@actuate-media/cms-core 0.10.4 → 0.11.0

package/dist/__tests__/api/admin-contracts.test.js

@@ -79,6 +79,7 @@ function createMockDB() {
                 },
             ],
             count: async () => 1,
+            groupBy: async () => [{ formId: 'form-1', _count: { _all: 1 } }],
         },
         redirect: {
             findMany: async () => [

package/dist/__tests__/api/admin-contracts.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"admin-contracts.test.js","sourceRoot":"","sources":["../../../src/__tests__/api/admin-contracts.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAE1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAErC,MAAM,MAAM,GAAG,4CAA4C,CAAC;AAE5D,KAAK,UAAU,WAAW;IACxB,MAAM,KAAK,GAAG,MAAM,aAAa,CAC/B,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,EAC5D,EAAE,MAAM,EAAE,MAAM,EAAE,CACnB,CAAC;IACF,OAAO,EAAE,MAAM,EAAE,mBAAmB,KAAK,EAAE,EAAE,CAAC;AAChD,CAAC;AAED,SAAS,YAAY;IACnB,OAAO;QACL,OAAO,EAAE;YACP,UAAU,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;SAC9C;QACD,IAAI,EAAE,EAAE;QACR,KAAK,EAAE;YACL,QAAQ,EAAE,KAAK,IAAI,EAAE,CAAC;gBACpB;oBACE,EAAE,EAAE,SAAS;oBACb,QAAQ,EAAE,UAAU;oBACpB,QAAQ,EAAE,YAAY;oBACtB,QAAQ,EAAE,IAAI;oBACd,UAAU,EAAE,kBAAkB;oBAC9B,OAAO,EAAE,YAAY;oBACrB,KAAK,EAAE,MAAM;oBACb,KAAK,EAAE,IAAI;oBACX,MAAM,EAAE,GAAG;oBACX,SAAS,EAAE,IAAI,IAAI,CAAC,0BAA0B,CAAC;oBAC/C,SAAS,EAAE,IAAI,IAAI,CAAC,0BAA0B,CAAC;iBAChD;aACF;YACD,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;SACrB;QACD,QAAQ,EAAE;YACR,QAAQ,EAAE,KAAK,EAAE,IAA4D,EAAE,EAAE;gBAC/E,IAAI,IAAI,EAAE,KAAK,EAAE,UAAU,KAAK,OAAO,EAAE,CAAC;oBACxC,OAAO;wBACL;4BACE,EAAE,EAAE,QAAQ;4BACZ,KAAK,EAAE,cAAc;4BACrB,IAAI,EAAE;gCACJ,IAAI,EAAE,cAAc;gCACpB,WAAW,EAAE,YAAY;gCACzB,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;6BACjD;4BACD,SAAS,EAAE,IAAI,IAAI,CAAC,0BAA0B,CAAC;4BAC/C,SAAS,EAAE,IAAI,IAAI,CAAC,0BAA0B,CAAC;yBAChD;qBACF,CAAC;gBACJ,CAAC;gBAED,OAAO;oBACL;wBACE,EAAE,EAAE,QAAQ;wBACZ,UAAU,EAAE,OAAO;wBACnB,KAAK,EAAE,MAAM;wBACb,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE;4BACJ,KAAK,EAAE,MAAM;4BACb,IAAI,EAAE,MAAM;4BACZ,SAAS,EAAE,WAAW;4BACtB,eAAe,EAAE,kBAAkB;4BACnC,SAAS,EAAE,sBAAsB;4BACjC,UAAU,EAAE,SAAS;yBACtB;wBACD,cAAc,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,YAAY,CAAC,EAAE;wBACrD,SAAS,EAAE,IAAI,IAAI,CAAC,0BAA0B,CAAC;qBAChD;iBACF,CAAC;YACJ,CAAC;SACF;QACD,cAAc,EAAE;YACd,QAAQ,EAAE,KAAK,IAAI,EAAE,CAAC;gBACpB;oBACE,EAAE,EAAE,cAAc;oBAClB,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,OAAO,EAAE;oBACjE,WAAW,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE;oBAChD,MAAM,EAAE,KAAK;oBACb,WAAW,EAAE,IAAI,IAAI,CAAC,0BAA0B,CAAC;iBAClD;aACF;YACD,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;SACrB;QACD,QAAQ,EAAE;YACR,QAAQ,EAAE,KAAK,IAAI,EAAE,CAAC;gBACpB;oBACE,EAAE,EAAE,YAAY;oBAChB,MAAM,EAAE,MAAM;oBACd,WAAW,EAAE,MAAM;oBACnB,UAAU,EAAE,GAAG;oBACf,SAAS,EAAE,IAAI,IAAI,CAAC,0BAA0B,CAAC;oBAC/C,SAAS,EAAE,IAAI,IAAI,CAAC,0BAA0B,CAAC;iBAChD;aACF;SACF;KACF,CAAC;AACJ,CAAC;AAED,QAAQ,CAAC,8BAA8B,EAAE,GAAG,EAAE;IAC5C,UAAU,CAAC,GAAG,EAAE;QACd,OAAO,CAAC,GAAG,CAAC,UAAU,GAAG,MAAM,CAAC;QAChC,MAAM,EAAE,GAAG,YAAY,EAAE,CAAC;QAC1B,MAAM,CAAC,EAAE,CAAC,CAAC;IACb,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gEAAgE,EAAE,KAAK,IAAI,EAAE;QAC9E,MAAM,OAAO,GAAG,gBAAgB,CAAC,EAAE,YAAY,EAAE,YAAY,EAAE,EAAE,CAAC,CAAC;QACnE,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,OAAO,CAAC,mCAAmC,EAAE;YAC9E,OAAO,EAAE,MAAM,WAAW,EAAE;SAC7B,CAAC,CAAC,CAAC;QAEJ,MAAM,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC;YACnD,IAAI,EAAE;gBACJ,IAAI,EAAE;oBACJ;wBACE,EAAE,EAAE,SAAS;wBACb,IAAI,EAAE,UAAU;wBAChB,IAAI,EAAE,YAAY;wBAClB,IAAI,EAAE,QAAQ;wBACd,SAAS,EAAE,IAAI;wBACf,GAAG,EAAE,EAAE;wBACP,MAAM,EAAE,YAAY;wBACpB,KAAK,EAAE,MAAM;wBACb,UAAU,EAAE,UAAU;qBACvB;iBACF;gBACD,KAAK,EAAE,CAAC;aACT;SACF,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uEAAuE,EAAE,KAAK,IAAI,EAAE;QACrF,MAAM,OAAO,GAAG,gBAAgB,CAAC,EAAE,YAAY,EAAE,YAAY,EAAE,EAAE,CAAC,CAAC;QACnE,MAAM,OAAO,GAAG,MAAM,WAAW,EAAE,CAAC;QAEpC,MAAM,CAAC,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,QAAQ,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YAClE,OAAO,CAAC,IAAI,OAAO,CAAC,mCAAmC,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;YACtE,OAAO,CAAC,IAAI,OAAO,CAAC,sDAAsD,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;YACzF,OAAO,CAAC,IAAI,OAAO,CAAC,uCAAuC,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;YAC1E,OAAO,CAAC,IAAI,OAAO,CAAC,uCAAuC,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;SAC3E,CAAC,CAAC;QAEH,MAAM,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC;YAChD,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,EAAE,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC;SAC1E,CAAC,CAAC;QACH,MAAM,MAAM,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC;YACtD,IAAI,EAAE;gBACJ,WAAW,EAAE;oBACX;wBACE,EAAE,EAAE,cAAc;wBAClB,IAAI,EAAE,KAAK;wBACX,KAAK,EAAE,iBAAiB;wBACxB,OAAO,EAAE,OAAO;wBAChB,MAAM,EAAE,KAAK;wBACb,WAAW,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE;qBACjD;iBACF;gBACD,KAAK,EAAE,CAAC;aACT;SACF,CAAC,CAAC;QACH,MAAM,MAAM,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC;YACpD,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;SACpE,CAAC,CAAC;QACH,MAAM,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC;YACnD,IAAI,EAAE;gBACJ;oBACE,EAAE,EAAE,QAAQ;oBACZ,GAAG,EAAE,GAAG;oBACR,KAAK,EAAE,MAAM;oBACb,KAAK,EAAE,EAAE;oBACT,MAAM,EAAE,CAAC;oBACT,SAAS,EAAE,WAAW;oBACtB,eAAe,EAAE,kBAAkB;iBACpC;aACF;SACF,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"admin-contracts.test.js","sourceRoot":"","sources":["../../../src/__tests__/api/admin-contracts.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAE1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAErC,MAAM,MAAM,GAAG,4CAA4C,CAAC;AAE5D,KAAK,UAAU,WAAW;IACxB,MAAM,KAAK,GAAG,MAAM,aAAa,CAC/B,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,EAC5D,EAAE,MAAM,EAAE,MAAM,EAAE,CACnB,CAAC;IACF,OAAO,EAAE,MAAM,EAAE,mBAAmB,KAAK,EAAE,EAAE,CAAC;AAChD,CAAC;AAED,SAAS,YAAY;IACnB,OAAO;QACL,OAAO,EAAE;YACP,UAAU,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;SAC9C;QACD,IAAI,EAAE,EAAE;QACR,KAAK,EAAE;YACL,QAAQ,EAAE,KAAK,IAAI,EAAE,CAAC;gBACpB;oBACE,EAAE,EAAE,SAAS;oBACb,QAAQ,EAAE,UAAU;oBACpB,QAAQ,EAAE,YAAY;oBACtB,QAAQ,EAAE,IAAI;oBACd,UAAU,EAAE,kBAAkB;oBAC9B,OAAO,EAAE,YAAY;oBACrB,KAAK,EAAE,MAAM;oBACb,KAAK,EAAE,IAAI;oBACX,MAAM,EAAE,GAAG;oBACX,SAAS,EAAE,IAAI,IAAI,CAAC,0BAA0B,CAAC;oBAC/C,SAAS,EAAE,IAAI,IAAI,CAAC,0BAA0B,CAAC;iBAChD;aACF;YACD,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;SACrB;QACD,QAAQ,EAAE;YACR,QAAQ,EAAE,KAAK,EAAE,IAA4D,EAAE,EAAE;gBAC/E,IAAI,IAAI,EAAE,KAAK,EAAE,UAAU,KAAK,OAAO,EAAE,CAAC;oBACxC,OAAO;wBACL;4BACE,EAAE,EAAE,QAAQ;4BACZ,KAAK,EAAE,cAAc;4BACrB,IAAI,EAAE;gCACJ,IAAI,EAAE,cAAc;gCACpB,WAAW,EAAE,YAAY;gCACzB,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;6BACjD;4BACD,SAAS,EAAE,IAAI,IAAI,CAAC,0BAA0B,CAAC;4BAC/C,SAAS,EAAE,IAAI,IAAI,CAAC,0BAA0B,CAAC;yBAChD;qBACF,CAAC;gBACJ,CAAC;gBAED,OAAO;oBACL;wBACE,EAAE,EAAE,QAAQ;wBACZ,UAAU,EAAE,OAAO;wBACnB,KAAK,EAAE,MAAM;wBACb,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE;4BACJ,KAAK,EAAE,MAAM;4BACb,IAAI,EAAE,MAAM;4BACZ,SAAS,EAAE,WAAW;4BACtB,eAAe,EAAE,kBAAkB;4BACnC,SAAS,EAAE,sBAAsB;4BACjC,UAAU,EAAE,SAAS;yBACtB;wBACD,cAAc,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,YAAY,CAAC,EAAE;wBACrD,SAAS,EAAE,IAAI,IAAI,CAAC,0BAA0B,CAAC;qBAChD;iBACF,CAAC;YACJ,CAAC;SACF;QACD,cAAc,EAAE;YACd,QAAQ,EAAE,KAAK,IAAI,EAAE,CAAC;gBACpB;oBACE,EAAE,EAAE,cAAc;oBAClB,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,OAAO,EAAE;oBACjE,WAAW,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE;oBAChD,MAAM,EAAE,KAAK;oBACb,WAAW,EAAE,IAAI,IAAI,CAAC,0BAA0B,CAAC;iBAClD;aACF;YACD,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;YACpB,OAAO,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC;SACjE;QACD,QAAQ,EAAE;YACR,QAAQ,EAAE,KAAK,IAAI,EAAE,CAAC;gBACpB;oBACE,EAAE,EAAE,YAAY;oBAChB,MAAM,EAAE,MAAM;oBACd,WAAW,EAAE,MAAM;oBACnB,UAAU,EAAE,GAAG;oBACf,SAAS,EAAE,IAAI,IAAI,CAAC,0BAA0B,CAAC;oBAC/C,SAAS,EAAE,IAAI,IAAI,CAAC,0BAA0B,CAAC;iBAChD;aACF;SACF;KACF,CAAC;AACJ,CAAC;AAED,QAAQ,CAAC,8BAA8B,EAAE,GAAG,EAAE;IAC5C,UAAU,CAAC,GAAG,EAAE;QACd,OAAO,CAAC,GAAG,CAAC,UAAU,GAAG,MAAM,CAAC;QAChC,MAAM,EAAE,GAAG,YAAY,EAAE,CAAC;QAC1B,MAAM,CAAC,EAAE,CAAC,CAAC;IACb,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gEAAgE,EAAE,KAAK,IAAI,EAAE;QAC9E,MAAM,OAAO,GAAG,gBAAgB,CAAC,EAAE,YAAY,EAAE,YAAY,EAAE,EAAE,CAAC,CAAC;QACnE,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,OAAO,CAAC,mCAAmC,EAAE;YAC9E,OAAO,EAAE,MAAM,WAAW,EAAE;SAC7B,CAAC,CAAC,CAAC;QAEJ,MAAM,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC;YACnD,IAAI,EAAE;gBACJ,IAAI,EAAE;oBACJ;wBACE,EAAE,EAAE,SAAS;wBACb,IAAI,EAAE,UAAU;wBAChB,IAAI,EAAE,YAAY;wBAClB,IAAI,EAAE,QAAQ;wBACd,SAAS,EAAE,IAAI;wBACf,GAAG,EAAE,EAAE;wBACP,MAAM,EAAE,YAAY;wBACpB,KAAK,EAAE,MAAM;wBACb,UAAU,EAAE,UAAU;qBACvB;iBACF;gBACD,KAAK,EAAE,CAAC;aACT;SACF,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uEAAuE,EAAE,KAAK,IAAI,EAAE;QACrF,MAAM,OAAO,GAAG,gBAAgB,CAAC,EAAE,YAAY,EAAE,YAAY,EAAE,EAAE,CAAC,CAAC;QACnE,MAAM,OAAO,GAAG,MAAM,WAAW,EAAE,CAAC;QAEpC,MAAM,CAAC,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,QAAQ,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YAClE,OAAO,CAAC,IAAI,OAAO,CAAC,mCAAmC,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;YACtE,OAAO,CAAC,IAAI,OAAO,CAAC,sDAAsD,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;YACzF,OAAO,CAAC,IAAI,OAAO,CAAC,uCAAuC,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;YAC1E,OAAO,CAAC,IAAI,OAAO,CAAC,uCAAuC,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;SAC3E,CAAC,CAAC;QAEH,MAAM,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC;YAChD,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,EAAE,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC;SAC1E,CAAC,CAAC;QACH,MAAM,MAAM,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC;YACtD,IAAI,EAAE;gBACJ,WAAW,EAAE;oBACX;wBACE,EAAE,EAAE,cAAc;wBAClB,IAAI,EAAE,KAAK;wBACX,KAAK,EAAE,iBAAiB;wBACxB,OAAO,EAAE,OAAO;wBAChB,MAAM,EAAE,KAAK;wBACb,WAAW,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE;qBACjD;iBACF;gBACD,KAAK,EAAE,CAAC;aACT;SACF,CAAC,CAAC;QACH,MAAM,MAAM,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC;YACpD,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;SACpE,CAAC,CAAC;QACH,MAAM,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC;YACnD,IAAI,EAAE;gBACJ;oBACE,EAAE,EAAE,QAAQ;oBACZ,GAAG,EAAE,GAAG;oBACR,KAAK,EAAE,MAAM;oBACb,KAAK,EAAE,EAAE;oBACT,MAAM,EAAE,CAAC;oBACT,SAAS,EAAE,WAAW;oBACtB,eAAe,EAAE,kBAAkB;iBACpC;aACF;SACF,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/api/public-globals.test.js

@@ -61,10 +61,13 @@ describe('public globals API', () => {
         const response = await handler(new Request('https://example.com/api/cms/public/globals/site-settings'));
         expect(response.status).toBe(403);
     });
-    it('denies declared globals that do not explicitly allow public reads', async () => {
-        initDB(createMockDB({ siteName: 'Implicitly Private' }));
+    it('returns declared globals as public when access.read is omitted', async () => {
+        // Globals served from `/public/globals/:slug` are public site data by
+        // definition. When no access policy is provided, the route should grant
+        // read access — gating requires an explicit `access.read` returning false.
+        initDB(createMockDB({ siteName: 'Implicit Public' }));
         const handler = handleActuateAPI({
-            prismaClient: createMockDB({ siteName: 'Implicitly Private' }),
+            prismaClient: createMockDB({ siteName: 'Implicit Public' }),
             config: {
                 collections: {},
                 globals: {
@@ -77,7 +80,8 @@ describe('public globals API', () => {
             },
         });
         const response = await handler(new Request('https://example.com/api/cms/public/globals/site-settings'));
-        expect(response.status).toBe(403);
+        expect(response.status).toBe(200);
+        await expect(response.json()).resolves.toEqual({ data: { siteName: 'Implicit Public' } });
     });
     it('does not expose documents for undeclared globals', async () => {
         initDB(createMockDB({ siteName: 'Hidden' }));

package/dist/__tests__/api/public-globals.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"public-globals.test.js","sourceRoot":"","sources":["../../../src/__tests__/api/public-globals.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAE1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAErC,SAAS,YAAY,CAAC,IAAoC;IACxD,OAAO;QACL,QAAQ,EAAE;YACR,SAAS,EAAE,KAAK,IAAI,EAAE,CAAC,IAAI;gBACzB,CAAC,CAAC;oBACE,EAAE,EAAE,UAAU;oBACd,UAAU,EAAE,eAAe;oBAC3B,IAAI;oBACJ,SAAS,EAAE,IAAI;iBAChB;gBACH,CAAC,CAAC,IAAI;SACT;QACD,IAAI,EAAE,EAAE;QACR,OAAO,EAAE,EAAE;QACX,KAAK,EAAE,EAAE;KACV,CAAC;AACJ,CAAC;AAED,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IAClC,UAAU,CAAC,GAAG,EAAE;QACd,OAAQ,UAAkB,CAAC,eAAe,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;QAC9D,MAAM,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;QAC9C,MAAM,OAAO,GAAG,gBAAgB,CAAC;YAC/B,YAAY,EAAE,YAAY,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;YACnD,MAAM,EAAE;gBACN,WAAW,EAAE,EAAE;gBACf,OAAO,EAAE;oBACP,eAAe,EAAE;wBACf,IAAI,EAAE,eAAe;wBACrB,KAAK,EAAE,eAAe;wBACtB,MAAM,EAAE,EAAE;wBACV,MAAM,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE;qBAC7B;iBACF;aACF;SACF,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,OAAO,CAAC,0DAA0D,CAAC,CAAC,CAAC;QAExG,MAAM,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;QAClF,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2DAA2D,EAAE,KAAK,IAAI,EAAE;QACzE,MAAM,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;QAC9C,MAAM,OAAO,GAAG,gBAAgB,CAAC;YAC/B,YAAY,EAAE,YAAY,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;YACnD,MAAM,EAAE;gBACN,WAAW,EAAE,EAAE;gBACf,OAAO,EAAE;oBACP,eAAe,EAAE;wBACf,IAAI,EAAE,eAAe;wBACrB,KAAK,EAAE,eAAe;wBACtB,MAAM,EAAE,EAAE;wBACV,MAAM,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,KAAK,EAAE;qBAC9B;iBACF;aACF;SACF,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,OAAO,CAAC,0DAA0D,CAAC,CAAC,CAAC;QAExG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mEAAmE,EAAE,KAAK,IAAI,EAAE;QACjF,MAAM,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,oBAAoB,EAAE,CAAC,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,gBAAgB,CAAC;YAC/B,YAAY,EAAE,YAAY,CAAC,EAAE,QAAQ,EAAE,oBAAoB,EAAE,CAAC;YAC9D,MAAM,EAAE;gBACN,WAAW,EAAE,EAAE;gBACf,OAAO,EAAE;oBACP,eAAe,EAAE;wBACf,IAAI,EAAE,eAAe;wBACrB,KAAK,EAAE,eAAe;wBACtB,MAAM,EAAE,EAAE;qBACX;iBACF;aACF;SACF,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,OAAO,CAAC,0DAA0D,CAAC,CAAC,CAAC;QAExG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,KAAK,IAAI,EAAE;QAChE,MAAM,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;QAC7C,MAAM,OAAO,GAAG,gBAAgB,CAAC;YAC/B,YAAY,EAAE,YAAY,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;YAClD,MAAM,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;SACzC,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,OAAO,CAAC,0DAA0D,CAAC,CAAC,CAAC;QAExG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"public-globals.test.js","sourceRoot":"","sources":["../../../src/__tests__/api/public-globals.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAE1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAErC,SAAS,YAAY,CAAC,IAAoC;IACxD,OAAO;QACL,QAAQ,EAAE;YACR,SAAS,EAAE,KAAK,IAAI,EAAE,CAAC,IAAI;gBACzB,CAAC,CAAC;oBACE,EAAE,EAAE,UAAU;oBACd,UAAU,EAAE,eAAe;oBAC3B,IAAI;oBACJ,SAAS,EAAE,IAAI;iBAChB;gBACH,CAAC,CAAC,IAAI;SACT;QACD,IAAI,EAAE,EAAE;QACR,OAAO,EAAE,EAAE;QACX,KAAK,EAAE,EAAE;KACV,CAAC;AACJ,CAAC;AAED,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IAClC,UAAU,CAAC,GAAG,EAAE;QACd,OAAQ,UAAkB,CAAC,eAAe,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;QAC9D,MAAM,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;QAC9C,MAAM,OAAO,GAAG,gBAAgB,CAAC;YAC/B,YAAY,EAAE,YAAY,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;YACnD,MAAM,EAAE;gBACN,WAAW,EAAE,EAAE;gBACf,OAAO,EAAE;oBACP,eAAe,EAAE;wBACf,IAAI,EAAE,eAAe;wBACrB,KAAK,EAAE,eAAe;wBACtB,MAAM,EAAE,EAAE;wBACV,MAAM,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE;qBAC7B;iBACF;aACF;SACF,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,OAAO,CAAC,0DAA0D,CAAC,CAAC,CAAC;QAExG,MAAM,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;QAClF,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2DAA2D,EAAE,KAAK,IAAI,EAAE;QACzE,MAAM,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;QAC9C,MAAM,OAAO,GAAG,gBAAgB,CAAC;YAC/B,YAAY,EAAE,YAAY,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;YACnD,MAAM,EAAE;gBACN,WAAW,EAAE,EAAE;gBACf,OAAO,EAAE;oBACP,eAAe,EAAE;wBACf,IAAI,EAAE,eAAe;wBACrB,KAAK,EAAE,eAAe;wBACtB,MAAM,EAAE,EAAE;wBACV,MAAM,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,KAAK,EAAE;qBAC9B;iBACF;aACF;SACF,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,OAAO,CAAC,0DAA0D,CAAC,CAAC,CAAC;QAExG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gEAAgE,EAAE,KAAK,IAAI,EAAE;QAC9E,sEAAsE;QACtE,wEAAwE;QACxE,2EAA2E;QAC3E,MAAM,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,iBAAiB,EAAE,CAAC,CAAC,CAAC;QACtD,MAAM,OAAO,GAAG,gBAAgB,CAAC;YAC/B,YAAY,EAAE,YAAY,CAAC,EAAE,QAAQ,EAAE,iBAAiB,EAAE,CAAC;YAC3D,MAAM,EAAE;gBACN,WAAW,EAAE,EAAE;gBACf,OAAO,EAAE;oBACP,eAAe,EAAE;wBACf,IAAI,EAAE,eAAe;wBACrB,KAAK,EAAE,eAAe;wBACtB,MAAM,EAAE,EAAE;qBACX;iBACF;aACF;SACF,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,OAAO,CAAC,0DAA0D,CAAC,CAAC,CAAC;QAExG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClC,MAAM,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,EAAE,QAAQ,EAAE,iBAAiB,EAAE,EAAE,CAAC,CAAC;IAC5F,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,KAAK,IAAI,EAAE;QAChE,MAAM,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;QAC7C,MAAM,OAAO,GAAG,gBAAgB,CAAC;YAC/B,YAAY,EAAE,YAAY,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;YAClD,MAAM,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;SACzC,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,OAAO,CAAC,0DAA0D,CAAC,CAAC,CAAC;QAExG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/security/audit.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=audit.test.d.ts.map

package/dist/__tests__/security/audit.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/security/audit.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/security/audit.test.js

@@ -0,0 +1,50 @@
+import { describe, expect, it } from 'vitest';
+import { initDB } from '../../db.js';
+import { logEvent, getAuditLog } from '../../security/audit.js';
+function createMockDB() {
+    const records = [];
+    return {
+        auditLog: {
+            create: async ({ data }) => {
+                const row = { ...data, id: `log-${records.length + 1}`, timestamp: new Date() };
+                records.push(row);
+                return row;
+            },
+            findMany: async ({ where, orderBy, skip, take }) => {
+                let filtered = records;
+                if (where?.event)
+                    filtered = filtered.filter((r) => r.event === where.event);
+                if (orderBy?.timestamp === 'desc') {
+                    filtered = [...filtered].sort((a, b) => b.timestamp.getTime() - a.timestamp.getTime());
+                }
+                return filtered.slice(skip ?? 0, (skip ?? 0) + (take ?? filtered.length));
+            },
+            count: async ({ where }) => {
+                if (!where?.event)
+                    return records.length;
+                return records.filter((r) => r.event === where.event).length;
+            },
+        },
+    };
+}
+describe('audit log', () => {
+    it('logEvent stores an entry and getAuditLog reads it back', async () => {
+        const db = createMockDB();
+        initDB(db);
+        await logEvent({ event: 'login_success', userId: 'u1', ipAddress: '203.0.113.5' });
+        const result = await getAuditLog({ event: 'login_success' });
+        expect(result.total).toBe(1);
+        expect(result.entries[0]).toMatchObject({ event: 'login_success', userId: 'u1' });
+    });
+    it('getAuditLog orders by timestamp (regression: previously used non-existent createdAt column)', async () => {
+        const db = createMockDB();
+        initDB(db);
+        await logEvent({ event: 'a' });
+        await new Promise((r) => setTimeout(r, 5));
+        await logEvent({ event: 'b' });
+        const result = await getAuditLog({});
+        expect(result.entries[0]?.event).toBe('b');
+        expect(result.entries[1]?.event).toBe('a');
+    });
+});
+//# sourceMappingURL=audit.test.js.map

package/dist/__tests__/security/audit.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.test.js","sourceRoot":"","sources":["../../../src/__tests__/security/audit.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAS,MAAM,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAEhE,SAAS,YAAY;IACnB,MAAM,OAAO,GAAU,EAAE,CAAC;IAC1B,OAAO;QACL,QAAQ,EAAE;YACR,MAAM,EAAE,KAAK,EAAE,EAAE,IAAI,EAAiB,EAAE,EAAE;gBACxC,MAAM,GAAG,GAAG,EAAE,GAAG,IAAI,EAAE,EAAE,EAAE,OAAO,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC;gBAChF,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAClB,OAAO,GAAG,CAAC;YACb,CAAC;YACD,QAAQ,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAO,EAAE,EAAE;gBACtD,IAAI,QAAQ,GAAG,OAAO,CAAC;gBACvB,IAAI,KAAK,EAAE,KAAK;oBAAE,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,KAAK,CAAC,KAAK,CAAC,CAAC;gBAC7E,IAAI,OAAO,EAAE,SAAS,KAAK,MAAM,EAAE,CAAC;oBAClC,QAAQ,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC;gBACzF,CAAC;gBACD,OAAO,QAAQ,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,IAAI,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;YAC5E,CAAC;YACD,KAAK,EAAE,KAAK,EAAE,EAAE,KAAK,EAAO,EAAE,EAAE;gBAC9B,IAAI,CAAC,KAAK,EAAE,KAAK;oBAAE,OAAO,OAAO,CAAC,MAAM,CAAC;gBACzC,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC;YAC/D,CAAC;SACF;KACF,CAAC;AACJ,CAAC;AAED,QAAQ,CAAC,WAAW,EAAE,GAAG,EAAE;IACzB,EAAE,CAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;QACtE,MAAM,EAAE,GAAG,YAAY,EAAE,CAAC;QAC1B,MAAM,CAAC,EAAE,CAAC,CAAC;QACX,MAAM,QAAQ,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC,CAAC;QACnF,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;QAC7D,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC7B,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IACpF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6FAA6F,EAAE,KAAK,IAAI,EAAE;QAC3G,MAAM,EAAE,GAAG,YAAY,EAAE,CAAC;QAC1B,MAAM,CAAC,EAAE,CAAC,CAAC;QACX,MAAM,QAAQ,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;QAC/B,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC3C,MAAM,QAAQ,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;QAC/B,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,EAAE,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC3C,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/security/client-ip.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=client-ip.test.d.ts.map

package/dist/__tests__/security/client-ip.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client-ip.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/security/client-ip.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/security/client-ip.test.js

@@ -0,0 +1,37 @@
+import { describe, expect, it } from 'vitest';
+import { getClientIp, isResolvedIp } from '../../security/client-ip.js';
+function req(headers) {
+    return new Request('https://example.com/x', { headers });
+}
+describe('client-ip helper', () => {
+    it('uses X-Vercel-Forwarded-For first', () => {
+        const r = req({
+            'x-vercel-forwarded-for': '203.0.113.5',
+            'x-forwarded-for': '198.51.100.1, 203.0.113.5',
+            'x-real-ip': '198.51.100.1',
+        });
+        expect(getClientIp(r)).toBe('203.0.113.5');
+    });
+    it('falls back to x-real-ip when no Vercel header', () => {
+        const r = req({ 'x-real-ip': '203.0.113.99' });
+        expect(getClientIp(r)).toBe('203.0.113.99');
+    });
+    it('does NOT trust X-Forwarded-For by default', () => {
+        const r = req({ 'x-forwarded-for': '1.2.3.4' });
+        expect(getClientIp(r)).toBe('unknown');
+    });
+    it('uses the LAST X-Forwarded-For entry when trustProxy is enabled', () => {
+        const r = req({ 'x-forwarded-for': '198.51.100.1, 203.0.113.5, 1.2.3.4' });
+        // Last entry = closest to our trusted proxy = the one to trust.
+        expect(getClientIp(r, { trustProxy: true })).toBe('1.2.3.4');
+    });
+    it('reports "unknown" with no headers', () => {
+        expect(getClientIp(req({}))).toBe('unknown');
+    });
+    it('isResolvedIp is false for "unknown"', () => {
+        expect(isResolvedIp('unknown')).toBe(false);
+        expect(isResolvedIp('')).toBe(false);
+        expect(isResolvedIp('203.0.113.5')).toBe(true);
+    });
+});
+//# sourceMappingURL=client-ip.test.js.map

package/dist/__tests__/security/client-ip.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client-ip.test.js","sourceRoot":"","sources":["../../../src/__tests__/security/client-ip.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAExE,SAAS,GAAG,CAAC,OAA+B;IAC1C,OAAO,IAAI,OAAO,CAAC,uBAAuB,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;AAC3D,CAAC;AAED,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;IAChC,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;QAC3C,MAAM,CAAC,GAAG,GAAG,CAAC;YACZ,wBAAwB,EAAE,aAAa;YACvC,iBAAiB,EAAE,2BAA2B;YAC9C,WAAW,EAAE,cAAc;SAC5B,CAAC,CAAC;QACH,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,MAAM,CAAC,GAAG,GAAG,CAAC,EAAE,WAAW,EAAE,cAAc,EAAE,CAAC,CAAC;QAC/C,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,MAAM,CAAC,GAAG,GAAG,CAAC,EAAE,iBAAiB,EAAE,SAAS,EAAE,CAAC,CAAC;QAChD,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gEAAgE,EAAE,GAAG,EAAE;QACxE,MAAM,CAAC,GAAG,GAAG,CAAC,EAAE,iBAAiB,EAAE,oCAAoC,EAAE,CAAC,CAAC;QAC3E,gEAAgE;QAChE,MAAM,CAAC,WAAW,CAAC,CAAC,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;QAC3C,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC5C,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrC,MAAM,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/security/ip-allowlist.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=ip-allowlist.test.d.ts.map

package/dist/__tests__/security/ip-allowlist.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ip-allowlist.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/security/ip-allowlist.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/security/ip-allowlist.test.js

@@ -0,0 +1,40 @@
+import { describe, expect, it } from 'vitest';
+import { isIpAllowed } from '../../security/ip-allowlist.js';
+describe('isIpAllowed', () => {
+    it('allows everything when allowlist is empty', () => {
+        expect(isIpAllowed('203.0.113.5', [])).toBe(true);
+    });
+    it('rejects the literal "unknown" sentinel against a non-empty allowlist', () => {
+        expect(isIpAllowed('unknown', ['203.0.113.5'])).toBe(false);
+    });
+    it('still allows "unknown" when no allowlist is configured', () => {
+        // Empty allowlist means "no IP restriction at all". The middleware
+        // separately decides whether unknown IPs should be allowed via
+        // isResolvedIp() before consulting this helper.
+        expect(isIpAllowed('unknown', [])).toBe(true);
+    });
+    it('matches a literal IPv4 address', () => {
+        expect(isIpAllowed('203.0.113.5', ['203.0.113.5'])).toBe(true);
+        expect(isIpAllowed('203.0.113.6', ['203.0.113.5'])).toBe(false);
+    });
+    it('matches an IPv4 CIDR range', () => {
+        expect(isIpAllowed('203.0.113.42', ['203.0.113.0/24'])).toBe(true);
+        expect(isIpAllowed('203.0.114.42', ['203.0.113.0/24'])).toBe(false);
+    });
+    it('matches a literal IPv6 address with normalisation', () => {
+        expect(isIpAllowed('2001:db8::1', ['2001:db8:0:0:0:0:0:1'])).toBe(true);
+    });
+    it('matches an IPv6 CIDR range', () => {
+        expect(isIpAllowed('2001:db8:abcd::1', ['2001:db8::/32'])).toBe(true);
+        expect(isIpAllowed('2001:db9::1', ['2001:db8::/32'])).toBe(false);
+    });
+    it('normalises IPv4-mapped IPv6 addresses', () => {
+        expect(isIpAllowed('::ffff:203.0.113.5', ['203.0.113.5'])).toBe(true);
+        expect(isIpAllowed('::ffff:203.0.113.5', ['203.0.113.0/24'])).toBe(true);
+    });
+    it('rejects malformed CIDR values', () => {
+        expect(isIpAllowed('203.0.113.5', ['203.0.113.0/abc'])).toBe(false);
+        expect(isIpAllowed('203.0.113.5', ['203.0.113.0/-1'])).toBe(false);
+    });
+});
+//# sourceMappingURL=ip-allowlist.test.js.map

package/dist/__tests__/security/ip-allowlist.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ip-allowlist.test.js","sourceRoot":"","sources":["../../../src/__tests__/security/ip-allowlist.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAE7D,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;IAC3B,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,MAAM,CAAC,WAAW,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sEAAsE,EAAE,GAAG,EAAE;QAC9E,MAAM,CAAC,WAAW,CAAC,SAAS,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wDAAwD,EAAE,GAAG,EAAE;QAChE,mEAAmE;QACnE,+DAA+D;QAC/D,gDAAgD;QAChD,MAAM,CAAC,WAAW,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;QACxC,MAAM,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/D,MAAM,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;QACpC,MAAM,CAAC,WAAW,CAAC,cAAc,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnE,MAAM,CAAC,WAAW,CAAC,cAAc,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACtE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;QAC3D,MAAM,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;QACpC,MAAM,CAAC,WAAW,CAAC,kBAAkB,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtE,MAAM,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACpE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,MAAM,CAAC,WAAW,CAAC,oBAAoB,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtE,MAAM,CAAC,WAAW,CAAC,oBAAoB,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC3E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;QACvC,MAAM,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACpE,MAAM,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACrE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/security/redact.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=redact.test.d.ts.map

package/dist/__tests__/security/redact.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redact.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/security/redact.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/security/redact.test.js

@@ -0,0 +1,31 @@
+import { describe, expect, it } from 'vitest';
+import { redactSecrets } from '../../security/redact.js';
+describe('redactSecrets', () => {
+    it('redacts OpenAI keys', () => {
+        expect(redactSecrets('use sk-abcdefghijklmnopqrstuv0123 for now')).toBe('use [REDACTED] for now');
+    });
+    it('redacts Anthropic keys', () => {
+        expect(redactSecrets('sk-ant-api03-AbCdEfGhIjKlMnOpQrStUvWxYz123456 secret')).toBe('[REDACTED] secret');
+    });
+    it('redacts Actuate API keys', () => {
+        expect(redactSecrets('act_sk_abcdef0123456789ABCDEF0123456789 leaked')).toBe('[REDACTED] leaked');
+    });
+    it('redacts GitHub tokens', () => {
+        expect(redactSecrets('ghp_abcdefghijklmnopqrstuvwxyz0123456789')).toBe('[REDACTED]');
+    });
+    it('redacts AWS access keys', () => {
+        expect(redactSecrets('AKIAIOSFODNN7EXAMPLE is mine')).toBe('[REDACTED] is mine');
+    });
+    it('redacts JWTs', () => {
+        const jwt = 'eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NSJ9.dQw4w9WgXcQabcdef1234';
+        expect(redactSecrets(`bearer ${jwt}`)).toBe('bearer [REDACTED]');
+    });
+    it('redacts password assignments', () => {
+        expect(redactSecrets('password: "hunter2x9"')).toBe('[REDACTED]');
+    });
+    it('preserves non-secret content', () => {
+        expect(redactSecrets('hello world')).toBe('hello world');
+        expect(redactSecrets('')).toBe('');
+    });
+});
+//# sourceMappingURL=redact.test.js.map

package/dist/__tests__/security/redact.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redact.test.js","sourceRoot":"","sources":["../../../src/__tests__/security/redact.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAEzD,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,EAAE,CAAC,qBAAqB,EAAE,GAAG,EAAE;QAC7B,MAAM,CAAC,aAAa,CAAC,2CAA2C,CAAC,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;IACpG,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;QAChC,MAAM,CAAC,aAAa,CAAC,sDAAsD,CAAC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAC1G,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;QAClC,MAAM,CAAC,aAAa,CAAC,gDAAgD,CAAC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IACpG,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uBAAuB,EAAE,GAAG,EAAE;QAC/B,MAAM,CAAC,aAAa,CAAC,0CAA0C,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACvF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;QACjC,MAAM,CAAC,aAAa,CAAC,8BAA8B,CAAC,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACnF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,cAAc,EAAE,GAAG,EAAE;QACtB,MAAM,GAAG,GAAG,iEAAiE,CAAC;QAC9E,MAAM,CAAC,aAAa,CAAC,UAAU,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IACnE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,MAAM,CAAC,aAAa,CAAC,uBAAuB,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACpE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,MAAM,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACzD,MAAM,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/security/secret-storage.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=secret-storage.test.d.ts.map

package/dist/__tests__/security/secret-storage.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-storage.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/security/secret-storage.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/security/secret-storage.test.js

@@ -0,0 +1,42 @@
+import { describe, expect, it } from 'vitest';
+import { encryptSecret, decryptSecret, isEncrypted, encryptStringArray, decryptStringArray, } from '../../security/secret-storage.js';
+const KEY = 'a'.repeat(64); // 32 bytes hex
+describe('secret-storage', () => {
+    it('round-trips a secret when CMS_ENCRYPTION_KEY is set', async () => {
+        process.env.CMS_ENCRYPTION_KEY = KEY;
+        const ciphertext = await encryptSecret('totp-seed-12345');
+        expect(ciphertext.startsWith('enc:v1:')).toBe(true);
+        expect(isEncrypted(ciphertext)).toBe(true);
+        expect(await decryptSecret(ciphertext)).toBe('totp-seed-12345');
+    });
+    it('passes plaintext through unchanged when CMS_ENCRYPTION_KEY is unset', async () => {
+        delete process.env.CMS_ENCRYPTION_KEY;
+        const out = await encryptSecret('plain-secret');
+        expect(out).toBe('plain-secret');
+        expect(isEncrypted(out)).toBe(false);
+        // Reads of plaintext values that were never encrypted return as-is.
+        expect(await decryptSecret('plain-secret')).toBe('plain-secret');
+    });
+    it('encryptStringArray + decryptStringArray round-trip', async () => {
+        process.env.CMS_ENCRYPTION_KEY = KEY;
+        const codes = ['abc-123', 'def-456', 'ghi-789'];
+        const enc = await encryptStringArray(codes);
+        expect(enc.every(isEncrypted)).toBe(true);
+        expect(await decryptStringArray(enc)).toEqual(codes);
+    });
+    it('decryptSecret refuses encrypted values without a key', async () => {
+        process.env.CMS_ENCRYPTION_KEY = KEY;
+        const ciphertext = await encryptSecret('shh');
+        delete process.env.CMS_ENCRYPTION_KEY;
+        await expect(decryptSecret(ciphertext)).rejects.toThrow(/CMS_ENCRYPTION_KEY/);
+    });
+    it('round-trip data is non-deterministic (random IV)', async () => {
+        process.env.CMS_ENCRYPTION_KEY = KEY;
+        const a = await encryptSecret('same');
+        const b = await encryptSecret('same');
+        expect(a).not.toBe(b);
+        expect(await decryptSecret(a)).toBe('same');
+        expect(await decryptSecret(b)).toBe('same');
+    });
+});
+//# sourceMappingURL=secret-storage.test.js.map

package/dist/__tests__/security/secret-storage.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-storage.test.js","sourceRoot":"","sources":["../../../src/__tests__/security/secret-storage.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EACL,aAAa,EACb,aAAa,EACb,WAAW,EACX,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAE1C,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,eAAe;AAE3C,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,EAAE,CAAC,qDAAqD,EAAE,KAAK,IAAI,EAAE;QACnE,OAAO,CAAC,GAAG,CAAC,kBAAkB,GAAG,GAAG,CAAC;QACrC,MAAM,UAAU,GAAG,MAAM,aAAa,CAAC,iBAAiB,CAAC,CAAC;QAC1D,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpD,MAAM,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3C,MAAM,CAAC,MAAM,aAAa,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qEAAqE,EAAE,KAAK,IAAI,EAAE;QACnF,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;QACtC,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,cAAc,CAAC,CAAC;QAChD,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACjC,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrC,oEAAoE;QACpE,MAAM,CAAC,MAAM,aAAa,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACnE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;QAClE,OAAO,CAAC,GAAG,CAAC,kBAAkB,GAAG,GAAG,CAAC;QACrC,MAAM,KAAK,GAAG,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;QAChD,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAC5C,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1C,MAAM,CAAC,MAAM,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,KAAK,IAAI,EAAE;QACpE,OAAO,CAAC,GAAG,CAAC,kBAAkB,GAAG,GAAG,CAAC;QACrC,MAAM,UAAU,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;QAC9C,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;QACtC,MAAM,MAAM,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAChF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,KAAK,IAAI,EAAE;QAChE,OAAO,CAAC,GAAG,CAAC,kBAAkB,GAAG,GAAG,CAAC;QACrC,MAAM,CAAC,GAAG,MAAM,aAAa,CAAC,MAAM,CAAC,CAAC;QACtC,MAAM,CAAC,GAAG,MAAM,aAAa,CAAC,MAAM,CAAC,CAAC;QACtC,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,CAAC,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC5C,MAAM,CAAC,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/security/upload-magic.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=upload-magic.test.d.ts.map

package/dist/__tests__/security/upload-magic.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"upload-magic.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/security/upload-magic.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/security/upload-magic.test.js

@@ -0,0 +1,55 @@
+import { describe, expect, it } from 'vitest';
+import { validateMimeType, checkMagicBytes } from '../../security/upload.js';
+describe('validateMimeType', () => {
+    it('accepts an allowlisted type', () => {
+        expect(validateMimeType('image/png', ['image/png'])).toBe(true);
+    });
+    it('rejects a non-allowlisted type', () => {
+        expect(validateMimeType('text/html', ['image/png'])).toBe(false);
+    });
+    it('accepts both Set and Array allowlists', () => {
+        expect(validateMimeType('image/jpeg', new Set(['image/jpeg']))).toBe(true);
+    });
+});
+describe('checkMagicBytes', () => {
+    function buf(bytes) {
+        return new Uint8Array(bytes);
+    }
+    it('accepts a real PNG header for image/png', () => {
+        const png = buf([0x89, 0x50, 0x4e, 0x47, 0x0d, 0x0a, 0x1a, 0x0a, 0, 0, 0, 0]);
+        expect(checkMagicBytes(png, 'image/png').valid).toBe(true);
+    });
+    it('rejects a JPEG buffer claiming to be PNG', () => {
+        const jpeg = buf([0xff, 0xd8, 0xff, 0xe0, 0, 0x10, 0x4a, 0x46, 0x49, 0x46]);
+        const result = checkMagicBytes(jpeg, 'image/png');
+        expect(result.valid).toBe(false);
+        expect(result.detectedMimeType).toBe('image/jpeg');
+    });
+    it('rejects a WAV file claiming to be WebP (both share the RIFF header)', () => {
+        const wav = buf([0x52, 0x49, 0x46, 0x46, 0, 0, 0, 0, 0x57, 0x41, 0x56, 0x45]);
+        const result = checkMagicBytes(wav, 'image/webp');
+        expect(result.valid).toBe(false);
+        expect(result.detectedMimeType).toBe('audio/wav');
+    });
+    it('accepts a real WebP buffer for image/webp', () => {
+        const webp = buf([0x52, 0x49, 0x46, 0x46, 0, 0, 0, 0, 0x57, 0x45, 0x42, 0x50]);
+        expect(checkMagicBytes(webp, 'image/webp').valid).toBe(true);
+    });
+    it('accepts a full GIF89a header but rejects a "GIF" prefix only', () => {
+        const valid = buf([0x47, 0x49, 0x46, 0x38, 0x39, 0x61, 0, 0, 0, 0]);
+        expect(checkMagicBytes(valid, 'image/gif').valid).toBe(true);
+        const fake = buf([0x47, 0x49, 0x46, 0x00, 0x00, 0x00, 0, 0, 0, 0]);
+        // Without the full signature we can't detect the type, but we also won't lie.
+        const result = checkMagicBytes(fake, 'image/gif');
+        expect(result.valid).toBe(true); // unknown signature => accept (mime allowlist already gated this)
+    });
+    it('detects SVG by inspecting XML content', () => {
+        const svg = new TextEncoder().encode('<?xml version="1.0"?><svg xmlns="http://www.w3.org/2000/svg"/>');
+        expect(checkMagicBytes(svg, 'image/svg+xml').valid).toBe(true);
+    });
+    it('detects AVIF using the ftyp brand', () => {
+        const avif = buf([0, 0, 0, 0x20, 0x66, 0x74, 0x79, 0x70, 0x61, 0x76, 0x69, 0x66]);
+        expect(checkMagicBytes(avif, 'image/avif').valid).toBe(true);
+    });
+});
+//# sourceMappingURL=upload-magic.test.js.map

package/dist/__tests__/security/upload-magic.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"upload-magic.test.js","sourceRoot":"","sources":["../../../src/__tests__/security/upload-magic.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAE7E,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;IAChC,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;QACrC,MAAM,CAAC,gBAAgB,CAAC,WAAW,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;QACxC,MAAM,CAAC,gBAAgB,CAAC,WAAW,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACnE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,MAAM,CAAC,gBAAgB,CAAC,YAAY,EAAE,IAAI,GAAG,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7E,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;IAC/B,SAAS,GAAG,CAAC,KAAe;QAC1B,OAAO,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC;IAED,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC9E,MAAM,CAAC,eAAe,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;QAClD,MAAM,IAAI,GAAG,GAAG,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;QAC5E,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QAClD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qEAAqE,EAAE,GAAG,EAAE;QAC7E,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;QAC9E,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QAClD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,MAAM,IAAI,GAAG,GAAG,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;QAC/E,MAAM,CAAC,eAAe,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8DAA8D,EAAE,GAAG,EAAE;QACtE,MAAM,KAAK,GAAG,GAAG,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACpE,MAAM,CAAC,eAAe,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7D,MAAM,IAAI,GAAG,GAAG,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACnE,8EAA8E;QAC9E,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QAClD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,kEAAkE;IACrG,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,gEAAgE,CAAC,CAAC;QACvG,MAAM,CAAC,eAAe,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;QAC3C,MAAM,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;QAClF,MAAM,CAAC,eAAe,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/server-site.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=server-site.test.d.ts.map

package/dist/__tests__/server-site.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server-site.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/server-site.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/server-site.test.js

@@ -0,0 +1,123 @@
+import { describe, expect, it, vi } from 'vitest';
+import { createServerSiteClient } from '../server-site.js';
+function makeDb(overrides = {}) {
+    return {
+        document: {
+            findFirst: vi.fn(async () => null),
+            ...overrides.document,
+        },
+        media: {
+            findUnique: vi.fn(async () => null),
+            ...overrides.media,
+        },
+    };
+}
+describe('createServerSiteClient', () => {
+    it('throws if db is missing', () => {
+        expect(() => createServerSiteClient(undefined, {})).toThrow(/Prisma-compatible/);
+    });
+    it('reads global data directly from the database', async () => {
+        const findFirst = vi.fn(async () => ({
+            id: 'g-1',
+            collection: 'site-settings',
+            data: { brand: 'Actuate' },
+            deletedAt: null,
+        }));
+        const db = makeDb({ document: { findFirst } });
+        const cms = createServerSiteClient(db, {
+            globals: { 'site-settings': { access: { read: () => true } } },
+        });
+        const settings = await cms.getGlobal('site-settings');
+        expect(settings).toEqual({ brand: 'Actuate' });
+        expect(findFirst).toHaveBeenCalledWith({
+            where: { collection: 'site-settings', deletedAt: null },
+        });
+    });
+    it('defaults to public read when no access policy is set', async () => {
+        const findFirst = vi.fn(async () => ({
+            id: 'g-1',
+            collection: 'site-settings',
+            data: { brand: 'Actuate' },
+            deletedAt: null,
+        }));
+        const db = makeDb({ document: { findFirst } });
+        const cms = createServerSiteClient(db, { globals: { 'site-settings': {} } });
+        const settings = await cms.getGlobal('site-settings');
+        expect(settings).toEqual({ brand: 'Actuate' });
+    });
+    it('returns null when access.read denies', async () => {
+        const findFirst = vi.fn(async () => ({
+            id: 'g-1',
+            collection: 'site-settings',
+            data: { brand: 'Secret' },
+            deletedAt: null,
+        }));
+        const db = makeDb({ document: { findFirst } });
+        const cms = createServerSiteClient(db, {
+            globals: { 'site-settings': { access: { read: () => false } } },
+        });
+        const settings = await cms.getGlobal('site-settings');
+        expect(settings).toBeNull();
+    });
+    it('returns null for missing global rows', async () => {
+        const db = makeDb();
+        const cms = createServerSiteClient(db, {});
+        expect(await cms.getGlobal('settings')).toBeNull();
+    });
+    it('resolves the home document for the root path', async () => {
+        const findFirst = vi.fn(async () => ({
+            id: 'p-1',
+            collection: 'pages',
+            slug: 'home',
+            status: 'PUBLISHED',
+            publishedAt: new Date('2025-01-01T00:00:00Z'),
+            structuredData: null,
+            data: { slug: 'home', title: 'Home', _layout: { hero: { id: 'v-1' } } },
+        }));
+        const db = makeDb({ document: { findFirst } });
+        const cms = createServerSiteClient(db, {
+            collections: { pages: { slug: 'pages', type: 'page' } },
+        });
+        const result = await cms.resolveDocument('/');
+        expect(result?.data.id).toBe('p-1');
+        // _layout must be stripped from data and exposed top-level
+        expect(result?.data.data).toEqual({ slug: 'home', title: 'Home' });
+        expect(result?.layout).toEqual({ hero: { id: 'v-1' } });
+        // findFirst should target PUBLISHED + non-deleted
+        const firstCall = findFirst.mock.calls[0];
+        const args = firstCall[0];
+        expect(args.where.status).toBe('PUBLISHED');
+        expect(args.where.deletedAt).toBeNull();
+    });
+    it('returns null when no document matches the resolved path', async () => {
+        const db = makeDb();
+        const cms = createServerSiteClient(db, {
+            collections: { pages: { slug: 'pages', type: 'page' } },
+        });
+        expect(await cms.resolveDocument('/non-existent')).toBeNull();
+    });
+    it('resolveMedia falls back to a database lookup when given an id', async () => {
+        const findUnique = vi.fn(async () => ({
+            id: 'm-1',
+            storageKey: 'https://cdn.example.com/hero.jpg',
+            altText: 'Hero',
+            title: null,
+            width: 1200,
+            height: 600,
+        }));
+        const db = makeDb({ media: { findUnique } });
+        const cms = createServerSiteClient(db, {});
+        const media = await cms.resolveMedia('m-1');
+        expect(media).toEqual({
+            id: 'm-1',
+            url: 'https://cdn.example.com/hero.jpg',
+            alt: 'Hero',
+            title: null,
+            width: 1200,
+            height: 600,
+            storageKey: 'https://cdn.example.com/hero.jpg',
+        });
+        expect(findUnique).toHaveBeenCalledWith({ where: { id: 'm-1' } });
+    });
+});
+//# sourceMappingURL=server-site.test.js.map

package/dist/__tests__/server-site.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server-site.test.js","sourceRoot":"","sources":["../../src/__tests__/server-site.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAElD,OAAO,EAAE,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,SAAS,MAAM,CAAC,YAAiC,EAAE;IACjD,OAAO;QACL,QAAQ,EAAE;YACR,SAAS,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,IAAI,CAAC;YAClC,GAAG,SAAS,CAAC,QAAQ;SACtB;QACD,KAAK,EAAE;YACL,UAAU,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,IAAI,CAAC;YACnC,GAAG,SAAS,CAAC,KAAK;SACnB;KACF,CAAC;AACJ,CAAC;AAED,QAAQ,CAAC,wBAAwB,EAAE,GAAG,EAAE;IACtC,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;QACjC,MAAM,CAAC,GAAG,EAAE,CAAC,sBAAsB,CAAC,SAAgB,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAC1F,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,KAAK,IAAI,EAAE;QAC5D,MAAM,SAAS,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;YACnC,EAAE,EAAE,KAAK;YACT,UAAU,EAAE,eAAe;YAC3B,IAAI,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE;YAC1B,SAAS,EAAE,IAAI;SAChB,CAAC,CAAC,CAAC;QACJ,MAAM,EAAE,GAAG,MAAM,CAAC,EAAE,QAAQ,EAAE,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;QAC/C,MAAM,GAAG,GAAG,sBAAsB,CAAC,EAAE,EAAE;YACrC,OAAO,EAAE,EAAE,eAAe,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE,EAAE,EAAE;SAC/D,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,SAAS,CAAoB,eAAe,CAAC,CAAC;QACzE,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;QAC/C,MAAM,CAAC,SAAS,CAAC,CAAC,oBAAoB,CAAC;YACrC,KAAK,EAAE,EAAE,UAAU,EAAE,eAAe,EAAE,SAAS,EAAE,IAAI,EAAE;SACxD,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,KAAK,IAAI,EAAE;QACpE,MAAM,SAAS,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;YACnC,EAAE,EAAE,KAAK;YACT,UAAU,EAAE,eAAe;YAC3B,IAAI,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE;YAC1B,SAAS,EAAE,IAAI;SAChB,CAAC,CAAC,CAAC;QACJ,MAAM,EAAE,GAAG,MAAM,CAAC,EAAE,QAAQ,EAAE,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;QAC/C,MAAM,GAAG,GAAG,sBAAsB,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;QAE7E,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,SAAS,CAAoB,eAAe,CAAC,CAAC;QACzE,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;QACpD,MAAM,SAAS,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;YACnC,EAAE,EAAE,KAAK;YACT,UAAU,EAAE,eAAe;YAC3B,IAAI,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE;YACzB,SAAS,EAAE,IAAI;SAChB,CAAC,CAAC,CAAC;QACJ,MAAM,EAAE,GAAG,MAAM,CAAC,EAAE,QAAQ,EAAE,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;QAC/C,MAAM,GAAG,GAAG,sBAAsB,CAAC,EAAE,EAAE;YACrC,OAAO,EAAE,EAAE,eAAe,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,KAAK,EAAE,EAAE,EAAE;SAChE,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QACtD,MAAM,CAAC,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;QACpD,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;QACpB,MAAM,GAAG,GAAG,sBAAsB,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAC3C,MAAM,CAAC,MAAM,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,KAAK,IAAI,EAAE;QAC5D,MAAM,SAAS,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;YACnC,EAAE,EAAE,KAAK;YACT,UAAU,EAAE,OAAO;YACnB,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,WAAW;YACnB,WAAW,EAAE,IAAI,IAAI,CAAC,sBAAsB,CAAC;YAC7C,cAAc,EAAE,IAAI;YACpB,IAAI,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;SACxE,CAAC,CAAC,CAAC;QACJ,MAAM,EAAE,GAAG,MAAM,CAAC,EAAE,QAAQ,EAAE,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;QAC/C,MAAM,GAAG,GAAG,sBAAsB,CAAC,EAAE,EAAE;YACrC,WAAW,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE;SACxD,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QAC9C,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACpC,2DAA2D;QAC3D,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QACnE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QACxD,kDAAkD;QAClD,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAqC,CAAC;QAC9E,MAAM,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QAC1B,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC5C,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yDAAyD,EAAE,KAAK,IAAI,EAAE;QACvE,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;QACpB,MAAM,GAAG,GAAG,sBAAsB,CAAC,EAAE,EAAE;YACrC,WAAW,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE;SACxD,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,GAAG,CAAC,eAAe,CAAC,eAAe,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;IAChE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+DAA+D,EAAE,KAAK,IAAI,EAAE;QAC7E,MAAM,UAAU,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;YACpC,EAAE,EAAE,KAAK;YACT,UAAU,EAAE,kCAAkC;YAC9C,OAAO,EAAE,MAAM;YACf,KAAK,EAAE,IAAI;YACX,KAAK,EAAE,IAAI;YACX,MAAM,EAAE,GAAG;SACZ,CAAC,CAAC,CAAC;QACJ,MAAM,EAAE,GAAG,MAAM,CAAC,EAAE,KAAK,EAAE,EAAE,UAAU,EAAE,EAAE,CAAC,CAAC;QAC7C,MAAM,GAAG,GAAG,sBAAsB,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAE3C,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QAC5C,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC;YACpB,EAAE,EAAE,KAAK;YACT,GAAG,EAAE,kCAAkC;YACvC,GAAG,EAAE,MAAM;YACX,KAAK,EAAE,IAAI;YACX,KAAK,EAAE,IAAI;YACX,MAAM,EAAE,GAAG;YACX,UAAU,EAAE,kCAAkC;SAC/C,CAAC,CAAC;QACH,MAAM,CAAC,UAAU,CAAC,CAAC,oBAAoB,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;IACpE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/actions.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"actions.d.ts","sourceRoot":"","sources":["../src/actions.ts"],"names":[],"mappings":"AAKA,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,uFAAuF;IACvF,EAAE,EAAE,OAAO,CAAC;CACb;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC;IACvB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;CACpB;AA8FD,6CAA6C;AAC7C,wBAAsB,cAAc,CAClC,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,GAAG,EAAE,aAAa,GACjB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CA4ClC;AAED,6FAA6F;AAC7F,wBAAsB,cAAc,CAClC,UAAU,EAAE,MAAM,EAClB,EAAE,EAAE,MAAM,EACV,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,GAAG,EAAE,aAAa,GACjB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CA8DlC;AAED,0EAA0E;AAC1E,wBAAsB,cAAc,CAClC,UAAU,EAAE,MAAM,EAClB,EAAE,EAAE,MAAM,EACV,GAAG,EAAE,aAAa,GACjB,OAAO,CAAC,IAAI,CAAC,CAgCf;AAOD,wCAAwC;AACxC,wBAAsB,WAAW,CAC/B,UAAU,EAAE,MAAM,EAClB,EAAE,EAAE,MAAM,EACV,GAAG,EAAE,aAAa,GACjB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,CAoBzC;AAED,8DAA8D;AAC9D,wBAAsB,aAAa,CACjC,OAAO,EAAE,WAAW,EACpB,GAAG,EAAE,aAAa,GACjB,OAAO,CAAC,UAAU,CAAC,CAgFrB;AAED,2FAA2F;AAC3F,wBAAsB,iBAAiB,CACrC,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,aAAa,GACjB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAsDlC;AAED,4FAA4F;AAC5F,wBAAsB,SAAS,CAC7B,IAAI,EAAE,MAAM,EACZ,GAAG,EAAE,aAAa,GACjB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,CAWzC;AAED,iFAAiF;AACjF,wBAAsB,YAAY,CAChC,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,GAAG,EAAE,aAAa,GACjB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAyDlC"}
+{"version":3,"file":"actions.d.ts","sourceRoot":"","sources":["../src/actions.ts"],"names":[],"mappings":"AAMA,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,uFAAuF;IACvF,EAAE,EAAE,OAAO,CAAC;CACb;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC;IACvB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;CACpB;AAqHD,6CAA6C;AAC7C,wBAAsB,cAAc,CAClC,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,GAAG,EAAE,aAAa,GACjB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CA0DlC;AAED,6FAA6F;AAC7F,wBAAsB,cAAc,CAClC,UAAU,EAAE,MAAM,EAClB,EAAE,EAAE,MAAM,EACV,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,GAAG,EAAE,aAAa,GACjB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CA6FlC;AAED,0EAA0E;AAC1E,wBAAsB,cAAc,CAClC,UAAU,EAAE,MAAM,EAClB,EAAE,EAAE,MAAM,EACV,GAAG,EAAE,aAAa,GACjB,OAAO,CAAC,IAAI,CAAC,CAyCf;AA6DD,wCAAwC;AACxC,wBAAsB,WAAW,CAC/B,UAAU,EAAE,MAAM,EAClB,EAAE,EAAE,MAAM,EACV,GAAG,EAAE,aAAa,GACjB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,CA2BzC;AAED,8DAA8D;AAC9D,wBAAsB,aAAa,CACjC,OAAO,EAAE,WAAW,EACpB,GAAG,EAAE,aAAa,GACjB,OAAO,CAAC,UAAU,CAAC,CAuFrB;AAED,2FAA2F;AAC3F,wBAAsB,iBAAiB,CACrC,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,aAAa,GACjB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAiElC;AAED,4FAA4F;AAC5F,wBAAsB,SAAS,CAC7B,IAAI,EAAE,MAAM,EACZ,GAAG,EAAE,aAAa,GACjB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,CAWzC;AAED,iFAAiF;AACjF,wBAAsB,YAAY,CAChC,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,GAAG,EAAE,aAAa,GACjB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAyDlC"}