@base44-preview/cli 0.0.50-pr.481.773d5d4 → 0.0.50-pr.482.7d46c5c

package/dist/cli/index.js

@@ -219926,8 +219926,7 @@ var theme = {
     bold: source_default.bold,
     dim: source_default.dim,
     error: source_default.red,
-    warn: source_default.yellow,
-    info: source_default.cyan
+    warn: source_default.yellow
   },
   format: {
     errorContext(ctx) {
@@ -235042,8 +235041,8 @@ var TOKEN_REFRESH_BUFFER_MS = 60 * 1000;
 var refreshPromise = null;
 async function readAuth() {
   try {
-    const authData = await readJsonFile(getAuthFilePath());
-    const result = AuthDataSchema.safeParse(authData);
+    const parsed = await readJsonFile(getAuthFilePath());
+    const result = AuthDataSchema.safeParse(parsed);
     if (!result.success) {
       throw new SchemaValidationError("Invalid authentication data", result.error, getAuthFilePath());
     }
@@ -242595,11 +242594,51 @@ var EntityAutomationSchema = AutomationBaseSchema.extend({
   entity_name: exports_external.string().min(1, "Entity name cannot be empty"),
   event_types: exports_external.array(exports_external.enum(["create", "update", "delete"])).min(1, "At least one event type is required")
 });
+var KnownConditionOperators = [
+  "equals",
+  "not_equals",
+  "gt",
+  "gte",
+  "lt",
+  "lte",
+  "contains",
+  "not_contains",
+  "starts_with",
+  "ends_with",
+  "in_list",
+  "not_in_list",
+  "exists",
+  "not_exists",
+  "is_empty",
+  "is_not_empty"
+];
+var ConditionOperatorSchema = exports_external.union([
+  exports_external.enum(KnownConditionOperators),
+  exports_external.string().min(1)
+]);
+var TriggerConditionSchema = exports_external.object({
+  field: exports_external.string().min(1),
+  operator: ConditionOperatorSchema,
+  value: exports_external.unknown().nullable().optional()
+});
+var TriggerLogicSchema = exports_external.enum(["and", "or"]);
+var TriggerConditionGroupSchema = exports_external.lazy(() => exports_external.object({
+  logic: TriggerLogicSchema.optional(),
+  conditions: exports_external.array(exports_external.union([TriggerConditionSchema, TriggerConditionGroupSchema])).min(1)
+}));
+var ConnectorAutomationSchema = AutomationBaseSchema.extend({
+  type: exports_external.literal("connector"),
+  integration_type: IntegrationTypeSchema,
+  events: exports_external.array(exports_external.string()),
+  resource_id: exports_external.string().nullable().optional(),
+  trigger_conditions: TriggerConditionGroupSchema.nullable().optional()
+});
 var AutomationSchema = exports_external.union([
   ScheduledOneTimeSchema,
   ScheduledCronSchema,
   ScheduledSimpleSchema,
-  EntityAutomationSchema
+  EntityAutomationSchema,
+  ConnectorAutomationSchema
 ]);
 var FunctionConfigSchema = exports_external.object({
   name: FunctionNameSchema,
@@ -243211,12 +243250,10 @@ var package_default = {
     "@types/ejs": "^3.1.5",
     "@types/express": "^5.0.6",
     "@types/json-schema": "^7.0.15",
-    "@types/jsonwebtoken": "^9.0.10",
     "@types/lodash": "^4.17.24",
     "@types/multer": "^2.0.0",
     "@types/node": "^22.10.5",
     "@vercel/detect-agent": "^1.1.0",
-    outdent: "^0.8.0",
     chalk: "^5.6.2",
     chokidar: "^5.0.0",
     commander: "^12.1.0",
@@ -243231,7 +243268,6 @@ var package_default = {
     globby: "^16.1.0",
     "http-proxy-middleware": "^3.0.5",
     "json-schema-to-typescript": "^15.0.4",
-    jsonwebtoken: "^9.0.3",
     json5: "^2.2.3",
     ky: "^1.14.2",
     lodash: "^4.17.23",
@@ -243247,7 +243283,6 @@ var package_default = {
     typescript: "^5.7.2",
     vitest: "^4.0.16",
     yaml: "^2.8.2",
-    qs: "^6.12.3",
     zod: "^4.3.5"
   },
   engines: {
@@ -252760,12 +252795,9 @@ function getTypesCommand() {
   return new Command("types").description("Manage TypeScript type generation").addCommand(getTypesGenerateCommand());
 }
 
-// src/cli/commands/dev.ts
-import process21 from "node:process";
-
 // src/cli/dev/dev-server/main.ts
 var import_cors = __toESM(require_lib4(), 1);
-var import_express6 = __toESM(require_express(), 1);
+var import_express5 = __toESM(require_express(), 1);
 import { dirname as dirname16, join as join23 } from "node:path";
 
 // ../../node_modules/get-port/index.js
@@ -253329,9 +253361,7 @@ class Validator {
 }
 
 // src/cli/dev/dev-server/db/database.ts
-var PRIVATE_COLLECTION_PREFIX = "$";
 var USER_COLLECTION = "user";
-var PRIVATE_USER_COLLECTION = PRIVATE_COLLECTION_PREFIX + USER_COLLECTION;
 
 class Database {
   collections = new Map;
@@ -253353,7 +253383,6 @@ class Database {
     this.schemas.set(USER_COLLECTION, this.buildUserSchema(userEntity));
     const collection = new import_nedb.default;
     this.collections.set(USER_COLLECTION, collection);
-    this.collections.set(PRIVATE_USER_COLLECTION, new import_nedb.default);
     const userInfo = await readAuth();
     const now = getNowISOTimestamp();
     await collection.insertAsync({
@@ -253394,13 +253423,8 @@ class Database {
   getCollection(name2) {
     return this.collections.get(this.normalizeName(name2));
   }
-  getSchema(entityName) {
-    return this.schemas.get(this.normalizeName(entityName));
-  }
   getCollectionNames() {
-    return Array.from(this.collections.keys()).filter((name2) => {
-      return !name2.startsWith(PRIVATE_COLLECTION_PREFIX);
-    });
+    return Array.from(this.collections.keys());
   }
   dropAll() {
     for (const collection of this.collections.values()) {
@@ -253464,339 +253488,15 @@ function broadcastEntityEvent(io6, appId, entityName, event) {
   });
 }
 
-// src/cli/dev/dev-server/routes/auth-router.ts
-var import_express2 = __toESM(require_express(), 1);
-var import_jsonwebtoken = __toESM(require_jsonwebtoken(), 1);
-import { randomInt } from "node:crypto";
-var LOCAL_DEV_SECRET = "LOCAL_DEV_SECRET";
-var generateCode = () => {
-  return randomInt(1e5, 1e6).toString();
-};
-var createJwtToken = (email3) => {
-  return import_jsonwebtoken.default.sign({ sub: email3 }, LOCAL_DEV_SECRET, {
-    expiresIn: "360d"
-  });
-};
-var LoginBody = object({ email: email2(), password: string2() });
-var VerifyOtpBody = object({ email: email2(), otp_code: string2() });
-function createAuthRouter(db2, logger2) {
-  const router = import_express2.Router({ mergeParams: true });
-  const parseBody = import_express2.json();
-  router.post("/login", parseBody, async (req, res) => {
-    const { email: email3, password } = LoginBody.parse(req.body);
-    const result = await db2.getCollection(USER_COLLECTION)?.findOneAsync({ email: email3 });
-    if (result) {
-      const privateUserData = await db2.getCollection(PRIVATE_USER_COLLECTION)?.findOneAsync({ email: email3 });
-      if (result.role === "admin" || privateUserData?.password === password) {
-        res.json({
-          access_token: createJwtToken(email3),
-          success: true,
-          user: {}
-        });
-      } else {
-        res.status(400).json({
-          detail: "Invalid email or password",
-          error_type: "HTTPException",
-          message: "Invalid email or password",
-          request_id: null,
-          traceback: ""
-        });
-      }
-      return;
-    }
-    res.status(401).json({ error: "Unauthorized" });
-  });
-  router.post("/register", parseBody, async (req, res) => {
-    const { email: email3, password } = LoginBody.parse(req.body);
-    if ((password || "").length < 8) {
-      res.status(400).json({
-        detail: "Password must be at least 8 characters long",
-        error_type: "HTTPException",
-        message: "Password must be at least 8 characters long",
-        request_id: null,
-        traceback: ""
-      });
-      return;
-    }
-    const result = await db2.getCollection(USER_COLLECTION)?.findOneAsync({ email: email3 });
-    if (result) {
-      res.status(400).json({
-        detail: "A user with this email already exists",
-        error_type: "HTTPException",
-        message: "A user with this email already exists",
-        request_id: null,
-        traceback: ""
-      });
-      return;
-    }
-    const privateUserCollection = db2.getCollection(PRIVATE_USER_COLLECTION);
-    const privateUserData = await privateUserCollection?.findOneAsync({
-      email: email3
-    });
-    const otpCode = generateCode();
-    const id2 = privateUserData ? privateUserData.id : nanoid3();
-    if (!privateUserData) {
-      await privateUserCollection?.insertAsync({
-        id: id2,
-        email: email3,
-        otpCode,
-        password,
-        createdAt: Date.now()
-      });
-    } else {
-      await privateUserCollection?.updateAsync({
-        email: email3
-      }, {
-        $set: {
-          otpCode,
-          createdAt: Date.now()
-        }
-      });
-    }
-    logger2.log(theme.styles.info(`
-In order to complete registration use this verification code: ${otpCode}
-`));
-    res.json({
-      id: id2,
-      message: "Registration successful. Please check your email for the verification code.",
-      otp_expires_in_minutes: 10
-    });
-  });
-  router.post("/verify-otp", parseBody, async (req, res) => {
-    const { email: email3, otp_code } = VerifyOtpBody.parse(req.body);
-    const privateUserCollection = db2.getCollection(PRIVATE_USER_COLLECTION);
-    const privateUserData = await privateUserCollection?.findOneAsync({
-      email: email3
-    });
-    if (privateUserData && privateUserData.otpCode === otp_code) {
-      if (+Date.now() - privateUserData.createdAt < 10 * 60 * 1000) {
-        await privateUserCollection?.updateAsync({
-          email: email3
-        }, {
-          $unset: { otpCode: true }
-        });
-        const collection = db2.getCollection(USER_COLLECTION);
-        const now = getNowISOTimestamp();
-        const nameFromEmailMatch = /^([^@]+)/.exec(email3);
-        const fullName = nameFromEmailMatch ? nameFromEmailMatch[1] : email3;
-        await collection?.insertAsync({
-          id: privateUserData.id,
-          email: email3,
-          full_name: fullName,
-          is_service: false,
-          is_verified: true,
-          disabled: null,
-          role: "user",
-          collaborator_role: "editor",
-          created_date: now,
-          updated_date: now
-        });
-        res.json({
-          id: privateUserData.id,
-          access_token: createJwtToken(email3),
-          message: "Email verified successfully. You are now logged in.",
-          success: true
-        });
-      } else {
-        res.status(400).json({
-          detail: "Verification code has expired",
-          error_type: "HTTPException",
-          message: "Verification code has expired",
-          request_id: null,
-          traceback: ""
-        });
-      }
-    } else {
-      const appId = req.params.appId;
-      res.status(500).json({
-        detail: `{'email': '${email3}', 'app_id': '${appId}}'} -> Object not found`,
-        error_type: "ObjectNotFoundError",
-        message: `{'email': '${email3}', 'app_id': '${appId}}'} -> Object not found`,
-        request_id: null,
-        traceback: ""
-      });
-    }
-  });
-  return router;
-}
-
 // src/cli/dev/dev-server/routes/entities/entities-router.ts
-var import_express4 = __toESM(require_express(), 1);
-var import_jsonwebtoken3 = __toESM(require_jsonwebtoken(), 1);
-
-// src/cli/dev/dev-server/db/rls.ts
-function resolveTemplate(value, user) {
-  return value.replace(/\{\{user\.([\w.]+)\}\}/g, (_match, path18) => {
-    if (path18.startsWith("data.")) {
-      return String(user[path18.slice(5)] ?? "");
-    }
-    return String(user[path18] ?? "");
-  });
-}
-function getRecordField(key2, record2) {
-  if (key2.startsWith("data.")) {
-    return record2[key2.slice(5)];
-  }
-  return record2[key2];
-}
-function evaluateOperator(recordValue, operator) {
-  for (const [op2, opValue] of Object.entries(operator)) {
-    switch (op2) {
-      case "$in":
-        if (!Array.isArray(opValue) || !opValue.includes(recordValue))
-          return false;
-        break;
-      case "$nin":
-        if (Array.isArray(opValue) && opValue.includes(recordValue))
-          return false;
-        break;
-      case "$ne":
-        if (recordValue === opValue)
-          return false;
-        break;
-      case "$all":
-        if (!Array.isArray(recordValue) || !Array.isArray(opValue))
-          return false;
-        if (!opValue.every((v10) => recordValue.includes(v10)))
-          return false;
-        break;
-    }
-  }
-  return true;
-}
-function evaluateUserCondition(condition, user) {
-  for (const [key2, expected] of Object.entries(condition)) {
-    const userValue = key2.startsWith("data.") ? user[key2.slice(5)] : user[key2];
-    if (typeof expected === "object" && expected !== null) {
-      if (!evaluateOperator(userValue, expected))
-        return false;
-    } else {
-      if (userValue !== expected)
-        return false;
-    }
-  }
-  return true;
-}
-function evaluateCondition(condition, record2, user) {
-  for (const [key2, value] of Object.entries(condition)) {
-    if (key2 === "user_condition") {
-      if (!evaluateUserCondition(value, user))
-        return false;
-      continue;
-    }
-    if (key2 === "$or") {
-      const conditions = value;
-      if (!conditions.some((c8) => evaluateCondition(c8, record2, user)))
-        return false;
-      continue;
-    }
-    if (key2 === "$and") {
-      const conditions = value;
-      if (!conditions.every((c8) => evaluateCondition(c8, record2, user)))
-        return false;
-      continue;
-    }
-    if (key2 === "$nor") {
-      const conditions = value;
-      if (conditions.some((c8) => evaluateCondition(c8, record2, user)))
-        return false;
-      continue;
-    }
-    const recordValue = getRecordField(key2, record2);
-    const resolvedValue = typeof value === "string" ? resolveTemplate(value, user) : value;
-    if (typeof resolvedValue === "object" && resolvedValue !== null) {
-      if (!evaluateOperator(recordValue, resolvedValue))
-        return false;
-    } else {
-      if (recordValue !== resolvedValue)
-        return false;
-    }
-  }
-  return true;
-}
-function checkRLS(rule, record2, user) {
-  if (rule === undefined)
-    return true;
-  if (typeof rule === "boolean")
-    return rule;
-  if (!user)
-    return false;
-  return evaluateCondition(rule, record2, user);
-}
-function applyFLS(record2, schema10, user, operation) {
-  const result = {};
-  for (const [key2, value] of Object.entries(record2)) {
-    const rule = schema10.properties[key2]?.rls?.[operation];
-    if (!rule || checkRLS(rule, record2, user)) {
-      result[key2] = value;
-    }
-  }
-  return result;
-}
-
-// src/cli/dev/dev-server/db/entity-queries.ts
-function parseSort(sort) {
-  if (!sort) {
-    return;
-  }
-  if (sort.startsWith("-")) {
-    return { [sort.slice(1)]: -1 };
-  }
-  return { [sort]: 1 };
-}
-function parseFields(fields) {
-  if (!fields) {
-    return;
-  }
-  const projection = {};
-  for (const field of fields.split(",")) {
-    const trimmed = field.trim();
-    if (trimmed) {
-      projection[trimmed] = 1;
-    }
-  }
-  return Object.keys(projection).length > 0 ? projection : undefined;
-}
-var queryEntity = async (collection, reqQuery) => {
-  const { sort, limit, skip: skip2, fields, q: q13 } = reqQuery;
-  let query = {};
-  if (q13 && typeof q13 === "string") {
-    try {
-      query = JSON.parse(q13);
-    } catch {
-      throw new InvalidInputError("Invalid query parameter 'q'");
-    }
-  }
-  let cursor3 = collection.findAsync(query);
-  const sortObj = parseSort(sort);
-  if (sortObj) {
-    cursor3 = cursor3.sort(sortObj);
-  }
-  if (skip2) {
-    const skipNum = Number.parseInt(skip2, 10);
-    if (!Number.isNaN(skipNum)) {
-      cursor3 = cursor3.skip(skipNum);
-    }
-  }
-  if (limit) {
-    const limitNum = Number.parseInt(limit, 10);
-    if (!Number.isNaN(limitNum)) {
-      cursor3 = cursor3.limit(limitNum);
-    }
-  }
-  const projection = parseFields(fields);
-  if (projection) {
-    cursor3 = cursor3.projection(projection);
-  }
-  return cursor3;
-};
+var import_express3 = __toESM(require_express(), 1);
 
 // src/cli/dev/dev-server/routes/entities/entities-user-router.ts
-var import_express3 = __toESM(require_express(), 1);
-var import_jsonwebtoken2 = __toESM(require_jsonwebtoken(), 1);
+var import_express2 = __toESM(require_express(), 1);
+var import_jsonwebtoken = __toESM(require_jsonwebtoken(), 1);
 function createUserRouter(db2, logger2) {
-  const router = import_express3.Router({ mergeParams: true });
-  const parseBody = import_express3.json();
+  const router = import_express2.Router({ mergeParams: true });
+  const parseBody = import_express2.json();
   function withAuth(handler) {
     return async (req, res) => {
       const auth2 = req.headers.authorization;
@@ -253805,13 +253505,13 @@ function createUserRouter(db2, logger2) {
         return;
       }
       try {
-        const { payload } = import_jsonwebtoken2.default.decode(auth2.replace("Bearer ", ""), { complete: true }) ?? {};
-        const currentUser = await db2.getCollection(USER_COLLECTION)?.findOneAsync({ email: payload?.sub });
-        if (!currentUser) {
+        const { payload } = import_jsonwebtoken.default.decode(auth2.replace("Bearer ", ""), { complete: true }) ?? {};
+        const result = await db2.getCollection(USER_COLLECTION)?.findOneAsync({ email: payload?.sub });
+        if (!result) {
           res.status(404).json({ error: "Unable to read data for the current user" });
           return;
         }
-        await handler(req, res, currentUser);
+        await handler(req, res, result);
       } catch {
         res.status(401).json({ error: "Unauthorized" });
       }
@@ -253838,28 +253538,6 @@ function createUserRouter(db2, logger2) {
       ...req.body
     });
   }));
-  router.get("/", withAuth(async (req, res, currentUser) => {
-    const collection = db2.getCollection(USER_COLLECTION);
-    if (!collection) {
-      res.status(404).json({ error: `Entity "${USER_COLLECTION}" not found` });
-      return;
-    }
-    try {
-      if (currentUser.role === "admin") {
-        const result = await queryEntity(collection, req.query);
-        res.json(stripInternalFields(result));
-      } else {
-        res.json([stripInternalFields(currentUser)]);
-      }
-    } catch (error48) {
-      if (error48 instanceof InvalidInputError) {
-        res.status(400).json({ error: error48.message });
-      } else {
-        logger2.error(`Error in GET /${USER_COLLECTION}:`, error48);
-        res.status(500).json({ error: "Internal server error" });
-      }
-    }
-  }));
   router.post("/bulk", async (_req, res) => {
     res.json({});
   });
@@ -253909,9 +253587,31 @@ function createUserRouter(db2, logger2) {
 }
 
 // src/cli/dev/dev-server/routes/entities/entities-router.ts
+function parseSort(sort) {
+  if (!sort) {
+    return;
+  }
+  if (sort.startsWith("-")) {
+    return { [sort.slice(1)]: -1 };
+  }
+  return { [sort]: 1 };
+}
+function parseFields(fields) {
+  if (!fields) {
+    return;
+  }
+  const projection = {};
+  for (const field of fields.split(",")) {
+    const trimmed = field.trim();
+    if (trimmed) {
+      projection[trimmed] = 1;
+    }
+  }
+  return Object.keys(projection).length > 0 ? projection : undefined;
+}
 async function createEntityRoutes(db2, logger2, broadcast) {
-  const router = import_express4.Router({ mergeParams: true });
-  const parseBody = import_express4.json();
+  const router = import_express3.Router({ mergeParams: true });
+  const parseBody = import_express3.json();
   function withCollection(handler) {
     return async (req, res) => {
       const collection = db2.getCollection(req.params.entityName);
@@ -253919,13 +253619,7 @@ async function createEntityRoutes(db2, logger2, broadcast) {
         res.status(404).json({ error: `Entity "${req.params.entityName}" not found` });
         return;
       }
-      let currentUser;
-      try {
-        const auth2 = req.headers.authorization || "";
-        const { payload } = import_jsonwebtoken3.default.decode(auth2.replace("Bearer ", ""), { complete: true }) ?? {};
-        currentUser = await db2.getCollection(USER_COLLECTION)?.findOneAsync({ email: payload?.sub });
-      } catch {}
-      await handler(req, res, collection, currentUser);
+      await handler(req, res, collection);
     };
   }
   function emit(appId, entityName, type, data) {
@@ -253945,7 +253639,7 @@ async function createEntityRoutes(db2, logger2, broadcast) {
   }
   const userRouter = createUserRouter(db2, logger2);
   router.use("/User", userRouter);
-  router.get("/:entityName/:id", withCollection(async (req, res, collection, currentUser) => {
+  router.get("/:entityName/:id", withCollection(async (req, res, collection) => {
     const { entityName, id: id2 } = req.params;
     try {
       const doc2 = await collection.findOneAsync({ id: id2 });
@@ -253953,70 +253647,63 @@ async function createEntityRoutes(db2, logger2, broadcast) {
         res.status(404).json({ error: `Record with id "${id2}" not found` });
         return;
       }
-      const schema10 = db2.getSchema(entityName);
-      if (!checkRLS(schema10?.rls?.read, doc2, currentUser)) {
-        res.status(403).json({ error: "Permission denied" });
-        return;
-      }
-      let result = stripInternalFields(doc2);
-      if (schema10) {
-        result = applyFLS(result, schema10, currentUser, "read");
-      }
-      res.json(result);
+      res.json(stripInternalFields(doc2));
     } catch (error48) {
       logger2.error(`Error in GET /${entityName}/${id2}:`, error48);
       res.status(500).json({ error: "Internal server error" });
     }
   }));
-  router.get("/:entityName", withCollection(async (req, res, collection, currentUser) => {
+  router.get("/:entityName", withCollection(async (req, res, collection) => {
     const { entityName } = req.params;
     try {
-      const schema10 = db2.getSchema(entityName);
-      if (schema10?.rls?.read === false) {
-        res.json([]);
-        return;
+      const { sort, limit, skip: skip2, fields, q: q13 } = req.query;
+      let query = {};
+      if (q13 && typeof q13 === "string") {
+        try {
+          query = JSON.parse(q13);
+        } catch {
+          res.status(400).json({ error: "Invalid query parameter 'q'" });
+          return;
+        }
       }
-      let results = stripInternalFields(await queryEntity(collection, req.query));
-      if (schema10?.rls?.read && schema10.rls.read !== true) {
-        results = results.filter((doc2) => checkRLS(schema10.rls.read, doc2, currentUser));
+      let cursor3 = collection.findAsync(query);
+      const sortObj = parseSort(sort);
+      if (sortObj) {
+        cursor3 = cursor3.sort(sortObj);
       }
-      if (schema10) {
-        results = results.map((doc2) => applyFLS(doc2, schema10, currentUser, "read"));
+      if (skip2) {
+        const skipNum = Number.parseInt(skip2, 10);
+        if (!Number.isNaN(skipNum)) {
+          cursor3 = cursor3.skip(skipNum);
+        }
       }
-      res.json(results);
-    } catch (error48) {
-      if (error48 instanceof InvalidInputError) {
-        res.status(400).json({ error: error48.message });
-      } else {
-        logger2.error(`Error in GET /${entityName}:`, error48);
-        res.status(500).json({ error: "Internal server error" });
+      if (limit) {
+        const limitNum = Number.parseInt(limit, 10);
+        if (!Number.isNaN(limitNum)) {
+          cursor3 = cursor3.limit(limitNum);
+        }
+      }
+      const projection = parseFields(fields);
+      if (projection) {
+        cursor3 = cursor3.projection(projection);
       }
+      const docs = await cursor3;
+      res.json(stripInternalFields(docs));
+    } catch (error48) {
+      logger2.error(`Error in GET /${entityName}:`, error48);
+      res.status(500).json({ error: "Internal server error" });
     }
   }));
-  router.post("/:entityName", parseBody, withCollection(async (req, res, collection, currentUser) => {
+  router.post("/:entityName", parseBody, withCollection(async (req, res, collection) => {
     const { appId, entityName } = req.params;
     try {
       const now = new Date().toISOString();
       const { _id, ...body } = req.body;
-      const schema10 = db2.getSchema(entityName);
-      if (!checkRLS(schema10?.rls?.create, {
-        ...body,
-        created_by: currentUser?.email,
-        created_by_id: currentUser?.id
-      }, currentUser)) {
-        res.status(403).json({ error: "Permission denied" });
-        return;
-      }
-      let filteredBody = db2.prepareRecord(entityName, body);
-      if (schema10) {
-        filteredBody = applyFLS(filteredBody, schema10, currentUser, "write");
-      }
+      const filteredBody = db2.prepareRecord(entityName, body);
       db2.validate(entityName, filteredBody);
       const record2 = {
         ...filteredBody,
         id: nanoid3(),
-        created_by: currentUser?.email,
-        created_by_id: currentUser?.id,
         created_date: now,
         updated_date: now
       };
@@ -254032,7 +253719,7 @@ async function createEntityRoutes(db2, logger2, broadcast) {
       res.status(500).json({ error: "Internal server error" });
     }
   }));
-  router.post("/:entityName/bulk", parseBody, withCollection(async (req, res, collection, currentUser) => {
+  router.post("/:entityName/bulk", parseBody, withCollection(async (req, res, collection) => {
     const { appId, entityName } = req.params;
     if (!Array.isArray(req.body)) {
       res.status(400).json({ error: "Request body must be an array" });
@@ -254040,27 +253727,13 @@ async function createEntityRoutes(db2, logger2, broadcast) {
     }
     try {
       const now = new Date().toISOString();
-      const schema10 = db2.getSchema(entityName);
       const records = [];
       for (const record2 of req.body) {
-        if (!checkRLS(schema10?.rls?.create, {
-          ...record2,
-          created_by: currentUser?.email,
-          created_by_id: currentUser?.id
-        }, currentUser)) {
-          res.status(403).json({ error: "Permission denied" });
-          return;
-        }
-        let filteredRecord = db2.prepareRecord(entityName, record2);
-        if (schema10) {
-          filteredRecord = applyFLS(filteredRecord, schema10, currentUser, "write");
-        }
+        const filteredRecord = db2.prepareRecord(entityName, record2);
         db2.validate(entityName, filteredRecord);
         records.push({
           ...filteredRecord,
           id: nanoid3(),
-          created_by: currentUser?.email,
-          created_by_id: currentUser?.id,
           created_date: now,
           updated_date: now
         });
@@ -254077,26 +253750,11 @@ async function createEntityRoutes(db2, logger2, broadcast) {
       res.status(500).json({ error: "Internal server error" });
     }
   }));
-  router.put("/:entityName/:id", parseBody, withCollection(async (req, res, collection, currentUser) => {
+  router.put("/:entityName/:id", parseBody, withCollection(async (req, res, collection) => {
     const { appId, entityName, id: id2 } = req.params;
     const { id: _id, created_date: _created_date, ...body } = req.body;
     try {
-      const schema10 = db2.getSchema(entityName);
-      if (schema10?.rls?.update !== undefined) {
-        const existing = await collection.findOneAsync({ id: id2 });
-        if (!existing) {
-          res.status(404).json({ error: `Record with id "${id2}" not found` });
-          return;
-        }
-        if (!checkRLS(schema10.rls.update, existing, currentUser)) {
-          res.status(403).json({ error: "Permission denied" });
-          return;
-        }
-      }
-      let filteredBody = db2.prepareRecord(entityName, body, true);
-      if (schema10) {
-        filteredBody = applyFLS(filteredBody, schema10, currentUser, "write");
-      }
+      const filteredBody = db2.prepareRecord(entityName, body, true);
       db2.validate(entityName, filteredBody, true);
       const updateData = {
         ...filteredBody,
@@ -254119,48 +253777,30 @@ async function createEntityRoutes(db2, logger2, broadcast) {
       res.status(500).json({ error: "Internal server error" });
     }
   }));
-  router.delete("/:entityName/:id", withCollection(async (req, res, collection, currentUser) => {
+  router.delete("/:entityName/:id", withCollection(async (req, res, collection) => {
     const { appId, entityName, id: id2 } = req.params;
     try {
       const doc2 = await collection.findOneAsync({ id: id2 });
-      if (!doc2) {
+      const numRemoved = await collection.removeAsync({ id: id2 }, { multi: false });
+      if (numRemoved === 0) {
         res.status(404).json({ error: `Record with id "${id2}" not found` });
         return;
       }
-      const schema10 = db2.getSchema(entityName);
-      if (!checkRLS(schema10?.rls?.delete, doc2, currentUser)) {
-        res.status(403).json({ error: "Permission denied" });
-        return;
+      if (doc2) {
+        emit(appId, entityName, "delete", stripInternalFields(doc2));
       }
-      await collection.removeAsync({ id: id2 }, { multi: false });
-      emit(appId, entityName, "delete", stripInternalFields(doc2));
       res.json({ success: true });
     } catch (error48) {
       logger2.error(`Error in DELETE /${entityName}/${id2}:`, error48);
       res.status(500).json({ error: "Internal server error" });
     }
   }));
-  router.delete("/:entityName", parseBody, withCollection(async (req, res, collection, currentUser) => {
+  router.delete("/:entityName", parseBody, withCollection(async (req, res, collection) => {
     const { entityName } = req.params;
     try {
       const query = req.body || {};
-      const schema10 = db2.getSchema(entityName);
-      const rlsDelete = schema10?.rls?.delete;
-      if (rlsDelete !== undefined && rlsDelete !== true) {
-        if (rlsDelete === false) {
-          res.status(403).json({ error: "Permission denied" });
-          return;
-        }
-        const docs = await collection.findAsync(query);
-        const allowedIds = docs.filter((doc2) => checkRLS(rlsDelete, doc2, currentUser)).map((doc2) => doc2.id);
-        const numRemoved = await collection.removeAsync({ id: { $in: allowedIds } }, { multi: true });
-        res.json({ success: true, deleted: numRemoved });
-      } else {
-        const numRemoved = await collection.removeAsync(query, {
-          multi: true
-        });
-        res.json({ success: true, deleted: numRemoved });
-      }
+      const numRemoved = await collection.removeAsync(query, { multi: true });
+      res.json({ success: true, deleted: numRemoved });
     } catch (error48) {
       logger2.error(`Error in DELETE /${entityName}:`, error48);
       res.status(500).json({ error: "Internal server error" });
@@ -254170,7 +253810,7 @@ async function createEntityRoutes(db2, logger2, broadcast) {
 }
 
 // src/cli/dev/dev-server/routes/integrations.ts
-var import_express5 = __toESM(require_express(), 1);
+var import_express4 = __toESM(require_express(), 1);
 var import_multer = __toESM(require_multer(), 1);
 import { createHash, randomUUID as randomUUID4 } from "node:crypto";
 import fs28 from "node:fs";
@@ -254179,8 +253819,8 @@ function createFileToken(fileUri) {
   return createHash("sha256").update(fileUri).digest("hex");
 }
 function createIntegrationRoutes(mediaFilesDir, baseUrl, remoteProxy, logger2) {
-  const router = import_express5.Router({ mergeParams: true });
-  const parseBody = import_express5.json();
+  const router = import_express4.Router({ mergeParams: true });
+  const parseBody = import_express4.json();
   const privateFilesDir = path18.join(mediaFilesDir, "private");
   fs28.mkdirSync(mediaFilesDir, { recursive: true });
   fs28.mkdirSync(privateFilesDir, { recursive: true });
@@ -254250,7 +253890,7 @@ function createIntegrationRoutes(mediaFilesDir, baseUrl, remoteProxy, logger2) {
   return router;
 }
 function createCustomIntegrationRoutes(remoteProxy, logger2) {
-  const router = import_express5.Router({ mergeParams: true });
+  const router = import_express4.Router({ mergeParams: true });
   router.post("/:slug/:operationId", (req, res, next) => {
     logger2.warn(`"${req.originalUrl}" is not supported in local development, passing call to production`);
     req.url = req.originalUrl;
@@ -255963,7 +255603,7 @@ async function createDevServer(options8) {
   const port = userPort ?? await getPorts({ port: DEFAULT_PORT });
   const baseUrl = `http://localhost:${port}`;
   const { functions, entities, project: project2 } = await options8.loadResources();
-  const app = import_express6.default();
+  const app = import_express5.default();
   const remoteProxy = import_http_proxy_middleware2.createProxyMiddleware({
     target: BASE44_APP_URL,
     changeOrigin: true
@@ -255995,8 +255635,6 @@ async function createDevServer(options8) {
   let emitEntityEvent = () => {};
   const entityRoutes = await createEntityRoutes(db2, devLogger, (...args) => emitEntityEvent(...args));
   app.use("/api/apps/:appId/entities", entityRoutes);
-  const authRouter = createAuthRouter(db2, devLogger);
-  app.use("/api/apps/:appId/auth", authRouter);
   const { path: mediaFilesDir } = await $dir();
   app.use("/media/private/:fileUri", (req, res, next) => {
     const { fileUri } = req.params;
@@ -256016,15 +255654,13 @@ async function createDevServer(options8) {
     }
     next();
   });
-  app.use("/media", import_express6.default.static(mediaFilesDir));
+  app.use("/media", import_express5.default.static(mediaFilesDir));
   const integrationRoutes = createIntegrationRoutes(mediaFilesDir, baseUrl, remoteProxy, devLogger);
   app.use("/api/apps/:appId/integration-endpoints", integrationRoutes);
   const customIntegrationRoutes = createCustomIntegrationRoutes(remoteProxy, devLogger);
   app.use("/api/apps/:appId/integrations/custom", customIntegrationRoutes);
   app.use((req, res, next) => {
-    if (!req.originalUrl.endsWith("analytics/track/batch")) {
-      devLogger.warn(`"${req.originalUrl}" is not supported in local development, passing call to production`);
-    }
+    devLogger.warn(`"${req.originalUrl}" is not supported in local development, passing call to production`);
     remoteProxy(req, res, next);
   });
   const server = await new Promise((resolve8, reject) => {
@@ -256095,7 +255731,6 @@ async function devAction({ log }, options8) {
   const { port: resolvedPort } = await createDevServer({
     log,
     port,
-    cwd: process21.cwd(),
     denoWrapperPath: getDenoWrapperPath(),
     loadResources: async () => {
       const { functions, entities, project: project2 } = await readProjectConfig();
@@ -260603,4 +260238,4 @@ export {
   CLIExitError
 };
 
-//# debugId=FF5639434B8FD38C64756E2164756E21
+//# debugId=4CE71B78B25F696A64756E2164756E21