@takuhon/api 0.22.0 → 0.23.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.d.ts CHANGED
@@ -241,6 +241,7 @@ declare function adminAssetSecurityHeaders(): Record<string, string>;
241
241
  * import('./cv-html.js')}). All are string-in / string-out with no I/O, so they
242
242
  * stay unit-testable and keep both renderers' escaping behavior identical.
243
243
  */
244
+
244
245
  /** Escape text for use in HTML element content or double/single-quoted attributes. */
245
246
  declare function escapeHtml(value: string): string;
246
247
 
package/dist/index.js CHANGED
@@ -57,6 +57,7 @@ import { Hono } from "hono";
57
57
  import { generateJsonLd, renderActivitySvg } from "@takuhon/core";
58
58
 
59
59
  // src/html/html-helpers.ts
60
+ import { formatDate, getPresentLabel } from "@takuhon/core";
60
61
  function escapeHtml(value) {
61
62
  return value.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#39;");
62
63
  }
@@ -66,9 +67,16 @@ function safeUrl(url) {
66
67
  if (scheme === void 0) return trimmed;
67
68
  return scheme === "http" || scheme === "https" || scheme === "mailto" ? trimmed : void 0;
68
69
  }
69
- function dateRange(start, end, isCurrent) {
70
- const left = start ?? "";
71
- const right = isCurrent === true || end === null ? "Present" : end ?? "";
70
+ function timeTag(iso, locale) {
71
+ return `<time datetime="${escapeHtml(iso)}">${escapeHtml(formatDate(iso, locale))}</time>`;
72
+ }
73
+ function presentLabel(locale) {
74
+ return escapeHtml(getPresentLabel(locale));
75
+ }
76
+ function dateRange(start, opts) {
77
+ const { end, isCurrent, locale } = opts;
78
+ const left = start ? timeTag(start, locale) : "";
79
+ const right = isCurrent === true || end === null ? presentLabel(locale) : end ? timeTag(end, locale) : "";
72
80
  if (left && right) return `${left} \u2013 ${right}`;
73
81
  return left || right;
74
82
  }
@@ -111,7 +119,7 @@ function renderEntry(entry) {
111
119
  const heading = href ? `<a href="${escapeHtml(href)}">${escapeHtml(entry.heading)}</a>` : escapeHtml(entry.heading);
112
120
  const parts = [`<h3>${heading}</h3>`];
113
121
  if (entry.sub) parts.push(`<p class="sub">${escapeHtml(entry.sub)}</p>`);
114
- if (entry.dates) parts.push(`<p class="meta">${escapeHtml(entry.dates)}</p>`);
122
+ if (entry.dates) parts.push(`<p class="meta">${entry.dates}</p>`);
115
123
  if (entry.body) parts.push(`<p>${escapeHtml(entry.body)}</p>`);
116
124
  if (entry.tags && entry.tags.length > 0) {
117
125
  parts.push(
@@ -223,7 +231,11 @@ function renderProfileHtml(input) {
223
231
  d.careers.map((c) => ({
224
232
  heading: c.role,
225
233
  sub: c.organization,
226
- dates: dateRange(c.startDate, c.endDate, c.isCurrent),
234
+ dates: dateRange(c.startDate, {
235
+ end: c.endDate,
236
+ isCurrent: c.isCurrent,
237
+ locale: d.resolvedLocale
238
+ }),
227
239
  body: c.description,
228
240
  url: c.url
229
241
  }))
@@ -232,7 +244,7 @@ function renderProfileHtml(input) {
232
244
  "Projects",
233
245
  d.projects.map((x) => ({
234
246
  heading: x.title,
235
- dates: dateRange(x.startDate, x.endDate),
247
+ dates: dateRange(x.startDate, { end: x.endDate, locale: d.resolvedLocale }),
236
248
  body: x.description,
237
249
  url: x.url,
238
250
  tags: x.tags
@@ -247,7 +259,11 @@ function renderProfileHtml(input) {
247
259
  return {
248
260
  heading: degree ?? e.institution,
249
261
  sub: degree ? e.institution : void 0,
250
- dates: dateRange(e.startDate, e.endDate, e.isCurrent),
262
+ dates: dateRange(e.startDate, {
263
+ end: e.endDate,
264
+ isCurrent: e.isCurrent,
265
+ locale: d.resolvedLocale
266
+ }),
251
267
  body: e.description,
252
268
  url: e.url
253
269
  };
@@ -258,7 +274,7 @@ function renderProfileHtml(input) {
258
274
  d.certifications.map((c) => ({
259
275
  heading: c.title,
260
276
  sub: c.issuingOrganization,
261
- dates: dateRange(c.issueDate, c.expirationDate),
277
+ dates: dateRange(c.issueDate, { end: c.expirationDate, locale: d.resolvedLocale }),
262
278
  url: c.url
263
279
  }))
264
280
  ),
@@ -267,7 +283,7 @@ function renderProfileHtml(input) {
267
283
  d.publications.map((x) => ({
268
284
  heading: x.title,
269
285
  sub: nonEmpty([x.publisher, x.coAuthors?.join(", ")], " \xB7 "),
270
- dates: dateRange(x.date),
286
+ dates: dateRange(x.date, { locale: d.resolvedLocale }),
271
287
  body: x.description,
272
288
  url: x.url ?? (x.doi ? `https://doi.org/${x.doi}` : void 0)
273
289
  }))
@@ -277,7 +293,7 @@ function renderProfileHtml(input) {
277
293
  d.honors.map((x) => ({
278
294
  heading: x.title,
279
295
  sub: x.issuer,
280
- dates: dateRange(x.date),
296
+ dates: dateRange(x.date, { locale: d.resolvedLocale }),
281
297
  body: x.description,
282
298
  url: x.url
283
299
  }))
@@ -287,7 +303,11 @@ function renderProfileHtml(input) {
287
303
  d.memberships.map((x) => ({
288
304
  heading: x.role ?? x.organization,
289
305
  sub: x.role ? x.organization : void 0,
290
- dates: dateRange(x.startDate, x.endDate, x.isCurrent),
306
+ dates: dateRange(x.startDate, {
307
+ end: x.endDate,
308
+ isCurrent: x.isCurrent,
309
+ locale: d.resolvedLocale
310
+ }),
291
311
  body: x.description,
292
312
  url: x.url
293
313
  }))
@@ -297,7 +317,11 @@ function renderProfileHtml(input) {
297
317
  d.volunteering.map((x) => ({
298
318
  heading: x.role,
299
319
  sub: nonEmpty([x.organization, x.cause], " \xB7 "),
300
- dates: dateRange(x.startDate, x.endDate, x.isCurrent),
320
+ dates: dateRange(x.startDate, {
321
+ end: x.endDate,
322
+ isCurrent: x.isCurrent,
323
+ locale: d.resolvedLocale
324
+ }),
301
325
  body: x.description,
302
326
  url: x.url
303
327
  }))
@@ -307,7 +331,7 @@ function renderProfileHtml(input) {
307
331
  d.courses.map((x) => ({
308
332
  heading: x.title,
309
333
  sub: x.provider,
310
- dates: dateRange(x.completionDate),
334
+ dates: dateRange(x.completionDate, { locale: d.resolvedLocale }),
311
335
  body: x.description,
312
336
  url: x.certificateUrl
313
337
  }))
@@ -317,7 +341,7 @@ function renderProfileHtml(input) {
317
341
  d.patents.map((x) => ({
318
342
  heading: x.title,
319
343
  sub: nonEmpty([x.patentNumber, x.office, x.status, x.coInventors?.join(", ")], " \xB7 "),
320
- dates: dateRange(x.filingDate ?? x.grantDate),
344
+ dates: dateRange(x.filingDate ?? x.grantDate, { locale: d.resolvedLocale }),
321
345
  body: x.description,
322
346
  url: x.url
323
347
  }))
@@ -326,7 +350,7 @@ function renderProfileHtml(input) {
326
350
  "Test scores",
327
351
  d.testScores.map((x) => ({
328
352
  heading: `${x.title}: ${x.score}`,
329
- dates: dateRange(x.date),
353
+ dates: dateRange(x.date, { locale: d.resolvedLocale }),
330
354
  body: x.description,
331
355
  url: x.url
332
356
  }))
@@ -1318,7 +1342,7 @@ ul{padding:0;margin:0;list-style:none}
1318
1342
  function renderEntry2(entry) {
1319
1343
  const href = entry.url ? safeUrl(entry.url) : void 0;
1320
1344
  const title = href ? `<a href="${escapeHtml(href)}">${escapeHtml(entry.heading)}</a>` : escapeHtml(entry.heading);
1321
- const dates = entry.dates ? `<span class="dates">${escapeHtml(entry.dates)}</span>` : "";
1345
+ const dates = entry.dates ? `<span class="dates">${entry.dates}</span>` : "";
1322
1346
  const parts = [`<div class="row"><h3>${title}</h3>${dates}</div>`];
1323
1347
  if (entry.sub) parts.push(`<p class="sub">${escapeHtml(entry.sub)}</p>`);
1324
1348
  if (entry.body) parts.push(`<p>${escapeHtml(entry.body)}</p>`);
@@ -1334,7 +1358,7 @@ function chipSection(title, labels) {
1334
1358
  function languageLabel(l) {
1335
1359
  return `${l.displayName ?? l.language} \u2014 ${l.proficiency}`;
1336
1360
  }
1337
- function renderSection(section) {
1361
+ function renderSection(section, locale) {
1338
1362
  const title = SECTION_TITLES[section.kind];
1339
1363
  switch (section.kind) {
1340
1364
  case "experience":
@@ -1343,7 +1367,7 @@ function renderSection(section) {
1343
1367
  section.entries.map((c) => ({
1344
1368
  heading: c.role,
1345
1369
  sub: c.organization,
1346
- dates: dateRange(c.startDate, c.endDate, c.isCurrent),
1370
+ dates: dateRange(c.startDate, { end: c.endDate, isCurrent: c.isCurrent, locale }),
1347
1371
  body: c.description,
1348
1372
  url: c.url
1349
1373
  }))
@@ -1356,7 +1380,7 @@ function renderSection(section) {
1356
1380
  return {
1357
1381
  heading: degree ?? e.institution,
1358
1382
  sub: degree ? e.institution : void 0,
1359
- dates: dateRange(e.startDate, e.endDate, e.isCurrent),
1383
+ dates: dateRange(e.startDate, { end: e.endDate, isCurrent: e.isCurrent, locale }),
1360
1384
  body: e.description,
1361
1385
  url: e.url
1362
1386
  };
@@ -1375,7 +1399,7 @@ function renderSection(section) {
1375
1399
  section.entries.map((c) => ({
1376
1400
  heading: c.title,
1377
1401
  sub: c.issuingOrganization,
1378
- dates: dateRange(c.issueDate, c.expirationDate),
1402
+ dates: dateRange(c.issueDate, { end: c.expirationDate, locale }),
1379
1403
  url: c.url
1380
1404
  }))
1381
1405
  );
@@ -1385,7 +1409,7 @@ function renderSection(section) {
1385
1409
  section.entries.map((x) => ({
1386
1410
  heading: x.title,
1387
1411
  sub: nonEmpty([x.publisher, x.coAuthors?.join(", ")], " \xB7 "),
1388
- dates: dateRange(x.date),
1412
+ dates: dateRange(x.date, { locale }),
1389
1413
  body: x.description,
1390
1414
  url: x.url ?? (x.doi ? `https://doi.org/${x.doi}` : void 0)
1391
1415
  }))
@@ -1396,7 +1420,7 @@ function renderSection(section) {
1396
1420
  section.entries.map((x) => ({
1397
1421
  heading: x.title,
1398
1422
  sub: x.issuer,
1399
- dates: dateRange(x.date),
1423
+ dates: dateRange(x.date, { locale }),
1400
1424
  body: x.description,
1401
1425
  url: x.url
1402
1426
  }))
@@ -1407,7 +1431,7 @@ function renderSection(section) {
1407
1431
  section.entries.map((x) => ({
1408
1432
  heading: x.title,
1409
1433
  sub: x.provider,
1410
- dates: dateRange(x.completionDate),
1434
+ dates: dateRange(x.completionDate, { locale }),
1411
1435
  body: x.description,
1412
1436
  url: x.certificateUrl
1413
1437
  }))
@@ -1418,7 +1442,7 @@ function renderSection(section) {
1418
1442
  section.entries.map((x) => ({
1419
1443
  heading: x.title,
1420
1444
  sub: nonEmpty([x.patentNumber, x.office, x.status], " \xB7 "),
1421
- dates: dateRange(x.filingDate ?? x.grantDate),
1445
+ dates: dateRange(x.filingDate ?? x.grantDate, { locale }),
1422
1446
  body: x.description,
1423
1447
  url: x.url
1424
1448
  }))
@@ -1429,7 +1453,7 @@ function renderSection(section) {
1429
1453
  section.entries.map((x) => ({
1430
1454
  heading: x.role,
1431
1455
  sub: nonEmpty([x.organization, x.cause], " \xB7 "),
1432
- dates: dateRange(x.startDate, x.endDate, x.isCurrent),
1456
+ dates: dateRange(x.startDate, { end: x.endDate, isCurrent: x.isCurrent, locale }),
1433
1457
  body: x.description,
1434
1458
  url: x.url
1435
1459
  }))
@@ -1440,7 +1464,7 @@ function renderSection(section) {
1440
1464
  section.entries.map((x) => ({
1441
1465
  heading: x.role ?? x.organization,
1442
1466
  sub: x.role ? x.organization : void 0,
1443
- dates: dateRange(x.startDate, x.endDate, x.isCurrent),
1467
+ dates: dateRange(x.startDate, { end: x.endDate, isCurrent: x.isCurrent, locale }),
1444
1468
  body: x.description,
1445
1469
  url: x.url
1446
1470
  }))
@@ -1464,7 +1488,10 @@ function renderHeader2(cv) {
1464
1488
  }
1465
1489
  function renderCvHtml(cv) {
1466
1490
  const title = `${cv.header.displayName} \u2014 CV`;
1467
- const body = [renderHeader2(cv), ...cv.sections.map(renderSection)].join("\n");
1491
+ const body = [
1492
+ renderHeader2(cv),
1493
+ ...cv.sections.map((s) => renderSection(s, cv.resolvedLocale))
1494
+ ].join("\n");
1468
1495
  return `<!DOCTYPE html>
1469
1496
  <html lang="${escapeHtml(cv.resolvedLocale)}">
1470
1497
  <head>
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/error-envelope.ts","../src/public-app.ts","../src/html/build-html.ts","../src/html/html-helpers.ts","../src/locale-resolution.ts","../src/locale-prefix.ts","../src/index.ts","../src/admin/admin-api-app.ts","../src/admin/bearer.ts","../src/admin/origin.ts","../src/admin/admin-ui-app.ts","../src/admin/admin-html.ts","../src/admin/admin-asset-headers.ts","../src/admin/audit-logger.ts","../src/admin/cache-purger.ts","../src/html/site.ts","../src/html/cv-html.ts"],"sourcesContent":["import type { Context } from 'hono';\nimport type { ContentfulStatusCode } from 'hono/utils/http-status';\n\n/**\n * RFC 7807 problem type slugs used by takuhon. The 11 below are the\n * Spec-defined values (api.md §5.1); `methodNotAllowed` is added locally\n * for the 405 path that the Spec leaves unnamed.\n */\nexport const ERROR_SLUGS = {\n badRequest: 'bad-request',\n unauthorized: 'unauthorized',\n forbidden: 'forbidden',\n notFound: 'not-found',\n methodNotAllowed: 'method-not-allowed',\n conflict: 'conflict',\n payloadTooLarge: 'payload-too-large',\n unsupportedMediaType: 'unsupported-media-type',\n validationFailed: 'validation-failed',\n tooManyRequests: 'too-many-requests',\n internal: 'internal',\n serviceUnavailable: 'service-unavailable',\n} as const;\n\nexport type ErrorSlug = (typeof ERROR_SLUGS)[keyof typeof ERROR_SLUGS];\n\nconst TYPE_BASE = 'https://takuhon.org/errors';\n\nexport interface ProblemFieldError {\n path: string;\n message: string;\n}\n\nexport interface ProblemDetails {\n type: string;\n title: string;\n status: number;\n detail: string;\n instance: string;\n errors?: ProblemFieldError[];\n currentVersion?: string;\n}\n\nexport interface BuildProblemInput {\n slug: ErrorSlug;\n status: number;\n title: string;\n detail: string;\n instance: string;\n errors?: ProblemFieldError[];\n currentVersion?: string;\n}\n\nexport function buildProblem(input: BuildProblemInput): ProblemDetails {\n const out: ProblemDetails = {\n type: `${TYPE_BASE}/${input.slug}`,\n title: input.title,\n status: input.status,\n detail: input.detail,\n instance: input.instance,\n };\n if (input.errors !== undefined) out.errors = input.errors;\n if (input.currentVersion !== undefined) out.currentVersion = input.currentVersion;\n return out;\n}\n\nexport interface ProblemResponseInput {\n slug: ErrorSlug;\n status: ContentfulStatusCode;\n title: string;\n detail: string;\n errors?: ProblemFieldError[];\n currentVersion?: string;\n}\n\nexport function problemResponse(c: Context, input: ProblemResponseInput): Response {\n const body = buildProblem({\n slug: input.slug,\n status: input.status,\n title: input.title,\n detail: input.detail,\n instance: new URL(c.req.url).pathname,\n errors: input.errors,\n currentVersion: input.currentVersion,\n });\n return c.body(JSON.stringify(body), input.status, {\n 'content-type': 'application/problem+json; charset=utf-8',\n });\n}\n","import {\n NotFoundError,\n SCHEMA_VERSION,\n applyPublicPrivacyFilter,\n generateJsonLd,\n normalize,\n resolveLocale,\n schema,\n type ActivityStorage,\n type Takuhon,\n type TakuhonStorage,\n} from '@takuhon/core';\nimport { Hono } from 'hono';\n\nimport { ERROR_SLUGS, problemResponse } from './error-envelope.js';\nimport { renderProfileHtml } from './html/build-html.js';\nimport { localePrefixGetPath, pathLocaleFromUrl } from './locale-prefix.js';\nimport { resolveRequestLocales } from './locale-resolution.js';\n\nexport interface PublicAppDeps {\n storage: TakuhonStorage;\n /**\n * Returned when storage reports NotFoundError. Adapters that ship a\n * bundled example fixture (e.g. @takuhon/cloudflare) pass a thunk that\n * returns the validated document so initial-onboarding requests still\n * succeed before the first admin write.\n */\n fallback?: () => Takuhon;\n /**\n * Source of the synced developer-activity snapshot, exposed at\n * `GET /api/activity`. Optional, like the admin app's `assetStorage`:\n * deployments that don't sync activity leave it unset and the route\n * answers 404. The route also answers 404 while `settings.activity` is\n * not enabled in the profile, so disabling the feature stops serving a\n * previously synced snapshot immediately.\n */\n activityStorage?: ActivityStorage;\n /**\n * Path of the read-only MCP endpoint, advertised in\n * `/.well-known/takuhon.json` as `mcp`. Only set it on adapters that actually\n * serve MCP (e.g. @takuhon/cloudflare's `/mcp`); left unset, the discovery\n * document omits `mcp` so static / Vercel deployments don't point at an\n * endpoint they don't host.\n */\n mcpPath?: string;\n}\n\nconst FALLBACK_VERSION = 'bundled-fixture';\n\nconst PUBLIC_CSP = [\n \"default-src 'self'\",\n // `https:` lets the server-rendered profile page load remote avatar images\n // (the schema permits any https avatar URL, and `safeUrl` in the renderer\n // already blocks non-http(s) schemes); `data:` covers inline placeholders.\n \"img-src 'self' https: data:\",\n \"style-src 'self' 'unsafe-inline'\",\n \"script-src 'self'\",\n \"font-src 'self'\",\n \"connect-src 'self'\",\n \"frame-ancestors 'none'\",\n \"base-uri 'self'\",\n \"form-action 'self'\",\n 'upgrade-insecure-requests',\n].join('; ');\n\nasync function loadProfile(deps: PublicAppDeps): Promise<{ data: Takuhon; version: string }> {\n try {\n return await deps.storage.getProfile();\n } catch (e) {\n if (e instanceof NotFoundError && deps.fallback) {\n return { data: deps.fallback(), version: FALLBACK_VERSION };\n }\n throw e;\n }\n}\n\nexport function createPublicApp(deps: PublicAppDeps): Hono {\n // `getPath` strips a leading `/{locale}` prefix (e.g. `/ja/api/profile`\n // → `/api/profile`) so the flat routes below match locale-prefixed\n // URLs. The same function is applied on the adapter's top-level router,\n // because Hono's `route()` flattens this app's routes into the parent\n // and dispatches with the parent's `getPath` only — setting it here\n // alone would be honored for direct `app.fetch()` (tests) but not in\n // production. Handlers recover the locale token from the original URL\n // (`c.req.url`), which `getPath` does not mutate.\n const app = new Hono({ getPath: localePrefixGetPath });\n\n app.use('*', async (c, next) => {\n await next();\n const h = c.res.headers;\n h.set('strict-transport-security', 'max-age=63072000; includeSubDomains; preload');\n h.set('x-content-type-options', 'nosniff');\n h.set('x-frame-options', 'DENY');\n h.set('referrer-policy', 'strict-origin-when-cross-origin');\n h.set('permissions-policy', 'camera=(), microphone=(), geolocation=(), interest-cohort=()');\n h.set('content-security-policy', PUBLIC_CSP);\n // Every route on this app is unauthenticated, read-only, and already\n // privacy-filtered, so the responses are safe to expose to any origin. This\n // is what lets browsers and AI tools fetch the profile / JSON-LD / discovery\n // document cross-origin — the public API's \"read anywhere\" goal. No cookies\n // or credentials are involved, so `*` is correct and `Vary: Origin` is not\n // needed; preflights are answered by the OPTIONS handler below. The admin\n // app (createAdminApiApp) is a separate Hono instance and is unaffected.\n h.set('access-control-allow-origin', '*');\n h.set('access-control-expose-headers', 'ETag');\n });\n\n app.onError((err, c) => {\n // This 500 body is public — and cross-origin readable once CORS is enabled —\n // so it must not echo internal exception text (storage/render errors can\n // carry implementation detail). Log the real error server-side and return a\n // generic, non-revealing detail.\n console.error('Public app request failed:', err);\n return problemResponse(c, {\n slug: ERROR_SLUGS.internal,\n status: 500,\n title: 'Internal Error',\n detail: 'An unexpected error occurred while handling the request.',\n });\n });\n\n app.notFound((c) =>\n problemResponse(c, {\n slug: ERROR_SLUGS.notFound,\n status: 404,\n title: 'Not Found',\n detail: `No route matches ${new URL(c.req.url).pathname}.`,\n }),\n );\n\n // The public profile page. `getPath` has already stripped any `/{locale}`\n // prefix, so this single route serves `/` (default locale) and `/<locale>/`\n // alike; the locale token is recovered from the original URL. The same\n // load → normalize → resolveLocale → privacy-filter pipeline that backs\n // `/api/profile` feeds the pure `renderProfileHtml`, so the page a visitor —\n // and any crawler reading the embedded JSON-LD — sees matches the API and the\n // static `takuhon build` output exactly. Canonical / hreflang are derived\n // from this request's own origin, so they are correct without configuration.\n app.get('/', async (c) => {\n const { data, version } = await loadProfile(deps);\n const profile = normalize(data);\n const { locale, fallbackLocale } = resolveRequestLocales(\n c,\n profile.settings.availableLocales,\n pathLocaleFromUrl(c.req.url),\n );\n const localized = applyPublicPrivacyFilter(resolveLocale(profile, locale, fallbackLocale));\n\n const defaultLocale = profile.settings.defaultLocale;\n const locales = [...new Set([defaultLocale, ...profile.settings.availableLocales])];\n const current = localized.resolvedLocale;\n const origin = new URL(c.req.url).origin;\n const localePath = (l: string): string => (l === defaultLocale ? '/' : `/${l}/`);\n\n const snapshot =\n profile.settings.activity?.enabled === true && deps.activityStorage\n ? await deps.activityStorage.getActivitySnapshot()\n : null;\n\n const html = renderProfileHtml({\n localized,\n canonicalUrl: `${origin}${localePath(current)}`,\n alternates: [\n ...locales.map((l) => ({ hreflang: l, href: `${origin}${localePath(l)}` })),\n { hreflang: 'x-default', href: `${origin}${localePath(defaultLocale)}` },\n ],\n localeNav: locales.map((l) => ({ locale: l, href: localePath(l), current: l === current })),\n jsonLd: profile.settings.enableJsonLd !== false,\n activitySnapshot: snapshot ?? undefined,\n });\n\n c.header('etag', `\"${version}\"`);\n c.header('cache-control', 'public, max-age=300');\n c.header('vary', 'Accept-Language, Cookie');\n return c.html(html);\n });\n\n // Liveness probe. Intentionally storage-independent: it reports that the\n // worker itself is serving requests, not that the profile store is\n // reachable. A readiness probe that also checks storage can be added\n // later under a separate path if deployment platforms need it.\n app.get('/health', (c) => {\n c.header('cache-control', 'no-store');\n return c.json({ status: 'ok', schemaVersion: SCHEMA_VERSION });\n });\n\n app.get('/api/profile', async (c) => {\n const { data, version } = await loadProfile(deps);\n const { locale, fallbackLocale } = resolveRequestLocales(\n c,\n data.settings.availableLocales,\n pathLocaleFromUrl(c.req.url),\n );\n const localized = applyPublicPrivacyFilter(\n resolveLocale(normalize(data), locale, fallbackLocale),\n );\n const body = {\n data: localized,\n meta: {\n schemaVersion: localized.schemaVersion,\n locale: localized.resolvedLocale,\n updatedAt: localized.meta.updatedAt,\n },\n };\n c.header('etag', `\"${version}\"`);\n c.header('cache-control', 'private, max-age=300');\n c.header('vary', 'Accept-Language, Cookie');\n return c.json(body);\n });\n\n app.get('/api/schema', (c) => c.json(schema));\n\n // Public read of the synced developer-activity snapshot (design decision\n // §9-5: public, like /api/profile). The snapshot is already owner-derived\n // public metrics — no privacy filter applies — but the owner's opt-in is\n // re-checked on every read so disabling `settings.activity` takes effect\n // immediately, even while a stale snapshot is still stored. All three\n // unavailable states answer the same 404 problem.\n app.get('/api/activity', async (c) => {\n const unavailable = (): Response =>\n problemResponse(c, {\n slug: ERROR_SLUGS.notFound,\n status: 404,\n title: 'Not Found',\n detail: 'No activity snapshot is available.',\n });\n\n if (!deps.activityStorage) return unavailable();\n const { data } = await loadProfile(deps);\n if (data.settings.activity?.enabled !== true) return unavailable();\n const snapshot = await deps.activityStorage.getActivitySnapshot();\n if (snapshot === null) return unavailable();\n\n c.header('cache-control', 'public, max-age=300');\n return c.json(snapshot);\n });\n\n app.get('/api/jsonld', async (c) => {\n const { data, version } = await loadProfile(deps);\n const { locale, fallbackLocale } = resolveRequestLocales(\n c,\n data.settings.availableLocales,\n pathLocaleFromUrl(c.req.url),\n );\n const localized = applyPublicPrivacyFilter(\n resolveLocale(normalize(data), locale, fallbackLocale),\n );\n const ld = generateJsonLd(localized);\n c.header('etag', `\"${version}\"`);\n c.header('cache-control', 'private, max-age=300');\n c.header('vary', 'Accept-Language, Cookie');\n c.header('content-type', 'application/ld+json; charset=utf-8');\n return c.body(JSON.stringify(ld));\n });\n\n app.get('/takuhon.json', async (c) => {\n const { data, version } = await loadProfile(deps);\n const filtered = applyPublicPrivacyFilter(data);\n c.header('etag', `\"${version}\"`);\n c.header('cache-control', 'public, max-age=300');\n return c.json(filtered);\n });\n\n app.get('/.well-known/takuhon.json', (c) => {\n c.header('cache-control', 'public, max-age=3600');\n return c.json({\n schemaVersion: SCHEMA_VERSION,\n schemaUrl: '/api/schema',\n profile: '/api/profile',\n jsonld: '/api/jsonld',\n export: '/api/admin/export',\n canonical: '/takuhon.json',\n // Only advertised when the adapter serves MCP (see PublicAppDeps.mcpPath).\n ...(deps.mcpPath !== undefined ? { mcp: deps.mcpPath } : {}),\n });\n });\n\n // CORS preflight for cross-origin reads. The actual GET responses carry\n // `Access-Control-Allow-Origin` via the middleware above; this answers the\n // preflight a browser sends before a non-simple cross-origin request (a\n // simple GET needs no preflight). Without this, OPTIONS would fall through to\n // the 404 handler and the preflight would fail.\n app.options('*', (c) => {\n c.header('access-control-allow-methods', 'GET, HEAD, OPTIONS');\n c.header('access-control-allow-headers', c.req.header('access-control-request-headers') ?? '*');\n c.header('access-control-max-age', '86400');\n return c.body(null, 204);\n });\n\n app.on(['POST', 'PUT', 'PATCH', 'DELETE'], '*', (c) =>\n problemResponse(c, {\n slug: ERROR_SLUGS.methodNotAllowed,\n status: 405,\n title: 'Method Not Allowed',\n detail: `${c.req.method} ${new URL(c.req.url).pathname} is not supported on the public app.`,\n }),\n );\n\n return app;\n}\n","/**\n * Pure HTML rendering for `takuhon build`.\n *\n * {@link renderProfileHtml} turns one locale-resolved {@link LocalizedTakuhon}\n * into a complete, self-contained static HTML document: semantic markup for\n * every profile section, an inline stylesheet, optional Schema.org JSON-LD,\n * and the `<head>` metadata (`<title>`, description, canonical, hreflang\n * alternates) the caller supplies.\n *\n * This is a deliberately separate, simpler surface from the React\n * `@takuhon/ui` (which is delivered as CSS-Modules components needing a\n * bundler). It reuses only `@takuhon/core` and has no DOM/browser dependency,\n * so it renders in plain Node and is unit-testable as a pure string function.\n *\n * Security: every piece of profile-derived text is escaped before it reaches\n * the markup ({@link escapeHtml}), and the JSON-LD payload is `<`/`>`/`&`\n * unicode-escaped so it cannot break out of its `<script>` element.\n */\n\nimport { generateJsonLd, renderActivitySvg } from '@takuhon/core';\nimport type { ActivitySnapshot, LocalizedTakuhon } from '@takuhon/core';\n\nimport { dateRange, escapeHtml, nonEmpty, safeUrl } from './html-helpers.js';\n\n// Re-exported for existing importers (e.g. dev-command, tests) that pull\n// `escapeHtml` from this module; the implementation now lives in html-helpers.\nexport { escapeHtml } from './html-helpers.js';\n\ntype LocalizedProfile = LocalizedTakuhon['profile'];\n\n/** One entry in the human-facing locale switcher. */\nexport interface LocaleLink {\n locale: string;\n href: string;\n current: boolean;\n}\n\n/** One `<link rel=\"alternate\" hreflang>` entry. */\nexport interface Alternate {\n hreflang: string;\n href: string;\n}\n\nexport interface RenderInput {\n /** The locale-resolved document to render. */\n localized: LocalizedTakuhon;\n /** Absolute canonical URL for this page (only when `--base-url` was given). */\n canonicalUrl?: string;\n /** hreflang alternates (empty when no base URL is available). */\n alternates: readonly Alternate[];\n /** Human locale switcher links (rendered only when more than one locale). */\n localeNav: readonly LocaleLink[];\n /** Whether to emit Schema.org JSON-LD (mirrors `settings.enableJsonLd`). */\n jsonLd: boolean;\n /**\n * Synced developer-activity snapshot, rendered as a self-owned inline SVG\n * section. The caller gates it on `settings.activity.enabled`; an absent (or\n * metric-less) snapshot omits the section entirely.\n */\n activitySnapshot?: ActivitySnapshot;\n}\n\n/** Unicode-escape `<`, `>`, `&` so a JSON-LD payload cannot break out of `<script>`. */\nfunction escapeJsonLd(json: string): string {\n return json.replace(/</g, '\\\\u003c').replace(/>/g, '\\\\u003e').replace(/&/g, '\\\\u0026');\n}\n\nconst CSS = `:root{--fg:#1a1a1a;--muted:#666;--accent:#0b5fff;--line:#e5e5e5}\n*{box-sizing:border-box}\nbody{margin:0;color:var(--fg);font:16px/1.6 system-ui,-apple-system,\"Segoe UI\",Roboto,sans-serif;background:#fff}\nmain{max-width:42rem;margin:0 auto;padding:2rem 1.25rem}\na{color:var(--accent)}\nh1{font-size:1.9rem;margin:.2rem 0}\nh2{font-size:1.15rem;margin:2rem 0 .75rem;padding-bottom:.3rem;border-bottom:1px solid var(--line)}\nh3{font-size:1rem;margin:0}\nheader .avatar{width:96px;height:96px;border-radius:50%;object-fit:cover}\n.tagline{font-size:1.1rem;color:var(--muted);margin:.2rem 0}\n.location{color:var(--muted);margin:.2rem 0}\n.bio{margin:.75rem 0}\nul{padding:0;margin:0;list-style:none}\n.entries>li{margin:0 0 1.1rem}\n.sub{margin:.1rem 0;font-weight:600}\n.meta{margin:.1rem 0;color:var(--muted);font-size:.9rem}\n.links{display:flex;flex-wrap:wrap;gap:.5rem 1rem;margin:.75rem 0}\n.skills,.tags{display:flex;flex-wrap:wrap;gap:.4rem}\n.skills>li,.tags>li{background:#f2f2f2;border-radius:1rem;padding:.15rem .6rem;font-size:.85rem}\n.rec{margin:0 0 1.1rem}\n.rec blockquote{margin:0;padding-left:.9rem;border-left:3px solid var(--line)}\n.rec figcaption{color:var(--muted);font-size:.9rem;margin-top:.3rem}\nnav.locales{display:flex;gap:.75rem;margin-bottom:1rem;font-size:.9rem}\n.activity svg{max-width:100%;height:auto}\nfooter.powered{max-width:42rem;margin:0 auto;padding:1.5rem 1.25rem;color:var(--muted);font-size:.85rem}`;\n\ninterface EntryView {\n heading: string;\n sub?: string;\n dates?: string;\n body?: string;\n url?: string;\n tags?: readonly string[];\n}\n\nfunction renderEntry(entry: EntryView): string {\n const href = entry.url ? safeUrl(entry.url) : undefined;\n const heading = href\n ? `<a href=\"${escapeHtml(href)}\">${escapeHtml(entry.heading)}</a>`\n : escapeHtml(entry.heading);\n const parts = [`<h3>${heading}</h3>`];\n if (entry.sub) parts.push(`<p class=\"sub\">${escapeHtml(entry.sub)}</p>`);\n if (entry.dates) parts.push(`<p class=\"meta\">${escapeHtml(entry.dates)}</p>`);\n if (entry.body) parts.push(`<p>${escapeHtml(entry.body)}</p>`);\n if (entry.tags && entry.tags.length > 0) {\n parts.push(\n `<ul class=\"tags\">${entry.tags.map((t) => `<li>${escapeHtml(t)}</li>`).join('')}</ul>`,\n );\n }\n return `<li>${parts.join('')}</li>`;\n}\n\n/** Render a `<section>` of entries, or `''` when there are none. */\nfunction entryList(title: string, entries: readonly EntryView[]): string {\n if (entries.length === 0) return '';\n return `<section><h2>${escapeHtml(title)}</h2><ul class=\"entries\">${entries\n .map(renderEntry)\n .join('')}</ul></section>`;\n}\n\nfunction renderHeader(p: LocalizedProfile): string {\n const parts: string[] = [];\n const avatarSrc = p.avatar?.url ? safeUrl(p.avatar.url) : undefined;\n if (avatarSrc) {\n parts.push(\n `<img class=\"avatar\" src=\"${escapeHtml(avatarSrc)}\" alt=\"${escapeHtml(p.avatar?.alt ?? '')}\">`,\n );\n }\n parts.push(`<h1>${escapeHtml(p.displayName)}</h1>`);\n if (p.tagline) parts.push(`<p class=\"tagline\">${escapeHtml(p.tagline)}</p>`);\n if (p.location?.display) parts.push(`<p class=\"location\">${escapeHtml(p.location.display)}</p>`);\n if (p.bio) parts.push(`<p class=\"bio\">${escapeHtml(p.bio)}</p>`);\n return `<header>${parts.join('')}</header>`;\n}\n\nfunction renderLinks(links: LocalizedTakuhon['links']): string {\n if (links.length === 0) return '';\n const items = links\n .map((l) => {\n const text = escapeHtml(l.label ?? l.url);\n const href = safeUrl(l.url);\n return href ? `<li><a href=\"${escapeHtml(href)}\">${text}</a></li>` : `<li>${text}</li>`;\n })\n .join('');\n return `<nav aria-label=\"Links\"><ul class=\"links\">${items}</ul></nav>`;\n}\n\nfunction renderSkills(skills: LocalizedTakuhon['skills']): string {\n if (skills.length === 0) return '';\n const items = skills.map((s) => `<li>${escapeHtml(s.label)}</li>`).join('');\n return `<section><h2>Skills</h2><ul class=\"skills\">${items}</ul></section>`;\n}\n\nfunction renderLanguages(languages: LocalizedTakuhon['languages']): string {\n if (languages.length === 0) return '';\n const items = languages\n .map((l) => `<li>${escapeHtml(`${l.displayName ?? l.language} — ${l.proficiency}`)}</li>`)\n .join('');\n return `<section><h2>Languages</h2><ul class=\"entries\">${items}</ul></section>`;\n}\n\nfunction renderRecommendations(recs: LocalizedTakuhon['recommendations']): string {\n if (recs.length === 0) return '';\n const items = recs\n .map((r) => {\n const authorHref = r.author.url ? safeUrl(r.author.url) : undefined;\n const name = authorHref\n ? `<a href=\"${escapeHtml(authorHref)}\">${escapeHtml(r.author.name)}</a>`\n : escapeHtml(r.author.name);\n const caption = [name, r.author.headline ? escapeHtml(r.author.headline) : '']\n .filter(Boolean)\n .join(', ');\n const rel = r.relationship ? ` (${escapeHtml(r.relationship)})` : '';\n return `<figure class=\"rec\"><blockquote>${escapeHtml(r.body)}</blockquote><figcaption>— ${caption}${rel}</figcaption></figure>`;\n })\n .join('');\n return `<section><h2>Recommendations</h2>${items}</section>`;\n}\n\nfunction renderContact(contact: LocalizedTakuhon['contact']): string {\n const items: string[] = [];\n if (contact.email) {\n items.push(\n `<li><a href=\"mailto:${escapeHtml(contact.email)}\">${escapeHtml(contact.email)}</a></li>`,\n );\n }\n const formHref = contact.formUrl ? safeUrl(contact.formUrl) : undefined;\n if (formHref) {\n items.push(`<li><a href=\"${escapeHtml(formHref)}\">Contact form</a></li>`);\n }\n if (items.length === 0) return '';\n return `<section><h2>Contact</h2><ul class=\"entries\">${items.join('')}</ul></section>`;\n}\n\n/**\n * Render the developer-activity section from the synced snapshot, or `''`\n * when there is none (or it carries no metric data). The SVG is generated by\n * `@takuhon/core` from stored numbers only — no external badge image — so the\n * page works under an `img-src 'self'` CSP.\n */\nfunction renderActivity(snapshot: ActivitySnapshot | undefined): string {\n if (!snapshot) return '';\n const svg = renderActivitySvg(snapshot);\n if (svg === '') return '';\n return `<section class=\"activity\"><h2>Activity</h2>${svg}</section>`;\n}\n\nfunction renderJsonLdScript(data: LocalizedTakuhon): string {\n const payload = JSON.stringify(generateJsonLd(data));\n return `<script type=\"application/ld+json\">${escapeJsonLd(payload)}</script>`;\n}\n\nfunction renderLocaleNav(localeNav: readonly LocaleLink[]): string {\n const items = localeNav\n .map((l) =>\n l.current\n ? `<span aria-current=\"true\">${escapeHtml(l.locale)}</span>`\n : `<a href=\"${escapeHtml(l.href)}\">${escapeHtml(l.locale)}</a>`,\n )\n .join('');\n return `<nav class=\"locales\" aria-label=\"Language\">${items}</nav>`;\n}\n\n/** Render a complete static HTML document for one locale-resolved profile. */\nexport function renderProfileHtml(input: RenderInput): string {\n const d = input.localized;\n const p = d.profile;\n const description = p.tagline ?? p.bio ?? '';\n\n const head = [\n '<meta charset=\"utf-8\">',\n '<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">',\n `<title>${escapeHtml(p.displayName)}</title>`,\n description\n ? `<meta name=\"description\" content=\"${escapeHtml(description.slice(0, 300))}\">`\n : '',\n input.canonicalUrl ? `<link rel=\"canonical\" href=\"${escapeHtml(input.canonicalUrl)}\">` : '',\n ...input.alternates.map(\n (a) =>\n `<link rel=\"alternate\" hreflang=\"${escapeHtml(a.hreflang)}\" href=\"${escapeHtml(a.href)}\">`,\n ),\n input.jsonLd ? renderJsonLdScript(d) : '',\n `<style>${CSS}</style>`,\n ]\n .filter(Boolean)\n .join('\\n ');\n\n const body = [\n input.localeNav.length > 1 ? renderLocaleNav(input.localeNav) : '',\n renderHeader(p),\n renderLinks(d.links),\n entryList(\n 'Experience',\n d.careers.map((c) => ({\n heading: c.role,\n sub: c.organization,\n dates: dateRange(c.startDate, c.endDate, c.isCurrent),\n body: c.description,\n url: c.url,\n })),\n ),\n entryList(\n 'Projects',\n d.projects.map((x) => ({\n heading: x.title,\n dates: dateRange(x.startDate, x.endDate),\n body: x.description,\n url: x.url,\n tags: x.tags,\n })),\n ),\n renderSkills(d.skills),\n renderActivity(input.activitySnapshot),\n entryList(\n 'Education',\n d.education.map((e) => {\n const degree = nonEmpty([e.degree, e.fieldOfStudy], ', ');\n return {\n heading: degree ?? e.institution,\n sub: degree ? e.institution : undefined,\n dates: dateRange(e.startDate, e.endDate, e.isCurrent),\n body: e.description,\n url: e.url,\n };\n }),\n ),\n entryList(\n 'Certifications',\n d.certifications.map((c) => ({\n heading: c.title,\n sub: c.issuingOrganization,\n dates: dateRange(c.issueDate, c.expirationDate),\n url: c.url,\n })),\n ),\n entryList(\n 'Publications',\n d.publications.map((x) => ({\n heading: x.title,\n sub: nonEmpty([x.publisher, x.coAuthors?.join(', ')], ' · '),\n dates: dateRange(x.date),\n body: x.description,\n url: x.url ?? (x.doi ? `https://doi.org/${x.doi}` : undefined),\n })),\n ),\n entryList(\n 'Honors & awards',\n d.honors.map((x) => ({\n heading: x.title,\n sub: x.issuer,\n dates: dateRange(x.date),\n body: x.description,\n url: x.url,\n })),\n ),\n entryList(\n 'Memberships',\n d.memberships.map((x) => ({\n heading: x.role ?? x.organization,\n sub: x.role ? x.organization : undefined,\n dates: dateRange(x.startDate, x.endDate, x.isCurrent),\n body: x.description,\n url: x.url,\n })),\n ),\n entryList(\n 'Volunteering',\n d.volunteering.map((x) => ({\n heading: x.role,\n sub: nonEmpty([x.organization, x.cause], ' · '),\n dates: dateRange(x.startDate, x.endDate, x.isCurrent),\n body: x.description,\n url: x.url,\n })),\n ),\n entryList(\n 'Courses',\n d.courses.map((x) => ({\n heading: x.title,\n sub: x.provider,\n dates: dateRange(x.completionDate),\n body: x.description,\n url: x.certificateUrl,\n })),\n ),\n entryList(\n 'Patents',\n d.patents.map((x) => ({\n heading: x.title,\n sub: nonEmpty([x.patentNumber, x.office, x.status, x.coInventors?.join(', ')], ' · '),\n dates: dateRange(x.filingDate ?? x.grantDate),\n body: x.description,\n url: x.url,\n })),\n ),\n entryList(\n 'Test scores',\n d.testScores.map((x) => ({\n heading: `${x.title}: ${x.score}`,\n dates: dateRange(x.date),\n body: x.description,\n url: x.url,\n })),\n ),\n renderLanguages(d.languages),\n renderRecommendations(d.recommendations),\n renderContact(d.contact),\n ]\n .filter(Boolean)\n .join('\\n');\n\n const footer =\n d.settings.showPoweredBy === true ? '<footer class=\"powered\">Powered by takuhon</footer>' : '';\n\n return (\n `<!DOCTYPE html>\\n<html lang=\"${escapeHtml(d.resolvedLocale)}\">\\n<head>\\n ${head}\\n</head>\\n` +\n `<body>\\n<main>\\n${body}\\n</main>\\n${footer ? `${footer}\\n` : ''}</body>\\n</html>\\n`\n );\n}\n","/**\n * Pure HTML helpers shared by the static-site renderer ({@link\n * import('./build-html.js')}) and the CV renderer ({@link\n * import('./cv-html.js')}). All are string-in / string-out with no I/O, so they\n * stay unit-testable and keep both renderers' escaping behavior identical.\n */\n\n/** Escape text for use in HTML element content or double/single-quoted attributes. */\nexport function escapeHtml(value: string): string {\n return value\n .replace(/&/g, '&amp;')\n .replace(/</g, '&lt;')\n .replace(/>/g, '&gt;')\n .replace(/\"/g, '&quot;')\n .replace(/'/g, '&#39;');\n}\n\n/**\n * Return `url` only when its scheme is safe to place in an `href`/`src`, else\n * `undefined`. Relative, protocol-relative, fragment, and query URLs (no\n * scheme) are allowed; among absolute URLs only `http:`, `https:`, and\n * `mailto:` are. This blocks `javascript:`, `data:`, `vbscript:`, etc. — the\n * schema validates only a generic URI, so a hostile document could otherwise\n * smuggle an executable scheme into the generated page.\n */\nexport function safeUrl(url: string): string | undefined {\n const trimmed = url.trim();\n const scheme = /^([a-zA-Z][a-zA-Z0-9+.-]*):/.exec(trimmed)?.[1]?.toLowerCase();\n if (scheme === undefined) return trimmed; // relative / protocol-relative / fragment\n return scheme === 'http' || scheme === 'https' || scheme === 'mailto' ? trimmed : undefined;\n}\n\n/** Format a YearMonth range; `null` end or `isCurrent` renders as \"Present\". */\nexport function dateRange(start?: string, end?: string | null, isCurrent?: boolean): string {\n const left = start ?? '';\n const right = isCurrent === true || end === null ? 'Present' : (end ?? '');\n if (left && right) return `${left} – ${right}`;\n return left || right;\n}\n\n/** Join the non-empty values with `separator`, or `undefined` when none remain. */\nexport function nonEmpty(\n values: readonly (string | undefined)[],\n separator: string,\n): string | undefined {\n const joined = values\n .filter((v): v is string => typeof v === 'string' && v.length > 0)\n .join(separator);\n return joined.length > 0 ? joined : undefined;\n}\n","/**\n * HTTP-layer locale resolution for the public app.\n *\n * Reads request-side locale candidates in this priority order:\n *\n * 1. `?lang=` query parameter\n * 2. URL path prefix (e.g. `/ja/`), passed in as `pathLocale`\n * 3. `takuhon_locale` cookie\n * 4. `Accept-Language` request header (q-value ordered)\n *\n * The URL-path candidate is extracted structurally by\n * `locale-prefix.ts` (`stripLocalePrefix` / `pathLocaleFromUrl`) and\n * handed to {@link resolveRequestLocales} as `pathLocale`; this module\n * does not parse the path itself. Settings-tier fallbacks\n * (`settings.defaultLocale`, `settings.fallbackLocale`,\n * `settings.availableLocales[0]`) are resolved inside `@takuhon/core`'s\n * `resolveLocale` and do not appear here.\n *\n * `resolveLocale` only exposes two caller slots (`locale`,\n * `fallbackLocale`). To avoid wasting them on tags the document can't\n * serve, candidates are filtered against `availableLocales` (case-\n * insensitive on the full tag or its primary subtag) and the matched\n * available locale token is substituted before forwarding, so a\n * primary-subtag match like `en` → `en-US` does not silently fall\n * through to the settings tier. Filtered candidates beyond the second\n * fall through to `resolveLocale`'s own settings-tier candidates, not\n * in request order — an acceptable loss given the contract.\n */\nimport type { Context } from 'hono';\nimport { getCookie } from 'hono/cookie';\n\nconst BCP47 = /^[a-zA-Z]{2,3}(-[a-zA-Z0-9]+)*$/;\n\n// DoS guards. The header parser is exposed to untrusted client input,\n// so the byte budget and entry count are bounded before any per-token\n// work. Numbers are conservative defaults, not spec-derived.\nconst ACCEPT_LANG_MAX = 2048;\nconst ACCEPT_LANG_MAX_ENTRIES = 16;\nconst COOKIE_VALUE_MAX = 64;\n\nexport function isValidBcp47(tag: string): boolean {\n return BCP47.test(tag);\n}\n\ninterface AcceptLangEntry {\n readonly tag: string;\n readonly q: number;\n}\n\n/**\n * Parse an `Accept-Language` header into BCP-47 tags ordered by q\n * descending. Invalid or zero-quality entries and `*` wildcards are\n * dropped. Input larger than {@link ACCEPT_LANG_MAX} bytes or with more\n * than {@link ACCEPT_LANG_MAX_ENTRIES} comma-separated parts is\n * truncated before parsing.\n */\nexport function parseAcceptLanguage(header: string | null | undefined): string[] {\n if (!header) return [];\n const trimmed = header.length > ACCEPT_LANG_MAX ? header.slice(0, ACCEPT_LANG_MAX) : header;\n const parts = trimmed.split(',').slice(0, ACCEPT_LANG_MAX_ENTRIES);\n\n const entries: AcceptLangEntry[] = [];\n for (const rawPart of parts) {\n const segments = rawPart.split(';');\n const tagSegment = segments[0];\n if (tagSegment === undefined) continue;\n const tag = tagSegment.trim();\n if (tag === '' || tag === '*') continue;\n if (!isValidBcp47(tag)) continue;\n\n let q = 1;\n for (let i = 1; i < segments.length; i++) {\n const segment = segments[i];\n if (segment === undefined) continue;\n const match = /^\\s*q\\s*=\\s*([0-9.]+)\\s*$/i.exec(segment);\n if (!match) continue;\n const parsed = Number.parseFloat(match[1] ?? '');\n if (Number.isNaN(parsed)) {\n q = 1;\n } else if (parsed < 0 || parsed > 1) {\n // RFC 7231 §5.3.1 says values MUST be in [0, 1]; treat\n // out-of-range as missing (q=1) rather than dropping.\n q = 1;\n } else {\n q = parsed;\n }\n break;\n }\n if (q === 0) continue;\n\n entries.push({ tag, q });\n }\n\n // Stable sort: Array.prototype.sort is stable in ES2019+.\n entries.sort((a, b) => b.q - a.q);\n return entries.map((e) => e.tag);\n}\n\nfunction primarySubtag(tag: string): string {\n const dash = tag.indexOf('-');\n return (dash === -1 ? tag : tag.slice(0, dash)).toLowerCase();\n}\n\nfunction matchAvailable(tag: string, available: readonly string[]): string | undefined {\n const tagLower = tag.toLowerCase();\n const tagPrimary = primarySubtag(tag);\n // Prefer exact (case-insensitive) match over primary-subtag match so a\n // request that names a region explicitly wins over a region-stripped\n // alternative.\n for (const a of available) {\n if (a.toLowerCase() === tagLower) return a;\n }\n for (const a of available) {\n if (primarySubtag(a) === tagPrimary) return a;\n }\n return undefined;\n}\n\n/**\n * Resolve HTTP-layer locale candidates from the request — query, URL\n * path prefix, cookie, and `Accept-Language` in that priority order.\n * Returns the top two candidates that survive validation and the\n * `availableLocales` filter, after substituting the matched available\n * token so primary-subtag matches resolve correctly downstream.\n *\n * @param pathLocale The locale token extracted from a `/{locale}` path\n * prefix by `pathLocaleFromUrl`, or `undefined` when the request has\n * no path prefix. Inserted at priority #2 (after query, before\n * cookie).\n */\nexport function resolveRequestLocales(\n c: Context,\n available: readonly string[],\n pathLocale?: string,\n): { locale?: string; fallbackLocale?: string } {\n const raw: string[] = [];\n\n const query = c.req.query('lang');\n if (query !== undefined && isValidBcp47(query)) {\n raw.push(query);\n }\n\n if (pathLocale !== undefined && isValidBcp47(pathLocale)) {\n raw.push(pathLocale);\n }\n\n const cookie = getCookie(c, 'takuhon_locale');\n if (cookie !== undefined && cookie.length <= COOKIE_VALUE_MAX && isValidBcp47(cookie)) {\n raw.push(cookie);\n }\n\n const accept = c.req.header('accept-language');\n if (accept !== undefined) {\n raw.push(...parseAcceptLanguage(accept));\n }\n\n const seen = new Set<string>();\n const filtered: string[] = [];\n for (const tag of raw) {\n const matched = matchAvailable(tag, available);\n if (matched === undefined) continue;\n const key = matched.toLowerCase();\n if (seen.has(key)) continue;\n seen.add(key);\n filtered.push(matched);\n if (filtered.length === 2) break;\n }\n\n const out: { locale?: string; fallbackLocale?: string } = {};\n if (filtered[0] !== undefined) out.locale = filtered[0];\n if (filtered[1] !== undefined) out.fallbackLocale = filtered[1];\n return out;\n}\n","/**\n * URL-path locale prefix handling for the public app.\n *\n * Implements locale resolution priority #2: a leading `/{locale}` path\n * segment, e.g. `/ja/api/profile`, ranked after the `?lang=` query (#1)\n * and before the `takuhon_locale` cookie (#3). This module is responsible\n * only for the *structural* concern — detecting and stripping the prefix\n * so the existing flat routes match — while the locale *value* it\n * extracts is fed into {@link resolveRequestLocales} at slot #2 by the\n * route handlers.\n *\n * The prefix is honored via Hono's `getPath` option rather than parametric\n * routes: {@link localePrefixGetPath} rewrites the match path so a request\n * to `/ja/api/profile` is routed to the `/api/profile` handler. Hono's\n * `route()` flattens a sub-app's routes into the parent and dispatches with\n * the *parent* router's `getPath` only, so the same function is applied on\n * both the standalone public app (for direct tests) and the adapter's\n * top-level router (production). The original request URL is untouched, so\n * handlers recover the locale token from `c.req.url`.\n */\nimport { isValidBcp47 } from './locale-resolution.js';\n\n/**\n * Remainder paths that may legitimately follow a `/{locale}` segment.\n *\n * This allowlist — NOT the BCP-47 shape check — is the load-bearing safety\n * mechanism. It keeps locale-agnostic paths (`/health`, `/api/schema`,\n * `/.well-known/*`, `/takuhon.json`) and admin paths (`/api/admin/*`,\n * `/admin/*`) from being misread as a locale prefix. Note that `api`\n * itself satisfies the BCP-47 primary-subtag shape (`[a-z]{2,3}`), so a\n * shape check alone would treat `/api/schema` as locale `api` + `/schema`;\n * the remainder allowlist is what prevents that.\n *\n * Keep this in sync with the locale-aware routes in `public-app.ts`.\n */\nexport const LOCALE_AWARE_REMAINDERS = ['/', '/api/profile', '/api/jsonld'] as const;\n\n/**\n * First-path segments that are reserved namespaces and must never be read\n * as a locale, even though they satisfy the BCP-47 shape. Without this,\n * a bare `/api` (segment `api` is a valid 2–3 letter primary subtag,\n * remainder defaults to the landing `/`) would alias the landing page\n * instead of 404ing. Other reserved roots (`admin`, `health`,\n * `takuhon.json`, `.well-known`) fail the BCP-47 shape check and need no\n * entry here; `api` is the only collision.\n */\nconst RESERVED_FIRST_SEGMENTS = new Set(['api']);\n\nfunction getPathname(url: string): string {\n return new URL(url).pathname;\n}\n\n/**\n * Split a leading `/{locale}` segment from `pathname` when — and only\n * when — the segment is BCP-47-shaped and the remainder is a locale-aware\n * route ({@link LOCALE_AWARE_REMAINDERS}).\n *\n * - `/ja/api/profile` → `{ locale: 'ja', path: '/api/profile' }`\n * - `/api/profile` → `{ path: '/api/profile' }` (remainder `/profile` not locale-aware)\n * - `/api/schema` → `{ path: '/api/schema' }` (the `api`-collision guard)\n * - `/ja/api/admin` → `{ path: '/ja/api/admin' }` (remainder `/api/admin` not locale-aware → 404, admin isolated)\n * - `/ja` and `/ja/` → `{ locale: 'ja', path: '/' }` (trailing slash normalized to landing)\n *\n * The returned `locale` is the raw path token; it is not matched against\n * `availableLocales` here (that happens downstream in\n * {@link resolveRequestLocales}), so an unknown-but-shaped prefix like\n * `/fr/` on an en/ja document strips structurally and then falls through\n * to the next resolution tier, mirroring `?lang=fr` semantics.\n */\nexport function stripLocalePrefix(pathname: string): { locale?: string; path: string } {\n // Match a leading single segment: `/seg` or `/seg/rest...`.\n const match = /^\\/([^/]+)(\\/.*)?$/.exec(pathname);\n if (match === null) return { path: pathname };\n\n const seg = match[1];\n if (seg === undefined || !isValidBcp47(seg)) return { path: pathname };\n\n // Reserved namespace segments (e.g. `api`) pass the BCP-47 shape but are\n // not locales; leave them for the route table (so `/api` 404s as before).\n if (RESERVED_FIRST_SEGMENTS.has(seg.toLowerCase())) return { path: pathname };\n\n // Normalize a bare `/ja` (no trailing content) to the landing remainder.\n const remainder = match[2] ?? '/';\n if (!(LOCALE_AWARE_REMAINDERS as readonly string[]).includes(remainder)) {\n return { path: pathname };\n }\n\n return { locale: seg, path: remainder };\n}\n\n/**\n * Hono `getPath` implementation: returns the locale-stripped path used for\n * route matching. Apply on every Hono router that dispatches the public\n * routes (the standalone public app and the adapter's top-level router).\n */\nexport function localePrefixGetPath(req: Request): string {\n return stripLocalePrefix(getPathname(req.url)).path;\n}\n\n/**\n * Extract the locale token from a request URL's path prefix, or `undefined`\n * when there is none. Used by route handlers to feed priority #2 into\n * {@link resolveRequestLocales}. Reads the original URL, which `getPath`\n * does not mutate.\n */\nexport function pathLocaleFromUrl(url: string): string | undefined {\n return stripLocalePrefix(getPathname(url)).locale;\n}\n","/**\n * @takuhon/api — Hono-based HTTP handlers and response builders for takuhon.\n *\n * Phase 3.3 introduced the public-app factory and the RFC 7807 envelope\n * helpers. Phase 3.4 adds the admin app factories (PUT/DELETE profile and\n * the inline `/admin` HTML editor) plus the `CachePurger` / `AuditLogger`\n * dependency-injection interfaces that adapters bind to a runtime.\n */\n\nexport {\n ERROR_SLUGS,\n buildProblem,\n problemResponse,\n type ErrorSlug,\n type ProblemDetails,\n type ProblemFieldError,\n type BuildProblemInput,\n type ProblemResponseInput,\n} from './error-envelope.js';\nexport { createPublicApp, type PublicAppDeps } from './public-app.js';\n// Re-exported from @takuhon/core (it is a pure transform over core types and\n// now lives there); kept here for backwards compatibility.\nexport { applyPublicPrivacyFilter } from '@takuhon/core';\nexport {\n LOCALE_AWARE_REMAINDERS,\n localePrefixGetPath,\n pathLocaleFromUrl,\n stripLocalePrefix,\n} from './locale-prefix.js';\n\nexport { createAdminApiApp, type AdminApiAppDeps } from './admin/admin-api-app.js';\nexport { createAdminUiApp } from './admin/admin-ui-app.js';\nexport { adminAssetSecurityHeaders } from './admin/admin-asset-headers.js';\nexport {\n noopAuditLogger,\n type AuditEvent,\n type AuditEventType,\n type AuditLogger,\n} from './admin/audit-logger.js';\nexport { noopCachePurger, type CachePurger } from './admin/cache-purger.js';\n\n// Pure, core-only static HTML rendering. `renderProfileHtml` powers both the\n// server-rendered public profile page (the `GET /` route below) and the static\n// pages emitted by `@takuhon/cli`'s `build`/`dev`; keeping it here lets every\n// adapter serve the same markup the CLI writes to disk.\nexport {\n renderProfileHtml,\n escapeHtml,\n type RenderInput,\n type Alternate,\n type LocaleLink,\n} from './html/build-html.js';\nexport { generateSite, type SitePage, type GenerateOptions } from './html/site.js';\nexport { renderCvHtml } from './html/cv-html.js';\n","import {\n ConflictError,\n detectImageMime,\n exportTakuhon,\n MAX_IMAGE_BYTES,\n MAX_IMAGE_DIMENSION,\n MAX_IMAGE_FRAMES,\n NotFoundError,\n normalize,\n readImageInfo,\n stripImageMetadata,\n validate,\n type Takuhon,\n type TakuhonAssetStorage,\n type TakuhonStorage,\n type ValidationError,\n} from '@takuhon/core';\nimport { Hono } from 'hono';\n\nimport { ERROR_SLUGS, problemResponse, type ProblemFieldError } from '../error-envelope.js';\n\nimport type { AuditLogger } from './audit-logger.js';\nimport { bearerMiddleware, getActorTokenHash } from './bearer.js';\nimport type { CachePurger } from './cache-purger.js';\nimport { originMiddleware } from './origin.js';\n\n/**\n * Defense-in-depth CSP for JSON-only responses. Nothing renders here, so\n * `'none'` everywhere is the strongest stance the spec leaves room for.\n */\nconst ADMIN_API_CSP = [\"default-src 'none'\", \"frame-ancestors 'none'\", \"base-uri 'none'\"].join(\n '; ',\n);\n\nexport interface AdminApiAppDeps {\n storage: TakuhonStorage;\n /**\n * Binary-asset store for uploaded images. Optional: when omitted (e.g. a\n * static export or a deployment without R2), `POST /assets` is not registered\n * and resolves to 404, so avatars stay URL-only.\n */\n assetStorage?: TakuhonAssetStorage;\n /** Returns the configured admin token, or undefined if no secret is set. */\n getAdminToken: () => string | undefined;\n /** Allowlist of origins permitted for browser-originating admin requests. */\n getAdminOrigins: () => string[];\n cachePurger: CachePurger;\n auditLogger: AuditLogger;\n}\n\n/**\n * Map a core `ValidationError` to the RFC 7807 field-error shape. The leading\n * `#` produces a JSON Schema-style fragment reference (`#/profile/...`) that\n * matches the example in `api.md §5`.\n */\nfunction toFieldError(e: ValidationError): ProblemFieldError {\n return { path: `#${e.pointer}`, message: e.message };\n}\n\n/**\n * Normalize an `If-Match` header value to the bare version token.\n *\n * Strips the optional `W/` weak-validator prefix before the RFC 7232\n * double-quote delimiters. Compressing CDNs (e.g. Cloudflare serving gzip/br)\n * downgrade the strong ETag we emit to a weak one (`W/\"<version>\"`), and a\n * browser echoes that weakened value straight back as `If-Match`. Without\n * stripping the prefix the comparison against the stored version never matches,\n * so every optimistic-locking save behind such a CDN fails with 409. The\n * weak/strong distinction is meaningless for our opaque version tokens, so\n * collapsing both forms to the raw value is the correct comparison.\n */\nfunction stripETag(raw: string): string {\n let trimmed = raw.trim();\n if (trimmed.startsWith('W/')) {\n trimmed = trimmed.slice(2).trim();\n }\n if (trimmed.startsWith('\"') && trimmed.endsWith('\"') && trimmed.length >= 2) {\n return trimmed.slice(1, -1);\n }\n return trimmed;\n}\n\n/**\n * Hono factory for `/api/admin/profile`. Mounted by adapters at `/api/admin`\n * (so the sub-app sees `/profile` as the route path).\n */\nexport function createAdminApiApp(deps: AdminApiAppDeps): Hono {\n const app = new Hono();\n\n app.use('*', async (c, next) => {\n await next();\n const h = c.res.headers;\n h.set('strict-transport-security', 'max-age=63072000; includeSubDomains; preload');\n h.set('x-content-type-options', 'nosniff');\n h.set('x-frame-options', 'DENY');\n h.set('referrer-policy', 'strict-origin-when-cross-origin');\n h.set('permissions-policy', 'camera=(), microphone=(), geolocation=(), interest-cohort=()');\n h.set('content-security-policy', ADMIN_API_CSP);\n h.set('cache-control', 'private, no-store');\n });\n\n app.use('*', originMiddleware({ getAdminOrigins: deps.getAdminOrigins }));\n app.use(\n '*',\n bearerMiddleware({ getAdminToken: deps.getAdminToken, auditLogger: deps.auditLogger }),\n );\n\n app.onError((err, c) =>\n problemResponse(c, {\n slug: ERROR_SLUGS.internal,\n status: 500,\n title: 'Internal Error',\n detail: err instanceof Error ? err.message : 'Unknown failure',\n }),\n );\n\n app.notFound((c) =>\n problemResponse(c, {\n slug: ERROR_SLUGS.notFound,\n status: 404,\n title: 'Not Found',\n detail: `No admin route matches ${new URL(c.req.url).pathname}.`,\n }),\n );\n\n app.put('/profile', async (c) => {\n const contentType = c.req.header('content-type') ?? '';\n if (!contentType.toLowerCase().startsWith('application/json')) {\n return problemResponse(c, {\n slug: ERROR_SLUGS.unsupportedMediaType,\n status: 415,\n title: 'Unsupported Media Type',\n detail: `Content-Type must be application/json (got \"${contentType}\").`,\n });\n }\n\n let parsed: unknown;\n try {\n parsed = await c.req.json();\n } catch {\n return problemResponse(c, {\n slug: ERROR_SLUGS.badRequest,\n status: 400,\n title: 'Bad Request',\n detail: 'Request body is not valid JSON.',\n });\n }\n\n const result = validate(parsed);\n if (!result.ok) {\n return problemResponse(c, {\n slug: ERROR_SLUGS.validationFailed,\n status: 422,\n title: 'Validation Failed',\n detail: `Schema validation failed (${String(result.errors.length)} error(s)).`,\n errors: result.errors.map(toFieldError),\n });\n }\n\n const data: Takuhon = result.data;\n const ifMatchRaw = c.req.header('if-match');\n const ifMatch = ifMatchRaw !== undefined ? stripETag(ifMatchRaw) : undefined;\n\n let saved: { version: string };\n try {\n saved = await deps.storage.saveProfile(data, ifMatch);\n } catch (e) {\n if (e instanceof ConflictError) {\n return problemResponse(c, {\n slug: ERROR_SLUGS.conflict,\n status: 409,\n title: 'Conflict',\n detail: 'Stored profile version does not match If-Match.',\n currentVersion: e.currentVersion,\n });\n }\n throw e;\n }\n\n await deps.cachePurger.profileUpdated();\n\n const updatedAt = new Date().toISOString();\n const tokenHash = await getActorTokenHash(c);\n deps.auditLogger({\n type: 'admin.profile.update',\n timestamp: updatedAt,\n actor: { tokenHash },\n request: {\n method: 'PUT',\n path: new URL(c.req.url).pathname,\n ip: c.req.header('cf-connecting-ip'),\n },\n result: { status: 200, version: saved.version },\n });\n\n return c.json({\n data: normalize(data),\n meta: {\n schemaVersion: data.schemaVersion,\n version: saved.version,\n updatedAt,\n },\n });\n });\n\n app.delete('/profile', async (c) => {\n await deps.storage.deleteProfile();\n await deps.cachePurger.profileDeleted();\n\n const tokenHash = await getActorTokenHash(c);\n deps.auditLogger({\n type: 'admin.profile.delete',\n timestamp: new Date().toISOString(),\n actor: { tokenHash },\n request: {\n method: 'DELETE',\n path: new URL(c.req.url).pathname,\n ip: c.req.header('cf-connecting-ip'),\n },\n result: { status: 204 },\n });\n\n return c.body(null, 204);\n });\n\n app.get('/export', async (c) => {\n let stored: { data: Takuhon; version: string };\n try {\n stored = await deps.storage.getProfile();\n } catch (e) {\n if (e instanceof NotFoundError) {\n return problemResponse(c, {\n slug: ERROR_SLUGS.notFound,\n status: 404,\n title: 'Not Found',\n detail: 'No profile has been saved yet; there is nothing to export.',\n });\n }\n throw e;\n }\n\n // Token holders receive the full document: the public privacy filter is\n // intentionally bypassed here (Spec §6.21). `exportTakuhon` with\n // `updateTimestamp: false` returns the stored document verbatim (raw\n // transport form, no envelope), so the body round-trips with\n // `importTakuhon` and preserves the real `meta.updatedAt`.\n const exported = exportTakuhon(stored.data, { updateTimestamp: false });\n\n const tokenHash = await getActorTokenHash(c);\n deps.auditLogger({\n type: 'admin.profile.export',\n timestamp: new Date().toISOString(),\n actor: { tokenHash },\n request: {\n method: 'GET',\n path: new URL(c.req.url).pathname,\n ip: c.req.header('cf-connecting-ip'),\n },\n result: { status: 200 },\n });\n\n // Surface the stored version so a form-based editor can load the full\n // document and its current version in a single request, then send it back\n // as `If-Match` on the next `PUT` for optimistic locking. Quoted per\n // RFC 7232, matching the public read endpoints and `stripETag`.\n c.header('etag', `\"${stored.version}\"`);\n return c.json(exported);\n });\n\n // Image upload (security.md §4). Registered only when an asset store is\n // configured; otherwise `POST /assets` falls through to the 404 handler.\n if (deps.assetStorage) {\n const assetStorage = deps.assetStorage;\n app.post('/assets', async (c) => {\n // Coarse pre-parse guard: reject before buffering the body when the\n // declared length already exceeds the limit plus a small multipart\n // overhead. The exact check on the decoded file size happens below.\n const declared = Number(c.req.header('content-length') ?? '');\n if (Number.isFinite(declared) && declared > MAX_IMAGE_BYTES + 8192) {\n return problemResponse(c, {\n slug: ERROR_SLUGS.payloadTooLarge,\n status: 413,\n title: 'Payload Too Large',\n detail: `Image exceeds the ${String(MAX_IMAGE_BYTES)}-byte limit.`,\n });\n }\n\n let form: FormData;\n try {\n form = await c.req.formData();\n } catch {\n return problemResponse(c, {\n slug: ERROR_SLUGS.badRequest,\n status: 400,\n title: 'Bad Request',\n detail: 'Request body must be multipart/form-data with a \"file\" field.',\n });\n }\n\n const file = form.get('file');\n if (!(file instanceof File)) {\n return problemResponse(c, {\n slug: ERROR_SLUGS.badRequest,\n status: 400,\n title: 'Bad Request',\n detail: 'Expected an uploaded file in the \"file\" field.',\n });\n }\n\n const bytes = new Uint8Array(await file.arrayBuffer());\n if (bytes.length > MAX_IMAGE_BYTES) {\n return problemResponse(c, {\n slug: ERROR_SLUGS.payloadTooLarge,\n status: 413,\n title: 'Payload Too Large',\n detail: `Image is ${String(bytes.length)} bytes; the limit is ${String(MAX_IMAGE_BYTES)}.`,\n });\n }\n\n // Authenticate the type from the bytes, not the declared Content-Type.\n const mime = detectImageMime(bytes);\n if (mime === null) {\n return problemResponse(c, {\n slug: ERROR_SLUGS.unsupportedMediaType,\n status: 415,\n title: 'Unsupported Media Type',\n detail: 'File is not an accepted image (JPEG, PNG, WebP, or GIF).',\n });\n }\n\n const info = readImageInfo(bytes, mime);\n if (info === null) {\n return problemResponse(c, {\n slug: ERROR_SLUGS.validationFailed,\n status: 422,\n title: 'Validation Failed',\n detail: 'Image header could not be parsed.',\n });\n }\n if (info.width > MAX_IMAGE_DIMENSION || info.height > MAX_IMAGE_DIMENSION) {\n return problemResponse(c, {\n slug: ERROR_SLUGS.validationFailed,\n status: 422,\n title: 'Validation Failed',\n detail: `Image is ${String(info.width)}×${String(info.height)}px; the limit is ${String(MAX_IMAGE_DIMENSION)}×${String(MAX_IMAGE_DIMENSION)}px.`,\n });\n }\n if (info.frames > MAX_IMAGE_FRAMES) {\n return problemResponse(c, {\n slug: ERROR_SLUGS.validationFailed,\n status: 422,\n title: 'Validation Failed',\n detail: `Image has ${String(info.frames)} frames; the limit is ${String(MAX_IMAGE_FRAMES)}.`,\n });\n }\n\n // Strip metadata (EXIF/IPTC/XMP/color profile) before handing the bytes\n // to the adapter, which persists them verbatim.\n const stripped = stripImageMetadata(bytes, mime);\n // `Uint8Array.from` yields an ArrayBuffer-backed array (not the\n // SharedArrayBuffer-possible `ArrayBufferLike`), so it is a valid BlobPart.\n const record = await assetStorage.putAsset(\n new Blob([Uint8Array.from(stripped)], { type: mime }),\n {\n filename: file.name,\n contentType: mime,\n },\n );\n\n const tokenHash = await getActorTokenHash(c);\n deps.auditLogger({\n type: 'admin.asset.upload',\n timestamp: new Date().toISOString(),\n actor: { tokenHash },\n request: {\n method: 'POST',\n path: new URL(c.req.url).pathname,\n ip: c.req.header('cf-connecting-ip'),\n },\n result: { status: 201 },\n asset: { key: record.id, mimeType: mime, size: stripped.length },\n });\n\n return c.json(record, 201);\n });\n }\n\n app.on(['POST', 'PATCH'], '/profile', (c) =>\n problemResponse(c, {\n slug: ERROR_SLUGS.methodNotAllowed,\n status: 405,\n title: 'Method Not Allowed',\n detail: `${c.req.method} ${new URL(c.req.url).pathname} is not supported on the admin app.`,\n }),\n );\n\n return app;\n}\n","import type { Context, Next } from 'hono';\n\nimport { ERROR_SLUGS, problemResponse } from '../error-envelope.js';\n\nimport type { AuditLogger } from './audit-logger.js';\n\n/**\n * Constant-time byte comparison.\n *\n * Iterates over `max(len(a), len(b))` bytes so wall-clock cost is independent\n * of *where* a mismatch occurs and of length differences (within the same\n * length class). Length-mismatch is folded into the accumulator so the\n * boolean result still discriminates correctly.\n *\n * This is intentionally a from-scratch implementation rather than\n * `crypto.subtle.timingSafeEqual`, which Cloudflare Workers exposes but\n * Node lacks — `@takuhon/api` is adapter-neutral.\n */\nexport function constantTimeEqual(a: Uint8Array, b: Uint8Array): boolean {\n const len = a.length > b.length ? a.length : b.length;\n let diff = a.length === b.length ? 0 : 1;\n for (let i = 0; i < len; i++) {\n const ai = a[i] ?? 0;\n const bi = b[i] ?? 0;\n diff |= ai ^ bi;\n }\n return diff === 0;\n}\n\n/** SHA-256 hex digest (lowercase) over a UTF-8 string. */\nexport async function sha256Hex(input: string): Promise<string> {\n const buf = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(input));\n const bytes = new Uint8Array(buf);\n let out = '';\n for (const b of bytes) {\n out += b.toString(16).padStart(2, '0');\n }\n return out;\n}\n\n/**\n * Extracts the Bearer token from the request and returns a stable\n * `sha256:<hex>` digest used as the actor identity in audit logs. Returns\n * `sha256:absent` when no token is present.\n */\nexport async function getActorTokenHash(c: Context): Promise<string> {\n const header = c.req.header('authorization') ?? '';\n const m = /^Bearer\\s+(.+)$/i.exec(header);\n const token = m?.[1] ?? '';\n if (token === '') return 'sha256:absent';\n return `sha256:${await sha256Hex(token)}`;\n}\n\nexport interface BearerMiddlewareOptions {\n /**\n * Source of the expected admin token. Returns `undefined` when the deploy\n * has not provisioned a secret — in that case every request is rejected,\n * mirroring \"no admin access\" semantics.\n */\n getAdminToken: () => string | undefined;\n auditLogger: AuditLogger;\n}\n\n/**\n * Hono middleware that gates downstream handlers on a constant-time Bearer\n * token check. Emits an audit event for both success and failure.\n */\nexport function bearerMiddleware(opts: BearerMiddlewareOptions) {\n return async (c: Context, next: Next): Promise<Response | void> => {\n const expected = opts.getAdminToken();\n const header = c.req.header('authorization') ?? '';\n const match = /^Bearer\\s+(.+)$/i.exec(header);\n const presented = match?.[1];\n\n const isOk =\n expected !== undefined &&\n presented !== undefined &&\n constantTimeEqual(new TextEncoder().encode(presented), new TextEncoder().encode(expected));\n\n const tokenHash = await getActorTokenHash(c);\n const baseRequest = {\n method: c.req.method,\n path: new URL(c.req.url).pathname,\n ip: c.req.header('cf-connecting-ip'),\n };\n\n if (!isOk) {\n opts.auditLogger({\n type: 'admin.auth.failure',\n timestamp: new Date().toISOString(),\n actor: { tokenHash },\n request: baseRequest,\n result: { status: 401 },\n });\n return problemResponse(c, {\n slug: ERROR_SLUGS.unauthorized,\n status: 401,\n title: 'Unauthorized',\n detail: 'Bearer token missing or invalid.',\n });\n }\n\n opts.auditLogger({\n type: 'admin.auth.success',\n timestamp: new Date().toISOString(),\n actor: { tokenHash },\n request: baseRequest,\n result: { status: 200 },\n });\n\n await next();\n };\n}\n","import type { Context, Next } from 'hono';\n\nimport { ERROR_SLUGS, problemResponse } from '../error-envelope.js';\n\nexport interface OriginMiddlewareOptions {\n /**\n * Returns the allowlist of admin Origins (e.g.\n * `['https://admin.example.com']`). Empty list disables the check —\n * deploys are expected to populate the env before going to production,\n * with the trade-off documented in the adapter README.\n */\n getAdminOrigins: () => string[];\n}\n\n/**\n * Hono middleware that enforces a same-origin / allowlisted-origin policy\n * when configured. Requests without an `Origin` header (curl, server-to-\n * server, native apps) are allowed through; the Bearer token is the primary\n * auth boundary and the absence of `Origin` is itself an indicator that the\n * request did not originate from a browser CSRF context.\n */\nexport function originMiddleware(opts: OriginMiddlewareOptions) {\n return async (c: Context, next: Next): Promise<Response | void> => {\n const allow = opts.getAdminOrigins();\n if (allow.length === 0) {\n await next();\n return;\n }\n const origin = c.req.header('origin');\n if (origin !== undefined && !allow.includes(origin)) {\n return problemResponse(c, {\n slug: ERROR_SLUGS.forbidden,\n status: 403,\n title: 'Forbidden',\n detail: `Origin ${origin} is not in the admin allowlist.`,\n });\n }\n await next();\n };\n}\n","import { Hono } from 'hono';\n\nimport { renderAdminHtml } from './admin-html.js';\n\n/**\n * Per-request CSP (security.md §1.3). Differs from the public CSP:\n * - `img-src` drops `data:` and adds `blob:` for client-side previews.\n * - `style-src` and `script-src` drop `unsafe-inline` and pin a nonce.\n * - `require-trusted-types-for 'script'` blocks DOM-XSS sinks.\n */\nfunction adminCsp(nonce: string): string {\n return [\n \"default-src 'self'\",\n \"img-src 'self' blob:\",\n `style-src 'self' 'nonce-${nonce}'`,\n `script-src 'self' 'nonce-${nonce}'`,\n \"font-src 'self'\",\n \"connect-src 'self'\",\n \"frame-ancestors 'none'\",\n \"base-uri 'self'\",\n \"form-action 'self'\",\n \"require-trusted-types-for 'script'\",\n 'upgrade-insecure-requests',\n ].join('; ');\n}\n\nfunction generateNonce(): string {\n const bytes = crypto.getRandomValues(new Uint8Array(16));\n let bin = '';\n for (const b of bytes) {\n bin += String.fromCharCode(b);\n }\n return btoa(bin);\n}\n\n/**\n * Hono factory for the `/admin` HTML editor. Mounted by adapters at\n * `/admin` (so the sub-app sees `/` as its root path). Each request gets a\n * freshly-generated nonce shared between the CSP header and the inline\n * `<style>` / `<script>` tags.\n */\nexport function createAdminUiApp(): Hono {\n const app = new Hono();\n\n app.get('/', (c) => {\n const nonce = generateNonce();\n c.header('strict-transport-security', 'max-age=63072000; includeSubDomains; preload');\n c.header('x-content-type-options', 'nosniff');\n c.header('x-frame-options', 'DENY');\n c.header('referrer-policy', 'strict-origin-when-cross-origin');\n c.header('permissions-policy', 'camera=(), microphone=(), geolocation=(), interest-cohort=()');\n c.header('content-security-policy', adminCsp(nonce));\n c.header('cache-control', 'private, no-store');\n return c.html(renderAdminHtml(nonce));\n });\n\n return app;\n}\n","/**\n * Inline HTML for the minimal admin editor served at `GET /admin`.\n *\n * Single-page, no build step: a token input, a JSON textarea, and\n * Load / Save (PUT) / Delete (DELETE) buttons. Nothing is loaded until the\n * owner enters the admin token and presses Load, which fetches the *full*\n * document from the authenticated `GET /api/admin/export` (the privacy filter\n * is bypassed there, so fields and links the public profile omits are editable\n * here and survive the next Save). The public `/takuhon.json` is deliberately\n * not used as the editor source: it is privacy-filtered, so loading from it\n * would silently drop non-public data the moment the owner saved.\n *\n * The page operates under a strict CSP (`script-src 'self' 'nonce-<n>'`,\n * `style-src 'self' 'nonce-<n>'`, `require-trusted-types-for 'script'`), so\n * both the inline `<script>` and `<style>` blocks carry the request-scoped\n * nonce. We avoid `innerHTML`/`eval` so Trusted Types is non-disruptive.\n */\nexport function renderAdminHtml(nonce: string): string {\n return `<!doctype html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n<title>takuhon admin</title>\n<style nonce=\"${nonce}\">\nbody { font-family: system-ui, -apple-system, sans-serif; max-width: 960px; margin: 2rem auto; padding: 0 1rem; color: #222; }\nh1 { font-size: 1.5rem; }\np.note { color: #555; }\nlabel { display: block; margin: 1rem 0 0.25rem; font-weight: 600; }\ninput[type=password], textarea { width: 100%; box-sizing: border-box; padding: 0.5rem; font-family: ui-monospace, SFMono-Regular, Menlo, monospace; font-size: 0.9rem; border: 1px solid #999; border-radius: 4px; }\ntextarea { min-height: 24rem; }\n.row { display: flex; gap: 0.5rem; margin-top: 1rem; }\nbutton { padding: 0.5rem 1rem; font-size: 0.95rem; border: 1px solid #444; background: #fafafa; border-radius: 4px; cursor: pointer; }\nbutton.danger { border-color: #b03; color: #b03; background: #fff5f5; }\n#status { margin-top: 1rem; padding: 0.75rem; border-radius: 4px; white-space: pre-wrap; word-break: break-word; }\n#status.ok { background: #e6f4ea; color: #1b5e20; border: 1px solid #82c891; }\n#status.err { background: #fdecea; color: #b71c1c; border: 1px solid #ef9a9a; }\nsmall.version { color: #555; }\n</style>\n</head>\n<body>\n<h1>takuhon admin</h1>\n<p class=\"note\">Enter your admin token, then <strong>Load</strong> to fetch the full <code>takuhon.json</code> document &mdash; including fields the public profile omits &mdash; for editing. <strong>Save</strong> writes it back; optimistic locking via <code>If-Match</code> guards concurrent edits. Nothing is loaded until you provide the token, and the token is never sent over the URL.</p>\n<label for=\"token\">Admin token</label>\n<input id=\"token\" type=\"password\" autocomplete=\"off\" spellcheck=\"false\">\n<label for=\"payload\">takuhon.json <small class=\"version\" id=\"versionLabel\"></small></label>\n<textarea id=\"payload\" spellcheck=\"false\" autocapitalize=\"off\" autocomplete=\"off\"></textarea>\n<div class=\"row\">\n <button id=\"reload\" type=\"button\">Load current</button>\n <button id=\"save\" type=\"button\">Save</button>\n <button id=\"delete\" type=\"button\" class=\"danger\">Delete profile</button>\n</div>\n<div id=\"status\" hidden></div>\n<script nonce=\"${nonce}\">\n(function () {\n var tokenEl = document.getElementById('token');\n var payloadEl = document.getElementById('payload');\n var versionEl = document.getElementById('versionLabel');\n var statusEl = document.getElementById('status');\n var ifMatch = '';\n\n function setStatus(message, ok) {\n statusEl.textContent = message;\n statusEl.className = ok ? 'ok' : 'err';\n statusEl.hidden = false;\n }\n function setVersion(etag) {\n ifMatch = etag || '';\n versionEl.textContent = ifMatch ? '(current version: ' + ifMatch + ')' : '(no stored version)';\n }\n function getToken() {\n var t = tokenEl.value.trim();\n if (!t) { setStatus('Admin token is required.', false); return null; }\n return t;\n }\n async function loadCurrent() {\n var token = getToken();\n if (!token) return;\n try {\n // The authenticated full export, NOT the public /takuhon.json: the latter\n // is privacy-filtered, so editing it would drop non-public data on Save.\n var res = await fetch('/api/admin/export', {\n cache: 'no-store',\n headers: { 'Authorization': 'Bearer ' + token }\n });\n if (res.status === 404) {\n // No profile stored yet. Start from an empty editor; Save creates it.\n setVersion('');\n payloadEl.value = '';\n setStatus('No profile stored yet. Paste a takuhon.json document and Save to create it.', true);\n return;\n }\n if (!res.ok) {\n var err = await res.json().catch(function () { return null; });\n setStatus('Failed to load profile (' + res.status + '): ' + (err ? JSON.stringify(err, null, 2) : 'check the admin token'), false);\n return;\n }\n setVersion(res.headers.get('etag'));\n var json = await res.json();\n payloadEl.value = JSON.stringify(json, null, 2);\n setStatus('Loaded the full profile for editing.', true);\n } catch (e) {\n setStatus('Network error loading profile: ' + (e && e.message ? e.message : String(e)), false);\n }\n }\n async function save() {\n var token = getToken();\n if (!token) return;\n var body;\n try {\n body = JSON.parse(payloadEl.value);\n } catch (e) {\n setStatus('JSON parse error: ' + (e && e.message ? e.message : String(e)), false);\n return;\n }\n var headers = { 'Content-Type': 'application/json', 'Authorization': 'Bearer ' + token };\n if (ifMatch) headers['If-Match'] = ifMatch;\n try {\n var res = await fetch('/api/admin/profile', { method: 'PUT', headers: headers, body: JSON.stringify(body) });\n var json = await res.json().catch(function () { return null; });\n if (res.ok && json && json.meta && json.meta.version) {\n setVersion('\"' + json.meta.version + '\"');\n setStatus('Saved. New version: ' + json.meta.version, true);\n } else {\n setStatus('Save failed (' + res.status + '): ' + (json ? JSON.stringify(json, null, 2) : 'no body'), false);\n }\n } catch (e) {\n setStatus('Network error during save: ' + (e && e.message ? e.message : String(e)), false);\n }\n }\n async function deleteProfile() {\n var token = getToken();\n if (!token) return;\n if (!confirm('Delete the profile? The bundled onboarding fixture will be shown until you save a new document.')) return;\n var headers = { 'Authorization': 'Bearer ' + token };\n try {\n var res = await fetch('/api/admin/profile', { method: 'DELETE', headers: headers });\n if (res.ok) {\n payloadEl.value = '';\n setVersion('');\n setStatus('Deleted.', true);\n } else {\n var json = await res.json().catch(function () { return null; });\n setStatus('Delete failed (' + res.status + '): ' + (json ? JSON.stringify(json, null, 2) : 'no body'), false);\n }\n } catch (e) {\n setStatus('Network error during delete: ' + (e && e.message ? e.message : String(e)), false);\n }\n }\n\n document.getElementById('save').addEventListener('click', save);\n document.getElementById('delete').addEventListener('click', deleteProfile);\n document.getElementById('reload').addEventListener('click', loadCurrent);\n // No auto-load: the editor stays empty until the owner enters the admin token\n // and presses Load. Nothing about the profile is fetched without the token.\n})();\n</script>\n</body>\n</html>\n`;\n}\n","/**\n * Strict admin Content-Security-Policy + security headers for a *bundled*\n * admin SPA served from static assets (security.md §1.2 admin pages).\n *\n * Unlike {@link createAdminUiApp}'s per-request policy, this variant carries no\n * nonce: the SPA's scripts and styles are external, same-origin files, so\n * `script-src 'self'` / `style-src 'self'` cover them without `'unsafe-inline'`.\n * `require-trusted-types-for 'script'` is retained to block DOM-XSS sinks.\n */\nconst ADMIN_ASSET_CSP = [\n \"default-src 'self'\",\n \"img-src 'self' blob:\",\n \"style-src 'self'\",\n \"script-src 'self'\",\n \"font-src 'self'\",\n \"connect-src 'self'\",\n \"frame-ancestors 'none'\",\n \"base-uri 'self'\",\n \"form-action 'self'\",\n \"require-trusted-types-for 'script'\",\n 'upgrade-insecure-requests',\n].join('; ');\n\n/**\n * Response headers to attach to admin SPA asset responses. Adapters serving the\n * bundle (e.g. Cloudflare Workers Assets) clone the asset response and apply\n * these so the admin origin keeps the strict CSP and is never cached.\n */\nexport function adminAssetSecurityHeaders(): Record<string, string> {\n return {\n 'strict-transport-security': 'max-age=63072000; includeSubDomains; preload',\n 'x-content-type-options': 'nosniff',\n 'x-frame-options': 'DENY',\n 'referrer-policy': 'strict-origin-when-cross-origin',\n 'permissions-policy': 'camera=(), microphone=(), geolocation=(), interest-cohort=()',\n 'content-security-policy': ADMIN_ASSET_CSP,\n 'cache-control': 'private, no-store',\n };\n}\n","/**\n * Structured audit-log emitter for admin actions (per security.md §5).\n *\n * Covers the auth, profile-write, and asset events. Adapters bind a concrete\n * sink (Cloudflare uses `console.log`, which Workers Tail / Logpush captures);\n * tests inject a `vi.fn()` recorder.\n */\nexport type AuditEventType =\n | 'admin.auth.success'\n | 'admin.auth.failure'\n | 'admin.profile.update'\n | 'admin.profile.delete'\n | 'admin.profile.export'\n | 'admin.asset.upload'\n | 'admin.asset.delete'\n | 'admin.cache.purge';\n\nexport interface AuditEvent {\n type: AuditEventType;\n /** ISO-8601 UTC timestamp generated at the call site. */\n timestamp: string;\n /**\n * Actor identity. `tokenHash` is `sha256:<hex>` over the presented Bearer\n * token, or `sha256:absent` when no token was supplied. The raw token is\n * never logged.\n */\n actor?: { tokenHash: string };\n request: {\n method: string;\n path: string;\n /** Originating client IP from `cf-connecting-ip`; undefined off-Cloudflare. */\n ip?: string;\n };\n result: {\n status: number;\n /** Opaque storage version emitted by `TakuhonStorage.saveProfile`. */\n version?: string;\n };\n /**\n * Asset details for `admin.asset.upload` / `admin.asset.delete` events\n * (security.md §5: object key, MIME, and size). Absent for other events.\n */\n asset?: {\n key: string;\n mimeType?: string;\n size?: number;\n };\n}\n\nexport type AuditLogger = (event: AuditEvent) => void;\n\n/** Default sink that discards events; useful for tests and bare runtimes. */\nexport const noopAuditLogger: AuditLogger = () => {\n /* no-op */\n};\n","/**\n * Cache invalidation contract for admin write paths.\n *\n * `@takuhon/api` stays adapter-neutral, so the actual edge-cache calls live\n * in each adapter (Cloudflare's `caches.default.delete`, future runtimes'\n * equivalents). Tests inject a recording implementation to assert that the\n * admin handlers fire the right purge after a successful write.\n */\nexport interface CachePurger {\n /** Called after a successful `PUT /api/admin/profile`. */\n profileUpdated(): Promise<void>;\n /** Called after a successful `DELETE /api/admin/profile`. */\n profileDeleted(): Promise<void>;\n}\n\n/**\n * No-op default: callers that don't run on an edge cache (Node dev server,\n * unit tests that don't care about purge calls) can pass this in.\n */\nexport const noopCachePurger: CachePurger = {\n profileUpdated: () => Promise.resolve(),\n profileDeleted: () => Promise.resolve(),\n};\n","/**\n * Shared static-site generation for `takuhon build` and `takuhon dev`.\n *\n * {@link generateSite} turns one validated, normalized, privacy-filtered profile\n * into the full set of pages the static surface exposes: one per available\n * locale. `build` writes each page's {@link SitePage.file} to disk; `dev` serves\n * each page's {@link SitePage.route} from memory. Keeping the per-locale loop,\n * the locale switcher links, and the canonical/hreflang logic here means both\n * commands share a single source of truth for the site's structure — the only\n * difference between them is disk write vs. in-memory serve.\n *\n * This reuses `@takuhon/core` only (validate/normalize/resolve happen upstream;\n * this module just resolves each locale and renders), so it stays bundler-free\n * and unit-testable as a pure function.\n */\n\nimport type { ActivitySnapshot, NormalizedTakuhon } from '@takuhon/core';\nimport { deriveCv, resolveLocale } from '@takuhon/core';\n\nimport { renderProfileHtml, type Alternate, type LocaleLink } from './build-html.js';\nimport { renderCvHtml } from './cv-html.js';\n\n/** One generated page: a serve route, a relative output file, and its HTML. */\nexport interface SitePage {\n /** URL path used by `dev` (default locale at `/`, others at `/<locale>/`). */\n readonly route: string;\n /** Output path used by `build`, relative to the output dir. */\n readonly file: string;\n /** Rendered HTML document. */\n readonly html: string;\n}\n\nexport interface GenerateOptions {\n /**\n * Site origin (e.g. `https://me.example`). When set, pages carry absolute\n * canonical + hreflang links; when absent those are omitted (the human locale\n * switcher is always relative either way).\n */\n readonly baseUrl?: string;\n /**\n * Synced developer-activity snapshot (the `activity.json` beside the\n * profile). Rendered as an inline-SVG section only while\n * `settings.activity.enabled` is true — the same opt-in gate the public\n * `GET /api/activity` applies — so disabling the feature drops the section\n * even if a stale snapshot remains on disk. The snapshot is locale-agnostic\n * and shared by every page.\n */\n readonly activitySnapshot?: ActivitySnapshot | null;\n /**\n * Also emit a print-ready CV/résumé page per locale (the default locale at\n * `cv.html` / route `/cv/`, others at `<locale>/cv.html` / `/<locale>/cv/`).\n * `takuhon build` gates this behind `--cv`; `takuhon dev` always enables it so\n * the page is previewable. Off by default, so a plain build is unchanged.\n */\n readonly cv?: boolean;\n}\n\n/**\n * Generate every page for a profile: the default locale first, then the rest,\n * de-duplicated. Schema.org JSON-LD is emitted unless `settings.enableJsonLd`\n * is explicitly `false`.\n */\nexport function generateSite(\n profile: NormalizedTakuhon,\n options: GenerateOptions = {},\n): SitePage[] {\n const { baseUrl } = options;\n const defaultLocale = profile.settings.defaultLocale;\n // Default locale first, then the rest, de-duplicated.\n const locales = [...new Set([defaultLocale, ...profile.settings.availableLocales])];\n const jsonLd = profile.settings.enableJsonLd !== false;\n const activitySnapshot =\n profile.settings.activity?.enabled === true\n ? (options.activitySnapshot ?? undefined)\n : undefined;\n\n const pages: SitePage[] = [];\n for (const locale of locales) {\n const localized = resolveLocale(profile, locale);\n const isDefault = locale === defaultLocale;\n\n const localeNav: LocaleLink[] = locales.map((to) => ({\n locale: to,\n href: localeHref(locale, to, defaultLocale),\n current: to === locale,\n }));\n const canonicalUrl = baseUrl ? absoluteUrl(baseUrl, locale, defaultLocale) : undefined;\n const alternates: Alternate[] = baseUrl ? buildAlternates(baseUrl, locales, defaultLocale) : [];\n\n const html = renderProfileHtml({\n localized,\n canonicalUrl,\n alternates,\n localeNav,\n jsonLd,\n activitySnapshot,\n });\n pages.push({\n route: isDefault ? '/' : `/${locale}/`,\n file: isDefault ? 'index.html' : `${locale}/index.html`,\n html,\n });\n\n if (options.cv === true) {\n pages.push({\n route: isDefault ? '/cv/' : `/${locale}/cv/`,\n file: isDefault ? 'cv.html' : `${locale}/cv.html`,\n html: renderCvHtml(deriveCv(localized)),\n });\n }\n }\n return pages;\n}\n\n/** Absolute URL for a locale's page (default locale lives at the site root). */\nfunction absoluteUrl(baseUrl: string, locale: string, defaultLocale: string): string {\n return locale === defaultLocale ? `${baseUrl}/` : `${baseUrl}/${locale}/`;\n}\n\n/** hreflang alternates for every locale plus an `x-default` pointing at the default. */\nfunction buildAlternates(\n baseUrl: string,\n locales: readonly string[],\n defaultLocale: string,\n): Alternate[] {\n const alternates: Alternate[] = locales.map((locale) => ({\n hreflang: locale,\n href: absoluteUrl(baseUrl, locale, defaultLocale),\n }));\n alternates.push({\n hreflang: 'x-default',\n href: absoluteUrl(baseUrl, defaultLocale, defaultLocale),\n });\n return alternates;\n}\n\n/**\n * Depth-correct relative link from the page for `from` to the page for `to`,\n * for the human locale switcher. Always relative (independent of `baseUrl`)\n * so the switcher works regardless of where the site is hosted: the default\n * locale lives at the root, every other locale one directory deep.\n */\nfunction localeHref(from: string, to: string, defaultLocale: string): string {\n const fromRoot = from === defaultLocale;\n const toRoot = to === defaultLocale;\n if (fromRoot) return toRoot ? './' : `${to}/`;\n return toRoot ? '../' : `../${to}/`;\n}\n","/**\n * Pure HTML rendering of a {@link CvDocument} for `takuhon build --cv`.\n *\n * {@link renderCvHtml} turns one locale-resolved CV (from `@takuhon/core`'s\n * {@link deriveCv}) into a complete, self-contained static HTML résumé: an\n * inline stylesheet sized for A4 with an `@media print` block, so the page\n * reads well on screen and the browser's \"Save as PDF\" produces a clean,\n * single-column résumé. No external resources are referenced, so the page works\n * under a strict `img-src 'self'` / no-network policy (the same self-owned\n * stance the profile page and the activity card take).\n *\n * Security: every CV-derived string is escaped before it reaches the markup\n * ({@link escapeHtml}), and any URL is scheme-checked ({@link safeUrl}) so a\n * hostile document cannot smuggle a `javascript:` href into the résumé.\n */\n\nimport type { CvDocument, CvSection, LocalizedLanguage } from '@takuhon/core';\n\nimport { dateRange, escapeHtml, nonEmpty, safeUrl } from './html-helpers.js';\n\n/** Heading shown for each section, by `kind`. Plain English (CV chrome). */\nconst SECTION_TITLES: Record<CvSection['kind'], string> = {\n experience: 'Experience',\n education: 'Education',\n skills: 'Skills',\n certifications: 'Certifications',\n publications: 'Publications',\n honors: 'Honors & Awards',\n courses: 'Courses',\n patents: 'Patents',\n languages: 'Languages',\n volunteering: 'Volunteering',\n memberships: 'Memberships',\n};\n\n// A4-sized, single-column résumé. The screen view is centered on a neutral\n// backdrop; the print view drops the backdrop/margins so the page fills the\n// sheet, and `break-inside: avoid` keeps entries from splitting across pages.\nconst CSS = `:root{--fg:#1a1a1a;--muted:#555;--accent:#0b5fff;--line:#d9d9d9}\n*{box-sizing:border-box}\nbody{margin:0;background:#f3f4f6;color:var(--fg);font:13px/1.5 system-ui,-apple-system,\"Segoe UI\",Roboto,sans-serif}\nmain{background:#fff;width:210mm;min-height:297mm;margin:1.5rem auto;padding:18mm 16mm;box-shadow:0 1px 6px rgba(0,0,0,.15)}\nh1{font-size:1.7rem;margin:0}\n.tagline{font-size:1.05rem;color:var(--muted);margin:.15rem 0 0}\n.contact{color:var(--muted);font-size:.85rem;margin:.4rem 0 0;display:flex;flex-wrap:wrap;gap:.25rem 1rem}\n.contact a{color:var(--accent)}\n.bio{margin:.75rem 0 0}\nheader{border-bottom:2px solid var(--fg);padding-bottom:.6rem;margin-bottom:.4rem}\nsection{margin-top:1.1rem}\nh2{font-size:.95rem;text-transform:uppercase;letter-spacing:.05em;color:var(--accent);border-bottom:1px solid var(--line);margin:0 0 .5rem;padding-bottom:.15rem}\nul{padding:0;margin:0;list-style:none}\n.entry{margin:0 0 .7rem;break-inside:avoid}\n.entry .row{display:flex;justify-content:space-between;gap:1rem;align-items:baseline}\n.entry h3{font-size:.95rem;margin:0}\n.entry .dates{color:var(--muted);font-size:.8rem;white-space:nowrap}\n.entry .sub{color:var(--muted);margin:.05rem 0}\n.entry p{margin:.2rem 0 0}\n.entry a{color:var(--accent)}\n.chips{display:flex;flex-wrap:wrap;gap:.3rem}\n.chips li{border:1px solid var(--line);border-radius:1rem;padding:.05rem .55rem;font-size:.8rem}\n@media print{\n body{background:#fff}\n main{width:auto;min-height:0;margin:0;padding:0;box-shadow:none}\n a{color:var(--fg)}\n}\n@page{size:A4;margin:14mm}`;\n\n/** One résumé entry: a heading row (title + dates), an optional sub line, body. */\ninterface CvEntryView {\n heading: string;\n url?: string;\n dates?: string;\n sub?: string;\n body?: string;\n}\n\nfunction renderEntry(entry: CvEntryView): string {\n const href = entry.url ? safeUrl(entry.url) : undefined;\n const title = href\n ? `<a href=\"${escapeHtml(href)}\">${escapeHtml(entry.heading)}</a>`\n : escapeHtml(entry.heading);\n const dates = entry.dates ? `<span class=\"dates\">${escapeHtml(entry.dates)}</span>` : '';\n const parts = [`<div class=\"row\"><h3>${title}</h3>${dates}</div>`];\n if (entry.sub) parts.push(`<p class=\"sub\">${escapeHtml(entry.sub)}</p>`);\n if (entry.body) parts.push(`<p>${escapeHtml(entry.body)}</p>`);\n return `<li class=\"entry\">${parts.join('')}</li>`;\n}\n\nfunction entryListSection(title: string, entries: readonly CvEntryView[]): string {\n return `<section><h2>${escapeHtml(title)}</h2><ul>${entries.map(renderEntry).join('')}</ul></section>`;\n}\n\n/** Skills / languages render as compact chip rows rather than dated entries. */\nfunction chipSection(title: string, labels: readonly string[]): string {\n const chips = labels.map((l) => `<li>${escapeHtml(l)}</li>`).join('');\n return `<section><h2>${escapeHtml(title)}</h2><ul class=\"chips\">${chips}</ul></section>`;\n}\n\nfunction languageLabel(l: LocalizedLanguage): string {\n return `${l.displayName ?? l.language} — ${l.proficiency}`;\n}\n\n/** Render one CV section to its `<section>` markup, dispatching on `kind`. */\nfunction renderSection(section: CvSection): string {\n const title = SECTION_TITLES[section.kind];\n switch (section.kind) {\n case 'experience':\n return entryListSection(\n title,\n section.entries.map((c) => ({\n heading: c.role,\n sub: c.organization,\n dates: dateRange(c.startDate, c.endDate, c.isCurrent),\n body: c.description,\n url: c.url,\n })),\n );\n case 'education':\n return entryListSection(\n title,\n section.entries.map((e) => {\n const degree = nonEmpty([e.degree, e.fieldOfStudy], ', ');\n return {\n heading: degree ?? e.institution,\n sub: degree ? e.institution : undefined,\n dates: dateRange(e.startDate, e.endDate, e.isCurrent),\n body: e.description,\n url: e.url,\n };\n }),\n );\n case 'skills':\n return chipSection(\n title,\n section.entries.map((s) => s.label),\n );\n case 'languages':\n return chipSection(title, section.entries.map(languageLabel));\n case 'certifications':\n return entryListSection(\n title,\n section.entries.map((c) => ({\n heading: c.title,\n sub: c.issuingOrganization,\n dates: dateRange(c.issueDate, c.expirationDate),\n url: c.url,\n })),\n );\n case 'publications':\n return entryListSection(\n title,\n section.entries.map((x) => ({\n heading: x.title,\n sub: nonEmpty([x.publisher, x.coAuthors?.join(', ')], ' · '),\n dates: dateRange(x.date),\n body: x.description,\n url: x.url ?? (x.doi ? `https://doi.org/${x.doi}` : undefined),\n })),\n );\n case 'honors':\n return entryListSection(\n title,\n section.entries.map((x) => ({\n heading: x.title,\n sub: x.issuer,\n dates: dateRange(x.date),\n body: x.description,\n url: x.url,\n })),\n );\n case 'courses':\n return entryListSection(\n title,\n section.entries.map((x) => ({\n heading: x.title,\n sub: x.provider,\n dates: dateRange(x.completionDate),\n body: x.description,\n url: x.certificateUrl,\n })),\n );\n case 'patents':\n return entryListSection(\n title,\n section.entries.map((x) => ({\n heading: x.title,\n sub: nonEmpty([x.patentNumber, x.office, x.status], ' · '),\n dates: dateRange(x.filingDate ?? x.grantDate),\n body: x.description,\n url: x.url,\n })),\n );\n case 'volunteering':\n return entryListSection(\n title,\n section.entries.map((x) => ({\n heading: x.role,\n sub: nonEmpty([x.organization, x.cause], ' · '),\n dates: dateRange(x.startDate, x.endDate, x.isCurrent),\n body: x.description,\n url: x.url,\n })),\n );\n case 'memberships':\n return entryListSection(\n title,\n section.entries.map((x) => ({\n heading: x.role ?? x.organization,\n sub: x.role ? x.organization : undefined,\n dates: dateRange(x.startDate, x.endDate, x.isCurrent),\n body: x.description,\n url: x.url,\n })),\n );\n }\n}\n\nfunction renderHeader(cv: CvDocument): string {\n const h = cv.header;\n const parts = [`<h1>${escapeHtml(h.displayName)}</h1>`];\n if (h.tagline) parts.push(`<p class=\"tagline\">${escapeHtml(h.tagline)}</p>`);\n\n const contact: string[] = [];\n if (h.location) contact.push(`<span>${escapeHtml(h.location)}</span>`);\n if (h.email) {\n contact.push(`<a href=\"mailto:${escapeHtml(h.email)}\">${escapeHtml(h.email)}</a>`);\n }\n const formHref = h.formUrl ? safeUrl(h.formUrl) : undefined;\n if (formHref) contact.push(`<a href=\"${escapeHtml(formHref)}\">Contact</a>`);\n if (contact.length > 0) parts.push(`<div class=\"contact\">${contact.join('')}</div>`);\n\n if (h.bio) parts.push(`<p class=\"bio\">${escapeHtml(h.bio)}</p>`);\n return `<header>${parts.join('')}</header>`;\n}\n\n/** Render a complete static HTML résumé document for one locale-resolved CV. */\nexport function renderCvHtml(cv: CvDocument): string {\n const title = `${cv.header.displayName} — CV`;\n const body = [renderHeader(cv), ...cv.sections.map(renderSection)].join('\\n');\n return (\n `<!DOCTYPE html>\\n<html lang=\"${escapeHtml(cv.resolvedLocale)}\">\\n<head>\\n` +\n ` <meta charset=\"utf-8\">\\n` +\n ` <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\\n` +\n ` <title>${escapeHtml(title)}</title>\\n` +\n ` <style>${CSS}</style>\\n</head>\\n` +\n `<body>\\n<main>\\n${body}\\n</main>\\n</body>\\n</html>\\n`\n );\n}\n"],"mappings":";AAQO,IAAM,cAAc;AAAA,EACzB,YAAY;AAAA,EACZ,cAAc;AAAA,EACd,WAAW;AAAA,EACX,UAAU;AAAA,EACV,kBAAkB;AAAA,EAClB,UAAU;AAAA,EACV,iBAAiB;AAAA,EACjB,sBAAsB;AAAA,EACtB,kBAAkB;AAAA,EAClB,iBAAiB;AAAA,EACjB,UAAU;AAAA,EACV,oBAAoB;AACtB;AAIA,IAAM,YAAY;AA2BX,SAAS,aAAa,OAA0C;AACrE,QAAM,MAAsB;AAAA,IAC1B,MAAM,GAAG,SAAS,IAAI,MAAM,IAAI;AAAA,IAChC,OAAO,MAAM;AAAA,IACb,QAAQ,MAAM;AAAA,IACd,QAAQ,MAAM;AAAA,IACd,UAAU,MAAM;AAAA,EAClB;AACA,MAAI,MAAM,WAAW,OAAW,KAAI,SAAS,MAAM;AACnD,MAAI,MAAM,mBAAmB,OAAW,KAAI,iBAAiB,MAAM;AACnE,SAAO;AACT;AAWO,SAAS,gBAAgB,GAAY,OAAuC;AACjF,QAAM,OAAO,aAAa;AAAA,IACxB,MAAM,MAAM;AAAA,IACZ,QAAQ,MAAM;AAAA,IACd,OAAO,MAAM;AAAA,IACb,QAAQ,MAAM;AAAA,IACd,UAAU,IAAI,IAAI,EAAE,IAAI,GAAG,EAAE;AAAA,IAC7B,QAAQ,MAAM;AAAA,IACd,gBAAgB,MAAM;AAAA,EACxB,CAAC;AACD,SAAO,EAAE,KAAK,KAAK,UAAU,IAAI,GAAG,MAAM,QAAQ;AAAA,IAChD,gBAAgB;AAAA,EAClB,CAAC;AACH;;;ACvFA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA,kBAAAA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OAIK;AACP,SAAS,YAAY;;;ACOrB,SAAS,gBAAgB,yBAAyB;;;ACX3C,SAAS,WAAW,OAAuB;AAChD,SAAO,MACJ,QAAQ,MAAM,OAAO,EACrB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,QAAQ,EACtB,QAAQ,MAAM,OAAO;AAC1B;AAUO,SAAS,QAAQ,KAAiC;AACvD,QAAM,UAAU,IAAI,KAAK;AACzB,QAAM,SAAS,8BAA8B,KAAK,OAAO,IAAI,CAAC,GAAG,YAAY;AAC7E,MAAI,WAAW,OAAW,QAAO;AACjC,SAAO,WAAW,UAAU,WAAW,WAAW,WAAW,WAAW,UAAU;AACpF;AAGO,SAAS,UAAU,OAAgB,KAAqB,WAA6B;AAC1F,QAAM,OAAO,SAAS;AACtB,QAAM,QAAQ,cAAc,QAAQ,QAAQ,OAAO,YAAa,OAAO;AACvE,MAAI,QAAQ,MAAO,QAAO,GAAG,IAAI,WAAM,KAAK;AAC5C,SAAO,QAAQ;AACjB;AAGO,SAAS,SACd,QACA,WACoB;AACpB,QAAM,SAAS,OACZ,OAAO,CAAC,MAAmB,OAAO,MAAM,YAAY,EAAE,SAAS,CAAC,EAChE,KAAK,SAAS;AACjB,SAAO,OAAO,SAAS,IAAI,SAAS;AACtC;;;ADcA,SAAS,aAAa,MAAsB;AAC1C,SAAO,KAAK,QAAQ,MAAM,SAAS,EAAE,QAAQ,MAAM,SAAS,EAAE,QAAQ,MAAM,SAAS;AACvF;AAEA,IAAM,MAAM;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAmCZ,SAAS,YAAY,OAA0B;AAC7C,QAAM,OAAO,MAAM,MAAM,QAAQ,MAAM,GAAG,IAAI;AAC9C,QAAM,UAAU,OACZ,YAAY,WAAW,IAAI,CAAC,KAAK,WAAW,MAAM,OAAO,CAAC,SAC1D,WAAW,MAAM,OAAO;AAC5B,QAAM,QAAQ,CAAC,OAAO,OAAO,OAAO;AACpC,MAAI,MAAM,IAAK,OAAM,KAAK,kBAAkB,WAAW,MAAM,GAAG,CAAC,MAAM;AACvE,MAAI,MAAM,MAAO,OAAM,KAAK,mBAAmB,WAAW,MAAM,KAAK,CAAC,MAAM;AAC5E,MAAI,MAAM,KAAM,OAAM,KAAK,MAAM,WAAW,MAAM,IAAI,CAAC,MAAM;AAC7D,MAAI,MAAM,QAAQ,MAAM,KAAK,SAAS,GAAG;AACvC,UAAM;AAAA,MACJ,oBAAoB,MAAM,KAAK,IAAI,CAAC,MAAM,OAAO,WAAW,CAAC,CAAC,OAAO,EAAE,KAAK,EAAE,CAAC;AAAA,IACjF;AAAA,EACF;AACA,SAAO,OAAO,MAAM,KAAK,EAAE,CAAC;AAC9B;AAGA,SAAS,UAAU,OAAe,SAAuC;AACvE,MAAI,QAAQ,WAAW,EAAG,QAAO;AACjC,SAAO,gBAAgB,WAAW,KAAK,CAAC,4BAA4B,QACjE,IAAI,WAAW,EACf,KAAK,EAAE,CAAC;AACb;AAEA,SAAS,aAAa,GAA6B;AACjD,QAAM,QAAkB,CAAC;AACzB,QAAM,YAAY,EAAE,QAAQ,MAAM,QAAQ,EAAE,OAAO,GAAG,IAAI;AAC1D,MAAI,WAAW;AACb,UAAM;AAAA,MACJ,4BAA4B,WAAW,SAAS,CAAC,UAAU,WAAW,EAAE,QAAQ,OAAO,EAAE,CAAC;AAAA,IAC5F;AAAA,EACF;AACA,QAAM,KAAK,OAAO,WAAW,EAAE,WAAW,CAAC,OAAO;AAClD,MAAI,EAAE,QAAS,OAAM,KAAK,sBAAsB,WAAW,EAAE,OAAO,CAAC,MAAM;AAC3E,MAAI,EAAE,UAAU,QAAS,OAAM,KAAK,uBAAuB,WAAW,EAAE,SAAS,OAAO,CAAC,MAAM;AAC/F,MAAI,EAAE,IAAK,OAAM,KAAK,kBAAkB,WAAW,EAAE,GAAG,CAAC,MAAM;AAC/D,SAAO,WAAW,MAAM,KAAK,EAAE,CAAC;AAClC;AAEA,SAAS,YAAY,OAA0C;AAC7D,MAAI,MAAM,WAAW,EAAG,QAAO;AAC/B,QAAM,QAAQ,MACX,IAAI,CAAC,MAAM;AACV,UAAM,OAAO,WAAW,EAAE,SAAS,EAAE,GAAG;AACxC,UAAM,OAAO,QAAQ,EAAE,GAAG;AAC1B,WAAO,OAAO,gBAAgB,WAAW,IAAI,CAAC,KAAK,IAAI,cAAc,OAAO,IAAI;AAAA,EAClF,CAAC,EACA,KAAK,EAAE;AACV,SAAO,6CAA6C,KAAK;AAC3D;AAEA,SAAS,aAAa,QAA4C;AAChE,MAAI,OAAO,WAAW,EAAG,QAAO;AAChC,QAAM,QAAQ,OAAO,IAAI,CAAC,MAAM,OAAO,WAAW,EAAE,KAAK,CAAC,OAAO,EAAE,KAAK,EAAE;AAC1E,SAAO,8CAA8C,KAAK;AAC5D;AAEA,SAAS,gBAAgB,WAAkD;AACzE,MAAI,UAAU,WAAW,EAAG,QAAO;AACnC,QAAM,QAAQ,UACX,IAAI,CAAC,MAAM,OAAO,WAAW,GAAG,EAAE,eAAe,EAAE,QAAQ,WAAM,EAAE,WAAW,EAAE,CAAC,OAAO,EACxF,KAAK,EAAE;AACV,SAAO,kDAAkD,KAAK;AAChE;AAEA,SAAS,sBAAsB,MAAmD;AAChF,MAAI,KAAK,WAAW,EAAG,QAAO;AAC9B,QAAM,QAAQ,KACX,IAAI,CAAC,MAAM;AACV,UAAM,aAAa,EAAE,OAAO,MAAM,QAAQ,EAAE,OAAO,GAAG,IAAI;AAC1D,UAAM,OAAO,aACT,YAAY,WAAW,UAAU,CAAC,KAAK,WAAW,EAAE,OAAO,IAAI,CAAC,SAChE,WAAW,EAAE,OAAO,IAAI;AAC5B,UAAM,UAAU,CAAC,MAAM,EAAE,OAAO,WAAW,WAAW,EAAE,OAAO,QAAQ,IAAI,EAAE,EAC1E,OAAO,OAAO,EACd,KAAK,IAAI;AACZ,UAAM,MAAM,EAAE,eAAe,KAAK,WAAW,EAAE,YAAY,CAAC,MAAM;AAClE,WAAO,mCAAmC,WAAW,EAAE,IAAI,CAAC,mCAA8B,OAAO,GAAG,GAAG;AAAA,EACzG,CAAC,EACA,KAAK,EAAE;AACV,SAAO,oCAAoC,KAAK;AAClD;AAEA,SAAS,cAAc,SAA8C;AACnE,QAAM,QAAkB,CAAC;AACzB,MAAI,QAAQ,OAAO;AACjB,UAAM;AAAA,MACJ,uBAAuB,WAAW,QAAQ,KAAK,CAAC,KAAK,WAAW,QAAQ,KAAK,CAAC;AAAA,IAChF;AAAA,EACF;AACA,QAAM,WAAW,QAAQ,UAAU,QAAQ,QAAQ,OAAO,IAAI;AAC9D,MAAI,UAAU;AACZ,UAAM,KAAK,gBAAgB,WAAW,QAAQ,CAAC,yBAAyB;AAAA,EAC1E;AACA,MAAI,MAAM,WAAW,EAAG,QAAO;AAC/B,SAAO,gDAAgD,MAAM,KAAK,EAAE,CAAC;AACvE;AAQA,SAAS,eAAe,UAAgD;AACtE,MAAI,CAAC,SAAU,QAAO;AACtB,QAAM,MAAM,kBAAkB,QAAQ;AACtC,MAAI,QAAQ,GAAI,QAAO;AACvB,SAAO,8CAA8C,GAAG;AAC1D;AAEA,SAAS,mBAAmB,MAAgC;AAC1D,QAAM,UAAU,KAAK,UAAU,eAAe,IAAI,CAAC;AACnD,SAAO,sCAAsC,aAAa,OAAO,CAAC;AACpE;AAEA,SAAS,gBAAgB,WAA0C;AACjE,QAAM,QAAQ,UACX;AAAA,IAAI,CAAC,MACJ,EAAE,UACE,6BAA6B,WAAW,EAAE,MAAM,CAAC,YACjD,YAAY,WAAW,EAAE,IAAI,CAAC,KAAK,WAAW,EAAE,MAAM,CAAC;AAAA,EAC7D,EACC,KAAK,EAAE;AACV,SAAO,8CAA8C,KAAK;AAC5D;AAGO,SAAS,kBAAkB,OAA4B;AAC5D,QAAM,IAAI,MAAM;AAChB,QAAM,IAAI,EAAE;AACZ,QAAM,cAAc,EAAE,WAAW,EAAE,OAAO;AAE1C,QAAM,OAAO;AAAA,IACX;AAAA,IACA;AAAA,IACA,UAAU,WAAW,EAAE,WAAW,CAAC;AAAA,IACnC,cACI,qCAAqC,WAAW,YAAY,MAAM,GAAG,GAAG,CAAC,CAAC,OAC1E;AAAA,IACJ,MAAM,eAAe,+BAA+B,WAAW,MAAM,YAAY,CAAC,OAAO;AAAA,IACzF,GAAG,MAAM,WAAW;AAAA,MAClB,CAAC,MACC,mCAAmC,WAAW,EAAE,QAAQ,CAAC,WAAW,WAAW,EAAE,IAAI,CAAC;AAAA,IAC1F;AAAA,IACA,MAAM,SAAS,mBAAmB,CAAC,IAAI;AAAA,IACvC,UAAU,GAAG;AAAA,EACf,EACG,OAAO,OAAO,EACd,KAAK,MAAM;AAEd,QAAM,OAAO;AAAA,IACX,MAAM,UAAU,SAAS,IAAI,gBAAgB,MAAM,SAAS,IAAI;AAAA,IAChE,aAAa,CAAC;AAAA,IACd,YAAY,EAAE,KAAK;AAAA,IACnB;AAAA,MACE;AAAA,MACA,EAAE,QAAQ,IAAI,CAAC,OAAO;AAAA,QACpB,SAAS,EAAE;AAAA,QACX,KAAK,EAAE;AAAA,QACP,OAAO,UAAU,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS;AAAA,QACpD,MAAM,EAAE;AAAA,QACR,KAAK,EAAE;AAAA,MACT,EAAE;AAAA,IACJ;AAAA,IACA;AAAA,MACE;AAAA,MACA,EAAE,SAAS,IAAI,CAAC,OAAO;AAAA,QACrB,SAAS,EAAE;AAAA,QACX,OAAO,UAAU,EAAE,WAAW,EAAE,OAAO;AAAA,QACvC,MAAM,EAAE;AAAA,QACR,KAAK,EAAE;AAAA,QACP,MAAM,EAAE;AAAA,MACV,EAAE;AAAA,IACJ;AAAA,IACA,aAAa,EAAE,MAAM;AAAA,IACrB,eAAe,MAAM,gBAAgB;AAAA,IACrC;AAAA,MACE;AAAA,MACA,EAAE,UAAU,IAAI,CAAC,MAAM;AACrB,cAAM,SAAS,SAAS,CAAC,EAAE,QAAQ,EAAE,YAAY,GAAG,IAAI;AACxD,eAAO;AAAA,UACL,SAAS,UAAU,EAAE;AAAA,UACrB,KAAK,SAAS,EAAE,cAAc;AAAA,UAC9B,OAAO,UAAU,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS;AAAA,UACpD,MAAM,EAAE;AAAA,UACR,KAAK,EAAE;AAAA,QACT;AAAA,MACF,CAAC;AAAA,IACH;AAAA,IACA;AAAA,MACE;AAAA,MACA,EAAE,eAAe,IAAI,CAAC,OAAO;AAAA,QAC3B,SAAS,EAAE;AAAA,QACX,KAAK,EAAE;AAAA,QACP,OAAO,UAAU,EAAE,WAAW,EAAE,cAAc;AAAA,QAC9C,KAAK,EAAE;AAAA,MACT,EAAE;AAAA,IACJ;AAAA,IACA;AAAA,MACE;AAAA,MACA,EAAE,aAAa,IAAI,CAAC,OAAO;AAAA,QACzB,SAAS,EAAE;AAAA,QACX,KAAK,SAAS,CAAC,EAAE,WAAW,EAAE,WAAW,KAAK,IAAI,CAAC,GAAG,QAAK;AAAA,QAC3D,OAAO,UAAU,EAAE,IAAI;AAAA,QACvB,MAAM,EAAE;AAAA,QACR,KAAK,EAAE,QAAQ,EAAE,MAAM,mBAAmB,EAAE,GAAG,KAAK;AAAA,MACtD,EAAE;AAAA,IACJ;AAAA,IACA;AAAA,MACE;AAAA,MACA,EAAE,OAAO,IAAI,CAAC,OAAO;AAAA,QACnB,SAAS,EAAE;AAAA,QACX,KAAK,EAAE;AAAA,QACP,OAAO,UAAU,EAAE,IAAI;AAAA,QACvB,MAAM,EAAE;AAAA,QACR,KAAK,EAAE;AAAA,MACT,EAAE;AAAA,IACJ;AAAA,IACA;AAAA,MACE;AAAA,MACA,EAAE,YAAY,IAAI,CAAC,OAAO;AAAA,QACxB,SAAS,EAAE,QAAQ,EAAE;AAAA,QACrB,KAAK,EAAE,OAAO,EAAE,eAAe;AAAA,QAC/B,OAAO,UAAU,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS;AAAA,QACpD,MAAM,EAAE;AAAA,QACR,KAAK,EAAE;AAAA,MACT,EAAE;AAAA,IACJ;AAAA,IACA;AAAA,MACE;AAAA,MACA,EAAE,aAAa,IAAI,CAAC,OAAO;AAAA,QACzB,SAAS,EAAE;AAAA,QACX,KAAK,SAAS,CAAC,EAAE,cAAc,EAAE,KAAK,GAAG,QAAK;AAAA,QAC9C,OAAO,UAAU,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS;AAAA,QACpD,MAAM,EAAE;AAAA,QACR,KAAK,EAAE;AAAA,MACT,EAAE;AAAA,IACJ;AAAA,IACA;AAAA,MACE;AAAA,MACA,EAAE,QAAQ,IAAI,CAAC,OAAO;AAAA,QACpB,SAAS,EAAE;AAAA,QACX,KAAK,EAAE;AAAA,QACP,OAAO,UAAU,EAAE,cAAc;AAAA,QACjC,MAAM,EAAE;AAAA,QACR,KAAK,EAAE;AAAA,MACT,EAAE;AAAA,IACJ;AAAA,IACA;AAAA,MACE;AAAA,MACA,EAAE,QAAQ,IAAI,CAAC,OAAO;AAAA,QACpB,SAAS,EAAE;AAAA,QACX,KAAK,SAAS,CAAC,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,EAAE,aAAa,KAAK,IAAI,CAAC,GAAG,QAAK;AAAA,QACpF,OAAO,UAAU,EAAE,cAAc,EAAE,SAAS;AAAA,QAC5C,MAAM,EAAE;AAAA,QACR,KAAK,EAAE;AAAA,MACT,EAAE;AAAA,IACJ;AAAA,IACA;AAAA,MACE;AAAA,MACA,EAAE,WAAW,IAAI,CAAC,OAAO;AAAA,QACvB,SAAS,GAAG,EAAE,KAAK,KAAK,EAAE,KAAK;AAAA,QAC/B,OAAO,UAAU,EAAE,IAAI;AAAA,QACvB,MAAM,EAAE;AAAA,QACR,KAAK,EAAE;AAAA,MACT,EAAE;AAAA,IACJ;AAAA,IACA,gBAAgB,EAAE,SAAS;AAAA,IAC3B,sBAAsB,EAAE,eAAe;AAAA,IACvC,cAAc,EAAE,OAAO;AAAA,EACzB,EACG,OAAO,OAAO,EACd,KAAK,IAAI;AAEZ,QAAM,SACJ,EAAE,SAAS,kBAAkB,OAAO,wDAAwD;AAE9F,SACE;AAAA,cAAgC,WAAW,EAAE,cAAc,CAAC;AAAA;AAAA,IAAiB,IAAI;AAAA;AAAA;AAAA;AAAA,EAC9D,IAAI;AAAA;AAAA,EAAc,SAAS,GAAG,MAAM;AAAA,IAAO,EAAE;AAAA;AAAA;AAEpE;;;AEpWA,SAAS,iBAAiB;AAE1B,IAAM,QAAQ;AAKd,IAAM,kBAAkB;AACxB,IAAM,0BAA0B;AAChC,IAAM,mBAAmB;AAElB,SAAS,aAAa,KAAsB;AACjD,SAAO,MAAM,KAAK,GAAG;AACvB;AAcO,SAAS,oBAAoB,QAA6C;AAC/E,MAAI,CAAC,OAAQ,QAAO,CAAC;AACrB,QAAM,UAAU,OAAO,SAAS,kBAAkB,OAAO,MAAM,GAAG,eAAe,IAAI;AACrF,QAAM,QAAQ,QAAQ,MAAM,GAAG,EAAE,MAAM,GAAG,uBAAuB;AAEjE,QAAM,UAA6B,CAAC;AACpC,aAAW,WAAW,OAAO;AAC3B,UAAM,WAAW,QAAQ,MAAM,GAAG;AAClC,UAAM,aAAa,SAAS,CAAC;AAC7B,QAAI,eAAe,OAAW;AAC9B,UAAM,MAAM,WAAW,KAAK;AAC5B,QAAI,QAAQ,MAAM,QAAQ,IAAK;AAC/B,QAAI,CAAC,aAAa,GAAG,EAAG;AAExB,QAAI,IAAI;AACR,aAAS,IAAI,GAAG,IAAI,SAAS,QAAQ,KAAK;AACxC,YAAM,UAAU,SAAS,CAAC;AAC1B,UAAI,YAAY,OAAW;AAC3B,YAAM,QAAQ,6BAA6B,KAAK,OAAO;AACvD,UAAI,CAAC,MAAO;AACZ,YAAM,SAAS,OAAO,WAAW,MAAM,CAAC,KAAK,EAAE;AAC/C,UAAI,OAAO,MAAM,MAAM,GAAG;AACxB,YAAI;AAAA,MACN,WAAW,SAAS,KAAK,SAAS,GAAG;AAGnC,YAAI;AAAA,MACN,OAAO;AACL,YAAI;AAAA,MACN;AACA;AAAA,IACF;AACA,QAAI,MAAM,EAAG;AAEb,YAAQ,KAAK,EAAE,KAAK,EAAE,CAAC;AAAA,EACzB;AAGA,UAAQ,KAAK,CAAC,GAAG,MAAM,EAAE,IAAI,EAAE,CAAC;AAChC,SAAO,QAAQ,IAAI,CAAC,MAAM,EAAE,GAAG;AACjC;AAEA,SAAS,cAAc,KAAqB;AAC1C,QAAM,OAAO,IAAI,QAAQ,GAAG;AAC5B,UAAQ,SAAS,KAAK,MAAM,IAAI,MAAM,GAAG,IAAI,GAAG,YAAY;AAC9D;AAEA,SAAS,eAAe,KAAa,WAAkD;AACrF,QAAM,WAAW,IAAI,YAAY;AACjC,QAAM,aAAa,cAAc,GAAG;AAIpC,aAAW,KAAK,WAAW;AACzB,QAAI,EAAE,YAAY,MAAM,SAAU,QAAO;AAAA,EAC3C;AACA,aAAW,KAAK,WAAW;AACzB,QAAI,cAAc,CAAC,MAAM,WAAY,QAAO;AAAA,EAC9C;AACA,SAAO;AACT;AAcO,SAAS,sBACd,GACA,WACA,YAC8C;AAC9C,QAAM,MAAgB,CAAC;AAEvB,QAAM,QAAQ,EAAE,IAAI,MAAM,MAAM;AAChC,MAAI,UAAU,UAAa,aAAa,KAAK,GAAG;AAC9C,QAAI,KAAK,KAAK;AAAA,EAChB;AAEA,MAAI,eAAe,UAAa,aAAa,UAAU,GAAG;AACxD,QAAI,KAAK,UAAU;AAAA,EACrB;AAEA,QAAM,SAAS,UAAU,GAAG,gBAAgB;AAC5C,MAAI,WAAW,UAAa,OAAO,UAAU,oBAAoB,aAAa,MAAM,GAAG;AACrF,QAAI,KAAK,MAAM;AAAA,EACjB;AAEA,QAAM,SAAS,EAAE,IAAI,OAAO,iBAAiB;AAC7C,MAAI,WAAW,QAAW;AACxB,QAAI,KAAK,GAAG,oBAAoB,MAAM,CAAC;AAAA,EACzC;AAEA,QAAM,OAAO,oBAAI,IAAY;AAC7B,QAAM,WAAqB,CAAC;AAC5B,aAAW,OAAO,KAAK;AACrB,UAAM,UAAU,eAAe,KAAK,SAAS;AAC7C,QAAI,YAAY,OAAW;AAC3B,UAAM,MAAM,QAAQ,YAAY;AAChC,QAAI,KAAK,IAAI,GAAG,EAAG;AACnB,SAAK,IAAI,GAAG;AACZ,aAAS,KAAK,OAAO;AACrB,QAAI,SAAS,WAAW,EAAG;AAAA,EAC7B;AAEA,QAAM,MAAoD,CAAC;AAC3D,MAAI,SAAS,CAAC,MAAM,OAAW,KAAI,SAAS,SAAS,CAAC;AACtD,MAAI,SAAS,CAAC,MAAM,OAAW,KAAI,iBAAiB,SAAS,CAAC;AAC9D,SAAO;AACT;;;ACzIO,IAAM,0BAA0B,CAAC,KAAK,gBAAgB,aAAa;AAW1E,IAAM,0BAA0B,oBAAI,IAAI,CAAC,KAAK,CAAC;AAE/C,SAAS,YAAY,KAAqB;AACxC,SAAO,IAAI,IAAI,GAAG,EAAE;AACtB;AAmBO,SAAS,kBAAkB,UAAqD;AAErF,QAAM,QAAQ,qBAAqB,KAAK,QAAQ;AAChD,MAAI,UAAU,KAAM,QAAO,EAAE,MAAM,SAAS;AAE5C,QAAM,MAAM,MAAM,CAAC;AACnB,MAAI,QAAQ,UAAa,CAAC,aAAa,GAAG,EAAG,QAAO,EAAE,MAAM,SAAS;AAIrE,MAAI,wBAAwB,IAAI,IAAI,YAAY,CAAC,EAAG,QAAO,EAAE,MAAM,SAAS;AAG5E,QAAM,YAAY,MAAM,CAAC,KAAK;AAC9B,MAAI,CAAE,wBAA8C,SAAS,SAAS,GAAG;AACvE,WAAO,EAAE,MAAM,SAAS;AAAA,EAC1B;AAEA,SAAO,EAAE,QAAQ,KAAK,MAAM,UAAU;AACxC;AAOO,SAAS,oBAAoB,KAAsB;AACxD,SAAO,kBAAkB,YAAY,IAAI,GAAG,CAAC,EAAE;AACjD;AAQO,SAAS,kBAAkB,KAAiC;AACjE,SAAO,kBAAkB,YAAY,GAAG,CAAC,EAAE;AAC7C;;;AJ5DA,IAAM,mBAAmB;AAEzB,IAAM,aAAa;AAAA,EACjB;AAAA;AAAA;AAAA;AAAA,EAIA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,EAAE,KAAK,IAAI;AAEX,eAAe,YAAY,MAAkE;AAC3F,MAAI;AACF,WAAO,MAAM,KAAK,QAAQ,WAAW;AAAA,EACvC,SAAS,GAAG;AACV,QAAI,aAAa,iBAAiB,KAAK,UAAU;AAC/C,aAAO,EAAE,MAAM,KAAK,SAAS,GAAG,SAAS,iBAAiB;AAAA,IAC5D;AACA,UAAM;AAAA,EACR;AACF;AAEO,SAAS,gBAAgB,MAA2B;AASzD,QAAM,MAAM,IAAI,KAAK,EAAE,SAAS,oBAAoB,CAAC;AAErD,MAAI,IAAI,KAAK,OAAO,GAAG,SAAS;AAC9B,UAAM,KAAK;AACX,UAAM,IAAI,EAAE,IAAI;AAChB,MAAE,IAAI,6BAA6B,8CAA8C;AACjF,MAAE,IAAI,0BAA0B,SAAS;AACzC,MAAE,IAAI,mBAAmB,MAAM;AAC/B,MAAE,IAAI,mBAAmB,iCAAiC;AAC1D,MAAE,IAAI,sBAAsB,8DAA8D;AAC1F,MAAE,IAAI,2BAA2B,UAAU;AAQ3C,MAAE,IAAI,+BAA+B,GAAG;AACxC,MAAE,IAAI,iCAAiC,MAAM;AAAA,EAC/C,CAAC;AAED,MAAI,QAAQ,CAAC,KAAK,MAAM;AAKtB,YAAQ,MAAM,8BAA8B,GAAG;AAC/C,WAAO,gBAAgB,GAAG;AAAA,MACxB,MAAM,YAAY;AAAA,MAClB,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,QAAQ;AAAA,IACV,CAAC;AAAA,EACH,CAAC;AAED,MAAI;AAAA,IAAS,CAAC,MACZ,gBAAgB,GAAG;AAAA,MACjB,MAAM,YAAY;AAAA,MAClB,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,QAAQ,oBAAoB,IAAI,IAAI,EAAE,IAAI,GAAG,EAAE,QAAQ;AAAA,IACzD,CAAC;AAAA,EACH;AAUA,MAAI,IAAI,KAAK,OAAO,MAAM;AACxB,UAAM,EAAE,MAAM,QAAQ,IAAI,MAAM,YAAY,IAAI;AAChD,UAAM,UAAU,UAAU,IAAI;AAC9B,UAAM,EAAE,QAAQ,eAAe,IAAI;AAAA,MACjC;AAAA,MACA,QAAQ,SAAS;AAAA,MACjB,kBAAkB,EAAE,IAAI,GAAG;AAAA,IAC7B;AACA,UAAM,YAAY,yBAAyB,cAAc,SAAS,QAAQ,cAAc,CAAC;AAEzF,UAAM,gBAAgB,QAAQ,SAAS;AACvC,UAAM,UAAU,CAAC,GAAG,oBAAI,IAAI,CAAC,eAAe,GAAG,QAAQ,SAAS,gBAAgB,CAAC,CAAC;AAClF,UAAM,UAAU,UAAU;AAC1B,UAAM,SAAS,IAAI,IAAI,EAAE,IAAI,GAAG,EAAE;AAClC,UAAM,aAAa,CAAC,MAAuB,MAAM,gBAAgB,MAAM,IAAI,CAAC;AAE5E,UAAM,WACJ,QAAQ,SAAS,UAAU,YAAY,QAAQ,KAAK,kBAChD,MAAM,KAAK,gBAAgB,oBAAoB,IAC/C;AAEN,UAAM,OAAO,kBAAkB;AAAA,MAC7B;AAAA,MACA,cAAc,GAAG,MAAM,GAAG,WAAW,OAAO,CAAC;AAAA,MAC7C,YAAY;AAAA,QACV,GAAG,QAAQ,IAAI,CAAC,OAAO,EAAE,UAAU,GAAG,MAAM,GAAG,MAAM,GAAG,WAAW,CAAC,CAAC,GAAG,EAAE;AAAA,QAC1E,EAAE,UAAU,aAAa,MAAM,GAAG,MAAM,GAAG,WAAW,aAAa,CAAC,GAAG;AAAA,MACzE;AAAA,MACA,WAAW,QAAQ,IAAI,CAAC,OAAO,EAAE,QAAQ,GAAG,MAAM,WAAW,CAAC,GAAG,SAAS,MAAM,QAAQ,EAAE;AAAA,MAC1F,QAAQ,QAAQ,SAAS,iBAAiB;AAAA,MAC1C,kBAAkB,YAAY;AAAA,IAChC,CAAC;AAED,MAAE,OAAO,QAAQ,IAAI,OAAO,GAAG;AAC/B,MAAE,OAAO,iBAAiB,qBAAqB;AAC/C,MAAE,OAAO,QAAQ,yBAAyB;AAC1C,WAAO,EAAE,KAAK,IAAI;AAAA,EACpB,CAAC;AAMD,MAAI,IAAI,WAAW,CAAC,MAAM;AACxB,MAAE,OAAO,iBAAiB,UAAU;AACpC,WAAO,EAAE,KAAK,EAAE,QAAQ,MAAM,eAAe,eAAe,CAAC;AAAA,EAC/D,CAAC;AAED,MAAI,IAAI,gBAAgB,OAAO,MAAM;AACnC,UAAM,EAAE,MAAM,QAAQ,IAAI,MAAM,YAAY,IAAI;AAChD,UAAM,EAAE,QAAQ,eAAe,IAAI;AAAA,MACjC;AAAA,MACA,KAAK,SAAS;AAAA,MACd,kBAAkB,EAAE,IAAI,GAAG;AAAA,IAC7B;AACA,UAAM,YAAY;AAAA,MAChB,cAAc,UAAU,IAAI,GAAG,QAAQ,cAAc;AAAA,IACvD;AACA,UAAM,OAAO;AAAA,MACX,MAAM;AAAA,MACN,MAAM;AAAA,QACJ,eAAe,UAAU;AAAA,QACzB,QAAQ,UAAU;AAAA,QAClB,WAAW,UAAU,KAAK;AAAA,MAC5B;AAAA,IACF;AACA,MAAE,OAAO,QAAQ,IAAI,OAAO,GAAG;AAC/B,MAAE,OAAO,iBAAiB,sBAAsB;AAChD,MAAE,OAAO,QAAQ,yBAAyB;AAC1C,WAAO,EAAE,KAAK,IAAI;AAAA,EACpB,CAAC;AAED,MAAI,IAAI,eAAe,CAAC,MAAM,EAAE,KAAK,MAAM,CAAC;AAQ5C,MAAI,IAAI,iBAAiB,OAAO,MAAM;AACpC,UAAM,cAAc,MAClB,gBAAgB,GAAG;AAAA,MACjB,MAAM,YAAY;AAAA,MAClB,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,QAAQ;AAAA,IACV,CAAC;AAEH,QAAI,CAAC,KAAK,gBAAiB,QAAO,YAAY;AAC9C,UAAM,EAAE,KAAK,IAAI,MAAM,YAAY,IAAI;AACvC,QAAI,KAAK,SAAS,UAAU,YAAY,KAAM,QAAO,YAAY;AACjE,UAAM,WAAW,MAAM,KAAK,gBAAgB,oBAAoB;AAChE,QAAI,aAAa,KAAM,QAAO,YAAY;AAE1C,MAAE,OAAO,iBAAiB,qBAAqB;AAC/C,WAAO,EAAE,KAAK,QAAQ;AAAA,EACxB,CAAC;AAED,MAAI,IAAI,eAAe,OAAO,MAAM;AAClC,UAAM,EAAE,MAAM,QAAQ,IAAI,MAAM,YAAY,IAAI;AAChD,UAAM,EAAE,QAAQ,eAAe,IAAI;AAAA,MACjC;AAAA,MACA,KAAK,SAAS;AAAA,MACd,kBAAkB,EAAE,IAAI,GAAG;AAAA,IAC7B;AACA,UAAM,YAAY;AAAA,MAChB,cAAc,UAAU,IAAI,GAAG,QAAQ,cAAc;AAAA,IACvD;AACA,UAAM,KAAKC,gBAAe,SAAS;AACnC,MAAE,OAAO,QAAQ,IAAI,OAAO,GAAG;AAC/B,MAAE,OAAO,iBAAiB,sBAAsB;AAChD,MAAE,OAAO,QAAQ,yBAAyB;AAC1C,MAAE,OAAO,gBAAgB,oCAAoC;AAC7D,WAAO,EAAE,KAAK,KAAK,UAAU,EAAE,CAAC;AAAA,EAClC,CAAC;AAED,MAAI,IAAI,iBAAiB,OAAO,MAAM;AACpC,UAAM,EAAE,MAAM,QAAQ,IAAI,MAAM,YAAY,IAAI;AAChD,UAAM,WAAW,yBAAyB,IAAI;AAC9C,MAAE,OAAO,QAAQ,IAAI,OAAO,GAAG;AAC/B,MAAE,OAAO,iBAAiB,qBAAqB;AAC/C,WAAO,EAAE,KAAK,QAAQ;AAAA,EACxB,CAAC;AAED,MAAI,IAAI,6BAA6B,CAAC,MAAM;AAC1C,MAAE,OAAO,iBAAiB,sBAAsB;AAChD,WAAO,EAAE,KAAK;AAAA,MACZ,eAAe;AAAA,MACf,WAAW;AAAA,MACX,SAAS;AAAA,MACT,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,WAAW;AAAA;AAAA,MAEX,GAAI,KAAK,YAAY,SAAY,EAAE,KAAK,KAAK,QAAQ,IAAI,CAAC;AAAA,IAC5D,CAAC;AAAA,EACH,CAAC;AAOD,MAAI,QAAQ,KAAK,CAAC,MAAM;AACtB,MAAE,OAAO,gCAAgC,oBAAoB;AAC7D,MAAE,OAAO,gCAAgC,EAAE,IAAI,OAAO,gCAAgC,KAAK,GAAG;AAC9F,MAAE,OAAO,0BAA0B,OAAO;AAC1C,WAAO,EAAE,KAAK,MAAM,GAAG;AAAA,EACzB,CAAC;AAED,MAAI;AAAA,IAAG,CAAC,QAAQ,OAAO,SAAS,QAAQ;AAAA,IAAG;AAAA,IAAK,CAAC,MAC/C,gBAAgB,GAAG;AAAA,MACjB,MAAM,YAAY;AAAA,MAClB,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,QAAQ,GAAG,EAAE,IAAI,MAAM,IAAI,IAAI,IAAI,EAAE,IAAI,GAAG,EAAE,QAAQ;AAAA,IACxD,CAAC;AAAA,EACH;AAEA,SAAO;AACT;;;AKrRA,SAAS,4BAAAC,iCAAgC;;;ACtBzC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,iBAAAC;AAAA,EACA,aAAAC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OAKK;AACP,SAAS,QAAAC,aAAY;;;ACCd,SAAS,kBAAkB,GAAe,GAAwB;AACvE,QAAM,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE;AAC/C,MAAI,OAAO,EAAE,WAAW,EAAE,SAAS,IAAI;AACvC,WAAS,IAAI,GAAG,IAAI,KAAK,KAAK;AAC5B,UAAM,KAAK,EAAE,CAAC,KAAK;AACnB,UAAM,KAAK,EAAE,CAAC,KAAK;AACnB,YAAQ,KAAK;AAAA,EACf;AACA,SAAO,SAAS;AAClB;AAGA,eAAsB,UAAU,OAAgC;AAC9D,QAAM,MAAM,MAAM,OAAO,OAAO,OAAO,WAAW,IAAI,YAAY,EAAE,OAAO,KAAK,CAAC;AACjF,QAAM,QAAQ,IAAI,WAAW,GAAG;AAChC,MAAI,MAAM;AACV,aAAW,KAAK,OAAO;AACrB,WAAO,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG;AAAA,EACvC;AACA,SAAO;AACT;AAOA,eAAsB,kBAAkB,GAA6B;AACnE,QAAM,SAAS,EAAE,IAAI,OAAO,eAAe,KAAK;AAChD,QAAM,IAAI,mBAAmB,KAAK,MAAM;AACxC,QAAM,QAAQ,IAAI,CAAC,KAAK;AACxB,MAAI,UAAU,GAAI,QAAO;AACzB,SAAO,UAAU,MAAM,UAAU,KAAK,CAAC;AACzC;AAgBO,SAAS,iBAAiB,MAA+B;AAC9D,SAAO,OAAO,GAAY,SAAyC;AACjE,UAAM,WAAW,KAAK,cAAc;AACpC,UAAM,SAAS,EAAE,IAAI,OAAO,eAAe,KAAK;AAChD,UAAM,QAAQ,mBAAmB,KAAK,MAAM;AAC5C,UAAM,YAAY,QAAQ,CAAC;AAE3B,UAAM,OACJ,aAAa,UACb,cAAc,UACd,kBAAkB,IAAI,YAAY,EAAE,OAAO,SAAS,GAAG,IAAI,YAAY,EAAE,OAAO,QAAQ,CAAC;AAE3F,UAAM,YAAY,MAAM,kBAAkB,CAAC;AAC3C,UAAM,cAAc;AAAA,MAClB,QAAQ,EAAE,IAAI;AAAA,MACd,MAAM,IAAI,IAAI,EAAE,IAAI,GAAG,EAAE;AAAA,MACzB,IAAI,EAAE,IAAI,OAAO,kBAAkB;AAAA,IACrC;AAEA,QAAI,CAAC,MAAM;AACT,WAAK,YAAY;AAAA,QACf,MAAM;AAAA,QACN,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,QAClC,OAAO,EAAE,UAAU;AAAA,QACnB,SAAS;AAAA,QACT,QAAQ,EAAE,QAAQ,IAAI;AAAA,MACxB,CAAC;AACD,aAAO,gBAAgB,GAAG;AAAA,QACxB,MAAM,YAAY;AAAA,QAClB,QAAQ;AAAA,QACR,OAAO;AAAA,QACP,QAAQ;AAAA,MACV,CAAC;AAAA,IACH;AAEA,SAAK,YAAY;AAAA,MACf,MAAM;AAAA,MACN,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,MAClC,OAAO,EAAE,UAAU;AAAA,MACnB,SAAS;AAAA,MACT,QAAQ,EAAE,QAAQ,IAAI;AAAA,IACxB,CAAC;AAED,UAAM,KAAK;AAAA,EACb;AACF;;;AC3FO,SAAS,iBAAiB,MAA+B;AAC9D,SAAO,OAAO,GAAY,SAAyC;AACjE,UAAM,QAAQ,KAAK,gBAAgB;AACnC,QAAI,MAAM,WAAW,GAAG;AACtB,YAAM,KAAK;AACX;AAAA,IACF;AACA,UAAM,SAAS,EAAE,IAAI,OAAO,QAAQ;AACpC,QAAI,WAAW,UAAa,CAAC,MAAM,SAAS,MAAM,GAAG;AACnD,aAAO,gBAAgB,GAAG;AAAA,QACxB,MAAM,YAAY;AAAA,QAClB,QAAQ;AAAA,QACR,OAAO;AAAA,QACP,QAAQ,UAAU,MAAM;AAAA,MAC1B,CAAC;AAAA,IACH;AACA,UAAM,KAAK;AAAA,EACb;AACF;;;AFTA,IAAM,gBAAgB,CAAC,sBAAsB,0BAA0B,iBAAiB,EAAE;AAAA,EACxF;AACF;AAuBA,SAAS,aAAa,GAAuC;AAC3D,SAAO,EAAE,MAAM,IAAI,EAAE,OAAO,IAAI,SAAS,EAAE,QAAQ;AACrD;AAcA,SAAS,UAAU,KAAqB;AACtC,MAAI,UAAU,IAAI,KAAK;AACvB,MAAI,QAAQ,WAAW,IAAI,GAAG;AAC5B,cAAU,QAAQ,MAAM,CAAC,EAAE,KAAK;AAAA,EAClC;AACA,MAAI,QAAQ,WAAW,GAAG,KAAK,QAAQ,SAAS,GAAG,KAAK,QAAQ,UAAU,GAAG;AAC3E,WAAO,QAAQ,MAAM,GAAG,EAAE;AAAA,EAC5B;AACA,SAAO;AACT;AAMO,SAAS,kBAAkB,MAA6B;AAC7D,QAAM,MAAM,IAAIC,MAAK;AAErB,MAAI,IAAI,KAAK,OAAO,GAAG,SAAS;AAC9B,UAAM,KAAK;AACX,UAAM,IAAI,EAAE,IAAI;AAChB,MAAE,IAAI,6BAA6B,8CAA8C;AACjF,MAAE,IAAI,0BAA0B,SAAS;AACzC,MAAE,IAAI,mBAAmB,MAAM;AAC/B,MAAE,IAAI,mBAAmB,iCAAiC;AAC1D,MAAE,IAAI,sBAAsB,8DAA8D;AAC1F,MAAE,IAAI,2BAA2B,aAAa;AAC9C,MAAE,IAAI,iBAAiB,mBAAmB;AAAA,EAC5C,CAAC;AAED,MAAI,IAAI,KAAK,iBAAiB,EAAE,iBAAiB,KAAK,gBAAgB,CAAC,CAAC;AACxE,MAAI;AAAA,IACF;AAAA,IACA,iBAAiB,EAAE,eAAe,KAAK,eAAe,aAAa,KAAK,YAAY,CAAC;AAAA,EACvF;AAEA,MAAI;AAAA,IAAQ,CAAC,KAAK,MAChB,gBAAgB,GAAG;AAAA,MACjB,MAAM,YAAY;AAAA,MAClB,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,QAAQ,eAAe,QAAQ,IAAI,UAAU;AAAA,IAC/C,CAAC;AAAA,EACH;AAEA,MAAI;AAAA,IAAS,CAAC,MACZ,gBAAgB,GAAG;AAAA,MACjB,MAAM,YAAY;AAAA,MAClB,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,QAAQ,0BAA0B,IAAI,IAAI,EAAE,IAAI,GAAG,EAAE,QAAQ;AAAA,IAC/D,CAAC;AAAA,EACH;AAEA,MAAI,IAAI,YAAY,OAAO,MAAM;AAC/B,UAAM,cAAc,EAAE,IAAI,OAAO,cAAc,KAAK;AACpD,QAAI,CAAC,YAAY,YAAY,EAAE,WAAW,kBAAkB,GAAG;AAC7D,aAAO,gBAAgB,GAAG;AAAA,QACxB,MAAM,YAAY;AAAA,QAClB,QAAQ;AAAA,QACR,OAAO;AAAA,QACP,QAAQ,+CAA+C,WAAW;AAAA,MACpE,CAAC;AAAA,IACH;AAEA,QAAI;AACJ,QAAI;AACF,eAAS,MAAM,EAAE,IAAI,KAAK;AAAA,IAC5B,QAAQ;AACN,aAAO,gBAAgB,GAAG;AAAA,QACxB,MAAM,YAAY;AAAA,QAClB,QAAQ;AAAA,QACR,OAAO;AAAA,QACP,QAAQ;AAAA,MACV,CAAC;AAAA,IACH;AAEA,UAAM,SAAS,SAAS,MAAM;AAC9B,QAAI,CAAC,OAAO,IAAI;AACd,aAAO,gBAAgB,GAAG;AAAA,QACxB,MAAM,YAAY;AAAA,QAClB,QAAQ;AAAA,QACR,OAAO;AAAA,QACP,QAAQ,6BAA6B,OAAO,OAAO,OAAO,MAAM,CAAC;AAAA,QACjE,QAAQ,OAAO,OAAO,IAAI,YAAY;AAAA,MACxC,CAAC;AAAA,IACH;AAEA,UAAM,OAAgB,OAAO;AAC7B,UAAM,aAAa,EAAE,IAAI,OAAO,UAAU;AAC1C,UAAM,UAAU,eAAe,SAAY,UAAU,UAAU,IAAI;AAEnE,QAAI;AACJ,QAAI;AACF,cAAQ,MAAM,KAAK,QAAQ,YAAY,MAAM,OAAO;AAAA,IACtD,SAAS,GAAG;AACV,UAAI,aAAa,eAAe;AAC9B,eAAO,gBAAgB,GAAG;AAAA,UACxB,MAAM,YAAY;AAAA,UAClB,QAAQ;AAAA,UACR,OAAO;AAAA,UACP,QAAQ;AAAA,UACR,gBAAgB,EAAE;AAAA,QACpB,CAAC;AAAA,MACH;AACA,YAAM;AAAA,IACR;AAEA,UAAM,KAAK,YAAY,eAAe;AAEtC,UAAM,aAAY,oBAAI,KAAK,GAAE,YAAY;AACzC,UAAM,YAAY,MAAM,kBAAkB,CAAC;AAC3C,SAAK,YAAY;AAAA,MACf,MAAM;AAAA,MACN,WAAW;AAAA,MACX,OAAO,EAAE,UAAU;AAAA,MACnB,SAAS;AAAA,QACP,QAAQ;AAAA,QACR,MAAM,IAAI,IAAI,EAAE,IAAI,GAAG,EAAE;AAAA,QACzB,IAAI,EAAE,IAAI,OAAO,kBAAkB;AAAA,MACrC;AAAA,MACA,QAAQ,EAAE,QAAQ,KAAK,SAAS,MAAM,QAAQ;AAAA,IAChD,CAAC;AAED,WAAO,EAAE,KAAK;AAAA,MACZ,MAAMC,WAAU,IAAI;AAAA,MACpB,MAAM;AAAA,QACJ,eAAe,KAAK;AAAA,QACpB,SAAS,MAAM;AAAA,QACf;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH,CAAC;AAED,MAAI,OAAO,YAAY,OAAO,MAAM;AAClC,UAAM,KAAK,QAAQ,cAAc;AACjC,UAAM,KAAK,YAAY,eAAe;AAEtC,UAAM,YAAY,MAAM,kBAAkB,CAAC;AAC3C,SAAK,YAAY;AAAA,MACf,MAAM;AAAA,MACN,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,MAClC,OAAO,EAAE,UAAU;AAAA,MACnB,SAAS;AAAA,QACP,QAAQ;AAAA,QACR,MAAM,IAAI,IAAI,EAAE,IAAI,GAAG,EAAE;AAAA,QACzB,IAAI,EAAE,IAAI,OAAO,kBAAkB;AAAA,MACrC;AAAA,MACA,QAAQ,EAAE,QAAQ,IAAI;AAAA,IACxB,CAAC;AAED,WAAO,EAAE,KAAK,MAAM,GAAG;AAAA,EACzB,CAAC;AAED,MAAI,IAAI,WAAW,OAAO,MAAM;AAC9B,QAAI;AACJ,QAAI;AACF,eAAS,MAAM,KAAK,QAAQ,WAAW;AAAA,IACzC,SAAS,GAAG;AACV,UAAI,aAAaC,gBAAe;AAC9B,eAAO,gBAAgB,GAAG;AAAA,UACxB,MAAM,YAAY;AAAA,UAClB,QAAQ;AAAA,UACR,OAAO;AAAA,UACP,QAAQ;AAAA,QACV,CAAC;AAAA,MACH;AACA,YAAM;AAAA,IACR;AAOA,UAAM,WAAW,cAAc,OAAO,MAAM,EAAE,iBAAiB,MAAM,CAAC;AAEtE,UAAM,YAAY,MAAM,kBAAkB,CAAC;AAC3C,SAAK,YAAY;AAAA,MACf,MAAM;AAAA,MACN,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,MAClC,OAAO,EAAE,UAAU;AAAA,MACnB,SAAS;AAAA,QACP,QAAQ;AAAA,QACR,MAAM,IAAI,IAAI,EAAE,IAAI,GAAG,EAAE;AAAA,QACzB,IAAI,EAAE,IAAI,OAAO,kBAAkB;AAAA,MACrC;AAAA,MACA,QAAQ,EAAE,QAAQ,IAAI;AAAA,IACxB,CAAC;AAMD,MAAE,OAAO,QAAQ,IAAI,OAAO,OAAO,GAAG;AACtC,WAAO,EAAE,KAAK,QAAQ;AAAA,EACxB,CAAC;AAID,MAAI,KAAK,cAAc;AACrB,UAAM,eAAe,KAAK;AAC1B,QAAI,KAAK,WAAW,OAAO,MAAM;AAI/B,YAAM,WAAW,OAAO,EAAE,IAAI,OAAO,gBAAgB,KAAK,EAAE;AAC5D,UAAI,OAAO,SAAS,QAAQ,KAAK,WAAW,kBAAkB,MAAM;AAClE,eAAO,gBAAgB,GAAG;AAAA,UACxB,MAAM,YAAY;AAAA,UAClB,QAAQ;AAAA,UACR,OAAO;AAAA,UACP,QAAQ,qBAAqB,OAAO,eAAe,CAAC;AAAA,QACtD,CAAC;AAAA,MACH;AAEA,UAAI;AACJ,UAAI;AACF,eAAO,MAAM,EAAE,IAAI,SAAS;AAAA,MAC9B,QAAQ;AACN,eAAO,gBAAgB,GAAG;AAAA,UACxB,MAAM,YAAY;AAAA,UAClB,QAAQ;AAAA,UACR,OAAO;AAAA,UACP,QAAQ;AAAA,QACV,CAAC;AAAA,MACH;AAEA,YAAM,OAAO,KAAK,IAAI,MAAM;AAC5B,UAAI,EAAE,gBAAgB,OAAO;AAC3B,eAAO,gBAAgB,GAAG;AAAA,UACxB,MAAM,YAAY;AAAA,UAClB,QAAQ;AAAA,UACR,OAAO;AAAA,UACP,QAAQ;AAAA,QACV,CAAC;AAAA,MACH;AAEA,YAAM,QAAQ,IAAI,WAAW,MAAM,KAAK,YAAY,CAAC;AACrD,UAAI,MAAM,SAAS,iBAAiB;AAClC,eAAO,gBAAgB,GAAG;AAAA,UACxB,MAAM,YAAY;AAAA,UAClB,QAAQ;AAAA,UACR,OAAO;AAAA,UACP,QAAQ,YAAY,OAAO,MAAM,MAAM,CAAC,wBAAwB,OAAO,eAAe,CAAC;AAAA,QACzF,CAAC;AAAA,MACH;AAGA,YAAM,OAAO,gBAAgB,KAAK;AAClC,UAAI,SAAS,MAAM;AACjB,eAAO,gBAAgB,GAAG;AAAA,UACxB,MAAM,YAAY;AAAA,UAClB,QAAQ;AAAA,UACR,OAAO;AAAA,UACP,QAAQ;AAAA,QACV,CAAC;AAAA,MACH;AAEA,YAAM,OAAO,cAAc,OAAO,IAAI;AACtC,UAAI,SAAS,MAAM;AACjB,eAAO,gBAAgB,GAAG;AAAA,UACxB,MAAM,YAAY;AAAA,UAClB,QAAQ;AAAA,UACR,OAAO;AAAA,UACP,QAAQ;AAAA,QACV,CAAC;AAAA,MACH;AACA,UAAI,KAAK,QAAQ,uBAAuB,KAAK,SAAS,qBAAqB;AACzE,eAAO,gBAAgB,GAAG;AAAA,UACxB,MAAM,YAAY;AAAA,UAClB,QAAQ;AAAA,UACR,OAAO;AAAA,UACP,QAAQ,YAAY,OAAO,KAAK,KAAK,CAAC,OAAI,OAAO,KAAK,MAAM,CAAC,oBAAoB,OAAO,mBAAmB,CAAC,OAAI,OAAO,mBAAmB,CAAC;AAAA,QAC7I,CAAC;AAAA,MACH;AACA,UAAI,KAAK,SAAS,kBAAkB;AAClC,eAAO,gBAAgB,GAAG;AAAA,UACxB,MAAM,YAAY;AAAA,UAClB,QAAQ;AAAA,UACR,OAAO;AAAA,UACP,QAAQ,aAAa,OAAO,KAAK,MAAM,CAAC,yBAAyB,OAAO,gBAAgB,CAAC;AAAA,QAC3F,CAAC;AAAA,MACH;AAIA,YAAM,WAAW,mBAAmB,OAAO,IAAI;AAG/C,YAAM,SAAS,MAAM,aAAa;AAAA,QAChC,IAAI,KAAK,CAAC,WAAW,KAAK,QAAQ,CAAC,GAAG,EAAE,MAAM,KAAK,CAAC;AAAA,QACpD;AAAA,UACE,UAAU,KAAK;AAAA,UACf,aAAa;AAAA,QACf;AAAA,MACF;AAEA,YAAM,YAAY,MAAM,kBAAkB,CAAC;AAC3C,WAAK,YAAY;AAAA,QACf,MAAM;AAAA,QACN,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,QAClC,OAAO,EAAE,UAAU;AAAA,QACnB,SAAS;AAAA,UACP,QAAQ;AAAA,UACR,MAAM,IAAI,IAAI,EAAE,IAAI,GAAG,EAAE;AAAA,UACzB,IAAI,EAAE,IAAI,OAAO,kBAAkB;AAAA,QACrC;AAAA,QACA,QAAQ,EAAE,QAAQ,IAAI;AAAA,QACtB,OAAO,EAAE,KAAK,OAAO,IAAI,UAAU,MAAM,MAAM,SAAS,OAAO;AAAA,MACjE,CAAC;AAED,aAAO,EAAE,KAAK,QAAQ,GAAG;AAAA,IAC3B,CAAC;AAAA,EACH;AAEA,MAAI;AAAA,IAAG,CAAC,QAAQ,OAAO;AAAA,IAAG;AAAA,IAAY,CAAC,MACrC,gBAAgB,GAAG;AAAA,MACjB,MAAM,YAAY;AAAA,MAClB,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,QAAQ,GAAG,EAAE,IAAI,MAAM,IAAI,IAAI,IAAI,EAAE,IAAI,GAAG,EAAE,QAAQ;AAAA,IACxD,CAAC;AAAA,EACH;AAEA,SAAO;AACT;;;AG7YA,SAAS,QAAAC,aAAY;;;ACiBd,SAAS,gBAAgB,OAAuB;AACrD,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,gBAMO,KAAK;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,iBA6BJ,KAAK;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AA2GtB;;;ADtJA,SAAS,SAAS,OAAuB;AACvC,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,2BAA2B,KAAK;AAAA,IAChC,4BAA4B,KAAK;AAAA,IACjC;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,EAAE,KAAK,IAAI;AACb;AAEA,SAAS,gBAAwB;AAC/B,QAAM,QAAQ,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC;AACvD,MAAI,MAAM;AACV,aAAW,KAAK,OAAO;AACrB,WAAO,OAAO,aAAa,CAAC;AAAA,EAC9B;AACA,SAAO,KAAK,GAAG;AACjB;AAQO,SAAS,mBAAyB;AACvC,QAAM,MAAM,IAAIC,MAAK;AAErB,MAAI,IAAI,KAAK,CAAC,MAAM;AAClB,UAAM,QAAQ,cAAc;AAC5B,MAAE,OAAO,6BAA6B,8CAA8C;AACpF,MAAE,OAAO,0BAA0B,SAAS;AAC5C,MAAE,OAAO,mBAAmB,MAAM;AAClC,MAAE,OAAO,mBAAmB,iCAAiC;AAC7D,MAAE,OAAO,sBAAsB,8DAA8D;AAC7F,MAAE,OAAO,2BAA2B,SAAS,KAAK,CAAC;AACnD,MAAE,OAAO,iBAAiB,mBAAmB;AAC7C,WAAO,EAAE,KAAK,gBAAgB,KAAK,CAAC;AAAA,EACtC,CAAC;AAED,SAAO;AACT;;;AEhDA,IAAM,kBAAkB;AAAA,EACtB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,EAAE,KAAK,IAAI;AAOJ,SAAS,4BAAoD;AAClE,SAAO;AAAA,IACL,6BAA6B;AAAA,IAC7B,0BAA0B;AAAA,IAC1B,mBAAmB;AAAA,IACnB,mBAAmB;AAAA,IACnB,sBAAsB;AAAA,IACtB,2BAA2B;AAAA,IAC3B,iBAAiB;AAAA,EACnB;AACF;;;ACcO,IAAM,kBAA+B,MAAM;AAElD;;;ACnCO,IAAM,kBAA+B;AAAA,EAC1C,gBAAgB,MAAM,QAAQ,QAAQ;AAAA,EACtC,gBAAgB,MAAM,QAAQ,QAAQ;AACxC;;;ACLA,SAAS,UAAU,iBAAAC,sBAAqB;;;ACIxC,IAAM,iBAAoD;AAAA,EACxD,YAAY;AAAA,EACZ,WAAW;AAAA,EACX,QAAQ;AAAA,EACR,gBAAgB;AAAA,EAChB,cAAc;AAAA,EACd,QAAQ;AAAA,EACR,SAAS;AAAA,EACT,SAAS;AAAA,EACT,WAAW;AAAA,EACX,cAAc;AAAA,EACd,aAAa;AACf;AAKA,IAAMC,OAAM;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAsCZ,SAASC,aAAY,OAA4B;AAC/C,QAAM,OAAO,MAAM,MAAM,QAAQ,MAAM,GAAG,IAAI;AAC9C,QAAM,QAAQ,OACV,YAAY,WAAW,IAAI,CAAC,KAAK,WAAW,MAAM,OAAO,CAAC,SAC1D,WAAW,MAAM,OAAO;AAC5B,QAAM,QAAQ,MAAM,QAAQ,uBAAuB,WAAW,MAAM,KAAK,CAAC,YAAY;AACtF,QAAM,QAAQ,CAAC,wBAAwB,KAAK,QAAQ,KAAK,QAAQ;AACjE,MAAI,MAAM,IAAK,OAAM,KAAK,kBAAkB,WAAW,MAAM,GAAG,CAAC,MAAM;AACvE,MAAI,MAAM,KAAM,OAAM,KAAK,MAAM,WAAW,MAAM,IAAI,CAAC,MAAM;AAC7D,SAAO,qBAAqB,MAAM,KAAK,EAAE,CAAC;AAC5C;AAEA,SAAS,iBAAiB,OAAe,SAAyC;AAChF,SAAO,gBAAgB,WAAW,KAAK,CAAC,YAAY,QAAQ,IAAIA,YAAW,EAAE,KAAK,EAAE,CAAC;AACvF;AAGA,SAAS,YAAY,OAAe,QAAmC;AACrE,QAAM,QAAQ,OAAO,IAAI,CAAC,MAAM,OAAO,WAAW,CAAC,CAAC,OAAO,EAAE,KAAK,EAAE;AACpE,SAAO,gBAAgB,WAAW,KAAK,CAAC,0BAA0B,KAAK;AACzE;AAEA,SAAS,cAAc,GAA8B;AACnD,SAAO,GAAG,EAAE,eAAe,EAAE,QAAQ,WAAM,EAAE,WAAW;AAC1D;AAGA,SAAS,cAAc,SAA4B;AACjD,QAAM,QAAQ,eAAe,QAAQ,IAAI;AACzC,UAAQ,QAAQ,MAAM;AAAA,IACpB,KAAK;AACH,aAAO;AAAA,QACL;AAAA,QACA,QAAQ,QAAQ,IAAI,CAAC,OAAO;AAAA,UAC1B,SAAS,EAAE;AAAA,UACX,KAAK,EAAE;AAAA,UACP,OAAO,UAAU,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS;AAAA,UACpD,MAAM,EAAE;AAAA,UACR,KAAK,EAAE;AAAA,QACT,EAAE;AAAA,MACJ;AAAA,IACF,KAAK;AACH,aAAO;AAAA,QACL;AAAA,QACA,QAAQ,QAAQ,IAAI,CAAC,MAAM;AACzB,gBAAM,SAAS,SAAS,CAAC,EAAE,QAAQ,EAAE,YAAY,GAAG,IAAI;AACxD,iBAAO;AAAA,YACL,SAAS,UAAU,EAAE;AAAA,YACrB,KAAK,SAAS,EAAE,cAAc;AAAA,YAC9B,OAAO,UAAU,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS;AAAA,YACpD,MAAM,EAAE;AAAA,YACR,KAAK,EAAE;AAAA,UACT;AAAA,QACF,CAAC;AAAA,MACH;AAAA,IACF,KAAK;AACH,aAAO;AAAA,QACL;AAAA,QACA,QAAQ,QAAQ,IAAI,CAAC,MAAM,EAAE,KAAK;AAAA,MACpC;AAAA,IACF,KAAK;AACH,aAAO,YAAY,OAAO,QAAQ,QAAQ,IAAI,aAAa,CAAC;AAAA,IAC9D,KAAK;AACH,aAAO;AAAA,QACL;AAAA,QACA,QAAQ,QAAQ,IAAI,CAAC,OAAO;AAAA,UAC1B,SAAS,EAAE;AAAA,UACX,KAAK,EAAE;AAAA,UACP,OAAO,UAAU,EAAE,WAAW,EAAE,cAAc;AAAA,UAC9C,KAAK,EAAE;AAAA,QACT,EAAE;AAAA,MACJ;AAAA,IACF,KAAK;AACH,aAAO;AAAA,QACL;AAAA,QACA,QAAQ,QAAQ,IAAI,CAAC,OAAO;AAAA,UAC1B,SAAS,EAAE;AAAA,UACX,KAAK,SAAS,CAAC,EAAE,WAAW,EAAE,WAAW,KAAK,IAAI,CAAC,GAAG,QAAK;AAAA,UAC3D,OAAO,UAAU,EAAE,IAAI;AAAA,UACvB,MAAM,EAAE;AAAA,UACR,KAAK,EAAE,QAAQ,EAAE,MAAM,mBAAmB,EAAE,GAAG,KAAK;AAAA,QACtD,EAAE;AAAA,MACJ;AAAA,IACF,KAAK;AACH,aAAO;AAAA,QACL;AAAA,QACA,QAAQ,QAAQ,IAAI,CAAC,OAAO;AAAA,UAC1B,SAAS,EAAE;AAAA,UACX,KAAK,EAAE;AAAA,UACP,OAAO,UAAU,EAAE,IAAI;AAAA,UACvB,MAAM,EAAE;AAAA,UACR,KAAK,EAAE;AAAA,QACT,EAAE;AAAA,MACJ;AAAA,IACF,KAAK;AACH,aAAO;AAAA,QACL;AAAA,QACA,QAAQ,QAAQ,IAAI,CAAC,OAAO;AAAA,UAC1B,SAAS,EAAE;AAAA,UACX,KAAK,EAAE;AAAA,UACP,OAAO,UAAU,EAAE,cAAc;AAAA,UACjC,MAAM,EAAE;AAAA,UACR,KAAK,EAAE;AAAA,QACT,EAAE;AAAA,MACJ;AAAA,IACF,KAAK;AACH,aAAO;AAAA,QACL;AAAA,QACA,QAAQ,QAAQ,IAAI,CAAC,OAAO;AAAA,UAC1B,SAAS,EAAE;AAAA,UACX,KAAK,SAAS,CAAC,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,GAAG,QAAK;AAAA,UACzD,OAAO,UAAU,EAAE,cAAc,EAAE,SAAS;AAAA,UAC5C,MAAM,EAAE;AAAA,UACR,KAAK,EAAE;AAAA,QACT,EAAE;AAAA,MACJ;AAAA,IACF,KAAK;AACH,aAAO;AAAA,QACL;AAAA,QACA,QAAQ,QAAQ,IAAI,CAAC,OAAO;AAAA,UAC1B,SAAS,EAAE;AAAA,UACX,KAAK,SAAS,CAAC,EAAE,cAAc,EAAE,KAAK,GAAG,QAAK;AAAA,UAC9C,OAAO,UAAU,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS;AAAA,UACpD,MAAM,EAAE;AAAA,UACR,KAAK,EAAE;AAAA,QACT,EAAE;AAAA,MACJ;AAAA,IACF,KAAK;AACH,aAAO;AAAA,QACL;AAAA,QACA,QAAQ,QAAQ,IAAI,CAAC,OAAO;AAAA,UAC1B,SAAS,EAAE,QAAQ,EAAE;AAAA,UACrB,KAAK,EAAE,OAAO,EAAE,eAAe;AAAA,UAC/B,OAAO,UAAU,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS;AAAA,UACpD,MAAM,EAAE;AAAA,UACR,KAAK,EAAE;AAAA,QACT,EAAE;AAAA,MACJ;AAAA,EACJ;AACF;AAEA,SAASC,cAAa,IAAwB;AAC5C,QAAM,IAAI,GAAG;AACb,QAAM,QAAQ,CAAC,OAAO,WAAW,EAAE,WAAW,CAAC,OAAO;AACtD,MAAI,EAAE,QAAS,OAAM,KAAK,sBAAsB,WAAW,EAAE,OAAO,CAAC,MAAM;AAE3E,QAAM,UAAoB,CAAC;AAC3B,MAAI,EAAE,SAAU,SAAQ,KAAK,SAAS,WAAW,EAAE,QAAQ,CAAC,SAAS;AACrE,MAAI,EAAE,OAAO;AACX,YAAQ,KAAK,mBAAmB,WAAW,EAAE,KAAK,CAAC,KAAK,WAAW,EAAE,KAAK,CAAC,MAAM;AAAA,EACnF;AACA,QAAM,WAAW,EAAE,UAAU,QAAQ,EAAE,OAAO,IAAI;AAClD,MAAI,SAAU,SAAQ,KAAK,YAAY,WAAW,QAAQ,CAAC,eAAe;AAC1E,MAAI,QAAQ,SAAS,EAAG,OAAM,KAAK,wBAAwB,QAAQ,KAAK,EAAE,CAAC,QAAQ;AAEnF,MAAI,EAAE,IAAK,OAAM,KAAK,kBAAkB,WAAW,EAAE,GAAG,CAAC,MAAM;AAC/D,SAAO,WAAW,MAAM,KAAK,EAAE,CAAC;AAClC;AAGO,SAAS,aAAa,IAAwB;AACnD,QAAM,QAAQ,GAAG,GAAG,OAAO,WAAW;AACtC,QAAM,OAAO,CAACA,cAAa,EAAE,GAAG,GAAG,GAAG,SAAS,IAAI,aAAa,CAAC,EAAE,KAAK,IAAI;AAC5E,SACE;AAAA,cAAgC,WAAW,GAAG,cAAc,CAAC;AAAA;AAAA;AAAA;AAAA,WAGjD,WAAW,KAAK,CAAC;AAAA,WACjBF,IAAG;AAAA;AAAA;AAAA;AAAA,EACI,IAAI;AAAA;AAAA;AAAA;AAAA;AAE3B;;;ADzLO,SAAS,aACd,SACA,UAA2B,CAAC,GAChB;AACZ,QAAM,EAAE,QAAQ,IAAI;AACpB,QAAM,gBAAgB,QAAQ,SAAS;AAEvC,QAAM,UAAU,CAAC,GAAG,oBAAI,IAAI,CAAC,eAAe,GAAG,QAAQ,SAAS,gBAAgB,CAAC,CAAC;AAClF,QAAM,SAAS,QAAQ,SAAS,iBAAiB;AACjD,QAAM,mBACJ,QAAQ,SAAS,UAAU,YAAY,OAClC,QAAQ,oBAAoB,SAC7B;AAEN,QAAM,QAAoB,CAAC;AAC3B,aAAW,UAAU,SAAS;AAC5B,UAAM,YAAYG,eAAc,SAAS,MAAM;AAC/C,UAAM,YAAY,WAAW;AAE7B,UAAM,YAA0B,QAAQ,IAAI,CAAC,QAAQ;AAAA,MACnD,QAAQ;AAAA,MACR,MAAM,WAAW,QAAQ,IAAI,aAAa;AAAA,MAC1C,SAAS,OAAO;AAAA,IAClB,EAAE;AACF,UAAM,eAAe,UAAU,YAAY,SAAS,QAAQ,aAAa,IAAI;AAC7E,UAAM,aAA0B,UAAU,gBAAgB,SAAS,SAAS,aAAa,IAAI,CAAC;AAE9F,UAAM,OAAO,kBAAkB;AAAA,MAC7B;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AACD,UAAM,KAAK;AAAA,MACT,OAAO,YAAY,MAAM,IAAI,MAAM;AAAA,MACnC,MAAM,YAAY,eAAe,GAAG,MAAM;AAAA,MAC1C;AAAA,IACF,CAAC;AAED,QAAI,QAAQ,OAAO,MAAM;AACvB,YAAM,KAAK;AAAA,QACT,OAAO,YAAY,SAAS,IAAI,MAAM;AAAA,QACtC,MAAM,YAAY,YAAY,GAAG,MAAM;AAAA,QACvC,MAAM,aAAa,SAAS,SAAS,CAAC;AAAA,MACxC,CAAC;AAAA,IACH;AAAA,EACF;AACA,SAAO;AACT;AAGA,SAAS,YAAY,SAAiB,QAAgB,eAA+B;AACnF,SAAO,WAAW,gBAAgB,GAAG,OAAO,MAAM,GAAG,OAAO,IAAI,MAAM;AACxE;AAGA,SAAS,gBACP,SACA,SACA,eACa;AACb,QAAM,aAA0B,QAAQ,IAAI,CAAC,YAAY;AAAA,IACvD,UAAU;AAAA,IACV,MAAM,YAAY,SAAS,QAAQ,aAAa;AAAA,EAClD,EAAE;AACF,aAAW,KAAK;AAAA,IACd,UAAU;AAAA,IACV,MAAM,YAAY,SAAS,eAAe,aAAa;AAAA,EACzD,CAAC;AACD,SAAO;AACT;AAQA,SAAS,WAAW,MAAc,IAAY,eAA+B;AAC3E,QAAM,WAAW,SAAS;AAC1B,QAAM,SAAS,OAAO;AACtB,MAAI,SAAU,QAAO,SAAS,OAAO,GAAG,EAAE;AAC1C,SAAO,SAAS,QAAQ,MAAM,EAAE;AAClC;","names":["generateJsonLd","generateJsonLd","applyPublicPrivacyFilter","NotFoundError","normalize","Hono","Hono","normalize","NotFoundError","Hono","Hono","resolveLocale","CSS","renderEntry","renderHeader","resolveLocale"]}
1
+ {"version":3,"sources":["../src/error-envelope.ts","../src/public-app.ts","../src/html/build-html.ts","../src/html/html-helpers.ts","../src/locale-resolution.ts","../src/locale-prefix.ts","../src/index.ts","../src/admin/admin-api-app.ts","../src/admin/bearer.ts","../src/admin/origin.ts","../src/admin/admin-ui-app.ts","../src/admin/admin-html.ts","../src/admin/admin-asset-headers.ts","../src/admin/audit-logger.ts","../src/admin/cache-purger.ts","../src/html/site.ts","../src/html/cv-html.ts"],"sourcesContent":["import type { Context } from 'hono';\nimport type { ContentfulStatusCode } from 'hono/utils/http-status';\n\n/**\n * RFC 7807 problem type slugs used by takuhon. The 11 below are the\n * Spec-defined values (api.md §5.1); `methodNotAllowed` is added locally\n * for the 405 path that the Spec leaves unnamed.\n */\nexport const ERROR_SLUGS = {\n badRequest: 'bad-request',\n unauthorized: 'unauthorized',\n forbidden: 'forbidden',\n notFound: 'not-found',\n methodNotAllowed: 'method-not-allowed',\n conflict: 'conflict',\n payloadTooLarge: 'payload-too-large',\n unsupportedMediaType: 'unsupported-media-type',\n validationFailed: 'validation-failed',\n tooManyRequests: 'too-many-requests',\n internal: 'internal',\n serviceUnavailable: 'service-unavailable',\n} as const;\n\nexport type ErrorSlug = (typeof ERROR_SLUGS)[keyof typeof ERROR_SLUGS];\n\nconst TYPE_BASE = 'https://takuhon.org/errors';\n\nexport interface ProblemFieldError {\n path: string;\n message: string;\n}\n\nexport interface ProblemDetails {\n type: string;\n title: string;\n status: number;\n detail: string;\n instance: string;\n errors?: ProblemFieldError[];\n currentVersion?: string;\n}\n\nexport interface BuildProblemInput {\n slug: ErrorSlug;\n status: number;\n title: string;\n detail: string;\n instance: string;\n errors?: ProblemFieldError[];\n currentVersion?: string;\n}\n\nexport function buildProblem(input: BuildProblemInput): ProblemDetails {\n const out: ProblemDetails = {\n type: `${TYPE_BASE}/${input.slug}`,\n title: input.title,\n status: input.status,\n detail: input.detail,\n instance: input.instance,\n };\n if (input.errors !== undefined) out.errors = input.errors;\n if (input.currentVersion !== undefined) out.currentVersion = input.currentVersion;\n return out;\n}\n\nexport interface ProblemResponseInput {\n slug: ErrorSlug;\n status: ContentfulStatusCode;\n title: string;\n detail: string;\n errors?: ProblemFieldError[];\n currentVersion?: string;\n}\n\nexport function problemResponse(c: Context, input: ProblemResponseInput): Response {\n const body = buildProblem({\n slug: input.slug,\n status: input.status,\n title: input.title,\n detail: input.detail,\n instance: new URL(c.req.url).pathname,\n errors: input.errors,\n currentVersion: input.currentVersion,\n });\n return c.body(JSON.stringify(body), input.status, {\n 'content-type': 'application/problem+json; charset=utf-8',\n });\n}\n","import {\n NotFoundError,\n SCHEMA_VERSION,\n applyPublicPrivacyFilter,\n generateJsonLd,\n normalize,\n resolveLocale,\n schema,\n type ActivityStorage,\n type Takuhon,\n type TakuhonStorage,\n} from '@takuhon/core';\nimport { Hono } from 'hono';\n\nimport { ERROR_SLUGS, problemResponse } from './error-envelope.js';\nimport { renderProfileHtml } from './html/build-html.js';\nimport { localePrefixGetPath, pathLocaleFromUrl } from './locale-prefix.js';\nimport { resolveRequestLocales } from './locale-resolution.js';\n\nexport interface PublicAppDeps {\n storage: TakuhonStorage;\n /**\n * Returned when storage reports NotFoundError. Adapters that ship a\n * bundled example fixture (e.g. @takuhon/cloudflare) pass a thunk that\n * returns the validated document so initial-onboarding requests still\n * succeed before the first admin write.\n */\n fallback?: () => Takuhon;\n /**\n * Source of the synced developer-activity snapshot, exposed at\n * `GET /api/activity`. Optional, like the admin app's `assetStorage`:\n * deployments that don't sync activity leave it unset and the route\n * answers 404. The route also answers 404 while `settings.activity` is\n * not enabled in the profile, so disabling the feature stops serving a\n * previously synced snapshot immediately.\n */\n activityStorage?: ActivityStorage;\n /**\n * Path of the read-only MCP endpoint, advertised in\n * `/.well-known/takuhon.json` as `mcp`. Only set it on adapters that actually\n * serve MCP (e.g. @takuhon/cloudflare's `/mcp`); left unset, the discovery\n * document omits `mcp` so static / Vercel deployments don't point at an\n * endpoint they don't host.\n */\n mcpPath?: string;\n}\n\nconst FALLBACK_VERSION = 'bundled-fixture';\n\nconst PUBLIC_CSP = [\n \"default-src 'self'\",\n // `https:` lets the server-rendered profile page load remote avatar images\n // (the schema permits any https avatar URL, and `safeUrl` in the renderer\n // already blocks non-http(s) schemes); `data:` covers inline placeholders.\n \"img-src 'self' https: data:\",\n \"style-src 'self' 'unsafe-inline'\",\n \"script-src 'self'\",\n \"font-src 'self'\",\n \"connect-src 'self'\",\n \"frame-ancestors 'none'\",\n \"base-uri 'self'\",\n \"form-action 'self'\",\n 'upgrade-insecure-requests',\n].join('; ');\n\nasync function loadProfile(deps: PublicAppDeps): Promise<{ data: Takuhon; version: string }> {\n try {\n return await deps.storage.getProfile();\n } catch (e) {\n if (e instanceof NotFoundError && deps.fallback) {\n return { data: deps.fallback(), version: FALLBACK_VERSION };\n }\n throw e;\n }\n}\n\nexport function createPublicApp(deps: PublicAppDeps): Hono {\n // `getPath` strips a leading `/{locale}` prefix (e.g. `/ja/api/profile`\n // → `/api/profile`) so the flat routes below match locale-prefixed\n // URLs. The same function is applied on the adapter's top-level router,\n // because Hono's `route()` flattens this app's routes into the parent\n // and dispatches with the parent's `getPath` only — setting it here\n // alone would be honored for direct `app.fetch()` (tests) but not in\n // production. Handlers recover the locale token from the original URL\n // (`c.req.url`), which `getPath` does not mutate.\n const app = new Hono({ getPath: localePrefixGetPath });\n\n app.use('*', async (c, next) => {\n await next();\n const h = c.res.headers;\n h.set('strict-transport-security', 'max-age=63072000; includeSubDomains; preload');\n h.set('x-content-type-options', 'nosniff');\n h.set('x-frame-options', 'DENY');\n h.set('referrer-policy', 'strict-origin-when-cross-origin');\n h.set('permissions-policy', 'camera=(), microphone=(), geolocation=(), interest-cohort=()');\n h.set('content-security-policy', PUBLIC_CSP);\n // Every route on this app is unauthenticated, read-only, and already\n // privacy-filtered, so the responses are safe to expose to any origin. This\n // is what lets browsers and AI tools fetch the profile / JSON-LD / discovery\n // document cross-origin — the public API's \"read anywhere\" goal. No cookies\n // or credentials are involved, so `*` is correct and `Vary: Origin` is not\n // needed; preflights are answered by the OPTIONS handler below. The admin\n // app (createAdminApiApp) is a separate Hono instance and is unaffected.\n h.set('access-control-allow-origin', '*');\n h.set('access-control-expose-headers', 'ETag');\n });\n\n app.onError((err, c) => {\n // This 500 body is public — and cross-origin readable once CORS is enabled —\n // so it must not echo internal exception text (storage/render errors can\n // carry implementation detail). Log the real error server-side and return a\n // generic, non-revealing detail.\n console.error('Public app request failed:', err);\n return problemResponse(c, {\n slug: ERROR_SLUGS.internal,\n status: 500,\n title: 'Internal Error',\n detail: 'An unexpected error occurred while handling the request.',\n });\n });\n\n app.notFound((c) =>\n problemResponse(c, {\n slug: ERROR_SLUGS.notFound,\n status: 404,\n title: 'Not Found',\n detail: `No route matches ${new URL(c.req.url).pathname}.`,\n }),\n );\n\n // The public profile page. `getPath` has already stripped any `/{locale}`\n // prefix, so this single route serves `/` (default locale) and `/<locale>/`\n // alike; the locale token is recovered from the original URL. The same\n // load → normalize → resolveLocale → privacy-filter pipeline that backs\n // `/api/profile` feeds the pure `renderProfileHtml`, so the page a visitor —\n // and any crawler reading the embedded JSON-LD — sees matches the API and the\n // static `takuhon build` output exactly. Canonical / hreflang are derived\n // from this request's own origin, so they are correct without configuration.\n app.get('/', async (c) => {\n const { data, version } = await loadProfile(deps);\n const profile = normalize(data);\n const { locale, fallbackLocale } = resolveRequestLocales(\n c,\n profile.settings.availableLocales,\n pathLocaleFromUrl(c.req.url),\n );\n const localized = applyPublicPrivacyFilter(resolveLocale(profile, locale, fallbackLocale));\n\n const defaultLocale = profile.settings.defaultLocale;\n const locales = [...new Set([defaultLocale, ...profile.settings.availableLocales])];\n const current = localized.resolvedLocale;\n const origin = new URL(c.req.url).origin;\n const localePath = (l: string): string => (l === defaultLocale ? '/' : `/${l}/`);\n\n const snapshot =\n profile.settings.activity?.enabled === true && deps.activityStorage\n ? await deps.activityStorage.getActivitySnapshot()\n : null;\n\n const html = renderProfileHtml({\n localized,\n canonicalUrl: `${origin}${localePath(current)}`,\n alternates: [\n ...locales.map((l) => ({ hreflang: l, href: `${origin}${localePath(l)}` })),\n { hreflang: 'x-default', href: `${origin}${localePath(defaultLocale)}` },\n ],\n localeNav: locales.map((l) => ({ locale: l, href: localePath(l), current: l === current })),\n jsonLd: profile.settings.enableJsonLd !== false,\n activitySnapshot: snapshot ?? undefined,\n });\n\n c.header('etag', `\"${version}\"`);\n c.header('cache-control', 'public, max-age=300');\n c.header('vary', 'Accept-Language, Cookie');\n return c.html(html);\n });\n\n // Liveness probe. Intentionally storage-independent: it reports that the\n // worker itself is serving requests, not that the profile store is\n // reachable. A readiness probe that also checks storage can be added\n // later under a separate path if deployment platforms need it.\n app.get('/health', (c) => {\n c.header('cache-control', 'no-store');\n return c.json({ status: 'ok', schemaVersion: SCHEMA_VERSION });\n });\n\n app.get('/api/profile', async (c) => {\n const { data, version } = await loadProfile(deps);\n const { locale, fallbackLocale } = resolveRequestLocales(\n c,\n data.settings.availableLocales,\n pathLocaleFromUrl(c.req.url),\n );\n const localized = applyPublicPrivacyFilter(\n resolveLocale(normalize(data), locale, fallbackLocale),\n );\n const body = {\n data: localized,\n meta: {\n schemaVersion: localized.schemaVersion,\n locale: localized.resolvedLocale,\n updatedAt: localized.meta.updatedAt,\n },\n };\n c.header('etag', `\"${version}\"`);\n c.header('cache-control', 'private, max-age=300');\n c.header('vary', 'Accept-Language, Cookie');\n return c.json(body);\n });\n\n app.get('/api/schema', (c) => c.json(schema));\n\n // Public read of the synced developer-activity snapshot (design decision\n // §9-5: public, like /api/profile). The snapshot is already owner-derived\n // public metrics — no privacy filter applies — but the owner's opt-in is\n // re-checked on every read so disabling `settings.activity` takes effect\n // immediately, even while a stale snapshot is still stored. All three\n // unavailable states answer the same 404 problem.\n app.get('/api/activity', async (c) => {\n const unavailable = (): Response =>\n problemResponse(c, {\n slug: ERROR_SLUGS.notFound,\n status: 404,\n title: 'Not Found',\n detail: 'No activity snapshot is available.',\n });\n\n if (!deps.activityStorage) return unavailable();\n const { data } = await loadProfile(deps);\n if (data.settings.activity?.enabled !== true) return unavailable();\n const snapshot = await deps.activityStorage.getActivitySnapshot();\n if (snapshot === null) return unavailable();\n\n c.header('cache-control', 'public, max-age=300');\n return c.json(snapshot);\n });\n\n app.get('/api/jsonld', async (c) => {\n const { data, version } = await loadProfile(deps);\n const { locale, fallbackLocale } = resolveRequestLocales(\n c,\n data.settings.availableLocales,\n pathLocaleFromUrl(c.req.url),\n );\n const localized = applyPublicPrivacyFilter(\n resolveLocale(normalize(data), locale, fallbackLocale),\n );\n const ld = generateJsonLd(localized);\n c.header('etag', `\"${version}\"`);\n c.header('cache-control', 'private, max-age=300');\n c.header('vary', 'Accept-Language, Cookie');\n c.header('content-type', 'application/ld+json; charset=utf-8');\n return c.body(JSON.stringify(ld));\n });\n\n app.get('/takuhon.json', async (c) => {\n const { data, version } = await loadProfile(deps);\n const filtered = applyPublicPrivacyFilter(data);\n c.header('etag', `\"${version}\"`);\n c.header('cache-control', 'public, max-age=300');\n return c.json(filtered);\n });\n\n app.get('/.well-known/takuhon.json', (c) => {\n c.header('cache-control', 'public, max-age=3600');\n return c.json({\n schemaVersion: SCHEMA_VERSION,\n schemaUrl: '/api/schema',\n profile: '/api/profile',\n jsonld: '/api/jsonld',\n export: '/api/admin/export',\n canonical: '/takuhon.json',\n // Only advertised when the adapter serves MCP (see PublicAppDeps.mcpPath).\n ...(deps.mcpPath !== undefined ? { mcp: deps.mcpPath } : {}),\n });\n });\n\n // CORS preflight for cross-origin reads. The actual GET responses carry\n // `Access-Control-Allow-Origin` via the middleware above; this answers the\n // preflight a browser sends before a non-simple cross-origin request (a\n // simple GET needs no preflight). Without this, OPTIONS would fall through to\n // the 404 handler and the preflight would fail.\n app.options('*', (c) => {\n c.header('access-control-allow-methods', 'GET, HEAD, OPTIONS');\n c.header('access-control-allow-headers', c.req.header('access-control-request-headers') ?? '*');\n c.header('access-control-max-age', '86400');\n return c.body(null, 204);\n });\n\n app.on(['POST', 'PUT', 'PATCH', 'DELETE'], '*', (c) =>\n problemResponse(c, {\n slug: ERROR_SLUGS.methodNotAllowed,\n status: 405,\n title: 'Method Not Allowed',\n detail: `${c.req.method} ${new URL(c.req.url).pathname} is not supported on the public app.`,\n }),\n );\n\n return app;\n}\n","/**\n * Pure HTML rendering for `takuhon build`.\n *\n * {@link renderProfileHtml} turns one locale-resolved {@link LocalizedTakuhon}\n * into a complete, self-contained static HTML document: semantic markup for\n * every profile section, an inline stylesheet, optional Schema.org JSON-LD,\n * and the `<head>` metadata (`<title>`, description, canonical, hreflang\n * alternates) the caller supplies.\n *\n * This is a deliberately separate, simpler surface from the React\n * `@takuhon/ui` (which is delivered as CSS-Modules components needing a\n * bundler). It reuses only `@takuhon/core` and has no DOM/browser dependency,\n * so it renders in plain Node and is unit-testable as a pure string function.\n *\n * Security: every piece of profile-derived text is escaped before it reaches\n * the markup ({@link escapeHtml}), and the JSON-LD payload is `<`/`>`/`&`\n * unicode-escaped so it cannot break out of its `<script>` element.\n */\n\nimport { generateJsonLd, renderActivitySvg } from '@takuhon/core';\nimport type { ActivitySnapshot, LocalizedTakuhon } from '@takuhon/core';\n\nimport { dateRange, escapeHtml, nonEmpty, safeUrl } from './html-helpers.js';\n\n// Re-exported for existing importers (e.g. dev-command, tests) that pull\n// `escapeHtml` from this module; the implementation now lives in html-helpers.\nexport { escapeHtml } from './html-helpers.js';\n\ntype LocalizedProfile = LocalizedTakuhon['profile'];\n\n/** One entry in the human-facing locale switcher. */\nexport interface LocaleLink {\n locale: string;\n href: string;\n current: boolean;\n}\n\n/** One `<link rel=\"alternate\" hreflang>` entry. */\nexport interface Alternate {\n hreflang: string;\n href: string;\n}\n\nexport interface RenderInput {\n /** The locale-resolved document to render. */\n localized: LocalizedTakuhon;\n /** Absolute canonical URL for this page (only when `--base-url` was given). */\n canonicalUrl?: string;\n /** hreflang alternates (empty when no base URL is available). */\n alternates: readonly Alternate[];\n /** Human locale switcher links (rendered only when more than one locale). */\n localeNav: readonly LocaleLink[];\n /** Whether to emit Schema.org JSON-LD (mirrors `settings.enableJsonLd`). */\n jsonLd: boolean;\n /**\n * Synced developer-activity snapshot, rendered as a self-owned inline SVG\n * section. The caller gates it on `settings.activity.enabled`; an absent (or\n * metric-less) snapshot omits the section entirely.\n */\n activitySnapshot?: ActivitySnapshot;\n}\n\n/** Unicode-escape `<`, `>`, `&` so a JSON-LD payload cannot break out of `<script>`. */\nfunction escapeJsonLd(json: string): string {\n return json.replace(/</g, '\\\\u003c').replace(/>/g, '\\\\u003e').replace(/&/g, '\\\\u0026');\n}\n\nconst CSS = `:root{--fg:#1a1a1a;--muted:#666;--accent:#0b5fff;--line:#e5e5e5}\n*{box-sizing:border-box}\nbody{margin:0;color:var(--fg);font:16px/1.6 system-ui,-apple-system,\"Segoe UI\",Roboto,sans-serif;background:#fff}\nmain{max-width:42rem;margin:0 auto;padding:2rem 1.25rem}\na{color:var(--accent)}\nh1{font-size:1.9rem;margin:.2rem 0}\nh2{font-size:1.15rem;margin:2rem 0 .75rem;padding-bottom:.3rem;border-bottom:1px solid var(--line)}\nh3{font-size:1rem;margin:0}\nheader .avatar{width:96px;height:96px;border-radius:50%;object-fit:cover}\n.tagline{font-size:1.1rem;color:var(--muted);margin:.2rem 0}\n.location{color:var(--muted);margin:.2rem 0}\n.bio{margin:.75rem 0}\nul{padding:0;margin:0;list-style:none}\n.entries>li{margin:0 0 1.1rem}\n.sub{margin:.1rem 0;font-weight:600}\n.meta{margin:.1rem 0;color:var(--muted);font-size:.9rem}\n.links{display:flex;flex-wrap:wrap;gap:.5rem 1rem;margin:.75rem 0}\n.skills,.tags{display:flex;flex-wrap:wrap;gap:.4rem}\n.skills>li,.tags>li{background:#f2f2f2;border-radius:1rem;padding:.15rem .6rem;font-size:.85rem}\n.rec{margin:0 0 1.1rem}\n.rec blockquote{margin:0;padding-left:.9rem;border-left:3px solid var(--line)}\n.rec figcaption{color:var(--muted);font-size:.9rem;margin-top:.3rem}\nnav.locales{display:flex;gap:.75rem;margin-bottom:1rem;font-size:.9rem}\n.activity svg{max-width:100%;height:auto}\nfooter.powered{max-width:42rem;margin:0 auto;padding:1.5rem 1.25rem;color:var(--muted);font-size:.85rem}`;\n\ninterface EntryView {\n heading: string;\n sub?: string;\n dates?: string;\n body?: string;\n url?: string;\n tags?: readonly string[];\n}\n\nfunction renderEntry(entry: EntryView): string {\n const href = entry.url ? safeUrl(entry.url) : undefined;\n const heading = href\n ? `<a href=\"${escapeHtml(href)}\">${escapeHtml(entry.heading)}</a>`\n : escapeHtml(entry.heading);\n const parts = [`<h3>${heading}</h3>`];\n if (entry.sub) parts.push(`<p class=\"sub\">${escapeHtml(entry.sub)}</p>`);\n // `entry.dates` is already an escaped HTML fragment from `dateRange` (localized\n // <time> elements), so it is inserted raw rather than re-escaped.\n if (entry.dates) parts.push(`<p class=\"meta\">${entry.dates}</p>`);\n if (entry.body) parts.push(`<p>${escapeHtml(entry.body)}</p>`);\n if (entry.tags && entry.tags.length > 0) {\n parts.push(\n `<ul class=\"tags\">${entry.tags.map((t) => `<li>${escapeHtml(t)}</li>`).join('')}</ul>`,\n );\n }\n return `<li>${parts.join('')}</li>`;\n}\n\n/** Render a `<section>` of entries, or `''` when there are none. */\nfunction entryList(title: string, entries: readonly EntryView[]): string {\n if (entries.length === 0) return '';\n return `<section><h2>${escapeHtml(title)}</h2><ul class=\"entries\">${entries\n .map(renderEntry)\n .join('')}</ul></section>`;\n}\n\nfunction renderHeader(p: LocalizedProfile): string {\n const parts: string[] = [];\n const avatarSrc = p.avatar?.url ? safeUrl(p.avatar.url) : undefined;\n if (avatarSrc) {\n parts.push(\n `<img class=\"avatar\" src=\"${escapeHtml(avatarSrc)}\" alt=\"${escapeHtml(p.avatar?.alt ?? '')}\">`,\n );\n }\n parts.push(`<h1>${escapeHtml(p.displayName)}</h1>`);\n if (p.tagline) parts.push(`<p class=\"tagline\">${escapeHtml(p.tagline)}</p>`);\n if (p.location?.display) parts.push(`<p class=\"location\">${escapeHtml(p.location.display)}</p>`);\n if (p.bio) parts.push(`<p class=\"bio\">${escapeHtml(p.bio)}</p>`);\n return `<header>${parts.join('')}</header>`;\n}\n\nfunction renderLinks(links: LocalizedTakuhon['links']): string {\n if (links.length === 0) return '';\n const items = links\n .map((l) => {\n const text = escapeHtml(l.label ?? l.url);\n const href = safeUrl(l.url);\n return href ? `<li><a href=\"${escapeHtml(href)}\">${text}</a></li>` : `<li>${text}</li>`;\n })\n .join('');\n return `<nav aria-label=\"Links\"><ul class=\"links\">${items}</ul></nav>`;\n}\n\nfunction renderSkills(skills: LocalizedTakuhon['skills']): string {\n if (skills.length === 0) return '';\n const items = skills.map((s) => `<li>${escapeHtml(s.label)}</li>`).join('');\n return `<section><h2>Skills</h2><ul class=\"skills\">${items}</ul></section>`;\n}\n\nfunction renderLanguages(languages: LocalizedTakuhon['languages']): string {\n if (languages.length === 0) return '';\n const items = languages\n .map((l) => `<li>${escapeHtml(`${l.displayName ?? l.language} — ${l.proficiency}`)}</li>`)\n .join('');\n return `<section><h2>Languages</h2><ul class=\"entries\">${items}</ul></section>`;\n}\n\nfunction renderRecommendations(recs: LocalizedTakuhon['recommendations']): string {\n if (recs.length === 0) return '';\n const items = recs\n .map((r) => {\n const authorHref = r.author.url ? safeUrl(r.author.url) : undefined;\n const name = authorHref\n ? `<a href=\"${escapeHtml(authorHref)}\">${escapeHtml(r.author.name)}</a>`\n : escapeHtml(r.author.name);\n const caption = [name, r.author.headline ? escapeHtml(r.author.headline) : '']\n .filter(Boolean)\n .join(', ');\n const rel = r.relationship ? ` (${escapeHtml(r.relationship)})` : '';\n return `<figure class=\"rec\"><blockquote>${escapeHtml(r.body)}</blockquote><figcaption>— ${caption}${rel}</figcaption></figure>`;\n })\n .join('');\n return `<section><h2>Recommendations</h2>${items}</section>`;\n}\n\nfunction renderContact(contact: LocalizedTakuhon['contact']): string {\n const items: string[] = [];\n if (contact.email) {\n items.push(\n `<li><a href=\"mailto:${escapeHtml(contact.email)}\">${escapeHtml(contact.email)}</a></li>`,\n );\n }\n const formHref = contact.formUrl ? safeUrl(contact.formUrl) : undefined;\n if (formHref) {\n items.push(`<li><a href=\"${escapeHtml(formHref)}\">Contact form</a></li>`);\n }\n if (items.length === 0) return '';\n return `<section><h2>Contact</h2><ul class=\"entries\">${items.join('')}</ul></section>`;\n}\n\n/**\n * Render the developer-activity section from the synced snapshot, or `''`\n * when there is none (or it carries no metric data). The SVG is generated by\n * `@takuhon/core` from stored numbers only — no external badge image — so the\n * page works under an `img-src 'self'` CSP.\n */\nfunction renderActivity(snapshot: ActivitySnapshot | undefined): string {\n if (!snapshot) return '';\n const svg = renderActivitySvg(snapshot);\n if (svg === '') return '';\n return `<section class=\"activity\"><h2>Activity</h2>${svg}</section>`;\n}\n\nfunction renderJsonLdScript(data: LocalizedTakuhon): string {\n const payload = JSON.stringify(generateJsonLd(data));\n return `<script type=\"application/ld+json\">${escapeJsonLd(payload)}</script>`;\n}\n\nfunction renderLocaleNav(localeNav: readonly LocaleLink[]): string {\n const items = localeNav\n .map((l) =>\n l.current\n ? `<span aria-current=\"true\">${escapeHtml(l.locale)}</span>`\n : `<a href=\"${escapeHtml(l.href)}\">${escapeHtml(l.locale)}</a>`,\n )\n .join('');\n return `<nav class=\"locales\" aria-label=\"Language\">${items}</nav>`;\n}\n\n/** Render a complete static HTML document for one locale-resolved profile. */\nexport function renderProfileHtml(input: RenderInput): string {\n const d = input.localized;\n const p = d.profile;\n const description = p.tagline ?? p.bio ?? '';\n\n const head = [\n '<meta charset=\"utf-8\">',\n '<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">',\n `<title>${escapeHtml(p.displayName)}</title>`,\n description\n ? `<meta name=\"description\" content=\"${escapeHtml(description.slice(0, 300))}\">`\n : '',\n input.canonicalUrl ? `<link rel=\"canonical\" href=\"${escapeHtml(input.canonicalUrl)}\">` : '',\n ...input.alternates.map(\n (a) =>\n `<link rel=\"alternate\" hreflang=\"${escapeHtml(a.hreflang)}\" href=\"${escapeHtml(a.href)}\">`,\n ),\n input.jsonLd ? renderJsonLdScript(d) : '',\n `<style>${CSS}</style>`,\n ]\n .filter(Boolean)\n .join('\\n ');\n\n const body = [\n input.localeNav.length > 1 ? renderLocaleNav(input.localeNav) : '',\n renderHeader(p),\n renderLinks(d.links),\n entryList(\n 'Experience',\n d.careers.map((c) => ({\n heading: c.role,\n sub: c.organization,\n dates: dateRange(c.startDate, {\n end: c.endDate,\n isCurrent: c.isCurrent,\n locale: d.resolvedLocale,\n }),\n body: c.description,\n url: c.url,\n })),\n ),\n entryList(\n 'Projects',\n d.projects.map((x) => ({\n heading: x.title,\n dates: dateRange(x.startDate, { end: x.endDate, locale: d.resolvedLocale }),\n body: x.description,\n url: x.url,\n tags: x.tags,\n })),\n ),\n renderSkills(d.skills),\n renderActivity(input.activitySnapshot),\n entryList(\n 'Education',\n d.education.map((e) => {\n const degree = nonEmpty([e.degree, e.fieldOfStudy], ', ');\n return {\n heading: degree ?? e.institution,\n sub: degree ? e.institution : undefined,\n dates: dateRange(e.startDate, {\n end: e.endDate,\n isCurrent: e.isCurrent,\n locale: d.resolvedLocale,\n }),\n body: e.description,\n url: e.url,\n };\n }),\n ),\n entryList(\n 'Certifications',\n d.certifications.map((c) => ({\n heading: c.title,\n sub: c.issuingOrganization,\n dates: dateRange(c.issueDate, { end: c.expirationDate, locale: d.resolvedLocale }),\n url: c.url,\n })),\n ),\n entryList(\n 'Publications',\n d.publications.map((x) => ({\n heading: x.title,\n sub: nonEmpty([x.publisher, x.coAuthors?.join(', ')], ' · '),\n dates: dateRange(x.date, { locale: d.resolvedLocale }),\n body: x.description,\n url: x.url ?? (x.doi ? `https://doi.org/${x.doi}` : undefined),\n })),\n ),\n entryList(\n 'Honors & awards',\n d.honors.map((x) => ({\n heading: x.title,\n sub: x.issuer,\n dates: dateRange(x.date, { locale: d.resolvedLocale }),\n body: x.description,\n url: x.url,\n })),\n ),\n entryList(\n 'Memberships',\n d.memberships.map((x) => ({\n heading: x.role ?? x.organization,\n sub: x.role ? x.organization : undefined,\n dates: dateRange(x.startDate, {\n end: x.endDate,\n isCurrent: x.isCurrent,\n locale: d.resolvedLocale,\n }),\n body: x.description,\n url: x.url,\n })),\n ),\n entryList(\n 'Volunteering',\n d.volunteering.map((x) => ({\n heading: x.role,\n sub: nonEmpty([x.organization, x.cause], ' · '),\n dates: dateRange(x.startDate, {\n end: x.endDate,\n isCurrent: x.isCurrent,\n locale: d.resolvedLocale,\n }),\n body: x.description,\n url: x.url,\n })),\n ),\n entryList(\n 'Courses',\n d.courses.map((x) => ({\n heading: x.title,\n sub: x.provider,\n dates: dateRange(x.completionDate, { locale: d.resolvedLocale }),\n body: x.description,\n url: x.certificateUrl,\n })),\n ),\n entryList(\n 'Patents',\n d.patents.map((x) => ({\n heading: x.title,\n sub: nonEmpty([x.patentNumber, x.office, x.status, x.coInventors?.join(', ')], ' · '),\n dates: dateRange(x.filingDate ?? x.grantDate, { locale: d.resolvedLocale }),\n body: x.description,\n url: x.url,\n })),\n ),\n entryList(\n 'Test scores',\n d.testScores.map((x) => ({\n heading: `${x.title}: ${x.score}`,\n dates: dateRange(x.date, { locale: d.resolvedLocale }),\n body: x.description,\n url: x.url,\n })),\n ),\n renderLanguages(d.languages),\n renderRecommendations(d.recommendations),\n renderContact(d.contact),\n ]\n .filter(Boolean)\n .join('\\n');\n\n const footer =\n d.settings.showPoweredBy === true ? '<footer class=\"powered\">Powered by takuhon</footer>' : '';\n\n return (\n `<!DOCTYPE html>\\n<html lang=\"${escapeHtml(d.resolvedLocale)}\">\\n<head>\\n ${head}\\n</head>\\n` +\n `<body>\\n<main>\\n${body}\\n</main>\\n${footer ? `${footer}\\n` : ''}</body>\\n</html>\\n`\n );\n}\n","/**\n * Pure HTML helpers shared by the static-site renderer ({@link\n * import('./build-html.js')}) and the CV renderer ({@link\n * import('./cv-html.js')}). All are string-in / string-out with no I/O, so they\n * stay unit-testable and keep both renderers' escaping behavior identical.\n */\n\nimport { formatDate, getPresentLabel, type LocaleTag } from '@takuhon/core';\n\n/** Escape text for use in HTML element content or double/single-quoted attributes. */\nexport function escapeHtml(value: string): string {\n return value\n .replace(/&/g, '&amp;')\n .replace(/</g, '&lt;')\n .replace(/>/g, '&gt;')\n .replace(/\"/g, '&quot;')\n .replace(/'/g, '&#39;');\n}\n\n/**\n * Return `url` only when its scheme is safe to place in an `href`/`src`, else\n * `undefined`. Relative, protocol-relative, fragment, and query URLs (no\n * scheme) are allowed; among absolute URLs only `http:`, `https:`, and\n * `mailto:` are. This blocks `javascript:`, `data:`, `vbscript:`, etc. — the\n * schema validates only a generic URI, so a hostile document could otherwise\n * smuggle an executable scheme into the generated page.\n */\nexport function safeUrl(url: string): string | undefined {\n const trimmed = url.trim();\n const scheme = /^([a-zA-Z][a-zA-Z0-9+.-]*):/.exec(trimmed)?.[1]?.toLowerCase();\n if (scheme === undefined) return trimmed; // relative / protocol-relative / fragment\n return scheme === 'http' || scheme === 'https' || scheme === 'mailto' ? trimmed : undefined;\n}\n\n/**\n * Wrap a single ISO date in a `<time>` element: the machine-readable ISO value\n * stays verbatim in the `datetime` attribute while the visible text is the\n * locale-formatted form from `@takuhon/core`'s {@link formatDate}. Both parts\n * are escaped, so the returned fragment is already safe to insert raw — callers\n * must NOT pass it back through {@link escapeHtml}.\n */\nexport function timeTag(iso: string, locale: LocaleTag): string {\n return `<time datetime=\"${escapeHtml(iso)}\">${escapeHtml(formatDate(iso, locale))}</time>`;\n}\n\n/** The localized ongoing-role marker (en `Present` / ja `現在`), escaped. */\nexport function presentLabel(locale: LocaleTag): string {\n return escapeHtml(getPresentLabel(locale));\n}\n\n/**\n * Format a date range as an escaped HTML fragment: each bound becomes a\n * localized `<time>` element ({@link timeTag}), and a `null` end or `isCurrent`\n * renders as the localized \"Present\" marker ({@link presentLabel}). `locale` is\n * required, so a call that forgets it is a compile error rather than a silently\n * mis-formatted output. The result is fully escaped — callers insert it raw,\n * without {@link escapeHtml}; the only non-escaped literals are the static\n * en-dash separator and the `<time>` tags themselves.\n */\nexport function dateRange(\n start: string | undefined,\n opts: { end?: string | null; isCurrent?: boolean; locale: LocaleTag },\n): string {\n const { end, isCurrent, locale } = opts;\n const left = start ? timeTag(start, locale) : '';\n const right =\n isCurrent === true || end === null ? presentLabel(locale) : end ? timeTag(end, locale) : '';\n if (left && right) return `${left} – ${right}`;\n return left || right;\n}\n\n/** Join the non-empty values with `separator`, or `undefined` when none remain. */\nexport function nonEmpty(\n values: readonly (string | undefined)[],\n separator: string,\n): string | undefined {\n const joined = values\n .filter((v): v is string => typeof v === 'string' && v.length > 0)\n .join(separator);\n return joined.length > 0 ? joined : undefined;\n}\n","/**\n * HTTP-layer locale resolution for the public app.\n *\n * Reads request-side locale candidates in this priority order:\n *\n * 1. `?lang=` query parameter\n * 2. URL path prefix (e.g. `/ja/`), passed in as `pathLocale`\n * 3. `takuhon_locale` cookie\n * 4. `Accept-Language` request header (q-value ordered)\n *\n * The URL-path candidate is extracted structurally by\n * `locale-prefix.ts` (`stripLocalePrefix` / `pathLocaleFromUrl`) and\n * handed to {@link resolveRequestLocales} as `pathLocale`; this module\n * does not parse the path itself. Settings-tier fallbacks\n * (`settings.defaultLocale`, `settings.fallbackLocale`,\n * `settings.availableLocales[0]`) are resolved inside `@takuhon/core`'s\n * `resolveLocale` and do not appear here.\n *\n * `resolveLocale` only exposes two caller slots (`locale`,\n * `fallbackLocale`). To avoid wasting them on tags the document can't\n * serve, candidates are filtered against `availableLocales` (case-\n * insensitive on the full tag or its primary subtag) and the matched\n * available locale token is substituted before forwarding, so a\n * primary-subtag match like `en` → `en-US` does not silently fall\n * through to the settings tier. Filtered candidates beyond the second\n * fall through to `resolveLocale`'s own settings-tier candidates, not\n * in request order — an acceptable loss given the contract.\n */\nimport type { Context } from 'hono';\nimport { getCookie } from 'hono/cookie';\n\nconst BCP47 = /^[a-zA-Z]{2,3}(-[a-zA-Z0-9]+)*$/;\n\n// DoS guards. The header parser is exposed to untrusted client input,\n// so the byte budget and entry count are bounded before any per-token\n// work. Numbers are conservative defaults, not spec-derived.\nconst ACCEPT_LANG_MAX = 2048;\nconst ACCEPT_LANG_MAX_ENTRIES = 16;\nconst COOKIE_VALUE_MAX = 64;\n\nexport function isValidBcp47(tag: string): boolean {\n return BCP47.test(tag);\n}\n\ninterface AcceptLangEntry {\n readonly tag: string;\n readonly q: number;\n}\n\n/**\n * Parse an `Accept-Language` header into BCP-47 tags ordered by q\n * descending. Invalid or zero-quality entries and `*` wildcards are\n * dropped. Input larger than {@link ACCEPT_LANG_MAX} bytes or with more\n * than {@link ACCEPT_LANG_MAX_ENTRIES} comma-separated parts is\n * truncated before parsing.\n */\nexport function parseAcceptLanguage(header: string | null | undefined): string[] {\n if (!header) return [];\n const trimmed = header.length > ACCEPT_LANG_MAX ? header.slice(0, ACCEPT_LANG_MAX) : header;\n const parts = trimmed.split(',').slice(0, ACCEPT_LANG_MAX_ENTRIES);\n\n const entries: AcceptLangEntry[] = [];\n for (const rawPart of parts) {\n const segments = rawPart.split(';');\n const tagSegment = segments[0];\n if (tagSegment === undefined) continue;\n const tag = tagSegment.trim();\n if (tag === '' || tag === '*') continue;\n if (!isValidBcp47(tag)) continue;\n\n let q = 1;\n for (let i = 1; i < segments.length; i++) {\n const segment = segments[i];\n if (segment === undefined) continue;\n const match = /^\\s*q\\s*=\\s*([0-9.]+)\\s*$/i.exec(segment);\n if (!match) continue;\n const parsed = Number.parseFloat(match[1] ?? '');\n if (Number.isNaN(parsed)) {\n q = 1;\n } else if (parsed < 0 || parsed > 1) {\n // RFC 7231 §5.3.1 says values MUST be in [0, 1]; treat\n // out-of-range as missing (q=1) rather than dropping.\n q = 1;\n } else {\n q = parsed;\n }\n break;\n }\n if (q === 0) continue;\n\n entries.push({ tag, q });\n }\n\n // Stable sort: Array.prototype.sort is stable in ES2019+.\n entries.sort((a, b) => b.q - a.q);\n return entries.map((e) => e.tag);\n}\n\nfunction primarySubtag(tag: string): string {\n const dash = tag.indexOf('-');\n return (dash === -1 ? tag : tag.slice(0, dash)).toLowerCase();\n}\n\nfunction matchAvailable(tag: string, available: readonly string[]): string | undefined {\n const tagLower = tag.toLowerCase();\n const tagPrimary = primarySubtag(tag);\n // Prefer exact (case-insensitive) match over primary-subtag match so a\n // request that names a region explicitly wins over a region-stripped\n // alternative.\n for (const a of available) {\n if (a.toLowerCase() === tagLower) return a;\n }\n for (const a of available) {\n if (primarySubtag(a) === tagPrimary) return a;\n }\n return undefined;\n}\n\n/**\n * Resolve HTTP-layer locale candidates from the request — query, URL\n * path prefix, cookie, and `Accept-Language` in that priority order.\n * Returns the top two candidates that survive validation and the\n * `availableLocales` filter, after substituting the matched available\n * token so primary-subtag matches resolve correctly downstream.\n *\n * @param pathLocale The locale token extracted from a `/{locale}` path\n * prefix by `pathLocaleFromUrl`, or `undefined` when the request has\n * no path prefix. Inserted at priority #2 (after query, before\n * cookie).\n */\nexport function resolveRequestLocales(\n c: Context,\n available: readonly string[],\n pathLocale?: string,\n): { locale?: string; fallbackLocale?: string } {\n const raw: string[] = [];\n\n const query = c.req.query('lang');\n if (query !== undefined && isValidBcp47(query)) {\n raw.push(query);\n }\n\n if (pathLocale !== undefined && isValidBcp47(pathLocale)) {\n raw.push(pathLocale);\n }\n\n const cookie = getCookie(c, 'takuhon_locale');\n if (cookie !== undefined && cookie.length <= COOKIE_VALUE_MAX && isValidBcp47(cookie)) {\n raw.push(cookie);\n }\n\n const accept = c.req.header('accept-language');\n if (accept !== undefined) {\n raw.push(...parseAcceptLanguage(accept));\n }\n\n const seen = new Set<string>();\n const filtered: string[] = [];\n for (const tag of raw) {\n const matched = matchAvailable(tag, available);\n if (matched === undefined) continue;\n const key = matched.toLowerCase();\n if (seen.has(key)) continue;\n seen.add(key);\n filtered.push(matched);\n if (filtered.length === 2) break;\n }\n\n const out: { locale?: string; fallbackLocale?: string } = {};\n if (filtered[0] !== undefined) out.locale = filtered[0];\n if (filtered[1] !== undefined) out.fallbackLocale = filtered[1];\n return out;\n}\n","/**\n * URL-path locale prefix handling for the public app.\n *\n * Implements locale resolution priority #2: a leading `/{locale}` path\n * segment, e.g. `/ja/api/profile`, ranked after the `?lang=` query (#1)\n * and before the `takuhon_locale` cookie (#3). This module is responsible\n * only for the *structural* concern — detecting and stripping the prefix\n * so the existing flat routes match — while the locale *value* it\n * extracts is fed into {@link resolveRequestLocales} at slot #2 by the\n * route handlers.\n *\n * The prefix is honored via Hono's `getPath` option rather than parametric\n * routes: {@link localePrefixGetPath} rewrites the match path so a request\n * to `/ja/api/profile` is routed to the `/api/profile` handler. Hono's\n * `route()` flattens a sub-app's routes into the parent and dispatches with\n * the *parent* router's `getPath` only, so the same function is applied on\n * both the standalone public app (for direct tests) and the adapter's\n * top-level router (production). The original request URL is untouched, so\n * handlers recover the locale token from `c.req.url`.\n */\nimport { isValidBcp47 } from './locale-resolution.js';\n\n/**\n * Remainder paths that may legitimately follow a `/{locale}` segment.\n *\n * This allowlist — NOT the BCP-47 shape check — is the load-bearing safety\n * mechanism. It keeps locale-agnostic paths (`/health`, `/api/schema`,\n * `/.well-known/*`, `/takuhon.json`) and admin paths (`/api/admin/*`,\n * `/admin/*`) from being misread as a locale prefix. Note that `api`\n * itself satisfies the BCP-47 primary-subtag shape (`[a-z]{2,3}`), so a\n * shape check alone would treat `/api/schema` as locale `api` + `/schema`;\n * the remainder allowlist is what prevents that.\n *\n * Keep this in sync with the locale-aware routes in `public-app.ts`.\n */\nexport const LOCALE_AWARE_REMAINDERS = ['/', '/api/profile', '/api/jsonld'] as const;\n\n/**\n * First-path segments that are reserved namespaces and must never be read\n * as a locale, even though they satisfy the BCP-47 shape. Without this,\n * a bare `/api` (segment `api` is a valid 2–3 letter primary subtag,\n * remainder defaults to the landing `/`) would alias the landing page\n * instead of 404ing. Other reserved roots (`admin`, `health`,\n * `takuhon.json`, `.well-known`) fail the BCP-47 shape check and need no\n * entry here; `api` is the only collision.\n */\nconst RESERVED_FIRST_SEGMENTS = new Set(['api']);\n\nfunction getPathname(url: string): string {\n return new URL(url).pathname;\n}\n\n/**\n * Split a leading `/{locale}` segment from `pathname` when — and only\n * when — the segment is BCP-47-shaped and the remainder is a locale-aware\n * route ({@link LOCALE_AWARE_REMAINDERS}).\n *\n * - `/ja/api/profile` → `{ locale: 'ja', path: '/api/profile' }`\n * - `/api/profile` → `{ path: '/api/profile' }` (remainder `/profile` not locale-aware)\n * - `/api/schema` → `{ path: '/api/schema' }` (the `api`-collision guard)\n * - `/ja/api/admin` → `{ path: '/ja/api/admin' }` (remainder `/api/admin` not locale-aware → 404, admin isolated)\n * - `/ja` and `/ja/` → `{ locale: 'ja', path: '/' }` (trailing slash normalized to landing)\n *\n * The returned `locale` is the raw path token; it is not matched against\n * `availableLocales` here (that happens downstream in\n * {@link resolveRequestLocales}), so an unknown-but-shaped prefix like\n * `/fr/` on an en/ja document strips structurally and then falls through\n * to the next resolution tier, mirroring `?lang=fr` semantics.\n */\nexport function stripLocalePrefix(pathname: string): { locale?: string; path: string } {\n // Match a leading single segment: `/seg` or `/seg/rest...`.\n const match = /^\\/([^/]+)(\\/.*)?$/.exec(pathname);\n if (match === null) return { path: pathname };\n\n const seg = match[1];\n if (seg === undefined || !isValidBcp47(seg)) return { path: pathname };\n\n // Reserved namespace segments (e.g. `api`) pass the BCP-47 shape but are\n // not locales; leave them for the route table (so `/api` 404s as before).\n if (RESERVED_FIRST_SEGMENTS.has(seg.toLowerCase())) return { path: pathname };\n\n // Normalize a bare `/ja` (no trailing content) to the landing remainder.\n const remainder = match[2] ?? '/';\n if (!(LOCALE_AWARE_REMAINDERS as readonly string[]).includes(remainder)) {\n return { path: pathname };\n }\n\n return { locale: seg, path: remainder };\n}\n\n/**\n * Hono `getPath` implementation: returns the locale-stripped path used for\n * route matching. Apply on every Hono router that dispatches the public\n * routes (the standalone public app and the adapter's top-level router).\n */\nexport function localePrefixGetPath(req: Request): string {\n return stripLocalePrefix(getPathname(req.url)).path;\n}\n\n/**\n * Extract the locale token from a request URL's path prefix, or `undefined`\n * when there is none. Used by route handlers to feed priority #2 into\n * {@link resolveRequestLocales}. Reads the original URL, which `getPath`\n * does not mutate.\n */\nexport function pathLocaleFromUrl(url: string): string | undefined {\n return stripLocalePrefix(getPathname(url)).locale;\n}\n","/**\n * @takuhon/api — Hono-based HTTP handlers and response builders for takuhon.\n *\n * Phase 3.3 introduced the public-app factory and the RFC 7807 envelope\n * helpers. Phase 3.4 adds the admin app factories (PUT/DELETE profile and\n * the inline `/admin` HTML editor) plus the `CachePurger` / `AuditLogger`\n * dependency-injection interfaces that adapters bind to a runtime.\n */\n\nexport {\n ERROR_SLUGS,\n buildProblem,\n problemResponse,\n type ErrorSlug,\n type ProblemDetails,\n type ProblemFieldError,\n type BuildProblemInput,\n type ProblemResponseInput,\n} from './error-envelope.js';\nexport { createPublicApp, type PublicAppDeps } from './public-app.js';\n// Re-exported from @takuhon/core (it is a pure transform over core types and\n// now lives there); kept here for backwards compatibility.\nexport { applyPublicPrivacyFilter } from '@takuhon/core';\nexport {\n LOCALE_AWARE_REMAINDERS,\n localePrefixGetPath,\n pathLocaleFromUrl,\n stripLocalePrefix,\n} from './locale-prefix.js';\n\nexport { createAdminApiApp, type AdminApiAppDeps } from './admin/admin-api-app.js';\nexport { createAdminUiApp } from './admin/admin-ui-app.js';\nexport { adminAssetSecurityHeaders } from './admin/admin-asset-headers.js';\nexport {\n noopAuditLogger,\n type AuditEvent,\n type AuditEventType,\n type AuditLogger,\n} from './admin/audit-logger.js';\nexport { noopCachePurger, type CachePurger } from './admin/cache-purger.js';\n\n// Pure, core-only static HTML rendering. `renderProfileHtml` powers both the\n// server-rendered public profile page (the `GET /` route below) and the static\n// pages emitted by `@takuhon/cli`'s `build`/`dev`; keeping it here lets every\n// adapter serve the same markup the CLI writes to disk.\nexport {\n renderProfileHtml,\n escapeHtml,\n type RenderInput,\n type Alternate,\n type LocaleLink,\n} from './html/build-html.js';\nexport { generateSite, type SitePage, type GenerateOptions } from './html/site.js';\nexport { renderCvHtml } from './html/cv-html.js';\n","import {\n ConflictError,\n detectImageMime,\n exportTakuhon,\n MAX_IMAGE_BYTES,\n MAX_IMAGE_DIMENSION,\n MAX_IMAGE_FRAMES,\n NotFoundError,\n normalize,\n readImageInfo,\n stripImageMetadata,\n validate,\n type Takuhon,\n type TakuhonAssetStorage,\n type TakuhonStorage,\n type ValidationError,\n} from '@takuhon/core';\nimport { Hono } from 'hono';\n\nimport { ERROR_SLUGS, problemResponse, type ProblemFieldError } from '../error-envelope.js';\n\nimport type { AuditLogger } from './audit-logger.js';\nimport { bearerMiddleware, getActorTokenHash } from './bearer.js';\nimport type { CachePurger } from './cache-purger.js';\nimport { originMiddleware } from './origin.js';\n\n/**\n * Defense-in-depth CSP for JSON-only responses. Nothing renders here, so\n * `'none'` everywhere is the strongest stance the spec leaves room for.\n */\nconst ADMIN_API_CSP = [\"default-src 'none'\", \"frame-ancestors 'none'\", \"base-uri 'none'\"].join(\n '; ',\n);\n\nexport interface AdminApiAppDeps {\n storage: TakuhonStorage;\n /**\n * Binary-asset store for uploaded images. Optional: when omitted (e.g. a\n * static export or a deployment without R2), `POST /assets` is not registered\n * and resolves to 404, so avatars stay URL-only.\n */\n assetStorage?: TakuhonAssetStorage;\n /** Returns the configured admin token, or undefined if no secret is set. */\n getAdminToken: () => string | undefined;\n /** Allowlist of origins permitted for browser-originating admin requests. */\n getAdminOrigins: () => string[];\n cachePurger: CachePurger;\n auditLogger: AuditLogger;\n}\n\n/**\n * Map a core `ValidationError` to the RFC 7807 field-error shape. The leading\n * `#` produces a JSON Schema-style fragment reference (`#/profile/...`) that\n * matches the example in `api.md §5`.\n */\nfunction toFieldError(e: ValidationError): ProblemFieldError {\n return { path: `#${e.pointer}`, message: e.message };\n}\n\n/**\n * Normalize an `If-Match` header value to the bare version token.\n *\n * Strips the optional `W/` weak-validator prefix before the RFC 7232\n * double-quote delimiters. Compressing CDNs (e.g. Cloudflare serving gzip/br)\n * downgrade the strong ETag we emit to a weak one (`W/\"<version>\"`), and a\n * browser echoes that weakened value straight back as `If-Match`. Without\n * stripping the prefix the comparison against the stored version never matches,\n * so every optimistic-locking save behind such a CDN fails with 409. The\n * weak/strong distinction is meaningless for our opaque version tokens, so\n * collapsing both forms to the raw value is the correct comparison.\n */\nfunction stripETag(raw: string): string {\n let trimmed = raw.trim();\n if (trimmed.startsWith('W/')) {\n trimmed = trimmed.slice(2).trim();\n }\n if (trimmed.startsWith('\"') && trimmed.endsWith('\"') && trimmed.length >= 2) {\n return trimmed.slice(1, -1);\n }\n return trimmed;\n}\n\n/**\n * Hono factory for `/api/admin/profile`. Mounted by adapters at `/api/admin`\n * (so the sub-app sees `/profile` as the route path).\n */\nexport function createAdminApiApp(deps: AdminApiAppDeps): Hono {\n const app = new Hono();\n\n app.use('*', async (c, next) => {\n await next();\n const h = c.res.headers;\n h.set('strict-transport-security', 'max-age=63072000; includeSubDomains; preload');\n h.set('x-content-type-options', 'nosniff');\n h.set('x-frame-options', 'DENY');\n h.set('referrer-policy', 'strict-origin-when-cross-origin');\n h.set('permissions-policy', 'camera=(), microphone=(), geolocation=(), interest-cohort=()');\n h.set('content-security-policy', ADMIN_API_CSP);\n h.set('cache-control', 'private, no-store');\n });\n\n app.use('*', originMiddleware({ getAdminOrigins: deps.getAdminOrigins }));\n app.use(\n '*',\n bearerMiddleware({ getAdminToken: deps.getAdminToken, auditLogger: deps.auditLogger }),\n );\n\n app.onError((err, c) =>\n problemResponse(c, {\n slug: ERROR_SLUGS.internal,\n status: 500,\n title: 'Internal Error',\n detail: err instanceof Error ? err.message : 'Unknown failure',\n }),\n );\n\n app.notFound((c) =>\n problemResponse(c, {\n slug: ERROR_SLUGS.notFound,\n status: 404,\n title: 'Not Found',\n detail: `No admin route matches ${new URL(c.req.url).pathname}.`,\n }),\n );\n\n app.put('/profile', async (c) => {\n const contentType = c.req.header('content-type') ?? '';\n if (!contentType.toLowerCase().startsWith('application/json')) {\n return problemResponse(c, {\n slug: ERROR_SLUGS.unsupportedMediaType,\n status: 415,\n title: 'Unsupported Media Type',\n detail: `Content-Type must be application/json (got \"${contentType}\").`,\n });\n }\n\n let parsed: unknown;\n try {\n parsed = await c.req.json();\n } catch {\n return problemResponse(c, {\n slug: ERROR_SLUGS.badRequest,\n status: 400,\n title: 'Bad Request',\n detail: 'Request body is not valid JSON.',\n });\n }\n\n const result = validate(parsed);\n if (!result.ok) {\n return problemResponse(c, {\n slug: ERROR_SLUGS.validationFailed,\n status: 422,\n title: 'Validation Failed',\n detail: `Schema validation failed (${String(result.errors.length)} error(s)).`,\n errors: result.errors.map(toFieldError),\n });\n }\n\n const data: Takuhon = result.data;\n const ifMatchRaw = c.req.header('if-match');\n const ifMatch = ifMatchRaw !== undefined ? stripETag(ifMatchRaw) : undefined;\n\n let saved: { version: string };\n try {\n saved = await deps.storage.saveProfile(data, ifMatch);\n } catch (e) {\n if (e instanceof ConflictError) {\n return problemResponse(c, {\n slug: ERROR_SLUGS.conflict,\n status: 409,\n title: 'Conflict',\n detail: 'Stored profile version does not match If-Match.',\n currentVersion: e.currentVersion,\n });\n }\n throw e;\n }\n\n await deps.cachePurger.profileUpdated();\n\n const updatedAt = new Date().toISOString();\n const tokenHash = await getActorTokenHash(c);\n deps.auditLogger({\n type: 'admin.profile.update',\n timestamp: updatedAt,\n actor: { tokenHash },\n request: {\n method: 'PUT',\n path: new URL(c.req.url).pathname,\n ip: c.req.header('cf-connecting-ip'),\n },\n result: { status: 200, version: saved.version },\n });\n\n return c.json({\n data: normalize(data),\n meta: {\n schemaVersion: data.schemaVersion,\n version: saved.version,\n updatedAt,\n },\n });\n });\n\n app.delete('/profile', async (c) => {\n await deps.storage.deleteProfile();\n await deps.cachePurger.profileDeleted();\n\n const tokenHash = await getActorTokenHash(c);\n deps.auditLogger({\n type: 'admin.profile.delete',\n timestamp: new Date().toISOString(),\n actor: { tokenHash },\n request: {\n method: 'DELETE',\n path: new URL(c.req.url).pathname,\n ip: c.req.header('cf-connecting-ip'),\n },\n result: { status: 204 },\n });\n\n return c.body(null, 204);\n });\n\n app.get('/export', async (c) => {\n let stored: { data: Takuhon; version: string };\n try {\n stored = await deps.storage.getProfile();\n } catch (e) {\n if (e instanceof NotFoundError) {\n return problemResponse(c, {\n slug: ERROR_SLUGS.notFound,\n status: 404,\n title: 'Not Found',\n detail: 'No profile has been saved yet; there is nothing to export.',\n });\n }\n throw e;\n }\n\n // Token holders receive the full document: the public privacy filter is\n // intentionally bypassed here (Spec §6.21). `exportTakuhon` with\n // `updateTimestamp: false` returns the stored document verbatim (raw\n // transport form, no envelope), so the body round-trips with\n // `importTakuhon` and preserves the real `meta.updatedAt`.\n const exported = exportTakuhon(stored.data, { updateTimestamp: false });\n\n const tokenHash = await getActorTokenHash(c);\n deps.auditLogger({\n type: 'admin.profile.export',\n timestamp: new Date().toISOString(),\n actor: { tokenHash },\n request: {\n method: 'GET',\n path: new URL(c.req.url).pathname,\n ip: c.req.header('cf-connecting-ip'),\n },\n result: { status: 200 },\n });\n\n // Surface the stored version so a form-based editor can load the full\n // document and its current version in a single request, then send it back\n // as `If-Match` on the next `PUT` for optimistic locking. Quoted per\n // RFC 7232, matching the public read endpoints and `stripETag`.\n c.header('etag', `\"${stored.version}\"`);\n return c.json(exported);\n });\n\n // Image upload (security.md §4). Registered only when an asset store is\n // configured; otherwise `POST /assets` falls through to the 404 handler.\n if (deps.assetStorage) {\n const assetStorage = deps.assetStorage;\n app.post('/assets', async (c) => {\n // Coarse pre-parse guard: reject before buffering the body when the\n // declared length already exceeds the limit plus a small multipart\n // overhead. The exact check on the decoded file size happens below.\n const declared = Number(c.req.header('content-length') ?? '');\n if (Number.isFinite(declared) && declared > MAX_IMAGE_BYTES + 8192) {\n return problemResponse(c, {\n slug: ERROR_SLUGS.payloadTooLarge,\n status: 413,\n title: 'Payload Too Large',\n detail: `Image exceeds the ${String(MAX_IMAGE_BYTES)}-byte limit.`,\n });\n }\n\n let form: FormData;\n try {\n form = await c.req.formData();\n } catch {\n return problemResponse(c, {\n slug: ERROR_SLUGS.badRequest,\n status: 400,\n title: 'Bad Request',\n detail: 'Request body must be multipart/form-data with a \"file\" field.',\n });\n }\n\n const file = form.get('file');\n if (!(file instanceof File)) {\n return problemResponse(c, {\n slug: ERROR_SLUGS.badRequest,\n status: 400,\n title: 'Bad Request',\n detail: 'Expected an uploaded file in the \"file\" field.',\n });\n }\n\n const bytes = new Uint8Array(await file.arrayBuffer());\n if (bytes.length > MAX_IMAGE_BYTES) {\n return problemResponse(c, {\n slug: ERROR_SLUGS.payloadTooLarge,\n status: 413,\n title: 'Payload Too Large',\n detail: `Image is ${String(bytes.length)} bytes; the limit is ${String(MAX_IMAGE_BYTES)}.`,\n });\n }\n\n // Authenticate the type from the bytes, not the declared Content-Type.\n const mime = detectImageMime(bytes);\n if (mime === null) {\n return problemResponse(c, {\n slug: ERROR_SLUGS.unsupportedMediaType,\n status: 415,\n title: 'Unsupported Media Type',\n detail: 'File is not an accepted image (JPEG, PNG, WebP, or GIF).',\n });\n }\n\n const info = readImageInfo(bytes, mime);\n if (info === null) {\n return problemResponse(c, {\n slug: ERROR_SLUGS.validationFailed,\n status: 422,\n title: 'Validation Failed',\n detail: 'Image header could not be parsed.',\n });\n }\n if (info.width > MAX_IMAGE_DIMENSION || info.height > MAX_IMAGE_DIMENSION) {\n return problemResponse(c, {\n slug: ERROR_SLUGS.validationFailed,\n status: 422,\n title: 'Validation Failed',\n detail: `Image is ${String(info.width)}×${String(info.height)}px; the limit is ${String(MAX_IMAGE_DIMENSION)}×${String(MAX_IMAGE_DIMENSION)}px.`,\n });\n }\n if (info.frames > MAX_IMAGE_FRAMES) {\n return problemResponse(c, {\n slug: ERROR_SLUGS.validationFailed,\n status: 422,\n title: 'Validation Failed',\n detail: `Image has ${String(info.frames)} frames; the limit is ${String(MAX_IMAGE_FRAMES)}.`,\n });\n }\n\n // Strip metadata (EXIF/IPTC/XMP/color profile) before handing the bytes\n // to the adapter, which persists them verbatim.\n const stripped = stripImageMetadata(bytes, mime);\n // `Uint8Array.from` yields an ArrayBuffer-backed array (not the\n // SharedArrayBuffer-possible `ArrayBufferLike`), so it is a valid BlobPart.\n const record = await assetStorage.putAsset(\n new Blob([Uint8Array.from(stripped)], { type: mime }),\n {\n filename: file.name,\n contentType: mime,\n },\n );\n\n const tokenHash = await getActorTokenHash(c);\n deps.auditLogger({\n type: 'admin.asset.upload',\n timestamp: new Date().toISOString(),\n actor: { tokenHash },\n request: {\n method: 'POST',\n path: new URL(c.req.url).pathname,\n ip: c.req.header('cf-connecting-ip'),\n },\n result: { status: 201 },\n asset: { key: record.id, mimeType: mime, size: stripped.length },\n });\n\n return c.json(record, 201);\n });\n }\n\n app.on(['POST', 'PATCH'], '/profile', (c) =>\n problemResponse(c, {\n slug: ERROR_SLUGS.methodNotAllowed,\n status: 405,\n title: 'Method Not Allowed',\n detail: `${c.req.method} ${new URL(c.req.url).pathname} is not supported on the admin app.`,\n }),\n );\n\n return app;\n}\n","import type { Context, Next } from 'hono';\n\nimport { ERROR_SLUGS, problemResponse } from '../error-envelope.js';\n\nimport type { AuditLogger } from './audit-logger.js';\n\n/**\n * Constant-time byte comparison.\n *\n * Iterates over `max(len(a), len(b))` bytes so wall-clock cost is independent\n * of *where* a mismatch occurs and of length differences (within the same\n * length class). Length-mismatch is folded into the accumulator so the\n * boolean result still discriminates correctly.\n *\n * This is intentionally a from-scratch implementation rather than\n * `crypto.subtle.timingSafeEqual`, which Cloudflare Workers exposes but\n * Node lacks — `@takuhon/api` is adapter-neutral.\n */\nexport function constantTimeEqual(a: Uint8Array, b: Uint8Array): boolean {\n const len = a.length > b.length ? a.length : b.length;\n let diff = a.length === b.length ? 0 : 1;\n for (let i = 0; i < len; i++) {\n const ai = a[i] ?? 0;\n const bi = b[i] ?? 0;\n diff |= ai ^ bi;\n }\n return diff === 0;\n}\n\n/** SHA-256 hex digest (lowercase) over a UTF-8 string. */\nexport async function sha256Hex(input: string): Promise<string> {\n const buf = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(input));\n const bytes = new Uint8Array(buf);\n let out = '';\n for (const b of bytes) {\n out += b.toString(16).padStart(2, '0');\n }\n return out;\n}\n\n/**\n * Extracts the Bearer token from the request and returns a stable\n * `sha256:<hex>` digest used as the actor identity in audit logs. Returns\n * `sha256:absent` when no token is present.\n */\nexport async function getActorTokenHash(c: Context): Promise<string> {\n const header = c.req.header('authorization') ?? '';\n const m = /^Bearer\\s+(.+)$/i.exec(header);\n const token = m?.[1] ?? '';\n if (token === '') return 'sha256:absent';\n return `sha256:${await sha256Hex(token)}`;\n}\n\nexport interface BearerMiddlewareOptions {\n /**\n * Source of the expected admin token. Returns `undefined` when the deploy\n * has not provisioned a secret — in that case every request is rejected,\n * mirroring \"no admin access\" semantics.\n */\n getAdminToken: () => string | undefined;\n auditLogger: AuditLogger;\n}\n\n/**\n * Hono middleware that gates downstream handlers on a constant-time Bearer\n * token check. Emits an audit event for both success and failure.\n */\nexport function bearerMiddleware(opts: BearerMiddlewareOptions) {\n return async (c: Context, next: Next): Promise<Response | void> => {\n const expected = opts.getAdminToken();\n const header = c.req.header('authorization') ?? '';\n const match = /^Bearer\\s+(.+)$/i.exec(header);\n const presented = match?.[1];\n\n const isOk =\n expected !== undefined &&\n presented !== undefined &&\n constantTimeEqual(new TextEncoder().encode(presented), new TextEncoder().encode(expected));\n\n const tokenHash = await getActorTokenHash(c);\n const baseRequest = {\n method: c.req.method,\n path: new URL(c.req.url).pathname,\n ip: c.req.header('cf-connecting-ip'),\n };\n\n if (!isOk) {\n opts.auditLogger({\n type: 'admin.auth.failure',\n timestamp: new Date().toISOString(),\n actor: { tokenHash },\n request: baseRequest,\n result: { status: 401 },\n });\n return problemResponse(c, {\n slug: ERROR_SLUGS.unauthorized,\n status: 401,\n title: 'Unauthorized',\n detail: 'Bearer token missing or invalid.',\n });\n }\n\n opts.auditLogger({\n type: 'admin.auth.success',\n timestamp: new Date().toISOString(),\n actor: { tokenHash },\n request: baseRequest,\n result: { status: 200 },\n });\n\n await next();\n };\n}\n","import type { Context, Next } from 'hono';\n\nimport { ERROR_SLUGS, problemResponse } from '../error-envelope.js';\n\nexport interface OriginMiddlewareOptions {\n /**\n * Returns the allowlist of admin Origins (e.g.\n * `['https://admin.example.com']`). Empty list disables the check —\n * deploys are expected to populate the env before going to production,\n * with the trade-off documented in the adapter README.\n */\n getAdminOrigins: () => string[];\n}\n\n/**\n * Hono middleware that enforces a same-origin / allowlisted-origin policy\n * when configured. Requests without an `Origin` header (curl, server-to-\n * server, native apps) are allowed through; the Bearer token is the primary\n * auth boundary and the absence of `Origin` is itself an indicator that the\n * request did not originate from a browser CSRF context.\n */\nexport function originMiddleware(opts: OriginMiddlewareOptions) {\n return async (c: Context, next: Next): Promise<Response | void> => {\n const allow = opts.getAdminOrigins();\n if (allow.length === 0) {\n await next();\n return;\n }\n const origin = c.req.header('origin');\n if (origin !== undefined && !allow.includes(origin)) {\n return problemResponse(c, {\n slug: ERROR_SLUGS.forbidden,\n status: 403,\n title: 'Forbidden',\n detail: `Origin ${origin} is not in the admin allowlist.`,\n });\n }\n await next();\n };\n}\n","import { Hono } from 'hono';\n\nimport { renderAdminHtml } from './admin-html.js';\n\n/**\n * Per-request CSP (security.md §1.3). Differs from the public CSP:\n * - `img-src` drops `data:` and adds `blob:` for client-side previews.\n * - `style-src` and `script-src` drop `unsafe-inline` and pin a nonce.\n * - `require-trusted-types-for 'script'` blocks DOM-XSS sinks.\n */\nfunction adminCsp(nonce: string): string {\n return [\n \"default-src 'self'\",\n \"img-src 'self' blob:\",\n `style-src 'self' 'nonce-${nonce}'`,\n `script-src 'self' 'nonce-${nonce}'`,\n \"font-src 'self'\",\n \"connect-src 'self'\",\n \"frame-ancestors 'none'\",\n \"base-uri 'self'\",\n \"form-action 'self'\",\n \"require-trusted-types-for 'script'\",\n 'upgrade-insecure-requests',\n ].join('; ');\n}\n\nfunction generateNonce(): string {\n const bytes = crypto.getRandomValues(new Uint8Array(16));\n let bin = '';\n for (const b of bytes) {\n bin += String.fromCharCode(b);\n }\n return btoa(bin);\n}\n\n/**\n * Hono factory for the `/admin` HTML editor. Mounted by adapters at\n * `/admin` (so the sub-app sees `/` as its root path). Each request gets a\n * freshly-generated nonce shared between the CSP header and the inline\n * `<style>` / `<script>` tags.\n */\nexport function createAdminUiApp(): Hono {\n const app = new Hono();\n\n app.get('/', (c) => {\n const nonce = generateNonce();\n c.header('strict-transport-security', 'max-age=63072000; includeSubDomains; preload');\n c.header('x-content-type-options', 'nosniff');\n c.header('x-frame-options', 'DENY');\n c.header('referrer-policy', 'strict-origin-when-cross-origin');\n c.header('permissions-policy', 'camera=(), microphone=(), geolocation=(), interest-cohort=()');\n c.header('content-security-policy', adminCsp(nonce));\n c.header('cache-control', 'private, no-store');\n return c.html(renderAdminHtml(nonce));\n });\n\n return app;\n}\n","/**\n * Inline HTML for the minimal admin editor served at `GET /admin`.\n *\n * Single-page, no build step: a token input, a JSON textarea, and\n * Load / Save (PUT) / Delete (DELETE) buttons. Nothing is loaded until the\n * owner enters the admin token and presses Load, which fetches the *full*\n * document from the authenticated `GET /api/admin/export` (the privacy filter\n * is bypassed there, so fields and links the public profile omits are editable\n * here and survive the next Save). The public `/takuhon.json` is deliberately\n * not used as the editor source: it is privacy-filtered, so loading from it\n * would silently drop non-public data the moment the owner saved.\n *\n * The page operates under a strict CSP (`script-src 'self' 'nonce-<n>'`,\n * `style-src 'self' 'nonce-<n>'`, `require-trusted-types-for 'script'`), so\n * both the inline `<script>` and `<style>` blocks carry the request-scoped\n * nonce. We avoid `innerHTML`/`eval` so Trusted Types is non-disruptive.\n */\nexport function renderAdminHtml(nonce: string): string {\n return `<!doctype html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n<title>takuhon admin</title>\n<style nonce=\"${nonce}\">\nbody { font-family: system-ui, -apple-system, sans-serif; max-width: 960px; margin: 2rem auto; padding: 0 1rem; color: #222; }\nh1 { font-size: 1.5rem; }\np.note { color: #555; }\nlabel { display: block; margin: 1rem 0 0.25rem; font-weight: 600; }\ninput[type=password], textarea { width: 100%; box-sizing: border-box; padding: 0.5rem; font-family: ui-monospace, SFMono-Regular, Menlo, monospace; font-size: 0.9rem; border: 1px solid #999; border-radius: 4px; }\ntextarea { min-height: 24rem; }\n.row { display: flex; gap: 0.5rem; margin-top: 1rem; }\nbutton { padding: 0.5rem 1rem; font-size: 0.95rem; border: 1px solid #444; background: #fafafa; border-radius: 4px; cursor: pointer; }\nbutton.danger { border-color: #b03; color: #b03; background: #fff5f5; }\n#status { margin-top: 1rem; padding: 0.75rem; border-radius: 4px; white-space: pre-wrap; word-break: break-word; }\n#status.ok { background: #e6f4ea; color: #1b5e20; border: 1px solid #82c891; }\n#status.err { background: #fdecea; color: #b71c1c; border: 1px solid #ef9a9a; }\nsmall.version { color: #555; }\n</style>\n</head>\n<body>\n<h1>takuhon admin</h1>\n<p class=\"note\">Enter your admin token, then <strong>Load</strong> to fetch the full <code>takuhon.json</code> document &mdash; including fields the public profile omits &mdash; for editing. <strong>Save</strong> writes it back; optimistic locking via <code>If-Match</code> guards concurrent edits. Nothing is loaded until you provide the token, and the token is never sent over the URL.</p>\n<label for=\"token\">Admin token</label>\n<input id=\"token\" type=\"password\" autocomplete=\"off\" spellcheck=\"false\">\n<label for=\"payload\">takuhon.json <small class=\"version\" id=\"versionLabel\"></small></label>\n<textarea id=\"payload\" spellcheck=\"false\" autocapitalize=\"off\" autocomplete=\"off\"></textarea>\n<div class=\"row\">\n <button id=\"reload\" type=\"button\">Load current</button>\n <button id=\"save\" type=\"button\">Save</button>\n <button id=\"delete\" type=\"button\" class=\"danger\">Delete profile</button>\n</div>\n<div id=\"status\" hidden></div>\n<script nonce=\"${nonce}\">\n(function () {\n var tokenEl = document.getElementById('token');\n var payloadEl = document.getElementById('payload');\n var versionEl = document.getElementById('versionLabel');\n var statusEl = document.getElementById('status');\n var ifMatch = '';\n\n function setStatus(message, ok) {\n statusEl.textContent = message;\n statusEl.className = ok ? 'ok' : 'err';\n statusEl.hidden = false;\n }\n function setVersion(etag) {\n ifMatch = etag || '';\n versionEl.textContent = ifMatch ? '(current version: ' + ifMatch + ')' : '(no stored version)';\n }\n function getToken() {\n var t = tokenEl.value.trim();\n if (!t) { setStatus('Admin token is required.', false); return null; }\n return t;\n }\n async function loadCurrent() {\n var token = getToken();\n if (!token) return;\n try {\n // The authenticated full export, NOT the public /takuhon.json: the latter\n // is privacy-filtered, so editing it would drop non-public data on Save.\n var res = await fetch('/api/admin/export', {\n cache: 'no-store',\n headers: { 'Authorization': 'Bearer ' + token }\n });\n if (res.status === 404) {\n // No profile stored yet. Start from an empty editor; Save creates it.\n setVersion('');\n payloadEl.value = '';\n setStatus('No profile stored yet. Paste a takuhon.json document and Save to create it.', true);\n return;\n }\n if (!res.ok) {\n var err = await res.json().catch(function () { return null; });\n setStatus('Failed to load profile (' + res.status + '): ' + (err ? JSON.stringify(err, null, 2) : 'check the admin token'), false);\n return;\n }\n setVersion(res.headers.get('etag'));\n var json = await res.json();\n payloadEl.value = JSON.stringify(json, null, 2);\n setStatus('Loaded the full profile for editing.', true);\n } catch (e) {\n setStatus('Network error loading profile: ' + (e && e.message ? e.message : String(e)), false);\n }\n }\n async function save() {\n var token = getToken();\n if (!token) return;\n var body;\n try {\n body = JSON.parse(payloadEl.value);\n } catch (e) {\n setStatus('JSON parse error: ' + (e && e.message ? e.message : String(e)), false);\n return;\n }\n var headers = { 'Content-Type': 'application/json', 'Authorization': 'Bearer ' + token };\n if (ifMatch) headers['If-Match'] = ifMatch;\n try {\n var res = await fetch('/api/admin/profile', { method: 'PUT', headers: headers, body: JSON.stringify(body) });\n var json = await res.json().catch(function () { return null; });\n if (res.ok && json && json.meta && json.meta.version) {\n setVersion('\"' + json.meta.version + '\"');\n setStatus('Saved. New version: ' + json.meta.version, true);\n } else {\n setStatus('Save failed (' + res.status + '): ' + (json ? JSON.stringify(json, null, 2) : 'no body'), false);\n }\n } catch (e) {\n setStatus('Network error during save: ' + (e && e.message ? e.message : String(e)), false);\n }\n }\n async function deleteProfile() {\n var token = getToken();\n if (!token) return;\n if (!confirm('Delete the profile? The bundled onboarding fixture will be shown until you save a new document.')) return;\n var headers = { 'Authorization': 'Bearer ' + token };\n try {\n var res = await fetch('/api/admin/profile', { method: 'DELETE', headers: headers });\n if (res.ok) {\n payloadEl.value = '';\n setVersion('');\n setStatus('Deleted.', true);\n } else {\n var json = await res.json().catch(function () { return null; });\n setStatus('Delete failed (' + res.status + '): ' + (json ? JSON.stringify(json, null, 2) : 'no body'), false);\n }\n } catch (e) {\n setStatus('Network error during delete: ' + (e && e.message ? e.message : String(e)), false);\n }\n }\n\n document.getElementById('save').addEventListener('click', save);\n document.getElementById('delete').addEventListener('click', deleteProfile);\n document.getElementById('reload').addEventListener('click', loadCurrent);\n // No auto-load: the editor stays empty until the owner enters the admin token\n // and presses Load. Nothing about the profile is fetched without the token.\n})();\n</script>\n</body>\n</html>\n`;\n}\n","/**\n * Strict admin Content-Security-Policy + security headers for a *bundled*\n * admin SPA served from static assets (security.md §1.2 admin pages).\n *\n * Unlike {@link createAdminUiApp}'s per-request policy, this variant carries no\n * nonce: the SPA's scripts and styles are external, same-origin files, so\n * `script-src 'self'` / `style-src 'self'` cover them without `'unsafe-inline'`.\n * `require-trusted-types-for 'script'` is retained to block DOM-XSS sinks.\n */\nconst ADMIN_ASSET_CSP = [\n \"default-src 'self'\",\n \"img-src 'self' blob:\",\n \"style-src 'self'\",\n \"script-src 'self'\",\n \"font-src 'self'\",\n \"connect-src 'self'\",\n \"frame-ancestors 'none'\",\n \"base-uri 'self'\",\n \"form-action 'self'\",\n \"require-trusted-types-for 'script'\",\n 'upgrade-insecure-requests',\n].join('; ');\n\n/**\n * Response headers to attach to admin SPA asset responses. Adapters serving the\n * bundle (e.g. Cloudflare Workers Assets) clone the asset response and apply\n * these so the admin origin keeps the strict CSP and is never cached.\n */\nexport function adminAssetSecurityHeaders(): Record<string, string> {\n return {\n 'strict-transport-security': 'max-age=63072000; includeSubDomains; preload',\n 'x-content-type-options': 'nosniff',\n 'x-frame-options': 'DENY',\n 'referrer-policy': 'strict-origin-when-cross-origin',\n 'permissions-policy': 'camera=(), microphone=(), geolocation=(), interest-cohort=()',\n 'content-security-policy': ADMIN_ASSET_CSP,\n 'cache-control': 'private, no-store',\n };\n}\n","/**\n * Structured audit-log emitter for admin actions (per security.md §5).\n *\n * Covers the auth, profile-write, and asset events. Adapters bind a concrete\n * sink (Cloudflare uses `console.log`, which Workers Tail / Logpush captures);\n * tests inject a `vi.fn()` recorder.\n */\nexport type AuditEventType =\n | 'admin.auth.success'\n | 'admin.auth.failure'\n | 'admin.profile.update'\n | 'admin.profile.delete'\n | 'admin.profile.export'\n | 'admin.asset.upload'\n | 'admin.asset.delete'\n | 'admin.cache.purge';\n\nexport interface AuditEvent {\n type: AuditEventType;\n /** ISO-8601 UTC timestamp generated at the call site. */\n timestamp: string;\n /**\n * Actor identity. `tokenHash` is `sha256:<hex>` over the presented Bearer\n * token, or `sha256:absent` when no token was supplied. The raw token is\n * never logged.\n */\n actor?: { tokenHash: string };\n request: {\n method: string;\n path: string;\n /** Originating client IP from `cf-connecting-ip`; undefined off-Cloudflare. */\n ip?: string;\n };\n result: {\n status: number;\n /** Opaque storage version emitted by `TakuhonStorage.saveProfile`. */\n version?: string;\n };\n /**\n * Asset details for `admin.asset.upload` / `admin.asset.delete` events\n * (security.md §5: object key, MIME, and size). Absent for other events.\n */\n asset?: {\n key: string;\n mimeType?: string;\n size?: number;\n };\n}\n\nexport type AuditLogger = (event: AuditEvent) => void;\n\n/** Default sink that discards events; useful for tests and bare runtimes. */\nexport const noopAuditLogger: AuditLogger = () => {\n /* no-op */\n};\n","/**\n * Cache invalidation contract for admin write paths.\n *\n * `@takuhon/api` stays adapter-neutral, so the actual edge-cache calls live\n * in each adapter (Cloudflare's `caches.default.delete`, future runtimes'\n * equivalents). Tests inject a recording implementation to assert that the\n * admin handlers fire the right purge after a successful write.\n */\nexport interface CachePurger {\n /** Called after a successful `PUT /api/admin/profile`. */\n profileUpdated(): Promise<void>;\n /** Called after a successful `DELETE /api/admin/profile`. */\n profileDeleted(): Promise<void>;\n}\n\n/**\n * No-op default: callers that don't run on an edge cache (Node dev server,\n * unit tests that don't care about purge calls) can pass this in.\n */\nexport const noopCachePurger: CachePurger = {\n profileUpdated: () => Promise.resolve(),\n profileDeleted: () => Promise.resolve(),\n};\n","/**\n * Shared static-site generation for `takuhon build` and `takuhon dev`.\n *\n * {@link generateSite} turns one validated, normalized, privacy-filtered profile\n * into the full set of pages the static surface exposes: one per available\n * locale. `build` writes each page's {@link SitePage.file} to disk; `dev` serves\n * each page's {@link SitePage.route} from memory. Keeping the per-locale loop,\n * the locale switcher links, and the canonical/hreflang logic here means both\n * commands share a single source of truth for the site's structure — the only\n * difference between them is disk write vs. in-memory serve.\n *\n * This reuses `@takuhon/core` only (validate/normalize/resolve happen upstream;\n * this module just resolves each locale and renders), so it stays bundler-free\n * and unit-testable as a pure function.\n */\n\nimport type { ActivitySnapshot, NormalizedTakuhon } from '@takuhon/core';\nimport { deriveCv, resolveLocale } from '@takuhon/core';\n\nimport { renderProfileHtml, type Alternate, type LocaleLink } from './build-html.js';\nimport { renderCvHtml } from './cv-html.js';\n\n/** One generated page: a serve route, a relative output file, and its HTML. */\nexport interface SitePage {\n /** URL path used by `dev` (default locale at `/`, others at `/<locale>/`). */\n readonly route: string;\n /** Output path used by `build`, relative to the output dir. */\n readonly file: string;\n /** Rendered HTML document. */\n readonly html: string;\n}\n\nexport interface GenerateOptions {\n /**\n * Site origin (e.g. `https://me.example`). When set, pages carry absolute\n * canonical + hreflang links; when absent those are omitted (the human locale\n * switcher is always relative either way).\n */\n readonly baseUrl?: string;\n /**\n * Synced developer-activity snapshot (the `activity.json` beside the\n * profile). Rendered as an inline-SVG section only while\n * `settings.activity.enabled` is true — the same opt-in gate the public\n * `GET /api/activity` applies — so disabling the feature drops the section\n * even if a stale snapshot remains on disk. The snapshot is locale-agnostic\n * and shared by every page.\n */\n readonly activitySnapshot?: ActivitySnapshot | null;\n /**\n * Also emit a print-ready CV/résumé page per locale (the default locale at\n * `cv.html` / route `/cv/`, others at `<locale>/cv.html` / `/<locale>/cv/`).\n * `takuhon build` gates this behind `--cv`; `takuhon dev` always enables it so\n * the page is previewable. Off by default, so a plain build is unchanged.\n */\n readonly cv?: boolean;\n}\n\n/**\n * Generate every page for a profile: the default locale first, then the rest,\n * de-duplicated. Schema.org JSON-LD is emitted unless `settings.enableJsonLd`\n * is explicitly `false`.\n */\nexport function generateSite(\n profile: NormalizedTakuhon,\n options: GenerateOptions = {},\n): SitePage[] {\n const { baseUrl } = options;\n const defaultLocale = profile.settings.defaultLocale;\n // Default locale first, then the rest, de-duplicated.\n const locales = [...new Set([defaultLocale, ...profile.settings.availableLocales])];\n const jsonLd = profile.settings.enableJsonLd !== false;\n const activitySnapshot =\n profile.settings.activity?.enabled === true\n ? (options.activitySnapshot ?? undefined)\n : undefined;\n\n const pages: SitePage[] = [];\n for (const locale of locales) {\n const localized = resolveLocale(profile, locale);\n const isDefault = locale === defaultLocale;\n\n const localeNav: LocaleLink[] = locales.map((to) => ({\n locale: to,\n href: localeHref(locale, to, defaultLocale),\n current: to === locale,\n }));\n const canonicalUrl = baseUrl ? absoluteUrl(baseUrl, locale, defaultLocale) : undefined;\n const alternates: Alternate[] = baseUrl ? buildAlternates(baseUrl, locales, defaultLocale) : [];\n\n const html = renderProfileHtml({\n localized,\n canonicalUrl,\n alternates,\n localeNav,\n jsonLd,\n activitySnapshot,\n });\n pages.push({\n route: isDefault ? '/' : `/${locale}/`,\n file: isDefault ? 'index.html' : `${locale}/index.html`,\n html,\n });\n\n if (options.cv === true) {\n pages.push({\n route: isDefault ? '/cv/' : `/${locale}/cv/`,\n file: isDefault ? 'cv.html' : `${locale}/cv.html`,\n html: renderCvHtml(deriveCv(localized)),\n });\n }\n }\n return pages;\n}\n\n/** Absolute URL for a locale's page (default locale lives at the site root). */\nfunction absoluteUrl(baseUrl: string, locale: string, defaultLocale: string): string {\n return locale === defaultLocale ? `${baseUrl}/` : `${baseUrl}/${locale}/`;\n}\n\n/** hreflang alternates for every locale plus an `x-default` pointing at the default. */\nfunction buildAlternates(\n baseUrl: string,\n locales: readonly string[],\n defaultLocale: string,\n): Alternate[] {\n const alternates: Alternate[] = locales.map((locale) => ({\n hreflang: locale,\n href: absoluteUrl(baseUrl, locale, defaultLocale),\n }));\n alternates.push({\n hreflang: 'x-default',\n href: absoluteUrl(baseUrl, defaultLocale, defaultLocale),\n });\n return alternates;\n}\n\n/**\n * Depth-correct relative link from the page for `from` to the page for `to`,\n * for the human locale switcher. Always relative (independent of `baseUrl`)\n * so the switcher works regardless of where the site is hosted: the default\n * locale lives at the root, every other locale one directory deep.\n */\nfunction localeHref(from: string, to: string, defaultLocale: string): string {\n const fromRoot = from === defaultLocale;\n const toRoot = to === defaultLocale;\n if (fromRoot) return toRoot ? './' : `${to}/`;\n return toRoot ? '../' : `../${to}/`;\n}\n","/**\n * Pure HTML rendering of a {@link CvDocument} for `takuhon build --cv`.\n *\n * {@link renderCvHtml} turns one locale-resolved CV (from `@takuhon/core`'s\n * {@link deriveCv}) into a complete, self-contained static HTML résumé: an\n * inline stylesheet sized for A4 with an `@media print` block, so the page\n * reads well on screen and the browser's \"Save as PDF\" produces a clean,\n * single-column résumé. No external resources are referenced, so the page works\n * under a strict `img-src 'self'` / no-network policy (the same self-owned\n * stance the profile page and the activity card take).\n *\n * Security: every CV-derived string is escaped before it reaches the markup\n * ({@link escapeHtml}), and any URL is scheme-checked ({@link safeUrl}) so a\n * hostile document cannot smuggle a `javascript:` href into the résumé.\n */\n\nimport type { CvDocument, CvSection, LocaleTag, LocalizedLanguage } from '@takuhon/core';\n\nimport { dateRange, escapeHtml, nonEmpty, safeUrl } from './html-helpers.js';\n\n/** Heading shown for each section, by `kind`. Plain English (CV chrome). */\nconst SECTION_TITLES: Record<CvSection['kind'], string> = {\n experience: 'Experience',\n education: 'Education',\n skills: 'Skills',\n certifications: 'Certifications',\n publications: 'Publications',\n honors: 'Honors & Awards',\n courses: 'Courses',\n patents: 'Patents',\n languages: 'Languages',\n volunteering: 'Volunteering',\n memberships: 'Memberships',\n};\n\n// A4-sized, single-column résumé. The screen view is centered on a neutral\n// backdrop; the print view drops the backdrop/margins so the page fills the\n// sheet, and `break-inside: avoid` keeps entries from splitting across pages.\nconst CSS = `:root{--fg:#1a1a1a;--muted:#555;--accent:#0b5fff;--line:#d9d9d9}\n*{box-sizing:border-box}\nbody{margin:0;background:#f3f4f6;color:var(--fg);font:13px/1.5 system-ui,-apple-system,\"Segoe UI\",Roboto,sans-serif}\nmain{background:#fff;width:210mm;min-height:297mm;margin:1.5rem auto;padding:18mm 16mm;box-shadow:0 1px 6px rgba(0,0,0,.15)}\nh1{font-size:1.7rem;margin:0}\n.tagline{font-size:1.05rem;color:var(--muted);margin:.15rem 0 0}\n.contact{color:var(--muted);font-size:.85rem;margin:.4rem 0 0;display:flex;flex-wrap:wrap;gap:.25rem 1rem}\n.contact a{color:var(--accent)}\n.bio{margin:.75rem 0 0}\nheader{border-bottom:2px solid var(--fg);padding-bottom:.6rem;margin-bottom:.4rem}\nsection{margin-top:1.1rem}\nh2{font-size:.95rem;text-transform:uppercase;letter-spacing:.05em;color:var(--accent);border-bottom:1px solid var(--line);margin:0 0 .5rem;padding-bottom:.15rem}\nul{padding:0;margin:0;list-style:none}\n.entry{margin:0 0 .7rem;break-inside:avoid}\n.entry .row{display:flex;justify-content:space-between;gap:1rem;align-items:baseline}\n.entry h3{font-size:.95rem;margin:0}\n.entry .dates{color:var(--muted);font-size:.8rem;white-space:nowrap}\n.entry .sub{color:var(--muted);margin:.05rem 0}\n.entry p{margin:.2rem 0 0}\n.entry a{color:var(--accent)}\n.chips{display:flex;flex-wrap:wrap;gap:.3rem}\n.chips li{border:1px solid var(--line);border-radius:1rem;padding:.05rem .55rem;font-size:.8rem}\n@media print{\n body{background:#fff}\n main{width:auto;min-height:0;margin:0;padding:0;box-shadow:none}\n a{color:var(--fg)}\n}\n@page{size:A4;margin:14mm}`;\n\n/** One résumé entry: a heading row (title + dates), an optional sub line, body. */\ninterface CvEntryView {\n heading: string;\n url?: string;\n dates?: string;\n sub?: string;\n body?: string;\n}\n\nfunction renderEntry(entry: CvEntryView): string {\n const href = entry.url ? safeUrl(entry.url) : undefined;\n const title = href\n ? `<a href=\"${escapeHtml(href)}\">${escapeHtml(entry.heading)}</a>`\n : escapeHtml(entry.heading);\n // `entry.dates` is already an escaped HTML fragment from `dateRange` (localized\n // <time> elements), so it is inserted raw rather than re-escaped.\n const dates = entry.dates ? `<span class=\"dates\">${entry.dates}</span>` : '';\n const parts = [`<div class=\"row\"><h3>${title}</h3>${dates}</div>`];\n if (entry.sub) parts.push(`<p class=\"sub\">${escapeHtml(entry.sub)}</p>`);\n if (entry.body) parts.push(`<p>${escapeHtml(entry.body)}</p>`);\n return `<li class=\"entry\">${parts.join('')}</li>`;\n}\n\nfunction entryListSection(title: string, entries: readonly CvEntryView[]): string {\n return `<section><h2>${escapeHtml(title)}</h2><ul>${entries.map(renderEntry).join('')}</ul></section>`;\n}\n\n/** Skills / languages render as compact chip rows rather than dated entries. */\nfunction chipSection(title: string, labels: readonly string[]): string {\n const chips = labels.map((l) => `<li>${escapeHtml(l)}</li>`).join('');\n return `<section><h2>${escapeHtml(title)}</h2><ul class=\"chips\">${chips}</ul></section>`;\n}\n\nfunction languageLabel(l: LocalizedLanguage): string {\n return `${l.displayName ?? l.language} — ${l.proficiency}`;\n}\n\n/**\n * Render one CV section to its `<section>` markup, dispatching on `kind`. The\n * `locale` formats every date in the section (via {@link dateRange}); the\n * per-entry helpers below receive their dates already formatted, so only this\n * dispatcher needs the locale.\n */\nfunction renderSection(section: CvSection, locale: LocaleTag): string {\n const title = SECTION_TITLES[section.kind];\n switch (section.kind) {\n case 'experience':\n return entryListSection(\n title,\n section.entries.map((c) => ({\n heading: c.role,\n sub: c.organization,\n dates: dateRange(c.startDate, { end: c.endDate, isCurrent: c.isCurrent, locale }),\n body: c.description,\n url: c.url,\n })),\n );\n case 'education':\n return entryListSection(\n title,\n section.entries.map((e) => {\n const degree = nonEmpty([e.degree, e.fieldOfStudy], ', ');\n return {\n heading: degree ?? e.institution,\n sub: degree ? e.institution : undefined,\n dates: dateRange(e.startDate, { end: e.endDate, isCurrent: e.isCurrent, locale }),\n body: e.description,\n url: e.url,\n };\n }),\n );\n case 'skills':\n return chipSection(\n title,\n section.entries.map((s) => s.label),\n );\n case 'languages':\n return chipSection(title, section.entries.map(languageLabel));\n case 'certifications':\n return entryListSection(\n title,\n section.entries.map((c) => ({\n heading: c.title,\n sub: c.issuingOrganization,\n dates: dateRange(c.issueDate, { end: c.expirationDate, locale }),\n url: c.url,\n })),\n );\n case 'publications':\n return entryListSection(\n title,\n section.entries.map((x) => ({\n heading: x.title,\n sub: nonEmpty([x.publisher, x.coAuthors?.join(', ')], ' · '),\n dates: dateRange(x.date, { locale }),\n body: x.description,\n url: x.url ?? (x.doi ? `https://doi.org/${x.doi}` : undefined),\n })),\n );\n case 'honors':\n return entryListSection(\n title,\n section.entries.map((x) => ({\n heading: x.title,\n sub: x.issuer,\n dates: dateRange(x.date, { locale }),\n body: x.description,\n url: x.url,\n })),\n );\n case 'courses':\n return entryListSection(\n title,\n section.entries.map((x) => ({\n heading: x.title,\n sub: x.provider,\n dates: dateRange(x.completionDate, { locale }),\n body: x.description,\n url: x.certificateUrl,\n })),\n );\n case 'patents':\n return entryListSection(\n title,\n section.entries.map((x) => ({\n heading: x.title,\n sub: nonEmpty([x.patentNumber, x.office, x.status], ' · '),\n dates: dateRange(x.filingDate ?? x.grantDate, { locale }),\n body: x.description,\n url: x.url,\n })),\n );\n case 'volunteering':\n return entryListSection(\n title,\n section.entries.map((x) => ({\n heading: x.role,\n sub: nonEmpty([x.organization, x.cause], ' · '),\n dates: dateRange(x.startDate, { end: x.endDate, isCurrent: x.isCurrent, locale }),\n body: x.description,\n url: x.url,\n })),\n );\n case 'memberships':\n return entryListSection(\n title,\n section.entries.map((x) => ({\n heading: x.role ?? x.organization,\n sub: x.role ? x.organization : undefined,\n dates: dateRange(x.startDate, { end: x.endDate, isCurrent: x.isCurrent, locale }),\n body: x.description,\n url: x.url,\n })),\n );\n }\n}\n\nfunction renderHeader(cv: CvDocument): string {\n const h = cv.header;\n const parts = [`<h1>${escapeHtml(h.displayName)}</h1>`];\n if (h.tagline) parts.push(`<p class=\"tagline\">${escapeHtml(h.tagline)}</p>`);\n\n const contact: string[] = [];\n if (h.location) contact.push(`<span>${escapeHtml(h.location)}</span>`);\n if (h.email) {\n contact.push(`<a href=\"mailto:${escapeHtml(h.email)}\">${escapeHtml(h.email)}</a>`);\n }\n const formHref = h.formUrl ? safeUrl(h.formUrl) : undefined;\n if (formHref) contact.push(`<a href=\"${escapeHtml(formHref)}\">Contact</a>`);\n if (contact.length > 0) parts.push(`<div class=\"contact\">${contact.join('')}</div>`);\n\n if (h.bio) parts.push(`<p class=\"bio\">${escapeHtml(h.bio)}</p>`);\n return `<header>${parts.join('')}</header>`;\n}\n\n/** Render a complete static HTML résumé document for one locale-resolved CV. */\nexport function renderCvHtml(cv: CvDocument): string {\n const title = `${cv.header.displayName} — CV`;\n const body = [\n renderHeader(cv),\n ...cv.sections.map((s) => renderSection(s, cv.resolvedLocale)),\n ].join('\\n');\n return (\n `<!DOCTYPE html>\\n<html lang=\"${escapeHtml(cv.resolvedLocale)}\">\\n<head>\\n` +\n ` <meta charset=\"utf-8\">\\n` +\n ` <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\\n` +\n ` <title>${escapeHtml(title)}</title>\\n` +\n ` <style>${CSS}</style>\\n</head>\\n` +\n `<body>\\n<main>\\n${body}\\n</main>\\n</body>\\n</html>\\n`\n );\n}\n"],"mappings":";AAQO,IAAM,cAAc;AAAA,EACzB,YAAY;AAAA,EACZ,cAAc;AAAA,EACd,WAAW;AAAA,EACX,UAAU;AAAA,EACV,kBAAkB;AAAA,EAClB,UAAU;AAAA,EACV,iBAAiB;AAAA,EACjB,sBAAsB;AAAA,EACtB,kBAAkB;AAAA,EAClB,iBAAiB;AAAA,EACjB,UAAU;AAAA,EACV,oBAAoB;AACtB;AAIA,IAAM,YAAY;AA2BX,SAAS,aAAa,OAA0C;AACrE,QAAM,MAAsB;AAAA,IAC1B,MAAM,GAAG,SAAS,IAAI,MAAM,IAAI;AAAA,IAChC,OAAO,MAAM;AAAA,IACb,QAAQ,MAAM;AAAA,IACd,QAAQ,MAAM;AAAA,IACd,UAAU,MAAM;AAAA,EAClB;AACA,MAAI,MAAM,WAAW,OAAW,KAAI,SAAS,MAAM;AACnD,MAAI,MAAM,mBAAmB,OAAW,KAAI,iBAAiB,MAAM;AACnE,SAAO;AACT;AAWO,SAAS,gBAAgB,GAAY,OAAuC;AACjF,QAAM,OAAO,aAAa;AAAA,IACxB,MAAM,MAAM;AAAA,IACZ,QAAQ,MAAM;AAAA,IACd,OAAO,MAAM;AAAA,IACb,QAAQ,MAAM;AAAA,IACd,UAAU,IAAI,IAAI,EAAE,IAAI,GAAG,EAAE;AAAA,IAC7B,QAAQ,MAAM;AAAA,IACd,gBAAgB,MAAM;AAAA,EACxB,CAAC;AACD,SAAO,EAAE,KAAK,KAAK,UAAU,IAAI,GAAG,MAAM,QAAQ;AAAA,IAChD,gBAAgB;AAAA,EAClB,CAAC;AACH;;;ACvFA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA,kBAAAA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OAIK;AACP,SAAS,YAAY;;;ACOrB,SAAS,gBAAgB,yBAAyB;;;ACZlD,SAAS,YAAY,uBAAuC;AAGrD,SAAS,WAAW,OAAuB;AAChD,SAAO,MACJ,QAAQ,MAAM,OAAO,EACrB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,QAAQ,EACtB,QAAQ,MAAM,OAAO;AAC1B;AAUO,SAAS,QAAQ,KAAiC;AACvD,QAAM,UAAU,IAAI,KAAK;AACzB,QAAM,SAAS,8BAA8B,KAAK,OAAO,IAAI,CAAC,GAAG,YAAY;AAC7E,MAAI,WAAW,OAAW,QAAO;AACjC,SAAO,WAAW,UAAU,WAAW,WAAW,WAAW,WAAW,UAAU;AACpF;AASO,SAAS,QAAQ,KAAa,QAA2B;AAC9D,SAAO,mBAAmB,WAAW,GAAG,CAAC,KAAK,WAAW,WAAW,KAAK,MAAM,CAAC,CAAC;AACnF;AAGO,SAAS,aAAa,QAA2B;AACtD,SAAO,WAAW,gBAAgB,MAAM,CAAC;AAC3C;AAWO,SAAS,UACd,OACA,MACQ;AACR,QAAM,EAAE,KAAK,WAAW,OAAO,IAAI;AACnC,QAAM,OAAO,QAAQ,QAAQ,OAAO,MAAM,IAAI;AAC9C,QAAM,QACJ,cAAc,QAAQ,QAAQ,OAAO,aAAa,MAAM,IAAI,MAAM,QAAQ,KAAK,MAAM,IAAI;AAC3F,MAAI,QAAQ,MAAO,QAAO,GAAG,IAAI,WAAM,KAAK;AAC5C,SAAO,QAAQ;AACjB;AAGO,SAAS,SACd,QACA,WACoB;AACpB,QAAM,SAAS,OACZ,OAAO,CAAC,MAAmB,OAAO,MAAM,YAAY,EAAE,SAAS,CAAC,EAChE,KAAK,SAAS;AACjB,SAAO,OAAO,SAAS,IAAI,SAAS;AACtC;;;ADjBA,SAAS,aAAa,MAAsB;AAC1C,SAAO,KAAK,QAAQ,MAAM,SAAS,EAAE,QAAQ,MAAM,SAAS,EAAE,QAAQ,MAAM,SAAS;AACvF;AAEA,IAAM,MAAM;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAmCZ,SAAS,YAAY,OAA0B;AAC7C,QAAM,OAAO,MAAM,MAAM,QAAQ,MAAM,GAAG,IAAI;AAC9C,QAAM,UAAU,OACZ,YAAY,WAAW,IAAI,CAAC,KAAK,WAAW,MAAM,OAAO,CAAC,SAC1D,WAAW,MAAM,OAAO;AAC5B,QAAM,QAAQ,CAAC,OAAO,OAAO,OAAO;AACpC,MAAI,MAAM,IAAK,OAAM,KAAK,kBAAkB,WAAW,MAAM,GAAG,CAAC,MAAM;AAGvE,MAAI,MAAM,MAAO,OAAM,KAAK,mBAAmB,MAAM,KAAK,MAAM;AAChE,MAAI,MAAM,KAAM,OAAM,KAAK,MAAM,WAAW,MAAM,IAAI,CAAC,MAAM;AAC7D,MAAI,MAAM,QAAQ,MAAM,KAAK,SAAS,GAAG;AACvC,UAAM;AAAA,MACJ,oBAAoB,MAAM,KAAK,IAAI,CAAC,MAAM,OAAO,WAAW,CAAC,CAAC,OAAO,EAAE,KAAK,EAAE,CAAC;AAAA,IACjF;AAAA,EACF;AACA,SAAO,OAAO,MAAM,KAAK,EAAE,CAAC;AAC9B;AAGA,SAAS,UAAU,OAAe,SAAuC;AACvE,MAAI,QAAQ,WAAW,EAAG,QAAO;AACjC,SAAO,gBAAgB,WAAW,KAAK,CAAC,4BAA4B,QACjE,IAAI,WAAW,EACf,KAAK,EAAE,CAAC;AACb;AAEA,SAAS,aAAa,GAA6B;AACjD,QAAM,QAAkB,CAAC;AACzB,QAAM,YAAY,EAAE,QAAQ,MAAM,QAAQ,EAAE,OAAO,GAAG,IAAI;AAC1D,MAAI,WAAW;AACb,UAAM;AAAA,MACJ,4BAA4B,WAAW,SAAS,CAAC,UAAU,WAAW,EAAE,QAAQ,OAAO,EAAE,CAAC;AAAA,IAC5F;AAAA,EACF;AACA,QAAM,KAAK,OAAO,WAAW,EAAE,WAAW,CAAC,OAAO;AAClD,MAAI,EAAE,QAAS,OAAM,KAAK,sBAAsB,WAAW,EAAE,OAAO,CAAC,MAAM;AAC3E,MAAI,EAAE,UAAU,QAAS,OAAM,KAAK,uBAAuB,WAAW,EAAE,SAAS,OAAO,CAAC,MAAM;AAC/F,MAAI,EAAE,IAAK,OAAM,KAAK,kBAAkB,WAAW,EAAE,GAAG,CAAC,MAAM;AAC/D,SAAO,WAAW,MAAM,KAAK,EAAE,CAAC;AAClC;AAEA,SAAS,YAAY,OAA0C;AAC7D,MAAI,MAAM,WAAW,EAAG,QAAO;AAC/B,QAAM,QAAQ,MACX,IAAI,CAAC,MAAM;AACV,UAAM,OAAO,WAAW,EAAE,SAAS,EAAE,GAAG;AACxC,UAAM,OAAO,QAAQ,EAAE,GAAG;AAC1B,WAAO,OAAO,gBAAgB,WAAW,IAAI,CAAC,KAAK,IAAI,cAAc,OAAO,IAAI;AAAA,EAClF,CAAC,EACA,KAAK,EAAE;AACV,SAAO,6CAA6C,KAAK;AAC3D;AAEA,SAAS,aAAa,QAA4C;AAChE,MAAI,OAAO,WAAW,EAAG,QAAO;AAChC,QAAM,QAAQ,OAAO,IAAI,CAAC,MAAM,OAAO,WAAW,EAAE,KAAK,CAAC,OAAO,EAAE,KAAK,EAAE;AAC1E,SAAO,8CAA8C,KAAK;AAC5D;AAEA,SAAS,gBAAgB,WAAkD;AACzE,MAAI,UAAU,WAAW,EAAG,QAAO;AACnC,QAAM,QAAQ,UACX,IAAI,CAAC,MAAM,OAAO,WAAW,GAAG,EAAE,eAAe,EAAE,QAAQ,WAAM,EAAE,WAAW,EAAE,CAAC,OAAO,EACxF,KAAK,EAAE;AACV,SAAO,kDAAkD,KAAK;AAChE;AAEA,SAAS,sBAAsB,MAAmD;AAChF,MAAI,KAAK,WAAW,EAAG,QAAO;AAC9B,QAAM,QAAQ,KACX,IAAI,CAAC,MAAM;AACV,UAAM,aAAa,EAAE,OAAO,MAAM,QAAQ,EAAE,OAAO,GAAG,IAAI;AAC1D,UAAM,OAAO,aACT,YAAY,WAAW,UAAU,CAAC,KAAK,WAAW,EAAE,OAAO,IAAI,CAAC,SAChE,WAAW,EAAE,OAAO,IAAI;AAC5B,UAAM,UAAU,CAAC,MAAM,EAAE,OAAO,WAAW,WAAW,EAAE,OAAO,QAAQ,IAAI,EAAE,EAC1E,OAAO,OAAO,EACd,KAAK,IAAI;AACZ,UAAM,MAAM,EAAE,eAAe,KAAK,WAAW,EAAE,YAAY,CAAC,MAAM;AAClE,WAAO,mCAAmC,WAAW,EAAE,IAAI,CAAC,mCAA8B,OAAO,GAAG,GAAG;AAAA,EACzG,CAAC,EACA,KAAK,EAAE;AACV,SAAO,oCAAoC,KAAK;AAClD;AAEA,SAAS,cAAc,SAA8C;AACnE,QAAM,QAAkB,CAAC;AACzB,MAAI,QAAQ,OAAO;AACjB,UAAM;AAAA,MACJ,uBAAuB,WAAW,QAAQ,KAAK,CAAC,KAAK,WAAW,QAAQ,KAAK,CAAC;AAAA,IAChF;AAAA,EACF;AACA,QAAM,WAAW,QAAQ,UAAU,QAAQ,QAAQ,OAAO,IAAI;AAC9D,MAAI,UAAU;AACZ,UAAM,KAAK,gBAAgB,WAAW,QAAQ,CAAC,yBAAyB;AAAA,EAC1E;AACA,MAAI,MAAM,WAAW,EAAG,QAAO;AAC/B,SAAO,gDAAgD,MAAM,KAAK,EAAE,CAAC;AACvE;AAQA,SAAS,eAAe,UAAgD;AACtE,MAAI,CAAC,SAAU,QAAO;AACtB,QAAM,MAAM,kBAAkB,QAAQ;AACtC,MAAI,QAAQ,GAAI,QAAO;AACvB,SAAO,8CAA8C,GAAG;AAC1D;AAEA,SAAS,mBAAmB,MAAgC;AAC1D,QAAM,UAAU,KAAK,UAAU,eAAe,IAAI,CAAC;AACnD,SAAO,sCAAsC,aAAa,OAAO,CAAC;AACpE;AAEA,SAAS,gBAAgB,WAA0C;AACjE,QAAM,QAAQ,UACX;AAAA,IAAI,CAAC,MACJ,EAAE,UACE,6BAA6B,WAAW,EAAE,MAAM,CAAC,YACjD,YAAY,WAAW,EAAE,IAAI,CAAC,KAAK,WAAW,EAAE,MAAM,CAAC;AAAA,EAC7D,EACC,KAAK,EAAE;AACV,SAAO,8CAA8C,KAAK;AAC5D;AAGO,SAAS,kBAAkB,OAA4B;AAC5D,QAAM,IAAI,MAAM;AAChB,QAAM,IAAI,EAAE;AACZ,QAAM,cAAc,EAAE,WAAW,EAAE,OAAO;AAE1C,QAAM,OAAO;AAAA,IACX;AAAA,IACA;AAAA,IACA,UAAU,WAAW,EAAE,WAAW,CAAC;AAAA,IACnC,cACI,qCAAqC,WAAW,YAAY,MAAM,GAAG,GAAG,CAAC,CAAC,OAC1E;AAAA,IACJ,MAAM,eAAe,+BAA+B,WAAW,MAAM,YAAY,CAAC,OAAO;AAAA,IACzF,GAAG,MAAM,WAAW;AAAA,MAClB,CAAC,MACC,mCAAmC,WAAW,EAAE,QAAQ,CAAC,WAAW,WAAW,EAAE,IAAI,CAAC;AAAA,IAC1F;AAAA,IACA,MAAM,SAAS,mBAAmB,CAAC,IAAI;AAAA,IACvC,UAAU,GAAG;AAAA,EACf,EACG,OAAO,OAAO,EACd,KAAK,MAAM;AAEd,QAAM,OAAO;AAAA,IACX,MAAM,UAAU,SAAS,IAAI,gBAAgB,MAAM,SAAS,IAAI;AAAA,IAChE,aAAa,CAAC;AAAA,IACd,YAAY,EAAE,KAAK;AAAA,IACnB;AAAA,MACE;AAAA,MACA,EAAE,QAAQ,IAAI,CAAC,OAAO;AAAA,QACpB,SAAS,EAAE;AAAA,QACX,KAAK,EAAE;AAAA,QACP,OAAO,UAAU,EAAE,WAAW;AAAA,UAC5B,KAAK,EAAE;AAAA,UACP,WAAW,EAAE;AAAA,UACb,QAAQ,EAAE;AAAA,QACZ,CAAC;AAAA,QACD,MAAM,EAAE;AAAA,QACR,KAAK,EAAE;AAAA,MACT,EAAE;AAAA,IACJ;AAAA,IACA;AAAA,MACE;AAAA,MACA,EAAE,SAAS,IAAI,CAAC,OAAO;AAAA,QACrB,SAAS,EAAE;AAAA,QACX,OAAO,UAAU,EAAE,WAAW,EAAE,KAAK,EAAE,SAAS,QAAQ,EAAE,eAAe,CAAC;AAAA,QAC1E,MAAM,EAAE;AAAA,QACR,KAAK,EAAE;AAAA,QACP,MAAM,EAAE;AAAA,MACV,EAAE;AAAA,IACJ;AAAA,IACA,aAAa,EAAE,MAAM;AAAA,IACrB,eAAe,MAAM,gBAAgB;AAAA,IACrC;AAAA,MACE;AAAA,MACA,EAAE,UAAU,IAAI,CAAC,MAAM;AACrB,cAAM,SAAS,SAAS,CAAC,EAAE,QAAQ,EAAE,YAAY,GAAG,IAAI;AACxD,eAAO;AAAA,UACL,SAAS,UAAU,EAAE;AAAA,UACrB,KAAK,SAAS,EAAE,cAAc;AAAA,UAC9B,OAAO,UAAU,EAAE,WAAW;AAAA,YAC5B,KAAK,EAAE;AAAA,YACP,WAAW,EAAE;AAAA,YACb,QAAQ,EAAE;AAAA,UACZ,CAAC;AAAA,UACD,MAAM,EAAE;AAAA,UACR,KAAK,EAAE;AAAA,QACT;AAAA,MACF,CAAC;AAAA,IACH;AAAA,IACA;AAAA,MACE;AAAA,MACA,EAAE,eAAe,IAAI,CAAC,OAAO;AAAA,QAC3B,SAAS,EAAE;AAAA,QACX,KAAK,EAAE;AAAA,QACP,OAAO,UAAU,EAAE,WAAW,EAAE,KAAK,EAAE,gBAAgB,QAAQ,EAAE,eAAe,CAAC;AAAA,QACjF,KAAK,EAAE;AAAA,MACT,EAAE;AAAA,IACJ;AAAA,IACA;AAAA,MACE;AAAA,MACA,EAAE,aAAa,IAAI,CAAC,OAAO;AAAA,QACzB,SAAS,EAAE;AAAA,QACX,KAAK,SAAS,CAAC,EAAE,WAAW,EAAE,WAAW,KAAK,IAAI,CAAC,GAAG,QAAK;AAAA,QAC3D,OAAO,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,eAAe,CAAC;AAAA,QACrD,MAAM,EAAE;AAAA,QACR,KAAK,EAAE,QAAQ,EAAE,MAAM,mBAAmB,EAAE,GAAG,KAAK;AAAA,MACtD,EAAE;AAAA,IACJ;AAAA,IACA;AAAA,MACE;AAAA,MACA,EAAE,OAAO,IAAI,CAAC,OAAO;AAAA,QACnB,SAAS,EAAE;AAAA,QACX,KAAK,EAAE;AAAA,QACP,OAAO,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,eAAe,CAAC;AAAA,QACrD,MAAM,EAAE;AAAA,QACR,KAAK,EAAE;AAAA,MACT,EAAE;AAAA,IACJ;AAAA,IACA;AAAA,MACE;AAAA,MACA,EAAE,YAAY,IAAI,CAAC,OAAO;AAAA,QACxB,SAAS,EAAE,QAAQ,EAAE;AAAA,QACrB,KAAK,EAAE,OAAO,EAAE,eAAe;AAAA,QAC/B,OAAO,UAAU,EAAE,WAAW;AAAA,UAC5B,KAAK,EAAE;AAAA,UACP,WAAW,EAAE;AAAA,UACb,QAAQ,EAAE;AAAA,QACZ,CAAC;AAAA,QACD,MAAM,EAAE;AAAA,QACR,KAAK,EAAE;AAAA,MACT,EAAE;AAAA,IACJ;AAAA,IACA;AAAA,MACE;AAAA,MACA,EAAE,aAAa,IAAI,CAAC,OAAO;AAAA,QACzB,SAAS,EAAE;AAAA,QACX,KAAK,SAAS,CAAC,EAAE,cAAc,EAAE,KAAK,GAAG,QAAK;AAAA,QAC9C,OAAO,UAAU,EAAE,WAAW;AAAA,UAC5B,KAAK,EAAE;AAAA,UACP,WAAW,EAAE;AAAA,UACb,QAAQ,EAAE;AAAA,QACZ,CAAC;AAAA,QACD,MAAM,EAAE;AAAA,QACR,KAAK,EAAE;AAAA,MACT,EAAE;AAAA,IACJ;AAAA,IACA;AAAA,MACE;AAAA,MACA,EAAE,QAAQ,IAAI,CAAC,OAAO;AAAA,QACpB,SAAS,EAAE;AAAA,QACX,KAAK,EAAE;AAAA,QACP,OAAO,UAAU,EAAE,gBAAgB,EAAE,QAAQ,EAAE,eAAe,CAAC;AAAA,QAC/D,MAAM,EAAE;AAAA,QACR,KAAK,EAAE;AAAA,MACT,EAAE;AAAA,IACJ;AAAA,IACA;AAAA,MACE;AAAA,MACA,EAAE,QAAQ,IAAI,CAAC,OAAO;AAAA,QACpB,SAAS,EAAE;AAAA,QACX,KAAK,SAAS,CAAC,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,EAAE,aAAa,KAAK,IAAI,CAAC,GAAG,QAAK;AAAA,QACpF,OAAO,UAAU,EAAE,cAAc,EAAE,WAAW,EAAE,QAAQ,EAAE,eAAe,CAAC;AAAA,QAC1E,MAAM,EAAE;AAAA,QACR,KAAK,EAAE;AAAA,MACT,EAAE;AAAA,IACJ;AAAA,IACA;AAAA,MACE;AAAA,MACA,EAAE,WAAW,IAAI,CAAC,OAAO;AAAA,QACvB,SAAS,GAAG,EAAE,KAAK,KAAK,EAAE,KAAK;AAAA,QAC/B,OAAO,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,eAAe,CAAC;AAAA,QACrD,MAAM,EAAE;AAAA,QACR,KAAK,EAAE;AAAA,MACT,EAAE;AAAA,IACJ;AAAA,IACA,gBAAgB,EAAE,SAAS;AAAA,IAC3B,sBAAsB,EAAE,eAAe;AAAA,IACvC,cAAc,EAAE,OAAO;AAAA,EACzB,EACG,OAAO,OAAO,EACd,KAAK,IAAI;AAEZ,QAAM,SACJ,EAAE,SAAS,kBAAkB,OAAO,wDAAwD;AAE9F,SACE;AAAA,cAAgC,WAAW,EAAE,cAAc,CAAC;AAAA;AAAA,IAAiB,IAAI;AAAA;AAAA;AAAA;AAAA,EAC9D,IAAI;AAAA;AAAA,EAAc,SAAS,GAAG,MAAM;AAAA,IAAO,EAAE;AAAA;AAAA;AAEpE;;;AEtXA,SAAS,iBAAiB;AAE1B,IAAM,QAAQ;AAKd,IAAM,kBAAkB;AACxB,IAAM,0BAA0B;AAChC,IAAM,mBAAmB;AAElB,SAAS,aAAa,KAAsB;AACjD,SAAO,MAAM,KAAK,GAAG;AACvB;AAcO,SAAS,oBAAoB,QAA6C;AAC/E,MAAI,CAAC,OAAQ,QAAO,CAAC;AACrB,QAAM,UAAU,OAAO,SAAS,kBAAkB,OAAO,MAAM,GAAG,eAAe,IAAI;AACrF,QAAM,QAAQ,QAAQ,MAAM,GAAG,EAAE,MAAM,GAAG,uBAAuB;AAEjE,QAAM,UAA6B,CAAC;AACpC,aAAW,WAAW,OAAO;AAC3B,UAAM,WAAW,QAAQ,MAAM,GAAG;AAClC,UAAM,aAAa,SAAS,CAAC;AAC7B,QAAI,eAAe,OAAW;AAC9B,UAAM,MAAM,WAAW,KAAK;AAC5B,QAAI,QAAQ,MAAM,QAAQ,IAAK;AAC/B,QAAI,CAAC,aAAa,GAAG,EAAG;AAExB,QAAI,IAAI;AACR,aAAS,IAAI,GAAG,IAAI,SAAS,QAAQ,KAAK;AACxC,YAAM,UAAU,SAAS,CAAC;AAC1B,UAAI,YAAY,OAAW;AAC3B,YAAM,QAAQ,6BAA6B,KAAK,OAAO;AACvD,UAAI,CAAC,MAAO;AACZ,YAAM,SAAS,OAAO,WAAW,MAAM,CAAC,KAAK,EAAE;AAC/C,UAAI,OAAO,MAAM,MAAM,GAAG;AACxB,YAAI;AAAA,MACN,WAAW,SAAS,KAAK,SAAS,GAAG;AAGnC,YAAI;AAAA,MACN,OAAO;AACL,YAAI;AAAA,MACN;AACA;AAAA,IACF;AACA,QAAI,MAAM,EAAG;AAEb,YAAQ,KAAK,EAAE,KAAK,EAAE,CAAC;AAAA,EACzB;AAGA,UAAQ,KAAK,CAAC,GAAG,MAAM,EAAE,IAAI,EAAE,CAAC;AAChC,SAAO,QAAQ,IAAI,CAAC,MAAM,EAAE,GAAG;AACjC;AAEA,SAAS,cAAc,KAAqB;AAC1C,QAAM,OAAO,IAAI,QAAQ,GAAG;AAC5B,UAAQ,SAAS,KAAK,MAAM,IAAI,MAAM,GAAG,IAAI,GAAG,YAAY;AAC9D;AAEA,SAAS,eAAe,KAAa,WAAkD;AACrF,QAAM,WAAW,IAAI,YAAY;AACjC,QAAM,aAAa,cAAc,GAAG;AAIpC,aAAW,KAAK,WAAW;AACzB,QAAI,EAAE,YAAY,MAAM,SAAU,QAAO;AAAA,EAC3C;AACA,aAAW,KAAK,WAAW;AACzB,QAAI,cAAc,CAAC,MAAM,WAAY,QAAO;AAAA,EAC9C;AACA,SAAO;AACT;AAcO,SAAS,sBACd,GACA,WACA,YAC8C;AAC9C,QAAM,MAAgB,CAAC;AAEvB,QAAM,QAAQ,EAAE,IAAI,MAAM,MAAM;AAChC,MAAI,UAAU,UAAa,aAAa,KAAK,GAAG;AAC9C,QAAI,KAAK,KAAK;AAAA,EAChB;AAEA,MAAI,eAAe,UAAa,aAAa,UAAU,GAAG;AACxD,QAAI,KAAK,UAAU;AAAA,EACrB;AAEA,QAAM,SAAS,UAAU,GAAG,gBAAgB;AAC5C,MAAI,WAAW,UAAa,OAAO,UAAU,oBAAoB,aAAa,MAAM,GAAG;AACrF,QAAI,KAAK,MAAM;AAAA,EACjB;AAEA,QAAM,SAAS,EAAE,IAAI,OAAO,iBAAiB;AAC7C,MAAI,WAAW,QAAW;AACxB,QAAI,KAAK,GAAG,oBAAoB,MAAM,CAAC;AAAA,EACzC;AAEA,QAAM,OAAO,oBAAI,IAAY;AAC7B,QAAM,WAAqB,CAAC;AAC5B,aAAW,OAAO,KAAK;AACrB,UAAM,UAAU,eAAe,KAAK,SAAS;AAC7C,QAAI,YAAY,OAAW;AAC3B,UAAM,MAAM,QAAQ,YAAY;AAChC,QAAI,KAAK,IAAI,GAAG,EAAG;AACnB,SAAK,IAAI,GAAG;AACZ,aAAS,KAAK,OAAO;AACrB,QAAI,SAAS,WAAW,EAAG;AAAA,EAC7B;AAEA,QAAM,MAAoD,CAAC;AAC3D,MAAI,SAAS,CAAC,MAAM,OAAW,KAAI,SAAS,SAAS,CAAC;AACtD,MAAI,SAAS,CAAC,MAAM,OAAW,KAAI,iBAAiB,SAAS,CAAC;AAC9D,SAAO;AACT;;;ACzIO,IAAM,0BAA0B,CAAC,KAAK,gBAAgB,aAAa;AAW1E,IAAM,0BAA0B,oBAAI,IAAI,CAAC,KAAK,CAAC;AAE/C,SAAS,YAAY,KAAqB;AACxC,SAAO,IAAI,IAAI,GAAG,EAAE;AACtB;AAmBO,SAAS,kBAAkB,UAAqD;AAErF,QAAM,QAAQ,qBAAqB,KAAK,QAAQ;AAChD,MAAI,UAAU,KAAM,QAAO,EAAE,MAAM,SAAS;AAE5C,QAAM,MAAM,MAAM,CAAC;AACnB,MAAI,QAAQ,UAAa,CAAC,aAAa,GAAG,EAAG,QAAO,EAAE,MAAM,SAAS;AAIrE,MAAI,wBAAwB,IAAI,IAAI,YAAY,CAAC,EAAG,QAAO,EAAE,MAAM,SAAS;AAG5E,QAAM,YAAY,MAAM,CAAC,KAAK;AAC9B,MAAI,CAAE,wBAA8C,SAAS,SAAS,GAAG;AACvE,WAAO,EAAE,MAAM,SAAS;AAAA,EAC1B;AAEA,SAAO,EAAE,QAAQ,KAAK,MAAM,UAAU;AACxC;AAOO,SAAS,oBAAoB,KAAsB;AACxD,SAAO,kBAAkB,YAAY,IAAI,GAAG,CAAC,EAAE;AACjD;AAQO,SAAS,kBAAkB,KAAiC;AACjE,SAAO,kBAAkB,YAAY,GAAG,CAAC,EAAE;AAC7C;;;AJ5DA,IAAM,mBAAmB;AAEzB,IAAM,aAAa;AAAA,EACjB;AAAA;AAAA;AAAA;AAAA,EAIA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,EAAE,KAAK,IAAI;AAEX,eAAe,YAAY,MAAkE;AAC3F,MAAI;AACF,WAAO,MAAM,KAAK,QAAQ,WAAW;AAAA,EACvC,SAAS,GAAG;AACV,QAAI,aAAa,iBAAiB,KAAK,UAAU;AAC/C,aAAO,EAAE,MAAM,KAAK,SAAS,GAAG,SAAS,iBAAiB;AAAA,IAC5D;AACA,UAAM;AAAA,EACR;AACF;AAEO,SAAS,gBAAgB,MAA2B;AASzD,QAAM,MAAM,IAAI,KAAK,EAAE,SAAS,oBAAoB,CAAC;AAErD,MAAI,IAAI,KAAK,OAAO,GAAG,SAAS;AAC9B,UAAM,KAAK;AACX,UAAM,IAAI,EAAE,IAAI;AAChB,MAAE,IAAI,6BAA6B,8CAA8C;AACjF,MAAE,IAAI,0BAA0B,SAAS;AACzC,MAAE,IAAI,mBAAmB,MAAM;AAC/B,MAAE,IAAI,mBAAmB,iCAAiC;AAC1D,MAAE,IAAI,sBAAsB,8DAA8D;AAC1F,MAAE,IAAI,2BAA2B,UAAU;AAQ3C,MAAE,IAAI,+BAA+B,GAAG;AACxC,MAAE,IAAI,iCAAiC,MAAM;AAAA,EAC/C,CAAC;AAED,MAAI,QAAQ,CAAC,KAAK,MAAM;AAKtB,YAAQ,MAAM,8BAA8B,GAAG;AAC/C,WAAO,gBAAgB,GAAG;AAAA,MACxB,MAAM,YAAY;AAAA,MAClB,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,QAAQ;AAAA,IACV,CAAC;AAAA,EACH,CAAC;AAED,MAAI;AAAA,IAAS,CAAC,MACZ,gBAAgB,GAAG;AAAA,MACjB,MAAM,YAAY;AAAA,MAClB,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,QAAQ,oBAAoB,IAAI,IAAI,EAAE,IAAI,GAAG,EAAE,QAAQ;AAAA,IACzD,CAAC;AAAA,EACH;AAUA,MAAI,IAAI,KAAK,OAAO,MAAM;AACxB,UAAM,EAAE,MAAM,QAAQ,IAAI,MAAM,YAAY,IAAI;AAChD,UAAM,UAAU,UAAU,IAAI;AAC9B,UAAM,EAAE,QAAQ,eAAe,IAAI;AAAA,MACjC;AAAA,MACA,QAAQ,SAAS;AAAA,MACjB,kBAAkB,EAAE,IAAI,GAAG;AAAA,IAC7B;AACA,UAAM,YAAY,yBAAyB,cAAc,SAAS,QAAQ,cAAc,CAAC;AAEzF,UAAM,gBAAgB,QAAQ,SAAS;AACvC,UAAM,UAAU,CAAC,GAAG,oBAAI,IAAI,CAAC,eAAe,GAAG,QAAQ,SAAS,gBAAgB,CAAC,CAAC;AAClF,UAAM,UAAU,UAAU;AAC1B,UAAM,SAAS,IAAI,IAAI,EAAE,IAAI,GAAG,EAAE;AAClC,UAAM,aAAa,CAAC,MAAuB,MAAM,gBAAgB,MAAM,IAAI,CAAC;AAE5E,UAAM,WACJ,QAAQ,SAAS,UAAU,YAAY,QAAQ,KAAK,kBAChD,MAAM,KAAK,gBAAgB,oBAAoB,IAC/C;AAEN,UAAM,OAAO,kBAAkB;AAAA,MAC7B;AAAA,MACA,cAAc,GAAG,MAAM,GAAG,WAAW,OAAO,CAAC;AAAA,MAC7C,YAAY;AAAA,QACV,GAAG,QAAQ,IAAI,CAAC,OAAO,EAAE,UAAU,GAAG,MAAM,GAAG,MAAM,GAAG,WAAW,CAAC,CAAC,GAAG,EAAE;AAAA,QAC1E,EAAE,UAAU,aAAa,MAAM,GAAG,MAAM,GAAG,WAAW,aAAa,CAAC,GAAG;AAAA,MACzE;AAAA,MACA,WAAW,QAAQ,IAAI,CAAC,OAAO,EAAE,QAAQ,GAAG,MAAM,WAAW,CAAC,GAAG,SAAS,MAAM,QAAQ,EAAE;AAAA,MAC1F,QAAQ,QAAQ,SAAS,iBAAiB;AAAA,MAC1C,kBAAkB,YAAY;AAAA,IAChC,CAAC;AAED,MAAE,OAAO,QAAQ,IAAI,OAAO,GAAG;AAC/B,MAAE,OAAO,iBAAiB,qBAAqB;AAC/C,MAAE,OAAO,QAAQ,yBAAyB;AAC1C,WAAO,EAAE,KAAK,IAAI;AAAA,EACpB,CAAC;AAMD,MAAI,IAAI,WAAW,CAAC,MAAM;AACxB,MAAE,OAAO,iBAAiB,UAAU;AACpC,WAAO,EAAE,KAAK,EAAE,QAAQ,MAAM,eAAe,eAAe,CAAC;AAAA,EAC/D,CAAC;AAED,MAAI,IAAI,gBAAgB,OAAO,MAAM;AACnC,UAAM,EAAE,MAAM,QAAQ,IAAI,MAAM,YAAY,IAAI;AAChD,UAAM,EAAE,QAAQ,eAAe,IAAI;AAAA,MACjC;AAAA,MACA,KAAK,SAAS;AAAA,MACd,kBAAkB,EAAE,IAAI,GAAG;AAAA,IAC7B;AACA,UAAM,YAAY;AAAA,MAChB,cAAc,UAAU,IAAI,GAAG,QAAQ,cAAc;AAAA,IACvD;AACA,UAAM,OAAO;AAAA,MACX,MAAM;AAAA,MACN,MAAM;AAAA,QACJ,eAAe,UAAU;AAAA,QACzB,QAAQ,UAAU;AAAA,QAClB,WAAW,UAAU,KAAK;AAAA,MAC5B;AAAA,IACF;AACA,MAAE,OAAO,QAAQ,IAAI,OAAO,GAAG;AAC/B,MAAE,OAAO,iBAAiB,sBAAsB;AAChD,MAAE,OAAO,QAAQ,yBAAyB;AAC1C,WAAO,EAAE,KAAK,IAAI;AAAA,EACpB,CAAC;AAED,MAAI,IAAI,eAAe,CAAC,MAAM,EAAE,KAAK,MAAM,CAAC;AAQ5C,MAAI,IAAI,iBAAiB,OAAO,MAAM;AACpC,UAAM,cAAc,MAClB,gBAAgB,GAAG;AAAA,MACjB,MAAM,YAAY;AAAA,MAClB,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,QAAQ;AAAA,IACV,CAAC;AAEH,QAAI,CAAC,KAAK,gBAAiB,QAAO,YAAY;AAC9C,UAAM,EAAE,KAAK,IAAI,MAAM,YAAY,IAAI;AACvC,QAAI,KAAK,SAAS,UAAU,YAAY,KAAM,QAAO,YAAY;AACjE,UAAM,WAAW,MAAM,KAAK,gBAAgB,oBAAoB;AAChE,QAAI,aAAa,KAAM,QAAO,YAAY;AAE1C,MAAE,OAAO,iBAAiB,qBAAqB;AAC/C,WAAO,EAAE,KAAK,QAAQ;AAAA,EACxB,CAAC;AAED,MAAI,IAAI,eAAe,OAAO,MAAM;AAClC,UAAM,EAAE,MAAM,QAAQ,IAAI,MAAM,YAAY,IAAI;AAChD,UAAM,EAAE,QAAQ,eAAe,IAAI;AAAA,MACjC;AAAA,MACA,KAAK,SAAS;AAAA,MACd,kBAAkB,EAAE,IAAI,GAAG;AAAA,IAC7B;AACA,UAAM,YAAY;AAAA,MAChB,cAAc,UAAU,IAAI,GAAG,QAAQ,cAAc;AAAA,IACvD;AACA,UAAM,KAAKC,gBAAe,SAAS;AACnC,MAAE,OAAO,QAAQ,IAAI,OAAO,GAAG;AAC/B,MAAE,OAAO,iBAAiB,sBAAsB;AAChD,MAAE,OAAO,QAAQ,yBAAyB;AAC1C,MAAE,OAAO,gBAAgB,oCAAoC;AAC7D,WAAO,EAAE,KAAK,KAAK,UAAU,EAAE,CAAC;AAAA,EAClC,CAAC;AAED,MAAI,IAAI,iBAAiB,OAAO,MAAM;AACpC,UAAM,EAAE,MAAM,QAAQ,IAAI,MAAM,YAAY,IAAI;AAChD,UAAM,WAAW,yBAAyB,IAAI;AAC9C,MAAE,OAAO,QAAQ,IAAI,OAAO,GAAG;AAC/B,MAAE,OAAO,iBAAiB,qBAAqB;AAC/C,WAAO,EAAE,KAAK,QAAQ;AAAA,EACxB,CAAC;AAED,MAAI,IAAI,6BAA6B,CAAC,MAAM;AAC1C,MAAE,OAAO,iBAAiB,sBAAsB;AAChD,WAAO,EAAE,KAAK;AAAA,MACZ,eAAe;AAAA,MACf,WAAW;AAAA,MACX,SAAS;AAAA,MACT,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,WAAW;AAAA;AAAA,MAEX,GAAI,KAAK,YAAY,SAAY,EAAE,KAAK,KAAK,QAAQ,IAAI,CAAC;AAAA,IAC5D,CAAC;AAAA,EACH,CAAC;AAOD,MAAI,QAAQ,KAAK,CAAC,MAAM;AACtB,MAAE,OAAO,gCAAgC,oBAAoB;AAC7D,MAAE,OAAO,gCAAgC,EAAE,IAAI,OAAO,gCAAgC,KAAK,GAAG;AAC9F,MAAE,OAAO,0BAA0B,OAAO;AAC1C,WAAO,EAAE,KAAK,MAAM,GAAG;AAAA,EACzB,CAAC;AAED,MAAI;AAAA,IAAG,CAAC,QAAQ,OAAO,SAAS,QAAQ;AAAA,IAAG;AAAA,IAAK,CAAC,MAC/C,gBAAgB,GAAG;AAAA,MACjB,MAAM,YAAY;AAAA,MAClB,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,QAAQ,GAAG,EAAE,IAAI,MAAM,IAAI,IAAI,IAAI,EAAE,IAAI,GAAG,EAAE,QAAQ;AAAA,IACxD,CAAC;AAAA,EACH;AAEA,SAAO;AACT;;;AKrRA,SAAS,4BAAAC,iCAAgC;;;ACtBzC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,iBAAAC;AAAA,EACA,aAAAC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OAKK;AACP,SAAS,QAAAC,aAAY;;;ACCd,SAAS,kBAAkB,GAAe,GAAwB;AACvE,QAAM,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE;AAC/C,MAAI,OAAO,EAAE,WAAW,EAAE,SAAS,IAAI;AACvC,WAAS,IAAI,GAAG,IAAI,KAAK,KAAK;AAC5B,UAAM,KAAK,EAAE,CAAC,KAAK;AACnB,UAAM,KAAK,EAAE,CAAC,KAAK;AACnB,YAAQ,KAAK;AAAA,EACf;AACA,SAAO,SAAS;AAClB;AAGA,eAAsB,UAAU,OAAgC;AAC9D,QAAM,MAAM,MAAM,OAAO,OAAO,OAAO,WAAW,IAAI,YAAY,EAAE,OAAO,KAAK,CAAC;AACjF,QAAM,QAAQ,IAAI,WAAW,GAAG;AAChC,MAAI,MAAM;AACV,aAAW,KAAK,OAAO;AACrB,WAAO,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG;AAAA,EACvC;AACA,SAAO;AACT;AAOA,eAAsB,kBAAkB,GAA6B;AACnE,QAAM,SAAS,EAAE,IAAI,OAAO,eAAe,KAAK;AAChD,QAAM,IAAI,mBAAmB,KAAK,MAAM;AACxC,QAAM,QAAQ,IAAI,CAAC,KAAK;AACxB,MAAI,UAAU,GAAI,QAAO;AACzB,SAAO,UAAU,MAAM,UAAU,KAAK,CAAC;AACzC;AAgBO,SAAS,iBAAiB,MAA+B;AAC9D,SAAO,OAAO,GAAY,SAAyC;AACjE,UAAM,WAAW,KAAK,cAAc;AACpC,UAAM,SAAS,EAAE,IAAI,OAAO,eAAe,KAAK;AAChD,UAAM,QAAQ,mBAAmB,KAAK,MAAM;AAC5C,UAAM,YAAY,QAAQ,CAAC;AAE3B,UAAM,OACJ,aAAa,UACb,cAAc,UACd,kBAAkB,IAAI,YAAY,EAAE,OAAO,SAAS,GAAG,IAAI,YAAY,EAAE,OAAO,QAAQ,CAAC;AAE3F,UAAM,YAAY,MAAM,kBAAkB,CAAC;AAC3C,UAAM,cAAc;AAAA,MAClB,QAAQ,EAAE,IAAI;AAAA,MACd,MAAM,IAAI,IAAI,EAAE,IAAI,GAAG,EAAE;AAAA,MACzB,IAAI,EAAE,IAAI,OAAO,kBAAkB;AAAA,IACrC;AAEA,QAAI,CAAC,MAAM;AACT,WAAK,YAAY;AAAA,QACf,MAAM;AAAA,QACN,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,QAClC,OAAO,EAAE,UAAU;AAAA,QACnB,SAAS;AAAA,QACT,QAAQ,EAAE,QAAQ,IAAI;AAAA,MACxB,CAAC;AACD,aAAO,gBAAgB,GAAG;AAAA,QACxB,MAAM,YAAY;AAAA,QAClB,QAAQ;AAAA,QACR,OAAO;AAAA,QACP,QAAQ;AAAA,MACV,CAAC;AAAA,IACH;AAEA,SAAK,YAAY;AAAA,MACf,MAAM;AAAA,MACN,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,MAClC,OAAO,EAAE,UAAU;AAAA,MACnB,SAAS;AAAA,MACT,QAAQ,EAAE,QAAQ,IAAI;AAAA,IACxB,CAAC;AAED,UAAM,KAAK;AAAA,EACb;AACF;;;AC3FO,SAAS,iBAAiB,MAA+B;AAC9D,SAAO,OAAO,GAAY,SAAyC;AACjE,UAAM,QAAQ,KAAK,gBAAgB;AACnC,QAAI,MAAM,WAAW,GAAG;AACtB,YAAM,KAAK;AACX;AAAA,IACF;AACA,UAAM,SAAS,EAAE,IAAI,OAAO,QAAQ;AACpC,QAAI,WAAW,UAAa,CAAC,MAAM,SAAS,MAAM,GAAG;AACnD,aAAO,gBAAgB,GAAG;AAAA,QACxB,MAAM,YAAY;AAAA,QAClB,QAAQ;AAAA,QACR,OAAO;AAAA,QACP,QAAQ,UAAU,MAAM;AAAA,MAC1B,CAAC;AAAA,IACH;AACA,UAAM,KAAK;AAAA,EACb;AACF;;;AFTA,IAAM,gBAAgB,CAAC,sBAAsB,0BAA0B,iBAAiB,EAAE;AAAA,EACxF;AACF;AAuBA,SAAS,aAAa,GAAuC;AAC3D,SAAO,EAAE,MAAM,IAAI,EAAE,OAAO,IAAI,SAAS,EAAE,QAAQ;AACrD;AAcA,SAAS,UAAU,KAAqB;AACtC,MAAI,UAAU,IAAI,KAAK;AACvB,MAAI,QAAQ,WAAW,IAAI,GAAG;AAC5B,cAAU,QAAQ,MAAM,CAAC,EAAE,KAAK;AAAA,EAClC;AACA,MAAI,QAAQ,WAAW,GAAG,KAAK,QAAQ,SAAS,GAAG,KAAK,QAAQ,UAAU,GAAG;AAC3E,WAAO,QAAQ,MAAM,GAAG,EAAE;AAAA,EAC5B;AACA,SAAO;AACT;AAMO,SAAS,kBAAkB,MAA6B;AAC7D,QAAM,MAAM,IAAIC,MAAK;AAErB,MAAI,IAAI,KAAK,OAAO,GAAG,SAAS;AAC9B,UAAM,KAAK;AACX,UAAM,IAAI,EAAE,IAAI;AAChB,MAAE,IAAI,6BAA6B,8CAA8C;AACjF,MAAE,IAAI,0BAA0B,SAAS;AACzC,MAAE,IAAI,mBAAmB,MAAM;AAC/B,MAAE,IAAI,mBAAmB,iCAAiC;AAC1D,MAAE,IAAI,sBAAsB,8DAA8D;AAC1F,MAAE,IAAI,2BAA2B,aAAa;AAC9C,MAAE,IAAI,iBAAiB,mBAAmB;AAAA,EAC5C,CAAC;AAED,MAAI,IAAI,KAAK,iBAAiB,EAAE,iBAAiB,KAAK,gBAAgB,CAAC,CAAC;AACxE,MAAI;AAAA,IACF;AAAA,IACA,iBAAiB,EAAE,eAAe,KAAK,eAAe,aAAa,KAAK,YAAY,CAAC;AAAA,EACvF;AAEA,MAAI;AAAA,IAAQ,CAAC,KAAK,MAChB,gBAAgB,GAAG;AAAA,MACjB,MAAM,YAAY;AAAA,MAClB,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,QAAQ,eAAe,QAAQ,IAAI,UAAU;AAAA,IAC/C,CAAC;AAAA,EACH;AAEA,MAAI;AAAA,IAAS,CAAC,MACZ,gBAAgB,GAAG;AAAA,MACjB,MAAM,YAAY;AAAA,MAClB,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,QAAQ,0BAA0B,IAAI,IAAI,EAAE,IAAI,GAAG,EAAE,QAAQ;AAAA,IAC/D,CAAC;AAAA,EACH;AAEA,MAAI,IAAI,YAAY,OAAO,MAAM;AAC/B,UAAM,cAAc,EAAE,IAAI,OAAO,cAAc,KAAK;AACpD,QAAI,CAAC,YAAY,YAAY,EAAE,WAAW,kBAAkB,GAAG;AAC7D,aAAO,gBAAgB,GAAG;AAAA,QACxB,MAAM,YAAY;AAAA,QAClB,QAAQ;AAAA,QACR,OAAO;AAAA,QACP,QAAQ,+CAA+C,WAAW;AAAA,MACpE,CAAC;AAAA,IACH;AAEA,QAAI;AACJ,QAAI;AACF,eAAS,MAAM,EAAE,IAAI,KAAK;AAAA,IAC5B,QAAQ;AACN,aAAO,gBAAgB,GAAG;AAAA,QACxB,MAAM,YAAY;AAAA,QAClB,QAAQ;AAAA,QACR,OAAO;AAAA,QACP,QAAQ;AAAA,MACV,CAAC;AAAA,IACH;AAEA,UAAM,SAAS,SAAS,MAAM;AAC9B,QAAI,CAAC,OAAO,IAAI;AACd,aAAO,gBAAgB,GAAG;AAAA,QACxB,MAAM,YAAY;AAAA,QAClB,QAAQ;AAAA,QACR,OAAO;AAAA,QACP,QAAQ,6BAA6B,OAAO,OAAO,OAAO,MAAM,CAAC;AAAA,QACjE,QAAQ,OAAO,OAAO,IAAI,YAAY;AAAA,MACxC,CAAC;AAAA,IACH;AAEA,UAAM,OAAgB,OAAO;AAC7B,UAAM,aAAa,EAAE,IAAI,OAAO,UAAU;AAC1C,UAAM,UAAU,eAAe,SAAY,UAAU,UAAU,IAAI;AAEnE,QAAI;AACJ,QAAI;AACF,cAAQ,MAAM,KAAK,QAAQ,YAAY,MAAM,OAAO;AAAA,IACtD,SAAS,GAAG;AACV,UAAI,aAAa,eAAe;AAC9B,eAAO,gBAAgB,GAAG;AAAA,UACxB,MAAM,YAAY;AAAA,UAClB,QAAQ;AAAA,UACR,OAAO;AAAA,UACP,QAAQ;AAAA,UACR,gBAAgB,EAAE;AAAA,QACpB,CAAC;AAAA,MACH;AACA,YAAM;AAAA,IACR;AAEA,UAAM,KAAK,YAAY,eAAe;AAEtC,UAAM,aAAY,oBAAI,KAAK,GAAE,YAAY;AACzC,UAAM,YAAY,MAAM,kBAAkB,CAAC;AAC3C,SAAK,YAAY;AAAA,MACf,MAAM;AAAA,MACN,WAAW;AAAA,MACX,OAAO,EAAE,UAAU;AAAA,MACnB,SAAS;AAAA,QACP,QAAQ;AAAA,QACR,MAAM,IAAI,IAAI,EAAE,IAAI,GAAG,EAAE;AAAA,QACzB,IAAI,EAAE,IAAI,OAAO,kBAAkB;AAAA,MACrC;AAAA,MACA,QAAQ,EAAE,QAAQ,KAAK,SAAS,MAAM,QAAQ;AAAA,IAChD,CAAC;AAED,WAAO,EAAE,KAAK;AAAA,MACZ,MAAMC,WAAU,IAAI;AAAA,MACpB,MAAM;AAAA,QACJ,eAAe,KAAK;AAAA,QACpB,SAAS,MAAM;AAAA,QACf;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH,CAAC;AAED,MAAI,OAAO,YAAY,OAAO,MAAM;AAClC,UAAM,KAAK,QAAQ,cAAc;AACjC,UAAM,KAAK,YAAY,eAAe;AAEtC,UAAM,YAAY,MAAM,kBAAkB,CAAC;AAC3C,SAAK,YAAY;AAAA,MACf,MAAM;AAAA,MACN,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,MAClC,OAAO,EAAE,UAAU;AAAA,MACnB,SAAS;AAAA,QACP,QAAQ;AAAA,QACR,MAAM,IAAI,IAAI,EAAE,IAAI,GAAG,EAAE;AAAA,QACzB,IAAI,EAAE,IAAI,OAAO,kBAAkB;AAAA,MACrC;AAAA,MACA,QAAQ,EAAE,QAAQ,IAAI;AAAA,IACxB,CAAC;AAED,WAAO,EAAE,KAAK,MAAM,GAAG;AAAA,EACzB,CAAC;AAED,MAAI,IAAI,WAAW,OAAO,MAAM;AAC9B,QAAI;AACJ,QAAI;AACF,eAAS,MAAM,KAAK,QAAQ,WAAW;AAAA,IACzC,SAAS,GAAG;AACV,UAAI,aAAaC,gBAAe;AAC9B,eAAO,gBAAgB,GAAG;AAAA,UACxB,MAAM,YAAY;AAAA,UAClB,QAAQ;AAAA,UACR,OAAO;AAAA,UACP,QAAQ;AAAA,QACV,CAAC;AAAA,MACH;AACA,YAAM;AAAA,IACR;AAOA,UAAM,WAAW,cAAc,OAAO,MAAM,EAAE,iBAAiB,MAAM,CAAC;AAEtE,UAAM,YAAY,MAAM,kBAAkB,CAAC;AAC3C,SAAK,YAAY;AAAA,MACf,MAAM;AAAA,MACN,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,MAClC,OAAO,EAAE,UAAU;AAAA,MACnB,SAAS;AAAA,QACP,QAAQ;AAAA,QACR,MAAM,IAAI,IAAI,EAAE,IAAI,GAAG,EAAE;AAAA,QACzB,IAAI,EAAE,IAAI,OAAO,kBAAkB;AAAA,MACrC;AAAA,MACA,QAAQ,EAAE,QAAQ,IAAI;AAAA,IACxB,CAAC;AAMD,MAAE,OAAO,QAAQ,IAAI,OAAO,OAAO,GAAG;AACtC,WAAO,EAAE,KAAK,QAAQ;AAAA,EACxB,CAAC;AAID,MAAI,KAAK,cAAc;AACrB,UAAM,eAAe,KAAK;AAC1B,QAAI,KAAK,WAAW,OAAO,MAAM;AAI/B,YAAM,WAAW,OAAO,EAAE,IAAI,OAAO,gBAAgB,KAAK,EAAE;AAC5D,UAAI,OAAO,SAAS,QAAQ,KAAK,WAAW,kBAAkB,MAAM;AAClE,eAAO,gBAAgB,GAAG;AAAA,UACxB,MAAM,YAAY;AAAA,UAClB,QAAQ;AAAA,UACR,OAAO;AAAA,UACP,QAAQ,qBAAqB,OAAO,eAAe,CAAC;AAAA,QACtD,CAAC;AAAA,MACH;AAEA,UAAI;AACJ,UAAI;AACF,eAAO,MAAM,EAAE,IAAI,SAAS;AAAA,MAC9B,QAAQ;AACN,eAAO,gBAAgB,GAAG;AAAA,UACxB,MAAM,YAAY;AAAA,UAClB,QAAQ;AAAA,UACR,OAAO;AAAA,UACP,QAAQ;AAAA,QACV,CAAC;AAAA,MACH;AAEA,YAAM,OAAO,KAAK,IAAI,MAAM;AAC5B,UAAI,EAAE,gBAAgB,OAAO;AAC3B,eAAO,gBAAgB,GAAG;AAAA,UACxB,MAAM,YAAY;AAAA,UAClB,QAAQ;AAAA,UACR,OAAO;AAAA,UACP,QAAQ;AAAA,QACV,CAAC;AAAA,MACH;AAEA,YAAM,QAAQ,IAAI,WAAW,MAAM,KAAK,YAAY,CAAC;AACrD,UAAI,MAAM,SAAS,iBAAiB;AAClC,eAAO,gBAAgB,GAAG;AAAA,UACxB,MAAM,YAAY;AAAA,UAClB,QAAQ;AAAA,UACR,OAAO;AAAA,UACP,QAAQ,YAAY,OAAO,MAAM,MAAM,CAAC,wBAAwB,OAAO,eAAe,CAAC;AAAA,QACzF,CAAC;AAAA,MACH;AAGA,YAAM,OAAO,gBAAgB,KAAK;AAClC,UAAI,SAAS,MAAM;AACjB,eAAO,gBAAgB,GAAG;AAAA,UACxB,MAAM,YAAY;AAAA,UAClB,QAAQ;AAAA,UACR,OAAO;AAAA,UACP,QAAQ;AAAA,QACV,CAAC;AAAA,MACH;AAEA,YAAM,OAAO,cAAc,OAAO,IAAI;AACtC,UAAI,SAAS,MAAM;AACjB,eAAO,gBAAgB,GAAG;AAAA,UACxB,MAAM,YAAY;AAAA,UAClB,QAAQ;AAAA,UACR,OAAO;AAAA,UACP,QAAQ;AAAA,QACV,CAAC;AAAA,MACH;AACA,UAAI,KAAK,QAAQ,uBAAuB,KAAK,SAAS,qBAAqB;AACzE,eAAO,gBAAgB,GAAG;AAAA,UACxB,MAAM,YAAY;AAAA,UAClB,QAAQ;AAAA,UACR,OAAO;AAAA,UACP,QAAQ,YAAY,OAAO,KAAK,KAAK,CAAC,OAAI,OAAO,KAAK,MAAM,CAAC,oBAAoB,OAAO,mBAAmB,CAAC,OAAI,OAAO,mBAAmB,CAAC;AAAA,QAC7I,CAAC;AAAA,MACH;AACA,UAAI,KAAK,SAAS,kBAAkB;AAClC,eAAO,gBAAgB,GAAG;AAAA,UACxB,MAAM,YAAY;AAAA,UAClB,QAAQ;AAAA,UACR,OAAO;AAAA,UACP,QAAQ,aAAa,OAAO,KAAK,MAAM,CAAC,yBAAyB,OAAO,gBAAgB,CAAC;AAAA,QAC3F,CAAC;AAAA,MACH;AAIA,YAAM,WAAW,mBAAmB,OAAO,IAAI;AAG/C,YAAM,SAAS,MAAM,aAAa;AAAA,QAChC,IAAI,KAAK,CAAC,WAAW,KAAK,QAAQ,CAAC,GAAG,EAAE,MAAM,KAAK,CAAC;AAAA,QACpD;AAAA,UACE,UAAU,KAAK;AAAA,UACf,aAAa;AAAA,QACf;AAAA,MACF;AAEA,YAAM,YAAY,MAAM,kBAAkB,CAAC;AAC3C,WAAK,YAAY;AAAA,QACf,MAAM;AAAA,QACN,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,QAClC,OAAO,EAAE,UAAU;AAAA,QACnB,SAAS;AAAA,UACP,QAAQ;AAAA,UACR,MAAM,IAAI,IAAI,EAAE,IAAI,GAAG,EAAE;AAAA,UACzB,IAAI,EAAE,IAAI,OAAO,kBAAkB;AAAA,QACrC;AAAA,QACA,QAAQ,EAAE,QAAQ,IAAI;AAAA,QACtB,OAAO,EAAE,KAAK,OAAO,IAAI,UAAU,MAAM,MAAM,SAAS,OAAO;AAAA,MACjE,CAAC;AAED,aAAO,EAAE,KAAK,QAAQ,GAAG;AAAA,IAC3B,CAAC;AAAA,EACH;AAEA,MAAI;AAAA,IAAG,CAAC,QAAQ,OAAO;AAAA,IAAG;AAAA,IAAY,CAAC,MACrC,gBAAgB,GAAG;AAAA,MACjB,MAAM,YAAY;AAAA,MAClB,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,QAAQ,GAAG,EAAE,IAAI,MAAM,IAAI,IAAI,IAAI,EAAE,IAAI,GAAG,EAAE,QAAQ;AAAA,IACxD,CAAC;AAAA,EACH;AAEA,SAAO;AACT;;;AG7YA,SAAS,QAAAC,aAAY;;;ACiBd,SAAS,gBAAgB,OAAuB;AACrD,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,gBAMO,KAAK;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,iBA6BJ,KAAK;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AA2GtB;;;ADtJA,SAAS,SAAS,OAAuB;AACvC,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,2BAA2B,KAAK;AAAA,IAChC,4BAA4B,KAAK;AAAA,IACjC;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,EAAE,KAAK,IAAI;AACb;AAEA,SAAS,gBAAwB;AAC/B,QAAM,QAAQ,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC;AACvD,MAAI,MAAM;AACV,aAAW,KAAK,OAAO;AACrB,WAAO,OAAO,aAAa,CAAC;AAAA,EAC9B;AACA,SAAO,KAAK,GAAG;AACjB;AAQO,SAAS,mBAAyB;AACvC,QAAM,MAAM,IAAIC,MAAK;AAErB,MAAI,IAAI,KAAK,CAAC,MAAM;AAClB,UAAM,QAAQ,cAAc;AAC5B,MAAE,OAAO,6BAA6B,8CAA8C;AACpF,MAAE,OAAO,0BAA0B,SAAS;AAC5C,MAAE,OAAO,mBAAmB,MAAM;AAClC,MAAE,OAAO,mBAAmB,iCAAiC;AAC7D,MAAE,OAAO,sBAAsB,8DAA8D;AAC7F,MAAE,OAAO,2BAA2B,SAAS,KAAK,CAAC;AACnD,MAAE,OAAO,iBAAiB,mBAAmB;AAC7C,WAAO,EAAE,KAAK,gBAAgB,KAAK,CAAC;AAAA,EACtC,CAAC;AAED,SAAO;AACT;;;AEhDA,IAAM,kBAAkB;AAAA,EACtB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,EAAE,KAAK,IAAI;AAOJ,SAAS,4BAAoD;AAClE,SAAO;AAAA,IACL,6BAA6B;AAAA,IAC7B,0BAA0B;AAAA,IAC1B,mBAAmB;AAAA,IACnB,mBAAmB;AAAA,IACnB,sBAAsB;AAAA,IACtB,2BAA2B;AAAA,IAC3B,iBAAiB;AAAA,EACnB;AACF;;;ACcO,IAAM,kBAA+B,MAAM;AAElD;;;ACnCO,IAAM,kBAA+B;AAAA,EAC1C,gBAAgB,MAAM,QAAQ,QAAQ;AAAA,EACtC,gBAAgB,MAAM,QAAQ,QAAQ;AACxC;;;ACLA,SAAS,UAAU,iBAAAC,sBAAqB;;;ACIxC,IAAM,iBAAoD;AAAA,EACxD,YAAY;AAAA,EACZ,WAAW;AAAA,EACX,QAAQ;AAAA,EACR,gBAAgB;AAAA,EAChB,cAAc;AAAA,EACd,QAAQ;AAAA,EACR,SAAS;AAAA,EACT,SAAS;AAAA,EACT,WAAW;AAAA,EACX,cAAc;AAAA,EACd,aAAa;AACf;AAKA,IAAMC,OAAM;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAsCZ,SAASC,aAAY,OAA4B;AAC/C,QAAM,OAAO,MAAM,MAAM,QAAQ,MAAM,GAAG,IAAI;AAC9C,QAAM,QAAQ,OACV,YAAY,WAAW,IAAI,CAAC,KAAK,WAAW,MAAM,OAAO,CAAC,SAC1D,WAAW,MAAM,OAAO;AAG5B,QAAM,QAAQ,MAAM,QAAQ,uBAAuB,MAAM,KAAK,YAAY;AAC1E,QAAM,QAAQ,CAAC,wBAAwB,KAAK,QAAQ,KAAK,QAAQ;AACjE,MAAI,MAAM,IAAK,OAAM,KAAK,kBAAkB,WAAW,MAAM,GAAG,CAAC,MAAM;AACvE,MAAI,MAAM,KAAM,OAAM,KAAK,MAAM,WAAW,MAAM,IAAI,CAAC,MAAM;AAC7D,SAAO,qBAAqB,MAAM,KAAK,EAAE,CAAC;AAC5C;AAEA,SAAS,iBAAiB,OAAe,SAAyC;AAChF,SAAO,gBAAgB,WAAW,KAAK,CAAC,YAAY,QAAQ,IAAIA,YAAW,EAAE,KAAK,EAAE,CAAC;AACvF;AAGA,SAAS,YAAY,OAAe,QAAmC;AACrE,QAAM,QAAQ,OAAO,IAAI,CAAC,MAAM,OAAO,WAAW,CAAC,CAAC,OAAO,EAAE,KAAK,EAAE;AACpE,SAAO,gBAAgB,WAAW,KAAK,CAAC,0BAA0B,KAAK;AACzE;AAEA,SAAS,cAAc,GAA8B;AACnD,SAAO,GAAG,EAAE,eAAe,EAAE,QAAQ,WAAM,EAAE,WAAW;AAC1D;AAQA,SAAS,cAAc,SAAoB,QAA2B;AACpE,QAAM,QAAQ,eAAe,QAAQ,IAAI;AACzC,UAAQ,QAAQ,MAAM;AAAA,IACpB,KAAK;AACH,aAAO;AAAA,QACL;AAAA,QACA,QAAQ,QAAQ,IAAI,CAAC,OAAO;AAAA,UAC1B,SAAS,EAAE;AAAA,UACX,KAAK,EAAE;AAAA,UACP,OAAO,UAAU,EAAE,WAAW,EAAE,KAAK,EAAE,SAAS,WAAW,EAAE,WAAW,OAAO,CAAC;AAAA,UAChF,MAAM,EAAE;AAAA,UACR,KAAK,EAAE;AAAA,QACT,EAAE;AAAA,MACJ;AAAA,IACF,KAAK;AACH,aAAO;AAAA,QACL;AAAA,QACA,QAAQ,QAAQ,IAAI,CAAC,MAAM;AACzB,gBAAM,SAAS,SAAS,CAAC,EAAE,QAAQ,EAAE,YAAY,GAAG,IAAI;AACxD,iBAAO;AAAA,YACL,SAAS,UAAU,EAAE;AAAA,YACrB,KAAK,SAAS,EAAE,cAAc;AAAA,YAC9B,OAAO,UAAU,EAAE,WAAW,EAAE,KAAK,EAAE,SAAS,WAAW,EAAE,WAAW,OAAO,CAAC;AAAA,YAChF,MAAM,EAAE;AAAA,YACR,KAAK,EAAE;AAAA,UACT;AAAA,QACF,CAAC;AAAA,MACH;AAAA,IACF,KAAK;AACH,aAAO;AAAA,QACL;AAAA,QACA,QAAQ,QAAQ,IAAI,CAAC,MAAM,EAAE,KAAK;AAAA,MACpC;AAAA,IACF,KAAK;AACH,aAAO,YAAY,OAAO,QAAQ,QAAQ,IAAI,aAAa,CAAC;AAAA,IAC9D,KAAK;AACH,aAAO;AAAA,QACL;AAAA,QACA,QAAQ,QAAQ,IAAI,CAAC,OAAO;AAAA,UAC1B,SAAS,EAAE;AAAA,UACX,KAAK,EAAE;AAAA,UACP,OAAO,UAAU,EAAE,WAAW,EAAE,KAAK,EAAE,gBAAgB,OAAO,CAAC;AAAA,UAC/D,KAAK,EAAE;AAAA,QACT,EAAE;AAAA,MACJ;AAAA,IACF,KAAK;AACH,aAAO;AAAA,QACL;AAAA,QACA,QAAQ,QAAQ,IAAI,CAAC,OAAO;AAAA,UAC1B,SAAS,EAAE;AAAA,UACX,KAAK,SAAS,CAAC,EAAE,WAAW,EAAE,WAAW,KAAK,IAAI,CAAC,GAAG,QAAK;AAAA,UAC3D,OAAO,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC;AAAA,UACnC,MAAM,EAAE;AAAA,UACR,KAAK,EAAE,QAAQ,EAAE,MAAM,mBAAmB,EAAE,GAAG,KAAK;AAAA,QACtD,EAAE;AAAA,MACJ;AAAA,IACF,KAAK;AACH,aAAO;AAAA,QACL;AAAA,QACA,QAAQ,QAAQ,IAAI,CAAC,OAAO;AAAA,UAC1B,SAAS,EAAE;AAAA,UACX,KAAK,EAAE;AAAA,UACP,OAAO,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC;AAAA,UACnC,MAAM,EAAE;AAAA,UACR,KAAK,EAAE;AAAA,QACT,EAAE;AAAA,MACJ;AAAA,IACF,KAAK;AACH,aAAO;AAAA,QACL;AAAA,QACA,QAAQ,QAAQ,IAAI,CAAC,OAAO;AAAA,UAC1B,SAAS,EAAE;AAAA,UACX,KAAK,EAAE;AAAA,UACP,OAAO,UAAU,EAAE,gBAAgB,EAAE,OAAO,CAAC;AAAA,UAC7C,MAAM,EAAE;AAAA,UACR,KAAK,EAAE;AAAA,QACT,EAAE;AAAA,MACJ;AAAA,IACF,KAAK;AACH,aAAO;AAAA,QACL;AAAA,QACA,QAAQ,QAAQ,IAAI,CAAC,OAAO;AAAA,UAC1B,SAAS,EAAE;AAAA,UACX,KAAK,SAAS,CAAC,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,GAAG,QAAK;AAAA,UACzD,OAAO,UAAU,EAAE,cAAc,EAAE,WAAW,EAAE,OAAO,CAAC;AAAA,UACxD,MAAM,EAAE;AAAA,UACR,KAAK,EAAE;AAAA,QACT,EAAE;AAAA,MACJ;AAAA,IACF,KAAK;AACH,aAAO;AAAA,QACL;AAAA,QACA,QAAQ,QAAQ,IAAI,CAAC,OAAO;AAAA,UAC1B,SAAS,EAAE;AAAA,UACX,KAAK,SAAS,CAAC,EAAE,cAAc,EAAE,KAAK,GAAG,QAAK;AAAA,UAC9C,OAAO,UAAU,EAAE,WAAW,EAAE,KAAK,EAAE,SAAS,WAAW,EAAE,WAAW,OAAO,CAAC;AAAA,UAChF,MAAM,EAAE;AAAA,UACR,KAAK,EAAE;AAAA,QACT,EAAE;AAAA,MACJ;AAAA,IACF,KAAK;AACH,aAAO;AAAA,QACL;AAAA,QACA,QAAQ,QAAQ,IAAI,CAAC,OAAO;AAAA,UAC1B,SAAS,EAAE,QAAQ,EAAE;AAAA,UACrB,KAAK,EAAE,OAAO,EAAE,eAAe;AAAA,UAC/B,OAAO,UAAU,EAAE,WAAW,EAAE,KAAK,EAAE,SAAS,WAAW,EAAE,WAAW,OAAO,CAAC;AAAA,UAChF,MAAM,EAAE;AAAA,UACR,KAAK,EAAE;AAAA,QACT,EAAE;AAAA,MACJ;AAAA,EACJ;AACF;AAEA,SAASC,cAAa,IAAwB;AAC5C,QAAM,IAAI,GAAG;AACb,QAAM,QAAQ,CAAC,OAAO,WAAW,EAAE,WAAW,CAAC,OAAO;AACtD,MAAI,EAAE,QAAS,OAAM,KAAK,sBAAsB,WAAW,EAAE,OAAO,CAAC,MAAM;AAE3E,QAAM,UAAoB,CAAC;AAC3B,MAAI,EAAE,SAAU,SAAQ,KAAK,SAAS,WAAW,EAAE,QAAQ,CAAC,SAAS;AACrE,MAAI,EAAE,OAAO;AACX,YAAQ,KAAK,mBAAmB,WAAW,EAAE,KAAK,CAAC,KAAK,WAAW,EAAE,KAAK,CAAC,MAAM;AAAA,EACnF;AACA,QAAM,WAAW,EAAE,UAAU,QAAQ,EAAE,OAAO,IAAI;AAClD,MAAI,SAAU,SAAQ,KAAK,YAAY,WAAW,QAAQ,CAAC,eAAe;AAC1E,MAAI,QAAQ,SAAS,EAAG,OAAM,KAAK,wBAAwB,QAAQ,KAAK,EAAE,CAAC,QAAQ;AAEnF,MAAI,EAAE,IAAK,OAAM,KAAK,kBAAkB,WAAW,EAAE,GAAG,CAAC,MAAM;AAC/D,SAAO,WAAW,MAAM,KAAK,EAAE,CAAC;AAClC;AAGO,SAAS,aAAa,IAAwB;AACnD,QAAM,QAAQ,GAAG,GAAG,OAAO,WAAW;AACtC,QAAM,OAAO;AAAA,IACXA,cAAa,EAAE;AAAA,IACf,GAAG,GAAG,SAAS,IAAI,CAAC,MAAM,cAAc,GAAG,GAAG,cAAc,CAAC;AAAA,EAC/D,EAAE,KAAK,IAAI;AACX,SACE;AAAA,cAAgC,WAAW,GAAG,cAAc,CAAC;AAAA;AAAA;AAAA;AAAA,WAGjD,WAAW,KAAK,CAAC;AAAA,WACjBF,IAAG;AAAA;AAAA;AAAA;AAAA,EACI,IAAI;AAAA;AAAA;AAAA;AAAA;AAE3B;;;ADnMO,SAAS,aACd,SACA,UAA2B,CAAC,GAChB;AACZ,QAAM,EAAE,QAAQ,IAAI;AACpB,QAAM,gBAAgB,QAAQ,SAAS;AAEvC,QAAM,UAAU,CAAC,GAAG,oBAAI,IAAI,CAAC,eAAe,GAAG,QAAQ,SAAS,gBAAgB,CAAC,CAAC;AAClF,QAAM,SAAS,QAAQ,SAAS,iBAAiB;AACjD,QAAM,mBACJ,QAAQ,SAAS,UAAU,YAAY,OAClC,QAAQ,oBAAoB,SAC7B;AAEN,QAAM,QAAoB,CAAC;AAC3B,aAAW,UAAU,SAAS;AAC5B,UAAM,YAAYG,eAAc,SAAS,MAAM;AAC/C,UAAM,YAAY,WAAW;AAE7B,UAAM,YAA0B,QAAQ,IAAI,CAAC,QAAQ;AAAA,MACnD,QAAQ;AAAA,MACR,MAAM,WAAW,QAAQ,IAAI,aAAa;AAAA,MAC1C,SAAS,OAAO;AAAA,IAClB,EAAE;AACF,UAAM,eAAe,UAAU,YAAY,SAAS,QAAQ,aAAa,IAAI;AAC7E,UAAM,aAA0B,UAAU,gBAAgB,SAAS,SAAS,aAAa,IAAI,CAAC;AAE9F,UAAM,OAAO,kBAAkB;AAAA,MAC7B;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AACD,UAAM,KAAK;AAAA,MACT,OAAO,YAAY,MAAM,IAAI,MAAM;AAAA,MACnC,MAAM,YAAY,eAAe,GAAG,MAAM;AAAA,MAC1C;AAAA,IACF,CAAC;AAED,QAAI,QAAQ,OAAO,MAAM;AACvB,YAAM,KAAK;AAAA,QACT,OAAO,YAAY,SAAS,IAAI,MAAM;AAAA,QACtC,MAAM,YAAY,YAAY,GAAG,MAAM;AAAA,QACvC,MAAM,aAAa,SAAS,SAAS,CAAC;AAAA,MACxC,CAAC;AAAA,IACH;AAAA,EACF;AACA,SAAO;AACT;AAGA,SAAS,YAAY,SAAiB,QAAgB,eAA+B;AACnF,SAAO,WAAW,gBAAgB,GAAG,OAAO,MAAM,GAAG,OAAO,IAAI,MAAM;AACxE;AAGA,SAAS,gBACP,SACA,SACA,eACa;AACb,QAAM,aAA0B,QAAQ,IAAI,CAAC,YAAY;AAAA,IACvD,UAAU;AAAA,IACV,MAAM,YAAY,SAAS,QAAQ,aAAa;AAAA,EAClD,EAAE;AACF,aAAW,KAAK;AAAA,IACd,UAAU;AAAA,IACV,MAAM,YAAY,SAAS,eAAe,aAAa;AAAA,EACzD,CAAC;AACD,SAAO;AACT;AAQA,SAAS,WAAW,MAAc,IAAY,eAA+B;AAC3E,QAAM,WAAW,SAAS;AAC1B,QAAM,SAAS,OAAO;AACtB,MAAI,SAAU,QAAO,SAAS,OAAO,GAAG,EAAE;AAC1C,SAAO,SAAS,QAAQ,MAAM,EAAE;AAClC;","names":["generateJsonLd","generateJsonLd","applyPublicPrivacyFilter","NotFoundError","normalize","Hono","Hono","normalize","NotFoundError","Hono","Hono","resolveLocale","CSS","renderEntry","renderHeader","resolveLocale"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@takuhon/api",
3
- "version": "0.22.0",
3
+ "version": "0.23.0",
4
4
  "description": "Hono-based HTTP handlers, RFC 7807 error envelope, and response builders for takuhon",
5
5
  "license": "Apache-2.0",
6
6
  "author": "Takuhon contributors",
@@ -44,7 +44,7 @@
44
44
  },
45
45
  "dependencies": {
46
46
  "hono": "^4.12.21",
47
- "@takuhon/core": "0.22.0"
47
+ "@takuhon/core": "0.23.0"
48
48
  },
49
49
  "scripts": {
50
50
  "typecheck": "tsc",