@sonicjs-cms/core 2.10.0 → 2.11.0

package/dist/index.cjs

@@ -1,19 +1,19 @@
 'use strict';
 
-var chunkRCA6R6VE_cjs = require('./chunk-RCA6R6VE.cjs');
-var chunk64APW3DW_cjs = require('./chunk-64APW3DW.cjs');
-var chunkIT2TC4ZD_cjs = require('./chunk-IT2TC4ZD.cjs');
-var chunkIIBRG5S5_cjs = require('./chunk-IIBRG5S5.cjs');
-var chunkZMVWMJ3S_cjs = require('./chunk-ZMVWMJ3S.cjs');
+var chunkASAEJ4B7_cjs = require('./chunk-ASAEJ4B7.cjs');
+var chunkLFAQUR7P_cjs = require('./chunk-LFAQUR7P.cjs');
+var chunkB2ASV5RD_cjs = require('./chunk-B2ASV5RD.cjs');
+var chunk6BVLPACH_cjs = require('./chunk-6BVLPACH.cjs');
+var chunkDE5YTNCD_cjs = require('./chunk-DE5YTNCD.cjs');
 var chunk3G7XX4UI_cjs = require('./chunk-3G7XX4UI.cjs');
 var chunkLTKV7AE5_cjs = require('./chunk-LTKV7AE5.cjs');
-var chunkMNFY6DWY_cjs = require('./chunk-MNFY6DWY.cjs');
+var chunk56GUBLJE_cjs = require('./chunk-56GUBLJE.cjs');
 var chunk6FHNRRJ3_cjs = require('./chunk-6FHNRRJ3.cjs');
-var chunkEKPLKUZT_cjs = require('./chunk-EKPLKUZT.cjs');
+var chunkQLPFENZ2_cjs = require('./chunk-QLPFENZ2.cjs');
 require('./chunk-P3XDZL6Q.cjs');
 var chunkRCQ2HIQD_cjs = require('./chunk-RCQ2HIQD.cjs');
 var chunkMNWKYY5E_cjs = require('./chunk-MNWKYY5E.cjs');
-var chunkKYGRJCZM_cjs = require('./chunk-KYGRJCZM.cjs');
+var chunkQTFKZBLC_cjs = require('./chunk-QTFKZBLC.cjs');
 require('./chunk-IGJUBJBW.cjs');
 var hono = require('hono');
 var cookie = require('hono/cookie');
@@ -559,7 +559,7 @@ function formatCellValue(value) {
 // src/plugins/core-plugins/database-tools-plugin/admin-routes.ts
 function createDatabaseToolsAdminRoutes() {
   const router3 = new hono.Hono();
-  router3.use("*", chunkIT2TC4ZD_cjs.requireAuth());
+  router3.use("*", chunkB2ASV5RD_cjs.requireAuth());
   router3.get("/api/stats", async (c) => {
     try {
       const user = c.get("user");
@@ -1776,7 +1776,7 @@ function createOTPLoginPlugin() {
           console.warn("Failed to parse OTP plugin settings, using defaults");
         }
       }
-      const settingsService = new chunk64APW3DW_cjs.SettingsService(db);
+      const settingsService = new chunkLFAQUR7P_cjs.SettingsService(db);
       const generalSettings = await settingsService.getGeneralSettings();
       const siteName = generalSettings.siteName;
       const canRequest = await otpService.checkRateLimit(normalizedEmail, settings);
@@ -1822,7 +1822,8 @@ function createOTPLoginPlugin() {
           email: normalizedEmail,
           ipAddress,
           timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-          appName: siteName
+          appName: siteName,
+          logoUrl: settings.logoUrl || ""
         });
         const emailPlugin2 = await db.prepare(`
           SELECT settings FROM plugins WHERE id = 'email'
@@ -1925,7 +1926,7 @@ function createOTPLoginPlugin() {
           error: "Account is deactivated"
         }, 403);
       }
-      const token = await chunkIT2TC4ZD_cjs.AuthManager.generateToken(user.id, user.email, user.role, c.env.JWT_SECRET);
+      const token = await chunkB2ASV5RD_cjs.AuthManager.generateToken(user.id, user.email, user.role, c.env.JWT_SECRET);
       cookie.setCookie(c, "auth_token", token, {
         httpOnly: true,
         secure: true,
@@ -1997,6 +1998,567 @@ function createOTPLoginPlugin() {
 }
 var otpLoginPlugin = createOTPLoginPlugin();
 
+// src/plugins/core-plugins/oauth-providers/oauth-service.ts
+var GITHUB_PROVIDER = {
+  id: "github",
+  name: "GitHub",
+  authorizeUrl: "https://github.com/login/oauth/authorize",
+  tokenUrl: "https://github.com/login/oauth/access_token",
+  userInfoUrl: "https://api.github.com/user",
+  scopes: ["read:user", "user:email"],
+  mapProfile: (profile) => ({
+    providerAccountId: String(profile.id),
+    email: profile.email || "",
+    name: profile.name || profile.login || "",
+    avatar: profile.avatar_url || void 0
+  })
+};
+var GOOGLE_PROVIDER = {
+  id: "google",
+  name: "Google",
+  authorizeUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+  tokenUrl: "https://oauth2.googleapis.com/token",
+  userInfoUrl: "https://www.googleapis.com/oauth2/v2/userinfo",
+  scopes: ["openid", "email", "profile"],
+  mapProfile: (profile) => ({
+    providerAccountId: String(profile.id),
+    email: profile.email || "",
+    name: profile.name || "",
+    avatar: profile.picture || void 0
+  })
+};
+var BUILT_IN_PROVIDERS = {
+  github: GITHUB_PROVIDER,
+  google: GOOGLE_PROVIDER
+};
+var OAuthService = class {
+  constructor(db) {
+    this.db = db;
+  }
+  /**
+   * Build the authorization redirect URL for a provider.
+   */
+  buildAuthorizeUrl(provider, clientId, redirectUri, state) {
+    const params = new URLSearchParams({
+      client_id: clientId,
+      redirect_uri: redirectUri,
+      response_type: "code",
+      scope: provider.scopes.join(" "),
+      state
+    });
+    if (provider.id === "google") {
+      params.set("access_type", "offline");
+      params.set("prompt", "consent");
+    }
+    return `${provider.authorizeUrl}?${params.toString()}`;
+  }
+  /**
+   * Exchange authorization code for tokens using native fetch.
+   */
+  async exchangeCode(provider, clientId, clientSecret, code, redirectUri) {
+    const body = {
+      client_id: clientId,
+      client_secret: clientSecret,
+      code,
+      redirect_uri: redirectUri,
+      grant_type: "authorization_code"
+    };
+    const response = await fetch(provider.tokenUrl, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+        "Accept": "application/json"
+      },
+      body: new URLSearchParams(body).toString()
+    });
+    if (!response.ok) {
+      const errorText = await response.text();
+      throw new Error(`Token exchange failed (${response.status}): ${errorText}`);
+    }
+    const data = await response.json();
+    if (data.error) {
+      throw new Error(`Token exchange error: ${data.error_description || data.error}`);
+    }
+    return {
+      access_token: data.access_token,
+      refresh_token: data.refresh_token,
+      expires_in: data.expires_in ? Number(data.expires_in) : void 0
+    };
+  }
+  /**
+   * Fetch user profile from the provider's userinfo endpoint.
+   */
+  async fetchUserProfile(provider, accessToken) {
+    const headers = {
+      "Authorization": `Bearer ${accessToken}`,
+      "Accept": "application/json"
+    };
+    if (provider.id === "github") {
+      headers["Authorization"] = `token ${accessToken}`;
+    }
+    const response = await fetch(provider.userInfoUrl, { headers });
+    if (!response.ok) {
+      throw new Error(`Failed to fetch user profile (${response.status})`);
+    }
+    const profile = await response.json();
+    if (provider.id === "github" && !profile.email) {
+      const emailResponse = await fetch("https://api.github.com/user/emails", {
+        headers: {
+          "Authorization": `token ${accessToken}`,
+          "Accept": "application/json"
+        }
+      });
+      if (emailResponse.ok) {
+        const emails = await emailResponse.json();
+        const primaryEmail = emails.find((e) => e.primary && e.verified);
+        if (primaryEmail) {
+          profile.email = primaryEmail.email;
+        }
+      }
+    }
+    return provider.mapProfile(profile);
+  }
+  // ─── Database Operations ────────────────────────────────────────────────
+  /**
+   * Find an existing OAuth account link.
+   */
+  async findOAuthAccount(provider, providerAccountId) {
+    return await this.db.prepare(`
+      SELECT * FROM oauth_accounts
+      WHERE provider = ? AND provider_account_id = ?
+    `).bind(provider, providerAccountId).first();
+  }
+  /**
+   * Find all OAuth accounts for a user.
+   */
+  async findUserOAuthAccounts(userId) {
+    const result = await this.db.prepare(`
+      SELECT * FROM oauth_accounts WHERE user_id = ?
+    `).bind(userId).all();
+    return result.results || [];
+  }
+  /**
+   * Create a new OAuth account link.
+   */
+  async createOAuthAccount(params) {
+    const id = crypto.randomUUID();
+    const now = Date.now();
+    await this.db.prepare(`
+      INSERT INTO oauth_accounts (
+        id, user_id, provider, provider_account_id,
+        access_token, refresh_token, token_expires_at,
+        profile_data, created_at, updated_at
+      ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+    `).bind(
+      id,
+      params.userId,
+      params.provider,
+      params.providerAccountId,
+      params.accessToken,
+      params.refreshToken || null,
+      params.tokenExpiresAt || null,
+      params.profileData || null,
+      now,
+      now
+    ).run();
+    return {
+      id,
+      user_id: params.userId,
+      provider: params.provider,
+      provider_account_id: params.providerAccountId,
+      access_token: params.accessToken,
+      refresh_token: params.refreshToken || null,
+      token_expires_at: params.tokenExpiresAt || null,
+      profile_data: params.profileData || null,
+      created_at: now,
+      updated_at: now
+    };
+  }
+  /**
+   * Update tokens for an existing OAuth account.
+   */
+  async updateOAuthTokens(id, accessToken, refreshToken, tokenExpiresAt) {
+    await this.db.prepare(`
+      UPDATE oauth_accounts
+      SET access_token = ?, refresh_token = ?, token_expires_at = ?, updated_at = ?
+      WHERE id = ?
+    `).bind(accessToken, refreshToken || null, tokenExpiresAt || null, Date.now(), id).run();
+  }
+  /**
+   * Unlink an OAuth account from a user (only if they have another auth method).
+   */
+  async unlinkOAuthAccount(userId, provider) {
+    const user = await this.db.prepare(`
+      SELECT password_hash FROM users WHERE id = ?
+    `).bind(userId).first();
+    const otherLinks = await this.db.prepare(`
+      SELECT COUNT(*) as count FROM oauth_accounts
+      WHERE user_id = ? AND provider != ?
+    `).bind(userId, provider).first();
+    const hasPassword = !!user?.password_hash;
+    const hasOtherLinks = (otherLinks?.count || 0) > 0;
+    if (!hasPassword && !hasOtherLinks) {
+      return false;
+    }
+    await this.db.prepare(`
+      DELETE FROM oauth_accounts WHERE user_id = ? AND provider = ?
+    `).bind(userId, provider).run();
+    return true;
+  }
+  /**
+   * Find a user by email.
+   */
+  async findUserByEmail(email) {
+    return await this.db.prepare(`
+      SELECT id, email, role, is_active, first_name, last_name
+      FROM users WHERE email = ?
+    `).bind(email.toLowerCase()).first();
+  }
+  /**
+   * Create a new user from an OAuth profile.
+   */
+  async createUserFromOAuth(profile) {
+    const id = crypto.randomUUID();
+    const now = Date.now();
+    const email = profile.email.toLowerCase();
+    const nameParts = (profile.name || email.split("@")[0] || "User").split(" ");
+    const firstName = nameParts[0] || "User";
+    const lastName = nameParts.slice(1).join(" ") || "";
+    const username = email.split("@")[0] || id.substring(0, 8);
+    const existing = await this.db.prepare(
+      "SELECT id FROM users WHERE username = ?"
+    ).bind(username).first();
+    const finalUsername = existing ? `${username}-${id.substring(0, 6)}` : username;
+    await this.db.prepare(`
+      INSERT INTO users (
+        id, email, username, first_name, last_name,
+        password_hash, role, avatar, is_active, created_at, updated_at
+      ) VALUES (?, ?, ?, ?, ?, NULL, 'viewer', ?, 1, ?, ?)
+    `).bind(
+      id,
+      email,
+      finalUsername,
+      firstName,
+      lastName,
+      profile.avatar || null,
+      now,
+      now
+    ).run();
+    return id;
+  }
+  /**
+   * Generate a cryptographically random state parameter for CSRF protection.
+   */
+  generateState() {
+    const bytes = new Uint8Array(32);
+    crypto.getRandomValues(bytes);
+    return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+  }
+};
+
+// src/plugins/core-plugins/oauth-providers/index.ts
+var STATE_COOKIE_NAME = "oauth_state";
+var STATE_COOKIE_MAX_AGE = 600;
+function createOAuthProvidersPlugin() {
+  const builder = chunk6FHNRRJ3_cjs.PluginBuilder.create({
+    name: "oauth-providers",
+    version: "1.0.0-beta.1",
+    description: "OAuth2/OIDC social login with GitHub, Google, and more"
+  });
+  builder.metadata({
+    author: {
+      name: "SonicJS Team",
+      email: "team@sonicjs.com"
+    },
+    license: "MIT",
+    compatibility: "^2.0.0"
+  });
+  function getCallbackUrl(c, provider) {
+    const proto = c.req.header("x-forwarded-proto") || "https";
+    const host = c.req.header("host") || "localhost";
+    return `${proto}://${host}/auth/oauth/${provider}/callback`;
+  }
+  async function loadSettings(db) {
+    const row = await db.prepare(
+      `SELECT settings FROM plugins WHERE id = 'oauth-providers'`
+    ).first();
+    if (!row?.settings) return null;
+    try {
+      return JSON.parse(row.settings);
+    } catch {
+      return null;
+    }
+  }
+  function getProviderCredentials(settings, providerId) {
+    if (!settings?.providers?.[providerId]) return null;
+    const p = settings.providers[providerId];
+    if (!p.enabled || !p.clientId || !p.clientSecret) return null;
+    return { clientId: p.clientId, clientSecret: p.clientSecret };
+  }
+  const oauthAPI = new hono.Hono();
+  oauthAPI.get("/:provider", async (c) => {
+    try {
+      const providerId = c.req.param("provider");
+      const providerConfig = BUILT_IN_PROVIDERS[providerId];
+      if (!providerConfig) {
+        return c.json({ error: `Unknown OAuth provider: ${providerId}` }, 400);
+      }
+      const db = c.env.DB;
+      const settings = await loadSettings(db);
+      const creds = getProviderCredentials(settings, providerId);
+      if (!creds) {
+        return c.json({
+          error: `OAuth provider "${providerId}" is not configured or not enabled`
+        }, 400);
+      }
+      const oauthService = new OAuthService(db);
+      const state = oauthService.generateState();
+      const redirectUri = getCallbackUrl(c, providerId);
+      cookie.setCookie(c, STATE_COOKIE_NAME, state, {
+        httpOnly: true,
+        secure: true,
+        sameSite: "Lax",
+        // Lax required for OAuth redirect flow
+        maxAge: STATE_COOKIE_MAX_AGE,
+        path: "/auth/oauth"
+      });
+      const authorizeUrl = oauthService.buildAuthorizeUrl(
+        providerConfig,
+        creds.clientId,
+        redirectUri,
+        state
+      );
+      return c.redirect(authorizeUrl);
+    } catch (error) {
+      console.error("OAuth authorize error:", error);
+      return c.json({ error: "Failed to initiate OAuth flow" }, 500);
+    }
+  });
+  oauthAPI.get("/:provider/callback", async (c) => {
+    try {
+      const providerId = c.req.param("provider");
+      const providerConfig = BUILT_IN_PROVIDERS[providerId];
+      if (!providerConfig) {
+        return c.redirect("/auth/login?error=Unknown OAuth provider");
+      }
+      const stateParam = c.req.query("state");
+      const stateCookie = cookie.getCookie(c, STATE_COOKIE_NAME);
+      if (!stateParam || !stateCookie || stateParam !== stateCookie) {
+        return c.redirect("/auth/login?error=Invalid OAuth state. Please try again.");
+      }
+      cookie.setCookie(c, STATE_COOKIE_NAME, "", {
+        httpOnly: true,
+        secure: true,
+        sameSite: "Lax",
+        maxAge: 0,
+        path: "/auth/oauth"
+      });
+      const errorParam = c.req.query("error");
+      if (errorParam) {
+        const errorDesc = c.req.query("error_description") || errorParam;
+        return c.redirect(`/auth/login?error=${encodeURIComponent(errorDesc)}`);
+      }
+      const code = c.req.query("code");
+      if (!code) {
+        return c.redirect("/auth/login?error=No authorization code received");
+      }
+      const db = c.env.DB;
+      const settings = await loadSettings(db);
+      const creds = getProviderCredentials(settings, providerId);
+      if (!creds) {
+        return c.redirect("/auth/login?error=OAuth provider not configured");
+      }
+      const oauthService = new OAuthService(db);
+      const redirectUri = getCallbackUrl(c, providerId);
+      const tokens = await oauthService.exchangeCode(
+        providerConfig,
+        creds.clientId,
+        creds.clientSecret,
+        code,
+        redirectUri
+      );
+      const profile = await oauthService.fetchUserProfile(providerConfig, tokens.access_token);
+      if (!profile.email) {
+        return c.redirect("/auth/login?error=Could not retrieve email from OAuth provider. Please ensure your email is public or grant email permission.");
+      }
+      const tokenExpiresAt = tokens.expires_in ? Date.now() + tokens.expires_in * 1e3 : null;
+      const existingOAuth = await oauthService.findOAuthAccount(providerId, profile.providerAccountId);
+      if (existingOAuth) {
+        await oauthService.updateOAuthTokens(
+          existingOAuth.id,
+          tokens.access_token,
+          tokens.refresh_token,
+          tokenExpiresAt ?? void 0
+        );
+        const user = await db.prepare(
+          "SELECT id, email, role, is_active FROM users WHERE id = ?"
+        ).bind(existingOAuth.user_id).first();
+        if (!user || !user.is_active) {
+          return c.redirect("/auth/login?error=Account is deactivated");
+        }
+        const jwt2 = await chunkB2ASV5RD_cjs.AuthManager.generateToken(
+          user.id,
+          user.email,
+          user.role,
+          c.env.JWT_SECRET
+        );
+        chunkB2ASV5RD_cjs.AuthManager.setAuthCookie(c, jwt2, { sameSite: "Lax" });
+        return c.redirect("/admin");
+      }
+      const existingUser = await oauthService.findUserByEmail(profile.email);
+      if (existingUser) {
+        if (!existingUser.is_active) {
+          return c.redirect("/auth/login?error=Account is deactivated");
+        }
+        await oauthService.createOAuthAccount({
+          userId: existingUser.id,
+          provider: providerId,
+          providerAccountId: profile.providerAccountId,
+          accessToken: tokens.access_token,
+          refreshToken: tokens.refresh_token,
+          tokenExpiresAt: tokenExpiresAt ?? void 0,
+          profileData: JSON.stringify(profile)
+        });
+        const jwt2 = await chunkB2ASV5RD_cjs.AuthManager.generateToken(
+          existingUser.id,
+          existingUser.email,
+          existingUser.role,
+          c.env.JWT_SECRET
+        );
+        chunkB2ASV5RD_cjs.AuthManager.setAuthCookie(c, jwt2, { sameSite: "Lax" });
+        return c.redirect("/admin");
+      }
+      const newUserId = await oauthService.createUserFromOAuth(profile);
+      await oauthService.createOAuthAccount({
+        userId: newUserId,
+        provider: providerId,
+        providerAccountId: profile.providerAccountId,
+        accessToken: tokens.access_token,
+        refreshToken: tokens.refresh_token,
+        tokenExpiresAt: tokenExpiresAt ?? void 0,
+        profileData: JSON.stringify(profile)
+      });
+      const jwt = await chunkB2ASV5RD_cjs.AuthManager.generateToken(
+        newUserId,
+        profile.email.toLowerCase(),
+        "viewer",
+        c.env.JWT_SECRET
+      );
+      chunkB2ASV5RD_cjs.AuthManager.setAuthCookie(c, jwt, { sameSite: "Lax" });
+      return c.redirect("/admin");
+    } catch (error) {
+      console.error("OAuth callback error:", error);
+      const message = error instanceof Error ? error.message : "OAuth authentication failed";
+      return c.redirect(`/auth/login?error=${encodeURIComponent(message)}`);
+    }
+  });
+  oauthAPI.post("/link", async (c) => {
+    try {
+      const user = c.get("user");
+      if (!user) {
+        return c.json({ error: "Authentication required" }, 401);
+      }
+      const body = await c.req.json();
+      const { provider } = body;
+      if (!provider || !BUILT_IN_PROVIDERS[provider]) {
+        return c.json({ error: "Invalid provider" }, 400);
+      }
+      const db = c.env.DB;
+      const settings = await loadSettings(db);
+      const creds = getProviderCredentials(settings, provider);
+      if (!creds) {
+        return c.json({ error: `OAuth provider "${provider}" is not configured` }, 400);
+      }
+      const oauthService = new OAuthService(db);
+      const state = oauthService.generateState();
+      const redirectUri = getCallbackUrl(c, provider);
+      cookie.setCookie(c, STATE_COOKIE_NAME, state, {
+        httpOnly: true,
+        secure: true,
+        sameSite: "Lax",
+        maxAge: STATE_COOKIE_MAX_AGE,
+        path: "/auth/oauth"
+      });
+      const authorizeUrl = oauthService.buildAuthorizeUrl(
+        BUILT_IN_PROVIDERS[provider],
+        creds.clientId,
+        redirectUri,
+        state
+      );
+      return c.json({ redirectUrl: authorizeUrl });
+    } catch (error) {
+      console.error("OAuth link error:", error);
+      return c.json({ error: "Failed to initiate account linking" }, 500);
+    }
+  });
+  oauthAPI.post("/unlink", async (c) => {
+    try {
+      const user = c.get("user");
+      if (!user) {
+        return c.json({ error: "Authentication required" }, 401);
+      }
+      const body = await c.req.json();
+      const { provider } = body;
+      if (!provider) {
+        return c.json({ error: "Provider is required" }, 400);
+      }
+      const db = c.env.DB;
+      const oauthService = new OAuthService(db);
+      const success = await oauthService.unlinkOAuthAccount(user.userId, provider);
+      if (!success) {
+        return c.json({
+          error: "Cannot unlink the only authentication method. Set a password first."
+        }, 400);
+      }
+      return c.json({ success: true, message: `${provider} account unlinked` });
+    } catch (error) {
+      console.error("OAuth unlink error:", error);
+      return c.json({ error: "Failed to unlink account" }, 500);
+    }
+  });
+  oauthAPI.get("/accounts", async (c) => {
+    try {
+      const user = c.get("user");
+      if (!user) {
+        return c.json({ error: "Authentication required" }, 401);
+      }
+      const db = c.env.DB;
+      const oauthService = new OAuthService(db);
+      const accounts = await oauthService.findUserOAuthAccounts(user.userId);
+      return c.json({
+        accounts: accounts.map((a) => ({
+          provider: a.provider,
+          providerAccountId: a.provider_account_id,
+          linkedAt: a.created_at
+        }))
+      });
+    } catch (error) {
+      console.error("OAuth accounts error:", error);
+      return c.json({ error: "Failed to fetch linked accounts" }, 500);
+    }
+  });
+  builder.addRoute("/auth/oauth", oauthAPI, {
+    description: "OAuth2 social login endpoints",
+    requiresAuth: false,
+    priority: 100
+  });
+  builder.addMenuItem("OAuth Providers", "/admin/plugins/oauth-providers", {
+    icon: "shield",
+    order: 86,
+    permissions: ["oauth:manage"]
+  });
+  builder.lifecycle({
+    activate: async () => {
+      console.info("\u2705 OAuth Providers plugin activated");
+    },
+    deactivate: async () => {
+      console.info("\u274C OAuth Providers plugin deactivated");
+    }
+  });
+  return builder.build();
+}
+var oauthProvidersPlugin = createOAuthProvidersPlugin();
+
 // src/plugins/core-plugins/ai-search-plugin/services/embedding.service.ts
 var EmbeddingService = class {
   constructor(ai) {
@@ -3575,7 +4137,7 @@ function renderSettingsPage(data) {
 
 // src/plugins/core-plugins/ai-search-plugin/routes/admin.ts
 var adminRoutes = new hono.Hono();
-adminRoutes.use("*", chunkIT2TC4ZD_cjs.requireAuth());
+adminRoutes.use("*", chunkB2ASV5RD_cjs.requireAuth());
 adminRoutes.get("/", async (c) => {
   try {
     const user = c.get("user");
@@ -3976,13 +4538,13 @@ function createMagicLinkAuthPlugin() {
         SET used = 1, used_at = ?
         WHERE id = ?
       `).bind(Date.now(), magicLink.id).run();
-      const jwtToken = await chunkIT2TC4ZD_cjs.AuthManager.generateToken(
+      const jwtToken = await chunkB2ASV5RD_cjs.AuthManager.generateToken(
         user.id,
         user.email,
         user.role,
         c.env.JWT_SECRET
       );
-      chunkIT2TC4ZD_cjs.AuthManager.setAuthCookie(c, jwtToken);
+      chunkB2ASV5RD_cjs.AuthManager.setAuthCookie(c, jwtToken);
       await db.prepare(`
         UPDATE users SET last_login_at = ? WHERE id = ?
       `).bind(Date.now(), user.id).run();
@@ -5268,7 +5830,7 @@ function renderCacheDashboard(data) {
     </script>
 
     <!-- Confirmation Dialogs -->
-    ${chunkRCA6R6VE_cjs.renderConfirmationDialog({
+    ${chunkASAEJ4B7_cjs.renderConfirmationDialog({
     id: "clear-all-cache-confirm",
     title: "Clear All Cache",
     message: "Are you sure you want to clear all cache entries? This cannot be undone.",
@@ -5279,7 +5841,7 @@ function renderCacheDashboard(data) {
     onConfirm: "performClearAllCaches()"
   })}
 
-    ${chunkRCA6R6VE_cjs.renderConfirmationDialog({
+    ${chunkASAEJ4B7_cjs.renderConfirmationDialog({
     id: "clear-namespace-cache-confirm",
     title: "Clear Namespace Cache",
     message: "Clear cache for this namespace?",
@@ -5290,7 +5852,7 @@ function renderCacheDashboard(data) {
     onConfirm: "performClearNamespaceCache()"
   })}
 
-    ${chunkRCA6R6VE_cjs.getConfirmationDialogScript()}
+    ${chunkASAEJ4B7_cjs.getConfirmationDialogScript()}
   `;
   const layoutData = {
     title: "Cache System",
@@ -5976,14 +6538,14 @@ var faviconSvg = `<?xml version="1.0" encoding="UTF-8" standalone="no"?>
 // src/app.ts
 function createSonicJSApp(config = {}) {
   const app2 = new hono.Hono();
-  const appVersion = config.version || chunkEKPLKUZT_cjs.getCoreVersion();
+  const appVersion = config.version || chunkQLPFENZ2_cjs.getCoreVersion();
   const appName = config.name || "SonicJS AI";
   app2.use("*", async (c, next) => {
     c.set("appVersion", appVersion);
     await next();
   });
-  app2.use("*", chunkIT2TC4ZD_cjs.metricsMiddleware());
-  app2.use("*", chunkIT2TC4ZD_cjs.bootstrapMiddleware(config));
+  app2.use("*", chunkB2ASV5RD_cjs.metricsMiddleware());
+  app2.use("*", chunkB2ASV5RD_cjs.bootstrapMiddleware(config));
   if (config.middleware?.beforeAuth) {
     for (const middleware of config.middleware.beforeAuth) {
       app2.use("*", middleware);
@@ -5992,44 +6554,49 @@ function createSonicJSApp(config = {}) {
   app2.use("*", async (_c, next) => {
     await next();
   });
-  app2.use("*", chunkIT2TC4ZD_cjs.securityHeadersMiddleware());
-  app2.use("*", chunkIT2TC4ZD_cjs.csrfProtection());
+  app2.use("*", chunkB2ASV5RD_cjs.securityHeadersMiddleware());
+  app2.use("*", chunkB2ASV5RD_cjs.csrfProtection());
   if (config.middleware?.afterAuth) {
     for (const middleware of config.middleware.afterAuth) {
       app2.use("*", middleware);
     }
   }
-  app2.route("/api", chunkRCA6R6VE_cjs.api_default);
-  app2.route("/api/media", chunkRCA6R6VE_cjs.api_media_default);
-  app2.route("/api/system", chunkRCA6R6VE_cjs.api_system_default);
-  app2.route("/admin/api", chunkRCA6R6VE_cjs.admin_api_default);
-  app2.route("/admin/dashboard", chunkRCA6R6VE_cjs.router);
-  app2.route("/admin/collections", chunkRCA6R6VE_cjs.adminCollectionsRoutes);
-  app2.route("/admin/forms", chunkRCA6R6VE_cjs.adminFormsRoutes);
-  app2.route("/admin/settings", chunkRCA6R6VE_cjs.adminSettingsRoutes);
-  app2.route("/forms", chunkRCA6R6VE_cjs.public_forms_default);
-  app2.route("/api/forms", chunkRCA6R6VE_cjs.public_forms_default);
-  app2.route("/admin/api-reference", chunkRCA6R6VE_cjs.router2);
+  app2.route("/api", chunkASAEJ4B7_cjs.api_default);
+  app2.route("/api/media", chunkASAEJ4B7_cjs.api_media_default);
+  app2.route("/api/system", chunkASAEJ4B7_cjs.api_system_default);
+  app2.route("/admin/api", chunkASAEJ4B7_cjs.admin_api_default);
+  app2.route("/admin/dashboard", chunkASAEJ4B7_cjs.router);
+  app2.route("/admin/collections", chunkASAEJ4B7_cjs.adminCollectionsRoutes);
+  app2.route("/admin/forms", chunkASAEJ4B7_cjs.adminFormsRoutes);
+  app2.route("/admin/settings", chunkASAEJ4B7_cjs.adminSettingsRoutes);
+  app2.route("/forms", chunkASAEJ4B7_cjs.public_forms_default);
+  app2.route("/api/forms", chunkASAEJ4B7_cjs.public_forms_default);
+  app2.route("/admin/api-reference", chunkASAEJ4B7_cjs.router2);
   app2.route("/admin/database-tools", createDatabaseToolsAdminRoutes());
   app2.route("/admin/seed-data", createSeedDataAdminRoutes());
-  app2.route("/admin/content", chunkRCA6R6VE_cjs.admin_content_default);
-  app2.route("/admin/media", chunkRCA6R6VE_cjs.adminMediaRoutes);
+  app2.route("/admin/content", chunkASAEJ4B7_cjs.admin_content_default);
+  app2.route("/admin/media", chunkASAEJ4B7_cjs.adminMediaRoutes);
   if (aiSearchPlugin.routes && aiSearchPlugin.routes.length > 0) {
     for (const route of aiSearchPlugin.routes) {
       app2.route(route.path, route.handler);
     }
   }
   app2.route("/admin/cache", cache_default.getRoutes());
+  if (oauthProvidersPlugin.routes && oauthProvidersPlugin.routes.length > 0) {
+    for (const route of oauthProvidersPlugin.routes) {
+      app2.route(route.path, route.handler);
+    }
+  }
   if (otpLoginPlugin.routes && otpLoginPlugin.routes.length > 0) {
     for (const route of otpLoginPlugin.routes) {
       app2.route(route.path, route.handler);
     }
   }
-  app2.route("/admin/plugins", chunkRCA6R6VE_cjs.adminPluginRoutes);
-  app2.route("/admin/logs", chunkRCA6R6VE_cjs.adminLogsRoutes);
-  app2.route("/admin", chunkRCA6R6VE_cjs.userRoutes);
-  app2.route("/auth", chunkRCA6R6VE_cjs.auth_default);
-  app2.route("/", chunkRCA6R6VE_cjs.test_cleanup_default);
+  app2.route("/admin/plugins", chunkASAEJ4B7_cjs.adminPluginRoutes);
+  app2.route("/admin/logs", chunkASAEJ4B7_cjs.adminLogsRoutes);
+  app2.route("/admin", chunkASAEJ4B7_cjs.userRoutes);
+  app2.route("/auth", chunkASAEJ4B7_cjs.auth_default);
+  app2.route("/", chunkASAEJ4B7_cjs.test_cleanup_default);
   if (emailPlugin.routes && emailPlugin.routes.length > 0) {
     for (const route of emailPlugin.routes) {
       app2.route(route.path, route.handler);
@@ -6092,7 +6659,7 @@ function createSonicJSApp(config = {}) {
       timestamp: (/* @__PURE__ */ new Date()).toISOString()
     });
   });
-  chunk64APW3DW_cjs.setAppInstance(app2);
+  chunkLFAQUR7P_cjs.setAppInstance(app2);
   app2.notFound((c) => {
     return c.json({ error: "Not Found", status: 404 }, 404);
   });
@@ -6109,387 +6676,415 @@ function setupCoreRoutes(_app) {
   console.warn("setupCoreRoutes is deprecated. Use createSonicJSApp() instead.");
 }
 function createDb(d1$1) {
-  return d1.drizzle(d1$1, { schema: chunk64APW3DW_cjs.schema_exports });
+  return d1.drizzle(d1$1, { schema: chunkLFAQUR7P_cjs.schema_exports });
 }
 
 // src/index.ts
-var VERSION = chunkEKPLKUZT_cjs.package_default.version;
+var VERSION = chunkQLPFENZ2_cjs.package_default.version;
 
 Object.defineProperty(exports, "ROUTES_INFO", {
   enumerable: true,
-  get: function () { return chunkRCA6R6VE_cjs.ROUTES_INFO; }
+  get: function () { return chunkASAEJ4B7_cjs.ROUTES_INFO; }
 });
 Object.defineProperty(exports, "adminApiRoutes", {
   enumerable: true,
-  get: function () { return chunkRCA6R6VE_cjs.admin_api_default; }
+  get: function () { return chunkASAEJ4B7_cjs.admin_api_default; }
 });
 Object.defineProperty(exports, "adminCheckboxRoutes", {
   enumerable: true,
-  get: function () { return chunkRCA6R6VE_cjs.adminCheckboxRoutes; }
+  get: function () { return chunkASAEJ4B7_cjs.adminCheckboxRoutes; }
 });
 Object.defineProperty(exports, "adminCodeExamplesRoutes", {
   enumerable: true,
-  get: function () { return chunkRCA6R6VE_cjs.admin_code_examples_default; }
+  get: function () { return chunkASAEJ4B7_cjs.admin_code_examples_default; }
 });
 Object.defineProperty(exports, "adminCollectionsRoutes", {
   enumerable: true,
-  get: function () { return chunkRCA6R6VE_cjs.adminCollectionsRoutes; }
+  get: function () { return chunkASAEJ4B7_cjs.adminCollectionsRoutes; }
 });
 Object.defineProperty(exports, "adminContentRoutes", {
   enumerable: true,
-  get: function () { return chunkRCA6R6VE_cjs.admin_content_default; }
+  get: function () { return chunkASAEJ4B7_cjs.admin_content_default; }
 });
 Object.defineProperty(exports, "adminDashboardRoutes", {
   enumerable: true,
-  get: function () { return chunkRCA6R6VE_cjs.router; }
+  get: function () { return chunkASAEJ4B7_cjs.router; }
 });
 Object.defineProperty(exports, "adminDesignRoutes", {
   enumerable: true,
-  get: function () { return chunkRCA6R6VE_cjs.adminDesignRoutes; }
+  get: function () { return chunkASAEJ4B7_cjs.adminDesignRoutes; }
 });
 Object.defineProperty(exports, "adminLogsRoutes", {
   enumerable: true,
-  get: function () { return chunkRCA6R6VE_cjs.adminLogsRoutes; }
+  get: function () { return chunkASAEJ4B7_cjs.adminLogsRoutes; }
 });
 Object.defineProperty(exports, "adminMediaRoutes", {
   enumerable: true,
-  get: function () { return chunkRCA6R6VE_cjs.adminMediaRoutes; }
+  get: function () { return chunkASAEJ4B7_cjs.adminMediaRoutes; }
 });
 Object.defineProperty(exports, "adminPluginRoutes", {
   enumerable: true,
-  get: function () { return chunkRCA6R6VE_cjs.adminPluginRoutes; }
+  get: function () { return chunkASAEJ4B7_cjs.adminPluginRoutes; }
 });
 Object.defineProperty(exports, "adminSettingsRoutes", {
   enumerable: true,
-  get: function () { return chunkRCA6R6VE_cjs.adminSettingsRoutes; }
+  get: function () { return chunkASAEJ4B7_cjs.adminSettingsRoutes; }
 });
 Object.defineProperty(exports, "adminTestimonialsRoutes", {
   enumerable: true,
-  get: function () { return chunkRCA6R6VE_cjs.admin_testimonials_default; }
+  get: function () { return chunkASAEJ4B7_cjs.admin_testimonials_default; }
 });
 Object.defineProperty(exports, "adminUsersRoutes", {
   enumerable: true,
-  get: function () { return chunkRCA6R6VE_cjs.userRoutes; }
+  get: function () { return chunkASAEJ4B7_cjs.userRoutes; }
 });
 Object.defineProperty(exports, "apiContentCrudRoutes", {
   enumerable: true,
-  get: function () { return chunkRCA6R6VE_cjs.api_content_crud_default; }
+  get: function () { return chunkASAEJ4B7_cjs.api_content_crud_default; }
 });
 Object.defineProperty(exports, "apiMediaRoutes", {
   enumerable: true,
-  get: function () { return chunkRCA6R6VE_cjs.api_media_default; }
+  get: function () { return chunkASAEJ4B7_cjs.api_media_default; }
 });
 Object.defineProperty(exports, "apiRoutes", {
   enumerable: true,
-  get: function () { return chunkRCA6R6VE_cjs.api_default; }
+  get: function () { return chunkASAEJ4B7_cjs.api_default; }
 });
 Object.defineProperty(exports, "apiSystemRoutes", {
   enumerable: true,
-  get: function () { return chunkRCA6R6VE_cjs.api_system_default; }
+  get: function () { return chunkASAEJ4B7_cjs.api_system_default; }
 });
 Object.defineProperty(exports, "authRoutes", {
   enumerable: true,
-  get: function () { return chunkRCA6R6VE_cjs.auth_default; }
+  get: function () { return chunkASAEJ4B7_cjs.auth_default; }
 });
 Object.defineProperty(exports, "Logger", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.Logger; }
+  get: function () { return chunkLFAQUR7P_cjs.Logger; }
 });
 Object.defineProperty(exports, "apiTokens", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.apiTokens; }
+  get: function () { return chunkLFAQUR7P_cjs.apiTokens; }
 });
 Object.defineProperty(exports, "collections", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.collections; }
+  get: function () { return chunkLFAQUR7P_cjs.collections; }
 });
 Object.defineProperty(exports, "content", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.content; }
+  get: function () { return chunkLFAQUR7P_cjs.content; }
 });
 Object.defineProperty(exports, "contentVersions", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.contentVersions; }
+  get: function () { return chunkLFAQUR7P_cjs.contentVersions; }
 });
 Object.defineProperty(exports, "getLogger", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.getLogger; }
+  get: function () { return chunkLFAQUR7P_cjs.getLogger; }
 });
 Object.defineProperty(exports, "initLogger", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.initLogger; }
+  get: function () { return chunkLFAQUR7P_cjs.initLogger; }
 });
 Object.defineProperty(exports, "insertCollectionSchema", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.insertCollectionSchema; }
+  get: function () { return chunkLFAQUR7P_cjs.insertCollectionSchema; }
 });
 Object.defineProperty(exports, "insertContentSchema", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.insertContentSchema; }
+  get: function () { return chunkLFAQUR7P_cjs.insertContentSchema; }
 });
 Object.defineProperty(exports, "insertLogConfigSchema", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.insertLogConfigSchema; }
+  get: function () { return chunkLFAQUR7P_cjs.insertLogConfigSchema; }
 });
 Object.defineProperty(exports, "insertMediaSchema", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.insertMediaSchema; }
+  get: function () { return chunkLFAQUR7P_cjs.insertMediaSchema; }
 });
 Object.defineProperty(exports, "insertPluginActivityLogSchema", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.insertPluginActivityLogSchema; }
+  get: function () { return chunkLFAQUR7P_cjs.insertPluginActivityLogSchema; }
 });
 Object.defineProperty(exports, "insertPluginAssetSchema", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.insertPluginAssetSchema; }
+  get: function () { return chunkLFAQUR7P_cjs.insertPluginAssetSchema; }
 });
 Object.defineProperty(exports, "insertPluginHookSchema", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.insertPluginHookSchema; }
+  get: function () { return chunkLFAQUR7P_cjs.insertPluginHookSchema; }
 });
 Object.defineProperty(exports, "insertPluginRouteSchema", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.insertPluginRouteSchema; }
+  get: function () { return chunkLFAQUR7P_cjs.insertPluginRouteSchema; }
 });
 Object.defineProperty(exports, "insertPluginSchema", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.insertPluginSchema; }
+  get: function () { return chunkLFAQUR7P_cjs.insertPluginSchema; }
 });
 Object.defineProperty(exports, "insertSystemLogSchema", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.insertSystemLogSchema; }
+  get: function () { return chunkLFAQUR7P_cjs.insertSystemLogSchema; }
 });
 Object.defineProperty(exports, "insertUserSchema", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.insertUserSchema; }
+  get: function () { return chunkLFAQUR7P_cjs.insertUserSchema; }
 });
 Object.defineProperty(exports, "insertWorkflowHistorySchema", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.insertWorkflowHistorySchema; }
+  get: function () { return chunkLFAQUR7P_cjs.insertWorkflowHistorySchema; }
 });
 Object.defineProperty(exports, "logConfig", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.logConfig; }
+  get: function () { return chunkLFAQUR7P_cjs.logConfig; }
 });
 Object.defineProperty(exports, "media", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.media; }
+  get: function () { return chunkLFAQUR7P_cjs.media; }
 });
 Object.defineProperty(exports, "pluginActivityLog", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.pluginActivityLog; }
+  get: function () { return chunkLFAQUR7P_cjs.pluginActivityLog; }
 });
 Object.defineProperty(exports, "pluginAssets", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.pluginAssets; }
+  get: function () { return chunkLFAQUR7P_cjs.pluginAssets; }
 });
 Object.defineProperty(exports, "pluginHooks", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.pluginHooks; }
+  get: function () { return chunkLFAQUR7P_cjs.pluginHooks; }
 });
 Object.defineProperty(exports, "pluginRoutes", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.pluginRoutes; }
+  get: function () { return chunkLFAQUR7P_cjs.pluginRoutes; }
 });
 Object.defineProperty(exports, "plugins", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.plugins; }
+  get: function () { return chunkLFAQUR7P_cjs.plugins; }
 });
 Object.defineProperty(exports, "selectCollectionSchema", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.selectCollectionSchema; }
+  get: function () { return chunkLFAQUR7P_cjs.selectCollectionSchema; }
 });
 Object.defineProperty(exports, "selectContentSchema", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.selectContentSchema; }
+  get: function () { return chunkLFAQUR7P_cjs.selectContentSchema; }
 });
 Object.defineProperty(exports, "selectLogConfigSchema", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.selectLogConfigSchema; }
+  get: function () { return chunkLFAQUR7P_cjs.selectLogConfigSchema; }
 });
 Object.defineProperty(exports, "selectMediaSchema", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.selectMediaSchema; }
+  get: function () { return chunkLFAQUR7P_cjs.selectMediaSchema; }
 });
 Object.defineProperty(exports, "selectPluginActivityLogSchema", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.selectPluginActivityLogSchema; }
+  get: function () { return chunkLFAQUR7P_cjs.selectPluginActivityLogSchema; }
 });
 Object.defineProperty(exports, "selectPluginAssetSchema", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.selectPluginAssetSchema; }
+  get: function () { return chunkLFAQUR7P_cjs.selectPluginAssetSchema; }
 });
 Object.defineProperty(exports, "selectPluginHookSchema", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.selectPluginHookSchema; }
+  get: function () { return chunkLFAQUR7P_cjs.selectPluginHookSchema; }
 });
 Object.defineProperty(exports, "selectPluginRouteSchema", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.selectPluginRouteSchema; }
+  get: function () { return chunkLFAQUR7P_cjs.selectPluginRouteSchema; }
 });
 Object.defineProperty(exports, "selectPluginSchema", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.selectPluginSchema; }
+  get: function () { return chunkLFAQUR7P_cjs.selectPluginSchema; }
 });
 Object.defineProperty(exports, "selectSystemLogSchema", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.selectSystemLogSchema; }
+  get: function () { return chunkLFAQUR7P_cjs.selectSystemLogSchema; }
 });
 Object.defineProperty(exports, "selectUserSchema", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.selectUserSchema; }
+  get: function () { return chunkLFAQUR7P_cjs.selectUserSchema; }
 });
 Object.defineProperty(exports, "selectWorkflowHistorySchema", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.selectWorkflowHistorySchema; }
+  get: function () { return chunkLFAQUR7P_cjs.selectWorkflowHistorySchema; }
 });
 Object.defineProperty(exports, "systemLogs", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.systemLogs; }
+  get: function () { return chunkLFAQUR7P_cjs.systemLogs; }
 });
 Object.defineProperty(exports, "users", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.users; }
+  get: function () { return chunkLFAQUR7P_cjs.users; }
 });
 Object.defineProperty(exports, "workflowHistory", {
   enumerable: true,
-  get: function () { return chunk64APW3DW_cjs.workflowHistory; }
+  get: function () { return chunkLFAQUR7P_cjs.workflowHistory; }
 });
 Object.defineProperty(exports, "AuthManager", {
   enumerable: true,
-  get: function () { return chunkIT2TC4ZD_cjs.AuthManager; }
+  get: function () { return chunkB2ASV5RD_cjs.AuthManager; }
 });
 Object.defineProperty(exports, "PermissionManager", {
   enumerable: true,
-  get: function () { return chunkIT2TC4ZD_cjs.PermissionManager; }
+  get: function () { return chunkB2ASV5RD_cjs.PermissionManager; }
 });
 Object.defineProperty(exports, "bootstrapMiddleware", {
   enumerable: true,
-  get: function () { return chunkIT2TC4ZD_cjs.bootstrapMiddleware; }
+  get: function () { return chunkB2ASV5RD_cjs.bootstrapMiddleware; }
 });
 Object.defineProperty(exports, "cacheHeaders", {
   enumerable: true,
-  get: function () { return chunkIT2TC4ZD_cjs.cacheHeaders; }
+  get: function () { return chunkB2ASV5RD_cjs.cacheHeaders; }
 });
 Object.defineProperty(exports, "compressionMiddleware", {
   enumerable: true,
-  get: function () { return chunkIT2TC4ZD_cjs.compressionMiddleware; }
+  get: function () { return chunkB2ASV5RD_cjs.compressionMiddleware; }
 });
 Object.defineProperty(exports, "detailedLoggingMiddleware", {
   enumerable: true,
-  get: function () { return chunkIT2TC4ZD_cjs.detailedLoggingMiddleware; }
+  get: function () { return chunkB2ASV5RD_cjs.detailedLoggingMiddleware; }
 });
 Object.defineProperty(exports, "getActivePlugins", {
   enumerable: true,
-  get: function () { return chunkIT2TC4ZD_cjs.getActivePlugins; }
+  get: function () { return chunkB2ASV5RD_cjs.getActivePlugins; }
 });
 Object.defineProperty(exports, "isPluginActive", {
   enumerable: true,
-  get: function () { return chunkIT2TC4ZD_cjs.isPluginActive; }
+  get: function () { return chunkB2ASV5RD_cjs.isPluginActive; }
 });
 Object.defineProperty(exports, "logActivity", {
   enumerable: true,
-  get: function () { return chunkIT2TC4ZD_cjs.logActivity; }
+  get: function () { return chunkB2ASV5RD_cjs.logActivity; }
 });
 Object.defineProperty(exports, "loggingMiddleware", {
   enumerable: true,
-  get: function () { return chunkIT2TC4ZD_cjs.loggingMiddleware; }
+  get: function () { return chunkB2ASV5RD_cjs.loggingMiddleware; }
 });
 Object.defineProperty(exports, "optionalAuth", {
   enumerable: true,
-  get: function () { return chunkIT2TC4ZD_cjs.optionalAuth; }
+  get: function () { return chunkB2ASV5RD_cjs.optionalAuth; }
 });
 Object.defineProperty(exports, "performanceLoggingMiddleware", {
   enumerable: true,
-  get: function () { return chunkIT2TC4ZD_cjs.performanceLoggingMiddleware; }
+  get: function () { return chunkB2ASV5RD_cjs.performanceLoggingMiddleware; }
 });
 Object.defineProperty(exports, "requireActivePlugin", {
   enumerable: true,
-  get: function () { return chunkIT2TC4ZD_cjs.requireActivePlugin; }
+  get: function () { return chunkB2ASV5RD_cjs.requireActivePlugin; }
 });
 Object.defineProperty(exports, "requireActivePlugins", {
   enumerable: true,
-  get: function () { return chunkIT2TC4ZD_cjs.requireActivePlugins; }
+  get: function () { return chunkB2ASV5RD_cjs.requireActivePlugins; }
 });
 Object.defineProperty(exports, "requireAnyPermission", {
   enumerable: true,
-  get: function () { return chunkIT2TC4ZD_cjs.requireAnyPermission; }
+  get: function () { return chunkB2ASV5RD_cjs.requireAnyPermission; }
 });
 Object.defineProperty(exports, "requireAuth", {
   enumerable: true,
-  get: function () { return chunkIT2TC4ZD_cjs.requireAuth; }
+  get: function () { return chunkB2ASV5RD_cjs.requireAuth; }
 });
 Object.defineProperty(exports, "requirePermission", {
   enumerable: true,
-  get: function () { return chunkIT2TC4ZD_cjs.requirePermission; }
+  get: function () { return chunkB2ASV5RD_cjs.requirePermission; }
 });
 Object.defineProperty(exports, "requireRole", {
   enumerable: true,
-  get: function () { return chunkIT2TC4ZD_cjs.requireRole; }
+  get: function () { return chunkB2ASV5RD_cjs.requireRole; }
 });
 Object.defineProperty(exports, "securityHeaders", {
   enumerable: true,
-  get: function () { return chunkIT2TC4ZD_cjs.securityHeadersMiddleware; }
+  get: function () { return chunkB2ASV5RD_cjs.securityHeadersMiddleware; }
 });
 Object.defineProperty(exports, "securityLoggingMiddleware", {
   enumerable: true,
-  get: function () { return chunkIT2TC4ZD_cjs.securityLoggingMiddleware; }
+  get: function () { return chunkB2ASV5RD_cjs.securityLoggingMiddleware; }
 });
 Object.defineProperty(exports, "PluginBootstrapService", {
   enumerable: true,
-  get: function () { return chunkIIBRG5S5_cjs.PluginBootstrapService; }
+  get: function () { return chunk6BVLPACH_cjs.PluginBootstrapService; }
 });
 Object.defineProperty(exports, "PluginServiceClass", {
   enumerable: true,
-  get: function () { return chunkIIBRG5S5_cjs.PluginService; }
+  get: function () { return chunk6BVLPACH_cjs.PluginService; }
+});
+Object.defineProperty(exports, "backfillFormSubmissions", {
+  enumerable: true,
+  get: function () { return chunk6BVLPACH_cjs.backfillFormSubmissions; }
 });
 Object.defineProperty(exports, "cleanupRemovedCollections", {
   enumerable: true,
-  get: function () { return chunkIIBRG5S5_cjs.cleanupRemovedCollections; }
+  get: function () { return chunk6BVLPACH_cjs.cleanupRemovedCollections; }
+});
+Object.defineProperty(exports, "createContentFromSubmission", {
+  enumerable: true,
+  get: function () { return chunk6BVLPACH_cjs.createContentFromSubmission; }
+});
+Object.defineProperty(exports, "deriveCollectionSchemaFromFormio", {
+  enumerable: true,
+  get: function () { return chunk6BVLPACH_cjs.deriveCollectionSchemaFromFormio; }
+});
+Object.defineProperty(exports, "deriveSubmissionTitle", {
+  enumerable: true,
+  get: function () { return chunk6BVLPACH_cjs.deriveSubmissionTitle; }
 });
 Object.defineProperty(exports, "fullCollectionSync", {
   enumerable: true,
-  get: function () { return chunkIIBRG5S5_cjs.fullCollectionSync; }
+  get: function () { return chunk6BVLPACH_cjs.fullCollectionSync; }
 });
 Object.defineProperty(exports, "getAvailableCollectionNames", {
   enumerable: true,
-  get: function () { return chunkIIBRG5S5_cjs.getAvailableCollectionNames; }
+  get: function () { return chunk6BVLPACH_cjs.getAvailableCollectionNames; }
 });
 Object.defineProperty(exports, "getManagedCollections", {
   enumerable: true,
-  get: function () { return chunkIIBRG5S5_cjs.getManagedCollections; }
+  get: function () { return chunk6BVLPACH_cjs.getManagedCollections; }
 });
 Object.defineProperty(exports, "isCollectionManaged", {
   enumerable: true,
-  get: function () { return chunkIIBRG5S5_cjs.isCollectionManaged; }
+  get: function () { return chunk6BVLPACH_cjs.isCollectionManaged; }
 });
 Object.defineProperty(exports, "loadCollectionConfig", {
   enumerable: true,
-  get: function () { return chunkIIBRG5S5_cjs.loadCollectionConfig; }
+  get: function () { return chunk6BVLPACH_cjs.loadCollectionConfig; }
 });
 Object.defineProperty(exports, "loadCollectionConfigs", {
   enumerable: true,
-  get: function () { return chunkIIBRG5S5_cjs.loadCollectionConfigs; }
+  get: function () { return chunk6BVLPACH_cjs.loadCollectionConfigs; }
+});
+Object.defineProperty(exports, "mapFormStatusToContentStatus", {
+  enumerable: true,
+  get: function () { return chunk6BVLPACH_cjs.mapFormStatusToContentStatus; }
 });
 Object.defineProperty(exports, "registerCollections", {
   enumerable: true,
-  get: function () { return chunkIIBRG5S5_cjs.registerCollections; }
+  get: function () { return chunk6BVLPACH_cjs.registerCollections; }
+});
+Object.defineProperty(exports, "syncAllFormCollections", {
+  enumerable: true,
+  get: function () { return chunk6BVLPACH_cjs.syncAllFormCollections; }
 });
 Object.defineProperty(exports, "syncCollection", {
   enumerable: true,
-  get: function () { return chunkIIBRG5S5_cjs.syncCollection; }
+  get: function () { return chunk6BVLPACH_cjs.syncCollection; }
 });
 Object.defineProperty(exports, "syncCollections", {
   enumerable: true,
-  get: function () { return chunkIIBRG5S5_cjs.syncCollections; }
+  get: function () { return chunk6BVLPACH_cjs.syncCollections; }
+});
+Object.defineProperty(exports, "syncFormCollection", {
+  enumerable: true,
+  get: function () { return chunk6BVLPACH_cjs.syncFormCollection; }
 });
 Object.defineProperty(exports, "validateCollectionConfig", {
   enumerable: true,
-  get: function () { return chunkIIBRG5S5_cjs.validateCollectionConfig; }
+  get: function () { return chunk6BVLPACH_cjs.validateCollectionConfig; }
 });
 Object.defineProperty(exports, "MigrationService", {
   enumerable: true,
-  get: function () { return chunkZMVWMJ3S_cjs.MigrationService; }
+  get: function () { return chunkDE5YTNCD_cjs.MigrationService; }
 });
 Object.defineProperty(exports, "renderFilterBar", {
   enumerable: true,
@@ -6525,27 +7120,27 @@ Object.defineProperty(exports, "renderTable", {
 });
 Object.defineProperty(exports, "HookSystemImpl", {
   enumerable: true,
-  get: function () { return chunkMNFY6DWY_cjs.HookSystemImpl; }
+  get: function () { return chunk56GUBLJE_cjs.HookSystemImpl; }
 });
 Object.defineProperty(exports, "HookUtils", {
   enumerable: true,
-  get: function () { return chunkMNFY6DWY_cjs.HookUtils; }
+  get: function () { return chunk56GUBLJE_cjs.HookUtils; }
 });
 Object.defineProperty(exports, "PluginManagerClass", {
   enumerable: true,
-  get: function () { return chunkMNFY6DWY_cjs.PluginManager; }
+  get: function () { return chunk56GUBLJE_cjs.PluginManager; }
 });
 Object.defineProperty(exports, "PluginRegistryImpl", {
   enumerable: true,
-  get: function () { return chunkMNFY6DWY_cjs.PluginRegistryImpl; }
+  get: function () { return chunk56GUBLJE_cjs.PluginRegistryImpl; }
 });
 Object.defineProperty(exports, "PluginValidatorClass", {
   enumerable: true,
-  get: function () { return chunkMNFY6DWY_cjs.PluginValidator; }
+  get: function () { return chunk56GUBLJE_cjs.PluginValidator; }
 });
 Object.defineProperty(exports, "ScopedHookSystemClass", {
   enumerable: true,
-  get: function () { return chunkMNFY6DWY_cjs.ScopedHookSystem; }
+  get: function () { return chunk56GUBLJE_cjs.ScopedHookSystem; }
 });
 Object.defineProperty(exports, "PluginBuilder", {
   enumerable: true,
@@ -6557,31 +7152,31 @@ Object.defineProperty(exports, "PluginHelpers", {
 });
 Object.defineProperty(exports, "QueryFilterBuilder", {
   enumerable: true,
-  get: function () { return chunkEKPLKUZT_cjs.QueryFilterBuilder; }
+  get: function () { return chunkQLPFENZ2_cjs.QueryFilterBuilder; }
 });
 Object.defineProperty(exports, "SONICJS_VERSION", {
   enumerable: true,
-  get: function () { return chunkEKPLKUZT_cjs.SONICJS_VERSION; }
+  get: function () { return chunkQLPFENZ2_cjs.SONICJS_VERSION; }
 });
 Object.defineProperty(exports, "TemplateRenderer", {
   enumerable: true,
-  get: function () { return chunkEKPLKUZT_cjs.TemplateRenderer; }
+  get: function () { return chunkQLPFENZ2_cjs.TemplateRenderer; }
 });
 Object.defineProperty(exports, "buildQuery", {
   enumerable: true,
-  get: function () { return chunkEKPLKUZT_cjs.buildQuery; }
+  get: function () { return chunkQLPFENZ2_cjs.buildQuery; }
 });
 Object.defineProperty(exports, "getCoreVersion", {
   enumerable: true,
-  get: function () { return chunkEKPLKUZT_cjs.getCoreVersion; }
+  get: function () { return chunkQLPFENZ2_cjs.getCoreVersion; }
 });
 Object.defineProperty(exports, "renderTemplate", {
   enumerable: true,
-  get: function () { return chunkEKPLKUZT_cjs.renderTemplate; }
+  get: function () { return chunkQLPFENZ2_cjs.renderTemplate; }
 });
 Object.defineProperty(exports, "templateRenderer", {
   enumerable: true,
-  get: function () { return chunkEKPLKUZT_cjs.templateRenderer; }
+  get: function () { return chunkQLPFENZ2_cjs.templateRenderer; }
 });
 Object.defineProperty(exports, "metricsTracker", {
   enumerable: true,
@@ -6601,11 +7196,15 @@ Object.defineProperty(exports, "sanitizeObject", {
 });
 Object.defineProperty(exports, "HOOKS", {
   enumerable: true,
-  get: function () { return chunkKYGRJCZM_cjs.HOOKS; }
+  get: function () { return chunkQTFKZBLC_cjs.HOOKS; }
 });
+exports.BUILT_IN_PROVIDERS = BUILT_IN_PROVIDERS;
+exports.OAuthService = OAuthService;
 exports.VERSION = VERSION;
 exports.createDb = createDb;
+exports.createOAuthProvidersPlugin = createOAuthProvidersPlugin;
 exports.createSonicJSApp = createSonicJSApp;
+exports.oauthProvidersPlugin = oauthProvidersPlugin;
 exports.setupCoreMiddleware = setupCoreMiddleware;
 exports.setupCoreRoutes = setupCoreRoutes;
 //# sourceMappingURL=index.cjs.map