npm - @sonicjs-cms/core - Versions diffs - 2.3.13 → 2.3.15 - Mend

@sonicjs-cms/core 2.3.13 → 2.3.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (55) hide show

package/dist/{chunk-RP66TPEJ.js → chunk-4M2UOUXV.js} +415 -320
package/dist/chunk-4M2UOUXV.js.map +1 -0
package/dist/{chunk-ARLXQU2S.cjs → chunk-5OLN5JO3.cjs} +560 -465
package/dist/chunk-5OLN5JO3.cjs.map +1 -0
package/dist/{chunk-W4CE7XME.cjs → chunk-63LV4YVI.cjs} +2 -2
package/dist/{chunk-W4CE7XME.cjs.map → chunk-63LV4YVI.cjs.map} +1 -1
package/dist/{chunk-FHCN7KR2.js → chunk-67SKO5RQ.js} +3 -3
package/dist/{chunk-FHCN7KR2.js.map → chunk-67SKO5RQ.js.map} +1 -1
package/dist/{chunk-VMEBHBYY.js → chunk-72I2MOSH.js} +2 -2
package/dist/{chunk-VMEBHBYY.js.map → chunk-72I2MOSH.js.map} +1 -1
package/dist/{chunk-2NTBZ2Y7.js → chunk-A27RBGBA.js} +3 -3
package/dist/{chunk-2NTBZ2Y7.js.map → chunk-A27RBGBA.js.map} +1 -1
package/dist/{chunk-F56JKQTA.js → chunk-AVPUX57O.js} +3 -3
package/dist/{chunk-F56JKQTA.js.map → chunk-AVPUX57O.js.map} +1 -1
package/dist/{chunk-MF7DWI5P.cjs → chunk-AZLU3ROK.cjs} +4 -2
package/dist/chunk-AZLU3ROK.cjs.map +1 -0
package/dist/{chunk-W2IAEG4W.cjs → chunk-H2X4BFCW.cjs} +3 -3
package/dist/{chunk-W2IAEG4W.cjs.map → chunk-H2X4BFCW.cjs.map} +1 -1
package/dist/{chunk-5NCBFP37.cjs → chunk-QG3YQKL4.cjs} +4 -4
package/dist/{chunk-5NCBFP37.cjs.map → chunk-QG3YQKL4.cjs.map} +1 -1
package/dist/{chunk-DN45O5XV.js → chunk-V5LBQN3I.js} +4 -2
package/dist/chunk-V5LBQN3I.js.map +1 -0
package/dist/{chunk-XR6XACXJ.cjs → chunk-YIXSSJWD.cjs} +5 -5
package/dist/{chunk-XR6XACXJ.cjs.map → chunk-YIXSSJWD.cjs.map} +1 -1
package/dist/index.cjs +1111 -87
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +1 -1
package/dist/index.d.ts +1 -1
package/dist/index.js +1034 -10
package/dist/index.js.map +1 -1
package/dist/middleware.cjs +23 -23
package/dist/middleware.js +2 -2
package/dist/migrations-H3Q5FZGZ.js +4 -0
package/dist/{migrations-43GTELB5.js.map → migrations-H3Q5FZGZ.js.map} +1 -1
package/dist/migrations-VN5VTX3C.cjs +13 -0
package/dist/{migrations-ZAYXZXON.cjs.map → migrations-VN5VTX3C.cjs.map} +1 -1
package/dist/{plugin-manifest-BCMx9CAq.d.cts → plugin-manifest-Dpy8wxIB.d.cts} +2 -2
package/dist/{plugin-manifest-BCMx9CAq.d.ts → plugin-manifest-Dpy8wxIB.d.ts} +2 -2
package/dist/routes.cjs +25 -25
package/dist/routes.js +5 -5
package/dist/services.cjs +2 -2
package/dist/services.js +1 -1
package/dist/templates.cjs +17 -17
package/dist/templates.js +2 -2
package/dist/types.d.cts +1 -1
package/dist/types.d.ts +1 -1
package/dist/utils.cjs +11 -11
package/dist/utils.js +1 -1
package/package.json +1 -1
package/dist/chunk-ARLXQU2S.cjs.map +0 -1
package/dist/chunk-DN45O5XV.js.map +0 -1
package/dist/chunk-MF7DWI5P.cjs.map +0 -1
package/dist/chunk-RP66TPEJ.js.map +0 -1
package/dist/migrations-43GTELB5.js +0 -4
package/dist/migrations-ZAYXZXON.cjs +0 -13

package/dist/index.cjs CHANGED Viewed

@@ -1,20 +1,21 @@
 'use strict';
-var chunkARLXQU2S_cjs = require('./chunk-ARLXQU2S.cjs');
+var chunk5OLN5JO3_cjs = require('./chunk-5OLN5JO3.cjs');
 var chunk7FOAMNTI_cjs = require('./chunk-7FOAMNTI.cjs');
-var chunk5NCBFP37_cjs = require('./chunk-5NCBFP37.cjs');
+var chunkQG3YQKL4_cjs = require('./chunk-QG3YQKL4.cjs');
 var chunkILZ3DP4I_cjs = require('./chunk-ILZ3DP4I.cjs');
-var chunkW4CE7XME_cjs = require('./chunk-W4CE7XME.cjs');
-var chunkXR6XACXJ_cjs = require('./chunk-XR6XACXJ.cjs');
-var chunkMF7DWI5P_cjs = require('./chunk-MF7DWI5P.cjs');
+var chunk63LV4YVI_cjs = require('./chunk-63LV4YVI.cjs');
+var chunkYIXSSJWD_cjs = require('./chunk-YIXSSJWD.cjs');
+var chunkAZLU3ROK_cjs = require('./chunk-AZLU3ROK.cjs');
 var chunkDTLB6UIH_cjs = require('./chunk-DTLB6UIH.cjs');
-var chunkW2IAEG4W_cjs = require('./chunk-W2IAEG4W.cjs');
+var chunkH2X4BFCW_cjs = require('./chunk-H2X4BFCW.cjs');
 require('./chunk-P3XDZL6Q.cjs');
 var chunkRCQ2HIQD_cjs = require('./chunk-RCQ2HIQD.cjs');
 var chunkKYGRJCZM_cjs = require('./chunk-KYGRJCZM.cjs');
 require('./chunk-IGJUBJBW.cjs');
 var hono = require('hono');
 var html = require('hono/html');
+var zod = require('zod');
 var d1 = require('drizzle-orm/d1');
 // src/plugins/core-plugins/database-tools-plugin/services/database-service.ts
@@ -232,7 +233,7 @@ var DatabaseToolsService = class {
 };
 // src/templates/pages/admin-database-table.template.ts
-chunkMF7DWI5P_cjs.init_admin_layout_catalyst_template();
+chunkAZLU3ROK_cjs.init_admin_layout_catalyst_template();
 function renderDatabaseTablePage(data) {
   const totalPages = Math.ceil(data.totalRows / data.pageSize);
   const startRow = (data.currentPage - 1) * data.pageSize + 1;
@@ -481,7 +482,7 @@ function renderDatabaseTablePage(data) {
     user: data.user,
     content: pageContent
   };
-  return chunkMF7DWI5P_cjs.renderAdminLayoutCatalyst(layoutData);
+  return chunkAZLU3ROK_cjs.renderAdminLayoutCatalyst(layoutData);
 }
 function generatePageNumbers(currentPage, totalPages) {
   const pages = [];
@@ -556,7 +557,7 @@ function formatCellValue(value) {
 // src/plugins/core-plugins/database-tools-plugin/admin-routes.ts
 function createDatabaseToolsAdminRoutes() {
   const router2 = new hono.Hono();
-  router2.use("*", chunk5NCBFP37_cjs.requireAuth());
+  router2.use("*", chunkQG3YQKL4_cjs.requireAuth());
   router2.get("/api/stats", async (c) => {
     try {
       const user = c.get("user");
@@ -737,7 +738,7 @@ function createDatabaseToolsAdminRoutes() {
   return router2;
 }
 function createEmailPlugin() {
-  const builder = chunkARLXQU2S_cjs.PluginBuilder.create({
+  const builder = chunk5OLN5JO3_cjs.PluginBuilder.create({
     name: "email",
     version: "1.0.0-beta.1",
     description: "Send transactional emails using Resend"
@@ -990,7 +991,7 @@ function createEmailPlugin() {
       role: user.role ?? "admin"
     } : void 0;
     return c.html(
-      chunkMF7DWI5P_cjs.renderAdminLayout({
+      chunkAZLU3ROK_cjs.renderAdminLayout({
         title: "Email Settings",
         content: contentHTML,
         user: templateUser,
@@ -1110,17 +1111,1029 @@ function createEmailPlugin() {
 }
 var emailPlugin = createEmailPlugin();
+// src/plugins/core-plugins/otp-login-plugin/otp-service.ts
+var OTPService = class {
+  constructor(db) {
+    this.db = db;
+  }
+  /**
+   * Generate a secure random OTP code
+   */
+  generateCode(length = 6) {
+    const digits = "0123456789";
+    let code = "";
+    for (let i = 0; i < length; i++) {
+      const randomValues = new Uint8Array(1);
+      crypto.getRandomValues(randomValues);
+      const randomValue = randomValues[0] ?? 0;
+      code += digits[randomValue % digits.length];
+    }
+    return code;
+  }
+  /**
+   * Create and store a new OTP code
+   */
+  async createOTPCode(email, settings, ipAddress, userAgent) {
+    const code = this.generateCode(settings.codeLength);
+    const id = crypto.randomUUID();
+    const now = Date.now();
+    const expiresAt = now + settings.codeExpiryMinutes * 60 * 1e3;
+    const otpCode = {
+      id,
+      user_email: email.toLowerCase(),
+      code,
+      expires_at: expiresAt,
+      used: 0,
+      used_at: null,
+      ip_address: ipAddress || null,
+      user_agent: userAgent || null,
+      attempts: 0,
+      created_at: now
+    };
+    await this.db.prepare(`
+      INSERT INTO otp_codes (
+        id, user_email, code, expires_at, used, used_at,
+        ip_address, user_agent, attempts, created_at
+      ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+    `).bind(
+      otpCode.id,
+      otpCode.user_email,
+      otpCode.code,
+      otpCode.expires_at,
+      otpCode.used,
+      otpCode.used_at,
+      otpCode.ip_address,
+      otpCode.user_agent,
+      otpCode.attempts,
+      otpCode.created_at
+    ).run();
+    return otpCode;
+  }
+  /**
+   * Verify an OTP code
+   */
+  async verifyCode(email, code, settings) {
+    const normalizedEmail = email.toLowerCase();
+    const now = Date.now();
+    const otpCode = await this.db.prepare(`
+      SELECT * FROM otp_codes
+      WHERE user_email = ? AND code = ? AND used = 0
+      ORDER BY created_at DESC
+      LIMIT 1
+    `).bind(normalizedEmail, code).first();
+    if (!otpCode) {
+      return { valid: false, error: "Invalid or expired code" };
+    }
+    if (now > otpCode.expires_at) {
+      return { valid: false, error: "Code has expired" };
+    }
+    if (otpCode.attempts >= settings.maxAttempts) {
+      return { valid: false, error: "Maximum attempts exceeded" };
+    }
+    await this.db.prepare(`
+      UPDATE otp_codes
+      SET used = 1, used_at = ?, attempts = attempts + 1
+      WHERE id = ?
+    `).bind(now, otpCode.id).run();
+    return { valid: true };
+  }
+  /**
+   * Increment failed attempt count
+   */
+  async incrementAttempts(email, code) {
+    const normalizedEmail = email.toLowerCase();
+    const result = await this.db.prepare(`
+      UPDATE otp_codes
+      SET attempts = attempts + 1
+      WHERE user_email = ? AND code = ? AND used = 0
+      RETURNING attempts
+    `).bind(normalizedEmail, code).first();
+    return result?.attempts || 0;
+  }
+  /**
+   * Check rate limiting
+   */
+  async checkRateLimit(email, settings) {
+    const normalizedEmail = email.toLowerCase();
+    const oneHourAgo = Date.now() - 60 * 60 * 1e3;
+    const result = await this.db.prepare(`
+      SELECT COUNT(*) as count
+      FROM otp_codes
+      WHERE user_email = ? AND created_at > ?
+    `).bind(normalizedEmail, oneHourAgo).first();
+    const count = result?.count || 0;
+    return count < settings.rateLimitPerHour;
+  }
+  /**
+   * Get recent OTP requests for activity log
+   */
+  async getRecentRequests(limit = 50) {
+    const result = await this.db.prepare(`
+      SELECT * FROM otp_codes
+      ORDER BY created_at DESC
+      LIMIT ?
+    `).bind(limit).all();
+    const rows = result.results || [];
+    return rows.map((row) => this.mapRowToOTP(row));
+  }
+  /**
+   * Clean up expired codes (for maintenance)
+   */
+  async cleanupExpiredCodes() {
+    const now = Date.now();
+    const result = await this.db.prepare(`
+      DELETE FROM otp_codes
+      WHERE expires_at < ? OR (used = 1 AND used_at < ?)
+    `).bind(now, now - 30 * 24 * 60 * 60 * 1e3).run();
+    return result.meta.changes || 0;
+  }
+  mapRowToOTP(row) {
+    return {
+      id: String(row.id),
+      user_email: String(row.user_email),
+      code: String(row.code),
+      expires_at: Number(row.expires_at ?? Date.now()),
+      used: Number(row.used ?? 0),
+      used_at: row.used_at === null || row.used_at === void 0 ? null : Number(row.used_at),
+      ip_address: typeof row.ip_address === "string" ? row.ip_address : null,
+      user_agent: typeof row.user_agent === "string" ? row.user_agent : null,
+      attempts: Number(row.attempts ?? 0),
+      created_at: Number(row.created_at ?? Date.now())
+    };
+  }
+  /**
+   * Get OTP statistics
+   */
+  async getStats(days = 7) {
+    const since = Date.now() - days * 24 * 60 * 60 * 1e3;
+    const stats = await this.db.prepare(`
+      SELECT
+        COUNT(*) as total,
+        SUM(CASE WHEN used = 1 THEN 1 ELSE 0 END) as successful,
+        SUM(CASE WHEN attempts >= 3 AND used = 0 THEN 1 ELSE 0 END) as failed,
+        SUM(CASE WHEN expires_at < ? AND used = 0 THEN 1 ELSE 0 END) as expired
+      FROM otp_codes
+      WHERE created_at > ?
+    `).bind(Date.now(), since).first();
+    return {
+      total: stats?.total || 0,
+      successful: stats?.successful || 0,
+      failed: stats?.failed || 0,
+      expired: stats?.expired || 0
+    };
+  }
+};
+// src/plugins/core-plugins/otp-login-plugin/email-templates.ts
+function renderOTPEmailHTML(data) {
+  return `<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Your Login Code</title>
+</head>
+<body style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; line-height: 1.6; color: #333; max-width: 600px; margin: 0 auto; padding: 20px; background-color: #f5f5f5;">
+  <div style="background: white; border-radius: 12px; overflow: hidden; box-shadow: 0 2px 8px rgba(0,0,0,0.1);">
+    ${data.logoUrl ? `
+    <div style="text-align: center; padding: 30px 20px 20px;">
+      <img src="${data.logoUrl}" alt="Logo" style="max-width: 150px; height: auto;">
+    </div>
+    ` : ""}
+    <div style="background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); color: white; padding: 40px 30px; text-align: center;">
+      <h1 style="margin: 0 0 10px 0; font-size: 32px; font-weight: 600;">Your Login Code</h1>
+      <p style="margin: 0; opacity: 0.95; font-size: 16px;">Enter this code to sign in to ${data.appName}</p>
+    </div>
+    <div style="padding: 40px 30px;">
+      <div style="background: #f8f9fa; border: 2px dashed #667eea; border-radius: 12px; padding: 30px; text-align: center; margin: 0 0 30px 0;">
+        <div style="font-size: 56px; font-weight: bold; letter-spacing: 12px; color: #667eea; font-family: 'Courier New', Courier, monospace; line-height: 1;">
+          ${data.code}
+        </div>
+      </div>
+      <div style="background: #fff3cd; border-left: 4px solid #ffc107; padding: 16px 20px; margin: 0 0 30px 0; border-radius: 6px;">
+        <p style="margin: 0; font-size: 14px; color: #856404;">
+          <strong>\u26A0\uFE0F This code expires in ${data.expiryMinutes} minutes</strong>
+        </p>
+      </div>
+      <div style="margin: 0 0 30px 0;">
+        <h3 style="color: #333; margin: 0 0 15px 0; font-size: 18px;">Quick Tips:</h3>
+        <ul style="color: #666; font-size: 14px; line-height: 1.8; margin: 0; padding-left: 20px;">
+          <li>Enter the code exactly as shown (${data.codeLength} digits)</li>
+          <li>The code can only be used once</li>
+          <li>You have ${data.maxAttempts} attempts to enter the correct code</li>
+          <li>Request a new code if this one expires</li>
+        </ul>
+      </div>
+      <div style="background: #e8f4ff; border-radius: 8px; padding: 20px; margin: 0 0 30px 0;">
+        <p style="margin: 0 0 10px 0; font-size: 14px; color: #0066cc; font-weight: 600;">
+          \u{1F512} Security Notice
+        </p>
+        <p style="margin: 0; font-size: 13px; color: #004080; line-height: 1.6;">
+          Never share this code with anyone. ${data.appName} will never ask you for this code via phone, email, or social media.
+        </p>
+      </div>
+    </div>
+    <div style="border-top: 1px solid #eee; padding: 30px; background: #f8f9fa;">
+      <p style="margin: 0 0 15px 0; font-size: 14px; color: #666; text-align: center;">
+        <strong>Didn't request this code?</strong><br>
+        Someone may have entered your email by mistake. You can safely ignore this email.
+      </p>
+      <div style="text-align: center; color: #999; font-size: 12px; line-height: 1.6;">
+        <p style="margin: 5px 0;">This email was sent to ${data.email}</p>
+        ${data.ipAddress ? `<p style="margin: 5px 0;">IP Address: ${data.ipAddress}</p>` : ""}
+        <p style="margin: 5px 0;">Time: ${data.timestamp}</p>
+      </div>
+    </div>
+  </div>
+  <div style="text-align: center; padding: 20px; color: #999; font-size: 12px;">
+    <p style="margin: 0;">&copy; ${(/* @__PURE__ */ new Date()).getFullYear()} ${data.appName}. All rights reserved.</p>
+  </div>
+</body>
+</html>`;
+}
+function renderOTPEmailText(data) {
+  return `Your Login Code for ${data.appName}
+Your one-time verification code is:
+${data.code}
+This code expires in ${data.expiryMinutes} minutes.
+Quick Tips:
+\u2022 Enter the code exactly as shown (${data.codeLength} digits)
+\u2022 The code can only be used once
+\u2022 You have ${data.maxAttempts} attempts to enter the correct code
+\u2022 Request a new code if this one expires
+Security Notice:
+Never share this code with anyone. ${data.appName} will never ask you for this code via phone, email, or social media.
+Didn't request this code?
+Someone may have entered your email by mistake. You can safely ignore this email.
+---
+This email was sent to ${data.email}
+${data.ipAddress ? `IP Address: ${data.ipAddress}` : ""}
+Time: ${data.timestamp}
+\xA9 ${(/* @__PURE__ */ new Date()).getFullYear()} ${data.appName}. All rights reserved.`;
+}
+function renderOTPEmail(data) {
+  return {
+    html: renderOTPEmailHTML(data),
+    text: renderOTPEmailText(data)
+  };
+}
+// src/plugins/core-plugins/otp-login-plugin/index.ts
+var otpRequestSchema = zod.z.object({
+  email: zod.z.string().email("Valid email is required")
+});
+var otpVerifySchema = zod.z.object({
+  email: zod.z.string().email("Valid email is required"),
+  code: zod.z.string().min(4).max(8)
+});
+var DEFAULT_SETTINGS = {
+  codeLength: 6,
+  codeExpiryMinutes: 10,
+  maxAttempts: 3,
+  rateLimitPerHour: 5,
+  allowNewUserRegistration: false,
+  appName: "SonicJS"
+};
+function createOTPLoginPlugin() {
+  const builder = chunk5OLN5JO3_cjs.PluginBuilder.create({
+    name: "otp-login",
+    version: "1.0.0-beta.1",
+    description: "Passwordless authentication via email one-time codes"
+  });
+  builder.metadata({
+    author: {
+      name: "SonicJS Team",
+      email: "team@sonicjs.com"
+    },
+    license: "MIT",
+    compatibility: "^2.0.0"
+  });
+  const otpAPI = new hono.Hono();
+  otpAPI.post("/request", async (c) => {
+    try {
+      const body = await c.req.json();
+      const validation = otpRequestSchema.safeParse(body);
+      if (!validation.success) {
+        return c.json({
+          error: "Validation failed",
+          details: validation.error.issues
+        }, 400);
+      }
+      const { email } = validation.data;
+      const normalizedEmail = email.toLowerCase();
+      const db = c.env.DB;
+      const otpService = new OTPService(db);
+      const settings = { ...DEFAULT_SETTINGS };
+      const canRequest = await otpService.checkRateLimit(normalizedEmail, settings);
+      if (!canRequest) {
+        return c.json({
+          error: "Too many requests. Please try again in an hour."
+        }, 429);
+      }
+      const user = await db.prepare(`
+        SELECT id, email, role, is_active
+        FROM users
+        WHERE email = ?
+      `).bind(normalizedEmail).first();
+      if (!user && !settings.allowNewUserRegistration) {
+        return c.json({
+          message: "If an account exists for this email, you will receive a verification code shortly.",
+          expiresIn: settings.codeExpiryMinutes * 60
+        });
+      }
+      if (user && !user.is_active) {
+        return c.json({
+          error: "This account has been deactivated."
+        }, 403);
+      }
+      const ipAddress = c.req.header("cf-connecting-ip") || c.req.header("x-forwarded-for") || "unknown";
+      const userAgent = c.req.header("user-agent") || "unknown";
+      const otpCode = await otpService.createOTPCode(
+        normalizedEmail,
+        settings,
+        ipAddress,
+        userAgent
+      );
+      try {
+        const isDevMode = c.env.ENVIRONMENT === "development";
+        if (isDevMode) {
+          console.log(`[DEV] OTP Code for ${normalizedEmail}: ${otpCode.code}`);
+        }
+        const emailContent = renderOTPEmail({
+          code: otpCode.code,
+          expiryMinutes: settings.codeExpiryMinutes,
+          codeLength: settings.codeLength,
+          maxAttempts: settings.maxAttempts,
+          email: normalizedEmail,
+          ipAddress,
+          timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+          appName: settings.appName
+        });
+        const emailPlugin2 = await db.prepare(`
+          SELECT settings FROM plugins WHERE id = 'email' AND status = 'active'
+        `).first();
+        if (emailPlugin2?.settings) {
+          const emailSettings = JSON.parse(emailPlugin2.settings);
+          if (emailSettings.apiKey && emailSettings.fromEmail && emailSettings.fromName) {
+            const emailResponse = await fetch("https://api.resend.com/emails", {
+              method: "POST",
+              headers: {
+                "Authorization": `Bearer ${emailSettings.apiKey}`,
+                "Content-Type": "application/json"
+              },
+              body: JSON.stringify({
+                from: `${emailSettings.fromName} <${emailSettings.fromEmail}>`,
+                to: [normalizedEmail],
+                subject: `Your login code for ${settings.appName}`,
+                html: emailContent.html,
+                text: emailContent.text,
+                reply_to: emailSettings.replyTo || emailSettings.fromEmail
+              })
+            });
+            if (!emailResponse.ok) {
+              const errorData = await emailResponse.json();
+              console.error("Failed to send OTP email via Resend:", errorData);
+            }
+          } else {
+            console.warn("Email plugin is not fully configured (missing apiKey, fromEmail, or fromName)");
+          }
+        } else {
+          console.warn("Email plugin is not active or has no settings configured");
+        }
+        const response = {
+          message: "If an account exists for this email, you will receive a verification code shortly.",
+          expiresIn: settings.codeExpiryMinutes * 60
+        };
+        if (isDevMode) {
+          response.dev_code = otpCode.code;
+        }
+        return c.json(response);
+      } catch (emailError) {
+        console.error("Error sending OTP email:", emailError);
+        return c.json({
+          error: "Failed to send verification code. Please try again."
+        }, 500);
+      }
+    } catch (error) {
+      console.error("OTP request error:", error);
+      return c.json({
+        error: "An error occurred. Please try again."
+      }, 500);
+    }
+  });
+  otpAPI.post("/verify", async (c) => {
+    try {
+      const body = await c.req.json();
+      const validation = otpVerifySchema.safeParse(body);
+      if (!validation.success) {
+        return c.json({
+          error: "Validation failed",
+          details: validation.error.issues
+        }, 400);
+      }
+      const { email, code } = validation.data;
+      const normalizedEmail = email.toLowerCase();
+      const db = c.env.DB;
+      const otpService = new OTPService(db);
+      const settings = { ...DEFAULT_SETTINGS };
+      const verification = await otpService.verifyCode(normalizedEmail, code, settings);
+      if (!verification.valid) {
+        await otpService.incrementAttempts(normalizedEmail, code);
+        return c.json({
+          error: verification.error || "Invalid code",
+          attemptsRemaining: verification.attemptsRemaining
+        }, 401);
+      }
+      const user = await db.prepare(`
+        SELECT id, email, role, is_active
+        FROM users
+        WHERE email = ?
+      `).bind(normalizedEmail).first();
+      if (!user) {
+        return c.json({
+          error: "User not found"
+        }, 404);
+      }
+      if (!user.is_active) {
+        return c.json({
+          error: "Account is deactivated"
+        }, 403);
+      }
+      return c.json({
+        success: true,
+        user: {
+          id: user.id,
+          email: user.email,
+          role: user.role
+        },
+        message: "Authentication successful"
+      });
+    } catch (error) {
+      console.error("OTP verify error:", error);
+      return c.json({
+        error: "An error occurred. Please try again."
+      }, 500);
+    }
+  });
+  otpAPI.post("/resend", async (c) => {
+    try {
+      const body = await c.req.json();
+      const validation = otpRequestSchema.safeParse(body);
+      if (!validation.success) {
+        return c.json({
+          error: "Validation failed",
+          details: validation.error.issues
+        }, 400);
+      }
+      return otpAPI.fetch(
+        new Request(c.req.url.replace("/resend", "/request"), {
+          method: "POST",
+          headers: c.req.raw.headers,
+          body: JSON.stringify({ email: validation.data.email })
+        }),
+        c.env
+      );
+    } catch (error) {
+      console.error("OTP resend error:", error);
+      return c.json({
+        error: "An error occurred. Please try again."
+      }, 500);
+    }
+  });
+  builder.addRoute("/auth/otp", otpAPI, {
+    description: "OTP authentication endpoints",
+    requiresAuth: false,
+    priority: 100
+  });
+  const adminRoutes = new hono.Hono();
+  adminRoutes.get("/settings", async (c) => {
+    const user = c.get("user");
+    const contentHTML = await html.html`
+      <div class="p-8">
+        <div class="mb-8">
+          <h1 class="text-3xl font-bold mb-2">OTP Login Settings</h1>
+          <p class="text-zinc-600 dark:text-zinc-400">Configure passwordless authentication via email codes</p>
+        </div>
+        <div class="max-w-3xl">
+          <div class="backdrop-blur-md bg-black/20 border border-white/10 shadow-xl rounded-xl p-6 mb-6">
+            <h2 class="text-xl font-semibold mb-4">Code Settings</h2>
+            <form id="otpSettingsForm" class="space-y-6">
+              <div>
+                <label for="codeLength" class="block text-sm font-medium mb-2">
+                  Code Length
+                </label>
+                <input
+                  type="number"
+                  id="codeLength"
+                  name="codeLength"
+                  min="4"
+                  max="8"
+                  value="6"
+                  class="w-full px-4 py-2 rounded-lg bg-white/5 border border-white/10 focus:border-blue-500 focus:outline-none"
+                />
+                <p class="text-xs text-zinc-500 mt-1">Number of digits in OTP code (4-8)</p>
+              </div>
+              <div>
+                <label for="codeExpiryMinutes" class="block text-sm font-medium mb-2">
+                  Code Expiry (minutes)
+                </label>
+                <input
+                  type="number"
+                  id="codeExpiryMinutes"
+                  name="codeExpiryMinutes"
+                  min="5"
+                  max="60"
+                  value="10"
+                  class="w-full px-4 py-2 rounded-lg bg-white/5 border border-white/10 focus:border-blue-500 focus:outline-none"
+                />
+                <p class="text-xs text-zinc-500 mt-1">How long codes remain valid (5-60 minutes)</p>
+              </div>
+              <div>
+                <label for="maxAttempts" class="block text-sm font-medium mb-2">
+                  Maximum Attempts
+                </label>
+                <input
+                  type="number"
+                  id="maxAttempts"
+                  name="maxAttempts"
+                  min="3"
+                  max="10"
+                  value="3"
+                  class="w-full px-4 py-2 rounded-lg bg-white/5 border border-white/10 focus:border-blue-500 focus:outline-none"
+                />
+                <p class="text-xs text-zinc-500 mt-1">Max verification attempts before invalidation</p>
+              </div>
+              <div>
+                <label for="rateLimitPerHour" class="block text-sm font-medium mb-2">
+                  Rate Limit (per hour)
+                </label>
+                <input
+                  type="number"
+                  id="rateLimitPerHour"
+                  name="rateLimitPerHour"
+                  min="3"
+                  max="20"
+                  value="5"
+                  class="w-full px-4 py-2 rounded-lg bg-white/5 border border-white/10 focus:border-blue-500 focus:outline-none"
+                />
+                <p class="text-xs text-zinc-500 mt-1">Max code requests per email per hour</p>
+              </div>
+              <div class="flex items-center">
+                <input
+                  type="checkbox"
+                  id="allowNewUserRegistration"
+                  name="allowNewUserRegistration"
+                  class="w-4 h-4 rounded border-white/10"
+                />
+                <label for="allowNewUserRegistration" class="ml-2 text-sm">
+                  Allow new user registration via OTP
+                </label>
+              </div>
+              <div class="flex gap-3 pt-4">
+                <button
+                  type="submit"
+                  class="px-6 py-2 bg-gradient-to-r from-blue-500 to-purple-600 text-white rounded-lg font-medium hover:from-blue-600 hover:to-purple-700 transition-all"
+                >
+                  Save Settings
+                </button>
+                <button
+                  type="button"
+                  id="testOTPBtn"
+                  class="px-6 py-2 bg-white/10 hover:bg-white/20 text-white rounded-lg font-medium transition-all"
+                >
+                  Send Test Code
+                </button>
+              </div>
+            </form>
+          </div>
+          <div id="statusMessage" class="hidden backdrop-blur-md bg-black/20 border border-white/10 rounded-xl p-4 mb-6"></div>
+          <div class="backdrop-blur-md bg-blue-500/10 border border-blue-500/20 rounded-xl p-6">
+            <h3 class="font-semibold text-blue-400 mb-3">
+              🔢 Features
+            </h3>
+            <ul class="text-sm text-blue-200 space-y-2">
+              <li>✓ Passwordless authentication</li>
+              <li>✓ Secure random code generation</li>
+              <li>✓ Rate limiting protection</li>
+              <li>✓ Brute force prevention</li>
+              <li>✓ Mobile-friendly UX</li>
+            </ul>
+          </div>
+        </div>
+      </div>
+      <script>
+        document.getElementById('otpSettingsForm').addEventListener('submit', async (e) => {
+          e.preventDefault()
+          const statusEl = document.getElementById('statusMessage')
+          statusEl.className = 'backdrop-blur-md bg-green-500/20 border border-green-500/30 rounded-xl p-4 mb-6'
+          statusEl.innerHTML = '✅ Settings saved successfully!'
+          statusEl.classList.remove('hidden')
+          setTimeout(() => statusEl.classList.add('hidden'), 3000)
+        })
+        document.getElementById('testOTPBtn').addEventListener('click', async () => {
+          const email = prompt('Enter email address for test:')
+          if (!email) return
+          const statusEl = document.getElementById('statusMessage')
+          statusEl.className = 'backdrop-blur-md bg-blue-500/20 border border-blue-500/30 rounded-xl p-4 mb-6'
+          statusEl.innerHTML = '📧 Sending test code...'
+          statusEl.classList.remove('hidden')
+          try {
+            const response = await fetch('/auth/otp/request', {
+              method: 'POST',
+              headers: { 'Content-Type': 'application/json' },
+              body: JSON.stringify({ email })
+            })
+            const data = await response.json()
+            if (response.ok) {
+              statusEl.className = 'backdrop-blur-md bg-green-500/20 border border-green-500/30 rounded-xl p-4 mb-6'
+              statusEl.innerHTML = '✅ Test code sent!' + (data.dev_code ? \` Code: <strong>\${data.dev_code}</strong>\` : '')
+            } else {
+              throw new Error(data.error || 'Failed')
+            }
+          } catch (error) {
+            statusEl.className = 'backdrop-blur-md bg-red-500/20 border border-red-500/30 rounded-xl p-4 mb-6'
+            statusEl.innerHTML = '❌ Failed to send test code'
+          }
+        })
+      </script>
+    `;
+    const templateUser = user ? {
+      name: user.name ?? user.email ?? "Admin",
+      email: user.email ?? "admin@sonicjs.com",
+      role: user.role ?? "admin"
+    } : void 0;
+    return c.html(
+      chunkAZLU3ROK_cjs.adminLayoutV2({
+        title: "OTP Login Settings",
+        content: contentHTML,
+        user: templateUser,
+        currentPath: "/admin/plugins/otp-login/settings"
+      })
+    );
+  });
+  builder.addRoute("/admin/plugins/otp-login", adminRoutes, {
+    description: "OTP login admin interface",
+    requiresAuth: true,
+    priority: 85
+  });
+  builder.addMenuItem("OTP Login", "/admin/plugins/otp-login/settings", {
+    icon: "key",
+    order: 85,
+    permissions: ["otp:manage"]
+  });
+  builder.lifecycle({
+    activate: async () => {
+      console.info("\u2705 OTP Login plugin activated");
+    },
+    deactivate: async () => {
+      console.info("\u274C OTP Login plugin deactivated");
+    }
+  });
+  return builder.build();
+}
+var otpLoginPlugin = createOTPLoginPlugin();
+var magicLinkRequestSchema = zod.z.object({
+  email: zod.z.string().email("Valid email is required")
+});
+function createMagicLinkAuthPlugin() {
+  const magicLinkRoutes = new hono.Hono();
+  magicLinkRoutes.post("/request", async (c) => {
+    try {
+      const body = await c.req.json();
+      const validation = magicLinkRequestSchema.safeParse(body);
+      if (!validation.success) {
+        return c.json({
+          error: "Validation failed",
+          details: validation.error.issues
+        }, 400);
+      }
+      const { email } = validation.data;
+      const normalizedEmail = email.toLowerCase();
+      const db = c.env.DB;
+      const oneHourAgo = Date.now() - 60 * 60 * 1e3;
+      const recentLinks = await db.prepare(`
+        SELECT COUNT(*) as count
+        FROM magic_links
+        WHERE user_email = ? AND created_at > ?
+      `).bind(normalizedEmail, oneHourAgo).first();
+      const rateLimitPerHour = 5;
+      if (recentLinks && recentLinks.count >= rateLimitPerHour) {
+        return c.json({
+          error: "Too many requests. Please try again later."
+        }, 429);
+      }
+      const user = await db.prepare(`
+        SELECT id, email, role, is_active
+        FROM users
+        WHERE email = ?
+      `).bind(normalizedEmail).first();
+      const allowNewUsers = false;
+      if (!user && !allowNewUsers) {
+        return c.json({
+          message: "If an account exists for this email, you will receive a magic link shortly."
+        });
+      }
+      if (user && !user.is_active) {
+        return c.json({
+          error: "This account has been deactivated."
+        }, 403);
+      }
+      const token = crypto.randomUUID() + "-" + crypto.randomUUID();
+      const tokenId = crypto.randomUUID();
+      const linkExpiryMinutes = 15;
+      const expiresAt = Date.now() + linkExpiryMinutes * 60 * 1e3;
+      await db.prepare(`
+        INSERT INTO magic_links (
+          id, user_email, token, expires_at, used, created_at, ip_address, user_agent
+        ) VALUES (?, ?, ?, ?, 0, ?, ?, ?)
+      `).bind(
+        tokenId,
+        normalizedEmail,
+        token,
+        expiresAt,
+        Date.now(),
+        c.req.header("cf-connecting-ip") || c.req.header("x-forwarded-for") || "unknown",
+        c.req.header("user-agent") || "unknown"
+      ).run();
+      const baseUrl = new URL(c.req.url).origin;
+      const magicLink = `${baseUrl}/auth/magic-link/verify?token=${token}`;
+      try {
+        const emailPlugin2 = c.env.plugins?.get("email");
+        if (emailPlugin2 && emailPlugin2.sendEmail) {
+          await emailPlugin2.sendEmail({
+            to: normalizedEmail,
+            subject: "Your Magic Link to Sign In",
+            html: renderMagicLinkEmail(magicLink, linkExpiryMinutes)
+          });
+        } else {
+          console.error("Email plugin not available");
+          console.log(`Magic link for ${normalizedEmail}: ${magicLink}`);
+        }
+      } catch (error) {
+        console.error("Failed to send magic link email:", error);
+        return c.json({
+          error: "Failed to send email. Please try again later."
+        }, 500);
+      }
+      return c.json({
+        message: "If an account exists for this email, you will receive a magic link shortly.",
+        // For development only - remove in production
+        ...c.env.ENVIRONMENT === "development" && { dev_link: magicLink }
+      });
+    } catch (error) {
+      console.error("Magic link request error:", error);
+      return c.json({ error: "Failed to process request" }, 500);
+    }
+  });
+  magicLinkRoutes.get("/verify", async (c) => {
+    try {
+      const token = c.req.query("token");
+      if (!token) {
+        return c.redirect("/auth/login?error=Invalid magic link");
+      }
+      const db = c.env.DB;
+      const magicLink = await db.prepare(`
+        SELECT * FROM magic_links
+        WHERE token = ? AND used = 0
+      `).bind(token).first();
+      if (!magicLink) {
+        return c.redirect("/auth/login?error=Invalid or expired magic link");
+      }
+      if (magicLink.expires_at < Date.now()) {
+        return c.redirect("/auth/login?error=This magic link has expired");
+      }
+      let user = await db.prepare(`
+        SELECT * FROM users WHERE email = ? AND is_active = 1
+      `).bind(magicLink.user_email).first();
+      const allowNewUsers = false;
+      if (!user && allowNewUsers) {
+        const userId = crypto.randomUUID();
+        const username = magicLink.user_email.split("@")[0];
+        const now = Date.now();
+        await db.prepare(`
+          INSERT INTO users (
+            id, email, username, first_name, last_name,
+            password_hash, role, is_active, created_at, updated_at
+          ) VALUES (?, ?, ?, ?, ?, NULL, 'viewer', 1, ?, ?)
+        `).bind(
+          userId,
+          magicLink.user_email,
+          username,
+          username,
+          "",
+          now,
+          now
+        ).run();
+        user = {
+          id: userId,
+          email: magicLink.user_email,
+          username,
+          role: "viewer"
+        };
+      } else if (!user) {
+        return c.redirect("/auth/login?error=No account found for this email");
+      }
+      await db.prepare(`
+        UPDATE magic_links
+        SET used = 1, used_at = ?
+        WHERE id = ?
+      `).bind(Date.now(), magicLink.id).run();
+      const jwtToken = await chunkQG3YQKL4_cjs.AuthManager.generateToken(
+        user.id,
+        user.email,
+        user.role
+      );
+      chunkQG3YQKL4_cjs.AuthManager.setAuthCookie(c, jwtToken);
+      await db.prepare(`
+        UPDATE users SET last_login_at = ? WHERE id = ?
+      `).bind(Date.now(), user.id).run();
+      return c.redirect("/admin/dashboard?message=Successfully signed in");
+    } catch (error) {
+      console.error("Magic link verification error:", error);
+      return c.redirect("/auth/login?error=Authentication failed");
+    }
+  });
+  return {
+    name: "magic-link-auth",
+    version: "1.0.0",
+    description: "Passwordless authentication via email magic links",
+    author: {
+      name: "SonicJS Team",
+      email: "team@sonicjs.com"
+    },
+    dependencies: ["email"],
+    routes: [{
+      path: "/auth/magic-link",
+      handler: magicLinkRoutes,
+      description: "Magic link authentication endpoints",
+      requiresAuth: false
+    }],
+    async install(context) {
+      console.log("Installing magic-link-auth plugin...");
+    },
+    async activate(context) {
+      console.log("Magic link authentication activated");
+      console.log("Users can now sign in via /auth/magic-link/request");
+    },
+    async deactivate(context) {
+      console.log("Magic link authentication deactivated");
+    },
+    async uninstall(context) {
+      console.log("Uninstalling magic-link-auth plugin...");
+    }
+  };
+}
+function renderMagicLinkEmail(magicLink, expiryMinutes) {
+  return `
+    <!DOCTYPE html>
+    <html>
+    <head>
+      <meta charset="utf-8">
+      <meta name="viewport" content="width=device-width, initial-scale=1.0">
+      <title>Your Magic Link</title>
+      <style>
+        body {
+          font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Arial, sans-serif;
+          line-height: 1.6;
+          color: #333;
+          max-width: 600px;
+          margin: 0 auto;
+          padding: 20px;
+        }
+        .container {
+          background: #ffffff;
+          border-radius: 8px;
+          padding: 40px;
+          box-shadow: 0 2px 4px rgba(0,0,0,0.1);
+        }
+        .header {
+          text-align: center;
+          margin-bottom: 30px;
+        }
+        .header h1 {
+          color: #0ea5e9;
+          margin: 0;
+          font-size: 24px;
+        }
+        .content {
+          margin-bottom: 30px;
+        }
+        .button {
+          display: inline-block;
+          padding: 14px 32px;
+          background: linear-gradient(135deg, #0ea5e9 0%, #06b6d4 100%);
+          color: #ffffff !important;
+          text-decoration: none;
+          border-radius: 6px;
+          font-weight: 600;
+          text-align: center;
+          margin: 20px 0;
+        }
+        .button:hover {
+          opacity: 0.9;
+        }
+        .expiry {
+          color: #ef4444;
+          font-size: 14px;
+          margin-top: 20px;
+        }
+        .footer {
+          margin-top: 40px;
+          padding-top: 20px;
+          border-top: 1px solid #e5e7eb;
+          font-size: 12px;
+          color: #6b7280;
+          text-align: center;
+        }
+        .security-note {
+          background: #fef3c7;
+          border-left: 4px solid #f59e0b;
+          padding: 12px 16px;
+          margin-top: 20px;
+          border-radius: 4px;
+          font-size: 14px;
+        }
+      </style>
+    </head>
+    <body>
+      <div class="container">
+        <div class="header">
+          <h1>\u{1F517} Your Magic Link</h1>
+        </div>
+        <div class="content">
+          <p>Hello!</p>
+          <p>You requested a magic link to sign in to your account. Click the button below to continue:</p>
+          <div style="text-align: center;">
+            <a href="${magicLink}" class="button">Sign In</a>
+          </div>
+          <p class="expiry">\u23F0 This link expires in ${expiryMinutes} minutes</p>
+          <div class="security-note">
+            <strong>Security Notice:</strong> If you didn't request this link, you can safely ignore this email.
+            Someone may have entered your email address by mistake.
+          </div>
+        </div>
+        <div class="footer">
+          <p>This is an automated email from SonicJS.</p>
+          <p>For security, this link can only be used once.</p>
+        </div>
+      </div>
+    </body>
+    </html>
+  `;
+}
+createMagicLinkAuthPlugin();
 // src/app.ts
 function createSonicJSApp(config = {}) {
   const app = new hono.Hono();
-  const appVersion = config.version || chunkW2IAEG4W_cjs.getCoreVersion();
+  const appVersion = config.version || chunkH2X4BFCW_cjs.getCoreVersion();
   const appName = config.name || "SonicJS AI";
   app.use("*", async (c, next) => {
     c.set("appVersion", appVersion);
     await next();
   });
-  app.use("*", chunk5NCBFP37_cjs.metricsMiddleware());
-  app.use("*", chunk5NCBFP37_cjs.bootstrapMiddleware(config));
+  app.use("*", chunkQG3YQKL4_cjs.metricsMiddleware());
+  app.use("*", chunkQG3YQKL4_cjs.bootstrapMiddleware(config));
   if (config.middleware?.beforeAuth) {
     for (const middleware of config.middleware.beforeAuth) {
       app.use("*", middleware);
@@ -1137,26 +2150,37 @@ function createSonicJSApp(config = {}) {
       app.use("*", middleware);
     }
   }
-  app.route("/api", chunkARLXQU2S_cjs.api_default);
-  app.route("/api/media", chunkARLXQU2S_cjs.api_media_default);
-  app.route("/api/system", chunkARLXQU2S_cjs.api_system_default);
-  app.route("/admin/api", chunkARLXQU2S_cjs.admin_api_default);
-  app.route("/admin/dashboard", chunkARLXQU2S_cjs.router);
-  app.route("/admin/collections", chunkARLXQU2S_cjs.adminCollectionsRoutes);
-  app.route("/admin/settings", chunkARLXQU2S_cjs.adminSettingsRoutes);
+  app.route("/api", chunk5OLN5JO3_cjs.api_default);
+  app.route("/api/media", chunk5OLN5JO3_cjs.api_media_default);
+  app.route("/api/system", chunk5OLN5JO3_cjs.api_system_default);
+  app.route("/admin/api", chunk5OLN5JO3_cjs.admin_api_default);
+  app.route("/admin/dashboard", chunk5OLN5JO3_cjs.router);
+  app.route("/admin/collections", chunk5OLN5JO3_cjs.adminCollectionsRoutes);
+  app.route("/admin/settings", chunk5OLN5JO3_cjs.adminSettingsRoutes);
   app.route("/admin/database-tools", createDatabaseToolsAdminRoutes());
-  app.route("/admin/content", chunkARLXQU2S_cjs.admin_content_default);
-  app.route("/admin/media", chunkARLXQU2S_cjs.adminMediaRoutes);
-  app.route("/admin/plugins", chunkARLXQU2S_cjs.adminPluginRoutes);
-  app.route("/admin/logs", chunkARLXQU2S_cjs.adminLogsRoutes);
-  app.route("/admin", chunkARLXQU2S_cjs.userRoutes);
-  app.route("/auth", chunkARLXQU2S_cjs.auth_default);
-  app.route("/", chunkARLXQU2S_cjs.test_cleanup_default);
+  app.route("/admin/content", chunk5OLN5JO3_cjs.admin_content_default);
+  app.route("/admin/media", chunk5OLN5JO3_cjs.adminMediaRoutes);
+  app.route("/admin/plugins", chunk5OLN5JO3_cjs.adminPluginRoutes);
+  app.route("/admin/logs", chunk5OLN5JO3_cjs.adminLogsRoutes);
+  app.route("/admin", chunk5OLN5JO3_cjs.userRoutes);
+  app.route("/auth", chunk5OLN5JO3_cjs.auth_default);
+  app.route("/", chunk5OLN5JO3_cjs.test_cleanup_default);
   if (emailPlugin.routes && emailPlugin.routes.length > 0) {
     for (const route of emailPlugin.routes) {
       app.route(route.path, route.handler);
     }
   }
+  if (otpLoginPlugin.routes && otpLoginPlugin.routes.length > 0) {
+    for (const route of otpLoginPlugin.routes) {
+      app.route(route.path, route.handler);
+    }
+  }
+  const magicLinkPlugin = createMagicLinkAuthPlugin();
+  if (magicLinkPlugin.routes && magicLinkPlugin.routes.length > 0) {
+    for (const route of magicLinkPlugin.routes) {
+      app.route(route.path, route.handler);
+    }
+  }
   app.get("/files/*", async (c) => {
     try {
       const url = new URL(c.req.url);
@@ -1220,83 +2244,83 @@ function createDb(d1$1) {
 }
 // src/index.ts
-var VERSION = chunkW2IAEG4W_cjs.package_default.version;
+var VERSION = chunkH2X4BFCW_cjs.package_default.version;
 Object.defineProperty(exports, "ROUTES_INFO", {
   enumerable: true,
-  get: function () { return chunkARLXQU2S_cjs.ROUTES_INFO; }
+  get: function () { return chunk5OLN5JO3_cjs.ROUTES_INFO; }
 });
 Object.defineProperty(exports, "adminApiRoutes", {
   enumerable: true,
-  get: function () { return chunkARLXQU2S_cjs.admin_api_default; }
+  get: function () { return chunk5OLN5JO3_cjs.admin_api_default; }
 });
 Object.defineProperty(exports, "adminCheckboxRoutes", {
   enumerable: true,
-  get: function () { return chunkARLXQU2S_cjs.adminCheckboxRoutes; }
+  get: function () { return chunk5OLN5JO3_cjs.adminCheckboxRoutes; }
 });
 Object.defineProperty(exports, "adminCodeExamplesRoutes", {
   enumerable: true,
-  get: function () { return chunkARLXQU2S_cjs.admin_code_examples_default; }
+  get: function () { return chunk5OLN5JO3_cjs.admin_code_examples_default; }
 });
 Object.defineProperty(exports, "adminCollectionsRoutes", {
   enumerable: true,
-  get: function () { return chunkARLXQU2S_cjs.adminCollectionsRoutes; }
+  get: function () { return chunk5OLN5JO3_cjs.adminCollectionsRoutes; }
 });
 Object.defineProperty(exports, "adminContentRoutes", {
   enumerable: true,
-  get: function () { return chunkARLXQU2S_cjs.admin_content_default; }
+  get: function () { return chunk5OLN5JO3_cjs.admin_content_default; }
 });
 Object.defineProperty(exports, "adminDashboardRoutes", {
   enumerable: true,
-  get: function () { return chunkARLXQU2S_cjs.router; }
+  get: function () { return chunk5OLN5JO3_cjs.router; }
 });
 Object.defineProperty(exports, "adminDesignRoutes", {
   enumerable: true,
-  get: function () { return chunkARLXQU2S_cjs.adminDesignRoutes; }
+  get: function () { return chunk5OLN5JO3_cjs.adminDesignRoutes; }
 });
 Object.defineProperty(exports, "adminLogsRoutes", {
   enumerable: true,
-  get: function () { return chunkARLXQU2S_cjs.adminLogsRoutes; }
+  get: function () { return chunk5OLN5JO3_cjs.adminLogsRoutes; }
 });
 Object.defineProperty(exports, "adminMediaRoutes", {
   enumerable: true,
-  get: function () { return chunkARLXQU2S_cjs.adminMediaRoutes; }
+  get: function () { return chunk5OLN5JO3_cjs.adminMediaRoutes; }
 });
 Object.defineProperty(exports, "adminPluginRoutes", {
   enumerable: true,
-  get: function () { return chunkARLXQU2S_cjs.adminPluginRoutes; }
+  get: function () { return chunk5OLN5JO3_cjs.adminPluginRoutes; }
 });
 Object.defineProperty(exports, "adminSettingsRoutes", {
   enumerable: true,
-  get: function () { return chunkARLXQU2S_cjs.adminSettingsRoutes; }
+  get: function () { return chunk5OLN5JO3_cjs.adminSettingsRoutes; }
 });
 Object.defineProperty(exports, "adminTestimonialsRoutes", {
   enumerable: true,
-  get: function () { return chunkARLXQU2S_cjs.admin_testimonials_default; }
+  get: function () { return chunk5OLN5JO3_cjs.admin_testimonials_default; }
 });
 Object.defineProperty(exports, "adminUsersRoutes", {
   enumerable: true,
-  get: function () { return chunkARLXQU2S_cjs.userRoutes; }
+  get: function () { return chunk5OLN5JO3_cjs.userRoutes; }
 });
 Object.defineProperty(exports, "apiContentCrudRoutes", {
   enumerable: true,
-  get: function () { return chunkARLXQU2S_cjs.api_content_crud_default; }
+  get: function () { return chunk5OLN5JO3_cjs.api_content_crud_default; }
 });
 Object.defineProperty(exports, "apiMediaRoutes", {
   enumerable: true,
-  get: function () { return chunkARLXQU2S_cjs.api_media_default; }
+  get: function () { return chunk5OLN5JO3_cjs.api_media_default; }
 });
 Object.defineProperty(exports, "apiRoutes", {
   enumerable: true,
-  get: function () { return chunkARLXQU2S_cjs.api_default; }
+  get: function () { return chunk5OLN5JO3_cjs.api_default; }
 });
 Object.defineProperty(exports, "apiSystemRoutes", {
   enumerable: true,
-  get: function () { return chunkARLXQU2S_cjs.api_system_default; }
+  get: function () { return chunk5OLN5JO3_cjs.api_system_default; }
 });
 Object.defineProperty(exports, "authRoutes", {
   enumerable: true,
-  get: function () { return chunkARLXQU2S_cjs.auth_default; }
+  get: function () { return chunk5OLN5JO3_cjs.auth_default; }
 });
 Object.defineProperty(exports, "Logger", {
   enumerable: true,
@@ -1464,83 +2488,83 @@ Object.defineProperty(exports, "workflowHistory", {
 });
 Object.defineProperty(exports, "AuthManager", {
   enumerable: true,
-  get: function () { return chunk5NCBFP37_cjs.AuthManager; }
+  get: function () { return chunkQG3YQKL4_cjs.AuthManager; }
 });
 Object.defineProperty(exports, "PermissionManager", {
   enumerable: true,
-  get: function () { return chunk5NCBFP37_cjs.PermissionManager; }
+  get: function () { return chunkQG3YQKL4_cjs.PermissionManager; }
 });
 Object.defineProperty(exports, "bootstrapMiddleware", {
   enumerable: true,
-  get: function () { return chunk5NCBFP37_cjs.bootstrapMiddleware; }
+  get: function () { return chunkQG3YQKL4_cjs.bootstrapMiddleware; }
 });
 Object.defineProperty(exports, "cacheHeaders", {
   enumerable: true,
-  get: function () { return chunk5NCBFP37_cjs.cacheHeaders; }
+  get: function () { return chunkQG3YQKL4_cjs.cacheHeaders; }
 });
 Object.defineProperty(exports, "compressionMiddleware", {
   enumerable: true,
-  get: function () { return chunk5NCBFP37_cjs.compressionMiddleware; }
+  get: function () { return chunkQG3YQKL4_cjs.compressionMiddleware; }
 });
 Object.defineProperty(exports, "detailedLoggingMiddleware", {
   enumerable: true,
-  get: function () { return chunk5NCBFP37_cjs.detailedLoggingMiddleware; }
+  get: function () { return chunkQG3YQKL4_cjs.detailedLoggingMiddleware; }
 });
 Object.defineProperty(exports, "getActivePlugins", {
   enumerable: true,
-  get: function () { return chunk5NCBFP37_cjs.getActivePlugins; }
+  get: function () { return chunkQG3YQKL4_cjs.getActivePlugins; }
 });
 Object.defineProperty(exports, "isPluginActive", {
   enumerable: true,
-  get: function () { return chunk5NCBFP37_cjs.isPluginActive; }
+  get: function () { return chunkQG3YQKL4_cjs.isPluginActive; }
 });
 Object.defineProperty(exports, "logActivity", {
   enumerable: true,
-  get: function () { return chunk5NCBFP37_cjs.logActivity; }
+  get: function () { return chunkQG3YQKL4_cjs.logActivity; }
 });
 Object.defineProperty(exports, "loggingMiddleware", {
   enumerable: true,
-  get: function () { return chunk5NCBFP37_cjs.loggingMiddleware; }
+  get: function () { return chunkQG3YQKL4_cjs.loggingMiddleware; }
 });
 Object.defineProperty(exports, "optionalAuth", {
   enumerable: true,
-  get: function () { return chunk5NCBFP37_cjs.optionalAuth; }
+  get: function () { return chunkQG3YQKL4_cjs.optionalAuth; }
 });
 Object.defineProperty(exports, "performanceLoggingMiddleware", {
   enumerable: true,
-  get: function () { return chunk5NCBFP37_cjs.performanceLoggingMiddleware; }
+  get: function () { return chunkQG3YQKL4_cjs.performanceLoggingMiddleware; }
 });
 Object.defineProperty(exports, "requireActivePlugin", {
   enumerable: true,
-  get: function () { return chunk5NCBFP37_cjs.requireActivePlugin; }
+  get: function () { return chunkQG3YQKL4_cjs.requireActivePlugin; }
 });
 Object.defineProperty(exports, "requireActivePlugins", {
   enumerable: true,
-  get: function () { return chunk5NCBFP37_cjs.requireActivePlugins; }
+  get: function () { return chunkQG3YQKL4_cjs.requireActivePlugins; }
 });
 Object.defineProperty(exports, "requireAnyPermission", {
   enumerable: true,
-  get: function () { return chunk5NCBFP37_cjs.requireAnyPermission; }
+  get: function () { return chunkQG3YQKL4_cjs.requireAnyPermission; }
 });
 Object.defineProperty(exports, "requireAuth", {
   enumerable: true,
-  get: function () { return chunk5NCBFP37_cjs.requireAuth; }
+  get: function () { return chunkQG3YQKL4_cjs.requireAuth; }
 });
 Object.defineProperty(exports, "requirePermission", {
   enumerable: true,
-  get: function () { return chunk5NCBFP37_cjs.requirePermission; }
+  get: function () { return chunkQG3YQKL4_cjs.requirePermission; }
 });
 Object.defineProperty(exports, "requireRole", {
   enumerable: true,
-  get: function () { return chunk5NCBFP37_cjs.requireRole; }
+  get: function () { return chunkQG3YQKL4_cjs.requireRole; }
 });
 Object.defineProperty(exports, "securityHeaders", {
   enumerable: true,
-  get: function () { return chunk5NCBFP37_cjs.securityHeaders; }
+  get: function () { return chunkQG3YQKL4_cjs.securityHeaders; }
 });
 Object.defineProperty(exports, "securityLoggingMiddleware", {
   enumerable: true,
-  get: function () { return chunk5NCBFP37_cjs.securityLoggingMiddleware; }
+  get: function () { return chunkQG3YQKL4_cjs.securityLoggingMiddleware; }
 });
 Object.defineProperty(exports, "PluginBootstrapService", {
   enumerable: true,
@@ -1596,39 +2620,39 @@ Object.defineProperty(exports, "validateCollectionConfig", {
 });
 Object.defineProperty(exports, "MigrationService", {
   enumerable: true,
-  get: function () { return chunkW4CE7XME_cjs.MigrationService; }
+  get: function () { return chunk63LV4YVI_cjs.MigrationService; }
 });
 Object.defineProperty(exports, "renderFilterBar", {
   enumerable: true,
-  get: function () { return chunkXR6XACXJ_cjs.renderFilterBar; }
+  get: function () { return chunkYIXSSJWD_cjs.renderFilterBar; }
 });
 Object.defineProperty(exports, "getConfirmationDialogScript", {
   enumerable: true,
-  get: function () { return chunkMF7DWI5P_cjs.getConfirmationDialogScript; }
+  get: function () { return chunkAZLU3ROK_cjs.getConfirmationDialogScript; }
 });
 Object.defineProperty(exports, "renderAlert", {
   enumerable: true,
-  get: function () { return chunkMF7DWI5P_cjs.renderAlert; }
+  get: function () { return chunkAZLU3ROK_cjs.renderAlert; }
 });
 Object.defineProperty(exports, "renderConfirmationDialog", {
   enumerable: true,
-  get: function () { return chunkMF7DWI5P_cjs.renderConfirmationDialog; }
+  get: function () { return chunkAZLU3ROK_cjs.renderConfirmationDialog; }
 });
 Object.defineProperty(exports, "renderForm", {
   enumerable: true,
-  get: function () { return chunkMF7DWI5P_cjs.renderForm; }
+  get: function () { return chunkAZLU3ROK_cjs.renderForm; }
 });
 Object.defineProperty(exports, "renderFormField", {
   enumerable: true,
-  get: function () { return chunkMF7DWI5P_cjs.renderFormField; }
+  get: function () { return chunkAZLU3ROK_cjs.renderFormField; }
 });
 Object.defineProperty(exports, "renderPagination", {
   enumerable: true,
-  get: function () { return chunkMF7DWI5P_cjs.renderPagination; }
+  get: function () { return chunkAZLU3ROK_cjs.renderPagination; }
 });
 Object.defineProperty(exports, "renderTable", {
   enumerable: true,
-  get: function () { return chunkMF7DWI5P_cjs.renderTable; }
+  get: function () { return chunkAZLU3ROK_cjs.renderTable; }
 });
 Object.defineProperty(exports, "HookSystemImpl", {
   enumerable: true,
@@ -1656,43 +2680,43 @@ Object.defineProperty(exports, "ScopedHookSystemClass", {
 });
 Object.defineProperty(exports, "QueryFilterBuilder", {
   enumerable: true,
-  get: function () { return chunkW2IAEG4W_cjs.QueryFilterBuilder; }
+  get: function () { return chunkH2X4BFCW_cjs.QueryFilterBuilder; }
 });
 Object.defineProperty(exports, "SONICJS_VERSION", {
   enumerable: true,
-  get: function () { return chunkW2IAEG4W_cjs.SONICJS_VERSION; }
+  get: function () { return chunkH2X4BFCW_cjs.SONICJS_VERSION; }
 });
 Object.defineProperty(exports, "TemplateRenderer", {
   enumerable: true,
-  get: function () { return chunkW2IAEG4W_cjs.TemplateRenderer; }
+  get: function () { return chunkH2X4BFCW_cjs.TemplateRenderer; }
 });
 Object.defineProperty(exports, "buildQuery", {
   enumerable: true,
-  get: function () { return chunkW2IAEG4W_cjs.buildQuery; }
+  get: function () { return chunkH2X4BFCW_cjs.buildQuery; }
 });
 Object.defineProperty(exports, "escapeHtml", {
   enumerable: true,
-  get: function () { return chunkW2IAEG4W_cjs.escapeHtml; }
+  get: function () { return chunkH2X4BFCW_cjs.escapeHtml; }
 });
 Object.defineProperty(exports, "getCoreVersion", {
   enumerable: true,
-  get: function () { return chunkW2IAEG4W_cjs.getCoreVersion; }
+  get: function () { return chunkH2X4BFCW_cjs.getCoreVersion; }
 });
 Object.defineProperty(exports, "renderTemplate", {
   enumerable: true,
-  get: function () { return chunkW2IAEG4W_cjs.renderTemplate; }
+  get: function () { return chunkH2X4BFCW_cjs.renderTemplate; }
 });
 Object.defineProperty(exports, "sanitizeInput", {
   enumerable: true,
-  get: function () { return chunkW2IAEG4W_cjs.sanitizeInput; }
+  get: function () { return chunkH2X4BFCW_cjs.sanitizeInput; }
 });
 Object.defineProperty(exports, "sanitizeObject", {
   enumerable: true,
-  get: function () { return chunkW2IAEG4W_cjs.sanitizeObject; }
+  get: function () { return chunkH2X4BFCW_cjs.sanitizeObject; }
 });
 Object.defineProperty(exports, "templateRenderer", {
   enumerable: true,
-  get: function () { return chunkW2IAEG4W_cjs.templateRenderer; }
+  get: function () { return chunkH2X4BFCW_cjs.templateRenderer; }
 });
 Object.defineProperty(exports, "metricsTracker", {
   enumerable: true,