@package-broker/main 0.2.15

package/dist/index.d.ts

@@ -0,0 +1,45 @@
+import { PackageStorageWorkflow } from '@package-broker/core';
+export { PackageStorageWorkflow };
+export interface WorkerConfig {
+    storage: 'r2' | 's3';
+    s3Config?: {
+        endpoint: string;
+        region: string;
+        accessKeyId: string;
+        secretAccessKey: string;
+        bucket: string;
+    };
+}
+export interface Env {
+    DB: D1Database;
+    KV?: KVNamespace;
+    QUEUE?: Queue;
+    PACKAGE_STORAGE_WORKFLOW?: Workflow;
+    R2_BUCKET: R2Bucket;
+    ASSETS?: Fetcher;
+    ENCRYPTION_KEY: string;
+    ADMIN_TOKEN?: string;
+    INITIAL_ADMIN_EMAIL?: string;
+    INITIAL_ADMIN_PASSWORD?: string;
+    S3_ENDPOINT?: string;
+    S3_REGION?: string;
+    S3_ACCESS_KEY_ID?: string;
+    S3_SECRET_ACCESS_KEY?: string;
+    S3_BUCKET?: string;
+    LOG_LEVEL?: 'debug' | 'info' | 'warn' | 'error';
+    ANALYTICS?: AnalyticsEngineDataset;
+    SMTP_HOST?: string;
+    SMTP_PORT?: string;
+    SMTP_USER?: string;
+    SMTP_PASS?: string;
+    SMTP_FROM?: string;
+}
+/**
+ * Create the PACKAGE.broker worker
+ */
+export declare function createWorker(config?: WorkerConfig, env?: Env): import("@package-broker/core").AppInstance;
+declare const _default: {
+    fetch(request: Request, env: Env, ctx: ExecutionContext): Promise<Response>;
+};
+export default _default;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAUA,OAAO,EAqDL,sBAAsB,EAIvB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EAAE,sBAAsB,EAAE,CAAC;AAElC,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,IAAI,GAAG,IAAI,CAAC;IACrB,QAAQ,CAAC,EAAE;QACT,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,CAAC;QACf,WAAW,EAAE,MAAM,CAAC;QACpB,eAAe,EAAE,MAAM,CAAC;QACxB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;CACH;AAED,MAAM,WAAW,GAAG;IAClB,EAAE,EAAE,UAAU,CAAC;IACf,EAAE,CAAC,EAAE,WAAW,CAAC;IACjB,KAAK,CAAC,EAAE,KAAK,CAAC;IACd,wBAAwB,CAAC,EAAE,QAAQ,CAAC;IACpC,SAAS,EAAE,QAAQ,CAAC;IACpB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAEhC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,SAAS,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IAEhD,SAAS,CAAC,EAAE,sBAAsB,CAAC;IAEnC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,MAAM,GAAE,YAAgC,EAAE,GAAG,CAAC,EAAE,GAAG,8CA6E/E;;mBAMsB,OAAO,OAAO,GAAG,OAAO,gBAAgB,GAAG,OAAO,CAAC,QAAQ,CAAC;;AADnF,wBAeE"}

package/dist/index.js

@@ -0,0 +1,94 @@
+/*
+ * PACKAGE.broker
+ * Copyright (C) 2025 Łukasz Bajsarowicz
+ * Licensed under AGPL-3.0
+ */
+import { R2Driver, S3Driver, getLogger, initAnalytics, PackageStorageWorkflow, createD1Database, createApp, } from '@package-broker/core';
+// Re-export the Workflow class for Cloudflare to find it
+export { PackageStorageWorkflow };
+/**
+ * Create the PACKAGE.broker worker
+ */
+export function createWorker(config = { storage: 'r2' }, env) {
+    // Initialize logger with log level from environment
+    const logLevel = (env?.LOG_LEVEL || 'info');
+    // Logger initialization is side-effect, handled by getLogger singleton, can be configured globally
+    getLogger(logLevel);
+    // Initialize analytics
+    initAnalytics(env?.ANALYTICS);
+    // Define drivers initialization logic
+    // Since createApp supports injection, we'll wrap it
+    const app = createApp({
+        onInit: (app) => {
+            // Check for API token
+            // (Auth middleware handles this, but here we can add platform-specific middleware if needed)
+            // Database middleware
+            app.use('*', async (c, next) => {
+                if (c.env.DB) {
+                    c.set('database', createD1Database(c.env.DB));
+                }
+                await next();
+            });
+            // Storage middleware
+            app.use('*', async (c, next) => {
+                if (config.storage === 's3' && config.s3Config) {
+                    c.set('storage', new S3Driver(config.s3Config));
+                }
+                else if (c.env.S3_ENDPOINT) {
+                    // Use environment variables for S3
+                    c.set('storage', new S3Driver({
+                        endpoint: c.env.S3_ENDPOINT,
+                        region: c.env.S3_REGION || 'auto',
+                        accessKeyId: c.env.S3_ACCESS_KEY_ID || '',
+                        secretAccessKey: c.env.S3_SECRET_ACCESS_KEY || '',
+                        bucket: c.env.S3_BUCKET || '',
+                    }));
+                }
+                else {
+                    // Default to R2
+                    c.set('storage', new R2Driver({ bucket: c.env.R2_BUCKET }));
+                }
+                await next();
+            });
+            // Additional Cloudflare bindings (KV, Queue) can be added here if factory supports them being absent
+            // The current factory implementation assumes they are passed in Bindings or handled by specific routes
+        }
+    });
+    // Serve static assets (UI)
+    // Register this AFTER createApp so it doesn't shadow API routes
+    app.get('*', async (c) => {
+        if (c.env.ASSETS) {
+            // Try to serve the asset
+            const response = await c.env.ASSETS.fetch(c.req.raw);
+            if (response.status < 400) {
+                return response;
+            }
+            // SPA Fallback: If 404 and accepting html, serve index.html
+            // safely check accept header
+            const accept = c.req.header('accept');
+            if (response.status === 404 && accept && accept.includes('text/html')) {
+                const indexResponse = await c.env.ASSETS.fetch(new URL('/index.html', c.req.url).toString(), c.req.raw);
+                return indexResponse;
+            }
+            return response;
+        }
+        return c.text('UI Assets not available (ASSETS binding missing)', 404);
+    });
+    return app;
+}
+// Export default worker for Cloudflare
+export default {
+    async fetch(request, env, ctx) {
+        // Initialize worker and logger
+        const logLevel = (env?.LOG_LEVEL || 'info');
+        const logger = getLogger(logLevel);
+        // Log worker initialization (only once per worker instance, but helpful for debugging)
+        logger.debug('Worker processing request', {
+            method: request.method,
+            url: request.url,
+        });
+        const app = createWorker({ storage: 'r2' }, env);
+        return app.fetch(request, env, ctx);
+    },
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAMH,OAAO,EAgDL,QAAQ,EACR,QAAQ,EAER,SAAS,EACT,aAAa,EACb,sBAAsB,EACtB,gBAAgB,EAEhB,SAAS,GACV,MAAM,sBAAsB,CAAC;AAE9B,yDAAyD;AACzD,OAAO,EAAE,sBAAsB,EAAE,CAAC;AA2ClC;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,SAAuB,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,GAAS;IAC9E,oDAAoD;IACpD,MAAM,QAAQ,GAAG,CAAC,GAAG,EAAE,SAAS,IAAI,MAAM,CAAwC,CAAC;IACnF,mGAAmG;IACnG,SAAS,CAAC,QAAQ,CAAC,CAAC;IAEpB,uBAAuB;IACvB,aAAa,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAE9B,sCAAsC;IACtC,oDAAoD;IAEpD,MAAM,GAAG,GAAG,SAAS,CAAC;QACpB,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE;YACd,sBAAsB;YACtB,6FAA6F;YAE7F,sBAAsB;YACtB,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;gBAC7B,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;oBACb,CAAC,CAAC,GAAG,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;gBAChD,CAAC;gBACD,MAAM,IAAI,EAAE,CAAC;YACf,CAAC,CAAC,CAAC;YAEH,qBAAqB;YACrB,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;gBAC7B,IAAI,MAAM,CAAC,OAAO,KAAK,IAAI,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;oBAC/C,CAAC,CAAC,GAAG,CAAC,SAAS,EAAE,IAAI,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAClD,CAAC;qBAAM,IAAI,CAAC,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;oBAC7B,mCAAmC;oBACnC,CAAC,CAAC,GAAG,CACH,SAAS,EACT,IAAI,QAAQ,CAAC;wBACX,QAAQ,EAAE,CAAC,CAAC,GAAG,CAAC,WAAW;wBAC3B,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,SAAS,IAAI,MAAM;wBACjC,WAAW,EAAE,CAAC,CAAC,GAAG,CAAC,gBAAgB,IAAI,EAAE;wBACzC,eAAe,EAAE,CAAC,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE;wBACjD,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,SAAS,IAAI,EAAE;qBAC9B,CAAC,CACH,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,gBAAgB;oBAChB,CAAC,CAAC,GAAG,CAAC,SAAS,EAAE,IAAI,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;gBAC9D,CAAC;gBACD,MAAM,IAAI,EAAE,CAAC;YACf,CAAC,CAAC,CAAC;YAEH,qGAAqG;YACrG,uGAAuG;QACzG,CAAC;KACF,CAAC,CAAC;IAEH,2BAA2B;IAC3B,gEAAgE;IAChE,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACvB,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;YACjB,yBAAyB;YACzB,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACrD,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;gBAC1B,OAAO,QAAQ,CAAC;YAClB,CAAC;YAED,4DAA4D;YAC5D,6BAA6B;YAC7B,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YACtC,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,MAAM,IAAI,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBACtE,MAAM,aAAa,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,aAAa,EAAE,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBACxG,OAAO,aAAa,CAAC;YACvB,CAAC;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC;QACD,OAAO,CAAC,CAAC,IAAI,CAAC,kDAAkD,EAAE,GAAG,CAAC,CAAC;IACzE,CAAC,CAAC,CAAC;IAEH,OAAO,GAAG,CAAC;AACb,CAAC;AAID,uCAAuC;AACvC,eAAe;IACb,KAAK,CAAC,KAAK,CAAC,OAAgB,EAAE,GAAQ,EAAE,GAAqB;QAC3D,+BAA+B;QAC/B,MAAM,QAAQ,GAAG,CAAC,GAAG,EAAE,SAAS,IAAI,MAAM,CAAwC,CAAC;QACnF,MAAM,MAAM,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;QAEnC,uFAAuF;QACvF,MAAM,CAAC,KAAK,CAAC,2BAA2B,EAAE;YACxC,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,GAAG,EAAE,OAAO,CAAC,GAAG;SACjB,CAAC,CAAC;QAEH,MAAM,GAAG,GAAG,YAAY,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,GAAG,CAAC,CAAC;QACjD,OAAO,GAAG,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;IACtC,CAAC;CACF,CAAC"}

package/migrations/0001_init.sql

@@ -0,0 +1,62 @@
+-- Create repositories table
+CREATE TABLE IF NOT EXISTS repositories (
+  id TEXT PRIMARY KEY,
+  url TEXT NOT NULL,
+  vcs_type TEXT NOT NULL,
+  credential_type TEXT NOT NULL,
+  auth_credentials TEXT NOT NULL,
+  composer_json_path TEXT,
+  status TEXT DEFAULT 'pending',
+  error_message TEXT,
+  last_synced_at INTEGER,
+  created_at INTEGER NOT NULL
+);
+
+CREATE INDEX IF NOT EXISTS idx_repositories_status ON repositories(status);
+CREATE INDEX IF NOT EXISTS idx_repositories_vcs_type ON repositories(vcs_type);
+
+-- Create tokens table
+CREATE TABLE IF NOT EXISTS tokens (
+  id TEXT PRIMARY KEY,
+  description TEXT NOT NULL,
+  token_hash TEXT NOT NULL,
+  rate_limit_max INTEGER DEFAULT 1000,
+  created_at INTEGER NOT NULL,
+  expires_at INTEGER,
+  last_used_at INTEGER
+);
+
+CREATE INDEX IF NOT EXISTS idx_tokens_token_hash ON tokens(token_hash);
+
+-- Create packages table
+CREATE TABLE IF NOT EXISTS packages (
+  id TEXT PRIMARY KEY,
+  repo_id TEXT NOT NULL REFERENCES repositories(id) ON DELETE CASCADE,
+  name TEXT NOT NULL,
+  version TEXT NOT NULL,
+  dist_url TEXT NOT NULL,
+  released_at INTEGER,
+  readme_content TEXT,
+  created_at INTEGER NOT NULL,
+  UNIQUE(name, version)
+);
+
+CREATE INDEX IF NOT EXISTS idx_packages_repo_id ON packages(repo_id);
+CREATE INDEX IF NOT EXISTS idx_packages_name ON packages(name);
+
+-- Create artifacts table
+CREATE TABLE IF NOT EXISTS artifacts (
+  id TEXT PRIMARY KEY,
+  repo_id TEXT NOT NULL REFERENCES repositories(id) ON DELETE CASCADE,
+  package_name TEXT NOT NULL,
+  version TEXT NOT NULL,
+  file_key TEXT,
+  size INTEGER,
+  download_count INTEGER DEFAULT 0,
+  last_downloaded_at INTEGER,
+  created_at INTEGER NOT NULL,
+  UNIQUE(repo_id, package_name, version)
+);
+
+CREATE INDEX IF NOT EXISTS idx_artifacts_repo_id ON artifacts(repo_id);
+CREATE INDEX IF NOT EXISTS idx_artifacts_package_name ON artifacts(package_name);

package/migrations/0001_initial.sql

@@ -0,0 +1,89 @@
+-- Initial schema migration
+
+-- Repositories table
+CREATE TABLE IF NOT EXISTS repositories (
+  id TEXT PRIMARY KEY,
+  url TEXT NOT NULL,
+  vcs_type TEXT NOT NULL,
+  credential_type TEXT NOT NULL,
+  auth_credentials TEXT NOT NULL,
+  composer_json_path TEXT,
+  status TEXT DEFAULT 'pending',
+  error_message TEXT,
+  last_synced_at INTEGER,
+  created_at INTEGER NOT NULL
+);
+
+CREATE INDEX IF NOT EXISTS idx_repositories_status ON repositories(status);
+CREATE INDEX IF NOT EXISTS idx_repositories_last_synced ON repositories(last_synced_at);
+CREATE INDEX IF NOT EXISTS idx_repositories_credential_type ON repositories(credential_type);
+CREATE INDEX IF NOT EXISTS idx_repositories_vcs_type ON repositories(vcs_type);
+
+-- Tokens table
+CREATE TABLE IF NOT EXISTS tokens (
+  id TEXT PRIMARY KEY,
+  description TEXT NOT NULL,
+  token_hash TEXT NOT NULL,
+  rate_limit_max INTEGER DEFAULT 1000,
+  created_at INTEGER NOT NULL,
+  expires_at INTEGER,
+  last_used_at INTEGER
+);
+
+CREATE INDEX IF NOT EXISTS idx_tokens_token_hash ON tokens(token_hash);
+
+-- Artifacts table
+CREATE TABLE IF NOT EXISTS artifacts (
+  id TEXT PRIMARY KEY,
+  repo_id TEXT NOT NULL REFERENCES repositories(id) ON DELETE CASCADE,
+  package_name TEXT NOT NULL,
+  version TEXT NOT NULL,
+  file_key TEXT NOT NULL,
+  size INTEGER,
+  download_count INTEGER DEFAULT 0,
+  created_at INTEGER NOT NULL,
+  last_downloaded_at INTEGER
+);
+
+CREATE INDEX IF NOT EXISTS idx_artifacts_repo_id ON artifacts(repo_id);
+CREATE INDEX IF NOT EXISTS idx_artifacts_package_name ON artifacts(package_name);
+CREATE INDEX IF NOT EXISTS idx_artifacts_last_downloaded ON artifacts(last_downloaded_at);
+CREATE UNIQUE INDEX IF NOT EXISTS artifacts_repo_package_version ON artifacts(repo_id, package_name, version);
+
+-- Packages table
+CREATE TABLE IF NOT EXISTS packages (
+  id TEXT PRIMARY KEY,
+  repo_id TEXT NOT NULL REFERENCES repositories(id) ON DELETE CASCADE,
+  name TEXT NOT NULL,
+  version TEXT NOT NULL,
+  dist_url TEXT NOT NULL,
+  released_at INTEGER,
+  readme_content TEXT,
+  created_at INTEGER NOT NULL
+);
+
+CREATE INDEX IF NOT EXISTS idx_packages_repo_id ON packages(repo_id);
+CREATE INDEX IF NOT EXISTS idx_packages_name ON packages(name);
+CREATE UNIQUE INDEX IF NOT EXISTS packages_name_version_unique ON packages(name, version);
+
+-- Admin users table
+-- Users table
+CREATE TABLE IF NOT EXISTS users (
+  id TEXT PRIMARY KEY,
+  email TEXT NOT NULL UNIQUE,
+  password_hash TEXT NOT NULL,
+  role TEXT DEFAULT 'admin' NOT NULL,
+  status TEXT DEFAULT 'active' NOT NULL,
+  two_factor_secret TEXT,
+  two_factor_enabled BOOLEAN DEFAULT FALSE,
+  recovery_codes TEXT,
+  invite_token TEXT,
+  invite_expires_at INTEGER,
+  created_at INTEGER NOT NULL,
+  last_login_at INTEGER
+);
+
+CREATE INDEX IF NOT EXISTS idx_users_email ON users(email);
+CREATE INDEX IF NOT EXISTS idx_users_invite_token ON users(invite_token);
+
+

package/migrations/0002_add_package_filter.sql

@@ -0,0 +1,6 @@
+-- Add package_filter column for filtering packages to sync
+-- Used by repositories with provider-includes (like Magento Marketplace)
+-- Contains comma-separated list of package names to sync
+
+ALTER TABLE repositories ADD COLUMN package_filter TEXT;
+

package/migrations/0003_add_source_dist_url.sql

@@ -0,0 +1,2 @@
+-- Add source_dist_url column to packages table for on-demand artifact mirroring
+ALTER TABLE packages ADD COLUMN source_dist_url TEXT;

package/migrations/0004_add_artifact_file_key.sql

@@ -0,0 +1,2 @@
+-- Add file_key column to artifacts table for R2/S3 storage key tracking
+ALTER TABLE artifacts ADD COLUMN file_key TEXT;

package/migrations/0005_package_metadata.sql

@@ -0,0 +1,6 @@
+-- Add package metadata fields: description, license, package_type, homepage
+ALTER TABLE packages ADD COLUMN description TEXT;
+ALTER TABLE packages ADD COLUMN license TEXT;
+ALTER TABLE packages ADD COLUMN package_type TEXT;
+ALTER TABLE packages ADD COLUMN homepage TEXT;
+

package/migrations/0006_add_token_permissions.sql

@@ -0,0 +1,6 @@
+-- Add permissions column to tokens table
+ALTER TABLE tokens ADD COLUMN permissions TEXT NOT NULL DEFAULT 'readonly';
+
+-- Set all existing tokens to 'write' for backwards compatibility
+UPDATE tokens SET permissions = 'write' WHERE permissions = 'readonly';
+

package/migrations/0008_add_package_metadata.sql

@@ -0,0 +1,2 @@
+-- Add metadata column to store complete upstream package metadata as JSON
+ALTER TABLE packages ADD COLUMN metadata TEXT;

package/package.json

@@ -0,0 +1,44 @@
+{
+  "name": "@package-broker/main",
+  "version": "0.2.15",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "default": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "migrations",
+    "wrangler.example.toml",
+    "package.json",
+    "README.md"
+  ],
+  "scripts": {
+    "lint": "echo 'no linting configured'",
+    "build": "tsc -p tsconfig.build.json",
+    "clean": "rm -rf dist",
+    "typecheck": "tsc --noEmit",
+    "prepublishOnly": "npm run clean && npm run build"
+  },
+  "dependencies": {
+    "@package-broker/core": "*",
+    "@package-broker/ui": "*"
+  },
+  "devDependencies": {
+    "typescript": "^5.3.3",
+    "@cloudflare/workers-types": "^4.20240125.0"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/package-broker/server",
+    "directory": "packages/main"
+  },
+  "publishConfig": {
+    "access": "public"
+  }
+}

package/wrangler.example.toml

@@ -0,0 +1,60 @@
+# PACKAGE.broker - Example wrangler.toml
+# Copy this file to wrangler.toml and fill in your values
+
+name = "package-broker"
+main = "packages/main/src/index.ts"
+compatibility_date = "2024-09-23"
+compatibility_flags = ["nodejs_compat"]
+
+[vars]
+# Generate with: openssl rand -base64 32
+ENCRYPTION_KEY = "REPLACE_WITH_YOUR_32_BYTE_KEY_BASE64"
+
+# Optional: Set to restrict admin API access
+# ADMIN_TOKEN = "your-admin-token"
+
+# D1 Database
+[[d1_databases]]
+binding = "DB"
+database_name = "package-broker-db"
+database_id = "REPLACE_WITH_YOUR_DATABASE_ID"
+
+# KV Namespace for caching
+[[kv_namespaces]]
+binding = "KV"
+id = "REPLACE_WITH_YOUR_KV_NAMESPACE_ID"
+
+# R2 Bucket for artifacts
+[[r2_buckets]]
+binding = "R2_BUCKET"
+bucket_name = "package-broker-artifacts"
+
+# Queue for async operations
+[[queues.producers]]
+binding = "QUEUE"
+queue = "package-broker-queue"
+
+[[queues.consumers]]
+queue = "package-broker-queue"
+max_batch_size = 10
+max_batch_timeout = 30
+
+# Analytics Engine (OPTIONAL - free tier: 100k events/day)
+# Analytics Engine datasets are automatically created on first write.
+# To enable Analytics Engine:
+# 1. Uncomment the lines below
+# 2. Deploy: npx wrangler deploy
+# 3. The dataset will be created automatically when first event is written
+#
+# [[analytics_engine_datasets]]
+# binding = "ANALYTICS"
+# dataset = "package-broker-analytics"
+
+# Optional: Use S3 instead of R2
+# [vars]
+# S3_ENDPOINT = "https://s3.amazonaws.com"
+# S3_REGION = "us-east-1"
+# S3_ACCESS_KEY_ID = "your-access-key"
+# S3_SECRET_ACCESS_KEY = "your-secret-key"
+# S3_BUCKET = "your-bucket-name"
+