casualos 3.9.0-alpha.19838926610 → 3.9.0-alpha.20044586852

package/dist/cli.js

@@ -90229,6 +90229,7 @@ var WEB_CONFIG_SCHEMA = external_exports.object({
   staticRepoLocalPersistence: external_exports.boolean().prefault(true),
   sharedPartitionsVersion: external_exports.enum(["v2"]).prefault("v2"),
   vmOrigin: external_exports.string().min(1).max(128).nullable().optional(),
+  disableVM: external_exports.boolean().nullable().optional(),
   authOrigin: external_exports.string().min(1).max(128).nullable().optional(),
   recordsOrigin: external_exports.string().min(1).max(128).nullable().optional(),
   disableCollaboration: external_exports.boolean().nullable().optional(),
@@ -100506,10 +100507,11 @@ var ProcBuilder = class {
     this._allowedOrigins = allowedOrigins;
     return this;
   }
-  http(method, path6) {
+  http(method, path6, scope) {
     this._http = {
       method,
-      path: path6
+      path: path6,
+      scope
     };
     return this;
   }
@@ -100562,7 +100564,7 @@ function getSchemaMetadata(schema) {
     return { type: "boolean", description: getDescription(schema) };
   } else if (schema instanceof $ZodNumber) {
     return { type: "number", description: getDescription(schema) };
-  } else if (schema instanceof $ZodAny) {
+  } else if (schema instanceof $ZodAny || schema instanceof $ZodUnknown) {
     return { type: "any", description: getDescription(schema) };
   } else if (schema instanceof $ZodNull) {
     return { type: "null", description: getDescription(schema) };
@@ -102057,7 +102059,7 @@ var trace = TraceAPI.getInstance();
 function hashLowEntropyPasswordWithSalt2(password, salt) {
   const tracer = trace.getTracer(
     "InstrumentedHashHelpers",
-    false ? void 0 : "v3.9.0-alpha.19838926610"
+    false ? void 0 : "v3.9.0-alpha.20044586852"
   );
   return tracer.startActiveSpan(
     "hashLowEntropyPasswordWithSalt",
@@ -102075,7 +102077,7 @@ function hashLowEntropyPasswordWithSalt2(password, salt) {
 function hashHighEntropyPasswordWithSalt2(password, salt) {
   const tracer = trace.getTracer(
     "InstrumentedHashHelpers",
-    false ? void 0 : "v3.9.0-alpha.19838926610"
+    false ? void 0 : "v3.9.0-alpha.20044586852"
   );
   return tracer.startActiveSpan(
     "hashHighEntropyPasswordWithSalt",
@@ -102093,7 +102095,7 @@ function hashHighEntropyPasswordWithSalt2(password, salt) {
 function verifyPasswordAgainstHashes2(password, salt, hashes) {
   const tracer = trace.getTracer(
     "InstrumentedHashHelpers",
-    false ? void 0 : "v3.9.0-alpha.19838926610"
+    false ? void 0 : "v3.9.0-alpha.20044586852"
   );
   return tracer.startActiveSpan(
     "verifyPasswordAgainstHashes",
@@ -105814,6 +105816,9 @@ var subscriptionFeaturesSchema = external_exports.object({
     allowed: external_exports.boolean().describe("Whether comId features are granted to the studio."),
     maxStudios: external_exports.int().positive().optional().describe(
       "The maximum number of studios that can be created in this comId. If omitted, then there is no limit."
+    ),
+    maxDomains: external_exports.int().positive().optional().describe(
+      "The maximum number of custom domains that can be used with this comId. If omitted, then there is no limit."
     )
   }).optional().prefault({
     allowed: false
@@ -109620,7 +109625,7 @@ var import_semantic_conventions = __toESM(require_src3());
 function traced(tracerName, options = {}, metricOptions = {}) {
   const tracer = trace.getTracer(
     tracerName,
-    false ? void 0 : "v3.9.0-alpha.19838926610"
+    false ? void 0 : "v3.9.0-alpha.20044586852"
   );
   return function(target, propertyKey, descriptor) {
     const originalMethod = descriptor.value;
@@ -109702,7 +109707,7 @@ function getHistogram(meter) {
   }
   return metrics.getMeter(
     meter.meter,
-    false ? void 0 : "v3.9.0-alpha.19838926610"
+    false ? void 0 : "v3.9.0-alpha.20044586852"
   ).createHistogram(meter.name, meter.options);
 }
 function getCounter(meter) {
@@ -109711,7 +109716,7 @@ function getCounter(meter) {
   }
   return metrics.getMeter(
     meter.meter,
-    false ? void 0 : "v3.9.0-alpha.19838926610"
+    false ? void 0 : "v3.9.0-alpha.20044586852"
   ).createCounter(meter.name, meter.options);
 }
 function traceHttpResponse(options = {}) {
@@ -112412,6 +112417,7 @@ var RecordsController = class {
     this._config = config3.config;
     this._messenger = config3.messenger;
     this._privo = config3.privo;
+    this._domainNameValidator = config3.domainNameValidator;
   }
   async createRecord(request2) {
     try {
@@ -113340,6 +113346,176 @@ var RecordsController = class {
       };
     }
   }
+  async addCustomDomain(request2) {
+    if (!this._domainNameValidator) {
+      return failure({
+        errorCode: "not_supported",
+        errorMessage: "Custom domains are not supported on this server."
+      });
+    }
+    const studio = await this._store.getStudioById(request2.studioId);
+    if (!studio) {
+      return failure({
+        errorCode: "studio_not_found",
+        errorMessage: "The given studio was not found."
+      });
+    }
+    const list = await this._store.listStudioAssignments(request2.studioId, {
+      userId: request2.userId,
+      role: "admin"
+    });
+    if (list.length <= 0) {
+      return failure({
+        errorCode: "not_authorized",
+        errorMessage: "You are not authorized to perform this operation."
+      });
+    }
+    const config3 = await this._config.getSubscriptionConfiguration();
+    const features = getComIdFeatures(
+      config3,
+      studio.subscriptionStatus,
+      studio.subscriptionId,
+      studio.subscriptionPeriodStartMs,
+      studio.subscriptionPeriodEndMs
+    );
+    if (!features.allowed) {
+      return failure({
+        errorCode: "not_authorized",
+        errorMessage: "comId features are not allowed for this comId. Make sure you have an active subscription that provides comId features."
+      });
+    }
+    if (typeof features.maxDomains === "number") {
+      const domainCount = (await this._store.listCustomDomainsByStudioId(request2.studioId)).length;
+      if (domainCount >= features.maxDomains) {
+        return failure({
+          errorCode: "subscription_limit_reached",
+          errorMessage: "The maximum number of custom domains allowed for your comId subscription has been reached."
+        });
+      }
+    }
+    const verificationKey = (0, import_base64_js11.fromByteArray)((0, import_tweetnacl5.randomBytes)(16));
+    const customDomain = {
+      id: v7_default(),
+      domainName: request2.domain,
+      studioId: request2.studioId,
+      verificationKey,
+      verified: null
+    };
+    await this._store.saveCustomDomain(customDomain);
+    const verificationDnsRecord = await this._domainNameValidator.getVerificationDNSRecord(
+      customDomain.domainName,
+      customDomain.verificationKey
+    );
+    return verificationDnsRecord;
+  }
+  async deleteCustomDomain(request2) {
+    if (!this._domainNameValidator) {
+      return failure({
+        errorCode: "not_supported",
+        errorMessage: "Custom domains are not supported on this server."
+      });
+    }
+    const customDomain = await this._store.getCustomDomainById(
+      request2.customDomainId
+    );
+    if (!customDomain) {
+      return failure({
+        errorCode: "not_found",
+        errorMessage: "The given custom domain was not found."
+      });
+    }
+    const list = await this._store.listStudioAssignments(
+      customDomain.studioId,
+      {
+        userId: request2.userId,
+        role: "admin"
+      }
+    );
+    if (list.length <= 0) {
+      return failure({
+        errorCode: "not_authorized",
+        errorMessage: "You are not authorized to perform this operation."
+      });
+    }
+    await this._store.deleteCustomDomain(customDomain.id);
+    return success2(void 0);
+  }
+  async listCustomDomains(request2) {
+    if (!this._domainNameValidator) {
+      return failure({
+        errorCode: "not_supported",
+        errorMessage: "Custom domains are not supported on this server."
+      });
+    }
+    const studio = await this._store.getStudioById(request2.studioId);
+    if (!studio) {
+      return failure({
+        errorCode: "studio_not_found",
+        errorMessage: "The given studio was not found."
+      });
+    }
+    const list = await this._store.listStudioAssignments(request2.studioId, {
+      userId: request2.userId,
+      role: "admin"
+    });
+    if (list.length <= 0) {
+      return failure({
+        errorCode: "not_authorized",
+        errorMessage: "You are not authorized to perform this operation."
+      });
+    }
+    const domains = await this._store.listCustomDomainsByStudioId(
+      request2.studioId
+    );
+    return success2({
+      domains: domains.map(
+        (d2) => ({
+          id: d2.id,
+          domainName: d2.domainName,
+          verified: d2.verified
+        })
+      )
+    });
+  }
+  async verifyCustomDomain(request2) {
+    if (!this._domainNameValidator) {
+      return failure({
+        errorCode: "not_supported",
+        errorMessage: "Custom domains are not supported on this server."
+      });
+    }
+    const customDomain = await this._store.getCustomDomainById(
+      request2.customDomainId
+    );
+    if (!customDomain) {
+      return failure({
+        errorCode: "not_found",
+        errorMessage: "The given custom domain was not found."
+      });
+    }
+    const list = await this._store.listStudioAssignments(
+      customDomain.studioId,
+      {
+        userId: request2.userId,
+        role: "admin"
+      }
+    );
+    if (list.length <= 0) {
+      return failure({
+        errorCode: "not_authorized",
+        errorMessage: "You are not authorized to perform this operation."
+      });
+    }
+    const result = await this._domainNameValidator.validateDomainName(
+      customDomain.domainName,
+      customDomain.verificationKey
+    );
+    if (isFailure(result)) {
+      return result;
+    }
+    await this._store.markCustomDomainAsVerified(customDomain.id);
+    return success2();
+  }
   async getPlayerConfig(comId) {
     try {
       const studio = await this._store.getStudioByComId(comId);
@@ -113372,21 +113548,71 @@ var RecordsController = class {
       };
     }
   }
-  async getWebConfig() {
-    const [config3, subscriptions, privo] = await Promise.all([
+  async getWebConfig(hostname3) {
+    const [config3, subscriptions, privo, customDomain] = await Promise.all([
       this._config.getWebConfig(),
       this._config.getSubscriptionConfiguration(),
-      this._config.getPrivoConfiguration()
+      this._config.getPrivoConfiguration(),
+      this._store.getVerifiedCustomDomainByName(hostname3)
     ]);
-    return success2({
+    const webConfig = {
       ...config3 ?? {
         version: 2,
         causalRepoConnectionProtocol: "websocket"
       },
+      ...customDomain?.studio.playerConfig ?? {},
       studiosSupported: !!subscriptions,
       subscriptionsSupported: !!subscriptions,
-      requirePrivoLogin: !!privo
-    });
+      requirePrivoLogin: !!privo,
+      comId: customDomain?.studio.comId
+    };
+    if (customDomain) {
+      webConfig.logoUrl = customDomain.studio.logoUrl ?? webConfig.logoUrl;
+      webConfig.logoTitle = customDomain.studio.displayName ?? customDomain.studio.comId ?? webConfig.logoTitle;
+    }
+    return success2(webConfig);
+  }
+  async getPlayerWebManifest(hostname3) {
+    const customDomain = await this._store.getVerifiedCustomDomainByName(
+      hostname3
+    );
+    if (customDomain?.studio.playerWebManifest) {
+      return success2(customDomain.studio.playerWebManifest);
+    }
+    const manifest = await this._config.getPlayerWebManifest();
+    if (!manifest) {
+      return failure({
+        errorCode: "not_found",
+        errorMessage: "No web manifest found."
+      });
+    }
+    return success2(manifest);
+  }
+  async getVerifiedCustomDomainByName(hostname3) {
+    const customDomain = await this._store.getVerifiedCustomDomainByName(
+      hostname3
+    );
+    return success2(customDomain);
+  }
+  async getConfigurationValue(request2) {
+    if (!isSuperUserRole(request2.userRole)) {
+      return failure({
+        errorCode: "not_authorized",
+        errorMessage: "You are not authorized to perform this operation."
+      });
+    }
+    const value = await this._config.getConfiguration(request2.key);
+    return success2(value);
+  }
+  async setConfigurationValue(request2) {
+    if (!isSuperUserRole(request2.userRole)) {
+      return failure({
+        errorCode: "not_authorized",
+        errorMessage: "You are not authorized to perform this operation."
+      });
+    }
+    await this._config.setConfiguration(request2.key, request2.value);
+    return success2();
   }
   async listStudios(userId) {
     try {
@@ -113825,12 +114051,36 @@ __decorateClass([
 __decorateClass([
   traced(TRACE_NAME2)
 ], RecordsController.prototype, "getStudio", 1);
+__decorateClass([
+  traced(TRACE_NAME2)
+], RecordsController.prototype, "addCustomDomain", 1);
+__decorateClass([
+  traced(TRACE_NAME2)
+], RecordsController.prototype, "deleteCustomDomain", 1);
+__decorateClass([
+  traced(TRACE_NAME2)
+], RecordsController.prototype, "listCustomDomains", 1);
+__decorateClass([
+  traced(TRACE_NAME2)
+], RecordsController.prototype, "verifyCustomDomain", 1);
 __decorateClass([
   traced(TRACE_NAME2)
 ], RecordsController.prototype, "getPlayerConfig", 1);
 __decorateClass([
   traced(TRACE_NAME2)
 ], RecordsController.prototype, "getWebConfig", 1);
+__decorateClass([
+  traced(TRACE_NAME2)
+], RecordsController.prototype, "getPlayerWebManifest", 1);
+__decorateClass([
+  traced(TRACE_NAME2)
+], RecordsController.prototype, "getVerifiedCustomDomainByName", 1);
+__decorateClass([
+  traced(TRACE_NAME2)
+], RecordsController.prototype, "getConfigurationValue", 1);
+__decorateClass([
+  traced(TRACE_NAME2)
+], RecordsController.prototype, "setConfigurationValue", 1);
 __decorateClass([
   traced(TRACE_NAME2)
 ], RecordsController.prototype, "listStudios", 1);
@@ -117923,7 +118173,8 @@ var COM_ID_PLAYER_CONFIG = WEB_CONFIG_SCHEMA.pick({
   defaultBiosOption: true,
   jitsiAppName: true,
   what3WordsApiKey: true,
-  logoBackgroundColor: true
+  logoBackgroundColor: true,
+  disableVM: true
 }).partial();
 var COM_ID_WEB_CONFIG_SCHEMA = external_exports.object({
   playerConfig: COM_ID_PLAYER_CONFIG,
@@ -119289,14 +119540,14 @@ var PUSH_NOTIFICATION_PAYLOAD = external_exports.object({
 });
 
 // ../aux-records/packages/version/PackageVersionRecordsStore.ts
-function getPackageVersionSpecifier(key, major2, minor, patch, tag, sha2566) {
-  if (sha2566 && key) {
+function getPackageVersionSpecifier(key, major2, minor, patch, tag, sha2567) {
+  if (sha2567 && key) {
     return {
       success: false,
       errorCode: "unacceptable_request",
       errorMessage: "You cannot provide both key and sha256 version number."
     };
-  } else if (sha2566 && major2) {
+  } else if (sha2567 && major2) {
     return {
       success: false,
       errorCode: "unacceptable_request",
@@ -119308,11 +119559,11 @@ function getPackageVersionSpecifier(key, major2, minor, patch, tag, sha2566) {
       errorCode: "unacceptable_request",
       errorMessage: "You cannot provide both key and major version number."
     };
-  } else if (sha2566) {
+  } else if (sha2567) {
     return {
       success: true,
       key: {
-        sha256: sha2566
+        sha256: sha2567
       }
     };
   } else if (key) {
@@ -120176,6 +120427,213 @@ function omitBy2(obj, shouldOmit) {
   return result;
 }
 
+// ../aux-common/common/WebManifest.js
+var WEB_MANIFEST_SCHEMA = zod_default.looseObject({
+  name: zod_default.string().describe("The name of the PWA app."),
+  short_name: zod_default.string().describe("The short name of the PWA app."),
+  description: zod_default.string().optional().describe("The description of the PWA app."),
+  start_url: zod_default.string().prefault("/").describe('The URL that should be launched when opening the PWA. Defaults to "/"'),
+  display: zod_default.enum(["fullscreen", "standalone", "minimal-ui", "browser"]).prefault("standalone").describe("The display mode that should be used for the PWA app."),
+  background_color: zod_default.string().prefault("#ffffff").describe("The background color that should be used on the splash screen when the PWA is launched."),
+  theme_color: zod_default.string().prefault("#000000").describe("The theme color that should be used for the PWA app."),
+  icons: zod_default.array(zod_default.object({
+    src: zod_default.string().describe("The source URL of the icon."),
+    type: zod_default.string().describe("The MIME type of the icon."),
+    sizes: zod_default.union([
+      zod_default.literal("any").describe("The icon is scalable and can be used at any size."),
+      zod_default.string().check(zod_default.regex(/^(\d+x\d+)(\s+\d+x\d+)*$/)).describe("The sizes of the icon.")
+    ]).describe('The size(s) that the icon can display formatted as "{width}x{height}". Use "any" for scalable icons like SVG.'),
+    purpose: zod_default.string().optional().describe("The purpose of the icon.")
+  })).prefault([
+    {
+      src: "/pwa-192x192.png",
+      sizes: "192x192",
+      type: "image/png",
+      purpose: "any"
+    },
+    {
+      src: "/pwa-512x512.png",
+      sizes: "512x512",
+      type: "image/png",
+      purpose: "any"
+    },
+    {
+      src: "/pwa-maskable-192x192.png",
+      sizes: "192x192",
+      type: "image/png",
+      purpose: "maskable"
+    },
+    {
+      src: "/pwa-maskable-512x512.png",
+      sizes: "512x512",
+      type: "image/png",
+      purpose: "maskable"
+    }
+  ]).describe("The icons that should be used for the PWA app.\nSee https://developer.mozilla.org/en-US/docs/Web/Progressive_web_apps/Manifest/Reference/icons\nAlso see https://favicon.inbrowser.app/tools/favicon-generator to generate icons.")
+}).refine((obj) => Object.keys(obj).length < 20, {
+  error: "Web manifest has too many top-level properties. Maximum allowed is 20."
+}).optional();
+
+// ../aux-records/PrivoConfiguration.ts
+var privoSchema = zod_default.object({
+  gatewayEndpoint: zod_default.string().nonempty().describe("The Privo API (aslo called the Gateway) URL."),
+  publicEndpoint: zod_default.string().nonempty().describe("The Privo Public API URL."),
+  clientId: zod_default.string().nonempty().describe("The Client ID that should be used."),
+  clientSecret: zod_default.string().nonempty().describe("The client secret that should be used."),
+  redirectUri: zod_default.string().nonempty().describe(
+    "The URI that Privo users should be redirected to after a login."
+  ),
+  // verificationIntegration: z
+  //     .string()
+  //     .describe('The verification integration that should be used.')
+  //     .nonempty(),
+  // verificationServiceId: z
+  //     .string()
+  //     .describe('The service ID that should be used.')
+  //     .nonempty(),
+  // verificationSiteId: z
+  //     .string()
+  //     .describe('The site ID that should be used.')
+  //     .nonempty(),
+  roleIds: zod_default.object({
+    child: zod_default.string().nonempty().describe("The ID of the child role."),
+    parent: zod_default.string().nonempty().describe("The ID of the parent role."),
+    adult: zod_default.string().nonempty().describe("The ID of the adult role.")
+  }),
+  featureIds: zod_default.object({
+    childPrivoSSO: zod_default.string().nonempty().describe("The ID of the child Privo ID Single Sign-On feature"),
+    adultPrivoSSO: zod_default.string().nonempty().describe("The ID of the adult Privo ID Single Sign-On feature"),
+    joinAndCollaborate: zod_default.string().nonempty().describe('The ID of the "Join & Collaborate" feature.'),
+    publishProjects: zod_default.string().nonempty().describe(
+      'The ID of the "Publish Projects" feature. Also known as the "Publish Public Eggs" feature.'
+    ),
+    projectDevelopment: zod_default.string().nonempty().describe(
+      'The ID of the "Project Development" feature. Also known as the "Build Private Eggs" feature.'
+    ),
+    buildAIEggs: zod_default.string().nonempty().describe('The ID of the "Build AI Eggs" feature.')
+  }),
+  clientTokenScopes: zod_default.string().nonempty().optional().prefault(
+    "openid profile email user_profile offline_access address additional_info TRUST delete_account service_profile connected_profiles manage_consent consent_url update_password_link"
+  ).describe("The scopes that should be requested for client tokens."),
+  userTokenScopes: zod_default.string().nonempty().optional().prefault(
+    "TRUST openid profile user_profile address service_profile connected_profiles manage_consent email additional_info offline_access delete_account consent_url update_password_link"
+  ).describe("The scopes that should be requested for user tokens."),
+  ageOfConsent: zod_default.int().positive().prefault(18).describe(
+    "The age of consent for users. Users who are under this age must have consent given for them via a parent account."
+  )
+});
+
+// ../aux-records/ModerationConfiguration.ts
+var moderationSchema = zod_default.object({
+  allowUnauthenticatedReports: zod_default.boolean().prefault(true).describe(
+    "Whether to allow unauthenticated users to report insts. Defaults to true."
+  ),
+  jobs: zod_default.object({
+    files: zod_default.object({
+      enabled: zod_default.boolean().describe("Whether to enable file moderation."),
+      fileExtensions: zod_default.array(zod_default.string()).optional().prefault([".png", ".webp", ".jpg", ".jpeg", ".gif"]).describe(
+        "The file extensions to scan. Defaults to common image formats."
+      ),
+      minConfidence: zod_default.number().min(0).max(1).optional().describe(
+        "The minimum confidence to consider a detected label. Should be between 0 and 1. For AWS Rekognition, this defaults to 0.5."
+      ),
+      bannedLabels: zod_default.array(
+        zod_default.object({
+          label: zod_default.string().optional().describe(
+            "The label that should be matched. If omitted, then labels will be matched by category. See https://docs.aws.amazon.com/rekognition/latest/dg/moderation.html#moderation-api for AWS Rekognition moderation labels."
+          ),
+          threshold: zod_default.number().min(0).max(1).prefault(0.7).describe(
+            "The threshold that the label confidence must equal or exceed in order to be considered a match. Defaults to 0.7."
+          ),
+          actions: zod_default.array(zod_default.enum(["notify"])).optional().prefault(["notify"]).describe(
+            "The actions that should be taken when a file is detected with the label. Defaults to [notify]."
+          )
+        })
+      ).optional().prefault([
+        {
+          label: "Explicit",
+          threshold: 0.5,
+          actions: ["notify"]
+        },
+        {
+          label: "Non-Explicit Nudity of Intimate parts and Kissing",
+          threshold: 0.5,
+          actions: ["notify"]
+        },
+        {
+          label: "Swimwear or Underwear",
+          threshold: 0.5,
+          actions: ["notify"]
+        },
+        {
+          label: "Violence",
+          threshold: 0.5,
+          actions: ["notify"]
+        },
+        {
+          label: "Visually Disturbing",
+          threshold: 0.5,
+          actions: ["notify"]
+        },
+        {
+          label: "Drugs & Tobacco",
+          threshold: 0.5,
+          actions: ["notify"]
+        },
+        {
+          label: "Alcohol",
+          threshold: 0.5,
+          actions: ["notify"]
+        },
+        {
+          label: "Rude Gestures",
+          threshold: 0.5,
+          actions: ["notify"]
+        },
+        {
+          label: "Gambling",
+          threshold: 0.5,
+          actions: ["notify"]
+        },
+        {
+          label: "Hate Symbols",
+          threshold: 0.5,
+          actions: ["notify"]
+        }
+      ]).describe(
+        "The labels that should be banned. If a file contains any of these labels, it will be marked as banned. Additionally, a notification will be sent "
+      )
+    }).describe("Options for moderating files.")
+  }).optional().describe("The moderation jobs that are enabled.")
+});
+
+// ../aux-records/ConfigurationStore.ts
+var SUBSCRIPTIONS_CONFIG_KEY = "subscriptions";
+var PRIVO_CONFIG_KEY = "privo";
+var MODERATION_CONFIG_KEY = "moderation";
+var WEB_CONFIG_KEY = "web";
+var PLAYER_WEB_MANIFEST_KEY = "playerWebManifest";
+var CONFIGURATION_SCHEMAS = [
+  {
+    key: SUBSCRIPTIONS_CONFIG_KEY,
+    schema: subscriptionConfigSchema
+  },
+  { key: PRIVO_CONFIG_KEY, schema: privoSchema },
+  { key: MODERATION_CONFIG_KEY, schema: moderationSchema },
+  { key: WEB_CONFIG_KEY, schema: WEB_CONFIG_SCHEMA },
+  { key: PLAYER_WEB_MANIFEST_KEY, schema: WEB_MANIFEST_SCHEMA }
+];
+var CONFIGURATION_SCHEMAS_MAP = {
+  [SUBSCRIPTIONS_CONFIG_KEY]: subscriptionConfigSchema,
+  [PRIVO_CONFIG_KEY]: privoSchema,
+  [MODERATION_CONFIG_KEY]: moderationSchema,
+  [WEB_CONFIG_KEY]: WEB_CONFIG_SCHEMA,
+  [PLAYER_WEB_MANIFEST_KEY]: WEB_MANIFEST_SCHEMA
+};
+var CONFIGURATION_KEYS = CONFIGURATION_SCHEMAS.map(
+  (c2) => c2.key
+);
+
 // ../aux-records/RecordsServer.tsx
 var NOT_LOGGED_IN_RESULT = {
   success: false,
@@ -120298,7 +120756,7 @@ var RecordsServer = class {
     this._viewTemplateRenderer = viewTemplateRenderer;
     this._tracer = trace.getTracer(
       "RecordsServer",
-      false ? void 0 : "v3.9.0-alpha.19838926610"
+      false ? void 0 : "v3.9.0-alpha.20044586852"
     );
     this._purchasableItems = purchasableItemsController;
     this._procedures = this._createProcedures();
@@ -120325,7 +120783,9 @@ var RecordsServer = class {
   _createProcedures() {
     return {
       playerIndex: procedure().origins(true).view("player", true).handler(async (_2, context) => {
-        const config3 = await this._records.getWebConfig();
+        const config3 = await this._records.getWebConfig(
+          context.url.hostname
+        );
         const postApp = [];
         if (isSuccess(config3) && config3.value) {
           postApp.push(
@@ -120359,7 +120819,9 @@ var RecordsServer = class {
         return genericResult(result);
       }),
       authIndex: procedure().origins(true).view("auth", true).handler(async (_2, context) => {
-        const config3 = await this._records.getWebConfig();
+        const config3 = await this._records.getWebConfig(
+          context.url.hostname
+        );
         const postApp = [];
         if (isSuccess(config3) && config3.value) {
           postApp.push(
@@ -120381,7 +120843,9 @@ var RecordsServer = class {
         return genericResult(result);
       }),
       authIframe: procedure().origins(true).view("auth", "/iframe.html").handler(async (_2, context) => {
-        const config3 = await this._records.getWebConfig();
+        const config3 = await this._records.getWebConfig(
+          context.url.hostname
+        );
         const postApp = [];
         if (isSuccess(config3) && config3.value) {
           postApp.push(
@@ -121551,7 +122015,7 @@ var RecordsServer = class {
           minor,
           patch,
           tag,
-          sha256: sha2566,
+          sha256: sha2567,
           key,
           instances
         }, context) => {
@@ -121577,7 +122041,7 @@ var RecordsServer = class {
             minor,
             patch,
             tag,
-            sha2566
+            sha2567
           );
           if (keyResult.success === false) {
             return keyResult;
@@ -123149,7 +123613,10 @@ var RecordsServer = class {
           loomConfig: LOOM_CONFIG.optional().describe(
             "The configuration that can be used by studios to setup loom."
           ),
-          humeConfig: HUME_CONFIG.optional()
+          humeConfig: HUME_CONFIG.optional(),
+          playerWebManifest: WEB_MANIFEST_SCHEMA.optional().describe(
+            "The PWA web manifest that should be served for custom domains for the studio."
+          )
         })
       ).handler(
         async ({
@@ -123159,7 +123626,8 @@ var RecordsServer = class {
           comIdConfig,
           playerConfig,
           loomConfig,
-          humeConfig
+          humeConfig,
+          playerWebManifest
         }, context) => {
           const sessionKeyValidation = await this._validateSessionKey(context.sessionKey);
           if (sessionKeyValidation.success === false) {
@@ -123177,12 +123645,99 @@ var RecordsServer = class {
               comIdConfig,
               playerConfig,
               loomConfig,
-              humeConfig
+              humeConfig,
+              playerWebManifest
             }
           });
           return result;
         }
       ),
+      addCustomDomain: procedure().origins("account").http("POST", "/api/v2/studios/domains").inputs(
+        external_exports.object({
+          studioId: STUDIO_ID_VALIDATION,
+          domain: external_exports.string().min(1).max(255)
+        })
+      ).handler(async ({ studioId, domain: domain2 }, context) => {
+        const sessionKeyValidation = await this._validateSessionKey(
+          context.sessionKey
+        );
+        if (sessionKeyValidation.success === false) {
+          if (sessionKeyValidation.errorCode === "no_session_key") {
+            return NOT_LOGGED_IN_RESULT;
+          }
+          return sessionKeyValidation;
+        }
+        const result = await this._records.addCustomDomain({
+          userId: sessionKeyValidation.userId,
+          userRole: sessionKeyValidation.role,
+          studioId,
+          domain: domain2
+        });
+        return genericResult(result);
+      }),
+      deleteCustomDomain: procedure().origins("account").http("DELETE", "/api/v2/studios/domains").inputs(
+        external_exports.object({
+          customDomainId: external_exports.string().nonempty()
+        })
+      ).handler(async ({ customDomainId }, context) => {
+        const sessionKeyValidation = await this._validateSessionKey(
+          context.sessionKey
+        );
+        if (sessionKeyValidation.success === false) {
+          if (sessionKeyValidation.errorCode === "no_session_key") {
+            return NOT_LOGGED_IN_RESULT;
+          }
+          return sessionKeyValidation;
+        }
+        const result = await this._records.deleteCustomDomain({
+          userId: sessionKeyValidation.userId,
+          userRole: sessionKeyValidation.role,
+          customDomainId
+        });
+        return genericResult(result);
+      }),
+      listCustomDomains: procedure().origins("account").http("GET", "/api/v2/studios/domains/list").inputs(
+        external_exports.object({
+          studioId: STUDIO_ID_VALIDATION
+        })
+      ).handler(async ({ studioId }, context) => {
+        const sessionKeyValidation = await this._validateSessionKey(
+          context.sessionKey
+        );
+        if (sessionKeyValidation.success === false) {
+          if (sessionKeyValidation.errorCode === "no_session_key") {
+            return NOT_LOGGED_IN_RESULT;
+          }
+          return sessionKeyValidation;
+        }
+        const result = await this._records.listCustomDomains({
+          userId: sessionKeyValidation.userId,
+          userRole: sessionKeyValidation.role,
+          studioId
+        });
+        return genericResult(result);
+      }),
+      verifyCustomDomain: procedure().origins("account").http("POST", "/api/v2/studios/domains/verify").inputs(
+        external_exports.object({
+          customDomainId: external_exports.string().nonempty()
+        })
+      ).handler(async ({ customDomainId }, context) => {
+        const sessionKeyValidation = await this._validateSessionKey(
+          context.sessionKey
+        );
+        if (sessionKeyValidation.success === false) {
+          if (sessionKeyValidation.errorCode === "no_session_key") {
+            return NOT_LOGGED_IN_RESULT;
+          }
+          return sessionKeyValidation;
+        }
+        const result = await this._records.verifyCustomDomain({
+          userId: sessionKeyValidation.userId,
+          userRole: sessionKeyValidation.role,
+          customDomainId
+        });
+        return genericResult(result);
+      }),
       requestStudioComId: procedure().origins("account").http("POST", "/api/v2/studios/requestComId").inputs(
         external_exports.object({
           studioId: STUDIO_ID_VALIDATION,
@@ -123364,9 +123919,29 @@ var RecordsServer = class {
         return genericResult(result);
       }),
       getWebConfig: procedure().origins("api").http("GET", "/api/config").inputs(external_exports.object({})).handler(async (inputs, context) => {
-        const result = await this._records.getWebConfig();
+        const result = await this._records.getWebConfig(null);
         return genericResult(result);
       }),
+      getPlayerWebManifest: procedure().origins(true).http("GET", "/api/v2/site.webmanifest", "player").inputs(external_exports.object({})).handler(
+        async (_2, context) => {
+          const result = await this._records.getPlayerWebManifest(
+            context.url.hostname
+          );
+          return genericResult(result);
+        },
+        async (result) => {
+          if (result.success === true) {
+            const { success: success3, ...data } = result;
+            return {
+              body: JSON.stringify(data),
+              headers: {
+                "content-type": "application/manifest+json"
+              }
+            };
+          }
+          return {};
+        }
+      ),
       getPlayerConfig: procedure().origins("api").http("GET", "/api/v2/player/config").inputs(
         external_exports.object({
           comId: external_exports.string().nonempty()
@@ -123980,8 +124555,8 @@ var RecordsServer = class {
         return {
           success: true,
           ...metadata,
-          version: true ? "v3.9.0-alpha.19838926610" : void 0,
-          versionHash: true ? "2fb87ec50142d8a7dc03a40456f31c4c9924fec7" : void 0
+          version: true ? "v3.9.0-alpha.20044586852" : void 0,
+          versionHash: true ? "48d43b4fc051e5456c465bc1f43d0f7ae1b7ec55" : void 0
         };
       }),
       getPurchasableItem: procedure().origins(true).http("GET", "/api/v2/records/purchasableItems").inputs(
@@ -124249,6 +124824,53 @@ var RecordsServer = class {
           }
         );
         return result;
+      }),
+      getConfigurationValue: procedure().origins("account").http("GET", "/api/v2/configuration").inputs(
+        external_exports.object({
+          key: external_exports.enum(CONFIGURATION_KEYS)
+        })
+      ).handler(async ({ key }, context) => {
+        const validation = await this._validateSessionKey(
+          context.sessionKey
+        );
+        if (validation.success === false) {
+          if (validation.errorCode === "no_session_key") {
+            return NOT_LOGGED_IN_RESULT;
+          }
+          return validation;
+        }
+        const result = await this._records.getConfigurationValue({
+          userRole: validation.role,
+          key
+        });
+        return genericResult(result);
+      }),
+      setConfigurationValue: procedure().origins("account").http("POST", "/api/v2/configuration").inputs(
+        external_exports.discriminatedUnion(
+          "key",
+          CONFIGURATION_SCHEMAS.map(
+            (s3) => external_exports.object({
+              key: external_exports.literal(s3.key),
+              value: s3.schema
+            })
+          )
+        )
+      ).handler(async ({ key, value }, context) => {
+        const validation = await this._validateSessionKey(
+          context.sessionKey
+        );
+        if (validation.success === false) {
+          if (validation.errorCode === "no_session_key") {
+            return NOT_LOGGED_IN_RESULT;
+          }
+          return validation;
+        }
+        const result = await this._records.setConfigurationValue({
+          userRole: validation.role,
+          key,
+          value
+        });
+        return genericResult(result);
       })
     };
   }
@@ -124299,7 +124921,11 @@ var RecordsServer = class {
           ipAddress: request2.ipAddress,
           sessionKey: getSessionKey(request2),
           httpRequest: request2,
-          origin: request2.headers.origin ?? null
+          origin: request2.headers.origin ?? null,
+          url: new URL(
+            request2.path,
+            `http://${request2.headers.host}`
+          )
         };
         let result;
         if (proc.schema) {
@@ -124381,13 +125007,18 @@ var RecordsServer = class {
       path: route.path,
       schema: procedure2.schema,
       querySchema: procedure2.querySchema,
+      scope: route.scope,
       name,
       handler: async (request2, data, query2) => {
         const context = {
           ipAddress: request2.ipAddress,
           sessionKey: getSessionKey(request2),
           httpRequest: request2,
-          origin: request2.headers.origin ?? null
+          origin: request2.headers.origin ?? null,
+          url: new URL(
+            request2.path,
+            `http://${request2.headers.host}`
+          )
         };
         const result = await procedure2.handler(data, context, query2);
         const response = returnProcedureOutput(result);
@@ -124432,7 +125063,11 @@ var RecordsServer = class {
           ipAddress: request2.ipAddress,
           sessionKey: getSessionKey(request2),
           httpRequest: request2,
-          origin: request2.headers.origin ?? null
+          origin: request2.headers.origin ?? null,
+          url: new URL(
+            request2.path,
+            `http://${request2.headers.host}`
+          )
         };
         let result;
         try {
@@ -124595,15 +125230,35 @@ var RecordsServer = class {
       if (span && route.name) {
         span.updateName(`http:${route.name}`);
       }
-      const origins = route.allowedOrigins === "account" ? this._allowedAccountOrigins : route.allowedOrigins === "api" ? this._allowedApiOrigins : route.allowedOrigins ?? true;
-      if (origins !== true && !validateOrigin(request2, origins)) {
-        return formatResponse(
-          request2,
-          returnResult(INVALID_ORIGIN_RESULT),
-          origins
-        );
-      }
+      let origins = route.allowedOrigins === "account" ? this._allowedAccountOrigins : route.allowedOrigins === "api" ? this._allowedApiOrigins : route.allowedOrigins ?? true;
       try {
+        if (origins !== true && !validateOrigin(request2, origins)) {
+          let allow = false;
+          const host = request2.headers.host;
+          if (host && route.allowedOrigins === "api") {
+            const requestUrl = new URL(
+              request2.path,
+              `http://${host}`
+            );
+            const origin2 = new URL(request2.headers.origin);
+            if (origin2.host === requestUrl.host) {
+              const customDomain = await this._records.getVerifiedCustomDomainByName(
+                requestUrl.hostname
+              );
+              if (isSuccess(customDomain) && customDomain.value) {
+                allow = true;
+                origins = true;
+              }
+            }
+          }
+          if (!allow) {
+            return formatResponse(
+              request2,
+              returnResult(INVALID_ORIGIN_RESULT),
+              origins
+            );
+          }
+        }
         let response;
         if (route.schema) {
           let data;
@@ -141114,9 +141769,6 @@ __decorateClass([
   traced(TRACE_NAME20)
 ], OpenAIRealtimeInterface.prototype, "createRealtimeSessionToken", 1);
 
-// ../aux-records/ConfigurationStore.ts
-var WEB_CONFIG_KEY = "web";
-
 // ../aux-records/CachingConfigStore.ts
 var TRACE_NAME21 = "CachingConfigStore";
 var CachingConfigStore = class {
@@ -141131,6 +141783,23 @@ var CachingConfigStore = class {
     this._cache = cache2;
     this._cacheSeconds = cacheSeconds;
   }
+  async setConfiguration(key, value) {
+    await this._cache.remove(key);
+    await this._store.setConfiguration(key, value);
+  }
+  async getConfiguration(key, defaultValue) {
+    const cached2 = await this._cache.retrieve(
+      key
+    );
+    if (cached2) {
+      return cached2;
+    }
+    const result = await this._store.getConfiguration(key, defaultValue);
+    if (result) {
+      await this._cache.store(key, result, this._cacheSeconds);
+    }
+    return result;
+  }
   async getWebConfig() {
     const cached2 = await this._cache.retrieve(WEB_CONFIG_KEY);
     if (cached2) {
@@ -141142,6 +141811,23 @@ var CachingConfigStore = class {
     }
     return result;
   }
+  async getPlayerWebManifest() {
+    const cached2 = await this._cache.retrieve(
+      PLAYER_WEB_MANIFEST_KEY
+    );
+    if (cached2) {
+      return cached2;
+    }
+    const result = await this._store.getPlayerWebManifest();
+    if (result) {
+      await this._cache.store(
+        PLAYER_WEB_MANIFEST_KEY,
+        result,
+        this._cacheSeconds
+      );
+    }
+    return result;
+  }
   async getSubscriptionConfiguration() {
     const cached2 = await this._cache.retrieve(
       "subscriptions"
@@ -141184,9 +141870,18 @@ var CachingConfigStore = class {
     return result;
   }
 };
+__decorateClass([
+  traced(TRACE_NAME21)
+], CachingConfigStore.prototype, "setConfiguration", 1);
+__decorateClass([
+  traced(TRACE_NAME21)
+], CachingConfigStore.prototype, "getConfiguration", 1);
 __decorateClass([
   traced(TRACE_NAME21)
 ], CachingConfigStore.prototype, "getWebConfig", 1);
+__decorateClass([
+  traced(TRACE_NAME21)
+], CachingConfigStore.prototype, "getPlayerWebManifest", 1);
 __decorateClass([
   traced(TRACE_NAME21)
 ], CachingConfigStore.prototype, "getSubscriptionConfiguration", 1);
@@ -141442,90 +142137,6 @@ __decorateClass([
   traced(TRACE_NAME22)
 ], ModerationController.prototype, "scanFile", 1);
 
-// ../aux-records/ModerationConfiguration.ts
-var moderationSchema = zod_default.object({
-  allowUnauthenticatedReports: zod_default.boolean().prefault(true).describe(
-    "Whether to allow unauthenticated users to report insts. Defaults to true."
-  ),
-  jobs: zod_default.object({
-    files: zod_default.object({
-      enabled: zod_default.boolean().describe("Whether to enable file moderation."),
-      fileExtensions: zod_default.array(zod_default.string()).optional().prefault([".png", ".webp", ".jpg", ".jpeg", ".gif"]).describe(
-        "The file extensions to scan. Defaults to common image formats."
-      ),
-      minConfidence: zod_default.number().min(0).max(1).optional().describe(
-        "The minimum confidence to consider a detected label. Should be between 0 and 1. For AWS Rekognition, this defaults to 0.5."
-      ),
-      bannedLabels: zod_default.array(
-        zod_default.object({
-          label: zod_default.string().optional().describe(
-            "The label that should be matched. If omitted, then labels will be matched by category. See https://docs.aws.amazon.com/rekognition/latest/dg/moderation.html#moderation-api for AWS Rekognition moderation labels."
-          ),
-          threshold: zod_default.number().min(0).max(1).prefault(0.7).describe(
-            "The threshold that the label confidence must equal or exceed in order to be considered a match. Defaults to 0.7."
-          ),
-          actions: zod_default.array(zod_default.enum(["notify"])).optional().prefault(["notify"]).describe(
-            "The actions that should be taken when a file is detected with the label. Defaults to [notify]."
-          )
-        })
-      ).optional().prefault([
-        {
-          label: "Explicit",
-          threshold: 0.5,
-          actions: ["notify"]
-        },
-        {
-          label: "Non-Explicit Nudity of Intimate parts and Kissing",
-          threshold: 0.5,
-          actions: ["notify"]
-        },
-        {
-          label: "Swimwear or Underwear",
-          threshold: 0.5,
-          actions: ["notify"]
-        },
-        {
-          label: "Violence",
-          threshold: 0.5,
-          actions: ["notify"]
-        },
-        {
-          label: "Visually Disturbing",
-          threshold: 0.5,
-          actions: ["notify"]
-        },
-        {
-          label: "Drugs & Tobacco",
-          threshold: 0.5,
-          actions: ["notify"]
-        },
-        {
-          label: "Alcohol",
-          threshold: 0.5,
-          actions: ["notify"]
-        },
-        {
-          label: "Rude Gestures",
-          threshold: 0.5,
-          actions: ["notify"]
-        },
-        {
-          label: "Gambling",
-          threshold: 0.5,
-          actions: ["notify"]
-        },
-        {
-          label: "Hate Symbols",
-          threshold: 0.5,
-          actions: ["notify"]
-        }
-      ]).describe(
-        "The labels that should be banned. If a file contains any of these labels, it will be marked as banned. Additionally, a notification will be sent "
-      )
-    }).describe("Options for moderating files.")
-  }).optional().describe("The moderation jobs that are enabled.")
-});
-
 // ../aux-records/SystemNotificationMessenger.ts
 var slackSchema = external_exports.object({
   webhookUrl: external_exports.url().describe(
@@ -142094,9 +142705,9 @@ var oneShotSign = (0, import_node_util6.promisify)(crypto6.sign);
 var sign2 = async (alg, key, data) => {
   const keyObject = getSignVerifyKey(alg, key, "sign");
   if (alg.startsWith("HS")) {
-    const hmac5 = crypto6.createHmac(hmacDigest(alg), keyObject);
-    hmac5.update(data);
-    return hmac5.digest();
+    const hmac6 = crypto6.createHmac(hmacDigest(alg), keyObject);
+    hmac6.update(data);
+    return hmac6.digest();
   }
   return oneShotSign(dsaDigest(alg), data, keyForCrypto(alg, keyObject));
 };
@@ -142949,7 +143560,7 @@ var PackageVersionRecordsController = class {
       if (action2 === "update") {
         const sizeInBytes = request2.item.auxFileRequest.fileByteLength;
         const fileName = existingItem.item.auxFileName;
-        const sha2566 = getHash({
+        const sha2567 = getHash({
           auxFileName: fileName,
           auxSha256: request2.item.auxFileRequest.fileSha256Hex,
           createdAtMs: existingItem.item.createdAtMs,
@@ -142957,7 +143568,7 @@ var PackageVersionRecordsController = class {
           description: request2.item.description,
           sizeInBytes
         });
-        if (sha2566 !== existingItem.item.sha256) {
+        if (sha2567 !== existingItem.item.sha256) {
           return {
             success: false,
             errorCode: "not_supported",
@@ -143015,7 +143626,7 @@ var PackageVersionRecordsController = class {
             "Unable to determine file name for package"
           );
         }
-        const sha2566 = getHash({
+        const sha2567 = getHash({
           auxFileName: fileName,
           auxSha256: request2.item.auxFileRequest.fileSha256Hex,
           createdAtMs,
@@ -143031,7 +143642,7 @@ var PackageVersionRecordsController = class {
           description: request2.item.description,
           auxFileName: fileName,
           auxSha256: request2.item.auxFileRequest.fileSha256Hex,
-          sha256: sha2566,
+          sha256: sha2567,
           sizeInBytes,
           createdAtMs,
           createdFile: recordFileResult.success,
@@ -146566,55 +147177,6 @@ function isEventForDevice(event, device3) {
   return false;
 }
 
-// ../aux-records/PrivoConfiguration.ts
-var privoSchema = zod_default.object({
-  gatewayEndpoint: zod_default.string().nonempty().describe("The Privo API (aslo called the Gateway) URL."),
-  publicEndpoint: zod_default.string().nonempty().describe("The Privo Public API URL."),
-  clientId: zod_default.string().nonempty().describe("The Client ID that should be used."),
-  clientSecret: zod_default.string().nonempty().describe("The client secret that should be used."),
-  redirectUri: zod_default.string().nonempty().describe(
-    "The URI that Privo users should be redirected to after a login."
-  ),
-  // verificationIntegration: z
-  //     .string()
-  //     .describe('The verification integration that should be used.')
-  //     .nonempty(),
-  // verificationServiceId: z
-  //     .string()
-  //     .describe('The service ID that should be used.')
-  //     .nonempty(),
-  // verificationSiteId: z
-  //     .string()
-  //     .describe('The site ID that should be used.')
-  //     .nonempty(),
-  roleIds: zod_default.object({
-    child: zod_default.string().nonempty().describe("The ID of the child role."),
-    parent: zod_default.string().nonempty().describe("The ID of the parent role."),
-    adult: zod_default.string().nonempty().describe("The ID of the adult role.")
-  }),
-  featureIds: zod_default.object({
-    childPrivoSSO: zod_default.string().nonempty().describe("The ID of the child Privo ID Single Sign-On feature"),
-    adultPrivoSSO: zod_default.string().nonempty().describe("The ID of the adult Privo ID Single Sign-On feature"),
-    joinAndCollaborate: zod_default.string().nonempty().describe('The ID of the "Join & Collaborate" feature.'),
-    publishProjects: zod_default.string().nonempty().describe(
-      'The ID of the "Publish Projects" feature. Also known as the "Publish Public Eggs" feature.'
-    ),
-    projectDevelopment: zod_default.string().nonempty().describe(
-      'The ID of the "Project Development" feature. Also known as the "Build Private Eggs" feature.'
-    ),
-    buildAIEggs: zod_default.string().nonempty().describe('The ID of the "Build AI Eggs" feature.')
-  }),
-  clientTokenScopes: zod_default.string().nonempty().optional().prefault(
-    "openid profile email user_profile offline_access address additional_info TRUST delete_account service_profile connected_profiles manage_consent consent_url update_password_link"
-  ).describe("The scopes that should be requested for client tokens."),
-  userTokenScopes: zod_default.string().nonempty().optional().prefault(
-    "TRUST openid profile user_profile address service_profile connected_profiles manage_consent email additional_info offline_access delete_account consent_url update_password_link"
-  ).describe("The scopes that should be requested for user tokens."),
-  ageOfConsent: zod_default.int().positive().prefault(18).describe(
-    "The age of consent for users. Users who are under this age must have consent given for them via a parent account."
-  )
-});
-
 // ../aux-records/ServerConfig.ts
 var s3Schema = external_exports.object({
   region: external_exports.string().nonempty().describe(
@@ -147308,6 +147870,9 @@ var serverConfigSchema = external_exports.object({
       defaultBiosOption: null,
       automaticBiosOption: null
     }).describe("The web configuration for the CasualOS frontend."),
+    playerWebManifest: WEB_MANIFEST_SCHEMA.optional().nullable().describe(
+      "The PWA web manifest that should be served by CasualOS. If omitted or null, then none will be used."
+    ),
     drives: external_exports.object({
       dirs: external_exports.array(external_exports.string()).describe(
         "The list of extra directories that should be served by the CasualOS app on the /drives path."
@@ -147323,6 +147888,9 @@ var serverConfigSchema = external_exports.object({
   )
 });
 
+// ../aux-records/dns/DNSDomainNameValidator.ts
+var import_hash6 = __toESM(require_hash());
+
 // cli.ts
 var import_node_stream3 = require("node:stream");
 var import_path3 = __toESM(require("path"));
@@ -158645,7 +159213,7 @@ var config2 = new Conf({
   projectName: "casualos-cli"
 });
 var program2 = new Command();
-program2.name("casualos").description("A CLI for CasualOS").version("v3.9.0-alpha.19838926610").option(
+program2.name("casualos").description("A CLI for CasualOS").version("v3.9.0-alpha.20044586852").option(
   "-e, --endpoint <url>",
   "The endpoint to use for queries. Can be used to override the current endpoint."
 );

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "casualos",
-    "version": "3.9.0-alpha.19838926610",
+    "version": "3.9.0-alpha.20044586852",
     "description": "Command line interface for CasualOS.",
     "main": "./dist/index.js",
     "types": "index.d.ts",
@@ -64,5 +64,5 @@
         "**/*.def",
         "templates/**"
     ],
-    "gitHead": "2fb87ec50142d8a7dc03a40456f31c4c9924fec7"
+    "gitHead": "48d43b4fc051e5456c465bc1f43d0f7ae1b7ec55"
 }