@emdash-cms/cloudflare 0.0.1

package/dist/sandbox/index.mjs

@@ -0,0 +1,945 @@
+import { WorkerEntrypoint, env, exports } from "cloudflare:workers";
+import { ulid } from "emdash";
+
+//#region src/sandbox/bridge.ts
+/**
+* PluginBridge WorkerEntrypoint
+*
+* Provides controlled access to database operations for sandboxed plugins.
+* The sandbox gets a SERVICE BINDING to this entrypoint, not direct DB access.
+* All operations are validated and scoped to the plugin.
+*
+*/
+/** Regex to validate collection names (prevent SQL injection) */
+const COLLECTION_NAME_REGEX = /^[a-z][a-z0-9_]*$/;
+/** Regex to validate file extensions (simple alphanumeric, 1-10 chars) */
+const FILE_EXT_REGEX = /^\.[a-z0-9]{1,10}$/i;
+/** System columns that plugins cannot directly write to */
+const SYSTEM_COLUMNS = new Set([
+	"id",
+	"slug",
+	"status",
+	"author_id",
+	"created_at",
+	"updated_at",
+	"published_at",
+	"scheduled_at",
+	"deleted_at",
+	"version",
+	"live_revision_id",
+	"draft_revision_id"
+]);
+/**
+* Module-level email send callback.
+*
+* The bridge runs in the host process (same worker), so we can use a
+* module-level callback that the runner sets before creating bridge bindings.
+* This avoids the need to pass non-serializable functions through props.
+*
+* @see runner.ts setEmailSendCallback()
+*/
+let emailSendCallback = null;
+/**
+* Set the email send callback for all bridge instances.
+* Called by the runner when the EmailPipeline is available.
+*/
+function setEmailSendCallback(callback) {
+	emailSendCallback = callback;
+}
+/**
+* Serialize a value for D1 storage.
+* Mirrors core's serializeValue: objects/arrays → JSON strings,
+* booleans → 0/1, null/undefined → null, everything else passthrough.
+*/
+function serializeValue(value) {
+	if (value === null || value === void 0) return null;
+	if (typeof value === "boolean") return value ? 1 : 0;
+	if (typeof value === "object") return JSON.stringify(value);
+	return value;
+}
+/**
+* Deserialize a row from D1 into a content response shape.
+* Extracts system columns and bundles remaining columns into data.
+*/
+/**
+* Deserialize a row from D1 into a ContentItem matching core's plugin API.
+* Extracts system columns, deserializes JSON fields, and returns the
+* canonical shape: { id, type, data, createdAt, updatedAt }.
+*/
+function rowToContentItem(collection, row) {
+	const data = {};
+	for (const [key, value] of Object.entries(row)) if (!SYSTEM_COLUMNS.has(key)) {
+		if (typeof value === "string" && (value.startsWith("{") || value.startsWith("["))) try {
+			data[key] = JSON.parse(value);
+		} catch {
+			data[key] = value;
+		}
+		else if (value !== null) data[key] = value;
+	}
+	return {
+		id: typeof row.id === "string" ? row.id : String(row.id),
+		type: collection,
+		data,
+		createdAt: typeof row.created_at === "string" ? row.created_at : (/* @__PURE__ */ new Date()).toISOString(),
+		updatedAt: typeof row.updated_at === "string" ? row.updated_at : (/* @__PURE__ */ new Date()).toISOString()
+	};
+}
+/**
+* PluginBridge WorkerEntrypoint
+*
+* Provides the context API to sandboxed plugins via RPC.
+* All methods validate capabilities and scope operations to the plugin.
+*
+* Usage:
+* 1. Export this class from your worker entrypoint
+* 2. Sandboxed plugins get a binding to it via ctx.exports.PluginBridge({...})
+* 3. Plugins call bridge methods which validate and proxy to the database
+*/
+var PluginBridge = class extends WorkerEntrypoint {
+	/**
+	* KV operations use _plugin_storage with a special "__kv" collection.
+	* This provides consistent storage across sandboxed and non-sandboxed modes.
+	*/
+	async kvGet(key) {
+		const { pluginId } = this.ctx.props;
+		const result = await this.env.DB.prepare("SELECT data FROM _plugin_storage WHERE plugin_id = ? AND collection = '__kv' AND id = ?").bind(pluginId, key).first();
+		if (!result) return null;
+		try {
+			return JSON.parse(result.data);
+		} catch {
+			return result.data;
+		}
+	}
+	async kvSet(key, value) {
+		const { pluginId } = this.ctx.props;
+		await this.env.DB.prepare("INSERT OR REPLACE INTO _plugin_storage (plugin_id, collection, id, data, updated_at) VALUES (?, '__kv', ?, ?, datetime('now'))").bind(pluginId, key, JSON.stringify(value)).run();
+	}
+	async kvDelete(key) {
+		const { pluginId } = this.ctx.props;
+		return ((await this.env.DB.prepare("DELETE FROM _plugin_storage WHERE plugin_id = ? AND collection = '__kv' AND id = ?").bind(pluginId, key).run()).meta?.changes ?? 0) > 0;
+	}
+	async kvList(prefix = "") {
+		const { pluginId } = this.ctx.props;
+		return ((await this.env.DB.prepare("SELECT id, data FROM _plugin_storage WHERE plugin_id = ? AND collection = '__kv' AND id LIKE ?").bind(pluginId, prefix + "%").all()).results ?? []).map((row) => ({
+			key: row.id,
+			value: JSON.parse(row.data)
+		}));
+	}
+	async storageGet(collection, id) {
+		const { pluginId, storageCollections } = this.ctx.props;
+		if (!storageCollections.includes(collection)) throw new Error(`Storage collection not declared: ${collection}`);
+		const result = await this.env.DB.prepare("SELECT data FROM _plugin_storage WHERE plugin_id = ? AND collection = ? AND id = ?").bind(pluginId, collection, id).first();
+		if (!result) return null;
+		return JSON.parse(result.data);
+	}
+	async storagePut(collection, id, data) {
+		const { pluginId, storageCollections } = this.ctx.props;
+		if (!storageCollections.includes(collection)) throw new Error(`Storage collection not declared: ${collection}`);
+		await this.env.DB.prepare("INSERT OR REPLACE INTO _plugin_storage (plugin_id, collection, id, data, updated_at) VALUES (?, ?, ?, ?, datetime('now'))").bind(pluginId, collection, id, JSON.stringify(data)).run();
+	}
+	async storageDelete(collection, id) {
+		const { pluginId, storageCollections } = this.ctx.props;
+		if (!storageCollections.includes(collection)) throw new Error(`Storage collection not declared: ${collection}`);
+		return ((await this.env.DB.prepare("DELETE FROM _plugin_storage WHERE plugin_id = ? AND collection = ? AND id = ?").bind(pluginId, collection, id).run()).meta?.changes ?? 0) > 0;
+	}
+	async storageQuery(collection, opts = {}) {
+		const { pluginId, storageCollections } = this.ctx.props;
+		if (!storageCollections.includes(collection)) throw new Error(`Storage collection not declared: ${collection}`);
+		const limit = Math.min(opts.limit ?? 50, 1e3);
+		const results = await this.env.DB.prepare("SELECT id, data FROM _plugin_storage WHERE plugin_id = ? AND collection = ? LIMIT ?").bind(pluginId, collection, limit + 1).all();
+		const items = (results.results ?? []).slice(0, limit).map((row) => ({
+			id: row.id,
+			data: JSON.parse(row.data)
+		}));
+		return {
+			items,
+			hasMore: (results.results ?? []).length > limit,
+			cursor: items.length > 0 ? items.at(-1).id : void 0
+		};
+	}
+	async storageCount(collection) {
+		const { pluginId, storageCollections } = this.ctx.props;
+		if (!storageCollections.includes(collection)) throw new Error(`Storage collection not declared: ${collection}`);
+		return (await this.env.DB.prepare("SELECT COUNT(*) as count FROM _plugin_storage WHERE plugin_id = ? AND collection = ?").bind(pluginId, collection).first())?.count ?? 0;
+	}
+	async storageGetMany(collection, ids) {
+		const { pluginId, storageCollections } = this.ctx.props;
+		if (!storageCollections.includes(collection)) throw new Error(`Storage collection not declared: ${collection}`);
+		if (ids.length === 0) return /* @__PURE__ */ new Map();
+		const placeholders = ids.map(() => "?").join(",");
+		const results = await this.env.DB.prepare(`SELECT id, data FROM _plugin_storage WHERE plugin_id = ? AND collection = ? AND id IN (${placeholders})`).bind(pluginId, collection, ...ids).all();
+		const map = /* @__PURE__ */ new Map();
+		for (const row of results.results ?? []) map.set(row.id, JSON.parse(row.data));
+		return map;
+	}
+	async storagePutMany(collection, items) {
+		const { pluginId, storageCollections } = this.ctx.props;
+		if (!storageCollections.includes(collection)) throw new Error(`Storage collection not declared: ${collection}`);
+		if (items.length === 0) return;
+		for (const item of items) await this.env.DB.prepare("INSERT OR REPLACE INTO _plugin_storage (plugin_id, collection, id, data, updated_at) VALUES (?, ?, ?, ?, datetime('now'))").bind(pluginId, collection, item.id, JSON.stringify(item.data)).run();
+	}
+	async storageDeleteMany(collection, ids) {
+		const { pluginId, storageCollections } = this.ctx.props;
+		if (!storageCollections.includes(collection)) throw new Error(`Storage collection not declared: ${collection}`);
+		if (ids.length === 0) return 0;
+		let deleted = 0;
+		for (const id of ids) {
+			const result = await this.env.DB.prepare("DELETE FROM _plugin_storage WHERE plugin_id = ? AND collection = ? AND id = ?").bind(pluginId, collection, id).run();
+			deleted += result.meta?.changes ?? 0;
+		}
+		return deleted;
+	}
+	async contentGet(collection, id) {
+		const { capabilities } = this.ctx.props;
+		if (!capabilities.includes("read:content")) throw new Error("Missing capability: read:content");
+		if (!COLLECTION_NAME_REGEX.test(collection)) throw new Error(`Invalid collection name: ${collection}`);
+		try {
+			const result = await this.env.DB.prepare(`SELECT * FROM ec_${collection} WHERE id = ? AND deleted_at IS NULL`).bind(id).first();
+			if (!result) return null;
+			return rowToContentItem(collection, result);
+		} catch {
+			return null;
+		}
+	}
+	async contentList(collection, opts = {}) {
+		const { capabilities } = this.ctx.props;
+		if (!capabilities.includes("read:content")) throw new Error("Missing capability: read:content");
+		if (!COLLECTION_NAME_REGEX.test(collection)) throw new Error(`Invalid collection name: ${collection}`);
+		const limit = Math.min(opts.limit ?? 50, 100);
+		try {
+			let sql = `SELECT * FROM ec_${collection} WHERE deleted_at IS NULL`;
+			const params = [];
+			if (opts.cursor) {
+				sql += " AND id < ?";
+				params.push(opts.cursor);
+			}
+			sql += " ORDER BY id DESC LIMIT ?";
+			params.push(limit + 1);
+			const rows = (await this.env.DB.prepare(sql).bind(...params).all()).results ?? [];
+			const items = rows.slice(0, limit).map((row) => rowToContentItem(collection, row));
+			const hasMore = rows.length > limit;
+			return {
+				items,
+				cursor: hasMore && items.length > 0 ? items.at(-1).id : void 0,
+				hasMore
+			};
+		} catch {
+			return {
+				items: [],
+				hasMore: false
+			};
+		}
+	}
+	async contentCreate(collection, data) {
+		const { capabilities } = this.ctx.props;
+		if (!capabilities.includes("write:content")) throw new Error("Missing capability: write:content");
+		if (!COLLECTION_NAME_REGEX.test(collection)) throw new Error(`Invalid collection name: ${collection}`);
+		const id = ulid();
+		const now = (/* @__PURE__ */ new Date()).toISOString();
+		const columns = [
+			"\"id\"",
+			"\"slug\"",
+			"\"status\"",
+			"\"author_id\"",
+			"\"created_at\"",
+			"\"updated_at\"",
+			"\"version\""
+		];
+		const values = [
+			id,
+			typeof data.slug === "string" ? data.slug : null,
+			typeof data.status === "string" ? data.status : "draft",
+			typeof data.author_id === "string" ? data.author_id : null,
+			now,
+			now,
+			1
+		];
+		for (const [key, value] of Object.entries(data)) if (!SYSTEM_COLUMNS.has(key) && COLLECTION_NAME_REGEX.test(key)) {
+			columns.push(`"${key}"`);
+			values.push(serializeValue(value));
+		}
+		const placeholders = columns.map(() => "?").join(", ");
+		const columnList = columns.join(", ");
+		await this.env.DB.prepare(`INSERT INTO ec_${collection} (${columnList}) VALUES (${placeholders})`).bind(...values).run();
+		const created = await this.env.DB.prepare(`SELECT * FROM ec_${collection} WHERE id = ? AND deleted_at IS NULL`).bind(id).first();
+		if (!created) return {
+			id,
+			type: collection,
+			data: {},
+			createdAt: now,
+			updatedAt: now
+		};
+		return rowToContentItem(collection, created);
+	}
+	async contentUpdate(collection, id, data) {
+		const { capabilities } = this.ctx.props;
+		if (!capabilities.includes("write:content")) throw new Error("Missing capability: write:content");
+		if (!COLLECTION_NAME_REGEX.test(collection)) throw new Error(`Invalid collection name: ${collection}`);
+		const now = (/* @__PURE__ */ new Date()).toISOString();
+		const setClauses = ["\"updated_at\" = ?", "\"version\" = \"version\" + 1"];
+		const values = [now];
+		if (typeof data.status === "string") {
+			setClauses.push("\"status\" = ?");
+			values.push(data.status);
+		}
+		if (data.slug !== void 0) {
+			setClauses.push("\"slug\" = ?");
+			values.push(typeof data.slug === "string" ? data.slug : null);
+		}
+		for (const [key, value] of Object.entries(data)) if (!SYSTEM_COLUMNS.has(key) && COLLECTION_NAME_REGEX.test(key)) {
+			setClauses.push(`"${key}" = ?`);
+			values.push(serializeValue(value));
+		}
+		values.push(id);
+		if (((await this.env.DB.prepare(`UPDATE ec_${collection} SET ${setClauses.join(", ")} WHERE "id" = ? AND "deleted_at" IS NULL`).bind(...values).run()).meta?.changes ?? 0) === 0) throw new Error(`Content not found or deleted: ${collection}/${id}`);
+		const updated = await this.env.DB.prepare(`SELECT * FROM ec_${collection} WHERE id = ? AND deleted_at IS NULL`).bind(id).first();
+		if (!updated) throw new Error(`Content not found: ${collection}/${id}`);
+		return rowToContentItem(collection, updated);
+	}
+	async contentDelete(collection, id) {
+		const { capabilities } = this.ctx.props;
+		if (!capabilities.includes("write:content")) throw new Error("Missing capability: write:content");
+		if (!COLLECTION_NAME_REGEX.test(collection)) throw new Error(`Invalid collection name: ${collection}`);
+		const now = (/* @__PURE__ */ new Date()).toISOString();
+		return ((await this.env.DB.prepare(`UPDATE ec_${collection} SET deleted_at = ?, updated_at = ? WHERE id = ? AND deleted_at IS NULL`).bind(now, now, id).run()).meta?.changes ?? 0) > 0;
+	}
+	async mediaGet(id) {
+		const { capabilities } = this.ctx.props;
+		if (!capabilities.includes("read:media")) throw new Error("Missing capability: read:media");
+		const result = await this.env.DB.prepare("SELECT * FROM media WHERE id = ?").bind(id).first();
+		if (!result) return null;
+		return {
+			id: result.id,
+			filename: result.filename,
+			mimeType: result.mime_type,
+			size: result.size,
+			url: `/_emdash/api/media/file/${result.storage_key}`,
+			createdAt: result.created_at
+		};
+	}
+	async mediaList(opts = {}) {
+		const { capabilities } = this.ctx.props;
+		if (!capabilities.includes("read:media")) throw new Error("Missing capability: read:media");
+		const limit = Math.min(opts.limit ?? 50, 100);
+		let sql = "SELECT * FROM media WHERE status = 'ready'";
+		const params = [];
+		if (opts.mimeType) {
+			sql += " AND mime_type LIKE ?";
+			params.push(opts.mimeType + "%");
+		}
+		if (opts.cursor) {
+			sql += " AND id < ?";
+			params.push(opts.cursor);
+		}
+		sql += " ORDER BY id DESC LIMIT ?";
+		params.push(limit + 1);
+		const rows = (await this.env.DB.prepare(sql).bind(...params).all()).results ?? [];
+		const items = rows.slice(0, limit).map((row) => ({
+			id: row.id,
+			filename: row.filename,
+			mimeType: row.mime_type,
+			size: row.size,
+			url: `/_emdash/api/media/file/${row.storage_key}`,
+			createdAt: row.created_at
+		}));
+		const hasMore = rows.length > limit;
+		return {
+			items,
+			cursor: hasMore && items.length > 0 ? items.at(-1).id : void 0,
+			hasMore
+		};
+	}
+	/**
+	* Create a pending media record and write bytes directly to R2.
+	*
+	* Unlike the admin UI flow (presigned URL → client PUT → confirm), sandboxed
+	* plugins are network-isolated and can't make external requests. The bridge
+	* accepts the file bytes directly and writes them to storage.
+	*
+	* Returns the media ID, storage key, and confirm URL. The plugin should
+	* call the confirm endpoint after this to finalize the record.
+	*/
+	async mediaUpload(filename, contentType, bytes) {
+		const { capabilities } = this.ctx.props;
+		if (!capabilities.includes("write:media")) throw new Error("Missing capability: write:media");
+		if (!this.env.MEDIA) throw new Error("Media storage (R2) not configured. Add MEDIA binding to wrangler config.");
+		if (![
+			"image/",
+			"video/",
+			"audio/",
+			"application/pdf"
+		].some((prefix) => contentType.startsWith(prefix))) throw new Error(`Unsupported content type: ${contentType}. Allowed: image/*, video/*, audio/*, application/pdf`);
+		const mediaId = ulid();
+		const basename = filename.includes("/") ? filename.slice(filename.lastIndexOf("/") + 1) : filename;
+		const rawExt = basename.includes(".") ? basename.slice(basename.lastIndexOf(".")) : "";
+		const storageKey = `${mediaId}${FILE_EXT_REGEX.test(rawExt) ? rawExt : ""}`;
+		const now = (/* @__PURE__ */ new Date()).toISOString();
+		await this.env.MEDIA.put(storageKey, bytes, { httpMetadata: { contentType } });
+		try {
+			await this.env.DB.prepare("INSERT INTO media (id, filename, mime_type, size, storage_key, status, created_at) VALUES (?, ?, ?, ?, ?, 'ready', ?)").bind(mediaId, filename, contentType, bytes.byteLength, storageKey, now).run();
+		} catch (error) {
+			try {
+				await this.env.MEDIA.delete(storageKey);
+			} catch {
+				console.warn(`[plugin-bridge] Failed to clean up orphaned R2 object: ${storageKey}`);
+			}
+			throw error;
+		}
+		return {
+			mediaId,
+			storageKey,
+			url: `/_emdash/api/media/file/${storageKey}`
+		};
+	}
+	async mediaDelete(id) {
+		const { capabilities } = this.ctx.props;
+		if (!capabilities.includes("write:media")) throw new Error("Missing capability: write:media");
+		const media = await this.env.DB.prepare("SELECT storage_key FROM media WHERE id = ?").bind(id).first();
+		if (!media) return false;
+		const result = await this.env.DB.prepare("DELETE FROM media WHERE id = ?").bind(id).run();
+		if (this.env.MEDIA && media.storage_key) try {
+			await this.env.MEDIA.delete(media.storage_key);
+		} catch {
+			console.warn(`[plugin-bridge] Failed to delete R2 object: ${media.storage_key}`);
+		}
+		return (result.meta?.changes ?? 0) > 0;
+	}
+	async httpFetch(url, init) {
+		const { capabilities, allowedHosts } = this.ctx.props;
+		const hasUnrestricted = capabilities.includes("network:fetch:any");
+		if (!(capabilities.includes("network:fetch") || hasUnrestricted)) throw new Error("Missing capability: network:fetch");
+		if (!hasUnrestricted) {
+			const host = new URL(url).host;
+			if (allowedHosts.length === 0) throw new Error(`Plugin has no allowed hosts configured. Add hosts to allowedHosts to enable HTTP requests.`);
+			if (!allowedHosts.some((pattern) => {
+				if (pattern.startsWith("*.")) return host.endsWith(pattern.slice(1)) || host === pattern.slice(2);
+				return host === pattern;
+			})) throw new Error(`Host not allowed: ${host}. Allowed: ${allowedHosts.join(", ")}`);
+		}
+		const response = await fetch(url, init);
+		const headers = {};
+		response.headers.forEach((value, key) => {
+			headers[key] = value;
+		});
+		return {
+			status: response.status,
+			headers,
+			text: await response.text()
+		};
+	}
+	async userGet(id) {
+		const { capabilities } = this.ctx.props;
+		if (!capabilities.includes("read:users")) throw new Error("Missing capability: read:users");
+		const result = await this.env.DB.prepare("SELECT id, email, name, role, created_at FROM users WHERE id = ?").bind(id).first();
+		if (!result) return null;
+		return {
+			id: result.id,
+			email: result.email,
+			name: result.name,
+			role: result.role,
+			createdAt: result.created_at
+		};
+	}
+	async userGetByEmail(email) {
+		const { capabilities } = this.ctx.props;
+		if (!capabilities.includes("read:users")) throw new Error("Missing capability: read:users");
+		const result = await this.env.DB.prepare("SELECT id, email, name, role, created_at FROM users WHERE email = ?").bind(email.toLowerCase()).first();
+		if (!result) return null;
+		return {
+			id: result.id,
+			email: result.email,
+			name: result.name,
+			role: result.role,
+			createdAt: result.created_at
+		};
+	}
+	async userList(opts) {
+		const { capabilities } = this.ctx.props;
+		if (!capabilities.includes("read:users")) throw new Error("Missing capability: read:users");
+		const limit = Math.max(1, Math.min(opts?.limit ?? 50, 100));
+		let sql = "SELECT id, email, name, role, created_at FROM users";
+		const params = [];
+		const conditions = [];
+		if (opts?.role !== void 0) {
+			conditions.push("role = ?");
+			params.push(opts.role);
+		}
+		if (opts?.cursor) {
+			conditions.push("id < ?");
+			params.push(opts.cursor);
+		}
+		if (conditions.length > 0) sql += ` WHERE ${conditions.join(" AND ")}`;
+		sql += " ORDER BY id DESC LIMIT ?";
+		params.push(limit + 1);
+		const rows = (await this.env.DB.prepare(sql).bind(...params).all()).results ?? [];
+		const items = rows.slice(0, limit).map((row) => ({
+			id: row.id,
+			email: row.email,
+			name: row.name,
+			role: row.role,
+			createdAt: row.created_at
+		}));
+		return {
+			items,
+			nextCursor: rows.length > limit && items.length > 0 ? items.at(-1).id : void 0
+		};
+	}
+	async emailSend(message) {
+		const { capabilities, pluginId } = this.ctx.props;
+		if (!capabilities.includes("email:send")) throw new Error("Missing capability: email:send");
+		if (!emailSendCallback) throw new Error("Email is not configured. No email provider is available.");
+		await emailSendCallback(message, pluginId);
+	}
+	log(level, msg, data) {
+		const { pluginId } = this.ctx.props;
+		console[level](`[plugin:${pluginId}]`, msg, data ?? "");
+	}
+};
+
+//#endregion
+//#region src/sandbox/wrapper.ts
+const TRAILING_SLASH_RE = /\/$/;
+const NEWLINE_RE = /[\n\r]/g;
+const COMMENT_CLOSE_RE = /\*\//g;
+function generatePluginWrapper(manifest, options) {
+	const storageCollections = Object.keys(manifest.storage || {});
+	const site = options?.site ?? {
+		name: "",
+		url: "",
+		locale: "en"
+	};
+	const hasReadUsers = manifest.capabilities.includes("read:users");
+	const hasEmailSend = manifest.capabilities.includes("email:send");
+	return `
+// =============================================================================
+// Sandboxed Plugin Wrapper
+// Generated by @emdash-cms/cloudflare
+// Plugin: ${sanitizeComment(manifest.id)}@${sanitizeComment(manifest.version)}
+// =============================================================================
+
+import { WorkerEntrypoint } from "cloudflare:workers";
+
+// Plugin code lives in a separate module for scope isolation
+import pluginModule from "sandbox-plugin.js";
+
+// Extract hooks and routes from the plugin module
+const hooks = pluginModule?.hooks || pluginModule?.default?.hooks || {};
+const routes = pluginModule?.routes || pluginModule?.default?.routes || {};
+
+// -----------------------------------------------------------------------------
+// Context Factory - creates ctx that proxies to BRIDGE
+// -----------------------------------------------------------------------------
+
+function createContext(env) {
+	const bridge = env.BRIDGE;
+	const storageCollections = ${JSON.stringify(storageCollections)};
+	
+	// KV - proxies to bridge.kvGet/Set/Delete/List
+	const kv = {
+		get: (key) => bridge.kvGet(key),
+		set: (key, value) => bridge.kvSet(key, value),
+		delete: (key) => bridge.kvDelete(key),
+		list: (prefix) => bridge.kvList(prefix)
+	};
+	
+	// Storage collection factory
+	function createStorageCollection(collectionName) {
+		return {
+			get: (id) => bridge.storageGet(collectionName, id),
+			put: (id, data) => bridge.storagePut(collectionName, id, data),
+			delete: (id) => bridge.storageDelete(collectionName, id),
+			exists: async (id) => (await bridge.storageGet(collectionName, id)) !== null,
+			query: (opts) => bridge.storageQuery(collectionName, opts),
+			count: (where) => bridge.storageCount(collectionName, where),
+			getMany: (ids) => bridge.storageGetMany(collectionName, ids),
+			putMany: (items) => bridge.storagePutMany(collectionName, items),
+			deleteMany: (ids) => bridge.storageDeleteMany(collectionName, ids)
+		};
+	}
+	
+	// Storage proxy that creates collections on access
+	const storage = new Proxy({}, {
+		get(_, collectionName) {
+			if (typeof collectionName !== "string") return undefined;
+			return createStorageCollection(collectionName);
+		}
+	});
+	
+	// Content access - proxies to bridge (capability enforced by bridge)
+	const content = {
+		get: (collection, id) => bridge.contentGet(collection, id),
+		list: (collection, opts) => bridge.contentList(collection, opts),
+		create: (collection, data) => bridge.contentCreate(collection, data),
+		update: (collection, id, data) => bridge.contentUpdate(collection, id, data),
+		delete: (collection, id) => bridge.contentDelete(collection, id)
+	};
+	
+	// Media access - proxies to bridge (capability enforced by bridge)
+	const media = {
+		get: (id) => bridge.mediaGet(id),
+		list: (opts) => bridge.mediaList(opts),
+		upload: (filename, contentType, bytes) => bridge.mediaUpload(filename, contentType, bytes),
+		getUploadUrl: () => { throw new Error("getUploadUrl is not available in sandbox mode. Use media.upload(filename, contentType, bytes) instead."); },
+		delete: (id) => bridge.mediaDelete(id)
+	};
+	
+	// HTTP access - proxies to bridge (capability + host enforced by bridge)
+	const http = {
+		fetch: async (url, init) => {
+			const result = await bridge.httpFetch(url, init);
+			// Bridge returns serialized response, reconstruct Response-like object
+			return {
+				status: result.status,
+				ok: result.status >= 200 && result.status < 300,
+				headers: new Headers(result.headers),
+				text: async () => result.text,
+				json: async () => JSON.parse(result.text)
+			};
+		}
+	};
+	
+	// Logger - proxies to bridge
+	const log = {
+		debug: (msg, data) => bridge.log("debug", msg, data),
+		info: (msg, data) => bridge.log("info", msg, data),
+		warn: (msg, data) => bridge.log("warn", msg, data),
+		error: (msg, data) => bridge.log("error", msg, data)
+	};
+	
+	// Site info - injected at wrapper generation time, no RPC needed
+	const site = ${JSON.stringify(site)};
+	
+	// URL helper - generates absolute URLs from paths
+	const siteBaseUrl = ${JSON.stringify(site.url.replace(TRAILING_SLASH_RE, ""))};
+	function url(path) {
+		if (!path.startsWith("/")) {
+			throw new Error('URL path must start with "/", got: "' + path + '"');
+		}
+		if (path.startsWith("//")) {
+			throw new Error('URL path must not be protocol-relative, got: "' + path + '"');
+		}
+		return siteBaseUrl + path;
+	}
+	
+	// User access - proxies to bridge (capability enforced by bridge)
+	const users = ${hasReadUsers} ? {
+		get: (id) => bridge.userGet(id),
+		getByEmail: (email) => bridge.userGetByEmail(email),
+		list: (opts) => bridge.userList(opts)
+	} : undefined;
+	
+	// Email access - proxies to bridge (capability enforced by bridge)
+	const email = ${hasEmailSend} ? {
+		send: (message) => bridge.emailSend(message)
+	} : undefined;
+	
+	return {
+		plugin: {
+			id: env.PLUGIN_ID,
+			version: env.PLUGIN_VERSION
+		},
+		storage,
+		kv,
+		content,
+		media,
+		http,
+		log,
+		site,
+		url,
+		users,
+		email
+	};
+}
+
+// -----------------------------------------------------------------------------
+// Worker Entrypoint (RPC interface)
+// -----------------------------------------------------------------------------
+
+export default class PluginEntrypoint extends WorkerEntrypoint {
+	async invokeHook(hookName, event) {
+		const ctx = createContext(this.env);
+		
+		// Find the hook handler
+		const hookDef = hooks[hookName];
+		
+		if (!hookDef) {
+			// No handler for this hook - that's ok, return undefined
+			return undefined;
+		}
+		
+		// Get the handler (might be wrapped in config object)
+		const handler = typeof hookDef === "function" ? hookDef : hookDef.handler;
+		
+		if (typeof handler !== "function") {
+			throw new Error(\`Hook \${hookName} handler is not a function\`);
+		}
+		
+		// Execute the hook
+		return handler(event, ctx);
+	}
+	
+	async invokeRoute(routeName, input, serializedRequest) {
+		const ctx = createContext(this.env);
+		
+		// Find the route handler
+		const route = routes[routeName];
+		
+		if (!route) {
+			throw new Error(\`Route not found: \${routeName}\`);
+		}
+		
+		// Get handler (might be direct function or object with handler)
+		const handler = typeof route === "function" ? route : route.handler;
+		
+		if (typeof handler !== "function") {
+			throw new Error(\`Route \${routeName} handler is not a function\`);
+		}
+		
+		// Execute the route handler with input, request metadata, and context
+		return handler({ input, request: serializedRequest, requestMeta: serializedRequest.meta }, ctx);
+	}
+}
+`;
+}
+/**
+* Sanitize a string for inclusion in a JavaScript comment.
+* Prevents comment injection via manifest.id or manifest.version containing
+* newlines or comment-closing sequences.
+*/
+function sanitizeComment(s) {
+	return s.replace(NEWLINE_RE, " ").replace(COMMENT_CLOSE_RE, "* /");
+}
+
+//#endregion
+//#region src/sandbox/runner.ts
+/**
+* Cloudflare Sandbox Runner
+*
+* Uses Worker Loader to run plugins in isolated V8 isolates.
+* Plugins communicate with the host via a BRIDGE service binding
+* that enforces capabilities and scopes operations.
+*
+* This module imports directly from cloudflare:workers to access
+* the LOADER binding and PluginBridge export. It's only loaded
+* when the user configures `sandboxRunner: "@emdash-cms/cloudflare/sandbox"`.
+*
+*/
+/**
+* Default resource limits for sandboxed plugins.
+*
+* cpuMs and subrequests are enforced by Worker Loader at the V8 isolate level.
+* wallTimeMs is enforced by the runner via Promise.race.
+* memoryMb is declared for API compatibility but NOT currently enforced —
+* Worker Loader doesn't expose a memory limit option. V8 isolates have a
+* platform-level memory ceiling (~128MB) but it's not configurable per-worker.
+*/
+const DEFAULT_LIMITS = {
+	cpuMs: 50,
+	memoryMb: 128,
+	subrequests: 10,
+	wallTimeMs: 3e4
+};
+/**
+* Get the Worker Loader binding from env
+*/
+function getLoader() {
+	return env.LOADER;
+}
+/**
+* Get the PluginBridge from exports (loopback binding)
+*/
+function getPluginBridge() {
+	return exports.PluginBridge;
+}
+/**
+* Resolve resource limits by merging user-provided overrides with defaults.
+*/
+function resolveLimits(limits) {
+	return {
+		cpuMs: limits?.cpuMs ?? DEFAULT_LIMITS.cpuMs,
+		memoryMb: limits?.memoryMb ?? DEFAULT_LIMITS.memoryMb,
+		subrequests: limits?.subrequests ?? DEFAULT_LIMITS.subrequests,
+		wallTimeMs: limits?.wallTimeMs ?? DEFAULT_LIMITS.wallTimeMs
+	};
+}
+/**
+* Cloudflare sandbox runner using Worker Loader.
+*/
+var CloudflareSandboxRunner = class {
+	plugins = /* @__PURE__ */ new Map();
+	options;
+	resolvedLimits;
+	siteInfo;
+	constructor(options) {
+		this.options = options;
+		this.resolvedLimits = resolveLimits(options.limits);
+		this.siteInfo = options.siteInfo;
+		setEmailSendCallback(options.emailSend ?? null);
+	}
+	/**
+	* Set the email send callback for sandboxed plugins.
+	* Called after the EmailPipeline is created, since the pipeline
+	* doesn't exist when the sandbox runner is constructed.
+	*/
+	setEmailSend(callback) {
+		setEmailSendCallback(callback);
+	}
+	/**
+	* Check if Worker Loader is available.
+	*/
+	isAvailable() {
+		return !!getLoader() && !!getPluginBridge();
+	}
+	/**
+	* Load a sandboxed plugin.
+	*
+	* @param manifest - Plugin manifest with capabilities and storage declarations
+	* @param code - The bundled plugin JavaScript code
+	*/
+	async load(manifest, code) {
+		const pluginId = `${manifest.id}:${manifest.version}`;
+		const existing = this.plugins.get(pluginId);
+		if (existing) return existing;
+		const loader = getLoader();
+		const pluginBridge = getPluginBridge();
+		if (!loader) throw new Error("Worker Loader not available. Add worker_loaders binding to wrangler config.");
+		if (!pluginBridge) throw new Error("PluginBridge not available. Export PluginBridge from your worker entrypoint.");
+		const plugin = new CloudflareSandboxedPlugin(manifest, code, loader, pluginBridge, this.resolvedLimits, this.siteInfo);
+		this.plugins.set(pluginId, plugin);
+		return plugin;
+	}
+	/**
+	* Terminate all loaded plugins.
+	*/
+	async terminateAll() {
+		for (const plugin of this.plugins.values()) await plugin.terminate();
+		this.plugins.clear();
+	}
+};
+/**
+* A plugin running in a Worker Loader isolate.
+*
+* IMPORTANT: Worker stubs and bridge bindings are tied to request context.
+* We must create fresh stubs for each invocation to avoid I/O isolation errors:
+* "Cannot perform I/O on behalf of a different request"
+*/
+var CloudflareSandboxedPlugin = class {
+	id;
+	manifest;
+	loader;
+	createBridge;
+	code;
+	wrapperCode = null;
+	limits;
+	siteInfo;
+	constructor(manifest, code, loader, createBridge, limits, siteInfo) {
+		this.id = `${manifest.id}:${manifest.version}`;
+		this.manifest = manifest;
+		this.code = code;
+		this.loader = loader;
+		this.createBridge = createBridge;
+		this.limits = limits;
+		this.siteInfo = siteInfo;
+	}
+	/**
+	* Create a fresh worker stub for the current request.
+	*
+	* Worker Loader stubs contain bindings (like BRIDGE) that are tied to the
+	* request context in which they were created. Reusing stubs across requests
+	* causes "Cannot perform I/O on behalf of a different request" errors.
+	*
+	* The Worker Loader internally caches the V8 isolate, so we only pay the
+	* cost of creating the bridge binding and stub wrapper per request.
+	*/
+	createWorker() {
+		if (!this.wrapperCode) this.wrapperCode = generatePluginWrapper(this.manifest, { site: this.siteInfo });
+		const bridgeBinding = this.createBridge({ props: {
+			pluginId: this.manifest.id,
+			pluginVersion: this.manifest.version || "0.0.0",
+			capabilities: this.manifest.capabilities || [],
+			allowedHosts: this.manifest.allowedHosts || [],
+			storageCollections: Object.keys(this.manifest.storage || {})
+		} });
+		const loaderLimits = {
+			cpuMs: this.limits.cpuMs,
+			subRequests: this.limits.subrequests
+		};
+		return this.loader.get(this.id, () => ({
+			compatibilityDate: "2025-01-01",
+			mainModule: "plugin.js",
+			modules: {
+				"plugin.js": { js: this.wrapperCode },
+				"sandbox-plugin.js": { js: this.code }
+			},
+			globalOutbound: null,
+			limits: loaderLimits,
+			env: {
+				PLUGIN_ID: this.manifest.id,
+				PLUGIN_VERSION: this.manifest.version || "0.0.0",
+				BRIDGE: bridgeBinding
+			}
+		}));
+	}
+	/**
+	* Run a function with wall-time enforcement.
+	*
+	* CPU limits and subrequest limits are enforced by the Worker Loader
+	* at the V8 isolate level. Wall-time is enforced here because Worker
+	* Loader doesn't expose a wall-time limit — a plugin could stall
+	* indefinitely waiting on network I/O.
+	*/
+	async withWallTimeLimit(operation, fn) {
+		const wallTimeMs = this.limits.wallTimeMs;
+		let timer;
+		const timeout = new Promise((_, reject) => {
+			timer = setTimeout(() => {
+				reject(/* @__PURE__ */ new Error(`Plugin ${this.manifest.id} exceeded wall-time limit of ${wallTimeMs}ms during ${operation}`));
+			}, wallTimeMs);
+		});
+		try {
+			return await Promise.race([fn(), timeout]);
+		} finally {
+			if (timer !== void 0) clearTimeout(timer);
+		}
+	}
+	/**
+	* Invoke a hook in the sandboxed plugin.
+	*
+	* CPU and subrequest limits are enforced by Worker Loader.
+	* Wall-time is enforced here.
+	*/
+	async invokeHook(hookName, event) {
+		return this.withWallTimeLimit(`hook:${hookName}`, () => {
+			return this.createWorker().getEntrypoint("default").invokeHook(hookName, event);
+		});
+	}
+	/**
+	* Invoke an API route in the sandboxed plugin.
+	*
+	* CPU and subrequest limits are enforced by Worker Loader.
+	* Wall-time is enforced here.
+	*/
+	async invokeRoute(routeName, input, request) {
+		return this.withWallTimeLimit(`route:${routeName}`, () => {
+			return this.createWorker().getEntrypoint("default").invokeRoute(routeName, input, request);
+		});
+	}
+	/**
+	* Terminate the sandboxed plugin.
+	*/
+	async terminate() {
+		this.wrapperCode = null;
+	}
+};
+/**
+* Factory function for creating the Cloudflare sandbox runner.
+*
+* Matches the SandboxRunnerFactory signature. The LOADER and PluginBridge
+* are obtained internally from cloudflare:workers imports.
+*/
+const createSandboxRunner = (options) => {
+	return new CloudflareSandboxRunner(options);
+};
+
+//#endregion
+export { CloudflareSandboxRunner, PluginBridge, createSandboxRunner, generatePluginWrapper, setEmailSendCallback };