odac 1.3.0 → 1.4.1

package/.agent/rules/memory.md

@@ -36,7 +36,16 @@ trigger: always_on
 ## Naming & Text Conventions
 - **ODAC Casing:** Always write "ODAC" in uppercase letters when referring to the framework name in strings, comments, log messages, or user-facing text. **EXCEPTION:** The class name itself (`class Odac`) and variable references to it should remain `Odac` (PascalCase) as per code conventions.
 
+## Documentation Standards
+- **AI Skill Front Matter:** Every file under `docs/ai/skills/**/*.md` must start with YAML front matter containing `name`, `description`, and `metadata.tags`; values must be specific to that document's topic (never copied from generic examples).
+
 ## Testing & Validation
 - **Mandatory Test Coverage:** Every new feature, method, or significant logic change MUST be accompanied by a corresponding unit or integration test.
     - **Verify Correctness:** do not assume code works; prove it with a test that covers both success and failure scenarios (e.g., edge cases, error conditions).
-    - **Update Existing Tests:** If a feature modifies existing behavior, update the relevant tests to reflect the new logic and ensure they pass.
+    - **Update Existing Tests:** If a feature modifies existing behavior, update the relevant tests to reflect the new logic and ensure they pass.
+
+## Client Library (odac.js)
+- **Automatic JSON Parsing:** The `#ajax` method (and by extension `odac.get`) must automatically parse the response if the `Content-Type` header contains `application/json`, even if `dataType` is not explicitly set to `json`.
+
+## Security Logic & Authentication
+- **Enterprise Token Rotation:** The `Auth.js` system utilizes a non-blocking refresh token rotation mechanism for cookies (`odac_x`/`odac_y`). To prevent race conditions during concurrent requests in high-throughput SPAs, rotated tokens are **not** immediately deleted. Instead, their `active` timestamp is set to naturally expire in 60 seconds (Grace Period), and their `date` timestamp is set to the Unix Epoch (`new Date(0)`) as an identifier mark. Never delete rotated tokens immediately.

package/.github/workflows/release.yml

@@ -41,10 +41,6 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: npx semantic-release
-
-      - name: Publish to npm
-        run: npm publish --provenance --access public
-      
       - name: Get version
         id: version
         run: echo "version=$(node -p "require('./package.json').version")" >> $GITHUB_OUTPUT
@@ -66,6 +62,7 @@ jobs:
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           michelangelo: ${{ secrets.MICHELANGELO }}
+          version: ${{ steps.version.outputs.version }}
         timeout-minutes: 15
         continue-on-error: true
 
@@ -100,7 +97,6 @@ jobs:
         if: steps.ai_notes.outcome == 'success' && steps.version.outputs.version != ''
         with:
           tag_name: v${{ steps.version.outputs.version }}
-          name: ${{ steps.ai_notes.outputs.release-title }}
           body_path: RELEASE_NOTE.md
           draft: false
           prerelease: false

package/AGENTS.md

@@ -0,0 +1,47 @@
+# ODAC Agent Instructions
+
+You are an AI Agent operating within the **ODAC Framework** repository. This document outlines the core principles, architectural standards, and operational guidelines you MUST follow to maintain the integrity and performance of this enterprise-grade system.
+
+## 1. Project Identity & Philosophy
+- **Name:** ODAC (Always uppercase in strings/docs/logs).
+- **Core Goal:** To provide a robust, zero-config, high-performance Node.js framework for distributed cloud applications.
+- **The "Big 3" Priorities:**
+    1. **Enterprise-Level Security:** Security is foundational. Default to secure, validate all inputs, sanitize all outputs.
+    2. **Zero-Config:** Works out-of-the-box. Convention over configuration.
+    3. **High Performance:** Optimize for throughput and low latency (Sub-millisecond targets).
+
+## 2. Architectural Principles
+- **Asynchronous & Non-Blocking:** Exclusively use non-blocking I/O. Use `fs.promises` instead of sync methods.
+- **Dependency Injection (DI):** Build components with DI for maximum testability.
+- **Single Responsibility Principle (SRP):** Keep classes and functions focused and small.
+- **Memory Management:** Be paranoid about leaks. Clean up listeners, streams, and connections.
+- **O(n log n) Bound:** Prioritize O(1) or O(n log n) algorithms. Justify any O(n²) operations.
+
+## 3. Coding Standards & Integrity
+- **Modern JavaScript:** Use ES6+ features, ES Modules (import/export). 
+- **Strictly Prohibited:** **No usage of `var`**. Use `const` (preferred) or `let`.
+- **Fail-Fast Pattern:** Implement early returns for negative cases. Avoid deeply nested `if/else`.
+- **Anti-Spaghetti Rules:**
+    - Resolve Promises upfront (e.g., `Promise.all`) before loops.
+    - Avoid mixing `await` inside deep logic.
+    - Capture mutable state synchronously before async operations.
+- **No Quick/Lazy Fixes:** Implement correctly from the start. Refactor if necessary; no "band-aid" patches.
+
+## 4. Technical Constraints (Strict Compliance)
+- **Session Safety:** `Odac.Request.setSession()` MUST be called before accessing `Odac.Request.session()`.
+- **Structured Logging:** No `console.log`. Use the internal JSON logger with appropriate levels.
+- **Native APIs:** Prefer native Node.js/Browser APIs (like `fetch`) over external libraries to minimize overhead.
+- **Token Rotation:** In `Auth.js`, use the 60-second grace period for rotated tokens. Never delete them immediately.
+- **Ajax Parsing:** `odac.js` must automatically parse JSON responses if headers allow.
+
+## 5. Testing & Documentation
+- **TDD Requirement:** No feature is complete without unit/integration tests covering both success and edge cases.
+- **Documentation:** Every exported member must have JSDoc explaining *Why* it exists, not just *What* it does.
+- **No User Dialogues in Code:** Do not include assistant-user interaction in comments or code files.
+
+## 6. Communication Style
+- **Authoritative & Precise:** Be the expert. Do not explain basic concepts.
+- **Proactive Correction:** If the user suggests a sub-optimal or insecure pattern (e.g., synchronous reads), refuse and implement the correct async version, explaining the trade-off.
+
+---
+*Note: This file is a living document. Updates should be reflected in `memory.md` and subsequent AI interactions.*

package/CHANGELOG.md

@@ -1,3 +1,61 @@
+### doc
+
+- enhance AI skills documentation with structured YAML front matter and detailed descriptions
+
+### ⚙️ Engine Tuning
+
+- **database:** centralize knex connection bootstrap for runtime and CLI
+
+### 📚 Documentation
+
+- add section for loading and updating AI skills in projects
+
+### 🛠️ Fixes & Improvements
+
+- **auth:** improve token rotation logic and ensure proper cookie attributes
+- **cli:** parse .env values consistently in migration loader
+- **config:** update interpolation regex to support variable names with hyphens
+- **migration:** normalize column-level unique constraints and enhance idempotency in migrations
+- **release:** add version output to release notes and update release title condition
+
+
+
+---
+
+Powered by [⚡ ODAC](https://odac.run)
+
+### ⚙️ Engine Tuning
+
+- Extract MIME type definitions into a dedicated module.
+
+### ⚡️ Performance Upgrades
+
+- prevent redundant database table migration calls by introducing a static cache to track completed migrations.
+
+### ✨ What's New
+
+- add comprehensive ODAC Agent instructions and guidelines
+- **auth:** implement enterprise refresh token rotation with grace period and session persistence
+- Automatically parse JSON responses in client-side AJAX requests based on the `Content-Type` header.
+- implement comprehensive AI agent skills system and automated CLI setup
+
+### 🛠️ Fixes & Improvements
+
+- add HTML escaping functionality to Form class and corresponding tests
+- **ai:** correct target path for syncing AI skills
+- **auth:** replace magic number with constant for rotated token threshold
+- **auth:** replace magic number with constant for token rotation grace period
+- enhance odac:form parser with nested quotes and dynamic binding support
+- **route:** support nested property paths in actions and resolve App class conflict
+- **view:** ensure odac:for with 'in' attribute parses correctly as javascript
+- **view:** implement clear attribute in odac:form to control auto-clearing
+
+
+
+---
+
+Powered by [⚡ ODAC](https://odac.run)
+
 ### ⚙️ Engine Tuning
 
 - Improve disposable domain cache management by relocating the cache path, ensuring directory existence, and standardizing error logging.

package/README.md

@@ -10,7 +10,7 @@
 *   🔗 **Powerful Routing:** Create clean, custom URLs and manage infinite pages with a flexible routing system.
 *   ✨ **Seamless SPA Experience:** Automatic AJAX handling for forms and page transitions eliminates the need for complex client-side code.
 *   🛡️ **Built-in Security:** Automatic CSRF protection and secure default headers keep your application safe.
-*   🔐 **Authentication:** Ready-to-use session management, password hashing, and authentication helpers.
+*   🔐 **Authentication:** Ready-to-use session management with enterprise-grade **Refresh Token Rotation**, secure password hashing, and authentication helpers.
 *   🗄️ **Database Agnostic:** Integrated support for major databases (PostgreSQL, MySQL, SQLite) and Redis via Knex.js.
 *   🌍 **i18n Support:** Native multi-language support to help you reach a global audience.
 *   ⏰ **Task Scheduling:** Built-in Cron job system for handling background tasks and recurring operations.
@@ -53,6 +53,16 @@ cd my-app
 npm run dev
 ```
 
+## 🤖 AI Skills in Projects
+
+Load or update ODAC skills from your project root with:
+
+```bash
+npx odac skills
+```
+
+This command syncs built-in skills to your selected AI tool folder and can be re-run anytime to update them.
+
 ## 📂 Project Structure
 
 ```

package/bin/odac.js

@@ -5,6 +5,8 @@ const path = require('node:path')
 const readline = require('node:readline')
 const {execSync, spawn} = require('node:child_process')
 const cluster = require('node:cluster')
+const Env = require('../src/Env')
+const {buildConnections} = require('../src/Database/ConnectionFactory')
 
 const command = process.argv[2]
 const args = process.argv.slice(3)
@@ -16,6 +18,72 @@ const rl = readline.createInterface({
 
 const ask = question => new Promise(resolve => rl.question(question, answer => resolve(answer.trim())))
 
+/**
+ * Interactive selection menu for CLI.
+ * @param {string} title Menu title
+ * @param {string[]} options List of choice strings
+ * @returns {Promise<number>} Selected index
+ */
+const select = async (title, options) => {
+  if (!process.stdout.isTTY) return 0
+
+  return new Promise(resolve => {
+    let current = 0
+    const hideCursor = '\u001B[?25l'
+    const showCursor = '\u001B[?25h'
+
+    // Calculate total lines the title occupies
+    const titleLines = title.split('\n')
+    const totalLines = titleLines.length + options.length
+
+    const render = () => {
+      // Clear all lines we previously wrote
+      titleLines.forEach(line => {
+        process.stdout.write('\r\x1b[K' + line + '\n')
+      })
+      options.forEach((opt, i) => {
+        const line = i === current ? `\x1b[36m  ❯ ${opt}\x1b[0m` : `    ${opt}`
+        process.stdout.write('\r\x1b[K' + line + '\n')
+      })
+      process.stdout.write(`\x1b[${totalLines}A`) // Move back to the very start
+    }
+
+    process.stdout.write(hideCursor)
+    if (!process.stdin.isRaw) {
+      process.stdin.setRawMode(true)
+      process.stdin.resume()
+    }
+    readline.emitKeypressEvents(process.stdin)
+
+    render()
+
+    const onKey = (str, key) => {
+      if (key.name === 'up') {
+        current = current > 0 ? current - 1 : options.length - 1
+        render()
+      } else if (key.name === 'down') {
+        current = current < options.length - 1 ? current + 1 : 0
+        render()
+      } else if (key.name === 'return' || key.name === 'enter') {
+        cleanup()
+        process.stdout.write(`\x1b[${totalLines}B\n`) // Move down past everything
+        resolve(current)
+      } else if (key.ctrl && key.name === 'c') {
+        cleanup()
+        process.exit()
+      }
+    }
+
+    const cleanup = () => {
+      process.stdin.removeListener('keypress', onKey)
+      if (process.stdin.isRaw) process.stdin.setRawMode(false)
+      process.stdout.write(showCursor)
+    }
+
+    process.stdin.on('keypress', onKey)
+  })
+}
+
 /**
  * Resolves Tailwind CSS paths and ensures required directories/files exist.
  * Supports multiple CSS entry points from 'view/css'.
@@ -73,6 +141,276 @@ function getTailwindConfigs() {
   return configs
 }
 
+/**
+ * Manages the AI Agent skills synchronization.
+ * @param {string} targetDir The directory to sync skills into.
+ */
+async function manageSkills(targetDir = process.cwd()) {
+  const aiSourceDir = path.resolve(__dirname, '../docs/ai')
+
+  if (!fs.existsSync(aiSourceDir)) {
+    console.error('❌ AI components not found in framework.')
+    return
+  }
+
+  const options = [
+    'Antigravity / Cascade (.agent/skills)',
+    'Claude / Projects (.claude/skills)',
+    'Continue (.continue/skills)',
+    'Cursor (.cursor/skills)',
+    'Kilo Code (.kilocode/skills)',
+    'Kiro CLI (.kiro/skills)',
+    'Qwen Code (.qwen/skills)',
+    'Windsurf (.windsurf/skills)',
+    'Custom Path',
+    'Skip / Cancel'
+  ]
+
+  const choiceIndex = await select('\n🤖 \x1b[36mODAC AI Agent Skills Manager\x1b[0m\nSelect your AI Agent / IDE for setup:', options)
+
+  let targetSubDir = ''
+  let copySkillsOnly = true
+
+  const SKIP_INDEX = 9
+  const CUSTOM_INDEX = 8
+
+  if (choiceIndex === SKIP_INDEX) return // Skip / Cancel
+
+  switch (choiceIndex) {
+    case 0:
+      targetSubDir = '.agent/skills'
+      break
+    case 1:
+      targetSubDir = '.claude/skills'
+      break
+    case 2:
+      targetSubDir = '.continue/skills'
+      break
+    case 3:
+      targetSubDir = '.cursor/skills'
+      break
+    case 4:
+      targetSubDir = '.kilocode/skills'
+      break
+    case 5:
+      targetSubDir = '.kiro/skills'
+      break
+    case 6:
+      targetSubDir = '.qwen/skills'
+      break
+    case 7:
+      targetSubDir = '.windsurf/skills'
+      break
+    case CUSTOM_INDEX:
+      targetSubDir = await ask('Enter custom path: ')
+      copySkillsOnly = false
+      break
+    default:
+      return
+  }
+
+  const targetBase = path.resolve(targetDir, targetSubDir)
+  const targetPath = targetBase
+
+  try {
+    fs.mkdirSync(targetPath, {recursive: true})
+
+    if (copySkillsOnly) {
+      const skillsSource = path.join(aiSourceDir, 'skills')
+      fs.cpSync(skillsSource, targetPath, {recursive: true})
+    } else {
+      fs.cpSync(aiSourceDir, targetPath, {recursive: true})
+    }
+
+    console.log(`\n✨ AI skills successfully synced to: \x1b[32m${targetSubDir}\x1b[0m`)
+    console.log('Your AI Agent now has full knowledge of the ODAC Framework. 🚀')
+  } catch (err) {
+    console.error('❌ Failed to sync AI skills:', err.message)
+  }
+}
+
+/**
+ * Bootstraps the database and migration engine, then executes the requested migration command.
+ * Why: Migration commands need DB connections but not the full server stack.
+ * @param {string} cmd - The migration subcommand
+ * @param {string[]} cliArgs - CLI arguments (e.g. --db=analytics)
+ */
+async function runMigration(cmd, cliArgs) {
+  const projectDir = process.cwd()
+  const envPath = path.join(projectDir, '.env')
+  const configPath = path.join(projectDir, 'odac.json')
+
+  // Load .env
+  if (fs.existsSync(envPath)) {
+    const envContent = fs.readFileSync(envPath, 'utf8')
+    envContent.split('\n').forEach(line => {
+      line = line.trim()
+      if (!line || line.startsWith('#')) return
+      const idx = line.indexOf('=')
+      if (idx === -1) return
+      const key = line.slice(0, idx).trim()
+      const value = Env._parseValue(line.slice(idx + 1).trim())
+      if (process.env[key] === undefined) process.env[key] = value
+    })
+  }
+
+  // Load config
+  if (!fs.existsSync(configPath)) {
+    console.error('❌ No odac.json found in current directory.')
+    process.exit(1)
+  }
+
+  let config
+  try {
+    let raw = fs.readFileSync(configPath, 'utf8')
+    config = JSON.parse(raw)
+    // Interpolate env vars safely by traversing parsed object values.
+    const interpolateConfig = input => {
+      if (typeof input === 'string') {
+        return input.replace(/\$\{([^{}]+)\}/g, (_, key) => process.env[key] || '')
+      }
+
+      if (Array.isArray(input)) {
+        return input.map(item => interpolateConfig(item))
+      }
+
+      if (input && typeof input === 'object') {
+        const output = {}
+        for (const key of Object.keys(input)) {
+          output[key] = interpolateConfig(input[key])
+        }
+        return output
+      }
+
+      return input
+    }
+
+    config = interpolateConfig(config)
+  } catch (err) {
+    console.error('❌ Failed to parse odac.json:', err.message)
+    process.exit(1)
+  }
+
+  const dbConfig = config.database
+  if (!dbConfig) {
+    console.error('❌ No database configuration found in odac.json.')
+    process.exit(1)
+  }
+
+  const connections = buildConnections(dbConfig)
+
+  for (const key of Object.keys(connections)) {
+    try {
+      await connections[key].raw('SELECT 1')
+    } catch (e) {
+      console.error(`❌ Failed to connect to '${key}' database:`, e.message)
+      process.exit(1)
+    }
+  }
+
+  // Parse --db flag
+  const dbFlag = cliArgs.find(a => a.startsWith('--db='))
+  const options = dbFlag ? {db: dbFlag.split('=')[1]} : {}
+
+  // Initialize migration engine
+  const Migration = require('../src/Database/Migration')
+  Migration.init(projectDir, connections)
+
+  try {
+    if (cmd === 'migrate') {
+      console.log('🔄 Running migrations...\n')
+      const summary = await Migration.migrate(options)
+      printMigrationSummary(summary)
+    } else if (cmd === 'migrate:status') {
+      console.log('📋 Migration Status (dry-run):\n')
+      const summary = await Migration.status(options)
+      printMigrationSummary(summary)
+    } else if (cmd === 'migrate:rollback') {
+      console.log('⏪ Rolling back last batch...\n')
+      const summary = await Migration.rollback(options)
+      printMigrationSummary(summary)
+    } else if (cmd === 'migrate:snapshot') {
+      console.log('📸 Generating schema files from database...\n')
+      const result = await Migration.snapshot(options)
+      for (const [key, files] of Object.entries(result)) {
+        console.log(`  \x1b[36m${key}\x1b[0m: ${files.length} schema file(s) generated`)
+        for (const f of files) {
+          console.log(`    → ${path.relative(projectDir, f)}`)
+        }
+      }
+      console.log('\n✅ Snapshot complete.')
+    }
+  } catch (err) {
+    console.error('❌ Migration error:', err.message)
+    process.exit(1)
+  } finally {
+    for (const conn of Object.values(connections)) {
+      await conn.destroy()
+    }
+  }
+}
+
+/**
+ * Formats and prints migration operation summary to stdout.
+ * @param {object} summary - Migration result per connection
+ */
+function printMigrationSummary(summary) {
+  let totalOps = 0
+
+  for (const [key, result] of Object.entries(summary)) {
+    console.log(`  \x1b[36m[${key}]\x1b[0m`)
+
+    const allOps = [...(result.schema || []), ...(result.files || []), ...(result.seeds || [])]
+
+    if (allOps.length === 0) {
+      console.log('    Nothing to do.')
+    }
+
+    for (const op of allOps) {
+      totalOps++
+      const label = formatOp(op)
+      console.log(`    ${label}`)
+    }
+    console.log('')
+  }
+
+  console.log(totalOps > 0 ? `✅ ${totalOps} operation(s) completed.` : '✅ Everything is up to date.')
+}
+
+/**
+ * Formats a single migration operation for CLI display.
+ * @param {object} op - Operation descriptor
+ * @returns {string} Formatted label
+ */
+function formatOp(op) {
+  switch (op.type) {
+    case 'create_table':
+      return `\x1b[32m+ CREATE TABLE\x1b[0m ${op.table}`
+    case 'add_column':
+      return `\x1b[32m+ ADD COLUMN\x1b[0m ${op.table}.${op.column}`
+    case 'drop_column':
+      return `\x1b[31m- DROP COLUMN\x1b[0m ${op.table}.${op.column}`
+    case 'alter_column':
+      return `\x1b[33m~ ALTER COLUMN\x1b[0m ${op.table}.${op.column}`
+    case 'add_index':
+      return `\x1b[32m+ ADD INDEX\x1b[0m ${op.table} (${op.index.columns.join(', ')})`
+    case 'drop_index':
+      return `\x1b[31m- DROP INDEX\x1b[0m ${op.table} (${op.index.columns.join(', ')})`
+    case 'pending_file':
+      return `\x1b[33m⏳ PENDING\x1b[0m ${op.name}`
+    case 'applied_file':
+      return `\x1b[32m✓ APPLIED\x1b[0m ${op.name}`
+    case 'rolled_back':
+      return `\x1b[33m↩ ROLLED BACK\x1b[0m ${op.name}`
+    case 'seed_insert':
+      return `\x1b[32m+ SEED INSERT\x1b[0m ${op.table} (${op.key})`
+    case 'seed_update':
+      return `\x1b[33m~ SEED UPDATE\x1b[0m ${op.table} (${op.key})`
+    default:
+      return `  ${op.type}`
+  }
+}
+
 async function run() {
   if (command === 'init') {
     const projectName = args[0] || '.'
@@ -110,10 +448,21 @@ async function run() {
       }
 
       console.log('\n✨ Project initialized successfully!')
+
+      // Interactive AI Skills setup
+      if (process.stdout.isTTY) {
+        const setupAIIndex = await select('\n🤖 Should we setup AI Agent skills for your IDE?', ['Yes', 'No'])
+        if (setupAIIndex === 0) {
+          await manageSkills(targetDir)
+        } else {
+          console.log('\n💡 \x1b[33mTip:\x1b[0m You can always run \x1b[36mnpx odac skills\x1b[0m later.')
+        }
+      }
     } catch (error) {
       console.error('❌ Error initializing project:', error.message)
     }
   } else if (command === 'dev') {
+    // ... existing dev logic ...
     if (cluster.isPrimary) {
       const configs = getTailwindConfigs()
       const tails = []
@@ -134,20 +483,16 @@ async function run() {
 
           tailwindProcess = spawn(cmd, args, {
             stdio: ['pipe', 'ignore', 'pipe'],
-            shell: !useLocal, // Valid for npm/npx compatibility if local not found
+            shell: !useLocal,
             cwd: process.cwd()
           })
 
-          // Filter stderr: suppress status noise, forward only real errors
           tailwindProcess.stderr.on('data', chunk => {
             const raw = chunk.toString()
             const lines = raw.split('\n')
             for (const line of lines) {
-              // Strip ANSI escape codes to ensure reliable filtering
               const clean = line.replace(/\x1B\[[0-9;]*[JKmsu]/g, '').trim()
-
               if (!clean || clean.startsWith('Done in') || clean.startsWith('≈')) continue
-
               process.stderr.write(`\x1b[31m[ODAC Style Error]\x1b[0m ${line}\n`)
             }
           })
@@ -166,7 +511,6 @@ async function run() {
 
         startWatcher()
 
-        // Push a wrapper compatible with the cleanup function
         tails.push({
           kill: () => {
             if (tailwindProcess) tailwindProcess.kill()
@@ -214,6 +558,10 @@ async function run() {
   } else if (command === 'start') {
     process.env.NODE_ENV = 'production'
     require('../index.js')
+  } else if (command === 'skills') {
+    await manageSkills()
+  } else if (command === 'migrate' || command === 'migrate:status' || command === 'migrate:rollback' || command === 'migrate:snapshot') {
+    await runMigration(command, args)
   } else {
     console.log('Usage:')
     console.log('  npx odac init            (Interactive mode)')
@@ -221,6 +569,11 @@ async function run() {
     console.log('  npx odac dev             (Development mode)')
     console.log('  npx odac build           (Production build)')
     console.log('  npx odac start           (Start server)')
+    console.log('  npx odac skills          (Sync AI Agent skills)')
+    console.log('  npx odac migrate         (Run pending migrations)')
+    console.log('  npx odac migrate:status  (Show pending changes)')
+    console.log('  npx odac migrate:rollback (Rollback last batch)')
+    console.log('  npx odac migrate:snapshot (Reverse-engineer DB to schema/)')
   }
 
   rl.close()

package/client/odac.js

@@ -142,13 +142,18 @@ if (typeof window !== 'undefined') {
       xhr.onload = () => {
         if (xhr.status >= 200 && xhr.status < 300) {
           let responseData = xhr.responseText
-          if (dataType === 'json') {
+          const contentTypeHeader = xhr.getResponseHeader('Content-Type')
+          const isJson = dataType === 'json' || (contentTypeHeader && contentTypeHeader.includes('application/json'))
+
+          if (isJson) {
             try {
               responseData = JSON.parse(responseData)
             } catch (e) {
-              console.error('JSON parse error:', e)
-              error(xhr, 'parseerror', e)
-              return
+              if (dataType === 'json') {
+                console.error('JSON parse error:', e)
+                error(xhr, 'parseerror', e)
+                return
+              }
             }
           }
 
@@ -596,7 +601,7 @@ if (typeof window !== 'undefined') {
             }
           },
           xhr: () => {
-            var xhr = new window.XMLHttpRequest()
+            const xhr = new window.XMLHttpRequest()
             xhr.upload.addEventListener(
               'progress',
               evt => {
@@ -661,24 +666,23 @@ if (typeof window !== 'undefined') {
         this.#token.listener = true
       }
       if (!this.#token.hash.length) {
-        var req = new XMLHttpRequest()
+        const req = new XMLHttpRequest()
         req.open('GET', '/', false)
         req.setRequestHeader('X-Odac', 'token')
         req.setRequestHeader('X-Odac-Client', this.client())
         req.send(null)
-        var req_data = JSON.parse(req.response)
+        const req_data = JSON.parse(req.response)
         if (req_data.token) this.#token.hash.push(req_data.token)
       }
-      this.#token.hash.filter(n => n)
-      var return_token = this.#token.hash.shift()
+      this.#token.hash = this.#token.hash.filter(n => n)
+      const return_token = this.#token.hash.shift()
       if (!this.#token.hash.length)
         this.#ajax({
           url: '/',
           type: 'GET',
           headers: {'X-Odac': 'token', 'X-Odac-Client': this.client()},
           success: data => {
-            var result = JSON.parse(JSON.stringify(data))
-            if (result.token) this.#token.hash.push(result.token)
+            if (data.token) this.#token.hash.push(data.token)
           }
         })
       return return_token