@biglogic/rgs 3.7.0 → 3.7.3

package/docs/chapters/08-migration-guide.md

@@ -1,284 +0,0 @@
-# 8. Migration Guide
-
-## Upgrading to v3.5.0 (The Type-Safe Era)
-
-### New Feature: Selectors
-v3.5.0 introduces **Function Selectors** for `useStore`. This is fully backward compatible, but we recommend migrating new code to this pattern for better type safety.
-
-#### ✅ Recommended Pattern
-```tsx
-// Type-safe, autocomplete friendly
-const userName = useStore(state => state.user.name)
-```
-
-#### 🟡 Legacy Pattern (Still Supported)
-```tsx
-// String-based, prone to typos
-const [userName] = useStore('user_name')
-```
-
----
-
-## Upgrading to v3.4.0
-
-### Performance Defaults
-- **Size Limits**: `maxObjectSize` and `maxTotalSize` now default to `0` (disabled). If you relied on these warnings during development, explicitly enable them in `initState` or `gstate` options.
-
-### Deprecations Removed
-- `useGState` and `useSimpleState` have been removed. Replace all instances with `useStore`.
-- `_registerMethod(name, fn)` support is removed from types (runtime warning remains). Update plugins to use `_registerMethod(pluginName, methodName, fn)`.
-
----
-
-## Upgrading from Previous Versions
-
-### Security: `secure` → `encoded`
-
-**IMPORTANT:** The `secure` option has been deprecated in favor of `encoded` to clarify that it only applies **base64 encoding**, not encryption.
-
-#### ❌ Old Code (Deprecated)
-
-```typescript
-store.set('apiKey', 'secret123', {
-  persist: true,
-  secure: true  // ⚠️ DEPRECATED: This is NOT encryption!
-})
-```
-
-#### ✅ New Code (Recommended)
-
-```typescript
-store.set('apiKey', 'secret123', {
-  persist: true,
-  encoded: true  // ✅ Clear: This is base64 encoding
-})
-```
-
-#### Backward Compatibility
-
-Your old code will **still work**, but you'll see a deprecation warning in TypeScript:
-
-```typescript
-/** @deprecated Use 'encoded' instead. 'secure' only applies base64 encoding, not encryption. */
-secure?: boolean
-```
-
-#### Why This Change?
-
-Base64 encoding is **NOT encryption**. It's trivial to decode:
-
-```javascript
-// Anyone can decode base64
-const encoded = btoa(JSON.stringify({ secret: 'password123' }))
-const decoded = JSON.parse(atob(encoded)) // { secret: 'password123' }
-```
-
-**For real security**, use proper encryption libraries like:
-
-- `crypto-js` (AES encryption)
-- `tweetnacl` (NaCl encryption)
-- Web Crypto API (`crypto.subtle`)
-
----
-
-### Error Handling: `onError` Callback
-
-**NEW:** You can now catch and handle errors from plugins, hydration, and other operations.
-
-#### Example: Custom Error Logging
-
-```typescript
-import { initState, useStore } from '@biglogic/rgs'
-
-const store = initState({
-  namespace: 'myapp',
-  onError: (error, context) => {
-    // Send to your error tracking service
-    console.error(`[gState Error] ${context.operation}:`, error)
-
-    if (context.operation === 'hydration') {
-      // Handle corrupted localStorage
-      localStorage.clear()
-      alert('Storage corrupted, resetting...')
-    }
-
-    if (context.operation.startsWith('plugin:')) {
-      // Handle plugin crashes
-      Sentry.captureException(error, { tags: { plugin: context.operation } })
-    }
-  }
-})
-```
-
-#### Error Context
-
-```typescript
-interface ErrorContext {
-  operation: string  // 'hydration', 'plugin:name:hook', 'set'
-  key?: string       // State key (if applicable)
-}
-```
-
----
-
-### Performance: `maxObjectSize` Warning
-
-**NEW:** Get warned when storing objects larger than a configurable limit (default: 5MB).
-
-#### Example: Custom Size Limit
-
-```typescript
-import { createStore } from '@biglogic/rgs'
-
-const store = createStore({
-  maxObjectSize: 10 * 1024 * 1024, // 10MB limit
-  onError: (error, context) => {
-    if (context.operation === 'set') {
-      console.warn(`Large object detected in key: ${context.key}`)
-    }
-  }
-})
-
-// This will trigger a warning if > 10MB
-store.set('bigData', hugeArray)
-```
-
-#### Disable Size Checking
-
-```typescript
-const store = createStore({
-  maxObjectSize: 0  // Disable size warnings
-})
-```
-
----
-
-## Upgrading to Latest Version (The Enterprise Update)
-
-**IMPORTANT:** This release introduces a fundamental shift towards **Multi-Store Isolation**. Security rules and GDPR consents are now instance-bound rather than global.
-
-### 1. Security: Global → Instance-Specific
-
-In previous versions, security rules were shared globally. Now, each store instance maintains its own rules for better isolation in micro-frontend environments.
-
-#### ❌ Deprecated Global Methods
-
-```typescript
-import { addAccessRule, recordConsent } from '@biglogic/rgs'
-
-// ⚠️ DEPRECATED: These affect the 'default' store only and are less isolated
-addAccessRule('user_*', ['read', 'write'])
-```
-
-#### ✅ Recommended Instance Methods
-
-```typescript
-const store = createStore({ namespace: 'my-isolated-app' })
-
-// ✅ Use the instance methods
-store.addAccessRule('user_*', ['read', 'write'])
-store.recordConsent('user123', 'marketing', true)
-```
-
-### 2. Operational Resilience: Ghost Stores
-
-**NEW:** If you access a store that hasn't finished its initialization (e.g., during slow hydration), RGS now returns a **Ghost Store Proxy**.
-
-- **Behavior:** It prevents application crashes by providing a safe fallback.
-- **Developer Warning:** It logs a detailed warning in the console so you can fix the initialization sequence.
-
-### 3. Performance: Regex Caching
-
-**NEW:** Permission checks now use an internal **Regex Cache** per instance.
-
-- **Why?** Avoids the overhead of re-compiling regex strings on every `.get()` or `.set()` call.
-- **Impact:** Significant performance boost for applications with high-frequency state updates and complex RBAC rules.
-
-### 4. Advanced Plugin Typing
-
-**NEW:** Introducing `GStatePlugins` for Module Augmentation.
-
-- You can now define types for your custom plugins to get full IDE autocomplete.
-
----
-
-## v2.9.5: The Architecture & Safety Update (2026-02-16)
-
-This release focuses on improving developer ergonomics, security visibility, and complex dependency handling.
-
-### 1. Nested Computed Dependencies
-
-**NEW:** Computed values can now re-trigger based on other computed values.
-
-```typescript
-store.compute('tax', (get) => (get<number>('subtotal') || 0) * 0.2)
-store.compute('total', (get) => (get<number>('subtotal') || 0) + (get<number>('tax') || 0))
-```
-
-### 2. Direct Store Access: `getStore()`
-**NEW:** A top-level utility to retrieve the default store without React hooks.
-
-```typescript
-import { getStore } from '@biglogic/rgs'
-
-export const toggleTheme = () => {
-  const store = getStore()
-  if (store) store.set('mode', 'dark')
-}
-```
-
-### 3. Exposed Metadata: `namespace` and `userId`
-**NEW:** Store instances now expose their identifying properties as read-only getters.
-
-```typescript
-const store = createStore({ namespace: 'auth-vault', userId: 'user-001' })
-console.log(store.namespace) // 'auth-vault'
-console.log(store.userId)    // 'user-001'
-```
-
-### 4. High-Volume & Hybrid Sync (Plugins)
-**NEW:** Support for GB-scale storage and Remote Cloud Backups.
-
-- **IndexedDB Plugin**: Replaces localStorage for massive browser datasets.
-- **Cloud Sync Plugin**: Differential synchronization to MongoDB, Firebase, or any SQL backend.
-
-```typescript
-// Example: Manual Cloud Sync
-const result = await store.plugins.cloudSync.sync()
-console.log('Stats:', store.plugins.cloudSync.getStats())
-```
-
----
-
-## Breaking Changes
-
-### 🔒 Security Isolation
-
-If you relied on `addAccessRule()` from the global export to affect a `createStore()` instance, you must now call `store.addAccessRule()` on that specific instance.
-
----
-
-## Recommended Actions
-
-### 1. Migrate Security Calls to Store Instances
-
-**Priority:** High (if using multiple stores)
-
-**Effort:** Low
-
-### 2. Implement `GStatePlugins` for Custom Plugins
-
-**Priority:** Medium (Developer Experience)
-
-**Effort:** Low
-
----
-
-## Need Help?
-
-- **Issues:** [GitHub Issues](https://github.com/dpassariello/rgs/issues)
-- **Docs:** [Galaxy Documentation](../SUMMARY.md)
-
----
-
-## Last updated: 2026-02-16

package/docs/chapters/09-security-architecture.md

@@ -1,50 +0,0 @@
-# Security Architecture & Hardening
-
-## Overview
-Reactive Global State (RGS) is designed with a "Security-First" philosophy. Our architecture ensures that global state is not only reactive but protected against common web vulnerabilities and unauthorized access.
-
-## 1. Data Sanitization (XSS Defense)
-The `sanitizeValue` utility provides a robust baseline defense by stripping malicious content from strings and objects before they enter the store.
-
-- **Scheme Blocking**: Specifically blocks `javascript:`, `vbscript:`, and `data:text/html` schemes.
-- **Tag Removal**: Automatically removes dangerous HTML tags such as `<script>`, `<iframe>`, `<form>`, and `<meta>`.
-- **Entity Removal**: Strips HTML entities (`&#...;`) to prevent obfuscation-based bypasses.
-
-## 2. Advanced Deep Cloning
-To ensure state immutability and prevent unintended side effects, RGS uses an intelligent cloning engine:
-- **Native structuredClone**: Leverages the browser's native API for maximum performance.
-- **Support for Collections**: Extends cloning capabilities to `Map` and `Set` objects.
-- **Circular Reference Protection**: Uses `WeakMap` to handle complex nested structures safely.
-
-## 3. Cryptography (AES-256-GCM)
-The security module uses the Web Crypto API to provide high-performance, authenticated encryption:
-- **AES-GCM**: Provides both confidentiality and integrity verification.
-- **GCM (Galois/Counter Mode)**: Ensures that data has not been tampered with during storage.
-- **Safe Random UUID**: Fallback generation for environments without Web Crypto API.
-
-## 4. RBAC (Role-Based Access Control)
-RGS supports fine-grained access rules:
-- **Fail-Closed Design**: Access is denied by default if any rules are defined.
-- **Regex Caching**: Store instances cache compiled regular expressions for ultra-fast permission checks.
-- **ReDoS Protection**: Regex patterns have a 100ms timeout to prevent denial-of-service attacks.
-- **Storage Key Validation**: All persisted keys are validated against a strict pattern before storage.
-
-## 5. Security Best Practices
-For real-world implementations, refer to the `examples/security-best-practices` directory, which covers:
-- **Encryption Key Management**: Using `generateEncryptionKey()` for secure key generation.
-- **Audit Logging**: Tracking all store modifications for compliance.
-- **GDPR Compliance**: Managing user consent and data export/deletion.
-
-## Summary of 2.9.5 Enhancements
-- Robust regex patterns for `sanitizeValue`.
-- Recursive sanitization for plain objects.
-- `Map` and `Set` support in `deepClone`.
-- **Exposed Metadata**: Store instances now expose read-only `namespace` and `userId`.
-- **Direct Store Access**: Added `getStore()` utility for non-React contexts.
-
-## Summary of 3.7.0 Enhancements
-- **ReDoS Protection**: Regex patterns timeout after 100ms to prevent malicious patterns.
-- **Safe UUID**: Fallback UUID generation for environments without Web Crypto API.
-- **Storage Key Validation**: Keys validated before persistence to prevent injection.
-- **Production Safety**: Global window access only enabled in development mode (`NODE_ENV !== 'production'`).
-- **PBKDF2 Key Derivation**: New `deriveKeyFromPassword()` and `generateSalt()` functions for secure password-based encryption (NIST SC-12 compliant).

package/docs/chapters/10-local-first-sync.md

@@ -1,146 +0,0 @@
-# 🚀 Chapter 10: Local-First Sync Engine
-
-RGS now includes a powerful **Local-First Sync Engine** that makes your app work offline by default and automatically synchronize when connectivity is restored.
-
-## Why Local-First?
-
-Traditional apps require an internet connection to work. Local-First apps work immediately with local data and sync in the background when possible.
-
-### Benefits
-
-- **Instant Load** - No waiting for server responses
-- **Works Offline** - App functions without internet
-- **Better UX** - No loading spinners for data
-- **Conflict Resolution** - Smart merge strategies
-
-## Quick Start
-
-```typescript
-import { gstate, useSyncedState } from '@biglogic/rgs'
-
-// Create store with sync enabled
-const store = gstate({
-  todos: [],
-  user: null
-}, {
-  namespace: 'myapp',
-  sync: {
-    endpoint: 'https://api.example.com/sync',
-    // Use a getter function for secure token retrieval
-    authToken: () => localStorage.getItem('auth_token'),
-    autoSyncInterval: 30000,  // Sync every 30s
-    syncOnReconnect: true    // Auto-sync when back online
-  }
-})
-
-// Use in React components
-function TodoList() {
-  const [todos, setTodos] = useSyncedState('todos')
-
-  // Add todo - automatically queued for sync
-  const addTodo = (text) => {
-    setTodos([...todos, { id: Date.now(), text }])
-  }
-
-  return <div>{/* ... */}</div>
-}
-```
-
-## Configuration Options
-
-| Option | Type | Default | Description |
-|--------|------|---------|-------------|
-| `endpoint` | `string` | required | Remote sync server URL |
-| `authToken` | `string` or `() => string \| null` | - | Authentication token or getter function for secure retrieval |
-| `strategy` | `string` | `'last-write-wins'` | Conflict resolution |
-| `autoSyncInterval` | `number` | `30000` | Auto-sync interval (ms) |
-| `syncOnReconnect` | `boolean` | `true` | Sync on network restore |
-| `debounceTime` | `number` | `1000` | Batch changes (ms) |
-| `maxRetries` | `number` | `3` | Failed sync retries |
-| `onConflict` | `function` | - | Custom conflict handler |
-| `onSync` | `function` | - | Sync completion callback |
-
-## Conflict Resolution Strategies
-
-### 1. Last-Write-Wins (Default)
-
-```typescript
-sync: { strategy: 'last-write-wins' }
-```
-Latest timestamp wins - simplest strategy.
-
-### 2. Server-Wins
-
-```typescript
-sync: { strategy: 'server-wins' }
-```
-Always prefer remote values - useful for read-heavy apps.
-
-### 3. Client-Wins
-
-```typescript
-sync: { strategy: 'client-wins' }
-```
-Always prefer local values - useful for write-heavy apps.
-
-### 4. Custom Merge
-
-```typescript
-sync: {
-  strategy: 'merge',
-  onConflict: (conflict) => {
-    // Custom logic for merging
-    return {
-      action: 'merge',
-      value: { /* merged result */ }
-    }
-  }
-}
-```
-
-## Hook API
-
-### useSyncedState
-
-```typescript
-const [value, setValue, syncState] = useSyncedState('key')
-
-// syncState contains:
-// - isOnline: boolean
-// - isSyncing: boolean
-// - pendingChanges: number
-// - conflicts: number
-```
-
-### useSyncStatus
-
-```typescript
-const status = useSyncStatus()
-// Global sync status across all stores
-```
-
-## Manual Sync Control
-
-```typescript
-// Force sync
-await store.plugins.sync.flush()
-
-// Get sync state
-const state = store.plugins.sync.getState()
-```
-
-## Integration with Persistence
-
-The Sync Engine works seamlessly with RGS's existing persistence layer:
-
-- **Local Storage** - Data persists locally first
-- **IndexedDB** - For larger datasets
-- **Cloud Sync** - Optional remote backup
-
-Your data survives browser refresh, works offline, and stays synchronized across devices.
-
-## Next Steps
-
-- Learn about [Security Architecture](09-security-architecture.md)
-- Explore [Plugin SDK](05-plugin-sdk.md)
-- Check [Migration Guide](08-migration-guide.md)

package/docs/qa.md

@@ -1,47 +0,0 @@
-# 🚀 QA Release Checklist: Massive Change
-
-> **Release ID:** [Insert ID]
-> **Date:** 2026-02-19
-> **QA Lead:** [Name]
-
----
-
-### 1. 🔍 Impact Analysis & Setup
-- [ ] **Traceability Matrix:** Mapping new requirements to existing test cases.
-- [ ] **Impact Analysis:** Identifying "High-Risk" modules (e.g., DB, API, Payment Gateway).
-- [ ] **Staging Environment:** Verify alignment of config/data with Production.
-- [ ] **Smoke Test Suite:** Selection of 10-15 fundamental tests to validate build stability.
-
-### 2. 🛡️ Regression & Functional Testing
-- [ ] **Critical Regression:** Execution of automated tests on core flows (Business Critical).
-- [ ] **New Features:** Detailed validation according to acceptance criteria (AC).
-- [ ] **Edge Cases:** Testing on invalid inputs and boundary scenarios.
-- [ ] **Compatibility:** Testing on Browsers (Chrome, Safari, Firefox) and Mobile (iOS, Android).
-
-### 3. ⚙️ Technical Integrity & Performance
-- [ ] **Data Migration:** Verify that DB changes haven't corrupted existing records.
-- [ ] **API Contracts:** Verify that endpoints haven't introduced breaking changes.
-- [ ] **Performance Baseline:** Check response times compared to the previous version.
-- [ ] **Security Scan:** Basic check on permissions and OWASP vulnerabilities.
-
-### 4. 🏁 Release Readiness (Go/No-Go)
-- [ ] **UAT Sign-off:** Final approval from stakeholders.
-- [ ] **Rollback Plan:** Documented and ready recovery procedure.
-- [ ] **Feature Flags:** Verify that toggles are correctly configured on [LaunchDarkly](https://launchdarkly.com) or similar.
-- [ ] **Monitoring:** [Sentry](https://sentry.io) or [Datadog](https://www.datadoghq.com) dashboards ready for post-live monitoring.
-
----
-
-### 📊 Execution Report
-
-
-| Category | Total Tests | Passed | Failed | Blockers |
-| :--- | :---: | :---: | :---: | :---: |
-| **Smoke Test** | 0 | 0 | 0 | 0 |
-| **Regression** | 0 | 0 | 0 | 0 |
-| **New Features**| 0 | 0 | 0 | 0 |
-
----
-
-**Final Notes:**
-*Add any critical bugs found or observations on stability here.*

package/index.d.ts

@@ -1,41 +0,0 @@
-import { createStore as baseCreateStore } from "./core/store";
-import { useStore as baseUseStore } from "./core/hooks";
-import * as Security from "./core/security";
-import type { IStore, StoreConfig } from "./core/types";
-export declare const gstate: <S extends Record<string, unknown>>(initialState: S, configOrNamespace?: string | StoreConfig<S>) => IStore<S> & (<K extends keyof S>(key: K) => readonly [S[K] | undefined, (val: S[K] | ((draft: S[K]) => S[K]), options?: unknown) => boolean]);
-export { baseCreateStore as createStore };
-export { useStore, useIsStoreReady, initState, getStore, destroyState, useStore as useGState, useStore as useSimpleState } from "./core/hooks";
-export { createAsyncStore } from "./core/async";
-export { SyncEngine, createSyncEngine } from "./core/sync";
-export type { SyncConfig, SyncState, SyncResult, SyncStrategy, ConflictInfo, ConflictResolution } from "./core/sync";
-export { initSync, destroySync, useSyncedState, useSyncStatus, triggerSync } from "./core/hooks";
-export * from "./plugins/index";
-export { generateEncryptionKey, exportKey, importKey, isCryptoAvailable, setAuditLogger, logAudit, validateKey, sanitizeValue, deriveKeyFromPassword, generateSalt } from "./core/security";
-export declare const addAccessRule: (pattern: string | ((key: string, userId?: string) => boolean), perms: Security.Permission[]) => void | undefined;
-export declare const hasPermission: (key: string, action: Security.Permission, uid?: string) => boolean;
-export declare const recordConsent: (uid: string, p: string, g: boolean) => Security.ConsentRecord;
-export declare const hasConsent: (uid: string, p: string) => boolean;
-export declare const getConsents: (uid: string) => Security.ConsentRecord[];
-export declare const revokeConsent: (uid: string, p: string) => Security.ConsentRecord | null | undefined;
-export declare const exportUserData: (uid: string) => {
-    userId: string;
-    exportedAt: number;
-    consents: import("./core/security").ConsentRecord[];
-};
-export declare const deleteUserData: (uid: string) => {
-    success: boolean;
-    deletedConsents: number;
-};
-export declare const clearAccessRules: () => void;
-export declare const clearAllConsents: () => void;
-export type { EncryptionKey, AuditEntry, Permission, AccessRule, ConsentRecord } from "./core/security";
-export type { IStore, StoreConfig, PersistOptions, StateUpdater, ComputedSelector, WatcherCallback } from "./core/types";
-declare global {
-    var createStore: typeof baseCreateStore;
-    var gstate: <S extends Record<string, unknown>>(initialState: S, configOrNamespace?: string | StoreConfig<S>) => IStore<S> & ((key: string) => unknown);
-    var initState: typeof import("./core/hooks").initState;
-    var destroyState: typeof import("./core/hooks").destroyState;
-    var gState: IStore<Record<string, unknown>>;
-    var rgs: IStore<Record<string, unknown>>;
-    var useStore: typeof baseUseStore;
-}

package/index.js

@@ -1,2 +0,0 @@
-import{produce as Ct,freeze as Le}from"immer";var ht=(t,e)=>{let n=Date.now();if(/\(\.*\+\?\)\+/.test(t)||/\(\.*\?\)\*/.test(t))return console.warn(`[gstate] Potentially dangerous regex pattern blocked: ${t}`),!1;if(t.length>500)return console.warn("[gstate] Regex pattern exceeds maximum length limit"),!1;try{let s=new RegExp(t).test(e),i=Date.now()-n;return i>100&&console.warn(`[gstate] Slow regex detected (${i}ms) for pattern: ${t}`),s}catch{return!1}},wt=()=>{if(typeof crypto<"u"&&typeof crypto.randomUUID=="function")try{return crypto.randomUUID()}catch{}throw new Error("Cryptographically secure random UUID generation is required but crypto.randomUUID is unavailable. Please use a browser or environment with Web Crypto API support.")},A=typeof crypto<"u"&&typeof crypto.subtle<"u"&&typeof crypto.subtle.generateKey=="function",M=async(t,e,n=1e5)=>{if(!A)throw new Error("Web Crypto API not available");let r=await crypto.subtle.importKey("raw",new TextEncoder().encode(t),"PBKDF2",!1,["deriveKey"]),s=await crypto.subtle.deriveKey({name:"PBKDF2",salt:new Uint8Array(e),iterations:n,hash:"SHA-256"},r,{name:"AES-GCM",length:256},!0,["encrypt","decrypt"]),i=crypto.getRandomValues(new Uint8Array(12));return{key:s,iv:i}},V=(t=16)=>crypto.getRandomValues(new Uint8Array(t)),j=async()=>{if(!A)throw new Error("Web Crypto API not available");let t=await crypto.subtle.generateKey({name:"AES-GCM",length:256},!0,["encrypt","decrypt"]),e=crypto.getRandomValues(new Uint8Array(12));return{key:t,iv:e}},$=async t=>{let e=await crypto.subtle.exportKey("raw",t.key);return{key:btoa(String.fromCharCode(...new Uint8Array(e))),iv:btoa(String.fromCharCode(...t.iv))}},U=async(t,e)=>{let n=Uint8Array.from(atob(t),i=>i.charCodeAt(0)),r=Uint8Array.from(atob(e),i=>i.charCodeAt(0));return{key:await crypto.subtle.importKey("raw",n,{name:"AES-GCM",length:256},!0,["encrypt","decrypt"]),iv:r}},He=async(t,e)=>{let n=new TextEncoder,r=n.encode(JSON.stringify(t)),s=await crypto.subtle.encrypt({name:"AES-GCM",iv:e.iv},e.key,r),i=new Uint8Array(e.iv.length+s.byteLength);return i.set(e.iv),i.set(new Uint8Array(s),e.iv.length),btoa(String.fromCharCode(...i))},Xe=async(t,e)=>{let n=Uint8Array.from(atob(t),a=>a.charCodeAt(0)),r=n.slice(0,12),s=n.slice(12),i=await crypto.subtle.decrypt({name:"AES-GCM",iv:r},e.key,s);return JSON.parse(new TextDecoder().decode(i))},De=null,N=t=>{De=t},Ze=()=>De!==null,P=t=>{De&&De(t)},Ne=(t,e,n)=>{t.set(e instanceof RegExp?e.source:e,n)},_e=(t,e,n,r)=>{if(t.size===0)return!0;for(let[s,i]of t){let a;if(typeof s=="function"?a=s(e,r):a=ht(s,e),a)return i.includes(n)||i.includes("admin")}return!1},R=t=>{if(typeof t=="string"){let e=t.replace(/&#[xX]?[0-9a-fA-F]+;?/g,r=>{let s=r.match(/&amp;#x([0-9a-fA-F]+);?/i);if(s&&s[1])return String.fromCharCode(parseInt(s[1],16));let i=r.match(/&amp;#([0-9]+);?/);return i&&i[1]?String.fromCharCode(parseInt(i[1],10)):""});try{e=decodeURIComponent(e)}catch{}return e.replace(/\b(javascript|vbscript|data:text\/html|about:blank|chrome:)/gi,"[SEC-REMOVED]").replace(/<script\b[^>]*>[\s\S]*?<\s*\/\s*script\b[^>]*>/gi,"[SEC-REMOVED]").replace(/on\w+\s*=/gi,"[SEC-REMOVED]=").replace(/<iframe\b[^<]*(?:(?!<\/iframe>)<[^<]*)*<\/iframe>/gi,"[SEC-REMOVED]").replace(/<object\b[^<]*(?:(?!<\/object>)<[^<]*)*<\/object>/gi,"[SEC-REMOVED]").replace(/<embed\b[^<]*(?:(?!<\/embed>)<[^<]*)*<\/embed>/gi,"[SEC-REMOVED]").replace(/<svg\b[^<]*(?:(?!<\/svg>)<[^<]*)*<\/svg>/gi,"[SEC-REMOVED]").replace(/<form\b[^<]*(?:(?!<\/form>)<[^<]*)*<\/form>/gi,"[SEC-REMOVED]").replace(/<base\b[^<]*(?:(?!<\/base>)<[^<]*)*<\/base>/gi,"[SEC-REMOVED]").replace(/<link\b[^<]*(?:(?!<\/link>)<[^<]*)*<\/link>/gi,"[SEC-REMOVED]").replace(/<meta\b[^<]*(?:(?!<\/meta>)<[^<]*)*<\/meta>/gi,"[SEC-REMOVED]").replace(/<style\b[^<]*(?:(?!<\/style>)<[^<]*)*<\/style>/gi,"[SEC-REMOVED]")}if(t&&typeof t=="object"&&!Array.isArray(t)){if(Object.getPrototypeOf(t)===Object.prototype){let e={};for(let[n,r]of Object.entries(t))e[n]=R(r);return e}return t}return Array.isArray(t)?t.map(e=>R(e)):t},O=t=>/^[a-zA-Z0-9_.-]+$/.test(t)&&t.length<=256,ze=(t,e,n,r)=>{let s={id:wt(),purpose:n,granted:r,timestamp:Date.now()},i=t.get(e)||[];return i.push(s),t.set(e,i),P({timestamp:Date.now(),action:"set",key:`consent:${n}`,userId:e,success:!0}),s},Ye=(t,e,n)=>{let r=t.get(e);if(!r)return!1;for(let s=r.length-1;s>=0;s--){let i=r[s];if(i&&i.purpose===n)return i.granted}return!1},et=(t,e,n)=>ze(t,e,n,!1),tt=(t,e)=>t.get(e)||[],nt=(t,e)=>({userId:e,exportedAt:Date.now(),consents:t.get(e)||[]}),rt=(t,e)=>{let n=t.get(e)?.length||0;return t.delete(e),{success:!0,deletedConsents:n}};var me=t=>{if(t===null||typeof t!="object")return t;if(typeof structuredClone=="function")try{return structuredClone(t)}catch{}let e=new WeakMap,n=r=>{if(r===null||typeof r!="object"||typeof r=="function")return r;if(e.has(r))return e.get(r);if(r instanceof Date)return new Date(r.getTime());if(r instanceof RegExp)return new RegExp(r.source,r.flags);if(r instanceof Map){let a=new Map;return e.set(r,a),r.forEach((u,f)=>a.set(n(f),n(u))),a}if(r instanceof Set){let a=new Set;return e.set(r,a),r.forEach(u=>a.add(n(u))),a}let s=Array.isArray(r)?[]:Object.create(Object.getPrototypeOf(r));e.set(r,s);let i=[...Object.keys(r),...Object.getOwnPropertySymbols(r)];for(let a of i)s[a]=n(r[a]);return s};return n(t)},Re=(t,e)=>{if(t===e)return!0;if(t===null||e===null||typeof t!="object"||typeof e!="object")return t===e;if(Array.isArray(t)&&Array.isArray(e)){if(t.length!==e.length)return!1;for(let s=0;s<t.length;s++)if(!Re(t[s],e[s]))return!1;return!0}let n=Object.keys(t),r=Object.keys(e);if(n.length!==r.length)return!1;for(let s=0;s<n.length;s++){let i=n[s];if(!(i in e)||!Re(t[i],e[i]))return!1}return!0};import{freeze as bt}from"immer";var ot=t=>`${t}_`,it=async t=>{if(!t.storage)return;let{store:e,config:n,diskQueue:r,storage:s,encryptionKey:i,audit:a,onError:u,silent:f,currentVersion:p}=t,b=ot(n.namespace||"gstate");try{let h={};e.forEach((S,v)=>{h[v]=S});let l,y=n?.encoded;y?l=btoa(JSON.stringify(h)):l=JSON.stringify(h),s.setItem(b.replace("_",""),JSON.stringify({v:1,t:Date.now(),e:null,d:l,_sys_v:p,_b64:y?!0:void 0})),a("set","FULL_STATE",!0)}catch(h){let l=h instanceof Error?h:new Error(String(h));u?u(l,{operation:"persist",key:"FULL_STATE"}):f||console.error("[gstate] Persist failed: ",l)}let m=Array.from(r.entries());r.clear();for(let[h,l]of m)try{if(!h||!/^[a-zA-Z0-9_.-]+$/.test(h)||h.length>256){console.warn(`[gstate] Invalid storage key: ${h}`);continue}let y=l.value,S=l.options.encoded||l.options.encrypted;if(l.options.encrypted){if(!i)throw new Error(`Encryption key missing for "${h}"`);y=await He(l.value,i)}else S?y=btoa(JSON.stringify(l.value)):typeof l.value=="object"&&l.value!==null&&(y=JSON.stringify(l.value));s.setItem(`${b}${h}`,JSON.stringify({v:t.versions.get(h)||1,t:Date.now(),e:l.options.ttl?Date.now()+l.options.ttl:null,d:y,_sys_v:p,_enc:l.options.encrypted?!0:void 0,_b64:S?!0:void 0})),a("set",h,!0)}catch(y){let S=y instanceof Error?y:new Error(String(y));u?u(S,{operation:"persist",key:h}):f||console.error("[gstate] Persist failed: ",S)}},at=async(t,e,n)=>{let{storage:r,config:s,encryptionKey:i,audit:a,onError:u,silent:f,currentVersion:p,store:b,sizes:m,versions:h}=t,l=ot(s.namespace||"gstate"),y=s.immer??!0;if(r)try{let S={},v=0;for(let ue=0;ue<(r.length||0);ue++){let I=r.key(ue);if(!I||!I.startsWith(l))continue;let D=r.getItem(I);if(D)try{let _=JSON.parse(D),le=I.substring(l.length);if(v=Math.max(v,_._sys_v!==void 0?_._sys_v:_.v||0),_.e&&Date.now()>_.e){r.removeItem(I),ue--;continue}let de=_.d;if(_._enc&&i)de=await Xe(de,i);else if(typeof de=="string"){if(_._b64)try{de=JSON.parse(atob(de))}catch{}else if(de.startsWith("{")||de.startsWith("["))try{de=JSON.parse(de)}catch{}}S[le]=de,a("hydrate",le,!0)}catch(_){a("hydrate",I,!1,String(_));let le=_ instanceof Error?_:new Error(String(_));u?u(le,{operation:"hydration",key:I}):f||console.error(`[gstate] Hydration failed for "${I}": `,_)}}let he=v<p&&s.migrate?s.migrate(S,v):S;Object.entries(he).forEach(([ue,I])=>{let D=y&&I!==null&&typeof I=="object"?bt(me(I),!0):I,_=e(D),le=m.get(ue)||0;t.totalSize=t.totalSize-le+_,m.set(ue,_),b.set(ue,D),h.set(ue,1)}),n()}catch(S){let v=S instanceof Error?S:new Error(String(S));u?u(v,{operation:"hydration"}):f||console.error("[gstate] Hydration failed: ",v)}};var ct=(t,e,n)=>{if(t.plugins.size!==0)for(let r of t.plugins.values()){let s=r.hooks?.[e];if(s)try{s(n)}catch(i){let a=i instanceof Error?i:new Error(String(i));t.onError?t.onError(a,{operation:`plugin:${r.name}:${e}`,key:n.key}):t.silent||console.error(`[gstate] Plugin "${r.name}" error:`,i)}}},ut=(t,e,n)=>{try{t.plugins.set(e.name,e),e.hooks?.onInstall?.({store:n})}catch(r){let s=r instanceof Error?r:new Error(String(r));t.onError?t.onError(s,{operation:"plugin:install",key:e.name}):t.silent||console.error(`[gstate] Failed to install plugin "${e.name}": `,r)}};var E=class{store;config;pendingQueue=new Map;remoteVersions=new Map;syncTimer=null;onlineStatusListeners=new Set;syncStateListeners=new Set;_isOnline=!0;_isSyncing=!1;constructor(e,n){this.store=e,this.config={endpoint:n.endpoint,authToken:n.authToken||"",strategy:n.strategy||"last-write-wins",autoSyncInterval:n.autoSyncInterval??3e4,syncOnReconnect:n.syncOnReconnect??!0,debounceTime:n.debounceTime??1e3,fetch:n.fetch||fetch,onSync:n.onSync||(()=>{}),onConflict:n.onConflict||(()=>({action:"accept-local"})),maxRetries:n.maxRetries??3},this._isOnline=typeof navigator<"u"?navigator.onLine:!0,this._setupOnlineListener(),this._setupStoreListener(),this.config.autoSyncInterval>0&&this._startAutoSync()}_getAuthToken(){let e=this.config.authToken;return typeof e=="function"?e()||"":e||""}_setupOnlineListener(){typeof window>"u"||(window.addEventListener("online",()=>{this._isOnline=!0,this._notifyOnlineChange(!0),this.config.syncOnReconnect&&this.sync()}),window.addEventListener("offline",()=>{this._isOnline=!1,this._notifyOnlineChange(!1)}))}_setupStoreListener(){this.store._subscribe(()=>{})}_startAutoSync(){setInterval(()=>{this._isOnline&&!this._isSyncing&&this.pendingQueue.size>0&&this.sync()},this.config.autoSyncInterval)}_notifyOnlineChange(e){this.onlineStatusListeners.forEach(n=>n(e)),this._notifyStateChange()}_notifyStateChange(){let e=this.getState();this.syncStateListeners.forEach(n=>n(e))}queueChange(e,n){let r=this.store._getVersion(e)||1;this.pendingQueue.set(e,{key:e,value:me(n),timestamp:Date.now(),version:r}),this._notifyStateChange(),this.syncTimer&&clearTimeout(this.syncTimer),this.syncTimer=setTimeout(()=>{this._isOnline&&this.sync()},this.config.debounceTime)}async sync(){if(this._isSyncing)return{success:!1,syncedKeys:[],conflicts:[],errors:["Sync already in progress"],timestamp:Date.now(),duration:0};this._isSyncing=!0,this._notifyStateChange();let e=Date.now(),n=[],r=[],s=[];try{let i=Array.from(this.pendingQueue.values());if(i.length===0)return this._isSyncing=!1,this._notifyStateChange(),{success:!0,syncedKeys:[],conflicts:[],errors:[],timestamp:Date.now(),duration:Date.now()-e};await this._fetchRemoteVersions(i.map(u=>u.key));for(let u of i)try{let f=this.remoteVersions.get(u.key);if(!f)await this._pushChange(u),n.push(u.key),this.pendingQueue.delete(u.key);else if(f.version>=u.version){let p={key:u.key,localValue:u.value,remoteValue:f.value,localVersion:u.version,remoteVersion:f.version,timestamp:u.timestamp};r.push(p);let b=this.config.onConflict(p);await this._resolveConflict(u,f,b),n.push(u.key),this.pendingQueue.delete(u.key)}else await this._pushChange(u),n.push(u.key),this.pendingQueue.delete(u.key)}catch(f){s.push(`Failed to sync "${u.key}": ${f}`)}let a={success:s.length===0,syncedKeys:n,conflicts:r,errors:s,timestamp:Date.now(),duration:Date.now()-e};return this.config.onSync(a),a}catch(i){let a=`Sync failed: ${i}`;return s.push(a),{success:!1,syncedKeys:n,conflicts:r,errors:s,timestamp:Date.now(),duration:Date.now()-e}}finally{this._isSyncing=!1,this._notifyStateChange()}}async _fetchRemoteVersions(e){try{let n=this._getAuthToken(),r=await this.config.fetch(`${this.config.endpoint}/versions`,{method:"POST",headers:{"Content-Type":"application/json",...n&&{Authorization:`Bearer ${n}`}},body:JSON.stringify({keys:e})});if(r.ok){let s=await r.json();if(s.versions)for(let[i,a]of Object.entries(s.versions))this.remoteVersions.set(i,a)}}catch(n){console.warn("[SyncEngine] Failed to fetch remote versions:",n)}}async _pushChange(e){let n=0;for(;n<this.config.maxRetries;)try{let r=this._getAuthToken(),s=await this.config.fetch(`${this.config.endpoint}/sync`,{method:"POST",headers:{"Content-Type":"application/json",...r&&{Authorization:`Bearer ${r}`}},body:JSON.stringify({key:e.key,value:e.value,version:e.version,timestamp:e.timestamp})});if(s.ok){let i=await s.json();i.version&&this.remoteVersions.set(e.key,{version:i.version,timestamp:i.timestamp||Date.now(),value:e.value});return}n++}catch(r){if(n++,n>=this.config.maxRetries)throw r}}async _resolveConflict(e,n,r){switch(r.action){case"accept-local":await this._pushChange({...e,version:n.version+1,timestamp:Date.now()});break;case"accept-remote":this.store.set(e.key,n.value);break;case"merge":this.store.set(e.key,r.value),await this._pushChange({key:e.key,value:r.value,version:Math.max(e.version,n.version)+1,timestamp:Date.now()});break;case"discard":break}}getState(){return{isOnline:this._isOnline,isSyncing:this._isSyncing,lastSyncTimestamp:null,pendingChanges:this.pendingQueue.size,conflicts:0}}onOnlineChange(e){return this.onlineStatusListeners.add(e),()=>this.onlineStatusListeners.delete(e)}onStateChange(e){return this.syncStateListeners.add(e),()=>this.syncStateListeners.delete(e)}async flush(){return this.sync()}destroy(){this.syncTimer&&clearTimeout(this.syncTimer),this.pendingQueue.clear(),this.onlineStatusListeners.clear(),this.syncStateListeners.clear()}},z=(t,e)=>new E(t,e);var xt={local:()=>typeof window<"u"?window.localStorage:null,session:()=>typeof window<"u"?window.sessionStorage:null,memory:()=>{let t=new Map;return{getItem:e=>t.get(e)||null,setItem:(e,n)=>t.set(e,n),removeItem:e=>t.delete(e),key:e=>Array.from(t.keys())[e]||null,get length(){return t.size}}}},T=t=>{let e=new Map,n=new Map,r=new Map,s=new Set,i=new Map,a=new Set,u=new Map,f=new Map,p=new Map,b=new Map,m=new Map,h=new Map,l=new Map,y=new Map,S=t?.namespace||"gstate",v=t?.silent??!1,he=t?.debounceTime??150,ue=t?.version??0,I=t?.storage||xt.local(),D=t?.onError,_=t?.maxObjectSize??0,le=t?.maxTotalSize??0,de=t?.encryptionKey??null,Te=t?.validateInput??!0,pt=t?.auditEnabled??!0,ke=t?.userId,Ie=t?.immer??!0,ft=t?.persistByDefault??t?.persistence??t?.persist??!1;t?.accessRules&&t.accessRules.forEach(o=>Ne(l,o.pattern,o.permissions));let Me=!1,Ve=!1,je=!1,fe=0,ve=null,Se=null,$e,yt=new Promise(o=>{$e=o}),St=()=>`${S}_`,Be=()=>({store:e,versions:n,sizes:r,totalSize:fe,storage:I,config:t||{},diskQueue:m,encryptionKey:de,audit:be,onError:D,silent:v,debounceTime:he,currentVersion:ue}),Fe=()=>({plugins:b,onError:D,silent:v}),Ue=o=>{if(o==null)return 0;let c=typeof o;if(c==="boolean")return 4;if(c==="number")return 8;if(c==="string")return o.length*2;if(c!=="object")return 0;let g=0,C=[o],x=new WeakSet;for(;C.length>0;){let w=C.pop();if(typeof w=="boolean")g+=4;else if(typeof w=="number")g+=8;else if(typeof w=="string")g+=w.length*2;else if(typeof w=="object"&&w!==null){let ee=w;if(x.has(ee))continue;if(x.add(ee),Array.isArray(ee))for(let ge=0;ge<ee.length;ge++)C.push(ee[ge]);else for(let ge of Object.keys(ee))g+=ge.length*2,C.push(ee[ge])}}return g},we=(o,c)=>{ct(Fe(),o,c)},be=(o,c,g,C)=>{pt&&Ze()&&P&&P({timestamp:Date.now(),action:o,key:c,userId:ke,success:g,error:C})},Je=o=>{let c=f.get(o);if(!c)return;let g=new Set,C=w=>(g.add(w),f.has(w)?f.get(w).lastValue:Y.get(w)),x=c.selector(C);c.deps.forEach(w=>{if(!g.has(w)){let ee=p.get(w);ee&&(ee.delete(o),ee.size===0&&p.delete(w))}}),g.forEach(w=>{c.deps.has(w)||(p.has(w)||p.set(w,new Set),p.get(w).add(o))}),c.deps=g,Re(c.lastValue,x)||(c.lastValue=Ie&&x!==null&&typeof x=="object"?Le(me(x),!0):x,n.set(o,(n.get(o)||0)+1),Ce(o))},Ce=o=>{if(o){if(p.has(o)){let C=p.get(o);for(let x of C)Je(x)}let c=u.get(o);if(c){let C=Y.get(o);for(let x of c)try{x(C)}catch(w){let ee=w instanceof Error?w:new Error(String(w));D?D(ee,{operation:"watcher",key:o}):v||console.error(`[gstate] Watcher error for "${o}":`,w)}}let g=i.get(o);if(g)for(let C of g)try{C()}catch(x){let w=x instanceof Error?x:new Error(String(x));D?D(w,{operation:"keyListener",key:o}):v||console.error(`[gstate] Listener error for "${o}":`,x)}}if(Me){Ve=!0;return}for(let c of s)try{c()}catch(g){let C=g instanceof Error?g:new Error(String(g));D?D(C,{operation:"listener"}):v||console.error("[gstate] Global listener error: ",g)}},We=async()=>{it(Be())},Ae={},Y={_setSilently:(o,c)=>{let g=r.get(o)||0,C=Ie&&c!==null&&typeof c=="object"?Le(me(c),!0):c,x=typeof process<"u"&&!0,ee=(_>0||le>0)&&!x?Ue(C):0;fe=fe-g+ee,r.set(o,ee),e.set(o,C),n.set(o,(n.get(o)||0)+1),Se=null},_registerMethod:(o,c,g)=>{let C=x=>x==="__proto__"||x==="constructor"||x==="prototype";if(C(o)||C(c)){console.warn("[gstate] Refusing to register method with unsafe key:",o,c);return}Ae[o]||(Ae[o]={}),Ae[o][c]=g},set:(o,c,g={})=>{let C=e.get(o),x=Ie&&typeof c=="function"?Ct(C,c):c;if(Te&&!O(o))return v||console.warn(`[gstate] Invalid key: ${o}`),!1;if(!_e(l,o,"write",ke))return be("set",o,!1,"RBAC Denied"),v||console.error(`[gstate] RBAC Denied for "${o}"`),!1;let w=Te?R(x):x,ee=r.get(o)||0;we("onBeforeSet",{key:o,value:w,store:Y,version:n.get(o)||0});let ge=Ie&&w!==null&&typeof w=="object"?Le(me(w),!0):w;if(!Re(C,ge)){let mt=typeof process<"u"&&!0,xe=(_>0||le>0)&&!mt?Ue(ge):0;if(_>0&&xe>_){let Ee=new Error(`Object size (${xe} bytes) exceeds maxObjectSize (${_} bytes)`);D?D(Ee,{operation:"set",key:o}):v||console.warn(`[gstate] ${Ee.message} for "${o}"`)}if(le>0){let Ee=fe-ee+xe;if(Ee>le){let Ge=new Error(`Total store size (${Ee} bytes) exceeds limit (${le} bytes)`);D?D(Ge,{operation:"set"}):v||console.warn(`[gstate] ${Ge.message}`)}}fe=fe-ee+xe,r.set(o,xe),e.set(o,ge),n.set(o,(n.get(o)||0)+1),Se=null;let Qe=g.persist??ft;return Qe&&(m.set(o,{value:ge,options:{...g,persist:Qe,encoded:g.encoded||t?.encoded}}),ve&&clearTimeout(ve),ve=setTimeout(We,he)),we("onSet",{key:o,value:ge,store:Y,version:n.get(o)}),be("set",o,!0),Ce(o),!0}return!1},get:o=>{if(!_e(l,o,"read",ke))return be("get",o,!1,"RBAC Denied"),null;let c=e.get(o);return we("onGet",{store:Y,key:o,value:c}),be("get",o,!0),c},compute:(o,c)=>{try{return f.has(o)||(f.set(o,{selector:c,lastValue:null,deps:new Set}),Je(o)),f.get(o).lastValue}catch(g){let C=g instanceof Error?g:new Error(String(g));return D?D(C,{operation:"compute",key:o}):v||console.error(`[gstate] Compute error for "${o}": `,g),null}},watch:(o,c)=>{u.has(o)||u.set(o,new Set);let g=u.get(o);return g.add(c),()=>{g.delete(c),g.size===0&&u.delete(o)}},remove:o=>{if(!_e(l,o,"delete",ke))return be("delete",o,!1,"RBAC Denied"),!1;let c=e.get(o),g=e.delete(o);return g&&(fe-=r.get(o)||0,r.delete(o),we("onRemove",{store:Y,key:o,value:c}),Se=null),n.set(o,(n.get(o)||0)+1),I&&I.removeItem(`${St()}${o}`),be("delete",o,!0),Ce(o),g},delete:o=>Y.remove(o),deleteAll:()=>{if(Array.from(e.keys()).forEach(o=>Y.remove(o)),I){let o=S+"_";for(let c=0;c<(I.length||0);c++){let g=I.key(c);g?.startsWith(o)&&(I.removeItem(g),c--)}}return fe=0,r.clear(),Se=null,!0},list:()=>Object.fromEntries(e.entries()),use:o=>{a.add(o)},transaction:o=>{Me=!0,we("onTransaction",{store:Y,key:"START"});try{o()}finally{Me=!1,we("onTransaction",{store:Y,key:"END"}),Ve&&(Ve=!1,Ce())}},destroy:()=>{ve&&(clearTimeout(ve),ve=null),m.clear(),typeof window<"u"&&window.removeEventListener("beforeunload",qe),we("onDestroy",{store:Y}),s.clear(),i.clear(),u.clear(),f.clear(),p.clear(),b.clear(),e.clear(),r.clear(),fe=0,l.clear(),y.clear(),n.clear(),h.clear(),a.clear()},_addPlugin:o=>{ut(Fe(),o,Y)},_removePlugin:o=>{b.delete(o)},_subscribe:(o,c)=>{if(c){i.has(c)||i.set(c,new Set);let g=i.get(c);return g.add(o),()=>{g.delete(o),g.size===0&&i.delete(c)}}return s.add(o),()=>s.delete(o)},_getVersion:o=>n.get(o)??0,addAccessRule:(o,c)=>Ne(l,o,c),hasPermission:(o,c,g)=>_e(l,o,c,g),recordConsent:(o,c,g)=>ze(y,o,c,g),hasConsent:(o,c)=>Ye(y,o,c),getConsents:o=>tt(y,o),revokeConsent:(o,c)=>et(y,o,c),exportUserData:o=>nt(y,o),deleteUserData:o=>rt(y,o),getSnapshot:()=>(Se||(Se=Object.fromEntries(e.entries())),Se),get plugins(){return Ae},get isReady(){return je},get namespace(){return S},get userId(){return ke},whenReady:()=>yt};["addAccessRule","recordConsent","hasConsent","getConsents","revokeConsent","exportUserData","deleteUserData"].forEach(o=>{let c=Y[o];c&&Y._registerMethod("security",o,c)});let qe=()=>{m.size>0&&We()};typeof window<"u"&&window.addEventListener("beforeunload",qe),I?at(Be(),o=>{let c=typeof process<"u"&&!0;return(_>0||le>0)&&!c?Ue(o):0},()=>{je=!0,Se=null,$e(),Ce()}).then(()=>{}):(je=!0,$e());let Oe=null;return t?.sync&&(Oe=new E(Y,t.sync),Y._registerMethod("sync","flush",()=>Oe?.flush()),Y._registerMethod("sync","getState",()=>Oe?.getState()),Y._registerMethod("sync","onStateChange",o=>Oe?.onStateChange(o))),Y};import{useSyncExternalStore as lt,useDebugValue as Et,useMemo as Ke,useCallback as Pe,useEffect as dt,useState as gt}from"react";var pe=null,L=t=>{pe&&!t?.namespace&&(t?.silent||console.warn("[gstate] Store already exists. Pass a unique namespace to create additional stores."));let e=T(t);return pe=e,e},K=()=>{pe&&(pe.destroy(),pe=null)},B=t=>{let e=t||pe,n=Ke(()=>r=>e?e._subscribe(r):()=>{},[e]);return lt(n,()=>e?e.isReady:!1,()=>!0)},k=()=>pe;function d(t,e){let n=Ke(()=>e||pe,[e]),r=Ke(()=>{let l=()=>{},y=()=>!1,S=()=>null;return{set:y,get:S,remove:y,delete:y,deleteAll:y,list:()=>({}),compute:S,watch:()=>()=>{},use:l,transaction:l,destroy:l,_subscribe:()=>()=>{},_setSilently:l,_registerMethod:l,_addPlugin:l,_removePlugin:l,_getVersion:()=>0,get isReady(){return!1},whenReady:()=>Promise.resolve(),get plugins(){return{}},getSnapshot:()=>({}),get namespace(){return"ghost"},get userId(){}}},[]),s=n||r,i=typeof t=="function",a=i?null:t,u=i?t:null,f=Pe(l=>i?s._subscribe(l):s._subscribe(l,a),[s,i,a]),p=Pe(()=>i?u(s.getSnapshot()):s.get(a)??void 0,[s,i,a,u]),b=Pe(()=>{if(i)try{return u({})}catch{return}else return},[u,i]),m=lt(f,p,b),h=Pe((l,y)=>i?(typeof process<"u"||console.warn("[gstate] Cannot set value when using a selector."),!1):s.set(a,l,y),[s,i,a]);return Et(m,l=>i?`Selector: ${JSON.stringify(l)}`:`${a}: ${JSON.stringify(l)}`),i?m:[m,h]}var ye=new Map,F=(t,e)=>{let n=t.namespace;if(ye.has(n))return console.warn(`[gstate] Sync engine already exists for namespace "${n}". Call destroySync first.`),ye.get(n);let r=new E(t,e);return ye.set(n,r),r},J=t=>{let e=ye.get(t);e&&(e.destroy(),ye.delete(t))};function W(t,e){let n=e||pe,r=n?.namespace||"default",s=ye.get(r),i=d(t,n),a=i[0],u=i[1],[f,p]=gt(()=>s?.getState()||{isOnline:!0,isSyncing:!1,lastSyncTimestamp:null,pendingChanges:0,conflicts:0});dt(()=>s?s.onStateChange(p):void 0,[s]);let b=Pe((m,h)=>{let l=u(m,h);if(l&&s){let y=n?.get(t);s.queueChange(t,y)}return l},[u,s,t,n]);return[a,b,f]}var q=()=>{let[t,e]=gt({isOnline:!0,isSyncing:!1,lastSyncTimestamp:null,pendingChanges:0,conflicts:0});return dt(()=>{let n=()=>{let s=!0,i=!1,a=0,u=0;ye.forEach(f=>{let p=f.getState();s=s&&p.isOnline,i=i||p.isSyncing,a+=p.pendingChanges,u+=p.conflicts}),e({isOnline:s,isSyncing:i,lastSyncTimestamp:null,pendingChanges:a,conflicts:u})};n();let r=Array.from(ye.values()).map(s=>s.onStateChange(n));return()=>r.forEach(s=>s())},[]),t},Q=async t=>{let e=t||pe?.namespace;if(!e)return;let n=ye.get(e);n&&await n.flush()};var G=(t,e)=>{let n=e?.key||"async_data",r=e?.store||T({namespace:`async_${n}`,silent:!0});return r.get(n)==null&&r.set(n,{data:null,loading:!1,error:null,updatedAt:null}),Object.assign(r,{execute:async()=>{let i=r.get(n);r.set(n,{...i||{data:null,loading:!1,error:null,updatedAt:null},loading:!0,error:null}),"whenReady"in r&&!r.isReady&&await r.whenReady();try{let a=await t(),u=r.get(n);r.set(n,{...u||{data:null,loading:!1,error:null,updatedAt:null},data:a,loading:!1,updatedAt:Date.now()},{persist:e?.persist})}catch(a){let u=r.get(n);r.set(n,{...u||{data:null,loading:!1,error:null,updatedAt:null},error:a instanceof Error?a:new Error(String(a)),loading:!1})}}})};var _t=()=>({name:"gstate-immer",hooks:{onInstall:({store:t})=>{t._registerMethod("immer","setWithProduce",((e,n)=>t.set(e,n)))}}});var Rt=t=>{let e=[],n=-1,r=!1,s=t?.limit||50;return{name:"gstate-undo-redo",hooks:{onInstall:({store:i})=>{e.push(i.list()),n=0,i._registerMethod("undoRedo","undo",()=>{if(n>0){r=!0,n--;let a=e[n];return a?(Object.entries(a).forEach(([u,f])=>{i._setSilently(u,f)}),r=!1,!0):!1}return!1}),i._registerMethod("undoRedo","redo",()=>{if(n<e.length-1){r=!0,n++;let a=e[n];return a?(Object.entries(a).forEach(([u,f])=>{i._setSilently(u,f)}),r=!1,!0):!1}return!1}),i._registerMethod("undoRedo","canUndo",()=>n>0),i._registerMethod("undoRedo","canRedo",()=>n<e.length-1)},onSet:({store:i})=>{r||(n<e.length-1&&(e=e.slice(0,n+1)),e.push(i.list()),e.length>s?e.shift():n++)}}}};var Pt=t=>({name:"gstate-schema",hooks:{onSet:({key:e,value:n})=>{if(!e)return;let r=t[e];if(r){let s=r(n);if(s!==!0)throw new Error(`[Schema Error] Validation failed for key "${e}": ${s===!1?"Invalid type":s}`)}}}});var Tt=t=>{let r=globalThis.__REDUX_DEVTOOLS_EXTENSION__;if(!r?.connect)return{name:"gstate-devtools-noop",hooks:{}};let s=null;return{name:"gstate-devtools",hooks:{onInstall:({store:i})=>{s=r.connect({name:t?.name||"Magnetar Store"}),s.init(i.list())},onSet:({key:i,store:a})=>{!i||!s||s.send(`SET_${i.toUpperCase()}`,a.list())},onRemove:({key:i,store:a})=>{!i||!s||s.send(`REMOVE_${i.toUpperCase()}`,a.list())}}}};var It=()=>{let t=new Map;return{name:"gstate-snapshot",hooks:{onInstall:({store:e})=>{e._registerMethod("snapshot","takeSnapshot",(n=>{t.set(n,e.list())})),e._registerMethod("snapshot","restoreSnapshot",(n=>{let r=t.get(n);return r?(e.transaction(()=>{Object.entries(r).forEach(([s,i])=>{e.set(s,i)})}),!0):!1})),e._registerMethod("snapshot","listSnapshots",(()=>Array.from(t.keys()))),e._registerMethod("snapshot","deleteSnapshot",(n=>t.delete(n))),e._registerMethod("snapshot","clearSnapshots",(()=>t.clear()))}}}};var At=t=>({name:"gstate-guard",hooks:{onBeforeSet:({key:e,value:n,store:r})=>{if(!e)return;let s=t[e];if(s){let i=s(n)}}}});var Ot=t=>({name:"gstate-analytics",hooks:{onSet:({key:e,value:n})=>{e&&(!t.keys||t.keys.includes(e))&&t.provider({key:e,value:n,action:"SET"})},onRemove:({key:e})=>{e&&(!t.keys||t.keys.includes(e))&&t.provider({key:e,value:null,action:"REMOVE"})}}});var Dt=t=>{let e=new BroadcastChannel(t?.channelName||"gstate_sync"),n=!1;return{name:"gstate-sync",hooks:{onInstall:({store:r})=>{e.onmessage=s=>{let{key:i,value:a,action:u}=s.data;i&&(n=!0,u==="REMOVE"?r.remove(i):r.set(i,a),n=!1)}},onSet:({key:r,value:s})=>{!r||n||e.postMessage({key:r,value:s,action:"SET"})},onRemove:({key:r})=>{!r||n||e.postMessage({key:r,action:"REMOVE"})},onDestroy:()=>{e.close()}}}};var Mt=()=>({name:"gstate-debug-noop",hooks:{}});var Vt=(t={})=>{let e=t.dbName||"rgs-db",n=t.storeName||"states",r=t.version||1,s=null,i=()=>new Promise((p,b)=>{if(s)return p(s);let m=indexedDB.open(e,r);m.onerror=()=>b(m.error),m.onsuccess=()=>{s=m.result,p(s)},m.onupgradeneeded=h=>{let l=h.target.result;l.objectStoreNames.contains(n)||l.createObjectStore(n)}}),a=async(p,b)=>{let m=await i();return new Promise((h,l)=>{let v=m.transaction(n,"readwrite").objectStore(n).put(b,p);v.onsuccess=()=>h(),v.onerror=()=>l(v.error)})},u=async p=>{let b=await i();return new Promise((m,h)=>{let S=b.transaction(n,"readonly").objectStore(n).get(p);S.onsuccess=()=>m(S.result),S.onerror=()=>h(S.error)})},f=async p=>{let b=await i();return new Promise((m,h)=>{let S=b.transaction(n,"readwrite").objectStore(n).delete(p);S.onsuccess=()=>m(),S.onerror=()=>h(S.error)})};return{name:"indexedDB",hooks:{onInstall:({store:p})=>{p._registerMethod("indexedDB","clear",async()=>{(await i()).transaction(n,"readwrite").objectStore(n).clear()})},onInit:async({store:p})=>{let l=(await i()).transaction(n,"readonly").objectStore(n).getAllKeys();l.onsuccess=async()=>{let y=l.result,S=p.namespace+"_";for(let v of y)if(v.startsWith(S)){let he=await u(v);if(he){let ue=v.substring(S.length);p._setSilently(ue,he.d)}}}},onSet:async({key:p,value:b,store:m})=>{if(!p)return;let h=m.namespace+"_",l={d:b,t:Date.now(),v:m._getVersion?.(p)||1};await a(`${h}${p}`,l)},onRemove:async({key:p,store:b})=>{if(!p)return;let m=b.namespace+"_";await f(`${m}${p}`)}}}};var jt=t=>{let{adapter:e,autoSyncInterval:n}=t,r=new Map,s={lastSyncTimestamp:null,totalKeysSynced:0,totalBytesSynced:0,syncCount:0,lastDuration:0,errors:0},i=null;return{name:"cloudSync",hooks:{onInstall:({store:a})=>{a._registerMethod("cloudSync","sync",async()=>{let u=performance.now(),f={},p=0;try{let b=a.list(),m=Object.keys(b);for(let l of m){let y=a._getVersion?.(l)||0,S=r.get(l)||0;if(y>S){let v=b[l];f[l]=v,p+=JSON.stringify(v).length,r.set(l,y)}}if(Object.keys(f).length===0)return{status:"no-change",stats:s};if(await e.save(f))return s.lastSyncTimestamp=Date.now(),s.totalKeysSynced+=Object.keys(f).length,s.totalBytesSynced+=p,s.syncCount++,s.lastDuration=performance.now()-u,t.onSync&&t.onSync(s),{status:"success",stats:s};throw new Error(`Adapter ${e.name} failed to save.`)}catch(b){return s.errors++,console.error(`[gstate] Cloud Sync Failed (${e.name}):`,b),{status:"error",error:String(b),stats:s}}}),a._registerMethod("cloudSync","getStats",()=>s),n&&n>0&&(i=setInterval(()=>{let f=a.plugins.cloudSync;f&&f.sync()},n))},onDestroy:()=>{i&&clearInterval(i)}}}},$t=(t,e)=>({name:"MongoDB-Atlas",save:async n=>(await fetch(`${t}/action/updateOne`,{method:"POST",headers:{"Content-Type":"application/json","api-key":e},body:JSON.stringify({dataSource:"Cluster0",database:"rgs_cloud",collection:"user_states",filter:{id:"global_state"},update:{$set:{data:n,updatedAt:Date.now()}},upsert:!0})})).ok}),Ut=(t,e)=>({name:"Firebase-Firestore",save:async n=>{try{return((...i)=>{})("[Mock] Firestore Syncing:",n),!0}catch{return!1}}}),Nt=(t,e)=>({name:"SQL-REST-API",save:async n=>{let r=e();return r?(await fetch(t,{method:"PATCH",headers:{"Content-Type":"application/json",Authorization:`Bearer ${r}`},body:JSON.stringify(n),credentials:"same-origin"})).ok:(console.warn("[gstate] No auth token available for SQL-REST sync"),!1)}});var $n=t=>({name:"gstate-logger",hooks:{onSet:({key:e,value:n,version:r})=>{let s=new Date().toLocaleTimeString(),i=`[gstate] SET: ${e} (v${r}) @ ${s}`;t?.collapsed?console.groupCollapsed(i):console.group(i),console.info("%c Value:","color: #4CAF50; font-weight: bold;",n),console.groupEnd()},onRemove:({key:e})=>{console.warn(`[gstate] REMOVED: ${e}`)},onTransaction:({key:e})=>{e==="START"?console.group("\u2500\u2500 TRANSACTION START \u2500\u2500"):console.groupEnd()}}});var H=(t,e)=>{let r=T(typeof e=="string"?{namespace:e}:e);t&&Object.entries(t).forEach(([a,u])=>{r.get(a)===null&&r._setSilently(a,u)});let s=a=>d(a,r);return typeof window<"u"&&typeof process>"u"&&(window.gstate=r,window.gState=r,window.rgs=r),Object.assign(s,r)};var te=(t,e)=>k()?.addAccessRule(t,e),ne=(t,e,n)=>k()?.hasPermission(t,e,n)??!0,re=(t,e,n)=>{let r=k();if(!r)throw new Error("[gstate] recordConsent failed: No store found. call initState() first.");return r.recordConsent(t,e,n)},se=(t,e)=>k()?.hasConsent(t,e)??!1,oe=t=>k()?.getConsents(t)??[],ie=(t,e)=>k()?.revokeConsent(t,e),ae=t=>{let e=k();if(!e)throw new Error("[gstate] exportUserData failed: No store found.");return e.exportUserData(t)},ce=t=>{let e=k();if(!e)throw new Error("[gstate] deleteUserData failed: No store found.");return e.deleteUserData(t)},X=()=>{},Z=()=>{};export{E as SyncEngine,te as addAccessRule,Ot as analyticsPlugin,X as clearAccessRules,Z as clearAllConsents,jt as cloudSyncPlugin,G as createAsyncStore,Ut as createFirestoreAdapter,$t as createMongoAdapter,Nt as createSqlRestAdapter,T as createStore,z as createSyncEngine,Mt as debugPlugin,ce as deleteUserData,M as deriveKeyFromPassword,K as destroyState,J as destroySync,Tt as devToolsPlugin,$ as exportKey,ae as exportUserData,j as generateEncryptionKey,V as generateSalt,oe as getConsents,k as getStore,H as gstate,At as guardPlugin,se as hasConsent,ne as hasPermission,_t as immerPlugin,U as importKey,Vt as indexedDBPlugin,L as initState,F as initSync,A as isCryptoAvailable,P as logAudit,$n as loggerPlugin,re as recordConsent,ie as revokeConsent,R as sanitizeValue,Pt as schemaPlugin,N as setAuditLogger,It as snapshotPlugin,Dt as syncPlugin,Q as triggerSync,Rt as undoRedoPlugin,d as useGState,B as useIsStoreReady,d as useSimpleState,d as useStore,q as useSyncStatus,W as useSyncedState,O as validateKey};
-//# sourceMappingURL=index.js.map