@sonicjs-cms/core 2.9.0 → 2.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. package/dist/{chunk-YFJJU26H.js → chunk-27AOVQTR.js} +10 -2
  2. package/dist/chunk-27AOVQTR.js.map +1 -0
  3. package/dist/{chunk-25YNV4RK.js → chunk-4TTMQQC7.js} +4 -4
  4. package/dist/{chunk-25YNV4RK.js.map → chunk-4TTMQQC7.js.map} +1 -1
  5. package/dist/{chunk-STTZVLY2.js → chunk-6O3RJV3C.js} +2 -2
  6. package/dist/{chunk-STTZVLY2.js.map → chunk-6O3RJV3C.js.map} +1 -1
  7. package/dist/{chunk-SHU7Q66Q.cjs → chunk-EKPLKUZT.cjs} +7 -3
  8. package/dist/chunk-EKPLKUZT.cjs.map +1 -0
  9. package/dist/{chunk-MPT5PA6U.cjs → chunk-IIBRG5S5.cjs} +10 -2
  10. package/dist/chunk-IIBRG5S5.cjs.map +1 -0
  11. package/dist/{chunk-DQZVU3WB.cjs → chunk-IT2TC4ZD.cjs} +7 -7
  12. package/dist/{chunk-DQZVU3WB.cjs.map → chunk-IT2TC4ZD.cjs.map} +1 -1
  13. package/dist/{chunk-3FHMXGLF.js → chunk-IZWNIUJI.js} +7 -3
  14. package/dist/chunk-IZWNIUJI.js.map +1 -0
  15. package/dist/{chunk-2JGQKF7B.js → chunk-JTNUM7JE.js} +1042 -152
  16. package/dist/chunk-JTNUM7JE.js.map +1 -0
  17. package/dist/{chunk-KSB6FXOP.cjs → chunk-RCA6R6VE.cjs} +1130 -240
  18. package/dist/chunk-RCA6R6VE.cjs.map +1 -0
  19. package/dist/{chunk-LDFMYRG6.cjs → chunk-ZMVWMJ3S.cjs} +2 -2
  20. package/dist/{chunk-LDFMYRG6.cjs.map → chunk-ZMVWMJ3S.cjs.map} +1 -1
  21. package/dist/{collection-config-DckWhkdL.d.cts → collection-config-B4PG-AaF.d.cts} +2 -0
  22. package/dist/{collection-config-DckWhkdL.d.ts → collection-config-B4PG-AaF.d.ts} +2 -0
  23. package/dist/index.cjs +97 -97
  24. package/dist/index.d.cts +3 -3
  25. package/dist/index.d.ts +3 -3
  26. package/dist/index.js +8 -8
  27. package/dist/middleware.cjs +29 -29
  28. package/dist/middleware.js +3 -3
  29. package/dist/migrations-N2C2VPJU.js +4 -0
  30. package/dist/{migrations-SZSR3C3G.js.map → migrations-N2C2VPJU.js.map} +1 -1
  31. package/dist/migrations-ONIAY6GK.cjs +13 -0
  32. package/dist/{migrations-QQWGDWGB.cjs.map → migrations-ONIAY6GK.cjs.map} +1 -1
  33. package/dist/{plugin-bootstrap-BAz7NY0H.d.cts → plugin-bootstrap-WmpvYM5w.d.ts} +1 -1
  34. package/dist/{plugin-bootstrap-Cz3-bj8X.d.ts → plugin-bootstrap-fpG98Otb.d.cts} +1 -1
  35. package/dist/routes.cjs +28 -28
  36. package/dist/routes.js +5 -5
  37. package/dist/services.cjs +16 -16
  38. package/dist/services.d.cts +2 -2
  39. package/dist/services.d.ts +2 -2
  40. package/dist/services.js +2 -2
  41. package/dist/types.d.cts +1 -1
  42. package/dist/types.d.ts +1 -1
  43. package/dist/utils.cjs +11 -11
  44. package/dist/utils.d.cts +1 -1
  45. package/dist/utils.d.ts +1 -1
  46. package/dist/utils.js +1 -1
  47. package/package.json +5 -1
  48. package/dist/chunk-2JGQKF7B.js.map +0 -1
  49. package/dist/chunk-3FHMXGLF.js.map +0 -1
  50. package/dist/chunk-KSB6FXOP.cjs.map +0 -1
  51. package/dist/chunk-MPT5PA6U.cjs.map +0 -1
  52. package/dist/chunk-SHU7Q66Q.cjs.map +0 -1
  53. package/dist/chunk-YFJJU26H.js.map +0 -1
  54. package/dist/migrations-QQWGDWGB.cjs +0 -13
  55. package/dist/migrations-SZSR3C3G.js +0 -4
package/dist/{chunk-YFJJU26H.js → chunk-27AOVQTR.js} RENAMED
@@ -109,6 +109,14 @@ function validateCollectionConfig(config) {
109
109
  if (fieldConfig.type === "reference" && !fieldConfig.collection) {
110
110
  errors.push(`Reference field "${fieldName}" is missing collection property`);
111
111
  }
112
+ const layoutValue = fieldConfig.objectLayout;
113
+ if (layoutValue !== void 0) {
114
+ if (fieldConfig.type !== "object") {
115
+ errors.push(`Field "${fieldName}" uses objectLayout but is not an object field`);
116
+ } else if (!["nested", "flat"].includes(layoutValue)) {
117
+ errors.push(`Object field "${fieldName}" has invalid objectLayout. Use "nested" or "flat"`);
118
+ }
119
+ }
112
120
  if (["select", "multiselect", "radio"].includes(fieldConfig.type) && !fieldConfig.enum) {
113
121
  errors.push(`Select field "${fieldName}" is missing enum options`);
114
122
  }
@@ -815,5 +823,5 @@ var PluginBootstrapService = class {
815
823
  };
816
824
 
817
825
  export { PluginBootstrapService, PluginService, cleanupRemovedCollections, fullCollectionSync, getAvailableCollectionNames, getManagedCollections, isCollectionManaged, loadCollectionConfig, loadCollectionConfigs, registerCollections, syncCollection, syncCollections, validateCollectionConfig };
818
- //# sourceMappingURL=chunk-YFJJU26H.js.map
819
- //# sourceMappingURL=chunk-YFJJU26H.js.map
826
+ //# sourceMappingURL=chunk-27AOVQTR.js.map
827
+ //# sourceMappingURL=chunk-27AOVQTR.js.map
package/dist/chunk-27AOVQTR.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/services/collection-loader.ts","../src/services/collection-sync.ts","../src/services/plugin-service.ts","../src/services/plugin-bootstrap.ts"],"names":[],"mappings":";AAUA,IAAM,wBAA4C,EAAC;AAM5C,SAAS,oBAAoB,WAAA,EAAuC;AACzE,EAAA,KAAA,MAAW,UAAU,WAAA,EAAa;AAEhC,IAAA,IAAI,CAAC,OAAO,IAAA,IAAQ,CAAC,OAAO,WAAA,IAAe,CAAC,OAAO,MAAA,EAAQ;AACzD,MAAA,OAAA,CAAQ,KAAA,CAAM,sDAAsD,MAAM,CAAA;AAC1E,MAAA;AAAA,IACF;AAGA,IAAA,MAAM,gBAAA,GAAqC;AAAA,MACzC,GAAG,MAAA;AAAA,MACH,OAAA,EAAS,MAAA,CAAO,OAAA,KAAY,MAAA,GAAY,OAAO,OAAA,GAAU,IAAA;AAAA,MACzD,QAAA,EAAU,MAAA,CAAO,QAAA,KAAa,MAAA,GAAY,OAAO,QAAA,GAAW;AAAA,KAC9D;AAEA,IAAA,qBAAA,CAAsB,KAAK,gBAAgB,CAAA;AAC3C,IAAA,OAAA,CAAQ,GAAA,CAAI,CAAA,8BAAA,EAA4B,MAAA,CAAO,IAAI,CAAA,CAAE,CAAA;AAAA,EACvD;AACF;AAKA,eAAsB,qBAAA,GAAqD;AACzE,EAAA,MAAM,WAAA,GAAkC,CAAC,GAAG,qBAAqB,CAAA;AAGjE,EAAA,IAAI,qBAAA,CAAsB,SAAS,CAAA,EAAG;AACpC,IAAA,OAAA,CAAQ,GAAA,CAAI,CAAA,gBAAA,EAAY,qBAAA,CAAsB,MAAM,CAAA,0CAAA,CAA4C,CAAA;AAAA,EAClG,CAAA,MAAO;AACL,IAAA,OAAA,CAAQ,IAAI,CAAA,uGAAA,CAA+F,CAAA;AAC3G,IAAA,OAAA,CAAQ,IAAI,CAAA,6EAAA,CAA+E,CAAA;AAC3F,IAAA,OAAA,CAAQ,IAAI,CAAA,+CAAA,CAAiD,CAAA;AAAA,EAC/D;AAEA,EAAA,IAAI;AAGF,IAAA,MAAM,OAAA,GAAW,YAAoB,IAAA,GAAO,gCAAA,EAAkC,EAAE,KAAA,EAAO,IAAA,EAAM,CAAA,IAAK,EAAC;AACnG,IAAA,IAAI,mBAAA,GAAsB,CAAA;AAE1B,IAAA,KAAA,MAAW,CAAC,IAAA,EAAM,MAAM,KAAK,MAAA,CAAO,OAAA,CAAQ,OAAO,CAAA,EAAG;AACpD,MAAA,IAAI;AACF,QAAA,MAAM,YAAA,GAAe,MAAA;AAErB,QAAA,IAAI,CAAC,aAAa,OAAA,EAAS;AACzB,UAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,gBAAA,EAAmB,IAAI,CAAA,iCAAA,CAAmC,CAAA;AACvE,UAAA;AAAA,QACF;AAEA,QAAA,MAAM,SAAS,YAAA,CAAa,OAAA;AAG5B,QAAA,IAAI,CAAC,OAAO,IAAA,IAAQ,CAAC,OAAO,WAAA,IAAe,CAAC,OAAO,MAAA,EAAQ;AACzD,UAAA,OAAA,CAAQ,KAAA,CAAM,CAAA,6BAAA,EAAgC,IAAI,CAAA,yBAAA,CAA2B,CAAA;AAC7E,UAAA;AAAA,QACF;AAGA,QAAA,MAAM,gBAAA,GAAqC;AAAA,UACzC,GAAG,MAAA;AAAA,UACH,OAAA,EAAS,MAAA,CAAO,OAAA,KAAY,KAAA,CAAA,GAAY,OAAO,OAAA,GAAU,IAAA;AAAA,UACzD,QAAA,EAAU,MAAA,CAAO,QAAA,KAAa,KAAA,CAAA,GAAY,OAAO,QAAA,GAAW;AAAA,SAC9D;AAEA,QAAA,WAAA,CAAY,KAAK,gBAAgB,CAAA;AACjC,QAAA,mBAAA,EAAA;AACA,QAAA,OAAA,CAAQ,GAAA,CAAI,CAAA,+BAAA,EAA6B,MAAA,CAAO,IAAI,CAAA,CAAE,CAAA;AAAA,MACxD,SAAS,KAAA,EAAO;AACd,QAAA,OAAA,CAAQ,KAAA,CAAM,CAAA,8BAAA,EAAiC,IAAI,CAAA,CAAA,CAAA,EAAK,KAAK,CAAA;AAAA,MAC/D;AAAA,IACF;AAEA,IAAA,OAAA,CAAQ,GAAA,CAAI,iCAA0B,WAAA,CAAY,MAAM,WAAW,qBAAA,CAAsB,MAAM,CAAA,WAAA,EAAc,mBAAmB,CAAA,WAAA,CAAa,CAAA;AAC7I,IAAA,OAAO,WAAA;AAAA,EACT,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,KAAA,CAAM,4CAA4C,KAAK,CAAA;AAC/D,IAAA,OAAO,WAAA;AAAA,EACT;AACF;AAOA,eAAsB,qBAAqB,IAAA,EAAgD;AACzF,EAAA,IAAI;AAGF,IAAA,OAAA,CAAQ,KAAK,uEAAuE,CAAA;AACpF,IAAA,OAAO,IAAA;AAAA,EACT,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,KAAA,CAAM,CAAA,yBAAA,EAA4B,IAAI,CAAA,CAAA,CAAA,EAAK,KAAK,CAAA;AACxD,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAKA,eAAsB,2BAAA,GAAiD;AACrE,EAAA,IAAI;AACF,IAAA,MAAM,OAAA,GAAW,MAAA,CAAA,IAAA,CAAoB,IAAA,GAAO,gCAAgC,KAAK,EAAC;AAClF,IAAA,MAAM,QAAkB,EAAC;AAEzB,IAAA,KAAA,MAAW,IAAA,IAAQ,MAAA,CAAO,IAAA,CAAK,OAAO,CAAA,EAAG;AAGvC,MAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,KAAA,CAAM,4BAA4B,CAAA;AACrD,MAAA,IAAI,KAAA,IAAS,KAAA,CAAM,CAAC,CAAA,EAAG;AACrB,QAAA,KAAA,CAAM,IAAA,CAAK,KAAA,CAAM,CAAC,CAAC,CAAA;AAAA,MACrB;AAAA,IACF;AAEA,IAAA,OAAO,KAAA;AAAA,EACT,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,KAAA,CAAM,mCAAmC,KAAK,CAAA;AACtD,IAAA,OAAO,EAAC;AAAA,EACV;AACF;AAKO,SAAS,yBAAyB,MAAA,EAAgE;AACvG,EAAA,MAAM,SAAmB,EAAC;AAG1B,EAAA,IAAI,CAAC,OAAO,IAAA,EAAM;AAChB,IAAA,MAAA,CAAO,KAAK,6BAA6B,CAAA;AAAA,EAC3C,WAAW,CAAC,eAAA,CAAgB,IAAA,CAAK,MAAA,CAAO,IAAI,CAAA,EAAG;AAC7C,IAAA,MAAA,CAAO,KAAK,wFAAwF,CAAA;AAAA,EACtG;AAEA,EAAA,IAAI,CAAC,OAAO,WAAA,EAAa;AACvB,IAAA,MAAA,CAAO,KAAK,0BAA0B,CAAA;AAAA,EACxC;AAEA,EAAA,IAAI,CAAC,OAAO,MAAA,EAAQ;AAClB,IAAA,MAAA,CAAO,KAAK,oBAAoB,CAAA;AAAA,EAClC,CAAA,MAAO;AAEL,IAAA,IAAI,MAAA,CAAO,MAAA,CAAO,IAAA,KAAS,QAAA,EAAU;AACnC,MAAA,MAAA,CAAO,KAAK,8BAA8B,CAAA;AAAA,IAC5C;AAEA,IAAA,IAAI,CAAC,OAAO,MAAA,CAAO,UAAA,IAAc,OAAO,MAAA,CAAO,MAAA,CAAO,eAAe,QAAA,EAAU;AAC7E,MAAA,MAAA,CAAO,KAAK,6BAA6B,CAAA;AAAA,IAC3C;AAGA,IAAA,KAAA,MAAW,CAAC,SAAA,EAAW,WAAW,CAAA,IAAK,MAAA,CAAO,OAAA,CAAQ,MAAA,CAAO,MAAA,CAAO,UAAA,IAAc,EAAE,CAAA,EAAG;AACrF,MAAA,IAAI,CAAC,YAAY,IAAA,EAAM;AACrB,QAAA,MAAA,CAAO,IAAA,CAAK,CAAA,OAAA,EAAU,SAAS,CAAA,iBAAA,CAAmB,CAAA;AAAA,MACpD;AAGA,MAAA,IAAI,WAAA,CAAY,IAAA,KAAS,WAAA,IAAe,CAAC,YAAY,UAAA,EAAY;AAC/D,QAAA,MAAA,CAAO,IAAA,CAAK,CAAA,iBAAA,EAAoB,SAAS,CAAA,gCAAA,CAAkC,CAAA;AAAA,MAC7E;AAEA,MAAA,MAAM,cAAc,WAAA,CAAY,YAAA;AAChC,MAAA,IAAI,gBAAgB,MAAA,EAAW;AAC7B,QAAA,IAAI,WAAA,CAAY,SAAS,QAAA,EAAU;AACjC,UAAA,MAAA,CAAO,IAAA,CAAK,CAAA,OAAA,EAAU,SAAS,CAAA,8CAAA,CAAgD,CAAA;AAAA,QACjF,CAAA,MAAA,IAAW,CAAC,CAAC,QAAA,EAAU,MAAM,CAAA,CAAE,QAAA,CAAS,WAAW,CAAA,EAAG;AACpD,UAAA,MAAA,CAAO,IAAA,CAAK,CAAA,cAAA,EAAiB,SAAS,CAAA,kDAAA,CAAoD,CAAA;AAAA,QAC5F;AAAA,MACF;AAGA,MAAA,IAAI,CAAC,QAAA,EAAU,aAAA,EAAe,OAAO,CAAA,CAAE,QAAA,CAAS,WAAA,CAAY,IAAI,CAAA,IAAK,CAAC,WAAA,CAAY,IAAA,EAAM;AACtF,QAAA,MAAA,CAAO,IAAA,CAAK,CAAA,cAAA,EAAiB,SAAS,CAAA,yBAAA,CAA2B,CAAA;AAAA,MACnE;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,KAAA,EAAO,OAAO,MAAA,KAAW,CAAA;AAAA,IACzB;AAAA,GACF;AACF;;;ACzLA,eAAsB,gBAAgB,EAAA,EAAiD;AACrF,EAAA,OAAA,CAAQ,IAAI,uCAAgC,CAAA;AAE5C,EAAA,MAAM,UAAkC,EAAC;AACzC,EAAA,MAAM,OAAA,GAAU,MAAM,qBAAA,EAAsB;AAE5C,EAAA,IAAI,OAAA,CAAQ,WAAW,CAAA,EAAG;AACxB,IAAA,OAAA,CAAQ,IAAI,kDAAwC,CAAA;AACpD,IAAA,OAAO,OAAA;AAAA,EACT;AAEA,EAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,IAAA,MAAM,MAAA,GAAS,MAAM,cAAA,CAAe,EAAA,EAAI,MAAM,CAAA;AAC9C,IAAA,OAAA,CAAQ,KAAK,MAAM,CAAA;AAAA,EACrB;AAEA,EAAA,MAAM,UAAU,OAAA,CAAQ,MAAA,CAAO,OAAK,CAAA,CAAE,MAAA,KAAW,SAAS,CAAA,CAAE,MAAA;AAC5D,EAAA,MAAM,UAAU,OAAA,CAAQ,MAAA,CAAO,OAAK,CAAA,CAAE,MAAA,KAAW,SAAS,CAAA,CAAE,MAAA;AAC5D,EAAA,MAAM,YAAY,OAAA,CAAQ,MAAA,CAAO,OAAK,CAAA,CAAE,MAAA,KAAW,WAAW,CAAA,CAAE,MAAA;AAChE,EAAA,MAAM,SAAS,OAAA,CAAQ,MAAA,CAAO,OAAK,CAAA,CAAE,MAAA,KAAW,OAAO,CAAA,CAAE,MAAA;AAEzD,EAAA,OAAA,CAAQ,GAAA,CAAI,oCAA+B,OAAO,CAAA,UAAA,EAAa,OAAO,CAAA,UAAA,EAAa,SAAS,CAAA,YAAA,EAAe,MAAM,CAAA,OAAA,CAAS,CAAA;AAE1H,EAAA,OAAO,OAAA;AACT;AAKA,eAAsB,cAAA,CAAe,IAAgB,MAAA,EAAyD;AAC5G,EAAA,IAAI;AAEF,IAAA,MAAM,UAAA,GAAa,yBAAyB,MAAM,CAAA;AAClD,IAAA,IAAI,CAAC,WAAW,KAAA,EAAO;AACrB,MAAA,OAAO;AAAA,QACL,MAAM,MAAA,CAAO,IAAA;AAAA,QACb,MAAA,EAAQ,OAAA;AAAA,QACR,OAAO,CAAA,mBAAA,EAAsB,UAAA,CAAW,MAAA,CAAO,IAAA,CAAK,IAAI,CAAC,CAAA;AAAA,OAC3D;AAAA,IACF;AAGA,IAAA,MAAM,YAAA,GAAe,EAAA,CAAG,OAAA,CAAQ,0CAA0C,CAAA;AAC1E,IAAA,MAAM,WAAW,MAAM,YAAA,CAAa,KAAK,MAAA,CAAO,IAAI,EAAE,KAAA,EAAM;AAE5D,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,IAAA,MAAM,YAAA,GAAe,QAAA,EAAU,EAAA,IAAM,CAAA,IAAA,EAAO,MAAA,CAAO,IAAI,CAAA,CAAA,EAAI,MAAA,CAAO,UAAA,EAAW,CAAE,KAAA,CAAM,CAAA,EAAG,CAAC,CAAC,CAAA,CAAA;AAG1F,IAAA,MAAM,UAAA,GAAa,IAAA,CAAK,SAAA,CAAU,MAAA,CAAO,MAAM,CAAA;AAC/C,IAAA,MAAM,QAAA,GAAW,MAAA,CAAO,QAAA,KAAa,KAAA,GAAQ,CAAA,GAAI,CAAA;AACjD,IAAA,MAAM,OAAA,GAAU,MAAA,CAAO,OAAA,KAAY,KAAA,GAAQ,CAAA,GAAI,CAAA;AAE/C,IAAA,IAAI,CAAC,QAAA,EAAU;AAEb,MAAA,MAAM,UAAA,GAAa,GAAG,OAAA,CAAQ;AAAA;AAAA;AAAA,MAAA,CAG7B,CAAA;AAED,MAAA,MAAM,UAAA,CAAW,IAAA;AAAA,QACf,YAAA;AAAA,QACA,MAAA,CAAO,IAAA;AAAA,QACP,MAAA,CAAO,WAAA;AAAA,QACP,OAAO,WAAA,IAAe,IAAA;AAAA,QACtB,UAAA;AAAA,QACA,QAAA;AAAA,QACA,OAAA;AAAA,QACA,GAAA;AAAA,QACA;AAAA,QACA,GAAA,EAAI;AAEN,MAAA,OAAA,CAAQ,GAAA,CAAI,CAAA,6BAAA,EAA2B,MAAA,CAAO,IAAI,CAAA,CAAE,CAAA;AAEpD,MAAA,OAAO;AAAA,QACL,MAAM,MAAA,CAAO,IAAA;AAAA,QACb,MAAA,EAAQ,SAAA;AAAA,QACR,OAAA,EAAS,CAAA,oBAAA,EAAuB,MAAA,CAAO,WAAW,CAAA,CAAA;AAAA,OACpD;AAAA,IACF,CAAA,MAAO;AAEL,MAAA,MAAM,iBAAiB,QAAA,CAAS,MAAA,GAAS,KAAK,SAAA,CAAU,QAAA,CAAS,MAAM,CAAA,GAAI,IAAA;AAC3E,MAAA,MAAM,sBAAsB,QAAA,CAAS,YAAA;AACrC,MAAA,MAAM,sBAAsB,QAAA,CAAS,WAAA;AACrC,MAAA,MAAM,mBAAmB,QAAA,CAAS,SAAA;AAClC,MAAA,MAAM,kBAAkB,QAAA,CAAS,OAAA;AAEjC,MAAA,MAAM,WAAA,GACJ,UAAA,KAAe,cAAA,IACf,MAAA,CAAO,WAAA,KAAgB,mBAAA,IAAA,CACtB,MAAA,CAAO,WAAA,IAAe,IAAA,MAAU,mBAAA,IACjC,QAAA,KAAa,gBAAA,IACb,OAAA,KAAY,eAAA;AAEd,MAAA,IAAI,CAAC,WAAA,EAAa;AAChB,QAAA,OAAO;AAAA,UACL,MAAM,MAAA,CAAO,IAAA;AAAA,UACb,MAAA,EAAQ,WAAA;AAAA,UACR,OAAA,EAAS,CAAA,YAAA,EAAe,MAAA,CAAO,WAAW,CAAA,eAAA;AAAA,SAC5C;AAAA,MACF;AAGA,MAAA,MAAM,UAAA,GAAa,GAAG,OAAA,CAAQ;AAAA;AAAA;AAAA;AAAA,MAAA,CAI7B,CAAA;AAED,MAAA,MAAM,UAAA,CAAW,IAAA;AAAA,QACf,MAAA,CAAO,WAAA;AAAA,QACP,OAAO,WAAA,IAAe,IAAA;AAAA,QACtB,UAAA;AAAA,QACA,QAAA;AAAA,QACA,OAAA;AAAA,QACA,GAAA;AAAA,QACA,MAAA,CAAO;AAAA,QACP,GAAA,EAAI;AAEN,MAAA,OAAA,CAAQ,GAAA,CAAI,CAAA,6BAAA,EAA2B,MAAA,CAAO,IAAI,CAAA,CAAE,CAAA;AAEpD,MAAA,OAAO;AAAA,QACL,MAAM,MAAA,CAAO,IAAA;AAAA,QACb,MAAA,EAAQ,SAAA;AAAA,QACR,OAAA,EAAS,CAAA,oBAAA,EAAuB,MAAA,CAAO,WAAW,CAAA,CAAA;AAAA,OACpD;AAAA,IACF;AAAA,EACF,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,KAAA,CAAM,CAAA,kCAAA,EAAgC,MAAA,CAAO,IAAI,KAAK,KAAK,CAAA;AAEnE,IAAA,OAAO;AAAA,MACL,MAAM,MAAA,CAAO,IAAA;AAAA,MACb,MAAA,EAAQ,OAAA;AAAA,MACR,KAAA,EAAO,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU;AAAA,KAClD;AAAA,EACF;AACF;AAKA,eAAsB,mBAAA,CAAoB,IAAgB,cAAA,EAA0C;AAClG,EAAA,IAAI;AACF,IAAA,MAAM,IAAA,GAAO,EAAA,CAAG,OAAA,CAAQ,gDAAgD,CAAA;AACxE,IAAA,MAAM,SAAS,MAAM,IAAA,CAAK,IAAA,CAAK,cAAc,EAAE,KAAA,EAAM;AAErD,IAAA,OAAO,QAAQ,OAAA,KAAY,CAAA;AAAA,EAC7B,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,KAAA,CAAM,4CAA4C,KAAK,CAAA;AAC/D,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAKA,eAAsB,sBAAsB,EAAA,EAAmC;AAC7E,EAAA,IAAI;AACF,IAAA,MAAM,IAAA,GAAO,EAAA,CAAG,OAAA,CAAQ,gDAAgD,CAAA;AACxE,IAAA,MAAM,EAAE,OAAA,EAAQ,GAAI,MAAM,KAAK,GAAA,EAAI;AAEnC,IAAA,OAAA,CAAQ,WAAW,EAAC,EAAG,IAAI,CAAC,GAAA,KAAa,IAAI,IAAI,CAAA;AAAA,EACnD,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,KAAA,CAAM,sCAAsC,KAAK,CAAA;AACzD,IAAA,OAAO,EAAC;AAAA,EACV;AACF;AAMA,eAAsB,0BAA0B,EAAA,EAAmC;AACjF,EAAA,IAAI;AACF,IAAA,MAAM,OAAA,GAAU,MAAM,qBAAA,EAAsB;AAC5C,IAAA,MAAM,WAAA,GAAc,IAAI,GAAA,CAAI,OAAA,CAAQ,IAAI,CAAA,CAAA,KAAK,CAAA,CAAE,IAAI,CAAC,CAAA;AACpD,IAAA,MAAM,kBAAA,GAAqB,MAAM,qBAAA,CAAsB,EAAE,CAAA;AACzD,IAAA,MAAM,UAAoB,EAAC;AAE3B,IAAA,KAAA,MAAW,eAAe,kBAAA,EAAoB;AAC5C,MAAA,IAAI,CAAC,WAAA,CAAY,GAAA,CAAI,WAAW,CAAA,EAAG;AAGjC,QAAA,MAAM,UAAA,GAAa,GAAG,OAAA,CAAQ;AAAA;AAAA;AAAA;AAAA,QAAA,CAI7B,CAAA;AAED,QAAA,MAAM,WAAW,IAAA,CAAK,IAAA,CAAK,KAAI,EAAG,WAAW,EAAE,GAAA,EAAI;AACnD,QAAA,OAAA,CAAQ,KAAK,WAAW,CAAA;AACxB,QAAA,OAAA,CAAQ,GAAA,CAAI,CAAA,gDAAA,EAAyC,WAAW,CAAA,CAAE,CAAA;AAAA,MACpE;AAAA,IACF;AAEA,IAAA,OAAO,OAAA;AAAA,EACT,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,KAAA,CAAM,0CAA0C,KAAK,CAAA;AAC7D,IAAA,OAAO,EAAC;AAAA,EACV;AACF;AAKA,eAAsB,mBAAmB,EAAA,EAGtC;AACD,EAAA,MAAM,OAAA,GAAU,MAAM,eAAA,CAAgB,EAAE,CAAA;AACxC,EAAA,MAAM,OAAA,GAAU,MAAM,yBAAA,CAA0B,EAAE,CAAA;AAElD,EAAA,OAAO,EAAE,SAAS,OAAA,EAAQ;AAC5B;;;AC/LO,IAAM,gBAAN,MAAoB;AAAA,EACzB,YAAoB,EAAA,EAAgB;AAAhB,IAAA,IAAA,CAAA,EAAA,GAAA,EAAA;AAAA,EAAiB;AAAA,EAErC,MAAM,aAAA,GAAuC;AAE3C,IAAA,MAAM,KAAK,qBAAA,EAAsB;AAEjC,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,EAAA,CAAG,OAAA,CAAQ;AAAA;AAAA;AAAA,IAAA,CAG5B,CAAA;AAED,IAAA,MAAM,EAAE,OAAA,EAAQ,GAAI,MAAM,KAAK,GAAA,EAAI;AACnC,IAAA,OAAA,CAAQ,OAAA,IAAW,EAAC,EAAG,GAAA,CAAI,KAAK,eAAe,CAAA;AAAA,EACjD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAc,qBAAA,GAAuC;AAGnD,IAAA,OAAA,CAAQ,IAAI,gFAAgF,CAAA;AAAA,EAC9F;AAAA,EAEA,MAAM,UAAU,QAAA,EAA8C;AAC5D,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,EAAA,CAAG,OAAA,CAAQ,oCAAoC,CAAA;AACjE,IAAA,MAAM,SAAS,MAAM,IAAA,CAAK,IAAA,CAAK,QAAQ,EAAE,KAAA,EAAM;AAE/C,IAAA,IAAI,CAAC,QAAQ,OAAO,IAAA;AACpB,IAAA,OAAO,IAAA,CAAK,gBAAgB,MAAM,CAAA;AAAA,EACpC;AAAA,EAEA,MAAM,gBAAgB,IAAA,EAA0C;AAC9D,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,EAAA,CAAG,OAAA,CAAQ,sCAAsC,CAAA;AACnE,IAAA,MAAM,SAAS,MAAM,IAAA,CAAK,IAAA,CAAK,IAAI,EAAE,KAAA,EAAM;AAE3C,IAAA,IAAI,CAAC,QAAQ,OAAO,IAAA;AACpB,IAAA,OAAO,IAAA,CAAK,gBAAgB,MAAM,CAAA;AAAA,EACpC;AAAA,EAEA,MAAM,cAAA,GAAuC;AAC3C,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,EAAA,CAAG,OAAA,CAAQ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAAA,CAO5B,CAAA;AAED,IAAA,MAAM,KAAA,GAAQ,MAAM,IAAA,CAAK,KAAA,EAAM;AAC/B,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,MAAM,KAAA,IAAS,CAAA;AAAA,MACtB,MAAA,EAAQ,MAAM,MAAA,IAAU,CAAA;AAAA,MACxB,QAAA,EAAU,MAAM,QAAA,IAAY,CAAA;AAAA,MAC5B,MAAA,EAAQ,MAAM,MAAA,IAAU,CAAA;AAAA,MACxB,WAAA,EAAa;AAAA,KACf;AAAA,EACF;AAAA,EAEA,MAAM,cAAc,UAAA,EAAsD;AACxE,IAAA,MAAM,KAAK,UAAA,CAAW,EAAA,IAAM,CAAA,OAAA,EAAU,IAAA,CAAK,KAAK,CAAA,CAAA;AAChD,IAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AAExC,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,EAAA,CAAG,OAAA,CAAQ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAAA,CAM5B,CAAA;AAED,IAAA,MAAM,IAAA,CAAK,IAAA;AAAA,MACT,EAAA;AAAA,MACA,WAAW,IAAA,IAAQ,EAAA;AAAA,MACnB,WAAW,YAAA,IAAgB,gBAAA;AAAA,MAC3B,WAAW,WAAA,IAAe,EAAA;AAAA,MAC1B,WAAW,OAAA,IAAW,OAAA;AAAA,MACtB,WAAW,MAAA,IAAU,SAAA;AAAA,MACrB,WAAW,QAAA,IAAY,WAAA;AAAA,MACvB,WAAW,IAAA,IAAQ,WAAA;AAAA,MACnB,UAAA;AAAA,MACA,WAAW,OAAA,IAAW,KAAA;AAAA,MACtB,IAAA,CAAK,SAAA,CAAU,UAAA,CAAW,QAAA,IAAY,EAAE,CAAA;AAAA,MACxC,IAAA,CAAK,SAAA,CAAU,UAAA,CAAW,WAAA,IAAe,EAAE,CAAA;AAAA,MAC3C,IAAA,CAAK,SAAA,CAAU,UAAA,CAAW,YAAA,IAAgB,EAAE,CAAA;AAAA,MAC5C,WAAW,cAAA,IAAkB,CAAA;AAAA,MAC7B,WAAW,MAAA,IAAU,CAAA;AAAA,MACrB,GAAA;AAAA,MACA;AAAA,MACA,GAAA,EAAI;AAGN,IAAA,MAAM,IAAA,CAAK,YAAY,EAAA,EAAI,WAAA,EAAa,MAAM,EAAE,OAAA,EAAS,UAAA,CAAW,OAAA,EAAS,CAAA;AAE7E,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,SAAA,CAAU,EAAE,CAAA;AACzC,IAAA,IAAI,CAAC,SAAA,EAAW,MAAM,IAAI,MAAM,0BAA0B,CAAA;AAE1D,IAAA,OAAO,SAAA;AAAA,EACT;AAAA,EAEA,MAAM,gBAAgB,QAAA,EAAiC;AACrD,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,SAAA,CAAU,QAAQ,CAAA;AAC5C,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,kBAAkB,CAAA;AAC/C,IAAA,IAAI,MAAA,CAAO,OAAA,EAAS,MAAM,IAAI,MAAM,+BAA+B,CAAA;AAGnE,IAAA,IAAI,MAAA,CAAO,WAAW,QAAA,EAAU;AAC9B,MAAA,MAAM,IAAA,CAAK,iBAAiB,QAAQ,CAAA;AAAA,IACtC;AAGA,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,EAAA,CAAG,OAAA,CAAQ,kCAAkC,CAAA;AAC/D,IAAA,MAAM,IAAA,CAAK,IAAA,CAAK,QAAQ,CAAA,CAAE,GAAA,EAAI;AAG9B,IAAA,MAAM,IAAA,CAAK,YAAY,QAAA,EAAU,aAAA,EAAe,MAAM,EAAE,IAAA,EAAM,MAAA,CAAO,IAAA,EAAM,CAAA;AAAA,EAC7E;AAAA,EAEA,MAAM,eAAe,QAAA,EAAiC;AACpD,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,SAAA,CAAU,QAAQ,CAAA;AAC5C,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,kBAAkB,CAAA;AAG/C,IAAA,IAAI,MAAA,CAAO,YAAA,IAAgB,MAAA,CAAO,YAAA,CAAa,SAAS,CAAA,EAAG;AACzD,MAAA,MAAM,IAAA,CAAK,iBAAA,CAAkB,MAAA,CAAO,YAAY,CAAA;AAAA,IAClD;AAEA,IAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACxC,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,EAAA,CAAG,OAAA,CAAQ;AAAA;AAAA;AAAA;AAAA,IAAA,CAI5B,CAAA;AAED,IAAA,MAAM,IAAA,CAAK,IAAA,CAAK,GAAA,EAAK,QAAQ,EAAE,GAAA,EAAI;AAGnC,IAAA,MAAM,IAAA,CAAK,WAAA,CAAY,QAAA,EAAU,WAAA,EAAa,IAAI,CAAA;AAAA,EACpD;AAAA,EAEA,MAAM,iBAAiB,QAAA,EAAiC;AACtD,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,SAAA,CAAU,QAAQ,CAAA;AAC5C,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,kBAAkB,CAAA;AAG/C,IAAA,MAAM,IAAA,CAAK,eAAA,CAAgB,MAAA,CAAO,IAAI,CAAA;AAEtC,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,EAAA,CAAG,OAAA,CAAQ;AAAA;AAAA;AAAA;AAAA,IAAA,CAI5B,CAAA;AAED,IAAA,MAAM,IAAA,CAAK,IAAA,CAAK,QAAQ,CAAA,CAAE,GAAA,EAAI;AAG9B,IAAA,MAAM,IAAA,CAAK,WAAA,CAAY,QAAA,EAAU,aAAA,EAAe,IAAI,CAAA;AAAA,EACtD;AAAA,EAEA,MAAM,oBAAA,CAAqB,QAAA,EAAkB,QAAA,EAA8B;AACzE,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,SAAA,CAAU,QAAQ,CAAA;AAC5C,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,kBAAkB,CAAA;AAE/C,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,EAAA,CAAG,OAAA,CAAQ;AAAA;AAAA;AAAA;AAAA,IAAA,CAI5B,CAAA;AAED,IAAA,MAAM,IAAA,CAAK,KAAK,IAAA,CAAK,SAAA,CAAU,QAAQ,CAAA,EAAG,QAAQ,EAAE,GAAA,EAAI;AAGxD,IAAA,MAAM,IAAA,CAAK,WAAA,CAAY,QAAA,EAAU,kBAAA,EAAoB,IAAI,CAAA;AAAA,EAC3D;AAAA,EAEA,MAAM,cAAA,CAAe,QAAA,EAAkB,KAAA,EAA8B;AACnE,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,EAAA,CAAG,OAAA,CAAQ;AAAA;AAAA;AAAA;AAAA,IAAA,CAI5B,CAAA;AAED,IAAA,MAAM,IAAA,CAAK,IAAA,CAAK,KAAA,EAAO,QAAQ,EAAE,GAAA,EAAI;AAGrC,IAAA,MAAM,KAAK,WAAA,CAAY,QAAA,EAAU,SAAS,IAAA,EAAM,EAAE,OAAO,CAAA;AAAA,EAC3D;AAAA,EAEA,MAAM,iBAAA,CAAkB,QAAA,EAAkB,KAAA,GAAgB,EAAA,EAAoB;AAC5E,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,EAAA,CAAG,OAAA,CAAQ;AAAA;AAAA;AAAA;AAAA;AAAA,IAAA,CAK5B,CAAA;AAED,IAAA,MAAM,EAAE,SAAQ,GAAI,MAAM,KAAK,IAAA,CAAK,QAAA,EAAU,KAAK,CAAA,CAAE,GAAA,EAAI;AACzD,IAAA,OAAA,CAAQ,OAAA,IAAW,EAAC,EAAG,GAAA,CAAI,CAAC,GAAA,MAAc;AAAA,MACxC,IAAI,GAAA,CAAI,EAAA;AAAA,MACR,QAAQ,GAAA,CAAI,MAAA;AAAA,MACZ,QAAQ,GAAA,CAAI,OAAA;AAAA,MACZ,SAAS,GAAA,CAAI,OAAA,GAAU,KAAK,KAAA,CAAM,GAAA,CAAI,OAAO,CAAA,GAAI,IAAA;AAAA,MACjD,WAAW,GAAA,CAAI;AAAA,KACjB,CAAE,CAAA;AAAA,EACJ;AAAA,EAEA,MAAM,YAAA,CAAa,QAAA,EAAkB,QAAA,EAAkB,WAAA,EAAqB,WAAmB,EAAA,EAAmB;AAChH,IAAA,MAAM,EAAA,GAAK,CAAA,KAAA,EAAQ,IAAA,CAAK,GAAA,EAAK,CAAA,CAAA;AAC7B,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,EAAA,CAAG,OAAA,CAAQ;AAAA;AAAA;AAAA,IAAA,CAG5B,CAAA;AAED,IAAA,MAAM,IAAA,CAAK,KAAK,EAAA,EAAI,QAAA,EAAU,UAAU,WAAA,EAAa,QAAQ,EAAE,GAAA,EAAI;AAAA,EACrE;AAAA,EAEA,MAAM,aAAA,CAAc,QAAA,EAAkB,IAAA,EAAc,MAAA,EAAgB,aAAqB,UAAA,EAAmC;AAC1H,IAAA,MAAM,EAAA,GAAK,CAAA,MAAA,EAAS,IAAA,CAAK,GAAA,EAAK,CAAA,CAAA;AAC9B,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,EAAA,CAAG,OAAA,CAAQ;AAAA;AAAA;AAAA,IAAA,CAG5B,CAAA;AAED,IAAA,MAAM,IAAA,CAAK,IAAA;AAAA,MACT,EAAA;AAAA,MACA,QAAA;AAAA,MACA,IAAA;AAAA,MACA,MAAA;AAAA,MACA,WAAA;AAAA,MACA,IAAA,CAAK,SAAA,CAAU,UAAA,IAAc,EAAE;AAAA,MAC/B,GAAA,EAAI;AAAA,EACR;AAAA,EAEA,MAAM,eAAe,QAAA,EAAkC;AACrD,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,EAAA,CAAG,OAAA,CAAQ;AAAA;AAAA;AAAA;AAAA,IAAA,CAI5B,CAAA;AAED,IAAA,MAAM,EAAE,SAAQ,GAAI,MAAM,KAAK,IAAA,CAAK,QAAQ,EAAE,GAAA,EAAI;AAClD,IAAA,OAAO,WAAW,EAAC;AAAA,EACrB;AAAA,EAEA,MAAM,gBAAgB,QAAA,EAAkC;AACtD,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,EAAA,CAAG,OAAA,CAAQ;AAAA;AAAA;AAAA,IAAA,CAG5B,CAAA;AAED,IAAA,MAAM,EAAE,SAAQ,GAAI,MAAM,KAAK,IAAA,CAAK,QAAQ,EAAE,GAAA,EAAI;AAClD,IAAA,OAAO,WAAW,EAAC;AAAA,EACrB;AAAA,EAEA,MAAc,kBAAkB,YAAA,EAAuC;AACrE,IAAA,KAAA,MAAW,OAAO,YAAA,EAAc;AAC9B,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,eAAA,CAAgB,GAAG,CAAA;AAC7C,MAAA,IAAI,CAAC,MAAA,IAAU,MAAA,CAAO,MAAA,KAAW,QAAA,EAAU;AACzC,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,qBAAA,EAAwB,GAAG,CAAA,eAAA,CAAiB,CAAA;AAAA,MAC9D;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAc,gBAAgB,UAAA,EAAmC;AAC/D,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,EAAA,CAAG,OAAA,CAAQ;AAAA;AAAA;AAAA;AAAA,IAAA,CAI5B,CAAA;AAED,IAAA,MAAM,EAAE,OAAA,EAAQ,GAAI,MAAM,IAAA,CAAK,KAAK,CAAA,EAAA,EAAK,UAAU,CAAA,EAAA,CAAI,CAAA,CAAE,GAAA,EAAI;AAC7D,IAAA,IAAI,OAAA,IAAW,OAAA,CAAQ,MAAA,GAAS,CAAA,EAAG;AACjC,MAAA,MAAM,KAAA,GAAQ,QAAQ,GAAA,CAAI,CAAC,MAAW,CAAA,CAAE,YAAY,CAAA,CAAE,IAAA,CAAK,IAAI,CAAA;AAC/D,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,6DAAA,EAAgE,KAAK,CAAA,CAAE,CAAA;AAAA,IACzF;AAAA,EACF;AAAA,EAEA,MAAc,WAAA,CAAY,QAAA,EAAkB,MAAA,EAAgB,QAAuB,OAAA,EAA8B;AAC/G,IAAA,MAAM,EAAA,GAAK,CAAA,SAAA,EAAY,IAAA,CAAK,GAAA,EAAK,CAAA,CAAA;AACjC,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,EAAA,CAAG,OAAA,CAAQ;AAAA;AAAA;AAAA,IAAA,CAG5B,CAAA;AAED,IAAA,MAAM,IAAA,CAAK,IAAA;AAAA,MACT,EAAA;AAAA,MACA,QAAA;AAAA,MACA,MAAA;AAAA,MACA,MAAA;AAAA,MACA,OAAA,GAAU,IAAA,CAAK,SAAA,CAAU,OAAO,CAAA,GAAI;AAAA,MACpC,GAAA,EAAI;AAAA,EACR;AAAA,EAEQ,gBAAgB,GAAA,EAAsB;AAC5C,IAAA,OAAO;AAAA,MACL,IAAI,GAAA,CAAI,EAAA;AAAA,MACR,MAAM,GAAA,CAAI,IAAA;AAAA,MACV,cAAc,GAAA,CAAI,YAAA;AAAA,MAClB,aAAa,GAAA,CAAI,WAAA;AAAA,MACjB,SAAS,GAAA,CAAI,OAAA;AAAA,MACb,QAAQ,GAAA,CAAI,MAAA;AAAA,MACZ,UAAU,GAAA,CAAI,QAAA;AAAA,MACd,MAAM,GAAA,CAAI,IAAA;AAAA,MACV,QAAQ,GAAA,CAAI,MAAA;AAAA,MACZ,OAAA,EAAS,IAAI,OAAA,KAAY,CAAA;AAAA,MACzB,UAAU,GAAA,CAAI,QAAA,GAAW,KAAK,KAAA,CAAM,GAAA,CAAI,QAAQ,CAAA,GAAI,MAAA;AAAA,MACpD,aAAa,GAAA,CAAI,WAAA,GAAc,KAAK,KAAA,CAAM,GAAA,CAAI,WAAW,CAAA,GAAI,MAAA;AAAA,MAC7D,cAAc,GAAA,CAAI,YAAA,GAAe,KAAK,KAAA,CAAM,GAAA,CAAI,YAAY,CAAA,GAAI,MAAA;AAAA,MAChE,cAAA,EAAgB,IAAI,cAAA,IAAkB,CAAA;AAAA,MACtC,MAAA,EAAQ,IAAI,MAAA,IAAU,CAAA;AAAA,MACtB,cAAc,GAAA,CAAI,YAAA;AAAA,MAClB,cAAc,GAAA,CAAI,YAAA;AAAA,MAClB,cAAc,GAAA,CAAI,YAAA;AAAA,MAClB,eAAe,GAAA,CAAI;AAAA,KACrB;AAAA,EACF;AACF;;;ACpVO,IAAM,yBAAN,MAA6B;AAAA,EAGlC,YAAoB,EAAA,EAAgB;AAAhB,IAAA,IAAA,CAAA,EAAA,GAAA,EAAA;AAClB,IAAA,IAAA,CAAK,aAAA,GAAgB,IAAI,aAAA,CAAc,EAAE,CAAA;AAAA,EAC3C;AAAA,EAJQ,aAAA;AAAA;AAAA;AAAA;AAAA,EASS,YAAA,GAA6B;AAAA,IAC5C;AAAA,MACE,EAAA,EAAI,WAAA;AAAA,MACJ,IAAA,EAAM,WAAA;AAAA,MACN,YAAA,EAAc,uBAAA;AAAA,MACd,WAAA,EAAa,gDAAA;AAAA,MACb,OAAA,EAAS,OAAA;AAAA,MACT,MAAA,EAAQ,cAAA;AAAA,MACR,QAAA,EAAU,UAAA;AAAA,MACV,IAAA,EAAM,WAAA;AAAA,MACN,WAAA,EAAa,CAAC,cAAA,EAAgB,cAAA,EAAgB,oBAAoB,CAAA;AAAA,MAClE,cAAc,EAAC;AAAA,MACf,QAAA,EAAU;AAAA,QACR,cAAA,EAAgB;AAAA,UACd,KAAA,EAAO,EAAE,QAAA,EAAU,IAAA,EAAM,WAAW,CAAA,EAAG,KAAA,EAAO,OAAA,EAAS,IAAA,EAAM,OAAA,EAAQ;AAAA,UACrE,QAAA,EAAU,EAAE,QAAA,EAAU,IAAA,EAAM,WAAW,CAAA,EAAG,KAAA,EAAO,UAAA,EAAY,IAAA,EAAM,UAAA,EAAW;AAAA,UAC9E,QAAA,EAAU,EAAE,QAAA,EAAU,IAAA,EAAM,WAAW,CAAA,EAAG,KAAA,EAAO,UAAA,EAAY,IAAA,EAAM,MAAA,EAAO;AAAA,UAC1E,SAAA,EAAW,EAAE,QAAA,EAAU,IAAA,EAAM,WAAW,CAAA,EAAG,KAAA,EAAO,YAAA,EAAc,IAAA,EAAM,MAAA,EAAO;AAAA,UAC7E,QAAA,EAAU,EAAE,QAAA,EAAU,IAAA,EAAM,WAAW,CAAA,EAAG,KAAA,EAAO,WAAA,EAAa,IAAA,EAAM,MAAA;AAAO,SAC7E;AAAA,QACA,UAAA,EAAY;AAAA,UACV,WAAA,EAAa,IAAA;AAAA,UACb,uBAAA,EAAyB,KAAA;AAAA,UACzB,oBAAA,EAAsB;AAAA,YACpB,gBAAA,EAAkB,KAAA;AAAA,YAClB,gBAAA,EAAkB,KAAA;AAAA,YAClB,cAAA,EAAgB,KAAA;AAAA,YAChB,mBAAA,EAAqB;AAAA;AACvB,SACF;AAAA,QACA,YAAA,EAAc;AAAA,UACZ,OAAA,EAAS,IAAA;AAAA,UACT,wBAAA,EAA0B,KAAA;AAAA,UAC1B,WAAA,EAAa;AAAA;AACf;AACF,KACF;AAAA,IACA;AAAA,MACE,EAAA,EAAI,YAAA;AAAA,MACJ,IAAA,EAAM,YAAA;AAAA,MACN,YAAA,EAAc,eAAA;AAAA,MACd,WAAA,EAAa,yCAAA;AAAA,MACb,OAAA,EAAS,OAAA;AAAA,MACT,MAAA,EAAQ,cAAA;AAAA,MACR,QAAA,EAAU,OAAA;AAAA,MACV,IAAA,EAAM,WAAA;AAAA,MACN,WAAA,EAAa,CAAC,cAAA,EAAgB,cAAc,CAAA;AAAA,MAC5C,cAAc,EAAC;AAAA,MACf,UAAU;AAAC,KACb;AAAA,IACA;AAAA,MACE,EAAA,EAAI,gBAAA;AAAA,MACJ,IAAA,EAAM,gBAAA;AAAA,MACN,YAAA,EAAc,gBAAA;AAAA,MACd,WAAA,EACE,sEAAA;AAAA,MACF,OAAA,EAAS,OAAA;AAAA,MACT,MAAA,EAAQ,cAAA;AAAA,MACR,QAAA,EAAU,QAAA;AAAA,MACV,IAAA,EAAM,iBAAA;AAAA,MACN,WAAA,EAAa,CAAC,iBAAA,EAAmB,OAAO,CAAA;AAAA,MACxC,cAAc,EAAC;AAAA,MACf,QAAA,EAAU;AAAA,QACR,cAAA,EAAgB,IAAA;AAAA,QAChB,YAAA,EAAc,IAAA;AAAA,QACd,gBAAA,EAAkB,IAAA;AAAA,QAClB,mBAAA,EAAqB;AAAA;AACvB,KACF;AAAA,IACA;AAAA,MACE,EAAA,EAAI,WAAA;AAAA,MACJ,IAAA,EAAM,WAAA;AAAA,MACN,YAAA,EAAc,WAAA;AAAA,MACd,WAAA,EACE,0EAAA;AAAA,MACF,OAAA,EAAS,OAAA;AAAA,MACT,MAAA,EAAQ,cAAA;AAAA,MACR,QAAA,EAAU,aAAA;AAAA,MACV,IAAA,EAAM,WAAA;AAAA,MACN,WAAA,EAAa,CAAC,OAAO,CAAA;AAAA,MACrB,cAAc,EAAC;AAAA,MACf,QAAA,EAAU;AAAA,QACR,SAAA,EAAW,EAAA;AAAA,QACX,YAAA,EAAc,GAAA;AAAA,QACd,eAAA,EAAiB;AAAA;AACnB,KACF;AAAA,IACA;AAAA,MACE,EAAA,EAAI,YAAA;AAAA,MACJ,IAAA,EAAM,YAAA;AAAA,MACN,YAAA,EAAc,cAAA;AAAA,MACd,WAAA,EACE,kEAAA;AAAA,MACF,OAAA,EAAS,OAAA;AAAA,MACT,MAAA,EAAQ,cAAA;AAAA,MACR,QAAA,EAAU,aAAA;AAAA,MACV,IAAA,EAAM,QAAA;AAAA,MACN,WAAA,EAAa,CAAC,cAAA,EAAgB,YAAY,CAAA;AAAA,MAC1C,cAAc,EAAC;AAAA,MACf,QAAA,EAAU;AAAA,QACR,iBAAA,EAAmB,IAAA;AAAA,QACnB,aAAA,EAAe,IAAA;AAAA,QACf,mBAAA,EAAqB,IAAA;AAAA,QACrB,UAAA,EAAY;AAAA;AACd,KACF;AAAA,IACA;AAAA,MACE,EAAA,EAAI,iBAAA;AAAA,MACJ,IAAA,EAAM,iBAAA;AAAA,MACN,YAAA,EAAc,qBAAA;AAAA,MACd,WAAA,EACE,8EAAA;AAAA,MACF,OAAA,EAAS,cAAA;AAAA,MACT,MAAA,EAAQ,cAAA;AAAA,MACR,QAAA,EAAU,SAAA;AAAA,MACV,IAAA,EAAM,WAAA;AAAA,MACN,WAAA,EAAa,CAAC,kBAAA,EAAoB,gBAAA,EAAkB,oBAAoB,CAAA;AAAA,MACxE,YAAA,EAAc,CAAC,gBAAgB,CAAA;AAAA,MAC/B,QAAA,EAAU;AAAA,QACR,oBAAA,EAAsB,IAAA;AAAA,QACtB,gBAAA,EAAkB,IAAA;AAAA,QAClB,gBAAA,EAAkB,IAAA;AAAA,QAClB,mBAAA,EAAqB;AAAA;AACvB,KACF;AAAA,IACA;AAAA,MACE,EAAA,EAAI,UAAA;AAAA,MACJ,IAAA,EAAM,UAAA;AAAA,MACN,YAAA,EAAc,gBAAA;AAAA,MACd,WAAA,EAAa,mEAAA;AAAA,MACb,OAAA,EAAS,OAAA;AAAA,MACT,MAAA,EAAQ,cAAA;AAAA,MACR,QAAA,EAAU,QAAA;AAAA,MACV,IAAA,EAAM,cAAA;AAAA,MACN,aAAa,EAAC;AAAA,MACd,cAAc,EAAC;AAAA,MACf,QAAA,EAAU;AAAA,QACR,aAAA,EAAe,GAAA;AAAA,QACf,OAAA,EAAS,MAAA;AAAA,QACT,WAAA,EAAa;AAAA;AACf,KACF;AAAA,IACA;AAAA,MACE,EAAA,EAAI,WAAA;AAAA,MACJ,IAAA,EAAM,kBAAA;AAAA,MACN,YAAA,EAAc,WAAA;AAAA,MACd,WAAA,EAAa,sIAAA;AAAA,MACb,OAAA,EAAS,OAAA;AAAA,MACT,MAAA,EAAQ,cAAA;AAAA,MACR,QAAA,EAAU,QAAA;AAAA,MACV,IAAA,EAAM,WAAA;AAAA,MACN,WAAA,EAAa,CAAC,gBAAA,EAAkB,cAAA,EAAgB,cAAc,CAAA;AAAA,MAC9D,cAAc,EAAC;AAAA,MACf,QAAA,EAAU;AAAA,QACR,OAAA,EAAS,KAAA;AAAA,QACT,eAAA,EAAiB,IAAA;AAAA,QACjB,sBAAsB,EAAC;AAAA,QACvB,uBAAuB,EAAC;AAAA,QACxB,oBAAA,EAAsB,IAAA;AAAA,QACtB,cAAA,EAAgB,CAAA;AAAA,QAChB,aAAA,EAAe,EAAA;AAAA,QACf,WAAA,EAAa;AAAA;AACf;AACF,GACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,oBAAA,GAAsC;AAC1C,IAAA,OAAA,CAAQ,IAAI,6DAA6D,CAAA;AAEzE,IAAA,IAAI;AAEF,MAAA,KAAA,MAAW,UAAA,IAAc,KAAK,YAAA,EAAc;AAC1C,QAAA,MAAM,IAAA,CAAK,sBAAsB,UAAU,CAAA;AAAA,MAC7C;AAEA,MAAA,OAAA,CAAQ,GAAA;AAAA,QACN;AAAA,OACF;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,oDAAoD,KAAK,CAAA;AACvE,MAAA,MAAM,KAAA;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,sBAAsB,MAAA,EAAmC;AACrE,IAAA,IAAI;AAEF,MAAA,MAAM,iBAAiB,MAAM,IAAA,CAAK,aAAA,CAAc,SAAA,CAAU,OAAO,EAAE,CAAA;AAEnE,MAAA,IAAI,cAAA,EAAgB;AAClB,QAAA,OAAA,CAAQ,GAAA;AAAA,UACN,CAAA,4CAAA,EAA+C,MAAA,CAAO,YAAY,CAAA,UAAA,EAAa,eAAe,MAAM,CAAA,CAAA;AAAA,SACtG;AAGA,QAAA,IAAI,cAAA,CAAe,OAAA,KAAY,MAAA,CAAO,OAAA,EAAS;AAC7C,UAAA,OAAA,CAAQ,GAAA;AAAA,YACN,CAAA,2CAAA,EAA8C,OAAO,YAAY,CAAA,MAAA,EAAS,eAAe,OAAO,CAAA,IAAA,EAAO,OAAO,OAAO,CAAA;AAAA,WACvH;AACA,UAAA,MAAM,IAAA,CAAK,aAAa,MAAM,CAAA;AAAA,QAChC;AAGA,QAAA,IAAI,MAAA,CAAO,EAAA,KAAO,WAAA,IAAe,cAAA,CAAe,WAAW,QAAA,EAAU;AACnE,UAAA,OAAA,CAAQ,GAAA;AAAA,YACN,CAAA,oEAAA;AAAA,WACF;AACA,UAAA,MAAM,IAAA,CAAK,aAAA,CAAc,cAAA,CAAe,MAAA,CAAO,EAAE,CAAA;AAAA,QACnD;AAAA,MAKF,CAAA,MAAO;AAEL,QAAA,OAAA,CAAQ,GAAA;AAAA,UACN,CAAA,qCAAA,EAAwC,OAAO,YAAY,CAAA;AAAA,SAC7D;AACA,QAAA,MAAM,IAAA,CAAK,cAAc,aAAA,CAAc;AAAA,UACrC,GAAG,MAAA;AAAA,UACH,OAAA,EAAS,MAAA,CAAO,IAAA,CAAK,UAAA,CAAW,OAAO;AAAA,SACxC,CAAA;AAGD,QAAA,IAAI,MAAA,CAAO,IAAA,CAAK,UAAA,CAAW,OAAO,CAAA,EAAG;AACnC,UAAA,OAAA,CAAQ,GAAA;AAAA,YACN,CAAA,0DAAA,EAA6D,OAAO,YAAY,CAAA;AAAA,WAClF;AACA,UAAA,MAAM,IAAA,CAAK,aAAA,CAAc,cAAA,CAAe,MAAA,CAAO,EAAE,CAAA;AAAA,QACnD;AAAA,MACF;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA;AAAA,QACN,CAAA,wCAAA,EAA2C,OAAO,YAAY,CAAA,CAAA,CAAA;AAAA,QAC9D;AAAA,OACF;AAAA,IAEF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,aAAa,MAAA,EAAmC;AAC5D,IAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AAExC,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,EAAA,CAAG,OAAA,CAAQ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAAA,CAS5B,CAAA;AAED,IAAA,MAAM,IAAA,CACH,IAAA;AAAA,MACC,MAAA,CAAO,OAAA;AAAA,MACP,MAAA,CAAO,WAAA;AAAA,MACP,IAAA,CAAK,SAAA,CAAU,MAAA,CAAO,WAAW,CAAA;AAAA,MACjC,IAAA,CAAK,SAAA,CAAU,MAAA,CAAO,QAAA,IAAY,EAAE,CAAA;AAAA,MACpC,GAAA;AAAA,MACA,MAAA,CAAO;AAAA,MAER,GAAA,EAAI;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,iBAAA,GAAsC;AAC1C,IAAA,IAAI;AAEF,MAAA,KAAA,MAAW,UAAA,IAAc,KAAK,YAAA,CAAa,MAAA;AAAA,QAAO,CAAC,CAAA,KACjD,CAAA,CAAE,IAAA,CAAK,WAAW,OAAO;AAAA,OAC3B,EAAG;AACD,QAAA,MAAM,SAAS,MAAM,IAAA,CAAK,aAAA,CAAc,SAAA,CAAU,WAAW,EAAE,CAAA;AAC/D,QAAA,IAAI,CAAC,MAAA,EAAQ;AACX,UAAA,OAAO,IAAA;AAAA,QACT;AAAA,MACF;AACA,MAAA,OAAO,KAAA;AAAA,IACT,SAAS,KAAA,EAAO;AAEd,MAAA,OAAA,CAAQ,KAAA;AAAA,QACN,oDAAA;AAAA,QACA;AAAA,OACF;AACA,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAEF","file":"chunk-27AOVQTR.js","sourcesContent":["/**\n * Collection Loader Service\n *\n * Loads collection configuration files from the collections directory.\n * Supports both development (reading from filesystem) and production (bundled).\n */\n\nimport { CollectionConfig, CollectionConfigModule } from '../types/collection-config'\n\n// Global registry for externally registered collections\nconst registeredCollections: CollectionConfig[] = []\n\n/**\n * Register collections from the application code\n * This should be called before creating the app\n */\nexport function registerCollections(collections: CollectionConfig[]): void {\n for (const config of collections) {\n // Validate required fields\n if (!config.name || !config.displayName || !config.schema) {\n console.error(`Invalid collection config: missing required fields`, config)\n continue\n }\n\n // Set defaults\n const normalizedConfig: CollectionConfig = {\n ...config,\n managed: config.managed !== undefined ? config.managed : true,\n isActive: config.isActive !== undefined ? config.isActive : true\n }\n\n registeredCollections.push(normalizedConfig)\n console.log(`✓ Registered collection: ${config.name}`)\n }\n}\n\n/**\n * Load all collection configurations from the collections directory\n */\nexport async function loadCollectionConfigs(): Promise<CollectionConfig[]> {\n const collections: CollectionConfig[] = [...registeredCollections]\n\n // Log registered collections summary\n if (registeredCollections.length > 0) {\n console.log(`📦 Found ${registeredCollections.length} registered collection(s) from application`)\n } else {\n console.log(`⚠️ No collections registered. Make sure to call registerCollections() in your app's index.ts`)\n console.log(` Example: import myCollection from './collections/my-collection.collection'`)\n console.log(` registerCollections([myCollection])`)\n }\n\n try {\n // Import all collection files dynamically from core package\n // In production, these will be bundled with the application\n const modules = (import.meta as any).glob?.('../collections/*.collection.ts', { eager: true }) || {}\n let coreCollectionCount = 0\n\n for (const [path, module] of Object.entries(modules)) {\n try {\n const configModule = module as CollectionConfigModule\n\n if (!configModule.default) {\n console.warn(`Collection file ${path} does not export a default config`)\n continue\n }\n\n const config = configModule.default\n\n // Validate required fields\n if (!config.name || !config.displayName || !config.schema) {\n console.error(`Invalid collection config in ${path}: missing required fields`)\n continue\n }\n\n // Set defaults\n const normalizedConfig: CollectionConfig = {\n ...config,\n managed: config.managed !== undefined ? config.managed : true,\n isActive: config.isActive !== undefined ? config.isActive : true\n }\n\n collections.push(normalizedConfig)\n coreCollectionCount++\n console.log(`✓ Loaded core collection: ${config.name}`)\n } catch (error) {\n console.error(`Error loading collection from ${path}:`, error)\n }\n }\n\n console.log(`📊 Collection summary: ${collections.length} total (${registeredCollections.length} from app, ${coreCollectionCount} from core)`)\n return collections\n } catch (error) {\n console.error('Error loading collection configurations:', error)\n return collections // Return registered collections even if core loading fails\n }\n}\n\n/**\n * Load a specific collection configuration by name\n * Note: This function requires implementation in the consuming application\n * as it depends on project-specific collection files\n */\nexport async function loadCollectionConfig(name: string): Promise<CollectionConfig | null> {\n try {\n // Dynamic imports are not supported in library builds\n // This should be implemented in the consuming application\n console.warn('loadCollectionConfig requires implementation in consuming application')\n return null\n } catch (error) {\n console.error(`Error loading collection ${name}:`, error)\n return null\n }\n}\n\n/**\n * Get list of all available collection config file names\n */\nexport async function getAvailableCollectionNames(): Promise<string[]> {\n try {\n const modules = (import.meta as any).glob?.('../collections/*.collection.ts') || {}\n const names: string[] = []\n\n for (const path of Object.keys(modules)) {\n // Extract collection name from path\n // e.g., '../collections/blog-posts.collection.ts' -> 'blog-posts'\n const match = path.match(/\\/([^/]+)\\.collection\\.ts$/)\n if (match && match[1]) {\n names.push(match[1])\n }\n }\n\n return names\n } catch (error) {\n console.error('Error getting collection names:', error)\n return []\n }\n}\n\n/**\n * Validate a collection configuration\n */\nexport function validateCollectionConfig(config: CollectionConfig): { valid: boolean; errors: string[] } {\n const errors: string[] = []\n\n // Required fields\n if (!config.name) {\n errors.push('Collection name is required')\n } else if (!/^[a-z0-9_-]+$/.test(config.name)) {\n errors.push('Collection name must contain only lowercase letters, numbers, underscores, and hyphens')\n }\n\n if (!config.displayName) {\n errors.push('Display name is required')\n }\n\n if (!config.schema) {\n errors.push('Schema is required')\n } else {\n // Validate schema structure\n if (config.schema.type !== 'object') {\n errors.push('Schema type must be \"object\"')\n }\n\n if (!config.schema.properties || typeof config.schema.properties !== 'object') {\n errors.push('Schema must have properties')\n }\n\n // Validate field types\n for (const [fieldName, fieldConfig] of Object.entries(config.schema.properties || {})) {\n if (!fieldConfig.type) {\n errors.push(`Field \"${fieldName}\" is missing type`)\n }\n\n // Validate reference fields\n if (fieldConfig.type === 'reference' && !fieldConfig.collection) {\n errors.push(`Reference field \"${fieldName}\" is missing collection property`)\n }\n\n const layoutValue = fieldConfig.objectLayout\n if (layoutValue !== undefined) {\n if (fieldConfig.type !== 'object') {\n errors.push(`Field \"${fieldName}\" uses objectLayout but is not an object field`)\n } else if (!['nested', 'flat'].includes(layoutValue)) {\n errors.push(`Object field \"${fieldName}\" has invalid objectLayout. Use \"nested\" or \"flat\"`)\n }\n }\n\n // Validate select fields\n if (['select', 'multiselect', 'radio'].includes(fieldConfig.type) && !fieldConfig.enum) {\n errors.push(`Select field \"${fieldName}\" is missing enum options`)\n }\n }\n }\n\n return {\n valid: errors.length === 0,\n errors\n }\n}\n","/**\n * Collection Sync Service\n *\n * Syncs collection configurations from code to the database.\n * Handles create, update, and validation of config-managed collections.\n */\n\nimport { CollectionConfig, CollectionSyncResult } from '../types/collection-config'\nimport { loadCollectionConfigs, validateCollectionConfig } from './collection-loader'\n\n/**\n * Sync all collection configurations to the database\n */\nexport async function syncCollections(db: D1Database): Promise<CollectionSyncResult[]> {\n console.log('🔄 Starting collection sync...')\n\n const results: CollectionSyncResult[] = []\n const configs = await loadCollectionConfigs()\n\n if (configs.length === 0) {\n console.log('⚠️ No collection configurations found')\n return results\n }\n\n for (const config of configs) {\n const result = await syncCollection(db, config)\n results.push(result)\n }\n\n const created = results.filter(r => r.status === 'created').length\n const updated = results.filter(r => r.status === 'updated').length\n const unchanged = results.filter(r => r.status === 'unchanged').length\n const errors = results.filter(r => r.status === 'error').length\n\n console.log(`✅ Collection sync complete: ${created} created, ${updated} updated, ${unchanged} unchanged, ${errors} errors`)\n\n return results\n}\n\n/**\n * Sync a single collection configuration to the database\n */\nexport async function syncCollection(db: D1Database, config: CollectionConfig): Promise<CollectionSyncResult> {\n try {\n // Validate config\n const validation = validateCollectionConfig(config)\n if (!validation.valid) {\n return {\n name: config.name,\n status: 'error',\n error: `Validation failed: ${validation.errors.join(', ')}`\n }\n }\n\n // Check if collection exists\n const existingStmt = db.prepare('SELECT * FROM collections WHERE name = ?')\n const existing = await existingStmt.bind(config.name).first() as any\n\n const now = Date.now()\n const collectionId = existing?.id || `col-${config.name}-${crypto.randomUUID().slice(0, 8)}`\n\n // Prepare collection data\n const schemaJson = JSON.stringify(config.schema)\n const isActive = config.isActive !== false ? 1 : 0\n const managed = config.managed !== false ? 1 : 0\n\n if (!existing) {\n // Create new collection\n const insertStmt = db.prepare(`\n INSERT INTO collections (id, name, display_name, description, schema, is_active, managed, created_at, updated_at)\n VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)\n `)\n\n await insertStmt.bind(\n collectionId,\n config.name,\n config.displayName,\n config.description || null,\n schemaJson,\n isActive,\n managed,\n now,\n now\n ).run()\n\n console.log(` ✓ Created collection: ${config.name}`)\n\n return {\n name: config.name,\n status: 'created',\n message: `Created collection \"${config.displayName}\"`\n }\n } else {\n // Check if update is needed\n const existingSchema = existing.schema ? JSON.stringify(existing.schema) : '{}'\n const existingDisplayName = existing.display_name\n const existingDescription = existing.description\n const existingIsActive = existing.is_active\n const existingManaged = existing.managed\n\n const needsUpdate =\n schemaJson !== existingSchema ||\n config.displayName !== existingDisplayName ||\n (config.description || null) !== existingDescription ||\n isActive !== existingIsActive ||\n managed !== existingManaged\n\n if (!needsUpdate) {\n return {\n name: config.name,\n status: 'unchanged',\n message: `Collection \"${config.displayName}\" is up to date`\n }\n }\n\n // Update existing collection\n const updateStmt = db.prepare(`\n UPDATE collections\n SET display_name = ?, description = ?, schema = ?, is_active = ?, managed = ?, updated_at = ?\n WHERE name = ?\n `)\n\n await updateStmt.bind(\n config.displayName,\n config.description || null,\n schemaJson,\n isActive,\n managed,\n now,\n config.name\n ).run()\n\n console.log(` ✓ Updated collection: ${config.name}`)\n\n return {\n name: config.name,\n status: 'updated',\n message: `Updated collection \"${config.displayName}\"`\n }\n }\n } catch (error) {\n console.error(` ✗ Error syncing collection ${config.name}:`, error)\n\n return {\n name: config.name,\n status: 'error',\n error: error instanceof Error ? error.message : 'Unknown error'\n }\n }\n}\n\n/**\n * Check if a collection is managed by config\n */\nexport async function isCollectionManaged(db: D1Database, collectionName: string): Promise<boolean> {\n try {\n const stmt = db.prepare('SELECT managed FROM collections WHERE name = ?')\n const result = await stmt.bind(collectionName).first() as any\n\n return result?.managed === 1\n } catch (error) {\n console.error(`Error checking if collection is managed:`, error)\n return false\n }\n}\n\n/**\n * Get all managed collections from database\n */\nexport async function getManagedCollections(db: D1Database): Promise<string[]> {\n try {\n const stmt = db.prepare('SELECT name FROM collections WHERE managed = 1')\n const { results } = await stmt.all()\n\n return (results || []).map((row: any) => row.name)\n } catch (error) {\n console.error('Error getting managed collections:', error)\n return []\n }\n}\n\n/**\n * Remove collections that are no longer in config files\n * (Only removes managed collections that aren't in the config)\n */\nexport async function cleanupRemovedCollections(db: D1Database): Promise<string[]> {\n try {\n const configs = await loadCollectionConfigs()\n const configNames = new Set(configs.map(c => c.name))\n const managedCollections = await getManagedCollections(db)\n const removed: string[] = []\n\n for (const managedName of managedCollections) {\n if (!configNames.has(managedName)) {\n // This managed collection no longer has a config file\n // Mark as inactive instead of deleting (safer)\n const updateStmt = db.prepare(`\n UPDATE collections\n SET is_active = 0, updated_at = ?\n WHERE name = ? AND managed = 1\n `)\n\n await updateStmt.bind(Date.now(), managedName).run()\n removed.push(managedName)\n console.log(` ⚠️ Deactivated removed collection: ${managedName}`)\n }\n }\n\n return removed\n } catch (error) {\n console.error('Error cleaning up removed collections:', error)\n return []\n }\n}\n\n/**\n * Full sync: sync all configs and cleanup removed\n */\nexport async function fullCollectionSync(db: D1Database): Promise<{\n results: CollectionSyncResult[]\n removed: string[]\n}> {\n const results = await syncCollections(db)\n const removed = await cleanupRemovedCollections(db)\n\n return { results, removed }\n}\n","import type { D1Database } from '@cloudflare/workers-types'\n// Note: PLUGIN_REGISTRY and CORE_PLUGIN_IDS are project-specific\n// They should be passed as parameters to the service in the consuming application\n// import { PLUGIN_REGISTRY, CORE_PLUGIN_IDS } from '../plugins/plugin-registry'\n\nexport interface PluginData {\n id: string\n name: string\n display_name: string\n description: string\n version: string\n author: string\n category: string\n icon: string\n status: 'active' | 'inactive' | 'error'\n is_core: boolean\n settings?: any\n permissions?: string[]\n dependencies?: string[]\n download_count: number\n rating: number\n installed_at: number\n activated_at?: number\n last_updated: number\n error_message?: string\n}\n\nexport interface PluginStats {\n total: number\n active: number\n inactive: number\n errors: number\n uninstalled: number\n}\n\nexport class PluginService {\n constructor(private db: D1Database) {}\n\n async getAllPlugins(): Promise<PluginData[]> {\n // Ensure all plugins from registry exist in database (auto-install if missing)\n await this.ensureAllPluginsExist()\n\n const stmt = this.db.prepare(`\n SELECT * FROM plugins\n ORDER BY is_core DESC, display_name ASC\n `)\n\n const { results } = await stmt.all()\n return (results || []).map(this.mapPluginFromDb)\n }\n\n /**\n * Ensure all plugins from the registry exist in the database\n * Auto-installs any newly detected plugins with inactive status\n *\n * Note: This method should be overridden or configured with a plugin registry\n * in the consuming application\n */\n private async ensureAllPluginsExist(): Promise<void> {\n // This functionality requires a project-specific PLUGIN_REGISTRY\n // In the consuming application, you should pass the registry to this service\n console.log('[PluginService] ensureAllPluginsExist - requires PLUGIN_REGISTRY configuration')\n }\n\n async getPlugin(pluginId: string): Promise<PluginData | null> {\n const stmt = this.db.prepare('SELECT * FROM plugins WHERE id = ?')\n const plugin = await stmt.bind(pluginId).first()\n \n if (!plugin) return null\n return this.mapPluginFromDb(plugin)\n }\n\n async getPluginByName(name: string): Promise<PluginData | null> {\n const stmt = this.db.prepare('SELECT * FROM plugins WHERE name = ?')\n const plugin = await stmt.bind(name).first()\n \n if (!plugin) return null\n return this.mapPluginFromDb(plugin)\n }\n\n async getPluginStats(): Promise<PluginStats> {\n const stmt = this.db.prepare(`\n SELECT \n COUNT(*) as total,\n COUNT(CASE WHEN status = 'active' THEN 1 END) as active,\n COUNT(CASE WHEN status = 'inactive' THEN 1 END) as inactive,\n COUNT(CASE WHEN status = 'error' THEN 1 END) as errors\n FROM plugins\n `)\n \n const stats = await stmt.first() as any\n return {\n total: stats.total || 0,\n active: stats.active || 0,\n inactive: stats.inactive || 0,\n errors: stats.errors || 0,\n uninstalled: 0\n }\n }\n\n async installPlugin(pluginData: Partial<PluginData>): Promise<PluginData> {\n const id = pluginData.id || `plugin-${Date.now()}`\n const now = Math.floor(Date.now() / 1000)\n \n const stmt = this.db.prepare(`\n INSERT INTO plugins (\n id, name, display_name, description, version, author, category, icon,\n status, is_core, settings, permissions, dependencies, download_count, \n rating, installed_at, last_updated\n ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\n `)\n \n await stmt.bind(\n id,\n pluginData.name || id,\n pluginData.display_name || 'Unnamed Plugin',\n pluginData.description || '',\n pluginData.version || '1.0.0',\n pluginData.author || 'Unknown',\n pluginData.category || 'utilities',\n pluginData.icon || '🔌',\n 'inactive',\n pluginData.is_core || false,\n JSON.stringify(pluginData.settings || {}),\n JSON.stringify(pluginData.permissions || []),\n JSON.stringify(pluginData.dependencies || []),\n pluginData.download_count || 0,\n pluginData.rating || 0,\n now,\n now\n ).run()\n \n // Log the installation\n await this.logActivity(id, 'installed', null, { version: pluginData.version })\n \n const installed = await this.getPlugin(id)\n if (!installed) throw new Error('Failed to install plugin')\n \n return installed\n }\n\n async uninstallPlugin(pluginId: string): Promise<void> {\n const plugin = await this.getPlugin(pluginId)\n if (!plugin) throw new Error('Plugin not found')\n if (plugin.is_core) throw new Error('Cannot uninstall core plugins')\n \n // First deactivate if active\n if (plugin.status === 'active') {\n await this.deactivatePlugin(pluginId)\n }\n \n // Delete the plugin\n const stmt = this.db.prepare('DELETE FROM plugins WHERE id = ?')\n await stmt.bind(pluginId).run()\n \n // Log the uninstallation\n await this.logActivity(pluginId, 'uninstalled', null, { name: plugin.name })\n }\n\n async activatePlugin(pluginId: string): Promise<void> {\n const plugin = await this.getPlugin(pluginId)\n if (!plugin) throw new Error('Plugin not found')\n \n // Check dependencies\n if (plugin.dependencies && plugin.dependencies.length > 0) {\n await this.checkDependencies(plugin.dependencies)\n }\n \n const now = Math.floor(Date.now() / 1000)\n const stmt = this.db.prepare(`\n UPDATE plugins \n SET status = 'active', activated_at = ?, error_message = NULL \n WHERE id = ?\n `)\n \n await stmt.bind(now, pluginId).run()\n \n // Log the activation\n await this.logActivity(pluginId, 'activated', null)\n }\n\n async deactivatePlugin(pluginId: string): Promise<void> {\n const plugin = await this.getPlugin(pluginId)\n if (!plugin) throw new Error('Plugin not found')\n \n // Check if other plugins depend on this one\n await this.checkDependents(plugin.name)\n \n const stmt = this.db.prepare(`\n UPDATE plugins \n SET status = 'inactive', activated_at = NULL \n WHERE id = ?\n `)\n \n await stmt.bind(pluginId).run()\n \n // Log the deactivation\n await this.logActivity(pluginId, 'deactivated', null)\n }\n\n async updatePluginSettings(pluginId: string, settings: any): Promise<void> {\n const plugin = await this.getPlugin(pluginId)\n if (!plugin) throw new Error('Plugin not found')\n \n const stmt = this.db.prepare(`\n UPDATE plugins \n SET settings = ?, updated_at = unixepoch() \n WHERE id = ?\n `)\n \n await stmt.bind(JSON.stringify(settings), pluginId).run()\n \n // Log the settings update\n await this.logActivity(pluginId, 'settings_updated', null)\n }\n\n async setPluginError(pluginId: string, error: string): Promise<void> {\n const stmt = this.db.prepare(`\n UPDATE plugins \n SET status = 'error', error_message = ? \n WHERE id = ?\n `)\n \n await stmt.bind(error, pluginId).run()\n \n // Log the error\n await this.logActivity(pluginId, 'error', null, { error })\n }\n\n async getPluginActivity(pluginId: string, limit: number = 10): Promise<any[]> {\n const stmt = this.db.prepare(`\n SELECT * FROM plugin_activity_log \n WHERE plugin_id = ? \n ORDER BY timestamp DESC \n LIMIT ?\n `)\n \n const { results } = await stmt.bind(pluginId, limit).all()\n return (results || []).map((row: any) => ({\n id: row.id,\n action: row.action,\n userId: row.user_id,\n details: row.details ? JSON.parse(row.details) : null,\n timestamp: row.timestamp\n }))\n }\n\n async registerHook(pluginId: string, hookName: string, handlerName: string, priority: number = 10): Promise<void> {\n const id = `hook-${Date.now()}`\n const stmt = this.db.prepare(`\n INSERT INTO plugin_hooks (id, plugin_id, hook_name, handler_name, priority)\n VALUES (?, ?, ?, ?, ?)\n `)\n \n await stmt.bind(id, pluginId, hookName, handlerName, priority).run()\n }\n\n async registerRoute(pluginId: string, path: string, method: string, handlerName: string, middleware?: any[]): Promise<void> {\n const id = `route-${Date.now()}`\n const stmt = this.db.prepare(`\n INSERT INTO plugin_routes (id, plugin_id, path, method, handler_name, middleware)\n VALUES (?, ?, ?, ?, ?, ?)\n `)\n \n await stmt.bind(\n id, \n pluginId, \n path, \n method, \n handlerName, \n JSON.stringify(middleware || [])\n ).run()\n }\n\n async getPluginHooks(pluginId: string): Promise<any[]> {\n const stmt = this.db.prepare(`\n SELECT * FROM plugin_hooks \n WHERE plugin_id = ? AND is_active = TRUE\n ORDER BY priority ASC\n `)\n \n const { results } = await stmt.bind(pluginId).all()\n return results || []\n }\n\n async getPluginRoutes(pluginId: string): Promise<any[]> {\n const stmt = this.db.prepare(`\n SELECT * FROM plugin_routes \n WHERE plugin_id = ? AND is_active = TRUE\n `)\n \n const { results } = await stmt.bind(pluginId).all()\n return results || []\n }\n\n private async checkDependencies(dependencies: string[]): Promise<void> {\n for (const dep of dependencies) {\n const plugin = await this.getPluginByName(dep)\n if (!plugin || plugin.status !== 'active') {\n throw new Error(`Required dependency '${dep}' is not active`)\n }\n }\n }\n\n private async checkDependents(pluginName: string): Promise<void> {\n const stmt = this.db.prepare(`\n SELECT id, display_name FROM plugins \n WHERE status = 'active' \n AND dependencies LIKE ?\n `)\n \n const { results } = await stmt.bind(`%\"${pluginName}\"%`).all()\n if (results && results.length > 0) {\n const names = results.map((p: any) => p.display_name).join(', ')\n throw new Error(`Cannot deactivate. The following plugins depend on this one: ${names}`)\n }\n }\n\n private async logActivity(pluginId: string, action: string, userId: string | null, details?: any): Promise<void> {\n const id = `activity-${Date.now()}`\n const stmt = this.db.prepare(`\n INSERT INTO plugin_activity_log (id, plugin_id, action, user_id, details)\n VALUES (?, ?, ?, ?, ?)\n `)\n \n await stmt.bind(\n id,\n pluginId,\n action,\n userId,\n details ? JSON.stringify(details) : null\n ).run()\n }\n\n private mapPluginFromDb(row: any): PluginData {\n return {\n id: row.id,\n name: row.name,\n display_name: row.display_name,\n description: row.description,\n version: row.version,\n author: row.author,\n category: row.category,\n icon: row.icon,\n status: row.status,\n is_core: row.is_core === 1,\n settings: row.settings ? JSON.parse(row.settings) : undefined,\n permissions: row.permissions ? JSON.parse(row.permissions) : undefined,\n dependencies: row.dependencies ? JSON.parse(row.dependencies) : undefined,\n download_count: row.download_count || 0,\n rating: row.rating || 0,\n installed_at: row.installed_at,\n activated_at: row.activated_at,\n last_updated: row.last_updated,\n error_message: row.error_message\n }\n }\n}\n","import type { D1Database } from \"@cloudflare/workers-types\";\nimport { PluginService } from \"./plugin-service\";\n\nexport interface CorePlugin {\n id: string;\n name: string;\n display_name: string;\n description: string;\n version: string;\n author: string;\n category: string;\n icon: string;\n permissions: string[];\n dependencies: string[];\n settings?: any;\n}\n\nexport class PluginBootstrapService {\n private pluginService: PluginService;\n\n constructor(private db: D1Database) {\n this.pluginService = new PluginService(db);\n }\n\n /**\n * Core plugins that should always be available in the system\n */\n private readonly CORE_PLUGINS: CorePlugin[] = [\n {\n id: \"core-auth\",\n name: \"core-auth\",\n display_name: \"Authentication System\",\n description: \"Core authentication and user management system\",\n version: \"1.0.0\",\n author: \"SonicJS Team\",\n category: \"security\",\n icon: \"🔐\",\n permissions: [\"manage:users\", \"manage:roles\", \"manage:permissions\"],\n dependencies: [],\n settings: {\n requiredFields: {\n email: { required: true, minLength: 5, label: \"Email\", type: \"email\" },\n password: { required: true, minLength: 8, label: \"Password\", type: \"password\" },\n username: { required: true, minLength: 3, label: \"Username\", type: \"text\" },\n firstName: { required: true, minLength: 1, label: \"First Name\", type: \"text\" },\n lastName: { required: true, minLength: 1, label: \"Last Name\", type: \"text\" },\n },\n validation: {\n emailFormat: true,\n allowDuplicateUsernames: false,\n passwordRequirements: {\n requireUppercase: false,\n requireLowercase: false,\n requireNumbers: false,\n requireSpecialChars: false,\n },\n },\n registration: {\n enabled: true,\n requireEmailVerification: false,\n defaultRole: \"viewer\",\n },\n },\n },\n {\n id: \"core-media\",\n name: \"core-media\",\n display_name: \"Media Manager\",\n description: \"Core media upload and management system\",\n version: \"1.0.0\",\n author: \"SonicJS Team\",\n category: \"media\",\n icon: \"📸\",\n permissions: [\"manage:media\", \"upload:files\"],\n dependencies: [],\n settings: {},\n },\n {\n id: \"database-tools\",\n name: \"database-tools\",\n display_name: \"Database Tools\",\n description:\n \"Database management tools including truncate, backup, and validation\",\n version: \"1.0.0\",\n author: \"SonicJS Team\",\n category: \"system\",\n icon: \"🗄️\",\n permissions: [\"manage:database\", \"admin\"],\n dependencies: [],\n settings: {\n enableTruncate: true,\n enableBackup: true,\n enableValidation: true,\n requireConfirmation: true,\n },\n },\n {\n id: \"seed-data\",\n name: \"seed-data\",\n display_name: \"Seed Data\",\n description:\n \"Generate realistic example users and content for testing and development\",\n version: \"1.0.0\",\n author: \"SonicJS Team\",\n category: \"development\",\n icon: \"🌱\",\n permissions: [\"admin\"],\n dependencies: [],\n settings: {\n userCount: 20,\n contentCount: 200,\n defaultPassword: \"password123\",\n },\n },\n {\n id: \"core-cache\",\n name: \"core-cache\",\n display_name: \"Cache System\",\n description:\n \"Three-tiered caching system with memory, KV, and database layers\",\n version: \"1.0.0\",\n author: \"SonicJS Team\",\n category: \"performance\",\n icon: \"⚡\",\n permissions: [\"manage:cache\", \"view:stats\"],\n dependencies: [],\n settings: {\n enableMemoryCache: true,\n enableKVCache: true,\n enableDatabaseCache: true,\n defaultTTL: 3600,\n },\n },\n {\n id: \"workflow-plugin\",\n name: \"workflow-plugin\",\n display_name: \"Workflow Management\",\n description:\n \"Content workflow management with approval chains, scheduling, and automation\",\n version: \"1.0.0-beta.1\",\n author: \"SonicJS Team\",\n category: \"content\",\n icon: \"🔄\",\n permissions: [\"manage:workflows\", \"view:workflows\", \"transition:content\"],\n dependencies: [\"content-plugin\"],\n settings: {\n enableApprovalChains: true,\n enableScheduling: true,\n enableAutomation: true,\n enableNotifications: true,\n },\n },\n {\n id: \"easy-mdx\",\n name: \"easy-mdx\",\n display_name: \"EasyMDE Editor\",\n description: \"Lightweight markdown editor with live preview for richtext fields\",\n version: \"1.0.0\",\n author: \"SonicJS Team\",\n category: \"editor\",\n icon: \"✍️\",\n permissions: [],\n dependencies: [],\n settings: {\n defaultHeight: 400,\n toolbar: \"full\",\n placeholder: \"Start writing your content...\",\n },\n },\n {\n id: \"ai-search\",\n name: \"ai-search-plugin\",\n display_name: \"AI Search\",\n description: \"Advanced search with Cloudflare AI Search. Full-text search, semantic search, and advanced filtering across all content collections.\",\n version: \"1.0.0\",\n author: \"SonicJS Team\",\n category: \"search\",\n icon: \"🔍\",\n permissions: [\"settings:write\", \"admin:access\", \"content:read\"],\n dependencies: [],\n settings: {\n enabled: false,\n ai_mode_enabled: true,\n selected_collections: [],\n dismissed_collections: [],\n autocomplete_enabled: true,\n cache_duration: 1,\n results_limit: 20,\n index_media: false,\n },\n },\n ];\n\n /**\n * Bootstrap all core plugins - install them if they don't exist\n */\n async bootstrapCorePlugins(): Promise<void> {\n console.log(\"[PluginBootstrap] Starting core plugin bootstrap process...\");\n\n try {\n // Check each core plugin\n for (const corePlugin of this.CORE_PLUGINS) {\n await this.ensurePluginInstalled(corePlugin);\n }\n\n console.log(\n \"[PluginBootstrap] Core plugin bootstrap completed successfully\"\n );\n } catch (error) {\n console.error(\"[PluginBootstrap] Error during plugin bootstrap:\", error);\n throw error;\n }\n }\n\n /**\n * Ensure a specific plugin is installed\n */\n private async ensurePluginInstalled(plugin: CorePlugin): Promise<void> {\n try {\n // Check if plugin already exists\n const existingPlugin = await this.pluginService.getPlugin(plugin.id);\n\n if (existingPlugin) {\n console.log(\n `[PluginBootstrap] Plugin already installed: ${plugin.display_name} (status: ${existingPlugin.status})`\n );\n\n // Update plugin if version changed\n if (existingPlugin.version !== plugin.version) {\n console.log(\n `[PluginBootstrap] Updating plugin version: ${plugin.display_name} from ${existingPlugin.version} to ${plugin.version}`\n );\n await this.updatePlugin(plugin);\n }\n\n // ALWAYS ensure core-auth is active (critical for system functionality)\n if (plugin.id === 'core-auth' && existingPlugin.status !== 'active') {\n console.log(\n `[PluginBootstrap] Core-auth plugin is inactive, activating it now...`\n );\n await this.pluginService.activatePlugin(plugin.id);\n }\n\n // Only auto-activate on first install, respect user's activation state on subsequent boots\n // This preserves the activation state across server restarts\n // Core plugins (with core- prefix) are activated on first install in the else block below\n } else {\n // Install the plugin\n console.log(\n `[PluginBootstrap] Installing plugin: ${plugin.display_name}`\n );\n await this.pluginService.installPlugin({\n ...plugin,\n is_core: plugin.name.startsWith(\"core-\"),\n });\n\n // Activate core plugins immediately after installation\n if (plugin.name.startsWith(\"core-\")) {\n console.log(\n `[PluginBootstrap] Activating newly installed core plugin: ${plugin.display_name}`\n );\n await this.pluginService.activatePlugin(plugin.id);\n }\n }\n } catch (error) {\n console.error(\n `[PluginBootstrap] Error ensuring plugin ${plugin.display_name}:`,\n error\n );\n // Don't throw - continue with other plugins\n }\n }\n\n /**\n * Update an existing plugin\n */\n private async updatePlugin(plugin: CorePlugin): Promise<void> {\n const now = Math.floor(Date.now() / 1000);\n\n const stmt = this.db.prepare(`\n UPDATE plugins \n SET \n version = ?,\n description = ?,\n permissions = ?,\n settings = ?,\n last_updated = ?\n WHERE id = ?\n `);\n\n await stmt\n .bind(\n plugin.version,\n plugin.description,\n JSON.stringify(plugin.permissions),\n JSON.stringify(plugin.settings || {}),\n now,\n plugin.id\n )\n .run();\n }\n\n /**\n * Check if bootstrap is needed (first run detection)\n */\n async isBootstrapNeeded(): Promise<boolean> {\n try {\n // Check if any core plugins are missing\n for (const corePlugin of this.CORE_PLUGINS.filter((p) =>\n p.name.startsWith(\"core-\")\n )) {\n const exists = await this.pluginService.getPlugin(corePlugin.id);\n if (!exists) {\n return true;\n }\n }\n return false;\n } catch (error) {\n // If there's an error (like table doesn't exist), we need bootstrap\n console.error(\n \"[PluginBootstrap] Error checking bootstrap status:\",\n error\n );\n return true;\n }\n }\n\n}\n"]}
package/dist/{chunk-25YNV4RK.js → chunk-4TTMQQC7.js} RENAMED
@@ -1,5 +1,5 @@
1
- import { syncCollections, PluginBootstrapService } from './chunk-YFJJU26H.js';
2
- import { MigrationService } from './chunk-STTZVLY2.js';
1
+ import { syncCollections, PluginBootstrapService } from './chunk-27AOVQTR.js';
2
+ import { MigrationService } from './chunk-6O3RJV3C.js';
3
3
  import { metricsTracker } from './chunk-FICTAGD4.js';
4
4
  import { sign, verify } from 'hono/jwt';
5
5
  import { setCookie, getCookie } from 'hono/cookie';
@@ -537,5 +537,5 @@ var getActivePlugins = () => [];
537
537
  var isPluginActive = () => false;
538
538
 
539
539
  export { AuthManager, PermissionManager, bootstrapMiddleware, cacheHeaders, compressionMiddleware, csrfProtection, detailedLoggingMiddleware, generateCsrfToken, getActivePlugins, isPluginActive, logActivity, loggingMiddleware, metricsMiddleware, optionalAuth, performanceLoggingMiddleware, rateLimit, requireActivePlugin, requireActivePlugins, requireAnyPermission, requireAuth, requirePermission, requireRole, securityHeadersMiddleware, securityLoggingMiddleware, validateCsrfToken, verifySecurityConfig };
540
- //# sourceMappingURL=chunk-25YNV4RK.js.map
541
- //# sourceMappingURL=chunk-25YNV4RK.js.map
540
+ //# sourceMappingURL=chunk-4TTMQQC7.js.map
541
+ //# sourceMappingURL=chunk-4TTMQQC7.js.map
package/dist/{chunk-25YNV4RK.js.map → chunk-4TTMQQC7.js.map} RENAMED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/middleware/bootstrap.ts","../src/middleware/auth.ts","../src/middleware/metrics.ts","../src/middleware/csrf.ts","../src/middleware/rate-limit.ts","../src/middleware/security-headers.ts","../src/middleware/index.ts"],"names":["result","JWT_SECRET_FALLBACK","getCookie","setCookie"],"mappings":";;;;;;;AAeA,IAAI,iBAAA,GAAoB,KAAA;AAOjB,SAAS,qBAAqB,GAAA,EAAqB;AACxD,EAAA,MAAM,WAAqB,EAAC;AAG5B,EAAA,IAAI,CAAC,IAAI,UAAA,EAAY;AACnB,IAAA,QAAA,CAAS,IAAA;AAAA,MACP;AAAA,KACF;AAAA,EACF,CAAA,MAAA,IAAW,GAAA,CAAI,UAAA,CAAW,QAAA,CAAS,sBAAsB,CAAA,EAAG;AAC1D,IAAA,QAAA,CAAS,IAAA;AAAA,MACP;AAAA,KACF;AAAA,EACF;AAGA,EAAA,IAAI,CAAC,IAAI,YAAA,EAAc;AACrB,IAAA,QAAA,CAAS,IAAA;AAAA,MACP;AAAA,KACF;AAAA,EACF;AAGA,EAAA,IAAI,CAAC,IAAI,WAAA,EAAa;AACpB,IAAA,QAAA,CAAS,IAAA;AAAA,MACP;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,QAAA,CAAS,WAAW,CAAA,EAAG;AACzB,IAAA;AAAA,EACF;AAEA,EAAA,MAAM,YAAA,GAAe,IAAI,WAAA,KAAgB,YAAA;AAEzC,EAAA,KAAA,MAAW,WAAW,QAAA,EAAU;AAC9B,IAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,mBAAA,EAAsB,OAAO,CAAA,CAAE,CAAA;AAAA,EAC9C;AAEA,EAAA,IAAI,YAAA,EAAc;AAGhB,IAAA,MAAM,cACJ,CAAC,GAAA,CAAI,cAAc,GAAA,CAAI,UAAA,CAAW,SAAS,sBAAsB,CAAA;AACnE,IAAA,IAAI,WAAA,EAAa;AACf,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OAEF;AAAA,IACF;AAAA,EACF;AACF;AAMO,SAAS,mBAAA,CAAoB,MAAA,GAAwB,EAAC,EAAG;AAC9D,EAAA,OAAO,OAAO,GAAoC,IAAA,KAAe;AAE/D,IAAA,IAAI,iBAAA,EAAmB;AACrB,MAAA,OAAO,IAAA,EAAK;AAAA,IACd;AAGA,IAAA,MAAM,IAAA,GAAO,EAAE,GAAA,CAAI,IAAA;AACnB,IAAA,IACE,IAAA,CAAK,UAAA,CAAW,UAAU,CAAA,IAC1B,IAAA,CAAK,UAAA,CAAW,UAAU,CAAA,IAC1B,IAAA,KAAS,SAAA,IACT,IAAA,CAAK,QAAA,CAAS,KAAK,CAAA,IACnB,IAAA,CAAK,QAAA,CAAS,MAAM,CAAA,IACpB,IAAA,CAAK,QAAA,CAAS,MAAM,CAAA,IACpB,IAAA,CAAK,QAAA,CAAS,MAAM,CAAA,IACpB,IAAA,CAAK,QAAA,CAAS,MAAM,CAAA,EACpB;AACA,MAAA,OAAO,IAAA,EAAK;AAAA,IACd;AAEA,IAAA,IAAI;AACF,MAAA,OAAA,CAAQ,IAAI,+CAA+C,CAAA;AAG3D,MAAA,OAAA,CAAQ,IAAI,4CAA4C,CAAA;AACxD,MAAA,MAAM,gBAAA,GAAmB,IAAI,gBAAA,CAAiB,CAAA,CAAE,IAAI,EAAE,CAAA;AACtD,MAAA,MAAM,iBAAiB,oBAAA,EAAqB;AAG5C,MAAA,OAAA,CAAQ,IAAI,kDAAkD,CAAA;AAC9D,MAAA,IAAI;AACF,QAAA,MAAM,eAAA,CAAgB,CAAA,CAAE,GAAA,CAAI,EAAE,CAAA;AAAA,MAChC,SAAS,KAAA,EAAO;AACd,QAAA,OAAA,CAAQ,KAAA,CAAM,0CAA0C,KAAK,CAAA;AAAA,MAE/D;AAGA,MAAA,IAAI,CAAC,MAAA,CAAO,OAAA,EAAS,UAAA,EAAY;AAC/B,QAAA,OAAA,CAAQ,IAAI,2CAA2C,CAAA;AACvD,QAAA,MAAM,gBAAA,GAAmB,IAAI,sBAAA,CAAuB,CAAA,CAAE,IAAI,EAAE,CAAA;AAG5D,QAAA,MAAM,cAAA,GAAiB,MAAM,gBAAA,CAAiB,iBAAA,EAAkB;AAChE,QAAA,IAAI,cAAA,EAAgB;AAClB,UAAA,MAAM,iBAAiB,oBAAA,EAAqB;AAAA,QAC9C;AAAA,MACF,CAAA,MAAO;AACL,QAAA,OAAA,CAAQ,IAAI,2DAA2D,CAAA;AAAA,MACzE;AAGA,MAAA,iBAAA,GAAoB,IAAA;AACpB,MAAA,OAAA,CAAQ,IAAI,6CAA6C,CAAA;AAAA,IAC3D,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,mDAAmD,KAAK,CAAA;AAAA,IAExE;AAIA,IAAA,oBAAA,CAAqB,EAAE,GAAe,CAAA;AAEtC,IAAA,OAAO,IAAA,EAAK;AAAA,EACd,CAAA;AACF;ACpIA,IAAM,mBAAA,GAAsB,gDAAA;AAErB,IAAM,cAAN,MAAkB;AAAA,EACvB,aAAa,aAAA,CAAc,MAAA,EAAgB,KAAA,EAAe,MAAc,MAAA,EAAkC;AACxG,IAAA,MAAM,OAAA,GAAsB;AAAA,MAC1B,MAAA;AAAA,MACA,KAAA;AAAA,MACA,IAAA;AAAA,MACA,GAAA,EAAK,KAAK,KAAA,CAAM,IAAA,CAAK,KAAI,GAAI,GAAI,CAAA,GAAK,EAAA,GAAK,EAAA,GAAK,EAAA;AAAA;AAAA,MAChD,KAAK,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI;AAAA,KACnC;AAEA,IAAA,OAAO,MAAM,IAAA,CAAK,OAAA,EAAS,MAAA,IAAU,qBAAqB,OAAO,CAAA;AAAA,EACnE;AAAA,EAEA,aAAa,WAAA,CAAY,KAAA,EAAe,MAAA,EAA6C;AACnF,IAAA,IAAI;AACF,MAAA,MAAM,UAAU,MAAM,MAAA,CAAO,KAAA,EAAO,MAAA,IAAU,qBAAqB,OAAO,CAAA;AAG1E,MAAA,IAAI,OAAA,CAAQ,MAAM,IAAA,CAAK,KAAA,CAAM,KAAK,GAAA,EAAI,GAAI,GAAI,CAAA,EAAG;AAC/C,QAAA,OAAO,IAAA;AAAA,MACT;AAEA,MAAA,OAAO,OAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,8BAA8B,KAAK,CAAA;AACjD,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA,EAEA,aAAa,aAAa,QAAA,EAAmC;AAC3D,IAAA,MAAM,UAAA,GAAa,GAAA;AACnB,IAAA,MAAM,IAAA,GAAO,IAAI,UAAA,CAAW,EAAE,CAAA;AAC9B,IAAA,MAAA,CAAO,gBAAgB,IAAI,CAAA;AAE3B,IAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,IAAA,MAAM,WAAA,GAAc,MAAM,MAAA,CAAO,MAAA,CAAO,SAAA;AAAA,MACtC,KAAA;AAAA,MACA,OAAA,CAAQ,OAAO,QAAQ,CAAA;AAAA,MACvB,QAAA;AAAA,MACA,KAAA;AAAA,MACA,CAAC,YAAY;AAAA,KACf;AAEA,IAAA,MAAM,UAAA,GAAa,MAAM,MAAA,CAAO,MAAA,CAAO,UAAA;AAAA,MACrC;AAAA,QACE,IAAA,EAAM,QAAA;AAAA,QACN,IAAA;AAAA,QACA,UAAA;AAAA,QACA,IAAA,EAAM;AAAA,OACR;AAAA,MACA,WAAA;AAAA,MACA;AAAA,KACF;AAEA,IAAA,MAAM,UAAU,KAAA,CAAM,IAAA,CAAK,IAAI,CAAA,CAAE,IAAI,CAAA,CAAA,KAAK,CAAA,CAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAAE,KAAK,EAAE,CAAA;AAClF,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,IAAI,WAAW,UAAU,CAAC,EAAE,GAAA,CAAI,CAAA,CAAA,KAAK,EAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAAE,KAAK,EAAE,CAAA;AAExG,IAAA,OAAO,CAAA,OAAA,EAAU,UAAU,CAAA,CAAA,EAAI,OAAO,IAAI,OAAO,CAAA,CAAA;AAAA,EACnD;AAAA,EAEA,aAAa,mBAAmB,QAAA,EAAmC;AACjE,IAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,IAAA,MAAM,IAAA,GAAO,OAAA,CAAQ,MAAA,CAAO,QAAA,GAAW,2BAA2B,CAAA;AAClE,IAAA,MAAM,aAAa,MAAM,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,WAAW,IAAI,CAAA;AAC7D,IAAA,MAAM,YAAY,KAAA,CAAM,IAAA,CAAK,IAAI,UAAA,CAAW,UAAU,CAAC,CAAA;AACvD,IAAA,OAAO,SAAA,CAAU,GAAA,CAAI,CAAA,CAAA,KAAK,CAAA,CAAE,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAAE,KAAK,EAAE,CAAA;AAAA,EACpE;AAAA,EAEA,aAAa,cAAA,CAAe,QAAA,EAAkB,UAAA,EAAsC;AAClF,IAAA,IAAI,UAAA,CAAW,UAAA,CAAW,SAAS,CAAA,EAAG;AAEpC,MAAA,MAAM,KAAA,GAAQ,UAAA,CAAW,KAAA,CAAM,GAAG,CAAA;AAClC,MAAA,IAAI,KAAA,CAAM,MAAA,KAAW,CAAA,EAAG,OAAO,KAAA;AAE/B,MAAA,MAAM,aAAA,GAAgB,MAAM,CAAC,CAAA;AAC7B,MAAA,MAAM,OAAA,GAAU,MAAM,CAAC,CAAA;AACvB,MAAA,MAAM,eAAA,GAAkB,MAAM,CAAC,CAAA;AAC/B,MAAA,MAAM,UAAA,GAAa,QAAA,CAAS,aAAA,EAAe,EAAE,CAAA;AAE7C,MAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,KAAA,CAAM,OAAO,CAAA;AACvC,MAAA,IAAI,CAAC,WAAW,OAAO,KAAA;AACvB,MAAA,MAAM,IAAA,GAAO,IAAI,UAAA,CAAW,SAAA,CAAU,GAAA,CAAI,UAAQ,QAAA,CAAS,IAAA,EAAM,EAAE,CAAC,CAAC,CAAA;AAErE,MAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,MAAA,MAAM,WAAA,GAAc,MAAM,MAAA,CAAO,MAAA,CAAO,SAAA;AAAA,QACtC,KAAA;AAAA,QACA,OAAA,CAAQ,OAAO,QAAQ,CAAA;AAAA,QACvB,QAAA;AAAA,QACA,KAAA;AAAA,QACA,CAAC,YAAY;AAAA,OACf;AAEA,MAAA,MAAM,UAAA,GAAa,MAAM,MAAA,CAAO,MAAA,CAAO,UAAA;AAAA,QACrC;AAAA,UACE,IAAA,EAAM,QAAA;AAAA,UACN,IAAA;AAAA,UACA,UAAA;AAAA,UACA,IAAA,EAAM;AAAA,SACR;AAAA,QACA,WAAA;AAAA,QACA;AAAA,OACF;AAEA,MAAA,MAAM,aAAA,GAAgB,MAAM,IAAA,CAAK,IAAI,WAAW,UAAU,CAAC,EAAE,GAAA,CAAI,CAAA,CAAA,KAAK,EAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAAE,KAAK,EAAE,CAAA;AAG9G,MAAA,IAAI,aAAA,CAAc,MAAA,KAAW,eAAA,CAAgB,MAAA,EAAQ,OAAO,KAAA;AAC5D,MAAA,IAAIA,OAAAA,GAAS,CAAA;AACb,MAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,aAAA,CAAc,QAAQ,CAAA,EAAA,EAAK;AAC7C,QAAAA,WAAU,aAAA,CAAc,UAAA,CAAW,CAAC,CAAA,GAAI,eAAA,CAAgB,WAAW,CAAC,CAAA;AAAA,MACtE;AACA,MAAA,OAAOA,OAAAA,KAAW,CAAA;AAAA,IACpB;AAGA,IAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,kBAAA,CAAmB,QAAQ,CAAA;AAEzD,IAAA,IAAI,UAAA,CAAW,MAAA,KAAW,UAAA,CAAW,MAAA,EAAQ,OAAO,KAAA;AACpD,IAAA,IAAI,MAAA,GAAS,CAAA;AACb,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,UAAA,CAAW,QAAQ,CAAA,EAAA,EAAK;AAC1C,MAAA,MAAA,IAAU,WAAW,UAAA,CAAW,CAAC,CAAA,GAAI,UAAA,CAAW,WAAW,CAAC,CAAA;AAAA,IAC9D;AACA,IAAA,OAAO,MAAA,KAAW,CAAA;AAAA,EACpB;AAAA,EAEA,OAAO,aAAa,UAAA,EAA6B;AAC/C,IAAA,OAAO,CAAC,UAAA,CAAW,UAAA,CAAW,SAAS,CAAA;AAAA,EACzC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,OAAO,aAAA,CAAc,CAAA,EAAY,KAAA,EAAe,OAAA,EAKvC;AACP,IAAA,SAAA,CAAU,CAAA,EAAG,cAAc,KAAA,EAAO;AAAA,MAChC,QAAA,EAAU,SAAS,QAAA,IAAY,IAAA;AAAA,MAC/B,MAAA,EAAQ,SAAS,MAAA,IAAU,IAAA;AAAA,MAC3B,QAAA,EAAU,SAAS,QAAA,IAAY,QAAA;AAAA,MAC/B,MAAA,EAAQ,OAAA,EAAS,MAAA,IAAW,EAAA,GAAK,EAAA,GAAK;AAAA;AAAA,KACvC,CAAA;AAAA,EACH;AACF;AAGO,IAAM,cAAc,MAAM;AAC/B,EAAA,OAAO,OAAO,GAAY,IAAA,KAAe;AACvC,IAAA,IAAI;AAEF,MAAA,IAAI,KAAA,GAAQ,EAAE,GAAA,CAAI,MAAA,CAAO,eAAe,CAAA,EAAG,OAAA,CAAQ,WAAW,EAAE,CAAA;AAGhE,MAAA,IAAI,CAAC,KAAA,EAAO;AACV,QAAA,KAAA,GAAQ,SAAA,CAAU,GAAG,YAAY,CAAA;AAAA,MACnC;AAEA,MAAA,IAAI,CAAC,KAAA,EAAO;AAEV,QAAA,MAAM,YAAA,GAAe,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,QAAQ,CAAA,IAAK,EAAA;AAC/C,QAAA,IAAI,YAAA,CAAa,QAAA,CAAS,WAAW,CAAA,EAAG;AACtC,UAAA,OAAO,CAAA,CAAE,SAAS,yDAAyD,CAAA;AAAA,QAC7E;AACA,QAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,yBAAA,IAA6B,GAAG,CAAA;AAAA,MACzD;AAGA,MAAA,MAAM,EAAA,GAAK,EAAE,GAAA,EAAK,EAAA;AAClB,MAAA,IAAI,OAAA,GAA6B,IAAA;AAEjC,MAAA,IAAI,EAAA,EAAI;AACN,QAAA,MAAM,WAAW,CAAA,KAAA,EAAQ,KAAA,CAAM,SAAA,CAAU,CAAA,EAAG,EAAE,CAAC,CAAA,CAAA;AAC/C,QAAA,MAAM,MAAA,GAAS,MAAM,EAAA,CAAG,GAAA,CAAI,UAAU,MAAM,CAAA;AAC5C,QAAA,IAAI,MAAA,EAAQ;AACV,UAAA,OAAA,GAAU,MAAA;AAAA,QACZ;AAAA,MACF;AAGA,MAAA,IAAI,CAAC,OAAA,EAAS;AACZ,QAAA,MAAM,SAAA,GAAa,EAAE,GAAA,EAAa,UAAA;AAClC,QAAA,OAAA,GAAU,MAAM,WAAA,CAAY,WAAA,CAAY,KAAA,EAAO,SAAS,CAAA;AAGxD,QAAA,IAAI,WAAW,EAAA,EAAI;AACjB,UAAA,MAAM,WAAW,CAAA,KAAA,EAAQ,KAAA,CAAM,SAAA,CAAU,CAAA,EAAG,EAAE,CAAC,CAAA,CAAA;AAC/C,UAAA,MAAM,EAAA,CAAG,GAAA,CAAI,QAAA,EAAU,IAAA,CAAK,SAAA,CAAU,OAAO,CAAA,EAAG,EAAE,aAAA,EAAe,GAAA,EAAK,CAAA;AAAA,QACxE;AAAA,MACF;AAEA,MAAA,IAAI,CAAC,OAAA,EAAS;AAEZ,QAAA,MAAM,YAAA,GAAe,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,QAAQ,CAAA,IAAK,EAAA;AAC/C,QAAA,IAAI,YAAA,CAAa,QAAA,CAAS,WAAW,CAAA,EAAG;AACtC,UAAA,OAAO,CAAA,CAAE,SAAS,gEAAgE,CAAA;AAAA,QACpF;AACA,QAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,0BAAA,IAA8B,GAAG,CAAA;AAAA,MAC1D;AAGA,MAAA,CAAA,CAAE,GAAA,CAAI,QAAQ,OAAO,CAAA;AAErB,MAAA,OAAO,MAAM,IAAA,EAAK;AAAA,IACpB,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,0BAA0B,KAAK,CAAA;AAE7C,MAAA,MAAM,YAAA,GAAe,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,QAAQ,CAAA,IAAK,EAAA;AAC/C,MAAA,IAAI,YAAA,CAAa,QAAA,CAAS,WAAW,CAAA,EAAG;AACtC,QAAA,OAAO,CAAA,CAAE,SAAS,6DAA6D,CAAA;AAAA,MACjF;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,uBAAA,IAA2B,GAAG,CAAA;AAAA,IACvD;AAAA,EACF,CAAA;AACF;AAGO,IAAM,WAAA,GAAc,CAAC,YAAA,KAAoC;AAC9D,EAAA,OAAO,OAAO,GAAY,IAAA,KAAe;AACvC,IAAA,MAAM,IAAA,GAAO,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEzB,IAAA,IAAI,CAAC,IAAA,EAAM;AAET,MAAA,MAAM,YAAA,GAAe,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,QAAQ,CAAA,IAAK,EAAA;AAC/C,MAAA,IAAI,YAAA,CAAa,QAAA,CAAS,WAAW,CAAA,EAAG;AACtC,QAAA,OAAO,CAAA,CAAE,SAAS,yDAAyD,CAAA;AAAA,MAC7E;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,yBAAA,IAA6B,GAAG,CAAA;AAAA,IACzD;AAEA,IAAA,MAAM,QAAQ,KAAA,CAAM,OAAA,CAAQ,YAAY,CAAA,GAAI,YAAA,GAAe,CAAC,YAAY,CAAA;AAExE,IAAA,IAAI,CAAC,KAAA,CAAM,QAAA,CAAS,IAAA,CAAK,IAAI,CAAA,EAAG;AAE9B,MAAA,MAAM,YAAA,GAAe,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,QAAQ,CAAA,IAAK,EAAA;AAC/C,MAAA,IAAI,YAAA,CAAa,QAAA,CAAS,WAAW,CAAA,EAAG;AACtC,QAAA,OAAO,CAAA,CAAE,SAAS,kEAAkE,CAAA;AAAA,MACtF;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,0BAAA,IAA8B,GAAG,CAAA;AAAA,IAC1D;AAEA,IAAA,OAAO,MAAM,IAAA,EAAK;AAAA,EACpB,CAAA;AACF;AAGO,IAAM,eAAe,MAAM;AAChC,EAAA,OAAO,OAAO,GAAY,IAAA,KAAe;AACvC,IAAA,IAAI;AACF,MAAA,IAAI,KAAA,GAAQ,EAAE,GAAA,CAAI,MAAA,CAAO,eAAe,CAAA,EAAG,OAAA,CAAQ,WAAW,EAAE,CAAA;AAEhE,MAAA,IAAI,CAAC,KAAA,EAAO;AACV,QAAA,KAAA,GAAQ,SAAA,CAAU,GAAG,YAAY,CAAA;AAAA,MACnC;AAEA,MAAA,IAAI,KAAA,EAAO;AACT,QAAA,MAAM,SAAA,GAAa,EAAE,GAAA,EAAa,UAAA;AAClC,QAAA,MAAM,OAAA,GAAU,MAAM,WAAA,CAAY,WAAA,CAAY,OAAO,SAAS,CAAA;AAC9D,QAAA,IAAI,OAAA,EAAS;AACX,UAAA,CAAA,CAAE,GAAA,CAAI,QAAQ,OAAO,CAAA;AAAA,QACvB;AAAA,MACF;AAEA,MAAA,OAAO,MAAM,IAAA,EAAK;AAAA,IACpB,SAAS,KAAA,EAAO;AAEd,MAAA,OAAA,CAAQ,KAAA,CAAM,wBAAwB,KAAK,CAAA;AAC3C,MAAA,OAAO,MAAM,IAAA,EAAK;AAAA,IACpB;AAAA,EACF,CAAA;AACF;;;AC1RO,IAAM,oBAAoB,MAAyB;AACxD,EAAA,OAAO,OAAO,GAAG,IAAA,KAAS;AACxB,IAAA,MAAM,OAAO,IAAI,GAAA,CAAI,CAAA,CAAE,GAAA,CAAI,GAAG,CAAA,CAAE,QAAA;AAGhC,IAAA,IAAI,SAAS,8BAAA,EAAgC;AAC3C,MAAA,cAAA,CAAe,aAAA,EAAc;AAAA,IAC/B;AAGA,IAAA,MAAM,IAAA,EAAK;AAAA,EACb,CAAA;AACF;ACEA,IAAMC,oBAAAA,GAAsB,gDAAA;AAOrB,SAAS,uBAAuB,MAAA,EAA6B;AAClE,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAM,CAAA;AACnC,EAAA,IAAI,MAAA,GAAS,EAAA;AACb,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,IAAA,MAAA,IAAU,MAAA,CAAO,YAAA,CAAa,KAAA,CAAM,CAAC,CAAE,CAAA;AAAA,EACzC;AACA,EAAA,OAAO,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,OAAO,EAAE,CAAA;AAC/E;AAGA,eAAe,WAAW,MAAA,EAAoC;AAC5D,EAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,EAAA,OAAO,OAAO,MAAA,CAAO,SAAA;AAAA,IACnB,KAAA;AAAA,IACA,OAAA,CAAQ,OAAO,MAAM,CAAA;AAAA,IACrB,EAAE,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,SAAA,EAAU;AAAA,IAChC,KAAA;AAAA,IACA,CAAC,QAAQ,QAAQ;AAAA,GACnB;AACF;AAWA,eAAsB,kBAAkB,MAAA,EAAiC;AACvE,EAAA,MAAM,UAAA,GAAa,IAAI,UAAA,CAAW,EAAE,CAAA;AACpC,EAAA,MAAA,CAAO,gBAAgB,UAAU,CAAA;AACjC,EAAA,MAAM,KAAA,GAAQ,sBAAA,CAAuB,UAAA,CAAW,MAAM,CAAA;AAEtD,EAAA,MAAM,GAAA,GAAM,MAAM,UAAA,CAAW,MAAM,CAAA;AACnC,EAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,EAAA,MAAM,eAAA,GAAkB,MAAM,MAAA,CAAO,MAAA,CAAO,IAAA,CAAK,QAAQ,GAAA,EAAK,OAAA,CAAQ,MAAA,CAAO,KAAK,CAAC,CAAA;AACnF,EAAA,MAAM,SAAA,GAAY,uBAAuB,eAAe,CAAA;AAExD,EAAA,OAAO,CAAA,EAAG,KAAK,CAAA,CAAA,EAAI,SAAS,CAAA,CAAA;AAC9B;AAcA,eAAsB,iBAAA,CAAkB,OAAe,MAAA,EAAkC;AACvF,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,UAAU,OAAO,KAAA;AAEhD,EAAA,MAAM,QAAA,GAAW,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA;AAClC,EAAA,IAAI,QAAA,KAAa,IAAI,OAAO,KAAA;AAE5B,EAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,SAAA,CAAU,CAAA,EAAG,QAAQ,CAAA;AACzC,EAAA,MAAM,SAAA,GAAY,KAAA,CAAM,SAAA,CAAU,QAAA,GAAW,CAAC,CAAA;AAE9C,EAAA,IAAI,CAAC,KAAA,IAAS,CAAC,SAAA,EAAW,OAAO,KAAA;AAEjC,EAAA,IAAI;AACF,IAAA,MAAM,GAAA,GAAM,MAAM,UAAA,CAAW,MAAM,CAAA;AACnC,IAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAGhC,IAAA,MAAM,SAAA,GAAY,UAAU,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAM,GAAG,CAAA;AAChE,IAAA,MAAM,SAAA,GAAY,KAAK,SAAS,CAAA;AAChC,IAAA,MAAM,QAAA,GAAW,IAAI,UAAA,CAAW,SAAA,CAAU,MAAM,CAAA;AAChD,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,SAAA,CAAU,QAAQ,CAAA,EAAA,EAAK;AACzC,MAAA,QAAA,CAAS,CAAC,CAAA,GAAI,SAAA,CAAU,UAAA,CAAW,CAAC,CAAA;AAAA,IACtC;AAGA,IAAA,OAAO,MAAM,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,MAAA,EAAQ,GAAA,EAAK,QAAA,CAAS,MAAA,EAAQ,OAAA,CAAQ,MAAA,CAAO,KAAK,CAAC,CAAA;AAAA,EACvF,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAMA,IAAM,oBAAA,GAAuB;AAAA,EAC3B,aAAA;AAAA,EACA,gBAAA;AAAA,EACA,kBAAA;AAAA,EACA,yBAAA;AAAA,EACA,sBAAA;AAAA,EACA;AACF,CAAA;AASA,SAAS,YAAA,CAAa,IAAA,EAAc,gBAAA,GAA6B,EAAC,EAAY;AAE5E,EAAA,IAAI,IAAA,CAAK,UAAA,CAAW,SAAS,CAAA,IAAK,IAAA,CAAK,UAAA,CAAW,aAAa,CAAA,IAAK,IAAA,KAAS,QAAA,IAAY,IAAA,KAAS,YAAA,EAAc;AAC9G,IAAA,OAAO,IAAA;AAAA,EACT;AAGA,EAAA,IAAI,IAAA,CAAK,UAAA,CAAW,aAAa,CAAA,EAAG;AAClC,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,SAAA,GAAY,CAAC,GAAG,oBAAA,EAAsB,GAAG,gBAAgB,CAAA;AAC/D,EAAA,KAAA,MAAW,UAAU,SAAA,EAAW;AAC9B,IAAA,IAAI,SAAS,MAAA,IAAU,IAAA,CAAK,UAAA,CAAW,MAAA,GAAS,GAAG,CAAA,EAAG;AACpD,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT;AAkBO,SAAS,cAAA,CAAe,OAAA,GAAuB,EAAC,EAAG;AACxD,EAAA,OAAO,OAAO,GAAY,IAAA,KAAyC;AACjE,IAAA,MAAM,MAAA,GAAS,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,WAAA,EAAY;AACxC,IAAA,MAAM,OAAO,IAAI,GAAA,CAAI,CAAA,CAAE,GAAA,CAAI,GAAG,CAAA,CAAE,QAAA;AAChC,IAAA,MAAM,MAAA,GAAS,CAAA,CAAE,GAAA,EAAK,UAAA,IAAcA,oBAAAA;AAGpC,IAAA,IAAI,EAAE,GAAA,EAAK,WAAA,KAAgB,gBAAgB,CAAC,CAAA,CAAE,KAAK,UAAA,EAAY;AAC7D,MAAA,OAAA,CAAQ,IAAA;AAAA,QACN;AAAA,OAEF;AAAA,IACF;AAGA,IAAA,IAAI,MAAA,KAAW,KAAA,IAAS,MAAA,KAAW,MAAA,IAAU,WAAW,SAAA,EAAW;AACjE,MAAA,MAAM,gBAAA,CAAiB,GAAG,MAAM,CAAA;AAChC,MAAA,MAAM,IAAA,EAAK;AACX,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,YAAA,CAAa,IAAA,EAAM,OAAA,CAAQ,WAAW,CAAA,EAAG;AAC3C,MAAA,MAAM,IAAA,EAAK;AACX,MAAA;AAAA,IACF;AAGA,IAAA,MAAM,UAAA,GAAaC,SAAAA,CAAU,CAAA,EAAG,YAAY,CAAA;AAC5C,IAAA,IAAI,CAAC,UAAA,EAAY;AACf,MAAA,MAAM,IAAA,EAAK;AACX,MAAA;AAAA,IACF;AAGA,IAAA,MAAM,WAAA,GAAcA,SAAAA,CAAU,CAAA,EAAG,YAAY,CAAA;AAC7C,IAAA,IAAI,WAAA,GAAc,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,cAAc,CAAA;AAG7C,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,MAAM,WAAA,GAAc,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,cAAc,CAAA,IAAK,EAAA;AACpD,MAAA,IAAI,YAAY,QAAA,CAAS,mCAAmC,KAAK,WAAA,CAAY,QAAA,CAAS,qBAAqB,CAAA,EAAG;AAC5G,QAAA,IAAI;AACF,UAAA,MAAM,IAAA,GAAO,MAAM,CAAA,CAAE,GAAA,CAAI,SAAA,EAAU;AACnC,UAAA,WAAA,GAAc,KAAK,OAAO,CAAA;AAAA,QAC5B,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AAAA,IACF;AAEA,IAAA,IAAI,CAAC,WAAA,IAAe,CAAC,WAAA,EAAa;AAChC,MAAA,OAAO,SAAA,CAAU,GAAG,oBAAoB,CAAA;AAAA,IAC1C;AAEA,IAAA,IAAI,gBAAgB,WAAA,EAAa;AAC/B,MAAA,OAAO,SAAA,CAAU,GAAG,qBAAqB,CAAA;AAAA,IAC3C;AAEA,IAAA,MAAM,OAAA,GAAU,MAAM,iBAAA,CAAkB,WAAA,EAAa,MAAM,CAAA;AAC3D,IAAA,IAAI,CAAC,OAAA,EAAS;AACZ,MAAA,OAAO,SAAA,CAAU,GAAG,oBAAoB,CAAA;AAAA,IAC1C;AAEA,IAAA,MAAM,IAAA,EAAK;AAAA,EACb,CAAA;AACF;AAOA,eAAe,gBAAA,CAAiB,GAAY,MAAA,EAA+B;AACzE,EAAA,MAAM,QAAA,GAAWA,SAAAA,CAAU,CAAA,EAAG,YAAY,CAAA;AAE1C,EAAA,IAAI,QAAA,EAAU;AACZ,IAAA,MAAM,OAAA,GAAU,MAAM,iBAAA,CAAkB,QAAA,EAAU,MAAM,CAAA;AACxD,IAAA,IAAI,OAAA,EAAS;AAEX,MAAA,CAAA,CAAE,GAAA,CAAI,aAAa,QAAQ,CAAA;AAC3B,MAAA;AAAA,IACF;AAAA,EACF;AAGA,EAAA,MAAM,KAAA,GAAQ,MAAM,iBAAA,CAAkB,MAAM,CAAA;AAC5C,EAAA,CAAA,CAAE,GAAA,CAAI,aAAa,KAAK,CAAA;AAExB,EAAA,MAAM,QAAQ,CAAA,CAAE,GAAA,EAAK,gBAAgB,aAAA,IAAiB,CAAC,EAAE,GAAA,EAAK,WAAA;AAC9D,EAAAC,SAAAA,CAAU,CAAA,EAAG,YAAA,EAAc,KAAA,EAAO;AAAA,IAChC,QAAA,EAAU,KAAA;AAAA;AAAA,IACV,QAAQ,CAAC,KAAA;AAAA,IACT,QAAA,EAAU,QAAA;AAAA,IACV,IAAA,EAAM,GAAA;AAAA,IACN,MAAA,EAAQ;AAAA;AAAA,GACT,CAAA;AACH;AAGA,SAAS,SAAA,CAAU,GAAY,OAAA,EAA2B;AACxD,EAAA,MAAM,MAAA,GAAS,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,QAAQ,CAAA,IAAK,EAAA;AACzC,EAAA,IAAI,MAAA,CAAO,QAAA,CAAS,WAAW,CAAA,EAAG;AAChC,IAAA,OAAO,CAAA,CAAE,IAAA;AAAA,MACP,gGACkC,OAAO,CAAA,kBAAA,CAAA;AAAA,MACzC;AAAA,KACF;AAAA,EACF;AACA,EAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,SAAS,MAAA,EAAQ,GAAA,IAAO,GAAG,CAAA;AACpD;;;ACvQO,SAAS,UAAU,OAAA,EAA2B;AACnD,EAAA,MAAM,EAAE,GAAA,EAAK,QAAA,EAAU,SAAA,EAAU,GAAI,OAAA;AAErC,EAAA,OAAO,OAAO,GAAY,IAAA,KAAe;AACvC,IAAA,MAAM,EAAA,GAAM,EAAE,GAAA,EAAa,QAAA;AAC3B,IAAA,IAAI,CAAC,EAAA,EAAI;AAEP,MAAA,OAAO,MAAM,IAAA,EAAK;AAAA,IACpB;AAEA,IAAA,MAAM,EAAA,GAAK,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,kBAAkB,KAAK,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,iBAAiB,CAAA,IAAK,SAAA;AAClF,IAAA,MAAM,GAAA,GAAM,CAAA,UAAA,EAAa,SAAS,CAAA,CAAA,EAAI,EAAE,CAAA,CAAA;AAExC,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,MAAA,MAAM,MAAA,GAAS,MAAM,EAAA,CAAG,GAAA,CAAI,KAAK,MAAM,CAAA;AAEvC,MAAA,IAAI,KAAA;AACJ,MAAA,IAAI,MAAA,IAAU,MAAA,CAAO,OAAA,GAAU,GAAA,EAAK;AAClC,QAAA,KAAA,GAAQ,MAAA;AAAA,MACV,CAAA,MAAO;AACL,QAAA,KAAA,GAAQ,EAAE,KAAA,EAAO,CAAA,EAAG,OAAA,EAAS,MAAM,QAAA,EAAS;AAAA,MAC9C;AAEA,MAAA,KAAA,CAAM,KAAA,EAAA;AAGN,MAAA,MAAM,aAAa,IAAA,CAAK,IAAA,CAAA,CAAM,KAAA,CAAM,OAAA,GAAU,OAAO,GAAI,CAAA;AAEzD,MAAA,IAAI,KAAA,CAAM,QAAQ,GAAA,EAAK;AAErB,QAAA,MAAM,EAAA,CAAG,GAAA,CAAI,GAAA,EAAK,IAAA,CAAK,UAAU,KAAK,CAAA,EAAG,EAAE,aAAA,EAAe,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,CAAC,GAAG,CAAA;AAEnF,QAAA,MAAM,aAAa,IAAA,CAAK,IAAA,CAAA,CAAM,KAAA,CAAM,OAAA,GAAU,OAAO,GAAI,CAAA;AACzD,QAAA,CAAA,CAAE,MAAA,CAAO,aAAA,EAAe,MAAA,CAAO,UAAU,CAAC,CAAA;AAC1C,QAAA,CAAA,CAAE,MAAA,CAAO,mBAAA,EAAqB,MAAA,CAAO,GAAG,CAAC,CAAA;AACzC,QAAA,CAAA,CAAE,MAAA,CAAO,yBAAyB,GAAG,CAAA;AACrC,QAAA,CAAA,CAAE,MAAA,CAAO,qBAAqB,MAAA,CAAO,IAAA,CAAK,KAAK,KAAA,CAAM,OAAA,GAAU,GAAI,CAAC,CAAC,CAAA;AACrE,QAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,4CAAA,IAAgD,GAAG,CAAA;AAAA,MAC5E;AAEA,MAAA,MAAM,EAAA,CAAG,GAAA,CAAI,GAAA,EAAK,IAAA,CAAK,UAAU,KAAK,CAAA,EAAG,EAAE,aAAA,EAAe,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,CAAC,GAAG,CAAA;AAEnF,MAAA,CAAA,CAAE,MAAA,CAAO,mBAAA,EAAqB,MAAA,CAAO,GAAG,CAAC,CAAA;AACzC,MAAA,CAAA,CAAE,OAAO,uBAAA,EAAyB,MAAA,CAAO,GAAA,GAAM,KAAA,CAAM,KAAK,CAAC,CAAA;AAC3D,MAAA,CAAA,CAAE,MAAA,CAAO,qBAAqB,MAAA,CAAO,IAAA,CAAK,KAAK,KAAA,CAAM,OAAA,GAAU,GAAI,CAAC,CAAC,CAAA;AAErE,MAAA,OAAO,MAAM,IAAA,EAAK;AAAA,IACpB,SAAS,KAAA,EAAO;AAEd,MAAA,OAAA,CAAQ,KAAA,CAAM,mCAAmC,KAAK,CAAA;AACtD,MAAA,OAAO,MAAM,IAAA,EAAK;AAAA,IACpB;AAAA,EACF,CAAA;AACF;;;AChEO,IAAM,4BAA4B,MAAM;AAC7C,EAAA,OAAO,OAAO,GAAY,IAAA,KAAe;AACvC,IAAA,MAAM,IAAA,EAAK;AAEX,IAAA,CAAA,CAAE,MAAA,CAAO,0BAA0B,SAAS,CAAA;AAC5C,IAAA,CAAA,CAAE,MAAA,CAAO,mBAAmB,YAAY,CAAA;AACxC,IAAA,CAAA,CAAE,MAAA,CAAO,mBAAmB,iCAAiC,CAAA;AAC7D,IAAA,CAAA,CAAE,MAAA,CAAO,sBAAsB,0CAA0C,CAAA;AAGzE,IAAA,MAAM,WAAA,GAAe,EAAE,GAAA,EAAa,WAAA;AACpC,IAAA,IAAI,gBAAgB,aAAA,EAAe;AACjC,MAAA,CAAA,CAAE,MAAA,CAAO,6BAA6B,qCAAqC,CAAA;AAAA,IAC7E;AAAA,EACF,CAAA;AACF;;;ACWO,IAAM,oBAAyB,MAAM,OAAO,EAAA,EAAS,IAAA,KAAc,MAAM,IAAA;AACzE,IAAM,4BAAiC,MAAM,OAAO,EAAA,EAAS,IAAA,KAAc,MAAM,IAAA;AACjF,IAAM,4BAAiC,MAAM,OAAO,EAAA,EAAS,IAAA,KAAc,MAAM,IAAA;AACjF,IAAM,+BAAoC,MAAM,OAAO,EAAA,EAAS,IAAA,KAAc,MAAM,IAAA;AACpF,IAAM,eAAoB,MAAM,OAAO,EAAA,EAAS,IAAA,KAAc,MAAM,IAAA;AACpE,IAAM,qBAAA,GAA6B,OAAO,EAAA,EAAS,IAAA,KAAc,MAAM,IAAA;AAIvE,IAAM,oBAAyB;AAC/B,IAAM,oBAAyB,MAAM,OAAO,EAAA,EAAS,IAAA,KAAc,MAAM,IAAA;AACzE,IAAM,uBAA4B,MAAM,OAAO,EAAA,EAAS,IAAA,KAAc,MAAM,IAAA;AAC5E,IAAM,cAAmB,MAAM;AAAC;AAChC,IAAM,sBAA2B,MAAM,OAAO,EAAA,EAAS,IAAA,KAAc,MAAM,IAAA;AAC3E,IAAM,uBAA4B,MAAM,OAAO,EAAA,EAAS,IAAA,KAAc,MAAM,IAAA;AAC5E,IAAM,gBAAA,GAAwB,MAAM;AACpC,IAAM,iBAAsB,MAAM","file":"chunk-25YNV4RK.js","sourcesContent":["import { Context, Next } from \"hono\";\nimport { syncCollections } from \"../services/collection-sync\";\nimport { MigrationService } from \"../services/migrations\";\nimport { PluginBootstrapService } from \"../services/plugin-bootstrap\";\nimport type { SonicJSConfig } from \"../app\";\n\ntype Bindings = {\n DB: D1Database;\n KV: KVNamespace;\n JWT_SECRET?: string;\n CORS_ORIGINS?: string;\n ENVIRONMENT?: string;\n};\n\n// Track if bootstrap has been run in this worker instance\nlet bootstrapComplete = false;\n\n/**\n * Verify security-critical environment configuration at startup.\n * Logs warnings in development, throws in production to prevent\n * insecure deployments from silently running.\n */\nexport function verifySecurityConfig(env: Bindings): void {\n const warnings: string[] = [];\n\n // Check JWT secret\n if (!env.JWT_SECRET) {\n warnings.push(\n \"JWT_SECRET is not set — using hardcoded fallback. Set via `wrangler secret put JWT_SECRET`\"\n );\n } else if (env.JWT_SECRET.includes(\"change-in-production\")) {\n warnings.push(\n \"JWT_SECRET contains the default value — tokens are forgeable. Generate a strong random secret\"\n );\n }\n\n // Check CORS origins\n if (!env.CORS_ORIGINS) {\n warnings.push(\n \"CORS_ORIGINS is not set — all cross-origin API requests will be rejected\"\n );\n }\n\n // Check environment designation\n if (!env.ENVIRONMENT) {\n warnings.push(\n \"ENVIRONMENT is not set — HSTS header will not be applied. Set to \\\"production\\\" or \\\"development\\\"\"\n );\n }\n\n if (warnings.length === 0) {\n return;\n }\n\n const isProduction = env.ENVIRONMENT === \"production\";\n\n for (const warning of warnings) {\n console.warn(`[SonicJS Security] ${warning}`);\n }\n\n if (isProduction) {\n // In production, a missing or default JWT_SECRET is a hard failure —\n // every token issued would be forgeable by anyone reading the source code.\n const hasCritical =\n !env.JWT_SECRET || env.JWT_SECRET.includes(\"change-in-production\");\n if (hasCritical) {\n throw new Error(\n \"[SonicJS Security] CRITICAL: Production deployment is missing a secure JWT_SECRET. \" +\n \"Set it via `wrangler secret put JWT_SECRET` before deploying.\"\n );\n }\n }\n}\n\n/**\n * Bootstrap middleware that ensures system initialization\n * Runs once per worker instance\n */\nexport function bootstrapMiddleware(config: SonicJSConfig = {}) {\n return async (c: Context<{ Bindings: Bindings }>, next: Next) => {\n // Skip if already bootstrapped in this worker instance\n if (bootstrapComplete) {\n return next();\n }\n\n // Skip bootstrap for static assets and health checks\n const path = c.req.path;\n if (\n path.startsWith(\"/images/\") ||\n path.startsWith(\"/assets/\") ||\n path === \"/health\" ||\n path.endsWith(\".js\") ||\n path.endsWith(\".css\") ||\n path.endsWith(\".png\") ||\n path.endsWith(\".jpg\") ||\n path.endsWith(\".ico\")\n ) {\n return next();\n }\n\n try {\n console.log(\"[Bootstrap] Starting system initialization...\");\n\n // 1. Run database migrations first\n console.log(\"[Bootstrap] Running database migrations...\");\n const migrationService = new MigrationService(c.env.DB);\n await migrationService.runPendingMigrations();\n\n // 2. Sync collection configurations\n console.log(\"[Bootstrap] Syncing collection configurations...\");\n try {\n await syncCollections(c.env.DB);\n } catch (error) {\n console.error(\"[Bootstrap] Error syncing collections:\", error);\n // Continue bootstrap even if collection sync fails\n }\n\n // 3. Bootstrap core plugins (unless disableAll is set)\n if (!config.plugins?.disableAll) {\n console.log(\"[Bootstrap] Bootstrapping core plugins...\");\n const bootstrapService = new PluginBootstrapService(c.env.DB);\n\n // Check if bootstrap is needed\n const needsBootstrap = await bootstrapService.isBootstrapNeeded();\n if (needsBootstrap) {\n await bootstrapService.bootstrapCorePlugins();\n }\n } else {\n console.log(\"[Bootstrap] Plugin bootstrap skipped (disableAll is true)\");\n }\n\n // Mark bootstrap as complete for this worker instance\n bootstrapComplete = true;\n console.log(\"[Bootstrap] System initialization completed\");\n } catch (error) {\n console.error(\"[Bootstrap] Error during system initialization:\", error);\n // Don't prevent the app from starting, but log the error\n }\n\n // 4. Verify security configuration (outside try/catch so critical\n // errors in production propagate and prevent insecure deployments)\n verifySecurityConfig(c.env as Bindings);\n\n return next();\n };\n}\n\n/**\n * Reset bootstrap flag (useful for testing)\n */\nexport function resetBootstrap() {\n bootstrapComplete = false;\n}\n","import { sign, verify } from 'hono/jwt'\nimport { Context, Next } from 'hono'\nimport { getCookie, setCookie } from 'hono/cookie'\n\ntype JWTPayload = {\n userId: string\n email: string\n role: string\n exp: number\n iat: number\n}\n\n// Fallback JWT secret for local development only (no wrangler secret set)\nconst JWT_SECRET_FALLBACK = 'your-super-secret-jwt-key-change-in-production'\n\nexport class AuthManager {\n static async generateToken(userId: string, email: string, role: string, secret?: string): Promise<string> {\n const payload: JWTPayload = {\n userId,\n email,\n role,\n exp: Math.floor(Date.now() / 1000) + (60 * 60 * 24), // 24 hours\n iat: Math.floor(Date.now() / 1000)\n }\n\n return await sign(payload, secret || JWT_SECRET_FALLBACK, 'HS256')\n }\n\n static async verifyToken(token: string, secret?: string): Promise<JWTPayload | null> {\n try {\n const payload = await verify(token, secret || JWT_SECRET_FALLBACK, 'HS256') as JWTPayload\n \n // Check if token is expired\n if (payload.exp < Math.floor(Date.now() / 1000)) {\n return null\n }\n \n return payload\n } catch (error) {\n console.error('Token verification failed:', error)\n return null\n }\n }\n\n static async hashPassword(password: string): Promise<string> {\n const iterations = 100000\n const salt = new Uint8Array(16)\n crypto.getRandomValues(salt)\n\n const encoder = new TextEncoder()\n const keyMaterial = await crypto.subtle.importKey(\n 'raw',\n encoder.encode(password),\n 'PBKDF2',\n false,\n ['deriveBits']\n )\n\n const hashBuffer = await crypto.subtle.deriveBits(\n {\n name: 'PBKDF2',\n salt,\n iterations,\n hash: 'SHA-256'\n },\n keyMaterial,\n 256\n )\n\n const saltHex = Array.from(salt).map(b => b.toString(16).padStart(2, '0')).join('')\n const hashHex = Array.from(new Uint8Array(hashBuffer)).map(b => b.toString(16).padStart(2, '0')).join('')\n\n return `pbkdf2:${iterations}:${saltHex}:${hashHex}`\n }\n\n static async hashPasswordLegacy(password: string): Promise<string> {\n const encoder = new TextEncoder()\n const data = encoder.encode(password + 'salt-change-in-production')\n const hashBuffer = await crypto.subtle.digest('SHA-256', data)\n const hashArray = Array.from(new Uint8Array(hashBuffer))\n return hashArray.map(b => b.toString(16).padStart(2, '0')).join('')\n }\n\n static async verifyPassword(password: string, storedHash: string): Promise<boolean> {\n if (storedHash.startsWith('pbkdf2:')) {\n // PBKDF2 format: pbkdf2:<iterations>:<salt_hex>:<hash_hex>\n const parts = storedHash.split(':')\n if (parts.length !== 4) return false\n\n const iterationsStr = parts[1]!\n const saltHex = parts[2]!\n const expectedHashHex = parts[3]!\n const iterations = parseInt(iterationsStr, 10)\n\n const saltBytes = saltHex.match(/.{2}/g)\n if (!saltBytes) return false\n const salt = new Uint8Array(saltBytes.map(byte => parseInt(byte, 16)))\n\n const encoder = new TextEncoder()\n const keyMaterial = await crypto.subtle.importKey(\n 'raw',\n encoder.encode(password),\n 'PBKDF2',\n false,\n ['deriveBits']\n )\n\n const hashBuffer = await crypto.subtle.deriveBits(\n {\n name: 'PBKDF2',\n salt,\n iterations,\n hash: 'SHA-256'\n },\n keyMaterial,\n 256\n )\n\n const actualHashHex = Array.from(new Uint8Array(hashBuffer)).map(b => b.toString(16).padStart(2, '0')).join('')\n\n // Constant-time comparison\n if (actualHashHex.length !== expectedHashHex.length) return false\n let result = 0\n for (let i = 0; i < actualHashHex.length; i++) {\n result |= actualHashHex.charCodeAt(i) ^ expectedHashHex.charCodeAt(i)\n }\n return result === 0\n }\n\n // Legacy SHA-256 format (no colons in hash)\n const legacyHash = await this.hashPasswordLegacy(password)\n // Constant-time comparison for legacy too\n if (legacyHash.length !== storedHash.length) return false\n let result = 0\n for (let i = 0; i < legacyHash.length; i++) {\n result |= legacyHash.charCodeAt(i) ^ storedHash.charCodeAt(i)\n }\n return result === 0\n }\n\n static isLegacyHash(storedHash: string): boolean {\n return !storedHash.startsWith('pbkdf2:')\n }\n\n /**\n * Set authentication cookie - useful for plugins implementing alternative auth methods\n * @param c - Hono context\n * @param token - JWT token to set in cookie\n * @param options - Optional cookie configuration\n */\n static setAuthCookie(c: Context, token: string, options?: {\n maxAge?: number\n secure?: boolean\n httpOnly?: boolean\n sameSite?: 'Strict' | 'Lax' | 'None'\n }): void {\n setCookie(c, 'auth_token', token, {\n httpOnly: options?.httpOnly ?? true,\n secure: options?.secure ?? true,\n sameSite: options?.sameSite ?? 'Strict',\n maxAge: options?.maxAge ?? (60 * 60 * 24) // 24 hours default\n })\n }\n}\n\n// Middleware to require authentication\nexport const requireAuth = () => {\n return async (c: Context, next: Next) => {\n try {\n // Try to get token from Authorization header\n let token = c.req.header('Authorization')?.replace('Bearer ', '')\n\n // If no header token, try cookie\n if (!token) {\n token = getCookie(c, 'auth_token')\n }\n\n if (!token) {\n // Check if this is a browser request (HTML accept header)\n const acceptHeader = c.req.header('Accept') || ''\n if (acceptHeader.includes('text/html')) {\n return c.redirect('/auth/login?error=Please login to access the admin area')\n }\n return c.json({ error: 'Authentication required' }, 401)\n }\n\n // Try to get cached token verification from KV\n const kv = c.env?.KV\n let payload: JWTPayload | null = null\n\n if (kv) {\n const cacheKey = `auth:${token.substring(0, 20)}` // Use token prefix as key\n const cached = await kv.get(cacheKey, 'json')\n if (cached) {\n payload = cached as JWTPayload\n }\n }\n\n // If not cached, verify token\n if (!payload) {\n const jwtSecret = (c.env as any)?.JWT_SECRET\n payload = await AuthManager.verifyToken(token, jwtSecret)\n\n // Cache the verified payload for 5 minutes\n if (payload && kv) {\n const cacheKey = `auth:${token.substring(0, 20)}`\n await kv.put(cacheKey, JSON.stringify(payload), { expirationTtl: 300 })\n }\n }\n\n if (!payload) {\n // Check if this is a browser request (HTML accept header)\n const acceptHeader = c.req.header('Accept') || ''\n if (acceptHeader.includes('text/html')) {\n return c.redirect('/auth/login?error=Your session has expired, please login again')\n }\n return c.json({ error: 'Invalid or expired token' }, 401)\n }\n\n // Add user info to context\n c.set('user', payload)\n\n return await next()\n } catch (error) {\n console.error('Auth middleware error:', error)\n // Check if this is a browser request (HTML accept header)\n const acceptHeader = c.req.header('Accept') || ''\n if (acceptHeader.includes('text/html')) {\n return c.redirect('/auth/login?error=Authentication failed, please login again')\n }\n return c.json({ error: 'Authentication failed' }, 401)\n }\n }\n}\n\n// Middleware to require specific role\nexport const requireRole = (requiredRole: string | string[]) => {\n return async (c: Context, next: Next) => {\n const user = c.get('user') as JWTPayload\n \n if (!user) {\n // Check if this is a browser request (HTML accept header)\n const acceptHeader = c.req.header('Accept') || ''\n if (acceptHeader.includes('text/html')) {\n return c.redirect('/auth/login?error=Please login to access the admin area')\n }\n return c.json({ error: 'Authentication required' }, 401)\n }\n \n const roles = Array.isArray(requiredRole) ? requiredRole : [requiredRole]\n \n if (!roles.includes(user.role)) {\n // Check if this is a browser request (HTML accept header)\n const acceptHeader = c.req.header('Accept') || ''\n if (acceptHeader.includes('text/html')) {\n return c.redirect('/auth/login?error=You do not have permission to access this area')\n }\n return c.json({ error: 'Insufficient permissions' }, 403)\n }\n \n return await next()\n }\n}\n\n// Optional auth middleware (doesn't block if no token)\nexport const optionalAuth = () => {\n return async (c: Context, next: Next) => {\n try {\n let token = c.req.header('Authorization')?.replace('Bearer ', '')\n \n if (!token) {\n token = getCookie(c, 'auth_token')\n }\n \n if (token) {\n const jwtSecret = (c.env as any)?.JWT_SECRET\n const payload = await AuthManager.verifyToken(token, jwtSecret)\n if (payload) {\n c.set('user', payload)\n }\n }\n \n return await next()\n } catch (error) {\n // Don't block on auth errors in optional auth\n console.error('Optional auth error:', error)\n return await next()\n }\n }\n}\n","import { MiddlewareHandler } from 'hono'\nimport { metricsTracker } from '../utils/metrics'\n\n/**\n * Middleware to track all HTTP requests for real-time analytics\n * Excludes the metrics endpoint itself to avoid inflating the count\n */\nexport const metricsMiddleware = (): MiddlewareHandler => {\n return async (c, next) => {\n const path = new URL(c.req.url).pathname\n\n // Don't track the metrics endpoint itself to avoid self-inflating counts\n if (path !== '/admin/dashboard/api/metrics') {\n metricsTracker.recordRequest()\n }\n\n // Continue with the request\n await next()\n }\n}\n","/**\n * CSRF Protection Middleware — Signed Double-Submit Cookie\n *\n * Stateless CSRF protection for Cloudflare Workers (no session store needed).\n * Token format: `<nonce>.<hmac>` where HMAC-SHA256 is keyed with JWT_SECRET.\n *\n * Flow:\n * GET — ensureCsrfCookie(): reuse existing valid cookie or set a new one\n * POST/PUT/DELETE/PATCH — validate X-CSRF-Token header === csrf_token cookie, HMAC valid\n *\n * Exempt:\n * - Safe methods (GET, HEAD, OPTIONS)\n * - Auth routes that create sessions (/auth/login*, /auth/register*, etc.)\n * - Public form submissions (/forms/*, /api/forms/*) — NOT /admin/forms/*\n * - Requests with no auth_token cookie (Bearer-only or API-key-only)\n */\n\nimport type { Context, Next } from 'hono'\nimport { getCookie, setCookie } from 'hono/cookie'\n\n// Fallback secret — mirrors auth.ts behavior for local dev without wrangler secret\nconst JWT_SECRET_FALLBACK = 'your-super-secret-jwt-key-change-in-production'\n\n// ============================================================================\n// Helpers\n// ============================================================================\n\n/** Convert ArrayBuffer to URL-safe base64 (no padding). */\nexport function arrayBufferToBase64Url(buffer: ArrayBuffer): string {\n const bytes = new Uint8Array(buffer)\n let binary = ''\n for (let i = 0; i < bytes.length; i++) {\n binary += String.fromCharCode(bytes[i]!)\n }\n return btoa(binary).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '')\n}\n\n/** Import a string key for HMAC-SHA256. */\nasync function getHmacKey(secret: string): Promise<CryptoKey> {\n const encoder = new TextEncoder()\n return crypto.subtle.importKey(\n 'raw',\n encoder.encode(secret),\n { name: 'HMAC', hash: 'SHA-256' },\n false,\n ['sign', 'verify']\n )\n}\n\n// ============================================================================\n// Token Generation & Validation\n// ============================================================================\n\n/**\n * Generate a signed CSRF token: `<nonce>.<hmac_signature>`\n * - nonce = 32 random bytes, base64url-encoded\n * - signature = HMAC-SHA256(nonce, secret), base64url-encoded\n */\nexport async function generateCsrfToken(secret: string): Promise<string> {\n const nonceBytes = new Uint8Array(32)\n crypto.getRandomValues(nonceBytes)\n const nonce = arrayBufferToBase64Url(nonceBytes.buffer)\n\n const key = await getHmacKey(secret)\n const encoder = new TextEncoder()\n const signatureBuffer = await crypto.subtle.sign('HMAC', key, encoder.encode(nonce))\n const signature = arrayBufferToBase64Url(signatureBuffer)\n\n return `${nonce}.${signature}`\n}\n\n/**\n * Validate a signed CSRF token.\n *\n * Checks that the token has the correct `<nonce>.<signature>` format and that\n * the HMAC signature is valid for the given secret. Uses crypto.subtle.verify\n * which provides constant-time comparison.\n *\n * NOTE: No expiry check here — by design. The security property of signed\n * double-submit comes from the unpredictability of the nonce + the\n * secret-bound HMAC, not from time-bounding. The cookie's maxAge (86400s)\n * handles expiry at the browser level.\n */\nexport async function validateCsrfToken(token: string, secret: string): Promise<boolean> {\n if (!token || typeof token !== 'string') return false\n\n const dotIndex = token.indexOf('.')\n if (dotIndex === -1) return false\n\n const nonce = token.substring(0, dotIndex)\n const signature = token.substring(dotIndex + 1)\n\n if (!nonce || !signature) return false\n\n try {\n const key = await getHmacKey(secret)\n const encoder = new TextEncoder()\n\n // Decode the signature from base64url\n const sigPadded = signature.replace(/-/g, '+').replace(/_/g, '/')\n const sigBinary = atob(sigPadded)\n const sigBytes = new Uint8Array(sigBinary.length)\n for (let i = 0; i < sigBinary.length; i++) {\n sigBytes[i] = sigBinary.charCodeAt(i)\n }\n\n // crypto.subtle.verify is constant-time\n return await crypto.subtle.verify('HMAC', key, sigBytes.buffer, encoder.encode(nonce))\n } catch {\n return false\n }\n}\n\n// ============================================================================\n// Default Exempt Paths\n// ============================================================================\n\nconst DEFAULT_EXEMPT_PATHS = [\n '/auth/login',\n '/auth/register',\n '/auth/seed-admin',\n '/auth/accept-invitation',\n '/auth/reset-password',\n '/auth/request-password-reset',\n]\n\n/**\n * Check whether a request path is exempt from CSRF validation.\n * - Exact match or startsWith for auth routes (e.g. /auth/login/form)\n * - /forms/* and /api/forms/* are exempt (public submissions)\n * - /api/search* is exempt (read-only POST for complex query params)\n * - /admin/forms/* is NOT exempt\n */\nfunction isExemptPath(path: string, extraExemptPaths: string[] = []): boolean {\n // Public form routes — NOT /admin/forms/*\n if (path.startsWith('/forms/') || path.startsWith('/api/forms/') || path === '/forms' || path === '/api/forms') {\n return true\n }\n\n // Search API — read-only POST (includes /api/search/click, /api/search/facet-click)\n if (path.startsWith('/api/search')) {\n return true\n }\n\n const allExempt = [...DEFAULT_EXEMPT_PATHS, ...extraExemptPaths]\n for (const exempt of allExempt) {\n if (path === exempt || path.startsWith(exempt + '/')) {\n return true\n }\n }\n\n return false\n}\n\n// ============================================================================\n// Middleware\n// ============================================================================\n\nexport interface CsrfOptions {\n /** Additional paths to exempt from CSRF validation. */\n exemptPaths?: string[]\n}\n\n/**\n * CSRF protection middleware (Signed Double-Submit Cookie).\n *\n * - GET/HEAD/OPTIONS: ensure a valid csrf_token cookie exists\n * - POST/PUT/DELETE/PATCH: validate X-CSRF-Token header matches cookie, HMAC valid\n * - Exempt: auth routes, public /forms/*, Bearer-only, API-key-only\n */\nexport function csrfProtection(options: CsrfOptions = {}) {\n return async (c: Context, next: Next): Promise<Response | void> => {\n const method = c.req.method.toUpperCase()\n const path = new URL(c.req.url).pathname\n const secret = c.env?.JWT_SECRET || JWT_SECRET_FALLBACK\n\n // Warn if using fallback secret in production\n if (c.env?.ENVIRONMENT === 'production' && !c.env?.JWT_SECRET) {\n console.warn(\n '[CSRF] WARNING: JWT_SECRET is not set in production. ' +\n 'CSRF tokens are signed with the fallback key, which is insecure.'\n )\n }\n\n // Safe methods — just ensure cookie, then pass through\n if (method === 'GET' || method === 'HEAD' || method === 'OPTIONS') {\n await ensureCsrfCookie(c, secret)\n await next()\n return\n }\n\n // Exempt paths — pass through without validation\n if (isExemptPath(path, options.exemptPaths)) {\n await next()\n return\n }\n\n // Bearer-only or API-key-only requests (no auth_token cookie) — exempt\n const authCookie = getCookie(c, 'auth_token')\n if (!authCookie) {\n await next()\n return\n }\n\n // State-changing request with cookie auth — validate CSRF\n const cookieToken = getCookie(c, 'csrf_token')\n let headerToken = c.req.header('X-CSRF-Token')\n\n // Fallback: check _csrf field in form-encoded body (regular HTML form submissions)\n if (!headerToken) {\n const contentType = c.req.header('Content-Type') || ''\n if (contentType.includes('application/x-www-form-urlencoded') || contentType.includes('multipart/form-data')) {\n try {\n const body = await c.req.parseBody()\n headerToken = body['_csrf'] as string | undefined\n } catch {\n // Body not parseable — leave headerToken undefined\n }\n }\n }\n\n if (!cookieToken || !headerToken) {\n return csrfError(c, 'CSRF token missing')\n }\n\n if (cookieToken !== headerToken) {\n return csrfError(c, 'CSRF token mismatch')\n }\n\n const isValid = await validateCsrfToken(cookieToken, secret)\n if (!isValid) {\n return csrfError(c, 'CSRF token invalid')\n }\n\n await next()\n }\n}\n\n/**\n * Ensure a valid CSRF cookie exists. Check-then-reuse: if the existing cookie\n * has a valid HMAC signature, reuse it (no new Set-Cookie header). Only\n * generate a fresh token when the cookie is missing or has an invalid signature.\n */\nasync function ensureCsrfCookie(c: Context, secret: string): Promise<void> {\n const existing = getCookie(c, 'csrf_token')\n\n if (existing) {\n const isValid = await validateCsrfToken(existing, secret)\n if (isValid) {\n // Reuse existing valid token — no Set-Cookie needed\n c.set('csrfToken', existing)\n return\n }\n }\n\n // Generate fresh token\n const token = await generateCsrfToken(secret)\n c.set('csrfToken', token)\n\n const isDev = c.env?.ENVIRONMENT === 'development' || !c.env?.ENVIRONMENT\n setCookie(c, 'csrf_token', token, {\n httpOnly: false, // JS must read this cookie\n secure: !isDev,\n sameSite: 'Strict',\n path: '/',\n maxAge: 86400, // 24 hours — browser-side expiry\n })\n}\n\n/** Return a 403 CSRF error — HTML for browser requests, JSON for API. */\nfunction csrfError(c: Context, message: string): Response {\n const accept = c.req.header('Accept') || ''\n if (accept.includes('text/html')) {\n return c.html(\n `<!DOCTYPE html><html><head><title>403 Forbidden</title></head>` +\n `<body><h1>403 Forbidden</h1><p>${message}</p></body></html>`,\n 403\n )\n }\n return c.json({ error: message, status: 403 }, 403)\n}\n","import { Context, Next } from 'hono'\n\ninterface RateLimitOptions {\n max: number\n windowMs: number\n keyPrefix: string\n}\n\ninterface RateLimitEntry {\n count: number\n resetAt: number\n}\n\n/**\n * KV-based sliding window rate limiter middleware.\n * Gracefully skips if CACHE_KV binding is not available.\n */\nexport function rateLimit(options: RateLimitOptions) {\n const { max, windowMs, keyPrefix } = options\n\n return async (c: Context, next: Next) => {\n const kv = (c.env as any)?.CACHE_KV\n if (!kv) {\n // No KV binding available — skip rate limiting\n return await next()\n }\n\n const ip = c.req.header('cf-connecting-ip') || c.req.header('x-forwarded-for') || 'unknown'\n const key = `ratelimit:${keyPrefix}:${ip}`\n\n try {\n const now = Date.now()\n const stored = await kv.get(key, 'json') as RateLimitEntry | null\n\n let entry: RateLimitEntry\n if (stored && stored.resetAt > now) {\n entry = stored\n } else {\n entry = { count: 0, resetAt: now + windowMs }\n }\n\n entry.count++\n\n // Calculate TTL in seconds (KV expiration)\n const ttlSeconds = Math.ceil((entry.resetAt - now) / 1000)\n\n if (entry.count > max) {\n // Store the updated count even when rejecting\n await kv.put(key, JSON.stringify(entry), { expirationTtl: Math.max(ttlSeconds, 1) })\n\n const retryAfter = Math.ceil((entry.resetAt - now) / 1000)\n c.header('Retry-After', String(retryAfter))\n c.header('X-RateLimit-Limit', String(max))\n c.header('X-RateLimit-Remaining', '0')\n c.header('X-RateLimit-Reset', String(Math.ceil(entry.resetAt / 1000)))\n return c.json({ error: 'Too many requests. Please try again later.' }, 429)\n }\n\n await kv.put(key, JSON.stringify(entry), { expirationTtl: Math.max(ttlSeconds, 1) })\n\n c.header('X-RateLimit-Limit', String(max))\n c.header('X-RateLimit-Remaining', String(max - entry.count))\n c.header('X-RateLimit-Reset', String(Math.ceil(entry.resetAt / 1000)))\n\n return await next()\n } catch (error) {\n // Rate limiting should never break the app\n console.error('Rate limiter error (non-fatal):', error)\n return await next()\n }\n }\n}\n","import { Context, Next } from 'hono'\n\n/**\n * Security headers middleware.\n * Sets standard security headers on every response.\n * Skips HSTS in development to avoid local dev issues.\n */\nexport const securityHeadersMiddleware = () => {\n return async (c: Context, next: Next) => {\n await next()\n\n c.header('X-Content-Type-Options', 'nosniff')\n c.header('X-Frame-Options', 'SAMEORIGIN')\n c.header('Referrer-Policy', 'strict-origin-when-cross-origin')\n c.header('Permissions-Policy', 'camera=(), microphone=(), geolocation=()')\n\n // Only set HSTS in non-development environments\n const environment = (c.env as any)?.ENVIRONMENT\n if (environment !== 'development') {\n c.header('Strict-Transport-Security', 'max-age=31536000; includeSubDomains')\n }\n }\n}\n","/**\n * Middleware Module Exports\n *\n * Request processing middleware for SonicJS\n *\n * Note: Most middleware is currently in the monolith and will be migrated later.\n * For now, we only export the bootstrap middleware which is used for system initialization.\n */\n\n// Bootstrap middleware\nexport { bootstrapMiddleware, verifySecurityConfig } from './bootstrap'\n\n// Auth middleware\nexport { AuthManager, requireAuth, requireRole, optionalAuth } from './auth'\n\n// Metrics middleware\nexport { metricsMiddleware } from './metrics'\n\n// CSRF protection middleware\nexport { csrfProtection, generateCsrfToken, validateCsrfToken } from './csrf'\n\n// Rate limiting middleware\nexport { rateLimit } from './rate-limit'\n\n// Re-export types and functions that are referenced but implemented in monolith\n// These are placeholder exports to maintain API compatibility\nexport type Permission = string\nexport type UserPermissions = {\n userId: string\n permissions: Permission[]\n}\n\n// Middleware stubs - these return pass-through middleware that call next()\nexport const loggingMiddleware: any = () => async (_c: any, next: any) => await next()\nexport const detailedLoggingMiddleware: any = () => async (_c: any, next: any) => await next()\nexport const securityLoggingMiddleware: any = () => async (_c: any, next: any) => await next()\nexport const performanceLoggingMiddleware: any = () => async (_c: any, next: any) => await next()\nexport const cacheHeaders: any = () => async (_c: any, next: any) => await next()\nexport const compressionMiddleware: any = async (_c: any, next: any) => await next()\nexport { securityHeadersMiddleware as securityHeaders } from './security-headers'\n\n// Other stubs\nexport const PermissionManager: any = {}\nexport const requirePermission: any = () => async (_c: any, next: any) => await next()\nexport const requireAnyPermission: any = () => async (_c: any, next: any) => await next()\nexport const logActivity: any = () => {}\nexport const requireActivePlugin: any = () => async (_c: any, next: any) => await next()\nexport const requireActivePlugins: any = () => async (_c: any, next: any) => await next()\nexport const getActivePlugins: any = () => []\nexport const isPluginActive: any = () => false\n"]}
1
+ {"version":3,"sources":["../src/middleware/bootstrap.ts","../src/middleware/auth.ts","../src/middleware/metrics.ts","../src/middleware/csrf.ts","../src/middleware/rate-limit.ts","../src/middleware/security-headers.ts","../src/middleware/index.ts"],"names":["result","JWT_SECRET_FALLBACK","getCookie","setCookie"],"mappings":";;;;;;;AAeA,IAAI,iBAAA,GAAoB,KAAA;AAOjB,SAAS,qBAAqB,GAAA,EAAqB;AACxD,EAAA,MAAM,WAAqB,EAAC;AAG5B,EAAA,IAAI,CAAC,IAAI,UAAA,EAAY;AACnB,IAAA,QAAA,CAAS,IAAA;AAAA,MACP;AAAA,KACF;AAAA,EACF,CAAA,MAAA,IAAW,GAAA,CAAI,UAAA,CAAW,QAAA,CAAS,sBAAsB,CAAA,EAAG;AAC1D,IAAA,QAAA,CAAS,IAAA;AAAA,MACP;AAAA,KACF;AAAA,EACF;AAGA,EAAA,IAAI,CAAC,IAAI,YAAA,EAAc;AACrB,IAAA,QAAA,CAAS,IAAA;AAAA,MACP;AAAA,KACF;AAAA,EACF;AAGA,EAAA,IAAI,CAAC,IAAI,WAAA,EAAa;AACpB,IAAA,QAAA,CAAS,IAAA;AAAA,MACP;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,QAAA,CAAS,WAAW,CAAA,EAAG;AACzB,IAAA;AAAA,EACF;AAEA,EAAA,MAAM,YAAA,GAAe,IAAI,WAAA,KAAgB,YAAA;AAEzC,EAAA,KAAA,MAAW,WAAW,QAAA,EAAU;AAC9B,IAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,mBAAA,EAAsB,OAAO,CAAA,CAAE,CAAA;AAAA,EAC9C;AAEA,EAAA,IAAI,YAAA,EAAc;AAGhB,IAAA,MAAM,cACJ,CAAC,GAAA,CAAI,cAAc,GAAA,CAAI,UAAA,CAAW,SAAS,sBAAsB,CAAA;AACnE,IAAA,IAAI,WAAA,EAAa;AACf,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OAEF;AAAA,IACF;AAAA,EACF;AACF;AAMO,SAAS,mBAAA,CAAoB,MAAA,GAAwB,EAAC,EAAG;AAC9D,EAAA,OAAO,OAAO,GAAoC,IAAA,KAAe;AAE/D,IAAA,IAAI,iBAAA,EAAmB;AACrB,MAAA,OAAO,IAAA,EAAK;AAAA,IACd;AAGA,IAAA,MAAM,IAAA,GAAO,EAAE,GAAA,CAAI,IAAA;AACnB,IAAA,IACE,IAAA,CAAK,UAAA,CAAW,UAAU,CAAA,IAC1B,IAAA,CAAK,UAAA,CAAW,UAAU,CAAA,IAC1B,IAAA,KAAS,SAAA,IACT,IAAA,CAAK,QAAA,CAAS,KAAK,CAAA,IACnB,IAAA,CAAK,QAAA,CAAS,MAAM,CAAA,IACpB,IAAA,CAAK,QAAA,CAAS,MAAM,CAAA,IACpB,IAAA,CAAK,QAAA,CAAS,MAAM,CAAA,IACpB,IAAA,CAAK,QAAA,CAAS,MAAM,CAAA,EACpB;AACA,MAAA,OAAO,IAAA,EAAK;AAAA,IACd;AAEA,IAAA,IAAI;AACF,MAAA,OAAA,CAAQ,IAAI,+CAA+C,CAAA;AAG3D,MAAA,OAAA,CAAQ,IAAI,4CAA4C,CAAA;AACxD,MAAA,MAAM,gBAAA,GAAmB,IAAI,gBAAA,CAAiB,CAAA,CAAE,IAAI,EAAE,CAAA;AACtD,MAAA,MAAM,iBAAiB,oBAAA,EAAqB;AAG5C,MAAA,OAAA,CAAQ,IAAI,kDAAkD,CAAA;AAC9D,MAAA,IAAI;AACF,QAAA,MAAM,eAAA,CAAgB,CAAA,CAAE,GAAA,CAAI,EAAE,CAAA;AAAA,MAChC,SAAS,KAAA,EAAO;AACd,QAAA,OAAA,CAAQ,KAAA,CAAM,0CAA0C,KAAK,CAAA;AAAA,MAE/D;AAGA,MAAA,IAAI,CAAC,MAAA,CAAO,OAAA,EAAS,UAAA,EAAY;AAC/B,QAAA,OAAA,CAAQ,IAAI,2CAA2C,CAAA;AACvD,QAAA,MAAM,gBAAA,GAAmB,IAAI,sBAAA,CAAuB,CAAA,CAAE,IAAI,EAAE,CAAA;AAG5D,QAAA,MAAM,cAAA,GAAiB,MAAM,gBAAA,CAAiB,iBAAA,EAAkB;AAChE,QAAA,IAAI,cAAA,EAAgB;AAClB,UAAA,MAAM,iBAAiB,oBAAA,EAAqB;AAAA,QAC9C;AAAA,MACF,CAAA,MAAO;AACL,QAAA,OAAA,CAAQ,IAAI,2DAA2D,CAAA;AAAA,MACzE;AAGA,MAAA,iBAAA,GAAoB,IAAA;AACpB,MAAA,OAAA,CAAQ,IAAI,6CAA6C,CAAA;AAAA,IAC3D,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,mDAAmD,KAAK,CAAA;AAAA,IAExE;AAIA,IAAA,oBAAA,CAAqB,EAAE,GAAe,CAAA;AAEtC,IAAA,OAAO,IAAA,EAAK;AAAA,EACd,CAAA;AACF;ACpIA,IAAM,mBAAA,GAAsB,gDAAA;AAErB,IAAM,cAAN,MAAkB;AAAA,EACvB,aAAa,aAAA,CAAc,MAAA,EAAgB,KAAA,EAAe,MAAc,MAAA,EAAkC;AACxG,IAAA,MAAM,OAAA,GAAsB;AAAA,MAC1B,MAAA;AAAA,MACA,KAAA;AAAA,MACA,IAAA;AAAA,MACA,GAAA,EAAK,KAAK,KAAA,CAAM,IAAA,CAAK,KAAI,GAAI,GAAI,CAAA,GAAK,EAAA,GAAK,EAAA,GAAK,EAAA;AAAA;AAAA,MAChD,KAAK,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI;AAAA,KACnC;AAEA,IAAA,OAAO,MAAM,IAAA,CAAK,OAAA,EAAS,MAAA,IAAU,qBAAqB,OAAO,CAAA;AAAA,EACnE;AAAA,EAEA,aAAa,WAAA,CAAY,KAAA,EAAe,MAAA,EAA6C;AACnF,IAAA,IAAI;AACF,MAAA,MAAM,UAAU,MAAM,MAAA,CAAO,KAAA,EAAO,MAAA,IAAU,qBAAqB,OAAO,CAAA;AAG1E,MAAA,IAAI,OAAA,CAAQ,MAAM,IAAA,CAAK,KAAA,CAAM,KAAK,GAAA,EAAI,GAAI,GAAI,CAAA,EAAG;AAC/C,QAAA,OAAO,IAAA;AAAA,MACT;AAEA,MAAA,OAAO,OAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,8BAA8B,KAAK,CAAA;AACjD,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA,EAEA,aAAa,aAAa,QAAA,EAAmC;AAC3D,IAAA,MAAM,UAAA,GAAa,GAAA;AACnB,IAAA,MAAM,IAAA,GAAO,IAAI,UAAA,CAAW,EAAE,CAAA;AAC9B,IAAA,MAAA,CAAO,gBAAgB,IAAI,CAAA;AAE3B,IAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,IAAA,MAAM,WAAA,GAAc,MAAM,MAAA,CAAO,MAAA,CAAO,SAAA;AAAA,MACtC,KAAA;AAAA,MACA,OAAA,CAAQ,OAAO,QAAQ,CAAA;AAAA,MACvB,QAAA;AAAA,MACA,KAAA;AAAA,MACA,CAAC,YAAY;AAAA,KACf;AAEA,IAAA,MAAM,UAAA,GAAa,MAAM,MAAA,CAAO,MAAA,CAAO,UAAA;AAAA,MACrC;AAAA,QACE,IAAA,EAAM,QAAA;AAAA,QACN,IAAA;AAAA,QACA,UAAA;AAAA,QACA,IAAA,EAAM;AAAA,OACR;AAAA,MACA,WAAA;AAAA,MACA;AAAA,KACF;AAEA,IAAA,MAAM,UAAU,KAAA,CAAM,IAAA,CAAK,IAAI,CAAA,CAAE,IAAI,CAAA,CAAA,KAAK,CAAA,CAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAAE,KAAK,EAAE,CAAA;AAClF,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,IAAI,WAAW,UAAU,CAAC,EAAE,GAAA,CAAI,CAAA,CAAA,KAAK,EAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAAE,KAAK,EAAE,CAAA;AAExG,IAAA,OAAO,CAAA,OAAA,EAAU,UAAU,CAAA,CAAA,EAAI,OAAO,IAAI,OAAO,CAAA,CAAA;AAAA,EACnD;AAAA,EAEA,aAAa,mBAAmB,QAAA,EAAmC;AACjE,IAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,IAAA,MAAM,IAAA,GAAO,OAAA,CAAQ,MAAA,CAAO,QAAA,GAAW,2BAA2B,CAAA;AAClE,IAAA,MAAM,aAAa,MAAM,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,WAAW,IAAI,CAAA;AAC7D,IAAA,MAAM,YAAY,KAAA,CAAM,IAAA,CAAK,IAAI,UAAA,CAAW,UAAU,CAAC,CAAA;AACvD,IAAA,OAAO,SAAA,CAAU,GAAA,CAAI,CAAA,CAAA,KAAK,CAAA,CAAE,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAAE,KAAK,EAAE,CAAA;AAAA,EACpE;AAAA,EAEA,aAAa,cAAA,CAAe,QAAA,EAAkB,UAAA,EAAsC;AAClF,IAAA,IAAI,UAAA,CAAW,UAAA,CAAW,SAAS,CAAA,EAAG;AAEpC,MAAA,MAAM,KAAA,GAAQ,UAAA,CAAW,KAAA,CAAM,GAAG,CAAA;AAClC,MAAA,IAAI,KAAA,CAAM,MAAA,KAAW,CAAA,EAAG,OAAO,KAAA;AAE/B,MAAA,MAAM,aAAA,GAAgB,MAAM,CAAC,CAAA;AAC7B,MAAA,MAAM,OAAA,GAAU,MAAM,CAAC,CAAA;AACvB,MAAA,MAAM,eAAA,GAAkB,MAAM,CAAC,CAAA;AAC/B,MAAA,MAAM,UAAA,GAAa,QAAA,CAAS,aAAA,EAAe,EAAE,CAAA;AAE7C,MAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,KAAA,CAAM,OAAO,CAAA;AACvC,MAAA,IAAI,CAAC,WAAW,OAAO,KAAA;AACvB,MAAA,MAAM,IAAA,GAAO,IAAI,UAAA,CAAW,SAAA,CAAU,GAAA,CAAI,UAAQ,QAAA,CAAS,IAAA,EAAM,EAAE,CAAC,CAAC,CAAA;AAErE,MAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,MAAA,MAAM,WAAA,GAAc,MAAM,MAAA,CAAO,MAAA,CAAO,SAAA;AAAA,QACtC,KAAA;AAAA,QACA,OAAA,CAAQ,OAAO,QAAQ,CAAA;AAAA,QACvB,QAAA;AAAA,QACA,KAAA;AAAA,QACA,CAAC,YAAY;AAAA,OACf;AAEA,MAAA,MAAM,UAAA,GAAa,MAAM,MAAA,CAAO,MAAA,CAAO,UAAA;AAAA,QACrC;AAAA,UACE,IAAA,EAAM,QAAA;AAAA,UACN,IAAA;AAAA,UACA,UAAA;AAAA,UACA,IAAA,EAAM;AAAA,SACR;AAAA,QACA,WAAA;AAAA,QACA;AAAA,OACF;AAEA,MAAA,MAAM,aAAA,GAAgB,MAAM,IAAA,CAAK,IAAI,WAAW,UAAU,CAAC,EAAE,GAAA,CAAI,CAAA,CAAA,KAAK,EAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAAE,KAAK,EAAE,CAAA;AAG9G,MAAA,IAAI,aAAA,CAAc,MAAA,KAAW,eAAA,CAAgB,MAAA,EAAQ,OAAO,KAAA;AAC5D,MAAA,IAAIA,OAAAA,GAAS,CAAA;AACb,MAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,aAAA,CAAc,QAAQ,CAAA,EAAA,EAAK;AAC7C,QAAAA,WAAU,aAAA,CAAc,UAAA,CAAW,CAAC,CAAA,GAAI,eAAA,CAAgB,WAAW,CAAC,CAAA;AAAA,MACtE;AACA,MAAA,OAAOA,OAAAA,KAAW,CAAA;AAAA,IACpB;AAGA,IAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,kBAAA,CAAmB,QAAQ,CAAA;AAEzD,IAAA,IAAI,UAAA,CAAW,MAAA,KAAW,UAAA,CAAW,MAAA,EAAQ,OAAO,KAAA;AACpD,IAAA,IAAI,MAAA,GAAS,CAAA;AACb,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,UAAA,CAAW,QAAQ,CAAA,EAAA,EAAK;AAC1C,MAAA,MAAA,IAAU,WAAW,UAAA,CAAW,CAAC,CAAA,GAAI,UAAA,CAAW,WAAW,CAAC,CAAA;AAAA,IAC9D;AACA,IAAA,OAAO,MAAA,KAAW,CAAA;AAAA,EACpB;AAAA,EAEA,OAAO,aAAa,UAAA,EAA6B;AAC/C,IAAA,OAAO,CAAC,UAAA,CAAW,UAAA,CAAW,SAAS,CAAA;AAAA,EACzC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,OAAO,aAAA,CAAc,CAAA,EAAY,KAAA,EAAe,OAAA,EAKvC;AACP,IAAA,SAAA,CAAU,CAAA,EAAG,cAAc,KAAA,EAAO;AAAA,MAChC,QAAA,EAAU,SAAS,QAAA,IAAY,IAAA;AAAA,MAC/B,MAAA,EAAQ,SAAS,MAAA,IAAU,IAAA;AAAA,MAC3B,QAAA,EAAU,SAAS,QAAA,IAAY,QAAA;AAAA,MAC/B,MAAA,EAAQ,OAAA,EAAS,MAAA,IAAW,EAAA,GAAK,EAAA,GAAK;AAAA;AAAA,KACvC,CAAA;AAAA,EACH;AACF;AAGO,IAAM,cAAc,MAAM;AAC/B,EAAA,OAAO,OAAO,GAAY,IAAA,KAAe;AACvC,IAAA,IAAI;AAEF,MAAA,IAAI,KAAA,GAAQ,EAAE,GAAA,CAAI,MAAA,CAAO,eAAe,CAAA,EAAG,OAAA,CAAQ,WAAW,EAAE,CAAA;AAGhE,MAAA,IAAI,CAAC,KAAA,EAAO;AACV,QAAA,KAAA,GAAQ,SAAA,CAAU,GAAG,YAAY,CAAA;AAAA,MACnC;AAEA,MAAA,IAAI,CAAC,KAAA,EAAO;AAEV,QAAA,MAAM,YAAA,GAAe,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,QAAQ,CAAA,IAAK,EAAA;AAC/C,QAAA,IAAI,YAAA,CAAa,QAAA,CAAS,WAAW,CAAA,EAAG;AACtC,UAAA,OAAO,CAAA,CAAE,SAAS,yDAAyD,CAAA;AAAA,QAC7E;AACA,QAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,yBAAA,IAA6B,GAAG,CAAA;AAAA,MACzD;AAGA,MAAA,MAAM,EAAA,GAAK,EAAE,GAAA,EAAK,EAAA;AAClB,MAAA,IAAI,OAAA,GAA6B,IAAA;AAEjC,MAAA,IAAI,EAAA,EAAI;AACN,QAAA,MAAM,WAAW,CAAA,KAAA,EAAQ,KAAA,CAAM,SAAA,CAAU,CAAA,EAAG,EAAE,CAAC,CAAA,CAAA;AAC/C,QAAA,MAAM,MAAA,GAAS,MAAM,EAAA,CAAG,GAAA,CAAI,UAAU,MAAM,CAAA;AAC5C,QAAA,IAAI,MAAA,EAAQ;AACV,UAAA,OAAA,GAAU,MAAA;AAAA,QACZ;AAAA,MACF;AAGA,MAAA,IAAI,CAAC,OAAA,EAAS;AACZ,QAAA,MAAM,SAAA,GAAa,EAAE,GAAA,EAAa,UAAA;AAClC,QAAA,OAAA,GAAU,MAAM,WAAA,CAAY,WAAA,CAAY,KAAA,EAAO,SAAS,CAAA;AAGxD,QAAA,IAAI,WAAW,EAAA,EAAI;AACjB,UAAA,MAAM,WAAW,CAAA,KAAA,EAAQ,KAAA,CAAM,SAAA,CAAU,CAAA,EAAG,EAAE,CAAC,CAAA,CAAA;AAC/C,UAAA,MAAM,EAAA,CAAG,GAAA,CAAI,QAAA,EAAU,IAAA,CAAK,SAAA,CAAU,OAAO,CAAA,EAAG,EAAE,aAAA,EAAe,GAAA,EAAK,CAAA;AAAA,QACxE;AAAA,MACF;AAEA,MAAA,IAAI,CAAC,OAAA,EAAS;AAEZ,QAAA,MAAM,YAAA,GAAe,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,QAAQ,CAAA,IAAK,EAAA;AAC/C,QAAA,IAAI,YAAA,CAAa,QAAA,CAAS,WAAW,CAAA,EAAG;AACtC,UAAA,OAAO,CAAA,CAAE,SAAS,gEAAgE,CAAA;AAAA,QACpF;AACA,QAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,0BAAA,IAA8B,GAAG,CAAA;AAAA,MAC1D;AAGA,MAAA,CAAA,CAAE,GAAA,CAAI,QAAQ,OAAO,CAAA;AAErB,MAAA,OAAO,MAAM,IAAA,EAAK;AAAA,IACpB,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,0BAA0B,KAAK,CAAA;AAE7C,MAAA,MAAM,YAAA,GAAe,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,QAAQ,CAAA,IAAK,EAAA;AAC/C,MAAA,IAAI,YAAA,CAAa,QAAA,CAAS,WAAW,CAAA,EAAG;AACtC,QAAA,OAAO,CAAA,CAAE,SAAS,6DAA6D,CAAA;AAAA,MACjF;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,uBAAA,IAA2B,GAAG,CAAA;AAAA,IACvD;AAAA,EACF,CAAA;AACF;AAGO,IAAM,WAAA,GAAc,CAAC,YAAA,KAAoC;AAC9D,EAAA,OAAO,OAAO,GAAY,IAAA,KAAe;AACvC,IAAA,MAAM,IAAA,GAAO,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEzB,IAAA,IAAI,CAAC,IAAA,EAAM;AAET,MAAA,MAAM,YAAA,GAAe,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,QAAQ,CAAA,IAAK,EAAA;AAC/C,MAAA,IAAI,YAAA,CAAa,QAAA,CAAS,WAAW,CAAA,EAAG;AACtC,QAAA,OAAO,CAAA,CAAE,SAAS,yDAAyD,CAAA;AAAA,MAC7E;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,yBAAA,IAA6B,GAAG,CAAA;AAAA,IACzD;AAEA,IAAA,MAAM,QAAQ,KAAA,CAAM,OAAA,CAAQ,YAAY,CAAA,GAAI,YAAA,GAAe,CAAC,YAAY,CAAA;AAExE,IAAA,IAAI,CAAC,KAAA,CAAM,QAAA,CAAS,IAAA,CAAK,IAAI,CAAA,EAAG;AAE9B,MAAA,MAAM,YAAA,GAAe,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,QAAQ,CAAA,IAAK,EAAA;AAC/C,MAAA,IAAI,YAAA,CAAa,QAAA,CAAS,WAAW,CAAA,EAAG;AACtC,QAAA,OAAO,CAAA,CAAE,SAAS,kEAAkE,CAAA;AAAA,MACtF;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,0BAAA,IAA8B,GAAG,CAAA;AAAA,IAC1D;AAEA,IAAA,OAAO,MAAM,IAAA,EAAK;AAAA,EACpB,CAAA;AACF;AAGO,IAAM,eAAe,MAAM;AAChC,EAAA,OAAO,OAAO,GAAY,IAAA,KAAe;AACvC,IAAA,IAAI;AACF,MAAA,IAAI,KAAA,GAAQ,EAAE,GAAA,CAAI,MAAA,CAAO,eAAe,CAAA,EAAG,OAAA,CAAQ,WAAW,EAAE,CAAA;AAEhE,MAAA,IAAI,CAAC,KAAA,EAAO;AACV,QAAA,KAAA,GAAQ,SAAA,CAAU,GAAG,YAAY,CAAA;AAAA,MACnC;AAEA,MAAA,IAAI,KAAA,EAAO;AACT,QAAA,MAAM,SAAA,GAAa,EAAE,GAAA,EAAa,UAAA;AAClC,QAAA,MAAM,OAAA,GAAU,MAAM,WAAA,CAAY,WAAA,CAAY,OAAO,SAAS,CAAA;AAC9D,QAAA,IAAI,OAAA,EAAS;AACX,UAAA,CAAA,CAAE,GAAA,CAAI,QAAQ,OAAO,CAAA;AAAA,QACvB;AAAA,MACF;AAEA,MAAA,OAAO,MAAM,IAAA,EAAK;AAAA,IACpB,SAAS,KAAA,EAAO;AAEd,MAAA,OAAA,CAAQ,KAAA,CAAM,wBAAwB,KAAK,CAAA;AAC3C,MAAA,OAAO,MAAM,IAAA,EAAK;AAAA,IACpB;AAAA,EACF,CAAA;AACF;;;AC1RO,IAAM,oBAAoB,MAAyB;AACxD,EAAA,OAAO,OAAO,GAAG,IAAA,KAAS;AACxB,IAAA,MAAM,OAAO,IAAI,GAAA,CAAI,CAAA,CAAE,GAAA,CAAI,GAAG,CAAA,CAAE,QAAA;AAGhC,IAAA,IAAI,SAAS,8BAAA,EAAgC;AAC3C,MAAA,cAAA,CAAe,aAAA,EAAc;AAAA,IAC/B;AAGA,IAAA,MAAM,IAAA,EAAK;AAAA,EACb,CAAA;AACF;ACEA,IAAMC,oBAAAA,GAAsB,gDAAA;AAOrB,SAAS,uBAAuB,MAAA,EAA6B;AAClE,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAM,CAAA;AACnC,EAAA,IAAI,MAAA,GAAS,EAAA;AACb,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,IAAA,MAAA,IAAU,MAAA,CAAO,YAAA,CAAa,KAAA,CAAM,CAAC,CAAE,CAAA;AAAA,EACzC;AACA,EAAA,OAAO,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,OAAO,EAAE,CAAA;AAC/E;AAGA,eAAe,WAAW,MAAA,EAAoC;AAC5D,EAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,EAAA,OAAO,OAAO,MAAA,CAAO,SAAA;AAAA,IACnB,KAAA;AAAA,IACA,OAAA,CAAQ,OAAO,MAAM,CAAA;AAAA,IACrB,EAAE,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,SAAA,EAAU;AAAA,IAChC,KAAA;AAAA,IACA,CAAC,QAAQ,QAAQ;AAAA,GACnB;AACF;AAWA,eAAsB,kBAAkB,MAAA,EAAiC;AACvE,EAAA,MAAM,UAAA,GAAa,IAAI,UAAA,CAAW,EAAE,CAAA;AACpC,EAAA,MAAA,CAAO,gBAAgB,UAAU,CAAA;AACjC,EAAA,MAAM,KAAA,GAAQ,sBAAA,CAAuB,UAAA,CAAW,MAAM,CAAA;AAEtD,EAAA,MAAM,GAAA,GAAM,MAAM,UAAA,CAAW,MAAM,CAAA;AACnC,EAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,EAAA,MAAM,eAAA,GAAkB,MAAM,MAAA,CAAO,MAAA,CAAO,IAAA,CAAK,QAAQ,GAAA,EAAK,OAAA,CAAQ,MAAA,CAAO,KAAK,CAAC,CAAA;AACnF,EAAA,MAAM,SAAA,GAAY,uBAAuB,eAAe,CAAA;AAExD,EAAA,OAAO,CAAA,EAAG,KAAK,CAAA,CAAA,EAAI,SAAS,CAAA,CAAA;AAC9B;AAcA,eAAsB,iBAAA,CAAkB,OAAe,MAAA,EAAkC;AACvF,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,UAAU,OAAO,KAAA;AAEhD,EAAA,MAAM,QAAA,GAAW,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA;AAClC,EAAA,IAAI,QAAA,KAAa,IAAI,OAAO,KAAA;AAE5B,EAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,SAAA,CAAU,CAAA,EAAG,QAAQ,CAAA;AACzC,EAAA,MAAM,SAAA,GAAY,KAAA,CAAM,SAAA,CAAU,QAAA,GAAW,CAAC,CAAA;AAE9C,EAAA,IAAI,CAAC,KAAA,IAAS,CAAC,SAAA,EAAW,OAAO,KAAA;AAEjC,EAAA,IAAI;AACF,IAAA,MAAM,GAAA,GAAM,MAAM,UAAA,CAAW,MAAM,CAAA;AACnC,IAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAGhC,IAAA,MAAM,SAAA,GAAY,UAAU,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAM,GAAG,CAAA;AAChE,IAAA,MAAM,SAAA,GAAY,KAAK,SAAS,CAAA;AAChC,IAAA,MAAM,QAAA,GAAW,IAAI,UAAA,CAAW,SAAA,CAAU,MAAM,CAAA;AAChD,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,SAAA,CAAU,QAAQ,CAAA,EAAA,EAAK;AACzC,MAAA,QAAA,CAAS,CAAC,CAAA,GAAI,SAAA,CAAU,UAAA,CAAW,CAAC,CAAA;AAAA,IACtC;AAGA,IAAA,OAAO,MAAM,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,MAAA,EAAQ,GAAA,EAAK,QAAA,CAAS,MAAA,EAAQ,OAAA,CAAQ,MAAA,CAAO,KAAK,CAAC,CAAA;AAAA,EACvF,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAMA,IAAM,oBAAA,GAAuB;AAAA,EAC3B,aAAA;AAAA,EACA,gBAAA;AAAA,EACA,kBAAA;AAAA,EACA,yBAAA;AAAA,EACA,sBAAA;AAAA,EACA;AACF,CAAA;AASA,SAAS,YAAA,CAAa,IAAA,EAAc,gBAAA,GAA6B,EAAC,EAAY;AAE5E,EAAA,IAAI,IAAA,CAAK,UAAA,CAAW,SAAS,CAAA,IAAK,IAAA,CAAK,UAAA,CAAW,aAAa,CAAA,IAAK,IAAA,KAAS,QAAA,IAAY,IAAA,KAAS,YAAA,EAAc;AAC9G,IAAA,OAAO,IAAA;AAAA,EACT;AAGA,EAAA,IAAI,IAAA,CAAK,UAAA,CAAW,aAAa,CAAA,EAAG;AAClC,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,SAAA,GAAY,CAAC,GAAG,oBAAA,EAAsB,GAAG,gBAAgB,CAAA;AAC/D,EAAA,KAAA,MAAW,UAAU,SAAA,EAAW;AAC9B,IAAA,IAAI,SAAS,MAAA,IAAU,IAAA,CAAK,UAAA,CAAW,MAAA,GAAS,GAAG,CAAA,EAAG;AACpD,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT;AAkBO,SAAS,cAAA,CAAe,OAAA,GAAuB,EAAC,EAAG;AACxD,EAAA,OAAO,OAAO,GAAY,IAAA,KAAyC;AACjE,IAAA,MAAM,MAAA,GAAS,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,WAAA,EAAY;AACxC,IAAA,MAAM,OAAO,IAAI,GAAA,CAAI,CAAA,CAAE,GAAA,CAAI,GAAG,CAAA,CAAE,QAAA;AAChC,IAAA,MAAM,MAAA,GAAS,CAAA,CAAE,GAAA,EAAK,UAAA,IAAcA,oBAAAA;AAGpC,IAAA,IAAI,EAAE,GAAA,EAAK,WAAA,KAAgB,gBAAgB,CAAC,CAAA,CAAE,KAAK,UAAA,EAAY;AAC7D,MAAA,OAAA,CAAQ,IAAA;AAAA,QACN;AAAA,OAEF;AAAA,IACF;AAGA,IAAA,IAAI,MAAA,KAAW,KAAA,IAAS,MAAA,KAAW,MAAA,IAAU,WAAW,SAAA,EAAW;AACjE,MAAA,MAAM,gBAAA,CAAiB,GAAG,MAAM,CAAA;AAChC,MAAA,MAAM,IAAA,EAAK;AACX,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,YAAA,CAAa,IAAA,EAAM,OAAA,CAAQ,WAAW,CAAA,EAAG;AAC3C,MAAA,MAAM,IAAA,EAAK;AACX,MAAA;AAAA,IACF;AAGA,IAAA,MAAM,UAAA,GAAaC,SAAAA,CAAU,CAAA,EAAG,YAAY,CAAA;AAC5C,IAAA,IAAI,CAAC,UAAA,EAAY;AACf,MAAA,MAAM,IAAA,EAAK;AACX,MAAA;AAAA,IACF;AAGA,IAAA,MAAM,WAAA,GAAcA,SAAAA,CAAU,CAAA,EAAG,YAAY,CAAA;AAC7C,IAAA,IAAI,WAAA,GAAc,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,cAAc,CAAA;AAG7C,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,MAAM,WAAA,GAAc,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,cAAc,CAAA,IAAK,EAAA;AACpD,MAAA,IAAI,YAAY,QAAA,CAAS,mCAAmC,KAAK,WAAA,CAAY,QAAA,CAAS,qBAAqB,CAAA,EAAG;AAC5G,QAAA,IAAI;AACF,UAAA,MAAM,IAAA,GAAO,MAAM,CAAA,CAAE,GAAA,CAAI,SAAA,EAAU;AACnC,UAAA,WAAA,GAAc,KAAK,OAAO,CAAA;AAAA,QAC5B,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AAAA,IACF;AAEA,IAAA,IAAI,CAAC,WAAA,IAAe,CAAC,WAAA,EAAa;AAChC,MAAA,OAAO,SAAA,CAAU,GAAG,oBAAoB,CAAA;AAAA,IAC1C;AAEA,IAAA,IAAI,gBAAgB,WAAA,EAAa;AAC/B,MAAA,OAAO,SAAA,CAAU,GAAG,qBAAqB,CAAA;AAAA,IAC3C;AAEA,IAAA,MAAM,OAAA,GAAU,MAAM,iBAAA,CAAkB,WAAA,EAAa,MAAM,CAAA;AAC3D,IAAA,IAAI,CAAC,OAAA,EAAS;AACZ,MAAA,OAAO,SAAA,CAAU,GAAG,oBAAoB,CAAA;AAAA,IAC1C;AAEA,IAAA,MAAM,IAAA,EAAK;AAAA,EACb,CAAA;AACF;AAOA,eAAe,gBAAA,CAAiB,GAAY,MAAA,EAA+B;AACzE,EAAA,MAAM,QAAA,GAAWA,SAAAA,CAAU,CAAA,EAAG,YAAY,CAAA;AAE1C,EAAA,IAAI,QAAA,EAAU;AACZ,IAAA,MAAM,OAAA,GAAU,MAAM,iBAAA,CAAkB,QAAA,EAAU,MAAM,CAAA;AACxD,IAAA,IAAI,OAAA,EAAS;AAEX,MAAA,CAAA,CAAE,GAAA,CAAI,aAAa,QAAQ,CAAA;AAC3B,MAAA;AAAA,IACF;AAAA,EACF;AAGA,EAAA,MAAM,KAAA,GAAQ,MAAM,iBAAA,CAAkB,MAAM,CAAA;AAC5C,EAAA,CAAA,CAAE,GAAA,CAAI,aAAa,KAAK,CAAA;AAExB,EAAA,MAAM,QAAQ,CAAA,CAAE,GAAA,EAAK,gBAAgB,aAAA,IAAiB,CAAC,EAAE,GAAA,EAAK,WAAA;AAC9D,EAAAC,SAAAA,CAAU,CAAA,EAAG,YAAA,EAAc,KAAA,EAAO;AAAA,IAChC,QAAA,EAAU,KAAA;AAAA;AAAA,IACV,QAAQ,CAAC,KAAA;AAAA,IACT,QAAA,EAAU,QAAA;AAAA,IACV,IAAA,EAAM,GAAA;AAAA,IACN,MAAA,EAAQ;AAAA;AAAA,GACT,CAAA;AACH;AAGA,SAAS,SAAA,CAAU,GAAY,OAAA,EAA2B;AACxD,EAAA,MAAM,MAAA,GAAS,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,QAAQ,CAAA,IAAK,EAAA;AACzC,EAAA,IAAI,MAAA,CAAO,QAAA,CAAS,WAAW,CAAA,EAAG;AAChC,IAAA,OAAO,CAAA,CAAE,IAAA;AAAA,MACP,gGACkC,OAAO,CAAA,kBAAA,CAAA;AAAA,MACzC;AAAA,KACF;AAAA,EACF;AACA,EAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,SAAS,MAAA,EAAQ,GAAA,IAAO,GAAG,CAAA;AACpD;;;ACvQO,SAAS,UAAU,OAAA,EAA2B;AACnD,EAAA,MAAM,EAAE,GAAA,EAAK,QAAA,EAAU,SAAA,EAAU,GAAI,OAAA;AAErC,EAAA,OAAO,OAAO,GAAY,IAAA,KAAe;AACvC,IAAA,MAAM,EAAA,GAAM,EAAE,GAAA,EAAa,QAAA;AAC3B,IAAA,IAAI,CAAC,EAAA,EAAI;AAEP,MAAA,OAAO,MAAM,IAAA,EAAK;AAAA,IACpB;AAEA,IAAA,MAAM,EAAA,GAAK,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,kBAAkB,KAAK,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,iBAAiB,CAAA,IAAK,SAAA;AAClF,IAAA,MAAM,GAAA,GAAM,CAAA,UAAA,EAAa,SAAS,CAAA,CAAA,EAAI,EAAE,CAAA,CAAA;AAExC,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,MAAA,MAAM,MAAA,GAAS,MAAM,EAAA,CAAG,GAAA,CAAI,KAAK,MAAM,CAAA;AAEvC,MAAA,IAAI,KAAA;AACJ,MAAA,IAAI,MAAA,IAAU,MAAA,CAAO,OAAA,GAAU,GAAA,EAAK;AAClC,QAAA,KAAA,GAAQ,MAAA;AAAA,MACV,CAAA,MAAO;AACL,QAAA,KAAA,GAAQ,EAAE,KAAA,EAAO,CAAA,EAAG,OAAA,EAAS,MAAM,QAAA,EAAS;AAAA,MAC9C;AAEA,MAAA,KAAA,CAAM,KAAA,EAAA;AAGN,MAAA,MAAM,aAAa,IAAA,CAAK,IAAA,CAAA,CAAM,KAAA,CAAM,OAAA,GAAU,OAAO,GAAI,CAAA;AAEzD,MAAA,IAAI,KAAA,CAAM,QAAQ,GAAA,EAAK;AAErB,QAAA,MAAM,EAAA,CAAG,GAAA,CAAI,GAAA,EAAK,IAAA,CAAK,UAAU,KAAK,CAAA,EAAG,EAAE,aAAA,EAAe,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,CAAC,GAAG,CAAA;AAEnF,QAAA,MAAM,aAAa,IAAA,CAAK,IAAA,CAAA,CAAM,KAAA,CAAM,OAAA,GAAU,OAAO,GAAI,CAAA;AACzD,QAAA,CAAA,CAAE,MAAA,CAAO,aAAA,EAAe,MAAA,CAAO,UAAU,CAAC,CAAA;AAC1C,QAAA,CAAA,CAAE,MAAA,CAAO,mBAAA,EAAqB,MAAA,CAAO,GAAG,CAAC,CAAA;AACzC,QAAA,CAAA,CAAE,MAAA,CAAO,yBAAyB,GAAG,CAAA;AACrC,QAAA,CAAA,CAAE,MAAA,CAAO,qBAAqB,MAAA,CAAO,IAAA,CAAK,KAAK,KAAA,CAAM,OAAA,GAAU,GAAI,CAAC,CAAC,CAAA;AACrE,QAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,4CAAA,IAAgD,GAAG,CAAA;AAAA,MAC5E;AAEA,MAAA,MAAM,EAAA,CAAG,GAAA,CAAI,GAAA,EAAK,IAAA,CAAK,UAAU,KAAK,CAAA,EAAG,EAAE,aAAA,EAAe,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,CAAC,GAAG,CAAA;AAEnF,MAAA,CAAA,CAAE,MAAA,CAAO,mBAAA,EAAqB,MAAA,CAAO,GAAG,CAAC,CAAA;AACzC,MAAA,CAAA,CAAE,OAAO,uBAAA,EAAyB,MAAA,CAAO,GAAA,GAAM,KAAA,CAAM,KAAK,CAAC,CAAA;AAC3D,MAAA,CAAA,CAAE,MAAA,CAAO,qBAAqB,MAAA,CAAO,IAAA,CAAK,KAAK,KAAA,CAAM,OAAA,GAAU,GAAI,CAAC,CAAC,CAAA;AAErE,MAAA,OAAO,MAAM,IAAA,EAAK;AAAA,IACpB,SAAS,KAAA,EAAO;AAEd,MAAA,OAAA,CAAQ,KAAA,CAAM,mCAAmC,KAAK,CAAA;AACtD,MAAA,OAAO,MAAM,IAAA,EAAK;AAAA,IACpB;AAAA,EACF,CAAA;AACF;;;AChEO,IAAM,4BAA4B,MAAM;AAC7C,EAAA,OAAO,OAAO,GAAY,IAAA,KAAe;AACvC,IAAA,MAAM,IAAA,EAAK;AAEX,IAAA,CAAA,CAAE,MAAA,CAAO,0BAA0B,SAAS,CAAA;AAC5C,IAAA,CAAA,CAAE,MAAA,CAAO,mBAAmB,YAAY,CAAA;AACxC,IAAA,CAAA,CAAE,MAAA,CAAO,mBAAmB,iCAAiC,CAAA;AAC7D,IAAA,CAAA,CAAE,MAAA,CAAO,sBAAsB,0CAA0C,CAAA;AAGzE,IAAA,MAAM,WAAA,GAAe,EAAE,GAAA,EAAa,WAAA;AACpC,IAAA,IAAI,gBAAgB,aAAA,EAAe;AACjC,MAAA,CAAA,CAAE,MAAA,CAAO,6BAA6B,qCAAqC,CAAA;AAAA,IAC7E;AAAA,EACF,CAAA;AACF;;;ACWO,IAAM,oBAAyB,MAAM,OAAO,EAAA,EAAS,IAAA,KAAc,MAAM,IAAA;AACzE,IAAM,4BAAiC,MAAM,OAAO,EAAA,EAAS,IAAA,KAAc,MAAM,IAAA;AACjF,IAAM,4BAAiC,MAAM,OAAO,EAAA,EAAS,IAAA,KAAc,MAAM,IAAA;AACjF,IAAM,+BAAoC,MAAM,OAAO,EAAA,EAAS,IAAA,KAAc,MAAM,IAAA;AACpF,IAAM,eAAoB,MAAM,OAAO,EAAA,EAAS,IAAA,KAAc,MAAM,IAAA;AACpE,IAAM,qBAAA,GAA6B,OAAO,EAAA,EAAS,IAAA,KAAc,MAAM,IAAA;AAIvE,IAAM,oBAAyB;AAC/B,IAAM,oBAAyB,MAAM,OAAO,EAAA,EAAS,IAAA,KAAc,MAAM,IAAA;AACzE,IAAM,uBAA4B,MAAM,OAAO,EAAA,EAAS,IAAA,KAAc,MAAM,IAAA;AAC5E,IAAM,cAAmB,MAAM;AAAC;AAChC,IAAM,sBAA2B,MAAM,OAAO,EAAA,EAAS,IAAA,KAAc,MAAM,IAAA;AAC3E,IAAM,uBAA4B,MAAM,OAAO,EAAA,EAAS,IAAA,KAAc,MAAM,IAAA;AAC5E,IAAM,gBAAA,GAAwB,MAAM;AACpC,IAAM,iBAAsB,MAAM","file":"chunk-4TTMQQC7.js","sourcesContent":["import { Context, Next } from \"hono\";\nimport { syncCollections } from \"../services/collection-sync\";\nimport { MigrationService } from \"../services/migrations\";\nimport { PluginBootstrapService } from \"../services/plugin-bootstrap\";\nimport type { SonicJSConfig } from \"../app\";\n\ntype Bindings = {\n DB: D1Database;\n KV: KVNamespace;\n JWT_SECRET?: string;\n CORS_ORIGINS?: string;\n ENVIRONMENT?: string;\n};\n\n// Track if bootstrap has been run in this worker instance\nlet bootstrapComplete = false;\n\n/**\n * Verify security-critical environment configuration at startup.\n * Logs warnings in development, throws in production to prevent\n * insecure deployments from silently running.\n */\nexport function verifySecurityConfig(env: Bindings): void {\n const warnings: string[] = [];\n\n // Check JWT secret\n if (!env.JWT_SECRET) {\n warnings.push(\n \"JWT_SECRET is not set — using hardcoded fallback. Set via `wrangler secret put JWT_SECRET`\"\n );\n } else if (env.JWT_SECRET.includes(\"change-in-production\")) {\n warnings.push(\n \"JWT_SECRET contains the default value — tokens are forgeable. Generate a strong random secret\"\n );\n }\n\n // Check CORS origins\n if (!env.CORS_ORIGINS) {\n warnings.push(\n \"CORS_ORIGINS is not set — all cross-origin API requests will be rejected\"\n );\n }\n\n // Check environment designation\n if (!env.ENVIRONMENT) {\n warnings.push(\n \"ENVIRONMENT is not set — HSTS header will not be applied. Set to \\\"production\\\" or \\\"development\\\"\"\n );\n }\n\n if (warnings.length === 0) {\n return;\n }\n\n const isProduction = env.ENVIRONMENT === \"production\";\n\n for (const warning of warnings) {\n console.warn(`[SonicJS Security] ${warning}`);\n }\n\n if (isProduction) {\n // In production, a missing or default JWT_SECRET is a hard failure —\n // every token issued would be forgeable by anyone reading the source code.\n const hasCritical =\n !env.JWT_SECRET || env.JWT_SECRET.includes(\"change-in-production\");\n if (hasCritical) {\n throw new Error(\n \"[SonicJS Security] CRITICAL: Production deployment is missing a secure JWT_SECRET. \" +\n \"Set it via `wrangler secret put JWT_SECRET` before deploying.\"\n );\n }\n }\n}\n\n/**\n * Bootstrap middleware that ensures system initialization\n * Runs once per worker instance\n */\nexport function bootstrapMiddleware(config: SonicJSConfig = {}) {\n return async (c: Context<{ Bindings: Bindings }>, next: Next) => {\n // Skip if already bootstrapped in this worker instance\n if (bootstrapComplete) {\n return next();\n }\n\n // Skip bootstrap for static assets and health checks\n const path = c.req.path;\n if (\n path.startsWith(\"/images/\") ||\n path.startsWith(\"/assets/\") ||\n path === \"/health\" ||\n path.endsWith(\".js\") ||\n path.endsWith(\".css\") ||\n path.endsWith(\".png\") ||\n path.endsWith(\".jpg\") ||\n path.endsWith(\".ico\")\n ) {\n return next();\n }\n\n try {\n console.log(\"[Bootstrap] Starting system initialization...\");\n\n // 1. Run database migrations first\n console.log(\"[Bootstrap] Running database migrations...\");\n const migrationService = new MigrationService(c.env.DB);\n await migrationService.runPendingMigrations();\n\n // 2. Sync collection configurations\n console.log(\"[Bootstrap] Syncing collection configurations...\");\n try {\n await syncCollections(c.env.DB);\n } catch (error) {\n console.error(\"[Bootstrap] Error syncing collections:\", error);\n // Continue bootstrap even if collection sync fails\n }\n\n // 3. Bootstrap core plugins (unless disableAll is set)\n if (!config.plugins?.disableAll) {\n console.log(\"[Bootstrap] Bootstrapping core plugins...\");\n const bootstrapService = new PluginBootstrapService(c.env.DB);\n\n // Check if bootstrap is needed\n const needsBootstrap = await bootstrapService.isBootstrapNeeded();\n if (needsBootstrap) {\n await bootstrapService.bootstrapCorePlugins();\n }\n } else {\n console.log(\"[Bootstrap] Plugin bootstrap skipped (disableAll is true)\");\n }\n\n // Mark bootstrap as complete for this worker instance\n bootstrapComplete = true;\n console.log(\"[Bootstrap] System initialization completed\");\n } catch (error) {\n console.error(\"[Bootstrap] Error during system initialization:\", error);\n // Don't prevent the app from starting, but log the error\n }\n\n // 4. Verify security configuration (outside try/catch so critical\n // errors in production propagate and prevent insecure deployments)\n verifySecurityConfig(c.env as Bindings);\n\n return next();\n };\n}\n\n/**\n * Reset bootstrap flag (useful for testing)\n */\nexport function resetBootstrap() {\n bootstrapComplete = false;\n}\n","import { sign, verify } from 'hono/jwt'\nimport { Context, Next } from 'hono'\nimport { getCookie, setCookie } from 'hono/cookie'\n\ntype JWTPayload = {\n userId: string\n email: string\n role: string\n exp: number\n iat: number\n}\n\n// Fallback JWT secret for local development only (no wrangler secret set)\nconst JWT_SECRET_FALLBACK = 'your-super-secret-jwt-key-change-in-production'\n\nexport class AuthManager {\n static async generateToken(userId: string, email: string, role: string, secret?: string): Promise<string> {\n const payload: JWTPayload = {\n userId,\n email,\n role,\n exp: Math.floor(Date.now() / 1000) + (60 * 60 * 24), // 24 hours\n iat: Math.floor(Date.now() / 1000)\n }\n\n return await sign(payload, secret || JWT_SECRET_FALLBACK, 'HS256')\n }\n\n static async verifyToken(token: string, secret?: string): Promise<JWTPayload | null> {\n try {\n const payload = await verify(token, secret || JWT_SECRET_FALLBACK, 'HS256') as JWTPayload\n \n // Check if token is expired\n if (payload.exp < Math.floor(Date.now() / 1000)) {\n return null\n }\n \n return payload\n } catch (error) {\n console.error('Token verification failed:', error)\n return null\n }\n }\n\n static async hashPassword(password: string): Promise<string> {\n const iterations = 100000\n const salt = new Uint8Array(16)\n crypto.getRandomValues(salt)\n\n const encoder = new TextEncoder()\n const keyMaterial = await crypto.subtle.importKey(\n 'raw',\n encoder.encode(password),\n 'PBKDF2',\n false,\n ['deriveBits']\n )\n\n const hashBuffer = await crypto.subtle.deriveBits(\n {\n name: 'PBKDF2',\n salt,\n iterations,\n hash: 'SHA-256'\n },\n keyMaterial,\n 256\n )\n\n const saltHex = Array.from(salt).map(b => b.toString(16).padStart(2, '0')).join('')\n const hashHex = Array.from(new Uint8Array(hashBuffer)).map(b => b.toString(16).padStart(2, '0')).join('')\n\n return `pbkdf2:${iterations}:${saltHex}:${hashHex}`\n }\n\n static async hashPasswordLegacy(password: string): Promise<string> {\n const encoder = new TextEncoder()\n const data = encoder.encode(password + 'salt-change-in-production')\n const hashBuffer = await crypto.subtle.digest('SHA-256', data)\n const hashArray = Array.from(new Uint8Array(hashBuffer))\n return hashArray.map(b => b.toString(16).padStart(2, '0')).join('')\n }\n\n static async verifyPassword(password: string, storedHash: string): Promise<boolean> {\n if (storedHash.startsWith('pbkdf2:')) {\n // PBKDF2 format: pbkdf2:<iterations>:<salt_hex>:<hash_hex>\n const parts = storedHash.split(':')\n if (parts.length !== 4) return false\n\n const iterationsStr = parts[1]!\n const saltHex = parts[2]!\n const expectedHashHex = parts[3]!\n const iterations = parseInt(iterationsStr, 10)\n\n const saltBytes = saltHex.match(/.{2}/g)\n if (!saltBytes) return false\n const salt = new Uint8Array(saltBytes.map(byte => parseInt(byte, 16)))\n\n const encoder = new TextEncoder()\n const keyMaterial = await crypto.subtle.importKey(\n 'raw',\n encoder.encode(password),\n 'PBKDF2',\n false,\n ['deriveBits']\n )\n\n const hashBuffer = await crypto.subtle.deriveBits(\n {\n name: 'PBKDF2',\n salt,\n iterations,\n hash: 'SHA-256'\n },\n keyMaterial,\n 256\n )\n\n const actualHashHex = Array.from(new Uint8Array(hashBuffer)).map(b => b.toString(16).padStart(2, '0')).join('')\n\n // Constant-time comparison\n if (actualHashHex.length !== expectedHashHex.length) return false\n let result = 0\n for (let i = 0; i < actualHashHex.length; i++) {\n result |= actualHashHex.charCodeAt(i) ^ expectedHashHex.charCodeAt(i)\n }\n return result === 0\n }\n\n // Legacy SHA-256 format (no colons in hash)\n const legacyHash = await this.hashPasswordLegacy(password)\n // Constant-time comparison for legacy too\n if (legacyHash.length !== storedHash.length) return false\n let result = 0\n for (let i = 0; i < legacyHash.length; i++) {\n result |= legacyHash.charCodeAt(i) ^ storedHash.charCodeAt(i)\n }\n return result === 0\n }\n\n static isLegacyHash(storedHash: string): boolean {\n return !storedHash.startsWith('pbkdf2:')\n }\n\n /**\n * Set authentication cookie - useful for plugins implementing alternative auth methods\n * @param c - Hono context\n * @param token - JWT token to set in cookie\n * @param options - Optional cookie configuration\n */\n static setAuthCookie(c: Context, token: string, options?: {\n maxAge?: number\n secure?: boolean\n httpOnly?: boolean\n sameSite?: 'Strict' | 'Lax' | 'None'\n }): void {\n setCookie(c, 'auth_token', token, {\n httpOnly: options?.httpOnly ?? true,\n secure: options?.secure ?? true,\n sameSite: options?.sameSite ?? 'Strict',\n maxAge: options?.maxAge ?? (60 * 60 * 24) // 24 hours default\n })\n }\n}\n\n// Middleware to require authentication\nexport const requireAuth = () => {\n return async (c: Context, next: Next) => {\n try {\n // Try to get token from Authorization header\n let token = c.req.header('Authorization')?.replace('Bearer ', '')\n\n // If no header token, try cookie\n if (!token) {\n token = getCookie(c, 'auth_token')\n }\n\n if (!token) {\n // Check if this is a browser request (HTML accept header)\n const acceptHeader = c.req.header('Accept') || ''\n if (acceptHeader.includes('text/html')) {\n return c.redirect('/auth/login?error=Please login to access the admin area')\n }\n return c.json({ error: 'Authentication required' }, 401)\n }\n\n // Try to get cached token verification from KV\n const kv = c.env?.KV\n let payload: JWTPayload | null = null\n\n if (kv) {\n const cacheKey = `auth:${token.substring(0, 20)}` // Use token prefix as key\n const cached = await kv.get(cacheKey, 'json')\n if (cached) {\n payload = cached as JWTPayload\n }\n }\n\n // If not cached, verify token\n if (!payload) {\n const jwtSecret = (c.env as any)?.JWT_SECRET\n payload = await AuthManager.verifyToken(token, jwtSecret)\n\n // Cache the verified payload for 5 minutes\n if (payload && kv) {\n const cacheKey = `auth:${token.substring(0, 20)}`\n await kv.put(cacheKey, JSON.stringify(payload), { expirationTtl: 300 })\n }\n }\n\n if (!payload) {\n // Check if this is a browser request (HTML accept header)\n const acceptHeader = c.req.header('Accept') || ''\n if (acceptHeader.includes('text/html')) {\n return c.redirect('/auth/login?error=Your session has expired, please login again')\n }\n return c.json({ error: 'Invalid or expired token' }, 401)\n }\n\n // Add user info to context\n c.set('user', payload)\n\n return await next()\n } catch (error) {\n console.error('Auth middleware error:', error)\n // Check if this is a browser request (HTML accept header)\n const acceptHeader = c.req.header('Accept') || ''\n if (acceptHeader.includes('text/html')) {\n return c.redirect('/auth/login?error=Authentication failed, please login again')\n }\n return c.json({ error: 'Authentication failed' }, 401)\n }\n }\n}\n\n// Middleware to require specific role\nexport const requireRole = (requiredRole: string | string[]) => {\n return async (c: Context, next: Next) => {\n const user = c.get('user') as JWTPayload\n \n if (!user) {\n // Check if this is a browser request (HTML accept header)\n const acceptHeader = c.req.header('Accept') || ''\n if (acceptHeader.includes('text/html')) {\n return c.redirect('/auth/login?error=Please login to access the admin area')\n }\n return c.json({ error: 'Authentication required' }, 401)\n }\n \n const roles = Array.isArray(requiredRole) ? requiredRole : [requiredRole]\n \n if (!roles.includes(user.role)) {\n // Check if this is a browser request (HTML accept header)\n const acceptHeader = c.req.header('Accept') || ''\n if (acceptHeader.includes('text/html')) {\n return c.redirect('/auth/login?error=You do not have permission to access this area')\n }\n return c.json({ error: 'Insufficient permissions' }, 403)\n }\n \n return await next()\n }\n}\n\n// Optional auth middleware (doesn't block if no token)\nexport const optionalAuth = () => {\n return async (c: Context, next: Next) => {\n try {\n let token = c.req.header('Authorization')?.replace('Bearer ', '')\n \n if (!token) {\n token = getCookie(c, 'auth_token')\n }\n \n if (token) {\n const jwtSecret = (c.env as any)?.JWT_SECRET\n const payload = await AuthManager.verifyToken(token, jwtSecret)\n if (payload) {\n c.set('user', payload)\n }\n }\n \n return await next()\n } catch (error) {\n // Don't block on auth errors in optional auth\n console.error('Optional auth error:', error)\n return await next()\n }\n }\n}\n","import { MiddlewareHandler } from 'hono'\nimport { metricsTracker } from '../utils/metrics'\n\n/**\n * Middleware to track all HTTP requests for real-time analytics\n * Excludes the metrics endpoint itself to avoid inflating the count\n */\nexport const metricsMiddleware = (): MiddlewareHandler => {\n return async (c, next) => {\n const path = new URL(c.req.url).pathname\n\n // Don't track the metrics endpoint itself to avoid self-inflating counts\n if (path !== '/admin/dashboard/api/metrics') {\n metricsTracker.recordRequest()\n }\n\n // Continue with the request\n await next()\n }\n}\n","/**\n * CSRF Protection Middleware — Signed Double-Submit Cookie\n *\n * Stateless CSRF protection for Cloudflare Workers (no session store needed).\n * Token format: `<nonce>.<hmac>` where HMAC-SHA256 is keyed with JWT_SECRET.\n *\n * Flow:\n * GET — ensureCsrfCookie(): reuse existing valid cookie or set a new one\n * POST/PUT/DELETE/PATCH — validate X-CSRF-Token header === csrf_token cookie, HMAC valid\n *\n * Exempt:\n * - Safe methods (GET, HEAD, OPTIONS)\n * - Auth routes that create sessions (/auth/login*, /auth/register*, etc.)\n * - Public form submissions (/forms/*, /api/forms/*) — NOT /admin/forms/*\n * - Requests with no auth_token cookie (Bearer-only or API-key-only)\n */\n\nimport type { Context, Next } from 'hono'\nimport { getCookie, setCookie } from 'hono/cookie'\n\n// Fallback secret — mirrors auth.ts behavior for local dev without wrangler secret\nconst JWT_SECRET_FALLBACK = 'your-super-secret-jwt-key-change-in-production'\n\n// ============================================================================\n// Helpers\n// ============================================================================\n\n/** Convert ArrayBuffer to URL-safe base64 (no padding). */\nexport function arrayBufferToBase64Url(buffer: ArrayBuffer): string {\n const bytes = new Uint8Array(buffer)\n let binary = ''\n for (let i = 0; i < bytes.length; i++) {\n binary += String.fromCharCode(bytes[i]!)\n }\n return btoa(binary).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '')\n}\n\n/** Import a string key for HMAC-SHA256. */\nasync function getHmacKey(secret: string): Promise<CryptoKey> {\n const encoder = new TextEncoder()\n return crypto.subtle.importKey(\n 'raw',\n encoder.encode(secret),\n { name: 'HMAC', hash: 'SHA-256' },\n false,\n ['sign', 'verify']\n )\n}\n\n// ============================================================================\n// Token Generation & Validation\n// ============================================================================\n\n/**\n * Generate a signed CSRF token: `<nonce>.<hmac_signature>`\n * - nonce = 32 random bytes, base64url-encoded\n * - signature = HMAC-SHA256(nonce, secret), base64url-encoded\n */\nexport async function generateCsrfToken(secret: string): Promise<string> {\n const nonceBytes = new Uint8Array(32)\n crypto.getRandomValues(nonceBytes)\n const nonce = arrayBufferToBase64Url(nonceBytes.buffer)\n\n const key = await getHmacKey(secret)\n const encoder = new TextEncoder()\n const signatureBuffer = await crypto.subtle.sign('HMAC', key, encoder.encode(nonce))\n const signature = arrayBufferToBase64Url(signatureBuffer)\n\n return `${nonce}.${signature}`\n}\n\n/**\n * Validate a signed CSRF token.\n *\n * Checks that the token has the correct `<nonce>.<signature>` format and that\n * the HMAC signature is valid for the given secret. Uses crypto.subtle.verify\n * which provides constant-time comparison.\n *\n * NOTE: No expiry check here — by design. The security property of signed\n * double-submit comes from the unpredictability of the nonce + the\n * secret-bound HMAC, not from time-bounding. The cookie's maxAge (86400s)\n * handles expiry at the browser level.\n */\nexport async function validateCsrfToken(token: string, secret: string): Promise<boolean> {\n if (!token || typeof token !== 'string') return false\n\n const dotIndex = token.indexOf('.')\n if (dotIndex === -1) return false\n\n const nonce = token.substring(0, dotIndex)\n const signature = token.substring(dotIndex + 1)\n\n if (!nonce || !signature) return false\n\n try {\n const key = await getHmacKey(secret)\n const encoder = new TextEncoder()\n\n // Decode the signature from base64url\n const sigPadded = signature.replace(/-/g, '+').replace(/_/g, '/')\n const sigBinary = atob(sigPadded)\n const sigBytes = new Uint8Array(sigBinary.length)\n for (let i = 0; i < sigBinary.length; i++) {\n sigBytes[i] = sigBinary.charCodeAt(i)\n }\n\n // crypto.subtle.verify is constant-time\n return await crypto.subtle.verify('HMAC', key, sigBytes.buffer, encoder.encode(nonce))\n } catch {\n return false\n }\n}\n\n// ============================================================================\n// Default Exempt Paths\n// ============================================================================\n\nconst DEFAULT_EXEMPT_PATHS = [\n '/auth/login',\n '/auth/register',\n '/auth/seed-admin',\n '/auth/accept-invitation',\n '/auth/reset-password',\n '/auth/request-password-reset',\n]\n\n/**\n * Check whether a request path is exempt from CSRF validation.\n * - Exact match or startsWith for auth routes (e.g. /auth/login/form)\n * - /forms/* and /api/forms/* are exempt (public submissions)\n * - /api/search* is exempt (read-only POST for complex query params)\n * - /admin/forms/* is NOT exempt\n */\nfunction isExemptPath(path: string, extraExemptPaths: string[] = []): boolean {\n // Public form routes — NOT /admin/forms/*\n if (path.startsWith('/forms/') || path.startsWith('/api/forms/') || path === '/forms' || path === '/api/forms') {\n return true\n }\n\n // Search API — read-only POST (includes /api/search/click, /api/search/facet-click)\n if (path.startsWith('/api/search')) {\n return true\n }\n\n const allExempt = [...DEFAULT_EXEMPT_PATHS, ...extraExemptPaths]\n for (const exempt of allExempt) {\n if (path === exempt || path.startsWith(exempt + '/')) {\n return true\n }\n }\n\n return false\n}\n\n// ============================================================================\n// Middleware\n// ============================================================================\n\nexport interface CsrfOptions {\n /** Additional paths to exempt from CSRF validation. */\n exemptPaths?: string[]\n}\n\n/**\n * CSRF protection middleware (Signed Double-Submit Cookie).\n *\n * - GET/HEAD/OPTIONS: ensure a valid csrf_token cookie exists\n * - POST/PUT/DELETE/PATCH: validate X-CSRF-Token header matches cookie, HMAC valid\n * - Exempt: auth routes, public /forms/*, Bearer-only, API-key-only\n */\nexport function csrfProtection(options: CsrfOptions = {}) {\n return async (c: Context, next: Next): Promise<Response | void> => {\n const method = c.req.method.toUpperCase()\n const path = new URL(c.req.url).pathname\n const secret = c.env?.JWT_SECRET || JWT_SECRET_FALLBACK\n\n // Warn if using fallback secret in production\n if (c.env?.ENVIRONMENT === 'production' && !c.env?.JWT_SECRET) {\n console.warn(\n '[CSRF] WARNING: JWT_SECRET is not set in production. ' +\n 'CSRF tokens are signed with the fallback key, which is insecure.'\n )\n }\n\n // Safe methods — just ensure cookie, then pass through\n if (method === 'GET' || method === 'HEAD' || method === 'OPTIONS') {\n await ensureCsrfCookie(c, secret)\n await next()\n return\n }\n\n // Exempt paths — pass through without validation\n if (isExemptPath(path, options.exemptPaths)) {\n await next()\n return\n }\n\n // Bearer-only or API-key-only requests (no auth_token cookie) — exempt\n const authCookie = getCookie(c, 'auth_token')\n if (!authCookie) {\n await next()\n return\n }\n\n // State-changing request with cookie auth — validate CSRF\n const cookieToken = getCookie(c, 'csrf_token')\n let headerToken = c.req.header('X-CSRF-Token')\n\n // Fallback: check _csrf field in form-encoded body (regular HTML form submissions)\n if (!headerToken) {\n const contentType = c.req.header('Content-Type') || ''\n if (contentType.includes('application/x-www-form-urlencoded') || contentType.includes('multipart/form-data')) {\n try {\n const body = await c.req.parseBody()\n headerToken = body['_csrf'] as string | undefined\n } catch {\n // Body not parseable — leave headerToken undefined\n }\n }\n }\n\n if (!cookieToken || !headerToken) {\n return csrfError(c, 'CSRF token missing')\n }\n\n if (cookieToken !== headerToken) {\n return csrfError(c, 'CSRF token mismatch')\n }\n\n const isValid = await validateCsrfToken(cookieToken, secret)\n if (!isValid) {\n return csrfError(c, 'CSRF token invalid')\n }\n\n await next()\n }\n}\n\n/**\n * Ensure a valid CSRF cookie exists. Check-then-reuse: if the existing cookie\n * has a valid HMAC signature, reuse it (no new Set-Cookie header). Only\n * generate a fresh token when the cookie is missing or has an invalid signature.\n */\nasync function ensureCsrfCookie(c: Context, secret: string): Promise<void> {\n const existing = getCookie(c, 'csrf_token')\n\n if (existing) {\n const isValid = await validateCsrfToken(existing, secret)\n if (isValid) {\n // Reuse existing valid token — no Set-Cookie needed\n c.set('csrfToken', existing)\n return\n }\n }\n\n // Generate fresh token\n const token = await generateCsrfToken(secret)\n c.set('csrfToken', token)\n\n const isDev = c.env?.ENVIRONMENT === 'development' || !c.env?.ENVIRONMENT\n setCookie(c, 'csrf_token', token, {\n httpOnly: false, // JS must read this cookie\n secure: !isDev,\n sameSite: 'Strict',\n path: '/',\n maxAge: 86400, // 24 hours — browser-side expiry\n })\n}\n\n/** Return a 403 CSRF error — HTML for browser requests, JSON for API. */\nfunction csrfError(c: Context, message: string): Response {\n const accept = c.req.header('Accept') || ''\n if (accept.includes('text/html')) {\n return c.html(\n `<!DOCTYPE html><html><head><title>403 Forbidden</title></head>` +\n `<body><h1>403 Forbidden</h1><p>${message}</p></body></html>`,\n 403\n )\n }\n return c.json({ error: message, status: 403 }, 403)\n}\n","import { Context, Next } from 'hono'\n\ninterface RateLimitOptions {\n max: number\n windowMs: number\n keyPrefix: string\n}\n\ninterface RateLimitEntry {\n count: number\n resetAt: number\n}\n\n/**\n * KV-based sliding window rate limiter middleware.\n * Gracefully skips if CACHE_KV binding is not available.\n */\nexport function rateLimit(options: RateLimitOptions) {\n const { max, windowMs, keyPrefix } = options\n\n return async (c: Context, next: Next) => {\n const kv = (c.env as any)?.CACHE_KV\n if (!kv) {\n // No KV binding available — skip rate limiting\n return await next()\n }\n\n const ip = c.req.header('cf-connecting-ip') || c.req.header('x-forwarded-for') || 'unknown'\n const key = `ratelimit:${keyPrefix}:${ip}`\n\n try {\n const now = Date.now()\n const stored = await kv.get(key, 'json') as RateLimitEntry | null\n\n let entry: RateLimitEntry\n if (stored && stored.resetAt > now) {\n entry = stored\n } else {\n entry = { count: 0, resetAt: now + windowMs }\n }\n\n entry.count++\n\n // Calculate TTL in seconds (KV expiration)\n const ttlSeconds = Math.ceil((entry.resetAt - now) / 1000)\n\n if (entry.count > max) {\n // Store the updated count even when rejecting\n await kv.put(key, JSON.stringify(entry), { expirationTtl: Math.max(ttlSeconds, 1) })\n\n const retryAfter = Math.ceil((entry.resetAt - now) / 1000)\n c.header('Retry-After', String(retryAfter))\n c.header('X-RateLimit-Limit', String(max))\n c.header('X-RateLimit-Remaining', '0')\n c.header('X-RateLimit-Reset', String(Math.ceil(entry.resetAt / 1000)))\n return c.json({ error: 'Too many requests. Please try again later.' }, 429)\n }\n\n await kv.put(key, JSON.stringify(entry), { expirationTtl: Math.max(ttlSeconds, 1) })\n\n c.header('X-RateLimit-Limit', String(max))\n c.header('X-RateLimit-Remaining', String(max - entry.count))\n c.header('X-RateLimit-Reset', String(Math.ceil(entry.resetAt / 1000)))\n\n return await next()\n } catch (error) {\n // Rate limiting should never break the app\n console.error('Rate limiter error (non-fatal):', error)\n return await next()\n }\n }\n}\n","import { Context, Next } from 'hono'\n\n/**\n * Security headers middleware.\n * Sets standard security headers on every response.\n * Skips HSTS in development to avoid local dev issues.\n */\nexport const securityHeadersMiddleware = () => {\n return async (c: Context, next: Next) => {\n await next()\n\n c.header('X-Content-Type-Options', 'nosniff')\n c.header('X-Frame-Options', 'SAMEORIGIN')\n c.header('Referrer-Policy', 'strict-origin-when-cross-origin')\n c.header('Permissions-Policy', 'camera=(), microphone=(), geolocation=()')\n\n // Only set HSTS in non-development environments\n const environment = (c.env as any)?.ENVIRONMENT\n if (environment !== 'development') {\n c.header('Strict-Transport-Security', 'max-age=31536000; includeSubDomains')\n }\n }\n}\n","/**\n * Middleware Module Exports\n *\n * Request processing middleware for SonicJS\n *\n * Note: Most middleware is currently in the monolith and will be migrated later.\n * For now, we only export the bootstrap middleware which is used for system initialization.\n */\n\n// Bootstrap middleware\nexport { bootstrapMiddleware, verifySecurityConfig } from './bootstrap'\n\n// Auth middleware\nexport { AuthManager, requireAuth, requireRole, optionalAuth } from './auth'\n\n// Metrics middleware\nexport { metricsMiddleware } from './metrics'\n\n// CSRF protection middleware\nexport { csrfProtection, generateCsrfToken, validateCsrfToken } from './csrf'\n\n// Rate limiting middleware\nexport { rateLimit } from './rate-limit'\n\n// Re-export types and functions that are referenced but implemented in monolith\n// These are placeholder exports to maintain API compatibility\nexport type Permission = string\nexport type UserPermissions = {\n userId: string\n permissions: Permission[]\n}\n\n// Middleware stubs - these return pass-through middleware that call next()\nexport const loggingMiddleware: any = () => async (_c: any, next: any) => await next()\nexport const detailedLoggingMiddleware: any = () => async (_c: any, next: any) => await next()\nexport const securityLoggingMiddleware: any = () => async (_c: any, next: any) => await next()\nexport const performanceLoggingMiddleware: any = () => async (_c: any, next: any) => await next()\nexport const cacheHeaders: any = () => async (_c: any, next: any) => await next()\nexport const compressionMiddleware: any = async (_c: any, next: any) => await next()\nexport { securityHeadersMiddleware as securityHeaders } from './security-headers'\n\n// Other stubs\nexport const PermissionManager: any = {}\nexport const requirePermission: any = () => async (_c: any, next: any) => await next()\nexport const requireAnyPermission: any = () => async (_c: any, next: any) => await next()\nexport const logActivity: any = () => {}\nexport const requireActivePlugin: any = () => async (_c: any, next: any) => await next()\nexport const requireActivePlugins: any = () => async (_c: any, next: any) => await next()\nexport const getActivePlugins: any = () => []\nexport const isPluginActive: any = () => false\n"]}
package/dist/{chunk-STTZVLY2.js → chunk-6O3RJV3C.js} RENAMED
@@ -2125,5 +2125,5 @@ var MigrationService = class {
2125
2125
  };
2126
2126
 
2127
2127
  export { MigrationService };
2128
- //# sourceMappingURL=chunk-STTZVLY2.js.map
2129
- //# sourceMappingURL=chunk-STTZVLY2.js.map
2128
+ //# sourceMappingURL=chunk-6O3RJV3C.js.map
2129
+ //# sourceMappingURL=chunk-6O3RJV3C.js.map