@mordn/chat-widget 0.7.0 → 0.8.0

package/dist/server/supabase/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/server/stores/supabase/index.ts","../../../src/server/stores/supabase/storage.ts"],"sourcesContent":["/**\n * Default Supabase Storage adapter — public entry.\n *\n * Imported via `@mordn/chat-widget/server/supabase` so a BYO-storage consumer\n * never pulls `@supabase/supabase-js` into their bundle.\n *\n *   import { createSupabaseStorage } from '@mordn/chat-widget/server/supabase';\n *   createChatHandler({ storage: createSupabaseStorage(), ... });\n */\nimport 'server-only';\n\nexport { createSupabaseStorage, type SupabaseStorageOptions } from './storage';\n","/**\n * Default StorageAdapter implementation, on Supabase Storage.\n *\n * This ships the *correct* attachment security model as the default — the one\n * the original scaffold got wrong. It is one implementation of the\n * `StorageAdapter` interface; a BYO adapter (S3/R2/GCS) is equally valid.\n *\n * The three interface rules, as implemented here:\n *\n *   1. PRIVATE AT REST — the bucket must be created as a *private* bucket in\n *      Supabase. We never call `getPublicUrl`. (If the bucket is public, that\n *      is a host-app misconfiguration; this adapter never relies on it.)\n *\n *   2. SIGNED, SHORT-LIVED READS — `upload` and `resign` return\n *      `createSignedUrl` results with a bounded TTL.\n *\n *   3. USER-NAMESPACED, UNGUESSABLE PATHS — every path is\n *      `<userId>/<conversationId>/<randomUUID>/<safeFilename>`. The adapter is\n *      bound to one verified user and derives the path itself, so an upload\n *      cannot land in another user's namespace. `resign`/`remove` refuse paths\n *      outside the bound user's prefix.\n */\n\nimport 'server-only';\nimport { createClient, type SupabaseClient } from '@supabase/supabase-js';\n\nimport type {\n  StorageAdapter,\n  UploadInput,\n  UploadResult,\n} from '../../storage-adapter';\n\nconst DEFAULT_BUCKET = 'chat-attachments';\n// Short by design: the upload URL is used within seconds (model fetch +\n// thumbnail), and history reloads re-sign on demand. One hour is a generous\n// ceiling that still bounds the exposure of a leaked URL.\nconst DEFAULT_SIGNED_TTL_SECONDS = 60 * 60;\n\nexport interface SupabaseStorageOptions {\n  /** Supabase project URL. Defaults to `process.env.NEXT_PUBLIC_SUPABASE_URL`. */\n  supabaseUrl?: string;\n  /**\n   * Service-role key. Required — signing + private writes need it. Defaults to\n   * `process.env.SUPABASE_SERVICE_ROLE_KEY`. NEVER expose this to the client;\n   * this adapter only ever runs server-side (guarded by `server-only`).\n   */\n  serviceRoleKey?: string;\n  /** Storage bucket name. Defaults to `chat-attachments`. Must be PRIVATE. */\n  bucket?: string;\n  /** Signed-URL TTL in seconds. Defaults to 3600 (1 hour). */\n  signedUrlTtlSeconds?: number;\n}\n\n/** Strip anything that could break a storage path; clamp length. */\nfunction safeFilename(name: string): string {\n  const cleaned = name.replace(/[^a-zA-Z0-9._-]/g, '_').slice(0, 80);\n  return cleaned.length ? cleaned : 'file';\n}\n\nclass SupabaseStorageAdapter implements StorageAdapter {\n  private readonly bucket: string;\n  private readonly ttl: number;\n  /** Path prefix this adapter is allowed to touch: `<userId>/`. */\n  private readonly userPrefix: string;\n\n  constructor(\n    public readonly userId: string,\n    private readonly client: SupabaseClient,\n    bucket: string,\n    ttl: number,\n  ) {\n    this.bucket = bucket;\n    this.ttl = ttl;\n    this.userPrefix = `${userId}/`;\n  }\n\n  /** Guard: a path is only operable if it lives under the bound user's prefix. */\n  private ownsPath(storagePath: string): boolean {\n    return storagePath.startsWith(this.userPrefix) && !storagePath.includes('..');\n  }\n\n  async upload(input: UploadInput): Promise<UploadResult> {\n    const token = crypto.randomUUID();\n    const filename = safeFilename(input.filename);\n    const conversationSegment = input.conversationId\n      ? safeFilename(input.conversationId)\n      : 'unfiled';\n    // Path is fully derived from the bound userId — callers can't inject it.\n    const path = `${this.userId}/${conversationSegment}/${token}/${filename}`;\n\n    const body =\n      input.data instanceof Uint8Array ? input.data : new Uint8Array(input.data);\n\n    const { error: uploadError } = await this.client.storage\n      .from(this.bucket)\n      .upload(path, body, {\n        contentType: input.mediaType,\n        cacheControl: '3600',\n        upsert: false,\n      });\n    if (uploadError) {\n      throw new Error(`[chat-widget] storage upload failed: ${uploadError.message}`);\n    }\n\n    const url = await this.signOrThrow(path);\n    return {\n      storagePath: path,\n      url,\n      filename: input.filename,\n      mediaType: input.mediaType,\n      size: input.size,\n    };\n  }\n\n  async resign(storagePath: string): Promise<string | null> {\n    // Refuse to sign anything outside the bound user's namespace.\n    if (!this.ownsPath(storagePath)) return null;\n    const { data, error } = await this.client.storage\n      .from(this.bucket)\n      .createSignedUrl(storagePath, this.ttl);\n    if (error || !data?.signedUrl) return null;\n    return data.signedUrl;\n  }\n\n  async remove(storagePath: string): Promise<void> {\n    if (!this.ownsPath(storagePath)) return; // never delete outside the user's prefix\n    // Supabase remove is idempotent — removing a missing object is not an error.\n    await this.client.storage.from(this.bucket).remove([storagePath]);\n  }\n\n  private async signOrThrow(path: string): Promise<string> {\n    const { data, error } = await this.client.storage\n      .from(this.bucket)\n      .createSignedUrl(path, this.ttl);\n    if (error || !data?.signedUrl) {\n      throw new Error(\n        `[chat-widget] failed to sign URL${error ? `: ${error.message}` : ''}`,\n      );\n    }\n    return data.signedUrl;\n  }\n}\n\n/**\n * Create a `StorageAdapterFactory` backed by Supabase Storage.\n *\n * Pass to `createChatHandler({ storage: createSupabaseStorage() })`. Requires\n * a PRIVATE `chat-attachments` bucket (or whatever `bucket` you name) and the\n * service-role key. Each adapter instance is bound to the verified `userId`\n * the handler provides per request; the Supabase client is shared.\n */\nexport function createSupabaseStorage(options: SupabaseStorageOptions = {}) {\n  const supabaseUrl = options.supabaseUrl ?? process.env.NEXT_PUBLIC_SUPABASE_URL;\n  const serviceRoleKey = options.serviceRoleKey ?? process.env.SUPABASE_SERVICE_ROLE_KEY;\n  if (!supabaseUrl || !serviceRoleKey) {\n    throw new Error(\n      '[chat-widget] createSupabaseStorage needs NEXT_PUBLIC_SUPABASE_URL and ' +\n        'SUPABASE_SERVICE_ROLE_KEY (or explicit options).',\n    );\n  }\n  const bucket = options.bucket ?? DEFAULT_BUCKET;\n  const ttl = options.signedUrlTtlSeconds ?? DEFAULT_SIGNED_TTL_SECONDS;\n  // One shared client; auth disabled (we use the service-role key directly).\n  const client = createClient(supabaseUrl, serviceRoleKey, {\n    auth: { persistSession: false, autoRefreshToken: false },\n  });\n\n  return (userId: string): StorageAdapter =>\n    new SupabaseStorageAdapter(userId, client, bucket, ttl);\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AASA,IAAAA,sBAAO;;;ACcP,yBAAO;AACP,yBAAkD;AAQlD,IAAM,iBAAiB;AAIvB,IAAM,6BAA6B,KAAK;AAkBxC,SAAS,aAAa,MAAsB;AAC1C,QAAM,UAAU,KAAK,QAAQ,oBAAoB,GAAG,EAAE,MAAM,GAAG,EAAE;AACjE,SAAO,QAAQ,SAAS,UAAU;AACpC;AAEA,IAAM,yBAAN,MAAuD;AAAA,EAMrD,YACkB,QACC,QACjB,QACA,KACA;AAJgB;AACC;AAIjB,SAAK,SAAS;AACd,SAAK,MAAM;AACX,SAAK,aAAa,GAAG,MAAM;AAAA,EAC7B;AAAA;AAAA,EAGQ,SAAS,aAA8B;AAC7C,WAAO,YAAY,WAAW,KAAK,UAAU,KAAK,CAAC,YAAY,SAAS,IAAI;AAAA,EAC9E;AAAA,EAEA,MAAM,OAAO,OAA2C;AACtD,UAAM,QAAQ,OAAO,WAAW;AAChC,UAAM,WAAW,aAAa,MAAM,QAAQ;AAC5C,UAAM,sBAAsB,MAAM,iBAC9B,aAAa,MAAM,cAAc,IACjC;AAEJ,UAAM,OAAO,GAAG,KAAK,MAAM,IAAI,mBAAmB,IAAI,KAAK,IAAI,QAAQ;AAEvE,UAAM,OACJ,MAAM,gBAAgB,aAAa,MAAM,OAAO,IAAI,WAAW,MAAM,IAAI;AAE3E,UAAM,EAAE,OAAO,YAAY,IAAI,MAAM,KAAK,OAAO,QAC9C,KAAK,KAAK,MAAM,EAChB,OAAO,MAAM,MAAM;AAAA,MAClB,aAAa,MAAM;AAAA,MACnB,cAAc;AAAA,MACd,QAAQ;AAAA,IACV,CAAC;AACH,QAAI,aAAa;AACf,YAAM,IAAI,MAAM,wCAAwC,YAAY,OAAO,EAAE;AAAA,IAC/E;AAEA,UAAM,MAAM,MAAM,KAAK,YAAY,IAAI;AACvC,WAAO;AAAA,MACL,aAAa;AAAA,MACb;AAAA,MACA,UAAU,MAAM;AAAA,MAChB,WAAW,MAAM;AAAA,MACjB,MAAM,MAAM;AAAA,IACd;AAAA,EACF;AAAA,EAEA,MAAM,OAAO,aAA6C;AAExD,QAAI,CAAC,KAAK,SAAS,WAAW,EAAG,QAAO;AACxC,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,KAAK,OAAO,QACvC,KAAK,KAAK,MAAM,EAChB,gBAAgB,aAAa,KAAK,GAAG;AACxC,QAAI,SAAS,CAAC,MAAM,UAAW,QAAO;AACtC,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,MAAM,OAAO,aAAoC;AAC/C,QAAI,CAAC,KAAK,SAAS,WAAW,EAAG;AAEjC,UAAM,KAAK,OAAO,QAAQ,KAAK,KAAK,MAAM,EAAE,OAAO,CAAC,WAAW,CAAC;AAAA,EAClE;AAAA,EAEA,MAAc,YAAY,MAA+B;AACvD,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,KAAK,OAAO,QACvC,KAAK,KAAK,MAAM,EAChB,gBAAgB,MAAM,KAAK,GAAG;AACjC,QAAI,SAAS,CAAC,MAAM,WAAW;AAC7B,YAAM,IAAI;AAAA,QACR,mCAAmC,QAAQ,KAAK,MAAM,OAAO,KAAK,EAAE;AAAA,MACtE;AAAA,IACF;AACA,WAAO,KAAK;AAAA,EACd;AACF;AAUO,SAAS,sBAAsB,UAAkC,CAAC,GAAG;AAC1E,QAAM,cAAc,QAAQ,eAAe,QAAQ,IAAI;AACvD,QAAM,iBAAiB,QAAQ,kBAAkB,QAAQ,IAAI;AAC7D,MAAI,CAAC,eAAe,CAAC,gBAAgB;AACnC,UAAM,IAAI;AAAA,MACR;AAAA,IAEF;AAAA,EACF;AACA,QAAM,SAAS,QAAQ,UAAU;AACjC,QAAM,MAAM,QAAQ,uBAAuB;AAE3C,QAAM,aAAS,iCAAa,aAAa,gBAAgB;AAAA,IACvD,MAAM,EAAE,gBAAgB,OAAO,kBAAkB,MAAM;AAAA,EACzD,CAAC;AAED,SAAO,CAAC,WACN,IAAI,uBAAuB,QAAQ,QAAQ,QAAQ,GAAG;AAC1D;","names":["import_server_only"]}

package/dist/server/supabase/index.mjs

@@ -0,0 +1,86 @@
+// src/server/stores/supabase/index.ts
+import "server-only";
+
+// src/server/stores/supabase/storage.ts
+import "server-only";
+import { createClient } from "@supabase/supabase-js";
+var DEFAULT_BUCKET = "chat-attachments";
+var DEFAULT_SIGNED_TTL_SECONDS = 60 * 60;
+function safeFilename(name) {
+  const cleaned = name.replace(/[^a-zA-Z0-9._-]/g, "_").slice(0, 80);
+  return cleaned.length ? cleaned : "file";
+}
+var SupabaseStorageAdapter = class {
+  constructor(userId, client, bucket, ttl) {
+    this.userId = userId;
+    this.client = client;
+    this.bucket = bucket;
+    this.ttl = ttl;
+    this.userPrefix = `${userId}/`;
+  }
+  /** Guard: a path is only operable if it lives under the bound user's prefix. */
+  ownsPath(storagePath) {
+    return storagePath.startsWith(this.userPrefix) && !storagePath.includes("..");
+  }
+  async upload(input) {
+    const token = crypto.randomUUID();
+    const filename = safeFilename(input.filename);
+    const conversationSegment = input.conversationId ? safeFilename(input.conversationId) : "unfiled";
+    const path = `${this.userId}/${conversationSegment}/${token}/${filename}`;
+    const body = input.data instanceof Uint8Array ? input.data : new Uint8Array(input.data);
+    const { error: uploadError } = await this.client.storage.from(this.bucket).upload(path, body, {
+      contentType: input.mediaType,
+      cacheControl: "3600",
+      upsert: false
+    });
+    if (uploadError) {
+      throw new Error(`[chat-widget] storage upload failed: ${uploadError.message}`);
+    }
+    const url = await this.signOrThrow(path);
+    return {
+      storagePath: path,
+      url,
+      filename: input.filename,
+      mediaType: input.mediaType,
+      size: input.size
+    };
+  }
+  async resign(storagePath) {
+    if (!this.ownsPath(storagePath)) return null;
+    const { data, error } = await this.client.storage.from(this.bucket).createSignedUrl(storagePath, this.ttl);
+    if (error || !data?.signedUrl) return null;
+    return data.signedUrl;
+  }
+  async remove(storagePath) {
+    if (!this.ownsPath(storagePath)) return;
+    await this.client.storage.from(this.bucket).remove([storagePath]);
+  }
+  async signOrThrow(path) {
+    const { data, error } = await this.client.storage.from(this.bucket).createSignedUrl(path, this.ttl);
+    if (error || !data?.signedUrl) {
+      throw new Error(
+        `[chat-widget] failed to sign URL${error ? `: ${error.message}` : ""}`
+      );
+    }
+    return data.signedUrl;
+  }
+};
+function createSupabaseStorage(options = {}) {
+  const supabaseUrl = options.supabaseUrl ?? process.env.NEXT_PUBLIC_SUPABASE_URL;
+  const serviceRoleKey = options.serviceRoleKey ?? process.env.SUPABASE_SERVICE_ROLE_KEY;
+  if (!supabaseUrl || !serviceRoleKey) {
+    throw new Error(
+      "[chat-widget] createSupabaseStorage needs NEXT_PUBLIC_SUPABASE_URL and SUPABASE_SERVICE_ROLE_KEY (or explicit options)."
+    );
+  }
+  const bucket = options.bucket ?? DEFAULT_BUCKET;
+  const ttl = options.signedUrlTtlSeconds ?? DEFAULT_SIGNED_TTL_SECONDS;
+  const client = createClient(supabaseUrl, serviceRoleKey, {
+    auth: { persistSession: false, autoRefreshToken: false }
+  });
+  return (userId) => new SupabaseStorageAdapter(userId, client, bucket, ttl);
+}
+export {
+  createSupabaseStorage
+};
+//# sourceMappingURL=index.mjs.map

package/dist/server/supabase/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/server/stores/supabase/index.ts","../../../src/server/stores/supabase/storage.ts"],"sourcesContent":["/**\n * Default Supabase Storage adapter — public entry.\n *\n * Imported via `@mordn/chat-widget/server/supabase` so a BYO-storage consumer\n * never pulls `@supabase/supabase-js` into their bundle.\n *\n *   import { createSupabaseStorage } from '@mordn/chat-widget/server/supabase';\n *   createChatHandler({ storage: createSupabaseStorage(), ... });\n */\nimport 'server-only';\n\nexport { createSupabaseStorage, type SupabaseStorageOptions } from './storage';\n","/**\n * Default StorageAdapter implementation, on Supabase Storage.\n *\n * This ships the *correct* attachment security model as the default — the one\n * the original scaffold got wrong. It is one implementation of the\n * `StorageAdapter` interface; a BYO adapter (S3/R2/GCS) is equally valid.\n *\n * The three interface rules, as implemented here:\n *\n *   1. PRIVATE AT REST — the bucket must be created as a *private* bucket in\n *      Supabase. We never call `getPublicUrl`. (If the bucket is public, that\n *      is a host-app misconfiguration; this adapter never relies on it.)\n *\n *   2. SIGNED, SHORT-LIVED READS — `upload` and `resign` return\n *      `createSignedUrl` results with a bounded TTL.\n *\n *   3. USER-NAMESPACED, UNGUESSABLE PATHS — every path is\n *      `<userId>/<conversationId>/<randomUUID>/<safeFilename>`. The adapter is\n *      bound to one verified user and derives the path itself, so an upload\n *      cannot land in another user's namespace. `resign`/`remove` refuse paths\n *      outside the bound user's prefix.\n */\n\nimport 'server-only';\nimport { createClient, type SupabaseClient } from '@supabase/supabase-js';\n\nimport type {\n  StorageAdapter,\n  UploadInput,\n  UploadResult,\n} from '../../storage-adapter';\n\nconst DEFAULT_BUCKET = 'chat-attachments';\n// Short by design: the upload URL is used within seconds (model fetch +\n// thumbnail), and history reloads re-sign on demand. One hour is a generous\n// ceiling that still bounds the exposure of a leaked URL.\nconst DEFAULT_SIGNED_TTL_SECONDS = 60 * 60;\n\nexport interface SupabaseStorageOptions {\n  /** Supabase project URL. Defaults to `process.env.NEXT_PUBLIC_SUPABASE_URL`. */\n  supabaseUrl?: string;\n  /**\n   * Service-role key. Required — signing + private writes need it. Defaults to\n   * `process.env.SUPABASE_SERVICE_ROLE_KEY`. NEVER expose this to the client;\n   * this adapter only ever runs server-side (guarded by `server-only`).\n   */\n  serviceRoleKey?: string;\n  /** Storage bucket name. Defaults to `chat-attachments`. Must be PRIVATE. */\n  bucket?: string;\n  /** Signed-URL TTL in seconds. Defaults to 3600 (1 hour). */\n  signedUrlTtlSeconds?: number;\n}\n\n/** Strip anything that could break a storage path; clamp length. */\nfunction safeFilename(name: string): string {\n  const cleaned = name.replace(/[^a-zA-Z0-9._-]/g, '_').slice(0, 80);\n  return cleaned.length ? cleaned : 'file';\n}\n\nclass SupabaseStorageAdapter implements StorageAdapter {\n  private readonly bucket: string;\n  private readonly ttl: number;\n  /** Path prefix this adapter is allowed to touch: `<userId>/`. */\n  private readonly userPrefix: string;\n\n  constructor(\n    public readonly userId: string,\n    private readonly client: SupabaseClient,\n    bucket: string,\n    ttl: number,\n  ) {\n    this.bucket = bucket;\n    this.ttl = ttl;\n    this.userPrefix = `${userId}/`;\n  }\n\n  /** Guard: a path is only operable if it lives under the bound user's prefix. */\n  private ownsPath(storagePath: string): boolean {\n    return storagePath.startsWith(this.userPrefix) && !storagePath.includes('..');\n  }\n\n  async upload(input: UploadInput): Promise<UploadResult> {\n    const token = crypto.randomUUID();\n    const filename = safeFilename(input.filename);\n    const conversationSegment = input.conversationId\n      ? safeFilename(input.conversationId)\n      : 'unfiled';\n    // Path is fully derived from the bound userId — callers can't inject it.\n    const path = `${this.userId}/${conversationSegment}/${token}/${filename}`;\n\n    const body =\n      input.data instanceof Uint8Array ? input.data : new Uint8Array(input.data);\n\n    const { error: uploadError } = await this.client.storage\n      .from(this.bucket)\n      .upload(path, body, {\n        contentType: input.mediaType,\n        cacheControl: '3600',\n        upsert: false,\n      });\n    if (uploadError) {\n      throw new Error(`[chat-widget] storage upload failed: ${uploadError.message}`);\n    }\n\n    const url = await this.signOrThrow(path);\n    return {\n      storagePath: path,\n      url,\n      filename: input.filename,\n      mediaType: input.mediaType,\n      size: input.size,\n    };\n  }\n\n  async resign(storagePath: string): Promise<string | null> {\n    // Refuse to sign anything outside the bound user's namespace.\n    if (!this.ownsPath(storagePath)) return null;\n    const { data, error } = await this.client.storage\n      .from(this.bucket)\n      .createSignedUrl(storagePath, this.ttl);\n    if (error || !data?.signedUrl) return null;\n    return data.signedUrl;\n  }\n\n  async remove(storagePath: string): Promise<void> {\n    if (!this.ownsPath(storagePath)) return; // never delete outside the user's prefix\n    // Supabase remove is idempotent — removing a missing object is not an error.\n    await this.client.storage.from(this.bucket).remove([storagePath]);\n  }\n\n  private async signOrThrow(path: string): Promise<string> {\n    const { data, error } = await this.client.storage\n      .from(this.bucket)\n      .createSignedUrl(path, this.ttl);\n    if (error || !data?.signedUrl) {\n      throw new Error(\n        `[chat-widget] failed to sign URL${error ? `: ${error.message}` : ''}`,\n      );\n    }\n    return data.signedUrl;\n  }\n}\n\n/**\n * Create a `StorageAdapterFactory` backed by Supabase Storage.\n *\n * Pass to `createChatHandler({ storage: createSupabaseStorage() })`. Requires\n * a PRIVATE `chat-attachments` bucket (or whatever `bucket` you name) and the\n * service-role key. Each adapter instance is bound to the verified `userId`\n * the handler provides per request; the Supabase client is shared.\n */\nexport function createSupabaseStorage(options: SupabaseStorageOptions = {}) {\n  const supabaseUrl = options.supabaseUrl ?? process.env.NEXT_PUBLIC_SUPABASE_URL;\n  const serviceRoleKey = options.serviceRoleKey ?? process.env.SUPABASE_SERVICE_ROLE_KEY;\n  if (!supabaseUrl || !serviceRoleKey) {\n    throw new Error(\n      '[chat-widget] createSupabaseStorage needs NEXT_PUBLIC_SUPABASE_URL and ' +\n        'SUPABASE_SERVICE_ROLE_KEY (or explicit options).',\n    );\n  }\n  const bucket = options.bucket ?? DEFAULT_BUCKET;\n  const ttl = options.signedUrlTtlSeconds ?? DEFAULT_SIGNED_TTL_SECONDS;\n  // One shared client; auth disabled (we use the service-role key directly).\n  const client = createClient(supabaseUrl, serviceRoleKey, {\n    auth: { persistSession: false, autoRefreshToken: false },\n  });\n\n  return (userId: string): StorageAdapter =>\n    new SupabaseStorageAdapter(userId, client, bucket, ttl);\n}\n"],"mappings":";AASA,OAAO;;;ACcP,OAAO;AACP,SAAS,oBAAyC;AAQlD,IAAM,iBAAiB;AAIvB,IAAM,6BAA6B,KAAK;AAkBxC,SAAS,aAAa,MAAsB;AAC1C,QAAM,UAAU,KAAK,QAAQ,oBAAoB,GAAG,EAAE,MAAM,GAAG,EAAE;AACjE,SAAO,QAAQ,SAAS,UAAU;AACpC;AAEA,IAAM,yBAAN,MAAuD;AAAA,EAMrD,YACkB,QACC,QACjB,QACA,KACA;AAJgB;AACC;AAIjB,SAAK,SAAS;AACd,SAAK,MAAM;AACX,SAAK,aAAa,GAAG,MAAM;AAAA,EAC7B;AAAA;AAAA,EAGQ,SAAS,aAA8B;AAC7C,WAAO,YAAY,WAAW,KAAK,UAAU,KAAK,CAAC,YAAY,SAAS,IAAI;AAAA,EAC9E;AAAA,EAEA,MAAM,OAAO,OAA2C;AACtD,UAAM,QAAQ,OAAO,WAAW;AAChC,UAAM,WAAW,aAAa,MAAM,QAAQ;AAC5C,UAAM,sBAAsB,MAAM,iBAC9B,aAAa,MAAM,cAAc,IACjC;AAEJ,UAAM,OAAO,GAAG,KAAK,MAAM,IAAI,mBAAmB,IAAI,KAAK,IAAI,QAAQ;AAEvE,UAAM,OACJ,MAAM,gBAAgB,aAAa,MAAM,OAAO,IAAI,WAAW,MAAM,IAAI;AAE3E,UAAM,EAAE,OAAO,YAAY,IAAI,MAAM,KAAK,OAAO,QAC9C,KAAK,KAAK,MAAM,EAChB,OAAO,MAAM,MAAM;AAAA,MAClB,aAAa,MAAM;AAAA,MACnB,cAAc;AAAA,MACd,QAAQ;AAAA,IACV,CAAC;AACH,QAAI,aAAa;AACf,YAAM,IAAI,MAAM,wCAAwC,YAAY,OAAO,EAAE;AAAA,IAC/E;AAEA,UAAM,MAAM,MAAM,KAAK,YAAY,IAAI;AACvC,WAAO;AAAA,MACL,aAAa;AAAA,MACb;AAAA,MACA,UAAU,MAAM;AAAA,MAChB,WAAW,MAAM;AAAA,MACjB,MAAM,MAAM;AAAA,IACd;AAAA,EACF;AAAA,EAEA,MAAM,OAAO,aAA6C;AAExD,QAAI,CAAC,KAAK,SAAS,WAAW,EAAG,QAAO;AACxC,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,KAAK,OAAO,QACvC,KAAK,KAAK,MAAM,EAChB,gBAAgB,aAAa,KAAK,GAAG;AACxC,QAAI,SAAS,CAAC,MAAM,UAAW,QAAO;AACtC,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,MAAM,OAAO,aAAoC;AAC/C,QAAI,CAAC,KAAK,SAAS,WAAW,EAAG;AAEjC,UAAM,KAAK,OAAO,QAAQ,KAAK,KAAK,MAAM,EAAE,OAAO,CAAC,WAAW,CAAC;AAAA,EAClE;AAAA,EAEA,MAAc,YAAY,MAA+B;AACvD,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,KAAK,OAAO,QACvC,KAAK,KAAK,MAAM,EAChB,gBAAgB,MAAM,KAAK,GAAG;AACjC,QAAI,SAAS,CAAC,MAAM,WAAW;AAC7B,YAAM,IAAI;AAAA,QACR,mCAAmC,QAAQ,KAAK,MAAM,OAAO,KAAK,EAAE;AAAA,MACtE;AAAA,IACF;AACA,WAAO,KAAK;AAAA,EACd;AACF;AAUO,SAAS,sBAAsB,UAAkC,CAAC,GAAG;AAC1E,QAAM,cAAc,QAAQ,eAAe,QAAQ,IAAI;AACvD,QAAM,iBAAiB,QAAQ,kBAAkB,QAAQ,IAAI;AAC7D,MAAI,CAAC,eAAe,CAAC,gBAAgB;AACnC,UAAM,IAAI;AAAA,MACR;AAAA,IAEF;AAAA,EACF;AACA,QAAM,SAAS,QAAQ,UAAU;AACjC,QAAM,MAAM,QAAQ,uBAAuB;AAE3C,QAAM,SAAS,aAAa,aAAa,gBAAgB;AAAA,IACvD,MAAM,EAAE,gBAAgB,OAAO,kBAAkB,MAAM;AAAA,EACzD,CAAC;AAED,SAAO,CAAC,WACN,IAAI,uBAAuB,QAAQ,QAAQ,QAAQ,GAAG;AAC1D;","names":[]}

package/dist/storage-adapter-DD8uqiAP.d.mts

@@ -0,0 +1,126 @@
+/**
+ * StorageAdapter — the attachment-storage contract for the widget.
+ *
+ * Attachments (images, PDFs the user drops into chat) are the second
+ * pluggable backend, distinct from `ChatStore`. The connection/bucket is the
+ * host app's (their Supabase bucket, their S3/R2, or — on the hosted tier —
+ * ours), but the *security model* around it is owned by the package and
+ * encoded here, because getting it wrong is a data leak and the original
+ * scaffold got it wrong (it used a public bucket with permanent URLs).
+ *
+ * ──────────────────────────────────────────────────────────────────────────
+ * Three rules every implementation MUST follow. They are the security model.
+ * ──────────────────────────────────────────────────────────────────────────
+ *
+ * 1. PRIVATE AT REST. Stored objects must NOT be publicly readable. No
+ *    public bucket, no permanent public URL. The only way to read an object
+ *    is through a signed, expiring URL this adapter mints.
+ *
+ * 2. SIGNED, SHORT-LIVED READS. `upload` and `resign` return URLs that
+ *    expire. A leaked URL stops working; it is not a forever-handle to the
+ *    file. Expiry is the adapter's choice but should be short (minutes to a
+ *    few hours) — long enough for the model to fetch the file mid-turn and
+ *    for the user to see the thumbnail, short enough to bound exposure.
+ *    History rehydration re-signs on demand (see `resign`), so short expiry
+ *    costs nothing in UX.
+ *
+ * 3. USER-NAMESPACED, UNGUESSABLE PATHS. The adapter is *bound to one
+ *    verified user* (like `ChatStore`). It derives the storage path itself
+ *    from its bound `userId` — callers never supply the full path — so an
+ *    upload cannot be aimed into another user's namespace. Paths include a
+ *    random segment so they're unguessable even if a bucket were
+ *    accidentally made listable.
+ *
+ * Because the adapter is user-bound, the IDOR-resistance argument from
+ * `ChatStore` applies identically here: there is no parameter through which a
+ * foreign user id or a fully-attacker-controlled path can enter.
+ */
+/**
+ * A file presented for upload. Framework-agnostic: the router adapts the
+ * incoming multipart `File`/`Blob` into this shape so the adapter never has
+ * to know about Web `FormData` or Node streams.
+ */
+interface UploadInput {
+    /** Raw bytes of the file. */
+    data: ArrayBuffer | Uint8Array;
+    /** Original filename (used for display + to derive a safe path segment). */
+    filename: string;
+    /** MIME type the client claimed. The router validates it against the
+     *  allow-list BEFORE calling upload; the adapter may re-check defensively. */
+    mediaType: string;
+    /** Size in bytes. The router enforces the size cap before calling upload. */
+    size: number;
+    /**
+     * The conversation this attachment belongs to. Used only as a path segment
+     * for organisation — NOT as an ownership signal (ownership comes from the
+     * adapter's bound user). Optional; falls back to an "unfiled" segment.
+     */
+    conversationId?: string;
+}
+/**
+ * The result of a successful upload — exactly the fields the client needs to
+ * render the attachment and the system needs to re-sign it later. Shaped to
+ * map directly onto an AI SDK file part plus our durable `storagePath`.
+ */
+interface UploadResult {
+    /** Durable, opaque pointer for re-signing. Persisted on the message part. */
+    storagePath: string;
+    /** Freshly-signed, expiring URL for immediate use (model fetch + preview). */
+    url: string;
+    /** Echoed back for convenience. */
+    filename: string;
+    mediaType: string;
+    size: number;
+}
+interface StorageAdapter {
+    /**
+     * The user this adapter is bound to. Read-only; set at construction. The
+     * adapter uses it to namespace every path it writes.
+     */
+    readonly userId: string;
+    /**
+     * Store a file and return a signed URL plus its durable `storagePath`.
+     *
+     * The adapter:
+     *  - derives the path from its bound `userId` + a random segment + a
+     *    sanitised filename (callers cannot inject an absolute/foreign path),
+     *  - writes the bytes to private storage,
+     *  - mints and returns a short-lived signed URL.
+     *
+     * Throws on storage failure so the router can return a clean 5xx rather
+     * than handing the client a half-uploaded attachment.
+     */
+    upload(input: UploadInput): Promise<UploadResult>;
+    /**
+     * Mint a fresh signed URL for an already-stored object, given the
+     * `storagePath` returned by a prior `upload`.
+     *
+     * This is what makes short expiry on `upload` safe: when an old
+     * conversation is reloaded, the router calls `resign` for each attachment
+     * so the user always gets a live URL. It is a first-class operation, not a
+     * TODO — the absence of this method in the original design forced every
+     * consumer to reinvent it.
+     *
+     * Security: the adapter MUST verify the path belongs to its bound user's
+     * namespace before signing, and return `null` if it does not (or if the
+     * object is missing). A `null` here means "render a broken/expired
+     * thumbnail", never "throw away the whole history" — so one missing blob
+     * can't take down a conversation load.
+     */
+    resign(storagePath: string): Promise<string | null>;
+    /**
+     * Permanently delete a stored object by `storagePath`. Used when a
+     * conversation is deleted. MUST verify the path is in the bound user's
+     * namespace before deleting. No-op (does not throw) if the object is
+     * already gone — delete is idempotent.
+     */
+    remove(storagePath: string): Promise<void>;
+}
+/**
+ * Constructs a `StorageAdapter` bound to a specific, already-verified user —
+ * same trust rules as `ChatStoreFactory`. `userId` must come from the server
+ * session, never from request input.
+ */
+type StorageAdapterFactory = (userId: string) => StorageAdapter;
+
+export type { StorageAdapter as S, UploadInput as U, StorageAdapterFactory as a, UploadResult as b };

package/dist/storage-adapter-DD8uqiAP.d.ts

@@ -0,0 +1,126 @@
+/**
+ * StorageAdapter — the attachment-storage contract for the widget.
+ *
+ * Attachments (images, PDFs the user drops into chat) are the second
+ * pluggable backend, distinct from `ChatStore`. The connection/bucket is the
+ * host app's (their Supabase bucket, their S3/R2, or — on the hosted tier —
+ * ours), but the *security model* around it is owned by the package and
+ * encoded here, because getting it wrong is a data leak and the original
+ * scaffold got it wrong (it used a public bucket with permanent URLs).
+ *
+ * ──────────────────────────────────────────────────────────────────────────
+ * Three rules every implementation MUST follow. They are the security model.
+ * ──────────────────────────────────────────────────────────────────────────
+ *
+ * 1. PRIVATE AT REST. Stored objects must NOT be publicly readable. No
+ *    public bucket, no permanent public URL. The only way to read an object
+ *    is through a signed, expiring URL this adapter mints.
+ *
+ * 2. SIGNED, SHORT-LIVED READS. `upload` and `resign` return URLs that
+ *    expire. A leaked URL stops working; it is not a forever-handle to the
+ *    file. Expiry is the adapter's choice but should be short (minutes to a
+ *    few hours) — long enough for the model to fetch the file mid-turn and
+ *    for the user to see the thumbnail, short enough to bound exposure.
+ *    History rehydration re-signs on demand (see `resign`), so short expiry
+ *    costs nothing in UX.
+ *
+ * 3. USER-NAMESPACED, UNGUESSABLE PATHS. The adapter is *bound to one
+ *    verified user* (like `ChatStore`). It derives the storage path itself
+ *    from its bound `userId` — callers never supply the full path — so an
+ *    upload cannot be aimed into another user's namespace. Paths include a
+ *    random segment so they're unguessable even if a bucket were
+ *    accidentally made listable.
+ *
+ * Because the adapter is user-bound, the IDOR-resistance argument from
+ * `ChatStore` applies identically here: there is no parameter through which a
+ * foreign user id or a fully-attacker-controlled path can enter.
+ */
+/**
+ * A file presented for upload. Framework-agnostic: the router adapts the
+ * incoming multipart `File`/`Blob` into this shape so the adapter never has
+ * to know about Web `FormData` or Node streams.
+ */
+interface UploadInput {
+    /** Raw bytes of the file. */
+    data: ArrayBuffer | Uint8Array;
+    /** Original filename (used for display + to derive a safe path segment). */
+    filename: string;
+    /** MIME type the client claimed. The router validates it against the
+     *  allow-list BEFORE calling upload; the adapter may re-check defensively. */
+    mediaType: string;
+    /** Size in bytes. The router enforces the size cap before calling upload. */
+    size: number;
+    /**
+     * The conversation this attachment belongs to. Used only as a path segment
+     * for organisation — NOT as an ownership signal (ownership comes from the
+     * adapter's bound user). Optional; falls back to an "unfiled" segment.
+     */
+    conversationId?: string;
+}
+/**
+ * The result of a successful upload — exactly the fields the client needs to
+ * render the attachment and the system needs to re-sign it later. Shaped to
+ * map directly onto an AI SDK file part plus our durable `storagePath`.
+ */
+interface UploadResult {
+    /** Durable, opaque pointer for re-signing. Persisted on the message part. */
+    storagePath: string;
+    /** Freshly-signed, expiring URL for immediate use (model fetch + preview). */
+    url: string;
+    /** Echoed back for convenience. */
+    filename: string;
+    mediaType: string;
+    size: number;
+}
+interface StorageAdapter {
+    /**
+     * The user this adapter is bound to. Read-only; set at construction. The
+     * adapter uses it to namespace every path it writes.
+     */
+    readonly userId: string;
+    /**
+     * Store a file and return a signed URL plus its durable `storagePath`.
+     *
+     * The adapter:
+     *  - derives the path from its bound `userId` + a random segment + a
+     *    sanitised filename (callers cannot inject an absolute/foreign path),
+     *  - writes the bytes to private storage,
+     *  - mints and returns a short-lived signed URL.
+     *
+     * Throws on storage failure so the router can return a clean 5xx rather
+     * than handing the client a half-uploaded attachment.
+     */
+    upload(input: UploadInput): Promise<UploadResult>;
+    /**
+     * Mint a fresh signed URL for an already-stored object, given the
+     * `storagePath` returned by a prior `upload`.
+     *
+     * This is what makes short expiry on `upload` safe: when an old
+     * conversation is reloaded, the router calls `resign` for each attachment
+     * so the user always gets a live URL. It is a first-class operation, not a
+     * TODO — the absence of this method in the original design forced every
+     * consumer to reinvent it.
+     *
+     * Security: the adapter MUST verify the path belongs to its bound user's
+     * namespace before signing, and return `null` if it does not (or if the
+     * object is missing). A `null` here means "render a broken/expired
+     * thumbnail", never "throw away the whole history" — so one missing blob
+     * can't take down a conversation load.
+     */
+    resign(storagePath: string): Promise<string | null>;
+    /**
+     * Permanently delete a stored object by `storagePath`. Used when a
+     * conversation is deleted. MUST verify the path is in the bound user's
+     * namespace before deleting. No-op (does not throw) if the object is
+     * already gone — delete is idempotent.
+     */
+    remove(storagePath: string): Promise<void>;
+}
+/**
+ * Constructs a `StorageAdapter` bound to a specific, already-verified user —
+ * same trust rules as `ChatStoreFactory`. `userId` must come from the server
+ * session, never from request input.
+ */
+type StorageAdapterFactory = (userId: string) => StorageAdapter;
+
+export type { StorageAdapter as S, UploadInput as U, StorageAdapterFactory as a, UploadResult as b };