@kyro-cms/core 0.9.1 → 0.9.4

package/dist/chunk-KPA4AN4R.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/api/trpc/context.ts","../src/api/trpc/procedures.ts","../src/api/trpc/router.ts"],"names":[],"mappings":";;;;;AAsCA,eAAsB,cAAc,OAAA,EAOX;AACvB,EAAA,MAAM,cAAA,GAAiB,oBAAA,CAAqB,OAAA,CAAQ,EAAE,CAAA;AAEtD,EAAA,MAAM,WAAA,GAA2B;AAAA,IAC/B,IAAI,OAAA,CAAQ,EAAA;AAAA,IACZ,UAAU,OAAA,CAAQ,QAAA;AAAA,IAClB,KAAK,OAAA,CAAQ,GAAA;AAAA,IACb,MAAM,OAAA,CAAQ,IAAA;AAAA,IACd,UAAU,OAAA,CAAQ,QAAA;AAAA,IAClB,cAAA;AAAA,IACA,UAAU,OAAA,CAAQ;AAAA,GACpB;AAEA,EAAA,MAAM,SAAA,GAAY,wBAAA,CAAyB,OAAA,CAAQ,GAAU,CAAA;AAC7D,EAAA,IAAI,SAAA,EAAW;AACb,IAAA,MAAM,MAAA,GAAS,MAAM,cAAA,CAAe,SAAA,EAAW,QAAQ,EAAE,CAAA;AACzD,IAAA,IAAI,OAAO,KAAA,EAAO;AAChB,MAAA,WAAA,CAAY,IAAA,GAAQ,MAAA,CAAO,IAAA,IAAiB,OAAA,CAAQ,IAAA;AACpD,MAAA,WAAA,CAAY,QAAA,GAAW,MAAA,CAAO,QAAA,IAAY,OAAA,CAAQ,QAAA;AAClD,MAAA,WAAA,CAAY,MAAA,GAAS,oBAAoB,MAAM,CAAA;AAAA,IACjD;AAAA,EACF;AAEA,EAAA,OAAO,WAAA;AACT;;;ACtDA,IAAM,oBAAA,GAGF;AAAA,EACF,MAAA,EAAQ;AAAA,IACN,QAAQ,cAAA,CAAe,YAAA;AAAA,IACvB,QAAQ,cAAA,CAAe,YAAA;AAAA,IACvB,QAAQ,cAAA,CAAe;AAAA;AAE3B,CAAA;AAEA,SAAS,eAAA,CACP,YACA,SAAA,EACc;AACd,EAAA,MAAM,MAAA,GAAS,qBAAqB,UAAU,CAAA;AAC9C,EAAA,IAAI,MAAA,EAAQ,OAAO,MAAA,CAAO,SAAS,CAAA;AACnC,EAAA,OAAO,cAAc,SAAS,CAAA,CAAA;AAChC;AAEA,eAAe,cAAA,CACb,GAAA,EACA,KAAA,EACA,OAAA,EAMA;AACA,EAAA,IAAI,CAAC,IAAI,cAAA,EAAgB;AACzB,EAAA,IAAI;AACF,IAAA,MAAM,GAAA,CAAI,cAAA,CAAe,OAAA,CAAQ,KAAA,EAAO;AAAA,MACtC,YAAY,OAAA,CAAQ,UAAA;AAAA,MACpB,WAAW,OAAA,CAAQ,SAAA;AAAA,MACnB,MAAM,OAAA,CAAQ,IAAA;AAAA,MACd,cAAc,OAAA,CAAQ,YAAA;AAAA,MACtB,MAAM,GAAA,CAAI,IAAA,GACN,EAAE,EAAA,EAAI,IAAI,IAAA,CAAK,EAAA,EAAI,KAAA,EAAO,GAAA,CAAI,KAAK,KAAA,EAAO,IAAA,EAAM,GAAA,CAAI,IAAA,CAAK,MAAK,GAC9D,KAAA,CAAA;AAAA,MACJ,UAAU,GAAA,CAAI;AAAA,KACf,CAAA;AAAA,EACH,SAAS,GAAA,EAAK;AACZ,IAAA,OAAA,CAAQ,KAAA,CAAM,CAAA,4BAAA,EAA+B,KAAK,CAAA,CAAA,CAAA,EAAK,GAAG,CAAA;AAAA,EAC5D;AACF;AAMA,eAAe,eAAA,CACb,MAAA,EACA,SAAA,EACA,GAAA,EACe;AACf,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,MAAA,GAAS,SAAS,CAAA;AAG5C,EAAA,MAAM,SAAS,GAAA,CAAI,MAAA;AACnB,EAAA,IAAI,UAAU,MAAA,CAAO,WAAA,IAAe,MAAA,CAAO,WAAA,CAAY,SAAS,CAAA,EAAG;AACjE,IAAA,MAAM,WAAW,MAAA,CAAO,IAAA;AACxB,IAAA,MAAM,SAAS,SAAA,KAAc,MAAA,GAAS,MAAA,GAAS,SAAA,KAAc,WAAW,QAAA,GAAW,QAAA;AACnF,IAAA,MAAM,UAAA,GAAa,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,MAAM,CAAA,CAAA;AACxC,IAAA,IACE,CAAC,mBAAA,CAAoB,MAAA,CAAO,WAAA,EAAa,UAAU,CAAA,IACnD,CAAC,mBAAA,CAAoB,MAAA,CAAO,WAAA,EAAa,CAAA,EAAG,QAAQ,QAAQ,CAAA,EAC5D;AACA,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,0CAAA,EAA6C,UAAU,CAAA,CAAE,CAAA;AAAA,IAC3E;AAAA,EACF;AAGA,EAAA,IAAI,IAAI,IAAA,EAAM;AACZ,IAAA,MAAM,WAAW,MAAA,CAAO,IAAA;AACxB,IAAA,MAAM,MAAA,GAAS,cAAc,MAAA,GAAS,MAAA,GAAS,cAAc,QAAA,GAAW,QAAA,GAAW,SAAA,KAAc,QAAA,GAAW,QAAA,GAAW,QAAA;AACvH,IAAA,MAAM,UAAA,GAAa,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,MAAM,CAAA,CAAA;AACxC,IAAA,MAAM,iBAAA,GAAoB,aAAA;AAAA,MACxB,EAAE,EAAA,EAAI,GAAA,CAAI,IAAA,CAAK,EAAA,EAAI,KAAA,EAAO,GAAA,CAAI,IAAA,CAAK,KAAA,EAAO,IAAA,EAAM,GAAA,CAAI,IAAA,CAAK,IAAA,EAAK;AAAA,MAC9D;AAAA,KACF;AACA,IAAA,IAAI,CAAC,qBAAqB,CAAC,aAAA;AAAA,MACzB,EAAE,EAAA,EAAI,GAAA,CAAI,IAAA,CAAK,EAAA,EAAI,KAAA,EAAO,GAAA,CAAI,IAAA,CAAK,KAAA,EAAO,IAAA,EAAM,GAAA,CAAI,IAAA,CAAK,IAAA,EAAK;AAAA,MAC9D,GAAG,QAAQ,CAAA,MAAA;AAAA,KACb,EAAG;AACD,MAAA,IAAI,CAAC,UAAA,EAAY;AACf,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,uCAAA,EAA0C,UAAU,CAAA,CAAE,CAAA;AAAA,MACxE;AAAA,IACF;AAAA,EACF;AAEA,EAAA,IAAI,UAAA,EAAY;AACd,IAAA,MAAM,OAAA,GAAU,MAAM,cAAA,CAAe,UAAA,EAAY;AAAA,MAC/C,KAAK,GAAA,CAAI,GAAA;AAAA,MACT,MAAM,GAAA,CAAI,IAAA;AAAA,MACV,UAAU,GAAA,CAAI;AAAA,KACf,CAAA;AACD,IAAA,IAAI,OAAA,KAAY,KAAA,EAAO,MAAM,IAAI,MAAM,eAAe,CAAA;AAAA,EACxD,WAAW,CAAC,GAAA,CAAI,IAAA,IAAQ,CAAC,IAAI,MAAA,EAAQ;AACnC,IAAA,MAAM,IAAI,MAAM,wCAAwC,CAAA;AAAA,EAC1D;AAGA,EAAA,IAAI,IAAI,QAAA,EAAU;AAChB,IAAA,GAAA,CAAI,EAAA,CAAG,iBAAiB,EAAE,QAAA,EAAU,IAAI,QAAA,EAAU,MAAA,EAAQ,IAAI,IAAA,EAAM,EAAA,IAAM,IAAI,IAAA,EAAM,GAAA,CAAI,MAAM,IAAA,EAAM,YAAA,EAAc,IAAI,IAAA,EAAM,IAAA,KAAS,eAAe,CAAA;AAAA,EACtJ;AACF;AAMO,SAAS,oBAAoB,GAAA,EAAkB;AACpD,EAAA,OAAO,OAAO,KAAA,KASR;AACJ,IAAA,MAAM,EAAE,YAAY,KAAA,EAAO,IAAA,EAAM,OAAO,IAAA,EAAM,KAAA,EAAO,MAAA,EAAQ,KAAA,EAAM,GAAI,KAAA;AACvE,IAAA,MAAM,MAAA,GAAS,GAAA,CAAI,QAAA,CAAS,aAAA,CAAc,UAAU,CAAA;AAEpD,IAAA,MAAM,eAAA,CAAgB,MAAA,EAAQ,MAAA,EAAQ,GAAG,CAAA;AAGzC,IAAA,IAAI,MAAA,CAAO,OAAO,UAAA,EAAY;AAC5B,MAAA,KAAA,MAAW,IAAA,IAAQ,MAAA,CAAO,KAAA,CAAM,UAAA,EAAY;AAC1C,QAAA,MAAM,IAAA,CAAK;AAAA,UACT,UAAA;AAAA,UACA,KAAK,GAAA,CAAI,GAAA;AAAA,UACT,MAAM,GAAA,CAAI,IAAA;AAAA,UACV,UAAU,GAAA,CAAI,QAAA;AAAA,UACd,SAAA,EAAW,MAAA;AAAA,UACX;AAAA,SACD,CAAA;AAAA,MACH;AAAA,IACF;AAEA,IAAA,MAAM,OAAA,GAAU,KAAA,IAAS,CAAC,CAAC,GAAA,CAAI,IAAA;AAG/B,IAAA,MAAM,MAAA,GAAS,MAAM,GAAA,CAAI,EAAA,CAAG,IAAA,CAAK;AAAA,MAC/B,UAAA;AAAA,MACA,KAAA,EAAO,SAAS,EAAC;AAAA,MACjB,IAAA;AAAA,MACA,OAAO,KAAA,IAAS,EAAA;AAAA,MAChB,MAAM,IAAA,IAAQ,CAAA;AAAA,MACd,OAAO,KAAA,IAAS,CAAA;AAAA,MAChB,UAAU,GAAA,CAAI,QAAA;AAAA,MACd,MAAA;AAAA,MACA,KAAA,EAAO;AAAA,KACR,CAAA;AAGD,IAAA,IAAI,MAAA,CAAO,OAAO,SAAA,EAAW;AAC3B,MAAA,KAAA,MAAW,GAAA,IAAO,OAAO,IAAA,EAAM;AAC7B,QAAA,KAAA,MAAW,IAAA,IAAQ,MAAA,CAAO,KAAA,CAAM,SAAA,EAAW;AACzC,UAAA,MAAM,IAAA,CAAK;AAAA,YACT,UAAA;AAAA,YACA,GAAA;AAAA,YACA,KAAK,GAAA,CAAI,GAAA;AAAA,YACT,MAAM,GAAA,CAAI,IAAA;AAAA,YACV,UAAU,GAAA,CAAI,QAAA;AAAA,YACd,SAAA,EAAW;AAAA,WACZ,CAAA;AAAA,QACH;AAAA,MACF;AAAA,IACF;AAEA,IAAA,OAAO,MAAA;AAAA,EACT,CAAA;AACF;AAEO,SAAS,wBAAwB,GAAA,EAAkB;AACxD,EAAA,OAAO,OAAO,KAAA,KAMR;AACJ,IAAA,MAAM,EAAE,UAAA,EAAY,EAAA,EAAI,KAAA,EAAO,MAAA,EAAQ,OAAM,GAAI,KAAA;AACjD,IAAA,MAAM,MAAA,GAAS,GAAA,CAAI,QAAA,CAAS,aAAA,CAAc,UAAU,CAAA;AAEpD,IAAA,MAAM,eAAA,CAAgB,MAAA,EAAQ,MAAA,EAAQ,GAAG,CAAA;AAEzC,IAAA,MAAM,OAAA,GAAU,KAAA,IAAS,CAAC,CAAC,GAAA,CAAI,IAAA;AAE/B,IAAA,MAAM,GAAA,GAAM,MAAM,GAAA,CAAI,EAAA,CAAG,QAAA,CAAS;AAAA,MAChC,UAAA;AAAA,MACA,EAAA;AAAA,MACA,OAAO,KAAA,IAAS,CAAA;AAAA,MAChB,UAAU,GAAA,CAAI,QAAA;AAAA,MACd,MAAA;AAAA,MACA,KAAA,EAAO;AAAA,KACR,CAAA;AAED,IAAA,IAAI,CAAC,KAAK,MAAM,IAAI,MAAM,CAAA,oBAAA,EAAuB,UAAU,CAAA,CAAA,EAAI,EAAE,CAAA,CAAE,CAAA;AAGnE,IAAA,IAAI,MAAA,CAAO,OAAO,SAAA,EAAW;AAC3B,MAAA,KAAA,MAAW,IAAA,IAAQ,MAAA,CAAO,KAAA,CAAM,SAAA,EAAW;AACzC,QAAA,MAAM,IAAA,CAAK;AAAA,UACT,UAAA;AAAA,UACA,GAAA;AAAA,UACA,KAAK,GAAA,CAAI,GAAA;AAAA,UACT,MAAM,GAAA,CAAI,IAAA;AAAA,UACV,UAAU,GAAA,CAAI,QAAA;AAAA,UACd,SAAA,EAAW,MAAA;AAAA,UACX;AAAA,SACD,CAAA;AAAA,MACH;AAAA,IACF;AAEA,IAAA,OAAO,GAAA;AAAA,EACT,CAAA;AACF;AAEO,SAAS,sBAAsB,GAAA,EAAkB;AACtD,EAAA,OAAO,OAAO,KAAA,KAKR;AACJ,IAAA,MAAM,EAAE,UAAA,EAAY,IAAA,EAAM,KAAA,EAAO,QAAO,GAAI,KAAA;AAC5C,IAAA,MAAM,MAAA,GAAS,GAAA,CAAI,QAAA,CAAS,aAAA,CAAc,UAAU,CAAA;AAEpD,IAAA,MAAM,eAAA,CAAgB,MAAA,EAAQ,QAAA,EAAU,GAAG,CAAA;AAG3C,IAAA,MAAM,MAAA,GAAS,GAAA,CAAI,QAAA,CAAS,kBAAA,CAAmB,UAAU,CAAA;AACzD,IAAA,MAAM,SAAA,GAAY,MAAA,CAAO,KAAA,CAAM,IAAI,CAAA;AAGnC,IAAA,IAAI,MAAA,CAAO,YAAA,IAAgB,GAAA,CAAI,QAAA,EAAU;AACvC,MAAA,SAAA,CAAU,WAAW,GAAA,CAAI,QAAA;AAAA,IAC3B;AAGA,IAAA,IAAI,MAAA,CAAO,OAAO,cAAA,EAAgB;AAChC,MAAA,KAAA,MAAW,IAAA,IAAQ,MAAA,CAAO,KAAA,CAAM,cAAA,EAAgB;AAC9C,QAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK;AAAA,UAC5B,UAAA;AAAA,UACA,IAAA,EAAM,SAAA;AAAA,UACN,KAAK,GAAA,CAAI,GAAA;AAAA,UACT,MAAM,GAAA,CAAI,IAAA;AAAA,UACV,UAAU,GAAA,CAAI,QAAA;AAAA,UACd,SAAA,EAAW;AAAA,SACZ,CAAA;AACD,QAAA,IAAI,UAAA,EAAY,MAAA,CAAO,MAAA,CAAO,SAAA,EAAW,UAAU,CAAA;AAAA,MACrD;AAAA,IACF;AAGA,IAAA,IAAI,MAAA,CAAO,OAAO,YAAA,EAAc;AAC9B,MAAA,KAAA,MAAW,IAAA,IAAQ,MAAA,CAAO,KAAA,CAAM,YAAA,EAAc;AAC5C,QAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK;AAAA,UAC5B,UAAA;AAAA,UACA,IAAA,EAAM,SAAA;AAAA,UACN,KAAK,GAAA,CAAI,GAAA;AAAA,UACT,MAAM,GAAA,CAAI,IAAA;AAAA,UACV,UAAU,GAAA,CAAI,QAAA;AAAA,UACd,SAAA,EAAW;AAAA,SACZ,CAAA;AACD,QAAA,IAAI,UAAA,EAAY,MAAA,CAAO,MAAA,CAAO,SAAA,EAAW,UAAU,CAAA;AAAA,MACrD;AAAA,IACF;AAGA,IAAA,MAAM,GAAA,GAAM,MAAM,GAAA,CAAI,EAAA,CAAG,MAAA,CAAO;AAAA,MAC9B,UAAA;AAAA,MACA,IAAA,EAAM,SAAA;AAAA,MACN,OAAO,KAAA,IAAS,CAAA;AAAA,MAChB,UAAU,GAAA,CAAI,QAAA;AAAA,MACd;AAAA,KACD,CAAA;AAGD,IAAA,IAAI,MAAA,CAAO,OAAO,WAAA,EAAa;AAC7B,MAAA,KAAA,MAAW,IAAA,IAAQ,MAAA,CAAO,KAAA,CAAM,WAAA,EAAa;AAC3C,QAAA,MAAM,IAAA,CAAK;AAAA,UACT,UAAA;AAAA,UACA,GAAA;AAAA,UACA,IAAA,EAAM,SAAA;AAAA,UACN,KAAK,GAAA,CAAI,GAAA;AAAA,UACT,MAAM,GAAA,CAAI,IAAA;AAAA,UACV,UAAU,GAAA,CAAI,QAAA;AAAA,UACd,SAAA,EAAW;AAAA,SACZ,CAAA;AAAA,MACH;AAAA,IACF;AAEA,IAAA,MAAM,cAAA,CAAe,GAAA,EAAK,eAAA,CAAgB,UAAA,EAAY,QAAQ,CAAA,EAAG;AAAA,MAC/D,UAAA;AAAA,MACA,IAAA,EAAM,GAAA;AAAA,MACN,SAAA,EAAW;AAAA,KACZ,CAAA;AAED,IAAA,OAAO,EAAE,GAAA,EAAI;AAAA,EACf,CAAA;AACF;AAEO,SAAS,sBAAsB,GAAA,EAAkB;AACtD,EAAA,OAAO,OAAO,KAAA,KAOR;AACJ,IAAA,MAAM,EAAE,UAAA,EAAY,EAAA,EAAI,MAAM,KAAA,EAAO,MAAA,EAAQ,eAAc,GAAI,KAAA;AAC/D,IAAA,MAAM,MAAA,GAAS,GAAA,CAAI,QAAA,CAAS,aAAA,CAAc,UAAU,CAAA;AAEpD,IAAA,MAAM,eAAA,CAAgB,MAAA,EAAQ,QAAA,EAAU,GAAG,CAAA;AAG3C,IAAA,MAAM,WAAA,GAAc,MAAM,GAAA,CAAI,EAAA,CAAG,QAAA,CAAS;AAAA,MACxC,UAAA;AAAA,MACA,EAAA;AAAA,MACA,UAAU,GAAA,CAAI,QAAA;AAAA,MACd,KAAA,EAAO;AAAA,KACR,CAAA;AAED,IAAA,IAAI,CAAC,WAAA;AACH,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,oBAAA,EAAuB,UAAU,CAAA,CAAA,EAAI,EAAE,CAAA,CAAE,CAAA;AAG3D,IAAA,IAAI,aAAA,IAAkB,WAAA,CAAoC,SAAA,IAAa,aAAA,KAAmB,YAAoC,SAAA,EAAW;AACvI,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,8CAAA,EAAiD,aAAa,CAAA,qBAAA,EAAyB,WAAA,CAAoC,SAAS,CAAA,CAAE,CAAA;AAAA,IACxJ;AAGA,IAAA,MAAM,MAAA,GAAS,GAAA,CAAI,QAAA,CAAS,kBAAA,CAAmB,UAAU,CAAA;AACzD,IAAA,MAAM,SAAA,GAAY,MAAA,CAAO,KAAA,CAAM,IAAI,CAAA;AAGnC,IAAA,IAAI,MAAA,CAAO,YAAA,IAAgB,GAAA,CAAI,QAAA,EAAU;AACvC,MAAA,SAAA,CAAU,WAAW,GAAA,CAAI,QAAA;AAAA,IAC3B;AAGA,IAAA,IAAI,MAAA,CAAO,OAAO,cAAA,EAAgB;AAChC,MAAA,KAAA,MAAW,IAAA,IAAQ,MAAA,CAAO,KAAA,CAAM,cAAA,EAAgB;AAC9C,QAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK;AAAA,UAC5B,UAAA;AAAA,UACA,IAAA,EAAM,SAAA;AAAA,UACN,WAAA;AAAA,UACA,KAAK,GAAA,CAAI,GAAA;AAAA,UACT,MAAM,GAAA,CAAI,IAAA;AAAA,UACV,UAAU,GAAA,CAAI,QAAA;AAAA,UACd,SAAA,EAAW,QAAA;AAAA,UACX;AAAA,SACD,CAAA;AACD,QAAA,IAAI,UAAA,EAAY,MAAA,CAAO,MAAA,CAAO,SAAA,EAAW,UAAU,CAAA;AAAA,MACrD;AAAA,IACF;AAGA,IAAA,IAAI,MAAA,CAAO,OAAO,YAAA,EAAc;AAC9B,MAAA,KAAA,MAAW,IAAA,IAAQ,MAAA,CAAO,KAAA,CAAM,YAAA,EAAc;AAC5C,QAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK;AAAA,UAC5B,UAAA;AAAA,UACA,IAAA,EAAM,SAAA;AAAA,UACN,WAAA;AAAA,UACA,KAAK,GAAA,CAAI,GAAA;AAAA,UACT,MAAM,GAAA,CAAI,IAAA;AAAA,UACV,UAAU,GAAA,CAAI,QAAA;AAAA,UACd,SAAA,EAAW,QAAA;AAAA,UACX;AAAA,SACD,CAAA;AACD,QAAA,IAAI,UAAA,EAAY,MAAA,CAAO,MAAA,CAAO,SAAA,EAAW,UAAU,CAAA;AAAA,MACrD;AAAA,IACF;AAGA,IAAA,MAAM,GAAA,GAAM,MAAM,GAAA,CAAI,EAAA,CAAG,MAAA,CAAO;AAAA,MAC9B,UAAA;AAAA,MACA,EAAA;AAAA,MACA,IAAA,EAAM,SAAA;AAAA,MACN,OAAO,KAAA,IAAS,CAAA;AAAA,MAChB,UAAU,GAAA,CAAI,QAAA;AAAA,MACd;AAAA,KACD,CAAA;AAGD,IAAA,IAAI,MAAA,CAAO,OAAO,WAAA,EAAa;AAC7B,MAAA,KAAA,MAAW,IAAA,IAAQ,MAAA,CAAO,KAAA,CAAM,WAAA,EAAa;AAC3C,QAAA,MAAM,IAAA,CAAK;AAAA,UACT,UAAA;AAAA,UACA,GAAA;AAAA,UACA,IAAA,EAAM,SAAA;AAAA,UACN,WAAA;AAAA,UACA,KAAK,GAAA,CAAI,GAAA;AAAA,UACT,MAAM,GAAA,CAAI,IAAA;AAAA,UACV,UAAU,GAAA,CAAI,QAAA;AAAA,UACd,SAAA,EAAW,QAAA;AAAA,UACX;AAAA,SACD,CAAA;AAAA,MACH;AAAA,IACF;AAEA,IAAA,MAAM,cAAA,CAAe,GAAA,EAAK,eAAA,CAAgB,UAAA,EAAY,QAAQ,CAAA,EAAG;AAAA,MAC/D,UAAA;AAAA,MACA,IAAA,EAAM,GAAA;AAAA,MACN,YAAA,EAAc,WAAA;AAAA,MACd,SAAA,EAAW;AAAA,KACZ,CAAA;AAED,IAAA,OAAO,EAAE,GAAA,EAAI;AAAA,EACf,CAAA;AACF;AAEO,SAAS,sBAAsB,GAAA,EAAkB;AACtD,EAAA,OAAO,OAAO,KAAA,KAA8C;AAC1D,IAAA,MAAM,EAAE,UAAA,EAAY,EAAA,EAAG,GAAI,KAAA;AAC3B,IAAA,MAAM,MAAA,GAAS,GAAA,CAAI,QAAA,CAAS,aAAA,CAAc,UAAU,CAAA;AAEpD,IAAA,MAAM,eAAA,CAAgB,MAAA,EAAQ,QAAA,EAAU,GAAG,CAAA;AAG3C,IAAA,MAAM,WAAA,GAAc,MAAM,GAAA,CAAI,EAAA,CAAG,QAAA,CAAS;AAAA,MACxC,UAAA;AAAA,MACA,EAAA;AAAA,MACA,UAAU,GAAA,CAAI,QAAA;AAAA,MACd,KAAA,EAAO;AAAA,KACR,CAAA;AAED,IAAA,IAAI,CAAC,WAAA;AACH,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,oBAAA,EAAuB,UAAU,CAAA,CAAA,EAAI,EAAE,CAAA,CAAE,CAAA;AAG3D,IAAA,IAAI,MAAA,CAAO,OAAO,YAAA,EAAc;AAC9B,MAAA,KAAA,MAAW,IAAA,IAAQ,MAAA,CAAO,KAAA,CAAM,YAAA,EAAc;AAC5C,QAAA,MAAM,IAAA,CAAK;AAAA,UACT,UAAA;AAAA,UACA,GAAA,EAAK,WAAA;AAAA,UACL,KAAK,GAAA,CAAI,GAAA;AAAA,UACT,MAAM,GAAA,CAAI,IAAA;AAAA,UACV,UAAU,GAAA,CAAI,QAAA;AAAA,UACd,SAAA,EAAW,QAAA;AAAA,UACX;AAAA,SACD,CAAA;AAAA,MACH;AAAA,IACF;AAGA,IAAA,MAAM,GAAA,GAAM,MAAM,GAAA,CAAI,EAAA,CAAG,MAAA,CAAO;AAAA,MAC9B,UAAA;AAAA,MACA,EAAA;AAAA,MACA,UAAU,GAAA,CAAI;AAAA,KACf,CAAA;AAGD,IAAA,IAAI,MAAA,CAAO,OAAO,WAAA,EAAa;AAC7B,MAAA,KAAA,MAAW,IAAA,IAAQ,MAAA,CAAO,KAAA,CAAM,WAAA,EAAa;AAC3C,QAAA,MAAM,IAAA,CAAK;AAAA,UACT,UAAA;AAAA,UACA,GAAA;AAAA,UACA,KAAK,GAAA,CAAI,GAAA;AAAA,UACT,MAAM,GAAA,CAAI,IAAA;AAAA,UACV,UAAU,GAAA,CAAI,QAAA;AAAA,UACd,SAAA,EAAW,QAAA;AAAA,UACX;AAAA,SACD,CAAA;AAAA,MACH;AAAA,IACF;AAEA,IAAA,MAAM,cAAA,CAAe,GAAA,EAAK,eAAA,CAAgB,UAAA,EAAY,QAAQ,CAAA,EAAG;AAAA,MAC/D,UAAA;AAAA,MACA,IAAA,EAAM,GAAA;AAAA,MACN,YAAA,EAAc,WAAA;AAAA,MACd,SAAA,EAAW;AAAA,KACZ,CAAA;AAED,IAAA,OAAO,EAAE,GAAA,EAAK,OAAA,EAAS,sBAAA,EAAuB;AAAA,EAChD,CAAA;AACF;AAEO,SAAS,qBAAqB,GAAA,EAAkB;AACrD,EAAA,OAAO,OAAO,KAAA,KAA+D;AAC3E,IAAA,MAAM,EAAE,UAAA,EAAY,KAAA,EAAM,GAAI,KAAA;AAC9B,IAAA,MAAM,MAAA,GAAS,GAAA,CAAI,QAAA,CAAS,aAAA,CAAc,UAAU,CAAA;AAEpD,IAAA,MAAM,eAAA,CAAgB,MAAA,EAAQ,MAAA,EAAQ,GAAG,CAAA;AAEzC,IAAA,MAAM,SAAA,GAAY,MAAM,GAAA,CAAI,EAAA,CAAG,KAAA,CAAM;AAAA,MACnC,UAAA;AAAA,MACA,KAAA,EAAO,SAAS,EAAC;AAAA,MACjB,UAAU,GAAA,CAAI;AAAA,KACf,CAAA;AAED,IAAA,OAAO,EAAE,SAAA,EAAU;AAAA,EACrB,CAAA;AACF;;;ACjfA,eAAe,qBAAA,CACb,MAAA,EACA,SAAA,EACA,GAAA,EACe;AACf,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,MAAA,GAAS,SAAS,CAAA;AAE5C,EAAA,MAAM,SAAS,GAAA,CAAI,MAAA;AACnB,EAAA,IAAI,UAAU,MAAA,CAAO,WAAA,IAAe,MAAA,CAAO,WAAA,CAAY,SAAS,CAAA,EAAG;AACjE,IAAA,MAAM,UAAA,GAAa,WAAW,SAAS,CAAA,CAAA;AACvC,IAAA,IACE,CAAC,mBAAA,CAAoB,MAAA,CAAO,WAAA,EAAa,UAAU,CAAA,IACnD,CAAC,mBAAA,CAAoB,MAAA,CAAO,WAAA,EAAa,eAAe,CAAA,EACxD;AACA,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,0CAAA,EAA6C,UAAU,CAAA,CAAE,CAAA;AAAA,IAC3E;AAAA,EACF;AAEA,EAAA,IAAI,IAAI,IAAA,EAAM;AACZ,IAAA,MAAM,UAAA,GAAa,WAAW,SAAS,CAAA,CAAA;AACvC,IAAA,MAAM,iBAAA,GAAoB,aAAA;AAAA,MACxB,EAAE,EAAA,EAAI,GAAA,CAAI,IAAA,CAAK,EAAA,EAAI,KAAA,EAAO,GAAA,CAAI,IAAA,CAAK,KAAA,EAAO,IAAA,EAAM,GAAA,CAAI,IAAA,CAAK,IAAA,EAAK;AAAA,MAC9D;AAAA,KACF;AACA,IAAA,IAAI,CAAC,qBAAqB,CAAC,aAAA;AAAA,MACzB,EAAE,EAAA,EAAI,GAAA,CAAI,IAAA,CAAK,EAAA,EAAI,KAAA,EAAO,GAAA,CAAI,IAAA,CAAK,KAAA,EAAO,IAAA,EAAM,GAAA,CAAI,IAAA,CAAK,IAAA,EAAK;AAAA,MAC9D;AAAA,KACF,EAAG;AACD,MAAA,IAAI,CAAC,UAAA,EAAY;AACf,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,uCAAA,EAA0C,UAAU,CAAA,CAAE,CAAA;AAAA,MACxE;AAAA,IACF;AAAA,EACF;AAEA,EAAA,IAAI,UAAA,EAAY;AACd,IAAA,MAAM,OAAA,GAAU,MAAM,cAAA,CAAe,UAAA,EAAY;AAAA,MAC/C,KAAK,GAAA,CAAI,GAAA;AAAA,MACT,MAAM,GAAA,CAAI,IAAA;AAAA,MACV,UAAU,GAAA,CAAI;AAAA,KACf,CAAA;AACD,IAAA,IAAI,OAAA,KAAY,KAAA,EAAO,MAAM,IAAI,MAAM,eAAe,CAAA;AAAA,EACxD,WAAW,CAAC,GAAA,CAAI,IAAA,IAAQ,CAAC,IAAI,MAAA,EAAQ;AACnC,IAAA,MAAM,IAAI,MAAM,wCAAwC,CAAA;AAAA,EAC1D;AAEA,EAAA,IAAI,IAAI,QAAA,EAAU;AAChB,IAAA,GAAA,CAAI,EAAA,CAAG,iBAAiB,EAAE,QAAA,EAAU,IAAI,QAAA,EAAU,MAAA,EAAQ,IAAI,IAAA,EAAM,EAAA,IAAM,IAAI,IAAA,EAAM,GAAA,CAAI,MAAM,IAAA,EAAM,YAAA,EAAc,IAAI,IAAA,EAAM,IAAA,KAAS,eAAe,CAAA;AAAA,EACtJ;AACF;AAMO,SAAS,oBAAoB,GAAA,EAAkB;AACpD,EAAA,MAAM,SAA8B,EAAC;AACrC,EAAA,MAAM,WAAA,GAAc,GAAA,CAAI,QAAA,CAAS,cAAA,EAAe;AAEhD,EAAA,KAAA,MAAW,cAAc,WAAA,EAAa;AACpC,IAAA,MAAM,OAAO,UAAA,CAAW,IAAA;AAExB,IAAA,MAAA,CAAO,IAAI,CAAA,GAAI;AAAA,MACb,IAAA,EAAM,oBAAoB,GAAG,CAAA;AAAA,MAC7B,QAAA,EAAU,wBAAwB,GAAG,CAAA;AAAA,MACrC,MAAA,EAAQ,sBAAsB,GAAG,CAAA;AAAA,MACjC,MAAA,EAAQ,sBAAsB,GAAG,CAAA;AAAA,MACjC,MAAA,EAAQ,sBAAsB,GAAG,CAAA;AAAA,MACjC,KAAA,EAAO,qBAAqB,GAAG;AAAA,KACjC;AAAA,EACF;AAGA,EAAA,MAAM,OAAA,GAAU,GAAA,CAAI,QAAA,CAAS,UAAA,EAAW;AACxC,EAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,IAAA,MAAM,OAAO,MAAA,CAAO,IAAA;AAEpB,IAAA,MAAA,CAAO,CAAA,SAAA,EAAY,IAAI,CAAA,CAAE,CAAA,GAAI;AAAA,MAC3B,KAAK,YAAY;AACf,QAAA,MAAM,qBAAA,CAAsB,MAAA,EAAQ,MAAA,EAAQ,GAAG,CAAA;AAE/C,QAAA,MAAM,GAAA,GAAM,MAAM,GAAA,CAAI,EAAA,CAAG,OAAA,CAAQ;AAAA,UAC/B,UAAA,EAAY,YAAY,IAAI,CAAA,CAAA;AAAA,UAC5B,OAAO,EAAC;AAAA,UACR,UAAU,GAAA,CAAI;AAAA,SACf,CAAA;AACD,QAAA,OAAO,GAAA;AAAA,MACT,CAAA;AAAA,MACA,MAAA,EAAQ,OAAO,KAAA,KAAyC;AACtD,QAAA,MAAM,qBAAA,CAAsB,MAAA,EAAQ,QAAA,EAAU,GAAG,CAAA;AAEjD,QAAA,MAAM,MAAA,GAAS,GAAA,CAAI,QAAA,CAAS,YAAA,CAAa,IAAI,CAAA;AAC7C,QAAA,MAAM,SAAA,GAAY,MAAA,CAAO,KAAA,CAAM,KAAA,CAAM,IAAI,CAAA;AAEzC,QAAA,MAAM,QAAA,GAAW,MAAM,GAAA,CAAI,EAAA,CAAG,OAAA,CAAQ;AAAA,UACpC,UAAA,EAAY,YAAY,IAAI,CAAA,CAAA;AAAA,UAC5B,OAAO,EAAC;AAAA,UACR,UAAU,GAAA,CAAI;AAAA,SACf,CAAA;AAED,QAAA,IAAI,GAAA;AACJ,QAAA,IAAI,QAAA,EAAU;AACZ,UAAA,GAAA,GAAM,MAAM,GAAA,CAAI,EAAA,CAAG,MAAA,CAAO;AAAA,YACxB,UAAA,EAAY,YAAY,IAAI,CAAA,CAAA;AAAA,YAC5B,IAAI,QAAA,CAAS,EAAA;AAAA,YACb,IAAA,EAAM,SAAA;AAAA,YACN,UAAU,GAAA,CAAI;AAAA,WACf,CAAA;AAAA,QACH,CAAA,MAAO;AACL,UAAA,GAAA,GAAM,MAAM,GAAA,CAAI,EAAA,CAAG,MAAA,CAAO;AAAA,YACxB,UAAA,EAAY,YAAY,IAAI,CAAA,CAAA;AAAA,YAC5B,IAAA,EAAM,EAAE,GAAG,SAAA,EAAW,IAAI,IAAA,EAAK;AAAA,YAC/B,UAAU,GAAA,CAAI;AAAA,WACf,CAAA;AAAA,QACH;AAEA,QAAA,OAAO,GAAA;AAAA,MACT;AAAA,KACF;AAAA,EACF;AAEA,EAAA,OAAO,MAAA;AACT;AAyDO,SAAS,iBAAiB,GAAA,EAA8B;AAE7D,EAAA,MAAM,SAAA,GAAY,GAAA,CAAI,QAAA,EAAU,MAAA,EAAQ,SAAA;AACxC,EAAA,IAAI,SAAA,EAAW,gBAAgB,KAAA,EAAO;AACpC,IAAA,MAAM,IAAI,MAAM,sBAAsB,CAAA;AAAA,EACxC;AAEA,EAAA,OAAO,oBAAoB,GAAG,CAAA;AAChC","file":"chunk-KPA4AN4R.js","sourcesContent":["import type { BaseAdapter } from \"../../registry/types.js\";\nimport type { User, Request } from \"../../hooks/types.js\";\nimport {\n  validateApiKey,\n  extractApiKeyFromRequest,\n  createApiKeyContext,\n} from \"../../auth/api-key.js\";\nimport { createWebhookService } from \"../../webhooks/index.js\";\n\n// ============================================================================\n// Context Types\n// ============================================================================\n\nexport interface ApiKeyContext {\n  userId: string;\n  user: Partial<User>;\n  permissions: string[];\n  apiKeyId: string;\n  tenantId?: string;\n  role?: string;\n}\n\nexport interface KyroContext {\n  db: BaseAdapter;\n  registry: any;\n  user?: User;\n  tenantID?: string;\n  req: Request;\n  apiKey?: ApiKeyContext;\n  webhookService?: ReturnType<typeof createWebhookService>;\n  settings?: Record<string, any>;\n  [key: string]: any;\n}\n\n// ============================================================================\n// Context Factory\n// ============================================================================\n\nexport async function createContext(options: {\n  db: BaseAdapter;\n  registry: any;\n  req: Request;\n  user?: User;\n  tenantID?: string;\n  settings?: Record<string, any>;\n}): Promise<KyroContext> {\n  const webhookService = createWebhookService(options.db);\n\n  const baseContext: KyroContext = {\n    db: options.db,\n    registry: options.registry,\n    req: options.req,\n    user: options.user,\n    tenantID: options.tenantID,\n    webhookService,\n    settings: options.settings,\n  };\n\n  const apiKeyRaw = extractApiKeyFromRequest(options.req as any);\n  if (apiKeyRaw) {\n    const result = await validateApiKey(apiKeyRaw, options.db);\n    if (result.valid) {\n      baseContext.user = (result.user as User) || options.user;\n      baseContext.tenantID = result.tenantId || options.tenantID;\n      baseContext.apiKey = createApiKeyContext(result) as ApiKeyContext;\n    }\n  }\n\n  return baseContext;\n}\n","import type {\n  FindArgs,\n  CreateArgs,\n  UpdateArgs,\n  DeleteArgs,\n} from \"../../registry/types.js\";\nimport { runHooks } from \"../../hooks/types.js\";\nimport { evaluateAccess } from \"../../access/types.js\";\nexport type { KyroContext, ApiKeyContext } from \"./context.js\";\nexport { createContext } from \"./context.js\";\nimport type { KyroContext, ApiKeyContext } from \"./context.js\";\nimport { WEBHOOK_EVENTS, type WebhookEvent } from \"../../webhooks/types.js\";\nimport { hasApiKeyPermission } from \"../../auth/api-key.js\";\nimport { hasPermission } from \"../../auth/rbac/checker.js\";\n\nconst COLLECTION_EVENT_MAP: Record<\n  string,\n  { create: WebhookEvent; update: WebhookEvent; delete: WebhookEvent }\n> = {\n  _media: {\n    create: WEBHOOK_EVENTS.MEDIA_UPLOAD,\n    update: WEBHOOK_EVENTS.MEDIA_UPLOAD,\n    delete: WEBHOOK_EVENTS.MEDIA_DELETE,\n  },\n};\n\nfunction getWebhookEvent(\n  collection: string,\n  operation: \"create\" | \"update\" | \"delete\",\n): WebhookEvent {\n  const mapped = COLLECTION_EVENT_MAP[collection];\n  if (mapped) return mapped[operation];\n  return `collection.${operation}` as WebhookEvent;\n}\n\nasync function triggerWebhook(\n  ctx: KyroContext,\n  event: WebhookEvent,\n  payload: {\n    collection: string;\n    data: unknown;\n    previousData?: unknown;\n    operation: \"create\" | \"update\" | \"delete\";\n  },\n) {\n  if (!ctx.webhookService) return;\n  try {\n    await ctx.webhookService.trigger(event, {\n      collection: payload.collection,\n      operation: payload.operation,\n      data: payload.data,\n      previousData: payload.previousData,\n      user: ctx.user\n        ? { id: ctx.user.id, email: ctx.user.email, role: ctx.user.role }\n        : undefined,\n      tenantId: ctx.tenantID,\n    });\n  } catch (err) {\n    console.error(`[Webhook] Failed to trigger ${event}:`, err);\n  }\n}\n\n// ============================================================================\n// Access Check Helper\n// ============================================================================\n\nasync function checkTRPCAccess(\n  config: { access?: any; slug: string },\n  operation: \"read\" | \"create\" | \"update\" | \"delete\",\n  ctx: KyroContext,\n): Promise<void> {\n  const accessRule = config.access?.[operation];\n\n  // API key permission check\n  const apiKey = ctx.apiKey;\n  if (apiKey && apiKey.permissions && apiKey.permissions.length > 0) {\n    const resource = config.slug;\n    const action = operation === \"read\" ? \"read\" : operation === \"create\" ? \"create\" : \"update\";\n    const permission = `${resource}:${action}`;\n    if (\n      !hasApiKeyPermission(apiKey.permissions, permission) &&\n      !hasApiKeyPermission(apiKey.permissions, `${resource}:admin`)\n    ) {\n      throw new Error(`Access denied: missing API key permission ${permission}`);\n    }\n  }\n\n  // RBAC check for authenticated users\n  if (ctx.user) {\n    const resource = config.slug;\n    const action = operation === \"read\" ? \"read\" : operation === \"create\" ? \"create\" : operation === \"update\" ? \"update\" : \"delete\";\n    const permission = `${resource}:${action}`;\n    const userHasPermission = hasPermission(\n      { id: ctx.user.id, email: ctx.user.email, role: ctx.user.role } as any,\n      permission,\n    );\n    if (!userHasPermission && !hasPermission(\n      { id: ctx.user.id, email: ctx.user.email, role: ctx.user.role } as any,\n      `${resource}:admin`,\n    )) {\n      if (!accessRule) {\n        throw new Error(`Access denied: missing RBAC permission ${permission}`);\n      }\n    }\n  }\n\n  if (accessRule) {\n    const allowed = await evaluateAccess(accessRule, {\n      req: ctx.req,\n      user: ctx.user,\n      tenantID: ctx.tenantID,\n    });\n    if (allowed === false) throw new Error(\"Access denied\");\n  } else if (!ctx.user && !ctx.apiKey) {\n    throw new Error(\"Access denied: authentication required\");\n  }\n\n  // Set tenant context\n  if (ctx.tenantID) {\n    ctx.db.setTenantContext({ tenantId: ctx.tenantID, userId: ctx.user?.id ?? '', role: ctx.user?.role, isSuperAdmin: ctx.user?.role === 'super_admin' });\n  }\n}\n\n// ============================================================================\n// CRUD Procedure Builders\n// ============================================================================\n\nexport function createFindProcedure(ctx: KyroContext) {\n  return async (input: {\n    collection: string;\n    where?: Record<string, any>;\n    sort?: string;\n    limit?: number;\n    page?: number;\n    depth?: number;\n    select?: string[];\n    draft?: boolean;\n  }) => {\n    const { collection, where, sort, limit, page, depth, select, draft } = input;\n    const config = ctx.registry.getCollection(collection);\n\n    await checkTRPCAccess(config, \"read\", ctx);\n\n    // Run beforeRead hooks\n    if (config.hooks?.beforeRead) {\n      for (const hook of config.hooks.beforeRead) {\n        await hook({\n          collection,\n          req: ctx.req,\n          user: ctx.user,\n          tenantID: ctx.tenantID,\n          operation: \"read\",\n          where,\n        });\n      }\n    }\n\n    const isDraft = draft ?? !!ctx.user;\n\n    // Execute query\n    const result = await ctx.db.find({\n      collection,\n      where: where || {},\n      sort,\n      limit: limit || 10,\n      page: page || 1,\n      depth: depth || 0,\n      tenantID: ctx.tenantID,\n      select,\n      draft: isDraft,\n    });\n\n    // Run afterRead hooks\n    if (config.hooks?.afterRead) {\n      for (const doc of result.docs) {\n        for (const hook of config.hooks.afterRead) {\n          await hook({\n            collection,\n            doc,\n            req: ctx.req,\n            user: ctx.user,\n            tenantID: ctx.tenantID,\n            operation: \"read\",\n          });\n        }\n      }\n    }\n\n    return result;\n  };\n}\n\nexport function createFindByIDProcedure(ctx: KyroContext) {\n  return async (input: {\n    collection: string;\n    id: string;\n    depth?: number;\n    select?: string[];\n    draft?: boolean;\n  }) => {\n    const { collection, id, depth, select, draft } = input;\n    const config = ctx.registry.getCollection(collection);\n\n    await checkTRPCAccess(config, \"read\", ctx);\n\n    const isDraft = draft ?? !!ctx.user;\n\n    const doc = await ctx.db.findByID({\n      collection,\n      id,\n      depth: depth || 0,\n      tenantID: ctx.tenantID,\n      select,\n      draft: isDraft,\n    });\n\n    if (!doc) throw new Error(`Document not found: ${collection}/${id}`);\n\n    // Run afterRead hooks\n    if (config.hooks?.afterRead) {\n      for (const hook of config.hooks.afterRead) {\n        await hook({\n          collection,\n          doc,\n          req: ctx.req,\n          user: ctx.user,\n          tenantID: ctx.tenantID,\n          operation: \"read\",\n          id,\n        });\n      }\n    }\n\n    return doc;\n  };\n}\n\nexport function createCreateProcedure(ctx: KyroContext) {\n  return async (input: {\n    collection: string;\n    data: Record<string, any>;\n    depth?: number;\n    select?: string[];\n  }) => {\n    const { collection, data, depth, select } = input;\n    const config = ctx.registry.getCollection(collection);\n\n    await checkTRPCAccess(config, \"create\", ctx);\n\n    // Validate with Zod\n    const schema = ctx.registry.getCreateZodSchema(collection);\n    const validated = schema.parse(data);\n\n    // Add tenantID if scoped\n    if (config.tenantScoped && ctx.tenantID) {\n      validated.tenantID = ctx.tenantID;\n    }\n\n    // Run beforeValidate hooks\n    if (config.hooks?.beforeValidate) {\n      for (const hook of config.hooks.beforeValidate) {\n        const hookResult = await hook({\n          collection,\n          data: validated,\n          req: ctx.req,\n          user: ctx.user,\n          tenantID: ctx.tenantID,\n          operation: \"create\",\n        });\n        if (hookResult) Object.assign(validated, hookResult);\n      }\n    }\n\n    // Run beforeChange hooks\n    if (config.hooks?.beforeChange) {\n      for (const hook of config.hooks.beforeChange) {\n        const hookResult = await hook({\n          collection,\n          data: validated,\n          req: ctx.req,\n          user: ctx.user,\n          tenantID: ctx.tenantID,\n          operation: \"create\",\n        });\n        if (hookResult) Object.assign(validated, hookResult);\n      }\n    }\n\n    // Execute create\n    const doc = await ctx.db.create({\n      collection,\n      data: validated,\n      depth: depth || 0,\n      tenantID: ctx.tenantID,\n      select,\n    });\n\n    // Run afterChange hooks\n    if (config.hooks?.afterChange) {\n      for (const hook of config.hooks.afterChange) {\n        await hook({\n          collection,\n          doc,\n          data: validated,\n          req: ctx.req,\n          user: ctx.user,\n          tenantID: ctx.tenantID,\n          operation: \"create\",\n        });\n      }\n    }\n\n    await triggerWebhook(ctx, getWebhookEvent(collection, \"create\"), {\n      collection,\n      data: doc,\n      operation: \"create\",\n    });\n\n    return { doc };\n  };\n}\n\nexport function createUpdateProcedure(ctx: KyroContext) {\n  return async (input: {\n    collection: string;\n    id: string;\n    data: Record<string, any>;\n    depth?: number;\n    select?: string[];\n    baseUpdatedAt?: string;\n  }) => {\n    const { collection, id, data, depth, select, baseUpdatedAt } = input;\n    const config = ctx.registry.getCollection(collection);\n\n    await checkTRPCAccess(config, \"update\", ctx);\n\n    // Get original doc for hooks + conflict detection\n    const originalDoc = await ctx.db.findByID({\n      collection,\n      id,\n      tenantID: ctx.tenantID,\n      draft: true,\n    });\n\n    if (!originalDoc)\n      throw new Error(`Document not found: ${collection}/${id}`);\n\n    // Revision conflict detection\n    if (baseUpdatedAt && (originalDoc as Record<string, any>).updatedAt && baseUpdatedAt !== (originalDoc as Record<string, any>).updatedAt) {\n      throw new Error(`Revision conflict: document has changed since ${baseUpdatedAt}. Current updatedAt: ${(originalDoc as Record<string, any>).updatedAt}`);\n    }\n\n    // Validate with Zod\n    const schema = ctx.registry.getUpdateZodSchema(collection);\n    const validated = schema.parse(data);\n\n    // Add tenantID if scoped\n    if (config.tenantScoped && ctx.tenantID) {\n      validated.tenantID = ctx.tenantID;\n    }\n\n    // Run beforeValidate hooks\n    if (config.hooks?.beforeValidate) {\n      for (const hook of config.hooks.beforeValidate) {\n        const hookResult = await hook({\n          collection,\n          data: validated,\n          originalDoc,\n          req: ctx.req,\n          user: ctx.user,\n          tenantID: ctx.tenantID,\n          operation: \"update\",\n          id,\n        });\n        if (hookResult) Object.assign(validated, hookResult);\n      }\n    }\n\n    // Run beforeChange hooks\n    if (config.hooks?.beforeChange) {\n      for (const hook of config.hooks.beforeChange) {\n        const hookResult = await hook({\n          collection,\n          data: validated,\n          originalDoc,\n          req: ctx.req,\n          user: ctx.user,\n          tenantID: ctx.tenantID,\n          operation: \"update\",\n          id,\n        });\n        if (hookResult) Object.assign(validated, hookResult);\n      }\n    }\n\n    // Execute update\n    const doc = await ctx.db.update({\n      collection,\n      id,\n      data: validated,\n      depth: depth || 0,\n      tenantID: ctx.tenantID,\n      select,\n    });\n\n    // Run afterChange hooks\n    if (config.hooks?.afterChange) {\n      for (const hook of config.hooks.afterChange) {\n        await hook({\n          collection,\n          doc,\n          data: validated,\n          originalDoc,\n          req: ctx.req,\n          user: ctx.user,\n          tenantID: ctx.tenantID,\n          operation: \"update\",\n          id,\n        });\n      }\n    }\n\n    await triggerWebhook(ctx, getWebhookEvent(collection, \"update\"), {\n      collection,\n      data: doc,\n      previousData: originalDoc,\n      operation: \"update\",\n    });\n\n    return { doc };\n  };\n}\n\nexport function createDeleteProcedure(ctx: KyroContext) {\n  return async (input: { collection: string; id: string }) => {\n    const { collection, id } = input;\n    const config = ctx.registry.getCollection(collection);\n\n    await checkTRPCAccess(config, \"delete\", ctx);\n\n    // Get original doc for hooks\n    const originalDoc = await ctx.db.findByID({\n      collection,\n      id,\n      tenantID: ctx.tenantID,\n      draft: true,\n    });\n\n    if (!originalDoc)\n      throw new Error(`Document not found: ${collection}/${id}`);\n\n    // Run beforeDelete hooks\n    if (config.hooks?.beforeDelete) {\n      for (const hook of config.hooks.beforeDelete) {\n        await hook({\n          collection,\n          doc: originalDoc,\n          req: ctx.req,\n          user: ctx.user,\n          tenantID: ctx.tenantID,\n          operation: \"delete\",\n          id,\n        });\n      }\n    }\n\n    // Execute delete\n    const doc = await ctx.db.delete({\n      collection,\n      id,\n      tenantID: ctx.tenantID,\n    });\n\n    // Run afterDelete hooks\n    if (config.hooks?.afterDelete) {\n      for (const hook of config.hooks.afterDelete) {\n        await hook({\n          collection,\n          doc,\n          req: ctx.req,\n          user: ctx.user,\n          tenantID: ctx.tenantID,\n          operation: \"delete\",\n          id,\n        });\n      }\n    }\n\n    await triggerWebhook(ctx, getWebhookEvent(collection, \"delete\"), {\n      collection,\n      data: doc,\n      previousData: originalDoc,\n      operation: \"delete\",\n    });\n\n    return { doc, message: \"Deleted successfully\" };\n  };\n}\n\nexport function createCountProcedure(ctx: KyroContext) {\n  return async (input: { collection: string; where?: Record<string, any> }) => {\n    const { collection, where } = input;\n    const config = ctx.registry.getCollection(collection);\n\n    await checkTRPCAccess(config, \"read\", ctx);\n\n    const totalDocs = await ctx.db.count({\n      collection,\n      where: where || {},\n      tenantID: ctx.tenantID,\n    });\n\n    return { totalDocs };\n  };\n}\n","import type { KyroContext } from \"./context.js\";\nimport {\n  createFindProcedure,\n  createFindByIDProcedure,\n  createCreateProcedure,\n  createUpdateProcedure,\n  createDeleteProcedure,\n  createCountProcedure,\n} from \"./procedures.js\";\nimport { evaluateAccess } from \"../../access/types.js\";\nimport { hasPermission } from \"../../auth/rbac/checker.js\";\nimport { hasApiKeyPermission } from \"../../auth/api-key.js\";\n\n// ============================================================================\n// Global Access Check Helper\n// ============================================================================\n\nasync function checkGlobalAccessTRPC(\n  global: { access?: any; slug: string },\n  operation: \"read\" | \"update\",\n  ctx: KyroContext,\n): Promise<void> {\n  const accessRule = global.access?.[operation];\n\n  const apiKey = ctx.apiKey;\n  if (apiKey && apiKey.permissions && apiKey.permissions.length > 0) {\n    const permission = `globals:${operation}`;\n    if (\n      !hasApiKeyPermission(apiKey.permissions, permission) &&\n      !hasApiKeyPermission(apiKey.permissions, \"globals:admin\")\n    ) {\n      throw new Error(`Access denied: missing API key permission ${permission}`);\n    }\n  }\n\n  if (ctx.user) {\n    const permission = `globals:${operation}`;\n    const userHasPermission = hasPermission(\n      { id: ctx.user.id, email: ctx.user.email, role: ctx.user.role } as any,\n      permission,\n    );\n    if (!userHasPermission && !hasPermission(\n      { id: ctx.user.id, email: ctx.user.email, role: ctx.user.role } as any,\n      \"globals:admin\",\n    )) {\n      if (!accessRule) {\n        throw new Error(`Access denied: missing RBAC permission ${permission}`);\n      }\n    }\n  }\n\n  if (accessRule) {\n    const allowed = await evaluateAccess(accessRule, {\n      req: ctx.req,\n      user: ctx.user,\n      tenantID: ctx.tenantID,\n    });\n    if (allowed === false) throw new Error(\"Access denied\");\n  } else if (!ctx.user && !ctx.apiKey) {\n    throw new Error(\"Access denied: authentication required\");\n  }\n\n  if (ctx.tenantID) {\n    ctx.db.setTenantContext({ tenantId: ctx.tenantID, userId: ctx.user?.id ?? '', role: ctx.user?.role, isSuperAdmin: ctx.user?.role === 'super_admin' });\n  }\n}\n\n// ============================================================================\n// Dynamic Router Generator\n// ============================================================================\n\nexport function createDynamicRouter(ctx: KyroContext) {\n  const router: Record<string, any> = {};\n  const collections = ctx.registry.getCollections();\n\n  for (const collection of collections) {\n    const slug = collection.slug;\n\n    router[slug] = {\n      find: createFindProcedure(ctx),\n      findByID: createFindByIDProcedure(ctx),\n      create: createCreateProcedure(ctx),\n      update: createUpdateProcedure(ctx),\n      delete: createDeleteProcedure(ctx),\n      count: createCountProcedure(ctx),\n    };\n  }\n\n  // Add globals\n  const globals = ctx.registry.getGlobals();\n  for (const global of globals) {\n    const slug = global.slug;\n\n    router[`_globals_${slug}`] = {\n      get: async () => {\n        await checkGlobalAccessTRPC(global, \"read\", ctx);\n\n        const doc = await ctx.db.findOne({\n          collection: `_globals_${slug}`,\n          where: {},\n          tenantID: ctx.tenantID,\n        });\n        return doc;\n      },\n      update: async (input: { data: Record<string, any> }) => {\n        await checkGlobalAccessTRPC(global, \"update\", ctx);\n\n        const schema = ctx.registry.getZodSchema(slug);\n        const validated = schema.parse(input.data);\n\n        const existing = await ctx.db.findOne({\n          collection: `_globals_${slug}`,\n          where: {},\n          tenantID: ctx.tenantID,\n        });\n\n        let doc;\n        if (existing) {\n          doc = await ctx.db.update({\n            collection: `_globals_${slug}`,\n            id: existing.id,\n            data: validated,\n            tenantID: ctx.tenantID,\n          });\n        } else {\n          doc = await ctx.db.create({\n            collection: `_globals_${slug}`,\n            data: { ...validated, id: slug },\n            tenantID: ctx.tenantID,\n          });\n        }\n\n        return doc;\n      },\n    };\n  }\n\n  return router;\n}\n\n// ============================================================================\n// Typed Router Interface\n// ============================================================================\n\nexport interface KyroRouter {\n  [collectionSlug: string]: {\n    find: (input: {\n      where?: Record<string, any>;\n      sort?: string;\n      limit?: number;\n      page?: number;\n      depth?: number;\n      select?: string[];\n      draft?: boolean;\n    }) => Promise<{\n      docs: any[];\n      totalDocs: number;\n      limit: number;\n      totalPages: number;\n      page: number;\n      pagingCounter: number;\n      hasPrevPage: boolean;\n      hasNextPage: boolean;\n      prevPage: number | null;\n      nextPage: number | null;\n    }>;\n    findByID: (input: {\n      id: string;\n      depth?: number;\n      select?: string[];\n      draft?: boolean;\n    }) => Promise<any>;\n    create: (input: {\n      data: Record<string, any>;\n      depth?: number;\n      select?: string[];\n    }) => Promise<{ doc: any }>;\n    update: (input: {\n      id: string;\n      data: Record<string, any>;\n      depth?: number;\n      select?: string[];\n      baseUpdatedAt?: string;\n    }) => Promise<{ doc: any }>;\n    delete: (input: { id: string }) => Promise<{ doc: any; message: string }>;\n    count: (input: {\n      where?: Record<string, any>;\n    }) => Promise<{ totalDocs: number }>;\n  };\n}\n\n// ============================================================================\n// Server Entry\n// ============================================================================\n\nexport function createKyroServer(ctx: KyroContext): KyroRouter {\n  // Check if tRPC is disabled in settings\n  const apiAccess = ctx.settings?.access?.apiAccess;\n  if (apiAccess?.trpcEnabled === false) {\n    throw new Error(\"tRPC API is disabled\");\n  }\n\n  return createDynamicRouter(ctx) as KyroRouter;\n}\n"]}

package/dist/chunk-L46ROHUS.cjs.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/integration.ts"],"names":["path","fs"],"mappings":";;;;;;;;;;;;AAIA,IAAM,yBAAyBA,qBAAA,CAAK,OAAA;AAAA,EAClC,IAAI,GAAA,CAAI,GAAA,EAAK,oQAAe,CAAA,CAAE,QAAA;AAAA,EAC9B;AACF,CAAA;AACA,IAAM,6BAA6BA,qBAAA,CAAK,OAAA;AAAA,EACtC,IAAI,GAAA,CAAI,GAAA,EAAK,oQAAe,CAAA,CAAE,QAAA;AAAA,EAC9B;AACF,CAAA;AACA,IAAM,0BAA0BA,qBAAA,CAAK,OAAA;AAAA,EACnC,IAAI,GAAA,CAAI,GAAA,EAAK,oQAAe,CAAA,CAAE,QAAA;AAAA,EAC9B;AACF,CAAA;AAYe,SAAR,IAAA,CAAsB,OAAA,GAAkC,EAAC,EAAqB;AACnF,EAAA,MAAM;AAAA,IACJ,UAAA,GAAa,kBAAA;AAAA,IACb,OAAA,GAAU,MAAA;AAAA,IACV,SAAA,GAAY,QAAA;AAAA,IACZ,KAAA,GAAQ,IAAA;AAAA,IACR,aAAA,GAAgB,KAAA;AAAA,IAChB,UAAA,GAAa,KAAA;AAAA,IACb,eAAA,GAAkB;AAAA,GACpB,GAAI,OAAA;AAEJ,EAAA,OAAO;AAAA,IACL,IAAA,EAAM,gBAAA;AAAA,IACN,KAAA,EAAO;AAAA,MACL,sBAAsB,OAAO,EAAE,QAAQ,YAAA,EAAc,WAAA,EAAa,QAAO,KAAM;AAC7E,QAAA,MAAA,CAAO,IAAA,CAAK,CAAA,0BAAA,EAA6B,OAAO,CAAA,SAAA,EAAY,SAAS,CAAA,CAAA,CAAG,CAAA;AAExE,QAAA,IAAI,YAAY,SAAA,EAAW;AACzB,UAAA,MAAM,IAAI,KAAA,CAAM,CAAA,qDAAA,EAAwD,OAAO,CAAA,EAAA,CAAI,CAAA;AAAA,QACrF;AAEA,QAAA,MAAM,qBAAqBA,qBAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,IAAA,CAAK,UAAU,UAAU,CAAA;AAExE,QAAA,IAAI,eAAA,GAAkB,kBAAA;AACtB,QAAA,IAAI,CAACC,mBAAA,CAAG,UAAA,CAAW,kBAAkB,CAAA,EAAG;AACtC,UAAA,MAAA,CAAO,IAAA,CAAK,CAAA,8BAAA,EAAiC,UAAU,CAAA,sDAAA,CAAwD,CAAA;AAAA,QACjH;AAEA,QAAA,YAAA,CAAa;AAAA,UACX,IAAA,EAAM;AAAA,YACJ,OAAA,EAAS;AAAA,cACP;AAAA,gBACE,IAAA,EAAM,kCAAA;AAAA,gBACN,OAAA,EAAS,KAAA;AAAA,gBACT,UAAU,EAAA,EAAY;AACpB,kBAAA,IACE,EAAA,KAAO,8BAAA,IACP,EAAA,KAAO,uCAAA,EACP;AACA,oBAAA,OAAO,wCAAA;AAAA,kBACT;AACA,kBAAA,IACE,EAAA,KAAO,4CAAA,IACP,EAAA,KAAO,+CAAA,EACP;AACA,oBAAA,OAAO,sDAAA;AAAA,kBACT;AAAA,gBACF,CAAA;AAAA,gBACA,KAAK,EAAA,EAAY;AACf,kBAAA,IAAI,OAAO,wCAAA,EAA0C;AACnD,oBAAA,OAAO,CAAA,6CAAA,CAAA;AAAA,kBACT;AACA,kBAAA,IAAI,OAAO,sDAAA,EAAwD;AACjE,oBAAA,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,CAAA;AAAA,kBAoBT;AAAA,gBACF;AAAA;AACF,aACF;AAAA,YACA,OAAA,EAAS;AAAA,cACP,KAAA,EAAO;AAAA,gBACL,aAAA,EAAe;AAAA;AACjB,aACF;AAAA,YACA,MAAA,EAAQ;AAAA,cACN,iBAAA,EAAmB,IAAA,CAAK,SAAA,CAAU,OAAO,CAAA;AAAA,cACzC,mBAAA,EAAqB,IAAA,CAAK,SAAA,CAAU,SAAS,CAAA;AAAA,cAC7C,uBAAA,EAAyB,IAAA,CAAK,SAAA,CAAU,aAAa,CAAA;AAAA,cACrD,oBAAA,EAAsB,IAAA,CAAK,SAAA,CAAU,UAAU,CAAA;AAAA,cAC/C,kBAAA,EAAoB,IAAA,CAAK,SAAA,CAAU,eAAe;AAAA;AACpD;AACF,SACD,CAAA;AAED,QAAA,WAAA,CAAY;AAAA,UACV,OAAA,EAAS,GAAG,OAAO,CAAA,UAAA,CAAA;AAAA,UACnB,UAAA,EAAY;AAAA,SACb,CAAA;AAED,QAAA,IAAI,aAAA,EAAe;AACjB,UAAA,WAAA,CAAY;AAAA,YACV,OAAA,EAAS,GAAG,OAAO,CAAA,QAAA,CAAA;AAAA,YACnB,UAAA,EAAY;AAAA,WACb,CAAA;AACD,UAAA,MAAA,CAAO,IAAA,CAAK,CAAA,4BAAA,EAA+B,OAAO,CAAA,QAAA,CAAU,CAAA;AAAA,QAC9D;AAEA,QAAA,IAAI,UAAA,EAAY;AACd,UAAA,WAAA,CAAY;AAAA,YACV,OAAA,EAAS,GAAG,OAAO,CAAA,eAAA,CAAA;AAAA,YACnB,UAAA,EAAY;AAAA,WACb,CAAA;AACD,UAAA,MAAA,CAAO,IAAA,CAAK,CAAA,yBAAA,EAA4B,OAAO,CAAA,KAAA,CAAO,CAAA;AAAA,QACxD;AAEA,QAAA,IAAI,eAAA,EAAiB;AACnB,UAAA,MAAA,CAAO,KAAK,CAAA,wDAAA,CAA0D,CAAA;AAAA,QACxE;AAAA,MACF;AAAA;AACF,GACF;AACF","file":"chunk-L46ROHUS.cjs","sourcesContent":["import type { AstroIntegration } from \"astro\";\nimport path from \"path\";\nimport fs from \"fs\";\n\nconst API_HANDLER_ENTRYPOINT = path.resolve(\n  new URL(\".\", import.meta.url).pathname,\n  \"api-handler.js\",\n);\nconst GRAPHQL_HANDLER_ENTRYPOINT = path.resolve(\n  new URL(\".\", import.meta.url).pathname,\n  \"api-handler-graphql.js\",\n);\nconst TRPC_HANDLER_ENTRYPOINT = path.resolve(\n  new URL(\".\", import.meta.url).pathname,\n  \"api-handler-trpc.js\",\n);\n\nexport interface KyroIntegrationOptions {\n  configPath?: string;\n  apiPath?: string;\n  adminPath?: string;\n  admin?: boolean;\n  enableGraphQL?: boolean;\n  enableTRPC?: boolean;\n  enableWebSocket?: boolean;\n}\n\nexport default function kyro(options: KyroIntegrationOptions = {}): AstroIntegration {\n  const {\n    configPath = \"./kyro.config.ts\",\n    apiPath = \"/api\",\n    adminPath = \"/admin\",\n    admin = true,\n    enableGraphQL = false,\n    enableTRPC = false,\n    enableWebSocket = false,\n  } = options;\n\n  return {\n    name: \"@kyro-cms/core\",\n    hooks: {\n      \"astro:config:setup\": async ({ config, updateConfig, injectRoute, logger }) => {\n        logger.info(`Setting up Kyro CMS (API: ${apiPath}, Admin: ${adminPath})`);\n \n        if (apiPath === adminPath) {\n          throw new Error(`Kyro CMS: apiPath and adminPath cannot be the same (\"${apiPath}\")`);\n        }\n\n        const resolvedConfigPath = path.resolve(config.root.pathname, configPath);\n        \n        let finalConfigPath = resolvedConfigPath;\n        if (!fs.existsSync(resolvedConfigPath)) {\n          logger.warn(`Kyro config file not found at ${configPath}. The API will fail to boot if collections are needed.`);\n        }\n \n        updateConfig({\n          vite: {\n            plugins: [\n              {\n                name: \"use-sync-external-store-shim-fix\",\n                enforce: \"pre\" as const,\n                resolveId(id: string) {\n                  if (\n                    id === \"use-sync-external-store/shim\" ||\n                    id === \"use-sync-external-store/shim/index.js\"\n                  ) {\n                    return \"\\0virtual:use-sync-external-store-shim\";\n                  }\n                  if (\n                    id === \"use-sync-external-store/shim/with-selector\" ||\n                    id === \"use-sync-external-store/shim/with-selector.js\"\n                  ) {\n                    return \"\\0virtual:use-sync-external-store-shim-with-selector\";\n                  }\n                },\n                load(id: string) {\n                  if (id === \"\\0virtual:use-sync-external-store-shim\") {\n                    return `export { useSyncExternalStore } from \"react\";`;\n                  }\n                  if (id === \"\\0virtual:use-sync-external-store-shim-with-selector\") {\n                    return `\nimport { useSyncExternalStore, useMemo } from \"react\";\nexport function useSyncExternalStoreWithSelector(subscribe, getSnapshot, getServerSnapshot, selector, isEqual) {\n  const memoizedSelector = useMemo(() => {\n    let last, lastSnap, hasMemo = false;\n    return (snap) => {\n      if (!hasMemo || !Object.is(lastSnap, snap)) {\n        const next = selector(snap);\n        if (!hasMemo || !(isEqual ? isEqual(last, next) : Object.is(last, next))) {\n          last = next; lastSnap = snap; hasMemo = true;\n        }\n      }\n      return last;\n    };\n  }, [selector, isEqual]);\n  const getSelection = () => memoizedSelector(getSnapshot());\n  const getServerSelection = getServerSnapshot != null ? () => memoizedSelector(getServerSnapshot()) : undefined;\n  return useSyncExternalStore(subscribe, getSelection, getServerSelection);\n}\n`;\n                  }\n                },\n              },\n            ],\n            resolve: {\n              alias: {\n                \"kyro:config\": finalConfigPath,\n              },\n            },\n            define: {\n              __KYRO_API_PATH__: JSON.stringify(apiPath),\n              __KYRO_ADMIN_PATH__: JSON.stringify(adminPath),\n              __KYRO_ENABLE_GRAPHQL__: JSON.stringify(enableGraphQL),\n              __KYRO_ENABLE_TRPC__: JSON.stringify(enableTRPC),\n              __KYRO_ENABLE_WS__: JSON.stringify(enableWebSocket),\n            },\n          },\n        });\n \n        injectRoute({\n          pattern: `${apiPath}/[...path]`,\n          entrypoint: API_HANDLER_ENTRYPOINT,\n        });\n\n        if (enableGraphQL) {\n          injectRoute({\n            pattern: `${apiPath}/graphql`,\n            entrypoint: GRAPHQL_HANDLER_ENTRYPOINT,\n          });\n          logger.info(`GraphQL endpoint enabled at ${apiPath}/graphql`);\n        }\n\n        if (enableTRPC) {\n          injectRoute({\n            pattern: `${apiPath}/trpc/[...path]`,\n            entrypoint: TRPC_HANDLER_ENTRYPOINT,\n          });\n          logger.info(`tRPC endpoint enabled at ${apiPath}/trpc`);\n        }\n\n        if (enableWebSocket) {\n          logger.info(`WebSocket support enabled (auto-starts at first request)`);\n        }\n      },\n    },\n  };\n}\n"]}

package/dist/chunk-PI73NNOK.cjs.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/database/base.ts","../src/auth/rls/tenant.ts"],"names":["hasAnyRole"],"mappings":";;;;;AAyBO,IAAe,sBAAf,MAA0D;AAAA,EACrD,WAAA,uBAAiD,GAAA,EAAI;AAAA,EACrD,OAAA,uBAAyC,GAAA,EAAI;AAAA,EAC7C,SAAA,GAAY,KAAA;AAAA,EACZ,aAAA;AAAA,EAKV,iBAAiB,OAAA,EAA0C;AACzD,IAAA,IAAA,CAAK,aAAA,GAAgB,OAAA;AAAA,EACvB;AAAA,EAEA,gBAAA,GAA8C;AAC5C,IAAA,OAAO,IAAA,CAAK,aAAA;AAAA,EACd;AAAA,EAEA,MAAM,IAAA,CAAK,WAAA,EAAiC,OAAA,GAA0B,EAAC,EAAkB;AACvF,IAAA,KAAA,MAAW,UAAU,WAAA,EAAa;AAChC,MAAA,IAAA,CAAK,WAAA,CAAY,GAAA,CAAI,MAAA,CAAO,IAAA,EAAM,MAAM,CAAA;AAAA,IAC1C;AACA,IAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,MAAA,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,MAAA,CAAO,IAAA,EAAM,MAAM,CAAA;AAAA,IACtC;AACA,IAAA,MAAM,KAAK,OAAA,EAAQ;AAAA,EACrB;AAAA;AAAA;AAAA;AAAA,EA2BU,cAAc,IAAA,EAAgC;AACtD,IAAA,MAAM,UAAA,GAAa,IAAA,CAAK,WAAA,CAAY,GAAA,CAAI,IAAI,CAAA;AAC5C,IAAA,IAAI,CAAC,UAAA,EAAY;AACf,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,YAAA,EAAe,IAAI,CAAA,sBAAA,CAAwB,CAAA;AAAA,IAC7D;AACA,IAAA,OAAO,UAAA;AAAA,EACT;AAAA,EAEU,iBAAA,CAAkB,KAAA,GAA6B,EAAC,EAAG,QAAA,EAAwC;AACnG,IAAA,IAAI,QAAA,EAAU;AACZ,MAAA,OAAO;AAAA,QACL,GAAG,KAAA;AAAA,QACH,QAAA,EAAU,EAAE,MAAA,EAAQ,QAAA;AAAS,OAC/B;AAAA,IACF;AACA,IAAA,OAAO,KAAA;AAAA,EACT;AAAA,EAEU,aAAa,IAAA,EAAsB;AAC3C,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAA;AAAA,EAC/B;AAAA,EAEU,WAAA,CAAY,MAA2B,UAAA,EAAmD;AAClG,IAAA,MAAM,QAAA,GAAgC,EAAE,GAAG,IAAA,EAAK;AAEhD,IAAA,IAAI,WAAW,UAAA,EAAY;AACzB,MAAA,QAAA,CAAS,SAAA,GAAA,iBAAY,IAAI,IAAA,EAAK,EAAE,WAAA,EAAY;AAC5C,MAAA,IAAI,CAAC,SAAS,SAAA,EAAW;AACvB,QAAA,QAAA,CAAS,SAAA,GAAA,iBAAY,IAAI,IAAA,EAAK,EAAE,WAAA,EAAY;AAAA,MAC9C;AAAA,IACF;AAGA,IAAA,IAAI,UAAA,CAAW,IAAA,IAAQ,QAAA,CAAS,QAAA,EAAU;AAI1C,IAAA,OAAO,QAAA;AAAA,EACT;AAAA,EAEU,oBAAA,CACR,IAAA,EACA,MAAA,EACA,KAAA,EACqB;AAErB,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEU,UAAU,IAAA,EAA6D;AAC/E,IAAA,IAAI,CAAC,IAAA,EAAM,OAAO,EAAE,KAAA,EAAO,WAAA,EAAa,WAAW,MAAA,EAAO;AAC1D,IAAA,IAAI,IAAA,CAAK,UAAA,CAAW,GAAG,CAAA,EAAG;AACxB,MAAA,OAAO,EAAE,KAAA,EAAO,IAAA,CAAK,MAAM,CAAC,CAAA,EAAG,WAAW,MAAA,EAAO;AAAA,IACnD;AACA,IAAA,OAAO,EAAE,KAAA,EAAO,IAAA,EAAM,SAAA,EAAW,KAAA,EAAM;AAAA,EACzC;AAAA,EAEU,mBAAA,CAAoB,IAAA,EAAc,KAAA,EAAe,SAAA,EAAmB;AAC5E,IAAA,MAAM,UAAA,GAAa,IAAA,CAAK,IAAA,CAAK,SAAA,GAAY,KAAK,CAAA;AAC9C,IAAA,OAAO;AAAA,MACL,SAAA;AAAA,MACA,KAAA;AAAA,MACA,UAAA;AAAA,MACA,IAAA;AAAA,MACA,aAAA,EAAA,CAAgB,IAAA,GAAO,CAAA,IAAK,KAAA,GAAQ,CAAA;AAAA,MACpC,aAAa,IAAA,GAAO,CAAA;AAAA,MACpB,aAAa,IAAA,GAAO,UAAA;AAAA,MACpB,QAAA,EAAU,IAAA,GAAO,CAAA,GAAI,IAAA,GAAO,CAAA,GAAI,IAAA;AAAA,MAChC,QAAA,EAAU,IAAA,GAAO,UAAA,GAAa,IAAA,GAAO,CAAA,GAAI;AAAA,KAC3C;AAAA,EACF;AAAA,EAEU,YAAA,CAAa,MAA2B,MAAA,EAAwC;AACxF,IAAA,IAAI,CAAC,MAAA,IAAU,MAAA,CAAO,MAAA,KAAW,GAAG,OAAO,IAAA;AAC3C,IAAA,MAAM,SAA8B,EAAC;AACrC,IAAA,KAAA,MAAW,SAAS,MAAA,EAAQ;AAC1B,MAAA,IAAI,SAAS,IAAA,EAAM;AACjB,QAAA,MAAA,CAAO,KAAK,CAAA,GAAI,IAAA,CAAK,KAAK,CAAA;AAAA,MAC5B;AAAA,IACF;AACA,IAAA,MAAA,CAAO,IAAI,IAAI,IAAA,CAAK,EAAA;AACpB,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEU,oBAAoB,KAAA,EAA0C;AACtE,IAAA,OAAO,MAAM,IAAA,KAAS,cAAA;AAAA,EACxB;AAAA,EAEU,cAAc,KAAA,EAAoC;AAC1D,IAAA,OAAO,MAAM,IAAA,KAAS,QAAA;AAAA,EACxB;AAAA,EAEU,sBAAsB,MAAA,EAAsC;AACpE,IAAA,MAAM,SAA8B,EAAC;AACrC,IAAA,KAAA,MAAW,SAAS,MAAA,EAAQ;AAC1B,MAAA,IAAI,KAAA,CAAM,SAAS,cAAA,EAAgB;AACjC,QAAA,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,MACnB,CAAA,MAAA,IAAW,QAAA,IAAY,KAAA,IAAS,KAAA,CAAM,MAAA,EAAQ;AAC5C,QAAA,MAAA,CAAO,KAAK,GAAG,IAAA,CAAK,qBAAA,CAAsB,KAAA,CAAM,MAAM,CAAC,CAAA;AAAA,MACzD;AAAA,IACF;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEU,gBAAgB,MAAA,EAAgC;AACxD,IAAA,MAAM,SAAwB,EAAC;AAC/B,IAAA,KAAA,MAAW,SAAS,MAAA,EAAQ;AAC1B,MAAA,IAAI,KAAA,CAAM,SAAS,QAAA,EAAU;AAC3B,QAAA,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,MACnB,CAAA,MAAA,IAAW,QAAA,IAAY,KAAA,IAAS,KAAA,CAAM,MAAA,EAAQ;AAC5C,QAAA,MAAA,CAAO,KAAK,GAAG,IAAA,CAAK,eAAA,CAAgB,KAAA,CAAM,MAAM,CAAC,CAAA;AAAA,MACnD;AAAA,IACF;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AACF;;;ACzKO,IAAM,kBAAA,GAAgC;AAAA,EAC3C,aAAA,EAAe,IAAA;AAAA,EACf,WAAA,EAAa,UAAA;AAAA,EACb,cAAA,EAAgB;AAAA,IACd,KAAA,EAAO;AAAA,MACL,UAAA,EAAY,UAAA;AAAA,MACZ,WAAA,EAAa,CAAC,aAAA,EAAe,OAAA,EAAS,QAAQ;AAAA,KAChD;AAAA,IACA,KAAA,EAAO;AAAA,MACL,UAAA,EAAY,UAAA;AAAA,MACZ,WAAA,EAAa,CAAC,aAAA,EAAe,OAAA,EAAS,QAAQ;AAAA,KAChD;AAAA,IACA,KAAA,EAAO;AAAA,MACL,UAAA,EAAY,YAAA;AAAA,MACZ,WAAA,EAAa,CAAC,aAAA,EAAe,OAAA,EAAS,QAAQ;AAAA,KAChD;AAAA,IACA,MAAA,EAAQ;AAAA,MACN,UAAA,EAAY,YAAA;AAAA,MACZ,WAAA,EAAa,CAAC,aAAA,EAAe,OAAA,EAAS,QAAQ;AAAA,KAChD;AAAA,IACA,SAAA,EAAW,EAAE,UAAA,EAAY,IAAA,EAAM,aAAa,CAAC,aAAA,EAAe,OAAO,CAAA,EAAE;AAAA,IACrE,UAAA,EAAY,EAAE,UAAA,EAAY,IAAA,EAAM,aAAa,CAAC,aAAA,EAAe,OAAO,CAAA;AAAE;AAE1E;AA0BO,SAAS,eAAA,CACd,KAAA,EACA,OAAA,EACA,MAAA,GAAoB,kBAAA,EACjB;AACH,EAAA,IAAI,CAAC,MAAA,CAAO,aAAA,IAAiB,OAAA,CAAQ,YAAA,EAAc;AACjD,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,OAAO;AAAA,IACL,GAAG,KAAA;AAAA,IACH,KAAA,EAAO;AAAA,MACL,GAAG,KAAA,CAAM,KAAA;AAAA,MACT,CAAC,MAAA,CAAO,WAAW,GAAG,OAAA,CAAQ;AAAA;AAChC,GACF;AACF;AAEO,SAAS,kBAAA,CACd,KAAA,EACA,UAAA,EACA,OAAA,EACA,SAAoB,kBAAA,EACC;AACrB,EAAA,MAAM,IAAA,GAAO,MAAA,CAAO,cAAA,CAAe,UAAU,CAAA;AAE7C,EAAA,IAAI,CAAC,IAAA,EAAM;AACT,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,IACE,IAAA,CAAK,WAAA,IACLA,4BAAA,CAAW,EAAE,IAAA,EAAM,QAAQ,IAAA,EAAK,EAAe,IAAA,CAAK,WAAW,CAAA,EAC/D;AACA,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,IAAI,IAAA,CAAK,UAAA,KAAe,IAAA,IAAQ,OAAA,CAAQ,MAAA,EAAQ;AAC9C,IAAA,OAAO;AAAA,MACL,GAAG,KAAA;AAAA,MACH,KAAA,EAAO;AAAA,QACL,GAAG,KAAA,CAAM,KAAA;AAAA,QACT,IAAI,OAAA,CAAQ;AAAA;AACd,KACF;AAAA,EACF;AAEA,EAAA,IAAI,IAAA,CAAK,UAAA,IAAc,OAAA,CAAQ,MAAA,EAAQ;AACrC,IAAA,OAAO;AAAA,MACL,GAAG,KAAA;AAAA,MACH,KAAA,EAAO;AAAA,QACL,GAAG,KAAA,CAAM,KAAA;AAAA,QACT,CAAC,IAAA,CAAK,UAAU,GAAG,OAAA,CAAQ;AAAA;AAC7B,KACF;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT;AAEO,SAAS,QAAA,CACd,KAAA,EACA,UAAA,EACA,OAAA,EACA,SAAoB,kBAAA,EACjB;AACH,EAAA,IAAI,MAAA,GAAS,KAAA;AAEb,EAAA,MAAA,GAAS,eAAA,CAAgB,MAAA,EAAQ,OAAA,EAAS,MAAM,CAAA;AAEhD,EAAA,MAAA,GAAS,kBAAA,CAAmB,MAAA,EAAQ,UAAA,EAAY,OAAA,EAAS,MAAM,CAAA;AAE/D,EAAA,OAAO,MAAA;AACT;AAEO,SAAS,iBAAA,CACd,GAAA,EACA,UAAA,EACA,OAAA,EACA,SAAoB,kBAAA,EACX;AACT,EAAA,IAAI,QAAQ,YAAA,EAAc;AACxB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI,OAAO,aAAA,IAAiB,GAAA,CAAI,OAAO,WAAW,CAAA,KAAM,QAAQ,QAAA,EAAU;AACxE,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,MAAM,IAAA,GAAO,MAAA,CAAO,cAAA,CAAe,UAAU,CAAA;AAE7C,EAAA,IAAI,CAAC,IAAA,EAAM;AACT,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IACE,IAAA,CAAK,WAAA,IACLA,4BAAA,CAAW,EAAE,IAAA,EAAM,QAAQ,IAAA,EAAK,EAAe,IAAA,CAAK,WAAW,CAAA,EAC/D;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI,IAAA,CAAK,eAAe,IAAA,EAAM;AAC5B,IAAA,OAAO,GAAA,CAAI,OAAO,OAAA,CAAQ,MAAA;AAAA,EAC5B;AAEA,EAAA,IAAI,KAAK,UAAA,EAAY;AACnB,IAAA,OAAO,GAAA,CAAI,IAAA,CAAK,UAAU,CAAA,KAAM,OAAA,CAAQ,MAAA;AAAA,EAC1C;AAEA,EAAA,OAAO,IAAA;AACT","file":"chunk-PI73NNOK.cjs","sourcesContent":["import type {\n  BaseAdapter,\n  CollectionConfig,\n  GlobalConfig,\n  FindArgs,\n  FindByIDArgs,\n  CreateArgs,\n  UpdateArgs,\n  DeleteArgs,\n  FindResult,\n  DraftFindArgs,\n  DraftUpsertArgs,\n  DraftDeleteArgs,\n  DraftSnapshot,\n  VersionRecord,\n  CreateVersionArgs,\n  FindVersionsArgs,\n} from '../registry/types.js';\nimport type { Field, RelationshipField, UploadField } from '../fields/types.js';\nimport type { TenantContext } from '../auth/rls/tenant.js';\n\n// ============================================================================\n// Abstract Base Adapter\n// ============================================================================\n\nexport abstract class AbstractBaseAdapter implements BaseAdapter {\n  protected collections: Map<string, CollectionConfig> = new Map();\n  protected globals: Map<string, GlobalConfig> = new Map();\n  protected connected = false;\n  protected tenantContext?: TenantContext;\n\n  abstract connect(): Promise<void>;\n  abstract disconnect(): Promise<void>;\n\n  setTenantContext(context: TenantContext | undefined): void {\n    this.tenantContext = context;\n  }\n\n  getTenantContext(): TenantContext | undefined {\n    return this.tenantContext;\n  }\n\n  async init(collections: CollectionConfig[], globals: GlobalConfig[] = []): Promise<void> {\n    for (const config of collections) {\n      this.collections.set(config.slug, config);\n    }\n    for (const config of globals) {\n      this.globals.set(config.slug, config);\n    }\n    await this.connect();\n  }\n\n  abstract find<T>(args: FindArgs): Promise<FindResult<T>>;\n  abstract findByID<T>(args: FindByIDArgs): Promise<T | null>;\n  abstract create<T>(args: CreateArgs): Promise<T>;\n  abstract update<T>(args: UpdateArgs): Promise<T>;\n  abstract delete<T>(args: DeleteArgs): Promise<T>;\n  abstract count(args: { collection: string; where?: Record<string, any>; tenantID?: string }): Promise<number>;\n\n  abstract findOne(args: { collection: string; where: Record<string, any>; tenantID?: string; draft?: boolean }): Promise<any>;\n\n  abstract findVersions(args: FindVersionsArgs): Promise<FindResult<VersionRecord>>;\n  abstract findVersionByID(args: { collection: string; versionId: string; tenantID?: string }): Promise<VersionRecord | null>;\n  abstract createVersion<T = Record<string, any>>(args: CreateVersionArgs<T>): Promise<VersionRecord<T>>;\n  abstract deleteVersions(args: { collection: string; documentId: string; keepLatest?: number; tenantID?: string }): Promise<void>;\n  abstract findDraft<T>(args: DraftFindArgs): Promise<DraftSnapshot<T> | null>;\n  abstract upsertDraft<T>(args: DraftUpsertArgs<T>): Promise<DraftSnapshot<T>>;\n  abstract deleteDraft(args: DraftDeleteArgs): Promise<void>;\n\n  async migrate?(): Promise<void>;\n  async rollback?(): Promise<void>;\n  async transaction?<T>(fn: (tx: any) => Promise<T>): Promise<T>;\n\n  // ========================================================================\n  // Utility Methods\n  // ========================================================================\n\n  protected getCollection(slug: string): CollectionConfig {\n    const collection = this.collections.get(slug);\n    if (!collection) {\n      throw new Error(`Collection \"${slug}\" not found in adapter`);\n    }\n    return collection;\n  }\n\n  protected applyTenantFilter(where: Record<string, any> = {}, tenantID?: string): Record<string, any> {\n    if (tenantID) {\n      return {\n        ...where,\n        tenantID: { equals: tenantID },\n      };\n    }\n    return where;\n  }\n\n  protected getTableName(slug: string): string {\n    return slug.replace(/-/g, '_');\n  }\n\n  protected prepareData(data: Record<string, any>, collection: CollectionConfig): Record<string, any> {\n    const prepared: Record<string, any> = { ...data };\n    \n    if (collection.timestamps) {\n      prepared.updatedAt = new Date().toISOString();\n      if (!prepared.createdAt) {\n        prepared.createdAt = new Date().toISOString();\n      }\n    }\n\n    // Handle password hashing\n    if (collection.auth && prepared.password) {\n      // Password should be hashed before this point via hooks\n    }\n\n    return prepared;\n  }\n\n  protected processRelationships(\n    data: Record<string, any>,\n    fields: Field[],\n    depth: number\n  ): Record<string, any> {\n    // This is a base implementation - specific adapters override\n    return data;\n  }\n\n  protected parseSort(sort?: string): { field: string; direction: 'asc' | 'desc' } {\n    if (!sort) return { field: 'createdAt', direction: 'desc' };\n    if (sort.startsWith('-')) {\n      return { field: sort.slice(1), direction: 'desc' };\n    }\n    return { field: sort, direction: 'asc' };\n  }\n\n  protected calculatePagination(page: number, limit: number, totalDocs: number) {\n    const totalPages = Math.ceil(totalDocs / limit);\n    return {\n      totalDocs,\n      limit,\n      totalPages,\n      page,\n      pagingCounter: (page - 1) * limit + 1,\n      hasPrevPage: page > 1,\n      hasNextPage: page < totalPages,\n      prevPage: page > 1 ? page - 1 : null,\n      nextPage: page < totalPages ? page + 1 : null,\n    };\n  }\n\n  protected selectFields(data: Record<string, any>, select?: string[]): Record<string, any> {\n    if (!select || select.length === 0) return data;\n    const result: Record<string, any> = {};\n    for (const field of select) {\n      if (field in data) {\n        result[field] = data[field];\n      }\n    }\n    result['id'] = data.id;\n    return result;\n  }\n\n  protected isRelationshipField(field: Field): field is RelationshipField {\n    return field.type === 'relationship';\n  }\n\n  protected isUploadField(field: Field): field is UploadField {\n    return field.type === 'upload';\n  }\n\n  protected getRelationshipFields(fields: Field[]): RelationshipField[] {\n    const result: RelationshipField[] = [];\n    for (const field of fields) {\n      if (field.type === 'relationship') {\n        result.push(field);\n      } else if ('fields' in field && field.fields) {\n        result.push(...this.getRelationshipFields(field.fields));\n      }\n    }\n    return result;\n  }\n\n  protected getUploadFields(fields: Field[]): UploadField[] {\n    const result: UploadField[] = [];\n    for (const field of fields) {\n      if (field.type === 'upload') {\n        result.push(field);\n      } else if ('fields' in field && field.fields) {\n        result.push(...this.getUploadFields(field.fields));\n      }\n    }\n    return result;\n  }\n}\n","import type { AuthUser } from \"../types.js\";\nimport { hasAnyRole } from \"../rbac/checker.js\";\n\nexport interface TenantContext {\n  tenantId: string;\n  userId: string;\n  role?: string;\n  roles?: string[];\n  permissions?: string[];\n  isSuperAdmin?: boolean;\n}\n\nexport interface OwnershipRule {\n  ownerField: string;\n  bypassRoles?: string[];\n}\n\nexport interface RLSConfig {\n  tenantEnabled: boolean;\n  tenantField: string;\n  ownershipRules: Record<string, OwnershipRule>;\n}\n\nexport const DEFAULT_RLS_CONFIG: RLSConfig = {\n  tenantEnabled: true,\n  tenantField: \"tenantId\",\n  ownershipRules: {\n    posts: {\n      ownerField: \"authorId\",\n      bypassRoles: [\"super_admin\", \"admin\", \"editor\"],\n    },\n    pages: {\n      ownerField: \"authorId\",\n      bypassRoles: [\"super_admin\", \"admin\", \"editor\"],\n    },\n    media: {\n      ownerField: \"uploadedBy\",\n      bypassRoles: [\"super_admin\", \"admin\", \"editor\"],\n    },\n    orders: {\n      ownerField: \"customerId\",\n      bypassRoles: [\"super_admin\", \"admin\", \"editor\"],\n    },\n    customers: { ownerField: \"id\", bypassRoles: [\"super_admin\", \"admin\"] },\n    navigation: { ownerField: \"id\", bypassRoles: [\"super_admin\", \"admin\"] },\n  },\n};\n\nexport function createTenantContext(user: AuthUser | undefined): TenantContext {\n  if (!user) {\n    return {\n      tenantId: \"public\",\n      userId: \"anonymous\",\n      role: \"guest\",\n      roles: [\"guest\"],\n      permissions: [],\n      isSuperAdmin: false,\n    };\n  }\n\n  const isSuperAdmin = user.role === \"super_admin\";\n\n  return {\n    tenantId: user.tenantId || \"default\",\n    userId: user.id,\n    role: user.role,\n    roles: [user.role],\n    permissions: [],\n    isSuperAdmin,\n  };\n}\n\nexport function addTenantFilter<T extends Record<string, any>>(\n  query: T,\n  context: TenantContext,\n  config: RLSConfig = DEFAULT_RLS_CONFIG,\n): T {\n  if (!config.tenantEnabled || context.isSuperAdmin) {\n    return query;\n  }\n\n  return {\n    ...query,\n    where: {\n      ...query.where,\n      [config.tenantField]: context.tenantId,\n    },\n  };\n}\n\nexport function applyOwnershipRule(\n  query: Record<string, any>,\n  collection: string,\n  context: TenantContext,\n  config: RLSConfig = DEFAULT_RLS_CONFIG,\n): Record<string, any> {\n  const rule = config.ownershipRules[collection];\n\n  if (!rule) {\n    return query;\n  }\n\n  if (\n    rule.bypassRoles &&\n    hasAnyRole({ role: context.role } as AuthUser, rule.bypassRoles)\n  ) {\n    return query;\n  }\n\n  if (rule.ownerField === \"id\" && context.userId) {\n    return {\n      ...query,\n      where: {\n        ...query.where,\n        id: context.userId,\n      },\n    };\n  }\n\n  if (rule.ownerField && context.userId) {\n    return {\n      ...query,\n      where: {\n        ...query.where,\n        [rule.ownerField]: context.userId,\n      },\n    };\n  }\n\n  return query;\n}\n\nexport function applyRLS<T extends Record<string, any>>(\n  query: T,\n  collection: string,\n  context: TenantContext,\n  config: RLSConfig = DEFAULT_RLS_CONFIG,\n): T {\n  let result = query;\n\n  result = addTenantFilter(result, context, config) as T;\n\n  result = applyOwnershipRule(result, collection, context, config) as T;\n\n  return result;\n}\n\nexport function canAccessDocument(\n  doc: Record<string, any>,\n  collection: string,\n  context: TenantContext,\n  config: RLSConfig = DEFAULT_RLS_CONFIG,\n): boolean {\n  if (context.isSuperAdmin) {\n    return true;\n  }\n\n  if (config.tenantEnabled && doc[config.tenantField] !== context.tenantId) {\n    return false;\n  }\n\n  const rule = config.ownershipRules[collection];\n\n  if (!rule) {\n    return true;\n  }\n\n  if (\n    rule.bypassRoles &&\n    hasAnyRole({ role: context.role } as AuthUser, rule.bypassRoles)\n  ) {\n    return true;\n  }\n\n  if (rule.ownerField === \"id\") {\n    return doc.id === context.userId;\n  }\n\n  if (rule.ownerField) {\n    return doc[rule.ownerField] === context.userId;\n  }\n\n  return true;\n}\n\nexport function filterDocumentsByRLS(\n  docs: Record<string, any>[],\n  collection: string,\n  context: TenantContext,\n  config: RLSConfig = DEFAULT_RLS_CONFIG,\n): Record<string, any>[] {\n  if (context.isSuperAdmin) {\n    return docs;\n  }\n\n  return docs.filter((doc) =>\n    canAccessDocument(doc, collection, context, config),\n  );\n}\n\nexport function sanitizeDocumentByRLS(\n  doc: Record<string, any>,\n  collection: string,\n  context: TenantContext,\n  config: RLSConfig = DEFAULT_RLS_CONFIG,\n): Record<string, any> | null {\n  if (!canAccessDocument(doc, collection, context, config)) {\n    return null;\n  }\n\n  if (config.tenantEnabled && !context.isSuperAdmin) {\n    const { [config.tenantField]: _, ...rest } = doc;\n    return rest;\n  }\n\n  return doc;\n}\n\nexport class RLSPolicy {\n  private config: RLSConfig;\n\n  constructor(config: RLSConfig = DEFAULT_RLS_CONFIG) {\n    this.config = config;\n  }\n\n  setConfig(config: RLSConfig): void {\n    this.config = config;\n  }\n\n  getConfig(): RLSConfig {\n    return this.config;\n  }\n\n  addOwnershipRule(collection: string, rule: OwnershipRule): void {\n    this.config.ownershipRules[collection] = rule;\n  }\n\n  removeOwnershipRule(collection: string): void {\n    delete this.config.ownershipRules[collection];\n  }\n\n  createContext(user: AuthUser | undefined): TenantContext {\n    return createTenantContext(user);\n  }\n\n  apply<T extends Record<string, any>>(\n    query: T,\n    collection: string,\n    context: TenantContext,\n  ): T {\n    return applyRLS(query, collection, context, this.config);\n  }\n\n  canAccess(\n    doc: Record<string, any>,\n    collection: string,\n    context: TenantContext,\n  ): boolean {\n    return canAccessDocument(doc, collection, context, this.config);\n  }\n\n  filter(\n    docs: Record<string, any>[],\n    collection: string,\n    context: TenantContext,\n  ): Record<string, any>[] {\n    return filterDocumentsByRLS(docs, collection, context, this.config);\n  }\n\n  sanitize(\n    doc: Record<string, any>,\n    collection: string,\n    context: TenantContext,\n  ): Record<string, any> | null {\n    return sanitizeDocumentByRLS(doc, collection, context, this.config);\n  }\n}\n"]}