@kyro-cms/core 0.9.0 → 0.9.2

package/dist/chunk-KC2GDBLS.cjs

@@ -0,0 +1,84 @@
+'use strict';
+
+// src/templates/auth.ts
+var usersCollection = {
+  slug: "users",
+  label: "Users",
+  fields: [
+    { name: "name", type: "text", label: "Name" },
+    { name: "email", type: "email", required: true },
+    {
+      name: "passwordHash",
+      type: "text",
+      label: "Password Hash",
+      admin: { hidden: true }
+    },
+    {
+      name: "role",
+      type: "select",
+      options: [
+        { label: "Super Admin", value: "super_admin" },
+        { label: "Admin", value: "admin" },
+        { label: "Editor", value: "editor" },
+        { label: "Author", value: "author" },
+        { label: "Customer", value: "customer" },
+        { label: "Guest", value: "guest" }
+      ],
+      required: true
+    },
+    { name: "avatar", type: "upload", relationTo: "media", label: "Profile Picture" },
+    { name: "tenantId", type: "text", label: "Tenant" },
+    { name: "emailVerified", type: "checkbox", label: "Email Verified" },
+    { name: "locked", type: "checkbox" },
+    {
+      name: "lastLogin",
+      type: "date",
+      time: true,
+      label: "Last Login",
+      admin: { readOnly: true }
+    },
+    {
+      name: "failedLoginAttempts",
+      type: "number",
+      label: "Failed Login Attempts",
+      admin: { readOnly: true }
+    }
+  ],
+  timestamps: true,
+  admin: {
+    useAsTitle: "email",
+    defaultColumns: ["email", "role", "tenantId", "lastLogin"]
+  }
+};
+var auditLogsCollection = {
+  slug: "audit_logs",
+  label: "Audit Logs",
+  fields: [
+    { name: "action", type: "text", required: true },
+    { name: "userId", type: "text", label: "User ID" },
+    { name: "userEmail", type: "email", label: "User Email" },
+    { name: "role", type: "text" },
+    { name: "resource", type: "text", label: "Resource" },
+    { name: "ipAddress", type: "text", label: "IP Address" },
+    { name: "success", type: "checkbox" },
+    {
+      name: "timestamp",
+      type: "date",
+      time: true,
+      required: true,
+      admin: { readOnly: true }
+    }
+  ],
+  admin: {
+    defaultColumns: ["action", "userEmail", "resource", "success", "timestamp"]
+  }
+};
+var authCollections = {
+  users: usersCollection,
+  audit_logs: auditLogsCollection
+};
+
+exports.authCollections = authCollections;
+exports.usersCollection = usersCollection;
+//# sourceMappingURL=chunk-KC2GDBLS.cjs.map
+//# sourceMappingURL=chunk-KC2GDBLS.cjs.map

package/dist/chunk-KC2GDBLS.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/templates/auth.ts"],"names":[],"mappings":";;;AAEO,IAAM,eAAA,GAAoC;AAAA,EAC/C,IAAA,EAAM,OAAA;AAAA,EACN,KAAA,EAAO,OAAA;AAAA,EACP,MAAA,EAAQ;AAAA,IACN,EAAE,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,MAAA,EAAQ,OAAO,MAAA,EAAO;AAAA,IAC5C,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,OAAA,EAAS,UAAU,IAAA,EAAK;AAAA,IAC/C;AAAA,MACE,IAAA,EAAM,cAAA;AAAA,MACN,IAAA,EAAM,MAAA;AAAA,MACN,KAAA,EAAO,eAAA;AAAA,MACP,KAAA,EAAO,EAAE,MAAA,EAAQ,IAAA;AAAK,KACxB;AAAA,IACA;AAAA,MACE,IAAA,EAAM,MAAA;AAAA,MACN,IAAA,EAAM,QAAA;AAAA,MACN,OAAA,EAAS;AAAA,QACP,EAAE,KAAA,EAAO,aAAA,EAAe,KAAA,EAAO,aAAA,EAAc;AAAA,QAC7C,EAAE,KAAA,EAAO,OAAA,EAAS,KAAA,EAAO,OAAA,EAAQ;AAAA,QACjC,EAAE,KAAA,EAAO,QAAA,EAAU,KAAA,EAAO,QAAA,EAAS;AAAA,QACnC,EAAE,KAAA,EAAO,QAAA,EAAU,KAAA,EAAO,QAAA,EAAS;AAAA,QACnC,EAAE,KAAA,EAAO,UAAA,EAAY,KAAA,EAAO,UAAA,EAAW;AAAA,QACvC,EAAE,KAAA,EAAO,OAAA,EAAS,KAAA,EAAO,OAAA;AAAQ,OACnC;AAAA,MACA,QAAA,EAAU;AAAA,KACZ;AAAA,IACA,EAAE,MAAM,QAAA,EAAU,IAAA,EAAM,UAAU,UAAA,EAAY,OAAA,EAAS,OAAO,iBAAA,EAAkB;AAAA,IAChF,EAAE,IAAA,EAAM,UAAA,EAAY,IAAA,EAAM,MAAA,EAAQ,OAAO,QAAA,EAAS;AAAA,IAClD,EAAE,IAAA,EAAM,eAAA,EAAiB,IAAA,EAAM,UAAA,EAAY,OAAO,gBAAA,EAAiB;AAAA,IACnE,EAAE,IAAA,EAAM,QAAA,EAAU,IAAA,EAAM,UAAA,EAAW;AAAA,IACnC;AAAA,MACE,IAAA,EAAM,WAAA;AAAA,MACN,IAAA,EAAM,MAAA;AAAA,MACN,IAAA,EAAM,IAAA;AAAA,MACN,KAAA,EAAO,YAAA;AAAA,MACP,KAAA,EAAO,EAAE,QAAA,EAAU,IAAA;AAAK,KAC1B;AAAA,IACA;AAAA,MACE,IAAA,EAAM,qBAAA;AAAA,MACN,IAAA,EAAM,QAAA;AAAA,MACN,KAAA,EAAO,uBAAA;AAAA,MACP,KAAA,EAAO,EAAE,QAAA,EAAU,IAAA;AAAK;AAC1B,GACF;AAAA,EACA,UAAA,EAAY,IAAA;AAAA,EACZ,KAAA,EAAO;AAAA,IACL,UAAA,EAAY,OAAA;AAAA,IACZ,cAAA,EAAgB,CAAC,OAAA,EAAS,MAAA,EAAQ,YAAY,WAAW;AAAA;AAE7D;AAEO,IAAM,mBAAA,GAAwC;AAAA,EACnD,IAAA,EAAM,YAAA;AAAA,EACN,KAAA,EAAO,YAAA;AAAA,EACP,MAAA,EAAQ;AAAA,IACN,EAAE,IAAA,EAAM,QAAA,EAAU,IAAA,EAAM,MAAA,EAAQ,UAAU,IAAA,EAAK;AAAA,IAC/C,EAAE,IAAA,EAAM,QAAA,EAAU,IAAA,EAAM,MAAA,EAAQ,OAAO,SAAA,EAAU;AAAA,IACjD,EAAE,IAAA,EAAM,WAAA,EAAa,IAAA,EAAM,OAAA,EAAS,OAAO,YAAA,EAAa;AAAA,IACxD,EAAE,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,MAAA,EAAO;AAAA,IAC7B,EAAE,IAAA,EAAM,UAAA,EAAY,IAAA,EAAM,MAAA,EAAQ,OAAO,UAAA,EAAW;AAAA,IACpD,EAAE,IAAA,EAAM,WAAA,EAAa,IAAA,EAAM,MAAA,EAAQ,OAAO,YAAA,EAAa;AAAA,IACvD,EAAE,IAAA,EAAM,SAAA,EAAW,IAAA,EAAM,UAAA,EAAW;AAAA,IACpC;AAAA,MACE,IAAA,EAAM,WAAA;AAAA,MACN,IAAA,EAAM,MAAA;AAAA,MACN,IAAA,EAAM,IAAA;AAAA,MACN,QAAA,EAAU,IAAA;AAAA,MACV,KAAA,EAAO,EAAE,QAAA,EAAU,IAAA;AAAK;AAC1B,GACF;AAAA,EACA,KAAA,EAAO;AAAA,IACL,gBAAgB,CAAC,QAAA,EAAU,WAAA,EAAa,UAAA,EAAY,WAAW,WAAW;AAAA;AAE9E,CAAA;AAEO,IAAM,eAAA,GAAkB;AAAA,EAC7B,KAAA,EAAO,eAAA;AAAA,EACP,UAAA,EAAY;AACd","file":"chunk-KC2GDBLS.cjs","sourcesContent":["import type { CollectionConfig } from \"../registry/types.js\";\n\nexport const usersCollection: CollectionConfig = {\n  slug: \"users\",\n  label: \"Users\",\n  fields: [\n    { name: \"name\", type: \"text\", label: \"Name\" },\n    { name: \"email\", type: \"email\", required: true },\n    {\n      name: \"passwordHash\",\n      type: \"text\",\n      label: \"Password Hash\",\n      admin: { hidden: true },\n    },\n    {\n      name: \"role\",\n      type: \"select\",\n      options: [\n        { label: \"Super Admin\", value: \"super_admin\" },\n        { label: \"Admin\", value: \"admin\" },\n        { label: \"Editor\", value: \"editor\" },\n        { label: \"Author\", value: \"author\" },\n        { label: \"Customer\", value: \"customer\" },\n        { label: \"Guest\", value: \"guest\" },\n      ],\n      required: true,\n    },\n    { name: \"avatar\", type: \"upload\", relationTo: \"media\", label: \"Profile Picture\" },\n    { name: \"tenantId\", type: \"text\", label: \"Tenant\" },\n    { name: \"emailVerified\", type: \"checkbox\", label: \"Email Verified\" },\n    { name: \"locked\", type: \"checkbox\" },\n    {\n      name: \"lastLogin\",\n      type: \"date\",\n      time: true,\n      label: \"Last Login\",\n      admin: { readOnly: true },\n    },\n    {\n      name: \"failedLoginAttempts\",\n      type: \"number\",\n      label: \"Failed Login Attempts\",\n      admin: { readOnly: true },\n    },\n  ],\n  timestamps: true,\n  admin: {\n    useAsTitle: \"email\",\n    defaultColumns: [\"email\", \"role\", \"tenantId\", \"lastLogin\"],\n  },\n};\n\nexport const auditLogsCollection: CollectionConfig = {\n  slug: \"audit_logs\",\n  label: \"Audit Logs\",\n  fields: [\n    { name: \"action\", type: \"text\", required: true },\n    { name: \"userId\", type: \"text\", label: \"User ID\" },\n    { name: \"userEmail\", type: \"email\", label: \"User Email\" },\n    { name: \"role\", type: \"text\" },\n    { name: \"resource\", type: \"text\", label: \"Resource\" },\n    { name: \"ipAddress\", type: \"text\", label: \"IP Address\" },\n    { name: \"success\", type: \"checkbox\" },\n    {\n      name: \"timestamp\",\n      type: \"date\",\n      time: true,\n      required: true,\n      admin: { readOnly: true },\n    },\n  ],\n  admin: {\n    defaultColumns: [\"action\", \"userEmail\", \"resource\", \"success\", \"timestamp\"],\n  },\n};\n\nexport const authCollections = {\n  users: usersCollection,\n  audit_logs: auditLogsCollection,\n};\n"]}

package/dist/{chunk-QUW2RZTM.cjs → chunk-L46ROHUS.cjs}

@@ -11,15 +11,15 @@ var fs__default = /*#__PURE__*/_interopDefault(fs);
 
 // src/integration.ts
 var API_HANDLER_ENTRYPOINT = path__default.default.resolve(
-  new URL(".", (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('chunk-QUW2RZTM.cjs', document.baseURI).href))).pathname,
+  new URL(".", (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('chunk-L46ROHUS.cjs', document.baseURI).href))).pathname,
   "api-handler.js"
 );
 var GRAPHQL_HANDLER_ENTRYPOINT = path__default.default.resolve(
-  new URL(".", (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('chunk-QUW2RZTM.cjs', document.baseURI).href))).pathname,
+  new URL(".", (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('chunk-L46ROHUS.cjs', document.baseURI).href))).pathname,
   "api-handler-graphql.js"
 );
 var TRPC_HANDLER_ENTRYPOINT = path__default.default.resolve(
-  new URL(".", (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('chunk-QUW2RZTM.cjs', document.baseURI).href))).pathname,
+  new URL(".", (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('chunk-L46ROHUS.cjs', document.baseURI).href))).pathname,
   "api-handler-trpc.js"
 );
 function kyro(options = {}) {
@@ -47,6 +47,47 @@ function kyro(options = {}) {
         }
         updateConfig({
           vite: {
+            plugins: [
+              {
+                name: "use-sync-external-store-shim-fix",
+                enforce: "pre",
+                resolveId(id) {
+                  if (id === "use-sync-external-store/shim" || id === "use-sync-external-store/shim/index.js") {
+                    return "\0virtual:use-sync-external-store-shim";
+                  }
+                  if (id === "use-sync-external-store/shim/with-selector" || id === "use-sync-external-store/shim/with-selector.js") {
+                    return "\0virtual:use-sync-external-store-shim-with-selector";
+                  }
+                },
+                load(id) {
+                  if (id === "\0virtual:use-sync-external-store-shim") {
+                    return `export { useSyncExternalStore } from "react";`;
+                  }
+                  if (id === "\0virtual:use-sync-external-store-shim-with-selector") {
+                    return `
+import { useSyncExternalStore, useMemo } from "react";
+export function useSyncExternalStoreWithSelector(subscribe, getSnapshot, getServerSnapshot, selector, isEqual) {
+  const memoizedSelector = useMemo(() => {
+    let last, lastSnap, hasMemo = false;
+    return (snap) => {
+      if (!hasMemo || !Object.is(lastSnap, snap)) {
+        const next = selector(snap);
+        if (!hasMemo || !(isEqual ? isEqual(last, next) : Object.is(last, next))) {
+          last = next; lastSnap = snap; hasMemo = true;
+        }
+      }
+      return last;
+    };
+  }, [selector, isEqual]);
+  const getSelection = () => memoizedSelector(getSnapshot());
+  const getServerSelection = getServerSnapshot != null ? () => memoizedSelector(getServerSnapshot()) : undefined;
+  return useSyncExternalStore(subscribe, getSelection, getServerSelection);
+}
+`;
+                  }
+                }
+              }
+            ],
             resolve: {
               alias: {
                 "kyro:config": finalConfigPath
@@ -54,7 +95,10 @@ function kyro(options = {}) {
             },
             define: {
               __KYRO_API_PATH__: JSON.stringify(apiPath),
-              __KYRO_ADMIN_PATH__: JSON.stringify(adminPath)
+              __KYRO_ADMIN_PATH__: JSON.stringify(adminPath),
+              __KYRO_ENABLE_GRAPHQL__: JSON.stringify(enableGraphQL),
+              __KYRO_ENABLE_TRPC__: JSON.stringify(enableTRPC),
+              __KYRO_ENABLE_WS__: JSON.stringify(enableWebSocket)
             }
           }
         });
@@ -77,7 +121,7 @@ function kyro(options = {}) {
           logger.info(`tRPC endpoint enabled at ${apiPath}/trpc`);
         }
         if (enableWebSocket) {
-          logger.info(`WebSocket support will be initialized at runtime`);
+          logger.info(`WebSocket support enabled (auto-starts at first request)`);
         }
       }
     }
@@ -85,5 +129,5 @@ function kyro(options = {}) {
 }
 
 exports.kyro = kyro;
-//# sourceMappingURL=chunk-QUW2RZTM.cjs.map
-//# sourceMappingURL=chunk-QUW2RZTM.cjs.map
+//# sourceMappingURL=chunk-L46ROHUS.cjs.map
+//# sourceMappingURL=chunk-L46ROHUS.cjs.map

package/dist/chunk-L46ROHUS.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/integration.ts"],"names":["path","fs"],"mappings":";;;;;;;;;;;;AAIA,IAAM,yBAAyBA,qBAAA,CAAK,OAAA;AAAA,EAClC,IAAI,GAAA,CAAI,GAAA,EAAK,oQAAe,CAAA,CAAE,QAAA;AAAA,EAC9B;AACF,CAAA;AACA,IAAM,6BAA6BA,qBAAA,CAAK,OAAA;AAAA,EACtC,IAAI,GAAA,CAAI,GAAA,EAAK,oQAAe,CAAA,CAAE,QAAA;AAAA,EAC9B;AACF,CAAA;AACA,IAAM,0BAA0BA,qBAAA,CAAK,OAAA;AAAA,EACnC,IAAI,GAAA,CAAI,GAAA,EAAK,oQAAe,CAAA,CAAE,QAAA;AAAA,EAC9B;AACF,CAAA;AAYe,SAAR,IAAA,CAAsB,OAAA,GAAkC,EAAC,EAAqB;AACnF,EAAA,MAAM;AAAA,IACJ,UAAA,GAAa,kBAAA;AAAA,IACb,OAAA,GAAU,MAAA;AAAA,IACV,SAAA,GAAY,QAAA;AAAA,IACZ,KAAA,GAAQ,IAAA;AAAA,IACR,aAAA,GAAgB,KAAA;AAAA,IAChB,UAAA,GAAa,KAAA;AAAA,IACb,eAAA,GAAkB;AAAA,GACpB,GAAI,OAAA;AAEJ,EAAA,OAAO;AAAA,IACL,IAAA,EAAM,gBAAA;AAAA,IACN,KAAA,EAAO;AAAA,MACL,sBAAsB,OAAO,EAAE,QAAQ,YAAA,EAAc,WAAA,EAAa,QAAO,KAAM;AAC7E,QAAA,MAAA,CAAO,IAAA,CAAK,CAAA,0BAAA,EAA6B,OAAO,CAAA,SAAA,EAAY,SAAS,CAAA,CAAA,CAAG,CAAA;AAExE,QAAA,IAAI,YAAY,SAAA,EAAW;AACzB,UAAA,MAAM,IAAI,KAAA,CAAM,CAAA,qDAAA,EAAwD,OAAO,CAAA,EAAA,CAAI,CAAA;AAAA,QACrF;AAEA,QAAA,MAAM,qBAAqBA,qBAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,IAAA,CAAK,UAAU,UAAU,CAAA;AAExE,QAAA,IAAI,eAAA,GAAkB,kBAAA;AACtB,QAAA,IAAI,CAACC,mBAAA,CAAG,UAAA,CAAW,kBAAkB,CAAA,EAAG;AACtC,UAAA,MAAA,CAAO,IAAA,CAAK,CAAA,8BAAA,EAAiC,UAAU,CAAA,sDAAA,CAAwD,CAAA;AAAA,QACjH;AAEA,QAAA,YAAA,CAAa;AAAA,UACX,IAAA,EAAM;AAAA,YACJ,OAAA,EAAS;AAAA,cACP;AAAA,gBACE,IAAA,EAAM,kCAAA;AAAA,gBACN,OAAA,EAAS,KAAA;AAAA,gBACT,UAAU,EAAA,EAAY;AACpB,kBAAA,IACE,EAAA,KAAO,8BAAA,IACP,EAAA,KAAO,uCAAA,EACP;AACA,oBAAA,OAAO,wCAAA;AAAA,kBACT;AACA,kBAAA,IACE,EAAA,KAAO,4CAAA,IACP,EAAA,KAAO,+CAAA,EACP;AACA,oBAAA,OAAO,sDAAA;AAAA,kBACT;AAAA,gBACF,CAAA;AAAA,gBACA,KAAK,EAAA,EAAY;AACf,kBAAA,IAAI,OAAO,wCAAA,EAA0C;AACnD,oBAAA,OAAO,CAAA,6CAAA,CAAA;AAAA,kBACT;AACA,kBAAA,IAAI,OAAO,sDAAA,EAAwD;AACjE,oBAAA,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,CAAA;AAAA,kBAoBT;AAAA,gBACF;AAAA;AACF,aACF;AAAA,YACA,OAAA,EAAS;AAAA,cACP,KAAA,EAAO;AAAA,gBACL,aAAA,EAAe;AAAA;AACjB,aACF;AAAA,YACA,MAAA,EAAQ;AAAA,cACN,iBAAA,EAAmB,IAAA,CAAK,SAAA,CAAU,OAAO,CAAA;AAAA,cACzC,mBAAA,EAAqB,IAAA,CAAK,SAAA,CAAU,SAAS,CAAA;AAAA,cAC7C,uBAAA,EAAyB,IAAA,CAAK,SAAA,CAAU,aAAa,CAAA;AAAA,cACrD,oBAAA,EAAsB,IAAA,CAAK,SAAA,CAAU,UAAU,CAAA;AAAA,cAC/C,kBAAA,EAAoB,IAAA,CAAK,SAAA,CAAU,eAAe;AAAA;AACpD;AACF,SACD,CAAA;AAED,QAAA,WAAA,CAAY;AAAA,UACV,OAAA,EAAS,GAAG,OAAO,CAAA,UAAA,CAAA;AAAA,UACnB,UAAA,EAAY;AAAA,SACb,CAAA;AAED,QAAA,IAAI,aAAA,EAAe;AACjB,UAAA,WAAA,CAAY;AAAA,YACV,OAAA,EAAS,GAAG,OAAO,CAAA,QAAA,CAAA;AAAA,YACnB,UAAA,EAAY;AAAA,WACb,CAAA;AACD,UAAA,MAAA,CAAO,IAAA,CAAK,CAAA,4BAAA,EAA+B,OAAO,CAAA,QAAA,CAAU,CAAA;AAAA,QAC9D;AAEA,QAAA,IAAI,UAAA,EAAY;AACd,UAAA,WAAA,CAAY;AAAA,YACV,OAAA,EAAS,GAAG,OAAO,CAAA,eAAA,CAAA;AAAA,YACnB,UAAA,EAAY;AAAA,WACb,CAAA;AACD,UAAA,MAAA,CAAO,IAAA,CAAK,CAAA,yBAAA,EAA4B,OAAO,CAAA,KAAA,CAAO,CAAA;AAAA,QACxD;AAEA,QAAA,IAAI,eAAA,EAAiB;AACnB,UAAA,MAAA,CAAO,KAAK,CAAA,wDAAA,CAA0D,CAAA;AAAA,QACxE;AAAA,MACF;AAAA;AACF,GACF;AACF","file":"chunk-L46ROHUS.cjs","sourcesContent":["import type { AstroIntegration } from \"astro\";\nimport path from \"path\";\nimport fs from \"fs\";\n\nconst API_HANDLER_ENTRYPOINT = path.resolve(\n  new URL(\".\", import.meta.url).pathname,\n  \"api-handler.js\",\n);\nconst GRAPHQL_HANDLER_ENTRYPOINT = path.resolve(\n  new URL(\".\", import.meta.url).pathname,\n  \"api-handler-graphql.js\",\n);\nconst TRPC_HANDLER_ENTRYPOINT = path.resolve(\n  new URL(\".\", import.meta.url).pathname,\n  \"api-handler-trpc.js\",\n);\n\nexport interface KyroIntegrationOptions {\n  configPath?: string;\n  apiPath?: string;\n  adminPath?: string;\n  admin?: boolean;\n  enableGraphQL?: boolean;\n  enableTRPC?: boolean;\n  enableWebSocket?: boolean;\n}\n\nexport default function kyro(options: KyroIntegrationOptions = {}): AstroIntegration {\n  const {\n    configPath = \"./kyro.config.ts\",\n    apiPath = \"/api\",\n    adminPath = \"/admin\",\n    admin = true,\n    enableGraphQL = false,\n    enableTRPC = false,\n    enableWebSocket = false,\n  } = options;\n\n  return {\n    name: \"@kyro-cms/core\",\n    hooks: {\n      \"astro:config:setup\": async ({ config, updateConfig, injectRoute, logger }) => {\n        logger.info(`Setting up Kyro CMS (API: ${apiPath}, Admin: ${adminPath})`);\n \n        if (apiPath === adminPath) {\n          throw new Error(`Kyro CMS: apiPath and adminPath cannot be the same (\"${apiPath}\")`);\n        }\n\n        const resolvedConfigPath = path.resolve(config.root.pathname, configPath);\n        \n        let finalConfigPath = resolvedConfigPath;\n        if (!fs.existsSync(resolvedConfigPath)) {\n          logger.warn(`Kyro config file not found at ${configPath}. The API will fail to boot if collections are needed.`);\n        }\n \n        updateConfig({\n          vite: {\n            plugins: [\n              {\n                name: \"use-sync-external-store-shim-fix\",\n                enforce: \"pre\" as const,\n                resolveId(id: string) {\n                  if (\n                    id === \"use-sync-external-store/shim\" ||\n                    id === \"use-sync-external-store/shim/index.js\"\n                  ) {\n                    return \"\\0virtual:use-sync-external-store-shim\";\n                  }\n                  if (\n                    id === \"use-sync-external-store/shim/with-selector\" ||\n                    id === \"use-sync-external-store/shim/with-selector.js\"\n                  ) {\n                    return \"\\0virtual:use-sync-external-store-shim-with-selector\";\n                  }\n                },\n                load(id: string) {\n                  if (id === \"\\0virtual:use-sync-external-store-shim\") {\n                    return `export { useSyncExternalStore } from \"react\";`;\n                  }\n                  if (id === \"\\0virtual:use-sync-external-store-shim-with-selector\") {\n                    return `\nimport { useSyncExternalStore, useMemo } from \"react\";\nexport function useSyncExternalStoreWithSelector(subscribe, getSnapshot, getServerSnapshot, selector, isEqual) {\n  const memoizedSelector = useMemo(() => {\n    let last, lastSnap, hasMemo = false;\n    return (snap) => {\n      if (!hasMemo || !Object.is(lastSnap, snap)) {\n        const next = selector(snap);\n        if (!hasMemo || !(isEqual ? isEqual(last, next) : Object.is(last, next))) {\n          last = next; lastSnap = snap; hasMemo = true;\n        }\n      }\n      return last;\n    };\n  }, [selector, isEqual]);\n  const getSelection = () => memoizedSelector(getSnapshot());\n  const getServerSelection = getServerSnapshot != null ? () => memoizedSelector(getServerSnapshot()) : undefined;\n  return useSyncExternalStore(subscribe, getSelection, getServerSelection);\n}\n`;\n                  }\n                },\n              },\n            ],\n            resolve: {\n              alias: {\n                \"kyro:config\": finalConfigPath,\n              },\n            },\n            define: {\n              __KYRO_API_PATH__: JSON.stringify(apiPath),\n              __KYRO_ADMIN_PATH__: JSON.stringify(adminPath),\n              __KYRO_ENABLE_GRAPHQL__: JSON.stringify(enableGraphQL),\n              __KYRO_ENABLE_TRPC__: JSON.stringify(enableTRPC),\n              __KYRO_ENABLE_WS__: JSON.stringify(enableWebSocket),\n            },\n          },\n        });\n \n        injectRoute({\n          pattern: `${apiPath}/[...path]`,\n          entrypoint: API_HANDLER_ENTRYPOINT,\n        });\n\n        if (enableGraphQL) {\n          injectRoute({\n            pattern: `${apiPath}/graphql`,\n            entrypoint: GRAPHQL_HANDLER_ENTRYPOINT,\n          });\n          logger.info(`GraphQL endpoint enabled at ${apiPath}/graphql`);\n        }\n\n        if (enableTRPC) {\n          injectRoute({\n            pattern: `${apiPath}/trpc/[...path]`,\n            entrypoint: TRPC_HANDLER_ENTRYPOINT,\n          });\n          logger.info(`tRPC endpoint enabled at ${apiPath}/trpc`);\n        }\n\n        if (enableWebSocket) {\n          logger.info(`WebSocket support enabled (auto-starts at first request)`);\n        }\n      },\n    },\n  };\n}\n"]}

package/dist/chunk-L4EZKIEX.js

@@ -0,0 +1,185 @@
+// src/auth/rbac/roles.ts
+var DEFAULT_ROLES = [
+  {
+    name: "super_admin",
+    level: 100,
+    inherits: [],
+    description: "Full system access across all tenants"
+  },
+  {
+    name: "admin",
+    level: 90,
+    inherits: ["editor"],
+    description: "Full tenant access with all content permissions"
+  },
+  {
+    name: "editor",
+    level: 70,
+    inherits: ["author"],
+    description: "Edit and publish all content"
+  },
+  {
+    name: "author",
+    level: 50,
+    inherits: ["customer"],
+    description: "Create and edit own content"
+  },
+  {
+    name: "customer",
+    level: 30,
+    inherits: [],
+    description: "Access own data and make purchases"
+  },
+  {
+    name: "guest",
+    level: 10,
+    inherits: [],
+    description: "Public read-only access"
+  }
+];
+var ROLE_PERMISSIONS = {
+  super_admin: ["*"],
+  admin: [
+    "users:admin",
+    "users:read",
+    "users:update",
+    "audit_logs:read",
+    "posts:admin",
+    "posts:read",
+    "posts:create",
+    "posts:update",
+    "posts:delete",
+    "pages:admin",
+    "pages:read",
+    "pages:create",
+    "pages:update",
+    "pages:delete",
+    "media:admin",
+    "media:read",
+    "media:create",
+    "media:update",
+    "media:delete",
+    "categories:admin",
+    "categories:read",
+    "categories:create",
+    "categories:update",
+    "categories:delete",
+    "products:admin",
+    "products:read",
+    "products:create",
+    "products:update",
+    "products:delete",
+    "orders:admin",
+    "orders:read",
+    "orders:update",
+    "customers:admin",
+    "customers:read",
+    "customers:update",
+    "coupons:admin",
+    "coupons:read",
+    "coupons:create",
+    "coupons:update",
+    "coupons:delete",
+    "navigation:admin",
+    "navigation:read",
+    "navigation:create",
+    "navigation:update",
+    "navigation:delete",
+    "settings:admin",
+    "settings:read",
+    "settings:update",
+    "profile:admin",
+    "profile:read",
+    "profile:update"
+  ],
+  editor: [
+    "posts:admin",
+    "posts:read",
+    "posts:create",
+    "posts:update",
+    "posts:delete",
+    "pages:admin",
+    "pages:read",
+    "pages:create",
+    "pages:update",
+    "pages:delete",
+    "media:read",
+    "media:create",
+    "media:update",
+    "categories:read",
+    "categories:create",
+    "categories:update",
+    "products:read",
+    "orders:read",
+    "orders:update",
+    "navigation:read",
+    "navigation:create",
+    "navigation:update",
+    "profile:read",
+    "profile:update"
+  ],
+  author: [
+    "posts:read",
+    "posts:create",
+    "posts:update",
+    "media:read",
+    "media:create",
+    "categories:read",
+    "profile:read",
+    "profile:update"
+  ],
+  customer: ["profile:read", "profile:update", "orders:read", "orders:create"],
+  guest: ["posts:read", "pages:read", "products:read"]
+};
+function getRoleHierarchy(role, roles = DEFAULT_ROLES) {
+  const hierarchy = [role];
+  const roleMap = new Map(roles.map((r) => [r.name, r]));
+  const addInherited = (r) => {
+    const roleData = roleMap.get(r);
+    if (roleData && roleData.inherits) {
+      for (const inherited of roleData.inherits) {
+        if (!hierarchy.includes(inherited)) {
+          hierarchy.push(inherited);
+          addInherited(inherited);
+        }
+      }
+    }
+  };
+  addInherited(role);
+  return hierarchy;
+}
+
+// src/auth/rbac/checker.ts
+function hasPermission(user, permission, rolePermissions = ROLE_PERMISSIONS) {
+  if (!user || !user.role) return false;
+  const userPermissions = getUserPermissions(user, rolePermissions);
+  if (userPermissions.includes("*")) return true;
+  if (userPermissions.includes(permission)) return true;
+  const [resource, action] = permission.split(":");
+  if (userPermissions.includes(`${resource}:*`)) return true;
+  if (userPermissions.includes(`${resource}:admin`)) return true;
+  return false;
+}
+function hasAnyRole(user, checkRoles) {
+  if (!user || !user.role) return false;
+  const hierarchy = getRoleHierarchy(user.role);
+  return checkRoles.some((role) => hierarchy.includes(role));
+}
+function getUserPermissions(user, rolePermissions = ROLE_PERMISSIONS) {
+  if (!user || !user.role) return [];
+  const hierarchy = getRoleHierarchy(user.role);
+  const permissions = /* @__PURE__ */ new Set();
+  for (const role of hierarchy) {
+    const rolePerms = rolePermissions[role];
+    if (rolePerms) {
+      for (const perm of rolePerms) {
+        permissions.add(perm);
+      }
+    }
+  }
+  return Array.from(permissions);
+}
+
+export { hasAnyRole, hasPermission };
+//# sourceMappingURL=chunk-L4EZKIEX.js.map
+//# sourceMappingURL=chunk-L4EZKIEX.js.map

package/dist/chunk-L4EZKIEX.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/auth/rbac/roles.ts","../src/auth/rbac/checker.ts"],"names":[],"mappings":";AAmCO,IAAM,aAAA,GAAwB;AAAA,EACnC;AAAA,IACE,IAAA,EAAM,aAAA;AAAA,IACN,KAAA,EAAO,GAAA;AAAA,IACP,UAAU,EAAC;AAAA,IACX,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,IAAA,EAAM,OAAA;AAAA,IACN,KAAA,EAAO,EAAA;AAAA,IACP,QAAA,EAAU,CAAC,QAAQ,CAAA;AAAA,IACnB,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,IAAA,EAAM,QAAA;AAAA,IACN,KAAA,EAAO,EAAA;AAAA,IACP,QAAA,EAAU,CAAC,QAAQ,CAAA;AAAA,IACnB,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,IAAA,EAAM,QAAA;AAAA,IACN,KAAA,EAAO,EAAA;AAAA,IACP,QAAA,EAAU,CAAC,UAAU,CAAA;AAAA,IACrB,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,IAAA,EAAM,UAAA;AAAA,IACN,KAAA,EAAO,EAAA;AAAA,IACP,UAAU,EAAC;AAAA,IACX,WAAA,EAAa;AAAA,GACf;AAAA,EACA;AAAA,IACE,IAAA,EAAM,OAAA;AAAA,IACN,KAAA,EAAO,EAAA;AAAA,IACP,UAAU,EAAC;AAAA,IACX,WAAA,EAAa;AAAA;AAEjB,CAAA;AA2EO,IAAM,gBAAA,GAA6C;AAAA,EACxD,WAAA,EAAa,CAAC,GAAG,CAAA;AAAA,EAEjB,KAAA,EAAO;AAAA,IACL,aAAA;AAAA,IACA,YAAA;AAAA,IACA,cAAA;AAAA,IACA,iBAAA;AAAA,IACA,aAAA;AAAA,IACA,YAAA;AAAA,IACA,cAAA;AAAA,IACA,cAAA;AAAA,IACA,cAAA;AAAA,IACA,aAAA;AAAA,IACA,YAAA;AAAA,IACA,cAAA;AAAA,IACA,cAAA;AAAA,IACA,cAAA;AAAA,IACA,aAAA;AAAA,IACA,YAAA;AAAA,IACA,cAAA;AAAA,IACA,cAAA;AAAA,IACA,cAAA;AAAA,IACA,kBAAA;AAAA,IACA,iBAAA;AAAA,IACA,mBAAA;AAAA,IACA,mBAAA;AAAA,IACA,mBAAA;AAAA,IACA,gBAAA;AAAA,IACA,eAAA;AAAA,IACA,iBAAA;AAAA,IACA,iBAAA;AAAA,IACA,iBAAA;AAAA,IACA,cAAA;AAAA,IACA,aAAA;AAAA,IACA,eAAA;AAAA,IACA,iBAAA;AAAA,IACA,gBAAA;AAAA,IACA,kBAAA;AAAA,IACA,eAAA;AAAA,IACA,cAAA;AAAA,IACA,gBAAA;AAAA,IACA,gBAAA;AAAA,IACA,gBAAA;AAAA,IACA,kBAAA;AAAA,IACA,iBAAA;AAAA,IACA,mBAAA;AAAA,IACA,mBAAA;AAAA,IACA,mBAAA;AAAA,IACA,gBAAA;AAAA,IACA,eAAA;AAAA,IACA,iBAAA;AAAA,IACA,eAAA;AAAA,IACA,cAAA;AAAA,IACA;AAAA,GACF;AAAA,EAEA,MAAA,EAAQ;AAAA,IACN,aAAA;AAAA,IACA,YAAA;AAAA,IACA,cAAA;AAAA,IACA,cAAA;AAAA,IACA,cAAA;AAAA,IACA,aAAA;AAAA,IACA,YAAA;AAAA,IACA,cAAA;AAAA,IACA,cAAA;AAAA,IACA,cAAA;AAAA,IACA,YAAA;AAAA,IACA,cAAA;AAAA,IACA,cAAA;AAAA,IACA,iBAAA;AAAA,IACA,mBAAA;AAAA,IACA,mBAAA;AAAA,IACA,eAAA;AAAA,IACA,aAAA;AAAA,IACA,eAAA;AAAA,IACA,iBAAA;AAAA,IACA,mBAAA;AAAA,IACA,mBAAA;AAAA,IACA,cAAA;AAAA,IACA;AAAA,GACF;AAAA,EAEA,MAAA,EAAQ;AAAA,IACN,YAAA;AAAA,IACA,cAAA;AAAA,IACA,cAAA;AAAA,IACA,YAAA;AAAA,IACA,cAAA;AAAA,IACA,iBAAA;AAAA,IACA,cAAA;AAAA,IACA;AAAA,GACF;AAAA,EAEA,QAAA,EAAU,CAAC,cAAA,EAAgB,gBAAA,EAAkB,eAAe,eAAe,CAAA;AAAA,EAE3E,KAAA,EAAO,CAAC,YAAA,EAAc,YAAA,EAAc,eAAe;AACrD,CAAA;AAEO,SAAS,gBAAA,CACd,IAAA,EACA,KAAA,GAAgB,aAAA,EACN;AACV,EAAA,MAAM,SAAA,GAAsB,CAAC,IAAI,CAAA;AACjC,EAAA,MAAM,OAAA,GAAU,IAAI,GAAA,CAAI,KAAA,CAAM,GAAA,CAAI,CAAC,CAAA,KAAM,CAAC,CAAA,CAAE,IAAA,EAAM,CAAC,CAAC,CAAC,CAAA;AAErD,EAAA,MAAM,YAAA,GAAe,CAAC,CAAA,KAAc;AAClC,IAAA,MAAM,QAAA,GAAW,OAAA,CAAQ,GAAA,CAAI,CAAC,CAAA;AAC9B,IAAA,IAAI,QAAA,IAAY,SAAS,QAAA,EAAU;AACjC,MAAA,KAAA,MAAW,SAAA,IAAa,SAAS,QAAA,EAAU;AACzC,QAAA,IAAI,CAAC,SAAA,CAAU,QAAA,CAAS,SAAS,CAAA,EAAG;AAClC,UAAA,SAAA,CAAU,KAAK,SAAS,CAAA;AACxB,UAAA,YAAA,CAAa,SAAS,CAAA;AAAA,QACxB;AAAA,MACF;AAAA,IACF;AAAA,EACF,CAAA;AAEA,EAAA,YAAA,CAAa,IAAI,CAAA;AACjB,EAAA,OAAO,SAAA;AACT;;;AC3PO,SAAS,aAAA,CACd,IAAA,EACA,UAAA,EACA,eAAA,GAA4C,gBAAA,EACnC;AACT,EAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,IAAA,CAAK,MAAM,OAAO,KAAA;AAEhC,EAAA,MAAM,eAAA,GAAkB,kBAAA,CAAmB,IAAA,EAAM,eAAe,CAAA;AAEhE,EAAA,IAAI,eAAA,CAAgB,QAAA,CAAS,GAAG,CAAA,EAAG,OAAO,IAAA;AAC1C,EAAA,IAAI,eAAA,CAAgB,QAAA,CAAS,UAAU,CAAA,EAAG,OAAO,IAAA;AAEjD,EAAA,MAAM,CAAC,QAAA,EAAU,MAAM,CAAA,GAAI,UAAA,CAAW,MAAM,GAAG,CAAA;AAC/C,EAAA,IAAI,gBAAgB,QAAA,CAAS,CAAA,EAAG,QAAQ,CAAA,EAAA,CAAI,GAAG,OAAO,IAAA;AACtD,EAAA,IAAI,gBAAgB,QAAA,CAAS,CAAA,EAAG,QAAQ,CAAA,MAAA,CAAQ,GAAG,OAAO,IAAA;AAE1D,EAAA,OAAO,KAAA;AACT;AAaO,SAAS,UAAA,CAAW,MAAgB,UAAA,EAA+B;AACxE,EAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,IAAA,CAAK,MAAM,OAAO,KAAA;AAEhC,EAAA,MAAM,SAAA,GAAY,gBAAA,CAAiB,IAAA,CAAK,IAAI,CAAA;AAC5C,EAAA,OAAO,WAAW,IAAA,CAAK,CAAC,SAAS,SAAA,CAAU,QAAA,CAAS,IAAI,CAAC,CAAA;AAC3D;AASO,SAAS,kBAAA,CACd,IAAA,EACA,eAAA,GAA4C,gBAAA,EAClC;AACV,EAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,IAAA,CAAK,IAAA,SAAa,EAAC;AAEjC,EAAA,MAAM,SAAA,GAAY,gBAAA,CAAiB,IAAA,CAAK,IAAI,CAAA;AAC5C,EAAA,MAAM,WAAA,uBAAkB,GAAA,EAAY;AAEpC,EAAA,KAAA,MAAW,QAAQ,SAAA,EAAW;AAC5B,IAAA,MAAM,SAAA,GAAY,gBAAgB,IAAI,CAAA;AACtC,IAAA,IAAI,SAAA,EAAW;AACb,MAAA,KAAA,MAAW,QAAQ,SAAA,EAAW;AAC5B,QAAA,WAAA,CAAY,IAAI,IAAI,CAAA;AAAA,MACtB;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,KAAA,CAAM,KAAK,WAAW,CAAA;AAC/B","file":"chunk-L4EZKIEX.js","sourcesContent":["export interface Role {\n  name: string;\n  level: number;\n  inherits: string[];\n  description: string;\n  createdAt?: string;\n  updatedAt?: string;\n}\n\nexport interface Permission {\n  resource: string;\n  action: \"create\" | \"read\" | \"update\" | \"delete\" | \"admin\";\n  conditions?: Condition[];\n}\n\nexport interface Condition {\n  field: string;\n  operator:\n    | \"eq\"\n    | \"neq\"\n    | \"in\"\n    | \"nin\"\n    | \"gt\"\n    | \"lt\"\n    | \"gte\"\n    | \"lte\"\n    | \"contains\";\n  value: any;\n}\n\nexport interface RolePermission {\n  role: string;\n  permissions: Permission[];\n}\n\nexport const DEFAULT_ROLES: Role[] = [\n  {\n    name: \"super_admin\",\n    level: 100,\n    inherits: [],\n    description: \"Full system access across all tenants\",\n  },\n  {\n    name: \"admin\",\n    level: 90,\n    inherits: [\"editor\"],\n    description: \"Full tenant access with all content permissions\",\n  },\n  {\n    name: \"editor\",\n    level: 70,\n    inherits: [\"author\"],\n    description: \"Edit and publish all content\",\n  },\n  {\n    name: \"author\",\n    level: 50,\n    inherits: [\"customer\"],\n    description: \"Create and edit own content\",\n  },\n  {\n    name: \"customer\",\n    level: 30,\n    inherits: [],\n    description: \"Access own data and make purchases\",\n  },\n  {\n    name: \"guest\",\n    level: 10,\n    inherits: [],\n    description: \"Public read-only access\",\n  },\n];\n\nexport const DEFAULT_PERMISSIONS: Permission[] = [\n  { resource: \"users\", action: \"admin\" },\n  { resource: \"users\", action: \"read\" },\n  { resource: \"users\", action: \"create\" },\n  { resource: \"users\", action: \"update\" },\n  { resource: \"users\", action: \"delete\" },\n\n  { resource: \"audit_logs\", action: \"admin\" },\n  { resource: \"audit_logs\", action: \"read\" },\n\n  { resource: \"posts\", action: \"admin\" },\n  { resource: \"posts\", action: \"read\" },\n  { resource: \"posts\", action: \"create\" },\n  { resource: \"posts\", action: \"update\" },\n  { resource: \"posts\", action: \"delete\" },\n\n  { resource: \"pages\", action: \"admin\" },\n  { resource: \"pages\", action: \"read\" },\n  { resource: \"pages\", action: \"create\" },\n  { resource: \"pages\", action: \"update\" },\n  { resource: \"pages\", action: \"delete\" },\n\n  { resource: \"media\", action: \"admin\" },\n  { resource: \"media\", action: \"read\" },\n  { resource: \"media\", action: \"create\" },\n  { resource: \"media\", action: \"update\" },\n  { resource: \"media\", action: \"delete\" },\n\n  { resource: \"categories\", action: \"admin\" },\n  { resource: \"categories\", action: \"read\" },\n  { resource: \"categories\", action: \"create\" },\n  { resource: \"categories\", action: \"update\" },\n  { resource: \"categories\", action: \"delete\" },\n\n  { resource: \"products\", action: \"admin\" },\n  { resource: \"products\", action: \"read\" },\n  { resource: \"products\", action: \"create\" },\n  { resource: \"products\", action: \"update\" },\n  { resource: \"products\", action: \"delete\" },\n\n  { resource: \"orders\", action: \"admin\" },\n  { resource: \"orders\", action: \"read\" },\n  { resource: \"orders\", action: \"create\" },\n  { resource: \"orders\", action: \"update\" },\n  { resource: \"orders\", action: \"delete\" },\n\n  { resource: \"customers\", action: \"admin\" },\n  { resource: \"customers\", action: \"read\" },\n  { resource: \"customers\", action: \"create\" },\n  { resource: \"customers\", action: \"update\" },\n  { resource: \"customers\", action: \"delete\" },\n\n  { resource: \"coupons\", action: \"admin\" },\n  { resource: \"coupons\", action: \"read\" },\n  { resource: \"coupons\", action: \"create\" },\n  { resource: \"coupons\", action: \"update\" },\n  { resource: \"coupons\", action: \"delete\" },\n\n  { resource: \"menu\", action: \"admin\" },\n  { resource: \"menu\", action: \"read\" },\n  { resource: \"menu\", action: \"create\" },\n  { resource: \"menu\", action: \"update\" },\n  { resource: \"menu\", action: \"delete\" },\n\n  { resource: \"settings\", action: \"admin\" },\n  { resource: \"settings\", action: \"read\" },\n  { resource: \"settings\", action: \"update\" },\n\n  { resource: \"profile\", action: \"admin\" },\n  { resource: \"profile\", action: \"read\" },\n  { resource: \"profile\", action: \"update\" },\n];\n\nexport const ROLE_PERMISSIONS: Record<string, string[]> = {\n  super_admin: [\"*\"],\n\n  admin: [\n    \"users:admin\",\n    \"users:read\",\n    \"users:update\",\n    \"audit_logs:read\",\n    \"posts:admin\",\n    \"posts:read\",\n    \"posts:create\",\n    \"posts:update\",\n    \"posts:delete\",\n    \"pages:admin\",\n    \"pages:read\",\n    \"pages:create\",\n    \"pages:update\",\n    \"pages:delete\",\n    \"media:admin\",\n    \"media:read\",\n    \"media:create\",\n    \"media:update\",\n    \"media:delete\",\n    \"categories:admin\",\n    \"categories:read\",\n    \"categories:create\",\n    \"categories:update\",\n    \"categories:delete\",\n    \"products:admin\",\n    \"products:read\",\n    \"products:create\",\n    \"products:update\",\n    \"products:delete\",\n    \"orders:admin\",\n    \"orders:read\",\n    \"orders:update\",\n    \"customers:admin\",\n    \"customers:read\",\n    \"customers:update\",\n    \"coupons:admin\",\n    \"coupons:read\",\n    \"coupons:create\",\n    \"coupons:update\",\n    \"coupons:delete\",\n    \"navigation:admin\",\n    \"navigation:read\",\n    \"navigation:create\",\n    \"navigation:update\",\n    \"navigation:delete\",\n    \"settings:admin\",\n    \"settings:read\",\n    \"settings:update\",\n    \"profile:admin\",\n    \"profile:read\",\n    \"profile:update\",\n  ],\n\n  editor: [\n    \"posts:admin\",\n    \"posts:read\",\n    \"posts:create\",\n    \"posts:update\",\n    \"posts:delete\",\n    \"pages:admin\",\n    \"pages:read\",\n    \"pages:create\",\n    \"pages:update\",\n    \"pages:delete\",\n    \"media:read\",\n    \"media:create\",\n    \"media:update\",\n    \"categories:read\",\n    \"categories:create\",\n    \"categories:update\",\n    \"products:read\",\n    \"orders:read\",\n    \"orders:update\",\n    \"navigation:read\",\n    \"navigation:create\",\n    \"navigation:update\",\n    \"profile:read\",\n    \"profile:update\",\n  ],\n\n  author: [\n    \"posts:read\",\n    \"posts:create\",\n    \"posts:update\",\n    \"media:read\",\n    \"media:create\",\n    \"categories:read\",\n    \"profile:read\",\n    \"profile:update\",\n  ],\n\n  customer: [\"profile:read\", \"profile:update\", \"orders:read\", \"orders:create\"],\n\n  guest: [\"posts:read\", \"pages:read\", \"products:read\"],\n};\n\nexport function getRoleHierarchy(\n  role: string,\n  roles: Role[] = DEFAULT_ROLES,\n): string[] {\n  const hierarchy: string[] = [role];\n  const roleMap = new Map(roles.map((r) => [r.name, r]));\n\n  const addInherited = (r: string) => {\n    const roleData = roleMap.get(r);\n    if (roleData && roleData.inherits) {\n      for (const inherited of roleData.inherits) {\n        if (!hierarchy.includes(inherited)) {\n          hierarchy.push(inherited);\n          addInherited(inherited);\n        }\n      }\n    }\n  };\n\n  addInherited(role);\n  return hierarchy;\n}\n\nexport function getRoleLevel(\n  role: string,\n  roles: Role[] = DEFAULT_ROLES,\n): number {\n  const roleMap = new Map(roles.map((r) => [r.name, r]));\n  const roleData = roleMap.get(role);\n  return roleData?.level ?? 0;\n}\n\nexport function isRoleHigherOrEqual(\n  role1: string,\n  role2: string,\n  roles: Role[] = DEFAULT_ROLES,\n): boolean {\n  return getRoleLevel(role1, roles) >= getRoleLevel(role2, roles);\n}\n\nexport function canInheritRole(\n  role: string,\n  targetRole: string,\n  roles: Role[] = DEFAULT_ROLES,\n): boolean {\n  const hierarchy = getRoleHierarchy(role, roles);\n  return hierarchy.includes(targetRole);\n}\n","import type { AuthUser } from \"../types.js\";\nimport {\n  ROLE_PERMISSIONS,\n  getRoleHierarchy,\n  type Permission,\n  type Condition,\n} from \"./roles.js\";\n\nexport interface PermissionContext {\n  user: AuthUser;\n  resource?: string;\n  action?: string;\n  doc?: Record<string, any>;\n  data?: Record<string, any>;\n  tenantId?: string;\n}\n\nexport function hasPermission(\n  user: AuthUser,\n  permission: string,\n  rolePermissions: Record<string, string[]> = ROLE_PERMISSIONS,\n): boolean {\n  if (!user || !user.role) return false;\n\n  const userPermissions = getUserPermissions(user, rolePermissions);\n\n  if (userPermissions.includes(\"*\")) return true;\n  if (userPermissions.includes(permission)) return true;\n\n  const [resource, action] = permission.split(\":\");\n  if (userPermissions.includes(`${resource}:*`)) return true;\n  if (userPermissions.includes(`${resource}:admin`)) return true;\n\n  return false;\n}\n\nexport function hasRole(\n  user: AuthUser,\n  role: string,\n  roles: string[] = [],\n): boolean {\n  if (!user || !user.role) return false;\n\n  const hierarchy = getRoleHierarchy(user.role);\n  return hierarchy.includes(role);\n}\n\nexport function hasAnyRole(user: AuthUser, checkRoles: string[]): boolean {\n  if (!user || !user.role) return false;\n\n  const hierarchy = getRoleHierarchy(user.role);\n  return checkRoles.some((role) => hierarchy.includes(role));\n}\n\nexport function hasAllRoles(user: AuthUser, checkRoles: string[]): boolean {\n  if (!user || !user.role) return false;\n\n  const hierarchy = getRoleHierarchy(user.role);\n  return checkRoles.every((role) => hierarchy.includes(role));\n}\n\nexport function getUserPermissions(\n  user: AuthUser,\n  rolePermissions: Record<string, string[]> = ROLE_PERMISSIONS,\n): string[] {\n  if (!user || !user.role) return [];\n\n  const hierarchy = getRoleHierarchy(user.role);\n  const permissions = new Set<string>();\n\n  for (const role of hierarchy) {\n    const rolePerms = rolePermissions[role];\n    if (rolePerms) {\n      for (const perm of rolePerms) {\n        permissions.add(perm);\n      }\n    }\n  }\n\n  return Array.from(permissions);\n}\n\nexport function getEffectivePermissions(\n  user: AuthUser,\n  rolePermissions: Record<string, string[]> = ROLE_PERMISSIONS,\n): string[] {\n  return getUserPermissions(user, rolePermissions);\n}\n\nexport function canAccessResource(\n  user: AuthUser,\n  resource: string,\n  action: string,\n  rolePermissions: Record<string, string[]> = ROLE_PERMISSIONS,\n): boolean {\n  return hasPermission(user, `${resource}:${action}`, rolePermissions);\n}\n\nexport function filterPermissions(\n  permissions: string[],\n  resource?: string,\n): string[] {\n  if (!resource) return permissions;\n\n  return permissions.filter((perm) => {\n    const [permResource] = perm.split(\":\");\n    return permResource === resource || permResource === \"*\";\n  });\n}\n\nexport function parsePermission(permission: string): {\n  resource: string;\n  action: string;\n  condition?: Condition;\n} {\n  const [resource, action, ...rest] = permission.split(\":\");\n  return {\n    resource,\n    action,\n    condition: rest.length > 0 ? JSON.parse(rest.join(\":\")) : undefined,\n  };\n}\n\nexport function buildPermission(\n  resource: string,\n  action: string,\n  condition?: Condition,\n): string {\n  if (condition) {\n    return `${resource}:${action}:${JSON.stringify(condition)}`;\n  }\n  return `${resource}:${action}`;\n}\n\nexport function evaluateCondition(\n  condition: Condition,\n  context: Record<string, any>,\n): boolean {\n  const { field, operator, value } = condition;\n  const fieldValue = context[field];\n\n  if (fieldValue === undefined) return false;\n\n  switch (operator) {\n    case \"eq\":\n      return fieldValue === value;\n    case \"neq\":\n      return fieldValue !== value;\n    case \"in\":\n      return Array.isArray(value) && value.includes(fieldValue);\n    case \"nin\":\n      return Array.isArray(value) && !value.includes(fieldValue);\n    case \"gt\":\n      return fieldValue > value;\n    case \"lt\":\n      return fieldValue < value;\n    case \"gte\":\n      return fieldValue >= value;\n    case \"lte\":\n      return fieldValue <= value;\n    case \"contains\":\n      if (typeof fieldValue === \"string\") {\n        return fieldValue.includes(value);\n      }\n      if (Array.isArray(fieldValue)) {\n        return fieldValue.includes(value);\n      }\n      return false;\n    default:\n      return false;\n  }\n}\n\nexport function evaluateConditions(\n  conditions: Condition[],\n  context: Record<string, any>,\n): boolean {\n  if (!conditions || conditions.length === 0) return true;\n\n  return conditions.every((condition) => evaluateCondition(condition, context));\n}\n\nexport function resolveConditionValue(\n  value: any,\n  context: Record<string, any>,\n): any {\n  if (typeof value !== \"string\") return value;\n\n  if (value.startsWith(\"${\") && value.endsWith(\"}\")) {\n    const path = value.slice(2, -1);\n    const keys = path.split(\".\");\n    let resolved = context;\n\n    for (const key of keys) {\n      if (resolved === undefined || resolved === null) return undefined;\n      resolved = resolved[key];\n    }\n\n    return resolved;\n  }\n\n  return value;\n}\n\nexport function evaluateConditionWithContext(\n  condition: Condition,\n  context: Record<string, any>,\n): boolean {\n  const resolvedCondition = {\n    ...condition,\n    value: resolveConditionValue(condition.value, context),\n  };\n\n  return evaluateCondition(resolvedCondition, context);\n}\n\nexport class PermissionChecker {\n  private rolePermissions: Record<string, string[]>;\n\n  constructor(rolePermissions: Record<string, string[]> = ROLE_PERMISSIONS) {\n    this.rolePermissions = rolePermissions;\n  }\n\n  check(user: AuthUser, permission: string): boolean {\n    return hasPermission(user, permission, this.rolePermissions);\n  }\n\n  checkRole(user: AuthUser, role: string): boolean {\n    return hasRole(user, role);\n  }\n\n  checkAnyRole(user: AuthUser, roles: string[]): boolean {\n    return hasAnyRole(user, roles);\n  }\n\n  checkAllRoles(user: AuthUser, roles: string[]): boolean {\n    return hasAllRoles(user, roles);\n  }\n\n  getPermissions(user: AuthUser): string[] {\n    return getUserPermissions(user, this.rolePermissions);\n  }\n\n  canAccess(user: AuthUser, resource: string, action: string): boolean {\n    return canAccessResource(user, resource, action, this.rolePermissions);\n  }\n\n  filterByResource(permissions: string[], resource: string): string[] {\n    return filterPermissions(permissions, resource);\n  }\n}\n"]}