gina 0.4.5 → 0.4.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (475) hide show
  1. package/CHANGELOG.md +36 -0
  2. package/CONTRIBUTING.md +2 -2
  3. package/README.md +10 -8
  4. package/ROADMAP.md +2 -2
  5. package/framework/v0.4.6/VERSION +1 -0
  6. package/framework/v0.4.6/core/asset/plugin/dist/vendor/gina/css/gina.min.css +1 -0
  7. package/framework/v0.4.6/core/asset/plugin/dist/vendor/gina/css/gina.min.css.br +0 -0
  8. package/framework/v0.4.6/core/asset/plugin/dist/vendor/gina/css/gina.min.css.gz +0 -0
  9. package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/inspector/inspector.js +62 -0
  10. package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/js/gina.js +934 -42
  11. package/framework/v0.4.6/core/asset/plugin/dist/vendor/gina/js/gina.min.js +571 -0
  12. package/framework/v0.4.6/core/asset/plugin/dist/vendor/gina/js/gina.min.js.br +0 -0
  13. package/framework/v0.4.6/core/asset/plugin/dist/vendor/gina/js/gina.min.js.gz +0 -0
  14. package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.js +62 -6
  15. package/framework/v0.4.6/core/controller/controller.render-nunjucks-async.js +788 -0
  16. package/framework/v0.4.6/core/controller/controller.render-swig-async.js +664 -0
  17. package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.render-swig.js +52 -5
  18. package/framework/{v0.4.5 → v0.4.6}/core/gna.js +24 -0
  19. package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/csp/README.md +35 -0
  20. package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/csp/src/main.js +136 -2
  21. package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/storage/package.json +0 -3
  22. package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/validator/package.json +0 -3
  23. package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/validator/src/main.js +17 -4
  24. package/framework/{v0.4.5 → v0.4.6}/core/server.isaac.js +2 -2
  25. package/framework/{v0.4.5 → v0.4.6}/core/server.js +273 -97
  26. package/framework/{v0.4.5 → v0.4.6}/helpers/data/package.json +0 -3
  27. package/framework/{v0.4.5 → v0.4.6}/helpers/data/src/main.js +58 -3
  28. package/framework/{v0.4.5 → v0.4.6}/helpers/json/package.json +0 -3
  29. package/framework/{v0.4.5 → v0.4.6}/helpers/plugins/package.json +0 -3
  30. package/framework/{v0.4.5 → v0.4.6}/lib/archiver/package.json +0 -3
  31. package/framework/{v0.4.5 → v0.4.6}/lib/cache/package.json +0 -3
  32. package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/link.js +16 -5
  33. package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/msg.json +1 -1
  34. package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/restart.js +11 -3
  35. package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/start.js +5 -1
  36. package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/version.js +24 -3
  37. package/framework/{v0.4.5 → v0.4.6}/lib/cmd/helper.js +28 -9
  38. package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/add.js +29 -13
  39. package/framework/{v0.4.5 → v0.4.6}/lib/collection/package.json +0 -3
  40. package/framework/{v0.4.5 → v0.4.6}/lib/cron/package.json +0 -3
  41. package/framework/{v0.4.5 → v0.4.6}/lib/domain/package.json +0 -3
  42. package/framework/{v0.4.5 → v0.4.6}/lib/index.js +7 -0
  43. package/framework/{v0.4.5 → v0.4.6}/lib/inherits/package.json +0 -3
  44. package/framework/{v0.4.5 → v0.4.6}/lib/logger/package.json +0 -3
  45. package/framework/{v0.4.5 → v0.4.6}/lib/merge/package.json +0 -3
  46. package/framework/{v0.4.5 → v0.4.6}/lib/model.js +17 -0
  47. package/framework/{v0.4.5 → v0.4.6}/lib/nunjucks-filters/src/main.js +37 -11
  48. package/framework/{v0.4.5 → v0.4.6}/lib/routing/package.json +0 -3
  49. package/framework/{v0.4.5 → v0.4.6}/lib/routing/src/main.js +4 -4
  50. package/framework/{v0.4.5 → v0.4.6}/lib/swig-filters/package.json +0 -3
  51. package/framework/{v0.4.5 → v0.4.6}/lib/swig-filters/src/main.js +45 -6
  52. package/framework/v0.4.6/lib/template-loaders/package.json +17 -0
  53. package/framework/v0.4.6/lib/template-loaders/src/loaders/http.js +272 -0
  54. package/framework/v0.4.6/lib/template-loaders/src/loaders/memory.js +75 -0
  55. package/framework/v0.4.6/lib/template-loaders/src/main.js +134 -0
  56. package/framework/{v0.4.5 → v0.4.6}/package.json +2 -2
  57. package/gna.js +4 -4
  58. package/llms.txt +32 -44
  59. package/package.json +6 -3
  60. package/playwright.config.js +35 -0
  61. package/schema/settings.json +105 -0
  62. package/types/gna.d.ts +1 -1
  63. package/framework/v0.4.5/VERSION +0 -1
  64. package/framework/v0.4.5/core/asset/plugin/dist/vendor/gina/css/gina.min.css +0 -1
  65. package/framework/v0.4.5/core/asset/plugin/dist/vendor/gina/css/gina.min.css.br +0 -0
  66. package/framework/v0.4.5/core/asset/plugin/dist/vendor/gina/css/gina.min.css.gz +0 -0
  67. package/framework/v0.4.5/core/asset/plugin/dist/vendor/gina/js/gina.min.js +0 -555
  68. package/framework/v0.4.5/core/asset/plugin/dist/vendor/gina/js/gina.min.js.br +0 -0
  69. package/framework/v0.4.5/core/asset/plugin/dist/vendor/gina/js/gina.min.js.gz +0 -0
  70. /package/framework/{v0.4.5 → v0.4.6}/AUTHORS +0 -0
  71. /package/framework/{v0.4.5 → v0.4.6}/LICENSE +0 -0
  72. /package/framework/{v0.4.5 → v0.4.6}/core/asset/html/nolayout.html +0 -0
  73. /package/framework/{v0.4.5 → v0.4.6}/core/asset/html/static.html +0 -0
  74. /package/framework/{v0.4.5 → v0.4.6}/core/asset/img/android-chrome-192x192.png +0 -0
  75. /package/framework/{v0.4.5 → v0.4.6}/core/asset/img/android-chrome-512x512.png +0 -0
  76. /package/framework/{v0.4.5 → v0.4.6}/core/asset/img/apple-touch-icon.png +0 -0
  77. /package/framework/{v0.4.5 → v0.4.6}/core/asset/img/favicon-16x16.png +0 -0
  78. /package/framework/{v0.4.5 → v0.4.6}/core/asset/img/favicon-32x32.png +0 -0
  79. /package/framework/{v0.4.5 → v0.4.6}/core/asset/img/favicon.ico +0 -0
  80. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/README.md +0 -0
  81. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/beemaster/beemaster.css +0 -0
  82. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/beemaster/beemaster.js +0 -0
  83. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/beemaster/index.html +0 -0
  84. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/html/statusbar.html +0 -0
  85. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/html/statusbar.html.br +0 -0
  86. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/html/statusbar.html.gz +0 -0
  87. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/inspector/have_heart_one-webfont.woff2 +0 -0
  88. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/inspector/index.html +0 -0
  89. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/inspector/inspector.css +0 -0
  90. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/inspector/logo.svg +0 -0
  91. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/js/gina.onload.min.js +0 -0
  92. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/js/gina.onload.min.js.br +0 -0
  93. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/js/gina.onload.min.js.gz +0 -0
  94. /package/framework/{v0.4.5 → v0.4.6}/core/config.js +0 -0
  95. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/ai/index.js +0 -0
  96. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/ai/lib/connector.js +0 -0
  97. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/index.js +0 -0
  98. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/connector.js +0 -0
  99. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/connector.v3.js +0 -0
  100. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/connector.v4.js +0 -0
  101. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/n1ql.js +0 -0
  102. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/session-store.js +0 -0
  103. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/session-store.v3.js +0 -0
  104. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/session-store.v4.js +0 -0
  105. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/mongodb/index.js +0 -0
  106. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/mongodb/lib/connector.js +0 -0
  107. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/mongodb/lib/pipeline-loader.js +0 -0
  108. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/mongodb/lib/session-store.js +0 -0
  109. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/mysql/index.js +0 -0
  110. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/mysql/lib/connector.js +0 -0
  111. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/postgresql/index.js +0 -0
  112. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/postgresql/lib/connector.js +0 -0
  113. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/redis/index.js +0 -0
  114. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/redis/lib/session-store.js +0 -0
  115. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/scylladb/index.js +0 -0
  116. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/scylladb/lib/connector.js +0 -0
  117. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/scylladb/lib/session-store.js +0 -0
  118. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/sql-parser.js +0 -0
  119. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/sqlite/index.js +0 -0
  120. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/sqlite/lib/connector.js +0 -0
  121. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/sqlite/lib/session-store.js +0 -0
  122. /package/framework/{v0.4.5 → v0.4.6}/core/content.encoding +0 -0
  123. /package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.framework.js +0 -0
  124. /package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.render-json.js +0 -0
  125. /package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.render-nunjucks.js +0 -0
  126. /package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.render-stream.js +0 -0
  127. /package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.render-v1.js +0 -0
  128. /package/framework/{v0.4.5 → v0.4.6}/core/controller/index.js +0 -0
  129. /package/framework/{v0.4.5 → v0.4.6}/core/controller/inspector-window-emit.js +0 -0
  130. /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/LICENSE +0 -0
  131. /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/README.md +0 -0
  132. /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/lib/index.js +0 -0
  133. /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/lib/types/multipart.js +0 -0
  134. /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/lib/types/urlencoded.js +0 -0
  135. /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/lib/utils.js +0 -0
  136. /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/package.json +0 -0
  137. /package/framework/{v0.4.5 → v0.4.6}/core/deps/streamsearch-1.1.0/LICENSE +0 -0
  138. /package/framework/{v0.4.5 → v0.4.6}/core/deps/streamsearch-1.1.0/lib/sbmh.js +0 -0
  139. /package/framework/{v0.4.5 → v0.4.6}/core/deps/streamsearch-1.1.0/package.json +0 -0
  140. /package/framework/{v0.4.5 → v0.4.6}/core/dev/index.js +0 -0
  141. /package/framework/{v0.4.5 → v0.4.6}/core/dev/lib/class.js +0 -0
  142. /package/framework/{v0.4.5 → v0.4.6}/core/dev/lib/factory.js +0 -0
  143. /package/framework/{v0.4.5 → v0.4.6}/core/dev/lib/tools.js +0 -0
  144. /package/framework/{v0.4.5 → v0.4.6}/core/locales/README.md +0 -0
  145. /package/framework/{v0.4.5 → v0.4.6}/core/locales/currency.json +0 -0
  146. /package/framework/{v0.4.5 → v0.4.6}/core/locales/dist/language/en.json +0 -0
  147. /package/framework/{v0.4.5 → v0.4.6}/core/locales/dist/language/fr.json +0 -0
  148. /package/framework/{v0.4.5 → v0.4.6}/core/locales/dist/region/en.json +0 -0
  149. /package/framework/{v0.4.5 → v0.4.6}/core/locales/dist/region/fr.json +0 -0
  150. /package/framework/{v0.4.5 → v0.4.6}/core/locales/index.js +0 -0
  151. /package/framework/{v0.4.5 → v0.4.6}/core/mime.types +0 -0
  152. /package/framework/{v0.4.5 → v0.4.6}/core/model/entity.js +0 -0
  153. /package/framework/{v0.4.5 → v0.4.6}/core/model/index.js +0 -0
  154. /package/framework/{v0.4.5 → v0.4.6}/core/model/template/entityFactory.js +0 -0
  155. /package/framework/{v0.4.5 → v0.4.6}/core/model/template/index.js +0 -0
  156. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/README.md +0 -0
  157. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/index.js +0 -0
  158. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/csrf/README.md +0 -0
  159. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/csrf/package.json +0 -0
  160. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/csrf/src/main.js +0 -0
  161. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/README.md +0 -0
  162. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/coep/README.md +0 -0
  163. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/coep/package.json +0 -0
  164. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/coep/src/main.js +0 -0
  165. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/coop/README.md +0 -0
  166. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/coop/package.json +0 -0
  167. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/coop/src/main.js +0 -0
  168. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/corp/README.md +0 -0
  169. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/corp/package.json +0 -0
  170. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/corp/src/main.js +0 -0
  171. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/csp/package.json +0 -0
  172. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/hide-powered-by/README.md +0 -0
  173. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/hide-powered-by/package.json +0 -0
  174. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/hide-powered-by/src/main.js +0 -0
  175. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/hsts/README.md +0 -0
  176. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/hsts/package.json +0 -0
  177. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/hsts/src/main.js +0 -0
  178. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/origin-agent-cluster/README.md +0 -0
  179. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/origin-agent-cluster/package.json +0 -0
  180. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/origin-agent-cluster/src/main.js +0 -0
  181. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/package.json +0 -0
  182. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/referrer-policy/README.md +0 -0
  183. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/referrer-policy/package.json +0 -0
  184. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/referrer-policy/src/main.js +0 -0
  185. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/src/main.js +0 -0
  186. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-content-type-options/README.md +0 -0
  187. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-content-type-options/package.json +0 -0
  188. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-content-type-options/src/main.js +0 -0
  189. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-dns-prefetch-control/README.md +0 -0
  190. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-dns-prefetch-control/package.json +0 -0
  191. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-dns-prefetch-control/src/main.js +0 -0
  192. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-download-options/README.md +0 -0
  193. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-download-options/package.json +0 -0
  194. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-download-options/src/main.js +0 -0
  195. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-frame-options/README.md +0 -0
  196. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-frame-options/package.json +0 -0
  197. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-frame-options/src/main.js +0 -0
  198. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-permitted-cross-domain-policies/README.md +0 -0
  199. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-permitted-cross-domain-policies/package.json +0 -0
  200. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-permitted-cross-domain-policies/src/main.js +0 -0
  201. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-xss-protection/README.md +0 -0
  202. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-xss-protection/package.json +0 -0
  203. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-xss-protection/src/main.js +0 -0
  204. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/session/README.md +0 -0
  205. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/session/package.json +0 -0
  206. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/session/src/main.js +0 -0
  207. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/storage/README.md +0 -0
  208. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/storage/build.json +0 -0
  209. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/storage/src/main.js +0 -0
  210. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/validator/README.md +0 -0
  211. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/validator/build.json +0 -0
  212. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/validator/src/form-validator.js +0 -0
  213. /package/framework/{v0.4.5 → v0.4.6}/core/router.js +0 -0
  214. /package/framework/{v0.4.5 → v0.4.6}/core/server.express.js +0 -0
  215. /package/framework/{v0.4.5 → v0.4.6}/core/status.codes +0 -0
  216. /package/framework/{v0.4.5 → v0.4.6}/core/template/_gitignore +0 -0
  217. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/app.json +0 -0
  218. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/connectors.json +0 -0
  219. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/routing.json +0 -0
  220. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/settings.json +0 -0
  221. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/settings.server.json +0 -0
  222. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/templates.json +0 -0
  223. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/watchers.json +0 -0
  224. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/controllers/controller.content.js +0 -0
  225. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/controllers/controller.js +0 -0
  226. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/controllers/setup.js +0 -0
  227. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/index.js +0 -0
  228. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/locales/en.json +0 -0
  229. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_namespace/controllers/controller.js +0 -0
  230. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/css/default.css +0 -0
  231. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/css/home.css +0 -0
  232. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/css/vendor/readme.md +0 -0
  233. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/favicon.ico +0 -0
  234. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/js/vendor/readme.md +0 -0
  235. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/manifest.webmanifest +0 -0
  236. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/readme.md +0 -0
  237. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/sw.js +0 -0
  238. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_templates/handlers/main.js +0 -0
  239. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_templates/html/content/homepage.html +0 -0
  240. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_templates/html/includes/error-msg-noscript.html +0 -0
  241. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_templates/html/includes/error-msg-outdated-browser.html +0 -0
  242. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_templates/html/layouts/main.html +0 -0
  243. /package/framework/{v0.4.5 → v0.4.6}/core/template/command/gina.bat.tpl +0 -0
  244. /package/framework/{v0.4.5 → v0.4.6}/core/template/command/gina.tpl +0 -0
  245. /package/framework/{v0.4.5 → v0.4.6}/core/template/conf/env.json +0 -0
  246. /package/framework/{v0.4.5 → v0.4.6}/core/template/conf/manifest.json +0 -0
  247. /package/framework/{v0.4.5 → v0.4.6}/core/template/conf/package.json +0 -0
  248. /package/framework/{v0.4.5 → v0.4.6}/core/template/conf/settings.json +0 -0
  249. /package/framework/{v0.4.5 → v0.4.6}/core/template/conf/statics.json +0 -0
  250. /package/framework/{v0.4.5 → v0.4.6}/core/template/conf/templates.json +0 -0
  251. /package/framework/{v0.4.5 → v0.4.6}/core/template/error/client/json/401.json +0 -0
  252. /package/framework/{v0.4.5 → v0.4.6}/core/template/error/client/json/403.json +0 -0
  253. /package/framework/{v0.4.5 → v0.4.6}/core/template/error/client/json/404.json +0 -0
  254. /package/framework/{v0.4.5 → v0.4.6}/core/template/error/server/html/50x.html +0 -0
  255. /package/framework/{v0.4.5 → v0.4.6}/core/template/error/server/json/500.json +0 -0
  256. /package/framework/{v0.4.5 → v0.4.6}/core/template/error/server/json/503.json +0 -0
  257. /package/framework/{v0.4.5 → v0.4.6}/core/template/extensions/logger/config.json +0 -0
  258. /package/framework/{v0.4.5 → v0.4.6}/helpers/console.js +0 -0
  259. /package/framework/{v0.4.5 → v0.4.6}/helpers/context.js +0 -0
  260. /package/framework/{v0.4.5 → v0.4.6}/helpers/data/LICENSE +0 -0
  261. /package/framework/{v0.4.5 → v0.4.6}/helpers/data/README.md +0 -0
  262. /package/framework/{v0.4.5 → v0.4.6}/helpers/dateFormat.js +0 -0
  263. /package/framework/{v0.4.5 → v0.4.6}/helpers/index.js +0 -0
  264. /package/framework/{v0.4.5 → v0.4.6}/helpers/json/LICENSE +0 -0
  265. /package/framework/{v0.4.5 → v0.4.6}/helpers/json/README.md +0 -0
  266. /package/framework/{v0.4.5 → v0.4.6}/helpers/json/src/main.js +0 -0
  267. /package/framework/{v0.4.5 → v0.4.6}/helpers/path.js +0 -0
  268. /package/framework/{v0.4.5 → v0.4.6}/helpers/plugins/README.md +0 -0
  269. /package/framework/{v0.4.5 → v0.4.6}/helpers/plugins/src/api-error.js +0 -0
  270. /package/framework/{v0.4.5 → v0.4.6}/helpers/plugins/src/main.js +0 -0
  271. /package/framework/{v0.4.5 → v0.4.6}/helpers/prototypes.js +0 -0
  272. /package/framework/{v0.4.5 → v0.4.6}/helpers/task.js +0 -0
  273. /package/framework/{v0.4.5 → v0.4.6}/helpers/text.js +0 -0
  274. /package/framework/{v0.4.5 → v0.4.6}/lib/archiver/README.md +0 -0
  275. /package/framework/{v0.4.5 → v0.4.6}/lib/archiver/build.json +0 -0
  276. /package/framework/{v0.4.5 → v0.4.6}/lib/archiver/src/dep/jszip.min.js +0 -0
  277. /package/framework/{v0.4.5 → v0.4.6}/lib/archiver/src/main.js +0 -0
  278. /package/framework/{v0.4.5 → v0.4.6}/lib/async/package.json +0 -0
  279. /package/framework/{v0.4.5 → v0.4.6}/lib/async/src/main.js +0 -0
  280. /package/framework/{v0.4.5 → v0.4.6}/lib/cache/README.md +0 -0
  281. /package/framework/{v0.4.5 → v0.4.6}/lib/cache/build.json +0 -0
  282. /package/framework/{v0.4.5 → v0.4.6}/lib/cache/src/main.js +0 -0
  283. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/aliases.json +0 -0
  284. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/add.js +0 -0
  285. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/arguments.json +0 -0
  286. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/build.js +0 -0
  287. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/copy.js +0 -0
  288. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/cp.js +0 -0
  289. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/help.js +0 -0
  290. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/help.txt +0 -0
  291. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/inc/name-rewrite.js +0 -0
  292. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/list.js +0 -0
  293. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/mcp-start.js +0 -0
  294. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/mcp.js +0 -0
  295. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/oas.js +0 -0
  296. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/openapi.js +0 -0
  297. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/remove.js +0 -0
  298. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/rename.js +0 -0
  299. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/restart.js +0 -0
  300. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/rm.js +0 -0
  301. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/start.js +0 -0
  302. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/status.js +0 -0
  303. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/stop.js +0 -0
  304. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/cache/stats.js +0 -0
  305. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/add.js +0 -0
  306. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/arguments.json +0 -0
  307. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/help.js +0 -0
  308. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/help.txt +0 -0
  309. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/list.js +0 -0
  310. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/migrate.js +0 -0
  311. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/remove.js +0 -0
  312. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/rm.js +0 -0
  313. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/add.js +0 -0
  314. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/get.js +0 -0
  315. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/help.js +0 -0
  316. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/help.txt +0 -0
  317. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/link-dev.js +0 -0
  318. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/list.js +0 -0
  319. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/remove.js +0 -0
  320. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/rm.js +0 -0
  321. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/set.js +0 -0
  322. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/unset.js +0 -0
  323. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/use.js +0 -0
  324. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/arguments.json +0 -0
  325. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/build.js +0 -0
  326. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/dot.js +0 -0
  327. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/get.js +0 -0
  328. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/help.js +0 -0
  329. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/help.txt +0 -0
  330. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/init.js +0 -0
  331. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/link-node-modules.js +0 -0
  332. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/open.js +0 -0
  333. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/set.js +0 -0
  334. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/status.js +0 -0
  335. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/stop.js +0 -0
  336. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/tail.js +0 -0
  337. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/update.js +0 -0
  338. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/gina-dev.1.md +0 -0
  339. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/gina-framework.1.md +0 -0
  340. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/gina.1.md +0 -0
  341. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/add.js +0 -0
  342. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/arguments.json +0 -0
  343. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/export.js +0 -0
  344. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/help.js +0 -0
  345. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/help.txt +0 -0
  346. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/import.js +0 -0
  347. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/scan.js +0 -0
  348. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/index.js +0 -0
  349. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/inspector/help.js +0 -0
  350. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/inspector/help.txt +0 -0
  351. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/inspector/open.js +0 -0
  352. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/minion/arguments.json +0 -0
  353. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/minion/help.js +0 -0
  354. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/minion/help.txt +0 -0
  355. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/minion/kill.js +0 -0
  356. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/minion/list.js +0 -0
  357. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/msg.json +0 -0
  358. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/port/help.js +0 -0
  359. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/port/help.txt +0 -0
  360. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/port/inc/scan.js +0 -0
  361. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/port/list.js +0 -0
  362. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/port/reset.js +0 -0
  363. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/port/set.js +0 -0
  364. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/arguments.json +0 -0
  365. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/build.js +0 -0
  366. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/help.js +0 -0
  367. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/help.txt +0 -0
  368. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/import.js +0 -0
  369. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/list.js +0 -0
  370. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/move.js +0 -0
  371. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/remove.js +0 -0
  372. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/rename.js +0 -0
  373. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/restart.js +0 -0
  374. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/rm.js +0 -0
  375. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/start.js +0 -0
  376. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/status.js +0 -0
  377. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/stop.js +0 -0
  378. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/protocol/arguments.json +0 -0
  379. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/protocol/help.js +0 -0
  380. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/protocol/help.txt +0 -0
  381. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/protocol/list.js +0 -0
  382. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/protocol/remove.js +0 -0
  383. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/protocol/set.js +0 -0
  384. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/add.js +0 -0
  385. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/help.js +0 -0
  386. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/help.txt +0 -0
  387. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/link-local.js +0 -0
  388. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/link-production.js +0 -0
  389. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/list.js +0 -0
  390. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/remove.js +0 -0
  391. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/rm.js +0 -0
  392. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/use.js +0 -0
  393. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/secrets/arguments.json +0 -0
  394. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/secrets/check.js +0 -0
  395. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/secrets/help.js +0 -0
  396. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/secrets/help.txt +0 -0
  397. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/secrets/scan.js +0 -0
  398. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/service/help.js +0 -0
  399. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/service/help.txt +0 -0
  400. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/service/list.js +0 -0
  401. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/service/start.js +0 -0
  402. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/view/add.js +0 -0
  403. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd-status-format/package.json +0 -0
  404. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd-status-format/src/main.js +0 -0
  405. /package/framework/{v0.4.5 → v0.4.6}/lib/collection/README.md +0 -0
  406. /package/framework/{v0.4.5 → v0.4.6}/lib/collection/build.json +0 -0
  407. /package/framework/{v0.4.5 → v0.4.6}/lib/collection/src/main.js +0 -0
  408. /package/framework/{v0.4.5 → v0.4.6}/lib/config.js +0 -0
  409. /package/framework/{v0.4.5 → v0.4.6}/lib/connector-registry/package.json +0 -0
  410. /package/framework/{v0.4.5 → v0.4.6}/lib/connector-registry/src/main.js +0 -0
  411. /package/framework/{v0.4.5 → v0.4.6}/lib/cron/README.md +0 -0
  412. /package/framework/{v0.4.5 → v0.4.6}/lib/cron/src/main.js +0 -0
  413. /package/framework/{v0.4.5 → v0.4.6}/lib/domain/LICENSE +0 -0
  414. /package/framework/{v0.4.5 → v0.4.6}/lib/domain/README.md +0 -0
  415. /package/framework/{v0.4.5 → v0.4.6}/lib/domain/src/main.js +0 -0
  416. /package/framework/{v0.4.5 → v0.4.6}/lib/generator/index.js +0 -0
  417. /package/framework/{v0.4.5 → v0.4.6}/lib/i18n/package.json +0 -0
  418. /package/framework/{v0.4.5 → v0.4.6}/lib/i18n/src/main.js +0 -0
  419. /package/framework/{v0.4.5 → v0.4.6}/lib/inherits/LICENSE +0 -0
  420. /package/framework/{v0.4.5 → v0.4.6}/lib/inherits/README.md +0 -0
  421. /package/framework/{v0.4.5 → v0.4.6}/lib/inherits/src/main.js +0 -0
  422. /package/framework/{v0.4.5 → v0.4.6}/lib/inspector-redact/package.json +0 -0
  423. /package/framework/{v0.4.5 → v0.4.6}/lib/inspector-redact/src/main.js +0 -0
  424. /package/framework/{v0.4.5 → v0.4.6}/lib/instrument/package.json +0 -0
  425. /package/framework/{v0.4.5 → v0.4.6}/lib/instrument/src/main.js +0 -0
  426. /package/framework/{v0.4.5 → v0.4.6}/lib/job/package.json +0 -0
  427. /package/framework/{v0.4.5 → v0.4.6}/lib/job/src/main.js +0 -0
  428. /package/framework/{v0.4.5 → v0.4.6}/lib/logger/README.md +0 -0
  429. /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/default/index.js +0 -0
  430. /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/file/index.js +0 -0
  431. /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/file/lib/logrotator/README.md +0 -0
  432. /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/file/lib/logrotator/index.js +0 -0
  433. /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/mq/index.js +0 -0
  434. /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/mq/listener.js +0 -0
  435. /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/mq/speaker.js +0 -0
  436. /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/helper.js +0 -0
  437. /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/main.js +0 -0
  438. /package/framework/{v0.4.5 → v0.4.6}/lib/math/index.js +0 -0
  439. /package/framework/{v0.4.5 → v0.4.6}/lib/mcp-dispatch/package.json +0 -0
  440. /package/framework/{v0.4.5 → v0.4.6}/lib/mcp-dispatch/src/main.js +0 -0
  441. /package/framework/{v0.4.5 → v0.4.6}/lib/mcp-http/package.json +0 -0
  442. /package/framework/{v0.4.5 → v0.4.6}/lib/mcp-http/src/main.js +0 -0
  443. /package/framework/{v0.4.5 → v0.4.6}/lib/mcp-server/package.json +0 -0
  444. /package/framework/{v0.4.5 → v0.4.6}/lib/mcp-server/src/main.js +0 -0
  445. /package/framework/{v0.4.5 → v0.4.6}/lib/merge/README.md +0 -0
  446. /package/framework/{v0.4.5 → v0.4.6}/lib/merge/src/main.js +0 -0
  447. /package/framework/{v0.4.5 → v0.4.6}/lib/metrics/package.json +0 -0
  448. /package/framework/{v0.4.5 → v0.4.6}/lib/metrics/src/main.js +0 -0
  449. /package/framework/{v0.4.5 → v0.4.6}/lib/nunjucks-filters/README.md +0 -0
  450. /package/framework/{v0.4.5 → v0.4.6}/lib/nunjucks-filters/package.json +0 -0
  451. /package/framework/{v0.4.5 → v0.4.6}/lib/nunjucks-resolver/package.json +0 -0
  452. /package/framework/{v0.4.5 → v0.4.6}/lib/nunjucks-resolver/src/main.js +0 -0
  453. /package/framework/{v0.4.5 → v0.4.6}/lib/proc.js +0 -0
  454. /package/framework/{v0.4.5 → v0.4.6}/lib/routing/README.md +0 -0
  455. /package/framework/{v0.4.5 → v0.4.6}/lib/routing/build.json +0 -0
  456. /package/framework/{v0.4.5 → v0.4.6}/lib/routing/src/radix.js +0 -0
  457. /package/framework/{v0.4.5 → v0.4.6}/lib/routing-introspect/package.json +0 -0
  458. /package/framework/{v0.4.5 → v0.4.6}/lib/routing-introspect/src/main.js +0 -0
  459. /package/framework/{v0.4.5 → v0.4.6}/lib/secrets/package.json +0 -0
  460. /package/framework/{v0.4.5 → v0.4.6}/lib/secrets/src/backends/env.js +0 -0
  461. /package/framework/{v0.4.5 → v0.4.6}/lib/secrets/src/main.js +0 -0
  462. /package/framework/{v0.4.5 → v0.4.6}/lib/session-store.js +0 -0
  463. /package/framework/{v0.4.5 → v0.4.6}/lib/shell.js +0 -0
  464. /package/framework/{v0.4.5 → v0.4.6}/lib/state.js +0 -0
  465. /package/framework/{v0.4.5 → v0.4.6}/lib/swig-filters/README.md +0 -0
  466. /package/framework/{v0.4.5 → v0.4.6}/lib/swig-resolver/package.json +0 -0
  467. /package/framework/{v0.4.5 → v0.4.6}/lib/swig-resolver/src/main.js +0 -0
  468. /package/framework/{v0.4.5 → v0.4.6}/lib/url/README.md +0 -0
  469. /package/framework/{v0.4.5 → v0.4.6}/lib/url/index.js +0 -0
  470. /package/framework/{v0.4.5 → v0.4.6}/lib/url/routing.json +0 -0
  471. /package/framework/{v0.4.5 → v0.4.6}/lib/uuid/package.json +0 -0
  472. /package/framework/{v0.4.5 → v0.4.6}/lib/uuid/src/main.js +0 -0
  473. /package/framework/{v0.4.5 → v0.4.6}/lib/validator.js +0 -0
  474. /package/framework/{v0.4.5 → v0.4.6}/lib/watcher/package.json +0 -0
  475. /package/framework/{v0.4.5 → v0.4.6}/lib/watcher/src/main.js +0 -0
@@ -5164,7 +5164,7 @@ function Routing() {
5164
5164
  method : method,
5165
5165
  requirements : routeObject.requirements,
5166
5166
  namespace : routeObject.namespace || undefined,
5167
- url : decodeURI(req.url), /// avoid %20
5167
+ url : safeDecodeURI(req.url), /// avoid %20 — #B30 malformed-%-safe
5168
5168
  rule : routeObject.originalRule || cachedRoute.name,
5169
5169
 
5170
5170
  param : routeObject.param,
@@ -6437,7 +6437,7 @@ function Routing() {
6437
6437
 
6438
6438
  pathname = url.replace( new RegExp('^('+ hostname +'|'+hostname.replace(/\:\d+/, '') +')' ), '');
6439
6439
  if ( typeof(request.routing.path) == 'undefined' )
6440
- request.routing.path = decodeURI(pathname);
6440
+ request.routing.path = safeDecodeURI(pathname); // #B30 malformed-%-safe
6441
6441
  method = ( typeof(method) != 'undefined' ) ? method.toLowerCase() : 'get';
6442
6442
 
6443
6443
  if (isMethodProvidedByDefault) {
@@ -6445,7 +6445,7 @@ function Routing() {
6445
6445
  request.originalMethod = request.method;
6446
6446
 
6447
6447
  request.method = method;
6448
- request.routing.path = decodeURI(pathname)
6448
+ request.routing.path = safeDecodeURI(pathname) // #B30 malformed-%-safe
6449
6449
  }
6450
6450
  // last method check
6451
6451
  if ( !request.method)
@@ -6480,7 +6480,7 @@ function Routing() {
6480
6480
  method : localMethod,
6481
6481
  requirements : routing[name].requirements,
6482
6482
  namespace : routing[name].namespace || undefined,
6483
- url : decodeURI(pathname), /// avoid %20
6483
+ url : safeDecodeURI(pathname), /// avoid %20 — #B30 malformed-%-safe
6484
6484
  rule : routing[name].originalRule || name,
6485
6485
  param : routing[name].param,
6486
6486
  //middleware: routing[name].middleware,
@@ -8840,11 +8840,16 @@ define('gina/link', [ 'require', 'lib/domain', 'lib/merge', 'lib/uuid', 'utils/e
8840
8840
  console.debug('Is request from same domain ? ', isSameDomain);
8841
8841
  }
8842
8842
  if (!isSameDomain) {
8843
- // proxy external urls
8844
- // TODO - instead of using `cors.io`, try to intégrate a local CORS proxy similar to : http://oskarhane.com/avoid-cors-with-nginx-proxy_pass/
8845
- //url = url.match(/^(https|http)\:/)[0] + '//cors.io/?' + url;
8846
- url = url.match(/^(https|http)\:/)[0] + '//corsacme.herokuapp.com/?'+ url;
8847
- //delete options.headers['X-Requested-With']
8843
+ // Cross-origin request: drop credentials by default — the target
8844
+ // server must opt in via `Access-Control-Allow-Origin` (+ `Vary: Origin`).
8845
+ // If forced by user options, it is restored by the `$link.options` merge.
8846
+ //
8847
+ // SECURITY: the previous code rewrote the URL through an external CORS
8848
+ // proxy (`corsacme.herokuapp.com`) — an unmaintained third party that
8849
+ // would have routed user traffic (and any credentials) through it, and
8850
+ // which no longer resolves. Removed; cross-origin requests now go direct
8851
+ // and rely on the server's own CORS headers.
8852
+ options.withCredentials = false;
8848
8853
  }
8849
8854
  }
8850
8855
  options.url = url;
@@ -9321,6 +9326,56 @@ function DataHelper(){
9321
9326
  replace(/%(?:7C|60|5E)/g, unescape);
9322
9327
  };
9323
9328
 
9329
+ /**
9330
+ * Percent-decodes a string, returning the input UNCHANGED when it is not a
9331
+ * valid URI component. `decodeURIComponent` throws `URIError` on a malformed
9332
+ * escape (a bare `%`, `%zz`, or a truncated `%E0%A`). On the server request
9333
+ * path an attacker-controlled malformed `%` in a URL / query string would
9334
+ * otherwise reach an unguarded `decodeURIComponent`, throw, and — since the
9335
+ * framework runs no `uncaughtException` handler — take the whole bundle down
9336
+ * (#B30). Use this at every server-side decode of attacker-controllable
9337
+ * input where the decode is the genuine (first) decode and cannot simply be
9338
+ * dropped; it mirrors the try/decode/fallback-to-raw idiom already used in
9339
+ * the POST/PUT/PATCH body branches of `processRequestData`.
9340
+ *
9341
+ * @param {string} str - the value to decode
9342
+ * @returns {string} the decoded value, or the original string on URIError
9343
+ * @example
9344
+ * safeDecodeURIComponent('a%20b'); // 'a b'
9345
+ * safeDecodeURIComponent('100%'); // '100%' (decodeURIComponent would throw URIError)
9346
+ */
9347
+ safeDecodeURIComponent = function(str) {
9348
+ try {
9349
+ return decodeURIComponent(str);
9350
+ } catch (err) {
9351
+ return str;
9352
+ }
9353
+ };
9354
+
9355
+ /**
9356
+ * Like {@link safeDecodeURIComponent} but for whole-URI decoding: wraps
9357
+ * `decodeURI` (which leaves URI-reserved characters such as `/ ? #` intact —
9358
+ * used across the routing and error-handler paths to turn `%20` back into a
9359
+ * space without touching path separators). `decodeURI` throws the SAME
9360
+ * `URIError` as `decodeURIComponent` on a malformed escape, so an unguarded
9361
+ * call on the request URL / pathname crashes the bundle the same way (#B30) —
9362
+ * including from inside `throwError`, which would turn a graceful error into a
9363
+ * crash. Returns the input unchanged on a malformed escape.
9364
+ *
9365
+ * @param {string} str - the value to decode
9366
+ * @returns {string} the decoded value, or the original string on URIError
9367
+ * @example
9368
+ * safeDecodeURI('/a%20b'); // '/a b'
9369
+ * safeDecodeURI('/a%E0%A'); // '/a%E0%A' (decodeURI would throw URIError)
9370
+ */
9371
+ safeDecodeURI = function(str) {
9372
+ try {
9373
+ return decodeURI(str);
9374
+ } catch (err) {
9375
+ return str;
9376
+ }
9377
+ };
9378
+
9324
9379
  /**
9325
9380
  * Convert JSON string with structured keys to object
9326
9381
  *
@@ -9425,7 +9480,11 @@ function DataHelper(){
9425
9480
  for (var i = 0, len = arr.length; i < len; ++i) {
9426
9481
  if (!arr[i]) continue;
9427
9482
 
9428
- arr[i] = decodeURIComponent(arr[i]);
9483
+ // #B30: tolerate a malformed `%` escape (fall back to the raw
9484
+ // segment) instead of letting decodeURIComponent throw URIError —
9485
+ // an unguarded throw here propagates to processRequestData with no
9486
+ // uncaughtException handler and crashes the bundle.
9487
+ arr[i] = safeDecodeURIComponent(arr[i]);
9429
9488
 
9430
9489
  if ( /^\{/.test(arr[i]) || /\=\{/.test(arr[i]) || /\=\[/.test(arr[i]) ) {
9431
9490
  try {
@@ -9454,8 +9513,9 @@ function DataHelper(){
9454
9513
 
9455
9514
  if ( typeof(el[1]) == 'string' && !/\[object /.test(el[1])) {
9456
9515
  key = null;
9457
- el[0] = decodeURIComponent(el[0]);
9458
- el[1] = decodeURIComponent(el[1]);
9516
+ // #B30: malformed-%-safe decode (see the arr[] loop above).
9517
+ el[0] = safeDecodeURIComponent(el[0]);
9518
+ el[1] = safeDecodeURIComponent(el[1]);
9459
9519
 
9460
9520
  if ( /^(.*)\[(.*)\]/.test(el[0]) ) { // some[field] ?
9461
9521
  key = el[0].replace(/\]/g, '').split(/\[/g);
@@ -11536,8 +11596,18 @@ function ValidatorPlugin(rules, data, formId) {
11536
11596
  }
11537
11597
  //console.debug('sending -> ', data);
11538
11598
  if (!hasBinaries) {
11539
- if (typeof (enctype) != 'undefined' && enctype != null && enctype != '') {
11540
- xhr.setRequestHeader('Content-Type', enctype);
11599
+ // #FORMCT the non-binary body is JSON (JSON.stringify'd above). Honor an
11600
+ // EXPLICIT form `enctype` if set; otherwise send application/json — NOT the
11601
+ // urlencoded default — or the server url-decodes the JSON body ('+' -> space,
11602
+ // decodeURIComponent) and corrupts values such as email "+aliases".
11603
+ var explicitEnctype = $target.getAttribute('enctype');
11604
+ var sendContentType = (explicitEnctype && explicitEnctype != '')
11605
+ ? explicitEnctype
11606
+ : ( (typeof(data) == 'string' && /^[\[{]/.test(data.trim()))
11607
+ ? 'application/json; charset=UTF-8'
11608
+ : enctype );
11609
+ if (typeof (sendContentType) != 'undefined' && sendContentType != null && sendContentType != '') {
11610
+ xhr.setRequestHeader('Content-Type', sendContentType);
11541
11611
  }
11542
11612
  xhr.send(data)
11543
11613
  }
@@ -11913,8 +11983,11 @@ function ValidatorPlugin(rules, data, formId) {
11913
11983
  method: method,
11914
11984
  isSynchrone: isSynchrone,
11915
11985
  headers : {
11916
- // to upload, use `multipart/form-data` for `enctype`
11917
- 'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',
11986
+ // #FORMCT the body sent below is JSON (JSON.stringify({ files })).
11987
+ // Send application/json — NOT the urlencoded default — or the server
11988
+ // url-decodes the JSON body ('+' -> space, decodeURIComponent) and
11989
+ // corrupts '+'/'%' in removed-file keys.
11990
+ 'Content-Type': 'application/json; charset=UTF-8',
11918
11991
  // cross domain is enabled by default, but you need to setup `Access-Control-Allow-Origin`
11919
11992
  'X-Requested-With': 'XMLHttpRequest' // in case of cross domain origin
11920
11993
  }
@@ -17358,10 +17431,65 @@ define('gina/popin', [ 'require', 'lib/domain', 'lib/merge', 'utils/events' ], f
17358
17431
  */
17359
17432
  function _nextId(prefix) { return (prefix || 'gp') + '-' + (++_uid); }
17360
17433
 
17434
+ /**
17435
+ * Module-level preload cache, keyed by URL. Warmed by the delegated
17436
+ * mouseover/focusin listeners (installPreload) and consumed once at open time
17437
+ * (consumePreload). Shared across popin instances so a hover-preload survives the
17438
+ * subsequent click. A reserved-but-not-yet-loaded entry is `null` (in-flight).
17439
+ *
17440
+ * @inner
17441
+ * @type {object}
17442
+ */
17443
+ var preloadCache = {};
17444
+
17445
+ /** @inner @type {object} warn-once registry, keyed by deprecated attribute name */
17446
+ var _deprecationWarned = {};
17447
+
17448
+ /**
17449
+ * warnDeprecatedOnce
17450
+ *
17451
+ * Emits a one-time `console.warn` for a deprecated, *developer-authored* legacy
17452
+ * trigger attribute — only `data-gina-popin-name` and `data-gina-popin-url` reach
17453
+ * here (at most two distinct warnings for the life of the page). The
17454
+ * engine-managed `data-gina-popin-is-link` / `data-gina-popin-loading` attributes
17455
+ * are written by gina itself and are NOT deprecated, so they never warn.
17456
+ *
17457
+ * @inner
17458
+ * @param {string} kind - the legacy attribute name
17459
+ * @returns {void}
17460
+ */
17461
+ function warnDeprecatedOnce(kind) {
17462
+ if ( _deprecationWarned[kind] ) {
17463
+ return;
17464
+ }
17465
+ _deprecationWarned[kind] = true;
17466
+ if ( typeof(console) != 'undefined' && typeof(console.warn) == 'function' ) {
17467
+ var replacement = ( kind === 'data-gina-popin-name' ) ? 'data-gina-dialog' : 'data-gina-dialog-src';
17468
+ console.warn(
17469
+ '[gina/popin] `' + kind + '` is deprecated; use `' + replacement + '` instead. '
17470
+ + 'The legacy attribute still works (mapped onto the new dialog path).'
17471
+ );
17472
+ }
17473
+ }
17474
+
17475
+ /** @inner @type {boolean} module guard — the delegated open listener is installed once */
17476
+ var _ginaDialogDelegated = false;
17477
+ /** @inner @type {boolean} module guard — the preload listeners are installed once */
17478
+ var _ginaPreloadInstalled = false;
17479
+
17361
17480
  /**
17362
17481
  * Gina Popin Handler
17363
17482
  *
17364
17483
  * @param {object} options
17484
+ * @param {string} options.name - unique popin name (the `data-gina-popin-name` trigger value)
17485
+ * @param {string} [options.class='gina-popin-default'] - extra CSS class on the popin container
17486
+ * @param {boolean} [options.useDialogMode=true] - use a native `<dialog>` (modal) instead of a `<div>` + overlay
17487
+ * @param {boolean} [options.cancelOnOverlayClick=false] - close the popin when the backdrop/overlay is clicked
17488
+ * @param {boolean} [options.preOpen=false] - opt-in: open the popin with a loading skeleton BEFORE the XHR
17489
+ * returns (no blank-screen gap), replaced by the real content on completion. See showLoadingShell().
17490
+ * @param {string} [options.loadingShell] - custom skeleton HTML for `preOpen` (consumer markup wins);
17491
+ * when omitted a generic gina-namespaced default skeleton is used.
17492
+ * @param {object} [options.validator] - a FormValidator instance to bind forms inside the popin
17365
17493
  * */
17366
17494
  function Popin(options) {
17367
17495
 
@@ -17376,12 +17504,34 @@ define('gina/popin', [ 'require', 'lib/domain', 'lib/merge', 'utils/events' ], f
17376
17504
  'class': 'gina-popin-default',
17377
17505
  // Support of `<dialog>` tag, set `true`
17378
17506
  'useDialogMode': true,
17379
- 'cancelOnOverlayClick': false
17507
+ 'cancelOnOverlayClick': false,
17508
+ // Opt-in skeleton-loading pre-open: when `true`, the popin is filled with a
17509
+ // loading skeleton and opened BEFORE the XHR returns, then the real content
17510
+ // replaces the skeleton on completion. Off by default — pre-opening during
17511
+ // the load is a behavior change vs the default "open on content-complete"
17512
+ // path. See showLoadingShell().
17513
+ 'preOpen': false,
17514
+ // Optional skeleton markup for `preOpen`: a string of HTML injected into the
17515
+ // popin while it loads. When omitted, a generic gina-namespaced default
17516
+ // skeleton is used (styled by `.gina-popin-skeleton*` in popin.css).
17517
+ 'loadingShell': null,
17518
+ // Per-popin modal opt-in (precedence #2 in resolveModal). `null` => fall
17519
+ // through to the trigger `data-gina-dialog-modal` attribute, then the
17520
+ // `gina.config.popin.modal` project default, then the framework
17521
+ // non-modal default. Set `true`/`false` via `new Popin({ modal })`.
17522
+ 'modal': null
17380
17523
  },
17381
17524
  authorizedEvents : ['ready', 'error'],
17382
17525
  events: {}
17383
17526
  };
17384
17527
 
17528
+ // Snapshot the per-popin `modal` option (precedence #2) from the constructor
17529
+ // arg, so resolveModal() can read it. `gina.config.popin.modal` (precedence #4)
17530
+ // is read lazily at open time — it is populated post-load via setOptions.
17531
+ if ( options && typeof(options.modal) != 'undefined' ) {
17532
+ self.options.modal = options.modal;
17533
+ }
17534
+
17385
17535
  var instance = {
17386
17536
  plugin : this.plugin,
17387
17537
  id : 'gina-popins-' + _nextId(),
@@ -17446,7 +17596,11 @@ define('gina/popin', [ 'require', 'lib/domain', 'lib/merge', 'utils/events' ], f
17446
17596
  $container.setAttribute('id', instance.id);
17447
17597
  $container.setAttribute('class', 'gina-popins');
17448
17598
 
17449
- if ( !self.options.useDialogMode || gina.config.envIsDev) {
17599
+ // Non-dialog mode only: the manual .gina-popins-overlay provides the dimming/
17600
+ // click-catcher backdrop for non-dialog popins. Dialog-mode popins open as
17601
+ // native modals in every env (see the showModal() branch in this file) and use
17602
+ // the native ::backdrop, so they no longer need this overlay.
17603
+ if ( !self.options.useDialogMode ) {
17450
17604
  var $overlay = document.createElement('div');
17451
17605
  $overlay.setAttribute('id', 'gina-popins-overlay');
17452
17606
  $overlay.setAttribute('class', 'gina-popins-overlay');
@@ -17512,6 +17666,577 @@ define('gina/popin', [ 'require', 'lib/domain', 'lib/merge', 'utils/events' ], f
17512
17666
  }
17513
17667
 
17514
17668
 
17669
+ // ─────────────────────────────────────────────────────────────────────────
17670
+ // New `data-gina-dialog-*` entry layer (strangler — funnels into the existing
17671
+ // popinLoad / popinBind / popinOpen engine). Additive: the legacy bindOpen scan
17672
+ // and per-element binding below are kept intact for full parity.
17673
+ // ─────────────────────────────────────────────────────────────────────────
17674
+
17675
+ /**
17676
+ * resolveModal
17677
+ *
17678
+ * Resolves whether a trigger opens a modal dialog. Precedence (highest wins):
17679
+ * 1. legacy trigger (`data-gina-popin-name`) -> modal (today's showModal()-only parity)
17680
+ * 2. `data-gina-dialog-modal` on the trigger -> `"false"` => non-modal, else modal
17681
+ * 3. `new Popin({ modal })` per-popin option (`self.options.modal`)
17682
+ * 4. `gina.config.popin.modal` project default (read lazily — populated post-load)
17683
+ * 5. framework default -> non-modal
17684
+ *
17685
+ * @inner
17686
+ * @param {HTMLElement} $trigger
17687
+ * @param {boolean} [isLegacy] - precomputed legacy flag (resolveTrigger passes it)
17688
+ * @returns {boolean}
17689
+ */
17690
+ function resolveModal($trigger, isLegacy) {
17691
+ // 1. Legacy popins are always modal (showModal()-only, full parity).
17692
+ if ( isLegacy || $trigger.getAttribute('data-gina-popin-name') != null ) {
17693
+ return true;
17694
+ }
17695
+ // 2. Explicit attribute on the trigger. Value-parsed, no separate default:
17696
+ // `="false"` => non-modal; present with any other value => modal.
17697
+ var attr = $trigger.getAttribute('data-gina-dialog-modal');
17698
+ if ( attr != null ) {
17699
+ return ( attr === 'false' ) ? false : true;
17700
+ }
17701
+ // 3. Per-popin constructor option.
17702
+ if ( self.options.modal === true || self.options.modal === false ) {
17703
+ return self.options.modal;
17704
+ }
17705
+ // 4. Project config — read lazily at open time (gina.config is populated
17706
+ // post-load via setOptions, so it may be unset when the constructor ran).
17707
+ if (
17708
+ typeof(gina) != 'undefined' && gina.config && gina.config.popin
17709
+ && ( gina.config.popin.modal === true || gina.config.popin.modal === false )
17710
+ ) {
17711
+ return gina.config.popin.modal;
17712
+ }
17713
+ // 5. Framework default.
17714
+ return false;
17715
+ }
17716
+
17717
+ /**
17718
+ * resolveTrigger
17719
+ *
17720
+ * Normalizes a trigger element (new `data-gina-dialog-*` or legacy
17721
+ * `data-gina-popin-*`) into a single descriptor consumed by openFromTrigger().
17722
+ * Only the two developer-authored legacy attributes are aliased + warned:
17723
+ * `data-gina-popin-name` -> `id`, `data-gina-popin-url` -> `src`. The
17724
+ * engine-managed `-is-link` / `-loading` attributes are read by the engine where
17725
+ * it already reads them and are never deprecated here.
17726
+ *
17727
+ * @inner
17728
+ * @param {HTMLElement} $trigger
17729
+ * @returns {object} { id, src, isLegacy, modal, partialTarget, isLink, formSubmit }
17730
+ */
17731
+ function resolveTrigger($trigger) {
17732
+ var isLegacy = false;
17733
+ var id = $trigger.getAttribute('data-gina-dialog');
17734
+ var src = $trigger.getAttribute('data-gina-dialog-src');
17735
+
17736
+ // Legacy aliasing — only the two developer-authored attributes (warn once each).
17737
+ if ( id == null && $trigger.getAttribute('data-gina-popin-name') != null ) {
17738
+ isLegacy = true;
17739
+ id = $trigger.getAttribute('data-gina-popin-name');
17740
+ warnDeprecatedOnce('data-gina-popin-name');
17741
+ }
17742
+ if ( src == null && $trigger.getAttribute('data-gina-popin-url') != null ) {
17743
+ isLegacy = true;
17744
+ src = $trigger.getAttribute('data-gina-popin-url');
17745
+ warnDeprecatedOnce('data-gina-popin-url');
17746
+ }
17747
+ // An <a href> doubles as the source for both APIs (ignore empty / "#" anchors).
17748
+ if ( src == null && /^A$/i.test($trigger.tagName) ) {
17749
+ var href = $trigger.getAttribute('href');
17750
+ if ( href && href != '' && href != '#' && !/^#/.test(href) ) {
17751
+ src = href;
17752
+ }
17753
+ }
17754
+
17755
+ return {
17756
+ 'id' : id
17757
+ , 'src' : src
17758
+ , 'isLegacy' : isLegacy
17759
+ , 'modal' : resolveModal($trigger, isLegacy)
17760
+ , 'partialTarget' : $trigger.getAttribute('data-gina-dialog-target')
17761
+ // engine-managed (read, not deprecated) — surfaced for openFromTrigger
17762
+ , 'isLink' : /^true$/i.test($trigger.getAttribute('data-gina-popin-is-link'))
17763
+ , 'formSubmit' : /^true$/i.test($trigger.getAttribute('data-gina-form-submit'))
17764
+ };
17765
+ }
17766
+
17767
+ /**
17768
+ * wireTriggerAria — adds `aria-haspopup="dialog"` + `aria-controls="ID"` to a
17769
+ * trigger so assistive tech announces the relationship.
17770
+ *
17771
+ * @inner
17772
+ */
17773
+ function wireTriggerAria($trigger, id) {
17774
+ if ( !$trigger || !id ) {
17775
+ return;
17776
+ }
17777
+ $trigger.setAttribute('aria-haspopup', 'dialog');
17778
+ $trigger.setAttribute('aria-controls', id);
17779
+ }
17780
+
17781
+ /**
17782
+ * associateLabel — points the dialog's `aria-labelledby` at a REAL title element
17783
+ * (an `[id$="-title"]`, else the first heading), assigning an id if missing.
17784
+ * Fixes the legacy behavior of pointing `aria-labelledby` at the popin *name*.
17785
+ *
17786
+ * @inner
17787
+ */
17788
+ function associateLabel($el) {
17789
+ if ( !$el || typeof($el.querySelector) != 'function' ) {
17790
+ return;
17791
+ }
17792
+ var $title = $el.querySelector('[id$="-title"]') || $el.querySelector('h1, h2, h3, h4, h5, h6');
17793
+ if ( !$title ) {
17794
+ return;
17795
+ }
17796
+ if ( !$title.id ) {
17797
+ $title.id = ( $el.id || 'gina-popin' ) + '-title';
17798
+ $title.setAttribute('id', $title.id);
17799
+ }
17800
+ $el.setAttribute('aria-labelledby', $title.id);
17801
+ }
17802
+
17803
+ /**
17804
+ * focusInitial — moves focus into the dialog after content is applied, honoring
17805
+ * an explicit `[autofocus]`, else the first focusable, else the dialog itself.
17806
+ * (Native showModal() already does this; the non-modal `.show()` path does not.)
17807
+ *
17808
+ * @inner
17809
+ */
17810
+ function focusInitial($el) {
17811
+ if ( !$el || typeof($el.querySelector) != 'function' ) {
17812
+ return;
17813
+ }
17814
+ var $target = $el.querySelector('[autofocus]')
17815
+ || $el.querySelector('a[href], button:not([disabled]), input:not([disabled]), select:not([disabled]), textarea:not([disabled]), [tabindex]:not([tabindex="-1"])');
17816
+ if ( $target && typeof($target.focus) == 'function' ) {
17817
+ $target.focus();
17818
+ } else if ( typeof($el.focus) == 'function' ) {
17819
+ if ( $el.getAttribute('tabindex') == null ) {
17820
+ $el.setAttribute('tabindex', '-1');
17821
+ }
17822
+ $el.focus();
17823
+ }
17824
+ }
17825
+
17826
+ /**
17827
+ * applyNonModalShims
17828
+ *
17829
+ * Native `<dialog>.showModal()` gives `Escape`->close, background inert, body
17830
+ * scroll-block and a focus trap for free; `.show()` (non-modal, the new-API
17831
+ * default) gives none of them. This restores them: an `Escape` keydown handler,
17832
+ * a body scroll-lock attribute (CSS), and best-effort `inert` on background
17833
+ * siblings. Torn down by removeNonModalShims() on close.
17834
+ *
17835
+ * @inner
17836
+ */
17837
+ function applyNonModalShims($popin, $el) {
17838
+ if ( !$el ) {
17839
+ return;
17840
+ }
17841
+ // body scroll-lock (styled by `body[data-gina-popin-scroll-lock]` in popin.css)
17842
+ document.body.setAttribute('data-gina-popin-scroll-lock', 'true');
17843
+
17844
+ // Escape-to-close — native modal does this for free; .show() does not.
17845
+ var onKeydown = function (e) {
17846
+ if ( e.key === 'Escape' || e.keyCode === 27 ) {
17847
+ e.preventDefault();
17848
+ popinClose($popin.name);
17849
+ }
17850
+ };
17851
+ $el.__ginaOnKeydown = onKeydown;
17852
+ $el.addEventListener('keydown', onKeydown);
17853
+
17854
+ // Best-effort background inert (skip the dialog, its container and ancestors).
17855
+ var siblings = document.body.children;
17856
+ var b = 0, len = siblings.length;
17857
+ for (; b < len; ++b) {
17858
+ if ( siblings[b] === $el || siblings[b] === instance.target || siblings[b].contains($el) ) {
17859
+ continue;
17860
+ }
17861
+ if ( siblings[b].getAttribute('inert') == null ) {
17862
+ siblings[b].setAttribute('inert', '');
17863
+ siblings[b].setAttribute('data-gina-popin-inert', 'true');
17864
+ }
17865
+ }
17866
+ }
17867
+
17868
+ /**
17869
+ * removeNonModalShims — teardown counterpart to applyNonModalShims (called from
17870
+ * popinClose). Idempotent — safe to call for popins that were opened modal.
17871
+ *
17872
+ * @inner
17873
+ */
17874
+ function removeNonModalShims($el) {
17875
+ document.body.removeAttribute('data-gina-popin-scroll-lock');
17876
+ if ( $el && $el.__ginaOnKeydown ) {
17877
+ $el.removeEventListener('keydown', $el.__ginaOnKeydown);
17878
+ $el.__ginaOnKeydown = null;
17879
+ }
17880
+ var $inert = document.querySelectorAll('[data-gina-popin-inert]');
17881
+ var b = 0, len = $inert.length;
17882
+ for (; b < len; ++b) {
17883
+ $inert[b].removeAttribute('inert');
17884
+ $inert[b].removeAttribute('data-gina-popin-inert');
17885
+ }
17886
+ }
17887
+
17888
+ /**
17889
+ * applyContent
17890
+ *
17891
+ * Full (default): replace the whole element — byte-identical to the legacy
17892
+ * `$el.innerHTML = html.trim()`, so legacy popins are unaffected.
17893
+ * Partial (`partialTarget` set): parse the fetched HTML with DOMParser and swap
17894
+ * only the `partialTarget` region, so chrome (close button, header/footer) and
17895
+ * its bindings survive. Falls back to full-replace if the slot is absent.
17896
+ *
17897
+ * @inner
17898
+ */
17899
+ function applyContent($el, html, $popin, partialTarget) {
17900
+ if ( !partialTarget ) {
17901
+ $el.innerHTML = ( typeof(html) == 'string' ) ? html.trim() : '';
17902
+ return;
17903
+ }
17904
+ var $slot = $el.querySelector(partialTarget);
17905
+ if ( !$slot ) {
17906
+ $el.innerHTML = ( typeof(html) == 'string' ) ? html.trim() : '';
17907
+ return;
17908
+ }
17909
+ var parsed = new DOMParser().parseFromString(html, 'text/html');
17910
+ var $incoming = parsed.querySelector(partialTarget) || parsed.body;
17911
+ $slot.innerHTML = $incoming.innerHTML;
17912
+ }
17913
+
17914
+ /**
17915
+ * handleLoadedBody
17916
+ *
17917
+ * Applies a loaded HTML body (full or partial per `$popin.partialTarget`),
17918
+ * (re)binds the dialog through the guarded popinBind path, and opens it. Used by
17919
+ * the preload-consume path; the click-time XHR keeps its own battle-tested
17920
+ * completion tail (redirect / JSON / CORS / toolbar) for parity.
17921
+ *
17922
+ * @inner
17923
+ */
17924
+ function handleLoadedBody(body, $popin, $el) {
17925
+ // $el may be absent on the cold-click path before popinLoad created it; ensure
17926
+ // it so applyContent injects into — and popinOpen later scans — a real element.
17927
+ $el = $el || ensurePopinDialog($popin);
17928
+ applyContent($el, body, $popin, $popin.partialTarget);
17929
+ popinUnbind($popin.name, true);
17930
+ popinBind({ target: $el, type: 'loaded.' + $popin.id }, $popin);
17931
+ if ( !$popin.isOpen ) {
17932
+ popinOpen($popin.name);
17933
+ }
17934
+ associateLabel($el);
17935
+ focusInitial($el);
17936
+ }
17937
+
17938
+ /**
17939
+ * preloadFetch — small same-origin GET that mirrors popinLoad's `X-Requested-With`
17940
+ * + credentials so a preloaded response is interchangeable with a click-time load.
17941
+ * Cross-origin URLs are left for the click-time XHR/CORS path.
17942
+ *
17943
+ * @inner
17944
+ */
17945
+ function preloadFetch(url) {
17946
+ if (
17947
+ /^(http|https):/.test(url)
17948
+ && !new RegExp('^' + window.location.protocol + '//' + window.location.host).test(url)
17949
+ ) {
17950
+ delete preloadCache[url];
17951
+ return;
17952
+ }
17953
+ var xhrPreload = new XMLHttpRequest();
17954
+ xhrPreload.open('GET', url);
17955
+ xhrPreload.withCredentials = false;
17956
+ xhrPreload.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
17957
+ xhrPreload.onreadystatechange = function () {
17958
+ if ( xhrPreload.readyState == 4 ) {
17959
+ if ( /^2/.test(xhrPreload.status) ) {
17960
+ preloadCache[url] = xhrPreload.responseText;
17961
+ } else {
17962
+ delete preloadCache[url];
17963
+ }
17964
+ }
17965
+ };
17966
+ xhrPreload.send();
17967
+ }
17968
+
17969
+ /**
17970
+ * ensurePopinDialog — returns the popin's DOM element (a native `<dialog>` in
17971
+ * dialog mode, a `<div>` otherwise), creating + appending it under the container on
17972
+ * first use and returning the existing one thereafter (idempotent).
17973
+ *
17974
+ * The hover/focus preload path (consumePreload) short-circuits popinLoad() — which
17975
+ * is what otherwise creates the element — so without this the AJAX popin had no
17976
+ * element with `id === $popin.id` and popinOpen() threw
17977
+ * (`document.getElementById(id).getElementsByTagName(...)` on `null`). Mirrors the
17978
+ * create block popinLoad() runs at click time so both paths produce the same shape.
17979
+ *
17980
+ * @inner
17981
+ * @param {object} $popin
17982
+ * @returns {HTMLElement}
17983
+ */
17984
+ function ensurePopinDialog($popin) {
17985
+ var $el = document.getElementById($popin.id);
17986
+ if ( $el != null ) {
17987
+ return $el;
17988
+ }
17989
+ var className = $popin.options.class + ' ' + $popin.id;
17990
+ if ( !self.options.useDialogMode ) {
17991
+ // DIV + manual overlay (non-dialog mode)
17992
+ $el = document.createElement('div');
17993
+ $el.setAttribute('id', $popin.id);
17994
+ $el.setAttribute('class', className);
17995
+ instance.target.firstChild.appendChild($el);
17996
+ } else {
17997
+ // native <dialog> (top layer + ::backdrop)
17998
+ $el = document.createElement('dialog');
17999
+ $el.setAttribute('id', $popin.id);
18000
+ $el.setAttribute('class', className);
18001
+ $el.setAttribute('data-type', 'modal');
18002
+ $el.setAttribute('aria-labelledby', $popin.name);
18003
+ var $ov = document.getElementById('gina-popins-overlay');
18004
+ if ( $ov ) {
18005
+ $ov.appendChild($el);
18006
+ } else {
18007
+ instance.target.appendChild($el);
18008
+ }
18009
+ }
18010
+ return $el;
18011
+ }
18012
+
18013
+ /**
18014
+ * consumePreload — if a warmed preload for `url` is cached, apply it to the popin
18015
+ * (deleting the cache entry) and return `true`; else `false` so the caller falls
18016
+ * back to a click-time XHR. A `null` entry is in-flight (reserved, not ready).
18017
+ *
18018
+ * @inner
18019
+ */
18020
+ function consumePreload(url, $popin) {
18021
+ if ( preloadCache[url] == null ) {
18022
+ return false;
18023
+ }
18024
+ var body = preloadCache[url];
18025
+ delete preloadCache[url];
18026
+ var $el = ensurePopinDialog($popin);
18027
+ handleLoadedBody(body, $popin, $el);
18028
+ return true;
18029
+ }
18030
+
18031
+ /**
18032
+ * installPreload — one-time delegated `mouseover` + `focusin` listeners that warm
18033
+ * preloadCache for AJAX triggers (`data-gina-dialog-src` / legacy
18034
+ * `data-gina-popin-url`). GET + same-origin only; disabled triggers skipped;
18035
+ * repeated hover over descendants is a no-op (URL-cache dedup).
18036
+ *
18037
+ * @inner
18038
+ */
18039
+ function installPreload() {
18040
+ if ( _ginaPreloadInstalled ) {
18041
+ return;
18042
+ }
18043
+ _ginaPreloadInstalled = true;
18044
+
18045
+ var onIntent = function (e) {
18046
+ var $trigger = ( e.target && typeof(e.target.closest) == 'function' )
18047
+ ? e.target.closest('[data-gina-dialog-src],[data-gina-popin-url]')
18048
+ : null;
18049
+ if ( !$trigger ) {
18050
+ return;
18051
+ }
18052
+ if (
18053
+ $trigger.getAttribute('disabled') != null && $trigger.getAttribute('disabled') != 'false'
18054
+ || $trigger.getAttribute('aria-disabled') == 'true'
18055
+ ) {
18056
+ return;
18057
+ }
18058
+ var url = $trigger.getAttribute('data-gina-dialog-src') || $trigger.getAttribute('data-gina-popin-url');
18059
+ if ( !url || typeof(preloadCache[url]) != 'undefined' ) {
18060
+ return; // already cached or in-flight — dedup
18061
+ }
18062
+ preloadCache[url] = null; // reserve in-flight slot (dedup concurrent intents)
18063
+ preloadFetch(url);
18064
+ };
18065
+ document.addEventListener('mouseover', onIntent);
18066
+ document.addEventListener('focusin', onIntent);
18067
+ }
18068
+
18069
+ /**
18070
+ * openInPageDialog
18071
+ *
18072
+ * Static (non-AJAX) path of the new API: opens an existing in-page
18073
+ * `<dialog id="ID">` directly. Registers a lightweight $popin keyed by the
18074
+ * element id (so close/getActivePopin work), wires a11y, then opens modal or
18075
+ * non-modal per the resolved descriptor.
18076
+ *
18077
+ * @inner
18078
+ */
18079
+ function openInPageDialog(descriptor, $trigger) {
18080
+ var id = descriptor.id;
18081
+ var $el = document.getElementById(id);
18082
+ if ( !$el ) {
18083
+ throw new Error('Popin dialog `' + id + '` not found in the DOM !');
18084
+ }
18085
+
18086
+ var $dialogPopin = getPopinById(id);
18087
+ if ( !$dialogPopin ) {
18088
+ $dialogPopin = merge({}, $popin);
18089
+ $dialogPopin.id = id;
18090
+ $dialogPopin.name = id;
18091
+ $dialogPopin.target = $el;
18092
+ $dialogPopin.options = merge({}, self.options);
18093
+ $dialogPopin.load = popinLoad;
18094
+ $dialogPopin.loadContent = popinLoadContent;
18095
+ $dialogPopin.open = popinOpen;
18096
+ $dialogPopin.close = popinClose;
18097
+ // Marks a static in-page dialog (vs an AJAX-loaded popin): its content is
18098
+ // authored in the page, so popinUnbind must NOT wipe innerHTML on close —
18099
+ // it has to survive close + reopen.
18100
+ $dialogPopin.isInPageDialog = true;
18101
+ instance.$popins[id] = $dialogPopin;
18102
+ }
18103
+ $dialogPopin.modal = descriptor.modal;
18104
+ $dialogPopin.openTrigger = $trigger ? ( $trigger.id || $trigger.getAttribute('id') ) : null;
18105
+
18106
+ wireTriggerAria($trigger, id);
18107
+ associateLabel($el);
18108
+
18109
+ // Bind close buttons / forms inside the dialog (guarded — no double-bind).
18110
+ if ( !gina.popinIsBinded ) {
18111
+ popinBind({ target: $el, type: 'open.' + id }, $dialogPopin);
18112
+ }
18113
+
18114
+ $el.classList.add('gina-popin-is-active');
18115
+ if ( !$el.getAttribute('open') ) {
18116
+ if ( descriptor.modal && typeof($el.showModal) === 'function' ) {
18117
+ $el.showModal();
18118
+ } else if ( typeof($el.show) === 'function' ) {
18119
+ $el.show();
18120
+ applyNonModalShims($dialogPopin, $el);
18121
+ } else {
18122
+ $el.setAttribute('open', true);
18123
+ }
18124
+ }
18125
+ $dialogPopin.isOpen = true;
18126
+ instance.activePopinId = $dialogPopin.id;
18127
+ focusInitial($el);
18128
+ triggerEvent(gina, instance.target, 'open.' + id, $dialogPopin);
18129
+ }
18130
+
18131
+ /**
18132
+ * openFromTrigger
18133
+ *
18134
+ * Single entry point for both APIs. Resolves the descriptor, records the trigger
18135
+ * (for focus-return), then either AJAX-loads (`src`) through the existing
18136
+ * popinLoad engine — consuming a hover/focus preload when available — or opens an
18137
+ * in-page dialog directly.
18138
+ *
18139
+ * @inner
18140
+ */
18141
+ function openFromTrigger($trigger) {
18142
+ if (
18143
+ $trigger.getAttribute('disabled') != null && $trigger.getAttribute('disabled') != 'false'
18144
+ || $trigger.getAttribute('aria-disabled') == 'true'
18145
+ ) {
18146
+ return;
18147
+ }
18148
+ var descriptor = resolveTrigger($trigger);
18149
+ if ( !descriptor.id && !descriptor.src ) {
18150
+ return;
18151
+ }
18152
+
18153
+ var triggerId = $trigger.id || $trigger.getAttribute('id');
18154
+ if ( !triggerId ) {
18155
+ triggerId = 'gina-dialog-trigger-' + _nextId();
18156
+ $trigger.setAttribute('id', triggerId);
18157
+ }
18158
+ wireTriggerAria($trigger, descriptor.id || descriptor.src);
18159
+
18160
+ if ( descriptor.src ) {
18161
+ // AJAX path — register (or reuse) a $popin, then load through the
18162
+ // existing battle-tested popinLoad engine.
18163
+ var name = descriptor.id || ( 'gina-dialog-' + _nextId() );
18164
+ var existing = getPopinByName(name);
18165
+ if ( !existing ) {
18166
+ var clone = merge({}, $popin);
18167
+ registerPopin(clone, merge({ 'name': name }, self.options));
18168
+ existing = getPopinByName(name);
18169
+ }
18170
+ existing.openTrigger = triggerId;
18171
+ existing.modal = descriptor.modal;
18172
+ existing.partialTarget = descriptor.partialTarget || null;
18173
+
18174
+ // Wire the `loaded.<id>` listener that consumes the response: popinLoad()
18175
+ // only FIRES `loaded.<id>` with the body — it does not inject/open itself
18176
+ // (legacy bindOpen registers an equivalent listener at its own load site).
18177
+ // Without this the click-time XHR resolved into the void and nothing
18178
+ // opened. handleLoadedBody applies the body (partial-aware), binds + opens.
18179
+ // Guarded so repeated opens of the same popin register the listener once.
18180
+ var loadedEvt = 'loaded.' + existing.id;
18181
+ if ( typeof(gina.events[loadedEvt]) == 'undefined' ) {
18182
+ addListener(gina, existing.target, loadedEvt, function (loadedEvent) {
18183
+ loadedEvent.preventDefault();
18184
+ handleLoadedBody(loadedEvent.detail, existing, ensurePopinDialog(existing));
18185
+ });
18186
+ }
18187
+
18188
+ // Consume a warmed preload if present; else fall through to a click-time XHR.
18189
+ if ( consumePreload(descriptor.src, existing) ) {
18190
+ return;
18191
+ }
18192
+ var loadOptions = merge({ isSynchrone: false, withCredentials: false }, existing.options);
18193
+ popinLoad(name, descriptor.src, loadOptions);
18194
+ } else {
18195
+ openInPageDialog(descriptor, $trigger);
18196
+ }
18197
+ }
18198
+
18199
+ /**
18200
+ * bindDelegatedOpen
18201
+ *
18202
+ * One delegated `document` click listener handling new `data-gina-dialog`
18203
+ * triggers (including dynamically-injected ones — SPA-safe). Idempotent via a
18204
+ * module guard. Legacy `data-gina-popin-name` triggers are already wired by
18205
+ * bindOpen's per-element listeners (kept for parity / test 02), so this handler
18206
+ * defers to those to avoid a double-open.
18207
+ *
18208
+ * @inner
18209
+ */
18210
+ function bindDelegatedOpen() {
18211
+ if ( _ginaDialogDelegated ) {
18212
+ return;
18213
+ }
18214
+ _ginaDialogDelegated = true;
18215
+
18216
+ addListener(gina, document, 'click', function (event) {
18217
+ var $trigger = ( event.target && typeof(event.target.closest) == 'function' )
18218
+ ? event.target.closest('[data-gina-dialog],[data-gina-dialog-src],[data-gina-popin-name]')
18219
+ : null;
18220
+ if ( !$trigger ) {
18221
+ return;
18222
+ }
18223
+ // Own the new data-gina-dialog API: the `data-gina-dialog` marker (in-page
18224
+ // or marker+src) OR a standalone `data-gina-dialog-src` AJAX trigger
18225
+ // (documented as a peer trigger, and already warmed by installPreload). Pure
18226
+ // legacy `data-gina-popin-*` triggers carrying neither new attribute stay
18227
+ // with bindOpen's per-element listeners, to avoid a double-open.
18228
+ if (
18229
+ $trigger.getAttribute('data-gina-dialog') == null
18230
+ && $trigger.getAttribute('data-gina-dialog-src') == null
18231
+ ) {
18232
+ return;
18233
+ }
18234
+ cancelEvent(event);
18235
+ openFromTrigger($trigger);
18236
+ });
18237
+ }
18238
+
18239
+
17515
18240
  var bindOpen = function($popin, isRouting) {
17516
18241
 
17517
18242
  isRouting = ( typeof(isRouting) != 'undefined' ) ? isRouting : false;
@@ -17776,7 +18501,10 @@ define('gina/popin', [ 'require', 'lib/domain', 'lib/merge', 'utils/events' ], f
17776
18501
  // bind overlay on click
17777
18502
  if (!$popin.isOpen && self.options.cancelOnOverlayClick) {
17778
18503
  var $overlay = $popin.target;
17779
- if ( !self.options.useDialogMode || gina.config.envIsDev) {
18504
+ // Non-dialog mode only: bind cancelOnOverlayClick to the manual overlay
18505
+ // div — the non-dialog path has no native backdrop to click. Dialog-mode
18506
+ // popins are native modals (see the showModal() branch) and use ::backdrop.
18507
+ if ( !self.options.useDialogMode ) {
17780
18508
  $overlay = instance.target.childNodes[0];
17781
18509
  }
17782
18510
  addListener(gina, $overlay, 'mousedown', function(event) {
@@ -18159,6 +18887,88 @@ define('gina/popin', [ 'require', 'lib/domain', 'lib/merge', 'utils/events' ], f
18159
18887
  }
18160
18888
  };
18161
18889
 
18890
+ /**
18891
+ * Default loading skeleton injected by showLoadingShell() when `preOpen` is set but
18892
+ * no `loadingShell` markup was provided. Generic + gina-namespaced so it never
18893
+ * collides with a consumer's own markup; styled by the `.gina-popin-skeleton*` rules
18894
+ * in popin.css. Static HTML (no scripts) — CSP-safe.
18895
+ *
18896
+ * @constant {string}
18897
+ * @inner
18898
+ */
18899
+ var GINA_DEFAULT_LOADING_SHELL =
18900
+ '<div class="gina-popin-skeleton" aria-hidden="true">'
18901
+ + '<div class="gina-popin-skeleton-line gina-popin-skeleton-title"></div>'
18902
+ + '<div class="gina-popin-skeleton-line"></div>'
18903
+ + '<div class="gina-popin-skeleton-line gina-popin-skeleton-line--short"></div>'
18904
+ + '</div>';
18905
+
18906
+ /**
18907
+ * showLoadingShell
18908
+ *
18909
+ * Opt-in skeleton-loading pre-open. When a popin is registered with `preOpen: true`,
18910
+ * this fills the (already DOM-attached) popin element with a loading skeleton and
18911
+ * opens it BEFORE the XHR returns, so there is no blank-screen gap while the server
18912
+ * responds. On completion popinBind injects the real HTML over `$el.innerHTML`
18913
+ * (replacing the skeleton) and popinOpen's `!$el.getAttribute('open')` guard then
18914
+ * skips its own open (re-showModal() on an already-open dialog throws).
18915
+ *
18916
+ * Born modal in every env (dev/prod parity), matching popinOpen's showModal()-only
18917
+ * behavior. Idempotent — the open/active guard lets the two loading-attr write sites
18918
+ * (the synchronous readyState-1 set and the onreadystatechange set) call it at most
18919
+ * once per load. The skeleton is the consumer's `loadingShell` option when provided
18920
+ * (so a consumer can delete its own pre-open observer and keep its exact markup),
18921
+ * otherwise GINA_DEFAULT_LOADING_SHELL. Injected via innerHTML — no scripts, CSP-safe.
18922
+ *
18923
+ * @inner
18924
+ * @param {object} $popin - the registered popin (carries `.options.preOpen` / `.options.loadingShell`)
18925
+ * @param {HTMLElement} $el - the popin container (`<dialog>` in dialog mode, `<div>` otherwise)
18926
+ * @returns {void}
18927
+ *
18928
+ * @example
18929
+ * // gina default skeleton:
18930
+ * new PopinHandler({ name: 'form', preOpen: true });
18931
+ * // consumer markup (delete your own pre-open observer, keep your look):
18932
+ * new PopinHandler({ name: 'form', preOpen: true, loadingShell: '<div class="my-skel">…</div>' });
18933
+ */
18934
+ function showLoadingShell($popin, $el) {
18935
+ // Opt-in only — off unless the popin was registered with `preOpen: true`.
18936
+ if ( !$popin || !$el || !$popin.options || !$popin.options.preOpen ) {
18937
+ return;
18938
+ }
18939
+ // Idempotent: both loading-attr write sites call this; once the element is
18940
+ // open/active, the repeat call no-ops. hasAttribute() (not getAttribute()) —
18941
+ // showModal() sets `open` to the empty string, which is falsy, so a
18942
+ // getAttribute() truthiness check would not trip on the second call.
18943
+ if ( $el.hasAttribute('open') || $el.classList.contains('gina-popin-is-active') ) {
18944
+ return;
18945
+ }
18946
+
18947
+ var shell = ( typeof($popin.options.loadingShell) == 'string' && $popin.options.loadingShell )
18948
+ ? $popin.options.loadingShell
18949
+ : GINA_DEFAULT_LOADING_SHELL;
18950
+ $el.innerHTML = shell;
18951
+
18952
+ if ( $el.tagName === 'DIALOG' ) {
18953
+ // Born modal (dev/prod parity). showModal() promotes the dialog to the top
18954
+ // layer with a native ::backdrop; popinOpen's !getAttribute('open') guard
18955
+ // then skips its own showModal() (re-showModal on an open dialog throws).
18956
+ if ( typeof($el.showModal) === 'function' ) {
18957
+ try { $el.showModal(); } catch (e) {}
18958
+ } else {
18959
+ $el.setAttribute('open', true);
18960
+ }
18961
+ } else {
18962
+ // Non-dialog mode: no native ::backdrop — activate the container and its
18963
+ // manual .gina-popins-overlay (mirrors popinOpen's non-dialog branch).
18964
+ $el.classList.add('gina-popin-is-active');
18965
+ var $overlay = $el.parentElement;
18966
+ if ( $overlay && !$overlay.classList.contains('gina-popin-is-active') ) {
18967
+ $overlay.classList.add('gina-popin-is-active');
18968
+ }
18969
+ }
18970
+ }
18971
+
18162
18972
  /**
18163
18973
  * popinLoad
18164
18974
  *
@@ -18247,20 +19057,15 @@ define('gina/popin', [ 'require', 'lib/domain', 'lib/merge', 'utils/events' ], f
18247
19057
  console.debug('Is request from same domain ? ', isSameDomain);
18248
19058
  }
18249
19059
  if (!isSameDomain) {
18250
- // proxy external urls
18251
- // TODO - instead of using `cors.io` or similar services, try to intégrate a local CORS proxy similar to : http://oskarhane.com/avoid-cors-with-nginx-proxy_pass/
18252
- //url = url.match(/^(https|http)\:/)[0] + '//cors.io/?' + url;
18253
-
18254
-
18255
- url = url.match(/^(https|http)\:/)[0] + '//corsacme.herokuapp.com/?'+ url;
18256
- // url = url.match(/^(https|http)\:/)[0] + '//localhost:4100/proxy/?'+ url;
18257
-
18258
-
18259
-
18260
- //delete options.headers['X-Requested-With']
18261
-
18262
- // remove credentials on untrusted env
18263
- // if forced by user options, it will be restored with $popin.options merge
19060
+ // Cross-origin request: drop credentials by default — the target
19061
+ // server must opt in via `Access-Control-Allow-Origin` (+ `Vary: Origin`).
19062
+ // If forced by user options, it is restored by the `$popin.options` merge.
19063
+ //
19064
+ // SECURITY: the previous code rewrote the URL through an external CORS
19065
+ // proxy (`corsacme.herokuapp.com`) — an unmaintained third party that
19066
+ // would have routed user traffic (and any credentials) through it, and
19067
+ // which no longer resolves. Removed; cross-origin requests now go direct
19068
+ // and rely on the server's own CORS headers.
18264
19069
  options.withCredentials = false;
18265
19070
  }
18266
19071
  }
@@ -18334,6 +19139,7 @@ define('gina/popin', [ 'require', 'lib/domain', 'lib/merge', 'utils/events' ], f
18334
19139
  // Data loading ...
18335
19140
  if ( /^(1|3)$/.test(xhr.readyState) ) {
18336
19141
  $popin.target.setAttribute('data-gina-popin-loading', true);
19142
+ showLoadingShell($popin, $el);
18337
19143
  if ($popinTrigger) {
18338
19144
  // For A tag: aria-disabled=true
18339
19145
  if ( /^A$/i.test($popinTrigger.tagName) ) {
@@ -18349,6 +19155,7 @@ define('gina/popin', [ 'require', 'lib/domain', 'lib/merge', 'utils/events' ], f
18349
19155
  // Data loading ...
18350
19156
  if ( /^(1|3)$/.test(xhr.readyState) ) {
18351
19157
  $popin.target.setAttribute('data-gina-popin-loading', true);
19158
+ showLoadingShell($popin, $el);
18352
19159
  if ($popinTrigger) {
18353
19160
  // For A tag: aria-disabled=true
18354
19161
  if ( /^A$/i.test($popinTrigger.tagName) ) {
@@ -18390,9 +19197,16 @@ define('gina/popin', [ 'require', 'lib/domain', 'lib/merge', 'utils/events' ], f
18390
19197
  instance.eventData.success = result;
18391
19198
 
18392
19199
  if (
18393
- !isJsonContent && $popin.isOpen && !$popin.hasForm
19200
+ // A partial re-load (data-gina-dialog-target) must reach
19201
+ // applyContent's slot-swap, which lives on the loaded.<id>
19202
+ // path (the `else` below). popinLoadContent full-replaces
19203
+ // $el.innerHTML and ignores partialTarget, so an open re-load
19204
+ // with a slot target is diverted to the else branch here;
19205
+ // redirect / form / JSON re-loads (no partialTarget) keep the
19206
+ // popinLoadContent path unchanged.
19207
+ !isJsonContent && $popin.isOpen && !$popin.hasForm && !$popin.partialTarget
18394
19208
  ||
18395
- !isJsonContent && $popin.isOpen && isRedirecting
19209
+ !isJsonContent && $popin.isOpen && isRedirecting && !$popin.partialTarget
18396
19210
  ) {
18397
19211
  // console.debug('Popin now redirecting [1]');
18398
19212
  popinLoadContent(result, isRedirecting);
@@ -18798,7 +19612,9 @@ define('gina/popin', [ 'require', 'lib/domain', 'lib/merge', 'utils/events' ], f
18798
19612
 
18799
19613
  $el.classList.add('gina-popin-is-active');
18800
19614
 
18801
- if ( !self.options.useDialogMode || gina.config.envIsDev ) {
19615
+ // Non-dialog mode only: activate the manual overlay — the non-dialog path has
19616
+ // no native ::backdrop (see the showModal() branch).
19617
+ if ( !self.options.useDialogMode ) {
18802
19618
  // overlay
18803
19619
  instance.target.firstChild.classList.add('gina-popin-is-active');
18804
19620
  // overlay
@@ -18808,12 +19624,29 @@ define('gina/popin', [ 'require', 'lib/domain', 'lib/merge', 'utils/events' ], f
18808
19624
  }
18809
19625
 
18810
19626
 
19627
+ // Fix today's name-based aria-labelledby: associate a REAL title element.
19628
+ associateLabel($el);
19629
+
18811
19630
  if ( self.options.useDialogMode && !$el.getAttribute('open') ) {
19631
+ // Modal vs non-modal. The new `data-gina-dialog` API defaults to
19632
+ // non-modal — openFromTrigger sets `$popin.modal`. Any path that did NOT
19633
+ // set it (legacy `data-gina-popin-*` triggers, direct popinOpen() calls)
19634
+ // falls back to modal, preserving today's showModal()-only parity.
19635
+ var useModal = ( typeof($popin.modal) == 'boolean' ) ? $popin.modal : true;
18812
19636
  if ( typeof($el.showModal) === "function" ) {
18813
- if (gina.config.envIsDev) {
18814
- $el.show();
18815
- } else {
19637
+ if ( useModal ) {
19638
+ // showModal() promotes the dialog to the top layer with a native
19639
+ // ::backdrop and inerts the rest of the page. Consumers that
19640
+ // preemptively open the dialog (skeleton-loading) MUST also use
19641
+ // showModal() so it is born modal; the !getAttribute('open') guard
19642
+ // above then skips this call (re-showModal on an open dialog throws).
18816
19643
  $el.showModal();
19644
+ } else {
19645
+ // Non-modal: .show() loses the native ::backdrop / Escape /
19646
+ // scroll-block / focus-trap — applyNonModalShims() restores them.
19647
+ $el.show();
19648
+ applyNonModalShims($popin, $el);
19649
+ focusInitial($el);
18817
19650
  }
18818
19651
  } else {
18819
19652
  $el.setAttribute('open', true)
@@ -18862,9 +19695,21 @@ define('gina/popin', [ 'require', 'lib/domain', 'lib/merge', 'utils/events' ], f
18862
19695
 
18863
19696
  if ( $el != null && $el.classList.contains('gina-popin-is-active') ) {
18864
19697
  if (!isRouting) {
18865
- instance.target.firstChild.classList.remove('gina-popin-is-active');
19698
+ // Non-dialog mode only: clear the manual overlay's active state.
19699
+ // In dialog mode the `gina-popins` container has no overlay
19700
+ // first-child (popinCreateContainer skips it — native ::backdrop is
19701
+ // used instead), so guard the firstChild access to avoid a null
19702
+ // deref on close. Mirrors the open-path guard above.
19703
+ if ( !self.options.useDialogMode ) {
19704
+ instance.target.firstChild.classList.remove('gina-popin-is-active');
19705
+ }
18866
19706
  $el.classList.remove('gina-popin-is-active');
18867
- $el.innerHTML = '';
19707
+ // In-page (static) dialogs own their authored content — it must
19708
+ // persist across close + reopen. Only clear for AJAX-loaded popins
19709
+ // (the legacy default), whose body was injected at load time.
19710
+ if ( !$popin.isInPageDialog ) {
19711
+ $el.innerHTML = '';
19712
+ }
18868
19713
  }
18869
19714
  // Fixed: clear loading state on reset — defensive cleanup for navigation
18870
19715
  // within a popin that was in loading state when reset was called.
@@ -18970,6 +19815,10 @@ define('gina/popin', [ 'require', 'lib/domain', 'lib/merge', 'utils/events' ], f
18970
19815
  $popin.$headers = [];
18971
19816
  }
18972
19817
 
19818
+ // Tear down the non-modal a11y shims (Escape handler, scroll-lock,
19819
+ // background inert). Idempotent — a no-op for popins opened modal.
19820
+ removeNonModalShims($el);
19821
+
18973
19822
  if ($popinTrigger) {
18974
19823
  // For A tag: aria-disabled=true
18975
19824
  if ( /^A$/i.test($popinTrigger.tagName) ) {
@@ -18977,6 +19826,10 @@ define('gina/popin', [ 'require', 'lib/domain', 'lib/merge', 'utils/events' ], f
18977
19826
  } else {
18978
19827
  $popinTrigger.removeAttribute('disabled', true);
18979
19828
  }
19829
+ // a11y: return focus to the trigger that opened the popin.
19830
+ if ( typeof($popinTrigger.focus) == 'function' ) {
19831
+ $popinTrigger.focus();
19832
+ }
18980
19833
  }
18981
19834
  // Fixed: clear loading state on explicit close — defensive cleanup in case
18982
19835
  // the popin is closed before the XHR completes or after a non-XHR flow.
@@ -19119,6 +19972,12 @@ define('gina/popin', [ 'require', 'lib/domain', 'lib/merge', 'utils/events' ], f
19119
19972
  var init = function(options) {
19120
19973
 
19121
19974
  setupInstanceProto();
19975
+
19976
+ // New `data-gina-dialog-*` entry layer — install the delegated open + preload
19977
+ // listeners once per page (module-guarded). Additive to the legacy bindOpen
19978
+ // scan (which registerPopin still runs per popin).
19979
+ bindDelegatedOpen();
19980
+ installPreload();
19122
19981
  //instance.on('init', function(event) {
19123
19982
  addListener(gina, instance.target, 'init.'+instance.id, function(e) {
19124
19983
 
@@ -21654,7 +22513,40 @@ require([
21654
22513
  "lib/collection",
21655
22514
  "lib/domain",
21656
22515
  "lib/routing"
21657
- ]);
22516
+ ], function () {
22517
+ // Boot the popin handler at page load so the declarative `data-gina-dialog` API is
22518
+ // active WITHOUT bundle code calling `new gina.popin()`. Constructing the handler
22519
+ // installs the delegated open listener + the `gina-popins` container; the
22520
+ // `.on('ready')` registration triggers the popin `init` self-fire so `gina.popin` /
22521
+ // `gina.hasPopinHandler` are set (a later explicit `new gina.popin()` then merges
22522
+ // into this instance instead of creating a second container). Idempotent — guarded
22523
+ // on `hasPopinHandler`; a no-op on pages with no dialog/popin elements. The popin
22524
+ // module mutates the framework instance (`window.gina`), so defer until the
22525
+ // `ginaloaded` lifecycle has wired it (bounded poll on `isFrameworkLoaded`).
22526
+ var _popinBootTries = 0;
22527
+ var bootPopinHandler = function () {
22528
+ try {
22529
+ if ( !window['gina'] || !window['gina']['isFrameworkLoaded'] ) {
22530
+ if ( _popinBootTries++ < 100 ) {
22531
+ (window['setTimeout'] || function (fn) { fn(); })(bootPopinHandler, 50);
22532
+ }
22533
+ return;
22534
+ }
22535
+ if ( window['gina']['hasPopinHandler'] ) {
22536
+ return;
22537
+ }
22538
+ var Popin = require('gina/popin');
22539
+ if ( typeof(Popin) == 'function' ) {
22540
+ new Popin({ 'name': 'gina-dialog-boot' }).on('ready', function () {});
22541
+ }
22542
+ } catch (popinBootErr) {
22543
+ if ( typeof(console) != 'undefined' && console.error ) {
22544
+ console.error('[gina] popin boot failed', popinBootErr.stack || popinBootErr);
22545
+ }
22546
+ }
22547
+ };
22548
+ bootPopinHandler();
22549
+ });
21658
22550
 
21659
22551
  function getDependencies(gina, cb) {
21660
22552
  // Loading frontend assets required by plugins