@notionx/core 0.1.0

package/dist/index.js

@@ -0,0 +1,1281 @@
+// src/content/models.ts
+var registry = [];
+function defineContentSource(model) {
+  const existing = registry.findIndex((s) => s.id === model.id);
+  if (existing >= 0) registry[existing] = model;
+  else registry.push(model);
+  return model;
+}
+
+// src/middleware.ts
+var requestContext = /* @__PURE__ */ new WeakMap();
+function defaultIsProtectedPath(request) {
+  const url = new URL(request.url);
+  if (url.pathname.startsWith("/api/admin/")) return true;
+  if (url.pathname.startsWith("/admin")) {
+    return request.method !== "GET" && request.method !== "HEAD";
+  }
+  return false;
+}
+function readSessionCookie(request, name) {
+  const header = request.headers.get("cookie");
+  if (!header) return null;
+  for (const part of header.split(";")) {
+    const [rawKey, ...rest] = part.split("=");
+    if (!rawKey) continue;
+    if (rawKey.trim() !== name) continue;
+    return rest.join("=").trim() || null;
+  }
+  return null;
+}
+async function resolveFoundationViewer(request, options) {
+  const sessionId = readSessionCookie(
+    request,
+    options.authConfig.sessionCookie.name
+  );
+  if (!sessionId || !options.sessionLookup) {
+    return { viewer: null, sessionId: sessionId ?? null };
+  }
+  const env2 = request.env ?? null;
+  const lookup = await options.sessionLookup(sessionId, env2);
+  if (!lookup) {
+    return { viewer: null, sessionId };
+  }
+  return {
+    viewer: {
+      userId: lookup.userId,
+      role: lookup.role,
+      email: lookup.email ?? null
+    },
+    sessionId
+  };
+}
+async function nextionMiddleware(request, env2, options) {
+  const context = await resolveFoundationViewer(request, options);
+  requestContext.set(request, context);
+  const isProtected = options.isProtectedPath ?? defaultIsProtectedPath;
+  if (!isProtected(request)) return null;
+  if (context.viewer) return null;
+  return new Response(
+    JSON.stringify({ ok: false, error: "Unauthorized" }),
+    {
+      status: 401,
+      headers: {
+        "Content-Type": "application/json",
+        "Cache-Control": "no-store",
+        "X-Foundation-Gate": "admin"
+      }
+    }
+  );
+}
+
+// src/storage/routes/files.ts
+import { NextResponse } from "next/server";
+
+// src/util/env.ts
+import { env } from "cloudflare:workers";
+var workerEnv = env;
+
+// src/platform/runtime.ts
+function cacheRequestForKey(key) {
+  return new Request(key, { method: "GET" });
+}
+function createCloudflarePublicCacheAdapter(cache) {
+  return {
+    kind: "cloudflare-cache",
+    async match(key) {
+      return await cache.match(cacheRequestForKey(key)) ?? null;
+    },
+    put(key, response) {
+      return cache.put(cacheRequestForKey(key), response);
+    },
+    delete(key) {
+      return cache.delete(cacheRequestForKey(key));
+    }
+  };
+}
+function createCloudflareKeyValueCacheAdapter(namespace) {
+  return {
+    kind: "workers-kv",
+    async get(key, options) {
+      return await namespace.get(key, {
+        type: "json",
+        cacheTtl: options?.cacheTtl
+      });
+    },
+    async put(key, value, options) {
+      await namespace.put(key, JSON.stringify(value), {
+        expirationTtl: options?.expirationTtl,
+        metadata: options?.metadata
+      });
+    },
+    delete(key) {
+      return namespace.delete(key);
+    },
+    async list(options) {
+      const result = await namespace.list({
+        prefix: options?.prefix,
+        limit: options?.limit,
+        cursor: options?.cursor
+      });
+      return {
+        keys: result.keys.map((key) => ({ name: key.name })),
+        cursor: result.list_complete ? void 0 : result.cursor,
+        listComplete: result.list_complete
+      };
+    }
+  };
+}
+function r2ObjectToStoredObject(object) {
+  return {
+    body: object.body,
+    size: object.size,
+    etag: object.etag,
+    contentType: object.httpMetadata?.contentType
+  };
+}
+function createCloudflareRuntimePlatform(env2, options) {
+  const database = env2.DB ? {
+    kind: "d1",
+    prepare(query) {
+      return env2.DB.prepare(query);
+    },
+    async batch(statements) {
+      return await env2.DB.batch(
+        statements
+      );
+    }
+  } : null;
+  const objectStorage = env2.ASSETS_BUCKET ? {
+    kind: "r2",
+    async get(key) {
+      const object = await env2.ASSETS_BUCKET?.get(key);
+      return object ? r2ObjectToStoredObject(object) : null;
+    },
+    async put(key, value, options2) {
+      await env2.ASSETS_BUCKET?.put(key, value, {
+        httpMetadata: {
+          contentType: options2?.contentType,
+          cacheControl: options2?.cacheControl
+        },
+        customMetadata: options2?.metadata
+      });
+    },
+    async delete(key) {
+      await env2.ASSETS_BUCKET?.delete(key);
+    },
+    async list(options2) {
+      const listed = await env2.ASSETS_BUCKET?.list({
+        prefix: options2?.prefix,
+        limit: options2?.limit
+      });
+      return listed?.objects.map((object) => ({
+        key: object.key,
+        size: object.size,
+        uploaded: object.uploaded
+      })) ?? [];
+    }
+  } : null;
+  const imageTransformer = env2.IMAGES ? {
+    kind: "cloudflare-images",
+    async transform(body, options2) {
+      const result = await env2.IMAGES.input(body).transform(options2.width ? { width: options2.width } : {}).output({
+        format: options2.format,
+        quality: options2.quality
+      });
+      return {
+        body: result.image(),
+        contentType: result.contentType(),
+        response: () => result.response()
+      };
+    }
+  } : null;
+  const keyValueCache = env2.CONTENT_CACHE ? createCloudflareKeyValueCacheAdapter(env2.CONTENT_CACHE) : null;
+  return {
+    id: "cloudflare-workers",
+    database,
+    objectStorage,
+    imageTransformer,
+    keyValueCache,
+    publicCache: options?.publicCache ? createCloudflarePublicCacheAdapter(options.publicCache) : null
+  };
+}
+
+// src/platform/cloudflare-runtime.ts
+function getDefaultCloudflareCache() {
+  const globalWithCaches = globalThis;
+  return globalWithCaches.caches?.default ?? null;
+}
+function getRuntimePlatform() {
+  return createCloudflareRuntimePlatform(workerEnv, {
+    publicCache: getDefaultCloudflareCache()
+  });
+}
+function getPublicCache() {
+  const cache = getDefaultCloudflareCache();
+  if (!cache) {
+    throw new Error("Cloudflare cache binding not configured");
+  }
+  return createCloudflarePublicCacheAdapter(cache);
+}
+
+// src/platform/selection.ts
+function currentRuntimeId() {
+  return "cloudflare-workers";
+}
+
+// src/platform/current.ts
+function getRuntimePlatform2() {
+  return getRuntimePlatform();
+}
+function getDatabase() {
+  const platform = getRuntimePlatform2();
+  const database = platform.database;
+  if (!database) {
+    throw new Error(`SQL database adapter not configured for ${platform.id}`);
+  }
+  return database;
+}
+function getPublicCache2() {
+  return getPublicCache();
+}
+
+// src/storage/routes/files.ts
+var filesRoute = {
+  /**
+   * Next.js handler for `app/api/files/[...key]/route.ts`. Receives the
+   * catch-all key from the route params.
+   */
+  async GET(_request, props) {
+    const { key } = await props.params;
+    return filesRoute.handle(new Request(buildInternalUrl(_request, key)));
+  },
+  /**
+   * Worker-friendly handler. Extracts the catch-all key from the URL
+   * pathname (`/api/files/<key>`).
+   */
+  async handle(request) {
+    const key = readKeyFromUrl(request.url);
+    if (!key) {
+      return NextResponse.json({ error: "Invalid key" }, { status: 400 });
+    }
+    if (key.includes("..") || key.startsWith("/")) {
+      return NextResponse.json({ error: "Invalid key" }, { status: 400 });
+    }
+    const storage = getRuntimePlatform2().objectStorage;
+    if (!storage) {
+      return NextResponse.json(
+        { error: "Object storage not configured" },
+        { status: 503 }
+      );
+    }
+    const object = await storage.get(key);
+    if (!object) {
+      return NextResponse.json({ error: "Not found" }, { status: 404 });
+    }
+    const headers = new Headers();
+    if (object.contentType) {
+      headers.set("Content-Type", object.contentType);
+    }
+    headers.set("Cache-Control", "public, max-age=31536000, immutable");
+    if (object.etag) headers.set("ETag", object.etag);
+    headers.set("Content-Length", String(object.size));
+    return new Response(object.body, { headers });
+  }
+};
+function buildInternalUrl(request, keyParts) {
+  const url = new URL(request.url);
+  url.pathname = `/api/files/${keyParts.map(encodeURIComponent).join("/")}`;
+  return url.toString();
+}
+function readKeyFromUrl(rawUrl) {
+  const url = new URL(rawUrl);
+  const prefix = "/api/files/";
+  if (!url.pathname.startsWith(prefix)) return null;
+  const encoded = url.pathname.slice(prefix.length);
+  if (!encoded) return null;
+  return decodeURIComponent(encoded);
+}
+var GET = filesRoute.GET;
+
+// src/storage/routes/cdn.ts
+import { NextResponse as NextResponse2 } from "next/server";
+var DEFAULT_WIDTH = 1200;
+var MAX_WIDTH = 2400;
+var DEFAULT_QUALITY = 75;
+var MIN_QUALITY = 40;
+var MAX_QUALITY = 85;
+var cdnRoute = {
+  async GET(request, props) {
+    const { key } = await props.params;
+    return cdnRoute.handle(new Request(buildInternalUrl2(request, key)));
+  },
+  async handle(request) {
+    const url = new URL(request.url);
+    const key = readKeyFromPathname(url.pathname);
+    if (!key) {
+      return NextResponse2.json({ error: "Invalid key" }, { status: 400 });
+    }
+    if (key.includes("..") || key.startsWith("/")) {
+      return NextResponse2.json({ error: "Invalid key" }, { status: 400 });
+    }
+    const platform = getRuntimePlatform2();
+    const storage = platform.objectStorage;
+    if (!storage) {
+      return NextResponse2.json(
+        { error: "Object storage not configured" },
+        { status: 503 }
+      );
+    }
+    const object = await storage.get(key);
+    if (!object) {
+      return NextResponse2.json({ error: "Not found" }, { status: 404 });
+    }
+    const accept = request.headers.get("accept") ?? "";
+    const isImage = object.contentType?.startsWith("image/") ?? false;
+    if (!isImage) {
+      return streamObject(object, {
+        "X-Debug-Cdn-Branch": "non-image",
+        "X-Debug-Cdn-Key": key
+      });
+    }
+    let outputFormat = null;
+    let outputQuality = void 0;
+    if (accept.includes("image/avif")) {
+      outputFormat = "image/avif";
+      outputQuality = 60;
+    } else if (accept.includes("image/webp")) {
+      outputFormat = "image/webp";
+      outputQuality = 75;
+    }
+    const isSvg = object.contentType === "image/svg+xml";
+    if (!outputFormat || isSvg || !platform.imageTransformer) {
+      return streamObject(object, {
+        "X-Debug-Cdn-Branch": isSvg ? "svg-bypass" : !platform.imageTransformer ? "transformer-bypass" : "format-bypass",
+        "X-Debug-Cdn-Accept": accept.includes("image/avif") ? "avif" : accept.includes("image/webp") ? "webp" : "other",
+        "X-Debug-Cdn-Key": key
+      });
+    }
+    try {
+      const width = clampInt(
+        url.searchParams.get("w"),
+        64,
+        MAX_WIDTH,
+        DEFAULT_WIDTH
+      );
+      const quality = clampInt(
+        url.searchParams.get("q"),
+        MIN_QUALITY,
+        MAX_QUALITY,
+        outputQuality ?? DEFAULT_QUALITY
+      );
+      const result = await platform.imageTransformer.transform(object.body, {
+        width,
+        format: outputFormat,
+        quality
+      });
+      return new Response(result.body, {
+        headers: {
+          "Content-Type": result.contentType,
+          "Cache-Control": "public, max-age=31536000, immutable",
+          Vary: "Accept",
+          "X-Debug-Cdn-Branch": "transformed",
+          "X-Debug-Cdn-Key": key,
+          "X-Optimized-Width": String(width),
+          "X-Optimized-Quality": String(quality),
+          "X-Original-Format": object.contentType ?? "unknown",
+          "X-Optimized-Format": outputFormat
+        }
+      });
+    } catch (e) {
+      return streamObject(object, {
+        "X-Debug-Cdn-Branch": "transform-error-fallback",
+        "X-Debug-Cdn-Key": key,
+        "X-Debug-Cdn-Error": e instanceof Error ? e.name : "unknown"
+      });
+    }
+  }
+};
+function buildInternalUrl2(request, keyParts) {
+  const url = new URL(request.url);
+  url.pathname = `/api/cdn/${keyParts.map(encodeURIComponent).join("/")}`;
+  return url.toString();
+}
+function readKeyFromPathname(pathname) {
+  const prefix = "/api/cdn/";
+  if (!pathname.startsWith(prefix)) return null;
+  const encoded = pathname.slice(prefix.length);
+  if (!encoded) return null;
+  return decodeURIComponent(encoded);
+}
+function clampInt(value, min, max, fallback) {
+  const parsed = Number.parseInt(value ?? "", 10);
+  if (!Number.isFinite(parsed)) {
+    return fallback;
+  }
+  return Math.max(min, Math.min(max, parsed));
+}
+function streamObject(object, extraHeaders) {
+  const headers = new Headers();
+  if (object.contentType) {
+    headers.set("Content-Type", object.contentType);
+  }
+  headers.set("Cache-Control", "public, max-age=31536000, immutable");
+  headers.set("Content-Length", String(object.size));
+  if (object.etag) headers.set("ETag", object.etag);
+  for (const [key, value] of Object.entries(extraHeaders ?? {})) {
+    headers.set(key, value);
+  }
+  return new Response(object.body, { headers });
+}
+var GET2 = cdnRoute.GET;
+
+// src/media/routes/notion-media.ts
+import { NextResponse as NextResponse3 } from "next/server";
+import { getRequestExecutionContext } from "vinext/shims/request-context";
+
+// src/cache/cache-keys.ts
+var CACHE_ORIGIN = "https://cache.local";
+var CACHE_NAMESPACE = "/__public-cache/v20260609a";
+var NOTION_MEDIA_R2_PREFIX = "notion-media/v1";
+function normalizePath(pathname) {
+  if (pathname === "/") return "/";
+  return pathname.endsWith("/") ? pathname.slice(0, -1) : pathname;
+}
+function publicMediaVariantForAccept(accept) {
+  if (accept.includes("image/avif")) return "avif";
+  if (accept.includes("image/webp")) return "webp";
+  return "source";
+}
+function publicMediaCacheKeyForUrl(input, variant) {
+  const url = new URL(
+    `${CACHE_NAMESPACE}${normalizePath(input.pathname)}${input.search}`,
+    CACHE_ORIGIN
+  );
+  url.searchParams.set("__variant", variant);
+  url.searchParams.sort();
+  return url.toString();
+}
+function keySegment(value) {
+  return encodeURIComponent(value || "none");
+}
+function notionMediaR2KeyForUrl(input, variant) {
+  if (variant === "source") return null;
+  const version = input.searchParams.get("v");
+  if (!version) return null;
+  const path = normalizePath(input.pathname).split("/").filter(Boolean).map(keySegment).join("/");
+  const width = input.searchParams.get("w") ?? "source";
+  const quality = input.searchParams.get("q") ?? "source";
+  return [
+    NOTION_MEDIA_R2_PREFIX,
+    variant,
+    path,
+    `v-${keySegment(version)}`,
+    `w-${keySegment(width)}`,
+    `q-${keySegment(quality)}.${variant}`
+  ].join("/");
+}
+
+// src/notion/client.ts
+import { Client } from "@notionhq/client";
+function createNotionClient(config) {
+  return new Client({
+    auth: config.token,
+    baseUrl: config.apiBaseUrl,
+    notionVersion: "2026-03-11"
+  });
+}
+
+// src/notion/config.ts
+function readProcessEnv() {
+  const env2 = {
+    NOTION_TOKEN: process.env.NOTION_TOKEN,
+    NOTION_DATA_SOURCE_ID: process.env.NOTION_DATA_SOURCE_ID,
+    NOTION_MOVIES_DATA_SOURCE_ID: process.env.NOTION_MOVIES_DATA_SOURCE_ID,
+    NOTION_API_BASE_URL: process.env.NOTION_API_BASE_URL,
+    NOTION_EDIT_BASE_URL: process.env.NOTION_EDIT_BASE_URL,
+    NOTION_WEBHOOK_VERIFICATION_TOKEN: process.env.NOTION_WEBHOOK_VERIFICATION_TOKEN
+  };
+  for (const [key, value] of Object.entries(process.env)) {
+    if (key.startsWith("NOTION_") && typeof value === "string") {
+      env2[key] = value;
+    }
+  }
+  return env2;
+}
+async function readWorkerEnv() {
+  try {
+    const mod = await import(
+      /* webpackIgnore: true */
+      "cloudflare:workers"
+    );
+    const env2 = {};
+    for (const [key, value] of Object.entries(mod.env ?? {})) {
+      if (key.startsWith("NOTION_") && typeof value === "string") {
+        env2[key] = value;
+      }
+    }
+    return env2;
+  } catch {
+    return {};
+  }
+}
+function readString(source, name) {
+  const value = String(source[name] ?? "").trim();
+  return value || void 0;
+}
+function mergeEnv(...sources) {
+  const merged = {};
+  for (const source of sources) {
+    for (const name of Object.keys(source)) {
+      if (!name.startsWith("NOTION_")) continue;
+      const value = readString(source, name);
+      if (value) merged[name] = value;
+    }
+  }
+  return merged;
+}
+async function readEnv() {
+  const processEnv = readProcessEnv();
+  return mergeEnv(await readWorkerEnv(), processEnv);
+}
+function readRequired(source, name) {
+  const value = readString(source, name);
+  if (!value) {
+    throw new Error(`Missing required Notion env: ${name}`);
+  }
+  return value;
+}
+async function getNotionClientConfig() {
+  const env2 = await readEnv();
+  return {
+    token: readRequired(env2, "NOTION_TOKEN"),
+    apiBaseUrl: readString(env2, "NOTION_API_BASE_URL")
+  };
+}
+
+// src/notion/media.ts
+function normalizeNotionFileSource(input) {
+  const file = input;
+  if (!file || typeof file !== "object") return null;
+  if (file.type === "external") {
+    const url = String(file.external?.url ?? "").trim();
+    return url ? { type: "external", url } : null;
+  }
+  if (file.type === "file") {
+    const url = String(file.file?.url ?? "").trim();
+    if (!url) return null;
+    return {
+      type: "file",
+      url,
+      expiryTime: String(file.file?.expiry_time ?? "").trim() || null
+    };
+  }
+  return null;
+}
+function pickFirstFilesPropertyValue(property) {
+  const value = property;
+  if (!value || value.type !== "files" || !Array.isArray(value.files)) {
+    return null;
+  }
+  return value.files[0] ?? null;
+}
+function fileObjectForMediaBlock(block) {
+  const typed = block[block.type];
+  if (!typed || typeof typed !== "object") return null;
+  if (block.type === "image" || block.type === "video" || block.type === "file" || block.type === "pdf" || block.type === "audio") {
+    return typed;
+  }
+  return null;
+}
+
+// src/media/routes/notion-media.ts
+var DEFAULT_WIDTH2 = 1200;
+var MAX_WIDTH2 = 2400;
+var DEFAULT_QUALITY2 = 75;
+var MIN_QUALITY2 = 40;
+var MAX_QUALITY2 = 85;
+var CACHEABLE_STATUS = /* @__PURE__ */ new Set([200]);
+var notionMediaRoute = {
+  async GET(_request, props) {
+    const { ref } = await props.params;
+    if (ref.some((part) => part === ".." || part.includes("/"))) {
+      return badRequest();
+    }
+    const url = new URL(_request.url);
+    url.pathname = buildNotionMediaPath(ref);
+    return notionMediaRoute.handle(new Request(url.toString(), _request));
+  },
+  async handle(request) {
+    const variant = publicMediaVariantForAccept(
+      request.headers.get("accept") ?? ""
+    );
+    return withEdgeMediaCache(request, variant, () => loadMedia(request));
+  }
+};
+function buildNotionMediaPath(ref) {
+  return `/api/notion/media/${ref.map(encodeURIComponent).join("/")}`;
+}
+function clampInt2(value, min, max, fallback) {
+  const parsed = Number.parseInt(value ?? "", 10);
+  if (!Number.isFinite(parsed)) return fallback;
+  return Math.max(min, Math.min(max, parsed));
+}
+function cacheControl(request) {
+  const url = new URL(request.url);
+  if (url.searchParams.has("v")) {
+    return "public, max-age=31536000, immutable";
+  }
+  return "public, max-age=3600, s-maxage=3600, stale-while-revalidate=86400";
+}
+function canUseMediaCache(request) {
+  if (request.method !== "GET") return false;
+  return !request.headers.has("range");
+}
+function mediaCacheHeaders(response, request, state, r2State) {
+  const headers = new Headers(response.headers);
+  headers.set("Cache-Control", cacheControl(request));
+  headers.set("X-Notion-Media-Cache", state);
+  if (r2State) headers.set("X-Notion-Media-R2", r2State);
+  return headers;
+}
+async function responseFromR2Cache(request, variant) {
+  const url = new URL(request.url);
+  const r2Key = notionMediaR2KeyForUrl(url, variant);
+  const storage = getRuntimePlatform2().objectStorage;
+  if (!r2Key || !storage) return null;
+  const object = await storage.get(r2Key);
+  if (!object?.body) return null;
+  const contentType = object.contentType ?? (variant === "avif" ? "image/avif" : "image/webp");
+  const headers = new Headers();
+  headers.set("Content-Type", contentType);
+  headers.set("Cache-Control", cacheControl(request));
+  headers.set("Vary", "Accept");
+  headers.set("X-Notion-Media-Branch", "r2");
+  headers.set("X-Notion-Media-R2", "HIT");
+  if (object.etag) headers.set("ETag", object.etag);
+  return new Response(object.body, { headers });
+}
+async function withEdgeMediaCache(request, variant, load) {
+  if (!canUseMediaCache(request)) {
+    const response2 = await load();
+    return new Response(response2.body, {
+      status: response2.status,
+      headers: mediaCacheHeaders(response2, request, "BYPASS")
+    });
+  }
+  const url = new URL(request.url);
+  const cache = getPublicCache2();
+  const cacheKey = publicMediaCacheKeyForUrl(url, variant);
+  const cached = await cache.match(cacheKey);
+  if (cached) {
+    return new Response(cached.body, {
+      status: cached.status,
+      headers: mediaCacheHeaders(cached, request, "HIT")
+    });
+  }
+  const r2Response = await responseFromR2Cache(request, variant);
+  const response = r2Response ?? await load();
+  const headers = mediaCacheHeaders(response, request, "MISS");
+  const output = new Response(response.body, {
+    status: response.status,
+    headers
+  });
+  if (CACHEABLE_STATUS.has(response.status)) {
+    const toCache = output.clone();
+    getRequestExecutionContext()?.waitUntil(cache.put(cacheKey, toCache));
+  }
+  return output;
+}
+function mediaRedirect(url) {
+  const response = NextResponse3.redirect(url, 302);
+  response.headers.set(
+    "Cache-Control",
+    "public, max-age=300, s-maxage=300, stale-while-revalidate=300"
+  );
+  return response;
+}
+function notFound() {
+  return NextResponse3.json({ error: "Not found" }, { status: 404 });
+}
+function badRequest() {
+  return NextResponse3.json({ error: "Invalid media ref" }, { status: 400 });
+}
+function forbidden() {
+  return NextResponse3.json({ error: "Forbidden" }, { status: 403 });
+}
+async function serveFileObject(input, request, options) {
+  const source = normalizeNotionFileSource(input);
+  if (!source) return notFound();
+  if (options?.redirectNotionHosted) return mediaRedirect(source.url);
+  return proxyNotionHostedFile(source.url, request);
+}
+async function proxyNotionHostedFile(url, request) {
+  const range = request.headers.get("range");
+  const ifRange = request.headers.get("if-range");
+  const upstreamHeaders = new Headers({
+    Accept: request.headers.get("accept") ?? "*/*"
+  });
+  if (range) upstreamHeaders.set("Range", range);
+  if (ifRange) upstreamHeaders.set("If-Range", ifRange);
+  const upstream = await fetch(url, {
+    headers: upstreamHeaders
+  });
+  if (!upstream.ok && upstream.status !== 416 || !upstream.body) {
+    return NextResponse3.json(
+      { error: "Unable to fetch Notion media" },
+      { status: upstream.status || 502 }
+    );
+  }
+  const contentType = upstream.headers.get("content-type") ?? "";
+  const isImage = contentType.startsWith("image/");
+  const accept = request.headers.get("accept") ?? "";
+  const variant = publicMediaVariantForAccept(accept);
+  const urlObj = new URL(request.url);
+  const width = clampInt2(
+    urlObj.searchParams.get("w"),
+    64,
+    MAX_WIDTH2,
+    DEFAULT_WIDTH2
+  );
+  const quality = clampInt2(
+    urlObj.searchParams.get("q"),
+    MIN_QUALITY2,
+    MAX_QUALITY2,
+    DEFAULT_QUALITY2
+  );
+  let outputFormat = null;
+  if (variant === "avif") {
+    outputFormat = "image/avif";
+  } else if (variant === "webp") {
+    outputFormat = "image/webp";
+  }
+  const platform = getRuntimePlatform2();
+  const imageTransformer = platform.imageTransformer;
+  if (isImage && !range && outputFormat && imageTransformer) {
+    const r2Key = notionMediaR2KeyForUrl(urlObj, variant);
+    try {
+      const result = await imageTransformer.transform(upstream.body, {
+        width,
+        format: outputFormat,
+        quality
+      });
+      const transformed = result.response();
+      const headers2 = new Headers(transformed.headers);
+      headers2.set("Content-Type", result.contentType);
+      headers2.set("Cache-Control", cacheControl(request));
+      headers2.set("Vary", "Accept");
+      headers2.set("X-Notion-Media-Branch", "transformed");
+      headers2.set("X-Notion-Media-R2", r2Key ? "MISS" : "BYPASS");
+      headers2.set("X-Optimized-Width", String(width));
+      headers2.set("X-Optimized-Quality", String(quality));
+      if (transformed.body && r2Key && platform.objectStorage) {
+        const [clientBody, r2Body] = transformed.body.tee();
+        getRequestExecutionContext()?.waitUntil(
+          platform.objectStorage.put(r2Key, r2Body, {
+            contentType: result.contentType,
+            cacheControl: "public, max-age=31536000, immutable",
+            metadata: {
+              source: "notion",
+              cachedAt: (/* @__PURE__ */ new Date()).toISOString(),
+              width: String(width),
+              quality: String(quality)
+            }
+          })
+        );
+        return new Response(clientBody, { headers: headers2 });
+      }
+      return new Response(transformed.body, { headers: headers2 });
+    } catch {
+    }
+  }
+  const headers = new Headers();
+  for (const header of [
+    "accept-ranges",
+    "content-disposition",
+    "content-encoding",
+    "content-length",
+    "content-range",
+    "content-type",
+    "etag",
+    "last-modified"
+  ]) {
+    const value = upstream.headers.get(header);
+    if (value) headers.set(header, value);
+  }
+  if (contentType && !headers.has("Content-Type")) {
+    headers.set("Content-Type", contentType);
+  }
+  headers.set("Cache-Control", cacheControl(request));
+  headers.set("X-Notion-Media-Branch", "proxied");
+  return new Response(upstream.body, { status: upstream.status, headers });
+}
+async function loadMedia(request) {
+  const url = new URL(request.url);
+  const ref = readRefFromPathname(url.pathname);
+  if (!ref) return badRequest();
+  const client = createNotionClient(await getNotionClientConfig());
+  if (ref[0] === "page" && ref[1] && ref[2] === "cover") {
+    const page = await client.pages.retrieve({
+      page_id: ref[1]
+    });
+    return serveFileObject(page.cover, request);
+  }
+  if (ref[0] === "page" && ref[1] && ref[2] === "property" && ref[3]) {
+    const page = await client.pages.retrieve({
+      page_id: ref[1]
+    });
+    const propertyName = decodeURIComponent(ref.slice(3).join("/"));
+    return serveFileObject(
+      pickFirstFilesPropertyValue(page.properties?.[propertyName]),
+      request
+    );
+  }
+  if (ref[0] === "block" && ref[1]) {
+    const block = await client.blocks.retrieve({
+      block_id: ref[1]
+    });
+    if (block.type === "video") {
+      return forbidden();
+    }
+    return serveFileObject(fileObjectForMediaBlock(block), request, {
+      redirectNotionHosted: block.type === "audio" || block.type === "pdf" || block.type === "file"
+    });
+  }
+  return badRequest();
+}
+function readRefFromPathname(pathname) {
+  const prefix = "/api/notion/media/";
+  if (!pathname.startsWith(prefix)) return null;
+  const encoded = pathname.slice(prefix.length);
+  if (!encoded) return null;
+  return encoded.split("/").map((part) => decodeURIComponent(part));
+}
+var GET3 = notionMediaRoute.GET;
+
+// src/worker/routes/health.ts
+import { NextResponse as NextResponse4 } from "next/server";
+
+// src/internal/admin/schema-guard.ts
+var REQUIRED_SCHEMA_CHECKS = [
+  {
+    key: "app_settings.turnstile_enabled",
+    sql: "SELECT turnstile_enabled FROM app_settings LIMIT 1"
+  },
+  {
+    key: "users.session_rev",
+    sql: "SELECT session_rev FROM users LIMIT 1"
+  },
+  {
+    key: "auth_rate_limits",
+    sql: "SELECT 1 FROM auth_rate_limits LIMIT 1"
+  }
+];
+function isSchemaDriftError(error) {
+  const message = error instanceof Error ? error.message : String(error ?? "");
+  return message.includes("no such column") || message.includes("no such table");
+}
+async function runSchemaHealthChecks(db) {
+  const missing = [];
+  const errors = [];
+  for (const check of REQUIRED_SCHEMA_CHECKS) {
+    try {
+      await db.prepare(check.sql).first();
+    } catch (error) {
+      if (isSchemaDriftError(error)) {
+        missing.push(check.key);
+      } else {
+        const message = error instanceof Error ? error.message : String(error);
+        errors.push(`${check.key}: ${message}`);
+      }
+    }
+  }
+  return {
+    ok: missing.length === 0 && errors.length === 0,
+    missing,
+    errors
+  };
+}
+
+// src/worker/routes/health.ts
+async function probeDatabase() {
+  const database = getDatabase();
+  try {
+    const result = await database.prepare(
+      "SELECT name FROM sqlite_master WHERE type='table' AND name='posts' LIMIT 1"
+    ).first();
+    return {
+      ok: true,
+      error: null,
+      postsTableExists: Boolean(result?.name)
+    };
+  } catch (e) {
+    return {
+      ok: false,
+      error: e instanceof Error ? e.message : String(e),
+      postsTableExists: false
+    };
+  }
+}
+var healthRoute = {
+  async GET() {
+    return healthRoute.handle(new Request("https://health.local/api/health"));
+  },
+  async handle(_request) {
+    const start = Date.now();
+    const probe = await probeDatabase();
+    const d1Ok = probe.ok;
+    const d1Error = probe.error;
+    let schemaOk = false;
+    let schemaError = null;
+    let schemaMissing = [];
+    try {
+      const schema = await runSchemaHealthChecks(getDatabase());
+      schemaOk = schema.ok;
+      schemaMissing = schema.missing;
+      if (schema.errors.length > 0) {
+        schemaError = schema.errors.join("; ");
+      } else if (schema.missing.length > 0) {
+        schemaError = `missing required schema: ${schema.missing.join(", ")}`;
+      }
+    } catch (e) {
+      schemaError = e instanceof Error ? e.message : String(e);
+    }
+    const allHealthy = d1Ok && schemaOk;
+    return NextResponse4.json(
+      {
+        status: allHealthy ? "ok" : "degraded",
+        timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+        uptime_ms: Date.now() - start,
+        checks: {
+          d1: d1Ok ? "ok" : "error",
+          d1_error: d1Error,
+          schema: schemaOk ? "ok" : "error",
+          schema_error: schemaError,
+          schema_missing: schemaMissing
+        },
+        version: "1.0.0"
+      },
+      {
+        status: allHealthy ? 200 : 503,
+        headers: {
+          "Cache-Control": "no-store",
+          "Access-Control-Allow-Origin": "*"
+        }
+      }
+    );
+  }
+};
+var GET4 = healthRoute.GET;
+async function healthRouteHandle(request) {
+  return healthRoute.handle(request);
+}
+
+// src/worker/bootstrap.ts
+function pathMatches(pathname, match) {
+  if (match.endsWith("/")) return pathname.startsWith(match);
+  return pathname === match || pathname.startsWith(`${match}/`);
+}
+function buildStaticRoutes() {
+  return [
+    {
+      match: (req) => new URL(req.url).pathname === "/api/health",
+      handle: healthRouteHandle
+    },
+    {
+      match: (req) => pathMatches(new URL(req.url).pathname, "/api/notion/media/"),
+      handle: notionMediaRoute.handle
+    },
+    {
+      match: (req) => pathMatches(new URL(req.url).pathname, "/api/files/"),
+      handle: filesRoute.handle
+    },
+    {
+      match: (req) => pathMatches(new URL(req.url).pathname, "/api/cdn/"),
+      handle: cdnRoute.handle
+    }
+  ];
+}
+function createNextionWorker(options) {
+  const sources = options.sources;
+  const auth = { databaseBinding: options.authConfig.databaseBinding };
+  const routes = buildStaticRoutes();
+  if (options.extraRoutes) {
+    for (const [path, load] of Object.entries(options.extraRoutes)) {
+      const modPromise = load();
+      routes.push({
+        match: (req) => new URL(req.url).pathname === path,
+        handle: async (req) => {
+          const mod = await modPromise;
+          return mod.default(req, options, sources, auth);
+        }
+      });
+    }
+  }
+  const middlewareOptions = {
+    authConfig: options.authConfig,
+    sessionLookup: options.sessionLookup
+  };
+  return {
+    async fetch(request, env2, ctx) {
+      void ctx;
+      const gateResponse = await nextionMiddleware(
+        request,
+        env2,
+        middlewareOptions
+      );
+      if (gateResponse) return gateResponse;
+      for (const route of routes) {
+        if (route.match(request)) return route.handle(request);
+      }
+      return null;
+    }
+  };
+}
+
+// src/platform/capabilities.ts
+var cloudflareWorkersAdapter = {
+  id: "cloudflare-workers",
+  label: "Cloudflare Workers + D1",
+  status: "active",
+  services: {
+    compute: "Cloudflare Workers via vinext",
+    relationalStorage: "D1 through the runtime SQL adapter",
+    objectStorage: "R2",
+    imageOptimization: "Cloudflare Images",
+    cache: "vinext CDN/data adapters and caches.default for media",
+    authStorage: "D1 users and signed cookies"
+  },
+  capabilities: [
+    "server-rendering",
+    "edge-cache",
+    "relational-storage",
+    "object-storage",
+    "image-optimization",
+    "secrets",
+    "observability"
+  ]
+};
+var runtimeAdapters = [cloudflareWorkersAdapter];
+function getRuntimeAdapter(id) {
+  return runtimeAdapters.find((adapter) => adapter.id === id);
+}
+
+// src/doctor/doctor.ts
+function envValue(env2, name) {
+  const value = String(env2[name] ?? "").trim();
+  return value || void 0;
+}
+function hasEnv(env2, name) {
+  return Boolean(envValue(env2, name));
+}
+function hasD1Binding(config, binding) {
+  return Boolean(config?.d1_databases?.some((item) => item.binding === binding));
+}
+function hasR2Binding(config, binding) {
+  return Boolean(config?.r2_buckets?.some((item) => item.binding === binding));
+}
+function hasImagesBinding(config, binding) {
+  const images = config?.images;
+  if (Array.isArray(images)) {
+    return images.some((item) => item.binding === binding);
+  }
+  return images?.binding === binding;
+}
+function statusSummary(status) {
+  if (status === "ok") return "ready";
+  if (status === "warn") return "usable with warnings";
+  return "missing required configuration";
+}
+function overallStatus(checks, models) {
+  if (checks.some((check) => check.status === "missing") || models.some((model) => model.dataSourceStatus === "missing")) {
+    return "missing";
+  }
+  if (checks.some((check) => check.status === "warn") || models.some((model) => model.dataSourceStatus === "warn")) {
+    return "warn";
+  }
+  return "ok";
+}
+function cloudflareChecks(config) {
+  return [
+    {
+      id: "runtime.database",
+      label: "SQL database",
+      status: hasD1Binding(config, "DB") ? "ok" : "missing",
+      required: true,
+      detail: hasD1Binding(config, "DB") ? "wrangler D1 binding DB is declared" : "wrangler D1 binding DB is missing",
+      action: "Add a DB binding under d1_databases in wrangler.jsonc."
+    },
+    {
+      id: "runtime.objectStorage",
+      label: "Object storage",
+      status: hasR2Binding(config, "ASSETS_BUCKET") ? "ok" : "warn",
+      required: false,
+      detail: hasR2Binding(config, "ASSETS_BUCKET") ? "wrangler R2 binding ASSETS_BUCKET is declared" : "uploads and persistent media cache need ASSETS_BUCKET",
+      action: "Add an ASSETS_BUCKET R2 binding for uploads and media cache."
+    },
+    {
+      id: "runtime.imageTransformer",
+      label: "Image transformation",
+      status: hasImagesBinding(config, "IMAGES") ? "ok" : "warn",
+      required: false,
+      detail: hasImagesBinding(config, "IMAGES") ? "wrangler Images binding IMAGES is declared" : "Notion media optimization will fall back without IMAGES",
+      action: "Add a Cloudflare Images binding named IMAGES."
+    },
+    {
+      id: "runtime.publicCache",
+      label: "Public cache",
+      status: "ok",
+      required: true,
+      detail: "vinext CDN adapter handles page cache; caches.default remains for media"
+    },
+    {
+      id: "runtime.observability",
+      label: "Observability",
+      status: config?.observability?.enabled ? "ok" : "warn",
+      required: false,
+      detail: config?.observability?.enabled ? "wrangler observability is enabled" : "wrangler observability is not enabled",
+      action: "Enable observability in wrangler.jsonc for production debugging."
+    }
+  ];
+}
+function notionChecks(env2) {
+  return [
+    {
+      id: "notion.token",
+      label: "Notion token",
+      status: hasEnv(env2, "NOTION_TOKEN") ? "ok" : "missing",
+      required: true,
+      detail: hasEnv(env2, "NOTION_TOKEN") ? "NOTION_TOKEN is configured" : "NOTION_TOKEN is missing",
+      action: "Set NOTION_TOKEN to an internal integration token."
+    },
+    {
+      id: "notion.webhook",
+      label: "Notion webhook verification",
+      status: hasEnv(env2, "NOTION_WEBHOOK_VERIFICATION_TOKEN") ? "ok" : "warn",
+      required: false,
+      detail: hasEnv(env2, "NOTION_WEBHOOK_VERIFICATION_TOKEN") ? "NOTION_WEBHOOK_VERIFICATION_TOKEN is configured" : "instant content invalidation needs NOTION_WEBHOOK_VERIFICATION_TOKEN",
+      action: "Set NOTION_WEBHOOK_VERIFICATION_TOKEN after creating the Notion webhook."
+    }
+  ];
+}
+function modelDoctorStatus(env2, model) {
+  const hasConfiguredEnv = hasEnv(env2, model.source.dataSourceEnv);
+  const hasDefault = Boolean(model.source.defaultDataSourceId);
+  const dataSourceSource = hasConfiguredEnv ? "env" : hasDefault ? "default" : "missing";
+  const dataSourceStatus = dataSourceSource === "missing" ? "missing" : "ok";
+  return {
+    dataSourceStatus,
+    dataSourceSource
+  };
+}
+function modelChecks(env2, models) {
+  return models.map((model) => ({
+    id: model.id,
+    public: model.visibility.public,
+    admin: model.visibility.admin,
+    listPath: model.routes.listPath,
+    detailPath: model.routes.detailPath,
+    publicApiPath: model.routes.publicApiPath,
+    dataSourceEnv: model.source.dataSourceEnv,
+    ...modelDoctorStatus(env2, model)
+  }));
+}
+function uniqueActions(checks) {
+  return Array.from(
+    new Set(
+      checks.filter((check) => check.status !== "ok" && check.action).map((check) => check.action)
+    )
+  );
+}
+function omitResolvedActions(check) {
+  if (check.status !== "ok") return check;
+  return {
+    ...check,
+    action: void 0
+  };
+}
+function buildNextionDoctorReport(options = {}) {
+  const env2 = options.env ?? process.env;
+  const runtimeId = options.runtimeId ?? currentRuntimeId();
+  const adapter = getRuntimeAdapter(runtimeId);
+  const checks = [
+    ...cloudflareChecks(options.wranglerConfig),
+    ...notionChecks(env2)
+  ].map(omitResolvedActions);
+  const models = modelChecks(env2, options.models ?? []);
+  const status = overallStatus(checks, models);
+  const modelActions = models.filter((model) => model.dataSourceStatus === "missing").map(
+    (model) => `Set ${model.dataSourceEnv} for the ${model.id} content model or add a model defaultDataSourceId.`
+  );
+  return {
+    overall: {
+      status,
+      summary: statusSummary(status)
+    },
+    runtime: {
+      id: runtimeId,
+      label: adapter?.label ?? runtimeId,
+      adapterStatus: adapter?.status ?? "planned"
+    },
+    checks,
+    models,
+    nextSteps: [...uniqueActions(checks), ...modelActions]
+  };
+}
+
+// src/doctor/index.ts
+function deriveWranglerConfig(runtime) {
+  return {
+    d1_databases: runtime.getBinding("DB") ? [{ binding: "DB" }] : [],
+    r2_buckets: runtime.getBinding("ASSETS_BUCKET") ? [{ binding: "ASSETS_BUCKET" }] : [],
+    images: runtime.getBinding("IMAGES") ? { binding: "IMAGES" } : void 0
+  };
+}
+function checkToFindingCode(checkId) {
+  if (checkId === "runtime.database") return "missing-db-binding";
+  if (checkId === "runtime.objectStorage") return "missing-r2-binding";
+  if (checkId === "runtime.imageTransformer") return "missing-images-binding";
+  if (checkId === "runtime.observability") return "observability-disabled";
+  if (checkId === "notion.token") return "missing-notion-token";
+  if (checkId === "notion.webhook") return "missing-notion-webhook";
+  return checkId;
+}
+function checkToFinding(check) {
+  const severity = check.status === "missing" ? "error" : check.status === "warn" ? "warning" : "info";
+  return {
+    code: checkToFindingCode(check.id),
+    message: check.action ?? check.detail,
+    severity
+  };
+}
+function modelToFinding(model) {
+  if (model.dataSourceStatus !== "missing") return null;
+  return {
+    code: `missing-data-source:${model.id}`,
+    message: `Set ${model.dataSourceEnv} for the ${model.id} content model or add a model defaultDataSourceId.`,
+    severity: "error"
+  };
+}
+function runNextionDoctor(options) {
+  const wranglerConfig = options.wranglerConfig ?? deriveWranglerConfig(options.runtime);
+  const report = buildNextionDoctorReport({
+    env: options.env,
+    wranglerConfig,
+    // Phase 6 will map `sources` (ContentSource[]) to the detailed model
+    // shape used by `buildNextionDoctorReport`. For now, treat the
+    // empty array as the default and rely on binding/env checks.
+    models: []
+  });
+  const findings = [
+    ...report.checks.filter((check) => check.status !== "ok").map(checkToFinding),
+    ...report.models.map(modelToFinding).filter((finding) => finding !== null)
+  ];
+  return { ...report, findings };
+}
+export {
+  createNextionWorker,
+  defineContentSource,
+  runNextionDoctor
+};
+//# sourceMappingURL=index.js.map