@rpcbase/db 0.35.0 → 0.36.0

package/dist/index.js

@@ -1,11 +1,14 @@
-import mongoose, { Schema, isValidObjectId, Types, SchemaTypes } from "mongoose";
-import { z, ZodMap, ZodRecord, ZodAny, ZodUnion, ZodNullable, ZodOptional, ZodDefault, ZodDate, ZodEnum, ZodBoolean, ZodArray, ZodObject, ZodNumber, ZodString } from "zod";
-export * from "zod";
+import { a as registerPoliciesFromModules } from "./can-urGFf45M.js";
+import { b, d, f, e, g, c, r } from "./can-urGFf45M.js";
+import mongoose, { Schema as Schema$1, Types } from "mongoose";
+import { default as default2 } from "mongoose";
+import { z } from "zod";
 import { z as z2 } from "zod";
+import { timingSafeEqual, createHmac } from "node:crypto";
+import "./index.browser.js";
 import assert from "assert";
 import { accessibleBy, accessibleRecordsPlugin } from "@casl/mongoose";
-import { AbilityBuilder, createMongoAbility, subject } from "@casl/ability";
-import { timingSafeEqual, createHmac } from "node:crypto";
+import "@casl/ability";
 const ZRBUser = z.object({
   email: z.string().email().optional(),
   password: z.string(),
@@ -16,7 +19,7 @@ const ZRBUser = z.object({
   emailVerificationCode: z.string().length(6).optional(),
   emailVerificationExpiresAt: z.date().optional()
 });
-const RBUserSchema = new Schema({
+const RBUserSchema = new Schema$1({
   email: { type: String, unique: true, sparse: true },
   phone: { type: String, unique: true, sparse: true },
   password: { type: String, required: true },
@@ -31,7 +34,7 @@ const ZRBTenant = z.object({
   parentTenantId: z.string().optional(),
   name: z.string().optional()
 });
-const RBTenantSchema = new Schema({
+const RBTenantSchema = new Schema$1({
   tenantId: { type: String, required: true, unique: true, index: true },
   parentTenantId: { type: String },
   name: { type: String }
@@ -72,7 +75,7 @@ const ZRBTenantSubscription = z.object({
   latestEventAt: z.date().optional(),
   metadata: z.record(z.string(), z.unknown()).optional()
 });
-const RBTenantSubscriptionSchema = new Schema(
+const RBTenantSubscriptionSchema = new Schema$1(
   {
     tenantId: { type: String, required: true, index: true },
     subscriptionId: { type: String, required: true },
@@ -96,7 +99,7 @@ const RBTenantSubscriptionSchema = new Schema(
     providerSubscriptionId: { type: String },
     latestEventId: { type: String },
     latestEventAt: { type: Date },
-    metadata: { type: Schema.Types.Mixed }
+    metadata: { type: Schema$1.Types.Mixed }
   },
   {
     collection: "tenantSubscriptions"
@@ -140,7 +143,7 @@ const ZRBTenantSubscriptionEvent = z.object({
   providerPayload: z.unknown().optional(),
   metadata: z.record(z.string(), z.unknown()).optional()
 });
-const RBTenantSubscriptionEventSchema = new Schema(
+const RBTenantSubscriptionEventSchema = new Schema$1(
   {
     tenantId: { type: String, required: true, index: true },
     subscriptionId: { type: String, required: true, index: true },
@@ -163,8 +166,8 @@ const RBTenantSubscriptionEventSchema = new Schema(
     reason: { type: String },
     provider: { type: String },
     providerEventId: { type: String },
-    providerPayload: { type: Schema.Types.Mixed },
-    metadata: { type: Schema.Types.Mixed }
+    providerPayload: { type: Schema$1.Types.Mixed },
+    metadata: { type: Schema$1.Types.Mixed }
   },
   {
     collection: "tenantSubscriptionEvents"
@@ -176,7 +179,7 @@ const ZRBRtsCounter = z.object({
   _id: z.string(),
   seq: z.number().int().min(0)
 });
-const RBRtsCounterSchema = new Schema(
+const RBRtsCounterSchema = new Schema$1(
   {
     _id: { type: String, required: true },
     seq: { type: Number, required: true, default: 0 }
@@ -196,7 +199,7 @@ const ZRBRtsChange = z.object({
   docId: z.string().optional(),
   ts: z.date()
 });
-const RBRtsChangeSchema = new Schema(
+const RBRtsChangeSchema = new Schema$1(
   {
     seq: { type: Number, required: true },
     modelName: { type: String, required: true, index: true },
@@ -228,7 +231,7 @@ const ZRBUploadSession = z.object({
   isPublic: z.boolean().optional(),
   error: z.string().optional()
 });
-const RBUploadSessionSchema = new Schema(
+const RBUploadSessionSchema = new Schema$1(
   {
     _id: { type: String, required: true },
     userId: { type: String, required: false, index: true },
@@ -277,7 +280,7 @@ const ZRBUploadChunk = z.object({
   createdAt: z.date(),
   expiresAt: z.date()
 });
-const RBUploadChunkSchema = new Schema(
+const RBUploadChunkSchema = new Schema$1(
   {
     uploadId: { type: String, required: true, index: true },
     index: { type: Number, required: true },
@@ -307,7 +310,7 @@ const ZRBNotification = z.object({
   metadata: z.record(z.string(), z.unknown()).optional()
 });
 const TTL_90_DAYS_S = 60 * 60 * 24 * 90;
-const RBNotificationSchema = new Schema(
+const RBNotificationSchema = new Schema$1(
   {
     userId: { type: String, required: true, index: true },
     topic: { type: String, required: false, index: true },
@@ -318,7 +321,7 @@ const RBNotificationSchema = new Schema(
     seenAt: { type: Date, required: false, index: true },
     readAt: { type: Date, required: false, index: true },
     archivedAt: { type: Date, required: false },
-    metadata: { type: Schema.Types.Mixed, required: false }
+    metadata: { type: Schema$1.Types.Mixed, required: false }
   },
   {
     versionKey: false,
@@ -352,7 +355,7 @@ const ZRBNotificationSettings = z.object({
   topicPreferences: z.array(ZRBNotificationTopicPreference).optional(),
   lastDigestSentAt: z.date().optional()
 });
-const TopicPreferenceSchema = new Schema(
+const TopicPreferenceSchema = new Schema$1(
   {
     topic: { type: String, required: true },
     inApp: { type: Boolean, required: true, default: true },
@@ -361,7 +364,7 @@ const TopicPreferenceSchema = new Schema(
   },
   { _id: false }
 );
-const RBNotificationSettingsSchema = new Schema(
+const RBNotificationSettingsSchema = new Schema$1(
   {
     userId: { type: String, required: true },
     digestFrequency: {
@@ -429,723 +432,291 @@ const frameworkSchemas = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.de
   ZRBUploadSessionStatus,
   ZRBUser
 }, Symbol.toStringTag, { value: "Module" }));
-const zmAssert$4 = {
-  string(f) {
-    return f.constructor.name === "ZodString";
-  },
-  number(f) {
-    return f.constructor.name === "ZodNumber";
-  },
-  object(f) {
-    return f.constructor.name === "ZodObject";
-  },
-  array(f) {
-    return f.constructor.name === "ZodArray";
-  },
-  boolean(f) {
-    return f.constructor.name === "ZodBoolean";
-  },
-  enumerable(f) {
-    return f.constructor.name === "ZodEnum";
-  },
-  date(f) {
-    return f.constructor.name === "ZodDate";
-  },
-  def(f) {
-    return f.constructor.name === "ZodDefault";
-  },
-  optional(f) {
-    return f.constructor.name === "ZodOptional";
-  },
-  nullable(f) {
-    return f.constructor.name === "ZodNullable";
-  },
-  union(f) {
-    return f.constructor.name === "ZodUnion";
-  },
-  any(f) {
-    return f.constructor.name === "ZodAny";
-  },
-  mapOrRecord(f) {
-    return f.constructor.name === "ZodMap" || f.constructor.name === "ZodRecord";
-  }
-};
-const zmAssertIds = {
-  objectId(f) {
-    return "__zm_type" in f && f.__zm_type === "ObjectId";
-  },
-  uuid(f) {
-    return "__zm_type" in f && f.__zm_type === "UUID";
+const { Schema, model } = mongoose;
+class PaginationValidationError extends Error {
+  code = "invalid_pagination";
+  statusCode = 400;
+  constructor(message, options) {
+    super(message, options);
+    this.name = "PaginationValidationError";
   }
+}
+const isPaginationValidationError = (error) => {
+  if (!error || typeof error !== "object") return false;
+  const anyError = error;
+  return anyError.name === "PaginationValidationError" && anyError.code === "invalid_pagination" && anyError.statusCode === 400;
 };
-const zmAssert$3 = {
-  string(f) {
-    return f instanceof ZodString;
-  },
-  number(f) {
-    return f instanceof ZodNumber;
-  },
-  object(f) {
-    return f instanceof ZodObject;
-  },
-  array(f) {
-    return f instanceof ZodArray;
-  },
-  boolean(f) {
-    return f instanceof ZodBoolean;
-  },
-  enumerable(f) {
-    return f instanceof ZodEnum;
-  },
-  date(f) {
-    return f instanceof ZodDate;
-  },
-  def(f) {
-    return f instanceof ZodDefault;
-  },
-  optional(f) {
-    return f instanceof ZodOptional;
-  },
-  nullable(f) {
-    return f instanceof ZodNullable;
-  },
-  union(f) {
-    return f instanceof ZodUnion;
-  },
-  any(f) {
-    return f instanceof ZodAny;
-  },
-  mapOrRecord(f) {
-    return f instanceof ZodMap || f instanceof ZodRecord;
+const DISALLOWED_MONGO_FIELD_SEGMENTS = /* @__PURE__ */ new Set(["__proto__", "constructor", "prototype"]);
+const PAGINATION_LIMIT_MAX = 128;
+const normalizePaginationSpec = (spec) => {
+  if (!spec || typeof spec !== "object") throw new PaginationValidationError("Invalid PaginationSpec");
+  const limit = normalizeLimit(spec.limit);
+  const direction = spec.direction ?? "next";
+  if (direction !== "next" && direction !== "prev") throw new PaginationValidationError("Invalid pagination direction");
+  if (!Array.isArray(spec.sort) || spec.sort.length === 0) throw new PaginationValidationError("Invalid pagination sort");
+  const sort = spec.sort.map(({ field, order }) => ({
+    field: assertSafeMongoFieldPath(field),
+    order: normalizeOrder(order)
+  }));
+  const seenFields = /* @__PURE__ */ new Set();
+  for (const { field } of sort) {
+    if (seenFields.has(field)) throw new PaginationValidationError(`Duplicate pagination sort field: ${field}`);
+    seenFields.add(field);
   }
-};
-const zmAssert$2 = {
-  string(f) {
-    return "__zm_type" in f && f.__zm_type === "String";
-  },
-  number(f) {
-    return "__zm_type" in f && f.__zm_type === "Number";
-  },
-  object(f) {
-    return "__zm_type" in f && f.__zm_type === "Object";
-  },
-  array(f) {
-    return "__zm_type" in f && f.__zm_type === "Array";
-  },
-  boolean(f) {
-    return "__zm_type" in f && f.__zm_type === "Boolean";
-  },
-  enumerable(f) {
-    return "__zm_type" in f && f.__zm_type === "Enum";
-  },
-  date(f) {
-    return "__zm_type" in f && f.__zm_type === "Date";
-  },
-  def(f) {
-    return "__zm_type" in f && f.__zm_type === "Default";
-  },
-  optional(f) {
-    return "__zm_type" in f && f.__zm_type === "Optional";
-  },
-  nullable(f) {
-    return "__zm_type" in f && f.__zm_type === "Nullable";
-  },
-  union(f) {
-    return "__zm_type" in f && f.__zm_type === "Union";
-  },
-  any(f) {
-    return "__zm_type" in f && f.__zm_type === "Any";
-  },
-  mapOrRecord(f) {
-    return "__zm_type" in f && (f.__zm_type === "Map" || f.__zm_type === "Record");
+  const primaryOrder = sort[0]?.order;
+  if (!seenFields.has("_id")) {
+    sort.push({ field: "_id", order: primaryOrder });
   }
-};
-const assertions = [zmAssert$4, zmAssert$3, zmAssert$2];
-const zmAssert = Object.keys(zmAssert$4).map((key) => key).reduce((acc, key) => {
-  acc[key] = (f) => {
-    return assertions.some((assertion) => assertion[key](f));
+  return {
+    ...spec,
+    limit,
+    direction,
+    sort
   };
-  return acc;
-}, {});
-const zmAssert$1 = {
-  ...zmAssert,
-  ...zmAssertIds
-};
-let zod_extended = false;
-const isSchemaCandidate = (value) => {
-  return Boolean(value && typeof value === "object" && "_def" in value);
-};
-const resolveSchemaAndFlag = (self, args, defaultFlag = true) => {
-  let schema = isSchemaCandidate(self) ? self : void 0;
-  let flag;
-  if (args.length > 0) {
-    const [firstArg, secondArg] = args;
-    if (typeof firstArg === "boolean") flag = firstArg;
-    if (typeof secondArg === "boolean") flag = secondArg;
-    if (!schema && isSchemaCandidate(firstArg)) {
-      schema = firstArg;
-      if (typeof secondArg === "boolean") flag = secondArg;
-    }
+};
+const normalizeLimit = (limit) => {
+  if (typeof limit !== "number" || !Number.isFinite(limit) || !Number.isInteger(limit) || limit <= 0) {
+    throw new PaginationValidationError("Invalid pagination limit");
   }
-  if (!schema) return { schema: void 0, flag: defaultFlag };
-  if (typeof flag !== "boolean") flag = defaultFlag;
-  return { schema, flag };
-};
-const resolveSchemaAndValue = (self, args) => {
-  let schema = isSchemaCandidate(self) ? self : void 0;
-  let value = args[0];
-  if (!schema && isSchemaCandidate(value)) {
-    schema = value;
-    value = args.length > 1 ? args[1] : void 0;
+  if (limit > PAGINATION_LIMIT_MAX) {
+    throw new PaginationValidationError("Invalid pagination limit");
   }
-  return { schema, value };
-};
-function extendZod(z_0) {
-  if (zod_extended) return;
-  zod_extended = true;
-  const UNIQUE_SUPPORT_LIST = [z_0.ZodString, z_0.ZodNumber, z_0.ZodDate];
-  for (const type of UNIQUE_SUPPORT_LIST) {
-    const proto = type?.prototype;
-    if (!proto) continue;
-    proto.unique = function unique(...args) {
-      const { schema, flag } = resolveSchemaAndFlag(this, args);
-      if (!schema) return this;
-      schema.__zm_unique = flag;
-      if (schema._def && typeof schema._def === "object") {
-        schema._def.__zm_unique = flag;
-      }
-      return schema;
-    };
-    proto.sparse = function sparse(...args) {
-      const { schema, flag } = resolveSchemaAndFlag(this, args);
-      if (!schema) return this;
-      schema.__zm_sparse = flag;
-      if (schema._def && typeof schema._def === "object") {
-        schema._def.__zm_sparse = flag;
-      }
-      return schema;
-    };
+  return limit;
+};
+const normalizeOrder = (order) => {
+  if (order !== "asc" && order !== "desc") throw new PaginationValidationError("Invalid pagination order");
+  return order;
+};
+const assertSafeMongoFieldPath = (field) => {
+  if (typeof field !== "string" || field.length === 0) throw new PaginationValidationError("Invalid pagination sort field");
+  if (field.startsWith("$")) throw new PaginationValidationError("Invalid pagination sort field");
+  const parts = field.split(".");
+  for (const part of parts) {
+    if (part.length === 0) throw new PaginationValidationError("Invalid pagination sort field");
+    if (DISALLOWED_MONGO_FIELD_SEGMENTS.has(part)) throw new PaginationValidationError("Invalid pagination sort field");
+    if (!/^[a-zA-Z0-9_]+$/.test(part)) throw new PaginationValidationError("Invalid pagination sort field");
   }
-  const TypesMap = {
-    String: z_0.ZodString,
-    Number: z_0.ZodNumber,
-    Object: z_0.ZodObject,
-    Array: z_0.ZodArray,
-    Boolean: z_0.ZodBoolean,
-    Enum: z_0.ZodEnum,
-    Date: z_0.ZodDate,
-    Default: z_0.ZodDefault,
-    Optional: z_0.ZodOptional,
-    Nullable: z_0.ZodNullable,
-    Union: z_0.ZodUnion,
-    Any: z_0.ZodAny,
-    Map: z_0.ZodMap,
-    Record: z_0.ZodRecord,
-    Pipe: z_0.ZodPipe
-  };
-  for (const [key, value] of Object.entries(TypesMap)) {
-    if (value?.prototype) {
-      Object.defineProperty(value.prototype, "__zm_type", {
-        value: key,
-        configurable: true,
-        writable: true
-      });
+  return field;
+};
+const encodePaginationCursor = (spec, node, options) => {
+  const normalized = normalizePaginationSpec(spec);
+  const values = /* @__PURE__ */ Object.create(null);
+  for (const { field } of normalized.sort) {
+    const value = readFieldValue(node, field);
+    if (typeof value === "undefined") {
+      throw new Error(`Pagination cursor encode failed (missing field: ${field})`);
     }
+    values[field] = encodeCursorValue(field, value);
   }
-}
-const createId = () => {
-  return z.string().refine((v) => isValidObjectId(v), { error: "Invalid ObjectId" }).or(z.instanceof(Types.ObjectId));
-};
-const zId = (ref) => {
-  const output = createId();
-  const schema = output;
-  schema.__zm_type = "ObjectId";
-  schema.__zm_ref = ref;
-  schema.ref = function ref2(...args) {
-    const { schema: target, value } = resolveSchemaAndValue(this, args);
-    if (!target || typeof value !== "string") return target ?? this;
-    target.__zm_ref = value;
-    if (target._def && typeof target._def === "object") {
-      target._def.__zm_ref = value;
-    }
-    return target;
-  };
-  schema.refPath = function refPath(...args) {
-    const { schema: target, value } = resolveSchemaAndValue(this, args);
-    if (!target || typeof value !== "string") return target ?? this;
-    target.__zm_refPath = value;
-    if (target._def && typeof target._def === "object") {
-      target._def.__zm_refPath = value;
-    }
-    return target;
-  };
-  schema.unique = function unique(...args) {
-    const { schema: target, flag } = resolveSchemaAndFlag(this, args);
-    if (!target) return this;
-    target.__zm_unique = flag;
-    if (target._def && typeof target._def === "object") {
-      target._def.__zm_unique = flag;
-    }
-    return target;
-  };
-  schema.sparse = function sparse(...args) {
-    const { schema: target, flag } = resolveSchemaAndFlag(this, args);
-    if (!target) return this;
-    target.__zm_sparse = flag;
-    if (target._def && typeof target._def === "object") {
-      target._def.__zm_sparse = flag;
-    }
-    return target;
-  };
-  return output;
-};
-const createUUID = () => {
-  return z.uuid({ error: "Invalid UUID" }).or(z.instanceof(Types.UUID));
-};
-const zUUID = (ref) => {
-  const output = createUUID();
-  const schema = output;
-  schema.__zm_type = "UUID";
-  schema.__zm_ref = ref;
-  schema.ref = function ref2(...args) {
-    const { schema: target, value } = resolveSchemaAndValue(this, args);
-    if (!target || typeof value !== "string") return target ?? this;
-    target.__zm_ref = value;
-    if (target._def && typeof target._def === "object") {
-      target._def.__zm_ref = value;
-    }
-    return target;
-  };
-  schema.refPath = function refPath(...args) {
-    const { schema: target, value } = resolveSchemaAndValue(this, args);
-    if (!target || typeof value !== "string") return target ?? this;
-    target.__zm_refPath = value;
-    if (target._def && typeof target._def === "object") {
-      target._def.__zm_refPath = value;
-    }
-    return target;
-  };
-  schema.unique = function unique(...args) {
-    const { schema: target, flag } = resolveSchemaAndFlag(this, args);
-    if (!target) return this;
-    target.__zm_unique = flag;
-    if (target._def && typeof target._def === "object") {
-      target._def.__zm_unique = flag;
-    }
-    return target;
-  };
-  schema.sparse = function sparse(...args) {
-    const { schema: target, flag } = resolveSchemaAndFlag(this, args);
-    if (!target) return this;
-    target.__zm_sparse = flag;
-    if (target._def && typeof target._def === "object") {
-      target._def.__zm_sparse = flag;
-    }
-    return target;
-  };
-  return output;
-};
-const LANGUAGE_CODE_REGEX = /^[a-z]{2,3}(?:-[A-Za-z0-9]{2,8})*$/;
-const LOCALIZED_STRING_PROXY_CACHE = /* @__PURE__ */ new WeakMap();
-function normalizeLocale(locale) {
-  const trimmed = locale.trim();
-  if (!trimmed) return "";
-  const getCanonicalLocales = Intl?.getCanonicalLocales;
-  if (typeof getCanonicalLocales !== "function") return trimmed;
+  const payload = { v: 1, values };
+  const payloadB64 = Buffer.from(JSON.stringify(payload), "utf8").toString("base64url");
+  const sigB64 = signCursorPayloadB64(payloadB64, options.signingSecret);
+  return `${payloadB64}.${sigB64}`;
+};
+const decodePaginationCursor = (spec, cursor, options) => {
+  const normalized = normalizePaginationSpec(spec);
+  const [payloadB64, sigB64, ...rest] = cursor.split(".");
+  if (rest.length > 0) throw new PaginationValidationError("Invalid pagination cursor format");
+  if (!sigB64) throw new PaginationValidationError("Invalid pagination cursor format");
+  verifyCursorSignature(payloadB64, sigB64, options.signingSecret);
+  const payloadRaw = Buffer.from(payloadB64, "base64url").toString("utf8");
+  let payloadUnknown;
   try {
-    return getCanonicalLocales(trimmed)[0] ?? trimmed;
+    payloadUnknown = JSON.parse(payloadRaw);
   } catch {
-    return trimmed;
+    throw new PaginationValidationError("Invalid pagination cursor payload");
   }
-}
-function buildLocaleFallbackChain(locale, fallbacks) {
-  const base = locale.trim();
-  const canonical = normalizeLocale(base);
-  const extra = typeof fallbacks === "string" ? [fallbacks] : fallbacks ?? [];
-  const output = [];
-  const seen = /* @__PURE__ */ new Set();
-  const push = (value) => {
-    if (!value) return;
-    if (seen.has(value)) return;
-    seen.add(value);
-    output.push(value);
-  };
-  const addChain = (value) => {
-    if (!value) return;
-    const parts = value.split("-").filter(Boolean);
-    while (parts.length > 0) {
-      push(parts.join("-"));
-      parts.pop();
+  if (!payloadUnknown || typeof payloadUnknown !== "object") throw new PaginationValidationError("Invalid pagination cursor payload");
+  const payload = payloadUnknown;
+  if (payload.v !== 1) throw new PaginationValidationError("Unsupported pagination cursor version");
+  if (!payload.values || typeof payload.values !== "object") throw new PaginationValidationError("Invalid pagination cursor payload");
+  const decoded = /* @__PURE__ */ Object.create(null);
+  for (const { field } of normalized.sort) {
+    if (!Object.prototype.hasOwnProperty.call(payload.values, field)) {
+      throw new PaginationValidationError(`Pagination cursor missing field: ${field}`);
     }
-  };
-  addChain(base);
-  addChain(canonical);
-  for (const fallback of extra) addChain(normalizeLocale(fallback));
-  return output;
-}
-function resolveLocalizedString(value, locale, options) {
-  if (!value) return void 0;
-  const chain = buildLocaleFallbackChain(locale, options?.fallbacks);
-  if (chain.length === 0) return void 0;
-  const record = value;
-  for (const key of chain) {
-    if (!Object.prototype.hasOwnProperty.call(record, key)) continue;
-    return record[key];
+    const encodedValue = payload.values[field];
+    decoded[field] = decodeCursorValue(field, encodedValue);
   }
-  return void 0;
-}
-function withLocalizedStringFallback(value) {
-  if (!value || typeof value !== "object" || Array.isArray(value)) return value;
-  if (value instanceof Map) return value;
-  const cached = LOCALIZED_STRING_PROXY_CACHE.get(value);
-  if (cached) return cached;
-  const proxy = withFallbackRecord(value);
-  LOCALIZED_STRING_PROXY_CACHE.set(value, proxy);
-  return proxy;
-}
-function withFallbackRecord(record) {
-  const getExact = (key) => record[key];
-  const hasExact = (key) => Object.prototype.hasOwnProperty.call(record, key);
-  return new Proxy(record, {
-    get(target, prop) {
-      if (prop === "getExact") return getExact;
-      if (prop === "hasExact") return hasExact;
-      if (prop === "get") return (key) => resolveLocalizedString(record, key);
-      if (typeof prop === "string" && !(prop in target)) {
-        return resolveLocalizedString(record, prop);
-      }
-      return target[prop];
-    },
-    set(target, prop, next) {
-      target[prop] = next;
-      return true;
-    }
-  });
-}
-const zLocalizedString = () => {
-  const schema = z.record(
-    z.string().regex(LANGUAGE_CODE_REGEX, { message: "Expected a language code (BCP 47, e.g. en or fr-FR)." }),
-    z.string()
-  );
-  schema.__rpcbase_localizedString = true;
-  return schema;
+  return decoded;
 };
-const zI18nString = zLocalizedString;
-function zodSchema(schema, options) {
-  const definition = parseObject(schema);
-  return new Schema(definition, options);
-}
-function zodSchemaRaw(schema) {
-  return parseObject(schema);
-}
-function parseObject(obj) {
-  const object = {};
-  for (const [key, rawField] of Object.entries(obj.shape)) {
-    const field = rawField;
-    if (zmAssert$1.object(field)) {
-      object[key] = parseObject(field);
-    } else {
-      const f = parseField(field);
-      if (!f) throw new Error(`Unsupported field type: ${field.constructor}`);
-      object[key] = f;
-    }
-  }
-  return object;
-}
-function extractCustomValidation(field) {
-  const checks = field._def?.checks;
-  if (!Array.isArray(checks)) return void 0;
-  for (const check of checks) {
-    if (!check || typeof check !== "object") continue;
-    if (check.__zm_validation) {
-      return check.__zm_validation;
-    }
-    const def = check.def;
-    if (!def || def.type !== "custom" || typeof def.fn !== "function") continue;
-    const validator = (value) => {
-      try {
-        const result = def.fn(value, {
-          ctx: {
-            addIssue() {
-              return void 0;
-            }
-          },
-          input: value,
-          parsedType: typeof value
-        });
-        return result !== false;
-      } catch {
-        return false;
-      }
-    };
-    let message;
-    if (typeof def.error === "function") {
-      try {
-        const computed = def.error({
-          ctx: {
-            addIssue() {
-              return void 0;
-            }
-          },
-          input: void 0,
-          parsedType: "unknown"
-        });
-        if (typeof computed === "string") {
-          message = computed;
-        }
-      } catch {
-      }
-    }
-    const validation = {
-      validator,
-      message
-    };
-    check.__zm_validation = validation;
-    return validation;
-  }
-  return void 0;
-}
-function parseField(field, required = true, def, refinement) {
-  if (!field) return null;
-  const customRefinement = extractCustomValidation(field);
-  const directRefinement = field.__zm_validation ?? field._def?.__zm_validation ?? customRefinement;
-  const currentRefinement = refinement ?? directRefinement;
-  if (zmAssert$1.objectId(field)) {
-    const ref = field.__zm_ref;
-    const refPath = field.__zm_refPath;
-    const unique = field.__zm_unique ?? (field._def?.__zm_unique ?? false);
-    const sparse = field.__zm_sparse ?? (field._def?.__zm_sparse ?? false);
-    return parseObjectId(required, ref, unique, refPath, sparse);
-  }
-  if (zmAssert$1.uuid(field)) {
-    const ref = field.__zm_ref;
-    const refPath = field.__zm_refPath;
-    const unique = field.__zm_unique ?? (field._def?.__zm_unique ?? false);
-    const sparse = field.__zm_sparse ?? (field._def?.__zm_sparse ?? false);
-    return parseUUID(required, ref, unique, refPath, sparse);
-  }
-  if (zmAssert$1.object(field)) {
-    return parseObject(field);
-  }
-  if (zmAssert$1.number(field)) {
-    const isUnique = field.__zm_unique ?? field._def?.__zm_unique ?? false;
-    const isSparse = field.__zm_sparse ?? field._def?.__zm_sparse ?? false;
-    return parseNumber(
-      field,
-      required,
-      def,
-      isUnique,
-      currentRefinement,
-      isSparse
-    );
-  }
-  if (zmAssert$1.string(field)) {
-    const isUnique = field.__zm_unique ?? field._def?.__zm_unique ?? false;
-    const isSparse = field.__zm_sparse ?? field._def?.__zm_sparse ?? false;
-    return parseString(
-      field,
-      required,
-      def,
-      isUnique,
-      currentRefinement,
-      isSparse
-    );
-  }
-  if (zmAssert$1.enumerable(field)) {
-    const enumValues = Array.isArray(field.options) ? field.options : Object.values(field.enum ?? {});
-    return parseEnum(enumValues, required, def);
-  }
-  if (zmAssert$1.boolean(field)) {
-    return parseBoolean(required, def);
-  }
-  if (zmAssert$1.date(field)) {
-    const isUnique = field.__zm_unique ?? field._def?.__zm_unique ?? false;
-    const isSparse = field.__zm_sparse ?? field._def?.__zm_sparse ?? false;
-    return parseDate(
-      required,
-      def,
-      currentRefinement,
-      isUnique,
-      isSparse
-    );
-  }
-  if (zmAssert$1.array(field)) {
-    return parseArray(
-      required,
-      field.element,
-      def
-    );
+const signCursorPayloadB64 = (payloadB64, secret) => {
+  return createHmac("sha256", secret).update(payloadB64, "utf8").digest("base64url");
+};
+const verifyCursorSignature = (payloadB64, sigB64, secret) => {
+  const expectedSigB64 = signCursorPayloadB64(payloadB64, secret);
+  const a = Buffer.from(sigB64, "utf8");
+  const b2 = Buffer.from(expectedSigB64, "utf8");
+  if (a.length !== b2.length || !timingSafeEqual(a, b2)) {
+    throw new PaginationValidationError("Invalid pagination cursor signature");
   }
-  if (zmAssert$1.def(field)) {
-    const defaultValue = typeof field._def.defaultValue === "function" ? field._def.defaultValue() : field._def.defaultValue;
-    return parseField(
-      field._def.innerType,
-      required,
-      defaultValue,
-      currentRefinement
-    );
+};
+const encodeCursorValue = (field, value) => {
+  if (value === null) return null;
+  if (field === "_id") {
+    if (value instanceof Types.ObjectId) return { $oid: value.toHexString() };
+    throw new Error("Pagination cursor encode failed (_id must be an ObjectId)");
   }
-  if (zmAssert$1.optional(field)) {
-    return parseField(field._def.innerType, false, void 0, currentRefinement);
+  if (value instanceof Date) return { $date: value.toISOString() };
+  if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") return value;
+  if (value instanceof Types.ObjectId) return { $oid: value.toHexString() };
+  throw new Error(`Unsupported pagination cursor value type for field: ${field}`);
+};
+const decodeCursorValue = (field, value) => {
+  if (value === null) return null;
+  if (typeof value === "string") {
+    if (field === "_id") throw new PaginationValidationError(`Invalid pagination cursor ObjectId for field: ${field}`);
+    return value;
   }
-  if (zmAssert$1.nullable(field)) {
-    return parseField(
-      field._def.innerType,
-      false,
-      def || null,
-      currentRefinement
-    );
+  if (typeof value === "number" || typeof value === "boolean") return value;
+  if (!value || typeof value !== "object") throw new PaginationValidationError(`Invalid pagination cursor value for field: ${field}`);
+  if ("$date" in value) {
+    if (typeof value.$date !== "string") throw new PaginationValidationError(`Invalid pagination cursor date for field: ${field}`);
+    const d2 = new Date(value.$date);
+    if (Number.isNaN(d2.getTime())) throw new PaginationValidationError(`Invalid pagination cursor date for field: ${field}`);
+    return d2;
   }
-  if (zmAssert$1.union(field)) {
-    return parseField(field._def.options[0], required, def, currentRefinement);
+  if ("$oid" in value) {
+    if (typeof value.$oid !== "string" || !Types.ObjectId.isValid(value.$oid)) {
+      throw new PaginationValidationError(`Invalid pagination cursor ObjectId for field: ${field}`);
+    }
+    return new Types.ObjectId(value.$oid);
   }
-  if (zmAssert$1.any(field)) {
-    return parseMixed(required, def);
+  throw new PaginationValidationError(`Invalid pagination cursor value for field: ${field}`);
+};
+const readFieldValue = (node, field) => {
+  if (!node || typeof node !== "object") return void 0;
+  if ("get" in node && typeof node.get === "function") {
+    return node.get(field);
   }
-  if (field.__rpcbase_localizedString) {
+  return field.split(".").reduce((acc, key) => {
+    if (!acc || typeof acc !== "object") return void 0;
+    return acc[key];
+  }, node);
+};
+const compileMongoPagination = (spec, options) => {
+  const normalized = normalizePaginationSpec(spec);
+  const mongoLimit = normalized.limit + 1;
+  const mongoSort = toMongoSort(normalized);
+  if (normalized.cursor == null) {
     return {
-      type: SchemaTypes.Mixed,
-      default: def,
-      required,
-      validate: {
-        validator: (value) => {
-          if (value == null) return true;
-          if (typeof value !== "object" || Array.isArray(value)) return false;
-          const proto = Object.getPrototypeOf(value);
-          if (proto !== Object.prototype && proto !== null) return false;
-          for (const [key, entry] of Object.entries(value)) {
-            if (!LANGUAGE_CODE_REGEX.test(key)) return false;
-            if (typeof entry !== "string") return false;
-          }
-          return true;
-        },
-        message: "Expected a localized string record."
-      },
-      get: (value) => value == null ? value : withLocalizedStringFallback(value)
+      spec: normalized,
+      mongoFilterDelta: {},
+      mongoSort,
+      mongoLimit
     };
   }
-  if (zmAssert$1.mapOrRecord(field)) {
-    const mapValueType = field.valueType ?? field.valueSchema;
-    const mapKeyType = field.keyType ?? field.keySchema;
-    if (!mapKeyType) {
-      throw new Error("Unsupported map key type: undefined");
-    }
-    return parseMap(
-      required,
-      mapValueType,
-      def
-    );
+  if (typeof normalized.cursor !== "string" || normalized.cursor.length === 0) {
+    throw new PaginationValidationError("Invalid pagination cursor");
   }
-  return null;
-}
-function parseNumber(field, required = true, def, unique = false, validate, sparse = false) {
-  const output = {
-    type: Number,
-    default: def,
-    min: field.minValue ?? void 0,
-    max: field.maxValue ?? void 0,
-    required,
-    unique,
-    sparse
-  };
-  if (validate) output.validate = validate;
-  return output;
-}
-function parseString(field, required = true, def, unique = false, validate, sparse = false) {
-  const output = {
-    type: String,
-    default: def,
-    required,
-    minLength: field.minLength ?? void 0,
-    maxLength: field.maxLength ?? void 0,
-    unique,
-    sparse
-  };
-  if (validate) output.validate = validate;
-  return output;
-}
-function parseEnum(values, required = true, def) {
+  const cursorValues = decodePaginationCursor(normalized, normalized.cursor, options.cursor);
+  const mongoFilterDelta = buildKeysetFilterDelta(normalized, cursorValues);
   return {
-    type: String,
-    unique: false,
-    sparse: false,
-    default: def,
-    enum: values,
-    required
+    spec: normalized,
+    mongoFilterDelta,
+    mongoSort,
+    mongoLimit
   };
-}
-function parseBoolean(required = true, def) {
-  return {
-    type: Boolean,
-    default: def,
-    required
-  };
-}
-function parseDate(required = true, def, validate, unique = false, sparse = false) {
-  const output = {
-    type: Date,
-    default: def,
-    required,
-    unique,
-    sparse
-  };
-  if (validate) output.validate = validate;
-  return output;
-}
-function parseObjectId(required = true, ref, unique = false, refPath, sparse = false) {
-  const output = {
-    type: SchemaTypes.ObjectId,
-    required,
-    unique,
-    sparse
-  };
-  if (ref) output.ref = ref;
-  if (refPath) output.refPath = refPath;
-  return output;
-}
-function parseArray(required = true, element, def) {
-  const innerType = parseField(element);
-  if (!innerType) throw new Error("Unsupported array type");
-  return {
-    type: [innerType],
-    default: def,
-    required
-  };
-}
-function parseMap(required = true, valueType, def) {
-  if (!valueType) {
-    throw new Error("Unsupported map value type: undefined");
+};
+const toMongoSort = (spec) => {
+  const mongoSort = /* @__PURE__ */ Object.create(null);
+  for (const { field, order } of spec.sort) {
+    const forQueryOrder = spec.direction === "prev" ? invertOrder(order) : order;
+    mongoSort[field] = forQueryOrder === "asc" ? 1 : -1;
   }
-  const pointer = parseField(valueType);
-  if (!pointer) {
-    const typeName = valueType?.constructor?.name ?? "unknown";
-    throw new Error(`Unsupported map value type (${typeName})`);
+  return mongoSort;
+};
+const buildKeysetFilterDelta = (spec, cursorValues) => {
+  const branches = [];
+  for (let i = 0; i < spec.sort.length; i++) {
+    const current = spec.sort[i];
+    if (!current) continue;
+    const and = [];
+    for (let j = 0; j < i; j++) {
+      const prev = spec.sort[j];
+      if (!prev) continue;
+      const eq = /* @__PURE__ */ Object.create(null);
+      eq[prev.field] = cursorValues[prev.field];
+      and.push(eq);
+    }
+    const op = getKeysetOp(current.order, spec.direction);
+    const cmpOp = /* @__PURE__ */ Object.create(null);
+    cmpOp[op] = cursorValues[current.field];
+    const cmp = /* @__PURE__ */ Object.create(null);
+    cmp[current.field] = cmpOp;
+    and.push(cmp);
+    branches.push(and.length === 1 ? and[0] : { $and: and });
   }
-  return {
-    type: Map,
-    of: pointer,
-    default: def,
-    required
-  };
-}
-function parseUUID(required = true, ref, unique = false, refPath, sparse = false) {
-  const output = {
-    type: SchemaTypes.UUID,
-    required,
-    unique,
-    sparse
+  return { $or: branches };
+};
+const getKeysetOp = (order, direction) => {
+  if (direction === "next") return order === "asc" ? "$gt" : "$lt";
+  return order === "asc" ? "$lt" : "$gt";
+};
+const invertOrder = (order) => {
+  return order === "asc" ? "desc" : "asc";
+};
+const materializeMongoPagination = (compiled, fetchedNodes, options) => {
+  const limit = compiled.spec.limit;
+  const hasMore = fetchedNodes.length > limit;
+  const trimmed = fetchedNodes.slice(0, limit);
+  const nodes = compiled.spec.direction === "prev" ? trimmed.reverse() : trimmed;
+  const hasPrevPage = compiled.spec.direction === "next" ? Boolean(compiled.spec.cursor) : hasMore;
+  const hasNextPage = compiled.spec.direction === "next" ? hasMore : Boolean(compiled.spec.cursor);
+  const pageInfo = {
+    hasNextPage,
+    hasPrevPage
   };
-  if (ref) output.ref = ref;
-  if (refPath) output.refPath = refPath;
-  return output;
-}
-function parseMixed(required = true, def) {
-  return {
-    type: SchemaTypes.Mixed,
-    default: def,
-    required
+  if (nodes.length === 0) {
+    return { nodes, pageInfo };
+  }
+  if (hasPrevPage) {
+    pageInfo.prevCursor = encodePaginationCursor(compiled.spec, nodes[0], options.cursor);
+  }
+  if (hasNextPage) {
+    pageInfo.nextCursor = encodePaginationCursor(compiled.spec, nodes[nodes.length - 1], options.cursor);
+  }
+  return { nodes, pageInfo };
+};
+const MongoAdapter = {
+  applyPagination: (query, compiled) => {
+    query.where(compiled.mongoFilterDelta);
+    query.sort(compiled.mongoSort);
+    query.limit(compiled.mongoLimit);
+    return query;
+  }
+};
+const paginateMongoQuery = async (query, pagination, options) => {
+  const compiled = compileMongoPagination(pagination, { cursor: options.cursor });
+  MongoAdapter.applyPagination(query, compiled);
+  const fetchedNodes = await query.exec();
+  if (!Array.isArray(fetchedNodes)) {
+    throw new Error("paginateMongoQuery expects query.exec() to return an array");
+  }
+  return materializeMongoPagination(compiled, fetchedNodes, { cursor: options.cursor });
+};
+const getQueryOptions$1 = (query) => {
+  if (!query || typeof query !== "object") return void 0;
+  if (!("getOptions" in query) || typeof query.getOptions !== "function") return void 0;
+  return query.getOptions();
+};
+const getPaginationFromOptions = (query) => {
+  const options = getQueryOptions$1(query);
+  return options?.pagination;
+};
+const getCursorFromOptions = (query) => {
+  const options = getQueryOptions$1(query);
+  return options?.paginationCursor;
+};
+const mongoPaginationPlugin = (schema, pluginOptions) => {
+  schema.query.paginate = async function(pagination, options) {
+    const spec = pagination ?? getPaginationFromOptions(this);
+    if (!spec) throw new Error("Missing pagination spec");
+    const cursor = options?.cursor ?? getCursorFromOptions(this) ?? pluginOptions?.cursor;
+    if (!cursor?.signingSecret) throw new Error("Missing pagination cursor signingSecret");
+    return await paginateMongoQuery(this, spec, { cursor });
   };
-}
+};
 const getAppName$1 = (env = process.env) => {
   const appName = env.APP_NAME?.trim();
   if (!appName) {
@@ -1237,11 +808,11 @@ const insertChanges = async (db, changes) => {
   if (!changes.length) return;
   const { RtsChange } = getRtsModels(db);
   const ts = /* @__PURE__ */ new Date();
-  await RtsChange.insertMany(changes.map((c) => ({
-    seq: c.seq,
-    modelName: c.modelName,
-    op: c.op,
-    docId: c.docId ?? void 0,
+  await RtsChange.insertMany(changes.map((c2) => ({
+    seq: c2.seq,
+    modelName: c2.modelName,
+    op: c2.op,
+    docId: c2.docId ?? void 0,
     ts
   })));
 };
@@ -1272,7 +843,7 @@ const captureDeleteMeta = async (query, mode) => {
     findQuery.limit(maxDeleteIds + 1);
   }
   const docs = await findQuery;
-  const ids = Array.isArray(docs) ? docs.map((d) => normalizeId(d?._id)).filter((id) => Boolean(id)) : [];
+  const ids = Array.isArray(docs) ? docs.map((d2) => normalizeId(d2?._id)).filter((id) => Boolean(id)) : [];
   const reset = mode === "many" && ids.length > maxDeleteIds;
   const trimmedIds = reset ? [] : ids;
   const meta = {
@@ -1326,125 +897,6 @@ const rtsChangeLogPlugin = (schema) => {
     }
   });
 };
-const POLICIES_GLOBAL_KEY = /* @__PURE__ */ Symbol.for("@rpcbase/db/acl/policiesBySubject");
-const getGlobalPoliciesMap = () => {
-  const store = globalThis;
-  const existing = store[POLICIES_GLOBAL_KEY];
-  if (existing instanceof Map) {
-    return existing;
-  }
-  const created = /* @__PURE__ */ new Map();
-  store[POLICIES_GLOBAL_KEY] = created;
-  return created;
-};
-const policiesBySubject = getGlobalPoliciesMap();
-const isPolicy = (value) => {
-  if (!value || typeof value !== "object") return false;
-  const maybe = value;
-  return typeof maybe.subject === "string" && typeof maybe.define === "function";
-};
-const registerPolicy = (policy) => {
-  const set = policiesBySubject.get(policy.subject) ?? /* @__PURE__ */ new Set();
-  set.add(policy.define);
-  policiesBySubject.set(policy.subject, set);
-};
-const registerPoliciesFromModules = (modules) => {
-  for (const [exportName, value] of Object.entries(modules)) {
-    if (!isPolicy(value)) continue;
-    if (!exportName.endsWith("Policy")) {
-      throw new Error(
-        `Invalid policy export name "${exportName}". Policies must be exported as "<ModelName>Policy".`
-      );
-    }
-    const expectedSubject = exportName.slice(0, -"Policy".length);
-    if (value.subject !== expectedSubject) {
-      throw new Error(
-        `Invalid policy "${exportName}": expected subject "${expectedSubject}", got "${value.subject}".`
-      );
-    }
-    registerPolicy(value);
-  }
-};
-const getRegisteredPolicies = () => {
-  const out = [];
-  for (const set of policiesBySubject.values()) {
-    for (const fn of set) out.push(fn);
-  }
-  return out;
-};
-const buildAbility = (ctx) => {
-  const builder = new AbilityBuilder(createMongoAbility);
-  const { can: can2 } = builder;
-  if (ctx.roles.includes("owner") || ctx.roles.includes("admin")) {
-    can2("manage", "all");
-  }
-  for (const define of getRegisteredPolicies()) {
-    define(builder, ctx);
-  }
-  return builder.build();
-};
-const normalizeRole = (raw) => {
-  if (typeof raw !== "string") return null;
-  const normalized = raw.trim();
-  return normalized ? normalized : null;
-};
-const normalizeRoles = (raw) => {
-  if (Array.isArray(raw)) {
-    return raw.map(normalizeRole).filter((r) => Boolean(r));
-  }
-  const role = normalizeRole(raw);
-  return role ? [role] : [];
-};
-const normalizeRolesByTenantId = (raw) => {
-  if (!raw || typeof raw !== "object") return null;
-  if (raw instanceof Map) {
-    return Object.fromEntries(Array.from(raw.entries()).map(([key, value]) => [String(key), normalizeRoles(value)]));
-  }
-  const obj = raw;
-  const out = {};
-  for (const [key, value] of Object.entries(obj)) {
-    const tenantId = String(key).trim();
-    if (!tenantId) continue;
-    out[tenantId] = normalizeRoles(value);
-  }
-  return out;
-};
-const getTenantRolesFromSessionUser = (user, tenantId) => {
-  if (!user || typeof user !== "object") return [];
-  const rolesByTenantId = normalizeRolesByTenantId(user.tenantRoles);
-  if (!rolesByTenantId) return [];
-  return rolesByTenantId[tenantId]?.filter(Boolean) ?? [];
-};
-const buildAbilityFromSession = ({
-  tenantId,
-  session,
-  claims
-}) => {
-  const user = session?.user;
-  const userId = typeof user?.id === "string" ? user.id.trim() : "";
-  const rolesByTenantId = normalizeRolesByTenantId(user?.tenantRoles);
-  const hasExplicitTenantEntry = Boolean(
-    rolesByTenantId && Object.prototype.hasOwnProperty.call(rolesByTenantId, tenantId)
-  );
-  const signedInTenantsRaw = user?.signedInTenants;
-  const signedInTenants = Array.isArray(signedInTenantsRaw) ? signedInTenantsRaw.map(String) : [];
-  const roles = hasExplicitTenantEntry ? rolesByTenantId[tenantId] ?? [] : userId && signedInTenants.includes(tenantId) ? ["owner"] : getTenantRolesFromSessionUser(user, tenantId);
-  return buildAbility({
-    tenantId,
-    userId: userId || null,
-    roles,
-    claims
-  });
-};
-const getAccessibleByQuery = (ability, action, subject2) => {
-  return accessibleBy(ability, action).ofType(subject2);
-};
-const can = (ability, action, subjectType, object) => {
-  if (object && typeof object === "object") {
-    return ability.can(action, subject(subjectType, object));
-  }
-  return ability.can(action, subjectType);
-};
 const isRecord = (value) => Boolean(value) && typeof value === "object" && !Array.isArray(value);
 const mergeMongoQuery = (left, right) => {
   const leftQuery = isRecord(left) ? left : {};
@@ -1452,13 +904,13 @@ const mergeMongoQuery = (left, right) => {
   if (Object.keys(right).length === 0) return leftQuery;
   return { $and: [leftQuery, right] };
 };
-const getQueryOptions$1 = (query) => {
+const getQueryOptions = (query) => {
   if (!query || typeof query !== "object") return void 0;
   if (!("getOptions" in query) || typeof query.getOptions !== "function") return void 0;
   return query.getOptions();
 };
 const getStoredAclFromQuery = (query) => {
-  const options = getQueryOptions$1(query);
+  const options = getQueryOptions(query);
   const raw = options?.rbAcl;
   if (!isRecord(raw)) return null;
   if (!("ability" in raw)) return null;
@@ -1526,8 +978,8 @@ const patchAggregateAcl = () => {
     return this;
   };
 };
-const createModelAclProxy = (model, ability) => {
-  return new Proxy(model, {
+const createModelAclProxy = (model2, ability) => {
+  return new Proxy(model2, {
     get(target, prop, receiver) {
       const value = Reflect.get(target, prop, receiver);
       if (typeof value !== "function") return value;
@@ -1590,290 +1042,6 @@ const mongooseAclPlugin = (schema) => {
     addQueryAclFilter(this, "update");
   });
 };
-class PaginationValidationError extends Error {
-  code = "invalid_pagination";
-  statusCode = 400;
-  constructor(message, options) {
-    super(message, options);
-    this.name = "PaginationValidationError";
-  }
-}
-const isPaginationValidationError = (error) => {
-  if (!error || typeof error !== "object") return false;
-  const anyError = error;
-  return anyError.name === "PaginationValidationError" && anyError.code === "invalid_pagination" && anyError.statusCode === 400;
-};
-const DISALLOWED_MONGO_FIELD_SEGMENTS = /* @__PURE__ */ new Set(["__proto__", "constructor", "prototype"]);
-const PAGINATION_LIMIT_MAX = 128;
-const normalizePaginationSpec = (spec) => {
-  if (!spec || typeof spec !== "object") throw new PaginationValidationError("Invalid PaginationSpec");
-  const limit = normalizeLimit(spec.limit);
-  const direction = spec.direction ?? "next";
-  if (direction !== "next" && direction !== "prev") throw new PaginationValidationError("Invalid pagination direction");
-  if (!Array.isArray(spec.sort) || spec.sort.length === 0) throw new PaginationValidationError("Invalid pagination sort");
-  const sort = spec.sort.map(({ field, order }) => ({
-    field: assertSafeMongoFieldPath(field),
-    order: normalizeOrder(order)
-  }));
-  const seenFields = /* @__PURE__ */ new Set();
-  for (const { field } of sort) {
-    if (seenFields.has(field)) throw new PaginationValidationError(`Duplicate pagination sort field: ${field}`);
-    seenFields.add(field);
-  }
-  const primaryOrder = sort[0]?.order;
-  if (!seenFields.has("_id")) {
-    sort.push({ field: "_id", order: primaryOrder });
-  }
-  return {
-    ...spec,
-    limit,
-    direction,
-    sort
-  };
-};
-const normalizeLimit = (limit) => {
-  if (typeof limit !== "number" || !Number.isFinite(limit) || !Number.isInteger(limit) || limit <= 0) {
-    throw new PaginationValidationError("Invalid pagination limit");
-  }
-  if (limit > PAGINATION_LIMIT_MAX) {
-    throw new PaginationValidationError("Invalid pagination limit");
-  }
-  return limit;
-};
-const normalizeOrder = (order) => {
-  if (order !== "asc" && order !== "desc") throw new PaginationValidationError("Invalid pagination order");
-  return order;
-};
-const assertSafeMongoFieldPath = (field) => {
-  if (typeof field !== "string" || field.length === 0) throw new PaginationValidationError("Invalid pagination sort field");
-  if (field.startsWith("$")) throw new PaginationValidationError("Invalid pagination sort field");
-  const parts = field.split(".");
-  for (const part of parts) {
-    if (part.length === 0) throw new PaginationValidationError("Invalid pagination sort field");
-    if (DISALLOWED_MONGO_FIELD_SEGMENTS.has(part)) throw new PaginationValidationError("Invalid pagination sort field");
-    if (!/^[a-zA-Z0-9_]+$/.test(part)) throw new PaginationValidationError("Invalid pagination sort field");
-  }
-  return field;
-};
-const encodePaginationCursor = (spec, node, options) => {
-  const normalized = normalizePaginationSpec(spec);
-  const values = /* @__PURE__ */ Object.create(null);
-  for (const { field } of normalized.sort) {
-    const value = readFieldValue(node, field);
-    if (typeof value === "undefined") {
-      throw new Error(`Pagination cursor encode failed (missing field: ${field})`);
-    }
-    values[field] = encodeCursorValue(field, value);
-  }
-  const payload = { v: 1, values };
-  const payloadB64 = Buffer.from(JSON.stringify(payload), "utf8").toString("base64url");
-  const sigB64 = signCursorPayloadB64(payloadB64, options.signingSecret);
-  return `${payloadB64}.${sigB64}`;
-};
-const decodePaginationCursor = (spec, cursor, options) => {
-  const normalized = normalizePaginationSpec(spec);
-  const [payloadB64, sigB64, ...rest] = cursor.split(".");
-  if (rest.length > 0) throw new PaginationValidationError("Invalid pagination cursor format");
-  if (!sigB64) throw new PaginationValidationError("Invalid pagination cursor format");
-  verifyCursorSignature(payloadB64, sigB64, options.signingSecret);
-  const payloadRaw = Buffer.from(payloadB64, "base64url").toString("utf8");
-  let payloadUnknown;
-  try {
-    payloadUnknown = JSON.parse(payloadRaw);
-  } catch {
-    throw new PaginationValidationError("Invalid pagination cursor payload");
-  }
-  if (!payloadUnknown || typeof payloadUnknown !== "object") throw new PaginationValidationError("Invalid pagination cursor payload");
-  const payload = payloadUnknown;
-  if (payload.v !== 1) throw new PaginationValidationError("Unsupported pagination cursor version");
-  if (!payload.values || typeof payload.values !== "object") throw new PaginationValidationError("Invalid pagination cursor payload");
-  const decoded = /* @__PURE__ */ Object.create(null);
-  for (const { field } of normalized.sort) {
-    if (!Object.prototype.hasOwnProperty.call(payload.values, field)) {
-      throw new PaginationValidationError(`Pagination cursor missing field: ${field}`);
-    }
-    const encodedValue = payload.values[field];
-    decoded[field] = decodeCursorValue(field, encodedValue);
-  }
-  return decoded;
-};
-const signCursorPayloadB64 = (payloadB64, secret) => {
-  return createHmac("sha256", secret).update(payloadB64, "utf8").digest("base64url");
-};
-const verifyCursorSignature = (payloadB64, sigB64, secret) => {
-  const expectedSigB64 = signCursorPayloadB64(payloadB64, secret);
-  const a = Buffer.from(sigB64, "utf8");
-  const b = Buffer.from(expectedSigB64, "utf8");
-  if (a.length !== b.length || !timingSafeEqual(a, b)) {
-    throw new PaginationValidationError("Invalid pagination cursor signature");
-  }
-};
-const encodeCursorValue = (field, value) => {
-  if (value === null) return null;
-  if (field === "_id") {
-    if (value instanceof Types.ObjectId) return { $oid: value.toHexString() };
-    throw new Error("Pagination cursor encode failed (_id must be an ObjectId)");
-  }
-  if (value instanceof Date) return { $date: value.toISOString() };
-  if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") return value;
-  if (value instanceof Types.ObjectId) return { $oid: value.toHexString() };
-  throw new Error(`Unsupported pagination cursor value type for field: ${field}`);
-};
-const decodeCursorValue = (field, value) => {
-  if (value === null) return null;
-  if (typeof value === "string") {
-    if (field === "_id") throw new PaginationValidationError(`Invalid pagination cursor ObjectId for field: ${field}`);
-    return value;
-  }
-  if (typeof value === "number" || typeof value === "boolean") return value;
-  if (!value || typeof value !== "object") throw new PaginationValidationError(`Invalid pagination cursor value for field: ${field}`);
-  if ("$date" in value) {
-    if (typeof value.$date !== "string") throw new PaginationValidationError(`Invalid pagination cursor date for field: ${field}`);
-    const d = new Date(value.$date);
-    if (Number.isNaN(d.getTime())) throw new PaginationValidationError(`Invalid pagination cursor date for field: ${field}`);
-    return d;
-  }
-  if ("$oid" in value) {
-    if (typeof value.$oid !== "string" || !Types.ObjectId.isValid(value.$oid)) {
-      throw new PaginationValidationError(`Invalid pagination cursor ObjectId for field: ${field}`);
-    }
-    return new Types.ObjectId(value.$oid);
-  }
-  throw new PaginationValidationError(`Invalid pagination cursor value for field: ${field}`);
-};
-const readFieldValue = (node, field) => {
-  if (!node || typeof node !== "object") return void 0;
-  if ("get" in node && typeof node.get === "function") {
-    return node.get(field);
-  }
-  return field.split(".").reduce((acc, key) => {
-    if (!acc || typeof acc !== "object") return void 0;
-    return acc[key];
-  }, node);
-};
-const compileMongoPagination = (spec, options) => {
-  const normalized = normalizePaginationSpec(spec);
-  const mongoLimit = normalized.limit + 1;
-  const mongoSort = toMongoSort(normalized);
-  if (normalized.cursor == null) {
-    return {
-      spec: normalized,
-      mongoFilterDelta: {},
-      mongoSort,
-      mongoLimit
-    };
-  }
-  if (typeof normalized.cursor !== "string" || normalized.cursor.length === 0) {
-    throw new PaginationValidationError("Invalid pagination cursor");
-  }
-  const cursorValues = decodePaginationCursor(normalized, normalized.cursor, options.cursor);
-  const mongoFilterDelta = buildKeysetFilterDelta(normalized, cursorValues);
-  return {
-    spec: normalized,
-    mongoFilterDelta,
-    mongoSort,
-    mongoLimit
-  };
-};
-const toMongoSort = (spec) => {
-  const mongoSort = /* @__PURE__ */ Object.create(null);
-  for (const { field, order } of spec.sort) {
-    const forQueryOrder = spec.direction === "prev" ? invertOrder(order) : order;
-    mongoSort[field] = forQueryOrder === "asc" ? 1 : -1;
-  }
-  return mongoSort;
-};
-const buildKeysetFilterDelta = (spec, cursorValues) => {
-  const branches = [];
-  for (let i = 0; i < spec.sort.length; i++) {
-    const current = spec.sort[i];
-    if (!current) continue;
-    const and = [];
-    for (let j = 0; j < i; j++) {
-      const prev = spec.sort[j];
-      if (!prev) continue;
-      const eq = /* @__PURE__ */ Object.create(null);
-      eq[prev.field] = cursorValues[prev.field];
-      and.push(eq);
-    }
-    const op = getKeysetOp(current.order, spec.direction);
-    const cmpOp = /* @__PURE__ */ Object.create(null);
-    cmpOp[op] = cursorValues[current.field];
-    const cmp = /* @__PURE__ */ Object.create(null);
-    cmp[current.field] = cmpOp;
-    and.push(cmp);
-    branches.push(and.length === 1 ? and[0] : { $and: and });
-  }
-  return { $or: branches };
-};
-const getKeysetOp = (order, direction) => {
-  if (direction === "next") return order === "asc" ? "$gt" : "$lt";
-  return order === "asc" ? "$lt" : "$gt";
-};
-const invertOrder = (order) => {
-  return order === "asc" ? "desc" : "asc";
-};
-const materializeMongoPagination = (compiled, fetchedNodes, options) => {
-  const limit = compiled.spec.limit;
-  const hasMore = fetchedNodes.length > limit;
-  const trimmed = fetchedNodes.slice(0, limit);
-  const nodes = compiled.spec.direction === "prev" ? trimmed.reverse() : trimmed;
-  const hasPrevPage = compiled.spec.direction === "next" ? Boolean(compiled.spec.cursor) : hasMore;
-  const hasNextPage = compiled.spec.direction === "next" ? hasMore : Boolean(compiled.spec.cursor);
-  const pageInfo = {
-    hasNextPage,
-    hasPrevPage
-  };
-  if (nodes.length === 0) {
-    return { nodes, pageInfo };
-  }
-  if (hasPrevPage) {
-    pageInfo.prevCursor = encodePaginationCursor(compiled.spec, nodes[0], options.cursor);
-  }
-  if (hasNextPage) {
-    pageInfo.nextCursor = encodePaginationCursor(compiled.spec, nodes[nodes.length - 1], options.cursor);
-  }
-  return { nodes, pageInfo };
-};
-const MongoAdapter = {
-  applyPagination: (query, compiled) => {
-    query.where(compiled.mongoFilterDelta);
-    query.sort(compiled.mongoSort);
-    query.limit(compiled.mongoLimit);
-    return query;
-  }
-};
-const paginateMongoQuery = async (query, pagination, options) => {
-  const compiled = compileMongoPagination(pagination, { cursor: options.cursor });
-  MongoAdapter.applyPagination(query, compiled);
-  const fetchedNodes = await query.exec();
-  if (!Array.isArray(fetchedNodes)) {
-    throw new Error("paginateMongoQuery expects query.exec() to return an array");
-  }
-  return materializeMongoPagination(compiled, fetchedNodes, { cursor: options.cursor });
-};
-const getQueryOptions = (query) => {
-  if (!query || typeof query !== "object") return void 0;
-  if (!("getOptions" in query) || typeof query.getOptions !== "function") return void 0;
-  return query.getOptions();
-};
-const getPaginationFromOptions = (query) => {
-  const options = getQueryOptions(query);
-  return options?.pagination;
-};
-const getCursorFromOptions = (query) => {
-  const options = getQueryOptions(query);
-  return options?.paginationCursor;
-};
-const mongoPaginationPlugin = (schema, pluginOptions) => {
-  schema.query.paginate = async function(pagination, options) {
-    const spec = pagination ?? getPaginationFromOptions(this);
-    if (!spec) throw new Error("Missing pagination spec");
-    const cursor = options?.cursor ?? getCursorFromOptions(this) ?? pluginOptions?.cursor;
-    if (!cursor?.signingSecret) throw new Error("Missing pagination cursor signingSecret");
-    return await paginateMongoQuery(this, spec, { cursor });
-  };
-};
 let cachedModels = null;
 const DEFAULT_GLOBAL_RB_MODEL_NAMES_SET = /* @__PURE__ */ new Set([
   "RBUser",
@@ -2010,6 +1178,16 @@ const createModels = (modules) => {
     getGlobal
   };
 };
+function extendMongooseSchema(baseSchema, ...extensions) {
+  const schema = baseSchema.clone();
+  extensions.forEach((extension) => schema.add(extension));
+  return schema;
+}
+function omitSchemaPaths(schema, paths) {
+  const clone = schema.clone();
+  paths.forEach((path) => clone.remove(path));
+  return clone;
+}
 const getAppName = () => {
   const appName = process.env.APP_NAME?.trim();
   assert(appName, "Missing APP_NAME");
@@ -2028,7 +1206,6 @@ const getTenantFilesystemDbFromCtx = async (ctx) => {
   return getTenantFilesystemDb(tenantId);
 };
 export {
-  LANGUAGE_CODE_REGEX,
   PaginationValidationError,
   RBNotificationPolicy,
   RBNotificationSchema,
@@ -2043,6 +1220,7 @@ export {
   RBUploadSessionPolicy,
   RBUploadSessionSchema,
   RBUserSchema,
+  Schema,
   ZRBNotification,
   ZRBNotificationDigestFrequency,
   ZRBNotificationSettings,
@@ -2063,30 +1241,24 @@ export {
   ZRBUploadSession,
   ZRBUploadSessionStatus,
   ZRBUser,
-  buildAbility,
-  buildAbilityFromSession,
-  buildLocaleFallbackChain,
-  can,
+  b as buildAbility,
+  d as buildAbilityFromSession,
+  f as can,
   createModels,
-  extendZod,
-  getAccessibleByQuery,
-  getRegisteredPolicies,
+  extendMongooseSchema,
+  e as getAccessibleByQuery,
+  g as getRegisteredPolicies,
   getTenantFilesystemDb,
   getTenantFilesystemDbFromCtx,
   getTenantFilesystemDbName,
-  getTenantRolesFromSessionUser,
+  c as getTenantRolesFromSessionUser,
   isPaginationValidationError,
+  model,
   models,
   mongoPaginationPlugin,
+  default2 as mongoose,
+  omitSchemaPaths,
   registerPoliciesFromModules,
-  registerPolicy,
-  resolveLocalizedString,
-  withLocalizedStringFallback,
-  z2 as z,
-  zI18nString,
-  zId,
-  zLocalizedString,
-  zUUID,
-  zodSchema,
-  zodSchemaRaw
+  r as registerPolicy,
+  z2 as z
 };