@walkthru-earth/objex 1.0.0 → 1.2.0

package/dist/storage/providers.js

@@ -266,6 +266,148 @@ export const PROVIDERS = {
         schemes: []
     }
 };
+export const CORS_HELP = {
+    s3: {
+        defaultEnabled: false,
+        docsUrl: 'https://docs.aws.amazon.com/AmazonS3/latest/userguide/enabling-cors-examples.html',
+        note: 'Enable via S3 Console: Bucket > Permissions > CORS, or use the AWS CLI.'
+    },
+    gcs: {
+        defaultEnabled: false,
+        docsUrl: 'https://cloud.google.com/storage/docs/using-cors',
+        note: 'CORS cannot be configured via the Cloud Console. Use the gcloud CLI.',
+        cliSteps: [
+            'Create a cors.json file:\n[\n  {\n    "origin": ["*"],\n    "method": ["GET", "HEAD"],\n    "responseHeader": [\n      "Content-Type",\n      "Content-Length",\n      "Content-Range",\n      "Accept-Ranges",\n      "ETag"\n    ],\n    "maxAgeSeconds": 3600\n  }\n]',
+            'gcloud storage buckets update gs://BUCKET --cors-file=cors.json'
+        ]
+    },
+    r2: {
+        defaultEnabled: false,
+        docsUrl: 'https://developers.cloudflare.com/r2/buckets/cors/',
+        note: 'Enable via R2 Dashboard: Bucket > Settings > CORS Policy.'
+    },
+    azure: {
+        defaultEnabled: false,
+        docsUrl: 'https://learn.microsoft.com/en-us/rest/api/storageservices/cross-origin-resource-sharing--cors--support-for-the-azure-storage-services',
+        note: 'Enable via Azure Portal: Storage Account > Blob Service > CORS, or use the Azure CLI.',
+        cliSteps: [
+            'az storage cors add --services b --methods GET HEAD \\\n  --origins "*" --allowed-headers "*" \\\n  --exposed-headers "*" --max-age 3600 \\\n  --account-name ACCOUNT'
+        ]
+    },
+    minio: {
+        defaultEnabled: true,
+        docsUrl: 'https://docs.min.io/enterprise/aistor-object-store/reference/cli/mc-cors/',
+        note: 'MinIO allows all origins by default. For custom rules, use mc cors set.'
+    },
+    storj: {
+        defaultEnabled: true,
+        note: 'Storj S3 gateway returns CORS headers by default.'
+    },
+    b2: {
+        defaultEnabled: false,
+        docsUrl: 'https://www.backblaze.com/docs/cloud-storage-cross-origin-resource-sharing-rules',
+        note: 'Enable via B2 Console: Bucket Settings > CORS Rules, or use the B2 CLI.',
+        cliSteps: [
+            'b2 bucket update --cors-rules \'[{\n  "corsRuleName": "allow-all",\n  "allowedOrigins": ["*"],\n  "allowedOperations": ["s3_head", "s3_get"],\n  "allowedHeaders": ["*"],\n  "maxAgeSeconds": 3600\n}]\' BUCKET allPublic'
+        ]
+    },
+    digitalocean: {
+        defaultEnabled: false,
+        docsUrl: 'https://docs.digitalocean.com/products/spaces/how-to/configure-cors/',
+        note: 'Enable via Control Panel: Space > Settings > CORS Configurations.'
+    },
+    wasabi: {
+        defaultEnabled: true,
+        docsUrl: 'https://docs.wasabi.com/docs/bucket-policy',
+        note: 'Wasabi returns CORS headers by default for all buckets.'
+    },
+    contabo: {
+        defaultEnabled: false,
+        note: 'S3-compatible CORS via the AWS CLI.',
+        cliSteps: [
+            'Create a cors.json file:\n{\n  "CORSRules": [{\n    "AllowedOrigins": ["*"],\n    "AllowedMethods": ["GET", "HEAD"],\n    "AllowedHeaders": ["*"],\n    "ExposeHeaders": ["ETag", "Content-Length", "Content-Type", "Content-Range", "Accept-Ranges"],\n    "MaxAgeSeconds": 3600\n  }]\n}',
+            'aws s3api put-bucket-cors --bucket BUCKET \\\n  --cors-configuration file://cors.json \\\n  --endpoint-url https://REGION.contaboobj.com'
+        ]
+    },
+    hetzner: {
+        defaultEnabled: false,
+        docsUrl: 'https://docs.hetzner.com/storage/object-storage/howto-protect-objects/cors/',
+        note: 'S3-compatible CORS via the AWS CLI.',
+        cliSteps: [
+            'Create a cors.json file:\n{\n  "CORSRules": [{\n    "AllowedOrigins": ["*"],\n    "AllowedMethods": ["GET", "HEAD"],\n    "AllowedHeaders": ["*"],\n    "ExposeHeaders": ["ETag", "Content-Length", "Content-Type", "Content-Range", "Accept-Ranges"],\n    "MaxAgeSeconds": 3600\n  }]\n}',
+            'aws s3api put-bucket-cors --bucket BUCKET \\\n  --cors-configuration file://cors.json \\\n  --endpoint-url https://REGION.your-objectstorage.com \\\n  --region REGION'
+        ]
+    },
+    linode: {
+        defaultEnabled: false,
+        docsUrl: 'https://www.linode.com/docs/guides/working-with-cors-linode-object-storage/',
+        note: 'S3-compatible CORS via the AWS CLI.',
+        cliSteps: [
+            'Create a cors.json file:\n{\n  "CORSRules": [{\n    "AllowedOrigins": ["*"],\n    "AllowedMethods": ["GET", "HEAD"],\n    "AllowedHeaders": ["*"],\n    "ExposeHeaders": ["ETag", "Content-Length", "Content-Type", "Content-Range", "Accept-Ranges"],\n    "MaxAgeSeconds": 3600\n  }]\n}',
+            'aws s3api put-bucket-cors --bucket BUCKET \\\n  --cors-configuration file://cors.json \\\n  --endpoint-url https://REGION.linodeobjects.com'
+        ]
+    },
+    ovhcloud: {
+        defaultEnabled: false,
+        docsUrl: 'https://help.ovhcloud.com/csm/en-public-cloud-storage-s3-cors?id=kb_article_view&sysparm_article=KB0058291',
+        note: 'S3-compatible CORS via the AWS CLI.',
+        cliSteps: [
+            'Create a cors.json file:\n{\n  "CORSRules": [{\n    "AllowedOrigins": ["*"],\n    "AllowedMethods": ["GET", "HEAD"],\n    "AllowedHeaders": ["*"],\n    "ExposeHeaders": ["ETag", "Content-Length", "Content-Type", "Content-Range", "Accept-Ranges"],\n    "MaxAgeSeconds": 3600\n  }]\n}',
+            'aws s3api put-bucket-cors --bucket BUCKET \\\n  --cors-configuration file://cors.json \\\n  --endpoint-url https://s3.REGION.io.cloud.ovh.net'
+        ]
+    }
+};
+export const READ_ONLY_HELP = {
+    s3: {
+        note: 'Use IAM policies to create a read-only user, or apply a bucket policy that allows only s3:GetObject and s3:ListBucket.',
+        docsUrl: 'https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-policies-s3.html'
+    },
+    gcs: {
+        note: 'Assign the Storage Object Viewer role (roles/storage.objectViewer) to the service account.',
+        docsUrl: 'https://cloud.google.com/storage/docs/access-control/iam-roles'
+    },
+    r2: {
+        note: 'Create an API token with Object Read permissions in the R2 dashboard.',
+        docsUrl: 'https://developers.cloudflare.com/r2/api/tokens/'
+    },
+    azure: {
+        note: 'Generate a SAS token with Read and List permissions only. Avoid granting Write or Delete.',
+        docsUrl: 'https://learn.microsoft.com/en-us/azure/storage/common/storage-sas-overview'
+    },
+    b2: {
+        note: 'Create an application key with readFiles and listBuckets capabilities only.',
+        docsUrl: 'https://www.backblaze.com/docs/cloud-storage-application-keys'
+    },
+    hetzner: {
+        note: 'Keys have full read/write by default. Use a bucket policy with the correct ARN format to deny write and policy actions. To undo, generate a new admin key from the Hetzner Console.',
+        docsUrl: 'https://docs.hetzner.com/storage/object-storage/faq/s3-credentials/#how-do-i-restrict-access-per-key',
+        cliSteps: [
+            'Find your project ID from the Hetzner Console URL:\nhttps://console.hetzner.com/projects/<PROJECT_ID>/servers',
+            'Create a policy.json file:\n{\n  "Version": "2012-10-17",\n  "Statement": [\n    {\n      "Sid": "DenyWrites",\n      "Effect": "Deny",\n      "Principal": {\n        "AWS": "arn:aws:iam:::user/p<PROJECT_ID>:<ACCESS_KEY>"\n      },\n      "Action": [\n        "s3:PutObject",\n        "s3:DeleteObject",\n        "s3:AbortMultipartUpload",\n        "s3:PutBucketPolicy",\n        "s3:DeleteBucketPolicy"\n      ],\n      "Resource": [\n        "arn:aws:s3:::BUCKET",\n        "arn:aws:s3:::BUCKET/*"\n      ]\n    }\n  ]\n}',
+            'aws s3api put-bucket-policy --bucket BUCKET \\\n  --policy file://policy.json \\\n  --endpoint-url https://REGION.your-objectstorage.com \\\n  --region REGION',
+            'Note: This key can no longer modify the policy.\nTo restore write access, generate a new key in the\nHetzner Console and use it to delete the policy.'
+        ]
+    },
+    minio: {
+        note: 'Create a read-only policy with mc admin policy, or use the built-in readonly canned policy.',
+        docsUrl: 'https://docs.min.io/enterprise/aistor-object-store/administration/iam/access/'
+    },
+    digitalocean: {
+        note: 'Spaces keys are project-wide. Use a bucket policy to restrict write actions for a specific key.',
+        docsUrl: 'https://docs.digitalocean.com/products/spaces/how-to/manage-access/'
+    },
+    wasabi: {
+        note: 'Create a sub-user with a read-only policy in the Wasabi Console.',
+        docsUrl: 'https://docs.wasabi.com/docs/creating-a-user-account-and-access-key'
+    },
+    contabo: {
+        note: 'S3-compatible bucket policies. Use a Deny policy for write actions with the key ARN.',
+        cliSteps: [
+            'Create a policy.json with a Deny statement for s3:PutObject and s3:DeleteObject.',
+            'aws s3api put-bucket-policy --bucket BUCKET \\\n  --policy file://policy.json \\\n  --endpoint-url https://REGION.contaboobj.com'
+        ]
+    }
+};
 // ---------------------------------------------------------------------------
 // Helpers
 // ---------------------------------------------------------------------------
@@ -316,3 +458,21 @@ export function buildProviderBaseUrl(provider, endpoint, bucket, region) {
 export function isGcsProvider(provider, endpoint) {
     return provider === 'gcs' || (!!endpoint && /storage\.googleapis\.com/i.test(endpoint));
 }
+export function getAccessMode(conn) {
+    if (conn.provider === 'azure')
+        return 'sas-https';
+    // Anonymous buckets: every provider serves files over plain HTTPS without
+    // signing (AWS path/vhost, GCS, R2 public, Storj, Wasabi, DO, etc.).
+    if (conn.anonymous)
+        return 'public-https';
+    // Authenticated: needs SigV4 signing.
+    return 'signed-s3';
+}
+/**
+ * True when the connection's files can be fetched by any HTTP client
+ * (fetch/img/video/DuckDB httpfs/COG/Zarr/etc.) without the storage adapter.
+ */
+export function isPubliclyStreamable(conn) {
+    const mode = getAccessMode(conn);
+    return mode === 'public-https' || mode === 'sas-https';
+}

package/dist/stores/connections.svelte.js

@@ -1,33 +1,7 @@
 import { STORAGE_KEYS } from '../constants.js';
+import { loadFromStorage, persistToStorage } from '../utils/local-storage.js';
 import { credentialStore, storeToNative } from './credentials.svelte.js';
 // ---------------------------------------------------------------------------
-// localStorage helpers
-// ---------------------------------------------------------------------------
-function loadFromLocalStorage() {
-    if (typeof window === 'undefined')
-        return [];
-    try {
-        const raw = localStorage.getItem(STORAGE_KEYS.CONNECTIONS);
-        if (raw) {
-            return JSON.parse(raw);
-        }
-    }
-    catch {
-        // ignore parse errors
-    }
-    return [];
-}
-function persistToLocalStorage(connections) {
-    if (typeof window === 'undefined')
-        return;
-    try {
-        localStorage.setItem(STORAGE_KEYS.CONNECTIONS, JSON.stringify(connections));
-    }
-    catch {
-        // ignore storage errors
-    }
-}
-// ---------------------------------------------------------------------------
 // Store
 // ---------------------------------------------------------------------------
 function createConnectionsStore() {
@@ -48,7 +22,7 @@ function createConnectionsStore() {
         async load() {
             if (loaded)
                 return;
-            connections = loadFromLocalStorage();
+            connections = loadFromStorage(STORAGE_KEYS.CONNECTIONS, []);
             loaded = true;
         },
         /**
@@ -75,7 +49,7 @@ function createConnectionsStore() {
                 rootPrefix: config.rootPrefix
             };
             connections = [...connections, conn];
-            persistToLocalStorage(connections);
+            persistToStorage(STORAGE_KEYS.CONNECTIONS, connections);
             // Store credentials in memory (never persisted to localStorage).
             if (!config.anonymous) {
                 if (config.sas_token) {
@@ -114,7 +88,7 @@ function createConnectionsStore() {
                 rootPrefix: config.rootPrefix
             };
             connections = [...connections];
-            persistToLocalStorage(connections);
+            persistToStorage(STORAGE_KEYS.CONNECTIONS, connections);
             // Invalidate cached adapter for this connection
             import('../storage/index.js').then(({ clearAdapterCache }) => clearAdapterCache(id));
             // Update in-memory credentials.
@@ -148,7 +122,7 @@ function createConnectionsStore() {
         async remove(id) {
             const before = connections.length;
             connections = connections.filter((c) => c.id !== id);
-            persistToLocalStorage(connections);
+            persistToStorage(STORAGE_KEYS.CONNECTIONS, connections);
             credentialStore.remove(id);
             // Invalidate cached adapter for this connection
             import('../storage/index.js').then(({ clearAdapterCache }) => clearAdapterCache(id));

package/dist/stores/files.svelte.d.ts

@@ -1,11 +1,6 @@
 import type { FileEntry } from '../types.js';
-export type SortField = 'name' | 'size' | 'modified' | 'extension';
-export type SortDirection = 'asc' | 'desc';
-export interface SortConfig {
-    field: SortField;
-    direction: SortDirection;
-}
-export declare const fileStore: {
+import { type SortConfig, type SortField } from '../utils/file-sort.js';
+export declare const files: {
     readonly entries: FileEntry[];
     readonly currentPath: string;
     readonly loading: boolean;
@@ -17,4 +12,3 @@ export declare const fileStore: {
     setError(message: string | null): void;
     sort(field: SortField): void;
 };
-export { fileStore as files };

package/dist/stores/files.svelte.js

@@ -1,27 +1,4 @@
-function sortEntries(entries, config) {
-    const sorted = [...entries];
-    const dir = config.direction === 'asc' ? 1 : -1;
-    sorted.sort((a, b) => {
-        // Directories always come first
-        if (a.is_dir && !b.is_dir)
-            return -1;
-        if (!a.is_dir && b.is_dir)
-            return 1;
-        switch (config.field) {
-            case 'name':
-                return dir * a.name.localeCompare(b.name, undefined, { sensitivity: 'base' });
-            case 'size':
-                return dir * (a.size - b.size);
-            case 'modified':
-                return dir * (a.modified - b.modified);
-            case 'extension':
-                return dir * a.extension.localeCompare(b.extension, undefined, { sensitivity: 'base' });
-            default:
-                return 0;
-        }
-    });
-    return sorted;
-}
+import { sortFileEntries, toggleSortField } from '../utils/file-sort.js';
 function createFilesStore() {
     let files = $state([]);
     let currentPath = $state('');
@@ -45,7 +22,7 @@ function createFilesStore() {
             return sortConfig;
         },
         setFiles(entries) {
-            files = sortEntries(entries, sortConfig);
+            files = sortFileEntries(entries, sortConfig);
             error = null;
         },
         setPath(path) {
@@ -58,19 +35,9 @@ function createFilesStore() {
             error = message;
         },
         sort(field) {
-            if (sortConfig.field === field) {
-                // Toggle direction if clicking the same field
-                sortConfig = {
-                    field,
-                    direction: sortConfig.direction === 'asc' ? 'desc' : 'asc'
-                };
-            }
-            else {
-                sortConfig = { field, direction: 'asc' };
-            }
-            files = sortEntries(files, sortConfig);
+            sortConfig = toggleSortField(sortConfig, field);
+            files = sortFileEntries(files, sortConfig);
         }
     };
 }
-export const fileStore = createFilesStore();
-export { fileStore as files };
+export const files = createFilesStore();

package/dist/stores/query-history.svelte.js

@@ -1,31 +1,9 @@
 import { MAX_QUERY_HISTORY_ENTRIES, STORAGE_KEYS } from '../constants.js';
-function loadEntries() {
-    if (typeof window === 'undefined')
-        return [];
-    try {
-        const raw = localStorage.getItem(STORAGE_KEYS.QUERY_HISTORY);
-        if (raw)
-            return JSON.parse(raw);
-    }
-    catch {
-        // ignore parse errors
-    }
-    return [];
-}
-function persistEntries(entries) {
-    if (typeof window === 'undefined')
-        return;
-    try {
-        localStorage.setItem(STORAGE_KEYS.QUERY_HISTORY, JSON.stringify(entries));
-    }
-    catch {
-        // ignore storage errors
-    }
-}
+import { loadFromStorage, persistToStorage } from '../utils/local-storage.js';
 function createQueryHistoryStore() {
-    let entries = $state(loadEntries());
+    let entries = $state(loadFromStorage(STORAGE_KEYS.QUERY_HISTORY, []));
     function save() {
-        persistEntries(entries);
+        persistToStorage(STORAGE_KEYS.QUERY_HISTORY, entries);
     }
     return {
         get entries() {

package/dist/stores/settings.svelte.d.ts

@@ -1,5 +1,6 @@
 import { type Locale } from '../i18n/index.svelte.js';
 import type { Theme } from '../types.js';
+export declare function resolveTheme(theme: Theme): 'light' | 'dark';
 export declare const settings: {
     readonly theme: Theme;
     readonly resolved: "light" | "dark";

package/dist/stores/settings.svelte.js

@@ -1,36 +1,16 @@
 import { STORAGE_KEYS } from '../constants.js';
 import { setLocale } from '../i18n/index.svelte.js';
+import { loadFromStorage, persistToStorage } from '../utils/local-storage.js';
+const SETTINGS_DEFAULTS = { theme: 'system', locale: 'en', featureLimit: 1000 };
 function loadSettings() {
-    if (typeof window === 'undefined') {
-        return { theme: 'system', locale: 'en', featureLimit: 1000 };
-    }
-    try {
-        const raw = localStorage.getItem(STORAGE_KEYS.SETTINGS);
-        if (raw) {
-            const parsed = JSON.parse(raw);
-            return {
-                theme: parsed.theme ?? 'system',
-                locale: parsed.locale ?? 'en',
-                featureLimit: parsed.featureLimit ?? 1000
-            };
-        }
-    }
-    catch {
-        // ignore parse errors
-    }
-    return { theme: 'system', locale: 'en', featureLimit: 1000 };
-}
-function persistSettings(settings) {
-    if (typeof window === 'undefined')
-        return;
-    try {
-        localStorage.setItem(STORAGE_KEYS.SETTINGS, JSON.stringify(settings));
-    }
-    catch {
-        // ignore storage errors
-    }
+    const stored = loadFromStorage(STORAGE_KEYS.SETTINGS, {});
+    return {
+        theme: stored.theme ?? SETTINGS_DEFAULTS.theme,
+        locale: stored.locale ?? SETTINGS_DEFAULTS.locale,
+        featureLimit: stored.featureLimit ?? SETTINGS_DEFAULTS.featureLimit
+    };
 }
-function resolveTheme(theme) {
+export function resolveTheme(theme) {
     if (theme !== 'system')
         return theme;
     if (typeof window === 'undefined')
@@ -51,7 +31,7 @@ function createSettingsStore() {
         document.documentElement.lang = initial.locale;
     }
     function persist() {
-        persistSettings({ theme, locale, featureLimit });
+        persistToStorage(STORAGE_KEYS.SETTINGS, { theme, locale, featureLimit });
     }
     function applyTheme(t) {
         theme = t;

package/dist/stores/tabs.svelte.d.ts

@@ -1,5 +1,13 @@
 import type { Tab } from '../types.js';
-export declare const tabStore: {
+/**
+ * Tab-id for eagerly-opened direct-URL tabs (`source: 'url'`).
+ * The Sidebar's host-detection auto-migration closes an eager tab by its id
+ * and re-opens as a remote tab once a connection is available; the eager id
+ * is built in `+page.svelte::openUrlTab` and matched in `Sidebar.svelte::
+ * handleAutoDetection`, so both sides must agree on the format.
+ */
+export declare function eagerUrlTabId(url: string): string;
+export declare const tabs: {
     readonly items: Tab[];
     readonly activeTabId: string | null;
     readonly active: Tab | undefined;
@@ -14,4 +22,3 @@ export declare const tabStore: {
     setActive(id: string): void;
     update(id: string, partial: Partial<Omit<Tab, "id">>): void;
 };
-export { tabStore as tabs };

package/dist/stores/tabs.svelte.js

@@ -1,6 +1,16 @@
 import { tabResources } from './tab-resources.svelte.js';
 /** Maximum number of viewer instances kept alive (mounted but hidden). */
 const MAX_ALIVE = 5;
+/**
+ * Tab-id for eagerly-opened direct-URL tabs (`source: 'url'`).
+ * The Sidebar's host-detection auto-migration closes an eager tab by its id
+ * and re-opens as a remote tab once a connection is available; the eager id
+ * is built in `+page.svelte::openUrlTab` and matched in `Sidebar.svelte::
+ * handleAutoDetection`, so both sides must agree on the format.
+ */
+export function eagerUrlTabId(url) {
+    return `url:${url}`;
+}
 function releaseDuckDbMemory() {
     import('../query/index.js')
         .then(({ getQueryEngine }) => getQueryEngine().then((engine) => engine.releaseMemory()))
@@ -106,5 +116,4 @@ function createTabsStore() {
         }
     };
 }
-export const tabStore = createTabsStore();
-export { tabStore as tabs };
+export const tabs = createTabsStore();

package/dist/types.d.ts

@@ -38,6 +38,17 @@ export interface Tab {
     connectionId?: string;
     extension: string;
     size?: number;
+    /**
+     * When set, the tab reads data from a SQL FROM-clause target (e.g. an
+     * attached DuckLake/DuckDB/SQLite table) rather than a file URL. The ref
+     * is inserted directly into generated SQL, so it must be fully-qualified
+     * and pre-quoted, e.g. `__objex_db__."main"."air_quality"`.
+     *
+     * When `sourceRef` is set, file-specific loading paths (hyparquet
+     * metadata, `parquet_kv_metadata`, etc.) are skipped, and schema / CRS /
+     * row count are derived from the SQL source directly via DuckDB.
+     */
+    sourceRef?: string;
 }
 export interface WriteResult {
     key: string;

package/dist/utils/cloud-url.d.ts

@@ -0,0 +1,27 @@
+/**
+ * Cloud storage protocol URL utilities — pure TS, no Svelte dependency.
+ *
+ * Converts cloud protocol URLs (s3://, gs://) to HTTPS URLs for browser access.
+ * Provider-aware native scheme lookup.
+ */
+/**
+ * Map provider to its native URI scheme prefix.
+ * Derived from the registry's `schemes` array (first entry is the primary scheme).
+ * Falls back to 's3' for providers without a scheme (S3-compatible).
+ */
+export declare function getNativeScheme(provider: string): string;
+/**
+ * Safely decode a percent-encoded URI component.
+ * Returns the original string if decoding fails (malformed sequences).
+ */
+export declare function safeDecodeURIComponent(s: string): string;
+/**
+ * Convert a cloud storage protocol URL (s3://, gs://) to an HTTPS URL
+ * for browser access. Returns the original URL if already HTTP(S) or unknown.
+ *
+ * Supported:
+ * - `s3://bucket/key` → `https://s3.{region}.amazonaws.com/{bucket}/{key}`
+ *   (region auto-detected from bucket name when possible)
+ * - `gs://bucket/key` → `https://storage.googleapis.com/{bucket}/{key}`
+ */
+export declare function resolveCloudUrl(url: string): string;

package/dist/utils/cloud-url.js

@@ -0,0 +1,61 @@
+/**
+ * Cloud storage protocol URL utilities — pure TS, no Svelte dependency.
+ *
+ * Converts cloud protocol URLs (s3://, gs://) to HTTPS URLs for browser access.
+ * Provider-aware native scheme lookup.
+ */
+import { buildProviderBaseUrl, PROVIDERS } from '../storage/providers.js';
+/** AWS region pattern — matches prefixes like "us-west-2", "eu-central-1", etc. */
+const AWS_REGION_RE = /^(us|eu|ap|sa|ca|me|af|il)-(north|south|east|west|central|northeast|southeast|northwest|southwest)-\d+/;
+/**
+ * Map provider to its native URI scheme prefix.
+ * Derived from the registry's `schemes` array (first entry is the primary scheme).
+ * Falls back to 's3' for providers without a scheme (S3-compatible).
+ */
+export function getNativeScheme(provider) {
+    const def = PROVIDERS[provider];
+    if (def?.schemes.length)
+        return def.schemes[0];
+    return 's3';
+}
+/**
+ * Safely decode a percent-encoded URI component.
+ * Returns the original string if decoding fails (malformed sequences).
+ */
+export function safeDecodeURIComponent(s) {
+    try {
+        return decodeURIComponent(s);
+    }
+    catch {
+        return s;
+    }
+}
+/**
+ * Convert a cloud storage protocol URL (s3://, gs://) to an HTTPS URL
+ * for browser access. Returns the original URL if already HTTP(S) or unknown.
+ *
+ * Supported:
+ * - `s3://bucket/key` → `https://s3.{region}.amazonaws.com/{bucket}/{key}`
+ *   (region auto-detected from bucket name when possible)
+ * - `gs://bucket/key` → `https://storage.googleapis.com/{bucket}/{key}`
+ */
+export function resolveCloudUrl(url) {
+    // S3 / S3-compatible: s3://, s3a://, s3n://
+    const s3Match = url.match(/^s3[an]?:\/\/([^/]+)\/?(.*)$/);
+    if (s3Match) {
+        const [, bucket, key] = s3Match;
+        // Detect region from bucket name (e.g. "us-west-2.opendata.source.coop")
+        const regionMatch = bucket.match(AWS_REGION_RE);
+        const region = regionMatch ? regionMatch[0] : 'us-east-1';
+        const base = buildProviderBaseUrl('s3', '', bucket, region);
+        return key ? `${base}/${key}` : base;
+    }
+    // Google Cloud Storage: gs://, gcs://
+    const gcsMatch = url.match(/^gcs?:\/\/([^/]+)\/?(.*)$/);
+    if (gcsMatch) {
+        const [, bucket, key] = gcsMatch;
+        const base = buildProviderBaseUrl('gcs', '', bucket, '');
+        return key ? `${base}/${key}` : base;
+    }
+    return url;
+}