@hasna/shortlinks 0.1.6 → 0.1.8

package/README.md

@@ -2,7 +2,7 @@
 
 CLI-only shortlink management for custom domains.
 
-`shortlinks` creates Bitly-style short URLs, supports multiple domains, records click analytics, can run a tiny redirect server, and includes helper commands for Cloudflare DNS/Workers, `@hasna/domains`, and `@hasna/cloud` sync.
+`shortlinks` creates Bitly-style short URLs, supports multiple domains, records click analytics, can run a tiny redirect server, and includes helper commands for Cloudflare DNS/Workers, `@hasna/domains`, and `@hasna/cloud` sync. Production serving can run directly against the shared RDS database with `--cloud`; local SQLite is only for explicit local/offline use.
 
 [![npm](https://img.shields.io/npm/v/@hasna/shortlinks)](https://www.npmjs.com/package/@hasna/shortlinks)
 [![License](https://img.shields.io/badge/license-Apache--2.0-blue)](LICENSE)
@@ -64,6 +64,7 @@ shortlinks link enable home --domain has.na
 shortlinks stats home --domain has.na
 
 shortlinks serve --port 8787
+shortlinks serve --cloud --port 8787
 shortlinks doctor
 ```
 
@@ -137,15 +138,21 @@ shortlinks cloud sync
 ```
 
 The cloud database service name is `shortlinks`.
+Use direct RDS mode for production and live management:
+
+```bash
+shortlinks --cloud create https://example.com
+shortlinks --cloud link list
+shortlinks serve --cloud --host 127.0.0.1 --port 8787
+```
 
 ## AWS Origin
 
 For an apex domain that needs stable A records, `infra/aws-ec2-user-data.sh` bootstraps a small EC2 redirect origin with:
 
 - `@hasna/shortlinks` installed through Bun
-- local SQLite data synced with the `shortlinks` RDS database through `@hasna/cloud`
+- direct reads and click writes against the `shortlinks` RDS database through `@hasna/cloud`
 - Caddy terminating HTTPS and proxying to `shortlinks serve`
-- a systemd timer that syncs links and clicks every minute
 
 The script reads the RDS password from AWS Secrets Manager through the instance role; it does not contain secret values.
 

package/dist/cli/index.js

@@ -3096,6 +3096,326 @@ class ShortlinksStore {
   }
 }
 
+// src/pg-store.ts
+import { createHash as createHash2 } from "crypto";
+function parseJsonObject2(value) {
+  if (!value)
+    return {};
+  if (typeof value === "object" && !Array.isArray(value))
+    return value;
+  try {
+    const parsed = JSON.parse(String(value));
+    return parsed && typeof parsed === "object" && !Array.isArray(parsed) ? parsed : {};
+  } catch {
+    return {};
+  }
+}
+function toIsoString(value) {
+  if (value instanceof Date)
+    return value.toISOString();
+  return String(value);
+}
+function nullableIso(value) {
+  if (value === null || value === undefined)
+    return null;
+  return toIsoString(value);
+}
+function domainFromRow2(row) {
+  return {
+    ...row,
+    default_domain: Boolean(row.default_domain),
+    synced_at: nullableIso(row.synced_at),
+    created_at: toIsoString(row.created_at),
+    updated_at: toIsoString(row.updated_at),
+    metadata: parseJsonObject2(row.metadata)
+  };
+}
+function linkFromRow2(row) {
+  return {
+    ...row,
+    active: Boolean(row.active),
+    expires_at: nullableIso(row.expires_at),
+    synced_at: nullableIso(row.synced_at),
+    created_at: toIsoString(row.created_at),
+    updated_at: toIsoString(row.updated_at),
+    metadata: parseJsonObject2(row.metadata),
+    short_url: formatShortUrl(row.hostname, row.slug)
+  };
+}
+function validateDestinationUrl2(url) {
+  let parsed;
+  try {
+    parsed = new URL(url);
+  } catch {
+    throw new Error(`Invalid destination URL: ${url}`);
+  }
+  if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+    throw new Error("Destination URL must start with http:// or https://.");
+  }
+  return parsed.toString();
+}
+function isoOrNull2(input) {
+  if (!input)
+    return null;
+  const date = new Date(input);
+  if (Number.isNaN(date.getTime()))
+    throw new Error(`Invalid date: ${input}`);
+  return date.toISOString();
+}
+function clickFromRow2(row) {
+  return {
+    ...row,
+    clicked_at: toIsoString(row.clicked_at),
+    synced_at: nullableIso(row.synced_at),
+    created_at: toIsoString(row.created_at),
+    updated_at: toIsoString(row.updated_at),
+    metadata: parseJsonObject2(row.metadata)
+  };
+}
+
+class PgShortlinksStore {
+  pg;
+  constructor(pg) {
+    this.pg = pg;
+  }
+  static async fromConnectionString(connectionString) {
+    const { PgAdapterAsync } = await import("@hasna/cloud");
+    return new PgShortlinksStore(new PgAdapterAsync(connectionString));
+  }
+  static async fromCloud(service = "shortlinks") {
+    const { getConnectionString } = await import("@hasna/cloud");
+    return PgShortlinksStore.fromConnectionString(getConnectionString(service));
+  }
+  async close() {
+    await this.pg.close?.();
+  }
+  async addDomain(input) {
+    const hostname2 = normalizeHostname(input.hostname);
+    const timestamp = now();
+    const machineId = getMachineId();
+    const existing = await this.getDomain(hostname2);
+    const id = existing?.id || makeId("dom");
+    if (input.defaultDomain) {
+      await this.pg.run("UPDATE domains SET default_domain = 0, updated_at = ? WHERE default_domain = 1", timestamp);
+    }
+    await this.pg.run(`
+      INSERT INTO domains (
+        id, hostname, provider, default_domain, cloudflare_zone_id, cloudflare_account_id,
+        cloudflare_worker_name, origin_url, notes, metadata, machine_id, synced_at, created_at, updated_at
+      )
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NULL, ?, ?)
+      ON CONFLICT(hostname) DO UPDATE SET
+        provider = excluded.provider,
+        default_domain = excluded.default_domain,
+        cloudflare_zone_id = COALESCE(excluded.cloudflare_zone_id, domains.cloudflare_zone_id),
+        cloudflare_account_id = COALESCE(excluded.cloudflare_account_id, domains.cloudflare_account_id),
+        cloudflare_worker_name = COALESCE(excluded.cloudflare_worker_name, domains.cloudflare_worker_name),
+        origin_url = COALESCE(excluded.origin_url, domains.origin_url),
+        notes = COALESCE(excluded.notes, domains.notes),
+        metadata = excluded.metadata,
+        machine_id = excluded.machine_id,
+        synced_at = NULL,
+        updated_at = excluded.updated_at
+    `, id, hostname2, input.provider || existing?.provider || "manual", input.defaultDomain ?? existing?.default_domain ? 1 : 0, input.cloudflareZoneId || existing?.cloudflare_zone_id || null, input.cloudflareAccountId || existing?.cloudflare_account_id || null, input.cloudflareWorkerName || existing?.cloudflare_worker_name || null, input.originUrl || existing?.origin_url || null, input.notes || existing?.notes || null, JSON.stringify(input.metadata || existing?.metadata || {}), machineId, existing?.created_at || timestamp, timestamp);
+    return await this.getDomain(hostname2);
+  }
+  async listDomains() {
+    const rows = await this.pg.all(`
+      SELECT * FROM domains
+      ORDER BY default_domain DESC, hostname ASC
+    `);
+    return rows.map(domainFromRow2);
+  }
+  async getDomain(hostnameOrId) {
+    const normalized = hostnameOrId.includes(".") || hostnameOrId.includes("://") ? normalizeHostname(hostnameOrId) : hostnameOrId;
+    const row = await this.pg.get(`
+      SELECT * FROM domains WHERE hostname = ? OR id = ? LIMIT 1
+    `, normalized, hostnameOrId);
+    return row ? domainFromRow2(row) : null;
+  }
+  async getDefaultDomain() {
+    const row = await this.pg.get(`
+      SELECT * FROM domains ORDER BY default_domain DESC, created_at ASC LIMIT 1
+    `);
+    return row ? domainFromRow2(row) : null;
+  }
+  async createLink(input) {
+    const domain = input.domain ? await this.getDomain(input.domain) : await this.getDefaultDomain();
+    if (!domain) {
+      throw new Error("No domain configured. Run `shortlinks domain add <domain> --default` first.");
+    }
+    const destinationUrl = validateDestinationUrl2(input.destinationUrl);
+    const timestamp = now();
+    const machineId = getMachineId();
+    const expiresAt = isoOrNull2(input.expiresAt);
+    const slug = input.slug ? normalizeSlug(input.slug) : await this.generateAvailableSlug(domain.id, input.slugLength || DEFAULT_SLUG_LENGTH);
+    try {
+      await this.pg.run(`
+        INSERT INTO links (
+          id, domain_id, slug, destination_url, title, active, expires_at, metadata,
+          machine_id, synced_at, created_at, updated_at
+        )
+        VALUES (?, ?, ?, ?, ?, 1, ?, ?, ?, NULL, ?, ?)
+      `, makeId("lnk"), domain.id, slug, destinationUrl, input.title || null, expiresAt, JSON.stringify(input.metadata || {}), machineId, timestamp, timestamp);
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      if (message.includes("unique") || message.includes("duplicate")) {
+        throw new Error(`Slug already exists for ${domain.hostname}: ${slug}`);
+      }
+      throw error;
+    }
+    return await this.getLink(domain.hostname, slug);
+  }
+  async listLinks(options = {}) {
+    const params = [];
+    let where = "WHERE 1 = 1";
+    if (options.domain) {
+      where += " AND d.hostname = ?";
+      params.push(normalizeHostname(options.domain));
+    }
+    if (options.activeOnly)
+      where += " AND l.active = 1";
+    params.push(options.limit || 100);
+    const rows = await this.pg.all(`
+      SELECT l.*, d.hostname
+      FROM links l
+      JOIN domains d ON d.id = l.domain_id
+      ${where}
+      ORDER BY l.created_at DESC
+      LIMIT ?
+    `, ...params);
+    return rows.map(linkFromRow2);
+  }
+  async getLink(domainOrSlug, maybeSlug) {
+    const slug = normalizeSlug(maybeSlug || domainOrSlug);
+    const params = [slug];
+    let domainClause = "";
+    if (maybeSlug) {
+      domainClause = "AND d.hostname = ?";
+      params.push(normalizeHostname(domainOrSlug));
+    }
+    const row = await this.pg.get(`
+      SELECT l.*, d.hostname
+      FROM links l
+      JOIN domains d ON d.id = l.domain_id
+      WHERE l.slug = ? ${domainClause}
+      ORDER BY d.default_domain DESC, l.created_at ASC
+      LIMIT 1
+    `, ...params);
+    return row ? linkFromRow2(row) : null;
+  }
+  async totalStats() {
+    const row = await this.pg.get(`
+      SELECT
+        (SELECT COUNT(*)::int FROM domains) AS domains,
+        (SELECT COUNT(*)::int FROM links) AS links,
+        (SELECT COUNT(*)::int FROM clicks) AS clicks
+    `);
+    return row;
+  }
+  async resolve(hostname2, slug) {
+    const normalizedHost = normalizeHostname(hostname2);
+    const normalizedSlug = normalizeSlug(slug);
+    const row = await this.pg.get(`
+      SELECT l.*, d.hostname
+      FROM links l
+      JOIN domains d ON d.id = l.domain_id
+      WHERE d.hostname = ? AND l.slug = ?
+      LIMIT 1
+    `, normalizedHost, normalizedSlug);
+    if (row)
+      return linkFromRow2(row);
+    const fallback = await this.pg.get(`
+      SELECT l.*, d.hostname
+      FROM links l
+      JOIN domains d ON d.id = l.domain_id
+      WHERE d.default_domain = 1 AND l.slug = ?
+      ORDER BY d.created_at ASC
+      LIMIT 1
+    `, normalizedSlug);
+    return fallback ? linkFromRow2(fallback) : null;
+  }
+  async setLinkActive(domainOrSlug, maybeSlugOrActive, maybeActive) {
+    const active = typeof maybeSlugOrActive === "boolean" ? maybeSlugOrActive : Boolean(maybeActive);
+    const link = typeof maybeSlugOrActive === "boolean" ? await this.getLink(domainOrSlug) : await this.getLink(domainOrSlug, maybeSlugOrActive);
+    if (!link)
+      throw new Error("Link not found.");
+    const timestamp = now();
+    await this.pg.run(`
+      UPDATE links SET active = ?, updated_at = ?, synced_at = NULL WHERE id = ?
+    `, active ? 1 : 0, timestamp, link.id);
+    return await this.getLink(link.hostname, link.slug);
+  }
+  async deleteLink(domainOrSlug, maybeSlug) {
+    const link = maybeSlug ? await this.getLink(domainOrSlug, maybeSlug) : await this.getLink(domainOrSlug);
+    if (!link)
+      throw new Error("Link not found.");
+    await this.pg.run("DELETE FROM links WHERE id = ?", link.id);
+    return link;
+  }
+  async recordClick(link, input = {}) {
+    const timestamp = now();
+    const machineId = getMachineId();
+    const ipHash = input.ip ? this.hashIp(input.ip) : null;
+    const id = makeId("clk");
+    await this.pg.run(`
+      INSERT INTO clicks (
+        id, link_id, domain_id, slug, clicked_at, ip_hash, user_agent, referer,
+        country, city, metadata, machine_id, synced_at, created_at, updated_at
+      )
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NULL, ?, ?)
+    `, id, link.id, link.domain_id, link.slug, timestamp, ipHash, input.userAgent || null, input.referer || null, input.country || null, input.city || null, JSON.stringify(input.metadata || {}), machineId, timestamp, timestamp);
+    const row = await this.pg.get("SELECT * FROM clicks WHERE id = ?", id);
+    return clickFromRow2(row);
+  }
+  async getStats(domainOrSlug, maybeSlug) {
+    const link = maybeSlug ? await this.getLink(domainOrSlug, maybeSlug) : await this.getLink(domainOrSlug);
+    if (!link)
+      throw new Error("Link not found.");
+    const summary = await this.pg.get(`
+      SELECT COUNT(*)::int AS clicks, MAX(clicked_at) AS last_clicked_at FROM clicks WHERE link_id = ?
+    `, link.id);
+    const topReferrers = await this.pg.all(`
+      SELECT referer, COUNT(*)::int AS clicks
+      FROM clicks
+      WHERE link_id = ?
+      GROUP BY referer
+      ORDER BY clicks DESC
+      LIMIT 10
+    `, link.id);
+    const topUserAgents = await this.pg.all(`
+      SELECT user_agent, COUNT(*)::int AS clicks
+      FROM clicks
+      WHERE link_id = ?
+      GROUP BY user_agent
+      ORDER BY clicks DESC
+      LIMIT 10
+    `, link.id);
+    return {
+      link,
+      clicks: summary.clicks,
+      last_clicked_at: nullableIso(summary.last_clicked_at),
+      top_referrers: topReferrers,
+      top_user_agents: topUserAgents
+    };
+  }
+  hashIp(ip) {
+    const salt = process.env.SHORTLINKS_CLICK_SALT || "shortlinks-cloud";
+    return createHash2("sha256").update(`${salt}:${ip}`).digest("hex");
+  }
+  async generateAvailableSlug(domainId, length) {
+    for (let attempt = 0;attempt < 32; attempt += 1) {
+      const slug = randomToken(length);
+      const exists = await this.pg.get(`
+        SELECT 1 FROM links WHERE domain_id = ? AND slug = ? LIMIT 1
+      `, domainId, slug);
+      if (!exists)
+        return slug;
+    }
+    throw new Error("Could not generate an unused slug after 32 attempts.");
+  }
+}
+
 // src/server.ts
 function json(data, status = 200) {
   return new Response(JSON.stringify(data, null, 2), {
@@ -3123,25 +3443,35 @@ function createShortlinksHandler(options = {}) {
   return async (request) => {
     const url = new URL(request.url);
     if (url.pathname === "/healthz") {
-      return json({ ok: true, service: "shortlinks", stats: store.totalStats() });
+      return json({ ok: true, service: "shortlinks", stats: await store.totalStats() });
     }
     if (url.pathname === "/" || url.pathname === "") {
       return json({ service: "shortlinks", ok: true });
     }
-    const slug = decodeURIComponent(url.pathname.replace(/^\/+/, "").split("/")[0] || "");
+    let slug = "";
+    try {
+      slug = decodeURIComponent(url.pathname.replace(/^\/+/, "").split("/")[0] || "");
+    } catch {
+      return json({ error: "Invalid slug." }, 400);
+    }
     if (!slug)
       return json({ error: "Missing slug." }, 404);
     const host = getHost(request, options.defaultHost);
     if (!host)
       return json({ error: "Missing Host header." }, 400);
-    const link = store.resolve(host, slug);
+    let link = null;
+    try {
+      link = await store.resolve(host, slug);
+    } catch {
+      return json({ error: "Shortlink not found.", slug, host }, 404);
+    }
     if (!link)
       return json({ error: "Shortlink not found.", slug, host }, 404);
     if (!link.active)
       return json({ error: "Shortlink is disabled.", slug, host }, 410);
     if (isExpired(link))
       return json({ error: "Shortlink is expired.", slug, host }, 410);
-    store.recordClick(link, {
+    await store.recordClick(link, {
       ip: getClientIp(request),
       userAgent: request.headers.get("user-agent"),
       referer: request.headers.get("referer"),
@@ -3476,7 +3806,22 @@ function withStore(fn) {
     store.close();
   }
 }
-async function withStoreAsync(fn) {
+function storeMode() {
+  const opts = program2.opts();
+  const value = String(opts.cloud ? "cloud" : opts.store || process.env.SHORTLINKS_STORE || "local").toLowerCase();
+  if (value !== "local" && value !== "cloud")
+    throw new Error(`Unknown store mode: ${value}`);
+  return value;
+}
+async function withRuntimeStore(fn) {
+  if (storeMode() === "cloud") {
+    const store2 = await PgShortlinksStore.fromCloud("shortlinks");
+    try {
+      return await fn(store2);
+    } finally {
+      await store2.close();
+    }
+  }
   const store = new ShortlinksStore(program2.opts().db);
   try {
     return await fn(store);
@@ -3491,15 +3836,15 @@ function commandExists(command) {
   const result = spawnSync3("which", [command], { encoding: "utf-8" });
   return result.status === 0;
 }
-program2.name("shortlinks").description("CLI-only shortlink manager with custom domains, click tracking, Cloudflare helpers, and cloud sync").version(getPackageVersion()).option("--db <path>", "SQLite database path").option("-j, --json", "Output JSON for agents and scripts");
-program2.command("init").description("Initialize local shortlinks storage").option("--domain <hostname>", "Add a default shortlink domain").option("--public-base-url <url>", "Public URL base for generated links").option("-j, --json", "Output JSON").action((opts) => {
+program2.name("shortlinks").description("CLI-only shortlink manager with custom domains, click tracking, Cloudflare helpers, and cloud sync").version(getPackageVersion()).option("--db <path>", "SQLite database path").option("--store <mode>", "Data store mode: cloud or local", process.env.SHORTLINKS_STORE || "local").option("--cloud", "Use the shortlinks PostgreSQL database directly").option("-j, --json", "Output JSON for agents and scripts");
+program2.command("init").description("Initialize local shortlinks storage").option("--domain <hostname>", "Add a default shortlink domain").option("--public-base-url <url>", "Public URL base for generated links").option("-j, --json", "Output JSON").action(async (opts) => {
   try {
-    const result = withStore((store) => {
+    const result = await withRuntimeStore(async (store) => {
       const config = loadConfig();
       if (opts.publicBaseUrl)
         config.publicBaseUrl = opts.publicBaseUrl;
       if (opts.domain) {
-        const domain = store.addDomain({
+        const domain = await store.addDomain({
           hostname: opts.domain,
           provider: "manual",
           defaultDomain: true
@@ -3507,13 +3852,15 @@ program2.command("init").description("Initialize local shortlinks storage").opti
         config.defaultDomain = domain.hostname;
         config.publicBaseUrl = opts.publicBaseUrl || `https://${domain.hostname}`;
       }
-      saveConfig(config);
+      if (storeMode() === "local")
+        saveConfig(config);
       return {
         data_dir: getDataDir(),
         config_path: getConfigPath(),
         db_path: getDatabasePath(program2.opts().db),
+        store: storeMode(),
         config,
-        stats: store.totalStats()
+        stats: await store.totalStats()
       };
     });
     print(result, opts, () => {
@@ -3560,9 +3907,9 @@ configCmd.command("set <key> <value>").description("Set config value: default-do
   }
 });
 var domainCmd = program2.command("domain").alias("domains").description("Manage custom shortlink domains");
-domainCmd.command("add <hostname>").description("Add or update a custom domain").option("--provider <provider>", "Provider label", "manual").option("--default", "Make this the default domain").option("--cloudflare-zone-id <id>", "Cloudflare zone ID").option("--cloudflare-account-id <id>", "Cloudflare account ID").option("--cloudflare-worker-name <name>", "Cloudflare Worker name").option("--origin <url>", "Origin redirect server URL").option("--notes <text>", "Notes").option("-j, --json", "Output JSON").action((hostname2, opts) => {
+domainCmd.command("add <hostname>").description("Add or update a custom domain").option("--provider <provider>", "Provider label", "manual").option("--default", "Make this the default domain").option("--cloudflare-zone-id <id>", "Cloudflare zone ID").option("--cloudflare-account-id <id>", "Cloudflare account ID").option("--cloudflare-worker-name <name>", "Cloudflare Worker name").option("--origin <url>", "Origin redirect server URL").option("--notes <text>", "Notes").option("-j, --json", "Output JSON").action(async (hostname2, opts) => {
   try {
-    const domain = withStore((store) => store.addDomain({
+    const domain = await withRuntimeStore((store) => store.addDomain({
       hostname: hostname2,
       provider: opts.provider,
       defaultDomain: opts.default,
@@ -3581,9 +3928,9 @@ domainCmd.command("add <hostname>").description("Add or update a custom domain")
     handleError(error);
   }
 });
-domainCmd.command("list").description("List configured domains").option("-j, --json", "Output JSON").action((opts) => {
+domainCmd.command("list").description("List configured domains").option("-j, --json", "Output JSON").action(async (opts) => {
   try {
-    const domains = withStore((store) => store.listDomains());
+    const domains = await withRuntimeStore((store) => store.listDomains());
     print(domains, opts, () => {
       if (domains.length === 0) {
         console.log(source_default.dim("No domains configured."));
@@ -3598,9 +3945,9 @@ domainCmd.command("list").description("List configured domains").option("-j, --j
     handleError(error);
   }
 });
-domainCmd.command("get <hostname>").description("Show a configured domain").option("-j, --json", "Output JSON").action((hostname2, opts) => {
+domainCmd.command("get <hostname>").description("Show a configured domain").option("-j, --json", "Output JSON").action(async (hostname2, opts) => {
   try {
-    const domain = withStore((store) => store.getDomain(hostname2));
+    const domain = await withRuntimeStore((store) => store.getDomain(hostname2));
     if (!domain)
       throw new Error("Domain not found.");
     print(domain, opts, () => console.log(JSON.stringify(domain, null, 2)));
@@ -3610,8 +3957,8 @@ domainCmd.command("get <hostname>").description("Show a configured domain").opti
 });
 domainCmd.command("setup <hostname>").description("Add a domain locally and optionally prepare Cloudflare DNS").option("--default", "Make this the default domain").option("--origin <url>", "Origin redirect server URL").option("--cloudflare", "Upsert Cloudflare CNAME record").option("--target <hostname>", "CNAME target for Cloudflare DNS").option("--zone-id <id>", "Cloudflare zone ID").option("--dry-run", "Show the Cloudflare plan without changing DNS").option("-j, --json", "Output JSON").action(async (hostname2, opts) => {
   try {
-    const result = await withStoreAsync(async (store) => {
-      const domain = store.addDomain({
+    const result = await withRuntimeStore(async (store) => {
+      const domain = await store.addDomain({
         hostname: hostname2,
         provider: opts.cloudflare ? "cloudflare" : "manual",
         defaultDomain: opts.default,
@@ -3657,9 +4004,9 @@ domainCmd.command("buy <hostname>").description("Buy a domain through @hasna/dom
   });
 });
 var linkCmd = program2.command("link").alias("links").description("Manage shortlinks");
-function createLinkAction(url, opts) {
+async function createLinkAction(url, opts) {
   try {
-    const link = withStore((store) => store.createLink({
+    const link = await withRuntimeStore((store) => store.createLink({
       destinationUrl: url,
       domain: opts.domain,
       slug: opts.slug,
@@ -3674,9 +4021,9 @@ function createLinkAction(url, opts) {
 }
 linkCmd.command("create <url>").description("Create a shortlink").option("--domain <hostname>", "Domain to use").option("--slug <slug>", "Custom slug").option("--title <title>", "Human title").option("--expires <date>", "Expiration date").option("--length <n>", "Generated slug length", "7").option("-j, --json", "Output JSON").action(createLinkAction);
 program2.command("create <url>").description("Create a shortlink").option("--domain <hostname>", "Domain to use").option("--slug <slug>", "Custom slug").option("--title <title>", "Human title").option("--expires <date>", "Expiration date").option("--length <n>", "Generated slug length", "7").option("-j, --json", "Output JSON").action(createLinkAction);
-linkCmd.command("list").description("List shortlinks").option("--domain <hostname>", "Filter by domain").option("--active", "Only active links").option("--limit <n>", "Maximum rows", "100").option("-j, --json", "Output JSON").action((opts) => {
+linkCmd.command("list").description("List shortlinks").option("--domain <hostname>", "Filter by domain").option("--active", "Only active links").option("--limit <n>", "Maximum rows", "100").option("-j, --json", "Output JSON").action(async (opts) => {
   try {
-    const links = withStore((store) => store.listLinks({
+    const links = await withRuntimeStore((store) => store.listLinks({
       domain: opts.domain,
       activeOnly: opts.active,
       limit: Number(opts.limit)
@@ -3693,9 +4040,9 @@ linkCmd.command("list").description("List shortlinks").option("--domain <hostnam
     handleError(error);
   }
 });
-linkCmd.command("get <slug>").description("Show a shortlink").option("--domain <hostname>", "Domain to use").option("-j, --json", "Output JSON").action((slug, opts) => {
+linkCmd.command("get <slug>").description("Show a shortlink").option("--domain <hostname>", "Domain to use").option("-j, --json", "Output JSON").action(async (slug, opts) => {
   try {
-    const link = withStore((store) => opts.domain ? store.getLink(opts.domain, slug) : store.getLink(slug));
+    const link = await withRuntimeStore((store) => opts.domain ? store.getLink(opts.domain, slug) : store.getLink(slug));
     if (!link)
       throw new Error("Link not found.");
     print(link, opts, () => console.log(JSON.stringify(link, null, 2)));
@@ -3703,33 +4050,33 @@ linkCmd.command("get <slug>").description("Show a shortlink").option("--domain <
     handleError(error);
   }
 });
-linkCmd.command("disable <slug>").description("Disable a shortlink").option("--domain <hostname>", "Domain to use").option("-j, --json", "Output JSON").action((slug, opts) => {
+linkCmd.command("disable <slug>").description("Disable a shortlink").option("--domain <hostname>", "Domain to use").option("-j, --json", "Output JSON").action(async (slug, opts) => {
   try {
-    const link = withStore((store) => opts.domain ? store.setLinkActive(opts.domain, slug, false) : store.setLinkActive(slug, false));
+    const link = await withRuntimeStore((store) => opts.domain ? store.setLinkActive(opts.domain, slug, false) : store.setLinkActive(slug, false));
     print(link, opts, () => console.log(source_default.green(`Disabled ${link.short_url}`)));
   } catch (error) {
     handleError(error);
   }
 });
-linkCmd.command("enable <slug>").description("Enable a shortlink").option("--domain <hostname>", "Domain to use").option("-j, --json", "Output JSON").action((slug, opts) => {
+linkCmd.command("enable <slug>").description("Enable a shortlink").option("--domain <hostname>", "Domain to use").option("-j, --json", "Output JSON").action(async (slug, opts) => {
   try {
-    const link = withStore((store) => opts.domain ? store.setLinkActive(opts.domain, slug, true) : store.setLinkActive(slug, true));
+    const link = await withRuntimeStore((store) => opts.domain ? store.setLinkActive(opts.domain, slug, true) : store.setLinkActive(slug, true));
     print(link, opts, () => console.log(source_default.green(`Enabled ${link.short_url}`)));
   } catch (error) {
     handleError(error);
   }
 });
-linkCmd.command("delete <slug>").description("Delete a shortlink").option("--domain <hostname>", "Domain to use").option("-j, --json", "Output JSON").action((slug, opts) => {
+linkCmd.command("delete <slug>").description("Delete a shortlink").option("--domain <hostname>", "Domain to use").option("-j, --json", "Output JSON").action(async (slug, opts) => {
   try {
-    const link = withStore((store) => opts.domain ? store.deleteLink(opts.domain, slug) : store.deleteLink(slug));
+    const link = await withRuntimeStore((store) => opts.domain ? store.deleteLink(opts.domain, slug) : store.deleteLink(slug));
     print(link, opts, () => console.log(source_default.green(`Deleted ${link.short_url}`)));
   } catch (error) {
     handleError(error);
   }
 });
-program2.command("resolve <slug>").description("Resolve a slug to its destination without recording a click").option("--domain <hostname>", "Domain to use").option("-j, --json", "Output JSON").action((slug, opts) => {
+program2.command("resolve <slug>").description("Resolve a slug to its destination without recording a click").option("--domain <hostname>", "Domain to use").option("-j, --json", "Output JSON").action(async (slug, opts) => {
   try {
-    const link = withStore((store) => opts.domain ? store.getLink(opts.domain, slug) : store.getLink(slug));
+    const link = await withRuntimeStore((store) => opts.domain ? store.getLink(opts.domain, slug) : store.getLink(slug));
     if (!link)
       throw new Error("Link not found.");
     print(link, opts, () => console.log(link.destination_url));
@@ -3737,9 +4084,9 @@ program2.command("resolve <slug>").description("Resolve a slug to its destinatio
     handleError(error);
   }
 });
-program2.command("stats [slug]").description("Show overall stats or stats for a shortlink").option("--domain <hostname>", "Domain to use").option("-j, --json", "Output JSON").action((slug, opts) => {
+program2.command("stats [slug]").description("Show overall stats or stats for a shortlink").option("--domain <hostname>", "Domain to use").option("-j, --json", "Output JSON").action(async (slug, opts) => {
   try {
-    const result = withStore((store) => {
+    const result = await withRuntimeStore((store) => {
       if (slug)
         return opts.domain ? store.getStats(opts.domain, slug) : store.getStats(slug);
       return store.totalStats();
@@ -3749,15 +4096,18 @@ program2.command("stats [slug]").description("Show overall stats or stats for a
     handleError(error);
   }
 });
-program2.command("serve").description("Run the redirect server that records clicks").option("--host <host>", "Bind host", "127.0.0.1").option("--port <port>", "Port", "8787").option("--default-host <hostname>", "Fallback host if the request has no Host header").action((opts) => {
+program2.command("serve").description("Run the redirect server that records clicks").option("--host <host>", "Bind host", "127.0.0.1").option("--port <port>", "Port", "8787").option("--default-host <hostname>", "Fallback host if the request has no Host header").option("--cloud", "Serve directly from the shortlinks PostgreSQL database").action(async (opts) => {
   try {
+    const store = opts.cloud || storeMode() === "cloud" ? await PgShortlinksStore.fromCloud("shortlinks") : undefined;
     const server = serveShortlinks({
+      store,
       dbPath: program2.opts().db,
       host: opts.host,
       port: Number(opts.port),
       defaultHost: opts.defaultHost
     });
-    console.log(source_default.green(`shortlinks redirect server listening on http://${server.hostname}:${server.port}`));
+    const mode = store ? "cloud" : "local";
+    console.log(source_default.green(`shortlinks redirect server listening on http://${server.hostname}:${server.port} (${mode})`));
   } catch (error) {
     handleError(error);
   }
@@ -3903,11 +4253,13 @@ localCmd.command("setup <domain>").description("Record local domain mapping with
     handleError(error);
   }
 });
-program2.command("doctor").description("Check local shortlinks tooling and integration readiness").option("-j, --json", "Output JSON").action((opts) => {
+program2.command("doctor").description("Check local shortlinks tooling and integration readiness").option("-j, --json", "Output JSON").action(async (opts) => {
   try {
-    const stats = withStore((store) => store.totalStats());
+    const mode = storeMode();
+    const stats = await withRuntimeStore((store) => store.totalStats());
     const data = {
       service: "shortlinks",
+      store: mode,
       data_dir: getDataDir(),
       config_path: getConfigPath(),
       db_path: getDatabasePath(program2.opts().db),

package/dist/index.d.ts

@@ -1,5 +1,6 @@
 export { ShortlinksDatabase, SQLITE_MIGRATIONS, makeId, now } from "./database.js";
 export { ShortlinksStore } from "./store.js";
+export { PgShortlinksStore } from "./pg-store.js";
 export { createShortlinksHandler, serveShortlinks } from "./server.js";
 export { createCloudflarePlan, generateWorkerScript, writeWorkerFiles, upsertCloudflareDnsRecord } from "./cloudflare.js";
 export { createLocalSetupPlan, registerMachinesDns } from "./local.js";

package/dist/index.js

@@ -1,4 +1,22 @@
 // @bun
+var __create = Object.create;
+var __getProtoOf = Object.getPrototypeOf;
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __toESM = (mod, isNodeMode, target) => {
+  target = mod != null ? __create(__getProtoOf(mod)) : {};
+  const to = isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target;
+  for (let key of __getOwnPropNames(mod))
+    if (!__hasOwnProp.call(to, key))
+      __defProp(to, key, {
+        get: () => mod[key],
+        enumerable: true
+      });
+  return to;
+};
+var __require = import.meta.require;
+
 // src/database.ts
 import { Database } from "bun:sqlite";
 import { mkdirSync as mkdirSync2 } from "fs";
@@ -529,6 +547,325 @@ class ShortlinksStore {
     return createHash("sha256").update(`${salt}:${ip}`).digest("hex");
   }
 }
+// src/pg-store.ts
+import { createHash as createHash2 } from "crypto";
+function parseJsonObject2(value) {
+  if (!value)
+    return {};
+  if (typeof value === "object" && !Array.isArray(value))
+    return value;
+  try {
+    const parsed = JSON.parse(String(value));
+    return parsed && typeof parsed === "object" && !Array.isArray(parsed) ? parsed : {};
+  } catch {
+    return {};
+  }
+}
+function toIsoString(value) {
+  if (value instanceof Date)
+    return value.toISOString();
+  return String(value);
+}
+function nullableIso(value) {
+  if (value === null || value === undefined)
+    return null;
+  return toIsoString(value);
+}
+function domainFromRow2(row) {
+  return {
+    ...row,
+    default_domain: Boolean(row.default_domain),
+    synced_at: nullableIso(row.synced_at),
+    created_at: toIsoString(row.created_at),
+    updated_at: toIsoString(row.updated_at),
+    metadata: parseJsonObject2(row.metadata)
+  };
+}
+function linkFromRow2(row) {
+  return {
+    ...row,
+    active: Boolean(row.active),
+    expires_at: nullableIso(row.expires_at),
+    synced_at: nullableIso(row.synced_at),
+    created_at: toIsoString(row.created_at),
+    updated_at: toIsoString(row.updated_at),
+    metadata: parseJsonObject2(row.metadata),
+    short_url: formatShortUrl(row.hostname, row.slug)
+  };
+}
+function validateDestinationUrl2(url) {
+  let parsed;
+  try {
+    parsed = new URL(url);
+  } catch {
+    throw new Error(`Invalid destination URL: ${url}`);
+  }
+  if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+    throw new Error("Destination URL must start with http:// or https://.");
+  }
+  return parsed.toString();
+}
+function isoOrNull2(input) {
+  if (!input)
+    return null;
+  const date = new Date(input);
+  if (Number.isNaN(date.getTime()))
+    throw new Error(`Invalid date: ${input}`);
+  return date.toISOString();
+}
+function clickFromRow2(row) {
+  return {
+    ...row,
+    clicked_at: toIsoString(row.clicked_at),
+    synced_at: nullableIso(row.synced_at),
+    created_at: toIsoString(row.created_at),
+    updated_at: toIsoString(row.updated_at),
+    metadata: parseJsonObject2(row.metadata)
+  };
+}
+
+class PgShortlinksStore {
+  pg;
+  constructor(pg) {
+    this.pg = pg;
+  }
+  static async fromConnectionString(connectionString) {
+    const { PgAdapterAsync } = await import("@hasna/cloud");
+    return new PgShortlinksStore(new PgAdapterAsync(connectionString));
+  }
+  static async fromCloud(service = "shortlinks") {
+    const { getConnectionString } = await import("@hasna/cloud");
+    return PgShortlinksStore.fromConnectionString(getConnectionString(service));
+  }
+  async close() {
+    await this.pg.close?.();
+  }
+  async addDomain(input) {
+    const hostname2 = normalizeHostname(input.hostname);
+    const timestamp = now();
+    const machineId = getMachineId();
+    const existing = await this.getDomain(hostname2);
+    const id = existing?.id || makeId("dom");
+    if (input.defaultDomain) {
+      await this.pg.run("UPDATE domains SET default_domain = 0, updated_at = ? WHERE default_domain = 1", timestamp);
+    }
+    await this.pg.run(`
+      INSERT INTO domains (
+        id, hostname, provider, default_domain, cloudflare_zone_id, cloudflare_account_id,
+        cloudflare_worker_name, origin_url, notes, metadata, machine_id, synced_at, created_at, updated_at
+      )
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NULL, ?, ?)
+      ON CONFLICT(hostname) DO UPDATE SET
+        provider = excluded.provider,
+        default_domain = excluded.default_domain,
+        cloudflare_zone_id = COALESCE(excluded.cloudflare_zone_id, domains.cloudflare_zone_id),
+        cloudflare_account_id = COALESCE(excluded.cloudflare_account_id, domains.cloudflare_account_id),
+        cloudflare_worker_name = COALESCE(excluded.cloudflare_worker_name, domains.cloudflare_worker_name),
+        origin_url = COALESCE(excluded.origin_url, domains.origin_url),
+        notes = COALESCE(excluded.notes, domains.notes),
+        metadata = excluded.metadata,
+        machine_id = excluded.machine_id,
+        synced_at = NULL,
+        updated_at = excluded.updated_at
+    `, id, hostname2, input.provider || existing?.provider || "manual", input.defaultDomain ?? existing?.default_domain ? 1 : 0, input.cloudflareZoneId || existing?.cloudflare_zone_id || null, input.cloudflareAccountId || existing?.cloudflare_account_id || null, input.cloudflareWorkerName || existing?.cloudflare_worker_name || null, input.originUrl || existing?.origin_url || null, input.notes || existing?.notes || null, JSON.stringify(input.metadata || existing?.metadata || {}), machineId, existing?.created_at || timestamp, timestamp);
+    return await this.getDomain(hostname2);
+  }
+  async listDomains() {
+    const rows = await this.pg.all(`
+      SELECT * FROM domains
+      ORDER BY default_domain DESC, hostname ASC
+    `);
+    return rows.map(domainFromRow2);
+  }
+  async getDomain(hostnameOrId) {
+    const normalized = hostnameOrId.includes(".") || hostnameOrId.includes("://") ? normalizeHostname(hostnameOrId) : hostnameOrId;
+    const row = await this.pg.get(`
+      SELECT * FROM domains WHERE hostname = ? OR id = ? LIMIT 1
+    `, normalized, hostnameOrId);
+    return row ? domainFromRow2(row) : null;
+  }
+  async getDefaultDomain() {
+    const row = await this.pg.get(`
+      SELECT * FROM domains ORDER BY default_domain DESC, created_at ASC LIMIT 1
+    `);
+    return row ? domainFromRow2(row) : null;
+  }
+  async createLink(input) {
+    const domain = input.domain ? await this.getDomain(input.domain) : await this.getDefaultDomain();
+    if (!domain) {
+      throw new Error("No domain configured. Run `shortlinks domain add <domain> --default` first.");
+    }
+    const destinationUrl = validateDestinationUrl2(input.destinationUrl);
+    const timestamp = now();
+    const machineId = getMachineId();
+    const expiresAt = isoOrNull2(input.expiresAt);
+    const slug = input.slug ? normalizeSlug(input.slug) : await this.generateAvailableSlug(domain.id, input.slugLength || DEFAULT_SLUG_LENGTH);
+    try {
+      await this.pg.run(`
+        INSERT INTO links (
+          id, domain_id, slug, destination_url, title, active, expires_at, metadata,
+          machine_id, synced_at, created_at, updated_at
+        )
+        VALUES (?, ?, ?, ?, ?, 1, ?, ?, ?, NULL, ?, ?)
+      `, makeId("lnk"), domain.id, slug, destinationUrl, input.title || null, expiresAt, JSON.stringify(input.metadata || {}), machineId, timestamp, timestamp);
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      if (message.includes("unique") || message.includes("duplicate")) {
+        throw new Error(`Slug already exists for ${domain.hostname}: ${slug}`);
+      }
+      throw error;
+    }
+    return await this.getLink(domain.hostname, slug);
+  }
+  async listLinks(options = {}) {
+    const params = [];
+    let where = "WHERE 1 = 1";
+    if (options.domain) {
+      where += " AND d.hostname = ?";
+      params.push(normalizeHostname(options.domain));
+    }
+    if (options.activeOnly)
+      where += " AND l.active = 1";
+    params.push(options.limit || 100);
+    const rows = await this.pg.all(`
+      SELECT l.*, d.hostname
+      FROM links l
+      JOIN domains d ON d.id = l.domain_id
+      ${where}
+      ORDER BY l.created_at DESC
+      LIMIT ?
+    `, ...params);
+    return rows.map(linkFromRow2);
+  }
+  async getLink(domainOrSlug, maybeSlug) {
+    const slug = normalizeSlug(maybeSlug || domainOrSlug);
+    const params = [slug];
+    let domainClause = "";
+    if (maybeSlug) {
+      domainClause = "AND d.hostname = ?";
+      params.push(normalizeHostname(domainOrSlug));
+    }
+    const row = await this.pg.get(`
+      SELECT l.*, d.hostname
+      FROM links l
+      JOIN domains d ON d.id = l.domain_id
+      WHERE l.slug = ? ${domainClause}
+      ORDER BY d.default_domain DESC, l.created_at ASC
+      LIMIT 1
+    `, ...params);
+    return row ? linkFromRow2(row) : null;
+  }
+  async totalStats() {
+    const row = await this.pg.get(`
+      SELECT
+        (SELECT COUNT(*)::int FROM domains) AS domains,
+        (SELECT COUNT(*)::int FROM links) AS links,
+        (SELECT COUNT(*)::int FROM clicks) AS clicks
+    `);
+    return row;
+  }
+  async resolve(hostname2, slug) {
+    const normalizedHost = normalizeHostname(hostname2);
+    const normalizedSlug = normalizeSlug(slug);
+    const row = await this.pg.get(`
+      SELECT l.*, d.hostname
+      FROM links l
+      JOIN domains d ON d.id = l.domain_id
+      WHERE d.hostname = ? AND l.slug = ?
+      LIMIT 1
+    `, normalizedHost, normalizedSlug);
+    if (row)
+      return linkFromRow2(row);
+    const fallback = await this.pg.get(`
+      SELECT l.*, d.hostname
+      FROM links l
+      JOIN domains d ON d.id = l.domain_id
+      WHERE d.default_domain = 1 AND l.slug = ?
+      ORDER BY d.created_at ASC
+      LIMIT 1
+    `, normalizedSlug);
+    return fallback ? linkFromRow2(fallback) : null;
+  }
+  async setLinkActive(domainOrSlug, maybeSlugOrActive, maybeActive) {
+    const active = typeof maybeSlugOrActive === "boolean" ? maybeSlugOrActive : Boolean(maybeActive);
+    const link = typeof maybeSlugOrActive === "boolean" ? await this.getLink(domainOrSlug) : await this.getLink(domainOrSlug, maybeSlugOrActive);
+    if (!link)
+      throw new Error("Link not found.");
+    const timestamp = now();
+    await this.pg.run(`
+      UPDATE links SET active = ?, updated_at = ?, synced_at = NULL WHERE id = ?
+    `, active ? 1 : 0, timestamp, link.id);
+    return await this.getLink(link.hostname, link.slug);
+  }
+  async deleteLink(domainOrSlug, maybeSlug) {
+    const link = maybeSlug ? await this.getLink(domainOrSlug, maybeSlug) : await this.getLink(domainOrSlug);
+    if (!link)
+      throw new Error("Link not found.");
+    await this.pg.run("DELETE FROM links WHERE id = ?", link.id);
+    return link;
+  }
+  async recordClick(link, input = {}) {
+    const timestamp = now();
+    const machineId = getMachineId();
+    const ipHash = input.ip ? this.hashIp(input.ip) : null;
+    const id = makeId("clk");
+    await this.pg.run(`
+      INSERT INTO clicks (
+        id, link_id, domain_id, slug, clicked_at, ip_hash, user_agent, referer,
+        country, city, metadata, machine_id, synced_at, created_at, updated_at
+      )
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NULL, ?, ?)
+    `, id, link.id, link.domain_id, link.slug, timestamp, ipHash, input.userAgent || null, input.referer || null, input.country || null, input.city || null, JSON.stringify(input.metadata || {}), machineId, timestamp, timestamp);
+    const row = await this.pg.get("SELECT * FROM clicks WHERE id = ?", id);
+    return clickFromRow2(row);
+  }
+  async getStats(domainOrSlug, maybeSlug) {
+    const link = maybeSlug ? await this.getLink(domainOrSlug, maybeSlug) : await this.getLink(domainOrSlug);
+    if (!link)
+      throw new Error("Link not found.");
+    const summary = await this.pg.get(`
+      SELECT COUNT(*)::int AS clicks, MAX(clicked_at) AS last_clicked_at FROM clicks WHERE link_id = ?
+    `, link.id);
+    const topReferrers = await this.pg.all(`
+      SELECT referer, COUNT(*)::int AS clicks
+      FROM clicks
+      WHERE link_id = ?
+      GROUP BY referer
+      ORDER BY clicks DESC
+      LIMIT 10
+    `, link.id);
+    const topUserAgents = await this.pg.all(`
+      SELECT user_agent, COUNT(*)::int AS clicks
+      FROM clicks
+      WHERE link_id = ?
+      GROUP BY user_agent
+      ORDER BY clicks DESC
+      LIMIT 10
+    `, link.id);
+    return {
+      link,
+      clicks: summary.clicks,
+      last_clicked_at: nullableIso(summary.last_clicked_at),
+      top_referrers: topReferrers,
+      top_user_agents: topUserAgents
+    };
+  }
+  hashIp(ip) {
+    const salt = process.env.SHORTLINKS_CLICK_SALT || "shortlinks-cloud";
+    return createHash2("sha256").update(`${salt}:${ip}`).digest("hex");
+  }
+  async generateAvailableSlug(domainId, length) {
+    for (let attempt = 0;attempt < 32; attempt += 1) {
+      const slug = randomToken(length);
+      const exists = await this.pg.get(`
+        SELECT 1 FROM links WHERE domain_id = ? AND slug = ? LIMIT 1
+      `, domainId, slug);
+      if (!exists)
+        return slug;
+    }
+    throw new Error("Could not generate an unused slug after 32 attempts.");
+  }
+}
 // src/server.ts
 function json(data, status = 200) {
   return new Response(JSON.stringify(data, null, 2), {
@@ -556,25 +893,35 @@ function createShortlinksHandler(options = {}) {
   return async (request) => {
     const url = new URL(request.url);
     if (url.pathname === "/healthz") {
-      return json({ ok: true, service: "shortlinks", stats: store.totalStats() });
+      return json({ ok: true, service: "shortlinks", stats: await store.totalStats() });
     }
     if (url.pathname === "/" || url.pathname === "") {
       return json({ service: "shortlinks", ok: true });
     }
-    const slug = decodeURIComponent(url.pathname.replace(/^\/+/, "").split("/")[0] || "");
+    let slug = "";
+    try {
+      slug = decodeURIComponent(url.pathname.replace(/^\/+/, "").split("/")[0] || "");
+    } catch {
+      return json({ error: "Invalid slug." }, 400);
+    }
     if (!slug)
       return json({ error: "Missing slug." }, 404);
     const host = getHost(request, options.defaultHost);
     if (!host)
       return json({ error: "Missing Host header." }, 400);
-    const link = store.resolve(host, slug);
+    let link = null;
+    try {
+      link = await store.resolve(host, slug);
+    } catch {
+      return json({ error: "Shortlink not found.", slug, host }, 404);
+    }
     if (!link)
       return json({ error: "Shortlink not found.", slug, host }, 404);
     if (!link.active)
       return json({ error: "Shortlink is disabled.", slug, host }, 410);
     if (isExpired(link))
       return json({ error: "Shortlink is expired.", slug, host }, 410);
-    store.recordClick(link, {
+    await store.recordClick(link, {
       ip: getClientIp(request),
       userAgent: request.headers.get("user-agent"),
       referer: request.headers.get("referer"),
@@ -863,5 +1210,6 @@ export {
   ShortlinksStore,
   ShortlinksDatabase,
   SQLITE_MIGRATIONS,
+  PgShortlinksStore,
   PG_MIGRATIONS
 };

package/dist/pg-store.d.ts

@@ -0,0 +1,38 @@
+import type { AddDomainInput, Click, ClickInput, CreateLinkInput, Domain, Link, LinkStats } from "./types.js";
+type PgAdapterLike = {
+    get(sql: string, ...params: unknown[]): Promise<any>;
+    all(sql: string, ...params: unknown[]): Promise<any[]>;
+    run(sql: string, ...params: unknown[]): Promise<unknown>;
+    close?: () => Promise<void>;
+};
+export declare class PgShortlinksStore {
+    private readonly pg;
+    constructor(pg: PgAdapterLike);
+    static fromConnectionString(connectionString: string): Promise<PgShortlinksStore>;
+    static fromCloud(service?: string): Promise<PgShortlinksStore>;
+    close(): Promise<void>;
+    addDomain(input: AddDomainInput): Promise<Domain>;
+    listDomains(): Promise<Domain[]>;
+    getDomain(hostnameOrId: string): Promise<Domain | null>;
+    getDefaultDomain(): Promise<Domain | null>;
+    createLink(input: CreateLinkInput): Promise<Link>;
+    listLinks(options?: {
+        domain?: string;
+        activeOnly?: boolean;
+        limit?: number;
+    }): Promise<Link[]>;
+    getLink(domainOrSlug: string, maybeSlug?: string): Promise<Link | null>;
+    totalStats(): Promise<{
+        domains: number;
+        links: number;
+        clicks: number;
+    }>;
+    resolve(hostname: string, slug: string): Promise<Link | null>;
+    setLinkActive(domainOrSlug: string, maybeSlugOrActive: string | boolean, maybeActive?: boolean): Promise<Link>;
+    deleteLink(domainOrSlug: string, maybeSlug?: string): Promise<Link>;
+    recordClick(link: Link, input?: ClickInput): Promise<Click>;
+    getStats(domainOrSlug: string, maybeSlug?: string): Promise<LinkStats>;
+    private hashIp;
+    private generateAvailableSlug;
+}
+export {};

package/dist/server.d.ts

@@ -1,6 +1,19 @@
-import { ShortlinksStore } from "./store.js";
+import type { ClickInput, Link } from "./types.js";
+export interface ShortlinksRuntimeStore {
+    totalStats(): {
+        domains: number;
+        links: number;
+        clicks: number;
+    } | Promise<{
+        domains: number;
+        links: number;
+        clicks: number;
+    }>;
+    resolve(hostname: string, slug: string): Link | null | Promise<Link | null>;
+    recordClick(link: Link, input?: ClickInput): unknown | Promise<unknown>;
+}
 export interface ShortlinksHandlerOptions {
-    store?: ShortlinksStore;
+    store?: ShortlinksRuntimeStore;
     dbPath?: string;
     defaultHost?: string;
     redirectStatus?: 301 | 302 | 307 | 308;

package/dist/server.js

@@ -558,25 +558,35 @@ function createShortlinksHandler(options = {}) {
   return async (request) => {
     const url = new URL(request.url);
     if (url.pathname === "/healthz") {
-      return json({ ok: true, service: "shortlinks", stats: store.totalStats() });
+      return json({ ok: true, service: "shortlinks", stats: await store.totalStats() });
     }
     if (url.pathname === "/" || url.pathname === "") {
       return json({ service: "shortlinks", ok: true });
     }
-    const slug = decodeURIComponent(url.pathname.replace(/^\/+/, "").split("/")[0] || "");
+    let slug = "";
+    try {
+      slug = decodeURIComponent(url.pathname.replace(/^\/+/, "").split("/")[0] || "");
+    } catch {
+      return json({ error: "Invalid slug." }, 400);
+    }
     if (!slug)
       return json({ error: "Missing slug." }, 404);
     const host = getHost(request, options.defaultHost);
     if (!host)
       return json({ error: "Missing Host header." }, 400);
-    const link = store.resolve(host, slug);
+    let link = null;
+    try {
+      link = await store.resolve(host, slug);
+    } catch {
+      return json({ error: "Shortlink not found.", slug, host }, 404);
+    }
     if (!link)
       return json({ error: "Shortlink not found.", slug, host }, 404);
     if (!link.active)
       return json({ error: "Shortlink is disabled.", slug, host }, 410);
     if (isExpired(link))
       return json({ error: "Shortlink is expired.", slug, host }, 410);
-    store.recordClick(link, {
+    await store.recordClick(link, {
       ip: getClientIp(request),
       userAgent: request.headers.get("user-agent"),
       referer: request.headers.get("referer"),

package/infra/aws-ec2-user-data.sh

@@ -64,9 +64,7 @@ RUNNER
 chmod 750 /usr/local/bin/shortlinks-env-exec
 chown root:shortlinks /usr/local/bin/shortlinks-env-exec
 
-su -s /bin/bash shortlinks -c '/usr/local/bin/shortlinks-env-exec shortlinks --json doctor'
-su -s /bin/bash shortlinks -c '/usr/local/bin/shortlinks-env-exec shortlinks --json config set default-domain has.na'
-su -s /bin/bash shortlinks -c '/usr/local/bin/shortlinks-env-exec shortlinks --json cloud pull --tables domains,links,clicks' || true
+su -s /bin/bash shortlinks -c 'PATH=/var/lib/shortlinks/.bun/bin:$PATH shortlinks --version'
 
 caddy_version="$(curl -fsSL https://api.github.com/repos/caddyserver/caddy/releases/latest | jq -r '.tag_name // "v2.10.2"' | sed 's/^v//')"
 case "$(uname -m)" in
@@ -92,8 +90,8 @@ Group=shortlinks
 WorkingDirectory=/var/lib/shortlinks
 Environment=HOME=/var/lib/shortlinks
 Environment=PATH=/var/lib/shortlinks/.bun/bin:/usr/local/bin:/usr/bin:/bin
-ExecStartPre=/usr/local/bin/shortlinks-env-exec shortlinks --json cloud pull --tables domains,links
-ExecStart=/usr/local/bin/shortlinks-env-exec shortlinks serve --host 127.0.0.1 --port 8787 --default-host has.na
+Environment=SHORTLINKS_STORE=cloud
+ExecStart=/usr/local/bin/shortlinks-env-exec shortlinks serve --cloud --host 127.0.0.1 --port 8787 --default-host has.na
 Restart=always
 RestartSec=5
 
@@ -101,35 +99,6 @@ RestartSec=5
 WantedBy=multi-user.target
 SERVICE
 
-cat > /etc/systemd/system/shortlinks-sync.service <<'SERVICE'
-[Unit]
-Description=Sync shortlinks SQLite data with RDS
-After=network-online.target
-Wants=network-online.target
-
-[Service]
-Type=oneshot
-User=shortlinks
-Group=shortlinks
-WorkingDirectory=/var/lib/shortlinks
-Environment=HOME=/var/lib/shortlinks
-Environment=PATH=/var/lib/shortlinks/.bun/bin:/usr/local/bin:/usr/bin:/bin
-ExecStart=/usr/local/bin/shortlinks-env-exec shortlinks --json cloud sync --tables domains,links,clicks
-SERVICE
-
-cat > /etc/systemd/system/shortlinks-sync.timer <<'TIMER'
-[Unit]
-Description=Run shortlinks cloud sync every minute
-
-[Timer]
-OnBootSec=2min
-OnUnitActiveSec=1min
-Unit=shortlinks-sync.service
-
-[Install]
-WantedBy=timers.target
-TIMER
-
 cat > /etc/systemd/system/caddy.service <<'SERVICE'
 [Unit]
 Description=Caddy web server for shortlinks
@@ -162,7 +131,6 @@ has.na {
 CADDY
 
 systemctl daemon-reload
-systemctl enable shortlinks.service shortlinks-sync.timer caddy.service
+systemctl enable shortlinks.service caddy.service
 systemctl start shortlinks.service
-systemctl start shortlinks-sync.timer
 systemctl start caddy.service || true

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hasna/shortlinks",
-  "version": "0.1.6",
+  "version": "0.1.8",
   "description": "CLI-only shortlink manager for custom domains, click tracking, Cloudflare setup, and @hasna cloud sync",
   "type": "module",
   "main": "dist/index.js",
@@ -31,7 +31,7 @@
     "SECURITY.md"
   ],
   "scripts": {
-    "build": "rm -rf dist && bun build src/cli/index.ts --outdir dist/cli --target bun --external @hasna/cloud && bun build src/index.ts --outdir dist --target bun --external @hasna/cloud && bun build src/server.ts --outdir dist --target bun && bun build src/cloudflare.ts --outdir dist --target bun && tsc -p tsconfig.build.json --emitDeclarationOnly --outDir dist",
+    "build": "rm -rf dist && bun build src/cli/index.ts --outdir dist/cli --target bun --external @hasna/cloud && bun build src/index.ts --outdir dist --target bun --external @hasna/cloud && bun build src/server.ts --outdir dist --target bun --external @hasna/cloud && bun build src/cloudflare.ts --outdir dist --target bun && tsc -p tsconfig.build.json --emitDeclarationOnly --outDir dist",
     "typecheck": "tsc --noEmit",
     "test": "bun test",
     "dev:cli": "bun run src/cli/index.ts",