@axium/server 0.43.0 → 0.44.0

package/dist/main.js

@@ -53,845 +53,565 @@ var __disposeResources = (this && this.__disposeResources) || (function (Suppres
 });
 import { apps } from '@axium/core';
 import { AuditFilter, severityNames } from '@axium/core/audit';
-import { formatDateRange } from '@axium/core/format';
+import { formatBytes, formatDateRange, formatMs } from '@axium/core/format';
 import { outputDaemonStatus, pluginText } from '@axium/core/node';
 import { _findPlugin, plugins, runIntegrations } from '@axium/core/plugins';
 import { Argument, Option, program } from 'commander';
 import * as io from 'ioium/node';
 import { allLogLevels } from 'logzen';
-import { createWriteStream } from 'node:fs';
-import { access } from 'node:fs/promises';
+import { createWriteStream, readFileSync } from 'node:fs';
+import { access, watch } from 'node:fs/promises';
 import { join, resolve } from 'node:path/posix';
-import { createInterface } from 'node:readline/promises';
 import { parseArgs, styleText } from 'node:util';
 import { getByString, isJSON, setByString } from 'utilium';
+import { searchForWorkspaceRoot } from 'vite';
 import * as z from 'zod';
 import $pkg from '../package.json' with { type: 'json' };
 import { audit, getEvents, styleSeverity } from './audit.js';
-import { diffUpdate, lookupUser, userText } from './cli.js';
+import { build } from './build.js';
+import { diffUpdate, lookupUser, cliOptions as opts, rl, rlConfirm, userText } from './cli.js';
 import config, { ConfigFile, configFiles, reloadConfigs, saveConfigTo } from './config.js';
-import * as db from './database.js';
+import { dbInitTables } from './db/cli.js';
+import './db/cli.js';
+import * as db from './db/index.js';
 import { _portActions, _portMethods, dirs, logger, restrictedPorts } from './io.js';
 import { linkRoutes, listRouteLinks, unlinkRoutes, writePluginHooks } from './linking.js';
 import { serve } from './serve.js';
-async function rlConfirm(question = 'Is this ok') {
-    const { data, error } = z
-        .stringbool()
-        .default(false)
-        .safeParse(await rl.question(question + ' [y/N]: ').catch(() => io.exit('Aborted.')));
-    if (error || !data)
-        io.exit('Aborted.');
+process.on('SIGHUP', () => {
+    io.info('Reloading configuration due to SIGHUP.');
+    void reloadConfigs();
+});
+// Need these before Command is set up (e.g. for CLI integrations)
+const { safe, debug, config: configFromCLI, } = parseArgs({
+    options: {
+        safe: { type: 'boolean', default: z.stringbool().default(false).parse(process.env.SAFE?.toLowerCase()) },
+        debug: { type: 'boolean', default: z.stringbool().default(false).parse(process.env.DEBUG?.toLowerCase()) },
+        config: { type: 'string', short: 'c' },
+    },
+    allowPositionals: true,
+    strict: false,
+}).values;
+if (debug) {
+    io._setDebugOutput(true);
+    config.set({ debug: true });
 }
-async function dbInitTables() {
-    const env_2 = { stack: [], error: void 0, hasError: false };
+await config.loadDefaults(safe);
+if (configFromCLI)
+    await config.load(configFromCLI, { safe });
+await runIntegrations();
+program
+    .version($pkg.version)
+    .name('axium')
+    .description('Axium server CLI')
+    .configureHelp({ showGlobalOptions: true })
+    .option('--safe', 'do not execute code from plugins', false)
+    .option('--debug', 'override debug mode')
+    .option('--no-debug', 'override debug mode')
+    .option('-c, --config <path>', 'path to the config file')
+    .hook('preAction', (_, action) => {
+    const opt = action.optsWithGlobals();
+    opt.force && io.warn('--force: Protections disabled.');
+    if (typeof opt.debug == 'boolean') {
+        config.set({ debug: opt.debug });
+        io._setDebugOutput(opt.debug);
+    }
     try {
+        db.connect();
+    }
+    catch (e) {
+        if (!noAutoDB.includes(action.name()))
+            throw e;
+    }
+})
+    .hook('postAction', async (_, action) => {
+    if (!noAutoDB.includes(action.name()))
+        await db.database.destroy();
+})
+    .on('option:debug', () => config.set({ debug: true }));
+const noAutoDB = ['init', 'serve', 'check'];
+const axiumConfig = program
+    .command('config')
+    .description('Manage the configuration')
+    .addOption(opts.global)
+    .option('-j, --json', 'values are JSON encoded', false)
+    .option('-r, --redact', 'Do not output sensitive values', false);
+function configReplacer(opt) {
+    return (key, value) => {
+        return opt.redact && ['password', 'secret'].includes(key) ? '[redacted]' : value;
+    };
+}
+axiumConfig
+    .command('dump')
+    .description('Output the entire current configuration')
+    .action(function axium_config_dump() {
+    const opt = this.optsWithGlobals();
+    const value = config.plain();
+    console.log(opt.json ? JSON.stringify(value, configReplacer(opt), 4) : value);
+});
+axiumConfig
+    .command('get')
+    .description('Get a config value')
+    .argument('<key>', 'the key to get')
+    .action(function axium_config_get(key) {
+    const opt = this.optsWithGlobals();
+    const value = getByString(config.plain(), key);
+    console.log(opt.json ? JSON.stringify(value, configReplacer(opt), 4) : value);
+});
+axiumConfig
+    .command('set')
+    .description('Set a config value. Note setting objects is not supported.')
+    .argument('<key>', 'the key to set')
+    .argument('<value>', 'the value')
+    .action(function axium_config_set(key, value) {
+    const opt = this.optsWithGlobals();
+    if (opt.json && !isJSON(value))
+        io.exit('Invalid JSON');
+    const obj = {};
+    setByString(obj, key, opt.json ? JSON.parse(value) : value);
+    config.save(obj, opt.global);
+});
+axiumConfig
+    .command('list')
+    .alias('ls')
+    .alias('files')
+    .description('List loaded config files')
+    .action(() => {
+    for (const path of config.files.keys())
+        console.log(path);
+});
+axiumConfig
+    .command('schema')
+    .description('Get the JSON schema for the configuration file')
+    .action(() => {
+    const opt = axiumConfig.optsWithGlobals();
+    try {
+        const schema = z.toJSONSchema(ConfigFile, { io: 'input' });
+        console.log(opt.json ? JSON.stringify(schema, configReplacer(opt), 4) : schema);
+    }
+    catch (e) {
+        io.exit(e);
+    }
+});
+const axiumPlugin = program.command('plugin').alias('plugins').description('Manage plugins').addOption(opts.global);
+axiumPlugin
+    .command('list')
+    .alias('ls')
+    .description('List loaded plugins')
+    .option('-l, --long', 'use the long listing format')
+    .option('--no-versions', 'do not show plugin versions')
+    .action(opt => {
+    if (!plugins.size) {
+        console.log('No plugins loaded.');
+        return;
+    }
+    if (!opt.long) {
+        console.log(Array.from(plugins.keys()).join(', '));
+        return;
+    }
+    console.log(styleText('whiteBright', plugins.size + ' plugin(s) loaded:'));
+    for (const plugin of plugins.values()) {
+        console.log(plugin.name, opt.versions ? plugin.version : '');
+    }
+});
+axiumPlugin
+    .command('info')
+    .description('Get information about a plugin')
+    .argument('<plugin>', 'the plugin to get information about')
+    .action((search) => {
+    const plugin = _findPlugin(search);
+    for (const line of pluginText(plugin))
+        console.log(line);
+});
+axiumPlugin
+    .command('remove')
+    .alias('rm')
+    .description('Remove a plugin')
+    .argument('<plugin>', 'the plugin to remove')
+    .action(async (search, opt) => {
+    const plugin = _findPlugin(search);
+    await plugin._hooks?.remove?.(opt);
+    for (const [path, data] of configFiles) {
+        if (!data.plugins)
+            continue;
+        data.plugins = data.plugins.filter(p => p !== plugin.specifier);
+        saveConfigTo(path, data);
+    }
+    plugins.delete(plugin.name);
+});
+axiumPlugin
+    .command('init')
+    .alias('setup')
+    .alias('install')
+    .description('Initialize a plugin. This could include adding tables to the database or linking routes.')
+    .addOption(opts.timeout)
+    .addOption(opts.check)
+    .argument('<plugin>', 'the plugin to initialize')
+    .action(async (search) => {
+    const env_1 = { stack: [], error: void 0, hasError: false };
+    try {
+        const plugin = _findPlugin(search);
+        if (!plugin)
+            io.exit(`Can't find a plugin matching "${search}"`);
+        const _ = __addDisposableResource(env_1, db.connect(), true);
         const info = db.getUpgradeInfo();
-        const schema = db.schema.getFull({ exclude: Object.keys(info.current) });
+        const exclude = Object.keys(info.current);
+        if (exclude.includes(plugin.name))
+            io.exit('Plugin is already initialized (database)');
+        const schema = db.schema.getFull({ exclude });
         const delta = db.delta.compute({ tables: {}, indexes: {} }, schema);
-        if (db.delta.isEmpty(delta))
+        if (db.delta.isEmpty(delta)) {
+            io.info('Plugin does not define any database schema.');
             return;
+        }
         for (const text of db.delta.display(delta))
             console.log(text);
         await rlConfirm();
-        const _ = __addDisposableResource(env_2, db.connect(), true);
         await db.delta.apply(delta);
         Object.assign(info.current, schema.versions);
         db.setUpgradeInfo(info);
     }
-    catch (e_2) {
-        env_2.error = e_2;
-        env_2.hasError = true;
+    catch (e_1) {
+        env_1.error = e_1;
+        env_1.hasError = true;
     }
     finally {
-        const result_1 = __disposeResources(env_2);
+        const result_1 = __disposeResources(env_1);
         if (result_1)
             await result_1;
     }
-}
-function configReplacer(opt) {
-    return (key, value) => {
-        return opt.redact && ['password', 'secret'].includes(key) ? '[redacted]' : value;
-    };
-}
-var rl, safe, debug, configFromCLI, noAutoDB, opts, axiumDB, axiumConfig, axiumPlugin, axiumApps, argUserLookup;
-const env_1 = { stack: [], error: void 0, hasError: false };
-try {
-    rl = __addDisposableResource(env_1, createInterface({
-        input: process.stdin,
-        output: process.stdout,
-    }), false);
-    process.on('SIGHUP', () => {
-        io.info('Reloading configuration due to SIGHUP.');
-        void reloadConfigs();
-    });
-    // Need these before Command is set up (e.g. for CLI integrations)
-    ({
-        safe,
-        debug,
-        config: configFromCLI
-    } = parseArgs({
-        options: {
-            safe: { type: 'boolean', default: z.stringbool().default(false).parse(process.env.SAFE?.toLowerCase()) },
-            debug: { type: 'boolean', default: z.stringbool().default(false).parse(process.env.DEBUG?.toLowerCase()) },
-            config: { type: 'string', short: 'c' },
-        },
-        allowPositionals: true,
-        strict: false,
-    }).values);
-    if (debug) {
-        io._setDebugOutput(true);
-        config.set({ debug: true });
-    }
-    await config.loadDefaults(safe);
-    if (configFromCLI)
-        await config.load(configFromCLI, { safe });
-    await runIntegrations();
-    program
-        .version($pkg.version)
-        .name('axium')
-        .description('Axium server CLI')
-        .configureHelp({ showGlobalOptions: true })
-        .option('--safe', 'do not execute code from plugins', false)
-        .option('--debug', 'override debug mode')
-        .option('--no-debug', 'override debug mode')
-        .option('-c, --config <path>', 'path to the config file')
-        .hook('preAction', (_, action) => {
-        const opt = action.optsWithGlobals();
-        opt.force && io.warn('--force: Protections disabled.');
-        if (typeof opt.debug == 'boolean') {
-            config.set({ debug: opt.debug });
-            io._setDebugOutput(opt.debug);
-        }
-        try {
-            db.connect();
-        }
-        catch (e) {
-            if (!noAutoDB.includes(action.name()))
-                throw e;
-        }
-    })
-        .hook('postAction', async (_, action) => {
-        if (!noAutoDB.includes(action.name()))
-            await db.database.destroy();
-    })
-        .on('option:debug', () => config.set({ debug: true }));
-    noAutoDB = ['init', 'serve', 'check'];
-    // Options shared by multiple (sub)commands
-    opts = {
-        check: new Option('--check', 'check the database schema after initialization').default(false),
-        force: new Option('-f, --force', 'force the operation').default(false),
-        global: new Option('-g, --global', 'apply the operation globally').default(false),
-        timeout: new Option('-t, --timeout <ms>', 'how long to wait for commands to complete.').default(1000).argParser(value => {
-            const timeout = parseInt(value);
-            if (!Number.isSafeInteger(timeout) || timeout < 0)
-                io.warn('Invalid timeout value, using default.');
-            io.setCommandTimeout(timeout);
-        }),
-    };
-    axiumDB = program.command('db').alias('database').description('Manage the database').addOption(opts.timeout);
-    axiumDB
-        .command('init')
-        .description('Initialize the database')
-        .addOption(opts.force)
-        .option('-s, --skip', 'If the user, database, or schema already exists, skip trying to create it.', false)
-        .addOption(opts.check)
-        .action(async function axium_db_init() {
-        const opt = this.optsWithGlobals();
-        await db.init(opt).catch(io.exit);
-        await dbInitTables().catch(io.exit);
-    });
-    axiumDB
-        .command('status')
-        .alias('stats')
-        .description('Check the status of the database')
-        .action(async () => {
-        try {
-            console.log(await db.statText());
-        }
-        catch {
-            io.error('Unavailable');
-            process.exitCode = 1;
-        }
-    });
-    axiumDB
-        .command('drop')
-        .description('Drop the Axium database and user')
-        .addOption(opts.force)
-        .action(async (opt) => {
-        const stats = await db.count('users', 'passkeys', 'sessions').catch(io.exit);
-        if (!opt.force)
-            for (const key of ['users', 'passkeys', 'sessions']) {
-                if (stats[key] == 0)
-                    continue;
-                io.warn(`Database has existing ${key}. Use --force if you really want to drop the database.`);
-                process.exit(2);
-            }
-        await db._sql('DROP DATABASE axium', 'Dropping database').catch(io.exit);
-        await db._sql('REVOKE ALL PRIVILEGES ON SCHEMA public FROM axium', 'Revoking schema privileges').catch(io.exit);
-        await db._sql('DROP USER axium', 'Dropping user').catch(io.exit);
-        await db
-            .getHBA(opt)
-            .then(([content, writeBack]) => {
-            io.start('Checking for Axium HBA configuration');
-            if (!content.includes(db._pgHba))
-                throw 'missing.';
-            io.done();
-            io.start('Removing Axium HBA configuration');
-            const newContent = content.replace(db._pgHba, '');
-            io.done();
-            writeBack(newContent);
+});
+const axiumApps = program.command('apps').description('Manage Axium apps').addOption(opts.global);
+axiumApps
+    .command('list')
+    .alias('ls')
+    .description('List apps added by plugins')
+    .option('-l, --long', 'use the long listing format')
+    .option('-b, --builtin', 'include built-in apps')
+    .action(opt => {
+    if (!apps.size) {
+        console.log('No apps.');
+        return;
+    }
+    if (!opt.long) {
+        console.log(Array.from(apps.values().map(app => app.name)).join(', '));
+        return;
+    }
+    console.log(styleText('whiteBright', apps.size + ' app(s) loaded:'));
+    for (const app of apps.values()) {
+        console.log(app.name, styleText('dim', `(${app.id})`));
+    }
+});
+const argUserLookup = new Argument('<user>', 'the UUID or email of the user to operate on').argParser(lookupUser);
+program
+    .command('user')
+    .description('Get or change information about a user')
+    .addArgument(argUserLookup)
+    .option('-S, --sessions', 'show user sessions')
+    .option('-P, --passkeys', 'show user passkeys')
+    .option('--add-role <role...>', 'add roles to the user')
+    .option('--remove-role <role...>', 'remove roles from the user')
+    .option('--tag <tag...>', 'Add tags to the user')
+    .option('--untag <tag...>', 'Remove tags from the user')
+    .option('--delete', 'Delete the user')
+    .option('--suspend', 'Suspend the user')
+    .addOption(new Option('--unsuspend', 'Un-suspend the user').conflicts('suspend'))
+    .action(async (_user, opt) => {
+    let user = await _user;
+    const [updatedRoles, roles, rolesDiff] = diffUpdate(user.roles, opt.addRole, opt.removeRole);
+    const [updatedTags, tags, tagsDiff] = diffUpdate(user.tags, opt.tag, opt.untag);
+    const changeSuspend = (opt.suspend || opt.unsuspend) && user.isSuspended != (opt.suspend ?? !opt.unsuspend);
+    if (updatedRoles || updatedTags || changeSuspend) {
+        user = await db.database
+            .updateTable('users')
+            .where('id', '=', user.id)
+            .set({ roles, tags, isSuspended: !changeSuspend ? user.isSuspended : (opt.suspend ?? !opt.unsuspend) })
+            .returningAll()
+            .executeTakeFirstOrThrow()
+            .then(u => {
+            if (updatedRoles && rolesDiff)
+                console.log(`> Updated roles: ${rolesDiff}`);
+            if (updatedTags && tagsDiff)
+                console.log(`> Updated tags: ${tagsDiff}`);
+            if (changeSuspend)
+                console.log(opt.suspend ? '> Suspended' : '> Un-suspended');
+            return u;
         })
-            .catch(io.warn);
-    });
-    axiumDB
-        .command('wipe')
-        .description('Wipe the database')
-        .addOption(opts.force)
-        .action(async (opt) => {
-        const tables = new Map();
-        for (const [plugin, schema] of db.schema.getFiles()) {
-            for (const table of schema.wipe) {
-                const maybePlugin = tables.get(table);
-                tables.set(table, maybePlugin ? `${maybePlugin}, ${plugin}` : plugin);
-            }
-        }
-        if (!opt.force) {
-            const stats = await db.count(...tables.keys()).catch(io.exit);
-            const nonEmpty = Object.entries(stats)
-                .filter(([, v]) => v)
-                .map(([k]) => k);
-            if (nonEmpty.length) {
-                io.exit(`Some tables are not empty, use --force if you really want to wipe them: ${nonEmpty.join(', ')}`, 2);
-            }
-        }
-        const maxTableName = Math.max(5, ...Array.from(tables.keys()).map(t => t.length));
-        console.log('Table' + ' '.repeat(maxTableName - 5), '|', 'Plugin(s)');
-        console.log('-'.repeat(maxTableName), '|', '-'.repeat(20));
-        for (const [table, plugins] of [...tables].sort((a, b) => a[0].localeCompare(b[0]))) {
-            console.log(table + ' '.repeat(maxTableName - table.length), '|', plugins);
-        }
-        await rlConfirm('Are you sure you want to wipe these tables and any dependents');
-        await db.database.deleteFrom(Array.from(tables.keys())).execute().catch(io.exit);
-    });
-    axiumDB
-        .command('check')
-        .description('Check the structure of the database')
-        .option('-s, --strict', 'Throw errors instead of emitting warnings for most column problems')
-        .action(async (opt) => {
-        const env_3 = { stack: [], error: void 0, hasError: false };
-        try {
-            await io.run('Checking for sudo', 'which sudo').catch(io.exit);
-            await io.run('Checking for psql', 'which psql').catch(io.exit);
-            const throwUnlessRows = (text) => {
-                if (text.includes('(0 rows)'))
-                    throw 'missing.';
-                return text;
-            };
-            await db._sql(`SELECT 1 FROM pg_database WHERE datname = 'axium'`, 'Checking for database').then(throwUnlessRows).catch(io.exit);
-            await db._sql(`SELECT 1 FROM pg_roles WHERE rolname = 'axium'`, 'Checking for user').then(throwUnlessRows).catch(io.exit);
-            io.start('Connecting to database');
-            const _ = __addDisposableResource(env_3, db.connect(), true);
-            io.done();
-            io.start('Getting schema metadata');
-            const schemas = await db.database.introspection.getSchemas().catch(io.exit);
-            io.done();
-            io.start('Checking for acl schema');
-            if (!schemas.find(s => s.name == 'acl'))
-                io.exit('missing.');
-            io.done();
-            io.start('Getting table metadata');
-            const tablePromises = await Promise.all([
-                db.database.introspection.getTables(),
-                db.database.withSchema('acl').introspection.getTables(),
-            ]).catch(io.exit);
-            const tableMetadata = tablePromises.flat();
-            const tables = Object.fromEntries(tableMetadata.map(t => [t.schema == 'public' ? t.name : `${t.schema}.${t.name}`, t]));
-            io.done();
-            io.start('Resolving database schemas');
-            let schema;
-            try {
-                schema = db.schema.getFull();
-                io.done();
-            }
-            catch (e) {
-                io.exit(e);
-            }
-            for (const [name, table] of Object.entries(schema.tables)) {
-                await db.checkTableTypes(name, table, opt, tableMetadata);
-                delete tables[name];
-            }
-            io.start('Checking for extra tables');
-            const unchecked = Object.keys(tables).join(', ');
-            if (!unchecked.length)
-                io.done();
-            else if (opt.strict)
-                io.exit(unchecked);
-            else
-                io.warn(unchecked);
-        }
-        catch (e_3) {
-            env_3.error = e_3;
-            env_3.hasError = true;
-        }
-        finally {
-            const result_2 = __disposeResources(env_3);
-            if (result_2)
-                await result_2;
-        }
-    });
-    axiumDB
-        .command('clean')
-        .description('Remove expired rows')
-        .addOption(opts.force)
-        .action(async (opt) => {
-        await db.clean(opt).catch(io.exit);
-    });
-    axiumDB
-        .command('rotate-password')
-        .description('Generate a new password for the database user and update the config')
-        .action(db.rotatePassword);
-    axiumDB
-        .command('json-schema')
-        .description('Get the JSON schema for the database configuration file')
-        .option('-j, --json', 'values are JSON encoded')
-        .action(opt => {
-        try {
-            const schema = z.toJSONSchema(db.schema.SchemaFile, { io: 'input' });
-            console.log(opt.json ? JSON.stringify(schema, null, 4) : schema);
-        }
-        catch (e) {
-            io.exit(e);
-        }
-    });
-    axiumDB
-        .command('upgrade')
-        .alias('update')
-        .alias('up')
-        .description('Upgrade the database to the latest version')
-        .option('--abort', 'Rollback changes instead of committing them')
-        .action(async function axium_db_upgrade(opt) {
-        const deltas = [];
-        const info = db.getUpgradeInfo();
-        let empty = true;
-        const from = {}, to = {};
-        for (const [name, schema] of db.schema.getFiles()) {
-            if (!(name in info.current))
-                io.exit('Plugin is not initialized: ' + name);
-            const currentVersion = info.current[name];
-            const target = schema.latest ?? schema.versions.length - 1;
-            if (currentVersion >= target)
-                continue;
-            from[name] = currentVersion;
-            to[name] = target;
-            info.current[name] = target;
-            let versions = schema.versions.slice(currentVersion + 1);
-            const v0 = schema.versions[0];
-            if (v0.delta)
-                throw 'Initial version can not be a delta';
-            for (const [i, v] of versions.toReversed().entries()) {
-                if (v.delta || v == v0)
-                    continue;
-                versions = [db.delta.compute(v0, v), ...versions.slice(-i)];
-                break;
-            }
-            const delta = db.delta.collapse(versions);
-            deltas.push(delta);
-            console.log('Upgrading', name, styleText('dim', currentVersion.toString() + '->') + styleText('blueBright', target.toString()) + ':');
-            if (!db.delta.isEmpty(delta))
-                empty = false;
-            for (const text of db.delta.display(delta))
-                console.log(text);
-        }
-        if (empty) {
-            console.log('Already up to date.');
-            return;
-        }
-        if (opt.abort) {
-            io.warn('--abort: Changes will be rolled back instead of being committed.');
-        }
-        await rlConfirm();
-        io.start('Computing delta');
-        let delta;
-        try {
-            delta = db.delta.collapse(deltas);
-            io.done();
-        }
-        catch (e) {
-            io.exit(e);
-        }
-        io.start('Validating delta');
-        try {
-            db.delta.validate(delta);
-            io.done();
-        }
-        catch (e) {
-            io.exit(e);
-        }
-        console.log('Applying delta.');
-        await db.delta.apply(delta, opt.abort).catch(io.exit);
-        info.upgrades.push({ timestamp: new Date(), from, to });
-        db.setUpgradeInfo(info);
-    });
-    axiumDB
-        .command('upgrade-history')
-        .alias('update-history')
-        .description('Show the history of database upgrades')
-        .action(() => {
-        const info = db.getUpgradeInfo();
-        if (!info.upgrades.length) {
-            console.log('No upgrade history.');
-            return;
-        }
-        for (const up of info.upgrades) {
-            console.log(styleText(['whiteBright', 'underline'], up.timestamp.toString()) + ':');
-            for (const [name, from] of Object.entries(up.from)) {
-                console.log(name, styleText('dim', from.toString() + '->') + styleText('blueBright', up.to[name].toString()));
-            }
-        }
-    });
-    axiumDB
-        .command('versions')
-        .description('Show information about database versions')
-        .action(() => {
-        const { current: currentVersions } = db.getUpgradeInfo();
-        const lengths = { name: 4, current: 7, latest: 6, available: 9 };
-        const entries = [
-            { name: 'Name', current: 'Current', latest: 'Latest', available: 'Available' },
-        ];
-        for (const [name, file] of db.schema.getFiles()) {
-            const available = (file.versions.length - 1).toString();
-            const latest = (file.latest ?? available).toString();
-            const current = currentVersions[name]?.toString();
-            entries.push({ name, latest, available, current });
-            lengths.name = Math.max(lengths.name || 0, name.length);
-            lengths.current = Math.max(lengths.current || 0, current.length);
-            lengths.latest = Math.max(lengths.latest || 0, latest.length);
-            lengths.available = Math.max(lengths.available || 0, available.length);
-        }
-        for (const [i, entry] of entries.entries()) {
-            console.log(...['name', 'current', 'latest', 'available'].map(key => styleText(i === 0 ? ['whiteBright', 'underline'] : entry[key] === undefined ? 'reset' : [], entry[key].padStart(lengths[key]))));
-        }
-    });
-    axiumDB
-        .command('export-schema')
-        .description('Export the DB schema')
-        .addOption(new Option('-f, --format <format>', 'Output format').choices(['sql', 'graph']).default('sql'))
-        .option('-o, --output <file>', 'Output file path')
-        .action(opt => {
-        const schema = db.schema.getFull();
-        const it = opt.format == 'sql' ? db.schema.toSQL(schema) : db.schema.toGraph(schema);
-        const out = opt.output ? createWriteStream(opt.output) : process.stdout;
-        for (const data of it)
-            out.write(data);
-        if (opt.output)
-            out.close();
-    });
-    axiumConfig = program
-        .command('config')
-        .description('Manage the configuration')
-        .addOption(opts.global)
-        .option('-j, --json', 'values are JSON encoded', false)
-        .option('-r, --redact', 'Do not output sensitive values', false);
-    axiumConfig
-        .command('dump')
-        .description('Output the entire current configuration')
-        .action(function axium_config_dump() {
-        const opt = this.optsWithGlobals();
-        const value = config.plain();
-        console.log(opt.json ? JSON.stringify(value, configReplacer(opt), 4) : value);
-    });
-    axiumConfig
-        .command('get')
-        .description('Get a config value')
-        .argument('<key>', 'the key to get')
-        .action(function axium_config_get(key) {
-        const opt = this.optsWithGlobals();
-        const value = getByString(config.plain(), key);
-        console.log(opt.json ? JSON.stringify(value, configReplacer(opt), 4) : value);
-    });
-    axiumConfig
-        .command('set')
-        .description('Set a config value. Note setting objects is not supported.')
-        .argument('<key>', 'the key to set')
-        .argument('<value>', 'the value')
-        .action(function axium_config_set(key, value) {
-        const opt = this.optsWithGlobals();
-        if (opt.json && !isJSON(value))
-            io.exit('Invalid JSON');
-        const obj = {};
-        setByString(obj, key, opt.json ? JSON.parse(value) : value);
-        config.save(obj, opt.global);
-    });
-    axiumConfig
-        .command('list')
-        .alias('ls')
-        .alias('files')
-        .description('List loaded config files')
-        .action(() => {
-        for (const path of config.files.keys())
-            console.log(path);
-    });
-    axiumConfig
-        .command('schema')
-        .description('Get the JSON schema for the configuration file')
-        .action(() => {
-        const opt = axiumConfig.optsWithGlobals();
-        try {
-            const schema = z.toJSONSchema(ConfigFile, { io: 'input' });
-            console.log(opt.json ? JSON.stringify(schema, configReplacer(opt), 4) : schema);
-        }
-        catch (e) {
-            io.exit(e);
-        }
-    });
-    axiumPlugin = program.command('plugin').alias('plugins').description('Manage plugins').addOption(opts.global);
-    axiumPlugin
-        .command('list')
-        .alias('ls')
-        .description('List loaded plugins')
-        .option('-l, --long', 'use the long listing format')
-        .option('--no-versions', 'do not show plugin versions')
-        .action(opt => {
-        if (!plugins.size) {
-            console.log('No plugins loaded.');
-            return;
-        }
-        if (!opt.long) {
-            console.log(Array.from(plugins.keys()).join(', '));
-            return;
-        }
-        console.log(styleText('whiteBright', plugins.size + ' plugin(s) loaded:'));
-        for (const plugin of plugins.values()) {
-            console.log(plugin.name, opt.versions ? plugin.version : '');
-        }
-    });
-    axiumPlugin
-        .command('info')
-        .description('Get information about a plugin')
-        .argument('<plugin>', 'the plugin to get information about')
-        .action((search) => {
-        const plugin = _findPlugin(search);
-        for (const line of pluginText(plugin))
-            console.log(line);
-    });
-    axiumPlugin
-        .command('remove')
-        .alias('rm')
-        .description('Remove a plugin')
-        .argument('<plugin>', 'the plugin to remove')
-        .action(async (search, opt) => {
-        const plugin = _findPlugin(search);
-        await plugin._hooks?.remove?.(opt);
-        for (const [path, data] of configFiles) {
-            if (!data.plugins)
-                continue;
-            data.plugins = data.plugins.filter(p => p !== plugin.specifier);
-            saveConfigTo(path, data);
-        }
-        plugins.delete(plugin.name);
-    });
-    axiumPlugin
-        .command('init')
-        .alias('setup')
-        .alias('install')
-        .description('Initialize a plugin. This could include adding tables to the database or linking routes.')
-        .addOption(opts.timeout)
-        .addOption(opts.check)
-        .argument('<plugin>', 'the plugin to initialize')
-        .action(async (search) => {
-        const env_4 = { stack: [], error: void 0, hasError: false };
-        try {
-            const plugin = _findPlugin(search);
-            if (!plugin)
-                io.exit(`Can't find a plugin matching "${search}"`);
-            const _ = __addDisposableResource(env_4, db.connect(), true);
-            const info = db.getUpgradeInfo();
-            const exclude = Object.keys(info.current);
-            if (exclude.includes(plugin.name))
-                io.exit('Plugin is already initialized (database)');
-            const schema = db.schema.getFull({ exclude });
-            const delta = db.delta.compute({ tables: {}, indexes: {} }, schema);
-            if (db.delta.isEmpty(delta)) {
-                io.info('Plugin does not define any database schema.');
-                return;
-            }
-            for (const text of db.delta.display(delta))
-                console.log(text);
-            await rlConfirm();
-            await db.delta.apply(delta);
-            Object.assign(info.current, schema.versions);
-            db.setUpgradeInfo(info);
-        }
-        catch (e_4) {
-            env_4.error = e_4;
-            env_4.hasError = true;
-        }
-        finally {
-            const result_3 = __disposeResources(env_4);
-            if (result_3)
-                await result_3;
-        }
-    });
-    axiumApps = program.command('apps').description('Manage Axium apps').addOption(opts.global);
-    axiumApps
-        .command('list')
-        .alias('ls')
-        .description('List apps added by plugins')
-        .option('-l, --long', 'use the long listing format')
-        .option('-b, --builtin', 'include built-in apps')
-        .action(opt => {
-        if (!apps.size) {
-            console.log('No apps.');
-            return;
-        }
-        if (!opt.long) {
-            console.log(Array.from(apps.values().map(app => app.name)).join(', '));
-            return;
-        }
-        console.log(styleText('whiteBright', apps.size + ' app(s) loaded:'));
-        for (const app of apps.values()) {
-            console.log(app.name, styleText('dim', `(${app.id})`));
-        }
-    });
-    argUserLookup = new Argument('<user>', 'the UUID or email of the user to operate on').argParser(lookupUser);
-    program
-        .command('user')
-        .description('Get or change information about a user')
-        .addArgument(argUserLookup)
-        .option('-S, --sessions', 'show user sessions')
-        .option('-P, --passkeys', 'show user passkeys')
-        .option('--add-role <role...>', 'add roles to the user')
-        .option('--remove-role <role...>', 'remove roles from the user')
-        .option('--tag <tag...>', 'Add tags to the user')
-        .option('--untag <tag...>', 'Remove tags from the user')
-        .option('--delete', 'Delete the user')
-        .option('--suspend', 'Suspend the user')
-        .addOption(new Option('--unsuspend', 'Un-suspend the user').conflicts('suspend'))
-        .action(async (_user, opt) => {
-        let user = await _user;
-        const [updatedRoles, roles, rolesDiff] = diffUpdate(user.roles, opt.addRole, opt.removeRole);
-        const [updatedTags, tags, tagsDiff] = diffUpdate(user.tags, opt.tag, opt.untag);
-        const changeSuspend = (opt.suspend || opt.unsuspend) && user.isSuspended != (opt.suspend ?? !opt.unsuspend);
-        if (updatedRoles || updatedTags || changeSuspend) {
-            user = await db.database
-                .updateTable('users')
+            .catch(e => io.exit('Failed to update user: ' + e.message));
+    }
+    if (opt.delete) {
+        const confirmed = await rl
+            .question(`Are you sure you want to delete ${userText(user, true)}? (y/N) `)
+            .then(v => z.stringbool().parseAsync(v))
+            .catch(() => false);
+        if (!confirmed)
+            console.log(styleText('dim', '> Delete aborted.'));
+        else
+            await db.database
+                .deleteFrom('users')
                 .where('id', '=', user.id)
-                .set({ roles, tags, isSuspended: !changeSuspend ? user.isSuspended : (opt.suspend ?? !opt.unsuspend) })
-                .returningAll()
                 .executeTakeFirstOrThrow()
-                .then(u => {
-                if (updatedRoles && rolesDiff)
-                    console.log(`> Updated roles: ${rolesDiff}`);
-                if (updatedTags && tagsDiff)
-                    console.log(`> Updated tags: ${tagsDiff}`);
-                if (changeSuspend)
-                    console.log(opt.suspend ? '> Suspended' : '> Un-suspended');
-                return u;
-            })
-                .catch(e => io.exit('Failed to update user: ' + e.message));
-        }
-        if (opt.delete) {
-            const confirmed = await rl
-                .question(`Are you sure you want to delete ${userText(user, true)}? (y/N) `)
-                .then(v => z.stringbool().parseAsync(v))
-                .catch(() => false);
-            if (!confirmed)
-                console.log(styleText('dim', '> Delete aborted.'));
-            else
-                await db.database
-                    .deleteFrom('users')
-                    .where('id', '=', user.id)
-                    .executeTakeFirstOrThrow()
-                    .then(() => console.log(styleText(['red', 'bold'], '> Deleted')))
-                    .catch(e => io.exit('Failed to delete user: ' + e.message));
-        }
-        console.log([
-            user.isSuspended && styleText('yellowBright', 'Suspended'),
-            user.isAdmin && styleText('redBright', 'Administrator'),
-            'UUID: ' + user.id,
-            'Name: ' + user.name,
-            `Email: ${user.email}, ${user.emailVerified ? 'verified on ' + formatDateRange(user.emailVerified) : styleText(config.auth.email_verification ? 'yellow' : 'dim', 'not verified')}`,
-            'Registered ' + formatDateRange(user.registeredAt),
-            `Roles: ${user.roles.length ? user.roles.join(', ') : styleText('dim', '(none)')}`,
-            `Tags: ${user.tags.length ? user.tags.join(', ') : styleText('dim', '(none)')}`,
-        ]
-            .filter(v => v)
-            .join('\n'));
-        if (opt.sessions) {
-            const sessions = await db.database.selectFrom('sessions').where('userId', '=', user.id).selectAll().execute();
-            console.log(styleText('bold', 'Sessions:'));
-            if (!sessions.length)
-                console.log(styleText('dim', '(none)'));
-            else
-                for (const session of sessions) {
-                    console.log(`\t${session.id}\tcreated ${formatDateRange(session.created).padEnd(40)}\texpires ${formatDateRange(session.expires).padEnd(40)}\t${session.elevated ? styleText('yellow', '(elevated)') : ''}`);
-                }
-        }
-        if (opt.passkeys) {
-            const passkeys = await db.database.selectFrom('passkeys').where('userId', '=', user.id).selectAll().execute();
-            console.log(styleText('bold', 'Passkeys:'));
-            for (const passkey of passkeys) {
-                console.log(`\t${passkey.id}: created ${formatDateRange(passkey.createdAt).padEnd(40)} used ${passkey.counter} times. ${passkey.deviceType}, ${passkey.backedUp ? '' : 'not '}backed up; transports are [${passkey.transports.join(', ')}], ${passkey.name ? 'named ' + JSON.stringify(passkey.name) : 'unnamed'}.`);
+                .then(() => console.log(styleText(['red', 'bold'], '> Deleted')))
+                .catch(e => io.exit('Failed to delete user: ' + e.message));
+    }
+    console.log([
+        user.isSuspended && styleText('yellowBright', 'Suspended'),
+        user.isAdmin && styleText('redBright', 'Administrator'),
+        'UUID: ' + user.id,
+        'Name: ' + user.name,
+        `Email: ${user.email}, ${user.emailVerified ? 'verified on ' + formatDateRange(user.emailVerified) : styleText(config.auth.email_verification ? 'yellow' : 'dim', 'not verified')}`,
+        'Registered ' + formatDateRange(user.registeredAt),
+        `Roles: ${user.roles.length ? user.roles.join(', ') : styleText('dim', '(none)')}`,
+        `Tags: ${user.tags.length ? user.tags.join(', ') : styleText('dim', '(none)')}`,
+    ]
+        .filter(v => v)
+        .join('\n'));
+    if (opt.sessions) {
+        const sessions = await db.database.selectFrom('sessions').where('userId', '=', user.id).selectAll().execute();
+        console.log(styleText('bold', 'Sessions:'));
+        if (!sessions.length)
+            console.log(styleText('dim', '(none)'));
+        else
+            for (const session of sessions) {
+                console.log(`\t${session.id}\tcreated ${formatDateRange(session.created).padEnd(40)}\texpires ${formatDateRange(session.expires).padEnd(40)}\t${session.elevated ? styleText('yellow', '(elevated)') : ''}`);
             }
+    }
+    if (opt.passkeys) {
+        const passkeys = await db.database.selectFrom('passkeys').where('userId', '=', user.id).selectAll().execute();
+        console.log(styleText('bold', 'Passkeys:'));
+        for (const passkey of passkeys) {
+            console.log(`\t${passkey.id}: created ${formatDateRange(passkey.createdAt).padEnd(40)} used ${passkey.counter} times. ${passkey.deviceType}, ${passkey.backedUp ? '' : 'not '}backed up; transports are [${passkey.transports.join(', ')}], ${passkey.name ? 'named ' + JSON.stringify(passkey.name) : 'unnamed'}.`);
         }
+    }
+});
+program
+    .command('toggle-admin')
+    .description('Toggle whether a user is an administrator')
+    .addArgument(argUserLookup)
+    .action(async (_user) => {
+    const user = await _user;
+    const isAdmin = !user.isAdmin;
+    await db.database.updateTable('users').set({ isAdmin }).where('id', '=', user.id).executeTakeFirstOrThrow();
+    await audit('admin_change', undefined, { user: user.id });
+    console.log(`${userText(user)} is ${isAdmin ? 'now' : 'no longer'} an administrator. (${styleText(['whiteBright', 'bold'], isAdmin.toString())})`);
+});
+program
+    .command('status')
+    .alias('stats')
+    .description('Get information about the server')
+    .action(async () => {
+    console.log('Axium Server v' + $pkg.version);
+    console.log(styleText('whiteBright', 'Debug mode:'), config.debug ? styleText('yellow', 'enabled') : 'disabled');
+    const configFiles = config.files.keys().toArray();
+    console.log(styleText('whiteBright', 'Loaded config files:'), styleText(['dim', 'bold'], `(${configFiles.length})`), configFiles.join(', '));
+    outputDaemonStatus('axium');
+    process.stdout.write(styleText('whiteBright', 'Database: '));
+    try {
+        console.log(await db.statText());
+    }
+    catch {
+        console.log(styleText('red', 'Unavailable'));
+    }
+    console.log(styleText('whiteBright', 'Loaded plugins:'), styleText(['dim', 'bold'], `(${plugins.size || 'none'})`), Array.from(plugins.keys()).join(', '));
+    for (const plugin of plugins.values()) {
+        if (!plugin._hooks?.statusText)
+            continue;
+        const text = await plugin._hooks?.statusText();
+        console.log(styleText('bold', plugin.name), plugin.version + ':', text.includes('\n') ? '\n' + text : text);
+    }
+});
+program
+    .command('ports')
+    .description('Enable or disable use of restricted ports (e.g. 443)')
+    .addArgument(new Argument('<action>', 'The action to take').choices(_portActions))
+    .addOption(new Option('-m, --method <method>', 'the method to use').choices(_portMethods).default('node-cap'))
+    .option('-N, --node <path>', 'the path to the node binary')
+    .action(async (action, opt) => {
+    await restrictedPorts({ ...opt, action });
+});
+program
+    .command('init')
+    .description('Install Axium server')
+    .addOption(opts.force)
+    .addOption(opts.check)
+    .option('-s, --skip', 'Skip already initialized steps', false)
+    .action(async (opt) => {
+    await db.init(opt);
+    await dbInitTables();
+    await restrictedPorts({ method: 'node-cap', action: 'enable' });
+});
+program
+    .command('serve')
+    .description('Start the Axium server')
+    .option('-p, --port <port>', 'the port to listen on', Number.parseInt, config.web.port)
+    .option('--ssl <prefix>', 'the prefix for the cert.pem and key.pem SSL files')
+    .option('-b, --build <path>', 'the path to the handler build')
+    .action(async (opt) => {
+    if (opt.port < 1 || opt.port > 65535)
+        io.exit('Invalid port');
+    const server = await serve({
+        secure: opt.ssl ? true : config.web.secure,
+        ssl_cert: opt.ssl ? join(opt.ssl, 'cert.pem') : config.web.ssl_cert,
+        ssl_key: opt.ssl ? join(opt.ssl, 'key.pem') : config.web.ssl_key,
+        build: opt.build ? resolve(opt.build) : config.web.build,
     });
-    program
-        .command('toggle-admin')
-        .description('Toggle whether a user is an administrator')
-        .addArgument(argUserLookup)
-        .action(async (_user) => {
-        const user = await _user;
-        const isAdmin = !user.isAdmin;
-        await db.database.updateTable('users').set({ isAdmin }).where('id', '=', user.id).executeTakeFirstOrThrow();
-        await audit('admin_change', undefined, { user: user.id });
-        console.log(`${userText(user)} is ${isAdmin ? 'now' : 'no longer'} an administrator. (${styleText(['whiteBright', 'bold'], isAdmin.toString())})`);
+    logger.attach(createWriteStream(join(dirs.at(-1), 'server.log')), { output: allLogLevels });
+    db.connect();
+    await db.clean({});
+    // eslint-disable-next-line @typescript-eslint/no-misused-promises
+    process.on('beforeExit', () => db.database.destroy());
+    server.listen(opt.port, () => {
+        console.log('Server is listening on port ' + opt.port);
     });
-    program
-        .command('status')
-        .alias('stats')
-        .description('Get information about the server')
-        .action(async () => {
-        console.log('Axium Server v' + $pkg.version);
-        console.log(styleText('whiteBright', 'Debug mode:'), config.debug ? styleText('yellow', 'enabled') : 'disabled');
-        const configFiles = config.files.keys().toArray();
-        console.log(styleText('whiteBright', 'Loaded config files:'), styleText(['dim', 'bold'], `(${configFiles.length})`), configFiles.join(', '));
-        outputDaemonStatus('axium');
-        process.stdout.write(styleText('whiteBright', 'Database: '));
-        try {
-            console.log(await db.statText());
-        }
-        catch {
-            console.log(styleText('red', 'Unavailable'));
-        }
-        console.log(styleText('whiteBright', 'Loaded plugins:'), styleText(['dim', 'bold'], `(${plugins.size || 'none'})`), Array.from(plugins.keys()).join(', '));
-        for (const plugin of plugins.values()) {
-            if (!plugin._hooks?.statusText)
+});
+program
+    .command('link')
+    .description('Link routes provided by plugins and the server')
+    .addOption(new Option('-l, --list', 'list route links').conflicts('delete'))
+    .option('-d, --delete', 'delete route links')
+    .argument('[name...]', 'List of plugin names to operate on. If not specified, operates on all plugins and built-in routes.')
+    .action(async function axium_link(names) {
+    const opt = this.optsWithGlobals();
+    const linkOpts = { only: names };
+    if (opt.list) {
+        for (const link of listRouteLinks(linkOpts)) {
+            const idText = link.id.startsWith('#') ? `(${link.id.slice(1)})` : link.id;
+            const fromColor = await access(link.from)
+                .then(() => 'cyanBright')
+                .catch(() => 'redBright');
+            console.log(`${idText}:\t ${styleText(fromColor, link.from)}\t->\t${link.to.replace(/.*\/node_modules\//, styleText('dim', '$&'))}`);
+        }
+        return;
+    }
+    if (opt.delete) {
+        unlinkRoutes(linkOpts);
+        return;
+    }
+    io.start('Linking routes');
+    linkRoutes(linkOpts);
+    io.done();
+    io.start('Writing web client hooks for plugins');
+    writePluginHooks();
+    io.done();
+});
+program
+    .command('audit')
+    .description('View audit logs')
+    .option('-x, --extra', 'Include the extra object when listing events')
+    .option('-t, --include-tags', 'Include tags when listing events')
+    .addOption(new Option('-s, --summary', 'Summarize audit log entries instead of displaying individual ones').conflicts(['extra', 'includeTags']))
+    .optionsGroup('Filters:')
+    .option('--since <date>', 'Filter for events since a date')
+    .option('--until <date>', 'Filter for events until a date')
+    .option('--user <uuid|null>', 'Filter for events triggered by a user')
+    .addOption(new Option('--severity <level>', 'Filter for events at or above a severity level').choices(severityNames))
+    .option('--source <source>', 'Filter by source')
+    .option('--tag <tag...>', 'Filter by tag(s)')
+    .option('--event <event>', 'Filter by event name')
+    .action(async (opt) => {
+    const filter = await AuditFilter.parseAsync(opt).catch(e => io.exit('Invalid filter: ' + z.prettifyError(e)));
+    const events = await getEvents(filter).execute();
+    if (opt.summary) {
+        const groups = Object.groupBy(events, e => e.severity);
+        const maxGroupLength = Math.max(...Object.values(groups).map(g => g.length.toString().length), 0);
+        for (const [severity, group] of Object.entries(groups)) {
+            if (!group?.length)
                 continue;
-            const text = await plugin._hooks?.statusText();
-            console.log(styleText('bold', plugin.name), plugin.version + ':', text.includes('\n') ? '\n' + text : text);
+            console.log(styleText('white', group.length.toString().padStart(maxGroupLength)), styleSeverity(severity, true), 'events. Latest occurred', group.at(-1).timestamp.toLocaleString());
         }
-    });
-    program
-        .command('ports')
-        .description('Enable or disable use of restricted ports (e.g. 443)')
-        .addArgument(new Argument('<action>', 'The action to take').choices(_portActions))
-        .addOption(new Option('-m, --method <method>', 'the method to use').choices(_portMethods).default('node-cap'))
-        .option('-N, --node <path>', 'the path to the node binary')
-        .action(async (action, opt) => {
-        await restrictedPorts({ ...opt, action }).catch(io.exit);
-    });
-    program
-        .command('init')
-        .description('Install Axium server')
-        .addOption(opts.force)
-        .addOption(opts.check)
-        .option('-s, --skip', 'Skip already initialized steps', false)
-        .action(async (opt) => {
-        await db.init(opt).catch(io.exit);
-        await dbInitTables().catch(io.exit);
-        await restrictedPorts({ method: 'node-cap', action: 'enable' }).catch(io.exit);
-    });
-    program
-        .command('serve')
-        .description('Start the Axium server')
-        .option('-p, --port <port>', 'the port to listen on', Number.parseInt, config.web.port)
-        .option('--ssl <prefix>', 'the prefix for the cert.pem and key.pem SSL files')
-        .option('-b, --build <path>', 'the path to the handler build')
-        .action(async (opt) => {
-        if (opt.port < 1 || opt.port > 65535)
-            io.exit('Invalid port');
-        const server = await serve({
-            secure: opt.ssl ? true : config.web.secure,
-            ssl_cert: opt.ssl ? join(opt.ssl, 'cert.pem') : config.web.ssl_cert,
-            ssl_key: opt.ssl ? join(opt.ssl, 'key.pem') : config.web.ssl_key,
-            build: opt.build ? resolve(opt.build) : config.web.build,
-        });
-        logger.attach(createWriteStream(join(dirs.at(-1), 'server.log')), { output: allLogLevels });
-        db.connect();
-        await db.clean({});
-        // eslint-disable-next-line @typescript-eslint/no-misused-promises
-        process.on('beforeExit', () => db.database.destroy());
-        server.listen(opt.port, () => {
-            console.log('Server is listening on port ' + opt.port);
-        });
-    });
-    program
-        .command('link')
-        .description('Link routes provided by plugins and the server')
-        .addOption(new Option('-l, --list', 'list route links').conflicts('delete'))
-        .option('-d, --delete', 'delete route links')
-        .argument('[name...]', 'List of plugin names to operate on. If not specified, operates on all plugins and built-in routes.')
-        .action(async function axium_link(names) {
-        const opt = this.optsWithGlobals();
-        const linkOpts = { only: names };
-        if (opt.list) {
-            for (const link of listRouteLinks(linkOpts)) {
-                const idText = link.id.startsWith('#') ? `(${link.id.slice(1)})` : link.id;
-                const fromColor = await access(link.from)
-                    .then(() => 'cyanBright')
-                    .catch(() => 'redBright');
-                console.log(`${idText}:\t ${styleText(fromColor, link.from)}\t->\t${link.to.replace(/.*\/node_modules\//, styleText('dim', '$&'))}`);
-            }
-            return;
+        return;
+    }
+    let maxSource = 0, maxName = 0, maxTags = 0, maxExtra = 0;
+    for (const event of events) {
+        maxSource = Math.max(maxSource, event.source.length);
+        maxName = Math.max(maxName, event.name.length);
+        event._tags = !event.tags.length
+            ? ''
+            : opt.includeTags
+                ? '# ' + event.tags.join(', ')
+                : `(${event.tags.length} tag${event.tags.length == 1 ? '' : 's'})`;
+        maxTags = Math.max(maxTags, event._tags.length);
+        const extraKeys = Object.keys(event.extra);
+        event._extra = !extraKeys.length ? '' : opt.extra ? JSON.stringify(event.extra) : '+' + extraKeys.length;
+        maxExtra = Math.max(maxExtra, event._extra.length);
+    }
+    for (const event of events) {
+        console.log(styleSeverity(event.severity, true), styleText('dim', io.prettyDate(event.timestamp)), event.source.padEnd(maxSource), styleText('whiteBright', event.name.padEnd(maxName)), styleText('gray', event._tags.padEnd(maxTags)), 'by', event.userId ? event.userId : styleText(['dim', 'italic'], 'unknown'.padEnd(36)), styleText('blue', event._extra));
+    }
+});
+program
+    .command('build')
+    .description('Create the Vite build for the server')
+    .option('--show-garbage-output', 'Show all output from the build process')
+    .option('-s, --diagnostics', 'Show build time and bundle size')
+    .option('-m, --no-minify', 'Whether to use minification')
+    .action(async (options) => {
+    io.start('Building');
+    const { time, size } = await build(options);
+    io.done();
+    if (options.diagnostics) {
+        console.log('Took', styleText('blueBright', formatMs(time)), 'with a bundle size of', styleText('blueBright', formatBytes(size)));
+    }
+});
+program
+    .command('develop')
+    .alias('dev')
+    .description('Develop with axium')
+    .argument('[dir]', 'The project directory', searchForWorkspaceRoot(process.cwd()))
+    .option('-g, --git', 'Use .gitignore to ignore files (can improve performance)')
+    .action(async (dir, opts) => {
+    let buildId = 0, server;
+    logger.attach(createWriteStream(join(dirs.at(-1), 'server.log')), { output: allLogLevels });
+    db.connect();
+    await db.clean({});
+    // eslint-disable-next-line @typescript-eslint/no-misused-promises
+    process.on('beforeExit', () => db.database.destroy());
+    async function rebuild() {
+        server?.close();
+        process.stdout.clearLine(0);
+        process.stdout.cursorTo(0);
+        io.start('Building');
+        const { time } = await build({ minify: false });
+        buildId++;
+        process.stdout.clearLine(0);
+        process.stdout.cursorTo(0);
+        server = await serve(config.web);
+        server.listen(config.web.port);
+        process.stdout.write(`Build #${buildId} finished in ${formatMs(time)}`);
+    }
+    const ignore = ['node_modules', '.git'];
+    try {
+        if (!opts.git)
+            throw null;
+        const gitignore = readFileSync(join(dir, '.gitignore'), 'utf8');
+        for (const rawLine of gitignore.split('\n')) {
+            const line = rawLine.trim();
+            if (!line || line[0] == '#')
+                continue;
+            ignore.push(line);
         }
-        if (opt.delete) {
-            unlinkRoutes(linkOpts);
-            return;
+    }
+    catch {
+        // It's fine if we don't have a .gitignore
+    }
+    io.debug('Watching', dir);
+    await rebuild();
+    try {
+        for await (const _event of watch(dir, { recursive: true, ignore })) {
+            // @todo see if we can be more efficient based on event data
+            await rebuild();
         }
-        linkRoutes(linkOpts);
-        writePluginHooks();
-    });
-    program
-        .command('audit')
-        .description('View audit logs')
-        .option('-x, --extra', 'Include the extra object when listing events')
-        .option('-t, --include-tags', 'Include tags when listing events')
-        .addOption(new Option('-s, --summary', 'Summarize audit log entries instead of displaying individual ones').conflicts(['extra', 'includeTags']))
-        .optionsGroup('Filters:')
-        .option('--since <date>', 'Filter for events since a date')
-        .option('--until <date>', 'Filter for events until a date')
-        .option('--user <uuid|null>', 'Filter for events triggered by a user')
-        .addOption(new Option('--severity <level>', 'Filter for events at or above a severity level').choices(severityNames))
-        .option('--source <source>', 'Filter by source')
-        .option('--tag <tag...>', 'Filter by tag(s)')
-        .option('--event <event>', 'Filter by event name')
-        .action(async (opt) => {
-        const filter = await AuditFilter.parseAsync(opt).catch(e => io.exit('Invalid filter: ' + z.prettifyError(e)));
-        const events = await getEvents(filter).execute();
-        if (opt.summary) {
-            const groups = Object.groupBy(events, e => e.severity);
-            const maxGroupLength = Math.max(...Object.values(groups).map(g => g.length.toString().length), 0);
-            for (const [severity, group] of Object.entries(groups)) {
-                if (!group?.length)
-                    continue;
-                console.log(styleText('white', group.length.toString().padStart(maxGroupLength)), styleSeverity(severity, true), 'events. Latest occurred', group.at(-1).timestamp.toLocaleString());
-            }
+    }
+    catch (err) {
+        if (err.name === 'AbortError')
             return;
-        }
-        let maxSource = 0, maxName = 0, maxTags = 0, maxExtra = 0;
-        for (const event of events) {
-            maxSource = Math.max(maxSource, event.source.length);
-            maxName = Math.max(maxName, event.name.length);
-            event._tags = !event.tags.length
-                ? ''
-                : opt.includeTags
-                    ? '# ' + event.tags.join(', ')
-                    : `(${event.tags.length} tag${event.tags.length == 1 ? '' : 's'})`;
-            maxTags = Math.max(maxTags, event._tags.length);
-            const extraKeys = Object.keys(event.extra);
-            event._extra = !extraKeys.length ? '' : opt.extra ? JSON.stringify(event.extra) : '+' + extraKeys.length;
-            maxExtra = Math.max(maxExtra, event._extra.length);
-        }
-        for (const event of events) {
-            console.log(styleSeverity(event.severity, true), styleText('dim', io.prettyDate(event.timestamp)), event.source.padEnd(maxSource), styleText('whiteBright', event.name.padEnd(maxName)), styleText('gray', event._tags.padEnd(maxTags)), 'by', event.userId ? event.userId : styleText(['dim', 'italic'], 'unknown'.padEnd(36)), styleText('blue', event._extra));
-        }
-    });
+        throw err;
+    }
+});
+try {
     await program.parseAsync();
 }
-catch (e_1) {
-    env_1.error = e_1;
-    env_1.hasError = true;
-}
-finally {
-    __disposeResources(env_1);
+catch (e) {
+    if (typeof e == 'number')
+        process.exit(e);
+    io.exit(e);
 }