@nordbyte/nordrelay 0.4.1 → 0.5.1

package/dist/web-api-contract.js

@@ -0,0 +1,104 @@
+const stringToken = "${string}";
+export const WEB_API_ROUTE_DEFINITIONS = [
+    exact("/api/auth/me", ["GET"], "inspect"),
+    exact("/api/dashboard/logout", ["POST"], "inspect"),
+    exact("/api/bootstrap", ["GET"], "inspect"),
+    exact("/api/health", ["GET"], "inspect"),
+    exact("/api/snapshot", ["GET"], "inspect"),
+    exact("/api/tasks", ["GET"], "inspect"),
+    exact("/api/progress", ["GET"], "inspect"),
+    exact("/api/version", ["GET"], "inspect"),
+    exact("/api/update", ["POST"], "updates.run"),
+    exact("/api/agent-updates", ["GET"], "updates.run"),
+    exact("/api/agent-update", ["POST"], "updates.run"),
+    dynamic("/api/agent-update/:id/log", "^/api/agent-update/[^/]+/log$", ["GET", "DELETE"], "updates.run", `/api/agent-update/${stringToken}/log`),
+    dynamic("/api/agent-update/:id/input", "^/api/agent-update/[^/]+/input$", ["POST"], "updates.run", `/api/agent-update/${stringToken}/input`),
+    dynamic("/api/agent-update/:id/cancel", "^/api/agent-update/[^/]+/cancel$", ["POST"], "updates.run", `/api/agent-update/${stringToken}/cancel`),
+    exact("/api/adapters/health", ["GET"], "inspect"),
+    exact("/api/permissions", ["GET"], "users.read"),
+    exact("/api/users", ["GET", "POST"], readWrite("users.read", "users.write")),
+    dynamic("/api/users/:id", "^/api/users/[^/]+$", ["PATCH"], "users.write", `/api/users/${stringToken}`),
+    dynamic("/api/users/:id/password", "^/api/users/[^/]+/password$", ["POST"], "users.write", `/api/users/${stringToken}/password`),
+    dynamic("/api/users/:id/sessions", "^/api/users/[^/]+/sessions$", ["GET", "DELETE"], readWrite("users.read", "users.write"), `/api/users/${stringToken}/sessions`),
+    dynamic("/api/users/:id/sessions/:sessionId", "^/api/users/[^/]+/sessions/[^/]+$", ["DELETE"], "users.write", `/api/users/${stringToken}/sessions/${stringToken}`),
+    dynamic("/api/users/:id/telegram", "^/api/users/[^/]+/telegram$", ["POST"], "users.write", `/api/users/${stringToken}/telegram`),
+    dynamic("/api/users/:id/telegram/:identityId", "^/api/users/[^/]+/telegram/[^/]+$", ["DELETE"], "users.write", `/api/users/${stringToken}/telegram/${stringToken}`),
+    exact("/api/groups", ["GET", "POST"], readWrite("users.read", "users.write")),
+    dynamic("/api/groups/:id", "^/api/groups/[^/]+$", ["PATCH"], "users.write", `/api/groups/${stringToken}`),
+    exact("/api/telegram-chats", ["GET", "POST"], readWrite("users.read", "users.write")),
+    dynamic("/api/telegram-chats/:id", "^/api/telegram-chats/[^/]+$", ["PATCH"], "users.write", `/api/telegram-chats/${stringToken}`),
+    exact("/api/audit", ["GET"], "audit.read"),
+    exact("/api/locks", ["GET", "POST", "DELETE"], readWrite("sessions.read", "sessions.write")),
+    exact("/api/auth/status", ["GET"], "inspect"),
+    exact("/api/auth/login", ["POST"], "auth.manage"),
+    exact("/api/auth/logout", ["POST"], "auth.manage"),
+    exact("/api/settings", ["GET", "PATCH"], readWrite("settings.read", "settings.write")),
+    exact("/api/control-options", ["GET"], "settings.read"),
+    exact("/api/sessions", ["GET"], "sessions.read"),
+    exact("/api/sessions/new", ["POST"], "sessions.write"),
+    exact("/api/sessions/switch", ["POST"], "sessions.write"),
+    exact("/api/sessions/attach", ["POST"], "sessions.write"),
+    exact("/api/sessions/detail", ["GET"], "sessions.read"),
+    exact("/api/agent", ["POST"], "sessions.write"),
+    exact("/api/models", ["GET"], "settings.read"),
+    exact("/api/session/model", ["POST"], "settings.write"),
+    exact("/api/session/reasoning", ["POST"], "settings.write"),
+    exact("/api/session/fast", ["POST"], "settings.write"),
+    exact("/api/session/launch", ["POST"], "settings.write"),
+    exact("/api/prompt", ["POST"], "prompt.send"),
+    exact("/api/prompt/upload", ["POST"], "prompt.send"),
+    exact("/api/abort", ["POST"], "prompt.abort"),
+    exact("/api/stop", ["POST"], "prompt.abort"),
+    exact("/api/handback", ["POST"], "sessions.write"),
+    exact("/api/retry", ["POST"], "prompt.send"),
+    exact("/api/sync", ["POST"], "sessions.write"),
+    exact("/api/queue", ["GET", "POST"], readWrite("queue.read", "queue.write")),
+    exact("/api/chat/history", ["GET", "DELETE"], readWrite("sessions.read", "sessions.write")),
+    exact("/api/activity", ["GET"], "sessions.read"),
+    exact("/api/artifacts", ["GET", "DELETE"], readWrite("files.read", "files.write")),
+    exact("/api/artifacts/bulk", ["POST"], "files.write"),
+    exact("/api/artifacts/zip", ["GET"], "files.read"),
+    exact("/api/artifacts/file", ["GET"], "files.read"),
+    exact("/api/artifacts/preview", ["GET"], "files.read"),
+    exact("/api/logs", ["GET"], "logs.read"),
+    exact("/api/logs/clear", ["POST"], "logs.clear"),
+    exact("/api/diagnostics", ["GET"], "diagnostics.read"),
+    exact("/api/diagnostics/bundle", ["GET"], "diagnostics.read"),
+    exact("/api/runtime/restart", ["POST"], "system.restart"),
+];
+export const WEB_API_STATIC_PATHS = WEB_API_ROUTE_DEFINITIONS
+    .filter((route) => !route.pattern)
+    .map((route) => route.path);
+export const WEB_API_DYNAMIC_TYPE_PATHS = WEB_API_ROUTE_DEFINITIONS
+    .flatMap((route) => route.dynamicType ? [route.dynamicType] : []);
+export function permissionForWebRequestFromContract(method, pathname) {
+    const verb = normalizeMethod(method);
+    const rule = WEB_API_ROUTE_DEFINITIONS.find((candidate) => (candidate.pattern ? new RegExp(candidate.pattern).test(pathname) : candidate.path === pathname));
+    const methods = rule?.methods ?? [];
+    if (!rule || !methods.includes(verb)) {
+        return null;
+    }
+    return resolvePermission(rule.permissions, verb);
+}
+function exact(path, methods, permissions) {
+    return { path, methods, permissions };
+}
+function dynamic(path, pattern, methods, permissions, dynamicType) {
+    return { path, pattern, methods, permissions, dynamicType };
+}
+function readWrite(read, write) {
+    return { read, write };
+}
+function resolvePermission(rule, verb) {
+    if (typeof rule === "string") {
+        return rule;
+    }
+    return verb === "GET" ? rule.read : rule.write;
+}
+function normalizeMethod(method) {
+    const upper = (method ?? "GET").toUpperCase();
+    if (upper === "GET" || upper === "POST" || upper === "PATCH" || upper === "PUT" || upper === "DELETE") {
+        return upper;
+    }
+    return "GET";
+}

package/dist/web-api-types.js

@@ -0,0 +1 @@
+export {};

package/dist/web-dashboard-access-routes.js

@@ -0,0 +1,163 @@
+import { ALL_PERMISSIONS } from "./access-control.js";
+import { publicUser, publicUserSnapshot, } from "./user-management.js";
+import { arrayNumberField, arrayStringField, numberField, numberParam, optionalBooleanField, optionalNumberField, optionalStringField, readJsonBody, sendJson, stringField, } from "./web-dashboard-http.js";
+export async function handleDashboardAccessRoute(req, res, url, options) {
+    const { users, runtime, authUser } = options;
+    if (req.method === "GET" && url.pathname === "/api/permissions") {
+        sendJson(res, 200, { ...publicUserSnapshot(users.snapshot()), permissions: ALL_PERMISSIONS });
+        return true;
+    }
+    if (req.method === "GET" && url.pathname === "/api/users") {
+        sendJson(res, 200, { ...publicUserSnapshot(users.snapshot()), permissions: ALL_PERMISSIONS });
+        return true;
+    }
+    if (req.method === "POST" && url.pathname === "/api/users") {
+        const body = await readJsonBody(req);
+        const user = users.createUser({
+            email: stringField(body, "email"),
+            displayName: optionalStringField(body, "displayName") ?? stringField(body, "email"),
+            password: stringField(body, "password"),
+            groupIds: arrayStringField(body, "groupIds"),
+            active: optionalBooleanField(body, "active") ?? true,
+            telegramUserId: optionalNumberField(body, "telegramUserId"),
+        });
+        options.auditUserAction(authUser, "user_created", user.user.email);
+        sendJson(res, 201, { user: publicUser(user.user), groups: user.groups });
+        return true;
+    }
+    const userMatch = url.pathname.match(/^\/api\/users\/([^/]+)$/);
+    if (userMatch?.[1] && req.method === "PATCH") {
+        const body = await readJsonBody(req);
+        const user = users.updateUser(decodeURIComponent(userMatch[1]), {
+            email: optionalStringField(body, "email"),
+            displayName: optionalStringField(body, "displayName"),
+            active: optionalBooleanField(body, "active"),
+            groupIds: body.groupIds === undefined ? undefined : arrayStringField(body, "groupIds"),
+        });
+        options.auditUserAction(authUser, "user_updated", user.user.email);
+        sendJson(res, 200, { user: publicUser(user.user), groups: user.groups });
+        return true;
+    }
+    const passwordMatch = url.pathname.match(/^\/api\/users\/([^/]+)\/password$/);
+    if (passwordMatch?.[1] && req.method === "POST") {
+        const body = await readJsonBody(req);
+        const userId = decodeURIComponent(passwordMatch[1]);
+        users.setPassword(userId, stringField(body, "password"));
+        options.auditUserAction(authUser, "user_password_changed", userId);
+        sendJson(res, 200, { ok: true });
+        return true;
+    }
+    const userSessionsMatch = url.pathname.match(/^\/api\/users\/([^/]+)\/sessions$/);
+    if (userSessionsMatch?.[1] && req.method === "GET") {
+        sendJson(res, 200, { sessions: users.listWebSessions(decodeURIComponent(userSessionsMatch[1])) });
+        return true;
+    }
+    if (userSessionsMatch?.[1] && req.method === "DELETE") {
+        const userId = decodeURIComponent(userSessionsMatch[1]);
+        const revoked = users.revokeUserSessions(userId);
+        options.auditUserAction(authUser, "user_session_revoked", `${userId}: ${revoked} sessions`);
+        sendJson(res, 200, { revoked });
+        return true;
+    }
+    const userSessionMatch = url.pathname.match(/^\/api\/users\/[^/]+\/sessions\/([^/]+)$/);
+    if (userSessionMatch?.[1] && req.method === "DELETE") {
+        const sessionId = decodeURIComponent(userSessionMatch[1]);
+        const revoked = users.revokeWebSession(sessionId);
+        options.auditUserAction(authUser, "user_session_revoked", sessionId);
+        sendJson(res, 200, { revoked });
+        return true;
+    }
+    const telegramLinkMatch = url.pathname.match(/^\/api\/users\/([^/]+)\/telegram$/);
+    if (telegramLinkMatch?.[1] && req.method === "POST") {
+        const body = await readJsonBody(req);
+        if (body.createCode === true) {
+            const userId = decodeURIComponent(telegramLinkMatch[1]);
+            const linkCode = users.createTelegramLinkCode(userId);
+            options.auditUserAction(authUser, "telegram_link_created", userId);
+            sendJson(res, 201, { linkCode });
+            return true;
+        }
+        const identity = users.linkTelegramUser(decodeURIComponent(telegramLinkMatch[1]), {
+            telegramUserId: numberField(body, "telegramUserId"),
+            username: optionalStringField(body, "username"),
+        });
+        options.auditUserAction(authUser, "telegram_linked", String(identity.telegramUserId));
+        sendJson(res, 201, { identity });
+        return true;
+    }
+    const telegramUnlinkMatch = url.pathname.match(/^\/api\/users\/[^/]+\/telegram\/([^/]+)$/);
+    if (telegramUnlinkMatch?.[1] && req.method === "DELETE") {
+        const identityId = decodeURIComponent(telegramUnlinkMatch[1]);
+        const removed = users.unlinkTelegramIdentity(identityId);
+        options.auditUserAction(authUser, "telegram_unlinked", identityId);
+        sendJson(res, 200, { removed });
+        return true;
+    }
+    if (req.method === "GET" && url.pathname === "/api/groups") {
+        sendJson(res, 200, { groups: users.listGroups() });
+        return true;
+    }
+    if (req.method === "POST" && url.pathname === "/api/groups") {
+        const body = await readJsonBody(req);
+        const group = users.createGroup({
+            name: stringField(body, "name"),
+            description: optionalStringField(body, "description"),
+            permissions: arrayStringField(body, "permissions"),
+            agentIds: arrayStringField(body, "agentIds"),
+            workspaceRoots: arrayStringField(body, "workspaceRoots"),
+            telegramChatIds: arrayNumberField(body, "telegramChatIds"),
+        });
+        options.auditUserAction(authUser, "group_created", group.id);
+        sendJson(res, 201, { group });
+        return true;
+    }
+    const groupMatch = url.pathname.match(/^\/api\/groups\/([^/]+)$/);
+    if (groupMatch?.[1] && req.method === "PATCH") {
+        const body = await readJsonBody(req);
+        const group = users.updateGroup(decodeURIComponent(groupMatch[1]), {
+            name: optionalStringField(body, "name"),
+            description: optionalStringField(body, "description"),
+            permissions: body.permissions === undefined ? undefined : arrayStringField(body, "permissions"),
+            agentIds: body.agentIds === undefined ? undefined : arrayStringField(body, "agentIds"),
+            workspaceRoots: body.workspaceRoots === undefined ? undefined : arrayStringField(body, "workspaceRoots"),
+            telegramChatIds: body.telegramChatIds === undefined ? undefined : arrayNumberField(body, "telegramChatIds"),
+        });
+        options.auditUserAction(authUser, "group_updated", group.id);
+        sendJson(res, 200, { group });
+        return true;
+    }
+    if (req.method === "GET" && url.pathname === "/api/telegram-chats") {
+        sendJson(res, 200, { chats: users.snapshot().telegramChats });
+        return true;
+    }
+    if (req.method === "POST" && url.pathname === "/api/telegram-chats") {
+        const body = await readJsonBody(req);
+        const chat = users.registerTelegramChat({
+            chatId: numberField(body, "chatId"),
+            title: optionalStringField(body, "title"),
+            type: optionalStringField(body, "type"),
+            enabled: optionalBooleanField(body, "enabled") ?? true,
+            allowedGroupIds: arrayStringField(body, "allowedGroupIds"),
+        });
+        options.auditUserAction(authUser, "telegram_chat_updated", String(chat.chatId));
+        sendJson(res, 201, { chat });
+        return true;
+    }
+    const chatMatch = url.pathname.match(/^\/api\/telegram-chats\/([^/]+)$/);
+    if (chatMatch?.[1] && req.method === "PATCH") {
+        const body = await readJsonBody(req);
+        const chat = users.updateTelegramChat(decodeURIComponent(chatMatch[1]), {
+            enabled: optionalBooleanField(body, "enabled"),
+            title: optionalStringField(body, "title"),
+            allowedGroupIds: body.allowedGroupIds === undefined ? undefined : arrayStringField(body, "allowedGroupIds"),
+        });
+        options.auditUserAction(authUser, "telegram_chat_updated", String(chat.chatId));
+        sendJson(res, 200, { chat });
+        return true;
+    }
+    if (req.method === "GET" && url.pathname === "/api/audit") {
+        sendJson(res, 200, { events: runtime.audit(numberParam(url, "limit", 50)) });
+        return true;
+    }
+    return false;
+}

package/dist/web-dashboard-artifact-routes.js

@@ -0,0 +1,65 @@
+import { readJsonBody, requiredSearch, sendFile, sendJson, stringField, } from "./web-dashboard-http.js";
+export async function handleDashboardArtifactRoute(req, res, url, options) {
+    const { runtime, authUser } = options;
+    if (req.method === "GET" && url.pathname === "/api/artifacts") {
+        await options.assertCurrentSessionScope(authUser);
+        sendJson(res, 200, { reports: await runtime.artifacts() });
+        return true;
+    }
+    if (req.method === "DELETE" && url.pathname === "/api/artifacts") {
+        await options.assertCurrentSessionScope(authUser);
+        sendJson(res, 200, { removed: await runtime.deleteArtifact(requiredSearch(url, "turnId")) });
+        return true;
+    }
+    if (req.method === "POST" && url.pathname === "/api/artifacts/bulk") {
+        const body = await readJsonBody(req);
+        await options.assertCurrentSessionScope(authUser);
+        const action = stringField(body, "action");
+        const turnIds = Array.isArray(body.turnIds) ? body.turnIds.filter((item) => typeof item === "string") : [];
+        if (action !== "delete") {
+            throw new Error("Unsupported artifact bulk action.");
+        }
+        const removed = [];
+        for (const turnId of turnIds) {
+            if (await runtime.deleteArtifact(turnId)) {
+                removed.push(turnId);
+            }
+        }
+        sendJson(res, 200, { removed });
+        return true;
+    }
+    if (req.method === "GET" && url.pathname === "/api/artifacts/zip") {
+        await options.assertCurrentSessionScope(authUser);
+        const bundle = await runtime.createArtifactZip(requiredSearch(url, "turnId"));
+        if (!bundle) {
+            sendJson(res, 404, { error: "Artifact turn not found or ZIP could not be created" });
+            return true;
+        }
+        sendFile(res, bundle.path, bundle.name);
+        return true;
+    }
+    if (req.method === "GET" && url.pathname === "/api/artifacts/file") {
+        await options.assertCurrentSessionScope(authUser);
+        const turnId = requiredSearch(url, "turnId");
+        const relativePath = requiredSearch(url, "path");
+        const report = await runtime.artifact(turnId);
+        const artifact = report?.artifacts.find((candidate) => candidate.relativePath === relativePath);
+        if (!artifact) {
+            sendJson(res, 404, { error: "Artifact not found" });
+            return true;
+        }
+        sendFile(res, artifact.localPath, artifact.name);
+        return true;
+    }
+    if (req.method === "GET" && url.pathname === "/api/artifacts/preview") {
+        await options.assertCurrentSessionScope(authUser);
+        const preview = await runtime.artifactPreview(requiredSearch(url, "turnId"), requiredSearch(url, "path"));
+        if (!preview) {
+            sendJson(res, 404, { error: "Artifact not found" });
+            return true;
+        }
+        sendJson(res, 200, preview);
+        return true;
+    }
+    return false;
+}

package/dist/web-dashboard-assets.js

@@ -1,2 +1,35 @@
-export { dashboardJs } from "./web-dashboard-client.js";
-export { dashboardCss } from "./web-dashboard-style.js";
+import { existsSync, readFileSync } from "node:fs";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+const moduleDir = path.dirname(fileURLToPath(import.meta.url));
+const clientSources = [
+    "client/core/api-routes.generated.js",
+    "client/core/api-client.js",
+    "client/core/runtime.js",
+    "client/overview.js",
+    "client/events.js",
+    "client/workflows.js",
+    "client/admin.js",
+];
+const styleSources = [
+    "styles/theme.css",
+    "styles/components.css",
+    "styles/layout.css",
+    "styles/responsive.css",
+];
+export function dashboardJs() {
+    return readDashboardAsset("dashboard.js", clientSources);
+}
+export function dashboardCss() {
+    return readDashboardAsset("dashboard.css", styleSources);
+}
+function readDashboardAsset(assetName, sourceFiles) {
+    const builtAsset = path.join(moduleDir, "webui-assets", assetName);
+    if (existsSync(builtAsset)) {
+        return readFileSync(builtAsset, "utf8");
+    }
+    const sourceDir = path.join(moduleDir, "webui");
+    return sourceFiles
+        .map((file) => readFileSync(path.join(sourceDir, file), "utf8"))
+        .join("\n");
+}

package/dist/web-dashboard-http.js

@@ -0,0 +1,143 @@
+import { createReadStream } from "node:fs";
+const JSON_HEADERS = { "content-type": "application/json; charset=utf-8", "cache-control": "no-store" };
+export function parseCookies(cookieHeader) {
+    const cookies = {};
+    for (const part of cookieHeader.split(";")) {
+        const [key, ...valueParts] = part.trim().split("=");
+        if (key)
+            cookies[key] = decodeURIComponent(valueParts.join("=") ?? "");
+    }
+    return cookies;
+}
+export async function readJsonBody(req) {
+    const chunks = [];
+    for await (const chunk of req) {
+        chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
+    }
+    const text = Buffer.concat(chunks).toString("utf8").trim();
+    if (!text) {
+        return {};
+    }
+    return JSON.parse(text);
+}
+export function sendJson(res, status, value) {
+    res.writeHead(status, JSON_HEADERS);
+    res.end(`${JSON.stringify(value)}\n`);
+}
+export function sendText(res, status, text, contentType) {
+    res.writeHead(status, { "content-type": contentType, "cache-control": "no-store" });
+    res.end(text);
+}
+export function sendFile(res, filePath, filename) {
+    res.writeHead(200, {
+        "content-type": "application/octet-stream",
+        "content-disposition": `attachment; filename="${filename.replace(/"/g, "")}"`,
+    });
+    createReadStream(filePath).pipe(res);
+}
+export function stringField(value, key) {
+    const field = value[key];
+    if (typeof field !== "string" || !field.trim()) {
+        throw new Error(`${key} is required`);
+    }
+    return field.trim();
+}
+export function optionalStringField(value, key) {
+    const field = value[key];
+    return typeof field === "string" && field.trim() ? field.trim() : undefined;
+}
+export function optionalBooleanField(value, key) {
+    const field = value[key];
+    return typeof field === "boolean" ? field : undefined;
+}
+export function numberField(value, key) {
+    const field = value[key];
+    const parsed = typeof field === "number" ? field : typeof field === "string" ? Number(field) : Number.NaN;
+    if (!Number.isInteger(parsed)) {
+        throw new Error(`${key} must be an integer`);
+    }
+    return parsed;
+}
+export function optionalNumberField(value, key) {
+    if (value[key] === undefined || value[key] === "") {
+        return undefined;
+    }
+    return numberField(value, key);
+}
+export function arrayStringField(value, key) {
+    const field = value[key];
+    if (field === undefined || field === null || field === "") {
+        return [];
+    }
+    if (Array.isArray(field)) {
+        return field.filter((item) => typeof item === "string");
+    }
+    if (typeof field === "string") {
+        return field.split(",").map((item) => item.trim()).filter(Boolean);
+    }
+    throw new Error(`${key} must be a string list`);
+}
+export function arrayNumberField(value, key) {
+    const field = value[key];
+    if (field === undefined || field === null || field === "") {
+        return [];
+    }
+    if (Array.isArray(field)) {
+        return field.map((item) => typeof item === "number" ? item : Number(item)).filter((item) => Number.isInteger(item));
+    }
+    if (typeof field === "string") {
+        return field.split(",").map((item) => Number(item.trim())).filter((item) => Number.isInteger(item));
+    }
+    throw new Error(`${key} must be a number list`);
+}
+export function parseAgentUpdateOperation(value) {
+    if (!value || value === "update") {
+        return "update";
+    }
+    if (value === "install") {
+        return "install";
+    }
+    throw new Error(`Invalid agent update operation: ${value}`);
+}
+export function parseLogTarget(value) {
+    return value === "update" || value === "agent-updates" ? value : "connector";
+}
+export function objectRecord(value) {
+    if (!value || typeof value !== "object" || Array.isArray(value)) {
+        return {};
+    }
+    return value;
+}
+export function parseUploadFiles(value) {
+    if (!Array.isArray(value)) {
+        return [];
+    }
+    return value.map((item, index) => {
+        if (!item || typeof item !== "object" || Array.isArray(item)) {
+            throw new Error(`files[${index}] must be an object`);
+        }
+        const record = item;
+        const name = typeof record.name === "string" && record.name.trim() ? record.name.trim() : `upload-${index + 1}`;
+        const mimeType = typeof record.mimeType === "string" ? record.mimeType.trim() : undefined;
+        const dataBase64 = typeof record.dataBase64 === "string" ? record.dataBase64 : "";
+        if (!dataBase64) {
+            throw new Error(`files[${index}].dataBase64 is required`);
+        }
+        return { name, mimeType, data: Buffer.from(stripDataUrlPrefix(dataBase64), "base64") };
+    });
+}
+export function numberParam(url, key, fallback) {
+    const value = Number(url.searchParams.get(key));
+    return Number.isFinite(value) && value > 0 ? Math.floor(value) : fallback;
+}
+export function requiredSearch(url, key) {
+    const value = url.searchParams.get(key);
+    if (!value) {
+        throw new Error(`${key} is required`);
+    }
+    return value;
+}
+function stripDataUrlPrefix(value) {
+    const comma = value.indexOf(",");
+    return value.startsWith("data:") && comma !== -1 ? value.slice(comma + 1) : value;
+}