mpb-localkit 1.3.0

package/dist/core/index.js

@@ -0,0 +1,1780 @@
+export { z } from 'zod';
+import { v7 } from 'uuid';
+
+// src/core/schema/index.ts
+
+// src/core/schema/collection.ts
+function collection(schema, options) {
+  return {
+    schema,
+    collectionName: "",
+    version: options?.version,
+    migrate: options?.migrate
+  };
+}
+
+// src/core/storage/memory.ts
+var MemoryAdapter = class {
+  store = /* @__PURE__ */ new Map();
+  getCollection(collection2) {
+    if (!this.store.has(collection2)) {
+      this.store.set(collection2, /* @__PURE__ */ new Map());
+    }
+    return this.store.get(collection2);
+  }
+  async get(collection2, id) {
+    const doc = this.getCollection(collection2).get(id);
+    if (!doc || doc._deleted) return null;
+    return { ...doc };
+  }
+  async getRaw(collection2, id) {
+    const doc = this.getCollection(collection2).get(id);
+    if (!doc) return null;
+    return { ...doc };
+  }
+  async getMany(collection2, filter) {
+    const col = this.getCollection(collection2);
+    return Array.from(col.values()).filter((doc) => {
+      if (doc._deleted) return false;
+      if (!filter) return true;
+      return Object.entries(filter).every(([k, v]) => doc[k] === v);
+    }).map((doc) => ({ ...doc }));
+  }
+  async put(collection2, id, doc) {
+    this.getCollection(collection2).set(id, { ...doc, _id: id, _collection: collection2 });
+  }
+  async delete(collection2, id) {
+    const col = this.getCollection(collection2);
+    const existing = col.get(id);
+    if (!existing) return;
+    col.set(id, { ...existing, _deleted: true, _updatedAt: Date.now() });
+  }
+  async getChangesSince(timestamp) {
+    const results = [];
+    for (const [collection2, col] of this.store.entries()) {
+      for (const doc of col.values()) {
+        if (doc._updatedAt > timestamp) {
+          results.push({
+            collection: collection2,
+            id: doc._id,
+            doc: { ...doc },
+            updatedAt: doc._updatedAt,
+            deleted: doc._deleted
+          });
+        }
+      }
+    }
+    return results;
+  }
+};
+function generateId() {
+  return v7();
+}
+
+// src/core/storage/encrypted.ts
+var METADATA_FIELDS = /* @__PURE__ */ new Set(["_id", "_collection", "_updatedAt", "_deleted", "_schemaVersion"]);
+var ENCRYPTED_FIELDS = /* @__PURE__ */ new Set(["_encrypted", "_iv", "_keyVersion"]);
+function toBase64(buf) {
+  const bytes = buf instanceof Uint8Array ? buf : new Uint8Array(buf);
+  let binary = "";
+  for (let i = 0; i < bytes.length; i++) binary += String.fromCharCode(bytes[i]);
+  return btoa(binary);
+}
+function fromBase64(s) {
+  const binary = atob(s);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
+  return bytes;
+}
+function encode(s) {
+  return new TextEncoder().encode(s);
+}
+async function deriveAesGcmKey(password, salt, iterations, extractable = false) {
+  const keyMaterial = await crypto.subtle.importKey("raw", encode(password), "PBKDF2", false, [
+    "deriveBits",
+    "deriveKey"
+  ]);
+  return crypto.subtle.deriveKey(
+    { name: "PBKDF2", salt: encode(salt), iterations, hash: "SHA-256" },
+    keyMaterial,
+    { name: "AES-GCM", length: 256 },
+    extractable,
+    ["encrypt", "decrypt"]
+  );
+}
+async function deriveAesKwKey(password, salt, iterations) {
+  const keyMaterial = await crypto.subtle.importKey("raw", encode(password), "PBKDF2", false, [
+    "deriveBits",
+    "deriveKey"
+  ]);
+  return crypto.subtle.deriveKey(
+    { name: "PBKDF2", salt: encode(salt), iterations, hash: "SHA-256" },
+    keyMaterial,
+    { name: "AES-KW", length: 256 },
+    false,
+    ["wrapKey", "unwrapKey"]
+  );
+}
+async function verifySentinel(key) {
+  const sentinel = encode("offlinekit-sentinel");
+  const iv = crypto.getRandomValues(new Uint8Array(12));
+  const ciphertext = await crypto.subtle.encrypt({ name: "AES-GCM", iv }, key, sentinel);
+  const plaintext = await crypto.subtle.decrypt({ name: "AES-GCM", iv }, key, ciphertext).catch(() => null);
+  if (!plaintext || new TextDecoder().decode(plaintext) !== "offlinekit-sentinel") {
+    throw new Error("EncryptedStorageAdapter: key verification failed \u2014 wrong password or key");
+  }
+}
+async function resolveKeySpec(spec, iterations, wrap) {
+  if (spec instanceof CryptoKey) {
+    return spec;
+  } else if (wrap) {
+    const { password, salt } = spec;
+    const wrappingKey = await deriveAesKwKey(password, salt, iterations);
+    if (wrap.wrapped) {
+      return crypto.subtle.unwrapKey(
+        "raw",
+        fromBase64(wrap.wrapped),
+        wrappingKey,
+        "AES-KW",
+        { name: "AES-GCM", length: 256 },
+        false,
+        ["encrypt", "decrypt"]
+      );
+    } else {
+      const extractableKey = await crypto.subtle.generateKey(
+        { name: "AES-GCM", length: 256 },
+        true,
+        ["encrypt", "decrypt"]
+      );
+      const wrappedBuf = await crypto.subtle.wrapKey("raw", extractableKey, wrappingKey, "AES-KW");
+      wrap.onKeyWrapped?.(toBase64(wrappedBuf));
+      const rawKeyBuf = await crypto.subtle.exportKey("raw", extractableKey);
+      return crypto.subtle.importKey(
+        "raw",
+        rawKeyBuf,
+        { name: "AES-GCM", length: 256 },
+        false,
+        ["encrypt", "decrypt"]
+      );
+    }
+  } else {
+    const { password, salt } = spec;
+    return deriveAesGcmKey(password, salt, iterations);
+  }
+}
+async function encrypted(inner, config) {
+  if (inner instanceof EncryptedStorageAdapter) {
+    throw new Error("EncryptedStorageAdapter: double-encryption is not allowed");
+  }
+  if (!config.key && !config.keychain) {
+    throw new Error("EncryptedStorageAdapter: either key or keychain must be provided");
+  }
+  const iterations = config.iterations ?? 6e5;
+  let keychain;
+  let activeVersion;
+  if (config.keychain) {
+    const { keys, activeVersion: av } = config.keychain;
+    if (!(av in keys)) {
+      throw new Error(`EncryptedStorageAdapter: keychain.activeVersion ${av} not found in keychain.keys`);
+    }
+    activeVersion = av;
+    keychain = /* @__PURE__ */ new Map();
+    for (const [ver, spec] of Object.entries(keys)) {
+      const version = Number(ver);
+      const resolved = await resolveKeySpec(spec, iterations);
+      keychain.set(version, resolved);
+    }
+  } else {
+    const resolved = await resolveKeySpec(config.key, iterations, config.wrap);
+    activeVersion = 1;
+    keychain = /* @__PURE__ */ new Map([[1, resolved]]);
+  }
+  await verifySentinel(keychain.get(activeVersion));
+  return new EncryptedStorageAdapter(inner, keychain, activeVersion);
+}
+var EncryptedStorageAdapter = class {
+  constructor(inner, keychain, activeVersion) {
+    this.inner = inner;
+    this.keychain = keychain;
+    this.activeVersion = activeVersion;
+  }
+  isEncryptedDoc(doc) {
+    return "_encrypted" in doc && "_iv" in doc;
+  }
+  async encryptDoc(doc) {
+    const raw = doc;
+    const metadata = {};
+    for (const field of METADATA_FIELDS) {
+      if (field in raw) metadata[field] = raw[field];
+    }
+    const userFields = {};
+    for (const [k, v] of Object.entries(raw)) {
+      if (!METADATA_FIELDS.has(k) && !ENCRYPTED_FIELDS.has(k)) {
+        userFields[k] = v;
+      }
+    }
+    const iv = crypto.getRandomValues(new Uint8Array(12));
+    const aad = encode(JSON.stringify({ _id: doc._id, _collection: doc._collection }));
+    const plaintext = encode(JSON.stringify(userFields));
+    const ciphertext = await crypto.subtle.encrypt(
+      { name: "AES-GCM", iv, additionalData: aad },
+      this.keychain.get(this.activeVersion),
+      plaintext
+    );
+    return {
+      ...metadata,
+      _encrypted: toBase64(ciphertext),
+      _iv: toBase64(iv),
+      _keyVersion: this.activeVersion
+    };
+  }
+  async decryptDoc(doc) {
+    if (!this.isEncryptedDoc(doc)) return doc;
+    const raw = doc;
+    const version = typeof raw._keyVersion === "number" ? raw._keyVersion : 1;
+    const key = this.keychain.get(version);
+    if (!key) {
+      throw new Error(`EncryptedStorageAdapter: no key found for _keyVersion ${version}`);
+    }
+    const aad = encode(JSON.stringify({ _id: doc._id, _collection: doc._collection }));
+    const iv = fromBase64(raw._iv);
+    const ciphertext = fromBase64(raw._encrypted);
+    const plaintext = await crypto.subtle.decrypt(
+      { name: "AES-GCM", iv, additionalData: aad },
+      key,
+      ciphertext
+    );
+    const userFields = JSON.parse(new TextDecoder().decode(plaintext));
+    const metadata = {};
+    for (const field of METADATA_FIELDS) {
+      if (field in raw) metadata[field] = raw[field];
+    }
+    return { ...metadata, ...userFields };
+  }
+  async get(collection2, id) {
+    const doc = await this.inner.get(collection2, id);
+    if (!doc) return null;
+    return this.decryptDoc(doc);
+  }
+  async getRaw(collection2, id) {
+    const fn = this.inner.getRaw?.bind(this.inner) ?? this.inner.get.bind(this.inner);
+    const doc = await fn(collection2, id);
+    if (!doc) return null;
+    return this.decryptDoc(doc);
+  }
+  async getMany(collection2, filter) {
+    const docs = await this.inner.getMany(collection2);
+    const decrypted = await Promise.all(docs.map((doc) => this.decryptDoc(doc)));
+    if (!filter) return decrypted;
+    return decrypted.filter(
+      (doc) => Object.entries(filter).every(([k, v]) => doc[k] === v)
+    );
+  }
+  async put(collection2, id, doc) {
+    if (this.isEncryptedDoc(doc)) {
+      return this.inner.put(collection2, id, doc);
+    }
+    const encryptedDoc = await this.encryptDoc(doc);
+    return this.inner.put(collection2, id, encryptedDoc);
+  }
+  async delete(collection2, id) {
+    return this.inner.delete(collection2, id);
+  }
+  /** E2E: encrypted blobs travel to the server as-is — no decryption here. */
+  async getChangesSince(timestamp) {
+    return this.inner.getChangesSince(timestamp);
+  }
+  /** Returns raw encrypted storage representation. Do not use in production data flows. */
+  async getEncrypted(collection2, id) {
+    return this.inner.get(collection2, id);
+  }
+};
+
+// src/core/storage/key-rotation.ts
+var BATCH_SIZE = 100;
+async function reEncryptAll(adapter, innerStorage, activeVersion) {
+  const result = { total: 0, reEncrypted: 0, skipped: 0, errors: [] };
+  const changes = await innerStorage.getChangesSince(0);
+  result.total = changes.length;
+  for (let i = 0; i < changes.length; i += BATCH_SIZE) {
+    const batch = changes.slice(i, i + BATCH_SIZE);
+    await Promise.all(
+      batch.map(async (change) => {
+        const raw = change.doc;
+        const keyVersion = raw._keyVersion;
+        if (keyVersion === activeVersion) {
+          result.skipped++;
+          return;
+        }
+        try {
+          const decrypted = await adapter.get(change.collection, change.id);
+          if (!decrypted) {
+            result.skipped++;
+            return;
+          }
+          await adapter.put(change.collection, change.id, decrypted);
+          result.reEncrypted++;
+        } catch (err) {
+          const msg = err instanceof Error ? err.message : String(err);
+          result.errors.push(`${change.collection}/${change.id}: ${msg}`);
+        }
+      })
+    );
+  }
+  return result;
+}
+async function rewrapKey(oldPassword, newPassword, wrappedKey, salt, iterations = 6e5) {
+  const oldWrappingKey = await deriveAesKwKey(oldPassword, salt, iterations);
+  const newWrappingKey = await deriveAesKwKey(newPassword, salt, iterations);
+  const dataKey = await crypto.subtle.unwrapKey(
+    "raw",
+    fromBase64(wrappedKey),
+    oldWrappingKey,
+    "AES-KW",
+    { name: "AES-GCM", length: 256 },
+    true,
+    ["encrypt", "decrypt"]
+  );
+  const newWrappedBuf = await crypto.subtle.wrapKey("raw", dataKey, newWrappingKey, "AES-KW");
+  return toBase64(newWrappedBuf);
+}
+
+// src/core/storage/migrate-encrypted.ts
+async function migrateToEncrypted(storage, encryptedStorage) {
+  const changes = await storage.getChangesSince(0);
+  const result = {
+    total: changes.length,
+    encrypted: 0,
+    skipped: 0,
+    errors: []
+  };
+  for (const change of changes) {
+    const { collection: collection2, id, doc } = change;
+    if ("_encrypted" in doc && "_iv" in doc) {
+      result.skipped++;
+      continue;
+    }
+    try {
+      await encryptedStorage.put(collection2, id, doc);
+      result.encrypted++;
+    } catch (err) {
+      result.errors.push(
+        `${collection2}/${id}: ${err instanceof Error ? err.message : String(err)}`
+      );
+    }
+  }
+  return result;
+}
+
+// src/core/sync/conflict.ts
+function resolveConflict(local, remote) {
+  return remote._updatedAt >= local._updatedAt ? remote : local;
+}
+
+// src/core/sync/transport.ts
+var HttpTransport = class {
+  constructor(endpoint) {
+    this.endpoint = endpoint;
+  }
+  token = null;
+  setToken(token) {
+    this.token = token;
+  }
+  async push(payload) {
+    const response = await this.fetchWithRetry(`${this.endpoint}/sync/push`, {
+      method: "POST",
+      headers: this.buildHeaders(),
+      body: JSON.stringify(payload)
+    });
+    if (!response.ok) {
+      throw new Error(`Push failed: ${response.status} ${response.statusText}`);
+    }
+    return payload.changes.length;
+  }
+  async pull(payload) {
+    const response = await this.fetchWithRetry(`${this.endpoint}/sync/pull?since=${payload.since}`, {
+      headers: this.buildHeaders()
+    });
+    if (!response.ok) {
+      throw new Error(`Pull failed: ${response.status} ${response.statusText}`);
+    }
+    const { changes } = await response.json();
+    return changes;
+  }
+  destroy() {
+  }
+  async fetchWithRetry(url, init, retries = 3) {
+    for (let attempt = 0; attempt <= retries; attempt++) {
+      try {
+        const res = await fetch(url, init);
+        if (res.ok || res.status < 500) return res;
+        if (attempt === retries) return res;
+      } catch (err) {
+        if (attempt === retries) throw err;
+      }
+      const delay = Math.pow(2, attempt) * 1e3 + Math.random() * 500;
+      await new Promise((r) => setTimeout(r, delay));
+    }
+    throw new Error("fetchWithRetry: unreachable");
+  }
+  buildHeaders() {
+    const headers = { "Content-Type": "application/json" };
+    if (this.token) headers["Authorization"] = `Bearer ${this.token}`;
+    return headers;
+  }
+};
+
+// src/core/sync/ws-transport.ts
+var WebSocketTransport = class {
+  constructor(config) {
+    this.config = config;
+    this.token = config.token ?? null;
+    if (config.url.startsWith("ws://") && typeof location !== "undefined" && location.hostname !== "localhost" && location.hostname !== "127.0.0.1") {
+      console.warn("[OfflineKit] WebSocket connection uses insecure ws:// protocol. Use wss:// in production.");
+    }
+    this.connect();
+  }
+  ws = null;
+  pending = /* @__PURE__ */ new Map();
+  reconnectAttempt = 0;
+  reconnectTimer = null;
+  destroyed = false;
+  token;
+  setToken(token) {
+    this.token = token;
+  }
+  async push(payload) {
+    const id = this.generateId();
+    await this.send({ type: "push", id, payload });
+    return payload.changes.length;
+  }
+  async pull(payload) {
+    const id = this.generateId();
+    const result = await this.send({ type: "pull", id, since: payload.since });
+    const { changes } = result;
+    return changes;
+  }
+  destroy() {
+    this.destroyed = true;
+    if (this.reconnectTimer !== null) {
+      clearTimeout(this.reconnectTimer);
+      this.reconnectTimer = null;
+    }
+    for (const req of this.pending.values()) {
+      req.reject(new Error("Transport destroyed"));
+    }
+    this.pending.clear();
+    if (this.ws) {
+      this.ws.close();
+      this.ws = null;
+    }
+  }
+  connect() {
+    if (this.destroyed) return;
+    this.ws = new WebSocket(this.config.url);
+    this.ws.onopen = () => {
+      this.reconnectAttempt = 0;
+      if (this.token) {
+        this.ws.send(JSON.stringify({ type: "auth", token: this.token }));
+      }
+      this.config.onConnected?.();
+    };
+    this.ws.onmessage = (event) => {
+      let msg;
+      try {
+        msg = JSON.parse(event.data);
+      } catch {
+        return;
+      }
+      if (msg.type === "push_ack" || msg.type === "pull_response") {
+        const pending = this.pending.get(msg.id);
+        if (pending) {
+          this.pending.delete(msg.id);
+          pending.resolve(msg.payload);
+        }
+      } else if (msg.type === "remote_changes") {
+        this.config.onRemoteChanges?.(msg.changes ?? []);
+      } else if (msg.type === "error") {
+        const pending = this.pending.get(msg.id);
+        if (pending) {
+          this.pending.delete(msg.id);
+          const errPayload = msg.payload;
+          pending.reject(new Error(errPayload?.message ?? "WebSocket error"));
+        }
+      }
+    };
+    this.ws.onclose = () => {
+      for (const req of this.pending.values()) {
+        req.reject(new Error("WebSocket disconnected"));
+      }
+      this.pending.clear();
+      this.scheduleReconnect();
+    };
+    this.ws.onerror = () => {
+    };
+  }
+  scheduleReconnect() {
+    if (this.destroyed || this.config.reconnect === false) return;
+    const max = this.config.maxReconnectAttempts ?? Infinity;
+    if (this.reconnectAttempt >= max) return;
+    const delay = Math.min(1e3 * Math.pow(2, this.reconnectAttempt), 3e4);
+    const jitter = Math.random() * 200;
+    this.reconnectTimer = setTimeout(() => {
+      this.reconnectAttempt++;
+      this.connect();
+    }, delay + jitter);
+  }
+  send(msg) {
+    return new Promise((resolve, reject) => {
+      if (!this.ws || this.ws.readyState !== WebSocket.OPEN) {
+        reject(new Error("WebSocket not connected"));
+        return;
+      }
+      const id = msg.id;
+      const timeout = this.config.requestTimeout ?? 3e4;
+      const timer = setTimeout(() => {
+        if (this.pending.has(id)) {
+          this.pending.delete(id);
+          reject(new Error("WebSocket request timed out"));
+        }
+      }, timeout);
+      this.pending.set(id, {
+        resolve: (value) => {
+          clearTimeout(timer);
+          resolve(value);
+        },
+        reject: (reason) => {
+          clearTimeout(timer);
+          reject(reason);
+        }
+      });
+      this.ws.send(JSON.stringify(msg));
+    });
+  }
+  generateId() {
+    const bytes = new Uint8Array(16);
+    crypto.getRandomValues(bytes);
+    const hex = Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+    return `${Date.now()}-${hex}`;
+  }
+};
+
+// src/core/sync/auto-transport.ts
+var AutoTransport = class {
+  ws;
+  http;
+  useWs = true;
+  constructor(config) {
+    this.http = new HttpTransport(config.httpEndpoint);
+    if (config.token) {
+      this.http.setToken(config.token);
+    }
+    this.ws = new WebSocketTransport({
+      url: config.wsUrl,
+      token: config.token,
+      reconnect: true,
+      onRemoteChanges: config.onRemoteChanges,
+      onConnected: () => {
+        this.useWs = true;
+      }
+    });
+  }
+  setToken(token) {
+    this.ws.setToken(token);
+    this.http.setToken(token);
+  }
+  async push(payload) {
+    if (this.useWs) {
+      try {
+        return await this.ws.push(payload);
+      } catch {
+        this.useWs = false;
+      }
+    }
+    return this.http.push(payload);
+  }
+  async pull(payload) {
+    if (this.useWs) {
+      try {
+        return await this.ws.pull(payload);
+      } catch {
+        this.useWs = false;
+      }
+    }
+    return this.http.pull(payload);
+  }
+  destroy() {
+    this.ws.destroy();
+    this.http.destroy();
+  }
+};
+
+// src/core/sync/engine.ts
+var SYNC_META_COLLECTION = "_sync_meta";
+var SyncEngine = class {
+  constructor(storage, config) {
+    this.storage = storage;
+    this.config = config;
+    this.lastSyncKey = `last_sync_at_${config.endpoint}`;
+    this.transport = this.resolveTransport(config);
+  }
+  status = "idle";
+  lastSyncAt = 0;
+  lastSyncAtInitialized = false;
+  /** Typed listener map: values are SyncEventMap[E][] per event key. */
+  listenerMap = /* @__PURE__ */ new Map();
+  transport;
+  lastSyncKey;
+  /**
+   * Return the current sync status.
+   *
+   * @returns The current {@link SyncStatus} (`'idle'`, `'syncing'`, `'error'`, or `'offline'`).
+   */
+  getStatus() {
+    return this.status;
+  }
+  /**
+   * Return the timestamp of the last successful sync.
+   *
+   * @returns Epoch timestamp (ms), or `0` if no sync has completed yet.
+   */
+  getLastSyncAt() {
+    return this.lastSyncAt;
+  }
+  /**
+   * Set the bearer token used by the transport for authenticated requests.
+   *
+   * @param token - The bearer token string, or `null` to clear it.
+   */
+  setToken(token) {
+    this.transport.setToken?.(token);
+  }
+  /**
+   * Register a listener for sync events.
+   *
+   * @param event - The event type to listen for.
+   * @param listener - The callback to invoke when the event fires.
+   */
+  on(event, listener) {
+    const existing = this.listenerMap.get(event) ?? [];
+    this.listenerMap.set(event, [...existing, listener]);
+  }
+  /**
+   * Remove a previously registered sync event listener.
+   *
+   * @param event - The event type.
+   * @param listener - The callback to remove.
+   */
+  off(event, listener) {
+    const existing = this.listenerMap.get(event) ?? [];
+    this.listenerMap.set(event, existing.filter((l) => l !== listener));
+  }
+  /**
+   * Push local changes to the server.
+   *
+   * @returns The number of documents pushed.
+   */
+  async push() {
+    const changes = await this.storage.getChangesSince(this.lastSyncAt);
+    if (changes.length === 0) return 0;
+    return this.transport.push({ changes, lastSyncAt: this.lastSyncAt });
+  }
+  /**
+   * Pull remote changes from the server. Applies conflict resolution for
+   * documents that exist both locally and remotely.
+   *
+   * @returns An object with `pulled` (total remote docs received) and `conflicts` (local-wins count).
+   */
+  async pull() {
+    const remoteChanges = await this.transport.pull({ since: this.lastSyncAt });
+    let conflicts = 0;
+    const validRemote = remoteChanges.filter((doc) => {
+      if (typeof doc._id !== "string" || typeof doc._collection !== "string" || typeof doc._updatedAt !== "number" || typeof doc._deleted !== "boolean") {
+        console.warn("[OfflineKit] Skipping invalid remote document:", doc._id);
+        return false;
+      }
+      return true;
+    });
+    for (const remote of validRemote) {
+      const local = this.storage.getRaw ? await this.storage.getRaw(remote._collection, remote._id) : await this.storage.get(remote._collection, remote._id);
+      let docToStore = remote;
+      if (local) {
+        const resolver = this.config.conflictResolver ?? resolveConflict;
+        const resolved = resolver(local, remote);
+        if (resolved === local) {
+          conflicts++;
+          continue;
+        }
+        docToStore = resolved;
+      }
+      if (docToStore._deleted) {
+        await this.storage.delete(docToStore._collection, docToStore._id);
+      } else {
+        await this.storage.put(docToStore._collection, docToStore._id, docToStore);
+      }
+    }
+    return { pulled: validRemote.length, conflicts };
+  }
+  /**
+   * Run a full push+pull sync cycle. Pushes local changes first, then pulls
+   * remote changes. Updates the last-sync timestamp on success.
+   *
+   * @returns A {@link SyncResult} with pushed, pulled, and conflicts counts.
+   */
+  async sync() {
+    if (!this.config.enabled) return { pushed: 0, pulled: 0, conflicts: 0 };
+    if (this.status === "syncing") return { pushed: 0, pulled: 0, conflicts: 0 };
+    const isOnline = typeof navigator !== "undefined" ? navigator.onLine : true;
+    if (!isOnline) {
+      this.setStatus("offline");
+      return { pushed: 0, pulled: 0, conflicts: 0 };
+    }
+    this.setStatus("syncing");
+    this.emit("sync:start");
+    try {
+      if (!this.lastSyncAtInitialized) {
+        this.lastSyncAt = await this.loadLastSyncAt();
+        this.lastSyncAtInitialized = true;
+      }
+      const pushed = await this.push();
+      const { pulled, conflicts } = await this.pull();
+      this.lastSyncAt = Date.now();
+      await this.saveLastSyncAt(this.lastSyncAt);
+      this.setStatus("idle");
+      const result = { pushed, pulled, conflicts };
+      this.emit("sync:complete", result);
+      return result;
+    } catch (err) {
+      const browserOffline = typeof navigator !== "undefined" ? !navigator.onLine : false;
+      const isOffline2 = browserOffline || err instanceof TypeError && err.message.includes("fetch");
+      this.setStatus(isOffline2 ? "offline" : "error");
+      this.emit("sync:error", err);
+      return { pushed: 0, pulled: 0, conflicts: 0, error: err instanceof Error ? err : new Error(String(err)) };
+    }
+  }
+  /**
+   * Clean up the transport (close WebSocket connections, etc.).
+   * Call this when the sync engine is no longer needed.
+   */
+  destroy() {
+    this.transport.destroy();
+  }
+  resolveTransport(config) {
+    const t = config.transport;
+    if (!t || t === "http") return new HttpTransport(config.endpoint);
+    if (t === "websocket") {
+      const wsUrl = config.endpoint.replace(/^http/, "ws");
+      return new WebSocketTransport({ url: wsUrl });
+    }
+    if (t === "auto") {
+      const wsUrl = config.endpoint.replace(/^http/, "ws");
+      return new AutoTransport({ wsUrl, httpEndpoint: config.endpoint });
+    }
+    return t;
+  }
+  setStatus(status) {
+    this.status = status;
+  }
+  emit(event, ...args) {
+    const listeners = this.listenerMap.get(event) ?? [];
+    for (const listener of listeners) {
+      listener(...args);
+    }
+  }
+  async loadLastSyncAt() {
+    try {
+      const doc = await this.storage.get(SYNC_META_COLLECTION, this.lastSyncKey);
+      const val = doc !== null ? doc["value"] : void 0;
+      return typeof val === "number" ? val : 0;
+    } catch {
+      return 0;
+    }
+  }
+  async saveLastSyncAt(ts) {
+    try {
+      await this.storage.put(SYNC_META_COLLECTION, this.lastSyncKey, {
+        _id: this.lastSyncKey,
+        _collection: SYNC_META_COLLECTION,
+        _updatedAt: ts,
+        _deleted: false,
+        value: ts
+      });
+    } catch {
+    }
+  }
+};
+
+// src/core/sync/triggers.ts
+function setupFocusTrigger(engine, config) {
+  const handler = () => {
+    if (document.visibilityState === "visible" && config.enabled) {
+      void engine.sync();
+    }
+  };
+  document.addEventListener("visibilitychange", handler);
+  return () => document.removeEventListener("visibilitychange", handler);
+}
+function setupReconnectTrigger(engine, config) {
+  const handler = () => {
+    if (config.enabled) void engine.sync();
+  };
+  window.addEventListener("online", handler);
+  return () => window.removeEventListener("online", handler);
+}
+function setupIntervalTrigger(engine, config) {
+  const ms = config.interval > 0 ? config.interval : 3e4;
+  const id = setInterval(() => {
+    if (config.enabled && navigator.onLine) void engine.sync();
+  }, ms);
+  return () => clearInterval(id);
+}
+
+// src/core/auth/pbkdf2.ts
+var ITERATIONS = 6e5;
+var HASH_ALGO = "SHA-256";
+var KEY_LENGTH = 32;
+var SALT_LENGTH = 16;
+function toHex(bytes) {
+  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+async function deriveKey(password, salt) {
+  const enc = new TextEncoder();
+  const keyMaterial = await crypto.subtle.importKey(
+    "raw",
+    enc.encode(password),
+    "PBKDF2",
+    false,
+    ["deriveBits"]
+  );
+  const derivedBits = await crypto.subtle.deriveBits(
+    {
+      name: "PBKDF2",
+      salt,
+      iterations: ITERATIONS,
+      hash: HASH_ALGO
+    },
+    keyMaterial,
+    KEY_LENGTH * 8
+  );
+  return toHex(new Uint8Array(derivedBits));
+}
+async function hashPassword(password, _email) {
+  if (!password) throw new Error("Password must not be empty");
+  const salt = crypto.getRandomValues(new Uint8Array(SALT_LENGTH));
+  const hashHex = await deriveKey(password, salt);
+  return `${toHex(salt)}:${hashHex}`;
+}
+
+// src/core/auth/session.ts
+var TOKEN_KEY = "__offlinekit_token";
+var USER_KEY = "__offlinekit_user";
+function saveSession(session) {
+  try {
+    localStorage.setItem(TOKEN_KEY, session.token);
+    localStorage.setItem(USER_KEY, JSON.stringify(session.user));
+  } catch {
+  }
+}
+function loadSession() {
+  try {
+    const token = localStorage.getItem(TOKEN_KEY);
+    const userRaw = localStorage.getItem(USER_KEY);
+    if (!token || !userRaw) return null;
+    const parsed = JSON.parse(userRaw);
+    if (typeof parsed.id !== "string" || typeof parsed.email !== "string") return null;
+    return { token, user: { id: parsed.id, email: parsed.email } };
+  } catch {
+    return null;
+  }
+}
+function clearSession() {
+  try {
+    localStorage.removeItem(TOKEN_KEY);
+    localStorage.removeItem(USER_KEY);
+  } catch {
+  }
+}
+
+// src/core/auth/adapter.ts
+var EmailPasswordAuth = class {
+  constructor(config) {
+    this.config = config;
+  }
+  session = loadSession();
+  async signUp(credentials) {
+    if (!credentials.email) throw new Error("Email is required");
+    if (!credentials.password) throw new Error("Password is required");
+    const passwordHash = await hashPassword(credentials.password);
+    const res = await fetch(`${this.config.endpoint}/auth/signup`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ email: credentials.email, passwordHash })
+    });
+    if (!res.ok) {
+      const body = await res.json().catch(() => ({}));
+      throw new Error(body.error ?? `Sign-up failed: ${res.status}`);
+    }
+    const data = await res.json();
+    this.session = { user: data.user, token: data.token };
+    saveSession(this.session);
+    return data.user;
+  }
+  async signIn(credentials) {
+    if (!credentials.email) throw new Error("Email is required");
+    if (!credentials.password) throw new Error("Password is required");
+    const passwordHash = await hashPassword(credentials.password);
+    const res = await fetch(`${this.config.endpoint}/auth/signin`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ email: credentials.email, passwordHash })
+    });
+    if (!res.ok) {
+      const body = await res.json().catch(() => ({}));
+      throw new Error(body.error ?? `Sign-in failed: ${res.status}`);
+    }
+    const data = await res.json();
+    this.session = { user: data.user, token: data.token };
+    saveSession(this.session);
+    return data.user;
+  }
+  async signOut() {
+    const token = this.session?.token;
+    this.session = null;
+    clearSession();
+    if (token) {
+      await fetch(`${this.config.endpoint}/auth/signout`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json", Authorization: `Bearer ${token}` }
+      }).catch(() => {
+      });
+    }
+  }
+  currentUser() {
+    return this.session?.user ?? null;
+  }
+  getToken() {
+    return this.session?.token ?? null;
+  }
+};
+
+// src/core/auth/better-auth-adapter.ts
+function unwrap(result, context) {
+  if (result.error) {
+    throw new Error(result.error.message ?? `Better Auth ${context} failed`);
+  }
+  if (!result.data) {
+    throw new Error(`Better Auth ${context}: no data returned`);
+  }
+  return result.data;
+}
+function toUser(baUser) {
+  return { id: baUser.id, email: baUser.email };
+}
+var BetterAuthAdapter = class {
+  constructor(config) {
+    this.config = config;
+  }
+  session = loadSession();
+  /**
+   * Revalidate the stored session against the server.
+   * Call on app startup to verify a cached bearer token is still valid.
+   * On network failure the cached session is kept for offline use.
+   */
+  async revalidateSession() {
+    if (!this.session?.token) return null;
+    try {
+      const result = await this.config.client.getSession();
+      if (result.error || !result.data) {
+        this.session = null;
+        clearSession();
+        return null;
+      }
+      const user = toUser(result.data.user);
+      const token = result.data.session.token;
+      this.session = { user, token };
+      saveSession(this.session);
+      return user;
+    } catch {
+      return this.session?.user ?? null;
+    }
+  }
+  async signUp(credentials) {
+    const name = credentials.name ?? credentials.email.split("@")[0];
+    const result = await this.config.client.signUp.email({
+      email: credentials.email,
+      password: credentials.password,
+      name
+    });
+    const data = unwrap(result, "signUp");
+    const user = toUser(data.user);
+    const token = data.token;
+    if (token) {
+      this.session = { user, token };
+      saveSession(this.session);
+    }
+    return user;
+  }
+  async signIn(credentials) {
+    const result = await this.config.client.signIn.email({
+      email: credentials.email,
+      password: credentials.password
+    });
+    const data = unwrap(result, "signIn");
+    const user = toUser(data.user);
+    this.session = { user, token: data.token };
+    saveSession(this.session);
+    return user;
+  }
+  async signInWithSocial(provider) {
+    const result = await this.config.client.signIn.social({ provider });
+    const data = unwrap(result, "signInWithSocial");
+    if (data.user && data.token) {
+      const user = toUser(data.user);
+      this.session = { user, token: data.token };
+      saveSession(this.session);
+      return user;
+    }
+    if (data.url && typeof window !== "undefined") {
+      const url = new URL(data.url);
+      const trusted = this.config.trustedOrigins ?? [window.location.origin];
+      if (!trusted.includes(url.origin)) {
+        throw new Error(`Untrusted redirect URL origin: ${url.origin}`);
+      }
+      window.location.href = data.url;
+    }
+    throw new Error(
+      "Social sign-in initiated OAuth redirect. Call revalidateSession() after the callback to load the session."
+    );
+  }
+  async signOut() {
+    this.session = null;
+    clearSession();
+    try {
+      await this.config.client.signOut();
+    } catch {
+    }
+  }
+  currentUser() {
+    return this.session?.user ?? null;
+  }
+  getToken() {
+    return this.session?.token ?? null;
+  }
+};
+
+// src/core/auth/offline-adapter.ts
+var OFFLINE_SESSION_KEY = "__offlinekit_offline_session";
+function saveOfflineSession(session) {
+  try {
+    localStorage.setItem(OFFLINE_SESSION_KEY, JSON.stringify(session));
+  } catch {
+  }
+}
+function loadOfflineSession() {
+  try {
+    const raw = localStorage.getItem(OFFLINE_SESSION_KEY);
+    if (!raw) return null;
+    const parsed = JSON.parse(raw);
+    if (typeof parsed.token !== "string" || typeof parsed.expiresAt !== "number" || !parsed.user || typeof parsed.user.id !== "string") return null;
+    return parsed;
+  } catch {
+    return null;
+  }
+}
+function clearOfflineSession() {
+  try {
+    localStorage.removeItem(OFFLINE_SESSION_KEY);
+  } catch {
+  }
+}
+function isOffline() {
+  return typeof navigator !== "undefined" && !navigator.onLine;
+}
+var OfflineSessionAdapter = class {
+  constructor(inner, cacheDuration = 7 * 24 * 60 * 60 * 1e3) {
+    this.inner = inner;
+    this.cacheDuration = cacheDuration;
+  }
+  async signUp(credentials) {
+    const user = await this.inner.signUp(credentials);
+    const token = this.inner.getToken() ?? "";
+    saveOfflineSession({ user, token, expiresAt: Date.now() + this.cacheDuration, provider: "email" });
+    return user;
+  }
+  async signIn(credentials) {
+    try {
+      const user = await this.inner.signIn(credentials);
+      const token = this.inner.getToken() ?? "";
+      saveOfflineSession({ user, token, expiresAt: Date.now() + this.cacheDuration, provider: "email" });
+      return user;
+    } catch (err) {
+      if (isOffline()) {
+        const cached = loadOfflineSession();
+        if (cached && cached.expiresAt > Date.now()) {
+          return cached.user;
+        }
+      }
+      throw err;
+    }
+  }
+  async signOut() {
+    clearOfflineSession();
+    await this.inner.signOut();
+  }
+  currentUser() {
+    const inner = this.inner.currentUser();
+    if (inner) return inner;
+    const cached = loadOfflineSession();
+    if (cached && cached.expiresAt > Date.now()) return cached.user;
+    return null;
+  }
+  getToken() {
+    const inner = this.inner.getToken();
+    if (inner) return inner;
+    const cached = loadOfflineSession();
+    if (cached && cached.expiresAt > Date.now()) return cached.token;
+    return null;
+  }
+};
+
+// src/core/errors/tracker.ts
+var ERRORS_COLLECTION = "_errors";
+var ErrorTracker = class {
+  constructor(storage, config) {
+    this.storage = storage;
+    this.config = config;
+  }
+  /**
+   * Retrieve all stored error entries.
+   *
+   * @returns An array of all persisted {@link ErrorEntry} records.
+   */
+  async getAll() {
+    const docs = await this.storage.getMany(ERRORS_COLLECTION);
+    return docs;
+  }
+  /**
+   * Clear all stored error entries (soft-deletes them from storage).
+   */
+  async clear() {
+    const all = await this.storage.getMany(ERRORS_COLLECTION);
+    for (const entry of all) {
+      await this.storage.delete(ERRORS_COLLECTION, entry._id);
+    }
+  }
+  /**
+   * Capture an error and persist it to storage. Triggers the `onError` callback
+   * and webhook (if configured), then prunes old entries if over the limit.
+   *
+   * @param error - The Error instance to capture.
+   * @param type - The error category (e.g. `'unhandled_exception'`, `'sync_error'`).
+   * @param context - Optional additional context merged with auto-detected fields.
+   */
+  async capture(error, type, context) {
+    if (!this.config.enabled) return;
+    const now = Date.now();
+    const entry = {
+      _id: generateId(),
+      _collection: ERRORS_COLLECTION,
+      _updatedAt: now,
+      _deleted: false,
+      timestamp: now,
+      type,
+      message: error.message,
+      stack: error.stack,
+      context: {
+        online: typeof navigator !== "undefined" ? navigator.onLine : true,
+        userAgent: typeof navigator !== "undefined" ? navigator.userAgent : "unknown",
+        ...context
+      },
+      ...this.config.snapshot ? { snapshot: await this.captureSnapshot() } : {}
+    };
+    await this.storage.put(ERRORS_COLLECTION, entry._id, entry);
+    this.config.onError?.(entry);
+    if (this.config.webhookUrl) {
+      this.sendWebhook(this.config.webhookUrl, entry);
+    }
+    await this.pruneIfNeeded();
+  }
+  sendWebhook(url, entry) {
+    const send = async (attempt) => {
+      try {
+        const res = await fetch(url, {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            "User-Agent": "mpb-localkit-error-tracker"
+          },
+          body: JSON.stringify(entry)
+        });
+        if (res.ok) return;
+        if (res.status === 429) {
+          this.reportWebhookFailure(url);
+          return;
+        }
+        if (attempt < 3) {
+          const jitter = Math.random() * 500;
+          const delay = Math.pow(2, attempt) * 1e3 + jitter;
+          await new Promise((r) => setTimeout(r, delay));
+          return send(attempt + 1);
+        }
+        this.reportWebhookFailure(url);
+      } catch {
+        if (attempt < 3) {
+          const jitter = Math.random() * 500;
+          const delay = Math.pow(2, attempt) * 1e3 + jitter;
+          await new Promise((r) => setTimeout(r, delay));
+          return send(attempt + 1);
+        }
+        this.reportWebhookFailure(url);
+      }
+    };
+    send(0);
+  }
+  reportWebhookFailure(url) {
+    if (this.config.onError) {
+      const now = Date.now();
+      this.config.onError({
+        _id: "",
+        _collection: "_errors",
+        _updatedAt: now,
+        _deleted: false,
+        type: "runtime",
+        message: `Webhook delivery failed after retries: ${url}`,
+        timestamp: now,
+        context: { online: typeof navigator !== "undefined" ? navigator.onLine : true }
+      });
+    }
+  }
+  async captureSnapshot() {
+    const snapshot = {};
+    try {
+      let total = 0;
+      for (let i = 0; i < localStorage.length; i++) {
+        const k = localStorage.key(i) ?? "";
+        total += k.length + (localStorage.getItem(k)?.length ?? 0);
+      }
+      snapshot.localStorageSize = total;
+    } catch {
+    }
+    return snapshot;
+  }
+  async pruneIfNeeded() {
+    const all = await this.storage.getMany(ERRORS_COLLECTION);
+    if (all.length <= this.config.maxLocalErrors) return;
+    const sorted = [...all].sort((a, b) => (a._updatedAt ?? 0) - (b._updatedAt ?? 0));
+    const toDelete = sorted.slice(0, all.length - this.config.maxLocalErrors);
+    for (const entry of toDelete) {
+      await this.storage.delete(ERRORS_COLLECTION, entry._id);
+    }
+  }
+};
+
+// src/core/errors/index.ts
+var DEFAULT_CONFIG = {
+  enabled: true,
+  snapshot: true,
+  maxLocalErrors: 100
+};
+var ErrorManager = class {
+  tracker;
+  constructor(storage, config = {}) {
+    this.tracker = new ErrorTracker(storage, { ...DEFAULT_CONFIG, ...config });
+  }
+  /**
+   * Capture an error and persist it to storage. Triggers the `onError` callback
+   * and webhook (if configured), then prunes old entries if over the limit.
+   *
+   * @param error - The Error instance to capture.
+   * @param type - The error category (defaults to `'unhandled_exception'`).
+   * @param context - Optional additional context (online status, user agent, etc.).
+   */
+  async capture(error, type = "unhandled_exception", context) {
+    return this.tracker.capture(error, type, context);
+  }
+  /**
+   * Retrieve all stored error entries.
+   *
+   * @returns An array of all persisted {@link ErrorEntry} records.
+   */
+  async getAll() {
+    return this.tracker.getAll();
+  }
+  /**
+   * Clear all stored error entries (soft-deletes them from storage).
+   */
+  async clear() {
+    return this.tracker.clear();
+  }
+  /**
+   * Expose the underlying tracker for handler wiring (e.g. global error handlers).
+   *
+   * @returns The {@link ErrorTracker} instance.
+   */
+  getTracker() {
+    return this.tracker;
+  }
+};
+
+// src/core/storage/query.ts
+function isCondition(value) {
+  if (typeof value !== "object" || value === null || Array.isArray(value)) return false;
+  const keys = Object.keys(value);
+  return keys.some((k) => k === "$gt" || k === "$lt" || k === "$gte" || k === "$lte" || k === "$in");
+}
+function matchesWhere(doc, where) {
+  for (const key of Object.keys(where)) {
+    const condition = where[key];
+    const docValue = doc[key];
+    if (isCondition(condition)) {
+      if (condition.$gt != null && !(docValue > condition.$gt)) return false;
+      if (condition.$lt != null && !(docValue < condition.$lt)) return false;
+      if (condition.$gte != null && !(docValue >= condition.$gte)) return false;
+      if (condition.$lte != null && !(docValue <= condition.$lte)) return false;
+      if (condition.$in !== void 0 && !condition.$in.includes(docValue)) return false;
+    } else {
+      if (docValue !== condition) return false;
+    }
+  }
+  return true;
+}
+function applySort(docs, sort) {
+  const entries = Object.entries(sort);
+  if (entries.length === 0) return docs;
+  return [...docs].sort((a, b) => {
+    for (const [field, direction] of entries) {
+      const av = a[field];
+      const bv = b[field];
+      if (av === bv) continue;
+      const cmp = av < bv ? -1 : 1;
+      return direction === "asc" ? cmp : -cmp;
+    }
+    return 0;
+  });
+}
+function applyQuery(docs, options) {
+  let result = docs;
+  if (options.where) {
+    const where = options.where;
+    result = result.filter((doc) => matchesWhere(doc, where));
+  }
+  if (options.sort) {
+    result = applySort(result, options.sort);
+  }
+  const offset = options.offset ?? 0;
+  if (offset > 0) {
+    result = result.slice(offset);
+  }
+  if (options.limit !== void 0) {
+    result = result.slice(0, options.limit);
+  }
+  return result;
+}
+
+// src/core/client/collection.ts
+var CollectionImpl = class {
+  schema;
+  collectionName;
+  storage;
+  version;
+  migrate;
+  constructor(schema, collectionName, storage, version, migrate) {
+    this.schema = schema;
+    this.collectionName = collectionName;
+    this.storage = storage;
+    this.version = version;
+    this.migrate = migrate;
+  }
+  get name() {
+    return this.collectionName;
+  }
+  async applyMigration(doc) {
+    if (this.version === void 0 || doc._schemaVersion === this.version) {
+      return doc;
+    }
+    if (this.migrate) {
+      const migrated = this.migrate(doc);
+      const updated = { ...migrated, _schemaVersion: this.version };
+      await this.storage.put(this.collectionName, updated._id, updated);
+      return updated;
+    }
+    return doc;
+  }
+  async create(data) {
+    const validated = this.schema.parse(data);
+    const id = generateId();
+    const doc = {
+      ...validated,
+      _id: id,
+      _collection: this.collectionName,
+      _updatedAt: Date.now(),
+      _deleted: false,
+      ...this.version !== void 0 ? { _schemaVersion: this.version } : {}
+    };
+    await this.storage.put(this.collectionName, id, doc);
+    return doc;
+  }
+  async findMany(options) {
+    const docs = await this.storage.getMany(this.collectionName);
+    const typed = await Promise.all(
+      docs.filter((doc) => !doc._deleted).map((doc) => this.applyMigration(doc))
+    );
+    if (!options) return typed;
+    return applyQuery(typed, options);
+  }
+  async findOne(id) {
+    const doc = await this.storage.get(this.collectionName, id);
+    if (!doc || doc._deleted) return null;
+    return this.applyMigration(doc);
+  }
+  async update(id, data) {
+    const existing = await this.storage.get(this.collectionName, id);
+    if (!existing || existing._deleted) {
+      throw new Error(`Document not found: ${id}`);
+    }
+    const merged = {
+      ...existing,
+      ...data
+    };
+    const userFields = {};
+    for (const [k, v] of Object.entries(merged)) {
+      if (!k.startsWith("_")) userFields[k] = v;
+    }
+    this.schema.parse(userFields);
+    const updated = {
+      ...merged,
+      _updatedAt: Date.now()
+    };
+    await this.storage.put(this.collectionName, id, updated);
+    return updated;
+  }
+  async delete(id) {
+    const existing = await this.storage.get(this.collectionName, id);
+    if (!existing) return;
+    const deleted = {
+      ...existing,
+      _deleted: true,
+      _updatedAt: Date.now()
+    };
+    await this.storage.put(this.collectionName, id, deleted);
+  }
+  async count(options) {
+    const docs = await this.findMany(options);
+    return docs.length;
+  }
+  async exists(id) {
+    const doc = await this.storage.get(this.collectionName, id);
+    return doc !== null && !doc._deleted;
+  }
+};
+var ObservableCollectionImpl = class extends CollectionImpl {
+  snapshot = [];
+  subscribers = /* @__PURE__ */ new Set();
+  notify() {
+    for (const sub of this.subscribers) sub();
+  }
+  async refreshSnapshot() {
+    const data = await this.findMany();
+    this.snapshot = data;
+    this.notify();
+  }
+  subscribe(listener) {
+    this.subscribers.add(listener);
+    this.refreshSnapshot().catch((err) => console.error("[MPB LocalKit] subscribe refreshSnapshot failed:", err));
+    return () => {
+      this.subscribers.delete(listener);
+    };
+  }
+  getSnapshot() {
+    return this.snapshot;
+  }
+  async create(data) {
+    const doc = await super.create(data);
+    await this.refreshSnapshot();
+    return doc;
+  }
+  async update(id, data) {
+    const doc = await super.update(id, data);
+    await this.refreshSnapshot();
+    return doc;
+  }
+  async delete(id) {
+    await super.delete(id);
+    await this.refreshSnapshot();
+  }
+};
+
+// src/core/client/events.ts
+var AuthStore = class {
+  constructor(adapter) {
+    this.adapter = adapter;
+    this.state = {
+      user: adapter.currentUser(),
+      token: adapter.getToken(),
+      isLoading: false
+    };
+  }
+  state;
+  listeners = /* @__PURE__ */ new Set();
+  subscribe(listener) {
+    this.listeners.add(listener);
+    return () => {
+      this.listeners.delete(listener);
+    };
+  }
+  getSnapshot() {
+    return this.state;
+  }
+  notify() {
+    for (const l of this.listeners) l();
+  }
+  async signUp(credentials) {
+    this.state = { ...this.state, isLoading: true };
+    this.notify();
+    try {
+      const user = await this.adapter.signUp(credentials);
+      this.state = { user, token: this.adapter.getToken(), isLoading: false };
+      this.notify();
+      return user;
+    } catch (err) {
+      this.state = { ...this.state, isLoading: false };
+      this.notify();
+      throw err;
+    }
+  }
+  async signIn(credentials) {
+    this.state = { ...this.state, isLoading: true };
+    this.notify();
+    try {
+      const user = await this.adapter.signIn(credentials);
+      this.state = { user, token: this.adapter.getToken(), isLoading: false };
+      this.notify();
+      return user;
+    } catch (err) {
+      this.state = { ...this.state, isLoading: false };
+      this.notify();
+      throw err;
+    }
+  }
+  async signOut() {
+    await this.adapter.signOut();
+    this.state = { user: null, token: null, isLoading: false };
+    this.notify();
+  }
+  currentUser() {
+    return this.state.user;
+  }
+  getToken() {
+    return this.state.token;
+  }
+  /**
+   * Revalidate a cached session against the server.
+   * Delegates to the inner adapter's `revalidateSession` if it supports it.
+   *
+   * @returns The revalidated user, or `null` if the session is invalid or the adapter does not support revalidation.
+   */
+  async revalidateSession() {
+    if (!this.adapter.revalidateSession) return null;
+    const user = await this.adapter.revalidateSession();
+    this.state = {
+      user,
+      token: this.adapter.getToken(),
+      isLoading: false
+    };
+    this.notify();
+    return user;
+  }
+};
+var SyncStore = class {
+  state = { status: "idle", lastSyncAt: null };
+  listeners = /* @__PURE__ */ new Set();
+  subscribe(listener) {
+    this.listeners.add(listener);
+    return () => {
+      this.listeners.delete(listener);
+    };
+  }
+  getSnapshot() {
+    return this.state;
+  }
+  setStatus(status, lastSyncAt) {
+    this.state = {
+      status,
+      lastSyncAt: lastSyncAt !== void 0 ? lastSyncAt : this.state.lastSyncAt
+    };
+    for (const l of this.listeners) l();
+  }
+};
+
+// src/core/client/app.ts
+function createDeferredBetterAuthClient(baseURL) {
+  let clientPromise = null;
+  function getClient() {
+    if (!clientPromise) {
+      clientPromise = (async () => {
+        try {
+          const mod = await import('better-auth/client');
+          return mod.createAuthClient({
+            baseURL,
+            fetchOptions: {
+              auth: {
+                type: "Bearer",
+                token: () => {
+                  try {
+                    return loadSession()?.token ?? "";
+                  } catch {
+                    return "";
+                  }
+                }
+              }
+            }
+          });
+        } catch {
+          throw new Error(
+            'better-auth is not installed. Run: npm install better-auth\nThe server must enable the bearer plugin: import { bearer } from "better-auth/plugins"'
+          );
+        }
+      })();
+    }
+    return clientPromise;
+  }
+  return {
+    signUp: {
+      email: async (opts) => (await getClient()).signUp.email(opts)
+    },
+    signIn: {
+      email: async (opts) => (await getClient()).signIn.email(opts),
+      social: async (opts) => (await getClient()).signIn.social(opts)
+    },
+    signOut: async () => (await getClient()).signOut(),
+    getSession: async () => (await getClient()).getSession()
+  };
+}
+function resolveAuth(config) {
+  if (!config) {
+    return {
+      signUp: async () => {
+        throw new Error("Auth not configured. Implement AuthAdapter.");
+      },
+      signIn: async () => {
+        throw new Error("Auth not configured. Implement AuthAdapter.");
+      },
+      signOut: async () => {
+        throw new Error("Auth not configured. Implement AuthAdapter.");
+      },
+      currentUser: () => null,
+      getToken: () => null
+    };
+  }
+  if ("type" in config) {
+    if (config.type === "email-password") {
+      return new EmailPasswordAuth({ endpoint: config.endpoint });
+    }
+    if (config.type === "better-auth") {
+      return new BetterAuthAdapter({ client: createDeferredBetterAuthClient(config.baseURL) });
+    }
+  }
+  const adapter = config;
+  if (typeof adapter.signUp !== "function" || typeof adapter.signIn !== "function" || typeof adapter.signOut !== "function" || typeof adapter.currentUser !== "function" || typeof adapter.getToken !== "function") {
+    throw new Error("Invalid auth config: must implement AuthAdapter interface (signUp, signIn, signOut, currentUser, getToken)");
+  }
+  return adapter;
+}
+function createApp(config) {
+  const storage = config.storage ?? new MemoryAdapter();
+  const RESERVED_KEYS = ["auth", "errors", "syncStore", "sync"];
+  for (const name of Object.keys(config.collections)) {
+    if (RESERVED_KEYS.includes(name)) {
+      throw new Error(`Collection name "${name}" conflicts with reserved key`);
+    }
+  }
+  const collections = {};
+  for (const [name, descriptor] of Object.entries(config.collections)) {
+    collections[name] = new ObservableCollectionImpl(descriptor.schema, name, storage, descriptor.version, descriptor.migrate);
+  }
+  const errors = new ErrorManager(storage, config.errorTracking);
+  const authStore = new AuthStore(resolveAuth(config.auth));
+  const syncStore = new SyncStore();
+  let syncAPI;
+  if (config.sync?.endpoint) {
+    const syncConfig = {
+      endpoint: config.sync.endpoint,
+      interval: config.sync.interval ?? 3e4,
+      enabled: config.sync.enabled ?? true,
+      conflictResolver: config.sync.conflictResolver,
+      transport: config.sync.transport
+    };
+    const engine = new SyncEngine(storage, syncConfig);
+    engine.setToken(authStore.getToken());
+    const unsubAuth = authStore.subscribe(() => engine.setToken(authStore.getToken()));
+    engine.on("sync:start", () => syncStore.setStatus("syncing"));
+    engine.on("sync:complete", () => syncStore.setStatus("idle", engine.getLastSyncAt()));
+    engine.on("sync:error", () => syncStore.setStatus(engine.getStatus()));
+    let intervalId = null;
+    const onOnline = () => {
+      void engine.sync();
+    };
+    syncAPI = {
+      push: () => engine.push(),
+      pull: () => engine.pull(),
+      start() {
+        if (!syncConfig.enabled) return;
+        intervalId = setInterval(() => {
+          void engine.sync();
+        }, syncConfig.interval);
+        if (typeof window !== "undefined") {
+          window.addEventListener("online", onOnline);
+        }
+      },
+      stop() {
+        if (intervalId !== null) {
+          clearInterval(intervalId);
+          intervalId = null;
+        }
+        if (typeof window !== "undefined") {
+          window.removeEventListener("online", onOnline);
+        }
+        unsubAuth();
+      },
+      get status() {
+        return engine.getStatus();
+      }
+    };
+  }
+  return {
+    ...collections,
+    auth: authStore,
+    errors,
+    syncStore,
+    ...syncAPI !== void 0 ? { sync: syncAPI } : {}
+  };
+}
+
+// src/core/query.ts
+var localkitKeys = {
+  all: ["localkit"],
+  collection: (name) => ["localkit", name],
+  collectionQuery: (name, opts) => ["localkit", name, JSON.stringify(opts)]
+};
+function collectionQueryOptions(collection2, queryOptions) {
+  const queryKey = queryOptions ? localkitKeys.collectionQuery(collection2.name, queryOptions) : localkitKeys.collection(collection2.name);
+  return {
+    queryKey,
+    queryFn: () => collection2.findMany(queryOptions)
+  };
+}
+function subscribeToCollection(collection2, queryClient) {
+  const queryKey = localkitKeys.collection(collection2.name);
+  if (!("subscribe" in collection2)) {
+    return () => {
+    };
+  }
+  const obs = collection2;
+  return obs.subscribe(() => {
+    void queryClient.invalidateQueries({ queryKey });
+  });
+}
+
+export { AutoTransport, BetterAuthAdapter, EmailPasswordAuth, EncryptedStorageAdapter, HttpTransport, OfflineSessionAdapter, SyncEngine, WebSocketTransport, collection, collectionQueryOptions, createApp, encrypted, generateId, hashPassword, localkitKeys, migrateToEncrypted, reEncryptAll, resolveConflict, rewrapKey, setupFocusTrigger, setupIntervalTrigger, setupReconnectTrigger, subscribeToCollection };
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map