npm - @cosmicdrift/kumiko-bundled-features - Versions diffs - 0.1.0 - Mend

@cosmicdrift/kumiko-bundled-features 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (333) hide show

package/package.json +90 -0
package/src/audit/__tests__/audit.integration.ts +328 -0
package/src/audit/constants.ts +7 -0
package/src/audit/feature.ts +23 -0
package/src/audit/handlers/list.query.ts +98 -0
package/src/audit/index.ts +2 -0
package/src/auth-email-password/__tests__/account-lockout-no-redis.integration.ts +149 -0
package/src/auth-email-password/__tests__/account-lockout.integration.ts +308 -0
package/src/auth-email-password/__tests__/auth-claims.integration.ts +512 -0
package/src/auth-email-password/__tests__/auth.integration.ts +610 -0
package/src/auth-email-password/__tests__/confirm-token-flow.test.ts +67 -0
package/src/auth-email-password/__tests__/email-templates.test.ts +106 -0
package/src/auth-email-password/__tests__/email-verification.integration.ts +327 -0
package/src/auth-email-password/__tests__/identity-v3-hash.test.ts +174 -0
package/src/auth-email-password/__tests__/identity-v3-login.integration.ts +150 -0
package/src/auth-email-password/__tests__/invite-flow.integration.ts +458 -0
package/src/auth-email-password/__tests__/multi-roles.integration.ts +256 -0
package/src/auth-email-password/__tests__/password-reset.integration.ts +346 -0
package/src/auth-email-password/__tests__/public-routes-rate-limit.integration.ts +144 -0
package/src/auth-email-password/__tests__/seed-admin.integration.ts +176 -0
package/src/auth-email-password/__tests__/session-callbacks.integration.ts +310 -0
package/src/auth-email-password/__tests__/session-strict-mode.integration.ts +101 -0
package/src/auth-email-password/__tests__/signed-token.test.ts +78 -0
package/src/auth-email-password/__tests__/signup-flow.integration.ts +259 -0
package/src/auth-email-password/auth-user-row.ts +41 -0
package/src/auth-email-password/constants.ts +101 -0
package/src/auth-email-password/email-templates.ts +283 -0
package/src/auth-email-password/feature.ts +140 -0
package/src/auth-email-password/handlers/change-password.write.ts +58 -0
package/src/auth-email-password/handlers/confirm-token-flow.ts +191 -0
package/src/auth-email-password/handlers/invite-accept-with-login.write.ts +203 -0
package/src/auth-email-password/handlers/invite-accept.write.ts +189 -0
package/src/auth-email-password/handlers/invite-create.write.ts +145 -0
package/src/auth-email-password/handlers/invite-signup-complete.write.ts +192 -0
package/src/auth-email-password/handlers/login.write.ts +208 -0
package/src/auth-email-password/handlers/logout.write.ts +12 -0
package/src/auth-email-password/handlers/request-email-verification.write.ts +29 -0
package/src/auth-email-password/handlers/request-password-reset.write.ts +31 -0
package/src/auth-email-password/handlers/reset-password.write.ts +61 -0
package/src/auth-email-password/handlers/signup-confirm.write.ts +170 -0
package/src/auth-email-password/handlers/signup-request.write.ts +104 -0
package/src/auth-email-password/handlers/token-request-handler.ts +114 -0
package/src/auth-email-password/handlers/verify-email.write.ts +62 -0
package/src/auth-email-password/i18n.ts +211 -0
package/src/auth-email-password/identity-v3-hash.ts +97 -0
package/src/auth-email-password/index.ts +35 -0
package/src/auth-email-password/invite-token-store.ts +92 -0
package/src/auth-email-password/lockout-store.ts +118 -0
package/src/auth-email-password/password-hashing.ts +43 -0
package/src/auth-email-password/reset-token.ts +28 -0
package/src/auth-email-password/seeding.ts +183 -0
package/src/auth-email-password/signed-token.ts +85 -0
package/src/auth-email-password/signup-token-store.ts +104 -0
package/src/auth-email-password/stream-tenant.ts +31 -0
package/src/auth-email-password/testing.ts +5 -0
package/src/auth-email-password/token-burn-store.ts +57 -0
package/src/auth-email-password/verification-token.ts +27 -0
package/src/auth-email-password/web/__tests__/auth-gate.test.tsx +51 -0
package/src/auth-email-password/web/__tests__/forgot-password-screen.test.tsx +80 -0
package/src/auth-email-password/web/__tests__/login-screen.test.tsx +94 -0
package/src/auth-email-password/web/__tests__/reset-password-screen.test.tsx +108 -0
package/src/auth-email-password/web/__tests__/session-roles.test.ts +54 -0
package/src/auth-email-password/web/__tests__/tenant-switcher.test.tsx +100 -0
package/src/auth-email-password/web/__tests__/test-utils.tsx +73 -0
package/src/auth-email-password/web/__tests__/user-menu.test.tsx +55 -0
package/src/auth-email-password/web/__tests__/verify-email-screen.test.tsx +59 -0
package/src/auth-email-password/web/auth-client.ts +350 -0
package/src/auth-email-password/web/auth-form-primitives.tsx +70 -0
package/src/auth-email-password/web/auth-gate.tsx +33 -0
package/src/auth-email-password/web/client-plugin.ts +48 -0
package/src/auth-email-password/web/default-topbar-actions.tsx +47 -0
package/src/auth-email-password/web/forgot-password-screen.tsx +110 -0
package/src/auth-email-password/web/index.ts +56 -0
package/src/auth-email-password/web/invite-accept-screen.tsx +220 -0
package/src/auth-email-password/web/login-screen.tsx +150 -0
package/src/auth-email-password/web/reset-password-screen.tsx +152 -0
package/src/auth-email-password/web/session.tsx +171 -0
package/src/auth-email-password/web/signup-complete-screen.tsx +150 -0
package/src/auth-email-password/web/signup-screen.tsx +130 -0
package/src/auth-email-password/web/tenant-switcher.tsx +116 -0
package/src/auth-email-password/web/use-shell-user.ts +34 -0
package/src/auth-email-password/web/user-menu.tsx +89 -0
package/src/auth-email-password/web/verify-email-screen.tsx +102 -0
package/src/billing-foundation/__tests__/billing-foundation.integration.ts +568 -0
package/src/billing-foundation/__tests__/feature.test.ts +110 -0
package/src/billing-foundation/__tests__/webhook-handler.test.ts +199 -0
package/src/billing-foundation/aggregate-id.ts +21 -0
package/src/billing-foundation/constants.ts +70 -0
package/src/billing-foundation/entities.ts +50 -0
package/src/billing-foundation/events.ts +71 -0
package/src/billing-foundation/feature.ts +122 -0
package/src/billing-foundation/get-subscription-for-tenant.ts +39 -0
package/src/billing-foundation/handlers/create-checkout-session.write.ts +79 -0
package/src/billing-foundation/handlers/create-portal-session.write.ts +73 -0
package/src/billing-foundation/handlers/list-subscriptions.query.ts +20 -0
package/src/billing-foundation/handlers/process-event.write.ts +160 -0
package/src/billing-foundation/index.ts +42 -0
package/src/billing-foundation/projection.ts +135 -0
package/src/billing-foundation/types.ts +157 -0
package/src/billing-foundation/webhook-handler.ts +184 -0
package/src/cap-counter/__tests__/cap-counter.integration.ts +566 -0
package/src/cap-counter/__tests__/enforce-cap.test.ts +422 -0
package/src/cap-counter/__tests__/with-cap-enforcement.integration.ts +265 -0
package/src/cap-counter/aggregate-id.ts +61 -0
package/src/cap-counter/constants.ts +32 -0
package/src/cap-counter/enforce-cap.ts +404 -0
package/src/cap-counter/entity.ts +48 -0
package/src/cap-counter/feature.ts +90 -0
package/src/cap-counter/handlers/get-counter.query.ts +43 -0
package/src/cap-counter/handlers/increment-rolling.write.ts +79 -0
package/src/cap-counter/handlers/increment.write.ts +92 -0
package/src/cap-counter/handlers/mark-soft-warned.write.ts +57 -0
package/src/cap-counter/index.ts +34 -0
package/src/cap-counter/with-cap-enforcement.ts +179 -0
package/src/channel-email/email-channel.ts +48 -0
package/src/channel-email/feature.ts +15 -0
package/src/channel-email/index.ts +4 -0
package/src/channel-email/smtp-transport.ts +65 -0
package/src/channel-email/types.ts +34 -0
package/src/channel-in-app/constants.ts +11 -0
package/src/channel-in-app/feature.ts +30 -0
package/src/channel-in-app/handlers/inbox.query.ts +28 -0
package/src/channel-in-app/handlers/mark-all-read.write.ts +21 -0
package/src/channel-in-app/handlers/mark-read.write.ts +32 -0
package/src/channel-in-app/handlers/unread-count.query.ts +20 -0
package/src/channel-in-app/in-app-channel.ts +44 -0
package/src/channel-in-app/index.ts +4 -0
package/src/channel-in-app/tables.ts +22 -0
package/src/channel-push/feature.ts +15 -0
package/src/channel-push/index.ts +3 -0
package/src/channel-push/push-channel.ts +33 -0
package/src/channel-push/types.ts +22 -0
package/src/config/__tests__/app-overrides.test.ts +118 -0
package/src/config/__tests__/config.integration.ts +1246 -0
package/src/config/constants.ts +23 -0
package/src/config/feature.ts +117 -0
package/src/config/handlers/__tests__/prepare-config-write.test.ts +209 -0
package/src/config/handlers/reset.write.ts +45 -0
package/src/config/handlers/schema.query.ts +22 -0
package/src/config/handlers/set.write.ts +93 -0
package/src/config/handlers/values.query.ts +43 -0
package/src/config/index.ts +15 -0
package/src/config/resolver.ts +283 -0
package/src/config/table.ts +35 -0
package/src/config/write-helpers.ts +268 -0
package/src/delivery/__tests__/delivery-events.integration.ts +166 -0
package/src/delivery/__tests__/delivery.integration.ts +1405 -0
package/src/delivery/constants.ts +33 -0
package/src/delivery/delivery-service.ts +489 -0
package/src/delivery/events.ts +18 -0
package/src/delivery/feature.ts +70 -0
package/src/delivery/handlers/log.query.ts +21 -0
package/src/delivery/handlers/preferences.query.ts +18 -0
package/src/delivery/handlers/set-preference.write.ts +28 -0
package/src/delivery/index.ts +35 -0
package/src/delivery/tables.ts +74 -0
package/src/delivery/testing.ts +47 -0
package/src/delivery/types.ts +71 -0
package/src/delivery/unsubscribe.ts +99 -0
package/src/delivery/upsert-preference.ts +145 -0
package/src/feature-toggles/__tests__/feature-toggles.integration.ts +687 -0
package/src/feature-toggles/constants.ts +20 -0
package/src/feature-toggles/events.ts +18 -0
package/src/feature-toggles/feature.ts +98 -0
package/src/feature-toggles/global-feature-state-table.ts +28 -0
package/src/feature-toggles/handlers/list.query.ts +26 -0
package/src/feature-toggles/handlers/registered.query.ts +56 -0
package/src/feature-toggles/handlers/set.write.ts +158 -0
package/src/feature-toggles/index.ts +9 -0
package/src/feature-toggles/toggle-runtime.ts +73 -0
package/src/file-foundation/__tests__/feature.test.ts +35 -0
package/src/file-foundation/__tests__/file-foundation.integration.ts +235 -0
package/src/file-foundation/feature.ts +123 -0
package/src/file-foundation/index.ts +7 -0
package/src/file-provider-inmemory/__tests__/feature.test.ts +35 -0
package/src/file-provider-inmemory/feature.ts +73 -0
package/src/file-provider-inmemory/index.ts +3 -0
package/src/file-provider-s3/__tests__/feature.test.ts +54 -0
package/src/file-provider-s3/feature.ts +169 -0
package/src/file-provider-s3/index.ts +3 -0
package/src/files-provider-s3/__tests__/env-helper.test.ts +161 -0
package/src/files-provider-s3/__tests__/s3-provider.integration.ts +134 -0
package/src/files-provider-s3/__tests__/s3-provider.test.ts +36 -0
package/src/files-provider-s3/env-helper.ts +49 -0
package/src/files-provider-s3/index.ts +3 -0
package/src/files-provider-s3/s3-provider.ts +114 -0
package/src/foundation-shared/config-helpers.ts +67 -0
package/src/foundation-shared/index.ts +4 -0
package/src/jobs/__tests__/job-system-user.integration.ts +194 -0
package/src/jobs/__tests__/jobs-events.integration.ts +143 -0
package/src/jobs/__tests__/jobs-feature.integration.ts +342 -0
package/src/jobs/constants.ts +21 -0
package/src/jobs/events.ts +39 -0
package/src/jobs/feature.ts +150 -0
package/src/jobs/handlers/detail.query.ts +30 -0
package/src/jobs/handlers/list.query.ts +36 -0
package/src/jobs/handlers/retry.write.ts +69 -0
package/src/jobs/handlers/trigger.write.ts +39 -0
package/src/jobs/index.ts +5 -0
package/src/jobs/job-run-logger.ts +213 -0
package/src/jobs/job-run-table.ts +55 -0
package/src/legal-pages/README.md +195 -0
package/src/legal-pages/__tests__/legal-pages.integration.ts +361 -0
package/src/legal-pages/constants.ts +36 -0
package/src/legal-pages/feature.ts +187 -0
package/src/legal-pages/index.ts +13 -0
package/src/legal-pages/markdown.ts +69 -0
package/src/mail-foundation/__tests__/feature.test.ts +46 -0
package/src/mail-foundation/__tests__/mail-foundation.integration.ts +247 -0
package/src/mail-foundation/feature.ts +160 -0
package/src/mail-foundation/index.ts +14 -0
package/src/mail-transport-inmemory/__tests__/feature.test.ts +37 -0
package/src/mail-transport-inmemory/feature.ts +90 -0
package/src/mail-transport-inmemory/index.ts +3 -0
package/src/mail-transport-smtp/__tests__/feature.test.ts +61 -0
package/src/mail-transport-smtp/feature.ts +182 -0
package/src/mail-transport-smtp/index.ts +3 -0
package/src/rate-limiting/__tests__/rate-limiting.integration.ts +84 -0
package/src/rate-limiting/constants.ts +9 -0
package/src/rate-limiting/feature.ts +16 -0
package/src/rate-limiting/handlers/status.query.ts +52 -0
package/src/rate-limiting/index.ts +2 -0
package/src/renderer-simple/__tests__/simple-renderer.test.ts +97 -0
package/src/renderer-simple/feature.ts +12 -0
package/src/renderer-simple/index.ts +2 -0
package/src/renderer-simple/simple-renderer.ts +72 -0
package/src/secrets/__tests__/rotate.integration.ts +176 -0
package/src/secrets/__tests__/secrets-events.integration.ts +125 -0
package/src/secrets/__tests__/secrets.integration.ts +118 -0
package/src/secrets/feature.ts +84 -0
package/src/secrets/handlers/delete.write.ts +20 -0
package/src/secrets/handlers/list.query.ts +38 -0
package/src/secrets/handlers/rotate.job.ts +193 -0
package/src/secrets/handlers/set.write.ts +50 -0
package/src/secrets/index.ts +16 -0
package/src/secrets/secrets-context.ts +296 -0
package/src/secrets/table.ts +68 -0
package/src/sessions/__tests__/cleanup.integration.ts +175 -0
package/src/sessions/__tests__/password-auto-revoke.integration.ts +202 -0
package/src/sessions/__tests__/sessions.integration.ts +472 -0
package/src/sessions/__tests__/test-helpers.ts +66 -0
package/src/sessions/constants.ts +43 -0
package/src/sessions/feature.ts +84 -0
package/src/sessions/handlers/cleanup.job.ts +109 -0
package/src/sessions/handlers/list.query.ts +35 -0
package/src/sessions/handlers/mine.query.ts +37 -0
package/src/sessions/handlers/revoke-all-others.write.ts +42 -0
package/src/sessions/handlers/revoke.write.ts +76 -0
package/src/sessions/index.ts +17 -0
package/src/sessions/schema/index.ts +5 -0
package/src/sessions/schema/user-session.ts +67 -0
package/src/sessions/session-callbacks.ts +110 -0
package/src/sessions/testing.ts +42 -0
package/src/subscription-mollie/__tests__/feature.test.ts +106 -0
package/src/subscription-mollie/__tests__/mollie-foundation.integration.ts +421 -0
package/src/subscription-mollie/__tests__/verify-webhook.test.ts +388 -0
package/src/subscription-mollie/constants.ts +33 -0
package/src/subscription-mollie/feature.ts +144 -0
package/src/subscription-mollie/index.ts +13 -0
package/src/subscription-mollie/plugin-methods.ts +79 -0
package/src/subscription-mollie/verify-webhook.ts +244 -0
package/src/subscription-stripe/__tests__/feature.test.ts +98 -0
package/src/subscription-stripe/__tests__/plugin-methods.test.ts +161 -0
package/src/subscription-stripe/__tests__/stripe-foundation.integration.ts +315 -0
package/src/subscription-stripe/__tests__/verify-webhook.test.ts +306 -0
package/src/subscription-stripe/constants.ts +20 -0
package/src/subscription-stripe/feature.ts +120 -0
package/src/subscription-stripe/index.ts +14 -0
package/src/subscription-stripe/plugin-methods.ts +91 -0
package/src/subscription-stripe/verify-webhook.ts +235 -0
package/src/tenant/__tests__/multi-tenant.integration.ts +278 -0
package/src/tenant/__tests__/seed-testing.integration.ts +229 -0
package/src/tenant/__tests__/tenant.integration.ts +347 -0
package/src/tenant/command-schemas.ts +37 -0
package/src/tenant/constants.ts +37 -0
package/src/tenant/feature.ts +109 -0
package/src/tenant/handlers/active-tenant-ids.query.ts +19 -0
package/src/tenant/handlers/add-member.write.ts +53 -0
package/src/tenant/handlers/cancel-invitation.write.ts +87 -0
package/src/tenant/handlers/create.write.ts +21 -0
package/src/tenant/handlers/disable.write.ts +18 -0
package/src/tenant/handlers/invitations.query.ts +31 -0
package/src/tenant/handlers/list.query.ts +17 -0
package/src/tenant/handlers/me.query.ts +17 -0
package/src/tenant/handlers/members.query.ts +22 -0
package/src/tenant/handlers/memberships.query.ts +24 -0
package/src/tenant/handlers/remove-member.write.ts +40 -0
package/src/tenant/handlers/resolve-user-ids.query.ts +43 -0
package/src/tenant/handlers/update-member-roles.write.ts +54 -0
package/src/tenant/handlers/update.write.ts +20 -0
package/src/tenant/index.ts +12 -0
package/src/tenant/invitation-table.ts +93 -0
package/src/tenant/membership-table.ts +35 -0
package/src/tenant/schema/index.ts +5 -0
package/src/tenant/schema/tenant.ts +27 -0
package/src/tenant/seeding.ts +155 -0
package/src/tenant/testing.ts +8 -0
package/src/text-content/README.md +190 -0
package/src/text-content/__tests__/text-content.integration.ts +415 -0
package/src/text-content/api.ts +92 -0
package/src/text-content/constants.ts +19 -0
package/src/text-content/feature.ts +29 -0
package/src/text-content/handlers/by-slug.query.ts +55 -0
package/src/text-content/handlers/set.write.ts +118 -0
package/src/text-content/index.ts +14 -0
package/src/text-content/seeding.ts +91 -0
package/src/text-content/table.ts +45 -0
package/src/tier-engine/__tests__/compose-app.test.ts +182 -0
package/src/tier-engine/__tests__/drift.test.ts +42 -0
package/src/tier-engine/__tests__/tier-engine.integration.ts +241 -0
package/src/tier-engine/aggregate-id.ts +27 -0
package/src/tier-engine/compose-app.ts +150 -0
package/src/tier-engine/constants.ts +15 -0
package/src/tier-engine/entity.ts +30 -0
package/src/tier-engine/feature.ts +72 -0
package/src/tier-engine/handlers/active-tier.query.ts +23 -0
package/src/tier-engine/index.ts +22 -0
package/src/user/__tests__/seed-testing.integration.ts +127 -0
package/src/user/__tests__/user.integration.ts +198 -0
package/src/user/command-schemas.ts +15 -0
package/src/user/constants.ts +23 -0
package/src/user/feature.ts +32 -0
package/src/user/handlers/create.write.ts +54 -0
package/src/user/handlers/detail.query.ts +9 -0
package/src/user/handlers/find-for-auth.query.ts +38 -0
package/src/user/handlers/list.query.ts +8 -0
package/src/user/handlers/me.query.ts +15 -0
package/src/user/handlers/update.write.ts +54 -0
package/src/user/index.ts +4 -0
package/src/user/schema/index.ts +5 -0
package/src/user/schema/user.ts +69 -0
package/src/user/seeding.ts +93 -0
package/src/user/testing.ts +5 -0

package/src/legal-pages/__tests__/legal-pages.integration.ts ADDED Viewed

@@ -0,0 +1,361 @@
+import type { TextContentApi } from "@cosmicdrift/kumiko-bundled-features/text-content";
+import {
+  createTextContentApi,
+  createTextContentFeature,
+  textBlockEntity,
+} from "@cosmicdrift/kumiko-bundled-features/text-content";
+import { seedTextBlock } from "@cosmicdrift/kumiko-bundled-features/text-content/seeding";
+import type { DbConnection } from "@cosmicdrift/kumiko-framework/db";
+import { SYSTEM_TENANT_ID } from "@cosmicdrift/kumiko-framework/engine";
+import { createEventsTable } from "@cosmicdrift/kumiko-framework/event-store";
+import {
+  createEntityTable,
+  setupTestStack,
+  type TestStack,
+} from "@cosmicdrift/kumiko-framework/stack";
+import { afterAll, beforeAll, describe, expect, test } from "vitest";
+import { createLegalPagesFeature, runLegalPagesBootCheck } from "../feature";
+import { renderMarkdownToHtml, wrapInLayout } from "../markdown";
+let stack: TestStack;
+let db: DbConnection;
+const textFeature = createTextContentFeature();
+const legalFeature = createLegalPagesFeature();
+beforeAll(async () => {
+  // legal-pages braucht zwei wirings:
+  //   1. anonymousAccess für die /legal/*-Routes (laufen ohne JWT)
+  //   2. extraContext.textContent damit der Boot-Check + interner
+  //      Cross-Feature-Lookup ohne direct DB-Coupling funktioniert
+  stack = await setupTestStack({
+    features: [textFeature, legalFeature],
+    anonymousAccess: { defaultTenantId: SYSTEM_TENANT_ID },
+    extraContext: ({ db }) => ({
+      textContent: createTextContentApi(db),
+    }),
+  });
+  db = stack.db;
+  await createEntityTable(db, textBlockEntity);
+  await createEventsTable(db);
+  // Seed legal blocks für SYSTEM_TENANT in DE
+  await seedTextBlock(db, {
+    tenantId: SYSTEM_TENANT_ID,
+    slug: "imprint",
+    lang: "de",
+    title: "Impressum",
+    body: "## Angaben gemäß § 5 TMG\n\n**Marc Frost**\n\nSlevogtstr. 10, Leipzig",
+  });
+  await seedTextBlock(db, {
+    tenantId: SYSTEM_TENANT_ID,
+    slug: "privacy",
+    lang: "de",
+    title: "Datenschutzerklärung",
+    body: "## 1. Überblick\n\nWir verarbeiten **keine Tracking-Cookies**.",
+  });
+  await seedTextBlock(db, {
+    tenantId: SYSTEM_TENANT_ID,
+    slug: "imprint",
+    lang: "en",
+    title: "Imprint",
+    body: "## Provider\n\n**Marc Frost**\n\nLeipzig, Germany",
+  });
+});
+afterAll(async () => {
+  await stack.cleanup();
+});
+describe("legal-pages :: GET /legal/impressum", () => {
+  test("returns rendered HTML for DE imprint", async () => {
+    const res = await stack.app.request("/legal/impressum");
+    expect(res.status).toBe(200);
+    expect(res.headers.get("content-type")).toContain("text/html");
+    const body = await res.text();
+    expect(body).toContain("<title>Impressum</title>");
+    expect(body).toContain('lang="de"');
+    expect(body).toContain("Marc Frost");
+    expect(body).toContain("<h2>"); // markdown-rendered ## heading
+  });
+});
+describe("legal-pages :: GET /legal/datenschutz", () => {
+  test("returns rendered HTML for DE privacy", async () => {
+    const res = await stack.app.request("/legal/datenschutz");
+    expect(res.status).toBe(200);
+    const body = await res.text();
+    expect(body).toContain("<title>Datenschutzerklärung</title>");
+    expect(body).toContain("Tracking-Cookies");
+    expect(body).toContain("<strong>"); // markdown bold
+  });
+});
+describe("legal-pages :: GET /legal/imprint (EN)", () => {
+  test("returns rendered HTML for EN imprint", async () => {
+    const res = await stack.app.request("/legal/imprint");
+    expect(res.status).toBe(200);
+    const body = await res.text();
+    expect(body).toContain('lang="en"');
+    expect(body).toContain("Leipzig");
+  });
+});
+describe("legal-pages :: GET /legal/privacy (EN, not seeded)", () => {
+  test("returns 404 with helpful message when block missing", async () => {
+    const res = await stack.app.request("/legal/privacy");
+    expect(res.status).toBe(404);
+    const body = await res.text();
+    expect(body).toContain("Privacy Policy");
+    expect(body).toContain("Tenant-Admin");
+  });
+});
+describe("legal-pages :: edge-cases", () => {
+  test("Block existiert mit body=null → Route returnt 404 statt leerer HTML", async () => {
+    // seedTextBlock erlaubt body=null als legitimer Stub-State.
+    // Routes sollen das als "not configured" behandeln, NICHT als
+    // valides leeres Page rendern (würde DSGVO-pflichtige Page als
+    // existent vortäuschen).
+    await seedTextBlock(db, {
+      tenantId: SYSTEM_TENANT_ID,
+      slug: "imprint",
+      lang: "fr",
+      title: "Mentions légales",
+      body: null,
+    });
+    // Keine /legal/imprint-fr-Route registriert (LEGAL_ROUTES ist
+    // de+en) — wir adden nicht extra. Stattdessen testen wir das
+    // Verhalten via direct getBlock-Lookup gegen einen leeren
+    // privacy-en Block (existiert noch nicht im stack-setup).
+    await seedTextBlock(db, {
+      tenantId: SYSTEM_TENANT_ID,
+      slug: "privacy",
+      lang: "en",
+      title: "Privacy Policy",
+      body: null,
+    });
+    const res = await stack.app.request("/legal/privacy");
+    expect(res.status).toBe(404);
+    const body = await res.text();
+    expect(body).toContain("Tenant-Admin");
+  });
+  test("Markdown-Body mit <script> wird NICHT escaped (dokumentiertes XSS-Verhalten, siehe README)", async () => {
+    // Bewusstes Verhalten: marked.parse rendered HTML 1:1, kein
+    // DOMPurify-Layer aktuell. Dokumentiert in legal-pages/README.md
+    // ('XSS — bewusst aktuell nicht gesichert'). Test pinnt das
+    // Verhalten — wenn es sich ändert (z.B. DOMPurify dazu), schlägt
+    // dieser Test fehl und der Wechsel ist dokumentiert.
+    await seedTextBlock(db, {
+      tenantId: SYSTEM_TENANT_ID,
+      slug: "imprint",
+      lang: "de",
+      title: "Impressum",
+      body: "## XSS-Test\n\n<script>window.x=1</script>\n\nDanach.",
+    });
+    const res = await stack.app.request("/legal/impressum");
+    expect(res.status).toBe(200);
+    const html = await res.text();
+    // Aktuelles Verhalten: script-tag bleibt unescaped im Output
+    expect(html).toContain("<script>window.x=1</script>");
+  });
+});
+describe("legal-pages :: cache-control", () => {
+  test("sets public cache header for 5min", async () => {
+    const res = await stack.app.request("/legal/impressum");
+    expect(res.headers.get("cache-control")).toBe("public, max-age=300");
+  });
+});
+describe("markdown render helpers", () => {
+  test("renderMarkdownToHtml converts markdown to HTML", () => {
+    const html = renderMarkdownToHtml("# Title\n\n**bold**");
+    expect(html).toContain("<h1>");
+    expect(html).toContain("<strong>bold</strong>");
+  });
+  test("wrapInLayout produces valid HTML5 with title + lang", () => {
+    const html = wrapInLayout({ title: "Test", bodyHtml: "<p>x</p>", lang: "de" });
+    expect(html).toContain("<!doctype html>");
+    expect(html).toContain('lang="de"');
+    expect(html).toContain("<title>Test</title>");
+    expect(html).toContain("<p>x</p>");
+  });
+  test("wrapInLayout escapes title to prevent XSS", () => {
+    const html = wrapInLayout({
+      title: "<script>alert(1)</script>",
+      bodyHtml: "x",
+      lang: "en",
+    });
+    expect(html).not.toContain("<script>alert(1)</script>");
+    expect(html).toContain("&lt;script&gt;");
+  });
+});
+// Boot-Check direkt (ohne dev-server-Job-Runner-Path) — verifiziert
+// dass die Logik fehlende Blocks im SYSTEM_TENANT erkennt. Der eigentliche
+// runOnBoot-Trigger lebt im JobRunner und wird in jobs-feature integration-
+// tests separately exercised.
+describe("legal-pages :: SYSTEM_TENANT-routing (production-bug-regression)", () => {
+  test("legal-pages serven SYSTEM_TENANT-Texte auch wenn tenantResolver einen anderen Tenant zurückgibt", async () => {
+    // Simuliert publicstatus's Setup: host-basierter tenantResolver der
+    // tenant-subdomain → tenant-tenantId resolved. Ohne den X-Tenant-Fix
+    // würde /legal/impressum für tenant-x.example.com tenant-x's
+    // (leeren) imprint-Block abfragen → 404. Mit Fix immer SYSTEM_TENANT.
+    const otherTenantId = "22222222-2222-4222-8222-222222222222";
+    const hostScopedStack = await setupTestStack({
+      features: [createTextContentFeature(), createLegalPagesFeature()],
+      anonymousAccess: {
+        // Resolver gibt IMMER einen anderen Tenant zurück — wenn legal-
+        // pages den respektieren würde, wäre der DB-Lookup leer.
+        tenantResolver: () => otherTenantId,
+        tenantExists: async (id) => id === otherTenantId || id === SYSTEM_TENANT_ID,
+      },
+      extraContext: ({ db }) => ({
+        textContent: createTextContentApi(db),
+      }),
+    });
+    try {
+      await createEntityTable(hostScopedStack.db, textBlockEntity);
+      await createEventsTable(hostScopedStack.db);
+      // Block NUR im SYSTEM_TENANT seeden — NICHT im otherTenantId
+      await seedTextBlock(hostScopedStack.db, {
+        tenantId: SYSTEM_TENANT_ID,
+        slug: "imprint",
+        lang: "de",
+        title: "System-Impressum",
+        body: "## Plattform\n\nMarc Frost",
+      });
+      const res = await hostScopedStack.app.request("/legal/impressum");
+      expect(res.status).toBe(200);
+      const body = await res.text();
+      expect(body).toContain("System-Impressum");
+      expect(body).toContain("Marc Frost");
+    } finally {
+      await hostScopedStack.cleanup();
+    }
+  });
+});
+describe("legal-pages :: runLegalPagesBootCheck (direct unit-tests)", () => {
+  // Direkter Test der Boot-Check-Logik mit constructed ctx-Objects —
+  // keine JobRunner-Coupling, keine Test-Stacks. Das ist die echte
+  // Verhalten-Test-Surface; r.job() ist nur thin shell darum.
+  type Block = { slug: string; lang: string; title: string; body: string | null };
+  function fakeTextContent(blocks: readonly Block[]): {
+    api: TextContentApi;
+    calls: { tenantId: string; slug: string; lang: string }[];
+  } {
+    const calls: { tenantId: string; slug: string; lang: string }[] = [];
+    return {
+      calls,
+      api: {
+        getBlock: async ({ tenantId, slug, lang }) => {
+          calls.push({ tenantId, slug, lang });
+          const block = blocks.find((b) => b.slug === slug && b.lang === lang);
+          if (!block) return null;
+          return { ...block, updatedAt: new Date() };
+        },
+      },
+    };
+  }
+  test("alle Pflicht-Blocks vorhanden → log.info, kein throw", async () => {
+    const { api } = fakeTextContent([
+      { slug: "imprint", lang: "de", title: "I", body: "body" },
+      { slug: "privacy", lang: "de", title: "P", body: "body" },
+    ]);
+    const infos: string[] = [];
+    const warns: string[] = [];
+    await expect(
+      runLegalPagesBootCheck({
+        textContent: api,
+        log: { info: (m) => infos.push(m), warn: (m) => warns.push(m) },
+      }),
+    ).resolves.toBeUndefined();
+    expect(infos).toHaveLength(1);
+    expect(infos[0]).toContain("alle Pflicht-Blocks vorhanden");
+    expect(warns).toHaveLength(0);
+  });
+  test("missing blocks + NODE_ENV=production → throws mit slug-Liste", async () => {
+    const { api } = fakeTextContent([]);
+    const originalEnv = process.env["NODE_ENV"];
+    process.env["NODE_ENV"] = "production";
+    try {
+      await expect(runLegalPagesBootCheck({ textContent: api })).rejects.toThrow(
+        /Boot-Validation failed.*imprint\/de.*privacy\/de/s,
+      );
+    } finally {
+      if (originalEnv === undefined) delete process.env["NODE_ENV"];
+      else process.env["NODE_ENV"] = originalEnv;
+    }
+  });
+  test("missing blocks + NODE_ENV!=production → log.warn, kein throw", async () => {
+    const { api } = fakeTextContent([]);
+    const warns: string[] = [];
+    const originalEnv = process.env["NODE_ENV"];
+    process.env["NODE_ENV"] = "development";
+    try {
+      await expect(
+        runLegalPagesBootCheck({
+          textContent: api,
+          log: { warn: (m) => warns.push(m) },
+        }),
+      ).resolves.toBeUndefined();
+      expect(warns).toHaveLength(1);
+      expect(warns[0]).toContain("missing 2 required text-block(s)");
+      expect(warns[0]).toContain("imprint/de");
+      expect(warns[0]).toContain("privacy/de");
+    } finally {
+      if (originalEnv === undefined) delete process.env["NODE_ENV"];
+      else process.env["NODE_ENV"] = originalEnv;
+    }
+  });
+  test("ctx ohne textContent → InternalError mit Wiring-Hinweis", async () => {
+    await expect(runLegalPagesBootCheck({})).rejects.toThrow(/textContent missing.*extraContext/s);
+  });
+  test("Block existiert aber body ist null → wird als missing gezählt", async () => {
+    const { api } = fakeTextContent([
+      { slug: "imprint", lang: "de", title: "I", body: null },
+      { slug: "privacy", lang: "de", title: "P", body: "body" },
+    ]);
+    const warns: string[] = [];
+    const originalEnv = process.env["NODE_ENV"];
+    process.env["NODE_ENV"] = "development";
+    try {
+      await runLegalPagesBootCheck({
+        textContent: api,
+        log: { warn: (m) => warns.push(m) },
+      });
+      expect(warns[0]).toContain("missing 1 required text-block(s)");
+      expect(warns[0]).toContain("imprint/de");
+      expect(warns[0]).not.toContain("privacy/de");
+    } finally {
+      if (originalEnv === undefined) delete process.env["NODE_ENV"];
+      else process.env["NODE_ENV"] = originalEnv;
+    }
+  });
+  test("alle Lookups erfolgen gegen SYSTEM_TENANT_ID (nie tenant-scoped)", async () => {
+    const { api, calls } = fakeTextContent([
+      { slug: "imprint", lang: "de", title: "I", body: "x" },
+      { slug: "privacy", lang: "de", title: "P", body: "x" },
+    ]);
+    await runLegalPagesBootCheck({ textContent: api });
+    expect(calls).toHaveLength(2);
+    for (const call of calls) {
+      expect(call.tenantId).toBe(SYSTEM_TENANT_ID);
+    }
+  });
+});

package/src/legal-pages/constants.ts ADDED Viewed

@@ -0,0 +1,36 @@
+// Feature name
+export const LEGAL_PAGES_FEATURE = "legal-pages" as const;
+// Required slugs that must exist as text-blocks for production-boot.
+// Pro Sprache + Slug eine Pflicht-Kombo. Wer mehr Sprachen will, ergänzt
+// die Liste — Boot-Check wird dynamisch aus der Liste generiert.
+export const LEGAL_REQUIRED_BLOCKS = [
+  { slug: "imprint", lang: "de" },
+  { slug: "privacy", lang: "de" },
+] as const;
+// Optionale Blocks die NICHT Boot-fail-relevant sind, aber die Routes
+// servieren falls vorhanden. EN-Versionen sind in DACH-Apps oft nur
+// "nice-to-have".
+export const LEGAL_OPTIONAL_BLOCKS = [
+  { slug: "imprint", lang: "en" },
+  { slug: "privacy", lang: "en" },
+] as const;
+// Public-Route-Mapping: URL-Path → (slug, lang). DE nutzt die deutschen
+// Standard-Bezeichnungen, EN die englischen.
+export const LEGAL_ROUTES = [
+  { path: "/legal/impressum", slug: "imprint", lang: "de", titleFallback: "Impressum" },
+  {
+    path: "/legal/datenschutz",
+    slug: "privacy",
+    lang: "de",
+    titleFallback: "Datenschutzerklärung",
+  },
+  { path: "/legal/imprint", slug: "imprint", lang: "en", titleFallback: "Imprint" },
+  { path: "/legal/privacy", slug: "privacy", lang: "en", titleFallback: "Privacy Policy" },
+] as const;
+export const LegalPagesErrors = {
+  bootMissingBlock: "legal_pages_boot_missing_block",
+} as const;

package/src/legal-pages/feature.ts ADDED Viewed

@@ -0,0 +1,187 @@
+import {
+  requireTextContent,
+  type TextContentApi,
+} from "@cosmicdrift/kumiko-bundled-features/text-content";
+import {
+  defineFeature,
+  type FeatureDefinition,
+  SYSTEM_TENANT_ID,
+} from "@cosmicdrift/kumiko-framework/engine";
+import { LEGAL_REQUIRED_BLOCKS, LEGAL_ROUTES } from "./constants";
+import { renderMarkdownToHtml, wrapInLayout } from "./markdown";
+// QN-Konstante als dokumentierter Public-Contract des text-content-
+// Features. Ein magic-string statt eines Code-Imports ist hier explizit
+// gewollt: Cross-Feature-Calls gehen nur über stable Public-API
+// (handler-name + payload-shape), nicht über interne Module-Refs. Wenn
+// text-content's Handler-Name sich ändert, ist das ein semver-major
+// und muss in beiden Features synchronisiert werden — gleiches Risiko
+// wie bei jedem API-Endpunkt.
+const TEXT_CONTENT_BY_SLUG_QN = "text-content:query:by-slug";
+// Wire-Body-Shape von /api/query — das, was bySlugQuery returnt.
+type ByslugQueryBody = {
+  data: { title: string; body: string | null } | null;
+};
+// legal-pages — Opt-in-Wrapper um text-content für DACH-Compliance.
+// Liefert vier feste Public-HTML-Routes (/legal/impressum,
+// /legal/datenschutz, /legal/imprint, /legal/privacy) mit
+// Markdown→HTML-Rendering und einen Boot-Check der in Production hart
+// fehlt wenn die DE-Pflicht-Blocks nicht geseedet sind.
+//
+// Cross-Feature-Decoupling:
+//   • Routes nutzen app.fetch zu "/api/query" mit dem QN-string
+//     `text-content:query:by-slug` — kein Code-Import von text-content
+//   • Boot-Check nutzt ctx.textContent (über extraContext) — symmetrisch
+//     zum config/tenant-Pattern
+//   • Single Type-Import (TextContentApi) bleibt — type-only verstößt
+//     nicht gegen Cross-Feature-Coupling
+//
+// Voraussetzungen für Production:
+//   • App-Bootstrap muss extraContext: { textContent: createTextContentApi(db) }
+//     setzen — sonst wirft Boot-Check beim Start
+//   • anonymousAccess: { defaultTenantId: SYSTEM_TENANT_ID } — sonst
+//     antworten die Routes mit 503
+export type LegalPagesWrapLayout = (opts: {
+  readonly title: string;
+  readonly bodyHtml: string;
+  readonly lang: string;
+}) => string;
+export type LegalPagesOptions = {
+  /** Custom Layout-Wrapper für die /legal/*-Routes. Default: minimaler
+   *  HTML-Skeleton aus markdown.ts (`wrapInLayout`). Apps die ihr eigenes
+   *  Marketing-Layout (Header/Footer/Theme) auch um Legal-Body legen
+   *  wollen, übergeben hier ihre Render-Function. */
+  readonly wrapLayout?: LegalPagesWrapLayout;
+};
+export function createLegalPagesFeature(opts: LegalPagesOptions = {}): FeatureDefinition {
+  const wrapLayout = opts.wrapLayout ?? wrapInLayout;
+  return defineFeature("legal-pages", (r) => {
+    r.requires("text-content");
+    // 4 Public-HTML-Routes
+    for (const route of LEGAL_ROUTES) {
+      r.httpRoute({
+        method: "GET",
+        path: route.path,
+        anonymous: true,
+        handler: async (c, { app }) => {
+          const url = new URL(c.req.url);
+          // Architektur: 1 App = X Tenants = 1 Impressum. Egal welche
+          // Subdomain der Visitor besucht (apex, admin.*, tenant-x.*) —
+          // legal-pages serven IMMER die SYSTEM_TENANT-Texte. Deshalb
+          // explizit X-Tenant-Header setzen statt host weiterreichen
+          // (sonst würde ein host-basierter anonymousAccess-Resolver
+          // die tenant-Subdomain auf tenant-tenantId resolven und
+          // tenant-x's leere imprint-Tabelle abfragen → 404).
+          const queryRes = await app.fetch(
+            new Request(`${url.origin}/api/query`, {
+              method: "POST",
+              headers: {
+                "content-type": "application/json",
+                "X-Tenant": SYSTEM_TENANT_ID,
+              },
+              body: JSON.stringify({
+                type: TEXT_CONTENT_BY_SLUG_QN,
+                payload: { slug: route.slug, lang: route.lang },
+              }),
+            }),
+          );
+          if (!queryRes.ok) {
+            return c.text("legal page unavailable", 503);
+          }
+          const body: ByslugQueryBody = await queryRes.json();
+          const data = body.data;
+          if (!data?.body) {
+            return c.text(
+              `${route.titleFallback} not configured. Tenant-Admin must set this text-block.`,
+              404,
+            );
+          }
+          const html = wrapLayout({
+            title: data.title || route.titleFallback,
+            bodyHtml: renderMarkdownToHtml(data.body),
+            lang: route.lang,
+          });
+          return c.body(html, 200, {
+            "content-type": "text/html; charset=utf-8",
+            "cache-control": "public, max-age=300",
+          });
+        },
+      });
+    }
+    // Boot-Check via ctx.textContent (extraContext-Pattern, symmetrisch
+    // zu requireConfigResolver in config). App-Bootstrap muss textContent
+    // wired haben — der Helper gibt einen klaren Wiring-Hinweis wenn nicht.
+    //
+    // Body als named function extrahiert (`runLegalPagesBootCheck`) damit
+    // die Logik direkt unit-testbar ist statt nur indirekt über Routes.
+    // Pattern: thin job-shell ruft testable function — keine Test-Coupling
+    // zum JobRunner.
+    r.job(
+      "legal-pages-boot-check",
+      {
+        trigger: { manual: true },
+        runOnBoot: true,
+        runIn: "api",
+      },
+      async (_payload, ctx) => runLegalPagesBootCheck(ctx),
+    );
+    return {};
+  });
+}
+// Minimal-shape für die Boot-Check-Logik — nur die Felder die der Check
+// braucht. Akzeptiert HandlerContext + AppContext + jeden anderen
+// Container der textContent + log mitbringt. Macht den Check direkt
+// unit-testbar mit constructed ctx-Objects.
+export type LegalPagesBootCheckCtx = {
+  readonly textContent?: TextContentApi;
+  readonly log?: {
+    readonly info?: (msg: string) => void;
+    readonly warn?: (msg: string) => void;
+  };
+};
+// Exportiert für direkte Tests. Wirft InternalError wenn ctx.textContent
+// nicht gewired ist (Hinweis auf fehlenden extraContext). Wirft Error
+// in NODE_ENV=production wenn Pflicht-Blocks fehlen, sonst log.warn.
+// Logged log.info wenn alles vorhanden ist (kein silent-skip).
+export async function runLegalPagesBootCheck(ctx: LegalPagesBootCheckCtx): Promise<void> {
+  const textContent: TextContentApi = requireTextContent(ctx, "legal-pages-boot-check");
+  const missing: { slug: string; lang: string }[] = [];
+  for (const required of LEGAL_REQUIRED_BLOCKS) {
+    const block = await textContent.getBlock({
+      tenantId: SYSTEM_TENANT_ID,
+      slug: required.slug,
+      lang: required.lang,
+    });
+    if (!block?.body) {
+      missing.push({ slug: required.slug, lang: required.lang });
+    }
+  }
+  if (missing.length === 0) {
+    ctx.log?.info?.("legal-pages boot-check: alle Pflicht-Blocks vorhanden");
+  } else {
+    const message =
+      `legal-pages: missing ${missing.length} required text-block(s) in SYSTEM_TENANT: ` +
+      missing.map((m) => `${m.slug}/${m.lang}`).join(", ") +
+      ". Seed via text-content:write:set or seedTextBlock helper.";
+    if (process.env["NODE_ENV"] === "production") {
+      throw new Error(`Boot-Validation failed: ${message}`);
+    }
+    ctx.log?.warn?.(message);
+  }
+}

package/src/legal-pages/index.ts ADDED Viewed

@@ -0,0 +1,13 @@
+export {
+  LEGAL_OPTIONAL_BLOCKS,
+  LEGAL_PAGES_FEATURE,
+  LEGAL_REQUIRED_BLOCKS,
+  LEGAL_ROUTES,
+  LegalPagesErrors,
+} from "./constants";
+export {
+  createLegalPagesFeature,
+  type LegalPagesBootCheckCtx,
+  runLegalPagesBootCheck,
+} from "./feature";
+export { renderMarkdownToHtml, wrapInLayout } from "./markdown";

package/src/legal-pages/markdown.ts ADDED Viewed

@@ -0,0 +1,69 @@
+import { Marked } from "marked";
+// Markdown→HTML mit eigener `marked`-Instance. GFM aus, breaks aus —
+// Legal-Pages sind strukturiert genug dass GFM-Tables/Strikethrough/
+// Task-Lists nicht nötig sind. Headers + Listen + Links + Code reichen.
+//
+// Instance statt globaler `marked.setOptions()` damit andere Features
+// die `marked` als runtime-dep nutzen ihre eigenen Optionen behalten —
+// modul-level side-effect auf shared library wäre brittle bei mehreren
+// Konsumenten.
+//
+// XSS-Schutz: marked rendered tags 1:1, also kann ein böswilliger Text-
+// Editor (TenantAdmin) <script>-Tags reinschreiben. Aktuell akzeptiert
+// weil nur trusted Roles (TenantAdmin/SystemAdmin) Texte setzen können —
+// bei einem Multi-Author-Setup müsste DOMPurify oder isomorphic-dompurify
+// dazu. Dokumentiert in README, Phase-2-Hardening.
+const markdownRenderer = new Marked({
+  gfm: false,
+  breaks: false,
+});
+export function renderMarkdownToHtml(markdown: string): string {
+  // @cast-boundary render-helper marked.parse return-type ist
+  // `string | Promise<string>` — mit `{ async: false }` runtime-garantiert
+  // sync (string). Cast nur API-Vertragsfix, kein Type-Loss.
+  return markdownRenderer.parse(markdown, { async: false }) as string;
+}
+// Layout-Wrapper für Legal-Pages — minimaler HTML-Skeleton mit Inline-
+// CSS damit die Pages auch ohne App-Layout sauber aussehen. Apps die
+// das in ihr eigenes Layout integrieren wollen, nutzen text-content's
+// by-slug-query direkt und rendern selbst.
+export function wrapInLayout(opts: { title: string; bodyHtml: string; lang: string }): string {
+  return `<!doctype html>
+<html lang="${escapeHtmlAttr(opts.lang)}">
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<title>${escapeHtml(opts.title)}</title>
+<style>
+  body { font-family: system-ui, -apple-system, sans-serif; max-width: 720px;
+         margin: 2rem auto; padding: 0 1rem; line-height: 1.6; color: #222; }
+  h1, h2, h3 { line-height: 1.2; margin-top: 2rem; }
+  h1 { font-size: 1.8rem; } h2 { font-size: 1.4rem; } h3 { font-size: 1.15rem; }
+  a { color: #0066cc; }
+  code { background: #f4f4f4; padding: 0.1rem 0.3rem; border-radius: 3px; }
+  hr { border: 0; border-top: 1px solid #ddd; margin: 2rem 0; }
+</style>
+</head>
+<body>
+<main>
+${opts.bodyHtml}
+</main>
+</body>
+</html>`;
+}
+function escapeHtml(s: string): string {
+  return s
+    .replace(/&/g, "&amp;")
+    .replace(/</g, "&lt;")
+    .replace(/>/g, "&gt;")
+    .replace(/"/g, "&quot;")
+    .replace(/'/g, "&#39;");
+}
+function escapeHtmlAttr(s: string): string {
+  return escapeHtml(s);
+}