@cyberismo/backend 0.0.21 → 0.0.23

package/dist/public/assets/index-ypsafPwV.css

@@ -0,0 +1 @@
+@media (width<=800px){.breadcrumbs{display:none}}[role=treeitem][aria-selected=false]:hover .treenode{background-color:var(--joy-palette-background-level1,#dedede)}[role=treeitem][aria-selected=true]{outline:none}.resizeHandle{width:2px}.resizeHandle:hover,.resizeHandle:active{background-color:var(--joy-palette-primary-500,#0b6bcb)}.cyberismo-svg-wrapper svg{max-height:100vh}.doc .MuiButton-root{margin-top:12px}.doc table.tableblock{border-collapse:collapse}.doc{color:var(--joy-palette-text-primary,#333);font-size:inherit;-webkit-hyphens:auto;hyphens:auto;margin:0;padding:0;line-height:1.6}@media screen and (width>=1024px){.doc{flex:auto;min-width:0;margin:0;font-size:.94444rem}}.doc h1,.doc h2,.doc h3,.doc h4,.doc h5,.doc h6{color:var(--joy-palette-text-primary,#191919);-webkit-hyphens:none;hyphens:none;margin:1rem 0 0;font-weight:400;line-height:1.3}.doc>h1.page:first-child{margin:1.5rem 0;font-size:2rem}@media screen and (width>=769px){.doc>h1.page:first-child{margin-top:2.5rem}}.doc>h1.page:first-child+aside.toc.embedded{margin-top:-.5rem}.doc>h2#name+.sectionbody{margin-top:1rem}#preamble+.sect1,.doc .sect1+.sect1{margin-top:2rem}.doc h1.sect0{background:var(--joy-palette-background-surface,#f0f0f0);margin:1.5rem -1rem 0;padding:.5rem 1rem;font-size:1.8em}.doc h2:not(.discrete){border-bottom:1px solid var(--joy-palette-divider,#e1e1e1);margin-left:-1rem;margin-right:-1rem;padding:.4rem 1rem .1rem}.doc h3:not(.discrete),.doc h4:not(.discrete){font-weight:600}.doc h1 .anchor,.doc h2 .anchor,.doc h3 .anchor,.doc h4 .anchor,.doc h5 .anchor,.doc h6 .anchor{visibility:hidden;width:1.75ex;margin-left:-1.5ex;padding-top:.05em;font-size:.8em;font-weight:400;text-decoration:none;position:absolute}.doc h1 .anchor:before,.doc h2 .anchor:before,.doc h3 .anchor:before,.doc h4 .anchor:before,.doc h5 .anchor:before,.doc h6 .anchor:before{content:"§"}.doc h1:hover .anchor,.doc h2:hover .anchor,.doc h3:hover .anchor,.doc h4:hover .anchor,.doc h5:hover .anchor,.doc h6:hover .anchor{visibility:visible}.doc dl,.doc p{margin:0}.doc a{color:var(--joy-palette-primary-600,#1565c0)}.doc a:hover{color:var(--joy-palette-primary-700,#104d92)}.doc a.bare{-webkit-hyphens:none;hyphens:none}.doc a.unresolved{color:var(--joy-palette-danger-500,#d32f2f)}.doc i.fa{-webkit-hyphens:none;hyphens:none;font-style:normal}.doc .colist>table code,.doc p code,.doc thead code{color:var(--joy-palette-text-primary,#222);background:var(--joy-palette-background-level1,#fafafa);border-radius:.25em;padding:.125em .25em;font-size:.95em}.doc code,.doc pre{-webkit-hyphens:none;hyphens:none}.doc pre{margin:0;font-size:.88889rem;line-height:1.5}.doc blockquote{margin:0}.doc .paragraph.lead>p{font-size:1rem}.doc .right{float:right}.doc .left{float:left}.doc .float-gap.right{margin:0 1rem 1rem 0}.doc .float-gap.left{margin:0 0 1rem 1rem}.doc .float-group:after{content:"";clear:both;display:table}.doc .text-left{text-align:left}.doc .text-center{text-align:center}.doc .text-right{text-align:right}.doc .text-justify{text-align:justify}.doc .stretch{width:100%}.doc .big{font-size:larger}.doc .small{font-size:smaller}.doc .underline{text-decoration:underline}.doc .line-through{text-decoration:line-through}.doc .dlist,.doc .exampleblock,.doc .hdlist,.doc .imageblock,.doc .listingblock,.doc .literalblock,.doc .olist,.doc .paragraph,.doc .partintro,.doc .quoteblock,.doc .sidebarblock,.doc .tabs,.doc .ulist,.doc .verseblock,.doc .videoblock,.doc details,.doc hr{margin:1rem 0 0}.doc .tablecontainer,.doc .tablecontainer+*,.doc :not(.tablecontainer)>table.tableblock,.doc :not(.tablecontainer)>table.tableblock+*,.doc>table.tableblock,.doc>table.tableblock+*{margin-top:1.5rem}.doc table.tableblock{font-size:.83333rem}.doc p.tableblock+p.tableblock{margin-top:.5rem}.doc table.tableblock pre{font-size:inherit}.doc td.tableblock>.content{word-wrap:anywhere}.doc td.tableblock>.content>:first-child{margin-top:0}.doc table.tableblock td{padding:.5rem}.doc table.tableblock th{background:var(--joy-palette-background-level1,#fbfcfe);padding:.5rem}.doc table.tableblock,.doc table.tableblock>*>tr>*{border:0 solid var(--joy-palette-divider,#e1e1e1)}.doc table.grid-all>*>tr>*{border-width:1px}.doc table.grid-cols>*>tr>*{border-width:0 1px}.doc table.grid-rows>*>tr>*{border-width:1px 0}.doc table.grid-all>thead th,.doc table.grid-rows>thead th{border-bottom-width:2.5px}.doc table.frame-all{border-width:1px}.doc table.frame-ends{border-width:1px 0}.doc table.frame-sides{border-width:0 1px}.doc table.frame-none>colgroup+*>:first-child>*,.doc table.frame-sides>colgroup+*>:first-child>*{border-top-width:0}.doc table.frame-sides>:last-child>:last-child>*{border-bottom-width:0}.doc table.frame-ends>*>tr>:first-child,.doc table.frame-none>*>tr>:first-child{border-left-width:0}.doc table.frame-ends>*>tr>:last-child,.doc table.frame-none>*>tr>:last-child{border-right-width:0}.doc table.stripes-all>tbody>tr,.doc table.stripes-even>tbody>tr:nth-of-type(2n),.doc table.stripes-hover>tbody>tr:hover,.doc table.stripes-odd>tbody>tr:nth-of-type(odd){background:var(--joy-palette-background-level1,#fafafa)}.doc table.tableblock>tfoot{background:var(--joy-palette-background-surface,#f0f0f0)}.doc .halign-left{text-align:left}.doc .halign-right{text-align:right}.doc .halign-center{text-align:center}.doc .valign-top{vertical-align:top}.doc .valign-bottom{vertical-align:bottom}.doc .valign-middle{vertical-align:middle}.doc .admonitionblock{margin:1.4rem 0 0}.doc .admonitionblock p,.doc .admonitionblock td.content{font-size:.88889rem}.doc .admonitionblock td.content>.title+*,.doc .admonitionblock td.content>:not(.title):first-child{margin-top:0}.doc .admonitionblock td.content pre{font-size:.83333rem}.doc .admonitionblock>table{table-layout:fixed;width:100%;position:relative}.doc .admonitionblock td.content{background:var(--joy-palette-background-level1,#fafafa);word-wrap:anywhere;width:100%;padding:1rem 1rem .75rem}.doc .admonitionblock td.icon{padding:0;font-size:.83333rem;line-height:1;position:absolute;top:0;left:0;transform:translate(-.5rem,-50%)}.doc .admonitionblock td.icon i{filter:none;height:1.25rem;vertical-align:initial;border-radius:.45rem;align-items:center;width:fit-content;padding:0 .5rem;display:inline-flex}.doc .admonitionblock td.icon i:after{content:attr(title);text-transform:uppercase;font-style:normal;font-weight:600}.doc .admonitionblock td.icon i.icon-caution{color:#fff;background-color:#a0439c}.doc .admonitionblock td.icon i.icon-important{color:#fff;background-color:#d32f2f}.doc .admonitionblock td.icon i.icon-note{color:#fff;background-color:#217ee7}.doc .admonitionblock td.icon i.icon-tip{color:#fff;background-color:#41af46}.doc .admonitionblock td.icon i.icon-warning{color:#fff;background-color:#e18114}.doc .imageblock,.doc .videoblock{flex-direction:column;align-items:center;display:flex}.doc .imageblock .content{text-align:center;align-self:stretch}.doc .imageblock.text-left,.doc .videoblock.text-left{align-items:flex-start}.doc .imageblock.text-left .content{text-align:left}.doc .imageblock.text-right,.doc .videoblock.text-right{align-items:flex-end}.doc .imageblock.text-right .content{text-align:right}.doc .image>img,.doc .image>object,.doc .image>svg,.doc .imageblock img,.doc .imageblock object,.doc .imageblock svg{vertical-align:middle;max-width:100%;max-height:75vh;display:inline-block}.doc .image:not(.left):not(.right)>img{margin-top:-.2em}.doc .videoblock iframe,.doc .videoblock video{vertical-align:middle;max-width:100%}#preamble .abstract blockquote{background:var(--joy-palette-background-surface,#f0f0f0);border-left:5px solid var(--joy-palette-divider,#e1e1e1);color:var(--joy-palette-text-secondary,#4a4a4a);padding:.75em 1em;font-size:.88889rem}.doc .quoteblock,.doc .verseblock{background:var(--joy-palette-background-level1,#fafafa);border-left:5px solid var(--joy-palette-neutral-500,#5d5d5d);color:var(--joy-palette-text-secondary,#5d5d5d)}.doc .quoteblock{padding:.25rem 2rem 1.25rem}.doc .quoteblock .attribution{color:var(--joy-palette-text-tertiary,#8e8e8e);margin-top:.75rem;font-size:.83333rem}.doc .quoteblock blockquote{margin-top:1rem}.doc .quoteblock .paragraph{font-style:italic}.doc .quoteblock cite{padding-left:1em}.doc .verseblock{padding:1rem 2rem;font-size:1.15em}.doc .verseblock pre{font-family:inherit;font-size:inherit}.doc ol,.doc ul{margin:0;padding:0 0 0 2rem}.doc ol.none,.doc ol.unnumbered,.doc ol.unstyled,.doc ul.checklist,.doc ul.no-bullet,.doc ul.none,.doc ul.unstyled{list-style-type:none}.doc ol.unnumbered,.doc ul.no-bullet{padding-left:1.25rem}.doc ol.unstyled,.doc ul.unstyled{padding-left:0}.doc ul.circle{list-style-type:circle}.doc ul.disc{list-style-type:disc}.doc ul.square{list-style-type:square}.doc ul.circle ul:not([class]),.doc ul.disc ul:not([class]),.doc ul.square ul:not([class]){list-style:inherit}.doc ol.arabic{list-style-type:decimal}.doc ol.decimal{list-style-type:decimal-leading-zero}.doc ol.loweralpha{list-style-type:lower-alpha}.doc ol.upperalpha{list-style-type:upper-alpha}.doc ol.lowerroman{list-style-type:lower-roman}.doc ol.upperroman{list-style-type:upper-roman}.doc ol.lowergreek{list-style-type:lower-greek}.doc ul.checklist{padding-left:1.75rem}.doc .dlist .dlist,.doc .dlist .olist,.doc .dlist .ulist,.doc .olist .dlist,.doc .olist .olist,.doc .olist .ulist,.doc .olist li+li,.doc .ulist .dlist,.doc .ulist .olist,.doc .ulist .ulist,.doc .ulist li+li{margin-top:.5rem}.doc .admonitionblock .listingblock,.doc .olist .listingblock,.doc .ulist .listingblock{padding:0}.doc .admonitionblock .title,.doc .exampleblock .title,.doc .imageblock .title,.doc .listingblock .title,.doc .literalblock .title,.doc .openblock .title,.doc .videoblock .title,.doc table.tableblock caption{color:var(--joy-palette-text-secondary,#5d5d5d);-webkit-hyphens:none;hyphens:none;letter-spacing:.01em;padding-bottom:.075rem;font-size:.88889rem;font-style:italic;font-weight:600}.doc table.tableblock caption{text-align:left}.doc .olist .title,.doc .ulist .title{margin-bottom:.25rem;font-style:italic;font-weight:600}.doc .imageblock .title,.doc .videoblock .title{margin-top:.5rem;padding-bottom:0}.doc details{margin-left:1rem}.doc details>summary{margin-bottom:.5rem;line-height:1.6;display:block;position:relative}.doc details>summary::-webkit-details-marker{display:none}.doc details>summary:before{content:"";border:.3em solid #0000;border-left:.5em solid;border-right-width:0;position:absolute;top:.5em;left:-1rem;transform:translate(15%)}.doc details[open]>summary:before{border-width:.5rem .3rem 0;border-color:currentColor #0000 #0000;transform:translateY(15%)}.doc details>summary:after{content:"";width:1rem;height:1em;position:absolute;top:.3em;left:-1rem}.doc details.result{margin-top:.25rem}.doc details.result>summary{color:var(--joy-palette-text-secondary,#5d5d5d);margin-bottom:0;font-style:italic}.doc details.result>.content{margin-left:-1rem}.doc .exampleblock>.content,.doc details.result>.content{background:var(--joy-palette-background-body,#fff);border:.25rem solid var(--joy-palette-neutral-500,#5d5d5d);border-radius:.5rem;padding:.75rem}.doc .exampleblock>.content:after,.doc details.result>.content:after{content:"";clear:both;display:table}.doc .exampleblock>.content>:first-child,.doc details>.content>:first-child{margin-top:0}.doc .sidebarblock{background:var(--joy-palette-neutral-softBg,#e1e1e1);border-radius:.75rem;padding:.75rem 1.5rem}.doc .sidebarblock>.content>.title{text-align:center;margin-bottom:.5rem;font-size:1.25rem;font-weight:600;line-height:1.3}.doc .sidebarblock>.content>.title+*,.doc .sidebarblock>.content>:not(.title):first-child{margin-top:0}.doc .listingblock.wrap pre,.doc table.tableblock pre{white-space:pre-wrap}.doc .listingblock pre:not(.highlight),.doc .literalblock pre,.doc pre.highlight>code{background:var(--joy-palette-background-level1,#fafafa);-webkit-box-shadow:inset 0 0 1.75px var(--joy-palette-divider,#e1e1e1);box-shadow:inset 0 0 1.75px var(--joy-palette-divider,#e1e1e1);padding:.875em;display:block;overflow-x:auto}.doc .listingblock>.content{position:relative}.doc .source-toolbox{visibility:hidden;color:gray;-webkit-user-select:none;user-select:none;white-space:nowrap;z-index:1;font-family:Roboto,sans-serif;font-size:.72222rem;line-height:1;display:flex;position:absolute;top:.25rem;right:.5rem}.doc .listingblock:hover .source-toolbox{visibility:visible}.doc .source-toolbox .source-lang{text-transform:uppercase;letter-spacing:.075em}.doc .source-toolbox>:not(:last-child):after{content:"|";letter-spacing:0;padding:0 1ch}.doc .source-toolbox .copy-button{color:inherit;font-size:inherit;line-height:inherit;background:0 0;border:none;outline:none;flex-direction:column;align-items:center;width:1em;height:1em;padding:0;display:flex}.doc .source-toolbox .copy-icon{width:inherit;height:inherit;flex:none}.doc .source-toolbox img.copy-icon{filter:invert(50.2%)}.doc .source-toolbox svg.copy-icon{fill:currentColor}.doc .source-toolbox .copy-toast{background-color:var(--joy-palette-neutral-800,#333);color:var(--joy-palette-common-white,#fff);cursor:auto;opacity:0;border-radius:.25em;flex:none;justify-content:center;margin-top:1em;padding:.5em;transition:opacity .5s .5s;display:inline-flex;position:relative}.doc .source-toolbox .copy-toast:after{content:"";border:.55em solid #0000;border-left-color:var(--joy-palette-neutral-800,#333);transform-origin:0;width:1em;height:1em;position:absolute;top:0;transform:rotate(-90deg)translate(50%)translateY(50%)}.doc .source-toolbox .copy-button.clicked .copy-toast{opacity:1;transition:none}.doc .language-console .hljs-meta{-webkit-user-select:none;user-select:none}.doc .dlist dt{font-style:italic}.doc .dlist dd{margin:0 0 0 1.5rem}.doc .dlist dd+dt,.doc .dlist dd>p:first-child{margin-top:.5rem}.doc td.hdlist1,.doc td.hdlist2{vertical-align:top;padding:.5rem 0 0}.doc tr:first-child>.hdlist1,.doc tr:first-child>.hdlist2{padding-top:0}.doc td.hdlist1{padding-right:.25rem;font-weight:600}.doc td.hdlist2{padding-left:.25rem}.doc .colist{margin:.25rem 0 -.25rem;font-size:.88889rem}.doc .colist>table>tbody>tr>:first-child,.doc .colist>table>tr>:first-child{vertical-align:top;padding:.25em .5rem 0}.doc .colist>table>tbody>tr>:last-child,.doc .colist>table>tr>:last-child{padding:.25rem 0}.doc .conum[data-value]{text-align:center;letter-spacing:-.25ex;text-indent:-.25ex;border:1px solid;border-radius:100%;width:1.25em;height:1.25em;font-family:Roboto,sans-serif;font-size:.75rem;font-style:normal;line-height:1.2;display:inline-block}.doc .conum[data-value]:after{content:attr(data-value)}.doc .conum[data-value]+b{display:none}.doc hr{border:solid var(--joy-palette-divider,#e1e1e1);border-width:2px 0 0;height:0}.doc b.button{white-space:nowrap}.doc b.button:before{content:"[";padding-right:.25em}.doc b.button:after{content:"]";padding-left:.25em}.doc kbd{background:var(--joy-palette-background-level1,#fafafa);border:1px solid var(--joy-palette-neutral-400,#c1c1c1);-webkit-box-shadow:0 1px 0 var(--joy-palette-neutral-400,#c1c1c1), 0 0 0 .1em var(--joy-palette-background-body,#fff) inset;box-shadow:0 1px 0 var(--joy-palette-neutral-400,#c1c1c1), inset 0 0 0 .1em var(--joy-palette-background-body,#fff);vertical-align:text-bottom;white-space:nowrap;border-radius:.25em;padding:.25em .5em;font-size:.66667rem;display:inline-block}.doc .keyseq,.doc kbd{line-height:1}.doc .keyseq{font-size:.88889rem}.doc .keyseq kbd{margin:0 .125em}.doc .keyseq kbd:first-child{margin-left:0}.doc .keyseq kbd:last-child{margin-right:0}.doc .menuseq,.doc .path{-webkit-hyphens:none;hyphens:none}.doc .menuseq i.caret:before{content:"›";font-size:1.1em;font-weight:600;line-height:.90909}.doc :not(pre).nowrap{white-space:nowrap}.doc .nobreak{-webkit-hyphens:none;hyphens:none;word-wrap:normal}.doc :not(pre).pre-wrap{white-space:pre-wrap}#footnotes{margin:2rem -.5rem 0;font-size:.85em;line-height:1.5}.doc td.tableblock>.content #footnotes{margin:2rem 0 0}#footnotes hr{border-top-width:1px;width:20%;margin-top:0}#footnotes .footnote{margin:.5em 0 0 1em}#footnotes .footnote+.footnote{margin-top:.25em}#footnotes .footnote>a:first-of-type{text-align:right;width:1.5em;margin-left:-2em;display:inline-block}.toc-menu{color:var(--joy-palette-text-secondary,#5d5d5d)}.toc.sidebar .toc-menu{margin-right:.75rem;position:sticky;top:6rem}.toc .toc-menu h3{color:var(--joy-palette-text-primary,#333);margin:0 -.5px;padding-bottom:.25rem;font-size:.88889rem;font-weight:600;line-height:1.3}.toc.sidebar .toc-menu h3{flex-direction:column;justify-content:flex-end;height:2.5rem;display:flex}.toc .toc-menu ul{margin:0;padding:0;font-size:.83333rem;line-height:1.2;list-style:none}.toc.sidebar .toc-menu ul{-ms-scroll-chaining:none;overscroll-behavior:none;max-height:calc(100vh - 8.5rem);overflow-y:auto}@supports (scrollbar-width:none){.toc.sidebar .toc-menu ul{scrollbar-width:none}}.toc .toc-menu ul::-webkit-scrollbar{width:0;height:0}@media screen and (width>=1024px){.toc .toc-menu h3{font-size:.83333rem}.toc .toc-menu ul{font-size:.75rem}}.toc .toc-menu li{margin:0}.toc .toc-menu li[data-level="2"] a{padding-left:1.25rem}.toc .toc-menu li[data-level="3"] a{padding-left:2rem}.toc .toc-menu a{color:inherit;border-left:2px solid var(--joy-palette-divider,#e1e1e1);padding:.25rem 0 .25rem .5rem;text-decoration:none;display:inline-block}.sidebar.toc .toc-menu a{outline:none;display:block}.toc .toc-menu a:hover{color:var(--joy-palette-primary-600,#1565c0)}.toc .toc-menu a.is-active{border-left-color:var(--joy-palette-primary-500,#2a7ee4);color:var(--joy-palette-primary-500,#2a7ee4)}.sidebar.toc .toc-menu a:focus{background:var(--joy-palette-background-level1,#fafafa)}.toc .toc-menu .is-hidden-toc{display:none!important}.contentSidebar{min-width:160px}.doc .videoblock .content{width:100%;max-width:100%;position:relative}.doc .videoblock .content:before{content:"";padding-top:56.25%;display:block}.doc .videoblock .content>iframe,.doc .videoblock .content>video{background:#000;border:0;display:block;position:absolute;inset:0;width:100%!important;height:100%!important}

package/dist/public/config.json

@@ -1,3 +1,4 @@
 {
+  "logoutUrl": "",
   "staticMode": false
 }

package/dist/public/images/broken_link.svg

@@ -0,0 +1,7 @@
+<svg width="721" height="283" viewBox="0 0 721 283" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M163 140.5C163 176.122 191.878 205 227.5 205L255.5 205L226.5 235L227.5 235C175.309 235 133 192.691 133 140.5C133 88.3091 175.309 46 227.5 46L427.5 46L397.5 76L227.5 76C191.878 76 163 104.878 163 140.5Z" fill="black"/>
+<path d="M566.5 140.5C566.5 104.878 537.622 76 502 76L474 76L503 46L502 46C554.191 46 596.5 88.3091 596.5 140.5C596.5 192.691 554.191 235 502 235L365 235L392 205L502 205C537.622 205 566.5 176.122 566.5 140.5Z" fill="black"/>
+<path d="M366.012 98.4991L224.882 266.38L340.776 171.162L348.984 212.415L504.678 0.000272155L398.529 107.516L366.012 98.4991Z" fill="#FF4400"/>
+<rect x="456" y="123" width="265" height="35" rx="17.5" fill="black"/>
+<rect y="123" width="265" height="35" rx="17.5" fill="black"/>
+</svg>

package/dist/public/index.html

@@ -11,8 +11,8 @@
       name="msapplication-TileImage"
       content="/cropped-favicon-270x270.png"
     />
-    <script type="module" crossorigin src="/assets/index-Ca10XaMv.js"></script>
-    <link rel="stylesheet" crossorigin href="/assets/index-CRSBseQM.css">
+    <script type="module" crossorigin src="/assets/index-Cdn_jRWy.js"></script>
+    <link rel="stylesheet" crossorigin href="/assets/index-ypsafPwV.css">
   </head>
   <body>
     <div id="root"></div>

package/dist/types.d.ts

@@ -21,8 +21,33 @@ export interface TreeOptions {
     recursive?: boolean;
     cardKey?: string;
 }
+/**
+ * User roles - checked directly in middleware
+ * Role hierarchy: Admin > Editor > Reader
+ * - Admin: All operations including configuration
+ * - Editor: Can create, edit, and manage content but not config
+ * - Reader: Can only view content
+ */
+export declare enum UserRole {
+    Admin = "admin",
+    Editor = "editor",
+    Reader = "reader"
+}
+/**
+ * User information returned by the /me endpoint
+ */
+export interface UserInfo {
+    id: string;
+    email: string;
+    name: string;
+    role: UserRole;
+}
+/**
+ * Extended app variables including authentication info
+ */
 export interface AppVars {
     tree?: TreeOptions;
+    user?: UserInfo;
 }
 export type AppContext = Context<{
     Variables: AppVars;

package/dist/types.js

@@ -10,5 +10,17 @@
   details. You should have received a copy of the GNU Affero General Public
   License along with this program. If not, see <https://www.gnu.org/licenses/>.
 */
-export {};
+/**
+ * User roles - checked directly in middleware
+ * Role hierarchy: Admin > Editor > Reader
+ * - Admin: All operations including configuration
+ * - Editor: Can create, edit, and manage content but not config
+ * - Reader: Can only view content
+ */
+export var UserRole;
+(function (UserRole) {
+    UserRole["Admin"] = "admin";
+    UserRole["Editor"] = "editor";
+    UserRole["Reader"] = "reader";
+})(UserRole || (UserRole = {}));
 //# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -1 +1 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;EAWE"}
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;EAWE;AAiBF;;;;;;GAMG;AACH,MAAM,CAAN,IAAY,QAIX;AAJD,WAAY,QAAQ;IAClB,2BAAe,CAAA;IACf,6BAAiB,CAAA;IACjB,6BAAiB,CAAA;AACnB,CAAC,EAJW,QAAQ,KAAR,QAAQ,QAInB"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cyberismo/backend",
-  "version": "0.0.21",
+  "version": "0.0.23",
   "description": "Express backend for Cyberismo",
   "main": "dist/index.js",
   "keywords": [],
@@ -14,14 +14,17 @@
   "bugs": "https://github.com/CyberismoCom/cyberismo/issues",
   "dependencies": {
     "@asciidoctor/core": "^3.0.4",
-    "@hono/node-server": "^1.19.2",
+    "@modelcontextprotocol/sdk": "^1.27.1",
+    "@hono/node-server": "^1.19.10",
     "@hono/zod-validator": "^0.7.6",
     "@types/mime-types": "^3.0.1",
-    "dotenv": "^17.2.3",
-    "hono": "^4.10.7",
+    "dotenv": "^17.3.1",
+    "hono": "^4.12.7",
+    "jose": "^6.1.3",
     "mime-types": "^3.0.2",
     "zod": "^4.3.6",
-    "@cyberismo/data-handler": "0.0.21"
+    "@cyberismo/mcp": "0.0.23",
+    "@cyberismo/data-handler": "0.0.23"
   },
   "devDependencies": {
     "@cyberismo/app": "0.0.2"
@@ -37,8 +40,8 @@
   ],
   "scripts": {
     "start": "tsx src/main.ts",
-    "start-e2e": "node dist/main.js",
-    "dev": "tsx watch src/main.ts",
+    "start-e2e": "cross-env AUTH_MODE=mock node dist/main.js",
+    "dev": "cross-env AUTH_MODE=mock tsx watch src/main.ts",
     "debug": "tsx --inspect-brk src/main.ts",
     "export": "pnpm build && node dist/main.js --export",
     "build": "tsc -p tsconfig.build.json && shx rm -rf ./dist/public && shx cp -r ../app/dist ./dist/public",

package/src/app.ts

@@ -12,12 +12,12 @@
 */
 import { Hono } from 'hono';
 import { staticFrontendDirRelative } from './utils.js';
-import { cors } from 'hono/cors';
 import { serveStatic } from '@hono/node-server/serve-static';
 import { attachCommandManager } from './middleware/commandManager.js';
 import calculationsRouter from './domain/calculations/index.js';
 import cardsRouter from './domain/cards/index.js';
 import cardTypesRouter from './domain/cardTypes/index.js';
+import connectorsRouter from './domain/connectors/index.js';
 import fieldTypesRouter from './domain/fieldTypes/index.js';
 import graphModelsRouter from './domain/graphModels/index.js';
 import graphViewsRouter from './domain/graphViews/index.js';
@@ -32,34 +32,46 @@ import path from 'node:path';
 import resourcesRouter from './domain/resources/index.js';
 import logicProgramsRouter from './domain/logicPrograms/index.js';
 import { isSSGContext } from 'hono/ssg';
+import type { CommandManager } from '@cyberismo/data-handler';
 import type { AppVars, TreeOptions } from './types.js';
 import treeMiddleware from './middleware/tree.js';
 import projectRouter from './domain/project/index.js';
+import mcpRouter from './domain/mcp/index.js';
+import { createAuthRouter } from './domain/auth/index.js';
+import { createAuthMiddleware } from './middleware/auth.js';
+import type { AuthProvider } from './auth/types.js';
 
 /**
  * Create the Hono app for the backend
- * @param projectPath - Path to the project
+ * @param authProvider - Authentication provider
+ * @param commands - CommandManager instance for the project
  */
-export function createApp(projectPath?: string, opts?: TreeOptions) {
+export function createApp(
+  authProvider: AuthProvider,
+  commands: CommandManager,
+  opts?: TreeOptions,
+) {
   const app = new Hono<{ Variables: AppVars }>();
 
-  app.use('/api', cors());
-
-  app.use(
-    '*',
-    serveStatic({
-      root: staticFrontendDirRelative,
-    }),
-  );
-
   app.use(treeMiddleware(opts));
-  // Attach CommandManager to all requests
-  app.use(attachCommandManager(projectPath));
+  // Apply authentication middleware to all API and MCP routes
+  app.use('/api/*', createAuthMiddleware(authProvider));
+  app.use('/mcp', createAuthMiddleware(authProvider));
+  app.use('/mcp/*', createAuthMiddleware(authProvider));
 
+  // Attach CommandManager to API and MCP routes
+  const commandManagerMiddleware = attachCommandManager(commands);
+  app.use('/api/*', commandManagerMiddleware);
+  app.use('/mcp', commandManagerMiddleware);
+  app.use('/mcp/*', commandManagerMiddleware);
   // Wire up routes
+  app.route('/api/auth', createAuthRouter());
+
+  // Mount routers
   app.route('/api/calculations', calculationsRouter);
   app.route('/api/cards', cardsRouter);
   app.route('/api/cardTypes', cardTypesRouter);
+  app.route('/api/connectors', connectorsRouter);
   app.route('/api/fieldTypes', fieldTypesRouter);
   app.route('/api/graphModels', graphModelsRouter);
   app.route('/api/graphViews', graphViewsRouter);
@@ -73,10 +85,20 @@ export function createApp(projectPath?: string, opts?: TreeOptions) {
   app.route('/api/labels', labelsRouter);
   app.route('/api/project', projectRouter);
 
+  // MCP endpoint for AI assistant integration
+  app.route('/mcp', mcpRouter);
+
+  app.use(
+    '*',
+    serveStatic({
+      root: staticFrontendDirRelative,
+    }),
+  );
+
   // serve index.html for all other routes
   app.notFound(async (c) => {
     if (c.req.path.startsWith('/api')) {
-      return c.text('Not Found', 400);
+      return c.text('Not Found', 404);
     }
     const file = await readFile(
       path.join(import.meta.dirname, 'public', 'index.html'),

package/src/auth/index.ts

@@ -0,0 +1,17 @@
+/**
+  Cyberismo
+  Copyright © Cyberismo Ltd and contributors 2026
+  This program is free software: you can redistribute it and/or modify it under
+  the terms of the GNU Affero General Public License version 3 as published by
+  the Free Software Foundation. This program is distributed in the hope that it
+  will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty
+  of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+  See the GNU Affero General Public License for more details.
+  You should have received a copy of the GNU Affero General Public
+  License along with this program. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+export type { AuthProvider } from './types.js';
+export { MockAuthProvider } from './mock.js';
+export { KeycloakAuthProvider } from './keycloak.js';
+export type { KeycloakConfig } from './keycloak.js';

package/src/auth/keycloak.ts

@@ -0,0 +1,109 @@
+/**
+  Cyberismo
+  Copyright © Cyberismo Ltd and contributors 2026
+  This program is free software: you can redistribute it and/or modify it under
+  the terms of the GNU Affero General Public License version 3 as published by
+  the Free Software Foundation. This program is distributed in the hope that it
+  will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty
+  of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+  See the GNU Affero General Public License for more details.
+  You should have received a copy of the GNU Affero General Public
+  License along with this program. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+import { createRemoteJWKSet, jwtVerify } from 'jose';
+import type { JWTPayload } from 'jose';
+import { UserRole } from '../types.js';
+import type { UserInfo } from '../types.js';
+import type { AuthProvider } from './types.js';
+
+export interface KeycloakConfig {
+  issuer: string;
+  audience: string;
+}
+
+interface KeycloakJWTPayload extends JWTPayload {
+  email?: string;
+  name?: string;
+  preferred_username?: string;
+  realm_access?: {
+    roles?: string[];
+  };
+}
+
+export class KeycloakAuthProvider implements AuthProvider {
+  private readonly issuer: string;
+  private readonly audience: string;
+  private jwks: ReturnType<typeof createRemoteJWKSet> | null = null;
+
+  constructor(config: KeycloakConfig) {
+    this.issuer = config.issuer;
+    this.audience = config.audience;
+  }
+
+  private getJWKS(): ReturnType<typeof createRemoteJWKSet> {
+    if (!this.jwks) {
+      const jwksUrl = new URL(
+        `${this.issuer.replace(/\/$/, '')}/protocol/openid-connect/certs`,
+      );
+      this.jwks = createRemoteJWKSet(jwksUrl);
+    }
+    return this.jwks;
+  }
+
+  async authenticate(req: Request): Promise<UserInfo | null> {
+    const authHeader = req.headers.get('authorization');
+    if (!authHeader) {
+      return null;
+    }
+
+    const token = authHeader.replace(/^Bearer\s+/i, '');
+    if (!token) {
+      return null;
+    }
+
+    try {
+      const jwks = this.getJWKS();
+      const { payload } = await jwtVerify(token, jwks, {
+        issuer: this.issuer,
+        audience: this.audience,
+      });
+
+      const claims = payload as KeycloakJWTPayload;
+      const role = this.mapRole(claims.realm_access?.roles);
+
+      if (!claims.sub) {
+        throw new Error('Missing sub');
+      }
+      if (!claims.email) {
+        throw new Error('Missing email');
+      }
+
+      return {
+        id: claims.sub,
+        email: claims.email,
+        name: claims.name ?? claims.preferred_username ?? 'Unknown',
+        role,
+      };
+    } catch {
+      // TODO: add proper logging
+      return null;
+    }
+  }
+
+  private mapRole(roles?: string[]): UserRole {
+    if (!roles) {
+      throw new Error('Token missing realm_access roles');
+    }
+    if (roles.includes('admin')) {
+      return UserRole.Admin;
+    }
+    if (roles.includes('editor')) {
+      return UserRole.Editor;
+    }
+    if (roles.includes('reader')) {
+      return UserRole.Reader;
+    }
+    throw new Error('No recognized role found in token');
+  }
+}

package/src/auth/mock.ts

@@ -0,0 +1,38 @@
+/**
+  Cyberismo
+  Copyright © Cyberismo Ltd and contributors 2026
+  This program is free software: you can redistribute it and/or modify it under
+  the terms of the GNU Affero General Public License version 3 as published by
+  the Free Software Foundation. This program is distributed in the hope that it
+  will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty
+  of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+  See the GNU Affero General Public License for more details.
+  You should have received a copy of the GNU Affero General Public
+  License along with this program. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+import { UserRole } from '../types.js';
+import type { UserInfo } from '../types.js';
+import type { AuthProvider } from './types.js';
+
+export interface MockUserConfig {
+  name?: string;
+  email?: string;
+}
+
+export class MockAuthProvider implements AuthProvider {
+  private readonly userConfig: MockUserConfig;
+
+  constructor(config?: MockUserConfig) {
+    this.userConfig = config ?? {};
+  }
+
+  async authenticate(): Promise<UserInfo> {
+    return {
+      id: 'mock-user',
+      email: this.userConfig.email ?? 'admin@cyberismo.local',
+      name: this.userConfig.name ?? 'Local Admin',
+      role: UserRole.Admin,
+    };
+  }
+}

package/src/auth/types.ts

@@ -0,0 +1,18 @@
+/**
+  Cyberismo
+  Copyright © Cyberismo Ltd and contributors 2026
+  This program is free software: you can redistribute it and/or modify it under
+  the terms of the GNU Affero General Public License version 3 as published by
+  the Free Software Foundation. This program is distributed in the hope that it
+  will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty
+  of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+  See the GNU Affero General Public License for more details.
+  You should have received a copy of the GNU Affero General Public
+  License along with this program. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+import type { UserInfo } from '../types.js';
+
+export interface AuthProvider {
+  authenticate(req: Request): Promise<UserInfo | null>;
+}

package/src/domain/auth/index.ts

@@ -0,0 +1,35 @@
+/**
+  Cyberismo
+  Copyright © Cyberismo Ltd and contributors 2026
+  This program is free software: you can redistribute it and/or modify it under
+  the terms of the GNU Affero General Public License version 3 as published by
+  the Free Software Foundation. This program is distributed in the hope that it
+  will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty
+  of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+  See the GNU Affero General Public License for more details.
+  You should have received a copy of the GNU Affero General Public
+  License along with this program. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+import { Hono } from 'hono';
+import { getCurrentUser } from '../../middleware/auth.js';
+
+export function createAuthRouter() {
+  const router = new Hono();
+
+  /**
+   * GET /api/auth/me
+   * Returns the current user's information (id, email, name, role)
+   */
+  router.get('/me', async (c) => {
+    const user = getCurrentUser(c);
+
+    if (!user) {
+      return c.json({ error: 'Unauthorized' }, 401);
+    }
+
+    return c.json(user);
+  });
+
+  return router;
+}

package/src/domain/calculations/index.ts

@@ -15,6 +15,8 @@ import { Hono } from 'hono';
 import * as calculationService from './service.js';
 import { createCalculationSchema } from './schema.js';
 import { zValidator } from '../../middleware/zvalidator.js';
+import { UserRole } from '../../types.js';
+import { requireRole } from '../../middleware/auth.js';
 
 const router = new Hono();
 
@@ -43,12 +45,17 @@ const router = new Hono();
  *       500:
  *         description: Server error
  */
-router.post('/', zValidator('json', createCalculationSchema), async (c) => {
-  const commands = c.get('commands');
-  const { identifier } = c.req.valid('json');
+router.post(
+  '/',
+  requireRole(UserRole.Admin),
+  zValidator('json', createCalculationSchema),
+  async (c) => {
+    const commands = c.get('commands');
+    const { identifier } = c.req.valid('json');
 
-  await calculationService.createCalculation(commands, identifier);
-  return c.json({ message: 'Calculation created successfully' });
-});
+    await calculationService.createCalculation(commands, identifier);
+    return c.json({ message: 'Calculation created successfully' });
+  },
+);
 
 export default router;

package/src/domain/calculations/service.ts

@@ -26,20 +26,22 @@ export async function createCalculation(
   commands: CommandManager,
   identifier: string,
 ) {
-  await commands.createCmd.createCalculation(identifier);
+  await commands.atomic(async () => {
+    await commands.createCmd.createCalculation(identifier);
 
-  // Set displayName to capitalized version of identifier
-  const project = await commands.showCmd.showProject();
-  await updateResourceWithOperation(
-    commands,
-    { prefix: project.prefix, type: 'calculations', identifier },
-    {
-      updateKey: { key: 'displayName' },
-      operation: {
-        name: 'change',
-        target: '',
-        to: capitalize(identifier),
+    // Set displayName to capitalized version of identifier
+    const project = await commands.showCmd.showProject();
+    await updateResourceWithOperation(
+      commands,
+      { prefix: project.prefix, type: 'calculations', identifier },
+      {
+        updateKey: { key: 'displayName' },
+        operation: {
+          name: 'change',
+          target: '',
+          to: capitalize(identifier),
+        },
       },
-    },
-  );
+    );
+  }, `Create calculation ${identifier}`);
 }

package/src/domain/cardTypes/index.ts

@@ -19,6 +19,8 @@ import {
   fieldVisibilityBodySchema,
 } from './schema.js';
 import { zValidator } from '../../middleware/zvalidator.js';
+import { UserRole } from '../../types.js';
+import { requireRole } from '../../middleware/auth.js';
 
 const router = new Hono();
 
@@ -36,7 +38,7 @@ const router = new Hono();
  *       500:
  *         description: project_path not set or other internal error
  */
-router.get('/', async (c) => {
+router.get('/', requireRole(UserRole.Reader), async (c) => {
   const commands = c.get('commands');
 
   try {
@@ -80,22 +82,27 @@ router.get('/', async (c) => {
  *       500:
  *         description: Server error
  */
-router.post('/', zValidator('json', createCardTypeSchema), async (c) => {
-  const commands = c.get('commands');
-  const { identifier, workflowName } = c.req.valid('json');
+router.post(
+  '/',
+  requireRole(UserRole.Admin),
+  zValidator('json', createCardTypeSchema),
+  async (c) => {
+    const commands = c.get('commands');
+    const { identifier, workflowName } = c.req.valid('json');
 
-  try {
-    await cardTypeService.createCardType(commands, identifier, workflowName);
-    return c.json({ message: 'Card type created successfully' });
-  } catch (error) {
-    return c.json(
-      {
-        error: `${error instanceof Error ? error.message : 'Unknown error'}`,
-      },
-      500,
-    );
-  }
-});
+    try {
+      await cardTypeService.createCardType(commands, identifier, workflowName);
+      return c.json({ message: 'Card type created successfully' });
+    } catch (error) {
+      return c.json(
+        {
+          error: `${error instanceof Error ? error.message : 'Unknown error'}`,
+        },
+        500,
+      );
+    }
+  },
+);
 
 /**
  * @swagger
@@ -142,6 +149,7 @@ router.post('/', zValidator('json', createCardTypeSchema), async (c) => {
  */
 router.patch(
   '/:cardTypeName/field-visibility',
+  requireRole(UserRole.Admin),
   zValidator('param', cardTypeNameParamSchema),
   zValidator('json', fieldVisibilityBodySchema),
   async (c) => {