@nexpress/core 0.1.0

package/dist/mutes-EWAE5FZR.js

@@ -0,0 +1,21 @@
+import {
+  getMutedTargetIds,
+  isMuted,
+  listMutes,
+  muteMember,
+  unmuteMember
+} from "./chunk-NUCGHWCF.js";
+import "./chunk-FZ7O6DWI.js";
+import "./chunk-SBCVAC2Z.js";
+import "./chunk-ZCINJSS4.js";
+import "./chunk-XANPEOJC.js";
+import "./chunk-M43PGOQY.js";
+import "./chunk-PZ5AY32C.js";
+export {
+  getMutedTargetIds,
+  isMuted,
+  listMutes,
+  muteMember,
+  unmuteMember
+};
+//# sourceMappingURL=mutes-EWAE5FZR.js.map

package/dist/mutes-EWAE5FZR.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/notification-prefs-VPJDU7I6.js

@@ -0,0 +1,21 @@
+import {
+  getMemberNotificationPrefs,
+  isNotificationKindEnabled,
+  listNotificationKinds,
+  recordDigestSent,
+  registerNotificationKind,
+  setMemberNotificationPrefs
+} from "./chunk-CTSQ7BRI.js";
+import "./chunk-ZCINJSS4.js";
+import "./chunk-XANPEOJC.js";
+import "./chunk-M43PGOQY.js";
+import "./chunk-PZ5AY32C.js";
+export {
+  getMemberNotificationPrefs,
+  isNotificationKindEnabled,
+  listNotificationKinds,
+  recordDigestSent,
+  registerNotificationKind,
+  setMemberNotificationPrefs
+};
+//# sourceMappingURL=notification-prefs-VPJDU7I6.js.map

package/dist/notification-prefs-VPJDU7I6.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/observability.d.ts

@@ -0,0 +1,156 @@
+export { N as NpLogLevel, a as NpLogger, c as consoleLogger, g as getLogger, b as getScopedLogger, r as resetLogger, s as setLogger } from './logger-DqGaOU_j.js';
+
+/**
+ * Pluggable error reporter. The default is a no-op so users who don't
+ * need third-party tracking pay nothing; production deployments can
+ * install a Sentry / Bugsnag / Honeybadger / Rollbar adapter via
+ * `setErrorReporter()`.
+ *
+ * The framework reports errors at three boundaries:
+ *  1. Unhandled exceptions in API route handlers (via `npErrorResponse`).
+ *  2. Plugin hook handlers that throw (via the plugin host).
+ *  3. pg-boss job handlers that throw (registered by the worker process).
+ *
+ * Reporters MUST NOT throw — exceptions inside `captureException` are
+ * caught and logged, never propagated.
+ */
+interface NpErrorReportContext {
+    /**
+     * Free-form tags used by error trackers for filtering and grouping.
+     * E.g. `{ source: "api", route: "/api/collections/posts" }`.
+     */
+    tags?: Record<string, string>;
+    /** Optional user identity, populated when the error happened in a
+     *  request context. */
+    user?: {
+        id?: string;
+        email?: string;
+        role?: string;
+    };
+    /** Arbitrary extra context — request body shape, plugin id, job name. */
+    extra?: Record<string, unknown>;
+}
+interface NpErrorReporter {
+    captureException(error: Error, context?: NpErrorReportContext): void | Promise<void>;
+}
+/** Default — does nothing. Replaceable via `setErrorReporter`. */
+declare const noopErrorReporter: NpErrorReporter;
+/** Replace the global error reporter. Call once at app boot. */
+declare function setErrorReporter(reporter: NpErrorReporter): void;
+/** Returns the currently-installed reporter. Defaults to no-op. */
+declare function getErrorReporter(): NpErrorReporter;
+/**
+ * Safe wrapper that swallows reporter exceptions so error reporting can
+ * never itself crash the host. Logs the underlying capture failure via
+ * `console.error` — using `getLogger()` here would risk a loop if the
+ * logger is also broken.
+ */
+declare function reportError(error: Error, context?: NpErrorReportContext): Promise<void>;
+/** Reset to the default no-op reporter. Tests use this to undo `setErrorReporter`. */
+declare function resetErrorReporter(): void;
+
+/**
+ * Inputs to {@link verifyStartupSafety}. The bootstrap layer
+ * (`packages/next/src/bootstrap.ts`) reads the resolved config and the
+ * relevant env vars and hands them in — keeping this helper a pure
+ * function of its input means it stays trivially testable and never
+ * accidentally reads `process.env` from a deeper code path.
+ */
+interface NpStartupSafetyInput {
+    /** Storage adapter id chosen by `createStorageAdapter` (`local` or `s3`). */
+    storageAdapter: "local" | "s3";
+    /** Resolved auth secret. `null` when unset. */
+    secret: string | null;
+    /** `process.env.NODE_ENV` at boot — typically `"production"` / `"development"` / undefined. */
+    nodeEnv: string | undefined;
+    /**
+     * `process.env.NP_MULTI_NODE` at boot. When the operator opts into
+     * multi-node mode we tighten checks that are otherwise just hints.
+     */
+    multiNodeFlag: string | undefined;
+    /**
+     * True when the boot environment looks like a managed container
+     * runtime (Kubernetes / Fly.io / Render / similar). The bootstrap
+     * layer evaluates the well-known env vars and hands a single bool
+     * in so this helper stays a pure function. We use this together
+     * with `nodeEnv === "production"` to catch the common footgun
+     * where an operator deploys to a multi-replica platform and forgot
+     * to set `NP_MULTI_NODE=true`. Optional for back-compat with
+     * callers that don't supply it (treated as `false`).
+     */
+    containerEnv?: boolean;
+    /**
+     * Value of `NP_EMAIL_ADAPTER` at boot. Pass `null` when the env
+     * var is unset, the literal string when it is — we check the
+     * **operator's intent** rather than the live adapter because the
+     * adapter is configured later in the boot sequence (after the
+     * core-services step that runs this safety check). Use `null` /
+     * `"noop"` to mean "operator hasn't asked for a real adapter,
+     * warn in production." Custom adapters wired via
+     * `setEmailAdapter()` programmatically will surface a false
+     * positive here — the warning text calls that out.
+     */
+    emailAdapterEnv?: string | null;
+    /**
+     * Hostname extracted from `DATABASE_URL`. Optional for back-compat.
+     * When provided and the host looks like loopback (`localhost` /
+     * `127.0.0.1` / `::1`) AND `nodeEnv === "production"`, we warn —
+     * the operator likely shipped the dev DB connection string.
+     */
+    databaseHost?: string | null;
+    /**
+     * Resolved `SITE_URL` (or equivalent base URL) at boot. Optional
+     * for back-compat. When unset OR loopback-shaped in production,
+     * we warn — links, SEO canonical URLs, OAuth callbacks, sitemap
+     * URLs all anchor on this value.
+     */
+    siteUrl?: string | null;
+    /**
+     * Whether the operator has opted into a custom rate-limiter
+     * adapter via `setRateLimiter(...)`. `false` means the default
+     * `InMemoryRateLimiter` will be lazily installed on first use —
+     * fine for single-node, but per-node buckets in multi-replica
+     * deploys make the limit ~Nx looser than configured. Optional
+     * for back-compat; `undefined` skips the check.
+     */
+    rateLimiterCustom?: boolean;
+}
+/**
+ * Surfaces operationally-bitten misconfiguration as warnings during
+ * boot. The set is intentionally small — every entry has to map to
+ * a real failure mode that has either bitten the project or been
+ * called out in the deployment docs:
+ *
+ *   - `LocalStorageAdapter` + `NP_MULTI_NODE=true`. Different nodes
+ *     see different `./uploads` directories; uploads disappear
+ *     between requests. (`docs/deployment.md` — Multi-node notes.)
+ *   - `LocalStorageAdapter` + `NODE_ENV=production` + a managed-
+ *     container env var (`KUBERNETES_SERVICE_HOST`, `FLY_REGION`,
+ *     `RENDER_INSTANCE_ID`, `RAILWAY_ENVIRONMENT_NAME`, …). Same
+ *     failure mode as above; this branch catches the operator who
+ *     forgot to set `NP_MULTI_NODE` but is clearly running on a
+ *     multi-replica platform.
+ *   - `NODE_ENV=production` + missing or short `NP_SECRET`. Tokens
+ *     signed with a weak secret are forgeable. We cap below 32 bytes
+ *     because that's the floor `signJwt` documents.
+ *   - `NODE_ENV=production` + `emailAdapterKind === "noop"` (#597).
+ *     Transactional mail (password reset, email verify, member
+ *     digests) silently dropped — operators expect those to deliver.
+ *   - `NODE_ENV=production` + `databaseHost` looks like loopback
+ *     (#597). `localhost` / `127.0.0.1` / `::1` in a prod deploy is
+ *     almost always a stale dev `DATABASE_URL` that slipped through.
+ *   - `NODE_ENV=production` + `siteUrl` unset or loopback-shaped
+ *     (#597). Sitemap URLs, SEO canonical URLs, OAuth callbacks,
+ *     transactional mail links all anchor on this — wrong value
+ *     manifests as broken share links and unverifiable OAuth round-
+ *     trips, which take a while for the operator to notice.
+ *
+ * Warnings go through {@link getScopedLogger} so production deploys
+ * that have called `setLogger(...)` get them in their structured-log
+ * pipeline (Datadog, Axiom, etc.) instead of stdout. Returns the list
+ * of emitted warning ids so callers can assert on them in tests; in
+ * production nothing inspects the return value.
+ */
+declare function verifyStartupSafety(input: NpStartupSafetyInput): readonly string[];
+
+export { type NpErrorReportContext, type NpErrorReporter, type NpStartupSafetyInput, getErrorReporter, noopErrorReporter, reportError, resetErrorReporter, setErrorReporter, verifyStartupSafety };

package/dist/observability.js

@@ -0,0 +1,32 @@
+import {
+  verifyStartupSafety
+} from "./chunk-2YDGE7YX.js";
+import {
+  getErrorReporter,
+  noopErrorReporter,
+  reportError,
+  resetErrorReporter,
+  setErrorReporter
+} from "./chunk-WV272MPW.js";
+import {
+  consoleLogger,
+  getLogger,
+  getScopedLogger,
+  resetLogger,
+  setLogger
+} from "./chunk-JJL74ZPK.js";
+import "./chunk-PZ5AY32C.js";
+export {
+  consoleLogger,
+  getErrorReporter,
+  getLogger,
+  getScopedLogger,
+  noopErrorReporter,
+  reportError,
+  resetErrorReporter,
+  resetLogger,
+  setErrorReporter,
+  setLogger,
+  verifyStartupSafety
+};
+//# sourceMappingURL=observability.js.map

package/dist/observability.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/profanity-adapter-NU2JQSLX.js

@@ -0,0 +1,12 @@
+import {
+  getProfanityAdapter,
+  resetProfanityAdapter,
+  setProfanityAdapter
+} from "./chunk-KU5M27ZC.js";
+import "./chunk-PZ5AY32C.js";
+export {
+  getProfanityAdapter,
+  resetProfanityAdapter,
+  setProfanityAdapter
+};
+//# sourceMappingURL=profanity-adapter-NU2JQSLX.js.map

package/dist/profanity-adapter-NU2JQSLX.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/queue-XE5BC75T.js

@@ -0,0 +1,14 @@
+import {
+  enqueueJob,
+  getJobQueue,
+  getOptionalJobQueue,
+  setJobQueue
+} from "./chunk-V2UNHGAP.js";
+import "./chunk-PZ5AY32C.js";
+export {
+  enqueueJob,
+  getJobQueue,
+  getOptionalJobQueue,
+  setJobQueue
+};
+//# sourceMappingURL=queue-XE5BC75T.js.map

package/dist/queue-XE5BC75T.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/rate-limit.d.ts

@@ -0,0 +1,99 @@
+/**
+ * Phase 23.7 — pluggable rate-limiter adapter contract.
+ *
+ * The framework exposes a single `check(key, limit, windowMs)`
+ * call against the configured adapter; the proxy/middleware layer
+ * doesn't know whether the bucket is in-process, in Redis, or in
+ * a CDN's edge worker. That keeps `apps/web/src/proxy.ts` neutral
+ * to topology — single-node deploys keep the in-memory adapter,
+ * multi-node deploys swap in `@nexpress/rate-limiter-redis` (or
+ * any other implementation) at boot.
+ *
+ * The interface is intentionally tiny:
+ *   - one method
+ *   - synchronous-feeling shape but always async (Redis is)
+ *   - no notion of bucket creation or expiry inspection
+ *
+ * That matches what NexPress's middleware actually needs and avoids
+ * baking assumptions about, e.g., sliding-window vs fixed-window
+ * semantics into the contract. Adapters pick whichever fits.
+ */
+interface NpRateLimitDecision {
+    /** True when the request should be rejected (count exceeded). */
+    limited: boolean;
+    /**
+     * Seconds until the bucket resets. Set even when `limited` is
+     * false so callers can surface a `RateLimit-Reset` header (some
+     * clients expect it on every response, not just 429s). Adapters
+     * unable to compute it can omit the field — callers must tolerate
+     * missing values.
+     */
+    retryAfterSeconds?: number;
+}
+interface NpRateLimiterAdapter {
+    /**
+     * Increment the bucket identified by `key` and return whether
+     * the resulting count exceeds `limit` within `windowMs`.
+     *
+     * Implementations should make the increment-and-test
+     * indivisible *within their concurrency model*:
+     *   - The default `InMemoryRateLimiter` relies on Node's
+     *     single-threaded event loop — concurrent `check`s on the
+     *     same Map key serialize naturally. Worker-thread or
+     *     multi-process consumers need a different adapter.
+     *   - `RedisRateLimiter` uses a Lua script so an `INCR` and
+     *     its TTL arm happen in a single Redis call.
+     *
+     * `key` is opaque to the adapter — the framework composes it
+     * from (ip, route-pattern). Adapters should treat it as a
+     * binary-safe string and not parse it.
+     */
+    check(key: string, limit: number, windowMs: number): Promise<NpRateLimitDecision>;
+    /**
+     * Optional teardown hook for adapters that hold network
+     * connections or background timers (Redis client, cleanup
+     * intervals). Called by the bootstrap layer at process
+     * shutdown so e.g. a Redis pool drains cleanly. The framework
+     * never invokes this on the in-memory adapter — the cleanup
+     * timer there lives on `globalThis` for HMR durability.
+     */
+    shutdown?(): Promise<void>;
+}
+
+/**
+ * Default rate-limiter adapter. Same fixed-window behaviour the
+ * proxy already had before this lived behind an interface — a
+ * request in the first ms and one in the last ms of a window
+ * share the bucket. Single-node deploys keep this; multi-node
+ * deploys swap in `@nexpress/rate-limiter-redis` (or another
+ * adapter) at boot.
+ *
+ * Why store + janitor on `globalThis`: HMR re-evaluates this
+ * module on every save in dev, and a module-scoped Map would
+ * orphan the previous one from its cleanup interval (#315).
+ * Pinning both to `globalThis` keeps Map and janitor paired
+ * across reloads.
+ *
+ * Why the janitor arms lazily: importing this file alone
+ * shouldn't keep a Node process alive. CLI / one-shot scripts
+ * that pull in `@nexpress/core` for unrelated reasons shouldn't
+ * inherit a 60-second timer.
+ */
+interface Bucket {
+    count: number;
+    resetAt: number;
+}
+declare global {
+    var __nx_rate_limit_store: Map<string, Bucket> | undefined;
+    var __nx_rate_limit_cleanup_handle: NodeJS.Timeout | undefined;
+}
+declare class InMemoryRateLimiter implements NpRateLimiterAdapter {
+    constructor();
+    check(key: string, limit: number, windowMs: number): Promise<NpRateLimitDecision>;
+}
+
+declare function setRateLimiter(adapter: NpRateLimiterAdapter | null): void;
+declare function getRateLimiter(): NpRateLimiterAdapter;
+declare function getOptionalRateLimiter(): NpRateLimiterAdapter | null;
+
+export { InMemoryRateLimiter, type NpRateLimitDecision, type NpRateLimiterAdapter, getOptionalRateLimiter, getRateLimiter, setRateLimiter };

package/dist/rate-limit.js

@@ -0,0 +1,14 @@
+import {
+  InMemoryRateLimiter,
+  getOptionalRateLimiter,
+  getRateLimiter,
+  setRateLimiter
+} from "./chunk-2G264RCD.js";
+import "./chunk-PZ5AY32C.js";
+export {
+  InMemoryRateLimiter,
+  getOptionalRateLimiter,
+  getRateLimiter,
+  setRateLimiter
+};
+//# sourceMappingURL=rate-limit.js.map

package/dist/rate-limit.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/registry-XIXDEPVI.js

@@ -0,0 +1,31 @@
+import {
+  NP_DEFAULT_SITE_ID,
+  createSite,
+  deleteSite,
+  ensureDefaultSite,
+  getDefaultSite,
+  getSiteByHostname,
+  getSiteById,
+  getSiteUsageSummary,
+  listSites,
+  resolveSiteForHostname,
+  updateSite
+} from "./chunk-FZ7O6DWI.js";
+import "./chunk-ZCINJSS4.js";
+import "./chunk-XANPEOJC.js";
+import "./chunk-M43PGOQY.js";
+import "./chunk-PZ5AY32C.js";
+export {
+  NP_DEFAULT_SITE_ID,
+  createSite,
+  deleteSite,
+  ensureDefaultSite,
+  getDefaultSite,
+  getSiteByHostname,
+  getSiteById,
+  getSiteUsageSummary,
+  listSites,
+  resolveSiteForHostname,
+  updateSite
+};
+//# sourceMappingURL=registry-XIXDEPVI.js.map

package/dist/registry-XIXDEPVI.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/reputation-JRL2YQHM.js

@@ -0,0 +1,11 @@
+import {
+  applyReputation
+} from "./chunk-THX3SHYA.js";
+import "./chunk-JJL74ZPK.js";
+import "./chunk-XANPEOJC.js";
+import "./chunk-M43PGOQY.js";
+import "./chunk-PZ5AY32C.js";
+export {
+  applyReputation
+};
+//# sourceMappingURL=reputation-JRL2YQHM.js.map

package/dist/reputation-JRL2YQHM.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/routes.d.ts

@@ -0,0 +1,43 @@
+/**
+ * Developer-declared custom-route registry. Hand-coded Next.js routes
+ * under `apps/web/src/app/(site)/*` are invisible to the framework
+ * (the catch-all `[[...slug]]` only knows about CMS pages, plugins
+ * declare their own routes via `definePlugin({ routes })`). Operators
+ * still need to discover and link to those hand-coded surfaces from
+ * the admin — the navigation editor in particular.
+ *
+ * App code declares each navigable hand-coded route with
+ * `registerCustomRoute(...)` at boot. The admin reads the registry
+ * via `getCustomRoutes()` to populate a Settings tab and the nav
+ * editor's URL autocomplete.
+ *
+ * Re-registering the same `path` overwrites silently — same HMR-safe
+ * convention as the block registry. The registry is process-scoped;
+ * sites in a multi-tenant deployment share the same set because all
+ * sites share the same code bundle.
+ */
+interface NpCustomRoute {
+    /**
+     * The route's URL path. Must start with `/`. May include dynamic
+     * segments for documentation purposes (e.g. `/u/[username]`), but
+     * such routes won't appear as nav-link targets — the autocomplete
+     * filters them out because a literal href can't be derived.
+     */
+    path: string;
+    /** Short human label for the admin UI. */
+    label: string;
+    /** Optional one-line description. */
+    description?: string;
+    /**
+     * Optional Lucide icon name (lowercase kebab-case, matching the
+     * shared `BlockIcon` resolver). Defaults to `route` if unset.
+     */
+    icon?: string;
+    /** Optional grouping key for the admin list (e.g. "content", "community"). */
+    group?: string;
+}
+declare function registerCustomRoute(route: NpCustomRoute): void;
+declare function getCustomRoutes(): NpCustomRoute[];
+declare function clearCustomRoutes(): void;
+
+export { type NpCustomRoute, clearCustomRoutes, getCustomRoutes, registerCustomRoute };

package/dist/routes.js

@@ -0,0 +1,12 @@
+import {
+  clearCustomRoutes,
+  getCustomRoutes,
+  registerCustomRoute
+} from "./chunk-X5KKBOUS.js";
+import "./chunk-PZ5AY32C.js";
+export {
+  clearCustomRoutes,
+  getCustomRoutes,
+  registerCustomRoute
+};
+//# sourceMappingURL=routes.js.map

package/dist/routes.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/scheduled-CIQM57HT.js

@@ -0,0 +1,20 @@
+import {
+  publishScheduledDocuments
+} from "./chunk-XPVQIHAQ.js";
+import "./chunk-VGTPQXNQ.js";
+import "./chunk-4ZLMEKFX.js";
+import "./chunk-FZ7O6DWI.js";
+import "./chunk-SBCVAC2Z.js";
+import "./chunk-ZCINJSS4.js";
+import "./chunk-WV272MPW.js";
+import "./chunk-473S4TER.js";
+import "./chunk-V2UNHGAP.js";
+import "./chunk-OROPGO65.js";
+import "./chunk-JJL74ZPK.js";
+import "./chunk-XANPEOJC.js";
+import "./chunk-M43PGOQY.js";
+import "./chunk-PZ5AY32C.js";
+export {
+  publishScheduledDocuments
+};
+//# sourceMappingURL=scheduled-CIQM57HT.js.map

package/dist/scheduled-CIQM57HT.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}