@takuhon/cloudflare 0.1.0

package/LICENSE

@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2026 Takuhon contributors
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

package/NOTICE

@@ -0,0 +1,10 @@
+@takuhon/cloudflare
+Copyright 2026 Takuhon contributors
+
+This product includes software developed by the Takuhon project
+(https://github.com/takuhon-dev/takuhon).
+
+Licensed under the Apache License, Version 2.0 (see LICENSE).
+
+Third-party dependencies retain their own licenses; see this package's
+node_modules listing for details.

package/README.md

@@ -0,0 +1,165 @@
+# @takuhon/cloudflare
+
+Cloudflare Workers adapter for Takuhon. Wires the framework-agnostic Hono
+handlers from `@takuhon/api` to a Workers KV-backed profile store, the colo-
+local edge cache, and `console.log`-based audit logging.
+
+## Routes
+
+| Method   | Path                        | Source                                       |
+| -------- | --------------------------- | -------------------------------------------- |
+| `GET`    | `/`                         | `@takuhon/api` `createPublicApp`             |
+| `GET`    | `/api/profile`              | `@takuhon/api` `createPublicApp` (KV-backed) |
+| `GET`    | `/api/schema`               | `@takuhon/api` `createPublicApp`             |
+| `GET`    | `/api/jsonld`               | `@takuhon/api` `createPublicApp`             |
+| `GET`    | `/takuhon.json`             | `@takuhon/api` `createPublicApp`             |
+| `GET`    | `/.well-known/takuhon.json` | `@takuhon/api` `createPublicApp`             |
+| `GET`    | `/admin`                    | `@takuhon/api` `createAdminUiApp` (HTML)     |
+| `PUT`    | `/api/admin/profile`        | `@takuhon/api` `createAdminApiApp`           |
+| `DELETE` | `/api/admin/profile`        | `@takuhon/api` `createAdminApiApp`           |
+
+`POST` / `PATCH` on admin paths returns `405 Method Not Allowed`. Schema
+validation failures return `422 Unprocessable Entity` with an `errors[]`
+list of JSON-Schema-style fragment pointers.
+
+## Local development
+
+```sh
+pnpm install
+pnpm --filter @takuhon/cloudflare dev   # wrangler dev
+```
+
+Visit `http://127.0.0.1:8787/`. The first request returns the bundled
+onboarding fixture; the admin UI at `/admin` lets you replace it once you
+provision an admin token (next section).
+
+## Production deploy
+
+### 1. Create the KV namespace
+
+```sh
+wrangler kv namespace create TAKUHON_KV
+wrangler kv namespace create TAKUHON_KV --preview
+```
+
+Copy the printed ids into `wrangler.toml` (replace the
+`REPLACE_WITH_*_NAMESPACE_ID` placeholders).
+
+### 2. Provision the admin token
+
+The admin bearer token must never live in `wrangler.toml` or source
+control. Set it as a Wrangler secret:
+
+```sh
+# 32 bytes of entropy, base64-encoded (43 chars).
+TOKEN=$(openssl rand -base64 32)
+echo "$TOKEN" | wrangler secret put TAKUHON_ADMIN_TOKEN
+```
+
+Store `$TOKEN` securely (1Password, vault, etc.). Without it, every
+`PUT/DELETE /api/admin/profile` returns `401 Unauthorized`.
+
+#### Token rotation
+
+```sh
+# Generate a new token, push it as the new secret, then update any clients
+# that hold the old one. There is no grace period — once the secret
+# changes, requests bearing the old token are rejected.
+echo "$NEW_TOKEN" | wrangler secret put TAKUHON_ADMIN_TOKEN
+```
+
+### 3. Pin the admin Origin allowlist (optional but recommended)
+
+Edit `wrangler.toml` to set the origins that may issue browser-borne admin
+writes:
+
+```toml
+[vars]
+TAKUHON_ADMIN_ORIGIN = "https://admin.example.com,https://localhost:3000"
+```
+
+Empty value disables the check — acceptable when `/admin` is the only
+admin UI surface and you trust same-origin requests. Requests without an
+`Origin` header (curl, native clients) are always allowed; the bearer
+token is the primary auth boundary.
+
+### 4. Configure Rate Limiting Rules
+
+`/api/admin/*` is **not** rate-limited in code. Apply a Cloudflare WAF rule
+in the dashboard:
+
+1. Open **Security → WAF → Rate limiting Rules**.
+2. Add a rule matching `URI Path` starts with `/api/admin/`.
+3. Set the characteristic to the `Authorization` header (so each token
+   gets its own budget).
+4. Limit: `10 requests per 1 minute`.
+5. Action: `Block` with a custom JSON response body that mirrors RFC 7807
+   `application/problem+json` (or simply `Block` with default 429).
+
+### 5. Deploy
+
+```sh
+pnpm --filter @takuhon/cloudflare typecheck   # local TS check
+wrangler deploy
+```
+
+## Operational notes
+
+### Audit log retrieval
+
+All admin auth attempts and profile mutations emit one line of JSON to
+`console.log`. Tail them in real time:
+
+```sh
+wrangler tail
+```
+
+For long-term retention, configure **Workers → Logpush** to ship to R2,
+S3, or a SIEM. Recommended retention: 90 days.
+
+The actor identity in every event is `sha256:<hex>` over the presented
+bearer token. The raw token never leaves the request boundary.
+
+### Edge cache invalidation
+
+After a successful admin write, the Worker calls `caches.default.delete`
+for `/`, `/api/profile`, `/api/profile?lang=en|ja`, `/api/jsonld`,
+`/api/jsonld?lang=en|ja`, and `/takuhon.json`. **This clears the current
+colo's cache only**; other colos honour the response's `Cache-Control`
+`s-maxage=300` (5 minutes) before refreshing.
+
+If you need immediate global invalidation, hit the Cloudflare REST API
+manually after a write (`POST /zones/{zone_id}/purge_cache`). Doing it
+in-Worker requires a zone-scoped API token that we don't bundle by
+default; expanding to multi-lang or a configurable lang list happens as
+part of a later phase.
+
+### Admin UI security
+
+The `/admin` HTML editor runs under a tight CSP:
+
+- `script-src 'self' 'nonce-<n>'` — no inline scripts without the
+  per-request nonce; no `unsafe-inline`.
+- `style-src 'self' 'nonce-<n>'` — same for styles.
+- `require-trusted-types-for 'script'` — DOM-XSS sinks are blocked even
+  if the nonce is leaked.
+- `img-src 'self' blob:` — only same-origin or client-side previews.
+
+The HTML is single-page, no build step: load `/admin`, paste the token,
+edit JSON, save. The token never appears in the URL or cookies.
+
+### Disabling admin entirely
+
+Leave `TAKUHON_ADMIN_TOKEN` unset. Every admin write returns `401`. The
+`/admin` UI is still served but its Save / Delete actions will fail
+identically; treat that as a feature-flag for read-only deployments.
+
+## Limitations & deferred work
+
+| Concern                            | Status                                | Tracked phase |
+| ---------------------------------- | ------------------------------------- | ------------- |
+| `PATCH /api/admin/profile`         | 405 (intentionally not implemented)   | Phase 5+      |
+| `POST /api/admin/assets` (R2)      | Not yet wired                         | Phase 3.5     |
+| Global cache purge (REST API)      | Colo-local only via `Cache.delete`    | Phase 5+      |
+| CORS preflight for cross-origin    | Not handled (admin UI is same-origin) | Phase 5+      |
+| CLI scaffolding (`create-takuhon`) | Minimal Wrangler bootstrap            | Phase 3.6     |

package/dist/index.d.ts

@@ -0,0 +1,49 @@
+/// <reference types="@cloudflare/workers-types" />
+import { Takuhon } from '@takuhon/core';
+
+interface Env {
+    TAKUHON_KV: KVNamespace;
+    /**
+     * Admin bearer token. Provision via `wrangler secret put TAKUHON_ADMIN_TOKEN`.
+     * Leave unset to disable admin writes entirely (every PUT/DELETE returns 401).
+     */
+    TAKUHON_ADMIN_TOKEN?: string;
+    /**
+     * Comma-separated Origin allowlist for browser-originating admin requests.
+     * Empty / unset disables the check (deploy without a configured allowlist is
+     * acceptable when the admin UI is same-origin; documented in the README).
+     */
+    TAKUHON_ADMIN_ORIGIN?: string;
+}
+/** Options accepted by {@link createTakuhonWorker}. */
+interface CreateTakuhonWorkerOptions {
+    /**
+     * Lazy producer for the fallback Takuhon document served when KV has no
+     * stored profile yet. Called at most once per Worker invocation, on the
+     * cold path where the storage layer returns no entry. Implementations
+     * typically import a bundled `takuhon.json`, validate it once, and return
+     * the resulting value.
+     */
+    readonly fallback: () => Takuhon;
+}
+/**
+ * Build a Cloudflare Worker handler for the takuhon adapter. Wires
+ * `@takuhon/api`'s public/admin app factories to the KV-backed storage,
+ * Cloudflare edge cache purger, and console audit logger that ship with
+ * this package.
+ *
+ * This is the entry point used by projects scaffolded with
+ * `create-takuhon`: their `src/index.ts` imports `createTakuhonWorker`,
+ * passes a `fallback` that loads the project's own `takuhon.json`, and
+ * `export default`s the returned handler. The default export of this
+ * module is a convenience that calls the same factory with the monorepo's
+ * bundled `personal-profile` fixture.
+ */
+declare function createTakuhonWorker(opts: CreateTakuhonWorkerOptions): {
+    fetch: (request: Request, env: Env) => Response | Promise<Response>;
+};
+declare const _default: {
+    fetch: (request: Request, env: Env) => Response | Promise<Response>;
+};
+
+export { type CreateTakuhonWorkerOptions, type Env, createTakuhonWorker, _default as default };

package/dist/index.js

@@ -0,0 +1,341 @@
+// src/index.ts
+import {
+  ERROR_SLUGS,
+  createAdminApiApp,
+  createAdminUiApp,
+  createPublicApp,
+  problemResponse
+} from "@takuhon/api";
+import { validate } from "@takuhon/core";
+import { Hono } from "hono";
+
+// ../../examples/personal-profile/takuhon.json
+var takuhon_default = {
+  schemaVersion: "0.1.0",
+  profile: {
+    displayName: {
+      en: "Pat Rivera",
+      ja: "\u30D1\u30C3\u30C8\u30FB\u30EA\u30D9\u30E9"
+    },
+    tagline: {
+      en: "Open-source maintainer and accessibility advocate",
+      ja: "\u30AA\u30FC\u30D7\u30F3\u30BD\u30FC\u30B9\u30E1\u30F3\u30C6\u30CA / \u30A2\u30AF\u30BB\u30B7\u30D3\u30EA\u30C6\u30A3\u5B9F\u8DF5\u8005"
+    },
+    bio: {
+      en: "Pat Rivera is a fictional persona used to exercise every field of the takuhon profile schema. They maintain a handful of open-source libraries focused on accessibility tooling and frequently speak at local meetups.",
+      ja: "Pat Rivera \u306F takuhon \u30D7\u30ED\u30D5\u30A3\u30FC\u30EB schema \u306E\u5168\u30D5\u30A3\u30FC\u30EB\u30C9\u3092\u793A\u3059\u305F\u3081\u306E\u67B6\u7A7A\u306E\u4EBA\u7269\u3067\u3059\u3002\u30A2\u30AF\u30BB\u30B7\u30D3\u30EA\u30C6\u30A3\u7CFB\u306E\u30AA\u30FC\u30D7\u30F3\u30BD\u30FC\u30B9\u30E9\u30A4\u30D6\u30E9\u30EA\u3092\u4FDD\u5B88\u3057\u3001\u5730\u57DF\u30B3\u30DF\u30E5\u30CB\u30C6\u30A3\u3067\u767B\u58C7\u3057\u3066\u3044\u307E\u3059\u3002"
+    },
+    avatar: {
+      url: "/assets/avatar.webp",
+      alt: {
+        en: "Pat Rivera smiling, wearing round glasses, in front of a soft gradient.",
+        ja: "\u30BD\u30D5\u30C8\u306A\u30B0\u30E9\u30C7\u30FC\u30B7\u30E7\u30F3\u3092\u80CC\u666F\u306B\u5FAE\u7B11\u3080 Pat Rivera\u3002\u4E38\u773C\u93E1\u3092\u7740\u7528\u3002"
+      }
+    },
+    location: {
+      country: "PT",
+      region: "Lisbon",
+      locality: {
+        en: "Lisbon",
+        ja: "\u30EA\u30B9\u30DC\u30F3"
+      },
+      display: {
+        en: "Lisbon, Portugal",
+        ja: "\u30DD\u30EB\u30C8\u30AC\u30EB\u30FB\u30EA\u30B9\u30DC\u30F3"
+      }
+    }
+  },
+  links: [
+    {
+      id: "website",
+      type: "website",
+      label: { en: "Personal site" },
+      url: "https://example.com/pat",
+      featured: true,
+      order: 0
+    },
+    {
+      id: "github",
+      type: "github",
+      url: "https://github.com/example-pat",
+      featured: true,
+      order: 1
+    },
+    {
+      id: "mastodon",
+      type: "mastodon",
+      url: "https://example.social/@pat",
+      order: 2
+    },
+    {
+      id: "blog",
+      type: "blog",
+      label: {
+        en: "Notes on accessible UI",
+        ja: "\u30A2\u30AF\u30BB\u30B7\u30D6\u30EB UI \u306E\u899A\u3048\u66F8\u304D"
+      },
+      url: "https://example.com/pat/blog",
+      order: 3
+    },
+    {
+      id: "newsletter",
+      type: "custom",
+      label: {
+        en: "Weekly newsletter",
+        ja: "\u9031\u6B21\u30CB\u30E5\u30FC\u30B9\u30EC\u30BF\u30FC"
+      },
+      url: "https://example.com/pat/newsletter",
+      iconUrl: "https://example.com/assets/icons/newsletter.svg",
+      order: 4
+    }
+  ],
+  careers: [
+    {
+      id: "stellar-ux",
+      organization: {
+        en: "Stellar UX Studio",
+        ja: "\u30B9\u30C6\u30E9 UX \u30B9\u30BF\u30B8\u30AA"
+      },
+      role: {
+        en: "Principal Accessibility Engineer",
+        ja: "\u30D7\u30EA\u30F3\u30B7\u30D1\u30EB\u30FB\u30A2\u30AF\u30BB\u30B7\u30D3\u30EA\u30C6\u30A3\u30A8\u30F3\u30B8\u30CB\u30A2"
+      },
+      description: {
+        en: "Lead the accessibility engineering practice across product surfaces, drive WCAG 2.2 conformance reviews, and mentor a team of five engineers.",
+        ja: "\u30D7\u30ED\u30C0\u30AF\u30C8\u5168\u4F53\u306E\u30A2\u30AF\u30BB\u30B7\u30D3\u30EA\u30C6\u30A3\u8A2D\u8A08\u3092\u7D71\u62EC\u3002WCAG 2.2 \u9069\u5408\u30EC\u30D3\u30E5\u30FC\u3092\u4E3B\u5C0E\u3057\u30015 \u540D\u306E\u30A8\u30F3\u30B8\u30CB\u30A2\u3092\u30E1\u30F3\u30BF\u30EA\u30F3\u30B0\u3002"
+      },
+      startDate: "2023-04",
+      endDate: null,
+      isCurrent: true,
+      url: "https://example.com/stellar",
+      order: 0
+    },
+    {
+      id: "harbor-labs",
+      organization: {
+        en: "Harbor Labs",
+        ja: "\u30CF\u30FC\u30D0\u30FC\u30E9\u30DC"
+      },
+      role: {
+        en: "Senior Frontend Engineer",
+        ja: "\u30B7\u30CB\u30A2\u30D5\u30ED\u30F3\u30C8\u30A8\u30F3\u30C9\u30A8\u30F3\u30B8\u30CB\u30A2"
+      },
+      description: {
+        en: "Built the design system foundation and an accessible component library used across nine internal products.",
+        ja: "\u30C7\u30B6\u30A4\u30F3\u30B7\u30B9\u30C6\u30E0\u57FA\u76E4\u3068\u3001\u793E\u5185 9 \u30D7\u30ED\u30C0\u30AF\u30C8\u3067\u5229\u7528\u3055\u308C\u308B\u30A2\u30AF\u30BB\u30B7\u30D6\u30EB\u306A\u30B3\u30F3\u30DD\u30FC\u30CD\u30F3\u30C8\u30E9\u30A4\u30D6\u30E9\u30EA\u3092\u8A2D\u8A08\u3002"
+      },
+      startDate: "2019-06",
+      endDate: "2023-03",
+      order: 1
+    }
+  ],
+  projects: [
+    {
+      id: "axe-helpers",
+      title: {
+        en: "axe-helpers",
+        ja: "axe-helpers"
+      },
+      description: {
+        en: "A tiny set of utilities that wraps axe-core for use in component-level integration tests.",
+        ja: "\u30B3\u30F3\u30DD\u30FC\u30CD\u30F3\u30C8\u5358\u4F4D\u306E\u7D71\u5408\u30C6\u30B9\u30C8\u5411\u3051\u306B axe-core \u3092\u30E9\u30C3\u30D7\u3059\u308B\u5C0F\u898F\u6A21\u30E6\u30FC\u30C6\u30A3\u30EA\u30C6\u30A3\u96C6\u3002"
+      },
+      url: "https://example.com/axe-helpers",
+      tags: ["accessibility", "testing", "typescript"],
+      relatedCareerId: "stellar-ux",
+      startDate: "2023-09",
+      highlighted: true,
+      order: 0
+    },
+    {
+      id: "color-contrast-cli",
+      title: {
+        en: "color-contrast-cli",
+        ja: "color-contrast-cli"
+      },
+      description: {
+        en: "Command-line tool that audits design tokens for WCAG contrast ratios.",
+        ja: "\u30C7\u30B6\u30A4\u30F3\u30C8\u30FC\u30AF\u30F3\u306E WCAG \u30B3\u30F3\u30C8\u30E9\u30B9\u30C8\u6BD4\u3092\u76E3\u67FB\u3059\u308B\u30B3\u30DE\u30F3\u30C9\u30E9\u30A4\u30F3\u30C4\u30FC\u30EB\u3002"
+      },
+      url: "https://example.com/color-contrast-cli",
+      tags: ["accessibility", "cli", "design-tokens"],
+      startDate: "2021-02",
+      endDate: "2022-08",
+      order: 1
+    },
+    {
+      id: "meetup-talks",
+      title: {
+        en: "Local meetup talks",
+        ja: "\u5730\u57DF\u30B3\u30DF\u30E5\u30CB\u30C6\u30A3\u767B\u58C7"
+      },
+      order: 2
+    }
+  ],
+  skills: [
+    { id: "typescript", label: "TypeScript", category: "programming", order: 0 },
+    { id: "react", label: "React", category: "programming", order: 1 },
+    { id: "wcag-2-2", label: "WCAG 2.2", category: "design", order: 2 },
+    { id: "aria", label: "ARIA", category: "design", order: 3 },
+    { id: "storybook", label: "Storybook", category: "programming", order: 4 },
+    { id: "playwright", label: "Playwright", category: "programming", order: 5 },
+    { id: "design-tokens", label: "Design tokens", category: "design", order: 6 },
+    { id: "portuguese", label: "Portuguese (B2)", category: "language", order: 7 }
+  ],
+  contact: {
+    email: "pat@example.com",
+    showEmail: false,
+    formUrl: "https://example.com/pat/contact"
+  },
+  settings: {
+    defaultLocale: "en",
+    fallbackLocale: "en",
+    availableLocales: ["en", "ja"],
+    theme: "default",
+    showPoweredBy: true,
+    enableJsonLd: true,
+    enableApi: true,
+    enableAnalytics: false
+  },
+  meta: {
+    createdAt: "2026-01-15T09:00:00Z",
+    updatedAt: "2026-05-12T08:30:00Z",
+    generator: "Takuhon",
+    contentLicense: {
+      spdxId: "CC-BY-4.0",
+      url: "https://creativecommons.org/licenses/by/4.0/",
+      attribution: {
+        name: "Pat Rivera",
+        url: "https://example.com/pat"
+      }
+    }
+  }
+};
+
+// src/admin/cloudflare-cache-purger.ts
+var CloudflareCachePurger = class {
+  /**
+   * `getCache` is a thunk so the Workers-only `caches` global is touched
+   * lazily — public-only requests on this Worker never run admin handlers
+   * and must not pay (or fail under Node tests) for the lookup.
+   */
+  constructor(getCache, opts) {
+    this.getCache = getCache;
+    this.origin = opts.origin.replace(/\/$/, "");
+    this.langs = opts.langs ?? ["en", "ja"];
+  }
+  getCache;
+  origin;
+  langs;
+  async profileUpdated() {
+    await this.purge();
+  }
+  async profileDeleted() {
+    await this.purge();
+  }
+  async purge() {
+    const cache = this.getCache();
+    const targets = ["/", "/api/profile", "/api/jsonld", "/takuhon.json"];
+    for (const lang of this.langs) {
+      const q = `?lang=${encodeURIComponent(lang)}`;
+      targets.push(`/api/profile${q}`, `/api/jsonld${q}`);
+    }
+    for (const path of targets) {
+      await cache.delete(new Request(this.origin + path), { ignoreMethod: true });
+    }
+  }
+};
+
+// src/admin/console-audit-logger.ts
+var consoleAuditLogger = (event) => {
+  console.log(JSON.stringify(event));
+};
+
+// src/kv-storage.ts
+import { ConflictError, NotFoundError } from "@takuhon/core";
+var KV_KEY = "TAKUHON_DATA";
+var KvTakuhonStorage = class {
+  constructor(kv) {
+    this.kv = kv;
+  }
+  kv;
+  async getProfile() {
+    const result = await this.kv.getWithMetadata(KV_KEY, "json");
+    if (result.value === null || !result.metadata?.version) {
+      throw new NotFoundError(`No profile is stored at KV key "${KV_KEY}".`);
+    }
+    return { data: result.value, version: result.metadata.version };
+  }
+  async saveProfile(data, ifMatch) {
+    if (ifMatch !== void 0) {
+      const current = await this.kv.getWithMetadata(KV_KEY, "json");
+      const currentVersion = current.metadata?.version;
+      if (currentVersion !== ifMatch) {
+        throw new ConflictError(
+          `If-Match preconditioned on version "${ifMatch}" but current is "${currentVersion ?? "absent"}".`,
+          { currentVersion }
+        );
+      }
+    }
+    const version = crypto.randomUUID();
+    const updatedAt = (/* @__PURE__ */ new Date()).toISOString();
+    await this.kv.put(KV_KEY, JSON.stringify(data), {
+      metadata: { version, updatedAt }
+    });
+    return { version };
+  }
+  async deleteProfile() {
+    await this.kv.delete(KV_KEY);
+  }
+};
+
+// src/index.ts
+function parseOrigins(raw) {
+  if (raw === void 0 || raw === "") return [];
+  return raw.split(",").map((s) => s.trim()).filter((s) => s !== "");
+}
+function createTakuhonWorker(opts) {
+  return {
+    fetch(request, env) {
+      const url = new URL(request.url);
+      const storage = new KvTakuhonStorage(env.TAKUHON_KV);
+      const cachePurger = new CloudflareCachePurger(() => caches.default, {
+        origin: url.origin
+      });
+      const auditLogger = consoleAuditLogger;
+      const router = new Hono();
+      router.notFound(
+        (c) => problemResponse(c, {
+          slug: ERROR_SLUGS.notFound,
+          status: 404,
+          title: "Not Found",
+          detail: `No route matches ${new URL(c.req.url).pathname}.`
+        })
+      );
+      router.route(
+        "/api/admin",
+        createAdminApiApp({
+          storage,
+          getAdminToken: () => env.TAKUHON_ADMIN_TOKEN,
+          getAdminOrigins: () => parseOrigins(env.TAKUHON_ADMIN_ORIGIN),
+          cachePurger,
+          auditLogger
+        })
+      );
+      router.route("/admin", createAdminUiApp());
+      router.route("/", createPublicApp({ storage, fallback: opts.fallback }));
+      return router.fetch(request, env);
+    }
+  };
+}
+function bundledFallback() {
+  const r = validate(takuhon_default);
+  if (!r.ok) throw new Error("Bundled fixture failed validation.");
+  return r.data;
+}
+var index_default = createTakuhonWorker({ fallback: bundledFallback });
+export {
+  createTakuhonWorker,
+  index_default as default
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/index.ts","../../../examples/personal-profile/takuhon.json","../src/admin/cloudflare-cache-purger.ts","../src/admin/console-audit-logger.ts","../src/kv-storage.ts"],"sourcesContent":["import {\n  ERROR_SLUGS,\n  createAdminApiApp,\n  createAdminUiApp,\n  createPublicApp,\n  problemResponse,\n  type AuditLogger,\n  type CachePurger,\n} from '@takuhon/api';\nimport { validate, type Takuhon } from '@takuhon/core';\nimport { Hono } from 'hono';\n\nimport exampleJson from '../../../examples/personal-profile/takuhon.json' with { type: 'json' };\n\nimport { CloudflareCachePurger } from './admin/cloudflare-cache-purger.js';\nimport { consoleAuditLogger } from './admin/console-audit-logger.js';\nimport { KvTakuhonStorage } from './kv-storage.js';\n\nexport interface Env {\n  TAKUHON_KV: KVNamespace;\n  /**\n   * Admin bearer token. Provision via `wrangler secret put TAKUHON_ADMIN_TOKEN`.\n   * Leave unset to disable admin writes entirely (every PUT/DELETE returns 401).\n   */\n  TAKUHON_ADMIN_TOKEN?: string;\n  /**\n   * Comma-separated Origin allowlist for browser-originating admin requests.\n   * Empty / unset disables the check (deploy without a configured allowlist is\n   * acceptable when the admin UI is same-origin; documented in the README).\n   */\n  TAKUHON_ADMIN_ORIGIN?: string;\n}\n\n/** Options accepted by {@link createTakuhonWorker}. */\nexport interface CreateTakuhonWorkerOptions {\n  /**\n   * Lazy producer for the fallback Takuhon document served when KV has no\n   * stored profile yet. Called at most once per Worker invocation, on the\n   * cold path where the storage layer returns no entry. Implementations\n   * typically import a bundled `takuhon.json`, validate it once, and return\n   * the resulting value.\n   */\n  readonly fallback: () => Takuhon;\n}\n\nfunction parseOrigins(raw: string | undefined): string[] {\n  if (raw === undefined || raw === '') return [];\n  return raw\n    .split(',')\n    .map((s) => s.trim())\n    .filter((s) => s !== '');\n}\n\n/**\n * Build a Cloudflare Worker handler for the takuhon adapter. Wires\n * `@takuhon/api`'s public/admin app factories to the KV-backed storage,\n * Cloudflare edge cache purger, and console audit logger that ship with\n * this package.\n *\n * This is the entry point used by projects scaffolded with\n * `create-takuhon`: their `src/index.ts` imports `createTakuhonWorker`,\n * passes a `fallback` that loads the project's own `takuhon.json`, and\n * `export default`s the returned handler. The default export of this\n * module is a convenience that calls the same factory with the monorepo's\n * bundled `personal-profile` fixture.\n */\nexport function createTakuhonWorker(opts: CreateTakuhonWorkerOptions): {\n  fetch: (request: Request, env: Env) => Response | Promise<Response>;\n} {\n  return {\n    fetch(request: Request, env: Env): Response | Promise<Response> {\n      const url = new URL(request.url);\n      const storage = new KvTakuhonStorage(env.TAKUHON_KV);\n      const cachePurger: CachePurger = new CloudflareCachePurger(() => caches.default, {\n        origin: url.origin,\n      });\n      const auditLogger: AuditLogger = consoleAuditLogger;\n\n      const router = new Hono();\n      router.notFound((c) =>\n        problemResponse(c, {\n          slug: ERROR_SLUGS.notFound,\n          status: 404,\n          title: 'Not Found',\n          detail: `No route matches ${new URL(c.req.url).pathname}.`,\n        }),\n      );\n      router.route(\n        '/api/admin',\n        createAdminApiApp({\n          storage,\n          getAdminToken: () => env.TAKUHON_ADMIN_TOKEN,\n          getAdminOrigins: () => parseOrigins(env.TAKUHON_ADMIN_ORIGIN),\n          cachePurger,\n          auditLogger,\n        }),\n      );\n      router.route('/admin', createAdminUiApp());\n      router.route('/', createPublicApp({ storage, fallback: opts.fallback }));\n\n      return router.fetch(request, env);\n    },\n  };\n}\n\nfunction bundledFallback(): Takuhon {\n  const r = validate(exampleJson);\n  if (!r.ok) throw new Error('Bundled fixture failed validation.');\n  return r.data;\n}\n\nexport default createTakuhonWorker({ fallback: bundledFallback });\n","{\n  \"schemaVersion\": \"0.1.0\",\n  \"profile\": {\n    \"displayName\": {\n      \"en\": \"Pat Rivera\",\n      \"ja\": \"パット・リベラ\"\n    },\n    \"tagline\": {\n      \"en\": \"Open-source maintainer and accessibility advocate\",\n      \"ja\": \"オープンソースメンテナ / アクセシビリティ実践者\"\n    },\n    \"bio\": {\n      \"en\": \"Pat Rivera is a fictional persona used to exercise every field of the takuhon profile schema. They maintain a handful of open-source libraries focused on accessibility tooling and frequently speak at local meetups.\",\n      \"ja\": \"Pat Rivera は takuhon プロフィール schema の全フィールドを示すための架空の人物です。アクセシビリティ系のオープンソースライブラリを保守し、地域コミュニティで登壇しています。\"\n    },\n    \"avatar\": {\n      \"url\": \"/assets/avatar.webp\",\n      \"alt\": {\n        \"en\": \"Pat Rivera smiling, wearing round glasses, in front of a soft gradient.\",\n        \"ja\": \"ソフトなグラデーションを背景に微笑む Pat Rivera。丸眼鏡を着用。\"\n      }\n    },\n    \"location\": {\n      \"country\": \"PT\",\n      \"region\": \"Lisbon\",\n      \"locality\": {\n        \"en\": \"Lisbon\",\n        \"ja\": \"リスボン\"\n      },\n      \"display\": {\n        \"en\": \"Lisbon, Portugal\",\n        \"ja\": \"ポルトガル・リスボン\"\n      }\n    }\n  },\n  \"links\": [\n    {\n      \"id\": \"website\",\n      \"type\": \"website\",\n      \"label\": { \"en\": \"Personal site\" },\n      \"url\": \"https://example.com/pat\",\n      \"featured\": true,\n      \"order\": 0\n    },\n    {\n      \"id\": \"github\",\n      \"type\": \"github\",\n      \"url\": \"https://github.com/example-pat\",\n      \"featured\": true,\n      \"order\": 1\n    },\n    {\n      \"id\": \"mastodon\",\n      \"type\": \"mastodon\",\n      \"url\": \"https://example.social/@pat\",\n      \"order\": 2\n    },\n    {\n      \"id\": \"blog\",\n      \"type\": \"blog\",\n      \"label\": {\n        \"en\": \"Notes on accessible UI\",\n        \"ja\": \"アクセシブル UI の覚え書き\"\n      },\n      \"url\": \"https://example.com/pat/blog\",\n      \"order\": 3\n    },\n    {\n      \"id\": \"newsletter\",\n      \"type\": \"custom\",\n      \"label\": {\n        \"en\": \"Weekly newsletter\",\n        \"ja\": \"週次ニュースレター\"\n      },\n      \"url\": \"https://example.com/pat/newsletter\",\n      \"iconUrl\": \"https://example.com/assets/icons/newsletter.svg\",\n      \"order\": 4\n    }\n  ],\n  \"careers\": [\n    {\n      \"id\": \"stellar-ux\",\n      \"organization\": {\n        \"en\": \"Stellar UX Studio\",\n        \"ja\": \"ステラ UX スタジオ\"\n      },\n      \"role\": {\n        \"en\": \"Principal Accessibility Engineer\",\n        \"ja\": \"プリンシパル・アクセシビリティエンジニア\"\n      },\n      \"description\": {\n        \"en\": \"Lead the accessibility engineering practice across product surfaces, drive WCAG 2.2 conformance reviews, and mentor a team of five engineers.\",\n        \"ja\": \"プロダクト全体のアクセシビリティ設計を統括。WCAG 2.2 適合レビューを主導し、5 名のエンジニアをメンタリング。\"\n      },\n      \"startDate\": \"2023-04\",\n      \"endDate\": null,\n      \"isCurrent\": true,\n      \"url\": \"https://example.com/stellar\",\n      \"order\": 0\n    },\n    {\n      \"id\": \"harbor-labs\",\n      \"organization\": {\n        \"en\": \"Harbor Labs\",\n        \"ja\": \"ハーバーラボ\"\n      },\n      \"role\": {\n        \"en\": \"Senior Frontend Engineer\",\n        \"ja\": \"シニアフロントエンドエンジニア\"\n      },\n      \"description\": {\n        \"en\": \"Built the design system foundation and an accessible component library used across nine internal products.\",\n        \"ja\": \"デザインシステム基盤と、社内 9 プロダクトで利用されるアクセシブルなコンポーネントライブラリを設計。\"\n      },\n      \"startDate\": \"2019-06\",\n      \"endDate\": \"2023-03\",\n      \"order\": 1\n    }\n  ],\n  \"projects\": [\n    {\n      \"id\": \"axe-helpers\",\n      \"title\": {\n        \"en\": \"axe-helpers\",\n        \"ja\": \"axe-helpers\"\n      },\n      \"description\": {\n        \"en\": \"A tiny set of utilities that wraps axe-core for use in component-level integration tests.\",\n        \"ja\": \"コンポーネント単位の統合テスト向けに axe-core をラップする小規模ユーティリティ集。\"\n      },\n      \"url\": \"https://example.com/axe-helpers\",\n      \"tags\": [\"accessibility\", \"testing\", \"typescript\"],\n      \"relatedCareerId\": \"stellar-ux\",\n      \"startDate\": \"2023-09\",\n      \"highlighted\": true,\n      \"order\": 0\n    },\n    {\n      \"id\": \"color-contrast-cli\",\n      \"title\": {\n        \"en\": \"color-contrast-cli\",\n        \"ja\": \"color-contrast-cli\"\n      },\n      \"description\": {\n        \"en\": \"Command-line tool that audits design tokens for WCAG contrast ratios.\",\n        \"ja\": \"デザイントークンの WCAG コントラスト比を監査するコマンドラインツール。\"\n      },\n      \"url\": \"https://example.com/color-contrast-cli\",\n      \"tags\": [\"accessibility\", \"cli\", \"design-tokens\"],\n      \"startDate\": \"2021-02\",\n      \"endDate\": \"2022-08\",\n      \"order\": 1\n    },\n    {\n      \"id\": \"meetup-talks\",\n      \"title\": {\n        \"en\": \"Local meetup talks\",\n        \"ja\": \"地域コミュニティ登壇\"\n      },\n      \"order\": 2\n    }\n  ],\n  \"skills\": [\n    { \"id\": \"typescript\", \"label\": \"TypeScript\", \"category\": \"programming\", \"order\": 0 },\n    { \"id\": \"react\", \"label\": \"React\", \"category\": \"programming\", \"order\": 1 },\n    { \"id\": \"wcag-2-2\", \"label\": \"WCAG 2.2\", \"category\": \"design\", \"order\": 2 },\n    { \"id\": \"aria\", \"label\": \"ARIA\", \"category\": \"design\", \"order\": 3 },\n    { \"id\": \"storybook\", \"label\": \"Storybook\", \"category\": \"programming\", \"order\": 4 },\n    { \"id\": \"playwright\", \"label\": \"Playwright\", \"category\": \"programming\", \"order\": 5 },\n    { \"id\": \"design-tokens\", \"label\": \"Design tokens\", \"category\": \"design\", \"order\": 6 },\n    { \"id\": \"portuguese\", \"label\": \"Portuguese (B2)\", \"category\": \"language\", \"order\": 7 }\n  ],\n  \"contact\": {\n    \"email\": \"pat@example.com\",\n    \"showEmail\": false,\n    \"formUrl\": \"https://example.com/pat/contact\"\n  },\n  \"settings\": {\n    \"defaultLocale\": \"en\",\n    \"fallbackLocale\": \"en\",\n    \"availableLocales\": [\"en\", \"ja\"],\n    \"theme\": \"default\",\n    \"showPoweredBy\": true,\n    \"enableJsonLd\": true,\n    \"enableApi\": true,\n    \"enableAnalytics\": false\n  },\n  \"meta\": {\n    \"createdAt\": \"2026-01-15T09:00:00Z\",\n    \"updatedAt\": \"2026-05-12T08:30:00Z\",\n    \"generator\": \"Takuhon\",\n    \"contentLicense\": {\n      \"spdxId\": \"CC-BY-4.0\",\n      \"url\": \"https://creativecommons.org/licenses/by/4.0/\",\n      \"attribution\": {\n        \"name\": \"Pat Rivera\",\n        \"url\": \"https://example.com/pat\"\n      }\n    }\n  }\n}\n","import type { CachePurger } from '@takuhon/api';\n\nexport interface CloudflareCachePurgerOptions {\n  /**\n   * Absolute origin (e.g. `https://example.com`) used to build the URLs\n   * passed to `Cache.delete`. The Worker derives this from the incoming\n   * request's URL so the same code works under any production hostname.\n   */\n  origin: string;\n  /**\n   * Locale codes to include when purging language-keyed cache entries.\n   * Cloudflare caches `?lang=` query variants as distinct keys; we purge\n   * a representative set on every write. Adapters can extend the list to\n   * cover other locales the deploy serves.\n   */\n  langs?: string[];\n}\n\n/**\n * `CachePurger` backed by Cloudflare's colo-local `caches.default`.\n *\n * Limitations (documented in the adapter README):\n *  - Cloudflare's `Cache.delete` clears the current colo only, not the\n *    entire edge. Other colos honour the response's `Cache-Control`\n *    `s-maxage` (5 minutes today) before refreshing.\n *  - Truly global invalidation requires the REST `/purge_cache` API,\n *    which needs a zone-scoped token; that's deferred to a later phase.\n */\nexport class CloudflareCachePurger implements CachePurger {\n  private readonly origin: string;\n  private readonly langs: string[];\n\n  /**\n   * `getCache` is a thunk so the Workers-only `caches` global is touched\n   * lazily — public-only requests on this Worker never run admin handlers\n   * and must not pay (or fail under Node tests) for the lookup.\n   */\n  constructor(\n    private readonly getCache: () => Cache,\n    opts: CloudflareCachePurgerOptions,\n  ) {\n    this.origin = opts.origin.replace(/\\/$/, '');\n    this.langs = opts.langs ?? ['en', 'ja'];\n  }\n\n  async profileUpdated(): Promise<void> {\n    await this.purge();\n  }\n\n  async profileDeleted(): Promise<void> {\n    await this.purge();\n  }\n\n  private async purge(): Promise<void> {\n    const cache = this.getCache();\n    const targets = ['/', '/api/profile', '/api/jsonld', '/takuhon.json'];\n    for (const lang of this.langs) {\n      const q = `?lang=${encodeURIComponent(lang)}`;\n      targets.push(`/api/profile${q}`, `/api/jsonld${q}`);\n    }\n    for (const path of targets) {\n      await cache.delete(new Request(this.origin + path), { ignoreMethod: true });\n    }\n  }\n}\n","import type { AuditEvent, AuditLogger } from '@takuhon/api';\n\n/**\n * `AuditLogger` that writes a single line of JSON per event to `console.log`.\n *\n * Cloudflare captures these via Workers Tail / Logpush, where they can be\n * routed to R2, S3, or any downstream SIEM. Token bodies never reach this\n * sink — the upstream middleware only emits `sha256:<hex>` digests in\n * `actor.tokenHash`.\n */\nexport const consoleAuditLogger: AuditLogger = (event: AuditEvent): void => {\n  console.log(JSON.stringify(event));\n};\n","import { ConflictError, NotFoundError, type Takuhon, type TakuhonStorage } from '@takuhon/core';\n\nexport const KV_KEY = 'TAKUHON_DATA';\n\nexport interface KvMetadata {\n  version: string;\n  updatedAt: string;\n}\n\n/**\n * Cloudflare KV implementation of the `TakuhonStorage` contract. Stores the\n * profile document as JSON under a single key (`TAKUHON_DATA`) and tracks the\n * optimistic-locking token inside KV value metadata.\n *\n * `version` is a fresh UUIDv4 on every successful write. Callers compare it\n * verbatim against the `If-Match` precondition; mismatches raise\n * `ConflictError` with `currentVersion` so the API layer can build the RFC\n * 7807 envelope without an extra round trip.\n */\nexport class KvTakuhonStorage implements TakuhonStorage {\n  constructor(private readonly kv: KVNamespace) {}\n\n  async getProfile(): Promise<{ data: Takuhon; version: string }> {\n    const result = await this.kv.getWithMetadata<Takuhon, KvMetadata>(KV_KEY, 'json');\n    if (result.value === null || !result.metadata?.version) {\n      throw new NotFoundError(`No profile is stored at KV key \"${KV_KEY}\".`);\n    }\n    return { data: result.value, version: result.metadata.version };\n  }\n\n  async saveProfile(data: Takuhon, ifMatch?: string): Promise<{ version: string }> {\n    if (ifMatch !== undefined) {\n      const current = await this.kv.getWithMetadata<Takuhon, KvMetadata>(KV_KEY, 'json');\n      const currentVersion = current.metadata?.version;\n      if (currentVersion !== ifMatch) {\n        throw new ConflictError(\n          `If-Match preconditioned on version \"${ifMatch}\" but current is \"${currentVersion ?? 'absent'}\".`,\n          { currentVersion },\n        );\n      }\n    }\n    const version = crypto.randomUUID();\n    const updatedAt = new Date().toISOString();\n    await this.kv.put(KV_KEY, JSON.stringify(data), {\n      metadata: { version, updatedAt } satisfies KvMetadata,\n    });\n    return { version };\n  }\n\n  async deleteProfile(): Promise<void> {\n    await this.kv.delete(KV_KEY);\n  }\n}\n"],"mappings":";AAAA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OAGK;AACP,SAAS,gBAA8B;AACvC,SAAS,YAAY;;;ACVrB;AAAA,EACE,eAAiB;AAAA,EACjB,SAAW;AAAA,IACT,aAAe;AAAA,MACb,IAAM;AAAA,MACN,IAAM;AAAA,IACR;AAAA,IACA,SAAW;AAAA,MACT,IAAM;AAAA,MACN,IAAM;AAAA,IACR;AAAA,IACA,KAAO;AAAA,MACL,IAAM;AAAA,MACN,IAAM;AAAA,IACR;AAAA,IACA,QAAU;AAAA,MACR,KAAO;AAAA,MACP,KAAO;AAAA,QACL,IAAM;AAAA,QACN,IAAM;AAAA,MACR;AAAA,IACF;AAAA,IACA,UAAY;AAAA,MACV,SAAW;AAAA,MACX,QAAU;AAAA,MACV,UAAY;AAAA,QACV,IAAM;AAAA,QACN,IAAM;AAAA,MACR;AAAA,MACA,SAAW;AAAA,QACT,IAAM;AAAA,QACN,IAAM;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAAA,EACA,OAAS;AAAA,IACP;AAAA,MACE,IAAM;AAAA,MACN,MAAQ;AAAA,MACR,OAAS,EAAE,IAAM,gBAAgB;AAAA,MACjC,KAAO;AAAA,MACP,UAAY;AAAA,MACZ,OAAS;AAAA,IACX;AAAA,IACA;AAAA,MACE,IAAM;AAAA,MACN,MAAQ;AAAA,MACR,KAAO;AAAA,MACP,UAAY;AAAA,MACZ,OAAS;AAAA,IACX;AAAA,IACA;AAAA,MACE,IAAM;AAAA,MACN,MAAQ;AAAA,MACR,KAAO;AAAA,MACP,OAAS;AAAA,IACX;AAAA,IACA;AAAA,MACE,IAAM;AAAA,MACN,MAAQ;AAAA,MACR,OAAS;AAAA,QACP,IAAM;AAAA,QACN,IAAM;AAAA,MACR;AAAA,MACA,KAAO;AAAA,MACP,OAAS;AAAA,IACX;AAAA,IACA;AAAA,MACE,IAAM;AAAA,MACN,MAAQ;AAAA,MACR,OAAS;AAAA,QACP,IAAM;AAAA,QACN,IAAM;AAAA,MACR;AAAA,MACA,KAAO;AAAA,MACP,SAAW;AAAA,MACX,OAAS;AAAA,IACX;AAAA,EACF;AAAA,EACA,SAAW;AAAA,IACT;AAAA,MACE,IAAM;AAAA,MACN,cAAgB;AAAA,QACd,IAAM;AAAA,QACN,IAAM;AAAA,MACR;AAAA,MACA,MAAQ;AAAA,QACN,IAAM;AAAA,QACN,IAAM;AAAA,MACR;AAAA,MACA,aAAe;AAAA,QACb,IAAM;AAAA,QACN,IAAM;AAAA,MACR;AAAA,MACA,WAAa;AAAA,MACb,SAAW;AAAA,MACX,WAAa;AAAA,MACb,KAAO;AAAA,MACP,OAAS;AAAA,IACX;AAAA,IACA;AAAA,MACE,IAAM;AAAA,MACN,cAAgB;AAAA,QACd,IAAM;AAAA,QACN,IAAM;AAAA,MACR;AAAA,MACA,MAAQ;AAAA,QACN,IAAM;AAAA,QACN,IAAM;AAAA,MACR;AAAA,MACA,aAAe;AAAA,QACb,IAAM;AAAA,QACN,IAAM;AAAA,MACR;AAAA,MACA,WAAa;AAAA,MACb,SAAW;AAAA,MACX,OAAS;AAAA,IACX;AAAA,EACF;AAAA,EACA,UAAY;AAAA,IACV;AAAA,MACE,IAAM;AAAA,MACN,OAAS;AAAA,QACP,IAAM;AAAA,QACN,IAAM;AAAA,MACR;AAAA,MACA,aAAe;AAAA,QACb,IAAM;AAAA,QACN,IAAM;AAAA,MACR;AAAA,MACA,KAAO;AAAA,MACP,MAAQ,CAAC,iBAAiB,WAAW,YAAY;AAAA,MACjD,iBAAmB;AAAA,MACnB,WAAa;AAAA,MACb,aAAe;AAAA,MACf,OAAS;AAAA,IACX;AAAA,IACA;AAAA,MACE,IAAM;AAAA,MACN,OAAS;AAAA,QACP,IAAM;AAAA,QACN,IAAM;AAAA,MACR;AAAA,MACA,aAAe;AAAA,QACb,IAAM;AAAA,QACN,IAAM;AAAA,MACR;AAAA,MACA,KAAO;AAAA,MACP,MAAQ,CAAC,iBAAiB,OAAO,eAAe;AAAA,MAChD,WAAa;AAAA,MACb,SAAW;AAAA,MACX,OAAS;AAAA,IACX;AAAA,IACA;AAAA,MACE,IAAM;AAAA,MACN,OAAS;AAAA,QACP,IAAM;AAAA,QACN,IAAM;AAAA,MACR;AAAA,MACA,OAAS;AAAA,IACX;AAAA,EACF;AAAA,EACA,QAAU;AAAA,IACR,EAAE,IAAM,cAAc,OAAS,cAAc,UAAY,eAAe,OAAS,EAAE;AAAA,IACnF,EAAE,IAAM,SAAS,OAAS,SAAS,UAAY,eAAe,OAAS,EAAE;AAAA,IACzE,EAAE,IAAM,YAAY,OAAS,YAAY,UAAY,UAAU,OAAS,EAAE;AAAA,IAC1E,EAAE,IAAM,QAAQ,OAAS,QAAQ,UAAY,UAAU,OAAS,EAAE;AAAA,IAClE,EAAE,IAAM,aAAa,OAAS,aAAa,UAAY,eAAe,OAAS,EAAE;AAAA,IACjF,EAAE,IAAM,cAAc,OAAS,cAAc,UAAY,eAAe,OAAS,EAAE;AAAA,IACnF,EAAE,IAAM,iBAAiB,OAAS,iBAAiB,UAAY,UAAU,OAAS,EAAE;AAAA,IACpF,EAAE,IAAM,cAAc,OAAS,mBAAmB,UAAY,YAAY,OAAS,EAAE;AAAA,EACvF;AAAA,EACA,SAAW;AAAA,IACT,OAAS;AAAA,IACT,WAAa;AAAA,IACb,SAAW;AAAA,EACb;AAAA,EACA,UAAY;AAAA,IACV,eAAiB;AAAA,IACjB,gBAAkB;AAAA,IAClB,kBAAoB,CAAC,MAAM,IAAI;AAAA,IAC/B,OAAS;AAAA,IACT,eAAiB;AAAA,IACjB,cAAgB;AAAA,IAChB,WAAa;AAAA,IACb,iBAAmB;AAAA,EACrB;AAAA,EACA,MAAQ;AAAA,IACN,WAAa;AAAA,IACb,WAAa;AAAA,IACb,WAAa;AAAA,IACb,gBAAkB;AAAA,MAChB,QAAU;AAAA,MACV,KAAO;AAAA,MACP,aAAe;AAAA,QACb,MAAQ;AAAA,QACR,KAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AACF;;;AC5KO,IAAM,wBAAN,MAAmD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASxD,YACmB,UACjB,MACA;AAFiB;AAGjB,SAAK,SAAS,KAAK,OAAO,QAAQ,OAAO,EAAE;AAC3C,SAAK,QAAQ,KAAK,SAAS,CAAC,MAAM,IAAI;AAAA,EACxC;AAAA,EALmB;AAAA,EATF;AAAA,EACA;AAAA,EAejB,MAAM,iBAAgC;AACpC,UAAM,KAAK,MAAM;AAAA,EACnB;AAAA,EAEA,MAAM,iBAAgC;AACpC,UAAM,KAAK,MAAM;AAAA,EACnB;AAAA,EAEA,MAAc,QAAuB;AACnC,UAAM,QAAQ,KAAK,SAAS;AAC5B,UAAM,UAAU,CAAC,KAAK,gBAAgB,eAAe,eAAe;AACpE,eAAW,QAAQ,KAAK,OAAO;AAC7B,YAAM,IAAI,SAAS,mBAAmB,IAAI,CAAC;AAC3C,cAAQ,KAAK,eAAe,CAAC,IAAI,cAAc,CAAC,EAAE;AAAA,IACpD;AACA,eAAW,QAAQ,SAAS;AAC1B,YAAM,MAAM,OAAO,IAAI,QAAQ,KAAK,SAAS,IAAI,GAAG,EAAE,cAAc,KAAK,CAAC;AAAA,IAC5E;AAAA,EACF;AACF;;;ACtDO,IAAM,qBAAkC,CAAC,UAA4B;AAC1E,UAAQ,IAAI,KAAK,UAAU,KAAK,CAAC;AACnC;;;ACZA,SAAS,eAAe,qBAAwD;AAEzE,IAAM,SAAS;AAiBf,IAAM,mBAAN,MAAiD;AAAA,EACtD,YAA6B,IAAiB;AAAjB;AAAA,EAAkB;AAAA,EAAlB;AAAA,EAE7B,MAAM,aAA0D;AAC9D,UAAM,SAAS,MAAM,KAAK,GAAG,gBAAqC,QAAQ,MAAM;AAChF,QAAI,OAAO,UAAU,QAAQ,CAAC,OAAO,UAAU,SAAS;AACtD,YAAM,IAAI,cAAc,mCAAmC,MAAM,IAAI;AAAA,IACvE;AACA,WAAO,EAAE,MAAM,OAAO,OAAO,SAAS,OAAO,SAAS,QAAQ;AAAA,EAChE;AAAA,EAEA,MAAM,YAAY,MAAe,SAAgD;AAC/E,QAAI,YAAY,QAAW;AACzB,YAAM,UAAU,MAAM,KAAK,GAAG,gBAAqC,QAAQ,MAAM;AACjF,YAAM,iBAAiB,QAAQ,UAAU;AACzC,UAAI,mBAAmB,SAAS;AAC9B,cAAM,IAAI;AAAA,UACR,uCAAuC,OAAO,qBAAqB,kBAAkB,QAAQ;AAAA,UAC7F,EAAE,eAAe;AAAA,QACnB;AAAA,MACF;AAAA,IACF;AACA,UAAM,UAAU,OAAO,WAAW;AAClC,UAAM,aAAY,oBAAI,KAAK,GAAE,YAAY;AACzC,UAAM,KAAK,GAAG,IAAI,QAAQ,KAAK,UAAU,IAAI,GAAG;AAAA,MAC9C,UAAU,EAAE,SAAS,UAAU;AAAA,IACjC,CAAC;AACD,WAAO,EAAE,QAAQ;AAAA,EACnB;AAAA,EAEA,MAAM,gBAA+B;AACnC,UAAM,KAAK,GAAG,OAAO,MAAM;AAAA,EAC7B;AACF;;;AJPA,SAAS,aAAa,KAAmC;AACvD,MAAI,QAAQ,UAAa,QAAQ,GAAI,QAAO,CAAC;AAC7C,SAAO,IACJ,MAAM,GAAG,EACT,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,EACnB,OAAO,CAAC,MAAM,MAAM,EAAE;AAC3B;AAeO,SAAS,oBAAoB,MAElC;AACA,SAAO;AAAA,IACL,MAAM,SAAkB,KAAwC;AAC9D,YAAM,MAAM,IAAI,IAAI,QAAQ,GAAG;AAC/B,YAAM,UAAU,IAAI,iBAAiB,IAAI,UAAU;AACnD,YAAM,cAA2B,IAAI,sBAAsB,MAAM,OAAO,SAAS;AAAA,QAC/E,QAAQ,IAAI;AAAA,MACd,CAAC;AACD,YAAM,cAA2B;AAEjC,YAAM,SAAS,IAAI,KAAK;AACxB,aAAO;AAAA,QAAS,CAAC,MACf,gBAAgB,GAAG;AAAA,UACjB,MAAM,YAAY;AAAA,UAClB,QAAQ;AAAA,UACR,OAAO;AAAA,UACP,QAAQ,oBAAoB,IAAI,IAAI,EAAE,IAAI,GAAG,EAAE,QAAQ;AAAA,QACzD,CAAC;AAAA,MACH;AACA,aAAO;AAAA,QACL;AAAA,QACA,kBAAkB;AAAA,UAChB;AAAA,UACA,eAAe,MAAM,IAAI;AAAA,UACzB,iBAAiB,MAAM,aAAa,IAAI,oBAAoB;AAAA,UAC5D;AAAA,UACA;AAAA,QACF,CAAC;AAAA,MACH;AACA,aAAO,MAAM,UAAU,iBAAiB,CAAC;AACzC,aAAO,MAAM,KAAK,gBAAgB,EAAE,SAAS,UAAU,KAAK,SAAS,CAAC,CAAC;AAEvE,aAAO,OAAO,MAAM,SAAS,GAAG;AAAA,IAClC;AAAA,EACF;AACF;AAEA,SAAS,kBAA2B;AAClC,QAAM,IAAI,SAAS,eAAW;AAC9B,MAAI,CAAC,EAAE,GAAI,OAAM,IAAI,MAAM,oCAAoC;AAC/D,SAAO,EAAE;AACX;AAEA,IAAO,gBAAQ,oBAAoB,EAAE,UAAU,gBAAgB,CAAC;","names":[]}

package/package.json

@@ -0,0 +1,60 @@
+{
+  "name": "@takuhon/cloudflare",
+  "version": "0.1.0",
+  "description": "Cloudflare Workers adapter for takuhon — public API, Workers Assets, KV, R2 integrations",
+  "license": "Apache-2.0",
+  "author": "Takuhon contributors",
+  "homepage": "https://github.com/takuhon-dev/takuhon/tree/main/adapters/cloudflare#readme",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/takuhon-dev/takuhon.git",
+    "directory": "adapters/cloudflare"
+  },
+  "bugs": {
+    "url": "https://github.com/takuhon-dev/takuhon/issues"
+  },
+  "keywords": [
+    "takuhon",
+    "profile",
+    "cloudflare-workers",
+    "workers",
+    "adapter",
+    "hono"
+  ],
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE",
+    "NOTICE"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "engines": {
+    "node": ">=22.0.0"
+  },
+  "dependencies": {
+    "hono": "^4.12.19",
+    "@takuhon/core": "0.1.0",
+    "@takuhon/api": "0.1.0"
+  },
+  "devDependencies": {
+    "@cloudflare/workers-types": "^4.20251101.0",
+    "wrangler": "^4.30.0"
+  },
+  "scripts": {
+    "typecheck": "tsc",
+    "build": "tsup",
+    "test": "vitest run",
+    "dev": "wrangler dev"
+  }
+}