@sonicjs-cms/core 2.19.0 → 3.0.0-beta.2

package/dist/chunk-IVPRUGTY.js

@@ -0,0 +1,242 @@
+import { isFirstUserRegistration, isRegistrationEnabled } from './chunk-IESEVHXL.js';
+import { authTenantTeam, authTenantInvitation, authTenantMember, authTenant, authVerification, authAccount, authSession, authUser } from './chunk-AI663NBO.js';
+import { betterAuth } from 'better-auth';
+import { withCloudflare } from 'better-auth-cloudflare';
+import { hashPassword, verifyPassword } from 'better-auth/crypto';
+import { APIError } from 'better-auth/api';
+import { magicLink } from 'better-auth/plugins/magic-link';
+import { emailOTP } from 'better-auth/plugins/email-otp';
+import { organization } from 'better-auth/plugins/organization';
+import { drizzle } from 'drizzle-orm/d1';
+
+async function sendViaEmailPlugin(db, to, subject, html) {
+  try {
+    const row = await db.prepare("SELECT settings FROM plugins WHERE id = 'email'").first();
+    if (row?.settings) {
+      const { apiKey, fromEmail, fromName } = JSON.parse(row.settings);
+      if (apiKey && fromEmail) {
+        await fetch("https://api.resend.com/emails", {
+          method: "POST",
+          headers: { Authorization: `Bearer ${apiKey}`, "Content-Type": "application/json" },
+          body: JSON.stringify({
+            from: `${fromName ?? "SonicJS"} <${fromEmail}>`,
+            to: [to],
+            subject,
+            html
+          })
+        });
+        return;
+      }
+    }
+  } catch {
+  }
+  console.log(`[email-dev] To:${to} | Subject:${subject}`);
+}
+async function verifyLegacyPbkdf2(password, stored) {
+  const parts = stored.split(":");
+  if (parts.length !== 4) return false;
+  const iterations = parseInt(parts[1], 10);
+  const saltBytes = parts[2].match(/.{2}/g);
+  if (!saltBytes || !Number.isFinite(iterations)) return false;
+  const salt = new Uint8Array(saltBytes.map((b) => parseInt(b, 16)));
+  const km = await crypto.subtle.importKey("raw", new TextEncoder().encode(password), "PBKDF2", false, ["deriveBits"]);
+  const bits = await crypto.subtle.deriveBits({ name: "PBKDF2", salt, iterations, hash: "SHA-256" }, km, 256);
+  const actual = Array.from(new Uint8Array(bits)).map((b) => b.toString(16).padStart(2, "0")).join("");
+  const expected = parts[3];
+  if (actual.length !== expected.length) return false;
+  let diff = 0;
+  for (let i = 0; i < actual.length; i++) diff |= actual.charCodeAt(i) ^ expected.charCodeAt(i);
+  return diff === 0;
+}
+function getDefaultAuthOptions(env, requestBaseURL) {
+  const db = drizzle(env.DB);
+  return {
+    secret: env.BETTER_AUTH_SECRET,
+    baseURL: env.BETTER_AUTH_URL || requestBaseURL,
+    appName: "SonicJS",
+    ...withCloudflare(
+      {
+        autoDetectIpAddress: true,
+        geolocationTracking: false,
+        cf: {},
+        d1: {
+          db,
+          options: {
+            // Keys MUST match modelName values — BA resolves by modelName, not by JS variable name.
+            schema: { auth_user: authUser, auth_session: authSession, auth_account: authAccount, auth_verification: authVerification, auth_tenant: authTenant, auth_tenant_member: authTenantMember, auth_tenant_invitation: authTenantInvitation, auth_tenant_team: authTenantTeam }
+          }
+        },
+        kv: env.CACHE_KV
+        // session secondary storage → getSession skips D1
+      },
+      {
+        basePath: "/auth",
+        emailAndPassword: {
+          enabled: true,
+          autoSignIn: true,
+          // Transparent migration of SonicJS legacy PBKDF2 hashes: verify against
+          // the old format on login, then re-hash to scrypt and persist. No
+          // mass-rehash, no forced password resets.
+          password: {
+            verify: async ({ hash, password }) => {
+              if (hash.startsWith("pbkdf2:")) {
+                const ok = await verifyLegacyPbkdf2(password, hash);
+                if (ok) {
+                  const upgraded = await hashPassword(password);
+                  await env.DB.prepare(
+                    "UPDATE auth_account SET password = ?, updated_at = ? WHERE password = ? AND provider_id = 'credential'"
+                  ).bind(upgraded, Math.floor(Date.now() / 1e3), hash).run();
+                }
+                return ok;
+              }
+              return verifyPassword({ hash, password });
+            }
+          }
+        },
+        user: {
+          modelName: "auth_user",
+          // Field-mapping values are Drizzle *property keys* (camelCase), which
+          // already match Better Auth's defaults for emailVerified/createdAt/
+          // updatedAt. Only `image` differs (SonicJS uses `avatar`).
+          fields: {
+            image: "avatar"
+          },
+          additionalFields: {
+            role: { type: "string", required: false, defaultValue: "viewer", input: false },
+            firstName: { type: "string", required: false, defaultValue: "", input: true },
+            lastName: { type: "string", required: false, defaultValue: "", input: true },
+            isSuperAdmin: { type: "boolean", required: false, defaultValue: false, input: false }
+          }
+        },
+        session: {
+          modelName: "auth_session",
+          // Drizzle property keys already match Better Auth defaults (userId,
+          // expiresAt, ipAddress, …) — no field overrides needed.
+          expiresIn: 60 * 60 * 24 * 7,
+          // 7 days
+          updateAge: 60 * 60 * 24
+          // refresh once per day
+        },
+        account: { modelName: "auth_account" },
+        verification: { modelName: "auth_verification" },
+        databaseHooks: {
+          user: {
+            create: {
+              before: async (userData) => {
+                const isFirst = await isFirstUserRegistration(env.DB);
+                if (!isFirst) {
+                  const enabled = await isRegistrationEnabled(env.DB);
+                  if (!enabled) {
+                    throw new APIError("BAD_REQUEST", { message: "Registration is currently disabled." });
+                  }
+                }
+                const d = userData;
+                const name = (d.name ?? "User").toString();
+                const parts = name.trim().split(/\s+/);
+                const firstName = d.firstName || parts[0] || "User";
+                const lastName = d.lastName || parts.slice(1).join(" ") || firstName;
+                return { data: { ...userData, name, firstName, lastName, role: "viewer" } };
+              },
+              after: async (user) => {
+                try {
+                  const { RbacService } = await import('./rbac-O73MFKDA.js');
+                  const rbac = new RbacService(env.DB);
+                  const roleName = await rbac.countPortalAdmins(user.id) === 0 ? "admin" : "viewer";
+                  await rbac.addUserRoleByName(user.id, roleName);
+                } catch {
+                }
+              }
+            }
+          }
+        }
+      }
+    ),
+    // ── Phase 4: BA-native login methods ─────────────────────────────────────
+    // Magic-link and Email-OTP replace the standalone SonicJS plugins that
+    // minted JWT cookies. Social providers replace the bespoke oauth-providers
+    // plugin. All are gated on the relevant env vars / email service config
+    // so they activate only when configured.
+    plugins: [
+      // Magic-link passwordless auth. Sends a one-time link to the user's inbox;
+      // the link resolves to a BA session. Requires a working email service.
+      magicLink({
+        sendMagicLink: async ({ email, url }, _request) => {
+          await sendViaEmailPlugin(
+            env.DB,
+            email,
+            "Your sign-in link",
+            `<div style="font-family:sans-serif;max-width:600px">
+              <h2>Sign in to SonicJS</h2>
+              <p>Click the link below to sign in. Expires in 15 minutes.</p>
+              <p><a href="${url}" style="background:#465FFF;color:#fff;padding:12px 24px;border-radius:6px;text-decoration:none">Sign in</a></p>
+              <p style="color:#666;font-size:12px">Or copy: ${url}</p>
+            </div>`
+          );
+        },
+        expiresIn: 15 * 60
+      }),
+      // Email OTP — 6-digit code sent to inbox. Replaces the otp-login-plugin.
+      emailOTP({
+        sendVerificationOTP: async (params, _request) => {
+          await sendViaEmailPlugin(
+            env.DB,
+            params.email,
+            "Your sign-in code",
+            `<div style="font-family:sans-serif;max-width:600px">
+              <h2>Your one-time code</h2>
+              <p style="font-size:36px;font-weight:bold;letter-spacing:8px;color:#465FFF">${params.otp}</p>
+              <p style="color:#666">Expires in 10 minutes. Do not share this code.</p>
+            </div>`
+          );
+        },
+        otpLength: 6,
+        expiresIn: 10 * 60
+      }),
+      organization({
+        schema: {
+          organization: {
+            modelName: "auth_tenant",
+            additionalFields: {
+              status: { type: "string", required: false, defaultValue: "active", input: true },
+              domain: { type: "string", required: false, input: true },
+              notes: { type: "string", required: false, defaultValue: "", input: true }
+            }
+          },
+          member: {
+            modelName: "auth_tenant_member",
+            fields: { organizationId: "tenant_id" }
+          },
+          invitation: {
+            modelName: "auth_tenant_invitation",
+            fields: { organizationId: "tenant_id" }
+          },
+          team: {
+            modelName: "auth_tenant_team",
+            fields: { organizationId: "tenant_id" }
+          }
+        }
+      })
+    ],
+    // ── Phase 4: Social providers ─────────────────────────────────────────
+    // Activated when the relevant env vars are set. Replaces the bespoke
+    // oauth-providers SonicJS plugin. Set via wrangler secret put / .dev.vars.
+    socialProviders: {
+      ...env.GITHUB_CLIENT_ID && env.GITHUB_CLIENT_SECRET ? { github: { clientId: env.GITHUB_CLIENT_ID, clientSecret: env.GITHUB_CLIENT_SECRET } } : {},
+      ...env.GOOGLE_CLIENT_ID && env.GOOGLE_CLIENT_SECRET ? { google: { clientId: env.GOOGLE_CLIENT_ID, clientSecret: env.GOOGLE_CLIENT_SECRET } } : {}
+    }
+  };
+}
+function createAuth(env, extendBetterAuth, requestBaseURL) {
+  if (!env.BETTER_AUTH_SECRET || env.BETTER_AUTH_SECRET.length < 16) {
+    throw new Error(
+      "BETTER_AUTH_SECRET is missing or too short. Set it as a Wrangler secret (wrangler secret put BETTER_AUTH_SECRET) or in a gitignored .dev.vars for local dev. Refusing to initialize auth without a strong signing secret."
+    );
+  }
+  const defaults = getDefaultAuthOptions(env, requestBaseURL);
+  const options = extendBetterAuth ? extendBetterAuth(defaults) : defaults;
+  return betterAuth(options);
+}
+
+export { createAuth, getDefaultAuthOptions };
+//# sourceMappingURL=chunk-IVPRUGTY.js.map
+//# sourceMappingURL=chunk-IVPRUGTY.js.map

package/dist/chunk-IVPRUGTY.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/auth/config.ts"],"names":["baHashPassword","baVerifyPassword"],"mappings":";;;;;;;;;;;AAeA,eAAe,kBAAA,CACb,EAAA,EACA,EAAA,EACA,OAAA,EACA,IAAA,EACe;AACf,EAAA,IAAI;AACF,IAAA,MAAM,MAAO,MAAM,EAAA,CAChB,OAAA,CAAQ,iDAAiD,EACzD,KAAA,EAAM;AACT,IAAA,IAAI,KAAK,QAAA,EAAU;AACjB,MAAA,MAAM,EAAE,QAAQ,SAAA,EAAW,QAAA,KAAa,IAAA,CAAK,KAAA,CAAM,IAAI,QAAQ,CAAA;AAG/D,MAAA,IAAI,UAAU,SAAA,EAAW;AACvB,QAAA,MAAM,MAAM,+BAAA,EAAiC;AAAA,UAC3C,MAAA,EAAQ,MAAA;AAAA,UACR,SAAS,EAAE,aAAA,EAAe,UAAU,MAAM,CAAA,CAAA,EAAI,gBAAgB,kBAAA,EAAmB;AAAA,UACjF,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,YACnB,IAAA,EAAM,CAAA,EAAG,QAAA,IAAY,SAAS,KAAK,SAAS,CAAA,CAAA,CAAA;AAAA,YAC5C,EAAA,EAAI,CAAC,EAAE,CAAA;AAAA,YACP,OAAA;AAAA,YACA;AAAA,WACD;AAAA,SACF,CAAA;AACD,QAAA;AAAA,MACF;AAAA,IACF;AAAA,EACF,CAAA,CAAA,MAAQ;AAAA,EAAgC;AACxC,EAAA,OAAA,CAAQ,GAAA,CAAI,CAAA,eAAA,EAAkB,EAAE,CAAA,WAAA,EAAc,OAAO,CAAA,CAAE,CAAA;AACzD;AAmBA,eAAe,kBAAA,CAAmB,UAAkB,MAAA,EAAkC;AACpF,EAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,KAAA,CAAM,GAAG,CAAA;AAC9B,EAAA,IAAI,KAAA,CAAM,MAAA,KAAW,CAAA,EAAG,OAAO,KAAA;AAC/B,EAAA,MAAM,UAAA,GAAa,QAAA,CAAS,KAAA,CAAM,CAAC,GAAI,EAAE,CAAA;AACzC,EAAA,MAAM,SAAA,GAAY,KAAA,CAAM,CAAC,CAAA,CAAG,MAAM,OAAO,CAAA;AACzC,EAAA,IAAI,CAAC,SAAA,IAAa,CAAC,OAAO,QAAA,CAAS,UAAU,GAAG,OAAO,KAAA;AACvD,EAAA,MAAM,IAAA,GAAO,IAAI,UAAA,CAAW,SAAA,CAAU,GAAA,CAAI,CAAC,CAAA,KAAM,QAAA,CAAS,CAAA,EAAG,EAAE,CAAC,CAAC,CAAA;AACjE,EAAA,MAAM,KAAK,MAAM,MAAA,CAAO,MAAA,CAAO,SAAA,CAAU,OAAO,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,QAAQ,CAAA,EAAG,QAAA,EAAU,KAAA,EAAO,CAAC,YAAY,CAAC,CAAA;AACnH,EAAA,MAAM,IAAA,GAAO,MAAM,MAAA,CAAO,MAAA,CAAO,WAAW,EAAE,IAAA,EAAM,QAAA,EAAU,IAAA,EAAM,UAAA,EAAY,IAAA,EAAM,SAAA,EAAU,EAAG,IAAI,GAAG,CAAA;AAC1G,EAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,IAAI,WAAW,IAAI,CAAC,EAAE,GAAA,CAAI,CAAC,MAAM,CAAA,CAAE,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,GAAG,GAAG,CAAC,CAAA,CAAE,IAAA,CAAK,EAAE,CAAA;AACnG,EAAA,MAAM,QAAA,GAAW,MAAM,CAAC,CAAA;AACxB,EAAA,IAAI,MAAA,CAAO,MAAA,KAAW,QAAA,CAAS,MAAA,EAAQ,OAAO,KAAA;AAC9C,EAAA,IAAI,IAAA,GAAO,CAAA;AACX,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,CAAO,MAAA,EAAQ,CAAA,EAAA,EAAK,IAAA,IAAQ,MAAA,CAAO,UAAA,CAAW,CAAC,CAAA,GAAI,QAAA,CAAS,WAAW,CAAC,CAAA;AAC5F,EAAA,OAAO,IAAA,KAAS,CAAA;AAClB;AAMO,SAAS,qBAAA,CAAsB,KAAe,cAAA,EAAyB;AAC5E,EAAA,MAAM,EAAA,GAAK,OAAA,CAAQ,GAAA,CAAI,EAAE,CAAA;AAEzB,EAAA,OAAO;AAAA,IACL,QAAQ,GAAA,CAAI,kBAAA;AAAA,IACZ,OAAA,EAAS,IAAI,eAAA,IAAmB,cAAA;AAAA,IAChC,OAAA,EAAS,SAAA;AAAA,IACT,GAAG,cAAA;AAAA,MACD;AAAA,QACE,mBAAA,EAAqB,IAAA;AAAA,QACrB,mBAAA,EAAqB,KAAA;AAAA,QACrB,IAAI,EAAC;AAAA,QACL,EAAA,EAAI;AAAA,UACF,EAAA;AAAA,UACA,OAAA,EAAS;AAAA;AAAA,YAEP,QAAQ,EAAE,SAAA,EAAW,QAAA,EAAU,YAAA,EAAc,aAAa,YAAA,EAAc,WAAA,EAAa,iBAAA,EAAmB,gBAAA,EAAkB,aAAa,UAAA,EAAY,kBAAA,EAAoB,kBAAkB,sBAAA,EAAwB,oBAAA,EAAsB,kBAAkB,cAAA;AAAe;AAC1Q,SACF;AAAA,QACA,IAAI,GAAA,CAAI;AAAA;AAAA,OACV;AAAA,MACA;AAAA,QACE,QAAA,EAAU,OAAA;AAAA,QACV,gBAAA,EAAkB;AAAA,UAChB,OAAA,EAAS,IAAA;AAAA,UACT,UAAA,EAAY,IAAA;AAAA;AAAA;AAAA;AAAA,UAIZ,QAAA,EAAU;AAAA,YACR,MAAA,EAAQ,OAAO,EAAE,IAAA,EAAM,UAAS,KAA0C;AACxE,cAAA,IAAI,IAAA,CAAK,UAAA,CAAW,SAAS,CAAA,EAAG;AAC9B,gBAAA,MAAM,EAAA,GAAK,MAAM,kBAAA,CAAmB,QAAA,EAAU,IAAI,CAAA;AAClD,gBAAA,IAAI,EAAA,EAAI;AACN,kBAAA,MAAM,QAAA,GAAW,MAAMA,YAAA,CAAe,QAAQ,CAAA;AAC9C,kBAAA,MAAM,IAAI,EAAA,CAAG,OAAA;AAAA,oBACX;AAAA,mBACF,CACG,IAAA,CAAK,QAAA,EAAU,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,EAAI,GAAI,GAAI,CAAA,EAAG,IAAI,CAAA,CAClD,GAAA,EAAI;AAAA,gBACT;AACA,gBAAA,OAAO,EAAA;AAAA,cACT;AACA,cAAA,OAAOC,cAAA,CAAiB,EAAE,IAAA,EAAM,QAAA,EAAU,CAAA;AAAA,YAC5C;AAAA;AACF,SACF;AAAA,QACA,IAAA,EAAM;AAAA,UACJ,SAAA,EAAW,WAAA;AAAA;AAAA;AAAA;AAAA,UAIX,MAAA,EAAQ;AAAA,YACN,KAAA,EAAO;AAAA,WACT;AAAA,UACA,gBAAA,EAAkB;AAAA,YAChB,IAAA,EAAM,EAAE,IAAA,EAAM,QAAA,EAAU,UAAU,KAAA,EAAO,YAAA,EAAc,QAAA,EAAU,KAAA,EAAO,KAAA,EAAM;AAAA,YAC9E,SAAA,EAAW,EAAE,IAAA,EAAM,QAAA,EAAU,UAAU,KAAA,EAAO,YAAA,EAAc,EAAA,EAAI,KAAA,EAAO,IAAA,EAAK;AAAA,YAC5E,QAAA,EAAU,EAAE,IAAA,EAAM,QAAA,EAAU,UAAU,KAAA,EAAO,YAAA,EAAc,EAAA,EAAI,KAAA,EAAO,IAAA,EAAK;AAAA,YAC3E,YAAA,EAAc,EAAE,IAAA,EAAM,SAAA,EAAW,UAAU,KAAA,EAAO,YAAA,EAAc,KAAA,EAAO,KAAA,EAAO,KAAA;AAAM;AACtF,SACF;AAAA,QACA,OAAA,EAAS;AAAA,UACP,SAAA,EAAW,cAAA;AAAA;AAAA;AAAA,UAGX,SAAA,EAAW,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,CAAA;AAAA;AAAA,UAC1B,SAAA,EAAW,KAAK,EAAA,GAAK;AAAA;AAAA,SACvB;AAAA,QACA,OAAA,EAAS,EAAE,SAAA,EAAW,cAAA,EAAe;AAAA,QACrC,YAAA,EAAc,EAAE,SAAA,EAAW,mBAAA,EAAoB;AAAA,QAC/C,aAAA,EAAe;AAAA,UACb,IAAA,EAAM;AAAA,YACJ,MAAA,EAAQ;AAAA,cACN,MAAA,EAAQ,OAAO,QAAA,KAAsC;AACnD,gBAAA,MAAM,OAAA,GAAU,MAAM,uBAAA,CAAwB,GAAA,CAAI,EAAE,CAAA;AACpD,gBAAA,IAAI,CAAC,OAAA,EAAS;AACZ,kBAAA,MAAM,OAAA,GAAU,MAAM,qBAAA,CAAsB,GAAA,CAAI,EAAE,CAAA;AAClD,kBAAA,IAAI,CAAC,OAAA,EAAS;AACZ,oBAAA,MAAM,IAAI,QAAA,CAAS,aAAA,EAAe,EAAE,OAAA,EAAS,uCAAuC,CAAA;AAAA,kBACtF;AAAA,gBACF;AACA,gBAAA,MAAM,CAAA,GAAI,QAAA;AAGV,gBAAA,MAAM,IAAA,GAAA,CAAQ,CAAA,CAAE,IAAA,IAAQ,MAAA,EAAQ,QAAA,EAAS;AACzC,gBAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,IAAA,EAAK,CAAE,MAAM,KAAK,CAAA;AAGrC,gBAAA,MAAM,SAAA,GAAY,CAAA,CAAE,SAAA,IAAa,KAAA,CAAM,CAAC,CAAA,IAAK,MAAA;AAC7C,gBAAA,MAAM,QAAA,GAAW,EAAE,QAAA,IAAY,KAAA,CAAM,MAAM,CAAC,CAAA,CAAE,IAAA,CAAK,GAAG,CAAA,IAAK,SAAA;AAC3D,gBAAA,OAAO,EAAE,IAAA,EAAM,EAAE,GAAG,QAAA,EAAU,MAAM,SAAA,EAAW,QAAA,EAAU,IAAA,EAAM,QAAA,EAAS,EAAE;AAAA,cAC5E,CAAA;AAAA,cACA,KAAA,EAAO,OAAO,IAAA,KAAyB;AAIrC,gBAAA,IAAI;AAIF,kBAAA,MAAM,EAAE,WAAA,EAAY,GAAI,MAAM,OAAO,oBAAkB,CAAA;AACvD,kBAAA,MAAM,IAAA,GAAO,IAAI,WAAA,CAAY,GAAA,CAAI,EAAE,CAAA;AACnC,kBAAA,MAAM,QAAA,GAAY,MAAM,IAAA,CAAK,iBAAA,CAAkB,KAAK,EAAE,CAAA,KAAO,IAAI,OAAA,GAAU,QAAA;AAC3E,kBAAA,MAAM,IAAA,CAAK,iBAAA,CAAkB,IAAA,CAAK,EAAA,EAAI,QAAQ,CAAA;AAAA,gBAChD,CAAA,CAAA,MAAQ;AAAA,gBAER;AAAA,cACF;AAAA;AACF;AACF;AACF;AACF,KACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,OAAA,EAAS;AAAA;AAAA;AAAA,MAGP,SAAA,CAAU;AAAA,QACR,eAAe,OAAO,EAAE,KAAA,EAAO,GAAA,IAAuC,QAAA,KAAkB;AACtF,UAAA,MAAM,kBAAA;AAAA,YACJ,GAAA,CAAI,EAAA;AAAA,YAAI,KAAA;AAAA,YACR,mBAAA;AAAA,YACA,CAAA;AAAA;AAAA;AAAA,0BAAA,EAGgB,GAAG,CAAA;AAAA,4DAAA,EAC+B,GAAG,CAAA;AAAA,kBAAA;AAAA,WAEvD;AAAA,QACF,CAAA;AAAA,QACA,WAAW,EAAA,GAAK;AAAA,OACjB,CAAA;AAAA;AAAA,MAGD,QAAA,CAAS;AAAA,QACP,mBAAA,EAAqB,OAAO,MAAA,EAAsD,QAAA,KAAkB;AAClG,UAAA,MAAM,kBAAA;AAAA,YACJ,GAAA,CAAI,EAAA;AAAA,YAAI,MAAA,CAAO,KAAA;AAAA,YACf,mBAAA;AAAA,YACA,CAAA;AAAA;AAAA,0FAAA,EAEgF,OAAO,GAAG,CAAA;AAAA;AAAA,kBAAA;AAAA,WAG5F;AAAA,QACF,CAAA;AAAA,QACA,SAAA,EAAW,CAAA;AAAA,QACX,WAAW,EAAA,GAAK;AAAA,OACjB,CAAA;AAAA,MAED,YAAA,CAAa;AAAA,QACX,MAAA,EAAQ;AAAA,UACN,YAAA,EAAc;AAAA,YACZ,SAAA,EAAW,aAAA;AAAA,YACX,gBAAA,EAAkB;AAAA,cAChB,MAAA,EAAQ,EAAE,IAAA,EAAM,QAAA,EAAU,UAAU,KAAA,EAAO,YAAA,EAAc,QAAA,EAAU,KAAA,EAAO,IAAA,EAAK;AAAA,cAC/E,QAAQ,EAAE,IAAA,EAAM,UAAU,QAAA,EAAU,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,cACvD,KAAA,EAAO,EAAE,IAAA,EAAM,QAAA,EAAU,UAAU,KAAA,EAAO,YAAA,EAAc,EAAA,EAAI,KAAA,EAAO,IAAA;AAAK;AAC1E,WACF;AAAA,UACA,MAAA,EAAQ;AAAA,YACN,SAAA,EAAW,oBAAA;AAAA,YACX,MAAA,EAAQ,EAAE,cAAA,EAAgB,WAAA;AAAY,WACxC;AAAA,UACA,UAAA,EAAY;AAAA,YACV,SAAA,EAAW,wBAAA;AAAA,YACX,MAAA,EAAQ,EAAE,cAAA,EAAgB,WAAA;AAAY,WACxC;AAAA,UACA,IAAA,EAAM;AAAA,YACJ,SAAA,EAAW,kBAAA;AAAA,YACX,MAAA,EAAQ,EAAE,cAAA,EAAgB,WAAA;AAAY;AACxC;AACF,OACD;AAAA,KACH;AAAA;AAAA;AAAA;AAAA,IAKA,eAAA,EAAiB;AAAA,MACf,GAAI,GAAA,CAAI,gBAAA,IAAoB,GAAA,CAAI,oBAAA,GAC5B,EAAE,MAAA,EAAQ,EAAE,QAAA,EAAU,GAAA,CAAI,kBAAkB,YAAA,EAAc,GAAA,CAAI,oBAAA,EAAqB,KACnF,EAAC;AAAA,MACL,GAAI,GAAA,CAAI,gBAAA,IAAoB,GAAA,CAAI,oBAAA,GAC5B,EAAE,MAAA,EAAQ,EAAE,QAAA,EAAU,GAAA,CAAI,kBAAkB,YAAA,EAAc,GAAA,CAAI,oBAAA,EAAqB,KACnF;AAAC;AACP,GACF;AACF;AAMO,SAAS,UAAA,CAAW,GAAA,EAAe,gBAAA,EAAqC,cAAA,EAAyB;AAItG,EAAA,IAAI,CAAC,GAAA,CAAI,kBAAA,IAAsB,GAAA,CAAI,kBAAA,CAAmB,SAAS,EAAA,EAAI;AACjE,IAAA,MAAM,IAAI,KAAA;AAAA,MACR;AAAA,KAGF;AAAA,EACF;AACA,EAAA,MAAM,QAAA,GAAW,qBAAA,CAAsB,GAAA,EAAK,cAAc,CAAA;AAC1D,EAAA,MAAM,OAAA,GAAU,gBAAA,GAAmB,gBAAA,CAAiB,QAAQ,CAAA,GAAI,QAAA;AAChE,EAAA,OAAO,WAAW,OAA2C,CAAA;AAC/D","file":"chunk-IVPRUGTY.js","sourcesContent":["/**\n * Better Auth configuration for SonicJS — via the better-auth-cloudflare shim.\n *\n * A fresh auth instance is built per request (Workers lifecycle). The existing\n * `auth_user` table is used as Better Auth's user model. Legacy SonicJS PBKDF2\n * hashes are verified and transparently upgraded to scrypt on first login. KV\n * (CACHE_KV) is used as session secondary storage so getSession does not hit D1\n * on every request.\n *\n * Extend via config.auth.extendBetterAuth in createSonicJSApp() to add social\n * providers, magic link, 2FA, etc.\n */\n/** Send an email via the SonicJS email plugin (Resend).\n *  Loads apiKey/fromEmail/fromName from the `plugins` table at runtime.\n *  Falls back to console.log when the plugin is unconfigured (local dev). */\nasync function sendViaEmailPlugin(\n  db: D1Database,\n  to: string,\n  subject: string,\n  html: string\n): Promise<void> {\n  try {\n    const row = (await db\n      .prepare(\"SELECT settings FROM plugins WHERE id = 'email'\")\n      .first()) as { settings: string } | null\n    if (row?.settings) {\n      const { apiKey, fromEmail, fromName } = JSON.parse(row.settings) as {\n        apiKey?: string; fromEmail?: string; fromName?: string\n      }\n      if (apiKey && fromEmail) {\n        await fetch('https://api.resend.com/emails', {\n          method: 'POST',\n          headers: { Authorization: `Bearer ${apiKey}`, 'Content-Type': 'application/json' },\n          body: JSON.stringify({\n            from: `${fromName ?? 'SonicJS'} <${fromEmail}>`,\n            to: [to],\n            subject,\n            html,\n          }),\n        })\n        return\n      }\n    }\n  } catch { /* fall through to dev log */ }\n  console.log(`[email-dev] To:${to} | Subject:${subject}`)\n}\n\nimport { betterAuth } from 'better-auth'\nimport { withCloudflare } from 'better-auth-cloudflare'\nimport { hashPassword as baHashPassword, verifyPassword as baVerifyPassword } from 'better-auth/crypto'\nimport { APIError } from 'better-auth/api'\nimport { magicLink } from 'better-auth/plugins/magic-link'\nimport { emailOTP } from 'better-auth/plugins/email-otp'\nimport { organization } from 'better-auth/plugins/organization'\nimport { drizzle } from 'drizzle-orm/d1'\nimport { authUser, authSession, authAccount, authVerification, authTenant, authTenantMember, authTenantInvitation, authTenantTeam } from '../db/schema'\nimport { isRegistrationEnabled, isFirstUserRegistration } from '../services/auth-validation'\nimport type { Bindings } from '../app'\n\n/**\n * Verify a password against a SonicJS legacy PBKDF2 hash:\n *   pbkdf2:<iterations>:<saltHex>:<hashHex>   (PBKDF2-SHA256, 256-bit)\n * Mirrors AuthManager.verifyPassword in middleware/auth.ts.\n */\nasync function verifyLegacyPbkdf2(password: string, stored: string): Promise<boolean> {\n  const parts = stored.split(':')\n  if (parts.length !== 4) return false\n  const iterations = parseInt(parts[1]!, 10)\n  const saltBytes = parts[2]!.match(/.{2}/g)\n  if (!saltBytes || !Number.isFinite(iterations)) return false\n  const salt = new Uint8Array(saltBytes.map((b) => parseInt(b, 16)))\n  const km = await crypto.subtle.importKey('raw', new TextEncoder().encode(password), 'PBKDF2', false, ['deriveBits'])\n  const bits = await crypto.subtle.deriveBits({ name: 'PBKDF2', salt, iterations, hash: 'SHA-256' }, km, 256)\n  const actual = Array.from(new Uint8Array(bits)).map((b) => b.toString(16).padStart(2, '0')).join('')\n  const expected = parts[3]!\n  if (actual.length !== expected.length) return false\n  let diff = 0\n  for (let i = 0; i < actual.length; i++) diff |= actual.charCodeAt(i) ^ expected.charCodeAt(i)\n  return diff === 0\n}\n\n/**\n * Build the default Better Auth options used by SonicJS (through the CF shim).\n * Exported so apps can extend via config.auth.extendBetterAuth.\n */\nexport function getDefaultAuthOptions(env: Bindings, requestBaseURL?: string) {\n  const db = drizzle(env.DB)\n\n  return {\n    secret: env.BETTER_AUTH_SECRET,\n    baseURL: env.BETTER_AUTH_URL || requestBaseURL,\n    appName: 'SonicJS',\n    ...withCloudflare(\n      {\n        autoDetectIpAddress: true,\n        geolocationTracking: false,\n        cf: {},\n        d1: {\n          db,\n          options: {\n            // Keys MUST match modelName values — BA resolves by modelName, not by JS variable name.\n            schema: { auth_user: authUser, auth_session: authSession, auth_account: authAccount, auth_verification: authVerification, auth_tenant: authTenant, auth_tenant_member: authTenantMember, auth_tenant_invitation: authTenantInvitation, auth_tenant_team: authTenantTeam },\n          },\n        },\n        kv: env.CACHE_KV, // session secondary storage → getSession skips D1\n      },\n      {\n        basePath: '/auth',\n        emailAndPassword: {\n          enabled: true,\n          autoSignIn: true,\n          // Transparent migration of SonicJS legacy PBKDF2 hashes: verify against\n          // the old format on login, then re-hash to scrypt and persist. No\n          // mass-rehash, no forced password resets.\n          password: {\n            verify: async ({ hash, password }: { hash: string; password: string }) => {\n              if (hash.startsWith('pbkdf2:')) {\n                const ok = await verifyLegacyPbkdf2(password, hash)\n                if (ok) {\n                  const upgraded = await baHashPassword(password)\n                  await env.DB.prepare(\n                    \"UPDATE auth_account SET password = ?, updated_at = ? WHERE password = ? AND provider_id = 'credential'\"\n                  )\n                    .bind(upgraded, Math.floor(Date.now() / 1000), hash)\n                    .run()\n                }\n                return ok\n              }\n              return baVerifyPassword({ hash, password })\n            },\n          },\n        },\n        user: {\n          modelName: 'auth_user',\n          // Field-mapping values are Drizzle *property keys* (camelCase), which\n          // already match Better Auth's defaults for emailVerified/createdAt/\n          // updatedAt. Only `image` differs (SonicJS uses `avatar`).\n          fields: {\n            image: 'avatar',\n          },\n          additionalFields: {\n            role: { type: 'string', required: false, defaultValue: 'viewer', input: false },\n            firstName: { type: 'string', required: false, defaultValue: '', input: true },\n            lastName: { type: 'string', required: false, defaultValue: '', input: true },\n            isSuperAdmin: { type: 'boolean', required: false, defaultValue: false, input: false },\n          },\n        },\n        session: {\n          modelName: 'auth_session',\n          // Drizzle property keys already match Better Auth defaults (userId,\n          // expiresAt, ipAddress, …) — no field overrides needed.\n          expiresIn: 60 * 60 * 24 * 7, // 7 days\n          updateAge: 60 * 60 * 24, // refresh once per day\n        },\n        account: { modelName: 'auth_account' },\n        verification: { modelName: 'auth_verification' },\n        databaseHooks: {\n          user: {\n            create: {\n              before: async (userData: Record<string, unknown>) => {\n                const isFirst = await isFirstUserRegistration(env.DB)\n                if (!isFirst) {\n                  const enabled = await isRegistrationEnabled(env.DB)\n                  if (!enabled) {\n                    throw new APIError('BAD_REQUEST', { message: 'Registration is currently disabled.' })\n                  }\n                }\n                const d = userData as {\n                  name?: string; email?: string; firstName?: string; lastName?: string\n                }\n                const name = (d.name ?? 'User').toString()\n                const parts = name.trim().split(/\\s+/)\n                // Prefer explicitly-provided fields (registration form); fall back\n                // to values derived from name/email.\n                const firstName = d.firstName || parts[0] || 'User'\n                const lastName = d.lastName || parts.slice(1).join(' ') || firstName\n                return { data: { ...userData, name, firstName, lastName, role: 'viewer' } }\n              },\n              after: async (user: { id: string }) => {\n                // Assign dynamic RBAC membership. The first real user receives\n                // Administrator so fresh installs can enter the portal; later\n                // self-registered users receive Viewer.\n                try {\n                  // RBAC roles/assignments are document-backed (services/rbac.ts).\n                  // First real portal admin → Administrator; later users → Viewer.\n                  // setUserRoles (via addUserRoleByName) also projects auth_user.role.\n                  const { RbacService } = await import('../services/rbac')\n                  const rbac = new RbacService(env.DB)\n                  const roleName = (await rbac.countPortalAdmins(user.id)) === 0 ? 'admin' : 'viewer'\n                  await rbac.addUserRoleByName(user.id, roleName)\n                } catch {\n                  /* rbac docs may not be seeded yet on older schemas — non-fatal */\n                }\n              },\n            },\n          },\n        },\n      }\n    ),\n\n    // ── Phase 4: BA-native login methods ─────────────────────────────────────\n    // Magic-link and Email-OTP replace the standalone SonicJS plugins that\n    // minted JWT cookies. Social providers replace the bespoke oauth-providers\n    // plugin. All are gated on the relevant env vars / email service config\n    // so they activate only when configured.\n\n    plugins: [\n      // Magic-link passwordless auth. Sends a one-time link to the user's inbox;\n      // the link resolves to a BA session. Requires a working email service.\n      magicLink({\n        sendMagicLink: async ({ email, url }: { email: string; url: string }, _request: any) => {\n          await sendViaEmailPlugin(\n            env.DB, email,\n            'Your sign-in link',\n            `<div style=\"font-family:sans-serif;max-width:600px\">\n              <h2>Sign in to SonicJS</h2>\n              <p>Click the link below to sign in. Expires in 15 minutes.</p>\n              <p><a href=\"${url}\" style=\"background:#465FFF;color:#fff;padding:12px 24px;border-radius:6px;text-decoration:none\">Sign in</a></p>\n              <p style=\"color:#666;font-size:12px\">Or copy: ${url}</p>\n            </div>`\n          )\n        },\n        expiresIn: 15 * 60,\n      }),\n\n      // Email OTP — 6-digit code sent to inbox. Replaces the otp-login-plugin.\n      emailOTP({\n        sendVerificationOTP: async (params: { email: string; otp: string; type: string }, _request: any) => {\n          await sendViaEmailPlugin(\n            env.DB, params.email,\n            'Your sign-in code',\n            `<div style=\"font-family:sans-serif;max-width:600px\">\n              <h2>Your one-time code</h2>\n              <p style=\"font-size:36px;font-weight:bold;letter-spacing:8px;color:#465FFF\">${params.otp}</p>\n              <p style=\"color:#666\">Expires in 10 minutes. Do not share this code.</p>\n            </div>`\n          )\n        },\n        otpLength: 6,\n        expiresIn: 10 * 60,\n      }),\n\n      organization({\n        schema: {\n          organization: {\n            modelName: 'auth_tenant',\n            additionalFields: {\n              status: { type: 'string', required: false, defaultValue: 'active', input: true },\n              domain: { type: 'string', required: false, input: true },\n              notes: { type: 'string', required: false, defaultValue: '', input: true },\n            },\n          },\n          member: {\n            modelName: 'auth_tenant_member',\n            fields: { organizationId: 'tenant_id' },\n          },\n          invitation: {\n            modelName: 'auth_tenant_invitation',\n            fields: { organizationId: 'tenant_id' },\n          },\n          team: {\n            modelName: 'auth_tenant_team',\n            fields: { organizationId: 'tenant_id' },\n          },\n        },\n      }),\n    ],\n\n    // ── Phase 4: Social providers ─────────────────────────────────────────\n    // Activated when the relevant env vars are set. Replaces the bespoke\n    // oauth-providers SonicJS plugin. Set via wrangler secret put / .dev.vars.\n    socialProviders: {\n      ...(env.GITHUB_CLIENT_ID && env.GITHUB_CLIENT_SECRET\n        ? { github: { clientId: env.GITHUB_CLIENT_ID, clientSecret: env.GITHUB_CLIENT_SECRET } }\n        : {}),\n      ...(env.GOOGLE_CLIENT_ID && env.GOOGLE_CLIENT_SECRET\n        ? { google: { clientId: env.GOOGLE_CLIENT_ID, clientSecret: env.GOOGLE_CLIENT_SECRET } }\n        : {}),\n    },\n  }\n}\n\nexport type BetterAuthDefaultOptions = ReturnType<typeof getDefaultAuthOptions>\nexport type ExtendBetterAuth = (opts: BetterAuthDefaultOptions) => BetterAuthDefaultOptions\n\n/** Create a Better Auth instance for this request. */\nexport function createAuth(env: Bindings, extendBetterAuth?: ExtendBetterAuth, requestBaseURL?: string) {\n  // Hard-fail rather than sign sessions with an undefined/blank secret. The\n  // secret must be provided via `wrangler secret put BETTER_AUTH_SECRET`\n  // (prod/preview) or a gitignored `.dev.vars` (local) — never committed.\n  if (!env.BETTER_AUTH_SECRET || env.BETTER_AUTH_SECRET.length < 16) {\n    throw new Error(\n      'BETTER_AUTH_SECRET is missing or too short. Set it as a Wrangler secret ' +\n        '(wrangler secret put BETTER_AUTH_SECRET) or in a gitignored .dev.vars for local dev. ' +\n        'Refusing to initialize auth without a strong signing secret.'\n    )\n  }\n  const defaults = getDefaultAuthOptions(env, requestBaseURL)\n  const options = extendBetterAuth ? extendBetterAuth(defaults) : defaults\n  return betterAuth(options as Parameters<typeof betterAuth>[0])\n}\n\nexport type SonicJSAuth = ReturnType<typeof createAuth>\n"]}

package/dist/{chunk-JZVHLLSI.cjs → chunk-IXUHXTHW.cjs}

@@ -465,152 +465,6 @@ function buildQuery(table, filter) {
   return builder.build(table, filter);
 }
 
-// package.json
-var package_default = {
-  name: "@sonicjs-cms/core",
-  version: "2.19.0",
-  description: "Core framework for SonicJS headless CMS - Edge-first, TypeScript-native CMS built for Cloudflare Workers",
-  type: "module",
-  main: "./dist/index.cjs",
-  module: "./dist/index.js",
-  types: "./dist/index.d.ts",
-  bin: {
-    "sonicjs-db-reset": "./bin/db-reset.js"
-  },
-  exports: {
-    ".": {
-      types: "./dist/index.d.ts",
-      import: "./dist/index.js",
-      require: "./dist/index.cjs"
-    },
-    "./services": {
-      types: "./dist/services.d.ts",
-      import: "./dist/services.js",
-      require: "./dist/services.cjs"
-    },
-    "./middleware": {
-      types: "./dist/middleware.d.ts",
-      import: "./dist/middleware.js",
-      require: "./dist/middleware.cjs"
-    },
-    "./routes": {
-      types: "./dist/routes.d.ts",
-      import: "./dist/routes.js",
-      require: "./dist/routes.cjs"
-    },
-    "./templates": {
-      types: "./dist/templates.d.ts",
-      import: "./dist/templates.js",
-      require: "./dist/templates.cjs"
-    },
-    "./plugins": {
-      types: "./dist/plugins.d.ts",
-      import: "./dist/plugins.js",
-      require: "./dist/plugins.cjs"
-    },
-    "./utils": {
-      types: "./dist/utils.d.ts",
-      import: "./dist/utils.js",
-      require: "./dist/utils.cjs"
-    },
-    "./types": {
-      types: "./dist/types.d.ts",
-      import: "./dist/types.js",
-      require: "./dist/types.cjs"
-    },
-    "./package.json": "./package.json"
-  },
-  files: [
-    "bin",
-    "dist",
-    "migrations",
-    "README.md",
-    "LICENSE"
-  ],
-  scripts: {
-    "generate:migrations": "npx tsx scripts/generate-migrations.ts",
-    prebuild: "npm run generate:migrations",
-    build: "tsup",
-    dev: "tsup --watch",
-    "type-check": "tsc --noEmit",
-    lint: "eslint src/",
-    "lint:fix": "eslint src/ --fix",
-    test: "vitest --run",
-    "test:cov": "vitest --run --coverage",
-    "test:watch": "vitest",
-    prepublishOnly: "npm run build"
-  },
-  keywords: [
-    "cms",
-    "headless-cms",
-    "cloudflare",
-    "workers",
-    "edge",
-    "typescript",
-    "hono",
-    "content-management",
-    "api",
-    "sonicjs"
-  ],
-  author: "SonicJS Team",
-  license: "MIT",
-  repository: {
-    type: "git",
-    url: "git+https://github.com/sonicjs/sonicjs.git",
-    directory: "packages/core"
-  },
-  bugs: {
-    url: "https://github.com/sonicjs/sonicjs/issues"
-  },
-  homepage: "https://sonicjs.com",
-  peerDependencies: {
-    "@cloudflare/workers-types": "^4.0.0",
-    "drizzle-orm": "^0.44.0",
-    hono: "^4.0.0",
-    zod: "^3.0.0 || ^4.0.0"
-  },
-  dependencies: {
-    "@cf-wasm/resvg": "^0.3.3",
-    "csv-parse": "^6.2.1",
-    "drizzle-zod": "^0.8.3",
-    "highlight.js": "^11.11.1",
-    linkedom: "^0.18.12",
-    marked: "^16.4.1",
-    "qrcode-svg": "^1.1.0",
-    semver: "^7.7.3",
-    "tiny-lru": "^13.0.0"
-  },
-  devDependencies: {
-    "@cloudflare/workers-types": "^4.20251014.0",
-    "@types/node": "^24.9.2",
-    "@types/qrcode-svg": "^1.1.5",
-    "@typescript-eslint/eslint-plugin": "^8.50.0",
-    "@typescript-eslint/parser": "^8.50.0",
-    "@vitest/coverage-v8": "^4.0.5",
-    "drizzle-orm": "^0.45.2",
-    eslint: "^9.39.2",
-    glob: "^10.5.0",
-    hono: "^4.12.18",
-    tsup: "^8.5.0",
-    typescript: "^5.9.3",
-    vitest: "^4.0.5",
-    zod: "^4.1.12"
-  },
-  engines: {
-    node: ">=18.0.0"
-  },
-  publishConfig: {
-    access: "public",
-    registry: "https://registry.npmjs.org/"
-  }
-};
-
-// src/utils/version.ts
-var SONICJS_VERSION = package_default.version;
-function getCoreVersion() {
-  return SONICJS_VERSION;
-}
-
 // src/utils/blocks.ts
 function getBlocksFieldConfig(fieldOptions) {
   if (!fieldOptions || typeof fieldOptions !== "object") return null;
@@ -657,15 +511,12 @@ function parseBlocksValue(value, config) {
 }
 
 exports.QueryFilterBuilder = QueryFilterBuilder;
-exports.SONICJS_VERSION = SONICJS_VERSION;
 exports.TemplateRenderer = TemplateRenderer;
 exports.buildQuery = buildQuery;
 exports.generateSlug = generateSlug;
 exports.getBlocksFieldConfig = getBlocksFieldConfig;
-exports.getCoreVersion = getCoreVersion;
-exports.package_default = package_default;
 exports.parseBlocksValue = parseBlocksValue;
 exports.renderTemplate = renderTemplate;
 exports.templateRenderer = templateRenderer;
-//# sourceMappingURL=chunk-JZVHLLSI.cjs.map
-//# sourceMappingURL=chunk-JZVHLLSI.cjs.map
+//# sourceMappingURL=chunk-IXUHXTHW.cjs.map
+//# sourceMappingURL=chunk-IXUHXTHW.cjs.map

package/dist/chunk-IXUHXTHW.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/utils/slug-utils.ts","../src/utils/template-renderer.ts","../src/utils/query-filter.ts","../src/utils/blocks.ts"],"names":[],"mappings":";;;AAyBO,SAAS,aAAa,IAAA,EAAsB;AACjD,EAAA,IAAI,CAAC,MAAM,OAAO,EAAA;AAElB,EAAA,OAAO,IAAA,CACJ,WAAA,EAAY,CACZ,SAAA,CAAU,KAAK,CAAA,CACf,OAAA,CAAQ,kBAAA,EAAoB,EAAE,CAAA,CAC9B,OAAA,CAAQ,gBAAA,EAAkB,EAAE,CAAA,CAC5B,OAAA,CAAQ,MAAA,EAAQ,GAAG,CAAA,CACnB,OAAA,CAAQ,QAAA,EAAU,GAAG,CAAA,CACrB,OAAA,CAAQ,gBAAA,EAAkB,EAAE,CAAA,CAC5B,SAAA,CAAU,CAAA,EAAG,GAAG,CAAA;AACrB;;;AC9BO,IAAM,mBAAN,MAAuB;AAAA,EACpB,aAAA,uBAAoB,GAAA,EAAoB;AAAA,EAEhD,WAAA,GAAc;AAAA,EAEd;AAAA;AAAA;AAAA;AAAA,EAKQ,cAAA,CAAe,UAAkB,IAAA,EAA4B;AACnE,IAAA,IAAI,QAAA,GAAW,QAAA;AAGf,IAAA,QAAA,GAAW,SAAS,OAAA,CAAQ,kDAAA,EAAoD,CAAC,MAAA,EAAQ,WAAW,OAAA,KAAY;AAC9G,MAAA,MAAM,QAAQ,IAAA,CAAK,cAAA,CAAe,IAAA,EAAM,SAAA,CAAU,MAAM,CAAA;AACxD,MAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,KAAK,GAAG,OAAO,EAAA;AAElC,MAAA,OAAO,KAAA,CAAM,GAAA,CAAI,CAAC,IAAA,EAAM,KAAA,KAAU;AAEhC,QAAA,MAAM,WAAA,GAAc;AAAA,UAClB,GAAG,IAAA;AAAA;AAAA,UAEH,GAAA,EAAK,IAAA;AAAA;AAAA,UAEL,GAAI,OAAO,IAAA,KAAS,YAAY,IAAA,KAAS,IAAA,GAAO,OAAO,EAAC;AAAA,UACxD,QAAA,EAAU,KAAA;AAAA,UACV,UAAU,KAAA,KAAU,CAAA;AAAA,UACpB,OAAA,EAAS,KAAA,KAAU,KAAA,CAAM,MAAA,GAAS;AAAA,SACpC;AACA,QAAA,OAAO,IAAA,CAAK,cAAA,CAAe,OAAA,EAAS,WAAW,CAAA;AAAA,MACjD,CAAC,CAAA,CAAE,IAAA,CAAK,EAAE,CAAA;AAAA,IACZ,CAAC,CAAA;AAGD,IAAA,IAAI,OAAA,GAAU,CAAA;AACd,IAAA,OAAO,QAAA,CAAS,QAAA,CAAS,QAAQ,CAAA,IAAK,UAAU,GAAA,EAAK;AACnD,MAAA,MAAM,gBAAA,GAAmB,QAAA;AACzB,MAAA,QAAA,GAAW,SAAS,OAAA,CAAQ,8CAAA,EAAgD,CAAC,MAAA,EAAQ,WAAW,OAAA,KAAY;AAC1G,QAAA,MAAM,QAAQ,IAAA,CAAK,cAAA,CAAe,IAAA,EAAM,SAAA,CAAU,MAAM,CAAA;AAExD,QAAA,MAAM,QAAA,GAAW,KAAA,KAAU,IAAA,IAAS,KAAA,IAAS,KAAA,KAAU,KAAK,KAAA,KAAU,EAAA,IAAM,KAAA,KAAU,IAAA,IAAQ,KAAA,KAAU,MAAA;AACxG,QAAA,OAAO,QAAA,GAAW,IAAA,CAAK,cAAA,CAAe,OAAA,EAAS,IAAI,CAAA,GAAI,EAAA;AAAA,MACzD,CAAC,CAAA;AACD,MAAA,IAAI,qBAAqB,QAAA,EAAU;AACnC,MAAA,OAAA,EAAA;AAAA,IACF;AAGA,IAAA,QAAA,GAAW,QAAA,CAAS,OAAA,CAAQ,sBAAA,EAAwB,CAAC,QAAQ,QAAA,KAAa;AACxE,MAAA,MAAM,QAAQ,IAAA,CAAK,cAAA,CAAe,IAAA,EAAM,QAAA,CAAS,MAAM,CAAA;AACvD,MAAA,OAAO,UAAU,MAAA,IAAa,KAAA,KAAU,IAAA,GAAO,MAAA,CAAO,KAAK,CAAA,GAAI,EAAA;AAAA,IACjE,CAAC,CAAA;AAGD,IAAA,QAAA,GAAW,SAAS,OAAA,CAAQ,+BAAA,EAAiC,CAAC,KAAA,EAAO,QAAQ,QAAA,KAAa;AACxF,MAAA,MAAM,UAAA,GAAa,OAAO,IAAA,EAAK;AAC/B,MAAA,MAAM,OAAA,GAAU,SAAS,IAAA,EAAK;AAE9B,MAAA,IAAI,eAAe,WAAA,EAAa;AAC9B,QAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,cAAA,CAAe,IAAA,EAAM,OAAO,CAAA;AAC/C,QAAA,IAAI,KAAA,KAAU,MAAA,IAAa,KAAA,KAAU,IAAA,EAAM;AACzC,UAAA,OAAO,IAAA,CAAK,SAAA,CAAU,MAAA,CAAO,KAAK,CAAC,CAAA;AAAA,QACrC;AAAA,MACF;AAEA,MAAA,OAAO,KAAA;AAAA,IACT,CAAC,CAAA;AAGD,IAAA,QAAA,GAAW,QAAA,CAAS,OAAA,CAAQ,qBAAA,EAAuB,CAAC,OAAO,QAAA,KAAa;AACtE,MAAA,MAAM,OAAA,GAAU,SAAS,IAAA,EAAK;AAG9B,MAAA,IAAI,OAAA,CAAQ,QAAA,CAAS,GAAG,CAAA,EAAG;AACzB,QAAA,OAAO,KAAA;AAAA,MACT;AAEA,MAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,cAAA,CAAe,IAAA,EAAM,OAAO,CAAA;AAC/C,MAAA,IAAI,KAAA,KAAU,MAAM,OAAO,EAAA;AAC3B,MAAA,IAAI,KAAA,KAAU,QAAW,OAAO,EAAA;AAChC,MAAA,OAAO,OAAO,KAAK,CAAA;AAAA,IACrB,CAAC,CAAA;AAED,IAAA,OAAO,QAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKQ,cAAA,CAAe,KAAU,IAAA,EAAmB;AAClD,IAAA,IAAI,CAAC,GAAA,IAAO,IAAA,KAAS,EAAA,EAAI,OAAO,MAAA;AAEhC,IAAA,OAAO,KAAK,KAAA,CAAM,GAAG,EAAE,MAAA,CAAO,CAAC,SAAS,GAAA,KAAQ;AAC9C,MAAA,IAAI,OAAA,KAAY,IAAA,IAAQ,OAAA,KAAY,MAAA,EAAW,OAAO,MAAA;AACtD,MAAA,OAAO,QAAQ,GAAG,CAAA;AAAA,IACpB,GAAG,GAAG,CAAA;AAAA,EACR;AAAA;AAAA;AAAA;AAAA,EAKQ,UAAU,GAAA,EAAqB;AACrC,IAAA,OAAO,GAAA,CACJ,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAA,CACjB,QAAQ,OAAA,EAAS,CAAA,CAAA,KAAK,CAAA,CAAE,WAAA,EAAa,CAAA;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA,EAKA,MAAA,CAAO,QAAA,EAAkB,IAAA,GAAqB,EAAC,EAAW;AACxD,IAAA,OAAO,IAAA,CAAK,cAAA,CAAe,QAAA,EAAU,IAAI,CAAA;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA,EAKA,UAAA,GAAmB;AACjB,IAAA,IAAA,CAAK,cAAc,KAAA,EAAM;AAAA,EAC3B;AACF;AAGO,IAAM,gBAAA,GAAmB,IAAI,gBAAA;AAG7B,SAAS,cAAA,CAAe,QAAA,EAAkB,IAAA,GAAqB,EAAC,EAAW;AAChF,EAAA,OAAO,gBAAA,CAAiB,MAAA,CAAO,QAAA,EAAU,IAAI,CAAA;AAC/C;;;AC/GA,IAAM,sBAAA,uBAA0D,GAAA,CAAoB;AAAA,EAClF,QAAA;AAAA,EACA,YAAA;AAAA,EACA,cAAA;AAAA,EACA,oBAAA;AAAA,EACA,WAAA;AAAA,EACA,iBAAA;AAAA,EACA,MAAA;AAAA,EACA,UAAA;AAAA,EACA,aAAA;AAAA,EACA,WAAA;AAAA,EACA,IAAA;AAAA,EACA,QAAA;AAAA,EACA,KAAA;AAAA,EACA,QAAA;AAAA,EACA,MAAA;AAAA,EACA,QAAA;AAAA,EACA;AACF,CAAC,CAAA;AAiCM,SAAS,kBAAkB,KAAA,EAA4B;AAC5D,EAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAC7B,IAAA,MAAM,UAAA,GAAa,KAAA,CAAM,WAAA,EAAY,CAAE,IAAA,EAAK;AAC5C,IAAA,IAAI,UAAA,KAAe,KAAA,IAAS,UAAA,KAAe,MAAA,EAAQ;AACjD,MAAA,OAAO,UAAA;AAAA,IACT;AAAA,EACF;AACA,EAAA,OAAO,KAAA;AACT;AAMO,IAAM,qBAAN,MAAyB;AAAA,EACtB,SAAgB,EAAC;AAAA,EACjB,SAAmB,EAAC;AAAA;AAAA;AAAA;AAAA,EAK5B,KAAA,CAAM,WAAmB,MAAA,EAAkC;AACzD,IAAA,IAAA,CAAK,SAAS,EAAC;AACf,IAAA,IAAA,CAAK,SAAS,EAAC;AAEf,IAAA,IAAI,GAAA,GAAM,iBAAiB,SAAS,CAAA,CAAA;AAGpC,IAAA,IAAI,OAAO,KAAA,EAAO;AAChB,MAAA,MAAM,WAAA,GAAc,IAAA,CAAK,gBAAA,CAAiB,MAAA,CAAO,KAAK,CAAA;AACtD,MAAA,IAAI,WAAA,EAAa;AACf,QAAA,GAAA,IAAO,UAAU,WAAW,CAAA,CAAA;AAAA,MAC9B;AAAA,IACF;AAGA,IAAA,IAAI,MAAA,CAAO,IAAA,IAAQ,MAAA,CAAO,IAAA,CAAK,SAAS,CAAA,EAAG;AACzC,MAAA,MAAM,YAAA,GAAe,OAAO,IAAA,CACzB,GAAA,CAAI,OAAK,CAAA,EAAG,IAAA,CAAK,kBAAkB,CAAA,CAAE,KAAK,CAAC,CAAA,CAAA,EAAI,IAAA,CAAK,kBAAkB,CAAA,CAAE,KAAK,CAAC,CAAA,CAAE,CAAA,CAChF,KAAK,IAAI,CAAA;AACZ,MAAA,GAAA,IAAO,aAAa,YAAY,CAAA,CAAA;AAAA,IAClC;AAGA,IAAA,IAAI,OAAO,KAAA,EAAO;AAChB,MAAA,GAAA,IAAO,CAAA,QAAA,CAAA;AACP,MAAA,IAAA,CAAK,MAAA,CAAO,IAAA,CAAK,MAAA,CAAO,KAAK,CAAA;AAAA,IAC/B;AAGA,IAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,MAAA,GAAA,IAAO,CAAA,SAAA,CAAA;AACP,MAAA,IAAA,CAAK,MAAA,CAAO,IAAA,CAAK,MAAA,CAAO,MAAM,CAAA;AAAA,IAChC;AAEA,IAAA,OAAO;AAAA,MACL,GAAA;AAAA,MACA,QAAQ,IAAA,CAAK,MAAA;AAAA,MACb,QAAQ,IAAA,CAAK;AAAA,KACf;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,iBAAiB,KAAA,EAA4B;AACnD,IAAA,MAAM,UAAoB,EAAC;AAG3B,IAAA,IAAI,KAAA,CAAM,GAAA,IAAO,KAAA,CAAM,GAAA,CAAI,SAAS,CAAA,EAAG;AACrC,MAAA,MAAM,UAAA,GAAa,KAAA,CAAM,GAAA,CACtB,GAAA,CAAI,CAAA,SAAA,KAAa,IAAA,CAAK,cAAA,CAAe,SAAS,CAAC,CAAA,CAC/C,MAAA,CAAO,CAAA,MAAA,KAAU,WAAW,IAAI,CAAA;AAEnC,MAAA,IAAI,UAAA,CAAW,SAAS,CAAA,EAAG;AACzB,QAAA,OAAA,CAAQ,KAAK,CAAA,CAAA,EAAI,UAAA,CAAW,IAAA,CAAK,OAAO,CAAC,CAAA,CAAA,CAAG,CAAA;AAAA,MAC9C;AAAA,IACF;AAGA,IAAA,IAAI,KAAA,CAAM,EAAA,IAAM,KAAA,CAAM,EAAA,CAAG,SAAS,CAAA,EAAG;AACnC,MAAA,MAAM,SAAA,GAAY,KAAA,CAAM,EAAA,CACrB,GAAA,CAAI,CAAA,SAAA,KAAa,IAAA,CAAK,cAAA,CAAe,SAAS,CAAC,CAAA,CAC/C,MAAA,CAAO,CAAA,MAAA,KAAU,WAAW,IAAI,CAAA;AAEnC,MAAA,IAAI,SAAA,CAAU,SAAS,CAAA,EAAG;AACxB,QAAA,OAAA,CAAQ,KAAK,CAAA,CAAA,EAAI,SAAA,CAAU,IAAA,CAAK,MAAM,CAAC,CAAA,CAAA,CAAG,CAAA;AAAA,MAC5C;AAAA,IACF;AAEA,IAAA,OAAO,OAAA,CAAQ,KAAK,OAAO,CAAA;AAAA,EAC7B;AAAA;AAAA;AAAA;AAAA,EAKQ,eAAe,SAAA,EAA2C;AAChE,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,iBAAA,CAAkB,SAAA,CAAU,KAAK,CAAA;AAEpD,IAAA,QAAQ,UAAU,QAAA;AAAU,MAC1B,KAAK,QAAA;AACH,QAAA,OAAO,IAAA,CAAK,WAAA,CAAY,KAAA,EAAO,SAAA,CAAU,KAAK,CAAA;AAAA,MAEhD,KAAK,YAAA;AACH,QAAA,OAAO,IAAA,CAAK,cAAA,CAAe,KAAA,EAAO,SAAA,CAAU,KAAK,CAAA;AAAA,MAEnD,KAAK,cAAA;AACH,QAAA,OAAO,IAAA,CAAK,eAAA,CAAgB,KAAA,EAAO,GAAA,EAAK,UAAU,KAAK,CAAA;AAAA,MAEzD,KAAK,oBAAA;AACH,QAAA,OAAO,IAAA,CAAK,eAAA,CAAgB,KAAA,EAAO,IAAA,EAAM,UAAU,KAAK,CAAA;AAAA,MAE1D,KAAK,WAAA;AACH,QAAA,OAAO,IAAA,CAAK,eAAA,CAAgB,KAAA,EAAO,GAAA,EAAK,UAAU,KAAK,CAAA;AAAA,MAEzD,KAAK,iBAAA;AACH,QAAA,OAAO,IAAA,CAAK,eAAA,CAAgB,KAAA,EAAO,IAAA,EAAM,UAAU,KAAK,CAAA;AAAA,MAE1D,KAAK,MAAA;AACH,QAAA,OAAO,IAAA,CAAK,SAAA,CAAU,KAAA,EAAO,SAAA,CAAU,KAAK,CAAA;AAAA,MAE9C,KAAK,UAAA;AACH,QAAA,OAAO,IAAA,CAAK,aAAA,CAAc,KAAA,EAAO,SAAA,CAAU,KAAK,CAAA;AAAA,MAElD,KAAK,aAAA;AACH,QAAA,OAAO,IAAA,CAAK,eAAA,CAAgB,KAAA,EAAO,SAAA,CAAU,KAAK,CAAA;AAAA,MAEpD,KAAK,WAAA;AACH,QAAA,OAAO,IAAA,CAAK,aAAA,CAAc,KAAA,EAAO,SAAA,CAAU,KAAK,CAAA;AAAA,MAElD,KAAK,IAAA;AACH,QAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,KAAA,EAAO,SAAA,CAAU,KAAK,CAAA;AAAA,MAE5C,KAAK,QAAA;AACH,QAAA,OAAO,IAAA,CAAK,UAAA,CAAW,KAAA,EAAO,SAAA,CAAU,KAAK,CAAA;AAAA,MAE/C,KAAK,KAAA;AACH,QAAA,OAAO,IAAA,CAAK,QAAA,CAAS,KAAA,EAAO,SAAA,CAAU,KAAK,CAAA;AAAA,MAE7C,KAAK,QAAA;AACH,QAAA,OAAO,IAAA,CAAK,WAAA,CAAY,KAAA,EAAO,SAAA,CAAU,KAAK,CAAA;AAAA,MAEhD,KAAK,MAAA;AACH,QAAA,IAAA,CAAK,MAAA,CAAO,KAAK,CAAA,8FAAA,CAAgG,CAAA;AACjH,QAAA,OAAO,IAAA;AAAA,MAET,KAAK,QAAA;AACH,QAAA,IAAA,CAAK,MAAA,CAAO,KAAK,CAAA,gGAAA,CAAkG,CAAA;AACnH,QAAA,OAAO,IAAA;AAAA,MAET,KAAK,YAAA;AACH,QAAA,IAAA,CAAK,MAAA,CAAO,KAAK,CAAA,oGAAA,CAAsG,CAAA;AACvH,QAAA,OAAO,IAAA;AAAA,MAET;AACE,QAAA,IAAA,CAAK,MAAA,CAAO,IAAA,CAAK,CAAA,kBAAA,EAAqB,SAAA,CAAU,QAAQ,CAAA,CAAE,CAAA;AAC1D,QAAA,OAAO,IAAA;AAAA;AACX,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,WAAA,CAAY,OAAe,KAAA,EAAoB;AACrD,IAAA,IAAI,UAAU,IAAA,EAAM;AAClB,MAAA,OAAO,GAAG,KAAK,CAAA,QAAA,CAAA;AAAA,IACjB;AACA,IAAA,IAAA,CAAK,MAAA,CAAO,KAAK,KAAK,CAAA;AACtB,IAAA,OAAO,GAAG,KAAK,CAAA,IAAA,CAAA;AAAA,EACjB;AAAA;AAAA;AAAA;AAAA,EAKQ,cAAA,CAAe,OAAe,KAAA,EAAoB;AACxD,IAAA,IAAI,UAAU,IAAA,EAAM;AAClB,MAAA,OAAO,GAAG,KAAK,CAAA,YAAA,CAAA;AAAA,IACjB;AACA,IAAA,IAAA,CAAK,MAAA,CAAO,KAAK,KAAK,CAAA;AACtB,IAAA,OAAO,GAAG,KAAK,CAAA,KAAA,CAAA;AAAA,EACjB;AAAA;AAAA;AAAA;AAAA,EAKQ,eAAA,CAAgB,KAAA,EAAe,QAAA,EAAkB,KAAA,EAAoB;AAC3E,IAAA,IAAA,CAAK,MAAA,CAAO,KAAK,KAAK,CAAA;AACtB,IAAA,OAAO,CAAA,EAAG,KAAK,CAAA,CAAA,EAAI,QAAQ,CAAA,EAAA,CAAA;AAAA,EAC7B;AAAA;AAAA;AAAA;AAAA,EAKQ,SAAA,CAAU,OAAe,KAAA,EAAuB;AACtD,IAAA,MAAM,KAAA,GAAQ,MAAM,KAAA,CAAM,KAAK,EAAE,MAAA,CAAO,CAAA,CAAA,KAAK,CAAA,CAAE,MAAA,GAAS,CAAC,CAAA;AAEzD,IAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,MAAA,OAAO,CAAA,GAAA,CAAA;AAAA,IACT;AAEA,IAAA,MAAM,UAAA,GAAa,KAAA,CAAM,GAAA,CAAI,CAAA,IAAA,KAAQ;AACnC,MAAA,IAAA,CAAK,MAAA,CAAO,IAAA,CAAK,CAAA,CAAA,EAAI,IAAI,CAAA,CAAA,CAAG,CAAA;AAC5B,MAAA,OAAO,GAAG,KAAK,CAAA,OAAA,CAAA;AAAA,IACjB,CAAC,CAAA;AAED,IAAA,OAAO,CAAA,CAAA,EAAI,UAAA,CAAW,IAAA,CAAK,OAAO,CAAC,CAAA,CAAA,CAAA;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA,EAKQ,aAAA,CAAc,OAAe,KAAA,EAAuB;AAC1D,IAAA,IAAA,CAAK,MAAA,CAAO,IAAA,CAAK,CAAA,CAAA,EAAI,KAAK,CAAA,CAAA,CAAG,CAAA;AAC7B,IAAA,OAAO,GAAG,KAAK,CAAA,OAAA,CAAA;AAAA,EACjB;AAAA;AAAA;AAAA;AAAA,EAKQ,eAAA,CAAgB,OAAe,KAAA,EAAuB;AAC5D,IAAA,IAAA,CAAK,MAAA,CAAO,IAAA,CAAK,CAAA,EAAG,KAAK,CAAA,CAAA,CAAG,CAAA;AAC5B,IAAA,OAAO,GAAG,KAAK,CAAA,OAAA,CAAA;AAAA,EACjB;AAAA;AAAA;AAAA;AAAA,EAKQ,aAAA,CAAc,OAAe,KAAA,EAAuB;AAC1D,IAAA,IAAA,CAAK,MAAA,CAAO,IAAA,CAAK,CAAA,CAAA,EAAI,KAAK,CAAA,CAAE,CAAA;AAC5B,IAAA,OAAO,GAAG,KAAK,CAAA,OAAA,CAAA;AAAA,EACjB;AAAA;AAAA;AAAA;AAAA,EAKQ,OAAA,CAAQ,OAAe,KAAA,EAAoB;AACjD,IAAA,IAAI,MAAA;AAEJ,IAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAE7B,MAAA,MAAA,GAAS,KAAA,CAAM,KAAA,CAAM,GAAG,CAAA,CAAE,IAAI,CAAA,CAAA,KAAK,CAAA,CAAE,IAAA,EAAM,CAAA,CAAE,MAAA,CAAO,CAAA,CAAA,KAAK,CAAA,CAAE,SAAS,CAAC,CAAA;AAAA,IACvE,CAAA,MAAA,IAAW,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,EAAG;AAC/B,MAAA,MAAA,GAAS,KAAA;AAAA,IACX,CAAA,MAAO;AACL,MAAA,MAAA,GAAS,CAAC,KAAK,CAAA;AAAA,IACjB;AAEA,IAAA,IAAI,MAAA,CAAO,WAAW,CAAA,EAAG;AACvB,MAAA,OAAO,CAAA,GAAA,CAAA;AAAA,IACT;AAEA,IAAA,MAAM,YAAA,GAAe,MAAA,CAAO,GAAA,CAAI,CAAA,CAAA,KAAK;AACnC,MAAA,IAAA,CAAK,MAAA,CAAO,KAAK,CAAC,CAAA;AAClB,MAAA,OAAO,GAAA;AAAA,IACT,CAAC,CAAA,CAAE,IAAA,CAAK,IAAI,CAAA;AAEZ,IAAA,OAAO,CAAA,EAAG,KAAK,CAAA,KAAA,EAAQ,YAAY,CAAA,CAAA,CAAA;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA,EAKQ,UAAA,CAAW,OAAe,KAAA,EAAoB;AACpD,IAAA,IAAI,MAAA;AAEJ,IAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAE7B,MAAA,MAAA,GAAS,KAAA,CAAM,KAAA,CAAM,GAAG,CAAA,CAAE,IAAI,CAAA,CAAA,KAAK,CAAA,CAAE,IAAA,EAAM,CAAA,CAAE,MAAA,CAAO,CAAA,CAAA,KAAK,CAAA,CAAE,SAAS,CAAC,CAAA;AAAA,IACvE,CAAA,MAAA,IAAW,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,EAAG;AAC/B,MAAA,MAAA,GAAS,KAAA;AAAA,IACX,CAAA,MAAO;AACL,MAAA,MAAA,GAAS,CAAC,KAAK,CAAA;AAAA,IACjB;AAEA,IAAA,IAAI,MAAA,CAAO,WAAW,CAAA,EAAG;AACvB,MAAA,OAAO,CAAA,GAAA,CAAA;AAAA,IACT;AAEA,IAAA,MAAM,YAAA,GAAe,MAAA,CAAO,GAAA,CAAI,CAAA,CAAA,KAAK;AACnC,MAAA,IAAA,CAAK,MAAA,CAAO,KAAK,CAAC,CAAA;AAClB,MAAA,OAAO,GAAA;AAAA,IACT,CAAC,CAAA,CAAE,IAAA,CAAK,IAAI,CAAA;AAEZ,IAAA,OAAO,CAAA,EAAG,KAAK,CAAA,SAAA,EAAY,YAAY,CAAA,CAAA,CAAA;AAAA,EACzC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMQ,QAAA,CAAS,OAAe,KAAA,EAAoB;AAClD,IAAA,IAAI,MAAA;AAEJ,IAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAC7B,MAAA,MAAA,GAAS,KAAA,CAAM,KAAA,CAAM,GAAG,CAAA,CAAE,IAAI,CAAA,CAAA,KAAK,CAAA,CAAE,IAAA,EAAM,CAAA,CAAE,MAAA,CAAO,CAAA,CAAA,KAAK,CAAA,CAAE,SAAS,CAAC,CAAA;AAAA,IACvE,CAAA,MAAA,IAAW,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,EAAG;AAC/B,MAAA,MAAA,GAAS,KAAA;AAAA,IACX,CAAA,MAAO;AACL,MAAA,MAAA,GAAS,CAAC,KAAK,CAAA;AAAA,IACjB;AAEA,IAAA,IAAI,MAAA,CAAO,WAAW,CAAA,EAAG;AACvB,MAAA,OAAO,CAAA,GAAA,CAAA;AAAA,IACT;AAIA,IAAA,MAAM,UAAA,GAAa,MAAA,CAAO,GAAA,CAAI,CAAA,GAAA,KAAO;AACnC,MAAA,IAAA,CAAK,MAAA,CAAO,IAAA,CAAK,CAAA,CAAA,EAAI,GAAG,CAAA,CAAA,CAAG,CAAA;AAC3B,MAAA,OAAO,GAAG,KAAK,CAAA,OAAA,CAAA;AAAA,IACjB,CAAC,CAAA;AAED,IAAA,OAAO,CAAA,CAAA,EAAI,UAAA,CAAW,IAAA,CAAK,OAAO,CAAC,CAAA,CAAA,CAAA;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA,EAKQ,WAAA,CAAY,OAAe,KAAA,EAAwB;AACzD,IAAA,IAAI,KAAA,EAAO;AACT,MAAA,OAAO,CAAA,EAAG,KAAK,CAAA,iBAAA,EAAoB,KAAK,CAAA,MAAA,CAAA;AAAA,IAC1C,CAAA,MAAO;AACL,MAAA,OAAO,CAAA,CAAA,EAAI,KAAK,CAAA,YAAA,EAAe,KAAK,CAAA,MAAA,CAAA;AAAA,IACtC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,kBAAkB,KAAA,EAAuB;AAE/C,IAAA,MAAM,SAAA,GAAY,KAAA,CAAM,OAAA,CAAQ,kBAAA,EAAoB,EAAE,CAAA;AAGtD,IAAA,IAAI,SAAA,CAAU,QAAA,CAAS,GAAG,CAAA,EAAG;AAC3B,MAAA,MAAM,CAAC,KAAA,EAAO,GAAG,IAAI,CAAA,GAAI,SAAA,CAAU,MAAM,GAAG,CAAA;AAC5C,MAAA,OAAO,gBAAgB,KAAK,CAAA,KAAA,EAAQ,IAAA,CAAK,IAAA,CAAK,GAAG,CAAC,CAAA,EAAA,CAAA;AAAA,IACpD;AAEA,IAAA,OAAO,SAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMQ,kBAAkB,KAAA,EAAuB;AAC/C,IAAA,MAAM,aAAa,MAAA,CAAO,KAAK,CAAA,CAAE,WAAA,GAAc,IAAA,EAAK;AACpD,IAAA,IAAI,UAAA,KAAe,KAAA,IAAS,UAAA,KAAe,MAAA,EAAQ;AACjD,MAAA,OAAO,UAAA;AAAA,IACT;AACA,IAAA,OAAO,KAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,eAAe,KAAA,EAAyC;AAC7D,IAAA,MAAM,SAAsB,EAAC;AAG7B,IAAA,IAAI,MAAM,KAAA,EAAO;AACf,MAAA,IAAI;AACF,QAAA,MAAA,CAAO,KAAA,GAAQ,OAAO,KAAA,CAAM,KAAA,KAAU,QAAA,GAClC,KAAK,KAAA,CAAM,KAAA,CAAM,KAAK,CAAA,GACtB,KAAA,CAAM,KAAA;AAAA,MACZ,SAAS,CAAA,EAAG;AACV,QAAA,OAAA,CAAQ,KAAA,CAAM,iCAAiC,CAAC,CAAA;AAAA,MAClD;AAAA,IACF;AAGA,IAAA,IAAI,CAAC,OAAO,KAAA,EAAO;AACjB,MAAA,MAAA,CAAO,KAAA,GAAQ,EAAE,GAAA,EAAK,EAAC,EAAE;AAAA,IAC3B;AACA,IAAA,IAAI,CAAC,MAAA,CAAO,KAAA,CAAM,GAAA,EAAK;AACrB,MAAA,MAAA,CAAO,KAAA,CAAM,MAAM,EAAC;AAAA,IACtB;AAIA,IAAA,MAAM,mBAAA,GAA8C;AAAA,MAClD,QAAA,EAAU,QAAA;AAAA,MACV,eAAA,EAAiB;AAAA,KACnB;AAEA,IAAA,KAAA,MAAW,CAAC,UAAA,EAAY,OAAO,KAAK,MAAA,CAAO,OAAA,CAAQ,mBAAmB,CAAA,EAAG;AACvE,MAAA,IAAI,KAAA,CAAM,UAAU,CAAA,EAAG;AACrB,QAAA,MAAA,CAAO,KAAA,CAAM,IAAI,IAAA,CAAK;AAAA,UACpB,KAAA,EAAO,OAAA;AAAA,UACP,QAAA,EAAU,QAAA;AAAA,UACV,KAAA,EAAO,MAAM,UAAU;AAAA,SACxB,CAAA;AAAA,MACH;AAAA,IACF;AAGA,IAAA,MAAM,kBAAA,GAAqB,uCAAA;AAC3B,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,QAAQ,KAAK,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAA,EAAG;AACnD,MAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,KAAA,CAAM,kBAAkB,CAAA;AAC1C,MAAA,IAAI,CAAC,KAAA,EAAO;AAEZ,MAAA,MAAM,KAAA,GAAQ,MAAM,CAAC,CAAA;AACrB,MAAA,MAAM,QAAA,GAAY,KAAA,CAAM,CAAC,CAAA,IAAK,QAAA;AAE9B,MAAA,IAAI,CAAC,KAAA,IAAS,CAAC,sBAAA,CAAuB,GAAA,CAAI,QAAQ,CAAA,EAAG;AACrD,MAAA,IAAI,QAAA,KAAa,MAAA,IAAa,QAAA,KAAa,IAAA,EAAM;AAEjD,MAAA,IAAI,KAAA,GAAa,QAAA;AACjB,MAAA,IAAI,aAAa,QAAA,EAAU;AACzB,QAAA,KAAA,GAAQ,UAAU,MAAA,IAAU,KAAA,KAAU,IAAA,IAAQ,KAAA,KAAU,OAAO,KAAA,KAAU,CAAA;AAAA,MAC3E;AAEA,MAAA,MAAA,CAAO,MAAM,GAAA,CAAI,IAAA,CAAK,EAAE,KAAA,EAAO,QAAA,EAAU,OAAO,CAAA;AAAA,IAClD;AAGA,IAAA,IAAI,MAAM,KAAA,EAAO;AACf,MAAA,MAAA,CAAO,QAAQ,IAAA,CAAK,GAAA,CAAI,SAAS,KAAA,CAAM,KAAK,GAAG,GAAI,CAAA;AAAA,IACrD;AAGA,IAAA,IAAI,MAAM,MAAA,EAAQ;AAChB,MAAA,MAAA,CAAO,MAAA,GAAS,QAAA,CAAS,KAAA,CAAM,MAAM,CAAA;AAAA,IACvC;AAGA,IAAA,IAAI,MAAM,IAAA,EAAM;AACd,MAAA,IAAI;AACF,QAAA,MAAM,MAAA,GAAS,OAAO,KAAA,CAAM,IAAA,KAAS,QAAA,GACjC,KAAK,KAAA,CAAM,KAAA,CAAM,IAAI,CAAA,GACrB,KAAA,CAAM,IAAA;AAEV,QAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,MAAM,CAAA,EAAG;AACzB,UAAA,MAAA,CAAO,IAAA,GAAO,MAAA,CACX,MAAA,CAAO,CAAC,CAAA,KAAW,CAAA,IAAK,OAAO,CAAA,CAAE,KAAA,KAAU,QAAQ,CAAA,CACnD,GAAA,CAAI,CAAC,CAAA,MAAY;AAAA,YAChB,OAAO,CAAA,CAAE,KAAA;AAAA,YACT,KAAA,EAAO,iBAAA,CAAkB,CAAA,CAAE,KAAK;AAAA,WAClC,CAAE,CAAA;AAAA,QACN;AAAA,MACF,SAAS,CAAA,EAAG;AACV,QAAA,OAAA,CAAQ,KAAA,CAAM,gCAAgC,CAAC,CAAA;AAAA,MACjD;AAAA,IACF;AAEA,IAAA,OAAO,MAAA;AAAA,EACT;AACF;AAKO,SAAS,UAAA,CAAW,OAAe,MAAA,EAAkC;AAC1E,EAAA,MAAM,OAAA,GAAU,IAAI,kBAAA,EAAmB;AACvC,EAAA,OAAO,OAAA,CAAQ,KAAA,CAAM,KAAA,EAAO,MAAM,CAAA;AACpC;;;AC7gBO,SAAS,qBAAqB,YAAA,EAA6C;AAChF,EAAA,IAAI,CAAC,YAAA,IAAgB,OAAO,YAAA,KAAiB,UAAU,OAAO,IAAA;AAE9D,EAAA,MAAM,WAAA,GAAc,aAAa,KAAA,IAAS,OAAO,aAAa,KAAA,KAAU,QAAA,GACpE,aAAa,KAAA,GACb,IAAA;AAEJ,EAAA,IAAI,CAAC,eAAe,CAAC,WAAA,CAAY,UAAU,OAAO,WAAA,CAAY,WAAW,QAAA,EAAU;AACjF,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,aAAA,GAAgB,OAAO,WAAA,CAAY,aAAA,KAAkB,YAAY,WAAA,CAAY,aAAA,GAC/E,YAAY,aAAA,GACZ,WAAA;AAEJ,EAAA,OAAO;AAAA,IACL,QAAQ,WAAA,CAAY,MAAA;AAAA,IACpB;AAAA,GACF;AACF;AAEO,SAAS,gBAAA,CAAiB,OAAgB,MAAA,EAA2B;AAC1E,EAAA,MAAM,SAAmB,EAAC;AAC1B,EAAA,IAAI,QAAA,GAAW,KAAA;AAEf,EAAA,IAAI,QAAA,KAAa,IAAA,IAAQ,QAAA,KAAa,MAAA,IAAa,aAAa,EAAA,EAAI;AAClE,IAAA,OAAO,EAAE,KAAA,EAAO,EAAC,EAAY,MAAA,EAAO;AAAA,EACtC;AAEA,EAAA,IAAI,OAAO,aAAa,QAAA,EAAU;AAChC,IAAA,IAAI;AACF,MAAA,QAAA,GAAW,IAAA,CAAK,MAAM,QAAQ,CAAA;AAAA,IAChC,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,EAAE,KAAA,EAAO,IAAa,MAAA,EAAQ,CAAC,iCAAiC,CAAA,EAAE;AAAA,IAC3E;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,QAAQ,CAAA,EAAG;AAC5B,IAAA,OAAO,EAAE,KAAA,EAAO,IAAa,MAAA,EAAQ,CAAC,+BAA+B,CAAA,EAAE;AAAA,EACzE;AAEA,EAAA,MAAM,UAAA,GAAa,QAAA,CAAS,GAAA,CAAI,CAAC,MAAM,KAAA,KAAU;AAC/C,IAAA,IAAI,CAAC,IAAA,IAAQ,OAAO,IAAA,KAAS,QAAA,EAAU;AACrC,MAAA,MAAA,CAAO,IAAA,CAAK,CAAA,OAAA,EAAU,KAAA,GAAQ,CAAC,CAAA,kBAAA,CAAoB,CAAA;AACnD,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,IAAK,KAAa,SAAA,IAAc,IAAA,CAAa,QAAQ,OAAQ,IAAA,CAAa,SAAS,QAAA,EAAU;AAC3F,MAAA,OAAO,EAAE,CAAC,MAAA,CAAO,aAAa,GAAI,IAAA,CAAa,SAAA,EAAW,GAAI,IAAA,CAAa,IAAA,EAAK;AAAA,IAClF;AAEA,IAAA,IAAI,EAAE,MAAA,CAAO,aAAA,IAAkB,IAAA,CAAA,EAAe;AAC5C,MAAA,MAAA,CAAO,KAAK,CAAA,OAAA,EAAU,KAAA,GAAQ,CAAC,CAAA,aAAA,EAAgB,MAAA,CAAO,aAAa,CAAA,CAAA,CAAG,CAAA;AAAA,IACxE;AAEA,IAAA,OAAO,IAAA;AAAA,EACT,CAAC,CAAA,CAAE,MAAA,CAAO,CAAC,IAAA,KAAS,SAAS,IAAI,CAAA;AAEjC,EAAA,OAAO,EAAE,KAAA,EAAO,UAAA,EAAY,MAAA,EAAO;AACrC","file":"chunk-IXUHXTHW.cjs","sourcesContent":["/**\n * Slug generation utilities for creating URL-friendly slugs\n */\n\n/**\n * Generate URL-friendly slug from text\n * \n * Features:\n * - Converts to lowercase\n * - Handles accented characters (NFD normalization)\n * - Removes diacritics\n * - Keeps only alphanumeric, spaces, underscores, and hyphens\n * - Replaces spaces with hyphens\n * - Collapses multiple hyphens/underscores\n * - Trims leading/trailing hyphens/underscores\n * - Limits length to 100 characters\n * \n * @param text - Text to slugify\n * @returns URL-safe slug\n * \n * @example\n * generateSlug('Hello World!') // 'hello-world'\n * generateSlug('Café París 2024') // 'cafe-paris-2024'\n * generateSlug('Multiple   Spaces') // 'multiple-spaces'\n */\nexport function generateSlug(text: string): string {\n  if (!text) return '';\n  \n  return text\n    .toLowerCase()\n    .normalize('NFD') // Decompose combined characters (e.g., é -> e + ́)\n    .replace(/[\\u0300-\\u036f]/g, '') // Remove diacritics\n    .replace(/[^a-z0-9\\s_-]/g, '') // Keep only alphanumeric, spaces, underscores, hyphens\n    .replace(/\\s+/g, '-') // Replace spaces with hyphens\n    .replace(/[-_]+/g, '-') // Collapse multiple hyphens/underscores\n    .replace(/^[-_]+|[-_]+$/g, '') // Trim leading/trailing hyphens/underscores\n    .substring(0, 100); // Limit length for URL safety\n}\n","// Template renderer compatible with Cloudflare Workers\n// No filesystem access available\n\ninterface TemplateData {\n  [key: string]: any\n}\n\nexport class TemplateRenderer {\n  private templateCache = new Map<string, string>()\n\n  constructor() {\n    // Cloudflare Workers compatible - no filesystem access\n  }\n\n  /**\n   * Simple Handlebars-like template engine\n   */\n  private renderTemplate(template: string, data: TemplateData): string {\n    let rendered = template\n\n    // Handle each loops - process outermost loops first for proper nesting\n    rendered = rendered.replace(/\\{\\{#each\\s+([^}]+)\\}\\}([\\s\\S]*?)\\{\\{\\/each\\}\\}/g, (_match, arrayName, content) => {\n      const array = this.getNestedValue(data, arrayName.trim())\n      if (!Array.isArray(array)) return ''\n      \n      return array.map((item, index) => {\n        // Create context with array item and special variables\n        const itemContext = {\n          ...data,\n          // Handle primitive items (for {{.}} syntax)\n          '.': item,\n          // Spread item properties if it's an object\n          ...(typeof item === 'object' && item !== null ? item : {}),\n          '@index': index,\n          '@first': index === 0,\n          '@last': index === array.length - 1\n        }\n        return this.renderTemplate(content, itemContext)\n      }).join('')\n    })\n\n    // Second pass: Handle conditionals\n    let ifCount = 0\n    while (rendered.includes('{{#if ') && ifCount < 100) {\n      const previousRendered = rendered\n      rendered = rendered.replace(/\\{\\{#if\\s+([^}]+)\\}\\}([\\s\\S]*?)\\{\\{\\/if\\}\\}/g, (_match, condition, content) => {\n        const value = this.getNestedValue(data, condition.trim())\n        // Handle boolean values properly - @first/@last are explicitly boolean\n        const isTruthy = value === true || (value && value !== 0 && value !== '' && value !== null && value !== undefined)\n        return isTruthy ? this.renderTemplate(content, data) : ''\n      })\n      if (previousRendered === rendered) break\n      ifCount++\n    }\n\n    // Third pass: Handle triple braces for raw HTML {{{variable}}}\n    rendered = rendered.replace(/\\{\\{\\{([^}]+)\\}\\}\\}/g, (_match, variable) => {\n      const value = this.getNestedValue(data, variable.trim())\n      return value !== undefined && value !== null ? String(value) : ''\n    })\n\n    // Fourth pass: Handle helper functions like {{titleCase field}}\n    rendered = rendered.replace(/\\{\\{([^}#\\/]+)\\s+([^}]+)\\}\\}/g, (match, helper, variable) => {\n      const helperName = helper.trim()\n      const varName = variable.trim()\n      \n      if (helperName === 'titleCase') {\n        const value = this.getNestedValue(data, varName)\n        if (value !== undefined && value !== null) {\n          return this.titleCase(String(value))\n        }\n      }\n      \n      return match // Return original if helper not found\n    })\n\n    // Final pass: Handle simple variables {{variable}}\n    rendered = rendered.replace(/\\{\\{([^}#\\/]+)\\}\\}/g, (match, variable) => {\n      const trimmed = variable.trim()\n      \n      // Skip if it's a helper function (has spaces)\n      if (trimmed.includes(' ')) {\n        return match\n      }\n      \n      const value = this.getNestedValue(data, trimmed)\n      if (value === null) return ''\n      if (value === undefined) return ''\n      return String(value)\n    })\n\n    return rendered\n  }\n\n  /**\n   * Get nested value from object using dot notation\n   */\n  private getNestedValue(obj: any, path: string): any {\n    if (!obj || path === '') return undefined\n    \n    return path.split('.').reduce((current, key) => {\n      if (current === null || current === undefined) return undefined\n      return current[key]\n    }, obj)\n  }\n\n  /**\n   * Title case helper function\n   */\n  private titleCase(str: string): string {\n    return str\n      .replace(/_/g, ' ')\n      .replace(/\\b\\w/g, l => l.toUpperCase())\n  }\n\n  /**\n   * Render a template string with data\n   */\n  render(template: string, data: TemplateData = {}): string {\n    return this.renderTemplate(template, data)\n  }\n\n  /**\n   * Clear template cache (useful for development)\n   */\n  clearCache(): void {\n    this.templateCache.clear()\n  }\n}\n\n// Export singleton instance\nexport const templateRenderer = new TemplateRenderer()\n\n// Utility function to render template strings directly\nexport function renderTemplate(template: string, data: TemplateData = {}): string {\n  return templateRenderer.render(template, data)\n}","/**\n * Query Filter Builder for SonicJS AI\n * Supports comprehensive filtering with AND/OR logic\n * Compatible with D1 Database (SQLite)\n */\n\nexport type FilterOperator =\n  | 'equals'\n  | 'not_equals'\n  | 'greater_than'\n  | 'greater_than_equal'\n  | 'less_than'\n  | 'less_than_equal'\n  | 'like'\n  | 'contains'\n  | 'starts_with'\n  | 'ends_with'\n  | 'in'\n  | 'not_in'\n  | 'all'\n  | 'exists'\n  | 'near'\n  | 'within'\n  | 'intersects'\n\nconst VALID_FILTER_OPERATORS: ReadonlySet<FilterOperator> = new Set<FilterOperator>([\n  'equals',\n  'not_equals',\n  'greater_than',\n  'greater_than_equal',\n  'less_than',\n  'less_than_equal',\n  'like',\n  'contains',\n  'starts_with',\n  'ends_with',\n  'in',\n  'not_in',\n  'all',\n  'exists',\n  'near',\n  'within',\n  'intersects'\n])\n\nexport interface FilterCondition {\n  field: string\n  operator: FilterOperator\n  value: any\n}\n\nexport interface FilterGroup {\n  and?: FilterCondition[]\n  or?: FilterCondition[]\n}\n\nexport interface QueryFilter {\n  where?: FilterGroup\n  limit?: number\n  offset?: number\n  sort?: {\n    field: string\n    order: 'asc' | 'desc'\n  }[]\n}\n\nexport interface QueryResult {\n  sql: string\n  params: any[]\n  errors: string[]\n}\n\n/**\n * Validate sort order value - only 'asc' or 'desc' are allowed.\n * Returns the validated lowercase value, defaulting to 'asc' for invalid input.\n */\nexport function validateSortOrder(order: any): 'asc' | 'desc' {\n  if (typeof order === 'string') {\n    const normalized = order.toLowerCase().trim()\n    if (normalized === 'asc' || normalized === 'desc') {\n      return normalized\n    }\n  }\n  return 'asc'\n}\n\n/**\n * Query Filter Builder\n * Converts filter objects into SQL WHERE clauses with parameterized queries\n */\nexport class QueryFilterBuilder {\n  private params: any[] = []\n  private errors: string[] = []\n\n  /**\n   * Build a complete SQL query from filter object\n   */\n  build(baseTable: string, filter: QueryFilter): QueryResult {\n    this.params = []\n    this.errors = []\n\n    let sql = `SELECT * FROM ${baseTable}`\n\n    // Build WHERE clause\n    if (filter.where) {\n      const whereClause = this.buildWhereClause(filter.where)\n      if (whereClause) {\n        sql += ` WHERE ${whereClause}`\n      }\n    }\n\n    // Build ORDER BY clause\n    if (filter.sort && filter.sort.length > 0) {\n      const orderClauses = filter.sort\n        .map(s => `${this.sanitizeFieldName(s.field)} ${this.sanitizeSortOrder(s.order)}`)\n        .join(', ')\n      sql += ` ORDER BY ${orderClauses}`\n    }\n\n    // Build LIMIT clause\n    if (filter.limit) {\n      sql += ` LIMIT ?`\n      this.params.push(filter.limit)\n    }\n\n    // Build OFFSET clause\n    if (filter.offset) {\n      sql += ` OFFSET ?`\n      this.params.push(filter.offset)\n    }\n\n    return {\n      sql,\n      params: this.params,\n      errors: this.errors\n    }\n  }\n\n  /**\n   * Build WHERE clause from filter group\n   */\n  private buildWhereClause(group: FilterGroup): string {\n    const clauses: string[] = []\n\n    // Handle AND conditions\n    if (group.and && group.and.length > 0) {\n      const andClauses = group.and\n        .map(condition => this.buildCondition(condition))\n        .filter(clause => clause !== null)\n\n      if (andClauses.length > 0) {\n        clauses.push(`(${andClauses.join(' AND ')})`)\n      }\n    }\n\n    // Handle OR conditions\n    if (group.or && group.or.length > 0) {\n      const orClauses = group.or\n        .map(condition => this.buildCondition(condition))\n        .filter(clause => clause !== null)\n\n      if (orClauses.length > 0) {\n        clauses.push(`(${orClauses.join(' OR ')})`)\n      }\n    }\n\n    return clauses.join(' AND ')\n  }\n\n  /**\n   * Build a single condition\n   */\n  private buildCondition(condition: FilterCondition): string | null {\n    const field = this.sanitizeFieldName(condition.field)\n\n    switch (condition.operator) {\n      case 'equals':\n        return this.buildEquals(field, condition.value)\n\n      case 'not_equals':\n        return this.buildNotEquals(field, condition.value)\n\n      case 'greater_than':\n        return this.buildComparison(field, '>', condition.value)\n\n      case 'greater_than_equal':\n        return this.buildComparison(field, '>=', condition.value)\n\n      case 'less_than':\n        return this.buildComparison(field, '<', condition.value)\n\n      case 'less_than_equal':\n        return this.buildComparison(field, '<=', condition.value)\n\n      case 'like':\n        return this.buildLike(field, condition.value)\n\n      case 'contains':\n        return this.buildContains(field, condition.value)\n\n      case 'starts_with':\n        return this.buildStartsWith(field, condition.value)\n\n      case 'ends_with':\n        return this.buildEndsWith(field, condition.value)\n\n      case 'in':\n        return this.buildIn(field, condition.value)\n\n      case 'not_in':\n        return this.buildNotIn(field, condition.value)\n\n      case 'all':\n        return this.buildAll(field, condition.value)\n\n      case 'exists':\n        return this.buildExists(field, condition.value)\n\n      case 'near':\n        this.errors.push(`'near' operator not supported in SQLite. Use spatial extension or application-level filtering.`)\n        return null\n\n      case 'within':\n        this.errors.push(`'within' operator not supported in SQLite. Use spatial extension or application-level filtering.`)\n        return null\n\n      case 'intersects':\n        this.errors.push(`'intersects' operator not supported in SQLite. Use spatial extension or application-level filtering.`)\n        return null\n\n      default:\n        this.errors.push(`Unknown operator: ${condition.operator}`)\n        return null\n    }\n  }\n\n  /**\n   * Build equals condition\n   */\n  private buildEquals(field: string, value: any): string {\n    if (value === null) {\n      return `${field} IS NULL`\n    }\n    this.params.push(value)\n    return `${field} = ?`\n  }\n\n  /**\n   * Build not equals condition\n   */\n  private buildNotEquals(field: string, value: any): string {\n    if (value === null) {\n      return `${field} IS NOT NULL`\n    }\n    this.params.push(value)\n    return `${field} != ?`\n  }\n\n  /**\n   * Build comparison condition (>, >=, <, <=)\n   */\n  private buildComparison(field: string, operator: string, value: any): string {\n    this.params.push(value)\n    return `${field} ${operator} ?`\n  }\n\n  /**\n   * Build LIKE condition (case-insensitive, all words must be present)\n   */\n  private buildLike(field: string, value: string): string {\n    const words = value.split(/\\s+/).filter(w => w.length > 0)\n\n    if (words.length === 0) {\n      return `1=1` // No-op condition\n    }\n\n    const conditions = words.map(word => {\n      this.params.push(`%${word}%`)\n      return `${field} LIKE ?`\n    })\n\n    return `(${conditions.join(' AND ')})`\n  }\n\n  /**\n   * Build CONTAINS condition (case-insensitive substring)\n   */\n  private buildContains(field: string, value: string): string {\n    this.params.push(`%${value}%`)\n    return `${field} LIKE ?`\n  }\n\n  /**\n   * Build STARTS_WITH condition (case-insensitive prefix match)\n   */\n  private buildStartsWith(field: string, value: string): string {\n    this.params.push(`${value}%`)\n    return `${field} LIKE ?`\n  }\n\n  /**\n   * Build ENDS_WITH condition (case-insensitive suffix match)\n   */\n  private buildEndsWith(field: string, value: string): string {\n    this.params.push(`%${value}`)\n    return `${field} LIKE ?`\n  }\n\n  /**\n   * Build IN condition\n   */\n  private buildIn(field: string, value: any): string {\n    let values: any[]\n\n    if (typeof value === 'string') {\n      // Parse comma-delimited string\n      values = value.split(',').map(v => v.trim()).filter(v => v.length > 0)\n    } else if (Array.isArray(value)) {\n      values = value\n    } else {\n      values = [value]\n    }\n\n    if (values.length === 0) {\n      return `1=0` // No values means no matches\n    }\n\n    const placeholders = values.map(v => {\n      this.params.push(v)\n      return '?'\n    }).join(', ')\n\n    return `${field} IN (${placeholders})`\n  }\n\n  /**\n   * Build NOT IN condition\n   */\n  private buildNotIn(field: string, value: any): string {\n    let values: any[]\n\n    if (typeof value === 'string') {\n      // Parse comma-delimited string\n      values = value.split(',').map(v => v.trim()).filter(v => v.length > 0)\n    } else if (Array.isArray(value)) {\n      values = value\n    } else {\n      values = [value]\n    }\n\n    if (values.length === 0) {\n      return `1=1` // No values means all match\n    }\n\n    const placeholders = values.map(v => {\n      this.params.push(v)\n      return '?'\n    }).join(', ')\n\n    return `${field} NOT IN (${placeholders})`\n  }\n\n  /**\n   * Build ALL condition (value must contain all items in list)\n   * For SQLite, we'll check if a JSON array contains all values\n   */\n  private buildAll(field: string, value: any): string {\n    let values: any[]\n\n    if (typeof value === 'string') {\n      values = value.split(',').map(v => v.trim()).filter(v => v.length > 0)\n    } else if (Array.isArray(value)) {\n      values = value\n    } else {\n      values = [value]\n    }\n\n    if (values.length === 0) {\n      return `1=1`\n    }\n\n    // For SQLite, check if field contains all values using JSON functions\n    // This assumes the field is a JSON array or comma-separated string\n    const conditions = values.map(val => {\n      this.params.push(`%${val}%`)\n      return `${field} LIKE ?`\n    })\n\n    return `(${conditions.join(' AND ')})`\n  }\n\n  /**\n   * Build EXISTS condition\n   */\n  private buildExists(field: string, value: boolean): string {\n    if (value) {\n      return `${field} IS NOT NULL AND ${field} != ''`\n    } else {\n      return `(${field} IS NULL OR ${field} = '')`\n    }\n  }\n\n  /**\n   * Sanitize field names to prevent SQL injection\n   */\n  private sanitizeFieldName(field: string): string {\n    // Allow alphanumeric, underscores, dots (for JSON fields)\n    const sanitized = field.replace(/[^a-zA-Z0-9_$.]/g, '')\n\n    // Handle JSON field access (e.g., data.title -> json_extract(data, '$.title'))\n    if (sanitized.includes('.')) {\n      const [table, ...path] = sanitized.split('.')\n      return `json_extract(${table}, '$.${path.join('.')}')`\n    }\n\n    return sanitized\n  }\n\n  /**\n   * Sanitize sort order to prevent SQL injection\n   * Only allows 'ASC' or 'DESC', defaults to 'ASC' for any other value\n   */\n  private sanitizeSortOrder(order: string): string {\n    const normalized = String(order).toUpperCase().trim()\n    if (normalized === 'ASC' || normalized === 'DESC') {\n      return normalized\n    }\n    return 'ASC'\n  }\n\n  /**\n   * Parse filter from query string\n   */\n  static parseFromQuery(query: Record<string, any>): QueryFilter {\n    const filter: QueryFilter = {}\n\n    // Parse where clause from 'where' parameter (JSON string)\n    if (query.where) {\n      try {\n        filter.where = typeof query.where === 'string'\n          ? JSON.parse(query.where)\n          : query.where\n      } catch (e) {\n        console.error('Failed to parse where clause:', e)\n      }\n    }\n\n    // Initialize where clause if not present\n    if (!filter.where) {\n      filter.where = { and: [] }\n    }\n    if (!filter.where.and) {\n      filter.where.and = []\n    }\n\n    // Parse simple field filters (status, collection_id, etc.)\n    // These are convenience parameters that get converted to WHERE conditions\n    const simpleFieldMappings: Record<string, string> = {\n      'status': 'status',\n      'collection_id': 'collection_id'\n    }\n\n    for (const [queryParam, dbField] of Object.entries(simpleFieldMappings)) {\n      if (query[queryParam]) {\n        filter.where.and.push({\n          field: dbField,\n          operator: 'equals',\n          value: query[queryParam]\n        })\n      }\n    }\n\n    // Parse bracket-syntax filters: filter[field][operator]=value or filter[field]=value\n    const bracketFilterRegex = /^filter\\[([^\\]]+)\\](?:\\[([^\\]]+)\\])?$/\n    for (const [key, rawValue] of Object.entries(query)) {\n      const match = key.match(bracketFilterRegex)\n      if (!match) continue\n\n      const field = match[1]\n      const operator = (match[2] || 'equals') as FilterOperator\n\n      if (!field || !VALID_FILTER_OPERATORS.has(operator)) continue\n      if (rawValue === undefined || rawValue === null) continue\n\n      let value: any = rawValue\n      if (operator === 'exists') {\n        value = value === 'true' || value === true || value === '1' || value === 1\n      }\n\n      filter.where.and.push({ field, operator, value })\n    }\n\n    // Parse limit\n    if (query.limit) {\n      filter.limit = Math.min(parseInt(query.limit), 1000) // Max 1000\n    }\n\n    // Parse offset\n    if (query.offset) {\n      filter.offset = parseInt(query.offset)\n    }\n\n    // Parse sort\n    if (query.sort) {\n      try {\n        const parsed = typeof query.sort === 'string'\n          ? JSON.parse(query.sort)\n          : query.sort\n        // Validate and sanitize sort entries\n        if (Array.isArray(parsed)) {\n          filter.sort = parsed\n            .filter((s: any) => s && typeof s.field === 'string')\n            .map((s: any) => ({\n              field: s.field,\n              order: validateSortOrder(s.order)\n            }))\n        }\n      } catch (e) {\n        console.error('Failed to parse sort clause:', e)\n      }\n    }\n\n    return filter\n  }\n}\n\n/**\n * Helper function to build query from filter\n */\nexport function buildQuery(table: string, filter: QueryFilter): QueryResult {\n  const builder = new QueryFilterBuilder()\n  return builder.build(table, filter)\n}\n","import type { BlockDefinitions } from '../types/collection-config'\n\nexport type BlocksFieldConfig = {\n  blocks: BlockDefinitions\n  discriminator: string\n}\n\nexport function getBlocksFieldConfig(fieldOptions: any): BlocksFieldConfig | null {\n  if (!fieldOptions || typeof fieldOptions !== 'object') return null\n\n  const itemsConfig = fieldOptions.items && typeof fieldOptions.items === 'object'\n    ? fieldOptions.items\n    : null\n\n  if (!itemsConfig || !itemsConfig.blocks || typeof itemsConfig.blocks !== 'object') {\n    return null\n  }\n\n  const discriminator = typeof itemsConfig.discriminator === 'string' && itemsConfig.discriminator\n    ? itemsConfig.discriminator\n    : 'blockType'\n\n  return {\n    blocks: itemsConfig.blocks as BlockDefinitions,\n    discriminator\n  }\n}\n\nexport function parseBlocksValue(value: unknown, config: BlocksFieldConfig) {\n  const errors: string[] = []\n  let rawValue = value\n\n  if (rawValue === null || rawValue === undefined || rawValue === '') {\n    return { value: [] as any[], errors }\n  }\n\n  if (typeof rawValue === 'string') {\n    try {\n      rawValue = JSON.parse(rawValue)\n    } catch {\n      return { value: [] as any[], errors: ['Blocks value must be valid JSON'] }\n    }\n  }\n\n  if (!Array.isArray(rawValue)) {\n    return { value: [] as any[], errors: ['Blocks value must be an array'] }\n  }\n\n  const normalized = rawValue.map((item, index) => {\n    if (!item || typeof item !== 'object') {\n      errors.push(`Block #${index + 1} must be an object`)\n      return null\n    }\n\n    if ((item as any).blockType && (item as any).data && typeof (item as any).data === 'object') {\n      return { [config.discriminator]: (item as any).blockType, ...(item as any).data }\n    }\n\n    if (!(config.discriminator in (item as any))) {\n      errors.push(`Block #${index + 1} is missing \"${config.discriminator}\"`)\n    }\n\n    return item as any\n  }).filter((item) => item !== null)\n\n  return { value: normalized, errors }\n}\n"]}

package/dist/chunk-J6JTWD2A.cjs

@@ -0,0 +1,100 @@
+'use strict';
+
+// src/plugins/hooks/catalog.ts
+var HOOK_EVENT_NAMES = [
+  "content:read",
+  "content:before:create",
+  "content:before:update",
+  "content:before:delete",
+  "content:after:create",
+  "content:after:update",
+  "content:after:delete",
+  "content:after:publish",
+  "auth:registration:completed",
+  "auth:password-reset:requested",
+  "auth:password-reset:completed",
+  "auth:magic-link:consumed",
+  "auth:otp:verified"
+];
+function isKnownHookEvent(name) {
+  return HOOK_EVENT_NAMES.includes(name);
+}
+var LEGACY_EVENT_ALIASES = {
+  "content:create": "content:after:create",
+  "content:update": "content:after:update",
+  "content:delete": "content:after:delete",
+  "content:publish": "content:after:publish",
+  "content:save": "content:after:update"
+};
+function isLegacyHookEvent(name) {
+  return Object.prototype.hasOwnProperty.call(LEGACY_EVENT_ALIASES, name);
+}
+function resolveHookEventName(name) {
+  if (isKnownHookEvent(name)) return name;
+  if (isLegacyHookEvent(name)) return LEGACY_EVENT_ALIASES[name];
+  return void 0;
+}
+
+// src/plugins/hooks/typed-hooks.ts
+var warnedLegacyEvents = /* @__PURE__ */ new Set();
+function createTypedHooks(hookSystem) {
+  return {
+    on(event, handler, priority) {
+      const canonical = resolveHookEventName(event) ?? event;
+      if (isLegacyHookEvent(event) && !warnedLegacyEvents.has(event)) {
+        warnedLegacyEvents.add(event);
+        console.warn(
+          `[hooks] event "${event}" is deprecated; subscribe to "${canonical}" instead. The alias will be removed in a future release.`
+        );
+      }
+      hookSystem.register(
+        canonical,
+        async (data, context) => {
+          const result = await handler(data, context ?? {});
+          return result === void 0 ? data : result;
+        },
+        priority
+      );
+    },
+    async dispatch(event, payload, context) {
+      return await hookSystem.execute(event, payload, context);
+    }
+  };
+}
+
+// src/plugins/hooks/hook-system-singleton.ts
+var current;
+function setHookSystem(hookSystem) {
+  current = hookSystem;
+}
+function getHookSystem() {
+  if (!current) {
+    throw new Error(
+      "Hook system has not been initialized. setHookSystem() must be called (the app factory does this at construction) before getHookSystem()."
+    );
+  }
+  return current;
+}
+function hasHookSystem() {
+  return current !== void 0;
+}
+function resetHookSystem() {
+  current = void 0;
+}
+function getTypedHooks() {
+  return createTypedHooks(getHookSystem());
+}
+
+exports.HOOK_EVENT_NAMES = HOOK_EVENT_NAMES;
+exports.LEGACY_EVENT_ALIASES = LEGACY_EVENT_ALIASES;
+exports.createTypedHooks = createTypedHooks;
+exports.getHookSystem = getHookSystem;
+exports.getTypedHooks = getTypedHooks;
+exports.hasHookSystem = hasHookSystem;
+exports.isKnownHookEvent = isKnownHookEvent;
+exports.isLegacyHookEvent = isLegacyHookEvent;
+exports.resetHookSystem = resetHookSystem;
+exports.resolveHookEventName = resolveHookEventName;
+exports.setHookSystem = setHookSystem;
+//# sourceMappingURL=chunk-J6JTWD2A.cjs.map
+//# sourceMappingURL=chunk-J6JTWD2A.cjs.map