@beeblock/svelar 0.4.0

package/dist/permissions/index.d.ts

@@ -0,0 +1,161 @@
+/**
+ * Svelar Permissions
+ *
+ * Spatie-inspired roles & permissions system. Provides:
+ * - Role model with permissions assignment
+ * - Permission model
+ * - HasRoles trait (mixin) for any model
+ * - RequirePermission / RequireRole middleware
+ * - Default migrations for roles, permissions, and pivot tables
+ *
+ * @example
+ * ```ts
+ * import { Permission, Role, HasRoles } from 'svelar/permissions';
+ *
+ * // Models are auto-configured after migrations run
+ * const admin = await Role.create({ name: 'admin', guard: 'web' });
+ * const perm = await Permission.create({ name: 'manage-users', guard: 'web' });
+ *
+ * await admin.givePermission(perm);
+ *
+ * // On a user model:
+ * class User extends HasRoles(Model) { ... }
+ *
+ * await user.assignRole('admin');
+ * await user.givePermission('edit-posts');
+ *
+ * user.hasRole('admin');            // true
+ * user.hasPermission('manage-users'); // true (via admin role)
+ * user.can('edit-posts');             // true (direct permission)
+ * ```
+ */
+import { Middleware, type MiddlewareContext, type NextFunction } from '../middleware/Middleware.js';
+export interface PermissionRecord {
+    id: number;
+    name: string;
+    guard: string;
+    description?: string;
+    created_at?: string;
+    updated_at?: string;
+}
+export interface RoleRecord {
+    id: number;
+    name: string;
+    guard: string;
+    description?: string;
+    created_at?: string;
+    updated_at?: string;
+}
+declare class PermissionManager {
+    private connectionGetter?;
+    /**
+     * Configure the database connection for permissions
+     */
+    configure(getConnection: () => Promise<any>): void;
+    private db;
+    createPermission(data: {
+        name: string;
+        guard?: string;
+        description?: string;
+    }): Promise<PermissionRecord>;
+    findPermission(name: string, guard?: string): Promise<PermissionRecord | null>;
+    findPermissionById(id: number): Promise<PermissionRecord | null>;
+    allPermissions(guard?: string): Promise<PermissionRecord[]>;
+    deletePermission(name: string, guard?: string): Promise<void>;
+    createRole(data: {
+        name: string;
+        guard?: string;
+        description?: string;
+    }): Promise<RoleRecord>;
+    findRole(name: string, guard?: string): Promise<RoleRecord | null>;
+    findRoleById(id: number): Promise<RoleRecord | null>;
+    allRoles(guard?: string): Promise<RoleRecord[]>;
+    deleteRole(name: string, guard?: string): Promise<void>;
+    giveRolePermission(roleId: number, permissionId: number): Promise<void>;
+    revokeRolePermission(roleId: number, permissionId: number): Promise<void>;
+    getRolePermissions(roleId: number): Promise<PermissionRecord[]>;
+    roleHasPermission(roleId: number, permissionName: string): Promise<boolean>;
+    assignRole(modelType: string, modelId: number, roleId: number): Promise<void>;
+    removeRole(modelType: string, modelId: number, roleId: number): Promise<void>;
+    getModelRoles(modelType: string, modelId: number): Promise<RoleRecord[]>;
+    modelHasRole(modelType: string, modelId: number, roleName: string): Promise<boolean>;
+    giveModelPermission(modelType: string, modelId: number, permissionId: number): Promise<void>;
+    revokeModelPermission(modelType: string, modelId: number, permissionId: number): Promise<void>;
+    getModelDirectPermissions(modelType: string, modelId: number): Promise<PermissionRecord[]>;
+    /**
+     * Get ALL permissions for a model (direct + via roles)
+     */
+    getModelAllPermissions(modelType: string, modelId: number): Promise<PermissionRecord[]>;
+    /**
+     * Check if a model has a permission (direct or via role)
+     */
+    modelHasPermission(modelType: string, modelId: number, permissionName: string): Promise<boolean>;
+    /**
+     * Sync roles for a model (remove all, then assign new ones)
+     */
+    syncRoles(modelType: string, modelId: number, roleNames: string[], guard?: string): Promise<void>;
+    /**
+     * Sync permissions for a model (remove all direct, then assign new ones)
+     */
+    syncPermissions(modelType: string, modelId: number, permissionNames: string[], guard?: string): Promise<void>;
+}
+/**
+ * Mixin that adds role & permission methods to any Model class.
+ *
+ * @example
+ * ```ts
+ * class User extends HasRoles(Model) {
+ *   static table = 'users';
+ *   // ...
+ * }
+ *
+ * const user = await User.find(1);
+ * await user.assignRole('admin');
+ * await user.givePermission('manage-users');
+ *
+ * console.log(await user.hasRole('admin')); // true
+ * console.log(await user.can('manage-users')); // true
+ * ```
+ */
+type Constructor = new (...args: any[]) => any;
+export interface HasRolesInstance {
+    readonly _modelType: string;
+    readonly _modelId: number;
+    assignRole(roleName: string, guard?: string): Promise<void>;
+    removeRole(roleName: string, guard?: string): Promise<void>;
+    hasRole(roleName: string, guard?: string): Promise<boolean>;
+    givePermission(permissionName: string, guard?: string): Promise<void>;
+    revokePermission(permissionName: string, guard?: string): Promise<void>;
+    hasPermission(permissionName: string, guard?: string): Promise<boolean>;
+    can(permissionName: string, guard?: string): Promise<boolean>;
+    getRoles(): Promise<RoleRecord[]>;
+    getAllPermissions(): Promise<PermissionRecord[]>;
+    getDirectPermissions(): Promise<PermissionRecord[]>;
+}
+export declare function HasRoles<TBase extends Constructor>(Base: TBase): TBase & (new (...args: any[]) => HasRolesInstance);
+/**
+ * Middleware that requires a specific permission
+ */
+export declare class RequirePermissionMiddleware extends Middleware {
+    private permission;
+    constructor(permission: string);
+    handle(ctx: MiddlewareContext, next: NextFunction): Promise<Response | void>;
+}
+/**
+ * Middleware that requires a specific role
+ */
+export declare class RequireRoleMiddleware extends Middleware {
+    private role;
+    constructor(role: string);
+    handle(ctx: MiddlewareContext, next: NextFunction): Promise<Response | void>;
+}
+/**
+ * SQL statements for creating the permissions tables.
+ * These are database-agnostic and work with SQLite, PostgreSQL, and MySQL.
+ */
+export declare const PERMISSIONS_MIGRATION_SQL: {
+    up: string[];
+    down: string[];
+};
+export declare const Permissions: PermissionManager;
+export {};

package/dist/permissions/index.js

@@ -0,0 +1,60 @@
+var T=Object.defineProperty;var E=(c,e)=>()=>(c&&(e=c(c=0)),e);var P=(c,e)=>{for(var s in e)T(c,s,{get:e[s],enumerable:!0})};function p(c,e){let s=Symbol.for(c),t=globalThis;return t[s]||(t[s]=e()),t[s]}var h=E(()=>{"use strict"});var R={};P(R,{Connection:()=>b});var g,b,y=E(()=>{"use strict";h();g=class{connections=new Map;config=null;defaultName="default";configure(e){this.config=e,this.defaultName=e.default}async connection(e){let s=e??this.defaultName;if(this.connections.has(s))return this.connections.get(s).drizzle;if(!this.config)throw new Error("Database not configured. Call Connection.configure() first, or register DatabaseServiceProvider.");let t=this.config.connections[s];if(!t)throw new Error(`Database connection "${s}" is not defined in configuration.`);let n=await this.createConnection(t);return this.connections.set(s,n),n.drizzle}async rawClient(e){let s=e??this.defaultName;return await this.connection(s),this.connections.get(s).rawClient}async raw(e,s=[],t){let n=await this.connection(t),r=this.getConfig(t);switch(r.driver){case"sqlite":{let i=await this.rawClient(t),a=s.map(l=>typeof l=="boolean"?l?1:0:l instanceof Date?l.toISOString():l),d=i.prepare(e),m=e.trimStart().toUpperCase();return m.startsWith("SELECT")||m.startsWith("PRAGMA")||m.startsWith("WITH")?d.all(...a):d.run(...a)}case"postgres":return(await this.rawClient(t))(e,...s);case"mysql":{let i=await this.rawClient(t),[a]=await i.execute(e,s);return a}default:throw new Error(`Unsupported driver: ${r.driver}`)}}getDriver(e){return this.getConfig(e).driver}getConfig(e){let s=e??this.defaultName;if(!this.config)throw new Error("Database not configured.");let t=this.config.connections[s];if(!t)throw new Error(`Database connection "${s}" is not defined.`);return t}async disconnect(e){if(e){let s=this.connections.get(e);s&&(await this.closeConnection(s),this.connections.delete(e))}else{for(let[s,t]of this.connections)await this.closeConnection(t);this.connections.clear()}}isConnected(e){return this.connections.has(e??this.defaultName)}async transaction(e,s){let t=this.getConfig(s),n=await this.rawClient(s);switch(t.driver){case"sqlite":{n.exec("BEGIN");try{let r=await e();return n.exec("COMMIT"),r}catch(r){throw n.exec("ROLLBACK"),r}}case"postgres":{await n`BEGIN`;try{let r=await e();return await n`COMMIT`,r}catch(r){throw await n`ROLLBACK`,r}}case"mysql":{let r=await n.getConnection();await r.beginTransaction();try{let i=await e();return await r.commit(),r.release(),i}catch(i){throw await r.rollback(),r.release(),i}}default:throw new Error(`Unsupported driver: ${t.driver}`)}}async createConnection(e){switch(e.driver){case"sqlite":return this.createSQLiteConnection(e);case"postgres":return this.createPostgresConnection(e);case"mysql":return this.createMySQLConnection(e);default:throw new Error(`Unsupported database driver: ${e.driver}`)}}async createSQLiteConnection(e){let s=e.filename??e.database??":memory:";try{let t=(await import("better-sqlite3")).default,{drizzle:n}=await import("drizzle-orm/better-sqlite3"),r=new t(s);return r.pragma("journal_mode = WAL"),r.pragma("foreign_keys = ON"),{drizzle:n(r),config:e,rawClient:r}}catch(t){let n;try{n=(await new Function("mod","return import(mod)")("node:sqlite")).DatabaseSync}catch{throw new Error(`No SQLite driver available. Install better-sqlite3 (npm install better-sqlite3) or use Node.js v22+ which includes built-in SQLite support. Original error: ${t instanceof Error?t.message:String(t)}`)}let r=new n(s);r.exec("PRAGMA journal_mode = WAL"),r.exec("PRAGMA foreign_keys = ON");let i={prepare(d){let m=r.prepare(d);return{all(...l){return m.all(...l)},run(...l){return m.run(...l)},get(...l){return m.get(...l)}}},exec(d){r.exec(d)},pragma(d){return r.prepare(`PRAGMA ${d}`).all()},close(){r.close()}},a;try{let{drizzle:d}=await import("drizzle-orm/better-sqlite3");a=d(i)}catch{a=i}return{drizzle:a,config:e,rawClient:i}}}async createPostgresConnection(e){let s=(await import("postgres")).default,{drizzle:t}=await import("drizzle-orm/postgres-js"),n=e.url??`postgres://${e.user}:${e.password}@${e.host??"localhost"}:${e.port??5432}/${e.database}`,r=s(n);return{drizzle:t(r),config:e,rawClient:r}}async createMySQLConnection(e){let s=await import("mysql2/promise"),{drizzle:t}=await import("drizzle-orm/mysql2"),n=s.createPool({host:e.host??"localhost",port:e.port??3306,database:e.database,user:e.user,password:e.password,uri:e.url});return{drizzle:t(n),config:e,rawClient:n}}async closeConnection(e){try{switch(e.config.driver){case"sqlite":e.rawClient.close();break;case"postgres":await e.rawClient.end();break;case"mysql":await e.rawClient.end();break}}catch{}}},b=p("svelar.connection",()=>new g)});var u=class{};h();var w=class{connectionGetter;configure(e){this.connectionGetter=e}async db(){if(this.connectionGetter)return this.connectionGetter();let{Connection:e}=await Promise.resolve().then(()=>(y(),R));return e}async createPermission(e){let s=await this.db(),t=new Date().toISOString(),n=e.guard??"web";return await s.raw("INSERT INTO permissions (name, guard, description, created_at, updated_at) VALUES (?, ?, ?, ?, ?)",[e.name,n,e.description??null,t,t]),(await s.raw("SELECT * FROM permissions WHERE name = ? AND guard = ?",[e.name,n]))[0]}async findPermission(e,s="web"){return(await(await this.db()).raw("SELECT * FROM permissions WHERE name = ? AND guard = ?",[e,s]))[0]??null}async findPermissionById(e){return(await(await this.db()).raw("SELECT * FROM permissions WHERE id = ?",[e]))[0]??null}async allPermissions(e="web"){return(await this.db()).raw("SELECT * FROM permissions WHERE guard = ? ORDER BY name",[e])}async deletePermission(e,s="web"){await(await this.db()).raw("DELETE FROM permissions WHERE name = ? AND guard = ?",[e,s])}async createRole(e){let s=await this.db(),t=new Date().toISOString(),n=e.guard??"web";return await s.raw("INSERT INTO roles (name, guard, description, created_at, updated_at) VALUES (?, ?, ?, ?, ?)",[e.name,n,e.description??null,t,t]),(await s.raw("SELECT * FROM roles WHERE name = ? AND guard = ?",[e.name,n]))[0]}async findRole(e,s="web"){return(await(await this.db()).raw("SELECT * FROM roles WHERE name = ? AND guard = ?",[e,s]))[0]??null}async findRoleById(e){return(await(await this.db()).raw("SELECT * FROM roles WHERE id = ?",[e]))[0]??null}async allRoles(e="web"){return(await this.db()).raw("SELECT * FROM roles WHERE guard = ? ORDER BY name",[e])}async deleteRole(e,s="web"){await(await this.db()).raw("DELETE FROM roles WHERE name = ? AND guard = ?",[e,s])}async giveRolePermission(e,s){let t=await this.db();try{await t.raw("INSERT INTO role_has_permissions (role_id, permission_id) VALUES (?, ?)",[e,s])}catch{}}async revokeRolePermission(e,s){await(await this.db()).raw("DELETE FROM role_has_permissions WHERE role_id = ? AND permission_id = ?",[e,s])}async getRolePermissions(e){return(await this.db()).raw(`SELECT p.* FROM permissions p
+       INNER JOIN role_has_permissions rp ON p.id = rp.permission_id
+       WHERE rp.role_id = ?
+       ORDER BY p.name`,[e])}async roleHasPermission(e,s){return(await(await this.db()).raw(`SELECT 1 FROM role_has_permissions rp
+       INNER JOIN permissions p ON p.id = rp.permission_id
+       WHERE rp.role_id = ? AND p.name = ?`,[e,s])).length>0}async assignRole(e,s,t){let n=await this.db();try{await n.raw("INSERT INTO model_has_roles (model_type, model_id, role_id) VALUES (?, ?, ?)",[e,s,t])}catch{}}async removeRole(e,s,t){await(await this.db()).raw("DELETE FROM model_has_roles WHERE model_type = ? AND model_id = ? AND role_id = ?",[e,s,t])}async getModelRoles(e,s){return(await this.db()).raw(`SELECT r.* FROM roles r
+       INNER JOIN model_has_roles mr ON r.id = mr.role_id
+       WHERE mr.model_type = ? AND mr.model_id = ?
+       ORDER BY r.name`,[e,s])}async modelHasRole(e,s,t){return(await(await this.db()).raw(`SELECT 1 FROM model_has_roles mr
+       INNER JOIN roles r ON r.id = mr.role_id
+       WHERE mr.model_type = ? AND mr.model_id = ? AND r.name = ?`,[e,s,t])).length>0}async giveModelPermission(e,s,t){let n=await this.db();try{await n.raw("INSERT INTO model_has_permissions (model_type, model_id, permission_id) VALUES (?, ?, ?)",[e,s,t])}catch{}}async revokeModelPermission(e,s,t){await(await this.db()).raw("DELETE FROM model_has_permissions WHERE model_type = ? AND model_id = ? AND permission_id = ?",[e,s,t])}async getModelDirectPermissions(e,s){return(await this.db()).raw(`SELECT p.* FROM permissions p
+       INNER JOIN model_has_permissions mp ON p.id = mp.permission_id
+       WHERE mp.model_type = ? AND mp.model_id = ?
+       ORDER BY p.name`,[e,s])}async getModelAllPermissions(e,s){return(await this.db()).raw(`SELECT DISTINCT p.* FROM permissions p
+       LEFT JOIN model_has_permissions mp
+         ON p.id = mp.permission_id AND mp.model_type = ? AND mp.model_id = ?
+       LEFT JOIN role_has_permissions rp ON p.id = rp.permission_id
+       LEFT JOIN model_has_roles mr
+         ON rp.role_id = mr.role_id AND mr.model_type = ? AND mr.model_id = ?
+       WHERE mp.permission_id IS NOT NULL OR mr.role_id IS NOT NULL
+       ORDER BY p.name`,[e,s,e,s])}async modelHasPermission(e,s,t){let n=await this.db();return(await n.raw(`SELECT 1 FROM model_has_permissions mp
+       INNER JOIN permissions p ON p.id = mp.permission_id
+       WHERE mp.model_type = ? AND mp.model_id = ? AND p.name = ?`,[e,s,t])).length>0?!0:(await n.raw(`SELECT 1 FROM model_has_roles mr
+       INNER JOIN role_has_permissions rp ON rp.role_id = mr.role_id
+       INNER JOIN permissions p ON p.id = rp.permission_id
+       WHERE mr.model_type = ? AND mr.model_id = ? AND p.name = ?`,[e,s,t])).length>0}async syncRoles(e,s,t,n="web"){await(await this.db()).raw("DELETE FROM model_has_roles WHERE model_type = ? AND model_id = ?",[e,s]);for(let i of t){let a=await this.findRole(i,n);a&&await this.assignRole(e,s,a.id)}}async syncPermissions(e,s,t,n="web"){await(await this.db()).raw("DELETE FROM model_has_permissions WHERE model_type = ? AND model_id = ?",[e,s]);for(let i of t){let a=await this.findPermission(i,n);a&&await this.giveModelPermission(e,s,a.id)}}};function I(c){class e extends c{get _modelType(){return this.constructor.name||"User"}get _modelId(){return this.id??this.getAttribute?.("id")}async assignRole(t,n="web"){let r=await o.findRole(t,n);if(!r)throw new Error(`Role "${t}" does not exist.`);await o.assignRole(this._modelType,this._modelId,r.id)}async removeRole(t,n="web"){let r=await o.findRole(t,n);r&&await o.removeRole(this._modelType,this._modelId,r.id)}async syncRoles(t,n="web"){await o.syncRoles(this._modelType,this._modelId,t,n)}async hasRole(t){return o.modelHasRole(this._modelType,this._modelId,t)}async hasAnyRole(...t){for(let n of t)if(await this.hasRole(n))return!0;return!1}async hasAllRoles(...t){for(let n of t)if(!await this.hasRole(n))return!1;return!0}async getRoles(){return o.getModelRoles(this._modelType,this._modelId)}async givePermission(t,n="web"){let r=await o.findPermission(t,n);if(!r)throw new Error(`Permission "${t}" does not exist.`);await o.giveModelPermission(this._modelType,this._modelId,r.id)}async revokePermission(t,n="web"){let r=await o.findPermission(t,n);r&&await o.revokeModelPermission(this._modelType,this._modelId,r.id)}async syncPermissions(t,n="web"){await o.syncPermissions(this._modelType,this._modelId,t,n)}async hasPermission(t){return o.modelHasPermission(this._modelType,this._modelId,t)}async can(t){return this.hasPermission(t)}async cannot(t){return!await this.hasPermission(t)}async getAllPermissions(){return o.getModelAllPermissions(this._modelType,this._modelId)}async getDirectPermissions(){return o.getModelDirectPermissions(this._modelType,this._modelId)}}return e}var f=class extends u{constructor(s){super();this.permission=s}async handle(s,t){let n=s.event.locals.user;if(!n)return new Response(JSON.stringify({message:"Unauthenticated"}),{status:401,headers:{"Content-Type":"application/json"}});let r=n.constructor?.name||"User",i=n.id??n.getAttribute?.("id");return await o.modelHasPermission(r,i,this.permission)?t():new Response(JSON.stringify({message:`Missing permission: ${this.permission}`}),{status:403,headers:{"Content-Type":"application/json"}})}},N=class extends u{constructor(s){super();this.role=s}async handle(s,t){let n=s.event.locals.user;if(!n)return new Response(JSON.stringify({message:"Unauthenticated"}),{status:401,headers:{"Content-Type":"application/json"}});let r=n.constructor?.name||"User",i=n.id??n.getAttribute?.("id");return await o.modelHasRole(r,i,this.role)?t():new Response(JSON.stringify({message:`Missing role: ${this.role}`}),{status:403,headers:{"Content-Type":"application/json"}})}},S={up:[`CREATE TABLE IF NOT EXISTS permissions (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      name VARCHAR(255) NOT NULL,
+      guard VARCHAR(255) NOT NULL DEFAULT 'web',
+      description TEXT,
+      created_at DATETIME,
+      updated_at DATETIME,
+      UNIQUE(name, guard)
+    )`,`CREATE TABLE IF NOT EXISTS roles (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      name VARCHAR(255) NOT NULL,
+      guard VARCHAR(255) NOT NULL DEFAULT 'web',
+      description TEXT,
+      created_at DATETIME,
+      updated_at DATETIME,
+      UNIQUE(name, guard)
+    )`,`CREATE TABLE IF NOT EXISTS role_has_permissions (
+      role_id INTEGER NOT NULL,
+      permission_id INTEGER NOT NULL,
+      PRIMARY KEY (role_id, permission_id),
+      FOREIGN KEY (role_id) REFERENCES roles(id) ON DELETE CASCADE,
+      FOREIGN KEY (permission_id) REFERENCES permissions(id) ON DELETE CASCADE
+    )`,`CREATE TABLE IF NOT EXISTS model_has_roles (
+      model_type VARCHAR(255) NOT NULL,
+      model_id INTEGER NOT NULL,
+      role_id INTEGER NOT NULL,
+      PRIMARY KEY (model_type, model_id, role_id),
+      FOREIGN KEY (role_id) REFERENCES roles(id) ON DELETE CASCADE
+    )`,`CREATE TABLE IF NOT EXISTS model_has_permissions (
+      model_type VARCHAR(255) NOT NULL,
+      model_id INTEGER NOT NULL,
+      permission_id INTEGER NOT NULL,
+      PRIMARY KEY (model_type, model_id, permission_id),
+      FOREIGN KEY (permission_id) REFERENCES permissions(id) ON DELETE CASCADE
+    )`],down:["DROP TABLE IF EXISTS model_has_permissions","DROP TABLE IF EXISTS model_has_roles","DROP TABLE IF EXISTS role_has_permissions","DROP TABLE IF EXISTS roles","DROP TABLE IF EXISTS permissions"]},o=p("svelar.permissions",()=>new w);export{I as HasRoles,S as PERMISSIONS_MIGRATION_SQL,o as Permissions,f as RequirePermissionMiddleware,N as RequireRoleMiddleware};

package/dist/plugins/BootstrapPlugins.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Svelar Bootstrap Plugins
+ *
+ * Auto-discovers and boots enabled plugins at app startup.
+ */
+import type { Container } from '../container/Container.js';
+/**
+ * Bootstrap plugins from the plugin registry
+ * Loads enabled plugins from configuration and boots them
+ */
+export declare function bootstrapPlugins(app: Container, enabledPlugins?: string[]): Promise<void>;

package/dist/plugins/PluginInstaller.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Svelar Plugin Installer
+ *
+ * Handles installing plugins from npm and wiring them up.
+ */
+import { type PublishResult } from './PluginPublisher.js';
+export interface InstallResult {
+    success: boolean;
+    pluginName: string;
+    version: string;
+    published: PublishResult | null;
+    error?: string;
+}
+declare class PluginInstallerService {
+    /**
+     * Install a plugin package and register it
+     */
+    install(packageName: string, options?: {
+        publish?: boolean;
+    }): Promise<InstallResult>;
+    /**
+     * Uninstall a plugin
+     */
+    uninstall(pluginName: string): Promise<boolean>;
+    private runNpmInstall;
+    private runNpmUninstall;
+    private loadPluginClass;
+}
+export declare const PluginInstaller: PluginInstallerService;
+export {};

package/dist/plugins/PluginInstaller.js

@@ -0,0 +1 @@
+var b=(u=>typeof require<"u"?require:typeof Proxy<"u"?new Proxy(u,{get:(s,e)=>(typeof require<"u"?require:s)[e]}):u)(function(u){if(typeof require<"u")return require.apply(this,arguments);throw Error('Dynamic require of "'+u+'" is not supported')});function f(u,s){let e=Symbol.for(u),i=globalThis;return i[e]||(i[e]=s()),i[e]}var y=class{plugins=new Map;enabledPlugins=new Set;async discover(){let{join:s}=await import("path"),{existsSync:e,readdirSync:i}=await import("fs"),{readFile:c}=await import("fs/promises"),o=[],t=s(process.cwd(),"node_modules");if(!e(t))return o;try{let p=i(t,{withFileTypes:!0});for(let l of p){if(!l.isDirectory())continue;let g=l.name;if(g.startsWith("."))continue;let a=g.startsWith("svelar-");if(!a)continue;let d=s(t,g,"package.json");if(e(d))try{let n=await c(d,"utf-8"),r=JSON.parse(n),m=r.keywords?.includes("svelar-plugin");if(!a&&!m)continue;let h={name:r.name||g,version:r.version||"0.0.0",description:r.description||"",packageName:g,installed:!0,enabled:!1,hasConfig:!!r.svelar?.config,hasMigrations:!!r.svelar?.migrations};o.push(h),this.plugins.set(h.name,h)}catch{}}}catch{}return o}enable(s){let e=this.plugins.get(s);if(!e)throw new Error(`Plugin "${s}" not found in registry.`);this.enabledPlugins.add(s),e.enabled=!0}disable(s){this.enabledPlugins.delete(s);let e=this.plugins.get(s);e&&(e.enabled=!1)}isEnabled(s){return this.enabledPlugins.has(s)}list(){return[...this.plugins.values()]}listEnabled(){return[...this.plugins.values()].filter(s=>this.enabledPlugins.has(s.name))}get(s){return this.plugins.get(s)}register(s){this.plugins.set(s.name,s)}},w=f("svelar.pluginRegistry",()=>new y);var P=class{async publish(s,e){let{mkdir:i,copyFile:c}=await import("fs/promises"),{join:o,dirname:t}=await import("path"),{existsSync:p}=await import("fs"),l={configs:[],migrations:[],assets:[]},g=s.publishables?.()||{};for(let[a,d]of Object.entries(g))for(let n of d){if(e?.only&&n.type!==e.only)continue;let r=o(process.cwd(),n.dest),m=t(r);if(!(p(r)&&!e?.force))try{await i(m,{recursive:!0}),await c(n.source,r),n.type==="config"?l.configs.push(r):n.type==="migration"?l.migrations.push(r):n.type==="asset"&&l.assets.push(r)}catch(h){console.warn(`Failed to publish ${n.source} to ${r}:`,h)}}return l}async preview(s){let e={configs:[],migrations:[],assets:[]},i=s.publishables?.()||{};for(let[c,o]of Object.entries(i))for(let t of o){let p=b("path").join(process.cwd(),t.dest);t.type==="config"?e.configs.push(p):t.type==="migration"?e.migrations.push(p):t.type==="asset"&&e.assets.push(p)}return e}},M=f("svelar.pluginPublisher",()=>new P);var v=class{async install(s,e){let{spawn:i}=await import("child_process"),{promisify:c}=await import("util"),{join:o}=await import("path"),{readFile:t}=await import("fs/promises"),{existsSync:p}=await import("fs");try{await this.runNpmInstall(s);let l=w,g=await l.discover(),a;for(let n of g)if(n.packageName===s||n.name===s){a=n;break}if(!a)return{success:!1,pluginName:s,version:"0.0.0",published:null,error:`Plugin not found after installation. Make sure ${s} is a valid Svelar plugin.`};l.enable(a.name);let d=null;if(e?.publish!==!1)try{let n=await this.loadPluginClass(a.packageName);n&&(d=await M.publish(new n))}catch(n){console.warn("Failed to publish plugin assets:",n)}return{success:!0,pluginName:a.name,version:a.version,published:d}}catch(l){return{success:!1,pluginName:s,version:"0.0.0",published:null,error:l?.message??String(l)}}}async uninstall(s){try{let e=w,i=e.get(s);return i?(e.disable(s),await this.runNpmUninstall(i.packageName),!0):!1}catch(e){return console.error("Failed to uninstall plugin:",e),!1}}async runNpmInstall(s){return new Promise((e,i)=>{let{spawn:c}=b("child_process"),o=c("npm",["install",s],{cwd:process.cwd(),stdio:"inherit"});o.on("close",t=>{t===0?e():i(new Error(`npm install exited with code ${t}`))}),o.on("error",i)})}async runNpmUninstall(s){return new Promise((e,i)=>{let{spawn:c}=b("child_process"),o=c("npm",["uninstall",s],{cwd:process.cwd(),stdio:"inherit"});o.on("close",t=>{t===0?e():i(new Error(`npm uninstall exited with code ${t}`))}),o.on("error",i)})}async loadPluginClass(s){try{let e=await import(s);return e.default||Object.values(e)[0]}catch{return null}}},I=f("svelar.pluginInstaller",()=>new v);export{I as PluginInstaller};

package/dist/plugins/PluginPublisher.d.ts

@@ -0,0 +1,32 @@
+/**
+ * Svelar Plugin Publisher
+ *
+ * Handles publishing a plugin's configuration files, migrations,
+ * and assets to the user's application.
+ */
+import type { Plugin } from './index.js';
+export interface PublishResult {
+    configs: string[];
+    migrations: string[];
+    assets: string[];
+}
+export interface PublishableFile {
+    source: string;
+    dest: string;
+    type: 'config' | 'migration' | 'asset';
+}
+declare class PluginPublisherService {
+    /**
+     * Publish a plugin's publishable assets
+     */
+    publish(plugin: Plugin, options?: {
+        force?: boolean;
+        only?: 'config' | 'migrations' | 'assets';
+    }): Promise<PublishResult>;
+    /**
+     * Check what would be published without actually publishing
+     */
+    preview(plugin: Plugin): Promise<PublishResult>;
+}
+export declare const PluginPublisher: PluginPublisherService;
+export {};

package/dist/plugins/PluginPublisher.js

@@ -0,0 +1 @@
+var y=(e=>typeof require<"u"?require:typeof Proxy<"u"?new Proxy(e,{get:(t,s)=>(typeof require<"u"?require:t)[s]}):e)(function(e){if(typeof require<"u")return require.apply(this,arguments);throw Error('Dynamic require of "'+e+'" is not supported')});function p(e,t){let s=Symbol.for(e),i=globalThis;return i[s]||(i[s]=t()),i[s]}var u=class{async publish(t,s){let{mkdir:i,copyFile:f}=await import("fs/promises"),{join:a,dirname:r}=await import("path"),{existsSync:l}=await import("fs"),c={configs:[],migrations:[],assets:[]},g=t.publishables?.()||{};for(let[P,b]of Object.entries(g))for(let o of b){if(s?.only&&o.type!==s.only)continue;let n=a(process.cwd(),o.dest),h=r(n);if(!(l(n)&&!s?.force))try{await i(h,{recursive:!0}),await f(o.source,n),o.type==="config"?c.configs.push(n):o.type==="migration"?c.migrations.push(n):o.type==="asset"&&c.assets.push(n)}catch(m){console.warn(`Failed to publish ${o.source} to ${n}:`,m)}}return c}async preview(t){let s={configs:[],migrations:[],assets:[]},i=t.publishables?.()||{};for(let[f,a]of Object.entries(i))for(let r of a){let l=y("path").join(process.cwd(),r.dest);r.type==="config"?s.configs.push(l):r.type==="migration"?s.migrations.push(l):r.type==="asset"&&s.assets.push(l)}return s}},j=p("svelar.pluginPublisher",()=>new u);export{j as PluginPublisher};

package/dist/plugins/PluginRegistry.d.ts

@@ -0,0 +1,55 @@
+/**
+ * Svelar Plugin Registry
+ *
+ * Discovers and manages installed plugins by scanning node_modules
+ * for packages with the 'svelar-plugin' keyword or 'svelar-' prefix.
+ */
+export interface PluginMeta {
+    name: string;
+    version: string;
+    description: string;
+    packageName: string;
+    installed: boolean;
+    enabled: boolean;
+    hasConfig: boolean;
+    hasMigrations: boolean;
+}
+declare class PluginRegistryService {
+    private plugins;
+    private enabledPlugins;
+    /**
+     * Scan node_modules for svelar plugins
+     * Looks for packages with 'svelar-plugin' keyword or starting with 'svelar-'
+     */
+    discover(): Promise<PluginMeta[]>;
+    /**
+     * Register a plugin as enabled
+     */
+    enable(name: string): void;
+    /**
+     * Disable a plugin
+     */
+    disable(name: string): void;
+    /**
+     * Check if plugin is enabled
+     */
+    isEnabled(name: string): boolean;
+    /**
+     * Get all registered plugin metadata
+     */
+    list(): PluginMeta[];
+    /**
+     * Get enabled plugins
+     */
+    listEnabled(): PluginMeta[];
+    /**
+     * Get a plugin by name
+     */
+    get(name: string): PluginMeta | undefined;
+    /**
+     * Register a plugin in the registry
+     */
+    register(meta: PluginMeta): void;
+}
+export declare const PluginRegistry: PluginRegistryService;
+export {};

package/dist/plugins/PluginRegistry.js

@@ -0,0 +1 @@
+function p(g,n){let e=Symbol.for(g),i=globalThis;return i[e]||(i[e]=n()),i[e]}var l=class{plugins=new Map;enabledPlugins=new Set;async discover(){let{join:n}=await import("path"),{existsSync:e,readdirSync:i}=await import("fs"),{readFile:h}=await import("fs/promises"),a=[],o=n(process.cwd(),"node_modules");if(!e(o))return a;try{let f=i(o,{withFileTypes:!0});for(let u of f){if(!u.isDirectory())continue;let s=u.name;if(s.startsWith("."))continue;let c=s.startsWith("svelar-");if(!c)continue;let d=n(o,s,"package.json");if(e(d))try{let b=await h(d,"utf-8"),t=JSON.parse(b),P=t.keywords?.includes("svelar-plugin");if(!c&&!P)continue;let r={name:t.name||s,version:t.version||"0.0.0",description:t.description||"",packageName:s,installed:!0,enabled:!1,hasConfig:!!t.svelar?.config,hasMigrations:!!t.svelar?.migrations};a.push(r),this.plugins.set(r.name,r)}catch{}}}catch{}return a}enable(n){let e=this.plugins.get(n);if(!e)throw new Error(`Plugin "${n}" not found in registry.`);this.enabledPlugins.add(n),e.enabled=!0}disable(n){this.enabledPlugins.delete(n);let e=this.plugins.get(n);e&&(e.enabled=!1)}isEnabled(n){return this.enabledPlugins.has(n)}list(){return[...this.plugins.values()]}listEnabled(){return[...this.plugins.values()].filter(n=>this.enabledPlugins.has(n.name))}get(n){return this.plugins.get(n)}register(n){this.plugins.set(n.name,n)}},y=p("svelar.pluginRegistry",()=>new l);export{y as PluginRegistry};

package/dist/plugins/index.d.ts

@@ -0,0 +1,206 @@
+/**
+ * Svelar Plugin System
+ *
+ * Extensible plugin architecture inspired by Laravel packages.
+ * Plugins can register service providers, middleware, commands,
+ * routes, migrations, and configuration.
+ *
+ * @example
+ * ```ts
+ * import { Plugin, PluginManager } from 'svelar/plugins';
+ *
+ * // Define a plugin
+ * class StripePlugin extends Plugin {
+ *   name = 'svelar-stripe';
+ *   version = '1.0.0';
+ *
+ *   async register(app) {
+ *     app.singleton('stripe', () => new Stripe(process.env.STRIPE_KEY));
+ *   }
+ *
+ *   async boot(app) {
+ *     // Register routes, middleware, etc.
+ *   }
+ *
+ *   migrations() {
+ *     return ['create_payments_table', 'create_subscriptions_table'];
+ *   }
+ *
+ *   config() {
+ *     return {
+ *       key: 'stripe',
+ *       defaults: { currency: 'usd', webhook_secret: '' },
+ *     };
+ *   }
+ * }
+ *
+ * // Register plugins
+ * const plugins = new PluginManager(app);
+ * plugins.use(new StripePlugin());
+ * await plugins.boot();
+ * ```
+ */
+import type { Container } from '../container/Container.js';
+import type { Middleware } from '../middleware/Middleware.js';
+export interface PluginConfig {
+    key: string;
+    defaults: Record<string, any>;
+}
+export interface PluginMigration {
+    name: string;
+    up: () => Promise<void>;
+    down: () => Promise<void>;
+}
+export interface PluginRoute {
+    method: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE';
+    path: string;
+    handler: (event: any) => Promise<Response>;
+    middleware?: string[];
+}
+export interface PluginCommand {
+    name: string;
+    description: string;
+    handler: (args: string[]) => Promise<void>;
+}
+export type PluginHook = 'app:boot' | 'app:shutdown' | 'request:before' | 'request:after' | 'model:creating' | 'model:created' | 'model:updating' | 'model:updated' | 'model:deleting' | 'model:deleted' | string;
+export declare abstract class Plugin {
+    /** Unique plugin identifier (e.g., 'svelar-stripe') */
+    abstract readonly name: string;
+    /** Plugin version (semver) */
+    abstract readonly version: string;
+    /** Human-readable description */
+    description?: string;
+    /** Plugin dependencies (other plugin names) */
+    dependencies?: string[];
+    /**
+     * Register services, bindings, and configuration.
+     * Called before boot.
+     */
+    register(app: Container): Promise<void>;
+    /**
+     * Bootstrap the plugin after all plugins are registered.
+     * Use for setup that depends on other services.
+     */
+    boot(app: Container): Promise<void>;
+    /**
+     * Clean up when the plugin is unloaded
+     */
+    shutdown(): Promise<void>;
+    /**
+     * Return migration files this plugin provides
+     */
+    migrations(): string[];
+    /**
+     * Return default configuration for this plugin
+     */
+    config(): PluginConfig | null;
+    /**
+     * Return middleware this plugin provides
+     */
+    middleware(): Array<{
+        name: string;
+        handler: Middleware | ((ctx: any, next: any) => Promise<any>);
+    }>;
+    /**
+     * Return CLI commands this plugin provides
+     */
+    commands(): PluginCommand[];
+    /**
+     * Return API routes this plugin provides
+     */
+    routes(): PluginRoute[];
+    /**
+     * Return event listeners this plugin registers
+     */
+    listeners(): Array<{
+        event: string;
+        handler: (...args: any[]) => void | Promise<void>;
+    }>;
+    /**
+     * Return publishable files (configs, migrations, assets)
+     * Map of type -> array of { source, dest, type }
+     */
+    publishables?(): Record<string, Array<{
+        source: string;
+        dest: string;
+        type: 'config' | 'migration' | 'asset';
+    }>>;
+}
+export declare class PluginManager {
+    private app;
+    private plugins;
+    private registered;
+    private booted;
+    private hooks;
+    constructor(app: Container);
+    /**
+     * Register a plugin
+     */
+    use(plugin: Plugin): this;
+    /**
+     * Register multiple plugins
+     */
+    useMany(plugins: Plugin[]): this;
+    /**
+     * Register and boot all plugins (respects dependency order)
+     */
+    boot(): Promise<void>;
+    /**
+     * Shutdown all plugins (reverse order)
+     */
+    shutdown(): Promise<void>;
+    /**
+     * Get a registered plugin by name
+     */
+    get<T extends Plugin>(name: string): T | undefined;
+    /**
+     * Check if a plugin is registered
+     */
+    has(name: string): boolean;
+    /**
+     * Get all registered plugin names
+     */
+    names(): string[];
+    /**
+     * Get all plugins
+     */
+    all(): Plugin[];
+    /**
+     * Register a hook listener
+     */
+    on(hook: PluginHook, handler: (...args: any[]) => Promise<void> | void): void;
+    /**
+     * Trigger a hook
+     */
+    triggerHook(hook: PluginHook, ...args: any[]): Promise<void>;
+    /**
+     * Get all routes from all plugins
+     */
+    getRoutes(): PluginRoute[];
+    /**
+     * Get all commands from all plugins
+     */
+    getCommands(): PluginCommand[];
+    /**
+     * Get all middleware from all plugins
+     */
+    getMiddleware(): Array<{
+        name: string;
+        handler: any;
+    }>;
+    /**
+     * Get all migrations from all plugins
+     */
+    getMigrations(): string[];
+    /**
+     * Get all configurations from all plugins
+     */
+    getConfigs(): PluginConfig[];
+    private registerPlugin;
+    private bootPlugin;
+    private resolveDependencyOrder;
+}
+/**
+ * Load plugins from a directory (for auto-discovery)
+ */
+export declare function discoverPlugins(pluginDir: string): Promise<Plugin[]>;

package/dist/plugins/index.js

@@ -0,0 +1 @@
+var g=class{description;dependencies;async register(t){}async boot(t){}async shutdown(){}migrations(){return[]}config(){return null}middleware(){return[]}commands(){return[]}routes(){return[]}listeners(){return[]}publishables(){return{}}},d=class{constructor(t){this.app=t}plugins=new Map;registered=new Set;booted=new Set;hooks=new Map;use(t){if(this.plugins.has(t.name))throw new Error(`Plugin "${t.name}" is already registered.`);return this.plugins.set(t.name,t),this}useMany(t){for(let e of t)this.use(e);return this}async boot(){let t=this.resolveDependencyOrder();for(let e of t)await this.registerPlugin(e);for(let e of t)await this.bootPlugin(e);await this.triggerHook("app:boot")}async shutdown(){await this.triggerHook("app:shutdown");let t=[...this.booted].reverse();for(let e of t){let i=this.plugins.get(e);i&&await i.shutdown()}}get(t){return this.plugins.get(t)}has(t){return this.plugins.has(t)}names(){return[...this.plugins.keys()]}all(){return[...this.plugins.values()]}on(t,e){this.hooks.has(t)||this.hooks.set(t,[]),this.hooks.get(t).push(e)}async triggerHook(t,...e){let i=this.hooks.get(t);if(i)for(let n of i)await n(...e)}getRoutes(){let t=[];for(let e of this.plugins.values())t.push(...e.routes());return t}getCommands(){let t=[];for(let e of this.plugins.values())t.push(...e.commands());return t}getMiddleware(){let t=[];for(let e of this.plugins.values())t.push(...e.middleware());return t}getMigrations(){let t=[];for(let e of this.plugins.values())t.push(...e.migrations());return t}getConfigs(){let t=[];for(let e of this.plugins.values()){let i=e.config();i&&t.push(i)}return t}async registerPlugin(t){if(this.registered.has(t))return;let e=this.plugins.get(t);if(!e)throw new Error(`Plugin "${t}" not found.`);let i=e.config();i&&this.app.instance(`config.${i.key}`,i.defaults);for(let{event:n,handler:s}of e.listeners())this.on(n,s);await e.register(this.app),this.registered.add(t)}async bootPlugin(t){if(this.booted.has(t))return;let e=this.plugins.get(t);e&&(await e.boot(this.app),this.booted.add(t))}resolveDependencyOrder(){let t=new Set,e=[],i=(n,s)=>{if(t.has(n))return;if(s.has(n))throw new Error(`Circular plugin dependency detected: ${[...s,n].join(" -> ")}`);s.add(n);let o=this.plugins.get(n);if(o?.dependencies)for(let r of o.dependencies){if(!this.plugins.has(r))throw new Error(`Plugin "${n}" requires "${r}" which is not registered.`);i(r,s)}s.delete(n),t.add(n),e.push(n)};for(let n of this.plugins.keys())i(n,new Set);return e}};async function u(a){let{readdir:t}=await import("fs/promises"),{join:e}=await import("path"),i=[];try{let n=await t(a,{withFileTypes:!0});for(let s of n)if(s.isDirectory())try{let o=await import(e(a,s.name,"index.js")),r=o.default||o[Object.keys(o)[0]];r&&r.prototype instanceof g&&i.push(new r)}catch{}else if(s.isFile()&&(s.name.endsWith(".ts")||s.name.endsWith(".js")))try{let o=await import(e(a,s.name)),r=o.default||o[Object.keys(o)[0]];r&&r.prototype instanceof g&&i.push(new r)}catch{}}catch{}return i}export{g as Plugin,d as PluginManager,u as discoverPlugins};