npm - @edge-base/server - Versions diffs - 0.2.4 → 0.2.5 - Mend

@edge-base/server 0.2.4 → 0.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (68) hide show

package/src/index.ts CHANGED Viewed

@@ -1,55 +1,7 @@
-import { OpenAPIHono, type HonoEnv } from './lib/hono.js';
-import { HTTPException } from 'hono/http-exception';
-import { initFunctionRegistry } from './_functions-registry.js';
-import { corsMiddleware } from './middleware/cors.js';
-import { rateLimitMiddleware } from './middleware/rate-limit.js';
-import { errorHandlerMiddleware } from './middleware/error-handler.js';
-import { internalGuardMiddleware } from './middleware/internal-guard.js';
-import { authMiddleware } from './middleware/auth.js';
-import { rulesMiddleware } from './middleware/rules.js';
-import { loggerMiddleware } from './middleware/logger.js';
-import { EdgeBaseError } from '@edge-base/shared';
-import { SERVER_VERSION } from './lib/version.js';
-import { healthRoute } from './routes/health.js';
-import { tablesRoute } from './routes/tables.js';
-import { schemaRoute } from './routes/schema-endpoint.js';
-import { authRoute } from './routes/auth.js';
-import { adminAuthRoute } from './routes/admin-auth.js';
-import { oauthRoute } from './routes/oauth.js';
-import { databaseLiveRoute } from './routes/database-live.js';
-import { storageRoute } from './routes/storage.js';
-import { functionsRoute } from './routes/functions.js';
-import { adminRoute } from './routes/admin.js';
-import { backupRoute } from './routes/backup.js';
-import { sqlRoute } from './routes/sql.js';
-import { kvRoute } from './routes/kv.js';
-import { d1Route } from './routes/d1.js';
-import { vectorizeRoute } from './routes/vectorize.js';
-import { configRoute } from './routes/config.js';
-import { pushRoute } from './routes/push.js';
-import { roomRoute } from './routes/room.js';
-import { analyticsApi } from './routes/analytics-api.js';
-import { parseConfig, setConfig } from './lib/do-router.js';
-import { createAdminAssetRequest } from './lib/admin-assets.js';
-import { resolveAdminFaviconTarget, resolveAdminRedirectTarget } from './lib/admin-routing.js';
-import { zodDefaultHook } from './lib/schemas.js';
-import { executePluginMigrations } from './lib/plugin-migrations.js';
-import { shouldRunPluginMigrationsForRequestPath } from './lib/plugin-migration-routing.js';
-import { getFunctionsByTrigger, buildFunctionContext, getWorkerUrl } from './lib/functions.js';
-import { parseCron, matchesCron } from './lib/cron.js';
-import { parseDuration } from './lib/jwt.js';
-import { resolveStartupConfig } from './lib/startup-config.js';
-import * as authService from './lib/auth-d1-service.js';
-import { ensureAuthSchema, deleteAnon } from './lib/auth-d1.js';
-import { resolveAuthDb } from './lib/auth-db-adapter.js';
-import { resolveRootServiceKey } from './lib/service-key.js';
-import { normalizeOpenApiDocument, type OpenApiSpec } from './lib/openapi.js';
-import generatedConfig from './generated-config.js';
+import type { HonoEnv } from './lib/hono.js';
+import type { OpenApiSpec } from './lib/openapi.js';
 import type { Env } from './types.js';
-// Compile-time constant — injected by wrangler [define] in wrangler.test.toml
-declare const EDGEBASE_TEST_BUILD: boolean | undefined;
+import { ensureServerStartup } from './lib/runtime-startup.js';
 // ─── DO Re-exports (wrangler needs exports from main entry) ───
 export { DatabaseDO } from './durable-objects/database-do.js';
@@ -58,252 +10,351 @@ export { AuthDO } from './durable-objects/auth-do.js';
 export { RoomsDO } from './durable-objects/rooms-do.js';
 export { LogsDO } from './durable-objects/logs-do.js';
-try {
-  const processEnv = typeof process !== 'undefined' ? process.env : undefined;
-  // EDGEBASE_TEST_BUILD is a compile-time constant injected by wrangler [define]
-  // in wrangler.test.toml. typeof is safe for undefined identifiers.
-  const isTestBuild = typeof EDGEBASE_TEST_BUILD !== 'undefined';
-  const preferTestConfig = await detectWorkersTestRuntime() || isTestBuild;
-  const resolvedConfig = await resolveStartupConfig(
-    generatedConfig,
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    async () => import('../edgebase.test.config.ts' as any),
-    processEnv,
-    { preferTestConfig },
-  );
-  if (resolvedConfig) {
-    setConfig(resolvedConfig);
-  }
-} catch (err) {
-  console.error('[EdgeBase] Failed to initialize config at startup:', err);
-  throw err;
-}
+let appPromise: Promise<Awaited<ReturnType<typeof buildApp>>> | null = null;
+async function buildApp() {
+  await ensureServerStartup();
+  const [
+    honoModule,
+    httpExceptionModule,
+    corsModule,
+    rateLimitModule,
+    errorHandlerModule,
+    internalGuardModule,
+    authMiddlewareModule,
+    rulesMiddlewareModule,
+    loggerModule,
+    sharedModule,
+    versionModule,
+    healthRouteModule,
+    tablesRouteModule,
+    schemaRouteModule,
+    authRouteModule,
+    adminAuthRouteModule,
+    oauthRouteModule,
+    databaseLiveRouteModule,
+    storageRouteModule,
+    functionsRouteModule,
+    adminRouteModule,
+    backupRouteModule,
+    sqlRouteModule,
+    kvRouteModule,
+    d1RouteModule,
+    vectorizeRouteModule,
+    configRouteModule,
+    pushRouteModule,
+    roomRouteModule,
+    analyticsRouteModule,
+    adminAssetsModule,
+    adminRoutingModule,
+    schemasModule,
+    pluginMigrationsModule,
+    pluginMigrationRoutingModule,
+    functionsModule,
+    openApiModule,
+    doRouterModule,
+  ] = await Promise.all([
+    import('./lib/hono.js'),
+    import('hono/http-exception'),
+    import('./middleware/cors.js'),
+    import('./middleware/rate-limit.js'),
+    import('./middleware/error-handler.js'),
+    import('./middleware/internal-guard.js'),
+    import('./middleware/auth.js'),
+    import('./middleware/rules.js'),
+    import('./middleware/logger.js'),
+    import('@edge-base/shared'),
+    import('./lib/version.js'),
+    import('./routes/health.js'),
+    import('./routes/tables.js'),
+    import('./routes/schema-endpoint.js'),
+    import('./routes/auth.js'),
+    import('./routes/admin-auth.js'),
+    import('./routes/oauth.js'),
+    import('./routes/database-live.js'),
+    import('./routes/storage.js'),
+    import('./routes/functions.js'),
+    import('./routes/admin.js'),
+    import('./routes/backup.js'),
+    import('./routes/sql.js'),
+    import('./routes/kv.js'),
+    import('./routes/d1.js'),
+    import('./routes/vectorize.js'),
+    import('./routes/config.js'),
+    import('./routes/push.js'),
+    import('./routes/room.js'),
+    import('./routes/analytics-api.js'),
+    import('./lib/admin-assets.js'),
+    import('./lib/admin-routing.js'),
+    import('./lib/schemas.js'),
+    import('./lib/plugin-migrations.js'),
+    import('./lib/plugin-migration-routing.js'),
+    import('./lib/functions.js'),
+    import('./lib/openapi.js'),
+    import('./lib/do-router.js'),
+  ]);
+  const { OpenAPIHono } = honoModule;
+  const { HTTPException } = httpExceptionModule;
+  const { corsMiddleware } = corsModule;
+  const { rateLimitMiddleware } = rateLimitModule;
+  const { errorHandlerMiddleware } = errorHandlerModule;
+  const { internalGuardMiddleware } = internalGuardModule;
+  const { authMiddleware } = authMiddlewareModule;
+  const { rulesMiddleware } = rulesMiddlewareModule;
+  const { loggerMiddleware } = loggerModule;
+  const { EdgeBaseError } = sharedModule;
+  const { SERVER_VERSION } = versionModule;
+  const { createAdminAssetRequest } = adminAssetsModule;
+  const { resolveAdminFaviconTarget, resolveAdminRedirectTarget } = adminRoutingModule;
+  const { zodDefaultHook } = schemasModule;
+  const { executePluginMigrations } = pluginMigrationsModule;
+  const { shouldRunPluginMigrationsForRequestPath } = pluginMigrationRoutingModule;
+  const { getWorkerUrl } = functionsModule;
+  const { normalizeOpenApiDocument } = openApiModule;
+  const app = new OpenAPIHono<HonoEnv>({ defaultHook: zodDefaultHook });
+  app.use('*', errorHandlerMiddleware);
+  app.use('*', loggerMiddleware);
+  app.use('*', corsMiddleware);
+  app.use('*', async (c, next) => {
+    const env = c.env as Env;
+    const config = doRouterModule.parseConfig(env);
+    const requestPath = new URL(c.req.url).pathname;
+    if (config?.plugins?.length && shouldRunPluginMigrationsForRequestPath(requestPath)) {
+      await executePluginMigrations(config.plugins, env, config, getWorkerUrl(c.req.url, env));
+    }
+    return next();
+  });
-async function detectWorkersTestRuntime(): Promise<boolean> {
-  try {
-    await import('cloudflare:test');
-    return true;
-  } catch {
-    return false;
-  }
-}
+  app.use('*', rateLimitMiddleware);
+  app.use('/api/*', authMiddleware);
+  app.use('/api/db/*', rulesMiddleware);
+  app.use('/internal/*', internalGuardMiddleware);
+  app.route('/api', healthRouteModule.healthRoute);
+  app.route('/api/auth', authRouteModule.authRoute);
+  app.route('/api/auth/admin', adminAuthRouteModule.adminAuthRoute);
+  app.route('/api/auth/oauth', oauthRouteModule.oauthRoute);
+  app.route('/api/db', tablesRouteModule.tablesRoute);
+  app.route('/api/db', databaseLiveRouteModule.databaseLiveRoute);
+  app.route('/api/schema', schemaRouteModule.schemaRoute);
+  app.route('/api/storage', storageRouteModule.storageRoute);
+  app.route('/api/functions', functionsRouteModule.functionsRoute);
+  app.route('/api/sql', sqlRouteModule.sqlRoute);
+  app.route('/api/kv', kvRouteModule.kvRoute);
+  app.route('/api/d1', d1RouteModule.d1Route);
+  app.route('/api/vectorize', vectorizeRouteModule.vectorizeRoute);
+  app.route('/api/config', configRouteModule.configRoute);
+  app.route('/api/push', pushRouteModule.pushRoute);
+  app.route('/api/room', roomRouteModule.roomRoute);
+  app.route('/api/analytics', analyticsRouteModule.analyticsApi);
+  app.route('/admin/api', adminRouteModule.adminRoute);
+  app.route('/admin/api/backup', backupRouteModule.backupRoute);
+  app.get('/', (c) => {
+    const env = c.env as Env;
+    const externalAdminUrl = resolveAdminRedirectTarget(c.req.url, env.ADMIN_ORIGIN);
+    if (externalAdminUrl) {
+      return c.redirect(externalAdminUrl, 302);
+    }
+    if (env.ASSETS) {
+      return c.redirect('/admin', 302);
+    }
+    return c.json({
+      name: 'EdgeBase API',
+      docs: '/openapi.json',
+      admin: null,
+    });
+  });
-initFunctionRegistry();
+  app.get('/favicon.ico', async (c) => {
+    const env = c.env as Env;
+    const externalFaviconUrl = resolveAdminFaviconTarget(env.ADMIN_ORIGIN);
+    if (externalFaviconUrl) {
+      return c.redirect(externalFaviconUrl, 302);
+    }
-const app = new OpenAPIHono<HonoEnv>({ defaultHook: zodDefaultHook });
+    if (!env.ASSETS) {
+      return c.json({ code: 404, message: 'Admin dashboard not deployed.' }, 404);
+    }
-// ─── Global Middleware Chain ───
-// Order: Error Handler → Logger → CORS → Strip Internal Header → Rate Limit → Auth → Context → Rules
+    const url = new URL(c.req.url);
+    url.pathname = '/admin/favicon.svg';
+    return env.ASSETS.fetch(createAdminAssetRequest(new Request(url.toString(), c.req.raw)));
+  });
-app.use('*', errorHandlerMiddleware);
-app.use('*', loggerMiddleware);
-app.use('*', corsMiddleware);
+  app.get('/favicon.svg', async (c) => {
+    const env = c.env as Env;
+    const externalFaviconUrl = resolveAdminFaviconTarget(env.ADMIN_ORIGIN);
+    if (externalFaviconUrl) {
+      return c.redirect(externalFaviconUrl, 302);
+    }
-// NOTE: X-EdgeBase-Internal header stripping via c.req.raw.headers.delete() is NOT
-// possible in Workers — Request.headers are immutable. Instead, the internal guard
-// middleware below rejects any request with this header unless it comes via internal
-// stub.fetch (which is allowed by the x-internal whitelist). No stripping needed.
+    if (env.ASSETS) {
+      return env.ASSETS.fetch(c.req.raw);
+    }
-// Plugin migration middleware — lazily reconciles plugin control state before
-// routes that can execute plugin code or touch plugin-managed tables.
-app.use('*', async (c, next) => {
-  const config = parseConfig(c.env);
-  const requestPath = new URL(c.req.url).pathname;
-  if (config?.plugins?.length && shouldRunPluginMigrationsForRequestPath(requestPath)) {
-    await executePluginMigrations(config.plugins, c.env, config, getWorkerUrl(c.req.url, c.env));
-  }
-  return next();
-});
-app.use('*', rateLimitMiddleware);
-// Auth middleware — JWT verification + auth context injection (M3)
-app.use('/api/*', authMiddleware);
-// Context middleware removed — DB-level access rules (§4,) handle multi-tenancy.
-// Rules middleware — access rules evaluation (M4,)
-app.use('/api/db/*', rulesMiddleware);
-// ─── Internal Guard ───
-app.use('/internal/*', internalGuardMiddleware);
-// ─── Routes ───
-app.route('/api', healthRoute);
-app.route('/api/auth', authRoute);
-app.route('/api/auth/admin', adminAuthRoute);
-app.route('/api/auth/oauth', oauthRoute);
-app.route('/api/db', tablesRoute);
-app.route('/api/db', databaseLiveRoute);
-app.route('/api/schema', schemaRoute);
-app.route('/api/storage', storageRoute);
-app.route('/api/functions', functionsRoute);
-app.route('/api/sql', sqlRoute);
-app.route('/api/kv', kvRoute);
-app.route('/api/d1', d1Route);
-app.route('/api/vectorize', vectorizeRoute);
-app.route('/api/config', configRoute);
-app.route('/api/push', pushRoute);
-app.route('/api/room', roomRoute);
-app.route('/api/analytics', analyticsApi);
-// ─── Admin Dashboard (M12,) ───
-app.route('/admin/api', adminRoute);
-app.route('/admin/api/backup', backupRoute);
-app.get('/', (c) => {
-  const externalAdminUrl = resolveAdminRedirectTarget(c.req.url, c.env.ADMIN_ORIGIN);
-  if (externalAdminUrl) {
-    return c.redirect(externalAdminUrl, 302);
-  }
-  if (c.env.ASSETS) {
-    return c.redirect('/admin', 302);
-  }
-  return c.json({
-    name: 'EdgeBase API',
-    docs: '/openapi.json',
-    admin: null,
+    return c.json({ code: 404, message: 'Admin dashboard not deployed.' }, 404);
   });
-});
-// Admin static assets — SvelteKit SPA served via Workers Static Assets
-app.get('/favicon.ico', async (c) => {
-  const externalFaviconUrl = resolveAdminFaviconTarget(c.env.ADMIN_ORIGIN);
-  if (externalFaviconUrl) {
-    return c.redirect(externalFaviconUrl, 302);
-  }
+  app.get('/_app/*', async (c) => {
+    const env = c.env as Env;
+    if (env.ASSETS) {
+      return env.ASSETS.fetch(c.req.raw);
+    }
-  if (!c.env.ASSETS) {
     return c.json({ code: 404, message: 'Admin dashboard not deployed.' }, 404);
-  }
+  });
-  const url = new URL(c.req.url);
-  url.pathname = '/admin/favicon.svg';
-  return c.env.ASSETS.fetch(createAdminAssetRequest(new Request(url.toString(), c.req.raw)));
-});
+  app.get('/admin/*', async (c) => {
+    const env = c.env as Env;
+    const externalAdminUrl = resolveAdminRedirectTarget(c.req.url, env.ADMIN_ORIGIN);
+    if (externalAdminUrl) {
+      return c.redirect(externalAdminUrl, 302);
+    }
+    if (env.ASSETS) {
+      return env.ASSETS.fetch(createAdminAssetRequest(c.req.raw));
+    }
+    return c.json({ code: 404, message: 'Admin dashboard not deployed.' }, 404);
+  });
-app.get('/favicon.svg', async (c) => {
-  const externalFaviconUrl = resolveAdminFaviconTarget(c.env.ADMIN_ORIGIN);
-  if (externalFaviconUrl) {
-    return c.redirect(externalFaviconUrl, 302);
-  }
+  app.get('/admin', async (c) => {
+    const env = c.env as Env;
+    const externalAdminUrl = resolveAdminRedirectTarget(c.req.url, env.ADMIN_ORIGIN);
+    if (externalAdminUrl) {
+      return c.redirect(externalAdminUrl, 302);
+    }
+    if (env.ASSETS) {
+      return env.ASSETS.fetch(createAdminAssetRequest(c.req.raw));
+    }
+    return c.json({ code: 404, message: 'Admin dashboard not deployed.' }, 404);
+  });
-  if (c.env.ASSETS) {
-    return c.env.ASSETS.fetch(c.req.raw);
-  }
+  app.get('/harness', (c) => {
+    return c.redirect('/harness/', 302);
+  });
-  return c.json({ code: 404, message: 'Admin dashboard not deployed.' }, 404);
-});
+  app.get('/harness/', async (c) => {
+    const env = c.env as Env;
+    if (env.ASSETS) {
+      return env.ASSETS.fetch(c.req.raw);
+    }
+    return c.json({ code: 404, message: 'Harness assets not deployed.' }, 404);
+  });
-app.get('/_app/*', async (c) => {
-  if (c.env.ASSETS) {
-    return c.env.ASSETS.fetch(c.req.raw);
-  }
+  app.get('/harness/assets/*', async (c) => {
+    const env = c.env as Env;
+    if (env.ASSETS) {
+      return env.ASSETS.fetch(c.req.raw);
+    }
+    return c.json({ code: 404, message: 'Harness assets not deployed.' }, 404);
+  });
-  return c.json({ code: 404, message: 'Admin dashboard not deployed.' }, 404);
-});
+  app.get('/harness/*', (c) => {
+    return c.redirect('/harness/', 302);
+  });
-app.get('/admin/*', async (c) => {
-  const externalAdminUrl = resolveAdminRedirectTarget(c.req.url, c.env.ADMIN_ORIGIN);
-  if (externalAdminUrl) {
-    return c.redirect(externalAdminUrl, 302);
-  }
-  if (c.env.ASSETS) {
-    return c.env.ASSETS.fetch(createAdminAssetRequest(c.req.raw));
-  }
-  return c.json({ code: 404, message: 'Admin dashboard not deployed.' }, 404);
-});
-app.get('/admin', async (c) => {
-  const externalAdminUrl = resolveAdminRedirectTarget(c.req.url, c.env.ADMIN_ORIGIN);
-  if (externalAdminUrl) {
-    return c.redirect(externalAdminUrl, 302);
-  }
-  if (c.env.ASSETS) {
-    return c.env.ASSETS.fetch(createAdminAssetRequest(c.req.raw));
-  }
-  return c.json({ code: 404, message: 'Admin dashboard not deployed.' }, 404);
-});
-app.get('/harness', (c) => {
-  return c.redirect('/harness/', 302);
-});
-app.get('/harness/', async (c) => {
-  if (c.env.ASSETS) {
-    return c.env.ASSETS.fetch(c.req.raw);
-  }
-  return c.json({ code: 404, message: 'Harness assets not deployed.' }, 404);
-});
-app.get('/harness/assets/*', async (c) => {
-  if (c.env.ASSETS) {
-    return c.env.ASSETS.fetch(c.req.raw);
-  }
-  return c.json({ code: 404, message: 'Harness assets not deployed.' }, 404);
-});
-app.get('/harness/*', (c) => {
-  return c.redirect('/harness/', 302);
-});
-// ─── OpenAPI Spec ───
-app.get('/openapi.json', (c) => {
-  const spec = app.getOpenAPI31Document({
-    openapi: '3.1.0',
-    info: { title: 'EdgeBase API', version: SERVER_VERSION },
+  app.get('/openapi.json', (c) => {
+    const spec = app.getOpenAPI31Document({
+      openapi: '3.1.0',
+      info: { title: 'EdgeBase API', version: SERVER_VERSION },
+    });
+    return c.json(normalizeOpenApiDocument(spec as OpenApiSpec, new URL(c.req.url).origin));
   });
-  return c.json(normalizeOpenApiDocument(spec as OpenApiSpec, new URL(c.req.url).origin));
-});
-// ─── 404 Fallback ───
-app.notFound((c) => {
-  return c.json({ code: 404, message: 'Not found.' }, 404);
-});
-// ─── Hono-level onError (safety net for Workers cross-module instanceof issues) ───
-app.onError((err, c) => {
-  if (err instanceof SyntaxError) {
-    return c.json(
-      {
-        code: 400,
-        message: 'Invalid JSON payload. Please ensure your request body is valid JSON.',
-      },
-      400,
-    );
-  }
-  if (err instanceof EdgeBaseError) {
-    return c.json(err.toJSON(), err.code as 400);
-  }
-  // Hono HTTPException (thrown by @hono/zod-openapi validators on malformed JSON, etc.)
-  if (err instanceof HTTPException) {
-    return c.json({ code: err.status, message: err.message }, err.status as 400);
-  }
-  // Duck-type fallback
-  const e = err as unknown as Record<string, unknown>;
-  if (
-    typeof e.code === 'number' &&
-    e.code >= 400 &&
-    e.code < 600 &&
-    typeof e.message === 'string'
-  ) {
-    const body: { code: number; message: string; data?: unknown } = {
-      code: e.code as number,
-      message: e.message as string,
-    };
-    if (e.data) body.data = e.data;
-    return c.json(body, e.code as number as 400);
+  app.notFound((c) => {
+    return c.json({ code: 404, message: 'Not found.' }, 404);
+  });
+  app.onError((err, c) => {
+    if (err instanceof SyntaxError) {
+      return c.json(
+        {
+          code: 400,
+          message: 'Invalid JSON payload. Please ensure your request body is valid JSON.',
+        },
+        400,
+      );
+    }
+    if (err instanceof EdgeBaseError) {
+      return c.json(err.toJSON(), err.code as 400);
+    }
+    if (err instanceof HTTPException) {
+      return c.json({ code: err.status, message: err.message }, err.status as 400);
+    }
+    const e = err as unknown as Record<string, unknown>;
+    if (
+      typeof e.code === 'number' &&
+      e.code >= 400 &&
+      e.code < 600 &&
+      typeof e.message === 'string'
+    ) {
+      const body: { code: number; message: string; data?: unknown } = {
+        code: e.code as number,
+        message: e.message as string,
+      };
+      if (e.data) body.data = e.data;
+      return c.json(body, e.code as number as 400);
+    }
+    console.error('Unhandled error:', err);
+    return c.json({ code: 500, message: 'Internal server error.' }, 500);
+  });
+  return app;
+}
+async function getApp() {
+  if (!appPromise) {
+    appPromise = buildApp();
   }
-  console.error('Unhandled error:', err);
-  return c.json({ code: 500, message: 'Internal server error.' }, 500);
-});
+  return appPromise;
+}
 export default {
-  fetch: app.fetch,
+  async fetch(request: Request, env: Env, ctx: ExecutionContext): Promise<Response> {
+    const app = await getApp();
+    return app.fetch(request, env, ctx);
+  },
-  /**
-   * Cloudflare Cron Triggers — replaces db:_system alarm-based scheduling.
-   * CLI generates [triggers] section in wrangler.toml from config schedule functions.
-   */
   async scheduled(event: ScheduledEvent, env: Env, ctx: ExecutionContext): Promise<void> {
-    const config = parseConfig(env);
+    await ensureServerStartup();
+    const [
+      pluginMigrationsModule,
+      functionsModule,
+      cronModule,
+      jwtModule,
+      authServiceModule,
+      authD1Module,
+      authDbAdapterModule,
+      serviceKeyModule,
+      doRouterModule,
+    ] = await Promise.all([
+      import('./lib/plugin-migrations.js'),
+      import('./lib/functions.js'),
+      import('./lib/cron.js'),
+      import('./lib/jwt.js'),
+      import('./lib/auth-d1-service.js'),
+      import('./lib/auth-d1.js'),
+      import('./lib/auth-db-adapter.js'),
+      import('./lib/service-key.js'),
+      import('./lib/do-router.js'),
+    ]);
+    const { executePluginMigrations } = pluginMigrationsModule;
+    const { getFunctionsByTrigger, buildFunctionContext, getWorkerUrl } = functionsModule;
+    const { parseCron, matchesCron } = cronModule;
+    const { parseDuration } = jwtModule;
+    const { ensureAuthSchema, deleteAnon } = authD1Module;
+    const { resolveAuthDb } = authDbAdapterModule;
+    const { resolveRootServiceKey } = serviceKeyModule;
+    const config = doRouterModule.parseConfig(env);
     if (config.plugins?.length) {
       await executePluginMigrations(
         config.plugins,
@@ -315,23 +366,18 @@ export default {
     const scheduleFns = getFunctionsByTrigger('schedule');
     const now = new Date(event.scheduledTime);
-    // Schedule function timeout (default: 10s)
     const timeoutStr = config.functions?.scheduleFunctionTimeout ?? '10s';
     const timeoutMs = parseDuration(timeoutStr) * 1000;
-    // ── System cron: session cleanup + anonymous account cleanup ──
     ctx.waitUntil(
       (async () => {
         try {
           const authDb = resolveAuthDb(env as unknown as Record<string, unknown>);
           await ensureAuthSchema(authDb);
-          // Clean expired sessions
-          await authService.cleanExpiredSessions(authDb);
-          // Clean stale anonymous accounts
+          await authServiceModule.cleanExpiredSessions(authDb);
           if (config?.auth?.anonymousAuth) {
             const retentionDays = config.auth.anonymousRetentionDays ?? 30;
-            const deletedIds = await authService.cleanStaleAnonymousAccounts(authDb, retentionDays);
+            const deletedIds = await authServiceModule.cleanStaleAnonymousAccounts(authDb, retentionDays);
             for (const id of deletedIds) {
               await deleteAnon(authDb, id).catch(() => {});
             }
@@ -351,7 +397,7 @@ export default {
         if (!matchesCron(now, schedule)) continue;
         const fnCtx = buildFunctionContext({
-          request: new Request('http://internal/schedule/' + name),
+          request: new Request(`http://internal/schedule/${name}`),
           auth: null,
           databaseNamespace: env.DATABASE,
           authNamespace: env.AUTH,