@ethisyscore/vite-plugin 1.5.2 → 1.6.1

package/dist/index.cjs

@@ -1,39 +1,595 @@
-"use strict";
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+'use strict';
+
+var fs = require('fs');
+var path = require('path');
+var protocol = require('@ethisyscore/protocol');
 
 // src/index.ts
-var index_exports = {};
-__export(index_exports, {
-  ethisysManifestPlugin: () => ethisysManifestPlugin
-});
-module.exports = __toCommonJS(index_exports);
-var import_node_fs = require("fs");
-var import_node_path = require("path");
+var KNOWN_PRIMITIVE_SET = new Set(protocol.KNOWN_PRIMITIVES);
+var KNOWN_OPERATOR_SET = new Set(protocol.KNOWN_OPERATORS);
+var KNOWN_RULE_KIND_SET = new Set(protocol.KNOWN_RULE_KINDS);
+function toJsonPointer(path) {
+  if (path.length === 0) {
+    return "";
+  }
+  return "/" + path.map((seg) => {
+    const s = String(seg);
+    return s.replace(/~/g, "~0").replace(/\//g, "~1");
+  }).join("/");
+}
+function extractOffender(doc, issue) {
+  if (issue.code === "invalid_value" || issue.code === "invalid_enum_value") {
+    const received = issue.received;
+    if (typeof received === "string") {
+      return received;
+    }
+  }
+  let cur = doc;
+  for (const seg of issue.path) {
+    if (cur === null || cur === void 0) {
+      break;
+    }
+    cur = cur[seg];
+  }
+  if (cur && typeof cur === "object" && !Array.isArray(cur)) {
+    const keys = Object.keys(cur);
+    if (keys.length === 1 && !KNOWN_OPERATOR_SET.has(keys[0])) {
+      return keys[0];
+    }
+  }
+  if (issue.path.length > 0) {
+    const last = issue.path[issue.path.length - 1];
+    if (typeof last === "string" && !KNOWN_RULE_KIND_SET.has(last) && !KNOWN_PRIMITIVE_SET.has(last)) {
+      return last;
+    }
+  }
+  return void 0;
+}
+function zodIssuesToFailures(doc, issues, filePath) {
+  return issues.map((issue) => {
+    const pointer = toJsonPointer(issue.path);
+    const offender = extractOffender(doc, issue);
+    const offenderSuffix = offender ? ` (offender: '${offender}')` : "";
+    return {
+      filePath,
+      pointer,
+      offender,
+      message: `${filePath}${pointer ? ` at ${pointer}` : ""}: ${issue.message}${offenderSuffix}`
+    };
+  });
+}
+function validateDeclarativeResource(doc, uri, filePath) {
+  const parsed = protocol.SduiNode.safeParse(doc);
+  if (parsed.success) {
+    return { ok: true };
+  }
+  const failures = zodIssuesToFailures(doc, parsed.error.issues, filePath);
+  return {
+    ok: false,
+    failures: failures.map((f) => ({
+      ...f,
+      message: `[resource ${uri}] ${f.message}`
+    }))
+  };
+}
+function validateReactiveRule(rule, filePath) {
+  const parsed = protocol.ReactiveRule.safeParse(rule);
+  if (parsed.success) {
+    return { ok: true };
+  }
+  return {
+    ok: false,
+    failures: zodIssuesToFailures(rule, parsed.error.issues, filePath)
+  };
+}
+
+// src/contract-a/emit.ts
+function slugForUri(uri) {
+  return uri.replace(/[^a-zA-Z0-9._-]+/g, "-").replace(/^-+|-+$/g, "");
+}
+function assertSafeRelativePath(value, label) {
+  const normalized = path.normalize(value);
+  if (path.isAbsolute(value) || path.isAbsolute(normalized)) {
+    throw new Error(
+      `[ethisys-contract-a] ${label} "${value}" must be relative, not absolute.`
+    );
+  }
+  if (normalized.split(/[\\/]/).includes("..")) {
+    throw new Error(
+      `[ethisys-contract-a] ${label} "${value}" must not contain path traversal.`
+    );
+  }
+}
+function formatFailures(failures) {
+  const lines = failures.map((f, i) => `  ${i + 1}. ${f.message}`);
+  return [
+    `[@ethisyscore/vite-plugin] Contract A schema validation failed:`,
+    ...lines
+  ].join("\n");
+}
+function ethisysContractAPlugin(options = {}) {
+  const outputPrefix = (options.outputPrefix ?? "sdui/").replace(/\/+$/, "/").replace(/^\/+/, "");
+  const explicitRoot = options.root;
+  const manifestRel = options.manifestPath ?? "feature.manifest.json";
+  let resolvedRoot;
+  let manifestAbsPath;
+  let validatedResources = [];
+  const resourcePayloads = /* @__PURE__ */ new Map();
+  function resolveRoot() {
+    if (resolvedRoot) {
+      return resolvedRoot;
+    }
+    resolvedRoot = explicitRoot ?? process.cwd();
+    manifestAbsPath = path.isAbsolute(manifestRel) ? manifestRel : path.resolve(resolvedRoot, manifestRel);
+    return resolvedRoot;
+  }
+  function readManifest() {
+    resolveRoot();
+    if (!fs.existsSync(manifestAbsPath)) {
+      return null;
+    }
+    const raw = fs.readFileSync(manifestAbsPath, "utf-8");
+    try {
+      return JSON.parse(raw);
+    } catch (e) {
+      throw new Error(
+        `[@ethisyscore/vite-plugin] Failed to parse manifest at "${manifestAbsPath}": ${e.message}`
+      );
+    }
+  }
+  function validate() {
+    validatedResources = [];
+    resourcePayloads.clear();
+    const manifest = readManifest();
+    if (manifest === null) {
+      return;
+    }
+    const failures = [];
+    for (const ref of manifest.resources ?? []) {
+      if (!ref.file) {
+        continue;
+      }
+      assertSafeRelativePath(ref.file, "Resource file path");
+      const filePath = path.resolve(resolvedRoot, ref.file);
+      if (!fs.existsSync(filePath)) {
+        failures.push({
+          filePath,
+          pointer: "",
+          message: `[resource ${ref.uri}] file "${ref.file}" referenced by the manifest does not exist on disk (resolved: ${filePath}).`
+        });
+        continue;
+      }
+      const rawJson = fs.readFileSync(filePath, "utf-8");
+      let doc;
+      try {
+        doc = JSON.parse(rawJson);
+      } catch (e) {
+        failures.push({
+          filePath,
+          pointer: "",
+          message: `[resource ${ref.uri}] failed to parse JSON: ${e.message}`
+        });
+        continue;
+      }
+      const result = validateDeclarativeResource(doc, ref.uri, filePath);
+      if (!result.ok) {
+        failures.push(...result.failures);
+        continue;
+      }
+      const fileName = `${outputPrefix}${slugForUri(ref.uri)}.json`;
+      const payload = JSON.stringify(doc);
+      resourcePayloads.set(fileName, payload);
+      validatedResources.push({ uri: ref.uri, fileName });
+    }
+    for (const ruleRef of manifest.reactiveRules ?? []) {
+      const result = validateReactiveRule(ruleRef.rule, manifestAbsPath);
+      if (!result.ok) {
+        failures.push(
+          ...result.failures.map((f) => ({
+            ...f,
+            message: `[reactiveRule ${ruleRef.id}] ${f.message}`
+          }))
+        );
+      }
+    }
+    if (failures.length > 0) {
+      throw new Error(formatFailures(failures));
+    }
+  }
+  return {
+    name: "ethisys-contract-a",
+    enforce: "pre",
+    configResolved(config) {
+      if (!explicitRoot) {
+        resolvedRoot = config.root;
+        manifestAbsPath = path.isAbsolute(manifestRel) ? manifestRel : path.resolve(resolvedRoot, manifestRel);
+      }
+    },
+    buildStart() {
+      validate();
+    },
+    generateBundle() {
+      if (validatedResources.length === 0) {
+        return;
+      }
+      for (const { fileName } of validatedResources) {
+        const source = resourcePayloads.get(fileName);
+        if (source === void 0) {
+          continue;
+        }
+        this.emitFile({ type: "asset", fileName, source });
+      }
+      const sorted = [...validatedResources].sort(
+        (a, b) => a.uri.localeCompare(b.uri)
+      );
+      const index = {
+        version: 1,
+        resources: sorted.map(({ uri, fileName }) => ({ uri, file: fileName }))
+      };
+      this.emitFile({
+        type: "asset",
+        fileName: `${outputPrefix}sdui-manifest.json`,
+        source: JSON.stringify(index)
+      });
+    }
+  };
+}
+
+// src/contract-b/rewrite-imports.ts
+var STATIC_IMPORT_RE = /^([ \t]*)import[ \t]+(.*?)[ \t]*;?[ \t]*$/gm;
+function rewriteSafeImports(code, allowlist) {
+  const allowSet = new Set(allowlist);
+  return code.replace(STATIC_IMPORT_RE, (match, indent, body) => {
+    const rewrite = tryRewriteImport(body, allowSet);
+    return rewrite === null ? match : `${indent}${rewrite}`;
+  });
+}
+function convertNamedBindings(namedClause) {
+  const inner = namedClause.slice(1, -1).trim();
+  if (inner.length === 0) {
+    return "";
+  }
+  const parts = inner.split(",").map((p) => p.trim()).filter((p) => p.length > 0);
+  const converted = parts.map((part) => {
+    const asMatch = part.match(/^(\w[\w$]*)\s+as\s+(\w[\w$]*)$/);
+    return asMatch === null ? part : `${asMatch[1]}: ${asMatch[2]}`;
+  });
+  return converted.join(", ");
+}
+function tryRewriteImport(body, allowSet) {
+  const sideEffect = body.match(/^["']([^"']+)["']$/);
+  if (sideEffect !== null) {
+    const spec = sideEffect[1];
+    if (!allowSet.has(spec)) {
+      return null;
+    }
+    return `await globalThis.__ethisysSafeImport(${JSON.stringify(spec)});`;
+  }
+  const defaultPlusNamed = body.match(
+    /^(\w[\w$]*)\s*,\s*(\{[^}]*\})\s+from\s+["']([^"']+)["']$/
+  );
+  if (defaultPlusNamed !== null) {
+    const defaultLocal = defaultPlusNamed[1];
+    const namedClause = defaultPlusNamed[2];
+    const spec = defaultPlusNamed[3];
+    if (!allowSet.has(spec)) {
+      return null;
+    }
+    const bindings = convertNamedBindings(namedClause);
+    const inner = bindings.length === 0 ? `default: ${defaultLocal}` : `default: ${defaultLocal}, ${bindings}`;
+    return `const { ${inner} } = await globalThis.__ethisysSafeImport(${JSON.stringify(spec)});`;
+  }
+  const defaultOnly = body.match(/^(\w[\w$]*)\s+from\s+["']([^"']+)["']$/);
+  if (defaultOnly !== null) {
+    const local = defaultOnly[1];
+    const spec = defaultOnly[2];
+    if (!allowSet.has(spec)) {
+      return null;
+    }
+    return `const { default: ${local} } = await globalThis.__ethisysSafeImport(${JSON.stringify(spec)});`;
+  }
+  const namedOnly = body.match(/^(\{[^}]*\})\s+from\s+["']([^"']+)["']$/);
+  if (namedOnly !== null) {
+    const namedClause = namedOnly[1];
+    const spec = namedOnly[2];
+    if (!allowSet.has(spec)) {
+      return null;
+    }
+    const bindings = convertNamedBindings(namedClause);
+    return `const { ${bindings} } = await globalThis.__ethisysSafeImport(${JSON.stringify(spec)});`;
+  }
+  const namespaceOnly = body.match(/^\*\s+as\s+(\w[\w$]*)\s+from\s+["']([^"']+)["']$/);
+  if (namespaceOnly !== null) {
+    const local = namespaceOnly[1];
+    const spec = namespaceOnly[2];
+    if (!allowSet.has(spec)) {
+      return null;
+    }
+    return `const ${local} = await globalThis.__ethisysSafeImport(${JSON.stringify(spec)});`;
+  }
+  return null;
+}
+
+// src/contract-b/worker-bundle.ts
+var CONTRACT_B_SEMANTIC_PRIMITIVES = [
+  "Button",
+  "DataTable",
+  "Form",
+  "EntityPicker",
+  "CommandBar",
+  "Drawer",
+  "Modal",
+  "CanvasSurface",
+  "WebGLSurface"
+];
+var CONTRACT_B_RUNTIME_IMPORTS = [
+  "react",
+  "@ethisyscore/extension-runtime"
+];
+var CONTRACT_B_IMPORT_MAP_ALLOWLIST = Object.freeze([
+  ...CONTRACT_B_RUNTIME_IMPORTS,
+  ...CONTRACT_B_SEMANTIC_PRIMITIVES
+]);
+var ALLOWLIST_SET = new Set(CONTRACT_B_IMPORT_MAP_ALLOWLIST);
+function assertHostOriginRelativePath(value, label) {
+  if (/^[a-z][a-z0-9+.-]*:\/\//i.test(value)) {
+    throw new Error(
+      `[ethisys-contract-b] ${label} "${value}" must be a host-origin relative path, not a remote URL.`
+    );
+  }
+  if (/^(data|blob|javascript):/i.test(value)) {
+    throw new Error(
+      `[ethisys-contract-b] ${label} "${value}" must be a host-origin relative path, not a ${value.split(":")[0]}: URL.`
+    );
+  }
+  const normalized = path.normalize(value);
+  if (path.isAbsolute(value) || path.isAbsolute(normalized)) {
+    throw new Error(
+      `[ethisys-contract-b] ${label} "${value}" must be relative, not absolute.`
+    );
+  }
+  if (normalized.split(/[\\/]/).includes("..")) {
+    throw new Error(
+      `[ethisys-contract-b] ${label} "${value}" must not contain path traversal.`
+    );
+  }
+}
 function slash(p) {
-  return import_node_path.sep === "\\" ? p.replace(/\\/g, "/") : p;
+  return path.sep === "\\" ? p.replace(/\\/g, "/") : p;
+}
+function ethisysContractBPlugin(options = {}) {
+  const explicitRoot = options.root;
+  const manifestRel = options.manifestPath ?? "feature.manifest.json";
+  const outputPrefix = (options.outputPrefix ?? "worker/").replace(/\/+$/, "/").replace(/^\/+/, "");
+  let resolvedRoot;
+  let manifestAbsPath;
+  let workerEntryAbs = null;
+  let workerEntryRel = null;
+  function resolveRoot() {
+    if (resolvedRoot) {
+      return resolvedRoot;
+    }
+    resolvedRoot = explicitRoot ?? process.cwd();
+    manifestAbsPath = path.isAbsolute(manifestRel) ? manifestRel : path.resolve(resolvedRoot, manifestRel);
+    return resolvedRoot;
+  }
+  function readManifest() {
+    resolveRoot();
+    if (!fs.existsSync(manifestAbsPath)) {
+      return null;
+    }
+    const raw = fs.readFileSync(manifestAbsPath, "utf-8");
+    try {
+      return JSON.parse(raw);
+    } catch (e) {
+      throw new Error(
+        `[ethisys-contract-b] Failed to parse manifest at "${manifestAbsPath}": ${e.message}`
+      );
+    }
+  }
+  function validate() {
+    workerEntryAbs = null;
+    workerEntryRel = null;
+    const manifest = readManifest();
+    if (manifest === null) {
+      return;
+    }
+    if (manifest.renderMode !== "remote-runtime") {
+      return;
+    }
+    const entry = manifest.worker?.entry;
+    if (typeof entry !== "string" || entry.length === 0) {
+      throw new Error(
+        `[ethisys-contract-b] manifest declares renderMode='remote-runtime' but no worker.entry. Set "worker": { "entry": "src/worker.ts" } (relative path).`
+      );
+    }
+    assertHostOriginRelativePath(entry, "Worker entry");
+    const absPath = path.resolve(resolvedRoot, entry);
+    if (!fs.existsSync(absPath)) {
+      throw new Error(
+        `[ethisys-contract-b] Worker entry file "${entry}" does not exist on disk (resolved: ${absPath}).`
+      );
+    }
+    workerEntryAbs = absPath;
+    workerEntryRel = entry;
+  }
+  return {
+    name: "ethisys-contract-b",
+    // `pre` ordering: validation should fire before user-supplied plugins.
+    enforce: "pre",
+    configResolved(config) {
+      if (!explicitRoot) {
+        resolvedRoot = config.root;
+        manifestAbsPath = path.isAbsolute(manifestRel) ? manifestRel : path.resolve(resolvedRoot, manifestRel);
+      }
+    },
+    /**
+     * Declares the Rollup input table and locks the output to a single ESM
+     * module. Only fires when the manifest opts in (`renderMode: remote-runtime`).
+     */
+    config(_config, { command }) {
+      if (command !== "build") {
+        return;
+      }
+      validate();
+      if (workerEntryAbs === null) {
+        return;
+      }
+      const externalSpecifiers = new Set(CONTRACT_B_IMPORT_MAP_ALLOWLIST);
+      return {
+        build: {
+          rollupOptions: {
+            input: { worker: slash(workerEntryAbs) },
+            external: (id) => externalSpecifiers.has(id),
+            // CRITICAL: single-file output for the worker bundle. The
+            // E4.S4 frozen import map presumes ONE module entry per plugin —
+            // chunk splitting or dynamic-import shards would defeat it.
+            output: {
+              format: "es",
+              inlineDynamicImports: true,
+              entryFileNames: `${outputPrefix}[name].js`,
+              chunkFileNames: `${outputPrefix}[name]-[hash].js`,
+              assetFileNames: `${outputPrefix}[name][extname]`
+            }
+          }
+        }
+      };
+    },
+    buildStart() {
+      validate();
+    },
+    /**
+     * Reject `data:` / `blob:` / `javascript:` URL specifiers at resolve time.
+     *
+     * Rollup normally externalises unknown URL schemes silently, which would
+     * mean a malicious `import("data:text/javascript,...")` survives the
+     * build untouched and only fails at runtime (where the bootstrap script's
+     * `safeImport` would catch it). We want build-time failure too — the
+     * import-map contract is enforced at BOTH ends.
+     */
+    resolveId(source) {
+      if (workerEntryAbs === null) {
+        return null;
+      }
+      if (/^(data|blob|javascript):/i.test(source)) {
+        const scheme = source.split(":", 1)[0];
+        this.error(
+          `[ethisys-contract-b] Contract B bundle imports forbidden URL scheme '${scheme}:' (specifier: "${source.slice(0, 80)}${source.length > 80 ? "..." : ""}"). The worker realm rejects ${scheme}: imports at runtime; the build rejects them too.`
+        );
+      }
+      return null;
+    },
+    /**
+     * Rewrite the emitted worker chunk's static bare-specifier imports into
+     * top-level `await globalThis.__ethisysSafeImport(...)` calls. This is
+     * the build-time complement to the worker bootstrap's frozen IMPORT_MAP
+     * (defined in CoreConnect-Api's WorkerBootstrapScriptProvider.cs). The
+     * worker realm has no `<script type="importmap">` surface, so static
+     * bare specifiers reach the browser's native ES loader as
+     * `Failed to resolve module specifier` errors at module load time.
+     *
+     * Returns `null` (no transform) when the manifest is not Contract B —
+     * the Contract A path's emitted chunks are left untouched.
+     */
+    renderChunk(code, chunk) {
+      if (workerEntryAbs === null) {
+        return null;
+      }
+      if (chunk.type !== "chunk") {
+        return null;
+      }
+      const rewritten = rewriteSafeImports(code, CONTRACT_B_IMPORT_MAP_ALLOWLIST);
+      if (rewritten === code) {
+        return null;
+      }
+      return { code: rewritten };
+    },
+    /**
+     * Inspect the emitted bundle for out-of-allowlist bare specifiers and emit
+     * the per-bundle `worker-bundle.import-map.json` manifest.
+     *
+     * Because we marked allowlist specifiers as `external` in `config`, any
+     * other bare specifier that the plugin tried to import would have failed
+     * Rollup's resolver upstream — but we re-check the surviving `chunk.imports`
+     * here as belt-and-braces in case a future Rollup or Vite change relaxes
+     * the resolver path. Defence in depth at the build layer matches the
+     * defence in depth at the runtime layer (E4.S3 bootstrap).
+     */
+    generateBundle(_outputOptions, bundle) {
+      if (workerEntryAbs === null || workerEntryRel === null) {
+        return;
+      }
+      const importedSpecifiers = /* @__PURE__ */ new Set();
+      const violations = [];
+      for (const [, chunk] of Object.entries(bundle)) {
+        if (chunk.type !== "chunk") {
+          continue;
+        }
+        const candidates = [
+          ...chunk.imports ?? [],
+          ...chunk.dynamicImports ?? []
+        ];
+        for (const spec of candidates) {
+          if (spec.startsWith(".") || spec.startsWith("/") || path.isAbsolute(spec)) {
+            continue;
+          }
+          if (/^[a-z][a-z0-9+.-]*:/i.test(spec)) {
+            violations.push(spec);
+            continue;
+          }
+          if (!ALLOWLIST_SET.has(spec)) {
+            violations.push(spec);
+            continue;
+          }
+          importedSpecifiers.add(spec);
+        }
+      }
+      if (violations.length > 0) {
+        const unique = [...new Set(violations)].sort();
+        this.error(
+          `[ethisys-contract-b] Worker bundle imports specifier(s) outside the frozen import-map allowlist: ${unique.map((s) => `"${s}"`).join(", ")}. Allowed bare specifiers: ${CONTRACT_B_IMPORT_MAP_ALLOWLIST.map((s) => `"${s}"`).join(", ")}.`
+        );
+      }
+      const resolvedEntries = [...importedSpecifiers].sort();
+      const workerBundleManifest = {
+        version: 1,
+        renderMode: "remote-runtime",
+        worker: { entry: workerEntryRel }
+      };
+      this.emitFile({
+        type: "asset",
+        fileName: `${outputPrefix}worker-bundle.json`,
+        source: JSON.stringify(workerBundleManifest)
+      });
+      const importMapManifest = {
+        version: 1,
+        // Authoring contract: the bundle's bare-specifier surface area, in
+        // sorted order, restricted to the frozen allowlist.
+        imports: Object.fromEntries(resolvedEntries.map((spec) => [spec, null])),
+        // Mirror the canonical allowlist so consumers diffing manifests
+        // across plugin versions can see the contract the build verified
+        // against without re-reading SDK source.
+        allowlist: [...CONTRACT_B_IMPORT_MAP_ALLOWLIST]
+      };
+      this.emitFile({
+        type: "asset",
+        fileName: `${outputPrefix}worker-bundle.import-map.json`,
+        source: JSON.stringify(importMapManifest)
+      });
+    }
+  };
+}
+
+// src/index.ts
+function slash2(p) {
+  return path.sep === "\\" ? p.replace(/\\/g, "/") : p;
 }
 function escapeHtml(str) {
   return str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#39;");
 }
-function assertSafeRelativePath(value, label) {
-  const normalized = (0, import_node_path.normalize)(value);
-  if ((0, import_node_path.isAbsolute)(value) || (0, import_node_path.isAbsolute)(normalized)) {
+function assertSafeRelativePath2(value, label) {
+  const normalized = path.normalize(value);
+  if (path.isAbsolute(value) || path.isAbsolute(normalized)) {
     throw new Error(
       `[ethisys-manifest] ${label} "${value}" must be relative, not absolute.`
     );
@@ -53,10 +609,10 @@ function ethisysManifestPlugin(options = {}) {
   const htmlCache = /* @__PURE__ */ new Map();
   function generateHtml(entry) {
     if (entry.template) {
-      assertSafeRelativePath(entry.template, "Template path");
-      const templatePath = (0, import_node_path.resolve)(rootDir, entry.template);
-      if ((0, import_node_fs.existsSync)(templatePath)) {
-        let html = (0, import_node_fs.readFileSync)(templatePath, "utf-8");
+      assertSafeRelativePath2(entry.template, "Template path");
+      const templatePath = path.resolve(rootDir, entry.template);
+      if (fs.existsSync(templatePath)) {
+        let html = fs.readFileSync(templatePath, "utf-8");
         const safeMountId2 = escapeHtml(mountId);
         const mountPattern = new RegExp(`id=["']${safeMountId2}["']`);
         if (!mountPattern.test(html)) {
@@ -85,10 +641,10 @@ function ethisysManifestPlugin(options = {}) {
 </html>`;
   }
   function readManifest() {
-    if (!(0, import_node_fs.existsSync)(manifestAbsPath)) {
+    if (!fs.existsSync(manifestAbsPath)) {
       return [];
     }
-    const raw = (0, import_node_fs.readFileSync)(manifestAbsPath, "utf-8");
+    const raw = fs.readFileSync(manifestAbsPath, "utf-8");
     let manifest;
     try {
       manifest = JSON.parse(raw);
@@ -114,9 +670,9 @@ function ethisysManifestPlugin(options = {}) {
     const entrypointSources = /* @__PURE__ */ new Map();
     for (const entry of entries) {
       const source = entry.source;
-      assertSafeRelativePath(source, "Source path");
-      const sourcePath = (0, import_node_path.resolve)(rootDir, source);
-      if (!(0, import_node_fs.existsSync)(sourcePath)) {
+      assertSafeRelativePath2(source, "Source path");
+      const sourcePath = path.resolve(rootDir, source);
+      if (!fs.existsSync(sourcePath)) {
         throw new Error(
           `[ethisys-manifest] Source file "${source}" for entry "${entry.entrypoint}" does not exist.`
         );
@@ -135,7 +691,7 @@ function ethisysManifestPlugin(options = {}) {
     enforce: "pre",
     config(config, { command }) {
       rootDir = config.root ?? process.cwd();
-      manifestAbsPath = (0, import_node_path.resolve)(rootDir, manifestRelPath);
+      manifestAbsPath = path.resolve(rootDir, manifestRelPath);
       entries = readManifest();
       if (entries.length === 0) {
         return;
@@ -150,7 +706,7 @@ function ethisysManifestPlugin(options = {}) {
           }
           seen.add(entry.entrypoint);
           const name = entry.entrypoint.replace(/\.html$/, "");
-          input[name] = slash((0, import_node_path.resolve)(rootDir, entry.entrypoint));
+          input[name] = slash2(path.resolve(rootDir, entry.entrypoint));
         }
         return {
           build: {
@@ -215,7 +771,7 @@ function ethisysManifestPlugin(options = {}) {
     // Entire handler is wrapped in try/catch so JSON syntax errors in the
     // manifest don't crash the dev server (common during active editing).
     handleHotUpdate({ file, server }) {
-      if (slash(file) === slash(manifestAbsPath)) {
+      if (slash2(file) === slash2(manifestAbsPath)) {
         try {
           entries = readManifest();
           validateEntries();
@@ -233,9 +789,9 @@ function ethisysManifestPlugin(options = {}) {
     },
     // Build: resolve virtual HTML module IDs (no physical files exist on disk)
     resolveId(id) {
-      const normalizedId = slash(id);
+      const normalizedId = slash2(id);
       const match = entries.find(
-        (e) => slash((0, import_node_path.resolve)(rootDir, e.entrypoint)) === normalizedId
+        (e) => slash2(path.resolve(rootDir, e.entrypoint)) === normalizedId
       );
       if (match) {
         return id;
@@ -243,9 +799,9 @@ function ethisysManifestPlugin(options = {}) {
     },
     // Build: provide virtual HTML content for Rollup
     load(id) {
-      const normalizedId = slash(id);
+      const normalizedId = slash2(id);
       const match = entries.find(
-        (e) => slash((0, import_node_path.resolve)(rootDir, e.entrypoint)) === normalizedId
+        (e) => slash2(path.resolve(rootDir, e.entrypoint)) === normalizedId
       );
       if (match) {
         return generateHtml(match);
@@ -253,7 +809,14 @@ function ethisysManifestPlugin(options = {}) {
     }
   };
 }
-// Annotate the CommonJS export names for ESM import in node:
-0 && (module.exports = {
-  ethisysManifestPlugin
-});
+
+exports.CONTRACT_B_IMPORT_MAP_ALLOWLIST = CONTRACT_B_IMPORT_MAP_ALLOWLIST;
+exports.CONTRACT_B_RUNTIME_IMPORTS = CONTRACT_B_RUNTIME_IMPORTS;
+exports.CONTRACT_B_SEMANTIC_PRIMITIVES = CONTRACT_B_SEMANTIC_PRIMITIVES;
+exports.ethisysContractAPlugin = ethisysContractAPlugin;
+exports.ethisysContractBPlugin = ethisysContractBPlugin;
+exports.ethisysManifestPlugin = ethisysManifestPlugin;
+exports.validateDeclarativeResource = validateDeclarativeResource;
+exports.validateReactiveRule = validateReactiveRule;
+//# sourceMappingURL=index.cjs.map
+//# sourceMappingURL=index.cjs.map