@openpalm/ui 0.12.35 → 0.12.36

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (323) hide show
  1. package/build/.openpalm-ui-version +1 -1
  2. package/build/client/_app/immutable/chunks/{Cn5j2N5s.js → 18H4LtPZ.js} +1 -1
  3. package/build/client/_app/immutable/chunks/18H4LtPZ.js.br +0 -0
  4. package/build/client/_app/immutable/chunks/18H4LtPZ.js.gz +0 -0
  5. package/build/client/_app/immutable/chunks/B9EqtPE4.js +1 -0
  6. package/build/client/_app/immutable/chunks/B9EqtPE4.js.br +2 -0
  7. package/build/client/_app/immutable/chunks/B9EqtPE4.js.gz +0 -0
  8. package/build/client/_app/immutable/chunks/{Dma1yH6T.js → BWlXSOvq.js} +1 -1
  9. package/build/client/_app/immutable/chunks/BWlXSOvq.js.br +0 -0
  10. package/build/client/_app/immutable/chunks/BWlXSOvq.js.gz +0 -0
  11. package/build/client/_app/immutable/chunks/WWLVY9mq.js +3 -0
  12. package/build/client/_app/immutable/chunks/WWLVY9mq.js.br +0 -0
  13. package/build/client/_app/immutable/chunks/WWLVY9mq.js.gz +0 -0
  14. package/build/client/_app/immutable/entry/{app.DCTrXp6P.js → app.C2R9I_ws.js} +2 -2
  15. package/build/client/_app/immutable/entry/app.C2R9I_ws.js.br +0 -0
  16. package/build/client/_app/immutable/entry/app.C2R9I_ws.js.gz +0 -0
  17. package/build/client/_app/immutable/entry/start.CH0zgqk7.js +1 -0
  18. package/build/client/_app/immutable/entry/start.CH0zgqk7.js.br +0 -0
  19. package/build/client/_app/immutable/entry/start.CH0zgqk7.js.gz +0 -0
  20. package/build/client/_app/immutable/nodes/{1.DeODpuBZ.js → 1.BgCCmrLT.js} +1 -1
  21. package/build/client/_app/immutable/nodes/1.BgCCmrLT.js.br +1 -0
  22. package/build/client/_app/immutable/nodes/1.BgCCmrLT.js.gz +0 -0
  23. package/build/client/_app/immutable/nodes/10.lRB7NSwy.js +3 -0
  24. package/build/client/_app/immutable/nodes/10.lRB7NSwy.js.br +0 -0
  25. package/build/client/_app/immutable/nodes/10.lRB7NSwy.js.gz +0 -0
  26. package/build/client/_app/immutable/nodes/{4.BPWbyAG8.js → 4.CTNJp0zo.js} +1 -1
  27. package/build/client/_app/immutable/nodes/4.CTNJp0zo.js.br +0 -0
  28. package/build/client/_app/immutable/nodes/4.CTNJp0zo.js.gz +0 -0
  29. package/build/client/_app/immutable/nodes/{5.DSNlc6_T.js → 5.DT81-wvC.js} +1 -1
  30. package/build/client/_app/immutable/nodes/5.DT81-wvC.js.br +0 -0
  31. package/build/client/_app/immutable/nodes/5.DT81-wvC.js.gz +0 -0
  32. package/build/client/_app/immutable/nodes/{6.BXpzaUL0.js → 6.DBcGu6ci.js} +1 -1
  33. package/build/client/_app/immutable/nodes/6.DBcGu6ci.js.br +0 -0
  34. package/build/client/_app/immutable/nodes/6.DBcGu6ci.js.gz +0 -0
  35. package/build/client/_app/immutable/nodes/{7.BrFVK4tb.js → 7.CnGpHSBm.js} +1 -1
  36. package/build/client/_app/immutable/nodes/7.CnGpHSBm.js.br +0 -0
  37. package/build/client/_app/immutable/nodes/7.CnGpHSBm.js.gz +0 -0
  38. package/build/client/_app/immutable/nodes/{8.w_eWNqum.js → 8.DPIpvND6.js} +1 -1
  39. package/build/client/_app/immutable/nodes/8.DPIpvND6.js.br +0 -0
  40. package/build/client/_app/immutable/nodes/8.DPIpvND6.js.gz +0 -0
  41. package/build/client/_app/version.json +1 -1
  42. package/build/client/_app/version.json.br +1 -1
  43. package/build/client/_app/version.json.gz +0 -0
  44. package/build/server/chunks/1-Ba2dl8WF.js +9 -0
  45. package/build/server/chunks/{1-DHr2ahqY.js.map → 1-Ba2dl8WF.js.map} +1 -1
  46. package/build/server/chunks/{10-Bhcyw8HA.js → 10-CkPDkKVx.js} +7 -7
  47. package/build/server/chunks/10-CkPDkKVx.js.map +1 -0
  48. package/build/server/chunks/{4-Cd3Q4DoQ.js → 4-ZfnBF0Dj.js} +3 -3
  49. package/build/server/chunks/{4-Cd3Q4DoQ.js.map → 4-ZfnBF0Dj.js.map} +1 -1
  50. package/build/server/chunks/{5-BBhfqYBp.js → 5-C_Y14AXF.js} +3 -3
  51. package/build/server/chunks/{5-BBhfqYBp.js.map → 5-C_Y14AXF.js.map} +1 -1
  52. package/build/server/chunks/{6-Djg8mg9E.js → 6-ClhMBUrx.js} +3 -3
  53. package/build/server/chunks/{6-Djg8mg9E.js.map → 6-ClhMBUrx.js.map} +1 -1
  54. package/build/server/chunks/{7-D2mE5z4a.js → 7-7gjO-2Lg.js} +3 -3
  55. package/build/server/chunks/{7-D2mE5z4a.js.map → 7-7gjO-2Lg.js.map} +1 -1
  56. package/build/server/chunks/{8-BZ53nosC.js → 8-BbPGl27f.js} +3 -3
  57. package/build/server/chunks/{8-BZ53nosC.js.map → 8-BbPGl27f.js.map} +1 -1
  58. package/build/server/chunks/{Navbar-DmstJWgp.js → Navbar-DN8ttZku.js} +3 -3
  59. package/build/server/chunks/{Navbar-DmstJWgp.js.map → Navbar-DN8ttZku.js.map} +1 -1
  60. package/build/server/chunks/{_page.svelte-DmAj2xUu.js → _page.svelte-3-BbtUw7.js} +5 -5
  61. package/build/server/chunks/{_page.svelte-DmAj2xUu.js.map → _page.svelte-3-BbtUw7.js.map} +1 -1
  62. package/build/server/chunks/{_page.svelte-CupozR5-.js → _page.svelte-B9w3i-o2.js} +3 -3
  63. package/build/server/chunks/{_page.svelte-CupozR5-.js.map → _page.svelte-B9w3i-o2.js.map} +1 -1
  64. package/build/server/chunks/{_page.svelte-6H8jZf49.js → _page.svelte-B_hW5WaY.js} +3 -3
  65. package/build/server/chunks/{_page.svelte-6H8jZf49.js.map → _page.svelte-B_hW5WaY.js.map} +1 -1
  66. package/build/server/chunks/{_page.svelte-CzA8BxOP.js → _page.svelte-Ddqlogf2.js} +5 -5
  67. package/build/server/chunks/{_page.svelte-CzA8BxOP.js.map → _page.svelte-Ddqlogf2.js.map} +1 -1
  68. package/build/server/chunks/{_page.svelte-DGMNp0WD.js → _page.svelte-m57Wpiuj.js} +5 -5
  69. package/build/server/chunks/{_page.svelte-DGMNp0WD.js.map → _page.svelte-m57Wpiuj.js.map} +1 -1
  70. package/build/server/chunks/{_page.svelte-rf-Q89lq.js → _page.svelte-xumMJJN7.js} +2 -2
  71. package/build/server/chunks/_page.svelte-xumMJJN7.js.map +1 -0
  72. package/build/server/chunks/{_server.ts-Bv2PmRE5.js → _server.ts-2nV2xJ6k.js} +7 -7
  73. package/build/server/chunks/{_server.ts-Bv2PmRE5.js.map → _server.ts-2nV2xJ6k.js.map} +1 -1
  74. package/build/server/chunks/{_server.ts-Co5cJt5A.js → _server.ts-9EX0zwyr.js} +2 -2
  75. package/build/server/chunks/{_server.ts-Co5cJt5A.js.map → _server.ts-9EX0zwyr.js.map} +1 -1
  76. package/build/server/chunks/{_server.ts-ygo2IFet.js → _server.ts-B-O4_XTp.js} +5 -5
  77. package/build/server/chunks/{_server.ts-ygo2IFet.js.map → _server.ts-B-O4_XTp.js.map} +1 -1
  78. package/build/server/chunks/{_server.ts-DEmtjEMi.js → _server.ts-B2hH7NwG.js} +5 -5
  79. package/build/server/chunks/{_server.ts-DEmtjEMi.js.map → _server.ts-B2hH7NwG.js.map} +1 -1
  80. package/build/server/chunks/{_server.ts-CjrBMt_s.js → _server.ts-B2vHnPyE.js} +5 -5
  81. package/build/server/chunks/{_server.ts-CjrBMt_s.js.map → _server.ts-B2vHnPyE.js.map} +1 -1
  82. package/build/server/chunks/{_server.ts-D92SRQrD.js → _server.ts-B8q5v1MH.js} +5 -5
  83. package/build/server/chunks/{_server.ts-D92SRQrD.js.map → _server.ts-B8q5v1MH.js.map} +1 -1
  84. package/build/server/chunks/{_server.ts-Dr9Nrd0B.js → _server.ts-B9eSpa-M.js} +4 -4
  85. package/build/server/chunks/{_server.ts-Dr9Nrd0B.js.map → _server.ts-B9eSpa-M.js.map} +1 -1
  86. package/build/server/chunks/{_server.ts-CCSbDOWm.js → _server.ts-BAbY8aV1.js} +5 -5
  87. package/build/server/chunks/{_server.ts-CCSbDOWm.js.map → _server.ts-BAbY8aV1.js.map} +1 -1
  88. package/build/server/chunks/{_server.ts-Baozh1FE.js → _server.ts-BAdKV-Vr.js} +5 -5
  89. package/build/server/chunks/{_server.ts-Baozh1FE.js.map → _server.ts-BAdKV-Vr.js.map} +1 -1
  90. package/build/server/chunks/{_server.ts-DkpnaxtR.js → _server.ts-BEA14G2l.js} +6 -6
  91. package/build/server/chunks/{_server.ts-DkpnaxtR.js.map → _server.ts-BEA14G2l.js.map} +1 -1
  92. package/build/server/chunks/{_server.ts-Q6gku721.js → _server.ts-BF7PAZ4m.js} +5 -5
  93. package/build/server/chunks/{_server.ts-Q6gku721.js.map → _server.ts-BF7PAZ4m.js.map} +1 -1
  94. package/build/server/chunks/{_server.ts-wZerakZf.js → _server.ts-BIUuWkss.js} +5 -5
  95. package/build/server/chunks/{_server.ts-wZerakZf.js.map → _server.ts-BIUuWkss.js.map} +1 -1
  96. package/build/server/chunks/{_server.ts-C7BHJSCS.js → _server.ts-BMJe_-Gu.js} +6 -6
  97. package/build/server/chunks/{_server.ts-C7BHJSCS.js.map → _server.ts-BMJe_-Gu.js.map} +1 -1
  98. package/build/server/chunks/{_server.ts-De3Ci2sP.js → _server.ts-BWMfLBve.js} +5 -5
  99. package/build/server/chunks/{_server.ts-De3Ci2sP.js.map → _server.ts-BWMfLBve.js.map} +1 -1
  100. package/build/server/chunks/{_server.ts-C7EVl-bi.js → _server.ts-BeJ5fvf9.js} +5 -5
  101. package/build/server/chunks/{_server.ts-C7EVl-bi.js.map → _server.ts-BeJ5fvf9.js.map} +1 -1
  102. package/build/server/chunks/{_server.ts-Do9vXHTl.js → _server.ts-BlADjd_F.js} +5 -5
  103. package/build/server/chunks/{_server.ts-Do9vXHTl.js.map → _server.ts-BlADjd_F.js.map} +1 -1
  104. package/build/server/chunks/{_server.ts-BHglX11P.js → _server.ts-BoV4vI01.js} +7 -7
  105. package/build/server/chunks/{_server.ts-BHglX11P.js.map → _server.ts-BoV4vI01.js.map} +1 -1
  106. package/build/server/chunks/{_server.ts-x2T-1ecq.js → _server.ts-BqHFegPU.js} +5 -8
  107. package/build/server/chunks/_server.ts-BqHFegPU.js.map +1 -0
  108. package/build/server/chunks/{_server.ts-BR0sBzB0.js → _server.ts-C-Ts2LDj.js} +5 -5
  109. package/build/server/chunks/{_server.ts-BR0sBzB0.js.map → _server.ts-C-Ts2LDj.js.map} +1 -1
  110. package/build/server/chunks/{_server.ts-DTa1SYz_.js → _server.ts-C4i3X825.js} +5 -5
  111. package/build/server/chunks/{_server.ts-DTa1SYz_.js.map → _server.ts-C4i3X825.js.map} +1 -1
  112. package/build/server/chunks/{_server.ts-7YfKZbRf.js → _server.ts-C5ZwxYWZ.js} +6 -6
  113. package/build/server/chunks/{_server.ts-7YfKZbRf.js.map → _server.ts-C5ZwxYWZ.js.map} +1 -1
  114. package/build/server/chunks/{_server.ts-BlGrZPhR.js → _server.ts-C9DfluLS.js} +7 -7
  115. package/build/server/chunks/{_server.ts-BlGrZPhR.js.map → _server.ts-C9DfluLS.js.map} +1 -1
  116. package/build/server/chunks/{_server.ts-CKnr7Uu8.js → _server.ts-C9Qk-z2P.js} +2 -2
  117. package/build/server/chunks/{_server.ts-CKnr7Uu8.js.map → _server.ts-C9Qk-z2P.js.map} +1 -1
  118. package/build/server/chunks/{_server.ts-B4IkHWrK.js → _server.ts-C9iBT0O1.js} +5 -5
  119. package/build/server/chunks/{_server.ts-B4IkHWrK.js.map → _server.ts-C9iBT0O1.js.map} +1 -1
  120. package/build/server/chunks/{_server.ts-CPEbL-Pt.js → _server.ts-CBcEaKhJ.js} +6 -6
  121. package/build/server/chunks/{_server.ts-CPEbL-Pt.js.map → _server.ts-CBcEaKhJ.js.map} +1 -1
  122. package/build/server/chunks/{_server.ts-Bzx8e_vT.js → _server.ts-CDMKuzKi.js} +5 -5
  123. package/build/server/chunks/{_server.ts-Bzx8e_vT.js.map → _server.ts-CDMKuzKi.js.map} +1 -1
  124. package/build/server/chunks/{_server.ts-WRqR790z.js → _server.ts-CG9c2nMH.js} +5 -5
  125. package/build/server/chunks/{_server.ts-WRqR790z.js.map → _server.ts-CG9c2nMH.js.map} +1 -1
  126. package/build/server/chunks/{_server.ts-Der6MKsu.js → _server.ts-CGjLssln.js} +2 -2
  127. package/build/server/chunks/{_server.ts-Der6MKsu.js.map → _server.ts-CGjLssln.js.map} +1 -1
  128. package/build/server/chunks/{_server.ts-DfwiRzeI.js → _server.ts-CJebiZAy.js} +5 -5
  129. package/build/server/chunks/{_server.ts-DfwiRzeI.js.map → _server.ts-CJebiZAy.js.map} +1 -1
  130. package/build/server/chunks/{_server.ts-CWb18g88.js → _server.ts-CN3KY-j4.js} +8 -8
  131. package/build/server/chunks/{_server.ts-CWb18g88.js.map → _server.ts-CN3KY-j4.js.map} +1 -1
  132. package/build/server/chunks/{_server.ts-IuJoqgcf.js → _server.ts-CNnAKJNo.js} +5 -5
  133. package/build/server/chunks/{_server.ts-IuJoqgcf.js.map → _server.ts-CNnAKJNo.js.map} +1 -1
  134. package/build/server/chunks/{_server.ts-7HHVmf6s.js → _server.ts-CO5i0uRb.js} +5 -5
  135. package/build/server/chunks/{_server.ts-7HHVmf6s.js.map → _server.ts-CO5i0uRb.js.map} +1 -1
  136. package/build/server/chunks/{_server.ts-DEmX_Z0O.js → _server.ts-COBY41YU.js} +6 -6
  137. package/build/server/chunks/{_server.ts-DEmX_Z0O.js.map → _server.ts-COBY41YU.js.map} +1 -1
  138. package/build/server/chunks/{_server.ts-Bh-5jiYC.js → _server.ts-CRzgB32e.js} +5 -5
  139. package/build/server/chunks/{_server.ts-Bh-5jiYC.js.map → _server.ts-CRzgB32e.js.map} +1 -1
  140. package/build/server/chunks/{_server.ts-CeuX4TD2.js → _server.ts-CTn1nPKB.js} +6 -6
  141. package/build/server/chunks/{_server.ts-CeuX4TD2.js.map → _server.ts-CTn1nPKB.js.map} +1 -1
  142. package/build/server/chunks/{_server.ts-BIKnhFxu.js → _server.ts-CZIlhr3f.js} +5 -5
  143. package/build/server/chunks/{_server.ts-BIKnhFxu.js.map → _server.ts-CZIlhr3f.js.map} +1 -1
  144. package/build/server/chunks/{_server.ts-DYjYHIIg.js → _server.ts-Cb3DMx8Y.js} +5 -5
  145. package/build/server/chunks/{_server.ts-DYjYHIIg.js.map → _server.ts-Cb3DMx8Y.js.map} +1 -1
  146. package/build/server/chunks/{_server.ts-C8owE7KE.js → _server.ts-Ce1KW1i1.js} +5 -5
  147. package/build/server/chunks/{_server.ts-C8owE7KE.js.map → _server.ts-Ce1KW1i1.js.map} +1 -1
  148. package/build/server/chunks/{_server.ts-7PYmr9Z-.js → _server.ts-CfECuzPe.js} +5 -5
  149. package/build/server/chunks/{_server.ts-7PYmr9Z-.js.map → _server.ts-CfECuzPe.js.map} +1 -1
  150. package/build/server/chunks/{_server.ts-BbtNmpd6.js → _server.ts-Ch1qx97W.js} +5 -5
  151. package/build/server/chunks/{_server.ts-BbtNmpd6.js.map → _server.ts-Ch1qx97W.js.map} +1 -1
  152. package/build/server/chunks/{_server.ts-Bp8WEV3T.js → _server.ts-Ch4fnkZq.js} +5 -5
  153. package/build/server/chunks/{_server.ts-Bp8WEV3T.js.map → _server.ts-Ch4fnkZq.js.map} +1 -1
  154. package/build/server/chunks/{_server.ts-DuzwVKnI.js → _server.ts-Clwa84nf.js} +6 -6
  155. package/build/server/chunks/{_server.ts-DuzwVKnI.js.map → _server.ts-Clwa84nf.js.map} +1 -1
  156. package/build/server/chunks/{_server.ts-DgYWHXWn.js → _server.ts-CqQz6OGj.js} +5 -5
  157. package/build/server/chunks/{_server.ts-DgYWHXWn.js.map → _server.ts-CqQz6OGj.js.map} +1 -1
  158. package/build/server/chunks/{_server.ts-CMfWgDOR.js → _server.ts-CsUYCOBG.js} +6 -6
  159. package/build/server/chunks/{_server.ts-CMfWgDOR.js.map → _server.ts-CsUYCOBG.js.map} +1 -1
  160. package/build/server/chunks/{_server.ts-Caecp_9T.js → _server.ts-D03EOkHX.js} +6 -6
  161. package/build/server/chunks/{_server.ts-Caecp_9T.js.map → _server.ts-D03EOkHX.js.map} +1 -1
  162. package/build/server/chunks/{_server.ts-D1SQw1xr.js → _server.ts-D4YikZo6.js} +5 -5
  163. package/build/server/chunks/{_server.ts-D1SQw1xr.js.map → _server.ts-D4YikZo6.js.map} +1 -1
  164. package/build/server/chunks/{_server.ts-Bh5t8TMR.js → _server.ts-D6nj5zvV.js} +5 -5
  165. package/build/server/chunks/{_server.ts-Bh5t8TMR.js.map → _server.ts-D6nj5zvV.js.map} +1 -1
  166. package/build/server/chunks/{_server.ts-17Sm7tBJ.js → _server.ts-D7ty42uk.js} +5 -5
  167. package/build/server/chunks/{_server.ts-17Sm7tBJ.js.map → _server.ts-D7ty42uk.js.map} +1 -1
  168. package/build/server/chunks/{_server.ts-CFPp8keI.js → _server.ts-DA7PaD6O.js} +5 -5
  169. package/build/server/chunks/{_server.ts-CFPp8keI.js.map → _server.ts-DA7PaD6O.js.map} +1 -1
  170. package/build/server/chunks/{_server.ts-D02ydqWj.js → _server.ts-DBidN7Pf.js} +5 -5
  171. package/build/server/chunks/{_server.ts-D02ydqWj.js.map → _server.ts-DBidN7Pf.js.map} +1 -1
  172. package/build/server/chunks/{_server.ts-CyCT3WI1.js → _server.ts-DD-Wakng.js} +5 -5
  173. package/build/server/chunks/{_server.ts-CyCT3WI1.js.map → _server.ts-DD-Wakng.js.map} +1 -1
  174. package/build/server/chunks/{_server.ts-DyAq_u9y.js → _server.ts-DE1no1WK.js} +5 -5
  175. package/build/server/chunks/{_server.ts-DyAq_u9y.js.map → _server.ts-DE1no1WK.js.map} +1 -1
  176. package/build/server/chunks/{_server.ts-BItwSO5E.js → _server.ts-DFQvvf4U.js} +2 -2
  177. package/build/server/chunks/{_server.ts-BItwSO5E.js.map → _server.ts-DFQvvf4U.js.map} +1 -1
  178. package/build/server/chunks/{_server.ts-BmQzKzgF.js → _server.ts-DGT7zOa_.js} +5 -5
  179. package/build/server/chunks/{_server.ts-BmQzKzgF.js.map → _server.ts-DGT7zOa_.js.map} +1 -1
  180. package/build/server/chunks/{_server.ts-zlBR3T4Z.js → _server.ts-DPoW_dJp.js} +6 -6
  181. package/build/server/chunks/{_server.ts-zlBR3T4Z.js.map → _server.ts-DPoW_dJp.js.map} +1 -1
  182. package/build/server/chunks/{_server.ts-CswojIO6.js → _server.ts-DTkIq90Q.js} +5 -5
  183. package/build/server/chunks/{_server.ts-CswojIO6.js.map → _server.ts-DTkIq90Q.js.map} +1 -1
  184. package/build/server/chunks/{_server.ts-DnTpL24U.js → _server.ts-DU-Yr9vT.js} +5 -5
  185. package/build/server/chunks/{_server.ts-DnTpL24U.js.map → _server.ts-DU-Yr9vT.js.map} +1 -1
  186. package/build/server/chunks/{_server.ts-F9jr1TXS.js → _server.ts-DWL57O_5.js} +5 -5
  187. package/build/server/chunks/{_server.ts-F9jr1TXS.js.map → _server.ts-DWL57O_5.js.map} +1 -1
  188. package/build/server/chunks/{_server.ts-D-kETy9m.js → _server.ts-DZ9byWNw.js} +5 -5
  189. package/build/server/chunks/{_server.ts-D-kETy9m.js.map → _server.ts-DZ9byWNw.js.map} +1 -1
  190. package/build/server/chunks/{_server.ts-IrIGIyzI.js → _server.ts-DaoMSeHY.js} +6 -6
  191. package/build/server/chunks/{_server.ts-IrIGIyzI.js.map → _server.ts-DaoMSeHY.js.map} +1 -1
  192. package/build/server/chunks/{_server.ts-Ff36E_kQ.js → _server.ts-DbHFbBT0.js} +5 -5
  193. package/build/server/chunks/{_server.ts-Ff36E_kQ.js.map → _server.ts-DbHFbBT0.js.map} +1 -1
  194. package/build/server/chunks/{_server.ts-aIvJGwVD.js → _server.ts-Dc0k89lw.js} +5 -5
  195. package/build/server/chunks/{_server.ts-aIvJGwVD.js.map → _server.ts-Dc0k89lw.js.map} +1 -1
  196. package/build/server/chunks/{_server.ts-BrMoDp9S.js → _server.ts-DcyN4vFe.js} +5 -5
  197. package/build/server/chunks/{_server.ts-BrMoDp9S.js.map → _server.ts-DcyN4vFe.js.map} +1 -1
  198. package/build/server/chunks/{_server.ts-644qDVn-.js → _server.ts-Dn4oujkq.js} +5 -5
  199. package/build/server/chunks/{_server.ts-644qDVn-.js.map → _server.ts-Dn4oujkq.js.map} +1 -1
  200. package/build/server/chunks/{_server.ts-BkKDLEw2.js → _server.ts-Do6yX31K.js} +5 -5
  201. package/build/server/chunks/{_server.ts-BkKDLEw2.js.map → _server.ts-Do6yX31K.js.map} +1 -1
  202. package/build/server/chunks/{_server.ts-CZJ1Q1LT.js → _server.ts-DvU4VL9N.js} +7 -7
  203. package/build/server/chunks/{_server.ts-CZJ1Q1LT.js.map → _server.ts-DvU4VL9N.js.map} +1 -1
  204. package/build/server/chunks/{_server.ts-CWz-e7Hy.js → _server.ts-DvgxIQ3m.js} +7 -7
  205. package/build/server/chunks/{_server.ts-CWz-e7Hy.js.map → _server.ts-DvgxIQ3m.js.map} +1 -1
  206. package/build/server/chunks/{_server.ts-DGdvFSCJ.js → _server.ts-Dwf56wbe.js} +5 -5
  207. package/build/server/chunks/{_server.ts-DGdvFSCJ.js.map → _server.ts-Dwf56wbe.js.map} +1 -1
  208. package/build/server/chunks/{_server.ts-Clnw_CPP.js → _server.ts-FbCT4fAv.js} +4 -4
  209. package/build/server/chunks/{_server.ts-Clnw_CPP.js.map → _server.ts-FbCT4fAv.js.map} +1 -1
  210. package/build/server/chunks/{_server.ts-CbW89QHq.js → _server.ts-Grj3ObI-.js} +5 -5
  211. package/build/server/chunks/{_server.ts-CbW89QHq.js.map → _server.ts-Grj3ObI-.js.map} +1 -1
  212. package/build/server/chunks/{_server.ts-CwLV4b1f.js → _server.ts-JhKQFs9Y.js} +5 -10
  213. package/build/server/chunks/_server.ts-JhKQFs9Y.js.map +1 -0
  214. package/build/server/chunks/{_server.ts-DKAThwNY.js → _server.ts-WDLpd9rl.js} +5 -5
  215. package/build/server/chunks/{_server.ts-DKAThwNY.js.map → _server.ts-WDLpd9rl.js.map} +1 -1
  216. package/build/server/chunks/{_server.ts-4mcrPKs8.js → _server.ts-d_3cbDmy.js} +5 -5
  217. package/build/server/chunks/{_server.ts-4mcrPKs8.js.map → _server.ts-d_3cbDmy.js.map} +1 -1
  218. package/build/server/chunks/{_server.ts-B4sIzTwj.js → _server.ts-h2lIPoZ2.js} +5 -5
  219. package/build/server/chunks/{_server.ts-B4sIzTwj.js.map → _server.ts-h2lIPoZ2.js.map} +1 -1
  220. package/build/server/chunks/{_server.ts-DI7DVHmY.js → _server.ts-hQ06BmH4.js} +5 -5
  221. package/build/server/chunks/_server.ts-hQ06BmH4.js.map +1 -0
  222. package/build/server/chunks/{_server.ts-BexCNXZL.js → _server.ts-iMB11laZ.js} +5 -5
  223. package/build/server/chunks/{_server.ts-BexCNXZL.js.map → _server.ts-iMB11laZ.js.map} +1 -1
  224. package/build/server/chunks/{_server.ts-C759kKrI.js → _server.ts-ierShFKJ.js} +5 -5
  225. package/build/server/chunks/{_server.ts-C759kKrI.js.map → _server.ts-ierShFKJ.js.map} +1 -1
  226. package/build/server/chunks/{_server.ts-p6BIfEPN.js → _server.ts-kozeClZM.js} +6 -6
  227. package/build/server/chunks/{_server.ts-p6BIfEPN.js.map → _server.ts-kozeClZM.js.map} +1 -1
  228. package/build/server/chunks/{_server.ts-DMk0lyPh.js → _server.ts-kvauWXn5.js} +5 -5
  229. package/build/server/chunks/{_server.ts-DMk0lyPh.js.map → _server.ts-kvauWXn5.js.map} +1 -1
  230. package/build/server/chunks/{_server.ts-BJlwCXg-.js → _server.ts-n67IX1Ts.js} +5 -5
  231. package/build/server/chunks/{_server.ts-BJlwCXg-.js.map → _server.ts-n67IX1Ts.js.map} +1 -1
  232. package/build/server/chunks/{_server.ts-DP5YV8h3.js → _server.ts-oQtdP7Qa.js} +31 -37
  233. package/build/server/chunks/_server.ts-oQtdP7Qa.js.map +1 -0
  234. package/build/server/chunks/{_server.ts-CUSgj-vr.js → _server.ts-qTMHjfVT.js} +7 -7
  235. package/build/server/chunks/{_server.ts-CUSgj-vr.js.map → _server.ts-qTMHjfVT.js.map} +1 -1
  236. package/build/server/chunks/{_server.ts-Dg1Zjg-X.js → _server.ts-xxbNV0Kw.js} +2 -2
  237. package/build/server/chunks/{_server.ts-Dg1Zjg-X.js.map → _server.ts-xxbNV0Kw.js.map} +1 -1
  238. package/build/server/chunks/{addon-helpers-XImVlKha.js → addon-helpers-DCo7EOJ1.js} +3 -3
  239. package/build/server/chunks/{addon-helpers-XImVlKha.js.map → addon-helpers-DCo7EOJ1.js.map} +1 -1
  240. package/build/server/chunks/{akm-BHWIeMbV.js → akm-Cbgyj5YC.js} +2 -2
  241. package/build/server/chunks/{akm-BHWIeMbV.js.map → akm-Cbgyj5YC.js.map} +1 -1
  242. package/build/server/chunks/{catalog-Fe3z4JM_.js → catalog-1jnj5X5h.js} +5 -5
  243. package/build/server/chunks/{catalog-Fe3z4JM_.js.map → catalog-1jnj5X5h.js.map} +1 -1
  244. package/build/server/chunks/{client-lMbA6Jug.js → client-DK1n28Yo.js} +2 -2
  245. package/build/server/chunks/{client-lMbA6Jug.js.map → client-DK1n28Yo.js.map} +1 -1
  246. package/build/server/chunks/{config-B2V9qVRT.js → config-CkGp7SGd.js} +2 -2
  247. package/build/server/chunks/{config-B2V9qVRT.js.map → config-CkGp7SGd.js.map} +1 -1
  248. package/build/server/chunks/{docker-CEt-3e57.js → docker-Cx5omR60.js} +2 -2
  249. package/build/server/chunks/{docker-CEt-3e57.js.map → docker-Cx5omR60.js.map} +1 -1
  250. package/build/server/chunks/{endpoints-ev9YSBb8.js → endpoints-C11fNgt_.js} +2 -2
  251. package/build/server/chunks/{endpoints-ev9YSBb8.js.map → endpoints-C11fNgt_.js.map} +1 -1
  252. package/build/server/chunks/{error.svelte-CIoDqhLx.js → error.svelte-Drzuho8F.js} +4 -4
  253. package/build/server/chunks/{error.svelte-CIoDqhLx.js.map → error.svelte-Drzuho8F.js.map} +1 -1
  254. package/build/server/chunks/{helpers-BluGgY3g.js → helpers-BUFVs5rR.js} +3 -3
  255. package/build/server/chunks/{helpers-BluGgY3g.js.map → helpers-BUFVs5rR.js.map} +1 -1
  256. package/build/server/chunks/{hooks.server-DMdbB9Fv.js → hooks.server-B3zyEAPe.js} +10 -17
  257. package/build/server/chunks/hooks.server-B3zyEAPe.js.map +1 -0
  258. package/build/server/chunks/{http-BmFqfzyw.js → http-BcWKKzEL.js} +2 -2
  259. package/build/server/chunks/{http-BmFqfzyw.js.map → http-BcWKKzEL.js.map} +1 -1
  260. package/build/server/chunks/{internal-CGvCj4Lu.js → internal-vyS6U9TX.js} +3 -3
  261. package/build/server/chunks/{internal-CGvCj4Lu.js.map → internal-vyS6U9TX.js.map} +1 -1
  262. package/build/server/chunks/{migration-status-UK_z_iXN.js → migration-status-DiY6y8qW.js} +3 -3
  263. package/build/server/chunks/migration-status-DiY6y8qW.js.map +1 -0
  264. package/build/server/chunks/{session-cookie-Cn2O_Cv6.js → session-cookie-CAC4r6_1.js} +2 -2
  265. package/build/server/chunks/{session-cookie-Cn2O_Cv6.js.map → session-cookie-CAC4r6_1.js.map} +1 -1
  266. package/build/server/chunks/{setup-deploy-B9QxcV6K.js → setup-deploy-DrYkoc76.js} +2 -2
  267. package/build/server/chunks/{setup-deploy-B9QxcV6K.js.map → setup-deploy-DrYkoc76.js.map} +1 -1
  268. package/build/server/chunks/{src-Bms-Wpj4.js → src-2DECZjwE.js} +63 -111
  269. package/build/server/chunks/src-2DECZjwE.js.map +1 -0
  270. package/build/server/chunks/{state-dBGSHxF6.js → state-DmHQD7rQ.js} +3 -6
  271. package/build/server/chunks/state-DmHQD7rQ.js.map +1 -0
  272. package/build/server/chunks/{state2-tak_X-zN.js → state2-j1o3jE_2.js} +2 -2
  273. package/build/server/chunks/{state2-tak_X-zN.js.map → state2-j1o3jE_2.js.map} +1 -1
  274. package/build/server/index.js +1 -1
  275. package/build/server/index.js.map +1 -1
  276. package/build/server/manifest.js +91 -105
  277. package/build/server/manifest.js.map +1 -1
  278. package/package.json +2 -2
  279. package/build/client/_app/immutable/chunks/BJ1FElAi.js +0 -3
  280. package/build/client/_app/immutable/chunks/BJ1FElAi.js.br +0 -0
  281. package/build/client/_app/immutable/chunks/BJ1FElAi.js.gz +0 -0
  282. package/build/client/_app/immutable/chunks/BllPz2fN.js +0 -1
  283. package/build/client/_app/immutable/chunks/BllPz2fN.js.br +0 -2
  284. package/build/client/_app/immutable/chunks/BllPz2fN.js.gz +0 -0
  285. package/build/client/_app/immutable/chunks/Cn5j2N5s.js.br +0 -0
  286. package/build/client/_app/immutable/chunks/Cn5j2N5s.js.gz +0 -0
  287. package/build/client/_app/immutable/chunks/Dma1yH6T.js.br +0 -0
  288. package/build/client/_app/immutable/chunks/Dma1yH6T.js.gz +0 -0
  289. package/build/client/_app/immutable/entry/app.DCTrXp6P.js.br +0 -0
  290. package/build/client/_app/immutable/entry/app.DCTrXp6P.js.gz +0 -0
  291. package/build/client/_app/immutable/entry/start.DSb-TcOn.js +0 -1
  292. package/build/client/_app/immutable/entry/start.DSb-TcOn.js.br +0 -1
  293. package/build/client/_app/immutable/entry/start.DSb-TcOn.js.gz +0 -0
  294. package/build/client/_app/immutable/nodes/1.DeODpuBZ.js.br +0 -0
  295. package/build/client/_app/immutable/nodes/1.DeODpuBZ.js.gz +0 -0
  296. package/build/client/_app/immutable/nodes/10.ydmh33uP.js +0 -3
  297. package/build/client/_app/immutable/nodes/10.ydmh33uP.js.br +0 -0
  298. package/build/client/_app/immutable/nodes/10.ydmh33uP.js.gz +0 -0
  299. package/build/client/_app/immutable/nodes/4.BPWbyAG8.js.br +0 -0
  300. package/build/client/_app/immutable/nodes/4.BPWbyAG8.js.gz +0 -0
  301. package/build/client/_app/immutable/nodes/5.DSNlc6_T.js.br +0 -0
  302. package/build/client/_app/immutable/nodes/5.DSNlc6_T.js.gz +0 -0
  303. package/build/client/_app/immutable/nodes/6.BXpzaUL0.js.br +0 -0
  304. package/build/client/_app/immutable/nodes/6.BXpzaUL0.js.gz +0 -0
  305. package/build/client/_app/immutable/nodes/7.BrFVK4tb.js.br +0 -0
  306. package/build/client/_app/immutable/nodes/7.BrFVK4tb.js.gz +0 -0
  307. package/build/client/_app/immutable/nodes/8.w_eWNqum.js.br +0 -0
  308. package/build/client/_app/immutable/nodes/8.w_eWNqum.js.gz +0 -0
  309. package/build/server/chunks/1-DHr2ahqY.js +0 -9
  310. package/build/server/chunks/10-Bhcyw8HA.js.map +0 -1
  311. package/build/server/chunks/_page.svelte-rf-Q89lq.js.map +0 -1
  312. package/build/server/chunks/_server.ts-BvJoozcb.js +0 -77
  313. package/build/server/chunks/_server.ts-BvJoozcb.js.map +0 -1
  314. package/build/server/chunks/_server.ts-CwLV4b1f.js.map +0 -1
  315. package/build/server/chunks/_server.ts-DI7DVHmY.js.map +0 -1
  316. package/build/server/chunks/_server.ts-DP5YV8h3.js.map +0 -1
  317. package/build/server/chunks/_server.ts-De6opDLP.js +0 -96
  318. package/build/server/chunks/_server.ts-De6opDLP.js.map +0 -1
  319. package/build/server/chunks/_server.ts-x2T-1ecq.js.map +0 -1
  320. package/build/server/chunks/hooks.server-DMdbB9Fv.js.map +0 -1
  321. package/build/server/chunks/migration-status-UK_z_iXN.js.map +0 -1
  322. package/build/server/chunks/src-Bms-Wpj4.js.map +0 -1
  323. package/build/server/chunks/state-dBGSHxF6.js.map +0 -1
package/build/server/chunks/{helpers-BluGgY3g.js.map → helpers-BUFVs5rR.js.map} RENAMED
@@ -1 +1 @@
1
- {"version":3,"file":"helpers-BluGgY3g.js","sources":["../../../.svelte-kit/adapter-node/chunks/helpers.js"],"sourcesContent":["import { Gt as readSecret, en as resolveStackDir, mt as createOpenCodeClient } from \"./src.js\";\nimport \"./state.js\";\nimport { r as getActiveEndpoint } from \"./endpoints.js\";\nimport { createHash, createHmac, timingSafeEqual } from \"node:crypto\";\n//#region src/lib/server/session-store.ts\n/**\n* Stateless signed session tokens.\n*\n* Token format: `<expiresAt>.<hmac-sha256-hex>`\n* expiresAt — unix ms timestamp when the session expires\n* signature — HMAC-SHA256(expiresAt, login password)\n*\n* Tokens are self-validating: the server holds no per-session state and\n* sessions survive UI server restarts. Signing with the login password means\n* a password change invalidates all existing sessions — correct behaviour.\n*\n* The signing secret is resolved exactly like login verification\n* (`getUiLoginPassword`): `process.env.OP_UI_LOGIN_PASSWORD` first, then the\n* on-disk stack secret. When NEITHER exists, minting throws and validation\n* fails closed — there is deliberately no fallback secret, because a constant\n* key would let anyone forge an admin token. Reading the file per call also\n* means tokens minted right after the setup wizard writes the password are\n* signed with the real secret, without waiting for a process restart.\n*\n* Logout semantics (known trade-off of stateless tokens): logout revokes the\n* single token the browser presented (in-memory list, cleared on restart) and\n* clears the cookie. Earlier tokens issued to the same browser by sliding\n* renewal remain cryptographically valid until they expire — logout is\n* \"forget my cookie\", not \"kill every credential ever issued\". A real\n* kill-switch is changing the login password, which invalidates everything.\n*/\n/** Session lifetime for both the token expiry and the cookie Max-Age. 14 days. */\nvar SESSION_TTL_MS = 12096e5;\n/** Cookie Max-Age in seconds (Set-Cookie uses seconds, not ms). */\nvar SESSION_TTL_SECONDS = SESSION_TTL_MS / 1e3;\nvar _revoked = /* @__PURE__ */ new Set();\nvar _testOverrides = /* @__PURE__ */ new Set();\n/**\n* Read the operator UI login password from the host environment or the\n* file-based stack secret (`knowledge/secrets/op_ui_login_password`).\n*\n* This is the single source of truth for the password — login verification\n* (helpers.ts) and token signing below both use it, so they can never\n* disagree about whether a password exists. Returns \"\" when neither source\n* has a value (first boot, before the wizard runs).\n*/\nfunction getUiLoginPassword() {\n\tconst envValue = process.env.OP_UI_LOGIN_PASSWORD;\n\tif (envValue) return envValue;\n\treturn readSecret(resolveStackDir(), \"op_ui_login_password\")?.trimEnd() ?? \"\";\n}\n/** Sign `expiresAt` with the login password. Returns null when no password is configured. */\nfunction signToken(expiresAt) {\n\tconst secret = getUiLoginPassword();\n\tif (!secret) return null;\n\treturn createHmac(\"sha256\", secret).update(String(expiresAt)).digest(\"hex\");\n}\n/**\n* Mint a new signed session token with a 14-day TTL.\n* Place the result in the `op_session` cookie.\n* Throws when no login password is configured — callers must verify a\n* password exists (they all do: login/session/setup-complete check first).\n*/\nfunction createSession() {\n\tconst expiresAt = Date.now() + SESSION_TTL_MS;\n\tconst sig = signToken(expiresAt);\n\tif (sig === null) throw new Error(\"Cannot mint a session: no UI login password is configured.\");\n\treturn `${expiresAt}.${sig}`;\n}\n/**\n* Return true iff `token` is a valid, non-expired, non-revoked session.\n*/\nfunction validateSession(token) {\n\tif (!token) return false;\n\tif (_testOverrides.has(token)) return true;\n\tif (_revoked.has(token)) return false;\n\tconst dot = token.lastIndexOf(\".\");\n\tif (dot < 0) return false;\n\tconst expiresAt = Number(token.slice(0, dot));\n\tif (!Number.isFinite(expiresAt) || Date.now() >= expiresAt) return false;\n\tconst sig = token.slice(dot + 1);\n\tconst expected = signToken(expiresAt);\n\tif (expected === null) return false;\n\tif (sig.length !== expected.length) return false;\n\treturn timingSafeEqual(Buffer.from(sig), Buffer.from(expected));\n}\n/**\n* Sliding renewal: validate the old token, return a new one with a fresh\n* 14-day TTL, or return false if the old token is invalid/expired.\n* The caller must place the returned token in the `op_session` cookie.\n*/\nfunction touchSession(token) {\n\tif (!validateSession(token)) return false;\n\treturn createSession();\n}\n/**\n* Revoke a token (logout). The browser cookie must also be cleared by the caller.\n* The revocation list survives until the next server restart. Entries whose\n* embedded expiry has passed are pruned on each call — an expired token fails\n* validation anyway, so keeping it listed is pure memory growth.\n*/\nfunction invalidateSession(token) {\n\tconst now = Date.now();\n\tfor (const revoked of _revoked) {\n\t\tconst expiresAt = Number(revoked.slice(0, revoked.lastIndexOf(\".\")));\n\t\tif (!Number.isFinite(expiresAt) || expiresAt <= now) _revoked.delete(revoked);\n\t}\n\t_revoked.add(token);\n}\n//#endregion\n//#region src/lib/server/helpers.ts\n/**\n* Lazy OpenCode client bound to the currently active endpoint. The client is\n* recreated whenever the active endpoint URL changes so user switches in the\n* UI take effect on the next call.\n*/\nvar _openCodeClient;\nvar _openCodeClientUrl;\nfunction getOpenCodeClient() {\n\tconst { url } = getActiveEndpoint();\n\tif (!_openCodeClient || url !== _openCodeClientUrl) {\n\t\t_openCodeClient = createOpenCodeClient({ baseUrl: url });\n\t\t_openCodeClientUrl = url;\n\t}\n\treturn _openCodeClient;\n}\nfunction safeTokenCompare(a, b) {\n\tif (typeof a !== \"string\" || typeof b !== \"string\") return false;\n\tif (!a || !b) return false;\n\treturn timingSafeEqual(createHash(\"sha256\").update(a).digest(), createHash(\"sha256\").update(b).digest());\n}\n/** Standard JSON response with request ID header */\nfunction jsonResponse(status, body, requestId = \"\") {\n\treturn new Response(JSON.stringify(body), {\n\t\tstatus,\n\t\theaders: {\n\t\t\t\"content-type\": \"application/json\",\n\t\t\t...requestId ? { \"x-request-id\": requestId } : {}\n\t\t}\n\t});\n}\n/** Standard error envelope */\nfunction errorResponse(status, error, message, details = {}, requestId = \"\") {\n\treturn jsonResponse(status, {\n\t\terror,\n\t\tmessage,\n\t\tdetails,\n\t\trequestId\n\t}, requestId);\n}\n/** Extract or generate request ID */\nfunction getRequestId(event) {\n\treturn event.request.headers.get(\"x-request-id\") || crypto.randomUUID();\n}\n/**\n* Extract raw session token from the `op_session` cookie.\n*\n* Phase 2 of the auth/proxy refactor (docs/technical/auth-and-proxy-refactor-plan.md)\n* removed the legacy `x-admin-token` / `Authorization: Bearer` header fallbacks.\n* The cookie is HttpOnly + SameSite=Strict and is the ONLY credential the browser\n* holds; XSS cannot read it and out-of-process callers must obtain a session via\n* `POST /admin/auth/login` (or `/session`) and present the cookie on subsequent\n* requests.\n*/\nfunction extractToken(event) {\n\tconst match = (event.request.headers.get(\"cookie\") ?? \"\").match(/(?:^|;\\s*)op_session=([^;]+)/);\n\tif (match) return match[1];\n\treturn \"\";\n}\n/** Check admin auth — returns error Response or null if OK */\nfunction requireAdmin(event, requestId) {\n\tif (!getUiLoginPassword()) return errorResponse(503, \"admin_not_configured\", \"OP_UI_LOGIN_PASSWORD has not been set. Complete setup first.\", {}, requestId);\n\tif (!validateSession(extractToken(event))) return errorResponse(401, \"unauthorized\", \"Missing or invalid credentials\", {}, requestId);\n\treturn null;\n}\n/**\n* Identify caller by the presented `op_session` cookie.\n*\n* Returns \"admin\" when the cookie holds a valid session token.\n*/\nfunction identifyCallerByToken(event) {\n\tif (!getUiLoginPassword()) return null;\n\tif (validateSession(extractToken(event))) return \"admin\";\n\treturn null;\n}\n/** Parse JSON body safely — returns discriminated result with error type */\nasync function parseJsonBody(request, maxBytes = 1048576) {\n\ttry {\n\t\tconst contentLength = request.headers.get(\"content-length\");\n\t\tif (contentLength && parseInt(contentLength, 10) > maxBytes) return { error: \"too_large\" };\n\t\treturn { data: await request.json() };\n\t} catch (e) {\n\t\tconsole.warn(\"[helpers] Failed to parse JSON request body\", e);\n\t\treturn { error: \"invalid_json\" };\n\t}\n}\n/** Convert a ParseJsonBodyError to an appropriate HTTP error response */\nfunction jsonBodyError(err, requestId) {\n\tif (err.error === \"too_large\") return errorResponse(413, \"too_large\", \"Request body too large\", {}, requestId);\n\treturn errorResponse(400, \"invalid_json\", \"Request body must be valid JSON\", {}, requestId);\n}\n/**\n* Auth + JSON body wrapper for admin POST/DELETE handlers.\n*\n* Replaces the 4-line boilerplate copy-pasted across 30+ routes:\n* const requestId = getRequestId(event);\n* const authError = requireAdmin(event, requestId);\n* if (authError) return authError;\n* const result = await parseJsonBody(event.request);\n* if ('error' in result) return jsonBodyError(result, requestId);\n*\n* Use for routes that need both auth and a JSON body. For auth-only or\n* GET routes, call `requireAdmin` directly.\n*/\nasync function withAdminBody(event, handler) {\n\tconst requestId = getRequestId(event);\n\tconst originError = checkOriginHeader(event.request, UI_PORT);\n\tif (originError) return originError;\n\tconst authError = requireAdmin(event, requestId);\n\tif (authError) return authError;\n\tconst result = await parseJsonBody(event.request);\n\tif (\"error\" in result) return jsonBodyError(result, requestId);\n\treturn handler({\n\t\trequestId,\n\t\tbody: result.data\n\t});\n}\n/**\n* Reject requests whose Host header does not match localhost or 127.0.0.1\n* on the configured admin port.\n*\n* @param request Incoming Request (or SvelteKit RequestEvent.request)\n* @param port The port this server is bound to (e.g. 3880 or 8100)\n* @returns A 400 Response if the host is rejected; null if allowed\n*/\nfunction checkHostHeader(request, port) {\n\tconst normalized = (request.headers.get(\"host\") ?? \"\").trim().replace(/\\.$/, \"\");\n\tif ([`localhost:${port}`, `127.0.0.1:${port}`].includes(normalized)) return null;\n\treturn new Response(JSON.stringify({\n\t\terror: \"invalid_host\",\n\t\thost: normalized,\n\t\tmessage: \"Request rejected: Host header does not match allowed hosts. The admin UI binds to loopback (127.0.0.1) only; reach it via localhost or front it with a reverse proxy/tunnel for remote access.\"\n\t}), {\n\t\tstatus: 400,\n\t\theaders: { \"content-type\": \"application/json\" }\n\t});\n}\n/**\n* Reject POST/PUT/DELETE requests whose Origin header does not match\n* localhost or 127.0.0.1. Requests with no Origin (non-browser clients)\n* are always allowed.\n*\n* @param request Incoming Request\n* @param port The port this server is bound to\n* @returns A 403 Response if the origin is rejected; null if allowed\n*/\nfunction checkOriginHeader(request, port) {\n\tconst method = request.method.toUpperCase();\n\tif (method === \"GET\" || method === \"HEAD\" || method === \"OPTIONS\") return null;\n\tconst origin = request.headers.get(\"origin\");\n\tif (!origin) return null;\n\ttry {\n\t\tconst u = new URL(origin);\n\t\tif ([`localhost:${port}`, `127.0.0.1:${port}`].includes(u.host)) return null;\n\t} catch {}\n\treturn new Response(JSON.stringify({\n\t\terror: \"forbidden_origin\",\n\t\torigin\n\t}), {\n\t\tstatus: 403,\n\t\theaders: { \"content-type\": \"application/json\" }\n\t});\n}\nvar UI_PORT = Number(process.env.PORT ?? 3880);\n//#endregion\nexport { invalidateSession as _, getOpenCodeClient as a, jsonBodyError as c, requireAdmin as d, safeTokenCompare as f, getUiLoginPassword as g, createSession as h, errorResponse as i, jsonResponse as l, SESSION_TTL_SECONDS as m, checkHostHeader as n, getRequestId as o, withAdminBody as p, checkOriginHeader as r, identifyCallerByToken as s, UI_PORT as t, parseJsonBody as u, touchSession as v };\n"],"names":[],"mappings":";;;;AAIA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,cAAc,GAAG,OAAO;AAC5B;AACG,IAAC,mBAAmB,GAAG,cAAc,GAAG;AAC3C,IAAI,QAAQ,mBAAmB,IAAI,GAAG,EAAE;AACxC,IAAI,cAAc,mBAAmB,IAAI,GAAG,EAAE;AAC9C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,kBAAkB,GAAG;AAC9B,CAAC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB;AAClD,CAAC,IAAI,QAAQ,EAAE,OAAO,QAAQ;AAC9B,CAAC,OAAO,UAAU,CAAC,eAAe,EAAE,EAAE,sBAAsB,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE;AAC9E;AACA;AACA,SAAS,SAAS,CAAC,SAAS,EAAE;AAC9B,CAAC,MAAM,MAAM,GAAG,kBAAkB,EAAE;AACpC,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,IAAI;AACzB,CAAC,OAAO,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;AAC5E;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,aAAa,GAAG;AACzB,CAAC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,cAAc;AAC9C,CAAC,MAAM,GAAG,GAAG,SAAS,CAAC,SAAS,CAAC;AACjC,CAAC,IAAI,GAAG,KAAK,IAAI,EAAE,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC;AAChG,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AAC7B;AACA;AACA;AACA;AACA,SAAS,eAAe,CAAC,KAAK,EAAE;AAChC,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,KAAK;AACzB,CAAC,IAAI,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,OAAO,IAAI;AAC3C,CAAC,IAAI,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,OAAO,KAAK;AACtC,CAAC,MAAM,GAAG,GAAG,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC;AACnC,CAAC,IAAI,GAAG,GAAG,CAAC,EAAE,OAAO,KAAK;AAC1B,CAAC,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AAC9C,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,SAAS,EAAE,OAAO,KAAK;AACzE,CAAC,MAAM,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC;AACjC,CAAC,MAAM,QAAQ,GAAG,SAAS,CAAC,SAAS,CAAC;AACtC,CAAC,IAAI,QAAQ,KAAK,IAAI,EAAE,OAAO,KAAK;AACpC,CAAC,IAAI,GAAG,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM,EAAE,OAAO,KAAK;AACjD,CAAC,OAAO,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AAChE;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,YAAY,CAAC,KAAK,EAAE;AAC7B,CAAC,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,EAAE,OAAO,KAAK;AAC1C,CAAC,OAAO,aAAa,EAAE;AACvB;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,iBAAiB,CAAC,KAAK,EAAE;AAClC,CAAC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE;AACvB,CAAC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE;AACjC,EAAE,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;AACtE,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,SAAS,IAAI,GAAG,EAAE,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC;AAC/E,CAAC;AACD,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC;AACpB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,eAAe;AACnB,IAAI,kBAAkB;AACtB,SAAS,iBAAiB,GAAG;AAC7B,CAAC,MAAM,EAAE,GAAG,EAAE,GAAG,iBAAiB,EAAE;AACpC,CAAC,IAAI,CAAC,eAAe,IAAI,GAAG,KAAK,kBAAkB,EAAE;AACrD,EAAE,eAAe,GAAG,oBAAoB,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC;AAC1D,EAAE,kBAAkB,GAAG,GAAG;AAC1B,CAAC;AACD,CAAC,OAAO,eAAe;AACvB;AACA,SAAS,gBAAgB,CAAC,CAAC,EAAE,CAAC,EAAE;AAChC,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,OAAO,KAAK;AACjE,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,KAAK;AAC3B,CAAC,OAAO,eAAe,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;AACzG;AACA;AACA,SAAS,YAAY,CAAC,MAAM,EAAE,IAAI,EAAE,SAAS,GAAG,EAAE,EAAE;AACpD,CAAC,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;AAC3C,EAAE,MAAM;AACR,EAAE,OAAO,EAAE;AACX,GAAG,cAAc,EAAE,kBAAkB;AACrC,GAAG,GAAG,SAAS,GAAG,EAAE,cAAc,EAAE,SAAS,EAAE,GAAG;AAClD;AACA,EAAE,CAAC;AACH;AACA;AACA,SAAS,aAAa,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,GAAG,EAAE,EAAE,SAAS,GAAG,EAAE,EAAE;AAC7E,CAAC,OAAO,YAAY,CAAC,MAAM,EAAE;AAC7B,EAAE,KAAK;AACP,EAAE,OAAO;AACT,EAAE,OAAO;AACT,EAAE;AACF,EAAE,EAAE,SAAS,CAAC;AACd;AACA;AACA,SAAS,YAAY,CAAC,KAAK,EAAE;AAC7B,CAAC,OAAO,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,MAAM,CAAC,UAAU,EAAE;AACxE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,YAAY,CAAC,KAAK,EAAE;AAC7B,CAAC,MAAM,KAAK,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,KAAK,CAAC,8BAA8B,CAAC;AAChG,CAAC,IAAI,KAAK,EAAE,OAAO,KAAK,CAAC,CAAC,CAAC;AAC3B,CAAC,OAAO,EAAE;AACV;AACA;AACA,SAAS,YAAY,CAAC,KAAK,EAAE,SAAS,EAAE;AACxC,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,OAAO,aAAa,CAAC,GAAG,EAAE,sBAAsB,EAAE,8DAA8D,EAAE,EAAE,EAAE,SAAS,CAAC;AAC5J,CAAC,IAAI,CAAC,eAAe,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,aAAa,CAAC,GAAG,EAAE,cAAc,EAAE,gCAAgC,EAAE,EAAE,EAAE,SAAS,CAAC;AACtI,CAAC,OAAO,IAAI;AACZ;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,qBAAqB,CAAC,KAAK,EAAE;AACtC,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,OAAO,IAAI;AACvC,CAAC,IAAI,eAAe,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,OAAO;AACzD,CAAC,OAAO,IAAI;AACZ;AACA;AACA,eAAe,aAAa,CAAC,OAAO,EAAE,QAAQ,GAAG,OAAO,EAAE;AAC1D,CAAC,IAAI;AACL,EAAE,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;AAC7D,EAAE,IAAI,aAAa,IAAI,QAAQ,CAAC,aAAa,EAAE,EAAE,CAAC,GAAG,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE;AAC5F,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,OAAO,CAAC,IAAI,EAAE,EAAE;AACvC,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE;AACb,EAAE,OAAO,CAAC,IAAI,CAAC,6CAA6C,EAAE,CAAC,CAAC;AAChE,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE;AAClC,CAAC;AACD;AACA;AACA,SAAS,aAAa,CAAC,GAAG,EAAE,SAAS,EAAE;AACvC,CAAC,IAAI,GAAG,CAAC,KAAK,KAAK,WAAW,EAAE,OAAO,aAAa,CAAC,GAAG,EAAE,WAAW,EAAE,wBAAwB,EAAE,EAAE,EAAE,SAAS,CAAC;AAC/G,CAAC,OAAO,aAAa,CAAC,GAAG,EAAE,cAAc,EAAE,iCAAiC,EAAE,EAAE,EAAE,SAAS,CAAC;AAC5F;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAe,aAAa,CAAC,KAAK,EAAE,OAAO,EAAE;AAC7C,CAAC,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,CAAC;AACtC,CAAC,MAAM,WAAW,GAAG,iBAAiB,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC;AAC9D,CAAC,IAAI,WAAW,EAAE,OAAO,WAAW;AACpC,CAAC,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,EAAE,SAAS,CAAC;AACjD,CAAC,IAAI,SAAS,EAAE,OAAO,SAAS;AAChC,CAAC,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,OAAO,CAAC;AAClD,CAAC,IAAI,OAAO,IAAI,MAAM,EAAE,OAAO,aAAa,CAAC,MAAM,EAAE,SAAS,CAAC;AAC/D,CAAC,OAAO,OAAO,CAAC;AAChB,EAAE,SAAS;AACX,EAAE,IAAI,EAAE,MAAM,CAAC;AACf,EAAE,CAAC;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,eAAe,CAAC,OAAO,EAAE,IAAI,EAAE;AACxC,CAAC,MAAM,UAAU,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;AACjF,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,OAAO,IAAI;AACjF,CAAC,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;AACpC,EAAE,KAAK,EAAE,cAAc;AACvB,EAAE,IAAI,EAAE,UAAU;AAClB,EAAE,OAAO,EAAE;AACX,EAAE,CAAC,EAAE;AACL,EAAE,MAAM,EAAE,GAAG;AACb,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB;AAC/C,EAAE,CAAC;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,iBAAiB,CAAC,OAAO,EAAE,IAAI,EAAE;AAC1C,CAAC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;AAC5C,CAAC,IAAI,MAAM,KAAK,KAAK,IAAI,MAAM,KAAK,MAAM,IAAI,MAAM,KAAK,SAAS,EAAE,OAAO,IAAI;AAC/E,CAAC,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;AAC7C,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,IAAI;AACzB,CAAC,IAAI;AACL,EAAE,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC;AAC3B,EAAE,IAAI,CAAC,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,IAAI;AAC9E,CAAC,CAAC,CAAC,MAAM,CAAC;AACV,CAAC,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;AACpC,EAAE,KAAK,EAAE,kBAAkB;AAC3B,EAAE;AACF,EAAE,CAAC,EAAE;AACL,EAAE,MAAM,EAAE,GAAG;AACb,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB;AAC/C,EAAE,CAAC;AACH;AACG,IAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,IAAI;;;;"}
1
+ {"version":3,"file":"helpers-BUFVs5rR.js","sources":["../../../.svelte-kit/adapter-node/chunks/helpers.js"],"sourcesContent":["import { Bt as readSecret, Jt as resolveStackDir, pt as createOpenCodeClient } from \"./src.js\";\nimport \"./state.js\";\nimport { r as getActiveEndpoint } from \"./endpoints.js\";\nimport { createHash, createHmac, timingSafeEqual } from \"node:crypto\";\n//#region src/lib/server/session-store.ts\n/**\n* Stateless signed session tokens.\n*\n* Token format: `<expiresAt>.<hmac-sha256-hex>`\n* expiresAt — unix ms timestamp when the session expires\n* signature — HMAC-SHA256(expiresAt, login password)\n*\n* Tokens are self-validating: the server holds no per-session state and\n* sessions survive UI server restarts. Signing with the login password means\n* a password change invalidates all existing sessions — correct behaviour.\n*\n* The signing secret is resolved exactly like login verification\n* (`getUiLoginPassword`): `process.env.OP_UI_LOGIN_PASSWORD` first, then the\n* on-disk stack secret. When NEITHER exists, minting throws and validation\n* fails closed — there is deliberately no fallback secret, because a constant\n* key would let anyone forge an admin token. Reading the file per call also\n* means tokens minted right after the setup wizard writes the password are\n* signed with the real secret, without waiting for a process restart.\n*\n* Logout semantics (known trade-off of stateless tokens): logout revokes the\n* single token the browser presented (in-memory list, cleared on restart) and\n* clears the cookie. Earlier tokens issued to the same browser by sliding\n* renewal remain cryptographically valid until they expire — logout is\n* \"forget my cookie\", not \"kill every credential ever issued\". A real\n* kill-switch is changing the login password, which invalidates everything.\n*/\n/** Session lifetime for both the token expiry and the cookie Max-Age. 14 days. */\nvar SESSION_TTL_MS = 12096e5;\n/** Cookie Max-Age in seconds (Set-Cookie uses seconds, not ms). */\nvar SESSION_TTL_SECONDS = SESSION_TTL_MS / 1e3;\nvar _revoked = /* @__PURE__ */ new Set();\nvar _testOverrides = /* @__PURE__ */ new Set();\n/**\n* Read the operator UI login password from the host environment or the\n* file-based stack secret (`knowledge/secrets/op_ui_login_password`).\n*\n* This is the single source of truth for the password — login verification\n* (helpers.ts) and token signing below both use it, so they can never\n* disagree about whether a password exists. Returns \"\" when neither source\n* has a value (first boot, before the wizard runs).\n*/\nfunction getUiLoginPassword() {\n\tconst envValue = process.env.OP_UI_LOGIN_PASSWORD;\n\tif (envValue) return envValue;\n\treturn readSecret(resolveStackDir(), \"op_ui_login_password\")?.trimEnd() ?? \"\";\n}\n/** Sign `expiresAt` with the login password. Returns null when no password is configured. */\nfunction signToken(expiresAt) {\n\tconst secret = getUiLoginPassword();\n\tif (!secret) return null;\n\treturn createHmac(\"sha256\", secret).update(String(expiresAt)).digest(\"hex\");\n}\n/**\n* Mint a new signed session token with a 14-day TTL.\n* Place the result in the `op_session` cookie.\n* Throws when no login password is configured — callers must verify a\n* password exists (they all do: login/session/setup-complete check first).\n*/\nfunction createSession() {\n\tconst expiresAt = Date.now() + SESSION_TTL_MS;\n\tconst sig = signToken(expiresAt);\n\tif (sig === null) throw new Error(\"Cannot mint a session: no UI login password is configured.\");\n\treturn `${expiresAt}.${sig}`;\n}\n/**\n* Return true iff `token` is a valid, non-expired, non-revoked session.\n*/\nfunction validateSession(token) {\n\tif (!token) return false;\n\tif (_testOverrides.has(token)) return true;\n\tif (_revoked.has(token)) return false;\n\tconst dot = token.lastIndexOf(\".\");\n\tif (dot < 0) return false;\n\tconst expiresAt = Number(token.slice(0, dot));\n\tif (!Number.isFinite(expiresAt) || Date.now() >= expiresAt) return false;\n\tconst sig = token.slice(dot + 1);\n\tconst expected = signToken(expiresAt);\n\tif (expected === null) return false;\n\tif (sig.length !== expected.length) return false;\n\treturn timingSafeEqual(Buffer.from(sig), Buffer.from(expected));\n}\n/**\n* Sliding renewal: validate the old token, return a new one with a fresh\n* 14-day TTL, or return false if the old token is invalid/expired.\n* The caller must place the returned token in the `op_session` cookie.\n*/\nfunction touchSession(token) {\n\tif (!validateSession(token)) return false;\n\treturn createSession();\n}\n/**\n* Revoke a token (logout). The browser cookie must also be cleared by the caller.\n* The revocation list survives until the next server restart. Entries whose\n* embedded expiry has passed are pruned on each call — an expired token fails\n* validation anyway, so keeping it listed is pure memory growth.\n*/\nfunction invalidateSession(token) {\n\tconst now = Date.now();\n\tfor (const revoked of _revoked) {\n\t\tconst expiresAt = Number(revoked.slice(0, revoked.lastIndexOf(\".\")));\n\t\tif (!Number.isFinite(expiresAt) || expiresAt <= now) _revoked.delete(revoked);\n\t}\n\t_revoked.add(token);\n}\n//#endregion\n//#region src/lib/server/helpers.ts\n/**\n* Lazy OpenCode client bound to the currently active endpoint. The client is\n* recreated whenever the active endpoint URL changes so user switches in the\n* UI take effect on the next call.\n*/\nvar _openCodeClient;\nvar _openCodeClientUrl;\nfunction getOpenCodeClient() {\n\tconst { url } = getActiveEndpoint();\n\tif (!_openCodeClient || url !== _openCodeClientUrl) {\n\t\t_openCodeClient = createOpenCodeClient({ baseUrl: url });\n\t\t_openCodeClientUrl = url;\n\t}\n\treturn _openCodeClient;\n}\nfunction safeTokenCompare(a, b) {\n\tif (typeof a !== \"string\" || typeof b !== \"string\") return false;\n\tif (!a || !b) return false;\n\treturn timingSafeEqual(createHash(\"sha256\").update(a).digest(), createHash(\"sha256\").update(b).digest());\n}\n/** Standard JSON response with request ID header */\nfunction jsonResponse(status, body, requestId = \"\") {\n\treturn new Response(JSON.stringify(body), {\n\t\tstatus,\n\t\theaders: {\n\t\t\t\"content-type\": \"application/json\",\n\t\t\t...requestId ? { \"x-request-id\": requestId } : {}\n\t\t}\n\t});\n}\n/** Standard error envelope */\nfunction errorResponse(status, error, message, details = {}, requestId = \"\") {\n\treturn jsonResponse(status, {\n\t\terror,\n\t\tmessage,\n\t\tdetails,\n\t\trequestId\n\t}, requestId);\n}\n/** Extract or generate request ID */\nfunction getRequestId(event) {\n\treturn event.request.headers.get(\"x-request-id\") || crypto.randomUUID();\n}\n/**\n* Extract raw session token from the `op_session` cookie.\n*\n* Phase 2 of the auth/proxy refactor (docs/technical/auth-and-proxy-refactor-plan.md)\n* removed the legacy `x-admin-token` / `Authorization: Bearer` header fallbacks.\n* The cookie is HttpOnly + SameSite=Strict and is the ONLY credential the browser\n* holds; XSS cannot read it and out-of-process callers must obtain a session via\n* `POST /admin/auth/login` (or `/session`) and present the cookie on subsequent\n* requests.\n*/\nfunction extractToken(event) {\n\tconst match = (event.request.headers.get(\"cookie\") ?? \"\").match(/(?:^|;\\s*)op_session=([^;]+)/);\n\tif (match) return match[1];\n\treturn \"\";\n}\n/** Check admin auth — returns error Response or null if OK */\nfunction requireAdmin(event, requestId) {\n\tif (!getUiLoginPassword()) return errorResponse(503, \"admin_not_configured\", \"OP_UI_LOGIN_PASSWORD has not been set. Complete setup first.\", {}, requestId);\n\tif (!validateSession(extractToken(event))) return errorResponse(401, \"unauthorized\", \"Missing or invalid credentials\", {}, requestId);\n\treturn null;\n}\n/**\n* Identify caller by the presented `op_session` cookie.\n*\n* Returns \"admin\" when the cookie holds a valid session token.\n*/\nfunction identifyCallerByToken(event) {\n\tif (!getUiLoginPassword()) return null;\n\tif (validateSession(extractToken(event))) return \"admin\";\n\treturn null;\n}\n/** Parse JSON body safely — returns discriminated result with error type */\nasync function parseJsonBody(request, maxBytes = 1048576) {\n\ttry {\n\t\tconst contentLength = request.headers.get(\"content-length\");\n\t\tif (contentLength && parseInt(contentLength, 10) > maxBytes) return { error: \"too_large\" };\n\t\treturn { data: await request.json() };\n\t} catch (e) {\n\t\tconsole.warn(\"[helpers] Failed to parse JSON request body\", e);\n\t\treturn { error: \"invalid_json\" };\n\t}\n}\n/** Convert a ParseJsonBodyError to an appropriate HTTP error response */\nfunction jsonBodyError(err, requestId) {\n\tif (err.error === \"too_large\") return errorResponse(413, \"too_large\", \"Request body too large\", {}, requestId);\n\treturn errorResponse(400, \"invalid_json\", \"Request body must be valid JSON\", {}, requestId);\n}\n/**\n* Auth + JSON body wrapper for admin POST/DELETE handlers.\n*\n* Replaces the 4-line boilerplate copy-pasted across 30+ routes:\n* const requestId = getRequestId(event);\n* const authError = requireAdmin(event, requestId);\n* if (authError) return authError;\n* const result = await parseJsonBody(event.request);\n* if ('error' in result) return jsonBodyError(result, requestId);\n*\n* Use for routes that need both auth and a JSON body. For auth-only or\n* GET routes, call `requireAdmin` directly.\n*/\nasync function withAdminBody(event, handler) {\n\tconst requestId = getRequestId(event);\n\tconst originError = checkOriginHeader(event.request, UI_PORT);\n\tif (originError) return originError;\n\tconst authError = requireAdmin(event, requestId);\n\tif (authError) return authError;\n\tconst result = await parseJsonBody(event.request);\n\tif (\"error\" in result) return jsonBodyError(result, requestId);\n\treturn handler({\n\t\trequestId,\n\t\tbody: result.data\n\t});\n}\n/**\n* Reject requests whose Host header does not match localhost or 127.0.0.1\n* on the configured admin port.\n*\n* @param request Incoming Request (or SvelteKit RequestEvent.request)\n* @param port The port this server is bound to (e.g. 3880 or 8100)\n* @returns A 400 Response if the host is rejected; null if allowed\n*/\nfunction checkHostHeader(request, port) {\n\tconst normalized = (request.headers.get(\"host\") ?? \"\").trim().replace(/\\.$/, \"\");\n\tif ([`localhost:${port}`, `127.0.0.1:${port}`].includes(normalized)) return null;\n\treturn new Response(JSON.stringify({\n\t\terror: \"invalid_host\",\n\t\thost: normalized,\n\t\tmessage: \"Request rejected: Host header does not match allowed hosts. The admin UI binds to loopback (127.0.0.1) only; reach it via localhost or front it with a reverse proxy/tunnel for remote access.\"\n\t}), {\n\t\tstatus: 400,\n\t\theaders: { \"content-type\": \"application/json\" }\n\t});\n}\n/**\n* Reject POST/PUT/DELETE requests whose Origin header does not match\n* localhost or 127.0.0.1. Requests with no Origin (non-browser clients)\n* are always allowed.\n*\n* @param request Incoming Request\n* @param port The port this server is bound to\n* @returns A 403 Response if the origin is rejected; null if allowed\n*/\nfunction checkOriginHeader(request, port) {\n\tconst method = request.method.toUpperCase();\n\tif (method === \"GET\" || method === \"HEAD\" || method === \"OPTIONS\") return null;\n\tconst origin = request.headers.get(\"origin\");\n\tif (!origin) return null;\n\ttry {\n\t\tconst u = new URL(origin);\n\t\tif ([`localhost:${port}`, `127.0.0.1:${port}`].includes(u.host)) return null;\n\t} catch {}\n\treturn new Response(JSON.stringify({\n\t\terror: \"forbidden_origin\",\n\t\torigin\n\t}), {\n\t\tstatus: 403,\n\t\theaders: { \"content-type\": \"application/json\" }\n\t});\n}\nvar UI_PORT = Number(process.env.PORT ?? 3880);\n//#endregion\nexport { invalidateSession as _, getOpenCodeClient as a, jsonBodyError as c, requireAdmin as d, safeTokenCompare as f, getUiLoginPassword as g, createSession as h, errorResponse as i, jsonResponse as l, SESSION_TTL_SECONDS as m, checkHostHeader as n, getRequestId as o, withAdminBody as p, checkOriginHeader as r, identifyCallerByToken as s, UI_PORT as t, parseJsonBody as u, touchSession as v };\n"],"names":[],"mappings":";;;;AAIA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,cAAc,GAAG,OAAO;AAC5B;AACG,IAAC,mBAAmB,GAAG,cAAc,GAAG;AAC3C,IAAI,QAAQ,mBAAmB,IAAI,GAAG,EAAE;AACxC,IAAI,cAAc,mBAAmB,IAAI,GAAG,EAAE;AAC9C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,kBAAkB,GAAG;AAC9B,CAAC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB;AAClD,CAAC,IAAI,QAAQ,EAAE,OAAO,QAAQ;AAC9B,CAAC,OAAO,UAAU,CAAC,eAAe,EAAE,EAAE,sBAAsB,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE;AAC9E;AACA;AACA,SAAS,SAAS,CAAC,SAAS,EAAE;AAC9B,CAAC,MAAM,MAAM,GAAG,kBAAkB,EAAE;AACpC,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,IAAI;AACzB,CAAC,OAAO,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;AAC5E;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,aAAa,GAAG;AACzB,CAAC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,cAAc;AAC9C,CAAC,MAAM,GAAG,GAAG,SAAS,CAAC,SAAS,CAAC;AACjC,CAAC,IAAI,GAAG,KAAK,IAAI,EAAE,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC;AAChG,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AAC7B;AACA;AACA;AACA;AACA,SAAS,eAAe,CAAC,KAAK,EAAE;AAChC,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,KAAK;AACzB,CAAC,IAAI,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,OAAO,IAAI;AAC3C,CAAC,IAAI,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,OAAO,KAAK;AACtC,CAAC,MAAM,GAAG,GAAG,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC;AACnC,CAAC,IAAI,GAAG,GAAG,CAAC,EAAE,OAAO,KAAK;AAC1B,CAAC,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AAC9C,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,SAAS,EAAE,OAAO,KAAK;AACzE,CAAC,MAAM,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC;AACjC,CAAC,MAAM,QAAQ,GAAG,SAAS,CAAC,SAAS,CAAC;AACtC,CAAC,IAAI,QAAQ,KAAK,IAAI,EAAE,OAAO,KAAK;AACpC,CAAC,IAAI,GAAG,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM,EAAE,OAAO,KAAK;AACjD,CAAC,OAAO,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AAChE;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,YAAY,CAAC,KAAK,EAAE;AAC7B,CAAC,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,EAAE,OAAO,KAAK;AAC1C,CAAC,OAAO,aAAa,EAAE;AACvB;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,iBAAiB,CAAC,KAAK,EAAE;AAClC,CAAC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE;AACvB,CAAC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE;AACjC,EAAE,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;AACtE,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,SAAS,IAAI,GAAG,EAAE,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC;AAC/E,CAAC;AACD,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC;AACpB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,eAAe;AACnB,IAAI,kBAAkB;AACtB,SAAS,iBAAiB,GAAG;AAC7B,CAAC,MAAM,EAAE,GAAG,EAAE,GAAG,iBAAiB,EAAE;AACpC,CAAC,IAAI,CAAC,eAAe,IAAI,GAAG,KAAK,kBAAkB,EAAE;AACrD,EAAE,eAAe,GAAG,oBAAoB,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC;AAC1D,EAAE,kBAAkB,GAAG,GAAG;AAC1B,CAAC;AACD,CAAC,OAAO,eAAe;AACvB;AACA,SAAS,gBAAgB,CAAC,CAAC,EAAE,CAAC,EAAE;AAChC,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,OAAO,KAAK;AACjE,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,KAAK;AAC3B,CAAC,OAAO,eAAe,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;AACzG;AACA;AACA,SAAS,YAAY,CAAC,MAAM,EAAE,IAAI,EAAE,SAAS,GAAG,EAAE,EAAE;AACpD,CAAC,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;AAC3C,EAAE,MAAM;AACR,EAAE,OAAO,EAAE;AACX,GAAG,cAAc,EAAE,kBAAkB;AACrC,GAAG,GAAG,SAAS,GAAG,EAAE,cAAc,EAAE,SAAS,EAAE,GAAG;AAClD;AACA,EAAE,CAAC;AACH;AACA;AACA,SAAS,aAAa,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,GAAG,EAAE,EAAE,SAAS,GAAG,EAAE,EAAE;AAC7E,CAAC,OAAO,YAAY,CAAC,MAAM,EAAE;AAC7B,EAAE,KAAK;AACP,EAAE,OAAO;AACT,EAAE,OAAO;AACT,EAAE;AACF,EAAE,EAAE,SAAS,CAAC;AACd;AACA;AACA,SAAS,YAAY,CAAC,KAAK,EAAE;AAC7B,CAAC,OAAO,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,MAAM,CAAC,UAAU,EAAE;AACxE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,YAAY,CAAC,KAAK,EAAE;AAC7B,CAAC,MAAM,KAAK,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,KAAK,CAAC,8BAA8B,CAAC;AAChG,CAAC,IAAI,KAAK,EAAE,OAAO,KAAK,CAAC,CAAC,CAAC;AAC3B,CAAC,OAAO,EAAE;AACV;AACA;AACA,SAAS,YAAY,CAAC,KAAK,EAAE,SAAS,EAAE;AACxC,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,OAAO,aAAa,CAAC,GAAG,EAAE,sBAAsB,EAAE,8DAA8D,EAAE,EAAE,EAAE,SAAS,CAAC;AAC5J,CAAC,IAAI,CAAC,eAAe,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,aAAa,CAAC,GAAG,EAAE,cAAc,EAAE,gCAAgC,EAAE,EAAE,EAAE,SAAS,CAAC;AACtI,CAAC,OAAO,IAAI;AACZ;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,qBAAqB,CAAC,KAAK,EAAE;AACtC,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,OAAO,IAAI;AACvC,CAAC,IAAI,eAAe,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,OAAO;AACzD,CAAC,OAAO,IAAI;AACZ;AACA;AACA,eAAe,aAAa,CAAC,OAAO,EAAE,QAAQ,GAAG,OAAO,EAAE;AAC1D,CAAC,IAAI;AACL,EAAE,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;AAC7D,EAAE,IAAI,aAAa,IAAI,QAAQ,CAAC,aAAa,EAAE,EAAE,CAAC,GAAG,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE;AAC5F,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,OAAO,CAAC,IAAI,EAAE,EAAE;AACvC,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE;AACb,EAAE,OAAO,CAAC,IAAI,CAAC,6CAA6C,EAAE,CAAC,CAAC;AAChE,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE;AAClC,CAAC;AACD;AACA;AACA,SAAS,aAAa,CAAC,GAAG,EAAE,SAAS,EAAE;AACvC,CAAC,IAAI,GAAG,CAAC,KAAK,KAAK,WAAW,EAAE,OAAO,aAAa,CAAC,GAAG,EAAE,WAAW,EAAE,wBAAwB,EAAE,EAAE,EAAE,SAAS,CAAC;AAC/G,CAAC,OAAO,aAAa,CAAC,GAAG,EAAE,cAAc,EAAE,iCAAiC,EAAE,EAAE,EAAE,SAAS,CAAC;AAC5F;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAe,aAAa,CAAC,KAAK,EAAE,OAAO,EAAE;AAC7C,CAAC,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,CAAC;AACtC,CAAC,MAAM,WAAW,GAAG,iBAAiB,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC;AAC9D,CAAC,IAAI,WAAW,EAAE,OAAO,WAAW;AACpC,CAAC,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,EAAE,SAAS,CAAC;AACjD,CAAC,IAAI,SAAS,EAAE,OAAO,SAAS;AAChC,CAAC,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,OAAO,CAAC;AAClD,CAAC,IAAI,OAAO,IAAI,MAAM,EAAE,OAAO,aAAa,CAAC,MAAM,EAAE,SAAS,CAAC;AAC/D,CAAC,OAAO,OAAO,CAAC;AAChB,EAAE,SAAS;AACX,EAAE,IAAI,EAAE,MAAM,CAAC;AACf,EAAE,CAAC;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,eAAe,CAAC,OAAO,EAAE,IAAI,EAAE;AACxC,CAAC,MAAM,UAAU,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;AACjF,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,OAAO,IAAI;AACjF,CAAC,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;AACpC,EAAE,KAAK,EAAE,cAAc;AACvB,EAAE,IAAI,EAAE,UAAU;AAClB,EAAE,OAAO,EAAE;AACX,EAAE,CAAC,EAAE;AACL,EAAE,MAAM,EAAE,GAAG;AACb,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB;AAC/C,EAAE,CAAC;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,iBAAiB,CAAC,OAAO,EAAE,IAAI,EAAE;AAC1C,CAAC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;AAC5C,CAAC,IAAI,MAAM,KAAK,KAAK,IAAI,MAAM,KAAK,MAAM,IAAI,MAAM,KAAK,SAAS,EAAE,OAAO,IAAI;AAC/E,CAAC,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;AAC7C,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,IAAI;AACzB,CAAC,IAAI;AACL,EAAE,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC;AAC3B,EAAE,IAAI,CAAC,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,IAAI;AAC9E,CAAC,CAAC,CAAC,MAAM,CAAC;AACV,CAAC,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;AACpC,EAAE,KAAK,EAAE,kBAAkB;AAC3B,EAAE;AACF,EAAE,CAAC,EAAE;AACL,EAAE,MAAM,EAAE,GAAG;AACb,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB;AAC/C,EAAE,CAAC;AACH;AACG,IAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,IAAI;;;;"}
package/build/server/chunks/{hooks.server-DMdbB9Fv.js → hooks.server-B3zyEAPe.js} RENAMED
@@ -1,11 +1,11 @@
1
1
  import { r as redirect } from './exports-D1quPX8S.js';
2
- import { ai as isSetupComplete, aQ as resolveStackDir, p as classifyLocalInstall, u as composePs, l as buildComposeOptions, K as deriveLaunchStatus, R as detectRuntime, L as deriveLocalStackState, q as collectBindAddressWarnings, X as ensureHomeDirs, a0 as ensureSecrets, aA as readSecret, aE as readStackRuntimeEnv, Z as ensureOpenCodeConfig, _ as ensureOpenCodeSystemConfig, aP as resolveRuntimeFiles, b0 as writeRuntimeFiles, F as createLogger } from './src-Bms-Wpj4.js';
3
- import { g as getState } from './state-dBGSHxF6.js';
4
- import { b as listRemoteStatuses } from './endpoints-ev9YSBb8.js';
5
- import { c as checkHostHeader, a as checkOriginHeader, i as identifyCallerByToken, t as touchSession, U as UI_PORT } from './helpers-BluGgY3g.js';
6
- import { S as SESSION_COOKIE_NAME, s as sessionCookieHeader } from './session-cookie-Cn2O_Cv6.js';
2
+ import { ac as isSetupComplete, aJ as resolveStackDir, q as classifyLocalInstall, v as composePs, m as buildComposeOptions, L as deriveLaunchStatus, T as detectRuntime, N as deriveLocalStackState, r as collectBindAddressWarnings, au as readSecret, ay as readStackRuntimeEnv, G as createLogger } from './src-2DECZjwE.js';
3
+ import { g as getState } from './state-DmHQD7rQ.js';
4
+ import { b as listRemoteStatuses } from './endpoints-C11fNgt_.js';
5
+ import { c as checkHostHeader, a as checkOriginHeader, i as identifyCallerByToken, t as touchSession, U as UI_PORT } from './helpers-BUFVs5rR.js';
6
+ import { S as SESSION_COOKIE_NAME, s as sessionCookieHeader } from './session-cookie-CAC4r6_1.js';
7
7
  import { c as computeFeatureFlags } from './features-h0rPqe2e.js';
8
- import { i as isMigrationBlocking } from './migration-status-UK_z_iXN.js';
8
+ import { i as isMigrationBlocking } from './migration-status-DiY6y8qW.js';
9
9
  import './utils-BSRjJDrZ.js';
10
10
  import './chunk-CLZ62Ad-.js';
11
11
  import 'node:module';
@@ -38,30 +38,23 @@ var localStatusCache = null;
38
38
  function _resetLaunchCache() {
39
39
  localStatusCache = null;
40
40
  }
41
- function runStartupApply() {
41
+ function loadProcessEnv() {
42
42
  if (startupApplyDone) return;
43
43
  startupApplyDone = true;
44
44
  for (const line of collectBindAddressWarnings(process.env)) logger.warn(line);
45
45
  try {
46
- ensureHomeDirs();
47
46
  const state = getState();
48
- ensureSecrets(state);
49
47
  if (!process.env.OP_UI_LOGIN_PASSWORD) {
50
48
  const pw = readSecret(state.stackDir, "op_ui_login_password");
51
49
  if (pw) process.env.OP_UI_LOGIN_PASSWORD = pw.trimEnd();
52
50
  }
53
51
  const stackVars = readStackRuntimeEnv(state.stackDir);
54
52
  for (const [k, v] of Object.entries(stackVars)) if (v && !process.env[k]) process.env[k] = v;
55
- ensureOpenCodeConfig();
56
- ensureOpenCodeSystemConfig();
57
- state.artifacts = resolveRuntimeFiles();
58
- writeRuntimeFiles(state);
59
- logger.info("startup auto-apply completed successfully", { artifactMeta: state.artifactMeta });
60
53
  } catch (err) {
61
- logger.error("startup auto-apply failed", { error: String(err) });
54
+ logger.error("process env load failed", { error: String(err) });
62
55
  }
63
56
  }
64
- runStartupApply();
57
+ loadProcessEnv();
65
58
  var SETUP_PATHS = [
66
59
  "/setup",
67
60
  "/api/setup",
@@ -161,4 +154,4 @@ var handle = async ({ event, resolve }) => {
161
154
  };
162
155
 
163
156
  export { _resetLaunchCache, handle };
164
- //# sourceMappingURL=hooks.server-DMdbB9Fv.js.map
157
+ //# sourceMappingURL=hooks.server-B3zyEAPe.js.map
package/build/server/chunks/hooks.server-B3zyEAPe.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"hooks.server-B3zyEAPe.js","sources":["../../../.svelte-kit/adapter-node/entries/hooks.server.js"],"sourcesContent":["import { i as redirect } from \"../chunks/exports.js\";\nimport { $ as composePs, Bt as readSecret, Ft as readStackRuntimeEnv, G as deriveLaunchStatus, I as buildComposeOptions, Jt as resolveStackDir, K as deriveLocalStackState, W as classifyLocalInstall, ct as isSetupComplete, ln as createLogger, q as detectRuntime, t as collectBindAddressWarnings } from \"../chunks/src.js\";\nimport { t as getState } from \"../chunks/state.js\";\nimport { a as listRemoteStatuses } from \"../chunks/endpoints.js\";\nimport { n as checkHostHeader, r as checkOriginHeader, s as identifyCallerByToken, t as UI_PORT, v as touchSession } from \"../chunks/helpers.js\";\nimport { r as sessionCookieHeader, t as SESSION_COOKIE_NAME } from \"../chunks/session-cookie.js\";\nimport { t as computeFeatureFlags } from \"../chunks/features.js\";\nimport { n as isMigrationBlocking } from \"../chunks/migration-status.js\";\n//#region src/hooks.server.ts\nvar logger = createLogger(\"admin\");\nvar startupApplyDone = false;\nvar setupCompleteMemo = false;\nvar localStatusCache = null;\n/** Test-only: clear the 5s launch-routing cache so each test resolves fresh. */\nfunction _resetLaunchCache() {\n\tlocalStatusCache = null;\n}\nfunction loadProcessEnv() {\n\tif (startupApplyDone) return;\n\tstartupApplyDone = true;\n\tfor (const line of collectBindAddressWarnings(process.env)) logger.warn(line);\n\ttry {\n\t\tconst state = getState();\n\t\tif (!process.env.OP_UI_LOGIN_PASSWORD) {\n\t\t\tconst pw = readSecret(state.stackDir, \"op_ui_login_password\");\n\t\t\tif (pw) process.env.OP_UI_LOGIN_PASSWORD = pw.trimEnd();\n\t\t}\n\t\tconst stackVars = readStackRuntimeEnv(state.stackDir);\n\t\tfor (const [k, v] of Object.entries(stackVars)) if (v && !process.env[k]) process.env[k] = v;\n\t} catch (err) {\n\t\tlogger.error(\"process env load failed\", { error: String(err) });\n\t}\n}\nloadProcessEnv();\nvar SETUP_PATHS = [\n\t\"/setup\",\n\t\"/api/setup\",\n\t\"/health\",\n\t\"/guardian/health\"\n];\nfunction isLocalhostAddress(ip) {\n\treturn ip === \"127.0.0.1\" || ip === \"::1\" || ip === \"::ffff:127.0.0.1\";\n}\nfunction parseComposePsServices(stdout) {\n\tconst services = [];\n\tfor (const line of stdout.split(\"\\n\")) {\n\t\tconst trimmed = line.trim();\n\t\tif (!trimmed) continue;\n\t\ttry {\n\t\t\tconst parsed = JSON.parse(trimmed);\n\t\t\tservices.push({\n\t\t\t\tservice: String(parsed.Service ?? parsed.Name ?? \"\"),\n\t\t\t\tstate: String(parsed.State ?? \"\"),\n\t\t\t\thealth: String(parsed.Health ?? \"\")\n\t\t\t});\n\t\t} catch {\n\t\t\tcontinue;\n\t\t}\n\t}\n\treturn services;\n}\nasync function resolveLaunchRouting() {\n\tif (localStatusCache && localStatusCache.expiresAt > Date.now()) return localStatusCache.value;\n\tconst state = getState();\n\tconst installState = classifyLocalInstall(state.stackDir);\n\tconst composeResult = await composePs(buildComposeOptions(state));\n\tconst value = {\n\t\tinstallState,\n\t\tlaunch: deriveLaunchStatus({\n\t\t\tlocal: {\n\t\t\t\tstate: deriveLocalStackState(installState, composeResult.ok ? parseComposePsServices(composeResult.stdout) : []),\n\t\t\t\truntime: installState === \"not_installed\" ? await detectRuntime() : void 0,\n\t\t\t\tdetail: { installState }\n\t\t\t},\n\t\t\tremotes: await listRemoteStatuses()\n\t\t}),\n\t\tmigrationBlocking: isMigrationBlocking(state.homeDir)\n\t};\n\tlocalStatusCache = {\n\t\tvalue,\n\t\texpiresAt: Date.now() + 5e3\n\t};\n\treturn value;\n}\nvar handle = async ({ event, resolve }) => {\n\tconst hostError = checkHostHeader(event.request, UI_PORT);\n\tif (hostError) return hostError;\n\tconst originError = checkOriginHeader(event.request, UI_PORT);\n\tif (originError) return originError;\n\tconst path = event.url.pathname;\n\tif (path.startsWith(\"/admin\") && !computeFeatureFlags().admin) redirect(302, \"/chat\");\n\tconst isSetupPath = SETUP_PATHS.some((p) => path === p || path.startsWith(p + \"/\"));\n\tconst setupComplete = setupCompleteMemo || isSetupComplete(resolveStackDir());\n\tif (setupComplete) setupCompleteMemo = true;\n\tif (isSetupPath && !setupComplete) {\n\t\tif (!isLocalhostAddress(event.getClientAddress())) return new Response(JSON.stringify({\n\t\t\terror: \"setup_localhost_only\",\n\t\t\tmessage: \"Setup is only accessible from the host machine until installation is complete.\"\n\t\t}), {\n\t\t\tstatus: 403,\n\t\t\theaders: { \"content-type\": \"application/json\" }\n\t\t});\n\t}\n\tif (!isSetupPath) {\n\t\tconst { installState, launch, migrationBlocking } = await resolveLaunchRouting();\n\t\tconst desiredPath = migrationBlocking ? \"/splash\" : installState === \"setup_incomplete\" && launch.local.state === \"running\" ? \"/splash\" : launch.recommendedRoute === \"chat\" ? \"/chat\" : \"/splash\";\n\t\tconst usageRoute = path.startsWith(\"/chat\") || path.startsWith(\"/advanced\");\n\t\tconst exempt = path.startsWith(\"/api/\") || path.startsWith(\"/proxy/\") || path.startsWith(\"/login\") || path.startsWith(\"/health\") || path.startsWith(\"/guardian/health\") || path.startsWith(\"/admin\") || path.startsWith(\"/splash\") || !migrationBlocking && usageRoute;\n\t\tif (path === \"/\" || path !== desiredPath && !exempt) redirect(302, desiredPath);\n\t}\n\tevent.locals.role = identifyCallerByToken(event);\n\tlet renewedCookie = null;\n\tif (event.locals.role === \"admin\") {\n\t\tconst match = (event.request.headers.get(\"cookie\") ?? \"\").match(new RegExp(`(?:^|;\\\\s*)${SESSION_COOKIE_NAME}=([^;]+)`));\n\t\tconst renewed = match ? touchSession(match[1]) : false;\n\t\tif (renewed) renewedCookie = sessionCookieHeader(renewed, event.request);\n\t}\n\tconst isAuthPath = path === \"/login\" || path.startsWith(\"/login/\");\n\tif (event.request.method === \"GET\" && (event.request.headers.get(\"accept\") ?? \"\").includes(\"text/html\") && !event.locals.role && !isSetupPath && !isAuthPath) {\n\t\tconst redirectTo = path + event.url.search;\n\t\tredirect(302, `/login?redirectTo=${encodeURIComponent(redirectTo)}`);\n\t}\n\tconst response = await resolve(event);\n\tif (renewedCookie) {\n\t\tif (!(response.headers.get(\"set-cookie\") ?? \"\").includes(`op_session=`)) response.headers.append(\"set-cookie\", renewedCookie);\n\t}\n\tresponse.headers.set(\"X-Frame-Options\", path === \"/admin/akm/health-report\" ? \"SAMEORIGIN\" : \"DENY\");\n\tresponse.headers.set(\"X-Content-Type-Options\", \"nosniff\");\n\tresponse.headers.set(\"Referrer-Policy\", \"no-referrer\");\n\treturn response;\n};\n//#endregion\nexport { _resetLaunchCache, handle };\n"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAQA;AACA,IAAI,MAAM,GAAG,YAAY,CAAC,OAAO,CAAC;AAClC,IAAI,gBAAgB,GAAG,KAAK;AAC5B,IAAI,iBAAiB,GAAG,KAAK;AAC7B,IAAI,gBAAgB,GAAG,IAAI;AAC3B;AACA,SAAS,iBAAiB,GAAG;AAC7B,CAAC,gBAAgB,GAAG,IAAI;AACxB;AACA,SAAS,cAAc,GAAG;AAC1B,CAAC,IAAI,gBAAgB,EAAE;AACvB,CAAC,gBAAgB,GAAG,IAAI;AACxB,CAAC,KAAK,MAAM,IAAI,IAAI,0BAA0B,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;AAC9E,CAAC,IAAI;AACL,EAAE,MAAM,KAAK,GAAG,QAAQ,EAAE;AAC1B,EAAE,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE;AACzC,GAAG,MAAM,EAAE,GAAG,UAAU,CAAC,KAAK,CAAC,QAAQ,EAAE,sBAAsB,CAAC;AAChE,GAAG,IAAI,EAAE,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,GAAG,EAAE,CAAC,OAAO,EAAE;AAC1D,EAAE;AACF,EAAE,MAAM,SAAS,GAAG,mBAAmB,CAAC,KAAK,CAAC,QAAQ,CAAC;AACvD,EAAE,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;AAC9F,CAAC,CAAC,CAAC,OAAO,GAAG,EAAE;AACf,EAAE,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;AACjE,CAAC;AACD;AACA,cAAc,EAAE;AAChB,IAAI,WAAW,GAAG;AAClB,CAAC,QAAQ;AACT,CAAC,YAAY;AACb,CAAC,SAAS;AACV,CAAC;AACD,CAAC;AACD,SAAS,kBAAkB,CAAC,EAAE,EAAE;AAChC,CAAC,OAAO,EAAE,KAAK,WAAW,IAAI,EAAE,KAAK,KAAK,IAAI,EAAE,KAAK,kBAAkB;AACvE;AACA,SAAS,sBAAsB,CAAC,MAAM,EAAE;AACxC,CAAC,MAAM,QAAQ,GAAG,EAAE;AACpB,CAAC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE;AACxC,EAAE,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE;AAC7B,EAAE,IAAI,CAAC,OAAO,EAAE;AAChB,EAAE,IAAI;AACN,GAAG,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC;AACrC,GAAG,QAAQ,CAAC,IAAI,CAAC;AACjB,IAAI,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;AACxD,IAAI,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC;AACrC,IAAI,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE;AACtC,IAAI,CAAC;AACL,EAAE,CAAC,CAAC,MAAM;AACV,GAAG;AACH,EAAE;AACF,CAAC;AACD,CAAC,OAAO,QAAQ;AAChB;AACA,eAAe,oBAAoB,GAAG;AACtC,CAAC,IAAI,gBAAgB,IAAI,gBAAgB,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,OAAO,gBAAgB,CAAC,KAAK;AAC/F,CAAC,MAAM,KAAK,GAAG,QAAQ,EAAE;AACzB,CAAC,MAAM,YAAY,GAAG,oBAAoB,CAAC,KAAK,CAAC,QAAQ,CAAC;AAC1D,CAAC,MAAM,aAAa,GAAG,MAAM,SAAS,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;AAClE,CAAC,MAAM,KAAK,GAAG;AACf,EAAE,YAAY;AACd,EAAE,MAAM,EAAE,kBAAkB,CAAC;AAC7B,GAAG,KAAK,EAAE;AACV,IAAI,KAAK,EAAE,qBAAqB,CAAC,YAAY,EAAE,aAAa,CAAC,EAAE,GAAG,sBAAsB,CAAC,aAAa,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;AACpH,IAAI,OAAO,EAAE,YAAY,KAAK,eAAe,GAAG,MAAM,aAAa,EAAE,GAAG,MAAM;AAC9E,IAAI,MAAM,EAAE,EAAE,YAAY;AAC1B,IAAI;AACJ,GAAG,OAAO,EAAE,MAAM,kBAAkB;AACpC,GAAG,CAAC;AACJ,EAAE,iBAAiB,EAAE,mBAAmB,CAAC,KAAK,CAAC,OAAO;AACtD,EAAE;AACF,CAAC,gBAAgB,GAAG;AACpB,EAAE,KAAK;AACP,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG;AAC1B,EAAE;AACF,CAAC,OAAO,KAAK;AACb;AACG,IAAC,MAAM,GAAG,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK;AAC3C,CAAC,MAAM,SAAS,GAAG,eAAe,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC;AAC1D,CAAC,IAAI,SAAS,EAAE,OAAO,SAAS;AAChC,CAAC,MAAM,WAAW,GAAG,iBAAiB,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC;AAC9D,CAAC,IAAI,WAAW,EAAE,OAAO,WAAW;AACpC,CAAC,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ;AAChC,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,mBAAmB,EAAE,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC;AACtF,CAAC,MAAM,WAAW,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC;AACpF,CAAC,MAAM,aAAa,GAAG,iBAAiB,IAAI,eAAe,CAAC,eAAe,EAAE,CAAC;AAC9E,CAAC,IAAI,aAAa,EAAE,iBAAiB,GAAG,IAAI;AAC5C,CAAC,IAAI,WAAW,IAAI,CAAC,aAAa,EAAE;AACpC,EAAE,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,EAAE,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;AACxF,GAAG,KAAK,EAAE,sBAAsB;AAChC,GAAG,OAAO,EAAE;AACZ,GAAG,CAAC,EAAE;AACN,GAAG,MAAM,EAAE,GAAG;AACd,GAAG,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB;AAChD,GAAG,CAAC;AACJ,CAAC;AACD,CAAC,IAAI,CAAC,WAAW,EAAE;AACnB,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,oBAAoB,EAAE;AAClF,EAAE,MAAM,WAAW,GAAG,iBAAiB,GAAG,SAAS,GAAG,YAAY,KAAK,kBAAkB,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,KAAK,SAAS,GAAG,SAAS,GAAG,MAAM,CAAC,gBAAgB,KAAK,MAAM,GAAG,OAAO,GAAG,SAAS;AACpM,EAAE,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC;AAC7E,EAAE,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,iBAAiB,IAAI,UAAU;AACxQ,EAAE,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,WAAW,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,GAAG,EAAE,WAAW,CAAC;AACjF,CAAC;AACD,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,GAAG,qBAAqB,CAAC,KAAK,CAAC;AACjD,CAAC,IAAI,aAAa,GAAG,IAAI;AACzB,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE;AACpC,EAAE,MAAM,KAAK,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,CAAC,WAAW,EAAE,mBAAmB,CAAC,QAAQ,CAAC,CAAC,CAAC;AAC1H,EAAE,MAAM,OAAO,GAAG,KAAK,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK;AACxD,EAAE,IAAI,OAAO,EAAE,aAAa,GAAG,mBAAmB,CAAC,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC;AAC1E,CAAC;AACD,CAAC,MAAM,UAAU,GAAG,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;AACnE,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,KAAK,KAAK,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,WAAW,IAAI,CAAC,UAAU,EAAE;AAC/J,EAAE,MAAM,UAAU,GAAG,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,MAAM;AAC5C,EAAE,QAAQ,CAAC,GAAG,EAAE,CAAC,kBAAkB,EAAE,kBAAkB,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;AACtE,CAAC;AACD,CAAC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC;AACtC,CAAC,IAAI,aAAa,EAAE;AACpB,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,EAAE,QAAQ,CAAC,CAAC,WAAW,CAAC,CAAC,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,aAAa,CAAC;AAC/H,CAAC;AACD,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,IAAI,KAAK,0BAA0B,GAAG,YAAY,GAAG,MAAM,CAAC;AACrG,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,SAAS,CAAC;AAC1D,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,aAAa,CAAC;AACvD,CAAC,OAAO,QAAQ;AAChB;;;;"}
package/build/server/chunks/{http-BmFqfzyw.js → http-BcWKKzEL.js} RENAMED
@@ -1,4 +1,4 @@
1
- import { g as getActiveEndpoint } from './endpoints-ev9YSBb8.js';
1
+ import { g as getActiveEndpoint } from './endpoints-C11fNgt_.js';
2
2
 
3
3
  //#region src/lib/server/opencode/http.ts
4
4
  /**
@@ -28,4 +28,4 @@ async function opencodeFetch(path, init) {
28
28
  }
29
29
 
30
30
  export { opencodeFetch as o };
31
- //# sourceMappingURL=http-BmFqfzyw.js.map
31
+ //# sourceMappingURL=http-BcWKKzEL.js.map
package/build/server/chunks/{http-BmFqfzyw.js.map → http-BcWKKzEL.js.map} RENAMED
@@ -1 +1 @@
1
- {"version":3,"file":"http-BmFqfzyw.js","sources":["../../../.svelte-kit/adapter-node/chunks/http.js"],"sourcesContent":["import { r as getActiveEndpoint } from \"./endpoints.js\";\n//#region src/lib/server/opencode/http.ts\n/**\n* HTTP transport for talking to the active OpenCode endpoint.\n*\n* Used by sibling modules (`config.ts`, `catalog.ts`) — not part of the\n* public API of `$lib/server/opencode`. Reads the active endpoint per-call\n* so user switches in the UI take effect immediately.\n*/\nasync function opencodeFetch(path, init) {\n\tconst endpoint = getActiveEndpoint();\n\tconst headers = {\n\t\t\"content-type\": \"application/json\",\n\t\t...init?.headers\n\t};\n\tif (endpoint.password) {\n\t\tconst user = endpoint.username || \"openpalm\";\n\t\theaders[\"authorization\"] = `Basic ${btoa(`${user}:${endpoint.password}`)}`;\n\t}\n\tconst response = await fetch(`${endpoint.url}${path}`, {\n\t\t...init,\n\t\theaders\n\t});\n\tif (!response.ok) throw new Error(`${init?.method ?? \"GET\"} ${path} failed with ${response.status}`);\n\tif (response.status === 204) return;\n\treturn await response.json();\n}\n//#endregion\nexport { opencodeFetch as t };\n"],"names":[],"mappings":";;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAe,aAAa,CAAC,IAAI,EAAE,IAAI,EAAE;AACzC,CAAC,MAAM,QAAQ,GAAG,iBAAiB,EAAE;AACrC,CAAC,MAAM,OAAO,GAAG;AACjB,EAAE,cAAc,EAAE,kBAAkB;AACpC,EAAE,GAAG,IAAI,EAAE;AACX,EAAE;AACF,CAAC,IAAI,QAAQ,CAAC,QAAQ,EAAE;AACxB,EAAE,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,IAAI,UAAU;AAC9C,EAAE,OAAO,CAAC,eAAe,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;AAC5E,CAAC;AACD,CAAC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,EAAE;AACxD,EAAE,GAAG,IAAI;AACT,EAAE;AACF,EAAE,CAAC;AACH,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,MAAM,IAAI,KAAK,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,IAAI,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;AACrG,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE;AAC9B,CAAC,OAAO,MAAM,QAAQ,CAAC,IAAI,EAAE;AAC7B;;;;"}
1
+ {"version":3,"file":"http-BcWKKzEL.js","sources":["../../../.svelte-kit/adapter-node/chunks/http.js"],"sourcesContent":["import { r as getActiveEndpoint } from \"./endpoints.js\";\n//#region src/lib/server/opencode/http.ts\n/**\n* HTTP transport for talking to the active OpenCode endpoint.\n*\n* Used by sibling modules (`config.ts`, `catalog.ts`) — not part of the\n* public API of `$lib/server/opencode`. Reads the active endpoint per-call\n* so user switches in the UI take effect immediately.\n*/\nasync function opencodeFetch(path, init) {\n\tconst endpoint = getActiveEndpoint();\n\tconst headers = {\n\t\t\"content-type\": \"application/json\",\n\t\t...init?.headers\n\t};\n\tif (endpoint.password) {\n\t\tconst user = endpoint.username || \"openpalm\";\n\t\theaders[\"authorization\"] = `Basic ${btoa(`${user}:${endpoint.password}`)}`;\n\t}\n\tconst response = await fetch(`${endpoint.url}${path}`, {\n\t\t...init,\n\t\theaders\n\t});\n\tif (!response.ok) throw new Error(`${init?.method ?? \"GET\"} ${path} failed with ${response.status}`);\n\tif (response.status === 204) return;\n\treturn await response.json();\n}\n//#endregion\nexport { opencodeFetch as t };\n"],"names":[],"mappings":";;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAe,aAAa,CAAC,IAAI,EAAE,IAAI,EAAE;AACzC,CAAC,MAAM,QAAQ,GAAG,iBAAiB,EAAE;AACrC,CAAC,MAAM,OAAO,GAAG;AACjB,EAAE,cAAc,EAAE,kBAAkB;AACpC,EAAE,GAAG,IAAI,EAAE;AACX,EAAE;AACF,CAAC,IAAI,QAAQ,CAAC,QAAQ,EAAE;AACxB,EAAE,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,IAAI,UAAU;AAC9C,EAAE,OAAO,CAAC,eAAe,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;AAC5E,CAAC;AACD,CAAC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,EAAE;AACxD,EAAE,GAAG,IAAI;AACT,EAAE;AACF,EAAE,CAAC;AACH,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,MAAM,IAAI,KAAK,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,IAAI,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;AACrG,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE;AAC9B,CAAC,OAAO,MAAM,QAAQ,CAAC,IAAI,EAAE;AAC7B;;;;"}
package/build/server/chunks/{internal-CGvCj4Lu.js → internal-vyS6U9TX.js} RENAMED
@@ -1518,7 +1518,7 @@ var options = {
1518
1518
  app: ({ head, body, assets, nonce, env }) => "<!doctype html>\n<html lang=\"en\">\n <head>\n <meta charset=\"utf-8\" />\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\" />\n <meta name=\"theme-color\" content=\"#ffffff\" />\n <meta name=\"color-scheme\" content=\"light\" />\n <script>\n (() => {\n const storageKey = 'openpalm.theme';\n const darkThemeColor = '#161c22';\n const lightThemeColor = '#f9fafb';\n\n try {\n const stored = window.localStorage.getItem(storageKey);\n const preference = stored === 'light' || stored === 'dark' || stored === 'system' ? stored : 'system';\n const resolved = preference === 'system'\n ? (window.matchMedia && window.matchMedia('(prefers-color-scheme: dark)').matches ? 'dark' : 'light')\n : preference;\n const root = document.documentElement;\n root.setAttribute('data-theme', resolved);\n root.style.colorScheme = resolved;\n\n const themeColorMeta = document.querySelector('meta[name=\"theme-color\"]');\n if (themeColorMeta) {\n themeColorMeta.setAttribute('content', resolved === 'dark' ? darkThemeColor : lightThemeColor);\n }\n\n const colorSchemeMeta = document.querySelector('meta[name=\"color-scheme\"]');\n if (colorSchemeMeta) {\n colorSchemeMeta.setAttribute('content', resolved);\n }\n } catch {\n // Keep the default light metadata if storage access is unavailable.\n }\n })();\n <\/script>\n <link rel=\"preconnect\" href=\"https://fonts.googleapis.com\" />\n <link rel=\"preconnect\" href=\"https://fonts.gstatic.com\" crossorigin />\n <link\n href=\"https://fonts.googleapis.com/css2?family=Source+Sans+3:wght@400;500;600;700&family=IBM+Plex+Mono:wght@400;500&display=swap\"\n rel=\"stylesheet\"\n />\n " + head + "\n </head>\n <body data-sveltekit-preload-data=\"hover\">\n <div style=\"display: contents\">" + body + "</div>\n </body>\n</html>\n",
1519
1519
  error: ({ status, message }) => "<!doctype html>\n<html lang=\"en\">\n <head>\n <meta charset=\"utf-8\" />\n <title>" + message + "</title>\n\n <style>\n body {\n --bg: white;\n --fg: #222;\n --divider: #ccc;\n background: var(--bg);\n color: var(--fg);\n font-family:\n system-ui,\n -apple-system,\n BlinkMacSystemFont,\n 'Segoe UI',\n Roboto,\n Oxygen,\n Ubuntu,\n Cantarell,\n 'Open Sans',\n 'Helvetica Neue',\n sans-serif;\n display: flex;\n align-items: center;\n justify-content: center;\n height: 100vh;\n margin: 0;\n }\n\n .error {\n display: flex;\n align-items: center;\n max-width: 32rem;\n margin: 0 1rem;\n }\n\n .status {\n font-weight: 200;\n font-size: 3rem;\n line-height: 1;\n position: relative;\n top: -0.05rem;\n }\n\n .message {\n border-left: 1px solid var(--divider);\n padding: 0 0 0 1rem;\n margin: 0 0 0 1rem;\n min-height: 2.5rem;\n display: flex;\n align-items: center;\n }\n\n .message h1 {\n font-weight: 400;\n font-size: 1em;\n margin: 0;\n }\n\n @media (prefers-color-scheme: dark) {\n body {\n --bg: #222;\n --fg: #ddd;\n --divider: #666;\n }\n }\n </style>\n </head>\n <body>\n <div class=\"error\">\n <span class=\"status\">" + status + "</span>\n <div class=\"message\">\n <h1>" + message + "</h1>\n </div>\n </div>\n </body>\n</html>\n"
1520
1520
  },
1521
- version_hash: "1qvmlyo"
1521
+ version_hash: "anlcvn"
1522
1522
  };
1523
1523
  async function get_hooks() {
1524
1524
  let handle;
@@ -1526,7 +1526,7 @@ async function get_hooks() {
1526
1526
  let handleError;
1527
1527
  let handleValidationError;
1528
1528
  let init;
1529
- ({handle, handleFetch, handleError, handleValidationError, init} = await import('./hooks.server-DMdbB9Fv.js'));
1529
+ ({handle, handleFetch, handleError, handleValidationError, init} = await import('./hooks.server-B3zyEAPe.js'));
1530
1530
  let reroute;
1531
1531
  let transport;
1532
1532
  return {
@@ -1541,4 +1541,4 @@ async function get_hooks() {
1541
1541
  }
1542
1542
 
1543
1543
  export { stringify$1 as A, validate_layout_exports as B, validate_layout_server_exports as C, validate_page_exports as D, validate_page_server_exports as E, with_request_store as F, INVALIDATED_PARAM as I, NULL_BODY_STATUS as N, TRAILING_SLASH_PARAM as T, IN_WEBCONTAINER as a, compact as b, coalesce_to_error as c, create_remote_key as d, decode_pathname as e, disable_search as f, find_route as g, get_hooks as h, get_message as i, get_status as j, hash as k, merge_tracing as l, make_trackable as m, noop as n, noop_span as o, normalize_error as p, normalize_path as q, once as r, options as s, parse as t, parse_remote_arg as u, read_implementation as v, resolve as w, set_read_implementation as x, split_remote_key as y, stringify as z };
1544
- //# sourceMappingURL=internal-CGvCj4Lu.js.map
1544
+ //# sourceMappingURL=internal-vyS6U9TX.js.map