gina 0.5.6 → 0.5.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (499) hide show
  1. package/CHANGELOG.md +17 -0
  2. package/README.md +9 -6
  3. package/ROADMAP.md +1 -0
  4. package/framework/v0.5.7/VERSION +1 -0
  5. package/framework/v0.5.7/core/connectors/mongodb/lib/job-store.js +334 -0
  6. package/framework/v0.5.7/core/connectors/redis/index.js +36 -0
  7. package/framework/v0.5.7/core/connectors/redis/lib/connector.js +66 -0
  8. package/framework/v0.5.7/core/connectors/redis/lib/job-store.js +454 -0
  9. package/framework/v0.5.7/core/connectors/sqlite/lib/job-store.js +263 -0
  10. package/framework/{v0.5.6 → v0.5.7}/core/controller/controller.render-json.js +41 -31
  11. package/framework/{v0.5.6 → v0.5.7}/core/controller/controller.render-stream.js +10 -5
  12. package/framework/{v0.5.6 → v0.5.7}/core/controller/controller.render-swig.js +37 -31
  13. package/framework/{v0.5.6 → v0.5.7}/core/gna.js +22 -2
  14. package/framework/{v0.5.6 → v0.5.7}/core/server.js +68 -0
  15. package/framework/{v0.5.6 → v0.5.7}/lib/index.js +4 -0
  16. package/framework/{v0.5.6 → v0.5.7}/lib/job/src/main.js +147 -29
  17. package/framework/v0.5.7/lib/job-store.js +84 -0
  18. package/framework/{v0.5.6 → v0.5.7}/package.json +1 -1
  19. package/gna.js +4 -4
  20. package/llms.txt +7 -4
  21. package/package.json +4 -4
  22. package/script/check_no_local_leak.js +22 -2
  23. package/script/smoke_in_container.js +8 -2
  24. package/script/smoke_test_tarball.js +8 -1
  25. package/framework/v0.5.6/VERSION +0 -1
  26. package/framework/v0.5.6/core/connectors/redis/index.js +0 -30
  27. /package/framework/{v0.5.6 → v0.5.7}/AUTHORS +0 -0
  28. /package/framework/{v0.5.6 → v0.5.7}/LICENSE +0 -0
  29. /package/framework/{v0.5.6 → v0.5.7}/core/asset/html/nolayout.html +0 -0
  30. /package/framework/{v0.5.6 → v0.5.7}/core/asset/html/static.html +0 -0
  31. /package/framework/{v0.5.6 → v0.5.7}/core/asset/img/android-chrome-192x192.png +0 -0
  32. /package/framework/{v0.5.6 → v0.5.7}/core/asset/img/android-chrome-512x512.png +0 -0
  33. /package/framework/{v0.5.6 → v0.5.7}/core/asset/img/apple-touch-icon.png +0 -0
  34. /package/framework/{v0.5.6 → v0.5.7}/core/asset/img/favicon-16x16.png +0 -0
  35. /package/framework/{v0.5.6 → v0.5.7}/core/asset/img/favicon-32x32.png +0 -0
  36. /package/framework/{v0.5.6 → v0.5.7}/core/asset/img/favicon.ico +0 -0
  37. /package/framework/{v0.5.6 → v0.5.7}/core/asset/plugin/README.md +0 -0
  38. /package/framework/{v0.5.6 → v0.5.7}/core/asset/plugin/dist/vendor/gina/beemaster/beemaster.css +0 -0
  39. /package/framework/{v0.5.6 → v0.5.7}/core/asset/plugin/dist/vendor/gina/beemaster/beemaster.js +0 -0
  40. /package/framework/{v0.5.6 → v0.5.7}/core/asset/plugin/dist/vendor/gina/beemaster/index.html +0 -0
  41. /package/framework/{v0.5.6 → v0.5.7}/core/asset/plugin/dist/vendor/gina/css/gina.min.css +0 -0
  42. /package/framework/{v0.5.6 → v0.5.7}/core/asset/plugin/dist/vendor/gina/css/gina.min.css.br +0 -0
  43. /package/framework/{v0.5.6 → v0.5.7}/core/asset/plugin/dist/vendor/gina/css/gina.min.css.gz +0 -0
  44. /package/framework/{v0.5.6 → v0.5.7}/core/asset/plugin/dist/vendor/gina/html/statusbar.html +0 -0
  45. /package/framework/{v0.5.6 → v0.5.7}/core/asset/plugin/dist/vendor/gina/html/statusbar.html.br +0 -0
  46. /package/framework/{v0.5.6 → v0.5.7}/core/asset/plugin/dist/vendor/gina/html/statusbar.html.gz +0 -0
  47. /package/framework/{v0.5.6 → v0.5.7}/core/asset/plugin/dist/vendor/gina/inspector/have_heart_one-webfont.woff2 +0 -0
  48. /package/framework/{v0.5.6 → v0.5.7}/core/asset/plugin/dist/vendor/gina/inspector/index.html +0 -0
  49. /package/framework/{v0.5.6 → v0.5.7}/core/asset/plugin/dist/vendor/gina/inspector/inspector.css +0 -0
  50. /package/framework/{v0.5.6 → v0.5.7}/core/asset/plugin/dist/vendor/gina/inspector/inspector.js +0 -0
  51. /package/framework/{v0.5.6 → v0.5.7}/core/asset/plugin/dist/vendor/gina/inspector/logo.svg +0 -0
  52. /package/framework/{v0.5.6 → v0.5.7}/core/asset/plugin/dist/vendor/gina/js/gina.js +0 -0
  53. /package/framework/{v0.5.6 → v0.5.7}/core/asset/plugin/dist/vendor/gina/js/gina.min.js +0 -0
  54. /package/framework/{v0.5.6 → v0.5.7}/core/asset/plugin/dist/vendor/gina/js/gina.min.js.br +0 -0
  55. /package/framework/{v0.5.6 → v0.5.7}/core/asset/plugin/dist/vendor/gina/js/gina.min.js.gz +0 -0
  56. /package/framework/{v0.5.6 → v0.5.7}/core/asset/plugin/dist/vendor/gina/js/gina.onload.min.js +0 -0
  57. /package/framework/{v0.5.6 → v0.5.7}/core/asset/plugin/dist/vendor/gina/js/gina.onload.min.js.br +0 -0
  58. /package/framework/{v0.5.6 → v0.5.7}/core/asset/plugin/dist/vendor/gina/js/gina.onload.min.js.gz +0 -0
  59. /package/framework/{v0.5.6 → v0.5.7}/core/config.js +0 -0
  60. /package/framework/{v0.5.6 → v0.5.7}/core/connectors/ai/index.js +0 -0
  61. /package/framework/{v0.5.6 → v0.5.7}/core/connectors/ai/lib/connector.js +0 -0
  62. /package/framework/{v0.5.6 → v0.5.7}/core/connectors/couchbase/index.js +0 -0
  63. /package/framework/{v0.5.6 → v0.5.7}/core/connectors/couchbase/lib/connector.js +0 -0
  64. /package/framework/{v0.5.6 → v0.5.7}/core/connectors/couchbase/lib/connector.v3.js +0 -0
  65. /package/framework/{v0.5.6 → v0.5.7}/core/connectors/couchbase/lib/connector.v4.js +0 -0
  66. /package/framework/{v0.5.6 → v0.5.7}/core/connectors/couchbase/lib/n1ql.js +0 -0
  67. /package/framework/{v0.5.6 → v0.5.7}/core/connectors/couchbase/lib/session-store.js +0 -0
  68. /package/framework/{v0.5.6 → v0.5.7}/core/connectors/couchbase/lib/session-store.v3.js +0 -0
  69. /package/framework/{v0.5.6 → v0.5.7}/core/connectors/couchbase/lib/session-store.v4.js +0 -0
  70. /package/framework/{v0.5.6 → v0.5.7}/core/connectors/mongodb/index.js +0 -0
  71. /package/framework/{v0.5.6 → v0.5.7}/core/connectors/mongodb/lib/connector.js +0 -0
  72. /package/framework/{v0.5.6 → v0.5.7}/core/connectors/mongodb/lib/pipeline-loader.js +0 -0
  73. /package/framework/{v0.5.6 → v0.5.7}/core/connectors/mongodb/lib/session-store.js +0 -0
  74. /package/framework/{v0.5.6 → v0.5.7}/core/connectors/mysql/index.js +0 -0
  75. /package/framework/{v0.5.6 → v0.5.7}/core/connectors/mysql/lib/connector.js +0 -0
  76. /package/framework/{v0.5.6 → v0.5.7}/core/connectors/postgresql/index.js +0 -0
  77. /package/framework/{v0.5.6 → v0.5.7}/core/connectors/postgresql/lib/connector.js +0 -0
  78. /package/framework/{v0.5.6 → v0.5.7}/core/connectors/redis/lib/session-store.js +0 -0
  79. /package/framework/{v0.5.6 → v0.5.7}/core/connectors/scylladb/index.js +0 -0
  80. /package/framework/{v0.5.6 → v0.5.7}/core/connectors/scylladb/lib/connector.js +0 -0
  81. /package/framework/{v0.5.6 → v0.5.7}/core/connectors/scylladb/lib/session-store.js +0 -0
  82. /package/framework/{v0.5.6 → v0.5.7}/core/connectors/sql-parser.js +0 -0
  83. /package/framework/{v0.5.6 → v0.5.7}/core/connectors/sqlite/index.js +0 -0
  84. /package/framework/{v0.5.6 → v0.5.7}/core/connectors/sqlite/lib/connector.js +0 -0
  85. /package/framework/{v0.5.6 → v0.5.7}/core/connectors/sqlite/lib/session-store.js +0 -0
  86. /package/framework/{v0.5.6 → v0.5.7}/core/content.encoding +0 -0
  87. /package/framework/{v0.5.6 → v0.5.7}/core/controller/controller.framework.js +0 -0
  88. /package/framework/{v0.5.6 → v0.5.7}/core/controller/controller.js +0 -0
  89. /package/framework/{v0.5.6 → v0.5.7}/core/controller/controller.render-nunjucks-async.js +0 -0
  90. /package/framework/{v0.5.6 → v0.5.7}/core/controller/controller.render-nunjucks.js +0 -0
  91. /package/framework/{v0.5.6 → v0.5.7}/core/controller/controller.render-swig-async.js +0 -0
  92. /package/framework/{v0.5.6 → v0.5.7}/core/controller/controller.render-v1.js +0 -0
  93. /package/framework/{v0.5.6 → v0.5.7}/core/controller/index.js +0 -0
  94. /package/framework/{v0.5.6 → v0.5.7}/core/controller/inspector-window-emit.js +0 -0
  95. /package/framework/{v0.5.6 → v0.5.7}/core/deps/busboy-1.6.0/LICENSE +0 -0
  96. /package/framework/{v0.5.6 → v0.5.7}/core/deps/busboy-1.6.0/README.md +0 -0
  97. /package/framework/{v0.5.6 → v0.5.7}/core/deps/busboy-1.6.0/lib/index.js +0 -0
  98. /package/framework/{v0.5.6 → v0.5.7}/core/deps/busboy-1.6.0/lib/types/multipart.js +0 -0
  99. /package/framework/{v0.5.6 → v0.5.7}/core/deps/busboy-1.6.0/lib/types/urlencoded.js +0 -0
  100. /package/framework/{v0.5.6 → v0.5.7}/core/deps/busboy-1.6.0/lib/utils.js +0 -0
  101. /package/framework/{v0.5.6 → v0.5.7}/core/deps/busboy-1.6.0/package.json +0 -0
  102. /package/framework/{v0.5.6 → v0.5.7}/core/deps/streamsearch-1.1.0/LICENSE +0 -0
  103. /package/framework/{v0.5.6 → v0.5.7}/core/deps/streamsearch-1.1.0/lib/sbmh.js +0 -0
  104. /package/framework/{v0.5.6 → v0.5.7}/core/deps/streamsearch-1.1.0/package.json +0 -0
  105. /package/framework/{v0.5.6 → v0.5.7}/core/dev/index.js +0 -0
  106. /package/framework/{v0.5.6 → v0.5.7}/core/dev/lib/class.js +0 -0
  107. /package/framework/{v0.5.6 → v0.5.7}/core/dev/lib/factory.js +0 -0
  108. /package/framework/{v0.5.6 → v0.5.7}/core/dev/lib/tools.js +0 -0
  109. /package/framework/{v0.5.6 → v0.5.7}/core/locales/README.md +0 -0
  110. /package/framework/{v0.5.6 → v0.5.7}/core/locales/currency.json +0 -0
  111. /package/framework/{v0.5.6 → v0.5.7}/core/locales/dist/language/en.json +0 -0
  112. /package/framework/{v0.5.6 → v0.5.7}/core/locales/dist/language/fr.json +0 -0
  113. /package/framework/{v0.5.6 → v0.5.7}/core/locales/dist/region/en.json +0 -0
  114. /package/framework/{v0.5.6 → v0.5.7}/core/locales/dist/region/fr.json +0 -0
  115. /package/framework/{v0.5.6 → v0.5.7}/core/locales/index.js +0 -0
  116. /package/framework/{v0.5.6 → v0.5.7}/core/mime.types +0 -0
  117. /package/framework/{v0.5.6 → v0.5.7}/core/model/entity.js +0 -0
  118. /package/framework/{v0.5.6 → v0.5.7}/core/model/index.js +0 -0
  119. /package/framework/{v0.5.6 → v0.5.7}/core/model/template/entityFactory.js +0 -0
  120. /package/framework/{v0.5.6 → v0.5.7}/core/model/template/index.js +0 -0
  121. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/README.md +0 -0
  122. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/index.js +0 -0
  123. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/csrf/README.md +0 -0
  124. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/csrf/package.json +0 -0
  125. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/csrf/src/main.js +0 -0
  126. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/README.md +0 -0
  127. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/coep/README.md +0 -0
  128. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/coep/package.json +0 -0
  129. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/coep/src/main.js +0 -0
  130. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/coop/README.md +0 -0
  131. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/coop/package.json +0 -0
  132. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/coop/src/main.js +0 -0
  133. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/corp/README.md +0 -0
  134. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/corp/package.json +0 -0
  135. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/corp/src/main.js +0 -0
  136. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/csp/README.md +0 -0
  137. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/csp/package.json +0 -0
  138. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/csp/src/main.js +0 -0
  139. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/hide-powered-by/README.md +0 -0
  140. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/hide-powered-by/package.json +0 -0
  141. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/hide-powered-by/src/main.js +0 -0
  142. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/hsts/README.md +0 -0
  143. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/hsts/package.json +0 -0
  144. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/hsts/src/main.js +0 -0
  145. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/origin-agent-cluster/README.md +0 -0
  146. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/origin-agent-cluster/package.json +0 -0
  147. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/origin-agent-cluster/src/main.js +0 -0
  148. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/package.json +0 -0
  149. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/referrer-policy/README.md +0 -0
  150. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/referrer-policy/package.json +0 -0
  151. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/referrer-policy/src/main.js +0 -0
  152. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/src/main.js +0 -0
  153. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/x-content-type-options/README.md +0 -0
  154. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/x-content-type-options/package.json +0 -0
  155. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/x-content-type-options/src/main.js +0 -0
  156. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/x-dns-prefetch-control/README.md +0 -0
  157. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/x-dns-prefetch-control/package.json +0 -0
  158. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/x-dns-prefetch-control/src/main.js +0 -0
  159. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/x-download-options/README.md +0 -0
  160. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/x-download-options/package.json +0 -0
  161. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/x-download-options/src/main.js +0 -0
  162. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/x-frame-options/README.md +0 -0
  163. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/x-frame-options/package.json +0 -0
  164. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/x-frame-options/src/main.js +0 -0
  165. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/x-permitted-cross-domain-policies/README.md +0 -0
  166. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/x-permitted-cross-domain-policies/package.json +0 -0
  167. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/x-permitted-cross-domain-policies/src/main.js +0 -0
  168. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/x-xss-protection/README.md +0 -0
  169. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/x-xss-protection/package.json +0 -0
  170. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/security-headers/x-xss-protection/src/main.js +0 -0
  171. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/session/README.md +0 -0
  172. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/session/package.json +0 -0
  173. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/session/src/main.js +0 -0
  174. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/storage/README.md +0 -0
  175. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/storage/build.json +0 -0
  176. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/storage/package.json +0 -0
  177. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/storage/src/main.js +0 -0
  178. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/validator/README.md +0 -0
  179. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/validator/build.json +0 -0
  180. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/validator/package.json +0 -0
  181. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/validator/src/form-validator.js +0 -0
  182. /package/framework/{v0.5.6 → v0.5.7}/core/plugins/lib/validator/src/main.js +0 -0
  183. /package/framework/{v0.5.6 → v0.5.7}/core/router.js +0 -0
  184. /package/framework/{v0.5.6 → v0.5.7}/core/server.express.js +0 -0
  185. /package/framework/{v0.5.6 → v0.5.7}/core/server.isaac.js +0 -0
  186. /package/framework/{v0.5.6 → v0.5.7}/core/status.codes +0 -0
  187. /package/framework/{v0.5.6 → v0.5.7}/core/template/_gitignore +0 -0
  188. /package/framework/{v0.5.6 → v0.5.7}/core/template/boilerplate/bundle/config/app.json +0 -0
  189. /package/framework/{v0.5.6 → v0.5.7}/core/template/boilerplate/bundle/config/connectors.json +0 -0
  190. /package/framework/{v0.5.6 → v0.5.7}/core/template/boilerplate/bundle/config/routing.json +0 -0
  191. /package/framework/{v0.5.6 → v0.5.7}/core/template/boilerplate/bundle/config/settings.json +0 -0
  192. /package/framework/{v0.5.6 → v0.5.7}/core/template/boilerplate/bundle/config/settings.server.json +0 -0
  193. /package/framework/{v0.5.6 → v0.5.7}/core/template/boilerplate/bundle/config/templates.json +0 -0
  194. /package/framework/{v0.5.6 → v0.5.7}/core/template/boilerplate/bundle/config/watchers.json +0 -0
  195. /package/framework/{v0.5.6 → v0.5.7}/core/template/boilerplate/bundle/controllers/controller.content.js +0 -0
  196. /package/framework/{v0.5.6 → v0.5.7}/core/template/boilerplate/bundle/controllers/controller.js +0 -0
  197. /package/framework/{v0.5.6 → v0.5.7}/core/template/boilerplate/bundle/controllers/setup.js +0 -0
  198. /package/framework/{v0.5.6 → v0.5.7}/core/template/boilerplate/bundle/index.js +0 -0
  199. /package/framework/{v0.5.6 → v0.5.7}/core/template/boilerplate/bundle/locales/en.json +0 -0
  200. /package/framework/{v0.5.6 → v0.5.7}/core/template/boilerplate/bundle_namespace/controllers/controller.js +0 -0
  201. /package/framework/{v0.5.6 → v0.5.7}/core/template/boilerplate/bundle_public/css/default.css +0 -0
  202. /package/framework/{v0.5.6 → v0.5.7}/core/template/boilerplate/bundle_public/css/home.css +0 -0
  203. /package/framework/{v0.5.6 → v0.5.7}/core/template/boilerplate/bundle_public/css/vendor/readme.md +0 -0
  204. /package/framework/{v0.5.6 → v0.5.7}/core/template/boilerplate/bundle_public/favicon.ico +0 -0
  205. /package/framework/{v0.5.6 → v0.5.7}/core/template/boilerplate/bundle_public/js/vendor/readme.md +0 -0
  206. /package/framework/{v0.5.6 → v0.5.7}/core/template/boilerplate/bundle_public/manifest.webmanifest +0 -0
  207. /package/framework/{v0.5.6 → v0.5.7}/core/template/boilerplate/bundle_public/readme.md +0 -0
  208. /package/framework/{v0.5.6 → v0.5.7}/core/template/boilerplate/bundle_public/sw.js +0 -0
  209. /package/framework/{v0.5.6 → v0.5.7}/core/template/boilerplate/bundle_templates/handlers/main.js +0 -0
  210. /package/framework/{v0.5.6 → v0.5.7}/core/template/boilerplate/bundle_templates/html/content/homepage.html +0 -0
  211. /package/framework/{v0.5.6 → v0.5.7}/core/template/boilerplate/bundle_templates/html/includes/error-msg-noscript.html +0 -0
  212. /package/framework/{v0.5.6 → v0.5.7}/core/template/boilerplate/bundle_templates/html/includes/error-msg-outdated-browser.html +0 -0
  213. /package/framework/{v0.5.6 → v0.5.7}/core/template/boilerplate/bundle_templates/html/layouts/main.html +0 -0
  214. /package/framework/{v0.5.6 → v0.5.7}/core/template/command/gina.bat.tpl +0 -0
  215. /package/framework/{v0.5.6 → v0.5.7}/core/template/command/gina.tpl +0 -0
  216. /package/framework/{v0.5.6 → v0.5.7}/core/template/conf/env.json +0 -0
  217. /package/framework/{v0.5.6 → v0.5.7}/core/template/conf/manifest.json +0 -0
  218. /package/framework/{v0.5.6 → v0.5.7}/core/template/conf/package.json +0 -0
  219. /package/framework/{v0.5.6 → v0.5.7}/core/template/conf/settings.json +0 -0
  220. /package/framework/{v0.5.6 → v0.5.7}/core/template/conf/statics.json +0 -0
  221. /package/framework/{v0.5.6 → v0.5.7}/core/template/conf/templates.json +0 -0
  222. /package/framework/{v0.5.6 → v0.5.7}/core/template/error/client/json/401.json +0 -0
  223. /package/framework/{v0.5.6 → v0.5.7}/core/template/error/client/json/403.json +0 -0
  224. /package/framework/{v0.5.6 → v0.5.7}/core/template/error/client/json/404.json +0 -0
  225. /package/framework/{v0.5.6 → v0.5.7}/core/template/error/server/html/50x.html +0 -0
  226. /package/framework/{v0.5.6 → v0.5.7}/core/template/error/server/json/500.json +0 -0
  227. /package/framework/{v0.5.6 → v0.5.7}/core/template/error/server/json/503.json +0 -0
  228. /package/framework/{v0.5.6 → v0.5.7}/core/template/extensions/logger/config.json +0 -0
  229. /package/framework/{v0.5.6 → v0.5.7}/helpers/console.js +0 -0
  230. /package/framework/{v0.5.6 → v0.5.7}/helpers/context.js +0 -0
  231. /package/framework/{v0.5.6 → v0.5.7}/helpers/data/LICENSE +0 -0
  232. /package/framework/{v0.5.6 → v0.5.7}/helpers/data/README.md +0 -0
  233. /package/framework/{v0.5.6 → v0.5.7}/helpers/data/package.json +0 -0
  234. /package/framework/{v0.5.6 → v0.5.7}/helpers/data/src/main.js +0 -0
  235. /package/framework/{v0.5.6 → v0.5.7}/helpers/dateFormat.js +0 -0
  236. /package/framework/{v0.5.6 → v0.5.7}/helpers/index.js +0 -0
  237. /package/framework/{v0.5.6 → v0.5.7}/helpers/json/LICENSE +0 -0
  238. /package/framework/{v0.5.6 → v0.5.7}/helpers/json/README.md +0 -0
  239. /package/framework/{v0.5.6 → v0.5.7}/helpers/json/package.json +0 -0
  240. /package/framework/{v0.5.6 → v0.5.7}/helpers/json/src/main.js +0 -0
  241. /package/framework/{v0.5.6 → v0.5.7}/helpers/path.js +0 -0
  242. /package/framework/{v0.5.6 → v0.5.7}/helpers/plugins/README.md +0 -0
  243. /package/framework/{v0.5.6 → v0.5.7}/helpers/plugins/package.json +0 -0
  244. /package/framework/{v0.5.6 → v0.5.7}/helpers/plugins/src/api-error.js +0 -0
  245. /package/framework/{v0.5.6 → v0.5.7}/helpers/plugins/src/main.js +0 -0
  246. /package/framework/{v0.5.6 → v0.5.7}/helpers/prototypes.js +0 -0
  247. /package/framework/{v0.5.6 → v0.5.7}/helpers/task.js +0 -0
  248. /package/framework/{v0.5.6 → v0.5.7}/helpers/text.js +0 -0
  249. /package/framework/{v0.5.6 → v0.5.7}/lib/admin/package.json +0 -0
  250. /package/framework/{v0.5.6 → v0.5.7}/lib/admin/src/main.js +0 -0
  251. /package/framework/{v0.5.6 → v0.5.7}/lib/archiver/README.md +0 -0
  252. /package/framework/{v0.5.6 → v0.5.7}/lib/archiver/build.json +0 -0
  253. /package/framework/{v0.5.6 → v0.5.7}/lib/archiver/package.json +0 -0
  254. /package/framework/{v0.5.6 → v0.5.7}/lib/archiver/src/dep/jszip.min.js +0 -0
  255. /package/framework/{v0.5.6 → v0.5.7}/lib/archiver/src/main.js +0 -0
  256. /package/framework/{v0.5.6 → v0.5.7}/lib/async/package.json +0 -0
  257. /package/framework/{v0.5.6 → v0.5.7}/lib/async/src/main.js +0 -0
  258. /package/framework/{v0.5.6 → v0.5.7}/lib/cache/README.md +0 -0
  259. /package/framework/{v0.5.6 → v0.5.7}/lib/cache/build.json +0 -0
  260. /package/framework/{v0.5.6 → v0.5.7}/lib/cache/package.json +0 -0
  261. /package/framework/{v0.5.6 → v0.5.7}/lib/cache/src/main.js +0 -0
  262. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/aliases.json +0 -0
  263. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/bundle/add.js +0 -0
  264. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/bundle/arguments.json +0 -0
  265. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/bundle/build.js +0 -0
  266. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/bundle/copy.js +0 -0
  267. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/bundle/cp.js +0 -0
  268. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/bundle/help.js +0 -0
  269. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/bundle/help.txt +0 -0
  270. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/bundle/inc/name-rewrite.js +0 -0
  271. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/bundle/list.js +0 -0
  272. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/bundle/man.js +0 -0
  273. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/bundle/mcp-start.js +0 -0
  274. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/bundle/mcp.js +0 -0
  275. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/bundle/oas.js +0 -0
  276. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/bundle/openapi.js +0 -0
  277. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/bundle/remove.js +0 -0
  278. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/bundle/rename.js +0 -0
  279. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/bundle/restart.js +0 -0
  280. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/bundle/rm.js +0 -0
  281. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/bundle/start.js +0 -0
  282. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/bundle/status.js +0 -0
  283. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/bundle/stop.js +0 -0
  284. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/cache/stats.js +0 -0
  285. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/connector/add.js +0 -0
  286. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/connector/arguments.json +0 -0
  287. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/connector/help.js +0 -0
  288. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/connector/help.txt +0 -0
  289. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/connector/infer.js +0 -0
  290. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/connector/list.js +0 -0
  291. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/connector/migrate.js +0 -0
  292. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/connector/remove.js +0 -0
  293. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/connector/rm.js +0 -0
  294. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/connector/test.js +0 -0
  295. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/env/add.js +0 -0
  296. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/env/get.js +0 -0
  297. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/env/help.js +0 -0
  298. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/env/help.txt +0 -0
  299. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/env/link-dev.js +0 -0
  300. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/env/list.js +0 -0
  301. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/env/remove.js +0 -0
  302. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/env/rm.js +0 -0
  303. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/env/set.js +0 -0
  304. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/env/unset.js +0 -0
  305. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/env/use.js +0 -0
  306. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/framework/add.js +0 -0
  307. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/framework/arguments.json +0 -0
  308. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/framework/build.js +0 -0
  309. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/framework/dot.js +0 -0
  310. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/framework/get.js +0 -0
  311. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/framework/help.js +0 -0
  312. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/framework/help.txt +0 -0
  313. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/framework/init.js +0 -0
  314. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/framework/link-node-modules.js +0 -0
  315. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/framework/link.js +0 -0
  316. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/framework/list.js +0 -0
  317. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/framework/man.js +0 -0
  318. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/framework/msg.json +0 -0
  319. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/framework/open.js +0 -0
  320. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/framework/remove.js +0 -0
  321. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/framework/reset.js +0 -0
  322. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/framework/restart.js +0 -0
  323. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/framework/set.js +0 -0
  324. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/framework/start.js +0 -0
  325. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/framework/status.js +0 -0
  326. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/framework/stop.js +0 -0
  327. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/framework/tail.js +0 -0
  328. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/framework/update.js +0 -0
  329. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/framework/version.js +0 -0
  330. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/gina-dev.1.md +0 -0
  331. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/gina-framework.1.md +0 -0
  332. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/gina.1.md +0 -0
  333. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/helper.js +0 -0
  334. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/i18n/add.js +0 -0
  335. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/i18n/arguments.json +0 -0
  336. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/i18n/export.js +0 -0
  337. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/i18n/help.js +0 -0
  338. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/i18n/help.txt +0 -0
  339. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/i18n/import.js +0 -0
  340. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/i18n/scan.js +0 -0
  341. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/index.js +0 -0
  342. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/inspector/help.js +0 -0
  343. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/inspector/help.txt +0 -0
  344. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/inspector/open.js +0 -0
  345. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/man-render.js +0 -0
  346. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/minion/arguments.json +0 -0
  347. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/minion/help.js +0 -0
  348. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/minion/help.txt +0 -0
  349. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/minion/kill.js +0 -0
  350. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/minion/list.js +0 -0
  351. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/msg.json +0 -0
  352. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/port/help.js +0 -0
  353. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/port/help.txt +0 -0
  354. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/port/inc/scan.js +0 -0
  355. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/port/list.js +0 -0
  356. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/port/reset.js +0 -0
  357. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/port/set.js +0 -0
  358. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/project/add.js +0 -0
  359. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/project/arguments.json +0 -0
  360. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/project/backup.js +0 -0
  361. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/project/build.js +0 -0
  362. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/project/help.js +0 -0
  363. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/project/help.txt +0 -0
  364. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/project/import.js +0 -0
  365. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/project/list.js +0 -0
  366. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/project/man.js +0 -0
  367. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/project/move.js +0 -0
  368. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/project/remove.js +0 -0
  369. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/project/rename.js +0 -0
  370. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/project/restart.js +0 -0
  371. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/project/restore.js +0 -0
  372. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/project/rm.js +0 -0
  373. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/project/start.js +0 -0
  374. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/project/status.js +0 -0
  375. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/project/stop.js +0 -0
  376. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/protocol/arguments.json +0 -0
  377. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/protocol/help.js +0 -0
  378. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/protocol/help.txt +0 -0
  379. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/protocol/list.js +0 -0
  380. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/protocol/remove.js +0 -0
  381. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/protocol/set.js +0 -0
  382. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/scope/add.js +0 -0
  383. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/scope/help.js +0 -0
  384. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/scope/help.txt +0 -0
  385. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/scope/link-local.js +0 -0
  386. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/scope/link-production.js +0 -0
  387. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/scope/list.js +0 -0
  388. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/scope/remove.js +0 -0
  389. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/scope/rm.js +0 -0
  390. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/scope/use.js +0 -0
  391. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/secrets/arguments.json +0 -0
  392. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/secrets/check.js +0 -0
  393. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/secrets/help.js +0 -0
  394. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/secrets/help.txt +0 -0
  395. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/secrets/scan.js +0 -0
  396. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/service/help.js +0 -0
  397. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/service/help.txt +0 -0
  398. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/service/list.js +0 -0
  399. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/service/man.js +0 -0
  400. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/service/start.js +0 -0
  401. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd/view/add.js +0 -0
  402. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd-status-format/package.json +0 -0
  403. /package/framework/{v0.5.6 → v0.5.7}/lib/cmd-status-format/src/main.js +0 -0
  404. /package/framework/{v0.5.6 → v0.5.7}/lib/collection/README.md +0 -0
  405. /package/framework/{v0.5.6 → v0.5.7}/lib/collection/build.json +0 -0
  406. /package/framework/{v0.5.6 → v0.5.7}/lib/collection/package.json +0 -0
  407. /package/framework/{v0.5.6 → v0.5.7}/lib/collection/src/main.js +0 -0
  408. /package/framework/{v0.5.6 → v0.5.7}/lib/config.js +0 -0
  409. /package/framework/{v0.5.6 → v0.5.7}/lib/connector-config/package.json +0 -0
  410. /package/framework/{v0.5.6 → v0.5.7}/lib/connector-config/src/main.js +0 -0
  411. /package/framework/{v0.5.6 → v0.5.7}/lib/connector-registry/package.json +0 -0
  412. /package/framework/{v0.5.6 → v0.5.7}/lib/connector-registry/src/main.js +0 -0
  413. /package/framework/{v0.5.6 → v0.5.7}/lib/cron/README.md +0 -0
  414. /package/framework/{v0.5.6 → v0.5.7}/lib/cron/package.json +0 -0
  415. /package/framework/{v0.5.6 → v0.5.7}/lib/cron/src/main.js +0 -0
  416. /package/framework/{v0.5.6 → v0.5.7}/lib/domain/LICENSE +0 -0
  417. /package/framework/{v0.5.6 → v0.5.7}/lib/domain/README.md +0 -0
  418. /package/framework/{v0.5.6 → v0.5.7}/lib/domain/package.json +0 -0
  419. /package/framework/{v0.5.6 → v0.5.7}/lib/domain/src/main.js +0 -0
  420. /package/framework/{v0.5.6 → v0.5.7}/lib/generator/index.js +0 -0
  421. /package/framework/{v0.5.6 → v0.5.7}/lib/i18n/package.json +0 -0
  422. /package/framework/{v0.5.6 → v0.5.7}/lib/i18n/src/main.js +0 -0
  423. /package/framework/{v0.5.6 → v0.5.7}/lib/inherits/LICENSE +0 -0
  424. /package/framework/{v0.5.6 → v0.5.7}/lib/inherits/README.md +0 -0
  425. /package/framework/{v0.5.6 → v0.5.7}/lib/inherits/package.json +0 -0
  426. /package/framework/{v0.5.6 → v0.5.7}/lib/inherits/src/main.js +0 -0
  427. /package/framework/{v0.5.6 → v0.5.7}/lib/inspector-events/package.json +0 -0
  428. /package/framework/{v0.5.6 → v0.5.7}/lib/inspector-events/src/main.js +0 -0
  429. /package/framework/{v0.5.6 → v0.5.7}/lib/inspector-redact/package.json +0 -0
  430. /package/framework/{v0.5.6 → v0.5.7}/lib/inspector-redact/src/main.js +0 -0
  431. /package/framework/{v0.5.6 → v0.5.7}/lib/instrument/package.json +0 -0
  432. /package/framework/{v0.5.6 → v0.5.7}/lib/instrument/src/main.js +0 -0
  433. /package/framework/{v0.5.6 → v0.5.7}/lib/job/package.json +0 -0
  434. /package/framework/{v0.5.6 → v0.5.7}/lib/logger/README.md +0 -0
  435. /package/framework/{v0.5.6 → v0.5.7}/lib/logger/package.json +0 -0
  436. /package/framework/{v0.5.6 → v0.5.7}/lib/logger/src/containers/default/index.js +0 -0
  437. /package/framework/{v0.5.6 → v0.5.7}/lib/logger/src/containers/file/index.js +0 -0
  438. /package/framework/{v0.5.6 → v0.5.7}/lib/logger/src/containers/file/lib/logrotator/README.md +0 -0
  439. /package/framework/{v0.5.6 → v0.5.7}/lib/logger/src/containers/file/lib/logrotator/index.js +0 -0
  440. /package/framework/{v0.5.6 → v0.5.7}/lib/logger/src/containers/mq/index.js +0 -0
  441. /package/framework/{v0.5.6 → v0.5.7}/lib/logger/src/containers/mq/listener.js +0 -0
  442. /package/framework/{v0.5.6 → v0.5.7}/lib/logger/src/containers/mq/speaker.js +0 -0
  443. /package/framework/{v0.5.6 → v0.5.7}/lib/logger/src/helper.js +0 -0
  444. /package/framework/{v0.5.6 → v0.5.7}/lib/logger/src/main.js +0 -0
  445. /package/framework/{v0.5.6 → v0.5.7}/lib/math/index.js +0 -0
  446. /package/framework/{v0.5.6 → v0.5.7}/lib/mcp-dispatch/package.json +0 -0
  447. /package/framework/{v0.5.6 → v0.5.7}/lib/mcp-dispatch/src/main.js +0 -0
  448. /package/framework/{v0.5.6 → v0.5.7}/lib/mcp-http/package.json +0 -0
  449. /package/framework/{v0.5.6 → v0.5.7}/lib/mcp-http/src/main.js +0 -0
  450. /package/framework/{v0.5.6 → v0.5.7}/lib/mcp-server/package.json +0 -0
  451. /package/framework/{v0.5.6 → v0.5.7}/lib/mcp-server/src/main.js +0 -0
  452. /package/framework/{v0.5.6 → v0.5.7}/lib/merge/README.md +0 -0
  453. /package/framework/{v0.5.6 → v0.5.7}/lib/merge/package.json +0 -0
  454. /package/framework/{v0.5.6 → v0.5.7}/lib/merge/src/main.js +0 -0
  455. /package/framework/{v0.5.6 → v0.5.7}/lib/metrics/package.json +0 -0
  456. /package/framework/{v0.5.6 → v0.5.7}/lib/metrics/src/main.js +0 -0
  457. /package/framework/{v0.5.6 → v0.5.7}/lib/model.js +0 -0
  458. /package/framework/{v0.5.6 → v0.5.7}/lib/nunjucks-filters/README.md +0 -0
  459. /package/framework/{v0.5.6 → v0.5.7}/lib/nunjucks-filters/package.json +0 -0
  460. /package/framework/{v0.5.6 → v0.5.7}/lib/nunjucks-filters/src/main.js +0 -0
  461. /package/framework/{v0.5.6 → v0.5.7}/lib/nunjucks-resolver/package.json +0 -0
  462. /package/framework/{v0.5.6 → v0.5.7}/lib/nunjucks-resolver/src/main.js +0 -0
  463. /package/framework/{v0.5.6 → v0.5.7}/lib/proc.js +0 -0
  464. /package/framework/{v0.5.6 → v0.5.7}/lib/routing/README.md +0 -0
  465. /package/framework/{v0.5.6 → v0.5.7}/lib/routing/build.json +0 -0
  466. /package/framework/{v0.5.6 → v0.5.7}/lib/routing/package.json +0 -0
  467. /package/framework/{v0.5.6 → v0.5.7}/lib/routing/src/main.js +0 -0
  468. /package/framework/{v0.5.6 → v0.5.7}/lib/routing/src/radix.js +0 -0
  469. /package/framework/{v0.5.6 → v0.5.7}/lib/routing-introspect/package.json +0 -0
  470. /package/framework/{v0.5.6 → v0.5.7}/lib/routing-introspect/src/main.js +0 -0
  471. /package/framework/{v0.5.6 → v0.5.7}/lib/secrets/package.json +0 -0
  472. /package/framework/{v0.5.6 → v0.5.7}/lib/secrets/src/backends/env.js +0 -0
  473. /package/framework/{v0.5.6 → v0.5.7}/lib/secrets/src/main.js +0 -0
  474. /package/framework/{v0.5.6 → v0.5.7}/lib/session-store.js +0 -0
  475. /package/framework/{v0.5.6 → v0.5.7}/lib/shell.js +0 -0
  476. /package/framework/{v0.5.6 → v0.5.7}/lib/state.js +0 -0
  477. /package/framework/{v0.5.6 → v0.5.7}/lib/swig-filters/README.md +0 -0
  478. /package/framework/{v0.5.6 → v0.5.7}/lib/swig-filters/package.json +0 -0
  479. /package/framework/{v0.5.6 → v0.5.7}/lib/swig-filters/src/main.js +0 -0
  480. /package/framework/{v0.5.6 → v0.5.7}/lib/swig-resolver/package.json +0 -0
  481. /package/framework/{v0.5.6 → v0.5.7}/lib/swig-resolver/src/main.js +0 -0
  482. /package/framework/{v0.5.6 → v0.5.7}/lib/template-loaders/package.json +0 -0
  483. /package/framework/{v0.5.6 → v0.5.7}/lib/template-loaders/src/loaders/http.js +0 -0
  484. /package/framework/{v0.5.6 → v0.5.7}/lib/template-loaders/src/loaders/memory.js +0 -0
  485. /package/framework/{v0.5.6 → v0.5.7}/lib/template-loaders/src/main.js +0 -0
  486. /package/framework/{v0.5.6 → v0.5.7}/lib/url/README.md +0 -0
  487. /package/framework/{v0.5.6 → v0.5.7}/lib/url/index.js +0 -0
  488. /package/framework/{v0.5.6 → v0.5.7}/lib/url/routing.json +0 -0
  489. /package/framework/{v0.5.6 → v0.5.7}/lib/uuid/package.json +0 -0
  490. /package/framework/{v0.5.6 → v0.5.7}/lib/uuid/src/main.js +0 -0
  491. /package/framework/{v0.5.6 → v0.5.7}/lib/validator.js +0 -0
  492. /package/framework/{v0.5.6 → v0.5.7}/lib/watcher/package.json +0 -0
  493. /package/framework/{v0.5.6 → v0.5.7}/lib/watcher/src/main.js +0 -0
  494. /package/framework/{v0.5.6 → v0.5.7}/lib/ws-framing/package.json +0 -0
  495. /package/framework/{v0.5.6 → v0.5.7}/lib/ws-framing/src/main.js +0 -0
  496. /package/framework/{v0.5.6 → v0.5.7}/lib/ws-query/package.json +0 -0
  497. /package/framework/{v0.5.6 → v0.5.7}/lib/ws-query/src/main.js +0 -0
  498. /package/framework/{v0.5.6 → v0.5.7}/lib/ws-session/package.json +0 -0
  499. /package/framework/{v0.5.6 → v0.5.7}/lib/ws-session/src/main.js +0 -0
package/llms.txt CHANGED
@@ -331,7 +331,7 @@ ai.client.chat.completions.create({ ... });
331
331
 
332
332
  ## Async jobs (#AI6)
333
333
 
334
- Run slow work (e.g. a 1–30s `.infer()`) out-of-band so it doesn't tie up the request pipeline. `lib.job.create(fn, opts)` enqueues a deferred async function on a concurrency-limited worker (default 4) and returns a `jobId` immediately; state moves `pending → running → completed | failed`. Records live in an in-memory store behind a callback-shaped `set/get/remove/list/sweep` seam (connector-backed for multi-pod is a follow-up) with a self-contained unref'd `setInterval` TTL sweep — `lib/cron` is NOT involved.
334
+ Run slow work (e.g. a 1–30s `.infer()`) out-of-band so it doesn't tie up the request pipeline. `lib.job.create(fn, opts)` enqueues a deferred async function on a concurrency-limited worker (default 4) and returns a `jobId` immediately; state moves `pending → running → completed | failed`. Records live behind a callback-shaped `set/get/remove/list/sweep` store seam — in-memory by default, or connector-backed via `app.json`'s `jobs.store` (SQLite for single-host durability, MongoDB or Redis for multi-pod visibility: records survive bundle restarts and are readable cross-process/pod — a job created on one pod is pollable from another — while the deferred function still runs only in the creating process) with a self-contained unref'd `setInterval` TTL sweep — `lib/cron` is NOT involved.
335
335
 
336
336
  ```javascript
337
337
  // In a controller action — return immediately, work runs out-of-band:
@@ -346,7 +346,10 @@ var jobId = self.inferAsync([{ role: 'user', content: prompt }], { connector: 'm
346
346
 
347
347
  - Poll the built-in always-on `GET /_gina/jobs/:id` for `{ id, state, createdAt, updatedAt }` — state-only, never the result/error payload, works on both the Isaac and Express engines. Read a completed job's result from your own authenticated route via `self.jobStatus(id, cb)`.
348
348
  - Opt-in completion webhook: pass `{ callbackUrl }` to `create` / `startJob` and the framework POSTs `{ id, state, result, error }` on completion — best-effort with retry + exponential backoff (`webhookFailed` recorded after exhaustion, never affecting the job outcome). Set `app.json jobs.webhookSecret` to sign each payload with an `X-Gina-Signature` HMAC-SHA256 header.
349
- - Always-on with sane defaults; tune via `app.json jobs.*` (`maxConcurrency`, `ttl`, `sweepInterval`, `idSize`, `webhook*`). The deferred function runs after the response, so capture plain values — never `req`/`res`.
349
+ - Always-on with sane defaults; tune via `app.json jobs.*` (`maxConcurrency`, `ttl`, `sweepInterval`, `idSize`, `retryBackoffMs`, `webhook*`). The deferred function runs after the response, so capture plain values — never `req`/`res`.
350
+ - Failed-job retry (opt-in): pass `{ maxAttempts: N }` to `create`/`startJob` — a failed attempt is retried on the CREATING process with exponential backoff (`app.json jobs.retryBackoffMs`, default 1000 ms, doubling per attempt). Between attempts the record returns to `pending` with the last error and an informational `nextRetryAt` visible, and it can never be purged by the TTL sweep (`expiresAt` stays null until terminal); `failed`/`completed` are strictly terminal and the completion webhook fires exactly once, after the final attempt. Only the origin pod retries — the deferred function exists only in the process that created the job; other pods just read the shared record. The default `maxAttempts` of 1 keeps the exact runs-once behavior.
351
+ - Durable (connector-backed) records: set `app.json` `jobs.store` to a `connectors.json` entry name — e.g. `"jobs": { "store": "jobsDb" }` with `"jobsDb": { "connector": "sqlite", "file": "/data/jobs.db" }` (single host), `"jobsDb": { "connector": "mongodb", "host": "127.0.0.1", "port": 27017, "database": "gina_jobs" }` (multi-pod — same `uri`/`host`/`database` keys as the MongoDB session store; the `mongodb` driver is resolved from the consuming project's `node_modules`, so `npm install mongodb` there), or `"jobsRedis": { "connector": "redis", "host": "127.0.0.1", "port": 6379 }` (multi-pod — same `host`/`port`/`db`/`password`/`tls`/`cluster` keys as the Redis session store; driver `ioredis`, resolved like the session store with a project-`node_modules` fallback, so `npm install ioredis` in the project works under every install topology). Each entry follows its OWN connector's config-key conventions: for sqlite use `file` for the path — the model layer also scans every connectors.json entry at boot and treats `database` as a NAME, so a path in `database` fails the boot before the job store is built; for mongodb `database` IS the (required) name; a redis entry needs no database name at all (keys are namespaced under a `prefix`, default `jobs:`). A configured store that cannot be built (bad entry name, missing implementation, unopenable file, missing driver) aborts the boot with a clear error — never a silent fall-back to memory; an absent `jobs.store` keeps the in-memory store, unchanged. Store `get`/`list` deliberately do NOT filter expired records — expiry acts only at sweep time, matching the memory store; the MongoDB store therefore never configures server-side TTL reaping (which would purge outside the seam — and the record's epoch-ms `expiresAt` is a number the Date-indexed TTL monitor would ignore anyway), and the Redis store never sets a per-key TTL for the same reason.
352
+ - Redis job-store design: the record rides as a JSON string at `<prefix><id>`, with per-state id SETs (`<prefix>idx:state:<state>`) and a terminal-only expiry sorted-set (`<prefix>idx:expires`, score = epoch-ms `expiresAt`) maintained atomically with every write in one MULTI — so `list({state})` reads only matching ids, `sweep` reads only already-expired ids, and neither ever SCANs the keyspace. Redis Cluster works via a hash-tagged prefix (default `{jobs}:` in cluster mode; a custom cluster prefix without a `{tag}` fails fast at construction instead of CROSSSLOT errors at runtime). Also fixed alongside: a `"connector": "redis"` connectors.json entry previously aborted the bundle boot at the model scan (the connector shipped no boot connector file) — even the documented Redis session-store configuration could not boot; the connector now includes a no-op boot connector that opens no connection and requires no driver.
350
353
 
351
354
  ---
352
355
 
@@ -900,7 +903,7 @@ Dev-mode query instrumentation captures every database query tied to the current
900
903
 
901
904
  163. **`request.rawBody` — the exact unparsed request body is snapshotted before parsing, for inbound-webhook HMAC verification.** The non-multipart end-of-stream handler in `core/server.js` (`request.on('end', onEnd)`) now sets `request.rawBody = (typeof request.body === 'string') ? request.body : ''` immediately BEFORE `processRequestData(request, response, next)` mutates `request.body` into the parsed object. Signed-webhook authentication computes an HMAC over the exact raw request bytes; by the time `app.use(...)` middlewares run the stream is drained and `request.body` is the parsed object, so a consumer middleware could not otherwise capture the raw bytes (consume-then-`next()` hangs the request; a passive `data`/`end` listener sees nothing). The snapshot is a reference assignment (zero-copy) and always-on — no opt-in flag. It is gated to the non-multipart branch only: the `multipart/form-data` path uses Busboy (`request.pipe(busboy)`) and never reaches `onEnd`, so uploads are unaffected. Empty bodies yield `''` (never the `{}` request-init object — `request.body` is initialised to `{}` and only becomes a string once the data handler appends a chunk, so the `typeof === 'string'` guard maps both empty and object cases to `''`). **Engine coverage:** `processRequestData` and this end-of-stream handler live solely in `server.js` and are the shared body pipeline for BOTH engines — `server.isaac.js` has no separate general body accumulation (its only `req.on('data')` is the bounded `/_gina/instrument` control reader), so the isaac engine is covered without an engine-specific mirror. Tests: `test/core/http-methods.test.js` §16 (source pins: snapshot-before-`processRequestData` ordering, the string guard, single-site / after-`request.pipe(busboy)` placement; behavioural replica of multi-chunk accumulation + snapshot; empty-body → `''`; an HMAC round-trip recomputed over `req.rawBody`; a subtract-my-contribution case proving a re-stringified parse breaks verification). Established 2026-06-09.
902
905
 
903
- 164. **#B30 — a request with a malformed percent-escape in its URL or query string crashed the bundle (unauthenticated single-request DoS); fixed by crash-safe decode helpers + dropping a redundant double-decode.** Both `decodeURIComponent` AND `decodeURI` throw `URIError: URI malformed` on a malformed escape (a bare `%`, `%zz`, a truncated `%E0%A`); `proc.js`'s `uncaughtException` handler emits an `[ FRAMEWORK ][ uncaughtException ]` emerg and SIGTERM-shuts-down the bundle on a generic uncaught error, so any unguarded decode of attacker-controllable input on the request path was a single-request crash (the production trace: `processRequestData` GET branch → `onEnd` emit → emerg → SIGTERM → forced exit). Two defect classes, two fixes. **(1) Redundant double-decode (GET/HEAD)** — `processRequestData`'s GET/HEAD branches did `formatDataFromString(decodeURIComponent(request.query.inheritedData))` / `(bodyStr)`, but `request.query` is already percent-decoded once by the engine query parser AND `formatDataFromString` self-guards its own internal decode, so the explicit decode was a redundant SECOND decode that crashed on a literal `%` surviving the first decode (e.g. inheritedData `{"x":"50%off"}` → `%of`) and silently double-decoded valid data; DROPPED at all four sites (robust regardless of engine — `formatDataFromString` supplies the single guarded decode; behaviour byte-identical for the no-`%`-in-data case). **(2) Genuine first-decode (cannot drop)** — added `safeDecodeURIComponent` / `safeDecodeURI` DataHelper globals (`try { return decode…(str) } catch { return str }`, mirroring the POST/PUT/PATCH body branches) and routed every first-decode of attacker input through them: `server.isaac.js` query parser (`a[1]` ×2), `server.js` static path (`handleStatics` filename + `getAssetFilenameFromUrl` url), `helpers/data parseBody` (`arr[i]`/`el[0]`/`el[1]`), AND — the class the first pass MISSED (caught by adversarial review) — every `decodeURI` site (a SEPARATE function that throws the same `URIError`, used with a `/// avoid %20` comment on the routing + error paths): `server.js` ×3 (trie lookup, route params, `throwError`), `lib/routing/src/main.js` ×4 (cached params, `request.routing.path` ×2, linear-scan params), `controller.js` ×1 (error path). The `throwError` / `controller.js` error-path sites were worst — a malformed-`%` URL to a missing asset (`GET /assets/%E0%A.css`) reached `throwError` via the 404 path and crashed FROM the error handler (turning a would-be 404 into a crash); the async route-matching `decodeURI` sites instead rejected the dispatch promise → `unhandledRejection` (logged) → a *hung* request, now a clean 404. **NOT done:** no broadening of `proc.js`'s handler into a swallow-everything net (only known-benign TCP/HTTP codes are continued; generic errors still SIGTERM — swallowing arbitrary uncaught exceptions masks state corruption). **Deferred:** `formatDataFromString` still single-decodes an already-decoded value, so a literal `%20` in data still decodes to a space (no crash); fully fixing needs a no-decode variant (own consumer survey). **Lesson:** when sweeping a throwing-decode crash class, sweep BOTH `decodeURIComponent` AND `decodeURI`. Tests: `http-methods.test.js` §17 (GET/HEAD drop + first-decode pins, comment-stripped negatives) + §18 (the 8 `decodeURI` guards across server.js / lib/routing / controller.js), `server.isaac.test.js` §10 (query-parser safe-decode + `?x=%` replica), `format-data-from-string.test.js` (`safeDecodeURIComponent`/`safeDecodeURI` behavioural against the real loaded helper + subtract proving the pre-fix shape throws). Empirical repro (real DataHelper) reproduces the exact production `URIError` pre-fix and the clean result post-fix. Established 2026-06-10.
906
+ 164. **#B30 — a request with a malformed percent-escape in its URL or query string crashed the bundle (unauthenticated single-request DoS); fixed by crash-safe decode helpers + dropping a redundant double-decode.** Both `decodeURIComponent` AND `decodeURI` throw `URIError: URI malformed` on a malformed escape (a bare `%`, `%zz`, a truncated `%E0%A`); `proc.js`'s `uncaughtException` handler emits an `[ FRAMEWORK ][ uncaughtException ]` emerg and SIGTERM-shuts-down the bundle on a generic uncaught error, so any unguarded decode of attacker-controllable input on the request path was a single-request crash (the production trace: `processRequestData` GET branch → `onEnd` emit → emerg → SIGTERM → forced exit). Two defect classes, two fixes. **(1) Redundant double-decode (GET/HEAD)** — `processRequestData`'s GET/HEAD branches did `formatDataFromString(decodeURIComponent(request.query.inheritedData))` / `(bodyStr)`, but `request.query` is already percent-decoded once by the engine query parser AND `formatDataFromString` self-guards its own internal decode, so the explicit decode was a redundant SECOND decode that crashed on a literal `%` surviving the first decode (e.g. inheritedData `{"x":"50%off"}` → `%of`) and silently double-decoded valid data; DROPPED at all four sites (robust regardless of engine — `formatDataFromString` supplies the single guarded decode; behaviour byte-identical for the no-`%`-in-data case). **(2) Genuine first-decode (cannot drop)** — added `safeDecodeURIComponent` / `safeDecodeURI` DataHelper globals (`try { return decode…(str) } catch { return str }`, mirroring the POST/PUT/PATCH body branches) and routed every first-decode of attacker input through them: `server.isaac.js` query parser (`a[1]` ×2), `server.js` static path (`handleStatics` filename + `getAssetFilenameFromUrl` url), `helpers/data parseBody` (`arr[i]`/`el[0]`/`el[1]`), AND — the class the first pass MISSED (caught by adversarial review) — every `decodeURI` site (a SEPARATE function that throws the same `URIError`, used with a `/// avoid %20` comment on the routing + error paths): `server.js` ×3 (trie lookup, route params, `throwError`), `lib/routing/src/main.js` ×4 (cached params, `request.routing.path` ×2, linear-scan params), `controller.js` ×1 (error path). The `throwError` / `controller.js` error-path sites were worst — a malformed-`%` URL to a missing asset (`GET /assets/%E0%A.css`) reached `throwError` via the 404 path and crashed FROM the error handler (turning a would-be 404 into a crash); the async route-matching `decodeURI` sites instead rejected the dispatch promise → `unhandledRejection` (logged) → a *hung* request, now a clean 404. **NOT done:** no broadening of `proc.js`'s handler into a swallow-everything net (only known-benign TCP/HTTP codes are continued; generic errors still SIGTERM — swallowing arbitrary uncaught exceptions masks state corruption). **Deferred:** `formatDataFromString` still single-decodes an already-decoded value, so a literal `%20` in data still decodes to a space (no crash); fully fixing needs a no-decode variant (own consumer survey). **Lesson:** when sweeping a throwing-decode crash class, sweep BOTH `decodeURIComponent` AND `decodeURI`. Tests: `http-methods.test.js` §17 (GET/HEAD drop + first-decode pins, comment-stripped negatives) + §18 (the 8 `decodeURI` guards across server.js / lib/routing / controller.js), `server.isaac.test.js` §10 (query-parser safe-decode + `?x=%` replica), `format-data-from-string.test.js` (`safeDecodeURIComponent`/`safeDecodeURI` behavioural against the real loaded helper + subtract proving the pre-fix shape throws). Empirical repro (real DataHelper) reproduces the exact production `URIError` pre-fix and the clean result post-fix. Established 2026-06-10. **Sibling #B64 (path traversal → unauthenticated arbitrary file read, 2026-07-03, shipped 0.5.7):** the SAME two static resolvers built the served filename by raw concatenation — `handleStatics` (prefix-regex branch: `<statics mapping target> + '/' + <url remainder>`, or the `publicPath + pathname` default) and `getAssetFilenameFromUrl` (`content.statics[key] + <remainder>`, or the `publicPath + url` fallback) — guarded ONLY by an existence check, so a `../` (or `%2F` / `%2e%2e`, already settled by the #B30 `safeDecodeURIComponent`) escaped the mapping target to any sibling under the shared root (config/credentials/server-side source). `handleStatics` is the primary path (its `new RegExp('^'+staticResource)` prefix match accepts `/js/vendor/lib/../../../config/secret.json`); `getAssetFilenameFromUrl` also feeds the attacker-controlled HTTP/2-push path (`headers[':path']`). Fixed with a `confineToBase(filename, base)` sibling helper (`path.resolve` on both + separator-aware containment `_resolvedFile === base || _resolvedFile.indexOf(base + path.sep) === 0`, so `/srv/app/lib` can't be bypassed by `/srv/app/lib-secrets`) + a per-branch base capture (`_base`/`_staticBase` = the matched mapping target, else `publicPath`); on escape → notFound/404, identical to a missing file (no distinct signal). Placed right AFTER the #B30 decode so encoded variants are settled. Guards every caller (both engines — `server.js` is engine-agnostic, no `server.isaac.js` copy) and every sink (`fs.readFile`, `fs.createReadStream`, h2-push). Lexical only (no symlink following), mirroring the CVE-2023-25345 Layer-2 idiom in `controller.render-swig.js`. Tests: `server-static-traversal.test.js` (real extracted `confineToBase` + source-pins on both guard sites + real-fs replica of all three encodings on both resolvers + a subtract proving the pre-fix leak); full suite 9727/0.
904
907
 
905
908
  165. **The dev-mode Inspector statusbar (and its launch link) vanished on content-heavy pages because `String.replace(/re/, str)` expanded dollar-patterns in the replacement STRING (`0ba469d0`, 2026-06-10).** `render-swig.js` splices its inline dev scripts before `</body>` via `layout/htmlContent.replace(/<\/body>/i, content + '...')`. With a STRING replacement, `String.prototype.replace` expands dollar-sequences found in `content`: dollar-backtick = the text BEFORE the match (prematch), dollar-quote = AFTER (postmatch), `$&` = the match, `$1`/`$2` = capture groups (empty when the regex has none). The inlined #TPL2 statusbar body legitimately carries a dollar-backtick (in a regex-explaining comment) and a dollar-quote (in a regex literal), so the prematch spliced the ENTIRE document before `</body>` INTO the statusbar `<script>` → `SyntaxError` → the statusbar IIFE never ran (no statusbar host, no `ginaToolbar` shim, no link). Volume-dependent: a near-empty page (gina-starter) has a tiny prematch and renders fine — the bug only manifests on a real content-heavy render, so a gina-starter smoke is falsely green. The two sibling flow-patch splices (cache-hit + cache-miss) had the same latent exposure via SQL `$1`/`$2` placeholders captured in the flow `detail`. **Fix: function replacers** — `html.replace(/<\/body>/i, function () { return frag + '</body>'; })` inserts the return value verbatim with no dollar-expansion (escaping `$`→`$$` works too, less clear). The popin-XHR splices were already safe — `encodeRFC5987ValueChars` percent-encodes `$`→`%24`. **General rule: any `String.replace(re, X + ...)` where X is dynamic (JSON, user data, an inlined template, captured query/flow text) must use a function replacer or escape `$`** — a string replacement is a latent injection. render-swig.js is server-side (not in the browser bundle) so the fix needs no dist rebuild; it hot-reloads per render in dev/cacheless mode (so a running dev bundle picks it up on the next render). Tests: `render-swig.test.js §18` (3 source pins locking the function replacers + a pure-logic replica proving the old string form duplicates the document while the function replacer does not + a guard that the shipped statusbar actually carries a dollar-sequence). Established 2026-06-10.
906
909
 
@@ -951,7 +954,7 @@ Dev-mode query instrumentation captures every database query tied to the current
951
954
 
952
955
  188. **The multipart upload handler now honours the configured destination dir and the maxFields / maxFieldsSize limits — three documented settings.json keys were inert (#B49 + #B51, 2026-06-16, commits `0df499a6` + `15ceff06`).** `core/server.js`'s `multipart/form-data` branch carried three dead `upload.*` config keys: (1) **#B49** — it streamed each file via `opt.uploadDir`, a key the shipped `settings.json` never sets (it defines `upload.tmpPath` + per-group `path`, and nothing mapped `tmpPath`→`uploadDir`), so every upload landed in `os.tmpdir()` and the documented dir keys did nothing; (2) **#B51** — `upload.maxFields` (default 1000) was declared but read nowhere, so a group allowing multiple files accepted an UNBOUNDED count (only the binary per-group `isMultipleAllowed` capped anything); (3) **#B51** — `maxFieldsSize` dropped its unit suffix (`parseInt("512K")` → 512, then compared as 512 MB, so `"512K"` silently meant 512 MB). Fixes: (#B49) global dir = `opt.uploadDir || opt.tmpPath || os.tmpdir()`, a per-group `path` override at both write sites, AND an mkdir-if-missing before `createWriteStream` — required because the writeStream `'error'` handler is only attached later, in the busboy `'finish'` loop, so a missing CUSTOM dir would emit an unhandled ENOENT during streaming and crash the bundle (the default `<project>/tmp` is created at boot, but a custom dir is not); (#B51) a global `maxFields` file-count cap (`throwError(400)` once `fileCount > maxFields`, with `0`/unset/NaN disabling it), and a local `parseSize` helper reading B/KB/MB/GB (a bare number = MB for back-compat) into bytes so `content-length` is compared in bytes. The `${tmpPath}` placeholder in `tmpPath`/`path` resolves to an absolute dir at config-load via `whisper` (→ `<project>/tmp`), so the fix reads a real value. Back-compat: the shipped `"2MB"` is unchanged; a non-MB `maxFieldsSize` suffix now means what it says (a tighter limit) — a `Fixed` changie note. `server.js` is server-side (not in the browser bundle) → no dist rebuild. Rule: a documented config key is only real if a code path reads it — grep the consumer before assuming a setting works. Tests: `test/core/upload-config.test.js` (source pins comment-stripped per the negative-pin trap + dir-resolution / parseSize / maxFields replicas + a real-fs throwaway-dir mkdir behavioural test).
953
956
 
954
- 189. **An async render delegate must capture per-request inherited refs FUNCTION-scoped, not module-scoped a module-scoped `self`/`local` races across concurrent renders (#INS10 race fix, 2026-06-17, commit `8674c514`).** `controller.render-swig.js` assigned `self`/`local` at MODULE scope (no `var`), so two concurrent renders shared one binding. Because the Inspector emit (the #INS10 prod-window egress + the dev `inspector#data` emit) reads `self`/`local` AFTER the layout `await`, a render suspended at that await could have its `self`/`local` overwritten by another request and then emit the OTHER request's `_queryLog`/`_timeline`. LOW severity — the channel is authenticated operator-only + time-boxed and the payload is the operator's own bundle (a correctness glitch, not an external leak) but a real cross-request bleed. Fixed by capturing them function-scoped (`var self = deps.self; var local = deps.local;`) at the render() deps-unpack and dropping them from the module-level inherited-ref chain, matching the #M1 `req`/`res`/`_next` captures and `render-nunjucks.js` (always function-scoped, hence always race-clean). `getData`/`hasViews`/`SwigFilters`/`headersSent` stay module-scoped on purpose: they are read BEFORE the first await, so they are not a race vector (only the measured vector was changed). `render-swig.js` is server-side (not in the browser bundle) no dist rebuild. Rule: any async (multi-`await`) render delegate that reads a per-request ref AFTER an await must hold it in a function-scoped capture, never a module-scoped binding. Tests: `render-swig.test.js` §12 (a2).
957
+ 189. **A render delegate must hold ALL per-request state FUNCTION-scoped in prod the delegate module is a shared singleton across concurrent requests, and any module-scoped capture races (#INS10 `8674c514` 2026-06-17; sweep completed by #B61/#B62/#B63 `1b3abd97`/`2a838c1b`/`1bd0bcf1`, 2026-07-03).** Module-scoped deps are reassigned by every incoming call, and two overlapping renders BOTH suspend at their first await before either resumes, so the first deterministically resumes with the second's bindings. #INS10 function-scoped `self`/`local` in the swig delegate (the post-await Inspector emit carried the other request's `_queryLog`/`_timeline`) but deliberately left getData/hasViews/setResources/SwigFilters/headersSent/cachePath module-scoped, claiming they are "read before the first await"MEASURED FALSE: the setResources call and the `merge(data, getData())` restore run AFTER the template-read await, so request A's resume executed request B's closures and gap-filled B's page data (session card included) into A's render context (#B61; the engine ref was also an implicit global). The streaming delegate's fire-and-forget IIFE read module `self`/`local` after its `for await`: a finishing stream nulled the CONCURRENT request's `local.req/res/next` mid-stream (routing its later renders into the released-response guards) while never releasing its own, and reported stream errors through the wrong controller (#B62). The JSON delegate's writeCache resumed from its writeFile await reading module `self`, routing a cache-config error through the concurrent request's controller (#B63 — writeCache now takes `req`/`res`/`cacheIsEnabled`/`throwError` as parameters, the same threaded shape as the swig cache writer, and the write-only module `cachePath` is removed as dead). All live delegates are now free of module-scoped per-request state (nunjucks + the async ALS variants always were; the legacy v1 delegate keeps the old pattern but is dead code — never dispatched); each delegate's test file pins the discipline (module prefix declares no per-request vars) plus an interleaved-replica subtract reproducing the measured asymmetry. All three server-side only — no dist rebuild. Rule: in a shared-singleton delegate, per-request state is function-scoped, PERIOD — never adjudicate per-variable "only read pre-await" inertness (that claim rotted once and measured wrong); module-level helpers take render-scoped values as parameters. Tests: `render-swig.test.js` §21, `render-stream.test.js` §12, `render-json.test.js` §04.
955
958
 
956
959
  190. **Per-bundle `/_gina/*` Inspector endpoints must derive their base URL with the 3-fallback resolver (`?target=` → opener pathname → strip), not a bare `window.location.pathname` strip — a bare strip misroutes to the proxy's default bundle in reverse-proxy multi-bundle setups (2026-06-17, commit `f04cf52c`).** Where several bundles share a host and differ only by a path prefix (`/a` → bundle A, `/b` → bundle B), the Inspector SPA's `fetchLiveIndexes` (`/_gina/indexes`) and `tryServerLogs` (`/_gina/logs`) built their URL from `window.location.pathname.replace(/\/_gina\/inspector.*$/, '')` — the Inspector's OWN path — so a bare `/_gina/logs` hit the proxy's default bundle, not the monitored one. Fixed by extracting `toggleReveal`'s existing 3-fallback resolver into a shared `resolveBundleBase()` and routing those two through it. `/_gina/agent` is NOT a misroute vector (the architecture note that flagged it overstated): `tryAgent`/`tryAgentWS` are `?target=`-gated and `tryAgentPassive` already uses the opener-pathname fallback (verified). `toggleReveal`/`tryAgentPassive`/refresh-re-reveal keep their inline copies (pinned by `inspector.test.js` §54/§55/§56) — full dedup is a deferred cleanup needing a test-pin update. SPA src edit → prod dist rebuild: `inspector.js` is a verbatim src→dist copy, so only `dist/.../inspector/inspector.js` changes (no `gina.min.*` drift). Rule: any new per-bundle `/_gina/*` consumer in the SPA must call `resolveBundleBase()`, never a bare pathname strip. Tests: `inspector.test.js` §79. **Follow-up (2026-06-17, commit `0066c78e`):** the 3 inline copies (`toggleReveal`, `tryAgentPassive`, refresh re-reveal) were folded into `resolveBundleBase()` — every per-bundle `/_gina/*` consumer now uses the one resolver. `tryAgentPassive` was a 2-fallback (no `?target=`); folding widens it to 3, but the `?target=` branch is inert there (it only runs when `source !== 'agent'`, i.e. no `?target=`). §54/§55/§56 pins re-aimed from inline-text greps to `resolveBundleBase()`-call assertions (the resolver's own 3-fallback/try-catch internals stay pinned in §79). inspector.js is a verbatim src→dist copy → only `dist/.../inspector/inspector.js` rebuilt (no `gina.min.*` drift). No behavior change (no changie).
957
960
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "gina",
3
- "version": "0.5.6",
3
+ "version": "0.5.7",
4
4
  "description": "Node.js MVC framework with built-in HTTP/2, multi-bundle architecture, and scope-based data isolation — no Express dependency",
5
5
  "keywords": [
6
6
  "nodejs",
@@ -73,12 +73,12 @@
73
73
  "gina-container": "bin/gina-container",
74
74
  "gina-init": "bin/gina-init"
75
75
  },
76
- "main": "./framework/v0.5.6/core/gna",
76
+ "main": "./framework/v0.5.7/core/gna",
77
77
  "exports": {
78
78
  ".": {
79
79
  "types": "./types/index.d.ts",
80
80
  "import": "./index.mjs",
81
- "require": "./framework/v0.5.6/core/gna.js"
81
+ "require": "./framework/v0.5.7/core/gna.js"
82
82
  },
83
83
  "./gna": {
84
84
  "types": "./types/gna.d.ts",
@@ -122,7 +122,7 @@
122
122
  "jsdom": "^29.1.1",
123
123
  "nunjucks": "^3.2.4",
124
124
  "requirejs": "^2.3.7",
125
- "sass": "1.100.0"
125
+ "sass": "1.101.0"
126
126
  },
127
127
  "overrides": {
128
128
  "ws": "^8.21.0"
@@ -176,8 +176,22 @@ try {
176
176
  var pathMatches = [];
177
177
  var contentMatches = [];
178
178
 
179
- for (var i = 0; i < parsed.length; i++) {
180
- var files = parsed[i].files || [];
179
+ // npm <= 11 emits an ARRAY of pack entries; npm 12 emits an OBJECT keyed
180
+ // by package name (pack/publish JSON output synchronized in npm 12).
181
+ // Normalize both to an entries array — and fail CLOSED below when zero
182
+ // files were recognized: an unknown output shape must block the publish,
183
+ // never vacuously pass (under npm 12 the old array-indexed loop iterated
184
+ // zero times and reported a clean pack without scanning anything).
185
+ var entries = Array.isArray(parsed)
186
+ ? parsed
187
+ : ( (parsed && typeof parsed === 'object')
188
+ ? Object.keys(parsed).map(function(k) { return parsed[k]; })
189
+ : [] );
190
+ var totalFiles = 0;
191
+
192
+ for (var i = 0; i < entries.length; i++) {
193
+ var files = entries[i].files || [];
194
+ totalFiles += files.length;
181
195
  for (var j = 0; j < files.length; j++) {
182
196
  var p = files[j].path;
183
197
 
@@ -194,6 +208,12 @@ try {
194
208
  }
195
209
  }
196
210
 
211
+ if (totalFiles === 0) {
212
+ console.error('[prepack] ERROR: unrecognized `npm pack --json` output shape — zero files scanned.');
213
+ console.error('[prepack] Failing closed — the leak scan must never pass without scanning the pack listing.');
214
+ process.exit(1);
215
+ }
216
+
197
217
  var failed = false;
198
218
 
199
219
  if (pathMatches.length > 0) {
@@ -233,8 +233,14 @@ async function main() {
233
233
  log('bun add -g ' + TARBALL + ' ...');
234
234
  inst = spawnSync('bun', ['add', '-g', TARBALL], { stdio: 'inherit', timeout: 600000 });
235
235
  } else {
236
- log('npm install -g ' + TARBALL + ' (runs pre/post-install) ...');
237
- inst = spawnSync('npm', ['install', '-g', TARBALL], { stdio: 'inherit', timeout: 600000 });
236
+ // npm 12 blocks dependency install scripts by default (allowScripts).
237
+ // A tarball install resolves to a file: identity, so the name-based
238
+ // `--allow-scripts=gina` opt-in cannot match it — the all-scripts
239
+ // escape hatch is the only opt-in that works for a tarball, and this
240
+ // is a throwaway container. Harmless on npm <= 11: unknown CLI
241
+ // configs only warn there, and install scripts already run by default.
242
+ log('npm install -g ' + TARBALL + ' --dangerously-allow-all-scripts (runs pre/post-install) ...');
243
+ inst = spawnSync('npm', ['install', '-g', TARBALL, '--dangerously-allow-all-scripts'], { stdio: 'inherit', timeout: 600000 });
238
244
  }
239
245
  if (inst.error) { fail('could not run the ' + RUNTIME + ' installer: ' + inst.error.message); return die(1); }
240
246
  if (inst.status !== 0) { fail('global install exited ' + inst.status); return die(1); }
@@ -146,7 +146,14 @@ function pack(destDir) {
146
146
  if (r.status !== 0) throw new Error('npm pack failed:\n' + (r.stderr || r.stdout || '(no output)'));
147
147
  var meta;
148
148
  try { meta = JSON.parse(r.stdout); } catch (e) { throw new Error('could not parse `npm pack --json` output:\n' + r.stdout); }
149
- var filename = meta && meta[0] && meta[0].filename;
149
+ // npm <= 11 emits an ARRAY of pack entries; npm 12 emits an OBJECT keyed
150
+ // by package name (pack/publish JSON output synchronized). Accept both.
151
+ var entries = Array.isArray(meta)
152
+ ? meta
153
+ : ( (meta && typeof meta === 'object')
154
+ ? Object.keys(meta).map(function(k) { return meta[k]; })
155
+ : [] );
156
+ var filename = entries[0] && entries[0].filename;
150
157
  if (!filename) throw new Error('could not determine packed tarball filename from `npm pack --json`');
151
158
  return path.join(destDir, filename);
152
159
  }
@@ -1 +0,0 @@
1
- 0.5.6
@@ -1,30 +0,0 @@
1
- /*
2
- * This file is part of the gina package.
3
- * Copyright (c) 2009-2026 Rhinostone <contact@gina.io>
4
- *
5
- * For the full copyright and license information, please view the LICENSE
6
- * file that was distributed with this source code.
7
- */
8
- 'use strict';
9
-
10
- /**
11
- * Redis connector — v1: session store only.
12
- *
13
- * Entity/ORM wiring is not implemented in v1.
14
- * Use this connector exclusively as a session store backend via `lib.SessionStore`.
15
- *
16
- * To configure:
17
- * 1. Add a `redis` entry to `config/connectors.json` in your bundle.
18
- * 2. Install ioredis in your project: `npm install ioredis`
19
- * 3. Wire the store in `bundle/index.js` — see: core/connectors/redis/lib/session-store.js
20
- *
21
- * ORM / entity support is planned for a future release.
22
- *
23
- * @class Redis
24
- * @constructor
25
- */
26
- var Redis = function Redis() {
27
- // v1: no entity wiring — session store only
28
- };
29
-
30
- module.exports = Redis;
File without changes
File without changes
File without changes
File without changes
File without changes