@striae-org/striae 6.1.8 → 7.0.1

package/workers/image-worker/src/handlers/delete-image.ts

@@ -1,26 +1,21 @@
-import { hasValidToken } from '../auth';
-import type { CreateImageWorkerResponse, Env } from '../types';
+import type { CreateResponse, Env } from '../types';
 import { parseFileId } from '../utils/path-utils';
 
 export async function handleImageDelete(
   request: Request,
   env: Env,
-  createJsonResponse: CreateImageWorkerResponse
+  respond: CreateResponse
 ): Promise<Response> {
-  if (!hasValidToken(request, env)) {
-    return createJsonResponse({ error: 'Unauthorized' }, 403);
-  }
-
   const fileId = parseFileId(new URL(request.url).pathname);
   if (!fileId) {
-    return createJsonResponse({ error: 'Image ID is required' }, 400);
+    return respond({ error: 'Image ID is required' }, 400);
   }
 
   const existing = await env.STRIAE_FILES.head(fileId);
   if (!existing) {
-    return createJsonResponse({ error: 'File not found' }, 404);
+    return respond({ error: 'File not found' }, 404);
   }
 
   await env.STRIAE_FILES.delete(fileId);
-  return createJsonResponse({ success: true });
+  return respond({ success: true });
 }

package/workers/image-worker/src/handlers/mint-signed-url.ts

@@ -1,4 +1,3 @@
-import { hasValidToken } from '../auth';
 import {
   normalizeSignedUrlTtlSeconds,
   parseSignedUrlBaseUrl,
@@ -6,7 +5,7 @@ import {
   signSignedAccessPayload
 } from '../security/signed-url';
 import type {
-  CreateImageWorkerResponse,
+  CreateResponse,
   Env,
   SignedAccessPayload
 } from '../types';
@@ -19,17 +18,13 @@ export async function handleSignedUrlMinting(
   request: Request,
   env: Env,
   fileId: string,
-  createJsonResponse: CreateImageWorkerResponse
+  respond: CreateResponse
 ): Promise<Response> {
-  if (!hasValidToken(request, env)) {
-    return createJsonResponse({ error: 'Unauthorized' }, 403);
-  }
-
   requireSignedUrlConfig(env);
 
   const existing = await env.STRIAE_FILES.head(fileId);
   if (!existing) {
-    return createJsonResponse({ error: 'File not found' }, 404);
+    return respond({ error: 'File not found' }, 404);
   }
 
   let requestedExpiresInSeconds: number | undefined;
@@ -63,7 +58,7 @@ export async function handleSignedUrlMinting(
       console.error('Invalid IMAGE_SIGNED_URL_BASE_URL configuration', {
         reason: error instanceof Error ? error.message : String(error)
       });
-      return createJsonResponse({ error: 'Signed URL base URL is misconfigured' }, 500);
+      return respond({ error: 'Signed URL base URL is misconfigured' }, 500);
     }
   } else {
     baseUrl = new URL(request.url).origin;
@@ -71,7 +66,7 @@ export async function handleSignedUrlMinting(
 
   const signedUrl = `${baseUrl}/${encodeURIComponent(fileId)}?st=${encodeURIComponent(signedToken)}`;
 
-  return createJsonResponse({
+  return respond({
     success: true,
     result: {
       fileId,

package/workers/image-worker/src/handlers/serve-image.ts

@@ -1,10 +1,9 @@
-import { hasValidToken } from '../auth';
 import {
   decryptBinaryWithRegistry,
   requireEncryptionRetrievalConfig
 } from '../security/key-registry';
 import { requireSignedUrlConfig, verifySignedAccessToken } from '../security/signed-url';
-import type { CreateImageWorkerResponse, Env } from '../types';
+import type { CreateResponse, Env } from '../types';
 import { buildSafeContentDisposition } from '../utils/content-disposition';
 import { extractEnvelope } from '../utils/storage-metadata';
 
@@ -12,7 +11,7 @@ export async function handleImageServing(
   request: Request,
   env: Env,
   fileId: string,
-  createJsonResponse: CreateImageWorkerResponse
+  respond: CreateResponse
 ): Promise<Response> {
   const requestUrl = new URL(request.url);
   const hasSignedToken = requestUrl.searchParams.has('st');
@@ -22,27 +21,27 @@ export async function handleImageServing(
     requireSignedUrlConfig(env);
 
     if (!signedToken || signedToken.trim().length === 0) {
-      return createJsonResponse({ error: 'Invalid or expired signed URL token' }, 403);
+      return respond({ error: 'Invalid or expired signed URL token' }, 403);
     }
 
     const tokenValid = await verifySignedAccessToken(signedToken, fileId, env);
     if (!tokenValid) {
-      return createJsonResponse({ error: 'Invalid or expired signed URL token' }, 403);
+      return respond({ error: 'Invalid or expired signed URL token' }, 403);
     }
-  } else if (!hasValidToken(request, env)) {
-    return createJsonResponse({ error: 'Unauthorized' }, 403);
+  } else {
+    return respond({ error: 'Unauthorized' }, 403);
   }
 
   requireEncryptionRetrievalConfig(env);
 
   const file = await env.STRIAE_FILES.get(fileId);
   if (!file) {
-    return createJsonResponse({ error: 'File not found' }, 404);
+    return respond({ error: 'File not found' }, 404);
   }
 
   const envelope = extractEnvelope(file);
   if (!envelope) {
-    return createJsonResponse({ error: 'Missing data-at-rest envelope metadata' }, 500);
+    return respond({ error: 'Missing data-at-rest envelope metadata' }, 500);
   }
 
   const encryptedData = await file.arrayBuffer();

package/workers/image-worker/src/handlers/upload-image.ts

@@ -1,24 +1,19 @@
-import { hasValidToken } from '../auth';
 import { encryptBinaryForStorage } from '../encryption-utils';
 import { requireEncryptionUploadConfig } from '../security/key-registry';
-import type { CreateImageWorkerResponse, Env } from '../types';
+import type { CreateResponse, Env } from '../types';
 import { deriveFileKind } from '../utils/content-disposition';
 
 export async function handleImageUpload(
   request: Request,
   env: Env,
-  createJsonResponse: CreateImageWorkerResponse
+  respond: CreateResponse
 ): Promise<Response> {
-  if (!hasValidToken(request, env)) {
-    return createJsonResponse({ error: 'Unauthorized' }, 403);
-  }
-
   requireEncryptionUploadConfig(env);
 
   const formData = await request.formData();
   const fileValue = formData.get('file');
   if (!(fileValue instanceof Blob)) {
-    return createJsonResponse({ error: 'Missing file upload payload' }, 400);
+    return respond({ error: 'Missing file upload payload' }, 400);
   }
 
   const fileBlob = fileValue;
@@ -49,7 +44,7 @@ export async function handleImageUpload(
     }
   });
 
-  return createJsonResponse({
+  return respond({
     success: true,
     errors: [],
     messages: [],

package/workers/image-worker/src/image-worker.ts

@@ -1,7 +1,7 @@
 import { routeImageWorkerRequest } from './router';
-import type { APIResponse, Env } from './types';
+import type { APIResponse, CreateResponse, Env } from './types';
 
-const createJsonResponse = (data: APIResponse, status: number = 200): Response => new Response(
+const createWorkerResponse: CreateResponse = (data: APIResponse, status: number = 200): Response => new Response(
   JSON.stringify(data),
   {
     status,
@@ -12,10 +12,10 @@ const createJsonResponse = (data: APIResponse, status: number = 200): Response =
 export default {
   async fetch(request: Request, env: Env): Promise<Response> {
     try {
-      return await routeImageWorkerRequest(request, env, createJsonResponse);
+      return await routeImageWorkerRequest(request, env, createWorkerResponse);
     } catch (error) {
       const errorMessage = error instanceof Error ? error.message : 'Unknown error occurred';
-      return createJsonResponse({ error: errorMessage }, 500);
+      return createWorkerResponse({ error: errorMessage }, 500);
     }
   }
 };

package/workers/image-worker/src/router.ts

@@ -2,51 +2,51 @@ import { handleImageDelete } from './handlers/delete-image';
 import { handleSignedUrlMinting } from './handlers/mint-signed-url';
 import { handleImageServing } from './handlers/serve-image';
 import { handleImageUpload } from './handlers/upload-image';
-import type { CreateImageWorkerResponse, Env } from './types';
+import type { CreateResponse, Env } from './types';
 import { parsePathSegments } from './utils/path-utils';
 
 export async function routeImageWorkerRequest(
   request: Request,
   env: Env,
-  createJsonResponse: CreateImageWorkerResponse
+  respond: CreateResponse
 ): Promise<Response> {
   const requestUrl = new URL(request.url);
   const pathSegments = parsePathSegments(requestUrl.pathname);
   if (!pathSegments) {
-    return createJsonResponse({ error: 'Invalid image path encoding' }, 400);
+    return respond({ error: 'Invalid image path encoding' }, 400);
   }
 
   switch (request.method) {
     case 'POST': {
       if (pathSegments.length === 0) {
-        return handleImageUpload(request, env, createJsonResponse);
+        return handleImageUpload(request, env, respond);
       }
 
       if (pathSegments.length === 2 && pathSegments[1] === 'signed-url') {
-        return handleSignedUrlMinting(request, env, pathSegments[0], createJsonResponse);
+        return handleSignedUrlMinting(request, env, pathSegments[0], respond);
       }
 
-      return createJsonResponse({ error: 'Not found' }, 404);
+      return respond({ error: 'Not found' }, 404);
     }
 
     case 'GET': {
       const fileId = pathSegments.length === 1 ? pathSegments[0] : null;
       if (!fileId) {
-        return createJsonResponse({ error: 'Image ID is required' }, 400);
+        return respond({ error: 'Image ID is required' }, 400);
       }
 
-      return handleImageServing(request, env, fileId, createJsonResponse);
+      return handleImageServing(request, env, fileId, respond);
     }
 
     case 'DELETE': {
       if (pathSegments.length !== 1) {
-        return createJsonResponse({ error: 'Not found' }, 404);
+        return respond({ error: 'Not found' }, 404);
       }
 
-      return handleImageDelete(request, env, createJsonResponse);
+      return handleImageDelete(request, env, respond);
     }
 
     default:
-      return createJsonResponse({ error: 'Method not allowed' }, 405);
+      return respond({ error: 'Method not allowed' }, 405);
   }
 }

package/workers/image-worker/src/security/signed-url.ts

@@ -51,7 +51,7 @@ export function normalizeSignedUrlTtlSeconds(requestedTtlSeconds: unknown, env:
 }
 
 export function requireSignedUrlConfig(env: Env): void {
-  const resolvedSecret = (env.IMAGE_SIGNED_URL_SECRET || env.IMAGES_API_TOKEN || '').trim();
+  const resolvedSecret = (env.IMAGE_SIGNED_URL_SECRET || '').trim();
   if (resolvedSecret.length === 0) {
     throw new Error('Signed URL configuration is missing');
   }
@@ -77,7 +77,7 @@ export function parseSignedUrlBaseUrl(raw: string): string {
 }
 
 async function getSignedUrlHmacKey(env: Env): Promise<CryptoKey> {
-  const resolvedSecret = (env.IMAGE_SIGNED_URL_SECRET || env.IMAGES_API_TOKEN || '').trim();
+  const resolvedSecret = (env.IMAGE_SIGNED_URL_SECRET || '').trim();
   const keyBytes = new TextEncoder().encode(resolvedSecret);
 
   return crypto.subtle.importKey(

package/workers/image-worker/src/types.ts

@@ -1,5 +1,4 @@
 export interface Env {
-  IMAGES_API_TOKEN: string;
   STRIAE_FILES: R2Bucket;
   DATA_AT_REST_ENCRYPTION_PRIVATE_KEY?: string;
   DATA_AT_REST_ENCRYPTION_PUBLIC_KEY: string;
@@ -65,4 +64,4 @@ export interface SignedAccessPayload {
   nonce: string;
 }
 
-export type CreateImageWorkerResponse = (data: APIResponse, status?: number) => Response;
+export type CreateResponse = (data: APIResponse, status?: number) => Response;

package/workers/image-worker/wrangler.jsonc.example

@@ -2,7 +2,8 @@
   "name": "IMAGES_WORKER_NAME",
   "account_id": "ACCOUNT_ID",
   "main": "src/image-worker.ts",
-  "compatibility_date": "2026-04-20",
+  "workers_dev": false,
+  "compatibility_date": "2026-04-22",
   "compatibility_flags": [
     "nodejs_compat"
   ], 

package/workers/pdf-worker/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pdf-worker",
-  "version": "6.1.8",
+  "version": "7.0.1",
   "private": true,
   "scripts": {
     "generate:assets": "node scripts/generate-assets.js",
@@ -9,6 +9,6 @@
     "start": "wrangler dev"
   },
   "devDependencies": {
-    "wrangler": "^4.84.0"
+    "wrangler": "^4.84.1"
   }
 }

package/workers/pdf-worker/src/pdf-worker.ts

@@ -2,7 +2,6 @@ import type { PDFGenerationData, PDFGenerationRequest, ReportModule, ReportPdfOp
 import { getAuditTrailPdfOptions, isAuditTrailReportMode, renderAuditTrailReport } from './audit-trail-report';
 
 interface Env {
-  PDF_WORKER_AUTH: string;
   ACCOUNT_ID?: string;
   BROWSER_API_TOKEN?: string;
 }
@@ -40,9 +39,6 @@ const reportModuleLoaders: Record<string, () => Promise<ReportModule>> = {
 
 };
 
-const hasValidHeader = (request: Request, env: Env): boolean =>
-  request.headers.get('X-Custom-Auth-Key') === env.PDF_WORKER_AUTH;
-
 function isTimeoutError(error: unknown): boolean {
   return error instanceof Error && (
     error.name === 'AbortError' ||
@@ -193,10 +189,6 @@ async function renderPdfViaRestEndpoint(env: Env, html: string, pdfOptions: Repo
 
 export default {
   async fetch(request: Request, env: Env): Promise<Response> {
-    if (!hasValidHeader(request, env)) {
-      return jsonResponse({ error: 'Forbidden' }, 403);
-    }
-
     if (request.method === 'POST') {
       try {
         const payload = await request.json() as unknown;

package/workers/pdf-worker/wrangler.jsonc.example

@@ -2,7 +2,8 @@
   "name": "PDF_WORKER_NAME",
   "account_id": "ACCOUNT_ID",
   "main": "src/pdf-worker.ts",
-  "compatibility_date": "2026-04-20",
+  "workers_dev": false,
+  "compatibility_date": "2026-04-22",
   "compatibility_flags": [
     "nodejs_compat"
   ],

package/workers/user-worker/package.json

@@ -1,6 +1,6 @@
 {
   "name": "user-worker",
-  "version": "6.1.8",
+  "version": "7.0.1",
   "private": true,
   "scripts": {
     "deploy": "wrangler deploy",
@@ -8,6 +8,6 @@
     "start": "wrangler dev"
   },
   "devDependencies": {
-    "wrangler": "^4.84.0"
+    "wrangler": "^4.84.1"
   }
 }

package/workers/user-worker/src/auth.ts

@@ -1,12 +1,5 @@
 import type { Env } from './types';
 
-export async function authenticate(request: Request, env: Env): Promise<void> {
-  const authKey = request.headers.get('X-Custom-Auth-Key');
-  if (authKey !== env.USER_DB_AUTH) {
-    throw new Error('Unauthorized');
-  }
-}
-
 export function requireUserKvReadConfig(env: Env): void {
   const hasLegacyPrivateKey = typeof env.USER_KV_ENCRYPTION_PRIVATE_KEY === 'string' && env.USER_KV_ENCRYPTION_PRIVATE_KEY.trim().length > 0;
   const hasRegistryPrivateKeys = typeof env.USER_KV_ENCRYPTION_KEYS_JSON === 'string' && env.USER_KV_ENCRYPTION_KEYS_JSON.trim().length > 0;

package/workers/user-worker/src/handlers/user-routes.ts

@@ -3,49 +3,38 @@ import { readUserRecord, writeUserRecord } from '../storage/user-records';
 import type {
   AddCasesRequest,
   AccountDeletionProgressEvent,
+  CreateResponse,
   DeleteCasesRequest,
   Env,
   UserData,
   UserRequestData
 } from '../types';
 
-function createJsonResponse(data: unknown, status: number = 200): Response {
-  return new Response(JSON.stringify(data), {
-    status,
-    headers: { 'Content-Type': 'application/json; charset=utf-8' }
-  });
-}
-
-function createTextResponse(message: string, status: number): Response {
-  return new Response(message, {
-    status,
-    headers: { 'Content-Type': 'text/plain; charset=utf-8' }
-  });
-}
-
 export async function handleGetUser(
   env: Env,
-  userUid: string
+  userUid: string,
+  respond: CreateResponse
 ): Promise<Response> {
   try {
     const userData = await readUserRecord(env, userUid);
     if (userData === null) {
-      return createTextResponse('User not found', 404);
+      return respond({ error: 'User not found' }, 404);
     }
 
-    return createJsonResponse(userData);
+    return respond(userData);
   } catch (error) {
     const errorMessage = error instanceof Error ? error.message : 'Unknown user data read error';
     console.error('Failed to get user data:', { uid: userUid, reason: errorMessage });
 
-    return createTextResponse('Failed to get user data', 500);
+    return respond({ error: 'Failed to get user data' }, 500);
   }
 }
 
 export async function handleAddUser(
   request: Request,
   env: Env,
-  userUid: string
+  userUid: string,
+  respond: CreateResponse
 ): Promise<Response> {
   try {
     const requestData: UserRequestData = await request.json();
@@ -87,20 +76,21 @@ export async function handleAddUser(
 
     await writeUserRecord(env, userUid, userData);
 
-    return createJsonResponse(userData, existingUser !== null ? 200 : 201);
+    return respond(userData, existingUser !== null ? 200 : 201);
   } catch {
-    return createTextResponse('Failed to save user data', 500);
+    return respond({ error: 'Failed to save user data' }, 500);
   }
 }
 
 export async function handleDeleteUser(
   env: Env,
-  userUid: string
+  userUid: string,
+  respond: CreateResponse
 ): Promise<Response> {
   try {
     const result = await executeUserDeletion(env, userUid);
 
-    return createJsonResponse({
+    return respond({
       success: result.success,
       message: result.message
     });
@@ -109,10 +99,10 @@ export async function handleDeleteUser(
     const errorMessage = error instanceof Error ? error.message : 'Unknown error occurred';
 
     if (errorMessage === 'User not found') {
-      return createTextResponse('User not found', 404);
+      return respond({ error: 'User not found' }, 404);
     }
 
-    return createJsonResponse({
+    return respond({
       success: false,
       message: 'Failed to delete user account'
     }, 500);
@@ -170,13 +160,14 @@ export function handleDeleteUserWithProgress(
 export async function handleAddCases(
   request: Request,
   env: Env,
-  userUid: string
+  userUid: string,
+  respond: CreateResponse
 ): Promise<Response> {
   try {
     const { cases = [] }: AddCasesRequest = await request.json();
     const userData = await readUserRecord(env, userUid);
     if (!userData) {
-      return createTextResponse('User not found', 404);
+      return respond({ error: 'User not found' }, 404);
     }
 
     const existingCases = userData.cases || [];
@@ -188,30 +179,31 @@ export async function handleAddCases(
     userData.updatedAt = new Date().toISOString();
     await writeUserRecord(env, userUid, userData);
 
-    return createJsonResponse(userData);
+    return respond(userData);
   } catch {
-    return createTextResponse('Failed to add cases', 500);
+    return respond({ error: 'Failed to add cases' }, 500);
   }
 }
 
 export async function handleDeleteCases(
   request: Request,
   env: Env,
-  userUid: string
+  userUid: string,
+  respond: CreateResponse
 ): Promise<Response> {
   try {
     const { casesToDelete }: DeleteCasesRequest = await request.json();
     const userData = await readUserRecord(env, userUid);
     if (!userData) {
-      return createTextResponse('User not found', 404);
+      return respond({ error: 'User not found' }, 404);
     }
 
-    userData.cases = userData.cases.filter((caseItem) => !casesToDelete.includes(caseItem.caseNumber));
+    userData.cases = (userData.cases || []).filter((caseItem) => !casesToDelete.includes(caseItem.caseNumber));
     userData.updatedAt = new Date().toISOString();
     await writeUserRecord(env, userUid, userData);
 
-    return createJsonResponse(userData);
+    return respond(userData);
   } catch {
-    return createTextResponse('Failed to delete cases', 500);
+    return respond({ error: 'Failed to delete cases' }, 500);
   }
 }

package/workers/user-worker/src/types.ts

@@ -1,9 +1,7 @@
 export interface Env {
-  USER_DB_AUTH: string;
   USER_DB: KVNamespace;
   STRIAE_DATA: R2Bucket;
   STRIAE_FILES: R2Bucket;
-  R2_KEY_SECRET: string;
   DATA_AT_REST_ENCRYPTION_PRIVATE_KEY?: string;
   DATA_AT_REST_ENCRYPTION_KEY_ID?: string;
   DATA_AT_REST_ENCRYPTION_KEYS_JSON?: string;
@@ -30,6 +28,19 @@ export interface PrivateKeyRegistry {
 
 export type DecryptionTelemetryOutcome = 'primary-hit' | 'fallback-hit' | 'all-failed';
 
+export interface SuccessResponse {
+  success: boolean;
+  message?: string;
+}
+
+export interface ErrorResponse {
+  error: string;
+}
+
+export type APIResponse = SuccessResponse | ErrorResponse | UserData;
+
+export type CreateResponse = (data: APIResponse, status?: number) => Response;
+
 export interface CaseItem {
   caseNumber: string;
   caseName?: string;

package/workers/user-worker/src/user-worker.ts

@@ -1,4 +1,4 @@
-import { authenticate, requireUserKvReadConfig, requireUserKvWriteConfig } from './auth';
+import { requireUserKvReadConfig, requireUserKvWriteConfig } from './auth';
 import { USER_CASES_SEGMENT } from './config';
 import {
   handleAddCases,
@@ -8,42 +8,38 @@ import {
   handleDeleteUserWithProgress,
   handleGetUser
 } from './handlers/user-routes';
-import type { Env } from './types';
+import type { CreateResponse, Env } from './types';
 
-function createTextResponse(message: string, status: number): Response {
-  return new Response(message, {
-    status,
-    headers: { 'Content-Type': 'text/plain; charset=utf-8' }
-  });
-}
+const createWorkerResponse: CreateResponse = (data, status: number = 200): Response => new Response(
+  JSON.stringify(data),
+  { status, headers: { 'Content-Type': 'application/json' } }
+);
 
 export default {
   async fetch(request: Request, env: Env): Promise<Response> {
     try {
-      await authenticate(request, env);
-
       // DELETE can mutate user KV data (for example /:uid/cases), so non-GET methods require write config.
       if (request.method === 'GET') {
         requireUserKvReadConfig(env);
       } else {
         requireUserKvWriteConfig(env);
       }
-      
+
       const url = new URL(request.url);
       const parts = url.pathname.split('/');
       const userUid = parts[1];
       const isCasesEndpoint = parts[2] === USER_CASES_SEGMENT;
-      
+
       if (!userUid) {
-        return createTextResponse('Not Found', 404);
+        return createWorkerResponse({ error: 'Not Found' }, 404);
       }
 
       // Handle regular cases endpoint
       if (isCasesEndpoint) {
         switch (request.method) {
-          case 'PUT': return handleAddCases(request, env, userUid);
-          case 'DELETE': return handleDeleteCases(request, env, userUid);
-          default: return createTextResponse('Method not allowed', 405);
+          case 'PUT': return handleAddCases(request, env, userUid, createWorkerResponse);
+          case 'DELETE': return handleDeleteCases(request, env, userUid, createWorkerResponse);
+          default: return createWorkerResponse({ error: 'Method not allowed' }, 405);
         }
       }
 
@@ -52,24 +48,20 @@ export default {
       const streamProgress = url.searchParams.get('stream') === 'true' || acceptsEventStream;
 
       switch (request.method) {
-        case 'GET': return handleGetUser(env, userUid);
-        case 'PUT': return handleAddUser(request, env, userUid);
+        case 'GET': return handleGetUser(env, userUid, createWorkerResponse);
+        case 'PUT': return handleAddUser(request, env, userUid, createWorkerResponse);
         case 'DELETE': return streamProgress
           ? handleDeleteUserWithProgress(env, userUid)
-          : handleDeleteUser(env, userUid);
-        default: return createTextResponse('Method not allowed', 405);
+          : handleDeleteUser(env, userUid, createWorkerResponse);
+        default: return createWorkerResponse({ error: 'Method not allowed' }, 405);
       }
     } catch (error) {
       const errorMessage = error instanceof Error ? error.message : 'Unknown error occurred';
-      if (errorMessage === 'Unauthorized') {
-        return createTextResponse('Forbidden', 403);
-      }
-
       if (errorMessage === 'User KV encryption is not fully configured') {
-        return createTextResponse(errorMessage, 500);
+        return createWorkerResponse({ error: errorMessage }, 500);
       }
-      
-      return createTextResponse('Internal Server Error', 500);
+
+      return createWorkerResponse({ error: 'Internal Server Error' }, 500);
     }
   }
 };