feat: Node.js SDK update for version 26.1.0

[ChiragAgg5k]

This PR contains updates to the Node.js SDK for version 26.1.0.

What's Changed

• Added: createSesProvider and updateSesProvider to messaging
• Added: updateOAuth2Server to project for OAuth2 server settings
• Added: updatePasswordStrengthPolicy and PolicyPasswordStrength to project
• Added: getAuditsDB health check to health
• Added: password-strength to ProjectPolicyId
• Added: apps.read and apps.write to ProjectKeyScopes

[greptile-apps]

Greptile Summary

This PR bumps the Node.js SDK to version 26.1.0, adding new service methods and a broad architectural change that moves the X-Appwrite-Project header from a globally-set client header to a per-request header injected by every service method.

• New APIs: createSesProvider / updateSesProvider in messaging, updateOAuth2Server and updatePasswordStrengthPolicy in project, getAuditsDB in health, new PolicyPasswordStrength model, apps.read/apps.write scopes, and password-strength policy ID.
• Header refactor: setProject() no longer writes to this.headers; instead, every service call reads this.client.config.project at invocation time and sets X-Appwrite-Project directly in its per-call headers. This appears comprehensively applied across all ~30 changed service files.

Confidence Score: 4/5

Safe to merge for standard SDK consumers; the header refactor is consistently applied across all service files and the new methods follow established patterns.

The header architecture change is intentional and consistently implemented across every touched service file. The two noted issues are minor: a test fixture uses the wrong $id value for the new password-strength policy (doesn't affect runtime behavior), and getHeaders() now silently omits the project header while all other header-setters still populate this.headers, creating an inconsistency that could trip up advanced consumers forwarding headers manually.

src/client.ts for the setProject/getHeaders inconsistency, and test/services/project.test.js for the incorrect $id in the updatePasswordStrengthPolicy fixture.

Important Files Changed

Filename	Overview
src/client.ts	Moves X-Appwrite-Project from a global per-client header (set by setProject) to a per-request header injected by every service call; also adds the header to ping(). getHeaders() now returns an incomplete header set because setProject no longer writes to this.headers, inconsistent with all other setters.
src/services/messaging.ts	Adds createSesProvider and updateSesProvider for Amazon SES email provider support; both methods follow the existing dual-signature (object/positional) pattern and include X-Appwrite-Project per the new per-request approach.
src/services/project.ts	Adds updateOAuth2Server and updatePasswordStrengthPolicy methods; all existing and new methods updated to include X-Appwrite-Project per-request; OAuth2 provider doc examples updated with realistic-format placeholder secrets.
src/services/health.ts	Adds getAuditsDB endpoint at /health/audits-db returning HealthStatusList; correctly includes X-Appwrite-Project header.
src/models.ts	Adds PolicyPasswordStrength type; updates Project model to move region earlier and add OAuth2 server fields; adds PolicyPasswordStrength to the policies union type in ProjectSettings.
test/services/project.test.js	Adds tests for updateOAuth2Server and updatePasswordStrengthPolicy; updates all Project model fixtures with new OAuth2 server fields; updatePasswordStrengthPolicy fixture uses $id: 'password-dictionary' instead of 'password-strength'.
test/services/messaging.test.js	Adds tests for createSesProvider and updateSesProvider; follows the existing test pattern correctly.
test/services/health.test.js	Adds test for getAuditsDB returning a HealthStatusList fixture; follows existing test pattern.

Comments Outside Diff (1)

1. test/services/project.test.js, line 7213-7218 (link)

   Test fixture has wrong $id for updatePasswordStrengthPolicy

   The mock response data for the updatePasswordStrengthPolicy test uses $id: 'password-dictionary', which is the ID for the dictionary policy type. For a PolicyPasswordStrength response, the $id should be 'password-strength'. Because the test uses a mocked fetch and only checks deep equality against its own fixture, the incorrect $id doesn't cause a test failure — but it leaves the test misleading and inconsistent with the actual API contract.

   Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

_{Reviews (1): Last reviewed commit: "chore: update Node.js SDK to 26.1.0" | Re-trigger Greptile}

[greptile-apps]

getHeaders() no longer includes X-Appwrite-Project

setKey(), setJWT(), setLocale(), and several other setters still write to this.headers, so getHeaders() continues to return those values. setProject() now only writes to this.config.project, so getHeaders() will silently omit the project header. Any consumer that calls client.getHeaders() to build a downstream request (e.g., forwarding headers or diagnostic logging) will receive an incomplete set and may produce requests that are rejected by the server for missing the project context. The asymmetry with the other setter methods makes this easy to miss.