@yannelli/zoomies 0.0.0

package/dist/server/api/db-context.js

@@ -0,0 +1,76 @@
+/**
+ * Process-wide database singleton + repository factory used by every Route
+ * Handler.
+ *
+ * Route Handlers run inside the long-lived Next.js Node process, so we open
+ * the SQLite database once on first use and reuse the connection. Each call
+ * to {@link getRepositories} hands back fresh repository instances — the
+ * prepared statements they cache live on the repo itself (a few ms of
+ * preparation cost per request is negligible compared to JSON
+ * serialisation), and re-instantiating per call keeps the API surface flat.
+ *
+ * Tests inject their own in-memory DB via {@link resetDbForTesting}; the
+ * same hook is used by `pnpm dev` to drop and re-open the connection when
+ * Next.js hot-reloads a module that imports this file.
+ */
+import { mkdirSync } from 'node:fs';
+import { join } from 'node:path';
+import { openDatabase } from '../db/connection.js';
+import { runMigrations } from '../db/migrate.js';
+import { CertRepository } from '../repositories/cert-repository.js';
+import { SiteRepository } from '../repositories/site-repository.js';
+import { UpstreamRepository } from '../repositories/upstream-repository.js';
+let dbInstance = null;
+/**
+ * Return the process-wide database connection, opening it on first use.
+ *
+ * The state directory is `$ZOOMIES_STATE_DIR` if set, otherwise
+ * `<cwd>/.zoomies`. The directory is created recursively if missing. The
+ * database file lives at `<stateDir>/zoomies.db` and is migrated on open.
+ */
+export function getDb() {
+    if (dbInstance !== null) {
+        return dbInstance;
+    }
+    const stateDir = process.env.ZOOMIES_STATE_DIR ?? join(process.cwd(), '.zoomies');
+    mkdirSync(stateDir, { recursive: true });
+    dbInstance = openDatabase(join(stateDir, 'zoomies.db'));
+    runMigrations(dbInstance);
+    return dbInstance;
+}
+/**
+ * Construct a fresh set of repositories backed by the shared connection.
+ *
+ * Cheap to call per-request; repository constructors only prepare a handful
+ * of statements against an already-open database handle.
+ */
+export function getRepositories() {
+    const db = getDb();
+    return {
+        sites: new SiteRepository(db),
+        upstreams: new UpstreamRepository(db),
+        certs: new CertRepository(db),
+    };
+}
+/**
+ * Replace (or clear) the cached database singleton.
+ *
+ * - Tests pass in their own in-memory connection so handlers operate on
+ *   the same DB the test seeded.
+ * - Passing `null` or no argument closes any existing connection and
+ *   forces the next {@link getDb} call to re-open from disk; used by the
+ *   `pnpm dev` watcher when modules reload.
+ */
+export function resetDbForTesting(db) {
+    if (dbInstance !== null && dbInstance !== db) {
+        try {
+            dbInstance.close();
+        }
+        catch {
+            // Ignore close failures — the handle may already be closed by the
+            // caller (tests often own the lifecycle of their own in-memory DB).
+        }
+    }
+    dbInstance = db ?? null;
+}
+//# sourceMappingURL=db-context.js.map

package/dist/server/api/db-context.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"db-context.js","sourceRoot":"","sources":["../../../src/server/api/db-context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AACpC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAIjC,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AACpE,OAAO,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AACpE,OAAO,EAAE,kBAAkB,EAAE,MAAM,wCAAwC,CAAC;AAE5E,IAAI,UAAU,GAA6B,IAAI,CAAC;AAEhD;;;;;;GAMG;AACH,MAAM,UAAU,KAAK;IACnB,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;QACxB,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,UAAU,CAAC,CAAC;IAClF,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAEzC,UAAU,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC;IACxD,aAAa,CAAC,UAAU,CAAC,CAAC;IAC1B,OAAO,UAAU,CAAC;AACpB,CAAC;AAQD;;;;;GAKG;AACH,MAAM,UAAU,eAAe;IAC7B,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;IACnB,OAAO;QACL,KAAK,EAAE,IAAI,cAAc,CAAC,EAAE,CAAC;QAC7B,SAAS,EAAE,IAAI,kBAAkB,CAAC,EAAE,CAAC;QACrC,KAAK,EAAE,IAAI,cAAc,CAAC,EAAE,CAAC;KAC9B,CAAC;AACJ,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,iBAAiB,CAAC,EAA6B;IAC7D,IAAI,UAAU,KAAK,IAAI,IAAI,UAAU,KAAK,EAAE,EAAE,CAAC;QAC7C,IAAI,CAAC;YACH,UAAU,CAAC,KAAK,EAAE,CAAC;QACrB,CAAC;QAAC,MAAM,CAAC;YACP,kEAAkE;YAClE,oEAAoE;QACtE,CAAC;IACH,CAAC;IACD,UAAU,GAAG,EAAE,IAAI,IAAI,CAAC;AAC1B,CAAC"}

package/dist/server/api/error-mapping.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Translates errors thrown inside the control-plane domain layer (and Zod
+ * validation failures at the request boundary) into HTTP-shaped responses.
+ *
+ * Handlers should call this from a single top-level `try { ... } catch` and
+ * pass the caught value through verbatim. The mapping never re-throws and
+ * never leaks unanticipated error messages — those collapse to a generic
+ * `internal` response with the original logged to stderr for operators.
+ */
+export interface ApiErrorResponse {
+    status: number;
+    body: {
+        error: string;
+        code: string;
+        details?: unknown;
+    };
+}
+export declare function mapErrorToResponse(err: unknown): ApiErrorResponse;
+//# sourceMappingURL=error-mapping.d.ts.map

package/dist/server/api/error-mapping.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"error-mapping.d.ts","sourceRoot":"","sources":["../../../src/server/api/error-mapping.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAOH,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;CAC1D;AAgBD,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,OAAO,GAAG,gBAAgB,CAmCjE"}

package/dist/server/api/error-mapping.js

@@ -0,0 +1,56 @@
+/**
+ * Translates errors thrown inside the control-plane domain layer (and Zod
+ * validation failures at the request boundary) into HTTP-shaped responses.
+ *
+ * Handlers should call this from a single top-level `try { ... } catch` and
+ * pass the caught value through verbatim. The mapping never re-throws and
+ * never leaks unanticipated error messages — those collapse to a generic
+ * `internal` response with the original logged to stderr for operators.
+ */
+import { ZodError } from 'zod';
+import { UnauthorizedError } from '../auth/require-token.js';
+import { ConflictError, DomainError, NotFoundError, ValidationError } from '../domain/errors.js';
+/**
+ * Build a 500 response without echoing the inbound error's message. The
+ * original is logged so operators can diagnose, but we treat unanticipated
+ * messages as potentially sensitive (they may include file paths, SQL
+ * snippets, or other internals).
+ */
+function internalServerError(err) {
+    console.error('zoomies: unhandled error in api handler:', err);
+    return {
+        status: 500,
+        body: { error: 'internal server error', code: 'internal' },
+    };
+}
+export function mapErrorToResponse(err) {
+    if (err instanceof NotFoundError) {
+        return { status: 404, body: { error: err.message, code: 'not_found' } };
+    }
+    if (err instanceof ConflictError) {
+        return { status: 409, body: { error: err.message, code: 'conflict' } };
+    }
+    if (err instanceof ValidationError) {
+        return { status: 400, body: { error: err.message, code: 'validation' } };
+    }
+    if (err instanceof UnauthorizedError) {
+        return { status: 401, body: { error: err.message, code: 'unauthorized' } };
+    }
+    if (err instanceof ZodError) {
+        return {
+            status: 400,
+            body: {
+                error: 'invalid request body',
+                code: 'validation',
+                details: err.flatten(),
+            },
+        };
+    }
+    // Any other `DomainError` subclass we add later still gets its declared
+    // `code` surfaced, but at a 500 since we don't know its semantics here.
+    if (err instanceof DomainError) {
+        return { status: 500, body: { error: err.message, code: err.code } };
+    }
+    return internalServerError(err);
+}
+//# sourceMappingURL=error-mapping.js.map

package/dist/server/api/error-mapping.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"error-mapping.js","sourceRoot":"","sources":["../../../src/server/api/error-mapping.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,KAAK,CAAC;AAE/B,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAOjG;;;;;GAKG;AACH,SAAS,mBAAmB,CAAC,GAAY;IACvC,OAAO,CAAC,KAAK,CAAC,0CAA0C,EAAE,GAAG,CAAC,CAAC;IAC/D,OAAO;QACL,MAAM,EAAE,GAAG;QACX,IAAI,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,IAAI,EAAE,UAAU,EAAE;KAC3D,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,GAAY;IAC7C,IAAI,GAAG,YAAY,aAAa,EAAE,CAAC;QACjC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,EAAE,CAAC;IAC1E,CAAC;IAED,IAAI,GAAG,YAAY,aAAa,EAAE,CAAC;QACjC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,CAAC;IACzE,CAAC;IAED,IAAI,GAAG,YAAY,eAAe,EAAE,CAAC;QACnC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,CAAC;IAC3E,CAAC;IAED,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;QACrC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,EAAE,CAAC;IAC7E,CAAC;IAED,IAAI,GAAG,YAAY,QAAQ,EAAE,CAAC;QAC5B,OAAO;YACL,MAAM,EAAE,GAAG;YACX,IAAI,EAAE;gBACJ,KAAK,EAAE,sBAAsB;gBAC7B,IAAI,EAAE,YAAY;gBAClB,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE;aACvB;SACF,CAAC;IACJ,CAAC;IAED,wEAAwE;IACxE,wEAAwE;IACxE,IAAI,GAAG,YAAY,WAAW,EAAE,CAAC;QAC/B,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC;IACvE,CAAC;IAED,OAAO,mBAAmB,CAAC,GAAG,CAAC,CAAC;AAClC,CAAC"}

package/dist/server/api/handlers/site-cert.d.ts

@@ -0,0 +1,49 @@
+/**
+ * Issue (or re-issue) a certificate for a single site, identified by id.
+ *
+ * The handler is framework-agnostic, mirroring {@link createSite} et al.:
+ *   - Look up the site by id and surface a {@link NotFoundError} if absent.
+ *   - Drive the ACME flow via the injected `issue` closure — the closure
+ *     wraps {@link issueCertificate} in production and is mocked in tests.
+ *   - Insert a new `certs` row on first issuance, or update the existing
+ *     row when the hostname already has one (the cert table treats `domain`
+ *     as the unique key).
+ *
+ * NGINX reload is intentionally NOT triggered here. The new cert files
+ * land on disk during issuance; the next mutation-driven reload (when a
+ * site is created/updated) or scheduled reload picks them up.
+ *
+ * TODO(phase-9): once the API → reload bridge lands, fire a reload here
+ * after a successful issuance so the new cert takes effect immediately.
+ */
+import type { AcmeAccount } from '../../certs/acme-account.js';
+import type { ChallengeStore } from '../../certs/challenge-store.js';
+import type { IssueResult } from '../../certs/issue.js';
+import type { Cert } from '../../domain/cert.js';
+import type { CertRepository } from '../../repositories/cert-repository.js';
+import type { SiteRepository } from '../../repositories/site-repository.js';
+export interface IssueCertForSiteDeps {
+    siteRepo: SiteRepository;
+    certRepo: CertRepository;
+    account: AcmeAccount;
+    challengeStore: ChallengeStore;
+    certDir: string;
+    /**
+     * Injectable issuance closure. Production wires this to
+     * {@link issueCertificate}; tests substitute a fake that returns a canned
+     * {@link IssueResult} so no real ACME order is opened.
+     */
+    issue: (opts: {
+        domain: string;
+        account: AcmeAccount;
+        challengeStore: ChallengeStore;
+        certDir: string;
+    }) => Promise<IssueResult>;
+}
+/**
+ * Issue (or re-issue) the certificate for the site identified by `siteId`.
+ *
+ * Returns the resulting `Cert` row — newly created or freshly updated.
+ */
+export declare function issueCertForSite(siteId: string, deps: IssueCertForSiteDeps): Promise<Cert>;
+//# sourceMappingURL=site-cert.d.ts.map

package/dist/server/api/handlers/site-cert.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"site-cert.d.ts","sourceRoot":"","sources":["../../../../src/server/api/handlers/site-cert.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAGH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AACrE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AACxD,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC;AACjD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,uCAAuC,CAAC;AAC5E,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,uCAAuC,CAAC;AAE5E,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,cAAc,CAAC;IACzB,QAAQ,EAAE,cAAc,CAAC;IACzB,OAAO,EAAE,WAAW,CAAC;IACrB,cAAc,EAAE,cAAc,CAAC;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB;;;;OAIG;IACH,KAAK,EAAE,CAAC,IAAI,EAAE;QACZ,MAAM,EAAE,MAAM,CAAC;QACf,OAAO,EAAE,WAAW,CAAC;QACrB,cAAc,EAAE,cAAc,CAAC;QAC/B,OAAO,EAAE,MAAM,CAAC;KACjB,KAAK,OAAO,CAAC,WAAW,CAAC,CAAC;CAC5B;AAED;;;;GAIG;AACH,wBAAsB,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,oBAAoB,GAAG,OAAO,CAAC,IAAI,CAAC,CA+BhG"}

package/dist/server/api/handlers/site-cert.js

@@ -0,0 +1,54 @@
+/**
+ * Issue (or re-issue) a certificate for a single site, identified by id.
+ *
+ * The handler is framework-agnostic, mirroring {@link createSite} et al.:
+ *   - Look up the site by id and surface a {@link NotFoundError} if absent.
+ *   - Drive the ACME flow via the injected `issue` closure — the closure
+ *     wraps {@link issueCertificate} in production and is mocked in tests.
+ *   - Insert a new `certs` row on first issuance, or update the existing
+ *     row when the hostname already has one (the cert table treats `domain`
+ *     as the unique key).
+ *
+ * NGINX reload is intentionally NOT triggered here. The new cert files
+ * land on disk during issuance; the next mutation-driven reload (when a
+ * site is created/updated) or scheduled reload picks them up.
+ *
+ * TODO(phase-9): once the API → reload bridge lands, fire a reload here
+ * after a successful issuance so the new cert takes effect immediately.
+ */
+import { NotFoundError } from '../../domain/errors.js';
+/**
+ * Issue (or re-issue) the certificate for the site identified by `siteId`.
+ *
+ * Returns the resulting `Cert` row — newly created or freshly updated.
+ */
+export async function issueCertForSite(siteId, deps) {
+    const site = deps.siteRepo.findById(siteId);
+    if (site === null) {
+        throw new NotFoundError(`site not found: ${siteId}`);
+    }
+    const result = await deps.issue({
+        domain: site.hostname,
+        account: deps.account,
+        challengeStore: deps.challengeStore,
+        certDir: deps.certDir,
+    });
+    const existing = deps.certRepo.findByDomain(site.hostname);
+    if (existing === null) {
+        return deps.certRepo.create({
+            domain: result.domain,
+            provider: 'acme',
+            pemPath: result.pemPath,
+            keyPath: result.keyPath,
+            notBefore: result.notBefore,
+            notAfter: result.notAfter,
+        });
+    }
+    return deps.certRepo.update(existing.id, {
+        pemPath: result.pemPath,
+        keyPath: result.keyPath,
+        notBefore: result.notBefore,
+        notAfter: result.notAfter,
+    });
+}
+//# sourceMappingURL=site-cert.js.map

package/dist/server/api/handlers/site-cert.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"site-cert.js","sourceRoot":"","sources":["../../../../src/server/api/handlers/site-cert.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AA2BvD;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,MAAc,EAAE,IAA0B;IAC/E,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC5C,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;QAClB,MAAM,IAAI,aAAa,CAAC,mBAAmB,MAAM,EAAE,CAAC,CAAC;IACvD,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC;QAC9B,MAAM,EAAE,IAAI,CAAC,QAAQ;QACrB,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,cAAc,EAAE,IAAI,CAAC,cAAc;QACnC,OAAO,EAAE,IAAI,CAAC,OAAO;KACtB,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC3D,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;YAC1B,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,QAAQ,EAAE,MAAM;YAChB,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,QAAQ,EAAE,MAAM,CAAC,QAAQ;SAC1B,CAAC,CAAC;IACL,CAAC;IAED,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,EAAE;QACvC,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,QAAQ,EAAE,MAAM,CAAC,QAAQ;KAC1B,CAAC,CAAC;AACL,CAAC"}

package/dist/server/api/handlers/sites.d.ts

@@ -0,0 +1,67 @@
+/**
+ * Framework-agnostic CRUD operations for {@link Site} aggregates.
+ *
+ * These handlers are pure functions over a {@link SiteRepository}. They:
+ *   - parse raw input with Zod at the boundary,
+ *   - delegate persistence to the repository,
+ *   - promote repository-level absence (`findById === null`,
+ *     `delete === false`) into {@link NotFoundError},
+ *   - and otherwise let domain errors (`NotFoundError`, `ConflictError`,
+ *     `ZodError`) bubble verbatim so the Route Handler can hand them to
+ *     {@link mapErrorToResponse} unchanged.
+ *
+ * No NGINX reload, no filesystem writes, no logging. Reload triggering is
+ * deferred until Phase 7 wires the UI to these endpoints — that's when we
+ * actually have a consumer that benefits from a downstream `applyDesiredState`.
+ */
+import type { z } from 'zod';
+import { type Site } from '../../domain/site.js';
+import type { SiteRepository } from '../../repositories/site-repository.js';
+export interface SiteHandlerDeps {
+    siteRepo: SiteRepository;
+}
+export declare const CreateSiteInputSchema: z.ZodObject<{
+    hostname: z.ZodString;
+    upstreamId: z.ZodString;
+    tlsMode: z.ZodEnum<{
+        off: "off";
+        acme: "acme";
+        manual: "manual";
+    }>;
+}, z.core.$strip>;
+export declare const UpdateSiteInputSchema: z.ZodObject<{
+    hostname: z.ZodOptional<z.ZodString>;
+    upstreamId: z.ZodOptional<z.ZodString>;
+    tlsMode: z.ZodOptional<z.ZodEnum<{
+        off: "off";
+        acme: "acme";
+        manual: "manual";
+    }>>;
+}, z.core.$strip>;
+export type CreateSiteInput = z.infer<typeof CreateSiteInputSchema>;
+export type UpdateSiteInput = z.infer<typeof UpdateSiteInputSchema>;
+export declare function listSites(deps: SiteHandlerDeps): Site[];
+export declare function getSite(id: string, deps: SiteHandlerDeps): Site;
+/**
+ * Validate `rawInput` against {@link CreateSiteInputSchema} and persist it.
+ *
+ * `.parse` (not `.safeParse`) — the resulting `ZodError` is caught by the
+ * Route Handler's top-level `try/catch` and translated by
+ * `mapErrorToResponse` into a 400 with structured details.
+ */
+export declare function createSite(rawInput: unknown, deps: SiteHandlerDeps): Site;
+/**
+ * Partially update an existing site.
+ *
+ * Mirrors the repository semantics: an empty patch is accepted, leaves all
+ * fields untouched, and still bumps `updatedAt`. A non-existent id surfaces
+ * as {@link NotFoundError} from the repository.
+ */
+export declare function updateSite(id: string, rawInput: unknown, deps: SiteHandlerDeps): Site;
+/**
+ * Delete a site. The repository returns `false` for a no-op delete; we
+ * promote that to {@link NotFoundError} at the API boundary so callers can
+ * distinguish a successful 204 from a missing record.
+ */
+export declare function deleteSite(id: string, deps: SiteHandlerDeps): void;
+//# sourceMappingURL=sites.d.ts.map

package/dist/server/api/handlers/sites.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sites.d.ts","sourceRoot":"","sources":["../../../../src/server/api/handlers/sites.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAG7B,OAAO,EAAc,KAAK,IAAI,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,uCAAuC,CAAC;AAE5E,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,cAAc,CAAC;CAC1B;AAED,eAAO,MAAM,qBAAqB;;;;;;;;iBAIhC,CAAC;AAEH,eAAO,MAAM,qBAAqB;;;;;;;;iBAAkC,CAAC;AAErE,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AACpE,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAEpE,wBAAgB,SAAS,CAAC,IAAI,EAAE,eAAe,GAAG,IAAI,EAAE,CAEvD;AAED,wBAAgB,OAAO,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,eAAe,GAAG,IAAI,CAM/D;AAED;;;;;;GAMG;AACH,wBAAgB,UAAU,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,eAAe,GAAG,IAAI,CAGzE;AAyBD;;;;;;GAMG;AACH,wBAAgB,UAAU,CAAC,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,eAAe,GAAG,IAAI,CAGrF;AAED;;;;GAIG;AACH,wBAAgB,UAAU,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,eAAe,GAAG,IAAI,CAKlE"}

package/dist/server/api/handlers/sites.js

@@ -0,0 +1,78 @@
+/**
+ * Framework-agnostic CRUD operations for {@link Site} aggregates.
+ *
+ * These handlers are pure functions over a {@link SiteRepository}. They:
+ *   - parse raw input with Zod at the boundary,
+ *   - delegate persistence to the repository,
+ *   - promote repository-level absence (`findById === null`,
+ *     `delete === false`) into {@link NotFoundError},
+ *   - and otherwise let domain errors (`NotFoundError`, `ConflictError`,
+ *     `ZodError`) bubble verbatim so the Route Handler can hand them to
+ *     {@link mapErrorToResponse} unchanged.
+ *
+ * No NGINX reload, no filesystem writes, no logging. Reload triggering is
+ * deferred until Phase 7 wires the UI to these endpoints — that's when we
+ * actually have a consumer that benefits from a downstream `applyDesiredState`.
+ */
+import { NotFoundError } from '../../domain/errors.js';
+import { SiteSchema } from '../../domain/site.js';
+export const CreateSiteInputSchema = SiteSchema.omit({
+    id: true,
+    createdAt: true,
+    updatedAt: true,
+});
+export const UpdateSiteInputSchema = CreateSiteInputSchema.partial();
+export function listSites(deps) {
+    return deps.siteRepo.list();
+}
+export function getSite(id, deps) {
+    const site = deps.siteRepo.findById(id);
+    if (site === null) {
+        throw new NotFoundError('site not found');
+    }
+    return site;
+}
+/**
+ * Validate `rawInput` against {@link CreateSiteInputSchema} and persist it.
+ *
+ * `.parse` (not `.safeParse`) — the resulting `ZodError` is caught by the
+ * Route Handler's top-level `try/catch` and translated by
+ * `mapErrorToResponse` into a 400 with structured details.
+ */
+export function createSite(rawInput, deps) {
+    const input = CreateSiteInputSchema.parse(rawInput);
+    return deps.siteRepo.create(input);
+}
+function stripUndefined(input) {
+    const out = {};
+    for (const key of Object.keys(input)) {
+        const value = input[key];
+        if (value !== undefined) {
+            out[key] = value;
+        }
+    }
+    return out;
+}
+/**
+ * Partially update an existing site.
+ *
+ * Mirrors the repository semantics: an empty patch is accepted, leaves all
+ * fields untouched, and still bumps `updatedAt`. A non-existent id surfaces
+ * as {@link NotFoundError} from the repository.
+ */
+export function updateSite(id, rawInput, deps) {
+    const patch = UpdateSiteInputSchema.parse(rawInput);
+    return deps.siteRepo.update(id, stripUndefined(patch));
+}
+/**
+ * Delete a site. The repository returns `false` for a no-op delete; we
+ * promote that to {@link NotFoundError} at the API boundary so callers can
+ * distinguish a successful 204 from a missing record.
+ */
+export function deleteSite(id, deps) {
+    const deleted = deps.siteRepo.delete(id);
+    if (!deleted) {
+        throw new NotFoundError('site not found');
+    }
+}
+//# sourceMappingURL=sites.js.map

package/dist/server/api/handlers/sites.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sites.js","sourceRoot":"","sources":["../../../../src/server/api/handlers/sites.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAIH,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAa,MAAM,sBAAsB,CAAC;AAO7D,MAAM,CAAC,MAAM,qBAAqB,GAAG,UAAU,CAAC,IAAI,CAAC;IACnD,EAAE,EAAE,IAAI;IACR,SAAS,EAAE,IAAI;IACf,SAAS,EAAE,IAAI;CAChB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,qBAAqB,GAAG,qBAAqB,CAAC,OAAO,EAAE,CAAC;AAKrE,MAAM,UAAU,SAAS,CAAC,IAAqB;IAC7C,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;AAC9B,CAAC;AAED,MAAM,UAAU,OAAO,CAAC,EAAU,EAAE,IAAqB;IACvD,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IACxC,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;QAClB,MAAM,IAAI,aAAa,CAAC,gBAAgB,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,UAAU,CAAC,QAAiB,EAAE,IAAqB;IACjE,MAAM,KAAK,GAAG,qBAAqB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IACpD,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACrC,CAAC;AAcD,SAAS,cAAc,CAAoC,KAAQ;IACjE,MAAM,GAAG,GAAqB,EAAE,CAAC;IACjC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAmB,EAAE,CAAC;QACvD,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC;QACzB,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,GAAG,CAAC,GAAG,CAAC,GAAG,KAA0C,CAAC;QACxD,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,UAAU,CAAC,EAAU,EAAE,QAAiB,EAAE,IAAqB;IAC7E,MAAM,KAAK,GAAG,qBAAqB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IACpD,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,EAAE,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC;AACzD,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,UAAU,CAAC,EAAU,EAAE,IAAqB;IAC1D,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IACzC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,aAAa,CAAC,gBAAgB,CAAC,CAAC;IAC5C,CAAC;AACH,CAAC"}

package/dist/server/api/handlers/upstreams.d.ts

@@ -0,0 +1,64 @@
+/**
+ * Framework-agnostic CRUD operations for {@link Upstream} aggregates.
+ *
+ * Mirrors the site handlers in shape: Zod at the boundary, repository for
+ * persistence, domain errors bubble unchanged to {@link mapErrorToResponse}.
+ *
+ * One asymmetry vs. sites: `deleteUpstream` may need to translate a raw
+ * SQLite FOREIGN KEY error into a {@link ConflictError}. The migration
+ * declares `sites.upstream_id REFERENCES upstreams(id) ON DELETE RESTRICT`,
+ * so deleting an upstream that any site still references blows up with
+ * `SQLITE_CONSTRAINT_FOREIGNKEY`. The repository does not currently catch
+ * this — see the inline translation in {@link deleteUpstream}.
+ */
+import type { z } from 'zod';
+import { type Upstream } from '../../domain/upstream.js';
+import type { UpstreamRepository } from '../../repositories/upstream-repository.js';
+export interface UpstreamHandlerDeps {
+    upstreamRepo: UpstreamRepository;
+}
+export declare const CreateUpstreamInputSchema: z.ZodObject<{
+    name: z.ZodString;
+    targets: z.ZodArray<z.ZodObject<{
+        host: z.ZodUnion<readonly [z.ZodIPv4, z.ZodIPv6, z.ZodString]>;
+        port: z.ZodNumber;
+        weight: z.ZodNumber;
+    }, z.core.$strip>>;
+    loadBalancer: z.ZodEnum<{
+        round_robin: "round_robin";
+        least_conn: "least_conn";
+        ip_hash: "ip_hash";
+    }>;
+}, z.core.$strip>;
+export declare const UpdateUpstreamInputSchema: z.ZodObject<{
+    name: z.ZodOptional<z.ZodString>;
+    targets: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        host: z.ZodUnion<readonly [z.ZodIPv4, z.ZodIPv6, z.ZodString]>;
+        port: z.ZodNumber;
+        weight: z.ZodNumber;
+    }, z.core.$strip>>>;
+    loadBalancer: z.ZodOptional<z.ZodEnum<{
+        round_robin: "round_robin";
+        least_conn: "least_conn";
+        ip_hash: "ip_hash";
+    }>>;
+}, z.core.$strip>;
+export type CreateUpstreamInput = z.infer<typeof CreateUpstreamInputSchema>;
+export type UpdateUpstreamInput = z.infer<typeof UpdateUpstreamInputSchema>;
+export declare function listUpstreams(deps: UpstreamHandlerDeps): Upstream[];
+export declare function getUpstream(id: string, deps: UpstreamHandlerDeps): Upstream;
+export declare function createUpstream(rawInput: unknown, deps: UpstreamHandlerDeps): Upstream;
+export declare function updateUpstream(id: string, rawInput: unknown, deps: UpstreamHandlerDeps): Upstream;
+/**
+ * Delete an upstream.
+ *
+ * - Missing id → {@link NotFoundError} (the repo returns `false`; we
+ *   promote it to 404 at the API boundary).
+ * - Upstream still referenced by a site → {@link ConflictError}. The
+ *   underlying SQLite FOREIGN KEY error is opaque to API consumers, so we
+ *   translate it into a domain error here. (The site repository handles
+ *   the inverse direction; the upstream repository was not updated for
+ *   this case because it's a Phase 6 API-boundary concern.)
+ */
+export declare function deleteUpstream(id: string, deps: UpstreamHandlerDeps): void;
+//# sourceMappingURL=upstreams.d.ts.map

package/dist/server/api/handlers/upstreams.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"upstreams.d.ts","sourceRoot":"","sources":["../../../../src/server/api/handlers/upstreams.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAG7B,OAAO,EAAkB,KAAK,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACzE,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,2CAA2C,CAAC;AAEpF,MAAM,WAAW,mBAAmB;IAClC,YAAY,EAAE,kBAAkB,CAAC;CAClC;AAED,eAAO,MAAM,yBAAyB;;;;;;;;;;;;iBAIpC,CAAC;AAEH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;iBAAsC,CAAC;AAE7E,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAC5E,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAwB5E,wBAAgB,aAAa,CAAC,IAAI,EAAE,mBAAmB,GAAG,QAAQ,EAAE,CAEnE;AAED,wBAAgB,WAAW,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,mBAAmB,GAAG,QAAQ,CAM3E;AAED,wBAAgB,cAAc,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,mBAAmB,GAAG,QAAQ,CAGrF;AAwBD,wBAAgB,cAAc,CAAC,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,mBAAmB,GAAG,QAAQ,CAGjG;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,cAAc,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,mBAAmB,GAAG,IAAI,CAe1E"}

package/dist/server/api/handlers/upstreams.js

@@ -0,0 +1,97 @@
+/**
+ * Framework-agnostic CRUD operations for {@link Upstream} aggregates.
+ *
+ * Mirrors the site handlers in shape: Zod at the boundary, repository for
+ * persistence, domain errors bubble unchanged to {@link mapErrorToResponse}.
+ *
+ * One asymmetry vs. sites: `deleteUpstream` may need to translate a raw
+ * SQLite FOREIGN KEY error into a {@link ConflictError}. The migration
+ * declares `sites.upstream_id REFERENCES upstreams(id) ON DELETE RESTRICT`,
+ * so deleting an upstream that any site still references blows up with
+ * `SQLITE_CONSTRAINT_FOREIGNKEY`. The repository does not currently catch
+ * this — see the inline translation in {@link deleteUpstream}.
+ */
+import { ConflictError, NotFoundError } from '../../domain/errors.js';
+import { UpstreamSchema } from '../../domain/upstream.js';
+export const CreateUpstreamInputSchema = UpstreamSchema.omit({
+    id: true,
+    createdAt: true,
+    updatedAt: true,
+});
+export const UpdateUpstreamInputSchema = CreateUpstreamInputSchema.partial();
+/**
+ * SQLite signals a deferred FOREIGN KEY violation via its internal trigger
+ * machinery, so `better-sqlite3` surfaces the constraint error with
+ * `code: 'SQLITE_CONSTRAINT_TRIGGER'` (and message "FOREIGN KEY constraint
+ * failed"). Direct-mode FK violations report `'SQLITE_CONSTRAINT_FOREIGNKEY'`.
+ * Match both — and only those — and require the message to mention the
+ * foreign key so we don't mis-classify unrelated trigger failures.
+ */
+function isForeignKeyError(err) {
+    if (!(err instanceof Error))
+        return false;
+    const code = err.code;
+    if (typeof code !== 'string')
+        return false;
+    if (code !== 'SQLITE_CONSTRAINT_FOREIGNKEY' && code !== 'SQLITE_CONSTRAINT_TRIGGER') {
+        return false;
+    }
+    return /FOREIGN KEY constraint failed/i.test(err.message);
+}
+export function listUpstreams(deps) {
+    return deps.upstreamRepo.list();
+}
+export function getUpstream(id, deps) {
+    const upstream = deps.upstreamRepo.findById(id);
+    if (upstream === null) {
+        throw new NotFoundError('upstream not found');
+    }
+    return upstream;
+}
+export function createUpstream(rawInput, deps) {
+    const input = CreateUpstreamInputSchema.parse(rawInput);
+    return deps.upstreamRepo.create(input);
+}
+function stripUndefined(input) {
+    const out = {};
+    for (const key of Object.keys(input)) {
+        const value = input[key];
+        if (value !== undefined) {
+            out[key] = value;
+        }
+    }
+    return out;
+}
+export function updateUpstream(id, rawInput, deps) {
+    const patch = UpdateUpstreamInputSchema.parse(rawInput);
+    return deps.upstreamRepo.update(id, stripUndefined(patch));
+}
+/**
+ * Delete an upstream.
+ *
+ * - Missing id → {@link NotFoundError} (the repo returns `false`; we
+ *   promote it to 404 at the API boundary).
+ * - Upstream still referenced by a site → {@link ConflictError}. The
+ *   underlying SQLite FOREIGN KEY error is opaque to API consumers, so we
+ *   translate it into a domain error here. (The site repository handles
+ *   the inverse direction; the upstream repository was not updated for
+ *   this case because it's a Phase 6 API-boundary concern.)
+ */
+export function deleteUpstream(id, deps) {
+    let deleted;
+    try {
+        deleted = deps.upstreamRepo.delete(id);
+    }
+    catch (err) {
+        if (isForeignKeyError(err)) {
+            throw new ConflictError('upstream is still referenced by one or more sites', {
+                cause: err,
+            });
+        }
+        throw err;
+    }
+    if (!deleted) {
+        throw new NotFoundError('upstream not found');
+    }
+}
+//# sourceMappingURL=upstreams.js.map

package/dist/server/api/handlers/upstreams.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"upstreams.js","sourceRoot":"","sources":["../../../../src/server/api/handlers/upstreams.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAIH,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACtE,OAAO,EAAE,cAAc,EAAiB,MAAM,0BAA0B,CAAC;AAOzE,MAAM,CAAC,MAAM,yBAAyB,GAAG,cAAc,CAAC,IAAI,CAAC;IAC3D,EAAE,EAAE,IAAI;IACR,SAAS,EAAE,IAAI;IACf,SAAS,EAAE,IAAI;CAChB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,yBAAyB,GAAG,yBAAyB,CAAC,OAAO,EAAE,CAAC;AAS7E;;;;;;;GAOG;AACH,SAAS,iBAAiB,CAAC,GAAY;IACrC,IAAI,CAAC,CAAC,GAAG,YAAY,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC1C,MAAM,IAAI,GAAI,GAAuB,CAAC,IAAI,CAAC;IAC3C,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC3C,IAAI,IAAI,KAAK,8BAA8B,IAAI,IAAI,KAAK,2BAA2B,EAAE,CAAC;QACpF,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,gCAAgC,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;AAC5D,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,IAAyB;IACrD,OAAO,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;AAClC,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,EAAU,EAAE,IAAyB;IAC/D,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAChD,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtB,MAAM,IAAI,aAAa,CAAC,oBAAoB,CAAC,CAAC;IAChD,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,QAAiB,EAAE,IAAyB;IACzE,MAAM,KAAK,GAAG,yBAAyB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IACxD,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAaD,SAAS,cAAc,CAAoC,KAAQ;IACjE,MAAM,GAAG,GAAqB,EAAE,CAAC;IACjC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAmB,EAAE,CAAC;QACvD,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC;QACzB,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,GAAG,CAAC,GAAG,CAAC,GAAG,KAA0C,CAAC;QACxD,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,EAAU,EAAE,QAAiB,EAAE,IAAyB;IACrF,MAAM,KAAK,GAAG,yBAAyB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IACxD,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,EAAE,EAAE,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC;AAC7D,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,cAAc,CAAC,EAAU,EAAE,IAAyB;IAClE,IAAI,OAAgB,CAAC;IACrB,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IACzC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,iBAAiB,CAAC,GAAG,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,aAAa,CAAC,mDAAmD,EAAE;gBAC3E,KAAK,EAAE,GAAG;aACX,CAAC,CAAC;QACL,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;IACD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,aAAa,CAAC,oBAAoB,CAAC,CAAC;IAChD,CAAC;AACH,CAAC"}

package/dist/server/auth/require-token.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Bearer-token guard for Route Handlers and CLI-facing entry points.
+ *
+ * This is intentionally NOT a Next.js `middleware.ts` export — Next.js
+ * middleware runs in the Edge runtime, which doesn't expose Node's `crypto`
+ * primitives we need for a constant-time token comparison. Route Handlers
+ * call this helper directly in the Node runtime.
+ */
+export declare class UnauthorizedError extends Error {
+    readonly code = "unauthorized";
+    constructor(message?: string);
+}
+export interface RequireTokenOptions {
+    /** Override env var for testing. */
+    expectedToken?: string;
+}
+/**
+ * Reads the bearer token from the Authorization header and compares it to
+ * `ZOOMIES_API_TOKEN` (or `opts.expectedToken`) using a constant-time
+ * comparison. Throws {@link UnauthorizedError} on any failure, returns void
+ * on success.
+ */
+export declare function requireToken(headers: Headers | Record<string, string | string[] | undefined>, opts?: RequireTokenOptions): void;
+//# sourceMappingURL=require-token.d.ts.map

package/dist/server/auth/require-token.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"require-token.d.ts","sourceRoot":"","sources":["../../../src/server/auth/require-token.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAKH,qBAAa,iBAAkB,SAAQ,KAAK;IAC1C,QAAQ,CAAC,IAAI,kBAAkB;gBAEnB,OAAO,GAAE,MAAuB;CAI7C;AAED,MAAM,WAAW,mBAAmB;IAClC,oCAAoC;IACpC,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AA0DD;;;;;GAKG;AACH,wBAAgB,YAAY,CAC1B,OAAO,EAAE,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,EAChE,IAAI,CAAC,EAAE,mBAAmB,GACzB,IAAI,CA6BN"}