@htlkg/astro 0.0.1

package/dist/chunk-WNMPTDCR.js

@@ -0,0 +1,73 @@
+// src/utils/ssr.ts
+async function getServerData(astro, fetcher, options = {}) {
+  try {
+    return await fetcher();
+  } catch (error) {
+    console.error("[SSR] Error fetching data:", error);
+    if (options.redirectOnError) {
+      return astro.redirect(options.redirectOnError);
+    }
+    return options.defaultValue ?? null;
+  }
+}
+function isServerSide(astro) {
+  return !astro.request.headers.get("x-astro-client");
+}
+function getRequestHeaders(astro) {
+  const headers = {};
+  astro.request.headers.forEach((value, key) => {
+    headers[key] = value;
+  });
+  return headers;
+}
+function getQueryParams(astro) {
+  const params = {};
+  const searchParams = new URL(astro.request.url).searchParams;
+  searchParams.forEach((value, key) => {
+    params[key] = value;
+  });
+  return params;
+}
+function setResponseHeaders(astro, headers) {
+  Object.entries(headers).forEach(([key, value]) => {
+    astro.response.headers.set(key, value);
+  });
+}
+function setCacheControl(astro, options) {
+  const directives = [];
+  if (options.public) {
+    directives.push("public");
+  } else {
+    directives.push("private");
+  }
+  if (options.maxAge !== void 0) {
+    directives.push(`max-age=${options.maxAge}`);
+  }
+  if (options.sMaxAge !== void 0) {
+    directives.push(`s-maxage=${options.sMaxAge}`);
+  }
+  if (options.staleWhileRevalidate !== void 0) {
+    directives.push(`stale-while-revalidate=${options.staleWhileRevalidate}`);
+  }
+  astro.response.headers.set("Cache-Control", directives.join(", "));
+}
+function getClientIP(astro) {
+  const headers = astro.request.headers;
+  return headers.get("x-forwarded-for")?.split(",")[0].trim() || headers.get("x-real-ip") || headers.get("cf-connecting-ip") || null;
+}
+function isMobileDevice(astro) {
+  const userAgent = astro.request.headers.get("user-agent") || "";
+  return /mobile|android|iphone|ipad|phone/i.test(userAgent);
+}
+
+export {
+  getServerData,
+  isServerSide,
+  getRequestHeaders,
+  getQueryParams,
+  setResponseHeaders,
+  setCacheControl,
+  getClientIP,
+  isMobileDevice
+};
+//# sourceMappingURL=chunk-WNMPTDCR.js.map

package/dist/chunk-WNMPTDCR.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/utils/ssr.ts"],"sourcesContent":["/**\n * SSR Utilities\n * \n * Helper functions for server-side rendering in Astro pages.\n */\n\nimport type { AstroGlobal } from 'astro';\n\n/**\n * Get server-side data with error handling\n * \n * @example\n * ```ts\n * const data = await getServerData(Astro, async () => {\n *   return await fetchBrand(brandId);\n * });\n * ```\n */\nexport async function getServerData<T>(\n  astro: AstroGlobal,\n  fetcher: () => Promise<T>,\n  options: {\n    redirectOnError?: string;\n    defaultValue?: T;\n  } = {}\n): Promise<T | null> {\n  try {\n    return await fetcher();\n  } catch (error) {\n    console.error('[SSR] Error fetching data:', error);\n    \n    if (options.redirectOnError) {\n      return astro.redirect(options.redirectOnError) as any;\n    }\n    \n    return options.defaultValue ?? null;\n  }\n}\n\n/**\n * Check if request is from server-side\n */\nexport function isServerSide(astro: AstroGlobal): boolean {\n  return !astro.request.headers.get('x-astro-client');\n}\n\n/**\n * Get request headers as object\n */\nexport function getRequestHeaders(astro: AstroGlobal): Record<string, string> {\n  const headers: Record<string, string> = {};\n  astro.request.headers.forEach((value, key) => {\n    headers[key] = value;\n  });\n  return headers;\n}\n\n/**\n * Get query parameters from URL\n */\nexport function getQueryParams(astro: AstroGlobal): Record<string, string> {\n  const params: Record<string, string> = {};\n  const searchParams = new URL(astro.request.url).searchParams;\n  \n  searchParams.forEach((value, key) => {\n    params[key] = value;\n  });\n  \n  return params;\n}\n\n/**\n * Set response headers\n */\nexport function setResponseHeaders(\n  astro: AstroGlobal,\n  headers: Record<string, string>\n): void {\n  Object.entries(headers).forEach(([key, value]) => {\n    astro.response.headers.set(key, value);\n  });\n}\n\n/**\n * Set cache control headers\n */\nexport function setCacheControl(\n  astro: AstroGlobal,\n  options: {\n    maxAge?: number;\n    sMaxAge?: number;\n    staleWhileRevalidate?: number;\n    public?: boolean;\n  }\n): void {\n  const directives: string[] = [];\n  \n  if (options.public) {\n    directives.push('public');\n  } else {\n    directives.push('private');\n  }\n  \n  if (options.maxAge !== undefined) {\n    directives.push(`max-age=${options.maxAge}`);\n  }\n  \n  if (options.sMaxAge !== undefined) {\n    directives.push(`s-maxage=${options.sMaxAge}`);\n  }\n  \n  if (options.staleWhileRevalidate !== undefined) {\n    directives.push(`stale-while-revalidate=${options.staleWhileRevalidate}`);\n  }\n  \n  astro.response.headers.set('Cache-Control', directives.join(', '));\n}\n\n/**\n * Get client IP address\n */\nexport function getClientIP(astro: AstroGlobal): string | null {\n  const headers = astro.request.headers;\n  \n  return (\n    headers.get('x-forwarded-for')?.split(',')[0].trim() ||\n    headers.get('x-real-ip') ||\n    headers.get('cf-connecting-ip') ||\n    null\n  );\n}\n\n/**\n * Check if request is from mobile device\n */\nexport function isMobileDevice(astro: AstroGlobal): boolean {\n  const userAgent = astro.request.headers.get('user-agent') || '';\n  return /mobile|android|iphone|ipad|phone/i.test(userAgent);\n}\n"],"mappings":";AAkBA,eAAsB,cACpB,OACA,SACA,UAGI,CAAC,GACc;AACnB,MAAI;AACF,WAAO,MAAM,QAAQ;AAAA,EACvB,SAAS,OAAO;AACd,YAAQ,MAAM,8BAA8B,KAAK;AAEjD,QAAI,QAAQ,iBAAiB;AAC3B,aAAO,MAAM,SAAS,QAAQ,eAAe;AAAA,IAC/C;AAEA,WAAO,QAAQ,gBAAgB;AAAA,EACjC;AACF;AAKO,SAAS,aAAa,OAA6B;AACxD,SAAO,CAAC,MAAM,QAAQ,QAAQ,IAAI,gBAAgB;AACpD;AAKO,SAAS,kBAAkB,OAA4C;AAC5E,QAAM,UAAkC,CAAC;AACzC,QAAM,QAAQ,QAAQ,QAAQ,CAAC,OAAO,QAAQ;AAC5C,YAAQ,GAAG,IAAI;AAAA,EACjB,CAAC;AACD,SAAO;AACT;AAKO,SAAS,eAAe,OAA4C;AACzE,QAAM,SAAiC,CAAC;AACxC,QAAM,eAAe,IAAI,IAAI,MAAM,QAAQ,GAAG,EAAE;AAEhD,eAAa,QAAQ,CAAC,OAAO,QAAQ;AACnC,WAAO,GAAG,IAAI;AAAA,EAChB,CAAC;AAED,SAAO;AACT;AAKO,SAAS,mBACd,OACA,SACM;AACN,SAAO,QAAQ,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChD,UAAM,SAAS,QAAQ,IAAI,KAAK,KAAK;AAAA,EACvC,CAAC;AACH;AAKO,SAAS,gBACd,OACA,SAMM;AACN,QAAM,aAAuB,CAAC;AAE9B,MAAI,QAAQ,QAAQ;AAClB,eAAW,KAAK,QAAQ;AAAA,EAC1B,OAAO;AACL,eAAW,KAAK,SAAS;AAAA,EAC3B;AAEA,MAAI,QAAQ,WAAW,QAAW;AAChC,eAAW,KAAK,WAAW,QAAQ,MAAM,EAAE;AAAA,EAC7C;AAEA,MAAI,QAAQ,YAAY,QAAW;AACjC,eAAW,KAAK,YAAY,QAAQ,OAAO,EAAE;AAAA,EAC/C;AAEA,MAAI,QAAQ,yBAAyB,QAAW;AAC9C,eAAW,KAAK,0BAA0B,QAAQ,oBAAoB,EAAE;AAAA,EAC1E;AAEA,QAAM,SAAS,QAAQ,IAAI,iBAAiB,WAAW,KAAK,IAAI,CAAC;AACnE;AAKO,SAAS,YAAY,OAAmC;AAC7D,QAAM,UAAU,MAAM,QAAQ;AAE9B,SACE,QAAQ,IAAI,iBAAiB,GAAG,MAAM,GAAG,EAAE,CAAC,EAAE,KAAK,KACnD,QAAQ,IAAI,WAAW,KACvB,QAAQ,IAAI,kBAAkB,KAC9B;AAEJ;AAKO,SAAS,eAAe,OAA6B;AAC1D,QAAM,YAAY,MAAM,QAAQ,QAAQ,IAAI,YAAY,KAAK;AAC7D,SAAO,oCAAoC,KAAK,SAAS;AAC3D;","names":[]}

package/dist/chunk-Z2ZAL7KX.js

@@ -0,0 +1,9 @@
+// src/htlkg/config.ts
+function isAuthenticatedUser(user) {
+  return user !== null && typeof user === "object" && "username" in user && "email" in user && "brandIds" in user && "accountIds" in user && "isAdmin" in user && typeof user.username === "string" && typeof user.email === "string" && Array.isArray(user.brandIds) && Array.isArray(user.accountIds) && typeof user.isAdmin === "boolean";
+}
+
+export {
+  isAuthenticatedUser
+};
+//# sourceMappingURL=chunk-Z2ZAL7KX.js.map

package/dist/chunk-Z2ZAL7KX.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/htlkg/config.ts"],"sourcesContent":["/**\n * Configuration types for the htlkg Astro integration\n */\n\nimport type { AuthUser } from '@htlkg/core/types';\n\n// Re-export AuthUser for convenience\nexport type { AuthUser };\n\n/**\n * Route pattern that can be either a RegExp or a string.\n * - String patterns match exact paths or paths that start with the pattern\n * - RegExp patterns allow for more complex matching logic\n *\n * @example\n * // String pattern - matches /login and /login/*\n * '/login'\n *\n * @example\n * // RegExp pattern - matches /api/v1/* and /api/v2/*\n * /^\\/api\\/v[12]\\//\n */\nexport type RoutePattern = RegExp | string;\n\n/**\n * Configuration for brand-specific routes that require brand ID extraction.\n * The pattern should include a capture group for the brand ID.\n *\n * @example\n * {\n *   pattern: /^\\/brands\\/(\\d+)/,\n *   brandIdParam: 1  // First capture group\n * }\n */\nexport interface BrandRouteConfig {\n\t/**\n\t * Regular expression pattern with a capture group for the brand ID\n\t */\n\tpattern: RegExp;\n\n\t/**\n\t * Index of the capture group containing the brand ID (1-based)\n\t */\n\tbrandIdParam: number;\n}\n\n/**\n * Configuration for the default login page injected by the integration.\n */\nexport interface LoginPageConfig {\n\t/**\n\t * URL path where the login page should be accessible.\n\t * @default '/login'\n\t */\n\tpath?: string;\n\n\t/**\n\t * Logo URL to display on the login page.\n\t * @default undefined\n\t */\n\tlogo?: string;\n\n\t/**\n\t * Title text to display on the login page.\n\t * @default 'Sign In'\n\t */\n\ttitle?: string;\n\n\t/**\n\t * URL to redirect to after successful login.\n\t * @default '/admin'\n\t */\n\tredirectUrl?: string;\n}\n\n/**\n * Configuration for route guards that protect routes based on authentication\n * status and user permissions.\n *\n * @example\n * {\n *   publicRoutes: ['/login', '/register', /^\\/public\\//],\n *   authenticatedRoutes: ['/dashboard', /^\\/profile/],\n *   adminRoutes: ['/admin', /^\\/admin\\//],\n *   brandRoutes: [\n *     { pattern: /^\\/brands\\/(\\d+)/, brandIdParam: 1 }\n *   ],\n *   loginUrl: '/login'\n * }\n */\nexport interface RouteGuardConfig {\n\t/**\n\t * Routes that are accessible without authentication.\n\t * These routes bypass all authentication checks.\n\t *\n\t * @default []\n\t */\n\tpublicRoutes?: RoutePattern[];\n\n\t/**\n\t * Routes that require any authenticated user.\n\t * Users must be logged in but no specific permissions are required.\n\t *\n\t * @default []\n\t */\n\tauthenticatedRoutes?: RoutePattern[];\n\n\t/**\n\t * Routes that require admin privileges.\n\t * Only users with isAdmin=true can access these routes.\n\t *\n\t * @default []\n\t */\n\tadminRoutes?: RoutePattern[];\n\n\t/**\n\t * Routes that require brand-specific access.\n\t * Users must have access to the specific brand ID extracted from the route,\n\t * or be an admin.\n\t *\n\t * @default []\n\t */\n\tbrandRoutes?: BrandRouteConfig[];\n\n\t/**\n\t * URL to redirect to when authentication is required.\n\t * Query parameters will be added for return URL and error messages.\n\t *\n\t * @default '/login'\n\t */\n\tloginUrl?: string;\n}\n\n/**\n * Options for configuring the htlkg Astro integration.\n *\n * @example\n * htlkg({\n *   auth: {\n *     publicRoutes: ['/login', '/'],\n *     adminRoutes: [/^\\/admin/],\n *     loginUrl: '/login'\n *   },\n *   loginPage: {\n *     logo: 'https://example.com/logo.png',\n *     title: 'Admin Portal',\n *     redirectUrl: '/admin/dashboard'\n *   },\n *   validateEnv: true,\n *   tailwind: { configFile: './tailwind.config.mjs' }\n * })\n */\nexport interface HtlkgIntegrationOptions {\n\t/**\n\t * Route guard configuration for authentication and authorization.\n\t * Defines which routes are public, require authentication, or require\n\t * specific permissions.\n\t *\n\t * @default {}\n\t */\n\tauth?: RouteGuardConfig;\n\n\t/**\n\t * Configuration for the default login page.\n\t * Set to false to disable automatic login page injection.\n\t *\n\t * @default { path: '/login', title: 'Sign In', redirectUrl: '/admin' }\n\t */\n\tloginPage?: LoginPageConfig | false;\n\n\n\n\t/**\n\t * Validate that required environment variables are present.\n\t * When enabled, the integration will check for required Amplify\n\t * environment variables and log warnings if any are missing.\n\t *\n\t * @default true\n\t */\n\tvalidateEnv?: boolean;\n\n\t/**\n\t * List of required environment variable names to validate.\n\t * Only used when validateEnv is true.\n\t *\n\t * @default ['PUBLIC_COGNITO_USER_POOL_ID', 'PUBLIC_COGNITO_USER_POOL_CLIENT_ID']\n\t */\n\trequiredEnvVars?: string[];\n\n\t/**\n\t * AWS Amplify configuration.\n\t * Pass the amplify_outputs.json content directly for automatic configuration.\n\t * This is the recommended approach as it ensures consistency with Amplify CLI.\n\t *\n\t * @example\n\t * import amplifyOutputs from './amplify_outputs.json';\n\t * \n\t * htlkg({\n\t *   amplify: amplifyOutputs\n\t * })\n\t */\n\tamplify?: Record<string, unknown>;\n\n\t/**\n\t * Tailwind CSS integration configuration.\n\t * Set to false to disable automatic Tailwind integration.\n\t * Pass an object to configure Tailwind options (e.g., configFile).\n\t *\n\t * @default undefined (Tailwind enabled with default config)\n\t */\n\ttailwind?: Record<string, unknown> | false;\n}\n\n/**\n * Type guard to check if a value is an authenticated user.\n * Useful for narrowing types in TypeScript when checking user authentication.\n *\n * @param user - Value to check\n * @returns True if the value is a valid AuthUser object\n *\n * @example\n * if (isAuthenticatedUser(locals.user)) {\n *   // TypeScript knows locals.user is AuthUser here\n *   console.log(locals.user.email);\n * }\n */\nexport function isAuthenticatedUser(user: unknown): user is AuthUser {\n\treturn (\n\t\tuser !== null &&\n\t\ttypeof user === 'object' &&\n\t\t'username' in user &&\n\t\t'email' in user &&\n\t\t'brandIds' in user &&\n\t\t'accountIds' in user &&\n\t\t'isAdmin' in user &&\n\t\ttypeof (user as AuthUser).username === 'string' &&\n\t\ttypeof (user as AuthUser).email === 'string' &&\n\t\tArray.isArray((user as AuthUser).brandIds) &&\n\t\tArray.isArray((user as AuthUser).accountIds) &&\n\t\ttypeof (user as AuthUser).isAdmin === 'boolean'\n\t);\n}\n"],"mappings":";AAkOO,SAAS,oBAAoB,MAAiC;AACpE,SACC,SAAS,QACT,OAAO,SAAS,YAChB,cAAc,QACd,WAAW,QACX,cAAc,QACd,gBAAgB,QAChB,aAAa,QACb,OAAQ,KAAkB,aAAa,YACvC,OAAQ,KAAkB,UAAU,YACpC,MAAM,QAAS,KAAkB,QAAQ,KACzC,MAAM,QAAS,KAAkB,UAAU,KAC3C,OAAQ,KAAkB,YAAY;AAExC;","names":[]}

package/dist/chunk-ZQ4XMJH7.js

@@ -0,0 +1 @@
+//# sourceMappingURL=chunk-ZQ4XMJH7.js.map

package/dist/chunk-ZQ4XMJH7.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/htlkg/config.js

@@ -0,0 +1,7 @@
+import {
+  isAuthenticatedUser
+} from "../chunk-Z2ZAL7KX.js";
+export {
+  isAuthenticatedUser
+};
+//# sourceMappingURL=config.js.map

package/dist/htlkg/config.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/htlkg/index.js

@@ -0,0 +1,7 @@
+import {
+  htlkg
+} from "../chunk-WLOFOVCL.js";
+export {
+  htlkg
+};
+//# sourceMappingURL=index.js.map

package/dist/htlkg/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/index.js

@@ -0,0 +1,64 @@
+import {
+  htlkg
+} from "./chunk-WLOFOVCL.js";
+import {
+  isAuthenticatedUser
+} from "./chunk-Z2ZAL7KX.js";
+import "./chunk-ZQ4XMJH7.js";
+import {
+  createHydrationScript,
+  createHydrationScripts,
+  createIslandProps,
+  deserializeFromHydration,
+  getHydratedData,
+  mergeProps,
+  serializeForHydration,
+  shouldHydrate
+} from "./chunk-64USRLVP.js";
+import {
+  getClientIP,
+  getQueryParams,
+  getRequestHeaders,
+  getServerData,
+  isMobileDevice,
+  isServerSide,
+  setCacheControl,
+  setResponseHeaders
+} from "./chunk-WNMPTDCR.js";
+import {
+  chunkArray,
+  filterItems,
+  generateNestedPaths,
+  generatePaginatedPaths,
+  generateStaticPaths,
+  groupItems,
+  sortItems
+} from "./chunk-33R4URZV.js";
+export {
+  chunkArray,
+  createHydrationScript,
+  createHydrationScripts,
+  createIslandProps,
+  deserializeFromHydration,
+  filterItems,
+  generateNestedPaths,
+  generatePaginatedPaths,
+  generateStaticPaths,
+  getClientIP,
+  getHydratedData,
+  getQueryParams,
+  getRequestHeaders,
+  getServerData,
+  groupItems,
+  htlkg,
+  isAuthenticatedUser,
+  isMobileDevice,
+  isServerSide,
+  mergeProps,
+  serializeForHydration,
+  setCacheControl,
+  setResponseHeaders,
+  shouldHydrate,
+  sortItems
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/middleware/index.js

@@ -0,0 +1,168 @@
+// src/middleware/index.ts
+import { sequence } from "astro:middleware";
+
+// src/middleware/auth.ts
+import { getUser } from "@htlkg/core/auth";
+var authMiddleware = async (context, next) => {
+  const { locals } = context;
+  try {
+    const user = await getUser(context);
+    locals.user = user;
+  } catch (error) {
+    locals.user = null;
+    if (error instanceof Error) {
+      const safeMessage = error.message.replace(/token[=:]\s*[^\s,}]+/gi, "token=***").replace(/key[=:]\s*[^\s,}]+/gi, "key=***").replace(/secret[=:]\s*[^\s,}]+/gi, "secret=***").replace(/password[=:]\s*[^\s,}]+/gi, "password=***");
+      console.error("[htlkg Auth] Authentication failed:", safeMessage);
+    } else {
+      console.error("[htlkg Auth] Authentication failed: Unknown error");
+    }
+  }
+  return next();
+};
+
+// src/middleware/route-guards.ts
+import { routeGuardConfig } from "virtual:htlkg-config";
+var config = routeGuardConfig;
+function matchesPattern(pathname, patterns) {
+  return patterns.some((pattern) => {
+    try {
+      if (typeof pattern === "string") {
+        if (pattern === "/") {
+          return pathname === "/";
+        }
+        return pathname === pattern || pathname.startsWith(pattern + "/");
+      }
+      return pattern.test(pathname);
+    } catch (error) {
+      console.error(
+        "[htlkg Route Guard] Error matching pattern:",
+        error instanceof Error ? error.message : "Unknown error"
+      );
+      return false;
+    }
+  });
+}
+var routeGuard = async (context, next) => {
+  const { locals, url, redirect } = context;
+  const pathname = url.pathname;
+  const {
+    publicRoutes = [],
+    authenticatedRoutes = [],
+    adminRoutes = [],
+    brandRoutes = [],
+    loginUrl = "/login"
+  } = config;
+  try {
+    if (matchesPattern(pathname, publicRoutes)) {
+      console.log(`[htlkg Route Guard] Public route: ${pathname}`);
+      return next();
+    }
+    const user = locals.user;
+    if (matchesPattern(pathname, adminRoutes)) {
+      if (!user || !user.isAdmin) {
+        console.log(
+          `[htlkg Route Guard] Admin access denied for ${pathname} - User: ${user ? "authenticated (non-admin)" : "not authenticated"}`
+        );
+        return redirect(`${loginUrl}?error=admin_required`);
+      }
+      console.log(
+        `[htlkg Route Guard] Admin access granted for ${pathname}`
+      );
+      return next();
+    }
+    for (const brandRoute of brandRoutes) {
+      try {
+        const match = pathname.match(brandRoute.pattern);
+        if (match) {
+          const brandId = Number.parseInt(match[brandRoute.brandIdParam], 10);
+          if (Number.isNaN(brandId)) {
+            console.warn(
+              `[htlkg Route Guard] Invalid brandId extracted from ${pathname}`
+            );
+            return redirect(`${loginUrl}?error=invalid_brand`);
+          }
+          if (!user || !user.isAdmin && !user.brandIds.includes(brandId)) {
+            console.log(
+              `[htlkg Route Guard] Brand access denied for ${pathname} (brandId: ${brandId}) - User: ${user ? `authenticated (brandIds: ${user.brandIds.join(",")})` : "not authenticated"}`
+            );
+            return redirect(`${loginUrl}?error=access_denied`);
+          }
+          console.log(
+            `[htlkg Route Guard] Brand access granted for ${pathname} (brandId: ${brandId})`
+          );
+          return next();
+        }
+      } catch (error) {
+        console.error(
+          `[htlkg Route Guard] Error processing brand route for ${pathname}:`,
+          error instanceof Error ? error.message : "Unknown error"
+        );
+        return redirect(`${loginUrl}?error=access_denied`);
+      }
+    }
+    if (matchesPattern(pathname, authenticatedRoutes)) {
+      if (!user) {
+        const returnUrl = encodeURIComponent(pathname + url.search);
+        console.log(
+          `[htlkg Route Guard] Authentication required for ${pathname}, redirecting to login`
+        );
+        return redirect(`${loginUrl}?redirect=${returnUrl}`);
+      }
+      console.log(
+        `[htlkg Route Guard] Authenticated access granted for ${pathname}`
+      );
+      return next();
+    }
+    console.log(
+      `[htlkg Route Guard] Default access granted for ${pathname}`
+    );
+    return next();
+  } catch (error) {
+    console.error(
+      "[htlkg Route Guard] Unexpected error in route guard:",
+      error instanceof Error ? error.message : "Unknown error"
+    );
+    return redirect(`${loginUrl}?error=server_error`);
+  }
+};
+async function requireAuth(context, loginUrl = "/login") {
+  const user = context.locals.user;
+  if (!user) {
+    const currentUrl = context.url.pathname + context.url.search;
+    const encodedReturnUrl = encodeURIComponent(currentUrl);
+    return context.redirect(`${loginUrl}?redirect=${encodedReturnUrl}`);
+  }
+  return user;
+}
+async function requireAdminAccess(context, loginUrl = "/login") {
+  const user = context.locals.user;
+  if (!user) {
+    return context.redirect(`${loginUrl}?error=not_authenticated`);
+  }
+  if (!user.isAdmin) {
+    return context.redirect(`${loginUrl}?error=admin_required`);
+  }
+  return user;
+}
+async function requireBrandAccess(context, brandId, loginUrl = "/login") {
+  const user = context.locals.user;
+  if (!user) {
+    return context.redirect(`${loginUrl}?error=not_authenticated`);
+  }
+  if (!user.isAdmin && !user.brandIds.includes(brandId)) {
+    return context.redirect(`${loginUrl}?error=access_denied`);
+  }
+  return user;
+}
+
+// src/middleware/index.ts
+var onRequest = sequence(authMiddleware, routeGuard);
+export {
+  authMiddleware,
+  onRequest,
+  requireAdminAccess,
+  requireAuth,
+  requireBrandAccess,
+  routeGuard
+};
+//# sourceMappingURL=index.js.map

package/dist/middleware/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/middleware/index.ts","../../src/middleware/auth.ts","../../src/middleware/route-guards.ts"],"sourcesContent":["/**\n * Middleware for @htlkg/astro\n * \n * This module exports:\n * - authMiddleware: Retrieves authenticated user and injects into locals\n * - routeGuard: Enforces access control based on route configuration\n * - onRequest: Composed middleware chain (auth + route guard)\n * - Helper functions: requireAuth, requireAdminAccess, requireBrandAccess\n */\n\nimport { sequence } from 'astro:middleware';\nimport { authMiddleware } from './auth.js';\nimport { routeGuard } from './route-guards.js';\n\n// Export individual middleware\nexport { authMiddleware } from './auth.js';\nexport {\n\trouteGuard,\n\trequireAuth,\n\trequireAdminAccess,\n\trequireBrandAccess,\n} from './route-guards.js';\n\n/**\n * Export composed middleware chain\n * Auth middleware runs first to populate locals.user\n * Route guard middleware runs second to enforce access control\n * \n * This is the default export that gets injected by the htlkg integration\n */\nexport const onRequest = sequence(authMiddleware, routeGuard);\n","/**\n * Authentication middleware for htlkg integration\n * \n * This middleware:\n * - Retrieves the authenticated user from AWS Amplify\n * - Injects the user into Astro.locals for use in pages and API routes\n * - Handles authentication errors gracefully\n */\n\nimport type { MiddlewareHandler } from 'astro';\nimport { getUser } from '@htlkg/core/auth';\n\n/**\n * Auth middleware - retrieves authenticated user and injects into locals\n * \n * This middleware runs on every request and attempts to get the current\n * authenticated user from AWS Amplify. If successful, the user is injected\n * into context.locals.user. If authentication fails, locals.user is set to null.\n * \n * @example\n * // In an Astro page\n * const { user } = Astro.locals;\n * if (user) {\n *   console.log('Authenticated user:', user.email);\n * }\n */\nexport const authMiddleware: MiddlewareHandler = async (context, next) => {\n\tconst { locals } = context;\n\n\ttry {\n\t\tconst user = await getUser(context);\n\t\tlocals.user = user;\n\t} catch (error) {\n\t\t// Set user to null on any authentication error\n\t\tlocals.user = null;\n\n\t\t// Log error without exposing sensitive information\n\t\tif (error instanceof Error) {\n\t\t\t// Filter out sensitive data from error messages\n\t\t\tconst safeMessage = error.message\n\t\t\t\t.replace(/token[=:]\\s*[^\\s,}]+/gi, 'token=***')\n\t\t\t\t.replace(/key[=:]\\s*[^\\s,}]+/gi, 'key=***')\n\t\t\t\t.replace(/secret[=:]\\s*[^\\s,}]+/gi, 'secret=***')\n\t\t\t\t.replace(/password[=:]\\s*[^\\s,}]+/gi, 'password=***');\n\n\t\t\tconsole.error('[htlkg Auth] Authentication failed:', safeMessage);\n\t\t} else {\n\t\t\tconsole.error('[htlkg Auth] Authentication failed: Unknown error');\n\t\t}\n\t}\n\n\treturn next();\n};\n","/**\n * Route guard middleware for htlkg integration\n * \n * This middleware enforces access control based on route configuration:\n * - Public routes: accessible to everyone\n * - Authenticated routes: require any logged-in user\n * - Admin routes: require admin privileges\n * - Brand routes: require brand-specific access or admin privileges\n */\n\nimport type { MiddlewareHandler } from 'astro';\nimport type { RoutePattern, RouteGuardConfig } from '../htlkg/config.js';\n\n// Import configuration from virtual module\nimport { routeGuardConfig } from 'virtual:htlkg-config';\n\n// Type assertion for the imported config\nconst config = routeGuardConfig as RouteGuardConfig;\n\n/**\n * Helper: Check if pathname matches any of the provided patterns\n */\nfunction matchesPattern(pathname: string, patterns: RoutePattern[]): boolean {\n\treturn patterns.some((pattern) => {\n\t\ttry {\n\t\t\tif (typeof pattern === 'string') {\n\t\t\t\t// Special case: \"/\" only matches exactly\n\t\t\t\tif (pattern === '/') {\n\t\t\t\t\treturn pathname === '/';\n\t\t\t\t}\n\t\t\t\t// String pattern: exact match or starts with (for sub-routes)\n\t\t\t\treturn pathname === pattern || pathname.startsWith(pattern + '/');\n\t\t\t}\n\t\t\t// RegExp pattern: test against pathname\n\t\t\treturn pattern.test(pathname);\n\t\t} catch (error) {\n\t\t\t// Log pattern matching errors but don't block the request\n\t\t\tconsole.error(\n\t\t\t\t'[htlkg Route Guard] Error matching pattern:',\n\t\t\t\terror instanceof Error ? error.message : 'Unknown error',\n\t\t\t);\n\t\t\treturn false;\n\t\t}\n\t});\n}\n\n/**\n * Route guard middleware - protects routes based on configuration\n * \n * This middleware runs after authMiddleware and enforces access control\n * based on the route configuration provided to the htlkg integration.\n * \n * @example\n * // In astro.config.mjs\n * htlkg({\n *   auth: {\n *     publicRoutes: ['/login', '/'],\n *     adminRoutes: [/^\\/admin/],\n *     brandRoutes: [\n *       { pattern: /^\\/brands\\/(\\d+)/, brandIdParam: 1 }\n *     ],\n *     loginUrl: '/login'\n *   }\n * })\n */\nexport const routeGuard: MiddlewareHandler = async (context, next) => {\n\tconst { locals, url, redirect } = context;\n\tconst pathname = url.pathname;\n\n\tconst {\n\t\tpublicRoutes = [],\n\t\tauthenticatedRoutes = [],\n\t\tadminRoutes = [],\n\t\tbrandRoutes = [],\n\t\tloginUrl = '/login',\n\t} = config;\n\n\ttry {\n\t\t// Public routes - no auth required\n\t\tif (matchesPattern(pathname, publicRoutes)) {\n\t\t\tconsole.log(`[htlkg Route Guard] Public route: ${pathname}`);\n\t\t\treturn next();\n\t\t}\n\n\t\tconst user = locals.user;\n\n\t\t// Admin routes - require admin role\n\t\tif (matchesPattern(pathname, adminRoutes)) {\n\t\t\tif (!user || !user.isAdmin) {\n\t\t\t\tconsole.log(\n\t\t\t\t\t`[htlkg Route Guard] Admin access denied for ${pathname} - User: ${user ? 'authenticated (non-admin)' : 'not authenticated'}`,\n\t\t\t\t);\n\t\t\t\treturn redirect(`${loginUrl}?error=admin_required`);\n\t\t\t}\n\t\t\tconsole.log(\n\t\t\t\t`[htlkg Route Guard] Admin access granted for ${pathname}`,\n\t\t\t);\n\t\t\treturn next();\n\t\t}\n\n\t\t// Brand routes - require brand access or admin\n\t\tfor (const brandRoute of brandRoutes) {\n\t\t\ttry {\n\t\t\t\tconst match = pathname.match(brandRoute.pattern);\n\t\t\t\tif (match) {\n\t\t\t\t\tconst brandId = Number.parseInt(match[brandRoute.brandIdParam], 10);\n\n\t\t\t\t\tif (Number.isNaN(brandId)) {\n\t\t\t\t\t\tconsole.warn(\n\t\t\t\t\t\t\t`[htlkg Route Guard] Invalid brandId extracted from ${pathname}`,\n\t\t\t\t\t\t);\n\t\t\t\t\t\treturn redirect(`${loginUrl}?error=invalid_brand`);\n\t\t\t\t\t}\n\n\t\t\t\t\tif (!user || (!user.isAdmin && !user.brandIds.includes(brandId))) {\n\t\t\t\t\t\tconsole.log(\n\t\t\t\t\t\t\t`[htlkg Route Guard] Brand access denied for ${pathname} (brandId: ${brandId}) - User: ${user ? `authenticated (brandIds: ${user.brandIds.join(',')})` : 'not authenticated'}`,\n\t\t\t\t\t\t);\n\t\t\t\t\t\treturn redirect(`${loginUrl}?error=access_denied`);\n\t\t\t\t\t}\n\t\t\t\t\tconsole.log(\n\t\t\t\t\t\t`[htlkg Route Guard] Brand access granted for ${pathname} (brandId: ${brandId})`,\n\t\t\t\t\t);\n\t\t\t\t\treturn next();\n\t\t\t\t}\n\t\t\t} catch (error) {\n\t\t\t\tconsole.error(\n\t\t\t\t\t`[htlkg Route Guard] Error processing brand route for ${pathname}:`,\n\t\t\t\t\terror instanceof Error ? error.message : 'Unknown error',\n\t\t\t\t);\n\t\t\t\t// Fail-safe: deny access on error\n\t\t\t\treturn redirect(`${loginUrl}?error=access_denied`);\n\t\t\t}\n\t\t}\n\n\t\t// Authenticated routes - require any logged-in user\n\t\tif (matchesPattern(pathname, authenticatedRoutes)) {\n\t\t\tif (!user) {\n\t\t\t\tconst returnUrl = encodeURIComponent(pathname + url.search);\n\t\t\t\tconsole.log(\n\t\t\t\t\t`[htlkg Route Guard] Authentication required for ${pathname}, redirecting to login`,\n\t\t\t\t);\n\t\t\t\treturn redirect(`${loginUrl}?redirect=${returnUrl}`);\n\t\t\t}\n\t\t\tconsole.log(\n\t\t\t\t`[htlkg Route Guard] Authenticated access granted for ${pathname}`,\n\t\t\t);\n\t\t\treturn next();\n\t\t}\n\n\t\t// Default: allow access\n\t\tconsole.log(\n\t\t\t`[htlkg Route Guard] Default access granted for ${pathname}`,\n\t\t);\n\t\treturn next();\n\t} catch (error) {\n\t\t// Catch-all error handler for route guard\n\t\tconsole.error(\n\t\t\t'[htlkg Route Guard] Unexpected error in route guard:',\n\t\t\terror instanceof Error ? error.message : 'Unknown error',\n\t\t);\n\t\t// Fail-safe: deny access and redirect to login\n\t\treturn redirect(`${loginUrl}?error=server_error`);\n\t}\n};\n\n/**\n * Helper functions for programmatic route protection in pages\n * These can be used in Astro pages for more fine-grained control\n */\n\n/**\n * Require authentication for a page\n * Redirects to login if user is not authenticated\n */\nexport async function requireAuth(context: any, loginUrl = '/login') {\n\tconst user = context.locals.user;\n\tif (!user) {\n\t\tconst currentUrl = context.url.pathname + context.url.search;\n\t\tconst encodedReturnUrl = encodeURIComponent(currentUrl);\n\t\treturn context.redirect(`${loginUrl}?redirect=${encodedReturnUrl}`);\n\t}\n\treturn user;\n}\n\n/**\n * Require admin access for a page\n * Redirects to login if user is not an admin\n */\nexport async function requireAdminAccess(context: any, loginUrl = '/login') {\n\tconst user = context.locals.user;\n\tif (!user) {\n\t\treturn context.redirect(`${loginUrl}?error=not_authenticated`);\n\t}\n\tif (!user.isAdmin) {\n\t\treturn context.redirect(`${loginUrl}?error=admin_required`);\n\t}\n\treturn user;\n}\n\n/**\n * Require brand access for a page\n * Redirects to login if user doesn't have access to the specified brand\n */\nexport async function requireBrandAccess(\n\tcontext: any,\n\tbrandId: number,\n\tloginUrl = '/login'\n) {\n\tconst user = context.locals.user;\n\tif (!user) {\n\t\treturn context.redirect(`${loginUrl}?error=not_authenticated`);\n\t}\n\tif (!user.isAdmin && !user.brandIds.includes(brandId)) {\n\t\treturn context.redirect(`${loginUrl}?error=access_denied`);\n\t}\n\treturn user;\n}\n"],"mappings":";AAUA,SAAS,gBAAgB;;;ACAzB,SAAS,eAAe;AAgBjB,IAAM,iBAAoC,OAAO,SAAS,SAAS;AACzE,QAAM,EAAE,OAAO,IAAI;AAEnB,MAAI;AACH,UAAM,OAAO,MAAM,QAAQ,OAAO;AAClC,WAAO,OAAO;AAAA,EACf,SAAS,OAAO;AAEf,WAAO,OAAO;AAGd,QAAI,iBAAiB,OAAO;AAE3B,YAAM,cAAc,MAAM,QACxB,QAAQ,0BAA0B,WAAW,EAC7C,QAAQ,wBAAwB,SAAS,EACzC,QAAQ,2BAA2B,YAAY,EAC/C,QAAQ,6BAA6B,cAAc;AAErD,cAAQ,MAAM,uCAAuC,WAAW;AAAA,IACjE,OAAO;AACN,cAAQ,MAAM,mDAAmD;AAAA,IAClE;AAAA,EACD;AAEA,SAAO,KAAK;AACb;;;ACtCA,SAAS,wBAAwB;AAGjC,IAAM,SAAS;AAKf,SAAS,eAAe,UAAkB,UAAmC;AAC5E,SAAO,SAAS,KAAK,CAAC,YAAY;AACjC,QAAI;AACH,UAAI,OAAO,YAAY,UAAU;AAEhC,YAAI,YAAY,KAAK;AACpB,iBAAO,aAAa;AAAA,QACrB;AAEA,eAAO,aAAa,WAAW,SAAS,WAAW,UAAU,GAAG;AAAA,MACjE;AAEA,aAAO,QAAQ,KAAK,QAAQ;AAAA,IAC7B,SAAS,OAAO;AAEf,cAAQ;AAAA,QACP;AAAA,QACA,iBAAiB,QAAQ,MAAM,UAAU;AAAA,MAC1C;AACA,aAAO;AAAA,IACR;AAAA,EACD,CAAC;AACF;AAqBO,IAAM,aAAgC,OAAO,SAAS,SAAS;AACrE,QAAM,EAAE,QAAQ,KAAK,SAAS,IAAI;AAClC,QAAM,WAAW,IAAI;AAErB,QAAM;AAAA,IACL,eAAe,CAAC;AAAA,IAChB,sBAAsB,CAAC;AAAA,IACvB,cAAc,CAAC;AAAA,IACf,cAAc,CAAC;AAAA,IACf,WAAW;AAAA,EACZ,IAAI;AAEJ,MAAI;AAEH,QAAI,eAAe,UAAU,YAAY,GAAG;AAC3C,cAAQ,IAAI,qCAAqC,QAAQ,EAAE;AAC3D,aAAO,KAAK;AAAA,IACb;AAEA,UAAM,OAAO,OAAO;AAGpB,QAAI,eAAe,UAAU,WAAW,GAAG;AAC1C,UAAI,CAAC,QAAQ,CAAC,KAAK,SAAS;AAC3B,gBAAQ;AAAA,UACP,+CAA+C,QAAQ,YAAY,OAAO,8BAA8B,mBAAmB;AAAA,QAC5H;AACA,eAAO,SAAS,GAAG,QAAQ,uBAAuB;AAAA,MACnD;AACA,cAAQ;AAAA,QACP,gDAAgD,QAAQ;AAAA,MACzD;AACA,aAAO,KAAK;AAAA,IACb;AAGA,eAAW,cAAc,aAAa;AACrC,UAAI;AACH,cAAM,QAAQ,SAAS,MAAM,WAAW,OAAO;AAC/C,YAAI,OAAO;AACV,gBAAM,UAAU,OAAO,SAAS,MAAM,WAAW,YAAY,GAAG,EAAE;AAElE,cAAI,OAAO,MAAM,OAAO,GAAG;AAC1B,oBAAQ;AAAA,cACP,sDAAsD,QAAQ;AAAA,YAC/D;AACA,mBAAO,SAAS,GAAG,QAAQ,sBAAsB;AAAA,UAClD;AAEA,cAAI,CAAC,QAAS,CAAC,KAAK,WAAW,CAAC,KAAK,SAAS,SAAS,OAAO,GAAI;AACjE,oBAAQ;AAAA,cACP,+CAA+C,QAAQ,cAAc,OAAO,aAAa,OAAO,4BAA4B,KAAK,SAAS,KAAK,GAAG,CAAC,MAAM,mBAAmB;AAAA,YAC7K;AACA,mBAAO,SAAS,GAAG,QAAQ,sBAAsB;AAAA,UAClD;AACA,kBAAQ;AAAA,YACP,gDAAgD,QAAQ,cAAc,OAAO;AAAA,UAC9E;AACA,iBAAO,KAAK;AAAA,QACb;AAAA,MACD,SAAS,OAAO;AACf,gBAAQ;AAAA,UACP,wDAAwD,QAAQ;AAAA,UAChE,iBAAiB,QAAQ,MAAM,UAAU;AAAA,QAC1C;AAEA,eAAO,SAAS,GAAG,QAAQ,sBAAsB;AAAA,MAClD;AAAA,IACD;AAGA,QAAI,eAAe,UAAU,mBAAmB,GAAG;AAClD,UAAI,CAAC,MAAM;AACV,cAAM,YAAY,mBAAmB,WAAW,IAAI,MAAM;AAC1D,gBAAQ;AAAA,UACP,mDAAmD,QAAQ;AAAA,QAC5D;AACA,eAAO,SAAS,GAAG,QAAQ,aAAa,SAAS,EAAE;AAAA,MACpD;AACA,cAAQ;AAAA,QACP,wDAAwD,QAAQ;AAAA,MACjE;AACA,aAAO,KAAK;AAAA,IACb;AAGA,YAAQ;AAAA,MACP,kDAAkD,QAAQ;AAAA,IAC3D;AACA,WAAO,KAAK;AAAA,EACb,SAAS,OAAO;AAEf,YAAQ;AAAA,MACP;AAAA,MACA,iBAAiB,QAAQ,MAAM,UAAU;AAAA,IAC1C;AAEA,WAAO,SAAS,GAAG,QAAQ,qBAAqB;AAAA,EACjD;AACD;AAWA,eAAsB,YAAY,SAAc,WAAW,UAAU;AACpE,QAAM,OAAO,QAAQ,OAAO;AAC5B,MAAI,CAAC,MAAM;AACV,UAAM,aAAa,QAAQ,IAAI,WAAW,QAAQ,IAAI;AACtD,UAAM,mBAAmB,mBAAmB,UAAU;AACtD,WAAO,QAAQ,SAAS,GAAG,QAAQ,aAAa,gBAAgB,EAAE;AAAA,EACnE;AACA,SAAO;AACR;AAMA,eAAsB,mBAAmB,SAAc,WAAW,UAAU;AAC3E,QAAM,OAAO,QAAQ,OAAO;AAC5B,MAAI,CAAC,MAAM;AACV,WAAO,QAAQ,SAAS,GAAG,QAAQ,0BAA0B;AAAA,EAC9D;AACA,MAAI,CAAC,KAAK,SAAS;AAClB,WAAO,QAAQ,SAAS,GAAG,QAAQ,uBAAuB;AAAA,EAC3D;AACA,SAAO;AACR;AAMA,eAAsB,mBACrB,SACA,SACA,WAAW,UACV;AACD,QAAM,OAAO,QAAQ,OAAO;AAC5B,MAAI,CAAC,MAAM;AACV,WAAO,QAAQ,SAAS,GAAG,QAAQ,0BAA0B;AAAA,EAC9D;AACA,MAAI,CAAC,KAAK,WAAW,CAAC,KAAK,SAAS,SAAS,OAAO,GAAG;AACtD,WAAO,QAAQ,SAAS,GAAG,QAAQ,sBAAsB;AAAA,EAC1D;AACA,SAAO;AACR;;;AF3LO,IAAM,YAAY,SAAS,gBAAgB,UAAU;","names":[]}

package/dist/utils/hydration.js

@@ -0,0 +1,21 @@
+import {
+  createHydrationScript,
+  createHydrationScripts,
+  createIslandProps,
+  deserializeFromHydration,
+  getHydratedData,
+  mergeProps,
+  serializeForHydration,
+  shouldHydrate
+} from "../chunk-64USRLVP.js";
+export {
+  createHydrationScript,
+  createHydrationScripts,
+  createIslandProps,
+  deserializeFromHydration,
+  getHydratedData,
+  mergeProps,
+  serializeForHydration,
+  shouldHydrate
+};
+//# sourceMappingURL=hydration.js.map

package/dist/utils/hydration.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/utils/index.js

@@ -0,0 +1,56 @@
+import "../chunk-ZQ4XMJH7.js";
+import {
+  createHydrationScript,
+  createHydrationScripts,
+  createIslandProps,
+  deserializeFromHydration,
+  getHydratedData,
+  mergeProps,
+  serializeForHydration,
+  shouldHydrate
+} from "../chunk-64USRLVP.js";
+import {
+  getClientIP,
+  getQueryParams,
+  getRequestHeaders,
+  getServerData,
+  isMobileDevice,
+  isServerSide,
+  setCacheControl,
+  setResponseHeaders
+} from "../chunk-WNMPTDCR.js";
+import {
+  chunkArray,
+  filterItems,
+  generateNestedPaths,
+  generatePaginatedPaths,
+  generateStaticPaths,
+  groupItems,
+  sortItems
+} from "../chunk-33R4URZV.js";
+export {
+  chunkArray,
+  createHydrationScript,
+  createHydrationScripts,
+  createIslandProps,
+  deserializeFromHydration,
+  filterItems,
+  generateNestedPaths,
+  generatePaginatedPaths,
+  generateStaticPaths,
+  getClientIP,
+  getHydratedData,
+  getQueryParams,
+  getRequestHeaders,
+  getServerData,
+  groupItems,
+  isMobileDevice,
+  isServerSide,
+  mergeProps,
+  serializeForHydration,
+  setCacheControl,
+  setResponseHeaders,
+  shouldHydrate,
+  sortItems
+};
+//# sourceMappingURL=index.js.map

package/dist/utils/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/utils/ssr.js

@@ -0,0 +1,21 @@
+import {
+  getClientIP,
+  getQueryParams,
+  getRequestHeaders,
+  getServerData,
+  isMobileDevice,
+  isServerSide,
+  setCacheControl,
+  setResponseHeaders
+} from "../chunk-WNMPTDCR.js";
+export {
+  getClientIP,
+  getQueryParams,
+  getRequestHeaders,
+  getServerData,
+  isMobileDevice,
+  isServerSide,
+  setCacheControl,
+  setResponseHeaders
+};
+//# sourceMappingURL=ssr.js.map

package/dist/utils/ssr.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/utils/static.js

@@ -0,0 +1,19 @@
+import {
+  chunkArray,
+  filterItems,
+  generateNestedPaths,
+  generatePaginatedPaths,
+  generateStaticPaths,
+  groupItems,
+  sortItems
+} from "../chunk-33R4URZV.js";
+export {
+  chunkArray,
+  filterItems,
+  generateNestedPaths,
+  generatePaginatedPaths,
+  generateStaticPaths,
+  groupItems,
+  sortItems
+};
+//# sourceMappingURL=static.js.map

package/dist/utils/static.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/package.json

@@ -0,0 +1,53 @@
+{
+  "name": "@htlkg/astro",
+  "version": "0.0.1",
+  "type": "module",
+  "exports": {
+    ".": "./dist/index.js",
+    "./htlkg": "./dist/htlkg/index.js",
+    "./htlkg/config": "./dist/htlkg/config.js",
+    "./middleware": "./dist/middleware/index.js",
+    "./vue-app-setup": "./src/vue-app-setup.ts",
+    "./auth/LoginPage.astro": "./src/auth/LoginPage.astro",
+    "./layouts": "./src/layouts/index.ts",
+    "./layouts/*": "./src/layouts/*.astro",
+    "./patterns": "./src/patterns/index.ts",
+    "./patterns/admin": "./src/patterns/admin/index.ts",
+    "./patterns/admin/*": "./src/patterns/admin/*.astro",
+    "./patterns/brand": "./src/patterns/brand/index.ts",
+    "./patterns/brand/*": "./src/patterns/brand/*.astro",
+    "./components": "./src/components/index.ts",
+    "./components/*": "./src/components/*.astro",
+    "./utils": "./dist/utils/index.js",
+    "./utils/*": "./dist/utils/*.js"
+  },
+  "files": [
+    "dist",
+    "src"
+  ],
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsup --watch",
+    "test": "vitest run",
+    "test:watch": "vitest"
+  },
+  "dependencies": {
+    "@astrojs/tailwind": "^6.0.2",
+    "@astrojs/vue": "^5.0.0",
+    "@htlkg/core": "^0.0.1",
+    "@htlkg/components": "^0.0.1",
+    "@hotelinking/ui": "^15.49.1",
+    "astro": "^5.14.7",
+    "aws-amplify": "^6.11.3",
+    "tailwindcss": "^3.4.18",
+    "vue": "^3.5.22"
+  },
+  "publishConfig": {
+    "access": "restricted"
+  },
+  "devDependencies": {
+    "tsup": "^8.0.0",
+    "typescript": "^5.9.2",
+    "vitest": "^3.2.4"
+  }
+}

package/src/__mocks__/astro-middleware.ts

@@ -0,0 +1,19 @@
+/**
+ * Mock for astro:middleware module used in tests
+ */
+
+export function sequence(...handlers: any[]) {
+	return async (context: any, next: any) => {
+		let index = 0;
+		
+		async function executeNext() {
+			if (index >= handlers.length) {
+				return next();
+			}
+			const handler = handlers[index++];
+			return handler(context, executeNext);
+		}
+		
+		return executeNext();
+	};
+}

package/src/__mocks__/virtual-htlkg-config.ts

@@ -0,0 +1,14 @@
+/**
+ * Mock for virtual:htlkg-config module used in tests
+ */
+
+export const routeGuardConfig = {
+	publicRoutes: [],
+	authenticatedRoutes: [],
+	adminRoutes: [],
+	brandRoutes: [],
+	loginUrl: '/login',
+};
+
+export const loginPageConfig = null;
+export const amplifyConfig = null;