npm - alepha - Versions diffs - 0.19.4 → 0.19.5 - Mend

alepha 0.19.4 → 0.19.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (104) hide show

package/dist/api/audits/index.d.ts +8 -8
package/dist/api/issues/index.d.ts +810 -0
package/dist/api/issues/index.d.ts.map +1 -0
package/dist/api/issues/index.js +447 -0
package/dist/api/issues/index.js.map +1 -0
package/dist/api/keys/index.d.ts +5 -5
package/dist/api/users/index.d.ts +6 -0
package/dist/api/users/index.d.ts.map +1 -1
package/dist/api/users/index.js +10 -3
package/dist/api/users/index.js.map +1 -1
package/dist/api/workflows/index.d.ts +3 -3
package/dist/captcha/index.d.ts +142 -0
package/dist/captcha/index.d.ts.map +1 -0
package/dist/captcha/index.js +177 -0
package/dist/captcha/index.js.map +1 -0
package/dist/cli/core/index.d.ts +82 -2
package/dist/cli/core/index.d.ts.map +1 -1
package/dist/cli/core/index.js +90 -6
package/dist/cli/core/index.js.map +1 -1
package/dist/cli/platform/index.d.ts +84 -10
package/dist/cli/platform/index.d.ts.map +1 -1
package/dist/cli/platform/index.js +92 -4
package/dist/cli/platform/index.js.map +1 -1
package/dist/cli/vendor/index.d.ts +30 -3
package/dist/cli/vendor/index.d.ts.map +1 -1
package/dist/cli/vendor/index.js +98 -21
package/dist/cli/vendor/index.js.map +1 -1
package/dist/command/index.d.ts.map +1 -1
package/dist/command/index.js +2 -3
package/dist/command/index.js.map +1 -1
package/dist/orm/core/index.bun.js +6 -6
package/dist/orm/core/index.bun.js.map +1 -1
package/dist/orm/core/index.d.ts.map +1 -1
package/dist/orm/core/index.js +6 -6
package/dist/orm/core/index.js.map +1 -1
package/dist/react/i18n/index.d.ts +1 -0
package/dist/react/i18n/index.d.ts.map +1 -1
package/dist/react/i18n/index.js +8 -4
package/dist/react/i18n/index.js.map +1 -1
package/dist/security/index.d.ts.map +1 -1
package/dist/security/index.js.map +1 -1
package/dist/server/auth/index.d.ts +145 -2
package/dist/server/auth/index.d.ts.map +1 -1
package/dist/server/auth/index.js +364 -63
package/dist/server/auth/index.js.map +1 -1
package/dist/server/cookies/index.d.ts.map +1 -1
package/dist/server/cookies/index.js.map +1 -1
package/dist/websocket/index.d.ts.map +1 -1
package/dist/websocket/index.js.map +1 -1
package/package.json +11 -1
package/src/api/issues/__tests__/IssueService.spec.ts +263 -0
package/src/api/issues/controllers/AdminIssueController.ts +149 -0
package/src/api/issues/controllers/IssueController.ts +44 -0
package/src/api/issues/entities/issues.ts +49 -0
package/src/api/issues/index.ts +53 -0
package/src/api/issues/schemas/createIssueSchema.ts +13 -0
package/src/api/issues/schemas/issueConfigAtom.ts +13 -0
package/src/api/issues/schemas/issueQuerySchema.ts +18 -0
package/src/api/issues/schemas/issueResourceSchema.ts +6 -0
package/src/api/issues/schemas/myIssueQuerySchema.ts +10 -0
package/src/api/issues/schemas/updateIssueSchema.ts +13 -0
package/src/api/issues/services/IssueService.ts +264 -0
package/src/api/users/primitives/$realm.ts +24 -0
package/src/api/users/services/CredentialService.ts +6 -3
package/src/api/users/services/RegistrationService.ts +15 -5
package/src/api/users/services/SessionService.ts +2 -0
package/src/captcha/__tests__/MemoryCaptchaProvider.spec.ts +74 -0
package/src/captcha/index.ts +33 -0
package/src/captcha/providers/CaptchaProvider.ts +17 -0
package/src/captcha/providers/MemoryCaptchaProvider.ts +65 -0
package/src/captcha/providers/TurnstileCaptchaProvider.ts +125 -0
package/src/cli/core/atoms/buildOptions.ts +57 -0
package/src/cli/core/commands/build.ts +2 -0
package/src/cli/core/providers/ViteDevServerProvider.ts +1 -1
package/src/cli/core/services/ViteUtils.ts +5 -2
package/src/cli/core/tasks/BuildClientTask.ts +3 -1
package/src/cli/core/tasks/BuildCloudflareTask.ts +4 -0
package/src/cli/core/tasks/BuildPwaTask.ts +81 -0
package/src/cli/platform/adapters/CloudflareAdapter.ts +24 -0
package/src/cli/platform/atoms/platformOptions.ts +19 -3
package/src/cli/platform/hooks/PlatformHook.ts +51 -0
package/src/cli/platform/index.ts +1 -0
package/src/cli/platform/services/CloudflareApi.ts +22 -1
package/src/cli/platform/services/PlatformOrchestrator.ts +67 -2
package/src/cli/vendor/__tests__/VendorService.spec.ts +40 -1
package/src/cli/vendor/commands/VendorCommand.ts +41 -38
package/src/cli/vendor/services/VendorService.ts +108 -4
package/src/command/__tests__/CliProvider.spec.ts +45 -0
package/src/command/providers/CliProvider.ts +3 -4
package/src/orm/core/services/Repository.ts +20 -6
package/src/react/i18n/__tests__/I18nProvider.spec.ts +83 -0
package/src/react/i18n/providers/I18nProvider.ts +12 -10
package/src/security/primitives/$issuer.ts +3 -1
package/src/server/auth/index.ts +7 -0
package/src/server/auth/primitives/$auth.ts +37 -3
package/src/server/auth/primitives/$authApple.ts +114 -4
package/src/server/auth/primitives/$authFacebook.ts +98 -0
package/src/server/auth/primitives/$authFranceConnect.ts +105 -0
package/src/server/auth/primitives/$authGithub.ts +22 -16
package/src/server/auth/primitives/$authMicrosoft.ts +88 -0
package/src/server/auth/providers/ServerAuthProvider.ts +197 -72
package/src/server/cookies/providers/ServerCookiesProvider.ts +3 -0
package/src/server/core/__tests__/ServerRouterProvider-errorHandler.spec.ts +1 -1
package/src/websocket/providers/NodeWebSocketServerProvider.ts +3 -1

package/dist/api/workflows/index.d.ts CHANGED Viewed

@@ -657,7 +657,7 @@ declare class WorkflowProvider {
   protected readonly stepLogs: _$alepha_orm0.Repository<_$alepha.TObject<{
     id: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_PRIMARY_KEY>, typeof _$alepha_orm0.PG_DEFAULT>;
     logs: _$alepha.TArray<_$alepha.TObject<{
-      level: _$alepha.TUnsafe<"TRACE" | "SILENT" | "DEBUG" | "INFO" | "WARN" | "ERROR">;
+      level: _$alepha.TUnsafe<"SILENT" | "TRACE" | "DEBUG" | "INFO" | "WARN" | "ERROR">;
       message: _$alepha.TString;
       service: _$alepha.TString;
       module: _$alepha.TString;
@@ -675,7 +675,7 @@ declare class WorkflowProvider {
     data?: any;
     context?: string | undefined;
     app?: string | undefined;
-    level: "TRACE" | "SILENT" | "DEBUG" | "INFO" | "WARN" | "ERROR";
+    level: "SILENT" | "TRACE" | "DEBUG" | "INFO" | "WARN" | "ERROR";
     message: string;
     service: string;
     module: string;
@@ -1412,7 +1412,7 @@ declare class AdminWorkflowController {
 declare const workflowStepLogs: _$alepha_orm0.EntityPrimitive<_$alepha.TObject<{
   id: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_PRIMARY_KEY>, typeof _$alepha_orm0.PG_DEFAULT>;
   logs: _$alepha.TArray<_$alepha.TObject<{
-    level: _$alepha.TUnsafe<"TRACE" | "SILENT" | "DEBUG" | "INFO" | "WARN" | "ERROR">;
+    level: _$alepha.TUnsafe<"SILENT" | "TRACE" | "DEBUG" | "INFO" | "WARN" | "ERROR">;
     message: _$alepha.TString;
     service: _$alepha.TString;
     module: _$alepha.TString;

package/dist/captcha/index.d.ts ADDED Viewed

@@ -0,0 +1,142 @@
+import * as _$alepha from "alepha";
+import * as _$alepha_logger0 from "alepha/logger";
+//#region ../../src/captcha/providers/CaptchaProvider.d.ts
+/**
+ * Captcha verification provider interface.
+ *
+ * Verifies that a user-submitted captcha token is valid. Implementations
+ * call the relevant captcha service (Turnstile, reCAPTCHA, hCaptcha, etc.)
+ * to validate the token server-side.
+ */
+declare abstract class CaptchaProvider {
+  /**
+   * Verify a captcha token.
+   *
+   * @param token - The captcha response token submitted by the client.
+   * @param ip - Optional client IP address for additional validation.
+   * @returns Whether the token is valid.
+   */
+  abstract verify(token: string, ip?: string): Promise<boolean>;
+}
+//#endregion
+//#region ../../src/captcha/providers/MemoryCaptchaProvider.d.ts
+interface CaptchaRecord {
+  token: string;
+  ip?: string;
+  verifiedAt: Date;
+}
+/**
+ * In-memory captcha provider for testing.
+ *
+ * Accepts all tokens by default. Use `reject()` to make verification fail,
+ * and `accept()` to restore. All verification attempts are recorded for assertions.
+ */
+declare class MemoryCaptchaProvider implements CaptchaProvider {
+  protected readonly log: _$alepha_logger0.Logger;
+  /**
+   * All verification attempts.
+   */
+  records: CaptchaRecord[];
+  protected shouldAccept: boolean;
+  verify(token: string, ip?: string): Promise<boolean>;
+  /**
+   * Make all subsequent verifications fail.
+   */
+  reject(): void;
+  /**
+   * Make all subsequent verifications pass (default behavior).
+   */
+  accept(): void;
+  /**
+   * Whether a token was verified.
+   */
+  wasVerified(token: string): boolean;
+  /**
+   * Get the last verification attempt.
+   */
+  get last(): CaptchaRecord | undefined;
+}
+//#endregion
+//#region ../../src/captcha/providers/TurnstileCaptchaProvider.d.ts
+/**
+ * Cloudflare Turnstile captcha verification provider.
+ *
+ * Validates captcha tokens against the Cloudflare Turnstile siteverify API.
+ * Free, privacy-friendly, and supports invisible mode.
+ *
+ * ## Setup
+ *
+ * 1. Create a Turnstile widget at https://dash.cloudflare.com/?to=/:account/turnstile
+ * 2. Copy the **Site Key** (public, for the client) and **Secret Key** (private, for the server)
+ * 3. Set `TURNSTILE_SECRET_KEY` in your environment
+ *
+ * ## Client-side integration
+ *
+ * Add the Turnstile script and widget to your form:
+ *
+ * ```html
+ * <script src="https://challenges.cloudflare.com/turnstile/v0/api.js" async defer></script>
+ * <form>
+ *   <div class="cf-turnstile" data-sitekey="YOUR_SITE_KEY"></div>
+ *   <button type="submit">Submit</button>
+ * </form>
+ * ```
+ *
+ * The widget injects a hidden `cf-turnstile-response` input into the form.
+ * Send this value as the `captchaToken` in your registration request.
+ *
+ * For explicit rendering (React, SPA):
+ *
+ * ```ts
+ * turnstile.render("#container", {
+ *   sitekey: "YOUR_SITE_KEY",
+ *   callback: (token) => setCaptchaToken(token),
+ * });
+ * ```
+ *
+ * ## Server-side usage
+ *
+ * Register the provider in your app:
+ *
+ * ```ts
+ * import { CaptchaProvider } from "alepha/captcha";
+ * import { TurnstileCaptchaProvider } from "alepha/captcha";
+ *
+ * alepha.with({ provide: CaptchaProvider, use: TurnstileCaptchaProvider });
+ * ```
+ *
+ * ## Test keys (for development)
+ *
+ * - Always passes: site `1x00000000000000000000AA`, secret `1x0000000000000000000000000000000AA`
+ * - Always blocks: site `2x00000000000000000000AB`, secret `2x0000000000000000000000000000000AB`
+ * - Forces interactive: site `3x00000000000000000000FF`
+ *
+ * ## Environment Variables
+ *
+ * - `TURNSTILE_SECRET_KEY`: The secret key from the Cloudflare Turnstile dashboard.
+ *
+ * @see https://developers.cloudflare.com/turnstile/get-started/server-side-validation/
+ */
+declare class TurnstileCaptchaProvider implements CaptchaProvider {
+  protected readonly log: _$alepha_logger0.Logger;
+  protected readonly secretKey: string;
+  constructor();
+  verify(token: string, ip?: string): Promise<boolean>;
+}
+//#endregion
+//#region ../../src/captcha/index.d.ts
+/**
+ * Captcha verification for bot protection.
+ *
+ * **Features:**
+ * - Provider abstraction for captcha services
+ * - Cloudflare Turnstile support (free, privacy-friendly)
+ * - In-memory provider for testing
+ *
+ * @module alepha.captcha
+ */
+declare const AlephaCaptcha: _$alepha.Service<_$alepha.Module>;
+//#endregion
+export { AlephaCaptcha, CaptchaProvider, CaptchaRecord, MemoryCaptchaProvider, TurnstileCaptchaProvider };
+//# sourceMappingURL=index.d.ts.map

package/dist/captcha/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","names":[],"sources":["../../src/captcha/providers/CaptchaProvider.ts","../../src/captcha/providers/MemoryCaptchaProvider.ts","../../src/captcha/providers/TurnstileCaptchaProvider.ts","../../src/captcha/index.ts"],"mappings":";;;;;;;;AAOA;;;uBAAsB,eAAA;EAQJ;;;;;;;EAAA,SAAA,MAAA,CAAO,KAAA,UAAe,EAAA,YAAc,OAAA;AAAA;;;UCZrC,aAAA;EACf,KAAA;EACA,EAAA;EACA,UAAA,EAAY,IAAA;AAAA;;;;;;;cASD,qBAAA,YAAiC,eAAA;EAAA,mBACzB,GAAA,EADc,gBAAA,CACX,MAAA;;;;EAKf,OAAA,EAAS,aAAA;EAAA,UAEN,YAAA;EAEG,MAAA,CAAO,KAAA,UAAe,EAAA,YAAc,OAAA;EAnBjC;;;EAkCT,MAAA,CAAA;EAlCK;;;EAyCL,MAAA,CAAA;EAhC0B;;;EAuC1B,WAAA,CAAY,KAAA;EA7B8B;;;EAAA,IAoCtC,IAAA,CAAA,GAAQ,aAAA;AAAA;;;;;;ADtDrB;;;;;;;;;;;;;ACJA;;;;;;;;;;AAYA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACgDA;;cAAa,wBAAA,YAAoC,eAAA;EAAA,mBAC5B,GAAA,EADiB,gBAAA,CACd,MAAA;EAAA,mBACH,SAAA;;EAiBN,MAAA,CAAO,KAAA,UAAe,EAAA,YAAc,OAAA;AAAA;;;;AF3EnD;;;;;;;;;cGgBa,aAAA,EAAa,QAAA,CAAA,OAAA,CASxB,QAAA,CATwB,MAAA"}

package/dist/captcha/index.js ADDED Viewed

@@ -0,0 +1,177 @@
+import { $context, $module, AlephaError, t } from "alepha";
+import { $logger } from "alepha/logger";
+//#region ../../src/captcha/providers/CaptchaProvider.ts
+/**
+* Captcha verification provider interface.
+*
+* Verifies that a user-submitted captcha token is valid. Implementations
+* call the relevant captcha service (Turnstile, reCAPTCHA, hCaptcha, etc.)
+* to validate the token server-side.
+*/
+var CaptchaProvider = class {};
+//#endregion
+//#region ../../src/captcha/providers/MemoryCaptchaProvider.ts
+/**
+* In-memory captcha provider for testing.
+*
+* Accepts all tokens by default. Use `reject()` to make verification fail,
+* and `accept()` to restore. All verification attempts are recorded for assertions.
+*/
+var MemoryCaptchaProvider = class {
+	log = $logger();
+	/**
+	* All verification attempts.
+	*/
+	records = [];
+	shouldAccept = true;
+	async verify(token, ip) {
+		this.log.debug("Verifying captcha in memory store", {
+			token,
+			ip
+		});
+		this.records.push({
+			token,
+			ip,
+			verifiedAt: /* @__PURE__ */ new Date()
+		});
+		return this.shouldAccept;
+	}
+	/**
+	* Make all subsequent verifications fail.
+	*/
+	reject() {
+		this.shouldAccept = false;
+	}
+	/**
+	* Make all subsequent verifications pass (default behavior).
+	*/
+	accept() {
+		this.shouldAccept = true;
+	}
+	/**
+	* Whether a token was verified.
+	*/
+	wasVerified(token) {
+		return this.records.some((r) => r.token === token);
+	}
+	/**
+	* Get the last verification attempt.
+	*/
+	get last() {
+		return this.records[this.records.length - 1];
+	}
+};
+//#endregion
+//#region ../../src/captcha/providers/TurnstileCaptchaProvider.ts
+/**
+* Cloudflare Turnstile captcha verification provider.
+*
+* Validates captcha tokens against the Cloudflare Turnstile siteverify API.
+* Free, privacy-friendly, and supports invisible mode.
+*
+* ## Setup
+*
+* 1. Create a Turnstile widget at https://dash.cloudflare.com/?to=/:account/turnstile
+* 2. Copy the **Site Key** (public, for the client) and **Secret Key** (private, for the server)
+* 3. Set `TURNSTILE_SECRET_KEY` in your environment
+*
+* ## Client-side integration
+*
+* Add the Turnstile script and widget to your form:
+*
+* ```html
+* <script src="https://challenges.cloudflare.com/turnstile/v0/api.js" async defer><\/script>
+* <form>
+*   <div class="cf-turnstile" data-sitekey="YOUR_SITE_KEY"></div>
+*   <button type="submit">Submit</button>
+* </form>
+* ```
+*
+* The widget injects a hidden `cf-turnstile-response` input into the form.
+* Send this value as the `captchaToken` in your registration request.
+*
+* For explicit rendering (React, SPA):
+*
+* ```ts
+* turnstile.render("#container", {
+*   sitekey: "YOUR_SITE_KEY",
+*   callback: (token) => setCaptchaToken(token),
+* });
+* ```
+*
+* ## Server-side usage
+*
+* Register the provider in your app:
+*
+* ```ts
+* import { CaptchaProvider } from "alepha/captcha";
+* import { TurnstileCaptchaProvider } from "alepha/captcha";
+*
+* alepha.with({ provide: CaptchaProvider, use: TurnstileCaptchaProvider });
+* ```
+*
+* ## Test keys (for development)
+*
+* - Always passes: site `1x00000000000000000000AA`, secret `1x0000000000000000000000000000000AA`
+* - Always blocks: site `2x00000000000000000000AB`, secret `2x0000000000000000000000000000000AB`
+* - Forces interactive: site `3x00000000000000000000FF`
+*
+* ## Environment Variables
+*
+* - `TURNSTILE_SECRET_KEY`: The secret key from the Cloudflare Turnstile dashboard.
+*
+* @see https://developers.cloudflare.com/turnstile/get-started/server-side-validation/
+*/
+var TurnstileCaptchaProvider = class {
+	log = $logger();
+	secretKey;
+	constructor() {
+		const { alepha } = $context();
+		this.secretKey = alepha.parseEnv(t.object({ TURNSTILE_SECRET_KEY: t.text({ description: "The secret key from the Cloudflare Turnstile dashboard." }) })).TURNSTILE_SECRET_KEY;
+	}
+	async verify(token, ip) {
+		const body = new URLSearchParams();
+		body.set("secret", this.secretKey);
+		body.set("response", token);
+		if (ip) body.set("remoteip", ip);
+		try {
+			const data = await (await fetch("https://challenges.cloudflare.com/turnstile/v0/siteverify", {
+				method: "POST",
+				body
+			})).json();
+			if (!data.success) this.log.debug("Turnstile verification failed", { errorCodes: data["error-codes"] });
+			return data.success;
+		} catch (error) {
+			throw new AlephaError("Failed to verify Turnstile captcha token", { cause: error });
+		}
+	}
+};
+//#endregion
+//#region ../../src/captcha/index.ts
+/**
+* Captcha verification for bot protection.
+*
+* **Features:**
+* - Provider abstraction for captcha services
+* - Cloudflare Turnstile support (free, privacy-friendly)
+* - In-memory provider for testing
+*
+* @module alepha.captcha
+*/
+const AlephaCaptcha = $module({
+	name: "alepha.captcha",
+	services: [
+		CaptchaProvider,
+		MemoryCaptchaProvider,
+		TurnstileCaptchaProvider
+	],
+	register: (alepha) => alepha.with({
+		optional: true,
+		provide: CaptchaProvider,
+		use: MemoryCaptchaProvider
+	})
+});
+//#endregion
+export { AlephaCaptcha, CaptchaProvider, MemoryCaptchaProvider, TurnstileCaptchaProvider };
+//# sourceMappingURL=index.js.map

package/dist/captcha/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","names":[],"sources":["../../src/captcha/providers/CaptchaProvider.ts","../../src/captcha/providers/MemoryCaptchaProvider.ts","../../src/captcha/providers/TurnstileCaptchaProvider.ts","../../src/captcha/index.ts"],"sourcesContent":["/**\n * Captcha verification provider interface.\n *\n * Verifies that a user-submitted captcha token is valid. Implementations\n * call the relevant captcha service (Turnstile, reCAPTCHA, hCaptcha, etc.)\n * to validate the token server-side.\n */\nexport abstract class CaptchaProvider {\n /**\n * Verify a captcha token.\n *\n * @param token - The captcha response token submitted by the client.\n * @param ip - Optional client IP address for additional validation.\n * @returns Whether the token is valid.\n */\n public abstract verify(token: string, ip?: string): Promise<boolean>;\n}\n","import { $logger } from \"alepha/logger\";\nimport type { CaptchaProvider } from \"./CaptchaProvider.ts\";\n\nexport interface CaptchaRecord {\n token: string;\n ip?: string;\n verifiedAt: Date;\n}\n\n/**\n * In-memory captcha provider for testing.\n *\n * Accepts all tokens by default. Use `reject()` to make verification fail,\n * and `accept()` to restore. All verification attempts are recorded for assertions.\n */\nexport class MemoryCaptchaProvider implements CaptchaProvider {\n protected readonly log = $logger();\n\n /**\n * All verification attempts.\n */\n public records: CaptchaRecord[] = [];\n\n protected shouldAccept = true;\n\n public async verify(token: string, ip?: string): Promise<boolean> {\n this.log.debug(\"Verifying captcha in memory store\", { token, ip });\n\n this.records.push({\n token,\n ip,\n verifiedAt: new Date(),\n });\n\n return this.shouldAccept;\n }\n\n /**\n * Make all subsequent verifications fail.\n */\n public reject(): void {\n this.shouldAccept = false;\n }\n\n /**\n * Make all subsequent verifications pass (default behavior).\n */\n public accept(): void {\n this.shouldAccept = true;\n }\n\n /**\n * Whether a token was verified.\n */\n public wasVerified(token: string): boolean {\n return this.records.some((r) => r.token === token);\n }\n\n /**\n * Get the last verification attempt.\n */\n public get last(): CaptchaRecord | undefined {\n return this.records[this.records.length - 1];\n }\n}\n","import { $context, AlephaError, t } from \"alepha\";\nimport { $logger } from \"alepha/logger\";\nimport type { CaptchaProvider } from \"./CaptchaProvider.ts\";\n\n/**\n * Cloudflare Turnstile captcha verification provider.\n *\n * Validates captcha tokens against the Cloudflare Turnstile siteverify API.\n * Free, privacy-friendly, and supports invisible mode.\n *\n * ## Setup\n *\n * 1. Create a Turnstile widget at https://dash.cloudflare.com/?to=/:account/turnstile\n * 2. Copy the **Site Key** (public, for the client) and **Secret Key** (private, for the server)\n * 3. Set `TURNSTILE_SECRET_KEY` in your environment\n *\n * ## Client-side integration\n *\n * Add the Turnstile script and widget to your form:\n *\n * ```html\n * <script src=\"https://challenges.cloudflare.com/turnstile/v0/api.js\" async defer></script>\n * <form>\n * <div class=\"cf-turnstile\" data-sitekey=\"YOUR_SITE_KEY\"></div>\n * <button type=\"submit\">Submit</button>\n * </form>\n * ```\n *\n * The widget injects a hidden `cf-turnstile-response` input into the form.\n * Send this value as the `captchaToken` in your registration request.\n *\n * For explicit rendering (React, SPA):\n *\n * ```ts\n * turnstile.render(\"#container\", {\n * sitekey: \"YOUR_SITE_KEY\",\n * callback: (token) => setCaptchaToken(token),\n * });\n * ```\n *\n * ## Server-side usage\n *\n * Register the provider in your app:\n *\n * ```ts\n * import { CaptchaProvider } from \"alepha/captcha\";\n * import { TurnstileCaptchaProvider } from \"alepha/captcha\";\n *\n * alepha.with({ provide: CaptchaProvider, use: TurnstileCaptchaProvider });\n * ```\n *\n * ## Test keys (for development)\n *\n * - Always passes: site `1x00000000000000000000AA`, secret `1x0000000000000000000000000000000AA`\n * - Always blocks: site `2x00000000000000000000AB`, secret `2x0000000000000000000000000000000AB`\n * - Forces interactive: site `3x00000000000000000000FF`\n *\n * ## Environment Variables\n *\n * - `TURNSTILE_SECRET_KEY`: The secret key from the Cloudflare Turnstile dashboard.\n *\n * @see https://developers.cloudflare.com/turnstile/get-started/server-side-validation/\n */\nexport class TurnstileCaptchaProvider implements CaptchaProvider {\n protected readonly log = $logger();\n protected readonly secretKey: string;\n\n constructor() {\n const { alepha } = $context();\n\n const env = alepha.parseEnv(\n t.object({\n TURNSTILE_SECRET_KEY: t.text({\n description:\n \"The secret key from the Cloudflare Turnstile dashboard.\",\n }),\n }),\n );\n\n this.secretKey = env.TURNSTILE_SECRET_KEY;\n }\n\n public async verify(token: string, ip?: string): Promise<boolean> {\n const body = new URLSearchParams();\n body.set(\"secret\", this.secretKey);\n body.set(\"response\", token);\n\n if (ip) {\n body.set(\"remoteip\", ip);\n }\n\n try {\n const res = await fetch(\n \"https://challenges.cloudflare.com/turnstile/v0/siteverify\",\n {\n method: \"POST\",\n body,\n },\n );\n\n const data = (await res.json()) as TurnstileResponse;\n\n if (!data.success) {\n this.log.debug(\"Turnstile verification failed\", {\n errorCodes: data[\"error-codes\"],\n });\n }\n\n return data.success;\n } catch (error) {\n throw new AlephaError(\"Failed to verify Turnstile captcha token\", {\n cause: error,\n });\n }\n }\n}\n\ninterface TurnstileResponse {\n success: boolean;\n \"error-codes\"?: string[];\n challenge_ts?: string;\n hostname?: string;\n action?: string;\n cdata?: string;\n}\n","import { $module } from \"alepha\";\nimport { CaptchaProvider } from \"./providers/CaptchaProvider.ts\";\nimport { MemoryCaptchaProvider } from \"./providers/MemoryCaptchaProvider.ts\";\nimport { TurnstileCaptchaProvider } from \"./providers/TurnstileCaptchaProvider.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport * from \"./providers/CaptchaProvider.ts\";\nexport * from \"./providers/MemoryCaptchaProvider.ts\";\nexport * from \"./providers/TurnstileCaptchaProvider.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\n/**\n * Captcha verification for bot protection.\n *\n * **Features:**\n * - Provider abstraction for captcha services\n * - Cloudflare Turnstile support (free, privacy-friendly)\n * - In-memory provider for testing\n *\n * @module alepha.captcha\n */\nexport const AlephaCaptcha = $module({\n name: \"alepha.captcha\",\n services: [CaptchaProvider, MemoryCaptchaProvider, TurnstileCaptchaProvider],\n register: (alepha) =>\n alepha.with({\n optional: true,\n provide: CaptchaProvider,\n use: MemoryCaptchaProvider,\n }),\n});\n"],"mappings":";;;;;;;;;;AAOA,IAAsB,kBAAtB,MAAsC;;;;;;;;;ACQtC,IAAa,wBAAb,MAA8D;CAC5D,MAAyB,SAAS;;;;CAKlC,UAAkC,EAAE;CAEpC,eAAyB;CAEzB,MAAa,OAAO,OAAe,IAA+B;AAChE,OAAK,IAAI,MAAM,qCAAqC;GAAE;GAAO;GAAI,CAAC;AAElE,OAAK,QAAQ,KAAK;GAChB;GACA;GACA,4BAAY,IAAI,MAAM;GACvB,CAAC;AAEF,SAAO,KAAK;;;;;CAMd,SAAsB;AACpB,OAAK,eAAe;;;;;CAMtB,SAAsB;AACpB,OAAK,eAAe;;;;;CAMtB,YAAmB,OAAwB;AACzC,SAAO,KAAK,QAAQ,MAAM,MAAM,EAAE,UAAU,MAAM;;;;;CAMpD,IAAW,OAAkC;AAC3C,SAAO,KAAK,QAAQ,KAAK,QAAQ,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACC9C,IAAa,2BAAb,MAAiE;CAC/D,MAAyB,SAAS;CAClC;CAEA,cAAc;EACZ,MAAM,EAAE,WAAW,UAAU;AAW7B,OAAK,YATO,OAAO,SACjB,EAAE,OAAO,EACP,sBAAsB,EAAE,KAAK,EAC3B,aACE,2DACH,CAAC,EACH,CAAC,CACH,CAEoB;;CAGvB,MAAa,OAAO,OAAe,IAA+B;EAChE,MAAM,OAAO,IAAI,iBAAiB;AAClC,OAAK,IAAI,UAAU,KAAK,UAAU;AAClC,OAAK,IAAI,YAAY,MAAM;AAE3B,MAAI,GACF,MAAK,IAAI,YAAY,GAAG;AAG1B,MAAI;GASF,MAAM,OAAQ,OARF,MAAM,MAChB,6DACA;IACE,QAAQ;IACR;IACD,CACF,EAEuB,MAAM;AAE9B,OAAI,CAAC,KAAK,QACR,MAAK,IAAI,MAAM,iCAAiC,EAC9C,YAAY,KAAK,gBAClB,CAAC;AAGJ,UAAO,KAAK;WACL,OAAO;AACd,SAAM,IAAI,YAAY,4CAA4C,EAChE,OAAO,OACR,CAAC;;;;;;;;;;;;;;;;ACzFR,MAAa,gBAAgB,QAAQ;CACnC,MAAM;CACN,UAAU;EAAC;EAAiB;EAAuB;EAAyB;CAC5E,WAAW,WACT,OAAO,KAAK;EACV,UAAU;EACV,SAAS;EACT,KAAK;EACN,CAAC;CACL,CAAC"}

package/dist/cli/core/index.d.ts CHANGED Viewed

@@ -202,6 +202,53 @@ declare const buildOptions: _$alepha.Atom<_$alepha.TObject<{
      */
     domain: _$alepha.TOptional<_$alepha.TString>;
   }>>;
+  /**
+   * PWA (Progressive Web App) configuration.
+   *
+   * Generates a web app manifest and enables installability.
+   * Requires a client-side bundle (React).
+   */
+  pwa: _$alepha.TOptional<_$alepha.TObject<{
+    /**
+     * Full application name displayed on the splash screen
+     * and in the OS app switcher.
+     */
+    name: _$alepha.TString;
+    /**
+     * Short name displayed on the home screen icon.
+     * Falls back to `name` if omitted.
+     */
+    shortName: _$alepha.TOptional<_$alepha.TString>;
+    /**
+     * Theme color used for the browser toolbar and OS chrome.
+     *
+     * @default "#ffffff"
+     */
+    themeColor: _$alepha.TOptional<_$alepha.TString>;
+    /**
+     * Background color for the splash screen.
+     *
+     * @default "#ffffff"
+     */
+    backgroundColor: _$alepha.TOptional<_$alepha.TString>;
+    /**
+     * Display mode for the installed PWA.
+     *
+     * - `standalone` - Looks like a native app (default)
+     * - `fullscreen` - Uses entire screen (games, immersive)
+     * - `minimal-ui` - Like standalone with minimal browser UI
+     * - `browser` - Standard browser tab
+     *
+     * @default "standalone"
+     */
+    display: _$alepha.TOptional<_$alepha.TUnsafe<"browser" | "standalone" | "fullscreen" | "minimal-ui">>;
+    /**
+     * Enable offline support via service worker.
+     *
+     * TODO: Not yet implemented.
+     */
+    offline: _$alepha.TOptional<_$alepha.TBoolean>;
+  }>>;
   /**
    * Sitemap generation configuration.
    */
@@ -11802,7 +11849,9 @@ declare class ViteUtils {
    * and injects only the short key into $page definitions.
    */
   createSsrPreloadPlugin(): Plugin;
-  generateIndexHtml(entry: AppEntry): string;
+  generateIndexHtml(entry: AppEntry, opts?: {
+    pwa?: boolean;
+  }): string;
   /**
    * We need to close the Vite dev server after build is done.
    */
@@ -12352,6 +12401,29 @@ declare class BuildPrerenderTask extends BuildTask {
   protected renderFile(page: any, options: any, dist: string): Promise<void>;
 }
 //#endregion
+//#region ../../src/cli/core/tasks/BuildPwaTask.d.ts
+/**
+ * Generate PWA web app manifest.
+ *
+ * Produces a `manifest.webmanifest` in the public output directory
+ * from the `pwa` section of build options. Detects icons from `public/`.
+ */
+declare class BuildPwaTask extends BuildTask {
+  protected readonly fs: FileSystemProvider;
+  run(ctx: BuildTaskContext): Promise<void>;
+  /**
+   * Detect icon files in the public output directory.
+   *
+   * Looks for common icon filenames and generates
+   * manifest icon entries with appropriate sizes and types.
+   */
+  protected detectIcons(publicDir: string): Promise<Array<{
+    src: string;
+    sizes: string;
+    type: string;
+  }>>;
+}
+//#endregion
 //#region ../../src/cli/core/tasks/BuildServerTask.d.ts
 /**
  * Build server-side SSR bundle with Vite.
@@ -12510,6 +12582,14 @@ declare class BuildCommand {
       dist?: string | undefined;
       public?: string | undefined;
     } | undefined;
+    pwa?: {
+      shortName?: string | undefined;
+      themeColor?: string | undefined;
+      backgroundColor?: string | undefined;
+      display?: "browser" | "standalone" | "fullscreen" | "minimal-ui" | undefined;
+      offline?: boolean | undefined;
+      name: string;
+    } | undefined;
     sitemap?: {
       hostname: string;
     } | undefined;
@@ -12519,7 +12599,7 @@ declare class BuildCommand {
    * Each task self-guards (checks target, hasClient, etc.).
    * Order matters — compress must be last.
    */
-  protected readonly pipeline: (BuildAssetsTask | BuildClientTask | BuildCloudflareTask | BuildCompressTask | BuildDockerTask | BuildPrerenderTask | BuildServerTask | BuildSitemapTask | BuildStaticTask | BuildVercelTask)[];
+  protected readonly pipeline: (BuildAssetsTask | BuildClientTask | BuildCloudflareTask | BuildCompressTask | BuildDockerTask | BuildPrerenderTask | BuildServerTask | BuildSitemapTask | BuildStaticTask | BuildVercelTask | BuildPwaTask)[];
   /**
    * Resolve the effective runtime based on target and explicit runtime flag.
    *