alabjs 0.1.0

package/dist/server/cache.js

@@ -0,0 +1,161 @@
+/**
+ * Alab in-process cache for server functions.
+ *
+ * Nothing is cached unless you explicitly opt in — no implicit layers.
+ * You own the key, the TTL, and the invalidation.
+ *
+ * @example
+ * ```ts
+ * // app/posts/[id]/page.server.ts
+ * export const getPost = defineServerFn(
+ *   async ({ params }) => db.posts.findById(params.id),
+ *   { cache: { ttl: 60, tags: ["posts", `post:${params.id}`] } },
+ * );
+ *
+ * // Invalidate from another server function or API route
+ * import { invalidateCache } from "alabjs/cache";
+ * await invalidateCache({ tags: ["posts"] });
+ * ```
+ */
+/** Sentinel value returned when a cache key has no valid entry. */
+const CACHE_MISS = Symbol("alab:cache_miss");
+/** Global in-process LRU-style cache. Shared across all server function calls. */
+const _store = new Map();
+export { CACHE_MISS };
+/** Retrieve a cached value. Returns `CACHE_MISS` if absent or expired. */
+export function getCached(key) {
+    const entry = _store.get(key);
+    if (!entry)
+        return CACHE_MISS;
+    if (Date.now() > entry.expires) {
+        _store.delete(key);
+        return CACHE_MISS;
+    }
+    return entry.data;
+}
+/** Store a value in the cache with a TTL (seconds) and optional tags. */
+export function setCache(key, data, opts) {
+    _store.set(key, {
+        data,
+        expires: Date.now() + opts.ttl * 1_000,
+        tags: opts.tags ?? [],
+    });
+}
+/**
+ * Invalidate all cache entries that carry at least one of the given tags.
+ *
+ * @example
+ * ```ts
+ * import { invalidateCache } from "alabjs/cache";
+ * await invalidateCache({ tags: ["posts"] });
+ * ```
+ */
+export function invalidateCache(opts) {
+    for (const [key, entry] of _store) {
+        if (opts.tags.some((t) => entry.tags.includes(t))) {
+            _store.delete(key);
+        }
+    }
+}
+/**
+ * Invalidate a specific cache entry by its exact key.
+ * Prefer `invalidateCache({ tags })` for logical invalidation.
+ */
+export function invalidateCacheKey(key) {
+    _store.delete(key);
+}
+const _pageStore = new Map();
+/**
+ * Retrieve a cached HTML page. Returns `null` if absent or fully expired
+ * (more than 2× TTL past — serves stale-while-revalidate window).
+ */
+export function getCachedPage(pathname) {
+    const entry = _pageStore.get(pathname);
+    if (!entry)
+        return null;
+    const now = Date.now();
+    // Still fresh
+    if (now <= entry.expires)
+        return { html: entry.html, stale: false };
+    // Stale-while-revalidate: serve stale for up to 2× TTL, trigger background regen
+    const ttl = entry.expires - (entry.expires - now); // rough TTL from stored data
+    if (now <= entry.expires + Math.max(ttl * 2, 60_000)) {
+        return { html: entry.html, stale: true };
+    }
+    _pageStore.delete(pathname);
+    return null;
+}
+/** Store a rendered HTML page with a TTL (seconds). */
+export function setCachedPage(pathname, html, ttl, tags = []) {
+    _pageStore.set(pathname, { html, expires: Date.now() + ttl * 1_000, revalidating: false, tags });
+}
+/** Mark a page as currently being revalidated to prevent concurrent regen. */
+export function markPageRevalidating(pathname) {
+    const entry = _pageStore.get(pathname);
+    if (entry)
+        entry.revalidating = true;
+}
+/** Check if a page is currently being revalidated in the background. */
+export function isPageRevalidating(pathname) {
+    return _pageStore.get(pathname)?.revalidating ?? false;
+}
+/**
+ * Purge a specific page's cached HTML, forcing a fresh render on the next request.
+ *
+ * @example
+ * ```ts
+ * import { revalidatePath } from "alabjs/cache";
+ * await revalidatePath("/posts/1"); // next request regenerates the page
+ * ```
+ */
+export function revalidatePath(pathname) {
+    _pageStore.delete(pathname);
+}
+/**
+ * Purge all cached pages whose pathname starts with the given prefix.
+ *
+ * @example
+ * ```ts
+ * await revalidatePath("/posts"); // clears /posts, /posts/1, /posts/2, ...
+ * ```
+ */
+export function revalidatePathPrefix(prefix) {
+    for (const key of _pageStore.keys()) {
+        if (key.startsWith(prefix))
+            _pageStore.delete(key);
+    }
+}
+/**
+ * Purge all server-function cache entries AND page HTML cache entries
+ * that carry at least one of the given tags.
+ *
+ * @example
+ * ```ts
+ * import { revalidateTag } from "alabjs/cache";
+ * revalidateTag({ tags: ["posts"] }); // clears both data and page caches
+ * ```
+ */
+export function revalidateTag(opts) {
+    // Server-function data cache
+    invalidateCache(opts);
+    // Page HTML cache (ISR)
+    for (const [path, entry] of _pageStore) {
+        if (opts.tags.some((t) => entry.tags.includes(t))) {
+            _pageStore.delete(path);
+        }
+    }
+}
+/** Return a snapshot of all live cache entries (for the dev Cache Inspector). */
+export function inspectCache() {
+    const now = Date.now();
+    const result = [];
+    for (const [key, entry] of _store) {
+        const expiresIn = entry.expires - now;
+        if (expiresIn > 0)
+            result.push({ key, tags: entry.tags, expiresIn: Math.ceil(expiresIn / 1000) });
+        else
+            _store.delete(key);
+    }
+    return result;
+}
+//# sourceMappingURL=cache.js.map

package/dist/server/cache.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cache.js","sourceRoot":"","sources":["../../src/server/cache.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AASH,mEAAmE;AACnE,MAAM,UAAU,GAAkB,MAAM,CAAC,iBAAiB,CAAC,CAAC;AAE5D,kFAAkF;AAClF,MAAM,MAAM,GAAG,IAAI,GAAG,EAAsB,CAAC;AAE7C,OAAO,EAAE,UAAU,EAAE,CAAC;AAEtB,0EAA0E;AAC1E,MAAM,UAAU,SAAS,CAAC,GAAW;IACnC,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC9B,IAAI,CAAC,KAAK;QAAE,OAAO,UAAU,CAAC;IAC9B,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC;QAC/B,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACnB,OAAO,UAAU,CAAC;IACpB,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC;AACpB,CAAC;AAED,yEAAyE;AACzE,MAAM,UAAU,QAAQ,CACtB,GAAW,EACX,IAAa,EACb,IAAsC;IAEtC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE;QACd,IAAI;QACJ,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,GAAG,KAAK;QACtC,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,EAAE;KACtB,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,eAAe,CAAC,IAAwB;IACtD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,EAAE,CAAC;QAClC,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAClD,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,GAAW;IAC5C,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;AACrB,CAAC;AAaD,MAAM,UAAU,GAAG,IAAI,GAAG,EAA0B,CAAC;AAErD;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,QAAgB;IAC5C,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACvC,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACxB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,cAAc;IACd,IAAI,GAAG,IAAI,KAAK,CAAC,OAAO;QAAE,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;IACpE,iFAAiF;IACjF,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,GAAG,CAAC,KAAK,CAAC,OAAO,GAAG,GAAG,CAAC,CAAC,CAAC,6BAA6B;IAChF,IAAI,GAAG,IAAI,KAAK,CAAC,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,EAAE,MAAM,CAAC,EAAE,CAAC;QACrD,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAC3C,CAAC;IACD,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC5B,OAAO,IAAI,CAAC;AACd,CAAC;AAED,uDAAuD;AACvD,MAAM,UAAU,aAAa,CAAC,QAAgB,EAAE,IAAY,EAAE,GAAW,EAAE,OAAiB,EAAE;IAC5F,UAAU,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,GAAG,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;AACnG,CAAC;AAED,8EAA8E;AAC9E,MAAM,UAAU,oBAAoB,CAAC,QAAgB;IACnD,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACvC,IAAI,KAAK;QAAE,KAAK,CAAC,YAAY,GAAG,IAAI,CAAC;AACvC,CAAC;AAED,wEAAwE;AACxE,MAAM,UAAU,kBAAkB,CAAC,QAAgB;IACjD,OAAO,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,YAAY,IAAI,KAAK,CAAC;AACzD,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,cAAc,CAAC,QAAgB;IAC7C,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;AAC9B,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,oBAAoB,CAAC,MAAc;IACjD,KAAK,MAAM,GAAG,IAAI,UAAU,CAAC,IAAI,EAAE,EAAE,CAAC;QACpC,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC;YAAE,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACrD,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,aAAa,CAAC,IAAwB;IACpD,6BAA6B;IAC7B,eAAe,CAAC,IAAI,CAAC,CAAC;IACtB,wBAAwB;IACxB,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,UAAU,EAAE,CAAC;QACvC,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAClD,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;AACH,CAAC;AAED,iFAAiF;AACjF,MAAM,UAAU,YAAY;IAK1B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,MAAM,GAA8D,EAAE,CAAC;IAC7E,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,EAAE,CAAC;QAClC,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,GAAG,GAAG,CAAC;QACtC,IAAI,SAAS,GAAG,CAAC;YAAE,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC;;YAC7F,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/server/cache.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=cache.test.d.ts.map

package/dist/server/cache.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cache.test.d.ts","sourceRoot":"","sources":["../../src/server/cache.test.ts"],"names":[],"mappings":""}

package/dist/server/cache.test.js

@@ -0,0 +1,150 @@
+import { describe, it, expect, beforeEach, vi } from "vitest";
+import { getCached, setCache, invalidateCache, invalidateCacheKey, CACHE_MISS, getCachedPage, setCachedPage, markPageRevalidating, isPageRevalidating, revalidatePath, revalidatePathPrefix, revalidateTag, inspectCache, } from "./cache.js";
+// ─── Server-function cache ────────────────────────────────────────────────────
+describe("server-function cache", () => {
+    beforeEach(() => {
+        // Clear cache between tests by invalidating everything
+        invalidateCacheKey("test-key");
+        invalidateCacheKey("a");
+        invalidateCacheKey("b");
+        invalidateCacheKey("c");
+        invalidateCacheKey("tagged");
+        invalidateCacheKey("other");
+        invalidateCacheKey("expired");
+    });
+    it("returns CACHE_MISS for unknown keys", () => {
+        expect(getCached("nonexistent")).toBe(CACHE_MISS);
+    });
+    it("stores and retrieves values", () => {
+        setCache("test-key", { name: "Ada" }, { ttl: 60 });
+        expect(getCached("test-key")).toEqual({ name: "Ada" });
+    });
+    it("stores primitive values", () => {
+        setCache("a", 42, { ttl: 60 });
+        setCache("b", "hello", { ttl: 60 });
+        setCache("c", null, { ttl: 60 });
+        expect(getCached("a")).toBe(42);
+        expect(getCached("b")).toBe("hello");
+        expect(getCached("c")).toBe(null);
+    });
+    it("returns CACHE_MISS for expired entries", () => {
+        // Set with 0 second TTL (expired immediately)
+        setCache("expired", "old", { ttl: 0 });
+        // Advance time slightly
+        vi.useFakeTimers();
+        vi.advanceTimersByTime(1);
+        expect(getCached("expired")).toBe(CACHE_MISS);
+        vi.useRealTimers();
+    });
+    it("invalidates by tag", () => {
+        setCache("tagged", { id: 1 }, { ttl: 60, tags: ["posts", "post:1"] });
+        setCache("other", { id: 2 }, { ttl: 60, tags: ["users"] });
+        invalidateCache({ tags: ["posts"] });
+        expect(getCached("tagged")).toBe(CACHE_MISS);
+        expect(getCached("other")).not.toBe(CACHE_MISS);
+    });
+    it("invalidates by exact key", () => {
+        setCache("a", 1, { ttl: 60 });
+        invalidateCacheKey("a");
+        expect(getCached("a")).toBe(CACHE_MISS);
+    });
+    it("revalidateTag is an alias for invalidateCache", () => {
+        setCache("tagged", "data", { ttl: 60, tags: ["t1"] });
+        revalidateTag({ tags: ["t1"] });
+        expect(getCached("tagged")).toBe(CACHE_MISS);
+    });
+    it("inspectCache returns live entries", () => {
+        setCache("a", 1, { ttl: 60, tags: ["x"] });
+        setCache("b", 2, { ttl: 120 });
+        const snapshot = inspectCache();
+        expect(snapshot.length).toBeGreaterThanOrEqual(2);
+        const aEntry = snapshot.find((e) => e.key === "a");
+        expect(aEntry).toBeDefined();
+        expect(aEntry.tags).toContain("x");
+        expect(aEntry.expiresIn).toBeGreaterThan(0);
+    });
+    it("inspectCache filters out expired entries", () => {
+        setCache("expired", "data", { ttl: 0 });
+        vi.useFakeTimers();
+        vi.advanceTimersByTime(1);
+        const snapshot = inspectCache();
+        expect(snapshot.find((e) => e.key === "expired")).toBeUndefined();
+        vi.useRealTimers();
+    });
+});
+// ─── Page cache (ISR) ─────────────────────────────────────────────────────────
+describe("page cache (ISR)", () => {
+    beforeEach(() => {
+        revalidatePath("/test");
+        revalidatePath("/a");
+        revalidatePath("/a/1");
+        revalidatePath("/a/2");
+        revalidatePath("/b");
+    });
+    it("returns null for uncached pages", () => {
+        expect(getCachedPage("/test")).toBe(null);
+    });
+    it("stores and retrieves page HTML", () => {
+        setCachedPage("/test", "<html>test</html>", 60);
+        const result = getCachedPage("/test");
+        expect(result).not.toBe(null);
+        expect(result.html).toBe("<html>test</html>");
+        expect(result.stale).toBe(false);
+    });
+    it("returns stale entry after TTL expires (stale-while-revalidate)", () => {
+        vi.useFakeTimers();
+        setCachedPage("/test", "<html>stale</html>", 10);
+        // Advance past the TTL
+        vi.advanceTimersByTime(11_000);
+        const result = getCachedPage("/test");
+        expect(result).not.toBe(null);
+        expect(result.stale).toBe(true);
+        vi.useRealTimers();
+    });
+    it("markPageRevalidating and isPageRevalidating", () => {
+        setCachedPage("/test", "<html>test</html>", 60);
+        expect(isPageRevalidating("/test")).toBe(false);
+        markPageRevalidating("/test");
+        expect(isPageRevalidating("/test")).toBe(true);
+    });
+    it("isPageRevalidating returns false for uncached pages", () => {
+        expect(isPageRevalidating("/nonexistent")).toBe(false);
+    });
+    it("revalidatePath removes the cached page", () => {
+        setCachedPage("/test", "<html>test</html>", 60);
+        revalidatePath("/test");
+        expect(getCachedPage("/test")).toBe(null);
+    });
+    it("revalidatePathPrefix removes matching pages", () => {
+        setCachedPage("/a", "<html>a</html>", 60);
+        setCachedPage("/a/1", "<html>a1</html>", 60);
+        setCachedPage("/a/2", "<html>a2</html>", 60);
+        setCachedPage("/b", "<html>b</html>", 60);
+        revalidatePathPrefix("/a");
+        expect(getCachedPage("/a")).toBe(null);
+        expect(getCachedPage("/a/1")).toBe(null);
+        expect(getCachedPage("/a/2")).toBe(null);
+        expect(getCachedPage("/b")).not.toBe(null);
+    });
+    it("revalidateTag purges page HTML entries carrying a matching tag", () => {
+        setCachedPage("/posts", "<html>posts</html>", 60, ["posts"]);
+        setCachedPage("/posts/1", "<html>post 1</html>", 60, ["posts", "post:1"]);
+        setCachedPage("/about", "<html>about</html>", 60, ["static"]);
+        revalidateTag({ tags: ["posts"] });
+        expect(getCachedPage("/posts")).toBe(null);
+        expect(getCachedPage("/posts/1")).toBe(null);
+        expect(getCachedPage("/about")).not.toBe(null);
+    });
+    it("revalidateTag leaves page HTML entries with no matching tag intact", () => {
+        setCachedPage("/home", "<html>home</html>", 60, ["home"]);
+        revalidateTag({ tags: ["posts"] });
+        expect(getCachedPage("/home")).not.toBe(null);
+    });
+    it("setCachedPage stores tags and they survive a fresh read", () => {
+        setCachedPage("/tagged", "<html>tagged</html>", 60, ["t1", "t2"]);
+        expect(getCachedPage("/tagged")).not.toBe(null);
+        revalidateTag({ tags: ["t2"] });
+        expect(getCachedPage("/tagged")).toBe(null);
+    });
+});
+//# sourceMappingURL=cache.test.js.map

package/dist/server/cache.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cache.test.js","sourceRoot":"","sources":["../../src/server/cache.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAC9D,OAAO,EACL,SAAS,EACT,QAAQ,EACR,eAAe,EACf,kBAAkB,EAClB,UAAU,EACV,aAAa,EACb,aAAa,EACb,oBAAoB,EACpB,kBAAkB,EAClB,cAAc,EACd,oBAAoB,EACpB,aAAa,EACb,YAAY,GACb,MAAM,YAAY,CAAC;AAEpB,iFAAiF;AAEjF,QAAQ,CAAC,uBAAuB,EAAE,GAAG,EAAE;IACrC,UAAU,CAAC,GAAG,EAAE;QACd,uDAAuD;QACvD,kBAAkB,CAAC,UAAU,CAAC,CAAC;QAC/B,kBAAkB,CAAC,GAAG,CAAC,CAAC;QACxB,kBAAkB,CAAC,GAAG,CAAC,CAAC;QACxB,kBAAkB,CAAC,GAAG,CAAC,CAAC;QACxB,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QAC7B,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAC5B,kBAAkB,CAAC,SAAS,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,MAAM,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;QACrC,QAAQ,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC;QACnD,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;QACjC,QAAQ,CAAC,GAAG,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC;QAC/B,QAAQ,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC;QACpC,QAAQ,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC;QACjC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAChC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QAChD,8CAA8C;QAC9C,QAAQ,CAAC,SAAS,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QACvC,wBAAwB;QACxB,EAAE,CAAC,aAAa,EAAE,CAAC;QACnB,EAAE,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC;QAC1B,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC9C,EAAE,CAAC,aAAa,EAAE,CAAC;IACrB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oBAAoB,EAAE,GAAG,EAAE;QAC5B,QAAQ,CAAC,QAAQ,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC,CAAC;QACtE,QAAQ,CAAC,OAAO,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAE3D,eAAe,CAAC,EAAE,IAAI,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAErC,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC7C,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;QAClC,QAAQ,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC;QAC9B,kBAAkB,CAAC,GAAG,CAAC,CAAC;QACxB,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACtD,aAAa,CAAC,EAAE,IAAI,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAChC,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;QAC3C,QAAQ,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC3C,QAAQ,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;QAC/B,MAAM,QAAQ,GAAG,YAAY,EAAE,CAAC;QAChC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC;QAClD,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC;QACnD,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;QAC7B,MAAM,CAAC,MAAO,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACpC,MAAM,CAAC,MAAO,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;QAClD,QAAQ,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QACxC,EAAE,CAAC,aAAa,EAAE,CAAC;QACnB,EAAE,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC;QAC1B,MAAM,QAAQ,GAAG,YAAY,EAAE,CAAC;QAChC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC;QAClE,EAAE,CAAC,aAAa,EAAE,CAAC;IACrB,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,iFAAiF;AAEjF,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;IAChC,UAAU,CAAC,GAAG,EAAE;QACd,cAAc,CAAC,OAAO,CAAC,CAAC;QACxB,cAAc,CAAC,IAAI,CAAC,CAAC;QACrB,cAAc,CAAC,MAAM,CAAC,CAAC;QACvB,cAAc,CAAC,MAAM,CAAC,CAAC;QACvB,cAAc,CAAC,IAAI,CAAC,CAAC;IACvB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;QACxC,aAAa,CAAC,OAAO,EAAE,mBAAmB,EAAE,EAAE,CAAC,CAAC;QAChD,MAAM,MAAM,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9B,MAAM,CAAC,MAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QAC/C,MAAM,CAAC,MAAO,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gEAAgE,EAAE,GAAG,EAAE;QACxE,EAAE,CAAC,aAAa,EAAE,CAAC;QACnB,aAAa,CAAC,OAAO,EAAE,oBAAoB,EAAE,EAAE,CAAC,CAAC;QACjD,uBAAuB;QACvB,EAAE,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAC/B,MAAM,MAAM,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9B,MAAM,CAAC,MAAO,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjC,EAAE,CAAC,aAAa,EAAE,CAAC;IACrB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;QACrD,aAAa,CAAC,OAAO,EAAE,mBAAmB,EAAE,EAAE,CAAC,CAAC;QAChD,MAAM,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChD,oBAAoB,CAAC,OAAO,CAAC,CAAC;QAC9B,MAAM,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;QAC7D,MAAM,CAAC,kBAAkB,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QAChD,aAAa,CAAC,OAAO,EAAE,mBAAmB,EAAE,EAAE,CAAC,CAAC;QAChD,cAAc,CAAC,OAAO,CAAC,CAAC;QACxB,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;QACrD,aAAa,CAAC,IAAI,EAAE,gBAAgB,EAAE,EAAE,CAAC,CAAC;QAC1C,aAAa,CAAC,MAAM,EAAE,iBAAiB,EAAE,EAAE,CAAC,CAAC;QAC7C,aAAa,CAAC,MAAM,EAAE,iBAAiB,EAAE,EAAE,CAAC,CAAC;QAC7C,aAAa,CAAC,IAAI,EAAE,gBAAgB,EAAE,EAAE,CAAC,CAAC;QAE1C,oBAAoB,CAAC,IAAI,CAAC,CAAC;QAE3B,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvC,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzC,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gEAAgE,EAAE,GAAG,EAAE;QACxE,aAAa,CAAC,QAAQ,EAAE,oBAAoB,EAAE,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;QAC7D,aAAa,CAAC,UAAU,EAAE,qBAAqB,EAAE,EAAE,EAAE,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;QAC1E,aAAa,CAAC,QAAQ,EAAE,oBAAoB,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;QAE9D,aAAa,CAAC,EAAE,IAAI,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAEnC,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3C,MAAM,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7C,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oEAAoE,EAAE,GAAG,EAAE;QAC5E,aAAa,CAAC,OAAO,EAAE,mBAAmB,EAAE,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;QAC1D,aAAa,CAAC,EAAE,IAAI,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QACnC,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;QACjE,aAAa,CAAC,SAAS,EAAE,qBAAqB,EAAE,EAAE,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;QAClE,MAAM,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChD,aAAa,CAAC,EAAE,IAAI,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAChC,MAAM,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/server/csrf.d.ts

@@ -0,0 +1,28 @@
+import { type H3Event } from "h3";
+export declare const CSRF_COOKIE = "alab-csrf";
+export declare const CSRF_HEADER = "x-csrf-token";
+/**
+ * CSRF protection middleware using the Double Submit Cookie pattern.
+ *
+ * - Safe methods (GET, HEAD, OPTIONS) are always allowed.
+ * - Mutating requests must include an `x-csrf-token` header whose value
+ *   matches the `alab-csrf` cookie set by `setCsrfCookie()`.
+ * - The cookie is `SameSite=Strict` (first line of defence). The header
+ *   check is a second layer that prevents attacks from subdomains.
+ * - Disabled in development (NODE_ENV !== "production") for DX.
+ */
+export declare function csrfMiddleware(): import("h3").EventHandler<import("h3").EventHandlerRequest, void>;
+/**
+ * Set a CSRF cookie on the response and return the generated token.
+ * Call this on every GET page response so the client always has a fresh token.
+ *
+ * The cookie is intentionally NOT HttpOnly so JavaScript can read and send
+ * it as the `x-csrf-token` request header.
+ */
+export declare function setCsrfCookie(event: H3Event): string;
+/**
+ * Inject the CSRF token as a `<meta name="csrf-token">` tag into
+ * the HTML shell so client code can read it without a separate request.
+ */
+export declare function csrfMetaTag(token: string): string;
+//# sourceMappingURL=csrf.d.ts.map

package/dist/server/csrf.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"csrf.d.ts","sourceRoot":"","sources":["../../src/server/csrf.ts"],"names":[],"mappings":"AACA,OAAO,EAML,KAAK,OAAO,EACb,MAAM,IAAI,CAAC;AAEZ,eAAO,MAAM,WAAW,cAAc,CAAC;AACvC,eAAO,MAAM,WAAW,iBAAiB,CAAC;AAI1C;;;;;;;;;GASG;AACH,wBAAgB,cAAc,sEAwB7B;AAED;;;;;;GAMG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAapD;AAED;;;GAGG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEjD"}

package/dist/server/csrf.js

@@ -0,0 +1,66 @@
+import { timingSafeEqual } from "node:crypto";
+import { defineEventHandler, getCookie, getHeader, setCookie, createError, } from "h3";
+export const CSRF_COOKIE = "alab-csrf";
+export const CSRF_HEADER = "x-csrf-token";
+const SAFE_METHODS = new Set(["GET", "HEAD", "OPTIONS"]);
+/**
+ * CSRF protection middleware using the Double Submit Cookie pattern.
+ *
+ * - Safe methods (GET, HEAD, OPTIONS) are always allowed.
+ * - Mutating requests must include an `x-csrf-token` header whose value
+ *   matches the `alab-csrf` cookie set by `setCsrfCookie()`.
+ * - The cookie is `SameSite=Strict` (first line of defence). The header
+ *   check is a second layer that prevents attacks from subdomains.
+ * - Disabled in development (NODE_ENV !== "production") for DX.
+ */
+export function csrfMiddleware() {
+    return defineEventHandler((event) => {
+        // Skip in development — avoid friction during local iteration.
+        if (process.env["NODE_ENV"] !== "production")
+            return;
+        const method = event.method.toUpperCase();
+        if (SAFE_METHODS.has(method))
+            return;
+        const cookieToken = getCookie(event, CSRF_COOKIE);
+        const headerToken = getHeader(event, CSRF_HEADER);
+        const tokensMatch = !!cookieToken &&
+            !!headerToken &&
+            cookieToken.length === headerToken.length &&
+            timingSafeEqual(Buffer.from(cookieToken), Buffer.from(headerToken));
+        if (!tokensMatch) {
+            throw createError({
+                statusCode: 403,
+                message: "CSRF token mismatch. Include the x-csrf-token header.",
+            });
+        }
+    });
+}
+/**
+ * Set a CSRF cookie on the response and return the generated token.
+ * Call this on every GET page response so the client always has a fresh token.
+ *
+ * The cookie is intentionally NOT HttpOnly so JavaScript can read and send
+ * it as the `x-csrf-token` request header.
+ */
+export function setCsrfCookie(event) {
+    const existing = getCookie(event, CSRF_COOKIE);
+    if (existing)
+        return existing;
+    const token = crypto.randomUUID();
+    setCookie(event, CSRF_COOKIE, token, {
+        httpOnly: false,
+        sameSite: "strict",
+        secure: process.env["NODE_ENV"] === "production",
+        path: "/",
+        maxAge: 60 * 60 * 24, // 24 hours
+    });
+    return token;
+}
+/**
+ * Inject the CSRF token as a `<meta name="csrf-token">` tag into
+ * the HTML shell so client code can read it without a separate request.
+ */
+export function csrfMetaTag(token) {
+    return `<meta name="csrf-token" content="${token.replace(/"/g, "&quot;")}" />`;
+}
+//# sourceMappingURL=csrf.js.map

package/dist/server/csrf.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"csrf.js","sourceRoot":"","sources":["../../src/server/csrf.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EACL,kBAAkB,EAClB,SAAS,EACT,SAAS,EACT,SAAS,EACT,WAAW,GAEZ,MAAM,IAAI,CAAC;AAEZ,MAAM,CAAC,MAAM,WAAW,GAAG,WAAW,CAAC;AACvC,MAAM,CAAC,MAAM,WAAW,GAAG,cAAc,CAAC;AAE1C,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC;AAEzD;;;;;;;;;GASG;AACH,MAAM,UAAU,cAAc;IAC5B,OAAO,kBAAkB,CAAC,CAAC,KAAK,EAAE,EAAE;QAClC,+DAA+D;QAC/D,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,YAAY;YAAE,OAAO;QAErD,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;QAC1C,IAAI,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC;YAAE,OAAO;QAErC,MAAM,WAAW,GAAG,SAAS,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;QAClD,MAAM,WAAW,GAAG,SAAS,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;QAElD,MAAM,WAAW,GACf,CAAC,CAAC,WAAW;YACb,CAAC,CAAC,WAAW;YACb,WAAW,CAAC,MAAM,KAAK,WAAW,CAAC,MAAM;YACzC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;QAEtE,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,WAAW,CAAC;gBAChB,UAAU,EAAE,GAAG;gBACf,OAAO,EAAE,uDAAuD;aACjE,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,aAAa,CAAC,KAAc;IAC1C,MAAM,QAAQ,GAAG,SAAS,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;IAC/C,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAE9B,MAAM,KAAK,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAClC,SAAS,CAAC,KAAK,EAAE,WAAW,EAAE,KAAK,EAAE;QACnC,QAAQ,EAAE,KAAK;QACf,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,YAAY;QAChD,IAAI,EAAE,GAAG;QACT,MAAM,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,WAAW;KAClC,CAAC,CAAC;IACH,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAC,KAAa;IACvC,OAAO,oCAAoC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC;AACjF,CAAC"}

package/dist/server/csrf.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=csrf.test.d.ts.map

package/dist/server/csrf.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"csrf.test.d.ts","sourceRoot":"","sources":["../../src/server/csrf.test.ts"],"names":[],"mappings":""}

package/dist/server/csrf.test.js

@@ -0,0 +1,154 @@
+import { describe, it, expect, afterEach } from "vitest";
+import { createApp, defineEventHandler, toWebHandler } from "h3";
+import { csrfMiddleware, setCsrfCookie, csrfMetaTag, CSRF_COOKIE, CSRF_HEADER } from "./csrf.js";
+// ─── csrfMetaTag ─────────────────────────────────────────────────────────────
+describe("csrfMetaTag", () => {
+    it("generates a meta tag with the token", () => {
+        const html = csrfMetaTag("abc-123");
+        expect(html).toBe('<meta name="csrf-token" content="abc-123" />');
+    });
+    it("escapes double quotes in the token", () => {
+        const html = csrfMetaTag('token"with"quotes');
+        expect(html).toContain("&quot;");
+        expect(html).not.toContain('content="token"');
+    });
+    it("handles empty token", () => {
+        const html = csrfMetaTag("");
+        expect(html).toBe('<meta name="csrf-token" content="" />');
+    });
+    it("handles UUID-style tokens", () => {
+        const html = csrfMetaTag("550e8400-e29b-41d4-a716-446655440000");
+        expect(html).toContain("550e8400-e29b-41d4-a716-446655440000");
+    });
+});
+// ─── csrfMiddleware ───────────────────────────────────────────────────────────
+describe("csrfMiddleware", () => {
+    const savedEnv = process.env["NODE_ENV"];
+    afterEach(() => {
+        process.env["NODE_ENV"] = savedEnv;
+    });
+    function makeHandler() {
+        const app = createApp();
+        app.use(csrfMiddleware());
+        app.use(defineEventHandler(() => "ok"));
+        return toWebHandler(app);
+    }
+    const TOKEN = "550e8400-e29b-41d4-a716-446655440000";
+    // Safe methods pass without any token
+    it("allows GET without token in production", async () => {
+        process.env["NODE_ENV"] = "production";
+        const res = await makeHandler()(new Request("http://localhost/"));
+        expect(res.status).toBe(200);
+    });
+    it("allows HEAD without token in production", async () => {
+        process.env["NODE_ENV"] = "production";
+        const res = await makeHandler()(new Request("http://localhost/", { method: "HEAD" }));
+        expect(res.status).toBe(200);
+    });
+    it("allows OPTIONS without token in production", async () => {
+        process.env["NODE_ENV"] = "production";
+        const res = await makeHandler()(new Request("http://localhost/", { method: "OPTIONS" }));
+        expect(res.status).toBe(200);
+    });
+    // Valid POST
+    it("allows POST with matching cookie and header in production", async () => {
+        process.env["NODE_ENV"] = "production";
+        const res = await makeHandler()(new Request("http://localhost/", {
+            method: "POST",
+            headers: {
+                cookie: `${CSRF_COOKIE}=${TOKEN}`,
+                [CSRF_HEADER]: TOKEN,
+            },
+        }));
+        expect(res.status).toBe(200);
+    });
+    // Missing token cases → 403
+    it("rejects POST with no cookie and no header in production", async () => {
+        process.env["NODE_ENV"] = "production";
+        const res = await makeHandler()(new Request("http://localhost/", { method: "POST" }));
+        expect(res.status).toBe(403);
+    });
+    it("rejects POST with cookie but no header in production", async () => {
+        process.env["NODE_ENV"] = "production";
+        const res = await makeHandler()(new Request("http://localhost/", {
+            method: "POST",
+            headers: { cookie: `${CSRF_COOKIE}=${TOKEN}` },
+        }));
+        expect(res.status).toBe(403);
+    });
+    it("rejects POST with header but no cookie in production", async () => {
+        process.env["NODE_ENV"] = "production";
+        const res = await makeHandler()(new Request("http://localhost/", {
+            method: "POST",
+            headers: { [CSRF_HEADER]: TOKEN },
+        }));
+        expect(res.status).toBe(403);
+    });
+    it("rejects POST with mismatched cookie and header in production", async () => {
+        process.env["NODE_ENV"] = "production";
+        const res = await makeHandler()(new Request("http://localhost/", {
+            method: "POST",
+            headers: {
+                cookie: `${CSRF_COOKIE}=token-a`,
+                [CSRF_HEADER]: "token-b",
+            },
+        }));
+        expect(res.status).toBe(403);
+    });
+    // Non-production bypasses CSRF check
+    it("allows POST without token in development mode", async () => {
+        process.env["NODE_ENV"] = "development";
+        const res = await makeHandler()(new Request("http://localhost/", { method: "POST" }));
+        expect(res.status).toBe(200);
+    });
+    it("allows POST without token when NODE_ENV is unset", async () => {
+        delete process.env["NODE_ENV"];
+        const res = await makeHandler()(new Request("http://localhost/", { method: "POST" }));
+        expect(res.status).toBe(200);
+    });
+});
+// ─── setCsrfCookie ────────────────────────────────────────────────────────────
+describe("setCsrfCookie", () => {
+    function makeSetCookieHandler() {
+        const app = createApp();
+        app.use(defineEventHandler((event) => {
+            const token = setCsrfCookie(event);
+            return { token };
+        }));
+        return toWebHandler(app);
+    }
+    it("sets a UUID token in the Set-Cookie header", async () => {
+        const res = await makeSetCookieHandler()(new Request("http://localhost/"));
+        const setCookieHeader = res.headers.get("set-cookie") ?? "";
+        expect(setCookieHeader).toMatch(/alab-csrf=[0-9a-f-]{36}/);
+    });
+    it("returns the generated token in the response", async () => {
+        const res = await makeSetCookieHandler()(new Request("http://localhost/"));
+        const body = (await res.json());
+        expect(body.token).toMatch(/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/);
+    });
+    it("reuses an existing cookie token instead of generating a new one", async () => {
+        const existingToken = "existing-csrf-token-value";
+        const res = await makeSetCookieHandler()(new Request("http://localhost/", {
+            headers: { cookie: `${CSRF_COOKIE}=${existingToken}` },
+        }));
+        const body = (await res.json());
+        expect(body.token).toBe(existingToken);
+    });
+    it("does not set HttpOnly on the cookie (must be readable by JS)", async () => {
+        const res = await makeSetCookieHandler()(new Request("http://localhost/"));
+        const setCookieHeader = (res.headers.get("set-cookie") ?? "").toLowerCase();
+        expect(setCookieHeader).not.toContain("httponly");
+    });
+    it("sets SameSite=Strict on the cookie", async () => {
+        const res = await makeSetCookieHandler()(new Request("http://localhost/"));
+        const setCookieHeader = (res.headers.get("set-cookie") ?? "").toLowerCase();
+        expect(setCookieHeader).toContain("samesite=strict");
+    });
+    it("sets path=/ on the cookie", async () => {
+        const res = await makeSetCookieHandler()(new Request("http://localhost/"));
+        const setCookieHeader = (res.headers.get("set-cookie") ?? "").toLowerCase();
+        expect(setCookieHeader).toContain("path=/");
+    });
+});
+//# sourceMappingURL=csrf.test.js.map

package/dist/server/csrf.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"csrf.test.js","sourceRoot":"","sources":["../../src/server/csrf.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACzD,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AACjE,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAEjG,gFAAgF;AAEhF,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;IAC3B,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,MAAM,IAAI,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;QACpC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;IACpE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,MAAM,IAAI,GAAG,WAAW,CAAC,mBAAmB,CAAC,CAAC;QAC9C,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QACjC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qBAAqB,EAAE,GAAG,EAAE;QAC7B,MAAM,IAAI,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;IAC7D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACnC,MAAM,IAAI,GAAG,WAAW,CAAC,sCAAsC,CAAC,CAAC;QACjE,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,sCAAsC,CAAC,CAAC;IACjE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,iFAAiF;AAEjF,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAEzC,SAAS,CAAC,GAAG,EAAE;QACb,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,QAAQ,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,SAAS,WAAW;QAClB,MAAM,GAAG,GAAG,SAAS,EAAE,CAAC;QACxB,GAAG,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC,CAAC;QAC1B,GAAG,CAAC,GAAG,CAAC,kBAAkB,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;QACxC,OAAO,YAAY,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAED,MAAM,KAAK,GAAG,sCAAsC,CAAC;IAErD,sCAAsC;IAEtC,EAAE,CAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;QACtD,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,YAAY,CAAC;QACvC,MAAM,GAAG,GAAG,MAAM,WAAW,EAAE,CAAC,IAAI,OAAO,CAAC,mBAAmB,CAAC,CAAC,CAAC;QAClE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,KAAK,IAAI,EAAE;QACvD,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,YAAY,CAAC;QACvC,MAAM,GAAG,GAAG,MAAM,WAAW,EAAE,CAAC,IAAI,OAAO,CAAC,mBAAmB,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;QACtF,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;QAC1D,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,YAAY,CAAC;QACvC,MAAM,GAAG,GAAG,MAAM,WAAW,EAAE,CAAC,IAAI,OAAO,CAAC,mBAAmB,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;QACzF,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,aAAa;IAEb,EAAE,CAAC,2DAA2D,EAAE,KAAK,IAAI,EAAE;QACzE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,YAAY,CAAC;QACvC,MAAM,GAAG,GAAG,MAAM,WAAW,EAAE,CAC7B,IAAI,OAAO,CAAC,mBAAmB,EAAE;YAC/B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,MAAM,EAAE,GAAG,WAAW,IAAI,KAAK,EAAE;gBACjC,CAAC,WAAW,CAAC,EAAE,KAAK;aACrB;SACF,CAAC,CACH,CAAC;QACF,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,4BAA4B;IAE5B,EAAE,CAAC,yDAAyD,EAAE,KAAK,IAAI,EAAE;QACvE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,YAAY,CAAC;QACvC,MAAM,GAAG,GAAG,MAAM,WAAW,EAAE,CAAC,IAAI,OAAO,CAAC,mBAAmB,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;QACtF,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,KAAK,IAAI,EAAE;QACpE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,YAAY,CAAC;QACvC,MAAM,GAAG,GAAG,MAAM,WAAW,EAAE,CAC7B,IAAI,OAAO,CAAC,mBAAmB,EAAE;YAC/B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,MAAM,EAAE,GAAG,WAAW,IAAI,KAAK,EAAE,EAAE;SAC/C,CAAC,CACH,CAAC;QACF,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,KAAK,IAAI,EAAE;QACpE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,YAAY,CAAC;QACvC,MAAM,GAAG,GAAG,MAAM,WAAW,EAAE,CAC7B,IAAI,OAAO,CAAC,mBAAmB,EAAE;YAC/B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,CAAC,WAAW,CAAC,EAAE,KAAK,EAAE;SAClC,CAAC,CACH,CAAC;QACF,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8DAA8D,EAAE,KAAK,IAAI,EAAE;QAC5E,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,YAAY,CAAC;QACvC,MAAM,GAAG,GAAG,MAAM,WAAW,EAAE,CAC7B,IAAI,OAAO,CAAC,mBAAmB,EAAE;YAC/B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,MAAM,EAAE,GAAG,WAAW,UAAU;gBAChC,CAAC,WAAW,CAAC,EAAE,SAAS;aACzB;SACF,CAAC,CACH,CAAC;QACF,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,qCAAqC;IAErC,EAAE,CAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;QAC7D,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,aAAa,CAAC;QACxC,MAAM,GAAG,GAAG,MAAM,WAAW,EAAE,CAAC,IAAI,OAAO,CAAC,mBAAmB,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;QACtF,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,KAAK,IAAI,EAAE;QAChE,OAAO,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC/B,MAAM,GAAG,GAAG,MAAM,WAAW,EAAE,CAAC,IAAI,OAAO,CAAC,mBAAmB,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;QACtF,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,iFAAiF;AAEjF,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,SAAS,oBAAoB;QAC3B,MAAM,GAAG,GAAG,SAAS,EAAE,CAAC;QACxB,GAAG,CAAC,GAAG,CACL,kBAAkB,CAAC,CAAC,KAAK,EAAE,EAAE;YAC3B,MAAM,KAAK,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;YACnC,OAAO,EAAE,KAAK,EAAE,CAAC;QACnB,CAAC,CAAC,CACH,CAAC;QACF,OAAO,YAAY,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAED,EAAE,CAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;QAC1D,MAAM,GAAG,GAAG,MAAM,oBAAoB,EAAE,CAAC,IAAI,OAAO,CAAC,mBAAmB,CAAC,CAAC,CAAC;QAC3E,MAAM,eAAe,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;QAC5D,MAAM,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,yBAAyB,CAAC,CAAC;IAC7D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;QAC3D,MAAM,GAAG,GAAG,MAAM,oBAAoB,EAAE,CAAC,IAAI,OAAO,CAAC,mBAAmB,CAAC,CAAC,CAAC;QAC3E,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAsB,CAAC;QACrD,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,OAAO,CACxB,gEAAgE,CACjE,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iEAAiE,EAAE,KAAK,IAAI,EAAE;QAC/E,MAAM,aAAa,GAAG,2BAA2B,CAAC;QAClD,MAAM,GAAG,GAAG,MAAM,oBAAoB,EAAE,CACtC,IAAI,OAAO,CAAC,mBAAmB,EAAE;YAC/B,OAAO,EAAE,EAAE,MAAM,EAAE,GAAG,WAAW,IAAI,aAAa,EAAE,EAAE;SACvD,CAAC,CACH,CAAC;QACF,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAsB,CAAC;QACrD,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8DAA8D,EAAE,KAAK,IAAI,EAAE;QAC5E,MAAM,GAAG,GAAG,MAAM,oBAAoB,EAAE,CAAC,IAAI,OAAO,CAAC,mBAAmB,CAAC,CAAC,CAAC;QAC3E,MAAM,eAAe,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAC5E,MAAM,CAAC,eAAe,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;QAClD,MAAM,GAAG,GAAG,MAAM,oBAAoB,EAAE,CAAC,IAAI,OAAO,CAAC,mBAAmB,CAAC,CAAC,CAAC;QAC3E,MAAM,eAAe,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAC5E,MAAM,CAAC,eAAe,CAAC,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2BAA2B,EAAE,KAAK,IAAI,EAAE;QACzC,MAAM,GAAG,GAAG,MAAM,oBAAoB,EAAE,CAAC,IAAI,OAAO,CAAC,mBAAmB,CAAC,CAAC,CAAC;QAC3E,MAAM,eAAe,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAC5E,MAAM,CAAC,eAAe,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/server/image.d.ts

@@ -0,0 +1,18 @@
+import type { IncomingMessage, ServerResponse } from "node:http";
+/**
+ * Handle `/_alabjs/image` requests using the Rust image optimiser (alab-napi).
+ *
+ * Node.js reads the source file from `public/` then passes the raw bytes to
+ * Rust — same pattern as snapbolt-cli. Rust decodes, resizes, and encodes to
+ * WebP (libwebp-sys with `native` feature, or pure-Rust fallback).
+ *
+ * Query params:
+ *   src    — path relative to the project's `public/` directory (required)
+ *   w      — target width in pixels (required)
+ *   q      — quality 1–100 (default: 80)
+ *   fmt    — "webp" (default) | "jpeg" | "png"
+ *
+ * Cache-Control is set to 1 year / immutable for optimised responses.
+ */
+export declare function handleImageRequest(req: IncomingMessage, res: ServerResponse, publicDir: string): Promise<void>;
+//# sourceMappingURL=image.d.ts.map

package/dist/server/image.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"image.d.ts","sourceRoot":"","sources":["../../src/server/image.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAGjE;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,kBAAkB,CACtC,GAAG,EAAE,eAAe,EACpB,GAAG,EAAE,cAAc,EACnB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,IAAI,CAAC,CAuFf"}