@sonicjs-cms/core 2.12.1 → 2.14.0

package/dist/index.cjs

@@ -1,15 +1,15 @@
 'use strict';
 
-var chunkDHTCZZUB_cjs = require('./chunk-DHTCZZUB.cjs');
+var chunkDRWSHIFG_cjs = require('./chunk-DRWSHIFG.cjs');
 var chunkNZWFCUDA_cjs = require('./chunk-NZWFCUDA.cjs');
-var chunkHBUFGLEX_cjs = require('./chunk-HBUFGLEX.cjs');
+var chunkYYMPHM3I_cjs = require('./chunk-YYMPHM3I.cjs');
 var chunkI6FFGQIT_cjs = require('./chunk-I6FFGQIT.cjs');
-var chunkXK3TKOLQ_cjs = require('./chunk-XK3TKOLQ.cjs');
-var chunkRBXFXT7H_cjs = require('./chunk-RBXFXT7H.cjs');
-var chunkH4NHRZ6Y_cjs = require('./chunk-H4NHRZ6Y.cjs');
+var chunkKZ2MFGET_cjs = require('./chunk-KZ2MFGET.cjs');
+var chunk3QCEYJLK_cjs = require('./chunk-3QCEYJLK.cjs');
+var chunkQP3OHHON_cjs = require('./chunk-QP3OHHON.cjs');
 var chunk56GUBLJE_cjs = require('./chunk-56GUBLJE.cjs');
 var chunk6FHNRRJ3_cjs = require('./chunk-6FHNRRJ3.cjs');
-var chunkIKBAY2M2_cjs = require('./chunk-IKBAY2M2.cjs');
+var chunkYULUPQZV_cjs = require('./chunk-YULUPQZV.cjs');
 require('./chunk-P3XDZL6Q.cjs');
 var chunkRCQ2HIQD_cjs = require('./chunk-RCQ2HIQD.cjs');
 var chunkMNWKYY5E_cjs = require('./chunk-MNWKYY5E.cjs');
@@ -235,7 +235,7 @@ var DatabaseToolsService = class {
 };
 
 // src/templates/pages/admin-database-table.template.ts
-chunkH4NHRZ6Y_cjs.init_admin_layout_catalyst_template();
+chunkQP3OHHON_cjs.init_admin_layout_catalyst_template();
 function renderDatabaseTablePage(data) {
   const totalPages = Math.ceil(data.totalRows / data.pageSize);
   const startRow = (data.currentPage - 1) * data.pageSize + 1;
@@ -484,7 +484,7 @@ function renderDatabaseTablePage(data) {
     user: data.user,
     content: pageContent
   };
-  return chunkH4NHRZ6Y_cjs.renderAdminLayoutCatalyst(layoutData);
+  return chunkQP3OHHON_cjs.renderAdminLayoutCatalyst(layoutData);
 }
 function generatePageNumbers(currentPage, totalPages) {
   const pages = [];
@@ -559,7 +559,7 @@ function formatCellValue(value) {
 // src/plugins/core-plugins/database-tools-plugin/admin-routes.ts
 function createDatabaseToolsAdminRoutes() {
   const router3 = new hono.Hono();
-  router3.use("*", chunkHBUFGLEX_cjs.requireAuth());
+  router3.use("*", chunkYYMPHM3I_cjs.requireAuth());
   router3.get("/api/stats", async (c) => {
     try {
       const user = c.get("user");
@@ -1911,11 +1911,23 @@ function createOTPLoginPlugin() {
           attemptsRemaining: verification.attemptsRemaining
         }, 401);
       }
-      const user = await db.prepare(`
+      let user = await db.prepare(`
         SELECT id, email, role, is_active
         FROM users
         WHERE email = ?
       `).bind(normalizedEmail).first();
+      if (!user && settings.allowNewUserRegistration) {
+        const userId = crypto.randomUUID();
+        const now = Date.now();
+        const username = normalizedEmail.split("@")[0] + "_" + userId.slice(0, 6);
+        await db.prepare(`
+          INSERT INTO users (
+            id, email, username, first_name, last_name,
+            password_hash, role, is_active, email_verified, created_at, updated_at
+          ) VALUES (?, ?, ?, '', '', NULL, 'viewer', 1, 1, ?, ?)
+        `).bind(userId, normalizedEmail, username, now, now).run();
+        user = { id: userId, email: normalizedEmail, role: "viewer", is_active: 1 };
+      }
       if (!user) {
         return c.json({
           error: "User not found"
@@ -1926,7 +1938,7 @@ function createOTPLoginPlugin() {
           error: "Account is deactivated"
         }, 403);
       }
-      const token = await chunkHBUFGLEX_cjs.AuthManager.generateToken(user.id, user.email, user.role, c.env.JWT_SECRET);
+      const token = await chunkYYMPHM3I_cjs.AuthManager.generateToken(user.id, user.email, user.role, c.env.JWT_SECRET);
       cookie.setCookie(c, "auth_token", token, {
         httpOnly: true,
         secure: true,
@@ -2396,13 +2408,13 @@ function createOAuthProvidersPlugin() {
         if (!user || !user.is_active) {
           return c.redirect("/auth/login?error=Account is deactivated");
         }
-        const jwt2 = await chunkHBUFGLEX_cjs.AuthManager.generateToken(
+        const jwt2 = await chunkYYMPHM3I_cjs.AuthManager.generateToken(
           user.id,
           user.email,
           user.role,
           c.env.JWT_SECRET
         );
-        chunkHBUFGLEX_cjs.AuthManager.setAuthCookie(c, jwt2, { sameSite: "Lax" });
+        chunkYYMPHM3I_cjs.AuthManager.setAuthCookie(c, jwt2, { sameSite: "Lax" });
         return c.redirect("/admin");
       }
       const existingUser = await oauthService.findUserByEmail(profile.email);
@@ -2419,13 +2431,13 @@ function createOAuthProvidersPlugin() {
           tokenExpiresAt: tokenExpiresAt ?? void 0,
           profileData: JSON.stringify(profile)
         });
-        const jwt2 = await chunkHBUFGLEX_cjs.AuthManager.generateToken(
+        const jwt2 = await chunkYYMPHM3I_cjs.AuthManager.generateToken(
           existingUser.id,
           existingUser.email,
           existingUser.role,
           c.env.JWT_SECRET
         );
-        chunkHBUFGLEX_cjs.AuthManager.setAuthCookie(c, jwt2, { sameSite: "Lax" });
+        chunkYYMPHM3I_cjs.AuthManager.setAuthCookie(c, jwt2, { sameSite: "Lax" });
         return c.redirect("/admin");
       }
       const newUserId = await oauthService.createUserFromOAuth(profile);
@@ -2438,13 +2450,13 @@ function createOAuthProvidersPlugin() {
         tokenExpiresAt: tokenExpiresAt ?? void 0,
         profileData: JSON.stringify(profile)
       });
-      const jwt = await chunkHBUFGLEX_cjs.AuthManager.generateToken(
+      const jwt = await chunkYYMPHM3I_cjs.AuthManager.generateToken(
         newUserId,
         profile.email.toLowerCase(),
         "viewer",
         c.env.JWT_SECRET
       );
-      chunkHBUFGLEX_cjs.AuthManager.setAuthCookie(c, jwt, { sameSite: "Lax" });
+      chunkYYMPHM3I_cjs.AuthManager.setAuthCookie(c, jwt, { sameSite: "Lax" });
       return c.redirect("/admin");
     } catch (error) {
       console.error("OAuth callback error:", error);
@@ -3884,7 +3896,7 @@ function renderSettingsPage(data) {
     const indexStatusMap = data.indexStatus || {};
     const status = indexStatusMap[collectionId];
     const isNew = collection.is_new === true && !isDismissed && !status;
-    const statusBadge = status && isChecked ? `<span class="ml-2 px-2 py-1 text-xs rounded-full ${status.status === "completed" ? "bg-green-100 text-green-800 dark:bg-green-900/30 dark:text-green-300" : status.status === "indexing" ? "bg-blue-100 text-blue-800 dark:bg-blue-900/30 dark:text-blue-300" : status.status === "error" ? "bg-red-100 text-red-800 dark:bg-red-900/30 dark:text-red-300" : "bg-gray-100 text-gray-800 dark:bg-gray-800 dark:text-gray-300"}">${status.status}</span>` : "";
+    const statusBadge2 = status && isChecked ? `<span class="ml-2 px-2 py-1 text-xs rounded-full ${status.status === "completed" ? "bg-green-100 text-green-800 dark:bg-green-900/30 dark:text-green-300" : status.status === "indexing" ? "bg-blue-100 text-blue-800 dark:bg-blue-900/30 dark:text-blue-300" : status.status === "error" ? "bg-red-100 text-red-800 dark:bg-red-900/30 dark:text-red-300" : "bg-gray-100 text-gray-800 dark:bg-gray-800 dark:text-gray-300"}">${status.status}</span>` : "";
     return `<div class="flex items-start gap-3 p-3 rounded-lg border border-zinc-200 dark:border-zinc-700 ${isNew ? "bg-blue-50 dark:bg-blue-900/10 border-blue-200 dark:border-blue-800" : "hover:bg-zinc-50 dark:hover:bg-zinc-800"}">
                       <input
                         type="checkbox"
@@ -3899,7 +3911,7 @@ function renderSettingsPage(data) {
                         <label for="collection_${collectionId}" class="text-sm font-medium text-zinc-950 dark:text-white select-none cursor-pointer flex items-center">
                           ${collection.display_name || collection.name || "Unnamed Collection"}
                           ${isNew ? '<span class="ml-2 px-2 py-0.5 text-xs rounded-full bg-blue-100 text-blue-800 dark:bg-blue-900/30 dark:text-blue-300">NEW</span>' : ""}
-                          ${statusBadge}
+                          ${statusBadge2}
                         </label>
                         <p class="text-xs text-zinc-500 dark:text-zinc-400 mt-1">
                           ${collection.description || collection.name || "No description"} \u2022 ${collection.item_count || 0} items
@@ -4126,7 +4138,7 @@ function renderSettingsPage(data) {
       }, 30000);
     </script>
   `;
-  return chunkH4NHRZ6Y_cjs.renderAdminLayout({
+  return chunkQP3OHHON_cjs.renderAdminLayout({
     title: "AI Search Settings",
     pageTitle: "AI Search Settings",
     currentPath: "/admin/plugins/ai-search/settings",
@@ -4137,7 +4149,7 @@ function renderSettingsPage(data) {
 
 // src/plugins/core-plugins/ai-search-plugin/routes/admin.ts
 var adminRoutes = new hono.Hono();
-adminRoutes.use("*", chunkHBUFGLEX_cjs.requireAuth());
+adminRoutes.use("*", chunkYYMPHM3I_cjs.requireAuth());
 adminRoutes.get("/", async (c) => {
   try {
     const user = c.get("user");
@@ -4538,13 +4550,13 @@ function createMagicLinkAuthPlugin() {
         SET used = 1, used_at = ?
         WHERE id = ?
       `).bind(Date.now(), magicLink.id).run();
-      const jwtToken = await chunkHBUFGLEX_cjs.AuthManager.generateToken(
+      const jwtToken = await chunkYYMPHM3I_cjs.AuthManager.generateToken(
         user.id,
         user.email,
         user.role,
         c.env.JWT_SECRET
       );
-      chunkHBUFGLEX_cjs.AuthManager.setAuthCookie(c, jwtToken);
+      chunkYYMPHM3I_cjs.AuthManager.setAuthCookie(c, jwtToken);
       await db.prepare(`
         UPDATE users SET last_login_at = ? WHERE id = ?
       `).bind(Date.now(), user.id).run();
@@ -4982,7 +4994,7 @@ var SecurityAuditService = class {
 };
 
 // src/plugins/core-plugins/security-audit-plugin/components/dashboard-page.ts
-chunkH4NHRZ6Y_cjs.init_admin_layout_catalyst_template();
+chunkQP3OHHON_cjs.init_admin_layout_catalyst_template();
 function formatTimestamp(ts) {
   const date = new Date(ts);
   const now = Date.now();
@@ -5181,11 +5193,11 @@ function renderSecurityDashboard(data) {
     version,
     dynamicMenuItems
   };
-  return chunkH4NHRZ6Y_cjs.renderAdminLayoutCatalyst(layoutData);
+  return chunkQP3OHHON_cjs.renderAdminLayoutCatalyst(layoutData);
 }
 
 // src/plugins/core-plugins/security-audit-plugin/components/event-log-page.ts
-chunkH4NHRZ6Y_cjs.init_admin_layout_catalyst_template();
+chunkQP3OHHON_cjs.init_admin_layout_catalyst_template();
 function formatTimestamp2(ts) {
   const date = new Date(ts);
   return date.toLocaleDateString("en-US", {
@@ -5392,11 +5404,11 @@ function renderEventLogPage(data) {
     version,
     dynamicMenuItems
   };
-  return chunkH4NHRZ6Y_cjs.renderAdminLayoutCatalyst(layoutData);
+  return chunkQP3OHHON_cjs.renderAdminLayoutCatalyst(layoutData);
 }
 
 // src/plugins/core-plugins/security-audit-plugin/components/settings-page.ts
-chunkH4NHRZ6Y_cjs.init_admin_layout_catalyst_template();
+chunkQP3OHHON_cjs.init_admin_layout_catalyst_template();
 function renderSecuritySettingsPage(data) {
   const { settings, user, version, message, dynamicMenuItems } = data;
   const content2 = `
@@ -5549,12 +5561,12 @@ function renderSecuritySettingsPage(data) {
     version,
     dynamicMenuItems
   };
-  return chunkH4NHRZ6Y_cjs.renderAdminLayoutCatalyst(layoutData);
+  return chunkQP3OHHON_cjs.renderAdminLayoutCatalyst(layoutData);
 }
 
 // src/plugins/core-plugins/security-audit-plugin/routes/admin.ts
 var adminRoutes2 = new hono.Hono();
-adminRoutes2.use("*", chunkHBUFGLEX_cjs.requireAuth());
+adminRoutes2.use("*", chunkYYMPHM3I_cjs.requireAuth());
 adminRoutes2.use("*", async (c, next) => {
   const user = c.get("user");
   if (user?.role !== "admin") {
@@ -5824,7 +5836,7 @@ var BruteForceDetector = class {
 
 // src/plugins/core-plugins/security-audit-plugin/routes/api.ts
 var apiRoutes2 = new hono.Hono();
-apiRoutes2.use("*", chunkHBUFGLEX_cjs.requireAuth());
+apiRoutes2.use("*", chunkYYMPHM3I_cjs.requireAuth());
 apiRoutes2.use("*", async (c, next) => {
   const user = c.get("user");
   if (user?.role !== "admin") {
@@ -6254,6 +6266,755 @@ function createSecurityAuditPlugin() {
 }
 var securityAuditPlugin = createSecurityAuditPlugin();
 
+// src/plugins/core-plugins/stripe-plugin/services/subscription-service.ts
+var SubscriptionService = class {
+  constructor(db) {
+    this.db = db;
+  }
+  /**
+   * Ensure the subscriptions table exists
+   */
+  async ensureTable() {
+    await this.db.prepare(`
+      CREATE TABLE IF NOT EXISTS subscriptions (
+        id TEXT PRIMARY KEY DEFAULT (lower(hex(randomblob(16)))),
+        user_id TEXT NOT NULL,
+        stripe_customer_id TEXT NOT NULL,
+        stripe_subscription_id TEXT NOT NULL UNIQUE,
+        stripe_price_id TEXT NOT NULL,
+        status TEXT NOT NULL DEFAULT 'incomplete',
+        current_period_start INTEGER NOT NULL DEFAULT 0,
+        current_period_end INTEGER NOT NULL DEFAULT 0,
+        cancel_at_period_end INTEGER NOT NULL DEFAULT 0,
+        created_at INTEGER NOT NULL DEFAULT (unixepoch()),
+        updated_at INTEGER NOT NULL DEFAULT (unixepoch())
+      )
+    `).run();
+    await this.db.prepare(`
+      CREATE INDEX IF NOT EXISTS idx_subscriptions_user_id ON subscriptions(user_id)
+    `).run();
+    await this.db.prepare(`
+      CREATE INDEX IF NOT EXISTS idx_subscriptions_stripe_customer_id ON subscriptions(stripe_customer_id)
+    `).run();
+    await this.db.prepare(`
+      CREATE INDEX IF NOT EXISTS idx_subscriptions_stripe_subscription_id ON subscriptions(stripe_subscription_id)
+    `).run();
+    await this.db.prepare(`
+      CREATE INDEX IF NOT EXISTS idx_subscriptions_status ON subscriptions(status)
+    `).run();
+  }
+  /**
+   * Create a new subscription record
+   */
+  async create(data) {
+    const result = await this.db.prepare(`
+      INSERT INTO subscriptions (user_id, stripe_customer_id, stripe_subscription_id, stripe_price_id, status, current_period_start, current_period_end, cancel_at_period_end)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?)
+      RETURNING *
+    `).bind(
+      data.userId,
+      data.stripeCustomerId,
+      data.stripeSubscriptionId,
+      data.stripePriceId,
+      data.status,
+      data.currentPeriodStart,
+      data.currentPeriodEnd,
+      data.cancelAtPeriodEnd ? 1 : 0
+    ).first();
+    return this.mapRow(result);
+  }
+  /**
+   * Update a subscription by its Stripe subscription ID
+   */
+  async updateByStripeId(stripeSubscriptionId, data) {
+    const sets = [];
+    const values = [];
+    if (data.status !== void 0) {
+      sets.push("status = ?");
+      values.push(data.status);
+    }
+    if (data.stripePriceId !== void 0) {
+      sets.push("stripe_price_id = ?");
+      values.push(data.stripePriceId);
+    }
+    if (data.currentPeriodStart !== void 0) {
+      sets.push("current_period_start = ?");
+      values.push(data.currentPeriodStart);
+    }
+    if (data.currentPeriodEnd !== void 0) {
+      sets.push("current_period_end = ?");
+      values.push(data.currentPeriodEnd);
+    }
+    if (data.cancelAtPeriodEnd !== void 0) {
+      sets.push("cancel_at_period_end = ?");
+      values.push(data.cancelAtPeriodEnd ? 1 : 0);
+    }
+    if (sets.length === 0) return this.getByStripeSubscriptionId(stripeSubscriptionId);
+    sets.push("updated_at = unixepoch()");
+    values.push(stripeSubscriptionId);
+    const result = await this.db.prepare(`
+      UPDATE subscriptions SET ${sets.join(", ")} WHERE stripe_subscription_id = ? RETURNING *
+    `).bind(...values).first();
+    return result ? this.mapRow(result) : null;
+  }
+  /**
+   * Get subscription by Stripe subscription ID
+   */
+  async getByStripeSubscriptionId(stripeSubscriptionId) {
+    const result = await this.db.prepare(
+      "SELECT * FROM subscriptions WHERE stripe_subscription_id = ?"
+    ).bind(stripeSubscriptionId).first();
+    return result ? this.mapRow(result) : null;
+  }
+  /**
+   * Get the active subscription for a user
+   */
+  async getByUserId(userId) {
+    const result = await this.db.prepare(
+      "SELECT * FROM subscriptions WHERE user_id = ? ORDER BY CASE WHEN status = 'active' THEN 0 WHEN status = 'trialing' THEN 1 ELSE 2 END, updated_at DESC LIMIT 1"
+    ).bind(userId).first();
+    return result ? this.mapRow(result) : null;
+  }
+  /**
+   * Get subscription by Stripe customer ID
+   */
+  async getByStripeCustomerId(stripeCustomerId) {
+    const result = await this.db.prepare(
+      "SELECT * FROM subscriptions WHERE stripe_customer_id = ? ORDER BY updated_at DESC LIMIT 1"
+    ).bind(stripeCustomerId).first();
+    return result ? this.mapRow(result) : null;
+  }
+  /**
+   * Find the userId linked to a Stripe customer ID
+   */
+  async getUserIdByStripeCustomer(stripeCustomerId) {
+    const result = await this.db.prepare(
+      "SELECT user_id FROM subscriptions WHERE stripe_customer_id = ? LIMIT 1"
+    ).bind(stripeCustomerId).first();
+    return result?.user_id ?? null;
+  }
+  /**
+   * List subscriptions with filters and pagination
+   */
+  async list(filters = {}) {
+    const where = [];
+    const values = [];
+    if (filters.status) {
+      where.push("status = ?");
+      values.push(filters.status);
+    }
+    if (filters.userId) {
+      where.push("user_id = ?");
+      values.push(filters.userId);
+    }
+    if (filters.stripeCustomerId) {
+      where.push("stripe_customer_id = ?");
+      values.push(filters.stripeCustomerId);
+    }
+    const whereClause = where.length > 0 ? `WHERE ${where.join(" AND ")}` : "";
+    const sortBy = filters.sortBy || "created_at";
+    const sortOrder = filters.sortOrder || "desc";
+    const limit = Math.min(filters.limit || 50, 100);
+    const page = filters.page || 1;
+    const offset = (page - 1) * limit;
+    const countResult = await this.db.prepare(
+      `SELECT COUNT(*) as count FROM subscriptions ${whereClause}`
+    ).bind(...values).first();
+    const results = await this.db.prepare(
+      `SELECT s.*, u.email as user_email FROM subscriptions s LEFT JOIN users u ON s.user_id = u.id ${whereClause} ORDER BY ${sortBy} ${sortOrder} LIMIT ? OFFSET ?`
+    ).bind(...values, limit, offset).all();
+    return {
+      subscriptions: (results.results || []).map((r) => this.mapRow(r)),
+      total: countResult?.count || 0
+    };
+  }
+  /**
+   * Get subscription stats
+   */
+  async getStats() {
+    const result = await this.db.prepare(`
+      SELECT
+        COUNT(*) as total,
+        SUM(CASE WHEN status = 'active' THEN 1 ELSE 0 END) as active,
+        SUM(CASE WHEN status = 'canceled' THEN 1 ELSE 0 END) as canceled,
+        SUM(CASE WHEN status = 'past_due' THEN 1 ELSE 0 END) as past_due,
+        SUM(CASE WHEN status = 'trialing' THEN 1 ELSE 0 END) as trialing
+      FROM subscriptions
+    `).first();
+    return {
+      total: result?.total || 0,
+      active: result?.active || 0,
+      canceled: result?.canceled || 0,
+      pastDue: result?.past_due || 0,
+      trialing: result?.trialing || 0
+    };
+  }
+  /**
+   * Delete a subscription record by Stripe subscription ID
+   */
+  async deleteByStripeId(stripeSubscriptionId) {
+    const result = await this.db.prepare(
+      "DELETE FROM subscriptions WHERE stripe_subscription_id = ?"
+    ).bind(stripeSubscriptionId).run();
+    return (result.meta?.changes || 0) > 0;
+  }
+  mapRow(row) {
+    return {
+      id: row.id,
+      userId: row.user_id,
+      stripeCustomerId: row.stripe_customer_id,
+      stripeSubscriptionId: row.stripe_subscription_id,
+      stripePriceId: row.stripe_price_id,
+      status: row.status,
+      currentPeriodStart: row.current_period_start,
+      currentPeriodEnd: row.current_period_end,
+      cancelAtPeriodEnd: !!row.cancel_at_period_end,
+      createdAt: row.created_at,
+      updatedAt: row.updated_at,
+      // Attach email if joined
+      ...row.user_email ? { userEmail: row.user_email } : {}
+    };
+  }
+};
+
+// src/plugins/core-plugins/stripe-plugin/components/subscriptions-page.ts
+function renderSubscriptionsPage(subscriptions, stats, filters) {
+  return `
+    <div class="space-y-6">
+      <!-- Stats Cards -->
+      <div class="grid grid-cols-1 md:grid-cols-5 gap-4">
+        ${statsCard("Total", stats.total, "text-gray-700")}
+        ${statsCard("Active", stats.active, "text-green-600")}
+        ${statsCard("Trialing", stats.trialing, "text-blue-600")}
+        ${statsCard("Past Due", stats.pastDue, "text-yellow-600")}
+        ${statsCard("Canceled", stats.canceled, "text-red-600")}
+      </div>
+
+      <!-- Filters -->
+      <div class="bg-white rounded-lg shadow p-4">
+        <form method="GET" class="flex items-center gap-4">
+          <label class="text-sm font-medium text-gray-700">Status:</label>
+          <select name="status" class="border rounded px-3 py-1.5 text-sm" onchange="this.form.submit()">
+            <option value="">All</option>
+            ${statusOption("active", filters.status)}
+            ${statusOption("trialing", filters.status)}
+            ${statusOption("past_due", filters.status)}
+            ${statusOption("canceled", filters.status)}
+            ${statusOption("unpaid", filters.status)}
+            ${statusOption("paused", filters.status)}
+          </select>
+        </form>
+      </div>
+
+      <!-- Subscriptions Table -->
+      <div class="bg-white rounded-lg shadow overflow-hidden">
+        <table class="min-w-full divide-y divide-gray-200">
+          <thead class="bg-gray-50">
+            <tr>
+              <th class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">User</th>
+              <th class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Status</th>
+              <th class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Price ID</th>
+              <th class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Current Period</th>
+              <th class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Cancel at End</th>
+              <th class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Stripe</th>
+            </tr>
+          </thead>
+          <tbody class="bg-white divide-y divide-gray-200">
+            ${subscriptions.length === 0 ? '<tr><td colspan="6" class="px-6 py-8 text-center text-gray-500">No subscriptions found</td></tr>' : subscriptions.map(renderRow).join("")}
+          </tbody>
+        </table>
+
+        ${renderPagination2(filters.page, filters.totalPages, filters.status)}
+      </div>
+    </div>
+  `;
+}
+function statsCard(label, value, colorClass) {
+  return `
+    <div class="bg-white rounded-lg shadow p-4">
+      <div class="text-sm font-medium text-gray-500">${label}</div>
+      <div class="text-2xl font-bold ${colorClass}">${value}</div>
+    </div>
+  `;
+}
+function statusOption(value, current) {
+  const selected = value === current ? "selected" : "";
+  const label = value.replace("_", " ").replace(/\b\w/g, (c) => c.toUpperCase());
+  return `<option value="${value}" ${selected}>${label}</option>`;
+}
+function statusBadge(status) {
+  const colors = {
+    active: "bg-green-100 text-green-800",
+    trialing: "bg-blue-100 text-blue-800",
+    past_due: "bg-yellow-100 text-yellow-800",
+    canceled: "bg-red-100 text-red-800",
+    unpaid: "bg-orange-100 text-orange-800",
+    paused: "bg-gray-100 text-gray-800",
+    incomplete: "bg-gray-100 text-gray-500",
+    incomplete_expired: "bg-red-100 text-red-500"
+  };
+  const color = colors[status] || "bg-gray-100 text-gray-800";
+  const label = status.replace("_", " ");
+  return `<span class="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium ${color}">${label}</span>`;
+}
+function formatDate(timestamp) {
+  if (!timestamp) return "-";
+  return new Date(timestamp * 1e3).toLocaleDateString("en-US", {
+    month: "short",
+    day: "numeric",
+    year: "numeric"
+  });
+}
+function renderRow(sub) {
+  return `
+    <tr>
+      <td class="px-6 py-4 whitespace-nowrap">
+        <div class="text-sm font-medium text-gray-900">${sub.userEmail || sub.userId}</div>
+        <div class="text-xs text-gray-500">${sub.stripeCustomerId}</div>
+      </td>
+      <td class="px-6 py-4 whitespace-nowrap">${statusBadge(sub.status)}</td>
+      <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">${sub.stripePriceId}</td>
+      <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">
+        ${formatDate(sub.currentPeriodStart)} - ${formatDate(sub.currentPeriodEnd)}
+      </td>
+      <td class="px-6 py-4 whitespace-nowrap text-sm">
+        ${sub.cancelAtPeriodEnd ? '<span class="text-yellow-600 font-medium">Yes</span>' : '<span class="text-gray-400">No</span>'}
+      </td>
+      <td class="px-6 py-4 whitespace-nowrap text-sm">
+        <a href="https://dashboard.stripe.com/subscriptions/${sub.stripeSubscriptionId}"
+           target="_blank" rel="noopener noreferrer"
+           class="text-indigo-600 hover:text-indigo-800">
+          View in Stripe
+        </a>
+      </td>
+    </tr>
+  `;
+}
+function renderPagination2(page, totalPages, status) {
+  if (totalPages <= 1) return "";
+  const params = status ? `&status=${status}` : "";
+  return `
+    <div class="bg-white px-4 py-3 flex items-center justify-between border-t border-gray-200 sm:px-6">
+      <div class="text-sm text-gray-700">
+        Page ${page} of ${totalPages}
+      </div>
+      <div class="flex gap-2">
+        ${page > 1 ? `<a href="?page=${page - 1}${params}" class="px-3 py-1 border rounded text-sm hover:bg-gray-50">Previous</a>` : ""}
+        ${page < totalPages ? `<a href="?page=${page + 1}${params}" class="px-3 py-1 border rounded text-sm hover:bg-gray-50">Next</a>` : ""}
+      </div>
+    </div>
+  `;
+}
+
+// src/plugins/core-plugins/stripe-plugin/types.ts
+var DEFAULT_SETTINGS3 = {
+  stripeSecretKey: "",
+  stripeWebhookSecret: "",
+  stripePriceId: "",
+  successUrl: "/admin/dashboard",
+  cancelUrl: "/admin/dashboard"
+};
+
+// src/plugins/core-plugins/stripe-plugin/routes/admin.ts
+var adminRoutes3 = new hono.Hono();
+adminRoutes3.use("*", chunkYYMPHM3I_cjs.requireAuth());
+adminRoutes3.use("*", async (c, next) => {
+  const user = c.get("user");
+  if (user?.role !== "admin") {
+    return c.text("Access denied", 403);
+  }
+  return next();
+});
+adminRoutes3.get("/", async (c) => {
+  const db = c.env.DB;
+  const subscriptionService = new SubscriptionService(db);
+  await subscriptionService.ensureTable();
+  const page = parseInt(c.req.query("page") || "1");
+  const limit = 50;
+  const statusFilter = c.req.query("status");
+  const [{ subscriptions, total }, stats] = await Promise.all([
+    subscriptionService.list({ status: statusFilter, page, limit }),
+    subscriptionService.getStats()
+  ]);
+  const totalPages = Math.ceil(total / limit);
+  const html = renderSubscriptionsPage(subscriptions, stats, {
+    status: statusFilter,
+    page,
+    totalPages
+  });
+  return c.html(html);
+});
+adminRoutes3.post("/settings", async (c) => {
+  try {
+    const body = await c.req.json();
+    const db = c.env.DB;
+    await db.prepare(`
+      UPDATE plugins
+      SET settings = ?,
+          updated_at = unixepoch()
+      WHERE id = 'stripe'
+    `).bind(JSON.stringify(body)).run();
+    return c.json({ success: true });
+  } catch (error) {
+    console.error("Error saving Stripe settings:", error);
+    return c.json({ success: false, error: "Failed to save settings" }, 500);
+  }
+});
+
+// src/plugins/core-plugins/stripe-plugin/services/stripe-api.ts
+var StripeAPI = class {
+  constructor(secretKey) {
+    this.secretKey = secretKey;
+  }
+  baseUrl = "https://api.stripe.com/v1";
+  /**
+   * Verify a webhook signature
+   * Implements Stripe's v1 signature scheme using Web Crypto API
+   */
+  async verifyWebhookSignature(payload, sigHeader, secret) {
+    const parts = sigHeader.split(",");
+    const timestamp = parts.find((p) => p.startsWith("t="))?.split("=")[1];
+    const signatures = parts.filter((p) => p.startsWith("v1=")).map((p) => p.substring(3));
+    if (!timestamp || signatures.length === 0) return false;
+    const now = Math.floor(Date.now() / 1e3);
+    if (Math.abs(now - parseInt(timestamp)) > 300) return false;
+    const signedPayload = `${timestamp}.${payload}`;
+    const encoder = new TextEncoder();
+    const key = await crypto.subtle.importKey(
+      "raw",
+      encoder.encode(secret),
+      { name: "HMAC", hash: "SHA-256" },
+      false,
+      ["sign"]
+    );
+    const signatureBuffer = await crypto.subtle.sign("HMAC", key, encoder.encode(signedPayload));
+    const expectedSignature = Array.from(new Uint8Array(signatureBuffer)).map((b) => b.toString(16).padStart(2, "0")).join("");
+    return signatures.some((sig) => timingSafeEqual(sig, expectedSignature));
+  }
+  /**
+   * Create a Checkout Session
+   */
+  async createCheckoutSession(params) {
+    const body = new URLSearchParams();
+    body.append("mode", "subscription");
+    body.append("line_items[0][price]", params.priceId);
+    body.append("line_items[0][quantity]", "1");
+    body.append("success_url", params.successUrl);
+    body.append("cancel_url", params.cancelUrl);
+    if (params.customerId) {
+      body.append("customer", params.customerId);
+    } else if (params.customerEmail) {
+      body.append("customer_email", params.customerEmail);
+    }
+    if (params.metadata) {
+      for (const [key, value] of Object.entries(params.metadata)) {
+        body.append(`metadata[${key}]`, value);
+      }
+    }
+    const response = await this.request("POST", "/checkout/sessions", body);
+    return { id: response.id, url: response.url };
+  }
+  /**
+   * Retrieve a Stripe subscription
+   */
+  async getSubscription(subscriptionId) {
+    return this.request("GET", `/subscriptions/${subscriptionId}`);
+  }
+  /**
+   * Create a Stripe customer
+   */
+  async createCustomer(params) {
+    const body = new URLSearchParams();
+    body.append("email", params.email);
+    if (params.metadata) {
+      for (const [key, value] of Object.entries(params.metadata)) {
+        body.append(`metadata[${key}]`, value);
+      }
+    }
+    return this.request("POST", "/customers", body);
+  }
+  /**
+   * Search for a customer by email
+   */
+  async findCustomerByEmail(email) {
+    const params = new URLSearchParams();
+    params.append("query", `email:'${email}'`);
+    params.append("limit", "1");
+    const result = await this.request("GET", `/customers/search?${params.toString()}`);
+    return result.data?.[0] || null;
+  }
+  async request(method, path, body) {
+    const url = path.startsWith("http") ? path : `${this.baseUrl}${path}`;
+    const response = await fetch(url, {
+      method,
+      headers: {
+        "Authorization": `Bearer ${this.secretKey}`,
+        ...body ? { "Content-Type": "application/x-www-form-urlencoded" } : {}
+      },
+      ...body ? { body: body.toString() } : {}
+    });
+    const data = await response.json();
+    if (!response.ok) {
+      throw new Error(`Stripe API error: ${data.error?.message || response.statusText}`);
+    }
+    return data;
+  }
+};
+function timingSafeEqual(a, b) {
+  if (a.length !== b.length) return false;
+  let result = 0;
+  for (let i = 0; i < a.length; i++) {
+    result |= a.charCodeAt(i) ^ b.charCodeAt(i);
+  }
+  return result === 0;
+}
+
+// src/plugins/core-plugins/stripe-plugin/routes/api.ts
+var apiRoutes3 = new hono.Hono();
+async function getSettings3(db) {
+  try {
+    const pluginService = new chunkI6FFGQIT_cjs.PluginService(db);
+    const plugin2 = await pluginService.getPlugin("stripe");
+    if (plugin2?.settings) {
+      const settings = typeof plugin2.settings === "string" ? JSON.parse(plugin2.settings) : plugin2.settings;
+      return { ...DEFAULT_SETTINGS3, ...settings };
+    }
+  } catch {
+  }
+  return DEFAULT_SETTINGS3;
+}
+function mapStripeStatus(status) {
+  const map = {
+    active: "active",
+    canceled: "canceled",
+    past_due: "past_due",
+    trialing: "trialing",
+    unpaid: "unpaid",
+    paused: "paused",
+    incomplete: "incomplete",
+    incomplete_expired: "incomplete_expired"
+  };
+  return map[status] || "incomplete";
+}
+apiRoutes3.post("/webhook", async (c) => {
+  const db = c.env.DB;
+  const settings = await getSettings3(db);
+  if (!settings.stripeWebhookSecret) {
+    return c.json({ error: "Webhook secret not configured" }, 500);
+  }
+  const rawBody = await c.req.text();
+  const sigHeader = c.req.header("stripe-signature") || "";
+  const stripeApi = new StripeAPI(settings.stripeSecretKey);
+  const isValid = await stripeApi.verifyWebhookSignature(rawBody, sigHeader, settings.stripeWebhookSecret);
+  if (!isValid) {
+    return c.json({ error: "Invalid signature" }, 400);
+  }
+  const event = JSON.parse(rawBody);
+  const subscriptionService = new SubscriptionService(db);
+  await subscriptionService.ensureTable();
+  try {
+    switch (event.type) {
+      case "customer.subscription.created": {
+        const sub = event.data.object;
+        const userId = sub.metadata?.sonicjs_user_id || await subscriptionService.getUserIdByStripeCustomer(sub.customer) || "";
+        await subscriptionService.create({
+          userId,
+          stripeCustomerId: sub.customer,
+          stripeSubscriptionId: sub.id,
+          stripePriceId: sub.items.data[0]?.price.id || "",
+          status: mapStripeStatus(sub.status),
+          currentPeriodStart: sub.current_period_start,
+          currentPeriodEnd: sub.current_period_end,
+          cancelAtPeriodEnd: sub.cancel_at_period_end
+        });
+        console.log(`[Stripe] Subscription created: ${sub.id}`);
+        break;
+      }
+      case "customer.subscription.updated": {
+        const sub = event.data.object;
+        await subscriptionService.updateByStripeId(sub.id, {
+          status: mapStripeStatus(sub.status),
+          stripePriceId: sub.items.data[0]?.price.id || void 0,
+          currentPeriodStart: sub.current_period_start,
+          currentPeriodEnd: sub.current_period_end,
+          cancelAtPeriodEnd: sub.cancel_at_period_end
+        });
+        console.log(`[Stripe] Subscription updated: ${sub.id} -> ${sub.status}`);
+        break;
+      }
+      case "customer.subscription.deleted": {
+        const sub = event.data.object;
+        await subscriptionService.updateByStripeId(sub.id, {
+          status: "canceled"
+        });
+        console.log(`[Stripe] Subscription deleted: ${sub.id}`);
+        break;
+      }
+      case "checkout.session.completed": {
+        const session = event.data.object;
+        const userId = session.metadata?.sonicjs_user_id;
+        if (userId && session.subscription) {
+          const existing = await subscriptionService.getByStripeSubscriptionId(session.subscription);
+          if (existing && !existing.userId) {
+            await subscriptionService.updateByStripeId(session.subscription, {
+              userId
+            });
+          }
+        }
+        console.log(`[Stripe] Checkout completed: ${session.id}`);
+        break;
+      }
+      case "invoice.payment_succeeded": {
+        const invoice = event.data.object;
+        if (invoice.subscription) {
+          await subscriptionService.updateByStripeId(invoice.subscription, {
+            status: "active"
+          });
+        }
+        console.log(`[Stripe] Payment succeeded for invoice: ${invoice.id}`);
+        break;
+      }
+      case "invoice.payment_failed": {
+        const invoice = event.data.object;
+        if (invoice.subscription) {
+          await subscriptionService.updateByStripeId(invoice.subscription, {
+            status: "past_due"
+          });
+        }
+        console.log(`[Stripe] Payment failed for invoice: ${invoice.id}`);
+        break;
+      }
+      default:
+        console.log(`[Stripe] Unhandled event type: ${event.type}`);
+    }
+  } catch (error) {
+    console.error(`[Stripe] Error processing webhook event ${event.type}:`, error);
+    return c.json({ error: "Webhook processing failed" }, 500);
+  }
+  return c.json({ received: true });
+});
+apiRoutes3.post("/create-checkout-session", chunkYYMPHM3I_cjs.requireAuth(), async (c) => {
+  const db = c.env.DB;
+  const user = c.get("user");
+  if (!user) return c.json({ error: "Unauthorized" }, 401);
+  const settings = await getSettings3(db);
+  if (!settings.stripeSecretKey) {
+    return c.json({ error: "Stripe not configured" }, 500);
+  }
+  const body = await c.req.json().catch(() => ({}));
+  const priceId = body.priceId || settings.stripePriceId;
+  if (!priceId) {
+    return c.json({ error: "No price ID specified" }, 400);
+  }
+  const stripeApi = new StripeAPI(settings.stripeSecretKey);
+  const subscriptionService = new SubscriptionService(db);
+  await subscriptionService.ensureTable();
+  const existingSub = await subscriptionService.getByUserId(user.userId);
+  let customerId = existingSub?.stripeCustomerId;
+  if (!customerId) {
+    const existing = await stripeApi.findCustomerByEmail(user.email);
+    if (existing) {
+      customerId = existing.id;
+    } else {
+      const customer = await stripeApi.createCustomer({
+        email: user.email,
+        metadata: { sonicjs_user_id: user.userId }
+      });
+      customerId = customer.id;
+    }
+  }
+  const origin = new URL(c.req.url).origin;
+  const session = await stripeApi.createCheckoutSession({
+    priceId,
+    customerId,
+    successUrl: `${origin}${settings.successUrl}?session_id={CHECKOUT_SESSION_ID}`,
+    cancelUrl: `${origin}${settings.cancelUrl}`,
+    metadata: { sonicjs_user_id: user.userId }
+  });
+  return c.json({ sessionId: session.id, url: session.url });
+});
+apiRoutes3.get("/subscription", chunkYYMPHM3I_cjs.requireAuth(), async (c) => {
+  const user = c.get("user");
+  if (!user) return c.json({ error: "Unauthorized" }, 401);
+  const db = c.env.DB;
+  const subscriptionService = new SubscriptionService(db);
+  await subscriptionService.ensureTable();
+  const subscription = await subscriptionService.getByUserId(user.userId);
+  if (!subscription) {
+    return c.json({ subscription: null });
+  }
+  return c.json({ subscription });
+});
+apiRoutes3.get("/subscriptions", chunkYYMPHM3I_cjs.requireAuth(), async (c) => {
+  const user = c.get("user");
+  if (user?.role !== "admin") return c.json({ error: "Access denied" }, 403);
+  const db = c.env.DB;
+  const subscriptionService = new SubscriptionService(db);
+  await subscriptionService.ensureTable();
+  const filters = {
+    status: c.req.query("status"),
+    page: c.req.query("page") ? parseInt(c.req.query("page")) : 1,
+    limit: c.req.query("limit") ? parseInt(c.req.query("limit")) : 50,
+    sortBy: c.req.query("sortBy") || "created_at",
+    sortOrder: c.req.query("sortOrder") || "desc"
+  };
+  const result = await subscriptionService.list(filters);
+  return c.json(result);
+});
+apiRoutes3.get("/stats", chunkYYMPHM3I_cjs.requireAuth(), async (c) => {
+  const user = c.get("user");
+  if (user?.role !== "admin") return c.json({ error: "Access denied" }, 403);
+  const db = c.env.DB;
+  const subscriptionService = new SubscriptionService(db);
+  await subscriptionService.ensureTable();
+  const stats = await subscriptionService.getStats();
+  return c.json(stats);
+});
+
+// src/plugins/core-plugins/stripe-plugin/index.ts
+function createStripePlugin() {
+  const builder = chunk6FHNRRJ3_cjs.PluginBuilder.create({
+    name: "stripe",
+    version: "1.0.0-beta.1",
+    description: "Stripe subscription management with webhook handling, checkout sessions, and subscription gating"
+  });
+  builder.metadata({
+    author: { name: "SonicJS Team" },
+    license: "MIT"
+  });
+  builder.addRoute("/admin/plugins/stripe", adminRoutes3, {
+    description: "Stripe subscriptions admin dashboard",
+    requiresAuth: true,
+    priority: 50
+  });
+  builder.addRoute("/api/stripe", apiRoutes3, {
+    description: "Stripe API endpoints (webhook, checkout, subscription)",
+    requiresAuth: false,
+    // Webhook route handles its own auth via signature
+    priority: 50
+  });
+  builder.addMenuItem("Stripe", "/admin/plugins/stripe", {
+    icon: `<svg class="h-5 w-5" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M3 10h18M7 15h1m4 0h1m-7 4h12a3 3 0 003-3V8a3 3 0 00-3-3H6a3 3 0 00-3 3v8a3 3 0 003 3z"/></svg>`,
+    order: 75
+  });
+  builder.lifecycle({
+    install: async () => {
+      console.log("[Stripe] Plugin installed");
+    },
+    activate: async () => {
+      console.log("[Stripe] Plugin activated");
+    },
+    deactivate: async () => {
+      console.log("[Stripe] Plugin deactivated");
+    },
+    uninstall: async () => {
+      console.log("[Stripe] Plugin uninstalled");
+    }
+  });
+  return builder.build();
+}
+var stripePlugin = createStripePlugin();
+
 // src/middleware/plugin-menu.ts
 var MENU_PLUGINS = [
   securityAuditPlugin
@@ -7281,7 +8042,7 @@ async function warmNamespace(namespace, entries) {
 }
 
 // src/templates/pages/admin-cache.template.ts
-chunkH4NHRZ6Y_cjs.init_admin_layout_catalyst_template();
+chunkQP3OHHON_cjs.init_admin_layout_catalyst_template();
 function renderCacheDashboard(data) {
   const pageContent = `
     <div class="space-y-6">
@@ -7460,7 +8221,7 @@ function renderCacheDashboard(data) {
     </script>
 
     <!-- Confirmation Dialogs -->
-    ${chunkDHTCZZUB_cjs.renderConfirmationDialog({
+    ${chunkDRWSHIFG_cjs.renderConfirmationDialog({
     id: "clear-all-cache-confirm",
     title: "Clear All Cache",
     message: "Are you sure you want to clear all cache entries? This cannot be undone.",
@@ -7471,7 +8232,7 @@ function renderCacheDashboard(data) {
     onConfirm: "performClearAllCaches()"
   })}
 
-    ${chunkDHTCZZUB_cjs.renderConfirmationDialog({
+    ${chunkDRWSHIFG_cjs.renderConfirmationDialog({
     id: "clear-namespace-cache-confirm",
     title: "Clear Namespace Cache",
     message: "Clear cache for this namespace?",
@@ -7482,7 +8243,7 @@ function renderCacheDashboard(data) {
     onConfirm: "performClearNamespaceCache()"
   })}
 
-    ${chunkDHTCZZUB_cjs.getConfirmationDialogScript()}
+    ${chunkDRWSHIFG_cjs.getConfirmationDialogScript()}
   `;
   const layoutData = {
     title: "Cache System",
@@ -7492,7 +8253,7 @@ function renderCacheDashboard(data) {
     version: data.version,
     content: pageContent
   };
-  return chunkH4NHRZ6Y_cjs.renderAdminLayoutCatalyst(layoutData);
+  return chunkQP3OHHON_cjs.renderAdminLayoutCatalyst(layoutData);
 }
 function renderStatCard(label, value, color, icon, colorOverride) {
   const finalColor = colorOverride || color;
@@ -8168,14 +8929,14 @@ var faviconSvg = `<?xml version="1.0" encoding="UTF-8" standalone="no"?>
 // src/app.ts
 function createSonicJSApp(config = {}) {
   const app2 = new hono.Hono();
-  const appVersion = config.version || chunkIKBAY2M2_cjs.getCoreVersion();
+  const appVersion = config.version || chunkYULUPQZV_cjs.getCoreVersion();
   const appName = config.name || "SonicJS AI";
   app2.use("*", async (c, next) => {
     c.set("appVersion", appVersion);
     await next();
   });
-  app2.use("*", chunkHBUFGLEX_cjs.metricsMiddleware());
-  app2.use("*", chunkHBUFGLEX_cjs.bootstrapMiddleware(config));
+  app2.use("*", chunkYYMPHM3I_cjs.metricsMiddleware());
+  app2.use("*", chunkYYMPHM3I_cjs.bootstrapMiddleware(config));
   if (config.middleware?.beforeAuth) {
     for (const middleware of config.middleware.beforeAuth) {
       app2.use("*", middleware);
@@ -8184,29 +8945,29 @@ function createSonicJSApp(config = {}) {
   app2.use("*", async (_c, next) => {
     await next();
   });
-  app2.use("*", chunkHBUFGLEX_cjs.securityHeadersMiddleware());
-  app2.use("*", chunkHBUFGLEX_cjs.csrfProtection());
+  app2.use("*", chunkYYMPHM3I_cjs.securityHeadersMiddleware());
+  app2.use("*", chunkYYMPHM3I_cjs.csrfProtection());
   if (config.middleware?.afterAuth) {
     for (const middleware of config.middleware.afterAuth) {
       app2.use("*", middleware);
     }
   }
   app2.use("/admin/*", pluginMenuMiddleware());
-  app2.route("/api", chunkDHTCZZUB_cjs.api_default);
-  app2.route("/api/media", chunkDHTCZZUB_cjs.api_media_default);
-  app2.route("/api/system", chunkDHTCZZUB_cjs.api_system_default);
-  app2.route("/admin/api", chunkDHTCZZUB_cjs.admin_api_default);
-  app2.route("/admin/dashboard", chunkDHTCZZUB_cjs.router);
-  app2.route("/admin/collections", chunkDHTCZZUB_cjs.adminCollectionsRoutes);
-  app2.route("/admin/forms", chunkDHTCZZUB_cjs.adminFormsRoutes);
-  app2.route("/admin/settings", chunkDHTCZZUB_cjs.adminSettingsRoutes);
-  app2.route("/forms", chunkDHTCZZUB_cjs.public_forms_default);
-  app2.route("/api/forms", chunkDHTCZZUB_cjs.public_forms_default);
-  app2.route("/admin/api-reference", chunkDHTCZZUB_cjs.router2);
+  app2.route("/api", chunkDRWSHIFG_cjs.api_default);
+  app2.route("/api/media", chunkDRWSHIFG_cjs.api_media_default);
+  app2.route("/api/system", chunkDRWSHIFG_cjs.api_system_default);
+  app2.route("/admin/api", chunkDRWSHIFG_cjs.admin_api_default);
+  app2.route("/admin/dashboard", chunkDRWSHIFG_cjs.router);
+  app2.route("/admin/collections", chunkDRWSHIFG_cjs.adminCollectionsRoutes);
+  app2.route("/admin/forms", chunkDRWSHIFG_cjs.adminFormsRoutes);
+  app2.route("/admin/settings", chunkDRWSHIFG_cjs.adminSettingsRoutes);
+  app2.route("/forms", chunkDRWSHIFG_cjs.public_forms_default);
+  app2.route("/api/forms", chunkDRWSHIFG_cjs.public_forms_default);
+  app2.route("/admin/api-reference", chunkDRWSHIFG_cjs.router2);
   app2.route("/admin/database-tools", createDatabaseToolsAdminRoutes());
   app2.route("/admin/seed-data", createSeedDataAdminRoutes());
-  app2.route("/admin/content", chunkDHTCZZUB_cjs.admin_content_default);
-  app2.route("/admin/media", chunkDHTCZZUB_cjs.adminMediaRoutes);
+  app2.route("/admin/content", chunkDRWSHIFG_cjs.admin_content_default);
+  app2.route("/admin/media", chunkDRWSHIFG_cjs.adminMediaRoutes);
   app2.use("/auth/*", securityAuditMiddleware());
   if (securityAuditPlugin.routes && securityAuditPlugin.routes.length > 0) {
     for (const route of securityAuditPlugin.routes) {
@@ -8224,8 +8985,8 @@ function createSonicJSApp(config = {}) {
       app2.route(route.path, route.handler);
     }
   }
-  if (chunkDHTCZZUB_cjs.userProfilesPlugin.routes && chunkDHTCZZUB_cjs.userProfilesPlugin.routes.length > 0) {
-    for (const route of chunkDHTCZZUB_cjs.userProfilesPlugin.routes) {
+  if (chunkDRWSHIFG_cjs.userProfilesPlugin.routes && chunkDRWSHIFG_cjs.userProfilesPlugin.routes.length > 0) {
+    for (const route of chunkDRWSHIFG_cjs.userProfilesPlugin.routes) {
       app2.route(route.path, route.handler);
     }
   }
@@ -8234,11 +8995,16 @@ function createSonicJSApp(config = {}) {
       app2.route(route.path, route.handler);
     }
   }
-  app2.route("/admin/plugins", chunkDHTCZZUB_cjs.adminPluginRoutes);
-  app2.route("/admin/logs", chunkDHTCZZUB_cjs.adminLogsRoutes);
-  app2.route("/admin", chunkDHTCZZUB_cjs.userRoutes);
-  app2.route("/auth", chunkDHTCZZUB_cjs.auth_default);
-  app2.route("/", chunkDHTCZZUB_cjs.test_cleanup_default);
+  app2.route("/admin/plugins", chunkDRWSHIFG_cjs.adminPluginRoutes);
+  app2.route("/admin/logs", chunkDRWSHIFG_cjs.adminLogsRoutes);
+  app2.route("/admin", chunkDRWSHIFG_cjs.userRoutes);
+  app2.route("/auth", chunkDRWSHIFG_cjs.auth_default);
+  app2.route("/", chunkDRWSHIFG_cjs.test_cleanup_default);
+  if (stripePlugin.routes && stripePlugin.routes.length > 0) {
+    for (const route of stripePlugin.routes) {
+      app2.route(route.path, route.handler);
+    }
+  }
   if (emailPlugin.routes && emailPlugin.routes.length > 0) {
     for (const route of emailPlugin.routes) {
       app2.route(route.path, route.handler);
@@ -8322,99 +9088,99 @@ function createDb(d1$1) {
 }
 
 // src/index.ts
-var VERSION = chunkIKBAY2M2_cjs.package_default.version;
+var VERSION = chunkYULUPQZV_cjs.package_default.version;
 
 Object.defineProperty(exports, "ROUTES_INFO", {
   enumerable: true,
-  get: function () { return chunkDHTCZZUB_cjs.ROUTES_INFO; }
+  get: function () { return chunkDRWSHIFG_cjs.ROUTES_INFO; }
 });
 Object.defineProperty(exports, "adminApiRoutes", {
   enumerable: true,
-  get: function () { return chunkDHTCZZUB_cjs.admin_api_default; }
+  get: function () { return chunkDRWSHIFG_cjs.admin_api_default; }
 });
 Object.defineProperty(exports, "adminCheckboxRoutes", {
   enumerable: true,
-  get: function () { return chunkDHTCZZUB_cjs.adminCheckboxRoutes; }
+  get: function () { return chunkDRWSHIFG_cjs.adminCheckboxRoutes; }
 });
 Object.defineProperty(exports, "adminCodeExamplesRoutes", {
   enumerable: true,
-  get: function () { return chunkDHTCZZUB_cjs.admin_code_examples_default; }
+  get: function () { return chunkDRWSHIFG_cjs.admin_code_examples_default; }
 });
 Object.defineProperty(exports, "adminCollectionsRoutes", {
   enumerable: true,
-  get: function () { return chunkDHTCZZUB_cjs.adminCollectionsRoutes; }
+  get: function () { return chunkDRWSHIFG_cjs.adminCollectionsRoutes; }
 });
 Object.defineProperty(exports, "adminContentRoutes", {
   enumerable: true,
-  get: function () { return chunkDHTCZZUB_cjs.admin_content_default; }
+  get: function () { return chunkDRWSHIFG_cjs.admin_content_default; }
 });
 Object.defineProperty(exports, "adminDashboardRoutes", {
   enumerable: true,
-  get: function () { return chunkDHTCZZUB_cjs.router; }
+  get: function () { return chunkDRWSHIFG_cjs.router; }
 });
 Object.defineProperty(exports, "adminDesignRoutes", {
   enumerable: true,
-  get: function () { return chunkDHTCZZUB_cjs.adminDesignRoutes; }
+  get: function () { return chunkDRWSHIFG_cjs.adminDesignRoutes; }
 });
 Object.defineProperty(exports, "adminLogsRoutes", {
   enumerable: true,
-  get: function () { return chunkDHTCZZUB_cjs.adminLogsRoutes; }
+  get: function () { return chunkDRWSHIFG_cjs.adminLogsRoutes; }
 });
 Object.defineProperty(exports, "adminMediaRoutes", {
   enumerable: true,
-  get: function () { return chunkDHTCZZUB_cjs.adminMediaRoutes; }
+  get: function () { return chunkDRWSHIFG_cjs.adminMediaRoutes; }
 });
 Object.defineProperty(exports, "adminPluginRoutes", {
   enumerable: true,
-  get: function () { return chunkDHTCZZUB_cjs.adminPluginRoutes; }
+  get: function () { return chunkDRWSHIFG_cjs.adminPluginRoutes; }
 });
 Object.defineProperty(exports, "adminSettingsRoutes", {
   enumerable: true,
-  get: function () { return chunkDHTCZZUB_cjs.adminSettingsRoutes; }
+  get: function () { return chunkDRWSHIFG_cjs.adminSettingsRoutes; }
 });
 Object.defineProperty(exports, "adminTestimonialsRoutes", {
   enumerable: true,
-  get: function () { return chunkDHTCZZUB_cjs.admin_testimonials_default; }
+  get: function () { return chunkDRWSHIFG_cjs.admin_testimonials_default; }
 });
 Object.defineProperty(exports, "adminUsersRoutes", {
   enumerable: true,
-  get: function () { return chunkDHTCZZUB_cjs.userRoutes; }
+  get: function () { return chunkDRWSHIFG_cjs.userRoutes; }
 });
 Object.defineProperty(exports, "apiContentCrudRoutes", {
   enumerable: true,
-  get: function () { return chunkDHTCZZUB_cjs.api_content_crud_default; }
+  get: function () { return chunkDRWSHIFG_cjs.api_content_crud_default; }
 });
 Object.defineProperty(exports, "apiMediaRoutes", {
   enumerable: true,
-  get: function () { return chunkDHTCZZUB_cjs.api_media_default; }
+  get: function () { return chunkDRWSHIFG_cjs.api_media_default; }
 });
 Object.defineProperty(exports, "apiRoutes", {
   enumerable: true,
-  get: function () { return chunkDHTCZZUB_cjs.api_default; }
+  get: function () { return chunkDRWSHIFG_cjs.api_default; }
 });
 Object.defineProperty(exports, "apiSystemRoutes", {
   enumerable: true,
-  get: function () { return chunkDHTCZZUB_cjs.api_system_default; }
+  get: function () { return chunkDRWSHIFG_cjs.api_system_default; }
 });
 Object.defineProperty(exports, "authRoutes", {
   enumerable: true,
-  get: function () { return chunkDHTCZZUB_cjs.auth_default; }
+  get: function () { return chunkDRWSHIFG_cjs.auth_default; }
 });
 Object.defineProperty(exports, "createUserProfilesPlugin", {
   enumerable: true,
-  get: function () { return chunkDHTCZZUB_cjs.createUserProfilesPlugin; }
+  get: function () { return chunkDRWSHIFG_cjs.createUserProfilesPlugin; }
 });
 Object.defineProperty(exports, "defineUserProfile", {
   enumerable: true,
-  get: function () { return chunkDHTCZZUB_cjs.defineUserProfile; }
+  get: function () { return chunkDRWSHIFG_cjs.defineUserProfile; }
 });
 Object.defineProperty(exports, "getUserProfileConfig", {
   enumerable: true,
-  get: function () { return chunkDHTCZZUB_cjs.getUserProfileConfig; }
+  get: function () { return chunkDRWSHIFG_cjs.getUserProfileConfig; }
 });
 Object.defineProperty(exports, "userProfilesPlugin", {
   enumerable: true,
-  get: function () { return chunkDHTCZZUB_cjs.userProfilesPlugin; }
+  get: function () { return chunkDRWSHIFG_cjs.userProfilesPlugin; }
 });
 Object.defineProperty(exports, "Logger", {
   enumerable: true,
@@ -8582,83 +9348,83 @@ Object.defineProperty(exports, "workflowHistory", {
 });
 Object.defineProperty(exports, "AuthManager", {
   enumerable: true,
-  get: function () { return chunkHBUFGLEX_cjs.AuthManager; }
+  get: function () { return chunkYYMPHM3I_cjs.AuthManager; }
 });
 Object.defineProperty(exports, "PermissionManager", {
   enumerable: true,
-  get: function () { return chunkHBUFGLEX_cjs.PermissionManager; }
+  get: function () { return chunkYYMPHM3I_cjs.PermissionManager; }
 });
 Object.defineProperty(exports, "bootstrapMiddleware", {
   enumerable: true,
-  get: function () { return chunkHBUFGLEX_cjs.bootstrapMiddleware; }
+  get: function () { return chunkYYMPHM3I_cjs.bootstrapMiddleware; }
 });
 Object.defineProperty(exports, "cacheHeaders", {
   enumerable: true,
-  get: function () { return chunkHBUFGLEX_cjs.cacheHeaders; }
+  get: function () { return chunkYYMPHM3I_cjs.cacheHeaders; }
 });
 Object.defineProperty(exports, "compressionMiddleware", {
   enumerable: true,
-  get: function () { return chunkHBUFGLEX_cjs.compressionMiddleware; }
+  get: function () { return chunkYYMPHM3I_cjs.compressionMiddleware; }
 });
 Object.defineProperty(exports, "detailedLoggingMiddleware", {
   enumerable: true,
-  get: function () { return chunkHBUFGLEX_cjs.detailedLoggingMiddleware; }
+  get: function () { return chunkYYMPHM3I_cjs.detailedLoggingMiddleware; }
 });
 Object.defineProperty(exports, "getActivePlugins", {
   enumerable: true,
-  get: function () { return chunkHBUFGLEX_cjs.getActivePlugins; }
+  get: function () { return chunkYYMPHM3I_cjs.getActivePlugins; }
 });
 Object.defineProperty(exports, "isPluginActive", {
   enumerable: true,
-  get: function () { return chunkHBUFGLEX_cjs.isPluginActive; }
+  get: function () { return chunkYYMPHM3I_cjs.isPluginActive; }
 });
 Object.defineProperty(exports, "logActivity", {
   enumerable: true,
-  get: function () { return chunkHBUFGLEX_cjs.logActivity; }
+  get: function () { return chunkYYMPHM3I_cjs.logActivity; }
 });
 Object.defineProperty(exports, "loggingMiddleware", {
   enumerable: true,
-  get: function () { return chunkHBUFGLEX_cjs.loggingMiddleware; }
+  get: function () { return chunkYYMPHM3I_cjs.loggingMiddleware; }
 });
 Object.defineProperty(exports, "optionalAuth", {
   enumerable: true,
-  get: function () { return chunkHBUFGLEX_cjs.optionalAuth; }
+  get: function () { return chunkYYMPHM3I_cjs.optionalAuth; }
 });
 Object.defineProperty(exports, "performanceLoggingMiddleware", {
   enumerable: true,
-  get: function () { return chunkHBUFGLEX_cjs.performanceLoggingMiddleware; }
+  get: function () { return chunkYYMPHM3I_cjs.performanceLoggingMiddleware; }
 });
 Object.defineProperty(exports, "requireActivePlugin", {
   enumerable: true,
-  get: function () { return chunkHBUFGLEX_cjs.requireActivePlugin; }
+  get: function () { return chunkYYMPHM3I_cjs.requireActivePlugin; }
 });
 Object.defineProperty(exports, "requireActivePlugins", {
   enumerable: true,
-  get: function () { return chunkHBUFGLEX_cjs.requireActivePlugins; }
+  get: function () { return chunkYYMPHM3I_cjs.requireActivePlugins; }
 });
 Object.defineProperty(exports, "requireAnyPermission", {
   enumerable: true,
-  get: function () { return chunkHBUFGLEX_cjs.requireAnyPermission; }
+  get: function () { return chunkYYMPHM3I_cjs.requireAnyPermission; }
 });
 Object.defineProperty(exports, "requireAuth", {
   enumerable: true,
-  get: function () { return chunkHBUFGLEX_cjs.requireAuth; }
+  get: function () { return chunkYYMPHM3I_cjs.requireAuth; }
 });
 Object.defineProperty(exports, "requirePermission", {
   enumerable: true,
-  get: function () { return chunkHBUFGLEX_cjs.requirePermission; }
+  get: function () { return chunkYYMPHM3I_cjs.requirePermission; }
 });
 Object.defineProperty(exports, "requireRole", {
   enumerable: true,
-  get: function () { return chunkHBUFGLEX_cjs.requireRole; }
+  get: function () { return chunkYYMPHM3I_cjs.requireRole; }
 });
 Object.defineProperty(exports, "securityHeaders", {
   enumerable: true,
-  get: function () { return chunkHBUFGLEX_cjs.securityHeadersMiddleware; }
+  get: function () { return chunkYYMPHM3I_cjs.securityHeadersMiddleware; }
 });
 Object.defineProperty(exports, "securityLoggingMiddleware", {
   enumerable: true,
-  get: function () { return chunkHBUFGLEX_cjs.securityLoggingMiddleware; }
+  get: function () { return chunkYYMPHM3I_cjs.securityLoggingMiddleware; }
 });
 Object.defineProperty(exports, "PluginBootstrapService", {
   enumerable: true,
@@ -8742,39 +9508,39 @@ Object.defineProperty(exports, "validateCollectionConfig", {
 });
 Object.defineProperty(exports, "MigrationService", {
   enumerable: true,
-  get: function () { return chunkXK3TKOLQ_cjs.MigrationService; }
+  get: function () { return chunkKZ2MFGET_cjs.MigrationService; }
 });
 Object.defineProperty(exports, "renderFilterBar", {
   enumerable: true,
-  get: function () { return chunkRBXFXT7H_cjs.renderFilterBar; }
+  get: function () { return chunk3QCEYJLK_cjs.renderFilterBar; }
 });
 Object.defineProperty(exports, "getConfirmationDialogScript", {
   enumerable: true,
-  get: function () { return chunkH4NHRZ6Y_cjs.getConfirmationDialogScript; }
+  get: function () { return chunkQP3OHHON_cjs.getConfirmationDialogScript; }
 });
 Object.defineProperty(exports, "renderAlert", {
   enumerable: true,
-  get: function () { return chunkH4NHRZ6Y_cjs.renderAlert; }
+  get: function () { return chunkQP3OHHON_cjs.renderAlert; }
 });
 Object.defineProperty(exports, "renderConfirmationDialog", {
   enumerable: true,
-  get: function () { return chunkH4NHRZ6Y_cjs.renderConfirmationDialog; }
+  get: function () { return chunkQP3OHHON_cjs.renderConfirmationDialog; }
 });
 Object.defineProperty(exports, "renderForm", {
   enumerable: true,
-  get: function () { return chunkH4NHRZ6Y_cjs.renderForm; }
+  get: function () { return chunkQP3OHHON_cjs.renderForm; }
 });
 Object.defineProperty(exports, "renderFormField", {
   enumerable: true,
-  get: function () { return chunkH4NHRZ6Y_cjs.renderFormField; }
+  get: function () { return chunkQP3OHHON_cjs.renderFormField; }
 });
 Object.defineProperty(exports, "renderPagination", {
   enumerable: true,
-  get: function () { return chunkH4NHRZ6Y_cjs.renderPagination; }
+  get: function () { return chunkQP3OHHON_cjs.renderPagination; }
 });
 Object.defineProperty(exports, "renderTable", {
   enumerable: true,
-  get: function () { return chunkH4NHRZ6Y_cjs.renderTable; }
+  get: function () { return chunkQP3OHHON_cjs.renderTable; }
 });
 Object.defineProperty(exports, "HookSystemImpl", {
   enumerable: true,
@@ -8810,31 +9576,31 @@ Object.defineProperty(exports, "PluginHelpers", {
 });
 Object.defineProperty(exports, "QueryFilterBuilder", {
   enumerable: true,
-  get: function () { return chunkIKBAY2M2_cjs.QueryFilterBuilder; }
+  get: function () { return chunkYULUPQZV_cjs.QueryFilterBuilder; }
 });
 Object.defineProperty(exports, "SONICJS_VERSION", {
   enumerable: true,
-  get: function () { return chunkIKBAY2M2_cjs.SONICJS_VERSION; }
+  get: function () { return chunkYULUPQZV_cjs.SONICJS_VERSION; }
 });
 Object.defineProperty(exports, "TemplateRenderer", {
   enumerable: true,
-  get: function () { return chunkIKBAY2M2_cjs.TemplateRenderer; }
+  get: function () { return chunkYULUPQZV_cjs.TemplateRenderer; }
 });
 Object.defineProperty(exports, "buildQuery", {
   enumerable: true,
-  get: function () { return chunkIKBAY2M2_cjs.buildQuery; }
+  get: function () { return chunkYULUPQZV_cjs.buildQuery; }
 });
 Object.defineProperty(exports, "getCoreVersion", {
   enumerable: true,
-  get: function () { return chunkIKBAY2M2_cjs.getCoreVersion; }
+  get: function () { return chunkYULUPQZV_cjs.getCoreVersion; }
 });
 Object.defineProperty(exports, "renderTemplate", {
   enumerable: true,
-  get: function () { return chunkIKBAY2M2_cjs.renderTemplate; }
+  get: function () { return chunkYULUPQZV_cjs.renderTemplate; }
 });
 Object.defineProperty(exports, "templateRenderer", {
   enumerable: true,
-  get: function () { return chunkIKBAY2M2_cjs.templateRenderer; }
+  get: function () { return chunkYULUPQZV_cjs.templateRenderer; }
 });
 Object.defineProperty(exports, "metricsTracker", {
   enumerable: true,