zitejs 0.9.8 → 0.9.9

package/dist/cjs/auth/config.js

@@ -0,0 +1,38 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getFlowId = getFlowId;
+exports.getApiUrl = getApiUrl;
+exports.getAuthPageUrl = getAuthPageUrl;
+exports.getDbToken = getDbToken;
+const env_js_1 = require("../internal/env.js");
+const API_ENVIRONMENTS = {
+    production: 'https://api.fillout.com',
+    staging: 'https://api.filloutstaging.com',
+    local: 'http://localhost:2502',
+};
+const AUTH_PAGE_ENVIRONMENTS = {
+    production: 'https://zite.com/auth',
+    staging: 'https://zitestaging.com/auth',
+    local: 'http://localhost:3000/auth',
+};
+function getFlowId() {
+    const id = (0, env_js_1.getEnv)('ZITE_FLOW_ID', 'VITE_ZITE_FLOW_ID') ?? '';
+    if (!id) {
+        const win = typeof window !== 'undefined' ? window : undefined;
+        const config = win?.__ziteConfig;
+        if (config?.id)
+            return config.id;
+    }
+    return id;
+}
+function getApiUrl() {
+    const env = (0, env_js_1.getEnv)('ZITE_ENV', 'VITE_ZITE_ENV') ?? 'production';
+    return (0, env_js_1.getEnv)('ZITE_API_URL', 'VITE_ZITE_API_URL') ?? API_ENVIRONMENTS[env] ?? API_ENVIRONMENTS.production;
+}
+function getAuthPageUrl() {
+    const env = (0, env_js_1.getEnv)('ZITE_ENV', 'VITE_ZITE_ENV') ?? 'production';
+    return (0, env_js_1.getEnv)('ZITE_AUTH_PAGE_URL', 'VITE_ZITE_AUTH_PAGE_URL') ?? AUTH_PAGE_ENVIRONMENTS[env] ?? AUTH_PAGE_ENVIRONMENTS.production;
+}
+function getDbToken() {
+    return (0, env_js_1.getEnv)('ZITE_DB_TOKEN', 'VITE_ZITE_DB_TOKEN') ?? '';
+}

package/dist/cjs/auth/constants.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AUTH_SDK_VERSION = exports.USAGE_TOKEN_QUERY_PARAM = exports.ZITE_SANDBOX_DOMAINS = exports.ZITE_APP_ACTION_HOSTNAME_PREFIX = exports.ZITE_APP_EDITOR_HOSTNAME_PREFIX = void 0;
+exports.ZITE_APP_EDITOR_HOSTNAME_PREFIX = 'zite-editor-';
+exports.ZITE_APP_ACTION_HOSTNAME_PREFIX = 'zite-action-';
+exports.ZITE_SANDBOX_DOMAINS = [
+    'zite-dev-sandbox.com',
+    'zite-dev-app.com',
+    'zite-sandbox.com',
+    'zite-app.com',
+];
+exports.USAGE_TOKEN_QUERY_PARAM = 'usageToken';
+exports.AUTH_SDK_VERSION = '1.0.0';

package/dist/cjs/auth/index.js

@@ -1,2 +1,281 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.useAuth = useAuth;
+const react_1 = require("react");
+const react_query_1 = require("@tanstack/react-query");
+const config_js_1 = require("./config.js");
+const constants_js_1 = require("./constants.js");
+const _isLocalEnv = typeof window !== 'undefined' &&
+    (window.location.hostname === 'localhost' ||
+        window.location.hostname === '127.0.0.1' ||
+        window.location.hostname.endsWith('.localhost') ||
+        localStorage.getItem('zite.debug.log') === 'true');
+const debugLog = (...args) => {
+    if (_isLocalEnv)
+        console.log(...args);
+};
+const debugWarn = (...args) => {
+    if (_isLocalEnv)
+        console.warn(...args);
+};
+debugLog('[zite/auth-sdk] v' + constants_js_1.AUTH_SDK_VERSION + ' initialized', {
+    appPublicIdentifier: (0, config_js_1.getFlowId)(),
+});
+const isInternalMode = () => {
+    const win = window;
+    if (win._ziteIsInternalMode === undefined) {
+        const search = new URLSearchParams(window.location.search);
+        const isInternalModeParam = search.get('isInternalMode');
+        if (isInternalModeParam !== null) {
+            win._ziteIsInternalMode = isInternalModeParam === 'true';
+        }
+    }
+    const result = !!win._ziteIsInternalMode;
+    debugLog('[zite/auth-sdk] isInternalMode:', result);
+    return result;
+};
+const getZiteAppMode = (hostname) => {
+    const hostnameParts = hostname.split('.');
+    const maybeId = hostnameParts.length > 0 ? hostnameParts[0] : undefined;
+    if (maybeId?.startsWith(constants_js_1.ZITE_APP_EDITOR_HOSTNAME_PREFIX))
+        return 'preview';
+    if (maybeId?.startsWith(constants_js_1.ZITE_APP_ACTION_HOSTNAME_PREFIX))
+        return 'preview';
+    if (constants_js_1.ZITE_SANDBOX_DOMAINS.some(d => hostname === d || hostname.endsWith('.' + d))) {
+        return 'preview';
+    }
+    return 'live';
+};
+async function getToken(code) {
+    const mode = getZiteAppMode(window.location.hostname);
+    const flowId = (0, config_js_1.getFlowId)();
+    const res = await fetch((0, config_js_1.getApiUrl)() +
+        '/v1/zite/public/auth/' +
+        flowId +
+        '/token?mode=' +
+        mode, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ code }),
+    });
+    if (!res.ok) {
+        throw new Error('Failed to get token');
+    }
+    const { token } = await res.json();
+    return token;
+}
+class ZiteAuthenticationError extends Error {
+    status;
+    constructor(message, status) {
+        super(message);
+        this.name = 'ZiteAuthenticationError';
+        this.status = status;
+        Object.setPrototypeOf(this, ZiteAuthenticationError.prototype);
+    }
+}
+async function getCurrentUser() {
+    const token = localStorage.getItem('zite.auth.token');
+    if (!token)
+        return null;
+    const mode = getZiteAppMode(window.location.hostname);
+    const flowId = (0, config_js_1.getFlowId)();
+    const res = await fetch((0, config_js_1.getApiUrl)() +
+        '/v1/zite/public/auth/' +
+        flowId +
+        '/me?mode=' +
+        mode, {
+        method: 'GET',
+        headers: { Authorization: 'Bearer ' + token },
+    });
+    if (res.status === 401) {
+        throw new ZiteAuthenticationError('Unauthorized', res.status);
+    }
+    if (!res.ok)
+        return null;
+    const { user } = await res.json();
+    return user;
+}
+async function getUser() {
+    const win = window;
+    debugLog('[zite/auth-sdk] getUser called', {
+        hasExistingToken: !!localStorage.getItem('zite.auth.token'),
+        hasUsageToken: !!win._ziteUsageToken,
+        windowIsInternalMode: !!win._ziteIsInternalMode,
+        hostname: window.location.hostname,
+    });
+    const isLocalDev = (window.location.hostname === 'localhost' ||
+        window.location.hostname === '127.0.0.1') &&
+        !win._ziteIsInternalMode &&
+        !win._ziteUsageToken &&
+        !localStorage.getItem('zite.auth.token');
+    if (isLocalDev) {
+        try {
+            const rawToken = (0, config_js_1.getDbToken)();
+            const jwt = rawToken?.startsWith('zitejwt_')
+                ? rawToken.slice(8)
+                : rawToken;
+            if (jwt) {
+                const payload = JSON.parse(atob(jwt.split('.')[1]));
+                if (payload.devUser) {
+                    debugLog('[zite/auth-sdk] local dev mode — user from dev JWT:', payload.devUser.email);
+                    return payload.devUser;
+                }
+            }
+        }
+        catch { }
+        debugLog('[zite/auth-sdk] local dev mode — returning fallback mock user');
+        return {
+            id: 'local-dev',
+            email: 'dev@localhost',
+            firstName: 'Local',
+            lastName: 'Developer',
+        };
+    }
+    const code = new URL(window.location.href).searchParams.get('code');
+    if (code) {
+        debugLog('[zite/auth-sdk] exchanging code from URL params for token');
+        const token = await getToken(code);
+        localStorage.setItem('zite.auth.token', token);
+        window.history.replaceState({}, '', window.location.pathname);
+    }
+    if (isInternalMode() && !localStorage.getItem('zite.auth.token')) {
+        const usageToken = win._ziteUsageToken;
+        debugLog('[zite/auth-sdk] internal mode, no token yet. usageToken present:', !!usageToken);
+        if (usageToken) {
+            try {
+                const mode = getZiteAppMode(window.location.hostname);
+                const flowId = (0, config_js_1.getFlowId)();
+                debugLog('[zite/auth-sdk] calling /usage-token endpoint', { mode });
+                const res = await fetch((0, config_js_1.getApiUrl)() +
+                    '/v1/zite/public/auth/' +
+                    flowId +
+                    '/usage-token?mode=' +
+                    mode, {
+                    method: 'POST',
+                    headers: { 'Content-Type': 'application/json' },
+                    body: JSON.stringify({
+                        usageToken,
+                        redirectUrl: window.location.href,
+                    }),
+                });
+                debugLog('[zite/auth-sdk] /usage-token response status:', res.status);
+                if (res.ok) {
+                    const data = await res.json();
+                    if (data.token) {
+                        localStorage.setItem('zite.auth.token', data.token);
+                        debugLog('[zite/auth-sdk] token stored from usage-token response');
+                    }
+                    else if (data.redirectUrl) {
+                        const inlineCode = new URL(data.redirectUrl).searchParams.get('code');
+                        if (inlineCode) {
+                            const token = await getToken(inlineCode);
+                            localStorage.setItem('zite.auth.token', token);
+                            debugLog('[zite/auth-sdk] token stored from usage-token redirect fallback');
+                        }
+                    }
+                }
+                else {
+                    debugWarn('[zite/auth-sdk] /usage-token call failed with status:', res.status);
+                }
+            }
+            catch (err) {
+                debugWarn('[zite/auth-sdk] /usage-token exchange error:', err);
+            }
+        }
+    }
+    else if (isInternalMode()) {
+        debugLog('[zite/auth-sdk] internal mode, existing token found — skipping usage-token exchange');
+    }
+    try {
+        debugLog('[zite/auth-sdk] calling getCurrentUser');
+        const user = await getCurrentUser();
+        if (!user) {
+            debugLog('[zite/auth-sdk] getCurrentUser returned null, clearing token');
+            localStorage.removeItem('zite.auth.token');
+            return null;
+        }
+        debugLog('[zite/auth-sdk] getUser resolved with user:', user.id);
+        return user;
+    }
+    catch (err) {
+        debugWarn('[zite/auth-sdk] getCurrentUser error:', err);
+        if (err instanceof ZiteAuthenticationError) {
+            localStorage.removeItem('zite.auth.token');
+            debugLog('[zite/auth-sdk] cleared token due to auth error (status:', err.status, ')');
+        }
+        return null;
+    }
+}
+function useAuth() {
+    const queryClient = (0, react_query_1.useQueryClient)();
+    const userQuery = (0, react_query_1.useQuery)({
+        queryKey: ['zite.auth.user'],
+        queryFn: getUser,
+        retry: 3,
+        staleTime: Infinity,
+        refetchOnWindowFocus: false,
+        refetchOnReconnect: false,
+        refetchOnMount: false,
+    });
+    const authErrorThrown = (0, react_1.useRef)(false);
+    (0, react_1.useEffect)(() => {
+        if (!userQuery.isPending &&
+            !userQuery.data &&
+            isInternalMode() &&
+            !authErrorThrown.current) {
+            authErrorThrown.current = true;
+            setTimeout(() => {
+                throw new ZiteAuthenticationError('Authentication failed in internal mode. The user could not be resolved after loading completed.', 401);
+            }, 0);
+        }
+    }, [userQuery.isPending, userQuery.data]);
+    (0, react_1.useEffect)(() => {
+        const handler = () => {
+            debugLog('[zite/auth-sdk] received zite:auth-sync event, invalidating user query');
+            queryClient.invalidateQueries({ queryKey: ['zite.auth.user'] });
+        };
+        window.addEventListener('zite:auth-sync', handler);
+        return () => window.removeEventListener('zite:auth-sync', handler);
+    }, [queryClient]);
+    const loginWithRedirect = (0, react_1.useCallback)((opts) => {
+        if (isInternalMode()) {
+            throw new Error('loginWithRedirect is not available in internal mode.');
+        }
+        const authUrl = (0, config_js_1.getAuthPageUrl)();
+        if (!authUrl) {
+            throw new Error('loginWithRedirect: AUTH_URL could not be resolved.');
+        }
+        const url = new URL(authUrl);
+        url.searchParams.set('flowPublicIdentifier', (0, config_js_1.getFlowId)());
+        if (opts?.redirectUrl)
+            url.searchParams.set('redirectUrl', opts.redirectUrl);
+        if (opts?.initialView === 'signup')
+            url.searchParams.set('mode', 'signup');
+        const win = window;
+        if (win._ziteUsageToken) {
+            url.searchParams.set(constants_js_1.USAGE_TOKEN_QUERY_PARAM, win._ziteUsageToken);
+        }
+        window.location.href = url.toString();
+    }, []);
+    const logout = (0, react_1.useCallback)((options) => {
+        if (isInternalMode()) {
+            throw new Error('logout is not available in internal mode.');
+        }
+        localStorage.removeItem('zite.auth.token');
+        queryClient.setQueryData(['zite.auth.user'], null);
+        queryClient.removeQueries({ queryKey: ['zite.auth.user'] });
+        if (window.top !== window.self) {
+            debugLog('[zite/auth-sdk] sending auth.logout to parent');
+            window.parent.postMessage({ type: 'auth.logout', data: {} }, '*');
+        }
+        if (options?.returnTo) {
+            window.location.href = options.returnTo;
+        }
+    }, [queryClient]);
+    return {
+        user: userQuery.data ?? undefined,
+        isLoading: userQuery.isPending,
+        loginWithRedirect,
+        logout,
+    };
+}

package/dist/cjs/caller/index.js

@@ -1,32 +1,22 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.createCaller = createCaller;
+const env_js_1 = require("../internal/env.js");
 const ENVIRONMENTS = {
     production: 'https://workflows.zite.com',
     staging: 'https://workflows.zitestaging.com',
     local: 'http://localhost:2506',
 };
-function getEnv(key, viteKey) {
-    if (typeof process !== 'undefined' && process.env?.[key])
-        return process.env[key];
-    try {
-        // @ts-ignore — import.meta.env is Vite-specific
-        if (viteKey && typeof import.meta !== 'undefined' && import.meta.env?.[viteKey])
-            return import.meta.env[viteKey];
-    }
-    catch { }
-    return undefined;
-}
 function getRunnerUrl() {
-    const env = getEnv('ZITE_ENV', 'VITE_ZITE_ENV') ?? 'production';
-    return getEnv('ZITE_RUNNER_URL', 'VITE_ZITE_RUNNER_URL') ?? ENVIRONMENTS[env] ?? ENVIRONMENTS.production;
+    const env = (0, env_js_1.getEnv)('ZITE_ENV', 'VITE_ZITE_ENV') ?? 'production';
+    return (0, env_js_1.getEnv)('ZITE_RUNNER_URL', 'VITE_ZITE_RUNNER_URL') ?? ENVIRONMENTS[env] ?? ENVIRONMENTS.production;
 }
 function getToken() {
-    return getEnv('ZITE_DB_TOKEN', 'VITE_ZITE_DB_TOKEN') ?? '';
+    return (0, env_js_1.getEnv)('ZITE_DB_TOKEN', 'VITE_ZITE_DB_TOKEN') ?? '';
 }
 function createCaller(endpoint, name, flowId) {
     return async (input) => {
-        const appId = flowId ?? getEnv('ZITE_FLOW_ID', 'VITE_ZITE_FLOW_ID') ?? '';
+        const appId = flowId ?? (0, env_js_1.getEnv)('ZITE_FLOW_ID', 'VITE_ZITE_FLOW_ID') ?? '';
         const res = await fetch(getRunnerUrl() + '/public/' + appId + '/api/' + name, {
             method: 'POST',
             headers: {

package/dist/cjs/internal/env.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getEnv = getEnv;
+function getEnv(key, viteKey) {
+    if (typeof process !== 'undefined' && process.env?.[key])
+        return process.env[key];
+    try {
+        // @ts-ignore — import.meta.env is Vite-specific
+        if (viteKey && typeof import.meta !== 'undefined' && import.meta.env?.[viteKey])
+            return import.meta.env[viteKey];
+    }
+    catch { }
+    return undefined;
+}

package/dist/cjs/runtime/index.js

@@ -3,28 +3,18 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.createCaller = void 0;
 exports.wrapSdkCall = wrapSdkCall;
 exports.createTableClient = createTableClient;
+const env_js_1 = require("../internal/env.js");
 const ENVIRONMENTS = {
     production: 'https://workflows.zite.com',
     staging: 'https://workflows.zitestaging.com',
     local: 'http://localhost:2506',
 };
-function getEnv(key, viteKey) {
-    if (typeof process !== 'undefined' && process.env?.[key])
-        return process.env[key];
-    try {
-        // @ts-ignore — import.meta.env is Vite-specific
-        if (viteKey && typeof import.meta !== 'undefined' && import.meta.env?.[viteKey])
-            return import.meta.env[viteKey];
-    }
-    catch { }
-    return undefined;
-}
 function getRunnerUrl() {
-    const env = getEnv('ZITE_ENV', 'VITE_ZITE_ENV') ?? 'production';
-    return getEnv('ZITE_RUNNER_URL', 'VITE_ZITE_RUNNER_URL') ?? ENVIRONMENTS[env] ?? ENVIRONMENTS.production;
+    const env = (0, env_js_1.getEnv)('ZITE_ENV', 'VITE_ZITE_ENV') ?? 'production';
+    return (0, env_js_1.getEnv)('ZITE_RUNNER_URL', 'VITE_ZITE_RUNNER_URL') ?? ENVIRONMENTS[env] ?? ENVIRONMENTS.production;
 }
 function getToken() {
-    return getEnv('ZITE_DB_TOKEN', 'VITE_ZITE_DB_TOKEN') ?? '';
+    return (0, env_js_1.getEnv)('ZITE_DB_TOKEN', 'VITE_ZITE_DB_TOKEN') ?? '';
 }
 async function wrapSdkCall(integrationId, className, methodName, params) {
     const res = await fetch(`${getRunnerUrl()}/sdk/execute`, {

package/dist/esm/auth/config.d.ts

@@ -0,0 +1,4 @@
+export declare function getFlowId(): string;
+export declare function getApiUrl(): string;
+export declare function getAuthPageUrl(): string;
+export declare function getDbToken(): string;

package/dist/esm/auth/config.js

@@ -0,0 +1,32 @@
+import { getEnv } from '../internal/env.js';
+const API_ENVIRONMENTS = {
+    production: 'https://api.fillout.com',
+    staging: 'https://api.filloutstaging.com',
+    local: 'http://localhost:2502',
+};
+const AUTH_PAGE_ENVIRONMENTS = {
+    production: 'https://zite.com/auth',
+    staging: 'https://zitestaging.com/auth',
+    local: 'http://localhost:3000/auth',
+};
+export function getFlowId() {
+    const id = getEnv('ZITE_FLOW_ID', 'VITE_ZITE_FLOW_ID') ?? '';
+    if (!id) {
+        const win = typeof window !== 'undefined' ? window : undefined;
+        const config = win?.__ziteConfig;
+        if (config?.id)
+            return config.id;
+    }
+    return id;
+}
+export function getApiUrl() {
+    const env = getEnv('ZITE_ENV', 'VITE_ZITE_ENV') ?? 'production';
+    return getEnv('ZITE_API_URL', 'VITE_ZITE_API_URL') ?? API_ENVIRONMENTS[env] ?? API_ENVIRONMENTS.production;
+}
+export function getAuthPageUrl() {
+    const env = getEnv('ZITE_ENV', 'VITE_ZITE_ENV') ?? 'production';
+    return getEnv('ZITE_AUTH_PAGE_URL', 'VITE_ZITE_AUTH_PAGE_URL') ?? AUTH_PAGE_ENVIRONMENTS[env] ?? AUTH_PAGE_ENVIRONMENTS.production;
+}
+export function getDbToken() {
+    return getEnv('ZITE_DB_TOKEN', 'VITE_ZITE_DB_TOKEN') ?? '';
+}

package/dist/esm/auth/constants.d.ts

@@ -0,0 +1,5 @@
+export declare const ZITE_APP_EDITOR_HOSTNAME_PREFIX = "zite-editor-";
+export declare const ZITE_APP_ACTION_HOSTNAME_PREFIX = "zite-action-";
+export declare const ZITE_SANDBOX_DOMAINS: readonly ["zite-dev-sandbox.com", "zite-dev-app.com", "zite-sandbox.com", "zite-app.com"];
+export declare const USAGE_TOKEN_QUERY_PARAM = "usageToken";
+export declare const AUTH_SDK_VERSION = "1.0.0";

package/dist/esm/auth/constants.js

@@ -0,0 +1,10 @@
+export const ZITE_APP_EDITOR_HOSTNAME_PREFIX = 'zite-editor-';
+export const ZITE_APP_ACTION_HOSTNAME_PREFIX = 'zite-action-';
+export const ZITE_SANDBOX_DOMAINS = [
+    'zite-dev-sandbox.com',
+    'zite-dev-app.com',
+    'zite-sandbox.com',
+    'zite-app.com',
+];
+export const USAGE_TOKEN_QUERY_PARAM = 'usageToken';
+export const AUTH_SDK_VERSION = '1.0.0';

package/dist/esm/auth/index.d.ts

@@ -1 +1,18 @@
-export {};
+export type User = {
+    id: string;
+    email: string;
+    firstName?: string;
+    lastName?: string;
+    [key: string]: unknown;
+};
+export declare function useAuth(): {
+    user: User | undefined;
+    isLoading: boolean;
+    loginWithRedirect: (opts?: {
+        redirectUrl?: string;
+        initialView?: 'login' | 'signup';
+    }) => void;
+    logout: (options?: {
+        returnTo?: string;
+    }) => void;
+};

package/dist/esm/auth/index.js

@@ -1 +1,278 @@
-export {};
+import { useCallback, useEffect, useRef } from 'react';
+import { useQuery, useQueryClient } from '@tanstack/react-query';
+import { getFlowId, getApiUrl, getAuthPageUrl, getDbToken } from './config.js';
+import { ZITE_APP_EDITOR_HOSTNAME_PREFIX, ZITE_APP_ACTION_HOSTNAME_PREFIX, ZITE_SANDBOX_DOMAINS, USAGE_TOKEN_QUERY_PARAM, AUTH_SDK_VERSION, } from './constants.js';
+const _isLocalEnv = typeof window !== 'undefined' &&
+    (window.location.hostname === 'localhost' ||
+        window.location.hostname === '127.0.0.1' ||
+        window.location.hostname.endsWith('.localhost') ||
+        localStorage.getItem('zite.debug.log') === 'true');
+const debugLog = (...args) => {
+    if (_isLocalEnv)
+        console.log(...args);
+};
+const debugWarn = (...args) => {
+    if (_isLocalEnv)
+        console.warn(...args);
+};
+debugLog('[zite/auth-sdk] v' + AUTH_SDK_VERSION + ' initialized', {
+    appPublicIdentifier: getFlowId(),
+});
+const isInternalMode = () => {
+    const win = window;
+    if (win._ziteIsInternalMode === undefined) {
+        const search = new URLSearchParams(window.location.search);
+        const isInternalModeParam = search.get('isInternalMode');
+        if (isInternalModeParam !== null) {
+            win._ziteIsInternalMode = isInternalModeParam === 'true';
+        }
+    }
+    const result = !!win._ziteIsInternalMode;
+    debugLog('[zite/auth-sdk] isInternalMode:', result);
+    return result;
+};
+const getZiteAppMode = (hostname) => {
+    const hostnameParts = hostname.split('.');
+    const maybeId = hostnameParts.length > 0 ? hostnameParts[0] : undefined;
+    if (maybeId?.startsWith(ZITE_APP_EDITOR_HOSTNAME_PREFIX))
+        return 'preview';
+    if (maybeId?.startsWith(ZITE_APP_ACTION_HOSTNAME_PREFIX))
+        return 'preview';
+    if (ZITE_SANDBOX_DOMAINS.some(d => hostname === d || hostname.endsWith('.' + d))) {
+        return 'preview';
+    }
+    return 'live';
+};
+async function getToken(code) {
+    const mode = getZiteAppMode(window.location.hostname);
+    const flowId = getFlowId();
+    const res = await fetch(getApiUrl() +
+        '/v1/zite/public/auth/' +
+        flowId +
+        '/token?mode=' +
+        mode, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ code }),
+    });
+    if (!res.ok) {
+        throw new Error('Failed to get token');
+    }
+    const { token } = await res.json();
+    return token;
+}
+class ZiteAuthenticationError extends Error {
+    status;
+    constructor(message, status) {
+        super(message);
+        this.name = 'ZiteAuthenticationError';
+        this.status = status;
+        Object.setPrototypeOf(this, ZiteAuthenticationError.prototype);
+    }
+}
+async function getCurrentUser() {
+    const token = localStorage.getItem('zite.auth.token');
+    if (!token)
+        return null;
+    const mode = getZiteAppMode(window.location.hostname);
+    const flowId = getFlowId();
+    const res = await fetch(getApiUrl() +
+        '/v1/zite/public/auth/' +
+        flowId +
+        '/me?mode=' +
+        mode, {
+        method: 'GET',
+        headers: { Authorization: 'Bearer ' + token },
+    });
+    if (res.status === 401) {
+        throw new ZiteAuthenticationError('Unauthorized', res.status);
+    }
+    if (!res.ok)
+        return null;
+    const { user } = await res.json();
+    return user;
+}
+async function getUser() {
+    const win = window;
+    debugLog('[zite/auth-sdk] getUser called', {
+        hasExistingToken: !!localStorage.getItem('zite.auth.token'),
+        hasUsageToken: !!win._ziteUsageToken,
+        windowIsInternalMode: !!win._ziteIsInternalMode,
+        hostname: window.location.hostname,
+    });
+    const isLocalDev = (window.location.hostname === 'localhost' ||
+        window.location.hostname === '127.0.0.1') &&
+        !win._ziteIsInternalMode &&
+        !win._ziteUsageToken &&
+        !localStorage.getItem('zite.auth.token');
+    if (isLocalDev) {
+        try {
+            const rawToken = getDbToken();
+            const jwt = rawToken?.startsWith('zitejwt_')
+                ? rawToken.slice(8)
+                : rawToken;
+            if (jwt) {
+                const payload = JSON.parse(atob(jwt.split('.')[1]));
+                if (payload.devUser) {
+                    debugLog('[zite/auth-sdk] local dev mode — user from dev JWT:', payload.devUser.email);
+                    return payload.devUser;
+                }
+            }
+        }
+        catch { }
+        debugLog('[zite/auth-sdk] local dev mode — returning fallback mock user');
+        return {
+            id: 'local-dev',
+            email: 'dev@localhost',
+            firstName: 'Local',
+            lastName: 'Developer',
+        };
+    }
+    const code = new URL(window.location.href).searchParams.get('code');
+    if (code) {
+        debugLog('[zite/auth-sdk] exchanging code from URL params for token');
+        const token = await getToken(code);
+        localStorage.setItem('zite.auth.token', token);
+        window.history.replaceState({}, '', window.location.pathname);
+    }
+    if (isInternalMode() && !localStorage.getItem('zite.auth.token')) {
+        const usageToken = win._ziteUsageToken;
+        debugLog('[zite/auth-sdk] internal mode, no token yet. usageToken present:', !!usageToken);
+        if (usageToken) {
+            try {
+                const mode = getZiteAppMode(window.location.hostname);
+                const flowId = getFlowId();
+                debugLog('[zite/auth-sdk] calling /usage-token endpoint', { mode });
+                const res = await fetch(getApiUrl() +
+                    '/v1/zite/public/auth/' +
+                    flowId +
+                    '/usage-token?mode=' +
+                    mode, {
+                    method: 'POST',
+                    headers: { 'Content-Type': 'application/json' },
+                    body: JSON.stringify({
+                        usageToken,
+                        redirectUrl: window.location.href,
+                    }),
+                });
+                debugLog('[zite/auth-sdk] /usage-token response status:', res.status);
+                if (res.ok) {
+                    const data = await res.json();
+                    if (data.token) {
+                        localStorage.setItem('zite.auth.token', data.token);
+                        debugLog('[zite/auth-sdk] token stored from usage-token response');
+                    }
+                    else if (data.redirectUrl) {
+                        const inlineCode = new URL(data.redirectUrl).searchParams.get('code');
+                        if (inlineCode) {
+                            const token = await getToken(inlineCode);
+                            localStorage.setItem('zite.auth.token', token);
+                            debugLog('[zite/auth-sdk] token stored from usage-token redirect fallback');
+                        }
+                    }
+                }
+                else {
+                    debugWarn('[zite/auth-sdk] /usage-token call failed with status:', res.status);
+                }
+            }
+            catch (err) {
+                debugWarn('[zite/auth-sdk] /usage-token exchange error:', err);
+            }
+        }
+    }
+    else if (isInternalMode()) {
+        debugLog('[zite/auth-sdk] internal mode, existing token found — skipping usage-token exchange');
+    }
+    try {
+        debugLog('[zite/auth-sdk] calling getCurrentUser');
+        const user = await getCurrentUser();
+        if (!user) {
+            debugLog('[zite/auth-sdk] getCurrentUser returned null, clearing token');
+            localStorage.removeItem('zite.auth.token');
+            return null;
+        }
+        debugLog('[zite/auth-sdk] getUser resolved with user:', user.id);
+        return user;
+    }
+    catch (err) {
+        debugWarn('[zite/auth-sdk] getCurrentUser error:', err);
+        if (err instanceof ZiteAuthenticationError) {
+            localStorage.removeItem('zite.auth.token');
+            debugLog('[zite/auth-sdk] cleared token due to auth error (status:', err.status, ')');
+        }
+        return null;
+    }
+}
+export function useAuth() {
+    const queryClient = useQueryClient();
+    const userQuery = useQuery({
+        queryKey: ['zite.auth.user'],
+        queryFn: getUser,
+        retry: 3,
+        staleTime: Infinity,
+        refetchOnWindowFocus: false,
+        refetchOnReconnect: false,
+        refetchOnMount: false,
+    });
+    const authErrorThrown = useRef(false);
+    useEffect(() => {
+        if (!userQuery.isPending &&
+            !userQuery.data &&
+            isInternalMode() &&
+            !authErrorThrown.current) {
+            authErrorThrown.current = true;
+            setTimeout(() => {
+                throw new ZiteAuthenticationError('Authentication failed in internal mode. The user could not be resolved after loading completed.', 401);
+            }, 0);
+        }
+    }, [userQuery.isPending, userQuery.data]);
+    useEffect(() => {
+        const handler = () => {
+            debugLog('[zite/auth-sdk] received zite:auth-sync event, invalidating user query');
+            queryClient.invalidateQueries({ queryKey: ['zite.auth.user'] });
+        };
+        window.addEventListener('zite:auth-sync', handler);
+        return () => window.removeEventListener('zite:auth-sync', handler);
+    }, [queryClient]);
+    const loginWithRedirect = useCallback((opts) => {
+        if (isInternalMode()) {
+            throw new Error('loginWithRedirect is not available in internal mode.');
+        }
+        const authUrl = getAuthPageUrl();
+        if (!authUrl) {
+            throw new Error('loginWithRedirect: AUTH_URL could not be resolved.');
+        }
+        const url = new URL(authUrl);
+        url.searchParams.set('flowPublicIdentifier', getFlowId());
+        if (opts?.redirectUrl)
+            url.searchParams.set('redirectUrl', opts.redirectUrl);
+        if (opts?.initialView === 'signup')
+            url.searchParams.set('mode', 'signup');
+        const win = window;
+        if (win._ziteUsageToken) {
+            url.searchParams.set(USAGE_TOKEN_QUERY_PARAM, win._ziteUsageToken);
+        }
+        window.location.href = url.toString();
+    }, []);
+    const logout = useCallback((options) => {
+        if (isInternalMode()) {
+            throw new Error('logout is not available in internal mode.');
+        }
+        localStorage.removeItem('zite.auth.token');
+        queryClient.setQueryData(['zite.auth.user'], null);
+        queryClient.removeQueries({ queryKey: ['zite.auth.user'] });
+        if (window.top !== window.self) {
+            debugLog('[zite/auth-sdk] sending auth.logout to parent');
+            window.parent.postMessage({ type: 'auth.logout', data: {} }, '*');
+        }
+        if (options?.returnTo) {
+            window.location.href = options.returnTo;
+        }
+    }, [queryClient]);
+    return {
+        user: userQuery.data ?? undefined,
+        isLoading: userQuery.isPending,
+        loginWithRedirect,
+        logout,
+    };
+}

package/dist/esm/caller/index.js

@@ -1,19 +1,9 @@
+import { getEnv } from '../internal/env.js';
 const ENVIRONMENTS = {
     production: 'https://workflows.zite.com',
     staging: 'https://workflows.zitestaging.com',
     local: 'http://localhost:2506',
 };
-function getEnv(key, viteKey) {
-    if (typeof process !== 'undefined' && process.env?.[key])
-        return process.env[key];
-    try {
-        // @ts-ignore — import.meta.env is Vite-specific
-        if (viteKey && typeof import.meta !== 'undefined' && import.meta.env?.[viteKey])
-            return import.meta.env[viteKey];
-    }
-    catch { }
-    return undefined;
-}
 function getRunnerUrl() {
     const env = getEnv('ZITE_ENV', 'VITE_ZITE_ENV') ?? 'production';
     return getEnv('ZITE_RUNNER_URL', 'VITE_ZITE_RUNNER_URL') ?? ENVIRONMENTS[env] ?? ENVIRONMENTS.production;

package/dist/esm/internal/env.d.ts

@@ -0,0 +1 @@
+export declare function getEnv(key: string, viteKey?: string): string | undefined;

package/dist/esm/internal/env.js

@@ -0,0 +1,11 @@
+export function getEnv(key, viteKey) {
+    if (typeof process !== 'undefined' && process.env?.[key])
+        return process.env[key];
+    try {
+        // @ts-ignore — import.meta.env is Vite-specific
+        if (viteKey && typeof import.meta !== 'undefined' && import.meta.env?.[viteKey])
+            return import.meta.env[viteKey];
+    }
+    catch { }
+    return undefined;
+}

package/dist/esm/runtime/index.js

@@ -1,19 +1,9 @@
+import { getEnv } from '../internal/env.js';
 const ENVIRONMENTS = {
     production: 'https://workflows.zite.com',
     staging: 'https://workflows.zitestaging.com',
     local: 'http://localhost:2506',
 };
-function getEnv(key, viteKey) {
-    if (typeof process !== 'undefined' && process.env?.[key])
-        return process.env[key];
-    try {
-        // @ts-ignore — import.meta.env is Vite-specific
-        if (viteKey && typeof import.meta !== 'undefined' && import.meta.env?.[viteKey])
-            return import.meta.env[viteKey];
-    }
-    catch { }
-    return undefined;
-}
 function getRunnerUrl() {
     const env = getEnv('ZITE_ENV', 'VITE_ZITE_ENV') ?? 'production';
     return getEnv('ZITE_RUNNER_URL', 'VITE_ZITE_RUNNER_URL') ?? ENVIRONMENTS[env] ?? ENVIRONMENTS.production;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "zitejs",
-  "version": "0.9.8",
+  "version": "0.9.9",
   "description": "The Zite framework — build apps on Zite Database",
   "type": "module",
   "main": "./dist/cjs/runtime/index.js",
@@ -27,6 +27,11 @@
       "import": "./dist/esm/runtime/index.js",
       "require": "./dist/cjs/runtime/index.js"
     },
+    "./auth": {
+      "types": "./dist/esm/auth/index.d.ts",
+      "import": "./dist/esm/auth/index.js",
+      "require": "./dist/cjs/auth/index.js"
+    },
     "./backend": {
       "types": "./dist/esm/backend/index.d.ts",
       "import": "./dist/esm/backend/index.js",
@@ -64,14 +69,19 @@
     "dist"
   ],
   "peerDependencies": {
+    "@tanstack/react-query": ">=5",
     "react": ">=18"
   },
   "peerDependenciesMeta": {
     "react": {
       "optional": true
+    },
+    "@tanstack/react-query": {
+      "optional": true
     }
   },
   "devDependencies": {
+    "@tanstack/react-query": "^5.100.14",
     "@types/node": "^25.9.1",
     "@types/react": "^19.0.0",
     "react": "^19.0.0",