@opendatalabs/personal-server-ts-server 0.0.1-canary.0d0705b

package/dist/api.d.ts

@@ -0,0 +1,2 @@
+export { createServer, type CreateServerOptions, type ServerContext, } from "./bootstrap.js";
+//# sourceMappingURL=api.d.ts.map

package/dist/api.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,KAAK,mBAAmB,EACxB,KAAK,aAAa,GACnB,MAAM,gBAAgB,CAAC"}

package/dist/api.js

@@ -0,0 +1,2 @@
+export { createServer, } from "./bootstrap.js";
+//# sourceMappingURL=api.js.map

package/dist/api.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api.js","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,GAGb,MAAM,gBAAgB,CAAC"}

package/dist/app.d.ts

@@ -0,0 +1,31 @@
+import { Hono } from "hono";
+import type { IndexManager } from "@opendatalabs/personal-server-ts-core/storage/index";
+import type { HierarchyManagerOptions } from "@opendatalabs/personal-server-ts-core/storage/hierarchy";
+import type { GatewayClient } from "@opendatalabs/personal-server-ts-core/gateway";
+import type { AccessLogWriter } from "@opendatalabs/personal-server-ts-core/logging/access-log";
+import type { AccessLogReader } from "@opendatalabs/personal-server-ts-core/logging/access-reader";
+import type { SyncManager } from "@opendatalabs/personal-server-ts-core/sync";
+import type { Logger } from "pino";
+export interface IdentityInfo {
+    address: `0x${string}`;
+    publicKey: `0x${string}`;
+    serverId: string | null;
+}
+export interface AppDeps {
+    logger: Logger;
+    version: string;
+    startedAt: Date;
+    indexManager: IndexManager;
+    hierarchyOptions: HierarchyManagerOptions;
+    serverOrigin: string;
+    serverOwner?: `0x${string}`;
+    identity?: IdentityInfo;
+    gateway: GatewayClient;
+    accessLogWriter: AccessLogWriter;
+    accessLogReader: AccessLogReader;
+    devToken?: string;
+    configPath?: string;
+    syncManager?: SyncManager | null;
+}
+export declare function createApp(deps: AppDeps): Hono;
+//# sourceMappingURL=app.d.ts.map

package/dist/app.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"app.d.ts","sourceRoot":"","sources":["../src/app.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,qDAAqD,CAAC;AACxF,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,yDAAyD,CAAC;AACvG,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,+CAA+C,CAAC;AACnF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,0DAA0D,CAAC;AAChG,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,6DAA6D,CAAC;AAQnG,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,4CAA4C,CAAC;AAC9E,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,MAAM,CAAC;AAEnC,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,KAAK,MAAM,EAAE,CAAC;IACvB,SAAS,EAAE,KAAK,MAAM,EAAE,CAAC;IACzB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB;AAED,MAAM,WAAW,OAAO;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;IAChB,YAAY,EAAE,YAAY,CAAC;IAC3B,gBAAgB,EAAE,uBAAuB,CAAC;IAC1C,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,KAAK,MAAM,EAAE,CAAC;IAC5B,QAAQ,CAAC,EAAE,YAAY,CAAC;IACxB,OAAO,EAAE,aAAa,CAAC;IACvB,eAAe,EAAE,eAAe,CAAC;IACjC,eAAe,EAAE,eAAe,CAAC;IACjC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;CAClC;AAED,wBAAgB,SAAS,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,CAsH7C"}

package/dist/app.js

@@ -0,0 +1,94 @@
+import { Hono } from "hono";
+import { ProtocolError } from "@opendatalabs/personal-server-ts-core/errors";
+import { healthRoute } from "./routes/health.js";
+import { dataRoutes } from "./routes/data.js";
+import { grantsRoutes } from "./routes/grants.js";
+import { accessLogsRoutes } from "./routes/access-logs.js";
+import { syncRoutes } from "./routes/sync.js";
+import { uiConfigRoutes } from "./routes/ui-config.js";
+import { uiRoute } from "./routes/ui.js";
+export function createApp(deps) {
+    const app = new Hono();
+    // Mount health route
+    app.route("/", healthRoute({
+        version: deps.version,
+        startedAt: deps.startedAt,
+        serverOwner: deps.serverOwner,
+        identity: deps.identity,
+        gateway: deps.gateway,
+        logger: deps.logger,
+    }));
+    // Mount data routes (ingest + read + delete)
+    app.route("/v1/data", dataRoutes({
+        indexManager: deps.indexManager,
+        hierarchyOptions: deps.hierarchyOptions,
+        logger: deps.logger,
+        serverOrigin: deps.serverOrigin,
+        serverOwner: deps.serverOwner,
+        gateway: deps.gateway,
+        accessLogWriter: deps.accessLogWriter,
+        devToken: deps.devToken,
+        syncManager: deps.syncManager ?? null,
+    }));
+    // Mount grants routes (POST /verify is public, GET / needs owner auth)
+    app.route("/v1/grants", grantsRoutes({
+        logger: deps.logger,
+        gateway: deps.gateway,
+        serverOwner: deps.serverOwner,
+        serverOrigin: deps.serverOrigin,
+        devToken: deps.devToken,
+    }));
+    // Mount access-logs routes (all owner auth)
+    app.route("/v1/access-logs", accessLogsRoutes({
+        logger: deps.logger,
+        accessLogReader: deps.accessLogReader,
+        serverOrigin: deps.serverOrigin,
+        serverOwner: deps.serverOwner,
+        devToken: deps.devToken,
+    }));
+    // Mount sync routes (all owner auth)
+    app.route("/v1/sync", syncRoutes({
+        logger: deps.logger,
+        serverOrigin: deps.serverOrigin,
+        serverOwner: deps.serverOwner,
+        devToken: deps.devToken,
+        syncManager: deps.syncManager ?? null,
+    }));
+    // Mount dev UI routes when dev token is available
+    if (deps.devToken) {
+        app.route("/ui", uiRoute({ devToken: deps.devToken }));
+        if (deps.configPath) {
+            app.route("/ui/api", uiConfigRoutes({
+                devToken: deps.devToken,
+                configPath: deps.configPath,
+            }));
+        }
+    }
+    // Global error handler
+    app.onError((err, c) => {
+        if (err instanceof ProtocolError) {
+            deps.logger.warn({ err }, err.message);
+            return c.json(err.toJSON(), err.code);
+        }
+        deps.logger.error({ err }, "Unhandled error");
+        return c.json({
+            error: {
+                code: 500,
+                errorCode: "INTERNAL_ERROR",
+                message: "Internal server error",
+            },
+        }, 500);
+    });
+    // 404 fallback
+    app.notFound((c) => {
+        return c.json({
+            error: {
+                code: 404,
+                errorCode: "NOT_FOUND",
+                message: "Not found",
+            },
+        }, 404);
+    });
+    return app;
+}
+//# sourceMappingURL=app.js.map

package/dist/app.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"app.js","sourceRoot":"","sources":["../src/app.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,aAAa,EAAE,MAAM,8CAA8C,CAAC;AAM7E,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AA2BzC,MAAM,UAAU,SAAS,CAAC,IAAa;IACrC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IAEvB,qBAAqB;IACrB,GAAG,CAAC,KAAK,CACP,GAAG,EACH,WAAW,CAAC;QACV,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB,CAAC,CACH,CAAC;IAEF,6CAA6C;IAC7C,GAAG,CAAC,KAAK,CACP,UAAU,EACV,UAAU,CAAC;QACT,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;QACvC,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,eAAe,EAAE,IAAI,CAAC,eAAe;QACrC,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,WAAW,EAAE,IAAI,CAAC,WAAW,IAAI,IAAI;KACtC,CAAC,CACH,CAAC;IAEF,uEAAuE;IACvE,GAAG,CAAC,KAAK,CACP,YAAY,EACZ,YAAY,CAAC;QACX,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,QAAQ,EAAE,IAAI,CAAC,QAAQ;KACxB,CAAC,CACH,CAAC;IAEF,4CAA4C;IAC5C,GAAG,CAAC,KAAK,CACP,iBAAiB,EACjB,gBAAgB,CAAC;QACf,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,eAAe,EAAE,IAAI,CAAC,eAAe;QACrC,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,QAAQ,EAAE,IAAI,CAAC,QAAQ;KACxB,CAAC,CACH,CAAC;IAEF,qCAAqC;IACrC,GAAG,CAAC,KAAK,CACP,UAAU,EACV,UAAU,CAAC;QACT,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,WAAW,EAAE,IAAI,CAAC,WAAW,IAAI,IAAI;KACtC,CAAC,CACH,CAAC;IAEF,kDAAkD;IAClD,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,OAAO,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAEvD,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,GAAG,CAAC,KAAK,CACP,SAAS,EACT,cAAc,CAAC;gBACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,UAAU,EAAE,IAAI,CAAC,UAAU;aAC5B,CAAC,CACH,CAAC;QACJ,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,GAAG,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;QACrB,IAAI,GAAG,YAAY,aAAa,EAAE,CAAC;YACjC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YACvC,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,GAAG,CAAC,IAAuB,CAAC,CAAC;QAC3D,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,iBAAiB,CAAC,CAAC;QAC9C,OAAO,CAAC,CAAC,IAAI,CACX;YACE,KAAK,EAAE;gBACL,IAAI,EAAE,GAAG;gBACT,SAAS,EAAE,gBAAgB;gBAC3B,OAAO,EAAE,uBAAuB;aACjC;SACF,EACD,GAAG,CACJ,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,eAAe;IACf,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,EAAE;QACjB,OAAO,CAAC,CAAC,IAAI,CACX;YACE,KAAK,EAAE;gBACL,IAAI,EAAE,GAAG;gBACT,SAAS,EAAE,WAAW;gBACtB,OAAO,EAAE,WAAW;aACrB;SACF,EACD,GAAG,CACJ,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/bootstrap.d.ts

@@ -0,0 +1,29 @@
+import type { ServerConfig } from "@opendatalabs/personal-server-ts-core/schemas";
+import { type Logger } from "@opendatalabs/personal-server-ts-core/logger";
+import { type IndexManager } from "@opendatalabs/personal-server-ts-core/storage/index";
+import type { GatewayClient } from "@opendatalabs/personal-server-ts-core/gateway";
+import type { AccessLogReader } from "@opendatalabs/personal-server-ts-core/logging/access-reader";
+import type { ServerAccount } from "@opendatalabs/personal-server-ts-core/keys";
+import type { ServerSigner } from "@opendatalabs/personal-server-ts-core/signing";
+import { type SyncManager } from "@opendatalabs/personal-server-ts-core/sync";
+import type { Hono } from "hono";
+export interface ServerContext {
+    app: Hono;
+    logger: Logger;
+    config: ServerConfig;
+    startedAt: Date;
+    indexManager: IndexManager;
+    gatewayClient: GatewayClient;
+    accessLogReader: AccessLogReader;
+    serverAccount?: ServerAccount;
+    serverSigner?: ServerSigner;
+    syncManager: SyncManager | null;
+    devToken?: string;
+    cleanup: () => void;
+}
+export interface CreateServerOptions {
+    serverDir?: string;
+    dataDir?: string;
+}
+export declare function createServer(config: ServerConfig, options?: CreateServerOptions): Promise<ServerContext>;
+//# sourceMappingURL=bootstrap.d.ts.map

package/dist/bootstrap.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bootstrap.d.ts","sourceRoot":"","sources":["../src/bootstrap.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,+CAA+C,CAAC;AAKlF,OAAO,EAEL,KAAK,MAAM,EACZ,MAAM,8CAA8C,CAAC;AACtD,OAAO,EAGL,KAAK,YAAY,EAClB,MAAM,qDAAqD,CAAC;AAG7D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,+CAA+C,CAAC;AAGnF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,6DAA6D,CAAC;AAMnG,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,4CAA4C,CAAC;AAKhF,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,+CAA+C,CAAC;AAClF,OAAO,EAGL,KAAK,WAAW,EACjB,MAAM,4CAA4C,CAAC;AAEpD,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAIjC,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,IAAI,CAAC;IACV,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,YAAY,CAAC;IACrB,SAAS,EAAE,IAAI,CAAC;IAChB,YAAY,EAAE,YAAY,CAAC;IAC3B,aAAa,EAAE,aAAa,CAAC;IAC7B,eAAe,EAAE,eAAe,CAAC;IACjC,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,WAAW,EAAE,WAAW,GAAG,IAAI,CAAC;IAChC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,IAAI,CAAC;CACrB;AAED,MAAM,WAAW,mBAAmB;IAClC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,wBAAsB,YAAY,CAChC,MAAM,EAAE,YAAY,EACpB,OAAO,CAAC,EAAE,mBAAmB,GAC5B,OAAO,CAAC,aAAa,CAAC,CAkLxB"}

package/dist/bootstrap.js

@@ -0,0 +1,159 @@
+import { join } from "node:path";
+import { DEFAULT_SERVER_DIR, DEFAULT_DATA_DIR, } from "@opendatalabs/personal-server-ts-core/config";
+import { createLogger, } from "@opendatalabs/personal-server-ts-core/logger";
+import { initializeDatabase, createIndexManager, } from "@opendatalabs/personal-server-ts-core/storage/index";
+import { createGatewayClient } from "@opendatalabs/personal-server-ts-core/gateway";
+import { createAccessLogWriter } from "@opendatalabs/personal-server-ts-core/logging/access-log";
+import { createAccessLogReader } from "@opendatalabs/personal-server-ts-core/logging/access-reader";
+import { deriveMasterKey, recoverServerOwner, loadOrCreateServerAccount, } from "@opendatalabs/personal-server-ts-core/keys";
+import { createServerSigner, createRequestSigner, } from "@opendatalabs/personal-server-ts-core/signing";
+import { createSyncCursor, createSyncManager, } from "@opendatalabs/personal-server-ts-core/sync";
+import { createVanaStorageAdapter } from "@opendatalabs/personal-server-ts-core/storage/adapters";
+import { createApp } from "./app.js";
+import { generateDevToken } from "./dev-token.js";
+export async function createServer(config, options) {
+    const logger = createLogger(config.logging);
+    const startedAt = new Date();
+    const serverDir = options?.serverDir ?? DEFAULT_SERVER_DIR;
+    const dataDir = options?.dataDir ?? DEFAULT_DATA_DIR;
+    const indexPath = join(serverDir, "index.db");
+    const configPath = join(serverDir, "config.json");
+    const db = initializeDatabase(indexPath);
+    const indexManager = createIndexManager(db);
+    const hierarchyOptions = { dataDir };
+    const gatewayClient = createGatewayClient(config.gateway.url);
+    const serverOrigin = config.server.origin;
+    // Derive server owner from VANA_MASTER_KEY_SIGNATURE env var
+    const masterKeySignature = process.env.VANA_MASTER_KEY_SIGNATURE;
+    let serverOwner;
+    let serverAccount;
+    let serverSigner;
+    let identity;
+    if (masterKeySignature) {
+        serverOwner = await recoverServerOwner(masterKeySignature);
+        deriveMasterKey(masterKeySignature); // validate signature format
+        logger.info({ owner: serverOwner }, "Server owner derived from master key");
+        // Load or create server keypair from disk
+        const keyPath = join(serverDir, "key.json");
+        serverAccount = loadOrCreateServerAccount(keyPath);
+        logger.info({ owner: serverOwner, serverAddress: serverAccount.address }, "Server signing account loaded");
+        serverSigner = createServerSigner(serverAccount, {
+            chainId: config.gateway.chainId,
+            contracts: config.gateway.contracts,
+        });
+        // Check registration (Data Connect handles actual registration)
+        let serverId = null;
+        try {
+            const serverInfo = await gatewayClient.getServer(serverAccount.address);
+            serverId = serverInfo?.id ?? null;
+        }
+        catch {
+            // Gateway unreachable — assume not registered
+        }
+        if (serverId) {
+            logger.info("Server registered with gateway — signing delegation active");
+        }
+        else {
+            logger.warn({
+                serverAddress: serverAccount.address,
+                publicKey: serverAccount.publicKey,
+            }, "Server not registered. Register personal server with the gateway to enable delegation.");
+        }
+        identity = {
+            address: serverAccount.address,
+            publicKey: serverAccount.publicKey,
+            serverId,
+        };
+    }
+    else {
+        logger.warn("VANA_MASTER_KEY_SIGNATURE not set — owner-restricted endpoints will return 500");
+    }
+    // --- Sync engine setup ---
+    let syncManager = null;
+    if (config.sync.enabled &&
+        masterKeySignature &&
+        serverOwner &&
+        serverAccount &&
+        serverSigner) {
+        const masterKey = deriveMasterKey(masterKeySignature);
+        const vanaConfig = config.storage.config.vana ?? {
+            apiUrl: "https://storage.vana.com",
+        };
+        const requestSigner = createRequestSigner(serverAccount);
+        const storageAdapter = createVanaStorageAdapter({
+            apiUrl: vanaConfig.apiUrl,
+            ownerAddress: serverOwner,
+            signer: requestSigner,
+        });
+        const configPath_ = join(serverDir, "server.json");
+        const cursor = createSyncCursor(configPath_);
+        const uploadDeps = {
+            indexManager,
+            hierarchyOptions,
+            storageAdapter,
+            gateway: gatewayClient,
+            signer: serverSigner,
+            masterKey,
+            serverOwner,
+            logger,
+        };
+        const downloadDeps = {
+            indexManager,
+            hierarchyOptions,
+            storageAdapter,
+            gateway: gatewayClient,
+            cursor,
+            masterKey,
+            serverOwner,
+            logger,
+        };
+        syncManager = createSyncManager(uploadDeps, downloadDeps);
+        syncManager.start();
+        logger.info("Sync engine started");
+    }
+    else if (config.sync.enabled) {
+        logger.warn("Sync enabled in config but VANA_MASTER_KEY_SIGNATURE not set — sync disabled");
+    }
+    const logsDir = join(serverDir, "logs");
+    const accessLogWriter = createAccessLogWriter(logsDir);
+    const accessLogReader = createAccessLogReader(logsDir);
+    // Generate ephemeral dev token when devUi is enabled
+    const devToken = config.devUi.enabled ? generateDevToken() : undefined;
+    const app = createApp({
+        logger,
+        version: "0.0.1",
+        startedAt,
+        indexManager,
+        hierarchyOptions,
+        serverOrigin,
+        serverOwner,
+        identity,
+        gateway: gatewayClient,
+        accessLogWriter,
+        accessLogReader,
+        devToken,
+        configPath,
+        syncManager,
+    });
+    const cleanup = () => {
+        if (syncManager) {
+            syncManager.stop();
+        }
+        indexManager.close();
+    };
+    return {
+        app,
+        logger,
+        config,
+        startedAt,
+        indexManager,
+        gatewayClient,
+        accessLogReader,
+        serverAccount,
+        serverSigner,
+        syncManager,
+        devToken,
+        cleanup,
+    };
+}
+//# sourceMappingURL=bootstrap.js.map

package/dist/bootstrap.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"bootstrap.js","sourceRoot":"","sources":["../src/bootstrap.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,OAAO,EACL,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,8CAA8C,CAAC;AACtD,OAAO,EACL,YAAY,GAEb,MAAM,8CAA8C,CAAC;AACtD,OAAO,EACL,kBAAkB,EAClB,kBAAkB,GAEnB,MAAM,qDAAqD,CAAC;AAE7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,+CAA+C,CAAC;AAEpF,OAAO,EAAE,qBAAqB,EAAE,MAAM,0DAA0D,CAAC;AACjG,OAAO,EAAE,qBAAqB,EAAE,MAAM,6DAA6D,CAAC;AAEpG,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,yBAAyB,GAC1B,MAAM,4CAA4C,CAAC;AAEpD,OAAO,EACL,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,+CAA+C,CAAC;AAEvD,OAAO,EACL,gBAAgB,EAChB,iBAAiB,GAElB,MAAM,4CAA4C,CAAC;AACpD,OAAO,EAAE,wBAAwB,EAAE,MAAM,wDAAwD,CAAC;AAElG,OAAO,EAAE,SAAS,EAAqB,MAAM,UAAU,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAsBlD,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,MAAoB,EACpB,OAA6B;IAE7B,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC5C,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAE7B,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,IAAI,kBAAkB,CAAC;IAC3D,MAAM,OAAO,GAAG,OAAO,EAAE,OAAO,IAAI,gBAAgB,CAAC;IACrD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;IAElD,MAAM,EAAE,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAC;IACzC,MAAM,YAAY,GAAG,kBAAkB,CAAC,EAAE,CAAC,CAAC;IAC5C,MAAM,gBAAgB,GAA4B,EAAE,OAAO,EAAE,CAAC;IAE9D,MAAM,aAAa,GAAG,mBAAmB,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE9D,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC;IAE1C,6DAA6D;IAC7D,MAAM,kBAAkB,GAAG,OAAO,CAAC,GAAG,CAAC,yBAE1B,CAAC;IACd,IAAI,WAAsC,CAAC;IAE3C,IAAI,aAAwC,CAAC;IAC7C,IAAI,YAAsC,CAAC;IAC3C,IAAI,QAAkC,CAAC;IAEvC,IAAI,kBAAkB,EAAE,CAAC;QACvB,WAAW,GAAG,MAAM,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;QAC3D,eAAe,CAAC,kBAAkB,CAAC,CAAC,CAAC,4BAA4B;QACjE,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE,sCAAsC,CAAC,CAAC;QAE5E,0CAA0C;QAC1C,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;QAC5C,aAAa,GAAG,yBAAyB,CAAC,OAAO,CAAC,CAAC;QACnD,MAAM,CAAC,IAAI,CACT,EAAE,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,aAAa,CAAC,OAAO,EAAE,EAC5D,+BAA+B,CAChC,CAAC;QAEF,YAAY,GAAG,kBAAkB,CAAC,aAAa,EAAE;YAC/C,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,OAAO;YAC/B,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC,SAAS;SACpC,CAAC,CAAC;QAEH,gEAAgE;QAChE,IAAI,QAAQ,GAAkB,IAAI,CAAC;QACnC,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,MAAM,aAAa,CAAC,SAAS,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;YACxE,QAAQ,GAAG,UAAU,EAAE,EAAE,IAAI,IAAI,CAAC;QACpC,CAAC;QAAC,MAAM,CAAC;YACP,8CAA8C;QAChD,CAAC;QAED,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;QAC5E,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CACT;gBACE,aAAa,EAAE,aAAa,CAAC,OAAO;gBACpC,SAAS,EAAE,aAAa,CAAC,SAAS;aACnC,EACD,wFAAwF,CACzF,CAAC;QACJ,CAAC;QAED,QAAQ,GAAG;YACT,OAAO,EAAE,aAAa,CAAC,OAAO;YAC9B,SAAS,EAAE,aAAa,CAAC,SAAS;YAClC,QAAQ;SACT,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CACT,gFAAgF,CACjF,CAAC;IACJ,CAAC;IAED,4BAA4B;IAC5B,IAAI,WAAW,GAAuB,IAAI,CAAC;IAE3C,IACE,MAAM,CAAC,IAAI,CAAC,OAAO;QACnB,kBAAkB;QAClB,WAAW;QACX,aAAa;QACb,YAAY,EACZ,CAAC;QACD,MAAM,SAAS,GAAG,eAAe,CAAC,kBAAkB,CAAC,CAAC;QAEtD,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,IAAI;YAC/C,MAAM,EAAE,0BAA0B;SACnC,CAAC;QACF,MAAM,aAAa,GAAG,mBAAmB,CAAC,aAAa,CAAC,CAAC;QACzD,MAAM,cAAc,GAAG,wBAAwB,CAAC;YAC9C,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,YAAY,EAAE,WAAW;YACzB,MAAM,EAAE,aAAa;SACtB,CAAC,CAAC;QAEH,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;QACnD,MAAM,MAAM,GAAG,gBAAgB,CAAC,WAAW,CAAC,CAAC;QAE7C,MAAM,UAAU,GAAG;YACjB,YAAY;YACZ,gBAAgB;YAChB,cAAc;YACd,OAAO,EAAE,aAAa;YACtB,MAAM,EAAE,YAAY;YACpB,SAAS;YACT,WAAW;YACX,MAAM;SACP,CAAC;QAEF,MAAM,YAAY,GAAG;YACnB,YAAY;YACZ,gBAAgB;YAChB,cAAc;YACd,OAAO,EAAE,aAAa;YACtB,MAAM;YACN,SAAS;YACT,WAAW;YACX,MAAM;SACP,CAAC;QAEF,WAAW,GAAG,iBAAiB,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;QAC1D,WAAW,CAAC,KAAK,EAAE,CAAC;QACpB,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IACrC,CAAC;SAAM,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QAC/B,MAAM,CAAC,IAAI,CACT,8EAA8E,CAC/E,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IACxC,MAAM,eAAe,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;IACvD,MAAM,eAAe,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;IAEvD,qDAAqD;IACrD,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IAEvE,MAAM,GAAG,GAAG,SAAS,CAAC;QACpB,MAAM;QACN,OAAO,EAAE,OAAO;QAChB,SAAS;QACT,YAAY;QACZ,gBAAgB;QAChB,YAAY;QACZ,WAAW;QACX,QAAQ;QACR,OAAO,EAAE,aAAa;QACtB,eAAe;QACf,eAAe;QACf,QAAQ;QACR,UAAU;QACV,WAAW;KACZ,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,GAAG,EAAE;QACnB,IAAI,WAAW,EAAE,CAAC;YAChB,WAAW,CAAC,IAAI,EAAE,CAAC;QACrB,CAAC;QACD,YAAY,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC,CAAC;IAEF,OAAO;QACL,GAAG;QACH,MAAM;QACN,MAAM;QACN,SAAS;QACT,YAAY;QACZ,aAAa;QACb,eAAe;QACf,aAAa;QACb,YAAY;QACZ,WAAW;QACX,QAAQ;QACR,OAAO;KACR,CAAC;AACJ,CAAC"}

package/dist/dev-token.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Generates a random 32-byte hex string for use as an ephemeral dev token.
+ * This token is generated once at startup and lives only in memory.
+ */
+export declare function generateDevToken(): string;
+//# sourceMappingURL=dev-token.d.ts.map

package/dist/dev-token.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dev-token.d.ts","sourceRoot":"","sources":["../src/dev-token.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,wBAAgB,gBAAgB,IAAI,MAAM,CAEzC"}

package/dist/dev-token.js

@@ -0,0 +1,9 @@
+import { randomBytes } from "node:crypto";
+/**
+ * Generates a random 32-byte hex string for use as an ephemeral dev token.
+ * This token is generated once at startup and lives only in memory.
+ */
+export function generateDevToken() {
+    return randomBytes(32).toString("hex");
+}
+//# sourceMappingURL=dev-token.js.map

package/dist/dev-token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dev-token.js","sourceRoot":"","sources":["../src/dev-token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C;;;GAGG;AACH,MAAM,UAAU,gBAAgB;IAC9B,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":""}

package/dist/index.js

@@ -0,0 +1,34 @@
+import { serve } from "@hono/node-server";
+import { loadConfig } from "@opendatalabs/personal-server-ts-core/config";
+import { createServer } from "./bootstrap.js";
+const DRAIN_TIMEOUT_MS = 5_000;
+async function main() {
+    const config = await loadConfig();
+    const { app, logger, devToken } = await createServer(config);
+    const server = serve({ fetch: app.fetch, port: config.server.port }, (info) => {
+        logger.info({ port: info.port, version: "0.0.1" }, "Server started");
+        if (devToken) {
+            logger.info({ url: `http://localhost:${info.port}/ui` }, "Dev UI available");
+            logger.info({ devToken }, "Dev token (ephemeral)");
+        }
+    });
+    function shutdown(signal) {
+        logger.info({ signal }, "Shutdown signal received, draining connections");
+        server.close(() => {
+            logger.info("Server stopped");
+            process.exit(0);
+        });
+        // Force exit after drain timeout
+        setTimeout(() => {
+            logger.warn("Drain timeout exceeded, forcing exit");
+            process.exit(1);
+        }, DRAIN_TIMEOUT_MS).unref();
+    }
+    process.on("SIGTERM", () => shutdown("SIGTERM"));
+    process.on("SIGINT", () => shutdown("SIGINT"));
+}
+main().catch((err) => {
+    console.error("Failed to start server:", err);
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,mBAAmB,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,MAAM,8CAA8C,CAAC;AAC1E,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAE9C,MAAM,gBAAgB,GAAG,KAAK,CAAC;AAE/B,KAAK,UAAU,IAAI;IACjB,MAAM,MAAM,GAAG,MAAM,UAAU,EAAE,CAAC;IAClC,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,CAAC;IAE7D,MAAM,MAAM,GAAG,KAAK,CAClB,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,EAC9C,CAAC,IAAI,EAAE,EAAE;QACP,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,gBAAgB,CAAC,CAAC;QAErE,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CACT,EAAE,GAAG,EAAE,oBAAoB,IAAI,CAAC,IAAI,KAAK,EAAE,EAC3C,kBAAkB,CACnB,CAAC;YACF,MAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,EAAE,uBAAuB,CAAC,CAAC;QACrD,CAAC;IACH,CAAC,CACF,CAAC;IAEF,SAAS,QAAQ,CAAC,MAAc;QAC9B,MAAM,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,EAAE,gDAAgD,CAAC,CAAC;QAE1E,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE;YAChB,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YAC9B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC,CAAC,CAAC;QAEH,iCAAiC;QACjC,UAAU,CAAC,GAAG,EAAE;YACd,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;YACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC,EAAE,gBAAgB,CAAC,CAAC,KAAK,EAAE,CAAC;IAC/B,CAAC;IAED,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;IACjD,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;AACjD,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,GAAG,CAAC,CAAC;IAC9C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/middleware/access-log.d.ts

@@ -0,0 +1,8 @@
+import type { MiddlewareHandler } from "hono";
+import type { AccessLogWriter } from "@opendatalabs/personal-server-ts-core/logging/access-log";
+/**
+ * Logs builder data access AFTER successful response (2xx).
+ * Fire-and-forget: write failures don't affect response.
+ */
+export declare function createAccessLogMiddleware(writer: AccessLogWriter): MiddlewareHandler;
+//# sourceMappingURL=access-log.d.ts.map

package/dist/middleware/access-log.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"access-log.d.ts","sourceRoot":"","sources":["../../src/middleware/access-log.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAC9C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,0DAA0D,CAAC;AAIhG;;;GAGG;AACH,wBAAgB,yBAAyB,CACvC,MAAM,EAAE,eAAe,GACtB,iBAAiB,CAoCnB"}

package/dist/middleware/access-log.js

@@ -0,0 +1,38 @@
+import { randomUUID } from "node:crypto";
+/**
+ * Logs builder data access AFTER successful response (2xx).
+ * Fire-and-forget: write failures don't affect response.
+ */
+export function createAccessLogMiddleware(writer) {
+    return async (c, next) => {
+        await next();
+        // Only log on 2xx responses
+        if (c.res.status < 200 || c.res.status >= 300) {
+            return;
+        }
+        const auth = c.get("auth");
+        const grant = c.get("grant");
+        if (!auth || !grant) {
+            return;
+        }
+        const scope = c.req.param("scope") ?? "unknown";
+        try {
+            await writer.write({
+                logId: randomUUID(),
+                grantId: grant.id,
+                builder: auth.signer,
+                action: "read",
+                scope,
+                timestamp: new Date().toISOString(),
+                ipAddress: c.req.header("x-forwarded-for") ??
+                    c.req.header("x-real-ip") ??
+                    "unknown",
+                userAgent: c.req.header("user-agent") ?? "unknown",
+            });
+        }
+        catch {
+            // Fire-and-forget: write failures don't affect response
+        }
+    };
+}
+//# sourceMappingURL=access-log.js.map

package/dist/middleware/access-log.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"access-log.js","sourceRoot":"","sources":["../../src/middleware/access-log.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAMzC;;;GAGG;AACH,MAAM,UAAU,yBAAyB,CACvC,MAAuB;IAEvB,OAAO,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QACvB,MAAM,IAAI,EAAE,CAAC;QAEb,4BAA4B;QAC5B,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;YAC9C,OAAO;QACT,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAA6B,CAAC;QACvD,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,OAAO,CAAqC,CAAC;QAEjE,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACpB,OAAO;QACT,CAAC;QAED,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC;QAEhD,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,KAAK,CAAC;gBACjB,KAAK,EAAE,UAAU,EAAE;gBACnB,OAAO,EAAE,KAAK,CAAC,EAAE;gBACjB,OAAO,EAAE,IAAI,CAAC,MAAM;gBACpB,MAAM,EAAE,MAAM;gBACd,KAAK;gBACL,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,SAAS,EACP,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,iBAAiB,CAAC;oBAC/B,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC;oBACzB,SAAS;gBACX,SAAS,EAAE,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,SAAS;aACnD,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,wDAAwD;QAC1D,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}

package/dist/middleware/body-limit.d.ts

@@ -0,0 +1,10 @@
+import type { MiddlewareHandler } from "hono";
+/** 50 MB — max body size for data ingest routes */
+export declare const DATA_INGEST_MAX_SIZE: number;
+/** 1 MB — default max body size for general routes */
+export declare const DEFAULT_MAX_SIZE: number;
+/**
+ * Creates a Hono body-limit middleware that returns 413 JSON on overflow.
+ */
+export declare function createBodyLimit(maxSize: number): MiddlewareHandler;
+//# sourceMappingURL=body-limit.d.ts.map

package/dist/middleware/body-limit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"body-limit.d.ts","sourceRoot":"","sources":["../../src/middleware/body-limit.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAE9C,mDAAmD;AACnD,eAAO,MAAM,oBAAoB,QAAmB,CAAC;AAErD,sDAAsD;AACtD,eAAO,MAAM,gBAAgB,QAAkB,CAAC;AAEhD;;GAEG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,iBAAiB,CAalE"}

package/dist/middleware/body-limit.js

@@ -0,0 +1,20 @@
+import { bodyLimit } from "hono/body-limit";
+/** 50 MB — max body size for data ingest routes */
+export const DATA_INGEST_MAX_SIZE = 50 * 1024 * 1024;
+/** 1 MB — default max body size for general routes */
+export const DEFAULT_MAX_SIZE = 1 * 1024 * 1024;
+/**
+ * Creates a Hono body-limit middleware that returns 413 JSON on overflow.
+ */
+export function createBodyLimit(maxSize) {
+    return bodyLimit({
+        maxSize,
+        onError: (c) => {
+            return c.json({
+                error: "CONTENT_TOO_LARGE",
+                message: `Request body exceeds maximum size of ${maxSize} bytes`,
+            }, 413);
+        },
+    });
+}
+//# sourceMappingURL=body-limit.js.map

package/dist/middleware/body-limit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"body-limit.js","sourceRoot":"","sources":["../../src/middleware/body-limit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAG5C,mDAAmD;AACnD,MAAM,CAAC,MAAM,oBAAoB,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC;AAErD,sDAAsD;AACtD,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC;AAEhD;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,OAAe;IAC7C,OAAO,SAAS,CAAC;QACf,OAAO;QACP,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE;YACb,OAAO,CAAC,CAAC,IAAI,CACX;gBACE,KAAK,EAAE,mBAAmB;gBAC1B,OAAO,EAAE,wCAAwC,OAAO,QAAQ;aACjE,EACD,GAAG,CACJ,CAAC;QACJ,CAAC;KACF,CAAC,CAAC;AACL,CAAC"}

package/dist/middleware/builder-check.d.ts

@@ -0,0 +1,8 @@
+import type { MiddlewareHandler } from "hono";
+import type { GatewayClient } from "@opendatalabs/personal-server-ts-core/gateway";
+/**
+ * Verifies authenticated signer is a registered builder via Gateway.
+ * Must run AFTER web3-auth middleware.
+ */
+export declare function createBuilderCheckMiddleware(gateway: GatewayClient): MiddlewareHandler;
+//# sourceMappingURL=builder-check.d.ts.map

package/dist/middleware/builder-check.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"builder-check.d.ts","sourceRoot":"","sources":["../../src/middleware/builder-check.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAC9C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,+CAA+C,CAAC;AAInF;;;GAGG;AACH,wBAAgB,4BAA4B,CAC1C,OAAO,EAAE,aAAa,GACrB,iBAAiB,CAyBnB"}

package/dist/middleware/builder-check.js

@@ -0,0 +1,29 @@
+import { UnregisteredBuilderError } from "@opendatalabs/personal-server-ts-core/errors";
+/**
+ * Verifies authenticated signer is a registered builder via Gateway.
+ * Must run AFTER web3-auth middleware.
+ */
+export function createBuilderCheckMiddleware(gateway) {
+    return async (c, next) => {
+        if (c.get("devBypass")) {
+            await next();
+            return;
+        }
+        const auth = c.get("auth");
+        try {
+            const registered = await gateway.isRegisteredBuilder(auth.signer);
+            if (!registered) {
+                const err = new UnregisteredBuilderError();
+                return c.json(err.toJSON(), 401);
+            }
+            await next();
+        }
+        catch (err) {
+            if (err instanceof UnregisteredBuilderError) {
+                return c.json(err.toJSON(), 401);
+            }
+            throw err;
+        }
+    };
+}
+//# sourceMappingURL=builder-check.js.map

package/dist/middleware/builder-check.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"builder-check.js","sourceRoot":"","sources":["../../src/middleware/builder-check.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,wBAAwB,EAAE,MAAM,8CAA8C,CAAC;AAExF;;;GAGG;AACH,MAAM,UAAU,4BAA4B,CAC1C,OAAsB;IAEtB,OAAO,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QACvB,IAAI,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAiB,CAAC;QAE3C,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAElE,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,MAAM,GAAG,GAAG,IAAI,wBAAwB,EAAE,CAAC;gBAC3C,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,GAAG,CAAC,CAAC;YACnC,CAAC;YAED,MAAM,IAAI,EAAE,CAAC;QACf,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,wBAAwB,EAAE,CAAC;gBAC5C,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,GAAG,CAAC,CAAC;YACnC,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}

package/dist/middleware/grant-check.d.ts

@@ -0,0 +1,12 @@
+import type { MiddlewareHandler } from "hono";
+import type { GatewayClient } from "@opendatalabs/personal-server-ts-core/gateway";
+/**
+ * Enforces grant for data reads. Must run AFTER web3-auth middleware.
+ * Fetches grant from Gateway, checks revocation/expiry/scope/grantee.
+ * Sets c.set('grant', grantResponse).
+ */
+export declare function createGrantCheckMiddleware(params: {
+    gateway: GatewayClient;
+    serverOwner?: `0x${string}`;
+}): MiddlewareHandler;
+//# sourceMappingURL=grant-check.d.ts.map

package/dist/middleware/grant-check.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"grant-check.d.ts","sourceRoot":"","sources":["../../src/middleware/grant-check.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAC9C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,+CAA+C,CAAC;AAmCnF;;;;GAIG;AACH,wBAAgB,0BAA0B,CAAC,MAAM,EAAE;IACjD,OAAO,EAAE,aAAa,CAAC;IACvB,WAAW,CAAC,EAAE,KAAK,MAAM,EAAE,CAAC;CAC7B,GAAG,iBAAiB,CAyEpB"}