@kyro-cms/core 0.9.0 → 0.9.1

package/dist/chunk-L5UKKZQN.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/api/graphql/schema.ts"],"names":[],"mappings":";;;;AA8BA,eAAe,kBAAA,CACb,UAAA,EACA,SAAA,EACA,OAAA,EACyD;AACzD,EAAA,MAAM,UAAA,GAAa,UAAA,CAAW,MAAA,GAAS,SAAS,CAAA;AAGhD,EAAA,IAAI,OAAA,CAAQ,MAAA,EAAQ,WAAA,EAAa,MAAA,GAAS,CAAA,EAAG;AAC3C,IAAA,MAAM,WAAW,UAAA,CAAW,IAAA;AAC5B,IAAA,MAAM,SAAS,SAAA,KAAc,MAAA,GAAS,MAAA,GAAS,SAAA,KAAc,WAAW,QAAA,GAAW,QAAA;AACnF,IAAA,MAAM,UAAA,GAAa,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,MAAM,CAAA,CAAA;AACxC,IAAA,IACE,CAAC,mBAAA,CAAoB,OAAA,CAAQ,MAAA,CAAO,aAAa,UAAU,CAAA,IAC3D,CAAC,mBAAA,CAAoB,QAAQ,MAAA,CAAO,WAAA,EAAa,CAAA,EAAG,QAAQ,QAAQ,CAAA,EACpE;AACA,MAAA,OAAO,EAAE,SAAS,KAAA,EAAM;AAAA,IAC1B;AAAA,EACF;AAGA,EAAA,IAAI,QAAQ,IAAA,EAAM;AAChB,IAAA,MAAM,WAAW,UAAA,CAAW,IAAA;AAC5B,IAAA,MAAM,MAAA,GAAS,cAAc,MAAA,GAAS,MAAA,GAAS,cAAc,QAAA,GAAW,QAAA,GAAW,SAAA,KAAc,QAAA,GAAW,QAAA,GAAW,QAAA;AACvH,IAAA,MAAM,UAAA,GAAa,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,MAAM,CAAA,CAAA;AACxC,IAAA,MAAM,iBAAA,GAAoB,aAAA;AAAA,MACxB,EAAE,EAAA,EAAI,OAAA,CAAQ,IAAA,CAAK,EAAA,EAAI,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,KAAA,EAAO,IAAA,EAAM,OAAA,CAAQ,IAAA,CAAK,IAAA,EAAK;AAAA,MAC1E;AAAA,KACF;AACA,IAAA,IAAI,CAAC,qBAAqB,CAAC,aAAA;AAAA,MACzB,EAAE,EAAA,EAAI,OAAA,CAAQ,IAAA,CAAK,EAAA,EAAI,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,KAAA,EAAO,IAAA,EAAM,OAAA,CAAQ,IAAA,CAAK,IAAA,EAAK;AAAA,MAC1E,GAAG,QAAQ,CAAA,MAAA;AAAA,KACb,EAAG;AACD,MAAA,IAAI,CAAC,UAAA,EAAY;AACf,QAAA,OAAO,EAAE,SAAS,KAAA,EAAM;AAAA,MAC1B;AAAA,IACF;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,IAAI,CAAC,OAAA,CAAQ,IAAA,IAAQ,CAAC,QAAQ,MAAA,EAAQ;AACpC,MAAA,OAAO,EAAE,SAAS,KAAA,EAAM;AAAA,IAC1B;AACA,IAAA,OAAO,EAAE,SAAS,IAAA,EAAK;AAAA,EACzB;AAEA,EAAA,MAAM,MAAA,GAAS,MAAM,cAAA,CAAe,UAAA,EAAY;AAAA,IAC9C,KAAK,OAAA,CAAQ,GAAA;AAAA,IACb,MAAM,OAAA,CAAQ,IAAA;AAAA,IACd,UAAU,OAAA,CAAQ;AAAA,GACnB,CAAA;AAED,EAAA,IAAI,OAAO,WAAW,SAAA,EAAW;AAC/B,IAAA,OAAO,EAAE,SAAS,MAAA,EAAO;AAAA,EAC3B;AAEA,EAAA,OAAO,EAAE,OAAA,EAAS,IAAA,EAAM,UAAA,EAAY,MAAA,EAAO;AAC7C;AAEA,eAAe,iBAAA,CACb,MAAA,EACA,SAAA,EACA,OAAA,EAC+B;AAC/B,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,MAAA,GAAS,SAAS,CAAA;AAE5C,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,IAAI,CAAC,QAAQ,IAAA,EAAM;AACjB,MAAA,OAAO,EAAE,SAAS,KAAA,EAAM;AAAA,IAC1B;AACA,IAAA,MAAM,QAAA,GAAW,QAAQ,IAAA,CAAK,IAAA;AAC9B,IAAA,IAAI,QAAA,KAAa,aAAA,IAAiB,QAAA,KAAa,OAAA,EAAS;AACtD,MAAA,OAAO,EAAE,SAAS,IAAA,EAAK;AAAA,IACzB;AACA,IAAA,OAAO,EAAE,SAAS,KAAA,EAAM;AAAA,EAC1B;AAEA,EAAA,MAAM,MAAA,GAAS,MAAM,cAAA,CAAe,UAAA,EAAY;AAAA,IAC9C,KAAK,OAAA,CAAQ,GAAA;AAAA,IACb,MAAM,OAAA,CAAQ,IAAA;AAAA,IACd,UAAU,OAAA,CAAQ;AAAA,GACnB,CAAA;AAED,EAAA,IAAI,OAAO,WAAW,SAAA,EAAW;AAC/B,IAAA,OAAO,EAAE,SAAS,MAAA,EAAO;AAAA,EAC3B;AAEA,EAAA,OAAO,EAAE,SAAS,IAAA,EAAK;AACzB;AAMA,SAAS,kBAAA,CACP,KAAA,EACA,QAAA,EACA,eAAA,EACA,cAAc,KAAA,EACD;AACb,EAAA,QAAQ,MAAM,IAAA;AAAM,IAClB,KAAK,MAAA;AAAA,IACL,KAAK,OAAA;AAAA,IACL,KAAK,UAAA;AAAA,IACL,KAAK,UAAA;AAAA,IACL,KAAK,OAAA;AAAA,IACL,KAAK,MAAA;AAAA,IACL,KAAK,UAAA;AAAA,IACL,KAAK,MAAA;AAAA,IACL,KAAK,QAAA;AAAA,IACL,KAAK,OAAA;AAAA,IACL,KAAK,QAAA;AACH,MAAA,OAAO,aAAA;AAAA,IACT,KAAK,QAAA;AACH,MAAA,OAAO,KAAA,CAAM,UAAU,UAAA,GAAa,YAAA;AAAA,IACtC,KAAK,UAAA;AACH,MAAA,OAAO,cAAA;AAAA,IACT,KAAK,MAAA;AAAA,IACL,KAAK,UAAA;AACH,MAAA,OAAO,aAAA;AAAA;AAAA,IACT,KAAK,cAAA;AACH,MAAA,IAAI,OAAO,KAAA,CAAM,UAAA,KAAe,QAAA,EAAU;AACxC,QAAA,IAAI,WAAA,EAAa;AACf,UAAA,OAAO,aAAA;AAAA,QACT;AACA,QAAA,IAAI,eAAA,GAAkB,KAAA,CAAM,UAAU,CAAA,EAAG;AACvC,UAAA,OAAO,eAAA,CAAgB,MAAM,UAAU,CAAA;AAAA,QACzC;AACA,QAAA,MAAM,iBAAA,GAAoB,QAAA,CAAS,aAAA,CAAc,KAAA,CAAM,UAAU,CAAA;AACjE,QAAA,IAAI,iBAAA,EAAmB;AACrB,UAAA,OAAO,IAAI,iBAAA,CAAkB;AAAA,YAC3B,IAAA,EAAM,CAAA,EAAG,KAAA,CAAM,UAAU,CAAA,IAAA,CAAA;AAAA,YACzB,QAAQ,OAAO;AAAA,cACb,EAAA,EAAI,EAAE,IAAA,EAAM,aAAA,EAAc;AAAA,cAC1B,GAAG,yBAAA,CAA0B,iBAAA,EAAmB,QAAA,EAAU,eAAe;AAAA,aAC3E;AAAA,WACD,CAAA;AAAA,QACH;AAAA,MACF;AACA,MAAA,OAAO,aAAA;AAAA,IACT,KAAK,OAAA;AACH,MAAA,OAAO,IAAI,YAAY,aAAa,CAAA;AAAA;AAAA,IACtC,KAAK,OAAA;AACH,MAAA,OAAO,aAAA;AAAA;AAAA,IACT,KAAK,QAAA;AACH,MAAA,OAAO,IAAI,YAAY,aAAa,CAAA;AAAA;AAAA,IACtC,KAAK,KAAA;AAAA,IACL,KAAK,aAAA;AAAA,IACL,KAAK,MAAA;AACH,MAAA,OAAO,aAAA;AAAA,IACT;AACE,MAAA,OAAO,aAAA;AAAA;AAEb;AAEA,SAAS,yBAAA,CACP,MAAA,EACA,QAAA,EACA,eAAA,EAC8C;AAC9C,EAAA,MAAM,SAAuD,EAAC;AAE9D,EAAA,KAAA,MAAW,KAAA,IAAS,OAAO,MAAA,EAAQ;AACjC,IAAA,IAAI,KAAA,CAAM,IAAA,IAAQ,KAAA,CAAM,KAAA,EAAO,WAAW,IAAA,EAAM;AAC9C,MAAA,MAAA,CAAO,KAAA,CAAM,IAAI,CAAA,GAAI;AAAA,QACnB,IAAA,EAAM,KAAA,CAAM,QAAA,GACR,IAAI,eAAe,kBAAA,CAAmB,KAAA,EAAO,QAAA,EAAU,eAAe,CAAQ,CAAA,GAC7E,kBAAA,CAAmB,KAAA,EAAO,UAAU,eAAe,CAAA;AAAA,QACxD,WAAA,EAAa,KAAA,CAAM,KAAA,EAAO,WAAA,IAAe,KAAA,CAAM;AAAA,OACjD;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,MAAA;AACT;AAgBO,SAAS,mBACd,OAAA,EACe;AACf,EAAA,MAAM,EAAE,UAAU,EAAA,EAAI,IAAA,EAAM,KAAK,QAAA,EAAU,MAAA,EAAQ,UAAS,GAAI,OAAA;AAGhE,EAAA,MAAM,SAAA,GAAY,UAAU,MAAA,EAAQ,SAAA;AACpC,EAAA,IAAI,SAAA,EAAW,mBAAmB,KAAA,EAAO;AACvC,IAAA,MAAM,IAAI,MAAM,yBAAyB,CAAA;AAAA,EAC3C;AAEA,EAAA,MAAM,WAAA,GAAc,SAAS,cAAA,EAAe;AAC5C,EAAA,MAAM,OAAA,GAAU,SAAS,UAAA,EAAW;AAGpC,EAAA,MAAM,kBAAqD,EAAC;AAC5D,EAAA,MAAM,uBAA+D,EAAC;AAEtE,EAAA,KAAA,MAAW,cAAc,WAAA,EAAa;AAEpC,IAAA,eAAA,CAAgB,UAAA,CAAW,IAAI,CAAA,GAAI,IAAI,iBAAA,CAAkB;AAAA,MACvD,MAAM,CAAA,EAAG,UAAA,CAAW,KAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAC,CAAA,KAAA,CAAA;AAAA,MAC3C,QAAQ,OAAO;AAAA,QACb,EAAA,EAAI,EAAE,IAAA,EAAM,aAAA,EAAc;AAAA,QAC1B,GAAG,yBAAA,CAA0B,UAAA,EAAY,QAAA,EAAU,eAAe,CAAA;AAAA,QAClE,GAAI,WAAW,UAAA,GACX;AAAA,UACE,SAAA,EAAW,EAAE,IAAA,EAAM,aAAA,EAAc;AAAA,UACjC,SAAA,EAAW,EAAE,IAAA,EAAM,aAAA;AAAc,YAEnC,EAAC;AAAA,QACL,GAAI,WAAW,YAAA,GACX;AAAA,UACE,QAAA,EAAU,EAAE,IAAA,EAAM,aAAA;AAAc,YAElC;AAAC,OACP;AAAA,KACD,CAAA;AAGD,IAAA,MAAM,cAAqD,EAAC;AAC5D,IAAA,KAAA,MAAW,KAAA,IAAS,WAAW,MAAA,EAAQ;AACrC,MAAA,IAAI,KAAA,CAAM,IAAA,IAAQ,KAAA,CAAM,IAAA,KAAS,IAAA,EAAM;AACrC,QAAA,WAAA,CAAY,KAAA,CAAM,IAAI,CAAA,GAAI;AAAA,UACxB,IAAA,EAAM,kBAAA,CAAmB,KAAA,EAAO,QAAA,EAAU,iBAAiB,IAAI;AAAA,SACjE;AAAA,MACF;AAAA,IACF;AAEA,IAAA,oBAAA,CAAqB,UAAA,CAAW,IAAI,CAAA,GAAI,IAAI,sBAAA,CAAuB;AAAA,MACjE,MAAM,CAAA,EAAG,UAAA,CAAW,KAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAC,CAAA,MAAA,CAAA;AAAA,MAC3C,QAAQ,MAAM;AAAA,KACf,CAAA;AAAA,EACH;AAGA,EAAA,MAAM,cAAiD,EAAC;AACxD,EAAA,MAAM,mBAA2D,EAAC;AAElE,EAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,IAAA,WAAA,CAAY,MAAA,CAAO,IAAI,CAAA,GAAI,IAAI,iBAAA,CAAkB;AAAA,MAC/C,MAAM,CAAA,EAAG,MAAA,CAAO,KAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAC,CAAA,YAAA,CAAA;AAAA,MACvC,QAAQ,OAAO;AAAA,QACb,EAAA,EAAI,EAAE,IAAA,EAAM,aAAA,EAAc;AAAA,QAC1B,GAAG,yBAAA;AAAA,UACD,EAAE,IAAA,EAAM,MAAA,CAAO,IAAA,EAAM,MAAA,EAAQ,OAAO,MAAA,EAAO;AAAA,UAC3C,QAAA;AAAA,UACA;AAAA;AACF,OACF;AAAA,KACD,CAAA;AAED,IAAA,gBAAA,CAAiB,MAAA,CAAO,IAAI,CAAA,GAAI,IAAI,sBAAA,CAAuB;AAAA,MACzD,MAAM,CAAA,EAAG,MAAA,CAAO,KAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAC,CAAA,aAAA,CAAA;AAAA,MACvC,QAAQ,MAAM;AACZ,QAAA,MAAM,cAAqD,EAAC;AAC5D,QAAA,KAAA,MAAW,KAAA,IAAS,OAAO,MAAA,EAAQ;AACjC,UAAA,IAAI,KAAA,CAAM,IAAA,IAAQ,KAAA,CAAM,IAAA,KAAS,IAAA,EAAM;AACrC,YAAA,WAAA,CAAY,KAAA,CAAM,IAAI,CAAA,GAAI;AAAA,cACxB,IAAA,EAAM,kBAAA,CAAmB,KAAA,EAAO,QAAA,EAAU,iBAAiB,IAAI;AAAA,aACjE;AAAA,UACF;AAAA,QACF;AACA,QAAA,OAAO,WAAA;AAAA,MACT;AAAA,KACD,CAAA;AAAA,EACH;AAGA,EAAA,MAAM,cAA4D,EAAC;AAGnE,EAAA,KAAA,MAAW,cAAc,WAAA,EAAa;AACpC,IAAA,MAAM,IAAA,GAAO,eAAA,CAAgB,UAAA,CAAW,IAAI,CAAA;AAC5C,IAAA,IAAI,CAAC,IAAA,EAAM;AAGX,IAAA,WAAA,CAAY,CAAA,EAAG,WAAW,IAAA,CAAK,OAAA,CAAQ,MAAM,GAAG,CAAC,MAAM,CAAA,GAAI;AAAA,MACzD,IAAA,EAAM,IAAI,iBAAA,CAAkB;AAAA,QAC1B,MAAM,CAAA,EAAG,UAAA,CAAW,KAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAC,CAAA,YAAA,CAAA;AAAA,QAC3C,MAAA,EAAQ;AAAA,UACN,MAAM,EAAE,IAAA,EAAM,IAAI,WAAA,CAAY,IAAI,CAAA,EAAE;AAAA,UACpC,SAAA,EAAW,EAAE,IAAA,EAAM,UAAA,EAAW;AAAA,UAC9B,IAAA,EAAM,EAAE,IAAA,EAAM,UAAA,EAAW;AAAA,UACzB,UAAA,EAAY,EAAE,IAAA,EAAM,UAAA,EAAW;AAAA,UAC/B,WAAA,EAAa,EAAE,IAAA,EAAM,cAAA,EAAe;AAAA,UACpC,WAAA,EAAa,EAAE,IAAA,EAAM,cAAA;AAAe;AACtC,OACD,CAAA;AAAA,MACD,IAAA,EAAM;AAAA,QACJ,KAAA,EAAO,EAAE,IAAA,EAAM,aAAA,EAAc;AAAA,QAC7B,IAAA,EAAM,EAAE,IAAA,EAAM,aAAA,EAAc;AAAA,QAC5B,KAAA,EAAO,EAAE,IAAA,EAAM,UAAA,EAAW;AAAA,QAC1B,IAAA,EAAM,EAAE,IAAA,EAAM,UAAA,EAAW;AAAA,QACzB,KAAA,EAAO,EAAE,IAAA,EAAM,cAAA;AAAe,OAChC;AAAA,MACA,OAAA,EAAS,OAAO,CAAA,EAAQ,IAAA,EAAW,OAAA,KAAiB;AAClD,QAAA,MAAM,MAAA,GAAS,MAAM,kBAAA,CAAmB,UAAA,EAAY,MAAA,EAAQ;AAAA,UAC1D,IAAA;AAAA,UACA,GAAA;AAAA,UACA,QAAA;AAAA,UACA;AAAA,SACD,CAAA;AACD,QAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,UAAA,MAAM,IAAI,MAAM,eAAe,CAAA;AAAA,QACjC;AAEA,QAAA,IAAI,QAAA,EAAU;AACZ,UAAA,EAAA,CAAG,gBAAA,CAAiB,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,IAAA,EAAM,EAAA,IAAM,EAAA,EAAI,IAAA,EAAM,MAAM,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,IAAA,KAAS,eAAe,CAAA;AAAA,QAClI;AAEA,QAAA,IAAI,QAAQ,EAAC;AACb,QAAA,IAAI,KAAK,KAAA,EAAO;AACd,UAAA,IAAI;AACF,YAAA,KAAA,GAAQ,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,KAAK,CAAA;AAAA,UAC/B,CAAA,CAAA,MAAQ;AAAA,UAAC;AAAA,QACX;AAEA,QAAA,IAAI,OAAO,UAAA,EAAY;AACrB,UAAA,KAAA,GAAQ,EAAE,GAAG,KAAA,EAAO,GAAG,OAAO,UAAA,EAAW;AAAA,QAC3C;AAEA,QAAA,MAAM,OAAA,GAAU,IAAA,CAAK,KAAA,IAAS,CAAC,CAAC,IAAA;AAEhC,QAAA,OAAO,GAAG,IAAA,CAAK;AAAA,UACb,YAAY,UAAA,CAAW,IAAA;AAAA,UACvB,KAAA;AAAA,UACA,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,KAAA,EAAO,KAAK,KAAA,IAAS,EAAA;AAAA,UACrB,IAAA,EAAM,KAAK,IAAA,IAAQ,CAAA;AAAA,UACnB,QAAA;AAAA,UACA,KAAA,EAAO;AAAA,SACR,CAAA;AAAA,MACH;AAAA,KACF;AAGA,IAAA,WAAA,CAAY,CAAA,EAAG,WAAW,IAAA,CAAK,OAAA,CAAQ,MAAM,GAAG,CAAC,UAAU,CAAA,GAAI;AAAA,MAC7D,IAAA;AAAA,MACA,IAAA,EAAM;AAAA,QACJ,IAAI,EAAE,IAAA,EAAM,IAAI,cAAA,CAAe,aAAa,CAAA,EAAE;AAAA,QAC9C,KAAA,EAAO,EAAE,IAAA,EAAM,cAAA;AAAe,OAChC;AAAA,MACA,OAAA,EAAS,OAAO,CAAA,EAAQ,IAAA,EAAW,OAAA,KAAiB;AAClD,QAAA,MAAM,MAAA,GAAS,MAAM,kBAAA,CAAmB,UAAA,EAAY,MAAA,EAAQ;AAAA,UAC1D,IAAA;AAAA,UACA,GAAA;AAAA,UACA,QAAA;AAAA,UACA;AAAA,SACD,CAAA;AACD,QAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,UAAA,MAAM,IAAI,MAAM,eAAe,CAAA;AAAA,QACjC;AAEA,QAAA,IAAI,QAAA,EAAU;AACZ,UAAA,EAAA,CAAG,gBAAA,CAAiB,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,IAAA,EAAM,EAAA,IAAM,EAAA,EAAI,IAAA,EAAM,MAAM,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,IAAA,KAAS,eAAe,CAAA;AAAA,QAClI;AAEA,QAAA,MAAM,OAAA,GAAU,IAAA,CAAK,KAAA,IAAS,CAAC,CAAC,IAAA;AAChC,QAAA,MAAM,GAAA,GAAM,MAAM,EAAA,CAAG,QAAA,CAAS;AAAA,UAC5B,YAAY,UAAA,CAAW,IAAA;AAAA,UACvB,IAAI,IAAA,CAAK,EAAA;AAAA,UACT,QAAA;AAAA,UACA,KAAA,EAAO;AAAA,SACR,CAAA;AACD,QAAA,OAAO,GAAA;AAAA,MACT;AAAA,KACF;AAGA,IAAA,WAAA,CAAY,CAAA,EAAG,WAAW,IAAA,CAAK,OAAA,CAAQ,MAAM,GAAG,CAAC,OAAO,CAAA,GAAI;AAAA,MAC1D,IAAA,EAAM,IAAI,iBAAA,CAAkB;AAAA,QAC1B,MAAM,CAAA,EAAG,UAAA,CAAW,KAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAC,CAAA,MAAA,CAAA;AAAA,QAC3C,MAAA,EAAQ;AAAA,UACN,SAAA,EAAW,EAAE,IAAA,EAAM,UAAA;AAAW;AAChC,OACD,CAAA;AAAA,MACD,IAAA,EAAM;AAAA,QACJ,KAAA,EAAO,EAAE,IAAA,EAAM,aAAA;AAAc,OAC/B;AAAA,MACA,OAAA,EAAS,OAAO,CAAA,EAAQ,IAAA,EAAW,OAAA,KAAiB;AAClD,QAAA,MAAM,MAAA,GAAS,MAAM,kBAAA,CAAmB,UAAA,EAAY,MAAA,EAAQ;AAAA,UAC1D,IAAA;AAAA,UACA,GAAA;AAAA,UACA,QAAA;AAAA,UACA;AAAA,SACD,CAAA;AACD,QAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,UAAA,OAAO,EAAE,WAAW,CAAA,EAAE;AAAA,QACxB;AACA,QAAA,IAAI,QAAQ,EAAC;AACb,QAAA,IAAI,KAAK,KAAA,EAAO;AACd,UAAA,IAAI;AACF,YAAA,KAAA,GAAQ,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,KAAK,CAAA;AAAA,UAC/B,CAAA,CAAA,MAAQ;AAAA,UAAC;AAAA,QACX;AACA,QAAA,MAAM,KAAA,GAAQ,MAAM,EAAA,CAAG,KAAA,CAAM;AAAA,UAC3B,YAAY,UAAA,CAAW,IAAA;AAAA,UACvB,KAAA;AAAA,UACA;AAAA,SACD,CAAA;AACD,QAAA,OAAO,EAAE,WAAW,KAAA,EAAM;AAAA,MAC5B;AAAA,KACF;AAAA,EACF;AAGA,EAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,IAAA,MAAM,IAAA,GAAO,WAAA,CAAY,MAAA,CAAO,IAAI,CAAA;AACpC,IAAA,IAAI,CAAC,IAAA,EAAM;AAEX,IAAA,WAAA,CAAY,CAAA,EAAG,OAAO,IAAA,CAAK,OAAA,CAAQ,MAAM,GAAG,CAAC,KAAK,CAAA,GAAI;AAAA,MACpD,IAAA;AAAA,MACA,SAAS,YAAY;AACnB,QAAA,MAAM,MAAA,GAAS,MAAM,iBAAA,CAAkB,MAAA,EAAQ,MAAA,EAAQ;AAAA,UACrD,IAAA;AAAA,UACA,GAAA;AAAA,UACA;AAAA,SACD,CAAA;AACD,QAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,UAAA,MAAM,IAAI,MAAM,mCAAmC,CAAA;AAAA,QACrD;AACA,QAAA,IAAI,QAAA,EAAU;AACZ,UAAA,EAAA,CAAG,gBAAA,CAAiB,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,IAAA,EAAM,EAAA,IAAM,EAAA,EAAI,IAAA,EAAM,MAAM,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,IAAA,KAAS,eAAe,CAAA;AAAA,QAClI;AACA,QAAA,OAAO,GAAG,OAAA,CAAQ;AAAA,UAChB,UAAA,EAAY,CAAA,SAAA,EAAY,MAAA,CAAO,IAAI,CAAA,CAAA;AAAA,UACnC,OAAO,EAAC;AAAA,UACR;AAAA,SACD,CAAA;AAAA,MACH;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,KAAA,GAAQ,IAAI,iBAAA,CAAkB;AAAA,IAClC,IAAA,EAAM,OAAA;AAAA,IACN,MAAA,EAAQ;AAAA,GACT,CAAA;AAGD,EAAA,MAAM,iBAA+D,EAAC;AAEtE,EAAA,KAAA,MAAW,cAAc,WAAA,EAAa;AACpC,IAAA,MAAM,IAAA,GAAO,eAAA,CAAgB,UAAA,CAAW,IAAI,CAAA;AAC5C,IAAA,MAAM,SAAA,GAAY,oBAAA,CAAqB,UAAA,CAAW,IAAI,CAAA;AACtD,IAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,SAAA,EAAW;AAGzB,IAAA,cAAA,CAAe,CAAA,EAAG,WAAW,IAAA,CAAK,OAAA,CAAQ,MAAM,GAAG,CAAC,QAAQ,CAAA,GAAI;AAAA,MAC9D,IAAA,EAAM,IAAI,iBAAA,CAAkB;AAAA,QAC1B,MAAM,CAAA,EAAG,UAAA,CAAW,KAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAC,CAAA,cAAA,CAAA;AAAA,QAC3C,MAAA,EAAQ;AAAA,UACN,GAAA,EAAK,EAAE,IAAA,EAAK;AAAA,UACZ,OAAA,EAAS,EAAE,IAAA,EAAM,aAAA;AAAc;AACjC,OACD,CAAA;AAAA,MACD,IAAA,EAAM;AAAA,QACJ,MAAM,EAAE,IAAA,EAAM,IAAI,cAAA,CAAe,SAAS,CAAA;AAAE,OAC9C;AAAA,MACA,OAAA,EAAS,OAAO,CAAA,EAAQ,IAAA,EAAW,OAAA,KAAiB;AAClD,QAAA,MAAM,MAAA,GAAS,MAAM,kBAAA,CAAmB,UAAA,EAAY,QAAA,EAAU;AAAA,UAC5D,IAAA;AAAA,UACA,GAAA;AAAA,UACA,QAAA;AAAA,UACA;AAAA,SACD,CAAA;AACD,QAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,UAAA,MAAM,IAAI,MAAM,8BAA8B,CAAA;AAAA,QAChD;AACA,QAAA,IAAI,QAAA,EAAU;AACZ,UAAA,EAAA,CAAG,gBAAA,CAAiB,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,IAAA,EAAM,EAAA,IAAM,EAAA,EAAI,IAAA,EAAM,MAAM,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,IAAA,KAAS,eAAe,CAAA;AAAA,QAClI;AACA,QAAA,MAAM,MAAA,GAAS,QAAA,CAAS,kBAAA,CAAmB,UAAA,CAAW,IAAI,CAAA;AAE1D,QAAA,MAAM,SAAA,GAAY,MAAA,CAAO,KAAA,CAAM,IAAA,CAAK,IAAI,CAAA;AAExC,QAAA,MAAM,GAAA,GAAM,MAAM,EAAA,CAAG,MAAA,CAAO;AAAA,UAC1B,YAAY,UAAA,CAAW,IAAA;AAAA,UACvB,IAAA,EAAM,SAAA;AAAA,UACN;AAAA,SACD,CAAA;AAED,QAAA,OAAO,EAAE,GAAA,EAAK,OAAA,EAAS,sBAAA,EAAuB;AAAA,MAChD;AAAA,KACF;AAGA,IAAA,cAAA,CAAe,CAAA,EAAG,WAAW,IAAA,CAAK,OAAA,CAAQ,MAAM,GAAG,CAAC,QAAQ,CAAA,GAAI;AAAA,MAC9D,IAAA,EAAM,IAAI,iBAAA,CAAkB;AAAA,QAC1B,MAAM,CAAA,EAAG,UAAA,CAAW,KAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAC,CAAA,cAAA,CAAA;AAAA,QAC3C,MAAA,EAAQ;AAAA,UACN,GAAA,EAAK,EAAE,IAAA,EAAK;AAAA,UACZ,OAAA,EAAS,EAAE,IAAA,EAAM,aAAA;AAAc;AACjC,OACD,CAAA;AAAA,MACD,IAAA,EAAM;AAAA,QACJ,IAAI,EAAE,IAAA,EAAM,IAAI,cAAA,CAAe,aAAa,CAAA,EAAE;AAAA,QAC9C,MAAM,EAAE,IAAA,EAAM,IAAI,cAAA,CAAe,SAAS,CAAA,EAAE;AAAA,QAC5C,aAAA,EAAe,EAAE,IAAA,EAAM,aAAA;AAAc,OACvC;AAAA,MACA,OAAA,EAAS,OAAO,CAAA,EAAQ,IAAA,EAAW,OAAA,KAAiB;AAClD,QAAA,MAAM,MAAA,GAAS,MAAM,kBAAA,CAAmB,UAAA,EAAY,QAAA,EAAU;AAAA,UAC5D,IAAA;AAAA,UACA,GAAA;AAAA,UACA,QAAA;AAAA,UACA;AAAA,SACD,CAAA;AACD,QAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,UAAA,MAAM,IAAI,MAAM,8BAA8B,CAAA;AAAA,QAChD;AACA,QAAA,IAAI,QAAA,EAAU;AACZ,UAAA,EAAA,CAAG,gBAAA,CAAiB,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,IAAA,EAAM,EAAA,IAAM,EAAA,EAAI,IAAA,EAAM,MAAM,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,IAAA,KAAS,eAAe,CAAA;AAAA,QAClI;AAGA,QAAA,IAAI,KAAK,aAAA,EAAe;AACtB,UAAA,MAAM,WAAA,GAAc,MAAM,EAAA,CAAG,QAAA,CAA8B;AAAA,YACzD,YAAY,UAAA,CAAW,IAAA;AAAA,YACvB,IAAI,IAAA,CAAK,EAAA;AAAA,YACT,QAAA;AAAA,YACA,KAAA,EAAO;AAAA,WACR,CAAA;AACD,UAAA,IAAI,eAAe,WAAA,CAAY,SAAA,IAAa,IAAA,CAAK,aAAA,KAAkB,YAAY,SAAA,EAAW;AACxF,YAAA,MAAM,IAAI,MAAM,CAAA,8CAAA,EAAiD,IAAA,CAAK,aAAa,CAAA,qBAAA,EAAwB,WAAA,CAAY,SAAS,CAAA,CAAE,CAAA;AAAA,UACpI;AAAA,QACF;AAEA,QAAA,MAAM,MAAA,GAAS,QAAA,CAAS,kBAAA,CAAmB,UAAA,CAAW,IAAI,CAAA;AAE1D,QAAA,MAAM,SAAA,GAAY,MAAA,CAAO,KAAA,CAAM,IAAA,CAAK,IAAI,CAAA;AAExC,QAAA,MAAM,GAAA,GAAM,MAAM,EAAA,CAAG,MAAA,CAAO;AAAA,UAC1B,YAAY,UAAA,CAAW,IAAA;AAAA,UACvB,IAAI,IAAA,CAAK,EAAA;AAAA,UACT,IAAA,EAAM,SAAA;AAAA,UACN;AAAA,SACD,CAAA;AAED,QAAA,OAAO,EAAE,GAAA,EAAK,OAAA,EAAS,sBAAA,EAAuB;AAAA,MAChD;AAAA,KACF;AAGA,IAAA,cAAA,CAAe,CAAA,EAAG,WAAW,IAAA,CAAK,OAAA,CAAQ,MAAM,GAAG,CAAC,QAAQ,CAAA,GAAI;AAAA,MAC9D,IAAA,EAAM,IAAI,iBAAA,CAAkB;AAAA,QAC1B,MAAM,CAAA,EAAG,UAAA,CAAW,KAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAC,CAAA,cAAA,CAAA;AAAA,QAC3C,MAAA,EAAQ;AAAA,UACN,GAAA,EAAK,EAAE,IAAA,EAAK;AAAA,UACZ,OAAA,EAAS,EAAE,IAAA,EAAM,aAAA;AAAc;AACjC,OACD,CAAA;AAAA,MACD,IAAA,EAAM;AAAA,QACJ,IAAI,EAAE,IAAA,EAAM,IAAI,cAAA,CAAe,aAAa,CAAA;AAAE,OAChD;AAAA,MACA,OAAA,EAAS,OAAO,CAAA,EAAQ,IAAA,EAAW,OAAA,KAAiB;AAClD,QAAA,MAAM,MAAA,GAAS,MAAM,kBAAA,CAAmB,UAAA,EAAY,QAAA,EAAU;AAAA,UAC5D,IAAA;AAAA,UACA,GAAA;AAAA,UACA,QAAA;AAAA,UACA;AAAA,SACD,CAAA;AACD,QAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,UAAA,MAAM,IAAI,MAAM,8BAA8B,CAAA;AAAA,QAChD;AACA,QAAA,IAAI,QAAA,EAAU;AACZ,UAAA,EAAA,CAAG,gBAAA,CAAiB,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,IAAA,EAAM,EAAA,IAAM,EAAA,EAAI,IAAA,EAAM,MAAM,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,IAAA,KAAS,eAAe,CAAA;AAAA,QAClI;AACA,QAAA,MAAM,GAAA,GAAM,MAAM,EAAA,CAAG,MAAA,CAAO;AAAA,UAC1B,YAAY,UAAA,CAAW,IAAA;AAAA,UACvB,IAAI,IAAA,CAAK,EAAA;AAAA,UACT;AAAA,SACD,CAAA;AAED,QAAA,OAAO,EAAE,GAAA,EAAK,OAAA,EAAS,sBAAA,EAAuB;AAAA,MAChD;AAAA,KACF;AAAA,EACF;AAGA,EAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,IAAA,MAAM,SAAA,GAAY,gBAAA,CAAiB,MAAA,CAAO,IAAI,CAAA;AAC9C,IAAA,IAAI,CAAC,SAAA,EAAW;AAEhB,IAAA,cAAA,CAAe,CAAA,EAAG,OAAO,IAAA,CAAK,OAAA,CAAQ,MAAM,GAAG,CAAC,QAAQ,CAAA,GAAI;AAAA,MAC1D,IAAA,EAAM,IAAI,iBAAA,CAAkB;AAAA,QAC1B,MAAM,CAAA,EAAG,MAAA,CAAO,KAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAC,CAAA,cAAA,CAAA;AAAA,QACvC,MAAA,EAAQ;AAAA,UACN,KAAK,EAAE,IAAA,EAAM,YAAY,MAAA,CAAO,IAAI,KAAK,aAAA,EAAc;AAAA,UACvD,OAAA,EAAS,EAAE,IAAA,EAAM,aAAA;AAAc;AACjC,OACD,CAAA;AAAA,MACD,IAAA,EAAM;AAAA,QACJ,MAAM,EAAE,IAAA,EAAM,IAAI,cAAA,CAAe,SAAS,CAAA;AAAE,OAC9C;AAAA,MACA,OAAA,EAAS,OAAO,CAAA,EAAQ,IAAA,EAAW,OAAA,KAAiB;AAClD,QAAA,MAAM,MAAA,GAAS,MAAM,iBAAA,CAAkB,MAAA,EAAQ,QAAA,EAAU;AAAA,UACvD,IAAA;AAAA,UACA,GAAA;AAAA,UACA;AAAA,SACD,CAAA;AACD,QAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,UAAA,MAAM,IAAI,MAAM,qCAAqC,CAAA;AAAA,QACvD;AACA,QAAA,IAAI,QAAA,EAAU;AACZ,UAAA,EAAA,CAAG,gBAAA,CAAiB,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,IAAA,EAAM,EAAA,IAAM,EAAA,EAAI,IAAA,EAAM,MAAM,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,IAAA,KAAS,eAAe,CAAA;AAAA,QAClI;AAEA,QAAA,MAAM,GAAA,GAAM,MAAM,EAAA,CAAG,OAAA,CAAQ;AAAA,UAC3B,UAAA,EAAY,CAAA,SAAA,EAAY,MAAA,CAAO,IAAI,CAAA,CAAA;AAAA,UACnC,OAAO,EAAC;AAAA,UACR;AAAA,SACD,CAAA;AAED,QAAA,IAAI,MAAA;AACJ,QAAA,IAAI,GAAA,EAAK;AACP,UAAA,MAAA,GAAS,MAAM,GAAG,MAAA,CAAO;AAAA,YACvB,UAAA,EAAY,CAAA,SAAA,EAAY,MAAA,CAAO,IAAI,CAAA,CAAA;AAAA,YACnC,IAAI,GAAA,CAAI,EAAA;AAAA,YACR,MAAM,IAAA,CAAK,IAAA;AAAA,YACX;AAAA,WACD,CAAA;AAAA,QACH,CAAA,MAAO;AACL,UAAA,MAAA,GAAS,MAAM,GAAG,MAAA,CAAO;AAAA,YACvB,UAAA,EAAY,CAAA,SAAA,EAAY,MAAA,CAAO,IAAI,CAAA,CAAA;AAAA,YACnC,MAAM,IAAA,CAAK,IAAA;AAAA,YACX;AAAA,WACD,CAAA;AAAA,QACH;AAEA,QAAA,OAAO,EAAE,GAAA,EAAK,MAAA,EAAQ,OAAA,EAAS,sBAAA,EAAuB;AAAA,MACxD;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,QAAA,GAAW,IAAI,iBAAA,CAAkB;AAAA,IACrC,IAAA,EAAM,UAAA;AAAA,IACN,MAAA,EAAQ;AAAA,GACT,CAAA;AAED,EAAA,OAAO,IAAI,aAAA,CAAc;AAAA,IACvB,KAAA,EAAO,KAAA;AAAA,IACP,QAAA,EAAU;AAAA,GACX,CAAA;AACH;AAMO,SAAS,mBAAA,CACd,QAAA,EACA,EAAA,EACA,OAAA,EAMe;AACf,EAAA,OAAO,kBAAA,CAAmB;AAAA,IACxB,QAAA;AAAA,IACA,EAAA;AAAA,IACA,MAAM,OAAA,EAAS,IAAA;AAAA,IACf,KAAK,OAAA,EAAS,GAAA;AAAA,IACd,UAAU,OAAA,EAAS,QAAA;AAAA,IACnB,QAAQ,OAAA,EAAS;AAAA,GAClB,CAAA;AACH","file":"chunk-L5UKKZQN.js","sourcesContent":["import {\n  GraphQLSchema,\n  GraphQLObjectType,\n  GraphQLString,\n  GraphQLInt,\n  GraphQLBoolean,\n  GraphQLFloat,\n  GraphQLList,\n  GraphQLNonNull,\n  GraphQLInputObjectType,\n  type GraphQLFieldConfig,\n  type GraphQLType,\n} from \"graphql\";\nimport type {\n  CollectionConfig,\n  GlobalConfig,\n  BaseAdapter,\n} from \"../../registry/types.js\";\nimport { Registry } from \"../../registry/index.js\";\nimport type { Field, SelectField } from \"../../fields/types.js\";\nimport { evaluateAccess, type WhereClause } from \"../../access/types.js\";\nimport type { User, Request } from \"../../hooks/types.js\";\nimport type { TenantContext } from \"../../auth/rls/tenant.js\";\nimport { hasApiKeyPermission } from \"../../auth/api-key.js\";\nimport { hasPermission } from \"../../auth/rbac/checker.js\";\n\n// ============================================================================\n// Access Control Helper\n// ============================================================================\n\nasync function checkGraphQLAccess(\n  collection: { access?: any; slug: string },\n  operation: \"read\" | \"create\" | \"update\" | \"delete\",\n  context: { user?: User; req?: Request; tenantID?: string; apiKey?: any },\n): Promise<{ allowed: boolean; extraWhere?: WhereClause }> {\n  const accessRule = collection.access?.[operation];\n\n  // API key permission check\n  if (context.apiKey?.permissions?.length > 0) {\n    const resource = collection.slug;\n    const action = operation === \"read\" ? \"read\" : operation === \"create\" ? \"create\" : \"update\";\n    const permission = `${resource}:${action}`;\n    if (\n      !hasApiKeyPermission(context.apiKey.permissions, permission) &&\n      !hasApiKeyPermission(context.apiKey.permissions, `${resource}:admin`)\n    ) {\n      return { allowed: false };\n    }\n  }\n\n  // RBAC check for authenticated users\n  if (context.user) {\n    const resource = collection.slug;\n    const action = operation === \"read\" ? \"read\" : operation === \"create\" ? \"create\" : operation === \"update\" ? \"update\" : \"delete\";\n    const permission = `${resource}:${action}`;\n    const userHasPermission = hasPermission(\n      { id: context.user.id, email: context.user.email, role: context.user.role } as any,\n      permission,\n    );\n    if (!userHasPermission && !hasPermission(\n      { id: context.user.id, email: context.user.email, role: context.user.role } as any,\n      `${resource}:admin`,\n    )) {\n      if (!accessRule) {\n        return { allowed: false };\n      }\n    }\n  }\n\n  if (!accessRule) {\n    if (!context.user && !context.apiKey) {\n      return { allowed: false };\n    }\n    return { allowed: true };\n  }\n\n  const result = await evaluateAccess(accessRule, {\n    req: context.req!,\n    user: context.user,\n    tenantID: context.tenantID,\n  });\n\n  if (typeof result === \"boolean\") {\n    return { allowed: result };\n  }\n\n  return { allowed: true, extraWhere: result };\n}\n\nasync function checkGlobalAccess(\n  global: { access?: any },\n  operation: \"read\" | \"update\",\n  context: { user?: User; req?: Request; tenantID?: string },\n): Promise<{ allowed: boolean }> {\n  const accessRule = global.access?.[operation];\n\n  if (!accessRule) {\n    if (!context.user) {\n      return { allowed: false };\n    }\n    const userRole = context.user.role;\n    if (userRole === \"super_admin\" || userRole === \"admin\") {\n      return { allowed: true };\n    }\n    return { allowed: false };\n  }\n\n  const result = await evaluateAccess(accessRule, {\n    req: context.req!,\n    user: context.user,\n    tenantID: context.tenantID,\n  });\n\n  if (typeof result === \"boolean\") {\n    return { allowed: result };\n  }\n\n  return { allowed: true };\n}\n\n// ============================================================================\n// Field → GraphQL Type Mapping\n// ============================================================================\n\nfunction fieldToGraphQLType(\n  field: Field,\n  registry: Registry,\n  collectionTypes?: Record<string, GraphQLObjectType>,\n  isInputType = false,\n): GraphQLType {\n  switch (field.type) {\n    case \"text\":\n    case \"email\":\n    case \"password\":\n    case \"textarea\":\n    case \"color\":\n    case \"code\":\n    case \"markdown\":\n    case \"date\":\n    case \"select\":\n    case \"radio\":\n    case \"upload\":\n      return GraphQLString;\n    case \"number\":\n      return field.integer ? GraphQLInt : GraphQLFloat;\n    case \"checkbox\":\n      return GraphQLBoolean;\n    case \"json\":\n    case \"richtext\":\n      return GraphQLString; // JSON as string\n    case \"relationship\":\n      if (typeof field.relationTo === \"string\") {\n        if (isInputType) {\n          return GraphQLString;\n        }\n        if (collectionTypes?.[field.relationTo]) {\n          return collectionTypes[field.relationTo];\n        }\n        const relatedCollection = registry.getCollection(field.relationTo);\n        if (relatedCollection) {\n          return new GraphQLObjectType({\n            name: `${field.relationTo}_ref`,\n            fields: () => ({\n              id: { type: GraphQLString },\n              ...buildFieldsFromCollection(relatedCollection, registry, collectionTypes),\n            }),\n          });\n        }\n      }\n      return GraphQLString;\n    case \"array\":\n      return new GraphQLList(GraphQLString); // Simplified\n    case \"group\":\n      return GraphQLString; // Simplified - JSON string\n    case \"blocks\":\n      return new GraphQLList(GraphQLString); // Simplified\n    case \"row\":\n    case \"collapsible\":\n    case \"tabs\":\n      return GraphQLString;\n    default:\n      return GraphQLString;\n  }\n}\n\nfunction buildFieldsFromCollection(\n  config: CollectionConfig,\n  registry: Registry,\n  collectionTypes?: Record<string, GraphQLObjectType>,\n): Record<string, GraphQLFieldConfig<any, any>> {\n  const fields: Record<string, GraphQLFieldConfig<any, any>> = {};\n\n  for (const field of config.fields) {\n    if (field.name && field.admin?.hidden !== true) {\n      fields[field.name] = {\n        type: field.required\n          ? new GraphQLNonNull(fieldToGraphQLType(field, registry, collectionTypes) as any)\n          : (fieldToGraphQLType(field, registry, collectionTypes) as any),\n        description: field.admin?.description || field.label,\n      };\n    }\n  }\n\n  return fields;\n}\n\n// ============================================================================\n// GraphQL Schema Builder\n// ============================================================================\n\nexport interface GraphQLSchemaOptions {\n  registry: Registry;\n  db: BaseAdapter;\n  user?: User;\n  req?: Request;\n  tenantID?: string;\n  apiKey?: any;\n  settings?: Record<string, any>;\n}\n\nexport function buildGraphQLSchema(\n  options: GraphQLSchemaOptions,\n): GraphQLSchema {\n  const { registry, db, user, req, tenantID, apiKey, settings } = options;\n\n  // Check if GraphQL is disabled in settings\n  const apiAccess = settings?.access?.apiAccess;\n  if (apiAccess?.graphqlEnabled === false) {\n    throw new Error(\"GraphQL API is disabled\");\n  }\n\n  const collections = registry.getCollections();\n  const globals = registry.getGlobals();\n\n  // Build collection types\n  const collectionTypes: Record<string, GraphQLObjectType> = {};\n  const collectionInputTypes: Record<string, GraphQLInputObjectType> = {};\n\n  for (const collection of collections) {\n    // Output type\n    collectionTypes[collection.slug] = new GraphQLObjectType({\n      name: `${collection.slug.replace(/-/g, \"_\")}_type`,\n      fields: () => ({\n        id: { type: GraphQLString },\n        ...buildFieldsFromCollection(collection, registry, collectionTypes),\n        ...(collection.timestamps\n          ? {\n              createdAt: { type: GraphQLString },\n              updatedAt: { type: GraphQLString },\n            }\n          : {}),\n        ...(collection.tenantScoped\n          ? {\n              tenantID: { type: GraphQLString },\n            }\n          : {}),\n      }),\n    });\n\n    // Input type for create/update\n    const inputFields: Record<string, { type: GraphQLType }> = {};\n    for (const field of collection.fields) {\n      if (field.name && field.name !== \"id\") {\n        inputFields[field.name] = {\n          type: fieldToGraphQLType(field, registry, collectionTypes, true) as any,\n        };\n      }\n    }\n\n    collectionInputTypes[collection.slug] = new GraphQLInputObjectType({\n      name: `${collection.slug.replace(/-/g, \"_\")}_input`,\n      fields: () => inputFields as any,\n    });\n  }\n\n  // Build global types and input types\n  const globalTypes: Record<string, GraphQLObjectType> = {};\n  const globalInputTypes: Record<string, GraphQLInputObjectType> = {};\n\n  for (const global of globals) {\n    globalTypes[global.slug] = new GraphQLObjectType({\n      name: `${global.slug.replace(/-/g, \"_\")}_global_type`,\n      fields: () => ({\n        id: { type: GraphQLString },\n        ...buildFieldsFromCollection(\n          { slug: global.slug, fields: global.fields } as CollectionConfig,\n          registry,\n          collectionTypes,\n        ),\n      }),\n    });\n\n    globalInputTypes[global.slug] = new GraphQLInputObjectType({\n      name: `${global.slug.replace(/-/g, \"_\")}_global_input`,\n      fields: () => {\n        const inputFields: Record<string, { type: GraphQLType }> = {};\n        for (const field of global.fields) {\n          if (field.name && field.name !== \"id\") {\n            inputFields[field.name] = {\n              type: fieldToGraphQLType(field, registry, collectionTypes, true) as any,\n            };\n          }\n        }\n        return inputFields as any;\n      },\n    });\n  }\n\n  // Build query type\n  const queryFields: Record<string, GraphQLFieldConfig<any, any>> = {};\n\n  // List queries for each collection\n  for (const collection of collections) {\n    const type = collectionTypes[collection.slug];\n    if (!type) continue;\n\n    // FindMany query\n    queryFields[`${collection.slug.replace(/-/g, \"_\")}Find`] = {\n      type: new GraphQLObjectType({\n        name: `${collection.slug.replace(/-/g, \"_\")}_find_result`,\n        fields: {\n          docs: { type: new GraphQLList(type) },\n          totalDocs: { type: GraphQLInt },\n          page: { type: GraphQLInt },\n          totalPages: { type: GraphQLInt },\n          hasNextPage: { type: GraphQLBoolean },\n          hasPrevPage: { type: GraphQLBoolean },\n        },\n      }),\n      args: {\n        where: { type: GraphQLString },\n        sort: { type: GraphQLString },\n        limit: { type: GraphQLInt },\n        page: { type: GraphQLInt },\n        draft: { type: GraphQLBoolean },\n      },\n      resolve: async (_: any, args: any, context: any) => {\n        const access = await checkGraphQLAccess(collection, \"read\", {\n          user,\n          req,\n          tenantID,\n          apiKey,\n        });\n        if (!access.allowed) {\n          throw new Error(\"Access denied\");\n        }\n\n        if (tenantID) {\n          db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? '', role: user?.role, isSuperAdmin: user?.role === 'super_admin' });\n        }\n\n        let where = {};\n        if (args.where) {\n          try {\n            where = JSON.parse(args.where);\n          } catch {}\n        }\n\n        if (access.extraWhere) {\n          where = { ...where, ...access.extraWhere };\n        }\n\n        const isDraft = args.draft ?? !!user;\n\n        return db.find({\n          collection: collection.slug,\n          where,\n          sort: args.sort,\n          limit: args.limit || 10,\n          page: args.page || 1,\n          tenantID,\n          draft: isDraft,\n        });\n      },\n    };\n\n    // FindByID query\n    queryFields[`${collection.slug.replace(/-/g, \"_\")}FindByID`] = {\n      type,\n      args: {\n        id: { type: new GraphQLNonNull(GraphQLString) },\n        draft: { type: GraphQLBoolean },\n      },\n      resolve: async (_: any, args: any, context: any) => {\n        const access = await checkGraphQLAccess(collection, \"read\", {\n          user,\n          req,\n          tenantID,\n          apiKey,\n        });\n        if (!access.allowed) {\n          throw new Error(\"Access denied\");\n        }\n\n        if (tenantID) {\n          db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? '', role: user?.role, isSuperAdmin: user?.role === 'super_admin' });\n        }\n\n        const isDraft = args.draft ?? !!user;\n        const doc = await db.findByID({\n          collection: collection.slug,\n          id: args.id,\n          tenantID,\n          draft: isDraft,\n        });\n        return doc;\n      },\n    };\n\n    // Count query\n    queryFields[`${collection.slug.replace(/-/g, \"_\")}Count`] = {\n      type: new GraphQLObjectType({\n        name: `${collection.slug.replace(/-/g, \"_\")}_count`,\n        fields: {\n          totalDocs: { type: GraphQLInt },\n        },\n      }),\n      args: {\n        where: { type: GraphQLString },\n      },\n      resolve: async (_: any, args: any, context: any) => {\n        const access = await checkGraphQLAccess(collection, \"read\", {\n          user,\n          req,\n          tenantID,\n          apiKey,\n        });\n        if (!access.allowed) {\n          return { totalDocs: 0 };\n        }\n        let where = {};\n        if (args.where) {\n          try {\n            where = JSON.parse(args.where);\n          } catch {}\n        }\n        const count = await db.count({\n          collection: collection.slug,\n          where,\n          tenantID,\n        });\n        return { totalDocs: count };\n      },\n    };\n  }\n\n  // Global queries\n  for (const global of globals) {\n    const type = globalTypes[global.slug];\n    if (!type) continue;\n\n    queryFields[`${global.slug.replace(/-/g, \"_\")}Get`] = {\n      type,\n      resolve: async () => {\n        const access = await checkGlobalAccess(global, \"read\", {\n          user,\n          req,\n          tenantID,\n        });\n        if (!access.allowed) {\n          throw new Error(\"Access denied: cannot read global\");\n        }\n        if (tenantID) {\n          db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? '', role: user?.role, isSuperAdmin: user?.role === 'super_admin' });\n        }\n        return db.findOne({\n          collection: `_globals_${global.slug}`,\n          where: {},\n          tenantID,\n        });\n      },\n    };\n  }\n\n  const Query = new GraphQLObjectType({\n    name: \"Query\",\n    fields: queryFields,\n  });\n\n  // Build mutation type\n  const mutationFields: Record<string, GraphQLFieldConfig<any, any>> = {};\n\n  for (const collection of collections) {\n    const type = collectionTypes[collection.slug];\n    const inputType = collectionInputTypes[collection.slug];\n    if (!type || !inputType) continue;\n\n    // Create mutation\n    mutationFields[`${collection.slug.replace(/-/g, \"_\")}Create`] = {\n      type: new GraphQLObjectType({\n        name: `${collection.slug.replace(/-/g, \"_\")}_create_result`,\n        fields: {\n          doc: { type },\n          message: { type: GraphQLString },\n        },\n      }),\n      args: {\n        data: { type: new GraphQLNonNull(inputType) },\n      },\n      resolve: async (_: any, args: any, context: any) => {\n        const access = await checkGraphQLAccess(collection, \"create\", {\n          user,\n          req,\n          tenantID,\n          apiKey,\n        });\n        if (!access.allowed) {\n          throw new Error(\"Access denied: cannot create\");\n        }\n        if (tenantID) {\n          db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? '', role: user?.role, isSuperAdmin: user?.role === 'super_admin' });\n        }\n        const schema = registry.getCreateZodSchema(collection.slug);\n\n        const validated = schema.parse(args.data);\n\n        const doc = await db.create({\n          collection: collection.slug,\n          data: validated,\n          tenantID,\n        });\n\n        return { doc, message: \"Created successfully\" };\n      },\n    };\n\n    // Update mutation\n    mutationFields[`${collection.slug.replace(/-/g, \"_\")}Update`] = {\n      type: new GraphQLObjectType({\n        name: `${collection.slug.replace(/-/g, \"_\")}_update_result`,\n        fields: {\n          doc: { type },\n          message: { type: GraphQLString },\n        },\n      }),\n      args: {\n        id: { type: new GraphQLNonNull(GraphQLString) },\n        data: { type: new GraphQLNonNull(inputType) },\n        baseUpdatedAt: { type: GraphQLString },\n      },\n      resolve: async (_: any, args: any, context: any) => {\n        const access = await checkGraphQLAccess(collection, \"update\", {\n          user,\n          req,\n          tenantID,\n          apiKey,\n        });\n        if (!access.allowed) {\n          throw new Error(\"Access denied: cannot update\");\n        }\n        if (tenantID) {\n          db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? '', role: user?.role, isSuperAdmin: user?.role === 'super_admin' });\n        }\n\n        // Revision conflict detection\n        if (args.baseUpdatedAt) {\n          const originalDoc = await db.findByID<Record<string, any>>({\n            collection: collection.slug,\n            id: args.id,\n            tenantID,\n            draft: true,\n          });\n          if (originalDoc && originalDoc.updatedAt && args.baseUpdatedAt !== originalDoc.updatedAt) {\n            throw new Error(`Revision conflict: document has changed since ${args.baseUpdatedAt}. Current updatedAt: ${originalDoc.updatedAt}`);\n          }\n        }\n\n        const schema = registry.getUpdateZodSchema(collection.slug);\n\n        const validated = schema.parse(args.data);\n\n        const doc = await db.update({\n          collection: collection.slug,\n          id: args.id,\n          data: validated,\n          tenantID,\n        });\n\n        return { doc, message: \"Updated successfully\" };\n      },\n    };\n\n    // Delete mutation\n    mutationFields[`${collection.slug.replace(/-/g, \"_\")}Delete`] = {\n      type: new GraphQLObjectType({\n        name: `${collection.slug.replace(/-/g, \"_\")}_delete_result`,\n        fields: {\n          doc: { type },\n          message: { type: GraphQLString },\n        },\n      }),\n      args: {\n        id: { type: new GraphQLNonNull(GraphQLString) },\n      },\n      resolve: async (_: any, args: any, context: any) => {\n        const access = await checkGraphQLAccess(collection, \"delete\", {\n          user,\n          req,\n          tenantID,\n          apiKey,\n        });\n        if (!access.allowed) {\n          throw new Error(\"Access denied: cannot delete\");\n        }\n        if (tenantID) {\n          db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? '', role: user?.role, isSuperAdmin: user?.role === 'super_admin' });\n        }\n        const doc = await db.delete({\n          collection: collection.slug,\n          id: args.id,\n          tenantID,\n        });\n\n        return { doc, message: \"Deleted successfully\" };\n      },\n    };\n  }\n\n  // Global mutations\n  for (const global of globals) {\n    const inputType = globalInputTypes[global.slug];\n    if (!inputType) continue;\n\n    mutationFields[`${global.slug.replace(/-/g, \"_\")}Update`] = {\n      type: new GraphQLObjectType({\n        name: `${global.slug.replace(/-/g, \"_\")}_update_result`,\n        fields: {\n          doc: { type: globalTypes[global.slug] || GraphQLString },\n          message: { type: GraphQLString },\n        },\n      }),\n      args: {\n        data: { type: new GraphQLNonNull(inputType) },\n      },\n      resolve: async (_: any, args: any, context: any) => {\n        const access = await checkGlobalAccess(global, \"update\", {\n          user,\n          req,\n          tenantID,\n        });\n        if (!access.allowed) {\n          throw new Error(\"Access denied: cannot update global\");\n        }\n        if (tenantID) {\n          db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? '', role: user?.role, isSuperAdmin: user?.role === 'super_admin' });\n        }\n\n        const doc = await db.findOne({\n          collection: `_globals_${global.slug}`,\n          where: {},\n          tenantID,\n        });\n\n        let result;\n        if (doc) {\n          result = await db.update({\n            collection: `_globals_${global.slug}`,\n            id: doc.id,\n            data: args.data,\n            tenantID,\n          });\n        } else {\n          result = await db.create({\n            collection: `_globals_${global.slug}`,\n            data: args.data,\n            tenantID,\n          });\n        }\n\n        return { doc: result, message: \"Updated successfully\" };\n      },\n    };\n  }\n\n  const Mutation = new GraphQLObjectType({\n    name: \"Mutation\",\n    fields: mutationFields,\n  });\n\n  return new GraphQLSchema({\n    query: Query,\n    mutation: Mutation,\n  });\n}\n\n// ============================================================================\n// Factory\n// ============================================================================\n\nexport function createGraphQLSchema(\n  registry: Registry,\n  db: BaseAdapter,\n  options?: {\n    user?: User;\n    req?: Request;\n    tenantID?: string;\n    apiKey?: any;\n  },\n): GraphQLSchema {\n  return buildGraphQLSchema({\n    registry,\n    db,\n    user: options?.user,\n    req: options?.req,\n    tenantID: options?.tenantID,\n    apiKey: options?.apiKey,\n  });\n}\n"]}

package/dist/chunk-NKPKR5BW.cjs

@@ -0,0 +1,188 @@
+'use strict';
+
+// src/auth/rbac/roles.ts
+var DEFAULT_ROLES = [
+  {
+    name: "super_admin",
+    level: 100,
+    inherits: [],
+    description: "Full system access across all tenants"
+  },
+  {
+    name: "admin",
+    level: 90,
+    inherits: ["editor"],
+    description: "Full tenant access with all content permissions"
+  },
+  {
+    name: "editor",
+    level: 70,
+    inherits: ["author"],
+    description: "Edit and publish all content"
+  },
+  {
+    name: "author",
+    level: 50,
+    inherits: ["customer"],
+    description: "Create and edit own content"
+  },
+  {
+    name: "customer",
+    level: 30,
+    inherits: [],
+    description: "Access own data and make purchases"
+  },
+  {
+    name: "guest",
+    level: 10,
+    inherits: [],
+    description: "Public read-only access"
+  }
+];
+var ROLE_PERMISSIONS = {
+  super_admin: ["*"],
+  admin: [
+    "users:admin",
+    "users:read",
+    "users:update",
+    "audit_logs:read",
+    "posts:admin",
+    "posts:read",
+    "posts:create",
+    "posts:update",
+    "posts:delete",
+    "pages:admin",
+    "pages:read",
+    "pages:create",
+    "pages:update",
+    "pages:delete",
+    "media:admin",
+    "media:read",
+    "media:create",
+    "media:update",
+    "media:delete",
+    "categories:admin",
+    "categories:read",
+    "categories:create",
+    "categories:update",
+    "categories:delete",
+    "products:admin",
+    "products:read",
+    "products:create",
+    "products:update",
+    "products:delete",
+    "orders:admin",
+    "orders:read",
+    "orders:update",
+    "customers:admin",
+    "customers:read",
+    "customers:update",
+    "coupons:admin",
+    "coupons:read",
+    "coupons:create",
+    "coupons:update",
+    "coupons:delete",
+    "navigation:admin",
+    "navigation:read",
+    "navigation:create",
+    "navigation:update",
+    "navigation:delete",
+    "settings:admin",
+    "settings:read",
+    "settings:update",
+    "profile:admin",
+    "profile:read",
+    "profile:update"
+  ],
+  editor: [
+    "posts:admin",
+    "posts:read",
+    "posts:create",
+    "posts:update",
+    "posts:delete",
+    "pages:admin",
+    "pages:read",
+    "pages:create",
+    "pages:update",
+    "pages:delete",
+    "media:read",
+    "media:create",
+    "media:update",
+    "categories:read",
+    "categories:create",
+    "categories:update",
+    "products:read",
+    "orders:read",
+    "orders:update",
+    "navigation:read",
+    "navigation:create",
+    "navigation:update",
+    "profile:read",
+    "profile:update"
+  ],
+  author: [
+    "posts:read",
+    "posts:create",
+    "posts:update",
+    "media:read",
+    "media:create",
+    "categories:read",
+    "profile:read",
+    "profile:update"
+  ],
+  customer: ["profile:read", "profile:update", "orders:read", "orders:create"],
+  guest: ["posts:read", "pages:read", "products:read"]
+};
+function getRoleHierarchy(role, roles = DEFAULT_ROLES) {
+  const hierarchy = [role];
+  const roleMap = new Map(roles.map((r) => [r.name, r]));
+  const addInherited = (r) => {
+    const roleData = roleMap.get(r);
+    if (roleData && roleData.inherits) {
+      for (const inherited of roleData.inherits) {
+        if (!hierarchy.includes(inherited)) {
+          hierarchy.push(inherited);
+          addInherited(inherited);
+        }
+      }
+    }
+  };
+  addInherited(role);
+  return hierarchy;
+}
+
+// src/auth/rbac/checker.ts
+function hasPermission(user, permission, rolePermissions = ROLE_PERMISSIONS) {
+  if (!user || !user.role) return false;
+  const userPermissions = getUserPermissions(user, rolePermissions);
+  if (userPermissions.includes("*")) return true;
+  if (userPermissions.includes(permission)) return true;
+  const [resource, action] = permission.split(":");
+  if (userPermissions.includes(`${resource}:*`)) return true;
+  if (userPermissions.includes(`${resource}:admin`)) return true;
+  return false;
+}
+function hasAnyRole(user, checkRoles) {
+  if (!user || !user.role) return false;
+  const hierarchy = getRoleHierarchy(user.role);
+  return checkRoles.some((role) => hierarchy.includes(role));
+}
+function getUserPermissions(user, rolePermissions = ROLE_PERMISSIONS) {
+  if (!user || !user.role) return [];
+  const hierarchy = getRoleHierarchy(user.role);
+  const permissions = /* @__PURE__ */ new Set();
+  for (const role of hierarchy) {
+    const rolePerms = rolePermissions[role];
+    if (rolePerms) {
+      for (const perm of rolePerms) {
+        permissions.add(perm);
+      }
+    }
+  }
+  return Array.from(permissions);
+}
+
+exports.hasAnyRole = hasAnyRole;
+exports.hasPermission = hasPermission;
+//# sourceMappingURL=chunk-NKPKR5BW.cjs.map
+//# sourceMappingURL=chunk-NKPKR5BW.cjs.map

package/dist/chunk-NKPKR5BW.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/auth/rbac/roles.ts","../src/auth/rbac/checker.ts"],"names":[],"mappings":";;;AAmCO,IAAM,aAAA,GAAwB;AAAA,EACnC;AAAA,IACE,IAAA,EAAM,aAAA;AAAA,IACN,KAAA,EAAO,GAAA;AAAA,IACP,UAAU,EAAC;AAAA,IACX,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,IAAA,EAAM,OAAA;AAAA,IACN,KAAA,EAAO,EAAA;AAAA,IACP,QAAA,EAAU,CAAC,QAAQ,CAAA;AAAA,IACnB,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,IAAA,EAAM,QAAA;AAAA,IACN,KAAA,EAAO,EAAA;AAAA,IACP,QAAA,EAAU,CAAC,QAAQ,CAAA;AAAA,IACnB,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,IAAA,EAAM,QAAA;AAAA,IACN,KAAA,EAAO,EAAA;AAAA,IACP,QAAA,EAAU,CAAC,UAAU,CAAA;AAAA,IACrB,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,IAAA,EAAM,UAAA;AAAA,IACN,KAAA,EAAO,EAAA;AAAA,IACP,UAAU,EAAC;AAAA,IACX,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,IAAA,EAAM,OAAA;AAAA,IACN,KAAA,EAAO,EAAA;AAAA,IACP,UAAU,EAAC;AAAA,IACX,WAAA,EAAa;AAAA;AAEjB,CAAA;AA2EO,IAAM,gBAAA,GAA6C;AAAA,EACxD,WAAA,EAAa,CAAC,GAAG,CAAA;AAAA,EAEjB,KAAA,EAAO;AAAA,IACL,aAAA;AAAA,IACA,YAAA;AAAA,IACA,cAAA;AAAA,IACA,iBAAA;AAAA,IACA,aAAA;AAAA,IACA,YAAA;AAAA,IACA,cAAA;AAAA,IACA,cAAA;AAAA,IACA,cAAA;AAAA,IACA,aAAA;AAAA,IACA,YAAA;AAAA,IACA,cAAA;AAAA,IACA,cAAA;AAAA,IACA,cAAA;AAAA,IACA,aAAA;AAAA,IACA,YAAA;AAAA,IACA,cAAA;AAAA,IACA,cAAA;AAAA,IACA,cAAA;AAAA,IACA,kBAAA;AAAA,IACA,iBAAA;AAAA,IACA,mBAAA;AAAA,IACA,mBAAA;AAAA,IACA,mBAAA;AAAA,IACA,gBAAA;AAAA,IACA,eAAA;AAAA,IACA,iBAAA;AAAA,IACA,iBAAA;AAAA,IACA,iBAAA;AAAA,IACA,cAAA;AAAA,IACA,aAAA;AAAA,IACA,eAAA;AAAA,IACA,iBAAA;AAAA,IACA,gBAAA;AAAA,IACA,kBAAA;AAAA,IACA,eAAA;AAAA,IACA,cAAA;AAAA,IACA,gBAAA;AAAA,IACA,gBAAA;AAAA,IACA,gBAAA;AAAA,IACA,kBAAA;AAAA,IACA,iBAAA;AAAA,IACA,mBAAA;AAAA,IACA,mBAAA;AAAA,IACA,mBAAA;AAAA,IACA,gBAAA;AAAA,IACA,eAAA;AAAA,IACA,iBAAA;AAAA,IACA,eAAA;AAAA,IACA,cAAA;AAAA,IACA;AAAA,GACF;AAAA,EAEA,MAAA,EAAQ;AAAA,IACN,aAAA;AAAA,IACA,YAAA;AAAA,IACA,cAAA;AAAA,IACA,cAAA;AAAA,IACA,cAAA;AAAA,IACA,aAAA;AAAA,IACA,YAAA;AAAA,IACA,cAAA;AAAA,IACA,cAAA;AAAA,IACA,cAAA;AAAA,IACA,YAAA;AAAA,IACA,cAAA;AAAA,IACA,cAAA;AAAA,IACA,iBAAA;AAAA,IACA,mBAAA;AAAA,IACA,mBAAA;AAAA,IACA,eAAA;AAAA,IACA,aAAA;AAAA,IACA,eAAA;AAAA,IACA,iBAAA;AAAA,IACA,mBAAA;AAAA,IACA,mBAAA;AAAA,IACA,cAAA;AAAA,IACA;AAAA,GACF;AAAA,EAEA,MAAA,EAAQ;AAAA,IACN,YAAA;AAAA,IACA,cAAA;AAAA,IACA,cAAA;AAAA,IACA,YAAA;AAAA,IACA,cAAA;AAAA,IACA,iBAAA;AAAA,IACA,cAAA;AAAA,IACA;AAAA,GACF;AAAA,EAEA,QAAA,EAAU,CAAC,cAAA,EAAgB,gBAAA,EAAkB,eAAe,eAAe,CAAA;AAAA,EAE3E,KAAA,EAAO,CAAC,YAAA,EAAc,YAAA,EAAc,eAAe;AACrD,CAAA;AAEO,SAAS,gBAAA,CACd,IAAA,EACA,KAAA,GAAgB,aAAA,EACN;AACV,EAAA,MAAM,SAAA,GAAsB,CAAC,IAAI,CAAA;AACjC,EAAA,MAAM,OAAA,GAAU,IAAI,GAAA,CAAI,KAAA,CAAM,GAAA,CAAI,CAAC,CAAA,KAAM,CAAC,CAAA,CAAE,IAAA,EAAM,CAAC,CAAC,CAAC,CAAA;AAErD,EAAA,MAAM,YAAA,GAAe,CAAC,CAAA,KAAc;AAClC,IAAA,MAAM,QAAA,GAAW,OAAA,CAAQ,GAAA,CAAI,CAAC,CAAA;AAC9B,IAAA,IAAI,QAAA,IAAY,SAAS,QAAA,EAAU;AACjC,MAAA,KAAA,MAAW,SAAA,IAAa,SAAS,QAAA,EAAU;AACzC,QAAA,IAAI,CAAC,SAAA,CAAU,QAAA,CAAS,SAAS,CAAA,EAAG;AAClC,UAAA,SAAA,CAAU,KAAK,SAAS,CAAA;AACxB,UAAA,YAAA,CAAa,SAAS,CAAA;AAAA,QACxB;AAAA,MACF;AAAA,IACF;AAAA,EACF,CAAA;AAEA,EAAA,YAAA,CAAa,IAAI,CAAA;AACjB,EAAA,OAAO,SAAA;AACT;;;AC3PO,SAAS,aAAA,CACd,IAAA,EACA,UAAA,EACA,eAAA,GAA4C,gBAAA,EACnC;AACT,EAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,IAAA,CAAK,MAAM,OAAO,KAAA;AAEhC,EAAA,MAAM,eAAA,GAAkB,kBAAA,CAAmB,IAAA,EAAM,eAAe,CAAA;AAEhE,EAAA,IAAI,eAAA,CAAgB,QAAA,CAAS,GAAG,CAAA,EAAG,OAAO,IAAA;AAC1C,EAAA,IAAI,eAAA,CAAgB,QAAA,CAAS,UAAU,CAAA,EAAG,OAAO,IAAA;AAEjD,EAAA,MAAM,CAAC,QAAA,EAAU,MAAM,CAAA,GAAI,UAAA,CAAW,MAAM,GAAG,CAAA;AAC/C,EAAA,IAAI,gBAAgB,QAAA,CAAS,CAAA,EAAG,QAAQ,CAAA,EAAA,CAAI,GAAG,OAAO,IAAA;AACtD,EAAA,IAAI,gBAAgB,QAAA,CAAS,CAAA,EAAG,QAAQ,CAAA,MAAA,CAAQ,GAAG,OAAO,IAAA;AAE1D,EAAA,OAAO,KAAA;AACT;AAaO,SAAS,UAAA,CAAW,MAAgB,UAAA,EAA+B;AACxE,EAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,IAAA,CAAK,MAAM,OAAO,KAAA;AAEhC,EAAA,MAAM,SAAA,GAAY,gBAAA,CAAiB,IAAA,CAAK,IAAI,CAAA;AAC5C,EAAA,OAAO,WAAW,IAAA,CAAK,CAAC,SAAS,SAAA,CAAU,QAAA,CAAS,IAAI,CAAC,CAAA;AAC3D;AASO,SAAS,kBAAA,CACd,IAAA,EACA,eAAA,GAA4C,gBAAA,EAClC;AACV,EAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,IAAA,CAAK,IAAA,SAAa,EAAC;AAEjC,EAAA,MAAM,SAAA,GAAY,gBAAA,CAAiB,IAAA,CAAK,IAAI,CAAA;AAC5C,EAAA,MAAM,WAAA,uBAAkB,GAAA,EAAY;AAEpC,EAAA,KAAA,MAAW,QAAQ,SAAA,EAAW;AAC5B,IAAA,MAAM,SAAA,GAAY,gBAAgB,IAAI,CAAA;AACtC,IAAA,IAAI,SAAA,EAAW;AACb,MAAA,KAAA,MAAW,QAAQ,SAAA,EAAW;AAC5B,QAAA,WAAA,CAAY,IAAI,IAAI,CAAA;AAAA,MACtB;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,KAAA,CAAM,KAAK,WAAW,CAAA;AAC/B","file":"chunk-NKPKR5BW.cjs","sourcesContent":["export interface Role {\n  name: string;\n  level: number;\n  inherits: string[];\n  description: string;\n  createdAt?: string;\n  updatedAt?: string;\n}\n\nexport interface Permission {\n  resource: string;\n  action: \"create\" | \"read\" | \"update\" | \"delete\" | \"admin\";\n  conditions?: Condition[];\n}\n\nexport interface Condition {\n  field: string;\n  operator:\n    | \"eq\"\n    | \"neq\"\n    | \"in\"\n    | \"nin\"\n    | \"gt\"\n    | \"lt\"\n    | \"gte\"\n    | \"lte\"\n    | \"contains\";\n  value: any;\n}\n\nexport interface RolePermission {\n  role: string;\n  permissions: Permission[];\n}\n\nexport const DEFAULT_ROLES: Role[] = [\n  {\n    name: \"super_admin\",\n    level: 100,\n    inherits: [],\n    description: \"Full system access across all tenants\",\n  },\n  {\n    name: \"admin\",\n    level: 90,\n    inherits: [\"editor\"],\n    description: \"Full tenant access with all content permissions\",\n  },\n  {\n    name: \"editor\",\n    level: 70,\n    inherits: [\"author\"],\n    description: \"Edit and publish all content\",\n  },\n  {\n    name: \"author\",\n    level: 50,\n    inherits: [\"customer\"],\n    description: \"Create and edit own content\",\n  },\n  {\n    name: \"customer\",\n    level: 30,\n    inherits: [],\n    description: \"Access own data and make purchases\",\n  },\n  {\n    name: \"guest\",\n    level: 10,\n    inherits: [],\n    description: \"Public read-only access\",\n  },\n];\n\nexport const DEFAULT_PERMISSIONS: Permission[] = [\n  { resource: \"users\", action: \"admin\" },\n  { resource: \"users\", action: \"read\" },\n  { resource: \"users\", action: \"create\" },\n  { resource: \"users\", action: \"update\" },\n  { resource: \"users\", action: \"delete\" },\n\n  { resource: \"audit_logs\", action: \"admin\" },\n  { resource: \"audit_logs\", action: \"read\" },\n\n  { resource: \"posts\", action: \"admin\" },\n  { resource: \"posts\", action: \"read\" },\n  { resource: \"posts\", action: \"create\" },\n  { resource: \"posts\", action: \"update\" },\n  { resource: \"posts\", action: \"delete\" },\n\n  { resource: \"pages\", action: \"admin\" },\n  { resource: \"pages\", action: \"read\" },\n  { resource: \"pages\", action: \"create\" },\n  { resource: \"pages\", action: \"update\" },\n  { resource: \"pages\", action: \"delete\" },\n\n  { resource: \"media\", action: \"admin\" },\n  { resource: \"media\", action: \"read\" },\n  { resource: \"media\", action: \"create\" },\n  { resource: \"media\", action: \"update\" },\n  { resource: \"media\", action: \"delete\" },\n\n  { resource: \"categories\", action: \"admin\" },\n  { resource: \"categories\", action: \"read\" },\n  { resource: \"categories\", action: \"create\" },\n  { resource: \"categories\", action: \"update\" },\n  { resource: \"categories\", action: \"delete\" },\n\n  { resource: \"products\", action: \"admin\" },\n  { resource: \"products\", action: \"read\" },\n  { resource: \"products\", action: \"create\" },\n  { resource: \"products\", action: \"update\" },\n  { resource: \"products\", action: \"delete\" },\n\n  { resource: \"orders\", action: \"admin\" },\n  { resource: \"orders\", action: \"read\" },\n  { resource: \"orders\", action: \"create\" },\n  { resource: \"orders\", action: \"update\" },\n  { resource: \"orders\", action: \"delete\" },\n\n  { resource: \"customers\", action: \"admin\" },\n  { resource: \"customers\", action: \"read\" },\n  { resource: \"customers\", action: \"create\" },\n  { resource: \"customers\", action: \"update\" },\n  { resource: \"customers\", action: \"delete\" },\n\n  { resource: \"coupons\", action: \"admin\" },\n  { resource: \"coupons\", action: \"read\" },\n  { resource: \"coupons\", action: \"create\" },\n  { resource: \"coupons\", action: \"update\" },\n  { resource: \"coupons\", action: \"delete\" },\n\n  { resource: \"menu\", action: \"admin\" },\n  { resource: \"menu\", action: \"read\" },\n  { resource: \"menu\", action: \"create\" },\n  { resource: \"menu\", action: \"update\" },\n  { resource: \"menu\", action: \"delete\" },\n\n  { resource: \"settings\", action: \"admin\" },\n  { resource: \"settings\", action: \"read\" },\n  { resource: \"settings\", action: \"update\" },\n\n  { resource: \"profile\", action: \"admin\" },\n  { resource: \"profile\", action: \"read\" },\n  { resource: \"profile\", action: \"update\" },\n];\n\nexport const ROLE_PERMISSIONS: Record<string, string[]> = {\n  super_admin: [\"*\"],\n\n  admin: [\n    \"users:admin\",\n    \"users:read\",\n    \"users:update\",\n    \"audit_logs:read\",\n    \"posts:admin\",\n    \"posts:read\",\n    \"posts:create\",\n    \"posts:update\",\n    \"posts:delete\",\n    \"pages:admin\",\n    \"pages:read\",\n    \"pages:create\",\n    \"pages:update\",\n    \"pages:delete\",\n    \"media:admin\",\n    \"media:read\",\n    \"media:create\",\n    \"media:update\",\n    \"media:delete\",\n    \"categories:admin\",\n    \"categories:read\",\n    \"categories:create\",\n    \"categories:update\",\n    \"categories:delete\",\n    \"products:admin\",\n    \"products:read\",\n    \"products:create\",\n    \"products:update\",\n    \"products:delete\",\n    \"orders:admin\",\n    \"orders:read\",\n    \"orders:update\",\n    \"customers:admin\",\n    \"customers:read\",\n    \"customers:update\",\n    \"coupons:admin\",\n    \"coupons:read\",\n    \"coupons:create\",\n    \"coupons:update\",\n    \"coupons:delete\",\n    \"navigation:admin\",\n    \"navigation:read\",\n    \"navigation:create\",\n    \"navigation:update\",\n    \"navigation:delete\",\n    \"settings:admin\",\n    \"settings:read\",\n    \"settings:update\",\n    \"profile:admin\",\n    \"profile:read\",\n    \"profile:update\",\n  ],\n\n  editor: [\n    \"posts:admin\",\n    \"posts:read\",\n    \"posts:create\",\n    \"posts:update\",\n    \"posts:delete\",\n    \"pages:admin\",\n    \"pages:read\",\n    \"pages:create\",\n    \"pages:update\",\n    \"pages:delete\",\n    \"media:read\",\n    \"media:create\",\n    \"media:update\",\n    \"categories:read\",\n    \"categories:create\",\n    \"categories:update\",\n    \"products:read\",\n    \"orders:read\",\n    \"orders:update\",\n    \"navigation:read\",\n    \"navigation:create\",\n    \"navigation:update\",\n    \"profile:read\",\n    \"profile:update\",\n  ],\n\n  author: [\n    \"posts:read\",\n    \"posts:create\",\n    \"posts:update\",\n    \"media:read\",\n    \"media:create\",\n    \"categories:read\",\n    \"profile:read\",\n    \"profile:update\",\n  ],\n\n  customer: [\"profile:read\", \"profile:update\", \"orders:read\", \"orders:create\"],\n\n  guest: [\"posts:read\", \"pages:read\", \"products:read\"],\n};\n\nexport function getRoleHierarchy(\n  role: string,\n  roles: Role[] = DEFAULT_ROLES,\n): string[] {\n  const hierarchy: string[] = [role];\n  const roleMap = new Map(roles.map((r) => [r.name, r]));\n\n  const addInherited = (r: string) => {\n    const roleData = roleMap.get(r);\n    if (roleData && roleData.inherits) {\n      for (const inherited of roleData.inherits) {\n        if (!hierarchy.includes(inherited)) {\n          hierarchy.push(inherited);\n          addInherited(inherited);\n        }\n      }\n    }\n  };\n\n  addInherited(role);\n  return hierarchy;\n}\n\nexport function getRoleLevel(\n  role: string,\n  roles: Role[] = DEFAULT_ROLES,\n): number {\n  const roleMap = new Map(roles.map((r) => [r.name, r]));\n  const roleData = roleMap.get(role);\n  return roleData?.level ?? 0;\n}\n\nexport function isRoleHigherOrEqual(\n  role1: string,\n  role2: string,\n  roles: Role[] = DEFAULT_ROLES,\n): boolean {\n  return getRoleLevel(role1, roles) >= getRoleLevel(role2, roles);\n}\n\nexport function canInheritRole(\n  role: string,\n  targetRole: string,\n  roles: Role[] = DEFAULT_ROLES,\n): boolean {\n  const hierarchy = getRoleHierarchy(role, roles);\n  return hierarchy.includes(targetRole);\n}\n","import type { AuthUser } from \"../types.js\";\nimport {\n  ROLE_PERMISSIONS,\n  getRoleHierarchy,\n  type Permission,\n  type Condition,\n} from \"./roles.js\";\n\nexport interface PermissionContext {\n  user: AuthUser;\n  resource?: string;\n  action?: string;\n  doc?: Record<string, any>;\n  data?: Record<string, any>;\n  tenantId?: string;\n}\n\nexport function hasPermission(\n  user: AuthUser,\n  permission: string,\n  rolePermissions: Record<string, string[]> = ROLE_PERMISSIONS,\n): boolean {\n  if (!user || !user.role) return false;\n\n  const userPermissions = getUserPermissions(user, rolePermissions);\n\n  if (userPermissions.includes(\"*\")) return true;\n  if (userPermissions.includes(permission)) return true;\n\n  const [resource, action] = permission.split(\":\");\n  if (userPermissions.includes(`${resource}:*`)) return true;\n  if (userPermissions.includes(`${resource}:admin`)) return true;\n\n  return false;\n}\n\nexport function hasRole(\n  user: AuthUser,\n  role: string,\n  roles: string[] = [],\n): boolean {\n  if (!user || !user.role) return false;\n\n  const hierarchy = getRoleHierarchy(user.role);\n  return hierarchy.includes(role);\n}\n\nexport function hasAnyRole(user: AuthUser, checkRoles: string[]): boolean {\n  if (!user || !user.role) return false;\n\n  const hierarchy = getRoleHierarchy(user.role);\n  return checkRoles.some((role) => hierarchy.includes(role));\n}\n\nexport function hasAllRoles(user: AuthUser, checkRoles: string[]): boolean {\n  if (!user || !user.role) return false;\n\n  const hierarchy = getRoleHierarchy(user.role);\n  return checkRoles.every((role) => hierarchy.includes(role));\n}\n\nexport function getUserPermissions(\n  user: AuthUser,\n  rolePermissions: Record<string, string[]> = ROLE_PERMISSIONS,\n): string[] {\n  if (!user || !user.role) return [];\n\n  const hierarchy = getRoleHierarchy(user.role);\n  const permissions = new Set<string>();\n\n  for (const role of hierarchy) {\n    const rolePerms = rolePermissions[role];\n    if (rolePerms) {\n      for (const perm of rolePerms) {\n        permissions.add(perm);\n      }\n    }\n  }\n\n  return Array.from(permissions);\n}\n\nexport function getEffectivePermissions(\n  user: AuthUser,\n  rolePermissions: Record<string, string[]> = ROLE_PERMISSIONS,\n): string[] {\n  return getUserPermissions(user, rolePermissions);\n}\n\nexport function canAccessResource(\n  user: AuthUser,\n  resource: string,\n  action: string,\n  rolePermissions: Record<string, string[]> = ROLE_PERMISSIONS,\n): boolean {\n  return hasPermission(user, `${resource}:${action}`, rolePermissions);\n}\n\nexport function filterPermissions(\n  permissions: string[],\n  resource?: string,\n): string[] {\n  if (!resource) return permissions;\n\n  return permissions.filter((perm) => {\n    const [permResource] = perm.split(\":\");\n    return permResource === resource || permResource === \"*\";\n  });\n}\n\nexport function parsePermission(permission: string): {\n  resource: string;\n  action: string;\n  condition?: Condition;\n} {\n  const [resource, action, ...rest] = permission.split(\":\");\n  return {\n    resource,\n    action,\n    condition: rest.length > 0 ? JSON.parse(rest.join(\":\")) : undefined,\n  };\n}\n\nexport function buildPermission(\n  resource: string,\n  action: string,\n  condition?: Condition,\n): string {\n  if (condition) {\n    return `${resource}:${action}:${JSON.stringify(condition)}`;\n  }\n  return `${resource}:${action}`;\n}\n\nexport function evaluateCondition(\n  condition: Condition,\n  context: Record<string, any>,\n): boolean {\n  const { field, operator, value } = condition;\n  const fieldValue = context[field];\n\n  if (fieldValue === undefined) return false;\n\n  switch (operator) {\n    case \"eq\":\n      return fieldValue === value;\n    case \"neq\":\n      return fieldValue !== value;\n    case \"in\":\n      return Array.isArray(value) && value.includes(fieldValue);\n    case \"nin\":\n      return Array.isArray(value) && !value.includes(fieldValue);\n    case \"gt\":\n      return fieldValue > value;\n    case \"lt\":\n      return fieldValue < value;\n    case \"gte\":\n      return fieldValue >= value;\n    case \"lte\":\n      return fieldValue <= value;\n    case \"contains\":\n      if (typeof fieldValue === \"string\") {\n        return fieldValue.includes(value);\n      }\n      if (Array.isArray(fieldValue)) {\n        return fieldValue.includes(value);\n      }\n      return false;\n    default:\n      return false;\n  }\n}\n\nexport function evaluateConditions(\n  conditions: Condition[],\n  context: Record<string, any>,\n): boolean {\n  if (!conditions || conditions.length === 0) return true;\n\n  return conditions.every((condition) => evaluateCondition(condition, context));\n}\n\nexport function resolveConditionValue(\n  value: any,\n  context: Record<string, any>,\n): any {\n  if (typeof value !== \"string\") return value;\n\n  if (value.startsWith(\"${\") && value.endsWith(\"}\")) {\n    const path = value.slice(2, -1);\n    const keys = path.split(\".\");\n    let resolved = context;\n\n    for (const key of keys) {\n      if (resolved === undefined || resolved === null) return undefined;\n      resolved = resolved[key];\n    }\n\n    return resolved;\n  }\n\n  return value;\n}\n\nexport function evaluateConditionWithContext(\n  condition: Condition,\n  context: Record<string, any>,\n): boolean {\n  const resolvedCondition = {\n    ...condition,\n    value: resolveConditionValue(condition.value, context),\n  };\n\n  return evaluateCondition(resolvedCondition, context);\n}\n\nexport class PermissionChecker {\n  private rolePermissions: Record<string, string[]>;\n\n  constructor(rolePermissions: Record<string, string[]> = ROLE_PERMISSIONS) {\n    this.rolePermissions = rolePermissions;\n  }\n\n  check(user: AuthUser, permission: string): boolean {\n    return hasPermission(user, permission, this.rolePermissions);\n  }\n\n  checkRole(user: AuthUser, role: string): boolean {\n    return hasRole(user, role);\n  }\n\n  checkAnyRole(user: AuthUser, roles: string[]): boolean {\n    return hasAnyRole(user, roles);\n  }\n\n  checkAllRoles(user: AuthUser, roles: string[]): boolean {\n    return hasAllRoles(user, roles);\n  }\n\n  getPermissions(user: AuthUser): string[] {\n    return getUserPermissions(user, this.rolePermissions);\n  }\n\n  canAccess(user: AuthUser, resource: string, action: string): boolean {\n    return canAccessResource(user, resource, action, this.rolePermissions);\n  }\n\n  filterByResource(permissions: string[], resource: string): string[] {\n    return filterPermissions(permissions, resource);\n  }\n}\n"]}

package/dist/{chunk-Y3QQN7PN.js → chunk-P2HKJ7P5.js}

@@ -1,5 +1,5 @@
-import { PasswordPolicy, EmailTransport } from './chunk-57P6MJKC.js';
-import { SQLiteAuthAdapter } from './chunk-H727JIG7.js';
+import { PasswordPolicy, EmailTransport } from './chunk-TXSZFA4G.js';
+import { SQLiteAuthAdapter } from './chunk-Q72BOAPK.js';
 
 // src/auth/bootstrap.ts
 async function bootstrapAdmin(config) {
@@ -109,6 +109,15 @@ async function autoBootstrap(authAdapter) {
   if (authAdapter) {
     config.authAdapter = authAdapter;
   }
+  try {
+    await config.authAdapter?.connect?.();
+    const existingUser = await config.authAdapter?.findUserByEmail(config.adminEmail);
+    if (existingUser) {
+      await config.authAdapter?.disconnect?.();
+      return { success: false, error: "Admin user already exists" };
+    }
+  } catch {
+  }
   console.log("Auto-bootstrapping admin user...");
   const result = await bootstrapAdmin(config);
   if (result.success) {
@@ -140,5 +149,5 @@ async function bootstrapWithRetry(config, maxRetries = 3, retryDelayMs = 2e3) {
 }
 
 export { autoBootstrap, bootstrapAdmin, bootstrapWithRetry, checkBootstrapRequired, getBootstrapFromEnv };
-//# sourceMappingURL=chunk-Y3QQN7PN.js.map
-//# sourceMappingURL=chunk-Y3QQN7PN.js.map
+//# sourceMappingURL=chunk-P2HKJ7P5.js.map
+//# sourceMappingURL=chunk-P2HKJ7P5.js.map

package/dist/chunk-P2HKJ7P5.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/auth/bootstrap.ts"],"names":[],"mappings":";;;;AAsBA,eAAsB,eACpB,MAAA,EAC0B;AAC1B,EAAA,MAAM;AAAA,IACJ,UAAA;AAAA,IACA,aAAA;AAAA,IACA,SAAA,GAAY,aAAA;AAAA,IACZ,QAAA;AAAA,IACA,WAAA;AAAA,IACA,gBAAA,GAAmB;AAAA,GACrB,GAAI,MAAA;AAEJ,EAAA,MAAM,WAAA,GACJ,MAAA,CAAO,WAAA,IACP,IAAI,iBAAA,CAAkB;AAAA,IACpB,IAAA,EAAM,OAAO,UAAA,IAAc;AAAA,GAC5B,CAAA;AAEH,EAAA,IAAI;AACF,IAAA,MAAM,YAAY,OAAA,IAAU;AAAA,EAC9B,SAAS,KAAA,EAAO;AACd,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,KAAA,EAAO;AAAA,KACT;AAAA,EACF;AAEA,EAAA,MAAM,cAAA,GAAiB,IAAI,cAAA,EAAe;AAC1C,EAAA,MAAM,kBAAA,GAAqB,cAAA,CAAe,QAAA,CAAS,aAAa,CAAA;AAChE,EAAA,IAAI,CAAC,mBAAmB,KAAA,EAAO;AAC7B,IAAA,MAAM,YAAY,UAAA,IAAa;AAC/B,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,OAAO,CAAA,kBAAA,EAAqB,kBAAA,CAAmB,MAAA,CAAO,IAAA,CAAK,IAAI,CAAC,CAAA;AAAA,KAClE;AAAA,EACF;AAEA,EAAA,MAAM,YAAA,GAAe,MAAM,WAAA,CAAY,eAAA,CAAgB,UAAU,CAAA;AACjE,EAAA,IAAI,YAAA,EAAc;AAChB,IAAA,MAAM,YAAY,UAAA,IAAa;AAC/B,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,KAAA,EAAO;AAAA,KACT;AAAA,EACF;AAEA,EAAA,IAAI;AACF,IAAA,MAAM,IAAA,GAAO,MAAM,WAAA,CAAY,UAAA,CAAW;AAAA,MACxC,KAAA,EAAO,UAAA;AAAA,MACP,QAAA,EAAU,aAAA;AAAA,MACV,MAAO,SAAA,IAA0B,OAAA;AAAA,MACjC;AAAA,KACD,CAAA;AAED,IAAA,IAAI,oBAAoB,WAAA,EAAa;AACnC,MAAA,MAAM,cAAA,GAAiB,IAAI,cAAA,CAAe,WAAW,CAAA;AACrD,MAAA,MAAM,SAAA,GAAY,eAAe,YAAA,EAAa;AAC9C,MAAA,MAAM,eAAA,GAAkB,UAAU,OAAA,CAAQ,UAAA,CAAW,MAAM,GAAG,CAAA,CAAE,CAAC,CAAC,CAAA;AAClE,MAAA,MAAM,eAAe,IAAA,CAAK;AAAA,QACxB,EAAA,EAAI,UAAA;AAAA,QACJ,GAAG;AAAA,OACJ,CAAA;AAAA,IACH;AAEA,IAAA,MAAM,YAAY,UAAA,IAAa;AAC/B,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,IAAA;AAAA,MACT;AAAA,KACF;AAAA,EACF,SAAS,KAAA,EAAO;AACd,IAAA,MAAM,YAAY,UAAA,IAAa;AAC/B,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,KAAA,EACE,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU;AAAA,KAC7C;AAAA,EACF;AACF;AAEA,eAAsB,sBAAA,CACpB,aACA,UAAA,EACkB;AAClB,EAAA,MAAM,YAAA,GAAe,MAAM,WAAA,CAAY,eAAA,CAAgB,UAAU,CAAA;AACjE,EAAA,OAAO,CAAC,YAAA;AACV;AAEO,SAAS,mBAAA,GAA8C;AAC5D,EAAA,MAAM,KAAA,GAAQ,QAAQ,GAAA,CAAI,gBAAA;AAC1B,EAAA,MAAM,QAAA,GAAW,QAAQ,GAAA,CAAI,mBAAA;AAE7B,EAAA,IAAI,CAAC,KAAA,IAAS,CAAC,QAAA,EAAU;AACvB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAO;AAAA,IACL,UAAA,EAAY,OAAA,CAAQ,GAAA,CAAI,iBAAA,IAAqB,gBAAA;AAAA,IAC7C,UAAA,EAAY,KAAA;AAAA,IACZ,aAAA,EAAe,QAAA;AAAA,IACf,SAAA,EAAW,OAAA,CAAQ,GAAA,CAAI,eAAA,IAAmB,aAAA;AAAA,IAC1C,QAAA,EAAU,QAAQ,GAAA,CAAI,oBAAA;AAAA,IACtB,WAAA,EAAa,OAAA,CAAQ,GAAA,CAAI,SAAA,GACrB;AAAA,MACE,QAAA,EAAU,MAAA;AAAA,MACV,IAAA,EAAM;AAAA,QACJ,IAAA,EAAM,QAAQ,GAAA,CAAI,SAAA;AAAA,QAClB,MAAM,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,SAAA,IAAa,OAAO,EAAE,CAAA;AAAA,QACjD,MAAA,EAAQ,OAAA,CAAQ,GAAA,CAAI,WAAA,KAAgB,MAAA;AAAA,QACpC,IAAA,EAAM;AAAA,UACJ,IAAA,EAAM,OAAA,CAAQ,GAAA,CAAI,SAAA,IAAa,EAAA;AAAA,UAC/B,IAAA,EAAM,OAAA,CAAQ,GAAA,CAAI,SAAA,IAAa;AAAA;AACjC,OACF;AAAA,MACA,IAAA,EAAM,OAAA,CAAQ,GAAA,CAAI,SAAA,IAAa,qBAAA;AAAA,MAC/B,QAAA,EAAU,QAAQ,GAAA,CAAI;AAAA,KACxB,GACA,MAAA;AAAA,IACJ,gBAAA,EAAkB,OAAA,CAAQ,GAAA,CAAI,uBAAA,KAA4B;AAAA,GAC5D;AACF;AAEA,eAAsB,cACpB,WAAA,EACiC;AACjC,EAAA,MAAM,SAAS,mBAAA,EAAoB;AACnC,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI,WAAA,EAAa;AACf,IAAA,MAAA,CAAO,WAAA,GAAc,WAAA;AAAA,EACvB;AAGA,EAAA,IAAI;AACF,IAAA,MAAM,MAAA,CAAO,aAAa,OAAA,IAAU;AACpC,IAAA,MAAM,eAAe,MAAM,MAAA,CAAO,WAAA,EAAa,eAAA,CAAgB,OAAO,UAAU,CAAA;AAChF,IAAA,IAAI,YAAA,EAAc;AAChB,MAAA,MAAM,MAAA,CAAO,aAAa,UAAA,IAAa;AACvC,MAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,KAAA,EAAO,2BAAA,EAA4B;AAAA,IAC9D;AAAA,EACF,CAAA,CAAA,MAAQ;AAAA,EAER;AAEA,EAAA,OAAA,CAAQ,IAAI,kCAAkC,CAAA;AAC9C,EAAA,MAAM,MAAA,GAAS,MAAM,cAAA,CAAe,MAAM,CAAA;AAE1C,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAA,CAAQ,GAAA,CAAI,CAAA,oBAAA,EAAuB,MAAA,CAAO,UAAU,CAAA,CAAE,CAAA;AAAA,EACxD,CAAA,MAAO;AACL,IAAA,OAAA,CAAQ,KAAA,CAAM,CAAA,kBAAA,EAAqB,MAAA,CAAO,KAAK,CAAA,CAAE,CAAA;AAAA,EACnD;AAEA,EAAA,OAAO,MAAA;AACT;AAEA,eAAsB,kBAAA,CACpB,MAAA,EACA,UAAA,GAAqB,CAAA,EACrB,eAAuB,GAAA,EACG;AAC1B,EAAA,IAAI,SAAA,GAAoB,EAAA;AAExB,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,UAAA,EAAY,CAAA,EAAA,EAAK;AACnC,IAAA,MAAM,MAAA,GAAS,MAAM,cAAA,CAAe,MAAM,CAAA;AAE1C,IAAA,IAAI,OAAO,OAAA,EAAS;AAClB,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,SAAA,GAAY,OAAO,KAAA,IAAS,eAAA;AAE5B,IAAA,IAAI,SAAA,CAAU,QAAA,CAAS,gBAAgB,CAAA,EAAG;AACxC,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,IAAI,CAAA,GAAI,aAAa,CAAA,EAAG;AACtB,MAAA,MAAM,IAAI,OAAA,CAAQ,CAAC,YAAY,UAAA,CAAW,OAAA,EAAS,YAAY,CAAC,CAAA;AAAA,IAClE;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,OAAA,EAAS,KAAA;AAAA,IACT,KAAA,EAAO,CAAA,aAAA,EAAgB,UAAU,CAAA,UAAA,EAAa,SAAS,CAAA;AAAA,GACzD;AACF","file":"chunk-P2HKJ7P5.js","sourcesContent":["import { SQLiteAuthAdapter } from \"./sqlite-adapter.js\";\nimport { EmailTransport, type EmailConfig } from \"./nodemailer-transport.js\";\nimport { PasswordPolicy } from \"./security/password-policy.js\";\nimport type { AuthUser, UserRole, AuthAdapter } from \"./types.js\";\n\nexport interface BootstrapConfig {\n  authAdapter?: AuthAdapter;\n  authDbPath?: string;\n  adminEmail: string;\n  adminPassword: string;\n  adminRole?: string;\n  tenantId?: string;\n  emailConfig?: EmailConfig;\n  sendWelcomeEmail?: boolean;\n}\n\nexport interface BootstrapResult {\n  success: boolean;\n  user?: AuthUser;\n  error?: string;\n}\n\nexport async function bootstrapAdmin(\n  config: BootstrapConfig,\n): Promise<BootstrapResult> {\n  const {\n    adminEmail,\n    adminPassword,\n    adminRole = \"super_admin\",\n    tenantId,\n    emailConfig,\n    sendWelcomeEmail = false,\n  } = config;\n\n  const authAdapter =\n    config.authAdapter ||\n    new SQLiteAuthAdapter({\n      path: config.authDbPath || \"./data/auth.db\",\n    });\n\n  try {\n    await authAdapter.connect?.();\n  } catch (error) {\n    return {\n      success: false,\n      error: \"Failed to connect to auth storage\",\n    };\n  }\n\n  const passwordPolicy = new PasswordPolicy();\n  const passwordValidation = passwordPolicy.validate(adminPassword);\n  if (!passwordValidation.valid) {\n    await authAdapter.disconnect?.();\n    return {\n      success: false,\n      error: `Invalid password: ${passwordValidation.errors.join(\", \")}`,\n    };\n  }\n\n  const existingUser = await authAdapter.findUserByEmail(adminEmail);\n  if (existingUser) {\n    await authAdapter.disconnect?.();\n    return {\n      success: false,\n      error: \"Admin user already exists\",\n    };\n  }\n\n  try {\n    const user = await authAdapter.createUser({\n      email: adminEmail,\n      password: adminPassword,\n      role: (adminRole as UserRole) || \"admin\",\n      tenantId,\n    });\n\n    if (sendWelcomeEmail && emailConfig) {\n      const emailTransport = new EmailTransport(emailConfig);\n      const templates = emailTransport.getTemplates();\n      const welcomeTemplate = templates.welcome(adminEmail.split(\"@\")[0]);\n      await emailTransport.send({\n        to: adminEmail,\n        ...welcomeTemplate,\n      });\n    }\n\n    await authAdapter.disconnect?.();\n    return {\n      success: true,\n      user,\n    };\n  } catch (error) {\n    await authAdapter.disconnect?.();\n    return {\n      success: false,\n      error:\n        error instanceof Error ? error.message : \"Failed to create admin user\",\n    };\n  }\n}\n\nexport async function checkBootstrapRequired(\n  authAdapter: AuthAdapter,\n  adminEmail: string,\n): Promise<boolean> {\n  const existingUser = await authAdapter.findUserByEmail(adminEmail);\n  return !existingUser;\n}\n\nexport function getBootstrapFromEnv(): BootstrapConfig | null {\n  const email = process.env.KYRO_ADMIN_EMAIL;\n  const password = process.env.KYRO_ADMIN_PASSWORD;\n\n  if (!email || !password) {\n    return null;\n  }\n\n  return {\n    authDbPath: process.env.KYRO_AUTH_DB_PATH || \"./data/auth.db\",\n    adminEmail: email,\n    adminPassword: password,\n    adminRole: process.env.KYRO_ADMIN_ROLE || \"super_admin\",\n    tenantId: process.env.KYRO_ADMIN_TENANT_ID,\n    emailConfig: process.env.SMTP_HOST\n      ? {\n          provider: \"smtp\",\n          smtp: {\n            host: process.env.SMTP_HOST,\n            port: parseInt(process.env.SMTP_PORT || \"587\", 10),\n            secure: process.env.SMTP_SECURE === \"true\",\n            auth: {\n              user: process.env.SMTP_USER || \"\",\n              pass: process.env.SMTP_PASS || \"\",\n            },\n          },\n          from: process.env.SMTP_FROM || \"noreply@example.com\",\n          fromName: process.env.SMTP_FROM_NAME,\n        }\n      : undefined,\n    sendWelcomeEmail: process.env.KYRO_ADMIN_SEND_WELCOME === \"true\",\n  };\n}\n\nexport async function autoBootstrap(\n  authAdapter?: AuthAdapter,\n): Promise<BootstrapResult | null> {\n  const config = getBootstrapFromEnv();\n  if (!config) {\n    return null;\n  }\n\n  if (authAdapter) {\n    config.authAdapter = authAdapter;\n  }\n\n  // Check if bootstrap is actually needed before connecting\n  try {\n    await config.authAdapter?.connect?.();\n    const existingUser = await config.authAdapter?.findUserByEmail(config.adminEmail);\n    if (existingUser) {\n      await config.authAdapter?.disconnect?.();\n      return { success: false, error: \"Admin user already exists\" };\n    }\n  } catch {\n    // Connection failed — let bootstrapAdmin handle the error\n  }\n\n  console.log(\"Auto-bootstrapping admin user...\");\n  const result = await bootstrapAdmin(config);\n\n  if (result.success) {\n    console.log(`Admin user created: ${config.adminEmail}`);\n  } else {\n    console.error(`Bootstrap failed: ${result.error}`);\n  }\n\n  return result;\n}\n\nexport async function bootstrapWithRetry(\n  config: BootstrapConfig,\n  maxRetries: number = 3,\n  retryDelayMs: number = 2000,\n): Promise<BootstrapResult> {\n  let lastError: string = \"\";\n\n  for (let i = 0; i < maxRetries; i++) {\n    const result = await bootstrapAdmin(config);\n\n    if (result.success) {\n      return result;\n    }\n\n    lastError = result.error || \"Unknown error\";\n\n    if (lastError.includes(\"already exists\")) {\n      return result;\n    }\n\n    if (i < maxRetries - 1) {\n      await new Promise((resolve) => setTimeout(resolve, retryDelayMs));\n    }\n  }\n\n  return {\n    success: false,\n    error: `Failed after ${maxRetries} retries: ${lastError}`,\n  };\n}\n"]}

package/dist/{chunk-SA7NSSIQ.cjs → chunk-PI73NNOK.cjs}

@@ -1,10 +1,19 @@
 'use strict';
 
+var chunkNKPKR5BW_cjs = require('./chunk-NKPKR5BW.cjs');
+
 // src/database/base.ts
 var AbstractBaseAdapter = class {
   collections = /* @__PURE__ */ new Map();
   globals = /* @__PURE__ */ new Map();
   connected = false;
+  tenantContext;
+  setTenantContext(context) {
+    this.tenantContext = context;
+  }
+  getTenantContext() {
+    return this.tenantContext;
+  }
   async init(collections, globals = []) {
     for (const config of collections) {
       this.collections.set(config.slug, config);
@@ -112,188 +121,6 @@ var AbstractBaseAdapter = class {
   }
 };
 
-// src/auth/rbac/roles.ts
-var DEFAULT_ROLES = [
-  {
-    name: "super_admin",
-    level: 100,
-    inherits: [],
-    description: "Full system access across all tenants"
-  },
-  {
-    name: "admin",
-    level: 90,
-    inherits: ["editor"],
-    description: "Full tenant access with all content permissions"
-  },
-  {
-    name: "editor",
-    level: 70,
-    inherits: ["author"],
-    description: "Edit and publish all content"
-  },
-  {
-    name: "author",
-    level: 50,
-    inherits: ["customer"],
-    description: "Create and edit own content"
-  },
-  {
-    name: "customer",
-    level: 30,
-    inherits: [],
-    description: "Access own data and make purchases"
-  },
-  {
-    name: "guest",
-    level: 10,
-    inherits: [],
-    description: "Public read-only access"
-  }
-];
-var ROLE_PERMISSIONS = {
-  super_admin: ["*"],
-  admin: [
-    "users:admin",
-    "users:read",
-    "users:update",
-    "audit_logs:read",
-    "posts:admin",
-    "posts:read",
-    "posts:create",
-    "posts:update",
-    "posts:delete",
-    "pages:admin",
-    "pages:read",
-    "pages:create",
-    "pages:update",
-    "pages:delete",
-    "media:admin",
-    "media:read",
-    "media:create",
-    "media:update",
-    "media:delete",
-    "categories:admin",
-    "categories:read",
-    "categories:create",
-    "categories:update",
-    "categories:delete",
-    "products:admin",
-    "products:read",
-    "products:create",
-    "products:update",
-    "products:delete",
-    "orders:admin",
-    "orders:read",
-    "orders:update",
-    "customers:admin",
-    "customers:read",
-    "customers:update",
-    "coupons:admin",
-    "coupons:read",
-    "coupons:create",
-    "coupons:update",
-    "coupons:delete",
-    "navigation:admin",
-    "navigation:read",
-    "navigation:create",
-    "navigation:update",
-    "navigation:delete",
-    "settings:admin",
-    "settings:read",
-    "settings:update",
-    "profile:admin",
-    "profile:read",
-    "profile:update"
-  ],
-  editor: [
-    "posts:admin",
-    "posts:read",
-    "posts:create",
-    "posts:update",
-    "posts:delete",
-    "pages:admin",
-    "pages:read",
-    "pages:create",
-    "pages:update",
-    "pages:delete",
-    "media:read",
-    "media:create",
-    "media:update",
-    "categories:read",
-    "categories:create",
-    "categories:update",
-    "products:read",
-    "orders:read",
-    "orders:update",
-    "navigation:read",
-    "navigation:create",
-    "navigation:update",
-    "profile:read",
-    "profile:update"
-  ],
-  author: [
-    "posts:read",
-    "posts:create",
-    "posts:update",
-    "media:read",
-    "media:create",
-    "categories:read",
-    "profile:read",
-    "profile:update"
-  ],
-  customer: ["profile:read", "profile:update", "orders:read", "orders:create"],
-  guest: ["posts:read", "pages:read", "products:read"]
-};
-function getRoleHierarchy(role, roles = DEFAULT_ROLES) {
-  const hierarchy = [role];
-  const roleMap = new Map(roles.map((r) => [r.name, r]));
-  const addInherited = (r) => {
-    const roleData = roleMap.get(r);
-    if (roleData && roleData.inherits) {
-      for (const inherited of roleData.inherits) {
-        if (!hierarchy.includes(inherited)) {
-          hierarchy.push(inherited);
-          addInherited(inherited);
-        }
-      }
-    }
-  };
-  addInherited(role);
-  return hierarchy;
-}
-
-// src/auth/rbac/checker.ts
-function hasPermission(user, permission, rolePermissions = ROLE_PERMISSIONS) {
-  if (!user || !user.role) return false;
-  const userPermissions = getUserPermissions(user, rolePermissions);
-  if (userPermissions.includes("*")) return true;
-  if (userPermissions.includes(permission)) return true;
-  const [resource, action] = permission.split(":");
-  if (userPermissions.includes(`${resource}:*`)) return true;
-  if (userPermissions.includes(`${resource}:admin`)) return true;
-  return false;
-}
-function hasAnyRole(user, checkRoles) {
-  if (!user || !user.role) return false;
-  const hierarchy = getRoleHierarchy(user.role);
-  return checkRoles.some((role) => hierarchy.includes(role));
-}
-function getUserPermissions(user, rolePermissions = ROLE_PERMISSIONS) {
-  if (!user || !user.role) return [];
-  const hierarchy = getRoleHierarchy(user.role);
-  const permissions = /* @__PURE__ */ new Set();
-  for (const role of hierarchy) {
-    const rolePerms = rolePermissions[role];
-    if (rolePerms) {
-      for (const perm of rolePerms) {
-        permissions.add(perm);
-      }
-    }
-  }
-  return Array.from(permissions);
-}
-
 // src/auth/rls/tenant.ts
 var DEFAULT_RLS_CONFIG = {
   tenantEnabled: true,
@@ -336,7 +163,7 @@ function applyOwnershipRule(query, collection, context, config = DEFAULT_RLS_CON
   if (!rule) {
     return query;
   }
-  if (rule.bypassRoles && hasAnyRole({ role: context.role }, rule.bypassRoles)) {
+  if (rule.bypassRoles && chunkNKPKR5BW_cjs.hasAnyRole({ role: context.role }, rule.bypassRoles)) {
     return query;
   }
   if (rule.ownerField === "id" && context.userId) {
@@ -376,7 +203,7 @@ function canAccessDocument(doc, collection, context, config = DEFAULT_RLS_CONFIG
   if (!rule) {
     return true;
   }
-  if (rule.bypassRoles && hasAnyRole({ role: context.role }, rule.bypassRoles)) {
+  if (rule.bypassRoles && chunkNKPKR5BW_cjs.hasAnyRole({ role: context.role }, rule.bypassRoles)) {
     return true;
   }
   if (rule.ownerField === "id") {
@@ -392,6 +219,5 @@ exports.AbstractBaseAdapter = AbstractBaseAdapter;
 exports.DEFAULT_RLS_CONFIG = DEFAULT_RLS_CONFIG;
 exports.applyRLS = applyRLS;
 exports.canAccessDocument = canAccessDocument;
-exports.hasPermission = hasPermission;
-//# sourceMappingURL=chunk-SA7NSSIQ.cjs.map
-//# sourceMappingURL=chunk-SA7NSSIQ.cjs.map
+//# sourceMappingURL=chunk-PI73NNOK.cjs.map
+//# sourceMappingURL=chunk-PI73NNOK.cjs.map