@package-broker/core 0.2.15

package/dist/middleware/auth.js

@@ -0,0 +1,300 @@
+// Authentication middleware
+import { sha256 } from '@noble/hashes/sha256';
+import { bytesToHex } from '@noble/hashes/utils';
+import { tokens } from '../db/schema';
+import { eq } from 'drizzle-orm';
+/**
+ * Extract Basic Auth credentials from request
+ */
+function extractBasicAuth(authHeader) {
+    if (!authHeader || !authHeader.startsWith('Basic ')) {
+        return null;
+    }
+    try {
+        const encoded = authHeader.slice(6);
+        const decoded = atob(encoded);
+        const [username, password] = decoded.split(':', 2);
+        return { username, password };
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Hash token using SHA-256 (for high-entropy tokens)
+ */
+function hashToken(token) {
+    const hash = sha256(token);
+    return bytesToHex(hash);
+}
+/**
+ * Check rate limit in KV
+ * Note: KV has eventual consistency (up to 60s), rate limiting is approximate
+ * If rateLimitMax is null, 0, or falsy, rate limiting is disabled and no KV operations are performed
+ * If KV is unavailable, gracefully allows all requests (rate limiting not enforced)
+ */
+async function checkRateLimit(kv, tokenId, rateLimitMax) {
+    // If rate limiting is disabled (null, 0, or falsy), skip all operations
+    if (!rateLimitMax || rateLimitMax <= 0) {
+        return { allowed: true, remaining: Infinity };
+    }
+    // If KV is not available, allow request (graceful degradation)
+    if (!kv) {
+        return { allowed: true, remaining: Infinity };
+    }
+    const hour = Math.floor(Date.now() / (1000 * 60 * 60));
+    const key = `rate_limit:${tokenId}:${hour}`;
+    const current = await kv.get(key);
+    const count = current ? parseInt(current, 10) : 0;
+    if (count >= rateLimitMax) {
+        return { allowed: false, remaining: 0 };
+    }
+    // Increment count (eventual consistency is acceptable)
+    await kv.put(key, String(count + 1), { expirationTtl: 3600 });
+    return { allowed: true, remaining: rateLimitMax - count - 1 };
+}
+/**
+ * Check if request has valid admin session (Bearer token)
+ * Sessions require KV - if KV is unavailable, sessions won't work
+ */
+async function checkAdminSession(kv, authHeader) {
+    if (!authHeader || !authHeader.startsWith('Bearer ')) {
+        return { valid: false };
+    }
+    // Sessions require KV - if unavailable, no sessions can be validated
+    if (!kv) {
+        return { valid: false };
+    }
+    const token = authHeader.slice(7);
+    const sessionData = await kv.get(`session:${token}`, 'json');
+    if (!sessionData) {
+        return { valid: false };
+    }
+    return { valid: true, session: sessionData };
+}
+/**
+ * Dual authentication middleware for dist route
+ * Accepts either Composer token (Basic Auth) OR admin session (Bearer token)
+ */
+export async function distAuthMiddleware(c, next) {
+    const authHeader = c.req.header('Authorization');
+    // Try admin session first (Bearer token) - for UI downloads
+    const sessionResult = await checkAdminSession(c.env.KV, authHeader);
+    if (sessionResult.valid && sessionResult.session) {
+        c.set('session', sessionResult.session);
+        return await next();
+    }
+    // Fall back to Composer token auth (Basic Auth) - for composer CLI
+    const credentials = extractBasicAuth(authHeader);
+    if (!credentials) {
+        return c.json({ error: 'Unauthorized', message: 'Authentication required (Bearer session or Basic token)' }, 401);
+    }
+    // Token is passed as password, username should be "token"
+    if (credentials.username !== 'token') {
+        return c.json({ error: 'Unauthorized', message: 'Username must be "token"' }, 401);
+    }
+    const token = credentials.password;
+    if (!token) {
+        return c.json({ error: 'Unauthorized', message: 'Token required in password field' }, 401);
+    }
+    const tokenHash = hashToken(token);
+    // Check cache first (5 second TTL for burst request optimization)
+    const cacheKey = `token:${tokenHash}`;
+    let tokenRecord = null;
+    try {
+        const cached = c.env.KV ? await c.env.KV.get(cacheKey, 'json') : null;
+        if (cached) {
+            // Verify token hasn't expired
+            if (!cached.expires_at || cached.expires_at >= Date.now() / 1000) {
+                tokenRecord = cached;
+            }
+        }
+    }
+    catch {
+        // Cache miss or error - fall through to D1 query
+    }
+    // If not in cache, query D1
+    if (!tokenRecord) {
+        const db = c.get('database');
+        const [dbToken] = await db
+            .select()
+            .from(tokens)
+            .where(eq(tokens.token_hash, tokenHash))
+            .limit(1);
+        if (dbToken) {
+            tokenRecord = dbToken;
+            // Cache for 5 seconds to handle burst requests (if KV available)
+            if (c.env.KV) {
+                c.executionCtx.waitUntil(c.env.KV.put(cacheKey, JSON.stringify(dbToken), { expirationTtl: 5 }).catch(() => {
+                    // Ignore cache errors
+                }));
+            }
+        }
+    }
+    if (!tokenRecord) {
+        return c.json({ error: 'Unauthorized', message: 'Invalid token' }, 401);
+    }
+    // Check expiration
+    if (tokenRecord.expires_at && tokenRecord.expires_at < Date.now() / 1000) {
+        return c.json({ error: 'Unauthorized', message: 'Token expired' }, 401);
+    }
+    // Check rate limit (skip if null/0 to avoid KV operations)
+    const rateLimitMax = tokenRecord.rate_limit_max;
+    const rateLimit = await checkRateLimit(c.env.KV, tokenRecord.id, rateLimitMax);
+    if (!rateLimit.allowed) {
+        return c.json({ error: 'Too Many Requests', message: 'Rate limit exceeded' }, 429);
+    }
+    // Attach token info to context
+    c.set('auth', {
+        tokenId: tokenRecord.id,
+        tokenDescription: tokenRecord.description,
+        tokenPermissions: (tokenRecord.permissions || 'readonly'),
+    });
+    // Update last_used_at (non-blocking)
+    c.executionCtx.waitUntil((async () => {
+        const db = c.get('database');
+        if (c.env.QUEUE && typeof c.env.QUEUE.send === 'function') {
+            await c.env.QUEUE.send({
+                type: 'update_token_last_used',
+                tokenId: tokenRecord.id,
+                timestamp: Math.floor(Date.now() / 1000),
+            });
+        }
+        else {
+            await db
+                .update(tokens)
+                .set({ last_used_at: Math.floor(Date.now() / 1000) })
+                .where(eq(tokens.id, tokenRecord.id));
+        }
+    })());
+    return await next();
+}
+/**
+ * Authentication middleware
+ * Validates Basic Auth -> D1 Token -> KV Rate Limit
+ */
+export async function authMiddleware(c, next) {
+    const authHeader = c.req.header('Authorization');
+    const credentials = extractBasicAuth(authHeader);
+    if (!credentials) {
+        return c.json({ error: 'Unauthorized', message: 'Basic authentication required' }, 401);
+    }
+    // Token is passed as password, username should be "token"
+    if (credentials.username !== 'token') {
+        return c.json({ error: 'Unauthorized', message: 'Username must be "token"' }, 401);
+    }
+    const token = credentials.password;
+    if (!token) {
+        return c.json({ error: 'Unauthorized', message: 'Token required in password field' }, 401);
+    }
+    const tokenHash = hashToken(token);
+    // Check cache first (5 second TTL for burst request optimization)
+    const cacheKey = `token:${tokenHash}`;
+    let tokenRecord = null;
+    try {
+        const cached = c.env.KV ? await c.env.KV.get(cacheKey, 'json') : null;
+        if (cached) {
+            // Verify token hasn't expired
+            if (!cached.expires_at || cached.expires_at >= Date.now() / 1000) {
+                tokenRecord = cached;
+            }
+        }
+    }
+    catch {
+        // Cache miss or error - fall through to D1 query
+    }
+    // If not in cache, query D1
+    if (!tokenRecord) {
+        const db = c.get('database');
+        const [dbToken] = await db
+            .select()
+            .from(tokens)
+            .where(eq(tokens.token_hash, tokenHash))
+            .limit(1);
+        if (dbToken) {
+            tokenRecord = dbToken;
+            // Cache for 5 seconds to handle burst requests (if KV available)
+            if (c.env.KV) {
+                c.executionCtx.waitUntil(c.env.KV.put(cacheKey, JSON.stringify(dbToken), { expirationTtl: 5 }).catch(() => {
+                    // Ignore cache errors
+                }));
+            }
+        }
+    }
+    if (!tokenRecord) {
+        return c.json({ error: 'Unauthorized', message: 'Invalid token' }, 401);
+    }
+    // Check expiration
+    if (tokenRecord.expires_at && tokenRecord.expires_at < Date.now() / 1000) {
+        return c.json({ error: 'Unauthorized', message: 'Token expired' }, 401);
+    }
+    // Check rate limit (skip if null/0 to avoid KV operations)
+    const rateLimitMax = tokenRecord.rate_limit_max;
+    const rateLimit = await checkRateLimit(c.env.KV, tokenRecord.id, rateLimitMax);
+    if (!rateLimit.allowed) {
+        return c.json({
+            error: 'Too Many Requests',
+            message: 'Rate limit exceeded',
+        }, 429);
+    }
+    // Attach token info to context
+    c.set('auth', {
+        tokenId: tokenRecord.id,
+        tokenDescription: tokenRecord.description,
+        tokenPermissions: (tokenRecord.permissions || 'readonly'),
+    });
+    // Track token usage analytics
+    const { getAnalytics } = await import('../utils/analytics');
+    const analytics = getAnalytics();
+    const requestId = c.get('requestId');
+    analytics.trackAuthTokenUsed({
+        requestId,
+        tokenId: tokenRecord.id,
+    });
+    // Update last_used_at (non-blocking)
+    const updateTokenLastUsed = async () => {
+        const db = c.get('database');
+        if (c.env.QUEUE && typeof c.env.QUEUE.send === 'function') {
+            // Use Queue for async processing (Paid plan)
+            await c.env.QUEUE.send({
+                type: 'update_token_last_used',
+                tokenId: tokenRecord.id,
+                timestamp: Math.floor(Date.now() / 1000),
+            });
+        }
+        else {
+            // Fallback: update directly in database (Free tier)
+            await db
+                .update(tokens)
+                .set({ last_used_at: Math.floor(Date.now() / 1000) })
+                .where(eq(tokens.id, tokenRecord.id));
+        }
+    };
+    // Run in background to not block the response
+    c.executionCtx.waitUntil(updateTokenLastUsed());
+    return await next();
+}
+/**
+ * Middleware to check token permissions
+ * Requires write permission for certain operations
+ */
+export function checkTokenPermissions(requiredPermission) {
+    return async (c, next) => {
+        const auth = c.get('auth');
+        if (!auth) {
+            return c.json({
+                error: 'Unauthorized',
+                message: 'Authentication required'
+            }, 401);
+        }
+        const tokenPermission = auth.tokenPermissions || 'readonly';
+        if (requiredPermission === 'write' && tokenPermission === 'readonly') {
+            return c.json({
+                error: 'Forbidden',
+                message: 'This operation requires write permissions. Your token has read-only access.'
+            }, 403);
+        }
+        return await next();
+    };
+}
+//# sourceMappingURL=auth.js.map

package/dist/middleware/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/middleware/auth.ts"],"names":[],"mappings":"AAAA,4BAA4B;AAG5B,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAEjD,OAAO,EAAE,MAAM,EAA8B,MAAM,cAAc,CAAC;AAClE,OAAO,EAAE,EAAE,EAAE,MAAM,aAAa,CAAC;AAQjC;;GAEG;AACH,SAAS,gBAAgB,CAAC,UAA8B;IAItD,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;QAC9B,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACnD,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,SAAS,CAAC,KAAa;IAC9B,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAC3B,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,cAAc,CAC3B,EAA2B,EAC3B,OAAe,EACf,YAA2B;IAE3B,wEAAwE;IACxE,IAAI,CAAC,YAAY,IAAI,YAAY,IAAI,CAAC,EAAE,CAAC;QACvC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;IAChD,CAAC;IAED,+DAA+D;IAC/D,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;IAChD,CAAC;IAED,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;IACvD,MAAM,GAAG,GAAG,cAAc,OAAO,IAAI,IAAI,EAAE,CAAC;IAE5C,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAClC,MAAM,KAAK,GAAG,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAElD,IAAI,KAAK,IAAI,YAAY,EAAE,CAAC;QAC1B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC;IAC1C,CAAC;IAED,uDAAuD;IACvD,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IAE9D,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,YAAY,GAAG,KAAK,GAAG,CAAC,EAAE,CAAC;AAChE,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,iBAAiB,CAC9B,EAA2B,EAC3B,UAA8B;IAE9B,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACrD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;IAC1B,CAAC;IAED,qEAAqE;IACrE,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;IAC1B,CAAC;IAED,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAClC,MAAM,WAAW,GAAG,MAAM,EAAE,CAAC,GAAG,CAAC,WAAW,KAAK,EAAE,EAAE,MAAM,CAA6C,CAAC;IAEzG,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;IAC1B,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;AAC/C,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,CAWE,EACF,IAA6B;IAE7B,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IAEjD,4DAA4D;IAC5D,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,UAAU,CAAC,CAAC;IACpE,IAAI,aAAa,CAAC,KAAK,IAAI,aAAa,CAAC,OAAO,EAAE,CAAC;QACjD,CAAC,CAAC,GAAG,CAAC,SAAS,EAAE,aAAa,CAAC,OAAO,CAAC,CAAC;QACxC,OAAO,MAAM,IAAI,EAAE,CAAC;IACtB,CAAC;IAED,mEAAmE;IACnE,MAAM,WAAW,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAC;IACjD,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,yDAAyD,EAAE,EAAE,GAAG,CAAC,CAAC;IACpH,CAAC;IAED,0DAA0D;IAC1D,IAAI,WAAW,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACrC,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,0BAA0B,EAAE,EAAE,GAAG,CAAC,CAAC;IACrF,CAAC;IAED,MAAM,KAAK,GAAG,WAAW,CAAC,QAAQ,CAAC;IACnC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,kCAAkC,EAAE,EAAE,GAAG,CAAC,CAAC;IAC7F,CAAC;IAED,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAEnC,kEAAkE;IAClE,MAAM,QAAQ,GAAG,SAAS,SAAS,EAAE,CAAC;IACtC,IAAI,WAAW,GAAwC,IAAI,CAAC;IAE5D,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAwC,CAAC,CAAC,CAAC,IAAI,CAAC;QAC7G,IAAI,MAAM,EAAE,CAAC;YACX,8BAA8B;YAC9B,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;gBACjE,WAAW,GAAG,MAAM,CAAC;YACvB,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,iDAAiD;IACnD,CAAC;IAED,4BAA4B;IAC5B,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC7B,MAAM,CAAC,OAAO,CAAC,GAAG,MAAM,EAAE;aACvB,MAAM,EAAE;aACR,IAAI,CAAC,MAAM,CAAC;aACZ,KAAK,CAAC,EAAE,CAAC,MAAM,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;aACvC,KAAK,CAAC,CAAC,CAAC,CAAC;QAEZ,IAAI,OAAO,EAAE,CAAC;YACZ,WAAW,GAAG,OAAO,CAAC;YACtB,iEAAiE;YACjE,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACb,CAAC,CAAC,YAAY,CAAC,SAAS,CACtB,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,EAAE,aAAa,EAAE,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;oBAC/E,sBAAsB;gBACxB,CAAC,CAAC,CACH,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,eAAe,EAAE,EAAE,GAAG,CAAC,CAAC;IAC1E,CAAC;IAED,mBAAmB;IACnB,IAAI,WAAW,CAAC,UAAU,IAAI,WAAW,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;QACzE,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,eAAe,EAAE,EAAE,GAAG,CAAC,CAAC;IAC1E,CAAC;IAED,2DAA2D;IAC3D,MAAM,YAAY,GAAG,WAAW,CAAC,cAAc,CAAC;IAChD,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,WAAW,CAAC,EAAE,EAAE,YAAY,CAAC,CAAC;IAC/E,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;QACvB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,OAAO,EAAE,qBAAqB,EAAE,EAAE,GAAG,CAAC,CAAC;IACrF,CAAC;IAED,+BAA+B;IAC/B,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE;QACZ,OAAO,EAAE,WAAW,CAAC,EAAE;QACvB,gBAAgB,EAAE,WAAW,CAAC,WAAW;QACzC,gBAAgB,EAAE,CAAC,WAAW,CAAC,WAAW,IAAI,UAAU,CAAyB;KAClF,CAAC,CAAC;IAEH,qCAAqC;IACrC,CAAC,CAAC,YAAY,CAAC,SAAS,CACtB,CAAC,KAAK,IAAI,EAAE;QACV,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC7B,IAAI,CAAC,CAAC,GAAG,CAAC,KAAK,IAAI,OAAO,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;YAC1D,MAAM,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;gBACrB,IAAI,EAAE,wBAAwB;gBAC9B,OAAO,EAAE,WAAW,CAAC,EAAE;gBACvB,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;aACzC,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,MAAM,EAAE;iBACL,MAAM,CAAC,MAAM,CAAC;iBACd,GAAG,CAAC,EAAE,YAAY,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;iBACpD,KAAK,CAAC,EAAE,CAAC,MAAM,CAAC,EAAE,EAAE,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC,EAAE,CACL,CAAC;IAEF,OAAO,MAAM,IAAI,EAAE,CAAC;AACtB,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,CAWE,EACF,IAA6B;IAE7B,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IACjD,MAAM,WAAW,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAC;IAEjD,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,+BAA+B,EAAE,EAAE,GAAG,CAAC,CAAC;IAC1F,CAAC;IAED,0DAA0D;IAC1D,IAAI,WAAW,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACrC,OAAO,CAAC,CAAC,IAAI,CACX,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,0BAA0B,EAAE,EAC9D,GAAG,CACJ,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,WAAW,CAAC,QAAQ,CAAC;IACnC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,kCAAkC,EAAE,EAAE,GAAG,CAAC,CAAC;IAC7F,CAAC;IAED,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAEnC,kEAAkE;IAClE,MAAM,QAAQ,GAAG,SAAS,SAAS,EAAE,CAAC;IACtC,IAAI,WAAW,GAAwC,IAAI,CAAC;IAE5D,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAwC,CAAC,CAAC,CAAC,IAAI,CAAC;QAC7G,IAAI,MAAM,EAAE,CAAC;YACX,8BAA8B;YAC9B,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;gBACjE,WAAW,GAAG,MAAM,CAAC;YACvB,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,iDAAiD;IACnD,CAAC;IAED,4BAA4B;IAC5B,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC7B,MAAM,CAAC,OAAO,CAAC,GAAG,MAAM,EAAE;aACvB,MAAM,EAAE;aACR,IAAI,CAAC,MAAM,CAAC;aACZ,KAAK,CAAC,EAAE,CAAC,MAAM,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;aACvC,KAAK,CAAC,CAAC,CAAC,CAAC;QAEZ,IAAI,OAAO,EAAE,CAAC;YACZ,WAAW,GAAG,OAAO,CAAC;YACtB,iEAAiE;YACjE,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACb,CAAC,CAAC,YAAY,CAAC,SAAS,CACtB,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,EAAE,aAAa,EAAE,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;oBAC/E,sBAAsB;gBACxB,CAAC,CAAC,CACH,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,eAAe,EAAE,EAAE,GAAG,CAAC,CAAC;IAC1E,CAAC;IAED,mBAAmB;IACnB,IAAI,WAAW,CAAC,UAAU,IAAI,WAAW,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;QACzE,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,eAAe,EAAE,EAAE,GAAG,CAAC,CAAC;IAC1E,CAAC;IAED,2DAA2D;IAC3D,MAAM,YAAY,GAAG,WAAW,CAAC,cAAc,CAAC;IAChD,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,WAAW,CAAC,EAAE,EAAE,YAAY,CAAC,CAAC;IAC/E,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;QACvB,OAAO,CAAC,CAAC,IAAI,CACX;YACE,KAAK,EAAE,mBAAmB;YAC1B,OAAO,EAAE,qBAAqB;SAC/B,EACD,GAAG,CACJ,CAAC;IACJ,CAAC;IAED,+BAA+B;IAC/B,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE;QACZ,OAAO,EAAE,WAAW,CAAC,EAAE;QACvB,gBAAgB,EAAE,WAAW,CAAC,WAAW;QACzC,gBAAgB,EAAE,CAAC,WAAW,CAAC,WAAW,IAAI,UAAU,CAAyB;KAClF,CAAC,CAAC;IAEH,8BAA8B;IAC9B,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;IAC5D,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IACjC,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,WAAW,CAAuB,CAAC;IAC3D,SAAS,CAAC,kBAAkB,CAAC;QAC3B,SAAS;QACT,OAAO,EAAE,WAAW,CAAC,EAAE;KACxB,CAAC,CAAC;IAEH,qCAAqC;IACrC,MAAM,mBAAmB,GAAG,KAAK,IAAI,EAAE;QACrC,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC7B,IAAI,CAAC,CAAC,GAAG,CAAC,KAAK,IAAI,OAAO,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;YAC1D,6CAA6C;YAC7C,MAAM,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;gBACrB,IAAI,EAAE,wBAAwB;gBAC9B,OAAO,EAAE,WAAW,CAAC,EAAE;gBACvB,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;aACzC,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,oDAAoD;YACpD,MAAM,EAAE;iBACL,MAAM,CAAC,MAAM,CAAC;iBACd,GAAG,CAAC,EAAE,YAAY,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;iBACpD,KAAK,CAAC,EAAE,CAAC,MAAM,CAAC,EAAE,EAAE,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC;IAEF,8CAA8C;IAC9C,CAAC,CAAC,YAAY,CAAC,SAAS,CAAC,mBAAmB,EAAE,CAAC,CAAC;IAEhD,OAAO,MAAM,IAAI,EAAE,CAAC;AACtB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,kBAAwC;IAC5E,OAAO,KAAK,EACV,CAIE,EACF,IAA6B,EACV,EAAE;QACrB,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAE3B,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,CAAC,CAAC,IAAI,CAAC;gBACZ,KAAK,EAAE,cAAc;gBACrB,OAAO,EAAE,yBAAyB;aACnC,EAAE,GAAG,CAAC,CAAC;QACV,CAAC;QAED,MAAM,eAAe,GAAG,IAAI,CAAC,gBAAgB,IAAI,UAAU,CAAC;QAE5D,IAAI,kBAAkB,KAAK,OAAO,IAAI,eAAe,KAAK,UAAU,EAAE,CAAC;YACrE,OAAO,CAAC,CAAC,IAAI,CAAC;gBACZ,KAAK,EAAE,WAAW;gBAClB,OAAO,EAAE,6EAA6E;aACvF,EAAE,GAAG,CAAC,CAAC;QACV,CAAC;QAED,OAAO,MAAM,IAAI,EAAE,CAAC;IACtB,CAAC,CAAC;AACJ,CAAC"}

package/dist/middleware/composer-version.d.ts

@@ -0,0 +1,7 @@
+import type { Context } from 'hono';
+/**
+ * Middleware to reject Composer 1.x requests
+ * Returns 406 Not Acceptable for Composer/1.* User-Agent
+ */
+export declare function composerVersionMiddleware(c: Context, next: () => Promise<Response>): Promise<Response>;
+//# sourceMappingURL=composer-version.d.ts.map

package/dist/middleware/composer-version.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"composer-version.d.ts","sourceRoot":"","sources":["../../src/middleware/composer-version.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,OAAO,EAAQ,MAAM,MAAM,CAAC;AAE1C;;;GAGG;AACH,wBAAsB,yBAAyB,CAC7C,CAAC,EAAE,OAAO,EACV,IAAI,EAAE,MAAM,OAAO,CAAC,QAAQ,CAAC,GAC5B,OAAO,CAAC,QAAQ,CAAC,CAgBnB"}

package/dist/middleware/composer-version.js

@@ -0,0 +1,18 @@
+// Composer version middleware - reject Composer 1.x
+/**
+ * Middleware to reject Composer 1.x requests
+ * Returns 406 Not Acceptable for Composer/1.* User-Agent
+ */
+export async function composerVersionMiddleware(c, next) {
+    const userAgent = c.req.header('User-Agent') || '';
+    // Reject Composer 1.x
+    if (userAgent.startsWith('Composer/1.')) {
+        return c.json({
+            error: 'Composer 2.x required',
+            message: 'This proxy only supports Composer 2.x. Please upgrade your Composer installation.',
+        }, 406);
+    }
+    // Allow Composer 2.x and other clients
+    return await next();
+}
+//# sourceMappingURL=composer-version.js.map

package/dist/middleware/composer-version.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"composer-version.js","sourceRoot":"","sources":["../../src/middleware/composer-version.ts"],"names":[],"mappings":"AAAA,oDAAoD;AAIpD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,CAAU,EACV,IAA6B;IAE7B,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;IAEnD,sBAAsB;IACtB,IAAI,SAAS,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QACxC,OAAO,CAAC,CAAC,IAAI,CACX;YACE,KAAK,EAAE,uBAAuB;YAC9B,OAAO,EAAE,mFAAmF;SAC7F,EACD,GAAG,CACJ,CAAC;IACJ,CAAC;IAED,uCAAuC;IACvC,OAAO,MAAM,IAAI,EAAE,CAAC;AACtB,CAAC"}

package/dist/middleware/error-handler.d.ts

@@ -0,0 +1,7 @@
+import type { Context } from 'hono';
+/**
+ * Error handling middleware
+ * Catches errors, logs to Workers Logs (free tier), and returns appropriate HTTP status
+ */
+export declare function errorHandlerMiddleware(c: Context, next: () => Promise<Response>): Promise<Response>;
+//# sourceMappingURL=error-handler.d.ts.map

package/dist/middleware/error-handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"error-handler.d.ts","sourceRoot":"","sources":["../../src/middleware/error-handler.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAGpC;;;GAGG;AACH,wBAAsB,sBAAsB,CAC1C,CAAC,EAAE,OAAO,EACV,IAAI,EAAE,MAAM,OAAO,CAAC,QAAQ,CAAC,GAC5B,OAAO,CAAC,QAAQ,CAAC,CA0CnB"}

package/dist/middleware/error-handler.js

@@ -0,0 +1,45 @@
+/*
+ * PACKAGE.broker
+ * Copyright (C) 2025 Łukasz Bajsarowicz
+ * Licensed under AGPL-3.0
+ */
+import { getLogger } from '../utils/logger';
+/**
+ * Error handling middleware
+ * Catches errors, logs to Workers Logs (free tier), and returns appropriate HTTP status
+ */
+export async function errorHandlerMiddleware(c, next) {
+    try {
+        return await next();
+    }
+    catch (error) {
+        const logger = getLogger();
+        const requestId = c.get('requestId');
+        // Log error with structured context
+        logger.error('Request error', {
+            url: c.req.url,
+            method: c.req.method,
+            path: new URL(c.req.url).pathname,
+        }, error instanceof Error ? error : new Error(String(error)));
+        // Return appropriate error response
+        if (error instanceof Error) {
+            // Known error types
+            if (error.message.includes('Unauthorized')) {
+                return c.json({ error: 'Unauthorized', message: error.message }, 401);
+            }
+            if (error.message.includes('Not Found')) {
+                return c.json({ error: 'Not Found', message: error.message }, 404);
+            }
+            if (error.message.includes('Rate limit')) {
+                return c.json({ error: 'Too Many Requests', message: error.message }, 429);
+            }
+        }
+        // Generic error
+        return c.json({
+            error: 'Internal Server Error',
+            message: 'An unexpected error occurred',
+            ...(requestId && { requestId }),
+        }, 500);
+    }
+}
+//# sourceMappingURL=error-handler.js.map

package/dist/middleware/error-handler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"error-handler.js","sourceRoot":"","sources":["../../src/middleware/error-handler.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAE5C;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,CAAU,EACV,IAA6B;IAE7B,IAAI,CAAC;QACH,OAAO,MAAM,IAAI,EAAE,CAAC;IACtB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,WAAW,CAAuB,CAAC;QAE3D,oCAAoC;QACpC,MAAM,CAAC,KAAK,CACV,eAAe,EACf;YACE,GAAG,EAAE,CAAC,CAAC,GAAG,CAAC,GAAG;YACd,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,MAAM;YACpB,IAAI,EAAE,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ;SAClC,EACD,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAC1D,CAAC;QAEF,oCAAoC;QACpC,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;YAC3B,oBAAoB;YACpB,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;gBAC3C,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,EAAE,GAAG,CAAC,CAAC;YACxE,CAAC;YACD,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBACxC,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,EAAE,GAAG,CAAC,CAAC;YACrE,CAAC;YACD,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;gBACzC,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,EAAE,GAAG,CAAC,CAAC;YAC7E,CAAC;QACH,CAAC;QAED,gBAAgB;QAChB,OAAO,CAAC,CAAC,IAAI,CACX;YACE,KAAK,EAAE,uBAAuB;YAC9B,OAAO,EAAE,8BAA8B;YACvC,GAAG,CAAC,SAAS,IAAI,EAAE,SAAS,EAAE,CAAC;SAChC,EACD,GAAG,CACJ,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/middleware/index.d.ts

@@ -0,0 +1,5 @@
+export * from './composer-version';
+export * from './auth';
+export * from './error-handler';
+export * from './request-id';
+//# sourceMappingURL=index.d.ts.map

package/dist/middleware/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/middleware/index.ts"],"names":[],"mappings":"AACA,cAAc,oBAAoB,CAAC;AACnC,cAAc,QAAQ,CAAC;AACvB,cAAc,iBAAiB,CAAC;AAChC,cAAc,cAAc,CAAC"}

package/dist/middleware/index.js

@@ -0,0 +1,6 @@
+// Middleware exports
+export * from './composer-version';
+export * from './auth';
+export * from './error-handler';
+export * from './request-id';
+//# sourceMappingURL=index.js.map

package/dist/middleware/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/middleware/index.ts"],"names":[],"mappings":"AAAA,qBAAqB;AACrB,cAAc,oBAAoB,CAAC;AACnC,cAAc,QAAQ,CAAC;AACvB,cAAc,iBAAiB,CAAC;AAChC,cAAc,cAAc,CAAC"}

package/dist/middleware/request-id.d.ts

@@ -0,0 +1,9 @@
+import type { Context, Next } from 'hono';
+/**
+ * Request ID middleware
+ *
+ * Generates a unique request ID for each request and stores it in context.
+ * This ID is used for log correlation across the request lifecycle.
+ */
+export declare function requestIdMiddleware(c: Context, next: Next): Promise<void>;
+//# sourceMappingURL=request-id.d.ts.map

package/dist/middleware/request-id.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"request-id.d.ts","sourceRoot":"","sources":["../../src/middleware/request-id.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAI1C;;;;;GAKG;AACH,wBAAsB,mBAAmB,CACvC,CAAC,EAAE,OAAO,EACV,IAAI,EAAE,IAAI,GACT,OAAO,CAAC,IAAI,CAAC,CA0Bf"}

package/dist/middleware/request-id.js

@@ -0,0 +1,36 @@
+/*
+ * PACKAGE.broker
+ * Copyright (C) 2025 Łukasz Bajsarowicz
+ * Licensed under AGPL-3.0
+ */
+import { nanoid } from 'nanoid';
+import { getLogger } from '../utils/logger';
+/**
+ * Request ID middleware
+ *
+ * Generates a unique request ID for each request and stores it in context.
+ * This ID is used for log correlation across the request lifecycle.
+ */
+export async function requestIdMiddleware(c, next) {
+    // Generate unique request ID
+    const requestId = nanoid(16);
+    // Store in context variables
+    c.set('requestId', requestId);
+    // Set request ID in logger for automatic inclusion in all logs
+    const logger = getLogger();
+    logger.setRequestId(requestId);
+    // Log request start
+    logger.info('Request started', {
+        method: c.req.method,
+        url: c.req.url,
+        path: new URL(c.req.url).pathname,
+    });
+    // Call next middleware/handler
+    await next();
+    // Add request ID to response headers for debugging
+    // Response is available after next() completes
+    if (c.res) {
+        c.res.headers.set('X-Request-ID', requestId);
+    }
+}
+//# sourceMappingURL=request-id.js.map

package/dist/middleware/request-id.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"request-id.js","sourceRoot":"","sources":["../../src/middleware/request-id.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAChC,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAE5C;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,CAAU,EACV,IAAU;IAEV,6BAA6B;IAC7B,MAAM,SAAS,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC;IAE7B,6BAA6B;IAC7B,CAAC,CAAC,GAAG,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;IAE9B,+DAA+D;IAC/D,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;IAE/B,oBAAoB;IACpB,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE;QAC7B,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,MAAM;QACpB,GAAG,EAAE,CAAC,CAAC,GAAG,CAAC,GAAG;QACd,IAAI,EAAE,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ;KAClC,CAAC,CAAC;IAEH,+BAA+B;IAC/B,MAAM,IAAI,EAAE,CAAC;IAEb,mDAAmD;IACnD,+CAA+C;IAC/C,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC;QACV,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,SAAS,CAAC,CAAC;IAC/C,CAAC;AACH,CAAC"}

package/dist/ports.d.ts

@@ -0,0 +1,32 @@
+import type { Database } from './db/index';
+/**
+ * Database Port
+ * Represents the database connection/ORM instance.
+ * Currently just aliasing the Drizzle type, but allows for future abstraction.
+ */
+export type DatabasePort = Database;
+/**
+ * Cache Port
+ * Abstract interface for caching (KV, Redis, Memory)
+ */
+export interface CachePort {
+    get(key: string): Promise<string | null>;
+    get<T>(key: string, type: 'json'): Promise<T | null>;
+    put(key: string, value: string | ReadableStream | ArrayBuffer | FormData, options?: {
+        expirationTtl?: number;
+    }): Promise<void>;
+    delete(key: string): Promise<void>;
+}
+/**
+ * Queue Port
+ * Abstract interface for job queues (Cloudflare Queues, BullMQ, SQS)
+ */
+export interface QueuePort {
+    send(message: any): Promise<void>;
+    sendBatch(messages: any[]): Promise<void>;
+}
+export interface AnalyticsPort {
+    track(event: string, properties?: Record<string, any>): void;
+}
+export type { StorageDriver as StoragePort } from './storage/driver';
+//# sourceMappingURL=ports.d.ts.map

package/dist/ports.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ports.d.ts","sourceRoot":"","sources":["../src/ports.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAE3C;;;;GAIG;AACH,MAAM,MAAM,YAAY,GAAG,QAAQ,CAAC;AAEpC;;;GAGG;AACH,MAAM,WAAW,SAAS;IACtB,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACzC,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IACrD,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,cAAc,GAAG,WAAW,GAAG,QAAQ,EAAE,OAAO,CAAC,EAAE;QAAE,aAAa,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/H,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACtC;AAED;;;GAGG;AACH,MAAM,WAAW,SAAS;IACtB,IAAI,CAAC,OAAO,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClC,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC7C;AAGD,MAAM,WAAW,aAAa;IAC1B,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,IAAI,CAAC;CAChE;AAED,YAAY,EAAE,aAAa,IAAI,WAAW,EAAE,MAAM,kBAAkB,CAAC"}

package/dist/ports.js

@@ -0,0 +1,4 @@
+// Core ports (interfaces) for external infrastructure
+// adhering to Hexagonal Architecture (Ports & Adapters)
+export {};
+//# sourceMappingURL=ports.js.map

package/dist/ports.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ports.js","sourceRoot":"","sources":["../src/ports.ts"],"names":[],"mappings":"AAAA,sDAAsD;AACtD,wDAAwD"}

package/dist/queue/consumer.d.ts

@@ -0,0 +1,18 @@
+import type { QueueMessage } from './types';
+export interface QueueConsumerEnv {
+    DB: D1Database;
+}
+/**
+ * Process queue messages for async database updates
+ * Optimized for free tier: batch operations where possible
+ */
+export declare function processQueueMessage(message: QueueMessage, env: QueueConsumerEnv): Promise<void>;
+/**
+ * Queue consumer worker entry point
+ * This will be called by Cloudflare Queue when messages are available
+ */
+declare const _default: {
+    queue(batch: MessageBatch<QueueMessage>, env: QueueConsumerEnv): Promise<void>;
+};
+export default _default;
+//# sourceMappingURL=consumer.d.ts.map

package/dist/queue/consumer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"consumer.d.ts","sourceRoot":"","sources":["../../src/queue/consumer.ts"],"names":[],"mappings":"AAWA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAG5C,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,UAAU,CAAC;CAChB;AAED;;;GAGG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,YAAY,EACrB,GAAG,EAAE,gBAAgB,GACpB,OAAO,CAAC,IAAI,CAAC,CAkDf;AAED;;;GAGG;;iBAEkB,YAAY,CAAC,YAAY,CAAC,OAAO,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC;;AADtF,wBAgBE"}

package/dist/queue/consumer.js

@@ -0,0 +1,82 @@
+/*
+ * PACKAGE.broker
+ * Copyright (C) 2025 Łukasz Bajsarowicz
+ * Licensed under AGPL-3.0
+ */
+// Queue consumer for async database updates
+import { createD1Database } from '../db';
+import { tokens, artifacts, repositories } from '../db/schema';
+import { eq } from 'drizzle-orm';
+import { getLogger } from '../utils/logger';
+/**
+ * Process queue messages for async database updates
+ * Optimized for free tier: batch operations where possible
+ */
+export async function processQueueMessage(message, env) {
+    const db = createD1Database(env.DB);
+    switch (message.type) {
+        case 'update_token_last_used': {
+            await db
+                .update(tokens)
+                .set({ last_used_at: message.timestamp })
+                .where(eq(tokens.id, message.tokenId));
+            break;
+        }
+        case 'update_artifact_download': {
+            // Update download_count and last_downloaded_at
+            // First, get current count
+            const [artifact] = await db
+                .select()
+                .from(artifacts)
+                .where(eq(artifacts.id, message.artifactId))
+                .limit(1);
+            if (artifact) {
+                await db
+                    .update(artifacts)
+                    .set({
+                    download_count: (artifact.download_count ?? 0) + 1,
+                    last_downloaded_at: message.timestamp,
+                })
+                    .where(eq(artifacts.id, message.artifactId));
+            }
+            break;
+        }
+        case 'update_repository_sync': {
+            await db
+                .update(repositories)
+                .set({
+                status: message.status,
+                error_message: message.errorMessage || null,
+                last_synced_at: message.timestamp,
+            })
+                .where(eq(repositories.id, message.repoId));
+            break;
+        }
+        default: {
+            const logger = getLogger();
+            logger.warn('Unknown queue message type', { messageType: message.type });
+        }
+    }
+}
+/**
+ * Queue consumer worker entry point
+ * This will be called by Cloudflare Queue when messages are available
+ */
+export default {
+    async queue(batch, env) {
+        // Process messages in batch (optimize for free tier)
+        const promises = batch.messages.map((msg) => {
+            try {
+                return processQueueMessage(msg.body, env);
+            }
+            catch (error) {
+                const logger = getLogger();
+                logger.error('Error processing queue message', { messageType: msg.body.type }, error instanceof Error ? error : new Error(String(error)));
+                // Don't retry on error - log and continue
+                return Promise.resolve();
+            }
+        });
+        await Promise.all(promises);
+    },
+};
+//# sourceMappingURL=consumer.js.map