_session/?lc_magic from the URL on construct. */
+  detectSessionInUrl?: boolean;
+}
+
+export function createClient(url: string, anonKey: string, options?: CreateClientOptions): LingCodeClient;
+export const version: string;
+
+declare const LingCode: {
+  createClient: typeof createClient;
+  version: string;
+};
+export default LingCode;
+
+declare global {
+  interface Window {
+    LingCode: typeof LingCode;
+    /** Pre-injected in LingCode /try preview & published apps. */
+    lingcode?: LingCodeClient;
+    LINGCODE_BACKEND_URL?: string;
+    LINGCODE_BACKEND_ANON_KEY?: string;
+  }
+}

package/index.mjs

@@ -0,0 +1,9 @@
+// ESM entry for lingcode-js. The implementation lives in the UMD file
+// lingcode-v1.js (one source of truth, also served at lingcode.dev/sdk and used
+// as the browser <script> build). Node ESM + bundlers interop the CJS default
+// export; this shim re-exports it as named + default ESM bindings.
+import LingCode from './lingcode-v1.js';
+
+export const createClient = LingCode.createClient;
+export const version = LingCode.version;
+export default LingCode;

package/lingcode-sw.js

@@ -0,0 +1,46 @@
+/*!
+ * lingcode-sw.js — service worker for LingCode Web Push.
+ *
+ * Registered by the SDK's client.push.subscribe(). Renders incoming push
+ * payloads as notifications and focuses/opens the app on click. The push SEND
+ * path (per-backend VAPID keys, /push/subscribe + /push/send routes) lands with
+ * the notifications update — this worker is the stable client half, shipped with
+ * the SDK so the subscribe() flow has something to register.
+ *
+ * Note on scope: a service worker only controls pages under the path it's served
+ * from. Apps served on their own origin should host this file at their origin
+ * root (or pass { serviceWorker } to push.subscribe) so it can claim the app.
+ */
+'use strict';
+
+self.addEventListener('install', function () { self.skipWaiting(); });
+self.addEventListener('activate', function (event) { event.waitUntil(self.clients.claim()); });
+
+self.addEventListener('push', function (event) {
+  var payload = {};
+  try { payload = event.data ? event.data.json() : {}; } catch (_) {
+    try { payload = { body: event.data ? event.data.text() : '' }; } catch (__) { payload = {}; }
+  }
+  var title = payload.title || 'Notification';
+  var options = {
+    body: payload.body || '',
+    icon: payload.icon,
+    badge: payload.badge,
+    data: { url: payload.url || '/' },
+    tag: payload.tag,
+  };
+  event.waitUntil(self.registration.showNotification(title, options));
+});
+
+self.addEventListener('notificationclick', function (event) {
+  event.notification.close();
+  var target = (event.notification.data && event.notification.data.url) || '/';
+  event.waitUntil(
+    self.clients.matchAll({ type: 'window', includeUncontrolled: true }).then(function (list) {
+      for (var i = 0; i < list.length; i++) {
+        if (list[i].url === target && 'focus' in list[i]) return list[i].focus();
+      }
+      if (self.clients.openWindow) return self.clients.openWindow(target);
+    })
+  );
+});

package/lingcode-v1.js

@@ -0,0 +1,343 @@
+/*!
+ * lingcode-js v1 — the official client SDK for a LingCode managed backend.
+ *
+ * Zero dependencies, no build step. Wraps the gateway REST endpoints
+ * (/api/cloud/be/<id>/*) in a Supabase/Firebase-shaped client so apps write
+ *   client.from('todos').eq('done', false).select()
+ * instead of hand-rolled fetch().
+ *
+ * Loaded into generated/published apps via a <script> tag; the preview also
+ * pre-injects `window.lingcode` already wired to the app's backend. Keeping the
+ * two globals (window.LINGCODE_BACKEND_URL / _ANON_KEY) means raw-fetch apps
+ * keep working — the SDK is purely additive.
+ *
+ * Versioned filename (lingcode-v1.js): bump to -v2 only on a BREAKING change so
+ * the 4h CDN edge cache never strands an app on an incompatible build.
+ */
+(function (global, factory) {
+  if (typeof module === 'object' && module.exports) module.exports = factory();
+  else global.LingCode = factory();
+})(typeof self !== 'undefined' ? self : this, function () {
+  'use strict';
+
+  // ── small helpers ────────────────────────────────────────────────────
+  function trimSlash(s) { return String(s || '').replace(/\/+$/, ''); }
+  function lastSegment(u) { var p = trimSlash(u).split('/'); return p[p.length - 1] || ''; }
+
+  function makeError(message, code, status) {
+    var e = new Error(message || 'Request failed');
+    e.code = code || null; e.status = status || 0; e.name = 'LingCodeError';
+    return e;
+  }
+
+  // Base64-decode a JWT payload (no verification — purely to read sub/email
+  // for getUser() after an OAuth round-trip where we only receive the token).
+  function decodeJwt(token) {
+    try {
+      var part = String(token).split('.')[1];
+      if (!part) return null;
+      var b64 = part.replace(/-/g, '+').replace(/_/g, '/');
+      while (b64.length % 4) b64 += '=';
+      return JSON.parse(decodeURIComponent(escape(atob(b64))));
+    } catch (_) { return null; }
+  }
+
+  // Turn a File/Blob/ArrayBuffer/string into base64 for storage uploads.
+  function toBase64(input) {
+    function bytesToB64(bytes) {
+      var binary = '', chunk = 0x8000;
+      for (var i = 0; i < bytes.length; i += chunk) {
+        binary += String.fromCharCode.apply(null, bytes.subarray(i, i + chunk));
+      }
+      return btoa(binary);
+    }
+    if (typeof input === 'string') return Promise.resolve(btoa(unescape(encodeURIComponent(input))));
+    if (input instanceof ArrayBuffer) return Promise.resolve(bytesToB64(new Uint8Array(input)));
+    if (input && typeof input.arrayBuffer === 'function') {
+      return input.arrayBuffer().then(function (buf) { return bytesToB64(new Uint8Array(buf)); });
+    }
+    return Promise.reject(makeError('upload() needs a File, Blob, ArrayBuffer or string', 'invalid_input'));
+  }
+
+  function lsGet(key) { try { return JSON.parse(localStorage.getItem(key) || 'null'); } catch (_) { return null; } }
+  function lsSet(key, val) { try { localStorage.setItem(key, JSON.stringify(val)); } catch (_) {} }
+  function lsDel(key) { try { localStorage.removeItem(key); } catch (_) {} }
+
+  // ── the client ───────────────────────────────────────────────────────
+  function createClient(url, anonKey, options) {
+    return new LingCodeClient(url, anonKey, options || {});
+  }
+
+  function LingCodeClient(url, anonKey, options) {
+    this.url = trimSlash(url);
+    this.anonKey = String(anonKey || '');
+    this.backendId = lastSegment(this.url);
+    this._sessionKey = 'lingcode.session.' + this.backendId;
+    this._session = lsGet(this._sessionKey); // { user, token } | null
+
+    this.auth = new AuthApi(this);
+    this.storage = new StorageNamespace(this);
+    this.functions = new FunctionsApi(this);
+    this.vector = new VectorApi(this);
+    this.push = new PushApi(this);
+
+    // Finalize any OAuth / magic-link redirect sitting in the URL. `ready`
+    // resolves once that's done so apps can `await client.ready` before reading
+    // getUser(). Sync sources (lc_session) resolve immediately.
+    this.ready = (options.detectSessionInUrl === false)
+      ? Promise.resolve(this)
+      : this._consumeUrlSession();
+  }
+
+  // The bearer to send: the signed-in user's JWT when present, else the anon key.
+  LingCodeClient.prototype._token = function () {
+    return (this._session && this._session.token) || this.anonKey;
+  };
+
+  LingCodeClient.prototype._setSession = function (data) {
+    if (!data || !data.token) return data;
+    this._session = { user: data.user || decodeUserFromToken(data.token), token: data.token };
+    lsSet(this._sessionKey, this._session);
+    return data;
+  };
+
+  // Core POST → unwrap { ok, data } → return data, or throw a normalized error.
+  LingCodeClient.prototype._req = function (op, body) {
+    var self = this;
+    return fetch(self.url + '/' + op, {
+      method: 'POST',
+      headers: { 'content-type': 'application/json', authorization: 'Bearer ' + self._token() },
+      body: JSON.stringify(body || {}),
+    }).then(function (res) {
+      return res.json().catch(function () { return null; }).then(function (json) {
+        if (!res.ok || !json || json.ok === false) {
+          throw makeError((json && (json.message || json.error)) || ('HTTP ' + res.status),
+            json && json.error, res.status);
+        }
+        return json.data;
+      });
+    });
+  };
+
+  LingCodeClient.prototype._get = function (path) {
+    var self = this;
+    return fetch(self.url + path, { headers: { authorization: 'Bearer ' + self._token() } })
+      .then(function (res) { return res.json().catch(function () { return null; }).then(function (j) { return { res: res, json: j }; }); });
+  };
+
+  LingCodeClient.prototype.from = function (table) { return new Query(this, table); };
+
+  // Read the URL for a session handed back by an auth redirect, finalize it,
+  // and strip the params so a refresh doesn't re-trigger.
+  LingCodeClient.prototype._consumeUrlSession = function () {
+    var self = this;
+    if (typeof location === 'undefined' || typeof URLSearchParams === 'undefined') return Promise.resolve(self);
+    var qs = new URLSearchParams(location.search);
+    var done = function () {
+      ['lc_session', 'lc_magic', 'lc_error'].forEach(function (k) { qs.delete(k); });
+      try {
+        var rest = qs.toString();
+        var clean = location.pathname + (rest ? '?' + rest : '') + location.hash;
+        history.replaceState(null, '', clean);
+      } catch (_) {}
+      return self;
+    };
+    var sess = qs.get('lc_session');
+    if (sess) { self._setSession({ token: sess }); return Promise.resolve(done()); }
+    var magic = qs.get('lc_magic');
+    if (magic) {
+      return self._req('auth/magiclink/verify', { token: magic })
+        .then(function (d) { self._setSession(d); }).catch(function () {})
+        .then(done);
+    }
+    // lc_error: leave it for the app to read via client.auth.lastError(), strip later.
+    if (qs.get('lc_error')) { self._authError = qs.get('lc_error'); return Promise.resolve(done()); }
+    return Promise.resolve(self);
+  };
+
+  function decodeUserFromToken(token) {
+    var c = decodeJwt(token);
+    if (!c) return null;
+    return { id: c.sub || null, email: c.email || null };
+  }
+
+  // ── query builder: filters first, terminal op last ───────────────────
+  // client.from('t').eq('done', false).order('created_at',{ascending:false}).limit(50).select()
+  // client.from('t').eq('id', 1).update({ done: true })  // where is required
+  // client.from('t').eq('id', 1).delete()
+  // client.from('t').insert({ ... })  // or insert([ ...rows ])
+  function Query(client, table) {
+    this.c = client; this.table = table;
+    this._where = {}; this._order = null; this._limit = null; this._offset = null;
+  }
+  function relOp(name) {
+    return function (col, val) { this._where[col] = makeRel(this._where[col], name, val); return this; };
+  }
+  function makeRel(existing, op, val) {
+    var node = (existing && typeof existing === 'object' && !Array.isArray(existing)) ? existing : {};
+    node[op] = val; return node;
+  }
+  Query.prototype.eq = function (col, val) { this._where[col] = val; return this; };
+  Query.prototype.neq = relOp('neq');
+  Query.prototype.gt = relOp('gt');
+  Query.prototype.gte = relOp('gte');
+  Query.prototype.lt = relOp('lt');
+  Query.prototype.lte = relOp('lte');
+  Query.prototype.like = relOp('like');
+  Query.prototype.ilike = relOp('ilike');
+  Query.prototype.in = function (col, arr) { this._where[col] = { in: arr }; return this; };
+  // .is(col, null) → IS NULL ; .is(col, 'not_null') → IS NOT NULL
+  Query.prototype.is = function (col, val) { this._where[col] = (val === null) ? null : { is: val }; return this; };
+  // Merge a plain object of equality filters (Supabase-style .match()).
+  Query.prototype.match = function (obj) {
+    for (var k in obj) if (Object.prototype.hasOwnProperty.call(obj, k)) this._where[k] = obj[k];
+    return this;
+  };
+  Query.prototype.order = function (col, opts) {
+    this._order = { column: col, ascending: opts ? opts.ascending !== false : true }; return this;
+  };
+  Query.prototype.limit = function (n) { this._limit = n; return this; };
+  Query.prototype.range = function (from, to) { this._offset = from; this._limit = (to - from + 1); return this; };
+
+  function settle(promise) {
+    return promise.then(function (data) { return { data: data, error: null }; },
+      function (error) { return { data: null, error: error }; });
+  }
+  function hasWhere(w) { for (var k in w) if (Object.prototype.hasOwnProperty.call(w, k)) return true; return false; }
+
+  Query.prototype.select = function () {
+    return settle(this.c._req('select', {
+      table: this.table, where: this._where, order: this._order,
+      limit: this._limit, offset: this._offset,
+    }));
+  };
+  Query.prototype.insert = function (rowOrRows) {
+    return settle(this.c._req('insert', { table: this.table, row: rowOrRows }));
+  };
+  Query.prototype.update = function (patch) {
+    if (!hasWhere(this._where)) return Promise.resolve({ data: null, error: makeError('update() requires a filter (.eq/.match) — refusing an unscoped update', 'where_required') });
+    return settle(this.c._req('update', { table: this.table, where: this._where, patch: patch }));
+  };
+  Query.prototype.delete = function () {
+    if (!hasWhere(this._where)) return Promise.resolve({ data: null, error: makeError('delete() requires a filter (.eq/.match) — refusing an unscoped delete', 'where_required') });
+    return settle(this.c._req('delete', { table: this.table, where: this._where }));
+  };
+
+  // Live updates: client.from('todos').subscribe(cb) → returns an unsubscribe fn.
+  // Each cb receives { table, type: 'INSERT'|'UPDATE'|'DELETE', row }. RLS is
+  // enforced server-side, so a signed-in user only ever sees their own rows.
+  Query.prototype.subscribe = function (cb, onError) {
+    var es = new EventSource(this.c.url + '/realtime?table=' + encodeURIComponent(this.table)
+      + '&apikey=' + encodeURIComponent(this.c._token()));
+    es.addEventListener('change', function (e) {
+      try { cb(JSON.parse(e.data)); } catch (_) {}
+    });
+    if (onError) es.onerror = onError; // EventSource auto-reconnects
+    return function unsubscribe() { try { es.close(); } catch (_) {} };
+  };
+
+  // ── auth ─────────────────────────────────────────────────────────────
+  function AuthApi(client) { this.c = client; }
+  AuthApi.prototype.signUp = function (creds) { return settle(this._post('auth/signup', creds)); };
+  AuthApi.prototype.signIn = AuthApi.prototype.signInWithPassword = function (creds) { return settle(this._post('auth/signin', creds)); };
+  AuthApi.prototype._post = function (op, body) {
+    var self = this;
+    return this.c._req(op, body).then(function (d) { self.c._setSession(d); return d; });
+  };
+  // Social login is a TOP-LEVEL navigation (not fetch); on return the SDK reads
+  // ?lc_session= and stores it automatically (see _consumeUrlSession).
+  AuthApi.prototype.signInWithOAuth = function (provider, opts) {
+    var redirect = (opts && opts.redirectTo) || location.href;
+    location.href = this.c.url + '/auth/oauth/' + encodeURIComponent(provider)
+      + '/start?redirect_url=' + encodeURIComponent(redirect);
+  };
+  // Which OAuth buttons to render — only show providers whose .available is true.
+  AuthApi.prototype.getProviders = function () {
+    return this.c._get('/auth/providers').then(function (r) {
+      if (!r.res.ok || !r.json) throw makeError('providers probe failed', null, r.res.status);
+      return r.json.providers || {};
+    });
+  };
+  AuthApi.prototype.sendMagicLink = function (opts) {
+    return settle(this.c._req('auth/magiclink/request', {
+      email: opts.email, redirect_url: (opts && opts.redirectTo) || location.href,
+    }));
+  };
+  AuthApi.prototype.verifyMagicLink = function (token) { return settle(this._post('auth/magiclink/verify', { token: token })); };
+  AuthApi.prototype.sendOtp = function (opts) { return settle(this.c._req('auth/otp/request', { email: opts.email })); };
+  AuthApi.prototype.verifyOtp = function (opts) { return settle(this._post('auth/otp/verify', { email: opts.email, code: opts.code })); };
+  AuthApi.prototype.getUser = function () { return (this.c._session && this.c._session.user) || null; };
+  AuthApi.prototype.getToken = function () { return (this.c._session && this.c._session.token) || null; };
+  AuthApi.prototype.lastError = function () { return this.c._authError || null; };
+  AuthApi.prototype.signOut = function () { this.c._session = null; lsDel(this.c._sessionKey); return Promise.resolve({ error: null }); };
+
+  // ── storage ──────────────────────────────────────────────────────────
+  function StorageNamespace(client) { this.c = client; }
+  StorageNamespace.prototype.from = function (bucket) { return new Bucket(this.c, bucket || 'public'); };
+
+  function Bucket(client, bucket) { this.c = client; this.bucket = bucket; }
+  Bucket.prototype.upload = function (path, file, opts) {
+    var self = this;
+    var contentType = (opts && opts.contentType) || (file && file.type) || 'application/octet-stream';
+    return settle(toBase64(file).then(function (data_b64) {
+      return self.c._req('storage/upload', { bucket: self.bucket, path: path, content_type: contentType, data_b64: data_b64 });
+    }));
+  };
+  Bucket.prototype.getPublicUrl = function (path) {
+    return this.c.url + '/storage/object?bucket=' + encodeURIComponent(this.bucket) + '&path=' + encodeURIComponent(path);
+  };
+  Bucket.prototype.download = function (path) {
+    return fetch(this.getPublicUrl(path)).then(function (res) {
+      if (!res.ok) return { data: null, error: makeError('object not found', 'object_not_found', res.status) };
+      return res.blob().then(function (blob) { return { data: blob, error: null }; });
+    });
+  };
+  // remove() lands with the S3/Spaces storage update; calls the route now so the
+  // surface is stable (returns { error } until that route ships).
+  Bucket.prototype.remove = function (path) {
+    return settle(this.c._req('storage/remove', { bucket: this.bucket, path: path }));
+  };
+
+  // ── functions ────────────────────────────────────────────────────────
+  function FunctionsApi(client) { this.c = client; }
+  // The gateway reads req.body.input, so wrap the caller's payload.
+  FunctionsApi.prototype.invoke = function (slug, body) { return settle(this.c._req('functions/' + slug, { input: body })); };
+
+  // ── vector / semantic search ─────────────────────────────────────────
+  function VectorApi(client) { this.c = client; }
+  VectorApi.prototype.search = function (q) {
+    return settle(this.c._req('vector/search', {
+      table: q.table, column: q.column, embedding: q.embedding, limit: q.limit, metric: q.metric,
+    }));
+  };
+  VectorApi.prototype.embed = function (input) { return settle(this.c._req('vector/embed', { input: input })); };
+
+  // ── push (Web Push) — server lands with the notifications update ──────
+  function PushApi(client) { this.c = client; }
+  PushApi.prototype.isSupported = function () {
+    return typeof navigator !== 'undefined' && 'serviceWorker' in navigator
+      && typeof window !== 'undefined' && 'PushManager' in window;
+  };
+  PushApi.prototype.subscribe = function (opts) {
+    var self = this;
+    if (!this.isSupported()) return Promise.resolve({ data: null, error: makeError('push not supported in this browser', 'unsupported') });
+    var swUrl = (opts && opts.serviceWorker) || 'https://lingcode.dev/sdk/lingcode-sw.js';
+    return navigator.serviceWorker.register(swUrl).then(function (reg) {
+      return self.c._get('/push/vapid-public').then(function (r) {
+        if (!r.res.ok || !r.json || !r.json.data) throw makeError('push not enabled for this backend', 'push_not_configured', r.res.status);
+        return reg.pushManager.subscribe({ userVisibleOnly: true, applicationServerKey: urlBase64ToUint8Array(r.json.data.key || r.json.data) });
+      });
+    }).then(function (sub) {
+      return self.c._req('push/subscribe', { subscription: sub.toJSON ? sub.toJSON() : sub });
+    }).then(function (d) { return { data: d, error: null }; }, function (e) { return { data: null, error: e }; });
+  };
+  function urlBase64ToUint8Array(base64) {
+    var pad = '='.repeat((4 - base64.length % 4) % 4);
+    var b64 = (base64 + pad).replace(/-/g, '+').replace(/_/g, '/');
+    var raw = atob(b64), out = new Uint8Array(raw.length);
+    for (var i = 0; i < raw.length; i++) out[i] = raw.charCodeAt(i);
+    return out;
+  }
+
+  return { createClient: createClient, version: '1.0.0' };
+});

package/package.json

@@ -0,0 +1,56 @@
+{
+  "name": "lingcode-js",
+  "version": "1.0.0",
+  "description": "Official client SDK for a LingCode managed backend — database, auth, realtime, storage, serverless functions, vector search, and push.",
+  "main": "lingcode-v1.js",
+  "module": "index.mjs",
+  "browser": "lingcode-v1.js",
+  "unpkg": "lingcode-v1.js",
+  "jsdelivr": "lingcode-v1.js",
+  "types": "index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./index.d.ts",
+      "import": "./index.mjs",
+      "require": "./lingcode-v1.js",
+      "default": "./lingcode-v1.js"
+    },
+    "./sw": "./lingcode-sw.js",
+    "./package.json": "./package.json"
+  },
+  "files": [
+    "lingcode-v1.js",
+    "lingcode-sw.js",
+    "index.mjs",
+    "index.d.ts",
+    "README.md"
+  ],
+  "sideEffects": false,
+  "keywords": [
+    "lingcode",
+    "backend",
+    "baas",
+    "database",
+    "postgres",
+    "auth",
+    "realtime",
+    "storage",
+    "vector-search",
+    "push",
+    "supabase",
+    "firebase"
+  ],
+  "homepage": "https://lingcode.dev",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/Xavierhuang/LingCode.git",
+    "directory": "website/sdk"
+  },
+  "bugs": {
+    "url": "https://github.com/Xavierhuang/LingCode/issues"
+  },
+  "license": "MIT",
+  "publishConfig": {
+    "access": "public"
+  }
+}