@tknf/matchbox 0.2.1

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 TKNF LLC
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,133 @@
+# Matchbox
+
+A simple CGI-style web server framework built on top of Hono. Treats `.cgi.tsx` / `.cgi.jsx` files under `public/` as pages, and brings Apache-style conventions like `.htaccess` and `.htpasswd` into modern tooling.
+
+## Features
+
+- File-based routing (`.cgi.tsx` / `.cgi.jsx` map directly to endpoints)
+- CGI-style context (`$_GET`, `$_POST`, `$_SESSION`, etc.)
+- `.htaccess` rewrites/redirects and `.htpasswd` Basic Auth
+- Session cookie configuration and custom middleware
+- Vite + TypeScript + JSX support
+
+## Install
+
+```bash
+pnpm add matchbox hono
+```
+
+## Quick Start
+
+`vite.config.ts`:
+
+```ts
+import devServer from "@hono/vite-dev-server";
+import { defineConfig } from "vite";
+import { MatchboxPlugin } from "matchbox/plugin";
+
+export default defineConfig({
+  plugins: [
+    MatchboxPlugin(),
+    devServer({
+      entry: "server.ts",
+      exclude: [/^\/public\/.+/, /^\/favicon\.ico$/],
+    }),
+  ],
+});
+```
+
+`server.ts`:
+
+```ts
+import { createCgi } from "matchbox";
+
+export default createCgi();
+```
+
+`public/index.cgi.tsx`:
+
+```tsx
+import type { CgiContext } from "matchbox";
+
+export default function ({ $_SERVER }: CgiContext) {
+  return (
+    <html>
+      <head>
+        <title>Matchbox</title>
+      </head>
+      <body>
+        <h1>Hello Matchbox</h1>
+        <p>Method: {$_SERVER.REQUEST_METHOD}</p>
+      </body>
+    </html>
+  );
+}
+```
+
+Start the dev server:
+
+```bash
+pnpm dev
+```
+
+## CGI Context
+
+Page functions receive a `CgiContext`.
+
+- `$_GET` / `$_POST` / `$_FILES` / `$_REQUEST`
+- `$_SESSION` / `$_COOKIE` / `$_ENV` / `$_SERVER`
+- `header(name, value)` / `status(code)` / `redirect(url, status?)`
+- `cgiinfo()` / `get_modules()` / `get_version()`
+
+## Configuration
+
+### MatchboxPlugin
+
+```ts
+MatchboxPlugin({
+  publicDir: "public",
+  config: { siteName: "My Site" },
+});
+```
+
+- `publicDir`: Root directory for page discovery (default: `public`)
+- `config`: Configuration object injected into pages
+
+### createCgi
+
+```ts
+createCgi({
+  sessionCookie: {
+    name: "_SESSION_ID",
+    sameSite: "Lax",
+    secure: true,
+    maxAge: 3600,
+  },
+  enforceTrailingSlash: true,
+  middleware: [
+    async (c, next) => {
+      c.header("X-App", "matchbox");
+      await next();
+    },
+  ],
+  logger: (message, level) => {
+    console.log(`[${level ?? "info"}] ${message}`);
+  },
+});
+```
+
+## Auth and Rewrites
+
+Place these under `public/` to enable them.
+
+- `.htpasswd`: Directory-level Basic Auth
+- `.htaccess`: Simple `RewriteRule` / `Redirect` support
+
+## References
+
+- Examples: `examples/README.md`
+- Security: `docs/security.md`
+
+## License
+
+MIT License. See `LICENSE` for details.

package/dist/cgi.d.ts

@@ -0,0 +1,106 @@
+import * as hono_types from 'hono/types';
+import { Context, Hono } from 'hono';
+import { HtmlEscapedString } from 'hono/utils/html';
+
+type ConfigObject = Record<string, any>;
+/**
+ * --- Session Cookie Configuration ---
+ */
+interface SessionCookieOptions {
+    /** Session cookie name (default: "_SESSION_ID") */
+    name?: string;
+    /** Session cookie path (default: "/") */
+    path?: string;
+    /** Session cookie domain */
+    domain?: string;
+    /** Session cookie secure flag (default: false) */
+    secure?: boolean;
+    /** Session cookie SameSite attribute (default: "Lax") */
+    sameSite?: "Strict" | "Lax" | "None";
+    /** Session cookie max age in seconds */
+    maxAge?: number;
+}
+/**
+ * --- Matchbox Options ---
+ */
+interface MatchboxOptions {
+    /** Session cookie configuration */
+    sessionCookie?: SessionCookieOptions;
+    /** Enforce trailing slash on URLs */
+    enforceTrailingSlash?: boolean;
+    /** Custom middleware functions */
+    middleware?: Array<(c: Context, next: () => Promise<void>) => Promise<Response | undefined>>;
+    /** Custom logging function */
+    logger?: (message: string, level?: "info" | "warn" | "error") => void;
+}
+/**
+ * --- Module Information ---
+ */
+interface ModuleInfo {
+    /** URL path where the module is accessible */
+    urlPath: string;
+    /** Directory path for index modules, null otherwise */
+    dirPath: string | null;
+}
+/**
+ * --- Matchbox CGI Environment Types ---
+ */
+interface CgiContext<ConfigType = ConfigObject> {
+    $_GET: Record<string, string>;
+    $_POST: Record<string, string>;
+    $_FILES: Record<string, File | File[]>;
+    $_REQUEST: Record<string, any>;
+    $_SESSION: Record<string, any>;
+    $_COOKIE: Record<string, string>;
+    $_ENV: Record<string, string | undefined>;
+    $_SERVER: {
+        REQUEST_METHOD: string;
+        REQUEST_URI: string;
+        REMOTE_ADDR: string;
+        USER_AGENT: string;
+        SCRIPT_NAME: string;
+        PATH_INFO: string;
+        QUERY_STRING: string;
+        [key: string]: any;
+    };
+    config: ConfigType;
+    c: Context;
+    header: (name: string, value: string) => void;
+    status: (code: number) => void;
+    redirect: (url: string, status?: number) => {
+        __type: "redirect";
+        url: string;
+        status: number;
+    };
+    cgiinfo: () => HtmlEscapedString | Promise<HtmlEscapedString>;
+    request_headers: () => Record<string, string>;
+    response_headers: () => Record<string, string>;
+    log: (message: string) => void;
+    get_version: () => string;
+    /** Get list of all loaded CGI modules */
+    get_modules: () => ModuleInfo[];
+}
+type Page = {
+    urlPath: string;
+    dirPath: string | null;
+    component: (context: CgiContext) => any | Promise<any>;
+};
+type RedirectRule = {
+    type: "redirect";
+    code: string;
+    source: string;
+    target: string;
+};
+type RewriteRule = {
+    type: "rewrite";
+    pattern: string;
+    target: string;
+    flags: string;
+};
+type RewriteMap = Record<string, Array<RedirectRule | RewriteRule>>;
+/**
+ * --- Matchbox Runtime Engine ---
+ */
+declare const createCgiWithPages: (pages: Page[], siteConfig?: ConfigObject, authMap?: Record<string, string>, rewriteMap?: RewriteMap, options?: MatchboxOptions) => Hono<hono_types.BlankEnv, hono_types.BlankSchema, "/">;
+
+export { type CgiContext, type ConfigObject, type MatchboxOptions, type ModuleInfo, type Page, type RewriteMap, type SessionCookieOptions, createCgiWithPages };

package/dist/cgi.js

@@ -0,0 +1,234 @@
+import { Hono } from "hono";
+import { basicAuth } from "hono/basic-auth";
+import { getCookie, setCookie } from "hono/cookie";
+import packageJson from "../package.json";
+import { generateCgiError, generateCgiInfo } from "./html";
+const isRedirectObject = (obj) => {
+  return obj && obj.__type === "redirect" && typeof obj.url === "string";
+};
+const createCgiWithPages = (pages, siteConfig = {}, authMap = {}, rewriteMap = {}, options = {}) => {
+  const app = new Hono();
+  const SESS_KEY = options.sessionCookie?.name || "_SESSION_ID";
+  if (options.middleware && options.middleware.length > 0) {
+    for (const mw of options.middleware) {
+      app.use("*", async (c, next) => {
+        const result = await mw(c, next);
+        if (result instanceof Response) {
+          return result;
+        }
+      });
+    }
+  }
+  const protectedFiles = [".htaccess", ".htpasswd", ".htdigest", ".htgroup"];
+  app.use("*", async (c, next) => {
+    const path = c.req.path;
+    const lastSegment = path.slice(path.lastIndexOf("/") + 1);
+    if (protectedFiles.some((file) => lastSegment === file)) {
+      return c.text("Forbidden", 403);
+    }
+    await next();
+  });
+  if (options.enforceTrailingSlash) {
+    app.use("*", async (c, next) => {
+      const path = c.req.path;
+      if (!path.endsWith("/") && !path.includes(".")) {
+        return c.redirect(`${path}/`, 301);
+      }
+      await next();
+    });
+  }
+  Object.entries(rewriteMap).forEach(([dir, rules]) => {
+    const basePath = dir === "/" ? "" : dir.replace(/\/$/, "");
+    app.use(`${basePath}/*`, async (c, next) => {
+      const relPath = c.req.path.replace(basePath, "") || "/";
+      for (const rule of rules) {
+        if (rule.type === "redirect") {
+          if (relPath === rule.source) {
+            return c.redirect(
+              rule.target,
+              Number.parseInt(rule.code, 10) || 302
+            );
+          }
+        } else if (rule.type === "rewrite") {
+          const regex = new RegExp(rule.pattern);
+          if (regex.test(relPath)) {
+            const target = rule.target.startsWith("/") ? rule.target : `${basePath}/${rule.target}`;
+            if (rule.flags.includes("R")) {
+              const code = rule.flags.match(/R=(\d+)/)?.[1] || "302";
+              return c.redirect(target, Number.parseInt(code, 10));
+            }
+          }
+        }
+      }
+      await next();
+    });
+  });
+  Object.entries(authMap).forEach(([dir, content]) => {
+    const credentials = content.split("\n").map((line) => line.trim()).filter((line) => line && !line.startsWith("#")).map((line) => {
+      const [username, password] = line.split(":");
+      return { username, password };
+    });
+    if (credentials.length > 0) {
+      const authPath = dir === "/" ? "*" : `${dir.replace(/\/$/, "")}/*`;
+      app.use(authPath, async (c, next) => {
+        const handler = basicAuth({
+          verifyUser: (u, p) => credentials.some((cred) => cred.username === u && cred.password === p),
+          realm: "Restricted Area"
+        });
+        return handler(c, next);
+      });
+    }
+  });
+  pages.forEach(({ urlPath, dirPath, component }) => {
+    const routes = [urlPath, `${urlPath}/*`];
+    if (dirPath) {
+      routes.push(dirPath);
+      if (dirPath !== "/") {
+        routes.push(`${dirPath}/*`);
+      }
+    }
+    routes.forEach((route) => {
+      app.all(route, async (c) => {
+        const $_GET = c.req.query();
+        const body = await c.req.parseBody({ all: true }).catch(() => ({}));
+        const $_POST = {};
+        const $_FILES = {};
+        for (const [key, value] of Object.entries(body)) {
+          if (value instanceof File || Array.isArray(value) && value[0] instanceof File) {
+            $_FILES[key] = value;
+          } else {
+            $_POST[key] = value;
+          }
+        }
+        const $_COOKIE = getCookie(c);
+        const $_REQUEST = {
+          ...$_COOKIE,
+          ...$_GET,
+          ...$_POST
+        };
+        const $_ENV = typeof process !== "undefined" && process.env ? process.env : c.env || {};
+        let $_SESSION = {};
+        const sRaw = getCookie(c, SESS_KEY);
+        if (sRaw) {
+          try {
+            $_SESSION = JSON.parse(decodeURIComponent(sRaw));
+          } catch {
+          }
+        }
+        let responseStatus = 200;
+        const responseHeaders = {
+          "Content-Type": "text/html; charset=utf-8"
+        };
+        const $_SERVER = {
+          ...$_ENV,
+          REQUEST_METHOD: c.req.method,
+          REQUEST_URI: c.req.url,
+          REMOTE_ADDR: c.req.header("x-forwarded-for") || "127.0.0.1",
+          USER_AGENT: c.req.header("user-agent") || "",
+          SCRIPT_NAME: urlPath,
+          PATH_INFO: c.req.path.replace(urlPath, "") || "/",
+          QUERY_STRING: new URL(c.req.url).search.slice(1)
+        };
+        const cgiinfo = generateCgiInfo({
+          $_SERVER,
+          $_REQUEST,
+          $_SESSION,
+          config: siteConfig
+        });
+        const context = {
+          $_GET,
+          $_POST,
+          $_FILES,
+          $_REQUEST,
+          $_COOKIE,
+          $_ENV,
+          $_SERVER,
+          $_SESSION,
+          config: siteConfig,
+          c,
+          header: (name, value) => {
+            responseHeaders[name.toLocaleLowerCase()] = value;
+          },
+          status: (code) => {
+            responseStatus = code;
+          },
+          redirect: (url, status = 302) => {
+            return { __type: "redirect", url, status };
+          },
+          cgiinfo,
+          request_headers: () => {
+            return Object.fromEntries(c.req.raw.headers.entries());
+          },
+          response_headers: () => {
+            return responseHeaders;
+          },
+          log: (message) => {
+            if (options.logger) {
+              options.logger(message, "info");
+            } else {
+              console.log(`[CGI LOG] ${message}`);
+            }
+          },
+          get_version: () => {
+            return `MatchboxCGI/v${packageJson.version}`;
+          },
+          /**
+           * Returns information about all loaded CGI modules
+           * @returns Array of module information containing urlPath and dirPath
+           */
+          get_modules: () => {
+            return pages.map((page) => ({
+              urlPath: page.urlPath,
+              dirPath: page.dirPath
+            }));
+          }
+        };
+        try {
+          const result = await component(context);
+          const sessionValue = encodeURIComponent(JSON.stringify($_SESSION));
+          const sessionOptions = {
+            path: options.sessionCookie?.path || "/",
+            httpOnly: true,
+            sameSite: options.sessionCookie?.sameSite || "Lax"
+          };
+          if (options.sessionCookie?.secure !== void 0) {
+            sessionOptions.secure = options.sessionCookie.secure;
+          }
+          if (options.sessionCookie?.domain) {
+            sessionOptions.domain = options.sessionCookie.domain;
+          }
+          if (options.sessionCookie?.maxAge) {
+            sessionOptions.maxAge = options.sessionCookie.maxAge;
+          }
+          if (isRedirectObject(result)) {
+            setCookie(c, SESS_KEY, sessionValue, sessionOptions);
+            return c.redirect(result.url, result.status);
+          }
+          if (result instanceof Response) {
+            setCookie(c, SESS_KEY, sessionValue, sessionOptions);
+            return result;
+          }
+          setCookie(c, SESS_KEY, sessionValue, sessionOptions);
+          Object.entries(responseHeaders).forEach(([key, value]) => {
+            c.header(key, value);
+          });
+          const contentType = responseHeaders["content-type"];
+          if (contentType?.includes("application/json")) {
+            return c.json(
+              // biome-ignore lint/suspicious/noExplicitAny: to JSON response
+              result ?? { success: true },
+              responseStatus
+            );
+          }
+          return c.html(result, responseStatus);
+        } catch (error) {
+          return c.html(generateCgiError({ error, $_SERVER }), 500);
+        }
+      });
+    });
+  });
+  return app;
+};
+export {
+  createCgiWithPages
+};

package/dist/html.d.ts

@@ -0,0 +1,12 @@
+import * as hono_utils_html from 'hono/utils/html';
+import { CgiContext } from './cgi.js';
+import 'hono/types';
+import 'hono';
+
+declare const generateCgiInfo: ({ $_SERVER, $_SESSION, $_REQUEST, config, }: Pick<CgiContext, "$_SERVER" | "$_SESSION" | "$_REQUEST" | "config">) => () => hono_utils_html.HtmlEscapedString | Promise<hono_utils_html.HtmlEscapedString>;
+declare const generateCgiError: ({ error, $_SERVER, }: {
+    error: any;
+    $_SERVER: CgiContext["$_SERVER"];
+}) => hono_utils_html.HtmlEscapedString | Promise<hono_utils_html.HtmlEscapedString>;
+
+export { generateCgiError, generateCgiInfo };

package/dist/html.js

@@ -0,0 +1,62 @@
+import { html } from "hono/html";
+const generateCgiInfo = ({
+  $_SERVER,
+  $_SESSION,
+  $_REQUEST,
+  config
+}) => {
+  return () => {
+    const infoSection = ({ title, data }) => {
+      return html`
+			<div style="margin-bottom: 20px; width: 100%; max-width: 900px;">
+				<h2 style="background: #ccccff; color: #000; padding: 5px 10px; margin: 0; font-size: 1.2em; border: 1px solid #000; font-family: 'MS PGothic', sans-serif;">${title}</h2>
+				<table style="width: 100%; border-collapse: collapse; border: 1px solid #000; table-layout: fixed; font-family: 'MS PGothic', sans-serif;">
+					${Object.entries(data).map(
+        ([key, val], i) => html`
+						<tr style="background: ${i % 2 === 0 ? "#f0f0ff" : "#ffffff"}">
+							<td style="padding: 3px 10px; border: 1px solid #000; font-weight: bold; width: 30%; word-break: break-all;">${key}</td>
+							<td style="padding: 3px 10px; border: 1px solid #000; width: 70%; word-break: break-all;">
+								${typeof val === "object" ? JSON.stringify(val, null, 2) : String(val)}
+							</td>
+						</tr>
+					`
+      )}
+				</table>
+			</div>
+			`;
+    };
+    return html`
+		<div style="background: #ffffff; color: #333333; font-family: 'MS PGothic', sans-serif; padding: 20px; display: flex; flex-direction: column; align-items: center;">
+			<h1 style="color: #000000; border-bottom: 3px double #000000; padding-bottom: 10px; margin-bottom: 30px;">Matchbox CGI Version Information</h1>
+			<div style="width: 100%; max-width: 900px; padding: 15px; background: #ffffcc; border: 1px dashed #000000; margin-bottom: 20px; text-align: center;">
+				<strong>Server Software:</strong> Matchbox Engine on ${typeof process !== "undefined" ? "Node.js/Bun" : "Edge"}
+			</div>
+			${infoSection({ title: "$_SERVER (Environment)", data: $_SERVER })}
+			${infoSection({ title: "$_SESSION", data: $_SESSION })}
+			${infoSection({ title: "$_REQUEST", data: $_REQUEST })}
+			${infoSection({ title: "Site Configuration", data: config })}
+			<div style="margin-top: 40px; font-size: 0.9em; font-style: italic; border-top: 1px solid #ccc; width: 100%; max-width: 900px; text-align: right; padding-top: 10px;">
+				Generated by Matchbox Framework - Ignition for Hono
+			</div>
+		</div>
+		`;
+  };
+};
+const generateCgiError = ({
+  error,
+  $_SERVER
+}) => {
+  return html`
+		 <div style="padding:2rem; background:#fffafa; border:5px double #cc0000; font-family: 'MS PGothic', sans-serif;">
+				<h1 style="color:#cc0000; border-bottom: 2px solid #cc0000; padding-bottom: 5px;">Matchbox: Runtime Exception</h1>
+				<p><strong>Fatal Error:</strong> ${error.message}</p>
+				<pre style="background:#f0f0f0; padding:1rem; border:1px inset #ccc; overflow: auto;">${error.stack}</pre>
+				<hr style="border: 0; border-top: 1px solid #cc0000;" />
+				<div style="text-align: right; font-size: 0.8em;">Matchbox CGI Engine Server at ${$_SERVER.REMOTE_ADDR}</div>
+			</div>
+	`;
+};
+export {
+  generateCgiError,
+  generateCgiInfo
+};

package/dist/index.d.ts

@@ -0,0 +1,5 @@
+export { CgiContext, ConfigObject, MatchboxOptions, ModuleInfo, Page, SessionCookieOptions } from './cgi.js';
+export { createCgi } from './with-defaults.js';
+import 'hono/types';
+import 'hono';
+import 'hono/utils/html';

package/dist/index.js

@@ -0,0 +1,4 @@
+import { createCgi } from "./with-defaults";
+export {
+  createCgi
+};

package/dist/plugin.d.ts

@@ -0,0 +1,15 @@
+import { Plugin } from 'vite';
+
+/**
+ * --- Matchbox Plugin Options ---
+ */
+interface MatchboxPluginOptions {
+    config?: any;
+    publicDir?: string;
+}
+/**
+ * --- Vite Plugin: Matchbox Plugin ---
+ */
+declare const MatchboxPlugin: (options?: MatchboxPluginOptions) => Plugin;
+
+export { MatchboxPlugin, type MatchboxPluginOptions };

package/dist/plugin.js

@@ -0,0 +1,56 @@
+import fs from "node:fs";
+import path from "node:path";
+const MatchboxPlugin = (options = {}) => {
+  let viteConfig;
+  const siteConfig = options.config || {};
+  const publicDir = options.publicDir || "public";
+  return {
+    name: "vite-plugin-matchbox",
+    config() {
+      return {
+        optimizeDeps: {
+          exclude: ["matchbox"]
+        },
+        ssr: {
+          noExternal: ["matchbox"]
+        },
+        // .htpasswd, .htaccess, .htdigest, .htgroup files in /public should be treated as raw assets
+        assetsInclude: [
+          `${publicDir}/**/.htpasswd`,
+          `${publicDir}/**/.htaccess`,
+          `${publicDir}/**/.htdigest`,
+          `${publicDir}/**/.htgroup`
+        ],
+        publicDir,
+        esbuild: {
+          jsxImportSource: "hono/jsx",
+          jsx: "automatic"
+        },
+        define: {
+          __MATCHBOX_CONFIG__: JSON.stringify(siteConfig)
+        }
+      };
+    },
+    configResolved(resolvedConfig) {
+      viteConfig = resolvedConfig;
+    },
+    closeBundle() {
+      const outDir = path.resolve(viteConfig.root, viteConfig.build.outDir);
+      const cleanDir = (dir) => {
+        if (!fs.existsSync(dir)) return;
+        fs.readdirSync(dir).forEach((file) => {
+          const fullPath = path.join(dir, file);
+          if (fs.statSync(fullPath).isDirectory()) {
+            cleanDir(fullPath);
+          } else if (file.includes(".cgi.tsx") || file.includes(".cgi.jsx") || file === ".htpasswd" || file === ".htaccess" || file === ".htdigest" || file === ".htgroup") {
+            fs.unlinkSync(fullPath);
+          }
+        });
+      };
+      cleanDir(outDir);
+    }
+  };
+};
+export {
+  MatchboxPlugin
+};

package/dist/with-defaults.d.ts

@@ -0,0 +1,8 @@
+import { MatchboxOptions } from './cgi.js';
+import * as hono from 'hono';
+import * as hono_types from 'hono/types';
+import 'hono/utils/html';
+
+declare const createCgi: (options?: MatchboxOptions) => hono.Hono<hono_types.BlankEnv, hono_types.BlankSchema, "/">;
+
+export { createCgi };

package/dist/with-defaults.js

@@ -0,0 +1,78 @@
+import { createCgiWithPages } from "./cgi";
+const loadPagesFromPublic = () => {
+  const modules = import.meta.glob("/public/**/*.cgi.{tsx,jsx}", {
+    eager: true
+  });
+  const htpasswds = import.meta.glob("/public/**/.htpasswd", {
+    eager: true,
+    query: "?raw",
+    import: "default"
+  });
+  const htaccessFiles = import.meta.glob("/public/**/.htaccess", {
+    eager: true,
+    query: "?raw",
+    import: "default"
+  });
+  void import.meta.glob("/public/**/.htdigest", {
+    eager: true,
+    query: "?raw",
+    import: "default"
+  });
+  void import.meta.glob("/public/**/.htgroup", {
+    eager: true,
+    query: "?raw",
+    import: "default"
+  });
+  const basePathRegex = /^\/public/;
+  const pages = Object.keys(modules).map((key) => {
+    const urlPath = key.replace(basePathRegex, "").replace(/.tsx$/, "").replace(/.jsx$/, "");
+    const isIndex = urlPath.endsWith("/index.cgi") || urlPath === "/index.cgi";
+    const dirPath = isIndex ? urlPath.replace(/\/index\.cgi$/, "/") : null;
+    return { urlPath, dirPath, component: modules[key].default };
+  });
+  const authMap = Object.keys(htpasswds).reduce(
+    (acc, key) => {
+      const dir = key.replace(basePathRegex, "").replace(/\.htpasswd$/, "") || "/";
+      acc[dir] = htpasswds[key];
+      return acc;
+    },
+    {}
+  );
+  const rewriteMap = Object.keys(htaccessFiles).reduce((acc, key) => {
+    const dir = key.replace(basePathRegex, "").replace(/\.htaccess$/, "") || "/";
+    const lines = htaccessFiles[key].split("\n");
+    const rules = lines.map((line) => {
+      const l = line.trim();
+      if (!l || l.startsWith("#")) return null;
+      const parts = l.split(/\s+/);
+      if (parts[0] === "RewriteRule") {
+        return {
+          type: "rewrite",
+          pattern: parts[1],
+          target: parts[2],
+          flags: parts[3] || ""
+        };
+      }
+      if (parts[0] === "Redirect") {
+        return {
+          type: "redirect",
+          code: parts[1],
+          source: parts[2],
+          target: parts[3]
+        };
+      }
+      return null;
+    }).filter(Boolean);
+    acc[dir] = rules;
+    return acc;
+  }, {});
+  return { pages, authMap, rewriteMap };
+};
+const createCgi = (options) => {
+  const resolvedConfig = typeof __MATCHBOX_CONFIG__ === "undefined" ? {} : __MATCHBOX_CONFIG__;
+  const { pages, authMap, rewriteMap } = loadPagesFromPublic();
+  return createCgiWithPages(pages, resolvedConfig, authMap, rewriteMap, options);
+};
+export {
+  createCgi
+};

package/package.json

@@ -0,0 +1,76 @@
+{
+  "name": "@tknf/matchbox",
+  "version": "0.2.1",
+  "description": "A Simple Web Server Framework",
+  "keywords": [
+    "cgi",
+    "framework",
+    "hono",
+    "server",
+    "web"
+  ],
+  "license": "MIT",
+  "author": "tknf <dev@tknf.net>",
+  "repository": {
+    "url": "https://github.com/tknf/matchbox.git"
+  },
+  "files": [
+    "dist"
+  ],
+  "type": "module",
+  "module": "dist/index.mjs",
+  "types": "dist/index.d.mts",
+  "exports": {
+    ".": {
+      "require": {
+        "types": "./dist/index.d.cts",
+        "import": "./dist/index.cjs"
+      },
+      "import": {
+        "types": "./dist/index.d.mts",
+        "import": "./dist/index.mjs"
+      }
+    },
+    "./plugin": {
+      "require": {
+        "types": "./dist/plugin.d.cts",
+        "import": "./dist/plugin.cjs"
+      },
+      "import": {
+        "types": "./dist/plugin.d.mts",
+        "import": "./dist/plugin.mjs"
+      }
+    }
+  },
+  "publishConfig": {
+    "access": "public",
+    "registry": "https://registry.npmjs.org/"
+  },
+  "dependencies": {
+    "glob": "^13.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^25.0.3",
+    "@vitest/coverage-v8": "^4.0.16",
+    "hono": "^4.11.1",
+    "oxfmt": "^0.20.0",
+    "oxlint": "^1.35.0",
+    "tsup": "^8.5.1",
+    "typescript": "^5.9.3",
+    "vite": "^7.3.0",
+    "vitest": "^4.0.16"
+  },
+  "peerDependencies": {
+    "hono": "*"
+  },
+  "scripts": {
+    "test": "vitest run",
+    "test:coverage": "vitest run --coverage",
+    "lint:check": "oxlint",
+    "lint:fix": "oxlint --fix",
+    "format:check": "oxfmt --check",
+    "format:write": "oxfmt",
+    "watch": "tsup --watch",
+    "build": "tsup"
+  }
+}