@sonicjs-cms/core 2.19.0 → 3.0.0-beta.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (230) hide show
  1. package/README.md +52 -52
  2. package/dist/admin-documents-form.template-DDSH6ROU.js +6 -0
  3. package/dist/{admin-layout-catalyst.template-UMTIN66R.js.map → admin-documents-form.template-DDSH6ROU.js.map} +1 -1
  4. package/dist/admin-documents-form.template-LSZKGA5J.cjs +19 -0
  5. package/dist/{admin-layout-catalyst.template-HFD37TY5.cjs.map → admin-documents-form.template-LSZKGA5J.cjs.map} +1 -1
  6. package/dist/{filter-bar.template-DlVYMk-T.d.cts → admin-layout-catalyst.template-DrwDUfsE.d.cts} +25 -1
  7. package/dist/{filter-bar.template-DlVYMk-T.d.ts → admin-layout-catalyst.template-DrwDUfsE.d.ts} +25 -1
  8. package/dist/admin-layout-catalyst.template-KDHKVLXR.cjs +21 -0
  9. package/dist/admin-layout-catalyst.template-KDHKVLXR.cjs.map +1 -0
  10. package/dist/admin-layout-catalyst.template-YQ4EMF2J.js +7 -0
  11. package/dist/admin-layout-catalyst.template-YQ4EMF2J.js.map +1 -0
  12. package/dist/app-Bo0X1OWX.d.ts +1268 -0
  13. package/dist/app-Do66yCcV.d.cts +1268 -0
  14. package/dist/cache-DDARE4QE.js +4 -0
  15. package/dist/cache-DDARE4QE.js.map +1 -0
  16. package/dist/cache-LVYS4BPL.cjs +33 -0
  17. package/dist/cache-LVYS4BPL.cjs.map +1 -0
  18. package/dist/chunk-2CB4KY7I.cjs +771 -0
  19. package/dist/chunk-2CB4KY7I.cjs.map +1 -0
  20. package/dist/{chunk-ABB34XUS.cjs → chunk-3KYKEXV7.cjs} +667 -19
  21. package/dist/chunk-3KYKEXV7.cjs.map +1 -0
  22. package/dist/chunk-4BTBSXMR.cjs +912 -0
  23. package/dist/chunk-4BTBSXMR.cjs.map +1 -0
  24. package/dist/{chunk-55RDMDOP.js → chunk-5V62WT6M.js} +181 -57
  25. package/dist/chunk-5V62WT6M.js.map +1 -0
  26. package/dist/{chunk-OCL3HMEG.js → chunk-6OC6MF3C.js} +7004 -9807
  27. package/dist/chunk-6OC6MF3C.js.map +1 -0
  28. package/dist/chunk-AI663NBO.js +821 -0
  29. package/dist/chunk-AI663NBO.js.map +1 -0
  30. package/dist/chunk-ALDRXTUO.js +273 -0
  31. package/dist/chunk-ALDRXTUO.js.map +1 -0
  32. package/dist/{chunk-TFNTM3OA.js → chunk-ATUPB6MN.js} +645 -15
  33. package/dist/chunk-ATUPB6MN.js.map +1 -0
  34. package/dist/chunk-BLMTL57B.js +767 -0
  35. package/dist/chunk-BLMTL57B.js.map +1 -0
  36. package/dist/{chunk-4ZSNJDLS.cjs → chunk-CRGUD4KC.cjs} +9 -9
  37. package/dist/chunk-CRGUD4KC.cjs.map +1 -0
  38. package/dist/chunk-F67UK75A.cjs +158 -0
  39. package/dist/chunk-F67UK75A.cjs.map +1 -0
  40. package/dist/chunk-GCDZZNIN.js +192 -0
  41. package/dist/chunk-GCDZZNIN.js.map +1 -0
  42. package/dist/chunk-HIKBY7MS.cjs +70 -0
  43. package/dist/chunk-HIKBY7MS.cjs.map +1 -0
  44. package/dist/{chunk-4NPCDK6B.js → chunk-IDCZBF35.js} +557 -90
  45. package/dist/chunk-IDCZBF35.js.map +1 -0
  46. package/dist/chunk-IESEVHXL.js +66 -0
  47. package/dist/chunk-IESEVHXL.js.map +1 -0
  48. package/dist/chunk-IGADDMXH.js +387 -0
  49. package/dist/chunk-IGADDMXH.js.map +1 -0
  50. package/dist/chunk-IHTXB7AT.cjs +276 -0
  51. package/dist/chunk-IHTXB7AT.cjs.map +1 -0
  52. package/dist/chunk-IVPRUGTY.js +242 -0
  53. package/dist/chunk-IVPRUGTY.js.map +1 -0
  54. package/dist/{chunk-JZVHLLSI.cjs → chunk-IXUHXTHW.cjs} +2 -151
  55. package/dist/chunk-IXUHXTHW.cjs.map +1 -0
  56. package/dist/chunk-J6JTWD2A.cjs +100 -0
  57. package/dist/chunk-J6JTWD2A.cjs.map +1 -0
  58. package/dist/chunk-JEQ7FLOD.cjs +199 -0
  59. package/dist/chunk-JEQ7FLOD.cjs.map +1 -0
  60. package/dist/{chunk-ON5ZMSU4.js → chunk-JQISFW6U.js} +3 -3
  61. package/dist/chunk-JQISFW6U.js.map +1 -0
  62. package/dist/chunk-K25XHMM3.js +566 -0
  63. package/dist/chunk-K25XHMM3.js.map +1 -0
  64. package/dist/{chunk-UYJ6TJHX.cjs → chunk-K623Q6WD.cjs} +181 -56
  65. package/dist/chunk-K623Q6WD.cjs.map +1 -0
  66. package/dist/{chunk-7A4CB7T3.cjs → chunk-MUNO67TT.cjs} +561 -91
  67. package/dist/chunk-MUNO67TT.cjs.map +1 -0
  68. package/dist/chunk-N32OWET6.cjs +327 -0
  69. package/dist/chunk-N32OWET6.cjs.map +1 -0
  70. package/dist/chunk-NUKJ54GA.cjs +245 -0
  71. package/dist/chunk-NUKJ54GA.cjs.map +1 -0
  72. package/dist/{chunk-XWIA3HVX.js → chunk-OBA2RYZN.js} +6 -1249
  73. package/dist/chunk-OBA2RYZN.js.map +1 -0
  74. package/dist/chunk-PMGOBS6X.cjs +408 -0
  75. package/dist/chunk-PMGOBS6X.cjs.map +1 -0
  76. package/dist/{chunk-OHYBNCVL.cjs → chunk-PXNTCCPE.cjs} +10 -1256
  77. package/dist/chunk-PXNTCCPE.cjs.map +1 -0
  78. package/dist/chunk-PYVFXCSD.js +1828 -0
  79. package/dist/chunk-PYVFXCSD.js.map +1 -0
  80. package/dist/{chunk-BU7SFHGP.js → chunk-QZGABF2M.js} +3 -149
  81. package/dist/chunk-QZGABF2M.js.map +1 -0
  82. package/dist/{chunk-E4YFJBM2.cjs → chunk-R4ILO3W6.cjs} +876 -829
  83. package/dist/chunk-R4ILO3W6.cjs.map +1 -0
  84. package/dist/chunk-RMRJGMDE.js +323 -0
  85. package/dist/chunk-RMRJGMDE.js.map +1 -0
  86. package/dist/chunk-RNZFGN4R.js +88 -0
  87. package/dist/chunk-RNZFGN4R.js.map +1 -0
  88. package/dist/chunk-RQ6N3FTV.js +900 -0
  89. package/dist/chunk-RQ6N3FTV.js.map +1 -0
  90. package/dist/{chunk-R4FOLLFB.cjs → chunk-TO6EY4P7.cjs} +8730 -11520
  91. package/dist/chunk-TO6EY4P7.cjs.map +1 -0
  92. package/dist/chunk-V464XBYS.js +154 -0
  93. package/dist/chunk-V464XBYS.js.map +1 -0
  94. package/dist/chunk-YA3TJ65D.cjs +575 -0
  95. package/dist/chunk-YA3TJ65D.cjs.map +1 -0
  96. package/dist/chunk-YP7GW2G5.cjs +866 -0
  97. package/dist/chunk-YP7GW2G5.cjs.map +1 -0
  98. package/dist/{collection-config-B4PG-AaF.d.cts → collection-config-JgHOpFCG.d.cts} +30 -2
  99. package/dist/{collection-config-B4PG-AaF.d.ts → collection-config-JgHOpFCG.d.ts} +30 -2
  100. package/dist/config-HFXANXCC.js +6 -0
  101. package/dist/config-HFXANXCC.js.map +1 -0
  102. package/dist/config-ON6FNMYX.cjs +19 -0
  103. package/dist/config-ON6FNMYX.cjs.map +1 -0
  104. package/dist/define-plugin-BzNHc1ZI.d.ts +1321 -0
  105. package/dist/define-plugin-IWDKYaVm.d.cts +1321 -0
  106. package/dist/document-projection-TDWRJX3Z.cjs +13 -0
  107. package/dist/document-projection-TDWRJX3Z.cjs.map +1 -0
  108. package/dist/document-projection-YYMC6I4U.js +4 -0
  109. package/dist/document-projection-YYMC6I4U.js.map +1 -0
  110. package/dist/index.cjs +13736 -4326
  111. package/dist/index.cjs.map +1 -1
  112. package/dist/index.d.cts +331 -493
  113. package/dist/index.d.ts +331 -493
  114. package/dist/index.js +13455 -4067
  115. package/dist/index.js.map +1 -1
  116. package/dist/middleware.cjs +38 -32
  117. package/dist/middleware.d.cts +50 -7
  118. package/dist/middleware.d.ts +50 -7
  119. package/dist/middleware.js +9 -3
  120. package/dist/migrations-2XHQEGOQ.cjs +13 -0
  121. package/dist/{migrations-566IIPS2.cjs.map → migrations-2XHQEGOQ.cjs.map} +1 -1
  122. package/dist/migrations-PE3CDVSM.js +4 -0
  123. package/dist/{migrations-H5IXZNCO.js.map → migrations-PE3CDVSM.js.map} +1 -1
  124. package/dist/{plugin-bootstrap-DfVerYV4.d.cts → plugin-bootstrap-B8ThJU21.d.cts} +4315 -1661
  125. package/dist/{plugin-bootstrap-P_ciLp_C.d.ts → plugin-bootstrap-qu8hJgUt.d.ts} +4315 -1661
  126. package/dist/plugins.cjs +171 -12
  127. package/dist/plugins.d.cts +36 -2
  128. package/dist/plugins.d.ts +36 -2
  129. package/dist/plugins.js +5 -2
  130. package/dist/rbac-O73MFKDA.js +5 -0
  131. package/dist/rbac-O73MFKDA.js.map +1 -0
  132. package/dist/rbac-VONLJJKB.cjs +14 -0
  133. package/dist/rbac-VONLJJKB.cjs.map +1 -0
  134. package/dist/routes.cjs +42 -46
  135. package/dist/routes.d.cts +56 -146
  136. package/dist/routes.d.ts +56 -146
  137. package/dist/routes.js +18 -10
  138. package/dist/services.cjs +43 -76
  139. package/dist/services.d.cts +93 -55
  140. package/dist/services.d.ts +93 -55
  141. package/dist/services.js +6 -3
  142. package/dist/{telemetry-B9vIV4wh.d.cts → telemetry-Cku1ax74.d.cts} +1 -1
  143. package/dist/{telemetry-B9vIV4wh.d.ts → telemetry-Cku1ax74.d.ts} +1 -1
  144. package/dist/templates.cjs +17 -29
  145. package/dist/templates.d.cts +2 -89
  146. package/dist/templates.d.ts +2 -89
  147. package/dist/templates.js +3 -3
  148. package/dist/types-Dea1eNxU.d.cts +286 -0
  149. package/dist/types-Dea1eNxU.d.ts +286 -0
  150. package/dist/types.d.cts +2 -2
  151. package/dist/types.d.ts +2 -2
  152. package/dist/utils.cjs +21 -20
  153. package/dist/utils.d.cts +2 -2
  154. package/dist/utils.d.ts +2 -2
  155. package/dist/utils.js +3 -2
  156. package/migrations/0001_core.sql +184 -0
  157. package/migrations/0002_documents.sql +163 -0
  158. package/package.json +12 -7
  159. package/dist/admin-layout-catalyst.template-HFD37TY5.cjs +0 -17
  160. package/dist/admin-layout-catalyst.template-UMTIN66R.js +0 -7
  161. package/dist/app-C9esKLmh.d.cts +0 -112
  162. package/dist/app-C9esKLmh.d.ts +0 -112
  163. package/dist/chunk-4NPCDK6B.js.map +0 -1
  164. package/dist/chunk-4ZSNJDLS.cjs.map +0 -1
  165. package/dist/chunk-55RDMDOP.js.map +0 -1
  166. package/dist/chunk-635JAMSE.cjs +0 -653
  167. package/dist/chunk-635JAMSE.cjs.map +0 -1
  168. package/dist/chunk-7A4CB7T3.cjs.map +0 -1
  169. package/dist/chunk-ABB34XUS.cjs.map +0 -1
  170. package/dist/chunk-BU7SFHGP.js.map +0 -1
  171. package/dist/chunk-E4YFJBM2.cjs.map +0 -1
  172. package/dist/chunk-EXNEW5US.js +0 -648
  173. package/dist/chunk-EXNEW5US.js.map +0 -1
  174. package/dist/chunk-JZV22DEV.js +0 -1783
  175. package/dist/chunk-JZV22DEV.js.map +0 -1
  176. package/dist/chunk-JZVHLLSI.cjs.map +0 -1
  177. package/dist/chunk-OCL3HMEG.js.map +0 -1
  178. package/dist/chunk-OHYBNCVL.cjs.map +0 -1
  179. package/dist/chunk-ON5ZMSU4.js.map +0 -1
  180. package/dist/chunk-QFWHAFEO.js +0 -1843
  181. package/dist/chunk-QFWHAFEO.js.map +0 -1
  182. package/dist/chunk-R4FOLLFB.cjs.map +0 -1
  183. package/dist/chunk-RLMUFFUD.cjs +0 -2219
  184. package/dist/chunk-RLMUFFUD.cjs.map +0 -1
  185. package/dist/chunk-TFNTM3OA.js.map +0 -1
  186. package/dist/chunk-UYJ6TJHX.cjs.map +0 -1
  187. package/dist/chunk-WAEQXGCX.cjs +0 -1898
  188. package/dist/chunk-WAEQXGCX.cjs.map +0 -1
  189. package/dist/chunk-XWIA3HVX.js.map +0 -1
  190. package/dist/chunk-ZYAYUIZE.js +0 -2217
  191. package/dist/chunk-ZYAYUIZE.js.map +0 -1
  192. package/dist/migrations-566IIPS2.cjs +0 -13
  193. package/dist/migrations-H5IXZNCO.js +0 -4
  194. package/dist/plugin-manager-BoM3Q7o7.d.cts +0 -328
  195. package/dist/plugin-manager-Efx9RyDX.d.ts +0 -328
  196. package/migrations/001_initial_schema.sql +0 -170
  197. package/migrations/002_faq_plugin.sql +0 -86
  198. package/migrations/003_stage5_enhancements.sql +0 -121
  199. package/migrations/004_stage6_user_management.sql +0 -183
  200. package/migrations/005_stage7_workflow_automation.sql +0 -294
  201. package/migrations/006_plugin_system.sql +0 -155
  202. package/migrations/007_demo_login_plugin.sql +0 -23
  203. package/migrations/008_fix_slug_validation.sql +0 -22
  204. package/migrations/009_system_logging.sql +0 -57
  205. package/migrations/011_config_managed_collections.sql +0 -15
  206. package/migrations/012_testimonials_plugin.sql +0 -80
  207. package/migrations/013_code_examples_plugin.sql +0 -177
  208. package/migrations/014_fix_plugin_registry.sql +0 -88
  209. package/migrations/015_add_remaining_plugins.sql +0 -89
  210. package/migrations/016_remove_duplicate_cache_plugin.sql +0 -17
  211. package/migrations/017_auth_configurable_fields.sql +0 -49
  212. package/migrations/018_settings_table.sql +0 -23
  213. package/migrations/019_remove_blog_posts_collection.sql +0 -15
  214. package/migrations/020_add_email_plugin.sql +0 -22
  215. package/migrations/021_add_magic_link_auth_plugin.sql +0 -42
  216. package/migrations/022_add_tinymce_plugin.sql +0 -25
  217. package/migrations/023_add_easy_mdx_plugin.sql +0 -25
  218. package/migrations/024_add_quill_editor_plugin.sql +0 -25
  219. package/migrations/025_add_easymde_plugin.sql +0 -25
  220. package/migrations/026_add_otp_login.sql +0 -42
  221. package/migrations/027_fix_slug_field_type.sql +0 -18
  222. package/migrations/028_fix_slug_field_type_in_schemas.sql +0 -30
  223. package/migrations/029_add_forms_system.sql +0 -184
  224. package/migrations/030_add_turnstile_to_forms.sql +0 -14
  225. package/migrations/031_ai_search_plugin.sql +0 -45
  226. package/migrations/032_user_profiles.sql +0 -37
  227. package/migrations/033_form_content_integration.sql +0 -19
  228. package/migrations/034_security_audit_plugin.sql +0 -27
  229. package/migrations/035_user_profiles_data_column.sql +0 -16
  230. package/migrations/036_analytics_events.sql +0 -22
package/dist/app-Bo0X1OWX.d.ts ADDED
@@ -0,0 +1,1268 @@
1
+ import * as better_auth_client from 'better-auth/client';
2
+ import * as better_auth_plugins_email_otp from 'better-auth/plugins/email-otp';
3
+ import * as better_auth from 'better-auth';
4
+ import * as better_auth_plugins_magic_link from 'better-auth/plugins/magic-link';
5
+ import * as better_call from 'better-call';
6
+ import * as zod_v4_core from 'zod/v4/core';
7
+ import * as zod from 'zod';
8
+ import { z } from 'zod';
9
+ import { i as HookSystemLike, E as EmailProvider } from './types-Dea1eNxU.js';
10
+ import { Hono, MiddlewareHandler, Context } from 'hono';
11
+ import { D1Database, KVNamespace, R2Bucket } from '@cloudflare/workers-types';
12
+
13
+ /**
14
+ * Build the default Better Auth options used by SonicJS (through the CF shim).
15
+ * Exported so apps can extend via config.auth.extendBetterAuth.
16
+ */
17
+ declare function getDefaultAuthOptions(env: Bindings, requestBaseURL?: string): {
18
+ plugins: ({
19
+ id: "magic-link";
20
+ version: string;
21
+ endpoints: {
22
+ signInMagicLink: better_call.StrictEndpoint<"/sign-in/magic-link", {
23
+ method: "POST";
24
+ requireHeaders: true;
25
+ body: zod.ZodObject<{
26
+ email: zod.ZodEmail;
27
+ name: zod.ZodOptional<zod.ZodString>;
28
+ callbackURL: zod.ZodOptional<zod.ZodString>;
29
+ newUserCallbackURL: zod.ZodOptional<zod.ZodString>;
30
+ errorCallbackURL: zod.ZodOptional<zod.ZodString>;
31
+ metadata: zod.ZodOptional<zod.ZodRecord<zod.ZodString, zod.ZodAny>>;
32
+ }, zod_v4_core.$strip>;
33
+ metadata: {
34
+ openapi: {
35
+ operationId: string;
36
+ description: string;
37
+ responses: {
38
+ 200: {
39
+ description: string;
40
+ content: {
41
+ "application/json": {
42
+ schema: {
43
+ type: "object";
44
+ properties: {
45
+ status: {
46
+ type: string;
47
+ };
48
+ };
49
+ };
50
+ };
51
+ };
52
+ };
53
+ };
54
+ };
55
+ };
56
+ }, {
57
+ status: boolean;
58
+ }>;
59
+ magicLinkVerify: better_call.StrictEndpoint<"/magic-link/verify", {
60
+ method: "GET";
61
+ query: zod.ZodObject<{
62
+ token: zod.ZodString;
63
+ callbackURL: zod.ZodOptional<zod.ZodString>;
64
+ errorCallbackURL: zod.ZodOptional<zod.ZodString>;
65
+ newUserCallbackURL: zod.ZodOptional<zod.ZodString>;
66
+ }, zod_v4_core.$strip>;
67
+ use: ((inputContext: better_call.MiddlewareInputContext<better_call.MiddlewareOptions>) => Promise<void>)[];
68
+ requireHeaders: true;
69
+ metadata: {
70
+ openapi: {
71
+ operationId: string;
72
+ description: string;
73
+ responses: {
74
+ 200: {
75
+ description: string;
76
+ content: {
77
+ "application/json": {
78
+ schema: {
79
+ type: "object";
80
+ properties: {
81
+ session: {
82
+ $ref: string;
83
+ };
84
+ user: {
85
+ $ref: string;
86
+ };
87
+ };
88
+ };
89
+ };
90
+ };
91
+ };
92
+ };
93
+ };
94
+ };
95
+ }, {
96
+ token: string;
97
+ user: {
98
+ id: string;
99
+ createdAt: Date;
100
+ updatedAt: Date;
101
+ email: string;
102
+ emailVerified: boolean;
103
+ name: string;
104
+ image?: string | null | undefined;
105
+ };
106
+ session: {
107
+ id: string;
108
+ createdAt: Date;
109
+ updatedAt: Date;
110
+ userId: string;
111
+ expiresAt: Date;
112
+ token: string;
113
+ ipAddress?: string | null | undefined;
114
+ userAgent?: string | null | undefined;
115
+ };
116
+ }>;
117
+ };
118
+ rateLimit: {
119
+ pathMatcher(path: string): boolean;
120
+ window: number;
121
+ max: number;
122
+ }[];
123
+ options: better_auth_plugins_magic_link.MagicLinkOptions;
124
+ } | {
125
+ id: "email-otp";
126
+ version: string;
127
+ init(ctx: better_auth.AuthContext): {
128
+ options: {
129
+ emailVerification: {
130
+ sendVerificationEmail(data: {
131
+ user: better_auth.User;
132
+ url: string;
133
+ token: string;
134
+ }, request: Request | undefined): Promise<void>;
135
+ };
136
+ };
137
+ } | undefined;
138
+ endpoints: {
139
+ sendVerificationOTP: better_call.StrictEndpoint<"/email-otp/send-verification-otp", {
140
+ method: "POST";
141
+ body: zod.ZodObject<{
142
+ email: zod.ZodString;
143
+ type: zod.ZodEnum<{
144
+ "sign-in": "sign-in";
145
+ "change-email": "change-email";
146
+ "email-verification": "email-verification";
147
+ "forget-password": "forget-password";
148
+ }>;
149
+ }, zod_v4_core.$strip>;
150
+ metadata: {
151
+ openapi: {
152
+ operationId: string;
153
+ description: string;
154
+ responses: {
155
+ 200: {
156
+ description: string;
157
+ content: {
158
+ "application/json": {
159
+ schema: {
160
+ type: "object";
161
+ properties: {
162
+ success: {
163
+ type: string;
164
+ };
165
+ };
166
+ };
167
+ };
168
+ };
169
+ };
170
+ };
171
+ };
172
+ };
173
+ }, {
174
+ success: boolean;
175
+ }>;
176
+ createVerificationOTP: better_call.StrictEndpoint<string, {
177
+ method: "POST";
178
+ body: zod.ZodObject<{
179
+ email: zod.ZodString;
180
+ type: zod.ZodEnum<{
181
+ "sign-in": "sign-in";
182
+ "change-email": "change-email";
183
+ "email-verification": "email-verification";
184
+ "forget-password": "forget-password";
185
+ }>;
186
+ }, zod_v4_core.$strip>;
187
+ metadata: {
188
+ openapi: {
189
+ operationId: string;
190
+ description: string;
191
+ responses: {
192
+ 200: {
193
+ description: string;
194
+ content: {
195
+ "application/json": {
196
+ schema: {
197
+ type: "string";
198
+ };
199
+ };
200
+ };
201
+ };
202
+ };
203
+ };
204
+ };
205
+ }, string>;
206
+ getVerificationOTP: better_call.StrictEndpoint<string, {
207
+ method: "GET";
208
+ query: zod.ZodObject<{
209
+ email: zod.ZodString;
210
+ type: zod.ZodEnum<{
211
+ "sign-in": "sign-in";
212
+ "change-email": "change-email";
213
+ "email-verification": "email-verification";
214
+ "forget-password": "forget-password";
215
+ }>;
216
+ }, zod_v4_core.$strip>;
217
+ metadata: {
218
+ openapi: {
219
+ operationId: string;
220
+ description: string;
221
+ responses: {
222
+ "200": {
223
+ description: string;
224
+ content: {
225
+ "application/json": {
226
+ schema: {
227
+ type: "object";
228
+ properties: {
229
+ otp: {
230
+ type: string;
231
+ nullable: boolean;
232
+ description: string;
233
+ };
234
+ };
235
+ required: string[];
236
+ };
237
+ };
238
+ };
239
+ };
240
+ };
241
+ };
242
+ };
243
+ }, {
244
+ otp: null;
245
+ } | {
246
+ otp: string;
247
+ }>;
248
+ checkVerificationOTP: better_call.StrictEndpoint<"/email-otp/check-verification-otp", {
249
+ method: "POST";
250
+ body: zod.ZodObject<{
251
+ email: zod.ZodString;
252
+ type: zod.ZodEnum<{
253
+ "sign-in": "sign-in";
254
+ "change-email": "change-email";
255
+ "email-verification": "email-verification";
256
+ "forget-password": "forget-password";
257
+ }>;
258
+ otp: zod.ZodString;
259
+ }, zod_v4_core.$strip>;
260
+ metadata: {
261
+ openapi: {
262
+ operationId: string;
263
+ description: string;
264
+ responses: {
265
+ 200: {
266
+ description: string;
267
+ content: {
268
+ "application/json": {
269
+ schema: {
270
+ type: "object";
271
+ properties: {
272
+ success: {
273
+ type: string;
274
+ };
275
+ };
276
+ };
277
+ };
278
+ };
279
+ };
280
+ };
281
+ };
282
+ };
283
+ }, {
284
+ success: boolean;
285
+ }>;
286
+ verifyEmailOTP: better_call.StrictEndpoint<"/email-otp/verify-email", {
287
+ method: "POST";
288
+ body: zod.ZodObject<{
289
+ email: zod.ZodString;
290
+ otp: zod.ZodString;
291
+ }, zod_v4_core.$strip>;
292
+ metadata: {
293
+ openapi: {
294
+ description: string;
295
+ responses: {
296
+ 200: {
297
+ description: string;
298
+ content: {
299
+ "application/json": {
300
+ schema: {
301
+ type: "object";
302
+ properties: {
303
+ status: {
304
+ type: string;
305
+ description: string;
306
+ enum: boolean[];
307
+ };
308
+ token: {
309
+ type: string;
310
+ nullable: boolean;
311
+ description: string;
312
+ };
313
+ user: {
314
+ $ref: string;
315
+ };
316
+ };
317
+ required: string[];
318
+ };
319
+ };
320
+ };
321
+ };
322
+ };
323
+ };
324
+ };
325
+ }, {
326
+ status: boolean;
327
+ token: string;
328
+ user: {
329
+ id: string;
330
+ createdAt: Date;
331
+ updatedAt: Date;
332
+ email: string;
333
+ emailVerified: boolean;
334
+ name: string;
335
+ image?: string | null | undefined;
336
+ } & Record<string, any>;
337
+ } | {
338
+ status: boolean;
339
+ token: null;
340
+ user: {
341
+ id: string;
342
+ createdAt: Date;
343
+ updatedAt: Date;
344
+ email: string;
345
+ emailVerified: boolean;
346
+ name: string;
347
+ image?: string | null | undefined;
348
+ } & Record<string, any>;
349
+ }>;
350
+ signInEmailOTP: better_call.StrictEndpoint<"/sign-in/email-otp", {
351
+ method: "POST";
352
+ body: zod.ZodIntersection<zod.ZodObject<{
353
+ email: zod.ZodString;
354
+ otp: zod.ZodString;
355
+ name: zod.ZodOptional<zod.ZodString>;
356
+ image: zod.ZodOptional<zod.ZodString>;
357
+ }, zod_v4_core.$strip>, zod.ZodRecord<zod.ZodString, zod.ZodAny>>;
358
+ metadata: {
359
+ openapi: {
360
+ operationId: string;
361
+ description: string;
362
+ responses: {
363
+ 200: {
364
+ description: string;
365
+ content: {
366
+ "application/json": {
367
+ schema: {
368
+ type: "object";
369
+ properties: {
370
+ token: {
371
+ type: string;
372
+ description: string;
373
+ };
374
+ user: {
375
+ $ref: string;
376
+ };
377
+ };
378
+ required: string[];
379
+ };
380
+ };
381
+ };
382
+ };
383
+ };
384
+ };
385
+ };
386
+ }, {
387
+ token: string;
388
+ user: {
389
+ id: string;
390
+ createdAt: Date;
391
+ updatedAt: Date;
392
+ email: string;
393
+ emailVerified: boolean;
394
+ name: string;
395
+ image?: string | null | undefined;
396
+ };
397
+ }>;
398
+ requestPasswordResetEmailOTP: better_call.StrictEndpoint<"/email-otp/request-password-reset", {
399
+ method: "POST";
400
+ body: zod.ZodObject<{
401
+ email: zod.ZodString;
402
+ }, zod_v4_core.$strip>;
403
+ metadata: {
404
+ openapi: {
405
+ operationId: string;
406
+ description: string;
407
+ responses: {
408
+ 200: {
409
+ description: string;
410
+ content: {
411
+ "application/json": {
412
+ schema: {
413
+ type: "object";
414
+ properties: {
415
+ success: {
416
+ type: string;
417
+ description: string;
418
+ };
419
+ };
420
+ };
421
+ };
422
+ };
423
+ };
424
+ };
425
+ };
426
+ };
427
+ }, {
428
+ success: boolean;
429
+ }>;
430
+ forgetPasswordEmailOTP: better_call.StrictEndpoint<"/forget-password/email-otp", {
431
+ method: "POST";
432
+ body: zod.ZodObject<{
433
+ email: zod.ZodString;
434
+ }, zod_v4_core.$strip>;
435
+ metadata: {
436
+ openapi: {
437
+ operationId: string;
438
+ description: string;
439
+ responses: {
440
+ 200: {
441
+ description: string;
442
+ content: {
443
+ "application/json": {
444
+ schema: {
445
+ type: "object";
446
+ properties: {
447
+ success: {
448
+ type: string;
449
+ description: string;
450
+ };
451
+ };
452
+ };
453
+ };
454
+ };
455
+ };
456
+ };
457
+ };
458
+ };
459
+ }, {
460
+ success: boolean;
461
+ }>;
462
+ resetPasswordEmailOTP: better_call.StrictEndpoint<"/email-otp/reset-password", {
463
+ method: "POST";
464
+ body: zod.ZodObject<{
465
+ email: zod.ZodString;
466
+ otp: zod.ZodString;
467
+ password: zod.ZodString;
468
+ }, zod_v4_core.$strip>;
469
+ metadata: {
470
+ openapi: {
471
+ operationId: string;
472
+ description: string;
473
+ responses: {
474
+ 200: {
475
+ description: string;
476
+ content: {
477
+ "application/json": {
478
+ schema: {
479
+ type: "object";
480
+ properties: {
481
+ success: {
482
+ type: string;
483
+ };
484
+ };
485
+ };
486
+ };
487
+ };
488
+ };
489
+ };
490
+ };
491
+ };
492
+ }, {
493
+ success: boolean;
494
+ }>;
495
+ requestEmailChangeEmailOTP: better_call.StrictEndpoint<"/email-otp/request-email-change", {
496
+ method: "POST";
497
+ body: zod.ZodObject<{
498
+ newEmail: zod.ZodString;
499
+ otp: zod.ZodOptional<zod.ZodString>;
500
+ }, zod_v4_core.$strip>;
501
+ use: ((inputContext: better_call.MiddlewareInputContext<better_call.MiddlewareOptions>) => Promise<{
502
+ session: {
503
+ session: Record<string, any> & {
504
+ id: string;
505
+ createdAt: Date;
506
+ updatedAt: Date;
507
+ userId: string;
508
+ expiresAt: Date;
509
+ token: string;
510
+ ipAddress?: string | null | undefined;
511
+ userAgent?: string | null | undefined;
512
+ };
513
+ user: Record<string, any> & {
514
+ id: string;
515
+ createdAt: Date;
516
+ updatedAt: Date;
517
+ email: string;
518
+ emailVerified: boolean;
519
+ name: string;
520
+ image?: string | null | undefined;
521
+ };
522
+ };
523
+ }>)[];
524
+ metadata: {
525
+ openapi: {
526
+ operationId: string;
527
+ description: string;
528
+ responses: {
529
+ 200: {
530
+ description: string;
531
+ content: {
532
+ "application/json": {
533
+ schema: {
534
+ type: "object";
535
+ properties: {
536
+ success: {
537
+ type: string;
538
+ };
539
+ };
540
+ };
541
+ };
542
+ };
543
+ };
544
+ };
545
+ };
546
+ };
547
+ }, {
548
+ success: boolean;
549
+ }>;
550
+ changeEmailEmailOTP: better_call.StrictEndpoint<"/email-otp/change-email", {
551
+ method: "POST";
552
+ body: zod.ZodObject<{
553
+ newEmail: zod.ZodString;
554
+ otp: zod.ZodString;
555
+ }, zod_v4_core.$strip>;
556
+ use: ((inputContext: better_call.MiddlewareInputContext<better_call.MiddlewareOptions>) => Promise<{
557
+ session: {
558
+ session: Record<string, any> & {
559
+ id: string;
560
+ createdAt: Date;
561
+ updatedAt: Date;
562
+ userId: string;
563
+ expiresAt: Date;
564
+ token: string;
565
+ ipAddress?: string | null | undefined;
566
+ userAgent?: string | null | undefined;
567
+ };
568
+ user: Record<string, any> & {
569
+ id: string;
570
+ createdAt: Date;
571
+ updatedAt: Date;
572
+ email: string;
573
+ emailVerified: boolean;
574
+ name: string;
575
+ image?: string | null | undefined;
576
+ };
577
+ };
578
+ }>)[];
579
+ metadata: {
580
+ openapi: {
581
+ operationId: string;
582
+ description: string;
583
+ responses: {
584
+ 200: {
585
+ description: string;
586
+ content: {
587
+ "application/json": {
588
+ schema: {
589
+ type: "object";
590
+ properties: {
591
+ success: {
592
+ type: string;
593
+ };
594
+ };
595
+ };
596
+ };
597
+ };
598
+ };
599
+ };
600
+ };
601
+ };
602
+ }, {
603
+ success: boolean;
604
+ }>;
605
+ };
606
+ hooks: {
607
+ after: {
608
+ matcher(context: better_auth.HookEndpointContext): boolean;
609
+ handler: (inputContext: better_call.MiddlewareInputContext<better_call.MiddlewareOptions>) => Promise<void>;
610
+ }[];
611
+ };
612
+ rateLimit: ({
613
+ pathMatcher(path: string): path is "/email-otp/send-verification-otp";
614
+ window: number;
615
+ max: number;
616
+ } | {
617
+ pathMatcher(path: string): path is "/email-otp/check-verification-otp";
618
+ window: number;
619
+ max: number;
620
+ } | {
621
+ pathMatcher(path: string): path is "/email-otp/verify-email";
622
+ window: number;
623
+ max: number;
624
+ } | {
625
+ pathMatcher(path: string): path is "/sign-in/email-otp";
626
+ window: number;
627
+ max: number;
628
+ } | {
629
+ pathMatcher(path: string): path is "/email-otp/request-password-reset";
630
+ window: number;
631
+ max: number;
632
+ } | {
633
+ pathMatcher(path: string): path is "/email-otp/reset-password";
634
+ window: number;
635
+ max: number;
636
+ } | {
637
+ pathMatcher(path: string): path is "/forget-password/email-otp";
638
+ window: number;
639
+ max: number;
640
+ } | {
641
+ pathMatcher(path: string): path is "/email-otp/request-email-change";
642
+ window: number;
643
+ max: number;
644
+ } | {
645
+ pathMatcher(path: string): path is "/email-otp/change-email";
646
+ window: number;
647
+ max: number;
648
+ })[];
649
+ options: better_auth_plugins_email_otp.EmailOTPOptions;
650
+ $ERROR_CODES: {
651
+ OTP_EXPIRED: better_auth.RawError<"OTP_EXPIRED">;
652
+ INVALID_OTP: better_auth.RawError<"INVALID_OTP">;
653
+ TOO_MANY_ATTEMPTS: better_auth.RawError<"TOO_MANY_ATTEMPTS">;
654
+ };
655
+ } | better_auth_client.DefaultOrganizationPlugin<{
656
+ schema: {
657
+ organization: {
658
+ modelName: string;
659
+ additionalFields: {
660
+ status: {
661
+ type: "string";
662
+ required: false;
663
+ defaultValue: string;
664
+ input: true;
665
+ };
666
+ domain: {
667
+ type: "string";
668
+ required: false;
669
+ input: true;
670
+ };
671
+ notes: {
672
+ type: "string";
673
+ required: false;
674
+ defaultValue: string;
675
+ input: true;
676
+ };
677
+ };
678
+ };
679
+ member: {
680
+ modelName: string;
681
+ fields: {
682
+ organizationId: string;
683
+ };
684
+ };
685
+ invitation: {
686
+ modelName: string;
687
+ fields: {
688
+ organizationId: string;
689
+ };
690
+ };
691
+ team: {
692
+ modelName: string;
693
+ fields: {
694
+ organizationId: string;
695
+ };
696
+ };
697
+ };
698
+ }>)[];
699
+ socialProviders: {
700
+ google?: {
701
+ clientId: string;
702
+ clientSecret: string;
703
+ } | undefined;
704
+ github?: {
705
+ clientId: string;
706
+ clientSecret: string;
707
+ } | undefined;
708
+ };
709
+ user: {
710
+ modelName: "auth_user";
711
+ fields: {
712
+ image: string;
713
+ };
714
+ additionalFields: {
715
+ role: {
716
+ type: "string";
717
+ required: false;
718
+ defaultValue: string;
719
+ input: false;
720
+ };
721
+ firstName: {
722
+ type: "string";
723
+ required: false;
724
+ defaultValue: string;
725
+ input: true;
726
+ };
727
+ lastName: {
728
+ type: "string";
729
+ required: false;
730
+ defaultValue: string;
731
+ input: true;
732
+ };
733
+ isSuperAdmin: {
734
+ type: "boolean";
735
+ required: false;
736
+ defaultValue: false;
737
+ input: false;
738
+ };
739
+ };
740
+ };
741
+ session: {
742
+ modelName: "auth_session";
743
+ expiresIn: number;
744
+ updateAge: number;
745
+ };
746
+ account: {
747
+ modelName: "auth_account";
748
+ };
749
+ verification: {
750
+ modelName: "auth_verification";
751
+ };
752
+ basePath: string;
753
+ emailAndPassword: {
754
+ enabled: true;
755
+ autoSignIn: true;
756
+ password: {
757
+ verify: ({ hash, password }: {
758
+ hash: string;
759
+ password: string;
760
+ }) => Promise<boolean>;
761
+ };
762
+ };
763
+ databaseHooks: {
764
+ user: {
765
+ create: {
766
+ before: (userData: Record<string, unknown>) => Promise<{
767
+ data: {
768
+ name: string;
769
+ firstName: string;
770
+ lastName: string;
771
+ role: string;
772
+ };
773
+ }>;
774
+ after: (user: {
775
+ id: string;
776
+ }) => Promise<void>;
777
+ };
778
+ };
779
+ };
780
+ secret: string | undefined;
781
+ baseURL: string | undefined;
782
+ appName: string;
783
+ };
784
+ type BetterAuthDefaultOptions = ReturnType<typeof getDefaultAuthOptions>;
785
+ type ExtendBetterAuth = (opts: BetterAuthDefaultOptions) => BetterAuthDefaultOptions;
786
+
787
+ /**
788
+ * SonicJS Plugin System Types
789
+ *
790
+ * Defines the core interfaces and types for the plugin system
791
+ */
792
+
793
+ interface Plugin {
794
+ /** Unique plugin identifier */
795
+ name: string;
796
+ /** Plugin version (semantic versioning) */
797
+ version: string;
798
+ /** Human-readable description */
799
+ description?: string;
800
+ /** Plugin author information */
801
+ author?: {
802
+ name: string;
803
+ email?: string;
804
+ url?: string;
805
+ };
806
+ /** Plugin dependencies (other plugins required) */
807
+ dependencies?: string[];
808
+ /** SonicJS version compatibility */
809
+ compatibility?: string;
810
+ /** Plugin license */
811
+ license?: string;
812
+ routes?: PluginRoutes[];
813
+ /**
814
+ * Optional imperative route registration, called synchronously at app
815
+ * construction time. Use this for routes that can't be expressed as a static
816
+ * `routes[]` entry (e.g. conditional mounting).
817
+ *
818
+ * MUST be synchronous: Hono's router locks after the first request, so all
819
+ * `app.route()` calls have to happen before any request is served. Returning
820
+ * a Promise throws `PluginRegisterMustBeSyncError`. Async, env-dependent work
821
+ * belongs in lifecycle hooks (`install`/`activate`), not here.
822
+ */
823
+ register?: (app: Hono) => void;
824
+ middleware?: PluginMiddleware[];
825
+ models?: PluginModel[];
826
+ services?: PluginService[];
827
+ adminPages?: PluginAdminPage[];
828
+ adminComponents?: PluginComponent[];
829
+ menuItems?: PluginMenuItem[];
830
+ hooks?: PluginHook[];
831
+ install?: (context: PluginContext) => Promise<void>;
832
+ uninstall?: (context: PluginContext) => Promise<void>;
833
+ activate?: (context: PluginContext) => Promise<void>;
834
+ deactivate?: (context: PluginContext) => Promise<void>;
835
+ configure?: (config: PluginConfig) => Promise<void>;
836
+ }
837
+ interface PluginContext {
838
+ /** Database instance */
839
+ db: D1Database;
840
+ /** Key-value storage */
841
+ kv: KVNamespace;
842
+ /** R2 storage bucket */
843
+ r2?: R2Bucket;
844
+ /** Plugin configuration */
845
+ config: PluginConfig;
846
+ /** Core SonicJS services */
847
+ services: {
848
+ auth: AuthService;
849
+ content: ContentService;
850
+ media: MediaService;
851
+ };
852
+ /** Hook system for inter-plugin communication */
853
+ hooks: HookSystem | ScopedHookSystem;
854
+ /** Logging utilities */
855
+ logger: PluginLogger;
856
+ }
857
+ interface PluginConfig {
858
+ /** Plugin-specific configuration */
859
+ [key: string]: any;
860
+ /** Whether plugin is enabled */
861
+ enabled: boolean;
862
+ /** Plugin installation timestamp */
863
+ installedAt?: number;
864
+ /** Plugin last update timestamp */
865
+ updatedAt?: number;
866
+ }
867
+ interface PluginRoutes {
868
+ /** Route path prefix */
869
+ path: string;
870
+ /** Hono route handler */
871
+ handler: Hono;
872
+ /** Route description */
873
+ description?: string;
874
+ /** Whether route requires authentication */
875
+ requiresAuth?: boolean;
876
+ /** Required roles for access */
877
+ roles?: string[];
878
+ /** Route priority (for ordering) */
879
+ priority?: number;
880
+ }
881
+ interface PluginMiddleware {
882
+ /** Middleware name */
883
+ name: string;
884
+ /** Middleware handler function */
885
+ handler: MiddlewareHandler;
886
+ /** Middleware description */
887
+ description?: string;
888
+ /** Middleware priority (lower = earlier) */
889
+ priority?: number;
890
+ /** Routes to apply middleware to */
891
+ routes?: string[];
892
+ /** Whether to apply globally */
893
+ global?: boolean;
894
+ }
895
+ interface PluginModel {
896
+ /** Model name */
897
+ name: string;
898
+ /** Database table name */
899
+ tableName: string;
900
+ /** Zod schema for validation */
901
+ schema: z.ZodSchema;
902
+ /** Database migrations */
903
+ migrations: string[];
904
+ /** Model relationships */
905
+ relationships?: ModelRelationship[];
906
+ /** Whether model extends core content */
907
+ extendsContent?: boolean;
908
+ }
909
+ interface ModelRelationship {
910
+ type: 'oneToOne' | 'oneToMany' | 'manyToMany';
911
+ target: string;
912
+ foreignKey?: string;
913
+ joinTable?: string;
914
+ }
915
+ interface PluginService {
916
+ /** Service name */
917
+ name: string;
918
+ /** Service implementation */
919
+ implementation: any;
920
+ /** Service description */
921
+ description?: string;
922
+ /** Service dependencies */
923
+ dependencies?: string[];
924
+ /** Whether service is singleton */
925
+ singleton?: boolean;
926
+ }
927
+ interface PluginAdminPage {
928
+ /** Page path (relative to /admin) */
929
+ path: string;
930
+ /** Page title */
931
+ title: string;
932
+ /** Page component/template */
933
+ component: string;
934
+ /** Page description */
935
+ description?: string;
936
+ /** Required permissions */
937
+ permissions?: string[];
938
+ /** Menu item configuration */
939
+ menuItem?: PluginMenuItem;
940
+ /** Page icon */
941
+ icon?: string;
942
+ }
943
+ interface PluginComponent {
944
+ /** Component name */
945
+ name: string;
946
+ /** Component template function */
947
+ template: (props: any) => string;
948
+ /** Component description */
949
+ description?: string;
950
+ /** Component props schema */
951
+ propsSchema?: z.ZodSchema;
952
+ }
953
+ interface PluginMenuItem {
954
+ /** Menu item label */
955
+ label: string;
956
+ /** Menu item path */
957
+ path: string;
958
+ /** Menu item icon */
959
+ icon?: string;
960
+ /** Menu item order */
961
+ order?: number;
962
+ /** Parent menu item */
963
+ parent?: string;
964
+ /** Required permissions */
965
+ permissions?: string[];
966
+ /** Whether item is active */
967
+ active?: boolean;
968
+ }
969
+ interface PluginHook {
970
+ /** Hook name */
971
+ name: string;
972
+ /** Hook handler function */
973
+ handler: HookHandler;
974
+ /** Hook priority */
975
+ priority?: number;
976
+ /** Hook description */
977
+ description?: string;
978
+ }
979
+ type HookHandler = (data: any, context: HookContext) => Promise<any>;
980
+ interface HookContext {
981
+ /** Plugin that registered the hook */
982
+ plugin: string;
983
+ /** Hook execution context */
984
+ context: PluginContext;
985
+ /** Cancel hook execution */
986
+ cancel?: () => void;
987
+ }
988
+ interface HookSystem {
989
+ /** Register a hook handler */
990
+ register(hookName: string, handler: HookHandler, priority?: number): void;
991
+ /** Execute all handlers for a hook */
992
+ execute(hookName: string, data: any, context?: any): Promise<any>;
993
+ /** Remove a hook handler */
994
+ unregister(hookName: string, handler: HookHandler): void;
995
+ /** Get all registered hooks */
996
+ getHooks(hookName: string): PluginHook[];
997
+ /** Create a scoped hook system (optional) */
998
+ createScope?(pluginName: string): ScopedHookSystem;
999
+ }
1000
+ interface ScopedHookSystem {
1001
+ /** Register a hook handler */
1002
+ register(hookName: string, handler: HookHandler, priority?: number): void;
1003
+ /** Execute all handlers for a hook */
1004
+ execute(hookName: string, data: any, context?: any): Promise<any>;
1005
+ /** Remove a hook handler */
1006
+ unregister(hookName: string, handler: HookHandler): void;
1007
+ /** Remove all hooks for this scope */
1008
+ unregisterAll(): void;
1009
+ }
1010
+ interface AuthService {
1011
+ /** Generate JWT token for a user */
1012
+ generateToken(userId: string, email: string, role: string): Promise<string>;
1013
+ /** Verify and decode JWT token */
1014
+ verifyToken(token: string): Promise<any>;
1015
+ /** Set authentication cookie (useful for alternative auth methods) */
1016
+ setAuthCookie(context: Context, token: string, options?: {
1017
+ maxAge?: number;
1018
+ secure?: boolean;
1019
+ httpOnly?: boolean;
1020
+ sameSite?: 'Strict' | 'Lax' | 'None';
1021
+ }): void;
1022
+ /** Hash password */
1023
+ hashPassword(password: string): Promise<string>;
1024
+ /** Verify password against hash */
1025
+ verifyPassword(password: string, hash: string): Promise<boolean>;
1026
+ }
1027
+ interface AuthService {
1028
+ /** Verify user permissions */
1029
+ hasPermission(userId: string, permission: string): Promise<boolean>;
1030
+ /** Get current user */
1031
+ getCurrentUser(context: Context): Promise<any>;
1032
+ /** Create authentication middleware */
1033
+ createMiddleware(options?: any): MiddlewareHandler;
1034
+ }
1035
+ interface ContentService {
1036
+ /** Get content by ID */
1037
+ getById(id: string): Promise<any>;
1038
+ /** Create new content */
1039
+ create(data: any): Promise<any>;
1040
+ /** Update content */
1041
+ update(id: string, data: any): Promise<any>;
1042
+ /** Delete content */
1043
+ delete(id: string): Promise<void>;
1044
+ /** Search content */
1045
+ search(query: string, options?: any): Promise<any[]>;
1046
+ }
1047
+ interface MediaService {
1048
+ /** Upload file */
1049
+ upload(file: File, options?: any): Promise<any>;
1050
+ /** Get media by ID */
1051
+ getById(id: string): Promise<any>;
1052
+ /** Delete media */
1053
+ delete(id: string): Promise<void>;
1054
+ /** Transform image */
1055
+ transform(id: string, options: any): Promise<string>;
1056
+ }
1057
+ interface PluginLogger {
1058
+ debug(message: string, data?: any): void;
1059
+ info(message: string, data?: any): void;
1060
+ warn(message: string, data?: any): void;
1061
+ error(message: string, error?: Error, data?: any): void;
1062
+ }
1063
+
1064
+ /**
1065
+ * Email provider resolution
1066
+ *
1067
+ * Decides which transport an app uses, in precedence order:
1068
+ *
1069
+ * 1. an explicit `provider` instance (dev brought their own — wins outright)
1070
+ * 2. an explicit `providerName` built-in, credentialed from env
1071
+ * 3. env auto-detect: RESEND_API_KEY → Resend, else SENDGRID_API_KEY → SendGrid
1072
+ * 4. the Console provider (zero-config dev/CI fallback)
1073
+ *
1074
+ * If a chosen provider turns out to be unconfigured (e.g. `providerName: 'resend'`
1075
+ * with no key), it falls back to Console with a warning rather than failing sends
1076
+ * silently — so a missing key degrades to "logged, not delivered", never to a
1077
+ * security leak (a reset flow returning its own token because mail didn't send).
1078
+ */
1079
+
1080
+ type BuiltInProviderName = 'resend' | 'sendgrid' | 'console';
1081
+
1082
+ interface Bindings {
1083
+ DB: D1Database;
1084
+ CACHE_KV: KVNamespace;
1085
+ MEDIA_BUCKET: R2Bucket;
1086
+ ASSETS: Fetcher;
1087
+ EMAIL_QUEUE?: Queue;
1088
+ SENDGRID_API_KEY?: string;
1089
+ DEFAULT_FROM_EMAIL?: string;
1090
+ IMAGES_ACCOUNT_ID?: string;
1091
+ IMAGES_API_TOKEN?: string;
1092
+ ENVIRONMENT?: string;
1093
+ CORS_ORIGINS?: string;
1094
+ JWT_SECRET?: string;
1095
+ JWT_EXPIRES_IN?: string;
1096
+ JWT_REFRESH_GRACE_SECONDS?: string;
1097
+ BUCKET_NAME?: string;
1098
+ GOOGLE_MAPS_API_KEY?: string;
1099
+ BETTER_AUTH_SECRET?: string;
1100
+ BETTER_AUTH_URL?: string;
1101
+ GITHUB_CLIENT_ID?: string;
1102
+ GITHUB_CLIENT_SECRET?: string;
1103
+ GOOGLE_CLIENT_ID?: string;
1104
+ GOOGLE_CLIENT_SECRET?: string;
1105
+ }
1106
+ interface Variables {
1107
+ user?: {
1108
+ userId: string;
1109
+ email: string;
1110
+ role: string;
1111
+ isSuperAdmin?: boolean;
1112
+ exp: number;
1113
+ iat: number;
1114
+ };
1115
+ session?: {
1116
+ id: string;
1117
+ userId: string;
1118
+ token: string;
1119
+ expiresAt: number;
1120
+ createdAt: number;
1121
+ updatedAt: number;
1122
+ };
1123
+ rbacPerms?: string[];
1124
+ requestId?: string;
1125
+ startTime?: number;
1126
+ appVersion?: string;
1127
+ csrfToken?: string;
1128
+ pluginMenuItems?: Array<{
1129
+ label: string;
1130
+ path: string;
1131
+ icon: string;
1132
+ }>;
1133
+ /**
1134
+ * The plugin hook system attached to the request. Set by bootstrapMiddleware
1135
+ * BEFORE any heavy bootstrap work runs, so anything that emits a hook during
1136
+ * bootstrap (cron cold starts, RBAC seed, document-type registration) sees a
1137
+ * live bus instead of a no-op.
1138
+ */
1139
+ hookSystem?: HookSystemLike;
1140
+ /** Tenant slug resolved per request by tenantMiddleware ('default' when single-tenant). */
1141
+ tenantId?: string;
1142
+ /** The authed user's role IN the resolved tenant (per-tenant RBAC); global role for 'default'. */
1143
+ tenantRole?: string;
1144
+ }
1145
+ interface SonicJSConfig {
1146
+ collections?: {
1147
+ directory?: string;
1148
+ autoSync?: boolean;
1149
+ };
1150
+ plugins?: {
1151
+ /**
1152
+ * @deprecated No-op. Cloudflare Workers has no runtime filesystem, so a
1153
+ * plugin directory cannot be scanned at runtime. Pass plugins explicitly via
1154
+ * `register` instead.
1155
+ */
1156
+ directory?: string;
1157
+ /**
1158
+ * @deprecated No-op. Filesystem autoload is not supported on Workers. Pass
1159
+ * plugins explicitly via `register` instead.
1160
+ */
1161
+ autoLoad?: boolean;
1162
+ /**
1163
+ * User-supplied plugins to mount. Each plugin's declarative `routes[]` and/or
1164
+ * synchronous `register(app)` hook is mounted into the app, before the
1165
+ * `/admin` catch-all so plugin admin pages are not shadowed.
1166
+ *
1167
+ * @example
1168
+ * createSonicJSApp({ plugins: { register: [contactFormPlugin] } })
1169
+ */
1170
+ register?: Plugin[];
1171
+ /**
1172
+ * Disable ALL plugins — core AND user. When true, no plugin routes are
1173
+ * mounted and plugin bootstrap (DB seeding) is skipped. Use this to run a
1174
+ * bare core app.
1175
+ */
1176
+ disableAll?: boolean;
1177
+ };
1178
+ /**
1179
+ * Email configuration. Controls the app-wide EmailService that backs password
1180
+ * reset, magic-link, OTP, and any plugin that declares `email:send`.
1181
+ *
1182
+ * Bring your own provider, name a built-in, or let env auto-detect:
1183
+ * - `provider`: a custom `EmailProvider` instance (highest precedence).
1184
+ * - `providerName`: `'resend' | 'sendgrid' | 'console'`, credentialed from env.
1185
+ * - neither: auto-detect from env (RESEND_API_KEY, then SENDGRID_API_KEY),
1186
+ * falling back to the console provider (logs instead of delivering).
1187
+ */
1188
+ email?: {
1189
+ provider?: EmailProvider;
1190
+ providerName?: BuiltInProviderName;
1191
+ /** Default from-address. Falls back to env DEFAULT_FROM_EMAIL, then a placeholder. */
1192
+ from?: string;
1193
+ };
1194
+ routes?: Array<{
1195
+ path: string;
1196
+ handler: Hono;
1197
+ }>;
1198
+ middleware?: {
1199
+ beforeAuth?: Array<(c: Context, next: () => Promise<void>) => Promise<void>>;
1200
+ afterAuth?: Array<(c: Context, next: () => Promise<void>) => Promise<void>>;
1201
+ };
1202
+ auth?: {
1203
+ extendBetterAuth?: ExtendBetterAuth;
1204
+ };
1205
+ version?: string;
1206
+ name?: string;
1207
+ }
1208
+ /**
1209
+ * A function that boots the plugin infrastructure from env bindings.
1210
+ *
1211
+ * Runs email init + plugin wiring, both promise-memoized so calling it multiple
1212
+ * times per isolate is a no-op. Pass it to `createScheduledHandler` as the
1213
+ * `boot` option so cron-first cold isolates wire up before dispatching.
1214
+ */
1215
+ type BootIsolateFn = (env: Record<string, unknown>) => Promise<void>;
1216
+ /**
1217
+ * The app returned by {@link createSonicJSApp}. Extends the Hono app with a
1218
+ * `boot` function that wires plugins from env bindings, suitable for use in a
1219
+ * Worker `scheduled()` handler.
1220
+ */
1221
+ type SonicJSApp = Hono<{
1222
+ Bindings: Bindings;
1223
+ Variables: Variables;
1224
+ }> & {
1225
+ /** Boot the plugin infrastructure from Cloudflare env bindings (once-guarded). */
1226
+ readonly boot: BootIsolateFn;
1227
+ };
1228
+ /**
1229
+ * Create a SonicJS application with core functionality
1230
+ *
1231
+ * @param config - Application configuration
1232
+ * @returns Configured Hono application
1233
+ *
1234
+ * @example
1235
+ * ```typescript
1236
+ * import { createSonicJSApp } from '@sonicjs-cms/core'
1237
+ *
1238
+ * const app = createSonicJSApp({
1239
+ * collections: {
1240
+ * directory: './src/collections',
1241
+ * autoSync: true
1242
+ * },
1243
+ * plugins: {
1244
+ * directory: './src/plugins',
1245
+ * autoLoad: true
1246
+ * }
1247
+ * })
1248
+ *
1249
+ * export default app
1250
+ * ```
1251
+ */
1252
+ declare function createSonicJSApp(config?: SonicJSConfig): SonicJSApp;
1253
+ /**
1254
+ * Setup core middleware (backward compatibility)
1255
+ *
1256
+ * @param _app - Hono application
1257
+ * @deprecated Use createSonicJSApp() instead
1258
+ */
1259
+ declare function setupCoreMiddleware(_app: SonicJSApp): void;
1260
+ /**
1261
+ * Setup core routes (backward compatibility)
1262
+ *
1263
+ * @param _app - Hono application
1264
+ * @deprecated Use createSonicJSApp() instead
1265
+ */
1266
+ declare function setupCoreRoutes(_app: SonicJSApp): void;
1267
+
1268
+ export { type Bindings as B, type SonicJSConfig as S, type Variables as V, type BootIsolateFn as a, type SonicJSApp as b, createSonicJSApp as c, setupCoreRoutes as d, setupCoreMiddleware as s };