@kyro-cms/core 0.1.6 → 0.1.7

package/dist/index.js

@@ -1,29 +1,1023 @@
-export { allSettingsGlobals, blogCollections, blogGlobals, coreSettingsGlobals, createTemplateConfig, ecommerceCollections, ecommerceGlobals, ecommerceSettingsGlobals, kitchenSinkCollections, mediaCollections, minimalCollections } from './chunk-3QX6KG2S.js';
-export { RedisAuthAdapter } from './chunk-VMSRTAH7.js';
-import { EmailTransport, PasswordPolicy, SQLiteAuthAdapter } from './chunk-5Y7QGIHD.js';
-export { EmailTransport, PasswordPolicy, SQLiteAuthAdapter, autoBootstrap, bootstrapAdmin, getBootstrapFromEnv } from './chunk-5Y7QGIHD.js';
-import { createKyroServer } from './chunk-UEYC46RL.js';
-export { createContext, createCountProcedure, createCreateProcedure, createDeleteProcedure, createDynamicRouter, createFindByIDProcedure, createFindProcedure, createKyroServer, createUpdateProcedure } from './chunk-UEYC46RL.js';
-import { buildGraphQLSchema } from './chunk-OG3KX56O.js';
-export { buildGraphQLSchema, createGraphQLSchema } from './chunk-OG3KX56O.js';
-import { createHonoApp } from './chunk-YPAFJ7EV.js';
-export { createHonoApp, createRESTAPI } from './chunk-YPAFJ7EV.js';
-export { evaluateAccess, getWhereClause, mergeWhereClauses } from './chunk-SDMNUYVU.js';
+export { allSettingsGlobals, blogCollections, blogGlobals, coreSettingsGlobals, createTemplateConfig, ecommerceCollections, ecommerceGlobals, ecommerceSettingsGlobals, kitchenSinkCollections, mediaCollections, minimalCollections } from './chunk-RONAX6UU.js';
+export { RedisAuthAdapter } from './chunk-GLCPGZPM.js';
+import { PasswordPolicy, SQLiteAuthAdapter } from './chunk-RRYXQMZG.js';
+export { PasswordPolicy, SQLiteAuthAdapter, autoBootstrap, bootstrapAdmin, getBootstrapFromEnv } from './chunk-RRYXQMZG.js';
+import { createKyroServer } from './chunk-OUGKLCYF.js';
+export { createContext, createCountProcedure, createCreateProcedure, createDeleteProcedure, createDynamicRouter, createFindByIDProcedure, createFindProcedure, createKyroServer, createUpdateProcedure } from './chunk-OUGKLCYF.js';
+import { buildGraphQLSchema } from './chunk-KWGNR4HM.js';
+export { buildGraphQLSchema, createGraphQLSchema } from './chunk-KWGNR4HM.js';
+import { InMemoryRateLimiter, generateToken, defaultExtractToken, createHonoApp } from './chunk-6MSSF46R.js';
+export { InMemoryRateLimiter, createHonoApp, createRESTAPI } from './chunk-6MSSF46R.js';
+import { EmailTransport, ConfigService } from './chunk-HYC4GNHX.js';
+export { ConfigService, EmailTransport } from './chunk-HYC4GNHX.js';
+import './chunk-YT7HXXVN.js';
+export { ALL_WEBHOOK_EVENTS, WEBHOOK_COLLECTION, WEBHOOK_DELIVERY_COLLECTION, WEBHOOK_EVENTS, WebhookService, buildDeliveryRecord, createTestPayload, createWebhookService, deliverWebhook, deliverWithRetry, evaluateAccess, generateWebhookSecret, getWhereClause, mergeWhereClauses, signPayload } from './chunk-E5X75WNB.js';
 import { KyroPubSub, createWSServer } from './chunk-3TPQ2BU6.js';
 export { KyroPubSub, KyroWSServer, PubSub, createWSServer } from './chunk-3TPQ2BU6.js';
-export { DrizzleAdapter, collectionToDrizzleSchema, createDrizzleAdapter, fieldToDrizzleType } from './chunk-EINVJPFM.js';
-export { PostgresAuthAdapter } from './chunk-QUJ4OLSC.js';
-export { createDatabase, runMigrations, seedDefaultRoles } from './chunk-LRTZJJPD.js';
-import './chunk-XTZSUDSI.js';
+import { genId } from './chunk-BTOE3VUK.js';
+export { DrizzleAdapter, collectionToDrizzleSchema, createDatabase, createDrizzleAdapter, fieldToDrizzleType, runMigrations, seedDefaultRoles } from './chunk-BTOE3VUK.js';
+export { PostgresAuthAdapter } from './chunk-U74F3YZU.js';
+import './chunk-LTRCYJAG.js';
 export { MongoDBAdapter, createMongoDBAdapter } from './chunk-DIC236EW.js';
 import { AbstractBaseAdapter } from './chunk-BXMWDUED.js';
 export { AbstractBaseAdapter } from './chunk-BXMWDUED.js';
-import { __require } from './chunk-NSBPE2FW.js';
+import { __esm, __export, __require, __toCommonJS } from './chunk-Z6ZWNWWR.js';
+import { Readable, Writable } from 'stream';
+import { Agent, request } from 'https';
+import http2, { constants } from 'http2';
 import { z } from 'zod';
 export { z } from 'zod';
 import bcrypt from 'bcrypt';
-import jwt2 from 'jsonwebtoken';
-import { randomBytes } from 'crypto';
+import jwt from 'jsonwebtoken';
+import { randomBytes, createHash } from 'crypto';
+import path, { join, basename, extname } from 'path';
+import { readdir, stat, rename, unlink, writeFile, mkdir } from 'fs/promises';
+import { existsSync } from 'fs';
+import { S3Client, HeadObjectCommand, ListObjectsV2Command, CopyObjectCommand, DeleteObjectCommand, PutObjectCommand } from '@aws-sdk/client-s3';
+import { Client } from 'basic-ftp';
+import sharp from 'sharp';
+
+// node_modules/@smithy/protocol-http/dist-es/extensions/httpExtensionConfiguration.js
+var init_httpExtensionConfiguration = __esm({
+  "node_modules/@smithy/protocol-http/dist-es/extensions/httpExtensionConfiguration.js"() {
+  }
+});
+
+// node_modules/@smithy/protocol-http/dist-es/extensions/index.js
+var init_extensions = __esm({
+  "node_modules/@smithy/protocol-http/dist-es/extensions/index.js"() {
+    init_httpExtensionConfiguration();
+  }
+});
+
+// node_modules/@smithy/protocol-http/dist-es/Field.js
+var init_Field = __esm({
+  "node_modules/@smithy/protocol-http/dist-es/Field.js"() {
+  }
+});
+
+// node_modules/@smithy/protocol-http/dist-es/Fields.js
+var init_Fields = __esm({
+  "node_modules/@smithy/protocol-http/dist-es/Fields.js"() {
+  }
+});
+
+// node_modules/@smithy/protocol-http/dist-es/httpHandler.js
+var init_httpHandler = __esm({
+  "node_modules/@smithy/protocol-http/dist-es/httpHandler.js"() {
+  }
+});
+
+// node_modules/@smithy/protocol-http/dist-es/httpRequest.js
+var init_httpRequest = __esm({
+  "node_modules/@smithy/protocol-http/dist-es/httpRequest.js"() {
+  }
+});
+
+// node_modules/@smithy/protocol-http/dist-es/httpResponse.js
+var HttpResponse;
+var init_httpResponse = __esm({
+  "node_modules/@smithy/protocol-http/dist-es/httpResponse.js"() {
+    HttpResponse = class {
+      statusCode;
+      reason;
+      headers;
+      body;
+      constructor(options) {
+        this.statusCode = options.statusCode;
+        this.reason = options.reason;
+        this.headers = options.headers || {};
+        this.body = options.body;
+      }
+      static isInstance(response) {
+        if (!response)
+          return false;
+        const resp = response;
+        return typeof resp.statusCode === "number" && typeof resp.headers === "object";
+      }
+    };
+  }
+});
+
+// node_modules/@smithy/protocol-http/dist-es/isValidHostname.js
+var init_isValidHostname = __esm({
+  "node_modules/@smithy/protocol-http/dist-es/isValidHostname.js"() {
+  }
+});
+
+// node_modules/@smithy/protocol-http/dist-es/types.js
+var init_types = __esm({
+  "node_modules/@smithy/protocol-http/dist-es/types.js"() {
+  }
+});
+
+// node_modules/@smithy/protocol-http/dist-es/index.js
+var init_dist_es = __esm({
+  "node_modules/@smithy/protocol-http/dist-es/index.js"() {
+    init_extensions();
+    init_Field();
+    init_Fields();
+    init_httpHandler();
+    init_httpRequest();
+    init_httpResponse();
+    init_isValidHostname();
+    init_types();
+  }
+});
+
+// node_modules/@smithy/util-uri-escape/dist-es/escape-uri.js
+var escapeUri, hexEncode;
+var init_escape_uri = __esm({
+  "node_modules/@smithy/util-uri-escape/dist-es/escape-uri.js"() {
+    escapeUri = (uri) => encodeURIComponent(uri).replace(/[!'()*]/g, hexEncode);
+    hexEncode = (c) => `%${c.charCodeAt(0).toString(16).toUpperCase()}`;
+  }
+});
+
+// node_modules/@smithy/util-uri-escape/dist-es/escape-uri-path.js
+var init_escape_uri_path = __esm({
+  "node_modules/@smithy/util-uri-escape/dist-es/escape-uri-path.js"() {
+  }
+});
+
+// node_modules/@smithy/util-uri-escape/dist-es/index.js
+var init_dist_es2 = __esm({
+  "node_modules/@smithy/util-uri-escape/dist-es/index.js"() {
+    init_escape_uri();
+    init_escape_uri_path();
+  }
+});
+
+// node_modules/@smithy/querystring-builder/dist-es/index.js
+function buildQueryString(query) {
+  const parts = [];
+  for (let key of Object.keys(query).sort()) {
+    const value = query[key];
+    key = escapeUri(key);
+    if (Array.isArray(value)) {
+      for (let i = 0, iLen = value.length; i < iLen; i++) {
+        parts.push(`${key}=${escapeUri(value[i])}`);
+      }
+    } else {
+      let qsEntry = key;
+      if (value || typeof value === "string") {
+        qsEntry += `=${escapeUri(value)}`;
+      }
+      parts.push(qsEntry);
+    }
+  }
+  return parts.join("&");
+}
+var init_dist_es3 = __esm({
+  "node_modules/@smithy/querystring-builder/dist-es/index.js"() {
+    init_dist_es2();
+  }
+});
+
+// node_modules/@smithy/node-http-handler/dist-es/build-abort-error.js
+function buildAbortError(abortSignal) {
+  const reason = abortSignal && typeof abortSignal === "object" && "reason" in abortSignal ? abortSignal.reason : void 0;
+  if (reason) {
+    if (reason instanceof Error) {
+      const abortError3 = new Error("Request aborted");
+      abortError3.name = "AbortError";
+      abortError3.cause = reason;
+      return abortError3;
+    }
+    const abortError2 = new Error(String(reason));
+    abortError2.name = "AbortError";
+    return abortError2;
+  }
+  const abortError = new Error("Request aborted");
+  abortError.name = "AbortError";
+  return abortError;
+}
+var init_build_abort_error = __esm({
+  "node_modules/@smithy/node-http-handler/dist-es/build-abort-error.js"() {
+  }
+});
+
+// node_modules/@smithy/node-http-handler/dist-es/constants.js
+var NODEJS_TIMEOUT_ERROR_CODES;
+var init_constants = __esm({
+  "node_modules/@smithy/node-http-handler/dist-es/constants.js"() {
+    NODEJS_TIMEOUT_ERROR_CODES = ["ECONNRESET", "EPIPE", "ETIMEDOUT"];
+  }
+});
+
+// node_modules/@smithy/node-http-handler/dist-es/get-transformed-headers.js
+var getTransformedHeaders;
+var init_get_transformed_headers = __esm({
+  "node_modules/@smithy/node-http-handler/dist-es/get-transformed-headers.js"() {
+    getTransformedHeaders = (headers) => {
+      const transformedHeaders = {};
+      for (const name of Object.keys(headers)) {
+        const headerValues = headers[name];
+        transformedHeaders[name] = Array.isArray(headerValues) ? headerValues.join(",") : headerValues;
+      }
+      return transformedHeaders;
+    };
+  }
+});
+
+// node_modules/@smithy/node-http-handler/dist-es/timing.js
+var timing;
+var init_timing = __esm({
+  "node_modules/@smithy/node-http-handler/dist-es/timing.js"() {
+    timing = {
+      setTimeout: (cb, ms) => setTimeout(cb, ms),
+      clearTimeout: (timeoutId) => clearTimeout(timeoutId)
+    };
+  }
+});
+
+// node_modules/@smithy/node-http-handler/dist-es/set-connection-timeout.js
+var DEFER_EVENT_LISTENER_TIME, setConnectionTimeout;
+var init_set_connection_timeout = __esm({
+  "node_modules/@smithy/node-http-handler/dist-es/set-connection-timeout.js"() {
+    init_timing();
+    DEFER_EVENT_LISTENER_TIME = 1e3;
+    setConnectionTimeout = (request, reject, timeoutInMs = 0) => {
+      if (!timeoutInMs) {
+        return -1;
+      }
+      const registerTimeout = (offset) => {
+        const timeoutId = timing.setTimeout(() => {
+          request.destroy();
+          reject(Object.assign(new Error(`@smithy/node-http-handler - the request socket did not establish a connection with the server within the configured timeout of ${timeoutInMs} ms.`), {
+            name: "TimeoutError"
+          }));
+        }, timeoutInMs - offset);
+        const doWithSocket = (socket) => {
+          if (socket?.connecting) {
+            socket.on("connect", () => {
+              timing.clearTimeout(timeoutId);
+            });
+          } else {
+            timing.clearTimeout(timeoutId);
+          }
+        };
+        if (request.socket) {
+          doWithSocket(request.socket);
+        } else {
+          request.on("socket", doWithSocket);
+        }
+      };
+      if (timeoutInMs < 2e3) {
+        registerTimeout(0);
+        return 0;
+      }
+      return timing.setTimeout(registerTimeout.bind(null, DEFER_EVENT_LISTENER_TIME), DEFER_EVENT_LISTENER_TIME);
+    };
+  }
+});
+
+// node_modules/@smithy/node-http-handler/dist-es/set-request-timeout.js
+var setRequestTimeout;
+var init_set_request_timeout = __esm({
+  "node_modules/@smithy/node-http-handler/dist-es/set-request-timeout.js"() {
+    init_timing();
+    setRequestTimeout = (req, reject, timeoutInMs = 0, throwOnRequestTimeout, logger) => {
+      if (timeoutInMs) {
+        return timing.setTimeout(() => {
+          let msg = `@smithy/node-http-handler - [${throwOnRequestTimeout ? "ERROR" : "WARN"}] a request has exceeded the configured ${timeoutInMs} ms requestTimeout.`;
+          if (throwOnRequestTimeout) {
+            const error = Object.assign(new Error(msg), {
+              name: "TimeoutError",
+              code: "ETIMEDOUT"
+            });
+            req.destroy(error);
+            reject(error);
+          } else {
+            msg += ` Init client requestHandler with throwOnRequestTimeout=true to turn this into an error.`;
+            logger?.warn?.(msg);
+          }
+        }, timeoutInMs);
+      }
+      return -1;
+    };
+  }
+});
+
+// node_modules/@smithy/node-http-handler/dist-es/set-socket-keep-alive.js
+var DEFER_EVENT_LISTENER_TIME2, setSocketKeepAlive;
+var init_set_socket_keep_alive = __esm({
+  "node_modules/@smithy/node-http-handler/dist-es/set-socket-keep-alive.js"() {
+    init_timing();
+    DEFER_EVENT_LISTENER_TIME2 = 3e3;
+    setSocketKeepAlive = (request, { keepAlive, keepAliveMsecs }, deferTimeMs = DEFER_EVENT_LISTENER_TIME2) => {
+      if (keepAlive !== true) {
+        return -1;
+      }
+      const registerListener = () => {
+        if (request.socket) {
+          request.socket.setKeepAlive(keepAlive, keepAliveMsecs || 0);
+        } else {
+          request.on("socket", (socket) => {
+            socket.setKeepAlive(keepAlive, keepAliveMsecs || 0);
+          });
+        }
+      };
+      if (deferTimeMs === 0) {
+        registerListener();
+        return 0;
+      }
+      return timing.setTimeout(registerListener, deferTimeMs);
+    };
+  }
+});
+
+// node_modules/@smithy/node-http-handler/dist-es/set-socket-timeout.js
+var DEFER_EVENT_LISTENER_TIME3, setSocketTimeout;
+var init_set_socket_timeout = __esm({
+  "node_modules/@smithy/node-http-handler/dist-es/set-socket-timeout.js"() {
+    init_timing();
+    DEFER_EVENT_LISTENER_TIME3 = 3e3;
+    setSocketTimeout = (request, reject, timeoutInMs = 0) => {
+      const registerTimeout = (offset) => {
+        const timeout = timeoutInMs - offset;
+        const onTimeout = () => {
+          request.destroy();
+          reject(Object.assign(new Error(`@smithy/node-http-handler - the request socket timed out after ${timeoutInMs} ms of inactivity (configured by client requestHandler).`), { name: "TimeoutError" }));
+        };
+        if (request.socket) {
+          request.socket.setTimeout(timeout, onTimeout);
+          request.on("close", () => request.socket?.removeListener("timeout", onTimeout));
+        } else {
+          request.setTimeout(timeout, onTimeout);
+        }
+      };
+      if (0 < timeoutInMs && timeoutInMs < 6e3) {
+        registerTimeout(0);
+        return 0;
+      }
+      return timing.setTimeout(registerTimeout.bind(null, timeoutInMs === 0 ? 0 : DEFER_EVENT_LISTENER_TIME3), DEFER_EVENT_LISTENER_TIME3);
+    };
+  }
+});
+async function writeRequestBody(httpRequest, request, maxContinueTimeoutMs = MIN_WAIT_TIME, externalAgent = false) {
+  const headers = request.headers ?? {};
+  const expect = headers.Expect || headers.expect;
+  let timeoutId = -1;
+  let sendBody = true;
+  if (!externalAgent && expect === "100-continue") {
+    sendBody = await Promise.race([
+      new Promise((resolve) => {
+        timeoutId = Number(timing.setTimeout(() => resolve(true), Math.max(MIN_WAIT_TIME, maxContinueTimeoutMs)));
+      }),
+      new Promise((resolve) => {
+        httpRequest.on("continue", () => {
+          timing.clearTimeout(timeoutId);
+          resolve(true);
+        });
+        httpRequest.on("response", () => {
+          timing.clearTimeout(timeoutId);
+          resolve(false);
+        });
+        httpRequest.on("error", () => {
+          timing.clearTimeout(timeoutId);
+          resolve(false);
+        });
+      })
+    ]);
+  }
+  if (sendBody) {
+    writeBody(httpRequest, request.body);
+  }
+}
+function writeBody(httpRequest, body) {
+  if (body instanceof Readable) {
+    body.pipe(httpRequest);
+    return;
+  }
+  if (body) {
+    const isBuffer = Buffer.isBuffer(body);
+    const isString = typeof body === "string";
+    if (isBuffer || isString) {
+      if (isBuffer && body.byteLength === 0) {
+        httpRequest.end();
+      } else {
+        httpRequest.end(body);
+      }
+      return;
+    }
+    const uint8 = body;
+    if (typeof uint8 === "object" && uint8.buffer && typeof uint8.byteOffset === "number" && typeof uint8.byteLength === "number") {
+      httpRequest.end(Buffer.from(uint8.buffer, uint8.byteOffset, uint8.byteLength));
+      return;
+    }
+    httpRequest.end(Buffer.from(body));
+    return;
+  }
+  httpRequest.end();
+}
+var MIN_WAIT_TIME;
+var init_write_request_body = __esm({
+  "node_modules/@smithy/node-http-handler/dist-es/write-request-body.js"() {
+    init_timing();
+    MIN_WAIT_TIME = 6e3;
+  }
+});
+var DEFAULT_REQUEST_TIMEOUT, hAgent, hRequest, NodeHttpHandler;
+var init_node_http_handler = __esm({
+  "node_modules/@smithy/node-http-handler/dist-es/node-http-handler.js"() {
+    init_dist_es();
+    init_dist_es3();
+    init_build_abort_error();
+    init_constants();
+    init_get_transformed_headers();
+    init_set_connection_timeout();
+    init_set_request_timeout();
+    init_set_socket_keep_alive();
+    init_set_socket_timeout();
+    init_timing();
+    init_write_request_body();
+    DEFAULT_REQUEST_TIMEOUT = 0;
+    hAgent = void 0;
+    hRequest = void 0;
+    NodeHttpHandler = class _NodeHttpHandler {
+      config;
+      configProvider;
+      socketWarningTimestamp = 0;
+      externalAgent = false;
+      metadata = { handlerProtocol: "http/1.1" };
+      static create(instanceOrOptions) {
+        if (typeof instanceOrOptions?.handle === "function") {
+          return instanceOrOptions;
+        }
+        return new _NodeHttpHandler(instanceOrOptions);
+      }
+      static checkSocketUsage(agent, socketWarningTimestamp, logger = console) {
+        const { sockets, requests, maxSockets } = agent;
+        if (typeof maxSockets !== "number" || maxSockets === Infinity) {
+          return socketWarningTimestamp;
+        }
+        const interval = 15e3;
+        if (Date.now() - interval < socketWarningTimestamp) {
+          return socketWarningTimestamp;
+        }
+        if (sockets && requests) {
+          for (const origin in sockets) {
+            const socketsInUse = sockets[origin]?.length ?? 0;
+            const requestsEnqueued = requests[origin]?.length ?? 0;
+            if (socketsInUse >= maxSockets && requestsEnqueued >= 2 * maxSockets) {
+              logger?.warn?.(`@smithy/node-http-handler:WARN - socket usage at capacity=${socketsInUse} and ${requestsEnqueued} additional requests are enqueued.
+See https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/node-configuring-maxsockets.html
+or increase socketAcquisitionWarningTimeout=(millis) in the NodeHttpHandler config.`);
+              return Date.now();
+            }
+          }
+        }
+        return socketWarningTimestamp;
+      }
+      constructor(options) {
+        this.configProvider = new Promise((resolve, reject) => {
+          if (typeof options === "function") {
+            options().then((_options) => {
+              resolve(this.resolveDefaultConfig(_options));
+            }).catch(reject);
+          } else {
+            resolve(this.resolveDefaultConfig(options));
+          }
+        });
+      }
+      destroy() {
+        this.config?.httpAgent?.destroy();
+        this.config?.httpsAgent?.destroy();
+      }
+      async handle(request$1, { abortSignal, requestTimeout } = {}) {
+        if (!this.config) {
+          this.config = await this.configProvider;
+        }
+        const config = this.config;
+        const isSSL = request$1.protocol === "https:";
+        if (!isSSL && !this.config.httpAgent) {
+          this.config.httpAgent = await this.config.httpAgentProvider();
+        }
+        return new Promise((_resolve, _reject) => {
+          let writeRequestBodyPromise = void 0;
+          const timeouts = [];
+          const resolve = async (arg) => {
+            await writeRequestBodyPromise;
+            timeouts.forEach(timing.clearTimeout);
+            _resolve(arg);
+          };
+          const reject = async (arg) => {
+            await writeRequestBodyPromise;
+            timeouts.forEach(timing.clearTimeout);
+            _reject(arg);
+          };
+          if (abortSignal?.aborted) {
+            const abortError = buildAbortError(abortSignal);
+            reject(abortError);
+            return;
+          }
+          const headers = request$1.headers ?? {};
+          const expectContinue = (headers.Expect ?? headers.expect) === "100-continue";
+          let agent = isSSL ? config.httpsAgent : config.httpAgent;
+          if (expectContinue && !this.externalAgent) {
+            agent = new (isSSL ? Agent : hAgent)({
+              keepAlive: false,
+              maxSockets: Infinity
+            });
+          }
+          timeouts.push(timing.setTimeout(() => {
+            this.socketWarningTimestamp = _NodeHttpHandler.checkSocketUsage(agent, this.socketWarningTimestamp, config.logger);
+          }, config.socketAcquisitionWarningTimeout ?? (config.requestTimeout ?? 2e3) + (config.connectionTimeout ?? 1e3)));
+          const queryString = buildQueryString(request$1.query || {});
+          let auth = void 0;
+          if (request$1.username != null || request$1.password != null) {
+            const username = request$1.username ?? "";
+            const password = request$1.password ?? "";
+            auth = `${username}:${password}`;
+          }
+          let path2 = request$1.path;
+          if (queryString) {
+            path2 += `?${queryString}`;
+          }
+          if (request$1.fragment) {
+            path2 += `#${request$1.fragment}`;
+          }
+          let hostname = request$1.hostname ?? "";
+          if (hostname[0] === "[" && hostname.endsWith("]")) {
+            hostname = request$1.hostname.slice(1, -1);
+          } else {
+            hostname = request$1.hostname;
+          }
+          const nodeHttpsOptions = {
+            headers: request$1.headers,
+            host: hostname,
+            method: request$1.method,
+            path: path2,
+            port: request$1.port,
+            agent,
+            auth
+          };
+          const requestFunc = isSSL ? request : hRequest;
+          const req = requestFunc(nodeHttpsOptions, (res) => {
+            const httpResponse = new HttpResponse({
+              statusCode: res.statusCode || -1,
+              reason: res.statusMessage,
+              headers: getTransformedHeaders(res.headers),
+              body: res
+            });
+            resolve({ response: httpResponse });
+          });
+          req.on("error", (err) => {
+            if (NODEJS_TIMEOUT_ERROR_CODES.includes(err.code)) {
+              reject(Object.assign(err, { name: "TimeoutError" }));
+            } else {
+              reject(err);
+            }
+          });
+          if (abortSignal) {
+            const onAbort = () => {
+              req.destroy();
+              const abortError = buildAbortError(abortSignal);
+              reject(abortError);
+            };
+            if (typeof abortSignal.addEventListener === "function") {
+              const signal = abortSignal;
+              signal.addEventListener("abort", onAbort, { once: true });
+              req.once("close", () => signal.removeEventListener("abort", onAbort));
+            } else {
+              abortSignal.onabort = onAbort;
+            }
+          }
+          const effectiveRequestTimeout = requestTimeout ?? config.requestTimeout;
+          timeouts.push(setConnectionTimeout(req, reject, config.connectionTimeout));
+          timeouts.push(setRequestTimeout(req, reject, effectiveRequestTimeout, config.throwOnRequestTimeout, config.logger ?? console));
+          timeouts.push(setSocketTimeout(req, reject, config.socketTimeout));
+          const httpAgent = nodeHttpsOptions.agent;
+          if (typeof httpAgent === "object" && "keepAlive" in httpAgent) {
+            timeouts.push(setSocketKeepAlive(req, {
+              keepAlive: httpAgent.keepAlive,
+              keepAliveMsecs: httpAgent.keepAliveMsecs
+            }));
+          }
+          writeRequestBodyPromise = writeRequestBody(req, request$1, effectiveRequestTimeout, this.externalAgent).catch((e) => {
+            timeouts.forEach(timing.clearTimeout);
+            return _reject(e);
+          });
+        });
+      }
+      updateHttpClientConfig(key, value) {
+        this.config = void 0;
+        this.configProvider = this.configProvider.then((config) => {
+          return {
+            ...config,
+            [key]: value
+          };
+        });
+      }
+      httpHandlerConfigs() {
+        return this.config ?? {};
+      }
+      resolveDefaultConfig(options) {
+        const { requestTimeout, connectionTimeout, socketTimeout, socketAcquisitionWarningTimeout, httpAgent, httpsAgent, throwOnRequestTimeout, logger } = options || {};
+        const keepAlive = true;
+        const maxSockets = 50;
+        return {
+          connectionTimeout,
+          requestTimeout,
+          socketTimeout,
+          socketAcquisitionWarningTimeout,
+          throwOnRequestTimeout,
+          httpAgentProvider: async () => {
+            const { Agent, request } = await import('http');
+            hRequest = request;
+            hAgent = Agent;
+            if (httpAgent instanceof hAgent || typeof httpAgent?.destroy === "function") {
+              this.externalAgent = true;
+              return httpAgent;
+            }
+            return new hAgent({ keepAlive, maxSockets, ...httpAgent });
+          },
+          httpsAgent: (() => {
+            if (httpsAgent instanceof Agent || typeof httpsAgent?.destroy === "function") {
+              this.externalAgent = true;
+              return httpsAgent;
+            }
+            return new Agent({ keepAlive, maxSockets, ...httpsAgent });
+          })(),
+          logger
+        };
+      }
+    };
+  }
+});
+
+// node_modules/@smithy/node-http-handler/dist-es/node-http2-connection-pool.js
+var NodeHttp2ConnectionPool;
+var init_node_http2_connection_pool = __esm({
+  "node_modules/@smithy/node-http-handler/dist-es/node-http2-connection-pool.js"() {
+    NodeHttp2ConnectionPool = class {
+      sessions = [];
+      constructor(sessions) {
+        this.sessions = sessions ?? [];
+      }
+      poll() {
+        if (this.sessions.length > 0) {
+          return this.sessions.shift();
+        }
+      }
+      offerLast(session) {
+        this.sessions.push(session);
+      }
+      contains(session) {
+        return this.sessions.includes(session);
+      }
+      remove(session) {
+        this.sessions = this.sessions.filter((s) => s !== session);
+      }
+      [Symbol.iterator]() {
+        return this.sessions[Symbol.iterator]();
+      }
+      destroy(connection) {
+        for (const session of this.sessions) {
+          if (session === connection) {
+            if (!session.destroyed) {
+              session.destroy();
+            }
+          }
+        }
+      }
+    };
+  }
+});
+var NodeHttp2ConnectionManager;
+var init_node_http2_connection_manager = __esm({
+  "node_modules/@smithy/node-http-handler/dist-es/node-http2-connection-manager.js"() {
+    init_node_http2_connection_pool();
+    NodeHttp2ConnectionManager = class {
+      constructor(config) {
+        this.config = config;
+        if (this.config.maxConcurrency && this.config.maxConcurrency <= 0) {
+          throw new RangeError("maxConcurrency must be greater than zero.");
+        }
+      }
+      config;
+      sessionCache = /* @__PURE__ */ new Map();
+      lease(requestContext, connectionConfiguration) {
+        const url = this.getUrlString(requestContext);
+        const existingPool = this.sessionCache.get(url);
+        if (existingPool) {
+          const existingSession = existingPool.poll();
+          if (existingSession && !this.config.disableConcurrency) {
+            return existingSession;
+          }
+        }
+        const session = http2.connect(url);
+        if (this.config.maxConcurrency) {
+          session.settings({ maxConcurrentStreams: this.config.maxConcurrency }, (err) => {
+            if (err) {
+              throw new Error("Fail to set maxConcurrentStreams to " + this.config.maxConcurrency + "when creating new session for " + requestContext.destination.toString());
+            }
+          });
+        }
+        session.unref();
+        const destroySessionCb = () => {
+          session.destroy();
+          this.deleteSession(url, session);
+        };
+        session.on("goaway", destroySessionCb);
+        session.on("error", destroySessionCb);
+        session.on("frameError", destroySessionCb);
+        session.on("close", () => this.deleteSession(url, session));
+        if (connectionConfiguration.requestTimeout) {
+          session.setTimeout(connectionConfiguration.requestTimeout, destroySessionCb);
+        }
+        const connectionPool = this.sessionCache.get(url) || new NodeHttp2ConnectionPool();
+        connectionPool.offerLast(session);
+        this.sessionCache.set(url, connectionPool);
+        return session;
+      }
+      deleteSession(authority, session) {
+        const existingConnectionPool = this.sessionCache.get(authority);
+        if (!existingConnectionPool) {
+          return;
+        }
+        if (!existingConnectionPool.contains(session)) {
+          return;
+        }
+        existingConnectionPool.remove(session);
+        this.sessionCache.set(authority, existingConnectionPool);
+      }
+      release(requestContext, session) {
+        const cacheKey = this.getUrlString(requestContext);
+        this.sessionCache.get(cacheKey)?.offerLast(session);
+      }
+      destroy() {
+        for (const [key, connectionPool] of this.sessionCache) {
+          for (const session of connectionPool) {
+            if (!session.destroyed) {
+              session.destroy();
+            }
+            connectionPool.remove(session);
+          }
+          this.sessionCache.delete(key);
+        }
+      }
+      setMaxConcurrentStreams(maxConcurrentStreams) {
+        if (maxConcurrentStreams && maxConcurrentStreams <= 0) {
+          throw new RangeError("maxConcurrentStreams must be greater than zero.");
+        }
+        this.config.maxConcurrency = maxConcurrentStreams;
+      }
+      setDisableConcurrentStreams(disableConcurrentStreams) {
+        this.config.disableConcurrency = disableConcurrentStreams;
+      }
+      getUrlString(request) {
+        return request.destination.toString();
+      }
+    };
+  }
+});
+var NodeHttp2Handler;
+var init_node_http2_handler = __esm({
+  "node_modules/@smithy/node-http-handler/dist-es/node-http2-handler.js"() {
+    init_dist_es();
+    init_dist_es3();
+    init_build_abort_error();
+    init_get_transformed_headers();
+    init_node_http2_connection_manager();
+    init_write_request_body();
+    NodeHttp2Handler = class _NodeHttp2Handler {
+      config;
+      configProvider;
+      metadata = { handlerProtocol: "h2" };
+      connectionManager = new NodeHttp2ConnectionManager({});
+      static create(instanceOrOptions) {
+        if (typeof instanceOrOptions?.handle === "function") {
+          return instanceOrOptions;
+        }
+        return new _NodeHttp2Handler(instanceOrOptions);
+      }
+      constructor(options) {
+        this.configProvider = new Promise((resolve, reject) => {
+          if (typeof options === "function") {
+            options().then((opts) => {
+              resolve(opts || {});
+            }).catch(reject);
+          } else {
+            resolve(options || {});
+          }
+        });
+      }
+      destroy() {
+        this.connectionManager.destroy();
+      }
+      async handle(request, { abortSignal, requestTimeout } = {}) {
+        if (!this.config) {
+          this.config = await this.configProvider;
+          this.connectionManager.setDisableConcurrentStreams(this.config.disableConcurrentStreams || false);
+          if (this.config.maxConcurrentStreams) {
+            this.connectionManager.setMaxConcurrentStreams(this.config.maxConcurrentStreams);
+          }
+        }
+        const { requestTimeout: configRequestTimeout, disableConcurrentStreams } = this.config;
+        const effectiveRequestTimeout = requestTimeout ?? configRequestTimeout;
+        return new Promise((_resolve, _reject) => {
+          let fulfilled = false;
+          let writeRequestBodyPromise = void 0;
+          const resolve = async (arg) => {
+            await writeRequestBodyPromise;
+            _resolve(arg);
+          };
+          const reject = async (arg) => {
+            await writeRequestBodyPromise;
+            _reject(arg);
+          };
+          if (abortSignal?.aborted) {
+            fulfilled = true;
+            const abortError = buildAbortError(abortSignal);
+            reject(abortError);
+            return;
+          }
+          const { hostname, method, port, protocol, query } = request;
+          let auth = "";
+          if (request.username != null || request.password != null) {
+            const username = request.username ?? "";
+            const password = request.password ?? "";
+            auth = `${username}:${password}@`;
+          }
+          const authority = `${protocol}//${auth}${hostname}${port ? `:${port}` : ""}`;
+          const requestContext = { destination: new URL(authority) };
+          const session = this.connectionManager.lease(requestContext, {
+            requestTimeout: this.config?.sessionTimeout,
+            disableConcurrentStreams: disableConcurrentStreams || false
+          });
+          const rejectWithDestroy = (err) => {
+            if (disableConcurrentStreams) {
+              this.destroySession(session);
+            }
+            fulfilled = true;
+            reject(err);
+          };
+          const queryString = buildQueryString(query || {});
+          let path2 = request.path;
+          if (queryString) {
+            path2 += `?${queryString}`;
+          }
+          if (request.fragment) {
+            path2 += `#${request.fragment}`;
+          }
+          const req = session.request({
+            ...request.headers,
+            [constants.HTTP2_HEADER_PATH]: path2,
+            [constants.HTTP2_HEADER_METHOD]: method
+          });
+          session.ref();
+          req.on("response", (headers) => {
+            const httpResponse = new HttpResponse({
+              statusCode: headers[":status"] || -1,
+              headers: getTransformedHeaders(headers),
+              body: req
+            });
+            fulfilled = true;
+            resolve({ response: httpResponse });
+            if (disableConcurrentStreams) {
+              session.close();
+              this.connectionManager.deleteSession(authority, session);
+            }
+          });
+          if (effectiveRequestTimeout) {
+            req.setTimeout(effectiveRequestTimeout, () => {
+              req.close();
+              const timeoutError = new Error(`Stream timed out because of no activity for ${effectiveRequestTimeout} ms`);
+              timeoutError.name = "TimeoutError";
+              rejectWithDestroy(timeoutError);
+            });
+          }
+          if (abortSignal) {
+            const onAbort = () => {
+              req.close();
+              const abortError = buildAbortError(abortSignal);
+              rejectWithDestroy(abortError);
+            };
+            if (typeof abortSignal.addEventListener === "function") {
+              const signal = abortSignal;
+              signal.addEventListener("abort", onAbort, { once: true });
+              req.once("close", () => signal.removeEventListener("abort", onAbort));
+            } else {
+              abortSignal.onabort = onAbort;
+            }
+          }
+          req.on("frameError", (type, code, id) => {
+            rejectWithDestroy(new Error(`Frame type id ${type} in stream id ${id} has failed with code ${code}.`));
+          });
+          req.on("error", rejectWithDestroy);
+          req.on("aborted", () => {
+            rejectWithDestroy(new Error(`HTTP/2 stream is abnormally aborted in mid-communication with result code ${req.rstCode}.`));
+          });
+          req.on("close", () => {
+            session.unref();
+            if (disableConcurrentStreams) {
+              session.destroy();
+            }
+            if (!fulfilled) {
+              rejectWithDestroy(new Error("Unexpected error: http2 request did not get a response"));
+            }
+          });
+          writeRequestBodyPromise = writeRequestBody(req, request, effectiveRequestTimeout);
+        });
+      }
+      updateHttpClientConfig(key, value) {
+        this.config = void 0;
+        this.configProvider = this.configProvider.then((config) => {
+          return {
+            ...config,
+            [key]: value
+          };
+        });
+      }
+      httpHandlerConfigs() {
+        return this.config ?? {};
+      }
+      destroySession(session) {
+        if (!session.destroyed) {
+          session.destroy();
+        }
+      }
+    };
+  }
+});
+var Collector;
+var init_collector = __esm({
+  "node_modules/@smithy/node-http-handler/dist-es/stream-collector/collector.js"() {
+    Collector = class extends Writable {
+      bufferedBytes = [];
+      _write(chunk, encoding, callback) {
+        this.bufferedBytes.push(chunk);
+        callback();
+      }
+    };
+  }
+});
+
+// node_modules/@smithy/node-http-handler/dist-es/stream-collector/index.js
+async function collectReadableStream(stream) {
+  const chunks = [];
+  const reader = stream.getReader();
+  let isDone = false;
+  let length = 0;
+  while (!isDone) {
+    const { done, value } = await reader.read();
+    if (value) {
+      chunks.push(value);
+      length += value.length;
+    }
+    isDone = done;
+  }
+  const collected = new Uint8Array(length);
+  let offset = 0;
+  for (const chunk of chunks) {
+    collected.set(chunk, offset);
+    offset += chunk.length;
+  }
+  return collected;
+}
+var streamCollector, isReadableStreamInstance;
+var init_stream_collector = __esm({
+  "node_modules/@smithy/node-http-handler/dist-es/stream-collector/index.js"() {
+    init_collector();
+    streamCollector = (stream) => {
+      if (isReadableStreamInstance(stream)) {
+        return collectReadableStream(stream);
+      }
+      return new Promise((resolve, reject) => {
+        const collector = new Collector();
+        stream.pipe(collector);
+        stream.on("error", (err) => {
+          collector.end();
+          reject(err);
+        });
+        collector.on("error", reject);
+        collector.on("finish", function() {
+          const bytes = new Uint8Array(Buffer.concat(this.bufferedBytes));
+          resolve(bytes);
+        });
+      });
+    };
+    isReadableStreamInstance = (stream) => typeof ReadableStream === "function" && stream instanceof ReadableStream;
+  }
+});
+
+// node_modules/@smithy/node-http-handler/dist-es/index.js
+var dist_es_exports = {};
+__export(dist_es_exports, {
+  DEFAULT_REQUEST_TIMEOUT: () => DEFAULT_REQUEST_TIMEOUT,
+  NodeHttp2Handler: () => NodeHttp2Handler,
+  NodeHttpHandler: () => NodeHttpHandler,
+  streamCollector: () => streamCollector
+});
+var init_dist_es4 = __esm({
+  "node_modules/@smithy/node-http-handler/dist-es/index.js"() {
+    init_node_http_handler();
+    init_node_http2_handler();
+    init_stream_collector();
+  }
+});
 
 // src/registry/validator.ts
 var ConfigValidationError = class extends Error {
@@ -377,10 +1371,7 @@ function checkboxToZod(field) {
   return schema;
 }
 function dateToZod(field) {
-  let schema = z.string().refine(
-    (val) => !isNaN(Date.parse(val)),
-    "Invalid date format"
-  );
+  let schema = z.string().refine((val) => !isNaN(Date.parse(val)), "Invalid date format");
   if (field.minDate) {
     schema = schema.refine(
       (val) => new Date(val) >= new Date(field.minDate),
@@ -438,19 +1429,28 @@ function radioToZod(field) {
 }
 function colorToZod(field) {
   let schema = z.string();
-  if (field.format === "hex") schema = schema.regex(/^#[0-9A-Fa-f]{6}$/);
-  if (field.format === "rgb") schema = schema.regex(/^rgb\(\s*\d{1,3}\s*,\s*\d{1,3}\s*,\s*\d{1,3}\s*\)$/);
-  if (field.format === "hsl") schema = schema.regex(/^hsl\(\s*\d{1,3}\s*,\s*\d{1,3}%\s*,\s*\d{1,3}%\s*\)$/);
+  if (field.format === "hex")
+    schema = schema.regex(/^#[0-9A-Fa-f]{6}$/);
+  if (field.format === "rgb")
+    schema = schema.regex(
+      /^rgb\(\s*\d{1,3}\s*,\s*\d{1,3}\s*,\s*\d{1,3}\s*\)$/
+    );
+  if (field.format === "hsl")
+    schema = schema.regex(
+      /^hsl\(\s*\d{1,3}\s*,\s*\d{1,3}%\s*,\s*\d{1,3}%\s*\)$/
+    );
   if (!field.required) schema = schema.optional();
   if (field.validate) schema = addCustomValidation(schema, field.validate);
   return schema;
 }
 function richTextToZod(field) {
-  let schema = z.array(z.object({
-    type: z.string(),
-    data: z.record(z.any()),
-    children: z.array(z.any()).optional()
-  }));
+  let schema = z.array(
+    z.object({
+      type: z.string(),
+      data: z.record(z.any()),
+      children: z.array(z.any()).optional()
+    })
+  );
   if (!field.required) schema = schema.optional();
   if (field.validate) schema = addCustomValidation(schema, field.validate);
   return schema;
@@ -516,7 +1516,8 @@ function groupToZod(field) {
   return schema;
 }
 function blocksToZod(field) {
-  const blockSchemas = field.blocks.map((block) => {
+  const blocks = field.blocks || [];
+  const blockSchemas = blocks.map((block) => {
     return z.object({
       blockType: z.literal(block.slug),
       ...Object.fromEntries(
@@ -524,7 +1525,9 @@ function blocksToZod(field) {
       )
     });
   });
-  let schema = z.array(z.discriminatedUnion("blockType", blockSchemas));
+  let schema = z.array(
+    z.discriminatedUnion("blockType", blockSchemas)
+  );
   if (field.minRows) schema = schema.min(field.minRows);
   if (field.maxRows) schema = schema.max(field.maxRows);
   if (!field.required) schema = schema.optional();
@@ -984,6 +1987,7 @@ var Kyro = class {
   registry;
   db;
   pubsub;
+  settings;
   wsServer;
   config;
   constructor(config) {
@@ -1005,7 +2009,10 @@ var Kyro = class {
   }
   async init() {
     await this.registry.init();
-    await this.db.init(this.registry.getCollections(), this.registry.getGlobals());
+    await this.db.init(
+      this.registry.getCollections(),
+      this.registry.getGlobals()
+    );
     this.pubsub.autoRegisterHooks();
     console.log("\u2705 Kyro CMS initialized");
     console.log(`   Collections: ${this.registry.getCollections().length}`);
@@ -1014,19 +2021,37 @@ var Kyro = class {
   // ============================================================================
   // API Methods
   // ============================================================================
+  // Load settings from globals if not already loaded
+  async loadSettings() {
+    if (this.settings) return this.settings;
+    try {
+      const accessSettings = await this.db.findOne({
+        collection: "_globals",
+        where: { slug: "access-settings" }
+      });
+      if (accessSettings) {
+        this.settings = accessSettings.data;
+      }
+    } catch (e) {
+      console.log("\u26A0\uFE0F No access-settings found, using defaults");
+    }
+    return this.settings || {};
+  }
   getREST(options) {
     return createHonoApp({
       registry: this.registry,
       db: this.db,
       ...options,
-      cors: this.config.cors
+      cors: this.config.cors,
+      settings: this.settings
     });
   }
   getGraphQL(options) {
     return buildGraphQLSchema({
       registry: this.registry,
       db: this.db,
-      ...options
+      ...options,
+      settings: this.settings
     });
   }
   getTRPC(options) {
@@ -1034,14 +2059,20 @@ var Kyro = class {
       registry: this.registry,
       db: this.db,
       req: options?.req || { headers: {} },
-      ...options
+      ...options,
+      settings: this.settings
     });
   }
   async startWebSocket(options) {
+    const apiAccess = this.settings?.access?.apiAccess;
+    if (apiAccess?.websocketEnabled === false) {
+      console.log("\u26A0\uFE0F WebSocket is disabled in settings");
+      return null;
+    }
     this.wsServer = createWSServer({
       pubsub: this.pubsub,
       port: options?.port || 8080,
-      requireAuth: options?.requireAuth,
+      requireAuth: options?.requireAuth ?? apiAccess?.requireAuth,
       verifyToken: options?.verifyToken
     });
     console.log(`\u{1F50C} WebSocket server started on port ${options?.port || 8080}`);
@@ -1118,11 +2149,7 @@ var RELATIONAL_FIELD_TYPES = [
   "group",
   "blocks"
 ];
-var LAYOUT_FIELD_TYPES = [
-  "row",
-  "collapsible",
-  "tabs"
-];
+var LAYOUT_FIELD_TYPES = ["row", "collapsible", "tabs"];
 var ALL_FIELD_TYPES = [
   ...PRIMITIVE_FIELD_TYPES,
   ...COMPLEX_FIELD_TYPES,
@@ -1130,42 +2157,450 @@ var ALL_FIELD_TYPES = [
   ...LAYOUT_FIELD_TYPES
 ];
 
-// src/hooks/types.ts
-async function runHooks(hooks, args) {
-  let result = args.data;
-  for (const hook of hooks) {
-    const hookResult = await hook({
-      ...args,
-      data: result
-    });
-    if (hookResult !== void 0) {
-      result = hookResult;
-    }
-  }
-  return result;
+// src/fields/richtext.ts
+var MIN_COLUMNS = 1;
+var MAX_COLUMNS = 6;
+var richTextStyles = `
+.kyro-richtext {
+  color: inherit;
+  line-height: 1.7;
 }
-async function runFieldHooks(hooks, args) {
-  return runHooks(hooks, args);
+
+.kyro-richtext > *:first-child {
+  margin-top: 0;
 }
 
-// src/database/local/adapter.ts
-var LocalAdapter = class extends AbstractBaseAdapter {
-  db;
-  path;
-  migrations = /* @__PURE__ */ new Map();
-  constructor(options) {
-    super();
-    this.path = options.path;
-    if (options.db) {
-      this.db = options.db;
-    } else {
-      this.db = null;
-    }
-  }
-  async connect() {
-    if (!this.db) {
-      const Database = (await import('better-sqlite3')).default;
-      this.db = new Database(this.path || ":memory:");
+.kyro-richtext > *:last-child {
+  margin-bottom: 0;
+}
+
+.kyro-richtext p,
+.kyro-richtext ul,
+.kyro-richtext ol,
+.kyro-richtext blockquote,
+.kyro-richtext pre,
+.kyro-richtext kyro-callout,
+.kyro-richtext kyro-hero,
+.kyro-richtext kyro-heading,
+.kyro-richtext kyro-stack,
+.kyro-richtext kyro-columns {
+  margin: 0 0 1rem;
+}
+
+.kyro-richtext h1,
+.kyro-richtext h2,
+.kyro-richtext h3,
+.kyro-richtext h4,
+.kyro-richtext h5,
+.kyro-richtext h6 {
+  margin: 0 0 0.75rem;
+  line-height: 1.2;
+}
+
+.kyro-richtext ul,
+.kyro-richtext ol {
+  padding-left: 1.5rem;
+}
+
+.kyro-richtext blockquote {
+  border-left: 4px solid rgba(148, 163, 184, 0.5);
+  margin-left: 0;
+  padding-left: 1rem;
+  font-style: italic;
+}
+
+.kyro-richtext pre {
+  overflow-x: auto;
+  border-radius: 0.75rem;
+  background: rgba(15, 23, 42, 0.92);
+  color: #f8fafc;
+  padding: 1rem;
+}
+
+.kyro-richtext code {
+  font-family: ui-monospace, SFMono-Regular, Menlo, monospace;
+}
+
+.kyro-richtext img {
+  display: block;
+  max-width: 100%;
+  height: auto;
+  border-radius: 0.75rem;
+}
+
+.kyro-richtext kyro-columns {
+  display: grid;
+  grid-template-columns: repeat(var(--kyro-columns-count, 1), minmax(0, 1fr));
+  gap: 1rem;
+}
+
+.kyro-richtext kyro-column {
+  display: block;
+  min-width: 0;
+}
+
+.kyro-richtext kyro-column > *:last-child {
+  margin-bottom: 0;
+}
+
+.kyro-richtext kyro-hero,
+.kyro-richtext kyro-callout,
+.kyro-richtext kyro-stack,
+.kyro-richtext kyro-heading {
+  display: block;
+}
+
+.kyro-richtext kyro-hero {
+  border: 1px solid rgba(148, 163, 184, 0.25);
+  border-radius: 1rem;
+  padding: 1.5rem;
+  text-align: center;
+  background: linear-gradient(to bottom, rgba(148, 163, 184, 0.12), transparent);
+}
+
+.kyro-richtext kyro-heading {
+  font-size: 1.125rem;
+  font-weight: 700;
+}
+
+.kyro-richtext kyro-callout {
+  border: 1px solid rgba(59, 130, 246, 0.25);
+  border-radius: 0.875rem;
+  padding: 0.875rem 1rem;
+  background: rgba(59, 130, 246, 0.06);
+}
+
+@media (max-width: 720px) {
+  .kyro-richtext kyro-columns {
+    grid-template-columns: 1fr;
+  }
+}
+`.trim();
+function createEmptyParagraphNode() {
+  return {
+    type: "paragraph",
+    content: []
+  };
+}
+function createColumnNode(content = [createEmptyParagraphNode()]) {
+  return {
+    type: "kyroColumn",
+    content: content.length > 0 ? content : [createEmptyParagraphNode()]
+  };
+}
+function createColumnsNode(columns = 2) {
+  const count = clampColumns(columns);
+  return {
+    type: "kyroColumns",
+    attrs: { columns: count },
+    content: Array.from({ length: count }, () => createColumnNode())
+  };
+}
+function normalizeRichTextDocument(value) {
+  const documentNode = toRichTextDocument(value);
+  return {
+    type: "doc",
+    content: normalizeNodes(documentNode.content)
+  };
+}
+function normalizeRichTextValue(value) {
+  if (Array.isArray(value)) {
+    return normalizeRichTextDocument(value).content;
+  }
+  if (isObject(value) && value.type === "doc") {
+    return normalizeRichTextDocument(value);
+  }
+  return value;
+}
+function renderRichText(value) {
+  if (typeof value === "string") {
+    return `<div class="kyro-richtext">${value}</div>`;
+  }
+  const documentNode = normalizeRichTextDocument(value);
+  return `<div class="kyro-richtext">${renderNodes(documentNode.content)}</div>`;
+}
+function toRichTextDocument(value) {
+  if (Array.isArray(value)) {
+    return {
+      type: "doc",
+      content: normalizeNodes(value)
+    };
+  }
+  if (isObject(value) && value.type === "doc") {
+    const doc = value;
+    return {
+      type: "doc",
+      content: normalizeNodes(doc.content ?? [])
+    };
+  }
+  return {
+    type: "doc",
+    content: []
+  };
+}
+function normalizeNodes(nodes) {
+  return nodes.filter((node) => isObject(node) && typeof node.type === "string").map((node) => normalizeNode(node));
+}
+function normalizeNode(node) {
+  if (node.type === "kyroColumns") {
+    return normalizeColumnsNode(node);
+  }
+  if (node.type === "kyroColumn") {
+    const normalizedContent = normalizeNodes(
+      Array.isArray(node.content) ? node.content : []
+    ).filter((child) => child.type !== "kyroColumns");
+    return {
+      ...node,
+      content: normalizedContent.length > 0 ? normalizedContent : [createEmptyParagraphNode()]
+    };
+  }
+  if (Array.isArray(node.content)) {
+    return {
+      ...node,
+      content: normalizeNodes(node.content)
+    };
+  }
+  return {
+    ...node
+  };
+}
+function normalizeColumnsNode(node) {
+  const rawChildren = Array.isArray(node.content) ? node.content : [];
+  const hasStructuredColumns = rawChildren.every((child) => child?.type === "kyroColumn");
+  const targetColumns = clampColumns(
+    typeof node.attrs?.columns === "number" ? node.attrs.columns : hasStructuredColumns && rawChildren.length > 0 ? rawChildren.length : 2
+  );
+  const content = hasStructuredColumns ? normalizeStructuredColumns(rawChildren, targetColumns) : normalizeLegacyColumns(rawChildren, targetColumns);
+  return {
+    ...node,
+    attrs: {
+      ...node.attrs ?? {},
+      columns: content.length
+    },
+    content
+  };
+}
+function normalizeStructuredColumns(columns, targetColumns) {
+  const normalized = columns.slice(0, MAX_COLUMNS).map((column) => normalizeNode(column)).filter((column) => column.type === "kyroColumn");
+  if (normalized.length === 0) {
+    return Array.from({ length: targetColumns }, () => createColumnNode());
+  }
+  if (normalized.length > targetColumns) {
+    const kept = normalized.slice(0, targetColumns);
+    const extras = normalized.slice(targetColumns);
+    const mergedTail = extras.flatMap(
+      (column) => normalizeColumnChildren(column.content)
+    );
+    const lastIndex = kept.length - 1;
+    kept[lastIndex] = createColumnNode([
+      ...normalizeColumnChildren(kept[lastIndex].content),
+      ...mergedTail
+    ]);
+    return kept;
+  }
+  if (normalized.length < targetColumns) {
+    return [
+      ...normalized,
+      ...Array.from(
+        { length: targetColumns - normalized.length },
+        () => createColumnNode()
+      )
+    ];
+  }
+  return normalized;
+}
+function normalizeLegacyColumns(blocks, targetColumns) {
+  const normalizedBlocks = normalizeNodes(blocks);
+  return Array.from({ length: targetColumns }, (_, index) => {
+    if (index < targetColumns - 1) {
+      const block = normalizedBlocks[index];
+      return block ? createColumnNode([block]) : createColumnNode();
+    }
+    const tail = normalizedBlocks.slice(index);
+    return createColumnNode(tail.length > 0 ? tail : [createEmptyParagraphNode()]);
+  });
+}
+function normalizeColumnChildren(content) {
+  const children = Array.isArray(content) ? normalizeNodes(content) : [];
+  const filtered = children.filter((child) => child.type !== "kyroColumns");
+  return filtered.length > 0 ? filtered : [createEmptyParagraphNode()];
+}
+function renderNodes(nodes) {
+  return nodes.map((node) => renderNode(node)).join("");
+}
+function renderNode(node) {
+  switch (node.type) {
+    case "paragraph":
+      return `<p>${renderInlineContent(node.content)}</p>`;
+    case "text":
+      return renderTextNode(node);
+    case "heading": {
+      const level = clampHeadingLevel(node.attrs?.level);
+      return `<h${level}>${renderInlineContent(node.content)}</h${level}>`;
+    }
+    case "bulletList":
+      return `<ul>${renderNodes(node.content ?? [])}</ul>`;
+    case "orderedList":
+      return `<ol>${renderNodes(node.content ?? [])}</ol>`;
+    case "listItem":
+      return `<li>${renderNodes(node.content ?? [])}</li>`;
+    case "blockquote":
+      return `<blockquote>${renderNodes(node.content ?? [])}</blockquote>`;
+    case "codeBlock":
+      return `<pre><code>${escapeHtml(extractText(node.content ?? []))}</code></pre>`;
+    case "horizontalRule":
+      return "<hr />";
+    case "hardBreak":
+      return "<br />";
+    case "image":
+      return renderImageNode(node);
+    case "kyroColumns": {
+      const columns = clampColumns(
+        Array.isArray(node.content) ? node.content.length : 1
+      );
+      return `<kyro-columns data-columns="${columns}" style="--kyro-columns-count:${columns}">${renderNodes(node.content ?? [])}</kyro-columns>`;
+    }
+    case "kyroColumn":
+      return `<kyro-column>${renderNodes(node.content ?? [])}</kyro-column>`;
+    case "kyroHero":
+      return `<kyro-hero>${renderInlineContent(node.content)}</kyro-hero>`;
+    case "kyroHeading":
+      return `<kyro-heading>${renderInlineContent(node.content)}</kyro-heading>`;
+    case "kyroDivider":
+      return '<hr class="kyro-divider" />';
+    case "kyroCallout":
+      return `<kyro-callout>${renderInlineContent(node.content)}</kyro-callout>`;
+    case "kyroStack":
+      return `<kyro-stack>${renderNodes(node.content ?? [])}</kyro-stack>`;
+    case "kyroImage":
+      return renderCustomMediaNode("kyro-image", node);
+    case "kyroVideo":
+      return renderCustomMediaNode("kyro-video", node);
+    default:
+      return renderNodes(node.content ?? []);
+  }
+}
+function renderInlineContent(content) {
+  const nodes = content ?? [];
+  if (nodes.length === 0) {
+    return "<br />";
+  }
+  return nodes.map((node) => renderNode(node)).join("");
+}
+function renderTextNode(node) {
+  const text = typeof node.text === "string" ? escapeHtml(node.text) : "";
+  return (node.marks ?? []).reduce((acc, mark) => applyMark(acc, mark), text);
+}
+function renderImageNode(node) {
+  const src = typeof node.attrs?.src === "string" ? node.attrs.src : "";
+  if (!src) {
+    return "";
+  }
+  const alt = typeof node.attrs?.alt === "string" ? node.attrs.alt : "";
+  return `<img src="${escapeAttribute(src)}" alt="${escapeAttribute(alt)}" />`;
+}
+function renderCustomMediaNode(tagName, node) {
+  const attrs = renderAttributes(node.attrs);
+  return `<${tagName}${attrs}></${tagName}>`;
+}
+function renderAttributes(attrs, keysToSkip = []) {
+  if (!attrs) {
+    return "";
+  }
+  const entries = Object.entries(attrs).filter(([key, value]) => !keysToSkip.includes(key) && value !== void 0 && value !== null).map(([key, value]) => `${key}="${escapeAttribute(String(value))}"`);
+  return entries.length > 0 ? ` ${entries.join(" ")}` : "";
+}
+function applyMark(content, mark) {
+  switch (mark.type) {
+    case "bold":
+      return `<strong>${content}</strong>`;
+    case "italic":
+      return `<em>${content}</em>`;
+    case "underline":
+      return `<u>${content}</u>`;
+    case "strike":
+      return `<s>${content}</s>`;
+    case "code":
+      return `<code>${content}</code>`;
+    case "link": {
+      const href = typeof mark.attrs?.href === "string" ? escapeAttribute(mark.attrs.href) : "#";
+      return `<a href="${href}" target="_blank" rel="noopener noreferrer">${content}</a>`;
+    }
+    default:
+      return content;
+  }
+}
+function extractText(nodes) {
+  return nodes.map((node) => {
+    if (node.type === "text") {
+      return typeof node.text === "string" ? node.text : "";
+    }
+    if (node.type === "hardBreak") {
+      return "\n";
+    }
+    return extractText(node.content ?? []);
+  }).join("");
+}
+function clampColumns(value) {
+  const numericValue = typeof value === "number" ? value : Number(value);
+  if (!Number.isFinite(numericValue)) {
+    return 2;
+  }
+  return Math.max(MIN_COLUMNS, Math.min(MAX_COLUMNS, Math.round(numericValue)));
+}
+function clampHeadingLevel(level) {
+  const numericLevel = typeof level === "number" ? level : Number(level);
+  if (!Number.isFinite(numericLevel)) {
+    return 2;
+  }
+  return Math.max(1, Math.min(6, Math.round(numericLevel)));
+}
+function escapeHtml(value) {
+  return value.replaceAll("&", "&amp;").replaceAll("<", "&lt;").replaceAll(">", "&gt;");
+}
+function escapeAttribute(value) {
+  return escapeHtml(value).replaceAll('"', "&quot;");
+}
+function isObject(value) {
+  return typeof value === "object" && value !== null;
+}
+
+// src/hooks/types.ts
+async function runHooks(hooks, args) {
+  let result = args.data;
+  for (const hook of hooks) {
+    const hookResult = await hook({
+      ...args,
+      data: result
+    });
+    if (hookResult !== void 0) {
+      result = hookResult;
+    }
+  }
+  return result;
+}
+async function runFieldHooks(hooks, args) {
+  return runHooks(hooks, args);
+}
+
+// src/database/local/adapter.ts
+var LocalAdapter = class extends AbstractBaseAdapter {
+  db;
+  path;
+  migrations = /* @__PURE__ */ new Map();
+  constructor(options) {
+    super();
+    this.path = options.path;
+    if (options.db) {
+      this.db = options.db;
+    } else {
+      this.db = null;
+    }
+  }
+  async connect() {
+    if (!this.db) {
+      const Database = (await import('better-sqlite3')).default;
+      this.db = new Database(this.path || ":memory:");
     }
     this.db.pragma("journal_mode = WAL");
     this.db.pragma("foreign_keys = ON");
@@ -1649,9 +3084,19 @@ var SEOPLugin = class extends KyroPlugin {
       slug: "seo-settings",
       label: "SEO Settings",
       fields: [
-        { name: "sitemap", type: "checkbox", label: "Enable Sitemap", defaultValue: true },
-        { name: "robotsTxt", type: "textarea", label: "robots.txt Content" },
-        { name: "canonicalUrl", type: "text", variant: "url", label: "Canonical URL" },
+        {
+          name: "sitemap",
+          type: "checkbox",
+          label: "Enable Sitemap",
+          defaultValue: true
+        },
+        { name: "robotsTxt", type: "richtext", label: "robots.txt Content" },
+        {
+          name: "canonicalUrl",
+          type: "text",
+          variant: "url",
+          label: "Canonical URL"
+        },
         { name: "ogImage", type: "text", label: "Default OG Image URL" }
       ]
     });
@@ -1683,7 +3128,7 @@ var CommentsPlugin = class extends KyroPlugin {
       slug: "comments",
       label: "Comments",
       fields: [
-        { name: "content", type: "textarea", required: true },
+        { name: "content", type: "richtext", required: true },
         { name: "author", type: "text", required: true },
         { name: "email", type: "email" },
         { name: "approved", type: "checkbox", defaultValue: false },
@@ -1705,12 +3150,22 @@ var ReviewsPlugin = class extends KyroPlugin {
       fields: [
         { name: "rating", type: "number", required: true, min: 1, max: 5 },
         { name: "title", type: "text" },
-        { name: "content", type: "textarea", required: true },
+        { name: "content", type: "richtext", required: true },
         { name: "author", type: "relationship", relationTo: "customers" },
-        { name: "product", type: "relationship", relationTo: "products", required: true },
+        {
+          name: "product",
+          type: "relationship",
+          relationTo: "products",
+          required: true
+        },
         { name: "approved", type: "checkbox", defaultValue: false },
         { name: "verified", type: "checkbox", label: "Verified Purchase" },
-        { name: "helpful", type: "number", label: "Helpful Count", defaultValue: 0 }
+        {
+          name: "helpful",
+          type: "number",
+          label: "Helpful Count",
+          defaultValue: 0
+        }
       ]
     });
     this.adminComponents["ReviewModeration"] = {};
@@ -1724,24 +3179,47 @@ var WishlistPlugin = class extends KyroPlugin {
       slug: "wishlists",
       label: "Wishlists",
       fields: [
-        { name: "customer", type: "relationship", relationTo: "customers", required: true },
-        { name: "name", type: "text", label: "Wishlist Name", defaultValue: "My Wishlist" },
-        { name: "items", type: "blocks", label: "Items", blocks: [
-          {
-            slug: "wishlist-item",
-            label: "Item",
-            fields: [
-              { name: "product", type: "relationship", relationTo: "products" },
-              { name: "quantity", type: "number", defaultValue: 1 },
-              { name: "addedAt", type: "date" },
-              { name: "priority", type: "select", options: [
-                { label: "Low", value: "low" },
-                { label: "Medium", value: "medium" },
-                { label: "High", value: "high" }
-              ] }
-            ]
-          }
-        ] }
+        {
+          name: "customer",
+          type: "relationship",
+          relationTo: "customers",
+          required: true
+        },
+        {
+          name: "name",
+          type: "text",
+          label: "Wishlist Name",
+          defaultValue: "My Wishlist"
+        },
+        {
+          name: "items",
+          type: "blocks",
+          label: "Items",
+          blocks: [
+            {
+              slug: "wishlist-item",
+              label: "Item",
+              fields: [
+                {
+                  name: "product",
+                  type: "relationship",
+                  relationTo: "products"
+                },
+                { name: "quantity", type: "number", defaultValue: 1 },
+                { name: "addedAt", type: "date" },
+                {
+                  name: "priority",
+                  type: "select",
+                  options: [
+                    { label: "Low", value: "low" },
+                    { label: "Medium", value: "medium" },
+                    { label: "High", value: "high" }
+                  ]
+                }
+              ]
+            }
+          ]
+        }
       ]
     });
   }
@@ -2502,10 +3980,9 @@ var InMemoryAuthAdapter = class {
   users = /* @__PURE__ */ new Map();
   sessions = /* @__PURE__ */ new Map();
   refreshTokens = /* @__PURE__ */ new Map();
-  // refreshToken -> sessionId
   emailToUserId = /* @__PURE__ */ new Map();
   passwordHistory = /* @__PURE__ */ new Map();
-  // userId -> passwordHash[]
+  auditLogs = [];
   externalDb = false;
   constructor() {
   }
@@ -2521,10 +3998,11 @@ var InMemoryAuthAdapter = class {
   async createUser(data) {
     const userId = randomBytes(16).toString("hex");
     const now = (/* @__PURE__ */ new Date()).toISOString();
+    const passwordHash = await this.hashPassword(data.password);
     const user = {
       id: userId,
       email: data.email.toLowerCase(),
-      passwordHash: data.passwordHash,
+      passwordHash,
       role: data.role || "customer",
       tenantId: data.tenantId,
       createdAt: now,
@@ -2582,9 +4060,12 @@ var InMemoryAuthAdapter = class {
     const bcrypt2 = (await import('bcryptjs')).default;
     return bcrypt2.hash(password, 12);
   }
-  async verifyPassword(password, hash) {
+  async verifyPassword(email, password) {
+    const user = await this.findUserByEmail(email);
+    if (!user || !user.passwordHash) return null;
     const bcrypt2 = (await import('bcryptjs')).default;
-    return bcrypt2.compare(password, hash);
+    const valid = await bcrypt2.compare(password, user.passwordHash);
+    return valid ? user : null;
   }
   async createSession(userId, data = {}) {
     const sessionId = randomBytes(32).toString("hex");
@@ -2655,145 +4136,31 @@ var InMemoryAuthAdapter = class {
   async hasAnyUsers() {
     return this.users.size > 0;
   }
-};
-
-// src/auth/security/in-memory-rate-limit.ts
-var InMemoryRateLimiter = class {
-  storage = /* @__PURE__ */ new Map();
-  userStorage = /* @__PURE__ */ new Map();
-  limits;
-  userLimits;
-  constructor(limits, userLimits) {
-    this.limits = { ...DEFAULT_RATE_LIMITS2, ...limits };
-    this.userLimits = userLimits || {
-      "user:api": { window: 6e4, max: 500 },
-      "user:write": { window: 36e5, max: 100 }
-    };
-  }
-  getKey(type, identifier) {
-    return `${type}:${identifier}`;
-  }
-  getUserKey(type, userId, identifier) {
-    return `user:${type}:${userId}:${identifier}`;
-  }
-  cleanupOldEntries(entries, window) {
-    const now = Date.now();
-    const windowStart = now - window;
-    while (entries.length > 0 && entries[0].timestamp < windowStart) {
-      entries.shift();
-    }
-  }
-  async check(type, identifier) {
-    const config = this.limits[type] || this.limits["api:general"];
-    const key = this.getKey(type, identifier);
-    let entries = this.storage.get(key);
-    if (!entries) {
-      entries = [];
-      this.storage.set(key, entries);
-    }
-    this.cleanupOldEntries(entries, config.window);
-    const now = Date.now();
-    const count = entries.reduce((sum, entry) => sum + entry.count, 0);
-    entries.push({ timestamp: now, count: 1 });
-    if (count >= config.max) {
-      const oldestEntry = entries.reduce(
-        (oldest, current) => oldest.timestamp < current.timestamp ? oldest : current,
-        entries[0]
-      );
-      const resetAt = oldestEntry.timestamp + config.window;
-      return {
-        allowed: false,
-        remaining: 0,
-        resetAt,
-        retryAfter: Math.ceil((resetAt - now) / 1e3)
-      };
-    }
-    return {
-      allowed: true,
-      remaining: config.max - count - 1,
-      resetAt: now + config.window
-    };
-  }
-  async checkUser(type, userId, identifier) {
-    const config = this.userLimits[type] || this.userLimits["user:api"];
-    const userMap = this.userStorage.get(userId);
-    let entries = [];
-    if (userMap) {
-      entries = userMap.get(this.getKey(type, identifier)) || [];
-    } else {
-      if (!this.userStorage.has(userId)) {
-        this.userStorage.set(userId, /* @__PURE__ */ new Map());
+  async findAuditLogs(filter) {
+    const { limit = 50, offset = 0 } = filter;
+    let logs = this.auditLogs.slice().reverse();
+    if (filter.userId) logs = logs.filter((l) => l.userId === filter.userId);
+    if (filter.action) {
+      if (Array.isArray(filter.action)) {
+        logs = logs.filter((l) => filter.action.includes(String(l.action)));
+      } else {
+        logs = logs.filter((l) => l.action === filter.action);
       }
-      this.userStorage.get(userId).set(this.getKey(type, identifier), entries);
-    }
-    this.cleanupOldEntries(entries, config.window);
-    const now = Date.now();
-    const count = entries.reduce((sum, entry) => sum + entry.count, 0);
-    entries.push({ timestamp: now, count: 1 });
-    if (count >= config.max) {
-      const oldestEntry = entries.reduce(
-        (oldest, current) => oldest.timestamp < current.timestamp ? oldest : current,
-        entries[0]
-      );
-      const resetAt = oldestEntry.timestamp + config.window;
-      return {
-        allowed: false,
-        remaining: 0,
-        resetAt,
-        retryAfter: Math.ceil((resetAt - now) / 1e3)
-      };
-    }
-    return {
-      allowed: true,
-      remaining: config.max - count - 1,
-      resetAt: now + config.window
-    };
-  }
-  async reset(type, identifier) {
-    const key = this.getKey(type, identifier);
-    this.storage.delete(key);
-  }
-  async resetUser(type, userId, identifier) {
-    const userMap = this.userStorage.get(userId);
-    if (userMap) {
-      const key = this.getKey(type, identifier);
-      userMap.delete(key);
-    }
-  }
-  async getStatus(type, identifier) {
-    const config = this.limits[type] || this.limits["api:general"];
-    const key = this.getKey(type, identifier);
-    let entries = this.storage.get(key);
-    if (!entries) {
-      entries = [];
-      this.storage.set(key, entries);
     }
-    this.cleanupOldEntries(entries, config.window);
-    const now = Date.now();
-    const count = entries.reduce((sum, entry) => sum + entry.count, 0);
-    return {
-      count,
-      limit: config.max,
-      remaining: Math.max(0, config.max - count),
-      resetAt: now + config.window
-    };
-  }
-  setLimit(type, config) {
-    this.limits[type] = config;
+    if (filter.resource)
+      logs = logs.filter((l) => l.resource === filter.resource);
+    if (filter.success !== void 0)
+      logs = logs.filter((l) => l.success === filter.success);
+    return { logs: logs.slice(offset, offset + limit), total: logs.length };
   }
-  setUserLimit(type, config) {
-    this.userLimits[type] = config;
+  async createAuditLog(data) {
+    const id = randomBytes(16).toString("hex");
+    const timestamp = /* @__PURE__ */ new Date();
+    const log = { ...data, id, timestamp };
+    this.auditLogs.push(log);
+    return log;
   }
 };
-var DEFAULT_RATE_LIMITS2 = {
-  "auth:login": { window: 9e5, max: 5 },
-  "auth:register": { window: 36e5, max: 3 },
-  "auth:forgot": { window: 36e5, max: 3 },
-  "auth:reset": { window: 36e5, max: 5 },
-  "auth:verify": { window: 36e5, max: 5 },
-  "api:general": { window: 6e4, max: 100 },
-  "api:authenticated": { window: 6e4, max: 200 }
-};
 
 // src/auth/security/in-memory-lockout.ts
 var InMemoryAccountLockout = class {
@@ -3064,32 +4431,6 @@ function createAuditContext2(req) {
     userAgent: req.headers.get("user-agent") || "unknown"
   };
 }
-function defaultExtractToken(req) {
-  const authHeader = req.headers.get("Authorization");
-  if (authHeader?.startsWith("Bearer ")) {
-    return authHeader.slice(7);
-  }
-  const cookieHeader = req.headers.get("Cookie");
-  if (cookieHeader) {
-    const cookies = Object.fromEntries(
-      cookieHeader.split("; ").map((c) => {
-        const [key, ...val] = c.split("=");
-        return [key.trim(), val.join("=")];
-      })
-    );
-    return cookies["auth_token"] || null;
-  }
-  return null;
-}
-function generateToken(payload, secret, options = {}) {
-  return jwt2.sign(payload, secret, {
-    expiresIn: options.expiresIn || "24h",
-    issuer: options.issuer,
-    audience: options.audience
-  });
-}
-
-// src/api/rest/auth-routes.ts
 var AuthRoutes = class {
   authAdapter;
   email;
@@ -3141,10 +4482,9 @@ var AuthRoutes = class {
       if (existingUser) {
         return this.errorResponse("Email already registered", 400);
       }
-      const passwordHash = await this.authAdapter.hashPassword(body.password);
       const user = await this.authAdapter.createUser({
         email: body.email,
-        passwordHash,
+        password: body.password,
         role: body.role || "customer",
         tenantId: body.tenantId
       });
@@ -3279,7 +4619,7 @@ var AuthRoutes = class {
     }
     const { ipAddress, userAgent } = createAuditContext2(req);
     try {
-      const payload = jwt2.decode(token);
+      const payload = jwt.decode(token);
       if (payload && payload.sub) {
         await this.authAdapter.deleteUserSessions(payload.sub);
         if (this.auditLogger) {
@@ -3320,7 +4660,7 @@ var AuthRoutes = class {
       return this.errorResponse("Not authenticated", 401);
     }
     try {
-      const payload = jwt2.verify(token, this.jwtSecret, {
+      const payload = jwt.verify(token, this.jwtSecret, {
         issuer: this.jwtIssuer,
         audience: this.jwtAudience
       });
@@ -3343,7 +4683,7 @@ var AuthRoutes = class {
     }
     const { ipAddress, userAgent } = createAuditContext2(req);
     try {
-      const payload = jwt2.verify(token, this.jwtSecret);
+      const payload = jwt.verify(token, this.jwtSecret);
       const body = await req.json();
       const { currentPassword, newPassword, confirmPassword } = body;
       if (!currentPassword || !newPassword) {
@@ -3550,8 +4890,8 @@ function detectDatabaseType() {
   }
   try {
     const { readFileSync } = __require("fs");
-    const { join } = __require("path");
-    const configPath = join(process.cwd(), "kyro.config.ts");
+    const { join: join2 } = __require("path");
+    const configPath = join2(process.cwd(), "kyro.config.ts");
     const configContent = readFileSync(configPath, "utf8");
     if (configContent.includes("createLocalAdapter")) {
       return "sqlite";
@@ -3593,7 +4933,7 @@ async function createAuthConfig(databaseType) {
   const distributed = getEnvBool("KYRO_DISTRIBUTED", false);
   let authAdapter;
   if (distributed) {
-    const { RedisAuthAdapter: RedisAuthAdapter2 } = await import('./redis-adapter-4YDY4LWE.js');
+    const { RedisAuthAdapter: RedisAuthAdapter2 } = await import('./redis-adapter-RA24FNCX.js');
     const redisUrl = getEnv("REDIS_URL", "redis://localhost:6379");
     const redisTls = getEnvBool("REDIS_TLS", false);
     const redisAdapter = new RedisAuthAdapter2({ url: redisUrl, tls: redisTls });
@@ -3606,8 +4946,7 @@ async function createAuthConfig(databaseType) {
       await authAdapter.connect();
     }
   }
-  const emailConfig = getEmailConfig();
-  const email = emailConfig ? new EmailTransport(emailConfig) : void 0;
+  const email = EmailTransport.fromEnv() || void 0;
   const passwordPolicy = new PasswordPolicy({
     minLength: getEnvNum("PASSWORD_MIN_LENGTH", 12),
     requireUppercase: getEnvBool("PASSWORD_REQUIRE_UPPERCASE", true),
@@ -3684,21 +5023,6 @@ async function createAuthConfig(databaseType) {
     routes
   };
 }
-function getEmailConfig() {
-  const host = getEnv("SMTP_HOST");
-  if (!host) return void 0;
-  return {
-    host,
-    port: getEnvNum("SMTP_PORT", 587),
-    secure: getEnvBool("SMTP_SECURE", false),
-    auth: {
-      user: getEnv("SMTP_USER"),
-      pass: getEnv("SMTP_PASS")
-    },
-    from: getEnv("SMTP_FROM", "noreply@example.com"),
-    fromName: getEnv("SMTP_FROM_NAME", "Kyro CMS")
-  };
-}
 var authConfig = createAuthConfig();
 
 // src/auth/index.ts
@@ -3725,10 +5049,9 @@ var Auth = class {
       if (existing) {
         return { success: false, error: "Email already registered" };
       }
-      const passwordHash = await this.hashPassword(data.password);
       const user = await this.adapter.createUser({
         email: data.email,
-        passwordHash,
+        password: data.password,
         role: data.role ?? "customer",
         tenantId: data.tenantId
       });
@@ -3739,15 +5062,11 @@ var Auth = class {
   }
   async login(credentials) {
     try {
-      const user = await this.adapter.findUserByEmail(credentials.email);
-      if (!user || !user.passwordHash) {
-        return { success: false, error: "Invalid credentials" };
-      }
-      const valid = await this.adapter.verifyPassword(
-        credentials.password,
-        user.passwordHash
+      const user = await this.adapter.verifyPassword(
+        credentials.email,
+        credentials.password
       );
-      if (!valid) {
+      if (!user) {
         return { success: false, error: "Invalid credentials" };
       }
       return this.createSessionForUser(user);
@@ -3776,7 +5095,7 @@ var Auth = class {
   }
   async verifyToken(token) {
     try {
-      const decoded = jwt2.verify(token, this.config.secret, {
+      const decoded = jwt.verify(token, this.config.secret, {
         issuer: this.config.issuer,
         audience: this.config.audience.length > 0 ? this.config.audience[0] : void 0
       });
@@ -3793,18 +5112,17 @@ var Auth = class {
   async changePassword(userId, currentPassword, newPassword) {
     try {
       const user = await this.adapter.findUserById(userId);
-      if (!user || !user.passwordHash) {
+      if (!user) {
         return { success: false, error: "User not found" };
       }
       const valid = await this.adapter.verifyPassword(
-        currentPassword,
-        user.passwordHash
+        user.email,
+        currentPassword
       );
       if (!valid) {
         return { success: false, error: "Current password is incorrect" };
       }
-      const newHash = await this.hashPassword(newPassword);
-      await this.adapter.updateUser(userId, { passwordHash: newHash });
+      await this.adapter.updateUser(userId, { password: newPassword });
       await this.adapter.deleteUserSessions(userId);
       return { success: true, user };
     } catch (error) {
@@ -3817,8 +5135,7 @@ var Auth = class {
       if (!user) {
         return { success: false, error: "User not found" };
       }
-      const passwordHash = await this.hashPassword(newPassword);
-      await this.adapter.updateUser(user.id, { passwordHash });
+      await this.adapter.updateUser(user.id, { password: newPassword });
       await this.adapter.deleteUserSessions(user.id);
       return { success: true, user };
     } catch (error) {
@@ -3862,7 +5179,7 @@ var Auth = class {
     if (this.config.audience.length > 0) {
       signOptions.audience = this.config.audience[0];
     }
-    return jwt2.sign(payload, this.config.secret, signOptions);
+    return jwt.sign(payload, this.config.secret, signOptions);
   }
   async hashPassword(password) {
     return bcrypt.hash(password, this.config.saltRounds);
@@ -4036,6 +5353,1590 @@ function isDraft(status) {
 function isArchived(status) {
   return status === "archived";
 }
+function createLocalStorage(config) {
+  const { uploadDir, baseUrl = "/uploads" } = config;
+  async function ensureDir(dir) {
+    if (!existsSync(dir)) {
+      await mkdir(dir, { recursive: true });
+    }
+  }
+  function getMimeType(filename) {
+    const ext = extname(filename).toLowerCase();
+    const mimeTypes = {
+      ".jpg": "image/jpeg",
+      ".jpeg": "image/jpeg",
+      ".png": "image/png",
+      ".gif": "image/gif",
+      ".webp": "image/webp",
+      ".svg": "image/svg+xml",
+      ".mp4": "video/mp4",
+      ".webm": "video/webm",
+      ".pdf": "application/pdf",
+      ".doc": "application/msword",
+      ".docx": "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
+      ".xls": "application/vnd.ms-excel",
+      ".xlsx": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
+      ".zip": "application/zip"
+    };
+    return mimeTypes[ext] || "application/octet-stream";
+  }
+  async function getImageDimensions(buffer) {
+    try {
+      const header = buffer.toString("hex", 0, 8);
+      if (header.startsWith("89504e47")) {
+        const width = buffer.readUInt32BE(16);
+        const height = buffer.readUInt32BE(20);
+        return { width, height };
+      }
+      if (header.startsWith("ffd8")) {
+        let offset = 2;
+        while (offset < buffer.length) {
+          if (buffer[offset] !== 255) break;
+          const marker = buffer[offset + 1];
+          if (marker === 192 || marker === 194) {
+            const height = buffer.readUInt16BE(offset + 5);
+            const width = buffer.readUInt16BE(offset + 7);
+            return { width, height };
+          }
+          offset += 2 + buffer.readUInt16BE(offset + 2);
+        }
+      }
+    } catch {
+    }
+    return {};
+  }
+  return {
+    name: "local",
+    displayName: "Local Storage",
+    supportsDynamicResize: true,
+    async upload(file, options) {
+      await ensureDir(uploadDir);
+      const buffer = Buffer.from(await file.arrayBuffer());
+      const hash = createHash("md5").update(buffer).digest("hex");
+      const ext = extname(file.name);
+      const filename = options?.filename || `${hash}${ext}`;
+      const folder = options?.folder || "";
+      const targetDir = folder ? join(uploadDir, folder) : uploadDir;
+      await ensureDir(targetDir);
+      const filepath = join(targetDir, filename);
+      await writeFile(filepath, buffer);
+      const dimensions = file.type.startsWith("image/") ? await getImageDimensions(buffer) : {};
+      const normalizedBaseUrl = baseUrl || "/uploads";
+      const urlPath = folder ? `/${folder}/${filename}` : `/${filename}`;
+      const url = normalizedBaseUrl + urlPath;
+      return {
+        id: hash,
+        filename,
+        originalName: file.name,
+        mimeType: file.type || getMimeType(file.name),
+        size: buffer.length,
+        url,
+        thumbnailUrl: file.type.startsWith("image/") ? url : void 0,
+        folder: folder || void 0,
+        provider: "local",
+        metadata: {
+          ...dimensions,
+          ...options?.metadata
+        },
+        createdAt: (/* @__PURE__ */ new Date()).toISOString()
+      };
+    },
+    async uploadFromUrl(url, options) {
+      const response = await fetch(url);
+      if (!response.ok) {
+        throw new Error(`Failed to fetch file: ${response.statusText}`);
+      }
+      const blob = await response.blob();
+      const contentDisposition = response.headers.get("content-disposition");
+      let filename = options?.filename;
+      if (!filename && contentDisposition) {
+        const match = contentDisposition.match(
+          /filename[^;=\n]*=((['"]).*?\2|[^;\n]*)/
+        );
+        if (match) {
+          filename = match[1].replace(/['"]/g, "");
+        }
+      }
+      if (!filename) {
+        filename = basename(new URL(url).pathname);
+      }
+      const file = new File([blob], filename, {
+        type: blob.type || getMimeType(filename)
+      });
+      return this.upload(file, options);
+    },
+    async delete(url) {
+      const filepath = join(uploadDir, url.replace(baseUrl + "/", ""));
+      try {
+        await unlink(filepath);
+      } catch {
+      }
+    },
+    async rename(oldUrl, newFilename) {
+      const oldPath = join(uploadDir, oldUrl.replace(baseUrl + "/", ""));
+      const newPath = join(uploadDir, newFilename);
+      await rename(oldPath, newPath);
+      return `${baseUrl}/${newFilename}`;
+    },
+    getImageUrl(url, transforms) {
+      if (!transforms || Object.keys(transforms).length === 0) return url;
+      const params = new URLSearchParams({ url });
+      if (transforms.width) params.set("w", String(transforms.width));
+      if (transforms.height) params.set("h", String(transforms.height));
+      if (transforms.quality) params.set("q", String(transforms.quality));
+      if (transforms.format) params.set("f", transforms.format);
+      return `/api/media/resize?${params.toString()}`;
+    },
+    async generateThumbnail(file) {
+      if (!file.mimeType.startsWith("image/")) return "";
+      return this.getImageUrl(file.url, { width: 400, height: 400 });
+    },
+    async list(prefix) {
+      const dir = prefix ? join(uploadDir, prefix) : uploadDir;
+      if (!existsSync(dir)) return [];
+      const files = [];
+      const entries = await readdir(dir, { withFileTypes: true });
+      for (const entry of entries) {
+        if (entry.isFile()) {
+          const filepath = join(dir, entry.name);
+          const stats = await stat(filepath);
+          const url = `${baseUrl}${prefix ? `/${prefix}` : ""}/${entry.name}`;
+          files.push({
+            id: createHash("md5").update(entry.name).digest("hex"),
+            filename: entry.name,
+            originalName: entry.name,
+            mimeType: getMimeType(entry.name),
+            size: stats.size,
+            url,
+            provider: "local",
+            createdAt: stats.birthtime.toISOString()
+          });
+        }
+      }
+      return files;
+    },
+    async exists(url) {
+      const filepath = join(uploadDir, url.replace(baseUrl + "/", ""));
+      return existsSync(filepath);
+    }
+  };
+}
+function extractPublicDevUrlId(url) {
+  if (!url) return "";
+  if (url.startsWith("pub-")) return url;
+  const match = url.match(/pub-[a-zA-Z0-9]+/i);
+  return match ? match[0] : "";
+}
+function getPublicUrl(key, config) {
+  const normalizedKey = key.startsWith("/") ? key.slice(1) : key;
+  if (config.cdnUrl) {
+    const cdn = config.cdnUrl.replace(/\/$/, "");
+    return `${cdn}/${normalizedKey}`;
+  }
+  switch (config.provider) {
+    case "r2": {
+      const pubId = extractPublicDevUrlId(config.publicDevUrl);
+      if (pubId) {
+        return `https://${pubId}.r2.dev/${normalizedKey}`;
+      }
+      return `https://${config.bucket}.${config.accountId}.r2.cloudflarestorage.com/${normalizedKey}`;
+    }
+    case "gcs":
+      return `https://storage.googleapis.com/${config.bucket}/${normalizedKey}`;
+    case "digitalocean":
+      return `https://${config.bucket}.${config.region}.cdn.digitaloceanspaces.com/${normalizedKey}`;
+    case "backblaze":
+      return `https://${config.bucket}.s3.backblazeb2.com/${normalizedKey}`;
+    case "wasabi":
+      return `https://${config.bucket}.s3.wasabisys.com/${normalizedKey}`;
+    case "aws":
+    default:
+      return `https://${config.bucket}.s3.${config.region}.amazonaws.com/${normalizedKey}`;
+  }
+}
+function getUrlPrefix(config) {
+  if (config.cdnUrl) {
+    return config.cdnUrl.replace(/\/$/, "") + "/";
+  }
+  switch (config.provider) {
+    case "r2": {
+      const pubId = extractPublicDevUrlId(config.publicDevUrl);
+      if (pubId) {
+        return `https://${pubId}.r2.dev/`;
+      }
+      return `https://${config.bucket}.${config.accountId}.r2.cloudflarestorage.com/`;
+    }
+    case "gcs":
+      return `https://storage.googleapis.com/${config.bucket}/`;
+    case "digitalocean":
+      return `https://${config.bucket}.${config.region}.cdn.digitaloceanspaces.com/`;
+    case "backblaze":
+      return `https://${config.bucket}.s3.backblazeb2.com/`;
+    case "wasabi":
+      return `https://${config.bucket}.s3.wasabisys.com/`;
+    case "aws":
+    default:
+      return `https://${config.bucket}.s3.${config.region}.amazonaws.com/`;
+  }
+}
+function getDisplayName(provider) {
+  switch (provider) {
+    case "r2":
+      return "Cloudflare R2";
+    case "gcs":
+      return "Google Cloud Storage";
+    case "digitalocean":
+      return "DigitalOcean Spaces";
+    case "backblaze":
+      return "Backblaze B2";
+    case "wasabi":
+      return "Wasabi";
+    case "aws":
+    default:
+      return "AWS S3";
+  }
+}
+function createS3Storage(config) {
+  console.log("[createS3Storage] Creating provider:", config.provider);
+  console.log("[createS3Storage] Credentials:", {
+    accessKeyId: config.accessKeyId ? "SET" : "UNDEFINED",
+    secretAccessKey: config.secretAccessKey ? "SET" : "UNDEFINED",
+    bucket: config.bucket,
+    accountId: config.accountId,
+    endpoint: config.endpoint
+  });
+  const client = new S3Client({
+    region: config.region || "auto",
+    endpoint: config.endpoint,
+    credentials: {
+      accessKeyId: config.accessKeyId,
+      secretAccessKey: config.secretAccessKey
+    },
+    forcePathStyle: true,
+    tls: true,
+    // R2 requires specific SSL configuration
+    ...config.provider === "r2" && {
+      requestHandler: new (init_dist_es4(), __toCommonJS(dist_es_exports)).NodeHttpHandler({
+        connectionTimeout: 1e4,
+        socketTimeout: 1e4
+      })
+    }
+  });
+  const getKey = (path2) => {
+    const prefix = config.prefix ? `${config.prefix}/` : "";
+    return `${prefix}${path2}`.replace(/\/+/g, "/");
+  };
+  const getUrl = (key) => getPublicUrl(key, config);
+  return {
+    name: config.provider,
+    displayName: getDisplayName(config.provider),
+    supportsDynamicResize: true,
+    async upload(file, options) {
+      const key = getKey(
+        `${options?.folder ? `${options.folder}/` : ""}${options?.filename || file.name}`
+      );
+      const buffer = Buffer.from(await file.arrayBuffer());
+      await client.send(
+        new PutObjectCommand({
+          Bucket: config.bucket,
+          Key: key,
+          Body: buffer,
+          ContentType: file.type,
+          Metadata: options?.metadata
+        })
+      );
+      const head = await client.send(
+        new HeadObjectCommand({
+          Bucket: config.bucket,
+          Key: key
+        })
+      );
+      return {
+        id: Buffer.from(key).toString("base64url"),
+        filename: options?.filename || file.name,
+        originalName: file.name,
+        mimeType: file.type,
+        size: buffer.length,
+        url: getUrl(key),
+        thumbnailUrl: file.type.startsWith("image/") ? getUrl(key) : void 0,
+        folder: options?.folder,
+        provider: config.provider,
+        metadata: {
+          ...options?.metadata,
+          etag: head.ETag
+        },
+        createdAt: (/* @__PURE__ */ new Date()).toISOString()
+      };
+    },
+    async uploadFromUrl(url) {
+      const response = await fetch(url);
+      if (!response.ok) {
+        throw new Error(`Failed to fetch: ${response.statusText}`);
+      }
+      const blob = await response.blob();
+      const filename = url.split("/").pop() || "file";
+      const file = new File([blob], filename, { type: blob.type });
+      return this.upload(file);
+    },
+    async delete(url) {
+      const key = url.replace(getUrlPrefix(config), "");
+      await client.send(
+        new DeleteObjectCommand({
+          Bucket: config.bucket,
+          Key: key
+        })
+      );
+    },
+    async rename(oldUrl, newKey) {
+      const oldKey = oldUrl.replace(getUrlPrefix(config), "");
+      const newKeyWithPrefix = config.prefix ? `${config.prefix}/${newKey}` : newKey;
+      await client.send(
+        new CopyObjectCommand({
+          Bucket: config.bucket,
+          CopySource: `${config.bucket}/${oldKey}`,
+          Key: newKeyWithPrefix
+        })
+      );
+      await client.send(
+        new DeleteObjectCommand({
+          Bucket: config.bucket,
+          Key: oldKey
+        })
+      );
+      return getUrl(newKeyWithPrefix);
+    },
+    getImageUrl(url, transforms) {
+      if (!transforms || Object.keys(transforms).length === 0) return url;
+      const params = new URLSearchParams({ url });
+      if (transforms.width) params.set("w", String(transforms.width));
+      if (transforms.height) params.set("h", String(transforms.height));
+      if (transforms.quality) params.set("q", String(transforms.quality));
+      if (transforms.format) params.set("f", transforms.format);
+      return `/api/media/resize?${params.toString()}`;
+    },
+    async generateThumbnail(file) {
+      return this.getImageUrl(file.url, { width: 400, height: 400 });
+    },
+    async list(prefix) {
+      const key = getKey(prefix || "");
+      const response = await client.send(
+        new ListObjectsV2Command({
+          Bucket: config.bucket,
+          Prefix: key
+        })
+      );
+      return (response.Contents || []).map((item) => ({
+        id: Buffer.from(item.Key || "").toString("base64url"),
+        filename: item.Key?.split("/").pop() || "",
+        originalName: item.Key?.split("/").pop() || "",
+        mimeType: "application/octet-stream",
+        size: item.Size || 0,
+        url: getUrl(item.Key || ""),
+        provider: config.provider,
+        createdAt: item.LastModified?.toISOString() || (/* @__PURE__ */ new Date()).toISOString()
+      }));
+    },
+    async exists(url) {
+      try {
+        const key = url.replace(getUrlPrefix(config), "");
+        await client.send(
+          new HeadObjectCommand({
+            Bucket: config.bucket,
+            Key: key
+          })
+        );
+        return true;
+      } catch {
+        return false;
+      }
+    }
+  };
+}
+
+// src/storage/cloudinary.ts
+function createCloudinaryStorage(config) {
+  const getBaseUrl = () => `https://api.cloudinary.com/v1_1/${config.cloudName}/upload`;
+  const generateSignature = async (params) => {
+    const crypto = await import('crypto');
+    const sortedParams = Object.keys(params).sort().map((key) => `${key}=${params[key]}`).join("&");
+    return crypto.createHash("sha256").update(sortedParams + config.apiSecret).digest("hex");
+  };
+  return {
+    name: "cloudinary",
+    displayName: "Cloudinary",
+    supportsDynamicResize: true,
+    async upload(file, options) {
+      const formData = new FormData();
+      formData.append("file", file);
+      if (config.uploadPreset) {
+        formData.append("upload_preset", config.uploadPreset);
+      } else {
+        const timestamp = Math.round(Date.now() / 1e3);
+        const signatureParams = {
+          timestamp: String(timestamp)
+        };
+        if (options?.folder || config.folder) {
+          signatureParams.folder = options?.folder || config.folder || "";
+        }
+        const signature = await generateSignature(signatureParams);
+        formData.append("timestamp", String(timestamp));
+        formData.append("signature", signature);
+        formData.append("api_key", config.apiKey);
+      }
+      if (options?.folder || config.folder) {
+        formData.append("folder", options?.folder || config.folder || "");
+      }
+      const response = await fetch(getBaseUrl(), {
+        method: "POST",
+        body: formData
+      });
+      if (!response.ok) {
+        const error = await response.json();
+        throw new Error(
+          `Cloudinary upload failed: ${error.error?.message || response.statusText}`
+        );
+      }
+      const data = await response.json();
+      return {
+        id: data.public_id,
+        filename: `${data.public_id}.${data.format}`,
+        originalName: data.original_filename || file.name,
+        mimeType: file.type || `image/${data.format}`,
+        size: data.bytes,
+        url: data.secure_url,
+        thumbnailUrl: this.getImageUrl(data.secure_url, {
+          width: 200,
+          height: 200,
+          fit: "crop"
+        }),
+        width: data.width,
+        height: data.height,
+        folder: options?.folder || config.folder,
+        provider: "cloudinary",
+        createdAt: (/* @__PURE__ */ new Date()).toISOString()
+      };
+    },
+    async uploadFromUrl(url, options) {
+      const formData = new FormData();
+      formData.append("file", url);
+      formData.append("upload_preset", "ml_default");
+      if (options?.folder || config.folder) {
+        formData.append("folder", options?.folder || config.folder || "");
+      }
+      const response = await fetch(getBaseUrl(), {
+        method: "POST",
+        body: formData
+      });
+      if (!response.ok) throw new Error("Cloudinary upload failed");
+      const data = await response.json();
+      return {
+        id: data.public_id,
+        filename: `${data.public_id}.${data.format}`,
+        originalName: data.original_filename || url.split("/").pop() || "file",
+        mimeType: `image/${data.format}`,
+        size: data.bytes,
+        url: data.secure_url,
+        thumbnailUrl: this.getImageUrl(data.secure_url, {
+          width: 200,
+          height: 200,
+          fit: "crop"
+        }),
+        width: data.width,
+        height: data.height,
+        provider: "cloudinary",
+        createdAt: (/* @__PURE__ */ new Date()).toISOString()
+      };
+    },
+    async delete(id) {
+      try {
+        const parts = id.split("/image/upload/");
+        if (parts.length !== 2) {
+          console.warn("[Cloudinary delete] Could not parse URL:", id);
+          return;
+        }
+        const publicId = parts[1].replace(/^v\d+\//, "").replace(/\.[^.]+$/, "");
+        const timestamp = Math.round(Date.now() / 1e3);
+        const signatureParams = {
+          timestamp: String(timestamp),
+          public_id: publicId
+        };
+        const sortedParams = Object.keys(signatureParams).sort().map((key) => `${key}=${signatureParams[key]}`).join("&");
+        const crypto = await import('crypto');
+        const signature = crypto.createHash("sha256").update(sortedParams + config.apiSecret).digest("hex");
+        const deleteUrl = `https://api.cloudinary.com/v1_1/${config.cloudName}/image/destroy`;
+        const formData = new FormData();
+        formData.append("public_id", publicId);
+        formData.append("timestamp", String(timestamp));
+        formData.append("signature", signature);
+        formData.append("api_key", config.apiKey);
+        const response = await fetch(deleteUrl, {
+          method: "POST",
+          body: formData
+        });
+        if (!response.ok) {
+          const error = await response.json();
+          console.warn("[Cloudinary delete] Failed:", error);
+        }
+      } catch (e) {
+        console.warn("[Cloudinary delete] Error:", e.message);
+      }
+    },
+    async rename(oldUrl, newKey) {
+      let version = "";
+      let newPublicId = newKey.replace(/\.[^.]+$/, "");
+      let folder = "";
+      try {
+        const parts = oldUrl.split("/image/upload/");
+        if (parts.length !== 2) {
+          console.warn("[Cloudinary rename] Could not parse old URL:", oldUrl);
+          return oldUrl;
+        }
+        const urlPath = parts[1];
+        const versionMatch = urlPath.match(/^(v\d+)\//);
+        version = versionMatch ? versionMatch[1] : "";
+        const publicIdWithoutVersion = urlPath.replace(/^v\d+\//, "").replace(/\.[^.]+$/, "");
+        const folderParts = publicIdWithoutVersion.split("/");
+        folder = folderParts.length > 1 ? folderParts.slice(0, -1).join("/") : "";
+        const newFilename = newKey.replace(/\.[^.]+$/, "");
+        newPublicId = folder ? `${folder}/${newFilename}` : newFilename;
+        console.log("[Cloudinary rename]", {
+          urlPath,
+          version,
+          publicIdWithoutVersion,
+          folder,
+          newPublicId
+        });
+        const timestamp = Math.round(Date.now() / 1e3);
+        const signatureParams = {
+          from_public_id: publicIdWithoutVersion,
+          to_public_id: newPublicId,
+          timestamp: String(timestamp)
+        };
+        const sortedParams = Object.keys(signatureParams).sort().map((key) => `${key}=${signatureParams[key]}`).join("&");
+        const crypto = await import('crypto');
+        const signature = crypto.createHash("sha256").update(sortedParams + config.apiSecret).digest("hex");
+        const formData = new FormData();
+        formData.append("from_public_id", publicIdWithoutVersion);
+        formData.append("to_public_id", newPublicId);
+        formData.append("timestamp", String(timestamp));
+        formData.append("signature", signature);
+        formData.append("api_key", config.apiKey);
+        const response = await fetch(
+          `https://api.cloudinary.com/v1_1/${config.cloudName}/image/rename`,
+          {
+            method: "POST",
+            body: formData
+          }
+        );
+        if (response.ok) {
+          const data = await response.json();
+          console.log("[Cloudinary rename] Success:", data.secure_url);
+          return data.secure_url;
+        } else {
+          const error = await response.json();
+          console.warn("[Cloudinary rename] Failed:", error);
+          const versionStr = version ? `/${version}/` : "/";
+          return `https://res.cloudinary.com/${config.cloudName}/image/upload${versionStr}${newPublicId}.${newKey.split(".").pop()}`;
+        }
+      } catch (e) {
+        console.warn("[Cloudinary rename] Error:", e.message);
+        const versionStr = version ? `/${version}/` : "/";
+        return `https://res.cloudinary.com/${config.cloudName}/image/upload${versionStr}${newPublicId}.${newKey.split(".").pop()}`;
+      }
+    },
+    getImageUrl(url, transforms) {
+      if (!transforms) return url;
+      const parts = url.split("/upload/");
+      if (parts.length !== 2) return url;
+      const transformationArr = [];
+      if (transforms.width) transformationArr.push(`w_${transforms.width}`);
+      if (transforms.height) transformationArr.push(`h_${transforms.height}`);
+      if (transforms.fit) {
+        const fitMap = {
+          crop: "c_fill",
+          clip: "c_fit",
+          scale: "c_scale",
+          fill: "c_fill"
+        };
+        transformationArr.push(fitMap[transforms.fit] || "c_limit");
+      }
+      if (transforms.quality) transformationArr.push(`q_${transforms.quality}`);
+      if (transforms.format) transformationArr.push(`f_${transforms.format}`);
+      const transformationStr = transformationArr.join(",");
+      return `${parts[0]}/upload/${transformationStr}/${parts[1]}`;
+    },
+    async generateThumbnail(file) {
+      return this.getImageUrl(file.url, {
+        width: 200,
+        height: 200,
+        fit: "crop"
+      });
+    },
+    async list() {
+      return [];
+    },
+    async exists(url) {
+      const response = await fetch(url, { method: "HEAD" });
+      return response.ok;
+    }
+  };
+}
+
+// src/storage/imgix.ts
+function createImgixStorage(config) {
+  const signUrl = (path2, params) => {
+    if (!config.signKey) return path2;
+    const signer = new TextEncoder();
+    const key = signer.encode(config.signKey);
+    const data = signer.encode(path2 + params.toString());
+    let hash = 0;
+    const combined = new Uint8Array(key.length + data.length);
+    combined.set(key);
+    combined.set(data, key.length);
+    for (let i = 0; i < combined.length; i++) {
+      hash = (hash << 5) - hash + combined[i] | 0;
+    }
+    params.set("s", Math.abs(hash).toString(16));
+    return path2;
+  };
+  return {
+    name: "imgix",
+    displayName: "Imgix",
+    supportsDynamicResize: true,
+    async upload(_file, _options) {
+      throw new Error(
+        "Imgix is a transformation service. Use another provider for uploads."
+      );
+    },
+    async uploadFromUrl(url, options) {
+      const filename = options?.filename || url.split("/").pop() || "file";
+      const response = await fetch(url);
+      if (!response.ok) {
+        throw new Error(`Failed to fetch: ${response.statusText}`);
+      }
+      const blob = await response.blob();
+      new File([blob], filename, { type: blob.type });
+      return {
+        id: Buffer.from(url).toString("base64").slice(0, 20),
+        filename,
+        originalName: filename,
+        mimeType: blob.type,
+        size: blob.size,
+        url: this.getImageUrl(url),
+        thumbnailUrl: this.getImageUrl(url, {
+          width: 200,
+          height: 200,
+          fit: "crop"
+        }),
+        provider: "imgix",
+        createdAt: (/* @__PURE__ */ new Date()).toISOString()
+      };
+    },
+    async delete(_url) {
+    },
+    async rename(_oldUrl, newKey) {
+      return `https://${config.domain}/${newKey}`;
+    },
+    getImageUrl(url, transforms) {
+      const parsed = new URL(url);
+      const params = new URLSearchParams(parsed.search);
+      if (config.defaultParameters) {
+        Object.entries(config.defaultParameters).forEach(([key, value]) => {
+          if (!params.has(key)) {
+            params.set(key, value);
+          }
+        });
+      }
+      if (transforms) {
+        if (transforms.width) params.set("w", String(transforms.width));
+        if (transforms.height) params.set("h", String(transforms.height));
+        if (transforms.quality) params.set("q", String(transforms.quality));
+        if (transforms.format) params.set("fm", transforms.format);
+        if (transforms.fit) params.set("fit", transforms.fit);
+        if (transforms.blur) params.set("blur", String(transforms.blur));
+        if (transforms.sharpen) params.set("sharp", String(transforms.sharpen));
+      }
+      params.set("auto", "compress,format");
+      parsed.pathname + "?" + params.toString();
+      if (config.signKey) {
+        signUrl(parsed.pathname + params.toString(), params);
+      }
+      return `https://${config.domain}${parsed.pathname}${params.toString() ? "?" + params.toString() : ""}`;
+    },
+    async generateThumbnail(file) {
+      return this.getImageUrl(file.url, {
+        width: 200,
+        height: 200,
+        fit: "crop"
+      });
+    },
+    async list() {
+      return [];
+    },
+    async exists(url) {
+      try {
+        const response = await fetch(url, { method: "HEAD" });
+        return response.ok;
+      } catch {
+        return false;
+      }
+    }
+  };
+}
+function createFtpStorage(config) {
+  let client = null;
+  async function getClient() {
+    if (!client) {
+      client = new Client(6e4, { allowSeparateTransferHost: true });
+      client.ftp.verbose = false;
+      await client.access({
+        host: config.host,
+        port: config.port || 21,
+        user: config.user,
+        password: config.password,
+        secure: config.secure,
+        secureOptions: {}
+      });
+    }
+    return client;
+  }
+  const getKey = (path2) => {
+    const prefix = config.prefix ? `${config.prefix}/` : "";
+    return `${prefix}${path2}`.replace(/\/+/g, "/");
+  };
+  const getUrl = (key) => {
+    const base = config.baseUrl.replace(/\/$/, "");
+    return `${base}/${key}`;
+  };
+  const getUrlPrefix2 = () => {
+    const base = config.baseUrl.replace(/\/$/, "");
+    return base + "/";
+  };
+  return {
+    name: config.type,
+    displayName: config.type === "sftp" ? "SFTP Storage" : "FTP Storage",
+    supportsDynamicResize: false,
+    async upload(file, options) {
+      const ftp = await getClient();
+      const key = getKey(
+        `${options?.folder ? `${options.folder}/` : ""}${options?.filename || file.name}`
+      );
+      const buffer = Buffer.from(await file.arrayBuffer());
+      const parts = key.split("/").slice(0, -1);
+      let currentPath = "";
+      for (const part of parts) {
+        currentPath = currentPath ? `${currentPath}/${part}` : part;
+        try {
+          await ftp.ensureDir(currentPath);
+        } catch {
+        }
+      }
+      const readable = Readable.from(buffer);
+      await ftp.uploadFrom(readable, key);
+      return {
+        id: Buffer.from(key).toString("base64url"),
+        filename: options?.filename || file.name,
+        originalName: file.name,
+        mimeType: file.type,
+        size: buffer.length,
+        url: getUrl(key),
+        thumbnailUrl: file.type.startsWith("image/") ? getUrl(key) : void 0,
+        folder: options?.folder,
+        provider: config.type,
+        metadata: options?.metadata,
+        createdAt: (/* @__PURE__ */ new Date()).toISOString()
+      };
+    },
+    async uploadFromUrl(url) {
+      const response = await fetch(url);
+      if (!response.ok) {
+        throw new Error(`Failed to fetch: ${response.statusText}`);
+      }
+      const blob = await response.blob();
+      const filename = url.split("/").pop() || "file";
+      const file = new File([blob], filename, { type: blob.type });
+      return this.upload(file);
+    },
+    async delete(url) {
+      const ftp = await getClient();
+      const key = url.replace(getUrlPrefix2(), "");
+      await ftp.remove(key);
+    },
+    async rename(oldUrl, newKey) {
+      const ftp = await getClient();
+      const oldKey = oldUrl.replace(getUrlPrefix2(), "");
+      const fullPath = config.prefix ? `${config.prefix}/${newKey}` : newKey;
+      await ftp.rename(oldKey, fullPath);
+      return getUrl(fullPath);
+    },
+    getImageUrl(url, transforms) {
+      if (!transforms || Object.keys(transforms).length === 0) return url;
+      const params = new URLSearchParams({ url });
+      if (transforms.width) params.set("w", String(transforms.width));
+      if (transforms.height) params.set("h", String(transforms.height));
+      if (transforms.quality) params.set("q", String(transforms.quality));
+      if (transforms.format) params.set("f", transforms.format);
+      return `/api/media/resize?${params.toString()}`;
+    },
+    async generateThumbnail(file) {
+      return file.url;
+    },
+    async list(prefix) {
+      const ftp = await getClient();
+      const key = getKey(prefix || "");
+      let items;
+      try {
+        items = await ftp.list(key);
+      } catch {
+        return [];
+      }
+      return items.filter((item) => item.type === 0).map((item) => ({
+        id: Buffer.from(`${key}/${item.name}`).toString("base64url"),
+        filename: item.name,
+        originalName: item.name,
+        mimeType: "application/octet-stream",
+        size: Number(item.size) || 0,
+        url: getUrl(`${key}/${item.name}`.replace(/\/+/g, "/")),
+        provider: config.type,
+        createdAt: item.modifiedAt ? item.modifiedAt.toISOString() : (/* @__PURE__ */ new Date()).toISOString()
+      }));
+    },
+    async exists(url) {
+      const ftp = await getClient();
+      const key = url.replace(getUrlPrefix2(), "");
+      try {
+        await ftp.size(key);
+        return true;
+      } catch {
+        return false;
+      }
+    }
+  };
+}
+
+// src/storage/index.ts
+async function resolveProvider(configService) {
+  const config = configService.getStorageConfig();
+  switch (config.type) {
+    case "aws":
+      return createS3Storage({
+        provider: "aws",
+        bucket: config.s3.bucket || "",
+        region: config.s3.region || "us-east-1",
+        accessKeyId: config.s3.accessKeyId || "",
+        secretAccessKey: config.s3.secretAccessKey || "",
+        endpoint: config.s3.endpoint,
+        cdnUrl: config.s3.cdnUrl,
+        prefix: config.s3.prefix
+      });
+    case "r2":
+      return createS3Storage({
+        provider: "r2",
+        bucket: config.r2.bucket || "",
+        region: "auto",
+        accessKeyId: config.r2.accessKeyId || "",
+        secretAccessKey: config.r2.secretAccessKey || "",
+        accountId: config.r2.accountId || "",
+        publicDevUrl: config.r2.publicDevUrl,
+        endpoint: `https://${config.r2.accountId || ""}.r2.cloudflarestorage.com`,
+        cdnUrl: config.r2.cdnUrl,
+        prefix: config.r2.prefix
+      });
+    case "gcs":
+      return createS3Storage({
+        provider: "gcs",
+        bucket: config.gcs.bucket || "",
+        region: config.gcs.projectId || "auto",
+        accessKeyId: config.gcs.clientEmail || "",
+        secretAccessKey: config.gcs.privateKey || "",
+        cdnUrl: config.gcs.cdnUrl,
+        prefix: config.gcs.prefix
+      });
+    case "digitalocean":
+      return createS3Storage({
+        provider: "digitalocean",
+        bucket: config.digitalocean.bucket || "",
+        region: config.digitalocean.region || "nyc3",
+        accessKeyId: config.digitalocean.accessKeyId || "",
+        secretAccessKey: config.digitalocean.secretAccessKey || "",
+        endpoint: `https://${config.digitalocean.region || "nyc3"}.digitaloceanspaces.com`,
+        cdnUrl: config.digitalocean.cdnUrl,
+        prefix: config.digitalocean.prefix
+      });
+    case "backblaze":
+      return createS3Storage({
+        provider: "backblaze",
+        bucket: config.backblaze.bucket || "",
+        region: "auto",
+        accessKeyId: config.backblaze.applicationKeyId || "",
+        secretAccessKey: config.backblaze.applicationKey || "",
+        accountId: config.backblaze.accountId || "",
+        endpoint: `https://s3.backblazeb2.com`,
+        cdnUrl: config.backblaze.cdnUrl,
+        prefix: config.backblaze.prefix
+      });
+    case "wasabi":
+      return createS3Storage({
+        provider: "wasabi",
+        bucket: config.wasabi.bucket || "",
+        region: config.wasabi.region || "us-east-1",
+        accessKeyId: config.wasabi.accessKeyId || "",
+        secretAccessKey: config.wasabi.secretAccessKey || "",
+        endpoint: `https://s3.${config.wasabi.region || "us-east-1"}.wasabisys.com`,
+        cdnUrl: config.wasabi.cdnUrl,
+        prefix: config.wasabi.prefix
+      });
+    case "ftp":
+    case "sftp":
+      return createFtpStorage({
+        host: config.ftp?.host || "",
+        port: config.ftp?.port || 21,
+        user: config.ftp?.user || "",
+        password: config.ftp?.password || "",
+        secure: config.ftp?.secure || false,
+        baseUrl: config.ftp?.baseUrl || "",
+        prefix: config.ftp?.prefix,
+        type: "ftp"
+      });
+    case "cloudinary":
+      return createCloudinaryStorage({
+        cloudName: config.cloudinary.cloudName || "",
+        apiKey: config.cloudinary.apiKey || "",
+        apiSecret: config.cloudinary.apiSecret || "",
+        folder: config.cloudinary.folder
+      });
+    case "imgix":
+      return createImgixStorage({
+        domain: config.imgix.domain || "",
+        signKey: config.imgix.signKey
+      });
+    case "local":
+    default:
+      return createLocalStorage({
+        uploadDir: config.local.uploadDir || path.join(process.cwd(), "public", "uploads"),
+        baseUrl: config.local.baseUrl || "/uploads"
+      });
+  }
+}
+async function resolveProviderWithConfig(config) {
+  if (!config) {
+    console.warn("[resolveProviderWithConfig] No config, using local");
+    return createLocalStorage({
+      uploadDir: path.join(process.cwd(), "public", "uploads"),
+      baseUrl: "/uploads"
+    });
+  }
+  console.log("[resolveProviderWithConfig] Creating provider:", config.type);
+  switch (config.type) {
+    case "aws":
+      return createS3Storage({
+        provider: "aws",
+        bucket: config.s3?.bucket || "",
+        region: config.s3?.region || "us-east-1",
+        accessKeyId: config.s3?.accessKeyId || "",
+        secretAccessKey: config.s3?.secretAccessKey || "",
+        endpoint: config.s3?.endpoint,
+        cdnUrl: config.s3?.cdnUrl,
+        prefix: config.s3?.prefix
+      });
+    case "r2":
+      return createS3Storage({
+        provider: "r2",
+        bucket: config.r2?.bucket || "",
+        region: "auto",
+        accessKeyId: config.r2?.accessKeyId || "",
+        secretAccessKey: config.r2?.secretAccessKey || "",
+        accountId: config.r2?.accountId || "",
+        publicDevUrl: config.r2?.publicDevUrl,
+        endpoint: `https://${config.r2?.accountId || ""}.r2.cloudflarestorage.com`,
+        cdnUrl: config.r2?.cdnUrl,
+        prefix: config.r2?.prefix
+      });
+    case "gcs":
+      return createS3Storage({
+        provider: "gcs",
+        bucket: config.gcs?.bucket || "",
+        region: config.gcs?.projectId || "auto",
+        accessKeyId: config.gcs?.clientEmail || "",
+        secretAccessKey: config.gcs?.privateKey || "",
+        cdnUrl: config.gcs?.cdnUrl,
+        prefix: config.gcs?.prefix
+      });
+    case "digitalocean":
+      return createS3Storage({
+        provider: "digitalocean",
+        bucket: config.digitalocean?.bucket || "",
+        region: config.digitalocean?.region || "nyc3",
+        accessKeyId: config.digitalocean?.accessKeyId || "",
+        secretAccessKey: config.digitalocean?.secretAccessKey || "",
+        cdnUrl: config.digitalocean?.cdnUrl,
+        prefix: config.digitalocean?.prefix
+      });
+    case "backblaze":
+      return createS3Storage({
+        provider: "backblaze",
+        bucket: config.backblaze?.bucket || "",
+        region: "auto",
+        accessKeyId: config.backblaze?.applicationKeyId || "",
+        secretAccessKey: config.backblaze?.applicationKey || "",
+        cdnUrl: config.backblaze?.cdnUrl,
+        prefix: config.backblaze?.prefix
+      });
+    case "wasabi":
+      return createS3Storage({
+        provider: "wasabi",
+        bucket: config.wasabi?.bucket || "",
+        region: config.wasabi?.region || "us-east-1",
+        accessKeyId: config.wasabi?.accessKeyId || "",
+        secretAccessKey: config.wasabi?.secretAccessKey || "",
+        cdnUrl: config.wasabi?.cdnUrl,
+        prefix: config.wasabi?.prefix
+      });
+    case "cloudinary":
+      return createCloudinaryStorage({
+        cloudName: config.cloudinary?.cloudName || "",
+        apiKey: config.cloudinary?.apiKey || "",
+        apiSecret: config.cloudinary?.apiSecret || "",
+        folder: config.cloudinary?.folder
+      });
+    case "ftp":
+    case "sftp": {
+      const ftpConf = config.ftp || config;
+      return createFtpStorage({
+        type: "ftp",
+        host: ftpConf.host || "",
+        port: ftpConf.port || 21,
+        user: ftpConf.user || "",
+        password: ftpConf.password || "",
+        secure: ftpConf.secure || false,
+        baseUrl: ftpConf.baseUrl || "",
+        prefix: ftpConf.prefix
+      });
+    }
+    case "local":
+    default: {
+      const localConfig = config.local || {
+        uploadDir: config["local.uploadDir"],
+        baseUrl: config["local.baseUrl"]
+      };
+      const savedUploadDir = (localConfig?.uploadDir || "").trim();
+      let uploadDir;
+      if (savedUploadDir) {
+        if (path.isAbsolute(savedUploadDir)) {
+          uploadDir = savedUploadDir;
+        } else if (savedUploadDir.includes("/") || savedUploadDir.includes("\\")) {
+          uploadDir = path.resolve(process.cwd(), savedUploadDir);
+        } else {
+          uploadDir = path.join(process.cwd(), "public", savedUploadDir);
+        }
+      } else {
+        uploadDir = path.join(process.cwd(), "public", "uploads");
+      }
+      const savedBaseUrl = (localConfig?.baseUrl || "").trim();
+      let baseUrl;
+      if (savedBaseUrl) {
+        baseUrl = savedBaseUrl.startsWith("/") ? savedBaseUrl : `/${savedBaseUrl}`;
+      } else {
+        baseUrl = "/uploads";
+      }
+      return createLocalStorage({ uploadDir, baseUrl });
+    }
+  }
+}
+async function processImage(buffer) {
+  const metadata = await sharp(buffer).metadata();
+  const mainImage = sharp(buffer).webp({ quality: 85 });
+  const thumbnail = sharp(buffer).resize({ width: 500, withoutEnlargement: true }).webp({ quality: 80 });
+  return {
+    buffer: await mainImage.toBuffer(),
+    thumbnailBuffer: await thumbnail.toBuffer(),
+    width: metadata.width,
+    height: metadata.height,
+    format: "webp"
+  };
+}
+
+// src/storage/MediaService.ts
+var MediaService = class _MediaService {
+  db;
+  storage;
+  dialect;
+  genId;
+  mediaTable = "media";
+  foldersTable = "media_folders";
+  constructor(db, storage, options) {
+    this.db = db;
+    this.storage = storage;
+    this.dialect = options?.dialect || "sqlite";
+    this.genId = options?.genId || genId;
+  }
+  static async init(db, options) {
+    let storage;
+    if (options?.storageConfig) {
+      console.log(
+        "[MediaService.init] Using provided storageConfig:",
+        options.storageConfig.type
+      );
+      storage = await resolveProviderWithConfig(options.storageConfig);
+    } else {
+      const configService = new ConfigService(db);
+      await configService.load();
+      storage = await resolveProvider(configService);
+    }
+    return new _MediaService(db, storage, options);
+  }
+  now() {
+    return (/* @__PURE__ */ new Date()).toISOString();
+  }
+  buildFindConditions(params) {
+    const conditions = [];
+    const p = [];
+    const sortCol = params.sortBy === "name" ? "title" : params.sortBy || "created_at";
+    const sortDir = params.sortDir === "asc" ? "ASC" : "DESC";
+    if (params.search) {
+      conditions.push(
+        `(title LIKE ? OR filename LIKE ? OR original_name LIKE ? OR alt LIKE ?)`
+      );
+      const s = `%${params.search}%`;
+      p.push(s, s, s, s);
+    }
+    if (params.type && params.type !== "all") {
+      conditions.push(`mime_type LIKE ?`);
+      p.push(`${params.type}/%`);
+    }
+    if (params.folder) {
+      conditions.push(`(folder = ? OR folder LIKE ?)`);
+      p.push(params.folder, `${params.folder}/%`);
+    }
+    const where = conditions.length > 0 ? `WHERE ${conditions.join(" AND ")}` : "";
+    return { where, params: p, orderBy: sortDir, sortCol };
+  }
+  rowToMedia(row) {
+    return {
+      id: row.id,
+      filename: row.filename,
+      title: row.title ?? null,
+      originalName: row.original_name ?? row.originalName,
+      mimeType: row.mime_type ?? row.mimeType,
+      fileSize: row.file_size ?? row.fileSize,
+      width: row.width ?? null,
+      height: row.height ?? null,
+      url: row.url,
+      thumbnailUrl: row.thumbnail_url ?? row.thumbnailUrl ?? null,
+      folder: row.folder ?? null,
+      provider: row.provider,
+      alt: row.alt ?? null,
+      caption: row.caption ?? null,
+      metadata: row.metadata ?? null,
+      createdAt: row.created_at ?? row.createdAt,
+      updatedAt: row.updated_at ?? row.updatedAt
+    };
+  }
+  async sqliteRun(sql, params = []) {
+    const stmt = this.db.prepare(sql);
+    const sqlLower = sql.trim().toLowerCase();
+    if (sqlLower.startsWith("insert") || sqlLower.startsWith("update") || sqlLower.startsWith("delete")) {
+      return stmt.run(...params);
+    }
+    return stmt.all(...params);
+  }
+  sqliteGet(sql, params = []) {
+    const stmt = this.db.prepare(sql);
+    return stmt.get(...params);
+  }
+  async upload(file, folder = "") {
+    const isImage = file.type.startsWith("image/");
+    let processed;
+    let uploadFile = file;
+    let filename = file.name;
+    let width = null;
+    let height = null;
+    if (isImage && !file.type.includes("svg")) {
+      const buffer = Buffer.from(await file.arrayBuffer());
+      processed = await processImage(buffer);
+      const originalName = file.name.replace(/\.[^/.]+$/, "");
+      const safeName = originalName.toLowerCase().replace(/[^a-z0-9]/g, "-").replace(/-+/g, "-").substring(0, 50);
+      filename = `${safeName}.webp`;
+      width = processed.width ?? null;
+      height = processed.height ?? null;
+      uploadFile = new File([processed.buffer], filename, {
+        type: "image/webp"
+      });
+    }
+    const storageResult = await this.storage.upload(uploadFile, {
+      folder,
+      filename
+    });
+    const thumbnailUrl = await this.storage.generateThumbnail(
+      {
+        ...storageResult,
+        id: "",
+        provider: this.storage.name,
+        createdAt: this.now()
+      },
+      { width: 400, height: 400 }
+    );
+    const id = this.genId();
+    const now = this.now();
+    if (this.dialect === "sqlite") {
+      await this.sqliteRun(
+        `INSERT INTO ${this.mediaTable}
+          (id, filename, title, original_name, mime_type, file_size, width, height, url, thumbnail_url, folder, provider, alt, caption, metadata, created_at, updated_at)
+         VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+        [
+          id,
+          storageResult.filename,
+          file.name.replace(/\.[^/.]+$/, ""),
+          file.name,
+          storageResult.mimeType,
+          storageResult.size,
+          width,
+          height,
+          storageResult.url,
+          thumbnailUrl,
+          folder || null,
+          this.storage.name,
+          null,
+          null,
+          null,
+          now,
+          now
+        ]
+      );
+    } else {
+      const { media: mediaSchema } = await (this.dialect === "mysql" ? import('./mysql-media-CDZUS7YX.js') : import('./media-HOT3O7RW.js'));
+      await this.db.insert(mediaSchema).values({
+        id,
+        filename: storageResult.filename,
+        title: file.name.replace(/\.[^/.]+$/, ""),
+        originalName: file.name,
+        mimeType: storageResult.mimeType,
+        fileSize: storageResult.size,
+        width,
+        height,
+        url: storageResult.url,
+        thumbnailUrl,
+        folder: folder || "",
+        provider: this.storage.name,
+        createdAt: /* @__PURE__ */ new Date(),
+        updatedAt: /* @__PURE__ */ new Date()
+      }).returning();
+    }
+    return {
+      id,
+      filename: storageResult.filename,
+      title: file.name.replace(/\.[^/.]+$/, ""),
+      originalName: file.name,
+      mimeType: storageResult.mimeType,
+      fileSize: storageResult.size,
+      width,
+      height,
+      url: storageResult.url,
+      thumbnailUrl,
+      folder: folder || null,
+      provider: this.storage.name,
+      alt: null,
+      caption: null,
+      metadata: null,
+      createdAt: now,
+      updatedAt: now
+    };
+  }
+  async delete(id) {
+    let item = null;
+    if (this.dialect === "sqlite") {
+      item = this.sqliteGet(`SELECT * FROM ${this.mediaTable} WHERE id = ?`, [
+        id
+      ]);
+    } else {
+      const { media: mediaSchema } = await (this.dialect === "mysql" ? import('./mysql-media-CDZUS7YX.js') : import('./media-HOT3O7RW.js'));
+      const [row] = await this.db.select().from(mediaSchema).where(mediaSchema.id.equals(id));
+      if (row) item = this.rowToMedia(row);
+    }
+    if (!item) return;
+    await this.deleteFile(item.url);
+    if (item.thumbnailUrl && item.thumbnailUrl !== item.url && item.thumbnailUrl !== item.url + "?thumb") {
+      try {
+        await this.deleteFile(item.thumbnailUrl);
+      } catch {
+      }
+    }
+    if (this.dialect === "sqlite") {
+      await this.sqliteRun(`DELETE FROM ${this.mediaTable} WHERE id = ?`, [id]);
+    } else {
+      const { media: mediaSchema } = await (this.dialect === "mysql" ? import('./mysql-media-CDZUS7YX.js') : import('./media-HOT3O7RW.js'));
+      await this.db.delete(mediaSchema).where(mediaSchema.id.equals(id));
+    }
+  }
+  async deleteFile(url) {
+    await this.storage.delete(url);
+  }
+  async rename(id, newKey) {
+    let item = null;
+    if (this.dialect === "sqlite") {
+      item = this.sqliteGet(`SELECT * FROM ${this.mediaTable} WHERE id = ?`, [
+        id
+      ]);
+    } else {
+      const { media: mediaSchema } = await (this.dialect === "mysql" ? import('./mysql-media-CDZUS7YX.js') : import('./media-HOT3O7RW.js'));
+      const [row] = await this.db.select().from(mediaSchema).where(mediaSchema.id.equals(id));
+      if (row) item = this.rowToMedia(row);
+    }
+    if (!item) return null;
+    const newUrl = await this.storage.rename(item.url, newKey);
+    let newThumbnailUrl;
+    if (item.thumbnailUrl || this.storage.name === "cloudinary") {
+      const versionMatch = newUrl.match(/\/upload\/(v\d+)\//);
+      const version = versionMatch ? versionMatch[1] + "/" : "";
+      const baseUrlMatch = newUrl.match(/(.+?)\/upload\//);
+      const baseUrl = baseUrlMatch ? baseUrlMatch[1] : "https://res.cloudinary.com/" + this.storage.config?.cloudName || "unknown";
+      newThumbnailUrl = `${baseUrl}/upload/w_200,h_200,c_fill/${version}${newKey}`;
+    }
+    const ext = item.filename.split(".").pop();
+    const newFilename = newKey.includes(".") ? newKey : `${newKey}.${ext}`;
+    const updateData = {
+      url: newUrl,
+      filename: newFilename,
+      thumbnailUrl: newThumbnailUrl
+    };
+    if (this.dialect === "sqlite") {
+      const sqliteUpdateData = { ...updateData };
+      if ("thumbnailUrl" in sqliteUpdateData) {
+        sqliteUpdateData.thumbnail_url = sqliteUpdateData.thumbnailUrl;
+        delete sqliteUpdateData.thumbnailUrl;
+      }
+      const sets = Object.keys(sqliteUpdateData).map((k) => `${k} = ?`).join(", ");
+      const vals = Object.values(sqliteUpdateData);
+      await this.sqliteRun(
+        `UPDATE ${this.mediaTable} SET ${sets}, updated_at = ? WHERE id = ?`,
+        [...vals, this.now(), id]
+      );
+    } else {
+      const { media: mediaSchema } = await (this.dialect === "mysql" ? import('./mysql-media-CDZUS7YX.js') : import('./media-HOT3O7RW.js'));
+      await this.db.update(mediaSchema).set({ ...updateData, updatedAt: this.now() }).where(mediaSchema.id.equals(id));
+    }
+    return {
+      ...item,
+      ...updateData,
+      updatedAt: this.now(),
+      thumbnailUrl: updateData.thumbnailUrl ?? null
+    };
+  }
+  async find(params = {}) {
+    const {
+      page = 1,
+      limit = 30,
+      search = "",
+      type = "",
+      folder = "",
+      sortBy = "createdAt",
+      sortDir = "desc"
+    } = params;
+    const {
+      where,
+      params: p,
+      orderBy,
+      sortCol
+    } = this.buildFindConditions({
+      page,
+      limit,
+      search,
+      type,
+      folder,
+      sortBy,
+      sortDir
+    });
+    const offset = (page - 1) * limit;
+    if (this.dialect === "sqlite") {
+      const countRow = this.sqliteGet(
+        `SELECT COUNT(*) as cnt FROM ${this.mediaTable} ${where}`,
+        p
+      );
+      const totalDocs2 = countRow?.cnt ?? 0;
+      const rows = await this.sqliteRun(
+        `SELECT * FROM ${this.mediaTable} ${where} ORDER BY ${sortCol} ${orderBy} LIMIT ? OFFSET ?`,
+        [...p, limit, offset]
+      );
+      return {
+        docs: rows.map((r) => this.rowToMedia(r)),
+        totalDocs: totalDocs2,
+        page,
+        limit,
+        totalPages: Math.ceil(totalDocs2 / limit)
+      };
+    }
+    const { media: mediaSchema } = await (this.dialect === "mysql" ? import('./mysql-media-CDZUS7YX.js') : import('./media-HOT3O7RW.js'));
+    const { like, or, and, asc, desc, eq, sql } = await (this.dialect === "mysql" ? import('drizzle-orm/mysql-core') : import('drizzle-orm/pg-core'));
+    const conditions = [];
+    if (search) {
+      conditions.push(
+        or(
+          like(mediaSchema.title, `%${search}%`),
+          like(mediaSchema.filename, `%${search}%`),
+          like(mediaSchema.originalName, `%${search}%`),
+          like(mediaSchema.alt, `%${search}%`)
+        )
+      );
+    }
+    if (type && type !== "all") {
+      conditions.push(like(mediaSchema.mimeType, `${type}/%`));
+    }
+    if (folder) {
+      conditions.push(
+        or(
+          eq(mediaSchema.folder, folder),
+          like(mediaSchema.folder, `${folder}/%`)
+        )
+      );
+    }
+    const whereClause = conditions.length > 0 ? and(...conditions) : void 0;
+    const order = sortDir === "asc" ? asc(mediaSchema[sortCol]) : desc(mediaSchema[sortCol]);
+    const docs = await this.db.select().from(mediaSchema).where(whereClause).orderBy(order).limit(limit).offset(offset);
+    const [{ count }] = await this.db.select({ count: sql`count(*)` }).from(mediaSchema).where(whereClause);
+    const totalDocs = Number(count);
+    return {
+      docs: docs.map((r) => this.rowToMedia(r)),
+      totalDocs,
+      page,
+      limit,
+      totalPages: Math.ceil(totalDocs / limit)
+    };
+  }
+  async update(id, data) {
+    const now = this.now();
+    if (this.dialect === "sqlite") {
+      const sets = ["updated_at = ?"];
+      const p = [now];
+      if (data.title !== void 0) {
+        sets.push("title = ?");
+        p.push(data.title);
+      }
+      if (data.alt !== void 0) {
+        sets.push("alt = ?");
+        p.push(data.alt);
+      }
+      if (data.caption !== void 0) {
+        sets.push("caption = ?");
+        p.push(data.caption);
+      }
+      if (data.folder !== void 0) {
+        sets.push("folder = ?");
+        p.push(data.folder || null);
+      }
+      p.push(id);
+      await this.sqliteRun(
+        `UPDATE ${this.mediaTable} SET ${sets.join(", ")} WHERE id = ?`,
+        p
+      );
+      const row = this.sqliteGet(
+        `SELECT * FROM ${this.mediaTable} WHERE id = ?`,
+        [id]
+      );
+      return row ? this.rowToMedia(row) : null;
+    }
+    const { media: mediaSchema } = await (this.dialect === "mysql" ? import('./mysql-media-CDZUS7YX.js') : import('./media-HOT3O7RW.js'));
+    const [updated] = await this.db.update(mediaSchema).set({ ...data, updatedAt: /* @__PURE__ */ new Date() }).where(mediaSchema.id.equals(id)).returning();
+    return updated ? this.rowToMedia(updated) : null;
+  }
+  async updateMany(ids, data) {
+    const now = this.now();
+    if (this.dialect === "sqlite") {
+      for (const id of ids) {
+        const sets = ["updated_at = ?"];
+        const p = [now];
+        if (data.folder !== void 0) {
+          sets.push("folder = ?");
+          p.push(data.folder || null);
+        }
+        p.push(id);
+        await this.sqliteRun(
+          `UPDATE ${this.mediaTable} SET ${sets.join(", ")} WHERE id = ?`,
+          p
+        );
+      }
+    } else {
+      const { media: mediaSchema } = await (this.dialect === "mysql" ? import('./mysql-media-CDZUS7YX.js') : import('./media-HOT3O7RW.js'));
+      for (const id of ids) {
+        await this.db.update(mediaSchema).set({ ...data, updatedAt: /* @__PURE__ */ new Date() }).where(mediaSchema.id.equals(id));
+      }
+    }
+  }
+  async listFolders() {
+    if (this.dialect === "sqlite") {
+      const rows = await this.sqliteRun(
+        `SELECT path FROM ${this.foldersTable} UNION
+         SELECT folder as path FROM ${this.mediaTable} WHERE folder IS NOT NULL AND folder != ''`
+      );
+      return rows.map((r) => r.path).filter((f) => f && f !== "").sort();
+    }
+    const { media: mediaSchema, mediaFolders: folderSchema } = await (this.dialect === "mysql" ? import('./mysql-media-CDZUS7YX.js') : import('./media-HOT3O7RW.js'));
+    const { eq, sql } = await (this.dialect === "mysql" ? import('drizzle-orm/mysql-core') : import('drizzle-orm/pg-core'));
+    const fromMedia = await this.db.select({ folder: mediaSchema.folder }).from(mediaSchema).groupBy(mediaSchema.folder);
+    const fromFolders = await this.db.select({ path: folderSchema.path }).from(folderSchema);
+    const allPaths = /* @__PURE__ */ new Set([
+      ...fromMedia.map((r) => r.folder),
+      ...fromFolders.map((r) => r.path)
+    ]);
+    return Array.from(allPaths).filter((f) => f && f !== "").sort();
+  }
+  async createFolder(name, parentPath = "") {
+    const fullPath = parentPath ? `${parentPath}/${name}` : name;
+    if (this.storage.name === "local") {
+      const { mkdir: mkdir2 } = await import('fs/promises');
+      const { join: join2 } = await import('path');
+      await mkdir2(join2(process.cwd(), "public", "uploads", fullPath), {
+        recursive: true
+      });
+    }
+    const now = this.now();
+    if (this.dialect === "sqlite") {
+      await this.sqliteRun(
+        `INSERT OR IGNORE INTO ${this.foldersTable} (path, name, parent_path, created_at) VALUES (?, ?, ?, ?)`,
+        [fullPath, name, parentPath || null, now]
+      );
+    } else {
+      const { mediaFolders: folderSchema } = await (this.dialect === "mysql" ? import('./mysql-media-CDZUS7YX.js') : import('./media-HOT3O7RW.js'));
+      await this.db.insert(folderSchema).values({
+        path: fullPath,
+        name,
+        parentPath: parentPath || null,
+        createdAt: /* @__PURE__ */ new Date()
+      }).onConflictDoNothing();
+    }
+  }
+  async deleteFolder(folder) {
+    const result = await this.find({ folder, limit: 1e4 });
+    for (const item of result.docs) {
+      await this.delete(item.id);
+    }
+    if (this.dialect === "sqlite") {
+      await this.sqliteRun(
+        `DELETE FROM ${this.foldersTable} WHERE path = ? OR path LIKE ?`,
+        [folder, `${folder}/%`]
+      );
+    } else {
+      const { mediaFolders: folderSchema } = await (this.dialect === "mysql" ? import('./mysql-media-CDZUS7YX.js') : import('./media-HOT3O7RW.js'));
+      const { like, or, eq } = await (this.dialect === "mysql" ? import('drizzle-orm/mysql-core') : import('drizzle-orm/pg-core'));
+      await this.db.delete(folderSchema).where(
+        or(
+          eq(folderSchema.path, folder),
+          like(folderSchema.path, `${folder}/%`)
+        )
+      );
+    }
+    if (this.storage.name === "local") {
+      const { rm } = await import('fs/promises');
+      const { join: join2 } = await import('path');
+      try {
+        await rm(join2(process.cwd(), "public", "uploads", folder), {
+          recursive: true,
+          force: true
+        });
+      } catch {
+      }
+    }
+  }
+};
 
 // src/registry/config.ts
 function normalizeCollections(collections) {
@@ -4066,6 +6967,6 @@ function defineConfig(config) {
   };
 }
 
-export { ALL_FIELD_TYPES, AccountLockout, AnalyticsPlugin, AuditLogger, Auth, COMPLEX_FIELD_TYPES, CSSGenerator, CommentsPlugin, ConfigValidationError, InMemoryAccountLockout, InMemoryAuditLogger, InMemoryAuthAdapter, InMemoryRateLimiter, Kyro, KyroPlugin, LAYOUT_FIELD_TYPES, LocalAdapter, PRIMITIVE_FIELD_TYPES, PluginManager, RELATIONAL_FIELD_TYPES, RateLimiter, Registry, ReviewsPlugin, SEOPLugin, VersionManager, WishlistPlugin, authConfig, collectionToCreateZod, collectionToUpdateZod, collectionToWhereZod, collectionToZod, createAdminStyling, createAuditContext, createAuth, createAuthConfig, createKyro, createLocalAdapter, createRegistry, createVersionManager, defaultDarkTheme, defaultFieldStyling, defaultLightTheme, defineConfig, ecommerce2026Theme, fieldToZod, generateCSSVariables, generateTailwindConfig, getDefaultDraftPublishConfig, getRegistry, globalToZod, isArchived, isArrayField, isBlocksField, isDraft, isGroupField, isLayoutField, isNumberField, isPublished, isRelationshipField, isRichTextField, isSelectField, isTextField, isUploadField, presetPlugins, resetRegistry, runFieldHooks, runHooks, validateCollection, validateConfig, validateFields, validateGlobal };
+export { ALL_FIELD_TYPES, AccountLockout, AnalyticsPlugin, AuditLogger, Auth, COMPLEX_FIELD_TYPES, CSSGenerator, CommentsPlugin, ConfigValidationError, InMemoryAccountLockout, InMemoryAuditLogger, InMemoryAuthAdapter, Kyro, KyroPlugin, LAYOUT_FIELD_TYPES, LocalAdapter, MediaService, PRIMITIVE_FIELD_TYPES, PluginManager, RELATIONAL_FIELD_TYPES, RateLimiter, Registry, ReviewsPlugin, SEOPLugin, VersionManager, WishlistPlugin, authConfig, collectionToCreateZod, collectionToUpdateZod, collectionToWhereZod, collectionToZod, createAdminStyling, createAuditContext, createAuth, createAuthConfig, createColumnsNode, createKyro, createLocalAdapter, createLocalStorage, createRegistry, createVersionManager, defaultDarkTheme, defaultFieldStyling, defaultLightTheme, defineConfig, ecommerce2026Theme, fieldToZod, generateCSSVariables, generateTailwindConfig, getDefaultDraftPublishConfig, getRegistry, globalToZod, isArchived, isArrayField, isBlocksField, isDraft, isGroupField, isLayoutField, isNumberField, isPublished, isRelationshipField, isRichTextField, isSelectField, isTextField, isUploadField, normalizeRichTextDocument, normalizeRichTextValue, presetPlugins, renderRichText, resetRegistry, resolveProvider, richTextStyles, runFieldHooks, runHooks, validateCollection, validateConfig, validateFields, validateGlobal };
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map