@revealui/core 0.5.6 → 0.6.0

package/dist/observability/logger.js

@@ -109,32 +109,5 @@ export function logSystemEvent(event, context) {
         event,
     });
 }
-/**
- * Sanitize sensitive data from logs
- */
-export function sanitizeLogData(data) {
-    const sensitiveKeys = [
-        'password',
-        'token',
-        'secret',
-        'apiKey',
-        'accessToken',
-        'refreshToken',
-        'creditCard',
-        'ssn',
-    ];
-    const sanitized = {};
-    for (const [key, value] of Object.entries(data)) {
-        const lowerKey = key.toLowerCase();
-        if (sensitiveKeys.some((sensitive) => lowerKey.includes(sensitive.toLowerCase()))) {
-            sanitized[key] = '[REDACTED]';
-        }
-        else if (typeof value === 'object' && value !== null && !Array.isArray(value)) {
-            sanitized[key] = sanitizeLogData(value);
-        }
-        else {
-            sanitized[key] = value;
-        }
-    }
-    return sanitized;
-}
+// Log redaction lives in @revealui/security — import `redactLogContext`
+// (recursive walker) or `redactLogField` (single key/value) from there.

package/dist/revealui.d.ts

@@ -18,11 +18,6 @@ export declare function beforeChangeTraverseFields(args: RevealUITraverseFieldsA
 export declare function beforeValidateTraverseFields(args: RevealUITraverseFieldsArgs): Promise<RevealUITraverseFieldsResult>;
 import type { RevealUIDependencyCheckArgs } from './types/index.js';
 export declare function checkDependencies(args: RevealUIDependencyCheckArgs): boolean;
-/**
- * @deprecated Use deepMerge from '@revealui/core/config/utils' or '@revealui/core' instead
- * This function is kept for backward compatibility but will be removed in a future version.
- */
-export declare function deepMergeSimple<T extends Record<string, unknown>>(target: T, source: Partial<T>): T;
 import type { JSONSchema4TypeName } from 'json-schema';
 import type React from 'react';
 import type { RevealUIBlock, RevealUIEnhancedField, RevealUIField, RevealUIRichTextAdapter } from './types/index.js';

package/dist/revealui.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"revealui.d.ts","sourceRoot":"","sources":["../src/revealui.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,kBAAkB,EAAE,MAAM,uCAAuC,CAAC;AAC3E,OAAO,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAE/D,OAAO,EACL,YAAY,EACZ,aAAa,EACb,MAAM,EACN,KAAK,cAAc,GACpB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AAExE,OAAO,EACL,gBAAgB,EAChB,kBAAkB,GACnB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,qBAAqB,EACrB,4BAA4B,GAC7B,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,6BAA6B,EAAE,MAAM,+BAA+B,CAAC;AAG9E,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAIzD,OAAO,KAAK,EAAE,0BAA0B,EAAE,4BAA4B,EAAE,MAAM,kBAAkB,CAAC;AAEjG,wBAAsB,yBAAyB,CAC7C,IAAI,EAAE,0BAA0B,GAC/B,OAAO,CAAC,4BAA4B,CAAC,CAIvC;AAED,wBAAsB,uBAAuB,CAC3C,IAAI,EAAE,0BAA0B,GAC/B,OAAO,CAAC,4BAA4B,CAAC,CAIvC;AAED,wBAAsB,0BAA0B,CAC9C,IAAI,EAAE,0BAA0B,GAC/B,OAAO,CAAC,4BAA4B,CAAC,CAIvC;AAED,wBAAsB,4BAA4B,CAChD,IAAI,EAAE,0BAA0B,GAC/B,OAAO,CAAC,4BAA4B,CAAC,CAIvC;AAGD,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,kBAAkB,CAAC;AAEpE,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,2BAA2B,GAAG,OAAO,CA+C5E;AAKD;;;GAGG;AACH,wBAAgB,eAAe,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/D,MAAM,EAAE,CAAC,EACT,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,GACjB,CAAC,CAGH;AAED,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AACvD,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAE/B,OAAO,KAAK,EACV,aAAa,EACb,qBAAqB,EACrB,aAAa,EACb,uBAAuB,EACxB,MAAM,kBAAkB,CAAC;AAE1B,YAAY,EAAE,KAAK,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAC9E,MAAM,MAAM,WAAW,GAAG,MAAM,CAAC;AACjC,MAAM,MAAM,eAAe,GAAG,aAAa,CAAC;AAC5C,MAAM,MAAM,eAAe,GAAG,uBAAuB,CAAC;AACtD,MAAM,MAAM,aAAa,GAAG,qBAAqB,CAAC;AAGlD,MAAM,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAC3C,MAAM,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAGhD,YAAY,EAAE,gBAAgB,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAG/E,MAAM,MAAM,iBAAiB,GAAG,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;AAC7E,MAAM,MAAM,WAAW,GAAG,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;AACvE,MAAM,MAAM,eAAe,GAAG,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;AAC3E,MAAM,MAAM,oBAAoB,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAC3D,MAAM,MAAM,WAAW,GAAG,aAAa,CAAC;AAGxC,MAAM,MAAM,KAAK,GAAG,aAAa,CAAC;AAClC,MAAM,MAAM,QAAQ,GAAG,KAAK,CAAC,YAAY,CAAC;AAC1C,MAAM,MAAM,SAAS,GAAG,MAAM,CAAC;AAG/B,wBAAgB,0BAA0B,CACxC,QAAQ,EAAE,mBAAmB,EAC7B,UAAU,EAAE,OAAO,GAClB,mBAAmB,GAAG,mBAAmB,EAAE,GAAG,SAAS,CAGzD"}
+{"version":3,"file":"revealui.d.ts","sourceRoot":"","sources":["../src/revealui.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,kBAAkB,EAAE,MAAM,uCAAuC,CAAC;AAC3E,OAAO,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAE/D,OAAO,EACL,YAAY,EACZ,aAAa,EACb,MAAM,EACN,KAAK,cAAc,GACpB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AAExE,OAAO,EACL,gBAAgB,EAChB,kBAAkB,GACnB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,qBAAqB,EACrB,4BAA4B,GAC7B,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,6BAA6B,EAAE,MAAM,+BAA+B,CAAC;AAG9E,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAIzD,OAAO,KAAK,EAAE,0BAA0B,EAAE,4BAA4B,EAAE,MAAM,kBAAkB,CAAC;AAEjG,wBAAsB,yBAAyB,CAC7C,IAAI,EAAE,0BAA0B,GAC/B,OAAO,CAAC,4BAA4B,CAAC,CAIvC;AAED,wBAAsB,uBAAuB,CAC3C,IAAI,EAAE,0BAA0B,GAC/B,OAAO,CAAC,4BAA4B,CAAC,CAIvC;AAED,wBAAsB,0BAA0B,CAC9C,IAAI,EAAE,0BAA0B,GAC/B,OAAO,CAAC,4BAA4B,CAAC,CAIvC;AAED,wBAAsB,4BAA4B,CAChD,IAAI,EAAE,0BAA0B,GAC/B,OAAO,CAAC,4BAA4B,CAAC,CAIvC;AAGD,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,kBAAkB,CAAC;AAEpE,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,2BAA2B,GAAG,OAAO,CA+C5E;AAED,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AACvD,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAE/B,OAAO,KAAK,EACV,aAAa,EACb,qBAAqB,EACrB,aAAa,EACb,uBAAuB,EACxB,MAAM,kBAAkB,CAAC;AAE1B,YAAY,EAAE,KAAK,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAC9E,MAAM,MAAM,WAAW,GAAG,MAAM,CAAC;AACjC,MAAM,MAAM,eAAe,GAAG,aAAa,CAAC;AAC5C,MAAM,MAAM,eAAe,GAAG,uBAAuB,CAAC;AACtD,MAAM,MAAM,aAAa,GAAG,qBAAqB,CAAC;AAGlD,MAAM,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAC3C,MAAM,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAGhD,YAAY,EAAE,gBAAgB,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAG/E,MAAM,MAAM,iBAAiB,GAAG,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;AAC7E,MAAM,MAAM,WAAW,GAAG,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;AACvE,MAAM,MAAM,eAAe,GAAG,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;AAC3E,MAAM,MAAM,oBAAoB,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAC3D,MAAM,MAAM,WAAW,GAAG,aAAa,CAAC;AAGxC,MAAM,MAAM,KAAK,GAAG,aAAa,CAAC;AAClC,MAAM,MAAM,QAAQ,GAAG,KAAK,CAAC,YAAY,CAAC;AAC1C,MAAM,MAAM,SAAS,GAAG,MAAM,CAAC;AAG/B,wBAAgB,0BAA0B,CACxC,QAAQ,EAAE,mBAAmB,EAC7B,UAAU,EAAE,OAAO,GAClB,mBAAmB,GAAG,mBAAmB,EAAE,GAAG,SAAS,CAGzD"}

package/dist/revealui.js

@@ -75,16 +75,6 @@ export function checkDependencies(args) {
     // No dependencies found or all dependencies are valid
     return true;
 }
-// Deep merge utility - re-exported from config/utils for convenience
-import { deepMerge as coreDeepMerge } from './config/utils.js';
-/**
- * @deprecated Use deepMerge from '@revealui/core/config/utils' or '@revealui/core' instead
- * This function is kept for backward compatibility but will be removed in a future version.
- */
-export function deepMergeSimple(target, source) {
-    // Use the canonical deepMerge implementation from config/utils
-    return coreDeepMerge(target, source);
-}
 // JSON Schema utility
 export function withNullableJSONSchemaType(typeName, isRequired) {
     // Return the type name, or an array including null if not required

package/dist/richtext/exports/server/rsc.d.ts

@@ -4,26 +4,11 @@
  * Provides server-side rendering components for Lexical content.
  * Converts Lexical JSON state to React elements without requiring a browser.
  */
+import { isSafeUrl, sanitizeUrl } from '@revealui/security';
 import type { SerializedEditorState, SerializedLexicalNode } from 'lexical';
 import { type JSX } from 'react';
 export type { SerializedEditorState };
-/**
- * Check whether a URL is safe to render in an href attribute.
- *
- * Blocks javascript:, vbscript:, data: (except data:image/ for images),
- * and other dangerous protocols. Handles case-insensitive matching and
- * leading whitespace tricks.
- *
- * @param url - The URL to validate
- * @param context - Whether this URL is for a link href or image src
- * @returns true if the URL is safe to render
- */
-export declare function isSafeUrl(url: string, context?: 'link' | 'image'): boolean;
-/**
- * Sanitize a URL for use in an href or src attribute.
- * Returns '#' if the URL is not safe.
- */
-export declare function sanitizeUrl(url: string, context?: 'link' | 'image'): string;
+export { isSafeUrl, sanitizeUrl };
 interface SerializedElementNode extends SerializedLexicalNode {
     type: string;
     children?: SerializedLexicalNode[];

package/dist/richtext/exports/server/rsc.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"rsc.d.ts","sourceRoot":"","sources":["../../../../src/richtext/exports/server/rsc.tsx"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,SAAS,CAAC;AAC5E,OAAO,EAAY,KAAK,GAAG,EAAE,MAAM,OAAO,CAAC;AAG3C,YAAY,EAAE,qBAAqB,EAAE,CAAC;AAkBtC;;;;;;;;;;GAUG;AACH,wBAAgB,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,GAAE,MAAM,GAAG,OAAgB,GAAG,OAAO,CA8BlF;AAED;;;GAGG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,GAAE,MAAM,GAAG,OAAgB,GAAG,MAAM,CAEnF;AAyBD,UAAU,qBAAsB,SAAQ,qBAAqB;IAC3D,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,qBAAqB,EAAE,CAAC;IACnC,SAAS,CAAC,EAAE,KAAK,GAAG,KAAK,GAAG,IAAI,CAAC;IACjC,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,OAAO,CAAC;IACzC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,UAAU,kBAAmB,SAAQ,qBAAqB;IACxD,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE;QACP,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,QAAQ,CAAC,EAAE,QAAQ,GAAG,UAAU,CAAC;QACjC,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,GAAG,CAAC,EAAE;YAAE,KAAK,EAAE,MAAM,CAAC;YAAC,UAAU,EAAE,MAAM,CAAA;SAAE,CAAC;KAC7C,CAAC;CACH;AAmBD,UAAU,mBAAoB,SAAQ,qBAAqB;IACzD,IAAI,EAAE,OAAO,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,gBAAgB,EAAE,CAAC;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,0BAA0B,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CACrE,SAAQ,qBAAqB;IAC7B,IAAI,EAAE,OAAO,CAAC;IACd,MAAM,EAAE,CAAC,GAAG;QAAE,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC;CACnC;AAMD,MAAM,WAAW,wBAAwB;IACvC,IAAI,CAAC,EAAE,qBAAqB,GAAG,IAAI,CAAC;IACpC,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,yBAAyB;IACxC,IAAI,CAAC,EAAE,qBAAqB,GAAG,IAAI,CAAC;IACpC,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAMD,UAAU,gBAAgB;IACxB,4BAA4B;IAC5B,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,mBAAmB,EAAE,KAAK,EAAE,MAAM,KAAK,GAAG,CAAC,OAAO,GAAG,IAAI,CAAC;IAC/E,2BAA2B;IAC3B,UAAU,CAAC,EAAE,CACX,IAAI,EAAE,kBAAkB,EACxB,QAAQ,EAAE,GAAG,CAAC,OAAO,GAAG,IAAI,EAC5B,KAAK,EAAE,MAAM,KACV,GAAG,CAAC,OAAO,CAAC;IACjB,4BAA4B;IAC5B,WAAW,CAAC,EAAE,CACZ,IAAI,EAAE;QACJ,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,EACD,KAAK,EAAE,MAAM,KACV,GAAG,CAAC,OAAO,GAAG,IAAI,CAAC;CACzB;AAqSD;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,IAAI,EAAE,qBAAqB,GAAG,IAAI,GAAG,SAAS,EAC9C,OAAO,CAAC,EAAE,gBAAgB,GACzB,GAAG,CAAC,OAAO,GAAG,IAAI,CAMpB;AAED;;;;;;;;;GASG;AACH,wBAAsB,sBAAsB,CAC1C,IAAI,EAAE,qBAAqB,GAAG,IAAI,GAAG,SAAS,GAC7C,OAAO,CAAC,MAAM,CAAC,CA2CjB;AAMD;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,wBAAwB,kDAYhF;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,yBAAyB,kDAYlF;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,qBAAqB,GAAG,IAAI,GAAG,SAAS,CAAC;IAC/C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,mBAAmB,EAAE,KAAK,EAAE,MAAM,KAAK,GAAG,CAAC,OAAO,GAAG,IAAI,CAAC;IAC/E,UAAU,CAAC,EAAE,CACX,IAAI,EAAE,kBAAkB,EACxB,QAAQ,EAAE,GAAG,CAAC,OAAO,GAAG,IAAI,EAC5B,KAAK,EAAE,MAAM,KACV,GAAG,CAAC,OAAO,CAAC;IACjB,WAAW,CAAC,EAAE,CACZ,IAAI,EAAE;QACJ,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,EACD,KAAK,EAAE,MAAM,KACV,GAAG,CAAC,OAAO,GAAG,IAAI,CAAC;CACzB;AAED,wBAAgB,eAAe,CAAC,EAC9B,IAAI,EACJ,SAAS,EACT,WAAW,EACX,UAAU,EACV,WAAW,GACZ,EAAE,oBAAoB,kDAgBtB;AAED,eAAe,eAAe,CAAC"}
+{"version":3,"file":"rsc.d.ts","sourceRoot":"","sources":["../../../../src/richtext/exports/server/rsc.tsx"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAC5D,OAAO,KAAK,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,SAAS,CAAC;AAC5E,OAAO,EAAY,KAAK,GAAG,EAAE,MAAM,OAAO,CAAC;AAG3C,YAAY,EAAE,qBAAqB,EAAE,CAAC;AAKtC,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC;AAyBlC,UAAU,qBAAsB,SAAQ,qBAAqB;IAC3D,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,qBAAqB,EAAE,CAAC;IACnC,SAAS,CAAC,EAAE,KAAK,GAAG,KAAK,GAAG,IAAI,CAAC;IACjC,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,OAAO,CAAC;IACzC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,UAAU,kBAAmB,SAAQ,qBAAqB;IACxD,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE;QACP,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,QAAQ,CAAC,EAAE,QAAQ,GAAG,UAAU,CAAC;QACjC,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,GAAG,CAAC,EAAE;YAAE,KAAK,EAAE,MAAM,CAAC;YAAC,UAAU,EAAE,MAAM,CAAA;SAAE,CAAC;KAC7C,CAAC;CACH;AAmBD,UAAU,mBAAoB,SAAQ,qBAAqB;IACzD,IAAI,EAAE,OAAO,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,gBAAgB,EAAE,CAAC;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,0BAA0B,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CACrE,SAAQ,qBAAqB;IAC7B,IAAI,EAAE,OAAO,CAAC;IACd,MAAM,EAAE,CAAC,GAAG;QAAE,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC;CACnC;AAMD,MAAM,WAAW,wBAAwB;IACvC,IAAI,CAAC,EAAE,qBAAqB,GAAG,IAAI,CAAC;IACpC,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,yBAAyB;IACxC,IAAI,CAAC,EAAE,qBAAqB,GAAG,IAAI,CAAC;IACpC,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAMD,UAAU,gBAAgB;IACxB,4BAA4B;IAC5B,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,mBAAmB,EAAE,KAAK,EAAE,MAAM,KAAK,GAAG,CAAC,OAAO,GAAG,IAAI,CAAC;IAC/E,2BAA2B;IAC3B,UAAU,CAAC,EAAE,CACX,IAAI,EAAE,kBAAkB,EACxB,QAAQ,EAAE,GAAG,CAAC,OAAO,GAAG,IAAI,EAC5B,KAAK,EAAE,MAAM,KACV,GAAG,CAAC,OAAO,CAAC;IACjB,4BAA4B;IAC5B,WAAW,CAAC,EAAE,CACZ,IAAI,EAAE;QACJ,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,EACD,KAAK,EAAE,MAAM,KACV,GAAG,CAAC,OAAO,GAAG,IAAI,CAAC;CACzB;AAqSD;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,IAAI,EAAE,qBAAqB,GAAG,IAAI,GAAG,SAAS,EAC9C,OAAO,CAAC,EAAE,gBAAgB,GACzB,GAAG,CAAC,OAAO,GAAG,IAAI,CAMpB;AAED;;;;;;;;;GASG;AACH,wBAAsB,sBAAsB,CAC1C,IAAI,EAAE,qBAAqB,GAAG,IAAI,GAAG,SAAS,GAC7C,OAAO,CAAC,MAAM,CAAC,CA2CjB;AAMD;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,wBAAwB,kDAYhF;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,yBAAyB,kDAYlF;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,qBAAqB,GAAG,IAAI,GAAG,SAAS,CAAC;IAC/C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,mBAAmB,EAAE,KAAK,EAAE,MAAM,KAAK,GAAG,CAAC,OAAO,GAAG,IAAI,CAAC;IAC/E,UAAU,CAAC,EAAE,CACX,IAAI,EAAE,kBAAkB,EACxB,QAAQ,EAAE,GAAG,CAAC,OAAO,GAAG,IAAI,EAC5B,KAAK,EAAE,MAAM,KACV,GAAG,CAAC,OAAO,CAAC;IACjB,WAAW,CAAC,EAAE,CACZ,IAAI,EAAE;QACJ,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,EACD,KAAK,EAAE,MAAM,KACV,GAAG,CAAC,OAAO,GAAG,IAAI,CAAC;CACzB;AAED,wBAAgB,eAAe,CAAC,EAC9B,IAAI,EACJ,SAAS,EACT,WAAW,EACX,UAAU,EACV,WAAW,GACZ,EAAE,oBAAoB,kDAgBtB;AAED,eAAe,eAAe,CAAC"}

package/dist/richtext/exports/server/rsc.js

@@ -1,61 +1,16 @@
 import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
-import { Fragment } from 'react';
-// ============================================
-// URL SANITIZATION
-// ============================================
-/**
- * Protocols that are safe to render in href/src attributes.
- * Anything not matching these will be replaced with '#'.
- */
-const SAFE_LINK_PROTOCOLS = /^(?:https?:|mailto:|tel:|#|\/)/i;
-/**
- * Data URIs that are safe for image src attributes (base64 images only).
- * data:text/html and similar are blocked.
- */
-const SAFE_IMAGE_DATA_URI = /^data:image\//i;
 /**
- * Check whether a URL is safe to render in an href attribute.
+ * RevealUI Rich Text Editor - React Server Components
  *
- * Blocks javascript:, vbscript:, data: (except data:image/ for images),
- * and other dangerous protocols. Handles case-insensitive matching and
- * leading whitespace tricks.
- *
- * @param url - The URL to validate
- * @param context - Whether this URL is for a link href or image src
- * @returns true if the URL is safe to render
- */
-export function isSafeUrl(url, context = 'link') {
-    // Trim whitespace (catches " javascript:" trick)
-    const trimmed = url.trim();
-    if (trimmed === '' || trimmed === '#') {
-        return true;
-    }
-    // For image context, allow data:image/ URIs (base64 images)
-    if (context === 'image' && SAFE_IMAGE_DATA_URI.test(trimmed)) {
-        return true;
-    }
-    // Block all data: URIs for links (and non-image data: for images)
-    if (/^data:/i.test(trimmed)) {
-        return false;
-    }
-    // Block javascript: and vbscript: protocols (case-insensitive)
-    if (/^(?:javascript|vbscript):/i.test(trimmed)) {
-        return false;
-    }
-    // Relative paths, anchors, and safe protocols are allowed
-    if (SAFE_LINK_PROTOCOLS.test(trimmed) || !trimmed.includes(':')) {
-        return true;
-    }
-    // Unknown protocol  -  block it
-    return false;
-}
-/**
- * Sanitize a URL for use in an href or src attribute.
- * Returns '#' if the URL is not safe.
+ * Provides server-side rendering components for Lexical content.
+ * Converts Lexical JSON state to React elements without requiring a browser.
  */
-export function sanitizeUrl(url, context = 'link') {
-    return isSafeUrl(url, context) ? url.trim() : '#';
-}
+import { isSafeUrl, sanitizeUrl } from '@revealui/security';
+import { Fragment } from 'react';
+// URL sanitization is owned by @revealui/security (single source of truth
+// for every untrusted-string sink across the Suite). Re-exported here so
+// existing consumers keep working.
+export { isSafeUrl, sanitizeUrl };
 // ============================================
 // TEXT FORMAT CONSTANTS
 // ============================================

package/dist/utils/api-wrapper.d.ts

@@ -4,12 +4,10 @@
  * Wraps Next.js API routes to automatically set up request context,
  * error handling, and logging.
  */
-import type { NextRequest } from 'next/server';
-import { NextResponse } from 'next/server';
 /**
  * API route handler function
  */
-export type ApiHandler<T = unknown> = (request: NextRequest) => Promise<Response | NextResponse<T>>;
+export type ApiHandler = (request: Request) => Promise<Response>;
 /**
  * Wrap an API route handler with request context, logging, and error handling
  *
@@ -27,18 +25,18 @@ export type ApiHandler<T = unknown> = (request: NextRequest) => Promise<Response
  * ```typescript
  * // app/api/users/route.ts
  * import { withRequestContext } from '@revealui/core/utils/api-wrapper'
- * import { NextResponse } from 'next/server'
+ * // Uses standard Web API Request/Response
  *
  * export const GET = withRequestContext(async (request) => {
  *   // Request ID automatically available in logs
  *   logger.info('Fetching users') // Includes requestId automatically
  *
  *   const users = await db.query.users.findMany()
- *   return NextResponse.json(users)
+ *   return Response.json(users)
  * })
  * ```
  */
-export declare function withRequestContext<T = unknown>(handler: ApiHandler<T>): ApiHandler<T>;
+export declare function withRequestContext(handler: ApiHandler): ApiHandler;
 /**
  * Server action wrapper for request context
  *

package/dist/utils/api-wrapper.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"api-wrapper.d.ts","sourceRoot":"","sources":["../../src/utils/api-wrapper.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAS3C;;GAEG;AACH,MAAM,MAAM,UAAU,CAAC,CAAC,GAAG,OAAO,IAAI,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC,QAAQ,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;AAEpG;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,wBAAgB,kBAAkB,CAAC,CAAC,GAAG,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,CAwErF;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,uBAAuB,CAAC,KAAK,SAAS,OAAO,EAAE,EAAE,OAAO,EACtE,MAAM,EAAE,CAAC,GAAG,IAAI,EAAE,KAAK,KAAK,OAAO,CAAC,OAAO,CAAC,GAC3C,CAAC,GAAG,IAAI,EAAE,KAAK,KAAK,OAAO,CAAC,OAAO,CAAC,CAkCtC"}
+{"version":3,"file":"api-wrapper.d.ts","sourceRoot":"","sources":["../../src/utils/api-wrapper.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAUH;;GAEG;AACH,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;AAEjE;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,UAAU,GAAG,UAAU,CAsElE;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,uBAAuB,CAAC,KAAK,SAAS,OAAO,EAAE,EAAE,OAAO,EACtE,MAAM,EAAE,CAAC,GAAG,IAAI,EAAE,KAAK,KAAK,OAAO,CAAC,OAAO,CAAC,GAC3C,CAAC,GAAG,IAAI,EAAE,KAAK,KAAK,OAAO,CAAC,OAAO,CAAC,CAkCtC"}

package/dist/utils/api-wrapper.js

@@ -4,7 +4,6 @@
  * Wraps Next.js API routes to automatically set up request context,
  * error handling, and logging.
  */
-import { NextResponse } from 'next/server';
 import { handleApiError } from './errors.js';
 import { logger } from './logger.js';
 import { createRequestContext, getRequestDuration, runInRequestContext, } from './request-context.js';
@@ -25,14 +24,14 @@ import { createRequestContext, getRequestDuration, runInRequestContext, } from '
  * ```typescript
  * // app/api/users/route.ts
  * import { withRequestContext } from '@revealui/core/utils/api-wrapper'
- * import { NextResponse } from 'next/server'
+ * // Uses standard Web API Request/Response
  *
  * export const GET = withRequestContext(async (request) => {
  *   // Request ID automatically available in logs
  *   logger.info('Fetching users') // Includes requestId automatically
  *
  *   const users = await db.query.users.findMany()
- *   return NextResponse.json(users)
+ *   return Response.json(users)
  * })
  * ```
  */
@@ -41,7 +40,7 @@ export function withRequestContext(handler) {
         // Create request context from headers
         const context = createRequestContext({
             headers: Object.fromEntries(request.headers.entries()),
-            path: request.nextUrl.pathname,
+            path: new URL(request.url).pathname,
             method: request.method,
             ip: request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || undefined,
         });
@@ -64,10 +63,8 @@ export function withRequestContext(handler) {
                 duration,
             });
             // Add request ID to response headers
-            if (response instanceof NextResponse) {
-                response.headers.set('x-request-id', context.requestId);
-                response.headers.set('x-request-duration', duration?.toString() || '0');
-            }
+            response.headers.set('x-request-id', context.requestId);
+            response.headers.set('x-request-duration', duration?.toString() || '0');
             return response;
         }
         catch (error) {
@@ -84,7 +81,7 @@ export function withRequestContext(handler) {
                 method: context.method,
                 path: context.path,
             });
-            const errorResponse = NextResponse.json({
+            const errorResponse = Response.json({
                 error: {
                     message: apiError.message,
                     code: apiError.code,

package/package.json

@@ -1,33 +1,33 @@
 {
   "name": "@revealui/core",
-  "version": "0.5.6",
+  "version": "0.6.0",
   "description": "Runtime engine, REST API, auth, rich text, admin UI, and plugins for RevealUI",
   "license": "MIT",
   "dependencies": {
-    "@electric-sql/pglite": "^0.4.3",
-    "@lexical/clipboard": "^0.42.0",
-    "@lexical/code": "^0.42.0",
-    "@lexical/html": "^0.42.0",
-    "@lexical/link": "^0.42.0",
-    "@lexical/list": "^0.42.0",
-    "@lexical/react": "^0.42.0",
-    "@lexical/rich-text": "^0.42.0",
-    "@lexical/selection": "^0.42.0",
-    "@lexical/table": "^0.42.0",
-    "@lexical/utils": "^0.42.0",
-    "@lexical/yjs": "^0.42.0",
+    "@electric-sql/pglite": "^0.4.4",
+    "@lexical/clipboard": "^0.43.0",
+    "@lexical/code": "^0.43.0",
+    "@lexical/html": "^0.43.0",
+    "@lexical/link": "^0.43.0",
+    "@lexical/list": "^0.43.0",
+    "@lexical/react": "^0.43.0",
+    "@lexical/rich-text": "^0.43.0",
+    "@lexical/selection": "^0.43.0",
+    "@lexical/table": "^0.43.0",
+    "@lexical/utils": "^0.43.0",
+    "@lexical/yjs": "^0.43.0",
     "@vercel/blob": "^2.3.3",
     "bcryptjs": "^3.0.3",
     "dataloader": "^2.2.3",
     "jose": "^6.2.2",
-    "lexical": "^0.42.0",
+    "lexical": "^0.43.0",
     "pg": "^8.20.0",
     "yjs": "^13.6.30",
     "zod": "^4.3.6",
     "@revealui/cache": "0.1.4",
-    "@revealui/contracts": "1.3.7",
+    "@revealui/contracts": "1.4.0",
     "@revealui/resilience": "0.2.4",
-    "@revealui/security": "0.2.7",
+    "@revealui/security": "0.3.0",
     "@revealui/utils": "0.3.4"
   },
   "devDependencies": {
@@ -113,6 +113,10 @@
       "types": "./dist/database/ssl-config.d.ts",
       "import": "./dist/database/ssl-config.js"
     },
+    "./database/type-adapter": {
+      "types": "./dist/database/type-adapter.d.ts",
+      "import": "./dist/database/type-adapter.js"
+    },
     "./storage": {
       "types": "./dist/storage/index.d.ts",
       "import": "./dist/storage/index.js"
@@ -169,10 +173,38 @@
       "types": "./dist/api/rest.d.ts",
       "import": "./dist/api/rest.js"
     },
+    "./api/compression": {
+      "types": "./dist/api/compression.d.ts",
+      "import": "./dist/api/compression.js"
+    },
+    "./api/payload-optimization": {
+      "types": "./dist/api/payload-optimization.d.ts",
+      "import": "./dist/api/payload-optimization.js"
+    },
+    "./api/rate-limit": {
+      "types": "./dist/api/rate-limit.d.ts",
+      "import": "./dist/api/rate-limit.js"
+    },
+    "./api/response-cache": {
+      "types": "./dist/api/response-cache.d.ts",
+      "import": "./dist/api/response-cache.js"
+    },
     "./client": {
       "types": "./dist/client/index.d.ts",
       "import": "./dist/client/index.js"
     },
+    "./client/ui": {
+      "types": "./dist/client/ui/index.d.ts",
+      "import": "./dist/client/ui/index.js"
+    },
+    "./client/admin": {
+      "types": "./dist/client/admin/index.d.ts",
+      "import": "./dist/client/admin/index.js"
+    },
+    "./client/richtext": {
+      "types": "./dist/client/richtext/index.d.ts",
+      "import": "./dist/client/richtext/index.js"
+    },
     "./types/interfaces/app": {
       "types": "./dist/types/interfaces/app.d.ts",
       "import": "./dist/types/interfaces/app.js"
@@ -241,6 +273,10 @@
       "types": "./dist/monitoring/process-registry.d.ts",
       "import": "./dist/monitoring/process-registry.js"
     },
+    "./monitoring/query-monitor": {
+      "types": "./dist/monitoring/query-monitor.d.ts",
+      "import": "./dist/monitoring/query-monitor.js"
+    },
     "./utils/error-responses": {
       "types": "./dist/utils/error-responses.d.ts",
       "import": "./dist/utils/error-responses.js"
@@ -261,6 +297,10 @@
       "types": "./dist/caching/index.d.ts",
       "import": "./dist/caching/index.js"
     },
+    "./cache/query-cache": {
+      "types": "./dist/cache/query-cache.d.ts",
+      "import": "./dist/cache/query-cache.js"
+    },
     "./optimization/code-splitting": {
       "types": "./dist/optimization/code-splitting.d.ts",
       "import": "./dist/optimization/code-splitting.js"
@@ -279,7 +319,6 @@
   ],
   "main": "./dist/index.js",
   "peerDependencies": {
-    "next": "^14.0.0 || ^15.0.0 || ^16.0.0",
     "react": "^18.0.0 || ^19.0.0",
     "react-dom": "^18.0.0 || ^19.0.0"
   },