@rei-standard/amsg-server 1.1.0

package/dist/index-wQ6O1KrR.d.cts

@@ -0,0 +1,1547 @@
+import { createDecipheriv, createHash, randomBytes, createCipheriv, randomUUID } from 'crypto';
+
+/**
+ * Adapter Factory
+ * ReiStandard SDK v1.1.0
+ *
+ * Creates a database adapter instance based on the supplied configuration.
+ *
+ * @typedef {'neon'|'pg'} DriverName
+ *
+ * @typedef {Object} AdapterConfig
+ * @property {DriverName} driver  - Which database driver to use.
+ * @property {string}     connectionString - Database connection URL.
+ */
+
+/**
+ * Create a database adapter.
+ *
+ * @param {AdapterConfig} config
+ * @returns {Promise<import('./interface.js').DbAdapter>}
+ */
+async function createAdapter(config) {
+  if (!config || !config.driver) {
+    throw new Error(
+      '[rei-standard-amsg-server] "driver" is required in the db config. ' +
+      'Supported drivers: neon, pg'
+    );
+  }
+
+  if (!config.connectionString) {
+    throw new Error(
+      '[rei-standard-amsg-server] "connectionString" is required in the db config.'
+    );
+  }
+
+  switch (config.driver) {
+    case 'neon': {
+      const { NeonAdapter } = await import('./neon-CNUoZFv_.d.cts');
+      return new NeonAdapter(config.connectionString);
+    }
+
+    case 'pg': {
+      const { PgAdapter } = await import('./pg-B8JqNFRD.d.cts');
+      return new PgAdapter(config.connectionString);
+    }
+
+    default:
+      throw new Error(
+        `[rei-standard-amsg-server] Unsupported driver "${config.driver}". ` +
+        'Supported drivers: neon, pg'
+      );
+  }
+}
+
+/**
+ * Shared SQL schema constants
+ * ReiStandard SDK v1.1.0
+ */
+
+const TABLE_SQL = `
+  CREATE TABLE IF NOT EXISTS scheduled_messages (
+    id SERIAL PRIMARY KEY,
+    user_id VARCHAR(255) NOT NULL,
+    uuid VARCHAR(36),
+    encrypted_payload TEXT NOT NULL,
+    message_type VARCHAR(50) NOT NULL CHECK (message_type IN ('fixed', 'prompted', 'auto', 'instant')),
+    next_send_at TIMESTAMP WITH TIME ZONE NOT NULL,
+    status VARCHAR(50) NOT NULL DEFAULT 'pending' CHECK (status IN ('pending', 'sent', 'failed')),
+    retry_count INTEGER DEFAULT 0,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
+    updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
+  )
+`;
+
+const INDEXES = [
+  {
+    name: 'idx_pending_tasks_optimized',
+    sql: `CREATE INDEX IF NOT EXISTS idx_pending_tasks_optimized
+          ON scheduled_messages (status, next_send_at, id, retry_count)
+          WHERE status = 'pending'`,
+    description: 'Main query index (Cron Job finds pending tasks)'
+  },
+  {
+    name: 'idx_cleanup_completed',
+    sql: `CREATE INDEX IF NOT EXISTS idx_cleanup_completed
+          ON scheduled_messages (status, updated_at)
+          WHERE status IN ('sent', 'failed')`,
+    description: 'Cleanup query index'
+  },
+  {
+    name: 'idx_failed_retry',
+    sql: `CREATE INDEX IF NOT EXISTS idx_failed_retry
+          ON scheduled_messages (status, retry_count, next_send_at)
+          WHERE status = 'failed' AND retry_count < 3`,
+    description: 'Failed retry index'
+  },
+  {
+    name: 'idx_user_id',
+    sql: `CREATE INDEX IF NOT EXISTS idx_user_id
+          ON scheduled_messages (user_id)`,
+    description: 'User task query index'
+  },
+  {
+    name: 'uidx_uuid',
+    sql: `CREATE UNIQUE INDEX IF NOT EXISTS uidx_uuid
+          ON scheduled_messages (uuid)
+          WHERE uuid IS NOT NULL`,
+    description: 'UUID uniqueness guard',
+    critical: true
+  }
+];
+
+const VERIFY_TABLE_SQL = `
+  SELECT table_name
+  FROM information_schema.tables
+  WHERE table_schema = 'public'
+    AND table_name = 'scheduled_messages'
+`;
+
+const COLUMNS_SQL = `
+  SELECT column_name, data_type, is_nullable
+  FROM information_schema.columns
+  WHERE table_schema = 'public'
+    AND table_name = 'scheduled_messages'
+  ORDER BY ordinal_position
+`;
+
+const REQUIRED_COLUMNS = [
+  'id', 'user_id', 'uuid', 'encrypted_payload',
+  'message_type', 'next_send_at', 'status', 'retry_count'
+];
+
+/**
+ * Request payload utilities.
+ * Keeps body parsing and shape validation consistent across handlers.
+ */
+
+const REQUEST_ERRORS = {
+  INVALID_JSON: { code: 'INVALID_JSON', message: '请求体不是有效的 JSON' },
+  INVALID_REQUEST_BODY: { code: 'INVALID_REQUEST_BODY', message: '请求体格式无效' },
+  INVALID_ENCRYPTED_PAYLOAD: { code: 'INVALID_ENCRYPTED_PAYLOAD', message: '加密数据格式错误' }
+};
+
+/**
+ * @typedef {{ code: string, message: string }} ValidationError
+ */
+
+/**
+ * @typedef {{
+ *   invalidJson?: ValidationError,
+ *   invalidType?: ValidationError
+ * }} ParseBodyOptions
+ */
+
+/**
+ * @typedef {{
+ *   ok: true,
+ *   data: Record<string, any>
+ * } | {
+ *   ok: false,
+ *   error: ValidationError
+ * }} ParseBodyResult
+ */
+
+/**
+ * Parse body into a JSON object.
+ *
+ * @param {unknown} body
+ * @param {ParseBodyOptions} [options]
+ * @returns {ParseBodyResult}
+ */
+function parseBodyAsObject(body, options = {}) {
+  const invalidJson = options.invalidJson || REQUEST_ERRORS.INVALID_JSON;
+  const invalidType = options.invalidType || REQUEST_ERRORS.INVALID_REQUEST_BODY;
+
+  let parsed = body;
+  if (typeof parsed === 'string') {
+    try {
+      parsed = JSON.parse(parsed);
+    } catch {
+      return { ok: false, error: invalidJson };
+    }
+  }
+
+  if (!isPlainObject(parsed)) {
+    return { ok: false, error: invalidType };
+  }
+
+  return { ok: true, data: parsed };
+}
+
+/**
+ * Parse a standard JSON object body.
+ *
+ * @param {unknown} body
+ * @returns {ParseBodyResult}
+ */
+function parseJsonBody(body) {
+  return parseBodyAsObject(body, {
+    invalidJson: REQUEST_ERRORS.INVALID_JSON,
+    invalidType: REQUEST_ERRORS.INVALID_REQUEST_BODY
+  });
+}
+
+/**
+ * Check if a value is a plain object (and not null/array).
+ *
+ * @param {unknown} value
+ * @returns {value is Record<string, any>}
+ */
+function isPlainObject(value) {
+  return typeof value === 'object' && value !== null && !Array.isArray(value);
+}
+
+/**
+ * Check if an object follows the encrypted payload envelope shape.
+ *
+ * @param {unknown} payload
+ * @returns {payload is { iv: string, authTag: string, encryptedData: string }}
+ */
+function isEncryptedEnvelope(payload) {
+  if (!isPlainObject(payload)) return false;
+
+  return (
+    typeof payload.iv === 'string' &&
+    typeof payload.authTag === 'string' &&
+    typeof payload.encryptedData === 'string'
+  );
+}
+
+/**
+ * Parse and validate an encrypted payload envelope.
+ *
+ * @param {unknown} body
+ * @returns {ParseBodyResult}
+ */
+function parseEncryptedBody(body) {
+  const parsedBody = parseBodyAsObject(body, {
+    invalidJson: REQUEST_ERRORS.INVALID_ENCRYPTED_PAYLOAD,
+    invalidType: REQUEST_ERRORS.INVALID_ENCRYPTED_PAYLOAD
+  });
+
+  if (!parsedBody.ok) {
+    return parsedBody;
+  }
+
+  if (!isEncryptedEnvelope(parsedBody.data)) {
+    return { ok: false, error: REQUEST_ERRORS.INVALID_ENCRYPTED_PAYLOAD };
+  }
+
+  return parsedBody;
+}
+
+/**
+ * Handler: init-database
+ * ReiStandard SDK v1.1.0
+ *
+ * @param {Object} ctx - Server context injected by createReiServer.
+ * @returns {{ GET: function, POST: function }}
+ */
+
+
+function createInitDatabaseHandler(ctx) {
+  async function GET(headers) {
+    if (!ctx.initSecret) {
+      return {
+        status: 500,
+        body: { success: false, error: { code: 'INIT_SECRET_MISSING', message: 'initSecret 未配置，请在 createReiServer 配置中提供 initSecret' } }
+      };
+    }
+
+    const authHeader = (headers['authorization'] || '').trim();
+    const expectedAuth = `Bearer ${ctx.initSecret}`;
+
+    if (authHeader !== expectedAuth) {
+      return {
+        status: 401,
+        body: { success: false, error: { code: 'UNAUTHORIZED', message: '需要认证。请在请求头中添加: Authorization: Bearer {INIT_SECRET}' } }
+      };
+    }
+
+    const result = await ctx.db.initSchema();
+
+    const columnNames = result.columns.map(c => c.name);
+    const missingColumns = REQUIRED_COLUMNS.filter(col => !columnNames.includes(col));
+    if (missingColumns.length > 0) {
+      console.warn('[init-database] ⚠️  Missing columns:', missingColumns);
+    }
+
+    return {
+      status: 200,
+      body: {
+        success: true,
+        message: '数据库初始化成功！建议立即删除此 API 文件。',
+        data: {
+          table: 'scheduled_messages',
+          columnsCreated: result.columnsCreated,
+          indexesCreated: result.indexesCreated,
+          indexesFailed: result.indexesFailed,
+          details: { columns: result.columns, indexes: result.indexes },
+          nextSteps: [
+            '1. 验证表和索引已正确创建',
+            '2. 立即删除 /app/api/v1/init-database/route.js 文件',
+            '3. 从 .env 中删除 INIT_SECRET（可选）',
+            '4. 开始使用 ReiStandard API'
+          ]
+        }
+      }
+    };
+  }
+
+  async function POST(headers, body) {
+    if (!ctx.initSecret) {
+      return {
+        status: 500,
+        body: { success: false, error: { code: 'INIT_SECRET_MISSING', message: 'initSecret 未配置，请在 createReiServer 配置中提供 initSecret' } }
+      };
+    }
+
+    const authHeader = (headers['authorization'] || '').trim();
+    const expectedAuth = `Bearer ${ctx.initSecret}`;
+
+    if (authHeader !== expectedAuth) {
+      return {
+        status: 401,
+        body: { success: false, error: { code: 'UNAUTHORIZED', message: '需要认证' } }
+      };
+    }
+
+    const parsedBody = parseJsonBody(body);
+    if (!parsedBody.ok) {
+      return {
+        status: 400,
+        body: { success: false, error: parsedBody.error }
+      };
+    }
+
+    if (parsedBody.data.confirm !== 'DELETE_ALL_DATA') {
+      return {
+        status: 400,
+        body: { success: false, error: { code: 'CONFIRMATION_REQUIRED', message: '需要在请求体中提供确认参数: { "confirm": "DELETE_ALL_DATA" }' } }
+      };
+    }
+
+    await ctx.db.dropSchema();
+    return GET(headers);
+  }
+
+  return { GET, POST };
+}
+
+/**
+ * Handler: get-master-key
+ * ReiStandard SDK v1.1.0
+ *
+ * @param {Object} ctx - Server context.
+ * @returns {{ GET: function }}
+ */
+
+function createGetMasterKeyHandler(ctx) {
+  async function GET(headers) {
+    const userId = headers['x-user-id'];
+
+    if (!userId) {
+      return {
+        status: 400,
+        body: { success: false, error: { code: 'USER_ID_REQUIRED', message: '缺少用户标识符' } }
+      };
+    }
+
+    return {
+      status: 200,
+      body: {
+        success: true,
+        data: {
+          masterKey: ctx.encryptionKey,
+          version: 1
+        }
+      }
+    };
+  }
+
+  return { GET };
+}
+
+/**
+ * Encryption utility library (SDK version)
+ * ReiStandard SDK v1.1.0
+ *
+ * Wraps AES-256-GCM operations for request/response and storage encryption.
+ */
+
+
+/**
+ * Derive a user-specific encryption key from the master key.
+ *
+ * @param {string} userId    - Unique user identifier.
+ * @param {string} masterKey - 64-char hex master key (ENCRYPTION_KEY env var).
+ * @returns {string} 64-char hex key.
+ */
+function deriveUserEncryptionKey(userId, masterKey) {
+  return createHash('sha256')
+    .update(masterKey + userId)
+    .digest('hex')
+    .slice(0, 64);
+}
+
+/**
+ * Decrypt a client-encrypted request body (AES-256-GCM, base64 encoded).
+ *
+ * @param {{ iv: string, authTag: string, encryptedData: string }} encryptedPayload
+ * @param {string} encryptionKey - 64-char hex key.
+ * @returns {Object} Decrypted JSON object.
+ */
+function decryptPayload(encryptedPayload, encryptionKey) {
+  const { iv, authTag, encryptedData } = encryptedPayload;
+
+  const decipher = createDecipheriv(
+    'aes-256-gcm',
+    Buffer.from(encryptionKey, 'hex'),
+    Buffer.from(iv, 'base64')
+  );
+
+  decipher.setAuthTag(Buffer.from(authTag, 'base64'));
+
+  const decrypted = Buffer.concat([
+    decipher.update(Buffer.from(encryptedData, 'base64')),
+    decipher.final()
+  ]);
+
+  return JSON.parse(decrypted.toString('utf8'));
+}
+
+/**
+ * Encrypt a JSON payload for API transfer (AES-256-GCM, base64 encoded).
+ *
+ * @param {string|Object} payload
+ * @param {string} encryptionKey - 64-char hex key.
+ * @returns {{ iv: string, authTag: string, encryptedData: string }}
+ */
+function encryptPayload(payload, encryptionKey) {
+  const plaintext = typeof payload === 'string' ? payload : JSON.stringify(payload);
+  const iv = randomBytes(12);
+  const cipher = createCipheriv('aes-256-gcm', Buffer.from(encryptionKey, 'hex'), iv);
+  const encrypted = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);
+  const authTag = cipher.getAuthTag();
+
+  return {
+    iv: iv.toString('base64'),
+    authTag: authTag.toString('base64'),
+    encryptedData: encrypted.toString('base64')
+  };
+}
+
+/**
+ * Encrypt data for database storage (hex encoded, colon-separated).
+ *
+ * @param {string} text          - Plaintext string.
+ * @param {string} encryptionKey - 64-char hex key.
+ * @returns {string} Format: iv:authTag:encryptedData
+ */
+function encryptForStorage(text, encryptionKey) {
+  const iv = randomBytes(16);
+  const cipher = createCipheriv('aes-256-gcm', Buffer.from(encryptionKey, 'hex'), iv);
+  const encrypted = cipher.update(text, 'utf8', 'hex') + cipher.final('hex');
+  const authTag = cipher.getAuthTag();
+  return `${iv.toString('hex')}:${authTag.toString('hex')}:${encrypted}`;
+}
+
+/**
+ * Decrypt data from database storage format.
+ *
+ * @param {string} encryptedText - Format: iv:authTag:encryptedData
+ * @param {string} encryptionKey - 64-char hex key.
+ * @returns {string} Plaintext string.
+ */
+function decryptFromStorage(encryptedText, encryptionKey) {
+  const [ivHex, authTagHex, encryptedDataHex] = encryptedText.split(':');
+  const decipher = createDecipheriv(
+    'aes-256-gcm',
+    Buffer.from(encryptionKey, 'hex'),
+    Buffer.from(ivHex, 'hex')
+  );
+  decipher.setAuthTag(Buffer.from(authTagHex, 'hex'));
+  return decipher.update(encryptedDataHex, 'hex', 'utf8') + decipher.final('utf8');
+}
+
+/**
+ * Database error helpers.
+ */
+
+/**
+ * Check whether an error is caused by a unique-constraint violation.
+ *
+ * @param {unknown} error
+ * @returns {boolean}
+ */
+function isUniqueViolation(error) {
+  if (!error || typeof error !== 'object') return false;
+
+  const code = error.code;
+  if (code === '23505') return true;
+
+  const message = typeof error.message === 'string' ? error.message.toLowerCase() : '';
+  return message.includes('duplicate key') || message.includes('unique constraint');
+}
+
+/**
+ * Validation utility library (SDK version)
+ * ReiStandard SDK v1.1.0
+ */
+
+/**
+ * Validate ISO 8601 date string.
+ * @param {string} dateString
+ * @returns {boolean}
+ */
+function isValidISO8601(dateString) {
+  const date = new Date(dateString);
+  return date instanceof Date && !isNaN(date.getTime());
+}
+
+/**
+ * Validate URL format.
+ * @param {string} urlString
+ * @returns {boolean}
+ */
+function isValidUrl(urlString) {
+  try {
+    new URL(urlString);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Validate UUID format.
+ * @param {string} uuid
+ * @returns {boolean}
+ */
+function isValidUUID(uuid) {
+  const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+  return uuidRegex.test(uuid);
+}
+
+/**
+ * Validate the schedule-message request payload.
+ *
+ * @param {Object} payload
+ * @returns {{ valid: boolean, errorCode?: string, errorMessage?: string, details?: Object }}
+ */
+function validateScheduleMessagePayload(payload) {
+  if (!payload.contactName || typeof payload.contactName !== 'string') {
+    return { valid: false, errorCode: 'INVALID_PARAMETERS', errorMessage: '缺少必需参数或参数格式错误', details: { missingFields: ['contactName'] } };
+  }
+
+  if (!payload.messageType || !['fixed', 'prompted', 'auto', 'instant'].includes(payload.messageType)) {
+    return { valid: false, errorCode: 'INVALID_MESSAGE_TYPE', errorMessage: '消息类型无效', details: { providedType: payload.messageType, allowedTypes: ['fixed', 'prompted', 'auto', 'instant'] } };
+  }
+
+  if (!payload.firstSendTime || !isValidISO8601(payload.firstSendTime)) {
+    return { valid: false, errorCode: 'INVALID_TIMESTAMP', errorMessage: '时间格式无效', details: { field: 'firstSendTime' } };
+  }
+
+  if (payload.firstSendTime && new Date(payload.firstSendTime) <= new Date()) {
+    return { valid: false, errorCode: 'INVALID_TIMESTAMP', errorMessage: '时间必须在未来', details: { field: 'firstSendTime', reason: 'must be in the future' } };
+  }
+
+  if (!payload.pushSubscription || typeof payload.pushSubscription !== 'object') {
+    return { valid: false, errorCode: 'INVALID_PARAMETERS', errorMessage: '缺少必需参数或参数格式错误', details: { missingFields: ['pushSubscription'] } };
+  }
+
+  if (payload.recurrenceType && !['none', 'daily', 'weekly'].includes(payload.recurrenceType)) {
+    return { valid: false, errorCode: 'INVALID_PARAMETERS', errorMessage: '缺少必需参数或参数格式错误', details: { invalidFields: ['recurrenceType'] } };
+  }
+
+  if (payload.messageType === 'fixed') {
+    if (!payload.userMessage) {
+      return { valid: false, errorCode: 'INVALID_PARAMETERS', errorMessage: '缺少必需参数或参数格式错误', details: { missingFields: ['userMessage (required for fixed type)'] } };
+    }
+  }
+
+  if (payload.messageType === 'prompted' || payload.messageType === 'auto') {
+    const missingAiFields = [];
+    if (!payload.completePrompt) missingAiFields.push('completePrompt');
+    if (!payload.apiUrl) missingAiFields.push('apiUrl');
+    if (!payload.apiKey) missingAiFields.push('apiKey');
+    if (!payload.primaryModel) missingAiFields.push('primaryModel');
+    if (missingAiFields.length > 0) {
+      return { valid: false, errorCode: 'INVALID_PARAMETERS', errorMessage: '缺少必需参数或参数格式错误', details: { missingFields: missingAiFields } };
+    }
+  }
+
+  if (payload.messageType === 'instant') {
+    if (payload.recurrenceType && payload.recurrenceType !== 'none') {
+      return { valid: false, errorCode: 'INVALID_PARAMETERS', errorMessage: 'instant 类型的 recurrenceType 必须为 none', details: { invalidFields: ['recurrenceType (must be "none" for instant type)'] } };
+    }
+    const hasAiConfig = payload.completePrompt && payload.apiUrl && payload.apiKey && payload.primaryModel;
+    const hasUserMessage = payload.userMessage;
+    if (!hasAiConfig && !hasUserMessage) {
+      return { valid: false, errorCode: 'INVALID_PARAMETERS', errorMessage: 'instant 类型必须提供 userMessage 或完整的 AI 配置', details: { missingFields: ['userMessage or (completePrompt + apiUrl + apiKey + primaryModel)'] } };
+    }
+  }
+
+  if (payload.avatarUrl && !isValidUrl(payload.avatarUrl)) {
+    return { valid: false, errorCode: 'INVALID_PARAMETERS', errorMessage: '缺少必需参数或参数格式错误', details: { invalidFields: ['avatarUrl (invalid URL format)'] } };
+  }
+  if (payload.uuid && !isValidUUID(payload.uuid)) {
+    return { valid: false, errorCode: 'INVALID_PARAMETERS', errorMessage: '缺少必需参数或参数格式错误', details: { invalidFields: ['uuid (invalid UUID format)'] } };
+  }
+  if (payload.messageSubtype && !['chat', 'forum', 'moment'].includes(payload.messageSubtype)) {
+    return { valid: false, errorCode: 'INVALID_PARAMETERS', errorMessage: '缺少必需参数或参数格式错误', details: { invalidFields: ['messageSubtype'] } };
+  }
+
+  return { valid: true };
+}
+
+/**
+ * Message Processor (SDK version)
+ * ReiStandard SDK v1.1.0
+ *
+ * Handles single message content generation and Web Push delivery.
+ * Receives its dependencies (encryption helpers, webpush, VAPID config)
+ * via a context object so that it stays free of process.env references.
+ */
+
+
+/**
+ * @typedef {Object} ProcessorContext
+ * @property {string}  encryptionKey     - 64-char hex master key.
+ * @property {Object}  webpush           - The web-push module instance (already VAPID-configured).
+ * @property {Object}  vapid             - { email, publicKey, privateKey }
+ * @property {import('../adapters/interface.js').DbAdapter} db
+ */
+
+/**
+ * Process a single database task row: decrypt → generate content → push.
+ *
+ * @param {import('../adapters/interface.js').TaskRow} task
+ * @param {ProcessorContext} ctx
+ * @returns {Promise<{ success: boolean, messagesSent: number, error?: string }>}
+ */
+async function processSingleMessage(task, ctx) {
+  try {
+    const userKey = deriveUserEncryptionKey(task.user_id, ctx.encryptionKey);
+    const decryptedPayload = JSON.parse(decryptFromStorage(task.encrypted_payload, userKey));
+
+    let messageContent;
+
+    if (decryptedPayload.messageType === 'fixed') {
+      messageContent = decryptedPayload.userMessage;
+
+    } else if (decryptedPayload.messageType === 'instant') {
+      if (decryptedPayload.completePrompt && decryptedPayload.apiUrl && decryptedPayload.apiKey && decryptedPayload.primaryModel) {
+        messageContent = await _callAI(decryptedPayload);
+      } else if (decryptedPayload.userMessage) {
+        messageContent = decryptedPayload.userMessage;
+      } else {
+        throw new Error('Invalid instant message: no content source available');
+      }
+
+    } else if (decryptedPayload.messageType === 'prompted' || decryptedPayload.messageType === 'auto') {
+      messageContent = await _callAI(decryptedPayload);
+    } else {
+      throw new Error('Invalid message configuration: no content source available');
+    }
+
+    // Sentence splitting
+    const sentences = messageContent
+      .split(/([。！？!?]+)/)
+      .reduce((acc, part, i, arr) => {
+        if (i % 2 === 0 && part.trim()) {
+          const punctuation = arr[i + 1] || '';
+          acc.push(part.trim() + punctuation);
+        }
+        return acc;
+      }, [])
+      .filter(s => s.length > 0);
+
+    const messages = sentences.length > 0 ? sentences : [messageContent];
+
+    if (!ctx.vapid.email || !ctx.vapid.publicKey || !ctx.vapid.privateKey) {
+      throw new Error('VAPID configuration missing - push notifications cannot be sent');
+    }
+
+    const pushSubscription = decryptedPayload.pushSubscription;
+
+    for (let i = 0; i < messages.length; i++) {
+      const notificationPayload = {
+        title: `来自 ${decryptedPayload.contactName}`,
+        message: messages[i],
+        contactName: decryptedPayload.contactName,
+        messageId: `msg_${randomUUID()}_${task.id || 'instant'}_${i}`,
+        messageIndex: i + 1,
+        totalMessages: messages.length,
+        messageType: decryptedPayload.messageType,
+        messageSubtype: decryptedPayload.messageSubtype || 'chat',
+        taskId: task.id || null,
+        timestamp: new Date().toISOString(),
+        source: decryptedPayload.messageType === 'instant' ? 'instant' : 'scheduled',
+        avatarUrl: decryptedPayload.avatarUrl || null,
+        metadata: decryptedPayload.metadata || {}
+      };
+
+      await ctx.webpush.sendNotification(pushSubscription, JSON.stringify(notificationPayload));
+
+      if (i < messages.length - 1) {
+        await new Promise(resolve => setTimeout(resolve, 1500));
+      }
+    }
+
+    return { success: true, messagesSent: messages.length };
+
+  } catch (error) {
+    return { success: false, messagesSent: 0, error: error.message };
+  }
+}
+
+/**
+ * Process a single message identified by UUID (used for instant type).
+ *
+ * @param {string} uuid
+ * @param {ProcessorContext} ctx
+ * @param {number} [maxRetries=2]
+ * @param {string} [userId]
+ * @returns {Promise<{ success: boolean, messagesSent?: number, retriesUsed?: number, error?: Object }>}
+ */
+async function processMessagesByUuid(uuid, ctx, maxRetries = 2, userId) {
+  let retryCount = 0;
+
+  while (retryCount <= maxRetries) {
+    let task;
+    try {
+      task = userId
+        ? await ctx.db.getTaskByUuid(uuid, userId)
+        : await ctx.db.getTaskByUuidOnly(uuid);
+    } catch (error) {
+      if (retryCount < maxRetries) {
+        retryCount++;
+        await new Promise(resolve => setTimeout(resolve, 1000 * retryCount));
+        continue;
+      }
+
+      return {
+        success: false,
+        error: { code: 'INTERNAL_ERROR', message: error.message, retriesAttempted: retryCount }
+      };
+    }
+
+    if (!task) {
+      return { success: false, error: { code: 'TASK_NOT_FOUND', message: '任务不存在或已处理' } };
+    }
+
+    const result = await processSingleMessage(task, ctx);
+
+    if (!result.success) {
+      if (retryCount < maxRetries) {
+        retryCount++;
+        await new Promise(resolve => setTimeout(resolve, 1000 * retryCount));
+        continue;
+      }
+
+      try {
+        await ctx.db.updateTaskById(task.id, { status: 'failed', retry_count: retryCount });
+      } catch (_updateError) {
+        // best-effort status update; keep original processing error as primary signal
+      }
+
+      return {
+        success: false,
+        error: { code: 'PROCESSING_ERROR', message: result.error, retriesAttempted: retryCount }
+      };
+    }
+
+    try {
+      await ctx.db.deleteTaskById(task.id);
+    } catch (error) {
+      try {
+        await ctx.db.updateTaskById(task.id, { status: 'sent', retry_count: 0 });
+      } catch (_markSentError) {
+        // best effort: avoid re-sending if storage mutation partially fails
+      }
+
+      return {
+        success: false,
+        error: {
+          code: 'POST_SEND_CLEANUP_FAILED',
+          message: '消息已发送，但任务清理失败',
+          details: { error: error.message }
+        }
+      };
+    }
+
+    return { success: true, messagesSent: result.messagesSent, retriesUsed: retryCount };
+  }
+}
+
+/**
+ * Call an OpenAI-compatible API.
+ * @private
+ */
+async function _callAI(payload) {
+  const aiResponse = await fetch(payload.apiUrl, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      'Authorization': `Bearer ${payload.apiKey}`
+    },
+    body: JSON.stringify({
+      model: payload.primaryModel,
+      messages: [{ role: 'user', content: payload.completePrompt }],
+      max_tokens: 500,
+      temperature: 0.8
+    }),
+    signal: AbortSignal.timeout(300000)
+  });
+
+  if (!aiResponse.ok) {
+    throw new Error(`AI API error: ${aiResponse.status} ${aiResponse.statusText}`);
+  }
+
+  const aiData = await aiResponse.json();
+  return aiData.choices[0].message.content.trim();
+}
+
+/**
+ * Handler: schedule-message
+ * ReiStandard SDK v1.1.0
+ *
+ * @param {Object} ctx - Server context.
+ * @returns {{ POST: function }}
+ */
+
+
+function createScheduleMessageHandler(ctx) {
+  async function POST(headers, body) {
+    const isEncrypted = headers['x-payload-encrypted'] === 'true';
+    const encryptionVersion = headers['x-encryption-version'];
+    const userId = headers['x-user-id'];
+
+    if (!isEncrypted) {
+      return { status: 400, body: { success: false, error: { code: 'ENCRYPTION_REQUIRED', message: '请求体必须加密' } } };
+    }
+    if (!userId) {
+      return { status: 400, body: { success: false, error: { code: 'USER_ID_REQUIRED', message: '缺少用户标识符' } } };
+    }
+    if (encryptionVersion !== '1') {
+      return { status: 400, body: { success: false, error: { code: 'UNSUPPORTED_ENCRYPTION_VERSION', message: '加密版本不支持' } } };
+    }
+
+    // Decrypt request body
+    const parsedBody = parseEncryptedBody(body);
+    if (!parsedBody.ok) {
+      return { status: 400, body: { success: false, error: parsedBody.error } };
+    }
+
+    const encryptedBody = parsedBody.data;
+
+    let payload;
+    try {
+      const userKey = deriveUserEncryptionKey(userId, ctx.encryptionKey);
+      payload = decryptPayload(encryptedBody, userKey);
+    } catch (error) {
+      if (error instanceof SyntaxError) {
+        return { status: 400, body: { success: false, error: { code: 'INVALID_PAYLOAD_FORMAT', message: '解密后的数据不是有效 JSON' } } };
+      }
+
+      const message = typeof error.message === 'string' ? error.message : '';
+      if (message.includes('auth') || message.includes('Unsupported state')) {
+        return { status: 400, body: { success: false, error: { code: 'DECRYPTION_FAILED', message: '请求体解密失败' } } };
+      }
+
+      return { status: 400, body: { success: false, error: { code: 'DECRYPTION_FAILED', message: '请求体解密失败' } } };
+    }
+
+    if (!isPlainObject(payload)) {
+      return { status: 400, body: { success: false, error: { code: 'INVALID_PAYLOAD_FORMAT', message: '解密后的数据必须是 JSON 对象' } } };
+    }
+
+    // Validate
+    const validationResult = validateScheduleMessagePayload(payload);
+    if (!validationResult.valid) {
+      return { status: 400, body: { success: false, error: { code: validationResult.errorCode, message: validationResult.errorMessage, details: validationResult.details } } };
+    }
+
+    const taskUuid = payload.uuid || randomUUID();
+    const userKey = deriveUserEncryptionKey(userId, ctx.encryptionKey);
+
+    const fullTaskData = {
+      contactName: payload.contactName,
+      avatarUrl: payload.avatarUrl || null,
+      messageType: payload.messageType,
+      messageSubtype: payload.messageSubtype || 'chat',
+      userMessage: payload.userMessage || null,
+      firstSendTime: payload.firstSendTime,
+      recurrenceType: payload.recurrenceType || 'none',
+      apiUrl: payload.apiUrl || null,
+      apiKey: payload.apiKey || null,
+      primaryModel: payload.primaryModel || null,
+      completePrompt: payload.completePrompt || null,
+      pushSubscription: payload.pushSubscription,
+      metadata: payload.metadata || {}
+    };
+
+    const encryptedPayload = encryptForStorage(JSON.stringify(fullTaskData), userKey);
+
+    // Instant type: check VAPID before creating the task to avoid orphaned rows
+    if (payload.messageType === 'instant') {
+      if (!ctx.vapid.email || !ctx.vapid.publicKey || !ctx.vapid.privateKey) {
+        return {
+          status: 500,
+          body: {
+            success: false,
+            error: {
+              code: 'VAPID_CONFIG_ERROR',
+              message: 'VAPID 配置缺失，无法发送即时消息',
+              details: {
+                missingKeys: [
+                  !ctx.vapid.email && 'VAPID_EMAIL',
+                  !ctx.vapid.publicKey && 'NEXT_PUBLIC_VAPID_PUBLIC_KEY',
+                  !ctx.vapid.privateKey && 'VAPID_PRIVATE_KEY'
+                ].filter(Boolean)
+              }
+            }
+          }
+        };
+      }
+    }
+
+    // Insert into database
+    let dbResult;
+    try {
+      dbResult = await ctx.db.createTask({
+        user_id: userId,
+        uuid: taskUuid,
+        encrypted_payload: encryptedPayload,
+        next_send_at: payload.firstSendTime,
+        message_type: payload.messageType
+      });
+    } catch (error) {
+      if (isUniqueViolation(error)) {
+        return {
+          status: 409,
+          body: {
+            success: false,
+            error: {
+              code: 'TASK_UUID_CONFLICT',
+              message: '任务 UUID 已存在，请使用新的 uuid 重新提交'
+            }
+          }
+        };
+      }
+      throw error;
+    }
+
+    if (!dbResult) {
+      return { status: 500, body: { success: false, error: { code: 'TASK_CREATE_FAILED', message: '创建任务失败' } } };
+    }
+
+    // Instant type: send immediately
+    if (payload.messageType === 'instant') {
+      try {
+        const sendResult = await processMessagesByUuid(taskUuid, ctx, 2, userId);
+
+        if (!sendResult.success) {
+          return { status: 500, body: { success: false, error: { code: 'MESSAGE_SEND_FAILED', message: '消息发送失败', details: sendResult.error } } };
+        }
+
+        return {
+          status: 200,
+          body: {
+            success: true,
+            data: {
+              uuid: taskUuid,
+              contactName: payload.contactName,
+              messagesSent: sendResult.messagesSent,
+              sentAt: new Date().toISOString(),
+              status: 'sent',
+              retriesUsed: sendResult.retriesUsed || 0
+            }
+          }
+        };
+      } catch (error) {
+        return { status: 500, body: { success: false, error: { code: 'MESSAGE_SEND_FAILED', message: '消息发送失败', details: { error: error.message } } } };
+      }
+    }
+
+    // Non-instant: return scheduled response
+    return {
+      status: 201,
+      body: {
+        success: true,
+        data: {
+          id: dbResult.id,
+          uuid: dbResult.uuid,
+          contactName: payload.contactName,
+          nextSendAt: dbResult.next_send_at,
+          status: dbResult.status,
+          createdAt: dbResult.created_at
+        }
+      }
+    };
+  }
+
+  return { POST };
+}
+
+/**
+ * Handler: send-notifications
+ * ReiStandard SDK v1.1.0
+ *
+ * @param {Object} ctx - Server context.
+ * @returns {{ POST: function }}
+ */
+
+
+function createSendNotificationsHandler(ctx) {
+  async function POST(headers) {
+    if (!ctx.vapid.email || !ctx.vapid.publicKey || !ctx.vapid.privateKey) {
+      return {
+        status: 500,
+        body: {
+          success: false,
+          error: {
+            code: 'VAPID_CONFIG_ERROR',
+            message: 'VAPID 配置缺失，无法发送推送通知',
+            details: {
+              missingKeys: [
+                !ctx.vapid.email && 'VAPID_EMAIL',
+                !ctx.vapid.publicKey && 'NEXT_PUBLIC_VAPID_PUBLIC_KEY',
+                !ctx.vapid.privateKey && 'VAPID_PRIVATE_KEY'
+              ].filter(Boolean)
+            }
+          }
+        }
+      };
+    }
+
+    // Verify Cron Secret
+    const authHeader = (headers['authorization'] || '').trim();
+    const expectedAuth = `Bearer ${ctx.cronSecret}`;
+
+    if (authHeader !== expectedAuth) {
+      return { status: 401, body: { success: false, error: { code: 'UNAUTHORIZED', message: 'Cron Secret 验证失败' } } };
+    }
+
+    const startTime = Date.now();
+    const tasks = await ctx.db.getPendingTasks(50);
+
+    const MAX_CONCURRENT = 8;
+    const results = {
+      totalTasks: tasks.length,
+      successCount: 0,
+      failedCount: 0,
+      deletedOnceOffTasks: 0,
+      updatedRecurringTasks: 0,
+      failedTasks: []
+    };
+
+    async function handleDeliveryFailure(task, reason) {
+      results.failedCount++;
+
+      try {
+        if (task.retry_count >= 3) {
+          await ctx.db.updateTaskById(task.id, { status: 'failed' });
+          results.failedTasks.push({ taskId: task.id, reason, retryCount: task.retry_count, status: 'permanently_failed' });
+        } else {
+          const nextRetryTime = new Date(Date.now() + (task.retry_count + 1) * 2 * 60 * 1000);
+          await ctx.db.updateTaskById(task.id, { next_send_at: nextRetryTime.toISOString(), retry_count: task.retry_count + 1 });
+          results.failedTasks.push({ taskId: task.id, reason, retryCount: task.retry_count + 1, nextRetryAt: nextRetryTime.toISOString() });
+        }
+      } catch (updateError) {
+        results.failedTasks.push({
+          taskId: task.id,
+          reason,
+          status: 'retry_update_failed',
+          updateError: updateError.message
+        });
+      }
+    }
+
+    async function handlePostSendPersistenceFailure(task, reason) {
+      results.failedCount++;
+
+      let markedSent = false;
+      try {
+        await ctx.db.updateTaskById(task.id, { status: 'sent', retry_count: 0 });
+        markedSent = true;
+      } catch (_markSentError) {
+        markedSent = false;
+      }
+
+      results.failedTasks.push({
+        taskId: task.id,
+        reason,
+        status: markedSent ? 'post_send_cleanup_failed_marked_sent' : 'post_send_cleanup_failed',
+        messageDelivered: true
+      });
+    }
+
+    async function processTask(task) {
+      let sendResult;
+      try {
+        sendResult = await processSingleMessage(task, ctx);
+      } catch (error) {
+        await handleDeliveryFailure(task, error.message || '消息发送失败');
+        return;
+      }
+
+      if (!sendResult.success) {
+        await handleDeliveryFailure(task, sendResult.error || '消息发送失败');
+        return;
+      }
+
+      try {
+        const userKey = deriveUserEncryptionKey(task.user_id, ctx.encryptionKey);
+        const decryptedPayload = JSON.parse(decryptFromStorage(task.encrypted_payload, userKey));
+
+        if (decryptedPayload.recurrenceType === 'none') {
+          await ctx.db.deleteTaskById(task.id);
+          results.deletedOnceOffTasks++;
+        } else {
+          let nextSendAt;
+          const currentSendAt = new Date(task.next_send_at);
+          if (decryptedPayload.recurrenceType === 'daily') {
+            nextSendAt = new Date(currentSendAt.getTime() + 24 * 60 * 60 * 1000);
+          } else if (decryptedPayload.recurrenceType === 'weekly') {
+            nextSendAt = new Date(currentSendAt.getTime() + 7 * 24 * 60 * 60 * 1000);
+          }
+          await ctx.db.updateTaskById(task.id, { next_send_at: nextSendAt.toISOString(), retry_count: 0 });
+          results.updatedRecurringTasks++;
+        }
+
+        results.successCount++;
+      } catch (error) {
+        await handlePostSendPersistenceFailure(task, error.message || '发送后状态更新失败');
+      }
+    }
+
+    // Dynamic task pool
+    const taskQueue = [...tasks];
+    const processing = [];
+
+    while (taskQueue.length > 0 || processing.length > 0) {
+      while (processing.length < MAX_CONCURRENT && taskQueue.length > 0) {
+        const task = taskQueue.shift();
+        const promise = processTask(task);
+        processing.push(promise);
+        promise.finally(() => {
+          const index = processing.indexOf(promise);
+          if (index > -1) processing.splice(index, 1);
+        });
+      }
+      if (processing.length > 0) {
+        await Promise.race(processing);
+      }
+    }
+
+    // Cleanup old tasks
+    await ctx.db.cleanupOldTasks(7);
+
+    const executionTime = Date.now() - startTime;
+
+    return {
+      status: 200,
+      body: {
+        success: true,
+        data: {
+          totalTasks: results.totalTasks,
+          successCount: results.successCount,
+          failedCount: results.failedCount,
+          processedAt: new Date().toISOString(),
+          executionTime,
+          details: {
+            deletedOnceOffTasks: results.deletedOnceOffTasks,
+            updatedRecurringTasks: results.updatedRecurringTasks,
+            failedTasks: results.failedTasks
+          }
+        }
+      }
+    };
+  }
+
+  return { POST };
+}
+
+/**
+ * Handler: update-message
+ * ReiStandard SDK v1.1.0
+ *
+ * @param {Object} ctx - Server context.
+ * @returns {{ PUT: function }}
+ */
+
+
+function createUpdateMessageHandler(ctx) {
+  async function PUT(url, headers, body) {
+    const u = new URL(url, 'https://dummy');
+    const taskUuid = u.searchParams.get('id');
+
+    if (!taskUuid) {
+      return { status: 400, body: { success: false, error: { code: 'TASK_ID_REQUIRED', message: '缺少任务ID' } } };
+    }
+
+    const userId = headers['x-user-id'];
+    if (!userId) {
+      return { status: 400, body: { success: false, error: { code: 'USER_ID_REQUIRED', message: '缺少用户标识符' } } };
+    }
+
+    const isEncrypted = headers['x-payload-encrypted'] === 'true';
+    const encryptionVersion = headers['x-encryption-version'];
+
+    if (!isEncrypted) {
+      return { status: 400, body: { success: false, error: { code: 'ENCRYPTION_REQUIRED', message: '请求体必须加密' } } };
+    }
+
+    if (encryptionVersion !== '1') {
+      return { status: 400, body: { success: false, error: { code: 'UNSUPPORTED_ENCRYPTION_VERSION', message: '加密版本不支持' } } };
+    }
+
+    const parsedBody = parseEncryptedBody(body);
+    if (!parsedBody.ok) {
+      return { status: 400, body: { success: false, error: parsedBody.error } };
+    }
+
+    const encryptedBody = parsedBody.data;
+    const userKey = deriveUserEncryptionKey(userId, ctx.encryptionKey);
+    let updates;
+
+    try {
+      updates = decryptPayload(encryptedBody, userKey);
+    } catch (_error) {
+      return { status: 400, body: { success: false, error: { code: 'DECRYPTION_FAILED', message: '请求体解密失败' } } };
+    }
+
+    if (!isPlainObject(updates)) {
+      return { status: 400, body: { success: false, error: { code: 'INVALID_UPDATE_DATA', message: '更新数据格式错误' } } };
+    }
+
+    if (updates.nextSendAt && !isValidISO8601(updates.nextSendAt)) {
+      return { status: 400, body: { success: false, error: { code: 'INVALID_UPDATE_DATA', message: '更新数据格式错误', details: { invalidFields: ['nextSendAt'] } } } };
+    }
+
+    if (updates.recurrenceType && !['none', 'daily', 'weekly'].includes(updates.recurrenceType)) {
+      return { status: 400, body: { success: false, error: { code: 'INVALID_UPDATE_DATA', message: '更新数据格式错误', details: { invalidFields: ['recurrenceType'] } } } };
+    }
+
+    // Fetch existing task
+    const existingTask = await ctx.db.getTaskByUuid(taskUuid, userId);
+
+    if (!existingTask) {
+      const taskStatus = await ctx.db.getTaskStatus(taskUuid, userId);
+      if (!taskStatus) {
+        return { status: 404, body: { success: false, error: { code: 'TASK_NOT_FOUND', message: '指定的任务不存在或已被删除' } } };
+      }
+      return { status: 409, body: { success: false, error: { code: 'TASK_ALREADY_COMPLETED', message: '任务已完成或已失败，无法更新' } } };
+    }
+
+    const existingData = JSON.parse(decryptFromStorage(existingTask.encrypted_payload, userKey));
+
+    const updatedData = {
+      ...existingData,
+      ...(updates.completePrompt && { completePrompt: updates.completePrompt }),
+      ...(updates.userMessage && { userMessage: updates.userMessage }),
+      ...(updates.recurrenceType && { recurrenceType: updates.recurrenceType }),
+      ...(updates.avatarUrl && { avatarUrl: updates.avatarUrl }),
+      ...(updates.metadata && { metadata: updates.metadata })
+    };
+
+    const encryptedPayload = encryptForStorage(JSON.stringify(updatedData), userKey);
+    const extraFields = updates.nextSendAt ? { next_send_at: updates.nextSendAt } : undefined;
+
+    const result = await ctx.db.updateTaskByUuid(taskUuid, userId, encryptedPayload, extraFields);
+
+    if (!result) {
+      return { status: 409, body: { success: false, error: { code: 'UPDATE_CONFLICT', message: '任务更新失败，任务可能已被修改或删除' } } };
+    }
+
+    return {
+      status: 200,
+      body: {
+        success: true,
+        data: {
+          uuid: taskUuid,
+          updatedFields: Object.keys(updates),
+          updatedAt: result.updated_at
+        }
+      }
+    };
+  }
+
+  return { PUT };
+}
+
+/**
+ * Handler: cancel-message
+ * ReiStandard SDK v1.1.0
+ *
+ * @param {Object} ctx - Server context.
+ * @returns {{ DELETE: function }}
+ */
+
+function createCancelMessageHandler(ctx) {
+  async function DELETE(url, headers) {
+    const u = new URL(url, 'https://dummy');
+    const taskUuid = u.searchParams.get('id');
+
+    if (!taskUuid) {
+      return { status: 400, body: { success: false, error: { code: 'TASK_ID_REQUIRED', message: '缺少任务ID' } } };
+    }
+
+    const userId = headers['x-user-id'];
+    if (!userId) {
+      return { status: 400, body: { success: false, error: { code: 'USER_ID_REQUIRED', message: '缺少用户标识符' } } };
+    }
+
+    const deleted = await ctx.db.deleteTaskByUuid(taskUuid, userId);
+
+    if (!deleted) {
+      return {
+        status: 404,
+        body: { success: false, error: { code: 'TASK_NOT_FOUND', message: '指定的任务不存在或已被删除' } }
+      };
+    }
+
+    return {
+      status: 200,
+      body: {
+        success: true,
+        data: { uuid: taskUuid, message: '任务已成功取消', deletedAt: new Date().toISOString() }
+      }
+    };
+  }
+
+  return { DELETE };
+}
+
+/**
+ * Handler: messages
+ * ReiStandard SDK v1.1.0
+ *
+ * @param {Object} ctx - Server context.
+ * @returns {{ GET: function }}
+ */
+
+
+function createMessagesHandler(ctx) {
+  async function GET(url, headers) {
+    const userId = headers['x-user-id'];
+
+    if (!userId) {
+      return {
+        status: 400,
+        body: { success: false, error: { code: 'USER_ID_REQUIRED', message: '必须提供 X-User-Id 请求头' } }
+      };
+    }
+
+    const u = new URL(url, 'https://dummy');
+    const status = u.searchParams.get('status') || 'all';
+    const limit = Math.min(parseInt(u.searchParams.get('limit') || '20', 10), 100);
+    const offset = parseInt(u.searchParams.get('offset') || '0', 10);
+
+    if (isNaN(limit) || limit < 1) {
+      return { status: 400, body: { success: false, error: { code: 'INVALID_PARAMETERS', message: 'limit 参数无效，必须为正整数' } } };
+    }
+
+    if (isNaN(offset) || offset < 0) {
+      return { status: 400, body: { success: false, error: { code: 'INVALID_PARAMETERS', message: 'offset 参数无效，必须为非负整数' } } };
+    }
+
+    const { tasks, total } = await ctx.db.listTasks(userId, { status, limit, offset });
+
+    const userKey = deriveUserEncryptionKey(userId, ctx.encryptionKey);
+
+    const decryptedTasks = tasks.map(task => {
+      const decrypted = JSON.parse(decryptFromStorage(task.encrypted_payload, userKey));
+      return {
+        id: task.id,
+        uuid: task.uuid,
+        contactName: decrypted.contactName,
+        messageType: task.message_type,
+        messageSubtype: decrypted.messageSubtype,
+        nextSendAt: task.next_send_at,
+        recurrenceType: decrypted.recurrenceType,
+        status: task.status,
+        retryCount: task.retry_count,
+        createdAt: task.created_at,
+        updatedAt: task.updated_at
+      };
+    });
+
+    const responsePayload = {
+      tasks: decryptedTasks,
+      pagination: { total, limit, offset, hasMore: offset + limit < total }
+    };
+    const encryptedResponse = encryptPayload(responsePayload, userKey);
+
+    return {
+      status: 200,
+      body: {
+        success: true,
+        encrypted: true,
+        version: 1,
+        data: encryptedResponse
+      }
+    };
+  }
+
+  return { GET };
+}
+
+/**
+ * ReiStandard Server SDK Entry Point
+ * v1.1.0
+ *
+ * Usage:
+ *   import { createReiServer } from '@rei-standard/amsg-server';
+ *
+ *   const rei = createReiServer({
+ *     db: { driver: 'neon', connectionString: process.env.DATABASE_URL },
+ *     encryptionKey: process.env.ENCRYPTION_KEY,
+ *     cronSecret: process.env.CRON_SECRET,
+ *     vapid: {
+ *       email: process.env.VAPID_EMAIL,
+ *       publicKey: process.env.NEXT_PUBLIC_VAPID_PUBLIC_KEY,
+ *       privateKey: process.env.VAPID_PRIVATE_KEY,
+ *     },
+ *     initSecret: process.env.INIT_SECRET,
+ *   });
+ *
+ *   // rei.handlers  – object with 7 route handler factories
+ *   // rei.adapter   – the underlying database adapter
+ */
+
+
+function normalizeVapidSubject(email) {
+  const trimmedEmail = String(email || '').trim();
+  if (!trimmedEmail) return '';
+  return /^mailto:/i.test(trimmedEmail) ? trimmedEmail : `mailto:${trimmedEmail}`;
+}
+
+/**
+ * @typedef {Object} VapidConfig
+ * @property {string} [email]      - VAPID contact email (e.g. mailto:…).
+ * @property {string} [publicKey]  - VAPID public key.
+ * @property {string} [privateKey] - VAPID private key.
+ */
+
+/**
+ * @typedef {'neon'|'pg'} DriverName
+ */
+
+/**
+ * @typedef {Object} DbConfig
+ * @property {DriverName} driver           - Database driver name.
+ * @property {string}     connectionString - Database connection URL.
+ */
+
+/**
+ * @typedef {Object} ReiServerConfig
+ * @property {DbConfig}    db            - Database configuration.
+ * @property {string}      encryptionKey - 64-char hex master encryption key.
+ * @property {string}      [cronSecret]  - Bearer token for cron-triggered endpoints.
+ * @property {VapidConfig} [vapid]       - VAPID keys for Web Push.
+ * @property {string}      [initSecret]  - Bearer token for the init-database endpoint.
+ */
+
+/**
+ * @typedef {Object} ReiHandlers
+ * @property {{ GET: function, POST: function }} initDatabase
+ * @property {{ GET: function }} getMasterKey
+ * @property {{ POST: function }} scheduleMessage
+ * @property {{ POST: function }} sendNotifications
+ * @property {{ PUT: function }} updateMessage
+ * @property {{ DELETE: function }} cancelMessage
+ * @property {{ GET: function }} messages
+ */
+
+/**
+ * @typedef {Object} ReiServer
+ * @property {ReiHandlers} handlers - The 7 standard API route handler objects.
+ * @property {import('./adapters/interface.js').DbAdapter} adapter - The database adapter instance.
+ */
+
+/**
+ * Initialise the ReiStandard server.
+ *
+ * @param {ReiServerConfig} config
+ * @returns {Promise<ReiServer>}
+ */
+async function createReiServer(config) {
+  if (!config) throw new Error('[rei-standard-amsg-server] config is required');
+  if (!config.encryptionKey) throw new Error('[rei-standard-amsg-server] encryptionKey is required');
+
+  const adapter = await createAdapter(config.db);
+
+  // web-push is a hard dependency for ReiStandard server features
+  let webpushModule;
+  try {
+    const webpushImport = await import('web-push');
+    webpushModule = webpushImport.default || webpushImport;
+  } catch (_err) {
+    throw new Error(
+      '[rei-standard-amsg-server] web-push is required. Install it with: npm install web-push'
+    );
+  }
+
+  const vapid = config.vapid || {};
+
+  if (vapid.email && vapid.publicKey && vapid.privateKey) {
+    webpushModule.setVapidDetails(
+      normalizeVapidSubject(vapid.email),
+      vapid.publicKey,
+      vapid.privateKey
+    );
+  }
+
+  /** @type {Object} Shared context injected into every handler */
+  const ctx = {
+    db: adapter,
+    encryptionKey: config.encryptionKey,
+    cronSecret: config.cronSecret || '',
+    initSecret: config.initSecret || '',
+    vapid: {
+      email: vapid.email || '',
+      publicKey: vapid.publicKey || '',
+      privateKey: vapid.privateKey || ''
+    },
+    webpush: webpushModule
+  };
+
+  return {
+    handlers: {
+      initDatabase: createInitDatabaseHandler(ctx),
+      getMasterKey: createGetMasterKeyHandler(ctx),
+      scheduleMessage: createScheduleMessageHandler(ctx),
+      sendNotifications: createSendNotificationsHandler(ctx),
+      updateMessage: createUpdateMessageHandler(ctx),
+      cancelMessage: createCancelMessageHandler(ctx),
+      messages: createMessagesHandler(ctx)
+    },
+    adapter
+  };
+}
+
+export { COLUMNS_SQL as C, INDEXES as I, TABLE_SQL as T, VERIFY_TABLE_SQL as V, createReiServer as a, decryptPayload as b, createAdapter as c, decryptFromStorage as d, deriveUserEncryptionKey as e, encryptForStorage as f, isValidUUID as g, isValidUrl as h, isValidISO8601 as i, validateScheduleMessagePayload as v };