@dbp-wp/core 0.1.0

package/LICENSE

@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

package/README.md

@@ -0,0 +1,30 @@
+# @dbp-wp/core
+
+Core library for [DBP WP](https://github.com/takashi-matsuyama/dbp_wp): a WordPress REST
+client, a safe formula engine, a CSV/JSON importer, and typesetting data generation.
+
+This package is the Node layer of DBP WP. Most people will want the `dbp-wp` CLI, which
+runs the full app via `npx dbp-wp`. This library is published separately so it can also be
+used on its own and by the browser demo.
+
+```sh
+npm install @dbp-wp/core
+```
+
+```ts
+import { WpClient } from '@dbp-wp/core';
+
+const client = new WpClient({
+  siteUrl: 'https://example.com',
+  username: 'editor',
+  applicationPassword: 'xxxx xxxx xxxx xxxx xxxx xxxx',
+});
+
+const posts = await client.listPosts({ perPage: 20 });
+```
+
+Requires Node.js >= 20.
+
+## License
+
+Licensed under the Apache License, Version 2.0. See [LICENSE](LICENSE).

package/dist/index.d.ts

@@ -0,0 +1,252 @@
+/**
+ * Connection credentials for a WordPress site.
+ *
+ * DBP WP authenticates with WordPress 5.6+ Application Passwords, which are sent as the
+ * password of an HTTP Basic `Authorization` header.
+ */
+interface WpCredentials {
+    /** Base URL of the WordPress site, e.g. `https://example.com`. */
+    siteUrl: string;
+    /** WordPress username. */
+    username: string;
+    /** Application Password issued by WordPress (used as the Basic-auth password). */
+    applicationPassword: string;
+}
+/**
+ * Raw post shape as returned by the WordPress REST API (`/wp/v2/<type>`).
+ *
+ * `title` is an object; `raw` is only present in `context=edit`. `menu_order` is
+ * snake_case. Use {@link WpPost} for the normalized internal model.
+ */
+interface WpPostResponse {
+    id: number;
+    type: string;
+    status: string;
+    title: {
+        rendered: string;
+        raw?: string;
+    };
+    menu_order: number;
+    meta: Record<string, unknown>;
+    /**
+     * Arbitrary post meta exposed by the companion plugin's `dbp_wp_meta` field.
+     * Present only when the connector is active; absent in restricted mode.
+     */
+    dbp_wp_meta?: Record<string, unknown>;
+}
+/** Normalized, internal post model used by DBP WP. */
+interface WpPost {
+    id: number;
+    type: string;
+    status: string;
+    /** Editable title (the `raw` value when available, else `rendered`). */
+    title: string;
+    menuOrder: number;
+    /**
+     * Core REST post meta (only keys registered with `show_in_rest`). For arbitrary
+     * meta exposed by the companion plugin, see {@link WpPost.dbpWpMeta}.
+     */
+    meta: Record<string, unknown>;
+    /**
+     * Arbitrary post meta from the companion plugin (all keys, single value each).
+     * Present only when the connector returned `dbp_wp_meta`; `undefined` in restricted
+     * mode (no connector installed).
+     */
+    dbpWpMeta?: Record<string, unknown>;
+}
+/**
+ * Editable standard post fields. These map to core WordPress REST fields and need no
+ * companion plugin. Arbitrary meta editing is handled separately (companion plugin).
+ */
+interface UpdatePostFields {
+    /** Editable title (sent as the post `title`). */
+    title?: string;
+    /** Ordering value (sent as `menu_order`). */
+    menuOrder?: number;
+    /** Post status (e.g. `publish`, `draft`). */
+    status?: string;
+}
+/** A WordPress post type available for listing/editing over REST. */
+interface WpPostType {
+    /** Internal type slug (e.g. `post`). */
+    slug: string;
+    /** REST route base used to list/update items of this type (e.g. `posts`). */
+    restBase: string;
+    /** Human-readable name (e.g. `Posts`). */
+    name: string;
+}
+/** Result of a per-post meta delete via the companion plugin. */
+interface DeleteMetaResult {
+    /** The post the keys were deleted from. */
+    postId: number;
+    /** Keys actually deleted (a key not present on the post is omitted). */
+    deleted: string[];
+}
+/** Parameters for listing posts. */
+interface ListPostsParams {
+    /** REST post type slug (e.g. `posts`, `pages`). Defaults to `posts`. */
+    type?: string;
+    /** Page size (WordPress caps this at 100). Defaults to 100. */
+    perPage?: number;
+    /** 1-based page number. Defaults to 1. */
+    page?: number;
+}
+
+/**
+ * Validate and normalize a WordPress site URL into a REST base (origin + base path).
+ *
+ * Requires https, except plain http is allowed for local development hosts. Rejects
+ * embedded credentials, query strings, and fragments, and strips trailing slashes — so
+ * an Application Password is never sent over cleartext to an unexpected target.
+ */
+declare function normalizeSiteUrl(siteUrl: string): string;
+/**
+ * Build the HTTP Basic `Authorization` header value from Application Password
+ * credentials. WordPress treats the Application Password as the Basic-auth password.
+ */
+declare function buildAuthHeader(credentials: WpCredentials): string;
+/** Error thrown when the WordPress REST API returns a non-2xx response. */
+declare class WpRequestError extends Error {
+    readonly status: number;
+    readonly path: string;
+    constructor(status: number, path: string, message: string);
+}
+/**
+ * Minimal WordPress REST client.
+ *
+ * Runs in the Node process (CLI shell), never in the browser, so Application Password
+ * credentials stay server-side. MVP scope: list posts, read/write post meta.
+ */
+declare class WpClient {
+    private readonly credentials;
+    private readonly restBase;
+    constructor(credentials: WpCredentials);
+    private request;
+    /**
+     * List the REST-enabled post types on the site (edit context), so the app can offer
+     * a type selector. Returns each type's REST route base and display name.
+     */
+    listPostTypes(): Promise<WpPostType[]>;
+    /** List posts of a given type in edit context (raw fields, for editing). */
+    listPosts(params?: ListPostsParams): Promise<WpPost[]>;
+    /**
+     * Update post fields in a single request. Standard fields (title, menu_order,
+     * status) are core REST fields and need no plugin. When `meta` is supplied it rides
+     * the same request through the companion plugin's `dbp_wp_meta` field (ignored by
+     * WordPress without the connector). Pass the REST route slug as `type` (e.g.
+     * `posts`, `pages`) — not the object type returned on a post.
+     */
+    updatePost(id: number, fields: UpdatePostFields, type?: string, meta?: Record<string, unknown>): Promise<WpPost>;
+    /**
+     * Create a new post in a single request, symmetric to {@link WpClient.updatePost}.
+     * Standard fields (title, menu_order, status) are core REST fields; when `meta` is
+     * supplied it rides the same request through the companion plugin's `dbp_wp_meta`
+     * field. Pass the REST route slug as `type` (e.g. `posts`, `pages`).
+     */
+    createPost(fields: UpdatePostFields, type?: string, meta?: Record<string, unknown>): Promise<WpPost>;
+    /**
+     * Update only arbitrary post meta through the companion plugin's `dbp_wp_meta`
+     * field. A thin wrapper over {@link WpClient.updatePost} with no standard fields.
+     * Requires the connector; the connector writes scalar values only.
+     */
+    updatePostMeta(id: number, meta: Record<string, unknown>, type?: string): Promise<WpPost>;
+    /**
+     * Delete named meta keys from a single post via the companion plugin's
+     * `DELETE /dbp-wp/v1/posts/<id>/meta` route. This route is keyed by id only (the
+     * post type is irrelevant). Requires the connector.
+     */
+    deletePostMeta(id: number, keys: string[]): Promise<DeleteMetaResult>;
+    /**
+     * Detect whether the companion plugin is active by checking the REST index
+     * (`/wp-json/`) for the connector's namespace. Throws on a failed request; a caller
+     * that wants a non-fatal probe should treat a thrown error as "not available".
+     */
+    detectConnector(): Promise<boolean>;
+}
+
+/**
+ * Formula engine: evaluates a spreadsheet expression against named numeric cells.
+ *
+ * Implementations MUST NOT use `eval`, `Function`, or any other dynamic code execution.
+ */
+interface FormulaEngine {
+    /**
+     * Evaluate a single expression against a map of cell references to numbers.
+     * Throws on invalid syntax, unknown variables, or a non-numeric result.
+     */
+    evaluate(expression: string, context: Record<string, number>): number;
+}
+/**
+ * Formula engine backed by expr-eval-fork, which parses to an AST and evaluates without
+ * `eval`/`Function`. Member access, assignment, and function definitions are disabled,
+ * the nondeterministic `random()` function is removed, and results are constrained to
+ * finite numbers, so expressions stay pure, deterministic, and side-effect free.
+ */
+declare class SafeFormulaEngine implements FormulaEngine {
+    private readonly parser;
+    constructor();
+    evaluate(expression: string, context: Record<string, number>): number;
+}
+
+/**
+ * A tabular view of an import file: a header row plus data rows. Both CSV and JSON
+ * sources are normalized to this shape so the column-mapping logic is source-agnostic.
+ * Each data row is aligned to `headers` by index; a short row has missing trailing cells.
+ */
+interface ParsedTable {
+    /** Column headers (CSV first row, or the union of JSON object keys). */
+    headers: string[];
+    /** Data rows; `rows[r][c]` is the cell under `headers[c]`. */
+    rows: string[][];
+}
+/**
+ * Where a file column is imported to. `skip` drops the column; `title`/`status`/
+ * `menuOrder` map to standard post fields; `meta` writes an arbitrary post-meta key
+ * (companion plugin required).
+ */
+type ImportTarget = {
+    kind: 'skip';
+} | {
+    kind: 'title';
+} | {
+    kind: 'status';
+} | {
+    kind: 'menuOrder';
+} | {
+    kind: 'meta';
+    key: string;
+};
+/** A single new post to create, derived from one import row. */
+interface ImportCreate {
+    /** Standard fields (title / menuOrder / status). */
+    fields: UpdatePostFields;
+    /** Arbitrary meta to write via the companion plugin (omitted when none). */
+    meta?: Record<string, unknown>;
+}
+/**
+ * Parse CSV text into a table, taking the first record as headers. Implements the
+ * RFC 4180 essentials: double-quoted fields, embedded commas/newlines, `""` escapes,
+ * and CRLF or LF line endings. A trailing newline does not produce an empty record.
+ */
+declare function parseCsv(text: string): ParsedTable;
+/**
+ * Parse JSON text (an array of objects) into a table. Headers are the union of all
+ * object keys in first-seen order. Object/array cell values are JSON-stringified;
+ * null and undefined become an empty string. Throws if the JSON is not an array.
+ */
+declare function parseJsonRecords(text: string): ParsedTable;
+/**
+ * Normalize a status cell to a WordPress status. Known labels/values (case-insensitive,
+ * e.g. `Published` → `publish`) are mapped; anything else passes through trimmed so the
+ * WordPress REST API can validate it and surface a per-row error if invalid.
+ */
+declare function normalizeStatus(value: string): string;
+/**
+ * Apply a column mapping to a parsed table, producing one {@link ImportCreate} per row.
+ * Empty cells contribute nothing; a row that maps to no fields and no meta is skipped.
+ * Non-integer `menuOrder` cells are ignored. Meta is stored on a null-prototype object
+ * so a header named `__proto__` is kept as data, never touching any prototype.
+ */
+declare function buildImportPlan(table: ParsedTable, mapping: ImportTarget[]): ImportCreate[];
+
+export { type DeleteMetaResult, type FormulaEngine, type ImportCreate, type ImportTarget, type ListPostsParams, type ParsedTable, SafeFormulaEngine, type UpdatePostFields, WpClient, type WpCredentials, type WpPost, type WpPostResponse, type WpPostType, WpRequestError, buildAuthHeader, buildImportPlan, normalizeSiteUrl, normalizeStatus, parseCsv, parseJsonRecords };

package/dist/index.js

@@ -0,0 +1,454 @@
+// src/wp-client.ts
+var LOCAL_HOSTS = /* @__PURE__ */ new Set(["localhost", "127.0.0.1", "[::1]", "::1"]);
+var ROUTE_SEGMENT = /^[a-z0-9_-]+$/i;
+var META_FIELD = "dbp_wp_meta";
+var CONNECTOR_NAMESPACE = "dbp-wp/v1";
+function normalizeSiteUrl(siteUrl) {
+  let url;
+  try {
+    url = new URL(siteUrl);
+  } catch {
+    throw new Error(`Invalid site URL: ${siteUrl}`);
+  }
+  const isLocal = LOCAL_HOSTS.has(url.hostname);
+  if (url.protocol !== "https:" && !(url.protocol === "http:" && isLocal)) {
+    throw new Error(`Site URL must use https (http is allowed only for local hosts): ${siteUrl}`);
+  }
+  if (url.username !== "" || url.password !== "") {
+    throw new Error("Site URL must not contain embedded credentials.");
+  }
+  if (url.search !== "" || url.hash !== "") {
+    throw new Error("Site URL must not contain a query string or fragment.");
+  }
+  return `${url.origin}${url.pathname}`.replace(/\/+$/, "");
+}
+function buildAuthHeader(credentials) {
+  if (credentials.username.includes(":")) {
+    throw new Error('Username must not contain a colon (":") for HTTP Basic authentication.');
+  }
+  const token = `${credentials.username}:${credentials.applicationPassword}`;
+  const base64 = Buffer.from(token, "utf-8").toString("base64");
+  return `Basic ${base64}`;
+}
+var WpRequestError = class extends Error {
+  constructor(status, path, message) {
+    super(message);
+    this.status = status;
+    this.path = path;
+    this.name = "WpRequestError";
+  }
+  status;
+  path;
+};
+var WpClient = class {
+  constructor(credentials) {
+    this.credentials = credentials;
+    this.restBase = normalizeSiteUrl(credentials.siteUrl);
+  }
+  credentials;
+  restBase;
+  async request(path, init = {}) {
+    const response = await fetch(`${this.restBase}/wp-json${path}`, {
+      ...init,
+      headers: {
+        Authorization: buildAuthHeader(this.credentials),
+        // Only declare a JSON body when one is actually sent (GETs carry none).
+        ...init.body !== void 0 ? { "Content-Type": "application/json" } : {},
+        ...init.headers
+      }
+    });
+    if (!response.ok) {
+      throw new WpRequestError(
+        response.status,
+        path,
+        `WordPress REST request failed: ${response.status} ${response.statusText}`
+      );
+    }
+    return await response.json();
+  }
+  /**
+   * List the REST-enabled post types on the site (edit context), so the app can offer
+   * a type selector. Returns each type's REST route base and display name.
+   */
+  async listPostTypes() {
+    const raw = await this.request("/wp/v2/types?context=edit");
+    return normalizePostTypes(raw);
+  }
+  /** List posts of a given type in edit context (raw fields, for editing). */
+  async listPosts(params = {}) {
+    const type = params.type ?? "posts";
+    assertRouteSegment(type);
+    const perPage = clampInt(params.perPage ?? 100, 1, 100);
+    const page = clampInt(params.page ?? 1, 1, Number.MAX_SAFE_INTEGER);
+    const query = new URLSearchParams({
+      context: "edit",
+      per_page: String(perPage),
+      page: String(page)
+    });
+    const raw = await this.request(`/wp/v2/${type}?${query.toString()}`);
+    return raw.map(normalizePost);
+  }
+  /**
+   * Update post fields in a single request. Standard fields (title, menu_order,
+   * status) are core REST fields and need no plugin. When `meta` is supplied it rides
+   * the same request through the companion plugin's `dbp_wp_meta` field (ignored by
+   * WordPress without the connector). Pass the REST route slug as `type` (e.g.
+   * `posts`, `pages`) — not the object type returned on a post.
+   */
+  async updatePost(id, fields, type = "posts", meta) {
+    assertPostId(id);
+    assertRouteSegment(type);
+    const raw = await this.request(`/wp/v2/${type}/${String(id)}?context=edit`, {
+      method: "POST",
+      body: JSON.stringify(buildPostBody(fields, meta))
+    });
+    return normalizePost(raw);
+  }
+  /**
+   * Create a new post in a single request, symmetric to {@link WpClient.updatePost}.
+   * Standard fields (title, menu_order, status) are core REST fields; when `meta` is
+   * supplied it rides the same request through the companion plugin's `dbp_wp_meta`
+   * field. Pass the REST route slug as `type` (e.g. `posts`, `pages`).
+   */
+  async createPost(fields, type = "posts", meta) {
+    assertRouteSegment(type);
+    const raw = await this.request(`/wp/v2/${type}?context=edit`, {
+      method: "POST",
+      body: JSON.stringify(buildPostBody(fields, meta))
+    });
+    return normalizePost(raw);
+  }
+  /**
+   * Update only arbitrary post meta through the companion plugin's `dbp_wp_meta`
+   * field. A thin wrapper over {@link WpClient.updatePost} with no standard fields.
+   * Requires the connector; the connector writes scalar values only.
+   */
+  async updatePostMeta(id, meta, type = "posts") {
+    return this.updatePost(id, {}, type, meta);
+  }
+  /**
+   * Delete named meta keys from a single post via the companion plugin's
+   * `DELETE /dbp-wp/v1/posts/<id>/meta` route. This route is keyed by id only (the
+   * post type is irrelevant). Requires the connector.
+   */
+  async deletePostMeta(id, keys) {
+    assertPostId(id);
+    const cleanKeys = sanitizeMetaKeys(keys);
+    const raw = await this.request(
+      `/${CONNECTOR_NAMESPACE}/posts/${String(id)}/meta`,
+      { method: "DELETE", body: JSON.stringify({ keys: cleanKeys }) }
+    );
+    return {
+      postId: typeof raw.post_id === "number" ? raw.post_id : id,
+      deleted: Array.isArray(raw.deleted) ? raw.deleted : []
+    };
+  }
+  /**
+   * Detect whether the companion plugin is active by checking the REST index
+   * (`/wp-json/`) for the connector's namespace. Throws on a failed request; a caller
+   * that wants a non-fatal probe should treat a thrown error as "not available".
+   */
+  async detectConnector() {
+    const index = await this.request("/");
+    return hasConnectorNamespace(index.namespaces);
+  }
+};
+function buildUpdateBody(fields) {
+  const body = {};
+  if (fields.title !== void 0) {
+    body.title = fields.title;
+  }
+  if (fields.menuOrder !== void 0) {
+    body.menu_order = fields.menuOrder;
+  }
+  if (fields.status !== void 0) {
+    body.status = fields.status;
+  }
+  return body;
+}
+function assertRouteSegment(segment) {
+  if (!ROUTE_SEGMENT.test(segment)) {
+    throw new Error(`Invalid REST route segment: ${segment}`);
+  }
+}
+function assertPostId(id) {
+  if (!Number.isSafeInteger(id) || id <= 0) {
+    throw new Error(`Invalid post id: ${id}`);
+  }
+}
+function clampInt(value, min, max) {
+  if (!Number.isFinite(value)) {
+    return min;
+  }
+  return Math.min(max, Math.max(min, Math.trunc(value)));
+}
+function buildMetaBody(meta) {
+  return { [META_FIELD]: meta };
+}
+function buildPostBody(fields, meta) {
+  const body = buildUpdateBody(fields);
+  if (meta !== void 0) {
+    Object.assign(body, buildMetaBody(meta));
+  }
+  return body;
+}
+function sanitizeMetaKeys(keys) {
+  if (!Array.isArray(keys)) {
+    throw new Error("Meta keys must be an array of strings.");
+  }
+  const clean = keys.filter((key) => typeof key === "string" && key.length > 0);
+  if (clean.length === 0) {
+    throw new Error("At least one non-empty meta key is required.");
+  }
+  return clean;
+}
+function hasConnectorNamespace(namespaces) {
+  return Array.isArray(namespaces) && namespaces.includes(CONNECTOR_NAMESPACE);
+}
+function normalizePostTypes(raw) {
+  if (typeof raw !== "object" || raw === null) {
+    return [];
+  }
+  const result = [];
+  for (const [key, value] of Object.entries(raw)) {
+    if (typeof value !== "object" || value === null) {
+      continue;
+    }
+    const entry = value;
+    if (typeof entry.rest_base !== "string" || !ROUTE_SEGMENT.test(entry.rest_base)) {
+      continue;
+    }
+    result.push({
+      slug: typeof entry.slug === "string" ? entry.slug : key,
+      restBase: entry.rest_base,
+      name: typeof entry.name === "string" ? entry.name : key
+    });
+  }
+  return result;
+}
+function normalizePost(raw) {
+  const post = {
+    id: raw.id,
+    type: raw.type,
+    status: raw.status,
+    title: raw.title.raw ?? raw.title.rendered,
+    menuOrder: raw.menu_order,
+    meta: raw.meta
+  };
+  if (raw.dbp_wp_meta !== void 0) {
+    post.dbpWpMeta = raw.dbp_wp_meta;
+  }
+  return post;
+}
+
+// src/calc/index.ts
+import { Parser } from "expr-eval-fork";
+var SafeFormulaEngine = class {
+  parser;
+  constructor() {
+    this.parser = new Parser({
+      allowMemberAccess: false,
+      operators: { assignment: false, fndef: false }
+    });
+    delete this.parser.functions.random;
+  }
+  evaluate(expression, context) {
+    let parsed;
+    try {
+      parsed = this.parser.parse(expression);
+    } catch (e) {
+      throw new Error(`Invalid formula: ${e instanceof Error ? e.message : "parse error"}`);
+    }
+    let result;
+    try {
+      result = parsed.evaluate(context);
+    } catch (e) {
+      throw new Error(`Formula evaluation failed: ${e instanceof Error ? e.message : "error"}`);
+    }
+    if (typeof result !== "number" || !Number.isFinite(result)) {
+      throw new Error("Formula must evaluate to a finite number.");
+    }
+    return result;
+  }
+};
+
+// src/importer.ts
+var MENU_ORDER_MIN = -2147483648;
+var MENU_ORDER_MAX = 2147483647;
+function parseCsv(text) {
+  const records = parseCsvRecords(text);
+  const headers = records[0] ?? [];
+  return { headers, rows: records.slice(1) };
+}
+function parseCsvRecords(text) {
+  const records = [];
+  let record = [];
+  let field = "";
+  let inQuotes = false;
+  let i = 0;
+  const endField = () => {
+    record.push(field);
+    field = "";
+  };
+  const endRecord = () => {
+    endField();
+    records.push(record);
+    record = [];
+  };
+  while (i < text.length) {
+    const ch = text[i];
+    if (inQuotes) {
+      if (ch === '"') {
+        if (text[i + 1] === '"') {
+          field += '"';
+          i += 2;
+          continue;
+        }
+        inQuotes = false;
+        i += 1;
+        continue;
+      }
+      field += ch;
+      i += 1;
+      continue;
+    }
+    if (ch === '"') {
+      inQuotes = true;
+      i += 1;
+      continue;
+    }
+    if (ch === ",") {
+      endField();
+      i += 1;
+      continue;
+    }
+    if (ch === "\r") {
+      endRecord();
+      i += text[i + 1] === "\n" ? 2 : 1;
+      continue;
+    }
+    if (ch === "\n") {
+      endRecord();
+      i += 1;
+      continue;
+    }
+    field += ch;
+    i += 1;
+  }
+  if (inQuotes) {
+    throw new Error("Malformed CSV: unterminated quoted field.");
+  }
+  if (field !== "" || record.length > 0) {
+    endRecord();
+  }
+  return records;
+}
+function parseJsonRecords(text) {
+  const data = JSON.parse(text);
+  if (!Array.isArray(data)) {
+    throw new Error("JSON import must be an array of objects.");
+  }
+  const headers = [];
+  const seen = /* @__PURE__ */ new Set();
+  for (const entry of data) {
+    if (isPlainRecord(entry)) {
+      for (const key of Object.keys(entry)) {
+        if (!seen.has(key)) {
+          seen.add(key);
+          headers.push(key);
+        }
+      }
+    }
+  }
+  const rows = data.map((entry) => {
+    const record = isPlainRecord(entry) ? entry : {};
+    return headers.map((header) => stringifyCell(record[header]));
+  });
+  return { headers, rows };
+}
+function isPlainRecord(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function stringifyCell(value) {
+  if (value === null || value === void 0) {
+    return "";
+  }
+  if (typeof value === "object") {
+    return JSON.stringify(value);
+  }
+  return String(value);
+}
+var STATUS_LABELS = Object.assign(
+  /* @__PURE__ */ Object.create(null),
+  {
+    publish: "publish",
+    published: "publish",
+    draft: "draft",
+    pending: "pending",
+    private: "private",
+    future: "future"
+  }
+);
+function normalizeStatus(value) {
+  const trimmed = value.trim();
+  return STATUS_LABELS[trimmed.toLowerCase()] ?? trimmed;
+}
+function buildImportPlan(table, mapping) {
+  const creates = [];
+  for (const row of table.rows) {
+    const fields = {};
+    let meta;
+    for (let col = 0; col < mapping.length; col += 1) {
+      const target = mapping[col];
+      if (!target || target.kind === "skip") {
+        continue;
+      }
+      const value = row[col] ?? "";
+      if (value === "") {
+        continue;
+      }
+      switch (target.kind) {
+        case "title":
+          fields.title = value;
+          break;
+        case "status":
+          fields.status = normalizeStatus(value);
+          break;
+        case "menuOrder": {
+          const order = Number(value);
+          if (Number.isInteger(order) && order >= MENU_ORDER_MIN && order <= MENU_ORDER_MAX) {
+            fields.menuOrder = order;
+          }
+          break;
+        }
+        case "meta":
+          if (target.key.trim() === "") {
+            break;
+          }
+          if (!meta) {
+            meta = /* @__PURE__ */ Object.create(null);
+          }
+          meta[target.key] = value;
+          break;
+      }
+    }
+    if (meta !== void 0 && Object.keys(meta).length > 0) {
+      creates.push({ fields, meta });
+    } else if (Object.keys(fields).length > 0) {
+      creates.push({ fields });
+    }
+  }
+  return creates;
+}
+export {
+  SafeFormulaEngine,
+  WpClient,
+  WpRequestError,
+  buildAuthHeader,
+  buildImportPlan,
+  normalizeSiteUrl,
+  normalizeStatus,
+  parseCsv,
+  parseJsonRecords
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/wp-client.ts","../src/calc/index.ts","../src/importer.ts"],"sourcesContent":["import type {\n  DeleteMetaResult,\n  ListPostsParams,\n  UpdatePostFields,\n  WpCredentials,\n  WpPost,\n  WpPostResponse,\n  WpPostType,\n} from './types';\n\n/** Hosts for which plain http is tolerated (local development). */\nconst LOCAL_HOSTS = new Set(['localhost', '127.0.0.1', '[::1]', '::1']);\n\n/** Allowed characters for a REST route segment (post type slug). No dots: a `.`/`..`\n *  segment would be resolved by the URL parser and traverse the REST path. */\nconst ROUTE_SEGMENT = /^[a-z0-9_-]+$/i;\n\n/** REST field added by the companion plugin to carry arbitrary post meta. */\nconst META_FIELD = 'dbp_wp_meta';\n\n/** REST namespace registered by the companion plugin. */\nconst CONNECTOR_NAMESPACE = 'dbp-wp/v1';\n\n/**\n * Validate and normalize a WordPress site URL into a REST base (origin + base path).\n *\n * Requires https, except plain http is allowed for local development hosts. Rejects\n * embedded credentials, query strings, and fragments, and strips trailing slashes — so\n * an Application Password is never sent over cleartext to an unexpected target.\n */\nexport function normalizeSiteUrl(siteUrl: string): string {\n  let url: URL;\n  try {\n    url = new URL(siteUrl);\n  } catch {\n    throw new Error(`Invalid site URL: ${siteUrl}`);\n  }\n\n  const isLocal = LOCAL_HOSTS.has(url.hostname);\n  if (url.protocol !== 'https:' && !(url.protocol === 'http:' && isLocal)) {\n    throw new Error(`Site URL must use https (http is allowed only for local hosts): ${siteUrl}`);\n  }\n  if (url.username !== '' || url.password !== '') {\n    throw new Error('Site URL must not contain embedded credentials.');\n  }\n  if (url.search !== '' || url.hash !== '') {\n    throw new Error('Site URL must not contain a query string or fragment.');\n  }\n\n  return `${url.origin}${url.pathname}`.replace(/\\/+$/, '');\n}\n\n/**\n * Build the HTTP Basic `Authorization` header value from Application Password\n * credentials. WordPress treats the Application Password as the Basic-auth password.\n */\nexport function buildAuthHeader(credentials: WpCredentials): string {\n  if (credentials.username.includes(':')) {\n    throw new Error('Username must not contain a colon (\":\") for HTTP Basic authentication.');\n  }\n  const token = `${credentials.username}:${credentials.applicationPassword}`;\n  const base64 = Buffer.from(token, 'utf-8').toString('base64');\n  return `Basic ${base64}`;\n}\n\n/** Error thrown when the WordPress REST API returns a non-2xx response. */\nexport class WpRequestError extends Error {\n  constructor(\n    readonly status: number,\n    readonly path: string,\n    message: string,\n  ) {\n    super(message);\n    this.name = 'WpRequestError';\n  }\n}\n\n/**\n * Minimal WordPress REST client.\n *\n * Runs in the Node process (CLI shell), never in the browser, so Application Password\n * credentials stay server-side. MVP scope: list posts, read/write post meta.\n */\nexport class WpClient {\n  private readonly restBase: string;\n\n  constructor(private readonly credentials: WpCredentials) {\n    this.restBase = normalizeSiteUrl(credentials.siteUrl);\n  }\n\n  private async request<T>(path: string, init: RequestInit = {}): Promise<T> {\n    const response = await fetch(`${this.restBase}/wp-json${path}`, {\n      ...init,\n      headers: {\n        Authorization: buildAuthHeader(this.credentials),\n        // Only declare a JSON body when one is actually sent (GETs carry none).\n        ...(init.body !== undefined ? { 'Content-Type': 'application/json' } : {}),\n        ...init.headers,\n      },\n    });\n\n    if (!response.ok) {\n      throw new WpRequestError(\n        response.status,\n        path,\n        `WordPress REST request failed: ${response.status} ${response.statusText}`,\n      );\n    }\n\n    return (await response.json()) as T;\n  }\n\n  /**\n   * List the REST-enabled post types on the site (edit context), so the app can offer\n   * a type selector. Returns each type's REST route base and display name.\n   */\n  async listPostTypes(): Promise<WpPostType[]> {\n    const raw = await this.request<unknown>('/wp/v2/types?context=edit');\n    return normalizePostTypes(raw);\n  }\n\n  /** List posts of a given type in edit context (raw fields, for editing). */\n  async listPosts(params: ListPostsParams = {}): Promise<WpPost[]> {\n    const type = params.type ?? 'posts';\n    assertRouteSegment(type);\n    const perPage = clampInt(params.perPage ?? 100, 1, 100);\n    const page = clampInt(params.page ?? 1, 1, Number.MAX_SAFE_INTEGER);\n    const query = new URLSearchParams({\n      context: 'edit',\n      per_page: String(perPage),\n      page: String(page),\n    });\n    const raw = await this.request<WpPostResponse[]>(`/wp/v2/${type}?${query.toString()}`);\n    return raw.map(normalizePost);\n  }\n\n  /**\n   * Update post fields in a single request. Standard fields (title, menu_order,\n   * status) are core REST fields and need no plugin. When `meta` is supplied it rides\n   * the same request through the companion plugin's `dbp_wp_meta` field (ignored by\n   * WordPress without the connector). Pass the REST route slug as `type` (e.g.\n   * `posts`, `pages`) — not the object type returned on a post.\n   */\n  async updatePost(\n    id: number,\n    fields: UpdatePostFields,\n    type = 'posts',\n    meta?: Record<string, unknown>,\n  ): Promise<WpPost> {\n    assertPostId(id);\n    assertRouteSegment(type);\n    const raw = await this.request<WpPostResponse>(`/wp/v2/${type}/${String(id)}?context=edit`, {\n      method: 'POST',\n      body: JSON.stringify(buildPostBody(fields, meta)),\n    });\n    return normalizePost(raw);\n  }\n\n  /**\n   * Create a new post in a single request, symmetric to {@link WpClient.updatePost}.\n   * Standard fields (title, menu_order, status) are core REST fields; when `meta` is\n   * supplied it rides the same request through the companion plugin's `dbp_wp_meta`\n   * field. Pass the REST route slug as `type` (e.g. `posts`, `pages`).\n   */\n  async createPost(\n    fields: UpdatePostFields,\n    type = 'posts',\n    meta?: Record<string, unknown>,\n  ): Promise<WpPost> {\n    assertRouteSegment(type);\n    const raw = await this.request<WpPostResponse>(`/wp/v2/${type}?context=edit`, {\n      method: 'POST',\n      body: JSON.stringify(buildPostBody(fields, meta)),\n    });\n    return normalizePost(raw);\n  }\n\n  /**\n   * Update only arbitrary post meta through the companion plugin's `dbp_wp_meta`\n   * field. A thin wrapper over {@link WpClient.updatePost} with no standard fields.\n   * Requires the connector; the connector writes scalar values only.\n   */\n  async updatePostMeta(\n    id: number,\n    meta: Record<string, unknown>,\n    type = 'posts',\n  ): Promise<WpPost> {\n    return this.updatePost(id, {}, type, meta);\n  }\n\n  /**\n   * Delete named meta keys from a single post via the companion plugin's\n   * `DELETE /dbp-wp/v1/posts/<id>/meta` route. This route is keyed by id only (the\n   * post type is irrelevant). Requires the connector.\n   */\n  async deletePostMeta(id: number, keys: string[]): Promise<DeleteMetaResult> {\n    assertPostId(id);\n    const cleanKeys = sanitizeMetaKeys(keys);\n    const raw = await this.request<{ post_id?: unknown; deleted?: string[] }>(\n      `/${CONNECTOR_NAMESPACE}/posts/${String(id)}/meta`,\n      { method: 'DELETE', body: JSON.stringify({ keys: cleanKeys }) },\n    );\n    // Trust our own request `id` over a malformed connector `post_id`.\n    return {\n      postId: typeof raw.post_id === 'number' ? raw.post_id : id,\n      deleted: Array.isArray(raw.deleted) ? raw.deleted : [],\n    };\n  }\n\n  /**\n   * Detect whether the companion plugin is active by checking the REST index\n   * (`/wp-json/`) for the connector's namespace. Throws on a failed request; a caller\n   * that wants a non-fatal probe should treat a thrown error as \"not available\".\n   */\n  async detectConnector(): Promise<boolean> {\n    const index = await this.request<{ namespaces?: unknown }>('/');\n    return hasConnectorNamespace(index.namespaces);\n  }\n}\n\n/** Map editable fields to the WordPress REST request body (camelCase → snake_case). */\nexport function buildUpdateBody(fields: UpdatePostFields): Record<string, unknown> {\n  const body: Record<string, unknown> = {};\n  if (fields.title !== undefined) {\n    body.title = fields.title;\n  }\n  if (fields.menuOrder !== undefined) {\n    body.menu_order = fields.menuOrder;\n  }\n  if (fields.status !== undefined) {\n    body.status = fields.status;\n  }\n  return body;\n}\n\nfunction assertRouteSegment(segment: string): void {\n  if (!ROUTE_SEGMENT.test(segment)) {\n    throw new Error(`Invalid REST route segment: ${segment}`);\n  }\n}\n\nfunction assertPostId(id: number): void {\n  if (!Number.isSafeInteger(id) || id <= 0) {\n    throw new Error(`Invalid post id: ${id}`);\n  }\n}\n\nfunction clampInt(value: number, min: number, max: number): number {\n  if (!Number.isFinite(value)) {\n    return min;\n  }\n  return Math.min(max, Math.max(min, Math.trunc(value)));\n}\n\n/** Wrap arbitrary meta in the companion plugin's REST field for a write request. */\nexport function buildMetaBody(meta: Record<string, unknown>): Record<string, unknown> {\n  return { [META_FIELD]: meta };\n}\n\n/**\n * Build a post-update body, folding in connector meta under `dbp_wp_meta` when given.\n * A provided `meta` is included as-is, even when empty — callers that should skip empty\n * meta (e.g. the CLI batch parser) omit it before calling.\n */\nexport function buildPostBody(\n  fields: UpdatePostFields,\n  meta?: Record<string, unknown>,\n): Record<string, unknown> {\n  const body = buildUpdateBody(fields);\n  if (meta !== undefined) {\n    Object.assign(body, buildMetaBody(meta));\n  }\n  return body;\n}\n\n/** Validate and clean a list of meta keys for deletion (non-empty strings only). */\nexport function sanitizeMetaKeys(keys: unknown): string[] {\n  if (!Array.isArray(keys)) {\n    throw new Error('Meta keys must be an array of strings.');\n  }\n  const clean = keys.filter((key): key is string => typeof key === 'string' && key.length > 0);\n  if (clean.length === 0) {\n    throw new Error('At least one non-empty meta key is required.');\n  }\n  return clean;\n}\n\n/** True when a REST index `namespaces` list includes the connector namespace. */\nexport function hasConnectorNamespace(namespaces: unknown): boolean {\n  return Array.isArray(namespaces) && namespaces.includes(CONNECTOR_NAMESPACE);\n}\n\n/**\n * Normalize the `/wp/v2/types` response (an object keyed by type name) into a list.\n * Skips entries without a string `rest_base` (not addressable over REST).\n */\nexport function normalizePostTypes(raw: unknown): WpPostType[] {\n  if (typeof raw !== 'object' || raw === null) {\n    return [];\n  }\n  const result: WpPostType[] = [];\n  for (const [key, value] of Object.entries(raw as Record<string, unknown>)) {\n    if (typeof value !== 'object' || value === null) {\n      continue;\n    }\n    const entry = value as Record<string, unknown>;\n    // Validate rest_base at ingestion so a malformed slug can't become a broken option.\n    if (typeof entry.rest_base !== 'string' || !ROUTE_SEGMENT.test(entry.rest_base)) {\n      continue;\n    }\n    result.push({\n      slug: typeof entry.slug === 'string' ? entry.slug : key,\n      restBase: entry.rest_base,\n      name: typeof entry.name === 'string' ? entry.name : key,\n    });\n  }\n  return result;\n}\n\nfunction normalizePost(raw: WpPostResponse): WpPost {\n  const post: WpPost = {\n    id: raw.id,\n    type: raw.type,\n    status: raw.status,\n    title: raw.title.raw ?? raw.title.rendered,\n    menuOrder: raw.menu_order,\n    meta: raw.meta,\n  };\n  if (raw.dbp_wp_meta !== undefined) {\n    post.dbpWpMeta = raw.dbp_wp_meta;\n  }\n  return post;\n}\n","import { Parser, type Expression } from 'expr-eval-fork';\n\n/**\n * Formula engine: evaluates a spreadsheet expression against named numeric cells.\n *\n * Implementations MUST NOT use `eval`, `Function`, or any other dynamic code execution.\n */\nexport interface FormulaEngine {\n  /**\n   * Evaluate a single expression against a map of cell references to numbers.\n   * Throws on invalid syntax, unknown variables, or a non-numeric result.\n   */\n  evaluate(expression: string, context: Record<string, number>): number;\n}\n\n/**\n * Formula engine backed by expr-eval-fork, which parses to an AST and evaluates without\n * `eval`/`Function`. Member access, assignment, and function definitions are disabled,\n * the nondeterministic `random()` function is removed, and results are constrained to\n * finite numbers, so expressions stay pure, deterministic, and side-effect free.\n */\nexport class SafeFormulaEngine implements FormulaEngine {\n  private readonly parser: Parser;\n\n  constructor() {\n    this.parser = new Parser({\n      allowMemberAccess: false,\n      operators: { assignment: false, fndef: false },\n    });\n    // The `operators.random` flag does not remove the random() function; delete it so\n    // evaluation stays deterministic.\n    delete this.parser.functions.random;\n  }\n\n  evaluate(expression: string, context: Record<string, number>): number {\n    let parsed: Expression;\n    try {\n      parsed = this.parser.parse(expression);\n    } catch (e) {\n      throw new Error(`Invalid formula: ${e instanceof Error ? e.message : 'parse error'}`);\n    }\n\n    let result: unknown;\n    try {\n      result = parsed.evaluate(context);\n    } catch (e) {\n      throw new Error(`Formula evaluation failed: ${e instanceof Error ? e.message : 'error'}`);\n    }\n\n    if (typeof result !== 'number' || !Number.isFinite(result)) {\n      throw new Error('Formula must evaluate to a finite number.');\n    }\n    return result;\n  }\n}\n","import type { UpdatePostFields } from './types';\n\n// WordPress stores menu_order in a signed 32-bit column; ignore cells outside that range\n// so one bad value does not get the whole server-side chunk rejected.\nconst MENU_ORDER_MIN = -2_147_483_648;\nconst MENU_ORDER_MAX = 2_147_483_647;\n\n/**\n * A tabular view of an import file: a header row plus data rows. Both CSV and JSON\n * sources are normalized to this shape so the column-mapping logic is source-agnostic.\n * Each data row is aligned to `headers` by index; a short row has missing trailing cells.\n */\nexport interface ParsedTable {\n  /** Column headers (CSV first row, or the union of JSON object keys). */\n  headers: string[];\n  /** Data rows; `rows[r][c]` is the cell under `headers[c]`. */\n  rows: string[][];\n}\n\n/**\n * Where a file column is imported to. `skip` drops the column; `title`/`status`/\n * `menuOrder` map to standard post fields; `meta` writes an arbitrary post-meta key\n * (companion plugin required).\n */\nexport type ImportTarget =\n  | { kind: 'skip' }\n  | { kind: 'title' }\n  | { kind: 'status' }\n  | { kind: 'menuOrder' }\n  | { kind: 'meta'; key: string };\n\n/** A single new post to create, derived from one import row. */\nexport interface ImportCreate {\n  /** Standard fields (title / menuOrder / status). */\n  fields: UpdatePostFields;\n  /** Arbitrary meta to write via the companion plugin (omitted when none). */\n  meta?: Record<string, unknown>;\n}\n\n/**\n * Parse CSV text into a table, taking the first record as headers. Implements the\n * RFC 4180 essentials: double-quoted fields, embedded commas/newlines, `\"\"` escapes,\n * and CRLF or LF line endings. A trailing newline does not produce an empty record.\n */\nexport function parseCsv(text: string): ParsedTable {\n  const records = parseCsvRecords(text);\n  const headers = records[0] ?? [];\n  return { headers, rows: records.slice(1) };\n}\n\nfunction parseCsvRecords(text: string): string[][] {\n  const records: string[][] = [];\n  let record: string[] = [];\n  let field = '';\n  let inQuotes = false;\n  let i = 0;\n\n  const endField = (): void => {\n    record.push(field);\n    field = '';\n  };\n  const endRecord = (): void => {\n    endField();\n    records.push(record);\n    record = [];\n  };\n\n  while (i < text.length) {\n    const ch = text[i];\n    if (inQuotes) {\n      if (ch === '\"') {\n        if (text[i + 1] === '\"') {\n          field += '\"';\n          i += 2;\n          continue;\n        }\n        inQuotes = false;\n        i += 1;\n        continue;\n      }\n      field += ch;\n      i += 1;\n      continue;\n    }\n    if (ch === '\"') {\n      inQuotes = true;\n      i += 1;\n      continue;\n    }\n    if (ch === ',') {\n      endField();\n      i += 1;\n      continue;\n    }\n    if (ch === '\\r') {\n      endRecord();\n      i += text[i + 1] === '\\n' ? 2 : 1;\n      continue;\n    }\n    if (ch === '\\n') {\n      endRecord();\n      i += 1;\n      continue;\n    }\n    field += ch;\n    i += 1;\n  }\n  // An unclosed quote means the file is malformed; surface it rather than silently\n  // merging the rest of the file into one field and writing corrupted data.\n  if (inQuotes) {\n    throw new Error('Malformed CSV: unterminated quoted field.');\n  }\n  // Flush a final record only if there is pending content (no trailing-newline ghost row).\n  if (field !== '' || record.length > 0) {\n    endRecord();\n  }\n  return records;\n}\n\n/**\n * Parse JSON text (an array of objects) into a table. Headers are the union of all\n * object keys in first-seen order. Object/array cell values are JSON-stringified;\n * null and undefined become an empty string. Throws if the JSON is not an array.\n */\nexport function parseJsonRecords(text: string): ParsedTable {\n  const data: unknown = JSON.parse(text);\n  if (!Array.isArray(data)) {\n    throw new Error('JSON import must be an array of objects.');\n  }\n  const headers: string[] = [];\n  const seen = new Set<string>();\n  for (const entry of data) {\n    if (isPlainRecord(entry)) {\n      for (const key of Object.keys(entry)) {\n        if (!seen.has(key)) {\n          seen.add(key);\n          headers.push(key);\n        }\n      }\n    }\n  }\n  const rows = data.map((entry) => {\n    const record = isPlainRecord(entry) ? entry : {};\n    return headers.map((header) => stringifyCell(record[header]));\n  });\n  return { headers, rows };\n}\n\nfunction isPlainRecord(value: unknown): value is Record<string, unknown> {\n  return typeof value === 'object' && value !== null && !Array.isArray(value);\n}\n\nfunction stringifyCell(value: unknown): string {\n  if (value === null || value === undefined) {\n    return '';\n  }\n  if (typeof value === 'object') {\n    return JSON.stringify(value);\n  }\n  return String(value);\n}\n\n/**\n * Known post-status values and English/value labels, mapped to the WordPress status.\n * A null-prototype map so inherited keys (`constructor`, `toString`, `__proto__`, …) do\n * not accidentally resolve to a function/object instead of falling back to the raw value.\n */\nconst STATUS_LABELS: Record<string, string> = Object.assign(\n  Object.create(null) as Record<string, string>,\n  {\n    publish: 'publish',\n    published: 'publish',\n    draft: 'draft',\n    pending: 'pending',\n    private: 'private',\n    future: 'future',\n  },\n);\n\n/**\n * Normalize a status cell to a WordPress status. Known labels/values (case-insensitive,\n * e.g. `Published` → `publish`) are mapped; anything else passes through trimmed so the\n * WordPress REST API can validate it and surface a per-row error if invalid.\n */\nexport function normalizeStatus(value: string): string {\n  const trimmed = value.trim();\n  return STATUS_LABELS[trimmed.toLowerCase()] ?? trimmed;\n}\n\n/**\n * Apply a column mapping to a parsed table, producing one {@link ImportCreate} per row.\n * Empty cells contribute nothing; a row that maps to no fields and no meta is skipped.\n * Non-integer `menuOrder` cells are ignored. Meta is stored on a null-prototype object\n * so a header named `__proto__` is kept as data, never touching any prototype.\n */\nexport function buildImportPlan(table: ParsedTable, mapping: ImportTarget[]): ImportCreate[] {\n  const creates: ImportCreate[] = [];\n  for (const row of table.rows) {\n    const fields: UpdatePostFields = {};\n    let meta: Record<string, unknown> | undefined;\n\n    for (let col = 0; col < mapping.length; col += 1) {\n      const target = mapping[col];\n      if (!target || target.kind === 'skip') {\n        continue;\n      }\n      const value = row[col] ?? '';\n      if (value === '') {\n        continue;\n      }\n      switch (target.kind) {\n        case 'title':\n          fields.title = value;\n          break;\n        case 'status':\n          fields.status = normalizeStatus(value);\n          break;\n        case 'menuOrder': {\n          const order = Number(value);\n          if (Number.isInteger(order) && order >= MENU_ORDER_MIN && order <= MENU_ORDER_MAX) {\n            fields.menuOrder = order;\n          }\n          break;\n        }\n        case 'meta':\n          // An empty/whitespace meta key would be rejected by the server (empty key),\n          // failing the whole chunk; skip it rather than emit `meta[\"\"]`.\n          if (target.key.trim() === '') {\n            break;\n          }\n          if (!meta) {\n            meta = Object.create(null) as Record<string, unknown>;\n          }\n          meta[target.key] = value;\n          break;\n      }\n    }\n\n    if (meta !== undefined && Object.keys(meta).length > 0) {\n      creates.push({ fields, meta });\n    } else if (Object.keys(fields).length > 0) {\n      creates.push({ fields });\n    }\n  }\n  return creates;\n}\n"],"mappings":";AAWA,IAAM,cAAc,oBAAI,IAAI,CAAC,aAAa,aAAa,SAAS,KAAK,CAAC;AAItE,IAAM,gBAAgB;AAGtB,IAAM,aAAa;AAGnB,IAAM,sBAAsB;AASrB,SAAS,iBAAiB,SAAyB;AACxD,MAAI;AACJ,MAAI;AACF,UAAM,IAAI,IAAI,OAAO;AAAA,EACvB,QAAQ;AACN,UAAM,IAAI,MAAM,qBAAqB,OAAO,EAAE;AAAA,EAChD;AAEA,QAAM,UAAU,YAAY,IAAI,IAAI,QAAQ;AAC5C,MAAI,IAAI,aAAa,YAAY,EAAE,IAAI,aAAa,WAAW,UAAU;AACvE,UAAM,IAAI,MAAM,mEAAmE,OAAO,EAAE;AAAA,EAC9F;AACA,MAAI,IAAI,aAAa,MAAM,IAAI,aAAa,IAAI;AAC9C,UAAM,IAAI,MAAM,iDAAiD;AAAA,EACnE;AACA,MAAI,IAAI,WAAW,MAAM,IAAI,SAAS,IAAI;AACxC,UAAM,IAAI,MAAM,uDAAuD;AAAA,EACzE;AAEA,SAAO,GAAG,IAAI,MAAM,GAAG,IAAI,QAAQ,GAAG,QAAQ,QAAQ,EAAE;AAC1D;AAMO,SAAS,gBAAgB,aAAoC;AAClE,MAAI,YAAY,SAAS,SAAS,GAAG,GAAG;AACtC,UAAM,IAAI,MAAM,wEAAwE;AAAA,EAC1F;AACA,QAAM,QAAQ,GAAG,YAAY,QAAQ,IAAI,YAAY,mBAAmB;AACxE,QAAM,SAAS,OAAO,KAAK,OAAO,OAAO,EAAE,SAAS,QAAQ;AAC5D,SAAO,SAAS,MAAM;AACxB;AAGO,IAAM,iBAAN,cAA6B,MAAM;AAAA,EACxC,YACW,QACA,MACT,SACA;AACA,UAAM,OAAO;AAJJ;AACA;AAIT,SAAK,OAAO;AAAA,EACd;AAAA,EANW;AAAA,EACA;AAMb;AAQO,IAAM,WAAN,MAAe;AAAA,EAGpB,YAA6B,aAA4B;AAA5B;AAC3B,SAAK,WAAW,iBAAiB,YAAY,OAAO;AAAA,EACtD;AAAA,EAF6B;AAAA,EAFZ;AAAA,EAMjB,MAAc,QAAW,MAAc,OAAoB,CAAC,GAAe;AACzE,UAAM,WAAW,MAAM,MAAM,GAAG,KAAK,QAAQ,WAAW,IAAI,IAAI;AAAA,MAC9D,GAAG;AAAA,MACH,SAAS;AAAA,QACP,eAAe,gBAAgB,KAAK,WAAW;AAAA;AAAA,QAE/C,GAAI,KAAK,SAAS,SAAY,EAAE,gBAAgB,mBAAmB,IAAI,CAAC;AAAA,QACxE,GAAG,KAAK;AAAA,MACV;AAAA,IACF,CAAC;AAED,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM,IAAI;AAAA,QACR,SAAS;AAAA,QACT;AAAA,QACA,kCAAkC,SAAS,MAAM,IAAI,SAAS,UAAU;AAAA,MAC1E;AAAA,IACF;AAEA,WAAQ,MAAM,SAAS,KAAK;AAAA,EAC9B;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,gBAAuC;AAC3C,UAAM,MAAM,MAAM,KAAK,QAAiB,2BAA2B;AACnE,WAAO,mBAAmB,GAAG;AAAA,EAC/B;AAAA;AAAA,EAGA,MAAM,UAAU,SAA0B,CAAC,GAAsB;AAC/D,UAAM,OAAO,OAAO,QAAQ;AAC5B,uBAAmB,IAAI;AACvB,UAAM,UAAU,SAAS,OAAO,WAAW,KAAK,GAAG,GAAG;AACtD,UAAM,OAAO,SAAS,OAAO,QAAQ,GAAG,GAAG,OAAO,gBAAgB;AAClE,UAAM,QAAQ,IAAI,gBAAgB;AAAA,MAChC,SAAS;AAAA,MACT,UAAU,OAAO,OAAO;AAAA,MACxB,MAAM,OAAO,IAAI;AAAA,IACnB,CAAC;AACD,UAAM,MAAM,MAAM,KAAK,QAA0B,UAAU,IAAI,IAAI,MAAM,SAAS,CAAC,EAAE;AACrF,WAAO,IAAI,IAAI,aAAa;AAAA,EAC9B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,WACJ,IACA,QACA,OAAO,SACP,MACiB;AACjB,iBAAa,EAAE;AACf,uBAAmB,IAAI;AACvB,UAAM,MAAM,MAAM,KAAK,QAAwB,UAAU,IAAI,IAAI,OAAO,EAAE,CAAC,iBAAiB;AAAA,MAC1F,QAAQ;AAAA,MACR,MAAM,KAAK,UAAU,cAAc,QAAQ,IAAI,CAAC;AAAA,IAClD,CAAC;AACD,WAAO,cAAc,GAAG;AAAA,EAC1B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,WACJ,QACA,OAAO,SACP,MACiB;AACjB,uBAAmB,IAAI;AACvB,UAAM,MAAM,MAAM,KAAK,QAAwB,UAAU,IAAI,iBAAiB;AAAA,MAC5E,QAAQ;AAAA,MACR,MAAM,KAAK,UAAU,cAAc,QAAQ,IAAI,CAAC;AAAA,IAClD,CAAC;AACD,WAAO,cAAc,GAAG;AAAA,EAC1B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,eACJ,IACA,MACA,OAAO,SACU;AACjB,WAAO,KAAK,WAAW,IAAI,CAAC,GAAG,MAAM,IAAI;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,eAAe,IAAY,MAA2C;AAC1E,iBAAa,EAAE;AACf,UAAM,YAAY,iBAAiB,IAAI;AACvC,UAAM,MAAM,MAAM,KAAK;AAAA,MACrB,IAAI,mBAAmB,UAAU,OAAO,EAAE,CAAC;AAAA,MAC3C,EAAE,QAAQ,UAAU,MAAM,KAAK,UAAU,EAAE,MAAM,UAAU,CAAC,EAAE;AAAA,IAChE;AAEA,WAAO;AAAA,MACL,QAAQ,OAAO,IAAI,YAAY,WAAW,IAAI,UAAU;AAAA,MACxD,SAAS,MAAM,QAAQ,IAAI,OAAO,IAAI,IAAI,UAAU,CAAC;AAAA,IACvD;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,kBAAoC;AACxC,UAAM,QAAQ,MAAM,KAAK,QAAkC,GAAG;AAC9D,WAAO,sBAAsB,MAAM,UAAU;AAAA,EAC/C;AACF;AAGO,SAAS,gBAAgB,QAAmD;AACjF,QAAM,OAAgC,CAAC;AACvC,MAAI,OAAO,UAAU,QAAW;AAC9B,SAAK,QAAQ,OAAO;AAAA,EACtB;AACA,MAAI,OAAO,cAAc,QAAW;AAClC,SAAK,aAAa,OAAO;AAAA,EAC3B;AACA,MAAI,OAAO,WAAW,QAAW;AAC/B,SAAK,SAAS,OAAO;AAAA,EACvB;AACA,SAAO;AACT;AAEA,SAAS,mBAAmB,SAAuB;AACjD,MAAI,CAAC,cAAc,KAAK,OAAO,GAAG;AAChC,UAAM,IAAI,MAAM,+BAA+B,OAAO,EAAE;AAAA,EAC1D;AACF;AAEA,SAAS,aAAa,IAAkB;AACtC,MAAI,CAAC,OAAO,cAAc,EAAE,KAAK,MAAM,GAAG;AACxC,UAAM,IAAI,MAAM,oBAAoB,EAAE,EAAE;AAAA,EAC1C;AACF;AAEA,SAAS,SAAS,OAAe,KAAa,KAAqB;AACjE,MAAI,CAAC,OAAO,SAAS,KAAK,GAAG;AAC3B,WAAO;AAAA,EACT;AACA,SAAO,KAAK,IAAI,KAAK,KAAK,IAAI,KAAK,KAAK,MAAM,KAAK,CAAC,CAAC;AACvD;AAGO,SAAS,cAAc,MAAwD;AACpF,SAAO,EAAE,CAAC,UAAU,GAAG,KAAK;AAC9B;AAOO,SAAS,cACd,QACA,MACyB;AACzB,QAAM,OAAO,gBAAgB,MAAM;AACnC,MAAI,SAAS,QAAW;AACtB,WAAO,OAAO,MAAM,cAAc,IAAI,CAAC;AAAA,EACzC;AACA,SAAO;AACT;AAGO,SAAS,iBAAiB,MAAyB;AACxD,MAAI,CAAC,MAAM,QAAQ,IAAI,GAAG;AACxB,UAAM,IAAI,MAAM,wCAAwC;AAAA,EAC1D;AACA,QAAM,QAAQ,KAAK,OAAO,CAAC,QAAuB,OAAO,QAAQ,YAAY,IAAI,SAAS,CAAC;AAC3F,MAAI,MAAM,WAAW,GAAG;AACtB,UAAM,IAAI,MAAM,8CAA8C;AAAA,EAChE;AACA,SAAO;AACT;AAGO,SAAS,sBAAsB,YAA8B;AAClE,SAAO,MAAM,QAAQ,UAAU,KAAK,WAAW,SAAS,mBAAmB;AAC7E;AAMO,SAAS,mBAAmB,KAA4B;AAC7D,MAAI,OAAO,QAAQ,YAAY,QAAQ,MAAM;AAC3C,WAAO,CAAC;AAAA,EACV;AACA,QAAM,SAAuB,CAAC;AAC9B,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,GAA8B,GAAG;AACzE,QAAI,OAAO,UAAU,YAAY,UAAU,MAAM;AAC/C;AAAA,IACF;AACA,UAAM,QAAQ;AAEd,QAAI,OAAO,MAAM,cAAc,YAAY,CAAC,cAAc,KAAK,MAAM,SAAS,GAAG;AAC/E;AAAA,IACF;AACA,WAAO,KAAK;AAAA,MACV,MAAM,OAAO,MAAM,SAAS,WAAW,MAAM,OAAO;AAAA,MACpD,UAAU,MAAM;AAAA,MAChB,MAAM,OAAO,MAAM,SAAS,WAAW,MAAM,OAAO;AAAA,IACtD,CAAC;AAAA,EACH;AACA,SAAO;AACT;AAEA,SAAS,cAAc,KAA6B;AAClD,QAAM,OAAe;AAAA,IACnB,IAAI,IAAI;AAAA,IACR,MAAM,IAAI;AAAA,IACV,QAAQ,IAAI;AAAA,IACZ,OAAO,IAAI,MAAM,OAAO,IAAI,MAAM;AAAA,IAClC,WAAW,IAAI;AAAA,IACf,MAAM,IAAI;AAAA,EACZ;AACA,MAAI,IAAI,gBAAgB,QAAW;AACjC,SAAK,YAAY,IAAI;AAAA,EACvB;AACA,SAAO;AACT;;;AC5UA,SAAS,cAA+B;AAqBjC,IAAM,oBAAN,MAAiD;AAAA,EACrC;AAAA,EAEjB,cAAc;AACZ,SAAK,SAAS,IAAI,OAAO;AAAA,MACvB,mBAAmB;AAAA,MACnB,WAAW,EAAE,YAAY,OAAO,OAAO,MAAM;AAAA,IAC/C,CAAC;AAGD,WAAO,KAAK,OAAO,UAAU;AAAA,EAC/B;AAAA,EAEA,SAAS,YAAoB,SAAyC;AACpE,QAAI;AACJ,QAAI;AACF,eAAS,KAAK,OAAO,MAAM,UAAU;AAAA,IACvC,SAAS,GAAG;AACV,YAAM,IAAI,MAAM,oBAAoB,aAAa,QAAQ,EAAE,UAAU,aAAa,EAAE;AAAA,IACtF;AAEA,QAAI;AACJ,QAAI;AACF,eAAS,OAAO,SAAS,OAAO;AAAA,IAClC,SAAS,GAAG;AACV,YAAM,IAAI,MAAM,8BAA8B,aAAa,QAAQ,EAAE,UAAU,OAAO,EAAE;AAAA,IAC1F;AAEA,QAAI,OAAO,WAAW,YAAY,CAAC,OAAO,SAAS,MAAM,GAAG;AAC1D,YAAM,IAAI,MAAM,2CAA2C;AAAA,IAC7D;AACA,WAAO;AAAA,EACT;AACF;;;AClDA,IAAM,iBAAiB;AACvB,IAAM,iBAAiB;AAuChB,SAAS,SAAS,MAA2B;AAClD,QAAM,UAAU,gBAAgB,IAAI;AACpC,QAAM,UAAU,QAAQ,CAAC,KAAK,CAAC;AAC/B,SAAO,EAAE,SAAS,MAAM,QAAQ,MAAM,CAAC,EAAE;AAC3C;AAEA,SAAS,gBAAgB,MAA0B;AACjD,QAAM,UAAsB,CAAC;AAC7B,MAAI,SAAmB,CAAC;AACxB,MAAI,QAAQ;AACZ,MAAI,WAAW;AACf,MAAI,IAAI;AAER,QAAM,WAAW,MAAY;AAC3B,WAAO,KAAK,KAAK;AACjB,YAAQ;AAAA,EACV;AACA,QAAM,YAAY,MAAY;AAC5B,aAAS;AACT,YAAQ,KAAK,MAAM;AACnB,aAAS,CAAC;AAAA,EACZ;AAEA,SAAO,IAAI,KAAK,QAAQ;AACtB,UAAM,KAAK,KAAK,CAAC;AACjB,QAAI,UAAU;AACZ,UAAI,OAAO,KAAK;AACd,YAAI,KAAK,IAAI,CAAC,MAAM,KAAK;AACvB,mBAAS;AACT,eAAK;AACL;AAAA,QACF;AACA,mBAAW;AACX,aAAK;AACL;AAAA,MACF;AACA,eAAS;AACT,WAAK;AACL;AAAA,IACF;AACA,QAAI,OAAO,KAAK;AACd,iBAAW;AACX,WAAK;AACL;AAAA,IACF;AACA,QAAI,OAAO,KAAK;AACd,eAAS;AACT,WAAK;AACL;AAAA,IACF;AACA,QAAI,OAAO,MAAM;AACf,gBAAU;AACV,WAAK,KAAK,IAAI,CAAC,MAAM,OAAO,IAAI;AAChC;AAAA,IACF;AACA,QAAI,OAAO,MAAM;AACf,gBAAU;AACV,WAAK;AACL;AAAA,IACF;AACA,aAAS;AACT,SAAK;AAAA,EACP;AAGA,MAAI,UAAU;AACZ,UAAM,IAAI,MAAM,2CAA2C;AAAA,EAC7D;AAEA,MAAI,UAAU,MAAM,OAAO,SAAS,GAAG;AACrC,cAAU;AAAA,EACZ;AACA,SAAO;AACT;AAOO,SAAS,iBAAiB,MAA2B;AAC1D,QAAM,OAAgB,KAAK,MAAM,IAAI;AACrC,MAAI,CAAC,MAAM,QAAQ,IAAI,GAAG;AACxB,UAAM,IAAI,MAAM,0CAA0C;AAAA,EAC5D;AACA,QAAM,UAAoB,CAAC;AAC3B,QAAM,OAAO,oBAAI,IAAY;AAC7B,aAAW,SAAS,MAAM;AACxB,QAAI,cAAc,KAAK,GAAG;AACxB,iBAAW,OAAO,OAAO,KAAK,KAAK,GAAG;AACpC,YAAI,CAAC,KAAK,IAAI,GAAG,GAAG;AAClB,eAAK,IAAI,GAAG;AACZ,kBAAQ,KAAK,GAAG;AAAA,QAClB;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACA,QAAM,OAAO,KAAK,IAAI,CAAC,UAAU;AAC/B,UAAM,SAAS,cAAc,KAAK,IAAI,QAAQ,CAAC;AAC/C,WAAO,QAAQ,IAAI,CAAC,WAAW,cAAc,OAAO,MAAM,CAAC,CAAC;AAAA,EAC9D,CAAC;AACD,SAAO,EAAE,SAAS,KAAK;AACzB;AAEA,SAAS,cAAc,OAAkD;AACvE,SAAO,OAAO,UAAU,YAAY,UAAU,QAAQ,CAAC,MAAM,QAAQ,KAAK;AAC5E;AAEA,SAAS,cAAc,OAAwB;AAC7C,MAAI,UAAU,QAAQ,UAAU,QAAW;AACzC,WAAO;AAAA,EACT;AACA,MAAI,OAAO,UAAU,UAAU;AAC7B,WAAO,KAAK,UAAU,KAAK;AAAA,EAC7B;AACA,SAAO,OAAO,KAAK;AACrB;AAOA,IAAM,gBAAwC,OAAO;AAAA,EACnD,uBAAO,OAAO,IAAI;AAAA,EAClB;AAAA,IACE,SAAS;AAAA,IACT,WAAW;AAAA,IACX,OAAO;AAAA,IACP,SAAS;AAAA,IACT,SAAS;AAAA,IACT,QAAQ;AAAA,EACV;AACF;AAOO,SAAS,gBAAgB,OAAuB;AACrD,QAAM,UAAU,MAAM,KAAK;AAC3B,SAAO,cAAc,QAAQ,YAAY,CAAC,KAAK;AACjD;AAQO,SAAS,gBAAgB,OAAoB,SAAyC;AAC3F,QAAM,UAA0B,CAAC;AACjC,aAAW,OAAO,MAAM,MAAM;AAC5B,UAAM,SAA2B,CAAC;AAClC,QAAI;AAEJ,aAAS,MAAM,GAAG,MAAM,QAAQ,QAAQ,OAAO,GAAG;AAChD,YAAM,SAAS,QAAQ,GAAG;AAC1B,UAAI,CAAC,UAAU,OAAO,SAAS,QAAQ;AACrC;AAAA,MACF;AACA,YAAM,QAAQ,IAAI,GAAG,KAAK;AAC1B,UAAI,UAAU,IAAI;AAChB;AAAA,MACF;AACA,cAAQ,OAAO,MAAM;AAAA,QACnB,KAAK;AACH,iBAAO,QAAQ;AACf;AAAA,QACF,KAAK;AACH,iBAAO,SAAS,gBAAgB,KAAK;AACrC;AAAA,QACF,KAAK,aAAa;AAChB,gBAAM,QAAQ,OAAO,KAAK;AAC1B,cAAI,OAAO,UAAU,KAAK,KAAK,SAAS,kBAAkB,SAAS,gBAAgB;AACjF,mBAAO,YAAY;AAAA,UACrB;AACA;AAAA,QACF;AAAA,QACA,KAAK;AAGH,cAAI,OAAO,IAAI,KAAK,MAAM,IAAI;AAC5B;AAAA,UACF;AACA,cAAI,CAAC,MAAM;AACT,mBAAO,uBAAO,OAAO,IAAI;AAAA,UAC3B;AACA,eAAK,OAAO,GAAG,IAAI;AACnB;AAAA,MACJ;AAAA,IACF;AAEA,QAAI,SAAS,UAAa,OAAO,KAAK,IAAI,EAAE,SAAS,GAAG;AACtD,cAAQ,KAAK,EAAE,QAAQ,KAAK,CAAC;AAAA,IAC/B,WAAW,OAAO,KAAK,MAAM,EAAE,SAAS,GAAG;AACzC,cAAQ,KAAK,EAAE,OAAO,CAAC;AAAA,IACzB;AAAA,EACF;AACA,SAAO;AACT;","names":[]}

package/package.json

@@ -0,0 +1,49 @@
+{
+  "name": "@dbp-wp/core",
+  "version": "0.1.0",
+  "description": "Core library for DBP WP: WordPress REST client, formula engine, importer, and typesetting data generation.",
+  "license": "Apache-2.0",
+  "author": "Takashi Matsuyama",
+  "homepage": "https://wp.dbp.jp",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/takashi-matsuyama/dbp_wp.git",
+    "directory": "packages/core"
+  },
+  "bugs": {
+    "url": "https://github.com/takashi-matsuyama/dbp_wp/issues"
+  },
+  "keywords": [
+    "wordpress",
+    "wordpress-rest-api",
+    "bulk-edit"
+  ],
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "engines": {
+    "node": ">=20"
+  },
+  "scripts": {
+    "build": "tsup",
+    "typecheck": "tsc --noEmit"
+  },
+  "dependencies": {
+    "expr-eval-fork": "^3.0.3"
+  },
+  "devDependencies": {
+    "tsup": "^8.3.0"
+  }
+}