nextly 0.0.1 → 0.0.2-alpha.0

package/dist/chunk-O3QHXMOX.mjs

@@ -0,0 +1,3166 @@
+import {
+  routeAuthRequest
+} from "./chunk-A3WPLSDT.mjs";
+import {
+  POST
+} from "./chunk-YV4Y7SDL.mjs";
+import {
+  readJsonBody
+} from "./chunk-VQJQHVEV.mjs";
+import {
+  POST as POST2
+} from "./chunk-LDKCUMHK.mjs";
+import {
+  createJsonErrorResponse,
+  isErrorResponse,
+  requireAnyPermission,
+  requireAuthentication,
+  requireCollectionAccess,
+  requirePermission,
+  toNextlyAuthError
+} from "./chunk-2Q2SX2CS.mjs";
+import {
+  nextlyValidationFromZod
+} from "./chunk-GJNSJU4S.mjs";
+import {
+  getForegroundForBackground,
+  hexToHslTriplet,
+  isValidHex
+} from "./chunk-PWS6XGJK.mjs";
+import {
+  CreateApiKeySchema,
+  UpdateApiKeySchema,
+  createCorsMiddleware,
+  createSecurityHeadersMiddleware
+} from "./chunk-YZZCTONM.mjs";
+import {
+  createRateLimiter
+} from "./chunk-ERCNLX3V.mjs";
+import {
+  parseTrustedProxyIpsEnv
+} from "./chunk-APKKRD2G.mjs";
+import {
+  withErrorHandler
+} from "./chunk-TO5AFLVQ.mjs";
+import {
+  ensureHmrListener,
+  getCachedNextly
+} from "./chunk-P7NH2OSC.mjs";
+import {
+  getService,
+  isServicesRegistered,
+  registerServices
+} from "./chunk-X7TXCYYN.mjs";
+import {
+  readOrGenerateRequestId
+} from "./chunk-67GXH6PR.mjs";
+import {
+  getNextlyLogger
+} from "./chunk-W4MGXIRR.mjs";
+import {
+  ImageSizeService,
+  ServiceDispatcher,
+  parseWhereQuery
+} from "./chunk-NSEFNNU4.mjs";
+import {
+  containsSuperAdminRole,
+  hasSuperAdminExcluding,
+  isSuperAdmin,
+  listEffectivePermissions
+} from "./chunk-W5KKPZT5.mjs";
+import {
+  BaseService,
+  withTimezoneFormatting
+} from "./chunk-2W3DVD7S.mjs";
+import {
+  getDialectTables
+} from "./chunk-TS7GHTG2.mjs";
+import {
+  nextlyMigrationJournalMysql,
+  nextlyMigrationJournalPg,
+  nextlyMigrationJournalSqlite
+} from "./chunk-H26B4FYG.mjs";
+import {
+  env
+} from "./chunk-UJ2IMJ4W.mjs";
+import {
+  getImageProcessor,
+  getMediaStorage
+} from "./chunk-EGXBZCGC.mjs";
+import {
+  respondAction,
+  respondData,
+  respondDoc,
+  respondList,
+  respondMutation
+} from "./chunk-IUDOC7N7.mjs";
+import {
+  container
+} from "./chunk-D5HQBNUB.mjs";
+import {
+  NextlyError
+} from "./chunk-NRUWQ5Z7.mjs";
+
+// src/api/api-keys.ts
+import { z } from "zod";
+async function getApiKeyService() {
+  await getCachedNextly();
+  return container.get("apiKeyService");
+}
+async function requireApiKeyPermission(req, action) {
+  return requireAnyPermission(req, [
+    { action, resource: "api-keys" },
+    { action: "update", resource: "api-keys" }
+  ]);
+}
+function denySessionOnly(action) {
+  throw NextlyError.forbidden({
+    logContext: { reason: "session-only", action }
+  });
+}
+var listApiKeys = withErrorHandler(
+  async (req) => {
+    const authResult = await requireApiKeyPermission(req, "read");
+    if (isErrorResponse(authResult)) throw toNextlyAuthError(authResult);
+    const service = await getApiKeyService();
+    const allUsers = await isSuperAdmin(authResult.userId);
+    const keys = await service.listApiKeys(authResult.userId, { allUsers });
+    return respondList(keys, {
+      total: keys.length,
+      page: 1,
+      limit: keys.length,
+      totalPages: 1,
+      hasNext: false,
+      hasPrev: false
+    });
+  }
+);
+function getApiKeyById(req, id) {
+  return withErrorHandler(async (request) => {
+    const authResult = await requireApiKeyPermission(request, "read");
+    if (isErrorResponse(authResult)) throw toNextlyAuthError(authResult);
+    const service = await getApiKeyService();
+    const allUsers = await isSuperAdmin(authResult.userId);
+    const key = await service.getApiKeyById(id, authResult.userId, {
+      allUsers
+    });
+    if (!key) {
+      throw NextlyError.notFound({
+        logContext: { entity: "api-key", id, callerId: authResult.userId }
+      });
+    }
+    return respondDoc(key);
+  })(req);
+}
+var createApiKey = withErrorHandler(
+  async (req) => {
+    const authResult = await requireApiKeyPermission(req, "create");
+    if (isErrorResponse(authResult)) throw toNextlyAuthError(authResult);
+    if (authResult.authMethod !== "session") denySessionOnly("create");
+    const body = await readJsonBody(req);
+    let validated;
+    try {
+      validated = CreateApiKeySchema.parse(body);
+    } catch (err) {
+      if (err instanceof z.ZodError) throw nextlyValidationFromZod(err);
+      throw err;
+    }
+    const service = await getApiKeyService();
+    const { meta, key } = await service.createApiKey(
+      authResult.userId,
+      validated
+    );
+    return respondMutation(
+      "API key created.",
+      { doc: meta, key },
+      { status: 201 }
+    );
+  }
+);
+function updateApiKey(req, id) {
+  return withErrorHandler(async (request) => {
+    const authResult = await requireApiKeyPermission(request, "update");
+    if (isErrorResponse(authResult)) throw toNextlyAuthError(authResult);
+    if (authResult.authMethod !== "session") denySessionOnly("update");
+    const body = await readJsonBody(request);
+    let validated;
+    try {
+      validated = UpdateApiKeySchema.parse(body);
+    } catch (err) {
+      if (err instanceof z.ZodError) throw nextlyValidationFromZod(err);
+      throw err;
+    }
+    const service = await getApiKeyService();
+    const updated = await service.updateApiKey(
+      id,
+      authResult.userId,
+      validated
+    );
+    return respondMutation("API key updated.", updated);
+  })(req);
+}
+function revokeApiKey(req, id) {
+  return withErrorHandler(async (request) => {
+    const authResult = await requireApiKeyPermission(request, "delete");
+    if (isErrorResponse(authResult)) throw toNextlyAuthError(authResult);
+    if (authResult.authMethod !== "session") denySessionOnly("delete");
+    const service = await getApiKeyService();
+    await service.revokeApiKey(id, authResult.userId);
+    return respondAction("API key revoked.", { id });
+  })(req);
+}
+
+// src/api/dashboard.ts
+var PRIVATE_NO_STORE_HEADERS = {
+  "Cache-Control": "private, no-store",
+  Vary: "Cookie"
+};
+async function getDashboardService() {
+  await getCachedNextly();
+  return container.get("dashboardService");
+}
+async function getActivityLogService() {
+  await getCachedNextly();
+  return container.get("activityLogService");
+}
+async function resolveReadableResources(userId) {
+  if (await isSuperAdmin(userId)) return void 0;
+  const permissionPairs = await listEffectivePermissions(userId);
+  return new Set(
+    permissionPairs.filter((pair) => pair.endsWith(":read")).map((pair) => pair.split(":")[0])
+  );
+}
+var getDashboardStats = withErrorHandler(async (req) => {
+  const auth = await requireAuthentication(req);
+  if (isErrorResponse(auth)) throw toNextlyAuthError(auth);
+  const service = await getDashboardService();
+  const readableResources = await resolveReadableResources(auth.userId);
+  const stats = await service.getStats({ readableResources });
+  return respondData({ ...stats }, { headers: PRIVATE_NO_STORE_HEADERS });
+});
+var getDashboardRecentEntries = withErrorHandler(
+  async (req) => {
+    const auth = await requireAuthentication(req);
+    if (isErrorResponse(auth)) throw toNextlyAuthError(auth);
+    const { searchParams } = new URL(req.url);
+    const limitParam = searchParams.get("limit");
+    const limit = limitParam ? Math.min(Math.max(Number(limitParam) || 5, 1), 20) : 5;
+    const service = await getDashboardService();
+    const readableResources = await resolveReadableResources(auth.userId);
+    const entries = await service.getRecentEntries(limit, readableResources);
+    return respondData(
+      { ...entries },
+      {
+        headers: PRIVATE_NO_STORE_HEADERS
+      }
+    );
+  }
+);
+var getDashboardActivity = withErrorHandler(async (req) => {
+  const auth = await requireAuthentication(req);
+  if (isErrorResponse(auth)) throw toNextlyAuthError(auth);
+  const { searchParams } = new URL(req.url);
+  const limitParam = searchParams.get("limit");
+  const limit = limitParam ? Math.min(Math.max(Number(limitParam) || 5, 1), 50) : 5;
+  const service = await getActivityLogService();
+  const result = await service.getRecentActivity({ limit });
+  return respondData({ ...result }, { headers: PRIVATE_NO_STORE_HEADERS });
+});
+
+// src/api/general-settings.ts
+import { z as z2 } from "zod";
+async function getGeneralSettingsService() {
+  await getCachedNextly();
+  return container.get("generalSettingsService");
+}
+var updateSettingsSchema = z2.object({
+  applicationName: z2.string().max(255).nullable().optional(),
+  siteUrl: z2.string().url("Site URL must be a valid URL").max(2048).nullable().optional(),
+  adminEmail: z2.string().email("Admin email must be a valid email address").max(255).nullable().optional(),
+  timezone: z2.string().max(100).nullable().optional(),
+  dateFormat: z2.string().max(50).nullable().optional(),
+  timeFormat: z2.string().max(50).nullable().optional(),
+  logoUrl: z2.string().url("Logo URL must be a valid URL").max(2048).nullable().optional()
+});
+var getGeneralSettings = withErrorHandler(async (req) => {
+  const authResult = await requireAnyPermission(req, [
+    { action: "read", resource: "settings" },
+    { action: "manage", resource: "settings" }
+  ]);
+  if (isErrorResponse(authResult)) throw toNextlyAuthError(authResult);
+  const service = await getGeneralSettingsService();
+  const settings = await service.getSettings();
+  return withTimezoneFormatting(respondData({ ...settings }));
+});
+var updateGeneralSettings = withErrorHandler(async (req) => {
+  const authResult = await requireAnyPermission(req, [
+    { action: "update", resource: "settings" },
+    { action: "manage", resource: "settings" }
+  ]);
+  if (isErrorResponse(authResult)) throw toNextlyAuthError(authResult);
+  const text = await req.text();
+  let body;
+  try {
+    body = text ? JSON.parse(text) : {};
+  } catch {
+    throw NextlyError.validation({
+      errors: [
+        {
+          path: "",
+          code: "invalid_json",
+          message: "Request body is not valid JSON."
+        }
+      ]
+    });
+  }
+  const parsed = updateSettingsSchema.safeParse(body);
+  if (!parsed.success) {
+    throw nextlyValidationFromZod(parsed.error);
+  }
+  const service = await getGeneralSettingsService();
+  const updated = await service.updateSettings(parsed.data);
+  return withTimezoneFormatting(
+    respondMutation("General settings updated.", updated)
+  );
+});
+
+// src/api/image-sizes.ts
+import { z as z3 } from "zod";
+
+// src/services/media-regeneration.ts
+import { and, sql, gt } from "drizzle-orm";
+var MediaRegenerationService = class extends BaseService {
+  imageSizeService;
+  constructor(adapter, logger) {
+    super(adapter, logger);
+    this.imageSizeService = new ImageSizeService(adapter, logger);
+  }
+  /**
+   * Check how many images need regeneration.
+   *
+   * An image needs regeneration if:
+   * 1. A configured size is missing from its `sizes` JSONB
+   * 2. A configured size has different dimensions than what's stored
+   */
+  async getRegenerationStatus() {
+    const { media } = this.tables;
+    const allImages = await this.db.select({ count: sql`count(*)` }).from(media).where(sql`${media.mimeType} LIKE 'image/%'`);
+    const total = Number(allImages[0]?.count ?? 0);
+    const sizeConfigs = await this.imageSizeService.getActiveSizeConfigs();
+    const configNames = sizeConfigs.map((s) => s.name).sort();
+    if (configNames.length === 0) {
+      return { pending: 0, total, inProgress: false };
+    }
+    const images = await this.db.select({
+      id: media.id,
+      sizes: media.sizes
+    }).from(media).where(sql`${media.mimeType} LIKE 'image/%'`);
+    let pending = 0;
+    for (const img of images) {
+      if (this.needsRegeneration(img.sizes, configNames)) {
+        pending++;
+      }
+    }
+    return { pending, total, inProgress: false };
+  }
+  /**
+   * Process a batch of images that need regeneration.
+   *
+   * @param options.batchSize - Number of images to process (default: 10)
+   * @param options.cursor - ID of last processed image (for pagination)
+   */
+  async regenerateBatch(options = {}) {
+    const batchSize = options.batchSize ?? 10;
+    const { media } = this.tables;
+    const sizeConfigs = await this.imageSizeService.getActiveSizeConfigs();
+    const configNames = sizeConfigs.map((s) => s.name).sort();
+    if (configNames.length === 0) {
+      return { processed: 0, remaining: 0, nextCursor: null, failures: [] };
+    }
+    const conditions = [sql`${media.mimeType} LIKE 'image/%'`];
+    if (options.cursor) {
+      conditions.push(gt(media.id, options.cursor));
+    }
+    const images = await this.db.select().from(media).where(and(...conditions)).orderBy(media.id).limit(batchSize + 1);
+    const hasMore = images.length > batchSize;
+    const batch = hasMore ? images.slice(0, batchSize) : images;
+    const _storage = getMediaStorage();
+    const failures = [];
+    let processed = 0;
+    for (const img of batch) {
+      if (!this.needsRegeneration(img.sizes, configNames)) {
+        continue;
+      }
+      try {
+        console.log(
+          `[Regeneration] Image ${img.id} needs regeneration (${img.filename})`
+        );
+        processed++;
+      } catch (error) {
+        failures.push({
+          mediaId: img.id,
+          error: error?.message ?? "Unknown error"
+        });
+      }
+    }
+    const status = await this.getRegenerationStatus();
+    return {
+      processed,
+      remaining: status.pending - processed,
+      nextCursor: hasMore ? batch[batch.length - 1]?.id ?? null : null,
+      failures
+    };
+  }
+  needsRegeneration(sizes, configNames) {
+    if (!sizes || configNames.length === 0) return configNames.length > 0;
+    const parsed = typeof sizes === "string" ? JSON.parse(sizes) : sizes;
+    if (!parsed || typeof parsed !== "object") return true;
+    const existingNames = Object.keys(parsed).sort();
+    for (const name of configNames) {
+      if (!existingNames.includes(name)) return true;
+    }
+    return false;
+  }
+};
+
+// src/api/image-sizes.ts
+var imageSizeServiceInstance = null;
+async function getImageSizeService() {
+  if (!imageSizeServiceInstance) {
+    await getCachedNextly();
+    const adapter = container.get("adapter");
+    imageSizeServiceInstance = new ImageSizeService(adapter, console);
+  }
+  return imageSizeServiceInstance;
+}
+var createImageSizeSchema = z3.object({
+  name: z3.string().min(1).max(50),
+  width: z3.number().int().positive().max(1e4).nullable().optional(),
+  height: z3.number().int().positive().max(1e4).nullable().optional(),
+  fit: z3.enum(["cover", "inside", "contain", "fill"]).optional().default("inside"),
+  quality: z3.number().int().min(1).max(100).optional().default(80),
+  format: z3.enum(["auto", "webp", "jpeg", "png", "avif"]).optional().default("auto")
+});
+var updateImageSizeSchema = z3.object({
+  name: z3.string().min(1).max(50).optional(),
+  width: z3.number().int().positive().max(1e4).nullable().optional(),
+  height: z3.number().int().positive().max(1e4).nullable().optional(),
+  fit: z3.enum(["cover", "inside", "contain", "fill"]).optional(),
+  quality: z3.number().int().min(1).max(100).optional(),
+  format: z3.enum(["auto", "webp", "jpeg", "png", "avif"]).optional()
+});
+var listImageSizes = withErrorHandler(async (req) => {
+  const authResult = await requireAnyPermission(req, [
+    { action: "read", resource: "settings" },
+    { action: "manage", resource: "settings" }
+  ]);
+  if (isErrorResponse(authResult)) throw toNextlyAuthError(authResult);
+  const service = await getImageSizeService();
+  const sizes = await service.list();
+  return respondList(sizes, {
+    total: sizes.length,
+    page: 1,
+    limit: sizes.length,
+    totalPages: 1,
+    hasNext: false,
+    hasPrev: false
+  });
+});
+var getImageSizeById = withErrorHandler(
+  async (req, id) => {
+    const authResult = await requireAnyPermission(req, [
+      { action: "read", resource: "settings" },
+      { action: "manage", resource: "settings" }
+    ]);
+    if (isErrorResponse(authResult)) throw toNextlyAuthError(authResult);
+    const service = await getImageSizeService();
+    const size = await service.getById(id);
+    if (!size) {
+      throw NextlyError.notFound({ logContext: { resource: "imageSize", id } });
+    }
+    return respondDoc(size);
+  }
+);
+var createImageSize = withErrorHandler(async (req) => {
+  const authResult = await requireAnyPermission(req, [
+    { action: "manage", resource: "settings" }
+  ]);
+  if (isErrorResponse(authResult)) throw toNextlyAuthError(authResult);
+  const text = await req.text();
+  let body;
+  try {
+    body = text ? JSON.parse(text) : {};
+  } catch {
+    throw NextlyError.validation({
+      errors: [
+        {
+          path: "",
+          code: "invalid_json",
+          message: "Request body is not valid JSON."
+        }
+      ]
+    });
+  }
+  const parsed = createImageSizeSchema.safeParse(body);
+  if (!parsed.success) {
+    throw nextlyValidationFromZod(parsed.error);
+  }
+  const data = parsed.data;
+  if (!data.width && !data.height) {
+    throw NextlyError.validation({
+      errors: [
+        {
+          path: "",
+          code: "missing_dimension",
+          message: "At least one dimension (width or height) is required."
+        }
+      ]
+    });
+  }
+  const service = await getImageSizeService();
+  const created = await service.create({
+    name: data.name,
+    width: data.width ?? null,
+    height: data.height ?? null,
+    fit: data.fit,
+    quality: data.quality,
+    format: data.format,
+    isDefault: false
+    // UI-created sizes are not "default" (code-defined)
+  });
+  return respondMutation("Image size created.", created, { status: 201 });
+});
+var updateImageSize = withErrorHandler(
+  async (req, id) => {
+    const authResult = await requireAnyPermission(req, [
+      { action: "manage", resource: "settings" }
+    ]);
+    if (isErrorResponse(authResult)) throw toNextlyAuthError(authResult);
+    const text = await req.text();
+    let body;
+    try {
+      body = text ? JSON.parse(text) : {};
+    } catch {
+      throw NextlyError.validation({
+        errors: [
+          {
+            path: "",
+            code: "invalid_json",
+            message: "Request body is not valid JSON."
+          }
+        ]
+      });
+    }
+    const parsed = updateImageSizeSchema.safeParse(body);
+    if (!parsed.success) {
+      throw nextlyValidationFromZod(parsed.error);
+    }
+    const service = await getImageSizeService();
+    const updated = await service.update(id, parsed.data);
+    return respondMutation("Image size updated.", updated);
+  }
+);
+var deleteImageSize = withErrorHandler(
+  async (req, id) => {
+    const authResult = await requireAnyPermission(req, [
+      { action: "manage", resource: "settings" }
+    ]);
+    if (isErrorResponse(authResult)) throw toNextlyAuthError(authResult);
+    const service = await getImageSizeService();
+    await service.delete(id);
+    return respondAction("Image size deleted.", { id });
+  }
+);
+var getRegenerationStatus = withErrorHandler(async (req) => {
+  const authResult = await requireAnyPermission(req, [
+    { action: "manage", resource: "settings" }
+  ]);
+  if (isErrorResponse(authResult)) throw toNextlyAuthError(authResult);
+  await getCachedNextly();
+  const adapter = container.get("adapter");
+  const regenService = new MediaRegenerationService(adapter, console);
+  const status = await regenService.getRegenerationStatus();
+  return respondData(status);
+});
+var regenerateBatch = withErrorHandler(async (req) => {
+  const authResult = await requireAnyPermission(req, [
+    { action: "manage", resource: "settings" }
+  ]);
+  if (isErrorResponse(authResult)) throw toNextlyAuthError(authResult);
+  const text = await req.text();
+  let body;
+  try {
+    body = text ? JSON.parse(text) : {};
+  } catch {
+    throw NextlyError.validation({
+      errors: [
+        {
+          path: "",
+          code: "invalid_json",
+          message: "Request body is not valid JSON."
+        }
+      ]
+    });
+  }
+  const opts = body && typeof body === "object" ? body : {};
+  const batchSize = typeof opts.batchSize === "number" ? opts.batchSize : 10;
+  const cursor = typeof opts.cursor === "string" ? opts.cursor : void 0;
+  await getCachedNextly();
+  const adapter = container.get("adapter");
+  const regenService = new MediaRegenerationService(adapter, console);
+  const result = await regenService.regenerateBatch({ batchSize, cursor });
+  return respondAction("Regeneration batch processed.", {
+    processed: result.processed,
+    remaining: result.remaining,
+    nextCursor: result.nextCursor,
+    failures: result.failures
+  });
+});
+
+// src/domains/schema/journal/read-journal.ts
+import { desc, lt } from "drizzle-orm";
+var MIN_LIMIT = 1;
+var MAX_LIMIT = 100;
+async function readJournal(args) {
+  const table = tableForDialect(args.dialect);
+  const limit = clamp(args.limit, MIN_LIMIT, MAX_LIMIT);
+  const beforeDate = args.before ? new Date(args.before) : void 0;
+  const db = args.db;
+  const startedAtCol = table.startedAt;
+  let chain = db.select().from(table);
+  if (beforeDate) {
+    chain = chain.where(lt(startedAtCol, beforeDate));
+  }
+  chain = chain.orderBy(desc(startedAtCol));
+  const raw = await chain.limit(limit + 1);
+  const trimmed = raw.slice(0, limit);
+  const hasMore = raw.length > limit;
+  return { rows: trimmed.map(mapRow), hasMore };
+}
+function clamp(n, lo, hi) {
+  return Math.max(lo, Math.min(hi, n));
+}
+function mapRow(r) {
+  const scopeKind = r.scopeKind;
+  const scopeSlug = r.scopeSlug;
+  let scope = null;
+  if (scopeKind === "fresh-push") {
+    scope = { kind: "fresh-push" };
+  } else if (scopeKind === "global") {
+    scope = scopeSlug ? { kind: "global", slug: scopeSlug } : { kind: "global" };
+  } else if ((scopeKind === "collection" || scopeKind === "single") && typeof scopeSlug === "string") {
+    scope = { kind: scopeKind, slug: scopeSlug };
+  }
+  const sa = r.summaryAdded;
+  const sr = r.summaryRemoved;
+  const srn = r.summaryRenamed;
+  const sc = r.summaryChanged;
+  const summary = sa !== null && sr !== null && srn !== null && sc !== null ? { added: sa, removed: sr, renamed: srn, changed: sc } : null;
+  return {
+    id: String(r.id),
+    source: r.source,
+    status: r.status,
+    scope,
+    summary,
+    startedAt: toIso(r.startedAt),
+    endedAt: r.endedAt != null ? toIso(r.endedAt) : null,
+    durationMs: r.durationMs ?? null,
+    errorCode: r.errorCode ?? null,
+    errorMessage: r.errorMessage ?? null
+  };
+}
+function toIso(v) {
+  if (v instanceof Date) return v.toISOString();
+  if (typeof v === "number") return new Date(v).toISOString();
+  if (typeof v === "string") return new Date(v).toISOString();
+  return String(v);
+}
+function tableForDialect(dialect) {
+  switch (dialect) {
+    case "postgresql":
+      return nextlyMigrationJournalPg;
+    case "mysql":
+      return nextlyMigrationJournalMysql;
+    case "sqlite":
+      return nextlyMigrationJournalSqlite;
+    default: {
+      const exhaustive = dialect;
+      throw new Error(`Unsupported dialect: ${String(exhaustive)}`);
+    }
+  }
+}
+
+// src/api/schema-journal.ts
+var PRIVATE_NO_STORE_HEADERS2 = {
+  "Cache-Control": "private, no-store",
+  Vary: "Cookie"
+};
+var DEFAULT_LIMIT = 20;
+var MIN_LIMIT2 = 1;
+var MAX_LIMIT2 = 100;
+async function getAdapter() {
+  await getCachedNextly();
+  return container.get("adapter");
+}
+var getSchemaJournal = withErrorHandler(async (req) => {
+  const auth = await requireAuthentication(req);
+  if (isErrorResponse(auth)) throw toNextlyAuthError(auth);
+  if (!await isSuperAdmin(auth.userId)) {
+    throw NextlyError.forbidden({
+      logContext: { reason: "schema-journal-super-admin-required" }
+    });
+  }
+  const { searchParams } = new URL(req.url);
+  const limitParam = searchParams.get("limit");
+  let limit = DEFAULT_LIMIT;
+  if (limitParam !== null) {
+    const parsed = Number(limitParam);
+    if (!Number.isFinite(parsed) || parsed < MIN_LIMIT2 || parsed > MAX_LIMIT2) {
+      throw NextlyError.validation({
+        errors: [
+          {
+            path: "limit",
+            code: "out_of_range",
+            message: `limit must be a number between ${MIN_LIMIT2} and ${MAX_LIMIT2}`
+          }
+        ]
+      });
+    }
+    limit = Math.floor(parsed);
+  }
+  const beforeParam = searchParams.get("before");
+  let before;
+  if (beforeParam !== null) {
+    const parsed = new Date(beforeParam);
+    if (Number.isNaN(parsed.getTime())) {
+      throw NextlyError.validation({
+        errors: [
+          {
+            path: "before",
+            code: "invalid_date",
+            message: "before must be a valid ISO 8601 timestamp"
+          }
+        ]
+      });
+    }
+    before = beforeParam;
+  }
+  const adapter = await getAdapter();
+  const db = adapter.getDrizzle();
+  const result = await readJournal({
+    db,
+    dialect: adapter.dialect,
+    limit,
+    before
+  });
+  return respondData({ ...result }, { headers: PRIVATE_NO_STORE_HEADERS2 });
+});
+
+// src/route-handler/route-parser.ts
+function getActionFromMethod(httpMethod) {
+  switch (httpMethod) {
+    case "GET":
+      return "read";
+    case "POST":
+      return "create";
+    case "PATCH":
+    case "PUT":
+      return "update";
+    case "DELETE":
+      return "delete";
+    default:
+      return "read";
+  }
+}
+function isPublicEndpoint(service, method) {
+  if (service === "auth") {
+    return [
+      "register",
+      "generatePasswordResetToken",
+      "resetPasswordWithToken",
+      "verifyEmail"
+    ].includes(method);
+  }
+  if (service === "forms") {
+    return true;
+  }
+  if (service === "components" && method === "listComponents") {
+    return true;
+  }
+  return false;
+}
+function requiresAuthOnly(service, method) {
+  if (service === "auth") {
+    return ["changePassword", "generateEmailVerificationToken"].includes(
+      method
+    );
+  }
+  if (service === "collections" && ["listCollections"].includes(method)) {
+    return true;
+  }
+  if (service === "singles" && ["listSingles"].includes(method)) {
+    return true;
+  }
+  if (service === "components" && method === "getComponent") {
+    return true;
+  }
+  return false;
+}
+function getActionFromOperation(operation) {
+  switch (operation) {
+    case "create":
+      return "create";
+    case "update":
+      return "update";
+    case "delete":
+      return "delete";
+    default:
+      return "read";
+  }
+}
+function parseMeRoutes(httpMethod, subresource, routeParams) {
+  if (subresource === "permissions" && httpMethod === "GET") {
+    return {
+      service: "users",
+      operation: "list",
+      method: "getCurrentUserPermissions",
+      routeParams
+    };
+  }
+  if (subresource) {
+    return null;
+  }
+  if (httpMethod === "GET") {
+    return {
+      service: "users",
+      operation: "single",
+      method: "getCurrentUser",
+      routeParams
+    };
+  }
+  if (httpMethod === "PATCH") {
+    return {
+      service: "users",
+      operation: "update",
+      method: "updateCurrentUser",
+      routeParams
+    };
+  }
+  return null;
+}
+function parseUserRoutes(id, subresource, subId, additionalParams, httpMethod, routeParams) {
+  if (!id && httpMethod === "POST") {
+    return {
+      service: "users",
+      operation: "create",
+      method: "createLocalUser",
+      routeParams
+    };
+  }
+  if (!id && httpMethod === "GET") {
+    return {
+      service: "users",
+      operation: "list",
+      method: "listUsers",
+      routeParams
+    };
+  }
+  if (id && !subresource && httpMethod === "GET") {
+    routeParams.userId = id;
+    return {
+      service: "users",
+      operation: "single",
+      method: "getUserById",
+      routeParams
+    };
+  }
+  if (id && !subresource && httpMethod === "PATCH") {
+    routeParams.userId = id;
+    return {
+      service: "users",
+      operation: "update",
+      method: "updateUser",
+      routeParams
+    };
+  }
+  if (id && !subresource && httpMethod === "DELETE") {
+    routeParams.userId = id;
+    return {
+      service: "users",
+      operation: "delete",
+      method: "deleteUser",
+      routeParams
+    };
+  }
+  if (id && subresource === "password" && httpMethod === "PATCH") {
+    routeParams.userId = id;
+    return {
+      service: "users",
+      operation: "update",
+      method: "updatePasswordHash",
+      routeParams
+    };
+  }
+  if (id && subresource === "accounts" && !subId && httpMethod === "GET") {
+    routeParams.userId = id;
+    return {
+      service: "users",
+      operation: "single",
+      method: "getAccounts",
+      routeParams
+    };
+  }
+  if (id && subresource === "accounts" && subId && additionalParams[0] && httpMethod === "DELETE") {
+    routeParams.userId = id;
+    routeParams.provider = subId;
+    routeParams.providerAccountId = additionalParams[0];
+    return {
+      service: "users",
+      operation: "update",
+      method: "unlinkAccountForUser",
+      routeParams
+    };
+  }
+  if (id && subresource === "roles" && !subId && httpMethod === "POST") {
+    routeParams.userId = id;
+    return {
+      service: "rbac",
+      operation: "update",
+      method: "assignRoleToUser",
+      routeParams
+    };
+  }
+  if (id && subresource === "roles" && !subId && httpMethod === "GET") {
+    routeParams.userId = id;
+    return {
+      service: "rbac",
+      operation: "list",
+      method: "listUserRoles",
+      routeParams
+    };
+  }
+  if (id && subresource === "roles" && subId && httpMethod === "DELETE") {
+    routeParams.userId = id;
+    routeParams.roleId = subId;
+    return {
+      service: "rbac",
+      operation: "update",
+      method: "unassignRoleFromUser",
+      routeParams
+    };
+  }
+  return null;
+}
+function parseRoleRoutes(id, subresource, subId, httpMethod, routeParams) {
+  if (!id && httpMethod === "POST") {
+    return {
+      service: "rbac",
+      operation: "create",
+      method: "createRole",
+      routeParams
+    };
+  }
+  if (!id && httpMethod === "GET") {
+    return {
+      service: "rbac",
+      operation: "list",
+      method: "listRoles",
+      routeParams
+    };
+  }
+  if (id && !subresource && httpMethod === "GET") {
+    routeParams.roleId = id;
+    return {
+      service: "rbac",
+      operation: "single",
+      method: "getRoleById",
+      routeParams
+    };
+  }
+  if (id && !subresource && httpMethod === "PATCH") {
+    routeParams.roleId = id;
+    return {
+      service: "rbac",
+      operation: "update",
+      method: "updateRole",
+      routeParams
+    };
+  }
+  if (id && !subresource && httpMethod === "DELETE") {
+    routeParams.roleId = id;
+    return {
+      service: "rbac",
+      operation: "delete",
+      method: "deleteRole",
+      routeParams
+    };
+  }
+  if (id && subresource === "children" && !subId && httpMethod === "POST") {
+    routeParams.parentRoleId = id;
+    return {
+      service: "rbac",
+      operation: "update",
+      method: "addRoleInheritance",
+      routeParams
+    };
+  }
+  if (id && subresource === "children" && !subId && httpMethod === "GET") {
+    routeParams.roleId = id;
+    return {
+      service: "rbac",
+      operation: "list",
+      method: "listDescendantRoles",
+      routeParams
+    };
+  }
+  if (id && subresource === "children" && subId && httpMethod === "DELETE") {
+    routeParams.parentRoleId = id;
+    routeParams.childRoleId = subId;
+    return {
+      service: "rbac",
+      operation: "update",
+      method: "removeRoleInheritance",
+      routeParams
+    };
+  }
+  if (id && subresource === "parents" && httpMethod === "GET") {
+    routeParams.roleId = id;
+    return {
+      service: "rbac",
+      operation: "list",
+      method: "listAncestorRoles",
+      routeParams
+    };
+  }
+  if (id && subresource === "permissions" && !subId && httpMethod === "PATCH") {
+    routeParams.roleId = id;
+    return {
+      service: "rbac",
+      operation: "update",
+      method: "setRolePermissions",
+      routeParams
+    };
+  }
+  if (id && subresource === "permissions" && !subId && httpMethod === "POST") {
+    routeParams.roleId = id;
+    return {
+      service: "rbac",
+      operation: "update",
+      method: "addPermissionToRole",
+      routeParams
+    };
+  }
+  if (id && subresource === "permissions" && !subId && httpMethod === "GET") {
+    routeParams.roleId = id;
+    return {
+      service: "rbac",
+      operation: "list",
+      method: "listRolePermissions",
+      routeParams
+    };
+  }
+  if (id && subresource === "permissions" && subId && httpMethod === "DELETE") {
+    routeParams.roleId = id;
+    routeParams.permissionId = subId;
+    return {
+      service: "rbac",
+      operation: "update",
+      method: "removePermissionFromRole",
+      routeParams
+    };
+  }
+  return null;
+}
+function parseCollectionRoutes(id, subresource, subId, httpMethod, routeParams, additionalParams = []) {
+  const bulkDeleteRoute = parseCollectionEntryBulkDeleteRoute(
+    id,
+    subresource,
+    subId,
+    httpMethod,
+    routeParams
+  );
+  if (bulkDeleteRoute) return bulkDeleteRoute;
+  const bulkUpdateRoute = parseCollectionEntryBulkUpdateRoute(
+    id,
+    subresource,
+    subId,
+    httpMethod,
+    routeParams
+  );
+  if (bulkUpdateRoute) return bulkUpdateRoute;
+  const bulkUpdateByQueryRoute = parseCollectionEntryBulkUpdateByQueryRoute(
+    id,
+    subresource,
+    subId,
+    httpMethod,
+    routeParams
+  );
+  if (bulkUpdateByQueryRoute) return bulkUpdateByQueryRoute;
+  const duplicateRoute = parseCollectionEntryDuplicateRoute(
+    id,
+    subresource,
+    subId,
+    additionalParams,
+    httpMethod,
+    routeParams
+  );
+  if (duplicateRoute) return duplicateRoute;
+  const countRoute = parseCollectionEntryCountRoute(
+    id,
+    subresource,
+    subId,
+    httpMethod,
+    routeParams
+  );
+  if (countRoute) return countRoute;
+  if (!id && httpMethod === "POST") {
+    return {
+      service: "collections",
+      operation: "create",
+      method: "createCollection",
+      routeParams
+    };
+  }
+  if (!id && httpMethod === "GET") {
+    return {
+      service: "collections",
+      operation: "list",
+      method: "listCollections",
+      routeParams
+    };
+  }
+  if (id === "schema" && subresource && subId === "preview" && httpMethod === "POST") {
+    routeParams.collectionName = subresource;
+    return {
+      service: "collections",
+      operation: "single",
+      method: "previewSchemaChanges",
+      routeParams
+    };
+  }
+  if (id === "schema" && subresource && subId === "apply" && httpMethod === "POST") {
+    routeParams.collectionName = subresource;
+    return {
+      service: "collections",
+      operation: "update",
+      method: "applySchemaChanges",
+      routeParams
+    };
+  }
+  if (id === "schema" && subresource && httpMethod === "GET") {
+    routeParams.collectionName = subresource;
+    return {
+      service: "collections",
+      operation: "single",
+      method: "getCollection",
+      routeParams
+    };
+  }
+  if (id && !subresource && httpMethod === "GET") {
+    routeParams.collectionName = id;
+    return {
+      service: "collections",
+      operation: "single",
+      method: "getCollection",
+      routeParams
+    };
+  }
+  if (id && !subresource && httpMethod === "PATCH") {
+    routeParams.collectionName = id;
+    return {
+      service: "collections",
+      operation: "update",
+      method: "updateCollection",
+      routeParams
+    };
+  }
+  if (id && !subresource && httpMethod === "DELETE") {
+    routeParams.collectionName = id;
+    return {
+      service: "collections",
+      operation: "delete",
+      method: "deleteCollection",
+      routeParams
+    };
+  }
+  if (id && subresource === "entries" && !subId && httpMethod === "GET") {
+    routeParams.collectionName = id;
+    return {
+      service: "collections",
+      operation: "list",
+      method: "listEntries",
+      routeParams
+    };
+  }
+  if (id && subresource === "entries" && !subId && httpMethod === "POST") {
+    routeParams.collectionName = id;
+    return {
+      service: "collections",
+      operation: "create",
+      method: "createEntry",
+      routeParams
+    };
+  }
+  if (id && subresource === "entries" && subId && httpMethod === "GET") {
+    routeParams.collectionName = id;
+    routeParams.entryId = subId;
+    return {
+      service: "collections",
+      operation: "single",
+      method: "getEntry",
+      routeParams
+    };
+  }
+  if (id && subresource === "entries" && subId && httpMethod === "PATCH") {
+    routeParams.collectionName = id;
+    routeParams.entryId = subId;
+    return {
+      service: "collections",
+      operation: "update",
+      method: "updateEntry",
+      routeParams
+    };
+  }
+  if (id && subresource === "entries" && subId && httpMethod === "DELETE") {
+    routeParams.collectionName = id;
+    routeParams.entryId = subId;
+    return {
+      service: "collections",
+      operation: "delete",
+      method: "deleteEntry",
+      routeParams
+    };
+  }
+  return null;
+}
+function parseCollectionEntryDuplicateRoute(id, subresource, subId, additionalParams, httpMethod, routeParams) {
+  if (id && subresource === "entries" && subId && additionalParams[0] === "duplicate" && httpMethod === "POST") {
+    routeParams.collectionName = id;
+    routeParams.entryId = subId;
+    return {
+      service: "collections",
+      operation: "create",
+      method: "duplicateEntry",
+      routeParams
+    };
+  }
+  return null;
+}
+function parseCollectionEntryBulkDeleteRoute(id, subresource, subId, httpMethod, routeParams) {
+  if (id && subresource === "entries" && subId === "bulk-delete" && httpMethod === "POST") {
+    routeParams.collectionName = id;
+    return {
+      service: "collections",
+      operation: "delete",
+      method: "bulkDeleteEntries",
+      routeParams
+    };
+  }
+  return null;
+}
+function parseCollectionEntryBulkUpdateRoute(id, subresource, subId, httpMethod, routeParams) {
+  if (id && subresource === "entries" && subId === "bulk-update" && httpMethod === "POST") {
+    routeParams.collectionName = id;
+    return {
+      service: "collections",
+      operation: "update",
+      method: "bulkUpdateEntries",
+      routeParams
+    };
+  }
+  return null;
+}
+function parseCollectionEntryBulkUpdateByQueryRoute(id, subresource, subId, httpMethod, routeParams) {
+  if (id && subresource === "entries" && !subId && httpMethod === "PATCH") {
+    routeParams.collectionName = id;
+    return {
+      service: "collections",
+      operation: "update",
+      method: "bulkUpdateByQuery",
+      routeParams
+    };
+  }
+  return null;
+}
+function parseCollectionEntryCountRoute(id, subresource, subId, httpMethod, routeParams) {
+  if (id && subresource === "entries" && subId === "count" && httpMethod === "GET") {
+    routeParams.collectionName = id;
+    return {
+      service: "collections",
+      operation: "count",
+      method: "countEntries",
+      routeParams
+    };
+  }
+  return null;
+}
+function parsePermissionRoutes(id, httpMethod, routeParams) {
+  if (!id && httpMethod === "POST") {
+    return {
+      service: "rbac",
+      operation: "create",
+      method: "ensurePermission",
+      routeParams
+    };
+  }
+  if (!id && httpMethod === "GET") {
+    return {
+      service: "rbac",
+      operation: "list",
+      method: "listPermissions",
+      routeParams
+    };
+  }
+  if (id && httpMethod === "GET") {
+    routeParams.permissionId = id;
+    return {
+      service: "rbac",
+      operation: "single",
+      method: "getPermissionById",
+      routeParams
+    };
+  }
+  if (id && httpMethod === "PATCH") {
+    routeParams.permissionId = id;
+    return {
+      service: "rbac",
+      operation: "update",
+      method: "updatePermission",
+      routeParams
+    };
+  }
+  if (id && httpMethod === "DELETE") {
+    routeParams.permissionId = id;
+    return {
+      service: "rbac",
+      operation: "delete",
+      method: "deletePermissionById",
+      routeParams
+    };
+  }
+  return null;
+}
+function parseSingleRoutes(id, subresource, subId, httpMethod, routeParams) {
+  if (!id && httpMethod === "GET") {
+    return {
+      service: "singles",
+      operation: "list",
+      method: "listSingles",
+      routeParams
+    };
+  }
+  if (!id && httpMethod === "POST") {
+    return {
+      service: "singles",
+      operation: "create",
+      method: "createSingle",
+      routeParams
+    };
+  }
+  if (id && !subresource && httpMethod === "GET") {
+    routeParams.slug = id;
+    return {
+      service: "singles",
+      operation: "single",
+      method: "getSingleDocument",
+      routeParams
+    };
+  }
+  if (id && !subresource && httpMethod === "PATCH") {
+    routeParams.slug = id;
+    return {
+      service: "singles",
+      operation: "update",
+      method: "updateSingleDocument",
+      routeParams
+    };
+  }
+  if (id && !subresource && httpMethod === "DELETE") {
+    routeParams.slug = id;
+    return {
+      service: "singles",
+      operation: "delete",
+      method: "deleteSingle",
+      routeParams
+    };
+  }
+  if (id && subresource === "schema" && httpMethod === "GET") {
+    routeParams.slug = id;
+    return {
+      service: "singles",
+      operation: "single",
+      method: "getSingleSchema",
+      routeParams
+    };
+  }
+  if (id && subresource === "schema" && httpMethod === "PATCH") {
+    routeParams.slug = id;
+    return {
+      service: "singles",
+      operation: "update",
+      method: "updateSingleSchema",
+      routeParams
+    };
+  }
+  if (id === "schema" && subresource && subId === "preview" && httpMethod === "POST") {
+    routeParams.slug = subresource;
+    return {
+      service: "singles",
+      operation: "single",
+      method: "previewSingleSchemaChanges",
+      routeParams
+    };
+  }
+  if (id === "schema" && subresource && subId === "apply" && httpMethod === "POST") {
+    routeParams.slug = subresource;
+    return {
+      service: "singles",
+      operation: "update",
+      method: "applySingleSchemaChanges",
+      routeParams
+    };
+  }
+  return null;
+}
+function parseComponentRoutes(id, httpMethod, routeParams, subresource, subId) {
+  if (id === "schema" && subresource && subId === "preview" && httpMethod === "POST") {
+    routeParams.slug = subresource;
+    return {
+      service: "components",
+      operation: "single",
+      method: "previewComponentSchemaChanges",
+      routeParams
+    };
+  }
+  if (id === "schema" && subresource && subId === "apply" && httpMethod === "POST") {
+    routeParams.slug = subresource;
+    return {
+      service: "components",
+      operation: "update",
+      method: "applyComponentSchemaChanges",
+      routeParams
+    };
+  }
+  const slug = id;
+  if (!slug && httpMethod === "GET") {
+    return {
+      service: "components",
+      operation: "list",
+      method: "listComponents",
+      routeParams
+    };
+  }
+  if (!slug && httpMethod === "POST") {
+    return {
+      service: "components",
+      operation: "create",
+      method: "createComponent",
+      routeParams
+    };
+  }
+  if (slug && httpMethod === "GET") {
+    routeParams.slug = slug;
+    return {
+      service: "components",
+      operation: "single",
+      method: "getComponent",
+      routeParams
+    };
+  }
+  if (slug && httpMethod === "PATCH") {
+    routeParams.slug = slug;
+    return {
+      service: "components",
+      operation: "update",
+      method: "updateComponent",
+      routeParams
+    };
+  }
+  if (slug && httpMethod === "DELETE") {
+    routeParams.slug = slug;
+    return {
+      service: "components",
+      operation: "delete",
+      method: "deleteComponent",
+      routeParams
+    };
+  }
+  return null;
+}
+function parseFormsRoutes(slug, action, httpMethod, routeParams) {
+  if (!slug && httpMethod === "GET") {
+    return {
+      service: "forms",
+      operation: "list",
+      method: "listForms",
+      routeParams
+    };
+  }
+  if (slug && !action && httpMethod === "GET") {
+    routeParams.slug = slug;
+    return {
+      service: "forms",
+      operation: "single",
+      method: "getFormBySlug",
+      routeParams
+    };
+  }
+  if (slug && action === "submit" && httpMethod === "POST") {
+    routeParams.slug = slug;
+    return {
+      service: "forms",
+      operation: "create",
+      method: "submitForm",
+      routeParams
+    };
+  }
+  return null;
+}
+function parseEmailProviderRoutes(id, subresource, httpMethod, routeParams) {
+  if (!id && httpMethod === "GET") {
+    return {
+      service: "emailProviders",
+      operation: "list",
+      method: "listProviders",
+      routeParams
+    };
+  }
+  if (!id && httpMethod === "POST") {
+    return {
+      service: "emailProviders",
+      operation: "create",
+      method: "createProvider",
+      routeParams
+    };
+  }
+  if (id && subresource === "default" && httpMethod === "PATCH") {
+    routeParams.providerId = id;
+    return {
+      service: "emailProviders",
+      operation: "update",
+      method: "setDefault",
+      routeParams
+    };
+  }
+  if (id && subresource === "test" && httpMethod === "POST") {
+    routeParams.providerId = id;
+    return {
+      service: "emailProviders",
+      operation: "single",
+      method: "testProvider",
+      routeParams
+    };
+  }
+  if (id && !subresource && httpMethod === "GET") {
+    routeParams.providerId = id;
+    return {
+      service: "emailProviders",
+      operation: "single",
+      method: "getProvider",
+      routeParams
+    };
+  }
+  if (id && !subresource && httpMethod === "PATCH") {
+    routeParams.providerId = id;
+    return {
+      service: "emailProviders",
+      operation: "update",
+      method: "updateProvider",
+      routeParams
+    };
+  }
+  if (id && !subresource && httpMethod === "DELETE") {
+    routeParams.providerId = id;
+    return {
+      service: "emailProviders",
+      operation: "delete",
+      method: "deleteProvider",
+      routeParams
+    };
+  }
+  return null;
+}
+function parseEmailTemplateRoutes(id, subresource, httpMethod, routeParams) {
+  if (!id && httpMethod === "GET") {
+    return {
+      service: "emailTemplates",
+      operation: "list",
+      method: "listTemplates",
+      routeParams
+    };
+  }
+  if (!id && httpMethod === "POST") {
+    return {
+      service: "emailTemplates",
+      operation: "create",
+      method: "createTemplate",
+      routeParams
+    };
+  }
+  if (id === "layout" && !subresource && httpMethod === "GET") {
+    return {
+      service: "emailTemplates",
+      operation: "single",
+      method: "getLayout",
+      routeParams
+    };
+  }
+  if (id === "layout" && !subresource && httpMethod === "PATCH") {
+    return {
+      service: "emailTemplates",
+      operation: "update",
+      method: "updateLayout",
+      routeParams
+    };
+  }
+  if (id && subresource === "preview" && httpMethod === "POST") {
+    routeParams.templateId = id;
+    return {
+      service: "emailTemplates",
+      operation: "single",
+      method: "previewTemplate",
+      routeParams
+    };
+  }
+  if (id && !subresource && httpMethod === "GET") {
+    routeParams.templateId = id;
+    return {
+      service: "emailTemplates",
+      operation: "single",
+      method: "getTemplate",
+      routeParams
+    };
+  }
+  if (id && !subresource && httpMethod === "PATCH") {
+    routeParams.templateId = id;
+    return {
+      service: "emailTemplates",
+      operation: "update",
+      method: "updateTemplate",
+      routeParams
+    };
+  }
+  if (id && !subresource && httpMethod === "DELETE") {
+    routeParams.templateId = id;
+    return {
+      service: "emailTemplates",
+      operation: "delete",
+      method: "deleteTemplate",
+      routeParams
+    };
+  }
+  return null;
+}
+function parseUserFieldRoutes(id, subresource, httpMethod, routeParams) {
+  if (!id && httpMethod === "GET") {
+    return {
+      service: "userFields",
+      operation: "list",
+      method: "listUserFields",
+      routeParams
+    };
+  }
+  if (!id && httpMethod === "POST") {
+    return {
+      service: "userFields",
+      operation: "create",
+      method: "createField",
+      routeParams
+    };
+  }
+  if (id === "reorder" && !subresource && httpMethod === "PATCH") {
+    return {
+      service: "userFields",
+      operation: "update",
+      method: "reorderFields",
+      routeParams
+    };
+  }
+  if (id && !subresource && httpMethod === "GET") {
+    routeParams.fieldId = id;
+    return {
+      service: "userFields",
+      operation: "single",
+      method: "getField",
+      routeParams
+    };
+  }
+  if (id && !subresource && httpMethod === "PATCH") {
+    routeParams.fieldId = id;
+    return {
+      service: "userFields",
+      operation: "update",
+      method: "updateField",
+      routeParams
+    };
+  }
+  if (id && !subresource && httpMethod === "DELETE") {
+    routeParams.fieldId = id;
+    return {
+      service: "userFields",
+      operation: "delete",
+      method: "deleteField",
+      routeParams
+    };
+  }
+  return null;
+}
+function parseApiKeyRoutes(id, httpMethod, routeParams) {
+  if (!id && httpMethod === "GET") {
+    return {
+      service: "apiKeys",
+      operation: "list",
+      method: "listApiKeys",
+      routeParams
+    };
+  }
+  if (!id && httpMethod === "POST") {
+    return {
+      service: "apiKeys",
+      operation: "create",
+      method: "createApiKey",
+      routeParams
+    };
+  }
+  if (id && httpMethod === "GET") {
+    routeParams.apiKeyId = id;
+    return {
+      service: "apiKeys",
+      operation: "single",
+      method: "getApiKeyById",
+      routeParams
+    };
+  }
+  if (id && httpMethod === "PATCH") {
+    routeParams.apiKeyId = id;
+    return {
+      service: "apiKeys",
+      operation: "update",
+      method: "updateApiKey",
+      routeParams
+    };
+  }
+  if (id && httpMethod === "DELETE") {
+    routeParams.apiKeyId = id;
+    return {
+      service: "apiKeys",
+      operation: "delete",
+      method: "revokeApiKey",
+      routeParams
+    };
+  }
+  return null;
+}
+function parseDashboardRoutes(id, httpMethod, routeParams) {
+  if (httpMethod !== "GET") return null;
+  if (id === "stats") {
+    return {
+      service: "dashboard",
+      operation: "list",
+      method: "getDashboardStats",
+      routeParams
+    };
+  }
+  if (id === "recent-entries") {
+    return {
+      service: "dashboard",
+      operation: "list",
+      method: "getDashboardRecentEntries",
+      routeParams
+    };
+  }
+  if (id === "activity") {
+    return {
+      service: "dashboard",
+      operation: "list",
+      method: "getDashboardActivity",
+      routeParams
+    };
+  }
+  return null;
+}
+function parseSchemaRoutes(id, httpMethod, routeParams) {
+  if (httpMethod !== "GET") return null;
+  if (id === "journal") {
+    return {
+      service: "schema",
+      operation: "list",
+      method: "getSchemaJournal",
+      routeParams
+    };
+  }
+  return null;
+}
+function parseEmailRoutes(id, httpMethod, routeParams) {
+  if (id === "send" && httpMethod === "POST") {
+    return {
+      service: "email",
+      operation: "create",
+      method: "send",
+      routeParams
+    };
+  }
+  if (id === "send-with-template" && httpMethod === "POST") {
+    return {
+      service: "email",
+      operation: "create",
+      method: "sendWithTemplate",
+      routeParams
+    };
+  }
+  return null;
+}
+function parseRestRoute(params, httpMethod, searchParams) {
+  if (params.length === 0) return {};
+  const [resource, id, subresource, subId, ...additionalParams] = params;
+  const routeParams = {};
+  if (searchParams) {
+    let hasBracketWhere = false;
+    for (const [key, value] of searchParams.entries()) {
+      if (key.startsWith("where[")) {
+        hasBracketWhere = true;
+      } else {
+        routeParams[key] = value;
+      }
+    }
+    if (hasBracketWhere && !routeParams.where) {
+      const parsed = parseWhereQuery(searchParams);
+      if (parsed) {
+        routeParams.where = JSON.stringify(parsed);
+      }
+    }
+  }
+  if (resource === "me") {
+    const result = parseMeRoutes(httpMethod, id, routeParams);
+    if (result) return result;
+  }
+  if (resource === "users") {
+    const result = parseUserRoutes(
+      id,
+      subresource,
+      subId,
+      additionalParams,
+      httpMethod,
+      routeParams
+    );
+    if (result) return result;
+  }
+  if (resource === "roles") {
+    const result = parseRoleRoutes(
+      id,
+      subresource,
+      subId,
+      httpMethod,
+      routeParams
+    );
+    if (result) return result;
+  }
+  if (resource === "collections") {
+    const result = parseCollectionRoutes(
+      id,
+      subresource,
+      subId,
+      httpMethod,
+      routeParams,
+      additionalParams
+    );
+    if (result) return result;
+  }
+  if (resource === "permissions") {
+    const result = parsePermissionRoutes(id, httpMethod, routeParams);
+    if (result) return result;
+  }
+  if (resource === "singles") {
+    const result = parseSingleRoutes(id, subresource, subId, httpMethod, routeParams);
+    if (result) return result;
+  }
+  if (resource === "forms") {
+    const result = parseFormsRoutes(id, subresource, httpMethod, routeParams);
+    if (result) return result;
+  }
+  if (resource === "components") {
+    const result = parseComponentRoutes(id, httpMethod, routeParams, subresource, subId);
+    if (result) return result;
+  }
+  if (resource === "email") {
+    const result = parseEmailRoutes(id, httpMethod, routeParams);
+    if (result) return result;
+  }
+  if (resource === "email-providers") {
+    const result = parseEmailProviderRoutes(
+      id,
+      subresource,
+      httpMethod,
+      routeParams
+    );
+    if (result) return result;
+  }
+  if (resource === "email-templates") {
+    const result = parseEmailTemplateRoutes(
+      id,
+      subresource,
+      httpMethod,
+      routeParams
+    );
+    if (result) return result;
+  }
+  if (resource === "user-fields") {
+    const result = parseUserFieldRoutes(
+      id,
+      subresource,
+      httpMethod,
+      routeParams
+    );
+    if (result) return result;
+  }
+  if (resource === "api-keys") {
+    const result = parseApiKeyRoutes(id, httpMethod, routeParams);
+    if (result) return result;
+  }
+  if (resource === "dashboard") {
+    const result = parseDashboardRoutes(id, httpMethod, routeParams);
+    if (result) return result;
+  }
+  if (resource === "schema") {
+    const result = parseSchemaRoutes(id, httpMethod, routeParams);
+    if (result) return result;
+  }
+  if (resource === "general-settings") {
+    const method = httpMethod === "GET" ? "getGeneralSettings" : "updateGeneralSettings";
+    const operation = httpMethod === "GET" ? "single" : "update";
+    return { service: "generalSettings", operation, method, routeParams };
+  }
+  if (resource === "image-sizes") {
+    if (id === "regeneration-status") {
+      return {
+        service: "imageSizes",
+        operation: "single",
+        method: "regenerationStatus",
+        routeParams
+      };
+    }
+    if (id === "regenerate") {
+      return {
+        service: "imageSizes",
+        operation: "single",
+        method: "regenerate",
+        routeParams
+      };
+    }
+    if (id) routeParams.imageId = id;
+    return {
+      service: "imageSizes",
+      operation: "list",
+      method: "imageSizes",
+      routeParams
+    };
+  }
+  return {};
+}
+
+// src/domains/audit/audit-log-writer.ts
+import { randomUUID } from "crypto";
+function buildAuditLogWriter(getService2) {
+  return {
+    async write(event) {
+      try {
+        const adapter = getService2("adapter");
+        const db = adapter.getDrizzle();
+        const schema = getDialectTables();
+        const table = schema.auditLog;
+        if (!table) {
+          return;
+        }
+        await db.insert(table).values({
+          id: randomUUID(),
+          kind: event.kind,
+          actorUserId: event.actorUserId ?? null,
+          targetUserId: event.targetUserId ?? null,
+          ipAddress: event.ipAddress ?? null,
+          userAgent: event.userAgent ?? null,
+          metadata: event.metadata ?? null,
+          createdAt: /* @__PURE__ */ new Date()
+        });
+      } catch (err) {
+        getNextlyLogger().warn({
+          kind: "audit-log-write-failed",
+          eventKind: event.kind,
+          error: err instanceof Error ? err.message : String(err)
+        });
+      }
+    }
+  };
+}
+
+// src/auth/handlers/deps-bridge.ts
+function buildAuthRouterDeps(getService2) {
+  return {
+    secret: env.NEXTLY_SECRET || "",
+    isProduction: env.NODE_ENV === "production",
+    accessTokenTTL: 900,
+    // 15 minutes
+    refreshTokenTTL: 7 * 24 * 60 * 60,
+    // 7 days
+    maxLoginAttempts: 5,
+    lockoutDurationSeconds: 15 * 60,
+    // 15 minutes
+    loginStallTimeMs: 500,
+    requireEmailVerification: true,
+    // Spec §13.2: read the host-app's auth.revealRegistrationConflict flag
+    // from the registered NextlyConfig. Defaults to false (silent-success on
+    // email conflict) when config is not yet initialised or the flag is
+    // unset. The schema is already populated by sanitizeConfig.
+    revealRegistrationConflict: readRevealRegistrationConflict(getService2),
+    devAutoLogin: readDevAutoLogin(getService2),
+    allowedOrigins: env.NEXTLY_ALLOWED_ORIGINS_PARSED || [],
+    trustProxy: readTrustProxy(getService2),
+    trustedProxyIps: parseTrustedProxyIpsEnv(process.env.TRUSTED_PROXY_IPS),
+    authRateLimit: readAuthRateLimit(getService2),
+    auditLog: buildAuditLogWriter(getService2),
+    findUserByEmail: async (email) => {
+      try {
+        const adapter = getService2("adapter");
+        const db = adapter.getDrizzle();
+        const schema = getDialectTables();
+        const { eq } = await import("drizzle-orm");
+        const result = await db.select().from(schema.users).where(eq(schema.users.email, email.trim().toLowerCase())).limit(1);
+        return result[0] || null;
+      } catch {
+        return null;
+      }
+    },
+    findUserById: async (userId) => {
+      try {
+        const adapter = getService2("adapter");
+        const db = adapter.getDrizzle();
+        const schema = getDialectTables();
+        const { eq } = await import("drizzle-orm");
+        const result = await db.select().from(schema.users).where(eq(schema.users.id, userId)).limit(1);
+        return result[0] || null;
+      } catch {
+        return null;
+      }
+    },
+    incrementFailedAttempts: async (userId) => {
+      const adapter = getService2("adapter");
+      const db = adapter.getDrizzle();
+      const schema = getDialectTables();
+      const { eq, sql: sql2 } = await import("drizzle-orm");
+      await db.update(schema.users).set({
+        failedLoginAttempts: sql2`${schema.users.failedLoginAttempts} + 1`
+      }).where(eq(schema.users.id, userId));
+    },
+    lockAccount: async (userId, lockedUntil) => {
+      const adapter = getService2("adapter");
+      const db = adapter.getDrizzle();
+      const schema = getDialectTables();
+      const { eq } = await import("drizzle-orm");
+      await db.update(schema.users).set({ lockedUntil, failedLoginAttempts: 0 }).where(eq(schema.users.id, userId));
+    },
+    resetFailedAttempts: async (userId) => {
+      const adapter = getService2("adapter");
+      const db = adapter.getDrizzle();
+      const schema = getDialectTables();
+      const { eq } = await import("drizzle-orm");
+      await db.update(schema.users).set({ failedLoginAttempts: 0, lockedUntil: null }).where(eq(schema.users.id, userId));
+    },
+    fetchRoleIds: async (userId) => {
+      try {
+        const adapter = getService2("adapter");
+        const db = adapter.getDrizzle();
+        const schema = getDialectTables();
+        const { eq, isNull, or, gt: gt2 } = await import("drizzle-orm");
+        const rows = await db.select({ roleId: schema.userRoles.roleId }).from(schema.userRoles).where(
+          eq(schema.userRoles.userId, userId),
+          // Only non-expired roles
+          or(
+            isNull(schema.userRoles.expiresAt),
+            gt2(schema.userRoles.expiresAt, /* @__PURE__ */ new Date())
+          )
+        );
+        return rows.map((r) => r.roleId);
+      } catch {
+        return [];
+      }
+    },
+    fetchCustomFields: async (userId) => {
+      try {
+        const { container: container2 } = await import("./container-ORGFGYSZ.mjs");
+        if (!container2.has("config") || !container2.has("userExtSchemaService")) {
+          return {};
+        }
+        const config = container2.get("config");
+        const userFields = config?.users?.fields;
+        if (!userFields?.length) return {};
+        const userExtSchemaService = getService2("userExtSchemaService");
+        if (!userExtSchemaService?.hasMergedFields()) return {};
+        const extTable = userExtSchemaService.generateRuntimeSchema(userFields);
+        const { eq } = await import("drizzle-orm");
+        const adapter = getService2("adapter");
+        const db = adapter.getDrizzle();
+        const rows = await db.select().from(extTable).where(eq(extTable.user_id, userId)).limit(1);
+        if (!rows[0]) return {};
+        const { id: _id, user_id: _uid, ...customFields } = rows[0];
+        return customFields;
+      } catch {
+        return {};
+      }
+    },
+    storeRefreshToken: async (record) => {
+      const adapter = getService2("adapter");
+      const db = adapter.getDrizzle();
+      const schema = getDialectTables();
+      await db.insert(schema.refreshTokens).values(record);
+    },
+    findRefreshTokenByHash: async (tokenHash) => {
+      const adapter = getService2("adapter");
+      const db = adapter.getDrizzle();
+      const schema = getDialectTables();
+      const { eq } = await import("drizzle-orm");
+      const rows = await db.select().from(schema.refreshTokens).where(eq(schema.refreshTokens.tokenHash, tokenHash)).limit(1);
+      return rows[0] || null;
+    },
+    deleteRefreshToken: async (id) => {
+      const adapter = getService2("adapter");
+      const db = adapter.getDrizzle();
+      const schema = getDialectTables();
+      const { eq } = await import("drizzle-orm");
+      await db.delete(schema.refreshTokens).where(eq(schema.refreshTokens.id, id));
+    },
+    deleteRefreshTokenByHash: async (tokenHash) => {
+      const adapter = getService2("adapter");
+      const db = adapter.getDrizzle();
+      const schema = getDialectTables();
+      const { eq } = await import("drizzle-orm");
+      await db.delete(schema.refreshTokens).where(eq(schema.refreshTokens.tokenHash, tokenHash));
+    },
+    deleteAllRefreshTokensForUser: async (userId) => {
+      const adapter = getService2("adapter");
+      const db = adapter.getDrizzle();
+      const schema = getDialectTables();
+      const { eq } = await import("drizzle-orm");
+      await db.delete(schema.refreshTokens).where(eq(schema.refreshTokens.userId, userId));
+    },
+    getUserCount: async () => {
+      try {
+        const adapter = getService2("adapter");
+        const db = adapter.getDrizzle();
+        const schema = getDialectTables();
+        const { count } = await import("drizzle-orm");
+        const result = await db.select({ count: count() }).from(schema.users);
+        return Number(result[0]?.count || 0);
+      } catch {
+        return 0;
+      }
+    },
+    createSuperAdmin: async (data) => {
+      const { seedPermissions } = await import("./permissions-3DZZQZMI.mjs");
+      const { seedSuperAdmin } = await import("./super-admin-G5ZK5F4T.mjs");
+      const adapter = getService2("adapter");
+      await seedPermissions(adapter, { silent: true });
+      const result = await seedSuperAdmin(adapter, {
+        email: data.email,
+        password: data.password,
+        name: data.name,
+        silent: true
+      });
+      if (!result.success) {
+        throw new Error(
+          result.errorMessages?.[0] || "Failed to create admin account"
+        );
+      }
+      const db = adapter.getDrizzle();
+      const schema = getDialectTables();
+      const { eq } = await import("drizzle-orm");
+      const users = await db.select({ id: schema.users.id }).from(schema.users).where(eq(schema.users.email, data.email.trim().toLowerCase())).limit(1);
+      return {
+        id: users[0]?.id || "",
+        email: data.email,
+        name: data.name
+      };
+    },
+    seedPermissions: async () => {
+      const { seedPermissions } = await import("./permissions-3DZZQZMI.mjs");
+      const adapter = getService2("adapter");
+      await seedPermissions(adapter, { silent: true });
+    },
+    registerUser: async (data) => {
+      const authService = getService2("authService");
+      const user = await authService.registerUser(data);
+      return { id: user.id, email: user.email, name: user.name };
+    },
+    generatePasswordResetToken: async (email, redirectPath) => {
+      const authService = getService2("authService");
+      const result = await authService.generatePasswordResetToken(email, {
+        redirectPath
+      });
+      return { token: result.token };
+    },
+    resetPasswordWithToken: async (token, newPassword) => {
+      const authService = getService2("authService");
+      const result = await authService.resetPasswordWithToken(
+        token,
+        newPassword
+      );
+      return { email: result.email };
+    },
+    changePassword: async (userId, currentPassword, newPassword) => {
+      const authService = getService2("authService");
+      try {
+        await authService.changePassword(userId, currentPassword, newPassword);
+        return { success: true };
+      } catch (err) {
+        return {
+          success: false,
+          error: NextlyError.is(err) ? err.publicMessage : "Failed to change password"
+        };
+      }
+    },
+    verifyEmail: async (token) => {
+      const authService = getService2("authService");
+      try {
+        const result = await authService.verifyEmail(token);
+        return {
+          success: true,
+          email: result.email
+        };
+      } catch (err) {
+        return {
+          success: false,
+          error: NextlyError.is(err) ? err.publicMessage : "Failed to verify email"
+        };
+      }
+    },
+    resendVerificationEmail: async (email) => {
+      try {
+        const authService = getService2("authService");
+        await authService.generateEmailVerificationToken(email);
+        return { success: true };
+      } catch {
+        return { success: true };
+      }
+    }
+  };
+}
+function readRevealRegistrationConflict(getService2) {
+  try {
+    const config = getService2("config");
+    if (config && typeof config === "object" && "auth" in config) {
+      const auth = config.auth;
+      if (auth && typeof auth === "object" && "revealRegistrationConflict" in auth) {
+        return auth.revealRegistrationConflict === true;
+      }
+    }
+    return false;
+  } catch {
+    return false;
+  }
+}
+function readDevAutoLogin(getService2) {
+  try {
+    const config = getService2("config");
+    if (config && typeof config === "object" && "admin" in config) {
+      const admin = config.admin;
+      if (admin && typeof admin === "object" && "devAutoLogin" in admin) {
+        const dal = admin.devAutoLogin;
+        if (dal && typeof dal === "object" && "email" in dal && typeof dal.email === "string") {
+          const typed = dal;
+          return {
+            email: typed.email,
+            password: typed.password
+          };
+        }
+      }
+    }
+    return false;
+  } catch {
+    return false;
+  }
+}
+function readTrustProxy(getService2) {
+  try {
+    const config = getService2("config");
+    if (config && typeof config === "object" && "security" in config) {
+      const security = config.security;
+      if (security && typeof security === "object" && "trustProxy" in security) {
+        return security.trustProxy === true;
+      }
+    }
+    return false;
+  } catch {
+    return false;
+  }
+}
+function readAuthRateLimit(getService2) {
+  const fallback = { requestsPerHour: 30, windowMs: 36e5 };
+  try {
+    const config = getService2("config");
+    if (config && typeof config === "object" && "security" in config) {
+      const security = config.security;
+      if (security && typeof security === "object" && "authRateLimit" in security) {
+        const arl = security.authRateLimit;
+        return {
+          requestsPerHour: typeof arl?.requestsPerHour === "number" ? arl.requestsPerHour : fallback.requestsPerHour,
+          windowMs: typeof arl?.windowMs === "number" ? arl.windowMs : fallback.windowMs
+        };
+      }
+    }
+    return fallback;
+  } catch {
+    return fallback;
+  }
+}
+
+// src/route-handler/auth-handler.ts
+var _dispatcher = null;
+var _storedConfig = null;
+function setHandlerConfig(config) {
+  _storedConfig = config;
+}
+function getHandlerConfig() {
+  return _storedConfig;
+}
+async function ensureServicesInitialized() {
+  if (!isServicesRegistered()) {
+    const nextlyConfig = _storedConfig;
+    const serviceConfig = {
+      imageProcessor: getImageProcessor()
+    };
+    if (nextlyConfig) {
+      if (nextlyConfig.plugins) serviceConfig.plugins = nextlyConfig.plugins;
+      if (nextlyConfig.collections)
+        serviceConfig.collections = nextlyConfig.collections;
+      if (nextlyConfig.storage)
+        serviceConfig.storagePlugins = nextlyConfig.storage;
+      if (nextlyConfig.email) serviceConfig.email = nextlyConfig.email;
+      if (nextlyConfig.users) serviceConfig.users = nextlyConfig.users;
+      if (nextlyConfig.admin) serviceConfig.admin = nextlyConfig.admin;
+      if (nextlyConfig.auth) serviceConfig.auth = nextlyConfig.auth;
+      if (nextlyConfig.security)
+        serviceConfig.security = nextlyConfig.security;
+      if (nextlyConfig.apiKeys)
+        serviceConfig.apiKeys = nextlyConfig.apiKeys;
+      if (nextlyConfig.db) {
+        const dbConfig = nextlyConfig.db;
+        if (dbConfig.schemasDir) serviceConfig.schemasDir = dbConfig.schemasDir;
+        if (dbConfig.migrationsDir)
+          serviceConfig.migrationsDir = dbConfig.migrationsDir;
+      }
+    }
+    await registerServices(serviceConfig);
+    try {
+      const emailTemplateService = getService("emailTemplateService");
+      await emailTemplateService.ensureBuiltInTemplates();
+    } catch {
+    }
+    try {
+      const permissionSeedService = getService("permissionSeedService");
+      const systemResult = await permissionSeedService.seedSystemPermissions();
+      const collectionResult = await permissionSeedService.seedAllCollectionPermissions();
+      const singleResult = await permissionSeedService.seedAllSinglePermissions();
+      const allNewIds = [
+        ...systemResult.newPermissionIds,
+        ...collectionResult.newPermissionIds,
+        ...singleResult.newPermissionIds
+      ];
+      if (allNewIds.length > 0) {
+        await permissionSeedService.assignNewPermissionsToSuperAdmin(allNewIds);
+      }
+    } catch {
+    }
+    try {
+      const userExtSchemaService = getService("userExtSchemaService");
+      await userExtSchemaService.loadMergedFields();
+      if (userExtSchemaService.hasMergedFields()) {
+        const adapter = getService("adapter");
+        const drizzleDb = adapter.getDrizzle();
+        await userExtSchemaService.ensureUserExtSchema(drizzleDb);
+      }
+    } catch (err) {
+      console.error(
+        "[Auth Handler] Error during user_ext schema setup:",
+        err instanceof Error ? err.message : String(err)
+      );
+    }
+    if (nextlyConfig) {
+      const pluginCount = Array.isArray(nextlyConfig.plugins) ? nextlyConfig.plugins.length : 0;
+      const collectionCount = Array.isArray(nextlyConfig.collections) ? nextlyConfig.collections.length : 0;
+      const storageCount = Array.isArray(nextlyConfig.storage) ? nextlyConfig.storage.length : 0;
+      console.log(
+        `[Auth Handler] Services auto-initialized with config (${pluginCount} plugin(s), ${collectionCount} collection(s), ${storageCount} storage adapter(s))`
+      );
+    } else {
+      console.log("[Auth Handler] Services auto-initialized with defaults");
+    }
+    const { runBootTimeApplyIfDev } = await import("./boot-apply-PQSYLDIN.mjs");
+    await runBootTimeApplyIfDev({ caller: "auth-handler" });
+    ensureHmrListener();
+  }
+}
+async function getDispatcherInstance() {
+  await ensureServicesInitialized();
+  if (!_dispatcher) {
+    _dispatcher = new ServiceDispatcher();
+  }
+  return _dispatcher;
+}
+async function handleAuthRequest(req, params, _httpMethod) {
+  await ensureServicesInitialized();
+  const authPath = params.slice(1).join("/");
+  const deps = buildAuthRouterDeps(getService);
+  const response = await routeAuthRequest(req, authPath, deps);
+  if (response) {
+    return response;
+  }
+  return new Response(
+    JSON.stringify({
+      error: { code: "NOT_FOUND", message: "Auth endpoint not found" }
+    }),
+    { status: 404, headers: { "Content-Type": "application/json" } }
+  );
+}
+async function getDispatcher() {
+  return getDispatcherInstance();
+}
+
+// src/routeHandler.ts
+var globalSchemaVersion = 0;
+function bumpSchemaVersion() {
+  globalSchemaVersion++;
+  return globalSchemaVersion;
+}
+function getSchemaVersionHeader() {
+  return globalSchemaVersion;
+}
+async function applyGlobalDateFormatting(response, req) {
+  const contentType = response.headers.get("content-type") || "";
+  if (!contentType.toLowerCase().includes("application/json")) {
+    return response;
+  }
+  if (req) {
+    const url = new URL(req.url);
+    if (url.pathname.includes("/auth/")) {
+      return response;
+    }
+  }
+  return withTimezoneFormatting(response);
+}
+async function guardSuperAdminRoleAssignment(requestingUserId, method, body) {
+  let roleIdsToCheck = [];
+  if (method === "createLocalUser" || method === "updateUser") {
+    const b = body;
+    if (Array.isArray(b?.roles) && b.roles.length > 0) {
+      roleIdsToCheck = b.roles;
+    }
+  } else if (method === "assignRoleToUser") {
+    const b = body;
+    const roleId = b?.roleId;
+    if (roleId) roleIdsToCheck = [roleId];
+  }
+  if (roleIdsToCheck.length === 0) return null;
+  const hasSuperAdmin = await containsSuperAdminRole(roleIdsToCheck);
+  if (!hasSuperAdmin) return null;
+  const callerIsSuperAdmin = await isSuperAdmin(requestingUserId);
+  if (callerIsSuperAdmin) return null;
+  return new Response(
+    JSON.stringify({
+      error: "Only super-admins can assign the super_admin role"
+    }),
+    { status: 403, headers: { "Content-Type": "application/json" } }
+  );
+}
+async function guardLastSuperAdminRemoval(targetUserId, method, body) {
+  if (method !== "updateUser") return null;
+  const b = body;
+  if (!Array.isArray(b?.roles)) return null;
+  const newRoles = b.roles;
+  const newRolesContainSuperAdmin = await containsSuperAdminRole(newRoles);
+  if (newRolesContainSuperAdmin) return null;
+  const targetIsSuperAdmin = await isSuperAdmin(targetUserId);
+  if (!targetIsSuperAdmin) return null;
+  const othersExist = await hasSuperAdminExcluding(targetUserId);
+  if (othersExist) return null;
+  return new Response(
+    JSON.stringify({
+      error: "Cannot remove the super_admin role: this user is the last super-admin. Assign the super_admin role to another user first."
+    }),
+    { status: 400, headers: { "Content-Type": "application/json" } }
+  );
+}
+async function handleApiKeyRequest(req, method, routeParams) {
+  const id = routeParams?.apiKeyId ?? "";
+  switch (method) {
+    case "listApiKeys":
+      return listApiKeys(req);
+    case "getApiKeyById":
+      return getApiKeyById(req, id);
+    case "createApiKey":
+      return createApiKey(req);
+    case "updateApiKey":
+      return updateApiKey(req, id);
+    case "revokeApiKey":
+      return revokeApiKey(req, id);
+    default:
+      return new Response(
+        JSON.stringify({ error: "Unknown API key operation" }),
+        { status: 400, headers: { "Content-Type": "application/json" } }
+      );
+  }
+}
+async function handleGeneralSettingsRequest(req, httpMethod) {
+  switch (httpMethod) {
+    case "GET":
+      return getGeneralSettings(req);
+    case "PATCH": {
+      return updateGeneralSettings(req);
+    }
+    default:
+      return new Response(JSON.stringify({ error: "Method not allowed" }), {
+        status: 405,
+        headers: { "Content-Type": "application/json" }
+      });
+  }
+}
+async function handleImageSizesRequest(req, httpMethod, imageId) {
+  switch (httpMethod) {
+    case "GET":
+      return imageId ? getImageSizeById(req, imageId) : listImageSizes(req);
+    case "POST":
+      return createImageSize(req);
+    case "PATCH":
+      if (!imageId)
+        return new Response(JSON.stringify({ error: "ID required" }), {
+          status: 400
+        });
+      return updateImageSize(req, imageId);
+    case "DELETE":
+      if (!imageId)
+        return new Response(JSON.stringify({ error: "ID required" }), {
+          status: 400
+        });
+      return deleteImageSize(req, imageId);
+    default:
+      return new Response(JSON.stringify({ error: "Method not allowed" }), {
+        status: 405,
+        headers: { "Content-Type": "application/json" }
+      });
+  }
+}
+async function handleDashboardRequest(req, method) {
+  switch (method) {
+    case "getDashboardStats":
+      return getDashboardStats(req);
+    case "getDashboardRecentEntries":
+      return getDashboardRecentEntries(req);
+    case "getDashboardActivity":
+      return getDashboardActivity(req);
+    default:
+      return new Response(
+        JSON.stringify({ error: "Unknown dashboard operation" }),
+        { status: 400, headers: { "Content-Type": "application/json" } }
+      );
+  }
+}
+async function handleSchemaRequest(req, method) {
+  switch (method) {
+    case "getSchemaJournal":
+      return getSchemaJournal(req);
+    default:
+      return new Response(
+        JSON.stringify({ error: "Unknown schema operation" }),
+        { status: 400, headers: { "Content-Type": "application/json" } }
+      );
+  }
+}
+async function handleEmailRequest(req, method) {
+  switch (method) {
+    case "send":
+      return POST(req);
+    case "sendWithTemplate":
+      return POST2(req);
+    default:
+      return new Response(
+        JSON.stringify({ error: "Unknown email operation" }),
+        { status: 400, headers: { "Content-Type": "application/json" } }
+      );
+  }
+}
+var COLLECTION_ENTRY_METHODS = /* @__PURE__ */ new Set([
+  "listEntries",
+  "createEntry",
+  "getEntry",
+  "updateEntry",
+  "deleteEntry",
+  "bulkDeleteEntries",
+  "bulkUpdateEntries",
+  "bulkUpdateByQuery",
+  "countEntries",
+  "duplicateEntry"
+]);
+var SINGLE_DOCUMENT_METHODS = /* @__PURE__ */ new Set([
+  "getSingleDocument",
+  "updateSingleDocument"
+]);
+async function resolveAuthorization(req, service, method, operation, routeParams, httpMethod) {
+  if (service === "collections") {
+    if (COLLECTION_ENTRY_METHODS.has(method)) {
+      const action2 = getActionFromOperation(operation);
+      const slug = routeParams?.collectionName || "";
+      return requireCollectionAccess(req, action2, slug);
+    }
+    if (method === "getCollection") {
+      const slug = routeParams?.collectionName || "";
+      return requireCollectionAccess(req, "read", slug);
+    }
+    return requirePermission(req, "manage", "settings");
+  }
+  if (service === "singles") {
+    if (SINGLE_DOCUMENT_METHODS.has(method)) {
+      const action2 = method === "getSingleDocument" ? "read" : "update";
+      const slug = routeParams?.slug || "";
+      return requireCollectionAccess(req, action2, slug);
+    }
+    if (method === "getSingleSchema") {
+      const slug = routeParams?.slug || "";
+      return requireCollectionAccess(req, "read", slug);
+    }
+    return requirePermission(req, "manage", "settings");
+  }
+  if (service === "emailProviders") {
+    const action2 = getActionFromMethod(httpMethod);
+    return requireAnyPermission(req, [
+      { action: action2, resource: "email-providers" },
+      { action: "manage", resource: "email-providers" }
+    ]);
+  }
+  if (service === "emailTemplates") {
+    const action2 = getActionFromMethod(httpMethod);
+    return requireAnyPermission(req, [
+      { action: action2, resource: "email-templates" },
+      { action: "manage", resource: "email-templates" }
+    ]);
+  }
+  if (service === "userFields") {
+    const action2 = getActionFromMethod(httpMethod);
+    return requireAnyPermission(req, [
+      { action: action2, resource: "settings" },
+      { action: "manage", resource: "settings" }
+    ]);
+  }
+  if (service === "components") {
+    const action2 = getActionFromMethod(httpMethod);
+    return requireAnyPermission(req, [
+      { action: action2, resource: "settings" },
+      { action: "manage", resource: "settings" }
+    ]);
+  }
+  if (service === "rbac") {
+    if (method === "listRolePermissions") {
+      return requireAnyPermission(req, [
+        { action: "read", resource: "roles" },
+        { action: "read", resource: "permissions" }
+      ]);
+    }
+    if (method === "listPermissions") {
+      return requireAnyPermission(req, [{ action: "read", resource: "roles" }]);
+    }
+    if (method === "addPermissionToRole" || method === "removePermissionFromRole") {
+      return requirePermission(req, "update", "roles");
+    }
+    if (method === "addRoleInheritance" || method === "removeRoleInheritance") {
+      return requirePermission(req, "update", "roles");
+    }
+    if (method === "assignRoleToUser" || method === "unassignRoleFromUser") {
+      return requirePermission(req, "update", "users");
+    }
+    if (method === "getPermissionById") {
+      return requireAnyPermission(req, [
+        { action: "read", resource: "roles" },
+        { action: "read", resource: "permissions" }
+      ]);
+    }
+    if (method === "ensurePermission" || method === "updatePermission" || method === "deletePermissionById") {
+      const action3 = getActionFromMethod(httpMethod);
+      return requireAnyPermission(req, [
+        { action: action3, resource: "permissions" },
+        { action: "manage", resource: "permissions" }
+      ]);
+    }
+    const action2 = getActionFromMethod(httpMethod);
+    return requirePermission(req, action2, "roles");
+  }
+  const action = getActionFromMethod(httpMethod);
+  return requirePermission(req, action, service);
+}
+async function handleServiceRequest(req, params, httpMethod) {
+  const url = new URL(req.url);
+  const searchParams = url.searchParams;
+  const { service, operation, method, routeParams } = parseRestRoute(
+    params,
+    httpMethod,
+    searchParams
+  );
+  if (!service || !operation || !method) {
+    return new Response(
+      JSON.stringify({
+        error: "Invalid REST route format. Check supported endpoints: /api/users, /api/roles, /api/permissions"
+      }),
+      {
+        status: 400,
+        headers: { "Content-Type": "application/json" }
+      }
+    );
+  }
+  if (service === "apiKeys") {
+    return handleApiKeyRequest(req, method, routeParams);
+  }
+  if (service === "generalSettings") {
+    return handleGeneralSettingsRequest(req, httpMethod);
+  }
+  if (service === "imageSizes") {
+    if (method === "regenerationStatus" || method === "regenerate") {
+      return Response.json(
+        {
+          data: {
+            pending: 0,
+            total: 0,
+            inProgress: false,
+            message: "Batch regeneration coming soon"
+          }
+        },
+        { status: 200 }
+      );
+    }
+    const imageId = routeParams?.imageId;
+    return handleImageSizesRequest(req, httpMethod, imageId);
+  }
+  if (service === "dashboard") {
+    return handleDashboardRequest(req, method);
+  }
+  if (service === "schema") {
+    return handleSchemaRequest(req, method);
+  }
+  if (service === "email") {
+    return handleEmailRequest(req, method);
+  }
+  const isPublic = isPublicEndpoint(service, method);
+  let authorizedUser;
+  if (!isPublic) {
+    if (params[0] === "me") {
+      const authResult = await requireAuthentication(req);
+      if (isErrorResponse(authResult)) {
+        return createJsonErrorResponse(authResult);
+      }
+      if (routeParams) {
+        routeParams.userId = authResult.userId;
+      }
+      authorizedUser = authResult;
+    } else if (requiresAuthOnly(service, method)) {
+      const authResult = await requireAuthentication(req);
+      if (isErrorResponse(authResult)) {
+        return createJsonErrorResponse(authResult);
+      }
+      authorizedUser = authResult;
+    } else {
+      const authResult = await resolveAuthorization(
+        req,
+        service,
+        method,
+        operation,
+        routeParams,
+        httpMethod
+      );
+      if (isErrorResponse(authResult)) {
+        return createJsonErrorResponse(authResult);
+      }
+      authorizedUser = authResult;
+    }
+  }
+  let body = void 0;
+  if (httpMethod === "POST" || httpMethod === "PUT" || httpMethod === "PATCH") {
+    try {
+      const text = await req.text();
+      if (text) {
+        body = JSON.parse(text);
+      }
+    } catch {
+      return new Response(
+        JSON.stringify({ error: "Invalid JSON in request body" }),
+        {
+          status: 400,
+          headers: { "Content-Type": "application/json" }
+        }
+      );
+    }
+  }
+  if (authorizedUser) {
+    const guardResult = await guardSuperAdminRoleAssignment(
+      authorizedUser.userId,
+      method,
+      body
+    );
+    if (guardResult) return guardResult;
+    const targetUserId = routeParams?.userId;
+    if (targetUserId) {
+      const lastSuperAdminGuard = await guardLastSuperAdminRemoval(
+        targetUserId,
+        method,
+        body
+      );
+      if (lastSuperAdminGuard) return lastSuperAdminGuard;
+    }
+  }
+  if (authorizedUser && routeParams) {
+    routeParams._authenticatedUserId = authorizedUser.userId;
+    if (authorizedUser.userName)
+      routeParams._authenticatedUserName = authorizedUser.userName;
+    if (authorizedUser.userEmail)
+      routeParams._authenticatedUserEmail = authorizedUser.userEmail;
+  }
+  const dispatchRequest = {
+    service,
+    operation,
+    method,
+    params: routeParams,
+    body,
+    userId: authorizedUser?.userId,
+    request: req
+    // Pass request for accessing headers (IP, user-agent, etc.)
+  };
+  const dispatcher = await getDispatcher();
+  const result = await dispatcher.dispatch(dispatchRequest);
+  if (result.status === 204 || result.status === 205 || result.status === 304) {
+    return new Response(null, { status: result.status });
+  }
+  const headers = {
+    "Content-Type": "application/json"
+  };
+  const schemaVersion = getSchemaVersionHeader();
+  if (schemaVersion !== void 0) {
+    headers["X-Nextly-Schema-Version"] = String(schemaVersion);
+  }
+  if (!result.success) {
+    const requestId = readOrGenerateRequestId(req);
+    const nextlyErr = NextlyError.is(result.error) ? result.error : NextlyError.internal();
+    const benignCodes = /* @__PURE__ */ new Set([
+      "NOT_FOUND",
+      "RATE_LIMITED",
+      "AUTH_REQUIRED"
+    ]);
+    if (!benignCodes.has(String(nextlyErr.code))) {
+      try {
+        const { getNextlyLogger: getNextlyLogger2 } = await import("./logger-YE4TC7ZN.mjs");
+        getNextlyLogger2().error({
+          kind: "dispatcher-error",
+          ...nextlyErr.toLogJSON(requestId),
+          route: new URL(req.url).pathname,
+          method: req.method,
+          service: dispatchRequest.service,
+          operation: dispatchRequest.operation,
+          dispatchMethod: dispatchRequest.method
+        });
+      } catch {
+      }
+    }
+    const errorHeaders = {
+      "content-type": "application/problem+json",
+      "x-request-id": requestId
+    };
+    if (schemaVersion !== void 0) {
+      errorHeaders["X-Nextly-Schema-Version"] = String(schemaVersion);
+    }
+    if (nextlyErr.code === "RATE_LIMITED") {
+      const data = nextlyErr.publicData;
+      if (data && typeof data === "object" && "retryAfterSeconds" in data && typeof data.retryAfterSeconds === "number") {
+        errorHeaders["retry-after"] = String(
+          data.retryAfterSeconds
+        );
+      }
+    }
+    return new Response(
+      JSON.stringify({ error: nextlyErr.toResponseJSON(requestId) }),
+      {
+        status: nextlyErr.statusCode,
+        headers: errorHeaders
+      }
+    );
+  }
+  if (result.data instanceof Response) {
+    const response = result.data;
+    if (schemaVersion !== void 0) {
+      response.headers.set("X-Nextly-Schema-Version", String(schemaVersion));
+    }
+    return response;
+  }
+  const successBody = { data: result.data };
+  if (result.meta !== void 0) {
+    successBody.meta = result.meta;
+  }
+  return new Response(JSON.stringify(successBody), {
+    status: result.status,
+    headers
+  });
+}
+async function handleAdminMetaRequest() {
+  const config = getHandlerConfig();
+  const branding = config?.admin?.branding;
+  const payload = {};
+  if (branding?.logoUrl) payload.logoUrl = branding.logoUrl;
+  if (branding?.logoUrlLight) payload.logoUrlLight = branding.logoUrlLight;
+  if (branding?.logoUrlDark) payload.logoUrlDark = branding.logoUrlDark;
+  if (branding?.logoText) payload.logoText = branding.logoText;
+  if (branding?.favicon?.trim()) payload.favicon = branding.favicon.trim();
+  const resolvedShowBuilder = typeof branding?.showBuilder === "boolean" ? branding.showBuilder : process.env.NODE_ENV !== "production";
+  payload.showBuilder = resolvedShowBuilder;
+  const colors = branding?.colors;
+  if (colors) {
+    const resolved = {};
+    if (colors.primary && isValidHex(colors.primary)) {
+      resolved.primary = hexToHslTriplet(colors.primary);
+      resolved.primaryForeground = getForegroundForBackground(colors.primary);
+    }
+    if (colors.accent && isValidHex(colors.accent)) {
+      resolved.accent = hexToHslTriplet(colors.accent);
+      resolved.accentForeground = getForegroundForBackground(colors.accent);
+    }
+    if (Object.keys(resolved).length > 0) {
+      payload.colors = resolved;
+    }
+  }
+  const pluginOverrides = config?.admin?.pluginOverrides;
+  const plugins = (config?.plugins ?? []).map((plugin) => {
+    const pluginSlug = plugin.name.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-+|-+$/g, "");
+    const hostOverride = pluginOverrides?.[pluginSlug];
+    const effectiveAppearance = hostOverride?.appearance ? { ...plugin.admin?.appearance, ...hostOverride.appearance } : plugin.admin?.appearance;
+    const pluginCollections = plugin.collections ?? [];
+    return {
+      name: plugin.name,
+      version: plugin.version,
+      description: plugin.admin?.description,
+      placement: hostOverride?.placement ?? plugin.admin?.placement ?? "plugins",
+      order: hostOverride?.order ?? plugin.admin?.order,
+      after: hostOverride?.after ?? plugin.admin?.after,
+      appearance: effectiveAppearance,
+      collections: pluginCollections.map((c) => c.slug)
+    };
+  });
+  if (plugins.length > 0) {
+    payload.plugins = plugins;
+  }
+  try {
+    if (container.has("generalSettingsService")) {
+      const svc = container.get(
+        "generalSettingsService"
+      );
+      const settings = await svc.getSettings();
+      if (settings.applicationName) payload.logoText = settings.applicationName;
+      if (settings.logoUrl) payload.logoUrl = settings.logoUrl;
+      const customGroups = svc.getCustomSidebarGroups(settings);
+      console.log(
+        "[ADMIN-META] customGroups from DB:",
+        JSON.stringify(customGroups)
+      );
+      if (customGroups.length > 0) {
+        payload.customGroups = customGroups;
+      }
+    }
+  } catch (err) {
+    console.error("[ADMIN-META] Error fetching settings from DB:", err);
+  }
+  return respondData(payload);
+}
+async function handleAdminMetaSidebarGroups(req) {
+  try {
+    const authResult = await requirePermission(req, "manage", "settings");
+    if (isErrorResponse(authResult)) return createJsonErrorResponse(authResult);
+    const text = await req.text();
+    const body = text ? JSON.parse(text) : {};
+    const groups = Array.isArray(body.groups) ? body.groups : [];
+    const validated = [];
+    for (const g of groups) {
+      if (typeof g !== "object" || g === null) continue;
+      const rec = g;
+      if (typeof rec.slug === "string" && typeof rec.name === "string") {
+        validated.push({
+          slug: rec.slug,
+          name: rec.name,
+          ...typeof rec.icon === "string" && { icon: rec.icon }
+        });
+      }
+    }
+    if (!container.has("generalSettingsService")) {
+      return new Response(
+        JSON.stringify({ error: "Settings service not available" }),
+        { status: 503, headers: { "Content-Type": "application/json" } }
+      );
+    }
+    const svc = container.get("generalSettingsService");
+    const updated = await svc.updateCustomSidebarGroups(validated);
+    return respondMutation("Sidebar groups updated.", updated);
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Failed to update sidebar groups";
+    return new Response(JSON.stringify({ error: message }), {
+      status: 500,
+      headers: { "Content-Type": "application/json" }
+    });
+  }
+}
+async function handleGet(req, params) {
+  if (params[0] === "admin-meta") {
+    return handleAdminMetaRequest();
+  }
+  if (params[0] === "dev-reload" && process.env.NODE_ENV === "development") {
+    const { subscribeDevReload } = await import("./dev-reload-broadcaster-B73IQ53V.mjs");
+    let unsub;
+    const stream = new ReadableStream({
+      start(ctrl) {
+        unsub = subscribeDevReload(ctrl);
+        ctrl.enqueue(": keepalive\n\n");
+      },
+      cancel() {
+        unsub?.();
+      }
+    });
+    return new Response(stream, {
+      status: 200,
+      headers: {
+        "Content-Type": "text/event-stream",
+        "Cache-Control": "no-cache, no-transform",
+        Connection: "keep-alive",
+        "X-Accel-Buffering": "no"
+      }
+    });
+  }
+  return handleServiceRequest(req, params, "GET");
+}
+async function handlePost(req, params) {
+  return handleServiceRequest(req, params, "POST");
+}
+async function handlePut(req, params) {
+  return handleServiceRequest(req, params, "PUT");
+}
+async function handlePatch(req, params) {
+  if (params[0] === "admin-meta" && params[1] === "sidebar-groups") {
+    return handleAdminMetaSidebarGroups(req);
+  }
+  return handleServiceRequest(req, params, "PATCH");
+}
+async function handleDelete(req, params) {
+  return handleServiceRequest(req, params, "DELETE");
+}
+function isAuthRoute(params) {
+  return params.length > 0 && params[0] === "auth";
+}
+function createDynamicHandlers(options) {
+  if (options?.config) {
+    setHandlerConfig(options.config);
+  }
+  const securityConfig = options?.config?.security;
+  const applySecurityHeaders = createSecurityHeadersMiddleware(
+    securityConfig?.headers
+  );
+  const cors = createCorsMiddleware(securityConfig?.cors);
+  const rateLimitConfig = options?.config?.rateLimit;
+  const trustedProxyIpsFromEnv = (process.env.TRUSTED_PROXY_IPS ?? "").split(",").map((s) => s.trim()).filter(Boolean);
+  const checkRateLimit = createRateLimiter({
+    enabled: true,
+    ...rateLimitConfig ?? {},
+    trustProxy: rateLimitConfig?.trustProxy ?? securityConfig?.trustProxy ?? false,
+    trustedProxyIps: rateLimitConfig?.trustedProxyIps ?? trustedProxyIpsFromEnv
+  });
+  async function withSecurity(req, handler) {
+    const preflightResponse = cors.handlePreflight(req);
+    if (preflightResponse) {
+      return applySecurityHeaders(preflightResponse);
+    }
+    const rateLimitResponse = await checkRateLimit(req);
+    if (rateLimitResponse) {
+      const corsRateLimited = cors.applyHeaders(req, rateLimitResponse);
+      return applySecurityHeaders(corsRateLimited);
+    }
+    const response = await handler();
+    const formattedResponse = await applyGlobalDateFormatting(response, req);
+    const corsResponse = cors.applyHeaders(req, formattedResponse);
+    return applySecurityHeaders(corsResponse);
+  }
+  return {
+    GET: async (req, ctx) => {
+      const resolvedParams = await ctx.params;
+      const paramsList = resolvedParams.params || [];
+      return withSecurity(req, async () => {
+        if (isAuthRoute(paramsList))
+          return handleAuthRequest(req, paramsList, "GET");
+        return handleGet(req, paramsList);
+      });
+    },
+    POST: async (req, ctx) => {
+      const resolvedParams = await ctx.params;
+      const paramsList = resolvedParams.params || [];
+      return withSecurity(req, async () => {
+        if (isAuthRoute(paramsList))
+          return handleAuthRequest(req, paramsList, "POST");
+        return handlePost(req, paramsList);
+      });
+    },
+    PUT: async (req, ctx) => {
+      const resolvedParams = await ctx.params;
+      const paramsList = resolvedParams.params || [];
+      return withSecurity(req, async () => {
+        return handlePut(req, paramsList);
+      });
+    },
+    PATCH: async (req, ctx) => {
+      const resolvedParams = await ctx.params;
+      const paramsList = resolvedParams.params || [];
+      return withSecurity(req, async () => {
+        if (isAuthRoute(paramsList))
+          return handleAuthRequest(req, paramsList, "PATCH");
+        return handlePatch(req, paramsList);
+      });
+    },
+    DELETE: async (req, ctx) => {
+      const resolvedParams = await ctx.params;
+      const paramsList = resolvedParams.params || [];
+      return withSecurity(req, async () => {
+        return handleDelete(req, paramsList);
+      });
+    },
+    OPTIONS: async (req) => {
+      return withSecurity(req, async () => {
+        return new Response(null, {
+          status: 204,
+          headers: { Allow: "GET, POST, PUT, PATCH, DELETE, OPTIONS" }
+        });
+      });
+    }
+  };
+}
+function getCollectionsService() {
+  try {
+    if (container.has("collectionService")) {
+      return container.get("collectionService");
+    }
+  } catch {
+  }
+  return void 0;
+}
+function getCollectionsHandler() {
+  try {
+    if (container.has("collectionsHandler")) {
+      return container.get("collectionsHandler");
+    }
+  } catch {
+  }
+  return void 0;
+}
+var _handleAdminMetaRequestForTest = handleAdminMetaRequest;
+var _handleAdminMetaSidebarGroupsForTest = handleAdminMetaSidebarGroups;
+
+export {
+  bumpSchemaVersion,
+  createDynamicHandlers,
+  getCollectionsService,
+  getCollectionsHandler,
+  _handleAdminMetaRequestForTest,
+  _handleAdminMetaSidebarGroupsForTest
+};