@kyro-cms/core 0.9.0 → 0.9.2

package/dist/{chunk-Y3QQN7PN.js → chunk-GAAHG2Z4.js}

@@ -1,5 +1,5 @@
-import { PasswordPolicy, EmailTransport } from './chunk-57P6MJKC.js';
-import { SQLiteAuthAdapter } from './chunk-H727JIG7.js';
+import { PasswordPolicy, EmailTransport } from './chunk-6UNONDW7.js';
+import { SQLiteAuthAdapter } from './chunk-Q72BOAPK.js';
 
 // src/auth/bootstrap.ts
 async function bootstrapAdmin(config) {
@@ -109,6 +109,15 @@ async function autoBootstrap(authAdapter) {
   if (authAdapter) {
     config.authAdapter = authAdapter;
   }
+  try {
+    await config.authAdapter?.connect?.();
+    const existingUser = await config.authAdapter?.findUserByEmail(config.adminEmail);
+    if (existingUser) {
+      await config.authAdapter?.disconnect?.();
+      return { success: false, error: "Admin user already exists" };
+    }
+  } catch {
+  }
   console.log("Auto-bootstrapping admin user...");
   const result = await bootstrapAdmin(config);
   if (result.success) {
@@ -140,5 +149,5 @@ async function bootstrapWithRetry(config, maxRetries = 3, retryDelayMs = 2e3) {
 }
 
 export { autoBootstrap, bootstrapAdmin, bootstrapWithRetry, checkBootstrapRequired, getBootstrapFromEnv };
-//# sourceMappingURL=chunk-Y3QQN7PN.js.map
-//# sourceMappingURL=chunk-Y3QQN7PN.js.map
+//# sourceMappingURL=chunk-GAAHG2Z4.js.map
+//# sourceMappingURL=chunk-GAAHG2Z4.js.map

package/dist/chunk-GAAHG2Z4.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/auth/bootstrap.ts"],"names":[],"mappings":";;;;AAsBA,eAAsB,eACpB,MAAA,EAC0B;AAC1B,EAAA,MAAM;AAAA,IACJ,UAAA;AAAA,IACA,aAAA;AAAA,IACA,SAAA,GAAY,aAAA;AAAA,IACZ,QAAA;AAAA,IACA,WAAA;AAAA,IACA,gBAAA,GAAmB;AAAA,GACrB,GAAI,MAAA;AAEJ,EAAA,MAAM,WAAA,GACJ,MAAA,CAAO,WAAA,IACP,IAAI,iBAAA,CAAkB;AAAA,IACpB,IAAA,EAAM,OAAO,UAAA,IAAc;AAAA,GAC5B,CAAA;AAEH,EAAA,IAAI;AACF,IAAA,MAAM,YAAY,OAAA,IAAU;AAAA,EAC9B,SAAS,KAAA,EAAO;AACd,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,KAAA,EAAO;AAAA,KACT;AAAA,EACF;AAEA,EAAA,MAAM,cAAA,GAAiB,IAAI,cAAA,EAAe;AAC1C,EAAA,MAAM,kBAAA,GAAqB,cAAA,CAAe,QAAA,CAAS,aAAa,CAAA;AAChE,EAAA,IAAI,CAAC,mBAAmB,KAAA,EAAO;AAC7B,IAAA,MAAM,YAAY,UAAA,IAAa;AAC/B,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,OAAO,CAAA,kBAAA,EAAqB,kBAAA,CAAmB,MAAA,CAAO,IAAA,CAAK,IAAI,CAAC,CAAA;AAAA,KAClE;AAAA,EACF;AAEA,EAAA,MAAM,YAAA,GAAe,MAAM,WAAA,CAAY,eAAA,CAAgB,UAAU,CAAA;AACjE,EAAA,IAAI,YAAA,EAAc;AAChB,IAAA,MAAM,YAAY,UAAA,IAAa;AAC/B,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,KAAA,EAAO;AAAA,KACT;AAAA,EACF;AAEA,EAAA,IAAI;AACF,IAAA,MAAM,IAAA,GAAO,MAAM,WAAA,CAAY,UAAA,CAAW;AAAA,MACxC,KAAA,EAAO,UAAA;AAAA,MACP,QAAA,EAAU,aAAA;AAAA,MACV,MAAO,SAAA,IAA0B,OAAA;AAAA,MACjC;AAAA,KACD,CAAA;AAED,IAAA,IAAI,oBAAoB,WAAA,EAAa;AACnC,MAAA,MAAM,cAAA,GAAiB,IAAI,cAAA,CAAe,WAAW,CAAA;AACrD,MAAA,MAAM,SAAA,GAAY,eAAe,YAAA,EAAa;AAC9C,MAAA,MAAM,eAAA,GAAkB,UAAU,OAAA,CAAQ,UAAA,CAAW,MAAM,GAAG,CAAA,CAAE,CAAC,CAAC,CAAA;AAClE,MAAA,MAAM,eAAe,IAAA,CAAK;AAAA,QACxB,EAAA,EAAI,UAAA;AAAA,QACJ,GAAG;AAAA,OACJ,CAAA;AAAA,IACH;AAEA,IAAA,MAAM,YAAY,UAAA,IAAa;AAC/B,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,IAAA;AAAA,MACT;AAAA,KACF;AAAA,EACF,SAAS,KAAA,EAAO;AACd,IAAA,MAAM,YAAY,UAAA,IAAa;AAC/B,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,KAAA,EACE,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU;AAAA,KAC7C;AAAA,EACF;AACF;AAEA,eAAsB,sBAAA,CACpB,aACA,UAAA,EACkB;AAClB,EAAA,MAAM,YAAA,GAAe,MAAM,WAAA,CAAY,eAAA,CAAgB,UAAU,CAAA;AACjE,EAAA,OAAO,CAAC,YAAA;AACV;AAEO,SAAS,mBAAA,GAA8C;AAC5D,EAAA,MAAM,KAAA,GAAQ,QAAQ,GAAA,CAAI,gBAAA;AAC1B,EAAA,MAAM,QAAA,GAAW,QAAQ,GAAA,CAAI,mBAAA;AAE7B,EAAA,IAAI,CAAC,KAAA,IAAS,CAAC,QAAA,EAAU;AACvB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAO;AAAA,IACL,UAAA,EAAY,OAAA,CAAQ,GAAA,CAAI,iBAAA,IAAqB,gBAAA;AAAA,IAC7C,UAAA,EAAY,KAAA;AAAA,IACZ,aAAA,EAAe,QAAA;AAAA,IACf,SAAA,EAAW,OAAA,CAAQ,GAAA,CAAI,eAAA,IAAmB,aAAA;AAAA,IAC1C,QAAA,EAAU,QAAQ,GAAA,CAAI,oBAAA;AAAA,IACtB,WAAA,EAAa,OAAA,CAAQ,GAAA,CAAI,SAAA,GACrB;AAAA,MACE,QAAA,EAAU,MAAA;AAAA,MACV,IAAA,EAAM;AAAA,QACJ,IAAA,EAAM,QAAQ,GAAA,CAAI,SAAA;AAAA,QAClB,MAAM,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,SAAA,IAAa,OAAO,EAAE,CAAA;AAAA,QACjD,MAAA,EAAQ,OAAA,CAAQ,GAAA,CAAI,WAAA,KAAgB,MAAA;AAAA,QACpC,IAAA,EAAM;AAAA,UACJ,IAAA,EAAM,OAAA,CAAQ,GAAA,CAAI,SAAA,IAAa,EAAA;AAAA,UAC/B,IAAA,EAAM,OAAA,CAAQ,GAAA,CAAI,SAAA,IAAa;AAAA;AACjC,OACF;AAAA,MACA,IAAA,EAAM,OAAA,CAAQ,GAAA,CAAI,SAAA,IAAa,qBAAA;AAAA,MAC/B,QAAA,EAAU,QAAQ,GAAA,CAAI;AAAA,KACxB,GACA,MAAA;AAAA,IACJ,gBAAA,EAAkB,OAAA,CAAQ,GAAA,CAAI,uBAAA,KAA4B;AAAA,GAC5D;AACF;AAEA,eAAsB,cACpB,WAAA,EACiC;AACjC,EAAA,MAAM,SAAS,mBAAA,EAAoB;AACnC,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI,WAAA,EAAa;AACf,IAAA,MAAA,CAAO,WAAA,GAAc,WAAA;AAAA,EACvB;AAGA,EAAA,IAAI;AACF,IAAA,MAAM,MAAA,CAAO,aAAa,OAAA,IAAU;AACpC,IAAA,MAAM,eAAe,MAAM,MAAA,CAAO,WAAA,EAAa,eAAA,CAAgB,OAAO,UAAU,CAAA;AAChF,IAAA,IAAI,YAAA,EAAc;AAChB,MAAA,MAAM,MAAA,CAAO,aAAa,UAAA,IAAa;AACvC,MAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,KAAA,EAAO,2BAAA,EAA4B;AAAA,IAC9D;AAAA,EACF,CAAA,CAAA,MAAQ;AAAA,EAER;AAEA,EAAA,OAAA,CAAQ,IAAI,kCAAkC,CAAA;AAC9C,EAAA,MAAM,MAAA,GAAS,MAAM,cAAA,CAAe,MAAM,CAAA;AAE1C,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAA,CAAQ,GAAA,CAAI,CAAA,oBAAA,EAAuB,MAAA,CAAO,UAAU,CAAA,CAAE,CAAA;AAAA,EACxD,CAAA,MAAO;AACL,IAAA,OAAA,CAAQ,KAAA,CAAM,CAAA,kBAAA,EAAqB,MAAA,CAAO,KAAK,CAAA,CAAE,CAAA;AAAA,EACnD;AAEA,EAAA,OAAO,MAAA;AACT;AAEA,eAAsB,kBAAA,CACpB,MAAA,EACA,UAAA,GAAqB,CAAA,EACrB,eAAuB,GAAA,EACG;AAC1B,EAAA,IAAI,SAAA,GAAoB,EAAA;AAExB,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,UAAA,EAAY,CAAA,EAAA,EAAK;AACnC,IAAA,MAAM,MAAA,GAAS,MAAM,cAAA,CAAe,MAAM,CAAA;AAE1C,IAAA,IAAI,OAAO,OAAA,EAAS;AAClB,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,SAAA,GAAY,OAAO,KAAA,IAAS,eAAA;AAE5B,IAAA,IAAI,SAAA,CAAU,QAAA,CAAS,gBAAgB,CAAA,EAAG;AACxC,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,IAAI,CAAA,GAAI,aAAa,CAAA,EAAG;AACtB,MAAA,MAAM,IAAI,OAAA,CAAQ,CAAC,YAAY,UAAA,CAAW,OAAA,EAAS,YAAY,CAAC,CAAA;AAAA,IAClE;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,OAAA,EAAS,KAAA;AAAA,IACT,KAAA,EAAO,CAAA,aAAA,EAAgB,UAAU,CAAA,UAAA,EAAa,SAAS,CAAA;AAAA,GACzD;AACF","file":"chunk-GAAHG2Z4.js","sourcesContent":["import { SQLiteAuthAdapter } from \"./sqlite-adapter.js\";\nimport { EmailTransport, type EmailConfig } from \"./nodemailer-transport.js\";\nimport { PasswordPolicy } from \"./security/password-policy.js\";\nimport type { AuthUser, UserRole, AuthAdapter } from \"./types.js\";\n\nexport interface BootstrapConfig {\n  authAdapter?: AuthAdapter;\n  authDbPath?: string;\n  adminEmail: string;\n  adminPassword: string;\n  adminRole?: string;\n  tenantId?: string;\n  emailConfig?: EmailConfig;\n  sendWelcomeEmail?: boolean;\n}\n\nexport interface BootstrapResult {\n  success: boolean;\n  user?: AuthUser;\n  error?: string;\n}\n\nexport async function bootstrapAdmin(\n  config: BootstrapConfig,\n): Promise<BootstrapResult> {\n  const {\n    adminEmail,\n    adminPassword,\n    adminRole = \"super_admin\",\n    tenantId,\n    emailConfig,\n    sendWelcomeEmail = false,\n  } = config;\n\n  const authAdapter =\n    config.authAdapter ||\n    new SQLiteAuthAdapter({\n      path: config.authDbPath || \"./data/auth.db\",\n    });\n\n  try {\n    await authAdapter.connect?.();\n  } catch (error) {\n    return {\n      success: false,\n      error: \"Failed to connect to auth storage\",\n    };\n  }\n\n  const passwordPolicy = new PasswordPolicy();\n  const passwordValidation = passwordPolicy.validate(adminPassword);\n  if (!passwordValidation.valid) {\n    await authAdapter.disconnect?.();\n    return {\n      success: false,\n      error: `Invalid password: ${passwordValidation.errors.join(\", \")}`,\n    };\n  }\n\n  const existingUser = await authAdapter.findUserByEmail(adminEmail);\n  if (existingUser) {\n    await authAdapter.disconnect?.();\n    return {\n      success: false,\n      error: \"Admin user already exists\",\n    };\n  }\n\n  try {\n    const user = await authAdapter.createUser({\n      email: adminEmail,\n      password: adminPassword,\n      role: (adminRole as UserRole) || \"admin\",\n      tenantId,\n    });\n\n    if (sendWelcomeEmail && emailConfig) {\n      const emailTransport = new EmailTransport(emailConfig);\n      const templates = emailTransport.getTemplates();\n      const welcomeTemplate = templates.welcome(adminEmail.split(\"@\")[0]);\n      await emailTransport.send({\n        to: adminEmail,\n        ...welcomeTemplate,\n      });\n    }\n\n    await authAdapter.disconnect?.();\n    return {\n      success: true,\n      user,\n    };\n  } catch (error) {\n    await authAdapter.disconnect?.();\n    return {\n      success: false,\n      error:\n        error instanceof Error ? error.message : \"Failed to create admin user\",\n    };\n  }\n}\n\nexport async function checkBootstrapRequired(\n  authAdapter: AuthAdapter,\n  adminEmail: string,\n): Promise<boolean> {\n  const existingUser = await authAdapter.findUserByEmail(adminEmail);\n  return !existingUser;\n}\n\nexport function getBootstrapFromEnv(): BootstrapConfig | null {\n  const email = process.env.KYRO_ADMIN_EMAIL;\n  const password = process.env.KYRO_ADMIN_PASSWORD;\n\n  if (!email || !password) {\n    return null;\n  }\n\n  return {\n    authDbPath: process.env.KYRO_AUTH_DB_PATH || \"./data/auth.db\",\n    adminEmail: email,\n    adminPassword: password,\n    adminRole: process.env.KYRO_ADMIN_ROLE || \"super_admin\",\n    tenantId: process.env.KYRO_ADMIN_TENANT_ID,\n    emailConfig: process.env.SMTP_HOST\n      ? {\n          provider: \"smtp\",\n          smtp: {\n            host: process.env.SMTP_HOST,\n            port: parseInt(process.env.SMTP_PORT || \"587\", 10),\n            secure: process.env.SMTP_SECURE === \"true\",\n            auth: {\n              user: process.env.SMTP_USER || \"\",\n              pass: process.env.SMTP_PASS || \"\",\n            },\n          },\n          from: process.env.SMTP_FROM || \"noreply@example.com\",\n          fromName: process.env.SMTP_FROM_NAME,\n        }\n      : undefined,\n    sendWelcomeEmail: process.env.KYRO_ADMIN_SEND_WELCOME === \"true\",\n  };\n}\n\nexport async function autoBootstrap(\n  authAdapter?: AuthAdapter,\n): Promise<BootstrapResult | null> {\n  const config = getBootstrapFromEnv();\n  if (!config) {\n    return null;\n  }\n\n  if (authAdapter) {\n    config.authAdapter = authAdapter;\n  }\n\n  // Check if bootstrap is actually needed before connecting\n  try {\n    await config.authAdapter?.connect?.();\n    const existingUser = await config.authAdapter?.findUserByEmail(config.adminEmail);\n    if (existingUser) {\n      await config.authAdapter?.disconnect?.();\n      return { success: false, error: \"Admin user already exists\" };\n    }\n  } catch {\n    // Connection failed — let bootstrapAdmin handle the error\n  }\n\n  console.log(\"Auto-bootstrapping admin user...\");\n  const result = await bootstrapAdmin(config);\n\n  if (result.success) {\n    console.log(`Admin user created: ${config.adminEmail}`);\n  } else {\n    console.error(`Bootstrap failed: ${result.error}`);\n  }\n\n  return result;\n}\n\nexport async function bootstrapWithRetry(\n  config: BootstrapConfig,\n  maxRetries: number = 3,\n  retryDelayMs: number = 2000,\n): Promise<BootstrapResult> {\n  let lastError: string = \"\";\n\n  for (let i = 0; i < maxRetries; i++) {\n    const result = await bootstrapAdmin(config);\n\n    if (result.success) {\n      return result;\n    }\n\n    lastError = result.error || \"Unknown error\";\n\n    if (lastError.includes(\"already exists\")) {\n      return result;\n    }\n\n    if (i < maxRetries - 1) {\n      await new Promise((resolve) => setTimeout(resolve, retryDelayMs));\n    }\n  }\n\n  return {\n    success: false,\n    error: `Failed after ${maxRetries} retries: ${lastError}`,\n  };\n}\n"]}

package/dist/chunk-GAOXD3XT.js

@@ -0,0 +1,175 @@
+// src/templates/settings/storage.ts
+var localFields = [
+  { name: "uploadDir", type: "text", label: "Upload Directory", defaultValue: "./public/uploads" },
+  { name: "baseUrl", type: "text", label: "Base URL", defaultValue: "/uploads" }
+];
+var awsFields = [
+  { name: "bucket", type: "text", label: "Bucket Name", required: true },
+  { name: "region", type: "text", label: "Region", defaultValue: "us-east-1", admin: { placeholder: "us-east-1" } },
+  { name: "accessKeyId", type: "text", label: "Access Key ID", required: true },
+  { name: "secretAccessKey", type: "password", label: "Secret Access Key", required: true },
+  { name: "endpoint", type: "text", label: "Endpoint URL", admin: { placeholder: "https://s3.custom.com" } },
+  { name: "cdnUrl", type: "text", label: "CDN URL", admin: { placeholder: "https://cdn.example.com" } },
+  { name: "prefix", type: "text", label: "Path Prefix", admin: { placeholder: "uploads" } }
+];
+var r2Fields = [
+  { name: "accountId", type: "text", label: "Account ID", required: true, admin: { placeholder: "Your Cloudflare Account ID" } },
+  { name: "accessKeyId", type: "text", label: "Access Key ID", required: true },
+  { name: "secretAccessKey", type: "password", label: "Secret Access Key", required: true },
+  { name: "bucket", type: "text", label: "Bucket Name", required: true },
+  {
+    name: "publicDevUrl",
+    type: "text",
+    label: "Public Dev URL ID",
+    admin: {
+      placeholder: "pub-xxxxxxxxxxxxxxxx",
+      description: "Enter ONLY the ID (e.g., pub-b8d8c4cc8bcf4d868ddd95efc1b305aa). Do NOT include https:// or the full URL. Found in R2 Dashboard \u2192 Public Dev URL."
+    }
+  },
+  { name: "cdnUrl", type: "text", label: "Custom CDN URL", admin: { placeholder: "https://assets.example.com (optional)" } },
+  { name: "prefix", type: "text", label: "Path Prefix", admin: { placeholder: "uploads (optional)", description: "Optional prefix for all object keys. Do not use '/' as prefix." } }
+];
+var cloudinaryFields = [
+  { name: "cloudName", type: "text", label: "Cloud Name", required: true },
+  { name: "apiKey", type: "text", label: "API Key", required: true },
+  { name: "apiSecret", type: "password", label: "API Secret", required: true },
+  { name: "folder", type: "text", label: "Folder", admin: { placeholder: "Optional folder path" } },
+  {
+    name: "uploadPreset",
+    type: "text",
+    label: "Upload Preset (optional)",
+    admin: { placeholder: "Leave empty for signed uploads", description: "If not set, uploads will be signed with API Secret" }
+  }
+];
+var ftpFields = [
+  { name: "host", type: "text", label: "Host", required: true, admin: { placeholder: "ftp.example.com" } },
+  { name: "port", type: "number", label: "Port", defaultValue: 21, admin: { placeholder: "21 for FTP" } },
+  { name: "user", type: "text", label: "Username", required: true },
+  { name: "password", type: "password", label: "Password", required: true },
+  { name: "secure", type: "checkbox", label: "Use TLS/SSL", defaultValue: false, admin: { description: "Enable TLS/SSL for secure connections (FTP only)" } },
+  { name: "baseUrl", type: "text", label: "Base URL", required: true, admin: { placeholder: "https://files.example.com" } },
+  { name: "prefix", type: "text", label: "Path Prefix", admin: { placeholder: "uploads" } }
+];
+var builtInProviders = [
+  { type: "local", displayName: "Local Server", configFields: localFields },
+  { type: "aws", displayName: "S3 Compatible (AWS, Backblaze, Wasabi, etc.)", configFields: awsFields },
+  { type: "r2", displayName: "Cloudflare R2", configFields: r2Fields },
+  { type: "cloudinary", displayName: "Cloudinary", configFields: cloudinaryFields },
+  { type: "ftp", displayName: "FTP", configFields: ftpFields }
+];
+var providerOptions = builtInProviders.map((p) => ({
+  label: p.displayName,
+  value: p.type
+}));
+var providerGroups = builtInProviders.map((p) => ({
+  name: p.type,
+  type: "group",
+  label: `${p.displayName} Settings`,
+  admin: { condition: { field: "provider", equals: p.type } },
+  fields: p.configFields
+}));
+var storageSettingsGlobal = {
+  slug: "storage-settings",
+  label: "Storage Settings",
+  admin: { group: "settings" },
+  access: { read: () => true, update: () => true },
+  fields: [
+    {
+      name: "provider",
+      type: "select",
+      label: "Storage Provider",
+      defaultValue: "local",
+      options: providerOptions
+    },
+    ...providerGroups,
+    {
+      name: "limits",
+      type: "group",
+      label: "Upload Limits",
+      fields: [
+        {
+          name: "maxFileSize",
+          type: "number",
+          label: "Max File Size (bytes)",
+          defaultValue: 10485760
+        },
+        {
+          name: "allowedTypes",
+          type: "json",
+          label: "Allowed MIME Types",
+          defaultValue: ["image/*", "video/*", "audio/*", "application/pdf"]
+        },
+        {
+          name: "maxFilesPerUpload",
+          type: "number",
+          label: "Max Files per Upload",
+          defaultValue: 10
+        }
+      ]
+    }
+  ]
+};
+function createStorageSettingsGlobal(registry, isPluginEnabled) {
+  const allProviders = registry.getAllAvailable(isPluginEnabled);
+  const builtInTypes = new Set(builtInProviders.map((p) => p.type));
+  const hasExtras = allProviders.some((p) => !builtInTypes.has(p.type));
+  if (!hasExtras) {
+    return storageSettingsGlobal;
+  }
+  const providerOpts = allProviders.map((p) => ({
+    label: p.displayName,
+    value: p.type
+  }));
+  const groups = allProviders.map((p) => ({
+    name: p.type,
+    type: "group",
+    label: `${p.displayName} Settings`,
+    admin: { condition: { field: "provider", equals: p.type } },
+    fields: p.configFields
+  }));
+  return {
+    slug: "storage-settings",
+    label: "Storage Settings",
+    admin: { group: "settings" },
+    access: { read: () => true, update: () => true },
+    fields: [
+      {
+        name: "provider",
+        type: "select",
+        label: "Storage Provider",
+        defaultValue: "local",
+        options: providerOpts
+      },
+      ...groups,
+      {
+        name: "limits",
+        type: "group",
+        label: "Upload Limits",
+        fields: [
+          {
+            name: "maxFileSize",
+            type: "number",
+            label: "Max File Size (bytes)",
+            defaultValue: 10485760
+          },
+          {
+            name: "allowedTypes",
+            type: "json",
+            label: "Allowed MIME Types",
+            defaultValue: ["image/*", "video/*", "audio/*", "application/pdf"]
+          },
+          {
+            name: "maxFilesPerUpload",
+            type: "number",
+            label: "Max Files per Upload",
+            defaultValue: 10
+          }
+        ]
+      }
+    ]
+  };
+}
+
+export { createStorageSettingsGlobal, storageSettingsGlobal };
+//# sourceMappingURL=chunk-GAOXD3XT.js.map
+//# sourceMappingURL=chunk-GAOXD3XT.js.map

package/dist/chunk-GAOXD3XT.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/templates/settings/storage.ts"],"names":[],"mappings":";AAWA,IAAM,WAAA,GAAuB;AAAA,EAC3B,EAAE,MAAM,WAAA,EAAa,IAAA,EAAM,QAAQ,KAAA,EAAO,kBAAA,EAAoB,cAAc,kBAAA,EAAmB;AAAA,EAC/F,EAAE,MAAM,SAAA,EAAW,IAAA,EAAM,QAAQ,KAAA,EAAO,UAAA,EAAY,cAAc,UAAA;AACpE,CAAA;AAEA,IAAM,SAAA,GAAqB;AAAA,EACzB,EAAE,MAAM,QAAA,EAAU,IAAA,EAAM,QAAQ,KAAA,EAAO,aAAA,EAAe,UAAU,IAAA,EAAK;AAAA,EACrE,EAAE,IAAA,EAAM,QAAA,EAAU,IAAA,EAAM,MAAA,EAAQ,KAAA,EAAO,QAAA,EAAU,YAAA,EAAc,WAAA,EAAa,KAAA,EAAO,EAAE,WAAA,EAAa,aAAY,EAAE;AAAA,EAChH,EAAE,MAAM,aAAA,EAAe,IAAA,EAAM,QAAQ,KAAA,EAAO,eAAA,EAAiB,UAAU,IAAA,EAAK;AAAA,EAC5E,EAAE,MAAM,iBAAA,EAAmB,IAAA,EAAM,YAAY,KAAA,EAAO,mBAAA,EAAqB,UAAU,IAAA,EAAK;AAAA,EACxF,EAAE,IAAA,EAAM,UAAA,EAAY,IAAA,EAAM,MAAA,EAAQ,KAAA,EAAO,cAAA,EAAgB,KAAA,EAAO,EAAE,WAAA,EAAa,uBAAA,EAAwB,EAAE;AAAA,EACzG,EAAE,IAAA,EAAM,QAAA,EAAU,IAAA,EAAM,MAAA,EAAQ,KAAA,EAAO,SAAA,EAAW,KAAA,EAAO,EAAE,WAAA,EAAa,yBAAA,EAA0B,EAAE;AAAA,EACpG,EAAE,IAAA,EAAM,QAAA,EAAU,IAAA,EAAM,MAAA,EAAQ,KAAA,EAAO,aAAA,EAAe,KAAA,EAAO,EAAE,WAAA,EAAa,SAAA,EAAU;AACxF,CAAA;AAEA,IAAM,QAAA,GAAoB;AAAA,EACxB,EAAE,IAAA,EAAM,WAAA,EAAa,IAAA,EAAM,MAAA,EAAQ,KAAA,EAAO,YAAA,EAAc,QAAA,EAAU,IAAA,EAAM,KAAA,EAAO,EAAE,WAAA,EAAa,8BAA6B,EAAE;AAAA,EAC7H,EAAE,MAAM,aAAA,EAAe,IAAA,EAAM,QAAQ,KAAA,EAAO,eAAA,EAAiB,UAAU,IAAA,EAAK;AAAA,EAC5E,EAAE,MAAM,iBAAA,EAAmB,IAAA,EAAM,YAAY,KAAA,EAAO,mBAAA,EAAqB,UAAU,IAAA,EAAK;AAAA,EACxF,EAAE,MAAM,QAAA,EAAU,IAAA,EAAM,QAAQ,KAAA,EAAO,aAAA,EAAe,UAAU,IAAA,EAAK;AAAA,EACrE;AAAA,IACE,IAAA,EAAM,cAAA;AAAA,IAAgB,IAAA,EAAM,MAAA;AAAA,IAAQ,KAAA,EAAO,mBAAA;AAAA,IAC3C,KAAA,EAAO;AAAA,MACL,WAAA,EAAa,sBAAA;AAAA,MACb,WAAA,EAAa;AAAA;AACf,GACF;AAAA,EACA,EAAE,IAAA,EAAM,QAAA,EAAU,IAAA,EAAM,MAAA,EAAQ,KAAA,EAAO,gBAAA,EAAkB,KAAA,EAAO,EAAE,WAAA,EAAa,uCAAA,EAAwC,EAAE;AAAA,EACzH,EAAE,IAAA,EAAM,QAAA,EAAU,IAAA,EAAM,MAAA,EAAQ,KAAA,EAAO,aAAA,EAAe,KAAA,EAAO,EAAE,WAAA,EAAa,oBAAA,EAAsB,WAAA,EAAa,kEAAiE;AAClL,CAAA;AAEA,IAAM,gBAAA,GAA4B;AAAA,EAChC,EAAE,MAAM,WAAA,EAAa,IAAA,EAAM,QAAQ,KAAA,EAAO,YAAA,EAAc,UAAU,IAAA,EAAK;AAAA,EACvE,EAAE,MAAM,QAAA,EAAU,IAAA,EAAM,QAAQ,KAAA,EAAO,SAAA,EAAW,UAAU,IAAA,EAAK;AAAA,EACjE,EAAE,MAAM,WAAA,EAAa,IAAA,EAAM,YAAY,KAAA,EAAO,YAAA,EAAc,UAAU,IAAA,EAAK;AAAA,EAC3E,EAAE,IAAA,EAAM,QAAA,EAAU,IAAA,EAAM,MAAA,EAAQ,KAAA,EAAO,QAAA,EAAU,KAAA,EAAO,EAAE,WAAA,EAAa,sBAAA,EAAuB,EAAE;AAAA,EAChG;AAAA,IACE,IAAA,EAAM,cAAA;AAAA,IAAgB,IAAA,EAAM,MAAA;AAAA,IAAQ,KAAA,EAAO,0BAAA;AAAA,IAC3C,KAAA,EAAO,EAAE,WAAA,EAAa,gCAAA,EAAkC,aAAa,oDAAA;AAAqD;AAE9H,CAAA;AAEA,IAAM,SAAA,GAAqB;AAAA,EACzB,EAAE,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,MAAA,EAAQ,KAAA,EAAO,MAAA,EAAQ,QAAA,EAAU,IAAA,EAAM,KAAA,EAAO,EAAE,WAAA,EAAa,mBAAkB,EAAE;AAAA,EACvG,EAAE,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,QAAA,EAAU,KAAA,EAAO,MAAA,EAAQ,YAAA,EAAc,EAAA,EAAI,KAAA,EAAO,EAAE,WAAA,EAAa,cAAa,EAAE;AAAA,EACtG,EAAE,MAAM,MAAA,EAAQ,IAAA,EAAM,QAAQ,KAAA,EAAO,UAAA,EAAY,UAAU,IAAA,EAAK;AAAA,EAChE,EAAE,MAAM,UAAA,EAAY,IAAA,EAAM,YAAY,KAAA,EAAO,UAAA,EAAY,UAAU,IAAA,EAAK;AAAA,EACxE,EAAE,IAAA,EAAM,QAAA,EAAU,IAAA,EAAM,UAAA,EAAY,KAAA,EAAO,aAAA,EAAe,YAAA,EAAc,KAAA,EAAO,KAAA,EAAO,EAAE,WAAA,EAAa,oDAAmD,EAAE;AAAA,EAC1J,EAAE,IAAA,EAAM,SAAA,EAAW,IAAA,EAAM,MAAA,EAAQ,KAAA,EAAO,UAAA,EAAY,QAAA,EAAU,IAAA,EAAM,KAAA,EAAO,EAAE,WAAA,EAAa,6BAA4B,EAAE;AAAA,EACxH,EAAE,IAAA,EAAM,QAAA,EAAU,IAAA,EAAM,MAAA,EAAQ,KAAA,EAAO,aAAA,EAAe,KAAA,EAAO,EAAE,WAAA,EAAa,SAAA,EAAU;AACxF,CAAA;AASA,IAAM,gBAAA,GAAkC;AAAA,EACtC,EAAE,IAAA,EAAM,OAAA,EAAS,WAAA,EAAa,cAAA,EAAgB,cAAc,WAAA,EAAY;AAAA,EACxE,EAAE,IAAA,EAAM,KAAA,EAAO,WAAA,EAAa,8CAAA,EAAgD,cAAc,SAAA,EAAU;AAAA,EACpG,EAAE,IAAA,EAAM,IAAA,EAAM,WAAA,EAAa,eAAA,EAAiB,cAAc,QAAA,EAAS;AAAA,EACnE,EAAE,IAAA,EAAM,YAAA,EAAc,WAAA,EAAa,YAAA,EAAc,cAAc,gBAAA,EAAiB;AAAA,EAChF,EAAE,IAAA,EAAM,KAAA,EAAO,WAAA,EAAa,KAAA,EAAO,cAAc,SAAA;AACnD,CAAA;AASA,IAAM,eAAA,GAAkB,gBAAA,CAAiB,GAAA,CAAI,CAAC,CAAA,MAAO;AAAA,EACnD,OAAO,CAAA,CAAE,WAAA;AAAA,EACT,OAAO,CAAA,CAAE;AACX,CAAA,CAAE,CAAA;AAEF,IAAM,cAAA,GAA0B,gBAAA,CAAiB,GAAA,CAAI,CAAC,CAAA,MAAO;AAAA,EAC3D,MAAM,CAAA,CAAE,IAAA;AAAA,EACR,IAAA,EAAM,OAAA;AAAA,EACN,KAAA,EAAO,CAAA,EAAG,CAAA,CAAE,WAAW,CAAA,SAAA,CAAA;AAAA,EACvB,KAAA,EAAO,EAAE,SAAA,EAAW,EAAE,OAAO,UAAA,EAAY,MAAA,EAAQ,CAAA,CAAE,IAAA,EAAK,EAA0B;AAAA,EAClF,QAAQ,CAAA,CAAE;AACZ,CAAA,CAAE,CAAA;AAEK,IAAM,qBAAA,GAAsC;AAAA,EACjD,IAAA,EAAM,kBAAA;AAAA,EACN,KAAA,EAAO,kBAAA;AAAA,EACP,KAAA,EAAO,EAAE,KAAA,EAAO,UAAA,EAAW;AAAA,EAC3B,QAAQ,EAAE,IAAA,EAAM,MAAM,IAAA,EAAM,MAAA,EAAQ,MAAM,IAAA,EAAK;AAAA,EAC/C,MAAA,EAAQ;AAAA,IACN;AAAA,MACE,IAAA,EAAM,UAAA;AAAA,MACN,IAAA,EAAM,QAAA;AAAA,MACN,KAAA,EAAO,kBAAA;AAAA,MACP,YAAA,EAAc,OAAA;AAAA,MACd,OAAA,EAAS;AAAA,KACX;AAAA,IACA,GAAG,cAAA;AAAA,IACH;AAAA,MACE,IAAA,EAAM,QAAA;AAAA,MACN,IAAA,EAAM,OAAA;AAAA,MACN,KAAA,EAAO,eAAA;AAAA,MACP,MAAA,EAAQ;AAAA,QACN;AAAA,UACE,IAAA,EAAM,aAAA;AAAA,UACN,IAAA,EAAM,QAAA;AAAA,UACN,KAAA,EAAO,uBAAA;AAAA,UACP,YAAA,EAAc;AAAA,SAChB;AAAA,QACA;AAAA,UACE,IAAA,EAAM,cAAA;AAAA,UACN,IAAA,EAAM,MAAA;AAAA,UACN,KAAA,EAAO,oBAAA;AAAA,UACP,YAAA,EAAc,CAAC,SAAA,EAAW,SAAA,EAAW,WAAW,iBAAiB;AAAA,SACnE;AAAA,QACA;AAAA,UACE,IAAA,EAAM,mBAAA;AAAA,UACN,IAAA,EAAM,QAAA;AAAA,UACN,KAAA,EAAO,sBAAA;AAAA,UACP,YAAA,EAAc;AAAA;AAChB;AACF;AACF;AAEJ;AASO,SAAS,2BAAA,CACd,UACA,eAAA,EACc;AACd,EAAA,MAAM,YAAA,GAAe,QAAA,CAAS,eAAA,CAAgB,eAAe,CAAA;AAG7D,EAAA,MAAM,YAAA,GAAe,IAAI,GAAA,CAAI,gBAAA,CAAiB,IAAI,CAAC,CAAA,KAAM,CAAA,CAAE,IAAI,CAAC,CAAA;AAChE,EAAA,MAAM,SAAA,GAAY,YAAA,CAAa,IAAA,CAAK,CAAC,CAAA,KAAM,CAAC,YAAA,CAAa,GAAA,CAAI,CAAA,CAAE,IAAI,CAAC,CAAA;AAEpE,EAAA,IAAI,CAAC,SAAA,EAAW;AACd,IAAA,OAAO,qBAAA;AAAA,EACT;AAGA,EAAA,MAAM,YAAA,GAAe,YAAA,CAAa,GAAA,CAAI,CAAC,CAAA,MAAO;AAAA,IAC5C,OAAO,CAAA,CAAE,WAAA;AAAA,IACT,OAAO,CAAA,CAAE;AAAA,GACX,CAAE,CAAA;AAEF,EAAA,MAAM,MAAA,GAAkB,YAAA,CAAa,GAAA,CAAI,CAAC,CAAA,MAAO;AAAA,IAC/C,MAAM,CAAA,CAAE,IAAA;AAAA,IACR,IAAA,EAAM,OAAA;AAAA,IACN,KAAA,EAAO,CAAA,EAAG,CAAA,CAAE,WAAW,CAAA,SAAA,CAAA;AAAA,IACvB,KAAA,EAAO,EAAE,SAAA,EAAW,EAAE,OAAO,UAAA,EAAY,MAAA,EAAQ,CAAA,CAAE,IAAA,EAAK,EAA0B;AAAA,IAClF,QAAQ,CAAA,CAAE;AAAA,GACZ,CAAE,CAAA;AAEF,EAAA,OAAO;AAAA,IACL,IAAA,EAAM,kBAAA;AAAA,IACN,KAAA,EAAO,kBAAA;AAAA,IACP,KAAA,EAAO,EAAE,KAAA,EAAO,UAAA,EAAW;AAAA,IAC3B,QAAQ,EAAE,IAAA,EAAM,MAAM,IAAA,EAAM,MAAA,EAAQ,MAAM,IAAA,EAAK;AAAA,IAC/C,MAAA,EAAQ;AAAA,MACN;AAAA,QACE,IAAA,EAAM,UAAA;AAAA,QACN,IAAA,EAAM,QAAA;AAAA,QACN,KAAA,EAAO,kBAAA;AAAA,QACP,YAAA,EAAc,OAAA;AAAA,QACd,OAAA,EAAS;AAAA,OACX;AAAA,MACA,GAAG,MAAA;AAAA,MACH;AAAA,QACE,IAAA,EAAM,QAAA;AAAA,QACN,IAAA,EAAM,OAAA;AAAA,QACN,KAAA,EAAO,eAAA;AAAA,QACP,MAAA,EAAQ;AAAA,UACN;AAAA,YACE,IAAA,EAAM,aAAA;AAAA,YACN,IAAA,EAAM,QAAA;AAAA,YACN,KAAA,EAAO,uBAAA;AAAA,YACP,YAAA,EAAc;AAAA,WAChB;AAAA,UACA;AAAA,YACE,IAAA,EAAM,cAAA;AAAA,YACN,IAAA,EAAM,MAAA;AAAA,YACN,KAAA,EAAO,oBAAA;AAAA,YACP,YAAA,EAAc,CAAC,SAAA,EAAW,SAAA,EAAW,WAAW,iBAAiB;AAAA,WACnE;AAAA,UACA;AAAA,YACE,IAAA,EAAM,mBAAA;AAAA,YACN,IAAA,EAAM,QAAA;AAAA,YACN,KAAA,EAAO,sBAAA;AAAA,YACP,YAAA,EAAc;AAAA;AAChB;AACF;AACF;AACF,GACF;AACF","file":"chunk-GAOXD3XT.js","sourcesContent":["import type { GlobalConfig } from \"../../registry/types.js\";\nimport type { Field } from \"../../fields/types.js\";\nimport type { DeclarativeCondition } from \"../../fields/types.js\";\nimport type { StorageProviderRegistry } from \"../../storage/registry.js\";\n\n// ============================================================================\n// Built-in Provider Field Definitions\n// ============================================================================\n// These are defined statically so they are available at build time\n// (for admin config serialization) without requiring a runtime registry.\n\nconst localFields: Field[] = [\n  { name: \"uploadDir\", type: \"text\", label: \"Upload Directory\", defaultValue: \"./public/uploads\" },\n  { name: \"baseUrl\", type: \"text\", label: \"Base URL\", defaultValue: \"/uploads\" },\n];\n\nconst awsFields: Field[] = [\n  { name: \"bucket\", type: \"text\", label: \"Bucket Name\", required: true },\n  { name: \"region\", type: \"text\", label: \"Region\", defaultValue: \"us-east-1\", admin: { placeholder: \"us-east-1\" } },\n  { name: \"accessKeyId\", type: \"text\", label: \"Access Key ID\", required: true },\n  { name: \"secretAccessKey\", type: \"password\", label: \"Secret Access Key\", required: true },\n  { name: \"endpoint\", type: \"text\", label: \"Endpoint URL\", admin: { placeholder: \"https://s3.custom.com\" } },\n  { name: \"cdnUrl\", type: \"text\", label: \"CDN URL\", admin: { placeholder: \"https://cdn.example.com\" } },\n  { name: \"prefix\", type: \"text\", label: \"Path Prefix\", admin: { placeholder: \"uploads\" } },\n];\n\nconst r2Fields: Field[] = [\n  { name: \"accountId\", type: \"text\", label: \"Account ID\", required: true, admin: { placeholder: \"Your Cloudflare Account ID\" } },\n  { name: \"accessKeyId\", type: \"text\", label: \"Access Key ID\", required: true },\n  { name: \"secretAccessKey\", type: \"password\", label: \"Secret Access Key\", required: true },\n  { name: \"bucket\", type: \"text\", label: \"Bucket Name\", required: true },\n  {\n    name: \"publicDevUrl\", type: \"text\", label: \"Public Dev URL ID\",\n    admin: {\n      placeholder: \"pub-xxxxxxxxxxxxxxxx\",\n      description: \"Enter ONLY the ID (e.g., pub-b8d8c4cc8bcf4d868ddd95efc1b305aa). Do NOT include https:// or the full URL. Found in R2 Dashboard → Public Dev URL.\",\n    },\n  },\n  { name: \"cdnUrl\", type: \"text\", label: \"Custom CDN URL\", admin: { placeholder: \"https://assets.example.com (optional)\" } },\n  { name: \"prefix\", type: \"text\", label: \"Path Prefix\", admin: { placeholder: \"uploads (optional)\", description: \"Optional prefix for all object keys. Do not use '/' as prefix.\" } },\n];\n\nconst cloudinaryFields: Field[] = [\n  { name: \"cloudName\", type: \"text\", label: \"Cloud Name\", required: true },\n  { name: \"apiKey\", type: \"text\", label: \"API Key\", required: true },\n  { name: \"apiSecret\", type: \"password\", label: \"API Secret\", required: true },\n  { name: \"folder\", type: \"text\", label: \"Folder\", admin: { placeholder: \"Optional folder path\" } },\n  {\n    name: \"uploadPreset\", type: \"text\", label: \"Upload Preset (optional)\",\n    admin: { placeholder: \"Leave empty for signed uploads\", description: \"If not set, uploads will be signed with API Secret\" },\n  },\n];\n\nconst ftpFields: Field[] = [\n  { name: \"host\", type: \"text\", label: \"Host\", required: true, admin: { placeholder: \"ftp.example.com\" } },\n  { name: \"port\", type: \"number\", label: \"Port\", defaultValue: 21, admin: { placeholder: \"21 for FTP\" } },\n  { name: \"user\", type: \"text\", label: \"Username\", required: true },\n  { name: \"password\", type: \"password\", label: \"Password\", required: true },\n  { name: \"secure\", type: \"checkbox\", label: \"Use TLS/SSL\", defaultValue: false, admin: { description: \"Enable TLS/SSL for secure connections (FTP only)\" } },\n  { name: \"baseUrl\", type: \"text\", label: \"Base URL\", required: true, admin: { placeholder: \"https://files.example.com\" } },\n  { name: \"prefix\", type: \"text\", label: \"Path Prefix\", admin: { placeholder: \"uploads\" } },\n];\n\n// All built-in providers and their config field groups\ninterface ProviderDef {\n  type: string;\n  displayName: string;\n  configFields: Field[];\n}\n\nconst builtInProviders: ProviderDef[] = [\n  { type: \"local\", displayName: \"Local Server\", configFields: localFields },\n  { type: \"aws\", displayName: \"S3 Compatible (AWS, Backblaze, Wasabi, etc.)\", configFields: awsFields },\n  { type: \"r2\", displayName: \"Cloudflare R2\", configFields: r2Fields },\n  { type: \"cloudinary\", displayName: \"Cloudinary\", configFields: cloudinaryFields },\n  { type: \"ftp\", displayName: \"FTP\", configFields: ftpFields },\n];\n\n// ============================================================================\n// Static Storage Settings Global\n// ============================================================================\n// This global is included in allSettingsGlobals so it's available at build time.\n// It uses DeclarativeCondition instead of function conditions so the\n// conditions survive JSON serialization in the admin config.\n\nconst providerOptions = builtInProviders.map((p) => ({\n  label: p.displayName,\n  value: p.type,\n}));\n\nconst providerGroups: Field[] = builtInProviders.map((p) => ({\n  name: p.type,\n  type: \"group\" as const,\n  label: `${p.displayName} Settings`,\n  admin: { condition: { field: \"provider\", equals: p.type } as DeclarativeCondition },\n  fields: p.configFields,\n}));\n\nexport const storageSettingsGlobal: GlobalConfig = {\n  slug: \"storage-settings\",\n  label: \"Storage Settings\",\n  admin: { group: \"settings\" },\n  access: { read: () => true, update: () => true },\n  fields: [\n    {\n      name: \"provider\",\n      type: \"select\",\n      label: \"Storage Provider\",\n      defaultValue: \"local\",\n      options: providerOptions,\n    },\n    ...providerGroups,\n    {\n      name: \"limits\",\n      type: \"group\",\n      label: \"Upload Limits\",\n      fields: [\n        {\n          name: \"maxFileSize\",\n          type: \"number\",\n          label: \"Max File Size (bytes)\",\n          defaultValue: 10485760,\n        },\n        {\n          name: \"allowedTypes\",\n          type: \"json\",\n          label: \"Allowed MIME Types\",\n          defaultValue: [\"image/*\", \"video/*\", \"audio/*\", \"application/pdf\"],\n        },\n        {\n          name: \"maxFilesPerUpload\",\n          type: \"number\",\n          label: \"Max Files per Upload\",\n          defaultValue: 10,\n        },\n      ],\n    },\n  ],\n};\n\n// ============================================================================\n// Dynamic Storage Settings Global (runtime)\n// ============================================================================\n// Called at runtime to build a storage settings global that includes\n// any additional providers registered by plugins via the StorageProviderRegistry.\n// Falls back to the static global if no extra providers were added.\n\nexport function createStorageSettingsGlobal(\n  registry: StorageProviderRegistry,\n  isPluginEnabled?: (name: string) => boolean,\n): GlobalConfig {\n  const allProviders = registry.getAllAvailable(isPluginEnabled);\n\n  // If only the built-in providers are registered, return the static global\n  const builtInTypes = new Set(builtInProviders.map((p) => p.type));\n  const hasExtras = allProviders.some((p) => !builtInTypes.has(p.type));\n\n  if (!hasExtras) {\n    return storageSettingsGlobal;\n  }\n\n  // Build extended global with additional providers\n  const providerOpts = allProviders.map((p) => ({\n    label: p.displayName,\n    value: p.type,\n  }));\n\n  const groups: Field[] = allProviders.map((p) => ({\n    name: p.type,\n    type: \"group\" as const,\n    label: `${p.displayName} Settings`,\n    admin: { condition: { field: \"provider\", equals: p.type } as DeclarativeCondition },\n    fields: p.configFields,\n  }));\n\n  return {\n    slug: \"storage-settings\",\n    label: \"Storage Settings\",\n    admin: { group: \"settings\" },\n    access: { read: () => true, update: () => true },\n    fields: [\n      {\n        name: \"provider\",\n        type: \"select\",\n        label: \"Storage Provider\",\n        defaultValue: \"local\",\n        options: providerOpts,\n      },\n      ...groups,\n      {\n        name: \"limits\",\n        type: \"group\",\n        label: \"Upload Limits\",\n        fields: [\n          {\n            name: \"maxFileSize\",\n            type: \"number\",\n            label: \"Max File Size (bytes)\",\n            defaultValue: 10485760,\n          },\n          {\n            name: \"allowedTypes\",\n            type: \"json\",\n            label: \"Allowed MIME Types\",\n            defaultValue: [\"image/*\", \"video/*\", \"audio/*\", \"application/pdf\"],\n          },\n          {\n            name: \"maxFilesPerUpload\",\n            type: \"number\",\n            label: \"Max Files per Upload\",\n            defaultValue: 10,\n          },\n        ],\n      },\n    ],\n  };\n}\n"]}

package/dist/{chunk-SA7NSSIQ.cjs → chunk-GUUB5EAG.cjs}

@@ -1,10 +1,19 @@
 'use strict';
 
+var chunkNKPKR5BW_cjs = require('./chunk-NKPKR5BW.cjs');
+
 // src/database/base.ts
 var AbstractBaseAdapter = class {
   collections = /* @__PURE__ */ new Map();
   globals = /* @__PURE__ */ new Map();
   connected = false;
+  tenantContext;
+  setTenantContext(context) {
+    this.tenantContext = context;
+  }
+  getTenantContext() {
+    return this.tenantContext;
+  }
   async init(collections, globals = []) {
     for (const config of collections) {
       this.collections.set(config.slug, config);
@@ -112,188 +121,6 @@ var AbstractBaseAdapter = class {
   }
 };
 
-// src/auth/rbac/roles.ts
-var DEFAULT_ROLES = [
-  {
-    name: "super_admin",
-    level: 100,
-    inherits: [],
-    description: "Full system access across all tenants"
-  },
-  {
-    name: "admin",
-    level: 90,
-    inherits: ["editor"],
-    description: "Full tenant access with all content permissions"
-  },
-  {
-    name: "editor",
-    level: 70,
-    inherits: ["author"],
-    description: "Edit and publish all content"
-  },
-  {
-    name: "author",
-    level: 50,
-    inherits: ["customer"],
-    description: "Create and edit own content"
-  },
-  {
-    name: "customer",
-    level: 30,
-    inherits: [],
-    description: "Access own data and make purchases"
-  },
-  {
-    name: "guest",
-    level: 10,
-    inherits: [],
-    description: "Public read-only access"
-  }
-];
-var ROLE_PERMISSIONS = {
-  super_admin: ["*"],
-  admin: [
-    "users:admin",
-    "users:read",
-    "users:update",
-    "audit_logs:read",
-    "posts:admin",
-    "posts:read",
-    "posts:create",
-    "posts:update",
-    "posts:delete",
-    "pages:admin",
-    "pages:read",
-    "pages:create",
-    "pages:update",
-    "pages:delete",
-    "media:admin",
-    "media:read",
-    "media:create",
-    "media:update",
-    "media:delete",
-    "categories:admin",
-    "categories:read",
-    "categories:create",
-    "categories:update",
-    "categories:delete",
-    "products:admin",
-    "products:read",
-    "products:create",
-    "products:update",
-    "products:delete",
-    "orders:admin",
-    "orders:read",
-    "orders:update",
-    "customers:admin",
-    "customers:read",
-    "customers:update",
-    "coupons:admin",
-    "coupons:read",
-    "coupons:create",
-    "coupons:update",
-    "coupons:delete",
-    "navigation:admin",
-    "navigation:read",
-    "navigation:create",
-    "navigation:update",
-    "navigation:delete",
-    "settings:admin",
-    "settings:read",
-    "settings:update",
-    "profile:admin",
-    "profile:read",
-    "profile:update"
-  ],
-  editor: [
-    "posts:admin",
-    "posts:read",
-    "posts:create",
-    "posts:update",
-    "posts:delete",
-    "pages:admin",
-    "pages:read",
-    "pages:create",
-    "pages:update",
-    "pages:delete",
-    "media:read",
-    "media:create",
-    "media:update",
-    "categories:read",
-    "categories:create",
-    "categories:update",
-    "products:read",
-    "orders:read",
-    "orders:update",
-    "navigation:read",
-    "navigation:create",
-    "navigation:update",
-    "profile:read",
-    "profile:update"
-  ],
-  author: [
-    "posts:read",
-    "posts:create",
-    "posts:update",
-    "media:read",
-    "media:create",
-    "categories:read",
-    "profile:read",
-    "profile:update"
-  ],
-  customer: ["profile:read", "profile:update", "orders:read", "orders:create"],
-  guest: ["posts:read", "pages:read", "products:read"]
-};
-function getRoleHierarchy(role, roles = DEFAULT_ROLES) {
-  const hierarchy = [role];
-  const roleMap = new Map(roles.map((r) => [r.name, r]));
-  const addInherited = (r) => {
-    const roleData = roleMap.get(r);
-    if (roleData && roleData.inherits) {
-      for (const inherited of roleData.inherits) {
-        if (!hierarchy.includes(inherited)) {
-          hierarchy.push(inherited);
-          addInherited(inherited);
-        }
-      }
-    }
-  };
-  addInherited(role);
-  return hierarchy;
-}
-
-// src/auth/rbac/checker.ts
-function hasPermission(user, permission, rolePermissions = ROLE_PERMISSIONS) {
-  if (!user || !user.role) return false;
-  const userPermissions = getUserPermissions(user, rolePermissions);
-  if (userPermissions.includes("*")) return true;
-  if (userPermissions.includes(permission)) return true;
-  const [resource, action] = permission.split(":");
-  if (userPermissions.includes(`${resource}:*`)) return true;
-  if (userPermissions.includes(`${resource}:admin`)) return true;
-  return false;
-}
-function hasAnyRole(user, checkRoles) {
-  if (!user || !user.role) return false;
-  const hierarchy = getRoleHierarchy(user.role);
-  return checkRoles.some((role) => hierarchy.includes(role));
-}
-function getUserPermissions(user, rolePermissions = ROLE_PERMISSIONS) {
-  if (!user || !user.role) return [];
-  const hierarchy = getRoleHierarchy(user.role);
-  const permissions = /* @__PURE__ */ new Set();
-  for (const role of hierarchy) {
-    const rolePerms = rolePermissions[role];
-    if (rolePerms) {
-      for (const perm of rolePerms) {
-        permissions.add(perm);
-      }
-    }
-  }
-  return Array.from(permissions);
-}
-
 // src/auth/rls/tenant.ts
 var DEFAULT_RLS_CONFIG = {
   tenantEnabled: true,
@@ -336,7 +163,7 @@ function applyOwnershipRule(query, collection, context, config = DEFAULT_RLS_CON
   if (!rule) {
     return query;
   }
-  if (rule.bypassRoles && hasAnyRole({ role: context.role }, rule.bypassRoles)) {
+  if (rule.bypassRoles && chunkNKPKR5BW_cjs.hasAnyRole({ role: context.role }, rule.bypassRoles)) {
     return query;
   }
   if (rule.ownerField === "id" && context.userId) {
@@ -376,7 +203,7 @@ function canAccessDocument(doc, collection, context, config = DEFAULT_RLS_CONFIG
   if (!rule) {
     return true;
   }
-  if (rule.bypassRoles && hasAnyRole({ role: context.role }, rule.bypassRoles)) {
+  if (rule.bypassRoles && chunkNKPKR5BW_cjs.hasAnyRole({ role: context.role }, rule.bypassRoles)) {
     return true;
   }
   if (rule.ownerField === "id") {
@@ -392,6 +219,5 @@ exports.AbstractBaseAdapter = AbstractBaseAdapter;
 exports.DEFAULT_RLS_CONFIG = DEFAULT_RLS_CONFIG;
 exports.applyRLS = applyRLS;
 exports.canAccessDocument = canAccessDocument;
-exports.hasPermission = hasPermission;
-//# sourceMappingURL=chunk-SA7NSSIQ.cjs.map
-//# sourceMappingURL=chunk-SA7NSSIQ.cjs.map
+//# sourceMappingURL=chunk-GUUB5EAG.cjs.map
+//# sourceMappingURL=chunk-GUUB5EAG.cjs.map

package/dist/chunk-GUUB5EAG.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/database/base.ts","../src/auth/rls/tenant.ts"],"names":["hasAnyRole"],"mappings":";;;;;AAqBO,IAAe,sBAAf,MAA0D;AAAA,EACrD,WAAA,uBAAiD,GAAA,EAAI;AAAA,EACrD,OAAA,uBAAyC,GAAA,EAAI;AAAA,EAC7C,SAAA,GAAY,KAAA;AAAA,EACZ,aAAA;AAAA,EAKV,iBAAiB,OAAA,EAA0C;AACzD,IAAA,IAAA,CAAK,aAAA,GAAgB,OAAA;AAAA,EACvB;AAAA,EAEA,gBAAA,GAA8C;AAC5C,IAAA,OAAO,IAAA,CAAK,aAAA;AAAA,EACd;AAAA,EAEA,MAAM,IAAA,CAAK,WAAA,EAAiC,OAAA,GAA0B,EAAC,EAAkB;AACvF,IAAA,KAAA,MAAW,UAAU,WAAA,EAAa;AAChC,MAAA,IAAA,CAAK,WAAA,CAAY,GAAA,CAAI,MAAA,CAAO,IAAA,EAAM,MAAM,CAAA;AAAA,IAC1C;AACA,IAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,MAAA,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,MAAA,CAAO,IAAA,EAAM,MAAM,CAAA;AAAA,IACtC;AACA,IAAA,MAAM,KAAK,OAAA,EAAQ;AAAA,EACrB;AAAA;AAAA;AAAA;AAAA,EAyBU,cAAc,IAAA,EAAgC;AACtD,IAAA,MAAM,UAAA,GAAa,IAAA,CAAK,WAAA,CAAY,GAAA,CAAI,IAAI,CAAA;AAC5C,IAAA,IAAI,CAAC,UAAA,EAAY;AACf,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,YAAA,EAAe,IAAI,CAAA,sBAAA,CAAwB,CAAA;AAAA,IAC7D;AACA,IAAA,OAAO,UAAA;AAAA,EACT;AAAA,EAEU,iBAAA,CAAkB,KAAA,GAA6B,EAAC,EAAG,QAAA,EAAwC;AACnG,IAAA,IAAI,QAAA,EAAU;AACZ,MAAA,OAAO;AAAA,QACL,GAAG,KAAA;AAAA,QACH,QAAA,EAAU,EAAE,MAAA,EAAQ,QAAA;AAAS,OAC/B;AAAA,IACF;AACA,IAAA,OAAO,KAAA;AAAA,EACT;AAAA,EAEU,aAAa,IAAA,EAAsB;AAC3C,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAA;AAAA,EAC/B;AAAA,EAEU,WAAA,CAAY,MAA2B,UAAA,EAAmD;AAClG,IAAA,MAAM,QAAA,GAAgC,EAAE,GAAG,IAAA,EAAK;AAEhD,IAAA,IAAI,WAAW,UAAA,EAAY;AACzB,MAAA,QAAA,CAAS,SAAA,GAAA,iBAAY,IAAI,IAAA,EAAK,EAAE,WAAA,EAAY;AAC5C,MAAA,IAAI,CAAC,SAAS,SAAA,EAAW;AACvB,QAAA,QAAA,CAAS,SAAA,GAAA,iBAAY,IAAI,IAAA,EAAK,EAAE,WAAA,EAAY;AAAA,MAC9C;AAAA,IACF;AAGA,IAAA,IAAI,UAAA,CAAW,IAAA,IAAQ,QAAA,CAAS,QAAA,EAAU;AAI1C,IAAA,OAAO,QAAA;AAAA,EACT;AAAA,EAEU,oBAAA,CACR,IAAA,EACA,MAAA,EACA,KAAA,EACqB;AAErB,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEU,UAAU,IAAA,EAA6D;AAC/E,IAAA,IAAI,CAAC,IAAA,EAAM,OAAO,EAAE,KAAA,EAAO,WAAA,EAAa,WAAW,MAAA,EAAO;AAC1D,IAAA,IAAI,IAAA,CAAK,UAAA,CAAW,GAAG,CAAA,EAAG;AACxB,MAAA,OAAO,EAAE,KAAA,EAAO,IAAA,CAAK,MAAM,CAAC,CAAA,EAAG,WAAW,MAAA,EAAO;AAAA,IACnD;AACA,IAAA,OAAO,EAAE,KAAA,EAAO,IAAA,EAAM,SAAA,EAAW,KAAA,EAAM;AAAA,EACzC;AAAA,EAEU,mBAAA,CAAoB,IAAA,EAAc,KAAA,EAAe,SAAA,EAAmB;AAC5E,IAAA,MAAM,UAAA,GAAa,IAAA,CAAK,IAAA,CAAK,SAAA,GAAY,KAAK,CAAA;AAC9C,IAAA,OAAO;AAAA,MACL,SAAA;AAAA,MACA,KAAA;AAAA,MACA,UAAA;AAAA,MACA,IAAA;AAAA,MACA,aAAA,EAAA,CAAgB,IAAA,GAAO,CAAA,IAAK,KAAA,GAAQ,CAAA;AAAA,MACpC,aAAa,IAAA,GAAO,CAAA;AAAA,MACpB,aAAa,IAAA,GAAO,UAAA;AAAA,MACpB,QAAA,EAAU,IAAA,GAAO,CAAA,GAAI,IAAA,GAAO,CAAA,GAAI,IAAA;AAAA,MAChC,QAAA,EAAU,IAAA,GAAO,UAAA,GAAa,IAAA,GAAO,CAAA,GAAI;AAAA,KAC3C;AAAA,EACF;AAAA,EAEU,YAAA,CAAa,MAA2B,MAAA,EAAwC;AACxF,IAAA,IAAI,CAAC,MAAA,IAAU,MAAA,CAAO,MAAA,KAAW,GAAG,OAAO,IAAA;AAC3C,IAAA,MAAM,SAA8B,EAAC;AACrC,IAAA,KAAA,MAAW,SAAS,MAAA,EAAQ;AAC1B,MAAA,IAAI,SAAS,IAAA,EAAM;AACjB,QAAA,MAAA,CAAO,KAAK,CAAA,GAAI,IAAA,CAAK,KAAK,CAAA;AAAA,MAC5B;AAAA,IACF;AACA,IAAA,MAAA,CAAO,IAAI,IAAI,IAAA,CAAK,EAAA;AACpB,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEU,oBAAoB,KAAA,EAA0C;AACtE,IAAA,OAAO,MAAM,IAAA,KAAS,cAAA;AAAA,EACxB;AAAA,EAEU,cAAc,KAAA,EAAoC;AAC1D,IAAA,OAAO,MAAM,IAAA,KAAS,QAAA;AAAA,EACxB;AAAA,EAEU,sBAAsB,MAAA,EAAsC;AACpE,IAAA,MAAM,SAA8B,EAAC;AACrC,IAAA,KAAA,MAAW,SAAS,MAAA,EAAQ;AAC1B,MAAA,IAAI,KAAA,CAAM,SAAS,cAAA,EAAgB;AACjC,QAAA,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,MACnB,CAAA,MAAA,IAAW,QAAA,IAAY,KAAA,IAAS,KAAA,CAAM,MAAA,EAAQ;AAC5C,QAAA,MAAA,CAAO,KAAK,GAAG,IAAA,CAAK,qBAAA,CAAsB,KAAA,CAAM,MAAM,CAAC,CAAA;AAAA,MACzD;AAAA,IACF;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEU,gBAAgB,MAAA,EAAgC;AACxD,IAAA,MAAM,SAAwB,EAAC;AAC/B,IAAA,KAAA,MAAW,SAAS,MAAA,EAAQ;AAC1B,MAAA,IAAI,KAAA,CAAM,SAAS,QAAA,EAAU;AAC3B,QAAA,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,MACnB,CAAA,MAAA,IAAW,QAAA,IAAY,KAAA,IAAS,KAAA,CAAM,MAAA,EAAQ;AAC5C,QAAA,MAAA,CAAO,KAAK,GAAG,IAAA,CAAK,eAAA,CAAgB,KAAA,CAAM,MAAM,CAAC,CAAA;AAAA,MACnD;AAAA,IACF;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AACF;;;ACnKO,IAAM,kBAAA,GAAgC;AAAA,EAC3C,aAAA,EAAe,IAAA;AAAA,EACf,WAAA,EAAa,UAAA;AAAA,EACb,cAAA,EAAgB;AAAA,IACd,KAAA,EAAO;AAAA,MACL,UAAA,EAAY,UAAA;AAAA,MACZ,WAAA,EAAa,CAAC,aAAA,EAAe,OAAA,EAAS,QAAQ;AAAA,KAChD;AAAA,IACA,KAAA,EAAO;AAAA,MACL,UAAA,EAAY,UAAA;AAAA,MACZ,WAAA,EAAa,CAAC,aAAA,EAAe,OAAA,EAAS,QAAQ;AAAA,KAChD;AAAA,IACA,KAAA,EAAO;AAAA,MACL,UAAA,EAAY,YAAA;AAAA,MACZ,WAAA,EAAa,CAAC,aAAA,EAAe,OAAA,EAAS,QAAQ;AAAA,KAChD;AAAA,IACA,MAAA,EAAQ;AAAA,MACN,UAAA,EAAY,YAAA;AAAA,MACZ,WAAA,EAAa,CAAC,aAAA,EAAe,OAAA,EAAS,QAAQ;AAAA,KAChD;AAAA,IACA,SAAA,EAAW,EAAE,UAAA,EAAY,IAAA,EAAM,aAAa,CAAC,aAAA,EAAe,OAAO,CAAA,EAAE;AAAA,IACrE,UAAA,EAAY,EAAE,UAAA,EAAY,IAAA,EAAM,aAAa,CAAC,aAAA,EAAe,OAAO,CAAA;AAAE;AAE1E;AA0BO,SAAS,eAAA,CACd,KAAA,EACA,OAAA,EACA,MAAA,GAAoB,kBAAA,EACjB;AACH,EAAA,IAAI,CAAC,MAAA,CAAO,aAAA,IAAiB,OAAA,CAAQ,YAAA,EAAc;AACjD,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,OAAO;AAAA,IACL,GAAG,KAAA;AAAA,IACH,KAAA,EAAO;AAAA,MACL,GAAG,KAAA,CAAM,KAAA;AAAA,MACT,CAAC,MAAA,CAAO,WAAW,GAAG,OAAA,CAAQ;AAAA;AAChC,GACF;AACF;AAEO,SAAS,kBAAA,CACd,KAAA,EACA,UAAA,EACA,OAAA,EACA,SAAoB,kBAAA,EACC;AACrB,EAAA,MAAM,IAAA,GAAO,MAAA,CAAO,cAAA,CAAe,UAAU,CAAA;AAE7C,EAAA,IAAI,CAAC,IAAA,EAAM;AACT,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,IACE,IAAA,CAAK,WAAA,IACLA,4BAAA,CAAW,EAAE,IAAA,EAAM,QAAQ,IAAA,EAAK,EAAe,IAAA,CAAK,WAAW,CAAA,EAC/D;AACA,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,IAAI,IAAA,CAAK,UAAA,KAAe,IAAA,IAAQ,OAAA,CAAQ,MAAA,EAAQ;AAC9C,IAAA,OAAO;AAAA,MACL,GAAG,KAAA;AAAA,MACH,KAAA,EAAO;AAAA,QACL,GAAG,KAAA,CAAM,KAAA;AAAA,QACT,IAAI,OAAA,CAAQ;AAAA;AACd,KACF;AAAA,EACF;AAEA,EAAA,IAAI,IAAA,CAAK,UAAA,IAAc,OAAA,CAAQ,MAAA,EAAQ;AACrC,IAAA,OAAO;AAAA,MACL,GAAG,KAAA;AAAA,MACH,KAAA,EAAO;AAAA,QACL,GAAG,KAAA,CAAM,KAAA;AAAA,QACT,CAAC,IAAA,CAAK,UAAU,GAAG,OAAA,CAAQ;AAAA;AAC7B,KACF;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT;AAEO,SAAS,QAAA,CACd,KAAA,EACA,UAAA,EACA,OAAA,EACA,SAAoB,kBAAA,EACjB;AACH,EAAA,IAAI,MAAA,GAAS,KAAA;AAEb,EAAA,MAAA,GAAS,eAAA,CAAgB,MAAA,EAAQ,OAAA,EAAS,MAAM,CAAA;AAEhD,EAAA,MAAA,GAAS,kBAAA,CAAmB,MAAA,EAAQ,UAAA,EAAY,OAAA,EAAS,MAAM,CAAA;AAE/D,EAAA,OAAO,MAAA;AACT;AAEO,SAAS,iBAAA,CACd,GAAA,EACA,UAAA,EACA,OAAA,EACA,SAAoB,kBAAA,EACX;AACT,EAAA,IAAI,QAAQ,YAAA,EAAc;AACxB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI,OAAO,aAAA,IAAiB,GAAA,CAAI,OAAO,WAAW,CAAA,KAAM,QAAQ,QAAA,EAAU;AACxE,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,MAAM,IAAA,GAAO,MAAA,CAAO,cAAA,CAAe,UAAU,CAAA;AAE7C,EAAA,IAAI,CAAC,IAAA,EAAM;AACT,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IACE,IAAA,CAAK,WAAA,IACLA,4BAAA,CAAW,EAAE,IAAA,EAAM,QAAQ,IAAA,EAAK,EAAe,IAAA,CAAK,WAAW,CAAA,EAC/D;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI,IAAA,CAAK,eAAe,IAAA,EAAM;AAC5B,IAAA,OAAO,GAAA,CAAI,OAAO,OAAA,CAAQ,MAAA;AAAA,EAC5B;AAEA,EAAA,IAAI,KAAK,UAAA,EAAY;AACnB,IAAA,OAAO,GAAA,CAAI,IAAA,CAAK,UAAU,CAAA,KAAM,OAAA,CAAQ,MAAA;AAAA,EAC1C;AAEA,EAAA,OAAO,IAAA;AACT","file":"chunk-GUUB5EAG.cjs","sourcesContent":["import type {\n  BaseAdapter,\n  CollectionConfig,\n  GlobalConfig,\n  FindArgs,\n  FindByIDArgs,\n  CreateArgs,\n  UpdateArgs,\n  DeleteArgs,\n  FindResult,\n  VersionRecord,\n  CreateVersionArgs,\n  FindVersionsArgs,\n} from '../registry/types.js';\nimport type { Field, RelationshipField, UploadField } from '../fields/types.js';\nimport type { TenantContext } from '../auth/rls/tenant.js';\n\n// ============================================================================\n// Abstract Base Adapter\n// ============================================================================\n\nexport abstract class AbstractBaseAdapter implements BaseAdapter {\n  protected collections: Map<string, CollectionConfig> = new Map();\n  protected globals: Map<string, GlobalConfig> = new Map();\n  protected connected = false;\n  protected tenantContext?: TenantContext;\n\n  abstract connect(): Promise<void>;\n  abstract disconnect(): Promise<void>;\n\n  setTenantContext(context: TenantContext | undefined): void {\n    this.tenantContext = context;\n  }\n\n  getTenantContext(): TenantContext | undefined {\n    return this.tenantContext;\n  }\n\n  async init(collections: CollectionConfig[], globals: GlobalConfig[] = []): Promise<void> {\n    for (const config of collections) {\n      this.collections.set(config.slug, config);\n    }\n    for (const config of globals) {\n      this.globals.set(config.slug, config);\n    }\n    await this.connect();\n  }\n\n  abstract find<T>(args: FindArgs): Promise<FindResult<T>>;\n  abstract findByID<T>(args: FindByIDArgs): Promise<T | null>;\n  abstract create<T>(args: CreateArgs): Promise<T>;\n  abstract update<T>(args: UpdateArgs): Promise<T>;\n  abstract delete<T>(args: DeleteArgs): Promise<T>;\n  abstract count(args: { collection: string; where?: Record<string, any>; tenantID?: string }): Promise<number>;\n\n  abstract findOne(args: { collection: string; where: Record<string, any>; tenantID?: string; draft?: boolean }): Promise<any>;\n\n  abstract findVersions(args: FindVersionsArgs): Promise<FindResult<VersionRecord>>;\n  abstract findVersionByID(args: { collection: string; versionId: string; tenantID?: string }): Promise<VersionRecord | null>;\n  abstract createVersion<T = Record<string, any>>(args: CreateVersionArgs<T>): Promise<VersionRecord<T>>;\n  abstract updateLatestVersion<T = Record<string, any>>(args: CreateVersionArgs<T>): Promise<VersionRecord<T>>;\n  abstract deleteVersions(args: { collection: string; documentId: string; keepLatest?: number; tenantID?: string }): Promise<void>;\n\n  async migrate?(): Promise<void>;\n  async rollback?(): Promise<void>;\n  async transaction?<T>(fn: (tx: any) => Promise<T>): Promise<T>;\n\n  // ========================================================================\n  // Utility Methods\n  // ========================================================================\n\n  protected getCollection(slug: string): CollectionConfig {\n    const collection = this.collections.get(slug);\n    if (!collection) {\n      throw new Error(`Collection \"${slug}\" not found in adapter`);\n    }\n    return collection;\n  }\n\n  protected applyTenantFilter(where: Record<string, any> = {}, tenantID?: string): Record<string, any> {\n    if (tenantID) {\n      return {\n        ...where,\n        tenantID: { equals: tenantID },\n      };\n    }\n    return where;\n  }\n\n  protected getTableName(slug: string): string {\n    return slug.replace(/-/g, '_');\n  }\n\n  protected prepareData(data: Record<string, any>, collection: CollectionConfig): Record<string, any> {\n    const prepared: Record<string, any> = { ...data };\n    \n    if (collection.timestamps) {\n      prepared.updatedAt = new Date().toISOString();\n      if (!prepared.createdAt) {\n        prepared.createdAt = new Date().toISOString();\n      }\n    }\n\n    // Handle password hashing\n    if (collection.auth && prepared.password) {\n      // Password should be hashed before this point via hooks\n    }\n\n    return prepared;\n  }\n\n  protected processRelationships(\n    data: Record<string, any>,\n    fields: Field[],\n    depth: number\n  ): Record<string, any> {\n    // This is a base implementation - specific adapters override\n    return data;\n  }\n\n  protected parseSort(sort?: string): { field: string; direction: 'asc' | 'desc' } {\n    if (!sort) return { field: 'createdAt', direction: 'desc' };\n    if (sort.startsWith('-')) {\n      return { field: sort.slice(1), direction: 'desc' };\n    }\n    return { field: sort, direction: 'asc' };\n  }\n\n  protected calculatePagination(page: number, limit: number, totalDocs: number) {\n    const totalPages = Math.ceil(totalDocs / limit);\n    return {\n      totalDocs,\n      limit,\n      totalPages,\n      page,\n      pagingCounter: (page - 1) * limit + 1,\n      hasPrevPage: page > 1,\n      hasNextPage: page < totalPages,\n      prevPage: page > 1 ? page - 1 : null,\n      nextPage: page < totalPages ? page + 1 : null,\n    };\n  }\n\n  protected selectFields(data: Record<string, any>, select?: string[]): Record<string, any> {\n    if (!select || select.length === 0) return data;\n    const result: Record<string, any> = {};\n    for (const field of select) {\n      if (field in data) {\n        result[field] = data[field];\n      }\n    }\n    result['id'] = data.id;\n    return result;\n  }\n\n  protected isRelationshipField(field: Field): field is RelationshipField {\n    return field.type === 'relationship';\n  }\n\n  protected isUploadField(field: Field): field is UploadField {\n    return field.type === 'upload';\n  }\n\n  protected getRelationshipFields(fields: Field[]): RelationshipField[] {\n    const result: RelationshipField[] = [];\n    for (const field of fields) {\n      if (field.type === 'relationship') {\n        result.push(field);\n      } else if ('fields' in field && field.fields) {\n        result.push(...this.getRelationshipFields(field.fields));\n      }\n    }\n    return result;\n  }\n\n  protected getUploadFields(fields: Field[]): UploadField[] {\n    const result: UploadField[] = [];\n    for (const field of fields) {\n      if (field.type === 'upload') {\n        result.push(field);\n      } else if ('fields' in field && field.fields) {\n        result.push(...this.getUploadFields(field.fields));\n      }\n    }\n    return result;\n  }\n}\n","import type { AuthUser } from \"../types.js\";\nimport { hasAnyRole } from \"../rbac/checker.js\";\n\nexport interface TenantContext {\n  tenantId: string;\n  userId: string;\n  role?: string;\n  roles?: string[];\n  permissions?: string[];\n  isSuperAdmin?: boolean;\n}\n\nexport interface OwnershipRule {\n  ownerField: string;\n  bypassRoles?: string[];\n}\n\nexport interface RLSConfig {\n  tenantEnabled: boolean;\n  tenantField: string;\n  ownershipRules: Record<string, OwnershipRule>;\n}\n\nexport const DEFAULT_RLS_CONFIG: RLSConfig = {\n  tenantEnabled: true,\n  tenantField: \"tenantId\",\n  ownershipRules: {\n    posts: {\n      ownerField: \"authorId\",\n      bypassRoles: [\"super_admin\", \"admin\", \"editor\"],\n    },\n    pages: {\n      ownerField: \"authorId\",\n      bypassRoles: [\"super_admin\", \"admin\", \"editor\"],\n    },\n    media: {\n      ownerField: \"uploadedBy\",\n      bypassRoles: [\"super_admin\", \"admin\", \"editor\"],\n    },\n    orders: {\n      ownerField: \"customerId\",\n      bypassRoles: [\"super_admin\", \"admin\", \"editor\"],\n    },\n    customers: { ownerField: \"id\", bypassRoles: [\"super_admin\", \"admin\"] },\n    navigation: { ownerField: \"id\", bypassRoles: [\"super_admin\", \"admin\"] },\n  },\n};\n\nexport function createTenantContext(user: AuthUser | undefined): TenantContext {\n  if (!user) {\n    return {\n      tenantId: \"public\",\n      userId: \"anonymous\",\n      role: \"guest\",\n      roles: [\"guest\"],\n      permissions: [],\n      isSuperAdmin: false,\n    };\n  }\n\n  const isSuperAdmin = user.role === \"super_admin\";\n\n  return {\n    tenantId: user.tenantId || \"default\",\n    userId: user.id,\n    role: user.role,\n    roles: [user.role],\n    permissions: [],\n    isSuperAdmin,\n  };\n}\n\nexport function addTenantFilter<T extends Record<string, any>>(\n  query: T,\n  context: TenantContext,\n  config: RLSConfig = DEFAULT_RLS_CONFIG,\n): T {\n  if (!config.tenantEnabled || context.isSuperAdmin) {\n    return query;\n  }\n\n  return {\n    ...query,\n    where: {\n      ...query.where,\n      [config.tenantField]: context.tenantId,\n    },\n  };\n}\n\nexport function applyOwnershipRule(\n  query: Record<string, any>,\n  collection: string,\n  context: TenantContext,\n  config: RLSConfig = DEFAULT_RLS_CONFIG,\n): Record<string, any> {\n  const rule = config.ownershipRules[collection];\n\n  if (!rule) {\n    return query;\n  }\n\n  if (\n    rule.bypassRoles &&\n    hasAnyRole({ role: context.role } as AuthUser, rule.bypassRoles)\n  ) {\n    return query;\n  }\n\n  if (rule.ownerField === \"id\" && context.userId) {\n    return {\n      ...query,\n      where: {\n        ...query.where,\n        id: context.userId,\n      },\n    };\n  }\n\n  if (rule.ownerField && context.userId) {\n    return {\n      ...query,\n      where: {\n        ...query.where,\n        [rule.ownerField]: context.userId,\n      },\n    };\n  }\n\n  return query;\n}\n\nexport function applyRLS<T extends Record<string, any>>(\n  query: T,\n  collection: string,\n  context: TenantContext,\n  config: RLSConfig = DEFAULT_RLS_CONFIG,\n): T {\n  let result = query;\n\n  result = addTenantFilter(result, context, config) as T;\n\n  result = applyOwnershipRule(result, collection, context, config) as T;\n\n  return result;\n}\n\nexport function canAccessDocument(\n  doc: Record<string, any>,\n  collection: string,\n  context: TenantContext,\n  config: RLSConfig = DEFAULT_RLS_CONFIG,\n): boolean {\n  if (context.isSuperAdmin) {\n    return true;\n  }\n\n  if (config.tenantEnabled && doc[config.tenantField] !== context.tenantId) {\n    return false;\n  }\n\n  const rule = config.ownershipRules[collection];\n\n  if (!rule) {\n    return true;\n  }\n\n  if (\n    rule.bypassRoles &&\n    hasAnyRole({ role: context.role } as AuthUser, rule.bypassRoles)\n  ) {\n    return true;\n  }\n\n  if (rule.ownerField === \"id\") {\n    return doc.id === context.userId;\n  }\n\n  if (rule.ownerField) {\n    return doc[rule.ownerField] === context.userId;\n  }\n\n  return true;\n}\n\nexport function filterDocumentsByRLS(\n  docs: Record<string, any>[],\n  collection: string,\n  context: TenantContext,\n  config: RLSConfig = DEFAULT_RLS_CONFIG,\n): Record<string, any>[] {\n  if (context.isSuperAdmin) {\n    return docs;\n  }\n\n  return docs.filter((doc) =>\n    canAccessDocument(doc, collection, context, config),\n  );\n}\n\nexport function sanitizeDocumentByRLS(\n  doc: Record<string, any>,\n  collection: string,\n  context: TenantContext,\n  config: RLSConfig = DEFAULT_RLS_CONFIG,\n): Record<string, any> | null {\n  if (!canAccessDocument(doc, collection, context, config)) {\n    return null;\n  }\n\n  if (config.tenantEnabled && !context.isSuperAdmin) {\n    const { [config.tenantField]: _, ...rest } = doc;\n    return rest;\n  }\n\n  return doc;\n}\n\nexport class RLSPolicy {\n  private config: RLSConfig;\n\n  constructor(config: RLSConfig = DEFAULT_RLS_CONFIG) {\n    this.config = config;\n  }\n\n  setConfig(config: RLSConfig): void {\n    this.config = config;\n  }\n\n  getConfig(): RLSConfig {\n    return this.config;\n  }\n\n  addOwnershipRule(collection: string, rule: OwnershipRule): void {\n    this.config.ownershipRules[collection] = rule;\n  }\n\n  removeOwnershipRule(collection: string): void {\n    delete this.config.ownershipRules[collection];\n  }\n\n  createContext(user: AuthUser | undefined): TenantContext {\n    return createTenantContext(user);\n  }\n\n  apply<T extends Record<string, any>>(\n    query: T,\n    collection: string,\n    context: TenantContext,\n  ): T {\n    return applyRLS(query, collection, context, this.config);\n  }\n\n  canAccess(\n    doc: Record<string, any>,\n    collection: string,\n    context: TenantContext,\n  ): boolean {\n    return canAccessDocument(doc, collection, context, this.config);\n  }\n\n  filter(\n    docs: Record<string, any>[],\n    collection: string,\n    context: TenantContext,\n  ): Record<string, any>[] {\n    return filterDocumentsByRLS(docs, collection, context, this.config);\n  }\n\n  sanitize(\n    doc: Record<string, any>,\n    collection: string,\n    context: TenantContext,\n  ): Record<string, any> | null {\n    return sanitizeDocumentByRLS(doc, collection, context, this.config);\n  }\n}\n"]}

package/dist/{chunk-4DA7QPLA.cjs → chunk-GXFOGU7N.cjs}

@@ -57,6 +57,7 @@ var MongoDBAuthAdapter = class {
       email: data.email.toLowerCase(),
       passwordHash,
       role: data.role || "customer",
+      avatar: data.avatar || null,
       tenantId: data.tenantId || null,
       emailVerified: false,
       locked: false,
@@ -82,6 +83,7 @@ var MongoDBAuthAdapter = class {
     if (data.email !== void 0) setData.email = data.email;
     if (data.passwordHash !== void 0) setData.passwordHash = data.passwordHash;
     if (data.role !== void 0) setData.role = data.role;
+    if (data.avatar !== void 0) setData.avatar = data.avatar;
     if (data.tenantId !== void 0) setData.tenantId = data.tenantId;
     if (data.emailVerified !== void 0) setData.emailVerified = data.emailVerified;
     if (data.locked !== void 0) setData.locked = data.locked;
@@ -261,6 +263,7 @@ var MongoDBAuthAdapter = class {
       passwordHash: doc.passwordHash || void 0,
       role: doc.role,
       tenantId: doc.tenantId || void 0,
+      avatar: doc.avatar || void 0,
       emailVerified: doc.emailVerified || false,
       locked: doc.locked || false,
       lastLogin: doc.lastLogin?.toISOString?.() || doc.lastLogin || void 0,
@@ -352,5 +355,5 @@ function createMongoDBAuthAdapter(options) {
 
 exports.MongoDBAuthAdapter = MongoDBAuthAdapter;
 exports.createMongoDBAuthAdapter = createMongoDBAuthAdapter;
-//# sourceMappingURL=chunk-4DA7QPLA.cjs.map
-//# sourceMappingURL=chunk-4DA7QPLA.cjs.map
+//# sourceMappingURL=chunk-GXFOGU7N.cjs.map
+//# sourceMappingURL=chunk-GXFOGU7N.cjs.map