emdash 0.19.0 → 0.20.0

package/dist/settings-DfxiWY_s.mjs

@@ -0,0 +1,411 @@
+import { t as MediaRepository } from "./media-JOf3pNkw.mjs";
+import { t as OptionsRepository } from "./options-BPCVnesz.mjs";
+import { n as peekRequestCache, r as requestCached } from "./request-cache-D32LpnmI.mjs";
+import { r as getDb } from "./loader-ZN1ll-d-.mjs";
+
+//#region src/after.ts
+const waitUntilReady = (async () => {
+	try {
+		return (await import("virtual:emdash/wait-until")).waitUntil ?? null;
+	} catch {
+		return null;
+	}
+})();
+waitUntilReady.catch(() => {});
+/**
+* Schedule `fn` to run without blocking the response.
+*
+* Errors are caught and logged — a deferred task should never surface
+* as an unhandled rejection because the response is long gone. Callers
+* that care about errors should handle them inside `fn`.
+*/
+function after(fn) {
+	const promise = Promise.resolve().then(fn).catch((error) => {
+		console.error("[emdash] deferred task failed:", error);
+	});
+	waitUntilReady.then((waitUntil) => {
+		if (waitUntil) waitUntil(promise);
+		return null;
+	});
+}
+
+//#endregion
+//#region src/utils/init-lock.ts
+function createInitLock() {
+	return {
+		ownerStartedAt: null,
+		generation: 0
+	};
+}
+const DEFAULT_DEADLINE_MS = 15e3;
+const DEFAULT_POLL_MS = 50;
+const MAX_WAIT_HEADROOM_MS = 15e3;
+function sleep(ms) {
+	return new Promise((resolve) => setTimeout(resolve, ms));
+}
+/**
+* Return the cached value if present, otherwise initialize it under the
+* lock. `init` is responsible for storing the value so that `getCached`
+* returns it on subsequent calls — waiters re-check `getCached` after the
+* owner finishes rather than sharing the owner's promise.
+*
+* `init` receives an `isCurrentClaim` predicate and must gate its cache
+* publication on it: a slow init that was reclaimed past the deadline
+* must not overwrite the value published by the reclaimer (for the
+* runtime singleton that would orphan the reclaimer's active cron
+* scheduler). A losing init should also tear down any side resources it
+* started, since its result will never be published.
+*/
+async function initWithLock(lock, getCached, init, options) {
+	const deadlineMs = options?.deadlineMs ?? DEFAULT_DEADLINE_MS;
+	const pollMs = options?.pollMs ?? DEFAULT_POLL_MS;
+	const maxWaitMs = options?.maxWaitMs ?? deadlineMs + MAX_WAIT_HEADROOM_MS;
+	const waitStart = Date.now();
+	for (;;) {
+		const cached = getCached();
+		if (cached !== null && cached !== void 0) return cached;
+		const ownerStartedAt = lock.ownerStartedAt;
+		if (ownerStartedAt === null || Date.now() - ownerStartedAt > deadlineMs) {
+			lock.generation += 1;
+			const claim = lock.generation;
+			lock.ownerStartedAt = Date.now();
+			try {
+				const isCurrentClaim = () => lock.generation === claim;
+				const initPromise = Promise.resolve().then(() => init(isCurrentClaim));
+				options?.anchor?.(initPromise.then(() => void 0, () => void 0));
+				return await initPromise;
+			} finally {
+				if (lock.generation === claim) lock.ownerStartedAt = null;
+			}
+		}
+		if (Date.now() - waitStart > maxWaitMs) throw new Error(`initWithLock: timed out after ${maxWaitMs}ms waiting for initialization`);
+		await sleep(pollMs);
+	}
+}
+
+//#endregion
+//#region src/utils/isolate-cache.ts
+/**
+* Isolate-lifetime async value cache with single-flight and poison-immunity.
+*
+* Built for the "compute once per isolate, read on every request" caches
+* (site settings, search-health verification, ...). These must coalesce
+* concurrent cold-isolate reads into one query — but the obvious way to do
+* that, caching the in-flight *promise* on an isolate-global and awaiting it
+* from later requests, is unsafe on workerd: if the request that created the
+* promise is cancelled mid-await (client disconnect, context teardown), its
+* continuation never runs, so the promise neither resolves nor rejects. Every
+* later request that awaits that shared promise then hangs until the isolate
+* is evicted (observed as 524s at the 100s wall, near-zero CPU). A `.catch`
+* that clears the cache doesn't help — a cancelled request doesn't reject.
+*
+* This cache stores the resolved *value* (not a promise) and coalesces via
+* `initWithLock`: one request becomes the owner and runs `fetch`, everyone
+* else polls for the published value and never awaits the owner's promise.
+* A cancelled owner can therefore never strand a waiter — the worst case is
+* the lock looks held until `deadlineMs`, then the next caller reclaims. The
+* owner's `fetch` is also anchored (waitUntil) so a cancelled originator's
+* query still completes and populates the cache, and bounded by
+* `ownerTimeoutMs` so a genuinely stuck fetch reclaims instead of hanging.
+*
+* Invalidation bumps `version`; reads compare against the version captured at
+* call time and refetch on mismatch.
+*/
+function createIsolateCache() {
+	return {
+		value: null,
+		hasValue: false,
+		version: 0,
+		valueVersion: -1,
+		lock: createInitLock()
+	};
+}
+/**
+* Force the next `isolateCachedAsync` call to refetch. An in-flight owner
+* fetched at the old version will not publish into the new version, so its
+* result is ignored by subsequent reads.
+*/
+function invalidateIsolateCache(cache) {
+	cache.version++;
+	cache.hasValue = false;
+	cache.value = null;
+	cache.valueVersion = -1;
+	cache.lock.ownerStartedAt = null;
+}
+/**
+* Headroom between the owner's own timeout and the waiter reclaim deadline.
+* The reclaim deadline must sit *above* `ownerTimeoutMs` so a slow-but-live
+* owner times out (and releases the lock) before a waiter would reclaim it —
+* otherwise a fetch slower than the deadline is superseded before it can
+* publish, and steady traffic turns that into a self-sustaining stampede.
+*/
+const RECLAIM_HEADROOM_MS = 5e3;
+function withTimeout(promise, ms) {
+	return new Promise((resolve, reject) => {
+		const timer = setTimeout(() => {
+			reject(/* @__PURE__ */ new Error(`isolateCachedAsync: owner fetch exceeded ${ms}ms`));
+		}, ms);
+		promise.then(resolve, reject).finally(() => {
+			clearTimeout(timer);
+		});
+	});
+}
+/**
+* Return the cached value for `cache`, computing it via `fetch` under a
+* single-flight lock on a miss. Concurrent callers coalesce onto one fetch;
+* a cancelled owner cannot poison later callers (see file header).
+*/
+function isolateCachedAsync(cache, fetch, options = {}) {
+	const versionAtCall = cache.version;
+	const ownerTimeoutMs = options.ownerTimeoutMs !== void 0 && Number.isFinite(options.ownerTimeoutMs) && options.ownerTimeoutMs > 0 ? options.ownerTimeoutMs : void 0;
+	const deadlineMs = ownerTimeoutMs === void 0 ? options.deadlineMs : Math.max(options.deadlineMs ?? 0, ownerTimeoutMs + RECLAIM_HEADROOM_MS);
+	return initWithLock(cache.lock, () => cache.hasValue && cache.valueVersion === versionAtCall ? { v: cache.value } : null, (isCurrentClaim) => {
+		const real = (async () => {
+			const value = await fetch();
+			if (isCurrentClaim()) {
+				cache.value = value;
+				cache.hasValue = true;
+				cache.valueVersion = versionAtCall;
+			}
+			return { v: value };
+		})();
+		options.anchor?.(real.then(() => void 0, () => void 0));
+		return ownerTimeoutMs === void 0 ? real : withTimeout(real, ownerTimeoutMs);
+	}, {
+		deadlineMs,
+		pollMs: options.pollMs,
+		maxWaitMs: options.maxWaitMs
+	}).then((box) => box.v);
+}
+
+//#endregion
+//#region src/settings/index.ts
+/** Prefix for site settings in the options table */
+const SETTINGS_PREFIX = "site:";
+/**
+* Worker-isolate cache for the resolved `site:*` settings.
+*
+* Site settings (title, logo, SEO defaults) change rarely but are read on
+* every public request. Caching across the isolate's lifetime drops the
+* `options WHERE name LIKE 'site:%'` prefix scan from once-per-request to
+* once-per-isolate. Cross-isolate staleness is bounded by isolate lifetime
+* (workerd typically recycles within minutes); acceptable for chrome.
+*
+* Backed by isolate-cache.ts: concurrent cold-isolate reads coalesce onto one
+* query via a reclaimable single-flight lock and the resolved *value* is
+* cached — never a shared in-flight promise, so a cancelled request can't
+* poison the isolate (see that file's header). Stored on globalThis with a
+* Symbol.for key so Vite SSR chunk duplication doesn't produce two
+* independent caches (same pattern as request-context.ts).
+*/
+const SITE_SETTINGS_CACHE_KEY = Symbol.for("emdash:site-settings");
+const g = globalThis;
+const settingsCache = g[SITE_SETTINGS_CACHE_KEY] ?? (() => {
+	const c = createIsolateCache();
+	g[SITE_SETTINGS_CACHE_KEY] = c;
+	return c;
+})();
+/**
+* Bump the isolate-wide site-settings cache version, forcing the next
+* `getSiteSettings()` to re-query the database.
+*
+* Called from every `site:*` write path. Other isolates still serve their
+* own cached copy until they expire — staleness bounded by isolate lifetime.
+*/
+function invalidateSiteSettingsCache() {
+	invalidateIsolateCache(settingsCache);
+}
+/**
+* Type guard for MediaReference values
+*/
+function isMediaReference(value) {
+	return typeof value === "object" && value !== null && "mediaId" in value;
+}
+/**
+* Resolve a media reference to include the full URL plus content metadata.
+*
+* Pulls `mimeType` and intrinsic dimensions from the media row so callers
+* can emit correct head tags (e.g. `<link rel="icon" type="image/svg+xml">`,
+* which Chromium requires when the URL has no `.svg` extension) without
+* a second round-trip to the media table.
+*/
+async function resolveMediaReference(mediaRef, db, _storage) {
+	if (!mediaRef?.mediaId) return mediaRef;
+	try {
+		const media = await new MediaRepository(db).findById(mediaRef.mediaId);
+		if (media) return {
+			...mediaRef,
+			url: `/_emdash/api/media/file/${media.storageKey}`,
+			contentType: media.mimeType,
+			...media.width !== null ? { width: media.width } : {},
+			...media.height !== null ? { height: media.height } : {}
+		};
+	} catch {}
+	return mediaRef;
+}
+/**
+* Get a single site setting by key
+*
+* Returns `undefined` if the setting has not been configured.
+* For media settings (logo, favicon), the URL is resolved automatically.
+*
+* @param key - The setting key (e.g., "title", "logo", "social")
+* @returns The setting value, or undefined if not set
+*
+* @example
+* ```ts
+* import { getSiteSetting } from "emdash";
+*
+* const title = await getSiteSetting("title");
+* const logo = await getSiteSetting("logo");
+* console.log(logo?.url); // Resolved URL
+* ```
+*/
+async function getSiteSetting(key) {
+	const primed = peekRequestCache("siteSettings");
+	if (primed) return (await primed)[key];
+	return requestCached(`siteSetting:${key}`, async () => {
+		return getSiteSettingWithDb(key, await getDb());
+	});
+}
+/**
+* Get a single site setting by key (with explicit db)
+*
+* @internal Use `getSiteSetting()` in templates. This variant is for admin routes
+* that already have a database handle.
+*/
+async function getSiteSettingWithDb(key, db, storage = null) {
+	const value = await new OptionsRepository(db).get(`${SETTINGS_PREFIX}${key}`);
+	if (!value) return;
+	if ((key === "logo" || key === "favicon") && isMediaReference(value)) return await resolveMediaReference(value, db, storage);
+	if (key === "seo" && value && typeof value === "object") {
+		const seo = value;
+		if (seo.defaultOgImage) return {
+			...seo,
+			defaultOgImage: await resolveMediaReference(seo.defaultOgImage, db, storage)
+		};
+	}
+	return value;
+}
+/**
+* Get all site settings
+*
+* Returns all configured settings. Unset values are undefined.
+* Media references (logo/favicon) are resolved to include URLs.
+*
+* @example
+* ```ts
+* import { getSiteSettings } from "emdash";
+*
+* const settings = await getSiteSettings();
+* console.log(settings.title); // "My Site"
+* console.log(settings.logo?.url); // "/_emdash/api/media/file/abc123"
+* ```
+*/
+function getSiteSettings() {
+	return requestCached("siteSettings", () => isolateCachedAsync(settingsCache, async () => {
+		return getSiteSettingsWithDb(await getDb());
+	}, {
+		anchor: (promise) => after(() => promise),
+		ownerTimeoutMs: 3e4
+	}));
+}
+/**
+* Get all site settings (with explicit db)
+*
+* @internal Use `getSiteSettings()` in templates. This variant is for admin routes
+* that already have a database handle.
+*/
+async function getSiteSettingsWithDb(db, storage = null) {
+	const allOptions = await new OptionsRepository(db).getByPrefix(SETTINGS_PREFIX);
+	const settings = {};
+	for (const [key, value] of allOptions) {
+		const settingKey = key.replace(SETTINGS_PREFIX, "");
+		settings[settingKey] = value;
+	}
+	const typedSettings = settings;
+	if (typedSettings.logo) typedSettings.logo = await resolveMediaReference(typedSettings.logo, db, storage);
+	if (typedSettings.favicon) typedSettings.favicon = await resolveMediaReference(typedSettings.favicon, db, storage);
+	if (typedSettings.seo?.defaultOgImage) typedSettings.seo = {
+		...typedSettings.seo,
+		defaultOgImage: await resolveMediaReference(typedSettings.seo.defaultOgImage, db, storage)
+	};
+	return typedSettings;
+}
+/**
+* Set site settings (internal function used by admin API)
+*
+* Merges provided settings with existing ones. Only provided fields are updated.
+* Media references should include just the mediaId; URLs are resolved on read.
+*
+* @param settings - Partial settings object with values to update
+* @param db - Kysely database instance
+* @returns Promise that resolves when settings are saved
+*
+* @internal
+*
+* @example
+* ```ts
+* // Update multiple settings at once
+* await setSiteSettings({
+*   title: "My Site",
+*   tagline: "Welcome",
+*   logo: { mediaId: "med_123", alt: "Logo" }
+* }, db);
+* ```
+*/
+async function setSiteSettings(settings, db) {
+	const options = new OptionsRepository(db);
+	const updates = {};
+	for (const [key, value] of Object.entries(settings)) if (value !== void 0) updates[`${SETTINGS_PREFIX}${key}`] = value;
+	try {
+		await options.setMany(updates);
+	} finally {
+		invalidateSiteSettingsCache();
+	}
+}
+/**
+* Get a single plugin setting by key.
+*
+* Plugin settings are stored in the options table under
+* `plugin:<pluginId>:settings:<key>`.
+*/
+async function getPluginSetting(pluginId, key) {
+	return getPluginSettingWithDb(pluginId, key, await getDb());
+}
+/**
+* Get a single plugin setting by key (with explicit db).
+*
+* @internal Use `getPluginSetting()` in templates and plugin rendering code.
+*/
+async function getPluginSettingWithDb(pluginId, key, db) {
+	return await new OptionsRepository(db).get(`plugin:${pluginId}:settings:${key}`) ?? void 0;
+}
+/**
+* Get all persisted plugin settings for a plugin.
+*
+* Defaults declared in `admin.settingsSchema` are not materialized
+* automatically; callers should apply their own fallback defaults.
+*/
+async function getPluginSettings(pluginId) {
+	return getPluginSettingsWithDb(pluginId, await getDb());
+}
+/**
+* Get all persisted plugin settings for a plugin (with explicit db).
+*
+* @internal Use `getPluginSettings()` in templates and plugin rendering code.
+*/
+async function getPluginSettingsWithDb(pluginId, db) {
+	const prefix = `plugin:${pluginId}:settings:`;
+	const allOptions = await new OptionsRepository(db).getByPrefix(prefix);
+	const settings = {};
+	for (const [key, value] of allOptions) {
+		if (!key.startsWith(prefix)) continue;
+		settings[key.slice(prefix.length)] = value;
+	}
+	return settings;
+}
+
+//#endregion
+export { getSiteSettingsWithDb as a, createIsolateCache as c, initWithLock as d, after as f, getSiteSettings as i, isolateCachedAsync as l, getPluginSettings as n, invalidateSiteSettingsCache as o, getSiteSetting as r, setSiteSettings as s, getPluginSetting as t, createInitLock as u };
+//# sourceMappingURL=settings-DfxiWY_s.mjs.map

package/dist/settings-DfxiWY_s.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"settings-DfxiWY_s.mjs","names":[],"sources":["../src/after.ts","../src/utils/init-lock.ts","../src/utils/isolate-cache.ts","../src/settings/index.ts"],"sourcesContent":["/**\n * Defer work past the HTTP response.\n *\n * Use for bookkeeping that doesn't need to complete before the client\n * gets bytes — writes that record state, maintenance queries, cache\n * refreshes. `after()` hands the promise to the host's lifetime\n * extender when one is available (Cloudflare's `waitUntil` under\n * workerd), or fires-and-forgets on Node (the process lives for the\n * next request anyway).\n *\n * Host binding is resolved lazily via a dynamic import of the\n * `virtual:emdash/wait-until` virtual module. Lazy — rather than a\n * static top-level import — so tools that walk the dist in a plain\n * Node loader (`astro check`, Vitest, etc.) don't trip over the\n * `virtual:` scheme: they'd only fail if they actually called\n * `after()`, which they don't during type-checking.\n */\n\nexport type WaitUntilFn = (promise: Promise<unknown>) => void;\n\n// Resolves to the host's waitUntil if the adapter provided one, or\n// null otherwise. Kicked off once at module load; subsequent `after()`\n// calls see the cached result without re-importing.\nconst waitUntilReady: Promise<WaitUntilFn | null> = (async () => {\n\ttry {\n\t\t// @ts-ignore - virtual module, generated by the Astro integration\n\t\tconst mod = (await import(\"virtual:emdash/wait-until\")) as {\n\t\t\twaitUntil?: WaitUntilFn;\n\t\t};\n\t\treturn mod.waitUntil ?? null;\n\t} catch {\n\t\t// No virtual module available (Node-side tooling, tests without the\n\t\t// integration in scope). Fire-and-forget is the safe fallback.\n\t\treturn null;\n\t}\n})();\n// Surface rejections without making the module-load fail.\nwaitUntilReady.catch(() => {});\n\n/**\n * Schedule `fn` to run without blocking the response.\n *\n * Errors are caught and logged — a deferred task should never surface\n * as an unhandled rejection because the response is long gone. Callers\n * that care about errors should handle them inside `fn`.\n */\nexport function after(fn: () => void | Promise<void>): void {\n\tconst promise = Promise.resolve()\n\t\t.then(fn)\n\t\t.catch((error) => {\n\t\t\tconsole.error(\"[emdash] deferred task failed:\", error);\n\t\t});\n\n\t// Defer the lifetime-extender handoff to the microtask that resolves\n\t// waitUntilReady. On workerd this is effectively instant (the virtual\n\t// module is already loaded in the bundle); on Node the promise\n\t// resolves to null, so this is just one extra microtask and no-op.\n\tvoid waitUntilReady.then((waitUntil) => {\n\t\tif (waitUntil) waitUntil(promise);\n\t\treturn null;\n\t});\n}\n","/**\n * Reclaimable initialization lock for isolate-lifetime singletons.\n *\n * Guards \"first request initializes, everyone else waits\" sections\n * (runtime creation, database init) against a workerd failure mode: if the\n * request that owns the initialization is cancelled mid-await (client\n * disconnect, context teardown), its continuation — including any `finally`\n * that would release the lock — never runs. A plain boolean or shared\n * promise then stays stuck forever and every subsequent request in the\n * isolate hangs until the platform kills it (observed as 524s at the\n * 100-second wall limit, with the isolate poisoned until eviction).\n *\n * This lock instead records *when* the owner started. Waiters poll — we\n * deliberately never await a promise created by another request, which\n * workerd flags — and if the owner has held the lock past `deadlineMs`,\n * the next waiter assumes the owner is dead, reclaims the lock, and runs\n * the initialization itself. Waiters also give up after `maxWaitMs` so a\n * request degrades to an error response rather than hanging.\n */\n\nexport interface InitLock {\n\t/** Epoch ms when the current owner claimed the lock, or null when free. */\n\townerStartedAt: number | null;\n\t/**\n\t * Monotonic claim counter identifying the current owner. Release is\n\t * gated on it: a slow owner that finishes after a waiter has reclaimed\n\t * the lock must not clear the reclaimer's claim — that would let yet\n\t * another caller claim the lock and start a third concurrent init.\n\t */\n\tgeneration: number;\n}\n\nexport function createInitLock(): InitLock {\n\treturn { ownerStartedAt: null, generation: 0 };\n}\n\nexport interface InitLockOptions {\n\t/**\n\t * Reclaim the lock if the owner has held it longer than this. Must be\n\t * comfortably above the slowest legitimate init (cold migrations on a\n\t * contended D1, including the concurrent-migrator wait) — a too-short\n\t * deadline risks two concurrent inits, a too-long one delays recovery\n\t * of a poisoned isolate. Nested locks must compose: an outer lock's\n\t * deadline must exceed the deadline of any lock its init acquires.\n\t */\n\tdeadlineMs?: number;\n\t/** Waiter poll interval. */\n\tpollMs?: number;\n\t/**\n\t * Give up waiting after this long and throw instead of hanging.\n\t * Defaults to `deadlineMs` plus headroom so a waiter always survives\n\t * long enough to reclaim a dead owner before giving up.\n\t */\n\tmaxWaitMs?: number;\n\t/**\n\t * Called with the in-flight init promise (errors pre-swallowed) so the\n\t * caller can hand it to the host's lifetime extender (waitUntil via\n\t * `after()`). If the owning request is cancelled mid-init, the anchored\n\t * promise keeps the context alive: init completes, populates the cache,\n\t * and the `finally` below releases the lock — preventing the poisoning\n\t * instead of merely recovering from it via reclaim.\n\t */\n\tanchor?: (promise: Promise<void>) => void;\n}\n\nconst DEFAULT_DEADLINE_MS = 15_000;\nconst DEFAULT_POLL_MS = 50;\nconst MAX_WAIT_HEADROOM_MS = 15_000;\n\nfunction sleep(ms: number): Promise<void> {\n\treturn new Promise((resolve) => setTimeout(resolve, ms));\n}\n\n/**\n * Return the cached value if present, otherwise initialize it under the\n * lock. `init` is responsible for storing the value so that `getCached`\n * returns it on subsequent calls — waiters re-check `getCached` after the\n * owner finishes rather than sharing the owner's promise.\n *\n * `init` receives an `isCurrentClaim` predicate and must gate its cache\n * publication on it: a slow init that was reclaimed past the deadline\n * must not overwrite the value published by the reclaimer (for the\n * runtime singleton that would orphan the reclaimer's active cron\n * scheduler). A losing init should also tear down any side resources it\n * started, since its result will never be published.\n */\nexport async function initWithLock<T>(\n\tlock: InitLock,\n\tgetCached: () => T | null | undefined,\n\tinit: (isCurrentClaim: () => boolean) => Promise<T>,\n\toptions?: InitLockOptions,\n): Promise<T> {\n\tconst deadlineMs = options?.deadlineMs ?? DEFAULT_DEADLINE_MS;\n\tconst pollMs = options?.pollMs ?? DEFAULT_POLL_MS;\n\tconst maxWaitMs = options?.maxWaitMs ?? deadlineMs + MAX_WAIT_HEADROOM_MS;\n\t// Date.now() is deliberate and only works because every loop iteration\n\t// awaits: in workerd the clock only advances across I/O, so a sync spin\n\t// would never observe the deadline. Don't \"optimize\" away the sleep.\n\tconst waitStart = Date.now();\n\n\tfor (;;) {\n\t\tconst cached = getCached();\n\t\tif (cached !== null && cached !== undefined) {\n\t\t\treturn cached;\n\t\t}\n\n\t\tconst ownerStartedAt = lock.ownerStartedAt;\n\t\tif (ownerStartedAt === null || Date.now() - ownerStartedAt > deadlineMs) {\n\t\t\t// Free, or the owner has been gone past the deadline — claim it.\n\t\t\t// Synchronous between awaits, so two waiters can't both claim.\n\t\t\tlock.generation += 1;\n\t\t\tconst claim = lock.generation;\n\t\t\tlock.ownerStartedAt = Date.now();\n\t\t\ttry {\n\t\t\t\t// Promise.resolve().then(...) so a synchronous throw from\n\t\t\t\t// init still becomes a rejection after the anchor attaches.\n\t\t\t\tconst isCurrentClaim = () => lock.generation === claim;\n\t\t\t\tconst initPromise = Promise.resolve().then(() => init(isCurrentClaim));\n\t\t\t\toptions?.anchor?.(\n\t\t\t\t\tinitPromise.then(\n\t\t\t\t\t\t() => undefined,\n\t\t\t\t\t\t() => undefined,\n\t\t\t\t\t),\n\t\t\t\t);\n\t\t\t\treturn await initPromise;\n\t\t\t} finally {\n\t\t\t\t// If this request dies mid-init unanchored this never runs;\n\t\t\t\t// the next waiter reclaims after deadlineMs instead. Release\n\t\t\t\t// only while still the current owner: a reclaimer may have\n\t\t\t\t// taken the lock while this (slow) init was running, and\n\t\t\t\t// clearing its claim would admit a third concurrent init.\n\t\t\t\tif (lock.generation === claim) {\n\t\t\t\t\tlock.ownerStartedAt = null;\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif (Date.now() - waitStart > maxWaitMs) {\n\t\t\tthrow new Error(`initWithLock: timed out after ${maxWaitMs}ms waiting for initialization`);\n\t\t}\n\t\tawait sleep(pollMs);\n\t}\n}\n","/**\n * Isolate-lifetime async value cache with single-flight and poison-immunity.\n *\n * Built for the \"compute once per isolate, read on every request\" caches\n * (site settings, search-health verification, ...). These must coalesce\n * concurrent cold-isolate reads into one query — but the obvious way to do\n * that, caching the in-flight *promise* on an isolate-global and awaiting it\n * from later requests, is unsafe on workerd: if the request that created the\n * promise is cancelled mid-await (client disconnect, context teardown), its\n * continuation never runs, so the promise neither resolves nor rejects. Every\n * later request that awaits that shared promise then hangs until the isolate\n * is evicted (observed as 524s at the 100s wall, near-zero CPU). A `.catch`\n * that clears the cache doesn't help — a cancelled request doesn't reject.\n *\n * This cache stores the resolved *value* (not a promise) and coalesces via\n * `initWithLock`: one request becomes the owner and runs `fetch`, everyone\n * else polls for the published value and never awaits the owner's promise.\n * A cancelled owner can therefore never strand a waiter — the worst case is\n * the lock looks held until `deadlineMs`, then the next caller reclaims. The\n * owner's `fetch` is also anchored (waitUntil) so a cancelled originator's\n * query still completes and populates the cache, and bounded by\n * `ownerTimeoutMs` so a genuinely stuck fetch reclaims instead of hanging.\n *\n * Invalidation bumps `version`; reads compare against the version captured at\n * call time and refetch on mismatch.\n */\n\nimport { createInitLock, type InitLock, initWithLock } from \"./init-lock.js\";\n\nexport interface IsolateCache<T> {\n\t/** Last resolved value, valid only when `hasValue` is true. */\n\tvalue: T | null;\n\t/**\n\t * Presence flag, separate from `value` so that falsy/`undefined`/`void`\n\t * results cache correctly (a plain null check can't distinguish \"cached\n\t * undefined\" from \"never fetched\").\n\t */\n\thasValue: boolean;\n\t/** Invalidation counter; bumped by `invalidateIsolateCache`. */\n\tversion: number;\n\t/** The `version` the cached value was fetched at. */\n\tvalueVersion: number;\n\t/** Reclaimable single-flight lock (see init-lock.ts). */\n\tlock: InitLock;\n}\n\nexport function createIsolateCache<T>(): IsolateCache<T> {\n\treturn { value: null, hasValue: false, version: 0, valueVersion: -1, lock: createInitLock() };\n}\n\n/**\n * Force the next `isolateCachedAsync` call to refetch. An in-flight owner\n * fetched at the old version will not publish into the new version, so its\n * result is ignored by subsequent reads.\n */\nexport function invalidateIsolateCache(cache: IsolateCache<unknown>): void {\n\tcache.version++;\n\tcache.hasValue = false;\n\tcache.value = null;\n\tcache.valueVersion = -1;\n\t// Free the single-flight lock so a reader at the new version starts the\n\t// refetch immediately instead of waiting out a stale owner's deadline. A\n\t// still-running old-version owner can neither publish into the new version\n\t// (version gate) nor clobber a new owner (claim gate), so releasing here\n\t// is safe; the worst case is one brief duplicate fetch.\n\tcache.lock.ownerStartedAt = null;\n}\n\n/**\n * Headroom between the owner's own timeout and the waiter reclaim deadline.\n * The reclaim deadline must sit *above* `ownerTimeoutMs` so a slow-but-live\n * owner times out (and releases the lock) before a waiter would reclaim it —\n * otherwise a fetch slower than the deadline is superseded before it can\n * publish, and steady traffic turns that into a self-sustaining stampede.\n */\nconst RECLAIM_HEADROOM_MS = 5_000;\n\nexport interface IsolateCachedOptions {\n\t/**\n\t * Hand the in-flight fetch to the host's lifetime extender (waitUntil via\n\t * `after()`), so a cancelled originating request still drives it to\n\t * completion and populates the cache.\n\t */\n\tanchor?: (promise: Promise<void>) => void;\n\t/** Reclaim the single-flight lock if the owner holds it past this. */\n\tdeadlineMs?: number;\n\t/** Waiter poll interval. */\n\tpollMs?: number;\n\t/** Waiter gives up and throws after this long rather than hanging. */\n\tmaxWaitMs?: number;\n\t/**\n\t * Bound the owner's own `fetch`: if it doesn't settle within this, the\n\t * owner rejects (and releases the lock) instead of waiting indefinitely.\n\t * The anchored copy keeps running, so a slow-but-live fetch can still\n\t * publish for a later caller. Omit to leave the owner unbounded.\n\t */\n\townerTimeoutMs?: number;\n}\n\n/** Boxed cache hit so a `void`/falsy value is still distinguishable from a miss. */\ninterface Box<T> {\n\tv: T;\n}\n\nfunction withTimeout<T>(promise: Promise<T>, ms: number): Promise<T> {\n\treturn new Promise<T>((resolve, reject) => {\n\t\tconst timer = setTimeout(() => {\n\t\t\treject(new Error(`isolateCachedAsync: owner fetch exceeded ${ms}ms`));\n\t\t}, ms);\n\t\t// Settle from the underlying promise (whichever wins the race with the\n\t\t// timer), and always clear the timer so a resolved fetch doesn't leave\n\t\t// a pending timeout holding the isolate alive.\n\t\tpromise.then(resolve, reject).finally(() => {\n\t\t\tclearTimeout(timer);\n\t\t});\n\t});\n}\n\n/**\n * Return the cached value for `cache`, computing it via `fetch` under a\n * single-flight lock on a miss. Concurrent callers coalesce onto one fetch;\n * a cancelled owner cannot poison later callers (see file header).\n */\nexport function isolateCachedAsync<T>(\n\tcache: IsolateCache<T>,\n\tfetch: () => Promise<T>,\n\toptions: IsolateCachedOptions = {},\n): Promise<T> {\n\t// Capture the version once: a value published at this version satisfies\n\t// this call; an invalidation that lands mid-fetch makes the published\n\t// value stale for *later* calls (which captured the newer version) but\n\t// still valid for this one.\n\tconst versionAtCall = cache.version;\n\n\t// Ignore a non-positive / non-finite owner timeout rather than letting it\n\t// degenerate into an instant-reject (setTimeout coerces NaN/0 to ~0ms).\n\tconst ownerTimeoutMs =\n\t\toptions.ownerTimeoutMs !== undefined &&\n\t\tNumber.isFinite(options.ownerTimeoutMs) &&\n\t\toptions.ownerTimeoutMs > 0\n\t\t\t? options.ownerTimeoutMs\n\t\t\t: undefined;\n\n\t// Keep the reclaim deadline above the owner timeout (see RECLAIM_HEADROOM_MS):\n\t// the owner's own timeout, not a waiter reclaim, is the primary release.\n\tconst deadlineMs =\n\t\townerTimeoutMs === undefined\n\t\t\t? options.deadlineMs\n\t\t\t: Math.max(options.deadlineMs ?? 0, ownerTimeoutMs + RECLAIM_HEADROOM_MS);\n\n\treturn initWithLock<Box<T>>(\n\t\tcache.lock,\n\t\t() =>\n\t\t\tcache.hasValue && cache.valueVersion === versionAtCall\n\t\t\t\t? // eslint-disable-next-line typescript/no-unsafe-type-assertion -- hasValue gates that `value` holds a real T\n\t\t\t\t\t({ v: cache.value as T } satisfies Box<T>)\n\t\t\t\t: null,\n\t\t(isCurrentClaim) => {\n\t\t\t// The real work, anchored independently so a cancelled owner's\n\t\t\t// fetch still settles and publishes. Publication is gated on the\n\t\t\t// claim so a reclaimed slow owner can't clobber the reclaimer's\n\t\t\t// value (same contract as initWithLock's own callers).\n\t\t\tconst real = (async (): Promise<Box<T>> => {\n\t\t\t\tconst value = await fetch();\n\t\t\t\tif (isCurrentClaim()) {\n\t\t\t\t\tcache.value = value;\n\t\t\t\t\tcache.hasValue = true;\n\t\t\t\t\tcache.valueVersion = versionAtCall;\n\t\t\t\t}\n\t\t\t\treturn { v: value };\n\t\t\t})();\n\t\t\t// Anchor the real fetch (not the timeout race): this is what must\n\t\t\t// survive a cancelled owner and run to publication. initWithLock is\n\t\t\t// left to manage only the lock; we don't double-anchor.\n\t\t\toptions.anchor?.(\n\t\t\t\treal.then(\n\t\t\t\t\t() => undefined,\n\t\t\t\t\t() => undefined,\n\t\t\t\t),\n\t\t\t);\n\t\t\treturn ownerTimeoutMs === undefined ? real : withTimeout(real, ownerTimeoutMs);\n\t\t},\n\t\t{\n\t\t\tdeadlineMs,\n\t\t\tpollMs: options.pollMs,\n\t\t\tmaxWaitMs: options.maxWaitMs,\n\t\t},\n\t).then((box) => box.v);\n}\n","/**\n * Site Settings API\n *\n * Functions for getting and setting global site configuration.\n * Settings are stored in the options table with 'site:' prefix.\n */\n\nimport type { Kysely } from \"kysely\";\n\nimport { after } from \"../after.js\";\nimport { MediaRepository } from \"../database/repositories/media.js\";\nimport { OptionsRepository } from \"../database/repositories/options.js\";\nimport type { Database } from \"../database/types.js\";\nimport { getDb } from \"../loader.js\";\nimport { peekRequestCache, requestCached } from \"../request-cache.js\";\nimport type { Storage } from \"../storage/types.js\";\nimport {\n\tcreateIsolateCache,\n\ttype IsolateCache,\n\tinvalidateIsolateCache,\n\tisolateCachedAsync,\n} from \"../utils/isolate-cache.js\";\nimport type { SiteSettings, SiteSettingKey, MediaReference, SeoSettings } from \"./types.js\";\n\n/** Prefix for site settings in the options table */\nconst SETTINGS_PREFIX = \"site:\";\n\n/**\n * Worker-isolate cache for the resolved `site:*` settings.\n *\n * Site settings (title, logo, SEO defaults) change rarely but are read on\n * every public request. Caching across the isolate's lifetime drops the\n * `options WHERE name LIKE 'site:%'` prefix scan from once-per-request to\n * once-per-isolate. Cross-isolate staleness is bounded by isolate lifetime\n * (workerd typically recycles within minutes); acceptable for chrome.\n *\n * Backed by isolate-cache.ts: concurrent cold-isolate reads coalesce onto one\n * query via a reclaimable single-flight lock and the resolved *value* is\n * cached — never a shared in-flight promise, so a cancelled request can't\n * poison the isolate (see that file's header). Stored on globalThis with a\n * Symbol.for key so Vite SSR chunk duplication doesn't produce two\n * independent caches (same pattern as request-context.ts).\n */\nconst SITE_SETTINGS_CACHE_KEY = Symbol.for(\"emdash:site-settings\");\nconst g = globalThis as Record<symbol, unknown>;\nconst settingsCache: IsolateCache<Partial<SiteSettings>> =\n\t// eslint-disable-next-line typescript/no-unsafe-type-assertion -- globalThis singleton pattern (see request-context.ts)\n\t(g[SITE_SETTINGS_CACHE_KEY] as IsolateCache<Partial<SiteSettings>> | undefined) ??\n\t(() => {\n\t\tconst c = createIsolateCache<Partial<SiteSettings>>();\n\t\tg[SITE_SETTINGS_CACHE_KEY] = c;\n\t\treturn c;\n\t})();\n\n/**\n * Bump the isolate-wide site-settings cache version, forcing the next\n * `getSiteSettings()` to re-query the database.\n *\n * Called from every `site:*` write path. Other isolates still serve their\n * own cached copy until they expire — staleness bounded by isolate lifetime.\n */\nexport function invalidateSiteSettingsCache(): void {\n\tinvalidateIsolateCache(settingsCache);\n}\n\n/**\n * Type guard for MediaReference values\n */\nfunction isMediaReference(value: unknown): value is MediaReference {\n\treturn typeof value === \"object\" && value !== null && \"mediaId\" in value;\n}\n\n/**\n * Resolve a media reference to include the full URL plus content metadata.\n *\n * Pulls `mimeType` and intrinsic dimensions from the media row so callers\n * can emit correct head tags (e.g. `<link rel=\"icon\" type=\"image/svg+xml\">`,\n * which Chromium requires when the URL has no `.svg` extension) without\n * a second round-trip to the media table.\n */\nasync function resolveMediaReference(\n\tmediaRef: MediaReference | undefined,\n\tdb: Kysely<Database>,\n\t_storage: Storage | null,\n): Promise<MediaReference | undefined> {\n\tif (!mediaRef?.mediaId) {\n\t\treturn mediaRef;\n\t}\n\n\ttry {\n\t\tconst mediaRepo = new MediaRepository(db);\n\t\tconst media = await mediaRepo.findById(mediaRef.mediaId);\n\n\t\tif (media) {\n\t\t\t// Construct URL using the same pattern as API handlers\n\t\t\treturn {\n\t\t\t\t...mediaRef,\n\t\t\t\turl: `/_emdash/api/media/file/${media.storageKey}`,\n\t\t\t\tcontentType: media.mimeType,\n\t\t\t\t...(media.width !== null ? { width: media.width } : {}),\n\t\t\t\t...(media.height !== null ? { height: media.height } : {}),\n\t\t\t};\n\t\t}\n\t} catch {\n\t\t// If media not found or error, return the reference as-is\n\t}\n\n\treturn mediaRef;\n}\n\n/**\n * Get a single site setting by key\n *\n * Returns `undefined` if the setting has not been configured.\n * For media settings (logo, favicon), the URL is resolved automatically.\n *\n * @param key - The setting key (e.g., \"title\", \"logo\", \"social\")\n * @returns The setting value, or undefined if not set\n *\n * @example\n * ```ts\n * import { getSiteSetting } from \"emdash\";\n *\n * const title = await getSiteSetting(\"title\");\n * const logo = await getSiteSetting(\"logo\");\n * console.log(logo?.url); // Resolved URL\n * ```\n */\nexport async function getSiteSetting<K extends SiteSettingKey>(\n\tkey: K,\n): Promise<SiteSettings[K] | undefined> {\n\t// If `getSiteSettings()` has already been called in this request,\n\t// read from that (request-cached) batch rather than firing a second\n\t// options-table query. Common layout: a Base template pulls the\n\t// whole settings object up-front, then `EmDashHead` or a plugin\n\t// asks for one key — no reason the singular call should round-trip\n\t// again.\n\tconst primed = peekRequestCache<Partial<SiteSettings>>(\"siteSettings\");\n\tif (primed) {\n\t\tconst settings = await primed;\n\t\treturn settings[key];\n\t}\n\n\t// Otherwise cache per-key. Templates that pull several settings\n\t// independently still share the in-flight query for each one.\n\treturn requestCached(`siteSetting:${key}`, async () => {\n\t\tconst db = await getDb();\n\t\treturn getSiteSettingWithDb(key, db);\n\t});\n}\n\n/**\n * Get a single site setting by key (with explicit db)\n *\n * @internal Use `getSiteSetting()` in templates. This variant is for admin routes\n * that already have a database handle.\n */\nexport async function getSiteSettingWithDb<K extends SiteSettingKey>(\n\tkey: K,\n\tdb: Kysely<Database>,\n\tstorage: Storage | null = null,\n): Promise<SiteSettings[K] | undefined> {\n\tconst options = new OptionsRepository(db);\n\tconst value = await options.get<SiteSettings[K]>(`${SETTINGS_PREFIX}${key}`);\n\n\tif (!value) {\n\t\treturn undefined;\n\t}\n\n\t// Resolve media references if needed.\n\t// TS cannot narrow generic K from key equality checks — this is a known limitation.\n\t// We use the non-generic getSiteSettingsWithDb for media resolution instead.\n\tif ((key === \"logo\" || key === \"favicon\") && isMediaReference(value)) {\n\t\tconst resolved = await resolveMediaReference(value, db, storage);\n\t\t// eslint-disable-next-line typescript/no-unsafe-type-assertion -- TS can't narrow generic K from key equality; resolved type is correct\n\t\treturn resolved as SiteSettings[K] | undefined;\n\t}\n\n\tif (key === \"seo\" && value && typeof value === \"object\") {\n\t\t// eslint-disable-next-line typescript/no-unsafe-type-assertion -- TS can't narrow generic K from key equality\n\t\tconst seo = value as SeoSettings;\n\t\tif (seo.defaultOgImage) {\n\t\t\tconst resolved = {\n\t\t\t\t...seo,\n\t\t\t\tdefaultOgImage: await resolveMediaReference(seo.defaultOgImage, db, storage),\n\t\t\t};\n\t\t\t// eslint-disable-next-line typescript/no-unsafe-type-assertion -- TS can't narrow generic K from key equality\n\t\t\treturn resolved as SiteSettings[K] | undefined;\n\t\t}\n\t}\n\n\treturn value;\n}\n\n/**\n * Get all site settings\n *\n * Returns all configured settings. Unset values are undefined.\n * Media references (logo/favicon) are resolved to include URLs.\n *\n * @example\n * ```ts\n * import { getSiteSettings } from \"emdash\";\n *\n * const settings = await getSiteSettings();\n * console.log(settings.title); // \"My Site\"\n * console.log(settings.logo?.url); // \"/_emdash/api/media/file/abc123\"\n * ```\n */\nexport function getSiteSettings(): Promise<Partial<SiteSettings>> {\n\t// requestCached dedupes within a single request; isolateCachedAsync\n\t// coalesces across requests and caches the resolved value for the\n\t// isolate's lifetime without ever sharing an awaitable promise.\n\treturn requestCached(\"siteSettings\", () =>\n\t\tisolateCachedAsync(\n\t\t\tsettingsCache,\n\t\t\tasync () => {\n\t\t\t\tconst db = await getDb();\n\t\t\t\treturn getSiteSettingsWithDb(db);\n\t\t\t},\n\t\t\t{ anchor: (promise) => after(() => promise), ownerTimeoutMs: 30_000 },\n\t\t),\n\t);\n}\n\n/**\n * Get all site settings (with explicit db)\n *\n * @internal Use `getSiteSettings()` in templates. This variant is for admin routes\n * that already have a database handle.\n */\nexport async function getSiteSettingsWithDb(\n\tdb: Kysely<Database>,\n\tstorage: Storage | null = null,\n): Promise<Partial<SiteSettings>> {\n\tconst options = new OptionsRepository(db);\n\tconst allOptions = await options.getByPrefix(SETTINGS_PREFIX);\n\n\tconst settings: Record<string, unknown> = {};\n\n\t// Convert Map to settings object, removing the prefix\n\tfor (const [key, value] of allOptions) {\n\t\tconst settingKey = key.replace(SETTINGS_PREFIX, \"\");\n\t\tsettings[settingKey] = value;\n\t}\n\n\tconst typedSettings = settings as Partial<SiteSettings>;\n\n\t// Resolve media references\n\tif (typedSettings.logo) {\n\t\ttypedSettings.logo = await resolveMediaReference(typedSettings.logo, db, storage);\n\t}\n\tif (typedSettings.favicon) {\n\t\ttypedSettings.favicon = await resolveMediaReference(typedSettings.favicon, db, storage);\n\t}\n\tif (typedSettings.seo?.defaultOgImage) {\n\t\ttypedSettings.seo = {\n\t\t\t...typedSettings.seo,\n\t\t\tdefaultOgImage: await resolveMediaReference(typedSettings.seo.defaultOgImage, db, storage),\n\t\t};\n\t}\n\n\treturn typedSettings;\n}\n\n/**\n * Set site settings (internal function used by admin API)\n *\n * Merges provided settings with existing ones. Only provided fields are updated.\n * Media references should include just the mediaId; URLs are resolved on read.\n *\n * @param settings - Partial settings object with values to update\n * @param db - Kysely database instance\n * @returns Promise that resolves when settings are saved\n *\n * @internal\n *\n * @example\n * ```ts\n * // Update multiple settings at once\n * await setSiteSettings({\n *   title: \"My Site\",\n *   tagline: \"Welcome\",\n *   logo: { mediaId: \"med_123\", alt: \"Logo\" }\n * }, db);\n * ```\n */\nexport async function setSiteSettings(\n\tsettings: Partial<SiteSettings>,\n\tdb: Kysely<Database>,\n): Promise<void> {\n\tconst options = new OptionsRepository(db);\n\n\t// Convert settings to options format\n\tconst updates: Record<string, unknown> = {};\n\tfor (const [key, value] of Object.entries(settings)) {\n\t\tif (value !== undefined) {\n\t\t\tupdates[`${SETTINGS_PREFIX}${key}`] = value;\n\t\t}\n\t}\n\n\ttry {\n\t\tawait options.setMany(updates);\n\t} finally {\n\t\tinvalidateSiteSettingsCache();\n\t}\n}\n\n/**\n * Get a single plugin setting by key.\n *\n * Plugin settings are stored in the options table under\n * `plugin:<pluginId>:settings:<key>`.\n */\nexport async function getPluginSetting<T = unknown>(\n\tpluginId: string,\n\tkey: string,\n): Promise<T | undefined> {\n\tconst db = await getDb();\n\treturn getPluginSettingWithDb<T>(pluginId, key, db);\n}\n\n/**\n * Get a single plugin setting by key (with explicit db).\n *\n * @internal Use `getPluginSetting()` in templates and plugin rendering code.\n */\nexport async function getPluginSettingWithDb<T = unknown>(\n\tpluginId: string,\n\tkey: string,\n\tdb: Kysely<Database>,\n): Promise<T | undefined> {\n\tconst options = new OptionsRepository(db);\n\tconst value = await options.get<T>(`plugin:${pluginId}:settings:${key}`);\n\treturn value ?? undefined;\n}\n\n/**\n * Get all persisted plugin settings for a plugin.\n *\n * Defaults declared in `admin.settingsSchema` are not materialized\n * automatically; callers should apply their own fallback defaults.\n */\nexport async function getPluginSettings(pluginId: string): Promise<Record<string, unknown>> {\n\tconst db = await getDb();\n\treturn getPluginSettingsWithDb(pluginId, db);\n}\n\n/**\n * Get all persisted plugin settings for a plugin (with explicit db).\n *\n * @internal Use `getPluginSettings()` in templates and plugin rendering code.\n */\nexport async function getPluginSettingsWithDb(\n\tpluginId: string,\n\tdb: Kysely<Database>,\n): Promise<Record<string, unknown>> {\n\tconst prefix = `plugin:${pluginId}:settings:`;\n\tconst options = new OptionsRepository(db);\n\tconst allOptions = await options.getByPrefix(prefix);\n\n\tconst settings: Record<string, unknown> = {};\n\tfor (const [key, value] of allOptions) {\n\t\tif (!key.startsWith(prefix)) {\n\t\t\tcontinue;\n\t\t}\n\t\tsettings[key.slice(prefix.length)] = value;\n\t}\n\n\treturn settings;\n}\n"],"mappings":";;;;;;AAuBA,MAAM,kBAA+C,YAAY;AAChE,KAAI;AAKH,UAHa,MAAM,OAAO,8BAGf,aAAa;SACjB;AAGP,SAAO;;IAEL;AAEJ,eAAe,YAAY,GAAG;;;;;;;;AAS9B,SAAgB,MAAM,IAAsC;CAC3D,MAAM,UAAU,QAAQ,SAAS,CAC/B,KAAK,GAAG,CACR,OAAO,UAAU;AACjB,UAAQ,MAAM,kCAAkC,MAAM;GACrD;AAMH,CAAK,eAAe,MAAM,cAAc;AACvC,MAAI,UAAW,WAAU,QAAQ;AACjC,SAAO;GACN;;;;;AC5BH,SAAgB,iBAA2B;AAC1C,QAAO;EAAE,gBAAgB;EAAM,YAAY;EAAG;;AAgC/C,MAAM,sBAAsB;AAC5B,MAAM,kBAAkB;AACxB,MAAM,uBAAuB;AAE7B,SAAS,MAAM,IAA2B;AACzC,QAAO,IAAI,SAAS,YAAY,WAAW,SAAS,GAAG,CAAC;;;;;;;;;;;;;;;AAgBzD,eAAsB,aACrB,MACA,WACA,MACA,SACa;CACb,MAAM,aAAa,SAAS,cAAc;CAC1C,MAAM,SAAS,SAAS,UAAU;CAClC,MAAM,YAAY,SAAS,aAAa,aAAa;CAIrD,MAAM,YAAY,KAAK,KAAK;AAE5B,UAAS;EACR,MAAM,SAAS,WAAW;AAC1B,MAAI,WAAW,QAAQ,WAAW,OACjC,QAAO;EAGR,MAAM,iBAAiB,KAAK;AAC5B,MAAI,mBAAmB,QAAQ,KAAK,KAAK,GAAG,iBAAiB,YAAY;AAGxE,QAAK,cAAc;GACnB,MAAM,QAAQ,KAAK;AACnB,QAAK,iBAAiB,KAAK,KAAK;AAChC,OAAI;IAGH,MAAM,uBAAuB,KAAK,eAAe;IACjD,MAAM,cAAc,QAAQ,SAAS,CAAC,WAAW,KAAK,eAAe,CAAC;AACtE,aAAS,SACR,YAAY,WACL,cACA,OACN,CACD;AACD,WAAO,MAAM;aACJ;AAMT,QAAI,KAAK,eAAe,MACvB,MAAK,iBAAiB;;;AAKzB,MAAI,KAAK,KAAK,GAAG,YAAY,UAC5B,OAAM,IAAI,MAAM,iCAAiC,UAAU,+BAA+B;AAE3F,QAAM,MAAM,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AC9FrB,SAAgB,qBAAyC;AACxD,QAAO;EAAE,OAAO;EAAM,UAAU;EAAO,SAAS;EAAG,cAAc;EAAI,MAAM,gBAAgB;EAAE;;;;;;;AAQ9F,SAAgB,uBAAuB,OAAoC;AAC1E,OAAM;AACN,OAAM,WAAW;AACjB,OAAM,QAAQ;AACd,OAAM,eAAe;AAMrB,OAAM,KAAK,iBAAiB;;;;;;;;;AAU7B,MAAM,sBAAsB;AA6B5B,SAAS,YAAe,SAAqB,IAAwB;AACpE,QAAO,IAAI,SAAY,SAAS,WAAW;EAC1C,MAAM,QAAQ,iBAAiB;AAC9B,0BAAO,IAAI,MAAM,4CAA4C,GAAG,IAAI,CAAC;KACnE,GAAG;AAIN,UAAQ,KAAK,SAAS,OAAO,CAAC,cAAc;AAC3C,gBAAa,MAAM;IAClB;GACD;;;;;;;AAQH,SAAgB,mBACf,OACA,OACA,UAAgC,EAAE,EACrB;CAKb,MAAM,gBAAgB,MAAM;CAI5B,MAAM,iBACL,QAAQ,mBAAmB,UAC3B,OAAO,SAAS,QAAQ,eAAe,IACvC,QAAQ,iBAAiB,IACtB,QAAQ,iBACR;CAIJ,MAAM,aACL,mBAAmB,SAChB,QAAQ,aACR,KAAK,IAAI,QAAQ,cAAc,GAAG,iBAAiB,oBAAoB;AAE3E,QAAO,aACN,MAAM,YAEL,MAAM,YAAY,MAAM,iBAAiB,gBAEtC,EAAE,GAAG,MAAM,OAAY,GACvB,OACH,mBAAmB;EAKnB,MAAM,QAAQ,YAA6B;GAC1C,MAAM,QAAQ,MAAM,OAAO;AAC3B,OAAI,gBAAgB,EAAE;AACrB,UAAM,QAAQ;AACd,UAAM,WAAW;AACjB,UAAM,eAAe;;AAEtB,UAAO,EAAE,GAAG,OAAO;MAChB;AAIJ,UAAQ,SACP,KAAK,WACE,cACA,OACN,CACD;AACD,SAAO,mBAAmB,SAAY,OAAO,YAAY,MAAM,eAAe;IAE/E;EACC;EACA,QAAQ,QAAQ;EAChB,WAAW,QAAQ;EACnB,CACD,CAAC,MAAM,QAAQ,IAAI,EAAE;;;;;;AClKvB,MAAM,kBAAkB;;;;;;;;;;;;;;;;;AAkBxB,MAAM,0BAA0B,OAAO,IAAI,uBAAuB;AAClE,MAAM,IAAI;AACV,MAAM,gBAEJ,EAAE,mCACI;CACN,MAAM,IAAI,oBAA2C;AACrD,GAAE,2BAA2B;AAC7B,QAAO;IACJ;;;;;;;;AASL,SAAgB,8BAAoC;AACnD,wBAAuB,cAAc;;;;;AAMtC,SAAS,iBAAiB,OAAyC;AAClE,QAAO,OAAO,UAAU,YAAY,UAAU,QAAQ,aAAa;;;;;;;;;;AAWpE,eAAe,sBACd,UACA,IACA,UACsC;AACtC,KAAI,CAAC,UAAU,QACd,QAAO;AAGR,KAAI;EAEH,MAAM,QAAQ,MADI,IAAI,gBAAgB,GAAG,CACX,SAAS,SAAS,QAAQ;AAExD,MAAI,MAEH,QAAO;GACN,GAAG;GACH,KAAK,2BAA2B,MAAM;GACtC,aAAa,MAAM;GACnB,GAAI,MAAM,UAAU,OAAO,EAAE,OAAO,MAAM,OAAO,GAAG,EAAE;GACtD,GAAI,MAAM,WAAW,OAAO,EAAE,QAAQ,MAAM,QAAQ,GAAG,EAAE;GACzD;SAEK;AAIR,QAAO;;;;;;;;;;;;;;;;;;;;AAqBR,eAAsB,eACrB,KACuC;CAOvC,MAAM,SAAS,iBAAwC,eAAe;AACtE,KAAI,OAEH,SADiB,MAAM,QACP;AAKjB,QAAO,cAAc,eAAe,OAAO,YAAY;AAEtD,SAAO,qBAAqB,KADjB,MAAM,OAAO,CACY;GACnC;;;;;;;;AASH,eAAsB,qBACrB,KACA,IACA,UAA0B,MACa;CAEvC,MAAM,QAAQ,MADE,IAAI,kBAAkB,GAAG,CACb,IAAqB,GAAG,kBAAkB,MAAM;AAE5E,KAAI,CAAC,MACJ;AAMD,MAAK,QAAQ,UAAU,QAAQ,cAAc,iBAAiB,MAAM,CAGnE,QAFiB,MAAM,sBAAsB,OAAO,IAAI,QAAQ;AAKjE,KAAI,QAAQ,SAAS,SAAS,OAAO,UAAU,UAAU;EAExD,MAAM,MAAM;AACZ,MAAI,IAAI,eAMP,QALiB;GAChB,GAAG;GACH,gBAAgB,MAAM,sBAAsB,IAAI,gBAAgB,IAAI,QAAQ;GAC5E;;AAMH,QAAO;;;;;;;;;;;;;;;;;AAkBR,SAAgB,kBAAkD;AAIjE,QAAO,cAAc,sBACpB,mBACC,eACA,YAAY;AAEX,SAAO,sBADI,MAAM,OAAO,CACQ;IAEjC;EAAE,SAAS,YAAY,YAAY,QAAQ;EAAE,gBAAgB;EAAQ,CACrE,CACD;;;;;;;;AASF,eAAsB,sBACrB,IACA,UAA0B,MACO;CAEjC,MAAM,aAAa,MADH,IAAI,kBAAkB,GAAG,CACR,YAAY,gBAAgB;CAE7D,MAAM,WAAoC,EAAE;AAG5C,MAAK,MAAM,CAAC,KAAK,UAAU,YAAY;EACtC,MAAM,aAAa,IAAI,QAAQ,iBAAiB,GAAG;AACnD,WAAS,cAAc;;CAGxB,MAAM,gBAAgB;AAGtB,KAAI,cAAc,KACjB,eAAc,OAAO,MAAM,sBAAsB,cAAc,MAAM,IAAI,QAAQ;AAElF,KAAI,cAAc,QACjB,eAAc,UAAU,MAAM,sBAAsB,cAAc,SAAS,IAAI,QAAQ;AAExF,KAAI,cAAc,KAAK,eACtB,eAAc,MAAM;EACnB,GAAG,cAAc;EACjB,gBAAgB,MAAM,sBAAsB,cAAc,IAAI,gBAAgB,IAAI,QAAQ;EAC1F;AAGF,QAAO;;;;;;;;;;;;;;;;;;;;;;;;AAyBR,eAAsB,gBACrB,UACA,IACgB;CAChB,MAAM,UAAU,IAAI,kBAAkB,GAAG;CAGzC,MAAM,UAAmC,EAAE;AAC3C,MAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,SAAS,CAClD,KAAI,UAAU,OACb,SAAQ,GAAG,kBAAkB,SAAS;AAIxC,KAAI;AACH,QAAM,QAAQ,QAAQ,QAAQ;WACrB;AACT,+BAA6B;;;;;;;;;AAU/B,eAAsB,iBACrB,UACA,KACyB;AAEzB,QAAO,uBAA0B,UAAU,KADhC,MAAM,OAAO,CAC2B;;;;;;;AAQpD,eAAsB,uBACrB,UACA,KACA,IACyB;AAGzB,QADc,MADE,IAAI,kBAAkB,GAAG,CACb,IAAO,UAAU,SAAS,YAAY,MAAM,IACxD;;;;;;;;AASjB,eAAsB,kBAAkB,UAAoD;AAE3F,QAAO,wBAAwB,UADpB,MAAM,OAAO,CACoB;;;;;;;AAQ7C,eAAsB,wBACrB,UACA,IACmC;CACnC,MAAM,SAAS,UAAU,SAAS;CAElC,MAAM,aAAa,MADH,IAAI,kBAAkB,GAAG,CACR,YAAY,OAAO;CAEpD,MAAM,WAAoC,EAAE;AAC5C,MAAK,MAAM,CAAC,KAAK,UAAU,YAAY;AACtC,MAAI,CAAC,IAAI,WAAW,OAAO,CAC1B;AAED,WAAS,IAAI,MAAM,OAAO,OAAO,IAAI;;AAGtC,QAAO"}

package/dist/{setup-complete-Yuv78yua.mjs → setup-complete-yvPE4OsP.mjs}

@@ -23,4 +23,4 @@ async function finalizeSetup(db) {
 
 //#endregion
 export { finalizeSetup as t };
-//# sourceMappingURL=setup-complete-Yuv78yua.mjs.map
+//# sourceMappingURL=setup-complete-yvPE4OsP.mjs.map

package/dist/{setup-complete-Yuv78yua.mjs.map → setup-complete-yvPE4OsP.mjs.map}

@@ -1 +1 @@
-{"version":3,"file":"setup-complete-Yuv78yua.mjs","names":[],"sources":["../src/api/setup-complete.ts"],"sourcesContent":["/**\n * Shared setup completion logic.\n *\n * Called by OAuth callbacks and the passkey verify step when the first user\n * is created during setup. Persists site title/tagline from setup state\n * and marks setup as complete.\n */\n\nimport type { Kysely } from \"kysely\";\n\nimport { OptionsRepository } from \"../database/repositories/options.js\";\nimport type { Database } from \"../database/types.js\";\n\n/**\n * Finalize setup after the first admin user is created.\n *\n * Reads the setup_state option (written by the setup wizard's step 1),\n * persists site_title and site_tagline, then marks setup complete.\n *\n * Safe to call multiple times — checks setup_complete first and no-ops\n * if already done.\n */\nexport async function finalizeSetup(db: Kysely<Database>): Promise<void> {\n\tconst options = new OptionsRepository(db);\n\n\tconst setupComplete = await options.get(\"emdash:setup_complete\");\n\tif (setupComplete === true || setupComplete === \"true\") return;\n\n\t// Persist site title/tagline from setup state (stored in step 1)\n\tconst setupState = await options.get<Record<string, unknown>>(\"emdash:setup_state\");\n\tif (setupState?.title && typeof setupState.title === \"string\") {\n\t\tawait options.set(\"emdash:site_title\", setupState.title);\n\t}\n\tif (setupState?.tagline && typeof setupState.tagline === \"string\") {\n\t\tawait options.set(\"emdash:site_tagline\", setupState.tagline);\n\t}\n\n\tawait options.set(\"emdash:setup_complete\", true);\n\tawait options.delete(\"emdash:setup_state\");\n}\n"],"mappings":";;;;;;;;;;;;AAsBA,eAAsB,cAAc,IAAqC;CACxE,MAAM,UAAU,IAAI,kBAAkB,GAAG;CAEzC,MAAM,gBAAgB,MAAM,QAAQ,IAAI,wBAAwB;AAChE,KAAI,kBAAkB,QAAQ,kBAAkB,OAAQ;CAGxD,MAAM,aAAa,MAAM,QAAQ,IAA6B,qBAAqB;AACnF,KAAI,YAAY,SAAS,OAAO,WAAW,UAAU,SACpD,OAAM,QAAQ,IAAI,qBAAqB,WAAW,MAAM;AAEzD,KAAI,YAAY,WAAW,OAAO,WAAW,YAAY,SACxD,OAAM,QAAQ,IAAI,uBAAuB,WAAW,QAAQ;AAG7D,OAAM,QAAQ,IAAI,yBAAyB,KAAK;AAChD,OAAM,QAAQ,OAAO,qBAAqB"}
+{"version":3,"file":"setup-complete-yvPE4OsP.mjs","names":[],"sources":["../src/api/setup-complete.ts"],"sourcesContent":["/**\n * Shared setup completion logic.\n *\n * Called by OAuth callbacks and the passkey verify step when the first user\n * is created during setup. Persists site title/tagline from setup state\n * and marks setup as complete.\n */\n\nimport type { Kysely } from \"kysely\";\n\nimport { OptionsRepository } from \"../database/repositories/options.js\";\nimport type { Database } from \"../database/types.js\";\n\n/**\n * Finalize setup after the first admin user is created.\n *\n * Reads the setup_state option (written by the setup wizard's step 1),\n * persists site_title and site_tagline, then marks setup complete.\n *\n * Safe to call multiple times — checks setup_complete first and no-ops\n * if already done.\n */\nexport async function finalizeSetup(db: Kysely<Database>): Promise<void> {\n\tconst options = new OptionsRepository(db);\n\n\tconst setupComplete = await options.get(\"emdash:setup_complete\");\n\tif (setupComplete === true || setupComplete === \"true\") return;\n\n\t// Persist site title/tagline from setup state (stored in step 1)\n\tconst setupState = await options.get<Record<string, unknown>>(\"emdash:setup_state\");\n\tif (setupState?.title && typeof setupState.title === \"string\") {\n\t\tawait options.set(\"emdash:site_title\", setupState.title);\n\t}\n\tif (setupState?.tagline && typeof setupState.tagline === \"string\") {\n\t\tawait options.set(\"emdash:site_tagline\", setupState.tagline);\n\t}\n\n\tawait options.set(\"emdash:setup_complete\", true);\n\tawait options.delete(\"emdash:setup_state\");\n}\n"],"mappings":";;;;;;;;;;;;AAsBA,eAAsB,cAAc,IAAqC;CACxE,MAAM,UAAU,IAAI,kBAAkB,GAAG;CAEzC,MAAM,gBAAgB,MAAM,QAAQ,IAAI,wBAAwB;AAChE,KAAI,kBAAkB,QAAQ,kBAAkB,OAAQ;CAGxD,MAAM,aAAa,MAAM,QAAQ,IAA6B,qBAAqB;AACnF,KAAI,YAAY,SAAS,OAAO,WAAW,UAAU,SACpD,OAAM,QAAQ,IAAI,qBAAqB,WAAW,MAAM;AAEzD,KAAI,YAAY,WAAW,OAAO,WAAW,YAAY,SACxD,OAAM,QAAQ,IAAI,uBAAuB,WAAW,QAAQ;AAG7D,OAAM,QAAQ,IAAI,yBAAyB,KAAK;AAChD,OAAM,QAAQ,OAAO,qBAAqB"}

package/dist/{setup-nonce-Bm0uKqmf.mjs → setup-nonce-C9aFzb94.mjs}

@@ -22,4 +22,4 @@ const SETUP_NONCE_MAX_AGE_SECONDS = 3600;
 
 //#endregion
 export { SETUP_NONCE_MAX_AGE_SECONDS as n, SETUP_NONCE_COOKIE as t };
-//# sourceMappingURL=setup-nonce-Bm0uKqmf.mjs.map
+//# sourceMappingURL=setup-nonce-C9aFzb94.mjs.map

package/dist/{setup-nonce-Bm0uKqmf.mjs.map → setup-nonce-C9aFzb94.mjs.map}

@@ -1 +1 @@
-{"version":3,"file":"setup-nonce-Bm0uKqmf.mjs","names":[],"sources":["../src/auth/setup-nonce.ts"],"sourcesContent":["/**\n * Session binding for the first-setup admin-creation flow.\n *\n * Shared constants for the nonce cookie that ties /_emdash/api/setup/admin\n * and /_emdash/api/setup/admin/verify to the same browser. Without this\n * binding, any unauthenticated caller could POST /setup/admin during the\n * setup window and substitute their own email into the stored setup state\n * before the legitimate admin completes passkey verification.\n *\n * Implementation lives in the two route handlers; this module is just\n * the name / lifetime so both ends agree.\n */\n\n/** Cookie name carrying the setup-admin session nonce. */\nexport const SETUP_NONCE_COOKIE = \"emdash_setup_nonce\";\n\n/**\n * Cookie max-age in seconds. One hour is plenty of time to complete\n * a passkey registration; if the user lingers longer the admin step\n * can simply be retried.\n */\nexport const SETUP_NONCE_MAX_AGE_SECONDS = 60 * 60;\n"],"mappings":";;;;;;;;;;;;;;AAcA,MAAa,qBAAqB;;;;;;AAOlC,MAAa,8BAA8B"}
+{"version":3,"file":"setup-nonce-C9aFzb94.mjs","names":[],"sources":["../src/auth/setup-nonce.ts"],"sourcesContent":["/**\n * Session binding for the first-setup admin-creation flow.\n *\n * Shared constants for the nonce cookie that ties /_emdash/api/setup/admin\n * and /_emdash/api/setup/admin/verify to the same browser. Without this\n * binding, any unauthenticated caller could POST /setup/admin during the\n * setup window and substitute their own email into the stored setup state\n * before the legitimate admin completes passkey verification.\n *\n * Implementation lives in the two route handlers; this module is just\n * the name / lifetime so both ends agree.\n */\n\n/** Cookie name carrying the setup-admin session nonce. */\nexport const SETUP_NONCE_COOKIE = \"emdash_setup_nonce\";\n\n/**\n * Cookie max-age in seconds. One hour is plenty of time to complete\n * a passkey registration; if the user lingers longer the admin step\n * can simply be retried.\n */\nexport const SETUP_NONCE_MAX_AGE_SECONDS = 60 * 60;\n"],"mappings":";;;;;;;;;;;;;;AAcA,MAAa,qBAAqB;;;;;;AAOlC,MAAa,8BAA8B"}

package/dist/{site-url-mEVmwIFi.mjs → site-url-CnHlmAs9.mjs}

@@ -10,4 +10,4 @@ async function getSiteBaseUrl(db, request) {
 
 //#endregion
 export { getSiteBaseUrl as t };
-//# sourceMappingURL=site-url-mEVmwIFi.mjs.map
+//# sourceMappingURL=site-url-CnHlmAs9.mjs.map

package/dist/{site-url-mEVmwIFi.mjs.map → site-url-CnHlmAs9.mjs.map}

@@ -1 +1 @@
-{"version":3,"file":"site-url-mEVmwIFi.mjs","names":[],"sources":["../src/api/site-url.ts"],"sourcesContent":["/**\n * Resolve the canonical site base URL for use in outbound links (emails, etc.).\n *\n * Uses the stored `emdash:site_url` (set during setup on the real domain)\n * so that Host header spoofing in later requests cannot redirect users to\n * attacker-controlled domains.\n *\n * Falls back to the request URL only if no stored value exists (pre-setup).\n */\n\nimport type { Kysely } from \"kysely\";\n\nimport { OptionsRepository } from \"../database/repositories/options.js\";\nimport type { Database } from \"../database/types.js\";\n\nexport async function getSiteBaseUrl(db: Kysely<Database>, request: Request): Promise<string> {\n\tconst options = new OptionsRepository(db);\n\tconst storedUrl = await options.get<string>(\"emdash:site_url\");\n\tif (storedUrl) {\n\t\treturn `${storedUrl}/_emdash`;\n\t}\n\t// Fallback: derive from request (only reached before setup completes)\n\tconst url = new URL(request.url);\n\treturn `${url.protocol}//${url.host}/_emdash`;\n}\n"],"mappings":";;;AAeA,eAAsB,eAAe,IAAsB,SAAmC;CAE7F,MAAM,YAAY,MADF,IAAI,kBAAkB,GAAG,CACT,IAAY,kBAAkB;AAC9D,KAAI,UACH,QAAO,GAAG,UAAU;CAGrB,MAAM,MAAM,IAAI,IAAI,QAAQ,IAAI;AAChC,QAAO,GAAG,IAAI,SAAS,IAAI,IAAI,KAAK"}
+{"version":3,"file":"site-url-CnHlmAs9.mjs","names":[],"sources":["../src/api/site-url.ts"],"sourcesContent":["/**\n * Resolve the canonical site base URL for use in outbound links (emails, etc.).\n *\n * Uses the stored `emdash:site_url` (set during setup on the real domain)\n * so that Host header spoofing in later requests cannot redirect users to\n * attacker-controlled domains.\n *\n * Falls back to the request URL only if no stored value exists (pre-setup).\n */\n\nimport type { Kysely } from \"kysely\";\n\nimport { OptionsRepository } from \"../database/repositories/options.js\";\nimport type { Database } from \"../database/types.js\";\n\nexport async function getSiteBaseUrl(db: Kysely<Database>, request: Request): Promise<string> {\n\tconst options = new OptionsRepository(db);\n\tconst storedUrl = await options.get<string>(\"emdash:site_url\");\n\tif (storedUrl) {\n\t\treturn `${storedUrl}/_emdash`;\n\t}\n\t// Fallback: derive from request (only reached before setup completes)\n\tconst url = new URL(request.url);\n\treturn `${url.protocol}//${url.host}/_emdash`;\n}\n"],"mappings":";;;AAeA,eAAsB,eAAe,IAAsB,SAAmC;CAE7F,MAAM,YAAY,MADF,IAAI,kBAAkB,GAAG,CACT,IAAY,kBAAkB;AAC9D,KAAI,UACH,QAAO,GAAG,UAAU;CAGrB,MAAM,MAAM,IAAI,IAAI,QAAQ,IAAI;AAChC,QAAO,GAAG,IAAI,SAAS,IAAI,IAAI,KAAK"}

package/dist/storage/local.d.mts

@@ -1,4 +1,4 @@
-import { a as ListOptions, d as Storage, l as SignedUploadOptions, n as DownloadResult, o as ListResult, p as UploadResult, s as LocalStorageConfig, u as SignedUploadUrl } from "../types-kwqCOUxj.mjs";
+import { a as ListOptions, d as Storage, l as SignedUploadOptions, n as DownloadResult, o as ListResult, p as UploadResult, s as LocalStorageConfig, u as SignedUploadUrl } from "../types-D4kUqbHh.mjs";
 
 //#region src/storage/local.d.ts
 /**

package/dist/storage/s3.d.mts

@@ -1,4 +1,4 @@
-import { a as ListOptions, c as S3StorageConfig, d as Storage, l as SignedUploadOptions, n as DownloadResult, o as ListResult, p as UploadResult, u as SignedUploadUrl } from "../types-kwqCOUxj.mjs";
+import { a as ListOptions, c as S3StorageConfig, d as Storage, l as SignedUploadOptions, n as DownloadResult, o as ListResult, p as UploadResult, u as SignedUploadUrl } from "../types-D4kUqbHh.mjs";
 
 //#region src/storage/s3.d.ts
 /**

package/dist/{taxonomies-UusDXv3C.mjs → taxonomies-BILwiyGk.mjs}

@@ -1,6 +1,6 @@
 import { a as __exportAll } from "./runner--4wMWwKM.mjs";
 import { t as TaxonomyRepository } from "./taxonomy-CdllE4oq.mjs";
-import { l as invalidateTermCache } from "./taxonomies-BEW7S5AI.mjs";
+import { l as invalidateTermCache } from "./taxonomies-BdAmbOwx.mjs";
 import { ulid } from "ulidx";
 
 //#region src/api/handlers/taxonomies.ts
@@ -505,4 +505,4 @@ async function handleTermDelete(db, taxonomyName, termSlug, options = {}) {
 
 //#endregion
 export { handleTermGet as a, handleTermUpdate as c, handleTermDelete as i, taxonomies_exports as l, handleTaxonomyList as n, handleTermList as o, handleTermCreate as r, handleTermTranslations as s, handleTaxonomyCreate as t };
-//# sourceMappingURL=taxonomies-UusDXv3C.mjs.map
+//# sourceMappingURL=taxonomies-BILwiyGk.mjs.map