@bquery/bquery 1.11.1 → 1.12.0

package/dist/sanitize-DOMkRO9G.js.map

@@ -1 +1 @@
-{"version":3,"file":"sanitize-DOMkRO9G.js","names":[],"sources":["../src/security/constants.ts","../src/security/sanitize-core.ts","../src/security/trusted-html.ts","../src/security/csp.ts","../src/security/trusted-types.ts","../src/security/sanitize.ts"],"sourcesContent":["/**\n * Security constants and safe lists.\n *\n * @module bquery/security\n */\n\n/**\n * Trusted Types policy name.\n */\nexport const POLICY_NAME = 'bquery-sanitizer';\n\n/**\n * Default allowed HTML tags considered safe.\n */\nexport const DEFAULT_ALLOWED_TAGS = new Set([\n  'a',\n  'abbr',\n  'address',\n  'article',\n  'aside',\n  'b',\n  'bdi',\n  'bdo',\n  'blockquote',\n  'br',\n  'button',\n  'caption',\n  'cite',\n  'code',\n  'col',\n  'colgroup',\n  'data',\n  'dd',\n  'del',\n  'details',\n  'dfn',\n  'div',\n  'dl',\n  'dt',\n  'em',\n  'figcaption',\n  'figure',\n  'footer',\n  'form',\n  'h1',\n  'h2',\n  'h3',\n  'h4',\n  'h5',\n  'h6',\n  'header',\n  'hgroup',\n  'hr',\n  'i',\n  'img',\n  'input',\n  'ins',\n  'kbd',\n  'label',\n  'legend',\n  'li',\n  'main',\n  'mark',\n  'nav',\n  'ol',\n  'optgroup',\n  'option',\n  'p',\n  'picture',\n  'pre',\n  'progress',\n  'q',\n  'rp',\n  'rt',\n  'ruby',\n  's',\n  'samp',\n  'section',\n  'select',\n  'small',\n  'source',\n  'span',\n  'strong',\n  'sub',\n  'summary',\n  'sup',\n  'table',\n  'tbody',\n  'td',\n  'textarea',\n  'tfoot',\n  'th',\n  'thead',\n  'time',\n  'tr',\n  'u',\n  'ul',\n  'var',\n  'wbr',\n]);\n\n/**\n * Explicitly dangerous tags that should never be allowed.\n * These are checked even if somehow added to allowTags.\n */\nexport const DANGEROUS_TAGS = new Set([\n  'script',\n  'iframe',\n  'frame',\n  'frameset',\n  'object',\n  'embed',\n  'applet',\n  'link',\n  'meta',\n  'style',\n  'base',\n  'template',\n  // 'slot' is intentionally excluded here so component shadow markup can opt in\n  // via sanitizeHtml(..., { allowTags: ['slot'] }). It remains disallowed by default\n  // for general HTML writes, because DEFAULT_ALLOWED_TAGS does not include it.\n  'math',\n  'svg',\n  'foreignobject',\n  'noscript',\n]);\n\n/**\n * Reserved IDs that could cause DOM clobbering attacks.\n * These are prevented to avoid overwriting global browser objects.\n */\nexport const RESERVED_IDS = new Set([\n  // Global objects\n  'document',\n  'window',\n  'location',\n  'top',\n  'self',\n  'parent',\n  'frames',\n  'history',\n  'navigator',\n  'screen',\n  // Dangerous functions\n  'alert',\n  'confirm',\n  'prompt',\n  'eval',\n  'function',\n  // Document properties\n  'cookie',\n  'domain',\n  'referrer',\n  'body',\n  'head',\n  'forms',\n  'images',\n  'links',\n  'scripts',\n  // DOM traversal properties\n  'children',\n  'parentnode',\n  'firstchild',\n  'lastchild',\n  // Content manipulation\n  'innerhtml',\n  'outerhtml',\n  'textcontent',\n]);\n\n/**\n * Default allowed attributes considered safe.\n * Note: 'style' is excluded by default because inline CSS can be abused for:\n * - UI redressing attacks\n * - Data exfiltration via url() in CSS\n * - CSS injection vectors\n * If you need to allow inline styles, add 'style' to allowAttributes in your\n * sanitizeHtml options, but ensure you implement proper CSS value validation.\n */\nexport const DEFAULT_ALLOWED_ATTRIBUTES = new Set([\n  'alt',\n  'class',\n  'dir',\n  'height',\n  'hidden',\n  'href',\n  'id',\n  'lang',\n  'loading',\n  'name',\n  'rel',\n  'role',\n  'src',\n  'srcset',\n  'tabindex',\n  'target',\n  'title',\n  'type',\n  'width',\n  'aria-*',\n]);\n\n/**\n * Dangerous attribute prefixes to always remove.\n */\nexport const DANGEROUS_ATTR_PREFIXES = ['on', 'formaction', 'xlink:', 'xmlns:'];\n\n/**\n * Dangerous URL protocols to block.\n */\nexport const DANGEROUS_PROTOCOLS = ['javascript:', 'data:', 'vbscript:', 'file:'];\n","/**\n * Core HTML sanitization logic.\n *\n * @module bquery/security\n * @internal\n */\n\nimport {\n  DANGEROUS_ATTR_PREFIXES,\n  DANGEROUS_PROTOCOLS,\n  DANGEROUS_TAGS,\n  DEFAULT_ALLOWED_ATTRIBUTES,\n  DEFAULT_ALLOWED_TAGS,\n  RESERVED_IDS,\n} from './constants';\nimport type { SanitizeOptions } from './types';\n\n/**\n * Check if an attribute name is allowed.\n * @internal\n */\nconst isAllowedAttribute = (\n  name: string,\n  allowedSet: Set<string>,\n  allowDataAttrs: boolean\n): boolean => {\n  const lowerName = name.toLowerCase();\n\n  // Check dangerous prefixes\n  for (const prefix of DANGEROUS_ATTR_PREFIXES) {\n    if (lowerName.startsWith(prefix)) return false;\n  }\n\n  // Check data attributes\n  if (allowDataAttrs && lowerName.startsWith('data-')) return true;\n\n  // Check aria attributes (allowed by default)\n  if (lowerName.startsWith('aria-')) return true;\n\n  // Check explicit allow list\n  return allowedSet.has(lowerName);\n};\n\n/**\n * Check if an ID/name value could cause DOM clobbering.\n * @internal\n */\nconst isSafeIdOrName = (value: string): boolean => {\n  const lowerValue = value.toLowerCase().trim();\n  return !RESERVED_IDS.has(lowerValue);\n};\n\n/**\n * Normalize URL by removing control characters, whitespace, and Unicode tricks.\n * Enhanced to prevent various bypass techniques.\n * @internal\n */\nconst normalizeUrl = (value: string): string =>\n  value\n    // Remove null bytes and control characters\n    .replace(/[\\u0000-\\u001F\\u007F]+/g, '')\n    // Remove zero-width characters that could hide malicious content\n    .replace(/[\\u200B-\\u200D\\uFEFF\\u2028\\u2029]+/g, '')\n    // Remove escaped Unicode sequences\n    .replace(/\\\\u[\\da-fA-F]{4}/g, '')\n    // Remove whitespace\n    .replace(/\\s+/g, '')\n    // Normalize case\n    .toLowerCase();\n\n/**\n * Check if a URL value is safe.\n * @internal\n */\nconst isSafeUrl = (value: string): boolean => {\n  const normalized = normalizeUrl(value);\n  for (const protocol of DANGEROUS_PROTOCOLS) {\n    if (normalized.startsWith(protocol)) return false;\n  }\n  return true;\n};\n\n/**\n * Check if a srcset attribute value is safe.\n * srcset contains comma-separated entries of \"url [descriptor]\".\n * Each individual URL must be validated.\n * @internal\n */\nconst isSafeSrcset = (value: string): boolean => {\n  const entries = value.split(',');\n  for (const entry of entries) {\n    const url = entry.trim().split(/\\s+/)[0];\n    if (url && !isSafeUrl(url)) return false;\n  }\n  return true;\n};\n\n/**\n * Check if a URL is external (different origin).\n * @internal\n */\nconst isExternalUrl = (url: string): boolean => {\n  try {\n    // Normalize URL by trimming whitespace\n    const trimmedUrl = url.trim();\n\n    // Protocol-relative URLs (//example.com) are always external.\n    // CRITICAL: This check must run before the relative-URL check below;\n    // otherwise, a protocol-relative URL like \"//evil.com\" would be treated\n    // as a non-http(s) relative URL and incorrectly classified as same-origin.\n    // Handling them up front guarantees correct security classification.\n    if (trimmedUrl.startsWith('//')) {\n      return true;\n    }\n\n    // Normalize URL for case-insensitive protocol checks\n    const lowerUrl = trimmedUrl.toLowerCase();\n\n    // Check for non-http(s) protocols which are considered external/special\n    // (mailto:, tel:, ftp:, etc.)\n    const hasProtocol = /^[a-z][a-z0-9+.-]*:/i.test(trimmedUrl);\n    if (hasProtocol && !lowerUrl.startsWith('http://') && !lowerUrl.startsWith('https://')) {\n      // These are special protocols, not traditional \"external\" links\n      // but we treat them as external for security consistency\n      return true;\n    }\n\n    // Relative URLs are not external\n    if (!lowerUrl.startsWith('http://') && !lowerUrl.startsWith('https://')) {\n      return false;\n    }\n\n    // In non-browser environments (e.g., Node.js), treat all absolute URLs as external\n    if (typeof window === 'undefined' || !window.location) {\n      return true;\n    }\n\n    const urlObj = new URL(trimmedUrl, window.location.href);\n    return urlObj.origin !== window.location.origin;\n  } catch {\n    // If URL parsing fails, treat as potentially external for safety\n    return true;\n  }\n};\n\n/**\n * Parse an HTML string into a Document using DOMParser.\n * This helper is intentionally separated to make the control-flow around HTML parsing\n * explicit for static analysis tools. It should ONLY be called when the input is\n * known to contain HTML syntax (angle brackets).\n *\n * DOMParser creates an inert document where scripts don't execute, making it safe\n * for parsing untrusted HTML that will subsequently be sanitized.\n *\n * @param htmlContent - A string that is known to contain HTML markup (has < or >)\n * @returns The parsed Document\n * @internal\n */\nconst parseHtmlDocument = (htmlContent: string): Document => {\n  const parser = new DOMParser();\n  // Parse as a full HTML document in an inert context; scripts won't execute\n  return parser.parseFromString(htmlContent, 'text/html');\n};\n\n/**\n * Safely parse HTML string into a DocumentFragment using DOMParser.\n * DOMParser is preferred over innerHTML for security as it creates an inert document\n * where scripts don't execute and provides better static analysis recognition.\n *\n * This function includes input normalization to satisfy static analysis tools:\n * - Coerces input to string and trims whitespace\n * - For plain text (no HTML tags), creates a Text node directly without parsing\n * - Only invokes DOMParser for actual HTML-like content via parseHtmlDocument\n *\n * The separation between plain text handling and HTML parsing is intentional:\n * DOM text that contains no HTML syntax is never fed into an HTML parser,\n * preventing \"DOM text reinterpreted as HTML\" issues.\n *\n * @internal\n */\nconst parseHtmlSafely = (html: string): DocumentFragment => {\n  // Step 1: Normalize input - coerce to string and trim\n  // This defensive check handles edge cases even though TypeScript says it's a string\n  const normalizedHtml = (typeof html === 'string' ? html : String(html ?? '')).trim();\n\n  // Step 2: Create the fragment that will hold our result\n  const fragment = document.createDocumentFragment();\n\n  // Step 3: Early return for empty input\n  if (normalizedHtml.length === 0) {\n    return fragment;\n  }\n\n  // Step 4: If input contains no angle brackets, it's plain text - no HTML parsing needed.\n  // Plain text is handled as a Text node, never passed to an HTML parser.\n  // This explicitly prevents \"DOM text reinterpreted as HTML\" for purely textual inputs.\n  const containsHtmlSyntax = normalizedHtml.includes('<') || normalizedHtml.includes('>');\n  if (!containsHtmlSyntax) {\n    fragment.appendChild(document.createTextNode(normalizedHtml));\n    return fragment;\n  }\n\n  // Step 5: Input contains HTML syntax - parse it via the dedicated HTML parsing helper.\n  // This separation makes the data-flow explicit: only strings with HTML syntax\n  // are passed to DOMParser, satisfying static analysis requirements.\n  const doc = parseHtmlDocument(normalizedHtml);\n\n  // Move all children from the document body into the fragment.\n  // This avoids interpolating untrusted HTML into an outer wrapper string.\n  const body = doc.body;\n\n  if (!body) {\n    return fragment;\n  }\n\n  while (body.firstChild) {\n    fragment.appendChild(body.firstChild);\n  }\n\n  return fragment;\n};\n\n/**\n * Core sanitization logic (without Trusted Types wrapper).\n * @internal\n */\nexport const sanitizeHtmlCore = (html: string, options: SanitizeOptions = {}): string => {\n  const {\n    allowTags = [],\n    allowAttributes = [],\n    allowDataAttributes = true,\n    stripAllTags = false,\n  } = options;\n\n  // Build combined allow sets (excluding dangerous tags even if specified)\n  const allowedTags = new Set(\n    [...DEFAULT_ALLOWED_TAGS, ...allowTags.map((t) => t.toLowerCase())].filter(\n      (tag) => !DANGEROUS_TAGS.has(tag)\n    )\n  );\n  const allowedAttrs = new Set([\n    ...DEFAULT_ALLOWED_ATTRIBUTES,\n    ...allowAttributes.map((a) => a.toLowerCase()),\n  ]);\n\n  // Use DOMParser for safe HTML parsing (inert context, no script execution)\n  const fragment = parseHtmlSafely(html);\n\n  if (stripAllTags) {\n    return fragment.textContent ?? '';\n  }\n\n  // Walk the DOM tree\n  const walker = document.createTreeWalker(fragment, NodeFilter.SHOW_ELEMENT);\n\n  const toRemove: Element[] = [];\n\n  while (walker.nextNode()) {\n    const el = walker.currentNode as Element;\n    const tagName = el.tagName.toLowerCase();\n\n    // Remove explicitly dangerous tags even if in allow list\n    if (DANGEROUS_TAGS.has(tagName)) {\n      toRemove.push(el);\n      continue;\n    }\n\n    // Remove disallowed tags entirely\n    if (!allowedTags.has(tagName)) {\n      toRemove.push(el);\n      continue;\n    }\n\n    // Process attributes\n    const attrsToRemove: string[] = [];\n    for (const attr of Array.from(el.attributes)) {\n      const attrName = attr.name.toLowerCase();\n\n      // Check if attribute is allowed\n      if (!isAllowedAttribute(attrName, allowedAttrs, allowDataAttributes)) {\n        attrsToRemove.push(attr.name);\n        continue;\n      }\n\n      // Check for DOM clobbering on id and name attributes\n      if ((attrName === 'id' || attrName === 'name') && !isSafeIdOrName(attr.value)) {\n        attrsToRemove.push(attr.name);\n        continue;\n      }\n\n      // Validate URL attributes\n      if (\n        (attrName === 'href' || attrName === 'src' || attrName === 'action') &&\n        !isSafeUrl(attr.value)\n      ) {\n        attrsToRemove.push(attr.name);\n        continue;\n      }\n\n      // Validate srcset URLs individually\n      if (attrName === 'srcset' && !isSafeSrcset(attr.value)) {\n        attrsToRemove.push(attr.name);\n      }\n    }\n\n    // Remove disallowed attributes\n    for (const attrName of attrsToRemove) {\n      el.removeAttribute(attrName);\n    }\n\n    // Add rel=\"noopener noreferrer\" to external links for security\n    if (tagName === 'a') {\n      const href = el.getAttribute('href');\n      const target = el.getAttribute('target');\n      const hasTargetBlank = target?.toLowerCase() === '_blank';\n      const isExternal = href && isExternalUrl(href);\n\n      // Add security attributes to links opening in new window or external links\n      if (hasTargetBlank || isExternal) {\n        const existingRel = el.getAttribute('rel');\n        const relValues = new Set(existingRel ? existingRel.split(/\\s+/).filter(Boolean) : []);\n\n        // Add noopener and noreferrer\n        relValues.add('noopener');\n        relValues.add('noreferrer');\n\n        el.setAttribute('rel', Array.from(relValues).join(' '));\n      }\n    }\n  }\n\n  // Remove disallowed elements\n  for (const el of toRemove) {\n    el.remove();\n  }\n\n  // Serialize the sanitized fragment to HTML string.\n  // We use a temporary container to get the innerHTML of the fragment.\n  const serializeFragment = (frag: DocumentFragment): string => {\n    const container = document.createElement('div');\n    container.appendChild(frag.cloneNode(true));\n    return container.innerHTML;\n  };\n\n  // Double-parse to prevent mutation XSS (mXSS).\n  // Browsers may normalize HTML during serialization in ways that could create\n  // new dangerous content when re-parsed. By re-parsing the sanitized output\n  // and verifying stability, we ensure the final HTML is safe.\n  const firstPass = serializeFragment(fragment);\n\n  // Re-parse through DOMParser for mXSS detection.\n  // Using DOMParser instead of innerHTML for security.\n  const verifyFragment = parseHtmlSafely(firstPass);\n  const secondPass = serializeFragment(verifyFragment);\n\n  // Verify stability: if content mutates between parses, it indicates mXSS attempt\n  if (firstPass !== secondPass) {\n    // Content mutated during re-parse - potential mXSS detected.\n    // Return safely escaped text content as fallback.\n    return fragment.textContent ?? '';\n  }\n\n  return secondPass;\n};\n","declare const sanitizedHtmlBrand: unique symbol;\nconst trustedHtmlBrand: unique symbol = Symbol('bquery.trusted-html.brand');\nconst TRUSTED_HTML_VALUE = Symbol('bquery.trusted-html');\n\n/**\n * Branded HTML string produced by bQuery's sanitization or escaping template helpers.\n *\n * Values returned from {@link sanitizeHtml} carry sanitized markup. Values returned from\n * {@link safeHtml} preserve the template's static markup while escaping normal interpolations\n * and splicing {@link trusted} fragments verbatim. This brand is not intended for arbitrary\n * strings or manual concatenation outside those helpers.\n */\nexport type SanitizedHtml = string & { readonly [sanitizedHtmlBrand]: true };\n\n/**\n * Marker object that safeHtml can splice into templates without escaping again.\n */\nexport type TrustedHtml = { readonly [trustedHtmlBrand]: true; toString(): string };\n\ntype TrustedHtmlValue = TrustedHtml & { readonly [TRUSTED_HTML_VALUE]: string };\n\n/**\n * Apply the internal {@link SanitizedHtml} brand to helper output.\n *\n * @internal\n */\nexport const toSanitizedHtml = (html: string): SanitizedHtml => html as SanitizedHtml;\n\n/**\n * Mark a sanitized HTML string for verbatim splicing into safeHtml templates.\n *\n * @param html - HTML previously produced by sanitizeHtml, safeHtml, or another trusted bQuery helper\n * @returns Trusted HTML marker object for safeHtml interpolations\n *\n * @example\n * ```ts\n * const badge = trusted(sanitizeHtml('<strong onclick=\"alert(1)\">New</strong>'));\n * const markup = safeHtml`<span>${badge}</span>`;\n * ```\n */\nexport const trusted = (html: SanitizedHtml): TrustedHtml => {\n  const value = String(html);\n  return Object.freeze({\n    [trustedHtmlBrand]: true as const,\n    [TRUSTED_HTML_VALUE]: value,\n    toString: () => value,\n  });\n};\n\n/**\n * Check whether a value is a trusted HTML marker created by trusted().\n *\n * @internal\n */\nexport const isTrustedHtml = (value: unknown): value is TrustedHtml => {\n  return (\n    typeof value === 'object' &&\n    value !== null &&\n    trustedHtmlBrand in value &&\n    TRUSTED_HTML_VALUE in value\n  );\n};\n\n/**\n * Unwrap the raw HTML string stored inside a trusted HTML marker.\n *\n * @internal\n */\nexport const unwrapTrustedHtml = (value: TrustedHtml): string => {\n  return (value as TrustedHtmlValue)[TRUSTED_HTML_VALUE];\n};\n","/**\n * Content Security Policy helpers.\n *\n * @module bquery/security\n */\n\n/** Maximum allowed nonce length to prevent memory issues */\nconst MAX_NONCE_LENGTH = 1024;\n\n/** Chunk size for building strings to avoid argument limit in String.fromCharCode */\nconst CHUNK_SIZE = 8192;\n\n/**\n * Generate a nonce for inline scripts/styles.\n * Use with Content-Security-Policy nonce directives.\n *\n * @param length - Nonce length in bytes (default: 16, max: 1024)\n * @returns Cryptographically random nonce string\n * @throws {Error} If crypto.getRandomValues or btoa are not available\n * @throws {RangeError} If length is invalid (negative, non-integer, or exceeds maximum)\n */\nexport const generateNonce = (length: number = 16): string => {\n  // Validate length parameter\n  if (!Number.isInteger(length) || length < 1) {\n    throw new RangeError('generateNonce length must be a positive integer');\n  }\n  if (length > MAX_NONCE_LENGTH) {\n    throw new RangeError(`generateNonce length must not exceed ${MAX_NONCE_LENGTH}`);\n  }\n\n  // Check for required globals in browser/crypto environments\n  if (\n    typeof globalThis.crypto === 'undefined' ||\n    typeof globalThis.crypto.getRandomValues !== 'function'\n  ) {\n    throw new Error(\n      'generateNonce requires crypto.getRandomValues (not available in this environment)'\n    );\n  }\n  if (typeof globalThis.btoa !== 'function') {\n    throw new Error('generateNonce requires btoa (not available in this environment)');\n  }\n\n  const array = new Uint8Array(length);\n  globalThis.crypto.getRandomValues(array);\n\n  // Build string in chunks to avoid argument limit in String.fromCharCode\n  let binaryString = '';\n  for (let i = 0; i < array.length; i += CHUNK_SIZE) {\n    const chunk = array.subarray(i, Math.min(i + CHUNK_SIZE, array.length));\n    binaryString += String.fromCharCode(...chunk);\n  }\n\n  return globalThis.btoa(binaryString).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=/g, '');\n};\n\n/**\n * Check if a CSP header is present with specific directive.\n * Useful for feature detection and fallback strategies.\n *\n * @param directive - The CSP directive to check (e.g., 'script-src')\n * @returns True if the directive appears to be enforced\n */\nexport const hasCSPDirective = (directive: string): boolean => {\n  // Guard for non-DOM environments (SSR, tests, etc.)\n  if (typeof document === 'undefined') {\n    return false;\n  }\n\n  // Check meta tag\n  const meta = document.querySelector('meta[http-equiv=\"Content-Security-Policy\"]');\n  if (meta) {\n    const content = meta.getAttribute('content') ?? '';\n    return content.includes(directive);\n  }\n  return false;\n};\n","/**\n * Trusted Types helpers for CSP compatibility.\n *\n * @module bquery/security\n */\n\nimport { POLICY_NAME } from './constants';\nimport { sanitizeHtmlCore } from './sanitize-core';\nimport type { TrustedHTML, TrustedTypePolicy, TrustedTypesWindow } from './types';\n\n/** Cached Trusted Types policy */\nlet cachedPolicy: TrustedTypePolicy | null = null;\n\n/** Whether policy initialization has been attempted (to avoid retry spam) */\nlet policyInitAttempted = false;\n\n/**\n * Check if Trusted Types API is available.\n * @returns True if Trusted Types are supported\n */\nexport const isTrustedTypesSupported = (): boolean => {\n  return (\n    typeof window !== 'undefined' &&\n    typeof (window as TrustedTypesWindow).trustedTypes !== 'undefined'\n  );\n};\n\n/**\n * Get or create the bQuery Trusted Types policy.\n * @returns The Trusted Types policy or null if unsupported\n */\nexport const getTrustedTypesPolicy = (): TrustedTypePolicy | null => {\n  if (cachedPolicy) return cachedPolicy;\n  if (policyInitAttempted) return null;\n\n  if (typeof window === 'undefined') return null;\n\n  const win = window as TrustedTypesWindow;\n  if (!win.trustedTypes) return null;\n\n  policyInitAttempted = true;\n\n  try {\n    cachedPolicy = win.trustedTypes.createPolicy(POLICY_NAME, {\n      createHTML: (input: string) => sanitizeHtmlCore(input),\n    });\n    return cachedPolicy;\n  } catch (error) {\n    // Policy may already exist or be blocked by CSP\n    const errorMessage = error instanceof Error ? error.message : String(error);\n    console.warn(`bQuery: Could not create Trusted Types policy \"${POLICY_NAME}\": ${errorMessage}`);\n    return null;\n  }\n};\n\n/**\n * Create a Trusted HTML value for use with Trusted Types-enabled sites.\n * Falls back to regular string when Trusted Types are unavailable.\n *\n * @param html - The HTML string to wrap\n * @returns Trusted HTML value or sanitized string\n */\nexport const createTrustedHtml = (html: string): TrustedHTML | string => {\n  const policy = getTrustedTypesPolicy();\n  if (policy) {\n    return policy.createHTML(html);\n  }\n  return sanitizeHtmlCore(html);\n};\n","/**\n * Security utilities for HTML sanitization.\n * All DOM writes are sanitized by default to prevent XSS attacks.\n *\n * @module bquery/security\n */\n\nimport { sanitizeHtmlCore } from './sanitize-core';\nimport { toSanitizedHtml } from './trusted-html';\nimport type { SanitizedHtml } from './trusted-html';\nimport type { SanitizeOptions } from './types';\nexport { generateNonce } from './csp';\nexport { isTrustedTypesSupported } from './trusted-types';\nexport { trusted } from './trusted-html';\nexport type { SanitizedHtml, TrustedHtml } from './trusted-html';\n\n/**\n * Sanitize HTML string, removing dangerous elements and attributes.\n * Uses Trusted Types when available for CSP compliance.\n *\n * @param html - The HTML string to sanitize\n * @param options - Sanitization options\n * @returns Sanitized HTML string\n *\n * @example\n * ```ts\n * const safe = sanitizeHtml('<div onclick=\"alert(1)\">Hello</div>');\n * // Returns: '<div>Hello</div>'\n * ```\n */\nexport const sanitizeHtml = (html: string, options: SanitizeOptions = {}): SanitizedHtml => {\n  return toSanitizedHtml(sanitizeHtmlCore(html, options));\n};\n\n/**\n * Escape HTML entities to prevent XSS.\n * Use this for displaying user content as text.\n *\n * @param text - The text to escape\n * @returns Escaped HTML string\n *\n * @example\n * ```ts\n * escapeHtml('<script>alert(1)</script>');\n * // Returns: '&lt;script&gt;alert(1)&lt;/script&gt;'\n * ```\n */\nexport const escapeHtml = (text: string): string => {\n  const escapeMap: Record<string, string> = {\n    '&': '&amp;',\n    '<': '&lt;',\n    '>': '&gt;',\n    '\"': '&quot;',\n    \"'\": '&#x27;',\n    '`': '&#x60;',\n  };\n  return text.replace(/[&<>\"'`]/g, (char) => escapeMap[char]);\n};\n\n/**\n * Strip all HTML tags and return plain text.\n *\n * @param html - The HTML string to strip\n * @returns Plain text content\n */\nexport const stripTags = (html: string): string => {\n  return sanitizeHtmlCore(html, { stripAllTags: true });\n};\n\nexport type { SanitizeOptions } from './types';\n"],"mappings":"AASA,IAAa,IAAc,oBAKd,IAAuB,oBAAI,IAAI;AAAA,EAC1C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;CACD,GAMY,IAAiB,oBAAI,IAAI;AAAA,EACpC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAIA;AAAA,EACA;AAAA,EACA;AAAA,EACA;CACD,GAMY,IAAe,oBAAI,IAAI;AAAA,EAElC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;CACD,GAWY,IAA6B,oBAAI,IAAI;AAAA,EAChD;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;CACD,GAKY,IAA0B;AAAA,EAAC;AAAA,EAAM;AAAA,EAAc;AAAA,EAAU;GAKzD,IAAsB;AAAA,EAAC;AAAA,EAAe;AAAA,EAAS;AAAA,EAAa;GC7LnE,IAAA,CACJ,GACA,GACA,MACY;AACZ,QAAM,IAAY,EAAK,YAAA;AAGvB,aAAW,KAAU,EACnB,KAAI,EAAU,WAAW,CAAA,EAAS,QAAO;AAO3C,SAHI,KAAkB,EAAU,WAAW,OAAA,KAGvC,EAAU,WAAW,OAAA,IAAiB,KAGnC,EAAW,IAAI,CAAA;GAOlB,IAAA,CAAkB,MAA2B;AACjD,QAAM,IAAa,EAAM,YAAA,EAAc,KAAA;AACvC,SAAO,CAAC,EAAa,IAAI,CAAA;GAQrB,IAAA,CAAgB,MACpB,EAEG,QAAQ,2BAA2B,EAAA,EAEnC,QAAQ,uCAAuC,EAAA,EAE/C,QAAQ,qBAAqB,EAAA,EAE7B,QAAQ,QAAQ,EAAA,EAEhB,YAAA,GAMC,IAAA,CAAa,MAA2B;AAC5C,QAAM,IAAa,EAAa,CAAA;AAChC,aAAW,KAAY,EACrB,KAAI,EAAW,WAAW,CAAA,EAAW,QAAO;AAE9C,SAAO;GASH,IAAA,CAAgB,MAA2B;AAC/C,QAAM,IAAU,EAAM,MAAM,GAAA;AAC5B,aAAW,KAAS,GAAS;AAC3B,UAAM,IAAM,EAAM,KAAA,EAAO,MAAM,KAAA,EAAO,CAAA;AACtC,QAAI,KAAO,CAAC,EAAU,CAAA,EAAM,QAAO;AAAA;AAErC,SAAO;GAOH,IAAA,CAAiB,MAAyB;AAC9C,MAAI;AAEF,UAAM,IAAa,EAAI,KAAA;AAOvB,QAAI,EAAW,WAAW,IAAA,EACxB,QAAO;AAIT,UAAM,IAAW,EAAW,YAAA;AAK5B,WADoB,uBAAuB,KAAK,CAAA,KAC7B,CAAC,EAAS,WAAW,SAAA,KAAc,CAAC,EAAS,WAAW,UAAA,IAGlE,KAIL,CAAC,EAAS,WAAW,SAAA,KAAc,CAAC,EAAS,WAAW,UAAA,IACnD,KAIL,OAAO,SAAW,OAAe,CAAC,OAAO,WACpC,KAIF,IADY,IAAI,GAAY,OAAO,SAAS,IAAA,EACrC,WAAW,OAAO,SAAS;AAAA,UACnC;AAEN,WAAO;AAAA;GAiBL,IAAA,CAAqB,MAGlB,IAFY,UAAA,EAEL,gBAAgB,GAAa,WAAA,GAmBvC,IAAA,CAAmB,MAAmC;AAG1D,QAAM,KAAkB,OAAO,KAAS,WAAW,IAAO,OAAO,KAAQ,EAAA,GAAK,KAAA,GAGxE,IAAW,SAAS,uBAAA;AAG1B,MAAI,EAAe,WAAW,EAC5B,QAAO;AAOT,MAAI,EADuB,EAAe,SAAS,GAAA,KAAQ,EAAe,SAAS,GAAA;AAEjF,WAAA,EAAS,YAAY,SAAS,eAAe,CAAA,CAAe,GACrD;AAUT,QAAM,IAJM,EAAkB,CAAA,EAIb;AAEjB,MAAI,CAAC,EACH,QAAO;AAGT,SAAO,EAAK,aACV,CAAA,EAAS,YAAY,EAAK,UAAA;AAG5B,SAAO;GAOI,IAAA,CAAoB,GAAc,IAA2B,CAAA,MAAe;AACvF,QAAM,EACJ,WAAA,IAAY,CAAA,GACZ,iBAAA,IAAkB,CAAA,GAClB,qBAAA,IAAsB,IACtB,cAAA,IAAe,GAAA,IACb,GAGE,IAAc,IAAI,IACtB,CAAC,GAAG,GAAsB,GAAG,EAAU,IAAA,CAAK,MAAM,EAAE,YAAA,CAAa,CAAC,EAAE,OAAA,CACjE,MAAQ,CAAC,EAAe,IAAI,CAAA,CAAI,CAClC,GAEG,IAAe,oBAAI,IAAI,CAC3B,GAAG,GACH,GAAG,EAAgB,IAAA,CAAK,MAAM,EAAE,YAAA,CAAa,CAAC,CAC/C,GAGK,IAAW,EAAgB,CAAA;AAEjC,MAAI,EACF,QAAO,EAAS,eAAe;AAIjC,QAAM,IAAS,SAAS,iBAAiB,GAAU,WAAW,YAAA,GAExD,IAAsB,CAAA;AAE5B,SAAO,EAAO,SAAA,KAAY;AACxB,UAAM,IAAK,EAAO,aACZ,IAAU,EAAG,QAAQ,YAAA;AAG3B,QAAI,EAAe,IAAI,CAAA,GAAU;AAC/B,MAAA,EAAS,KAAK,CAAA;AACd;AAAA;AAIF,QAAI,CAAC,EAAY,IAAI,CAAA,GAAU;AAC7B,MAAA,EAAS,KAAK,CAAA;AACd;AAAA;AAIF,UAAM,IAA0B,CAAA;AAChC,eAAW,KAAQ,MAAM,KAAK,EAAG,UAAA,GAAa;AAC5C,YAAM,IAAW,EAAK,KAAK,YAAA;AAG3B,UAAI,CAAC,EAAmB,GAAU,GAAc,CAAA,GAAsB;AACpE,QAAA,EAAc,KAAK,EAAK,IAAA;AACxB;AAAA;AAIF,WAAK,MAAa,QAAQ,MAAa,WAAW,CAAC,EAAe,EAAK,KAAA,GAAQ;AAC7E,QAAA,EAAc,KAAK,EAAK,IAAA;AACxB;AAAA;AAIF,WACG,MAAa,UAAU,MAAa,SAAS,MAAa,aAC3D,CAAC,EAAU,EAAK,KAAA,GAChB;AACA,QAAA,EAAc,KAAK,EAAK,IAAA;AACxB;AAAA;AAIF,MAAI,MAAa,YAAY,CAAC,EAAa,EAAK,KAAA,KAC9C,EAAc,KAAK,EAAK,IAAA;AAAA;AAK5B,eAAW,KAAY,EACrB,CAAA,EAAG,gBAAgB,CAAA;AAIrB,QAAI,MAAY,KAAK;AACnB,YAAM,IAAO,EAAG,aAAa,MAAA,GAEvB,IADS,EAAG,aAAa,QAAA,GACA,YAAA,MAAkB,UAC3C,IAAa,KAAQ,EAAc,CAAA;AAGzC,UAAI,KAAkB,GAAY;AAChC,cAAM,IAAc,EAAG,aAAa,KAAA,GAC9B,IAAY,IAAI,IAAI,IAAc,EAAY,MAAM,KAAA,EAAO,OAAO,OAAA,IAAW,CAAA,CAAE;AAGrF,QAAA,EAAU,IAAI,UAAA,GACd,EAAU,IAAI,YAAA,GAEd,EAAG,aAAa,OAAO,MAAM,KAAK,CAAA,EAAW,KAAK,GAAA,CAAI;AAAA;;;AAM5D,aAAW,KAAM,EACf,CAAA,EAAG,OAAA;AAKL,QAAM,IAAA,CAAqB,MAAmC;AAC5D,UAAM,IAAY,SAAS,cAAc,KAAA;AACzC,WAAA,EAAU,YAAY,EAAK,UAAU,EAAA,CAAK,GACnC,EAAU;AAAA,KAOb,IAAY,EAAkB,CAAA,GAK9B,IAAa,EADI,EAAgB,CAAA,CACF;AAGrC,SAAI,MAAc,IAGT,EAAS,eAAe,KAG1B;GCzWH,IAAkC,uBAAO,2BAAA,GACzC,IAAqB,uBAAO,qBAAA,GAwBrB,IAAA,CAAmB,MAAgC,GAcnD,IAAA,CAAW,MAAqC;AAC3D,QAAM,IAAQ,OAAO,CAAA;AACrB,SAAO,OAAO,OAAO;AAAA,KAClB,CAAA,GAAmB;AAAA,KACnB,CAAA,GAAqB;AAAA,IACtB,UAAA,MAAgB;AAAA,GACjB;GAQU,IAAA,CAAiB,MAE1B,OAAO,KAAU,YACjB,MAAU,QACV,KAAoB,KACpB,KAAsB,GASb,IAAA,CAAqB,MACxB,EAA2B,CAAA,GC9D/B,IAAmB,MAGnB,IAAa,MAWN,IAAA,CAAiB,IAAiB,OAAe;AAE5D,MAAI,CAAC,OAAO,UAAU,CAAA,KAAW,IAAS,EACxC,OAAM,IAAI,WAAW,iDAAA;AAEvB,MAAI,IAAS,EACX,OAAM,IAAI,WAAW,wCAAwC,CAAA,EAAA;AAI/D,MACE,OAAO,WAAW,SAAW,OAC7B,OAAO,WAAW,OAAO,mBAAoB,WAE7C,OAAM,IAAI,MACR,mFAAA;AAGJ,MAAI,OAAO,WAAW,QAAS,WAC7B,OAAM,IAAI,MAAM,iEAAA;AAGlB,QAAM,IAAQ,IAAI,WAAW,CAAA;AAC7B,aAAW,OAAO,gBAAgB,CAAA;AAGlC,MAAI,IAAe;AACnB,WAAS,IAAI,GAAG,IAAI,EAAM,QAAQ,KAAK,GAAY;AACjD,UAAM,IAAQ,EAAM,SAAS,GAAG,KAAK,IAAI,IAAI,GAAY,EAAM,MAAA,CAAO;AACtE,IAAA,KAAgB,OAAO,aAAa,GAAG,CAAA;AAAA;AAGzC,SAAO,WAAW,KAAK,CAAA,EAAc,QAAQ,OAAO,GAAA,EAAK,QAAQ,OAAO,GAAA,EAAK,QAAQ,MAAM,EAAA;GAUhF,IAAA,CAAmB,MAA+B;AAE7D,MAAI,OAAO,WAAa,IACtB,QAAO;AAIT,QAAM,IAAO,SAAS,cAAc,4CAAA;AACpC,SAAI,KACc,EAAK,aAAa,SAAA,KAAc,IACjC,SAAS,CAAA,IAEnB;GChEL,IAAyC,MAGzC,IAAsB,IAMb,IAAA,MAET,OAAO,SAAW,OAClB,OAAQ,OAA8B,eAAiB,KAQ9C,IAAA,MAAwD;AACnE,MAAI,EAAc,QAAO;AAGzB,MAFI,KAEA,OAAO,SAAW,IAAa,QAAO;AAE1C,QAAM,IAAM;AACZ,MAAI,CAAC,EAAI,aAAc,QAAO;AAE9B,EAAA,IAAsB;AAEtB,MAAI;AACF,WAAA,IAAe,EAAI,aAAa,aAAa,GAAa,EACxD,YAAA,CAAa,MAAkB,EAAiB,CAAA,EAAM,CACvD,GACM;AAAA,WACA,GAAO;AAEd,UAAM,IAAe,aAAiB,QAAQ,EAAM,UAAU,OAAO,CAAA;AACrE,mBAAQ,KAAK,kDAAkD,CAAA,MAAiB,CAAA,EAAA,GACzE;AAAA;GAWE,IAAA,CAAqB,MAAuC;AACvE,QAAM,IAAS,EAAA;AACf,SAAI,IACK,EAAO,WAAW,CAAA,IAEpB,EAAiB,CAAA;GCrCb,IAAA,CAAgB,GAAc,IAA2B,CAAA,MAC7D,EAAgB,EAAiB,GAAM,CAAA,CAAQ,GAgB3C,KAAA,CAAc,MAAyB;AAClD,QAAM,IAAoC;AAAA,IACxC,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA;AAEP,SAAO,EAAK,QAAQ,aAAA,CAAc,MAAS,EAAU,CAAA,CAAA;GAS1C,KAAA,CAAa,MACjB,EAAiB,GAAM,EAAE,cAAc,GAAA,CAAM"}
+{"version":3,"file":"sanitize-DOMkRO9G.js","names":[],"sources":["../src/security/constants.ts","../src/security/sanitize-core.ts","../src/security/trusted-html.ts","../src/security/csp.ts","../src/security/trusted-types.ts","../src/security/sanitize.ts"],"sourcesContent":["/**\n * Security constants and safe lists.\n *\n * @module bquery/security\n */\n\n/**\n * Trusted Types policy name.\n */\nexport const POLICY_NAME = 'bquery-sanitizer';\n\n/**\n * Default allowed HTML tags considered safe.\n */\nexport const DEFAULT_ALLOWED_TAGS = new Set([\n  'a',\n  'abbr',\n  'address',\n  'article',\n  'aside',\n  'b',\n  'bdi',\n  'bdo',\n  'blockquote',\n  'br',\n  'button',\n  'caption',\n  'cite',\n  'code',\n  'col',\n  'colgroup',\n  'data',\n  'dd',\n  'del',\n  'details',\n  'dfn',\n  'div',\n  'dl',\n  'dt',\n  'em',\n  'figcaption',\n  'figure',\n  'footer',\n  'form',\n  'h1',\n  'h2',\n  'h3',\n  'h4',\n  'h5',\n  'h6',\n  'header',\n  'hgroup',\n  'hr',\n  'i',\n  'img',\n  'input',\n  'ins',\n  'kbd',\n  'label',\n  'legend',\n  'li',\n  'main',\n  'mark',\n  'nav',\n  'ol',\n  'optgroup',\n  'option',\n  'p',\n  'picture',\n  'pre',\n  'progress',\n  'q',\n  'rp',\n  'rt',\n  'ruby',\n  's',\n  'samp',\n  'section',\n  'select',\n  'small',\n  'source',\n  'span',\n  'strong',\n  'sub',\n  'summary',\n  'sup',\n  'table',\n  'tbody',\n  'td',\n  'textarea',\n  'tfoot',\n  'th',\n  'thead',\n  'time',\n  'tr',\n  'u',\n  'ul',\n  'var',\n  'wbr',\n]);\n\n/**\n * Explicitly dangerous tags that should never be allowed.\n * These are checked even if somehow added to allowTags.\n */\nexport const DANGEROUS_TAGS = new Set([\n  'script',\n  'iframe',\n  'frame',\n  'frameset',\n  'object',\n  'embed',\n  'applet',\n  'link',\n  'meta',\n  'style',\n  'base',\n  'template',\n  // 'slot' is intentionally excluded here so component shadow markup can opt in\n  // via sanitizeHtml(..., { allowTags: ['slot'] }). It remains disallowed by default\n  // for general HTML writes, because DEFAULT_ALLOWED_TAGS does not include it.\n  'math',\n  'svg',\n  'foreignobject',\n  'noscript',\n]);\n\n/**\n * Reserved IDs that could cause DOM clobbering attacks.\n * These are prevented to avoid overwriting global browser objects.\n */\nexport const RESERVED_IDS = new Set([\n  // Global objects\n  'document',\n  'window',\n  'location',\n  'top',\n  'self',\n  'parent',\n  'frames',\n  'history',\n  'navigator',\n  'screen',\n  // Dangerous functions\n  'alert',\n  'confirm',\n  'prompt',\n  'eval',\n  'function',\n  // Document properties\n  'cookie',\n  'domain',\n  'referrer',\n  'body',\n  'head',\n  'forms',\n  'images',\n  'links',\n  'scripts',\n  // DOM traversal properties\n  'children',\n  'parentnode',\n  'firstchild',\n  'lastchild',\n  // Content manipulation\n  'innerhtml',\n  'outerhtml',\n  'textcontent',\n]);\n\n/**\n * Default allowed attributes considered safe.\n * Note: 'style' is excluded by default because inline CSS can be abused for:\n * - UI redressing attacks\n * - Data exfiltration via url() in CSS\n * - CSS injection vectors\n * If you need to allow inline styles, add 'style' to allowAttributes in your\n * sanitizeHtml options, but ensure you implement proper CSS value validation.\n */\nexport const DEFAULT_ALLOWED_ATTRIBUTES = new Set([\n  'alt',\n  'class',\n  'dir',\n  'height',\n  'hidden',\n  'href',\n  'id',\n  'lang',\n  'loading',\n  'name',\n  'rel',\n  'role',\n  'src',\n  'srcset',\n  'tabindex',\n  'target',\n  'title',\n  'type',\n  'width',\n  'aria-*',\n]);\n\n/**\n * Dangerous attribute prefixes to always remove.\n */\nexport const DANGEROUS_ATTR_PREFIXES = ['on', 'formaction', 'xlink:', 'xmlns:'];\n\n/**\n * Dangerous URL protocols to block.\n */\nexport const DANGEROUS_PROTOCOLS = ['javascript:', 'data:', 'vbscript:', 'file:'];\n","/**\n * Core HTML sanitization logic.\n *\n * @module bquery/security\n * @internal\n */\n\nimport {\n  DANGEROUS_ATTR_PREFIXES,\n  DANGEROUS_PROTOCOLS,\n  DANGEROUS_TAGS,\n  DEFAULT_ALLOWED_ATTRIBUTES,\n  DEFAULT_ALLOWED_TAGS,\n  RESERVED_IDS,\n} from './constants';\nimport type { SanitizeOptions } from './types';\n\n/**\n * Check if an attribute name is allowed.\n * @internal\n */\nconst isAllowedAttribute = (\n  name: string,\n  allowedSet: Set<string>,\n  allowDataAttrs: boolean\n): boolean => {\n  const lowerName = name.toLowerCase();\n\n  // Check dangerous prefixes\n  for (const prefix of DANGEROUS_ATTR_PREFIXES) {\n    if (lowerName.startsWith(prefix)) return false;\n  }\n\n  // Check data attributes\n  if (allowDataAttrs && lowerName.startsWith('data-')) return true;\n\n  // Check aria attributes (allowed by default)\n  if (lowerName.startsWith('aria-')) return true;\n\n  // Check explicit allow list\n  return allowedSet.has(lowerName);\n};\n\n/**\n * Check if an ID/name value could cause DOM clobbering.\n * @internal\n */\nconst isSafeIdOrName = (value: string): boolean => {\n  const lowerValue = value.toLowerCase().trim();\n  return !RESERVED_IDS.has(lowerValue);\n};\n\n/**\n * Normalize URL by removing control characters, whitespace, and Unicode tricks.\n * Enhanced to prevent various bypass techniques.\n * @internal\n */\nconst normalizeUrl = (value: string): string =>\n  value\n    // Remove null bytes and control characters\n    .replace(/[\\u0000-\\u001F\\u007F]+/g, '')\n    // Remove zero-width characters that could hide malicious content\n    .replace(/[\\u200B-\\u200D\\uFEFF\\u2028\\u2029]+/g, '')\n    // Remove escaped Unicode sequences\n    .replace(/\\\\u[\\da-fA-F]{4}/g, '')\n    // Remove whitespace\n    .replace(/\\s+/g, '')\n    // Normalize case\n    .toLowerCase();\n\n/**\n * Check if a URL value is safe.\n * @internal\n */\nconst isSafeUrl = (value: string): boolean => {\n  const normalized = normalizeUrl(value);\n  for (const protocol of DANGEROUS_PROTOCOLS) {\n    if (normalized.startsWith(protocol)) return false;\n  }\n  return true;\n};\n\n/**\n * Check if a srcset attribute value is safe.\n * srcset contains comma-separated entries of \"url [descriptor]\".\n * Each individual URL must be validated.\n * @internal\n */\nconst isSafeSrcset = (value: string): boolean => {\n  const entries = value.split(',');\n  for (const entry of entries) {\n    const url = entry.trim().split(/\\s+/)[0];\n    if (url && !isSafeUrl(url)) return false;\n  }\n  return true;\n};\n\n/**\n * Check if a URL is external (different origin).\n * @internal\n */\nconst isExternalUrl = (url: string): boolean => {\n  try {\n    // Normalize URL by trimming whitespace\n    const trimmedUrl = url.trim();\n\n    // Protocol-relative URLs (//example.com) are always external.\n    // CRITICAL: This check must run before the relative-URL check below;\n    // otherwise, a protocol-relative URL like \"//evil.com\" would be treated\n    // as a non-http(s) relative URL and incorrectly classified as same-origin.\n    // Handling them up front guarantees correct security classification.\n    if (trimmedUrl.startsWith('//')) {\n      return true;\n    }\n\n    // Normalize URL for case-insensitive protocol checks\n    const lowerUrl = trimmedUrl.toLowerCase();\n\n    // Check for non-http(s) protocols which are considered external/special\n    // (mailto:, tel:, ftp:, etc.)\n    const hasProtocol = /^[a-z][a-z0-9+.-]*:/i.test(trimmedUrl);\n    if (hasProtocol && !lowerUrl.startsWith('http://') && !lowerUrl.startsWith('https://')) {\n      // These are special protocols, not traditional \"external\" links\n      // but we treat them as external for security consistency\n      return true;\n    }\n\n    // Relative URLs are not external\n    if (!lowerUrl.startsWith('http://') && !lowerUrl.startsWith('https://')) {\n      return false;\n    }\n\n    // In non-browser environments (e.g., Node.js), treat all absolute URLs as external\n    if (typeof window === 'undefined' || !window.location) {\n      return true;\n    }\n\n    const urlObj = new URL(trimmedUrl, window.location.href);\n    return urlObj.origin !== window.location.origin;\n  } catch {\n    // If URL parsing fails, treat as potentially external for safety\n    return true;\n  }\n};\n\n/**\n * Parse an HTML string into a Document using DOMParser.\n * This helper is intentionally separated to make the control-flow around HTML parsing\n * explicit for static analysis tools. It should ONLY be called when the input is\n * known to contain HTML syntax (angle brackets).\n *\n * DOMParser creates an inert document where scripts don't execute, making it safe\n * for parsing untrusted HTML that will subsequently be sanitized.\n *\n * @param htmlContent - A string that is known to contain HTML markup (has < or >)\n * @returns The parsed Document\n * @internal\n */\nconst parseHtmlDocument = (htmlContent: string): Document => {\n  const parser = new DOMParser();\n  // Parse as a full HTML document in an inert context; scripts won't execute\n  return parser.parseFromString(htmlContent, 'text/html');\n};\n\n/**\n * Safely parse HTML string into a DocumentFragment using DOMParser.\n * DOMParser is preferred over innerHTML for security as it creates an inert document\n * where scripts don't execute and provides better static analysis recognition.\n *\n * This function includes input normalization to satisfy static analysis tools:\n * - Coerces input to string and trims whitespace\n * - For plain text (no HTML tags), creates a Text node directly without parsing\n * - Only invokes DOMParser for actual HTML-like content via parseHtmlDocument\n *\n * The separation between plain text handling and HTML parsing is intentional:\n * DOM text that contains no HTML syntax is never fed into an HTML parser,\n * preventing \"DOM text reinterpreted as HTML\" issues.\n *\n * @internal\n */\nconst parseHtmlSafely = (html: string): DocumentFragment => {\n  // Step 1: Normalize input - coerce to string and trim\n  // This defensive check handles edge cases even though TypeScript says it's a string\n  const normalizedHtml = (typeof html === 'string' ? html : String(html ?? '')).trim();\n\n  // Step 2: Create the fragment that will hold our result\n  const fragment = document.createDocumentFragment();\n\n  // Step 3: Early return for empty input\n  if (normalizedHtml.length === 0) {\n    return fragment;\n  }\n\n  // Step 4: If input contains no angle brackets, it's plain text - no HTML parsing needed.\n  // Plain text is handled as a Text node, never passed to an HTML parser.\n  // This explicitly prevents \"DOM text reinterpreted as HTML\" for purely textual inputs.\n  const containsHtmlSyntax = normalizedHtml.includes('<') || normalizedHtml.includes('>');\n  if (!containsHtmlSyntax) {\n    fragment.appendChild(document.createTextNode(normalizedHtml));\n    return fragment;\n  }\n\n  // Step 5: Input contains HTML syntax - parse it via the dedicated HTML parsing helper.\n  // This separation makes the data-flow explicit: only strings with HTML syntax\n  // are passed to DOMParser, satisfying static analysis requirements.\n  const doc = parseHtmlDocument(normalizedHtml);\n\n  // Move all children from the document body into the fragment.\n  // This avoids interpolating untrusted HTML into an outer wrapper string.\n  const body = doc.body;\n\n  if (!body) {\n    return fragment;\n  }\n\n  while (body.firstChild) {\n    fragment.appendChild(body.firstChild);\n  }\n\n  return fragment;\n};\n\n/**\n * Core sanitization logic (without Trusted Types wrapper).\n * @internal\n */\nexport const sanitizeHtmlCore = (html: string, options: SanitizeOptions = {}): string => {\n  const {\n    allowTags = [],\n    allowAttributes = [],\n    allowDataAttributes = true,\n    stripAllTags = false,\n  } = options;\n\n  // Build combined allow sets (excluding dangerous tags even if specified)\n  const allowedTags = new Set(\n    [...DEFAULT_ALLOWED_TAGS, ...allowTags.map((t) => t.toLowerCase())].filter(\n      (tag) => !DANGEROUS_TAGS.has(tag)\n    )\n  );\n  const allowedAttrs = new Set([\n    ...DEFAULT_ALLOWED_ATTRIBUTES,\n    ...allowAttributes.map((a) => a.toLowerCase()),\n  ]);\n\n  // Use DOMParser for safe HTML parsing (inert context, no script execution)\n  const fragment = parseHtmlSafely(html);\n\n  if (stripAllTags) {\n    return fragment.textContent ?? '';\n  }\n\n  // Walk the DOM tree\n  const walker = document.createTreeWalker(fragment, NodeFilter.SHOW_ELEMENT);\n\n  const toRemove: Element[] = [];\n\n  while (walker.nextNode()) {\n    const el = walker.currentNode as Element;\n    const tagName = el.tagName.toLowerCase();\n\n    // Remove explicitly dangerous tags even if in allow list\n    if (DANGEROUS_TAGS.has(tagName)) {\n      toRemove.push(el);\n      continue;\n    }\n\n    // Remove disallowed tags entirely\n    if (!allowedTags.has(tagName)) {\n      toRemove.push(el);\n      continue;\n    }\n\n    // Process attributes\n    const attrsToRemove: string[] = [];\n    for (const attr of Array.from(el.attributes)) {\n      const attrName = attr.name.toLowerCase();\n\n      // Check if attribute is allowed\n      if (!isAllowedAttribute(attrName, allowedAttrs, allowDataAttributes)) {\n        attrsToRemove.push(attr.name);\n        continue;\n      }\n\n      // Check for DOM clobbering on id and name attributes\n      if ((attrName === 'id' || attrName === 'name') && !isSafeIdOrName(attr.value)) {\n        attrsToRemove.push(attr.name);\n        continue;\n      }\n\n      // Validate URL attributes\n      if (\n        (attrName === 'href' || attrName === 'src' || attrName === 'action') &&\n        !isSafeUrl(attr.value)\n      ) {\n        attrsToRemove.push(attr.name);\n        continue;\n      }\n\n      // Validate srcset URLs individually\n      if (attrName === 'srcset' && !isSafeSrcset(attr.value)) {\n        attrsToRemove.push(attr.name);\n      }\n    }\n\n    // Remove disallowed attributes\n    for (const attrName of attrsToRemove) {\n      el.removeAttribute(attrName);\n    }\n\n    // Add rel=\"noopener noreferrer\" to external links for security\n    if (tagName === 'a') {\n      const href = el.getAttribute('href');\n      const target = el.getAttribute('target');\n      const hasTargetBlank = target?.toLowerCase() === '_blank';\n      const isExternal = href && isExternalUrl(href);\n\n      // Add security attributes to links opening in new window or external links\n      if (hasTargetBlank || isExternal) {\n        const existingRel = el.getAttribute('rel');\n        const relValues = new Set(existingRel ? existingRel.split(/\\s+/).filter(Boolean) : []);\n\n        // Add noopener and noreferrer\n        relValues.add('noopener');\n        relValues.add('noreferrer');\n\n        el.setAttribute('rel', Array.from(relValues).join(' '));\n      }\n    }\n  }\n\n  // Remove disallowed elements\n  for (const el of toRemove) {\n    el.remove();\n  }\n\n  // Serialize the sanitized fragment to HTML string.\n  // We use a temporary container to get the innerHTML of the fragment.\n  const serializeFragment = (frag: DocumentFragment): string => {\n    const container = document.createElement('div');\n    container.appendChild(frag.cloneNode(true));\n    return container.innerHTML;\n  };\n\n  // Double-parse to prevent mutation XSS (mXSS).\n  // Browsers may normalize HTML during serialization in ways that could create\n  // new dangerous content when re-parsed. By re-parsing the sanitized output\n  // and verifying stability, we ensure the final HTML is safe.\n  const firstPass = serializeFragment(fragment);\n\n  // Re-parse through DOMParser for mXSS detection.\n  // Using DOMParser instead of innerHTML for security.\n  const verifyFragment = parseHtmlSafely(firstPass);\n  const secondPass = serializeFragment(verifyFragment);\n\n  // Verify stability: if content mutates between parses, it indicates mXSS attempt\n  if (firstPass !== secondPass) {\n    // Content mutated during re-parse - potential mXSS detected.\n    // Return safely escaped text content as fallback.\n    return fragment.textContent ?? '';\n  }\n\n  return secondPass;\n};\n","declare const sanitizedHtmlBrand: unique symbol;\nconst trustedHtmlBrand: unique symbol = Symbol('bquery.trusted-html.brand');\nconst TRUSTED_HTML_VALUE = Symbol('bquery.trusted-html');\n\n/**\n * Branded HTML string produced by bQuery's sanitization or escaping template helpers.\n *\n * Values returned from {@link sanitizeHtml} carry sanitized markup. Values returned from\n * {@link safeHtml} preserve the template's static markup while escaping normal interpolations\n * and splicing {@link trusted} fragments verbatim. This brand is not intended for arbitrary\n * strings or manual concatenation outside those helpers.\n */\nexport type SanitizedHtml = string & { readonly [sanitizedHtmlBrand]: true };\n\n/**\n * Marker object that safeHtml can splice into templates without escaping again.\n */\nexport type TrustedHtml = { readonly [trustedHtmlBrand]: true; toString(): string };\n\ntype TrustedHtmlValue = TrustedHtml & { readonly [TRUSTED_HTML_VALUE]: string };\n\n/**\n * Apply the internal {@link SanitizedHtml} brand to helper output.\n *\n * @internal\n */\nexport const toSanitizedHtml = (html: string): SanitizedHtml => html as SanitizedHtml;\n\n/**\n * Mark a sanitized HTML string for verbatim splicing into safeHtml templates.\n *\n * @param html - HTML previously produced by sanitizeHtml, safeHtml, or another trusted bQuery helper\n * @returns Trusted HTML marker object for safeHtml interpolations\n *\n * @example\n * ```ts\n * const badge = trusted(sanitizeHtml('<strong onclick=\"alert(1)\">New</strong>'));\n * const markup = safeHtml`<span>${badge}</span>`;\n * ```\n */\nexport const trusted = (html: SanitizedHtml): TrustedHtml => {\n  const value = String(html);\n  return Object.freeze({\n    [trustedHtmlBrand]: true as const,\n    [TRUSTED_HTML_VALUE]: value,\n    toString: () => value,\n  });\n};\n\n/**\n * Check whether a value is a trusted HTML marker created by trusted().\n *\n * @internal\n */\nexport const isTrustedHtml = (value: unknown): value is TrustedHtml => {\n  return (\n    typeof value === 'object' &&\n    value !== null &&\n    trustedHtmlBrand in value &&\n    TRUSTED_HTML_VALUE in value\n  );\n};\n\n/**\n * Unwrap the raw HTML string stored inside a trusted HTML marker.\n *\n * @internal\n */\nexport const unwrapTrustedHtml = (value: TrustedHtml): string => {\n  return (value as TrustedHtmlValue)[TRUSTED_HTML_VALUE];\n};\n","/**\n * Content Security Policy helpers.\n *\n * @module bquery/security\n */\n\n/** Maximum allowed nonce length to prevent memory issues */\nconst MAX_NONCE_LENGTH = 1024;\n\n/** Chunk size for building strings to avoid argument limit in String.fromCharCode */\nconst CHUNK_SIZE = 8192;\n\n/**\n * Generate a nonce for inline scripts/styles.\n * Use with Content-Security-Policy nonce directives.\n *\n * @param length - Nonce length in bytes (default: 16, max: 1024)\n * @returns Cryptographically random nonce string\n * @throws {Error} If crypto.getRandomValues or btoa are not available\n * @throws {RangeError} If length is invalid (negative, non-integer, or exceeds maximum)\n */\nexport const generateNonce = (length: number = 16): string => {\n  // Validate length parameter\n  if (!Number.isInteger(length) || length < 1) {\n    throw new RangeError('generateNonce length must be a positive integer');\n  }\n  if (length > MAX_NONCE_LENGTH) {\n    throw new RangeError(`generateNonce length must not exceed ${MAX_NONCE_LENGTH}`);\n  }\n\n  // Check for required globals in browser/crypto environments\n  if (\n    typeof globalThis.crypto === 'undefined' ||\n    typeof globalThis.crypto.getRandomValues !== 'function'\n  ) {\n    throw new Error(\n      'generateNonce requires crypto.getRandomValues (not available in this environment)'\n    );\n  }\n  if (typeof globalThis.btoa !== 'function') {\n    throw new Error('generateNonce requires btoa (not available in this environment)');\n  }\n\n  const array = new Uint8Array(length);\n  globalThis.crypto.getRandomValues(array);\n\n  // Build string in chunks to avoid argument limit in String.fromCharCode\n  let binaryString = '';\n  for (let i = 0; i < array.length; i += CHUNK_SIZE) {\n    const chunk = array.subarray(i, Math.min(i + CHUNK_SIZE, array.length));\n    binaryString += String.fromCharCode(...chunk);\n  }\n\n  return globalThis.btoa(binaryString).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=/g, '');\n};\n\n/**\n * Check if a CSP header is present with specific directive.\n * Useful for feature detection and fallback strategies.\n *\n * @param directive - The CSP directive to check (e.g., 'script-src')\n * @returns True if the directive appears to be enforced\n */\nexport const hasCSPDirective = (directive: string): boolean => {\n  // Guard for non-DOM environments (SSR, tests, etc.)\n  if (typeof document === 'undefined') {\n    return false;\n  }\n\n  // Check meta tag\n  const meta = document.querySelector('meta[http-equiv=\"Content-Security-Policy\"]');\n  if (meta) {\n    const content = meta.getAttribute('content') ?? '';\n    return content.includes(directive);\n  }\n  return false;\n};\n","/**\n * Trusted Types helpers for CSP compatibility.\n *\n * @module bquery/security\n */\n\nimport { POLICY_NAME } from './constants';\nimport { sanitizeHtmlCore } from './sanitize-core';\nimport type { TrustedHTML, TrustedTypePolicy, TrustedTypesWindow } from './types';\n\n/** Cached Trusted Types policy */\nlet cachedPolicy: TrustedTypePolicy | null = null;\n\n/** Whether policy initialization has been attempted (to avoid retry spam) */\nlet policyInitAttempted = false;\n\n/**\n * Check if Trusted Types API is available.\n * @returns True if Trusted Types are supported\n */\nexport const isTrustedTypesSupported = (): boolean => {\n  return (\n    typeof window !== 'undefined' &&\n    typeof (window as TrustedTypesWindow).trustedTypes !== 'undefined'\n  );\n};\n\n/**\n * Get or create the bQuery Trusted Types policy.\n * @returns The Trusted Types policy or null if unsupported\n */\nexport const getTrustedTypesPolicy = (): TrustedTypePolicy | null => {\n  if (cachedPolicy) return cachedPolicy;\n  if (policyInitAttempted) return null;\n\n  if (typeof window === 'undefined') return null;\n\n  const win = window as TrustedTypesWindow;\n  if (!win.trustedTypes) return null;\n\n  policyInitAttempted = true;\n\n  try {\n    cachedPolicy = win.trustedTypes.createPolicy(POLICY_NAME, {\n      createHTML: (input: string) => sanitizeHtmlCore(input),\n    });\n    return cachedPolicy;\n  } catch (error) {\n    // Policy may already exist or be blocked by CSP\n    const errorMessage = error instanceof Error ? error.message : String(error);\n    console.warn(`bQuery: Could not create Trusted Types policy \"${POLICY_NAME}\": ${errorMessage}`);\n    return null;\n  }\n};\n\n/**\n * Create a Trusted HTML value for use with Trusted Types-enabled sites.\n * Falls back to regular string when Trusted Types are unavailable.\n *\n * @param html - The HTML string to wrap\n * @returns Trusted HTML value or sanitized string\n */\nexport const createTrustedHtml = (html: string): TrustedHTML | string => {\n  const policy = getTrustedTypesPolicy();\n  if (policy) {\n    return policy.createHTML(html);\n  }\n  return sanitizeHtmlCore(html);\n};\n","/**\n * Security utilities for HTML sanitization.\n * All DOM writes are sanitized by default to prevent XSS attacks.\n *\n * @module bquery/security\n */\n\nimport { sanitizeHtmlCore } from './sanitize-core';\nimport { toSanitizedHtml } from './trusted-html';\nimport type { SanitizedHtml } from './trusted-html';\nimport type { SanitizeOptions } from './types';\nexport { generateNonce } from './csp';\nexport { isTrustedTypesSupported } from './trusted-types';\nexport { trusted } from './trusted-html';\nexport type { SanitizedHtml, TrustedHtml } from './trusted-html';\n\n/**\n * Sanitize HTML string, removing dangerous elements and attributes.\n * Uses Trusted Types when available for CSP compliance.\n *\n * @param html - The HTML string to sanitize\n * @param options - Sanitization options\n * @returns Sanitized HTML string\n *\n * @example\n * ```ts\n * const safe = sanitizeHtml('<div onclick=\"alert(1)\">Hello</div>');\n * // Returns: '<div>Hello</div>'\n * ```\n */\nexport const sanitizeHtml = (html: string, options: SanitizeOptions = {}): SanitizedHtml => {\n  return toSanitizedHtml(sanitizeHtmlCore(html, options));\n};\n\n/**\n * Escape HTML entities to prevent XSS.\n * Use this for displaying user content as text.\n *\n * @param text - The text to escape\n * @returns Escaped HTML string\n *\n * @example\n * ```ts\n * escapeHtml('<script>alert(1)</script>');\n * // Returns: '&lt;script&gt;alert(1)&lt;/script&gt;'\n * ```\n */\nexport const escapeHtml = (text: string): string => {\n  const escapeMap: Record<string, string> = {\n    '&': '&amp;',\n    '<': '&lt;',\n    '>': '&gt;',\n    '\"': '&quot;',\n    \"'\": '&#x27;',\n    '`': '&#x60;',\n  };\n  return text.replace(/[&<>\"'`]/g, (char) => escapeMap[char]);\n};\n\n/**\n * Strip all HTML tags and return plain text.\n *\n * @param html - The HTML string to strip\n * @returns Plain text content\n */\nexport const stripTags = (html: string): string => {\n  return sanitizeHtmlCore(html, { stripAllTags: true });\n};\n\nexport type { SanitizeOptions } from './types';\n"],"mappings":"AASA,IAAa,IAAc,oBAKd,IAAuB,oBAAI,IAAI;AAAA,EAC1C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC,GAMY,IAAiB,oBAAI,IAAI;AAAA,EACpC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAIA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC,GAMY,IAAe,oBAAI,IAAI;AAAA,EAElC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AACF,CAAC,GAWY,IAA6B,oBAAI,IAAI;AAAA,EAChD;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC,GAKY,IAA0B;AAAA,EAAC;AAAA,EAAM;AAAA,EAAc;AAAA,EAAU;AAAQ,GAKjE,IAAsB;AAAA,EAAC;AAAA,EAAe;AAAA,EAAS;AAAA,EAAa;AAAO,GC7L1E,IAAA,CACJ,GACA,GACA,MACY;AACZ,QAAM,IAAY,EAAK,YAAY;AAGnC,aAAW,KAAU,EACnB,KAAI,EAAU,WAAW,CAAM,EAAG,QAAO;AAO3C,SAHI,KAAkB,EAAU,WAAW,OAAO,KAG9C,EAAU,WAAW,OAAO,IAAU,KAGnC,EAAW,IAAI,CAAS;AACjC,GAMM,IAAA,CAAkB,MAA2B;AACjD,QAAM,IAAa,EAAM,YAAY,EAAE,KAAK;AAC5C,SAAO,CAAC,EAAa,IAAI,CAAU;AACrC,GAOM,IAAA,CAAgB,MACpB,EAEG,QAAQ,2BAA2B,EAAE,EAErC,QAAQ,uCAAuC,EAAE,EAEjD,QAAQ,qBAAqB,EAAE,EAE/B,QAAQ,QAAQ,EAAE,EAElB,YAAY,GAMX,IAAA,CAAa,MAA2B;AAC5C,QAAM,IAAa,EAAa,CAAK;AACrC,aAAW,KAAY,EACrB,KAAI,EAAW,WAAW,CAAQ,EAAG,QAAO;AAE9C,SAAO;AACT,GAQM,IAAA,CAAgB,MAA2B;AAC/C,QAAM,IAAU,EAAM,MAAM,GAAG;AAC/B,aAAW,KAAS,GAAS;AAC3B,UAAM,IAAM,EAAM,KAAK,EAAE,MAAM,KAAK,EAAE,CAAA;AACtC,QAAI,KAAO,CAAC,EAAU,CAAG,EAAG,QAAO;AAAA,EACrC;AACA,SAAO;AACT,GAMM,IAAA,CAAiB,MAAyB;AAC9C,MAAI;AAEF,UAAM,IAAa,EAAI,KAAK;AAO5B,QAAI,EAAW,WAAW,IAAI,EAC5B,QAAO;AAIT,UAAM,IAAW,EAAW,YAAY;AAKxC,WADoB,uBAAuB,KAAK,CAC5C,KAAe,CAAC,EAAS,WAAW,SAAS,KAAK,CAAC,EAAS,WAAW,UAAU,IAG5E,KAIL,CAAC,EAAS,WAAW,SAAS,KAAK,CAAC,EAAS,WAAW,UAAU,IAC7D,KAIL,OAAO,SAAW,OAAe,CAAC,OAAO,WACpC,KAIF,IADY,IAAI,GAAY,OAAO,SAAS,IAC5C,EAAO,WAAW,OAAO,SAAS;AAAA,EAC3C,QAAQ;AAEN,WAAO;AAAA,EACT;AACF,GAeM,IAAA,CAAqB,MAGlB,IAFY,UAEZ,EAAO,gBAAgB,GAAa,WAAW,GAmBlD,IAAA,CAAmB,MAAmC;AAG1D,QAAM,KAAkB,OAAO,KAAS,WAAW,IAAO,OAAO,KAAQ,EAAE,GAAG,KAAK,GAG7E,IAAW,SAAS,uBAAuB;AAGjD,MAAI,EAAe,WAAW,EAC5B,QAAO;AAOT,MAAI,EADuB,EAAe,SAAS,GAAG,KAAK,EAAe,SAAS,GAAG;AAEpF,WAAA,EAAS,YAAY,SAAS,eAAe,CAAc,CAAC,GACrD;AAUT,QAAM,IAJM,EAAkB,CAIjB,EAAI;AAEjB,MAAI,CAAC,EACH,QAAO;AAGT,SAAO,EAAK,aACV,CAAA,EAAS,YAAY,EAAK,UAAU;AAGtC,SAAO;AACT,GAMa,IAAA,CAAoB,GAAc,IAA2B,CAAC,MAAc;AACvF,QAAM,EACJ,WAAA,IAAY,CAAC,GACb,iBAAA,IAAkB,CAAC,GACnB,qBAAA,IAAsB,IACtB,cAAA,IAAe,GAAA,IACb,GAGE,IAAc,IAAI,IACtB,CAAC,GAAG,GAAsB,GAAG,EAAU,IAAA,CAAK,MAAM,EAAE,YAAY,CAAC,CAAC,EAAE,OAAA,CACjE,MAAQ,CAAC,EAAe,IAAI,CAAG,CAClC,CACF,GACM,IAAe,oBAAI,IAAI,CAC3B,GAAG,GACH,GAAG,EAAgB,IAAA,CAAK,MAAM,EAAE,YAAY,CAAC,CAC/C,CAAC,GAGK,IAAW,EAAgB,CAAI;AAErC,MAAI,EACF,QAAO,EAAS,eAAe;AAIjC,QAAM,IAAS,SAAS,iBAAiB,GAAU,WAAW,YAAY,GAEpE,IAAsB,CAAC;AAE7B,SAAO,EAAO,SAAS,KAAG;AACxB,UAAM,IAAK,EAAO,aACZ,IAAU,EAAG,QAAQ,YAAY;AAGvC,QAAI,EAAe,IAAI,CAAO,GAAG;AAC/B,MAAA,EAAS,KAAK,CAAE;AAChB;AAAA,IACF;AAGA,QAAI,CAAC,EAAY,IAAI,CAAO,GAAG;AAC7B,MAAA,EAAS,KAAK,CAAE;AAChB;AAAA,IACF;AAGA,UAAM,IAA0B,CAAC;AACjC,eAAW,KAAQ,MAAM,KAAK,EAAG,UAAU,GAAG;AAC5C,YAAM,IAAW,EAAK,KAAK,YAAY;AAGvC,UAAI,CAAC,EAAmB,GAAU,GAAc,CAAmB,GAAG;AACpE,QAAA,EAAc,KAAK,EAAK,IAAI;AAC5B;AAAA,MACF;AAGA,WAAK,MAAa,QAAQ,MAAa,WAAW,CAAC,EAAe,EAAK,KAAK,GAAG;AAC7E,QAAA,EAAc,KAAK,EAAK,IAAI;AAC5B;AAAA,MACF;AAGA,WACG,MAAa,UAAU,MAAa,SAAS,MAAa,aAC3D,CAAC,EAAU,EAAK,KAAK,GACrB;AACA,QAAA,EAAc,KAAK,EAAK,IAAI;AAC5B;AAAA,MACF;AAGA,MAAI,MAAa,YAAY,CAAC,EAAa,EAAK,KAAK,KACnD,EAAc,KAAK,EAAK,IAAI;AAAA,IAEhC;AAGA,eAAW,KAAY,EACrB,CAAA,EAAG,gBAAgB,CAAQ;AAI7B,QAAI,MAAY,KAAK;AACnB,YAAM,IAAO,EAAG,aAAa,MAAM,GAE7B,IADS,EAAG,aAAa,QACR,GAAQ,YAAY,MAAM,UAC3C,IAAa,KAAQ,EAAc,CAAI;AAG7C,UAAI,KAAkB,GAAY;AAChC,cAAM,IAAc,EAAG,aAAa,KAAK,GACnC,IAAY,IAAI,IAAI,IAAc,EAAY,MAAM,KAAK,EAAE,OAAO,OAAO,IAAI,CAAC,CAAC;AAGrF,QAAA,EAAU,IAAI,UAAU,GACxB,EAAU,IAAI,YAAY,GAE1B,EAAG,aAAa,OAAO,MAAM,KAAK,CAAS,EAAE,KAAK,GAAG,CAAC;AAAA,MACxD;AAAA,IACF;AAAA,EACF;AAGA,aAAW,KAAM,EACf,CAAA,EAAG,OAAO;AAKZ,QAAM,IAAA,CAAqB,MAAmC;AAC5D,UAAM,IAAY,SAAS,cAAc,KAAK;AAC9C,WAAA,EAAU,YAAY,EAAK,UAAU,EAAI,CAAC,GACnC,EAAU;AAAA,EACnB,GAMM,IAAY,EAAkB,CAAQ,GAKtC,IAAa,EADI,EAAgB,CACF,CAAc;AAGnD,SAAI,MAAc,IAGT,EAAS,eAAe,KAG1B;AACT,GC1WM,IAAkC,uBAAO,2BAA2B,GACpE,IAAqB,uBAAO,qBAAqB,GAwB1C,IAAA,CAAmB,MAAgC,GAcnD,IAAA,CAAW,MAAqC;AAC3D,QAAM,IAAQ,OAAO,CAAI;AACzB,SAAO,OAAO,OAAO;AAAA,KAClB,CAAA,GAAmB;AAAA,KACnB,CAAA,GAAqB;AAAA,IACtB,UAAA,MAAgB;AAAA,EAClB,CAAC;AACH,GAOa,IAAA,CAAiB,MAE1B,OAAO,KAAU,YACjB,MAAU,QACV,KAAoB,KACpB,KAAsB,GASb,IAAA,CAAqB,MACxB,EAA2B,CAAA,GC9D/B,IAAmB,MAGnB,IAAa,MAWN,IAAA,CAAiB,IAAiB,OAAe;AAE5D,MAAI,CAAC,OAAO,UAAU,CAAM,KAAK,IAAS,EACxC,OAAM,IAAI,WAAW,iDAAiD;AAExE,MAAI,IAAS,EACX,OAAM,IAAI,WAAW,wCAAwC,CAAA,EAAkB;AAIjF,MACE,OAAO,WAAW,SAAW,OAC7B,OAAO,WAAW,OAAO,mBAAoB,WAE7C,OAAM,IAAI,MACR,mFACF;AAEF,MAAI,OAAO,WAAW,QAAS,WAC7B,OAAM,IAAI,MAAM,iEAAiE;AAGnF,QAAM,IAAQ,IAAI,WAAW,CAAM;AACnC,aAAW,OAAO,gBAAgB,CAAK;AAGvC,MAAI,IAAe;AACnB,WAAS,IAAI,GAAG,IAAI,EAAM,QAAQ,KAAK,GAAY;AACjD,UAAM,IAAQ,EAAM,SAAS,GAAG,KAAK,IAAI,IAAI,GAAY,EAAM,MAAM,CAAC;AACtE,IAAA,KAAgB,OAAO,aAAa,GAAG,CAAK;AAAA,EAC9C;AAEA,SAAO,WAAW,KAAK,CAAY,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,MAAM,EAAE;AAC/F,GASa,IAAA,CAAmB,MAA+B;AAE7D,MAAI,OAAO,WAAa,IACtB,QAAO;AAIT,QAAM,IAAO,SAAS,cAAc,4CAA4C;AAChF,SAAI,KACc,EAAK,aAAa,SAAS,KAAK,IACjC,SAAS,CAAS,IAE5B;AACT,GCjEI,IAAyC,MAGzC,IAAsB,IAMb,IAAA,MAET,OAAO,SAAW,OAClB,OAAQ,OAA8B,eAAiB,KAQ9C,IAAA,MAAwD;AACnE,MAAI,EAAc,QAAO;AAGzB,MAFI,KAEA,OAAO,SAAW,IAAa,QAAO;AAE1C,QAAM,IAAM;AACZ,MAAI,CAAC,EAAI,aAAc,QAAO;AAE9B,EAAA,IAAsB;AAEtB,MAAI;AACF,WAAA,IAAe,EAAI,aAAa,aAAa,GAAa,EACxD,YAAA,CAAa,MAAkB,EAAiB,CAAK,EACvD,CAAC,GACM;AAAA,EACT,SAAS,GAAO;AAEd,UAAM,IAAe,aAAiB,QAAQ,EAAM,UAAU,OAAO,CAAK;AAC1E,mBAAQ,KAAK,kDAAkD,CAAA,MAAiB,CAAA,EAAc,GACvF;AAAA,EACT;AACF,GASa,IAAA,CAAqB,MAAuC;AACvE,QAAM,IAAS,EAAsB;AACrC,SAAI,IACK,EAAO,WAAW,CAAI,IAExB,EAAiB,CAAI;AAC9B,GCtCa,IAAA,CAAgB,GAAc,IAA2B,CAAC,MAC9D,EAAgB,EAAiB,GAAM,CAAO,CAAC,GAgB3C,KAAA,CAAc,MAAyB;AAClD,QAAM,IAAoC;AAAA,IACxC,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,EACP;AACA,SAAO,EAAK,QAAQ,aAAA,CAAc,MAAS,EAAU,CAAA,CAAK;AAC5D,GAQa,KAAA,CAAa,MACjB,EAAiB,GAAM,EAAE,cAAc,GAAK,CAAC"}

package/dist/server/create-server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"create-server.d.ts","sourceRoot":"","sources":["../../src/server/create-server.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,mBAAmB,EACnB,SAAS,EAkBT,sBAAsB,EACvB,MAAM,SAAS,CAAC;AA+PjB;;GAEG;AACH,eAAO,MAAM,kBAAkB,GAAI,SAAS,OAAO,KAAG,OA0BrD,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,wBAAwB,GAAI,OAAO,OAAO,KAAG,KAAK,IAAI,sBAYlE,CAAC;AA8NF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,YAAY,GAAI,UAAS,mBAAwB,KAAG,SAgMhE,CAAC"}
+{"version":3,"file":"create-server.d.ts","sourceRoot":"","sources":["../../src/server/create-server.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,mBAAmB,EACnB,SAAS,EAkBT,sBAAsB,EACvB,MAAM,SAAS,CAAC;AA+PjB;;GAEG;AACH,eAAO,MAAM,kBAAkB,GAAI,SAAS,OAAO,KAAG,OA0BrD,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,wBAAwB,GAAI,OAAO,OAAO,KAAG,KAAK,IAAI,sBAYlE,CAAC;AAiOF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,YAAY,GAAI,UAAS,mBAAwB,KAAG,SAkMhE,CAAC"}

package/dist/server/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/server/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAClD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAEpD;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC;CAC9C;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC;;;;OAIG;IACH,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;IAElB;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,OAAO,CAAC,EAAE,WAAW,CAAC;IAEtB;;OAEG;IACH,IAAI,CAAC,EAAE,QAAQ,GAAG,IAAI,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAmB,SAAQ,YAAY;IACtD,OAAO,CAAC,EAAE,WAAW,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAuB,SAAQ,kBAAkB;IAChE;;;;OAIG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,2BAA4B,SAAQ,aAAa;IAChE;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,OAAO,CAAC,EAAE,WAAW,CAAC;CACvB;AAED;;;;GAIG;AACH,MAAM,MAAM,mBAAmB,GAAG,MAAM,GAAG,IAAI,GAAG,eAAe,GAAG,eAAe,CAAC;AAEpF;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;IAEb;;OAEG;IACH,IAAI,CAAC,IAAI,EAAE,mBAAmB,GAAG,IAAI,CAAC;IAEtC;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7C;AAED;;GAEG;AACH,MAAM,WAAW,yBAA0B,SAAQ,mBAAmB;IACpE;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,CAAC;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,OAAO,EAAE,OAAO,CAAC;IAEjB;;OAEG;IACH,GAAG,EAAE,GAAG,CAAC;IAET;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,IAAI,EAAE,MAAM,CAAC;IAEb;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE/B;;OAEG;IACH,KAAK,EAAE,WAAW,CAAC;IAEnB;;OAEG;IACH,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAE/B;;;;;;;OAOG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,QAAQ,GAAG,IAAI,EAAE,IAAI,CAAC,EAAE,kBAAkB,GAAG,QAAQ,CAAC;IAEtE;;;;;;;OAOG;IACH,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,kBAAkB,GAAG,QAAQ,CAAC;IAExD;;;;;;;OAOG;IACH,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,sBAAsB,GAAG,QAAQ,CAAC;IAE5D;;;;;;;OAOG;IACH,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,kBAAkB,GAAG,QAAQ,CAAC;IAEzD;;;;;;;OAOG;IACH,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,GAAG,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,QAAQ,CAAC;IAE5D;;;;;;;OAOG;IACH,MAAM,CACJ,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,cAAc,EACpB,OAAO,CAAC,EAAE,2BAA2B,GACpC,QAAQ,CAAC;IAEZ;;OAEG;IACH,kBAAkB,EAAE,OAAO,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,CAAC,OAAO,EAAE,aAAa,GAAG,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;CACxD;AAED;;GAEG;AACH,MAAM,WAAW,yBAAyB,CAAC,QAAQ,GAAG,OAAO;IAC3D;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAE9B;;OAEG;IACH,OAAO,CAAC,EAAE,WAAW,CAAC;IAEtB;;;;OAIG;IACH,WAAW,CAAC,EAAE,CAAC,KAAK,EAAE,YAAY,KAAK,QAAQ,CAAC;IAEhD;;OAEG;IACH,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,yBAAyB,EAAE,OAAO,EAAE,aAAa,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7F;;OAEG;IACH,SAAS,CAAC,EAAE,CACV,IAAI,EAAE,QAAQ,EACd,MAAM,EAAE,yBAAyB,EACjC,OAAO,EAAE,aAAa,EACtB,KAAK,EAAE,YAAY,KAChB,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE1B;;OAEG;IACH,OAAO,CAAC,EAAE,CACR,KAAK,EAAE,UAAU,EACjB,MAAM,EAAE,yBAAyB,EACjC,OAAO,EAAE,aAAa,KACnB,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE1B;;OAEG;IACH,OAAO,CAAC,EAAE,CACR,KAAK,EAAE,KAAK,EACZ,MAAM,EAAE,yBAAyB,EACjC,OAAO,EAAE,aAAa,KACnB,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,MAAM,2BAA2B,CAAC,QAAQ,GAAG,OAAO,IACtD,yBAAyB,CAAC,QAAQ,CAAC,GACnC,CAAC,CACC,OAAO,EAAE,aAAa,KACnB,yBAAyB,CAAC,QAAQ,CAAC,GAAG,OAAO,CAAC,yBAAyB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;AAE7F;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC;;OAEG;IACH,OAAO,EAAE,aAAa,CAAC;IAEvB;;OAEG;IACH,SAAS,EAAE,MAAM,EAAE,CAAC;IAEpB;;OAEG;IACH,OAAO,CAAC,EAAE,WAAW,CAAC;IAEtB;;OAEG;IACH,IAAI,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjD;;OAEG;IACH,OAAO,CAAC,MAAM,EAAE,mBAAmB,EAAE,KAAK,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEzE;;OAEG;IACH,KAAK,CAAC,MAAM,EAAE,mBAAmB,EAAE,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAErE;;OAEG;IACH,KAAK,CAAC,MAAM,EAAE,mBAAmB,EAAE,KAAK,EAAE,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACjE;AAED;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,QAAQ,GAAG,sBAAsB,GAAG,IAAI,CAAC;AAEpE;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,IAAI,OAAO,CAAC,QAAQ,CAAC,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,CAAC,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,UAAU,GAAG,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;CAC1E;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,IAAI,OAAO,CAAC,YAAY,CAAC,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC,CAAC,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,mBAAmB,GAAG,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;CAC3F;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;OAEG;IACH,IAAI,EAAE,MAAM,CAAC;IAEb;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAE3B;;OAEG;IACH,WAAW,CAAC,EAAE,gBAAgB,EAAE,CAAC;IAEjC;;OAEG;IACH,OAAO,EAAE,aAAa,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;OAEG;IACH,WAAW,CAAC,EAAE,gBAAgB,EAAE,CAAC;IAEjC;;OAEG;IACH,QAAQ,CAAC,EAAE,aAAa,CAAC;IAEzB;;OAEG;IACH,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,aAAa,KAAK,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;CACpF;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB;;OAEG;IACH,GAAG,CAAC,UAAU,EAAE,gBAAgB,GAAG,SAAS,CAAC;IAE7C;;OAEG;IACH,GAAG,CAAC,KAAK,EAAE,WAAW,GAAG,SAAS,CAAC;IAEnC;;OAEG;IACH,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,WAAW,CAAC,EAAE,gBAAgB,EAAE,GAAG,SAAS,CAAC;IAEvF;;OAEG;IACH,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,WAAW,CAAC,EAAE,gBAAgB,EAAE,GAAG,SAAS,CAAC;IAExF;;OAEG;IACH,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,WAAW,CAAC,EAAE,gBAAgB,EAAE,GAAG,SAAS,CAAC;IAEvF;;OAEG;IACH,KAAK,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,WAAW,CAAC,EAAE,gBAAgB,EAAE,GAAG,SAAS,CAAC;IAEzF;;OAEG;IACH,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,WAAW,CAAC,EAAE,gBAAgB,EAAE,GAAG,SAAS,CAAC;IAE1F;;OAEG;IACH,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,WAAW,CAAC,EAAE,gBAAgB,EAAE,GAAG,SAAS,CAAC;IAEvF;;OAEG;IACH,EAAE,CAAC,QAAQ,GAAG,OAAO,EACnB,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,2BAA2B,CAAC,QAAQ,CAAC,EAC9C,WAAW,CAAC,EAAE,yBAAyB,EAAE,GACxC,SAAS,CAAC;IAEb;;OAEG;IACH,MAAM,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,GAAG,GAAG,GAAG,iBAAiB,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAE7E;;;;;OAKG;IACH,eAAe,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,GAAG,GAAG,GAAG,iBAAiB,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;CAC3F"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/server/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAClD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAEpD;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC;CAC9C;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC;;;;OAIG;IACH,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;IAElB;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,OAAO,CAAC,EAAE,WAAW,CAAC;IAEtB;;OAEG;IACH,IAAI,CAAC,EAAE,QAAQ,GAAG,IAAI,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAmB,SAAQ,YAAY;IACtD,OAAO,CAAC,EAAE,WAAW,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAuB,SAAQ,kBAAkB;IAChE;;;;OAIG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,2BAA4B,SAAQ,aAAa;IAChE;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,OAAO,CAAC,EAAE,WAAW,CAAC;CACvB;AAED;;;;GAIG;AACH,MAAM,MAAM,mBAAmB,GAAG,MAAM,GAAG,IAAI,GAAG,eAAe,GAAG,eAAe,CAAC;AAEpF;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;IAEb;;OAEG;IACH,IAAI,CAAC,IAAI,EAAE,mBAAmB,GAAG,IAAI,CAAC;IAEtC;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7C;AAED;;GAEG;AACH,MAAM,WAAW,yBAA0B,SAAQ,mBAAmB;IACpE;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,CAAC;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,OAAO,EAAE,OAAO,CAAC;IAEjB;;OAEG;IACH,GAAG,EAAE,GAAG,CAAC;IAET;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,IAAI,EAAE,MAAM,CAAC;IAEb;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE/B;;OAEG;IACH,KAAK,EAAE,WAAW,CAAC;IAEnB;;OAEG;IACH,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAE/B;;;;;;;OAOG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,QAAQ,GAAG,IAAI,EAAE,IAAI,CAAC,EAAE,kBAAkB,GAAG,QAAQ,CAAC;IAEtE;;;;;;;OAOG;IACH,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,kBAAkB,GAAG,QAAQ,CAAC;IAExD;;;;;;;OAOG;IACH,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,sBAAsB,GAAG,QAAQ,CAAC;IAE5D;;;;;;;OAOG;IACH,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,kBAAkB,GAAG,QAAQ,CAAC;IAEzD;;;;;;;OAOG;IACH,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,GAAG,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,QAAQ,CAAC;IAE5D;;;;;;;OAOG;IACH,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,CAAC,EAAE,2BAA2B,GAAG,QAAQ,CAAC;IAEhG;;OAEG;IACH,kBAAkB,EAAE,OAAO,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,CAAC,OAAO,EAAE,aAAa,GAAG,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;CACxD;AAED;;GAEG;AACH,MAAM,WAAW,yBAAyB,CAAC,QAAQ,GAAG,OAAO;IAC3D;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAE9B;;OAEG;IACH,OAAO,CAAC,EAAE,WAAW,CAAC;IAEtB;;;;OAIG;IACH,WAAW,CAAC,EAAE,CAAC,KAAK,EAAE,YAAY,KAAK,QAAQ,CAAC;IAEhD;;OAEG;IACH,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,yBAAyB,EAAE,OAAO,EAAE,aAAa,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7F;;OAEG;IACH,SAAS,CAAC,EAAE,CACV,IAAI,EAAE,QAAQ,EACd,MAAM,EAAE,yBAAyB,EACjC,OAAO,EAAE,aAAa,EACtB,KAAK,EAAE,YAAY,KAChB,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE1B;;OAEG;IACH,OAAO,CAAC,EAAE,CACR,KAAK,EAAE,UAAU,EACjB,MAAM,EAAE,yBAAyB,EACjC,OAAO,EAAE,aAAa,KACnB,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE1B;;OAEG;IACH,OAAO,CAAC,EAAE,CACR,KAAK,EAAE,KAAK,EACZ,MAAM,EAAE,yBAAyB,EACjC,OAAO,EAAE,aAAa,KACnB,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,MAAM,2BAA2B,CAAC,QAAQ,GAAG,OAAO,IACtD,yBAAyB,CAAC,QAAQ,CAAC,GACnC,CAAC,CACC,OAAO,EAAE,aAAa,KACnB,yBAAyB,CAAC,QAAQ,CAAC,GAAG,OAAO,CAAC,yBAAyB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;AAE7F;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC;;OAEG;IACH,OAAO,EAAE,aAAa,CAAC;IAEvB;;OAEG;IACH,SAAS,EAAE,MAAM,EAAE,CAAC;IAEpB;;OAEG;IACH,OAAO,CAAC,EAAE,WAAW,CAAC;IAEtB;;OAEG;IACH,IAAI,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjD;;OAEG;IACH,OAAO,CAAC,MAAM,EAAE,mBAAmB,EAAE,KAAK,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEzE;;OAEG;IACH,KAAK,CAAC,MAAM,EAAE,mBAAmB,EAAE,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAErE;;OAEG;IACH,KAAK,CAAC,MAAM,EAAE,mBAAmB,EAAE,KAAK,EAAE,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACjE;AAED;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,QAAQ,GAAG,sBAAsB,GAAG,IAAI,CAAC;AAEpE;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,IAAI,OAAO,CAAC,QAAQ,CAAC,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,CAAC,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,UAAU,GAAG,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;CAC1E;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,IAAI,OAAO,CAAC,YAAY,CAAC,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC,CAAC,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,mBAAmB,GAAG,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;CAC3F;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;OAEG;IACH,IAAI,EAAE,MAAM,CAAC;IAEb;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAE3B;;OAEG;IACH,WAAW,CAAC,EAAE,gBAAgB,EAAE,CAAC;IAEjC;;OAEG;IACH,OAAO,EAAE,aAAa,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;OAEG;IACH,WAAW,CAAC,EAAE,gBAAgB,EAAE,CAAC;IAEjC;;OAEG;IACH,QAAQ,CAAC,EAAE,aAAa,CAAC;IAEzB;;OAEG;IACH,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,aAAa,KAAK,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;CACpF;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB;;OAEG;IACH,GAAG,CAAC,UAAU,EAAE,gBAAgB,GAAG,SAAS,CAAC;IAE7C;;OAEG;IACH,GAAG,CAAC,KAAK,EAAE,WAAW,GAAG,SAAS,CAAC;IAEnC;;OAEG;IACH,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,WAAW,CAAC,EAAE,gBAAgB,EAAE,GAAG,SAAS,CAAC;IAEvF;;OAEG;IACH,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,WAAW,CAAC,EAAE,gBAAgB,EAAE,GAAG,SAAS,CAAC;IAExF;;OAEG;IACH,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,WAAW,CAAC,EAAE,gBAAgB,EAAE,GAAG,SAAS,CAAC;IAEvF;;OAEG;IACH,KAAK,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,WAAW,CAAC,EAAE,gBAAgB,EAAE,GAAG,SAAS,CAAC;IAEzF;;OAEG;IACH,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,WAAW,CAAC,EAAE,gBAAgB,EAAE,GAAG,SAAS,CAAC;IAE1F;;OAEG;IACH,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,WAAW,CAAC,EAAE,gBAAgB,EAAE,GAAG,SAAS,CAAC;IAEvF;;OAEG;IACH,EAAE,CAAC,QAAQ,GAAG,OAAO,EACnB,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,2BAA2B,CAAC,QAAQ,CAAC,EAC9C,WAAW,CAAC,EAAE,yBAAyB,EAAE,GACxC,SAAS,CAAC;IAEb;;OAEG;IACH,MAAM,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,GAAG,GAAG,GAAG,iBAAiB,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAE7E;;;;;OAKG;IACH,eAAe,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,GAAG,GAAG,GAAG,iBAAiB,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;CAC3F"}

package/dist/{server-QdyKtCS1.js → server-Dwiq_F49.js}

@@ -1,6 +1,6 @@
 import { n as q } from "./sanitize-DOMkRO9G.js";
 import { i as L } from "./object-BCk-1c8T.js";
-import { L as H, N as J } from "./ssr-Bt6BQA3J.js";
+import { L as H, N as J } from "./ssr-CqJU1Ogp.js";
 var M = "http://localhost", D = {
   "<": "\\u003C",
   ">": "\\u003E",
@@ -346,4 +346,4 @@ export {
   ce as t
 };
 
-//# sourceMappingURL=server-QdyKtCS1.js.map
+//# sourceMappingURL=server-Dwiq_F49.js.map

package/dist/server-Dwiq_F49.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server-Dwiq_F49.js","names":[],"sources":["../src/server/create-server.ts"],"sourcesContent":["import { isPrototypePollutionKey } from '../core/utils/object';\nimport { sanitizeHtml } from '../security/index';\nimport { renderToString, serializeStoreState } from '../ssr/index';\nimport type {\n  CreateServerOptions,\n  ServerApp,\n  ServerContext,\n  ServerHandler,\n  ServerHtmlResponseInit,\n  ServerMiddleware,\n  ServerNext,\n  ServerQuery,\n  ServerRenderResponseOptions,\n  ServerResult,\n  ServerRequestInit,\n  ServerResponseInit,\n  ServerRoute,\n  ServerWebSocketConnection,\n  ServerWebSocketHandlerSet,\n  ServerWebSocketMiddleware,\n  ServerWebSocketNext,\n  ServerWebSocketPeer,\n  ServerWebSocketRouteHandler,\n  ServerWebSocketSession,\n} from './types';\n\ninterface CompiledRoute {\n  handler: ServerHandler;\n  methods: Set<string> | null;\n  middlewares: ServerMiddleware[];\n  paramNames: string[];\n  path: string;\n  pattern: RegExp;\n}\n\ntype CompiledWebSocketRoute = Omit<CompiledRoute, 'handler' | 'middlewares'> & {\n  handler: ServerWebSocketRouteHandler<unknown>;\n  middlewares: ServerWebSocketMiddleware[];\n};\n\ntype PipelineHandler = (context: ServerContext, next: ServerNext) => Response | Promise<Response>;\ntype WebSocketPipelineHandler = (\n  context: ServerContext,\n  next: ServerWebSocketNext\n) => ServerResult | Promise<ServerResult>;\n\nconst DEFAULT_BASE_URL = 'http://localhost';\nconst JSON_ESCAPE_LOOKUP: Record<string, string> = {\n  '<': '\\\\u003C',\n  '>': '\\\\u003E',\n  '&': '\\\\u0026',\n  '\\u2028': '\\\\u2028',\n  '\\u2029': '\\\\u2029',\n};\nconst JSON_ESCAPE_PATTERN = /[<>&\\u2028\\u2029]/g;\nconst METHOD_ALL = null;\nconst WEBSOCKET_PASSTHROUGH_HEADER = 'x-bquery-websocket-passthrough';\n\nconst escapeRegex = (value: string): string => value.replace(/[.*+?^${}()|[\\]\\\\]/g, '\\\\$&');\n/**\n * Creates a null-prototype dictionary for request-derived data.\n *\n * Request-controlled keys such as query params and route params must never write\n * into the default object prototype, otherwise names like `__proto__` can trigger\n * prototype-pollution bugs. Using `Object.create(null)` keeps these maps isolated\n * even before higher-level validation runs.\n */\nconst createDictionary = <T>(): Record<string, T> => Object.create(null) as Record<string, T>;\n\nconst normalizePath = (path: string): string => {\n  if (!path) {\n    throw new Error(`route path must be a non-empty string; received ${String(path)}`);\n  }\n\n  if (path === '*' || path === '/*') {\n    return '/*';\n  }\n\n  const withLeadingSlash = path.startsWith('/') ? path : `/${path}`;\n  if (withLeadingSlash.length > 1 && withLeadingSlash.endsWith('/')) {\n    return withLeadingSlash.slice(0, -1);\n  }\n\n  return withLeadingSlash;\n};\n\nconst compileRoutePath = (path: string): Pick<CompiledRoute, 'paramNames' | 'path' | 'pattern'> => {\n  const normalizedPath = normalizePath(path);\n\n  if (normalizedPath === '/*') {\n    return { path: normalizedPath, paramNames: [], pattern: /^\\/.*$/ };\n  }\n\n  const segments = normalizedPath.split('/').filter(Boolean);\n  if (segments.length === 0) {\n    return { path: normalizedPath, paramNames: [], pattern: /^\\/$/ };\n  }\n\n  const paramNames: string[] = [];\n  let source = '^';\n\n  for (const [index, segment] of segments.entries()) {\n    source += '/';\n    if (segment === '*') {\n      if (index !== segments.length - 1) {\n        throw new Error(`invalid route path: \"*\" must be the final segment in \"${normalizedPath}\"`);\n      }\n      source += '.*';\n      break;\n    }\n\n    if (segment.startsWith(':')) {\n      const paramName = segment.slice(1);\n      if (!/^[A-Za-z_$][\\w$]*$/.test(paramName)) {\n        throw new Error(\n          `invalid route param name: ${paramName} - must start with a letter, $, or _ and contain only word characters`\n        );\n      }\n      if (isPrototypePollutionKey(paramName)) {\n        throw new Error(`invalid route param name: ${paramName} - reserved for object safety`);\n      }\n      paramNames.push(paramName);\n      source += '([^/]+)';\n      continue;\n    }\n\n    source += escapeRegex(segment);\n  }\n\n  source += '/?$';\n  return { path: normalizedPath, paramNames, pattern: new RegExp(source) };\n};\n\nconst normalizeMethods = (method?: string | string[]): Set<string> | null => {\n  if (typeof method === 'undefined') {\n    return METHOD_ALL;\n  }\n\n  const values = Array.isArray(method) ? method : [method];\n  if (values.length === 0) {\n    throw new Error('route method must be specified - received empty array');\n  }\n\n  const normalizedMethods = new Set(\n    values.map((value) => value.trim().toUpperCase()).filter(Boolean)\n  );\n  if (normalizedMethods.size === 0) {\n    throw new Error(\n      `route method must include at least one non-empty method string; received ${JSON.stringify(method)}`\n    );\n  }\n\n  return normalizedMethods;\n};\n\nconst parseQuery = (url: URL): ServerQuery => {\n  const query = createDictionary<string | string[] | undefined>() as ServerQuery;\n\n  for (const [key, value] of url.searchParams.entries()) {\n    if (isPrototypePollutionKey(key)) {\n      continue;\n    }\n    const current = query[key];\n    if (typeof current === 'undefined') {\n      query[key] = value;\n    } else if (Array.isArray(current)) {\n      current.push(value);\n    } else {\n      query[key] = [current, value];\n    }\n  }\n\n  return query;\n};\n\nconst normalizeUrl = (value: string | URL, baseUrl: string): URL => {\n  return value instanceof URL ? new URL(value.toString()) : new URL(value, baseUrl);\n};\n\nconst normalizeRequest = (\n  input: Request | string | URL | ServerRequestInit,\n  baseUrl: string\n): Request => {\n  if (input instanceof Request) {\n    return input;\n  }\n\n  if (typeof input === 'string' || input instanceof URL) {\n    return new Request(normalizeUrl(input, baseUrl).toString());\n  }\n\n  const { url, method = 'GET', headers, body = null } = input;\n  return new Request(normalizeUrl(url, baseUrl).toString(), { method, headers, body });\n};\n\nconst normalizeWebSocketProtocols = (protocols?: string | string[]): string[] => {\n  if (typeof protocols === 'undefined') {\n    return [];\n  }\n\n  const values = Array.isArray(protocols) ? protocols : [protocols];\n  return [...new Set(values.map((value) => value.trim()).filter(Boolean))];\n};\n\nconst defaultDeserialize = <TReceive>(event: MessageEvent): TReceive => {\n  const raw = event.data;\n  if (typeof raw === 'string') {\n    try {\n      return JSON.parse(raw) as TReceive;\n    } catch {\n      // Match `useWebSocket()` in `src/reactive/websocket.ts`: malformed JSON\n      // payloads fall back to the original string instead of throwing.\n      return raw as TReceive;\n    }\n  }\n\n  return raw as TReceive;\n};\n\nconst escapeJsonString = (value: string): string =>\n  value.replace(JSON_ESCAPE_PATTERN, (match) => JSON_ESCAPE_LOOKUP[match]);\n\nconst createHeaders = (headers?: HeadersInit): Headers => new Headers(headers);\n\nconst withContentType = (headers: Headers, contentType: string): Headers => {\n  if (!headers.has('content-type')) {\n    headers.set('content-type', contentType);\n  }\n  return headers;\n};\n\nconst response = (body?: BodyInit | null, init: ServerResponseInit = {}): Response => {\n  const { headers, ...rest } = init;\n  return new Response(body, { ...rest, headers: createHeaders(headers) });\n};\n\nconst text = (body: string, init: ServerResponseInit = {}): Response => {\n  const headers = withContentType(createHeaders(init.headers), 'text/plain; charset=utf-8');\n  return response(body, { ...init, headers });\n};\n\nconst html = (body: string, init: ServerHtmlResponseInit = {}): Response => {\n  const { trusted = false, ...rest } = init;\n  const headers = withContentType(createHeaders(rest.headers), 'text/html; charset=utf-8');\n  return response(trusted ? body : sanitizeHtml(body), { ...rest, headers });\n};\n\nconst json = (data: unknown, init: ServerResponseInit = {}): Response => {\n  const headers = withContentType(createHeaders(init.headers), 'application/json; charset=utf-8');\n  let serialized: string;\n  try {\n    serialized = JSON.stringify(data) ?? 'null';\n  } catch {\n    serialized = 'null';\n  }\n  return response(escapeJsonString(serialized), { ...init, headers });\n};\n\nconst redirect = (location: string | URL, status = 302): Response => {\n  const headers = createHeaders({ location: location.toString() });\n  return response(null, { headers, status });\n};\n\nconst render = (\n  template: string,\n  data: Parameters<typeof renderToString>[1],\n  options: ServerRenderResponseOptions = {}\n): Response => {\n  const { includeStoreState = false, status = 200, headers, ...renderOptions } = options;\n  const result = renderToString(template, data, { ...renderOptions, includeStoreState: false });\n  const storeState = includeStoreState\n    ? serializeStoreState({\n        storeIds: Array.isArray(includeStoreState) ? includeStoreState : undefined,\n      }).scriptTag\n    : '';\n  const body = `${result.html}${storeState}`;\n  return html(body, { headers, status, trusted: true });\n};\n\n/**\n * Returns `true` when the request is a WebSocket upgrade handshake.\n */\nexport const isWebSocketRequest = (request: Request): boolean => {\n  if (request.method.toUpperCase() !== 'GET') {\n    return false;\n  }\n\n  const upgrade = request.headers.get('upgrade');\n  if (typeof upgrade !== 'string' || upgrade.trim().toLowerCase() !== 'websocket') {\n    return false;\n  }\n\n  const connection = request.headers.get('connection');\n  if (typeof connection !== 'string') {\n    return false;\n  }\n\n  if (!connection.split(',').some((part) => part.trim().toLowerCase() === 'upgrade')) {\n    return false;\n  }\n\n  const version = request.headers.get('sec-websocket-version');\n  if (version?.trim() !== '13') {\n    return false;\n  }\n\n  const key = request.headers.get('sec-websocket-key')?.trim();\n  return typeof key === 'string' && /^[A-Za-z0-9+/]{22}==$/.test(key);\n};\n\n/**\n * Type guard for values returned by `handleWebSocket()`.\n */\nexport const isServerWebSocketSession = (value: unknown): value is ServerWebSocketSession => {\n  if (typeof value !== 'object' || value === null || value instanceof Response) {\n    return false;\n  }\n\n  const candidate = value as Record<string, unknown>;\n  return (\n    typeof candidate.open === 'function' &&\n    typeof candidate.message === 'function' &&\n    typeof candidate.close === 'function' &&\n    typeof candidate.error === 'function'\n  );\n};\n\nconst createWebSocketConnectionFactory = () => {\n  const cache = new WeakMap<object, ServerWebSocketConnection>();\n\n  return (socket: ServerWebSocketPeer): ServerWebSocketConnection => {\n    const existing = cache.get(socket);\n    if (existing) {\n      return existing;\n    }\n\n    const connection: ServerWebSocketConnection = {\n      get protocol() {\n        return socket.protocol;\n      },\n      get readyState() {\n        return socket.readyState;\n      },\n      get url() {\n        return socket.url;\n      },\n      send(data) {\n        socket.send(data);\n      },\n      sendJson(data) {\n        const payload = JSON.stringify(data);\n        if (typeof payload !== 'string') {\n          throw new TypeError('socket.sendJson() does not support undefined values');\n        }\n        socket.send(payload);\n      },\n      close(code, reason) {\n        socket.close(code, reason);\n      },\n    };\n\n    cache.set(socket, connection);\n    return connection;\n  };\n};\n\nconst createWebSocketSession = <TReceive>(\n  context: ServerContext,\n  handlers: ServerWebSocketHandlerSet<TReceive>\n): ServerWebSocketSession => {\n  const toConnection = createWebSocketConnectionFactory();\n  const deserialize = handlers.deserialize ?? defaultDeserialize<TReceive>;\n\n  return {\n    context,\n    protocols: normalizeWebSocketProtocols(handlers.protocols),\n    headers: handlers.headers,\n    async open(socket) {\n      if (handlers.onOpen) {\n        await handlers.onOpen(toConnection(socket), context);\n      }\n    },\n    async message(socket, event) {\n      if (handlers.onMessage) {\n        await handlers.onMessage(deserialize(event), toConnection(socket), context, event);\n      }\n    },\n    async close(socket, event) {\n      if (handlers.onClose) {\n        await handlers.onClose(event, toConnection(socket), context);\n      }\n    },\n    async error(socket, event) {\n      if (handlers.onError) {\n        await handlers.onError(event, toConnection(socket), context);\n      }\n    },\n  };\n};\n\nconst createWebSocketPassthroughResponse = (): Response => {\n  const headers = createHeaders({\n    [WEBSOCKET_PASSTHROUGH_HEADER]: '1',\n  });\n  return response(null, { headers, status: 204 });\n};\n\nconst isWebSocketPassthroughResponse = (value: Response): boolean => {\n  return value.headers.get(WEBSOCKET_PASSTHROUGH_HEADER) === '1';\n};\n\nconst matchRoute = (\n  route: Pick<CompiledRoute, 'methods' | 'paramNames' | 'pattern'>,\n  method: string,\n  path: string\n): Record<string, string> | null => {\n  if (route.methods && !route.methods.has(method)) {\n    return null;\n  }\n\n  const match = route.pattern.exec(path);\n  if (!match) {\n    return null;\n  }\n\n  const params = createDictionary<string>();\n  for (const [index, paramName] of route.paramNames.entries()) {\n    try {\n      params[paramName] = decodeURIComponent(match[index + 1] ?? '');\n    } catch (error) {\n      if (error instanceof URIError) {\n        return null;\n      }\n      throw error;\n    }\n  }\n\n  return params;\n};\n\nconst resolveMatchingRoute = <TRoute extends CompiledRoute | CompiledWebSocketRoute>(\n  routes: TRoute[],\n  method: string,\n  path: string,\n  context: ServerContext\n): TRoute | null => {\n  for (const candidate of routes) {\n    const params = matchRoute(candidate, method, path);\n    if (!params) {\n      continue;\n    }\n    context.params = params;\n    return candidate;\n  }\n\n  return null;\n};\n\nconst runPipeline = async (\n  context: ServerContext,\n  handlers: PipelineHandler[],\n  terminal: ServerNext\n): Promise<Response> => {\n  const dispatch = async (index: number): Promise<Response> => {\n    const current = handlers[index];\n    if (!current) {\n      return terminal();\n    }\n\n    let advanced = false;\n    return await current(context, async () => {\n      if (advanced) {\n        throw new Error(\n          'middleware next() called multiple times - if a middleware calls next(), it may only do so once'\n        );\n      }\n      advanced = true;\n      return await dispatch(index + 1);\n    });\n  };\n\n  return await dispatch(0);\n};\n\nconst runWebSocketPipeline = async (\n  context: ServerContext,\n  handlers: WebSocketPipelineHandler[],\n  terminal: ServerWebSocketNext\n): Promise<ServerResult> => {\n  const dispatch = async (index: number): Promise<ServerResult> => {\n    const current = handlers[index];\n    if (!current) {\n      return terminal();\n    }\n\n    let advanced = false;\n    return await current(context, async () => {\n      if (advanced) {\n        throw new Error(\n          'middleware next() called multiple times - if a middleware calls next(), it may only do so once'\n        );\n      }\n      advanced = true;\n      return await dispatch(index + 1);\n    });\n  };\n\n  return await dispatch(0);\n};\n\nconst adaptHttpMiddlewareToWebSocket = (middleware: ServerMiddleware): WebSocketPipelineHandler => {\n  return async (context, next) => {\n    let downstream: ServerResult = null;\n    let downstreamResponse: Response | null = null;\n    const middlewareResponse = await middleware(context, async () => {\n      downstream = await next();\n      if (downstream instanceof Response) {\n        downstreamResponse = downstream;\n        return downstream;\n      }\n      return createWebSocketPassthroughResponse();\n    });\n\n    if (downstreamResponse) {\n      return middlewareResponse;\n    }\n\n    if (\n      middlewareResponse instanceof Response &&\n      isWebSocketPassthroughResponse(middlewareResponse)\n    ) {\n      return downstream;\n    }\n\n    return middlewareResponse;\n  };\n};\n\nconst compileRoute = (route: ServerRoute): CompiledRoute => {\n  const compiledPath = compileRoutePath(route.path);\n  return {\n    handler: route.handler,\n    methods: normalizeMethods(route.method),\n    middlewares: route.middlewares ?? [],\n    paramNames: compiledPath.paramNames,\n    path: compiledPath.path,\n    pattern: compiledPath.pattern,\n  };\n};\n\n/**\n * Create a lightweight, Express-inspired request pipeline for SSR-aware\n * backends without introducing runtime dependencies.\n *\n * @example\n * ```ts\n * import { createServer } from '@bquery/bquery/server';\n *\n * const app = createServer();\n * app.get('/health', (ctx) => ctx.json({ ok: true }));\n *\n * const response = await app.handle('/health');\n * ```\n */\nexport const createServer = (options: CreateServerOptions = {}): ServerApp => {\n  const baseUrl = options.baseUrl ?? DEFAULT_BASE_URL;\n  const middlewares = [...(options.middlewares ?? [])];\n  const routes: CompiledRoute[] = [];\n  const webSocketRoutes: CompiledWebSocketRoute[] = [];\n\n  const notFound =\n    options.notFound ??\n    ((context: ServerContext) => {\n      return context.text('Not Found', { status: 404 });\n    });\n\n  const onError =\n    options.onError ??\n    ((error: unknown, context: ServerContext) => {\n      if (error instanceof Response) {\n        return error;\n      }\n      return context.text('Internal Server Error', { status: 500 });\n    });\n\n  const addRoute = (\n    method: string | string[] | undefined,\n    path: string,\n    handler: ServerHandler,\n    routeMiddlewares?: ServerMiddleware[]\n  ): ServerApp => {\n    routes.push(\n      compileRoute({\n        handler,\n        method,\n        middlewares: routeMiddlewares,\n        path,\n      })\n    );\n    return app;\n  };\n\n  const addWebSocketRoute = (\n    path: string,\n    handler: ServerWebSocketRouteHandler<unknown>,\n    routeMiddlewares?: ServerWebSocketMiddleware[]\n  ): ServerApp => {\n    const compiledPath = compileRoutePath(path);\n    webSocketRoutes.push({\n      handler,\n      methods: new Set(['GET']),\n      middlewares: routeMiddlewares ?? [],\n      paramNames: compiledPath.paramNames,\n      path: compiledPath.path,\n      pattern: compiledPath.pattern,\n    });\n    return app;\n  };\n\n  const app: ServerApp = {\n    use(middleware) {\n      middlewares.push(middleware);\n      return app;\n    },\n\n    add(route) {\n      routes.push(compileRoute(route));\n      return app;\n    },\n\n    get(path, handler, routeMiddlewares) {\n      return addRoute('GET', path, handler, routeMiddlewares);\n    },\n\n    post(path, handler, routeMiddlewares) {\n      return addRoute('POST', path, handler, routeMiddlewares);\n    },\n\n    put(path, handler, routeMiddlewares) {\n      return addRoute('PUT', path, handler, routeMiddlewares);\n    },\n\n    patch(path, handler, routeMiddlewares) {\n      return addRoute('PATCH', path, handler, routeMiddlewares);\n    },\n\n    delete(path, handler, routeMiddlewares) {\n      return addRoute('DELETE', path, handler, routeMiddlewares);\n    },\n\n    all(path, handler, routeMiddlewares) {\n      return addRoute(undefined, path, handler, routeMiddlewares);\n    },\n\n    ws(path, handler, routeMiddlewares) {\n      return addWebSocketRoute(\n        path,\n        handler as ServerWebSocketRouteHandler<unknown>,\n        routeMiddlewares\n      );\n    },\n\n    async handle(input) {\n      const request = normalizeRequest(input, baseUrl);\n      const url = new URL(request.url);\n      const method = request.method.toUpperCase();\n      const path = normalizePath(url.pathname || '/');\n      const query = parseQuery(url);\n\n      const context: ServerContext = {\n        request,\n        url,\n        method,\n        path,\n        params: createDictionary<string>(),\n        query,\n        state: {},\n        response,\n        text,\n        html,\n        json,\n        redirect,\n        render,\n        isWebSocketRequest: isWebSocketRequest(request),\n      };\n\n      try {\n        const route = resolveMatchingRoute(routes, method, path, context);\n\n        if (!route) {\n          return await notFound(context);\n        }\n\n        const stack: PipelineHandler[] = [\n          ...middlewares,\n          ...route.middlewares,\n          async (ctx) => await route.handler(ctx),\n        ];\n\n        const result = await runPipeline(context, stack, async () => {\n          return await notFound(context);\n        });\n        return result;\n      } catch (error) {\n        return await onError(error, context);\n      }\n    },\n\n    async handleWebSocket(input) {\n      const request = normalizeRequest(input, baseUrl);\n      const url = new URL(request.url);\n      const method = request.method.toUpperCase();\n      const path = normalizePath(url.pathname || '/');\n      const query = parseQuery(url);\n\n      const context: ServerContext = {\n        request,\n        url,\n        method,\n        path,\n        params: createDictionary<string>(),\n        query,\n        state: {},\n        response,\n        text,\n        html,\n        json,\n        redirect,\n        render,\n        isWebSocketRequest: isWebSocketRequest(request),\n      };\n\n      if (!context.isWebSocketRequest) {\n        return null;\n      }\n\n      try {\n        const route = resolveMatchingRoute(webSocketRoutes, method, path, context);\n        if (!route) {\n          return null;\n        }\n\n        const stack: WebSocketPipelineHandler[] = [\n          ...middlewares.map(adaptHttpMiddlewareToWebSocket),\n          ...route.middlewares,\n        ];\n        return await runWebSocketPipeline(context, stack, async () => {\n          const handlers =\n            typeof route.handler === 'function' ? await route.handler(context) : route.handler;\n          return createWebSocketSession(context, handlers as ServerWebSocketHandlerSet<unknown>);\n        });\n      } catch (error) {\n        return await onError(error, context);\n      }\n    },\n  };\n\n  return app;\n};\n"],"mappings":";;;AA8CA,IAAM,IAAmB,oBACnB,IAA6C;AAAA,EACjD,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,UAAU;AAAA,EACV,UAAU;AACZ,GACM,IAAsB,sBACtB,IAAa,MACb,IAA+B,kCAE/B,IAAA,CAAe,MAA0B,EAAM,QAAQ,uBAAuB,MAAM,GASpF,IAAA,MAA+C,uBAAO,OAAO,IAAI,GAEjE,IAAA,CAAiB,MAAyB;AAC9C,MAAI,CAAC,EACH,OAAM,IAAI,MAAM,mDAAmD,OAAO,CAAI,CAAA,EAAG;AAGnF,MAAI,MAAS,OAAO,MAAS,KAC3B,QAAO;AAGT,QAAM,IAAmB,EAAK,WAAW,GAAG,IAAI,IAAO,IAAI,CAAA;AAC3D,SAAI,EAAiB,SAAS,KAAK,EAAiB,SAAS,GAAG,IACvD,EAAiB,MAAM,GAAG,EAAE,IAG9B;AACT,GAEM,IAAA,CAAoB,MAAyE;AACjG,QAAM,IAAiB,EAAc,CAAI;AAEzC,MAAI,MAAmB,KACrB,QAAO;AAAA,IAAE,MAAM;AAAA,IAAgB,YAAY,CAAC;AAAA,IAAG,SAAS;AAAA,EAAS;AAGnE,QAAM,IAAW,EAAe,MAAM,GAAG,EAAE,OAAO,OAAO;AACzD,MAAI,EAAS,WAAW,EACtB,QAAO;AAAA,IAAE,MAAM;AAAA,IAAgB,YAAY,CAAC;AAAA,IAAG,SAAS;AAAA,EAAO;AAGjE,QAAM,IAAuB,CAAC;AAC9B,MAAI,IAAS;AAEb,aAAW,CAAC,GAAO,CAAA,KAAY,EAAS,QAAQ,GAAG;AAEjD,QADA,KAAU,KACN,MAAY,KAAK;AACnB,UAAI,MAAU,EAAS,SAAS,EAC9B,OAAM,IAAI,MAAM,yDAAyD,CAAA,GAAiB;AAE5F,MAAA,KAAU;AACV;AAAA,IACF;AAEA,QAAI,EAAQ,WAAW,GAAG,GAAG;AAC3B,YAAM,IAAY,EAAQ,MAAM,CAAC;AACjC,UAAI,CAAC,qBAAqB,KAAK,CAAS,EACtC,OAAM,IAAI,MACR,6BAA6B,CAAA,uEAC/B;AAEF,UAAI,EAAwB,CAAS,EACnC,OAAM,IAAI,MAAM,6BAA6B,CAAA,+BAAwC;AAEvF,MAAA,EAAW,KAAK,CAAS,GACzB,KAAU;AACV;AAAA,IACF;AAEA,IAAA,KAAU,EAAY,CAAO;AAAA,EAC/B;AAEA,SAAA,KAAU,OACH;AAAA,IAAE,MAAM;AAAA,IAAgB,YAAA;AAAA,IAAY,SAAS,IAAI,OAAO,CAAM;AAAA,EAAE;AACzE,GAEM,IAAA,CAAoB,MAAmD;AAC3E,MAAI,OAAO,IAAW,IACpB,QAAO;AAGT,QAAM,IAAS,MAAM,QAAQ,CAAM,IAAI,IAAS,CAAC,CAAM;AACvD,MAAI,EAAO,WAAW,EACpB,OAAM,IAAI,MAAM,uDAAuD;AAGzE,QAAM,IAAoB,IAAI,IAC5B,EAAO,IAAA,CAAK,MAAU,EAAM,KAAK,EAAE,YAAY,CAAC,EAAE,OAAO,OAAO,CAClE;AACA,MAAI,EAAkB,SAAS,EAC7B,OAAM,IAAI,MACR,4EAA4E,KAAK,UAAU,CAAM,CAAA,EACnG;AAGF,SAAO;AACT,GAEM,IAAA,CAAc,MAA0B;AAC5C,QAAM,IAAQ,EAAgD;AAE9D,aAAW,CAAC,GAAK,CAAA,KAAU,EAAI,aAAa,QAAQ,GAAG;AACrD,QAAI,EAAwB,CAAG,EAC7B;AAEF,UAAM,IAAU,EAAM,CAAA;AACtB,IAAI,OAAO,IAAY,MACrB,EAAM,CAAA,IAAO,IACJ,MAAM,QAAQ,CAAO,IAC9B,EAAQ,KAAK,CAAK,IAElB,EAAM,CAAA,IAAO,CAAC,GAAS,CAAK;AAAA,EAEhC;AAEA,SAAO;AACT,GAEM,IAAA,CAAgB,GAAqB,MAClC,aAAiB,MAAM,IAAI,IAAI,EAAM,SAAS,CAAC,IAAI,IAAI,IAAI,GAAO,CAAO,GAG5E,IAAA,CACJ,GACA,MACY;AACZ,MAAI,aAAiB,QACnB,QAAO;AAGT,MAAI,OAAO,KAAU,YAAY,aAAiB,IAChD,QAAO,IAAI,QAAQ,EAAa,GAAO,CAAO,EAAE,SAAS,CAAC;AAG5D,QAAM,EAAE,KAAA,GAAK,QAAA,IAAS,OAAO,SAAA,GAAS,MAAA,IAAO,KAAA,IAAS;AACtD,SAAO,IAAI,QAAQ,EAAa,GAAK,CAAO,EAAE,SAAS,GAAG;AAAA,IAAE,QAAA;AAAA,IAAQ,SAAA;AAAA,IAAS,MAAA;AAAA,EAAK,CAAC;AACrF,GAEM,IAAA,CAA+B,MAC/B,OAAO,IAAc,MAChB,CAAC,IAIH,CAAC,GAAG,IAAI,KADA,MAAM,QAAQ,CAAS,IAAI,IAAY,CAAC,CAAS,GACtC,IAAA,CAAK,MAAU,EAAM,KAAK,CAAC,EAAE,OAAO,OAAO,CAAC,CAAC,GAGnE,IAAA,CAAgC,MAAkC;AACtE,QAAM,IAAM,EAAM;AAClB,MAAI,OAAO,KAAQ,SACjB,KAAI;AACF,WAAO,KAAK,MAAM,CAAG;AAAA,EACvB,QAAQ;AAGN,WAAO;AAAA,EACT;AAGF,SAAO;AACT,GAEM,IAAA,CAAoB,MACxB,EAAM,QAAQ,GAAA,CAAsB,MAAU,EAAmB,CAAA,CAAM,GAEnE,IAAA,CAAiB,MAAmC,IAAI,QAAQ,CAAO,GAEvE,IAAA,CAAmB,GAAkB,OACpC,EAAQ,IAAI,cAAc,KAC7B,EAAQ,IAAI,gBAAgB,CAAW,GAElC,IAGH,IAAA,CAAY,GAAwB,IAA2B,CAAC,MAAgB;AACpF,QAAM,EAAE,SAAA,GAAS,GAAG,EAAA,IAAS;AAC7B,SAAO,IAAI,SAAS,GAAM;AAAA,IAAE,GAAG;AAAA,IAAM,SAAS,EAAc,CAAO;AAAA,EAAE,CAAC;AACxE,GAEM,IAAA,CAAQ,GAAc,IAA2B,CAAC,MAAgB;AACtE,QAAM,IAAU,EAAgB,EAAc,EAAK,OAAO,GAAG,2BAA2B;AACxF,SAAO,EAAS,GAAM;AAAA,IAAE,GAAG;AAAA,IAAM,SAAA;AAAA,EAAQ,CAAC;AAC5C,GAEM,IAAA,CAAQ,GAAc,IAA+B,CAAC,MAAgB;AAC1E,QAAM,EAAE,SAAA,IAAU,IAAO,GAAG,EAAA,IAAS,GAC/B,IAAU,EAAgB,EAAc,EAAK,OAAO,GAAG,0BAA0B;AACvF,SAAO,EAAS,IAAU,IAAO,EAAa,CAAI,GAAG;AAAA,IAAE,GAAG;AAAA,IAAM,SAAA;AAAA,EAAQ,CAAC;AAC3E,GAEM,IAAA,CAAQ,GAAe,IAA2B,CAAC,MAAgB;AACvE,QAAM,IAAU,EAAgB,EAAc,EAAK,OAAO,GAAG,iCAAiC;AAC9F,MAAI;AACJ,MAAI;AACF,IAAA,IAAa,KAAK,UAAU,CAAI,KAAK;AAAA,EACvC,QAAQ;AACN,IAAA,IAAa;AAAA,EACf;AACA,SAAO,EAAS,EAAiB,CAAU,GAAG;AAAA,IAAE,GAAG;AAAA,IAAM,SAAA;AAAA,EAAQ,CAAC;AACpE,GAEM,IAAA,CAAY,GAAwB,IAAS,QAE1C,EAAS,MAAM;AAAA,EAAE,SADR,EAAc,EAAE,UAAU,EAAS,SAAS,EAAE,CACtC;AAAA,EAAS,QAAA;AAAO,CAAC,GAGrC,IAAA,CACJ,GACA,GACA,IAAuC,CAAC,MAC3B;AACb,QAAM,EAAE,mBAAA,IAAoB,IAAO,QAAA,IAAS,KAAK,SAAA,GAAS,GAAG,EAAA,IAAkB,GACzE,IAAS,EAAe,GAAU,GAAM;AAAA,IAAE,GAAG;AAAA,IAAe,mBAAmB;AAAA,EAAM,CAAC,GACtF,IAAa,IACf,EAAoB,EAClB,UAAU,MAAM,QAAQ,CAAiB,IAAI,IAAoB,OACnE,CAAC,EAAE,YACH;AAEJ,SAAO,EAAK,GADI,EAAO,IAAA,GAAO,CAAA,IACZ;AAAA,IAAE,SAAA;AAAA,IAAS,QAAA;AAAA,IAAQ,SAAS;AAAA,EAAK,CAAC;AACtD,GAKa,IAAA,CAAsB,MAA8B;AAC/D,MAAI,EAAQ,OAAO,YAAY,MAAM,MACnC,QAAO;AAGT,QAAM,IAAU,EAAQ,QAAQ,IAAI,SAAS;AAC7C,MAAI,OAAO,KAAY,YAAY,EAAQ,KAAK,EAAE,YAAY,MAAM,YAClE,QAAO;AAGT,QAAM,IAAa,EAAQ,QAAQ,IAAI,YAAY;AAUnD,MATI,OAAO,KAAe,YAItB,CAAC,EAAW,MAAM,GAAG,EAAE,KAAA,CAAM,MAAS,EAAK,KAAK,EAAE,YAAY,MAAM,SAAS,KAIjE,EAAQ,QAAQ,IAAI,uBAChC,GAAS,KAAK,MAAM,KACtB,QAAO;AAGT,QAAM,IAAM,EAAQ,QAAQ,IAAI,mBAAmB,GAAG,KAAK;AAC3D,SAAO,OAAO,KAAQ,YAAY,wBAAwB,KAAK,CAAG;AACpE,GAKa,KAAA,CAA4B,MAAoD;AAC3F,MAAI,OAAO,KAAU,YAAY,MAAU,QAAQ,aAAiB,SAClE,QAAO;AAGT,QAAM,IAAY;AAClB,SACE,OAAO,EAAU,QAAS,cAC1B,OAAO,EAAU,WAAY,cAC7B,OAAO,EAAU,SAAU,cAC3B,OAAO,EAAU,SAAU;AAE/B,GAEM,IAAA,MAAyC;AAC7C,QAAM,IAAQ,oBAAI,QAA2C;AAE7D,SAAA,CAAQ,MAA2D;AACjE,UAAM,IAAW,EAAM,IAAI,CAAM;AACjC,QAAI,EACF,QAAO;AAGT,UAAM,IAAwC;AAAA,MAC5C,IAAI,WAAW;AACb,eAAO,EAAO;AAAA,MAChB;AAAA,MACA,IAAI,aAAa;AACf,eAAO,EAAO;AAAA,MAChB;AAAA,MACA,IAAI,MAAM;AACR,eAAO,EAAO;AAAA,MAChB;AAAA,MACA,KAAK,GAAM;AACT,QAAA,EAAO,KAAK,CAAI;AAAA,MAClB;AAAA,MACA,SAAS,GAAM;AACb,cAAM,IAAU,KAAK,UAAU,CAAI;AACnC,YAAI,OAAO,KAAY,SACrB,OAAM,IAAI,UAAU,qDAAqD;AAE3E,QAAA,EAAO,KAAK,CAAO;AAAA,MACrB;AAAA,MACA,MAAM,GAAM,GAAQ;AAClB,QAAA,EAAO,MAAM,GAAM,CAAM;AAAA,MAC3B;AAAA,IACF;AAEA,WAAA,EAAM,IAAI,GAAQ,CAAU,GACrB;AAAA,EACT;AACF,GAEM,IAAA,CACJ,GACA,MAC2B;AAC3B,QAAM,IAAe,EAAiC,GAChD,IAAc,EAAS,eAAe;AAE5C,SAAO;AAAA,IACL,SAAA;AAAA,IACA,WAAW,EAA4B,EAAS,SAAS;AAAA,IACzD,SAAS,EAAS;AAAA,IAClB,MAAM,KAAK,GAAQ;AACjB,MAAI,EAAS,UACX,MAAM,EAAS,OAAO,EAAa,CAAM,GAAG,CAAO;AAAA,IAEvD;AAAA,IACA,MAAM,QAAQ,GAAQ,GAAO;AAC3B,MAAI,EAAS,aACX,MAAM,EAAS,UAAU,EAAY,CAAK,GAAG,EAAa,CAAM,GAAG,GAAS,CAAK;AAAA,IAErF;AAAA,IACA,MAAM,MAAM,GAAQ,GAAO;AACzB,MAAI,EAAS,WACX,MAAM,EAAS,QAAQ,GAAO,EAAa,CAAM,GAAG,CAAO;AAAA,IAE/D;AAAA,IACA,MAAM,MAAM,GAAQ,GAAO;AACzB,MAAI,EAAS,WACX,MAAM,EAAS,QAAQ,GAAO,EAAa,CAAM,GAAG,CAAO;AAAA,IAE/D;AAAA,EACF;AACF,GAEM,IAAA,MAIG,EAAS,MAAM;AAAA,EAAE,SAHR,EAAc,EAAA,CAC3B,CAAA,GAA+B,IAClC,CACwB;AAAA,EAAS,QAAQ;AAAI,CAAC,GAG1C,IAAA,CAAkC,MAC/B,EAAM,QAAQ,IAAI,CAA4B,MAAM,KAGvD,KAAA,CACJ,GACA,GACA,MACkC;AAClC,MAAI,EAAM,WAAW,CAAC,EAAM,QAAQ,IAAI,CAAM,EAC5C,QAAO;AAGT,QAAM,IAAQ,EAAM,QAAQ,KAAK,CAAI;AACrC,MAAI,CAAC,EACH,QAAO;AAGT,QAAM,IAAS,EAAyB;AACxC,aAAW,CAAC,GAAO,CAAA,KAAc,EAAM,WAAW,QAAQ,EACxD,KAAI;AACF,IAAA,EAAO,CAAA,IAAa,mBAAmB,EAAM,IAAQ,CAAA,KAAM,EAAE;AAAA,EAC/D,SAAS,GAAO;AACd,QAAI,aAAiB,SACnB,QAAO;AAET,UAAM;AAAA,EACR;AAGF,SAAO;AACT,GAEM,IAAA,CACJ,GACA,GACA,GACA,MACkB;AAClB,aAAW,KAAa,GAAQ;AAC9B,UAAM,IAAS,GAAW,GAAW,GAAQ,CAAI;AACjD,QAAK;AAGL,aAAA,EAAQ,SAAS,GACV;AAAA,EACT;AAEA,SAAO;AACT,GAEM,KAAc,OAClB,GACA,GACA,MACsB;AACtB,QAAM,IAAW,OAAO,MAAqC;AAC3D,UAAM,IAAU,EAAS,CAAA;AACzB,QAAI,CAAC,EACH,QAAO,EAAS;AAGlB,QAAI,IAAW;AACf,WAAO,MAAM,EAAQ,GAAS,YAAY;AACxC,UAAI,EACF,OAAM,IAAI,MACR,gGACF;AAEF,aAAA,IAAW,IACJ,MAAM,EAAS,IAAQ,CAAC;AAAA,IACjC,CAAC;AAAA,EACH;AAEA,SAAO,MAAM,EAAS,CAAC;AACzB,GAEM,KAAuB,OAC3B,GACA,GACA,MAC0B;AAC1B,QAAM,IAAW,OAAO,MAAyC;AAC/D,UAAM,IAAU,EAAS,CAAA;AACzB,QAAI,CAAC,EACH,QAAO,EAAS;AAGlB,QAAI,IAAW;AACf,WAAO,MAAM,EAAQ,GAAS,YAAY;AACxC,UAAI,EACF,OAAM,IAAI,MACR,gGACF;AAEF,aAAA,IAAW,IACJ,MAAM,EAAS,IAAQ,CAAC;AAAA,IACjC,CAAC;AAAA,EACH;AAEA,SAAO,MAAM,EAAS,CAAC;AACzB,GAEM,KAAA,CAAkC,MAC/B,OAAO,GAAS,MAAS;AAC9B,MAAI,IAA2B,MAC3B,IAAsC;AAC1C,QAAM,IAAqB,MAAM,EAAW,GAAS,aACnD,IAAa,MAAM,EAAK,GACpB,aAAsB,YACxB,IAAqB,GACd,KAEF,EAAmC,EAC3C;AAED,SAAI,IACK,IAIP,aAA8B,YAC9B,EAA+B,CAAkB,IAE1C,IAGF;AACT,GAGI,IAAA,CAAgB,MAAsC;AAC1D,QAAM,IAAe,EAAiB,EAAM,IAAI;AAChD,SAAO;AAAA,IACL,SAAS,EAAM;AAAA,IACf,SAAS,EAAiB,EAAM,MAAM;AAAA,IACtC,aAAa,EAAM,eAAe,CAAC;AAAA,IACnC,YAAY,EAAa;AAAA,IACzB,MAAM,EAAa;AAAA,IACnB,SAAS,EAAa;AAAA,EACxB;AACF,GAgBa,KAAA,CAAgB,IAA+B,CAAC,MAAiB;AAC5E,QAAM,IAAU,EAAQ,WAAW,GAC7B,IAAc,CAAC,GAAI,EAAQ,eAAe,CAAC,CAAE,GAC7C,IAA0B,CAAC,GAC3B,IAA4C,CAAC,GAE7C,IACJ,EAAQ,aAAA,CACN,MACO,EAAQ,KAAK,aAAa,EAAE,QAAQ,IAAI,CAAC,IAG9C,IACJ,EAAQ,YAAA,CACN,GAAgB,MACZ,aAAiB,WACZ,IAEF,EAAQ,KAAK,yBAAyB,EAAE,QAAQ,IAAI,CAAC,IAG1D,IAAA,CACJ,GACA,GACA,GACA,OAEA,EAAO,KACL,EAAa;AAAA,IACX,SAAA;AAAA,IACA,QAAA;AAAA,IACA,aAAa;AAAA,IACb,MAAA;AAAA,EACF,CAAC,CACH,GACO,IAGH,IAAA,CACJ,GACA,GACA,MACc;AACd,UAAM,IAAe,EAAiB,CAAI;AAC1C,WAAA,EAAgB,KAAK;AAAA,MACnB,SAAA;AAAA,MACA,SAAS,oBAAI,IAAI,CAAC,KAAK,CAAC;AAAA,MACxB,aAAa,KAAoB,CAAC;AAAA,MAClC,YAAY,EAAa;AAAA,MACzB,MAAM,EAAa;AAAA,MACnB,SAAS,EAAa;AAAA,IACxB,CAAC,GACM;AAAA,EACT,GAEM,IAAiB;AAAA,IACrB,IAAI,GAAY;AACd,aAAA,EAAY,KAAK,CAAU,GACpB;AAAA,IACT;AAAA,IAEA,IAAI,GAAO;AACT,aAAA,EAAO,KAAK,EAAa,CAAK,CAAC,GACxB;AAAA,IACT;AAAA,IAEA,IAAI,GAAM,GAAS,GAAkB;AACnC,aAAO,EAAS,OAAO,GAAM,GAAS,CAAgB;AAAA,IACxD;AAAA,IAEA,KAAK,GAAM,GAAS,GAAkB;AACpC,aAAO,EAAS,QAAQ,GAAM,GAAS,CAAgB;AAAA,IACzD;AAAA,IAEA,IAAI,GAAM,GAAS,GAAkB;AACnC,aAAO,EAAS,OAAO,GAAM,GAAS,CAAgB;AAAA,IACxD;AAAA,IAEA,MAAM,GAAM,GAAS,GAAkB;AACrC,aAAO,EAAS,SAAS,GAAM,GAAS,CAAgB;AAAA,IAC1D;AAAA,IAEA,OAAO,GAAM,GAAS,GAAkB;AACtC,aAAO,EAAS,UAAU,GAAM,GAAS,CAAgB;AAAA,IAC3D;AAAA,IAEA,IAAI,GAAM,GAAS,GAAkB;AACnC,aAAO,EAAS,QAAW,GAAM,GAAS,CAAgB;AAAA,IAC5D;AAAA,IAEA,GAAG,GAAM,GAAS,GAAkB;AAClC,aAAO,EACL,GACA,GACA,CACF;AAAA,IACF;AAAA,IAEA,MAAM,OAAO,GAAO;AAClB,YAAM,IAAU,EAAiB,GAAO,CAAO,GACzC,IAAM,IAAI,IAAI,EAAQ,GAAG,GACzB,IAAS,EAAQ,OAAO,YAAY,GACpC,IAAO,EAAc,EAAI,YAAY,GAAG,GACxC,IAAQ,EAAW,CAAG,GAEtB,IAAyB;AAAA,QAC7B,SAAA;AAAA,QACA,KAAA;AAAA,QACA,QAAA;AAAA,QACA,MAAA;AAAA,QACA,QAAQ,EAAyB;AAAA,QACjC,OAAA;AAAA,QACA,OAAO,CAAC;AAAA,QACR,UAAA;AAAA,QACA,MAAA;AAAA,QACA,MAAA;AAAA,QACA,MAAA;AAAA,QACA,UAAA;AAAA,QACA,QAAA;AAAA,QACA,oBAAoB,EAAmB,CAAO;AAAA,MAChD;AAEA,UAAI;AACF,cAAM,IAAQ,EAAqB,GAAQ,GAAQ,GAAM,CAAO;AAEhE,eAAK,IAaE,MAHc,GAAY,GAAS;AAAA,UALxC,GAAG;AAAA,UACH,GAAG,EAAM;AAAA,UACT,OAAO,MAAQ,MAAM,EAAM,QAAQ,CAAG;AAAA,QAGE,GAAO,YACxC,MAAM,EAAS,CAAO,CAC9B,IAXQ,MAAM,EAAS,CAAO;AAAA,MAajC,SAAS,GAAO;AACd,eAAO,MAAM,EAAQ,GAAO,CAAO;AAAA,MACrC;AAAA,IACF;AAAA,IAEA,MAAM,gBAAgB,GAAO;AAC3B,YAAM,IAAU,EAAiB,GAAO,CAAO,GACzC,IAAM,IAAI,IAAI,EAAQ,GAAG,GACzB,IAAS,EAAQ,OAAO,YAAY,GACpC,IAAO,EAAc,EAAI,YAAY,GAAG,GACxC,IAAQ,EAAW,CAAG,GAEtB,IAAyB;AAAA,QAC7B,SAAA;AAAA,QACA,KAAA;AAAA,QACA,QAAA;AAAA,QACA,MAAA;AAAA,QACA,QAAQ,EAAyB;AAAA,QACjC,OAAA;AAAA,QACA,OAAO,CAAC;AAAA,QACR,UAAA;AAAA,QACA,MAAA;AAAA,QACA,MAAA;AAAA,QACA,MAAA;AAAA,QACA,UAAA;AAAA,QACA,QAAA;AAAA,QACA,oBAAoB,EAAmB,CAAO;AAAA,MAChD;AAEA,UAAI,CAAC,EAAQ,mBACX,QAAO;AAGT,UAAI;AACF,cAAM,IAAQ,EAAqB,GAAiB,GAAQ,GAAM,CAAO;AACzE,eAAK,IAQE,MAAM,GAAqB,GAAS,CAHzC,GAAG,EAAY,IAAI,EAA8B,GACjD,GAAG,EAAM,WAEgC,GAAO,YAGzC,EAAuB,GAD5B,OAAO,EAAM,WAAY,aAAa,MAAM,EAAM,QAAQ,CAAO,IAAI,EAAM,OACQ,CACtF,IAXQ;AAAA,MAYX,SAAS,GAAO;AACd,eAAO,MAAM,EAAQ,GAAO,CAAO;AAAA,MACrC;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT"}

package/dist/server.es.mjs

@@ -1,4 +1,4 @@
-import { n as r, r as s, t } from "./server-QdyKtCS1.js";
+import { n as r, r as s, t } from "./server-Dwiq_F49.js";
 export {
   t as createServer,
   r as isServerWebSocketSession,

package/dist/ssr/context.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"context.d.ts","sourceRoot":"","sources":["../../src/ssr/context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAIH,OAAO,EAAyC,KAAK,YAAY,EAAE,KAAK,WAAW,EAAE,MAAM,QAAQ,CAAC;AAEpG,wCAAwC;AACxC,MAAM,WAAW,uBAAuB;IACtC,yEAAyE;IACzE,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,6EAA6E;IAC7E,GAAG,CAAC,EAAE,MAAM,GAAG,GAAG,CAAC;IACnB,sCAAsC;IACtC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,0EAA0E;IAC1E,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,4EAA4E;IAC5E,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,0GAA0G;IAC1G,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,6EAA6E;IAC7E,IAAI,CAAC,EAAE,QAAQ,GAAG,QAAQ,CAAC;IAC3B,+DAA+D;IAC/D,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,IAAI,CAAC;CACpC;AAED,gCAAgC;AAChC,MAAM,WAAW,UAAU;IACzB,+EAA+E;IAC/E,OAAO,EAAE,OAAO,CAAC;IACjB,iCAAiC;IACjC,GAAG,EAAE,GAAG,CAAC;IACT,+CAA+C;IAC/C,OAAO,EAAE,OAAO,CAAC;IACjB,gDAAgD;IAChD,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,qCAAqC;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,wDAAwD;IACxD,MAAM,EAAE,MAAM,CAAC;IACf,0DAA0D;IAC1D,MAAM,EAAE,WAAW,CAAC;IACpB,0DAA0D;IAC1D,KAAK,EAAE,MAAM,CAAC;IACd,wBAAwB;IACxB,IAAI,EAAE,QAAQ,GAAG,QAAQ,CAAC;IAC1B,oFAAoF;IACpF,IAAI,EAAE,WAAW,CAAC;IAClB,qEAAqE;IACrE,MAAM,EAAE,YAAY,CAAC;IACrB,yEAAyE;IACzE,MAAM,EAAE,MAAM,CAAC;IACf,gEAAgE;IAChE,eAAe,EAAE,OAAO,CAAC;IACzB,iCAAiC;IACjC,WAAW,CAAC,KAAK,EAAE,OAAO,GAAG,IAAI,CAAC;CACnC;AAoHD;;;;;;;;GAQG;AACH,eAAO,MAAM,gBAAgB,GAAI,UAAS,uBAA4B,KAAG,UAqDxE,CAAC"}
+{"version":3,"file":"context.d.ts","sourceRoot":"","sources":["../../src/ssr/context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAIH,OAAO,EAAyC,KAAK,YAAY,EAAE,KAAK,WAAW,EAAE,MAAM,QAAQ,CAAC;AAEpG,wCAAwC;AACxC,MAAM,WAAW,uBAAuB;IACtC,yEAAyE;IACzE,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,6EAA6E;IAC7E,GAAG,CAAC,EAAE,MAAM,GAAG,GAAG,CAAC;IACnB,sCAAsC;IACtC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,0EAA0E;IAC1E,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,4EAA4E;IAC5E,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,0GAA0G;IAC1G,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,6EAA6E;IAC7E,IAAI,CAAC,EAAE,QAAQ,GAAG,QAAQ,CAAC;IAC3B,+DAA+D;IAC/D,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,IAAI,CAAC;CACpC;AAED,gCAAgC;AAChC,MAAM,WAAW,UAAU;IACzB,+EAA+E;IAC/E,OAAO,EAAE,OAAO,CAAC;IACjB,iCAAiC;IACjC,GAAG,EAAE,GAAG,CAAC;IACT,+CAA+C;IAC/C,OAAO,EAAE,OAAO,CAAC;IACjB,gDAAgD;IAChD,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,qCAAqC;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,wDAAwD;IACxD,MAAM,EAAE,MAAM,CAAC;IACf,0DAA0D;IAC1D,MAAM,EAAE,WAAW,CAAC;IACpB,0DAA0D;IAC1D,KAAK,EAAE,MAAM,CAAC;IACd,wBAAwB;IACxB,IAAI,EAAE,QAAQ,GAAG,QAAQ,CAAC;IAC1B,oFAAoF;IACpF,IAAI,EAAE,WAAW,CAAC;IAClB,qEAAqE;IACrE,MAAM,EAAE,YAAY,CAAC;IACrB,yEAAyE;IACzE,MAAM,EAAE,MAAM,CAAC;IACf,gEAAgE;IAChE,eAAe,EAAE,OAAO,CAAC;IACzB,iCAAiC;IACjC,WAAW,CAAC,KAAK,EAAE,OAAO,GAAG,IAAI,CAAC;CACnC;AAsHD;;;;;;;;GAQG;AACH,eAAO,MAAM,gBAAgB,GAAI,UAAS,uBAA4B,KAAG,UAuDxE,CAAC"}

package/dist/ssr/renderer.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"renderer.d.ts","sourceRoot":"","sources":["../../src/ssr/renderer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAUH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAuKpD,eAAO,MAAM,kBAAkB,GAAI,KAAK,MAAM,KAAG,MA6DhD,CAAC;AAmLF;;;;GAIG;AACH,eAAO,MAAM,kBAAkB,GAC7B,UAAU,MAAM,EAChB,MAAM,cAAc,EACpB,UAAS;IAAE,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,eAAe,CAAC,EAAE,OAAO,CAAC;IAAC,iBAAiB,CAAC,EAAE,OAAO,CAAA;CAAO,KACxF,MAeF,CAAC"}
+{"version":3,"file":"renderer.d.ts","sourceRoot":"","sources":["../../src/ssr/renderer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAUH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAwKpD,eAAO,MAAM,kBAAkB,GAAI,KAAK,MAAM,KAAG,MA+DhD,CAAC;AAmLF;;;;GAIG;AACH,eAAO,MAAM,kBAAkB,GAC7B,UAAU,MAAM,EAChB,MAAM,cAAc,EACpB,UAAS;IAAE,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,eAAe,CAAC,EAAE,OAAO,CAAC;IAAC,iBAAiB,CAAC,EAAE,OAAO,CAAA;CAAO,KACxF,MAeF,CAAC"}

package/dist/ssr/suspense.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"suspense.d.ts","sourceRoot":"","sources":["../../src/ssr/suspense.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAGH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAKpD,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AA6GzD;;;;;;GAMG;AACH,MAAM,WAAW,qBACf,SAAQ,IAAI,CAAC,kBAAkB,EAAE,SAAS,GAAG,QAAQ,GAAG,iBAAiB,GAAG,mBAAmB,CAAC;IAChG;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;;OAIG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AA2OD;;;;;;;;GAQG;AACH,eAAO,MAAM,sBAAsB,GACjC,UAAU,MAAM,EAChB,MAAM,cAAc,EACpB,UAAS,qBAA0B,KAClC,cAAc,CAAC,UAAU,CAyG3B,CAAC"}
+{"version":3,"file":"suspense.d.ts","sourceRoot":"","sources":["../../src/ssr/suspense.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAGH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAKpD,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AA6GzD;;;;;;GAMG;AACH,MAAM,WAAW,qBAAsB,SAAQ,IAAI,CACjD,kBAAkB,EAClB,SAAS,GAAG,QAAQ,GAAG,iBAAiB,GAAG,mBAAmB,CAC/D;IACC;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;;OAIG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAgPD;;;;;;;;GAQG;AACH,eAAO,MAAM,sBAAsB,GACjC,UAAU,MAAM,EAChB,MAAM,cAAc,EACpB,UAAS,qBAA0B,KAClC,cAAc,CAAC,UAAU,CA2G3B,CAAC"}

package/dist/{ssr-Bt6BQA3J.js → ssr-CqJU1Ogp.js}

@@ -1,10 +1,10 @@
 import { _ as Ke, g as Xe, h as et, m as xe, p as tt, s as rt, v as nt } from "./sanitize-DOMkRO9G.js";
 import { i as g } from "./object-BCk-1c8T.js";
-import { c as U, l as D } from "./reactive-BAd2hfl8.js";
+import { c as U, s as D } from "./reactive-BvPR_FYA.js";
 import { t as it } from "./env-PvwYHnJq.js";
 import { n as ot, o as st } from "./match-CrZRVC4z.js";
 import { i as _e, n as Z } from "./registry-jpUQHf4E.js";
-import { n as at } from "./mount-0A9qtcRJ.js";
+import { n as at } from "./mount-DwUFujZ_.js";
 var ct = (e, t, r = {}) => {
   const { hydrate: n = !0, ...i } = r;
   if (!n) throw new Error("bQuery ssr: hydrateMount() requires { hydrate: true } when options are provided.");
@@ -31,7 +31,7 @@ var ct = (e, t, r = {}) => {
   for (const n of Array.from(e.attributes))
     n.name !== "data-bq-h" && (n.name.startsWith(`${t}-`) || n.name.startsWith(":")) && r.push(`${n.name}=${n.value}`);
   return r.join("|");
-}, dt = (e) => D(e) || U(e) ? e.value : e, pt = [
+}, dt = (e) => U(e) || D(e) ? e.value : e, pt = [
   "===",
   "!==",
   "==",
@@ -943,7 +943,7 @@ var ct = (e, t, r = {}) => {
   let i = "";
   for (const o of t.childNodes) i += qe(o);
   return `<${r}${n}>${i}</${r}>`;
-}, $e = (e) => D(e) || U(e) ? e.value : e, O = (e, t) => {
+}, $e = (e) => U(e) || D(e) ? e.value : e, O = (e, t) => {
   const r = e.trim();
   if (r.startsWith("!")) return !O(r.slice(1).trim(), t);
   if (r.startsWith("'") && r.endsWith("'") || r.startsWith('"') && r.endsWith('"')) return r.slice(1, -1);
@@ -1133,7 +1133,7 @@ var ct = (e, t, r = {}) => {
   const r = /* @__PURE__ */ Object.create(null), n = Object.entries(e);
   await Promise.all(n.map(async ([i, o]) => {
     if (!g(i)) {
-      if (D(o) || U(o)) {
+      if (U(o) || D(o)) {
         r[i] = o;
         return;
       }
@@ -1164,7 +1164,7 @@ var ct = (e, t, r = {}) => {
       r[i] = o;
     }
   }));
-  for (const [i, o] of Object.entries(e)) !g(i) && !Object.prototype.hasOwnProperty.call(r, i) && (D(o) || U(o)) && (r[i] = o);
+  for (const [i, o] of Object.entries(e)) !g(i) && !Object.prototype.hasOwnProperty.call(r, i) && (U(o) || D(o)) && (r[i] = o);
   return r;
 }, b = (e) => e.replace(/&/g, "&amp;").replace(/"/g, "&quot;").replace(/</g, "&lt;").replace(/>/g, "&gt;"), nr = (e) => e.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;"), ir = (e) => e.replace(/<\/(script)/gi, "<\\/$1").replace(/<!--/g, "<\\!--").replace(/\u2028/g, "\\u2028").replace(/\u2029/g, "\\u2029"), or = () => {
   const e = {
@@ -1590,7 +1590,7 @@ var ct = (e, t, r = {}) => {
     }
   }
   return o;
-}, br = (e) => typeof e == "object" && e !== null && e[j] === !0, wr = (e) => D(e) || U(e), Sr = /^[A-Za-z][\w-]*$/, Er = /^[a-z][a-z0-9]*(?:-[a-z0-9]+)+$/, Re = (e, t) => typeof e != "string" || !Sr.test(e) ? t : e, $r = (e, t) => typeof e != "string" || !Er.test(e) ? t : e, kr = (e) => {
+}, br = (e) => typeof e == "object" && e !== null && e[j] === !0, wr = (e) => U(e) || D(e), Sr = /^[A-Za-z][\w-]*$/, Er = /^[a-z][a-z0-9]*(?:-[a-z0-9]+)+$/, Re = (e, t) => typeof e != "string" || !Sr.test(e) ? t : e, $r = (e, t) => typeof e != "string" || !Er.test(e) ? t : e, kr = (e) => {
   const t = e.replace(/-s$/, "-r");
   return t === e && e.endsWith("-r") ? `${e}-template` : t === e ? `${e}-r` : t;
 }, Ar = (e, t) => {
@@ -2124,4 +2124,4 @@ export {
   nn as z
 };
 
-//# sourceMappingURL=ssr-Bt6BQA3J.js.map
+//# sourceMappingURL=ssr-CqJU1Ogp.js.map