@warmdrift/kgauto-compiler 2.0.0-alpha.16 → 2.0.0-alpha.18

package/dist/glassbox-routes/index.d.mts

@@ -0,0 +1,73 @@
+import { G as GlassboxEvent } from '../types-DWF6mPGg.mjs';
+import '../ir-C3P4gDt0.mjs';
+import '../dialect.mjs';
+
+/**
+ * Public entry point for `@warmdrift/kgauto-compiler/glassbox-routes`.
+ *
+ * One factory call from a Vercel Edge consumer route handler gets you both
+ * the replay-query (`proxy`) and live-SSE (`stream`) endpoints that the
+ * Glass-Box Chrome panel reads. Wiring is ~6 lines per app:
+ *
+ *   // app/api/glassbox/proxy/route.ts
+ *   import { createGlassboxRoutes } from '@warmdrift/kgauto-compiler/glassbox-routes';
+ *   const { proxy } = createGlassboxRoutes({
+ *     installToken: process.env.GLASSBOX_INSTALL_TOKEN!,
+ *     extensionId:  process.env.GLASSBOX_EXTENSION_ID!,
+ *     brainEndpoint: process.env.GLASSBOX_BRAIN_ENDPOINT!,
+ *     brainJwt:     process.env.GLASSBOX_BRAIN_JWT!,
+ *     appId:        'playbacksam',
+ *   });
+ *   export { proxy as GET };
+ *
+ * Auth model (defense in depth):
+ *   - Bearer install token   → primary, constant-time compared
+ *   - chrome-extension Origin → secondary CSRF gate
+ *
+ * Scrub: optional sanitization runs at the proxy boundary before events or
+ * rows leave the consumer's infrastructure. Per pii-scrubber-call-site-not-
+ * package: kgauto stays naive to PII policy; consumers pass scrub hooks
+ * that encode their own data-handling rules.
+ *
+ * Brain reads use the scoped JWT minted via migration 013. RLS enforces
+ * `app_id = jwt.claim.app_id`; the proxy filter is belt-and-suspenders for
+ * payload size + log legibility.
+ */
+
+interface GlassboxRoutesConfig {
+    /** Bearer token validated on every request via constant-time compare. Required. */
+    installToken: string;
+    /** chrome-extension://<id> — exact match required on Origin header. Required. */
+    extensionId: string;
+    /** Brain endpoint base (e.g. https://kgauto-brain.supabase.co). Used by `proxy` for replay queries. */
+    brainEndpoint: string;
+    /** Scoped JWT for brain reads. Use the per-consumer JWT minted via migration 013 (claim: app_id). */
+    brainJwt: string;
+    /** App scope filter — must match the JWT's app_id claim. */
+    appId: string;
+    /**
+     * Optional sanitization hook. Called with each event/trace BEFORE it leaves the consumer.
+     * Default: identity (no scrub). PII policy lives at the call-site, not in the package.
+     */
+    scrub?: (event: GlassboxEvent | Record<string, unknown>) => GlassboxEvent | Record<string, unknown>;
+    /**
+     * Test-only seam: override the brain fetch implementation. Production
+     * code never sets this; tests use it to mock PostgREST responses.
+     */
+    fetch?: typeof fetch;
+    /**
+     * Test-only seam: override the live-stream subscriber. Production code
+     * resolves to the alpha.17 `subscribe()` export; tests inject a fake
+     * source ReadableStream<GlassboxEvent>.
+     */
+    subscribe?: (traceId: string) => ReadableStream<GlassboxEvent>;
+}
+interface GlassboxRoutes {
+    /** GET /api/glassbox/proxy?traceId=<id>  OR  ?limit=20 (recent traces) */
+    proxy: (req: Request) => Promise<Response>;
+    /** GET /api/glassbox/stream?traceId=<id>  (SSE) */
+    stream: (req: Request) => Promise<Response>;
+}
+declare function createGlassboxRoutes(config: GlassboxRoutesConfig): GlassboxRoutes;
+
+export { type GlassboxRoutes, type GlassboxRoutesConfig, createGlassboxRoutes };

package/dist/glassbox-routes/index.d.ts

@@ -0,0 +1,73 @@
+import { G as GlassboxEvent } from '../types-xeklorHU.js';
+import '../ir-CFHU3BUT.js';
+import '../dialect.js';
+
+/**
+ * Public entry point for `@warmdrift/kgauto-compiler/glassbox-routes`.
+ *
+ * One factory call from a Vercel Edge consumer route handler gets you both
+ * the replay-query (`proxy`) and live-SSE (`stream`) endpoints that the
+ * Glass-Box Chrome panel reads. Wiring is ~6 lines per app:
+ *
+ *   // app/api/glassbox/proxy/route.ts
+ *   import { createGlassboxRoutes } from '@warmdrift/kgauto-compiler/glassbox-routes';
+ *   const { proxy } = createGlassboxRoutes({
+ *     installToken: process.env.GLASSBOX_INSTALL_TOKEN!,
+ *     extensionId:  process.env.GLASSBOX_EXTENSION_ID!,
+ *     brainEndpoint: process.env.GLASSBOX_BRAIN_ENDPOINT!,
+ *     brainJwt:     process.env.GLASSBOX_BRAIN_JWT!,
+ *     appId:        'playbacksam',
+ *   });
+ *   export { proxy as GET };
+ *
+ * Auth model (defense in depth):
+ *   - Bearer install token   → primary, constant-time compared
+ *   - chrome-extension Origin → secondary CSRF gate
+ *
+ * Scrub: optional sanitization runs at the proxy boundary before events or
+ * rows leave the consumer's infrastructure. Per pii-scrubber-call-site-not-
+ * package: kgauto stays naive to PII policy; consumers pass scrub hooks
+ * that encode their own data-handling rules.
+ *
+ * Brain reads use the scoped JWT minted via migration 013. RLS enforces
+ * `app_id = jwt.claim.app_id`; the proxy filter is belt-and-suspenders for
+ * payload size + log legibility.
+ */
+
+interface GlassboxRoutesConfig {
+    /** Bearer token validated on every request via constant-time compare. Required. */
+    installToken: string;
+    /** chrome-extension://<id> — exact match required on Origin header. Required. */
+    extensionId: string;
+    /** Brain endpoint base (e.g. https://kgauto-brain.supabase.co). Used by `proxy` for replay queries. */
+    brainEndpoint: string;
+    /** Scoped JWT for brain reads. Use the per-consumer JWT minted via migration 013 (claim: app_id). */
+    brainJwt: string;
+    /** App scope filter — must match the JWT's app_id claim. */
+    appId: string;
+    /**
+     * Optional sanitization hook. Called with each event/trace BEFORE it leaves the consumer.
+     * Default: identity (no scrub). PII policy lives at the call-site, not in the package.
+     */
+    scrub?: (event: GlassboxEvent | Record<string, unknown>) => GlassboxEvent | Record<string, unknown>;
+    /**
+     * Test-only seam: override the brain fetch implementation. Production
+     * code never sets this; tests use it to mock PostgREST responses.
+     */
+    fetch?: typeof fetch;
+    /**
+     * Test-only seam: override the live-stream subscriber. Production code
+     * resolves to the alpha.17 `subscribe()` export; tests inject a fake
+     * source ReadableStream<GlassboxEvent>.
+     */
+    subscribe?: (traceId: string) => ReadableStream<GlassboxEvent>;
+}
+interface GlassboxRoutes {
+    /** GET /api/glassbox/proxy?traceId=<id>  OR  ?limit=20 (recent traces) */
+    proxy: (req: Request) => Promise<Response>;
+    /** GET /api/glassbox/stream?traceId=<id>  (SSE) */
+    stream: (req: Request) => Promise<Response>;
+}
+declare function createGlassboxRoutes(config: GlassboxRoutesConfig): GlassboxRoutes;
+
+export { type GlassboxRoutes, type GlassboxRoutesConfig, createGlassboxRoutes };

package/dist/glassbox-routes/index.js

@@ -0,0 +1,560 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/glassbox-routes/index.ts
+var glassbox_routes_exports = {};
+__export(glassbox_routes_exports, {
+  createGlassboxRoutes: () => createGlassboxRoutes
+});
+module.exports = __toCommonJS(glassbox_routes_exports);
+
+// src/glassbox-routes/auth.ts
+var import_node_buffer = require("buffer");
+var import_node_crypto = require("crypto");
+var JSON_HEADERS = { "Content-Type": "application/json" };
+function jsonError(status, code) {
+  return new Response(JSON.stringify({ error: code }), {
+    status,
+    headers: JSON_HEADERS
+  });
+}
+function tokensEqual(a, b) {
+  if (a.length !== b.length) return false;
+  const ab = import_node_buffer.Buffer.from(a, "utf8");
+  const bb = import_node_buffer.Buffer.from(b, "utf8");
+  if (ab.length !== bb.length) return false;
+  return (0, import_node_crypto.timingSafeEqual)(ab, bb);
+}
+function checkAuth(req, config) {
+  const authHeader = req.headers.get("Authorization") ?? "";
+  const match = /^Bearer\s+(.+)$/i.exec(authHeader);
+  const provided = match?.[1]?.trim() ?? "";
+  if (!provided || !tokensEqual(provided, config.installToken)) {
+    return jsonError(401, "unauthorized");
+  }
+  const origin = req.headers.get("Origin") ?? "";
+  const expected = `chrome-extension://${config.extensionId}`;
+  if (origin !== expected) {
+    return jsonError(403, "forbidden_origin");
+  }
+  return null;
+}
+
+// src/glassbox-routes/proxy.ts
+var JSON_HEADERS2 = {
+  "Content-Type": "application/json",
+  "Cache-Control": "no-store"
+};
+var DEFAULT_LIMIT = 20;
+var MAX_LIMIT = 100;
+function jsonResponse(status, body) {
+  return new Response(JSON.stringify(body), { status, headers: JSON_HEADERS2 });
+}
+function jsonError2(status, code) {
+  return jsonResponse(status, { error: code });
+}
+function applyScrub(row, scrub) {
+  if (!scrub || row == null || typeof row !== "object") return row;
+  try {
+    return scrub(row);
+  } catch {
+    return row;
+  }
+}
+function parseLimit(raw) {
+  if (!raw) return DEFAULT_LIMIT;
+  const n = Number.parseInt(raw, 10);
+  if (!Number.isFinite(n) || n <= 0) return DEFAULT_LIMIT;
+  return Math.min(n, MAX_LIMIT);
+}
+function createProxyHandler(config) {
+  const {
+    installToken,
+    extensionId,
+    brainEndpoint,
+    brainJwt,
+    appId,
+    scrub,
+    fetch: fetchImpl
+  } = config;
+  const doFetch = fetchImpl ?? ((...args) => globalThis.fetch(...args));
+  const base = brainEndpoint.replace(/\/+$/, "");
+  return async function proxy(req) {
+    const authFail = checkAuth(req, { installToken, extensionId });
+    if (authFail) return authFail;
+    const url = new URL(req.url);
+    const traceId = url.searchParams.get("traceId");
+    const limit = parseLimit(url.searchParams.get("limit"));
+    const qs = new URLSearchParams();
+    qs.set("app_id", `eq.${appId}`);
+    if (traceId) {
+      qs.set("trace_id", `eq.${traceId}`);
+    } else {
+      qs.set("order", "created_at.desc");
+      qs.set("limit", String(limit));
+    }
+    const brainUrl = `${base}/rest/v1/compile_outcomes?${qs.toString()}`;
+    let brainRes;
+    try {
+      brainRes = await doFetch(brainUrl, {
+        method: "GET",
+        headers: {
+          Authorization: `Bearer ${brainJwt}`,
+          apikey: brainJwt,
+          Accept: "application/json"
+        }
+      });
+    } catch {
+      return jsonError2(502, "brain_unavailable");
+    }
+    if (brainRes.status === 401 || brainRes.status === 403) {
+      return jsonError2(500, "brain_auth_misconfig");
+    }
+    if (brainRes.status >= 500) {
+      return jsonError2(502, "brain_unavailable");
+    }
+    if (!brainRes.ok) {
+      return jsonError2(400, "bad_request");
+    }
+    let rows;
+    try {
+      rows = await brainRes.json();
+    } catch {
+      return jsonError2(502, "brain_unavailable");
+    }
+    if (!Array.isArray(rows)) {
+      return jsonError2(502, "brain_unavailable");
+    }
+    const scrubbed = rows.map((row) => applyScrub(row, scrub));
+    return jsonResponse(200, scrubbed);
+  };
+}
+
+// src/glassbox-routes/stream.ts
+var SSE_HEADERS = {
+  "Content-Type": "text/event-stream",
+  "Cache-Control": "no-cache, no-transform",
+  Connection: "keep-alive",
+  "X-Accel-Buffering": "no"
+};
+var JSON_HEADERS3 = { "Content-Type": "application/json" };
+function jsonError3(status, code) {
+  return new Response(JSON.stringify({ error: code }), {
+    status,
+    headers: JSON_HEADERS3
+  });
+}
+function applyScrub2(event, scrub) {
+  if (!scrub) return event;
+  try {
+    const out = scrub(event);
+    if (out && typeof out === "object" && typeof out.kind === "string" && typeof out.at === "number") {
+      return out;
+    }
+    return event;
+  } catch {
+    return event;
+  }
+}
+function sseFrame(eventName, data) {
+  const safeName = eventName.replace(/[\r\n]/g, "");
+  return `event: ${safeName}
+data: ${JSON.stringify(data)}
+
+`;
+}
+function createStreamHandler(config, subscribe2) {
+  const { installToken, extensionId, scrub } = config;
+  return async function stream(req) {
+    const authFail = checkAuth(req, { installToken, extensionId });
+    if (authFail) return authFail;
+    const url = new URL(req.url);
+    const traceId = url.searchParams.get("traceId");
+    if (!traceId) {
+      return jsonError3(400, "missing_trace_id");
+    }
+    const source = subscribe2(traceId);
+    const encoder = new TextEncoder();
+    let sourceReader;
+    let cancelled = false;
+    const body = new ReadableStream({
+      async start(controller) {
+        controller.enqueue(encoder.encode(sseFrame("ready", {})));
+        sourceReader = source.getReader();
+        const signal = req.signal;
+        if (signal) {
+          if (signal.aborted) {
+            cancelled = true;
+            await sourceReader.cancel();
+            try {
+              controller.close();
+            } catch {
+            }
+            return;
+          }
+          signal.addEventListener(
+            "abort",
+            () => {
+              cancelled = true;
+              sourceReader?.cancel().catch(() => {
+              });
+              try {
+                controller.close();
+              } catch {
+              }
+            },
+            { once: true }
+          );
+        }
+        try {
+          while (!cancelled) {
+            const { value, done } = await sourceReader.read();
+            if (done) break;
+            const scrubbed = applyScrub2(value, scrub);
+            controller.enqueue(
+              encoder.encode(sseFrame(scrubbed.kind, scrubbed))
+            );
+          }
+        } catch {
+        } finally {
+          try {
+            controller.close();
+          } catch {
+          }
+          try {
+            sourceReader?.releaseLock();
+          } catch {
+          }
+        }
+      },
+      cancel() {
+        cancelled = true;
+        sourceReader?.cancel().catch(() => {
+        });
+      }
+    });
+    return new Response(body, { status: 200, headers: SSE_HEADERS });
+  };
+}
+
+// src/glassbox/types.ts
+var GLASSBOX_STREAM_TTL_MS = 6e4;
+
+// src/glassbox/pubsub-memory.ts
+var MemoryPubSub = class {
+  subscribers = /* @__PURE__ */ new Map();
+  async publish(traceId, event) {
+    const subs = this.subscribers.get(traceId);
+    if (!subs || subs.size === 0) return;
+    for (const sub of subs) {
+      if (sub.closed) continue;
+      try {
+        sub.controller.enqueue(event);
+      } catch {
+        sub.closed = true;
+        continue;
+      }
+      this.refreshTtl(traceId, sub);
+    }
+  }
+  subscribe(traceId) {
+    const self = this;
+    let sub;
+    return new ReadableStream({
+      start(controller) {
+        sub = {
+          controller,
+          ttlTimer: setTimeout(() => {
+            self.closeSubscriber(traceId, sub);
+          }, GLASSBOX_STREAM_TTL_MS),
+          closed: false
+        };
+        let set = self.subscribers.get(traceId);
+        if (!set) {
+          set = /* @__PURE__ */ new Set();
+          self.subscribers.set(traceId, set);
+        }
+        set.add(sub);
+      },
+      cancel() {
+        if (sub) self.removeSubscriber(traceId, sub);
+      }
+    });
+  }
+  /**
+   * Refresh the rolling TTL for a subscriber after an event lands. Replaces
+   * the existing timer with a fresh 60s one.
+   */
+  refreshTtl(traceId, sub) {
+    clearTimeout(sub.ttlTimer);
+    sub.ttlTimer = setTimeout(() => {
+      this.closeSubscriber(traceId, sub);
+    }, GLASSBOX_STREAM_TTL_MS);
+  }
+  /**
+   * Close the subscriber's stream cleanly and remove from the fan-out set.
+   * Idempotent — safe to call multiple times.
+   */
+  closeSubscriber(traceId, sub) {
+    if (sub.closed) return;
+    sub.closed = true;
+    clearTimeout(sub.ttlTimer);
+    try {
+      sub.controller.close();
+    } catch {
+    }
+    this.removeSubscriber(traceId, sub);
+  }
+  removeSubscriber(traceId, sub) {
+    clearTimeout(sub.ttlTimer);
+    const set = this.subscribers.get(traceId);
+    if (!set) return;
+    set.delete(sub);
+    if (set.size === 0) this.subscribers.delete(traceId);
+  }
+  /**
+   * Test-only reset. Tears down all subscribers, clears all state. Calling
+   * outside of tests is harmless but cancels every active stream.
+   */
+  _reset() {
+    for (const [, set] of this.subscribers) {
+      for (const sub of set) {
+        this.closeSubscriber("", sub);
+      }
+    }
+    this.subscribers.clear();
+  }
+};
+
+// src/glassbox/pubsub-upstash.ts
+var UpstashPubSub = class {
+  url;
+  token;
+  fetchImpl;
+  blockMs;
+  maxLen;
+  constructor(cfg) {
+    this.url = cfg.url.replace(/\/$/, "");
+    this.token = cfg.token;
+    this.fetchImpl = cfg.fetchImpl ?? globalThis.fetch.bind(globalThis);
+    this.blockMs = cfg.blockMs ?? 100;
+    this.maxLen = cfg.maxLen ?? 100;
+  }
+  async publish(traceId, event) {
+    const key = streamKey(traceId);
+    const payload = JSON.stringify(event);
+    await this.cmd([
+      "XADD",
+      key,
+      "MAXLEN",
+      "~",
+      String(this.maxLen),
+      "*",
+      "event",
+      payload
+    ]);
+    await this.cmd(["EXPIRE", key, String(Math.ceil(GLASSBOX_STREAM_TTL_MS / 1e3))]);
+  }
+  subscribe(traceId) {
+    const key = streamKey(traceId);
+    const self = this;
+    let cursor = "$";
+    let cancelled = false;
+    let ttlDeadline = Date.now() + GLASSBOX_STREAM_TTL_MS;
+    return new ReadableStream({
+      async start(controller) {
+        try {
+          while (!cancelled && Date.now() < ttlDeadline) {
+            const resp = await self.cmd([
+              "XREAD",
+              "BLOCK",
+              String(self.blockMs),
+              "STREAMS",
+              key,
+              cursor
+            ]);
+            if (cancelled) break;
+            const parsed = parseXReadResult(resp.result);
+            if (parsed.entries.length === 0) {
+              continue;
+            }
+            for (const entry of parsed.entries) {
+              const evt = decodeEvent(entry.fields);
+              if (evt) {
+                try {
+                  controller.enqueue(evt);
+                } catch {
+                  cancelled = true;
+                  break;
+                }
+              }
+              cursor = entry.id;
+            }
+            ttlDeadline = Date.now() + GLASSBOX_STREAM_TTL_MS;
+          }
+        } catch (err) {
+          if (!cancelled) {
+            try {
+              controller.error(err);
+            } catch {
+            }
+            return;
+          }
+        }
+        try {
+          controller.close();
+        } catch {
+        }
+      },
+      cancel() {
+        cancelled = true;
+      }
+    });
+  }
+  async cmd(args) {
+    const res = await this.fetchImpl(this.url, {
+      method: "POST",
+      headers: {
+        Authorization: `Bearer ${this.token}`,
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify(args)
+    });
+    if (!res.ok) {
+      throw new Error(`Upstash ${args[0]} failed: HTTP ${res.status}`);
+    }
+    const json = await res.json();
+    if (json.error) {
+      throw new Error(`Upstash ${args[0]} failed: ${json.error}`);
+    }
+    return json;
+  }
+};
+function streamKey(traceId) {
+  return `glassbox:trace:${traceId}`;
+}
+function decodeEvent(fields) {
+  const raw = fields["event"];
+  if (!raw) return void 0;
+  try {
+    const parsed = JSON.parse(raw);
+    if (typeof parsed.kind === "string" && typeof parsed.at === "number") {
+      return parsed;
+    }
+    return void 0;
+  } catch {
+    return void 0;
+  }
+}
+function parseXReadResult(raw) {
+  if (!Array.isArray(raw)) return { entries: [] };
+  const entries = [];
+  for (const stream of raw) {
+    if (!Array.isArray(stream) || stream.length < 2) continue;
+    const streamEntries = stream[1];
+    if (!Array.isArray(streamEntries)) continue;
+    for (const entry of streamEntries) {
+      if (!Array.isArray(entry) || entry.length < 2) continue;
+      const id = String(entry[0]);
+      const flat = entry[1];
+      if (!Array.isArray(flat)) continue;
+      const fields = {};
+      for (let i = 0; i < flat.length; i += 2) {
+        const k = flat[i];
+        const v = flat[i + 1];
+        if (typeof k === "string") fields[k] = String(v ?? "");
+      }
+      entries.push({ id, fields });
+    }
+  }
+  return { entries };
+}
+
+// src/glassbox/emit.ts
+var activePubSub;
+function getPubSub() {
+  if (activePubSub) return activePubSub;
+  const url = readEnv("UPSTASH_REDIS_URL");
+  const token = readEnv("UPSTASH_REDIS_TOKEN");
+  if (url && token) {
+    activePubSub = new UpstashPubSub({ url, token });
+  } else {
+    activePubSub = new MemoryPubSub();
+  }
+  return activePubSub;
+}
+function readEnv(key) {
+  try {
+    if (typeof process !== "undefined" && process.env) {
+      const v = process.env[key];
+      return v && v.trim() !== "" ? v : void 0;
+    }
+  } catch {
+  }
+  return void 0;
+}
+
+// src/glassbox/subscribe.ts
+function subscribe(traceId) {
+  if (!traceId) {
+    return new ReadableStream({
+      start(controller) {
+        controller.close();
+      }
+    });
+  }
+  return getPubSub().subscribe(traceId);
+}
+
+// src/glassbox-routes/index.ts
+function requireString(name, value) {
+  if (typeof value !== "string" || value.length === 0) {
+    throw new Error(`createGlassboxRoutes: ${name} is required`);
+  }
+  return value;
+}
+function createGlassboxRoutes(config) {
+  const installToken = requireString("installToken", config.installToken);
+  const extensionId = requireString("extensionId", config.extensionId);
+  const brainEndpoint = requireString("brainEndpoint", config.brainEndpoint);
+  const brainJwt = requireString("brainJwt", config.brainJwt);
+  const appId = requireString("appId", config.appId);
+  const proxy = createProxyHandler({
+    installToken,
+    extensionId,
+    brainEndpoint,
+    brainJwt,
+    appId,
+    scrub: config.scrub,
+    fetch: config.fetch
+  });
+  const stream = createStreamHandler(
+    {
+      installToken,
+      extensionId,
+      scrub: config.scrub
+    },
+    config.subscribe ?? subscribe
+  );
+  return { proxy, stream };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createGlassboxRoutes
+});